From 96aac23864a0725656e01f05946ac275774b512d Mon Sep 17 00:00:00 2001 From: Steffen Schulz Date: Wed, 25 Aug 2021 14:21:23 -0700 Subject: [PATCH] move alt_bitmap implementation to redqueen_trace.c alt_bitmap is only relevant in redqueen_trace mode, when libxdc does not produce a bitmap on its own.. --- nyx/pt.c | 42 +----------------------------------------- nyx/pt.h | 7 ------- nyx/redqueen_trace.c | 44 +++++++++++++++++++++++++++++++++++++++++--- nyx/redqueen_trace.h | 4 ++++ 4 files changed, 46 insertions(+), 51 deletions(-) diff --git a/nyx/pt.c b/nyx/pt.c index e1826ae852..d806152dad 100644 --- a/nyx/pt.c +++ b/nyx/pt.c @@ -45,15 +45,10 @@ along with QEMU-PT. If not, see . #include #include "nyx/helpers.h" #include "nyx/trace_dump.h" +#include "nyx/redqueen_trace.h" #define PT_BUFFER_MMAP_ADDR 0x3ffff0000000 -uint32_t state_byte = 0; -uint32_t last = 0; - -uint32_t alt_bitmap_size = 0; -uint8_t* alt_bitmap = NULL; - static void pt_set(CPUState *cpu, run_on_cpu_data arg){ asm volatile("" ::: "memory"); } @@ -88,41 +83,6 @@ static inline int pt_ioctl(int fd, unsigned long request, unsigned long arg){ return ioctl(fd, request, arg); } -void alt_bitmap_init(void* ptr, uint32_t size) -{ - alt_bitmap = (uint8_t*)ptr; - alt_bitmap_size = size; -} - -void alt_bitmap_reset(void) -{ - if(alt_bitmap) { - memset(alt_bitmap, 0x00, alt_bitmap_size); - } -} - -static inline uint64_t mix_bits(uint64_t v) { - v ^= (v >> 31); - v *= 0x7fb5d329728ea185; - return v; -} - -/* - * quick+dirty bitmap based on libxdc trace callback - * similar but not itentical to libxdc bitmap. - */ -void alt_bitmap_add(uint64_t from, uint64_t to) -{ - uint64_t transition_value; - - if (GET_GLOBAL_STATE()->trace_mode) { - if(alt_bitmap) { - transition_value = mix_bits(to)^(mix_bits(from)>>1); - alt_bitmap[transition_value & (alt_bitmap_size-1)]++; - } - } -} - #ifdef DUMP_AND_DEBUG_PT void dump_pt_trace(void* buffer, int bytes){ static FILE* f = NULL; diff --git a/nyx/pt.h b/nyx/pt.h index ca49602272..66c1678e2b 100644 --- a/nyx/pt.h +++ b/nyx/pt.h @@ -24,13 +24,6 @@ along with QEMU-PT. If not, see . void pt_init_decoder(CPUState *cpu); -void pt_reset_bitmap(void); -void pt_setup_bitmap(void* ptr); - -void alt_bitmap_reset(void); -void alt_bitmap_init(void* ptr, uint32_t size); -void alt_bitmap_add(uint64_t from, uint64_t to); - int pt_enable(CPUState *cpu, bool hmp_mode); int pt_disable(CPUState *cpu, bool hmp_mode); int pt_enable_ip_filtering(CPUState *cpu, uint8_t addrn, bool redqueen, bool hmp_mode); diff --git a/nyx/redqueen_trace.c b/nyx/redqueen_trace.c index 3f4d0acd9a..4c9dacbef8 100644 --- a/nyx/redqueen_trace.c +++ b/nyx/redqueen_trace.c @@ -8,15 +8,53 @@ #include "state/state.h" -void alt_bitmap_add(uint64_t from, uint64_t to); - /* write full trace of edge transitions rather than sorted list? */ //#define KAFL_FULL_TRACES int trace_fd = 0; - int redqueen_trace_enabled = false; +uint32_t alt_bitmap_size = 0; +uint8_t* alt_bitmap = NULL; + +void alt_bitmap_init(void* ptr, uint32_t size) +{ + if (redqueen_trace_enabled) { + alt_bitmap = (uint8_t*)ptr; + alt_bitmap_size = size; + } +} + +void alt_bitmap_reset(void) +{ + if (alt_bitmap) { + memset(alt_bitmap, 0x00, alt_bitmap_size); + } +} + +static inline uint64_t mix_bits(uint64_t v) { + v ^= (v >> 31); + v *= 0x7fb5d329728ea185; + return v; +} + +/* + * quick+dirty bitmap based on libxdc trace callback + * similar but not itentical to libxdc bitmap. + */ +static void alt_bitmap_add(uint64_t from, uint64_t to) +{ + uint64_t transition_value; + + if (GET_GLOBAL_STATE()->trace_mode) { + if(alt_bitmap) { + transition_value = mix_bits(to)^(mix_bits(from)>>1); + alt_bitmap[transition_value & (alt_bitmap_size-1)]++; + } + } +} + + static int reset_trace_fd(void) { if (trace_fd) close(trace_fd); diff --git a/nyx/redqueen_trace.h b/nyx/redqueen_trace.h index 979287dc3d..a4fdc17b3e 100644 --- a/nyx/redqueen_trace.h +++ b/nyx/redqueen_trace.h @@ -43,6 +43,10 @@ typedef struct redqueen_trace_s{ uint128_t* ordered_transitions; } redqueen_trace_t; +/* libxdc outputs no bitmap in trace mode */ +void alt_bitmap_reset(void); +void alt_bitmap_init(void* ptr, uint32_t size); + redqueen_trace_t* redqueen_trace_new(void); void redqueen_trace_free(redqueen_trace_t* self); void redqueen_trace_register_transition(redqueen_trace_t* self, disassembler_mode_t mode, uint64_t from, uint64_t to);