From 2aa42fca6980c9fcb07e673b190866101abb014e Mon Sep 17 00:00:00 2001 From: Henny Sipma Date: Wed, 27 May 2026 19:42:05 -0700 Subject: [PATCH 1/3] CHB:SUMMARIES:add precondition to popen --- CodeHawk/CHB/bchsummaries/so_functions/mkstemp64.xml | 1 - CodeHawk/CHB/bchsummaries/so_functions/popen.xml | 11 ++++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CodeHawk/CHB/bchsummaries/so_functions/mkstemp64.xml b/CodeHawk/CHB/bchsummaries/so_functions/mkstemp64.xml index 82e2b65b..f549a6d5 100644 --- a/CodeHawk/CHB/bchsummaries/so_functions/mkstemp64.xml +++ b/CodeHawk/CHB/bchsummaries/so_functions/mkstemp64.xml @@ -1,5 +1,4 @@ -
diff --git a/CodeHawk/CHB/bchsummaries/so_functions/popen.xml b/CodeHawk/CHB/bchsummaries/so_functions/popen.xml index 7241cf0f..2ed17abb 100644 --- a/CodeHawk/CHB/bchsummaries/so_functions/popen.xml +++ b/CodeHawk/CHB/bchsummaries/so_functions/popen.xml @@ -33,7 +33,16 @@ - + + 
+          
+            
+              
+              command
+            
+          
+
+ From 9def73b1c2ba6a230112fb4eb4a2e7690ffbf931 Mon Sep 17 00:00:00 2001 From: Henny Sipma Date: Wed, 27 May 2026 19:42:51 -0700 Subject: [PATCH 2/3] CHB:add cmdline option to include callees with fns_included --- CodeHawk/CHB/bchanalyze/bCHAnalyzeApp.ml | 55 +++++++++++++++++-- CodeHawk/CHB/bchcmdline/bCHXBinaryAnalyzer.ml | 5 +- CodeHawk/CHB/bchlib/bCHSystemSettings.ml | 5 ++ CodeHawk/CHB/bchlib/bCHSystemSettings.mli | 3 + 4 files changed, 63 insertions(+), 5 deletions(-) diff --git a/CodeHawk/CHB/bchanalyze/bCHAnalyzeApp.ml b/CodeHawk/CHB/bchanalyze/bCHAnalyzeApp.ml index 7918199f..10a9b112 100644 --- a/CodeHawk/CHB/bchanalyze/bCHAnalyzeApp.ml +++ b/CodeHawk/CHB/bchanalyze/bCHAnalyzeApp.ml @@ -99,6 +99,45 @@ let no_lineq = ref [] let add_no_lineq s = no_lineq := s :: !no_lineq +(** Expands a list of function address hex strings with the direct application + callees of each function, as recorded in saved function info. Silently + skips functions whose info is not yet available (e.g. first analysis pass). + Emits a diagnostics log entry for every callee added. *) +let expand_fns_with_callees (fns: string list) : string list = + List.fold_left + (fun acc faddr_str -> + match string_to_doubleword faddr_str with + | Error _ -> acc + | Ok faddr -> + let callees = + try + let finfo = load_function_info faddr in + List.filter_map + (fun ct -> + if ct#is_app_call then Some ct#get_app_address + else None) + finfo#get_callees + with _ -> [] + in + List.fold_left + (fun acc2 callee -> + let s = callee#to_hex_string in + if List.mem s acc2 then + acc2 + else + begin + log_diagnostics_result + ~tag:"expand_fns_with_callees" + __FILE__ __LINE__ + ["add callee: " ^ s ^ " of: " ^ faddr_str]; + s :: acc2 + end) + acc + callees) + fns + fns + + let analyze_x86_function faddr f count = let _ = if system_settings#show_function_timing then @@ -173,7 +212,9 @@ let analyze_x86_function faddr f count = let analyze starttime = - let fns_included = included_functions () in + let fns_included = + let fns = included_functions () in + if fn_include_callees () then expand_fns_with_callees fns else fns in let fns_excluded = excluded_functions () in let count = ref 0 in let failedfunctions = ref [] in @@ -409,7 +450,9 @@ let analyze_mips_function faddr f count = let analyze_mips starttime = - let fns_included = included_functions () in + let fns_included = + let fns = included_functions () in + if fn_include_callees () then expand_fns_with_callees