//===-- llvm-cfi-verify.cpp - CFI Verification tool for LLVM --------------===// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// // // This tool verifies Control Flow Integrity (CFI) instrumentation by static // binary analysis. See the design document in /docs/CFIVerify.rst for more // information. // // This tool is currently incomplete. It currently only does disassembly for // object files, and searches through the code for indirect control flow // instructions, printing them once found. // //===----------------------------------------------------------------------===// #include "lib/FileAnalysis.h" #include "lib/GraphBuilder.h" #include "llvm/BinaryFormat/ELF.h" #include "llvm/DebugInfo/Symbolize/SymbolizableModule.h" #include "llvm/Support/CommandLine.h" #include "llvm/Support/Error.h" #include "llvm/Support/FormatVariadic.h" #include "llvm/Support/SpecialCaseList.h" #include "llvm/Support/VirtualFileSystem.h" #include <cstdlib> usingnamespacellvm; usingnamespacellvm::object; usingnamespacellvm::cfi_verify; static cl::OptionCategory CFIVerifyCategory("CFI Verify Options"); cl::opt<std::string> InputFilename(cl::Positional, cl::desc("<input file>"), cl::Required, cl::cat(CFIVerifyCategory)); cl::opt<std::string> IgnorelistFilename(cl::Positional, cl::desc("[ignorelist file]"), cl::init("-"), cl::cat(CFIVerifyCategory)); cl::opt<bool> PrintGraphs( "print-graphs", cl::desc("Print graphs around indirect CF instructions in DOT format."), cl::init(false), cl::cat(CFIVerifyCategory)); cl::opt<unsigned> PrintBlameContext( "blame-context", cl::desc("Print the blame context (if possible) for BAD instructions. This " "specifies the number of lines of context to include, where zero " "disables this feature."), cl::init(0), cl::cat(CFIVerifyCategory)); cl::opt<unsigned> PrintBlameContextAll( "blame-context-all", cl::desc("Prints the blame context (if possible) for ALL instructions. " "This specifies the number of lines of context for non-BAD " "instructions (see --blame-context). If --blame-context is " "unspecified, it prints this number of contextual lines for BAD " "instructions as well."), cl::init(0), cl::cat(CFIVerifyCategory)); cl::opt<bool> Summarize("summarize", cl::desc("Print the summary only."), cl::init(false), cl::cat(CFIVerifyCategory)); ExitOnError ExitOnErr; static void printBlameContext(const DILineInfo &LineInfo, unsigned Context) { … } static void printInstructionInformation(const FileAnalysis &Analysis, const Instr &InstrMeta, const GraphResult &Graph, CFIProtectionStatus ProtectionStatus) { … } static void printInstructionStatus(unsigned BlameLine, bool CFIProtected, const DILineInfo &LineInfo) { … } static void printIndirectCFInstructions(FileAnalysis &Analysis, const SpecialCaseList *SpecialCaseList) { … } int main(int argc, char **argv) { … }
Codebase Browser
llvm