Fraunhofer-AISEC · aewag · Mar 16, 2022 · Mar 18, 2022 · Mar 18, 2022 · Mar 22, 2022
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -30,3 +30,11 @@ jobs:
       - run: |
           black --version
           black --check --diff .
+  clang-format:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: sudo apt-get install clang-format
+      - run: |
+          clang-format -style="{IndentWidth: 4}" --dry-run --Werror -i *.{c*,h*,H}
+        working-directory: pintool
diff --git a/analysis/analyze.py b/analysis/analyze.py
@@ -67,7 +67,6 @@
     SPLeak,
     TraceQueue,
     Type,
-    MaskType,
     Leak,
 )
 import multiprocessing
@@ -320,9 +319,6 @@ def iterate_queue(files, fast=True):
                 assert e1.data != 0
                 assert e2.data != 0
                 assert queues[0].callstack == queues[1].callstack
-                if Type(e1.type) in (Type.HREAD, Type.HWRITE):
-                    e1.data &= 0x00000000FFFFFFFF
-                    e2.data &= 0x00000000FFFFFFFF
                 if e1.data != e2.data:
                     report_dataleak(queues[0].callstack, e1, e2)
             else:
@@ -333,11 +329,6 @@ def iterate_queue(files, fast=True):
                 # Mixture of heap and non-heap read/write. Maybe, heap tracking is imprecise
                 # We require that both elements are either (h)read or (h)write
                 debug(0, "Imprecise heap tracking @ %08x", (e1.ip))
-                # assert((e1.type | MaskType.HEAP.value) == (e2.type | MaskType.HEAP.value))
-                if (e1.type | MaskType.HEAP.value) > 0:
-                    e1.data &= 0x00000000FFFFFFFF
-                if (e2.type | MaskType.HEAP.value) > 0:
-                    e2.data &= 0x00000000FFFFFFFF
                 report_dataleak(queues[0].callstack, e1, e2)
             else:
                 # This should never happen. We miss some conditional branches in the code
@@ -610,7 +601,7 @@ def generic_leakage_test(fixed, random):
     debug(1, "")
 
     # iterate over leaks
-    debug(0, "Got %d trace differences.", (len(fixedleaks)))
+    debug(1, "Got %d trace differences.", (len(fixedleaks)))
     sys.stdout.flush()
     for (idx, (fl, rl)) in enumerate(zip(fixedleaks, randomleaks)):
         msg = {"warning": "", "leak": ""}
@@ -638,7 +629,7 @@ def generic_leakage_test(fixed, random):
         if _glt_sanity_check_abort([len(fl.evidence), len(rl.evidence)]):
             msg["warning"] += f"    warning: {len(fl.evidence)} evidences for fixed\n"
             msg["warning"] += f"    warning: {len(fl.evidence)} evidences for random\n"
-            debug(0, msg["warning"])
+            debug(1, msg["warning"])
             continue
 
         (fnum, fnum_uniq, fdic) = _glt_gather_information(fl)
@@ -760,7 +751,7 @@ def specific_leakage_test(random, callback, keys, LeaksOnly=True, mp=False):
 
     # process leaks
     randomleaks = extract_leakdiff_to_array(random, LeaksOnly=LeaksOnly)
-    debug(0, "Got %d leaks.", (len(randomleaks)))
+    debug(1, "Got %d leaks.", (len(randomleaks)))
     sys.stdout.flush()
 
     # convert keys with callback
@@ -806,7 +797,7 @@ def specific_leakage_test(random, callback, keys, LeaksOnly=True, mp=False):
 
         # sanity check
         if len(rl.evidence) == 0:
-            debug(0, "Warning: no evidences")
+            debug(1, "Warning: no evidences")
             continue
 
         # gather information -- leaks
@@ -873,7 +864,7 @@ def specific_leakage_test(random, callback, keys, LeaksOnly=True, mp=False):
         assert len(X_labels) == X.shape[1]
 
         if X.shape[0] != len(keys):
-            debug(0, "Warning: callback returned wrong matrix!")
+            debug(1, "Warning: callback returned wrong matrix!")
             continue
 
