├── .clang-format ├── .github ├── FUNDING.yml └── workflows │ ├── build.yaml │ └── clang-format.yaml ├── .gitignore ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── docs ├── .gitignore ├── sphinx │ ├── .gitignore │ ├── Makefile │ ├── build.sh │ └── source_templates │ │ ├── _templates │ │ └── layout.html │ │ └── conf.py └── src │ ├── BuildingS2E.rst │ ├── Contribute.rst │ ├── DebuggingS2E.rst │ ├── DesignAndImplementation │ ├── KvmInterface.rst │ ├── kvm_interface.odg │ └── kvm_interface.svg │ ├── EquivalenceTesting.rst │ ├── FAQ.rst │ ├── Howtos │ ├── Concolic.rst │ ├── Coverage │ │ ├── ida_cat_coverage.png │ │ ├── index.rst │ │ ├── lcov-cat-mp1.png │ │ ├── lcov-cat-sp1.png │ │ ├── lcov-cat-sp2.png │ │ ├── lcov-libc-sp1.png │ │ ├── linux-cov.png │ │ └── r2_cat_coverage.png │ ├── ExecutionTracers.rst │ ├── LuaInstrumentation.rst │ ├── Parallel.rst │ └── WritingPlugins.rst │ ├── ImageInstallation.rst │ ├── MovingFiles.rst │ ├── Plugins │ ├── BaseInstructions.rst │ ├── EdgeKiller.rst │ ├── FunctionMonitor.rst │ ├── Linux │ │ ├── FunctionModels.rst │ │ └── LinuxMonitor.rst │ ├── ModuleExecutionDetector.rst │ ├── RawMonitor.rst │ ├── Tracers │ │ └── ExecutionTracer.rst │ └── Windows │ │ └── WindowsMonitor.rst │ ├── Profiling │ ├── ProfilingS2E.rst │ ├── heaptrack.png │ ├── hotspot1.png │ └── hotspot2.png │ ├── StateMerging.rst │ ├── Testsuite.rst │ ├── Tools │ └── ForkProfiler.rst │ ├── Tutorials │ ├── BasicLinuxSymbex │ │ ├── SourceCode.rst │ │ └── s2e.so.rst │ ├── CFI │ │ ├── ida-callsite.png │ │ ├── ida-calltarget.png │ │ ├── index.rst │ │ ├── windbg.png │ │ └── word.png │ ├── MSOffice │ │ ├── index.rst │ │ ├── word1.png │ │ ├── word2.png │ │ └── word3.png │ ├── PoV │ │ ├── arch.odg │ │ ├── arch.svg │ │ ├── cadet_00001_tui.png │ │ ├── index.rst │ │ └── pov.rst │ ├── Revgen │ │ ├── Revgen.rst │ │ ├── cgc-binaries.stats │ │ └── cgc-binaries.svg │ ├── SystemTap │ │ ├── index.rst │ │ └── pcnet32.stp │ ├── WindowsDLL │ │ ├── ida_kernel32_beep_coverage.png │ │ └── index.rst │ └── WindowsDrivers │ │ ├── FaultInjection.rst │ │ ├── arch.png │ │ ├── cov1.png │ │ ├── cov2.png │ │ ├── drvsettings.png │ │ ├── fi_cov1.png │ │ ├── fi_cov2.png │ │ └── windbg.png │ ├── WindowsEnvSetup.rst │ ├── index.rst │ ├── s2e-env.rst │ └── sample │ └── factorial.c ├── guest ├── CMakeLists.txt ├── README.md ├── cmake │ ├── Toolchain-linux-i686.cmake │ ├── Toolchain-linux-x86_64.cmake │ ├── Toolchain-windows-i686.cmake │ └── Toolchain-windows-x86_64.cmake ├── common │ ├── CMakeLists.txt │ ├── demos │ │ ├── CMakeLists.txt │ │ ├── maze.c │ │ ├── quicksort.c │ │ └── vulnerabilities.c │ ├── include │ │ └── s2e │ │ │ ├── cfg.h │ │ │ ├── cfg │ │ │ └── commands.h │ │ │ ├── function_models │ │ │ └── commands.h │ │ │ ├── instruction_counter.h │ │ │ ├── monitors │ │ │ ├── commands │ │ │ │ ├── decree.h │ │ │ │ ├── linux.h │ │ │ │ └── raw.h │ │ │ ├── linux.h │ │ │ ├── raw.h │ │ │ └── support │ │ │ │ ├── process_execution_detector.h │ │ │ │ └── thread_execution_detector.h │ │ │ ├── opcodes.h │ │ │ ├── s2e.h │ │ │ ├── seed_searcher.h │ │ │ ├── seed_searcher │ │ │ └── commands.h │ │ │ └── test_case_generator │ │ │ └── commands.h │ └── s2ecmd │ │ ├── CMakeLists.txt │ │ ├── common.cpp │ │ ├── s2ecmd.cpp │ │ ├── s2ecmd.h │ │ ├── s2eget.cpp │ │ ├── s2eput.cpp │ │ └── symfile.cpp ├── glibc-compat │ ├── CMakeLists.txt │ └── libc_start_main.c ├── linux │ ├── CMakeLists.txt │ ├── cgcload │ │ ├── CMakeLists.txt │ │ ├── cgc.h │ │ ├── launcher.asm │ │ ├── linker.ld │ │ ├── loader.c │ │ ├── loader.h │ │ └── main.c │ ├── function_models │ │ ├── CMakeLists.txt │ │ ├── libc_wrapper.c │ │ ├── libz_wrapper.c │ │ ├── models.c │ │ └── models_test.c │ ├── include │ │ ├── function_models.h │ │ ├── libcgc.h │ │ ├── libpov.h │ │ └── s2e_so.h │ ├── libcgc │ │ ├── CMakeLists.txt │ │ └── main.c │ ├── libpov │ │ ├── CMakeLists.txt │ │ └── main.c │ ├── povtest │ │ ├── CMakeLists.txt │ │ └── main.c │ ├── s2e.so │ │ ├── CMakeLists.txt │ │ ├── elf.c │ │ ├── list.h │ │ ├── main.c │ │ ├── modules.c │ │ ├── modules.h │ │ ├── procmap.c │ │ └── s2e.c │ └── scripts │ │ └── launch.sh ├── s2ebios │ ├── Makefile │ ├── bios.ld │ ├── bios64.ld │ ├── hw │ │ ├── apic.c │ │ ├── hpet.c │ │ ├── hw.h │ │ ├── ioapic.c │ │ ├── pci.c │ │ ├── pci.h │ │ └── port.h │ ├── include │ │ ├── inttypes.h │ │ ├── stdarg.h │ │ ├── stddef.h │ │ ├── stdio.h │ │ └── string.h │ ├── libc │ │ ├── printf.c │ │ └── string.c │ ├── main.c │ ├── main.h │ ├── s2e-bios-32.asm │ ├── s2e-bios-64.asm │ ├── s2e-bios-low-asm.asm │ ├── s2e-bios-low.c │ ├── s2e-inst.asm │ ├── s2e-test.asm │ ├── tests │ │ ├── maze.c │ │ ├── range.c │ │ ├── selfmod.c │ │ ├── symbhw.c │ │ ├── symbhw.h │ │ └── tests64.asm │ ├── utils │ │ ├── arch32.asm │ │ ├── arch64.asm │ │ ├── interrupt.c │ │ └── interrupt.h │ └── vmm │ │ ├── vmm.h │ │ ├── vmm32.c │ │ └── vmm64.c └── windows │ ├── .gitattributes │ ├── .gitignore │ ├── AllRules.ruleset │ ├── CodeMaid.config │ ├── README.md │ ├── VS2015_cpp_formatting_settings.vssettings │ ├── driver │ ├── driver.vcxproj │ ├── driver.vcxproj.filters │ ├── include │ │ └── s2ectl.h │ ├── s2e.inf │ └── src │ │ ├── adt │ │ ├── strings.c │ │ └── strings.h │ │ ├── config │ │ ├── config.c │ │ └── config.h │ │ ├── crash.c │ │ ├── crash.h │ │ ├── enumeration.c │ │ ├── enumeration.h │ │ ├── faultinj │ │ ├── apis.h │ │ ├── ex.cpp │ │ ├── faultinj.c │ │ ├── faultinj.h │ │ ├── faultinj.hpp │ │ ├── flt.cpp │ │ ├── fs.cpp │ │ ├── io.cpp │ │ ├── mm.cpp │ │ ├── ob.cpp │ │ ├── ps.cpp │ │ └── reg.cpp │ │ ├── filter.c │ │ ├── filter.h │ │ ├── kernel_functions.c │ │ ├── kernel_functions.h │ │ ├── kernel_hooks.c │ │ ├── kernel_hooks.h │ │ ├── kernel_structs.h │ │ ├── log.h │ │ ├── main.c │ │ ├── monitoring.c │ │ ├── monitoring.h │ │ ├── utils.c │ │ ├── utils.h │ │ ├── utils │ │ ├── process.c │ │ └── process.h │ │ ├── winmonitor.h │ │ ├── winmonitor_common.c │ │ └── winmonitor_gen.c │ ├── drvctl │ ├── debugger.c │ ├── drvctl.c │ ├── drvctl.h │ ├── drvctl.vcxproj │ └── drvctl.vcxproj.filters │ ├── formatting.h │ ├── libcommon │ ├── include │ │ └── s2e │ │ │ ├── BaseInstructions.h │ │ │ ├── BlueScreenInterceptor.h │ │ │ ├── GuestCodeHooking.h │ │ │ ├── KeyValueStore.h │ │ │ ├── ModuleMap.h │ │ │ ├── ResourceTracker.h │ │ │ ├── Screenshot.h │ │ │ ├── StaticStateMerger.h │ │ │ ├── Tickler.h │ │ │ ├── WindowsCrashMonitor.h │ │ │ ├── WindowsMonitor.h │ │ │ └── s2e.h │ ├── libcommon.vcxproj │ ├── libcommon.vcxproj.filters │ └── src │ │ ├── amd64 │ │ └── s2e.asm │ │ ├── i386 │ │ └── s2e.asm │ │ └── s2e-c.c │ ├── libcommon_driver │ ├── libcommon_driver.vcxproj │ └── libcommon_driver.vcxproj.filters │ ├── libs2e │ ├── cpp.hint │ ├── dllmain.c │ ├── libs2e.c │ ├── libs2e.def │ ├── libs2e.h │ ├── libs2e.vcxproj │ └── libs2e.vcxproj.filters │ ├── makedist.bat │ ├── pdbparser │ ├── lines.cpp │ ├── packages.config │ ├── pdbparser.cpp │ ├── pdbparser.h │ ├── pdbparser.vcxproj │ ├── pdbparser.vcxproj.filters │ ├── symbols.cpp │ ├── syscalls.cpp │ ├── types.cpp │ └── utils.cpp │ ├── requirements.txt │ ├── s2e.sln │ ├── s2e.sln.DotSettings │ ├── scripts │ ├── common.py │ ├── extract_kernels.py │ ├── gendriver.py │ ├── gendriver.sh │ ├── gendriver.tpl │ ├── genvmi.py │ ├── genvmi.tpl │ └── symchk.py │ └── tickler │ ├── .gitignore │ ├── include │ └── tickler │ │ ├── AcroreadApp.h │ │ ├── FoxitApp.h │ │ ├── MsExcelApp.h │ │ ├── MsPowerPointApp.h │ │ ├── MsWordApp.h │ │ ├── TargetApp.h │ │ └── Tickler.h │ ├── src │ ├── AcroreadApp.cpp │ ├── CpuMonitor.cpp │ ├── FoxitApp.cpp │ ├── Main.cpp │ ├── MsExcelApp.cpp │ ├── MsPowerPointApp.cpp │ ├── MsWordApp.cpp │ ├── TargetApp.cpp │ └── Tickler.cpp │ ├── tickler.vcxproj │ └── tickler.vcxproj.filters ├── klee ├── CMakeLists.txt ├── KLEEConfig.cmake.in ├── LICENSE.TXT ├── README.txt ├── cmake │ ├── GetGitRevisionDescription.cmake │ ├── GetGitRevisionDescription.cmake.in │ ├── add_global_flag.cmake │ ├── c_flags_override.cmake │ ├── compiler_warnings.cmake │ ├── cxx_flags_override.cmake │ ├── find_llvm.cmake │ ├── klee_add_component.cmake │ ├── klee_component_add_cxx_flag.cmake │ ├── modules │ │ └── FindZ3.cmake │ └── string_to_list.cmake ├── include │ ├── expr │ │ ├── Lexer.h │ │ └── Parser.h │ └── klee │ │ ├── AddressSpace.h │ │ ├── BitfieldSimplifier.h │ │ ├── Common.h │ │ ├── Config │ │ ├── CompileTimeInfo.h.cmin │ │ ├── common.h │ │ └── config.h.cmin │ │ ├── Constraints.h │ │ ├── Context.h │ │ ├── ExecutionState.h │ │ ├── Executor.h │ │ ├── Expr.h │ │ ├── ExprBuilder.h │ │ ├── ExternalDispatcher.h │ │ ├── IAddressSpaceNotification.h │ │ ├── IConcretizer.h │ │ ├── IncompleteSolver.h │ │ ├── Internal │ │ ├── ADT │ │ │ ├── ImmutableMap.h │ │ │ ├── ImmutableSet.h │ │ │ ├── ImmutableTree.h │ │ │ └── MapOfSets.h │ │ ├── Module │ │ │ ├── Cell.h │ │ │ ├── KInstIterator.h │ │ │ ├── KInstruction.h │ │ │ └── KModule.h │ │ ├── README.txt │ │ ├── Support │ │ │ ├── FloatEvaluation.h │ │ │ ├── IntEvaluation.h │ │ │ ├── ModuleUtil.h │ │ │ ├── QueryLog.h │ │ │ └── Timer.h │ │ └── System │ │ │ └── Time.h │ │ ├── Memory.h │ │ ├── Searcher.h │ │ ├── Solver.h │ │ ├── SolverFactory.h │ │ ├── SolverImpl.h │ │ ├── Stats │ │ ├── CoreStats.h │ │ ├── SolverStats.h │ │ ├── Statistic.h │ │ ├── StatisticManager.h │ │ └── TimerStatIncrementer.h │ │ ├── TimingSolver.h │ │ └── util │ │ ├── Assignment.h │ │ ├── BitArray.h │ │ ├── Bits.h │ │ ├── ConcreteBuffer.h │ │ ├── ExprEvaluator.h │ │ ├── ExprHashMap.h │ │ ├── ExprPPrinter.h │ │ ├── ExprRangeEvaluator.h │ │ ├── ExprSMTLIBPrinter.h │ │ ├── ExprTemplates.h │ │ ├── ExprUtil.h │ │ ├── ExprVisitor.h │ │ ├── GetElementPtrTypeIterator.h │ │ ├── PagePool.h │ │ ├── PrintContext.h │ │ ├── PtrUtils.h │ │ └── Ref.h ├── lib │ ├── Basic │ │ ├── CMakeLists.txt │ │ ├── README.txt │ │ └── Statistics.cpp │ ├── CMakeLists.txt │ ├── Core │ │ ├── AddressSpace.cpp │ │ ├── CMakeLists.txt │ │ ├── Common.cpp │ │ ├── Context.cpp │ │ ├── CoreStats.cpp │ │ ├── ExecutionState.cpp │ │ ├── Executor.cpp │ │ ├── ExternalDispatcher.cpp │ │ ├── Memory.cpp │ │ ├── Searcher.cpp │ │ ├── SpecialFunctionHandler.cpp │ │ └── SpecialFunctionHandler.h │ ├── Expr │ │ ├── BitfieldSimplifier.cpp │ │ ├── CMakeLists.txt │ │ ├── CachedAssignmentEvaluator.cpp │ │ ├── Constraints.cpp │ │ ├── Expr.cpp │ │ ├── ExprBuilder.cpp │ │ ├── ExprEvaluator.cpp │ │ ├── ExprPPrinter.cpp │ │ ├── ExprSMTLIBPrinter.cpp │ │ ├── ExprUtil.cpp │ │ ├── ExprVisitor.cpp │ │ ├── Lexer.cpp │ │ ├── Parser.cpp │ │ └── Updates.cpp │ ├── Module │ │ ├── CMakeLists.txt │ │ ├── InstructionOperandTypeCheckPass.cpp │ │ ├── IntrinsicCleaner.cpp │ │ ├── KInstruction.cpp │ │ ├── KModule.cpp │ │ ├── LowerSwitch.cpp │ │ ├── ModuleUtil.cpp │ │ ├── Passes.h │ │ ├── PhiCleaner.cpp │ │ └── RaiseAsm.cpp │ ├── README.txt │ ├── Solver │ │ ├── CMakeLists.txt │ │ ├── CachingSolver.cpp │ │ ├── CexCachingSolver.cpp │ │ ├── ConstantDivision.cpp │ │ ├── ConstantDivision.h │ │ ├── FastCexSolver.cpp │ │ ├── IncompleteSolver.cpp │ │ ├── IndependentSolver.cpp │ │ ├── KQueryLoggingSolver.cpp │ │ ├── QueryLoggingSolver.cpp │ │ ├── QueryLoggingSolver.h │ │ ├── SMTLIBLoggingSolver.cpp │ │ ├── Solver.cpp │ │ ├── SolverFactory.cpp │ │ ├── SolverStats.cpp │ │ ├── TimingSolver.cpp │ │ ├── Z3ArrayBuilder.cpp │ │ ├── Z3ArrayBuilder.h │ │ ├── Z3Builder.cpp │ │ ├── Z3Builder.h │ │ ├── Z3IteBuilder.cpp │ │ ├── Z3IteBuilder.h │ │ └── Z3Solver.cpp │ └── Support │ │ ├── CMakeLists.txt │ │ ├── PagePool.cpp │ │ ├── README.txt │ │ ├── Time.cpp │ │ └── Timer.cpp └── unittests │ ├── ADT │ ├── CMakeLists.txt │ └── ImmutableMap.cpp │ ├── CMakeLists.txt │ ├── Core │ ├── AddressSpaceTest.cpp │ └── CMakeLists.txt │ ├── Expr │ ├── BitfieldSimplifier.cpp │ ├── CMakeLists.txt │ └── ExprTest.cpp │ ├── TestMain.cpp │ ├── Utils │ ├── BitArray.cpp │ ├── CMakeLists.txt │ └── PagePool.cpp │ ├── coverage.sh │ ├── lit-unit-tests-common.cfg │ └── lit-unit-tests-common.site.cfg.in ├── libcoroutine ├── CMakeLists.txt ├── COPYING.LIB ├── LIBCOROUTINEConfig.cmake.in ├── include │ └── coroutine.h └── src │ ├── CMakeLists.txt │ ├── coroutine-int.h │ ├── coroutine-ucontext.c │ └── coroutine.c ├── libcpu ├── CMakeLists.txt ├── LIBCPUConfig.cmake.in ├── LICENSE ├── include │ ├── cpu │ │ ├── apic.h │ │ ├── common.h │ │ ├── config.h │ │ ├── cpu-common.h │ │ ├── cpus.h │ │ ├── disas.h │ │ ├── exec.h │ │ ├── i386 │ │ │ ├── cpu.h │ │ │ ├── cpuid.h │ │ │ ├── defs.h │ │ │ └── helper.h │ │ ├── interrupt.h │ │ ├── ioport.h │ │ ├── kvm.h │ │ ├── memdbg.h │ │ ├── memory.h │ │ ├── precise-pc.h │ │ ├── se_libcpu.h │ │ ├── se_libcpu_config.h │ │ ├── softmmu_defs.h │ │ ├── tb.h │ │ ├── tlb.h │ │ └── types.h │ ├── libcpu-compiler.h │ └── timer.h └── src │ ├── CMakeLists.txt │ ├── cpu-all.h │ ├── cpu-defs.h │ ├── cpu-exec.c │ ├── cpus.c │ ├── disas.c │ ├── exec-all.h │ ├── exec-bp.c │ ├── exec-memdbg.c │ ├── exec-phys.c │ ├── exec-phys.h │ ├── exec-phystb.c │ ├── exec-phystb.h │ ├── exec-ram.c │ ├── exec-ram.h │ ├── exec-tb.c │ ├── exec-tb.h │ ├── exec-tlb.c │ ├── exec-tlb.h │ ├── exec.c │ ├── exec.h │ ├── ioport.c │ ├── memory.c │ ├── precise-pc.c │ ├── qemu-common.h │ ├── softmmu_exec.h │ ├── softmmu_header.h │ ├── softmmu_template.h │ ├── target-i386 │ ├── cpu.h │ ├── cpuid.c │ ├── helper.c │ ├── helper_template.h │ ├── op_helper.c │ ├── ops_sse.h │ ├── svm.h │ └── translate.c │ ├── timer.c │ └── translate-all.c ├── libfsigc++ ├── CMakeLists.txt ├── FSIGCXXConfig.cmake.in ├── LICENCE ├── include │ └── fsigc++ │ │ └── fsigc++.h └── src │ ├── CMakeLists.txt │ ├── signals.cpp │ └── test.cpp ├── libq ├── CMakeLists.txt ├── COPYING.LIB ├── LIBQConfig.cmake.in ├── include │ ├── qapi │ │ ├── dealloc-visitor.h │ │ ├── error.h │ │ ├── forward-visitor.h │ │ ├── helpers.h │ │ ├── opts-visitor.h │ │ ├── qapi-builtin-types.h │ │ ├── qapi-types-compat.h │ │ ├── qmp-event.h │ │ ├── qmp │ │ │ ├── json-parser.h │ │ │ ├── json-writer.h │ │ │ ├── qbool.h │ │ │ ├── qdict.h │ │ │ ├── qerror.h │ │ │ ├── qjson.h │ │ │ ├── qlist.h │ │ │ ├── qlit.h │ │ │ ├── qnull.h │ │ │ ├── qnum.h │ │ │ ├── qobject.h │ │ │ └── qstring.h │ │ ├── qobject-input-visitor.h │ │ ├── qobject-output-visitor.h │ │ ├── string-input-visitor.h │ │ ├── string-output-visitor.h │ │ ├── util.h │ │ ├── visitor-impl.h │ │ └── visitor.h │ ├── qerror.h │ └── qqueue.h └── src │ ├── CMakeLists.txt │ ├── cutils.c │ ├── cutils.h │ ├── error.c │ ├── qapi │ ├── qapi-forward-visitor.c │ ├── qapi-util.c │ ├── qapi-visit-core.c │ ├── qobject-input-visitor.c │ └── qobject-output-visitor.c │ ├── qobject │ ├── json-lexer.c │ ├── json-parser-int.h │ ├── json-parser.c │ ├── json-streamer.c │ ├── json-writer.c │ ├── qbool.c │ ├── qdict.c │ ├── qjson.c │ ├── qlist.c │ ├── qlit.c │ ├── qnull.c │ ├── qnum.c │ ├── qobject-internal.h │ ├── qobject.c │ └── qstring.c │ ├── tests │ ├── CMakeLists.txt │ ├── check-qdict.c │ ├── check-qjson.c │ ├── check-qlist.c │ ├── check-qnull.c │ ├── check-qnum.c │ ├── check-qobject.c │ └── check-qstring.c │ ├── unicode.c │ └── unicode.h ├── libs2e ├── CMakeLists.txt ├── LIBS2EConfig.cmake.in ├── LICENSE ├── Makefile ├── Makefile.target ├── README.md ├── configure └── src │ ├── CMakeLists.txt │ ├── FileDescriptorManager.h │ ├── crashdump.cpp │ ├── libs2e.cpp │ ├── libs2e.h │ ├── mapfile │ ├── s2e-kvm-io.cpp │ ├── s2e-kvm-state.cpp │ ├── s2e-kvm-trace.cpp │ ├── s2e-kvm-trace.h │ ├── s2e-kvm-vcpu.cpp │ ├── s2e-kvm-vcpu.h │ ├── s2e-kvm-vm.cpp │ ├── s2e-kvm-vm.h │ ├── s2e-kvm.cpp │ ├── s2e-kvm.h │ ├── s2e-libcpu-interface.cpp │ ├── syscalls.h │ └── test.cpp ├── libs2ecore ├── CMakeLists.txt ├── LIBS2ECOREConfig.cmake.in ├── LICENSE ├── include │ └── s2e │ │ ├── AddressSpaceCache.h │ │ ├── ConfigFile.h │ │ ├── CorePlugin.h │ │ ├── ExprInterface.h │ │ ├── FastReg.h │ │ ├── FunctionHandlers.h │ │ ├── Logging.h │ │ ├── MemoryCache.h │ │ ├── Plugin.h │ │ ├── PluginManager.h │ │ ├── S2E.h │ │ ├── S2EDeviceState.h │ │ ├── S2EExecutionState.h │ │ ├── S2EExecutionStateMemory.h │ │ ├── S2EExecutionStateRegisters.h │ │ ├── S2EExecutionStateTlb.h │ │ ├── S2EExecutor.h │ │ ├── S2EExternalDispatcher.h │ │ ├── S2EStatsTracker.h │ │ ├── S2ETranslationBlock.h │ │ ├── SymbolicHardwareHook.h │ │ ├── Synchronization.h │ │ ├── Utils.h │ │ ├── cpu.h │ │ ├── monitor.h │ │ ├── s2e_block.h │ │ ├── s2e_config.h │ │ ├── s2e_libcpu.h │ │ ├── s2e_libcpu_coreplugin.h │ │ └── s2e_log.h └── src │ ├── AddressSpaceCache.cpp │ ├── CMakeLists.txt │ ├── ConfigFile.cpp │ ├── CorePlugin.cpp │ ├── CorePluginInterface.cpp │ ├── ExprInterface.cpp │ ├── FunctionHandlers.cpp │ ├── MMUFunctionHandlers.cpp │ ├── MemoryDebugger.cpp │ ├── Plugin.cpp │ ├── PluginManager.cpp │ ├── S2E.cpp │ ├── S2EDeviceState.cpp │ ├── S2EExecutionState.cpp │ ├── S2EExecutionStateMemory.cpp │ ├── S2EExecutionStateRegisters.cpp │ ├── S2EExecutionStateTlb.cpp │ ├── S2EExecutor.cpp │ ├── S2EExternalDispatcher.cpp │ ├── S2EStatsTracker.cpp │ ├── S2ETranslationBlock.cpp │ ├── SymbolicHardwareHook.cpp │ ├── Synchronization.cpp │ ├── Utils.cpp │ └── s2e-qmp.cpp ├── libs2eplugins ├── CMakeLists.txt ├── LIBS2EPLUGINSConfig.cmake.in ├── LICENSE └── src │ ├── CMakeLists.txt │ └── s2e │ └── Plugins │ ├── Analyzers │ ├── AddressTracker.cpp │ ├── AddressTracker.h │ ├── CFIChecker.cpp │ ├── CFIChecker.h │ ├── CacheSim.cpp │ ├── CacheSim.h │ ├── Tickler.cpp │ └── Tickler.h │ ├── Core │ ├── BaseInstructions.cpp │ ├── BaseInstructions.h │ ├── Events.h │ ├── HostFiles.cpp │ ├── HostFiles.h │ ├── StatsTracker.cpp │ ├── StatsTracker.h │ ├── Vmi.cpp │ └── Vmi.h │ ├── Coverage │ ├── BasicBlockCoverage.cpp │ ├── BasicBlockCoverage.h │ ├── EdgeCoverage.cpp │ ├── EdgeCoverage.h │ ├── TranslationBlockCoverage.cpp │ └── TranslationBlockCoverage.h │ ├── Example.cpp │ ├── Example.h │ ├── ExecutionMonitors │ ├── CallSiteMonitor.cpp │ ├── CallSiteMonitor.h │ ├── CallTree.h │ ├── FunctionMonitor.cpp │ ├── FunctionMonitor.h │ ├── LibraryCallMonitor.cpp │ ├── LibraryCallMonitor.h │ ├── StackClustering.cpp │ ├── StackClustering.h │ ├── StackMonitor.cpp │ └── StackMonitor.h │ ├── ExecutionTracers │ ├── EventTracer.cpp │ ├── EventTracer.h │ ├── ExceptionTracer.cpp │ ├── ExceptionTracer.h │ ├── ExecutionTracer.cpp │ ├── ExecutionTracer.h │ ├── InstructionCounter.cpp │ ├── InstructionCounter.h │ ├── MemoryTracer.cpp │ ├── MemoryTracer.h │ ├── ModuleTracer.cpp │ ├── ModuleTracer.h │ ├── ModuleTracing.h │ ├── StateSwitchTracer.cpp │ ├── StateSwitchTracer.h │ ├── TBCoverageTracer.cpp │ ├── TBCoverageTracer.h │ ├── TestCaseGenerator.cpp │ ├── TestCaseGenerator.h │ ├── TraceEntries.proto │ ├── TranslationBlockTracer.cpp │ ├── TranslationBlockTracer.h │ ├── UserSpaceTracer.cpp │ └── UserSpaceTracer.h │ ├── Lua │ ├── Lua.h │ ├── LuaBindings.cpp │ ├── LuaBindings.h │ ├── LuaCoreEvents.cpp │ ├── LuaCoreEvents.h │ ├── LuaExpression.cpp │ ├── LuaExpression.h │ ├── LuaFunctionInstrumentation.cpp │ ├── LuaFunctionInstrumentation.h │ ├── LuaFunctionInstrumentationState.cpp │ ├── LuaFunctionInstrumentationState.h │ ├── LuaInstructionInstrumentation.cpp │ ├── LuaInstructionInstrumentation.h │ ├── LuaInstructionInstrumentationState.cpp │ ├── LuaInstructionInstrumentationState.h │ ├── LuaInstrumentationState.cpp │ ├── LuaInstrumentationState.h │ ├── LuaModuleDescriptor.cpp │ ├── LuaModuleDescriptor.h │ ├── LuaPlugin.h │ ├── LuaS2E.cpp │ ├── LuaS2E.h │ ├── LuaS2EExecutionState.cpp │ ├── LuaS2EExecutionState.h │ ├── LuaS2EExecutionStateMemory.cpp │ ├── LuaS2EExecutionStateMemory.h │ ├── LuaS2EExecutionStateRegisters.cpp │ └── LuaS2EExecutionStateRegisters.h │ ├── Models │ ├── BaseFunctionModels.cpp │ ├── BaseFunctionModels.h │ ├── CRC.cpp │ ├── FunctionModels.cpp │ ├── FunctionModels.h │ ├── StaticFunctionModels.cpp │ └── StaticFunctionModels.h │ ├── OSMonitors │ ├── Linux │ │ ├── BaseLinuxMonitor.cpp │ │ ├── BaseLinuxMonitor.h │ │ ├── DecreeMonitor.cpp │ │ ├── DecreeMonitor.h │ │ ├── LinuxMonitor.cpp │ │ └── LinuxMonitor.h │ ├── ModuleDescriptor.cpp │ ├── ModuleDescriptor.h │ ├── OSMonitor.cpp │ ├── OSMonitor.h │ ├── Raw │ │ ├── RawMonitor.cpp │ │ └── RawMonitor.h │ ├── Support │ │ ├── GuestCodeHooking.cpp │ │ ├── GuestCodeHooking.h │ │ ├── ITracker.cpp │ │ ├── ITracker.h │ │ ├── IntervalMapWrapper.h │ │ ├── MemUtils.cpp │ │ ├── MemUtils.h │ │ ├── MemoryMap.cpp │ │ ├── MemoryMap.h │ │ ├── ModuleExecutionDetector.cpp │ │ ├── ModuleExecutionDetector.h │ │ ├── ModuleMap.cpp │ │ ├── ModuleMap.h │ │ ├── PidTid.h │ │ ├── ProcessExecutionDetector.cpp │ │ ├── ProcessExecutionDetector.h │ │ ├── RegionMap.h │ │ ├── ThreadExecutionDetector.cpp │ │ └── ThreadExecutionDetector.h │ ├── ThreadDescriptor.h │ └── Windows │ │ ├── BlueScreenInterceptor.cpp │ │ ├── BlueScreenInterceptor.h │ │ ├── WindowsCrashDumpGenerator.cpp │ │ ├── WindowsCrashDumpGenerator.h │ │ ├── WindowsCrashMonitor.cpp │ │ ├── WindowsCrashMonitor.h │ │ ├── WindowsMonitor.cpp │ │ └── WindowsMonitor.h │ ├── PathLimiters │ ├── EdgeKiller.cpp │ ├── EdgeKiller.h │ ├── ForkLimiter.cpp │ ├── ForkLimiter.h │ ├── ResourceMonitor.cpp │ └── ResourceMonitor.h │ ├── Searchers │ ├── CUPASearcher.cpp │ ├── CUPASearcher.h │ ├── Common.h │ ├── CooperativeSearcher.cpp │ ├── CooperativeSearcher.h │ ├── LoopExitSearcher.cpp │ ├── LoopExitSearcher.h │ ├── MergingSearcher.cpp │ ├── MergingSearcher.h │ ├── MultiSearcher.cpp │ ├── MultiSearcher.h │ ├── SeedScheduler.cpp │ ├── SeedScheduler.h │ ├── SeedSearcher.cpp │ └── SeedSearcher.h │ ├── StaticAnalysis │ ├── ControlFlowGraph.cpp │ ├── ControlFlowGraph.h │ ├── EdgeDetector.cpp │ ├── EdgeDetector.h │ ├── LoopDetector.cpp │ └── LoopDetector.h │ ├── Support │ ├── Database.cpp │ ├── Database.h │ ├── KeyValueStore.cpp │ ├── KeyValueStore.h │ ├── KeyValueStore.py │ ├── KeyValueStoreTest.py │ ├── Screenshot.cpp │ ├── Screenshot.h │ ├── WebServiceInterface.cpp │ └── WebServiceInterface.h │ ├── SymbolicHardware │ ├── SymbolicHardware.cpp │ └── SymbolicHardware.h │ └── VulnerabilityAnalysis │ ├── CGCInterface.cpp │ ├── CGCInterface.h │ ├── DecreePovGenerator.cpp │ ├── DecreePovGenerator.h │ ├── FilePovGenerator.cpp │ ├── FilePovGenerator.h │ ├── PovGenerationPolicy.cpp │ ├── PovGenerationPolicy.h │ ├── PovGenerator.cpp │ ├── PovGenerator.h │ └── Recipe │ ├── Recipe.cpp │ ├── Recipe.h │ ├── RecipeDescriptor.cpp │ ├── RecipeDescriptor.h │ ├── Register.cpp │ └── Register.h ├── libtcg ├── CMakeLists.txt ├── LIBTCGConfig.cmake.in ├── LICENSE ├── README ├── TODO ├── include │ ├── fpu │ │ ├── softfloat-helpers.h │ │ ├── softfloat-macros.h │ │ ├── softfloat-types.h │ │ └── softfloat.h │ └── tcg │ │ ├── accel │ │ ├── plugin-helpers.h │ │ └── tcg-runtime.h │ │ ├── cpu.h │ │ ├── exec │ │ ├── helper-gen-common.h │ │ ├── helper-gen.h │ │ ├── helper-gen.h.inc │ │ ├── helper-head.h │ │ ├── helper-info.c.inc │ │ ├── helper-proto-common.h │ │ ├── helper-proto.h │ │ └── helper-proto.h.inc │ │ ├── helper-info.h │ │ ├── helper-tcg.h │ │ ├── helper.h │ │ ├── i386 │ │ ├── tcg-target-reg-bits.h │ │ ├── tcg-target.h │ │ └── tcg-target.opc.h │ │ ├── insn-start-words.h │ │ ├── ops_sse_header.h │ │ ├── regs.h │ │ ├── tb.h │ │ ├── tcg-cond.h │ │ ├── tcg-gvec-desc.h │ │ ├── tcg-internal.h │ │ ├── tcg-ldst.h │ │ ├── tcg-llvm.h │ │ ├── tcg-memop.h │ │ ├── tcg-memopidx.h │ │ ├── tcg-mo.h │ │ ├── tcg-op-common.h │ │ ├── tcg-op.h │ │ ├── tcg-opc.h │ │ ├── tcg-s2e.h │ │ ├── tcg-temp-internal.h │ │ ├── tcg.h │ │ ├── tlb.h │ │ └── utils │ │ ├── atomic.h │ │ ├── atomic128.h │ │ ├── bitmap.h │ │ ├── bitops.h │ │ ├── bswap.h │ │ ├── cache.h │ │ ├── cpuid.h │ │ ├── cutils.h │ │ ├── debug-assert.h │ │ ├── host-utils.h │ │ ├── host │ │ ├── generic │ │ │ ├── atomic128-cas.h │ │ │ ├── atomic128-ldst.h │ │ │ ├── load-extract-al16-al8.h │ │ │ └── store-insert-al16.h │ │ ├── i386 │ │ │ └── cpuinfo.h │ │ └── x86_64 │ │ │ ├── atomic128-ldst.h │ │ │ └── cpuinfo.h │ │ ├── int128.h │ │ ├── log.h │ │ ├── memalign.h │ │ ├── mutex.h │ │ ├── osdep.h │ │ ├── qtree.h │ │ ├── rounding.h │ │ ├── spinlock.h │ │ └── units.h └── src │ ├── CMakeLists.txt │ ├── atomic-helpers.c │ ├── atomic_common.c.inc │ ├── atomic_template.h │ ├── elf.h │ ├── fpu │ ├── softfloat-parts-addsub.c.inc │ ├── softfloat-parts.c.inc │ ├── softfloat-specialize.c.inc │ └── softfloat.c │ ├── i386 │ ├── tcg-target-con-set.h │ ├── tcg-target-con-str.h │ └── tcg-target.c.inc │ ├── optimize.c │ ├── region.c │ ├── tcg-common.c │ ├── tcg-ldst.c.inc │ ├── tcg-llvm.cpp │ ├── tcg-op-gvec-common.h │ ├── tcg-op-gvec.c │ ├── tcg-op-gvec.h │ ├── tcg-op-ldst.c │ ├── tcg-op-vec.c │ ├── tcg-op.c │ ├── tcg-pool.c.inc │ ├── tcg-rt │ ├── tcg-runtime-gvec.c │ └── tcg-runtime.c │ ├── tcg-s2e.c │ ├── tcg.c │ └── utils │ ├── cache.c │ ├── cpuinfo-i386.c │ ├── cutils.c │ ├── host-utils.c │ ├── log.c │ ├── memalign.c │ ├── osdep.c │ └── qtree.c ├── libvmi ├── CMakeLists.txt ├── LICENSE ├── README.md ├── VMIConfig.cmake.in ├── include │ └── vmi │ │ ├── Decree.h │ │ ├── DecreeFile.h │ │ ├── ELFFile.h │ │ ├── ExecutableFile.h │ │ ├── FileProvider.h │ │ ├── PEFile.h │ │ ├── Pe.h │ │ ├── RegisterProvider.h │ │ ├── WinKernDumpFile.h │ │ ├── WindowsCrashDumpGenerator.h │ │ ├── ndis.h │ │ ├── ntddk.h │ │ └── pdb.h └── src │ ├── CMakeLists.txt │ ├── DecreeFile.cpp │ ├── ExecutableFile.cpp │ ├── FileProvider.cpp │ ├── PEFile.cpp │ ├── WinKernDumpFile.cpp │ ├── WindowsCrashDumpGenerator.cpp │ ├── addrs2lines.cpp │ ├── crashdump.cpp │ ├── dump.cpp │ ├── injector.cpp │ ├── pdb.cpp │ ├── reader.cpp │ └── vmidemo.cpp ├── llvm ├── Dockerfile ├── Makefile ├── build.sh ├── determine_clang_binary_suffix.py └── extract-docker.sh ├── lua └── luaconf.h ├── run-clang-format.sh ├── scripts ├── coverage.sh ├── create_qt_project.py ├── determine_clang_binary_suffix.py └── windows │ ├── Setup-DevHost.ps1 │ ├── remote-msbuild.sh │ └── ssh-copy-id-win.sh ├── test-clang-format.sh ├── testsuite ├── .gitignore ├── LICENSE ├── README.rst ├── basic0-singlepath │ ├── Makefile │ ├── config.yml │ ├── main.c │ └── run-tests.tpl ├── basic1-twopaths │ ├── Makefile │ ├── config.yml │ ├── fix-config.sh │ ├── main.c │ └── run-tests.tpl ├── basic10-fork-no-constraint │ ├── Makefile │ ├── config.yml │ ├── main.c │ └── run-tests.tpl ├── basic11-icount │ ├── Makefile │ ├── config.yml │ ├── fix-config.sh │ ├── main.c │ └── run-tests.tpl ├── basic2-maze │ ├── Makefile │ ├── config.yml │ ├── fix-config.sh │ ├── maze.c │ └── run-tests.tpl ├── basic3-linux-kernel-cov │ ├── Makefile │ ├── config.yml │ ├── fix-config.sh │ ├── main.c │ └── run-tests.tpl ├── basic4-xmm │ ├── Makefile │ ├── config.yml │ ├── main.c │ └── run-tests.tpl ├── basic5-solver │ ├── Makefile │ ├── config.yml │ ├── main.c │ └── run-tests.tpl ├── basic6-funcmon │ ├── Makefile │ ├── config.yml │ ├── fix-config.sh │ ├── main.c │ └── run-tests.tpl ├── basic7-instmon │ ├── Makefile │ ├── config.yml │ ├── fix-config.sh │ ├── main.c │ └── run-tests.tpl ├── basic8-tracers │ ├── Makefile │ ├── config.yml │ ├── fix-config.sh │ ├── main.c │ └── run-tests.tpl ├── basic9-symaddr-unaligned │ ├── Makefile │ ├── config.yml │ ├── fix-config.sh │ ├── main.c │ └── run-tests.tpl ├── basic9-symaddr │ ├── Makefile │ ├── config.yml │ ├── fix-config.sh │ ├── main.c │ └── run-tests.tpl ├── cfi-winword1-benign │ ├── config.yml │ ├── run-tests.tpl │ ├── test0.docx │ ├── test1.docx │ ├── test2.docx │ ├── test3.docx │ ├── test4.docx │ ├── test5.docx │ ├── test6.docx │ ├── test7.docx │ ├── test8.docx │ └── test9.docx ├── cfi-winword1-malicious │ ├── CVE-2015-1770-poc-calc.rtf │ ├── config.yml │ └── run-tests.tpl ├── common-run.sh.tpl ├── coreutils-echo │ ├── config.yml │ ├── fix-config.sh │ └── run-tests.tpl ├── faultinj-scannersys │ ├── .gitignore │ ├── Makefile │ ├── config.yml │ ├── fix-config.sh │ ├── run-tests.tpl │ └── scanner │ │ ├── README.md │ │ ├── filesys-minifilter-scanner.yaml │ │ ├── filter │ │ ├── scanner.c │ │ ├── scanner.h │ │ ├── scanner.rc │ │ ├── scanner.vcxproj │ │ └── scanner.vcxproj.Filters │ │ ├── inc │ │ └── scanuk.h │ │ ├── scanner.inf │ │ ├── scanner.sln │ │ └── user │ │ ├── scanUser.c │ │ ├── scanUser.rc │ │ ├── scanuser.h │ │ ├── scanuser.vcxproj │ │ └── scanuser.vcxproj.Filters ├── helpers.sh ├── office-macro1 │ ├── config.yml │ ├── run-tests.tpl │ └── test.docm ├── pov-cgc-cadet0 │ ├── .gitignore │ ├── CADET_00001 │ ├── Makefile │ ├── config.yml │ └── run-tests.tpl └── pov-demo0 │ ├── Makefile │ ├── config.yml │ ├── main.c │ └── run-tests.tpl ├── tools ├── CMakeLists.txt ├── LICENSE ├── LLVMBitcode.cmake ├── include │ ├── BitcodeLibrary │ │ └── Runtime.h │ ├── CFG │ │ ├── BinaryCFG.h │ │ └── Graph.h │ └── Translator │ │ ├── Translator.h │ │ ├── TranslatorInternal.h │ │ ├── TranslatorWrapper.h │ │ └── TranslatorWrapperInternal.h ├── lib │ ├── CFG │ │ ├── BinaryCFG.cpp │ │ └── CMakeLists.txt │ ├── CMakeLists.txt │ └── Utils │ │ ├── BasicBlockListParser.cpp │ │ ├── BasicBlockListParser.h │ │ ├── BinaryCFGReader.cpp │ │ ├── BinaryCFGReader.h │ │ ├── CMakeLists.txt │ │ ├── Log.cpp │ │ ├── Log.h │ │ ├── Utils.h │ │ └── cfg.proto └── tools │ ├── CMakeLists.txt │ └── scripts │ ├── CMakeLists.txt │ ├── forkprofile.sh │ ├── gdb.py │ ├── ida │ ├── cfg.proto │ ├── cfg.py │ ├── cfg_pb2.py │ ├── extractBasicBlocks.py │ ├── extractFunctions.py │ ├── ida_highlight_basic_blocks.py │ ├── make_sig.sh │ └── mcsema_get_cfg.py │ ├── radare │ └── r2_highlight_basic_blocks.py │ └── revgen │ ├── revgen-gen-stats.sh │ ├── revgen-plot-stats.r │ └── revgen.sh └── vagrant ├── Vagrantfile ├── provision-root.sh └── provision-user.sh /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: vitalych 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | otechie: # Replace with a single Otechie username 12 | custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] 13 | -------------------------------------------------------------------------------- /.github/workflows/clang-format.yaml: -------------------------------------------------------------------------------- 1 | name: Check code style 2 | on: [pull_request] 3 | jobs: 4 | clang-format: 5 | runs-on: ubuntu-22.04 6 | steps: 7 | - name: Check out repository code 8 | uses: actions/checkout@v2 9 | - name: Run clang-format 10 | run: | 11 | set -x 12 | wget https://github.com/llvm/llvm-project/releases/download/llvmorg-14.0.0/clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz 13 | tar -xmf clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz 14 | mv clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04 ../llvm 15 | CLANG_FORMAT=../llvm/bin/clang-format ./test-clang-format.sh 16 | - run: echo "🍏 This job's status is ${{ job.status }}." 17 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | .vscode 3 | .vagrant 4 | /s2e.config 5 | /s2e.creator 6 | /s2e.includes 7 | /s2e.files 8 | /s2e.cflags 9 | /s2e.cxxflags 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | S2E Library 2 | =========== 3 | 4 | This repository contains all the necessary components to build ``libs2e.so``. This shared 5 | library is preloaded in QEMU to enable symbolic execution. 6 | 7 | Please refer to the documentation in the ``docs`` directory for build and usage instructions. 8 | You can also find it online on . 9 | -------------------------------------------------------------------------------- /docs/.gitignore: -------------------------------------------------------------------------------- 1 | *.idea 2 | *.html 3 | .~lock* 4 | -------------------------------------------------------------------------------- /docs/sphinx/.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | source/ 3 | -------------------------------------------------------------------------------- /docs/sphinx/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # The RST renderer in Sphinx and Github are not fully compatible with each other. 3 | # This script makes a copy of the rst sources, patches them, and builds them with Sphinx. 4 | # The original source should be kept as much as possible in Github's dialect so that people 5 | # may use Github to browse the documentation. 6 | 7 | # This is optional 8 | GOOGLE_ANALYTICS_ID="$1" 9 | 10 | # Copy files into a temp folder, then patch them to make sphinx happy 11 | mkdir -p source 12 | rsync -v -cr --delete ../src/* source/ 13 | cp -rp source_templates/* source 14 | $(cd source && sed -i 's/number-lines/linenos/g' $(find . -name '*.rst')) 15 | 16 | make html 17 | 18 | echo "Replacing .rst with .html in links" 19 | $(cd build/html && sed -i 's/\.rst\"/\.html\"/g' $(find . -name '*.html')) 20 | 21 | if [ "x${GOOGLE_ANALYTICS_ID}" != "x" ]; then 22 | echo "Customizing google analytics id" 23 | $(cd build/html && sed -i "s/UA-XXXX-X/${GOOGLE_ANALYTICS_ID}/g" $(find . -name '*.html')) 24 | fi 25 | 26 | linkchecker ./build/html/index.html 27 | -------------------------------------------------------------------------------- /docs/sphinx/source_templates/_templates/layout.html: -------------------------------------------------------------------------------- 1 | {% extends "!layout.html" %} 2 | 3 | {% block footer %} 4 | {{ super() }} 5 | 14 | {% endblock %} 15 | -------------------------------------------------------------------------------- /docs/src/DesignAndImplementation/kvm_interface.odg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/DesignAndImplementation/kvm_interface.odg -------------------------------------------------------------------------------- /docs/src/Howtos/Coverage/ida_cat_coverage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Howtos/Coverage/ida_cat_coverage.png -------------------------------------------------------------------------------- /docs/src/Howtos/Coverage/lcov-cat-mp1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Howtos/Coverage/lcov-cat-mp1.png -------------------------------------------------------------------------------- /docs/src/Howtos/Coverage/lcov-cat-sp1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Howtos/Coverage/lcov-cat-sp1.png -------------------------------------------------------------------------------- /docs/src/Howtos/Coverage/lcov-cat-sp2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Howtos/Coverage/lcov-cat-sp2.png -------------------------------------------------------------------------------- /docs/src/Howtos/Coverage/lcov-libc-sp1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Howtos/Coverage/lcov-libc-sp1.png -------------------------------------------------------------------------------- /docs/src/Howtos/Coverage/linux-cov.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Howtos/Coverage/linux-cov.png -------------------------------------------------------------------------------- /docs/src/Howtos/Coverage/r2_cat_coverage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Howtos/Coverage/r2_cat_coverage.png -------------------------------------------------------------------------------- /docs/src/Plugins/EdgeKiller.rst: -------------------------------------------------------------------------------- 1 | ========== 2 | EdgeKiller 3 | ========== 4 | 5 | The ``EdgeKiller`` plugin looks for the execution of a sequence of program counters and kills all the paths where this 6 | sequence occurs. This is useful to kill polling loops. 7 | 8 | Options 9 | ------- 10 | 11 | The configuration requires one section per module to be monitored. The section name must match the module identifier 12 | defined in the configuration section of the `ModuleExecutionDetector `__ plugin. Each 13 | section contains a list of named pairs of program counters that define the program edges. All program counters are 14 | relative to the native load base of the module. The name of each pair is not important, but must be unique. 15 | 16 | Required Plugins 17 | ---------------- 18 | 19 | * `ModuleExecutionDetector `__ 20 | 21 | Configuration Sample 22 | -------------------- 23 | 24 | The following example shows how to kill the polling loops in the ``pcntpci5.sys`` device driver. Each pair of addresses 25 | represents the source and the target of a polling loop back-edge. 26 | 27 | .. code-block:: lua 28 | 29 | pluginsConfig.EdgeKiller = { 30 | pcntpci5_sys_1 = { 31 | l1 = {0x14040, 0x1401d}, 32 | l2 = {0x139c2, 0x13993}, 33 | l3 = {0x14c84, 0x14c5e}, 34 | } 35 | } 36 | 37 | 38 | -------------------------------------------------------------------------------- /docs/src/Plugins/Linux/LinuxMonitor.rst: -------------------------------------------------------------------------------- 1 | ============ 2 | LinuxMonitor 3 | ============ 4 | 5 | The ``LinuxMonitor`` plugin intercepts process creation/termination, segmentation faults, module load/unload and traps 6 | in S2E. This is achieved by using a specially-modified version of the `Linux kernel 7 | `__ and a dynamically-loaded kernel module. Upon particular events occurring 8 | (e.g. process creation), the kernel will execute a custom instruction that is interpreted and handled by the 9 | ``LinuxMonitor`` plugin. ``LinuxMonitor`` exports these events for other plugins to intercept and process as required. 10 | 11 | Options 12 | ------- 13 | 14 | terminateOnSegfault=[true|false] 15 | Set to ``true`` to terminate the currently-executing state when a segmentation fault occurs. 16 | 17 | terminateOnTrap=[true|false] 18 | Set to ``true`` to terminate the currently-executing state when a trap occurs (e.g. divide-by-zero, invalid opcode, 19 | etc.). If you are using a debugger inside the guest VM then you should set this option to ``false`` because it will 20 | also intercept breakpoints. 21 | 22 | Required Plugins 23 | ---------------- 24 | 25 | None 26 | -------------------------------------------------------------------------------- /docs/src/Plugins/ModuleExecutionDetector.rst: -------------------------------------------------------------------------------- 1 | ======================= 2 | ModuleExecutionDetector 3 | ======================= 4 | 5 | The ``ModuleExecutionDetector`` plugin signals to other plugins when execution enters or leaves a module of interest. 6 | It relies on an OS monitor to get the location of the modules in memory. 7 | 8 | 9 | Configuration Sample 10 | -------------------- 11 | 12 | The configuration sample below will make ``ModuleExecutionDetector``: 13 | 14 | - notify other plugins when execution enters or leaves ``myprogram`` (if ``trackExecution`` is set to ``true``) 15 | - notify other plugins when the DBT translates code that belongs to ``myprogram`` 16 | 17 | .. code-block:: lua 18 | 19 | pluginsConfig.ModuleExecutionDetector = { 20 | myprog_id = { 21 | moduleName = "myprogram", 22 | }, 23 | 24 | trackExecution=true 25 | } 26 | -------------------------------------------------------------------------------- /docs/src/Plugins/Windows/WindowsMonitor.rst: -------------------------------------------------------------------------------- 1 | ============== 2 | WindowsMonitor 3 | ============== 4 | 5 | The ``WindowsMonitor`` plugin implements the detection of module and process loads/unloads on the Windows operating 6 | system. It can be referred to as ``OSMonitor`` by other plugins. The plugin catches the invocation of specific kernel 7 | functions to detect these events. 8 | 9 | Options 10 | ------- 11 | -------------------------------------------------------------------------------- /docs/src/Profiling/heaptrack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Profiling/heaptrack.png -------------------------------------------------------------------------------- /docs/src/Profiling/hotspot1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Profiling/hotspot1.png -------------------------------------------------------------------------------- /docs/src/Profiling/hotspot2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Profiling/hotspot2.png -------------------------------------------------------------------------------- /docs/src/Tutorials/CFI/ida-callsite.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/CFI/ida-callsite.png -------------------------------------------------------------------------------- /docs/src/Tutorials/CFI/ida-calltarget.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/CFI/ida-calltarget.png -------------------------------------------------------------------------------- /docs/src/Tutorials/CFI/windbg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/CFI/windbg.png -------------------------------------------------------------------------------- /docs/src/Tutorials/CFI/word.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/CFI/word.png -------------------------------------------------------------------------------- /docs/src/Tutorials/MSOffice/word1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/MSOffice/word1.png -------------------------------------------------------------------------------- /docs/src/Tutorials/MSOffice/word2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/MSOffice/word2.png -------------------------------------------------------------------------------- /docs/src/Tutorials/MSOffice/word3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/MSOffice/word3.png -------------------------------------------------------------------------------- /docs/src/Tutorials/PoV/arch.odg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/PoV/arch.odg -------------------------------------------------------------------------------- /docs/src/Tutorials/PoV/cadet_00001_tui.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/PoV/cadet_00001_tui.png -------------------------------------------------------------------------------- /docs/src/Tutorials/WindowsDLL/ida_kernel32_beep_coverage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/WindowsDLL/ida_kernel32_beep_coverage.png -------------------------------------------------------------------------------- /docs/src/Tutorials/WindowsDrivers/arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/WindowsDrivers/arch.png -------------------------------------------------------------------------------- /docs/src/Tutorials/WindowsDrivers/cov1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/WindowsDrivers/cov1.png -------------------------------------------------------------------------------- /docs/src/Tutorials/WindowsDrivers/cov2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/WindowsDrivers/cov2.png -------------------------------------------------------------------------------- /docs/src/Tutorials/WindowsDrivers/drvsettings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/WindowsDrivers/drvsettings.png -------------------------------------------------------------------------------- /docs/src/Tutorials/WindowsDrivers/fi_cov1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/WindowsDrivers/fi_cov1.png -------------------------------------------------------------------------------- /docs/src/Tutorials/WindowsDrivers/fi_cov2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/WindowsDrivers/fi_cov2.png -------------------------------------------------------------------------------- /docs/src/Tutorials/WindowsDrivers/windbg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/docs/src/Tutorials/WindowsDrivers/windbg.png -------------------------------------------------------------------------------- /guest/cmake/Toolchain-linux-i686.cmake: -------------------------------------------------------------------------------- 1 | # S2E Selective Symbolic Execution Platform 2 | # 3 | # Copyright (c) 2017 Dependable Systems Laboratory, EPFL 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | 23 | set(CMAKE_SYSTEM_NAME Linux) 24 | 25 | set(BITS 32) 26 | 27 | # Do not force a compiler for Linux targets 28 | -------------------------------------------------------------------------------- /guest/cmake/Toolchain-linux-x86_64.cmake: -------------------------------------------------------------------------------- 1 | # S2E Selective Symbolic Execution Platform 2 | # 3 | # Copyright (c) 2017 Dependable Systems Laboratory, EPFL 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | 23 | set(CMAKE_SYSTEM_NAME Linux) 24 | 25 | set(BITS 64) 26 | 27 | # Do not force a compiler for Linux targets 28 | -------------------------------------------------------------------------------- /guest/cmake/Toolchain-windows-i686.cmake: -------------------------------------------------------------------------------- 1 | # S2E Selective Symbolic Execution Platform 2 | # 3 | # Copyright (c) 2017 Dependable Systems Laboratory, EPFL 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | 23 | set(CMAKE_SYSTEM_NAME Windows) 24 | 25 | set(BITS 32) 26 | set(CMAKE_C_COMPILER i686-w64-mingw32-gcc) 27 | set(CMAKE_CXX_COMPILER i686-w64-mingw32-g++) 28 | -------------------------------------------------------------------------------- /guest/cmake/Toolchain-windows-x86_64.cmake: -------------------------------------------------------------------------------- 1 | # S2E Selective Symbolic Execution Platform 2 | # 3 | # Copyright (c) 2017 Dependable Systems Laboratory, EPFL 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | 23 | set(CMAKE_SYSTEM_NAME Windows) 24 | 25 | set(BITS 64) 26 | set(CMAKE_C_COMPILER x86_64-w64-mingw32-gcc) 27 | set(CMAKE_CXX_COMPILER x86_64-w64-mingw32-g++) 28 | -------------------------------------------------------------------------------- /guest/common/demos/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_executable(maze maze.c) 2 | target_link_options(maze PUBLIC ${COMPAT_LD_FLAGS}) 3 | 4 | 5 | add_executable(quicksort quicksort.c) 6 | target_link_options(quicksort PUBLIC ${COMPAT_LD_FLAGS}) 7 | 8 | # Disable optimizations to avoid interferring with vulnerabilities 9 | set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O0") 10 | add_executable(vulnerabilities vulnerabilities.c) 11 | target_link_options(vulnerabilities PUBLIC ${COMPAT_LD_FLAGS}) 12 | 13 | if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux") 14 | add_dependencies(maze glibc-compat-main) 15 | add_dependencies(quicksort glibc-compat-main) 16 | add_dependencies(vulnerabilities glibc-compat-main) 17 | endif() -------------------------------------------------------------------------------- /guest/common/demos/quicksort.c: -------------------------------------------------------------------------------- 1 | /** 2 | * Quick sort symbolic execution demo. 3 | * Code taken from http://en.wikibooks.org/wiki/Algorithm_Implementation/Sorting/Quicksort#C 4 | */ 5 | 6 | #include 7 | 8 | static void swap(int *a, int *b) { 9 | int t = *a; 10 | *a = *b; 11 | *b = t; 12 | } 13 | 14 | static void sort(int arr[], int beg, int end) { 15 | if (end > beg + 1) { 16 | int piv = arr[beg], l = beg + 1, r = end; 17 | while (l < r) { 18 | if (arr[l] <= piv) 19 | l++; 20 | else 21 | swap(&arr[l], &arr[--r]); 22 | } 23 | swap(&arr[--l], &arr[beg]); 24 | sort(arr, beg, l); 25 | sort(arr, r, end); 26 | } 27 | } 28 | 29 | int main(void) { 30 | int num_list[] = {5, 4, 5, 6, 7}; 31 | 32 | s2e_make_symbolic(&num_list, sizeof(num_list), "array"); 33 | 34 | int len = sizeof(num_list) / sizeof(num_list[0]); 35 | sort(num_list, 0, len); 36 | 37 | for (int i = 0; i < len; i++) { 38 | printf("%d ", s2e_get_example_uint(num_list[i])); 39 | } 40 | printf("\n"); 41 | 42 | s2e_kill_state(0, "Sort completed"); 43 | 44 | return 0; 45 | } 46 | -------------------------------------------------------------------------------- /guest/common/s2ecmd/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # S2E Selective Symbolic Execution Platform 2 | # 3 | # Copyright (c) 2017 Dependable Systems Laboratory, EPFL 4 | # Copyright (c) 2018 Cyberhaven 5 | # 6 | # Permission is hereby granted, free of charge, to any person obtaining a copy 7 | # of this software and associated documentation files (the "Software"), to deal 8 | # in the Software without restriction, including without limitation the rights 9 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | # copies of the Software, and to permit persons to whom the Software is 11 | # furnished to do so, subject to the following conditions: 12 | # 13 | # The above copyright notice and this permission notice shall be included in all 14 | # copies or substantial portions of the Software. 15 | # 16 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | # SOFTWARE. 23 | 24 | add_executable(s2ecmd s2ecmd.cpp symfile.cpp s2eget.cpp s2eput.cpp common.cpp) 25 | target_link_libraries(s2ecmd atomic) 26 | 27 | install(TARGETS s2ecmd RUNTIME DESTINATION .) 28 | -------------------------------------------------------------------------------- /guest/glibc-compat/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2022 Vitaly Chipounov 3 | # 4 | # Permission is hereby granted, free of charge, to any person obtaining a copy 5 | # of this software and associated documentation files (the "Software"), to deal 6 | # in the Software without restriction, including without limitation the rights 7 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | # copies of the Software, and to permit persons to whom the Software is 9 | # furnished to do so, subject to the following conditions: 10 | # 11 | # The above copyright notice and this permission notice shall be included in all 12 | # copies or substantial portions of the Software. 13 | # 14 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 | # SOFTWARE. 21 | 22 | set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic") 23 | 24 | add_library( 25 | glibc-compat-main STATIC 26 | libc_start_main.c 27 | ) 28 | -------------------------------------------------------------------------------- /guest/linux/function_models/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # S2E Selective Symbolic Execution Platform 2 | # 3 | # Copyright (c) 2017 Dependable Systems Laboratory, EPFL 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | 23 | add_executable(models_test models_test.c models.c) 24 | target_link_options(models_test PUBLIC ${COMPAT_LD_FLAGS}) 25 | 26 | target_link_libraries(models_test dl) 27 | -------------------------------------------------------------------------------- /guest/linux/libcgc/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # S2E Selective Symbolic Execution Platform 2 | # 3 | # Copyright (c) 2024 Vitaly Chipounov 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | 23 | 24 | add_library(cgc STATIC 25 | main.c 26 | ) 27 | 28 | set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") 29 | 30 | install(TARGETS cgc LIBRARY DESTINATION .) 31 | -------------------------------------------------------------------------------- /guest/linux/libpov/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # S2E Selective Symbolic Execution Platform 2 | # 3 | # Copyright (c) 2024 Vitaly Chipounov 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | 23 | 24 | add_library(pov STATIC 25 | main.c 26 | ) 27 | 28 | set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") 29 | 30 | install(TARGETS pov LIBRARY DESTINATION .) 31 | -------------------------------------------------------------------------------- /guest/linux/povtest/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # S2E Selective Symbolic Execution Platform 2 | # 3 | # Copyright (c) 2024 Vitaly Chipounov 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | 23 | add_executable(povtest main.c) 24 | 25 | target_link_libraries(povtest pov cgc pthread) 26 | 27 | install(TARGETS povtest RUNTIME DESTINATION .) -------------------------------------------------------------------------------- /guest/s2ebios/hw/hw.h: -------------------------------------------------------------------------------- 1 | /// S2E Selective Symbolic Execution Platform 2 | /// 3 | /// Copyright (c) 2023 Vitaly Chipounov 4 | /// 5 | /// Permission is hereby granted, free of charge, to any person obtaining a copy 6 | /// of this software and associated documentation files (the "Software"), to deal 7 | /// in the Software without restriction, including without limitation the rights 8 | /// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | /// copies of the Software, and to permit persons to whom the Software is 10 | /// furnished to do so, subject to the following conditions: 11 | /// 12 | /// The above copyright notice and this permission notice shall be included in all 13 | /// copies or substantial portions of the Software. 