Package org.jakstab.rtl.expressions

Examples of org.jakstab.rtl.expressions.RTLNumber


    //assert other.getBitWidth() == this.getBitWidth() : "Trying to join numberelements of different bitwidth: " + other + " and " + this;
    if (other.getBitWidth() > this.getBitWidth()) return getTop(other.getBitWidth());
    if (this.getBitWidth() > other.getBitWidth()) return getTop(this.getBitWidth());
    if (l.isTop() || isTop()) return getTop(getBitWidth());
   
    RTLNumber c = other.value;
    if (c.equals(value)) return this;
    else return getTop(getBitWidth());
  }
View Full Code Here


    // If not on trace, don't concretize
    if (isBot()) return null;

    RTLExpression condition = expressions[0];
    RTLExpression target = expressions[1];
    RTLNumber cCondition;
    RTLNumber cTarget;
   
    Set<Tuple<RTLNumber>> res = new FastSet<Tuple<RTLNumber>>();
   
    for (AbsoluteAddress successor : getNextPC()) {
      RTLNumber nextPC = successor.toNumericConstant();

      if (target instanceof RTLNumber) {
        // If target is a number, this is a direct jump, and maybe conditional

        cTarget = (RTLNumber)target;
View Full Code Here

    Set<CFAEdge> results = new FastSet<CFAEdge>();

    Set<Tuple<RTLNumber>> valuePairs = a.projectionFromConcretization(
        stmt.getCondition(), stmt.getTargetExpression());
    for (Tuple<RTLNumber> pair : valuePairs) {
      RTLNumber conditionValue = pair.get(0);
      RTLNumber targetValue = pair.get(1);
      Location nextLabel;
      // assume correct condition case
      assert conditionValue != null;
      RTLExpression assumption =
          ExpressionFactory.createEqual(stmt.getCondition(), conditionValue);
View Full Code Here

    }

    Set<Tuple<RTLNumber>> valuePairs = a.projectionFromConcretization(
        stmt.getCondition(), stmt.getTargetExpression());
    for (Tuple<RTLNumber> pair : valuePairs) {
      RTLNumber conditionValue = pair.get(0);
      RTLNumber targetValue = pair.get(1);
      Location nextLabel;
      // assume correct condition case
      assert conditionValue != null;
      RTLExpression assumption =
          ExpressionFactory.createEqual(stmt.getCondition(), conditionValue);
View Full Code Here

    Set<RTLStatement> results = new FastSet<RTLStatement>();

    Set<Tuple<RTLNumber>> valuePairs = a.projectionFromConcretization(
        stmt.getCondition(), stmt.getTargetExpression());
    for (Tuple<RTLNumber> pair : valuePairs) {
      RTLNumber conditionValue = pair.get(0);
      RTLNumber targetValue = pair.get(1);
      Location nextLabel;
      // assume correct condition case
      assert conditionValue != null;
      RTLExpression assumption =
          ExpressionFactory.createEqual(stmt.getCondition(), conditionValue);
View Full Code Here

    Set<CFAEdge> results = new FastSet<CFAEdge>();

    Set<Tuple<RTLNumber>> valuePairs = a.projectionFromConcretization(
        stmt.getCondition(), stmt.getTargetExpression());
    for (Tuple<RTLNumber> pair : valuePairs) {
      RTLNumber conditionValue = pair.get(0);
      RTLNumber targetValue = pair.get(1);
      Location nextLabel;
      // assume correct condition case
      assert conditionValue != null;
      RTLExpression assumption =
          ExpressionFactory.createEqual(stmt.getCondition(), conditionValue);
View Full Code Here

        DualCompositeState dcs = (DualCompositeState)a;

        // Add all edges from over-approximation
        for (Tuple<RTLNumber> pair : dcs.projectionFromConcretization(stmt.getCondition(), stmt.getTargetExpression())) {
          RTLNumber conditionValue = pair.get(0);
          RTLNumber targetValue = pair.get(1);
          Location nextLabel;
          // Start building the assume expression: assume correct condition case
          assert conditionValue != null;
          RTLExpression assumption =
              ExpressionFactory.createEqual(stmt.getCondition(), conditionValue);
          if (conditionValue.equals(ExpressionFactory.FALSE)) {
            // assume (condition = false), and set next statement to fallthrough
            nextLabel = stmt.getNextLabel();
          } else {
            if (targetValue == null) {
              logger.debug("No value from MAY-analysis at " + stmt.getLabel());
              sound = false;
              unresolvedBranches.add(stmt.getLabel());
              continue;
            }
            // assume (condition = true AND targetExpression = targetValue)
            assumption = ExpressionFactory.createAnd(
                assumption,
                ExpressionFactory.createEqual(
                    stmt.getTargetExpression(),
                    targetValue)
                );
            // set next label to jump target
            nextLabel = new Location(new AbsoluteAddress(targetValue));
          }
          assumption = assumption.evaluate(new Context());
          RTLAssume assume = new RTLAssume(assumption, stmt);
          assume.setLabel(stmt.getLabel());
          assume.setNextLabel(nextLabel);
          // Target address sanity check
          if (nextLabel.getAddress().getValue() < 10L) {
            logger.warn("Control flow from " + stmt.getLabel() + " reaches address " + nextLabel.getAddress() + "!");
          }

          results.add(new CFAEdge(assume.getLabel(), assume.getNextLabel(), assume, Kind.MAY));
        }

