Permalink
Browse files

Primus - the Microexecution Framework (#651)

* a first step to a better microxecution

* Removed trace from the Biri.context

   It will not store a trace in the context anymore. The trace was used
   only for evaluation of phi nodes, as we need to know where we came
   from.

   Since, phi nodes are rarely (if ever) occurs in real programs, we
   don't need to pay for them, if we don't use them. The default biri
   interpreter will evaluate all phi-nodes to unknown values. In case if
   it is needed we can implement an interpreter capable of evaluating
   phi-nodes under some enriched context.

* Added polymorphic `enter_term`/`leave_term` methods to the
  `Biri.context`. These methods by default provides lots of
  information to the context.

* Added `current` method to the `Biri.context` that evaluates to a tid
  of a currently evaluated term.

* Rewrote microx_conqueror

  The idea is to remove code from the context and interpreter and put it
  into reusable components. The derived classes must only dispatch
  information to these components. In particular, this patch will reify
  a traversing method and early escaping into first class values, that
  can be combined and reused. This is much better than reusing code with
  inheritance that is very fragile and non-modular.

** A trace limiter defines how and when a trace should be stopped. It is
   reified into `limit` abstract type, that is a first class value, that
   can be chosen dynamically and passed as a parameter to a
   context. Loop escaping mechanism, as well as trace bounding are
   implemented as instances of this type.

** Graph traversal policy is reified into a value of type `'s crawler`,
   that stores context of type '`s` as checkpoints. Three instances are
   prototyped:

    - deterministic - no checkpoints, only one path is executed;
    - exponential - every path is executed, leading to exponential blow up;
    - linear - only linearly independent paths are visited, leading to a
      linear complexity.

   Removed callstack tracking. No more special tracking of return
   statement. In non-deterministic mode we will rely on backtracking
   mechanism for escaping from dead ends like PLT entries. In
   deterministic mode we should provide PLT summaries for that or will
   stop.

* Small fix in the Table module. Some functions were accidentally
hidden.

* forked conqueror from microx

* generalized interpeters with a monad type

This commit will not touch the API, as bap.mli is remained
unchanged. The commit will serve as a testimony that the API is
unchanged, as all changes satisfy unchanged bap.cmi.

Ideally, we should make a CI test, that will check, that new cmis are
subsests of the old one (or that new implementations satisfy old cmis).

* update interface with the generalized interpreters

* wip

just to make sure, that is stored somewhere else

* added lot's of monad transformers

Option, List, Seq, Writer, Reader, State, Fun, Lazy, Cont

forgot to add Result...

* added Result monad

Error and Reader monads now have Make and Make2 functors. The first will
create a monad with one type parameter, and will concretize state/error
to the value of type passed as a first parameter of
functor. Consequently, Make2 will create a monad with two type
variables, with the second ranging over arbitrary state/error types.

* state monad now also has Make and Make2

only Cont is left, but I'm afraid of her...

* added `call ~cc` to continuation monad.

* woof ... Cont monad now also two-fold

* moved monads into a separate library

added common .mli file

* moved to the new monads library

* implemented MultiState monad

a State monad with multiple states.

* playing with the implementation.

* started to define Primus monad.

* moved multi to monads library, split primus

* add fail to primus monad.

* moved error into separate module

started implementing interpreter.

* added random number generators

* wip

* added generator and iterator concepts

* added observation type

* factored observation out of machine

the observation type, and the statement mandate do not depend on
the context itself.

* added the component system and the run function.

Basically, the kernel is ready

* implemented interpreter

it should be possible to implement tainter based
on this interpreter

* added interface to the interpreter

* implemented virtual memory interface

except the brk setter/getter. Neet to rethink how
much control I'm ready to give away...

* finished memory implementation.

* moved the interpreter to the new memory backend

* added env module

* added inspectors to env and memory

* rearranged the library

gathered everything under the std umbrella

* added primus linker

* added primus_elf library

* fix a bug in the IR lookup function

The caching will break, after term is transformed,
this fix, will relax the requirement, and actually
will do the lookup more efficiently.

* factored out components state out of machine monad

So that now we will create state keys once and only once.

