Dohyeong Kim

Projects

  1. dualslicing
  2. rewards

Dualslicing : dualslicing.tar.gz
How to use :

  1. dualslicing
  2. single-slicing

Current limitation :
  1. Current version assumes that all function calls uses call instruction. To ensure this, you need to compile binary with "-fno-optimize-sibling-calls".
  2. Current version does not go into dynamically loaded libraries. Current code uses models for libc functions but the models are not complete yet. To analyse libraries, you need to statically link the libraries into a binary.
  3. Current version starts analysis after execution enters main function. So you need a symbol information to start analysis.

How to use (dualslicing):
  1. Collect debugging information:
    $ pin -t ./libdebuginfo.so -- <executable>
  2. Collect CFG:
    $ pin -t ./libstuff.so -- <executable>
  3. Compute immediate post dominator:
    $ ./cfg
  4. Repeat step 2 and 3 until "CFG is VALID" message appears for both inputs
  5. Collect trace with first input:
    $ pin -t ./libstuff.so -- <executable>
  6. Store *.out flies into a directory:
    $ mv *.out <directory1>
  7. Copy malloc.out into current directory:
    $ cp <directory1>/malloc.out .
  8. Collect trace with second input:
    $ pin -t ./libstuff.so -- <executable>
  9. Store *.out flies into a directory:
    $ mv *.out <directory2>
  10. Select backward slicing criteria from <directory1>/__write.out and store it to a file, bcrit
    Example:
    file: __write.out 
    =================================================
fd: 12, size: 2, filename: SOCKET
l.
565e01 1
565dff 1
565dfc 1
565df9 1
l 6c: 80000000 4473
. 00: 80000000 4474
    file: bcrit 
    565e01 1
565dff 1
565dfc 1
565df9 1
80000000 4473
80000000 4474
  11. <optinoal> Select forward slicing critera from <directory1>/__read.out and store it to a file, fcrit
  12. Run analysis:
    $ ./analysis <directory1> <directory2>
  13. Anlysis output:
    • <directory1>/<directory2>.dump_slice shows all dualslices and dependency informations.
    • <directory1>/<directory2>.xxx shows dualslices for each function.
    • <directory1>/<directory2>.callgraph.dat.dot shows callgraph of dualslices. (blue node: execution difference, yellow node: value difference)
How to use (single-slicing):
  1. Collect debugging information:
    $ pin -t ./libdebuginfo.so -- <executable>
  2. Collect CFG:
    $ pin -t ./libstuff.so -- <executable>
  3. Compute immediate post dominator:
    $ ./cfg
  4. Repeat step 2 and 3 until "CFG is VALID" message appears
  5. Collect trace:
    $ pin -t ./libstuff.so -- <executable>
  6. Store *.out flies into a directory:
    $ mv *.out <directory>
  7. Select backward slicing criteria from <directory>/__write.out and store it to a file, bcrit
    Example:
    file: __write.out 
    =================================================
fd: 12, size: 2, filename: SOCKET
l.
565e01 1
565dff 1
565dfc 1
565df9 1
l 6c: 80000000 4473
. 00: 80000000 4474
    file: bcrit 
    565e01 1
565dff 1
565dfc 1
565df9 1
80000000 4473
80000000 4474
  8. <optinoal> Select forward slicing critera from <directory>/__read.out and store it to a file, fcrit
  9. Run analysis:
    $ ./analysis <directory>
  10. Anlysis output:
    • <directory>/<directory>.dump_slice shows all slices and dependency informations.
    • <directory>/<directory>.xxx shows slices for each function.
    • <directory>/<directory>.callgraph.dat.dot shows callgraph of slices. (blue node: function with slices, white node: function without slices)

REWARDS : REWARDS-130520.zip
Find REWARDS_README in the zip file.