P-Code Operation Reference

For each possible p-code operation, we give a brief description and provide a table that lists the inputs that must be present and their meaning. We also list the basic syntax for denoting the operation when describing semantics in a processor specification file.

COPY

Parameters Description
input0 Source varnode.
output Destination varnode.
Semantic statement
output = input0;

Copy a sequence of contiguous bytes from anywhere to anywhere. Size of input0 and output must be the same.

LOAD

Parameters Description
input0 (special) Constant ID of space to load from.
input1 Varnode containing pointer offset to data.
output Destination varnode.
Semantic statement
output = *input1;
output = *[input0]input1;

This instruction loads data from a dynamic location into the output variable by dereferencing a pointer. The “pointer” comes in two pieces. One piece, input1, is a normal variable containing the offset of the object being pointed at. The other piece, input0, is a constant indicating the space into which the offset applies. The data in input1 is interpreted as an unsigned offset and should have the same size as the space referred to by the ID, i.e. a 4-byte address space requires a 4-byte offset. The space ID is not manually entered by a user but is automatically generated by the p-code compiler. The amount of data loaded by this instruction is determined by the size of the output variable. It is easy to confuse the address space of the output and input1 variables and the Address Space represented by the ID, which could all be different. Unlike many programming models, there are multiple spaces that a “pointer” can refer to, and so an extra ID is required.

It is possible for the addressable unit of an address space to be bigger than a single byte. If the wordsize attribute of the space given by the ID is bigger than one, the offset into the space obtained from input1 must be multiplied by this value in order to obtain the correct byte offset into the space.

STORE

Parameters Description
input0 (special) Constant ID of space to store into.
input1 Varnode containing pointer offset of destination.
input2 Varnode containing data to be stored.
Semantic statement
*input1 = input2;
*[input0]input1 = input2;

This instruction is the complement of LOAD. The data in the variable input2 is stored at a dynamic location by dereferencing a pointer. As with LOAD, the “pointer” comes in two pieces: a space ID part, and an offset variable. The size of input1 must match the address space specified by the ID, and the amount of data stored is determined by the size of input2.

Its possible for the addressable unit of an address space to be bigger than a single byte. If the wordsize attribute of the space given by the ID is bigger than one, the offset into the space obtained from input1 must be multiplied by this value in order to obtain the correct byte offset into the space.

BRANCH

Parameters Description
input0 (special) Location of next instruction to execute.
Semantic statement
goto input0;

This is an absolute jump instruction. The varnode parameter input0 encodes the destination address (address space and offset) of the jump. The varnode is not treated as a variable for this instruction and does not store the destination. Its address space and offset are the destination. The size of input0 is irrelevant.

Confusion about the meaning of this instruction can result because of the translation from machine instructions to p-code. The destination of the jump is a machine address and refers to the machine instruction at that address. When attempting to determine which p-code instruction is executed next, the rule is: execute the first p-code instruction resulting from the translation of the machine instruction(s) at that address. The resulting p-code instruction may not be attached directly to the indicated address due to NOP instructions and delay slots.

If input0 is constant, i.e. its address space is the constant address space, then it encodes a p-code relative branch. In this case, the offset of input0 is considered a relative offset into the indexed list of p-code operations corresponding to the translation of the current machine instruction. This allows branching within the operations forming a single instruction. For example, if the BRANCH occurs as the pcode operation with index 5 for the instruction, it can branch to operation with index 8 by specifying a constant destination “address” of 3. Negative constants can be used for backward branches.

CBRANCH

Parameters Description
input0 (special) Location of next instruction to execute.
input1 Boolean varnode indicating whether branch is taken.
Semantic statement
if (input1) goto input0;

This is a conditional branch instruction where the dynamic condition for taking the branch is determined by the 1 byte variable input1. If this variable is non-zero, the condition is considered true and the branch is taken. As in the BRANCH instruction the parameter input0 is not treated as a variable but as an address and is interpreted in the same way. Furthermore, a constant space address is also interpreted as a relative address so that a CBRANCH can do p-code relative branching. See the discussion for the BRANCH operation.

