1 #ifndef ROSE_BinaryAnalysis_TaintedFlow_H
2 #define ROSE_BinaryAnalysis_TaintedFlow_H
3 #include <featureTests.h>
4 #ifdef ROSE_ENABLE_BINARY_ANALYSIS
6 #include "BinaryDataFlow.h"
7 #include "Diagnostics.h"
9 #include <boost/foreach.hpp>
10 #include <boost/shared_ptr.hpp>
51 typedef std::list<VariableTaint> VarTaintList;
56 typedef boost::shared_ptr<State>
Ptr;
62 taints_.push_back(std::make_pair(variable, taint));
104 const VarTaintList&
variables()
const {
return taints_; }
109 void print(std::ostream&)
const;
129 : index_(index), approximation_(approx), smtSolver_(solver), mlog(mlog) {}
132 StatePtr operator()(
const CFG &cfg,
size_t cfgVertex,
const StatePtr &in) {
133 return (*
this)(cfgVertex, in);
136 StatePtr operator()(
size_t cfgVertex,
const StatePtr &in);
138 std::string toString(
const StatePtr &in);
147 bool operator()(StatePtr &dst ,
const StatePtr &src)
const {
148 ASSERT_not_null(src);
153 return dst->merge(src);
166 bool vlistInitialized_;
167 std::vector<StatePtr> results_;
178 : approximation_(UNDER_APPROXIMATE), dataFlow_(userDispatcher), vlistInitialized_(false) {}
214 using namespace Diagnostics;
216 ASSERT_require(cfgStartVertex < cfg.nVertices());
217 Stream mesg(mlog[WHERE] <<
"computeFlowGraphs starting at CFG vertex " <<cfgStartVertex);
221 vlistInitialized_ =
true;
225 mlog[DEBUG] <<
" found variable: " <<variable <<
"\n";
238 return vertexFlowGraphs_;
241 using namespace Diagnostics;
243 vertexFlowGraphs_ = graphMap;
245 vlistInitialized_ =
true;
247 mlog[WHERE] <<
"vertexFlowGraphs set by user with " <<
StringUtility::plural(variableList_.size(),
"variables") <<
"\n";
257 ASSERT_require2(vlistInitialized_,
"TaintedFlow::computeFlowGraphs must be called before TaintedFlow::variables");
258 return variableList_;
267 ASSERT_require2(vlistInitialized_,
"TaintedFlow::computeFlowGraphs must be called before TaintedFlow::stateInstance");
275 void runToFixedPoint(
const CFG &cfg,
size_t cfgStartVertex,
const StatePtr &initialState) {
276 using namespace Diagnostics;
278 ASSERT_require(cfgStartVertex < cfg.nVertices());
279 ASSERT_not_null(initialState);
280 Stream mesg(mlog[WHERE] <<
"runToFixedPoint starting at CFG vertex " <<cfgStartVertex);
296 ASSERT_require(cfgVertexId < results_.size());
297 return results_[cfgVertexId];
301 std::ostream& operator<<(std::ostream &out,
const TaintedFlow::State &state);
StatePtr getFinalState(size_t cfgVertexId) const
Query results.
static State::Ptr instance(const DataFlow::VariableList &variables, Taintedness taint=BOTTOM)
Allocating constructor.
Approximation
Mode of operation.
std::string plural(T n, const std::string &plural_phrase, const std::string &singular_phrase="")
Helpful way to print singular or plural words.
const VarTaintList & variables() const
List of all variables and their taintedness.
Various tools for performing tainted flow analysis.
void runToFixedPoint(const CFG &cfg, size_t cfgStartVertex, const StatePtr &initialState)
Run data flow.
std::list< Variable > VariableList
List of variables.
TaintedFlow(const InstructionSemantics2::BaseSemantics::DispatcherPtr &userDispatcher)
Constructs a tainted flow analysis.
void print(std::ostream &) const
Print this state.
boost::shared_ptr< State > Ptr
Shared-ownership pointer to taint states.
Main namespace for the ROSE library.
void runToFixedPoint()
Run data-flow until it reaches a fixed point.
bool merge(const State::Ptr &)
Merge other state into this state.
bool setIfExists(const DataFlow::Variable &, Taintedness)
Set taintedness if the variable exists.
VariableList getUniqueVariables(const VertexFlowGraphs &)
Get list of unique variables.
boost::shared_ptr< Dispatcher > DispatcherPtr
Shared-ownership pointer to a semantics instruction dispatcher.
State::Ptr StatePtr
Reference counting pointer to State.
VarTaintList & variables()
List of all variables and their taintedness.
void vertexFlowGraphs(const DataFlow::VertexFlowGraphs &graphMap)
Property: data flow graphs.
std::pair< DataFlow::Variable, Taintedness > VariableTaint
Variable-Taintedness pair.
static Taintedness merge(Taintedness, Taintedness)
Merges two taint values.
const DataFlow::VertexFlowGraphs & vertexFlowGraphs() const
Property: data flow graphs.
const DataFlow::VariableList & variables() const
List of variables.
void smtSolver(const SmtSolverPtr &solver)
Property: SMT solver.
static void initDiagnostics()
Initialize diagnostics.
Various tools for data-flow analysis.
SmtSolverPtr smtSolver() const
Property: SMT solver.
void approximation(Approximation a)
Property: approximation.
Taintedness & lookup(const DataFlow::Variable &)
Find the taintedness for some variable.
Approximation approximation() const
Property: approximation.
VertexFlowGraphs buildGraphPerVertex(const CFG &cfg, size_t startVertex, VertexUnpacker vertexUnpacker)
Compute data-flow per CFG vertex.
virtual State::Ptr copy() const
Virtual copy constructor.
std::shared_ptr< class SmtSolver > SmtSolverPtr
Reference-counting pointer for SMT solvers.
StatePtr stateInstance(Taintedness taint) const
Creates a new state.
const VertexStates & getFinalStates() const
All outgoing states.
void computeFlowGraphs(const CFG &cfg, size_t cfgStartVertex)
Compute data flow graphs.