mirror of
https://github.com/hohn/codeql-workshop-dataflow-c.git
synced 2025-12-16 18:43:03 +01:00
121 lines
3.8 KiB
Org Mode
121 lines
3.8 KiB
Org Mode
#+HTML_HEAD_EXTRA: <style> .scrollable-svg { max-height: 800px; overflow-y: auto; display: block; } </style>
|
|
|
|
* CodeQL AST in dot and pdf
|
|
The control flow graph is narrowed to the function of interest,
|
|
#+BEGIN_SRC c++
|
|
int copy_mem(unsigned int unused, dyn_input_t *input,
|
|
unsigned int input_types) {...}
|
|
|
|
#+END_SRC
|
|
from [[./tests-common/test_part1.c]], so we do the same for the AST.
|
|
|
|
#+BEGIN_SRC sh
|
|
# Produce ast in dot format
|
|
codeql database analyze \
|
|
--format=dot --output=ast.dot \
|
|
-j8 -v --ram=16000 \
|
|
--rerun \
|
|
-- \
|
|
cpp-dataflow-part1-database \
|
|
graphs/ast.ql
|
|
|
|
# Convert dot to pdf
|
|
dot -Tpdf < ast.dot/cpp/print-ast.dot > ast.dot/cpp/print-ast.pdf
|
|
dot -Tsvg < ast.dot/cpp/print-ast.dot > ast.dot/cpp/print-ast.svg
|
|
|
|
# View the graph
|
|
open ast.dot/cpp/print-ast.pdf
|
|
|
|
# This comes from
|
|
tests-common/test_part1.c
|
|
#+END_SRC
|
|
|
|
* CodeQL CFG in dot and pdf
|
|
The whole control flow graph is very large, so the query narrows it to the
|
|
function of interest,
|
|
#+BEGIN_SRC c++
|
|
int copy_mem(unsigned int unused, dyn_input_t *input,
|
|
unsigned int input_types) {...}
|
|
|
|
#+END_SRC
|
|
from [[./tests-common/test_part1.c]]
|
|
|
|
#+BEGIN_SRC sh
|
|
# Produce CFG in dot format
|
|
codeql database analyze \
|
|
--format=dot --output=cfg.dot \
|
|
-j8 -v --ram=16000 \
|
|
--rerun \
|
|
-- \
|
|
cpp-dataflow-part1-database \
|
|
graphs/cfg.ql
|
|
|
|
|
|
# Convert dot to pdf
|
|
dot -Tpdf < cfg.dot/cpp/print-cfg.dot > cfg.dot/cpp/print-cfg.pdf
|
|
dot -Tsvg < cfg.dot/cpp/print-cfg.dot > cfg.dot/cpp/print-cfg.svg
|
|
|
|
# View the graph
|
|
open cfg.dot/cpp/print-cfg.pdf
|
|
#+END_SRC
|
|
|
|
* AST
|
|
The ast is inlined here. For better viewing, open the
|
|
pdf ([[./ast.dot/cpp/print-ast.pdf]]) separately.
|
|
#+ATTR_HTML: :width 100%
|
|
[[./ast.dot/cpp/print-ast.svg]]
|
|
|
|
* CFG
|
|
The cfg is inlined here. For better viewing, open the
|
|
pdf ([[./cfg.dot/cpp/print-cfg.pdf]]) separately.
|
|
|
|
#+ATTR_HTML: :class scrollable-svg
|
|
[[./cfg.dot/cpp/print-cfg.svg]]
|
|
|
|
* GPTs
|
|
A gpt was used to add 17 of the CFG edges to the AST tree; more resulted in a
|
|
very confusing graph. The hybrid is in =cfg.dot/cpp/ast-cfg-hybrid.dot=
|
|
|
|
* Render via dot
|
|
The hybrid is rendered via dot. The other renderers produced very spread
|
|
layouts.
|
|
#+BEGIN_SRC sh
|
|
# Convert dot to pdf
|
|
twopi -Tpdf < cfg.dot/cpp/ast-cfg-hybrid.dot > cfg.dot/cpp/ast-cfg-hybrid.pdf
|
|
circo -Tpdf < cfg.dot/cpp/ast-cfg-hybrid.dot > cfg.dot/cpp/ast-cfg-hybrid.pdf
|
|
dot -Tpdf < cfg.dot/cpp/ast-cfg-hybrid.dot > cfg.dot/cpp/ast-cfg-hybrid.pdf
|
|
dot -Tsvg < cfg.dot/cpp/ast-cfg-hybrid.dot > cfg.dot/cpp/ast-cfg-hybrid.svg
|
|
|
|
# View the graph
|
|
open -a skim cfg.dot/cpp/ast-cfg-hybrid.pdf
|
|
#+END_SRC
|
|
|
|
* AST-CFG HYBRID
|
|
The ast-cfg hybrid is inlined here. For better viewing, open the
|
|
pdf ([[./cfg.dot/cpp/ast-cfg-hybrid.pdf]]) separately.
|
|
#+ATTR_HTML: :width 100%
|
|
[[./cfg.dot/cpp/ast-cfg-hybrid.svg]]
|
|
|
|
* Hybrid portion of source code
|
|
The part of the source code corresponding to the hybrid portion, with space for
|
|
adding edges:
|
|
#+BEGIN_SRC c++
|
|
int copy_mem(unsigned int unused, dyn_input_t *input,
|
|
|
|
|
|
unsigned int input_types) {
|
|
|
|
|
|
memcpy(input[0].ptr.buf, input[1].ptr.buf,
|
|
|
|
|
|
input[1].ptr.size);
|
|
|
|
|
|
copy_mem_nested(input);
|
|
|
|
...;
|
|
}
|
|
#+END_SRC
|
|
|