From deabcd3ff08edbeeff5952a052959018948f5f3c Mon Sep 17 00:00:00 2001
From: clc5q <clc5q@git.zephyr-software.com>
Date: Fri, 10 Jul 2015 02:29:22 +0000
Subject: [PATCH] Begin infrastructure for analyzing indirect memory write
safety.
Former-commit-id: 1fa1759f36818bbae333e7557e2374aeea767206
---
include/interfaces/SMPDBInterface.h | 4 ++++
src/base/SMPDBInterface.cpp | 4 ++++
src/base/SMPFunction.cpp | 12 ++++++++++--
src/base/SMPProgram.cpp | 2 ++
...ed-sorted-save-busybox.psexe.annot.REMOVED.git-id | 2 +-
...med-sorted-save-ffmpeg.psexe.annot.REMOVED.git-id | 2 +-
...orted-save-firefox-bin.psexe.annot.REMOVED.git-id | 2 +-
...mmed-sorted-save-gedit.psexe.annot.REMOVED.git-id | 2 +-
...-save-gnome-calculator.psexe.annot.REMOVED.git-id | 2 +-
...e-gnome-keyring-daemon.psexe.annot.REMOVED.git-id | 2 +-
...e-gnome-system-monitor.psexe.annot.REMOVED.git-id | 2 +-
...save-gnome-text-editor.psexe.annot.REMOVED.git-id | 2 +-
...mmed-sorted-save-httpd.psexe.annot.REMOVED.git-id | 2 +-
...immed-sorted-save-less.psexe.annot.REMOVED.git-id | 2 +-
...med-sorted-save-lt-svn.psexe.annot.REMOVED.git-id | 2 +-
...mmed-sorted-save-nginx.psexe.annot.REMOVED.git-id | 2 +-
...ed-sorted-save-openssl.psexe.annot.REMOVED.git-id | 2 +-
...d-sorted-save-synaptic.psexe.annot.REMOVED.git-id | 2 +-
tests/commit/trimmed-sorted-save-xcalc.psexe.annot | 5 +----
...mmed-sorted-save-xedit.psexe.annot.REMOVED.git-id | 2 +-
20 files changed, 36 insertions(+), 21 deletions(-)
diff --git a/include/interfaces/SMPDBInterface.h b/include/interfaces/SMPDBInterface.h
index 73d19ed3..ddb47008 100644
--- a/include/interfaces/SMPDBInterface.h
+++ b/include/interfaces/SMPDBInterface.h
@@ -163,6 +163,10 @@ extern unsigned long SCCPConstantOutgoingArgWriteCount;
// Counter for max # of basic blocks seen in one function.
extern unsigned long STARS_MaxBlockCount;
+// Counters for safe and unsafe indirect memory writes.
+extern unsigned long STARS_SafeIndirectMemWriteCount;
+extern unsigned long STARS_UnsafeIndirectMemWriteCount;
+
// strings for printing ZST_SysCallType
extern const char *CallTypeNames[4];
diff --git a/src/base/SMPDBInterface.cpp b/src/base/SMPDBInterface.cpp
index 395c05e0..c1cb9905 100644
--- a/src/base/SMPDBInterface.cpp
+++ b/src/base/SMPDBInterface.cpp
@@ -112,6 +112,10 @@ unsigned long SCCPConstantOutgoingArgWriteCount;
// Counter for max # of basic blocks seen in one function.
unsigned long STARS_MaxBlockCount;
+// Counters for safe and unsafe indirect memory writes.
