Assignment 3
$tree Assignment-3
├── Assignment-3-Helper.cpp
├── Assignment-3.cpp
├── Assignment-3.h
├── CMakeLists.txt
└── Tests
├── CMakeLists.txt
├── ae
│ ├── test1.c
│ ├── test1.ll
│ ├── test2.c
│ ├── test2.ll
│ ├── test3.c
│ ├── test3.ll
│ ├── test4.c
│ ├── test4.ll
│ ├── test5.c
│ ├── test5.ll
│ ├── test6.c
│ └── test6.ll
├── buf
│ ├── test1.c
│ ├── test1.ll
│ ├── test2.c
│ └── test2.ll
└── test-ae.cpp
* Before coding, please type cd $HOME/Software-Security-Analysis and git pull in your terminal to make sure you always have the latest version of the code template before each assignment.
Make sure to switch your program to assign-3 before coding.
- Implement
bufOverflowDetection,handleCycle,updateStateOnCopy,updateStateOnStore,updateStateOnLoad,updateStateOnGepmethods of classAbsExeinAssignment-3.cpp - Run
ctest -R ass3 -VVPass the test without any assertion bytest-ae.cpp. - Submit
Assignment-3.cppto UNSWWebCMSorgive. Your implementation will be evaluated against our internal tests. You will get full marks if your code can pass them all. Unfortunately, our internal tests are publicly unavailable. Here, we only provided limited test cases 3 test cases underAssignment-3/Tests/testcases. You are encouraged to add more test cases by yourself to validate the correctness of your implementation.
*You will be working on Assignment-3.cpp only and there is NO need to modify other files under the Assignment-3 folder
SVF AE APIs to help with your implementation SVF AE API.
In Assignment-3.cpp, we provide implementations for functions such as updateStateOnAddr and updateStateOnCopy. These functions translate SVF Statements, including AddrStmt, BinaryOpStmt, CmpStmt, LoadStmt, etc.
Your task is to implement StoreStmt and GepStmt. The updateStateOnStore function should store the RHS value at the memory address corresponding to the LHS value in AbstractState which is from calling getAbsState. Note that the RHS variable can be either IntervalValue or AddressValue.
The updateStateOnGep function aims to compute the virtual address by adding an offset to the base pointer and then store the updated state in LHS value in AbstractState which is from calling getAbsState.
The handleCycle function needs enhancements to include widening and narrowing logic. This will enable the function to handle large loop bounds efficiently (e.g., for i = 0; i < 10000; ++i), allowing it to exit the loop after several iterations and determine the correct value of i.
This task involves implementing the function bufOverflowDetection. This function takes an SVFStmt as input. If the statement is an AddrStmt, it indicates a pointer, array, or variable memory allocation point. You need to record the effective byte size of the VarID in obj2size. If it is a GepStmt, it means that there is an attempt to access an offset of a pointer or array. At this point, you must update the record in obj2size to adjust the effective byte size of the VarID.
It is important to note that a buffer overflow bug may occur during a GepStmt. For example:
int arr[5];
arr[10] = 1;
A buffer overflow might also emerge after multiple GepStmts, such as:
int arr[5];
int* ptr = arr + 3;
ptr[4] = 1;
Therefore, each GepStmt must be checked to ensure that the RHS variable's effective length still supports the current offset. If a bug is detected, an Assign3Exception should be thrown.
1. launch.json
You need to set the "program" to be the executable file of Assignment 3, i.e., "${workspaceFolder}/bin/assign-3" in
launch.json in order to run and debug
If you want to see the value of AbstractValue, you can call toString() to print the value (either IntervalValue or AddressValue).
int main() {
AbstractValue a = IntervalValue(1, 1);
std::cout << a.toString() << std::end;
}