* primus is able to run a simple program.

* added primus lisp machine

* extended the builtin lisp

1. added `and` and `or` special forms
2. let bounded variables are now mutable (everything is mutable)
3. let-bounding now binds mutliple variables
4. added attributes that can be added with (declare) special form
5. added hooks that can be populated with (advice) special form
6. simplified the builtin interface
7. added many builtins
8. added `while` special form for imperative looping
9. implemented all operations.

* added module level declarations

finished advisers

* started to stub libc

* added CLOS-style definition dispatching

We allow multiple definitions (including macro definitions) with the
same name. A definition may specify a context under which it makes
sense. When a name is resolved under the given context, a resolution
set is reified in four steps:

Step 1. Find all definitions with the given name.
Step 2. Filter definitions that is applicable to the current context.
Step 3. Filter definitions that has more specific context (i.e., drop
     those that are more generic than any other competing definition)
Step 4. Filter definitions that cannot be applied (i.e., like SFINAE,
     that actually allows overloading, i.e., having two definitions
     that have different arities or types of arguments)

On the supporting library, added array library, that creates an array
abstraction.

* invoke Lisp_machine properly from the interpreter

Now, the interpreter is responsible for binding arguments and evaluating
the return value. It still looks like, that we're drawing an incorrect
abstraction boundary, as the interpreter is now taking to much
responsibilities, that it will not be able to fulfill. For example,
given more complex calls with hidden arguments we will need to have a
complex interaction between function declarations and ABI. For example,
if a function returns a structural object, or it is a C++ member
function, then it will have a hidden parameter, that should be declared
from the lisp side, e.g.,

     (defun make-point (x y)
        (declare (hidden self))
        (struct-write point_t self x x)
        (struct-write point_t self y y))

The `struct-write` should be a builtin function, that is implemented
in OCaml, and calls to existing ABI/API stuff.

* rearranged library, made some functions macros

* put lisp library into a plugin

So that it can be loaded without touching the primus library.

* wip

* primus is now feature to execute a simple program

E.g.,
```
$ bap arm-linux-gnueabi-print_some_strings --symbolizer=ida --primus-lisp-library-load=libc-init,putchar --run
Be not afraid of greatness:
some are born great, some achieve greatness
and some have greatness thrust upon them
To thine own self be true, and it must follow
as the night the day, thou canst not
then be false to any man
The course of true love never did run smooth
```

`libc-init` and `putchar` are stubs for the libc intialization
procedures (as the emulation starts from the entry point), and putchar
is another libc function that is used in the program, here is the code
of the emulated program:

```c

void print_endline(const char *msg) {
    char *p = msg;
    while (*p) putchar(*p++);
    putchar('\n');
}

int main(int argc, const char **argv) {
    print_endline("Be not afraid of greatness:");
    print_endline("some are born great, some achieve greatness");
    print_endline("and some have greatness thrust upon them");
    print_endline("To thine own self be true, and it must follow");
    print_endline("as the night the day, thou canst not");
    print_endline("then be false to any man");
    print_endline("The course of true love never did run smooth");
}
```

* fixed the allocation of the main function stack

accidentally added an extra layer of indirection.

* adds command line to the run pass

actually passing command line arguments via the command line arguments
is very error-prone. Probably, we should use environent to bypass the
command line parsing. Also, using `--` style would probably be not a bad
idea, so that the shell will be doing the tokenization for us.

* stores entry point in the project dictionary

Now a loader can optionally apply arbitrary transformation to the finaly
recovered project data structure. In particular, we use this feature to
store the entry point in the program dictionary.

* includes monad implementation in the Option module

I've forgot to provide the default implementation parameterized by the
identity monad.

* uses all available symbolizers by default

We used to have this behavior before, but at some point we started to
default on the internal symbolizer (that is dump). I can't recall the
reason, but I hope that there was one. Nowadays, I don't see any
sufficient reasons for not using all the provided information. Probably,
originally we used different merging strategy - now the strategy will
take the first name, that is known to the symbolizer, and will fall back
to a `sub_XXXX` if and only if the name is not known.

As a result, now it is not needed to specify explicitly
`--symbolizer=ida` to get good naming, if IDA is installed, it will be
used automatically.