+unsigned long STARS_SafeIndirectMemWriteCount;
+unsigned long STARS_UnsafeIndirectMemWriteCount;
+
// strings for printing ZST_SysCallType
const char *CallTypeNames[4] = { "Unrestricted", "High-Privilege", "File-Access", "Network-Access" };
diff --git a/src/base/SMPFunction.cpp b/src/base/SMPFunction.cpp
index 711413e2..6e8a40fb 100644
--- a/src/base/SMPFunction.cpp
+++ b/src/base/SMPFunction.cpp
@@ -5480,6 +5480,10 @@ void SMPFunction::AliasAnalysis(void) {
if (CurrInst->DetectUnsafeMemWrite()) {
this->HasUnsafeIndirectWrites = true;
CurrInst->SetUnsafeMemWrite();
+ ++STARS_UnsafeIndirectMemWriteCount;
+ }
+ else {
+ ++STARS_SafeIndirectMemWriteCount;
}
}
} // end for all insts in block
@@ -8771,9 +8775,13 @@ void SMPFunction::MarkFunctionSafe() {
this->DetectMultiEntryFunction();
- bool UnsafeReturnAddr = (Unsafe || AccessesReturnAddress || WritesAboveLocalFrameIndirect || HasIndirectGlobalWrite
- || HasIndirectWrite || (!this->AnalyzedSP) || this->MultipleEntryPoints);
+#if 1
+ bool UnsafeReturnAddr = (Unsafe || AccessesReturnAddress || this->HasUnsafeIndirectWrites || (!this->AnalyzedSP) || this->MultipleEntryPoints);
+#else
+ bool UnsafeReturnAddr = (Unsafe || AccessesReturnAddress || WritesAboveLocalFrameIndirect || HasIndirectGlobalWrite
+ || HasIndirectWrite || (!this->AnalyzedSP) || this->MultipleEntryPoints);
+#endif
// We have conditions that cause fast returns to be unsafe even though the return address is safe.
if (this->PossibleIndirectCallTarget) {
SMP_msg("INFO: Function at %lx becoming unsafe for fast returns because it is indirect call target.\n", (unsigned long) this->GetFirstFuncAddr());
diff --git a/src/base/SMPProgram.cpp b/src/base/SMPProgram.cpp
index fbd39376..b51522f1 100644
--- a/src/base/SMPProgram.cpp
+++ b/src/base/SMPProgram.cpp
@@ -661,6 +661,8 @@ void SMPProgram::Analyze(ProfilerInformation *pi, FILE *AnnotFile, FILE *InfoAnn
SMP_msg("Total outarg writes analyzed: %lu\n", SCCPOutgoingArgWriteCount);
SMP_msg("Total constant outarg writes analyzed: %lu\n", SCCPConstantOutgoingArgWriteCount);
#endif
+ SMP_msg("Total safe indirect memory write instructions analyzed: %lu\n", STARS_SafeIndirectMemWriteCount);
+ SMP_msg("Total unsafe indirect memory write instructions analyzed: %lu\n", STARS_UnsafeIndirectMemWriteCount);
#endif // not SMP_REDUCED_ANALYSIS
SMP_msg("INFO: Maximum basic block count in one function: %lu\n", STARS_MaxBlockCount);
diff --git a/tests/commit/trimmed-sorted-save-busybox.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-busybox.psexe.annot.REMOVED.git-id
index 24876221..1a31b0b6 100644
--- a/tests/commit/trimmed-sorted-save-busybox.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-busybox.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-8fcf829b0aea614a045f18b79d5cd1af0f42a373
\ No newline at end of file
+4e085b7e1f21807a58e327a2e8c7388ece507424
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-ffmpeg.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-ffmpeg.psexe.annot.REMOVED.git-id
index af79bfe9..27eeb649 100644
--- a/tests/commit/trimmed-sorted-save-ffmpeg.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-ffmpeg.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-6769a740dd55de9d3fd999b2a0be05ad9d203ec5
\ No newline at end of file
+adeae01a4a57c015571c5ad2e32a2c92ce7fd3c9
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-firefox-bin.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-firefox-bin.psexe.annot.REMOVED.git-id
index 1678a94e..c6990c61 100644
--- a/tests/commit/trimmed-sorted-save-firefox-bin.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-firefox-bin.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-dea0304986e21e0a3135940bd258bd4b04602298
\ No newline at end of file
+e95b19e6a02e205690c155aafb17591824edb68f
