From c520a388f2e741c435ada0c7b3c6bd9f5b7ae3d2 Mon Sep 17 00:00:00 2001 From: yhc <876680538@qq.com> Date: Sun, 25 Sep 2022 21:22:54 +0800 Subject: [PATCH 1/7] Add support to LAVA-M dataset I add more intercepted functions so that the lava-m programs can properly get input tainted. --- compiler/Runtime.cpp | 3 +- runtime/LibcWrappers.cpp | 106 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+), 1 deletion(-) diff --git a/compiler/Runtime.cpp b/compiler/Runtime.cpp index 81768841..fe0f0a65 100644 --- a/compiler/Runtime.cpp +++ b/compiler/Runtime.cpp @@ -163,7 +163,8 @@ bool isInterceptedFunction(const Function &f) { "malloc", "calloc", "mmap", "mmap64", "open", "read", "lseek", "lseek64", "fopen", "fopen64", "fread", "fseek", "fseeko", "rewind", "fseeko64", "getc", "ungetc", "memcpy", "memset", "strncpy", "strchr", - "memcmp", "memmove", "ntohl", "fgets", "fgetc", "getchar"}; + "memcmp", "memmove", "ntohl", "fgets", "fgetc", "getchar", "freopen", + "fread_unlocked", "getc_unlocked", "getline", "getutxent" }; return (kInterceptedFunctions.count(f.getName()) > 0); } diff --git a/runtime/LibcWrappers.cpp b/runtime/LibcWrappers.cpp index 319ae9f5..05cdb252 100644 --- a/runtime/LibcWrappers.cpp +++ b/runtime/LibcWrappers.cpp @@ -29,6 +29,8 @@ #include "Config.h" #include "Shadow.h" #include +#include +#include #define SYM(x) x##_symbolized @@ -189,6 +191,25 @@ uint32_t SYM(lseek)(int fd, uint32_t offset, int whence) { return (uint32_t)-1; } +FILE *SYM(freopen)(const char *filename, const char *mode, FILE *stream) +{ + auto *result = freopen(filename, mode, stream); + _sym_set_return_expression(nullptr); + if (result != nullptr && !g_config.fullyConcrete && + !g_config.inputFile.empty() && + strstr(filename, g_config.inputFile.c_str()) != nullptr) + { + if (inputFileDescriptor != -1) + std::cerr << "Warning: input file opened multiple times; this is not yet " + "supported" + << std::endl; + inputFileDescriptor = fileno(result); + inputOffset = 0; + } + + return result; +} + FILE *SYM(fopen)(const char *pathname, const char *mode) { auto *result = fopen(pathname, mode); _sym_set_return_expression(nullptr); @@ -246,6 +267,32 @@ size_t SYM(fread)(void *ptr, size_t size, size_t nmemb, FILE *stream) { return result; } +size_t SYM(fread_unlocked)(void *ptr, size_t size, size_t nmemb, FILE *stream) +{ + tryAlternative(ptr, _sym_get_parameter_expression(0), SYM(fread_unlocked)); + tryAlternative(size, _sym_get_parameter_expression(1), SYM(fread_unlocked)); + tryAlternative(nmemb, _sym_get_parameter_expression(2), SYM(fread_unlocked)); + + auto result = fread(ptr, size, nmemb, stream); + _sym_set_return_expression(nullptr); + + if (fileno(stream) == inputFileDescriptor) + { + // Reading symbolic input. + ReadWriteShadow shadow(ptr, result * size); + std::generate(shadow.begin(), shadow.end(), + []() + { return _sym_get_input_byte(inputOffset++); }); + } + else if (!isConcrete(ptr, result * size)) + { + ReadWriteShadow shadow(ptr, result * size); + std::fill(shadow.begin(), shadow.end(), nullptr); + } + + return result; +} + char *SYM(fgets)(char *str, int n, FILE *stream) { tryAlternative(str, _sym_get_parameter_expression(0), SYM(fgets)); tryAlternative(n, _sym_get_parameter_expression(1), SYM(fgets)); @@ -329,6 +376,47 @@ int SYM(fseeko64)(FILE *stream, uint64_t offset, int whence) { return result; } +struct utmpx *SYM(getutxent)() +{ + auto *result = getutxent(); + _sym_set_return_expression(nullptr); + + // Reading symbolic input. + ReadWriteShadow shadow(result, sizeof (struct utmpx)); + std::generate(shadow.begin(), shadow.end(), + []() + { return _sym_get_input_byte(inputOffset++); }); + + return result; +} + +ssize_t SYM(getline)(char **ptr, size_t *n, FILE *stream) +{ + + tryAlternative(ptr, _sym_get_parameter_expression(0), SYM(getline)); + tryAlternative(n, _sym_get_parameter_expression(1), SYM(getline)); + + auto result = getdelim(ptr, n, '\n', stream); + + _sym_set_return_expression(nullptr); + + if (fileno(stream) == inputFileDescriptor) + { + // Reading symbolic input. + ReadWriteShadow shadow(*ptr, result * (*n)); + std::generate(shadow.begin(), shadow.end(), + []() + { return _sym_get_input_byte(inputOffset++); }); + } + else if (!isConcrete(*ptr, result * (*n))) + { + ReadWriteShadow shadow(*ptr, result * (*n)); + std::fill(shadow.begin(), shadow.end(), nullptr); + } + + return result; +} + int SYM(getc)(FILE *stream) { auto result = getc(stream); if (result == EOF) { @@ -345,6 +433,24 @@ int SYM(getc)(FILE *stream) { return result; } +int SYM(getc_unlocked)(FILE *stream) +{ + auto result = getc(stream); + if (result == EOF) + { + _sym_set_return_expression(nullptr); + return result; + } + + if (fileno(stream) == inputFileDescriptor) + _sym_set_return_expression(_sym_build_zext( + _sym_get_input_byte(inputOffset++), sizeof(int) * 8 - 8)); + else + _sym_set_return_expression(nullptr); + + return result; +} + int SYM(fgetc)(FILE *stream) { auto result = fgetc(stream); if (result == EOF) { From bbbe3071808a2544f3b178b224064e5db2e009e3 Mon Sep 17 00:00:00 2001 From: yhc <876680538@qq.com> Date: Mon, 26 Sep 2022 11:48:27 +0800 Subject: [PATCH 2/7] Modified according to the comments --- compiler/Runtime.cpp | 2 +- runtime/LibcWrappers.cpp | 16 +++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/compiler/Runtime.cpp b/compiler/Runtime.cpp index fe0f0a65..ea82efce 100644 --- a/compiler/Runtime.cpp +++ b/compiler/Runtime.cpp @@ -164,7 +164,7 @@ bool isInterceptedFunction(const Function &f) { "lseek64", "fopen", "fopen64", "fread", "fseek", "fseeko", "rewind", "fseeko64", "getc", "ungetc", "memcpy", "memset", "strncpy", "strchr", "memcmp", "memmove", "ntohl", "fgets", "fgetc", "getchar", "freopen", - "fread_unlocked", "getc_unlocked", "getline", "getutxent" }; + "fread_unlocked", "getc_unlocked", "getline", "getutxent" , "getutent"}; return (kInterceptedFunctions.count(f.getName()) > 0); } diff --git a/runtime/LibcWrappers.cpp b/runtime/LibcWrappers.cpp index 05cdb252..f79bba9f 100644 --- a/runtime/LibcWrappers.cpp +++ b/runtime/LibcWrappers.cpp @@ -31,6 +31,7 @@ #include #include #include +#include #define SYM(x) x##_symbolized @@ -273,7 +274,7 @@ size_t SYM(fread_unlocked)(void *ptr, size_t size, size_t nmemb, FILE *stream) tryAlternative(size, _sym_get_parameter_expression(1), SYM(fread_unlocked)); tryAlternative(nmemb, _sym_get_parameter_expression(2), SYM(fread_unlocked)); - auto result = fread(ptr, size, nmemb, stream); + auto result = fread_unlocked(ptr, size, nmemb, stream); _sym_set_return_expression(nullptr); if (fileno(stream) == inputFileDescriptor) @@ -376,13 +377,13 @@ int SYM(fseeko64)(FILE *stream, uint64_t offset, int whence) { return result; } -struct utmpx *SYM(getutxent)() +struct utmp *SYM(getutent)() { - auto *result = getutxent(); + auto *result = getutent(); _sym_set_return_expression(nullptr); // Reading symbolic input. - ReadWriteShadow shadow(result, sizeof (struct utmpx)); + ReadWriteShadow shadow(result, sizeof (struct utmp)); std::generate(shadow.begin(), shadow.end(), []() { return _sym_get_input_byte(inputOffset++); }); @@ -390,6 +391,11 @@ struct utmpx *SYM(getutxent)() return result; } +struct utmpx *SYM(getutxent)() +{ + return (utmpx *)SYM(getutent)(); +} + ssize_t SYM(getline)(char **ptr, size_t *n, FILE *stream) { @@ -435,7 +441,7 @@ int SYM(getc)(FILE *stream) { int SYM(getc_unlocked)(FILE *stream) { - auto result = getc(stream); + auto result = getc_unlocked(stream); if (result == EOF) { _sym_set_return_expression(nullptr); From bc06b1505512c0da7c70ac21a883597ff25ca73e Mon Sep 17 00:00:00 2001 From: aurelf Date: Fri, 24 Nov 2023 19:47:22 +0100 Subject: [PATCH 3/7] clang-format Runtime.cpp --- compiler/Runtime.cpp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/compiler/Runtime.cpp b/compiler/Runtime.cpp index 5702421e..c360baf3 100644 --- a/compiler/Runtime.cpp +++ b/compiler/Runtime.cpp @@ -192,12 +192,13 @@ Runtime::Runtime(Module &M) { /// Decide whether a function is called symbolically. bool isInterceptedFunction(const Function &f) { static const StringSet<> kInterceptedFunctions = { - "malloc", "calloc", "mmap", "mmap64", "open", "read", - "lseek", "lseek64", "fopen", "fopen64", "fread", "fseek", - "fseeko", "rewind", "fseeko64", "getc", "ungetc", "memcpy", - "memset", "strncpy", "strchr", "memcmp", "memmove", "ntohl", - "fgets", "fgetc", "getchar", "bcopy", "bcmp", "bzero", - "freopen", "fread_unlocked", "getc_unlocked", "getline", "getutxent", + "malloc", "calloc", "mmap", "mmap64", "open", + "read", "lseek", "lseek64", "fopen", "fopen64", + "fread", "fseek", "fseeko", "rewind", "fseeko64", + "getc", "ungetc", "memcpy", "memset", "strncpy", + "strchr", "memcmp", "memmove", "ntohl", "fgets", + "fgetc", "getchar", "bcopy", "bcmp", "bzero", + "freopen", "fread_unlocked", "getc_unlocked", "getline", "getutxent", "getutent"}; return (kInterceptedFunctions.count(f.getName()) > 0); From 53cf6a38ca6b606a5b8fa7b2f58852b62a0f7a04 Mon Sep 17 00:00:00 2001 From: aurelf Date: Sat, 25 Nov 2023 17:16:11 +0100 Subject: [PATCH 4/7] clang-format LibcWrappers.cpp --- runtime/LibcWrappers.cpp | 153 +++++++++++++++++---------------------- 1 file changed, 67 insertions(+), 86 deletions(-) diff --git a/runtime/LibcWrappers.cpp b/runtime/LibcWrappers.cpp index 5865c987..7d6e5d29 100644 --- a/runtime/LibcWrappers.cpp +++ b/runtime/LibcWrappers.cpp @@ -47,9 +47,9 @@ #include "Config.h" #include "Shadow.h" #include -#include #include #include +#include #define SYM(x) x##_symbolized @@ -238,23 +238,21 @@ uint32_t SYM(lseek)(int fd, uint32_t offset, int whence) { return (uint32_t)-1; } -FILE *SYM(freopen)(const char *filename, const char *mode, FILE *stream) -{ - auto *result = freopen(filename, mode, stream); - _sym_set_return_expression(nullptr); - if (result != nullptr && !g_config.fullyConcrete && - !g_config.inputFile.empty() && - strstr(filename, g_config.inputFile.c_str()) != nullptr) - { - if (inputFileDescriptor != -1) - std::cerr << "Warning: input file opened multiple times; this is not yet " - "supported" - << std::endl; - inputFileDescriptor = fileno(result); - inputOffset = 0; - } +FILE *SYM(freopen)(const char *filename, const char *mode, FILE *stream) { + auto *result = freopen(filename, mode, stream); + _sym_set_return_expression(nullptr); + if (result != nullptr && !g_config.fullyConcrete && + !g_config.inputFile.empty() && + strstr(filename, g_config.inputFile.c_str()) != nullptr) { + if (inputFileDescriptor != -1) + std::cerr << "Warning: input file opened multiple times; this is not yet " + "supported" + << std::endl; + inputFileDescriptor = fileno(result); + inputOffset = 0; + } - return result; + return result; } FILE *SYM(fopen)(const char *pathname, const char *mode) { @@ -297,30 +295,25 @@ size_t SYM(fread)(void *ptr, size_t size, size_t nmemb, FILE *stream) { return result; } -size_t SYM(fread_unlocked)(void *ptr, size_t size, size_t nmemb, FILE *stream) -{ - tryAlternative(ptr, _sym_get_parameter_expression(0), SYM(fread_unlocked)); - tryAlternative(size, _sym_get_parameter_expression(1), SYM(fread_unlocked)); - tryAlternative(nmemb, _sym_get_parameter_expression(2), SYM(fread_unlocked)); +size_t SYM(fread_unlocked)(void *ptr, size_t size, size_t nmemb, FILE *stream) { + tryAlternative(ptr, _sym_get_parameter_expression(0), SYM(fread_unlocked)); + tryAlternative(size, _sym_get_parameter_expression(1), SYM(fread_unlocked)); + tryAlternative(nmemb, _sym_get_parameter_expression(2), SYM(fread_unlocked)); - auto result = fread_unlocked(ptr, size, nmemb, stream); - _sym_set_return_expression(nullptr); + auto result = fread_unlocked(ptr, size, nmemb, stream); + _sym_set_return_expression(nullptr); - if (fileno(stream) == inputFileDescriptor) - { - // Reading symbolic input. - ReadWriteShadow shadow(ptr, result * size); - std::generate(shadow.begin(), shadow.end(), - []() - { return _sym_get_input_byte(inputOffset++); }); - } - else if (!isConcrete(ptr, result * size)) - { - ReadWriteShadow shadow(ptr, result * size); - std::fill(shadow.begin(), shadow.end(), nullptr); - } + if (fileno(stream) == inputFileDescriptor) { + // Reading symbolic input. + ReadWriteShadow shadow(ptr, result * size); + std::generate(shadow.begin(), shadow.end(), + []() { return _sym_get_input_byte(inputOffset++); }); + } else if (!isConcrete(ptr, result * size)) { + ReadWriteShadow shadow(ptr, result * size); + std::fill(shadow.begin(), shadow.end(), nullptr); + } - return result; + return result; } char *SYM(fgets)(char *str, int n, FILE *stream) { @@ -406,50 +399,40 @@ int SYM(fseeko64)(FILE *stream, uint64_t offset, int whence) { return result; } -struct utmp *SYM(getutent)() -{ - auto *result = getutent(); - _sym_set_return_expression(nullptr); +struct utmp *SYM(getutent)() { + auto *result = getutent(); + _sym_set_return_expression(nullptr); - // Reading symbolic input. - ReadWriteShadow shadow(result, sizeof (struct utmp)); - std::generate(shadow.begin(), shadow.end(), - []() - { return _sym_get_input_byte(inputOffset++); }); + // Reading symbolic input. + ReadWriteShadow shadow(result, sizeof(struct utmp)); + std::generate(shadow.begin(), shadow.end(), + []() { return _sym_get_input_byte(inputOffset++); }); - return result; + return result; } -struct utmpx *SYM(getutxent)() -{ - return (utmpx *)SYM(getutent)(); -} +struct utmpx *SYM(getutxent)() { return (utmpx *)SYM(getutent)(); } -ssize_t SYM(getline)(char **ptr, size_t *n, FILE *stream) -{ +ssize_t SYM(getline)(char **ptr, size_t *n, FILE *stream) { - tryAlternative(ptr, _sym_get_parameter_expression(0), SYM(getline)); - tryAlternative(n, _sym_get_parameter_expression(1), SYM(getline)); + tryAlternative(ptr, _sym_get_parameter_expression(0), SYM(getline)); + tryAlternative(n, _sym_get_parameter_expression(1), SYM(getline)); - auto result = getdelim(ptr, n, '\n', stream); + auto result = getdelim(ptr, n, '\n', stream); - _sym_set_return_expression(nullptr); + _sym_set_return_expression(nullptr); - if (fileno(stream) == inputFileDescriptor) - { - // Reading symbolic input. - ReadWriteShadow shadow(*ptr, result * (*n)); - std::generate(shadow.begin(), shadow.end(), - []() - { return _sym_get_input_byte(inputOffset++); }); - } - else if (!isConcrete(*ptr, result * (*n))) - { - ReadWriteShadow shadow(*ptr, result * (*n)); - std::fill(shadow.begin(), shadow.end(), nullptr); - } + if (fileno(stream) == inputFileDescriptor) { + // Reading symbolic input. + ReadWriteShadow shadow(*ptr, result * (*n)); + std::generate(shadow.begin(), shadow.end(), + []() { return _sym_get_input_byte(inputOffset++); }); + } else if (!isConcrete(*ptr, result * (*n))) { + ReadWriteShadow shadow(*ptr, result * (*n)); + std::fill(shadow.begin(), shadow.end(), nullptr); + } - return result; + return result; } int SYM(getc)(FILE *stream) { @@ -468,22 +451,20 @@ int SYM(getc)(FILE *stream) { return result; } -int SYM(getc_unlocked)(FILE *stream) -{ - auto result = getc_unlocked(stream); - if (result == EOF) - { - _sym_set_return_expression(nullptr); - return result; - } +int SYM(getc_unlocked)(FILE *stream) { + auto result = getc_unlocked(stream); + if (result == EOF) { + _sym_set_return_expression(nullptr); + return result; + } - if (fileno(stream) == inputFileDescriptor) - _sym_set_return_expression(_sym_build_zext( - _sym_get_input_byte(inputOffset++), sizeof(int) * 8 - 8)); - else - _sym_set_return_expression(nullptr); + if (fileno(stream) == inputFileDescriptor) + _sym_set_return_expression(_sym_build_zext( + _sym_get_input_byte(inputOffset++), sizeof(int) * 8 - 8)); + else + _sym_set_return_expression(nullptr); - return result; + return result; } int SYM(fgetc)(FILE *stream) { From 8cc7bfc87478fd9b59917c6454f09ed2b74ed967 Mon Sep 17 00:00:00 2001 From: aurelf Date: Sat, 25 Nov 2023 17:20:19 +0100 Subject: [PATCH 5/7] clang-format Runtime.cpp --- compiler/Runtime.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compiler/Runtime.cpp b/compiler/Runtime.cpp index c360baf3..eb988181 100644 --- a/compiler/Runtime.cpp +++ b/compiler/Runtime.cpp @@ -200,6 +200,6 @@ bool isInterceptedFunction(const Function &f) { "fgetc", "getchar", "bcopy", "bcmp", "bzero", "freopen", "fread_unlocked", "getc_unlocked", "getline", "getutxent", "getutent"}; - + return (kInterceptedFunctions.count(f.getName()) > 0); } From 431f9116fcb649a7cdaab0964d414e0b7cad07dd Mon Sep 17 00:00:00 2001 From: aurelf Date: Sat, 25 Nov 2023 17:30:43 +0100 Subject: [PATCH 6/7] clang-format-14 LibcWrappers.cpp --- runtime/LibcWrappers.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/runtime/LibcWrappers.cpp b/runtime/LibcWrappers.cpp index 7d6e5d29..aa9f9920 100644 --- a/runtime/LibcWrappers.cpp +++ b/runtime/LibcWrappers.cpp @@ -411,7 +411,9 @@ struct utmp *SYM(getutent)() { return result; } -struct utmpx *SYM(getutxent)() { return (utmpx *)SYM(getutent)(); } +struct utmpx *SYM(getutxent)() { + return (utmpx *)SYM(getutent)(); +} ssize_t SYM(getline)(char **ptr, size_t *n, FILE *stream) { From ae1cae9b784fe039e50d6291471458b8421e0e3b Mon Sep 17 00:00:00 2001 From: aurelf Date: Sat, 25 Nov 2023 17:33:01 +0100 Subject: [PATCH 7/7] more format LibcWrappers.cpp --- runtime/LibcWrappers.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/runtime/LibcWrappers.cpp b/runtime/LibcWrappers.cpp index aa9f9920..3dcdf835 100644 --- a/runtime/LibcWrappers.cpp +++ b/runtime/LibcWrappers.cpp @@ -411,8 +411,8 @@ struct utmp *SYM(getutent)() { return result; } -struct utmpx *SYM(getutxent)() { - return (utmpx *)SYM(getutent)(); +struct utmpx *SYM(getutxent)() { + return (utmpx *)SYM(getutent)(); } ssize_t SYM(getline)(char **ptr, size_t *n, FILE *stream) {