1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
|
import sys
import getopt
import os
import time
BOOGIE_PATH= "%boogie%"
BCT_PATH="%boogie_bct%"
CONTROL_EXTRACTOR_PATH="%phonecontrolextractor%"
WPLIB_PATH="%wplib%"
DOT_PATH="%dotpath%"
CONTROL_CREATION_TIME=0
INJECTION_TIME=0
TEST_TIME=0
QUERY_CREATION_TIME=0
QUERY_RUN_TIME=0
GRAPH_CREATION_TIME=0
BOOGIE_QUERY_COUNT=0
PAGE_COUNT=0
EDGE_COUNT=0
navigation_graph = {}
def createStatsNode(appFile):
global CONTROL_CREATION_TIME
global INJECTION_TIME
global TEST_TIME
global QUERY_CREATION_TIME
global QUERY_RUN_TIME
global GRAPH_CREATION_TIME
global BOOGIE_QUERY_COUNT
global PAGE_COUNT
global EDGE_COUNT
total= CONTROL_CREATION_TIME + INJECTION_TIME + TEST_TIME + QUERY_CREATION_TIME + QUERY_RUN_TIME + GRAPH_CREATION_TIME
statsNode= "node [shape=plaintext, label=" + \
"<<TABLE BORDER=\"0\" CELLBORDER=\"1\" CELLSPACING=\"0\">" + \
"<TR><TD COLSPAN=\"2\" BGCOLOR=\"lightskyblue\">" + os.path.basename(appFile) + "</TD></TR>" + \
"<TR><TD>Control extraction time</TD><TD>" + str(CONTROL_CREATION_TIME) + " s.</TD></TR>" + \
"<TR><TD>Injection and translation time</TD><TD>" + str(INJECTION_TIME) + " s.</TD></TR>" + \
"<TR><TD>Boogie test time</TD><TD>" + str(TEST_TIME) + " s.</TD></TR>" + \
"<TR><TD>Query creation time</TD><TD>" + str(QUERY_CREATION_TIME) + " s.</TD></TR>" + \
"<TR><TD>Boogie query run time (" + str(BOOGIE_QUERY_COUNT) + " queries)</TD><TD>" + str(QUERY_RUN_TIME) + " s.</TD></TR>" + \
"<TR><TD>Graph creation time</TD><TD>" + str(GRAPH_CREATION_TIME) + " s.</TD></TR>" + \
"<TR><TD BGCOLOR=\"olivedrab\">Graph sparseness</TD><TD BGCOLOR=\"olivedrab\">" + str(EDGE_COUNT) + " over " + str(PAGE_COUNT*PAGE_COUNT) + " possible</TD></TR>" + \
"<TR><TD BGCOLOR=\"olivedrab\">Total time</TD><TD BGCOLOR=\"olivedrab\">" + str(total) + " s.</TD></TR>" + \
"</TABLE>>" + \
"] statsNode;"
# statsNode= statsNode.replace(".","/")
return statsNode
def checkEnv():
retVal= True
os.system("echo " + DOT_PATH + " > checkEnv")
check= open("checkEnv", "r")
if check.readline().strip() == DOT_PATH:
print DOT_PATH + " not set"
retVal= False
os.system("echo " + WPLIB_PATH + " > checkEnv")
check= open("checkEnv", "r")
if check.readline().strip() == WPLIB_PATH:
print WPLIB_PATH + " not set"
retVal= False
os.system("echo " + BOOGIE_PATH + " > checkEnv")
check= open("checkEnv", "r")
if check.readline().strip() == BOOGIE_PATH:
print BOOGIE_PATH + " not set"
retVal= False
os.system("echo " + BCT_PATH + " > checkEnv")
check= open("checkEnv", "r")
if check.readline().strip() == BCT_PATH:
print BCT_PATH +" not set"
retVal= False
os.system("echo " + CONTROL_EXTRACTOR_PATH + " > checkEnv")
check= open("checkEnv", "r")
if check.readline().strip() == CONTROL_EXTRACTOR_PATH:
print CONTROL_EXTRACTOR_PATH + " not set"
retVal= False
check.close()
os.remove("checkEnv")
return retVal
def createAppControlsFile(appFile, outputFile, format):
error = os.system(CONTROL_EXTRACTOR_PATH + " -p \"" + os.path.dirname(appFile) + "\" -o \"" + os.path.splitext(appFile)[0] + ".controls\" > nul")
if error != 0 or not os.path.exists(os.path.splitext(appFile)[0] + ".controls"):
return False
return True
def bctAppFile(appFile, outputFile, format):
error = os.system(BCT_PATH + " /heap:splitFields /lib:\"" + WPLIB_PATH + "\" /wpnav /phoneControls:\"" + \
os.path.splitext(appFile)[0] + ".controls\" \"" + appFile + "\" > nul")
if error != 0 or not os.path.exists(os.path.splitext(appFile)[0] + ".bpl"):
return False
return True
def testBoogieOutput(appFile, outputFile, format):