BRANCHIND

Parameters Description
input0 Varnode containing offset of next instruction.
Semantic statement
goto [input0];

This is an indirect branching instruction. The address to branch to is determined dynamically (at runtime) by examining the contents of the variable input0. As this instruction is currently defined, the variable input0 only contains the offset of the destination, and the address space is taken from the address associated with the branching instruction itself. So execution can only branch within the same address space via this instruction. The size of the variable input0 must match the size of offsets for the current address space. P-code relative branching is not possible with BRANCHIND.

CALL

Parameters Description
input0 (special) Location of next instruction to execute.
[input1] First parameter to call (never present in raw p-code)
... Additional parameters to call (never present in raw p-code)
Semantic statement
call [input0];

This instruction is semantically equivalent to the BRANCH instruction. Beware: This instruction does not behave like a typical function call. In particular, there is no internal stack in p-code for saving the return address. Use of this instruction instead of BRANCH is intended to provide a hint to algorithms that try to follow code flow. It indicates that the original machine instruction, of which this p-code instruction is only a part, is intended to be a function call. The p-code instruction does not implement the full semantics of the call itself; it only implements the final branch.

In the raw p-code translation process, this operation can only take input0, but in follow-on analysis, it can take arbitrary additional inputs. These represent (possibly partial) recovery of the parameters being passed to the logical call represented by this operation. These additional parameters have no effect on the original semantics of the raw p-code but naturally hold the varnode values flowing into the call.

CALLIND

Parameters Description
input0 Varnode containing offset of next instruction.
[input1] First parameter to call (never present in raw p-code)
... Additional parameters to call (never present in raw p-code)
Semantic statement
call [input0];

This instruction is semantically equivalent to the BRANCHIND instruction. It does not perform a function call in the usual sense of the term. It merely indicates that the original machine instruction is intended to be an indirect call. See the discussion for the CALL instruction.

As with the CALL instruction, this operation may take additional inputs when not in raw form, representing the parameters being passed to the logical call.

RETURN

Parameters Description
input0 Varnode containing offset of next instruction.
[input1] Value returned from call (never present in raw p-code)
Semantic statement
return [input0];

This instruction is semantically equivalent to the BRANCHIND instruction. It does not perform a return from subroutine in the usual sense of the term. It merely indicates that the original machine instruction is intended to be a return from subroutine. See the discussion for the CALL instruction.

Similarly to CALL and CALLIND, this operation may take an additional input when not in raw form. If input1 is present it represents the value being returned by this operation. This is used by analysis algorithms to hold the value logically flowing back to the parent subroutine.

PIECE

Parameters Description
input0 Varnode containing most significant data to merge.
input1 Varnode containing least significant data to merge.
output Varnode to contain resulting concatenation.
Semantic statement
Cannot (currently) be explicitly coded

This is a concatenation operator that understands the endianess of the data. The size of input0 and input1 must add up to the size of output. The data from the inputs is concatenated in such a way that, if the inputs and output are considered integers, the first input makes up the most significant part of the output.

SUBPIECE

Parameters Description
input0 Varnode containing source data to truncate.
input1 (constant) Constant indicating how many bytes to truncate.
output Varnode to contain result of truncation.
Semantic statement
output = input0(input1);

This is a truncation operator that understands the endianess of the data. Input1 indicates the number of least significant bytes of input0 to be thrown away. Output is then filled with any remaining bytes of input0 up to the size of output. If the size of output is smaller than the size of input0 minus the constant input1, then the additional most significant bytes of input0 will also be truncated.

POPCOUNT

Parameters Description
input0 Input varnode to count.
output Resulting integer varnode containing count.
Semantic statement
output = popcount(input0);

This is a bit count (population count) operator. Within the binary representation of the value contained in the input varnode, the number of 1 bits are counted and then returned in the output varnode. A value of 0 returns 0, a 4-byte varnode containing the value 232-1 (all bits set) returns 32, for instance. The input and output varnodes can have any size. The resulting count is zero extended into the output varnode.

