CHB: recognize function signature with varargs and printf/scanf format attribute

Author: sipma

CodeHawk/CHB/bchlib/Makefile

@@ -10,7 +10,7 @@ XPRLIB = $(CODEHAWK)/CH/xprlib
 
 CAMLDOC := ocamldoc
 
-CAMLC := ocamlopt  -I str -I cmi -I cmx \
+CAMLC := ocamlopt -I str -I cmi -I cmx \
 	-I $(EXTLIB) \
 	-I $(ZIPLIB) \
 	-I $(ZARITHLIB) \
@@ -23,13 +23,13 @@ OCAMLDEP := ocamldep
 
 MLIS := \
 	bCHBCTypes \
-	bCHBCAttributes \
 	bCHBCSumTypeSerializer \
 	bCHBCTypeTransformer \
 	bCHLibTypes \
 	bCHVersion \
 	bCHXprUtil \
 	bCHUtilities \
+	bCHBCAttributesUtil \
 	bCHSystemSettings \
 	bCHCPURegisters \
 	bCHBasicTypes \
@@ -82,6 +82,7 @@ MLIS := \
 	bCHPrecondition \
 	bCHPostcondition \
 	bCHSideeffect \
+	bCHBCAttributes \
 	bCHFunctionSemantics \
 	bCHFunctionSummary \
 	bCHVariable \
@@ -120,6 +121,7 @@ SOURCES := \
 	bCHVersion \
 	bCHXprUtil \
 	bCHUtilities \
+	bCHBCAttributesUtil \
 	bCHBasicTypes \
 	bCHDoubleword \
 	bCHSystemSettings \

CodeHawk/CHB/bchlib/bCHARMFunctionInterface.ml

@@ -4,7 +4,7 @@
    ------------------------------------------------------------------------------
    The MIT License (MIT)
 
-   Copyright (c) 2023-2024  Aarno Labs LLC
+   Copyright (c) 2023-2026  Aarno Labs LLC
 
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
@@ -410,6 +410,7 @@ let get_int_paramlocpart_next_state
 
 
 let get_arm_int_param_next_state
+      ?(fmt=NoFormat)
       (size: int)
       (name: string)
       (btype: btype_t)
@@ -419,7 +420,7 @@ let get_arm_int_param_next_state
   | Some reg ->
      let register = register_of_arm_register reg in
      let par: fts_parameter_t =
-       mk_indexed_register_parameter ~btype ~name ~size register index in
+       mk_indexed_register_parameter ~fmt ~btype ~name ~size register index in
      let ncr = get_next_core_reg reg in
      let naas =
        match ncr with
@@ -434,7 +435,7 @@ let get_arm_int_param_next_state
      (match aa_state.aas_next_offset with
       | Some offset ->
          let par: fts_parameter_t =
-           mk_indexed_stack_parameter ~btype ~name offset index in
+           mk_indexed_stack_parameter ~fmt ~btype ~name offset index in
          let naas =
            {aa_state with aas_next_offset = Some (offset + size)} in
          (par, naas)
@@ -577,7 +578,14 @@ let get_arm_struct_param_next_state
   (param, naas)
 
 
-let arm_vfp_params (funargs: bfunarg_t list): fts_parameter_t list =
+let arm_vfp_params
+      ?(attrs=[])
+      ?(varargs=false)
+      (funargs: bfunarg_t list): fts_parameter_t list =
+  let fmt (index: int) =
+    match BCHBCAttributesUtil.get_format_archetype attrs index with
+    | Some fmtstringtype -> fmtstringtype
+    | _ -> NoFormat in
   let (_, _, params) =
     List.fold_left
       (fun (index, aa_state, params) (name, btype, _) ->
@@ -594,9 +602,14 @@ let arm_vfp_params (funargs: bfunarg_t list): fts_parameter_t list =
         | Ok btype, Ok tysize ->
            (* assume no packing at the argument top level *)
            let size = if tysize < 4 then 4 else tysize in
+           let fmt =
+             if varargs then
+               fmt index
+             else
+               NoFormat in
            let (param, new_state) =
              if (is_int btype || is_pointer btype || is_enum btype) && size = 4 then
-               get_arm_int_param_next_state size name btype aa_state index
+               get_arm_int_param_next_state ~fmt size name btype aa_state index
              else if (is_int btype || is_pointer btype) then
                get_long_int_param_next_state size name btype aa_state index
              else if is_float btype then

CodeHawk/CHB/bchlib/bCHARMFunctionInterface.mli

@@ -4,7 +4,7 @@
    ------------------------------------------------------------------------------
    The MIT License (MIT)
 
-   Copyright (c) 2023-2024  Aarno Labs LLC
+   Copyright (c) 2023-2026  Aarno Labs LLC
 
