Former-commit-id: b785fed302e131895847afcec75f73311832f45c

Former-commit-id: 814a8b956fa4b5da50739fbd39beafe26219a0a3

Former-commit-id: ba7ef0e1e3d9b016969163016b8dd4146e886af4

Removed always and only validate option, replaced with only_validate option. To always validate, simply don't turn off p1 validation. 



Former-commit-id: b4437aeff12f304b5e748a7f39b31fd22a97052a

Also modified Rewrite_Utility and PnTransformDriver to keep track of inserted instructions so they can be removed on undo. This now sets up the possibility for a binary search style algorithm for transformation. 



Former-commit-id: 6689033a8143434f3b3e74187d91f6a3f8b34b6d

Added a few more options for always and only validate functions, and an option to turn off validation for p1, by default it is on. 

I have commented out some the hard coded blacklist based on a substring, since this was only used for TNE. Will have to come up with a solution for this later. 



Former-commit-id: 40564240b9d4a4be0ed781db878a2ed9b2447062

Former-commit-id: ed60e127511a565f759032d21806367ccc79871c

Former-commit-id: 3f974221f7a591ec6238a17cfb3744083bf67ea0

Former-commit-id: 7eb87ad7fb819f26996a2384615674ccd8ad1b26

Modified PNMain to use longopts. There will be a change to do_p1transform.sh to reflect this change. 

I have yet to make a "usage" function. 



Former-commit-id: 929d094c357c7bf87caa3f3ad9a17e3733997bac

Former-commit-id: 777fcbbc1e5e34f9442bd0ef1d172f1808dcc7f5

Removed many debugging statements I had placed in the wilander source, this does not effect the vulnerability but does give some edge for PN since every additional function call has an additional canary check. Removing them makes the code pretty much like the original except for the changed/added sanity checks.



Former-commit-id: ea37503dcc0a564bfce2d9327a99d878889803ee

Spent some time running the new PN through wilander, and I have committed my modified wilander, with a PN_README explaining how to repeat the experiment. 



Former-commit-id: b900e65187cf00ad213feed5e72f347b754012a5

Regular expression for ret in PNRegularExpressions no longer works, the pattern now matches for ret followed by any number of blank lines. ret must be the fist entry on the line. 


Former-commit-id: 06403e51e60a39e82ec6ed5e44ea4253680e2ac5

Former-commit-id: e58f7666f1bea1ee7d4c31906bd83c7318608a0a

simple_overflow example had a dynamic array in it for temporary purposes, but was in the repo. Reverted this in the source and recompiled the binary. 



Former-commit-id: e48d8a2c3a6730991e35180dd2908e679e3b1f89

Former-commit-id: d6ce8498bc9f5e6629aef830638859b9413c9cc8

Former-commit-id: ee6075e8212130896964af82818c9d92b66c8c70

Former-commit-id: 2ac3aad3a982d82175586e5909aab2450cfbc524

Former-commit-id: 445b3e95d46ed11f6f6f4ecbde2566561c84ef41

Former-commit-id: 11233d09a4b9dc78d87047aae3fe8d3c3f627d81

Former-commit-id: 09ccce22d96b31a9154c1e203d5d57578d3ae560

PrecedenceBoundaryInference.cpp, no canaries for these inferences, reveted to no validation for precedence inference.



Former-commit-id: 3af84450e6f2a0e18ad42aeff5a1874847815029

Assert false if the info annot file cannot be opened (likely will have to change this in a subsequent commit).

Memset inferences have been shown to be unsafe, they are no longer attempted without validation. 




Former-commit-id: 10c2e70fe2b3d7cf62e10875dea59d89a57d706e

Former-commit-id: d84504f6ffadd893173b0ac949ca313eca3db17d

In pntransformdriver, if the current inference is at the lowest level in the hierarchy, then do not perform validation. 



Former-commit-id: 0093d1b0b62fe7fd280f8adb7e421817aa07b0c9

PrecedenceBoundaryInference based on p1 did not add an out args region as necessary. Now if precedence bounds sees the supplied inference out args is 0, it assumes the first object is an out args region to be conservative. 




Former-commit-id: 1b2aae1354c7be53640671f80ccbf7c5bf463413

PrecedenceBoundaryInference now takes boundaries from a boundary generator, converts them to esp bounds, then produces a "transitive closure" on these ranges. That is, if any ranges intersect, containing all intersections is what is used for the boundary inference. 



Former-commit-id: 01be564a8ca11cfffad6e0d3ac3c7ea420c81acd

Changed padding to be a random amount of padding plus size equal to the aligned size of the allocated stack. 




Former-commit-id: d7bcc9ee2bb11c3d2403c0092d57871a2c587294

Former-commit-id: 71561a35be85fe06e69a2db936bc489c0c89c9ee

Former-commit-id: 5470ec1108ed69859b3c6946c903a6168bb72070

Former-commit-id: 01bf47f746ff62dc6f205dbc2f666b9d7e595f63

Former-commit-id: 650334febdb52ac1e6c19631fee708d403373283

Former-commit-id: 038c58f5cbb2f0169499f1e284458e775cd37777

Added changes to allow padding between dynamic sized arrays, not between the rest of the variables though (i.e., the transform is essentilaly part PN and part P1).



Former-commit-id: 4c381883db0bd2af024695fe3faf21d33e4bd62e

OffsetInference.cpp, the dynamic stack output log code now checks to see if the file is opened before writing. 



Former-commit-id: 6532b6068e371f715db830b842ecc094606ea058

OffsetInference.cpp, keeping with the last change to output a dynamic_stack.log, I do a check for null pointers before attempting to print the address of the isntruction. I don't think this can happen, but I don't want to break TNE. 



Former-commit-id: 9a9c34bbdbb9ad5032c5354257fed5be1a6d0122

in OffsetInference.cpp if a dynamic stack frame is detected, a log file, dynamic_stack.log, is created, which lists the functions, addresses, and instructions indicating a dynamic stack frame. 
 


Former-commit-id: f0f7bbb8811ad443f4c161e54579e096718998d3

Former-commit-id: 6af4305c051a895d0592bc846c1ea854a14ce8dd

Former-commit-id: a4a1b32f4b04e86e53700ead09a9386aeade1e90