Commit Graph

148 Commits

Author SHA1 Message Date
Ryan Scott
9a3e793d30 Bump semmc submodule
This is needed to bring in the changes from #77, which adds support for
`hashable-1.4.*`. With this change, everything in the `macaw` repo now
builds with `hashable-1.4.*`.
2023-02-20 17:49:35 -05:00
Ryan Scott
da06413771 Add test case for movt semantics
This requires bumping the `asl-translator` submodule to bring the changes from
GaloisInc/asl-translator#47, which are necessary for the test case to work.
2022-10-26 18:15:06 -04:00
Ryan Scott
2791b1050f Adapt to GaloisInc/crucible#998
This bumps the `crucible` submodule to bring in the changes from
GaloisInc/crucible#998, which adds `?memOpts :: MemOptions` constraints to
a handful of additional functions. This requires adding constraints to
some functions in `macaw-symbolic` to accommodate, as well as bumping the
`semmc` submodule to bring in analogous changes from GaloisInc/semmc#76.
2022-06-28 12:10:11 -04:00
Ryan Scott
c9cbb4c7fc Support building with GHC 9.2
This contains various tweaks needed to make the packages in the `macaw` repo
build with GHC 9.2:

* In `template-haskell-2.18.*`, the type of `ConP` gained an additional field
  (see [here](https://gitlab.haskell.org/ghc/ghc/-/wikis/migration/9.2?version_id=7e2ce63ba042c1934654c4316dc02028d8d3dd31#template-haskell-218)).
  As a result, I needed to use some CPP in `macaw-semmc:Data.Macaw.SemMC.TH` to
  make the two uses of `ConP` compile. To minimize the amount of CPP that I
  needed, I factored out this logic into a `conPCompat` function.
* The following submodules were bumped to bring in changes needed to support
  building with GHC 9.2:
  * `asl-translator`: GaloisInc/asl-translator#45
  * `dismantle`: travitch/dismantle#39
  * `dwarf`: GaloisInc/dwarf#5
  * `elf-edit`: GaloisInc/elf-edit#32
  * `flexdis86`: GaloisInc/flexdis86#39
  * `grift`: GaloisInc/grift#6
  * `semmc`: GaloisInc/semmc#75
2022-05-31 15:50:48 -04:00
Tristan Ravitch
54f8793145
Submodule updates (#291)
The primary changes are version bounds to let everything build against the
latest what4 release (1.3)
2022-05-24 18:45:23 -07:00
Daniel Matichuk
bbc0b6a40a
Bump ASL revision to handle slicing issues with UBFX instruction on ARM (#280)
* bump asl-translator

* add ubfx tests

* add CI version to workflow
2022-04-20 10:08:36 -07:00
Ryan Scott
c86e13d35c Adapt to dynSymEntry being definition-aware in elf-edit
This bump the `elf-edit` submodule to bring in the changes from
https://github.com/GaloisInc/elf-edit/pull/29, which adds an additional
`VersionDefMap` argument to `elf-edit` to make it aware of version definitions.
This requires some changes to the API in `Data.Macaw.Memory.ElfLoader` to
accommodate.
2022-04-19 12:47:24 -04:00
Brett Boston
9d0d9d762c
Update softfloat-hs repo to eliminate manual build step (#265)
* Update softfloat-hs repo to eliminate manual build step

* Fix small typo in README (softfloat -> softfloat-hs)
2022-03-04 15:49:36 -08:00
Brett Boston
82640e7a4b
Add RISC-V backend (#259)
* riscv: added grift as submodule

* added macaw-riscv project

* make arch polykinded everywhere in macaw base

* stubbed out riscv_info

* update grift

* started on RISCVReg

* started on RISCVReg

* RegisterInfo instance for RISCVReg (a few unimplemented fields)

* filled out archRegSet

* filled out withArchConstraints, archAddrWidth, and archEndianness

* added Arch module

* RISCV initialBlockRegs

* preliminary work on disassembleFn

* wip: disassembleFn

* made things more lens-y

* wip: disassemble instruction

* finished disassembly of grift assignment statements

* separated out DisInstM into separate module

* disassembly wip

* finished disassembleBlock

* Finished riscvDisassembleFn

* bump grift submodule

* made macaw discovery poly-kinded

* added risc-v test suite

* added risc-v test suite

* fixed macaw semantics to hardware x0 to constant value 0

* added riscvPreserveReg based on assembler's manual

* riscvDemandContext

* successfully disassembled a block!