There is, however, some caveat - if two symbolizers are providing
different names to the same subroutine, then, depending on a order of
installation (basically random), subroutines will be named
differently. Probably, we should invent some mergin strategy that will
collect all naming suggestions and deal with the ambigious names.

* uses entry point as a root for disassembly

It is hard to say, whether the entry point is actually a subroutine, but
it is definitely a good place to disassemble.

* speeds up the compilation

a service commit, that will build plugins in parallel and employ more
threads when building the main program.

* uses beta-reduction for evaluating let-expressions

The previous implementation used host's stack to store previous values
of a let-bound variable. However, such behavior, leads to an unnecessary
side effects, like an access to an undefined variable. Even worse, after
an evaluation of a let-expression the environment will be poisoned by a
new non-existent binding.

The new implementation follows closely (if not to say literally) the
semanitcs of the BIL language. The let expression is first beta-reduced,
i.e., all bindings are basically inlined. As a result, the let-bindings
are now more of a syntactic sugar. We probably should publish this
function, so that it can be used in other analyses, that don't want to
reason about let-expressions.

The beta-reduction is applied in a clever way that doesn't require an
alpha-conversion. Basically, the bindings are pushed into a
stack (finite map), and applied in the order (exactly as it is described
in the operational semantics).

* adds heuristics for identification of `main'

The heuristic is simple, the main function is the function that is
passed to the `__libc_start_main` function. If the latter name exists,
then we can definitely find the `main` function. Of course, this
heuristic relies on a presence of `__lic_start_main` that is probably
specific to the gcc/glibc, but we will try to find corresponding
functions for other ABI.

* links Lisp machine via the linker interface

The Interpreter is now independent of the Lisp machine and uses only the
linker interface to call subroutines. The Lisp machine is added as a
regular machine component via the linker interface. The linked code is
now parametrized by an interpreter instance.

Also the Lisp machine tries to evaluated as much as possible during the
linking phases, so that the errors are not delayed until the runtime.

* loads bss section

Added backend image to the project dictionary, so that it can be used in
the loader to get bss and other sections.

* adds support for virtual segments and much more

This is a big commit, and it is very hard to split it into
independent but still working commits. So here is the summary:

1. support for virtual segments

   A virtual segment is a segment that is not backed by any data in a
   file, but should be loaded by a loader. Think of bss segment. This
   commit introduces a support for such kind of segments. A backend can
   set a negative offset, to signify that a segment is virtual. Then the
   image loader will not touch this segment, but it will be accessible
   via the `Image.virtuals` function.

2. store file loader infromation in the project

   Loaders provide strictly more information then the Image data
   structure stores. Moreover, the backend representation of a loader is
   storable, since it is totally inductive type, so we can put it into a
   project data structure. A new function `backend_image` is added to
   the `Image` module.

3. store abi descriptor

   A new `Bap_abi.name` tag is added, and all abi passes are storing the
   name of the detected/applied abi in the project dictionary.

4. support for virtual segments in COFF loader
   other loaders are still waiting their chances

5. COFF loader now uses virtual size of the segments
   previosly it was size of raw data, that is incorrect, according to
   the specification, it should be the virtual size

6. corrected a call to the linker in the primus interpreter
   When we hit an unresolved jump target we should first ask Linker
   whether he has it linked and only if not, then we should jump to
   a block.

7. added more contextual attributes
   now we have arch and abi context classes. Arch is actually abi
   subclass.

8. fixed lisp macro overloading resolution

9. fixed lisp macro parameters substitution

10. implemented memory-read and memory-write builtins

11. added primus-x86 plugin that implements Primus CSP for x86
    Currently its only initializes CPU flags. It is funny, but
    in x86 some flags are left unitialized, for example the direction
    flag (DF). Although it is undocumented, but it is assumed that is
    is equal to zero, unless anyone called STD. In that case (it is also
    undocumented) a caller is responsible for clearing it back with
    CLR. (x86 is so crappy).

