Commit Graph

19 Commits

Author SHA1 Message Date
Tristan Ravitch
e024646860
macaw-refinement (#114)
This commit updates macaw-refinement to work with the latest macaw/crucible and makes a few improvements along the way.

The major changes involved in this are:
* Block labels were removed from macaw, so we had to come up with an alternative approach to making synthetic blocks to represent dispatch resolved by macaw-refinement that is not really a jump table. We considered adding a new terminator that encoded "computed IP-based dispatch", but there was concern about the impact on client code. Instead, we added a field to the `DiscoveryFunInfo` that records "external" resolutions to indirect control flow (e.g., as by an SMT solver in macaw-refinement). The hook by which we feed SMT-based resolutions back into macaw was modified accordingly (`addDiscoveredFunctionBlockTargets`).
* Solver invocation changed to allow solver selection and parallel solver application.
* Logging is now done via the `lumberjack` library.
* macaw-symbolic now uses the "external" resolutions in `DiscoveryFunInfo` while building crucible CFGs.
* The path creation code in macaw-refinement was simplified significantly and the approach to path creation has been documented.
* The run-refinement tool is now more featureful.
* The test suite is a bit more structured and no longer depends on the printed output of the discovery process.
2020-03-12 17:15:08 -07:00
Kevin Quick
290e33279a
[refinement] Enable PPC testing. 2019-02-08 14:10:08 -08:00
Kevin Quick
3eeaed08a2 Merge branch 'master' of github.com:GaloisInc/macaw 2019-02-08 08:30:26 -08:00
Andrei Stefanescu
c67e474a19 [refinement] Move symbolic execution code in its own module. 2019-02-07 19:43:58 -08:00
Andrei Stefanescu
5b93187d5b [refinement] Update .cabal file. 2019-02-07 17:25:52 -08:00
Kevin Quick
3baf55376b
[refinement] update run-refinement for summary and verbose modes. 2019-02-07 17:15:00 -08:00
Kevin Quick
13224a91ce
[refinement] updates for merge of Some removal and updateDiscovery. 2019-02-06 17:58:21 -08:00
Kevin Quick
ff2ec55f2c
[refinement] update run-refinement tool for changes in library.
Additional constraints and the refinement operations are now run in a
MonadIO context.
2019-01-31 14:55:26 -08:00
Andrei Stefanescu
2efd7bc0e6 Fixes. 2019-01-29 16:29:54 -08:00
Kevin Quick
de06514a06
[refinement] Add pretty printer for FuncBlockPath. 2019-01-28 15:04:21 -08:00
Kevin Quick
263f852924
[refinement] Split out modules for Path handling, Function/Block utilities. 2019-01-28 10:50:35 -08:00
Kevin Quick
16dfcaab0d
[refinement] Add initial refinement framework. 2019-01-24 14:49:47 -08:00
Kevin Quick
fb605a41d0
[refinement] update test generation and add refinement tests. 2019-01-23 12:04:41 -08:00
Kevin Quick
08d4dcd832
[refinement] Add test framework to compare output to expected output. 2019-01-22 20:04:26 -08:00
Kevin Quick
d87482c949
Add run-refinement --unrefined flag to show pre- and post- refinement. 2019-01-10 17:25:12 -08:00
Kevin Quick
d04bdf9ac3
Add run-refinement tool for cmdline dumping of exe file info.
This tool is similar to run-refurbish but it is intended to dump
information about additional refinements provided by this library.
2019-01-10 14:53:12 -08:00
Kevin Quick
f0087c9ea2
Enable warnings for future compatibility issues. 2019-01-10 14:41:44 -08:00
Kevin Quick
d62bf8f26e Add README and Changelog and update cabal synopsis/description. 2019-01-07 15:13:50 -08:00
Kevin Quick
d4d7f1b9be Add refinement library.
The refinement library provides supplemental functionality for
discovery of elements that macaw-symbolic is not able to discover via
pattern matching.  This library will use crucible symbolic analysis to
attempt to determine elements that could not be identified by
macaw-symbolic.  The identification provided by macaw-symbolic is
incomplete, and so is the identification by this macaw-refinement, but
macaw-refinement attempts to additionally "refine" the analysis to
achieve even more information which can then be provided back to the
macaw analysis.

  * Terminator effects for incomplete blocks.  For example, the target
    IP address by symbolic evaluation (e.g. of jump tables).  If the
    current block does not provide sufficient information to
    symbolically identify the target, previous blocks can be added to
    the analysis (back to the entry block or a loop point).

  * Argument liveness (determining which registers and memory
    locations are used/live by a block allows determination of ABI
    compliance (for transformations) and specific block
    requirements (which currently start with a full register state and
    blank memory).

  * Call graphs.  Determination of targets of call instructions that
    cannot be identified by pattern matching via symbolic evaluation,
    using techniques similar to those for identifying incomplete blocks.
2019-01-07 14:16:03 -08:00