def generate_jobs(self): for id in self.indexes: print id,self.l[id] base=self.count_fix_params() offset=self.count_va_arg_order_num() call_info_index=self.indexes[0]-1 arg_pos=base+offset-1 print arg_pos print self.i print self.l[self.i] self.TG.linkInnerEdges(self.i,call_info_index,self.argptr_name+"["+str(offset-1)+"]") taintvar=TaintVar(self.argptr_name+"["+str(offset-1)+"]",[]) #this may cause it have access pattern:'*' taintvar.p=[]#remove it ('*') return [TaintJob(call_info_index,taintvar,arg_pos)]
def findAllReferences(self, var, indexrange, left_propa): visited=set() pairs=set() if indexrange==[]:return [] indexrange.sort() V=set([(indexrange[0],var,left_propa,0,len(indexrange))]) if left_propa: for temp_lb in range(0,len(indexrange)): temp_index=indexrange[temp_lb] print var.pointerStr() print temp_index,self.l[temp_index] m=re.search(r'(?<![A-Za-z0-9_])'+var.pointerStr()+r"\s*=(?!=)",self.l[temp_index].codestr) if m: result=Syntax.isPossibleArgumentDefinition(self.l[temp_index],var) leftpart=m.group()[:-1].strip() rfl,pat=var.matchAccessPattern(leftpart) if rfl>0 or result is not None: lb=temp_lb+1 else: lb=temp_lb V=set([(indexrange[0],var,left_propa,0,lb)]) break count=0 while len(V)>0: A=set() for index,v,left_p,upperbound,lowerbound in V: #if not v.pointerStr():continue #lp=Syntax.left_ref_propagate_pattern(v) rp=Syntax.right_ref_propagate_pattern(v) print "Continue Check bellow the first found assignment:",self.l[index] for idx in range(upperbound,lowerbound): aIndex=indexrange[idx] if left_p and aIndex<index: print "pass(accelerate)",v.simple_access_str() elif aIndex in visited: print "pass(accelerate)",v.simple_access_str() elif re.search(r"[^=]=[^=]",self.l[aIndex].codestr) is None: print "pass",v.simple_access_str() visited.add(aIndex) else: print "Line Under Check:",self.l[aIndex] if "&hdr;" in self.l[aIndex].codestr: print "Find IT!" match=self.isLeftPropagate(v,self.l[aIndex].codestr) if match is not None: m_left_propgate=match print "find left propagate:",self.l[aIndex] array=m_left_propgate.group().split("=") leftpart=array[0].split()[-1].lstrip("*") rightpart=array[1].strip() rightvar=rightpart.rstrip(";").strip() if rightvar[0]=="(": stack=[] i=1 while i<len(rightvar): if rightvar[i]=="(": stack.append("(") elif rightvar[i]==")": if len(stack)>0: stack.pop() else: rightvar=rightvar[i+1:].strip().lstrip("(").rstrip(")").strip() break i+=1 rfl,pat=v.matchAccessPattern(rightvar) if "*"==pat[-1] or "->" in pat[-1] and aIndex>index: if rfl<=0:rfl=1 q=TaintVar(leftpart,pat,rfl,True)#Note that we should take ref_len in to consideration. lb=lowerbound if idx+1<lowerbound: for temp_lb in range(idx+1,lowerbound): temp_index=indexrange[temp_lb] print v.pointerStr() print q.pointerStr() print temp_index,self.l[temp_index] if re.search(q.pointerStr()+r"\s*[^=]=[^=]",self.l[temp_index].codestr): result=Syntax.isPossibleArgumentDefinition(self.l[temp_index],q) if result is not None: lb=temp_lb+1 else: lb=temp_lb break pairs.add((aIndex,q,True,idx+1,lb)) A.add((aIndex,q,True,idx+1,lb)) visited.add(aIndex) elif rp: print rp m_right_propgate=re.search(rp,self.l[aIndex].codestr) if m_right_propgate: array=m_right_propgate.group().split("=") leftpart=array[0].strip() rightpart=array[1].strip() rightvar=rightpart.rstrip(";").strip() rfl,pat=v.matchAccessPattern(leftpart) # BUG if look downward if rfl==0: print "HEY" if left_p and rfl>0:#v is KILLED here! Skip the following index range, and inform other left propagation lowerbound=indexrange.index(aIndex) #Stop find other references #Because it's killed here. LOWER statements that use it is meaningless break if "*"==pat[-1] or "->" in pat[-1] and aIndex>=index: if rfl<=0:rfl=1 q=TaintVar(rightvar,pat,rfl,True)#Note that we should take ref_len in to consideration. print aIndex,self.l[aIndex] print q print v pairs.add((aIndex,q,False,upperbound,lowerbound)) A.add((aIndex,q,False,upperbound,lowerbound)) visited.add(aIndex) count+=1 V=A pairs=list(pairs) print "refrences list-------" for pair in pairs: print pair[0],pair[1],pair[2],pair[3],pair[4] pairs.sort(lambda x,y:cmp(x[0],y[0])) return pairs