def clang(
bc_path,
cpp_path,
include_flags=None,
define_flags=None,
machine_flags=None,
colors=True,
):
cmd = [settings.clang()]
cmd += clang_emit_llvm_flags()
cmd += clang_ikos_flags()
cmd += [cpp_path, '-o', bc_path]
# For #include <ikos/analyzer/intrinsic.hpp>
cmd += ['-isystem', settings.INCLUDE_DIR]
if include_flags:
cmd += ['-I%s' % i for i in include_flags]
if define_flags:
cmd += ['-D%s' % d for d in define_flags]
if machine_flags:
cmd += ['-m%s' % m for m in machine_flags]
if colors:
cmd.append('-fcolor-diagnostics')
else:
cmd.append('-fno-color-diagnostics')
if cpp_path.endswith('.cpp'):
cmd.append('-std=c++17') # available because clang >= 7.0
log.info('Compiling %s' % cpp_path)
log.debug('Running %s' % command_string(cmd))
subprocess.check_call(cmd)
def scan_main(argv):
# parse arguments
opt = scan_parse_arguments(argv[1:])
# setup colors and logging
colors.setup(opt.color, file=log.out)
log.setup(opt.log_level)
# scan server
server = ScanServer()
server.daemon = True
server.start()
# setup environment variables
os.environ['IKOS_SCAN_COLOR'] = 'yes' if colors.ENABLE else 'no'
os.environ['IKOS_SCAN_LOG_LEVEL'] = opt.log_level
os.environ['IKOS_SCAN_SERVER'] = 'http://localhost:%d' % server.port
os.environ['PATH'] += os.path.pathsep + settings.BIN_DIR
os.environ['CC'] = 'ikos-scan-cc'
os.environ['CXX'] = 'ikos-scan-c++'
os.environ['LD'] = 'ikos-scan-cc'
# add -e to make commands, to avoid makefiles overriding CC/CXX/LD
if os.path.basename(opt.args[0]) in ('make', 'gmake'):
opt.args.insert(1, '-e')
# run the build command
rc = run(opt.args)
# stop the scan server
server.cancel()
server.join()
# skip binaries that have been removed
binaries = [binary for binary in server.binaries
if os.path.exists(binary['exe_path'])]
if not binaries:
printf('Nothing to analyze.\n')
# analyze each binary
for binary in binaries:
exe_path = os.path.relpath(binary['exe_path'])
bc_path = os.path.relpath(binary['bc_path'])
printf('Analyze %s? [Y/n] ', colors.bold(exe_path))
answer = sys.stdin.readline().strip().lower()
if answer in ('', 'y', 'yes'):
cmd = ['ikos', bc_path, '-o', '%s.db' % exe_path]
log.info('Running %s' % colors.bold(command_string(cmd)))
cmd = [sys.executable,
settings.ikos(),
bc_path,
'-o',
'%s.db' % exe_path,
'--color=%s' % opt.color,
'--log=%s' % opt.log_level]
run(cmd)
def ikos_pp(pp_path, bc_path, entry_points, opt_level, inline_all, verify):
cmd = [settings.ikos_pp(),
'-opt=%s' % opt_level,
'-entry-points=%s' % ','.join(entry_points)]
if inline_all:
cmd.append('-inline-all')
if not verify:
cmd.append('-disable-verify')
cmd += [bc_path, '-o', pp_path]
log.info('Running ikos preprocessor')
log.debug('Running %s' % command_string(cmd))
subprocess.check_call(cmd)
def ikos_pp(pp_path, bc_path, entry_points, opt_level, inline_all, verify):
if opt_level == 'aggressive':
log.warning('Using aggressive optimizations is not recommended')
log.warning('The translation from LLVM bitcode to AR might fail')
cmd = [settings.ikos_pp(),
'-opt=%s' % opt_level,
'-entry-points=%s' % ','.join(entry_points)]
if inline_all:
cmd.append('-inline-all')
if not verify:
cmd.append('-no-verify')
cmd += [bc_path, '-o', pp_path]
