houngkoungting
diff --git a/‎binaryninjaapi.h
+36-4 b/‎binaryninjaapi.h
+36-4
diff --git a/‎binaryninjacore.h
+27-2 b/‎binaryninjacore.h
+27-2
diff --git a/‎function.cpp
+44-62 b/‎function.cpp
+44-62
@@ -10632,7 +10632,7 @@ namespace BinaryNinja {
 		size_t count;
 
 		static PossibleValueSet FromAPIObject(BNPossibleValueSet& value);
-		BNPossibleValueSet ToAPIObject();
+		BNPossibleValueSet ToAPIObject() const;
 		static void FreeAPIObject(BNPossibleValueSet* value);
 	};
 
@@ -11189,11 +11189,14 @@ namespace BinaryNinja {
 
 		Ref<FlowGraph> GetUnresolvedStackAdjustmentGraph();
 
-		void SetUserVariableValue(const Variable& var, uint64_t defAddr, PossibleValueSet& value);
-		void ClearUserVariableValue(const Variable& var, uint64_t defAddr);
-		std::map<Variable, std::map<ArchAndAddr, PossibleValueSet>> GetAllUserVariableValues();
+		void SetUserVariableValue(const Variable& var, const ArchAndAddr& defAddr, PossibleValueSet& value, bool after = true);
+		void ClearUserVariableValue(const Variable& var, const ArchAndAddr& defAddr, bool after = true);
+		std::map<Variable, std::map<std::pair<ArchAndAddr, bool>, PossibleValueSet>> GetAllUserVariableValues();
 		void ClearAllUserVariableValues();
 
+		void CreateForcedVariableVersion(const Variable& var, const ArchAndAddr& location);
+		void ClearForcedVariableVersion(const Variable& var, const ArchAndAddr& location);
+
 		void RequestDebugReport(const std::string& name);
 
 		/*! Get the name for a given label ID
@@ -11803,6 +11806,9 @@ namespace BinaryNinja {
 		std::vector<SSARegisterStack> GetSSARegisterStacks();
 		std::vector<SSAFlag> GetSSAFlags();
 
+		size_t CachePossibleValueSet(const PossibleValueSet& pvs);
+		PossibleValueSet GetCachedPossibleValueSet(size_t idx);
+
 		ExprId AddExpr(BNLowLevelILOperation operation, size_t size, uint32_t flags, ExprId a = 0, ExprId b = 0,
 		    ExprId c = 0, ExprId d = 0);
 		ExprId AddExprWithLocation(BNLowLevelILOperation operation, uint64_t addr, uint32_t sourceOperand, size_t size,
@@ -11891,6 +11897,12 @@ namespace BinaryNinja {
 		ExprId SetFlag(uint32_t flag, ExprId val, const ILSourceLocation& loc = ILSourceLocation());
 		ExprId SetFlagSSA(const SSAFlag& flag, ExprId val, const ILSourceLocation& loc = ILSourceLocation());
 
+		ExprId ForceVer(size_t size, uint32_t reg, const ILSourceLocation& loc = ILSourceLocation());
+		ExprId ForceVerSSA(size_t size, SSARegister dst, SSARegister src, const ILSourceLocation& loc = ILSourceLocation());
+
+		ExprId Assert(size_t size, uint32_t reg, const PossibleValueSet& pvs, const ILSourceLocation& loc = ILSourceLocation());
+		ExprId AssertSSA(size_t size, SSARegister reg, const PossibleValueSet& pvs, const ILSourceLocation& loc = ILSourceLocation());
+
 		/*! Reads \c size bytes from the expression \c addr
 
 			\param size Number of bytes to read
@@ -13187,6 +13199,9 @@ namespace BinaryNinja {
 		*/
 		BNMediumLevelILLabel* GetLabelForSourceInstruction(size_t i);
 
