new compile script (LTO & statically-linked libraries)

.gitignore

@@ -164,5 +164,3 @@ trace-ust-all.h
 trace-ust-all.c
 /target/arm/decode-sve.inc.c
 
-/libxdc
-/capstone_v4

.gitmodules

@@ -61,3 +61,9 @@
 [submodule "roms/qboot"]
 	path = roms/qboot
 	url = https://github.com/bonzini/qboot
+[submodule "libxdc"]
+	path = libxdc
+	url = https://github.com/nyx-fuzz/libxdc.git
+[submodule "capstone_v4"]
+	path = capstone_v4
+	url = https://github.com/aquynh/capstone.git

capstone_v4

@@ -0,0 +1 @@
+Subproject commit 0efa3cc530ea188c0e03c945ab884ee19dd16342

compile_qemu_nyx.sh

@@ -18,35 +18,116 @@ set -e
 # You should have received a copy of the GNU General Public License
 # along with QEMU-PT.  If not, see <http://www.gnu.org/licenses/>.
 
+error () {
+  echo "$0: <option>"
+  echo ""
+  echo "Available compile options: "
+  echo " -  dynamic    dynamically link libxdc and capstone4"
+  echo " -  static     statically link libxdc and capstone4"
+  echo " -  lto        statically link libxdc and capstone4 and enable LTO (up to 10% better performance)"
+  echo " -  debug      enable several debug options"
+  echo ""
+  exit 3
+}
 
-if [ ! -f "/usr/lib/libxdc.so" ] || [ ! -f "/usr/include/libxdc.h" ]; then
+compile_libraries (){
-  echo "[!] libxdc not found! Installing..."
+  echo "[!] compiling capstone4..."
-  if [ -d "capstone_v4/" ]; then
-    rm -rf capstone_v4
-  fi
-
-  if [ -d "libxdc/" ]; then
-    rm -rf libxdc
-  fi
-
-  git clone https://github.com/nyx-fuzz/libxdc.git
-  git clone https://github.com/aquynh/capstone.git capstone_v4
   cd capstone_v4
-  git checkout v4
+  make
-  make 
-  sudo make install 
   cd ..
+  echo "[!] capstone4 is ready!"
+
+  echo "[!] compiling libxdc..."
   cd libxdc
-  sudo make install
+  make
   cd ..
+  echo "[!] libxdc is ready!"
+}
+
+compile_and_install_libraries () {
+  if [ ! -f "/usr/lib/libcapstone.so" ] || [ ! -d "/usr/include/capstone/" ]; then
+    echo "[!] capstone not found! Installing..."
+    cd capstone_v4
+    make -j
+    echo "[ ] requesting permissions to install capstone4 ..."
+    sudo make install
+    echo "[!] done ..."
+    cd ..
+  fi
+
+  if [ ! -f "/usr/lib/libxdc.so" ] || [ ! -f "/usr/include/libxdc.h" ]; then
+    echo "[!] libxdc not found! Installing..."
+    cd libxdc
+    make -j
+    echo "[ ] requesting permissions to install libxdc ..."
+    sudo make install
+    echo "[!] done ..."
+    cd ..
+  fi
+}
+
+compile () {
+  if [ -f GNUmakefile ]; then
+    rm GNUmakefile 2> /dev/null
+  fi
+
+  make -j
+  echo "[!] QEMU-Nyx is ready!"
+}
+
+cd libxdc
+git submodule init
+git submodule update
+cd ..
+
+cd capstone_v4
+git submodule init
+git submodule update
+cd ..
+
+if [ "$#" == 0 ] ; then
+  error
 fi
 
-./configure --target-list=x86_64-softmmu --enable-gtk --disable-werror --disable-capstone --disable-libssh --enable-nyx --disable-tools
+if [ "$1" == "dynamic" ]; 
-#--enable-sanitizers
+then 
 
-if [ -f GNUmakefile ]; then
+  make clean
-  rm GNUmakefile 2> /dev/null
+  compile_and_install_libraries
+  ./configure --target-list=x86_64-softmmu --disable-docs --enable-gtk --disable-werror --disable-capstone --disable-libssh --enable-nyx --disable-tools
+  compile
+  exit 0
 fi
 
