Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data Structure Analysis #222

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

Data Structure Analysis #222

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
af21c7d
graph utilities
sadrabt Mar 6, 2024
02eff56
added stack object mapping
sadrabt Apr 29, 2024
24e22ad
fixed pointer arithmetic with offset calculations
sadrabt May 1, 2024
8772452
tests
sadrabt May 9, 2024
2b8b563
added call sites
sadrabt May 13, 2024
24ecede
bu phase
sadrabt May 15, 2024
fbee14c
td phase
sadrabt May 16, 2024
d4f97f3
handling relocations
sadrabt May 22, 2024
fccfa94
IL changes
sadrabt Jul 1, 2024
c2f5a4b
fixes
sadrabt Jul 1, 2024
75a3bfb
changed slice tuples to case class
sadrabt Jul 8, 2024
f600c66
separated function entries
sadrabt Jul 8, 2024
3526de8
added bv to signed integer
sadrabt Jul 14, 2024
c806362
readability
sadrabt Jul 29, 2024
ce94199
added solver
sadrabt Aug 5, 2024
17a35a2
union-find merge
sadrabt Aug 8, 2024
7583c31
resolved bugs
sadrabt Aug 19, 2024
78df354
debugged internal offset tracking
sadrabt Aug 26, 2024
1b47aa9
tests
sadrabt Aug 26, 2024
6ecbf09
visualiser
sadrabt Sep 4, 2024
7f0ee33
fixes
sadrabt Sep 9, 2024
4dc7239
documented tests
sadrabt Sep 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
609 changes: 609 additions & 0 deletions examples/interproc_pointer_arithmetic/interproc_pointer_arithmetic.adt
View file
Open in desktop

Large diffs are not rendered by default.

279 changes: 279 additions & 0 deletions examples/interproc_pointer_arithmetic/interproc_pointer_arithmetic.bir
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,279 @@
00000715: program
000006fd: sub __cxa_finalize(__cxa_finalize_result)
00000716: __cxa_finalize_result :: out u32 = low:32[R0]

00000459:
00000561: R16 := 0x1F000
00000568: R17 := mem[R16 + 0xFB0, el]:u64
0000056e: R16 := R16 + 0xFB0
00000573: call R17 with noreturn

000006fe: sub __do_global_dtors_aux(__do_global_dtors_aux_result)
00000717: __do_global_dtors_aux_result :: out u32 = low:32[R0]

000002df:
000002e3: #3 := R31 - 0x20
000002e9: mem := mem with [#3, el]:u64 <- R29
000002ef: mem := mem with [#3 + 8, el]:u64 <- R30
000002f3: R31 := #3
000002f9: R29 := R31
00000301: mem := mem with [R31 + 0x10, el]:u64 <- R19
00000306: R19 := 0x20000
0000030d: R0 := pad:64[mem[R19 + 0x10]]
00000314: when 31:0[R0] <> 0 goto %00000312
000006ff: goto %00000422

00000422:
00000425: R0 := 0x1F000
0000042c: R0 := mem[R0 + 0xFE0, el]:u64
00000432: when R0 = 0 goto %00000430
00000700: goto %00000449

00000449:
0000044c: R0 := 0x20000
00000453: R0 := mem[R0 + 8, el]:u64
00000458: R30 := 0x730
0000045b: call @__cxa_finalize with return %00000430

00000430:
00000438: R30 := 0x734
0000043a: call @deregister_tm_clones with return %0000043c

0000043c:
0000043f: R0 := 1
00000447: mem := mem with [R19 + 0x10] <- 7:0[R0]
00000701: goto %00000312

00000312:
0000031c: R19 := mem[R31 + 0x10, el]:u64
00000323: R29 := mem[R31, el]:u64
00000328: R30 := mem[R31 + 8, el]:u64
0000032c: R31 := R31 + 0x20
00000331: call R30 with noreturn

00000702: sub __libc_start_main(__libc_start_main_main, __libc_start_main_arg2, __libc_start_main_arg3, __libc_start_main_auxv, __libc_start_main_result)
00000718: __libc_start_main_main :: in u64 = R0
00000719: __libc_start_main_arg2 :: in u32 = low:32[R1]
0000071a: __libc_start_main_arg3 :: in out u64 = R2
0000071b: __libc_start_main_auxv :: in out u64 = R3
0000071c: __libc_start_main_result :: out u32 = low:32[R0]