         ######
@@ -941,9 +932,9 @@ def report_spleak(rl, cleak):
             # Print progress
             if len(randomleaks) > 100:
                 if (rli % int(len(randomleaks) / 10)) == 0:
-                    debug(0, "[Progress] %6.2f%%", ((rli * 100.0) / len(randomleaks)))
+                    debug(1, "[Progress] %6.2f%%", ((rli * 100.0) / len(randomleaks)))
             else:
-                debug(0, "[Progress] %d/%d", (rli + 1, len(randomleaks)))
+                debug(1, "[Progress] %d/%d", (rli + 1, len(randomleaks)))
             sys.stdout.flush()
     if mp:
         pool_size = multiprocessing.cpu_count()
@@ -1005,7 +996,7 @@ def precompute_single(input):
 
 def get_rdc_single(N, alpha):
     limit = rdctest.RDC.rdc_sigthres(N, alpha)
-    debug(0, "RDC_limit=%f for N=%d, alpha=%f", (limit, N, alpha))
+    debug(1, "RDC_limit=%f for N=%d, alpha=%f", (limit, N, alpha))
 
 
 """
@@ -1126,7 +1117,7 @@ def collapse_leaks(leaks, collapse_cfleaks, granularity, resfilter=""):
     if len(resfilter) > 0:
         filterarr = resfilter.replace('"', "").replace("'", "").split(";")
         for f in filterarr:
-            debug(0, "Filtering results for: " + f)
+            debug(1, "Filtering results for: " + f)
     if mask == -1 and not collapse_cfleaks:
         # Nothing to collapse
         return leaks

diff --git a/analysis/datastub/SymbolInfo.py b/analysis/datastub/SymbolInfo.py
@@ -24,9 +24,11 @@
 # @version 0.3
 
 
-import sys
+import copy
 import os.path
+import shlex
 import subprocess
+import sys
 from operator import itemgetter
 from datastub.SortedCollection import SortedCollection
 from datastub.utils import debug
@@ -35,6 +37,38 @@
 *************************************************************************
 """
 
+DEBUG_SYMBOLS = dict()
+
+def getdebugsymbol(sym, address):
+    if address in DEBUG_SYMBOLS:
+        debug(3, f"found symbol {DEBUG_SYMBOLS[address]} at {hex(address)}")
+        return DEBUG_SYMBOLS[address]
+    offset = address - sym.img.lower
+    command = f"gdb -ex 'set print asm-demangle on' -ex 'x/i {hex(offset)}' -ex quit {sym.img.name}"
+    output = subprocess.check_output(shlex.split(command)).decode("utf-8")
+    line = str()
+    lines = output.splitlines()
+    for line in reversed(lines):
+        tmp = line.lstrip().split(" ", 1)[0]
+        if tmp == hex(offset):
+            break
+    line = line.split("<", 1)[1]
+    line = line[::-1].split(">", 1)[1]
+    line = line[::-1]
+    DEBUG_SYMBOLS[address] = line
+    return line
+
+
+def getdebugelf(fname):
+    command = f"gdb -ex quit {fname}"
+    output = subprocess.check_output(command.split(" ")).decode("utf-8")
+    lines = output.splitlines()
+    assert lines[-2].find(fname) != -1
+    if lines[-1].find("No debugging symbols found") != -1:
+        return None
+    assert lines[-2].find("Reading symbols from") != -1
+    return lines[-1].split(" ")[-1].split("...")[0]
+
 
 def readelfsyms(fname, image):
     try:
@@ -53,7 +87,13 @@ def readelfsyms(fname, image):
         return None
 
     if lines is None or len(lines) == 0:
-        return None
+        debug(0, f"No symbols found in {fname}")
+        fname = getdebugelf(fname)
+        if fname is None:
+            debug(0, f"GDB didnot found any debug file")
+            return None
+        debug(0, f"GDB found debug file: {fname}")
+        return readelfsyms(fname, image)
 
     syms = []
     for line in lines:
@@ -175,6 +215,11 @@ def lookup(cls, address):
         assert cls.instance is not None
         try:
             (_, sym) = cls.instance.symbols.find_le(address)
+            if sym.name[0].find("_init") >= 0:
+                sym = copy.deepcopy(sym)
+                sym_name = getdebugsymbol(sym, address)
+                sym.name[0] = sym_name
+                return sym
             return sym
         except ValueError:
             return None