ROSE  0.11.50.0
LinuxI386.h
1 #ifndef ROSE_BinaryAnalysis_Concolic_LinuxI386_H
2 #define ROSE_BinaryAnalysis_Concolic_LinuxI386_H
3 #include <featureTests.h>
4 #ifdef ROSE_ENABLE_CONCOLIC_TESTING
5 
6 #include <Rose/BinaryAnalysis/Concolic/Architecture.h>
7 #include <Rose/BinaryAnalysis/Concolic/ExecutionEvent.h>
8 #include <Rose/BinaryAnalysis/Concolic/SharedMemory.h>
9 #include <Rose/BinaryAnalysis/Concolic/SystemCall.h>
10 #include <Rose/BinaryAnalysis/Debugger.h>
11 
12 #include <boost/filesystem.hpp>
13 #include <Sawyer/Callbacks.h>
14 
15 namespace Rose {
16 namespace BinaryAnalysis {
17 namespace Concolic {
18 
20 // Linux Intel 80386 and compatible hardware architecture.
22 
24 class LinuxI386: public Architecture {
25  using Super = Architecture;
26 
27 public:
29  using Ptr = LinuxI386Ptr;
30 
31 private:
32  DebuggerPtr debugger_;
33  rose_addr_t scratchVa_ = 0; // subordinate address for scratch page
34  bool markingArgvAsInput_ = true;
35  bool markingEnvpAsInput_ = false;
36 
37 protected:
38  LinuxI386(const DatabasePtr&, TestCaseId, const Partitioner2::Partitioner&);
39 public:
40  ~LinuxI386();
41 
42 public:
48  static Ptr instance(const DatabasePtr&, TestCaseId, const Partitioner2::Partitioner&);
49  static Ptr instance(const DatabasePtr&, const TestCasePtr&, const Partitioner2::Partitioner&);
55  DebuggerPtr debugger() const;
56 
57 public:
59  RegisterDescriptor systemCallReturnRegister();
60 
61 public:
62  // These are documented in the base class.
63  virtual void configureSystemCalls() override;
64  virtual void configureSharedMemory() override;
65  virtual void load(const boost::filesystem::path&) override;
66  virtual bool isTerminated() override;
67  virtual ByteOrder::Endianness memoryByteOrder() override;
68  virtual std::string readCString(rose_addr_t va, size_t maxBytes = UNLIMITED) override;
69  virtual rose_addr_t ip() override;
70  virtual void ip(rose_addr_t) override;
71  virtual std::vector<ExecutionEventPtr> createMemoryRestoreEvents() override;
72  virtual std::vector<ExecutionEventPtr> createMemoryHashEvents() override;
73  virtual std::vector<ExecutionEventPtr> createRegisterRestoreEvents() override;
74  virtual bool playEvent(const ExecutionEventPtr&) override;
75  virtual void mapMemory(const AddressInterval&, unsigned permissions) override;
76  virtual void unmapMemory(const AddressInterval&) override;
77  virtual size_t writeMemory(rose_addr_t, const std::vector<uint8_t>&) override;
78  virtual std::vector<uint8_t> readMemory(rose_addr_t, size_t) override;
79  virtual void writeRegister(RegisterDescriptor, uint64_t) override;
80  virtual void writeRegister(RegisterDescriptor, const Sawyer::Container::BitVector&) override;
81  virtual Sawyer::Container::BitVector readRegister(RegisterDescriptor) override;
82  virtual void executeInstruction(const Partitioner2::Partitioner&) override;
83  virtual void executeInstruction(const InstructionSemantics2::BaseSemantics::RiscOperatorsPtr&, SgAsmInstruction*) override;
84  virtual void createInputVariables(InputVariables&, const Partitioner2::Partitioner&,
86  const SmtSolver::Ptr &solver) override;
87  virtual void systemCall(const Partitioner2::Partitioner&,
89 
90  virtual std::pair<ExecutionEventPtr, SymbolicExprPtr>
91  sharedMemoryRead(const SharedMemoryCallbacks&, const Partitioner2::Partitioner&,
93  rose_addr_t memVa, size_t nBytes) override;
94 
95 private:
96  // Maps a scratch page for internal use and updates scratchVa_ with the address of the page.
97  void mapScratchPage();
98 
99  // List of process memory segments that are not special.
100  std::vector<MemoryMap::ProcessMapRecord> disposableMemory();
101 
102  // Unmap nearly all memory. The scratch page is not unmapped, nor is the VDSO or VVAR.
103  void unmapAllMemory();
104 
105  // When stopped at the beginning of a system call, return the system call function number. See <sys/unistd_32.h> for the
106  // mapping function system call number to the Linux kernel function that handles it.
107  uint64_t systemCallFunctionNumber(const Partitioner2::Partitioner&,
109 
110  // Returns the system call argument.