+		size_t CachePossibleValueSet(const PossibleValueSet& pvs);
+		PossibleValueSet GetCachedPossibleValueSet(size_t idx);
+
 		ExprId AddExpr(BNMediumLevelILOperation operation, size_t size, ExprId a = 0, ExprId b = 0, ExprId c = 0,
 		    ExprId d = 0, ExprId e = 0);
 		ExprId AddExprWithLocation(BNMediumLevelILOperation operation, uint64_t addr, uint32_t sourceOperand,
@@ -13210,6 +13225,13 @@ namespace BinaryNinja {
 		    const ILSourceLocation& loc = ILSourceLocation());
 		ExprId SetVarAliasedField(size_t size, const Variable& dest, size_t newMemVersion, size_t prevMemVersion,
 		    uint64_t offset, ExprId src, const ILSourceLocation& loc = ILSourceLocation());
+
+		ExprId ForceVer(size_t size, const Variable& dest, const Variable& src, const ILSourceLocation& loc = ILSourceLocation());
+		ExprId ForceVerSSA(size_t size, const SSAVariable& dest, const SSAVariable& src, const ILSourceLocation& loc = ILSourceLocation());
+
+		ExprId Assert(size_t size, const Variable& src, const PossibleValueSet& pvs, const ILSourceLocation& loc = ILSourceLocation());
+		ExprId AssertSSA(size_t size, const SSAVariable& src, const PossibleValueSet& pvs, const ILSourceLocation& loc = ILSourceLocation());
+
 		ExprId Load(size_t size, ExprId src, const ILSourceLocation& loc = ILSourceLocation());
 		ExprId LoadStruct(size_t size, ExprId src, uint64_t offset, const ILSourceLocation& loc = ILSourceLocation());
 		ExprId LoadSSA(size_t size, ExprId src, size_t memVersion, const ILSourceLocation& loc = ILSourceLocation());
@@ -13557,6 +13579,9 @@ namespace BinaryNinja {
 		void SetRootExpr(ExprId expr);
 		void SetRootExpr(const HighLevelILInstruction& expr);
 
+		size_t CachePossibleValueSet(const PossibleValueSet& pvs);
+		PossibleValueSet GetCachedPossibleValueSet(size_t idx);
+
 		ExprId AddExpr(BNHighLevelILOperation operation, size_t size, ExprId a = 0, ExprId b = 0, ExprId c = 0,
 		    ExprId d = 0, ExprId e = 0);
 		ExprId AddExprWithLocation(BNHighLevelILOperation operation, uint64_t addr, uint32_t sourceOperand, size_t size,
@@ -13601,6 +13626,13 @@ namespace BinaryNinja {
 		    const ILSourceLocation& loc = ILSourceLocation());
 		ExprId AssignUnpackMemSSA(const std::vector<ExprId>& output, size_t destMemVersion, ExprId src,
 		    size_t srcMemVersion, const ILSourceLocation& loc = ILSourceLocation());
+
+		ExprId ForceVer(size_t size, const Variable& dest, const Variable& src, const ILSourceLocation& loc = ILSourceLocation());
+		ExprId ForceVerSSA(size_t size, const SSAVariable& dest, const SSAVariable& src, const ILSourceLocation& loc = ILSourceLocation());
+
+		ExprId Assert(size_t size, const Variable& src, const PossibleValueSet& pvs, const ILSourceLocation& loc = ILSourceLocation());
+		ExprId AssertSSA(size_t size, const SSAVariable& src, const PossibleValueSet& pvs, const ILSourceLocation& loc = ILSourceLocation());
+
 		ExprId Var(size_t size, const Variable& src, const ILSourceLocation& loc = ILSourceLocation());
 		ExprId VarSSA(size_t size, const SSAVariable& src, const ILSourceLocation& loc = ILSourceLocation());
 		ExprId VarPhi(const SSAVariable& dest, const std::vector<SSAVariable>& sources,
 
