VOID Instruction(INS ins, VOID *v)
{
CheckXlat(ins);
// Some checking of properties
INS_HasProperty(ins, INS_PROP_IPF_LOAD_SPECULATIVE);
INS_HasProperty(ins, INS_PROP_IPF_LOAD_CHECK);
INS_HasProperty(ins, INS_PROP_IPF_LOAD_ADVANCED);
INS_HasProperty(ins, INS_PROP_IPF_LOAD_ORDERED);
INS_HasProperty(ins, INS_PROP_IPF_LOAD_BIASED);
INS_HasProperty(ins, INS_PROP_IPF_ALAT_CLEAR);
INS_HasProperty(ins, INS_PROP_IPF_STOP);
INS_HasProperty(ins, INS_PROP_IPF_DOUBLE_SYLLABLE);
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)CheckFlow,
IARG_INST_PTR,
IARG_BRANCH_TAKEN,
IARG_FALLTHROUGH_ADDR,
IARG_BRANCH_TARGET_ADDR,
IARG_UINT32, INS_Stutters(ins),
IARG_END);
if (INS_IsBranchOrCall(ins))
{
INS_InsertCall(ins, IPOINT_TAKEN_BRANCH, (AFUNPTR)Taken, IARG_END);
}
#if defined(TARGET_IA32) || defined(TARGET_IA32E)
if (INS_IsSysenter(ins))
{ // sysenter on x86 has some funny control flow that we can't correctly verify for now
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)Skip, IARG_END);
}
#endif
}
VOID Instruction(INS ins, VOID *v)
{
if (INS_IsBranchOrCall(ins))
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)docount, IARG_BRANCH_TAKEN, IARG_END);
}
}
VOID Ins(INS ins, VOID *v)
{
static bool before = false, after = false, taken = false;
if (!before)
{
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(beforeCall), IARG_END);
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(beforeCheck), IARG_END);
Priority(IPOINT_BEFORE, ins);
before = true;
}
if (!after && INS_HasFallThrough(ins))
{
INS_InsertCall(ins, IPOINT_AFTER, AFUNPTR(afterCall), IARG_END);
INS_InsertCall(ins, IPOINT_AFTER, AFUNPTR(afterCheck), IARG_END);
Priority(IPOINT_AFTER, ins);
after = true;
}
if (!taken && INS_IsBranchOrCall(ins))
{
INS_InsertCall(ins, IPOINT_TAKEN_BRANCH, AFUNPTR(takenCall), IARG_END);
INS_InsertCall(ins, IPOINT_TAKEN_BRANCH, AFUNPTR(takenCheck), IARG_END);
Priority(IPOINT_TAKEN_BRANCH, ins);
taken = true;
}
}
VOID Instruction(INS ins, VOID * v) {
if(INS_IsMemoryWrite(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(CaptureWriteEa),
IARG_THREAD_ID, IARG_MEMORYWRITE_EA, IARG_END);
if(INS_HasFallThrough(ins)) {
INS_InsertPredicatedCall(ins, IPOINT_AFTER,
AFUNPTR(EmitWrite),
IARG_THREAD_ID,
IARG_MEMORYWRITE_SIZE,
IARG_END);
}
if(INS_IsBranchOrCall(ins)) {
INS_InsertPredicatedCall(ins, IPOINT_TAKEN_BRANCH,
AFUNPTR(EmitWrite),
IARG_THREAD_ID,
IARG_MEMORYWRITE_SIZE,
IARG_END);
}
}
UINT32 memOperands = INS_MemoryOperandCount(ins);
int write_operands = 0;
for(UINT32 memOp = 0; memOp < memOperands; memOp++) {
if(INS_MemoryOperandIsWritten(ins, memOp)) {
write_operands++;
}
}
assert(write_operands <= 1);
}
VOID Instruction(INS ins, VOID *v)
{
// instruments stores using a predicated call, i.e.
// the call happens iff the store will be actually executed
if (INS_IsMemoryWrite(ins))
{
INS_InsertPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordWriteAddrSize,
IARG_MEMORYWRITE_EA,
IARG_MEMORYWRITE_SIZE,
IARG_INST_PTR,
IARG_END);
#if 0
if (INS_HasFallThrough(ins))
{
INS_InsertCall(
ins, IPOINT_AFTER, (AFUNPTR)RecordMemWrite,
IARG_INST_PTR,
IARG_END);
}
if (INS_IsBranchOrCall(ins))
{
INS_InsertCall(
ins, IPOINT_TAKEN_BRANCH, (AFUNPTR)RecordMemWrite,
IARG_INST_PTR,
IARG_END);
}
#endif
}
}
VOID Instruction(INS ins, VOID *v)
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)docount, IARG_END);
if (INS_IsBranchOrCall(ins) || INS_IsRet(ins)){
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)dobranch_Correlation, IARG_BRANCH_TARGET_ADDR , IARG_INST_PTR, IARG_BRANCH_TAKEN, IARG_END);
}
}
static VOID Instruction(INS ins, VOID *v)
{
//disAssemblyMap[INS_Address(ins)] = INS_Disassemble(ins);
if (INS_IsBranchOrCall(ins))
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)AtBranch, IARG_INST_PTR, IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_END);
else
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)AtNonBranch, IARG_INST_PTR, IARG_END);
}
VOID Instruction(INS ins, VOID *v)
{
// instruments loads using a predicated call, i.e.
