97c61e471a
This extends `Data.Macaw.Symbolic.Testing` in `macaw-symbolic` to be able to handle binaries that depend on shared libraries. This is fully functional for the x86-64 and AArch32 symbolic backends, and I have added test cases to the respective repos demonstrating that it works. (The PowerPC backend is not yet supported. At a minimum, this is blocked on GaloisInc/elf-edit#35.) To implement this, I also needed to add some additional infrastructure to `macaw-base` (I put this infrastructure here as it doesn't depend on any Crucible-specific functionality): * `Data.Macaw.Memory.ElfLoader.DynamicDependencies`: a basic ELF dynamic loader that performs a breadth-first search over all `DT_NEEDED` entries that an ELF binary depends on (both directly and indirectly). * `Data.Macaw.Memory.ElfLoader.PLTStubs`: a collection of heuristics for detecting the addresses of PLT stubs in a dynamically linked binary. It is worth noting that shared libraries are rife with nuance and subtlety, and the way `macaw` models shared libraries is not 100% accurate. I have written a length `Note [Shared libraries]` in `Data.Macaw.Symbolic.Testing` to describe where corners had to be cut. Fixes #318.
2.8 KiB
Revision history for macaw-symbolic
Next
Features
API Changes
-
The
newGlobalMemoryandnewGlobalMemoryWithfunctions now requires thatsym ~ ExprBuilderdue to some optimizations in populating the initial memory contents of large binaries -
The types of various functions, such as
macawExtensions, are now parametric over thepersonalitytype variable instead of restricting it toMacawSimulatorState sym. A consequence of this change is that theMacawArchEvalFn,LookupFunctionHandle, andLookupSyscallHandledata types now have an additionalpersonalitytype variable. If you don't care about this type variable, it is usually fine to leave it polymorphic. Alternatively, one can instantiate it toMacawSimulatorState symto restore the old behavior. -
Data.Macaw.Symbolic.MemOps.GlobalMaphas changed from atypesynonym to anewtype, and its type has changed somewhat. -
The type of
crucGenArchTermStmthas changedIt gained a parameter of type
Maybe (Label c)whereLabelcomes from Crucible. This enables architecture-specific terminators to add custom control flow, including fallthrough behavior. -
Data.Macaw.Symbolic.Backendnow exports some additional combinatorsThese enable some more sophisticated translations in architecture-specific backends.
appAtomaddTermStmtcreateRegStructsetMachineRegsaddExtraBlockfreshValueIndex
-
The following functions now have a
?memOpts :: MemOptionsconstraint:Data.Macaw.Symbolic.Memory.newGlobalMemoryData.Macaw.Symbolic.MemOps.{doWriteMem,doCondWriteMem}
-
The type of
populateRelocationhas gained three additional arguments—theMemory,MemSegment, andMemAddrcorresponding to the relocation—to more easily facilitate computing the address of the relocation. -
Data.Macaw.Symbolic.Testinghas made some API changes to support simulating shared libraries:runDiscoverynow returns aBinariesInfovalue, which contains the code discovery state for both a main binary as well as any shared libraries that it depends on.runDiscoverynow requires theFilePathof the main binary as an argument, as well as aPLTStubInfoargument for determining where to look for PLT stubs in dynamically linked binaries. (SeeData.Macaw.Memory.ElfLoader.PLTStubsinmacaw-basefor more information aboutPLTStubInfos.)simulateAndVerifyhas removed itsMemoryandDiscoveryStatearguments in favor of a singleBinariesInfoargument.
Behavioral Changes
- Redundant pointer validity checks have been removed from
doReadMem,doCondReadMem,doWriteMem, anddoCondWriteMem; this should be mostly invisible to library clients unless they rely on goal counts or goal numbers