@@ -509,6 +509,8 @@ extern "C"
 		LLIL_SET_FLAG,            // Not valid in SSA form (see LLIL_SET_FLAG_SSA)
 		LLIL_SET_REG_STACK_REL,   // Not valid in SSA form (see LLIL_SET_REG_STACK_REL_SSA)
 		LLIL_REG_STACK_PUSH,      // Not valid in SSA form (expanded)
+		LLIL_ASSERT,
+		LLIL_FORCE_VER,
 		LLIL_LOAD,                // Not valid in SSA form (see LLIL_LOAD_SSA)
 		LLIL_STORE,               // Not valid in SSA form (see LLIL_STORE_SSA)
 		LLIL_PUSH,                // Not valid in SSA form (expanded)
@@ -628,6 +630,8 @@ extern "C"
 		LLIL_REG_STACK_FREE_REL_SSA,
 		LLIL_REG_STACK_FREE_ABS_SSA,
 		LLIL_SET_FLAG_SSA,
+		LLIL_ASSERT_SSA,
+		LLIL_FORCE_VER_SSA,
 		LLIL_FLAG_SSA,
 		LLIL_FLAG_BIT_SSA,
 		LLIL_CALL_SSA,
@@ -1200,6 +1204,8 @@ extern "C"
 		MLIL_SET_VAR,        // Not valid in SSA form (see MLIL_SET_VAR_SSA)
 		MLIL_SET_VAR_FIELD,  // Not valid in SSA form (see MLIL_SET_VAR_FIELD)
 		MLIL_SET_VAR_SPLIT,  // Not valid in SSA form (see MLIL_SET_VAR_SPLIT_SSA)
+		MLIL_ASSERT,
+		MLIL_FORCE_VER,
 		MLIL_LOAD,           // Not valid in SSA form (see MLIL_LOAD_SSA)
 		MLIL_LOAD_STRUCT,    // Not valid in SSA form (see MLIL_LOAD_STRUCT_SSA)
 		MLIL_STORE,          // Not valid in SSA form (see MLIL_STORE_SSA)
@@ -1320,6 +1326,8 @@ extern "C"
 		MLIL_VAR_ALIASED,
 		MLIL_VAR_ALIASED_FIELD,
 		MLIL_VAR_SPLIT_SSA,
+		MLIL_ASSERT_SSA,
+		MLIL_FORCE_VER_SSA,
 		MLIL_CALL_SSA,
 		MLIL_CALL_UNTYPED_SSA,
 		MLIL_SYSCALL_SSA,
@@ -1396,6 +1404,8 @@ extern "C"
 		HLIL_VAR_INIT,
 		HLIL_ASSIGN,
 		HLIL_ASSIGN_UNPACK,
+		HLIL_FORCE_VER,
+		HLIL_ASSERT,
 		HLIL_VAR,
 		HLIL_STRUCT_FIELD,
 		HLIL_ARRAY_INDEX,
@@ -1497,6 +1507,8 @@ extern "C"
 		HLIL_VAR_INIT_SSA,
 		HLIL_ASSIGN_MEM_SSA,
 		HLIL_ASSIGN_UNPACK_MEM_SSA,
+		HLIL_FORCE_VER_SSA,
+		HLIL_ASSERT_SSA,
 		HLIL_VAR_SSA,
 		HLIL_ARRAY_INDEX_SSA,
 		HLIL_DEREF_SSA,
@@ -2610,6 +2622,7 @@ extern "C"
 	{
 		BNVariable var;
 		BNArchitectureAndAddress defSite;
+		bool after;
 		BNPossibleValueSet value;
 	} BNUserVariableValue;
 
@@ -5393,14 +5406,17 @@ extern "C"
 	BINARYNINJACOREAPI BNFlowGraph* BNGetUnresolvedStackAdjustmentGraph(BNFunction* func);
 
 	BINARYNINJACOREAPI void BNSetUserVariableValue(BNFunction* func, const BNVariable* var,
-	    const BNArchitectureAndAddress* defSite, const BNPossibleValueSet* value);
+	    const BNArchitectureAndAddress* defSite, bool after, const BNPossibleValueSet* value);
 	BINARYNINJACOREAPI void BNClearUserVariableValue(
-	    BNFunction* func, const BNVariable* var, const BNArchitectureAndAddress* defSite);
+	    BNFunction* func, const BNVariable* var, const BNArchitectureAndAddress* defSite, bool after);
 	BINARYNINJACOREAPI BNUserVariableValue* BNGetAllUserVariableValues(BNFunction* func, size_t* count);
 	BINARYNINJACOREAPI void BNFreeUserVariableValues(BNUserVariableValue* result);
 	BINARYNINJACOREAPI bool BNParsePossibleValueSet(BNBinaryView* view, const char* valueText,
 	    BNRegisterValueType state, BNPossibleValueSet* result, uint64_t here, char** errors);
 
+	BINARYNINJACOREAPI void BNCreateForcedVariableVersion(BNFunction* func, const BNVariable* var, const BNArchitectureAndAddress* defSite);
+	BINARYNINJACOREAPI void BNClearForcedVariableVersion(BNFunction* func, const BNVariable* var, const BNArchitectureAndAddress* defSite);
+
 	BINARYNINJACOREAPI void BNRequestFunctionDebugReport(BNFunction* func, const char* name);
 
 	BINARYNINJACOREAPI BNILReferenceSource* BNGetMediumLevelILVariableReferences(
@@ -5747,6 +5763,9 @@ extern "C"
 	    BNLowLevelILFunction* func, size_t expr, size_t operand, size_t* count);
 	BINARYNINJACOREAPI void BNLowLevelILFreeOperandList(uint64_t* operands);
 
