Support bitfields in type system

Also adds support for parsing bitfields in PDB, DWARF and SVD plugins

WIP: API needs to be considered more, also need to find type related apis that may need to be rethought.

Author: emesare

binaryninjaapi.h

@@ -10741,6 +10741,9 @@ namespace BinaryNinja {
 		uint64_t offset;
 		BNMemberAccess access;
 		BNMemberScope scope;
+		uint8_t bitPosition;
+		// TODO: See the comment in the core about this.
+		uint8_t bitWidth;
 	};
 
 	/*!
@@ -10942,6 +10945,7 @@ namespace BinaryNinja {
 		    \return Whether a StructureMember was successfully retrieved
 		*/
 		bool GetMemberByName(const std::string& name, StructureMember& result) const;
+		// TODO: GetMember at offset also needs to pass a bit position.
 		bool GetMemberAtOffset(int64_t offset, StructureMember& result) const;
 		bool GetMemberAtOffset(int64_t offset, StructureMember& result, size_t& idx) const;
 		uint64_t GetWidth() const;
@@ -10994,7 +10998,7 @@ namespace BinaryNinja {
 		    \return Reference to the StructureBuilder
 		*/
 		StructureBuilder& AddMemberAtOffset(const Confidence<Ref<Type>>& type, const std::string& name, uint64_t offset,
-		    bool overwriteExisting = true, BNMemberAccess access = NoAccess, BNMemberScope scope = NoScope);
+		    bool overwriteExisting = true, BNMemberAccess access = NoAccess, BNMemberScope scope = NoScope, uint8_t bitPosition = 0, uint8_t bitWidth = 0);
 
 		/*! RemoveMember removes a member at a specified index
 

binaryninjacore.h

@@ -2474,6 +2474,8 @@ extern "C"
 		uint8_t typeConfidence;
 		BNMemberAccess access;
 		BNMemberScope scope;
+		uint8_t bitPosition;
+		uint8_t bitWidth;
 	} BNStructureMember;
 
 	typedef struct BNInheritedStructureMember
@@ -6955,7 +6957,7 @@ extern "C"
 	    const char* name, BNMemberAccess access, BNMemberScope scope);
 	BINARYNINJACOREAPI void BNAddStructureBuilderMemberAtOffset(BNStructureBuilder* s,
 	    const BNTypeWithConfidence* const type, const char* name, uint64_t offset, bool overwriteExisting,
-	    BNMemberAccess access, BNMemberScope scope);
+	    BNMemberAccess access, BNMemberScope scope, uint8_t bitPosition, uint8_t bitWidth);
 	BINARYNINJACOREAPI void BNRemoveStructureBuilderMember(BNStructureBuilder* s, size_t idx);
 	BINARYNINJACOREAPI void BNReplaceStructureBuilderMember(BNStructureBuilder* s, size_t idx,
 	    const BNTypeWithConfidence* const type, const char* name, bool overwriteExisting);

plugins/dwarf/dwarf_import/src/types.rs

@@ -205,7 +205,6 @@ fn do_structure_parse<R: ReaderType>(
                     continue;
                 };
 
-                // TODO : support DW_AT_data_bit_offset for offset as well
                 if let Ok(Some(raw_struct_offset)) =
                     child.entry().attr(constants::DW_AT_data_member_location)
                 {
@@ -223,12 +222,54 @@ fn do_structure_parse<R: ReaderType>(
                         MemberScope::NoScope,
                     );
                 } else {
-                    structure_builder.append(
-                        &child_type,
-                        &child_name,
-                        MemberAccess::NoAccess,
-                        MemberScope::NoScope,
-                    );
+                    // If no byte offset, try bitfield using DW_AT_bit_offset + DW_AT_bit_size
+                    let bit_size = child
+                        .entry()
+                        .attr(constants::DW_AT_bit_size)
+                        .ok()
+                        .and_then(|a| a)
+                        .and_then(|a| get_attr_as_u64(&a));
+
+                    let bit_offset = child
+                        .entry()
+                        .attr(constants::DW_AT_bit_offset)
+                        .ok()
+                        .and_then(|a| a)
+                        .and_then(|a| get_attr_as_u64(&a));
+
+                    if let (Some(bit_sz), Some(boffs)) = (bit_size, bit_offset) {
+                        // Heuristic storage unit bits from the member type width (bytes -> bits). Fallback to 8.
+                        let storage_bits = {
+                            let w = child_type.width() as u64;
+                            if w > 0 {
+                                w * 8
+                            } else {
+                                8
+                            }
+                        };
+
+                        // DW_AT_bit_offset is from the MSB of the storage unit:
+                        // absolute = base_byte_off*8 + storage_bits - (boffs + bit_sz)
+                        // With no base_byte_off available here, treat base as 0.
+                        let total_bit_off = storage_bits.saturating_sub(boffs + bit_sz);
+
+                        structure_builder.insert_bitwise(
+                            &child_type,
+                            &child_name,
+                            total_bit_off,
+                            Some(bit_sz as u8),
+                            false,
+                            MemberAccess::NoAccess,
+                            MemberScope::NoScope,
+                        );
+                    } else {
+                        structure_builder.append(
+                            &child_type,
+                            &child_name,
+                            MemberAccess::NoAccess,
+                            MemberScope::NoScope,
+                        );
+                    }
                 }
             }
             constants::DW_TAG_inheritance => {

plugins/pdb-ng/src/struct_grouper.rs

@@ -359,14 +359,29 @@ pub fn group_structure(
         Err(e) => {
             warn!("{} Could not resolve structure groups: {}", name, e);
             for member in members {
-                structure.insert(
-                    &member.ty,
-                    &member.name,
-                    member.offset,
-                    false,
-                    member.access,
-                    member.scope,
-                );
+                match (member.bitfield_position, member.bitfield_size) {
+                    (Some(bit_pos), bit_width) => {
+                        structure.insert_bitwise(
+                            &member.ty,
+                            &member.name,
+                            bit_pos,
+                            bit_width.map(|w| w as u8),
+                            false,
+                            member.access,
+                            member.scope,
+                        );
+                    }
+                    (None, _) => {
+                        structure.insert(
+                            &member.ty,
+                            &member.name,
+                            member.offset,
+                            false,
+                            member.access,
+                            member.scope,
+                        );
+                    }
+                }
             }
         }
     }

plugins/pdb-ng/src/type_parser.rs

@@ -848,92 +848,6 @@ impl<'a, S: Source<'a> + 'a> PDBParserInstance<'a, S> {
             None => {}
         }
 
-        // Combine bitfields into structures
-        let mut combined_bitfield_members = vec![];
-        let mut last_bitfield_offset = u64::MAX;
-        let mut last_bitfield_pos = u64::MAX;
-        let mut last_bitfield_idx = 0;
-        let mut bitfield_builder: Option<StructureBuilder> = None;
-
-        fn bitfield_name(offset: u64, idx: u64) -> String {
-            if idx > 0 {
-                format!("__bitfield{:x}_{}", offset, idx)
-            } else {
-                format!("__bitfield{:x}", offset)
-            }
-        }
-
-        for m in members {
-            match (m.bitfield_position, m.bitfield_size) {
-                (Some(pos), Some(_size)) => {
-                    if last_bitfield_offset != m.offset || last_bitfield_pos >= pos {
-                        if let Some(builder) = bitfield_builder.take() {
-                            combined_bitfield_members.push(ParsedMember {
-                                ty: Conf::new(
-                                    Type::structure(builder.finalize().as_ref()),
-                                    MAX_CONFIDENCE,
-                                ),
-                                name: bitfield_name(last_bitfield_offset, last_bitfield_idx),
-                                offset: last_bitfield_offset,
-                                access: MemberAccess::PublicAccess,
-                                scope: MemberScope::NoScope,
-                                bitfield_size: None,
-                                bitfield_position: None,
-                            });
-                        }
-                        let mut new_builder = StructureBuilder::new();
-                        new_builder.structure_type(StructureType::UnionStructureType);
-                        new_builder.width(m.ty.contents.width());
-                        bitfield_builder = Some(new_builder);
-
-                        if last_bitfield_offset != m.offset {
-                            last_bitfield_idx = 0;
-                        } else {
-                            last_bitfield_idx += 1;
-                        }
-                    }
-
-                    last_bitfield_pos = pos;
-                    last_bitfield_offset = m.offset;
-                    bitfield_builder
-                        .as_mut()
-                        .expect("Invariant")
-                        .insert(&m.ty, &m.name, 0, false, m.access, m.scope);
-                }
-                (None, None) => {
-                    if let Some(builder) = bitfield_builder.take() {
-                        combined_bitfield_members.push(ParsedMember {
-                            ty: Conf::new(
-                                Type::structure(builder.finalize().as_ref()),
-                                MAX_CONFIDENCE,
-                            ),
-                            name: bitfield_name(last_bitfield_offset, last_bitfield_idx),
-                            offset: last_bitfield_offset,
-                            access: MemberAccess::PublicAccess,
-                            scope: MemberScope::NoScope,
-                            bitfield_size: None,
-                            bitfield_position: None,
-                        });
-                    }
-                    last_bitfield_offset = u64::MAX;
-                    last_bitfield_pos = u64::MAX;
-                    combined_bitfield_members.push(m);
-                }
-                e => return Err(anyhow!("Unexpected bitfield parameters {:?}", e)),
-            }
-        }
-        if let Some(builder) = bitfield_builder.take() {
-            combined_bitfield_members.push(ParsedMember {
-                ty: Conf::new(Type::structure(builder.finalize().as_ref()), MAX_CONFIDENCE),
-                name: bitfield_name(last_bitfield_offset, last_bitfield_idx),
-                offset: last_bitfield_offset,
-                access: MemberAccess::PublicAccess,
-                scope: MemberScope::NoScope,
-                bitfield_size: None,
-                bitfield_position: None,
-            });
-        }
-        members = combined_bitfield_members;
         group_structure(
             &format!(
                 "`{}`",