14 | /// 15 | /// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | /// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | /// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | /// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | /// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | /// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | /// SOFTWARE. 22 | 23 | #ifndef _HW_H_ 24 | 25 | #define _HW_H_ 26 | 27 | int ioapic_init(void); 28 | void apic_init(void); 29 | void hpet_init(void); 30 | 31 | void apic_eoi(void); 32 | 33 | #endif -------------------------------------------------------------------------------- /guest/s2ebios/include/stdio.h: -------------------------------------------------------------------------------- 1 | #ifndef _STDIO_H_ 2 | 3 | #define _STDIO_H_ 4 | 5 | #include 6 | #include 7 | 8 | int printf(const char *format, ...); 9 | int vsnprintf(char *s, size_t n, const char *format, va_list arg); 10 | 11 | #endif -------------------------------------------------------------------------------- /guest/s2ebios/s2e-bios-low.c: -------------------------------------------------------------------------------- 1 | /// S2E Selective Symbolic Execution Platform 2 | /// 3 | /// Copyright (c) 2013 Dependable Systems Laboratory, EPFL 4 | /// 5 | /// Permission is hereby granted, free of charge, to any person obtaining a copy 6 | /// of this software and associated documentation files (the "Software"), to deal 7 | /// in the Software without restriction, including without limitation the rights 8 | /// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | /// copies of the Software, and to permit persons to whom the Software is 10 | /// furnished to do so, subject to the following conditions: 11 | /// 12 | /// The above copyright notice and this permission notice shall be included in all 13 | /// copies or substantial portions of the Software. 14 | /// 15 | /// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | /// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | /// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | /// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | /// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | /// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | /// SOFTWARE. 22 | 23 | /** 24 | * Must be the very first function of the file and be linked first. 25 | */ 26 | void _start() { 27 | void main(void); 28 | main(); 29 | __asm__("cli; hlt;"); 30 | } 31 | -------------------------------------------------------------------------------- /guest/s2ebios/utils/interrupt.h: -------------------------------------------------------------------------------- 1 | /// S2E Selective Symbolic Execution Platform 2 | /// 3 | /// Copyright (c) 2023 Vitaly Chipounov 4 | /// 5 | /// Permission is hereby granted, free of charge, to any person obtaining a copy 6 | /// of this software and associated documentation files (the "Software"), to deal 7 | /// in the Software without restriction, including without limitation the rights 8 | /// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | /// copies of the Software, and to permit persons to whom the Software is 10 | /// furnished to do so, subject to the following conditions: 11 | /// 12 | /// The above copyright notice and this permission notice shall be included in all 13 | /// copies or substantial portions of the Software. 14 | /// 15 | /// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | /// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | /// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | /// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | /// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | /// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | /// SOFTWARE. 22 | 23 | #ifndef __INT_H__ 24 | #define __INT_H__ 25 | 26 | #include 27 | 28 | typedef void (*isr_t)(uint8_t num); 29 | 30 | int interrupts_register(uint8_t num, isr_t isr); 31 | void interrupts_init(void); 32 | 33 | #endif -------------------------------------------------------------------------------- /guest/s2ebios/vmm/vmm.h: -------------------------------------------------------------------------------- 1 | /// S2E Selective Symbolic Execution Platform 2 | /// 3 | /// Copyright (c) 2013 Dependable Systems Laboratory, EPFL 4 | /// 5 | /// Permission is hereby granted, free of charge, to any person obtaining a copy 6 | /// of this software and associated documentation files (the "Software"), to deal 7 | /// in the Software without restriction, including without limitation the rights 8 | /// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | /// copies of the Software, and to permit persons to whom the Software is 10 | /// furnished to do so, subject to the following conditions: 11 | /// 12 | /// The above copyright notice and this permission notice shall be included in all 13 | /// copies or substantial portions of the Software. 14 | /// 15 | /// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | /// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | /// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | /// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | /// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | /// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | /// SOFTWARE. 22 | 23 | #include 24 | 25 | #ifndef __VMM_H__ 26 | 27 | #define __VMM_H__ 28 | 29 | void vmm_init(); 30 | int vmm_map_page(uint64_t virtual, uint64_t physical); 31 | 32 | #endif -------------------------------------------------------------------------------- /guest/s2ebios/vmm/vmm32.c: -------------------------------------------------------------------------------- 1 | /// S2E Selective Symbolic Execution Platform 2 | /// 3 | /// Copyright (c) 2013 Dependable Systems Laboratory, EPFL 4 | /// 5 | /// Permission is hereby granted, free of charge, to any person obtaining a copy 6 | /// of this software and associated documentation files (the "Software"), to deal 7 | /// in the Software without restriction, including without limitation the rights 8 | /// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | /// copies of the Software, and to permit persons to whom the Software is 10 | /// furnished to do so, subject to the following conditions: 11 | /// 12 | /// The above copyright notice and this permission notice shall be included in all 13 | /// copies or substantial portions of the Software. 14 | /// 15 | /// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | /// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | /// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | /// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | /// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | /// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | /// SOFTWARE. 22 | 23 | #include "vmm.h" 24 | 25 | void vmm_init() { 26 | } 27 | 28 | int vmm_map_page(uint64_t virtual, uint64_t physical) { 29 | return -1; 30 | } -------------------------------------------------------------------------------- /guest/windows/.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto -------------------------------------------------------------------------------- /guest/windows/.gitignore: -------------------------------------------------------------------------------- 1 | Win7 Release 2 | *.user 3 | *.opendb 4 | *.db 5 | *.pdb 6 | x64 7 | Release 8 | Debug 9 | .vs 10 | venv 11 | *.suo 12 | *.pyc 13 | kb 14 | kernels 15 | dist 16 | *PVS-Studio* 17 | *.idea 18 | *.TMP 19 | -------------------------------------------------------------------------------- /guest/windows/AllRules.ruleset: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /guest/windows/driver/src/enumeration.h: -------------------------------------------------------------------------------- 1 | /// 2 | /// Copyright (C) 2014-2016, Dependable Systems Laboratory, EPFL 3 | /// Copyright (C) 2014-2017, Cyberhaven 4 | /// 5 | /// Permission is hereby granted, free of charge, to any person obtaining a copy 6 | /// of this software and associated documentation files (the "Software"), to deal 7 | /// in the Software without restriction, including without limitation the rights 8 | /// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | /// copies of the Software, and to permit persons to whom the Software is 10 | /// furnished to do so, subject to the following conditions: 11 | /// 12 | /// The above copyright notice and this permission notice shall be included in all 13 | /// copies or substantial portions of the Software. 14 | /// 15 | /// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | /// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | /// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | /// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | /// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | /// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | /// SOFTWARE. 22 | /// 23 | 24 | #ifndef _S2E_ENUMERATION_H_ 25 | 26 | #define _S2E_ENUMERATION_H_ 27 | 28 | #include 29 | 30 | VOID EnumerateThreads(PEPROCESS Process); 31 | VOID EnumerateProcesses(VOID); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /guest/windows/driver/src/filter.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | DRIVER_INITIALIZE FilterRegister; 6 | 7 | NTSTATUS FilterUnregister(VOID); 8 | -------------------------------------------------------------------------------- /guest/windows/driver/src/kernel_hooks.h: -------------------------------------------------------------------------------- 1 | /// 2 | /// Copyright (C) 2014-2016, Dependable Systems Laboratory, EPFL 3 | /// Copyright (C) 2014-2017, Cyberhaven 4 | /// 5 | /// Permission is hereby granted, free of charge, to any person obtaining a copy 6 | /// of this software and associated documentation files (the "Software"), to deal 7 | /// in the Software without restriction, including without limitation the rights 8 | /// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | /// copies of the Software, and to permit persons to whom the Software is 10 | /// furnished to do so, subject to the following conditions: 11 | /// 12 | /// The above copyright notice and this permission notice shall be included in all 13 | /// copies or substantial portions of the Software. 14 | /// 15 | /// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | /// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | /// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | /// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | /// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | /// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | /// SOFTWARE. 22 | /// 23 | 24 | #ifndef _S2E_KERNEL_HOOKS_H_ 25 | 26 | #define _S2E_KERNEL_HOOKS_H_ 27 | 28 | #include 29 | 30 | VOID InitializeKernelHooks(VOID); 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /guest/windows/driver/src/log.h: -------------------------------------------------------------------------------- 1 | /// 2 | /// Copyright (C) 2014-2016, Dependable Systems Laboratory, EPFL 3 | /// Copyright (C) 2014-2017, Cyberhaven 4 | /// 5 | /// Permission is hereby granted, free of charge, to any person obtaining a copy 6 | /// of this software and associated documentation files (the "Software"), to deal 7 | /// in the Software without restriction, including without limitation the rights 8 | /// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | /// copies of the Software, and to permit persons to whom the Software is 10 | /// furnished to do so, subject to the following conditions: 11 | /// 12 | /// The above copyright notice and this permission notice shall be included in all 13 | /// copies or substantial portions of the Software. 14 | /// 15 | /// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | /// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | /// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | /// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | /// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | /// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | /// SOFTWARE. 22 | /// 23 | 24 | #ifndef _S2E_LOG_H_ 25 | 26 | #define _S2E_LOG_H_ 27 | 28 | #include 29 | 30 | #define LOG(x, ...) S2EMessageFmt("s2e.sys: " ## x, __VA_ARGS__) 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /guest/windows/drvctl/drvctl.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | 26 | 27 | Header Files 28 | 29 | 30 | -------------------------------------------------------------------------------- /guest/windows/libs2e/cpp.hint: -------------------------------------------------------------------------------- 1 | #define LIBS2E_API __declspec(dllexport) 2 | #define LIBS2E_API __declspec(dllimport) 3 | -------------------------------------------------------------------------------- /guest/windows/libs2e/dllmain.c: -------------------------------------------------------------------------------- 1 | // dllmain.cpp : Defines the entry point for the DLL application. 2 | #include 3 | 4 | BOOL APIENTRY DllMain(HMODULE hModule, 5 | DWORD ul_reason_for_call, 6 | LPVOID lpReserved 7 | ) 8 | { 9 | switch (ul_reason_for_call) { 10 | case DLL_PROCESS_ATTACH: 11 | case DLL_THREAD_ATTACH: 12 | case DLL_THREAD_DETACH: 13 | case DLL_PROCESS_DETACH: 14 | break; 15 | } 16 | return TRUE; 17 | } 18 | -------------------------------------------------------------------------------- /guest/windows/libs2e/libs2e.c: -------------------------------------------------------------------------------- 1 | // libs2e.cpp : Defines the exported functions for the DLL. 2 | // 3 | 4 | #include "libs2e.h" 5 | -------------------------------------------------------------------------------- /guest/windows/libs2e/libs2e.def: -------------------------------------------------------------------------------- 1 | EXPORTS 2 | S2EGetVersion 3 | S2EGetPathId 4 | S2EGetPathCount 5 | S2EGetConstraintCount 6 | S2EGetRange 7 | S2EGetExample 8 | S2EConcretize 9 | S2EIsSymbolic 10 | S2EMakeSymbolicRaw 11 | S2EMessageRaw 12 | S2EInvokePluginRaw 13 | S2EInvokePluginConcreteModeRaw 14 | S2EHexDump 15 | S2EAssume 16 | S2EAssumeDisjunction 17 | S2EPrintExpression 18 | S2EKillState 19 | S2EWriteMemory 20 | S2EMakeSymbolic 21 | S2ESymbolicInt 22 | S2ESymbolicChar 23 | S2ESymbolicStatus 24 | S2EMessage 25 | S2EInvokePlugin 26 | S2EInvokePluginConcrete 27 | S2EMessageFmt 28 | S2EWriteMemorySafe 29 | 30 | 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /guest/windows/libs2e/libs2e.h: -------------------------------------------------------------------------------- 1 | #ifndef __LIBS2E_H__ 2 | #define __LIBS2E_H__ 3 | 4 | #define USER_APP 5 | #include 6 | 7 | #endif -------------------------------------------------------------------------------- /guest/windows/libs2e/libs2e.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | Source Files 21 | 22 | 23 | 24 | 25 | Header Files 26 | 27 | 28 | 29 | 30 | Source Files 31 | 32 | 33 | Source Files 34 | 35 | 36 | -------------------------------------------------------------------------------- /guest/windows/pdbparser/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /guest/windows/requirements.txt: -------------------------------------------------------------------------------- 1 | pdbparse==1.5 2 | pefile==2019.4.18 3 | construct==2.9.52 4 | requests==2.21.0 5 | patool==1.12 6 | pyunpack==0.2.2 7 | jinja2==2.11.3 8 | -------------------------------------------------------------------------------- /guest/windows/scripts/genvmi.tpl: -------------------------------------------------------------------------------- 1 | --[[ 2 | * Automatically generated code. Do not edit. 3 | * Run genvmi.py to rebuild. 4 | * 5 | * Include this file in s2e-config.lua. 6 | * This include file provides a g_vmi_modules global variable 7 | * that maps checksums to the module description. 8 | * 9 | * s2e-config.lua should have something like this: 10 | * 11 | * pluginsConfig.Vmi = { 12 | * modules = g_vmi_modules, 13 | * ... 14 | * } 15 | * 16 | * 17 | * The checksum is the one in the PE header. 18 | * (To be fixed to support other kinds of modules). 19 | ]]-- 20 | 21 | g_vmi_modules = { 22 | {% for d in data %} 23 | _{{d.checksum}} = { 24 | name = "{{d.name}}", 25 | version = "{{d.version}}", 26 | checksum = {{d.checksum}}, 27 | nativebase = {{d.nativebase | hex}}, 28 | symbols = { 29 | {%- for f,a in d.symbols.iteritems() %} 30 | 31 | {{f}} = {{a | hex}}, 32 | {%- endfor %} 33 | 34 | }, 35 | 36 | syscalls = { 37 | {%- for s in d.syscalls %} 38 | 39 | { {{s[0] | hex}}, "{{s[1]}}"}, 40 | {%- endfor %} 41 | } 42 | }, 43 | {% endfor %} 44 | 45 | } 46 | -------------------------------------------------------------------------------- /guest/windows/tickler/.gitignore: -------------------------------------------------------------------------------- 1 | *.opensdf 2 | *.suo 3 | Release 4 | ipch -------------------------------------------------------------------------------- /klee/KLEEConfig.cmake.in: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | 10 | set(KLEE_VERSION_MAJOR @KLEE_VERSION_MAJOR@) 11 | set(KLEE_VERSION_MINOR @KLEE_VERSION_MINOR@) 12 | set(KLEE_VERSION_PATCH @KLEE_VERSION_PATCH@) 13 | set(KLEE_PACKAGE_VERSION @KLEE_PACKAGE_VERSION@) 14 | 15 | set(KLEE_INCLUDE_DIR "@KLEE_INCLUDE_DIR@") 16 | set(KLEE_LIBRARY_DIR "@KLEE_LIBRARY_DIR@") 17 | -------------------------------------------------------------------------------- /klee/README.txt: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // KLEE Symbolic Virtual Machine 3 | //===----------------------------------------------------------------------===// 4 | 5 | KLEE is a symbolic virtual machine built on top of the LLVM compiler 6 | infrastructure. 7 | 8 | This version is a stripped down version of KLEE (~2009) and merely used as 9 | an LLVM interpreter for S2E. It includes some recent updates from upstream (cmake, 10 | expression printers, etc.). 11 | 12 | The original version can be found on http://klee.github.io/. 13 | -------------------------------------------------------------------------------- /klee/cmake/GetGitRevisionDescription.cmake.in: -------------------------------------------------------------------------------- 1 | # 2 | # Internal file for GetGitRevisionDescription.cmake 3 | # 4 | # Requires CMake 2.6 or newer (uses the 'function' command) 5 | # 6 | # Original Author: 7 | # 2009-2010 Ryan Pavlik 8 | # http://academic.cleardefinition.com 9 | # Iowa State University HCI Graduate Program/VRAC 10 | # 11 | # Copyright Iowa State University 2009-2010. 12 | # Distributed under the Boost Software License, Version 1.0. 13 | # (See accompanying file LICENSE_1_0.txt or copy at 14 | # http://www.boost.org/LICENSE_1_0.txt) 15 | 16 | set(HEAD_HASH) 17 | 18 | file(READ "@HEAD_FILE@" HEAD_CONTENTS LIMIT 1024) 19 | 20 | string(STRIP "${HEAD_CONTENTS}" HEAD_CONTENTS) 21 | if(HEAD_CONTENTS MATCHES "ref") 22 | # named branch 23 | string(REPLACE "ref: " "" HEAD_REF "${HEAD_CONTENTS}") 24 | if(EXISTS "@GIT_DIR@/${HEAD_REF}") 25 | configure_file("@GIT_DIR@/${HEAD_REF}" "@GIT_DATA@/head-ref" COPYONLY) 26 | else() 27 | configure_file("@GIT_DIR@/packed-refs" "@GIT_DATA@/packed-refs" COPYONLY) 28 | file(READ "@GIT_DATA@/packed-refs" PACKED_REFS) 29 | if(${PACKED_REFS} MATCHES "([0-9a-z]*) ${HEAD_REF}") 30 | set(HEAD_HASH "${CMAKE_MATCH_1}") 31 | endif() 32 | endif() 33 | else() 34 | # detached HEAD 35 | configure_file("@GIT_DIR@/HEAD" "@GIT_DATA@/head-ref" COPYONLY) 36 | endif() 37 | 38 | if(NOT HEAD_HASH) 39 | file(READ "@GIT_DATA@/head-ref" HEAD_HASH LIMIT 1024) 40 | string(STRIP "${HEAD_HASH}" HEAD_HASH) 41 | endif() 42 | -------------------------------------------------------------------------------- /klee/cmake/c_flags_override.cmake: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | # 10 | # This file overrides the default compiler flags for CMake's built-in 11 | # configurations (CMAKE_BUILD_TYPE). Most compiler flags should not be set 12 | # here. The main purpose is to make sure ``-DNDEBUG`` is never set by default. 13 | # 14 | #===------------------------------------------------------------------------===# 15 | if (("${CMAKE_C_COMPILER_ID}" MATCHES "Clang") OR ("${CMAKE_C_COMPILER_ID}" MATCHES "GNU")) 16 | # Taken from Modules/Compiler/GNU.cmake but -DNDEBUG is removed 17 | set(CMAKE_C_FLAGS_INIT "") 18 | set(CMAKE_C_FLAGS_DEBUG_INIT "-O0 -g") 19 | set(CMAKE_C_FLAGS_MINSIZEREL_INIT "-Os") 20 | set(CMAKE_C_FLAGS_RELEASE_INIT "-O3") 21 | set(CMAKE_C_FLAGS_RELWITHDEBINFO_INIT "-O2 -g") 22 | else() 23 | message(FATAL_ERROR "Overrides not set for compiler ${CMAKE_C_COMPILER_ID}") 24 | endif() 25 | -------------------------------------------------------------------------------- /klee/cmake/cxx_flags_override.cmake: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | # 10 | # This file overrides the default compiler flags for CMake's built-in 11 | # configurations (CMAKE_BUILD_TYPE). Most compiler flags should not be set 12 | # here. The main purpose is to make sure ``-DNDEBUG`` is never set by default. 13 | # 14 | #===------------------------------------------------------------------------===# 15 | 16 | if (("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang") OR ("${CMAKE_CXX_COMPILER_ID}" MATCHES "GNU")) 17 | # Taken from Modules/Compiler/GNU.cmake but -DNDEBUG is removed 18 | set(CMAKE_CXX_FLAGS_INIT "") 19 | set(CMAKE_CXX_FLAGS_DEBUG_INIT "-O0 -g") 20 | set(CMAKE_CXX_FLAGS_MINSIZEREL_INIT "-Os") 21 | set(CMAKE_CXX_FLAGS_RELEASE_INIT "-O3") 22 | set(CMAKE_CXX_FLAGS_RELWITHDEBINFO_INIT "-O2 -g") 23 | else() 24 | message(FATAL_ERROR "Overrides not set for compiler ${CMAKE_CXX_COMPILER_ID}") 25 | endif() 26 | -------------------------------------------------------------------------------- /klee/cmake/find_llvm.cmake: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | 10 | find_package(LLVM CONFIG REQUIRED) 11 | 12 | # Provide function to map LLVM components to libraries. 13 | function(klee_get_llvm_libs output_var) 14 | llvm_map_components_to_libnames(${output_var} ${ARGN}) 15 | endfunction() 16 | -------------------------------------------------------------------------------- /klee/cmake/klee_add_component.cmake: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | 10 | function(klee_add_component target_name) 11 | add_library(${target_name} ${ARGN}) 12 | # Use of `PUBLIC` means these will propagate to targets that use this component. 13 | if (("${CMAKE_VERSION}" VERSION_EQUAL "3.3") OR ("${CMAKE_VERSION}" VERSION_GREATER "3.3")) 14 | # In newer CMakes we can make sure that the flags are only used when compiling C++ 15 | target_compile_options(${target_name} PUBLIC 16 | $<$:${KLEE_COMPONENT_CXX_FLAGS}>) 17 | else() 18 | # For older CMakes just live with the warnings we get for passing C++ only flags 19 | # to the C compiler. 20 | target_compile_options(${target_name} PUBLIC ${KLEE_COMPONENT_CXX_FLAGS}) 21 | endif() 22 | target_include_directories(${target_name} PUBLIC ${KLEE_COMPONENT_EXTRA_INCLUDE_DIRS}) 23 | target_compile_definitions(${target_name} PUBLIC ${KLEE_COMPONENT_CXX_DEFINES}) 24 | target_link_libraries(${target_name} PUBLIC ${KLEE_COMPONENT_EXTRA_LIBRARIES}) 25 | endfunction() 26 | -------------------------------------------------------------------------------- /klee/cmake/modules/FindZ3.cmake: -------------------------------------------------------------------------------- 1 | # Tries to find an install of the Z3 library and header files 2 | # 3 | # Once done this will define 4 | # Z3_FOUND - BOOL: System has the Z3 library installed 5 | # Z3_INCLUDE_DIRS - LIST:The GMP include directories 6 | # Z3_LIBRARIES - LIST:The libraries needed to use Z3 7 | include(FindPackageHandleStandardArgs) 8 | 9 | # Try to find libraries 10 | find_library(Z3_LIBRARIES 11 | NAMES z3 12 | DOC "Z3 libraries" 13 | ) 14 | if (Z3_LIBRARIES) 15 | message(STATUS "Found Z3 libraries: \"${Z3_LIBRARIES}\"") 16 | else() 17 | message(STATUS "Could not find Z3 libraries") 18 | endif() 19 | 20 | # Try to find headers 21 | find_path(Z3_INCLUDE_DIRS 22 | NAMES z3.h 23 | DOC "Z3 C header" 24 | ) 25 | if (Z3_INCLUDE_DIRS) 26 | message(STATUS "Found Z3 include path: \"${Z3_INCLUDE_DIRS}\"") 27 | else() 28 | message(STATUS "Could not find Z3 include path") 29 | endif() 30 | 31 | # TODO: We should check we can link some simple code against libz3 32 | 33 | # Handle QUIET and REQUIRED and check the necessary variables were set and if so 34 | # set ``Z3_FOUND`` 35 | find_package_handle_standard_args(Z3 DEFAULT_MSG Z3_INCLUDE_DIRS Z3_LIBRARIES) 36 | -------------------------------------------------------------------------------- /klee/cmake/string_to_list.cmake: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | 10 | function(string_to_list s output_var) 11 | string(REPLACE " " ";" _output "${s}") 12 | set(${output_var} ${_output} PARENT_SCOPE) 13 | endfunction() 14 | -------------------------------------------------------------------------------- /klee/include/klee/Config/CompileTimeInfo.h.cmin: -------------------------------------------------------------------------------- 1 | //===-- CompileTimeInfo.h ---------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | // @AUTO_GEN_MSG@ 11 | #ifndef KLEE_COMPILE_TIME_INFO_H 12 | #define KLEE_COMPILE_TIME_INFO_H 13 | 14 | #define KLEE_BUILD_MODE "@CMAKE_BUILD_TYPE@ (Asserts: @ENABLE_KLEE_ASSERTS@)" 15 | #define KLEE_BUILD_REVISION "@KLEE_GIT_SHA1HASH@" 16 | #define KLEE_BUILD_TAG "@KLEE_GIT_TAG@" 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /klee/include/klee/Config/common.