* enhanced tests to allow optional entry point spec

* stubbed out identifyCall

* stubbed out identifyReturn

* passing initial test

* added checkForReturnAddr stub

* fleshed out identifyCall and identifyReturn

* update grift submodule

* bug fix and exception handling

* added EXC register, which tracks whether or not we've attempted to
read from/write to any system registers.

* Replaced custom CSR type with GRIFT's (but we're not using it
currently)

* added better show instance for GPRs we should migrate this to a
GRIFT pretty printer at some point)

* Fixed a vicious bug in the semantics; unsigned and signed LT were
getting swapped in translation

* added pattern synonyms for GPRs

* improved docs and fixed RISCVReg bug (GP was 3 instead of 4)

* changed undefineds to errors

* changed RISCV class to RISCVConstraints

* wrapped GRIFT's "RV" parameter in a type to remove the need to make
macaw architecture parameter polykinded

* rolled back all changes to macaw base that made things poly-kinded

* reverted two more macaw core changes, updated license, removed old PPC test

* macaw: update to upstream changes in bv-sized and grift

* address code review comments

* macaw-riscv: expose fewer modules

* Update RISCVTermStmt definition

* Update riscv_info.  macaw-riscv now builds against master

* Update bv-sized and cabal freeze files

* Update cabal freeze files with satisfying lens version

* Get tests building

* Fix printf runtime error

* Add simpler tests

* Change RISCV target version and update grift pointer

[skip ci]

* Compressed branch test passes

[skip ci]

* Add additional small tests

[skip ci]

* Introduce a syscall PrimFn

* Syscalls now correctly classified

* Fix return regs from syscall

* Extract syscall arguments

* Update expected riscv test results

* Add macaw-riscv build + test to CI

* Get building with GHC 9.0.2

* Revert "Update cabal freeze files with satisfying lens version"

This reverts commit 4aa95c19c3.

* Install softfloat in CI

* Update Grift

* Some initial cleanup

* More cleanup

* Resolve FIXME on getReg

* Detect and only accept rv64gc rvreprs

* Address Tristan's PR comments

* Update Grift pointer

* Add info on installing Softfloat to README for macaw-riscv

* Add missing submodule step to softfloat build instructions

Co-authored-by: Ben Selfridge <benselfridge@000279.local>
Co-authored-by: Valentin Robert <val@galois.com>
2022-03-04 12:44:46 -08:00
Rob Dockins
2845d6fd74 Update what4 and crucible submodules 2022-01-24 16:24:07 -08:00
Ryan Scott
049096c506 Support building with GHC 9.0
This contains a variety of fixes needed to make the packages in the `macaw`
repo compile with GHC 9.0:

* GHC 9.0 implements simplified subsumption (see
  [here](https://gitlab.haskell.org/ghc/ghc/-/wikis/migration/9.0?version_id=5fcd0a50e0872efb3c38a32db140506da8310d87#simplified-subsumption)).
  In most cases, adapting to this is a matter of manually eta expanding
  definitions, such as in `base:Data.Macaw.Analysis.RegisterUse`. In the case
  of `macaw-x86-symbolic:Data.Macaw.X86.Crucible`, the type signature of
  `evalExt` had to be made more specific to adapt to the loss of contravariance
  when typechecking `(->)`.
* GHC's constraint solver now solves constraints in each top-level group
  sooner (see
  [here](https://gitlab.haskell.org/ghc/ghc/-/wikis/migration/9.0?version_id=5fcd0a50e0872efb3c38a32db140506da8310d87#the-order-of-th-splices-is-more-important)).
  This affects `macaw-aarch32` and `macaw-symbolic`, as they separate top-level
  groups with `$(return [])` Template Haskell splices. The previous locations
  of these splices made it so that the TH-generated instances in that package
  were not available to any code before the splice, resulting in type errors
  when compiled with GHC 9.0.

