Commit Graph

1916 Commits

Author SHA1 Message Date
Tristan Ravitch
380d732d0e
Implement system call support for x86 (#226)
Implement support for symbolically executing system calls in macaw-symbolic. **To update code that does not need to symbolically execute system calls (i.e., most clients of macaw-symbolic), just pass the new `unsupportedSyscalls` default handler as the fifth argument of `macawExtensions`.**

The primary interface is via the new `LookupSyscallHandle` callback passed to `macawExtensions`. This callback inspects the environment and returns a Crucible `FunctionHandle` that models the behavior of the requested system call. Note that this mechanism only supports concrete system calls (i.e., system calls where the system call number is concrete). The x86 backend has been updated to support this new functionality.

The representation of system calls in macaw is still architecture-specific (because there are interesting differences between system call instructions across architectures). The idea is that system calls are now treated in two steps:
1. A macaw-symbolic extension statement that looks up the override to invoke for the given syscall (returned as a Crucible FunctionHandle)
2. A call to that handle

We need this two step approach because the handlers that interpret syntax extension statements cannot symbolically branch (and thus cannot call overrides). The extension interpreter just looks up the necessary handle and uses the standard call/override machinery to handle any branching required to support the system call model functionality.

The major complication to this approach is that system calls need to update values in registers when they return. To capture these updates, the architecture-specific syntax extension needs to explicitly update any machine registers that could possibly be affected. The explicit updates are necessary because machine registers do not exist anymore at the macaw-symbolic level (at least within a block). To handle all of these constraints:
1. System calls are represented as extension functions at the macaw level when lifted from machine code.
2. During translation into crucible (via macaw-symbolic), the extension functions are translated into two statements: a function handle lookup and then a function call (with the return values being explicitly threaded through the Crucible function).
3. During symbolic execution, the lookup statement examines the environment to return the necessary function handle, while the handle is called via the normal machinery.

Note that the feature is entirely controlled by the `LookupSyscallHandle` function, which determines the system call dispatch policy. No system call models are included with this change.

Co-authored-by: Brett Boston <boston@galois.com>
2021-08-27 15:47:40 -07:00
Ryan Scott
7c95f5d874
Adapt to crucible-symio and even more MemOptions (#225)
This bumps the `crucible` submodule to bring in:

* `crucible-symio` (GaloisInc/crucible#788). This requires adding a new
  project dependency in `cabal.project.dist`.
* GaloisInc/crucible#808, which adds yet another `?memOpts :: MemOptions`
  constraint, this time in `doPtrAddOffset`.
2021-08-26 08:31:28 -04:00
Ryan Scott
7f7de2a59b
Adapt to GaloisInc/crucible#794 (#224)
GaloisInc/crucible#794 increases the number of functions that use
implicit `MemOptions`, including a handful of key LLVM memory model–related
functions. As a result, many parts of `macaw` need to add implicit `?memOpts`
parameters to accommodate to this change.
2021-08-23 20:39:08 -04:00
Tristan Ravitch
a0107f1f9d
Merge pull request #223 from GaloisInc/tr/ppc32-ipalign
ppc32: Add IP alignment rules for code discovery
2021-08-23 10:43:51 -07:00
Tristan Ravitch
7d1fa366c2 ppc32: Add IP alignment rules for code discovery
This was stubbed out before. It is basically identical to the ppc64 version,
except with offsets corrected.
2021-08-23 08:35:56 -07:00
Tristan Ravitch
6b712c6280
Fix the default ppc32 ABI (#222)
None of the common default ppc32 ABIs use a Table of Contents (TOC), so default
our code to not assume it either. This has accompanying changes in
macaw-loader-ppc, which also made incorrect assumptions about ppc32.