INT_EQUAL

Parameters Description
input0 First varnode to compare.
input1 Second varnode to compare.
output Boolean varnode containing result of comparison.
Semantic statement
output = input0 == input1;

This is the integer equality operator. Output is assigned true, if input0 equals input1. It works for signed, unsigned, or any contiguous data where the match must be down to the bit. Both inputs must be the same size, and the output must have a size of 1.

INT_NOTEQUAL

Parameters Description
input0 First varnode to compare.
input1 Second varnode to compare.
output Boolean varnode containing result of comparison.
Semantic statement
output = input0 != input1;

This is the integer inequality operator. Output is assigned true, if input0 does not equal input1. It works for signed, unsigned, or any contiguous data where the match must be down to the bit. Both inputs must be the same size, and the output must have a size of 1.

INT_LESS

Parameters Description
input0 First unsigned varnode to compare.
input1 Second unsigned varnode to compare.
output Boolean varnode containing result of comparison.
Semantic statement
output = input0 < input1;

This is an unsigned integer comparison operator. If the unsigned integer input0 is strictly less than the unsigned integer input1, output is set to true. Both inputs must be the same size, and the output must have a size of 1.

INT_SLESS

Parameters Description
input0 First signed varnode to compare.
input1 Second signed varnode to compare.
output Boolean varnode containing result of comparison.
Semantic statement
output = input0 s< input1;

This is a signed integer comparison operator. If the signed integer input0 is strictly less than the signed integer input1, output is set to true. Both inputs must be the same size, and the output must have a size of 1.

INT_LESSEQUAL

Parameters Description
input0 First unsigned varnode to compare.
input1 Second unsigned varnode to compare.
output Boolean varnode containing result of comparison.
Semantic statement
output = input0 <= input1;

This is an unsigned integer comparison operator. If the unsigned integer input0 is less than or equal to the unsigned integer input1, output is set to true. Both inputs must be the same size, and the output must have a size of 1.

INT_SLESSEQUAL

Parameters Description
input0 First signed varnode to compare.
input1 Second signed varnode to compare.
output Boolean varnode containing result of comparison.
Semantic statement
output = input0 s<= input1;

This is a signed integer comparison operator. If the signed integer input0 is less than or equal to the signed integer input1, output is set to true. Both inputs must be the same size, and the output must have a size of 1.

INT_ZEXT

Parameters Description
input0 Varnode to zero-extend.
output Varnode containing zero-extended result.
Semantic statement
output = zext(input0);

Zero-extend the data in input0 and store the result in output. Copy all the data from input0 into the least significant positions of output. Fill out any remaining space in the most significant bytes of output with zero. The size of output must be strictly bigger than the size of input.

INT_SEXT

Parameters Description
input0 Varnode to sign-extend.
output Varnode containing sign-extended result.
Semantic statement
output = sext(input0);

Sign-extend the data in input0 and store the result in output. Copy all the data from input0 into the least significant positions of output. Fill out any remaining space in the most significant bytes of output with either zero or all ones (0xff) depending on the most significant bit of input0. The size of output must be strictly bigger than the size of input0.

INT_ADD

Parameters Description
input0 First varnode to add.
input1 Second varnode to add.
output Varnode containing result of integer addition.
Semantic statement
output = input0 + input1;

This is standard integer addition. It works for either unsigned or signed interpretations of the integer encoding (twos complement). Size of both inputs and output must be the same. The addition is of course performed modulo this size. Overflow and carry conditions are calculated by other operations. See INT_CARRY and INT_SCARRY.

INT_SUB

Parameters Description
input0 First varnode input.
input1 Varnode to subtract from first.
output Varnode containing result of integer subtraction.
Semantic statement
output = input0 - input1;

This is standard integer subtraction. It works for either unsigned or signed interpretations of the integer encoding (twos complement). Size of both inputs and output must be the same. The subtraction is of course performed modulo this size. Overflow and borrow conditions are calculated by other operations. See INT_SBORROW and INT_LESS.