  To overcome this, I rearranged the TH-generated instances so that they appear
  before the top-level groups that make use of them.
* GHC 9.0 now enables `-Wstar-is-type` in `-Wall`, so this patch replaces some
  uses of `*` with `Data.Kind.Type`. `Data.Kind` requires the use of GHC 8.0 or
  later, so this patch also updates thes lower bounds on `base` to `>= 4.9` in
  the appropriate `.cabal` files. (I'm fairly certain that this requirement was
  already present implicity, but better to be explicit about it.)
* The `asl-translator`, `crucible`, and `semmc` submodules were updated to
  allow them to build with GHC 9.0. The `llvm-pretty` and
  `llvm-pretty-bc-parser` submodules were also bumped to accommodate unrelated
  changes in `crucible` that were brought in.
* The upper version bounds on `doctest` in `macaw-symbolic`'s test suite were
  raised to allow it to build with GHC 9.0.
2022-01-10 16:40:23 -05:00
Ryan Scott
d3a53a6769 Update crucible, semmc submodules; adapt to GaloisInc/crucible#906
This updates the `crucible` submodule to include GaloisInc/crucible#906
(`Control granularity of reading uninitialized memory`), as well as the
`semmc` submodule to bring in corresponding changes on its side
(GaloisInc/semmc#69). Some additional `?memOpts :: MemOptions` constraints
needed to be added to some functions in `macaw-symbolic` and
`macaw-refinement` as a result.
2021-11-22 18:27:46 -05:00
Ryan Scott
9efbbf1753 Update llvm-pretty-bc-parser submodule
This updates the `llvm-pretty-bc-parser` to include these PRs:

* GaloisInc/llvm-pretty-bc-parser#159 (`Support parsing fneg instructions`)
* GaloisInc/llvm-pretty-bc-parser#166 (`Support parsing freeze instructions`)
* GaloisInc/llvm-pretty-bc-parser#164 (`Parse DebugInfoEnumerator properly on LLVM 12+`)
* GaloisInc/llvm-pretty-bc-parser#162 (`Support parsing dict{Associated,Allocated,Rank} fields introduced in LLVM 12`)

The `llvm-pretty` submodule had corresponding changes as well. These were
included as part of a previous commit to update the `llvm-pretty` submodule
(952fe5578d), but the `llvm-pretty-bc-parser`
submodule was not updated at the same time. This commit brings the two back
into harmony.
2021-11-22 18:27:46 -05:00
Tristan Ravitch
952fe5578d Submodule updates 2021-11-18 21:40:09 -08:00
Tristan Ravitch
c6eae87724 Update the aarch32 disassembler
This fixes some critical bugs in thumb2 disassembly.  This change adds some
macaw-level tests to ensure that thumb2 is working properly.
2021-11-05 20:01:11 -07:00
Ryan Scott
5547632f65 macaw-x86: Handle sign-extended immediates in def_push
See `Note [Sign-extending immediate operands in push]` in
`Data.Macaw.X86.Semantics` for the full story. I have also added a test case
in `macaw-x86-symbolic` which ensures that the stack-pointer-decrementing
logic behaves as one would expect.

Bumps in the `flexdis86` submodule to bring in GaloisInc/flexdis86#37.

Fixes #235.
2021-10-12 16:37:21 -04:00
Ryan Scott
4fc8a46ed6 Bump semmc submodule to bring in GaloisInc/semmc#67 2021-10-12 16:37:21 -04:00
Ryan Scott
7c95f5d874
Adapt to crucible-symio and even more MemOptions (#225)
This bumps the `crucible` submodule to bring in:

* `crucible-symio` (GaloisInc/crucible#788). This requires adding a new
  project dependency in `cabal.project.dist`.
* GaloisInc/crucible#808, which adds yet another `?memOpts :: MemOptions`
  constraint, this time in `doPtrAddOffset`.
2021-08-26 08:31:28 -04:00
Ryan Scott
7f7de2a59b
Adapt to GaloisInc/crucible#794 (#224)
GaloisInc/crucible#794 increases the number of functions that use
implicit `MemOptions`, including a handful of key LLVM memory model–related
functions. As a result, many parts of `macaw` need to add implicit `?memOpts`
parameters to accommodate to this change.
2021-08-23 20:39:08 -04:00
Tristan Ravitch
6b712c6280
Fix the default ppc32 ABI (#222)
None of the common default ppc32 ABIs use a Table of Contents (TOC), so default
our code to not assume it either. This has accompanying changes in
macaw-loader-ppc, which also made incorrect assumptions about ppc32.

