marked old p1 tool as deprecated (we will completely remove later)

created one script for P1 created one script for Integer Transform modified ps_analyze.sh to use these scripts

marked old p1 tool as deprecated (we will completely remove later)
14036619 · an7s · 58375b91 · 14036619 · 14036619 · 14036619
Commit 14036619 authored 13 years ago by an7s
--- a/.gitattributes
+++ b/.gitattributes
@@ -133,13 +133,15 @@ tools/db/pdb_register.sh -text
 tools/db/pdb_setup.sh -text
 tools/db/pdb_teardown.sh -text
 tools/do_concolic.sh -text
+tools/do_integertransform.sh -text
+tools/do_p1transform.sh -text
 tools/generate_exe.sh -text
 tools/generate_io_baseline.sh -text
 tools/getlibs.sh -text
 tools/getsyms.sh -text
-tools/p1xform.filter.libc.txt -text
-tools/p1xform.filter.sh -text
-tools/p1xform.pbed.sh -text
+tools/libc_functions.txt -text
+tools/p1xform.filter.deprecated.sh -text
+tools/p1xform.pbed.deprecated.sh -text
 tools/p1xform_v2.sh -text
 tools/peasoup_link -text
 tools/peasoup_link++ -text
@@ -149,7 +151,7 @@ tools/ps_comp.sh -text
 tools/ps_link.sh -text
 tools/ps_run.sh -text
 tools/ps_validate.sh -text
-tools/ps_validate_ss.sh -text
+tools/ps_validate_ss.deprecated.sh -text
 tools/set_dyna_link.sh -text
 tools/test_controller.sh -text
 tools/validate.sh -text
--- a/tools/cover.sh
+++ b/tools/cover.sh
 #!/bin/sh
+#
+# ./cover.sh <original_binary> <MEDS annotation_file> <executed_addresses_file> <filter_file> <output_coverage_file> <output_blacklist_file>
+#

-P1_DIR=p1.xform
-CONCOLIC=concolic.files_a.stratafied_0001
-
-# input
-EXECUTED_ADDRESS_FILE=$CONCOLIC/executed_address_list.txt
-LIBC_FILTER=$PEASOUP_HOME/tools/p1xform.filter.libc.txt
-
-# output
-FILTERED_OUT=$P1_DIR/p1.filtered_out
+# inputs
+ORIGINAL_BINARY=$1                   # a.ncexe
+ANNOTATION_FILE=$2                   # a.ncexe.annot
+EXECUTED_ADDRESS_FILE=$3             # from GrACE, list of executed addresses
+FILTER_FILE=$4                       # list of known functions to blacklist, e.g. libc
+# outputs
+OUTPUT_COVERAGE_FILE=$5              # output file with coverage info per function
+OUTPUT_BLACKLIST_FILE=$6             # output file with list of functions to blacklist

-COVERAGE_FNS=$P1_DIR/p1.coverage
-CANDIDATE_FNS_PRE_LIBC=$P1_DIR/p1.candidates.prelibc
-FINAL_CANDIDATES=$P1_DIR/p1.candidates
+# other
+#CANDIDATE_FNS_PRE_FILTER=$P1_DIR/p1.candidates.prelibc

 #
 # Prune out functions that do not have sufficient coverage
 # Any function whose coverage metric starts with 0.0, e.g. 0.09, 0.0123, is pruned out
 # We effectively prune out any functions whose coverage is not at least 10% 
 #
+# Yes, this is a hack... but it will do for now until we get a more sophisticated definition of coverage
+#

-$SECURITY_TRANSFORMS_HOME/tools/cover/cover a.ncexe a.ncexe.annot $EXECUTED_ADDRESS_FILE $COVERAGE_FNS
-grep -v "0\.0" $COVERAGE_FNS | cut -f1 -d" " > $CANDIDATE_FNS_PRE_LIBC
-grep  "0\.0" $COVERAGE_FNS | cut -f1 -d" " > $FILTERED_OUT
+$SECURITY_TRANSFORMS_HOME/tools/cover/cover $ORIGINAL_BINARY $ANNOTATION_FILE $EXECUTED_ADDRESS_FILE $OUTPUT_COVERAGE_FILE
+if [ ! $? -eq 0 ]; then
+	return 1
+fi

-if [ ! -f $COVERAGE_FNS ]; then
+if [ ! -f $OUTPUT_COVERAGE_FILE ]; then
 	return 1
 fi