fns else fns in let fns_excluded = excluded_functions () in let count = ref 0 in let failedfunctions = ref [] in @@ -565,7 +608,9 @@ let analyze_arm_function faddr f count = let analyze_arm starttime = - let fns_included = included_functions () in + let fns_included = + let fns = included_functions () in + if fn_include_callees () then expand_fns_with_callees fns else fns in let fns_excluded = excluded_functions () in let count = ref 0 in let failedfunctions = ref [] in @@ -678,7 +723,9 @@ let analyze_pwr_function let analyze_pwr (starttime: float) = - let fns_included = included_functions () in + let fns_included = + let fns = included_functions () in + if fn_include_callees () then expand_fns_with_callees fns else fns in let fns_excluded = excluded_functions () in let count = ref 0 in begin diff --git a/CodeHawk/CHB/bchcmdline/bCHXBinaryAnalyzer.ml b/CodeHawk/CHB/bchcmdline/bCHXBinaryAnalyzer.ml index 567b640a..0350191f 100644 --- a/CodeHawk/CHB/bchcmdline/bCHXBinaryAnalyzer.ml +++ b/CodeHawk/CHB/bchcmdline/bCHXBinaryAnalyzer.ml @@ -6,7 +6,7 @@ Copyright (c) 2005-2020 Kestrel Technology LLC Copyright (c) 2020 Henny Sipma - Copyright (c) 2021-2025 Aarno Labs LLC + Copyright (c) 2021-2026 Aarno Labs LLC Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal @@ -189,6 +189,9 @@ let speclist = "exclude the function with the given address from the analysis"); ("-fn_include", Arg.String (fun s -> include_function s), "include the function with the given address in the analysis"); + ("-fn_include_callees", + Arg.Unit (fun () -> set_fn_include_callees ()), + "expand the set of functions to be analyzed with the callees of the included functions"); ("-fn_no_lineq", Arg.String (fun s -> add_no_lineq s), "do not apply linear equality analysis to the function with the given address"); ("-lineq_instr_cutoff", diff --git a/CodeHawk/CHB/bchlib/bCHSystemSettings.ml b/CodeHawk/CHB/bchlib/bCHSystemSettings.ml index 4ab4b797..e589c3c8 100644 --- a/CodeHawk/CHB/bchlib/bCHSystemSettings.ml +++ b/CodeHawk/CHB/bchlib/bCHSystemSettings.ml @@ -50,6 +50,11 @@ let exclude_function (s: string) = fns_excluded := s :: !fns_excluded let excluded_functions () = !fns_excluded +let fn_include_callees = ref false +let set_fn_include_callees () = fn_include_callees := true +let fn_include_callees () = !fn_include_callees + + let arm_typingrules_settings = H.create 23 let _ = diff --git a/CodeHawk/CHB/bchlib/bCHSystemSettings.mli b/CodeHawk/CHB/bchlib/bCHSystemSettings.mli index 403c9045..aa723b21 100644 --- a/CodeHawk/CHB/bchlib/bCHSystemSettings.mli +++ b/CodeHawk/CHB/bchlib/bCHSystemSettings.mli @@ -42,3 +42,6 @@ val included_functions: unit -> string list val exclude_function: string -> unit val excluded_functions: unit -> string list + +val set_fn_include_callees: unit -> unit +val fn_include_callees: unit -> bool From 27b65ad266312a87b9734101f9820edf62228180 Mon Sep 17 00:00:00 2001 From: Henny Sipma Date: Wed, 27 May 2026 21:32:12 -0700 Subject: [PATCH 3/3] CHB: update version --- CodeHawk/CHB/bchlib/bCHVersion.ml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CodeHawk/CHB/bchlib/bCHVersion.ml b/CodeHawk/CHB/bchlib/bCHVersion.ml index 856e226f..37f19071 100644 --- a/CodeHawk/CHB/bchlib/bCHVersion.ml +++ b/CodeHawk/CHB/bchlib/bCHVersion.ml @@ -95,8 +95,8 @@ end let version = new version_info_t - ~version:"0.6.0_20260418" - ~date:"2026-04-18" + ~version:"0.6.0_20260527" + ~date:"2026-05-27" ~licensee: None ~maxfilesize: None ()