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/klee/include/klee/Config/common.h -------------------------------------------------------------------------------- /klee/include/klee/ExternalDispatcher.h: -------------------------------------------------------------------------------- 1 | //===-- ExternalDispatcher.h ------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_EXTERNALDISPATCHER_H 11 | #define KLEE_EXTERNALDISPATCHER_H 12 | 13 | #include 14 | #include 15 | #include 16 | #include 17 | 18 | #include 19 | 20 | namespace klee { 21 | class ExternalDispatcher { 22 | private: 23 | public: 24 | typedef uint64_t (*external_fcn_t)(...); 25 | typedef llvm::SmallVector Arguments; 26 | 27 | ExternalDispatcher(); 28 | virtual ~ExternalDispatcher(); 29 | 30 | virtual void *resolveSymbol(const std::string &name); 31 | virtual bool call(external_fcn_t targetFunction, const Arguments &args, uint64_t *result, std::stringstream &err); 32 | }; 33 | } // namespace klee 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /klee/include/klee/Internal/Module/Cell.h: -------------------------------------------------------------------------------- 1 | //===-- Cell.h --------------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_CELL_H 11 | #define KLEE_CELL_H 12 | 13 | #include 14 | 15 | namespace klee { 16 | struct Cell { 17 | ref value; 18 | }; 19 | } // namespace klee 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /klee/include/klee/Internal/README.txt: -------------------------------------------------------------------------------- 1 | This directory holds header files for things which are exposed as part 2 | of the internal API of a library, but shouldn't be exposed to 3 | externally. 4 | -------------------------------------------------------------------------------- /klee/include/klee/Internal/Support/ModuleUtil.h: -------------------------------------------------------------------------------- 1 | //===-- ModuleUtil.h --------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_TRANSFORM_UTIL_H 11 | #define KLEE_TRANSFORM_UTIL_H 12 | 13 | #include 14 | 15 | namespace llvm { 16 | class Function; 17 | class Instruction; 18 | class Module; 19 | } // namespace llvm 20 | 21 | namespace klee { 22 | 23 | /// Link a module with a specified bitcode archive. 24 | llvm::Module *linkWithLibrary(llvm::Module *module, const std::string &libraryName); 25 | 26 | } // namespace klee 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /klee/include/klee/Internal/Support/Timer.h: -------------------------------------------------------------------------------- 1 | //===-- Timer.h -------------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_TIMER_H 11 | #define KLEE_TIMER_H 12 | 13 | #include 14 | #include 15 | 16 | namespace klee { 17 | class WallTimer { 18 | std::chrono::steady_clock::time_point m_start; 19 | 20 | public: 21 | WallTimer(); 22 | 23 | /// check - Return the delta since the timer was created, in microseconds. 24 | uint64_t check(); 25 | }; 26 | } // namespace klee 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /klee/include/klee/Internal/System/Time.h: -------------------------------------------------------------------------------- 1 | //===-- Time.h --------------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_UTIL_TIME_H 11 | #define KLEE_UTIL_TIME_H 12 | 13 | namespace klee { 14 | namespace util { 15 | double getUserTime(); 16 | double getWallTime(); 17 | } // namespace util 18 | } // namespace klee 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /klee/include/klee/Stats/CoreStats.h: -------------------------------------------------------------------------------- 1 | //===-- CoreStats.h ---------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_CORESTATS_H 11 | #define KLEE_CORESTATS_H 12 | 13 | #include "Statistic.h" 14 | 15 | namespace klee { 16 | namespace stats { 17 | 18 | extern StatisticPtr instructions; 19 | extern StatisticPtr forkTime; 20 | extern StatisticPtr solverTime; 21 | 22 | /// The number of process forks. 23 | extern StatisticPtr forks; 24 | 25 | extern StatisticPtr completedPaths; 26 | 27 | } // namespace stats 28 | } // namespace klee 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /klee/include/klee/Stats/SolverStats.h: -------------------------------------------------------------------------------- 1 | //===-- SolverStats.h -------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_SOLVERSTATS_H 11 | #define KLEE_SOLVERSTATS_H 12 | 13 | #include "Statistic.h" 14 | 15 | namespace klee { 16 | namespace stats { 17 | 18 | extern StatisticPtr cexCacheTime; 19 | extern StatisticPtr queries; 20 | extern StatisticPtr queriesInvalid; 21 | extern StatisticPtr queriesValid; 22 | extern StatisticPtr queryCacheHits; 23 | extern StatisticPtr queryCacheMisses; 24 | extern StatisticPtr queryConstructTime; 25 | extern StatisticPtr queryConstructs; 26 | extern StatisticPtr queryCounterexamples; 27 | extern StatisticPtr queryTime; 28 | } // namespace stats 29 | } // namespace klee 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /klee/include/klee/Stats/TimerStatIncrementer.h: -------------------------------------------------------------------------------- 1 | //===-- TimerStatIncrementer.h ----------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_TIMERSTATINCREMENTER_H 11 | #define KLEE_TIMERSTATINCREMENTER_H 12 | 13 | #include "klee/Internal/Support/Timer.h" 14 | #include "Statistic.h" 15 | 16 | namespace klee { 17 | namespace stats { 18 | class TimerStatIncrementer { 19 | private: 20 | WallTimer timer; 21 | StatisticPtr statistic; 22 | 23 | public: 24 | TimerStatIncrementer(StatisticPtr &_statistic) : statistic(_statistic) { 25 | } 26 | 27 | ~TimerStatIncrementer() { 28 | *statistic += timer.check(); 29 | }; 30 | 31 | uint64_t check() { 32 | return timer.check(); 33 | } 34 | }; 35 | } // namespace stats 36 | } // namespace klee 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /klee/include/klee/util/ExprHashMap.h: -------------------------------------------------------------------------------- 1 | //===-- ExprHashMap.h -------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_EXPRHASHMAP_H 11 | #define KLEE_EXPRHASHMAP_H 12 | 13 | #include 14 | #include 15 | #include "klee/Expr.h" 16 | 17 | namespace klee { 18 | 19 | namespace util { 20 | struct ExprHash { 21 | unsigned operator()(const ref &e) const { 22 | return e->hash(); 23 | } 24 | }; 25 | 26 | struct ExprCmp { 27 | bool operator()(const ref &a, const ref &b) const { 28 | return a == b; 29 | } 30 | }; 31 | } // namespace util 32 | 33 | template 34 | class ExprHashMap : 35 | 36 | public std::unordered_map, T, klee::util::ExprHash, klee::util::ExprCmp> {}; 37 | 38 | typedef std::unordered_set, klee::util::ExprHash, klee::util::ExprCmp> ExprHashSet; 39 | } // namespace klee 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /klee/include/klee/util/ExprTemplates.h: -------------------------------------------------------------------------------- 1 | //===-- ExprUtil.h ----------------------------------------------*- C++ -*-===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #ifndef KLEE_UTIL_EXPRTEMPLATES_H 11 | #define KLEE_UTIL_EXPRTEMPLATES_H 12 | 13 | #include "klee/Expr.h" 14 | 15 | #define E_SUB(a, b) klee::SubExpr::create(a, b) 16 | #define E_ZE(a, w) klee::ZExtExpr::create(a, w) 17 | #define E_SUBZE(a, b, w) E_SUB(E_ZE(a, w), E_ZE(b, w)) 18 | #define E_AND(a, b) klee::AndExpr::create(a, b) 19 | #define E_OR(a, b) klee::OrExpr::create(a, b) 20 | #define E_LE(a, b) klee::UleExpr::create(a, b) 21 | #define E_LT(a, b) klee::UltExpr::create(a, b) 22 | #define E_EQ(a, b) klee::EqExpr::create(a, b) 23 | #define E_GT(a, b) klee::UgtExpr::create(a, b) 24 | #define E_GE(a, b) klee::UgeExpr::create(a, b) 25 | #define E_NOT(a) klee::NotExpr::create(a) 26 | #define E_NEQ(a, b) E_NOT(E_EQ(a, b)) 27 | #define E_ITE(c, t, f) klee::SelectExpr::create(c, t, f) 28 | #define E_CONST(v, w) klee::ConstantExpr::create(v, w) 29 | #define E_MIN(a, b) E_ITE(E_LT(a, b), a, b) 30 | #define E_EXTR(v, off, w) klee::ExtractExpr::create(v, off, w) 31 | 32 | #endif /* KLEE_UTIL_EXPRTEMPLATES_H */ 33 | -------------------------------------------------------------------------------- /klee/lib/Basic/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | klee_add_component(kleeBasic 10 | Statistics.cpp 11 | ) 12 | -------------------------------------------------------------------------------- /klee/lib/Basic/README.txt: -------------------------------------------------------------------------------- 1 | This directory holds the most basic support facilities provided for 2 | both the klee and kleaver libraries. The code in this directory should 3 | have no dependencies on LLVM or any other klee libraries. 4 | -------------------------------------------------------------------------------- /klee/lib/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | add_subdirectory(Basic) 10 | add_subdirectory(Support) 11 | add_subdirectory(Expr) 12 | add_subdirectory(Solver) 13 | add_subdirectory(Module) 14 | add_subdirectory(Core) 15 | -------------------------------------------------------------------------------- /klee/lib/Core/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | klee_add_component(kleeCore 10 | AddressSpace.cpp 11 | Common.cpp 12 | Context.cpp 13 | CoreStats.cpp 14 | ExecutionState.cpp 15 | Executor.cpp 16 | ExternalDispatcher.cpp 17 | Memory.cpp 18 | Searcher.cpp 19 | SpecialFunctionHandler.cpp 20 | ) 21 | 22 | set(LLVM_COMPONENTS 23 | core 24 | support 25 | ) 26 | 27 | # list(APPEND LLVM_COMPONENTS engine) 28 | 29 | klee_get_llvm_libs(LLVM_LIBS ${LLVM_COMPONENTS}) 30 | target_link_libraries(kleeCore PUBLIC ${LLVM_LIBS}) 31 | -------------------------------------------------------------------------------- /klee/lib/Core/Context.cpp: -------------------------------------------------------------------------------- 1 | //===-- Context.cpp -------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #include "klee/Context.h" 11 | 12 | #include "klee/Expr.h" 13 | 14 | #include "llvm/IR/DerivedTypes.h" 15 | #include "llvm/IR/Type.h" 16 | 17 | #include 18 | 19 | using namespace klee; 20 | 21 | static bool Initialized = false; 22 | static Context TheContext; 23 | 24 | bool Context::initialized() { 25 | return Initialized; 26 | } 27 | 28 | void Context::initialize(bool IsLittleEndian, Expr::Width PointerWidth) { 29 | // TODO: get rid of context singleton. 30 | // assert(!Initialized && "Duplicate context initialization!"); 31 | TheContext = Context(IsLittleEndian, PointerWidth); 32 | Initialized = true; 33 | } 34 | 35 | const Context &Context::get() { 36 | assert(Initialized && "Context has not been initialized!"); 37 | return TheContext; 38 | } 39 | 40 | ref Expr::createCoerceToPointerType(const ref &e) { 41 | return ZExtExpr::create(e, Context::get().getPointerWidth()); 42 | } 43 | 44 | ref Expr::createPointer(uint64_t v) { 45 | return ConstantExpr::create(v, Context::get().getPointerWidth()); 46 | } 47 | -------------------------------------------------------------------------------- /klee/lib/Core/CoreStats.cpp: -------------------------------------------------------------------------------- 1 | //===-- CoreStats.cpp -----------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #include "klee/Stats/CoreStats.h" 11 | 12 | namespace klee { 13 | namespace stats { 14 | auto instructions = Statistic::create("LLVMInstructions", "I"); 15 | auto forks = Statistic::create("Forks", "Forks"); 16 | auto solverTime = Statistic::create("SolverTime", "Stime"); 17 | auto completedPaths = Statistic::create("CompletedPaths", "CompletedPaths"); 18 | } // namespace stats 19 | } // namespace klee 20 | -------------------------------------------------------------------------------- /klee/lib/Expr/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | klee_add_component(kleaverExpr 10 | BitfieldSimplifier.cpp 11 | CachedAssignmentEvaluator.cpp 12 | Constraints.cpp 13 | Expr.cpp 14 | ExprBuilder.cpp 15 | ExprEvaluator.cpp 16 | ExprPPrinter.cpp 17 | ExprSMTLIBPrinter.cpp 18 | ExprUtil.cpp 19 | ExprVisitor.cpp 20 | Lexer.cpp 21 | Parser.cpp 22 | Updates.cpp 23 | ) 24 | 25 | set(LLVM_COMPONENTS 26 | support 27 | ) 28 | 29 | klee_get_llvm_libs(LLVM_LIBS ${LLVM_COMPONENTS}) 30 | target_link_libraries(kleaverExpr PUBLIC ${LLVM_LIBS}) 31 | -------------------------------------------------------------------------------- /klee/lib/Expr/Constraints.cpp: -------------------------------------------------------------------------------- 1 | //===-- Constraints.cpp ---------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #include "klee/Constraints.h" 11 | 12 | #include "klee/util/ExprPPrinter.h" 13 | #include "klee/util/ExprVisitor.h" 14 | 15 | #include 16 | #include 17 | 18 | namespace klee { 19 | 20 | void ConstraintManager::addConstraint(const ref e) { 21 | switch (e->getKind()) { 22 | case Expr::Constant: 23 | assert(cast(e)->isTrue() && "attempt to add invalid (false) constraint"); 24 | break; 25 | case Expr::And: { 26 | BinaryExpr *be = cast(e); 27 | addConstraint(be->getKid(0)); 28 | addConstraint(be->getKid(1)); 29 | break; 30 | } 31 | default: 32 | head_ = head_->getOrCreate(e); 33 | } 34 | } 35 | } // namespace klee 36 | -------------------------------------------------------------------------------- /klee/lib/Module/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | klee_add_component(kleeModule 10 | InstructionOperandTypeCheckPass.cpp 11 | IntrinsicCleaner.cpp 12 | KInstruction.cpp 13 | KModule.cpp 14 | LowerSwitch.cpp 15 | ModuleUtil.cpp 16 | PhiCleaner.cpp 17 | RaiseAsm.cpp 18 | ) 19 | -------------------------------------------------------------------------------- /klee/lib/Module/KInstruction.cpp: -------------------------------------------------------------------------------- 1 | //===-- KInstruction.cpp --------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #include "klee/Internal/Module/KInstruction.h" 11 | 12 | using namespace llvm; 13 | using namespace klee; 14 | 15 | /***/ 16 | 17 | KInstruction::~KInstruction() { 18 | delete[] operands; 19 | } 20 | -------------------------------------------------------------------------------- /klee/lib/README.txt: -------------------------------------------------------------------------------- 1 | The klee and kleaver code is organized as follows: 2 | 3 | lib/Basic - Low level support for both klee and kleaver which should 4 | be independent of LLVM. 5 | 6 | lib/Support - Higher level support, but only used by klee. This can 7 | use LLVM facilities. 8 | 9 | lib/Expr - The core kleaver expression library. 10 | 11 | lib/Solver - The kleaver solver library. 12 | 13 | lib/Module - klee facilities for working with LLVM modules, including 14 | the shadow module/instruction structures we use during 15 | execution. 16 | 17 | lib/Core - The core symbolic virtual machine. 18 | 19 | -------------------------------------------------------------------------------- /klee/lib/Solver/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | set(KLEE_SOLVER_SRCS CachingSolver.cpp 10 | CexCachingSolver.cpp 11 | ConstantDivision.cpp 12 | FastCexSolver.cpp 13 | IncompleteSolver.cpp 14 | IndependentSolver.cpp 15 | KQueryLoggingSolver.cpp 16 | QueryLoggingSolver.cpp 17 | SMTLIBLoggingSolver.cpp 18 | Solver.cpp 19 | SolverStats.cpp 20 | TimingSolver.cpp 21 | SolverFactory.cpp 22 | ) 23 | 24 | if(ENABLE_SOLVER_Z3) 25 | list(APPEND KLEE_SOLVER_SRCS Z3ArrayBuilder.cpp 26 | Z3Builder.cpp 27 | Z3IteBuilder.cpp 28 | Z3Solver.cpp) 29 | endif() 30 | 31 | klee_add_component(kleaverSolver ${KLEE_SOLVER_SRCS}) 32 | 33 | target_link_libraries(kleaverSolver PRIVATE ${KLEE_SOLVER_LIBRARIES}) 34 | -------------------------------------------------------------------------------- /klee/lib/Solver/SolverStats.cpp: -------------------------------------------------------------------------------- 1 | //===-- SolverStats.cpp ---------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #include "klee/Stats/SolverStats.h" 11 | 12 | namespace klee { 13 | namespace stats { 14 | 15 | auto cexCacheTime = Statistic::create("CexCacheTime", "CCtime"); 16 | auto queries = Statistic::create("Queries", "Q"); 17 | auto queriesInvalid = Statistic::create("QueriesInvalid", "Qiv"); 18 | auto queriesValid = Statistic::create("QueriesValid", "Qv"); 19 | auto queryCacheHits = Statistic::create("QueryCacheHits", "QChits"); 20 | auto queryCacheMisses = Statistic::create("QueryCacheMisses", "QCmisses"); 21 | auto queryConstructTime = Statistic::create("QueryConstructTime", "QBtime"); 22 | auto queryConstructs = Statistic::create("QueriesConstructs", "QB"); 23 | auto queryCounterexamples = Statistic::create("QueriesCEX", "Qcex"); 24 | auto queryTime = Statistic::create("QueryTime", "Qtime"); 25 | 26 | } // namespace stats 27 | } // namespace klee -------------------------------------------------------------------------------- /klee/lib/Support/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #===------------------------------------------------------------------------===# 2 | # 3 | # The KLEE Symbolic Virtual Machine 4 | # 5 | # This file is distributed under the University of Illinois Open Source 6 | # License. See LICENSE.TXT for details. 7 | # 8 | #===------------------------------------------------------------------------===# 9 | klee_add_component(kleeSupport 10 | Time.cpp 11 | Timer.cpp 12 | PagePool.cpp 13 | ) 14 | 15 | target_link_libraries(kleeSupport PRIVATE ${ZLIB_LIBRARIES}) 16 | -------------------------------------------------------------------------------- /klee/lib/Support/README.txt: -------------------------------------------------------------------------------- 1 | This directory holds basic support facilities (data structures, 2 | utilities, etc.) used by klee. 3 | -------------------------------------------------------------------------------- /klee/lib/Support/Time.cpp: -------------------------------------------------------------------------------- 1 | //===-- Time.cpp ----------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #include "klee/Internal/System/Time.h" 11 | #include 12 | #include 13 | 14 | namespace klee { 15 | 16 | double util::getUserTime() { 17 | rusage usage{}; 18 | auto ret = ::getrusage(RUSAGE_SELF, &usage); 19 | 20 | if (ret) { 21 | return 0.0; 22 | } else { 23 | return (double) usage.ru_utime.tv_sec + usage.ru_utime.tv_usec * 1e-6; 24 | } 25 | } 26 | 27 | double util::getWallTime() { 28 | auto tp = std::chrono::steady_clock::now(); 29 | return std::chrono::duration_cast>(tp.time_since_epoch()).count(); 30 | } 31 | } // namespace klee 32 | -------------------------------------------------------------------------------- /klee/lib/Support/Timer.cpp: -------------------------------------------------------------------------------- 1 | //===-- Timer.cpp ---------------------------------------------------------===// 2 | // 3 | // The KLEE Symbolic Virtual Machine 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #include "klee/Internal/Support/Timer.h" 11 | 12 | #include "klee/Config/config.h" 13 | #if (LLVM_VERSION_MAJOR == 2 && LLVM_VERSION_MINOR < 7) 14 | #include "llvm/System/Process.h" 15 | #else 16 | #include "llvm/Support/Process.h" 17 | #endif 18 | 19 | using namespace klee; 20 | using namespace llvm; 21 | 22 | WallTimer::WallTimer() { 23 | m_start = std::chrono::steady_clock::now(); 24 | } 25 | 26 | uint64_t WallTimer::check() { 27 | auto now = std::chrono::steady_clock::now(); 28 | auto diff = now - m_start; 29 | return std::chrono::duration_cast(diff).count(); 30 | } 31 | -------------------------------------------------------------------------------- /klee/unittests/ADT/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(ADTTest 2 | ImmutableMap.cpp) 3 | target_link_libraries(ADTTest PRIVATE kleeCore kleeSupport) 4 | -------------------------------------------------------------------------------- /klee/unittests/Core/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(CoreTest AddressSpaceTest.cpp) 2 | 3 | target_link_libraries(CoreTest PRIVATE kleeCore kleaverExpr kleeSupport) 4 | -------------------------------------------------------------------------------- /klee/unittests/Expr/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(ExprTest ExprTest.cpp BitfieldSimplifier.cpp) 2 | 3 | target_link_libraries(ExprTest PRIVATE kleaverExpr kleeCore kleeSupport) 4 | -------------------------------------------------------------------------------- /klee/unittests/TestMain.cpp: -------------------------------------------------------------------------------- 1 | //===--- unittests/TestMain.cpp - unittest driver -------------------------===// 2 | // 3 | // The LLVM Compiler Infrastructure 4 | // 5 | // This file is distributed under the University of Illinois Open Source 6 | // License. See LICENSE.TXT for details. 7 | // 8 | //===----------------------------------------------------------------------===// 9 | 10 | #include "gtest/gtest.h" 11 | 12 | int main(int argc, char **argv) { 13 | testing::InitGoogleTest(&argc, argv); 14 | auto ret = RUN_ALL_TESTS(); 15 | 16 | // Call exit to generate coverage info. 17 | exit(ret); 18 | } 19 | -------------------------------------------------------------------------------- /klee/unittests/Utils/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_klee_unit_test(UtilsTest PagePool.cpp BitArray.cpp) 2 | target_link_libraries(UtilsTest PRIVATE kleeCore kleeSupport) 3 | -------------------------------------------------------------------------------- /klee/unittests/coverage.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -x 4 | 5 | LLVM_BIN=~/s2e/env/build/llvm-release/bin 6 | 7 | $1 8 | 9 | "$LLVM_BIN/llvm-profdata" merge -sparse default.profraw -o default.profdata 10 | "$LLVM_BIN/llvm-cov" show $1 --instr-profile=default.profdata -format=html -output-dir=coverage 11 | -------------------------------------------------------------------------------- /klee/unittests/lit-unit-tests-common.cfg: -------------------------------------------------------------------------------- 1 | # Configuration file for the 'lit' test runner. 2 | 3 | import os 4 | 5 | import lit.formats 6 | 7 | # suffixes: A list of file extensions to treat as test files. 8 | config.suffixes = [] 9 | 10 | # testFormat: The test format to use to interpret tests. 11 | config.test_format = lit.formats.GoogleTest('.', config.unit_test_exe_suffix) 12 | -------------------------------------------------------------------------------- /klee/unittests/lit-unit-tests-common.site.cfg.in: -------------------------------------------------------------------------------- 1 | import sys 2 | import os 3 | 4 | ## @AUTO_GEN_MSG@ 5 | config.name = 'KLEE Unit tests' 6 | config.unit_test_exe_suffix = "@UNIT_TEST_EXE_SUFFIX@" 7 | 8 | # Let the main config do the real work. 9 | lit_config.load_config(config, "@CMAKE_SOURCE_DIR@/unittests/lit-unit-tests-common.cfg") 10 | -------------------------------------------------------------------------------- /libcoroutine/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2016 - Cyberhaven 2 | # This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 3 | 4 | cmake_minimum_required(VERSION 3.4.3) 5 | 6 | 7 | project(LIBCOROUTINE) 8 | set(LIBCOROUTINE_VERSION_MAJOR 1) 9 | set(LIBCOROUTINE_VERSION_MINOR 0) 10 | set(LIBCOROUTINE_VERSION_PATCH 0) 11 | set(LIBCOROUTINE_PACKAGE_VERSION 12 | "${LIBCOROUTINE_VERSION_MAJOR}.${LIBCOROUTINE_VERSION_MINOR}.${LIBCOROUTINE_VERSION_PATCH}") 13 | 14 | include(CMakePackageConfigHelpers) 15 | set(CMAKE_VERSION_FILE "${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}Version.cmake") 16 | write_basic_package_version_file(${CMAKE_VERSION_FILE} 17 | VERSION ${LIBCOROUTINE_PACKAGE_VERSION} 18 | COMPATIBILITY AnyNewerVersion) 19 | 20 | set(CMAKE_CONFIG_FILE "${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}Config.cmake") 21 | set(LIBCOROUTINE_INCLUDE_DIR "${CMAKE_SOURCE_DIR}/include") 22 | set(LIBCOROUTINE_LIBRARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/src") 23 | configure_file(LIBCOROUTINEConfig.cmake.in ${CMAKE_CONFIG_FILE} @ONLY) 24 | 25 | 26 | find_package(PkgConfig REQUIRED) 27 | pkg_check_modules(GLIB_PKG glib-2.0) 28 | 29 | include_directories(${GLIB_PKG_INCLUDE_DIRS} ${LIBCOROUTINE_INCLUDE_DIR}) 30 | 31 | add_subdirectory(src) 32 | -------------------------------------------------------------------------------- /libcoroutine/COPYING.LIB: -------------------------------------------------------------------------------- 1 | This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 2 | -------------------------------------------------------------------------------- /libcoroutine/LIBCOROUTINEConfig.cmake.in: -------------------------------------------------------------------------------- 1 | # Copyright 2017 - Cyberhaven 2 | # This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 3 | 4 | set(LIBCOROUTINE_VERSION_MAJOR @LIBCOROUTINE_VERSION_MAJOR@) 5 | set(LIBCOROUTINE_VERSION_MINOR @LIBCOROUTINE_VERSION_MINOR@) 6 | set(LIBCOROUTINE_VERSION_PATCH @LIBCOROUTINE_VERSION_PATCH@) 7 | set(LIBCOROUTINE_PACKAGE_VERSION @LIBCOROUTINE_PACKAGE_VERSION@) 8 | 9 | set(LIBCOROUTINE_INCLUDE_DIR "@LIBCOROUTINE_INCLUDE_DIR@") 10 | set(LIBCOROUTINE_LIBRARY_DIR "@LIBCOROUTINE_LIBRARY_DIR@") 11 | -------------------------------------------------------------------------------- /libcoroutine/src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2016 - Cyberhaven 2 | # This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 3 | 4 | add_library(coroutine coroutine.c coroutine-ucontext.c) 5 | 6 | set(CMAKE_C_FLAGS "-Wall -Werror -fPIC") 7 | -------------------------------------------------------------------------------- /libcpu/LIBCPUConfig.cmake.in: -------------------------------------------------------------------------------- 1 | # Copyright 2016 - Cyberhaven 2 | # This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 3 | 4 | set(LIBCPU_VERSION_MAJOR @LIBCPU_VERSION_MAJOR@) 5 | set(LIBCPU_VERSION_MINOR @LIBCPU_VERSION_MINOR@) 6 | set(LIBCPU_VERSION_PATCH @LIBCPU_VERSION_PATCH@) 7 | set(LIBCPU_PACKAGE_VERSION @LIBCPU_PACKAGE_VERSION@) 8 | 9 | set(LIBCPU_INCLUDE_DIR "@LIBCPU_INCLUDE_DIR@") 10 | set(LIBCPU_LIBRARY_DIR "@LIBCPU_LIBRARY_DIR@") 11 | -------------------------------------------------------------------------------- /libcpu/LICENSE: -------------------------------------------------------------------------------- 1 | This library is free software; you can redistribute it and/or 2 | modify it under the terms of the GNU Library General Public 3 | License as published by the Free Software Foundation; either 4 | version 2 of the License, or (at your option) any later version. 