Note that we may eventually need to support rarely-used ABIs that do use a
TOC (or similar dedicated registers, e.g., the Small Data Area mode). When we
do, we will probably want that to be a data-oriented decision rather than a
type-level one, as each architecture supports multiple ABIs. We may also need to
modify ppc64 to support ABIs without TOCs, but we'll do it when we need to.
2021-08-19 07:41:29 -07:00
Tristan Ravitch
9069e114fd
Merge pull request #220 from GaloisInc/tr/pic-arm-fixes
Fix issues analyzing Position Independent Executables in AArch32
2021-07-21 13:16:55 -07:00
Tristan Ravitch
37d8029c00 Remove an incorrect assumption about addresses in the ARM decode logic
It was previously assuming that addresses are absolute, which is not true for
position independent executables.  Extracting the offset from the address is
sufficient for our purposes here (note that taking the offset from the
`MemSegmentOffset` would not be right, as that offset is relative to the segment
start).
2021-07-21 11:44:20 -07:00
Tristan Ravitch
6fa6010473 Add more detail to ARM memory errors
Record the decode mode in the error, which can help those interpreting errors
understand what state the decoder was in when it failed.
2021-07-21 11:43:49 -07:00
Tristan Ravitch
764de152ce
Merge pull request #219 from GaloisInc/tr/submodules
Tr/submodules
2021-07-16 07:37:09 -07:00
Tristan Ravitch
10ef849895 Warning cleanup 2021-07-15 21:22:57 -07:00
Tristan Ravitch
df839de678 Update submodules
This commit adapts to recent changes in crucible and raises the version bounds
to admit newer versions of what4.
2021-07-15 21:22:30 -07:00
Sam Breese
135fb062bb
x86: Fix semantics for BSF and BSR instructions (#216)
* x86: Fix semantics for BSF and BSR instructions

* Add a test for BSR and BSF
2021-07-13 14:14:59 -04:00
Joe Hendrix
e01155e32f
Merge pull request #218 from GaloisInc/jhx/fix
Specify function name in register use error message
2021-07-12 16:22:39 -07:00
Joe Hendrix
4afe6fd82e Specify function name in register use error message 2021-07-12 11:59:43 -07:00
Tristan Ravitch
a0aaa6e083
Attempt to use self-hosted CI runners (#215)
Switch the github actions configuration to use internally-hosted runners, which have enough memory to complete all of the CI jobs
2021-07-12 11:58:21 -07:00
Tristan Ravitch
f2e3d9652c
Merge pull request #214 from GaloisInc/tr/arm-pc-fix
Tr/arm pc fix
2021-07-10 20:28:22 -07:00
Tristan Ravitch
cb02157ca6
Merge branch 'master' into tr/arm-pc-fix 2021-07-09 11:03:18 -07:00
Tristan Ravitch
f13eb7c01f Add an additional case handling reading/writing the PC directly
We originally left this case out to catch cases where the PC was written to
directly (skipping the special `LoadWritePC` logic in the semantics). At this
point we are confident that the ARM semantics handle that correctly. The
translation of the semantics into macaw (via TH) are not entirely lazy, and the
interpretation will call this function indirectly (via `get_gpr_uf`); returning
Nothing in the `r15` case caused that part of the translation to fail. The
resulting value is never actually used (because the ARM semantics have special
behavior when reading from `r15`), but the error was too eager and caused a
crash.

