diff --git a/.gitattributes b/.gitattributes
index 73b65c93b1cec363f4e0af5bd71fdb71aca8e689..84bce18c456c5976155ea19e764d04902c0c4032 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -933,6 +933,7 @@ tools/cfar_configs/cfar_probIlr_structP1Canaries_probHeaprand_structNos_strata.s
tools/cfar_configs/cfar_probIlr_structP1Canaries_strata.sh -text
tools/cfar_configs/cfar_probNog_phase1_zipr.sh -text
tools/cfar_configs/cfar_probNog_probNol_probNoh_probNos_probBilr_probP1_probHeaprand_zipr.sh -text
+tools/cfar_configs/cfar_probNog_probSS_phase1_zipr.sh -text
tools/cfar_configs/cfar_probNoh_probIlr_probP1_probHeaprand_probNos_strata.sh -text
tools/cfar_configs/cfar_probNoh_probNos_probBilr_probP1_probHeaprand_zipr.sh -text
tools/cfar_configs/cfar_probNol_probNoh_probIlr_probP1_probHeaprand_probNos_strata.sh -text
@@ -953,6 +954,7 @@ tools/cfar_configs/cfar_structNoc_structP1Canaries_structNos_structNol_zipr.sh -
tools/cfar_configs/cfar_structNoc_structP1Canaries_zipr.sh -text
tools/cfar_configs/cfar_structNoc_zipr.sh -text
tools/cfar_configs/cfar_structNogOF_phase1_zipr.sh -text
+tools/cfar_configs/cfar_structNogOF_structSS_phase1_zipr.sh -text
tools/cfar_configs/cfar_structNog_phase1_zipr.sh -text
tools/cfar_configs/cfar_structNog_structNol_structNoh_structNos_structNoc_structP1Canaries_probHeaprand_zipr.sh -text
tools/cfar_configs/cfar_structNoh_probIlr_structP1Canaries_probHeaprand_structNos_strata.sh -text
diff --git a/tools/cfar.sh b/tools/cfar.sh
index fa58952f4447e477e8cfd4e041f2e734c8e56adb..83cf0054f5764768f4d625d6389eb8ba5cee1c38 100755
--- a/tools/cfar.sh
+++ b/tools/cfar.sh
@@ -24,6 +24,7 @@ shift
structured_p1_canaries=0
+structured_stack_stamp=0
structured_noc=0
structured_nog=0
structured_nos=0
@@ -46,6 +47,8 @@ do
# this option is for cfar, handle it and remove it from the ps_analyze arguments.
if [ "$i" == "--structured_p1_canaries" ]; then
structured_p1_canaries=1
+ elif [ "$i" == "--structured_stack_stamp" ]; then
+ structured_stack_stamp=1
# this option is for cfar, handle it and remove it from the ps_analyze arguments.
elif [ "$i" == "--diehard" ]; then
use_diehard=1
@@ -144,6 +147,18 @@ do
per_variant_options+=(--step-option p1transform:"--canary_value 0x100${seq}${seq}000 --random_seed $anyseed")
fi
+ # options to stack_stamp to create non-overlapping stamps
+ if [ $structured_stack_stamp -eq 1 ]; then
+ # check even/odd status of variant number.
+ if [ $(expr ${seq} % 2) = 0 ]; then
+ # even variants get a5 * 4. this is 01010101... in binary.
+ per_variant_options+=(--step-option stack_stamp:"--stamp-value 0xa5a5a5a5")
+ else
+ # even variants get 5a * 4. this is 10101010... in binary.
+ per_variant_options+=(--step-option stack_stamp:"--stamp-value 0x5a5a5a5a")