12. added some support code for windows CRT

    we are still unable to pass through the CRT functions, because our
    lifters do not really understand segmented memory model, and it is
    used to initialized TLS. I, myself, don't really understand how
    windows works wrt to TLS, so I decided to postpone this task a
    little bit (especially, since we currently don't really need it).

13. a few fixes in Lisp library and new additions

    added strlen and fputs functions

14. primus loader will now initialize all registers to 0
    previously, the were initializes with random generators, but
    probably it is more correct to set them to zero.

* factors primitives into a plugin, extends loader

The primitives are moved from the Lisp library into a plugin.

The loader now sets the brk, endp, etext and edata variables. This makes
it feature ready for implementing malloc primitive.

* adds the `msg` special form to primus lisp

The `msg` form accepts a formatted output.

* implements memory allocation primitives

and some more, still doesn't work though.

* allows errors in format messages

an error that occurs during the evaluation of a formatted message will
not terminate the machine, but instead will be printed.

* primus now emulatates our test program

In fact it is even able to emulate an extended program, that I will
commit to the testsuite soon. The program uses malloc, free, memmove,
strlen, strcpy, strchr, and putchar to copy and parse user input, and
print it out.

Performance-wise, the testing programs runs twice as faster than qemu.

* switched the testsuite to the primus branch

* tracks pc address in the interpreter

makes things easier to track, also it is a usefull statistics.

* enables stack calls in invoke-subroutine

previously, it was impossible to pass arguments via the stack from Lisp
to binary, now it works fine - the stack frame is allocated, filled with
arguments, and deallocated once it is no longer needed.

* adds auxv parameter to __libc_start_main

It is not always passed (depending on libc configuration), but it
shouldn't hirt.

* raises the stack base pointer

Previous value was 16Mb with 8MB reserved for the stack, leaving
8Mb-sizeof(bss+code+data) for the heap.

The new value is 1GB, leaving about a gigabyte for the heap.

* fixes stdcall abi

The SP address is reserved for the return address, and it is the caller,
who should decrease the SP.

* applies abi to a newly found main function

If a heuristic for main function identification works, then we shouldn't
forget to apply the abi transformations on it.

* relaxes primus linker

the linker no longer requires tid, so now it is possible to link a code
based on its address, and/or name, and/or tid. It is even possible to
link it without any references.

* adds few function summaries and fixes few bugs

implemented strrchr, memrchr, getenv and stubed few other functions.

* synced with testsuite

* rewrote beagle

now beagle works on the Primus framework and uses completely different
detection mechanism.

* fixes an undefined behavior in CF value after move

So far, an undefined behavior was encoded with the `CF := CF`
statement. We have a constructor `Unknown` for introducing undefined
values.

* wrapped primus module into the Primus namespace

* moves monad syntax signatures in a separate module

useful for referencing them in monad implementation, especially if an
implementation decided to extend the syntax.

* reimplements conquerori using Bap.Std interface

the questio is: do we really need it. Maybe I will remove this module in
the next few commits.

* removes conqueror library

it is indeed not used anymore, and the backward compatibility is handled
by the bap_microx library.

* deprecates microx library

* adds the >>> operator to Primus.Machine

this is a short hand for the Observation.observe.

* moves all primus units into bap_ namespace

* adds bap_primus.mli

* renames primus-lisp-library to primus-lisp

* moves trapper from beagle to bap_strings

also renames it to a more general unscrambler.

* adds the strings plugin

and the Strings.Scanner module, that is a generic string finder.

* sync the testsuite

* initial ideas of the OGRE

* wip

* implements OGRE parser

* implements OGRE antiparser

* makes parser more robust to trailing whitespaces

* changes representation format

Now the format is streamable, i.e., it is not needed to parse the whole
document. Moreover, the definitions may be interspersed by the
definitions, though the declaration of an attribute should precede any
its definitions.

* implements Ogre expressions

now it is possible to perform arbitrary queries

* adds a type-safe query interface to OGRE

* adds a floating type and fixes expression parser

* adds foreach monadic operation

* first more or less working version of Ogre

* fixes few storage issues in Ogre and adds docs

The signature was stored and in the reversed order, so all tuples were
written in a reverse. Also fixed an issue with double quoting of string
parameters.