log.info('Running ikos preprocessor')
log.debug('Running %s' % command_string(cmd))
subprocess.check_call(cmd)
def create_working_directory(wd=None, save=False):
''' Create a temporary working directory '''
if not wd:
wd = tempfile.mkdtemp(prefix='ikos-')
if not os.path.exists(wd):
try:
os.makedirs(wd)
except OSError as e:
printf('error: %s: %s\n', wd, e.strerror, file=sys.stderr)
sys.exit(1)
if not os.path.isdir(wd):
printf('error: %s: Not a directory\n', wd, file=sys.stderr)
sys.exit(1)
if not save:
atexit.register(shutil.rmtree, path=wd)
else:
log.info('Temporary files will be kept in directory: %s' % wd)
return wd
def clang(bc_path, cpp_path, colors=True):
cmd = [settings.clang(),
'-c',
'-emit-llvm',
'-g',
'-D_FORTIFY_SOURCE=0',
'-Wall',
cpp_path,
'-o', bc_path]
# For #include <ikos/analyzer/intrinsic.hpp>
cmd += ['-isystem', settings.INCLUDE_DIR]
if colors:
cmd.append('-fcolor-diagnostics')
else:
cmd.append('-fno-color-diagnostics')
if cpp_path.endswith('.cpp'):
cmd.append('-std=c++14') # available because clang >= 4.0
log.info('Compiling %s' % cpp_path)
log.debug('Running %s' % command_string(cmd))
subprocess.check_call(cmd)
def ikos_analyzer(db_path, pp_path, opt):
if settings.BUILD_MODE == 'Debug':
log.warning('ikos was built in debug mode, the analysis might be slow')
# Fix huge slow down when ikos-analyzer uses DROP TABLE on an existing db
if os.path.isfile(db_path):
os.remove(db_path)
cmd = [settings.ikos_analyzer()]
# analysis options
cmd += [
'-a=%s' % ','.join(opt.analyses),
'-d=%s' % opt.domain,
'-entry-points=%s' % ','.join(opt.entry_points),
'-globals-init=%s' % opt.globals_init,
'-proc=%s' % opt.procedural,
'-j=%d' % opt.jobs,
'-widening-strategy=%s' % opt.widening_strategy,
'-widening-delay=%d' % opt.widening_delay,
'-widening-period=%d' % opt.widening_period
]
if opt.narrowing_strategy == 'auto':
if opt.domain in domains_without_narrowing:
cmd.append('-narrowing-strategy=meet')
else:
cmd.append('-narrowing-strategy=narrow')
else:
cmd.append('-narrowing-strategy=%s' % opt.narrowing_strategy)
if opt.narrowing_iterations is not None:
cmd.append('-narrowing-iterations=%d' % opt.narrowing_iterations)
elif (opt.narrowing_strategy == 'auto'
and opt.domain in domains_without_narrowing):
cmd.append('-narrowing-iterations=%d' %
args.meet_iterations_if_no_narrowing)
if opt.widening_delay_functions:
cmd.append('-widening-delay-functions=%s' %
','.join(opt.widening_delay_functions))
if opt.no_init_globals:
cmd.append('-no-init-globals=%s' % ','.join(opt.no_init_globals))
if opt.no_liveness:
cmd.append('-no-liveness')
if opt.no_pointer:
cmd.append('-no-pointer')
if opt.no_widening_hints:
cmd.append('-no-widening-hints')
if opt.partitioning != 'no':
cmd.append('-enable-partitioning-domain')
if opt.no_fixpoint_cache:
cmd.append('-no-fixpoint-cache')
if opt.no_checks:
cmd.append('-no-checks')
if opt.hardware_addresses:
cmd.append('-hardware-addresses=%s' % ','.join(opt.hardware_addresses))
if opt.hardware_addresses_file:
cmd.append('-hardware-addresses-file=%s' % opt.hardware_addresses_file)
if opt.argc is not None:
cmd.append('-argc=%d' % opt.argc)
# import options
cmd.append('-allow-dbg-mismatch')
if opt.no_bc_verify:
cmd.append('-no-verify')
if opt.no_libc:
cmd.append('-no-libc')
if opt.no_libcpp:
cmd.append('-no-libcpp')
if opt.no_libikos:
cmd.append('-no-libikos')
# AR passes options
if opt.no_type_check:
cmd.append('-no-type-check')
if opt.no_simplify_cfg:
cmd.append('-no-simplify-cfg')
if opt.no_simplify_upcast_comparison:
cmd.append('-no-simplify-upcast-comparison')
if 'gauge' in opt.domain:
cmd.append('-add-loop-counters')
if opt.partitioning == 'return':
cmd.append('-add-partitioning-variables')
# debug options
cmd += [
'-display-checks=%s' % opt.display_checks,
'-display-inv=%s' % opt.display_inv
]
if opt.display_ar:
cmd.append('-display-ar')
if opt.display_liveness:
cmd.append('-display-liveness')
if opt.display_function_pointer:
cmd.append('-display-function-pointer')
if opt.display_pointer:
cmd.append('-display-pointer')
if opt.display_fixpoint_parameters:
cmd.append('-display-fixpoint-parameters')
if opt.generate_dot:
cmd += ['-generate-dot', '-generate-dot-dir', opt.generate_dot_dir]
# add -name-values if necessary
if (opt.display_checks in ('all', 'fail')
or opt.display_inv in ('all', 'fail') or opt.display_liveness
or opt.display_fixpoint_parameters or opt.display_function_pointer
or opt.display_pointer or opt.display_raw_checks):
cmd.append('-name-values')
# misc. options
if opt.color == 'yes':
cmd.append('-color=1')
elif opt.color == 'no':
cmd.append('-color=0')
cmd.append('-log=%s' % opt.log_level)
cmd.append('-progress=%s' % opt.progress)
# input/output
cmd += [pp_path, '-o', db_path]
# set resource limit, if requested
if opt.mem:
import resource # fails on Windows
def set_limits():
mem_bytes = opt.mem * 1024 * 1024
resource.setrlimit(resource.RLIMIT_AS, [mem_bytes, mem_bytes])
else:
set_limits = None
# called after timeout
def kill(p):
try:
log.error('Timeout')
p.send_signal(signal.SIGALRM)
except OSError:
pass
log.info('Running ikos analyzer')
log.debug('Running %s' % command_string(cmd))
p = subprocess.Popen(cmd, preexec_fn=set_limits)
timer = threading.Timer(opt.cpu, kill, [p])
if opt.cpu:
timer.start()
try:
if sys.platform.startswith('win'):
return_status = p.wait()
else:
_, return_status = os.waitpid(p.pid, 0)
finally:
# kill the timer if the process has terminated already
if timer.isAlive():
timer.cancel()
# special case for Windows, since it does not define WIFEXITED & co.
if sys.platform.startswith('win'):
if return_status != 0:
raise AnalyzerError('a run-time error occurred', cmd,
return_status)
else:
return
# if it did not terminate properly, propagate this error code
if os.WIFEXITED(return_status) and os.WEXITSTATUS(return_status) != 0:
exit_status = os.WEXITSTATUS(return_status)
raise AnalyzerError('a run-time error occurred', cmd, exit_status)
if os.WIFSIGNALED(return_status):
signum = os.WTERMSIG(return_status)
raise AnalyzerError('exited with signal %s' % signal_name(signum), cmd,
signum)
if os.WIFSTOPPED(return_status):
signum = os.WSTOPSIG(return_status)
raise AnalyzerError('exited with signal %d' % signal_name(signum), cmd,
signum)
def display_llvm(pp_path):
log.info('Printing LLVM')
cmd = [settings.opt(), '-S', pp_path]
subprocess.check_call(cmd)
def serve(self):
log.info("Pre-processing...")
