Comments (2)
About fixpoint computations in general: We compute properties of programs at specific execution points. We want these properties to hold true regardless of the execution path that was taken to reach that program point. The point of fixpoint computations is that one computes these properties in a path-dependent manner, but then continues computation until a fixpoint is reached. If one can reach a fixpoint, then the result will hold true regardless of the execution path taken to the program point, despite being computed with path-dependent methods.
For the function signatures this is very important, because other analyses depend on the correctness of this computation. For the CWE-119 check on the other hand, it is a choice to use fixpoint computations. There are other approaches one can use here with different advantages and drawbacks. A somewhat abstract motivation is that in the far future we may be able to prove the absence of certain bug classes if we do not find any CWEs with a fixpoint-based analysis approach. But in the cwe_checker we are still far away from that.
If you want to read up on the topic I recommend looking at the literature regarding compiler optimizations like dead code removal, expression propagation, and the like, as they are usually also implemented using fixpoint computations. Unfortunately, I do not maintain a list of good beginner literature for the topic at the moment.
Why the param_access_stubs
and the stubbed_variadic_symbols
are generated at runtime: In theory, you can make the two computation functions const
, which would mean that they are computed at compile time. The const fn
story of Rust is still evolving and I have not checked whether newer versions of Rust allow this already. However, the runtime cost is negligible anyway.
from cwe_checker.
Thank you for the detailed explanation!! It is quite clear now.
from cwe_checker.
Related Issues (20)
- arm elf file checker error HOT 2
- Code Analysis on PcodeExtractor.java HOT 1
- Execution of ghidra plugin failed HOT 1
- Running cwe_checker on arm64 and x86_64 (failed) HOT 5
- cwe_checker run with error 'No loadable segments found' HOT 1
- CWE checker dependencies incompatible with current Kali (clap) HOT 4
- docker how to speficy --bare-metal-config HOT 2
- ghidra >= 10.2 fix "getLeastSignificatBitInBaseRegister" spelling wrong HOT 2
- error running cwe in ghidra HOT 2
- Some comments seems confusing HOT 4
- Speed up the analysis with new cwe_checker:stable docker image HOT 2
- cwe_checker docker -o option fails HOT 4
- What is CWE119 specifically and the difference with its variants HOT 7
- Infinity Loop Problem HOT 2
- Execution of Ghidra plugin failed HOT 8
- Project Normalization consumes too much RAM HOT 2
- Support for new P-Code operation in Ghidra 10.3 HOT 1
- Windows failed to compile HOT 1
- cwe_checker docker container hang on HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cwe_checker.