This change just lets that code continue.
2021-07-09 10:54:58 -07:00
Joe Hendrix
e4b198ab2d
Merge pull request #211 from GaloisInc/jhx/event
Improve event handling
2021-06-14 22:19:16 -07:00
Joe Hendrix
a646d5fab2 Update submodules 2021-06-14 15:41:32 -07:00
Joe Hendrix
cdc90bd846 Update to more recent flexdis 2021-06-14 13:22:46 -07:00
Joe Hendrix
a50faaebd1 Move isExecutableSegOff check in discovery 2021-06-13 11:55:08 -07:00
Joe Hendrix
cda1d50b28 Expand register use error reasons.
This allows architecture-specific functions to add additional detail.
2021-06-12 12:33:42 -07:00
Joe Hendrix
ad6573556b Cleanups, formatting changes, and remove unused functionality. 2021-06-10 14:09:04 -07:00
Joe Hendrix
7729de2d2c Fix typos in error message; export ArchAddrWidth 2021-06-05 16:07:03 -07:00
Joe Hendrix
e55ebc95cd WIP. Improved error messages 2021-05-27 14:13:13 -07:00
Joe Hendrix
d9fa8af6c8
Merge pull request #210 from GaloisInc/jhx/invariant
Invariant inference changes.
2021-05-26 12:16:38 -07:00
Joe Hendrix
5e89e6f63d Cleanup compare-dwarfdump; bump submodules. 2021-05-26 07:25:51 -07:00
Joe Hendrix
ac5770f300 Switch compare-dwarfdump to use llvm 12. 2021-05-25 10:06:33 -07:00
Joe Hendrix
8216088158 Invariant inference changes.
This refactors demand analysis so we export assignment inferred values
and also no longer compute demands for assigments when inference
infers a value for them.

This exposes more information but requires changes to consumers of
information.
2021-05-24 14:03:24 -07:00
Joe Hendrix
7e8b02a905
Merge pull request #209 from GaloisInc/jhx/dynamic
Add script to simplify updating cabal freeze files.
2021-05-19 23:25:39 -07:00
Joe Hendrix
25e09b8688 Add script to simplify updating cabal freeze files. 2021-05-19 21:02:56 -07:00
Joe Hendrix
3150edf59e
Merge pull request #207 from GaloisInc/jhx/dynamic
Support elf-edit dynamic changes
2021-05-07 20:24:53 -07:00
Joe Hendrix
3d38843ea5 Github CI use ghcup 2021-05-07 17:20:42 -07:00
Joe Hendrix
7db9baf439 Support elf-edit changes 2021-05-07 14:18:56 -07:00
Joe Hendrix
d487101a76
Merge pull request #206 from GaloisInc/jhx/inc
Various cleanups and generalizations for Reopt.
2021-04-28 11:55:57 -07:00
Joe Hendrix
12c3829a1e Reorganize event reporting for Reopt compatibility. 2021-04-27 23:54:11 -07:00
Joe Hendrix
e2ae54cd04 Add error messages and generalize function argument analysis. 2021-04-27 23:54:11 -07:00
Joe Hendrix
3fb39610bb Export lower level function for getting memory from elf segments. 2021-04-27 23:54:11 -07:00
Joe Hendrix
b26a4e64d8 Declare BlockInvariantMap 2021-04-27 23:54:11 -07:00
Joe Hendrix
483cc25553 Relax requirement on pointer type byte size attribute. 2021-04-27 23:54:11 -07:00
Joe Hendrix
ceb64be843 Sort x86 functions for easier browsing. 2021-04-27 23:54:11 -07:00
Joe Hendrix
b813ecda9a
Merge pull request #204 from GaloisInc/jhx/inc
WIP: Introduce incremental computation monad; refactoring of app output.
2021-04-22 09:51:26 -07:00
Joe Hendrix
1cb86f771c Cleanup discovery; fix macaw-symbolic 2021-04-21 11:27:27 -07:00
Joe Hendrix
1dd776b636 Introduce incremental computation monad; use in discovery. 2021-04-21 11:27:27 -07:00
Daniel Matichuk
1d9d5efe1d
correctly set block endings for all slice exits (#205) 2021-04-14 08:38:16 -07:00
Daniel Matichuk
5ee1b35fc2 correctly set block endings for all slice exits 2021-04-13 15:46:06 -07:00
Kevin Quick
ff894f9286
Merge pull request #202: rename to MacawEvalStmtFunc
[symbolic] Rename EvalStmtFunc to MacawEvalStmtFunc
2021-04-05 14:48:29 -07:00
Kevin Quick
b79e313cfc
Revert unintentional type parameter change in MacawEvalStmtFunc. 2021-04-05 12:07:49 -07:00