* fixes an empty row query

if a row is empty we shouldn't even try to access to the columns.

* adds more docs and few changes to the interface

We now more or less distinguishing between an error that denotes that a
document is not well-formed and a system error. They should not be
merged. Currently we're raising an exception in case of the latter, this
however brings us into a world of doomed who raises an exception from a
function that returns a result. Probably, in the future we will switch
from the Or_error.t, to some error type, that distinguishes between
different kind of errors.

Note, so far the documentation describe the desired behavior, not the
actual one. We still have some work to do there (actually type-checking
is not implemented).

This commit also adds a [merge] function, that takes two documents and
merges them.

* adds attribute values typechecking

each added attribute must have correct arity and value representation.

* added description for image backends in a Ogre format

* minor

* added ogre to opam file

* added run and strings plugin to opam

* added bap-strings to opam file

* added primus stuff to opam

* removed readable from segments query

* minor

* switched to real sement sizes

* minor changes

* adds a self-join operation

This commit makes it possible to select the same attribute multiple
times (i.e., to make a self join). It also provides a new kind of
variables - the positional variables. A string-like subscript is used to
create such variable, e.g., `fld.[n]` will bind a field [fld] of the
[n]'th attribute in a selection, e.g., to find all different students
with the same name:

```
      {[select (from students $ students)
          ~join:[[field name]]
          ~where:(id.[0] <> id.[1])]}
```

This commit also fixes a bug, that was triggered when an empty attribute
was selected as a part of a bigger selection.

* mapped changed

* minor of minor

* a bunch of query optimizations

Got a ten-factor speedup, but there is still a room for improvement.

* added some doc strings + minor

* adds more optimizations

* switches to a normalized form to fasten comparison

this commit adds an equality operator that is applied to fields without
parsing them. This removes a constant factor to less than a microsecond
per entry. The algorithm is still exponential and no query optimization
(e.g., reordering and filtering before product) is done. This the field
of the future improvements.

* Ogre.foreach no longer requires a monadic result

Now a user of the `foreach` function can choose between monadic result
and immediate one. For the former, an `Ogre.Seq.all` function can be
used to move the monad out of the sequence.

* updates bap_image_ogre to the latest interface

also fixes few issues.

* moves image module to the OGRE rails

Image no longer uses the backend abstraction, except for the legacy
backends, for wich we derive an ogre specification from the backend.

* passes both virtual and physical sizes to loader

This commit adds a small workaround for the legacy loader, with which we
can pass both the virtual and the physical size of a segment. The idea,
is that for each segment in a file, we create the same named section,
that has the same base address, but the size field is filled with the
virtual size of a segment. The solution is backward compatible with the
legacy backend behavior, hence if the virtual section is not provided,
the physical size will be used.

Implementation
--------------

1. On the backend side, a vsize field was added to the segment data
structure. The old trick with negative offsets is removed, instead both
sizes are stored in the segment data structures. After an image is
created, for each segment we add a section that has the same name and
base address, but uses the vsize field as the size.

2. In the Image module, when a mapped region is created we search for
the section that has the same name and base address as the segment, that
we are constructing. If such section is found, then we use its size as a
segment size, otherwise we fallback to the size that is provided by the
segment.

P.S. All tests are passing! (At least on a machine with IDA).

* adds explicit casts for segment offsets

as clang emits an error without them.

* removes dependency from the kasprintf function

this function is not available in OCaml 4.02.3 or less.

* update testsuite

* adds libc runtime detection heuristics

Hacky and defnitely at the wrong place but works. On the other hand, I
would be happy to remove it.