5 | 6 | This library is distributed in the hope that it will be useful, 7 | but WITHOUT ANY WARRANTY; without even the implied warranty of 8 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 9 | Library General Public License for more details. 10 | 11 | You should have received a copy of the GNU Library General Public 12 | License along with this library; if not, see . 13 | -------------------------------------------------------------------------------- /libcpu/include/cpu/apic.h: -------------------------------------------------------------------------------- 1 | /// Copyright (C) 2003 Fabrice Bellard 2 | /// Copyright (C) 2010 Dependable Systems Laboratory, EPFL 3 | /// Copyright (C) 2016 Cyberhaven 4 | /// Copyrights of all contributions belong to their respective owners. 5 | /// 6 | /// This library is free software; you can redistribute it and/or 7 | /// modify it under the terms of the GNU Library General Public 8 | /// License as published by the Free Software Foundation; either 9 | /// version 2 of the License, or (at your option) any later version. 10 | /// 11 | /// This library is distributed in the hope that it will be useful, 12 | /// but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | /// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | /// Library General Public License for more details. 15 | /// 16 | /// You should have received a copy of the GNU Library General Public 17 | /// License along with this library; if not, see . 18 | 19 | #ifndef APIC_H 20 | #define APIC_H 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | 30 | struct DeviceState; 31 | typedef struct DeviceState DeviceState; 32 | 33 | /* pc.c */ 34 | int cpu_is_bsp(CPUX86State *env); 35 | 36 | #ifdef __cplusplus 37 | } 38 | #endif 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /libcpu/include/cpu/config.h: -------------------------------------------------------------------------------- 1 | /// Copyright (C) 2003 Fabrice Bellard 2 | /// Copyright (C) 2016 Cyberhaven 3 | /// Copyrights of all contributions belong to their respective owners. 4 | /// 5 | /// This library is free software; you can redistribute it and/or 6 | /// modify it under the terms of the GNU Library General Public 7 | /// License as published by the Free Software Foundation; either 8 | /// version 2 of the License, or (at your option) any later version. 9 | /// 10 | /// This library is distributed in the hope that it will be useful, 11 | /// but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | /// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | /// Library General Public License for more details. 14 | /// 15 | /// You should have received a copy of the GNU Library General Public 16 | /// License along with this library; if not, see . 17 | 18 | #include 19 | #include 20 | #include "se_libcpu_config.h" 21 | -------------------------------------------------------------------------------- /libcpu/include/cpu/disas.h: -------------------------------------------------------------------------------- 1 | /// Copyright (C) 2017 Cyberhaven 2 | /// Copyrights of all contributions belong to their respective owners. 3 | /// 4 | /// This library is free software; you can redistribute it and/or 5 | /// modify it under the terms of the GNU Library General Public 6 | /// License as published by the Free Software Foundation; either 7 | /// version 2 of the License, or (at your option) any later version. 8 | /// 9 | /// This library is distributed in the hope that it will be useful, 10 | /// but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | /// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | /// Library General Public License for more details. 13 | /// 14 | /// You should have received a copy of the GNU Library General Public 15 | /// License along with this library; if not, see . 16 | 17 | #ifndef _LIBCPU_DISAS_H 18 | #define _LIBCPU_DISAS_H 19 | 20 | #include 21 | #include 22 | 23 | #ifdef __cplusplus 24 | extern "C" { 25 | #endif 26 | 27 | void host_disas(FILE *out, void *pc, size_t size); 28 | 29 | void target_disas(void *env, FILE *out, target_ulong code, target_ulong size, int flags); 30 | 31 | typedef int (*fprintf_function_t)(FILE *f, const char *fmt, ...); 32 | int target_disas_ex(void *env, FILE *out, fprintf_function_t func, uintptr_t code, size_t size, int flags); 33 | 34 | #ifdef __cplusplus 35 | } 36 | #endif 37 | 38 | #endif /* _LIBCPU_DISAS_H */ 39 | -------------------------------------------------------------------------------- /libcpu/include/cpu/i386/helper.h: -------------------------------------------------------------------------------- 1 | /// Copyright (C) 2010 Dependable Systems Laboratory, EPFL 2 | /// Copyright (C) 2016 Cyberhaven 3 | /// Copyrights of all contributions belong to their respective owners. 4 | /// 5 | /// This library is free software; you can redistribute it and/or 6 | /// modify it under the terms of the GNU Library General Public 7 | /// License as published by the Free Software Foundation; either 8 | /// version 2 of the License, or (at your option) any later version. 9 | /// 10 | /// This library is distributed in the hope that it will be useful, 11 | /// but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | /// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | /// Library General Public License for more details. 14 | /// 15 | /// You should have received a copy of the GNU Library General Public 16 | /// License along with this library; if not, see . 17 | /// 18 | #ifndef __LIBCPU_I386_HELPER_H__ 19 | 20 | #define __LIBCPU_I386_HELPER_H__ 21 | 22 | #define _M_CC_OP (1 << 1) 23 | #define _M_CC_SRC (1 << 2) 24 | #define _M_CC_DST (1 << 3) 25 | #define _M_CC_TMP (1 << 4) 26 | #define _M_EAX (1 << 5) 27 | #define _M_ECX (1 << 6) 28 | #define _M_EDX (1 << 7) 29 | #define _M_EBX (1 << 8) 30 | #define _M_ESP (1 << 9) 31 | #define _M_EBP (1 << 10) 32 | #define _M_ESI (1 << 11) 33 | #define _M_EDI (1 << 12) 34 | 35 | #define _M_CC (_M_CC_OP | _M_CC_SRC | _M_CC_DST) 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /libcpu/include/cpu/memdbg.h: -------------------------------------------------------------------------------- 1 | /// Copyright (C) 2018 Cyberhaven 2 | /// Copyrights of all contributions belong to their respective owners. 3 | /// 4 | /// This library is free software; you can redistribute it and/or 5 | /// modify it under the terms of the GNU Library General Public 6 | /// License as published by the Free Software Foundation; either 7 | /// version 2 of the License, or (at your option) any later version. 8 | /// 9 | /// This library is distributed in the hope that it will be useful, 10 | /// but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | /// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | /// Library General Public License for more details. 13 | /// 14 | /// You should have received a copy of the GNU Library General Public 15 | /// License along with this library; if not, see . 16 | 17 | #ifndef __LIBCPU_MEMDBG_H__ 18 | 19 | #define __LIBCPU_MEMDBG_H__ 20 | 21 | #include 22 | #include 23 | #include 24 | 25 | #ifdef __cplusplus 26 | extern "C" { 27 | #endif 28 | 29 | void cpu_host_memory_rw(uintptr_t source, uintptr_t dest, int length, int is_write); 30 | int cpu_memory_rw_debug(void *opaque_env, target_ulong addr, uint8_t *buf, int len, int is_write); 31 | void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf, int len, int is_write); 32 | 33 | #ifdef __cplusplus 34 | } 35 | #endif 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /libcpu/src/cpu-defs.h: -------------------------------------------------------------------------------- 1 | /// Copyright (C) 2003 Fabrice Bellard 2 | /// Copyright (C) 2010 Dependable Systems Laboratory, EPFL 3 | /// Copyright (C) 2016 Cyberhaven 4 | /// Copyrights of all contributions belong to their respective owners. 5 | /// 6 | /// This library is free software; you can redistribute it and/or 7 | /// modify it under the terms of the GNU Library General Public 8 | /// License as published by the Free Software Foundation; either 9 | /// version 2 of the License, or (at your option) any later version. 10 | /// 11 | /// This library is distributed in the hope that it will be useful, 12 | /// but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | /// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | /// Library General Public License for more details. 15 | /// 16 | /// You should have received a copy of the GNU Library General Public 17 | /// License along with this library; if not, see . 18 | 19 | #ifndef CPU_DEFS_H 20 | #define CPU_DEFS_H 21 | 22 | #ifndef NEED_CPU_H 23 | #error cpu.h included from common code 24 | #endif 25 | 26 | #include 27 | 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include "qqueue.h" 33 | 34 | #ifdef CONFIG_SYMBEX 35 | #include 36 | #endif 37 | 38 | #include 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /libcpu/src/exec-phys.h: -------------------------------------------------------------------------------- 1 | /// Copyright (C) 2003 Fabrice Bellard 2 | /// Copyright (C) 2010 Dependable Systems Laboratory, EPFL 3 | /// Copyright (C) 2016 Cyberhaven 4 | /// Copyrights of all contributions belong to their respective owners. 5 | /// 6 | /// This library is free software; you can redistribute it and/or 7 | /// modify it under the terms of the GNU Library General Public 8 | /// License as published by the Free Software Foundation; either 9 | /// version 2 of the License, or (at your option) any later version. 10 | /// 11 | /// This library is distributed in the hope that it will be useful, 12 | /// but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | /// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | /// Library General Public License for more details. 15 | /// 16 | /// You should have received a copy of the GNU Library General Public 17 | /// License along with this library; if not, see . 18 | 19 | #ifndef __EXEC_PHYS_H__ 20 | 21 | #define __EXEC_PHYS_H__ 22 | 23 | #include 24 | #include 25 | 26 | extern const uint16_t phys_section_unassigned; 27 | extern const uint16_t phys_section_notdirty; 28 | extern const uint16_t phys_section_rom; 29 | extern const uint16_t phys_section_watch; 30 | 31 | void phys_register_section(unsigned index, const struct MemoryDescOps *ops); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /libfsigc++/FSIGCXXConfig.cmake.in: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Cyberhaven 2 | # 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to deal 5 | # in the Software without restriction, including without limitation the rights 6 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | # copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | # 10 | # The above copyright notice and this permission notice shall be included in all 11 | # copies or substantial portions of the Software. 12 | # 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | # SOFTWARE. 20 | 21 | set(FSIGCXX_VERSION_MAJOR @FSIGCXX_VERSION_MAJOR@) 22 | set(FSIGCXX_VERSION_MINOR @FSIGCXX_VERSION_MINOR@) 23 | set(FSIGCXX_VERSION_PATCH @FSIGCXX_VERSION_PATCH@) 24 | set(FSIGCXX_PACKAGE_VERSION @FSIGCXX_PACKAGE_VERSION@) 25 | 26 | set(FSIGCXX_INCLUDE_DIR "@FSIGCXX_INCLUDE_DIR@") 27 | set(FSIGCXX_LIBRARY_DIR "@FSIGCXX_LIBRARY_DIR@") 28 | -------------------------------------------------------------------------------- /libfsigc++/LICENCE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017 Cyberhaven 2 | Copyright (c) 2011 Dependable Systems Lab, EPFL 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining a copy 5 | of this software and associated documentation files (the "Software"), to deal 6 | in the Software without restriction, including without limitation the rights 7 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | copies of the Software, and to permit persons to whom the Software is 9 | furnished to do so, subject to the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be included in all 12 | copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 | SOFTWARE. 21 | -------------------------------------------------------------------------------- /libfsigc++/src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Cyberhaven 2 | # 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to deal 5 | # in the Software without restriction, including without limitation the rights 6 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | # copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | # 10 | # The above copyright notice and this permission notice shall be included in all 11 | # copies or substantial portions of the Software. 12 | # 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | # SOFTWARE. 20 | 21 | set(CMAKE_C_FLAGS "-Wall -Werror -fPIC") 22 | set(CMAKE_CXX_FLAGS "-Wall -Werror -fPIC -std=c++17") 23 | 24 | add_library (fsigc++ signals.cpp) 25 | 26 | add_executable(sigtest test.cpp) 27 | target_link_libraries(sigtest fsigc++) 28 | -------------------------------------------------------------------------------- /libq/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2016 - Cyberhaven 2 | # This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 3 | 4 | cmake_minimum_required(VERSION 3.4.3) 5 | 6 | project(LIBQ) 7 | set(LIBQ_VERSION_MAJOR 1) 8 | set(LIBQ_VERSION_MINOR 0) 9 | set(LIBQ_VERSION_PATCH 0) 10 | set(LIBQ_PACKAGE_VERSION 11 | "${LIBQ_VERSION_MAJOR}.${LIBQ_VERSION_MINOR}.${LIBQ_VERSION_PATCH}") 12 | 13 | include(CMakePackageConfigHelpers) 14 | set(CMAKE_VERSION_FILE "${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}Version.cmake") 15 | write_basic_package_version_file(${CMAKE_VERSION_FILE} 16 | VERSION ${LIBQ_PACKAGE_VERSION} 17 | COMPATIBILITY AnyNewerVersion) 18 | 19 | set(CMAKE_CONFIG_FILE "${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}Config.cmake") 20 | set(LIBQ_INCLUDE_DIR "${CMAKE_SOURCE_DIR}/include") 21 | set(LIBQ_LIBRARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/src") 22 | configure_file(LIBQConfig.cmake.in ${CMAKE_CONFIG_FILE} @ONLY) 23 | 24 | find_package(PkgConfig REQUIRED) 25 | pkg_check_modules(GLIB_PKG glib-2.0) 26 | 27 | include_directories(${GLIB_PKG_INCLUDE_DIRS} ${LIBQ_INCLUDE_DIR}) 28 | 29 | add_subdirectory(src) 30 | -------------------------------------------------------------------------------- /libq/COPYING.LIB: -------------------------------------------------------------------------------- 1 | This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 2 | -------------------------------------------------------------------------------- /libq/LIBQConfig.cmake.in: -------------------------------------------------------------------------------- 1 | # Copyright 2017 - Cyberhaven 2 | # This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 3 | 4 | set(LIBQ_VERSION_MAJOR @LIBQ_VERSION_MAJOR@) 5 | set(LIBQ_VERSION_MINOR @LIBQ_VERSION_MINOR@) 6 | set(LIBQ_VERSION_PATCH @LIBQ_VERSION_PATCH@) 7 | set(LIBQ_PACKAGE_VERSION @LIBQ_PACKAGE_VERSION@) 8 | 9 | set(LIBQ_INCLUDE_DIR "@LIBQ_INCLUDE_DIR@") 10 | set(LIBQ_LIBRARY_DIR "@LIBQ_LIBRARY_DIR@") 11 | -------------------------------------------------------------------------------- /libq/include/qapi/dealloc-visitor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Dealloc Visitor 3 | * 4 | * Copyright IBM, Corp. 2011 5 | * 6 | * Authors: 7 | * Michael Roth 8 | * 9 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 10 | * See the COPYING.LIB file in the top-level directory. 11 | * 12 | */ 13 | 14 | #ifndef QAPI_DEALLOC_VISITOR_H 15 | #define QAPI_DEALLOC_VISITOR_H 16 | 17 | #include "qapi/visitor.h" 18 | 19 | #ifdef __cplusplus 20 | extern "C" { 21 | #endif 22 | 23 | typedef struct QapiDeallocVisitor QapiDeallocVisitor; 24 | 25 | /* 26 | * The dealloc visitor is primarily used only by generated 27 | * qapi_free_FOO() functions, and is the only visitor designed to work 28 | * correctly in the face of a partially-constructed QAPI tree. 29 | */ 30 | Visitor *qapi_dealloc_visitor_new(void); 31 | 32 | #ifdef __cplusplus 33 | } 34 | #endif 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /libq/include/qapi/forward-visitor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Forwarding visitor 3 | * 4 | * Copyright Red Hat, Inc. 2021 5 | * 6 | * Author: Paolo Bonzini 7 | * 8 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 9 | * See the COPYING.LIB file in the top-level directory. 10 | * 11 | */ 12 | 13 | #ifndef FORWARD_VISITOR_H 14 | #define FORWARD_VISITOR_H 15 | 16 | #include "qapi/visitor.h" 17 | 18 | #ifdef __cplusplus 19 | extern "C" { 20 | #endif 21 | 22 | typedef struct ForwardFieldVisitor ForwardFieldVisitor; 23 | 24 | /* 25 | * The forwarding visitor only expects a single name, @from, to be passed for 26 | * toplevel fields. It is converted to @to and forwarded to the @target visitor. 27 | * Calls within a struct are forwarded without changing the name. 28 | */ 29 | Visitor *visitor_forward_field(Visitor *target, const char *from, const char *to); 30 | 31 | #ifdef __cplusplus 32 | } 33 | #endif 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libq/include/qapi/helpers.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBQ_HELPERS 2 | 3 | #define LIBQ_HELPERS 4 | 5 | #include 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #define LIBQ_BUILD_BUG_MSG(x, msg) _Static_assert(!(x), msg) 12 | #define LIBQ_BUILD_BUG_ON(x) LIBQ_BUILD_BUG_MSG(x, "not expecting: " #x) 13 | 14 | struct Error; 15 | typedef struct Error Error; 16 | 17 | struct Visitor; 18 | typedef struct Visitor Visitor; 19 | 20 | #ifndef glue 21 | #define xglue(x, y) x##y 22 | #define glue(x, y) xglue(x, y) 23 | #define stringify(s) tostring(s) 24 | #define tostring(s) #s 25 | #endif 26 | 27 | #ifdef __cplusplus 28 | } 29 | #endif 30 | 31 | #ifdef __cplusplus 32 | #ifndef container_of 33 | #define container_of(ptr, type, member) \ 34 | ({ \ 35 | const decltype(((type *) 0)->member) *__mptr = (ptr); \ 36 | (type *) ((char *) __mptr - offsetof(type, member)); \ 37 | }) 38 | #endif 39 | #else 40 | #ifndef container_of 41 | #define container_of(ptr, type, member) \ 42 | ({ \ 43 | const typeof(((type *) 0)->member) *__mptr = (ptr); \ 44 | (type *) ((char *) __mptr - offsetof(type, member)); \ 45 | }) 46 | #endif 47 | #endif 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /libq/include/qapi/opts-visitor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Options Visitor 3 | * 4 | * Copyright Red Hat, Inc. 2012 5 | * 6 | * Author: Laszlo Ersek 7 | * 8 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 9 | * See the COPYING.LIB file in the top-level directory. 10 | * 11 | */ 12 | 13 | #ifndef OPTS_VISITOR_H 14 | #define OPTS_VISITOR_H 15 | 16 | #include "qapi/visitor.h" 17 | 18 | #ifdef __cplusplus 19 | extern "C" { 20 | #endif 21 | 22 | /* Inclusive upper bound on the size of any flattened range. This is a safety 23 | * (= anti-annoyance) measure; wrong ranges should not cause long startup 24 | * delays nor exhaust virtual memory. 25 | */ 26 | #define OPTS_VISITOR_RANGE_MAX 65536 27 | 28 | typedef struct OptsVisitor OptsVisitor; 29 | 30 | /* Contrarily to qemu-option.c::parse_option_number(), OptsVisitor's "int" 31 | * parser relies on strtoll() instead of strtoull(). Consequences: 32 | * - string representations of negative numbers yield negative values, 33 | * - values below INT64_MIN or LLONG_MIN are rejected, 34 | * - values above INT64_MAX or LLONG_MAX are rejected. 35 | * 36 | * The Opts input visitor does not implement support for visiting QAPI 37 | * alternates, numbers (other than integers), null, or arbitrary 38 | * QTypes. It also requires a non-null list argument to 39 | * visit_start_list(). 40 | */ 41 | Visitor *opts_visitor_new(const QemuOpts *opts); 42 | 43 | #ifdef __cplusplus 44 | } 45 | #endif 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /libq/include/qapi/qmp-event.h: -------------------------------------------------------------------------------- 1 | /* 2 | * QMP Event related 3 | * 4 | * Copyright (c) 2014 Wenchao Xia 5 | * 6 | * Authors: 7 | * Wenchao Xia 8 | * 9 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 10 | * See the COPYING.LIB file in the top-level directory. 11 | * 12 | */ 13 | 14 | #ifndef QMP_EVENT_H 15 | #define QMP_EVENT_H 16 | 17 | #ifdef __cplusplus 18 | extern "C" { 19 | #endif 20 | 21 | QDict *qmp_event_build_dict(const char *event_name); 22 | 23 | #ifdef __cplusplus 24 | } 25 | #endif 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /libq/include/qapi/qmp/json-parser.h: -------------------------------------------------------------------------------- 1 | /* 2 | * JSON Parser 3 | * 4 | * Copyright IBM, Corp. 2009 5 | * 6 | * Authors: 7 | * Anthony Liguori 8 | * 9 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 10 | * See the COPYING.LIB file in the top-level directory. 11 | * 12 | */ 13 | 14 | #ifndef QAPI_QMP_JSON_PARSER_H 15 | #define QAPI_QMP_JSON_PARSER_H 16 | 17 | #include 18 | #include 19 | #include "qobject.h" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | typedef struct JSONLexer { 26 | int start_state, state; 27 | GString *token; 28 | int x, y; 29 | } JSONLexer; 30 | 31 | typedef struct JSONMessageParser { 32 | void (*emit)(void *opaque, QObject *json, Error *err); 33 | void *opaque; 34 | va_list *ap; 35 | JSONLexer lexer; 36 | int brace_count; 37 | int bracket_count; 38 | GQueue tokens; 39 | uint64_t token_size; 40 | } JSONMessageParser; 41 | 42 | void json_message_parser_init(JSONMessageParser *parser, void (*emit)(void *opaque, QObject *json, Error *err), 43 | void *opaque, va_list *ap); 44 | 45 | void json_message_parser_feed(JSONMessageParser *parser, const char *buffer, size_t size); 46 | 47 | void json_message_parser_flush(JSONMessageParser *parser); 48 | 49 | void json_message_parser_destroy(JSONMessageParser *parser); 50 | 51 | #ifdef __cplusplus 52 | } 53 | #endif 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /libq/include/qapi/qmp/qbool.h: -------------------------------------------------------------------------------- 1 | /* 2 | * QBool Module 3 | * 4 | * Copyright IBM, Corp. 2009 5 | * 6 | * Authors: 7 | * Anthony Liguori 8 | * 9 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 10 | * See the COPYING.LIB file in the top-level directory. 11 | * 12 | */ 13 | 14 | #ifndef QBOOL_H 15 | #define QBOOL_H 16 | 17 | #include "qapi/qmp/qobject.h" 18 | 19 | #ifdef __cplusplus 20 | extern "C" { 21 | #endif 22 | 23 | typedef struct QBool { 24 | struct QObjectBase_ base; 25 | bool value; 26 | } QBool; 27 | 28 | void qbool_unref(QBool *q); 29 | 30 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(QBool, qbool_unref) 31 | 32 | QBool *qbool_from_bool(bool value); 33 | bool qbool_get_bool(const QBool *qb); 34 | 35 | #ifdef __cplusplus 36 | } 37 | #endif 38 | 39 | #endif /* QBOOL_H */ 40 | -------------------------------------------------------------------------------- /libq/include/qapi/qmp/qerror.h: -------------------------------------------------------------------------------- 1 | /* 2 | * QError Module 3 | * 4 | * Copyright (C) 2009 Red Hat Inc. 5 | * 6 | * Authors: 7 | * Luiz Capitulino 8 | * 9 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 10 | * See the COPYING.LIB file in the top-level directory. 11 | */ 12 | #ifndef QERROR_H 13 | #define QERROR_H 14 | 15 | /* 16 | * These macros will go away, please don't use in new code, and do not 17 | * add new ones! 18 | */ 19 | 20 | #define QERR_INVALID_PARAMETER "Invalid parameter '%s'" 21 | 22 | #define QERR_INVALID_PARAMETER_TYPE "Invalid parameter type for '%s', expected: %s" 23 | 24 | #define QERR_INVALID_PARAMETER_VALUE "Parameter '%s' expects %s" 25 | 26 | #define QERR_MISSING_PARAMETER "Parameter '%s' is missing" 27 | 28 | #endif /* QERROR_H */ 29 | -------------------------------------------------------------------------------- /libq/include/qapi/qmp/qjson.h: -------------------------------------------------------------------------------- 1 | /* 2 | * QObject JSON integration 3 | * 4 | * Copyright IBM, Corp. 2009 5 | * 6 | * Authors: 7 | * Anthony Liguori 8 | * 9 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 10 | * See the COPYING.LIB file in the top-level directory. 11 | * 12 | */ 13 | 14 | #ifndef QJSON_H 15 | #define QJSON_H 16 | 17 | #include "qdict.h" 18 | #include "qobject.h" 19 | 20 | #ifdef __cplusplus 21 | extern "C" { 22 | #endif 23 | 24 | QObject *qobject_from_json(const char *string, Error **errp); 25 | 26 | QObject *qobject_from_vjsonf_nofail(const char *string, va_list ap) G_GNUC_PRINTF(1, 0); 27 | QObject *qobject_from_jsonf_nofail(const char *string, ...) G_GNUC_PRINTF(1, 2); 28 | QDict *qdict_from_vjsonf_nofail(const char *string, va_list ap) G_GNUC_PRINTF(1, 0); 29 | QDict *qdict_from_jsonf_nofail(const char *string, ...) G_GNUC_PRINTF(1, 2); 30 | 31 | GString *qobject_to_json(const QObject *obj); 32 | GString *qobject_to_json_pretty(const QObject *obj, bool pretty); 33 | 34 | #ifdef __cplusplus 35 | } 36 | #endif 37 | 38 | #endif /* QJSON_H */ 39 | -------------------------------------------------------------------------------- /libq/include/qapi/qmp/qnull.h: -------------------------------------------------------------------------------- 1 | /* 2 | * QNull 3 | * 4 | * Copyright (C) 2015 Red Hat, Inc. 5 | * 6 | * Authors: 7 | * Markus Armbruster 8 | * 9 | * This work is licensed under the terms of the GNU LGPL, version 2.1 10 | * or later. See the COPYING.LIB file in the top-level directory. 