self.report.pre_process()
log.info("Starting ikos-view at http://localhost:%d" % self.port)
log.warning("Use Ctrl-C to exit")
self.httpd.serve_forever()
def ikos_analyzer(db_path, pp_path, opt):
# Fix huge slow down when ikos-analyzer uses DROP TABLE on an existing db
if os.path.isfile(db_path):
os.remove(db_path)
cmd = [settings.ikos_analyzer()]
# analysis options
cmd += ['-a=%s' % ','.join(opt.analyses),
'-d=%s' % opt.domain,
'-entry-points=%s' % ','.join(opt.entry_points),
'-globals-init=%s' % opt.globals_init,
'-prec=%s' % opt.precision_level,
'-proc=%s' % opt.procedural]
if opt.no_init_globals:
cmd.append('-no-init-globals=%s' % ','.join(opt.no_init_globals))
if opt.no_liveness:
cmd.append('-no-liveness')
if opt.no_pointer:
cmd.append('-no-pointer')
if opt.no_fixpoint_profiles:
cmd.append('-no-fixpoint-profiles')
if opt.hardware_addresses:
cmd.append('-hardware-addresses=%s' % ','.join(opt.hardware_addresses))
if opt.hardware_addresses_file:
cmd.append('-hardware-addresses-file=%s' % opt.hardware_addresses_file)
if opt.argc is not None:
cmd.append('-argc=%d' % opt.argc)
# import options
if opt.no_libc:
cmd.append('-no-libc')
if opt.no_libcpp:
cmd.append('-no-libcpp')
if opt.no_libikos:
cmd.append('-no-libikos')
# add -allow-dbg-mismatch if necessary
if opt.opt_level == 'aggressive':
cmd.append('-allow-dbg-mismatch')
# AR passes options
if opt.disable_type_check:
cmd.append('-disable-type-check')
if opt.no_simplify_cfg:
cmd.append('-no-simplify-cfg')
if opt.no_simplify_upcast_comparison:
cmd.append('-no-simplify-upcast-comparison')
if 'gauge' in opt.domain:
cmd.append('-add-loop-counters')
# debug options
cmd += ['-display-checks=%s' % opt.display_checks,
'-display-inv=%s' % opt.display_inv]
if opt.display_ar:
cmd.append('-display-ar')
if opt.display_liveness:
cmd.append('-display-liveness')
if opt.display_function_pointer:
cmd.append('-display-function-pointer')
if opt.display_pointer:
cmd.append('-display-pointer')
if opt.display_fixpoint_profiles:
cmd.append('-display-fixpoint-profiles')
if opt.generate_dot:
cmd += ['-generate-dot', '-generate-dot-dir', opt.generate_dot_dir]
# add -name-values if necessary
if (opt.display_checks in ('all', 'fail') or
opt.display_inv in ('all', 'fail') or
opt.display_liveness or
opt.display_fixpoint_profiles or
opt.display_function_pointer or
opt.display_pointer or
opt.display_raw_checks):
cmd.append('-name-values')
# misc. options
cmd += ['-color=%s' % opt.color,
'-log=%s' % opt.log_level]
# input/output
cmd += [pp_path, '-o', db_path]
# set resource limit
def set_limits():
if opt.mem > 0:
mem_bytes = opt.mem * 1024 * 1024
resource.setrlimit(resource.RLIMIT_AS, [mem_bytes, mem_bytes])
# called after timeout
def kill(p):
try:
log.error('Timeout')
p.terminate()
p.kill()
p.wait()
except OSError:
pass
log.info('Running ikos analyzer')
log.debug('Running %s' % command_string(cmd))
p = subprocess.Popen(cmd, preexec_fn=set_limits)
timer = threading.Timer(opt.cpu, kill, [p])
if opt.cpu > 0:
timer.start()
try:
pid, return_status, ru_child = os.wait4(p.pid, 0)
finally:
# kill the timer if the process has terminated already
if timer.isAlive():
timer.cancel()
# if it did not terminate properly, propagate this error code
if os.WIFEXITED(return_status) and os.WEXITSTATUS(return_status) != 0:
exit_status = os.WEXITSTATUS(return_status)
raise AnalyzerError('a run-time error occured', cmd, exit_status)
if os.WIFSIGNALED(return_status):
signal = os.WTERMSIG(return_status)
raise AnalyzerError('exited with signal %d' % signal, cmd, signal)
if os.WIFSTOPPED(return_status):
signal = os.WSTOPSIG(return_status)
raise AnalyzerError('exited with signal %d' % signal, cmd, signal)