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
@@ -73,7 +73,8 @@ val arm_argument_state_to_string: arm_argument_state_t -> string
 
 (** exposed for unit tests only *)
 val get_arm_int_param_next_state:
-  int
+  ?fmt:formatstring_type_t
+  -> int
   -> string
   -> btype_t
   -> arm_argument_state_t
@@ -98,7 +99,8 @@ val get_arm_struct_param_next_state:
   -> (fts_parameter_t * arm_argument_state_t)
 
 
-val arm_vfp_params: bfunarg_t list -> fts_parameter_t list
+val arm_vfp_params:
+  ?attrs:b_attributes_t -> ?varargs:bool -> bfunarg_t list -> fts_parameter_t list
 
 val get_arm_format_spec_parameters:
   fts_parameter_t list -> argspec_int list -> fts_parameter_t list

CodeHawk/CHB/bchlib/bCHBCAttributes.ml

@@ -41,6 +41,7 @@ open BCHFunctionInterface
 open BCHLibTypes
 
 
+
 let convert_b_attributes_to_function_conditions
       (name: string)
       (fintf: function_interface_t)
@@ -121,6 +122,31 @@ let convert_b_attributes_to_function_conditions
                  ([], [])
                end) in
          (pre @ xpre, side @ xside, xpost)
+
+      | Attr (("format" | "chk_format"), params) ->
+         let pre =
+           (match params with
+            | [ACons ("printf", []); AInt fmtrefindex; AInt _]
+              | [ACons ("printf", []); AInt fmtrefindex] ->
+               let fmtpar = get_par fmtrefindex in
+               [XXOutputFormatString (ArgValue fmtpar)]
+            | [ACons ("scanf", []); AInt fmtrefindex; AInt _]
+              | [ACons ("scanf", []); AInt fmtrefindex] ->
+               let fmtpar = get_par fmtrefindex in
+               [XXInputFormatString (ArgValue fmtpar)]
+            | _ ->
+               begin
+                 log_diagnostics_result
+                   ~msg:("attribute conversion for " ^ name ^ ": "
+                         ^ "attribute parameters "
+                         ^ (String.concat
+                              ", " (List.map b_attrparam_to_string params)))
+                   ~tag:"attribute conversion"
+                   __FILE__ __LINE__ [];
+                 []
+               end) in
+         (pre, [] , [])
+
       | Attr ("chk_pre", params) ->
          let pre =
            (match params with

CodeHawk/CHB/bchlib/bCHBCAttributesUtil.ml

@@ -0,0 +1,54 @@
+(* =============================================================================
+   CodeHawk Binary Analyzer
+   Author: Henny Sipma
+   ------------------------------------------------------------------------------
+   The MIT License (MIT)
+
+   Copyright (c) 2026  Aarno Labs LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+   ============================================================================= *)
+
+(* bchlib *)
+open BCHBCTypes
+
+
+let get_format_archetype
+      (attrs: b_attributes_t) (index: int): BCHLibTypes.formatstring_type_t option =
+  List.fold_left (fun acc attr ->
+      match acc with
+      | Some _ -> acc
+      | _ ->
+         match attr with
+         | Attr (("format" | "chk_format"), params) ->
+            (match params with
+             | [ACons ("printf", []); AInt fmtrefindex; AInt _]
+               | [ACons ("printf", []); AInt fmtrefindex] ->
+                if index = fmtrefindex then
+                  Some BCHLibTypes.PrintFormat
+                else
+                  None
+             | [ACons ("scanf", []); AInt fmtrefindex; AInt _]
+               | [ACons ("scanf", []); AInt fmtrefindex] ->
+                if index = fmtrefindex then
+                  Some BCHLibTypes.ScanFormat
+                else
+                  None
+             | _ -> None)
+         | _ -> None) None attrs

CodeHawk/CHB/bchlib/bCHBCAttributesUtil.mli

@@ -0,0 +1,32 @@
+(* =============================================================================
+   CodeHawk Binary Analyzer
+   Author: Henny Sipma
+   ------------------------------------------------------------------------------
+   The MIT License (MIT)
+
+   Copyright (c) 2026  Aarno Labs LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+   ============================================================================= *)
+
+open BCHBCTypes
+open BCHLibTypes
+
+
+val get_format_archetype: b_attributes_t -> int -> formatstring_type_t option

CodeHawk/CHB/bchlib/bCHFunctionInterface.ml

@@ -1259,7 +1259,7 @@ let bfuntype_to_function_interface
        | None -> []
        | Some funargs ->
           (match system_settings#get_architecture with
-           | "arm" -> arm_vfp_params funargs
+           | "arm" -> arm_vfp_params ~attrs ~varargs funargs
            | "x86" -> x86_cdecl_params funargs
            | "mips" -> mips_params funargs
            | arch ->