+#grep -v "0\.0" $OUTPUT_COVERAGE_FILE | cut -f1 -d" " > $CANDIDATE_FNS_PRE_LIBC
+grep  "0\.0" $OUTPUT_COVERAGE_FILE | cut -f1 -d" " > $OUTPUT_BLACKLIST_FILE
+
 # Filter out functions that:
 #   1. are not sufficiently covered
 #   2. are libc function
-cat $LIBC_FILTER >> $FILTERED_OUT
-sort $FILTERED_OUT | uniq > tmp.$$
-mv tmp.$$ $FILTERED_OUT
+cat $FILTER_FILE >> $OUTPUT_BLACKLIST_FILE
+sort $OUTPUT_BLACKLIST_FILE | uniq > tmp.$$
+mv tmp.$$ $OUTPUT_BLACKLIST_FILE
 rm tmp.$$
+
+return 0
--- a/tools/do_integertransform.sh
+++ b/tools/do_integertransform.sh
+#!/bin/sh
+#
+# do_p1transform.sh <cloneId> 
+#
+# pre: we are in the top-level directory created by ps_analyze.sh
+#
+
+# input
+CLONE_ID=$1
+
+# configuration variables
+LIBC_FILTER=$PEASOUP_HOME/tools/libc_functions.txt
+
+echo "INT: transforming binary: cloneid=$CLONE_ID"
+
+$SECURITY_TRANSFORMS_HOME/tools/transforms/integerbugtransform.exe $CLONE_ID $LIBC_FILTER
--- a/tools/do_p1transform.sh
+++ b/tools/do_p1transform.sh
+#!/bin/sh
+#
+# do_p1transform.sh <orignalBinary> <MEDS annotationFile> <cloneId> 
+#
+# pre: we are in the top-level directory created by ps_analyze.sh
+#
+
+# input
+CLONE_ID=$1
+ORIGINAL_BINARY=$2
+MEDS_ANNOTATION_FILE=$3
+
+echo "P1: transforming binary: cloneid=$CLONE_ID"
+
+# configuration variables
+P1_DIR=p1.xform
+EXECUTED_ADDRESSES=concolic.files_a.stratafied_0001/executed_address_list.txt
+LIBC_FILTER=$PEASOUP_HOME/tools/libc_functions.txt
+BLACK_LIST=$P1_DIR/p1.filtered_out                                            # list of functions to blacklist
+COVERAGE_FILE=$P1_DIR/p1.coverage
+
+mkdir $P1_DIR
+
+$PEASOUP_HOME/tools/cover.sh $ORIGINAL_BINARY $MEDS_ANNOTATION_FILE $EXECUTED_ADDRESSES $LIBC_FILTER $COVERAGE_FILE $BLACK_LIST
+if [ $? -eq 0 ]; then
+	if [ -f $COVERAGE_FILE ]; then
+		echo "P1: issuing command: $SECURITY_TRANSFORMS_HOME/tools/transforms/p1transform.exe $cloneid $BLACK_LIST"
+		$SECURITY_TRANSFORMS_HOME/tools/transforms/p1transform.exe $CLONE_ID $BLACK_LIST
+	else
+		echo "No coverage file -- do not attempt P1 transform" > p1transform.out
+		exit 1
+	fi
+fi
+
+exit 0
--- a/tools/p1xform.filter.libc.txt
+++ b/tools/p1xform.filter.libc.txt
--- a/tools/p1xform.filter.sh
+++ b/tools/p1xform.filter.sh
--- a/tools/p1xform.pbed.sh
+++ b/tools/p1xform.pbed.sh
--- a/tools/p1xform_v2.sh
+++ b/tools/p1xform_v2.sh
@@ -26,7 +26,7 @@ cat $P1_DIR/spasm.out
 CONCOLIC=concolic.files_a.stratafied_0001

 echo "====================================================="
-echo "Validate final transformed binary"
+echo "P1: Validating transformed binary..."
 echo "====================================================="
 if [ -f $P1_DIR/a.irdb.bspri ]; then
  $PEASOUP_HOME/tools/ps_validate.sh ./a.stratafied $P1_DIR/a.irdb.bspri $CONCOLIC > ps_validate.out 2> ps_validate.err

--- a/tools/ps_analyze.sh
+++ b/tools/ps_analyze.sh
@@ -59,7 +59,6 @@ cp $orig_exe $newdir/$newname.ncexe
 rm $stratafied_exe
 cd $newdir

-
 echo -n Creating stratafied executable...
 sh $STRATA_HOME/tools/pc_confinement/stratafy_with_pc_confine.sh $newname.ncexe $newname.stratafied > pc_confinement.out  2>&1 
 log pc_confinement.out
@@ -143,27 +142,12 @@ if [ ! "X" = "X"$PGUSER ]; then
 			$SECURITY_TRANSFORMS_HOME/libIRDB/test/fix_calls.exe $cloneid	> fix_calls.out 2>&1 		# fix call insns so they are OK for spri emitting
 			log fix_calls.out
 			
-			mkdir p1.xform
-			$PEASOUP_HOME/tools/cover.sh > cover.out 2>&1 #determine suitable coverage for functions to be p1-transformed
+#			$PEASOUP_HOME/tools/cover.sh > cover.out 2>&1 #determine suitable coverage for functions to be p1-transformed
 			
-			# look for the coverage file, if absent, something didn't work (for now probably GraCE)
-			if [ -f p1.xform/p1.coverage ]; then
-				date > p1transform.out
-				$SECURITY_TRANSFORMS_HOME/tools/transforms/p1transform.exe $cloneid p1.xform/p1.filtered_out >> p1transform.out 2>&1 
-				date >> p1transform.out
-				log p1transform.out
-			else
-				echo "No coverage file -- do not attempt P1 transform" > p1transform.out
-			fi
-
-			# reuse black list from p1 step (if present) o/w blacklist libc
-			if [ -f p1.xform/p1.coverage ]; then
-				BLACK_LIST=p1.xform/p1.filtered_out
-			else
-				BLACK_LIST="$PEASOUP_HOME/tools/p1xform.filter.libc.txt"
-			fi
-			$SECURITY_TRANSFORMS_HOME/tools/transforms/integerbugtransform.exe $cloneid "$BLACK_LIST" > integerbugtransform.out 2>&1
-			log integerbugtransform.out
+			# Note to jdh8d: not sure how you want to handle redirecting stdout/stderr & logging
+			# so for now I don't do anything special
+			$PEASOUP_HOME/tools/do_p1transform.sh $cloneid $newname.ncexe $newname.ncexe.annot
+			$PEASOUP_HOME/tools/do_integertransform.sh $cloneid

 			$SECURITY_TRANSFORMS_HOME/libIRDB/test/ilr.exe $cloneid > ilr.out 2>&1 				# perform ILR 
 #			log ilr.out

--- a/tools/ps_validate_ss.sh
+++ b/tools/ps_validate_ss.sh