        // Add all edges from under-approximation

        for (Tuple<RTLNumber> pair : dcs.projection(stmt.getCondition(), stmt.getTargetExpression())) {
          RTLNumber conditionValue = pair.get(0);
          RTLNumber targetValue = pair.get(1);
          Location nextLabel;
          // Start building the assume expression: assume correct condition case
          assert conditionValue != null;
          RTLExpression assumption =
              ExpressionFactory.createEqual(stmt.getCondition(), conditionValue);
          if (conditionValue.equals(ExpressionFactory.FALSE)) {
            // assume (condition = false), and set next statement to fallthrough
            nextLabel = stmt.getNextLabel();
          } else {
            assert targetValue != null;

            // Translate real library addresses into stub addresses. Necessary because the static analysis component
            // does not know about concrete import addresses, so it uses a stub system.
            if (!isProgramAddress(targetValue)) {
              logger.debug(dcs.getLocation() + ": Jumping out of module to " + targetValue.toHexString());

              // Attempt to map this out-of-module location to a stub
              if (realToStub.containsKey(targetValue)) {
                // If we saw this concrete address before, replace it by the known stub
                logger.debug("Replacing concrete target " + targetValue.toHexString() + " with stub to " + program.getSymbolFor(new AbsoluteAddress(realToStub.get(targetValue))));
                targetValue = realToStub.get(targetValue);
              } else {

                // Check the statically produced edges for one that is not yet mapped to a concrete address.
                // If the over-approximation resolved an import to a stub, it's going to be contained.
                boolean foundStub = false;
                for (CFAEdge e : results) {
                  RTLNumber staticTarget = e.getTarget().getAddress().toNumericConstant();
                  if (!isProgramAddress(staticTarget) && !stubToReal.containsKey(staticTarget)) {
                    // Take the first one that's neither taken nor in the program
                    // TODO: This could map the wrong addresses in some (hopefully) rare cases depending on analysis order
                    stubToReal.put(staticTarget, targetValue);
                    realToStub.put(targetValue, staticTarget);
                    targetValue = staticTarget;
                    foundStub = true;
                    break;
                  }
                }

                if (!foundStub) {
                  // If we have not found anything suitable, we need to create a new stub
                  // FIXME: The new stub will likely have incorrect stack height adjustment.
                  //        We should extract that information from the trace.

                  logger.info(dcs.getLocation() + ": Creating new stub for unknown function at " + targetValue.toHexString());
                  RTLNumber stubTarget = Program.getProgram().getProcAddress("JAK_UNKNOWN", "proc" + targetValue.toHexString()).toNumericConstant();
                  stubToReal.put(stubTarget, targetValue);
                  realToStub.put(targetValue, stubTarget);
                  targetValue = stubTarget;
                }
              }
View Full Code Here

    this.state = state;
  }

  @Override
  public byte getByteAt(int fp) {
    RTLNumber va = ExpressionFactory.createNumber(module.getVirtualAddress(fp).getValue(), 32);
    RTLMemoryLocation m = ExpressionFactory.createMemoryLocation(va, 8);
    Set<Tuple<RTLNumber>> cValSet = state.projectionFromConcretization(m);
    // Hooray for fragile code
    return (byte)cValSet.iterator().next().get(0).intValue();
  }
View Full Code Here

          cTuplesLoop: for (Tuple<RTLNumber> cTuple : concreteTuples) {
            // array for building new tuple
            RTLNumber[] numbers = new RTLNumber[expressions.length];
            // match components of both tuples against each other
            for (int j=0; j<expressions.length; j++) {
              RTLNumber cNumber = cTuple.get(j);
              RTLNumber rNumber = rTuple.get(j);
              // if the component is no wildcard and not equal, don't match, try next new tuple for match
              if (cNumber != RTLNumber.WILDCARD && rNumber != null && !cNumber.equals(rNumber)) {
                continue cTuplesLoop;
              } else {
                // handle wildcards on both sides:
View Full Code Here

          cTuplesLoop: for (Tuple<RTLNumber> cTuple : concreteTuples) {
            // array for building new tuple
            RTLNumber[] numbers = new RTLNumber[expressions.length];
            // match components of both tuples against each other
            for (int j=0; j<expressions.length; j++) {
              RTLNumber cNumber = cTuple.get(j);
              RTLNumber rNumber = rTuple.get(j);
              // if the component is no wildcard and not equal, don't match, try next new tuple for match
              if (cNumber != RTLNumber.WILDCARD && rNumber != null && !cNumber.equals(rNumber)) {
                continue cTuplesLoop;
              } else {
                // handle wildcards on both sides:
View Full Code Here

TOP

Related Classes of org.jakstab.rtl.expressions.RTLNumber

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.