plugins/svd/src/mapper.rs

@@ -8,7 +8,7 @@ use binaryninja::segment::{SegmentBuilder, SegmentFlags};
 use binaryninja::symbol::{SymbolBuilder, SymbolType};
 use binaryninja::types::{
     BaseStructure, EnumerationBuilder, MemberAccess, MemberScope, NamedTypeReference,
-    NamedTypeReferenceClass, StructureBuilder, StructureMember, StructureType, Type, TypeBuilder,
+    NamedTypeReferenceClass, StructureBuilder, StructureMember, Type, TypeBuilder,
 };
 use std::collections::HashMap;
 use std::num::NonZeroUsize;
@@ -442,53 +442,12 @@ impl DeviceMapper {
 
                 let type_builder = match &register.fields {
                     Some(fields) => {
-                        // Separate bitfields from regular fields.
-                        let (fields, bitfield_items): (Vec<_>, Vec<_>) =
-                            fields.iter().partition(|f| {
-                                byte_aligned(f.bit_range.width) && byte_aligned(f.bit_range.offset)
-                            });
-
                         for field in fields {
                             let field_member = self.field_member(field);
                             let overwrites = true; // TODO: Handle overwrites?
                             register_struct.insert_member(field_member, overwrites);
                         }
 
-                        if self.settings.add_bitfields {
-                            // The bitfield items need to be coalesced to a map of byte offset to vec of fields.
-                            let mut bitfield_map: HashMap<u64, Vec<&Field>> = HashMap::new();
-
-                            // Sort bitfields by their offset
-                            let mut sorted_bitfields = bitfield_items.iter().collect::<Vec<_>>();
-                            sorted_bitfields.sort_by_key(|f| f.bit_range.offset);
-
-                            // Group bitfields by overlapping bit offsets
-                            let mut current_bit_start = 0;
-                            let mut current_bit_end = 0;
-                            for field in sorted_bitfields {
-                                let bit_start = field.bit_range.offset;
-                                let byte_start = bit_start / 8;
-                                let current_byte_start = current_bit_start / 8;
-                                if current_byte_start != byte_start && current_bit_end < bit_start {
-                                    // Make a new bitfield, only if the current field is in a new byte.
-                                    current_bit_start = bit_start;
-                                }
-                                current_bit_end = bit_start + field.bit_range.width;
-                                bitfield_map
-                                    .entry(current_bit_start as u64)
-                                    .or_insert_with(Vec::new)
-                                    .push(field);
-                            }
-
-                            for (bit_start, fields) in bitfield_map {
-                                // Add each bitfield to the structure!
-                                let byte_start = bit_start / 8;
-                                let bitfield_member = self.bitfield_member(byte_start, fields);
-                                let overwrites = true; // TODO: Handle overwrites?
-                                register_struct.insert_member(bitfield_member, overwrites);
-                            }
-                        }
-
                         TypeBuilder::structure(&register_struct.finalize())
                     }
                     None if register.derived_from.is_some() => {
@@ -559,43 +518,14 @@ impl DeviceMapper {
         }
     }
 
-    pub fn bitfield_member(&self, byte_offset: u64, fields: Vec<&Field>) -> StructureMember {
-        let field_ty = self.bitfield_type(byte_offset, fields);
-        // TODO: Create bitfield name from the fields?
-        let field_name = format!("bitfield_0x{:x}", byte_offset);
-        // TODO: This should be like 120 confidence?
-        let conf_field_ty = Conf::new(field_ty, MAX_CONFIDENCE);
-        StructureMember::new(
-            conf_field_ty,
-            field_name,
-            byte_offset,
-            MemberAccess::PublicAccess,
-            MemberScope::NoScope,
-        )
-    }
-
-    pub fn bitfield_type(&self, byte_offset: u64, fields: Vec<&Field>) -> Ref<Type> {
-        let mut union_builder = StructureBuilder::new();
-        union_builder.structure_type(StructureType::UnionStructureType);
-        for field in fields {
-            let mut field_member = self.field_member(field);
-            // Field members are relative to the union member, so we must remove the union member offset
-            // from the field member offset to make it relative to the union member.
-            field_member.offset -= byte_offset;
-            let overwrites = false; // TODO: Handle overwrites?
-            union_builder.insert_member(field_member, overwrites);
-        }
-        Type::structure(&union_builder.finalize())
-    }
-
     pub fn field_member(&self, field: &Field) -> StructureMember {
         let field_ty = self.field_type(field);
         let conf_field_ty = Conf::new(field_ty, MAX_CONFIDENCE);
-        let byte_offset = field.bit_offset() / 8;
-        StructureMember::new(
+        StructureMember::new_bitfield(
             conf_field_ty,
             field.name.to_owned(),
-            byte_offset as u64,
+            field.bit_offset() as u64,
+            field.bit_width() as u8,
             MemberAccess::PublicAccess,
             MemberScope::NoScope,
         )
@@ -633,7 +563,6 @@ impl DeviceMapper {
     }
 
     pub fn single_field_int_type(&self, field: &FieldInfo) -> Ref<Type> {
-        // TODO: Binary Ninja is unable to handle bit fields, so we abuse unions.
         // Get the closest 8-bit aligned integer and use that.
         let width = field.bit_width();
         let byte_aligned_width = byte_width(width);