public static void Main(string[] args)
{
var myBaseRef1 = new SymbolicReference("mystring1");
Expression <Func <IReference> > anyRefExpr = () => 64 + myBaseRef1;
Console.WriteLine(anyRefExpr);
var myBaseRef2 = (SymbolicReference)"mystring2"; // uses explicit conversion operator
Expression <Func <IReference> > indexedRefExpr = () => 64 + myBaseRef2;
Console.WriteLine(indexedRefExpr);
// show runtime types of returned values:
Console.WriteLine("myBaseRef1 -> {0}", myBaseRef1);
Console.WriteLine("myBaseRef2 -> {0}", myBaseRef2);
Console.WriteLine("anyRefExpr -> {0}", anyRefExpr.Compile()()); // compile() returns Func<...>
Console.WriteLine("indexedRefExpr -> {0}", indexedRefExpr.Compile()());
// observe how you could add an evaluation model using some kind of symbol table:
var compilerState = new State();
compilerState.SymbolTable.Add("mystring1", 0xdeadbeef); // raw addresses
compilerState.SymbolTable.Add("mystring2", 0xfeedface);
Console.WriteLine("myBaseRef1 evaluates to 0x{0:x8}", myBaseRef1.EvalAddress(compilerState));
Console.WriteLine("myBaseRef2 evaluates to 0x{0:x8}", myBaseRef2.EvalAddress(compilerState));
Console.WriteLine("anyRefExpr evaluates to 0x{0:x8}", anyRefExpr.Compile()().EvalAddress(compilerState));
Console.WriteLine("indexedRefExpr evaluates to 0x{0:x8}", indexedRefExpr.Compile()().EvalAddress(compilerState));
}
private static void AssertSymbolicRef(SymbolicReference newRef, IRepository repo, string expectedTargetName, string expectedName)
{
Assert.NotNull(newRef);
Assert.Equal(expectedName, newRef.CanonicalName);
Assert.Equal(expectedTargetName, newRef.Target.CanonicalName);
Assert.Equal(newRef.Target.CanonicalName, newRef.TargetIdentifier);
Assert.Equal("4c062a6361ae6959e06292c1fa5e2822d9c96345", newRef.ResolveToDirectReference().Target.Sha);
Assert.NotNull(repo.Refs[expectedName]);
}
//public void Dump(string path) => new Summary(method, staticEntity, Arguments.Entities, returnValue).Dump(path);
public Summary ToSummary()
{
// TODO: OPTIMIZATION if slot is not materialized, we can ignore it and just remove
var arguments = Arguments.Entities;
if (method.Parameters.Count != arguments.Length)
{
throw new ArgumentException("method.Parameters.Count != arguments.Length");
}
//return new Summary(method, staticEntity, arguments, returnValue?.MergeEntities());
// Optimizing
var context = new SymbolicReference.VisitingContext();
// Add roots to the context to avoid removing it
context.Visit(staticEntity);
for (var i = 0; i < arguments.Length; i++)
{
var argument = arguments[i];
context.Visit(argument);
}
SymbolicReference returnEntity = null;
if (returnValue != null)
{
returnEntity = returnValue.MergeEntities();
context.Visit(returnEntity);
}
// Remove empty entities
staticEntity.RemoveEmptyEntities(context);
for (var i = 0; i < arguments.Length; i++)
{
var argument = arguments[i];
argument.RemoveEmptyEntities(context);
}
returnEntity?.RemoveEmptyEntities(context);
// Remove non-reachable possible input/tainted entities
//OptimizePossibleTaintedEntities(context, arguments);
// Create summary
return(new Summary(Signature, staticEntity, arguments, returnEntity,
MethodCallCount, InstructionCount));
}
public ExecutionContext(ImmutableStack <string> callStack, MethodUniqueSignature signature, MethodDef method,
bool enableStaticFields, bool markInputArguments)
{
this.method = method;
this.enableStaticFields = enableStaticFields;
CallStack = callStack;
Signature = signature;
staticEntity = new SymbolicReference();
Static = new SymbolicSlot(staticEntity);
var countArguments = method.GetParameterCount();
Arguments = new ArgumentContext(signature, countArguments, markInputArguments);
InstructionCount = method.HasBody ? (double)method.Body.Instructions.Count : 0;
}
public ArgumentContext(MethodUniqueSignature signature, int count, bool markInput)
{
this.count = count;
root = new SymbolicReference();
slots = new SymbolicSlot[count];
for (int id = 0; id < count; id++)
{
var entity = new SymbolicReference(new ArgumentSource(id, signature));
if (markInput)
{
entity.MarkInput();
}
root.StoreField(SymbolicReference.ArgumentPrefix + id, entity);
slots[id] = new SymbolicSlot(entity);
}
}
public Summary(MethodUniqueSignature signature,
SymbolicReference staticContext,
SymbolicReference[] arguments,
SymbolicReference returnValue,
double methodCallCount,
double instructionCount)
{
Signature = signature;
Static = staticContext;
Arguments = arguments;
ReturnValue = returnValue;
MethodCallCount = methodCallCount;
InstructionCount = instructionCount;
//if (method.FullName.Contains("System.Text.StringBuilder::.ctor(System.Int32,System.Int32,System.Text.StringBuilder)"))
//if (method.FullName.Contains("UnsafeStringCopy"))
//if (method.FullName.Contains("Return"))
{
// Dump();
}
}
private void Traverse(TextWriter writer,
SymbolicReference rootNode,
Dictionary <SymbolicReference, ulong> nodes,
HashSet <(ulong, ulong, string)> edges,
private ulong AddNode(TextWriter writer, Dictionary <SymbolicReference, ulong> nodes, SymbolicReference node,
string label, ref ulong nodeId)
{
if (nodes.TryGetValue(node, out var id))
{
return(id);
}
nodeId++;
nodes.Add(node, nodeId);
SaveNode(nodeId, label, writer);
return(nodeId);
}