+ fi
+ fi
+
# add in options for output directory.
per_variant_options+=(--tempdir "$baseoutdir/v${seq}/peasoup_executable_dir")
mkdir -p "$baseoutdir/v${seq}"
diff --git a/tools/cfar_configs/cfar_probNog_probSS_phase1_zipr.sh b/tools/cfar_configs/cfar_probNog_probSS_phase1_zipr.sh
new file mode 100755
index 0000000000000000000000000000000000000000..c3256da8b0376aaef9df70afb2667206ff5f79ad
--- /dev/null
+++ b/tools/cfar_configs/cfar_probNog_probSS_phase1_zipr.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+$PEASOUP_HOME/tools/cfar.sh "$@" --backend zipr --diehard --step p1transform=on --step non_overlapping_stack=on --config_name $(basename $0 .sh|sed "s/cfar_//") --step move_globals=on --step set_interpreter=on --step-option set_interpreter:"--interp /target_apps/ld-nol.so" --step-option zipr:"--large_only:nog_on true" --step noh=on --step nol=on --step stack_stamp=on
+
diff --git a/tools/cfar_configs/cfar_structNogOF_structSS_phase1_zipr.sh b/tools/cfar_configs/cfar_structNogOF_structSS_phase1_zipr.sh
new file mode 100755
index 0000000000000000000000000000000000000000..62ffadf7bdc072688a87d375300e3e925986890f
--- /dev/null
+++ b/tools/cfar_configs/cfar_structNogOF_structSS_phase1_zipr.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+$PEASOUP_HOME/tools/cfar.sh "$@" --backend zipr --diehard --step-option zipr:"--zipr:seed $$" --structured_noc --structured_nos --step-option zipr:"--large_only:on true" --structured_p1_canaries --step p1transform=on --step non_overlapping_stack=on --config_name $(basename $0 .sh|sed "s/cfar_//") --step move_globals=on --step set_interpreter=on --step-option set_interpreter:"--interp /target_apps/ld-nol.so" --structured_nog --step-option zipr:"--large_only:nog_on true --large_only:overflow_protection true" --step noh=on --step nol=on --step stack_stamp=on --structured_stack_stamp
+
diff --git a/tools/generate_mvee_package.sh b/tools/generate_mvee_package.sh
index 347b888a7fb107dd60644e7f9217e3681d4a88ce..2f8c9f387ef91abab70f7e6a29f0decabbee3423 100755
--- a/tools/generate_mvee_package.sh
+++ b/tools/generate_mvee_package.sh
@@ -190,6 +190,7 @@ sanity_check()
var_sets=$(ls $indir)
for vs_dir in $var_sets
do
+echo vs_dir=$vs_dir
vs_top_dir=$indir/$vs_dir
total_variant_sets=$(expr $total_variant_sets + 1)
@@ -220,9 +221,9 @@ sanity_check()
libraries=$(/bin/ls $vs_top_dir/target_app_libs/ |grep -v "^dh-lib$" |sed "s/dh-$main_exe//" |sed "s/^dh-//")
fi
configs=$(/bin/ls $vs_top_dir/target_app*/dh-$main_exe/)
- echo "For variant $vs_dir:"
+ echo "For variant set $vs_dir:"
echo " Found application=\"$main_exe\""
- echo " Found libraries=\"$libraries\""
+ echo " Found libraries=\"$(echo $libraries)\""
echo " Found configurations="\"$configs\"
@@ -274,11 +275,12 @@ sanity_check()
done
done
- echo "For variant set $var_dir:"
- echo " Found a total of $variants_per_vs to run in parallel."
+ echo " Found a total of $variants_per_vs to run in parallel."
done
- echo " Sanity checks complete. Let's do this.... "
+ echo "-------------------------------------------"
+ echo "Sanity checks complete. Let's do this.... "
+ echo "-------------------------------------------"
}
@@ -316,6 +318,7 @@ finalize_json()
for seq in $(seq 1 $variants_per_vs )
do
+ echo "Including variant $seq."
new_variant_dir="$outdir/vs-$vs/variant-$seq"
new_variant_dir_ts="/target_apps/vs-$vs/variant-$seq"
@@ -326,10 +329,48 @@ finalize_json()
config=${variant_config_arr[$seq]}
variant_json=${variant_json_arr[$seq]}
+
+ # sanity check that nol/noh configuration settings match the config name.
+ echo " config is $config"
+ if [[ $config == *"Noh"* ]] || [[ $config == *"phase1"* ]] ; then
+ if [[ $use_noh == "--enablenoh" ]] ; then
+ echo " noh settings match."
+ else
+ echo
+ echo "--enablenoh setting does not match, config is Noh, use_noh is off"
+ exit 1
+ fi
+ else
+ if [[ $use_noh == "--disablenoh" ]] ; then
+ echo " noh settings match."
+ else
+ echo
+ echo "--enablenoh setting does not match, config is not noh, use_noh is on"
+ exit 1
+ fi
+ fi
+
+ if [[ $config == *"Nol"* ]] || [[ $config == *"phase1"* ]] ; then
+ if [[ $use_nol == "--enablenol" ]] ; then
+ echo " --enablenol settings match."
+ else
+ echo
+ echo "--enablenol setting does not match"
+ exit 1
+ fi
+ else
+ if [[ $use_nol == "--disablenol" ]] ; then
+ echo " --enablenol settings match."
+ else
+ echo
+ echo "--enablenol setting does not match"
+ exit 1
+ fi
+ fi
+
#echo seq=$seq
#echo config=$config
#echo variant_json=$variant_json
- echo "Including variant $seq."
if [ ! -f $variant_json ]; then
echo "wtf, $variant_json missing?"
@@ -345,11 +386,18 @@ finalize_json()
# get path to exe
full_exe_dir=$(dirname $ps_dir)
+ # get path to exe
+ struct_set_dir=$(dirname $full_exe_dir)
+
+ # figure out how many variants in the structured set.