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-gedit.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-gedit.psexe.annot.REMOVED.git-id
index 36eef6fe..1798437a 100644
--- a/tests/commit/trimmed-sorted-save-gedit.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-gedit.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-854aa2762cfdc0efc8b2841507eb625f20b9ebf7
\ No newline at end of file
+efd5ed6614d429c296d502922108ef89a6a71026
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-gnome-calculator.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-gnome-calculator.psexe.annot.REMOVED.git-id
index eb637bbb..aa8ef8d7 100644
--- a/tests/commit/trimmed-sorted-save-gnome-calculator.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-gnome-calculator.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-67732409bd5a27f506c2b844365c67f45508c298
\ No newline at end of file
+d6d7e5f536ad3407d2bcb1382e2d3df07106430b
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-gnome-keyring-daemon.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-gnome-keyring-daemon.psexe.annot.REMOVED.git-id
index a390c886..90d59ba3 100644
--- a/tests/commit/trimmed-sorted-save-gnome-keyring-daemon.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-gnome-keyring-daemon.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-a3de79a0c9ae76bb27b44e1b9e36879bde041cbe
\ No newline at end of file
+58dd348bd3fa94b255fbbf1add4d45f137d12d53
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-gnome-system-monitor.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-gnome-system-monitor.psexe.annot.REMOVED.git-id
index 59682439..a98a61f5 100644
--- a/tests/commit/trimmed-sorted-save-gnome-system-monitor.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-gnome-system-monitor.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-2f876970c4deabea5f6b246ac842e0d206b87ac2
\ No newline at end of file
+eb65cb569bdc441e37212e5a2e0a92e8f6b70ac2
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-gnome-text-editor.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-gnome-text-editor.psexe.annot.REMOVED.git-id
index 36eef6fe..1798437a 100644
--- a/tests/commit/trimmed-sorted-save-gnome-text-editor.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-gnome-text-editor.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-854aa2762cfdc0efc8b2841507eb625f20b9ebf7
\ No newline at end of file
+efd5ed6614d429c296d502922108ef89a6a71026
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-httpd.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-httpd.psexe.annot.REMOVED.git-id
index ea6d0ea3..48106bc2 100644
--- a/tests/commit/trimmed-sorted-save-httpd.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-httpd.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-395d74a10b1f4c4db053c37e189c8084e259bba2
\ No newline at end of file
+e7af2cfb92a2b58fdccd732b391a9b87fe3fdd2f
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-less.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-less.psexe.annot.REMOVED.git-id
index 30fe71ad..4cafc1d2 100644
--- a/tests/commit/trimmed-sorted-save-less.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-less.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-a5cda7b5fdbd1b7211c0055b4d670675ad67824c
\ No newline at end of file
+ae507e5bf1ba0bcd134baa5feca3e652f375bae6
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-lt-svn.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-lt-svn.psexe.annot.REMOVED.git-id
index f074a723..90e3b967 100644
--- a/tests/commit/trimmed-sorted-save-lt-svn.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-lt-svn.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-e80baddf2cf30ff90b972e75661df67bb8c71e41
\ No newline at end of file
+223c066767d7e485b46c2215f16fda7223e4167a
