/// <summary> /// Runs the first phase analysis. /// </summary> private void runFirstPhaseAnalysis() { State = AnalysisState.ForwardAnalysis; FirstPhaseInitialMemory = GC.GetTotalMemory(true); WatchFirstPhase.Start(); try { firstPhaseAnalysis = new Weverca.Analysis.ForwardAnalysis(controlFlowGraph, MemoryModel); IsFirstPhaseStarted = true; firstPhaseAnalysis.Analyse(); } finally { WatchFirstPhase.Stop(); FirstPhaseEndMemory = GC.GetTotalMemory(true); if (IsFirstPhaseStarted) { programPointGraph = firstPhaseAnalysis.ProgramPointGraph; analysisWarnings = AnalysisWarningHandler.GetWarnings(); securityWarnings = AnalysisWarningHandler.GetSecurityWarnings(); } } if (IsFirstPhaseStarted) { IsFirstPhaseFinished = true; } }
public void LoadWarnings() { Warnings = AnalysisWarningHandler.GetWarnings(); SecurityWarnings = AnalysisWarningHandler.GetSecurityWarnings(); }
/// <summary> /// Execute the static analysis and print results /// </summary> /// <param name="filenames">List of file name patterns from command line</param> /// <param name="memoryModel">The memory model used for analysis</param> private static void RunStaticAnalysis(string[] filenames, MemoryModels.MemoryModelFactory memoryModel, bool displayTaintFlows) { var console = new ConsoleOutput(); console.CommentLine("Using " + memoryModel.ToString()); console.CommentLine(""); foreach (var argument in filenames) { var filesInfo = Analyzer.GetFileNames(argument); if (filesInfo == null) { Console.WriteLine("Path \"{0}\" cannot be recognized", argument); Console.WriteLine(); continue; } else if (filesInfo.Length <= 0) { Console.WriteLine("Path pattern \"{0}\" does not match any file", argument); Console.WriteLine(); continue; } foreach (var fileInfo in filesInfo) { // This is for time consumption analyzing only // Analyze twice - because of omitting .NET initialization we get better analysis time //Analyzer.Run(fileInfo, memoryModel); #if TEST // Process analysis // First phase var watch = System.Diagnostics.Stopwatch.StartNew(); var ppGraph = Analyzer.Run(fileInfo, memoryModel); watch.Stop(); // Second phase var watch2 = System.Diagnostics.Stopwatch.StartNew(); var nextPhase = new TaintForwardAnalysis(ppGraph); nextPhase.Analyse(); watch2.Stop(); // Build output console.CommentLine(string.Format("File path: {0}\n", fileInfo.FullName)); var graphWalker = new GraphWalking.CallGraphPrinter(ppGraph); console.CommentLine(string.Format("Analysis completed in: {0}ms\n", watch.ElapsedMilliseconds)); //graphWalker.Run(console); console.Warnings(AnalysisWarningHandler.GetWarnings(), AnalysisWarningHandler.GetSecurityWarnings()); console.CommentLine(string.Format("Analysis completed in: {0}ms\n", watch.ElapsedMilliseconds)); console.CommentLine(string.Format("The number of nodes in the application is: {0}\n", numProgramPoints(new HashSet <ProgramPointGraph>(), new Dictionary <string, HashSet <int> >(), ppGraph))); //printIncludes(console, ppGraph); //console.CommentLine(string.Format("Analysis in the second phase completed in: {0}ms\n", watch2.ElapsedMilliseconds)); //console.WarningsTaint(nextPhase.analysisTaintWarnings); if (ppGraph.End.OutSet != null) { console.CommentLine(string.Format("The number of memory locations is: {0}\n", ppGraph.End.OutSnapshot.NumMemoryLocations())); int[] statistics = ppGraph.End.OutSnapshot.GetStatistics().GetStatisticsValues(); console.CommentLine(string.Format("The number of memory entry assigns is: {0}\n", statistics[(int)Statistic.MemoryEntryAssigns])); console.CommentLine(string.Format("The number of value reads is: {0}\n", statistics[(int)Statistic.ValueReads])); console.CommentLine(string.Format("The number of memory entry merges is: {0}\n", statistics[(int)Statistic.MemoryEntryMerges])); console.CommentLine(string.Format("The number of index reads is: {0}\n", statistics[(int)Statistic.IndexReads])); console.CommentLine(string.Format("The number of value reads is: {0}\n", statistics[(int)Statistic.ValueReads])); } else { console.CommentLine(string.Format("Snapshot statistics are not available, because end point was not reached")); } #else console.CommentLine(string.Format("File