112  systemCallArgument(const Partitioner2::Partitioner&,
114 
115  // Returns the system call return value.
117  systemCallReturnValue(const Partitioner2::Partitioner&,
119 
120  // Modify the symbolic system call return value.
122  systemCallReturnValue(const Partitioner2::Partitioner&,
125 
126 };
127 
129 // Linux i386 specific system call operations.
131 
135 class LinuxI386SyscallBase: public SyscallCallback {
136  ExecutionEventPtr latestReturnEvent_; // event for most recent system call return
137  ExecutionEventPtr penultimateReturnEvent_; // event for next most recent system call return
138 
139 public:
140  LinuxI386SyscallBase();
141  virtual ~LinuxI386SyscallBase();
142 
148  void hello(const std::string &name, const SyscallContext&) const;
149 
155  virtual void playback(SyscallContext&) = 0;
156 
174  virtual void handlePreSyscall(SyscallContext&) {}
175  virtual void handlePostSyscall(SyscallContext&) = 0;
192  ExecutionEventPtr latestReturnEvent() const;
193  ExecutionEventPtr penultimateReturnEvent() const;
200  void showRecentReturnValues(std::ostream&, const DatabasePtr& /*null*/) const;
201 
207  SymbolicExprPtr penultimateSymbolicReturn() const;
208 
209 public:
210  // Subclasses need not provide a function operator.
211  virtual bool operator()(bool /*handled*/, SyscallContext&) override final;
212 };
213 
219 class LinuxI386SyscallUnimplemented: public LinuxI386SyscallBase {
220 protected:
221  LinuxI386SyscallUnimplemented();
222 public:
223  ~LinuxI386SyscallUnimplemented();
224 
225 public:
227  static Ptr instance();
228 
229  void playback(SyscallContext&) override;
230  void handlePostSyscall(SyscallContext&) override;
231 };
232 
234 class LinuxI386SyscallTerminates: public LinuxI386SyscallBase {
235 protected:
236  LinuxI386SyscallTerminates();
237 public:
238  ~LinuxI386SyscallTerminates();
239 
240 public:
242  static Ptr instance();
243 
244  void playback(SyscallContext&) override;
245  void handlePostSyscall(SyscallContext&) override;
246 };
247 
251 class LinuxI386SyscallReturn: public LinuxI386SyscallBase {
252 protected:
253  LinuxI386SyscallReturn();
254 public:
255  ~LinuxI386SyscallReturn();
256 
257 protected:
264  virtual std::pair<SymbolicExprPtr, Sawyer::Optional<uint64_t>> makeReturnConstraint(SyscallContext&) = 0;
265 
266 public:
267  void handlePostSyscall(SyscallContext&) override final;
268 };
269 
275 class LinuxI386SyscallConstant: public LinuxI386SyscallReturn {
276 protected:
277  LinuxI386SyscallConstant();
278 public:
279  ~LinuxI386SyscallConstant();
280 
281 public:
283  static Ptr instance();
284 
285  void playback(SyscallContext&) override;
286  std::pair<SymbolicExprPtr, Sawyer::Optional<uint64_t>> makeReturnConstraint(SyscallContext&) override;
287 };
288 
292 class LinuxI386SyscallNondecreasing: public LinuxI386SyscallReturn {
293 protected:
294  LinuxI386SyscallNondecreasing();
295 public:
296  ~LinuxI386SyscallNondecreasing();
297 
298 public:
300  static Ptr instance();
301 
302  void playback(SyscallContext&) override;
303  std::pair<SymbolicExprPtr, Sawyer::Optional<uint64_t>> makeReturnConstraint(SyscallContext&) override;
304 };
305 
306 } // namespace
307 } // namespace
308 } // namespace
309 
310 #endif
311 #endif
SmtSolverPtr Ptr
Reference counting pointer for SMT solvers.
Definition: SmtSolver.h:39
boost::shared_ptr< RiscOperators > RiscOperatorsPtr
Shared-ownership pointer to a RISC operators object.
Sawyer::SharedPointer< Node > Ptr
Shared-ownership pointer to an expression Node.
Definition: SymbolicExpr.h:156
const size_t UNLIMITED(-1)
Effictively unlimited size.
Base class for machine instructions.
Main namespace for the ROSE library.
Sawyer::SharedPointer< class Debugger > DebuggerPtr
Shared-ownership pointer to Debugger.
Definition: Debugger.h:21
Range of values delimited by endpoints.
Definition: Interval.h:33
Sawyer::SharedPointer< SValue > SValuePtr
Shared-ownership pointer to a semantic value in any domain.
const char * Architecture(int64_t)
Convert Rose::BinaryAnalysis::DisassemblerMips::Mips32::Architecture enum constant to a string...
Definition: stringify.C:40051