KUBO: precise and scalable static UB detector for the OS Kernel
Requirement:
- Ubuntu 16.04, 18.04, 20.04
- Python3
- 3rd party packages:networkx, matplotlib, argparse, termcolor,ipython
- cmake
- LLVM 9.0 : cd llvm && ./init.sh
- this will prepare a pre-built as well as a natively built llvm 9.0 since we modify some of the source code
- All sorts of dependent projects : cd deps && ./build.sh
- KUBO pass : cd work && python llvm.py build -c
- prepare
- Download Linux Source : python main.py checkout(default to 5.4.1)
- Config Linux Source : python main.py config
- Build the linux binary : python main.py build
- Parse build procedure : python main.py parse
- Build llvm bc : python main.py irgen
- Group into modules : python main.py group
- Optimize and LTO : python main.py trans
- Generate call graph : python main.py gen_cg
- syscall/ioctl entry analysis : python main.py entry_ana
- data summary generation : python main.py taint_ana
- generate bc with debug symbol so that we can map reported bugs to source code automatically when generating the bug reports
- Build llvm bc : python main.py gen_dbg_ir
- Group into modules : python main.py gen_dbg_group
- Optimize and LTO : python main.py gen_dbg_trans
- the actual analysis
- Run kubo : python main.py run
- generate bug reports : python main.py stat
- see ./work/bugs for the bug reports
This work is built on other amazing works specifically
- For call graph analysis: https://github.com/lzto/pex
- For slicing and symbolic execution: https://github.com/sslab-gatech/deadline/
- For taint analysis: https://github.com/ucsb-seclab/dr_checker
Shout out to their amazing contributions that made this possible.
Should you have any question, feel free to raise an issue in this repo or directly contact the author at liu.changm@northeastern.edu. It's intended that this project to be actively maintained for a period of time, mainly for readability improvement and performance fine-tuning.