How does bosce work internally

[qknight]

I'm using https://www.etlcpp.com/fsm.html and I'd love to have bosce support that as well. What would I have to do in order to make that happen?

I've tried to understand the implementation but it is complex and has not much documentation how to generate the target binary which needs to be analyzed with debug and how bosce then analyzes it. It would be helpful if someone can point out what it looks for in the binary and how it extracts the relations then.

[kanje]

Hi! It parses the output of objdump -j .text -C -d myBinary. If myBinary is built with debug symbols then the objdump output will contain all boost::statechart related symbol names, such as class or function names. And because it uses a lot of templates, it is very verbose. One can use it to extract all statechart, state and event names, all transitions etc.

For example, here one can see that a state has one custom reaction on a specific event on one deferral.

boost::statechart::detail::reaction_result
     boost::statechart::simple_state< *state-spec* >::
         local_react<boost::mpl::list<
                         boost::statechart::custom_reaction< *event-name* >,
                         boost::statechart::deferral< * event-name * >,
                         mpl_::na, ..., mpl_::na> >(
                            boost::statechart::event_base const&, void const*)>

If the FSM you have mentioned has the same level of verbosity, we could re-implement ScParser.cpp for this STM and the rest would work out of the box.

[qknight]

Thanks you so much for your insight! I've been trying to extract some meaningful strings with your objdump -j .text -C -d myBinary for our ETL based state machine but so far it seems to be not even there. Maybe I find some other means to gather the data as for instance using gdb to print the structs.

We could close this ticket now.