+ struct_set_size=$(ls $struct_set_dir |wc -l)
+ struct_set_no=$(basename $full_exe_dir |sed "s/v//")
# remove host's portion of the path to get path on target
exe_dir=$(echo $full_exe_dir|sed "s/^$indir//")
+ echo " variant coming from $full_exe_dir "
cp -R $full_exe_dir $new_variant_dir/bin
# echo "exe_dir=$exe_dir"
@@ -399,17 +447,22 @@ finalize_json()
fi
# handle structured nol/noh
- echo $total_variants > $new_variant_dir/nolnoh_config
- echo config is $config
- if [[ $config == *"structNol"* ]] || [[ $config == *"structNoh"* ]] ; then
- echo $seq >> $new_variant_dir/nolnoh_config
+ echo " config is $config"
+ if [[ $config == *"struct"* ]] || [[ $config == *"struct"* ]] ; then
+ echo $struct_set_size > $new_variant_dir/nolnoh_config
+ echo $struct_set_no >> $new_variant_dir/nolnoh_config
+ echo " Struct noh/nol is enabled: $struct_set_no / $struct_set_size "
if [[ $config == *"probNoh"* ]] || [[ $config == *"probNol"* ]] ; then
echo
echo "Cannot have structNol with probNoh or structNoh with probNol. Fatal error. "
echo
exit 1
fi
+ else
+ echo $total_variants > $new_variant_dir/nolnoh_config
+ echo " Struct Noh/nol is disabled."
fi
+
variant_name="variant_${vs}_${seq}"
diff --git a/tools/ps_analyze.sh b/tools/ps_analyze.sh
index 5b0fb8d7624f2cf07452df8722cd19260960e4cf..2505b7af6c31cd51d061a716e2a0d9a1872b9016 100755
--- a/tools/ps_analyze.sh
+++ b/tools/ps_analyze.sh
@@ -169,6 +169,8 @@ usage()
echo " -b <zipr|strata> same as --backend "
echo " --stop-after <step> Stop ps_analyze after completeling the specified step."
echo " --stop-before <step> Stop ps_analyze before starting the specified step."
+ echo " --dump-after <step> Dump IR after completeling the specified step."
+ echo " --dump-before <step> Dump IR before starting the specified step."
}
@@ -214,6 +216,8 @@ check_options()
--long usage
--long stop-after:
--long stop-before:
+ --long dump-after:
+ --long dump-before:
"
# solaris does not support long option names
@@ -242,14 +246,14 @@ check_options()
;;
-b|--backend)
if [ "X$2" = "Xzipr" ]; then
- echo using Zipr backend
+ echo "Using Zipr backend."
export backend="zipr"
phases_spec=" $phases_spec stratafy_with_pc_confine=off generate_spri=off spasm=off fast_annot=off zipr=on preLoaded_ILR1=off preLoaded_ILR2=off fast_spri=off "
phases_spec=${phases_spec/preLoaded_ILR1=on/}
phases_spec=${phases_spec/preLoaded_ILR2=on/}
step_options_gather_libraries="$step_options_gather_libraries --main_exe_only"
elif [ "X$2" = "Xstrata" ]; then
- echo using Strata backend
+ echo "Using Strata backend."
export backend="strata"
# strata is default, do nothing.
fi
@@ -301,6 +305,14 @@ check_options()
stop_after_step=$2
shift 2
;;
+ --dump-before)
+ dump_before_step=$2
+ shift 2
+ ;;
+ --dump-after)
+ dump_after_step=$2
+ shift 2
+ ;;
--) shift
break
;;
@@ -474,6 +486,10 @@ perform_step()
echo "command is: $command"
exit 1
fi
+ if [ "$step" = "$dump_before_step" ]; then
+ echo " ---- ps_analyze has been asked to dump before step $step."
+ $SECURITY_TRANSFORMS_HOME/plugins_install/dump_map.exe $cloneid > logs/dump_before.log
+ fi
is_step_on $step
if [ $? -eq 0 ]; then
@@ -572,6 +588,10 @@ perform_step()
echo "command is: $command"
exit 1
fi
+ if [ "$step" = "$dump_after_step" ]; then
+ echo " ---- ps_analyze has been asked to dump after step $step."
+ $SECURITY_TRANSFORMS_HOME/plugins_install/dump_map.exe $cloneid > logs/dump_after.log
+ fi
return $command_exit
}
@@ -686,17 +706,17 @@ compatcheck()
file $1 |egrep "ELF.*executable" > /dev/null 2>&1
if [ $? = 0 ]; then
- echo Detected ELF file...
+ echo Detected ELF file.
return
fi
file $1 |egrep "ELF.*shared object" > /dev/null 2>&1
if [ $? = 0 ]; then
- echo Detected ELF shared object...
+ echo Detected ELF shared object.
return
fi
file $1 |egrep "CGC.*executable" > /dev/null 2>&1
if [ $? = 0 ]; then
- echo Detected CGCEF file...
+ echo Detected CGCEF file.
return
fi