00000238:
0000054b: R16 := 0x1F000
00000552: R17 := mem[R16 + 0xFA8, el]:u64
00000558: R16 := R16 + 0xFA8
0000055d: call R17 with noreturn

00000703: sub _fini(_fini_result)
0000071d: _fini_result :: out u32 = low:32[R0]

00000034:
0000003a: #0 := R31 - 0x10
00000040: mem := mem with [#0, el]:u64 <- R29
00000046: mem := mem with [#0 + 8, el]:u64 <- R30
0000004a: R31 := #0
00000050: R29 := R31
00000057: R29 := mem[R31, el]:u64
0000005c: R30 := mem[R31 + 8, el]:u64
00000060: R31 := R31 + 0x10
00000065: call R30 with noreturn

00000704: sub _init(_init_result)
0000071e: _init_result :: out u32 = low:32[R0]

0000063c:
00000642: #6 := R31 - 0x10
00000648: mem := mem with [#6, el]:u64 <- R29
0000064e: mem := mem with [#6 + 8, el]:u64 <- R30
00000652: R31 := #6
00000658: R29 := R31
0000065d: R30 := 0x5C8
0000065f: call @call_weak_fn with return %00000661

00000661:
00000666: R29 := mem[R31, el]:u64
0000066b: R30 := mem[R31 + 8, el]:u64
0000066f: R31 := R31 + 0x10
00000674: call R30 with noreturn

00000705: sub _start(_start_result)
0000071f: _start_result :: out u32 = low:32[R0]

000001f9:
000001fe: R29 := 0
00000203: R30 := 0
00000209: R5 := R0
00000210: R1 := mem[R31, el]:u64
00000216: R2 := R31 + 8
0000021c: R6 := R31
00000221: R0 := 0x1F000
00000228: R0 := mem[R0 + 0xFF0, el]:u64
0000022d: R3 := 0
00000232: R4 := 0
00000237: R30 := 0x670
0000023a: call @__libc_start_main with return %0000023c

0000023c:
0000023f: R30 := 0x674
00000242: call @abort with return %00000706

00000706:
00000707: call @call_weak_fn with noreturn

00000708: sub abort()


00000240:
000005a3: R16 := 0x1F000
000005aa: R17 := mem[R16 + 0xFC8, el]:u64
000005b0: R16 := R16 + 0xFC8
000005b5: call R17 with noreturn

00000709: sub call_weak_fn(call_weak_fn_result)
00000720: call_weak_fn_result :: out u32 = low:32[R0]

00000244:
00000247: R0 := 0x1F000
0000024e: R0 := mem[R0 + 0xFE8, el]:u64
00000254: when R0 = 0 goto %00000252
0000070a: goto %00000499

00000252:
0000025a: call R30 with noreturn

00000499:
0000049c: goto @__gmon_start__

0000049a:
0000058d: R16 := 0x1F000
00000594: R17 := mem[R16 + 0xFC0, el]:u64
0000059a: R16 := R16 + 0xFC0
0000059f: call R17 with noreturn

0000070b: sub callee(callee_result)
00000721: callee_result :: out u32 = low:32[R0]

0000033b:
0000033f: R31 := R31 - 0x20
00000347: mem := mem with [R31 + 8, el]:u64 <- R0
0000034e: R0 := mem[R31 + 8, el]:u64
00000354: R0 := R0 + 0x10
0000035c: mem := mem with [R31 + 0x18, el]:u64 <- R0
00000363: R0 := mem[R31 + 0x18, el]:u64
00000369: R31 := R31 + 0x20
0000036e: call R30 with noreturn

0000070c: sub deregister_tm_clones(deregister_tm_clones_result)
00000722: deregister_tm_clones_result :: out u32 = low:32[R0]

00000260:
00000263: R0 := 0x20000
00000269: R0 := R0 + 0x10
0000026e: R1 := 0x20000
00000274: R1 := R1 + 0x10
0000027a: #1 := ~R0
0000027f: #2 := R1 + ~R0
00000285: VF := extend:65[#2 + 1] <> extend:65[R1] + extend:65[#1] + 1
0000028b: CF := pad:65[#2 + 1] <> pad:65[R1] + pad:65[#1] + 1
0000028f: ZF := #2 + 1 = 0
00000293: NF := 63:63[#2 + 1]
00000299: when ZF goto %00000297
0000070d: goto %0000047b