error = os.system(BOOGIE_PATH + " /doModSetAnalysis /noVerify \"" + os.path.splitext(appFile)[0] + ".bpl\" > testBpl")
testBpl= open("testBpl", "r")
output= testBpl.read()
testBpl.close()
os.remove("testBpl")
if error != 0 or output.find("Error:") != -1:
return False
return True
def cleanupQueriesTempFiles():
for tempFile in [os.path.abspath(filename) for filename in os.listdir(".") if filename.startswith("sed") and os.path.splitext(filename)[1]==""]:
os.remove(tempFile)
def createBoogieQueries(appFile, outputFile, format):
cmd ="\"" + os.path.dirname(appFile) + "\\createQueries.bat\" > nul"
error = os.system(cmd)
cleanupQueriesTempFiles()
if error != 0:
return False
return True
def runBoogieQueries(appFile, outputFile, format):
global navigation_graph
global BOOGIE_QUERY_COUNT
global EDGE_COUNT
global PAGE_COUNT
queryFiles= [os.path.abspath(filename) for filename in os.listdir(".") if filename.find("$$") != -1 and os.path.splitext(filename)[1]==".bpl"]
BOOGIE_QUERY_COUNT= len(queryFiles)
for filename in queryFiles:
start= os.path.splitext(filename.split("$$")[1])[0]
end= os.path.splitext(filename.split("$$")[3])[0]
try:
dests= navigation_graph[start]
except KeyError:
PAGE_COUNT=PAGE_COUNT+1
dests= []
navigation_graph[start]= []
error = os.system(BOOGIE_PATH + " /doModSetAnalysis /prover:SMTLib \"" + filename +"\" > testBpl")
testBpl= open("testBpl", "r")
output= testBpl.read()
testBpl.close()
os.remove("testBpl")
if error != 0 or output.find("Error:") != -1:
return False
if output.find("might not hold") != -1:
dests.append(end)
navigation_graph[start]= dests
EDGE_COUNT=EDGE_COUNT+1
return True
def buildNavigationGraph(appFile, outputFile, format):
global GRAPH_CREATION_TIME
global navigation_graph
GRAPH_CREATION_TIME= time.clock()
nameToNode= {}
dotFile= open(os.path.splitext(appFile)[0] + ".dot","w")
graphName= os.path.basename(os.path.splitext(appFile)[0])
dotFile.write("digraph " + graphName + "{\n")
dotFile.write("\tnode [style=\"invisible\", label=\"\"] n0;\n")
nextNode=1
for pagename in navigation_graph.keys():
dotFile.write("\tnode [style=\"rounded\", shape=\"box\", label=\"" + pagename + "\"] n"+ str(nextNode) + ";\n")
nameToNode[pagename]=nextNode
nextNode= nextNode + 1
dotFile.write("\n")
for pagename in navigation_graph.keys():
startNode= nameToNode[pagename]
for dest in navigation_graph[pagename]:
destNode = nameToNode[dest]
dotFile.write("\tn" + str(startNode) + " -> n" + str(destNode) + ";\n")
# Try and see if we know the start page
controls= open(os.path.splitext(appFile)[0] + ".controls", "r")
mainpage= os.path.splitext(controls.readline().strip().lower())[0]
try:
globalStart= nameToNode[mainpage]
dotFile.write("\tn0 -> n" + str(globalStart) + ";\n")
except KeyError:
pass
GRAPH_CREATION_TIME= time.clock() - GRAPH_CREATION_TIME
statsNode= createStatsNode(appFile)
dotFile.write("\t" + statsNode + "\n")
dotFile.write("}")
dotFile.close()
if format != "dot":
os.system(DOT_PATH + " -T" + format + " -o \"" + outputFile + "\" \"" + os.path.splitext(appFile)[0] + ".dot\" > nul")
else:
os.rename("\"" + os.path.splitext(appFile)[0] + ".dot\"", "\"" + outputFile + "\"")
return True
def showUsage():
print "NavGraphBuilder -- builds the navigation graph from a phone app. See caveats in NavGraphBuilder.README"
print "Usage:"
print "\tNavGraphBuilder --app <PhoneApp.dll> --output <graph file> --format <graph format>"
print "Options:"
print "\t--app <PhoneApp.dll>: point to location of main application .dll. Short form: -a. Required."