+	BINARYNINJACOREAPI size_t BNCacheLowLevelILPossibleValueSet(BNLowLevelILFunction* func, BNPossibleValueSet* pvs);
+	BINARYNINJACOREAPI BNPossibleValueSet BNGetCachedLowLevelILPossibleValueSet(BNLowLevelILFunction* func, size_t idx);
+
 	BINARYNINJACOREAPI BNLowLevelILInstruction BNGetLowLevelILByIndex(BNLowLevelILFunction* func, size_t i);
 	BINARYNINJACOREAPI size_t BNGetLowLevelILIndexForInstruction(BNLowLevelILFunction* func, size_t i);
 	BINARYNINJACOREAPI size_t BNGetLowLevelILInstructionForExpr(BNLowLevelILFunction* func, size_t expr);
@@ -5900,6 +5919,9 @@ extern "C"
 	    BNMediumLevelILFunction* func, size_t expr, size_t operand, size_t* count);
 	BINARYNINJACOREAPI void BNMediumLevelILFreeOperandList(uint64_t* operands);
 
+	BINARYNINJACOREAPI size_t BNCacheMediumLevelILPossibleValueSet(BNMediumLevelILFunction* func, BNPossibleValueSet* pvs);
+	BINARYNINJACOREAPI BNPossibleValueSet BNGetCachedMediumLevelILPossibleValueSet(BNMediumLevelILFunction* func, size_t idx);
+
 	BINARYNINJACOREAPI BNMediumLevelILInstruction BNGetMediumLevelILByIndex(BNMediumLevelILFunction* func, size_t i);
 	BINARYNINJACOREAPI size_t BNGetMediumLevelILIndexForInstruction(BNMediumLevelILFunction* func, size_t i);
 	BINARYNINJACOREAPI size_t BNGetMediumLevelILInstructionForExpr(BNMediumLevelILFunction* func, size_t expr);
@@ -6058,6 +6080,9 @@ extern "C"
 	    BNHighLevelILFunction* func, size_t expr, size_t operand, size_t* count);
 	BINARYNINJACOREAPI void BNHighLevelILFreeOperandList(uint64_t* operands);
 
+	BINARYNINJACOREAPI size_t BNCacheHighLevelILPossibleValueSet(BNHighLevelILFunction* func, BNPossibleValueSet* pvs);
+	BINARYNINJACOREAPI BNPossibleValueSet BNGetCachedHighLevelILPossibleValueSet(BNHighLevelILFunction* func, size_t idx);
+
 	BINARYNINJACOREAPI BNHighLevelILInstruction BNGetHighLevelILByIndex(
 	    BNHighLevelILFunction* func, size_t i, bool asFullAst);
 	BINARYNINJACOREAPI size_t BNGetHighLevelILIndexForInstruction(BNHighLevelILFunction* func, size_t i);
 
@@ -539,7 +539,7 @@ PossibleValueSet PossibleValueSet::FromAPIObject(BNPossibleValueSet& value)
 }
 
 
-BNPossibleValueSet PossibleValueSet::ToAPIObject()
+BNPossibleValueSet PossibleValueSet::ToAPIObject() const
 {
 	BNPossibleValueSet result;
 	result.state = state;
@@ -2601,35 +2601,11 @@ Ref<FlowGraph> Function::GetUnresolvedStackAdjustmentGraph()
 }
 
 
-void Function::SetUserVariableValue(const Variable& var, uint64_t defAddr, PossibleValueSet& value)
+void Function::SetUserVariableValue(const Variable& var, const ArchAndAddr& defAddr, PossibleValueSet& value, bool after)
 {
-	if (var.index != 0)
-	{
-		Ref<MediumLevelILFunction> mlil = GetMediumLevelIL();
-		const set<size_t>& varDefs = mlil->GetVariableDefinitions(var);
-		if (varDefs.size() == 0)
-		{
-			LogError("Could not get definition for Variable");
-			return;
-		}
-		bool found = false;
-		for (auto& site : varDefs)
-		{
-			const MediumLevelILInstruction& instr = mlil->GetInstruction(site);
-			if (instr.address == defAddr)
-			{
-				found = true;
-				break;
-			}
-		}
-		if (!found)
-		{
-			LogError("Could not find definition for variable at given address");
-		}
-	}
 	auto defSite = BNArchitectureAndAddress();
-	defSite.arch = GetArchitecture()->m_object;
-	defSite.address = defAddr;
+	defSite.arch = defAddr.arch->m_object;
+	defSite.address = defAddr.address;
 
 	auto var_data = BNVariable();
 	var_data.type = var.type;
@@ -2638,55 +2614,31 @@ void Function::SetUserVariableValue(const Variable& var, uint64_t defAddr, Possi
 
 	auto valueObj = value.ToAPIObject();
 
-	BNSetUserVariableValue(m_object, &var_data, &defSite, &valueObj);
+	BNSetUserVariableValue(m_object, &var_data, &defSite, after, &valueObj);
 