// the call happens iff the load will be actually executed
if (INS_IsMemoryRead(ins))
{
INS_InsertPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordMem,
IARG_INST_PTR,
IARG_UINT32, 'R',
IARG_MEMORYREAD_EA,
IARG_MEMORYREAD_SIZE,
IARG_UINT32, INS_IsPrefetch(ins),
IARG_END);
}
if (INS_HasMemoryRead2(ins))
{
INS_InsertPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordMem,
IARG_INST_PTR,
IARG_UINT32, 'R',
IARG_MEMORYREAD2_EA,
IARG_MEMORYREAD_SIZE,
IARG_UINT32, INS_IsPrefetch(ins),
IARG_END);
}
// instruments stores using a predicated call, i.e.
// the call happens iff the store will be actually executed
if (INS_IsMemoryWrite(ins))
{
INS_InsertPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordWriteAddrSize,
IARG_MEMORYWRITE_EA,
IARG_MEMORYWRITE_SIZE,
IARG_END);
if (INS_HasFallThrough(ins))
{
INS_InsertCall(
ins, IPOINT_AFTER, (AFUNPTR)RecordMemWrite,
IARG_INST_PTR,
IARG_END);
}
if (INS_IsBranchOrCall(ins))
{
INS_InsertCall(
ins, IPOINT_TAKEN_BRANCH, (AFUNPTR)RecordMemWrite,
IARG_INST_PTR,
IARG_END);
}
}
}
VOID Instruction(INS ins, VOID *v)
{
if (INS_IsBranchOrCall(ins) || !INS_Valid(INS_Next(ins)))
{
INS_InsertCall(
ins, IPOINT_BEFORE, (AFUNPTR)BblRef,
IARG_END);
}
}
VOID Trace(TRACE trace, VOID *v)
{
static BOOL programStart = TRUE;
if (programStart)
{
programStart = FALSE;
next_pc = (void*)INS_Address(BBL_InsHead(TRACE_BblHead(trace)));
}
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
// check BBL entry PC
INS_InsertCall(
BBL_InsHead(bbl), IPOINT_BEFORE, (AFUNPTR)CheckPc,
IARG_INST_PTR,
IARG_END);
INS tail = BBL_InsTail(bbl);
if (INS_IsBranchOrCall(tail))
{
// record taken branch targets
INS_InsertCall(
tail, IPOINT_BEFORE, AFUNPTR(RecordPc),
IARG_INST_PTR,
IARG_BRANCH_TARGET_ADDR,
IARG_BRANCH_TAKEN,
IARG_END);
}
if (INS_HasFallThrough(tail))
{
// record fall-through
INS_InsertCall(
tail, IPOINT_AFTER, (AFUNPTR)RecordPc,
IARG_INST_PTR,
IARG_FALLTHROUGH_ADDR,
IARG_BOOL,
TRUE,
IARG_END);
}
#if defined(TARGET_IA32) || defined(TARGET_IA32E)
if (INS_IsSysenter(tail) ||
INS_HasRealRep(tail))
{ // sysenter on x86 has some funny control flow that we can't correctly verify for now
// Genuinely REP prefixed instructions are also odd, they appear to stutter.
INS_InsertCall(tail, IPOINT_BEFORE, (AFUNPTR)Skip, IARG_END);
}
#endif
}
}
VOID PvxHandleInstruction(INS ins)
{
if(INS_IsMemoryWrite(ins)) {
INS_InsertPredicatedCall(ins, IPOINT_BEFORE, (AFUNPTR) PvxHandleMemoryWrite,
IARG_INST_PTR, IARG_MEMORYWRITE_EA, IARG_MEMORYWRITE_SIZE, IARG_END);
}
if(INS_IsBranchOrCall(ins)) {
INS_InsertPredicatedCall(ins, IPOINT_BEFORE, (AFUNPTR) PvxHandleBranch,
IARG_INST_PTR, IARG_BRANCH_TARGET_ADDR, IARG_END);
}
}
VOID Instruction(INS ins, VOID *v)
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)UseToolStack, IARG_END);
// This is added for regression testing
// (when executed with win_divide_by_zero_exception application)
// multiple instrumentations of branch taken
for(int i = 0; i < 10; i++)
{
if (INS_IsBranchOrCall(ins))
{
INS_InsertPredicatedCall(ins, IPOINT_TAKEN_BRANCH, (AFUNPTR)UseToolStack, IARG_END);
}
}
}
VOID CallTrace(TRACE trace, INS ins)
{
if (!KnobTraceCalls)
return;
// RTN = TRACE_Rtn(trace);
// ADDRINT rtn_addr = RTN_Address(rtn);
if (INS_IsBranchOrCall(ins) && !INS_IsDirectBranchOrCall(ins)) {
// Indirect Call
INS_InsertCall(ins, IPOINT_BEFORE,
AFUNPTR(EmitIndirectCall),
IARG_THREAD_ID,
IARG_INST_PTR,
IARG_BRANCH_TARGET_ADDR,
IARG_REG_VALUE, REG_STACK_PTR,
IARG_END
);
} else if (INS_IsDirectBranchOrCall(ins)) {
// Direct call..
ADDRINT target = INS_DirectBranchOrCallTargetAddress(ins);
INS_InsertCall(ins, IPOINT_BEFORE,
AFUNPTR(EmitDirectCall),
IARG_THREAD_ID,
IARG_INST_PTR,
IARG_ADDRINT, target,
IARG_REG_VALUE, REG_STACK_PTR,
IARG_END
);
} else if (INS_IsRet(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE,
AFUNPTR(EmitReturn),
IARG_THREAD_ID,
IARG_INST_PTR,
IARG_FUNCRET_EXITPOINT_VALUE,
IARG_REG_VALUE, REG_STACK_PTR,
IARG_END
);
}
}
// Instrument individual instructions.
// Specific instrumentation for REP prefixed instructions.
static VOID InstrumentInstruction(INS ins, VOID *)
{
if (INS_IsBranchOrCall(ins))
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ClearPrevRep, IARG_END);
}
// We're only interested in REP prefixed instructions.
if (!INS_HasRealRep(ins))
return;
UINT32 opIdx = opcodeIndex(INS_Opcode(ins));
insertRepExecutionCountInstrumentation(ins, opIdx);
// If requested also add the instrumentation to count memory references.
if (KnobCountMemory)
insertRepMemoryCountInstrumentation (ins, opIdx);
if (KnobAddresses)
insertRepMemoryTraceInstrumentation (ins, opIdx);
}
/*
* Instruction
* Catches Syscall, Return, Store functions and calls appropriate handler
*/
VOID Instruction(INS ins, VOID *v)
{
if (INS_IsSyscall(ins) && INS_HasFallThrough(ins))
{
// Arguments and syscall number is only available before
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(SysBefore),
IARG_INST_PTR, IARG_SYSCALL_NUMBER,
IARG_SYSARG_VALUE, 0, IARG_SYSARG_VALUE, 1,
IARG_SYSARG_VALUE, 2, IARG_SYSARG_VALUE, 3,
IARG_SYSARG_VALUE, 4, IARG_SYSARG_VALUE, 5,
IARG_REG_VALUE, REG_STACK_PTR,
IARG_END);
}
else if (INS_Valid(ins))
{
if(INS_IsRet(ins))
{
INS_InsertCall(ins, IPOINT_TAKEN_BRANCH, AFUNPTR(Return),
IARG_REG_VALUE, REG_STACK_PTR,
IARG_END);
}
else if(INS_IsStackWrite(ins))
{
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(StackWrite),
IARG_MEMORYWRITE_EA,
IARG_MEMORYWRITE_SIZE,
IARG_END);
}
else if(INS_IsMemoryWrite(ins) && !(INS_IsBranchOrCall(ins)))
{
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(MemoryWrite),
IARG_MEMORYWRITE_EA,
IARG_MEMORYWRITE_SIZE,
IARG_END);
}
}
}
// Is called for every instruction and instruments reads and writes
VOID Instruction(TRACE trace, VOID *v)
{
// Instruments memory accesses using a predicated call, i.e.
// the instrumentation is called iff the instruction will actually be executed.
//
// The IA-64 architecture has explicitly predicated instructions.
// On the IA-32 and Intel(R) 64 architectures conditional moves and REP
// prefixed instructions appear as predicated instructions in Pin.
//UINT32 memOperands = INS_MemoryOperandCount(ins);
// Iterate over each memory operand of the instruction.
for(BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl=BBL_Next(bbl)){
for(INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins=INS_Next(ins))
{
// Note that in some architectures a single memory operand can be
// both read and written (for instance incl (%eax) on IA-32)
// In that case we instrument it once for read and once for write.
if (INS_IsMemoryWrite(ins))
{
INS_InsertPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordWriteAddrSize,
IARG_MEMORYWRITE_EA,
IARG_MEMORYWRITE_SIZE,
IARG_END);
if (INS_HasFallThrough(ins))
{
INS_InsertCall(
ins, IPOINT_AFTER, (AFUNPTR)RecordMemWrite,
IARG_INST_PTR,
IARG_END);
//INS_InsertCall(ins, IPOINT_AFTER, (AFUNPTR)PrintValue, IARG_ADDRINT,&mem_value,IARG_END);
/*
INS_InsertFillBuffer(
ins, IPOINT_AFTER, bufId,
IARG_ADDRINT,mem_value,offsetof(struct MEMREF, value),
//IARG_REG_VALUE,INS_OperandReg(ins,1),offsetof(struct MEMREF, value),
IARG_END);
*/
}
if (INS_IsBranchOrCall(ins))
{
INS_InsertCall(
ins, IPOINT_TAKEN_BRANCH, (AFUNPTR)RecordMemWrite,
IARG_INST_PTR,
IARG_END);
}
}
}
}
}