11 | */ 12 | 13 | #ifndef QNULL_H 14 | #define QNULL_H 15 | 16 | #ifdef __cplusplus 17 | extern "C" { 18 | #endif 19 | 20 | #include "qapi/qmp/qobject.h" 21 | 22 | typedef struct QNull { 23 | struct QObjectBase_ base; 24 | } QNull; 25 | 26 | extern QNull qnull_; 27 | 28 | static inline QNull *qnull(void) { 29 | return qobject_ref(&qnull_); 30 | } 31 | 32 | void qnull_unref(QNull *q); 33 | 34 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(QNull, qnull_unref) 35 | 36 | #ifdef __cplusplus 37 | } 38 | #endif 39 | 40 | #endif /* QNULL_H */ 41 | -------------------------------------------------------------------------------- /libq/include/qapi/qmp/qstring.h: -------------------------------------------------------------------------------- 1 | /* 2 | * QString Module 3 | * 4 | * Copyright (C) 2009 Red Hat Inc. 5 | * 6 | * Authors: 7 | * Luiz Capitulino 8 | * 9 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 10 | * See the COPYING.LIB file in the top-level directory. 11 | */ 12 | 13 | #ifndef QSTRING_H 14 | #define QSTRING_H 15 | 16 | #include "qapi/qmp/qobject.h" 17 | 18 | #ifdef __cplusplus 19 | extern "C" { 20 | #endif 21 | 22 | typedef struct QString { 23 | struct QObjectBase_ base; 24 | const char *string; 25 | } QString; 26 | 27 | void qstring_unref(QString *q); 28 | 29 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(QString, qstring_unref) 30 | 31 | QString *qstring_new(void); 32 | QString *qstring_from_str(const char *str); 33 | QString *qstring_from_substr(const char *str, size_t start, size_t end); 34 | QString *qstring_from_gstring(GString *gstr); 35 | const char *qstring_get_str(const QString *qstring); 36 | 37 | #ifdef __cplusplus 38 | } 39 | #endif 40 | 41 | #endif /* QSTRING_H */ 42 | -------------------------------------------------------------------------------- /libq/include/qapi/string-input-visitor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * String parsing Visitor 3 | * 4 | * Copyright Red Hat, Inc. 2012 5 | * 6 | * Author: Paolo Bonzini 7 | * 8 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 9 | * See the COPYING.LIB file in the top-level directory. 10 | * 11 | */ 12 | 13 | #ifndef STRING_INPUT_VISITOR_H 14 | #define STRING_INPUT_VISITOR_H 15 | 16 | #include "qapi/visitor.h" 17 | 18 | #ifdef __cplusplus 19 | extern "C" { 20 | #endif 21 | 22 | typedef struct StringInputVisitor StringInputVisitor; 23 | 24 | /* 25 | * The string input visitor does not implement support for visiting 26 | * QAPI structs, alternates, null, or arbitrary QTypes. Only flat lists 27 | * of integers (except type "size") are supported. 28 | */ 29 | Visitor *string_input_visitor_new(const char *str); 30 | 31 | #ifdef __cplusplus 32 | } 33 | #endif 34 | #endif 35 | -------------------------------------------------------------------------------- /libq/include/qapi/string-output-visitor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * String printing Visitor 3 | * 4 | * Copyright Red Hat, Inc. 2012 5 | * 6 | * Author: Paolo Bonzini 7 | * 8 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 9 | * See the COPYING.LIB file in the top-level directory. 10 | * 11 | */ 12 | 13 | #ifndef STRING_OUTPUT_VISITOR_H 14 | #define STRING_OUTPUT_VISITOR_H 15 | 16 | #include "qapi/visitor.h" 17 | 18 | #ifdef __cplusplus 19 | extern "C" { 20 | #endif 21 | 22 | typedef struct StringOutputVisitor StringOutputVisitor; 23 | 24 | /* 25 | * Create a new string output visitor. 26 | * 27 | * Using @human creates output that is a bit easier for humans to read 28 | * (for example, showing integer values in both decimal and hex). 29 | * 30 | * If everything else succeeds, pass @result to visit_complete() to 31 | * collect the result of the visit. 32 | * 33 | * The string output visitor does not implement support for visiting 34 | * QAPI structs, alternates, null, or arbitrary QTypes. It also 35 | * requires a non-null list argument to visit_start_list(). 36 | */ 37 | Visitor *string_output_visitor_new(bool human, char **result); 38 | 39 | #ifdef __cplusplus 40 | } 41 | #endif 42 | #endif 43 | -------------------------------------------------------------------------------- /libq/src/qobject/qbool.c: -------------------------------------------------------------------------------- 1 | /* 2 | * QBool Module 3 | * 4 | * Copyright IBM, Corp. 2009 5 | * 6 | * Authors: 7 | * Anthony Liguori 8 | * 9 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 10 | * See the COPYING.LIB file in the top-level directory. 11 | * 12 | */ 13 | 14 | #include "qapi/qmp/qbool.h" 15 | #include "qobject-internal.h" 16 | 17 | /** 18 | * qbool_from_bool(): Create a new QBool from a bool 19 | * 20 | * Return strong reference. 21 | */ 22 | QBool *qbool_from_bool(bool value) { 23 | QBool *qb; 24 | 25 | qb = g_malloc(sizeof(*qb)); 26 | qobject_init(QOBJECT(qb), QTYPE_QBOOL); 27 | qb->value = value; 28 | 29 | return qb; 30 | } 31 | 32 | /** 33 | * qbool_get_bool(): Get the stored bool 34 | */ 35 | bool qbool_get_bool(const QBool *qb) { 36 | return qb->value; 37 | } 38 | 39 | /** 40 | * qbool_is_equal(): Test whether the two QBools are equal 41 | */ 42 | bool qbool_is_equal(const QObject *x, const QObject *y) { 43 | return qobject_to(QBool, x)->value == qobject_to(QBool, y)->value; 44 | } 45 | 46 | /** 47 | * qbool_destroy_obj(): Free all memory allocated by a 48 | * QBool object 49 | */ 50 | void qbool_destroy_obj(QObject *obj) { 51 | assert(obj != NULL); 52 | g_free(qobject_to(QBool, obj)); 53 | } 54 | 55 | void qbool_unref(QBool *q) { 56 | qobject_unref(q); 57 | } 58 | -------------------------------------------------------------------------------- /libq/src/qobject/qnull.c: -------------------------------------------------------------------------------- 1 | /* 2 | * QNull 3 | * 4 | * Copyright (C) 2015 Red Hat, Inc. 5 | * 6 | * Authors: 7 | * Markus Armbruster 8 | * 9 | * This work is licensed under the terms of the GNU LGPL, version 2.1 10 | * or later. See the COPYING.LIB file in the top-level directory. 11 | */ 12 | 13 | #include "qapi/qmp/qnull.h" 14 | #include "qobject-internal.h" 15 | 16 | QNull qnull_ = { 17 | .base = 18 | { 19 | .type = QTYPE_QNULL, 20 | .refcnt = 1, 21 | }, 22 | }; 23 | 24 | /** 25 | * qnull_is_equal(): Always return true because any two QNull objects 26 | * are equal. 27 | */ 28 | bool qnull_is_equal(const QObject *x, const QObject *y) { 29 | return true; 30 | } 31 | 32 | void qnull_unref(QNull *q) { 33 | qobject_unref(q); 34 | } 35 | -------------------------------------------------------------------------------- /libq/src/qobject/qobject-internal.h: -------------------------------------------------------------------------------- 1 | /* 2 | * QObject internals 3 | * 4 | * Copyright (C) 2015 Red Hat, Inc. 5 | * 6 | * This work is licensed under the terms of the GNU LGPL, version 2.1 7 | * or later. See the COPYING.LIB file in the top-level directory. 8 | */ 9 | 10 | #ifndef QOBJECT_INTERNAL_H 11 | #define QOBJECT_INTERNAL_H 12 | 13 | #include "qapi/qmp/qobject.h" 14 | 15 | static inline void qobject_init(QObject *obj, QType type) { 16 | assert(QTYPE_NONE < type && type < QTYPE__MAX); 17 | obj->base.refcnt = 1; 18 | obj->base.type = type; 19 | } 20 | 21 | void qbool_destroy_obj(QObject *obj); 22 | bool qbool_is_equal(const QObject *x, const QObject *y); 23 | 24 | void qdict_destroy_obj(QObject *obj); 25 | bool qdict_is_equal(const QObject *x, const QObject *y); 26 | 27 | void qlist_destroy_obj(QObject *obj); 28 | bool qlist_is_equal(const QObject *x, const QObject *y); 29 | 30 | bool qnull_is_equal(const QObject *x, const QObject *y); 31 | 32 | void qnum_destroy_obj(QObject *obj); 33 | bool qnum_is_equal(const QObject *x, const QObject *y); 34 | 35 | void qstring_destroy_obj(QObject *obj); 36 | bool qstring_is_equal(const QObject *x, const QObject *y); 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /libq/src/tests/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/libq/src/tests/CMakeLists.txt -------------------------------------------------------------------------------- /libq/src/unicode.h: -------------------------------------------------------------------------------- 1 | /* 2 | * JSON Parser 3 | * 4 | * Copyright IBM, Corp. 2009 5 | * Copyright 2016 - Cyberhaven 6 | * 7 | * Authors: 8 | * Anthony Liguori 9 | * Vitaly Chipounov 10 | * 11 | * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. 12 | * See the COPYING.LIB file in the top-level directory. 13 | * 14 | */ 15 | 16 | #ifndef LIBQ_UNICODE 17 | 18 | #define LIBQ_UNICODE 19 | 20 | #include 21 | 22 | int mod_utf8_codepoint(const char *s, size_t n, char **end); 23 | ssize_t mod_utf8_encode(char buf[], size_t bufsz, int codepoint); 24 | 25 | #endif -------------------------------------------------------------------------------- /libs2e/LIBS2EConfig.cmake.in: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017, Cyberhaven 2 | # 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to deal 5 | # in the Software without restriction, including without limitation the rights 6 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | # copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | # 10 | # The above copyright notice and this permission notice shall be included in all 11 | # copies or substantial portions of the Software. 12 | # 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | # SOFTWARE. 20 | 21 | set(LIBS2E_VERSION_MAJOR @LIBS2E_VERSION_MAJOR@) 22 | set(LIBS2E_VERSION_MINOR @LIBS2E_VERSION_MINOR@) 23 | set(LIBS2E_VERSION_PATCH @LIBS2E_VERSION_PATCH@) 24 | set(LIBS2E_PACKAGE_VERSION @LIBS2E_PACKAGE_VERSION@) 25 | 26 | set(LIBS2E_INCLUDE_DIR "@LIBS2E_INCLUDE_DIR@") 27 | set(LIBS2E_LIBRARY_DIR "@LIBS2E_LIBRARY_DIR@") 28 | -------------------------------------------------------------------------------- /libs2e/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014-2020 Cyberhaven 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | 21 | =========== 22 | 23 | libs2e uses 3rd-party libraries that have their own licenses: 24 | 25 | libq: LGPL v2.1 26 | libcpu: LGPL v2.1 27 | libtcg: BSD/MIT 28 | libcoroutine: LGPL v2.1 29 | klee: University of Illinois/NCSA 30 | llvm: University of Illinois/NCSA (http://llvm.org) 31 | lua: MIT (https://www.lua.org) 32 | -------------------------------------------------------------------------------- /libs2e/Makefile: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017, Cyberhaven 2 | # 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to deal 5 | # in the Software without restriction, including without limitation the rights 6 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | # copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | # 10 | # The above copyright notice and this permission notice shall be included in all 11 | # copies or substantial portions of the Software. 12 | # 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | # SOFTWARE. 20 | 21 | TARGETS := $(wildcard *-softmmu) 22 | 23 | all: $(TARGETS) 24 | .PHONY: $(TARGETS) 25 | 26 | $(TARGETS): 27 | $(MAKE) -C $@ 28 | 29 | clean: 30 | for f in $(TARGETS); do $(MAKE) -C $$f clean; done 31 | -------------------------------------------------------------------------------- /libs2e/README.md: -------------------------------------------------------------------------------- 1 | Building and running libs2e 2 | =========================== 3 | 4 | This directory contains the top-level source files of ``libs2e.so``. 5 | 6 | Please refer to the documentation on how to build it. 7 | -------------------------------------------------------------------------------- /libs2e/src/mapfile: -------------------------------------------------------------------------------- 1 | { 2 | global: 3 | open64; 4 | close64; 5 | write; 6 | sigaction; 7 | ioctl; 8 | select; 9 | poll; 10 | mmap; 11 | mmap64; 12 | madvise; 13 | printf; 14 | fprintf; 15 | dup; 16 | __libc_start_main; 17 | local: 18 | *; 19 | }; 20 | -------------------------------------------------------------------------------- /libs2ecore/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014-2020 Cyberhaven 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | 21 | =========== 22 | 23 | libs2ecore uses 3rd-party libraries that have their own licenses: 24 | 25 | libq: LGPL v2.1 26 | libcpu: LGPL v2.1 27 | libtcg: BSD/MIT 28 | klee: University of Illinois/NCSA 29 | llvm: University of Illinois/NCSA (http://llvm.org) 30 | lua: MIT (https://www.lua.org) 31 | -------------------------------------------------------------------------------- /libs2eplugins/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014-2020 Cyberhaven 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | 21 | =========== 22 | 23 | libs2eplugins uses 3rd-party libraries that have their own licenses: 24 | 25 | libq: LGPL v2.1 26 | libcpu: LGPL v2.1 27 | libtcg: BSD/MIT 28 | klee: University of Illinois/NCSA 29 | llvm: University of Illinois/NCSA (http://llvm.org) 30 | lua: MIT (https://www.lua.org) 31 | 32 | -------------------------------------------------------------------------------- /libtcg/LIBTCGConfig.cmake.in: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Cyberhaven 2 | # 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to deal 5 | # in the Software without restriction, including without limitation the rights 6 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | # copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | # 10 | # The above copyright notice and this permission notice shall be included in all 11 | # copies or substantial portions of the Software. 12 | # 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | # SOFTWARE. 20 | 21 | set(LIBTCG_VERSION_MAJOR @LIBTCG_VERSION_MAJOR@) 22 | set(LIBTCG_VERSION_MINOR @LIBTCG_VERSION_MINOR@) 23 | set(LIBTCG_VERSION_PATCH @LIBTCG_VERSION_PATCH@) 24 | set(LIBTCG_PACKAGE_VERSION @LIBTCG_PACKAGE_VERSION@) 25 | 26 | set(LIBTCG_INCLUDE_DIR "@LIBTCG_INCLUDE_DIR@") 27 | set(LIBTCG_LIBRARY_DIR "@LIBTCG_LIBRARY_DIR@") 28 | -------------------------------------------------------------------------------- /libtcg/LICENSE: -------------------------------------------------------------------------------- 1 | All the files in this directory and subdirectories are released under 2 | an MIT/BSD-like license (see header in each file). No other license is 3 | accepted. 4 | 5 | ====== 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy 8 | of this software and associated documentation files (the "Software"), to deal 9 | in the Software without restriction, including without limitation the rights 10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | copies of the Software, and to permit persons to whom the Software is 12 | furnished to do so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /libtcg/TODO: -------------------------------------------------------------------------------- 1 | - Add new instructions such as: clz, ctz, popcnt. 2 | 3 | - See if it is worth exporting mul2, mulu2, div2, divu2. 4 | 5 | - Support of globals saved in fixed registers between TBs. 6 | 7 | Ideas: 8 | 9 | - Move the slow part of the qemu_ld/st ops after the end of the TB. 10 | 11 | - Change exception syntax to get closer to QOP system (exception 12 | parameters given with a specific instruction). 13 | 14 | - Add float and vector support. 15 | -------------------------------------------------------------------------------- /libtcg/include/tcg/accel/plugin-helpers.h: -------------------------------------------------------------------------------- 1 | #ifdef CONFIG_PLUGIN 2 | DEF_HELPER_FLAGS_2(plugin_vcpu_udata_cb, TCG_CALL_NO_RWG | TCG_CALL_PLUGIN, void, i32, ptr) 3 | DEF_HELPER_FLAGS_4(plugin_vcpu_mem_cb, TCG_CALL_NO_RWG | TCG_CALL_PLUGIN, void, i32, i32, i64, ptr) 4 | #endif 5 | -------------------------------------------------------------------------------- /libtcg/include/tcg/cpu.h: -------------------------------------------------------------------------------- 1 | /// Copyright (C) 2003 Fabrice Bellard 2 | /// Copyright (C) 2010 Dependable Systems Laboratory, EPFL 3 | /// Copyright (C) 2016 Cyberhaven 4 | /// Copyrights of all contributions belong to their respective owners. 5 | /// 6 | /// This library is free software; you can redistribute it and/or 7 | /// modify it under the terms of the GNU Library General Public 8 | /// License as published by the Free Software Foundation; either 9 | /// version 2 of the License, or (at your option) any later version. 10 | /// 11 | /// This library is distributed in the hope that it will be useful, 12 | /// but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | /// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | /// Library General Public License for more details. 15 | /// 16 | /// You should have received a copy of the GNU Library General Public 17 | /// License along with this library; if not, see . 18 | 19 | #ifndef __LIBTCG_CPU_H__ 20 | 21 | #define __LIBTCG_CPU_H__ 22 | 23 | /* same as PROT_xxx */ 24 | #define PAGE_READ 0x0001 25 | #define PAGE_WRITE 0x0002 26 | #define PAGE_EXEC 0x0004 27 | #define PAGE_BITS (PAGE_READ | PAGE_WRITE | PAGE_EXEC) 28 | #define PAGE_VALID 0x0008 29 | /* original state of the write flag (used when tracking self-modifying 30 | code */ 31 | #define PAGE_WRITE_ORG 0x0010 32 | 33 | #endif -------------------------------------------------------------------------------- /libtcg/include/tcg/exec/helper-gen-common.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 | /* 3 | * Helper file for declaring TCG helper functions. 4 | * This one expands generation functions for tcg opcodes. 5 | */ 6 | 7 | #ifndef HELPER_GEN_COMMON_H 8 | #define HELPER_GEN_COMMON_H 9 | 10 | #define HELPER_H "tcg/accel/tcg-runtime.h" 11 | #include "helper-gen.h.inc" 12 | #undef HELPER_H 13 | 14 | #define HELPER_H "tcg/accel/plugin-helpers.h" 15 | #include "helper-gen.h.inc" 16 | #undef HELPER_H 17 | 18 | #endif /* HELPER_GEN_COMMON_H */ 19 | -------------------------------------------------------------------------------- /libtcg/include/tcg/exec/helper-gen.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 | /* 3 | * Helper file for declaring TCG helper functions. 4 | * This one expands generation functions for tcg opcodes. 5 | */ 6 | 7 | #ifndef HELPER_GEN_H 8 | #define HELPER_GEN_H 9 | 10 | #include "helper-gen-common.h" 11 | 12 | #define HELPER_H "tcg/helper.h" 13 | #include "helper-gen.h.inc" 14 | #undef HELPER_H 15 | 16 | #endif /* HELPER_GEN_H */ 17 | -------------------------------------------------------------------------------- /libtcg/include/tcg/exec/helper-proto-common.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 | /* 3 | * Helper file for declaring TCG helper functions. 4 | * This one expands prototypes for the helper functions. 5 | */ 6 | 7 | #ifndef HELPER_PROTO_COMMON_H 8 | #define HELPER_PROTO_COMMON_H 9 | 10 | #include "tcg/utils/atomic128.h" /* for HAVE_CMPXCHG128 */ 11 | 12 | #define HELPER_H "tcg/accel/tcg-runtime.h" 13 | #include "tcg/exec/helper-proto.h.inc" 14 | #undef HELPER_H 15 | 16 | #define HELPER_H "tcg/accel/plugin-helpers.h" 17 | #include "tcg/exec/helper-proto.h.inc" 18 | #undef HELPER_H 19 | 20 | #endif /* HELPER_PROTO_COMMON_H */ 21 | -------------------------------------------------------------------------------- /libtcg/include/tcg/exec/helper-proto.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 | /* 3 | * Helper file for declaring TCG helper functions. 4 | * This one expands prototypes for the helper functions. 5 | */ 6 | 7 | #ifndef HELPER_PROTO_H 8 | #define HELPER_PROTO_H 9 | 10 | #include "helper-proto-common.h" 11 | 12 | #define HELPER_H "tcg/helper.h" 13 | #include "helper-proto.h.inc" 14 | #undef HELPER_H 15 | 16 | #endif /* HELPER_PROTO_H */ 17 | -------------------------------------------------------------------------------- /libtcg/include/tcg/i386/tcg-target-reg-bits.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: MIT */ 2 | /* 3 | * Define target-specific register size 4 | * Copyright (c) 2008 Fabrice Bellard 5 | */ 6 | 7 | #ifndef TCG_TARGET_REG_BITS_H 8 | #define TCG_TARGET_REG_BITS_H 9 | 10 | #ifdef __x86_64__ 11 | #define TCG_TARGET_REG_BITS 64 12 | #else 13 | #define TCG_TARGET_REG_BITS 32 14 | #endif 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /libtcg/include/tcg/insn-start-words.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: MIT */ 2 | /* 3 | * Define TARGET_INSN_START_WORDS 4 | * Copyright (c) 2008 Fabrice Bellard 5 | */ 6 | 7 | #ifndef TARGET_INSN_START_WORDS 8 | 9 | #include "cpu.h" 10 | 11 | #ifndef TARGET_INSN_START_EXTRA_WORDS 12 | #define TARGET_INSN_START_WORDS 1 13 | #else 14 | #define TARGET_INSN_START_WORDS (1 + TARGET_INSN_START_EXTRA_WORDS) 15 | #endif 16 | 17 | #endif /* TARGET_INSN_START_WORDS */ 18 | -------------------------------------------------------------------------------- /libtcg/include/tcg/utils/cache.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2023 Vitaly Chipounov 2 | // 3 | // Permission is hereby granted, free of charge, to any person obtaining a copy 4 | // of this software and associated documentation files (the "Software"), to deal 5 | // in the Software without restriction, including without limitation the rights 6 | // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | // copies of the Software, and to permit persons to whom the Software is 8 | // furnished to do so, subject to the following conditions: 9 | // 10 | // The above copyright notice and this permission notice shall be included in 11 | // all copies or substantial portions of the Software. 12 | // 13 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 16 | // THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | // THE SOFTWARE. 20 | 21 | #ifndef TCG_CACHE_H 22 | 23 | #define TCG_CACHE_H 24 | 25 | #ifdef __cplusplus 26 | extern "C" { 27 | #endif 28 | 29 | extern int g_icache_linesize; 30 | extern int g_dcache_linesize; 31 | 32 | int init_cache_info(); 33 | 34 | #ifdef __cplusplus 35 | } 36 | #endif 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /libtcg/include/tcg/utils/debug-assert.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: MIT */ 2 | /* 3 | * Define tcg_debug_assert 4 | * Copyright (c) 2008 Fabrice Bellard 5 | */ 6 | 7 | #ifndef TCG_DEBUG_ASSERT_H 8 | #define TCG_DEBUG_ASSERT_H 9 | 10 | #ifdef __cplusplus 11 | extern "C" { 12 | #endif 13 | 14 | #if defined CONFIG_DEBUG_TCG || defined QEMU_STATIC_ANALYSIS 15 | #define tcg_debug_assert(X) \ 16 | do { \ 17 | assert(X); \ 18 | } while (0) 19 | #else 20 | #define tcg_debug_assert(X) \ 21 | do { \ 22 | if (!(X)) { \ 23 | __builtin_unreachable(); \ 24 | } \ 25 | } while (0) 26 | #endif 27 | 28 | #ifdef __cplusplus 29 | } 30 | #endif 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /libtcg/include/tcg/utils/host/generic/atomic128-cas.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-License-Identifier: GPL-2.0-or-later 3 | * Compare-and-swap for 128-bit atomic operations, generic version. 4 | * 5 | * Copyright (C) 2018, 2023 Linaro, Ltd. 6 | * 7 | * See docs/devel/atomics.rst for discussion about the guarantees each 8 | * atomic primitive is meant to provide. 9 | */ 10 | 11 | #ifndef HOST_ATOMIC128_CAS_H 12 | #define HOST_ATOMIC128_CAS_H 13 | 14 | #if defined(CONFIG_ATOMIC128) 15 | static inline Int128 ATTRIBUTE_ATOMIC128_OPT atomic16_cmpxchg(Int128 *ptr, Int128 cmp, Int128 _new) { 16 | __int128_t *ptr_align = __builtin_assume_aligned(ptr, 16); 17 | Int128Alias r, c, n; 18 | 19 | c.s = cmp; 20 | n.s = _new; 21 | r.i = qatomic_cmpxchg__nocheck(ptr_align, c.i, n.i); 22 | return r.s; 23 | } 24 | #define HAVE_CMPXCHG128 1 25 | #elif defined(CONFIG_CMPXCHG128) 26 | static inline Int128 ATTRIBUTE_ATOMIC128_OPT atomic16_cmpxchg(Int128 *ptr, Int128 cmp, Int128 _new) { 27 | __int128_t *ptr_align = __builtin_assume_aligned(ptr, 16); 28 | Int128Alias r, c, n; 29 | 30 | c.s = cmp; 31 | n.s = _new; 32 | r.i = __sync_val_compare_and_swap_16(ptr_align, c.i, n.i); 33 | return r.s; 34 | } 35 | #define HAVE_CMPXCHG128 1 36 | #else 37 | /* Fallback definition that must be optimized away, or error. */ 38 | Int128 QEMU_ERROR("unsupported atomic") atomic16_cmpxchg(Int128 *ptr, Int128 cmp, Int128 _new); 39 | #define HAVE_CMPXCHG128 0 40 | #endif 41 | 42 | #endif /* HOST_ATOMIC128_CAS_H */ 43 | -------------------------------------------------------------------------------- /libtcg/include/tcg/utils/host/generic/load-extract-al16-al8.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-License-Identifier: GPL-2.0-or-later 3 | * Atomic extract 64 from 128-bit, generic version. 4 | * 5 | * Copyright (C) 2023 Linaro, Ltd. 6 | */ 7 | 8 | #ifndef HOST_LOAD_EXTRACT_AL16_AL8_H 9 | #define HOST_LOAD_EXTRACT_AL16_AL8_H 10 | 11 | /** 12 | * load_atom_extract_al16_or_al8: 13 | * @pv: host address 14 | * @s: object size in bytes, @s <= 8. 15 | * 16 | * Load @s bytes from @pv, when pv % s != 0. If [p, p+s-1] does not 17 | * cross an 16-byte boundary then the access must be 16-byte atomic, 18 | * otherwise the access must be 8-byte atomic. 19 | */ 20 | static inline uint64_t ATTRIBUTE_ATOMIC128_OPT load_atom_extract_al16_or_al8(void *pv, int s) { 21 | uintptr_t pi = (uintptr_t) pv; 22 | int o = pi & 7; 23 | int shr = (HOST_BIG_ENDIAN ? 