package binsec

  1. Overview
  2. Docs
Semantic analysis of binary executables

Install 

dune-project
 Dependency

binsec.github.io Readme Changelog LGPL-2.1-or-later License Edit opam file Versions (19)

Authors

  1. A
    Adel Djoudi
  2. B
    Benjamin Farinier
  3. C
    Chakib Foulani
  4. D
    Dorian Lesbre
  5. F
    Frédéric Recoules
  6. G
    Guillaume Girol
  7. J
    Josselin Feist
  8. L
    Lesly-Ann Daniel
  9. M
    Mahmudul Faisal Al Ameen
  10. M
    Manh-Dung Nguyen
  11. M
    Mathéo Vergnolle
  12. M
    Mathilde Ollivier
  13. M
    Matthieu Lemerre
  14. N
    Nicolas Bellec
  15. O
    Olivier Nicole
  16. R
    Richard Bonichon
  17. R
    Robin David
  18. S
    Sébastien Bardin
  19. S
    Soline Ducousso
  20. T
    Ta Thanh Dinh
  21. Y
    Yaëlle Vinçont
  22. Y
    Yanis Sellami

Maintainers

  1. B
    BINSEC <binsec@saxifrage.saclay.cea.fr>

Sources

binsec-0.11.0.tbz
sha256=4cf70a0367fef6f33ee3165f05255914513ea0539b94ddfef0bd46fc9b42fa8a
sha512=cd67a5b7617f661a7786bef0c828ee55307cef5260dfecbb700a618be795d81b1ac49fc1a18c4904fd2eb8a182dc862b0159093028651e78e7dc743f5babf9e3

doc/src/binsec_sse_quick_merge/binsec_sse_quick_merge.ml.html

Source file binsec_sse_quick_merge.ml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
(**************************************************************************)
(*  This file is part of BINSEC.                                          *)
(*                                                                        *)
(*  Copyright (C) 2016-2026                                               *)
(*    CEA (Commissariat à l'énergie atomique et aux énergies              *)
(*         alternatives)                                                  *)
(*                                                                        *)
(*  you can redistribute it and/or modify it under the terms of the GNU   *)
(*  Lesser General Public License as published by the Free Software       *)
(*  Foundation, version 2.1.                                              *)
(*                                                                        *)
(*  It is distributed in the hope that it will be useful,                 *)
(*  but WITHOUT ANY WARRANTY; without even the implied warranty of        *)
(*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *)
(*  GNU Lesser General Public License for more details.                   *)
(*                                                                        *)
(*  See the GNU Lesser General Public License version 2.1                 *)
(*  for more details (enclosed in the file licenses/LGPLv2.1).            *)
(*                                                                        *)
(**************************************************************************)

open Types

type ('value, 'model, 'state, 'path, 'a) field_id +=
  | Sibling : ('value, 'model, 'state, 'path, 'path option) field_id
  | Waiting : ('value, 'model, 'state, 'path, bool) field_id

type Ir.builtin += Join of Dba.Expr.t

module Plugin : PLUGIN = struct
  let name = "quick-merge"

  let fields _ =
    [
      Field { id = Sibling; default = None; copy = None; merge = None };
      Field { id = Waiting; default = false; copy = None; merge = None };
    ]

  let extensions :
      type a. (module ENGINE with type Path.t = a) -> a extension list =
   fun engine ->
    let module Engine = (val engine) in
    let module Path = Engine.Path in
    let sibling = Engine.lookup Sibling and waiting = Engine.lookup Waiting in
    let release path =
      Path.set path sibling None;
      if Path.get path waiting then (
        Logger.info "wake up";
        Path.set path waiting false;
        Engine.resume path Return)
    in
    [
      Builtin_printer
        (fun ppf -> function
          | Join e ->
              Format.fprintf ppf "join if %a is symbolic"
                Dba_printer.Ascii.pp_expr e;
              true
          | _ -> false);
      Instrumentation_routine
        (fun graph ->
          Revision.iter_new_vertex
            (fun vertex ->
              match Revision.node graph vertex with
              | Fallthrough { kind = Assume exp | Assert exp; _ }
              | Branch { test = exp; _ }
              | Terminator { kind = Jump { target = exp; _ }; _ } ->
                  Revision.insert_before graph vertex (Builtin (Join exp))
              | _ -> ())
            graph);
      Fork_callback
        (fun path0 path1 ->
          Option.iter release (Path.get path0 sibling);
          Path.set path0 sibling (Some path1);
          Path.set path1 sibling (Some path0));
      Builtin_resolver
        (function
        | Join exp ->
            Call
              (fun path0 ->
                match Path.get path0 sibling with
                | Some path1 when Path.is_symbolic path0 exp ->
                    Path.set path0 sibling None;
                    if Path.get path1 waiting then (
                      Path.set path1 waiting false;
                      Merge ([ path1 ], Return))
                    else (
                      Path.set path0 waiting true;
                      Signal Stashed)
                | None | Some _ -> Return)
        | _ -> Unknown);
      Signal_callback
        (fun path0 status ->
          match Path.get path0 sibling with
          | Some path1 when status <> Stashed || not (Path.get path0 waiting) ->
              release path1
          | None | Some _ -> ());
    ]
end