INT_CARRY

Parameters Description
input0 First varnode to add.
input1 Second varnode to add.
output Boolean result containing carry condition.
Semantic statement
output = carry(input0,input1);

This operation checks for unsigned addition overflow or carry conditions. If the result of adding input0 and input1 as unsigned integers overflows the size of the varnodes, output is assigned true. Both inputs must be the same size, and output must be size 1.

INT_SCARRY

Parameters Description
input0 First varnode to add.
input1 Second varnode to add.
output Boolean result containing signed overflow condition.
Semantic statement
output = scarry(input0,input1);

This operation checks for signed addition overflow or carry conditions. If the result of adding input0 and input1 as signed integers overflows the size of the varnodes, output is assigned true. Both inputs must be the same size, and output must be size 1.

INT_SBORROW

Parameters Description
input0 First varnode input.
input1 Varnode to subtract from first.
output Boolean result containing signed overflow condition.
Semantic statement
output = sborrow(input0,input1);

This operation checks for signed subtraction overflow or borrow conditions. If the result of subtracting input1 from input0 as signed integers overflows the size of the varnodes, output is assigned true. Both inputs must be the same size, and output must be size 1. Note that the equivalent unsigned subtraction overflow condition is INT_LESS.

INT_2COMP

Parameters Description
input0 First to negate.
output Varnode result containing twos complement.
Semantic statement
output = -input0;

This is the twos complement or arithmetic negation operation. Treating input0 as a signed integer, the result is the same integer value but with the opposite sign. This is equivalent to doing a bitwise negation of input0 and then adding one. Both input0 and output must be the same size.

INT_NEGATE

Parameters Description
input0 Varnode to negate.
output Varnode result containing bitwise negation.
Semantic statement
output = ~input0;

This is the bitwise negation operation. Output is the result of taking every bit of input0 and flipping it. Both input0 and output must be the same size.

INT_XOR

Parameters Description
input0 First input to exclusive-or.
input1 Second input to exclusive-or.
output Varnode result containing exclusive-or of inputs.
Semantic statement
output = input0 ^ input1;

This operation performs a logical Exclusive-Or on the bits of input0 and input1. Both inputs and output must be the same size.

INT_AND

Parameters Description
input0 First input to logical-and.
input1 Second input to logical-and.
output Varnode result containing logical-and of inputs.
Semantic statement
output = input0 & input1;

This operation performs a Logical-And on the bits of input0 and input1. Both inputs and output must be the same size.

INT_OR

Parameters Description
input0 First input to logical-or.
input1 Second input to logical-or.
output Varnode result containing logical-or of inputs.
Semantic statement
output = input0 | input1;

This operation performs a Logical-Or on the bits of input0 and input1. Both inputs and output must be the same size.

INT_LEFT

Parameters Description
input0 Varnode input being shifted.
input1 Varnode indicating number of bits to shift.
output Varnode containing shifted result.
Semantic statement
output = input0 << input1;

This operation performs a left shift on input0. The value given by input1, interpreted as an unsigned integer, indicates the number of bits to shift. The vacated (least significant) bits are filled with zero. If input1 is zero, no shift is performed and input0 is copied into output. If input1 is larger than the number of bits in output, the result is zero. Both input0 and output must be the same size. Input1 can be any size.

INT_RIGHT

Parameters Description
input0 Varnode input being shifted.
input1 Varnode indicating number of bits to shift.
output Varnode containing shifted result.
Semantic statement
output = input0 >> input1;

This operation performs an unsigned (logical) right shift on input0. The value given by input1, interpreted as an unsigned integer, indicates the number of bits to shift. The vacated (most significant) bits are filled with zero. If input1 is zero, no shift is performed and input0 is copied into output. If input1 is larger than the number of bits in output, the result is zero. Both input0 and output must be the same size. Input1 can be any size.

