qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

drcov.c (4094B)

      1 /*
      2  * Copyright (C) 2021, Ivanov Arkady <arkadiy.ivanov@ispras.ru>
      3  *
      4  * Drcov - a DynamoRIO-based tool that collects coverage information
      5  * from a binary. Primary goal this script is to have coverage log
      6  * files that work in Lighthouse.
      7  *
      8  * License: GNU GPL, version 2 or later.
      9  *   See the COPYING file in the top-level directory.
     10  */
     11 
     12 #include <inttypes.h>
     13 #include <assert.h>
     14 #include <stdlib.h>
     15 #include <inttypes.h>
     16 #include <string.h>
     17 #include <unistd.h>
     18 #include <stdio.h>
     19 #include <glib.h>
     20 
     21 #include <qemu-plugin.h>
     22 
     23 QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
     24 
     25 static char header[] = "DRCOV VERSION: 2\n"
     26                 "DRCOV FLAVOR: drcov-64\n"
     27                 "Module Table: version 2, count 1\n"
     28                 "Columns: id, base, end, entry, path\n";
     29 
     30 static FILE *fp;
     31 static const char *file_name = "file.drcov.trace";
     32 static GMutex lock;
     33 
     34 typedef struct {
     35     uint32_t start;
     36     uint16_t size;
     37     uint16_t mod_id;
     38     bool     exec;
     39 } bb_entry_t;
     40 
     41 /* Translated blocks */
     42 static GPtrArray *blocks;
     43 
     44 static void printf_header(unsigned long count)
     45 {
     46     fprintf(fp, "%s", header);
     47     const char *path = qemu_plugin_path_to_binary();
     48     uint64_t start_code = qemu_plugin_start_code();
     49     uint64_t end_code = qemu_plugin_end_code();
     50     uint64_t entry = qemu_plugin_entry_code();
     51     fprintf(fp, "0, 0x%lx, 0x%lx, 0x%lx, %s\n",
     52             start_code, end_code, entry, path);
     53     fprintf(fp, "BB Table: %ld bbs\n", count);
     54 }
     55 
     56 static void printf_char_array32(uint32_t data)
     57 {
     58     const uint8_t *bytes = (const uint8_t *)(&data);
     59     fwrite(bytes, sizeof(char), sizeof(data), fp);
     60 }
     61 
     62 static void printf_char_array16(uint16_t data)
     63 {
     64     const uint8_t *bytes = (const uint8_t *)(&data);
     65     fwrite(bytes, sizeof(char), sizeof(data), fp);
     66 }
     67 
     68 
     69 static void printf_el(gpointer data, gpointer user_data)
     70 {
     71     bb_entry_t *bb = (bb_entry_t *)data;
     72     if (bb->exec) {
     73         printf_char_array32(bb->start);
     74         printf_char_array16(bb->size);
     75         printf_char_array16(bb->mod_id);
     76     }
     77     g_free(bb);
     78 }
     79 
     80 static void count_block(gpointer data, gpointer user_data)
     81 {
     82     unsigned long *count = (unsigned long *) user_data;
     83     bb_entry_t *bb = (bb_entry_t *)data;
     84     if (bb->exec) {
     85         *count = *count + 1;
     86     }
     87 }
     88 
     89 static void plugin_exit(qemu_plugin_id_t id, void *p)
     90 {
     91     unsigned long count = 0;
     92     g_mutex_lock(&lock);
     93     g_ptr_array_foreach(blocks, count_block, &count);
     94 
     95     /* Print function */
     96     printf_header(count);
     97     g_ptr_array_foreach(blocks, printf_el, NULL);
     98 
     99     /* Clear */
    100     g_ptr_array_free(blocks, true);
    101 
    102     fclose(fp);
    103 
    104     g_mutex_unlock(&lock);
    105 }
    106 
    107 static void plugin_init(void)
    108 {
    109     fp = fopen(file_name, "wb");
    110     blocks = g_ptr_array_sized_new(128);
    111 }
    112 
    113 static void vcpu_tb_exec(unsigned int cpu_index, void *udata)
    114 {
    115     bb_entry_t *bb = (bb_entry_t *) udata;
    116 
    117     g_mutex_lock(&lock);
    118     bb->exec = true;
    119     g_mutex_unlock(&lock);
    120 }
    121 
    122 static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb)
    123 {
    124     uint64_t pc = qemu_plugin_tb_vaddr(tb);
    125     size_t n = qemu_plugin_tb_n_insns(tb);
    126 
    127     g_mutex_lock(&lock);
    128 
    129     bb_entry_t *bb = g_new0(bb_entry_t, 1);
    130     for (int i = 0; i < n; i++) {
    131         bb->size += qemu_plugin_insn_size(qemu_plugin_tb_get_insn(tb, i));
    132     }
    133 
    134     bb->start = pc;
    135     bb->mod_id = 0;
    136     bb->exec = false;
    137     g_ptr_array_add(blocks, bb);
    138 
    139     g_mutex_unlock(&lock);
    140     qemu_plugin_register_vcpu_tb_exec_cb(tb, vcpu_tb_exec,
    141                                          QEMU_PLUGIN_CB_NO_REGS,
    142                                          (void *)bb);
    143 
    144 }
    145 
    146 QEMU_PLUGIN_EXPORT
    147 int qemu_plugin_install(qemu_plugin_id_t id, const qemu_info_t *info,
    148                         int argc, char **argv)
    149 {
    150     for (int i = 0; i < argc; i++) {
    151         g_autofree char **tokens = g_strsplit(argv[i], "=", 2);
    152         if (g_strcmp0(tokens[0], "filename") == 0) {
    153             file_name = g_strdup(tokens[1]);
    154         }
    155     }
    156 
    157     plugin_init();
    158 
    159     qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans);
    160     qemu_plugin_register_atexit_cb(id, plugin_exit, NULL);
    161 
    162     return 0;
    163 }