path: {0}\n", fileInfo.FullName)); TaintForwardAnalysis nextPhase = null; System.Diagnostics.Stopwatch watch = null; try { watch = System.Diagnostics.Stopwatch.StartNew(); var ppGraph = Analyzer.Run(fileInfo, memoryModel); watch.Stop(); if (ppGraph.End.OutSet != null) { //console.ProgramPointInfo("End point", ppGraph.End); } else { //console.Error("End point was not reached"); } console.CommentLine(string.Format("First phase of the analysis completed in: {0} seconds\n", watch.ElapsedMilliseconds / 1000)); nextPhase = new TaintForwardAnalysis(ppGraph); nextPhase.Analyse(); } catch (OutOfMemoryException) { watch.Stop(); console.Error(string.Format("The analyser ran out of memory after {0} seconds, terminating the analysis.\n", watch.ElapsedMilliseconds / 1000)); } catch (Exception e) { console.Error("Analyser crashed (" + e.Message + ")."); } finally { console.Warnings(AnalysisWarningHandler.GetWarnings(), nextPhase != null ? nextPhase.analysisTaintWarnings : new List <AnalysisTaintWarning>(), displayTaintFlows); } #endif } //Console.ReadKey(); Console.WriteLine(); } }
private static void RunStaticAnalysis(string[] filenames, MemoryModels.MemoryModelFactory memoryModel) { var bigWatch = System.Diagnostics.Stopwatch.StartNew(); var console = new ConsoleOutput(); foreach (var argument in filenames) { var filesInfo = Analyzer.GetFileNames(argument); if (filesInfo == null) { fileOutput.WriteLine("Path \"{0}\" cannot be recognized", argument); fileOutput.WriteLine(); continue; } else if (filesInfo.Length <= 0) { fileOutput.WriteLine("Path pattern \"{0}\" does not match any file", argument); fileOutput.WriteLine(); } foreach (var fileInfo in filesInfo) { console.CommentLine(string.Format("File path: {0}\n", fileInfo.FullName)); //try { var watch = System.Diagnostics.Stopwatch.StartNew(); var ppGraph = Analyzer.Run(fileInfo, memoryModel); watch.Stop(); GC.Collect(); GC.WaitForPendingFinalizers(); var watch2 = System.Diagnostics.Stopwatch.StartNew(); var nextPhase = new TaintForwardAnalysis(ppGraph); nextPhase.analysisTaintWarnings = new List <AnalysisTaintWarning>(); if (SECOND_PHASE) { nextPhase.Analyse(); } watch2.Stop(); fileOutput.WriteLine("Analysis warnings:"); var firstPhaseWarnings = AnalysisWarningHandler.GetWarnings(); //PrintWarnings(new List<AnalysisWarning>()); PrintWarnings(firstPhaseWarnings); var firstPhaseSecurityWarnings = new List <AnalysisSecurityWarning>(); if (!SECOND_PHASE) { firstPhaseSecurityWarnings = AnalysisWarningHandler.GetSecurityWarnings(); PrintSecurityWarnings(firstPhaseSecurityWarnings); } //fileOutput.WriteLine("Security warnings with taint flow:"); if (SECOND_PHASE) { PrintTaintWarnings(nextPhase.analysisTaintWarnings); } fileOutput.WriteLine("Variables:"); var processedPPGraphs = new HashSet <ProgramPointGraph>(); var processedPPoints = new HashSet <ProgramPointBase>(); writeAll(ppGraph, ref processedPPGraphs, ref processedPPoints); bigWatch.Stop(); fileOutput.WriteLine("Overview:"); fileOutput.WriteLine("Total number of warnings: " + (firstPhaseWarnings.Count + firstPhaseSecurityWarnings.Count + nextPhase.analysisTaintWarnings.Count)); fileOutput.WriteLine("Number of warnings in the first phase: " + firstPhaseWarnings.Count); fileOutput.WriteLine("Number of warnings in the second phase: " + nextPhase.analysisTaintWarnings.Count); fileOutput.WriteLine("Weverca analyzer time consumption: " + bigWatch.ElapsedMilliseconds); fileOutput.WriteLine("First phase time consumption: " + watch.ElapsedMilliseconds); fileOutput.WriteLine("Second phase time consumption: " + watch2.ElapsedMilliseconds); var programLines = new Dictionary <string, HashSet <int> > (); fileOutput.WriteLine("The number of nodes in the application is: " + Program.numProgramPoints(new HashSet <ProgramPointGraph>(), programLines, ppGraph)); var programLinesNum = 0; foreach (var script in programLines.Values) { programLinesNum += script.Count; } fileOutput.WriteLine("The number of processed lines of code is: " + programLinesNum); } /* * catch (Exception e) * { * fileOutput.WriteLine("error"); * //console.Error(e.Message); * fileOutput.WriteLine (e.Message); * }*/ } } }