gatetrace bugfix

2025-02-14 05:24:09 +03:00 · 2014-08-20 00:25:13 -07:00 · 2014-08-20 00:25:13 -07:00 · df312a4cd7
commit df312a4cd7
parent a65ce5d998
3 changed files with 25 additions and 18 deletions
--- a/middleware/qira_analysis.py
+++ b/middleware/qira_analysis.py
@ -283,7 +283,7 @@ def get_instruction_flow(trace, program, minclnum, maxclnum):
      start = time.time()
  return ret

-def get_hacked_depth_map(flow):
+def get_hacked_depth_map(flow, program):
  start = time.time()
  return_stack = []
  ret = [0]
@ -292,8 +292,10 @@ def get_hacked_depth_map(flow):
      return_stack = return_stack[0:return_stack.index(address)]
    # ugh, so gross
    ret.append(len(return_stack))
-    if ins[0:5] == "call " or ins[0:6] == "callq " or ins[0:3] == "bl\t" or ins[0:4] == "blx\t":
-      return_stack.append(address+length)
+    for test in program.tregs[4]:
+      if ins[0:len(test)] == test:
+        return_stack.append(address+length)
+        break
    if (time.time() - start) > 0.01:
      time.sleep(0.01)
      start = time.time()
--- a/middleware/qira_program.py
+++ b/middleware/qira_program.py
@ -18,12 +18,12 @@ except:
 import struct
 import qiradb

-# (regname, regsize, is_big_endian, arch_name)
-PPCREGS = ([], 4, True, "ppc")
+# (regname, regsize, is_big_endian, arch_name, branches)
+PPCREGS = ([], 4, True, "ppc", [])
 for i in range(32):
  PPCREGS[0].append("r"+str(i))

-AARCH64REGS = ([], 8, False, "aarch64")
+AARCH64REGS = ([], 8, False, "aarch64", ["bl ", "blx "])
 for i in range(8):
  AARCH64REGS[0].append(None)
 for i in range(32):
@ -32,9 +32,9 @@ for i in range(32):
 AARCH64REGS[0][8+31] = "sp"
 AARCH64REGS[0].append("pc")

-ARMREGS = (['R0','R1','R2','R3','R4','R5','R6','R7','R8','R9','R10','R11','R12','SP','LR','PC'], 4, False, "arm")
-X86REGS = (['EAX', 'ECX', 'EDX', 'EBX', 'ESP', 'EBP', 'ESI', 'EDI', 'EIP'], 4, False, "i386")
-X64REGS = (['RAX', 'RCX', 'RDX', 'RBX', 'RSP', 'RBP', 'RSI', 'RDI', "R8", "R9", "R10", "R11", "R12", "R13", "R14", "R15", 'RIP'], 8, False, "x86-64")
+ARMREGS = (['R0','R1','R2','R3','R4','R5','R6','R7','R8','R9','R10','R11','R12','SP','LR','PC'], 4, False, "arm", ["bl\t", "blx\t"])
+X86REGS = (['EAX', 'ECX', 'EDX', 'EBX', 'ESP', 'EBP', 'ESI', 'EDI', 'EIP'], 4, False, "i386", ["call "])
+X64REGS = (['RAX', 'RCX', 'RDX', 'RBX', 'RSP', 'RBP', 'RSI', 'RDI', "R8", "R9", "R10", "R11", "R12", "R13", "R14", "R15", 'RIP'], 8, False, "x86-64", ["callq "])

 def get_cachename(cachedir, cachename):
  try:
@ -209,6 +209,8 @@ class Program:
      #print repr(d)
      if self.fb == 0x28:   # ARM
        inst = d[d.rfind("  ")+2:]
+      elif self.fb == 0xb7:   # aarch64
+        inst = d[d.rfind("     ")+5:]
      else:
        inst = d[d.find(":")+3:]
      self.instructions[addr] = inst
@ -418,7 +420,7 @@ class Trace:
        minclnum = self.db.get_minclnum()
        maxclnum = self.db.get_maxclnum()
        self.flow = qira_analysis.get_instruction_flow(self, self.program, minclnum, maxclnum)
-        self.dmap = qira_analysis.get_hacked_depth_map(self.flow)
+        self.dmap = qira_analysis.get_hacked_depth_map(self.flow, self.program)
        self.maxd = max(self.dmap)
        self.picture = qira_analysis.get_vtimeline_picture(self, minclnum, maxclnum)
        self.minclnum = minclnum
--- a/qemu_mods/tci.c
+++ b/qemu_mods/tci.c
@ -830,18 +830,21 @@ void run_QIRA_log(CPUArchState *env, int this_id, int to_change) {
  printf("+++ REPLAY %d DONE to %d with entry count %d\n", this_id, to_change, count);
 }

-bool is_filtered_address(target_ulong pc);
-bool is_filtered_address(target_ulong pc) {
+bool is_filtered_address(target_ulong pc, bool ignore_gatetrace);
+bool is_filtered_address(target_ulong pc, bool ignore_gatetrace) {
  // to remove the warning
  uint64_t bpc = (uint64_t)pc;
+
+  // do this check before the tracelibraries one
+  if (unlikely(GLOBAL_gatetrace) && !ignore_gatetrace) {
+    if (GLOBAL_gatetrace == bpc) GLOBAL_gatetrace = 0;
+    else return true;
+  }
+
  // TODO(geohot): FIX THIS!, filter anything that isn't the user binary and not dynamic
  if (unlikely(GLOBAL_tracelibraries)) {
    return false;
  } else {
-    if (unlikely(GLOBAL_gatetrace)) {
-      if (GLOBAL_gatetrace == pc) GLOBAL_gatetrace = 0;
-      else return true;
-    }
    return ((bpc > 0x80000000 && bpc < 0xf6800000) || bpc >= 0x100000000);
  }
 }
@ -850,7 +853,7 @@ void real_target_disas(FILE *out, CPUArchState *env, target_ulong code, target_u
 void target_disas(FILE *out, CPUArchState *env, target_ulong code, target_ulong size, int flags) {
  OPEN_GLOBAL_ASM_FILE

-  if (is_filtered_address(code)) return;
+  if (is_filtered_address(code, true)) return;

  flock(fileno(GLOBAL_asm_file), LOCK_EX);
  real_target_disas(GLOBAL_asm_file, env, code, size, flags);
@ -977,7 +980,7 @@ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
      GLOBAL_last_was_syscall = 0;
    }

-    if (is_filtered_address(tb->pc)) {
+    if (is_filtered_address(tb->pc, false)) {
      GLOBAL_logstate->is_filtered = 1;
    } else {
      if (GLOBAL_logstate->is_filtered == 1) {