0000047b:
0000047e: R1 := 0x1F000
00000485: R1 := mem[R1 + 0xFD8, el]:u64
0000048a: when R1 = 0 goto %00000297
0000070e: goto %0000048e

00000297:
0000029f: call R30 with noreturn

0000048e:
00000492: R16 := R1
00000497: call R16 with noreturn

0000070f: sub frame_dummy(frame_dummy_result)
00000723: frame_dummy_result :: out u32 = low:32[R0]

00000337:
00000339: call @register_tm_clones with noreturn

00000710: sub main(main_argc, main_argv, main_result)
00000724: main_argc :: in u32 = low:32[R0]
00000725: main_argv :: in out u64 = R1
00000726: main_result :: out u32 = low:32[R0]

00000370:
00000374: #4 := R31 - 0x30
0000037a: mem := mem with [#4, el]:u64 <- R29
00000380: mem := mem with [#4 + 8, el]:u64 <- R30
00000384: R31 := #4
0000038a: R29 := R31
0000038f: R0 := 0x14
00000394: R30 := 0x784
00000397: call @malloc with return %00000399

00000399:
0000039f: mem := mem with [R31 + 0x18, el]:u64 <- R0
000003a6: R0 := mem[R31 + 0x18, el]:u64
000003ab: R1 := 0xC
000003b3: mem := mem with [R0, el]:u32 <- 31:0[R1]
000003ba: R0 := mem[R31 + 0x18, el]:u64
000003c0: R0 := R0 + 0x10
000003c8: mem := mem with [R31 + 0x20, el]:u64 <- R0
000003cf: R0 := mem[R31 + 0x20, el]:u64
000003d4: R1 := 0xD
000003dc: mem := mem with [R0, el]:u32 <- 31:0[R1]
000003e3: R0 := mem[R31 + 0x20, el]:u64
000003e8: R30 := 0x7B4
000003ea: call @callee with return %000003ec

000003ec:
000003f2: mem := mem with [R31 + 0x28, el]:u64 <- R0
000003f9: R0 := mem[R31 + 0x28, el]:u64
000003fe: R1 := 0xE
00000406: mem := mem with [R0, el]:u32 <- 31:0[R1]
0000040b: R0 := 0
00000412: R29 := mem[R31, el]:u64
00000417: R30 := mem[R31 + 8, el]:u64
0000041b: R31 := R31 + 0x30
00000420: call R30 with noreturn

00000711: sub malloc(malloc_size, malloc_result)
00000727: malloc_size :: in u64 = R0
00000728: malloc_result :: out u64 = R0

00000395:
00000577: R16 := 0x1F000
0000057e: R17 := mem[R16 + 0xFB8, el]:u64
00000584: R16 := R16 + 0xFB8
00000589: call R17 with noreturn

00000712: sub register_tm_clones(register_tm_clones_result)
00000729: register_tm_clones_result :: out u32 = low:32[R0]

000002a1:
000002a4: R0 := 0x20000
000002aa: R0 := R0 + 0x10
000002af: R1 := 0x20000
000002b5: R1 := R1 + 0x10
000002bc: R1 := R1 + ~R0 + 1
000002c2: R2 := 0.63:63[R1]
000002c9: R1 := R2 + (R1 ~>> 3)
000002cf: R1 := extend:64[63:1[R1]]
000002d5: when R1 = 0 goto %000002d3
00000713: goto %0000045d

0000045d:
00000460: R2 := 0x1F000
00000467: R2 := mem[R2 + 0xFF8, el]:u64
0000046c: when R2 = 0 goto %000002d3
00000714: goto %00000470

000002d3:
000002db: call R30 with noreturn

00000470:
00000474: R16 := R2
00000479: call R16 with noreturn
14 changes: 14 additions & 0 deletions examples/interproc_pointer_arithmetic/interproc_pointer_arithmetic.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#include <stdlib.h>
int* callee(int* arg) {
int* ret = arg + sizeof(int); // this is wrong
return ret;
}

int main() {
int *bar = malloc(5 * sizeof(int));
*bar = 12;
int* foo = bar + sizeof(int);
*foo = 13;
int* bat = callee(foo);
*bat = 14;
}
Loading