public static void Main(string[] args) { var myBaseRef1 = new SymbolicReference("mystring1"); Expression <Func <IReference> > anyRefExpr = () => 64 + myBaseRef1; Console.WriteLine(anyRefExpr); var myBaseRef2 = (SymbolicReference)"mystring2"; // uses explicit conversion operator Expression <Func <IReference> > indexedRefExpr = () => 64 + myBaseRef2; Console.WriteLine(indexedRefExpr); // show runtime types of returned values: Console.WriteLine("myBaseRef1 -> {0}", myBaseRef1); Console.WriteLine("myBaseRef2 -> {0}", myBaseRef2); Console.WriteLine("anyRefExpr -> {0}", anyRefExpr.Compile()()); // compile() returns Func<...> Console.WriteLine("indexedRefExpr -> {0}", indexedRefExpr.Compile()()); // observe how you could add an evaluation model using some kind of symbol table: var compilerState = new State(); compilerState.SymbolTable.Add("mystring1", 0xdeadbeef); // raw addresses compilerState.SymbolTable.Add("mystring2", 0xfeedface); Console.WriteLine("myBaseRef1 evaluates to 0x{0:x8}", myBaseRef1.EvalAddress(compilerState)); Console.WriteLine("myBaseRef2 evaluates to 0x{0:x8}", myBaseRef2.EvalAddress(compilerState)); Console.WriteLine("anyRefExpr evaluates to 0x{0:x8}", anyRefExpr.Compile()().EvalAddress(compilerState)); Console.WriteLine("indexedRefExpr evaluates to 0x{0:x8}", indexedRefExpr.Compile()().EvalAddress(compilerState)); }
private static void AssertSymbolicRef(SymbolicReference newRef, IRepository repo, string expectedTargetName, string expectedName) { Assert.NotNull(newRef); Assert.Equal(expectedName, newRef.CanonicalName); Assert.Equal(expectedTargetName, newRef.Target.CanonicalName); Assert.Equal(newRef.Target.CanonicalName, newRef.TargetIdentifier); Assert.Equal("4c062a6361ae6959e06292c1fa5e2822d9c96345", newRef.ResolveToDirectReference().Target.Sha); Assert.NotNull(repo.Refs[expectedName]); }
//public void Dump(string path) => new Summary(method, staticEntity, Arguments.Entities, returnValue).Dump(path); public Summary ToSummary() { // TODO: OPTIMIZATION if slot is not materialized, we can ignore it and just remove var arguments = Arguments.Entities; if (method.Parameters.Count != arguments.Length) { throw new ArgumentException("method.Parameters.Count != arguments.Length"); } //return new Summary(method, staticEntity, arguments, returnValue?.MergeEntities()); // Optimizing var context = new SymbolicReference.VisitingContext(); // Add roots to the context to avoid removing it context.Visit(staticEntity); for (var i = 0; i < arguments.Length; i++) { var argument = arguments[i]; context.Visit(argument); } SymbolicReference returnEntity = null; if (returnValue != null) { returnEntity = returnValue.MergeEntities(); context.Visit(returnEntity); } // Remove empty entities staticEntity.RemoveEmptyEntities(context); for (var i = 0; i < arguments.Length; i++) { var argument = arguments[i]; argument.RemoveEmptyEntities(context); } returnEntity?.RemoveEmptyEntities(context); // Remove non-reachable possible input/tainted entities //OptimizePossibleTaintedEntities(context, arguments); // Create summary return(new Summary(Signature, staticEntity, arguments, returnEntity, MethodCallCount, InstructionCount)); }
public ExecutionContext(ImmutableStack <string> callStack, MethodUniqueSignature signature, MethodDef method, bool enableStaticFields, bool markInputArguments) { this.method = method; this.enableStaticFields = enableStaticFields; CallStack = callStack; Signature = signature; staticEntity = new SymbolicReference(); Static = new SymbolicSlot(staticEntity); var countArguments = method.GetParameterCount(); Arguments = new ArgumentContext(signature, countArguments, markInputArguments); InstructionCount = method.HasBody ? (double)method.Body.Instructions.Count : 0; }
public ArgumentContext(MethodUniqueSignature signature, int count, bool markInput) { this.count = count; root = new SymbolicReference(); slots = new SymbolicSlot[count]; for (int id = 0; id < count; id++) { var entity = new SymbolicReference(new ArgumentSource(id, signature)); if (markInput) { entity.MarkInput(); } root.StoreField(SymbolicReference.ArgumentPrefix + id, entity); slots[id] = new SymbolicSlot(entity); } }
public Summary(MethodUniqueSignature signature, SymbolicReference staticContext, SymbolicReference[] arguments, SymbolicReference returnValue, double methodCallCount, double instructionCount) { Signature = signature; Static = staticContext; Arguments = arguments; ReturnValue = returnValue; MethodCallCount = methodCallCount; InstructionCount = instructionCount; //if (method.FullName.Contains("System.Text.StringBuilder::.ctor(System.Int32,System.Int32,System.Text.StringBuilder)")) //if (method.FullName.Contains("UnsafeStringCopy")) //if (method.FullName.Contains("Return")) { // Dump(); } }
private void Traverse(TextWriter writer, SymbolicReference rootNode, Dictionary <SymbolicReference, ulong> nodes, HashSet <(ulong, ulong, string)> edges,
private ulong AddNode(TextWriter writer, Dictionary <SymbolicReference, ulong> nodes, SymbolicReference node, string label, ref ulong nodeId) { if (nodes.TryGetValue(node, out var id)) { return(id); } nodeId++; nodes.Add(node, nodeId); SaveNode(nodeId, label, writer); return(nodeId); }