16 - s - o : o) * 8; 24 | Int128 r; 25 | 26 | pv = (void *) (pi & ~7); 27 | if (pi & 8) { 28 | uint64_t *p8 = __builtin_assume_aligned(pv, 16, 8); 29 | uint64_t a = qatomic_read__nocheck(p8); 30 | uint64_t b = qatomic_read__nocheck(p8 + 1); 31 | 32 | if (HOST_BIG_ENDIAN) { 33 | r = int128_make128(b, a); 34 | } else { 35 | r = int128_make128(a, b); 36 | } 37 | } else { 38 | r = atomic16_read_ro(pv); 39 | } 40 | return int128_getlo(int128_urshift(r, shr)); 41 | } 42 | 43 | #endif /* HOST_LOAD_EXTRACT_AL16_AL8_H */ 44 | -------------------------------------------------------------------------------- /libtcg/include/tcg/utils/host/generic/store-insert-al16.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-License-Identifier: GPL-2.0-or-later 3 | * Atomic store insert into 128-bit, generic version. 4 | * 5 | * Copyright (C) 2023 Linaro, Ltd. 6 | */ 7 | 8 | #ifndef HOST_STORE_INSERT_AL16_H 9 | #define HOST_STORE_INSERT_AL16_H 10 | 11 | /** 12 | * store_atom_insert_al16: 13 | * @p: host address 14 | * @val: shifted value to store 15 | * @msk: mask for value to store 16 | * 17 | * Atomically store @val to @p masked by @msk. 18 | */ 19 | static inline void ATTRIBUTE_ATOMIC128_OPT store_atom_insert_al16(Int128 *ps, Int128 val, Int128 msk) { 20 | #if defined(CONFIG_ATOMIC128) 21 | __uint128_t *pu; 22 | Int128Alias old, new; 23 | 24 | /* With CONFIG_ATOMIC128, we can avoid the memory barriers. */ 25 | pu = __builtin_assume_aligned(ps, 16); 26 | old.u = *pu; 27 | msk = int128_not(msk); 28 | do { 29 | new.s = int128_and(old.s, msk); 30 | new.s = int128_or(new.s, val); 31 | } while (!__atomic_compare_exchange_n(pu, &old.u, new.u, true, __ATOMIC_RELAXED, __ATOMIC_RELAXED)); 32 | #else 33 | Int128 old, new, cmp; 34 | 35 | ps = __builtin_assume_aligned(ps, 16); 36 | old = *ps; 37 | msk = int128_not(msk); 38 | do { 39 | cmp = old; 40 | new = int128_and(old, msk); 41 | new = int128_or(new, val); 42 | old = atomic16_cmpxchg(ps, cmp, new); 43 | } while (int128_ne(cmp, old)); 44 | #endif 45 | } 46 | 47 | #endif /* HOST_STORE_INSERT_AL16_H */ 48 | -------------------------------------------------------------------------------- /libtcg/include/tcg/utils/host/i386/cpuinfo.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-License-Identifier: GPL-2.0-or-later 3 | * Host specific cpu indentification for x86. 4 | */ 5 | 6 | #ifndef HOST_CPUINFO_H 7 | #define HOST_CPUINFO_H 8 | 9 | /* Digested version of */ 10 | 11 | #define CPUINFO_ALWAYS (1u << 0) /* so cpuinfo is nonzero */ 12 | #define CPUINFO_CMOV (1u << 1) 13 | #define CPUINFO_MOVBE (1u << 2) 14 | #define CPUINFO_LZCNT (1u << 3) 15 | #define CPUINFO_POPCNT (1u << 4) 16 | #define CPUINFO_BMI1 (1u << 5) 17 | #define CPUINFO_BMI2 (1u << 6) 18 | #define CPUINFO_SSE2 (1u << 7) 19 | #define CPUINFO_SSE4 (1u << 8) 20 | #define CPUINFO_AVX1 (1u << 9) 21 | #define CPUINFO_AVX2 (1u << 10) 22 | #define CPUINFO_AVX512F (1u << 11) 23 | #define CPUINFO_AVX512VL (1u << 12) 24 | #define CPUINFO_AVX512BW (1u << 13) 25 | #define CPUINFO_AVX512DQ (1u << 14) 26 | #define CPUINFO_AVX512VBMI2 (1u << 15) 27 | #define CPUINFO_ATOMIC_VMOVDQA (1u << 16) 28 | #define CPUINFO_ATOMIC_VMOVDQU (1u << 17) 29 | #define CPUINFO_AES (1u << 18) 30 | 31 | /* Initialized with a constructor. */ 32 | extern unsigned cpuinfo; 33 | 34 | /* 35 | * We cannot rely on constructor ordering, so other constructors must 36 | * use the function interface rather than the variable above. 37 | */ 38 | unsigned cpuinfo_init(void); 39 | 40 | #endif /* HOST_CPUINFO_H */ 41 | -------------------------------------------------------------------------------- /libtcg/include/tcg/utils/host/x86_64/cpuinfo.h: -------------------------------------------------------------------------------- 1 | #include "../i386/cpuinfo.h" 2 | -------------------------------------------------------------------------------- /libtcg/include/tcg/utils/units.h: -------------------------------------------------------------------------------- 1 | /* 2 | * IEC binary prefixes definitions 3 | * 4 | * Copyright (C) 2015 Nikunj A Dadhania, IBM Corporation 5 | * Copyright (C) 2018 Philippe Mathieu-Daudé 6 | * 7 | * SPDX-License-Identifier: GPL-2.0-or-later 8 | */ 9 | 10 | #ifndef QEMU_UNITS_H 11 | #define QEMU_UNITS_H 12 | 13 | #include 14 | 15 | #define KiB (INT64_C(1) << 10) 16 | #define MiB (INT64_C(1) << 20) 17 | #define GiB (INT64_C(1) << 30) 18 | #define TiB (INT64_C(1) << 40) 19 | #define PiB (INT64_C(1) << 50) 20 | #define EiB (INT64_C(1) << 60) 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /libtcg/src/i386/tcg-target-con-str.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: MIT */ 2 | /* 3 | * Define i386 target-specific operand constraints. 4 | * Copyright (c) 2021 Linaro 5 | * 6 | */ 7 | 8 | /* 9 | * Define constraint letters for register sets: 10 | * REGS(letter, register_mask) 11 | */ 12 | REGS('a', 1u << TCG_REG_EAX) 13 | REGS('b', 1u << TCG_REG_EBX) 14 | REGS('c', 1u << TCG_REG_ECX) 15 | REGS('d', 1u << TCG_REG_EDX) 16 | REGS('S', 1u << TCG_REG_ESI) 17 | REGS('D', 1u << TCG_REG_EDI) 18 | 19 | REGS('r', ALL_GENERAL_REGS) 20 | REGS('x', ALL_VECTOR_REGS) 21 | REGS('q', ALL_BYTEL_REGS) /* regs that can be used as a byte operand */ 22 | REGS('Q', ALL_BYTEH_REGS) /* regs with a second byte (e.g. %ah) */ 23 | REGS('L', ALL_GENERAL_REGS & ~SOFTMMU_RESERVE_REGS) /* qemu_ld/st */ 24 | REGS('s', ALL_BYTEL_REGS & ~SOFTMMU_RESERVE_REGS) /* qemu_st8_i32 data */ 25 | 26 | /* 27 | * Define constraint letters for constants: 28 | * CONST(letter, TCG_CT_CONST_* bit set) 29 | */ 30 | CONST('e', TCG_CT_CONST_S32) 31 | CONST('I', TCG_CT_CONST_I32) 32 | CONST('W', TCG_CT_CONST_WSZ) 33 | CONST('Z', TCG_CT_CONST_U32) 34 | -------------------------------------------------------------------------------- /libvmi/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2012 Dependable Systems Laboratory, EPFL 2 | Copyright (c) 2014-2020 Cyberhaven 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining a copy 5 | of this software and associated documentation files (the "Software"), to deal 6 | in the Software without restriction, including without limitation the rights 7 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | copies of the Software, and to permit persons to whom the Software is 9 | furnished to do so, subject to the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be included in all 12 | copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 | SOFTWARE. 21 | 22 | =========== 23 | 24 | libvmi uses 3rd-party libraries that have their own licenses: 25 | 26 | libelf: LGPL v2.1 (http://www.mr511.de/software/) 27 | libdwarf: LGPL v2.1 (https://www.prevanders.net/dwarflicense.html) 28 | rapidjson: MIT/BSD (https://github.com/Tencent/rapidjson/blob/master/license.txt) 29 | -------------------------------------------------------------------------------- /libvmi/README.md: -------------------------------------------------------------------------------- 1 | Virtual Machine Introspection Library 2 | ===================================== 3 | 4 | This library allows easy inspection of VM's state by exposing as much debug 5 | information as possible. Debug information can come from the guest VM itself, 6 | compiled binaries with debug information, etc. 7 | 8 | libvmi relies on libelf and libdwarf to do the actual debug info parsing. 9 | 10 | libvmi can be used by S2E plugins. Currently the following file formats are 11 | supported: 12 | 13 | * PE 14 | * DECREE 15 | * ELF 16 | -------------------------------------------------------------------------------- /libvmi/VMIConfig.cmake.in: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017, Cyberhaven 2 | # 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to deal 5 | # in the Software without restriction, including without limitation the rights 6 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | # copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | # 10 | # The above copyright notice and this permission notice shall be included in all 11 | # copies or substantial portions of the Software. 12 | # 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | # SOFTWARE. 20 | 21 | set(VMI_VERSION_MAJOR @VMI_VERSION_MAJOR@) 22 | set(VMI_VERSION_MINOR @VMI_VERSION_MINOR@) 23 | set(VMI_VERSION_PATCH @VMI_VERSION_PATCH@) 24 | set(VMI_PACKAGE_VERSION @VMI_PACKAGE_VERSION@) 25 | 26 | set(VMI_INCLUDE_DIR "@VMI_INCLUDE_DIR@") 27 | set(VMI_LIBRARY_DIR "@VMI_LIBRARY_DIR@") 28 | -------------------------------------------------------------------------------- /libvmi/src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2017, Cyberhaven 2 | # 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to deal 5 | # in the Software without restriction, including without limitation the rights 6 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | # copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | # 10 | # The above copyright notice and this permission notice shall be included in all 11 | # copies or substantial portions of the Software. 12 | # 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | # SOFTWARE. 20 | 21 | add_library(vmi STATIC DecreeFile.cpp 22 | ExecutableFile.cpp 23 | FileProvider.cpp 24 | PEFile.cpp 25 | WindowsCrashDumpGenerator.cpp 26 | WinKernDumpFile.cpp) 27 | 28 | install(TARGETS vmi ARCHIVE DESTINATION lib) 29 | -------------------------------------------------------------------------------- /test-clang-format.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) 2020 Cyberhaven 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | 23 | 24 | set -xe 25 | 26 | ./run-clang-format.sh 27 | 28 | OUTPUT="$(git status --porcelain --untracked-files=no)" 29 | 30 | if [ "x$OUTPUT" = "x" ]; then 31 | echo "Code style ok" 32 | else 33 | git --no-pager diff 34 | echo "Please execute run-clang-format.sh to fix code style" 35 | exit 1 36 | fi 37 | -------------------------------------------------------------------------------- /testsuite/.gitignore: -------------------------------------------------------------------------------- 1 | windows32* 2 | windows64* 3 | linux64* 4 | linux32* 5 | cgc32* 6 | bin/* 7 | *.o 8 | 9 | -------------------------------------------------------------------------------- /testsuite/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2019 Cyberhaven 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | -------------------------------------------------------------------------------- /testsuite/basic0-singlepath/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "This is a smoke test that checks that guest images can load and run programs" 3 | targets: 4 | - windows32-basic0-singlepath.exe 5 | - windows64-basic0-singlepath.exe 6 | - linux32-basic0-singlepath 7 | - linux64-basic0-singlepath 8 | -------------------------------------------------------------------------------- /testsuite/basic0-singlepath/main.c: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, Cyberhaven 2 | // 3 | // Permission is hereby granted, free of charge, to any person obtaining a copy 4 | // of this software and associated documentation files (the "Software"), to deal 5 | // in the Software without restriction, including without limitation the rights 6 | // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | // copies of the Software, and to permit persons to whom the Software is 8 | // furnished to do so, subject to the following conditions: 9 | // 10 | // The above copyright notice and this permission notice shall be included in all 11 | // copies or substantial portions of the Software. 12 | // 13 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | // SOFTWARE. 20 | 21 | #include 22 | #include 23 | 24 | int main(int argc, char **argv) { 25 | s2e_printf("All good"); 26 | return 0; 27 | } 28 | -------------------------------------------------------------------------------- /testsuite/basic0-singlepath/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | grep -q "All good" $S2E_LAST/debug.txt 8 | 9 | check_coverage {{project_name}} 100 10 | -------------------------------------------------------------------------------- /testsuite/basic1-twopaths/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Checks that basic symbolic execution works by forking two paths" 3 | 4 | target_arguments: 5 | - ["@@"] 6 | 7 | targets: 8 | - windows64-basic1-twopaths.exe 9 | - windows32-basic1-twopaths.exe 10 | - linux32-basic1-twopaths 11 | - linux64-basic1-twopaths 12 | 13 | build-options: 14 | post-project-generation-script: fix-config.sh 15 | -------------------------------------------------------------------------------- /testsuite/basic1-twopaths/fix-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | echo "Patching s2e-config.lua..." 5 | 6 | PROJECT_NAME="$(basename $PROJECT_DIR)" 7 | 8 | if echo $PROJECT_NAME | grep -q windows; then 9 | cat << EOF >> $PROJECT_DIR/s2e-config.lua 10 | 11 | add_plugin("LibraryCallMonitor") 12 | EOF 13 | fi 14 | -------------------------------------------------------------------------------- /testsuite/basic1-twopaths/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | echo === Checking that program forked 8 | grep -q "Value is 1" $S2E_LAST/debug.txt 9 | grep -q "Value is not 1" $S2E_LAST/debug.txt 10 | 11 | {% if 'windows' in project_name %} 12 | echo === Checking that LibraryCallMonitor works properly 13 | grep -q "called ntdll.dll!RtlEnterCriticalSection" $S2E_LAST/debug.txt 14 | {% endif %} 15 | 16 | check_coverage {{project_name}} 60 17 | 18 | s2e forkprofile {{ project_name }} > $S2E_LAST/forkprofile.txt 19 | grep -q -i main.c $S2E_LAST/forkprofile.txt 20 | -------------------------------------------------------------------------------- /testsuite/basic10-fork-no-constraint/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Check that fork `count` times works properly" 3 | 4 | targets: 5 | - windows64-basic10-fork-no-constraint.exe 6 | - windows32-basic10-fork-no-constraint.exe 7 | - linux32-basic10-fork-no-constraint 8 | - linux64-basic10-fork-no-constraint 9 | -------------------------------------------------------------------------------- /testsuite/basic10-fork-no-constraint/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | # Make sure this test case generates exactly 4 states. 8 | grep -q "This is state 0 here" $S2E_LAST/debug.txt 9 | grep -q "This is state 1 here" $S2E_LAST/debug.txt 10 | grep -q "This is state 2 here" $S2E_LAST/debug.txt 11 | grep -q "This is state 3 here" $S2E_LAST/debug.txt 12 | 13 | check_coverage {{project_name}} 100.0 14 | -------------------------------------------------------------------------------- /testsuite/basic11-icount/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Check that InstructionCounter works properly" 3 | 4 | targets: 5 | - windows64-basic11-icount.exe 6 | - windows32-basic11-icount.exe 7 | - linux32-basic11-icount 8 | - linux64-basic11-icount 9 | 10 | build-options: 11 | post-project-generation-script: fix-config.sh 12 | -------------------------------------------------------------------------------- /testsuite/basic11-icount/fix-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | echo "Patching s2e-config.lua..." 6 | 7 | . ${TESTSUITE_ROOT}/helpers.sh 8 | 9 | PROJECT_NAME="$(basename $PROJECT_DIR)" 10 | 11 | PLATFORM=$(get_platform "$TARGET") 12 | 13 | cat << EOF >> $PROJECT_DIR/s2e-config.lua 14 | 15 | add_plugin("InstructionCounter") 16 | pluginsConfig.InstructionCounter = { 17 | filterPlugin = "ThreadExecutionDetector" 18 | } 19 | 20 | add_plugin("ThreadExecutionDetector") 21 | add_plugin("TranslationBlockTracer") 22 | pluginsConfig.TranslationBlockTracer = { 23 | traceTbStart = true, 24 | filterPlugin = "ThreadExecutionDetector" 25 | } 26 | 27 | EOF 28 | -------------------------------------------------------------------------------- /testsuite/basic11-icount/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | grep -q "icount good" $S2E_LAST/debug.txt 8 | 9 | s2e execution_trace -pp {{ project_name }} 10 | -------------------------------------------------------------------------------- /testsuite/basic2-maze/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Maze demo that demonstrates more complex symbex with many states" 3 | 4 | targets: 5 | - windows64-basic2-maze.exe 6 | - windows32-basic2-maze.exe 7 | - linux32-basic2-maze 8 | - linux64-basic2-maze 9 | 10 | build-options: 11 | post-project-generation-script: fix-config.sh 12 | -------------------------------------------------------------------------------- /testsuite/basic2-maze/fix-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | echo "Patching s2e-config.lua..." 5 | 6 | # Frequent state switching slows down large guests, increase batch time to avoid that 7 | sed -i 's/batchTime = 5/batchTime = 5000/g' $PROJECT_DIR/s2e-config.lua 8 | 9 | # Make sed worked 10 | grep -q "batchTime = 5000" $PROJECT_DIR/s2e-config.lua 11 | -------------------------------------------------------------------------------- /testsuite/basic2-maze/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | timeout --foreground --kill-after=30m 25m s2e run -n {{ project_name }} 6 | 7 | grep -q "You lose" $S2E_LAST/debug.txt 8 | grep -q "You win" $S2E_LAST/debug.txt 9 | 10 | COUNT=$(grep '\[State' "$S2E_LAST/debug.txt" | cut -d ' ' -f 3 | cut -d ']' -f 1 | sort -n | uniq | wc -l) 11 | if [ $COUNT -ne 401 ]; then 12 | echo Incorrect number of states 13 | exit 1 14 | fi 15 | 16 | # Don't check coverage, it's unreliable with -O3, and we need O3. 17 | # check_coverage {{project_name}} 70 18 | 19 | s2e forkprofile {{ project_name }} > $S2E_LAST/forkprofile.txt 20 | grep -q -i maze.c $S2E_LAST/forkprofile.txt 21 | -------------------------------------------------------------------------------- /testsuite/basic3-linux-kernel-cov/Makefile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019, Cyberhaven 2 | # 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to deal 5 | # in the Software without restriction, including without limitation the rights 6 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | # copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | # 10 | # The above copyright notice and this permission notice shall be included in all 11 | # copies or substantial portions of the Software. 12 | # 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | # SOFTWARE. 20 | 21 | TARGET=basic3-linux-kernel-cov 22 | SOURCE=main.c 23 | 24 | GCC_LINUX=gcc 25 | 26 | CFLAGS:=$(CFLAGS) -O3 -g -Wall -std=c99 27 | 28 | linux32-$(TARGET): $(SOURCE) 29 | $(GCC_LINUX) -m32 $(CFLAGS) -o "$@" "$^" 30 | 31 | TARGETS=linux32-$(TARGET) 32 | 33 | all: $(TARGETS) 34 | clean: 35 | rm -f $(TARGETS) 36 | -------------------------------------------------------------------------------- /testsuite/basic3-linux-kernel-cov/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Checks that S2E and s2e-env can handle Linux kernel code coverage properly" 3 | targets: 4 | - linux32-basic3-linux-kernel-cov 5 | 6 | build-options: 7 | post-project-generation-script: fix-config.sh 8 | 9 | -------------------------------------------------------------------------------- /testsuite/basic3-linux-kernel-cov/fix-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | echo "Patching s2e-config.lua..." 5 | 6 | PROJECT_NAME="$(basename $PROJECT_DIR)" 7 | 8 | cat << EOF >> $PROJECT_DIR/s2e-config.lua 9 | 10 | pluginsConfig.ModuleExecutionDetector = { 11 | mod_0 = { 12 | moduleName = "vmlinux", 13 | }, 14 | 15 | logLevel="info" 16 | } 17 | EOF 18 | 19 | cat << EOF >> $PROJECT_DIR/bootstrap.sh 20 | \${S2ECMD} flush_tbs 21 | find /usr 22 | EOF 23 | -------------------------------------------------------------------------------- /testsuite/basic3-linux-kernel-cov/main.c: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, Cyberhaven 2 | // 3 | // Permission is hereby granted, free of charge, to any person obtaining a copy 4 | // of this software and associated documentation files (the "Software"), to deal 5 | // in the Software without restriction, including without limitation the rights 6 | // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | // copies of the Software, and to permit persons to whom the Software is 8 | // furnished to do so, subject to the following conditions: 9 | // 10 | // The above copyright notice and this permission notice shall be included in all 11 | // copies or substantial portions of the Software. 12 | // 13 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | // SOFTWARE. 20 | 21 | #include 22 | #include 23 | 24 | int main(int argc, char **argv) { 25 | s2e_printf("All good"); 26 | return 0; 27 | } 28 | -------------------------------------------------------------------------------- /testsuite/basic3-linux-kernel-cov/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | grep -q "All good" $S2E_LAST/debug.txt 8 | 9 | # 2% coverage is enough 10 | check_coverage {{project_name}} 2 11 | 12 | if [ ! -f $S2E_LAST/vmlinux.info ]; then 13 | echo "Could not get linux kernel coverage" 14 | exit 1 15 | fi 16 | 17 | SOURCE_COUNT=$(grep SF $S2E_LAST/vmlinux.info | wc -l) 18 | 19 | # Check that code coverage contains info about at least 50 source files 20 | # (this number is arbitrary). 21 | if [ $SOURCE_COUNT -lt 50 ]; then 22 | echo "Did not cover enough source files" 23 | exit 1 24 | fi 25 | -------------------------------------------------------------------------------- /testsuite/basic4-xmm/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "This tests that FP/MMX/XMM registers can hold symbolic data" 3 | targets: 4 | - windows32-basic4-xmm.exe 5 | - windows64-basic4-xmm.exe 6 | - linux32-basic4-xmm 7 | - linux64-basic4-xmm 8 | -------------------------------------------------------------------------------- /testsuite/basic4-xmm/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | grep -q "Good" $S2E_LAST/debug.txt 8 | ! grep -q "Bad" $S2E_LAST/debug.txt 9 | 10 | check_coverage {{project_name}} 85 11 | -------------------------------------------------------------------------------- /testsuite/basic5-solver/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Checks that solver/constraints operations work properly" 3 | 4 | # Trying this on all stacks is overkill 5 | targets: 6 | - linux32-basic5-solver 7 | - linux64-basic5-solver 8 | -------------------------------------------------------------------------------- /testsuite/basic5-solver/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | echo === Checking that program did not fork 8 | grep -q "Not equals 10" $S2E_LAST/debug.txt 9 | ! grep -q "Equals 10" $S2E_LAST/debug.txt 10 | 11 | -------------------------------------------------------------------------------- /testsuite/basic6-funcmon/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Checks that function monitor works properly" 3 | 4 | targets: 5 | - linux32-basic6-funcmon 6 | - linux64-basic6-funcmon 7 | - windows32-basic6-funcmon.exe 8 | - windows64-basic6-funcmon.exe 9 | 10 | build-options: 11 | post-project-generation-script: fix-config.sh 12 | -------------------------------------------------------------------------------- /testsuite/basic7-instmon/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Checks that instruction instrumentation works properly" 3 | 4 | targets: 5 | - linux32-basic7-instmon 6 | - linux64-basic7-instmon 7 | - windows32-basic7-instmon.exe 8 | - windows64-basic7-instmon.exe 9 | 10 | build-options: 11 | post-project-generation-script: fix-config.sh 12 | -------------------------------------------------------------------------------- /testsuite/basic7-instmon/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | grep -q "called scanf" "$S2E_LAST/debug.txt" 8 | grep -q "you lost" "$S2E_LAST/debug.txt" 9 | grep -q "you found it" "$S2E_LAST/debug.txt" 10 | grep -q "ctf{secret-flag}" "$S2E_LAST/debug.txt" 11 | 12 | check_coverage {{project_name}} 60 13 | 14 | s2e forkprofile {{ project_name }} > $S2E_LAST/forkprofile.txt 15 | grep -q -i main.c $S2E_LAST/forkprofile.txt 16 | -------------------------------------------------------------------------------- /testsuite/basic8-tracers/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Check that execution tracers work properly" 3 | 4 | targets: 5 | - linux32-basic8-tracers 6 | - linux64-basic8-tracers 7 | - windows32-basic8-tracers.exe 8 | - windows64-basic8-tracers.exe 9 | 10 | build-options: 11 | post-project-generation-script: fix-config.sh 12 | -------------------------------------------------------------------------------- /testsuite/basic8-tracers/fix-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | echo "Patching s2e-config.lua..." 6 | 7 | . ${TESTSUITE_ROOT}/helpers.sh 8 | 9 | PROJECT_NAME="$(basename $PROJECT_DIR)" 10 | 11 | PLATFORM=$(get_platform "$TARGET") 12 | 13 | cat << EOF >> $PROJECT_DIR/s2e-config.lua 14 | 15 | add_plugin("MemoryTracer") 16 | pluginsConfig.MemoryTracer = { 17 | traceMemory = true, 18 | traceTlbMisses = true, 19 | tracePageFaults = true, 20 | filterPlugin = "ModuleExecutionDetector" 21 | } 22 | 23 | add_plugin("TranslationBlockTracer") 24 | pluginsConfig.TranslationBlockTracer = { 25 | traceTbStart = true, 26 | traceTbEnd = true, 27 | filterPlugin = "ModuleExecutionDetector" 28 | } 29 | 30 | add_plugin("InstructionCounter") 31 | pluginsConfig.InstructionCounter = { 32 | filterPlugin = "ModuleExecutionDetector" 33 | } 34 | 35 | EOF 36 | -------------------------------------------------------------------------------- /testsuite/basic8-tracers/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | grep -q "0xdeadbeef" "$S2E_LAST/debug.txt" 8 | grep -q "0xbadcafe" "$S2E_LAST/debug.txt" 9 | 10 | check_coverage {{project_name}} 60 11 | 12 | # deadbeef 13 | s2e execution_trace -pp -p 1 {{ project_name }} 14 | grep -q "3735928559" "$S2E_LAST/execution_trace.json" 15 | 16 | # badcafe 17 | s2e execution_trace -pp -p 0 {{ project_name }} 18 | grep -q "195939070" "$S2E_LAST/execution_trace.json" 19 | 20 | grep -q "TRACE_TB_START" "$S2E_LAST/execution_trace.json" 21 | grep -q "TRACE_TB_END" "$S2E_LAST/execution_trace.json" 22 | grep -q "TRACE_ICOUNT" "$S2E_LAST/execution_trace.json" 23 | 24 | s2e forkprofile {{ project_name }} > $S2E_LAST/forkprofile.txt 25 | grep -q -i main.c $S2E_LAST/forkprofile.txt 26 | -------------------------------------------------------------------------------- /testsuite/basic9-symaddr-unaligned/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Check that symbolic addresses work properly" 3 | 4 | target_arguments: 5 | - ["@@"] 6 | 7 | targets: 8 | - windows64-basic9-symaddr-unaligned.exe 9 | - windows32-basic9-symaddr-unaligned.exe 10 | - linux32-basic9-symaddr-unaligned 11 | - linux64-basic9-symaddr-unaligned 12 | 13 | build-options: 14 | post-project-generation-script: fix-config.sh 15 | -------------------------------------------------------------------------------- /testsuite/basic9-symaddr-unaligned/fix-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | echo "Patching s2e-config.lua..." 5 | 6 | PROJECT_NAME="$(basename $PROJECT_DIR)" 7 | 8 | sed -i 's/kleeArgs = {/kleeArgs = { "--fork-on-symbolic-address=false"/g' "$PROJECT_DIR/s2e-config.lua" 9 | 10 | -------------------------------------------------------------------------------- /testsuite/basic9-symaddr-unaligned/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | PATH_COUNT=$(grep "Terminated symbaddr1 path" $S2E_LAST/debug.txt | wc -l) 8 | if [ $PATH_COUNT -ne 125 ]; then 9 | exit 1 10 | fi 11 | -------------------------------------------------------------------------------- /testsuite/basic9-symaddr/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Check that symbolic addresses work properly" 3 | 4 | target_arguments: 5 | - ["@@"] 6 | 7 | targets: 8 | - windows64-basic9-symaddr.exe 9 | - windows32-basic9-symaddr.exe 10 | - linux32-basic9-symaddr 11 | - linux64-basic9-symaddr 12 | 13 | build-options: 14 | post-project-generation-script: fix-config.sh 15 | -------------------------------------------------------------------------------- /testsuite/basic9-symaddr/fix-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | echo "Patching s2e-config.lua..." 5 | 6 | PROJECT_NAME="$(basename $PROJECT_DIR)" 7 | 8 | sed -i 's/kleeArgs = {/kleeArgs = { "--fork-on-symbolic-address=false"/g' "$PROJECT_DIR/s2e-config.lua" 9 | 10 | -------------------------------------------------------------------------------- /testsuite/basic9-symaddr/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | PATH_COUNT=$(grep "Terminated symbaddr1 path" $S2E_LAST/debug.txt | wc -l) 8 | if [ $PATH_COUNT -ne 32 ]; then 9 | exit 1 10 | fi 11 | -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "This tests that cfi checker works properly on a clean document" 3 | 4 | options: 5 | tools: 6 | - "cfi" 7 | - "tickler" 8 | single_path: true 9 | 10 | targets: 11 | - "$(GUEST_FS)/program files/microsoft office/office14/winword.exe" 12 | - "$(GUEST_FS)/program files/microsoft office/office15/winword.exe" 13 | - "$(GUEST_FS)/program files/microsoft office/root/office16/winword.exe" 14 | - "$(GUEST_FS)/program files (x86)/microsoft office/office14/winword.exe" 15 | - "$(GUEST_FS)/program files (x86)/microsoft office/office15/winword.exe" 16 | - "$(GUEST_FS)/program files (x86)/microsoft office/root/office16/winword.exe" 17 | 18 | target_arguments: 19 | - [$(TEST_ROOT)/test0.docx] 20 | - [$(TEST_ROOT)/test1.docx] 21 | - [$(TEST_ROOT)/test2.docx] 22 | - [$(TEST_ROOT)/test3.docx] 23 | - [$(TEST_ROOT)/test4.docx] 24 | - [$(TEST_ROOT)/test5.docx] 25 | - [$(TEST_ROOT)/test6.docx] 26 | - [$(TEST_ROOT)/test7.docx] 27 | - [$(TEST_ROOT)/test8.docx] 28 | - [$(TEST_ROOT)/test9.docx] 29 | 30 | target-images: 31 | - office 32 | -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | timeout --foreground --kill-after=30m 29m s2e run -n {{ project_name }} 6 | 7 | s2e execution_trace {{ project_name }} 8 | 9 | TRACE="$S2E_LAST/execution_trace.json" 10 | 11 | DCALL_COUNT=$(jq -r '[.[] | select(.type=="TRACE_CFI_STATS")][-1].direct_call_count' "$TRACE") 12 | ICALL_COUNT=$(jq -r '[.[] | select(.type=="TRACE_CFI_STATS")][-1].indirect_call_count' "$TRACE") 13 | RET_COUNT=$(jq -r '[.[] | select(.type=="TRACE_CFI_STATS")][-1].ret_count' "$TRACE") 14 | 15 | if [ $DCALL_COUNT -eq 0 -o $ICALL_COUNT -eq 0 -o $RET_COUNT -eq 0 ]; then 16 | echo "Invalid call/ret count" 17 | exit 1 18 | fi 19 | 20 | CALL_VIOLATION_COUNT=$(jq -r '[.[] | select(.type=="TRACE_CFI_STATS")][-1].call_violation_count' "$TRACE") 21 | RET_VIOLATION_COUNT=$(jq -r '[.[] | select(.type=="TRACE_CFI_STATS")][-1].ret_violation_count' "$TRACE") 22 | 23 | if [ $CALL_VIOLATION_COUNT -gt 0 -o $RET_VIOLATION_COUNT -gt 0 ]; then 24 | echo "Invalid call/ret violation count" 25 | exit 1 26 | fi 27 | -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/test0.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/cfi-winword1-benign/test0.docx -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/test1.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/cfi-winword1-benign/test1.docx -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/test2.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/cfi-winword1-benign/test2.docx -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/test3.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/cfi-winword1-benign/test3.docx -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/test4.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/cfi-winword1-benign/test4.docx -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/test5.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/cfi-winword1-benign/test5.docx -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/test6.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/cfi-winword1-benign/test6.docx -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/test7.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/cfi-winword1-benign/test7.docx -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/test8.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/cfi-winword1-benign/test8.docx -------------------------------------------------------------------------------- /testsuite/cfi-winword1-benign/test9.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/cfi-winword1-benign/test9.docx -------------------------------------------------------------------------------- /testsuite/cfi-winword1-malicious/CVE-2015-1770-poc-calc.rtf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/cfi-winword1-malicious/CVE-2015-1770-poc-calc.rtf -------------------------------------------------------------------------------- /testsuite/cfi-winword1-malicious/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Test that cfi checker detects cfi violations" 3 | 4 | options: 5 | tools: 6 | - "cfi" 7 | - "tickler" 8 | single_path: true 9 | custom_lua_string: > 10 | pluginsConfig.Tickler.maxCfiViolations = 10 11 | 12 | targets: 13 | - "$(GUEST_FS)/program files/microsoft office/office15/winword.exe" 14 | 15 | target_arguments: 16 | - [$(TEST_ROOT)/CVE-2015-1770-poc-calc.rtf] 17 | 18 | target-images: 19 | - windows-7sp1pro-i386/office2013 20 | -------------------------------------------------------------------------------- /testsuite/cfi-winword1-malicious/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | timeout --foreground --kill-after=30m 29m s2e run -n {{ project_name }} 6 | 7 | s2e execution_trace {{ project_name }} 8 | 9 | TRACE="$S2E_LAST/execution_trace.json" 10 | 11 | CALL_VIOLATION_COUNT=$(jq -r '[.[] | select(.type=="TRACE_CFI_STATS")][-1].call_violation_count' "$TRACE") 12 | RET_VIOLATION_COUNT=$(jq -r '[.[] | select(.type=="TRACE_CFI_STATS")][-1].ret_violation_count' "$TRACE") 13 | 14 | if [ $CALL_VIOLATION_COUNT -eq 0 -a $RET_VIOLATION_COUNT -eq 0 ]; then 15 | echo "Did not find any violations" 16 | exit 1 17 | fi 18 | 19 | -------------------------------------------------------------------------------- /testsuite/coreutils-echo/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Checks that echo forks properly" 3 | 4 | target_arguments: 5 | - [abc] 6 | 7 | targets: 8 | - {{ s2e_images }}/debian-12.5-i386/guestfs/bin/echo 9 | 10 | build-options: 11 | post-project-generation-script: fix-config.sh 12 | 13 | target-images: 14 | - debian-12.5-i386 15 | -------------------------------------------------------------------------------- /testsuite/coreutils-echo/fix-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | sed -i 's/S2E_SYM_ARGS=""/S2E_SYM_ARGS="1"/g' "$PROJECT_DIR/bootstrap.sh" 5 | -------------------------------------------------------------------------------- /testsuite/coreutils-echo/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | timeout --foreground --kill-after=30m 25m s2e run -n {{ project_name }} 6 | 7 | grep -q "silently concretizing" $S2E_LAST/debug.txt && exit 1 8 | 9 | TC_COUNT=$(grep "v0_arg1_0 =" $S2E_LAST/debug.txt | wc -l) 10 | if [ $TC_COUNT -lt 15 ]; then 11 | echo "Insufficient number of test cases" 12 | exit 1 13 | fi 14 | -------------------------------------------------------------------------------- /testsuite/faultinj-scannersys/.gitignore: -------------------------------------------------------------------------------- 1 | Debug 2 | Release 3 | x64 4 | build.bat 5 | -------------------------------------------------------------------------------- /testsuite/faultinj-scannersys/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Tests that fault injection works properly" 3 | 4 | targets: 5 | - ./scanner/filter/x64/Debug/scanner.inf 6 | - ./scanner/filter/Debug/scanner.inf 7 | 8 | target-images: 9 | - windows-xpsp3pro-i386 10 | - windows-7sp1ent-x86_64 11 | 12 | build-options: 13 | windows-build-server: true 14 | post-project-generation-script: fix-config.sh 15 | -------------------------------------------------------------------------------- /testsuite/faultinj-scannersys/fix-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | echo "Patching bootstrap.sh to start the driver..." 5 | sed -i 's/# sc start my_driver_service/sc start scanner/g' $PROJECT_DIR/bootstrap.sh 6 | sed -i 's/sleep 30/sleep 5/g' $PROJECT_DIR/bootstrap.sh 7 | 8 | # Simulate DFS 9 | echo "Patching s2e-config.lua..." 10 | sed -i 's/batchTime = 5/batchTime = 5000/g' $PROJECT_DIR/s2e-config.lua 11 | -------------------------------------------------------------------------------- /testsuite/faultinj-scannersys/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | echo === Checking that faults were injected 8 | grep -q "FaultInjInvokeOrig_ZwOpenKey" $S2E_LAST/debug.txt 9 | grep -q "FaultInjInvokeOrig_ExAllocatePoolWithTag" $S2E_LAST/debug.txt 10 | 11 | check_coverage {{project_name}} 50 "{{ test_dir }}/scanner" 12 | 13 | s2e forkprofile {{ project_name }} > $S2E_LAST/forkprofile.txt 14 | grep -q -i s2e.sys $S2E_LAST/forkprofile.txt 15 | -------------------------------------------------------------------------------- /testsuite/faultinj-scannersys/scanner/filesys-minifilter-scanner.yaml: -------------------------------------------------------------------------------- 1 | ### YamlMime:Sample 2 | sample: 3 | - name: Scanner File System Minifilter Driver 4 | description: A file data scanner example. Typically, anti-virus filters are of this type. 5 | generateZip: true 6 | author: windows-driver-samples 7 | languages: 8 | - cpp 9 | technologies: 10 | - windows 11 | -------------------------------------------------------------------------------- /testsuite/faultinj-scannersys/scanner/filter/scanner.rc: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | 5 | #define VER_FILETYPE VFT_DRV 6 | #define VER_FILESUBTYPE VFT2_DRV_SYSTEM 7 | #define VER_FILEDESCRIPTION_STR "Scanner Filter" 8 | #define VER_INTERNALNAME_STR "scanner.sys" 9 | 10 | #include "common.ver" 11 | -------------------------------------------------------------------------------- /testsuite/faultinj-scannersys/scanner/inc/scanuk.h: -------------------------------------------------------------------------------- 1 | /*++ 2 | 3 | Copyright (c) 1999-2002 Microsoft Corporation 4 | 5 | Module Name: 6 | 7 | scanuk.h 8 | 9 | Abstract: 10 | 11 | Header file which contains the structures, type definitions, 12 | constants, global variables and function prototypes that are 13 | shared between kernel and user mode. 14 | 15 | Environment: 16 | 17 | Kernel & user mode 18 | 19 | --*/ 20 | 21 | #ifndef __SCANUK_H__ 22 | #define __SCANUK_H__ 23 | 24 | // 25 | // Name of port used to communicate 26 | // 27 | 28 | const PWSTR ScannerPortName = L"\\ScannerPort"; 29 | 30 | 31 | #define SCANNER_READ_BUFFER_SIZE 1024 32 | 33 | typedef struct _SCANNER_NOTIFICATION { 34 | 35 | ULONG BytesToScan; 36 | ULONG Reserved; // for quad-word alignement of the Contents structure 37 | UCHAR Contents[SCANNER_READ_BUFFER_SIZE]; 38 | 39 | } SCANNER_NOTIFICATION, *PSCANNER_NOTIFICATION; 40 | 41 | typedef struct _SCANNER_REPLY { 42 | 43 | BOOLEAN SafeToOpen; 44 | 45 | } SCANNER_REPLY, *PSCANNER_REPLY; 46 | 47 | #endif // __SCANUK_H__ 48 | 49 | 50 | -------------------------------------------------------------------------------- /testsuite/faultinj-scannersys/scanner/user/scanUser.rc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #define VER_FILETYPE VFT_APP 5 | #define VER_FILESUBTYPE VFT2_UNKNOWN 6 | #define VER_FILEDESCRIPTION_STR "Scanner control program" 7 | #define VER_INTERNALNAME_STR "scanuser.exe" 8 | #define VER_ORIGINALFILENAME_STR "scanuser.exe" 9 | 10 | #include "common.ver" 11 | -------------------------------------------------------------------------------- /testsuite/faultinj-scannersys/scanner/user/scanuser.vcxproj.Filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx;* 6 | {D5A4D49A-D6AE-4159-B919-7E13BED474C5} 7 | 8 | 9 | h;hpp;hxx;hm;inl;inc;xsd 10 | {D08A6EDE-21C1-491E-A693-67FB47DB6E9D} 11 | 12 | 13 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms;man;xml 14 | {52F79952-01DB-4878-8287-0A8B91178B37} 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | 23 | 24 | Resource Files 25 | 26 | 27 | -------------------------------------------------------------------------------- /testsuite/helpers.sh: -------------------------------------------------------------------------------- 1 | get_bitness() { 2 | local TARGET_NAME="$(basename $1)" 3 | if echo $TARGET_NAME | grep -q 32; then 4 | echo 32 5 | elif echo $TARGET_NAME | grep -q 64; then 6 | echo 64 7 | else 8 | echo "Invalid bitness encoded in $TARGET_NAME" 9 | exit 1 10 | fi 11 | } 12 | 13 | get_platform() { 14 | local TARGET_NAME="$(basename $1)" 15 | if echo $TARGET_NAME | grep -q windows; then 16 | echo windows 17 | elif echo $TARGET_NAME | grep -q linux; then 18 | echo linux 19 | else 20 | echo "Invalid platform encoded in $TARGET_NAME" 21 | exit 1 22 | fi 23 | } 24 | 25 | # This function takes the path to an executable file (ELF, PE), a function name in that 26 | # executable, and returns the corresponding address. 27 | get_func_addr() { 28 | local BINARY="$1" 29 | local FUNCTION_NAME="$2" 30 | local ADDR="" 31 | if echo $BINARY | grep -q ".exe"; then 32 | ADDR="$(objdump -S $BINARY | grep "<_$FUNCTION_NAME>:" | head -n 1 | cut -d ' ' -f 1)" 33 | if [ "x$ADDR" = "x" ]; then 34 | ADDR="$(objdump -S $BINARY | grep "<$FUNCTION_NAME>:" | head -n 1 | cut -d ' ' -f 1)" 35 | fi 36 | else 37 | ADDR="$(objdump -t $BINARY | grep $FUNCTION_NAME | cut -d ' ' -f 1 | head -n 1)" 38 | fi 39 | 40 | if [ "x$ADDR" = "x" ]; then 41 | return 42 | fi 43 | echo 0x$ADDR 44 | } 45 | -------------------------------------------------------------------------------- /testsuite/office-macro1/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "This is a smoke test that checks that office images run properly" 3 | 4 | targets: 5 | - "$(GUEST_FS)/program files/microsoft office/office14/winword.exe" 6 | - "$(GUEST_FS)/program files/microsoft office/office15/winword.exe" 7 | - "$(GUEST_FS)/program files/microsoft office/root/office16/winword.exe" 8 | - "$(GUEST_FS)/program files (x86)/microsoft office/office14/winword.exe" 9 | - "$(GUEST_FS)/program files (x86)/microsoft office/office15/winword.exe" 10 | - "$(GUEST_FS)/program files (x86)/microsoft office/root/office16/winword.exe" 11 | 12 | target_arguments: 13 | - [$(TEST_ROOT)/test.docm] 14 | 15 | target-images: 16 | - office 17 | -------------------------------------------------------------------------------- /testsuite/office-macro1/run-tests.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% include 'common-run.sh.tpl' %} 4 | 5 | s2e run -n {{ project_name }} 6 | 7 | grep -q "path 1" $S2E_LAST/debug.txt 8 | grep -q "path 2" $S2E_LAST/debug.txt 9 | -------------------------------------------------------------------------------- /testsuite/office-macro1/test.docm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/office-macro1/test.docm -------------------------------------------------------------------------------- /testsuite/pov-cgc-cadet0/.gitignore: -------------------------------------------------------------------------------- 1 | CADET_00001/build 2 | CADET_00001/bin 3 | -------------------------------------------------------------------------------- /testsuite/pov-cgc-cadet0/CADET_00001: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S2E/s2e/0cab056dc90bf51899a6aa1f513652afba682ebf/testsuite/pov-cgc-cadet0/CADET_00001 -------------------------------------------------------------------------------- /testsuite/pov-cgc-cadet0/Makefile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019, Cyberhaven 2 | # 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to deal 5 | # in the Software without restriction, including without limitation the rights 6 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | # copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | # 10 | # The above copyright notice and this permission notice shall be included in all 11 | # copies or substantial portions of the Software. 12 | # 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | # SOFTWARE. 20 | 21 | CB=CADET_00001 22 | 23 | BUILD_SCRIPTS_SRC:=$(dir $(realpath $(lastword $(MAKEFILE_LIST)))) 24 | 25 | TARGETS=$(CB) 26 | 27 | all: $(TARGETS) 28 | 29 | # Nothing to clean. 30 | clean: 31 | -------------------------------------------------------------------------------- /testsuite/pov-cgc-cadet0/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Checks that the CADET_00001 sample produces POVs" 3 | targets: 4 | - CADET_00001 5 | scripts: 6 | run_tests: run-tests.tpl 7 | -------------------------------------------------------------------------------- /testsuite/pov-demo0/config.yml: -------------------------------------------------------------------------------- 1 | test: 2 | description: "Checks that Linux and Windows PoV generation works" 3 | options: 4 | tools: 5 | - "pov" 6 | 7 | target_arguments: 8 | - ["@@"] 9 | 10 | targets: 11 | - windows64-pov-demo0.exe 12 | - windows32-pov-demo0.exe 13 | - linux32-pov-demo0 14 | # Skip 64-bit Linux, it has forced concretizations 15 | # - linux64-pov-demo0 16 | -------------------------------------------------------------------------------- /tools/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2012-2016 Dependable Systems Laboratory, EPFL 2 | Copyright (c) 2014-2020 Cyberhaven 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining a copy 5 | of this software and associated documentation files (the "Software"), to deal 6 | in the Software without restriction, including without limitation the rights 7 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | copies of the Software, and to permit persons to whom the Software is 9 | furnished to do so, subject to the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be included in all 12 | copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 | SOFTWARE. 21 | 22 | =========== 23 | 24 | S2E tools use 3rd-party libraries that have their own licenses: 25 | 26 | libcpu: LGPL v2.1 27 | libtcg: BSD/MIT 28 | llvm: University of Illinois/NCSA (http://llvm.org) 29 | -------------------------------------------------------------------------------- /tools/lib/CFG/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Dependable Systems Laboratory, EPFL 2 | # Copyright (c) 2017 Cyberhaven 3 | # 4 | # Permission is hereby granted, free of charge, to any person obtaining a copy 5 | # of this software and associated documentation files (the "Software"), to deal 6 | # in the Software without restriction, including without limitation the rights 7 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | # copies of the Software, and to permit persons to whom the Software is 9 | # furnished to do so, subject to the following conditions: 10 | # 11 | # The above copyright notice and this permission notice shall be included in all 12 | # copies or substantial portions of the Software. 13 | # 14 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 | # SOFTWARE. 21 | 22 | add_library(cfg STATIC BinaryCFG.cpp) 23 | target_link_libraries(cfg ${LLVM_LIBS}) 24 | -------------------------------------------------------------------------------- /tools/lib/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Dependable Systems Laboratory, EPFL 2 | # Copyright (c) 2017 Cyberhaven 3 | # 4 | # Permission is hereby granted, free of charge, to any person obtaining a copy 5 | # of this software and associated documentation files (the "Software"), to deal 6 | # in the Software without restriction, including without limitation the rights 7 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | # copies of the Software, and to permit persons to whom the Software is 9 | # furnished to do so, subject to the following conditions: 10 | # 11 | # The above copyright notice and this permission notice shall be included in all 12 | # copies or substantial portions of the Software. 13 | # 14 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 | # SOFTWARE. 21 | 22 | add_subdirectory(CFG) 23 | add_subdirectory(Utils) 24 | -------------------------------------------------------------------------------- /tools/tools/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Dependable Systems Laboratory, EPFL 2 | # Copyright (c) 2017 Cyberhaven 3 | # 4 | # Permission is hereby granted, free of charge, to any person obtaining a copy 5 | # of this software and associated documentation files (the "Software"), to deal 6 | # in the Software without restriction, including without limitation the rights 7 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | # copies of the Software, and to permit persons to whom the Software is 9 | # furnished to do so, subject to the following conditions: 10 | # 11 | # The above copyright notice and this permission notice shall be included in all 12 | # copies or substantial portions of the Software. 13 | # 14 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 | # SOFTWARE. 21 | 22 | add_subdirectory(scripts) 23 | -------------------------------------------------------------------------------- /tools/tools/scripts/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017 Dependable Systems Laboratory, EPFL 2 | # Copyright (c) 2017 Cyberhaven 3 | # 4 | # Permission is hereby granted, free of charge, to any person obtaining a copy 5 | # of this software and associated documentation files (the "Software"), to deal 6 | # in the Software without restriction, including without limitation the rights 7 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | # copies of the Software, and to permit persons to whom the Software is 9 | # furnished to do so, subject to the following conditions: 10 | # 11 | # The above copyright notice and this permission notice shall be included in all 12 | # copies or substantial portions of the Software. 13 | # 14 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 | # SOFTWARE. 21 | 22 | install(DIRECTORY ida/ DESTINATION bin) 23 | install(DIRECTORY radare/ DESTINATION bin) 24 | install(DIRECTORY revgen/ DESTINATION bin USE_SOURCE_PERMISSIONS) 25 | -------------------------------------------------------------------------------- /tools/tools/scripts/ida/extractFunctions.py: -------------------------------------------------------------------------------- 1 | import idaapi 2 | import idautils 3 | import idc 4 | 5 | 6 | def extract_functions(): 7 | filename = idc.AskFile(1, "*.*", "Save list of functions") 8 | exit = False 9 | if not filename: 10 | basename = idc.GetInputFile() 11 | filename = basename + ".fcn" 12 | idc.GenerateFile(idc.OFILE_ASM, basename + ".asm", 0, idc.BADADDR, 0) 13 | idc.GenerateFile(idc.OFILE_LST, basename + ".lst", 0, idc.BADADDR, 0) 14 | exit = True 15 | fp = open(filename,'w') 16 | funcs = idautils.Functions() 17 | for f in funcs: 18 | print >>fp, "%#010x %s" % (f, GetFunctionName(f)) 19 | if exit: 20 | idc.Exit(0) 21 | 22 | q = None 23 | f = None 24 | idc.Wait() 25 | extract_functions() 26 | 27 | -------------------------------------------------------------------------------- /tools/tools/scripts/ida/make_sig.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script produces an IDA FLIRT signature from the given collection 4 | # of object files. Copy this file to the sig folder of your IDA installation. 5 | 6 | FLAIR_ROOT="/opt/ida-6.6-sdk/flair66/bin/linux" 7 | 8 | if [ ! -d "$FLAIR_ROOT" ]; then 9 | echo $FLAIR_ROOT does not exist 10 | exit 1 11 | fi 12 | 13 | if [ $# -ne 2 ]; then 14 | echo "Usage: $0 directory sigfile.sig" 15 | exit 1 16 | fi 17 | 18 | DIR="$1" 19 | SIG="$2" 20 | 21 | for f in $(find $DIR/ -name *.elf); do 22 | "$FLAIR_ROOT/pelf" "$f" "${f}.pat" 23 | done 24 | 25 | "$FLAIR_ROOT/sigmake" $(find $DIR/ -name *.pat) "$SIG" 26 | --------------------------------------------------------------------------------