Note that we may eventually need to support rarely-used ABIs that do use a
TOC (or similar dedicated registers, e.g., the Small Data Area mode). When we
do, we will probably want that to be a data-oriented decision rather than a
type-level one, as each architecture supports multiple ABIs. We may also need to
modify ppc64 to support ABIs without TOCs, but we'll do it when we need to.
2021-08-19 07:41:29 -07:00
Tristan Ravitch
df839de678 Update submodules
This commit adapts to recent changes in crucible and raises the version bounds
to admit newer versions of what4.
2021-07-15 21:22:30 -07:00
Joe Hendrix
a646d5fab2 Update submodules 2021-06-14 15:41:32 -07:00
Joe Hendrix
5e89e6f63d Cleanup compare-dwarfdump; bump submodules. 2021-05-26 07:25:51 -07:00
Joe Hendrix
25e09b8688 Add script to simplify updating cabal freeze files. 2021-05-19 21:02:56 -07:00
Joe Hendrix
7db9baf439 Support elf-edit changes 2021-05-07 14:18:56 -07:00
Joe Hendrix
1cb86f771c Cleanup discovery; fix macaw-symbolic 2021-04-21 11:27:27 -07:00
Kevin Quick
2df7ce1126
[symbolic] add memory variable name to Crucible mkMemVar call. 2021-04-03 16:12:55 -07:00
Joe Hendrix
de766c5f31 Update submodule versions 2021-03-23 22:08:21 -07:00
Tristan Ravitch
dbb4c83f08
Add a testing framework for macaw-symbolic (#184)
The new test suites cover x86_64, PowerPC, and ARM. They test that the semantics are actually correct (rather than just seeing if symbolic execution produces any result). The `Data.Macaw.Symbolic.Testing` module in macaw-symbolic provides some common utilities for symbolic execution engine setup, while there are tailored test harnesses for each architecture.

The semantics of the test harnesses are documented in each architecture test suite, but they:
1. Discover all of the test binaries (which are generated from the included makefiles)
2. Treat each function whose name begins with `test_` as a test entry point
3. Symbolically executes each test case with fully symbolic register states
4. Extracts the return value after symbolic execution, which is treated as the predicate to an assertion that must be proved
    - If the test case is in the `pass` subdirectory, it is proved and expected to hold
    - If the test case is in the `fail` subdirectory, it is proved and expected to not hold.

Each test harness supports two options for debugging:
- Dumping generated SMT queries
- Dumping generated Macaw IR for inspection

This testing uncovered a bug in the (previously untested) macaw-aarch32-symbolic code. It required a number of submodule updates to:

- Adapt to some what4 changes
- Fix a bug in the LLVM memory model that lets these tests pass
- Adapt to changes to some crucible APIs

This change also modifies the CI configuration to install SMT solvers earlier (which are now needed for all of the symbolic package tests).
2021-03-01 09:21:44 -08:00
robdockins
a58f1e25dd
Update to follow changes in What4. Nat is no longer a base type (#190)
Nat is no longer a what4 base type, so we have to adapt various APIs to accommodate that. The template haskell in macaw-semmc is updated to remove Nat cases. Changes to the `SymFn` type required removing a type parameter.

This commit also adds macaw-refinement to CI (which requires installing SMT solvers); that code had to be updated due to the what4 changes.


Co-authored-by: Tristan Ravitch <tristan@galois.com>
2021-02-19 15:44:56 -08:00
Joe Hendrix
6d1e47623d Provide jumptable layout info 2021-01-27 15:27:53 -08:00
Tristan Ravitch
52f3efb2c9 aarch32: Change the register context
The previous implementation used all of the registers defined in ASL translator.
It turns out that we don't actually use all of them in macaw; the significant
difference is that the `__memory` pseudo-location is used by asl-translator, but
not macaw (as macaw handles memory through implicit context).  This change
modifies the register assignment to include everything except memory (which
requires an update to the asl-translator submodule).
2021-01-16 17:42:01 -08:00
Brian Huffman
2a620d41de Switch from ansi-wl-pprint to the prettyprinter package.
This patch relies on the following submodule updates:
- GaloisInc/what4#77
- GaloisInc/elf-edit#20
- GaloisInc/crucible#586
- GaloisInc/asl-translator#28