-make -j
+if [ "$1" == "debug" ]; 
+then 
 
+  make clean
+  compile_and_install_libraries
+  ./configure --target-list=x86_64-softmmu --disable-docs --enable-gtk --disable-werror --disable-capstone --disable-libssh --enable-nyx --enable-sanitizers --enable-debug --disable-tools
+  compile
+  exit 0
+fi
+
+if [ "$1" == "static" ]; 
+then 
+
+  make clean
+  compile_libraries
+  ./configure --target-list=x86_64-softmmu --disable-docs --enable-gtk --disable-werror --disable-capstone --disable-libssh --enable-nyx --enable-nyx-static --disable-tools
+  compile
+  exit 0
+fi
+
+if [ "$1" == "lto" ]; 
+then 
+
+  make clean
+  compile_libraries
+  ./configure --target-list=x86_64-softmmu --disable-docs --enable-gtk --disable-werror --disable-capstone --disable-libssh --enable-nyx --enable-nyx-static --enable-nyx-flto --disable-tools
+  compile
+  exit 0
+fi
+
+error
+exit 1

configure

@@ -951,6 +951,10 @@ for opt do
   ;;
   --enable-nyx) nyx="yes"
   ;;
+  --enable-nyx-static) nyx_static="yes"
+  ;;
+  --enable-nyx-flto) nyx_flto="yes"
+  ;;
   --version|-V) exec cat $source_path/VERSION
   ;;
   --prefix=*) prefix="$optarg"
@@ -1729,6 +1733,9 @@ Optional features, enabled with --enable-FEATURE and
 disabled with --disable-FEATURE, default is enabled if available:
 
   nyx             build QEMU-NYX
+  nyx-static      statically link libxdc and libcapstone4
+  nyx-flto        enable LTO 
+
   system          all system emulation targets
   user            supported user emulation targets
   linux-user      all linux usermode emulation targets
@@ -6094,18 +6101,31 @@ esac
 
 write_c_skeleton
 
-if test "$gcov" = "yes" ; then
+if test "$nyx" = "yes" ; then
+  CFLAGS="-DNESTED_PATCH -Wno-error=maybe-uninitialized -DQEMU_NYX -g -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $QEMU_CFLAGS"
+
+  if test "$nyx_static" = "yes" ; then
+    LIBS="-L$PWD/capstone_v4/ -l:libcapstone.a -L$PWD/libxdc/ -l:libxdc.a -I$PWD/capstone_v4/include/ -I$PWD/libxdc/ $LIBS"
+    QEMU_INCLUDES=" -I$PWD/capstone_v4/include/ -I$PWD/libxdc/ $QEMU_INCLUDES"
+  else
+    LIBS="-lcapstone -lxdc $LIBS"
+  fi
+
+  if test "$nyx_flto" = "yes" ; then
+    CFLAGS="-flto $CFLAGS"
+    LDFLAGS="-flto $LDFLAGS"
+  fi
+elif test "$gcov" = "yes" ; then
   CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
   LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
 elif test "$fortify_source" = "yes" ; then
-  if test "$nyx" = "yes" ; then
+  CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
-    CFLAGS="-DNESTED_PATCH -O3 -rdynamic -Wno-error=maybe-uninitialized -frename-registers -frename-registers -mtune=native -DQEMU_NYX -g -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $QEMU_CFLAGS"
+fi
-    LIBS="-lcapstone -lxdc $LIBS"
+
-  else
+if test "$debug" = "no"; then
-    CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
+  CFLAGS="-O3 -rdynamic -frename-registers -frename-registers -mtune=native $CFLAGS"
-  fi
+else
-elif test "$debug" = "no"; then
+  CFLAGS="-O0 -g $CFLAGS"
-  CFLAGS="-O2 $CFLAGS"
 fi
 
 if test "$have_asan" = "yes"; then

libxdc

@@ -0,0 +1 @@
+Subproject commit 641de7539e99f7faf5c8e8f1c8a4b37a9df52a5f

nyx/fast_vm_reload.c

@@ -521,7 +521,7 @@ void fast_reload_create_tmp_snapshot(fast_reload_t* self){
             self->bitmap_copy = malloc(GET_GLOBAL_STATE()->shared_bitmap_size+GET_GLOBAL_STATE()->shared_ijon_bitmap_size);
         }
     }
-    fuzz_bitmap_copy_to_buffer(self->bitmap_copy);
+    coverage_bitmap_copy_to_buffer(self->bitmap_copy);
 