* beagle et alas cleanup

now we are ready for the merge
  • Loading branch information...
ivg committed Apr 25, 2017
1 parent 5a26284 commit 3fb406ed0fcb1f999b50a5a90ae6e55728608e8b
Showing with 12,824 additions and 1,824 deletions.
  1. +8 −1 .merlin
  2. +1 −1 lib/arm/arm_flags.ml
  3. +1 −0 lib/bap/bap.ml
  4. +468 −433 lib/bap/bap.mli
  5. +19 −7 lib/bap/bap_project.ml
  6. +6 −1 lib/bap/bap_project.mli
  7. +5 −0 lib/bap_abi/bap_abi.ml
  8. +3 −0 lib/bap_abi/bap_abi.mli
  9. +96 −5 lib/bap_c/bap_c_abi.ml
  10. +4 −3 lib/bap_c/bap_c_abi.mli
  11. +0 −2 lib/bap_c/bap_c_type.ml
  12. +1 −0 lib/bap_c/bap_c_type_mapper.ml
  13. +1 −0 lib/bap_c/bap_c_type_mapper.mli
  14. +1 −1 lib/bap_c/bap_c_type_printer.ml
  15. +1 −0 lib/bap_disasm/bap_disasm_rooter.ml
  16. +1 −0 lib/bap_future/bap_future.ml
  17. +1 −0 lib/bap_future/bap_future.mli
  18. +463 −241 lib/bap_image/bap_image.ml
  19. +47 −2 lib/bap_image/bap_image.mli
  20. +1 −2 lib/bap_image/bap_table.ml
  21. +20 −6 lib/bap_image/image_backend.ml
  22. +21 −5 lib/bap_llvm/llvm_binary.hpp
  23. +1 −1 lib/bap_llvm/llvm_binary_38.hpp
  24. +2 −0 lib/bap_primus/.merlin
  25. +22 −0 lib/bap_primus/bap_primus.ml
  26. +334 −0 lib/bap_primus/bap_primus.mli
  27. +133 −0 lib/bap_primus/bap_primus_context.ml
  28. +48 −0 lib/bap_primus/bap_primus_context.mli
  29. +125 −0 lib/bap_primus/bap_primus_env.ml
  30. +12 −0 lib/bap_primus/bap_primus_env.mli
  31. +5 −0 lib/bap_primus/bap_primus_error.ml
  32. +3 −0 lib/bap_primus/bap_primus_error.mli
  33. +101 −0 lib/bap_primus/bap_primus_generator.ml
  34. +29 −0 lib/bap_primus/bap_primus_generator.mli
  35. +36 −0 lib/bap_primus/bap_primus_generator_types.ml
  36. +116 −0 lib/bap_primus/bap_primus_infeasible.ml
  37. +274 −0 lib/bap_primus/bap_primus_interpreter.ml
  38. +44 −0 lib/bap_primus/bap_primus_interpreter.mli
  39. +72 −0 lib/bap_primus/bap_primus_iterator.ml
  40. +25 −0 lib/bap_primus/bap_primus_iterator.mli
  41. +111 −0 lib/bap_primus/bap_primus_linker.ml
  42. +33 −0 lib/bap_primus/bap_primus_linker.mli
  43. +1,273 −0 lib/bap_primus/bap_primus_lisp.ml
  44. +91 −0 lib/bap_primus/bap_primus_lisp.mli
  45. +197 −0 lib/bap_primus/bap_primus_machine.ml
  46. +22 −0 lib/bap_primus/bap_primus_machine.mli
  47. +165 −0 lib/bap_primus/bap_primus_memory.ml
  48. +30 −0 lib/bap_primus/bap_primus_memory.mli
  49. +36 −0 lib/bap_primus/bap_primus_observation.ml
  50. +17 −0 lib/bap_primus/bap_primus_observation.mli
  51. +156 −0 lib/bap_primus/bap_primus_random.ml
  52. +57 −0 lib/bap_primus/bap_primus_random.mli
  53. +156 −0 lib/bap_primus/bap_primus_scheduler.ml
  54. +20 −0 lib/bap_primus/bap_primus_sexp.ml
  55. +68 −0 lib/bap_primus/bap_primus_state.ml
  56. +28 −0 lib/bap_primus/bap_primus_state.mli
  57. +58 −0 lib/bap_primus/bap_primus_types.ml
  58. +65 −49 lib/bap_sema/bap_sema_taint.ml