print "\t--output <graph file>: file to write graph to. Short form: -o. Optional, defaults to name of phone app and selected format."
print "\t--format <graph format>: format to draw the graph into. Short form: -f. Optional, accepts dot output formats, defaults to pdf.\n"
def main():
global CONTROL_CREATION_TIME
global INJECTION_TIME
global TEST_TIME
global QUERY_CREATION_TIME
global QUERY_RUN_TIME
global GRAPH_CREATION_TIME
if (not checkEnv()):
sys.exit(1)
try:
opts, args= getopt.getopt(sys.argv[1:], "a:o:f:b:", ["app=","output=","format=","build="])
except getopt.error, msg:
print msg
showUsage()
sys.exit(2)
if len(opts) < 1:
print "Missing options"
showUsage()
sys.exit(2)
appFile=""
outputFile=""
format=""
build=""
for o, a in opts:
if o in ["-a","--app"]:
appFile= a
if o in ["-o", "--output"]:
outputFile= a
if o in ["-f", "--format"]:
format= a.lower()
if o in ["-b", "--build"]:
build= a
if format=="":
format= "pdf"
appFile = os.path.abspath(appFile)
if outputFile=="":
outputFile= os.path.splitext(appFile)[0] + "." + format
outputFile= os.path.abspath(outputFile)
if build=="" or build.find("c") != -1:
CONTROL_CREATION_TIME= time.clock();
print "Extracting control information..."
if (not createAppControlsFile(appFile, outputFile, format)):
print "Failed to create app controls file"
sys.exit(1)
CONTROL_CREATION_TIME= time.clock() - CONTROL_CREATION_TIME
if build=="" or build.find("i") != -1:
INJECTION_TIME= time.clock()
print "Injecting and translating application binary..."
if (not bctAppFile(appFile, outputFile, format)):
print "Failed to translate application library"
sys.exit(1)
INJECTION_TIME= time.clock() - INJECTION_TIME
if build=="" or build.find("t") != -1:
TEST_TIME= time.clock()
print "Testing boogie file..."
if (not testBoogieOutput(appFile, outputFile, format)):
print "ByteCode Translator produced erroneous or ambiguous boogie file"
sys.exit(1)
TEST_TIME= time.clock() - TEST_TIME
if build=="" or build.find("b") != -1:
QUERY_CREATION_TIME= time.clock()
print "Creating boogie queries..."
if (not createBoogieQueries(appFile, outputFile, format)):
print "Error creating boogie queries"
sys.exit(1)
QUERY_CREATION_TIME= time.clock() - QUERY_CREATION_TIME
if build=="" or build.find("q") != -1:
QUERY_RUN_TIME= time.clock()
print "Running boogie queries..."
if (not runBoogieQueries(appFile, outputFile, format)):
print "Error running boogie queries"
sys.exit(1)
QUERY_RUN_TIME= time.clock() - QUERY_RUN_TIME
if build=="" or build.find("g") != -1:
print "Building graph..."
if (not buildNavigationGraph(appFile, outputFile, format)):
print "Error creating navigation graph"
sys.exit(1)
print "Success!"
sys.exit(0)
if __name__ == "__main__":
main()
|