/*---------------------------------------------------------------*/
/*--- High-level IR description ---*/
/*---------------------------------------------------------------*/

/* Vex IR is an architecture-neutral intermediate representation.
Unlike some IRs in systems similar to Vex, it is not like assembly
language (ie. a list of instructions). Rather, it is more like the
IR that might be used in a compiler.

Code blocks
~~~
The code is broken into small code blocks ("superblocks", type:
'IRSB'). Each code block typically represents from 1 to perhaps 50
instructions. IRSBs are single-entry, multiple-exit code blocks.
Each IRSB contains three things:

- a type environment, which indicates the type of each temporary
value present in the IRSB

【实例：】

(*ir_block).tyenv
　　　　-types
　　　　　　-[0] Ity_I32
　　　　　　-[1] Ity_I32
　　　　-types_size 0x00000008
　　　　-types_used 0x00000002

- a list of statements, which represent code
【实例：】

stmts_size 0x00000003 int
stmts_used 0x00000003 int

• (*ir_block).stmts[]
  　　　　tag Ist_IMark
• (*ir_block).stmts[]
  　　　　tag Ist_WrTmp
• (*ir_block).stmts[]
  　　　　tag Ist_Put

- a jump that exits from the end the IRSB
【实例：】　　

jumpkind Ijk_Boring

0x77D699A0: movl %esi,%esp

IRSB {
　　t0:I32 　　t1:I32 　　　　　　　　　　【2个Temp变量】

------ IMark(0x77D699A0, , ) ------ 【3个Statements，包含IMark，但是没有包含最后一条，因为它是对于IP寄存器操作的，是自动的】
　　t0 = GET:I32()　　　　　　　　　　 【整条是一个Statements，而GET:I32()是Expression】
　　PUT() = t0
　　PUT() = 0x77D699A2:I32; exit-Boring

- (*ir_block).stmts[]
　　　　tag Ist_WrTmp
　　　　　　　　.tmp 0　　
　　　　　　　　　　　　.tag Iex_Get
　　　　　　　　　　　　　　　　.offset
　　　　　　　　　　　　　　　　.ty Ity_I32

Because the blocks are multiple-exit, there can be additional
conditional exit statements that cause control to leave the IRSB
before the final exit. Also because of this, IRSBs can cover
multiple non-consecutive sequences of code (up to 3). These are
recorded in the type VexGuestExtents (see libvex.h).

Statements and expressions
~~~~~~
Statements (type 'IRStmt') represent operations with side-effects,
eg. guest register writes, stores, and assignments to temporaries.
Expressions (type 'IRExpr') represent operations without
side-effects, eg. arithmetic operations, loads, constants.
Expressions can contain sub-expressions, forming expression trees,
eg. (3 + (4 * load(addr1)).

ST代表从寄存器到内存的数据转移， LD代表从内存到寄存器转移数据

---

Expression的类型

typedef
enum {
Iex_Binder=0x15000,
Iex_Get,
Iex_GetI,
Iex_RdTmp,
Iex_Qop,
Iex_Triop,
Iex_Binop,
Iex_Unop,
Iex_Load,
Iex_Const,
Iex_Mux0X,
Iex_CCall
}
IRExprTag;

typedef
enum {
Ist_NoOp=0x19000,
Ist_IMark, /* META */
Ist_AbiHint, /* META */
Ist_Put,
Ist_PutI,
Ist_WrTmp,
Ist_Store,
Ist_CAS,
Ist_LLSC,
Ist_Dirty,
Ist_MBE, /* META (maybe) */
Ist_Exit
}
IRStmtTag;