  59. +11 −3 lib/bap_sema/bap_sema_taint.mli
  60. +7 −0 lib/bap_strings/bap_strings.ml
  61. +153 −0 lib/bap_strings/bap_strings_detector.ml
  62. +115 −0 lib/bap_strings/bap_strings_detector.mli
  63. +31 −0 lib/bap_strings/bap_strings_scanner.ml
  64. +22 −0 lib/bap_strings/bap_strings_scanner.mli
  65. +0 −1 plugins/beagle/beagle_trapper.ml → lib/bap_strings/bap_strings_unscrambler.ml
  66. +9 −3 plugins/beagle/beagle_trapper.mli → lib/bap_strings/bap_strings_unscrambler.mli
  67. +66 −64 lib/bap_types/bap_bili.ml
  68. +6 −22 lib/bap_types/bap_bili.mli
  69. +35 −0 lib/bap_types/bap_bili_types.ml
  70. +185 −173 lib/bap_types/bap_biri.ml
  71. +7 −37 lib/bap_types/bap_biri.mli
  72. +55 −0 lib/bap_types/bap_biri_types.ml
  73. +226 −200 lib/bap_types/bap_expi.ml
  74. +6 −32 lib/bap_types/bap_expi.mli
  75. +50 −0 lib/bap_types/bap_expi_types.ml
  76. +4 −3 lib/bap_types/bap_helpers.ml
  77. +14 −24 lib/bap_types/bap_ir.ml
  78. +1 −0 lib/bap_types/bap_ir.mli
  79. +30 −89 lib/bap_types/bap_monad.ml
  80. +3 −0 lib/bap_types/bap_monad.mli
  81. +19 −0 lib/bap_types/bap_ogre.ml
  82. +3 −3 lib/bap_types/bap_result.ml
  83. +3 −3 lib/bap_types/bap_result.mli
  84. +8 −3 lib/bap_types/bap_types.ml
  85. +38 −0 lib/beagle/beagle_prey.ml
  86. +35 −0 lib/beagle/beagle_prey.mli
  87. +2 −0 lib/microx/microx.ml
  88. +1 −0 lib/microx/microx_concretizer.ml
  89. +1 −0 lib/microx/microx_conqueror.ml
  90. +4 −0 lib/monads/monads.ml
  91. +954 −0 lib/monads/monads.mli
  92. +1,452 −0 lib/monads/monads_monad.ml
  93. +435 −0 lib/monads/monads_monad.mli
  94. +120 −0 lib/monads/monads_monoid.ml
  95. +44 −0 lib/monads/monads_monoid.mli
  96. +517 −0 lib/monads/monads_types.ml
  97. +805 −0 lib/ogre/ogre.ml
  98. +735 −0 lib/ogre/ogre.mli
  99. +5 −0 lib/x86_cpu/x86_cpu.mli
  100. +1 −2 lib_test/bap_disasm/test_disasm.ml
  101. +1 −1 oasis/api
  102. +7 −3 oasis/bap-std
  103. +11 −4 oasis/beagle
  104. +2 −2 oasis/common
  105. +1 −1 oasis/future
  106. +14 −0 oasis/monads
  107. +12 −0 oasis/ogre
  108. +31 −0 oasis/primus
  109. +16 −0 oasis/primus-lisp
  110. +1 −0 oasis/primus-lisp.files.ab.in
  111. +8 −0 oasis/primus-lisp.setup.ml.in
  112. +13 −0 oasis/primus_loader
  113. +13 −0 oasis/primus_x86
  114. +12 −0 oasis/run
  115. +14 −0 oasis/strings
  116. +18 −0 opam/opam
  117. +1 −0 plugins/api/api/c/android.h
  118. +1 −0 plugins/api/api/c/gnu.h
  119. 0 plugins/api/api/c/{posix → posix.h}
  120. +1 −0 plugins/api/api/c/windows.h
  121. +0 −1 plugins/api/resources
  122. +11 −1 plugins/arm/.merlin
  123. +1 −1 plugins/arm/arm_gnueabi.ml
  124. +6 −0 plugins/beagle/.merlin
  125. +193 −354 plugins/beagle/beagle_main.ml
  126. +1 −1 plugins/cxxfilt/cxxfilt_config.ml
  127. +1 −1 plugins/cxxfilt/cxxfilt_config.ml.ab
  128. +4 −6 plugins/frontc_parser/frontc_parser_main.ml