     //GET_GLOBAL_STATE()->cow_cache_full = false;
 
@@ -589,7 +589,7 @@ uint32_t get_dirty_page_num(fast_reload_t* self){
 
 bool fast_reload_set_bitmap(fast_reload_t* self){
     if(self->incremental_snapshot_enabled){
-        fuzz_bitmap_copy_from_buffer(self->bitmap_copy);
+        coverage_bitmap_copy_from_buffer(self->bitmap_copy);
         return true;
     }
     return false;

nyx/helpers.c

@@ -33,20 +33,20 @@ int get_capstone_mode(int word_width_in_bits){
 	}
 }
 
-void fuzz_bitmap_reset(void){
+void coverage_bitmap_reset(void){
 	if(GET_GLOBAL_STATE()->shared_bitmap_ptr){
-    //fprintf(stderr, "%s: %lx %lx\n", __func__, fuzz_bitmap, fuzz_bitmap_size);
+    //fprintf(stderr, "%s: %lx %lx\n", __func__, coverage_bitmap, coverage_bitmap_size);
 		memset(GET_GLOBAL_STATE()->shared_bitmap_ptr, 0x00, GET_GLOBAL_STATE()->shared_bitmap_size + GET_GLOBAL_STATE()->shared_ijon_bitmap_size);
 	}
 }
 
-void fuzz_bitmap_copy_to_buffer(void* buffer){
+void coverage_bitmap_copy_to_buffer(void* buffer){
 	if(GET_GLOBAL_STATE()->shared_bitmap_ptr){
 		memcpy(buffer, GET_GLOBAL_STATE()->shared_bitmap_ptr, GET_GLOBAL_STATE()->shared_bitmap_size + GET_GLOBAL_STATE()->shared_ijon_bitmap_size);
 	}
 }
 
-void fuzz_bitmap_copy_from_buffer(void* buffer){
+void coverage_bitmap_copy_from_buffer(void* buffer){
 	if(GET_GLOBAL_STATE()->shared_bitmap_ptr){
 		memcpy(GET_GLOBAL_STATE()->shared_bitmap_ptr, buffer, GET_GLOBAL_STATE()->shared_bitmap_size + GET_GLOBAL_STATE()->shared_ijon_bitmap_size);
 	}

nyx/helpers.h

@@ -3,9 +3,9 @@
 #include "qemu/osdep.h"
 
 uint64_t get_rip(CPUState *cpu);
-void fuzz_bitmap_reset(void);
+void coverage_bitmap_reset(void);
-void fuzz_bitmap_copy_to_buffer(void* buffer);
+void coverage_bitmap_copy_to_buffer(void* buffer);
-void fuzz_bitmap_copy_from_buffer(void* buffer);
+void coverage_bitmap_copy_from_buffer(void* buffer);
 
 int get_capstone_mode(int word_width_in_bits);
 

nyx/hypercall.c

@@ -129,7 +129,7 @@ bool handle_hypercall_kafl_next_payload(struct kvm_run *run, CPUState *cpu, uint
 					fprintf(stderr, "[QEMU-Nyx] coverage mode: compile-time instrumentation\n");
 				}
 
-				fuzz_bitmap_reset();
+				coverage_bitmap_reset();
 				request_fast_vm_reload(GET_GLOBAL_STATE()->reload_state, REQUEST_SAVE_SNAPSHOT_ROOT_FIX_RIP);
 				setup_snapshot_once = true;
 

nyx/pt.c

@@ -223,7 +223,7 @@ void pt_dump(CPUState *cpu, int bytes){
 
 int pt_enable(CPUState *cpu, bool hmp_mode){
 	if(!fast_reload_set_bitmap(get_fast_reload_snapshot())){
-		fuzz_bitmap_reset();
+		coverage_bitmap_reset();
 	}
 	//pt_reset_bitmap();
   pt_trucate_pt_trace_file();