INT_SRIGHT

Parameters Description
input0 Varnode input being shifted.
input1 Varnode indicating number of bits to shift.
output Varnode containing shifted result.
Semantic statement
output = input0 s>> input1;

This operation performs a signed (arithmetic) right shift on input0. The value given by input1, interpreted as an unsigned integer, indicates the number of bits to shift. The vacated bits are filled with the original value of the most significant (sign) bit of input0. If input1 is zero, no shift is performed and input0 is copied into output. If input1 is larger than the number of bits in output, the result is zero or all 1-bits (-1), depending on the original sign of input0. Both input0 and output must be the same size. Input1 can be any size.

INT_MULT

Parameters Description
input0 First varnode to be multiplied.
input1 Second varnode to be multiplied.
output Varnode containing result of multiplication.
Semantic statement
output = input0 * input1;

This is an integer multiplication operation. The result of multiplying input0 and input1, viewed as integers, is stored in output. Both inputs and output must be the same size. The multiplication is performed modulo the size, and the result is true for either a signed or unsigned interpretation of the inputs and output. To get extended precision results, the inputs must first by zero-extended or sign-extended to the desired size.

INT_DIV

Parameters Description
input0 First varnode input.
input1 Second varnode input (divisor).
output Varnode containing result of division.
Semantic statement
output = input0 / input1;

This is an unsigned integer division operation. Divide input0 by input1, truncating the result to the nearest integer, and store the result in output. Both inputs and output must be the same size. There is no handling of division by zero. To simulate a processor’s handling of a division-by-zero trap, other operations must be used before the INT_DIV.

INT_REM

Parameters Description
input0 First varnode input.
input1 Second varnode input (divisor).
output Varnode containing remainder of division.
Semantic statement
output = input0 % input1;

This is an unsigned integer remainder operation. The remainder of performing the unsigned integer division of input0 and input1 is put in output. Both inputs and output must be the same size. If q = input0/input1, using the INT_DIV operation defined above, then output satisfies the equation q*input1 + output = input0, using the INT_MULT and INT_ADD operations.

INT_SDIV

Parameters Description
input0 First varnode input.
input1 Second varnode input (divisor).
output Varnode containing result of signed division.
Semantic statement
output = input0 s/ input1;

This is a signed integer division operation. The resulting integer is the one closest to the rational value input0/input1 but which is still smaller in absolute value. Both inputs and output must be the same size. There is no handling of division by zero. To simulate a processor’s handling of a division-by-zero trap, other operations must be used before the INT_SDIV.

INT_SREM

Parameters Description
input0 First varnode input.
input1 Second varnode input (divisor).
output Varnode containing remainder of signed division.
Semantic statement
output = input0 s% input1;

This is a signed integer remainder operation. The remainder of performing the signed integer division of input0 and input1 is put in output. Both inputs and output must be the same size. If q = input0 s/ input1, using the INT_SDIV operation defined above, then output satisfies the equation q*input1 + output = input0, using the INT_MULT and INT_ADD operations.

BOOL_NEGATE

Parameters Description
input0 Boolean varnode to negate.
output Boolean varnode containing result of negation.
Semantic statement
output = !input0;

This is a logical negate operator, where we assume input0 and output are boolean values. It puts the logical complement of input0, treated as a single bit, into output. Both input0 and output are size 1. Boolean values are implemented with a full byte, but are still considered to only support a value of true or false.

BOOL_XOR

Parameters Description
input0 First boolean input to exclusive-or.
input1 Second boolean input to exclusive-or.
output Boolean varnode containing result of exclusive-or.
Semantic statement
output = input0 ^^ input1;

This is an Exclusive-Or operator, where we assume the inputs and output are boolean values. It puts the exclusive-or of input0 and input1, treated as single bits, into output. Both inputs and output are size 1. Boolean values are implemented with a full byte, but are still considered to only support a value of true or false.