  129. +4 −0 plugins/primus_lisp/lisp/ascii.lisp
  130. +23 −0 plugins/primus_lisp/lisp/atoi.lisp
  131. 0 plugins/primus_lisp/lisp/char.lisp
  132. +85 −0 plugins/primus_lisp/lisp/getopt.lisp
  133. +37 −0 plugins/primus_lisp/lisp/init.lisp
  134. +29 −0 plugins/primus_lisp/lisp/libc-init.lisp
  135. +34 −0 plugins/primus_lisp/lisp/memory.lisp
  136. +65 −0 plugins/primus_lisp/lisp/pointers.lisp
  137. +3 −0 plugins/primus_lisp/lisp/posix.lisp
  138. +11 −0 plugins/primus_lisp/lisp/putchar.lisp
  139. +2 −0 plugins/primus_lisp/lisp/stdio.lisp
  140. +56 −0 plugins/primus_lisp/lisp/stdlib.lisp
  141. +94 −0 plugins/primus_lisp/lisp/string.lisp
  142. +11 −0 plugins/primus_lisp/lisp/types.lisp
  143. +1 −0 plugins/primus_lisp/primus_lisp_config.ml.ab
  144. +32 −0 plugins/primus_lisp/primus_lisp_main.ml
  145. +82 −0 plugins/primus_lisp/primus_lisp_primitives.ml
  146. 0 plugins/primus_lisp/primus_lisp_primitives.mli
  147. +4 −0 plugins/primus_loader/.merlin
  148. +188 −0 plugins/primus_loader/primus_loader_basic.ml
  149. +49 −0 plugins/primus_loader/primus_loader_basic.mli
  150. +11 −0 plugins/primus_loader/primus_loader_main.ml
  151. +22 −0 plugins/primus_x86/primus_x86_loader.ml
  152. +3 −0 plugins/primus_x86/primus_x86_main.ml
  153. +3 −2 plugins/propagate_taint/propagator.ml
  154. +3 −0 plugins/run/.merlin
  155. +121 −0 plugins/run/run_main.ml
  156. +2 −0 plugins/strings/.merlin
  157. +68 −0 plugins/strings/strings_main.ml
  158. +4 −4 plugins/x86/x86_abi.ml
  159. +2 −1 src/bap_cmdline_terms.ml
  160. +5 −0 src/bap_main.ml
  161. +5 −2 src/fsi_benchmark_main.ml
  162. +3 −2 src/func_start.ml
  163. +1 −1 testsuite
  164. +15 −14 tools/build_plugins.sh
View
@@ -1,5 +1,5 @@
FLG -short-paths
-FLG -w -4-33-40-41-42-43-34-44
+FLG -w +a-4-6-9-27-44-45-41-42-32-33-34-48
PKG core_kernel
PKG fileutils
@@ -20,6 +20,9 @@ B _build/lib/bap_plugins
B _build/lib/bap_sema
B _build/lib/bap_types
B _build/lib/graphlib
+B _build/lib/monads
+B _build/lib/ogre
+B _build/lib/primus
B _build/lib/bap_llvm
B _build/lib/regular
B _build/lib/text_tags
@@ -31,5 +34,9 @@ S lib/bap_future
S lib/bap_plugins
S lib/bap_bundle
S lib/bap_config
+S lib/bap_types
+S lib/monads
+S lib/primus
S lib/bap_llvm
+S lib/ogre
S ../core_kernel.113.33.00/src
View
@@ -39,7 +39,7 @@ let set_cf_data ~imm ~data =
if Word.(of_int ~width 255 >= imm && imm >= zero width) then
let width = Word.bitwidth data in
if Word.(Int_exn.(data land of_int ~width 0xf00) = zero width)
- then Bil.var Env.cf
+ then Bil.unknown "undefined" bool_t
else Bil.int Word.b0
else msb Bil.(int imm) in
Bil.move Env.cf value
View
@@ -12,4 +12,5 @@ module Std = struct
module Log = Bap_log
type project = Project.t
type event = Event.t = ..
+ module Monad = Legacy.Monad
end
Oops, something went wrong.

0 comments on commit 3fb406e

Please sign in to comment.