From 081ac408392a90f25811c79000d0e11c40d30b53 Mon Sep 17 00:00:00 2001 From: sadiq1971 Date: Wed, 26 Feb 2025 13:58:58 +0600 Subject: [PATCH 1/2] feat: added ignored function on profile --- analyzer/opcode/opcode.go | 3 +++ analyzer/syscall/asm_syscall.go | 4 ++++ common/stack_tracer.go | 11 +++++++++++ profile/cannon/cannon-32.yaml | 2 ++ profile/cannon/cannon-64.yaml | 2 ++ profile/profile.go | 13 +++++++------ profile/readme.md | 5 ++++- 7 files changed, 33 insertions(+), 7 deletions(-) diff --git a/analyzer/opcode/opcode.go b/analyzer/opcode/opcode.go index f976305..20b8abd 100644 --- a/analyzer/opcode/opcode.go +++ b/analyzer/opcode/opcode.go @@ -40,6 +40,9 @@ func (op *opcode) Analyze(path string, withTrace bool) ([]*analyzer.Issue, error if err != nil { // non-reachable portion ignored continue } + if common.ShouldIgnoreSource(source, op.profile.IgnoredFunctions) { + continue + } if !withTrace { source.CallStack = nil } diff --git a/analyzer/syscall/asm_syscall.go b/analyzer/syscall/asm_syscall.go index b73e405..7544693 100644 --- a/analyzer/syscall/asm_syscall.go +++ b/analyzer/syscall/asm_syscall.go @@ -63,6 +63,10 @@ func (a *asmSyscallAnalyser) Analyze(path string, withTrace bool) ([]*analyzer.I if err != nil { // non-reachable portion ignored continue } + if common.ShouldIgnoreSource(source, a.profile.IgnoredFunctions) { + continue + } + if !withTrace { source.CallStack = nil } diff --git a/common/stack_tracer.go b/common/stack_tracer.go index 19cfdc1..1239dac 100644 --- a/common/stack_tracer.go +++ b/common/stack_tracer.go @@ -3,6 +3,7 @@ package common import ( "fmt" "path/filepath" + "slices" "github.com/ChainSafe/vm-compat/analyzer" "github.com/ChainSafe/vm-compat/asmparser" @@ -58,3 +59,13 @@ func TraceAsmCaller( } return src, nil } + +func ShouldIgnoreSource(callStack *analyzer.CallStack, functions []string) bool { + if callStack != nil { + if slices.Contains(functions, callStack.Function) { + return true + } + return ShouldIgnoreSource(callStack.CallStack, functions) + } + return false +} diff --git a/profile/cannon/cannon-32.yaml b/profile/cannon/cannon-32.yaml index acb8cbc..d55aa4a 100644 --- a/profile/cannon/cannon-32.yaml +++ b/profile/cannon/cannon-32.yaml @@ -2,6 +2,8 @@ vm: Cannon goos: linux goarch: mips ignored_functions: + - 'syscall.setrlimit' + - 'runtime.morestack' allowed_opcodes: - opcode: '0x2' diff --git a/profile/cannon/cannon-64.yaml b/profile/cannon/cannon-64.yaml index 864246d..1fd1f0c 100644 --- a/profile/cannon/cannon-64.yaml +++ b/profile/cannon/cannon-64.yaml @@ -2,6 +2,8 @@ vm: Cannon goos: linux goarch: mips64 ignored_functions: + - 'syscall.setrlimit' + - 'runtime.morestack' allowed_opcodes: - opcode: '0x2' diff --git a/profile/profile.go b/profile/profile.go index eacf6bf..9544bca 100644 --- a/profile/profile.go +++ b/profile/profile.go @@ -16,12 +16,13 @@ type OpcodeInstruction struct { // VMProfile represents the configuration for a specific VM. type VMProfile struct { - VMName string `yaml:"vm"` - GOOS string `yaml:"goos"` - GOARCH string `yaml:"goarch"` - AllowedOpcodes []OpcodeInstruction `yaml:"allowed_opcodes"` - AllowedSycalls []int `yaml:"allowed_syscalls"` - NOOPSyscalls []int `yaml:"noop_syscalls"` + VMName string `yaml:"vm"` + GOOS string `yaml:"goos"` + GOARCH string `yaml:"goarch"` + AllowedOpcodes []OpcodeInstruction `yaml:"allowed_opcodes"` + AllowedSycalls []int `yaml:"allowed_syscalls"` + NOOPSyscalls []int `yaml:"noop_syscalls"` + IgnoredFunctions []string `yaml:"ignored_functions"` } func (p *VMProfile) SetDefaults() { diff --git a/profile/readme.md b/profile/readme.md index 2c4aa2e..b884681 100644 --- a/profile/readme.md +++ b/profile/readme.md @@ -12,7 +12,10 @@ A VM profile consists of the following fields: - `allowed_opcodes`: List of permitted opcodes with optional function values. - `allowed_syscalls`: List of system calls allowed by the VM. - `noop_syscalls`: List of system calls treated as no-ops by the VM. -- `ignored_functions`: List of functions or blocks disabled on the VM (e.g., due to multithreading restrictions). +- `ignored_functions`: List of functions or blocks disabled on the VM due to they might never be called in usual scenarios. + Example: + - 'syscall.setrlimit': Only executed in certain condition that doesn't meet with cannon, https://go.dev/src/syscall/rlimit.go + - 'runtime.morestack': Should execute in case of stack overflow, but not in usual case. ## Getting Opcode and Syscall Information Determining the correct opcodes and syscalls for a VM requires extensive research on the targeted VM From 52b2ad3a4822ebc1764024d2f0d97fc5b035538a Mon Sep 17 00:00:00 2001 From: Arun Dhyani Date: Wed, 26 Feb 2025 17:53:17 +0530 Subject: [PATCH 2/2] runtime.abort added to the ignored_functions list --- profile/cannon/cannon-32.yaml | 1 + profile/cannon/cannon-64.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/profile/cannon/cannon-32.yaml b/profile/cannon/cannon-32.yaml index d55aa4a..69096f6 100644 --- a/profile/cannon/cannon-32.yaml +++ b/profile/cannon/cannon-32.yaml @@ -4,6 +4,7 @@ goarch: mips ignored_functions: - 'syscall.setrlimit' - 'runtime.morestack' + - 'runtime.abort' allowed_opcodes: - opcode: '0x2' diff --git a/profile/cannon/cannon-64.yaml b/profile/cannon/cannon-64.yaml index 1fd1f0c..bb7defe 100644 --- a/profile/cannon/cannon-64.yaml +++ b/profile/cannon/cannon-64.yaml @@ -4,6 +4,7 @@ goarch: mips64 ignored_functions: - 'syscall.setrlimit' - 'runtime.morestack' + - 'runtime.abort' allowed_opcodes: - opcode: '0x2'