BOOL_AND

Parameters Description
input0 First boolean input to logical-and.
input1 Second boolean input to logical-and.
output Boolean varnode containing result of logical-and.
Semantic statement
output = input0 && input1;

This is a Logical-And operator, where we assume the inputs and output are boolean values. It puts the logical-and of input0 and input1, treated as single bits, into output. Both inputs and output are size 1. Boolean values are implemented with a full byte, but are still considered to only support a value of true or false.

BOOL_OR

Parameters Description
input0 First boolean input to logical-or.
input1 Second boolean input to logical-or.
output Boolean varnode containing result of logical-or.
Semantic statement
output = input0 || input1;

This is a Logical-Or operator, where we assume the inputs and output are boolean values. It puts the logical-or of input0 and input1, treated as single bits, into output. Both inputs and output are size 1. Boolean values are implemented with a full byte, but are still considered to only support a value of true or false.

FLOAT_EQUAL

Parameters Description
input0 First floating-point input to compare.
input1 Second floating-point input to compare.
output Boolean varnode containing result of comparison.
Semantic statement
output = input0 f== input1;

This is a floating-point equality operator. Output is assigned true, if input0 and input1 are considered equal as floating-point values. Both inputs must be the same size, and output is size 1. If either input is NaN, output is set to false.

FLOAT_NOTEQUAL

Parameters Description
input0 First floating-point input to compare.
input1 Second floating-point input to compare.
output Boolean varnode containing result of comparison.
Semantic statement
output = input0 f!= input1;

This is a floating-point inequality operator. Output is assigned true, if input0 and input1 are not considered equal as floating-point values. Both inputs must be the same size, and output is size 1. If either input is NaN, output is set to false.

FLOAT_LESS

Parameters Description
input0 First floating-point input to compare.
input1 Second floating-point input to compare.
output Boolean varnode containing result of comparison.
Semantic statement
output = input0 f< input1;

This is a comparison operator, where both inputs are considered floating-point values. Output is assigned true, if input0 is less than input1. Both inputs must be the same size, and output is size 1. If either input is NaN, output is set to false.

FLOAT_LESSEQUAL

Parameters Description
input0 First floating-point input to compare.
input1 Second floating-point input to compare.
output Boolean varnode containing result of comparison.
Semantic statement
output = input0 f<= input1;

This is a comparison operator, where both inputs are considered floating-point values. Output is assigned true, if input0 is less than or equal to input1. Both inputs must be the same size, and output is size 1. If either input is NaN, output is set to false.

FLOAT_ADD

Parameters Description
input0 First floating-point input to add.
input1 Second floating-point input to add.
output Varnode containing result of addition.
Semantic statement
output = input0 f+ input1;

This is a floating-point addition operator. The result of adding input0 and input1 as floating-point values is stored in output. Both inputs and output must be the same size. If either input is NaN, output is set to NaN. If any overflow condition occurs, output is set to NaN.

FLOAT_SUB

Parameters Description
input0 First floating-point input.
input1 Floating-point varnode to subtract from first.
output Varnode containing result of subtraction.
Semantic statement
output = input0 f- input1;

This is a floating-point subtraction operator. The result of subtracting input1 from input0 as floating-point values is stored in output. Both inputs and output must be the same size. If either input is NaN, output is set to NaN. If any overflow condition occurs, output is set to NaN.

FLOAT_MULT

Parameters Description
input0 First floating-point input to multiply.
input1 Second floating-point input to multiply.
output Varnode containing result of multiplication.
Semantic statement
output = input0 f* input1;

This is a floating-point multiplication operator. The result of multiplying input0 to input1 as floating-point values is stored in output. Both inputs and output must be the same size. If either input is NaN, output is set to NaN. If any overflow condition occurs, output is set to NaN.

FLOAT_DIV

Parameters Description
input0 First floating-point input.
input1 Second floating-point input (divisor).
output Varnode containing result of division.
Semantic statement
output = input0 f/ input1;

This is a floating-point division operator. The result of dividing input1 into input0 as floating-point values is stored in output. Both inputs and output must be the same size. If either input is NaN, output is set to NaN. If any overflow condition occurs, output is set to NaN.

