Package org.jakstab.analysis.tracereplay

Source Code of org.jakstab.analysis.tracereplay.TraceReplayAnalysis

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
/*
* TraceReplayAnalysis.java - This file is part of the Jakstab project.
* Copyright 2007-2012 Johannes Kinder <jk@jakstab.org>
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, see <http://www.gnu.org/licenses/>.
*/
package org.jakstab.analysis.tracereplay;


import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.util.Collections;
import java.util.Set;

import org.jakstab.AnalysisProperties;
import org.jakstab.JOption;
import org.jakstab.Program;
import org.jakstab.analysis.AbstractState;
import org.jakstab.analysis.CPAOperators;
import org.jakstab.analysis.ConfigurableProgramAnalysis;
import org.jakstab.analysis.Precision;
import org.jakstab.analysis.ReachedSet;
import org.jakstab.asm.AbsoluteAddress;
import org.jakstab.cfa.CFAEdge;
import org.jakstab.cfa.Location;
import org.jakstab.cfa.StateTransformer;
import org.jakstab.rtl.statements.RTLAssume;
import org.jakstab.rtl.statements.RTLGoto;
import org.jakstab.rtl.statements.RTLStatement;
import org.jakstab.util.Logger;
import org.jakstab.util.Pair;

import com.google.common.collect.HashMultimap;
import com.google.common.collect.SetMultimap;

/**
* Analysis for replaying the program counter values of a single recorded trace.
*/
public class TraceReplayAnalysis implements ConfigurableProgramAnalysis {

  public static void register(AnalysisProperties p) {
    p.setShortHand('t');
    p.setName("Trace replay analysis");
    p.setDescription("Replays pre-recorded traces as an under-approximation of control flow.");
  }
 
  public static JOption<String> traceFiles = JOption.create("trace-file", "f", "", "Comma separated list of trace files to use for tracereplay (default is <mainFile>.parsed)");
 
  @SuppressWarnings("unused")
  private static final Logger logger = Logger.getLogger(TraceReplayAnalysis.class);

  private final SetMultimap<AbsoluteAddress, AbsoluteAddress> succ;

  public TraceReplayAnalysis(String filename) {
   
    succ = HashMultimap.create();

    BufferedReader in;
   
    try {
      in = new BufferedReader(new FileReader(filename));
    } catch (FileNotFoundException e) {
      logger.fatal("Trace file not found: " + e.getMessage());
      throw new RuntimeException(e);
    }

    // Read entire trace
   
    String line = null;
    AbsoluteAddress curPC = null;
    AbsoluteAddress lastPC = null;
   
    do {
      String lastLine = line;
      try {
        line = in.readLine();
      } catch (IOException e) {
        logger.fatal("IO error when reading from trace: " + e.getMessage());
        throw new RuntimeException(e);
      }
      if (line != null) {
       
        if (line.charAt(0) == 'A') {
          // Dima's "parsed" format
          curPC = new AbsoluteAddress(Long.parseLong(line.substring(9, line.indexOf('\t', 9)), 16));
        } else {
          // Pure format produced by temu's text conversion
          curPC = new AbsoluteAddress(Long.parseLong(line.substring(0, line.indexOf(':')), 16));
        }
       
        if (line.equals(lastLine)) {
          //logger.warn("Warning: Skipping duplicate line in trace for address " + curPC);
        } else {
         
          // Only add the edge if either source or target are in the program. This collapses library functions.
          if (lastPC != null && (isProgramAddress(lastPC) || isProgramAddress(curPC))) {
            succ.put(lastPC, curPC);
            lastPC = curPC;
          }
          // Find the first program address
          if (lastPC == null && isProgramAddress(curPC)) {
            lastPC = curPC;
          }
        }
      }
    } while (line != null);
  }

  @Override
  public Precision initPrecision(Location location, StateTransformer transformer) {
    return null;
  }

  public AbstractState initStartState(Location label) {
    //return new TraceReplayState(succ, ((Location)label).getAddress());
    return TraceReplayState.BOT;
  }