 	PossibleValueSet::FreeAPIObject(&valueObj);
 }
 
 
-void Function::ClearUserVariableValue(const Variable& var, uint64_t defAddr)
+void Function::ClearUserVariableValue(const Variable& var, const ArchAndAddr& defAddr, bool after)
 {
-	if (var.index != 0)
-	{
-		Ref<MediumLevelILFunction> mlil = GetMediumLevelIL();
-		const set<size_t>& varDefs = mlil->GetVariableDefinitions(var);
-		if (varDefs.size() == 0)
-		{
-			LogError("Could not get definition for Variable");
-			return;
-		}
-		bool found = false;
-		for (auto& site : varDefs)
-		{
-			const MediumLevelILInstruction& instr = mlil->GetInstruction(site);
-			if (instr.address == defAddr)
-			{
-				found = true;
-				break;
-			}
-		}
-		if (!found)
-		{
-			LogError("Could not find definition for variable at given address");
-		}
-	}
 	auto defSite = BNArchitectureAndAddress();
-	defSite.arch = GetArchitecture()->m_object;
-	defSite.address = defAddr;
+	defSite.arch = defAddr.arch->m_object;
+	defSite.address = defAddr.address;
 
 	auto var_data = BNVariable();
 	var_data.type = var.type;
 	var_data.index = var.index;
 	var_data.storage = var.storage;
 
-	BNClearUserVariableValue(m_object, &var_data, &defSite);
+	BNClearUserVariableValue(m_object, &var_data, &defSite, after);
 }
 
 
-map<Variable, map<ArchAndAddr, PossibleValueSet>> Function::GetAllUserVariableValues()
+map<Variable, map<pair<ArchAndAddr, bool>, PossibleValueSet>> Function::GetAllUserVariableValues()
 {
 	size_t count;
-	map<Variable, map<ArchAndAddr, PossibleValueSet>> result;
+	map<Variable, map<pair<ArchAndAddr, bool>, PossibleValueSet>> result;
 	BNUserVariableValue* var_values = BNGetAllUserVariableValues(m_object, &count);
 
 	for (size_t i = 0; i < count; i++)
@@ -2696,7 +2648,7 @@ map<Variable, map<ArchAndAddr, PossibleValueSet>> Function::GetAllUserVariableVa
 		uint64_t address = var_values[i].defSite.address;
 		ArchAndAddr defSite(arch, address);
 		PossibleValueSet value = PossibleValueSet::FromAPIObject(var_values[i].value);
-		result[var][defSite] = value;
+		result[var][{defSite, var_values[i].after}] = value;
 	}
 
 	BNFreeUserVariableValues(var_values);
@@ -2706,17 +2658,47 @@ map<Variable, map<ArchAndAddr, PossibleValueSet>> Function::GetAllUserVariableVa
 
 void Function::ClearAllUserVariableValues()
 {
-	const map<Variable, map<ArchAndAddr, PossibleValueSet>>& allValues = GetAllUserVariableValues();
+	const map<Variable, map<pair<ArchAndAddr, bool>, PossibleValueSet>>& allValues = GetAllUserVariableValues();
 	for (auto& valuePair : allValues)
 	{
 		for (auto& valMap : valuePair.second)
 		{
-			ClearUserVariableValue(valuePair.first, valMap.first.address);
+			ClearUserVariableValue(valuePair.first, valMap.first.first, valMap.first.second);
 		}
 	}
 }
 
 
+void Function::CreateForcedVariableVersion(const Variable& var, const ArchAndAddr& location)
+{
+	auto defSite = BNArchitectureAndAddress();
+	defSite.arch = location.arch->m_object;
+	defSite.address = location.address;
+
+	auto var_data = BNVariable();
+	var_data.type = var.type;
+	var_data.index = var.index;
+	var_data.storage = var.storage;
+
+	BNCreateForcedVariableVersion(m_object, &var_data, &defSite);
+}
+
+
+void Function::ClearForcedVariableVersion(const Variable& var, const ArchAndAddr& location)
+{
+	auto defSite = BNArchitectureAndAddress();
+	defSite.arch = location.arch->m_object;
+	defSite.address = location.address;
+
+	auto var_data = BNVariable();
+	var_data.type = var.type;
+	var_data.index = var.index;
+	var_data.storage = var.storage;
+
+	BNClearForcedVariableVersion(m_object, &var_data, &defSite);
+}
+
+
 void Function::RequestDebugReport(const string& name)
 {
 	BNRequestFunctionDebugReport(m_object, name.c_str());