diff --git a/nyx/pt.c b/nyx/pt.c
index e1826ae852..d806152dad 100644
--- a/nyx/pt.c
+++ b/nyx/pt.c
@@ -45,15 +45,10 @@ along with QEMU-PT. If not, see .
#include
#include "nyx/helpers.h"
#include "nyx/trace_dump.h"
+#include "nyx/redqueen_trace.h"
#define PT_BUFFER_MMAP_ADDR 0x3ffff0000000
-uint32_t state_byte = 0;
-uint32_t last = 0;
-
-uint32_t alt_bitmap_size = 0;
-uint8_t* alt_bitmap = NULL;
-
static void pt_set(CPUState *cpu, run_on_cpu_data arg){
asm volatile("" ::: "memory");
}
@@ -88,41 +83,6 @@ static inline int pt_ioctl(int fd, unsigned long request, unsigned long arg){
return ioctl(fd, request, arg);
}
-void alt_bitmap_init(void* ptr, uint32_t size)
-{
- alt_bitmap = (uint8_t*)ptr;
- alt_bitmap_size = size;
-}
-
-void alt_bitmap_reset(void)
-{
- if(alt_bitmap) {
- memset(alt_bitmap, 0x00, alt_bitmap_size);
- }
-}
-
-static inline uint64_t mix_bits(uint64_t v) {
- v ^= (v >> 31);
- v *= 0x7fb5d329728ea185;
- return v;
-}
-
-/*
- * quick+dirty bitmap based on libxdc trace callback
- * similar but not itentical to libxdc bitmap.
- */
-void alt_bitmap_add(uint64_t from, uint64_t to)
-{
- uint64_t transition_value;
-
- if (GET_GLOBAL_STATE()->trace_mode) {
- if(alt_bitmap) {
- transition_value = mix_bits(to)^(mix_bits(from)>>1);
- alt_bitmap[transition_value & (alt_bitmap_size-1)]++;
- }
- }
-}
-
#ifdef DUMP_AND_DEBUG_PT
void dump_pt_trace(void* buffer, int bytes){
static FILE* f = NULL;
diff --git a/nyx/pt.h b/nyx/pt.h
index ca49602272..66c1678e2b 100644
--- a/nyx/pt.h
+++ b/nyx/pt.h
@@ -24,13 +24,6 @@ along with QEMU-PT. If not, see .
void pt_init_decoder(CPUState *cpu);
-void pt_reset_bitmap(void);
-void pt_setup_bitmap(void* ptr);
-
-void alt_bitmap_reset(void);
-void alt_bitmap_init(void* ptr, uint32_t size);
-void alt_bitmap_add(uint64_t from, uint64_t to);
-
int pt_enable(CPUState *cpu, bool hmp_mode);
int pt_disable(CPUState *cpu, bool hmp_mode);
int pt_enable_ip_filtering(CPUState *cpu, uint8_t addrn, bool redqueen, bool hmp_mode);
diff --git a/nyx/redqueen_trace.c b/nyx/redqueen_trace.c
index 3f4d0acd9a..4c9dacbef8 100644
--- a/nyx/redqueen_trace.c
+++ b/nyx/redqueen_trace.c
@@ -8,15 +8,53 @@
#include "state/state.h"
-void alt_bitmap_add(uint64_t from, uint64_t to);
-
/* write full trace of edge transitions rather than sorted list? */
//#define KAFL_FULL_TRACES
int trace_fd = 0;
-
int redqueen_trace_enabled = false;
+uint32_t alt_bitmap_size = 0;
+uint8_t* alt_bitmap = NULL;
+
+void alt_bitmap_init(void* ptr, uint32_t size)
+{
+ if (redqueen_trace_enabled) {
+ alt_bitmap = (uint8_t*)ptr;
+ alt_bitmap_size = size;
+ }
+}
+
+void alt_bitmap_reset(void)
+{
+ if (alt_bitmap) {
+ memset(alt_bitmap, 0x00, alt_bitmap_size);
+ }
+}
+
+static inline uint64_t mix_bits(uint64_t v) {
+ v ^= (v >> 31);
+ v *= 0x7fb5d329728ea185;
+ return v;
+}
+
+/*
+ * quick+dirty bitmap based on libxdc trace callback
+ * similar but not itentical to libxdc bitmap.
+ */
+static void alt_bitmap_add(uint64_t from, uint64_t to)
+{
+ uint64_t transition_value;
+
+ if (GET_GLOBAL_STATE()->trace_mode) {
+ if(alt_bitmap) {
+ transition_value = mix_bits(to)^(mix_bits(from)>>1);
+ alt_bitmap[transition_value & (alt_bitmap_size-1)]++;
+ }
+ }
+}
+
+
static int reset_trace_fd(void) {
if (trace_fd)
close(trace_fd);
diff --git a/nyx/redqueen_trace.h b/nyx/redqueen_trace.h
index 979287dc3d..a4fdc17b3e 100644
--- a/nyx/redqueen_trace.h
+++ b/nyx/redqueen_trace.h
@@ -43,6 +43,10 @@ typedef struct redqueen_trace_s{
uint128_t* ordered_transitions;
} redqueen_trace_t;
+/* libxdc outputs no bitmap in trace mode */
+void alt_bitmap_reset(void);
+void alt_bitmap_init(void* ptr, uint32_t size);
+
redqueen_trace_t* redqueen_trace_new(void);
void redqueen_trace_free(redqueen_trace_t* self);
void redqueen_trace_register_transition(redqueen_trace_t* self, disassembler_mode_t mode, uint64_t from, uint64_t to);