FLOAT_NEG

Parameters Description
input0 Floating-point varnode to negate.
output Varnode containing result of negation.
Semantic statement
output = f- input0;

This is a floating-point negation operator. The floating-point value in input0 is stored in output with the opposite sign. Both input and output must be the same size. If input is NaN, output is set to NaN.

FLOAT_ABS

Parameters Description
input0 Floating-point input.
output Varnode result containing absolute-value.
Semantic statement
output = abs(input0);

This is a floating-point absolute-value operator. The absolute value of input0 is stored in output. Both input0 and output must be the same size. If input0 is NaN, output is set to NaN.

FLOAT_SQRT

Parameters Description
input0 Floating-point input.
output Varnode result containing square root.
Semantic statement
output = sqrt(input0);

This is a floating-point square-root operator. The square root of input0 is stored in output. Both input0 and output must be the same size. If input0 is NaN, output is set to NaN.

FLOAT_CEIL

Parameters Description
input0 Floating-point input.
output Varnode result containing result of truncation.
Semantic statement
output = ceil(input0);

This operation rounds input0, as a signed floating-point value, towards positive infinity. For instance, the value 1.2 rounds to 2.0; -1.2 rounds to -1.0. The integral value obtained by rounding input0 up is stored in output, as a floating-point value. Both input0 and output must be the same size. If input0 is NaN, output is set to NaN.

FLOAT_FLOOR

Parameters Description
input0 Floating-point input.
output Varnode result containing result of truncation.
Semantic statement
output = floor(input0);

This operation rounds input0, as a floating-point value, towards negative infinity. For instance, the value 1.2 rounds to 1.0 and -1.2 rounds to -2.0. The integral value obtained by rounding input0 down is stored in output, as a floating-point value. FLOAT_FLOOR does not produce a twos complement integer output (See the TRUNC operator). Both input0 and output must be the same size. If input0 is NaN, output is set to NaN.

FLOAT_ROUND

Parameters Description
input0 Floating-point input.
output Varnode result containing result of truncation.
Semantic statement
output = round(input0);

This is a floating-point rounding operator. The integral value closest to the floating-point value in input0 is stored in output, as a floating-point value. For example, 1.2 rounds to 1.0 and 1.9 rounds to 2.0. FLOAT_ROUND does not produce a twos complement integer output (See the TRUNC operator). Both input0 and output must be the same size. If input0 is NaN, output is set to NaN.

FLOAT_NAN

Parameters Description
input0 Floating-point input.
output Boolean varnode containing result of NaN test.
Semantic statement
output = nan(input0);

This operator returns true in output if input0 is interpreted as NaN. Output must be size 1, and input0 can be any size.

INT2FLOAT

Parameters Description
input0 Signed integer input.
output Result containing floating-point conversion.
Semantic statement
output = int2float(input0);

This is an integer to floating-point conversion operator. Input0 viewed as a signed integer is converted to floating-point format and stored in output. Input0 and output do not need to be the same size. The conversion to floating-point may involve a loss of precision.

FLOAT2FLOAT

Parameters Description
input0 Floating-point input varnode.
output Result varnode containing conversion.
Semantic statement
output = float2float(input0);

This is a floating-point precision conversion operator. The floating-point value in input0 is converted to a floating-point value of a different size and stored in output. If output is smaller than input0, then the operation will lose precision. Input0 and output should be different sizes. If input0 is NaN, then output is set to NaN.

TRUNC

Parameters Description
input0 Floating-point input varnode.
output Resulting integer varnode containing conversion.
Semantic statement
output = trunc(input0);

This is a floating-point to integer conversion operator. The floating-point value in input0 is converted to a signed integer and stored in output using the default twos complement encoding. The fractional part of input0 is dropped in the conversion by rounding towards zero. Input0 and output can be different sizes.