This patch updates the following packages:
- macaw-base
- macaw-symbolic
- macaw-x86
- macaw-x86-symbolic
- macaw-aarch32
- macaw-ppc
- macaw-semmc
- macaw-refinement
2020-12-02 11:38:19 -08:00
Joe Hendrix
5aad8ca32e Upgrade to elf-edit 0.39 and other libraries. 2020-11-10 17:15:47 -08:00
Joe Hendrix
22a9104faa Various cleanups.
Consolidate three different checks that control when to explore
a function into a single one defined in exploreFunPred.

Modify noreturn function calls to not treat the return address
as a potential function entry point.

Add basic checking of LSDA address to compare-dwarfdump.

Minor code refactoring and submodule updates.
2020-11-06 14:37:13 -08:00
Joe Hendrix
98b69d992c Add compare-dwarfdump 2020-11-06 14:35:06 -08:00
Joe Hendrix
9203a37b94 Minor cleanups; dwarf updates 2020-11-06 14:35:06 -08:00
Joe Hendrix
a276dbaea4 Update to work with latest elf-edit. 2020-11-06 14:01:04 -08:00
Joe Hendrix
c356694627 Update to work with latest elf-edit. 2020-11-06 13:48:26 -08:00
Tristan Ravitch
37861df8c7
Support for mixed ARM/Thumb binaries (#174)
aarch32: Support mixed ARM/Thumb1 binaries

This updates the aarch32 backend to decode Thumb instructions and generate the Thumb semantics. The major implementation change is to use the `ArchBlockPrecond` feature of macaw to track the Thumb state (`PSTATE_T`) across block boundaries.

The ARM code discovery decides whether or not a function entry point should be decoded as Thumb by examining the low bit of the function address. If the low bit is set, it is a Thumb entry point. This has the slightly odd effect of causing macaw to say that the function is at the address with the low bit set, which is not technically true. This is documented in the README, but not obvious on inspection. Most use cases should not care, and can in any case account for it. In the future, it should be possible to fix this (though it will require some changes to the core of macaw).
2020-11-02 12:48:01 -08:00
Rob Dockins
e9b960c6d5 Bump semmc submodule 2020-09-15 16:24:24 -07:00
Rob Dockins
99f8cb0bdf Update to use new HasLLVMAnn API, which requires an action for
recording (or discarding) annotations rather than a map.
2020-09-11 14:40:02 -07:00
Kevin Quick
de31610929
Update submodules. 2020-08-10 17:47:35 -07:00
Daniel Matichuk
68193b9ef9 bump submodules 2020-07-31 00:33:10 -07:00
Daniel Matichuk
626071e459 bump submodules 2020-07-28 12:40:52 -07:00
Kevin Quick
0cb0a89748
Update submodules. 2020-07-20 14:18:35 -07:00
Tristan Ravitch
b160e480a7
x86: Add semantics for the endbr instructions (#147)
This change treats them as no-ops (which is what they do on all released
hardware).  We could represent them with arch extensions.  This has a supporting
change in flexdis86 (included as a submodule).
2020-06-25 13:43:15 -07:00
Ben Selfridge
039b8497fc
updates what4, crucible, etc. (#146)
* update to bv-sized branch of what4 and other things

* removed parameterized-utils submodule completely

* Updates submodules

* Fixes macaw-symbolic w.r.t. crucible-llvm changes

Co-authored-by: Ben Selfridge <ben@000548-benselfridge.local>
2020-06-16 16:49:55 -07:00
Kevin Quick
2c23067318 Update submodules. 2020-06-03 21:37:37 -07:00
Tristan Ravitch
89fc5a73f7
Tr/full arm intrinsics (#137)
Improve the TH codegen for macaw-semmc

This change lazily translates as much as possible.  It also generates somewhat more compact code. This change also finishes implementing primitives for the aarch32 backend.  Complementing the aarch32 changes, the macaw-semmc interface has been modified to allow macaw-aarch32 to avoid a redundant serialize-deserialize round.

Co-authored-by: Kevin Quick <kquick@galois.com>
2020-05-26 09:24:45 -07:00