1. 查看LLVM IR

使用LLVM的编译流程:源码 -> AST -> LLVM IR (.ll)-> LLVM Bitcode (.bc) -> ASM -> Native

  • llvm-as:把LLVM IR从人类能看懂的文本格式汇编成二进制格式。注意:此处得到的不是目标平台的机器码。
  • llvm-disllvm-as的逆过程,即反汇编。 不过这里的反汇编的对象是LLVM IR的二进制格式,而不是机器码。
  • opt:优化LLVM IR。输出新的LLVM IR。
  • llc:把LLVM IR编译成汇编码。需要用as进一步得到机器码。
  • lli:解释执行LLVM IR
Read more »

1. Maple IR前端

Maple IR是方舟编译器的中间表示语言,设计原则是尽可能多的保留源文件的信息,其中信息包括声明部分(符号表)和代码部分。Maple IR是平台无关的,不依赖任何处理器。Maple IR也有配套的Maple VM,可以直接运行Maple IR。可以利用不同的前端将C/C++,Java等不同的语言转化成Maple IR,也可以扩展支持别的语言。

Read more »

1. Maple IR前端

Maple IR是方舟编译器的中间表示语言,设计原则是尽可能多的保留源文件的信息,其中信息包括声明部分(符号表)和代码部分。Maple IR是平台无关的,不依赖任何处理器。Maple IR也有配套的Maple VM,可以直接运行Maple IR。可以利用不同的前端将C/C++,Java等不同的语言转化成Maple IR,也可以扩展支持别的语言。

Read more »

TSAN

https://github.com/google/sanitizers

https://clang.llvm.org/docs/ThreadSafetyAnalysis.html

Read more »

TSAN

https://github.com/google/sanitizers

https://clang.llvm.org/docs/ThreadSafetyAnalysis.html

Read more »

Abstract

File systems, a basic building block of an OS, are too big and too complex to be bug free. Nevertheless, file systems rely on regular stress-testing tools and formal checkers to find bugs, which are limited due to the ever-increasing complexity of both file systems and OSes. Thus, fuzzing, proven to be an effective and a practical approach, becomes a preferable choice, as it does not need much knowledge about a target. However, three main challenges exist in fuzzing file systems: mutating a large image blob that degrades overall performance, generating image-dependent file operations, and reproducing found bugs, which is difficult for existing OS fuzzers.

Read more »

Abstract

Mobile systems, such as smartphones and tablets, incorporate a diverse set of I/O devices, such as camera, audio devices, GPU, and sensors. This in turn results in a large number of diverse and customized device drivers running in the operating system kernel of mobile systems. These device drivers contain various bugs and vulnerabilities, making them a top target for kernel exploits. Unfortunately, security analysts face important challenges in analyzing these device drivers in order to find, understand, and patch vulnerabilities. More specifically, using the state-of-the-art dynamic analysis techniques such as interactive debugging, fuzzing, and record-and-replay for analysis of these drivers is difficult, inefficient, or even completely inaccessible depending on the analysis.

Read more »

Linux内核、驱动程序和硬件的关系,从中可以看出,内核的几个模块,相应的系统调用也可以分为这几类 http://seclab.cs.sunysb.edu/sekar/papers/syscallclassif.htm

  1. 进程管理模块
  2. 内存管理模块
  3. 文件系统模块 file system
  4. 设备控制模块 device driver
  5. 网络模块 network
Read more »

Abstract

The ability to execute and analyze code makes many security tasks such as exploit development, reverse engineering, and vulnerability detection much easier. However, on embedded devices such as Android smartphones, executing code in-vivo, on the device, for analysis is limited by the need to acquire such devices, the speed of the device, and in some cases the need to flash custom code onto the devices. The other option is to execute the code ex-vivo, off the device, but this approach either requires porting or complex hardware emulation.

Read more »
0%