SMPFunction.cpp

		set<DefOrUse, LessDefUse>::iterator setIterator;
		for (setIterator = Instructions->GetFirstDef(); setIterator != Instructions->GetLastDef(); setIterator++) {
			op_t Operand = setIterator->GetOp();
			int BaseReg;
			int IndexReg;
			ushort ScaleFactor;
			ea_t offset;
			if (Operand.type == o_mem) {
				// now o_mem can have sib byte as well, as
				// reported by IDA. Check if the base reg is R_none
				// and index reg is R_none. If they are, then this is
				// a direct global write and can be marked safe.
				MDExtractAddressFields(Operand, BaseReg, IndexReg, ScaleFactor, offset);
				if ((BaseReg == R_none) && (IndexReg == R_none)) {
					// go onto next def
					continue;
				}
				else {
					HasIndirectGlobalWrite = true;
				}
			}
			else if (Operand.type == o_displ) {
				MDExtractAddressFields(Operand, BaseReg, IndexReg, ScaleFactor, offset);
				bool FramePointerRelative = (this->UseFP && (BaseReg == R_bp));
				bool StackPointerRelative = (BaseReg == R_sp);
				if (StackPointerRelative || FramePointerRelative) {
					if (IndexReg == R_none) {
						bool tempWritesAboveLocalFrame = this->WritesAboveLocalFrame(Operand);
						WritesAboveLocalFrame |= tempWritesAboveLocalFrame;
#if SMP_DEBUG_FUNC 
						if (tempWritesAboveLocalFrame) {
							msg(" Function %s marked as unsafe due to direct write above loc "
								"variables offset=%x  loc=%x\n ", this->GetFuncName(), 
								offset, this->LocalVarsSize);	
							msg("Write above local frame in %s : offset: %d ",
								this->GetFuncName(), offset);
							msg("LocalVarsSize: %d OutgoingArgsSize: %d frsize: %d frregs: %d",
								this->LocalVarsSize, this->OutgoingArgsSize, 
								this->FuncInfo.frsize, this->FuncInfo.frregs);
							Instructions->Dump();
						}
#endif
					}
					else {
						bool tempWritesAboveLocalFrameIndirect = this->IndexedWritesAboveLocalFrame(Operand);

						/* seperate indirect writes to this frame from indirect writes to another frame */
						if (tempWritesAboveLocalFrameIndirect) {
							WritesAboveLocalFrameIndirect = true;
#if SMP_DEBUG_FUNC 
							msg(" Function %s marked as unsafe due to indexed stack write above "
								"loc variable offset\n", this->GetFuncName());	
							msg("%s %x\n", (Instructions)->GetDisasm(), (Instructions)->GetAddr());
#endif
						}
						else {
							HasIndexedStackWrite = true;
#if SMP_DEBUG_FUNC 
							msg(" Function %s marked as unsafe due to indexed stack write\n", 
								this->GetFuncName());	
							msg("%s %x\n", (Instructions)->GetDisasm(), (Instructions)->GetAddr());
#endif
						}
					}
				}
				else {
					/* check whether there is profiler information for this indirect reference */
					HasIndirectWrite = true;
				}
			}
			else if (Operand.type == o_phrase) {
				// so phrase is of the form [BASE_REG + IND ]
				// if the index register is missing just make sure that
				// the displacement is below stack frame top
				MDExtractAddressFields(Operand, BaseReg, IndexReg, ScaleFactor, offset);
				// check the base reg
				// if index reg is used mark as unsafe 
				if ((BaseReg == R_sp || (this->UseFP && BaseReg == R_bp))) {
					if (IndexReg == R_none) {
						/* addressing mode is *esp or *ebp */
						continue;
					}
					else {
						HasIndexedStackWrite = true;
#if SMP_DEBUG_FUNC 
						msg(" Function %s marked as unsafe due to indexed stack write\n", this->GetFuncName());	
						msg("%s %x\n", (Instructions)->GetDisasm(), (Instructions)->GetAddr());
#endif
					}
				}
				else {
					/* check whether there is profiler information for this indirect reference */
					HasIndirectWrite = true;
				}
			}
			// else not memory, and we don't care.
		} // end for all DEFs in current instruction
	} // end for all instructions

	// For mmStrata bounds checking of the stack frame, we don't care
	//  about indirect writes unless they are to the stack.
	bool Unsafe = (HasStackPointerCopy || HasStackPointerPush 
		|| HasIndexedStackWrite || this->SharedChunks
		|| this->UnresolvedIndirectJumps || this->UnresolvedIndirectCalls);
	this->SafeFunc = (!Unsafe);

	bool SpecUnsafe = (HasStackPointerCopy || HasStackPointerPush 
		|| HasIndexedStackWrite || this->SharedChunks
		|| this->UnresolvedIndirectJumps);
	this->SpecSafeFunc = (!SpecUnsafe);

	this->WritesAboveRA = WritesAboveLocalFrameIndirect;
	this->SafeCallee = (!Unsafe) && (!WritesAboveLocalFrameIndirect) && this->AnalyzedSP;
	this->SpecSafeCallee = (!SpecUnsafe) && (!WritesAboveLocalFrameIndirect) && this->AnalyzedSP;
	this->NeedsStackReferent = Unsafe;
	this->SpecNeedsStackReferent = SpecUnsafe;

	this->HasIndirectWrites = (HasIndexedStackWrite || HasIndirectWrite
		|| WritesAboveLocalFrameIndirect || HasIndirectGlobalWrite);

	if (Unsafe || WritesAboveLocalFrame || WritesAboveLocalFrameIndirect || HasIndirectGlobalWrite 
		|| HasIndirectWrite || (!this->AnalyzedSP)) {
		this->ReturnAddrStatus = FUNC_UNSAFE;
#if SMP_DEBUG_FUNC
		msg("UNSAFE function %s ", this->GetFuncName());
		msg("StackPtrCopy: %d StackPtrPush: %d IndirectGlobal: %d ",
			HasStackPointerCopy, HasStackPointerPush, HasIndirectGlobalWrite);
		msg("WritesAboveFrame: %d IndirectStack: %d IndirectWrite: %d ",
			WritesAboveLocalFrame, HasIndexedStackWrite, HasIndirectWrite);
		msg("AnalyzedSP: %d UnresolvedCalls: %d UnresolvedJumps: %d SharedChunks: %d IsLeaf: %d\n",
			this->AnalyzedSP, this->UnresolvedIndirectCalls, this->UnresolvedIndirectJumps,
			this->SharedChunks, this->IsLeaf());
#endif
	}
	else if (HasCallTargets) {
		this->ReturnAddrStatus = FUNC_UNKNOWN;
	}

#if SMP_DEBUG_FUNC
	if (ReturnAddrStatus == FUNC_SAFE)
		msg("Function %s is SAFE\n", GetFuncName());
	else if (ReturnAddrStatus == FUNC_SAFE)
		msg("Function %s is UNSAFE\n", GetFuncName());
	else if (ReturnAddrStatus == FUNC_SAFE)
		msg("Function %s is UNKNOWN\n", GetFuncName());

	if (!Unsafe) 
		msg("Function %s is mmSAFE\n", GetFuncName());
	else 
		msg("Function %s is mmUNSAFE\n", GetFuncName());

	if (!SpecUnsafe) 
		msg("Function %s is Speculatively mmSAFE\n", GetFuncName());
	else 
		msg("Function %s is Speculatively mmUNSAFE\n", GetFuncName());

#endif
	return;
} // end of SMPFunction::MarkFunctionSafe()