Merge branch 'referred-string' into 'main'

Give one data_object_point for referred string Closes debloating/dykondo#154 See merge request rewriting/ddisasm!1232
GrammaTech · Dec 11, 2024 · 5bd3870 · 5bd3870
2 parents 974c253 + 54ab213
commit 5bd3870
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -27,6 +27,7 @@
 * Generate alignments for function entry blocks depending on address
 * Fix bug that could result in missed symbolic expressions
   (`symbol_minus_symbol`) in LEA
+* Fix bug that could result in false-positive symbolic data conflicting with real strings
 
 # 1.9.0
 

diff --git a/examples/asm_examples/ex_referred_string/Makefile b/examples/asm_examples/ex_referred_string/Makefile
@@ -0,0 +1,10 @@
+
+all: ex_original.s
+	gcc ex_original.s -no-pie -Wl,-Ttext=0x512350 -o ex
+	@ ./ex > out.txt
+clean:
+	rm -f ex out.txt ex.gtirb
+	rm -fr ex.unstripped ex.s *.old*  dl_files *.gtirb
+check:
+	@ ./ex > /tmp/res.txt
+	@ diff out.txt /tmp/res.txt && echo TEST OK
diff --git a/examples/asm_examples/ex_referred_string/ex_original.s b/examples/asm_examples/ex_referred_string/ex_original.s
@@ -0,0 +1,37 @@
+    .text
+
+    .globl  main
+    .type   main, @function
+main:
+.LFB6:
+    pushq   %rbp
+    movq    %rsp, %rbp
+	movl	$mystring, %edi
+	call	puts
+    movl    $0, %eax
+    popq    %rbp
+    ret
+
+.LFE6:
+    .size    main, .-main
+
+.align 8
+    .data
+
+    .quad mydata
+    .zero 8
+    # 0x512350 happens to be the address of `_start` (see the Makefile).
+    # This example is to test that this address is not symbolized as `_start`
+    # This program is supposed to print out "#Q".
+    # If this address is symbolized as `_start`,
+    # it will print out something else.
+    .ascii "P"   # 0x50
+mystring:
+    .string "#Q" # 0x23 0x51
+    .byte 0x0
+    .byte 0x0
+    .byte 0x0
+    .byte 0x0
+
+mydata:
+    .zero 16
diff --git a/src/datalog/symbolization.dl b/src/datalog/symbolization.dl
@@ -821,6 +821,12 @@ data_object_point(EA,Size,"string",-2,"string in jump table"):-
     preferred_data_access(EA,_,EA_ref),
     jump_table_start(_,_,EA_ref,_,_).
 
+data_object_point(EA,Size,"string",1,"string that has reference"):-
+    data_object_candidate(EA,Size,"string"),
+    may_have_symbolic_immediate(Code,EA),
+    code(Code),
+    data_limit(EA).
+
 // data access negative heuristic
 data_object_point(EA,Size,"other",4,"data access"):-
     data_object_candidate(EA,Size,"other"),

diff --git a/tests/linux-elf-x64.yaml b/tests/linux-elf-x64.yaml
@@ -524,6 +524,9 @@ tests:
       <<: *default-test
       cfg_checks: []
 
+  - name: ex_referred_string
+    <<: *assembly
+
   # ----------------------------------------------------------------------------
   # Assembly examples. (stripped)
   # ----------------------------------------------------------------------------
@@ -624,6 +627,10 @@ tests:
       <<: *default-test
       cfg_checks: []
 
+  - name: ex_referred_string
+    <<: *assembly
+    <<: *test-strip-default
+
   # ----------------------------------------------------------------------------
   # Relocatable ELF objects (.o).
   # ----------------------------------------------------------------------------