  @Override
  public AbstractState merge(AbstractState s1, AbstractState s2, Precision precision) {
   
    if (s2.isBot()) {
      return s1;
    }
    return s2;
  }

  private static boolean isProgramAddress(AbsoluteAddress a) {
    return Program.getProgram().getModule(a) != null;
  }

  private static boolean isProgramAddress(Location l) {
    return isProgramAddress(l.getAddress());
  }

  @Override
  public Set<AbstractState> post(AbstractState state, CFAEdge cfaEdge,
      Precision precision) {
    return Collections.singleton(singlePost(state, cfaEdge, precision));
  }   

  private AbstractState singlePost(AbstractState state, CFAEdge cfaEdge, Precision precision) {

   
    Location edgeTarget = cfaEdge.getTarget();
    Location edgeSource = cfaEdge.getSource();
   
    // If the entire edge is outside the module, just wait and do nothing
    if (!isProgramAddress(edgeSource) && !isProgramAddress(edgeTarget)) {
      //logger.debug("Outside of module at edge " + cfaEdge);
      return state;
    }
   
    //logger.debug("Inside module " + cfaEdge);
   
    TraceReplayState tState = (TraceReplayState)state;
   
    RTLStatement stmt = (RTLStatement)cfaEdge.getTransformer();
   
    if (edgeTarget.getAddress().equals(tState.getCurrentPC()) && 
        !(stmt instanceof RTLAssume && ((RTLAssume)stmt).getSource().getType() == RTLGoto.Type.REPEAT)) {
      // Next statement has same address (and is no back jump from REP), so do not move forward in trace
      return tState;
    } else {
      // Next statement has a different address (or is the re-execution of a REP prefixed instruction)
     
      if (succ.containsKey(edgeTarget.getAddress())) {
        // Edge goes along a recorded edge
        return new TraceReplayState(succ, edgeTarget.getAddress());
      } else {
        // Edge diverges from trace - either other path or into library

        if (isProgramAddress(edgeTarget)) {
          // Target is in program, but on a different path not taken by this trace
          if (!tState.isBot())
            logger.debug("Visiting edge " + cfaEdge + ", trace expected " + tState.getNextPC() + " next.");
          return TraceReplayState.BOT;
        } else {
          // Target is not in program, so we went into another module (library) that the over-approximation models by a stub
          // In the trace, the TraceReplayAnalysis constructor collapsed the function to a single address
          logger.debug("Jumping out of module to " + edgeTarget + " (" + Program.getProgram().getSymbolFor(edgeTarget) + "), fast forwarding from " + cfaEdge.getSource());
         
          // If we are in a BOT state, we cannot figure out what the native address of the library function is
          if (tState.isBot())
            return TraceReplayState.BOT;
         
          // This only works if only a single library function can be called from each instruction
          //assert succ.get(edgeSource.getAddress()).size() == 1 : "Successors from " + edgeSource.getAddress() + ": " + succ.get(edgeSource.getAddress());
         
          if (succ.get(edgeSource.getAddress()).size() != 1) {
            logger.error("Cannot map virtual edge " + cfaEdge + " to trace, possible trace successors: " + succ.get(edgeSource.getAddress()));
            return TraceReplayState.BOT;
          }
         
          // Since state is not BOT, we know edgeSource is contained in succ.
          return new TraceReplayState(succ, succ.get(edgeSource.getAddress()).iterator().next());
        }
      }
    }
   
  }
 
  @Override
  public Pair<AbstractState, Precision> prec(AbstractState s, Precision precision, ReachedSet reached) {
    return Pair.create(s, precision);
  }

  @Override
  public boolean stop(AbstractState s, ReachedSet reached, Precision precision) {
    return CPAOperators.stopSep(s, reached, precision);
  }

  @Override
  public AbstractState strengthen(AbstractState s, Iterable<AbstractState> otherStates, CFAEdge cfaEdge, Precision precision) {
    return null;
  }

}
TOP

Related Classes of org.jakstab.analysis.tracereplay.TraceReplayAnalysis

  • org.jakstab.analysis.ControlFlowReconstruction
  • org.jakstab.asm.AbsoluteAddress
  • org.jakstab.cfa.Location
  • org.jakstab.rtl.statements.RTLStatement
  • java.io.FileReader
  • java.io.BufferedReader
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.