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-nginx.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-nginx.psexe.annot.REMOVED.git-id
index 00918a65..e88b480e 100644
--- a/tests/commit/trimmed-sorted-save-nginx.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-nginx.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-c3ea4f99f8fec1d41edb39491a905fc3110f6ebd
\ No newline at end of file
+5731ffceb4f891f2c27de7b81198e4b65b84fe01
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-openssl.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-openssl.psexe.annot.REMOVED.git-id
index 0c23f78b..b6197f16 100644
--- a/tests/commit/trimmed-sorted-save-openssl.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-openssl.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-2ed6300ba667ca900d34519276f9c3b24e9f261d
\ No newline at end of file
+9ebea348b24d6b50510cca969ec10ca9d19cb041
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-synaptic.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-synaptic.psexe.annot.REMOVED.git-id
index d4231313..b8bc3ab7 100644
--- a/tests/commit/trimmed-sorted-save-synaptic.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-synaptic.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-9293cfca47a9f6ae488aec03601314edf4f55ac7
\ No newline at end of file
+e7ddc38eedbcf8b7d186c03d9715bda7e2cc5a82
\ No newline at end of file
diff --git a/tests/commit/trimmed-sorted-save-xcalc.psexe.annot b/tests/commit/trimmed-sorted-save-xcalc.psexe.annot
index 9e23d0b3..259dfb43 100644
--- a/tests/commit/trimmed-sorted-save-xcalc.psexe.annot
+++ b/tests/commit/trimmed-sorted-save-xcalc.psexe.annot
@@ -4118,7 +4118,7 @@
402ff7 -4 INSTR LOCAL SafeReturn retn
403000 0 FUNC FRAMERESTORE 0 0 0 1 0 0 2 0 1 3 0 0 4 0 8 5 0 0 6 0 1 7 0 0 8 0 0 9 0 0 10 0 0 11 0 0 12 0 0 13 0 0 14 0 0 15 0 0 ZZ
403000 0 FUNC MMSAFENESS SAFE
- 403000 126 FUNC GLOBAL sub_403000 FUNC_SAFE NOFP RET FUNC_LEAF 40307d
+ 403000 126 FUNC GLOBAL sub_403000 FUNC_UNSAFE NOFP RET FUNC_LEAF 40307d
403000 6 INSTR BELONGTO 403000
403000 6 INSTR DEADREGS EFLAGS RAX RDI ZZ mov edi, cs:dword_608820
403000 8 MEMORYHOLE STACK esp + 0 ReturnAddress
@@ -4143,7 +4143,6 @@
403024 6 INSTR DEADREGS EFLAGS XMM0 ZZ mov cs:dword_608780, eax
40302a 1 INSTR BELONGTO 403000
40302a 1 INSTR DEADREGS EFLAGS XMM0 ZZ retn
- 40302a -4 INSTR LOCAL SafeReturn retn
403030 7 INSTR BELONGTO 403000
403030 7 INSTR DEADREGS EFLAGS RAX ZZ mov rax, cs:qword_608688
403037 7 INSTR BELONGTO 403000
@@ -4156,7 +4155,6 @@
40304d 7 INSTR DEADREGS EFLAGS XMM0 ZZ mov cs:qword_608688, rax
403054 1 INSTR BELONGTO 403000
403054 1 INSTR DEADREGS EFLAGS XMM0 ZZ retn
- 403054 -4 INSTR LOCAL SafeReturn retn
403058 10 INSTR BELONGTO 403000
403058 10 INSTR DEADREGS EFLAGS RSI XMM0 ZZ mov rsi, 7265206B63617473h
403058 -2 INSTR LOCAL n RSI ZZ NUMVia2ndSrcIMMEDNUM mov rsi, 7265206B63617473h
@@ -4168,7 +4166,6 @@
403076 7 INSTR DEADREGS EFLAGS XMM0 ZZ mov cs:s, rsi
40307d 1 INSTR BELONGTO 403000
40307d 1 INSTR DEADREGS EFLAGS XMM0 ZZ retn
- 40307d -4 INSTR LOCAL SafeReturn retn
403080 0 FUNC FRAMERESTORE 0 0 1 1 0 0 2 0 0 3 0 0 4 0 8 5 0 0 6 0 0 7 0 0 8 0 0 9 0 0 10 0 0 11 0 0 12 0 0 13 0 0 14 0 0 15 0 0 ZZ
403080 0 FUNC MMSAFENESS SAFE
403080 130 FUNC GLOBAL sub_403080 FUNC_SAFE NOFP RET FUNC_LEAF 403101
diff --git a/tests/commit/trimmed-sorted-save-xedit.psexe.annot.REMOVED.git-id b/tests/commit/trimmed-sorted-save-xedit.psexe.annot.REMOVED.git-id
index f0bdc3f0..54e9e35b 100644
--- a/tests/commit/trimmed-sorted-save-xedit.psexe.annot.REMOVED.git-id
+++ b/tests/commit/trimmed-sorted-save-xedit.psexe.annot.REMOVED.git-id
@@ -1 +1 @@
-cc363ea4069ff47e6563819311a707acb19da5b1
\ No newline at end of file
+2bc21ac72bd9933a2e2d0beb44957943d3661d36
\ No newline at end of file
--
GitLab