Skip to content

GitLab

Commit 20e13fbb authored by Alexander Schaub's avatar Alexander Schaub
Browse files
Options

The \SECRET value is now correctly handled as a dependency of a dereferenced pointer.

parent b0ed577b
Hide whitespace changes
Inline Side-by-side
Showing with 38 additions and 14 deletions
stanalysis/dependencygraph.py
View file @ 20e13fbb
......@@ -96,7 +96,7 @@ class DependencyGraph(XmlExportMixin):
# has been finalized
self.dependency_set = {} # type: Dict[Variable, Set["DependencyGraph.GraphLink"]]
# Used as a cache
self.pointed_set = {} # type: Dict[Tuple[Variable, bool], Set[Variable]]
self.pointed_set = {} # type: Dict[Tuple[Variable, bool], Set[Tuple[Variable, Tuple[str]]]]
self.modifiable = True
self.verbosity = verbosity
......@@ -399,11 +399,11 @@ class DependencyGraph(XmlExportMixin):
# if indirection is None and new_to_explore:
# raise ValueError("Could not determine the indirection for the base variable of %s " % str(v))
to_explore = {variable.get_member(member_name, self.structs, "") for variable in new_to_explore}
to_explore = {variable[0].get_member(member_name, self.structs, "") for variable in new_to_explore}
return to_explore
def breadth_first_search(self, starting_v: Set[Variable], max_depth: int, writing: bool = True) -> Set[Variable]:
def breadth_first_search(self, starting_v: Set[Variable], max_depth: int, writing: bool = True) -> Set[Tuple[Variable, Tuple[str]]]:
"""Perform a breadth_first search in the pointer graph, starting from `starting_v`, for a
depth of `max_depth`.
......@@ -424,23 +424,26 @@ class DependencyGraph(XmlExportMixin):
for var in starting_v:
for i in range(1, -max_depth + 1):
self.pointer_graph[var.indirect(i)] = {var.indirect(i - 1): []}
return {var.indirect(-max_depth) for var in starting_v}
return {(var.indirect(-max_depth), ()) for var in starting_v}
extra_dependencies = set()
extra_dependencies = set() # type: Set[Tuple[Variable, Tuple[str]]]
for _ in range(max_depth):
new_to_explore.clear()
for v in to_explore:
new_to_explore.update(self.pointer_graph.get(v, {}).keys())
if not writing:
extra_dependencies.update(self.value_dependencies.get(v, {}).keys())
extra_dependencies.update([
(v, tuple(deps))
for v, deps in self.value_dependencies.get(v, {}).items()
])
to_explore.clear()
to_explore.update(new_to_explore)
return to_explore.union(extra_dependencies)
return {(v, ()) for v in to_explore}.union(extra_dependencies)
def get_pointed_variables(self, v: Variable, writing: bool = True) -> Set[Variable]:
def get_pointed_variables(self, v: Variable, writing: bool = True) -> Set[Tuple[Variable, Tuple[str]]]:
"""Returns the variables that correspond to v in the dependency graph
Because of pointer aliasing, and array operations, this might not be
`v` (there might be other variables, for example for arrays), or the set might
......@@ -473,10 +476,15 @@ class DependencyGraph(XmlExportMixin):
self.pointed_set[(v, writing)].update(res)
return self.pointed_set[(v, writing)]
def get_pointed_list_of_variables(self, it: Iterable[Variable], writing=True):
def get_pointed_list_of_variables(self, it: Iterable[Variable], writing=True) -> Set[Variable]:
"""Utility function to get the set of of variables that point to any of the variables
in the iterable `it`."""
return set(itertools.chain(*[self.get_pointed_variables(d, writing) for d in it]))
res = set()
for var in it:
res.update({
t[0] for t in self.get_pointed_variables(var, writing)
})
return res
def _get_extra_dependencies(self, variable: Variable, depends_on: Iterable[Variable], coords: Union[Coord, str]):
"""Returns the extra dependencies, in terms of pointer graph and value dependencies,
......@@ -491,7 +499,7 @@ class DependencyGraph(XmlExportMixin):
coords = str(coords)
dependencies = self.get_pointed_list_of_variables(depends_on, writing=False)
logger.debug("Dependencies: %s", dependencies)
for v in self.get_pointed_variables(variable, writing=True):
for v, _ in self.get_pointed_variables(variable, writing=True):
if not dependencies:
if v.indirection == 0:
res_value_dependencies.setdefault(v, {})
......@@ -662,7 +670,9 @@ class DependencyGraph(XmlExportMixin):
raise RuntimeError("Asking for non-existent variable %s on non-modifiable graph." % str(v))
res = set()
if v.name not in self.ignored_variable_names:
for variable in self.get_pointed_variables(v, writing=False):
for variable, deps in self.get_pointed_variables(v, writing=False):
if variable.secret:
res.add(DependencyGraph.GraphLink(variable=variable, coords=tuple(deps)))
for pointer in self.pointer_graph.get(variable, {}):
res.add(DependencyGraph.GraphLink(variable=+pointer,
coords=tuple(self.pointer_graph[variable][pointer])))
......@@ -754,7 +764,7 @@ class DependencyGraph(XmlExportMixin):
del self.pointed_set[(key, writing)]
else:
self.pointed_set[(key, writing)] =\
set(filter(lambda var: var.scope <= local_scope, self.pointed_set[(key, writing)]))
set(filter(lambda var: var[0].scope <= local_scope, self.pointed_set[(key, writing)]))
# Update the dependency set
self.dependency_set.clear()
......
tests/leakageanalysis_unittest.py
View file @ 20e13fbb
......@@ -1458,7 +1458,21 @@ class LeakageAnalysisPointerArithmeticTest(LeakageAnalysisTests):
int *ptr;
int res = *(ptr+secret);"""
with self.assertWarnsRegex(LeakageWarning, r'Leakage of secret'):
(_, state, _) = self.helper_test_text(me.__doc__)
(_, state, d) = self.helper_test_text(me.__doc__)
@passmein
def test_simple_test2(self, me):
""" int s = 1;
#pragma STA secret s
int *ptr;
ptr += s;
if (*ptr) { return 1;}
return 0;
"""
with self.assertWarnsRegex(LeakageWarning, r'Leakage of &ptr'):
(_, state, d) = self.helper_test_text(me.__doc__)
G = state.dependency_graph
self.assertSecret({-d["ptr"]}, G)
class LeakageAnalysisGlobalsTest(LeakageAnalysisTests):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment