static VOID Trace(TRACE trace, VOID *v)
{
RTN rtn = TRACE_Rtn(trace);
ADDRINT version = TRACE_Version(trace);
// If we are not in watch_rtn, switch back to base version
if (!RTN_Valid(rtn) || RTN_Name(rtn) != watch_rtn)
{
if (version != VERSION_BASE)
BBL_SetTargetVersion(TRACE_BblHead(trace), VERSION_BASE);
return;
}
if (TRACE_Address(trace) == RTN_Address(rtn)) {
INS ins = BBL_InsHead(TRACE_BblHead(trace));
if (version == VERSION_BASE)
{
// version_reg is used to select the version, use the first
// argument of watch_rtn to set it
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(select_version),
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_RETURN_REGS, version_reg,
IARG_END);
// IF we are in the base version, decide if we should go to the
// other versions
// Note that the version instrumentation will occur before any
// following instrumentation done on this ins
INS_InsertVersionCase(ins, version_reg, 10, VERSION_1, IARG_END);
INS_InsertVersionCase(ins, version_reg, 20, VERSION_2, IARG_END);
printf ("Instrumentation at %p\n", reinterpret_cast<void *>(INS_Address(ins)));
}
}
INS ins = BBL_InsHead(TRACE_BblHead(trace));
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
// Instrumentation depends on version
// These instrumentations occur after the preceeding version instrumentation
// (i.e. the instrumentation inserted by the above INS_InsertVersionCase calls
switch(version) {
case VERSION_BASE:
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(Emit),
IARG_PTR, "version base", IARG_END);
break;
case VERSION_1:
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(Emit),
IARG_PTR, "version 1", IARG_END);
break;
case VERSION_2:
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(Emit),
IARG_PTR, "version 2", IARG_END);
break;
default:
assert(0);
break;
}
}
}
VOID Trace(TRACE trace, VOID *v)
{
static BOOL programStart = TRUE;
if (programStart)
{
programStart = FALSE;
next_pc = (void*)INS_Address(BBL_InsHead(TRACE_BblHead(trace)));
}
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
// check BBL entry PC
INS_InsertCall(
BBL_InsHead(bbl), IPOINT_BEFORE, (AFUNPTR)CheckPc,
IARG_INST_PTR,
IARG_END);
INS tail = BBL_InsTail(bbl);
if (INS_IsBranchOrCall(tail))
{
// record taken branch targets
INS_InsertCall(
tail, IPOINT_BEFORE, AFUNPTR(RecordPc),
IARG_INST_PTR,
IARG_BRANCH_TARGET_ADDR,
IARG_BRANCH_TAKEN,
IARG_END);
}
if (INS_HasFallThrough(tail))
{
// record fall-through
INS_InsertCall(
tail, IPOINT_AFTER, (AFUNPTR)RecordPc,
IARG_INST_PTR,
IARG_FALLTHROUGH_ADDR,
IARG_BOOL,
TRUE,
IARG_END);
}
#if defined(TARGET_IA32) || defined(TARGET_IA32E)
if (INS_IsSysenter(tail) ||
INS_HasRealRep(tail))
{ // sysenter on x86 has some funny control flow that we can't correctly verify for now
// Genuinely REP prefixed instructions are also odd, they appear to stutter.
INS_InsertCall(tail, IPOINT_BEFORE, (AFUNPTR)Skip, IARG_END);
}
#endif
}
}
VOID Trace (TRACE trace, VOID *v)
{
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
xed_iclass_enum_t iclass1 = static_cast<xed_iclass_enum_t>(INS_Opcode(ins));
if (iclass1 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(ins)))
{
xed_iclass_enum_t iclass2 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(ins)));
if (iclass2 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(INS_Next(ins))))
{
xed_iclass_enum_t iclass3 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(INS_Next(ins))));
if (iclass3 == XED_ICLASS_FLD1)
{
printf ("tool: found fld1 sequence at %p\n", (void *)INS_Address(INS_Next(INS_Next(ins))));
fflush (stdout);
// Insert an analysis call that will cause the xmm scratch registers to be spilled
INS_InsertCall(INS_Next(INS_Next(ins)), IPOINT_AFTER, (AFUNPTR)SetXmmScratchesFun, IARG_END);
return;
}
}
}
}
}
}
VOID Trace (TRACE trace, VOID *v)
{
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
xed_iclass_enum_t iclass1 = static_cast<xed_iclass_enum_t>(INS_Opcode(ins));
if (iclass1 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(ins)))
{
xed_iclass_enum_t iclass2 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(ins)));
if (iclass2 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(INS_Next(ins))))
{
xed_iclass_enum_t iclass3 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(INS_Next(ins))));
if (iclass3 == XED_ICLASS_FLD1)
{
printf ("found fld1 sequence at %x\n", INS_Address(INS_Next(INS_Next(ins))));
{
INS_InsertCall(INS_Next(INS_Next(ins)), IPOINT_AFTER, AFUNPTR(CallToFldzToTop3), IARG_END);
printf ("Inserted call1 to FldzToTop3 after instruction at %x\n", INS_Address(INS_Next(INS_Next(ins))));
}
}
}
}
}
}
}
INT32 RecordRegisters(BBL bbl,
UINT16 * stats,
UINT32 max_stats)
{
UINT32 count = 0;
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
if (count >= max_stats)
{
cerr << "Too many stats in this block" << endl;
exit(1);
}
bool rmem = INS_IsMemoryRead(ins) || INS_HasMemoryRead2(ins);
bool wmem = INS_IsMemoryWrite(ins);
bool rw_mem = rmem & wmem;
if (rw_mem)
stats[count++] = PATTERN_MEM_RW;
else if (rmem)
stats[count++] = PATTERN_MEM_R;
else if (wmem)
stats[count++] = PATTERN_MEM_W;
else if (INS_SegmentRegPrefix(ins) != REG_INVALID())
stats[count++] = PATTERN_NO_MEM_LIES;
else
stats[count++] = PATTERN_NO_MEM;
}
stats[count++] = 0;
return count;
}
VOID PolymorphicCodeHandlerModule::inspectTrace(TRACE trace){
// set the range of address in which the current trace resides
this->trace_head = TRACE_Address(trace);
this->trace_tail = trace_head + TRACE_Size(trace);
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
// for ech instruction we have to check if it has been overwritten by a previous instruction of the current trace (polimiorfic code detection)
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(checkIfWrittenAddress),
IARG_INST_PTR,
IARG_CONTEXT,
IARG_UINT32, INS_Size(ins),
IARG_PTR, this,
IARG_END);
for (UINT32 op = 0; op<INS_MemoryOperandCount(ins); op++) {
if(INS_MemoryOperandIsWritten(ins,op)){
// for each write operation we have to check if the traget address is inside the current trace (attempt to write polimorfic code)
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(polimorficCodeHandler),
IARG_INST_PTR,
IARG_MEMORYOP_EA, op,
IARG_PTR, this,
IARG_END);
}
}
}
}
}
VOID Trace (TRACE trace, VOID *v)
{
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
xed_iclass_enum_t iclass1 = static_cast<xed_iclass_enum_t>(INS_Opcode(ins));
if (iclass1 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(ins)))
{
xed_iclass_enum_t iclass2 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(ins)));
if (iclass2 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(INS_Next(ins))))
{
xed_iclass_enum_t iclass3 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(INS_Next(ins))));
if (iclass3 == XED_ICLASS_FLD1)
{
printf ("found fld1 sequence at %lx\n", (unsigned long)(INS_Address(INS_Next(INS_Next(ins)))));
if (testNum == 0)
{
INS_InsertCall(INS_Next(INS_Next(ins)), IPOINT_AFTER, AFUNPTR(CallToUnMaskZeroDivideInMxcsr), IARG_END);
printf ("Inserted call1 to UnMaskZeroDivideInMxcsr after instruction at %lx\n",
(unsigned long)(INS_Address(INS_Next(INS_Next(ins)))));
testNum++;
}
return;
}
}
}
}
}
}
VOID Trace(TRACE trace, VOID *v)
{
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
INS_InsertCall(BBL_InsHead(bbl), IPOINT_BEFORE, (AFUNPTR)docount, IARG_UINT32, BBL_NumIns(bbl), IARG_END);
}
}
VOID Trace(TRACE trace, VOID *v)
{
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
DBG_PRINT(printf("Inst: Sequence address %p\n",(CHAR*)(INS_Address(BBL_InsHead(bbl)))));
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
DBG_PRINT(printf("Inst: %p\n",(CHAR*)(INS_Address(ins))));
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(docount_ins), IARG_INST_PTR, IARG_END);
}
INT32 icount = BBL_NumIns(bbl);
DBG_PRINT(printf("Inst: -> control flow change (bbl size %d)\n", icount));
INS_InsertCall(BBL_InsTail(bbl), IPOINT_BEFORE, AFUNPTR(docount_bbl_ins), IARG_INST_PTR, IARG_UINT32, icount, IARG_END);
}
}
VOID Trace(TRACE trace, VOID *v)
{
BOOL rewrite = false;
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
// If we see an instruction that needs rewriting, then rewrite all
if (SwizzleRefs.find(INS_Address(ins)) != SwizzleRefs.end())
rewrite = true;
if (rewrite)
{
// If we suspect this instruction needs to be swizzled, generate safe, but slow code
RewriteIns(ins);
}
else
{
// Generate code to check if swizzling is needed, but not do it
CheckIns(ins, TRACE_Address(trace));
}
}
}
}
// Pin calls this function every time a new basic block is encountered
// It inserts a call to docount
VOID Trace(TRACE trace, VOID *v)
{
// Visit every basic block in the trace
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
if (INS_IsMemoryRead(ins))
{
INS_InsertIfCall(ins, IPOINT_BEFORE, (AFUNPTR)ReadAlways, IARG_MEMORYREAD_EA, IARG_END);
INS_InsertThenCall(ins, IPOINT_BEFORE, (AFUNPTR)ReadRare, IARG_MEMORYREAD_EA, IARG_END);
}
}
// Always()->Rare() are partially inlined
BBL_InsertIfCall(bbl, IPOINT_BEFORE, (AFUNPTR)Always, IARG_END);
BBL_InsertThenCall(bbl, IPOINT_BEFORE, (AFUNPTR)Rare, IARG_END);
// Always()->Rare() are partially inlined
BBL_InsertIfCall(bbl, IPOINT_BEFORE, (AFUNPTR)AlwaysNoinline, IARG_END);
BBL_InsertThenCall(bbl, IPOINT_BEFORE, (AFUNPTR)RareNoinline, IARG_END);
// Noinline() is not inlined
BBL_InsertCall(bbl, IPOINT_BEFORE, (AFUNPTR)Noinline, IARG_END);
}
}
// Pin calls this function every time a new instruction is encountered
void Trace(TRACE trace , void *v)
{
for(BBL bbl= TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)){
for( INS ins = BBL_InsHead(bbl); INS_Valid(ins) ; ins =INS_Next(ins)){
oepf.IsCurrentInOEP(ins);
}
}
}
/*
* trace inspection (instrumentation function)
*
* traverse the basic blocks (BBLs) on the trace and
* inspect every instruction for instrumenting it
* accordingly
*
* @trace: instructions trace; given by PIN
* @v: callback value
*/
static void
trace_inspect(TRACE trace, VOID *v)
{
/* iterators */
BBL bbl;
INS ins;
xed_iclass_enum_t ins_indx;
//printf("dealing trace!\n");
/* traverse all the BBLs in the trace */
for (bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) {
/* traverse all the instructions in the BBL */
ins = BBL_InsHead(bbl);
for (ins = BBL_InsHead(bbl);
INS_Valid(ins);
ins = INS_Next(ins)) {
/*
* use XED to decode the instruction and
* extract its opcode
*/
ins_indx = (xed_iclass_enum_t)INS_Opcode(ins);
/*
* invoke the pre-ins instrumentation callback
*/
if (ins_desc[ins_indx].pre != NULL)
ins_desc[ins_indx].pre(ins);
/*
* analyze the instruction (default handler)
*/
if (ins_desc[ins_indx].dflact == INSDFL_ENABLE){
ins_inspect(ins);
//printf("dealing ins_inspect!\n");
}
/*
* invoke the post-ins instrumentation callback
*/
if (ins_desc[ins_indx].post != NULL)
ins_desc[ins_indx].post(ins);
}
}
}
VOID Trace(TRACE trace, VOID *v)
{
const INS beginIns = BBL_InsHead(TRACE_BblHead(trace));
const INS endIns = BBL_InsTail(TRACE_BblTail(trace));
const ADDRINT beginAddr = INS_Address(beginIns);
const ADDRINT endAddr = INS_Address(endIns) + INS_Size(endIns) - 1;
sandbox.CheckAddressRange(reinterpret_cast<const char *>(beginAddr), reinterpret_cast<const char *>(endAddr));
}
bool BBLContainMemOp(BBL bbl) {
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins)) {
if (INS_IsStackRead(ins) || INS_IsStackWrite(ins))
continue;
if (INS_IsMemoryRead(ins) || INS_IsMemoryWrite(ins))
return true;
}
return false;
}
static void instrument_trace(TRACE trace, VOID *v)
{
sse_aligner_t* pthis = static_cast<sse_aligner_t*>(v);
bool is_read = false;
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
if (check_for_sse_memop(ins, is_read, pthis))
rewrite_instruction(ins, is_read, pthis);
}
VOID TraceInserted(TRACE trace, VOID *)
{
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
cacheInstructions++;
}
}
}
VOID Trace(TRACE trace, VOID *v)
{
// Instrument only at the head of the trace
BBL bbl = TRACE_BblHead(trace);
if (BBL_Valid(bbl))
{
INS_InsertCall(BBL_InsHead(bbl), IPOINT_BEFORE, (AFUNPTR)docount, IARG_UINT32, 1, IARG_END);
}
for (bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
ASSERTX(INS_Size(ins) != 0);
}
}
}
VOID Trace(TRACE trace, VOID *v)
{
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
RewriteIns(ins);
}
}
}
INT32 RecordRegisters(BBL bbl, UINT16 * stats)
{
INT32 count = 0;
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
const UINT32 max_r = INS_MaxNumRRegs(ins);
for( UINT32 i=0; i < max_r; i++ )
{
const REG reg = INS_RegR(ins, i );
if( REG_is_gr(reg) )
{
stats[count++] = REG_GetStatsIndex(reg,FALSE);
}
#if 0
// This is for arm
else if( REG_is_aggregate(reg) )
{
REGSET regset = INS_RegAggregateR(ins);
for( REG reg = REGSET_PopNext(regset); REG_valid(reg); reg = REGSET_PopNext(regset) )
{
stats[count++] = REG_GetStatsIndex(reg,FALSE);
}
}
#endif
}
const UINT32 max_w = INS_MaxNumWRegs(ins);
for( UINT32 i=0; i < max_w; i++ )
{
const REG reg = INS_RegW(ins, i );
if( REG_is_gr(reg) )
{
stats[count++] = REG_GetStatsIndex(reg,TRUE);
}
#if 0
else if( REG_is_aggregate(reg) )
{
REGSET regset = INS_RegAggregateW(ins);
for( REG reg = REGSET_PopNext(regset); REG_valid(reg); reg = REGSET_PopNext(regset) )
{
stats[count++] = REG_GetStatsIndex(reg,TRUE);
}
}
#endif
}
}
stats[count++] = 0;
return count;
}
VOID DumpTrace(CHAR * message, TRACE trace)
{
fprintf(stderr,"\n%s:\n",message);
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
fprintf(stderr,"%p %s\n",(void*)INS_Address(ins),INS_Disassemble(ins).c_str());
}
}
}
VOID
Trace(TRACE trace, VOID *v)
{
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) {
BasicBlockTrace(trace, bbl);
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins)) {
CallTrace(trace, ins);
MemoryTrace(trace, ins);
}
}
}
/*
* trace inspection (instrumentation function)
*
* traverse the basic blocks (BBLs) on the trace and
* inspect every instruction for instrumenting it
* accordingly
*
* @trace: instructions trace; given by PIN
* @v: callback value
*/
static void
trace_inspect(TRACE trace, VOID *v)
{
/* iterators */
BBL bbl;
INS ins;
xed_iclass_enum_t ins_indx;
/* versioning support */
ADDRINT version, version_mask = (ADDRINT)v;
if (version_mask) {
/*
* ignore code cache versions that we
* are not supposed to instrument
*/
version = TRACE_Version(trace);
if ((version & version_mask) == 0)
return;
}
/* traverse all the BBLs in the trace */
for (bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) {
/* traverse all the instructions in the BBL */
for (ins = BBL_InsHead(bbl);
INS_Valid(ins);
ins = INS_Next(ins)) {
/*
* use XED to decode the instruction and
* extract its opcode
*/
ins_indx = (xed_iclass_enum_t)INS_Opcode(ins);
/*
* invoke the pre-ins instrumentation callback
*/
if (ins_desc[ins_indx].pre != NULL)
ins_desc[ins_indx].pre(ins);
/*
* analyze the instruction (default handler)
*/
if (ins_desc[ins_indx].dflact == INSDFL_ENABLE)
ins_inspect(ins);
/*
* invoke the post-ins instrumentation callback
*/
if (ins_desc[ins_indx].post != NULL)
ins_desc[ins_indx].post(ins);
}
}
}
VOID Trace(TRACE trace, VOID *v)
{
if ( KnobNoSharedLibs.Value()
&& IMG_Type(SEC_Img(RTN_Sec(TRACE_Rtn(trace)))) == IMG_TYPE_SHAREDLIB)
return;
const BOOL accurate_handling_of_predicates = KnobProfilePredicated.Value();
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
// Summarize the stats for the bbl in a 0 terminated list
// This is done at instrumentation time
UINT16 * stats = new UINT16[BBL_NumIns(bbl) + 1];
INT32 index = 0;
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
// Count the number of times a predicated instruction is actually executed
// this is expensive and hence disabled by default
if( INS_IsPredicated(ins) && accurate_handling_of_predicates )
{
INS_InsertPredicatedCall(ins,
IPOINT_BEFORE,
AFUNPTR(docount),
IARG_PTR, &(GlobalStatsDynamic.predicated_true[INS_Category(ins)]),
IARG_END);
}
stats[index++] = INS_GetStatsIndex(ins);
}
stats[index] = 0;
// Insert instrumentation to count the number of times the bbl is executed
BBLSTATS * bblstats = new BBLSTATS(stats);
INS_InsertCall(BBL_InsHead(bbl), IPOINT_BEFORE, AFUNPTR(docount), IARG_PTR, &(bblstats->_counter), IARG_END);
// Remember the counter and stats so we can compute a summary at the end
statsList.push_back(bblstats);
}
}
// Pin calls this function every time a new instruction is encountered
void Trace(TRACE trace , void *v)
{
for(BBL bbl= TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)){
fprintf(file, "----BEGIN BBL---\n");
for( INS ins = BBL_InsHead(bbl); INS_Valid(ins) ; ins =INS_Next(ins)){
fprintf(file , "%s\n" , INS_Disassemble(ins).c_str());
}
fprintf(file, "----END BBL---\n");
}
}
VOID Trace(TRACE trace, VOID *v)
{
if (rand() % 100 > 80) {
UINT32 inscount = 0;
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) {
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins)) {
inscount++;
}
}
TEST(inscount == 1, "CODECACHE_ChangeMaxInsPerTrace failed");
//cout << "trace in 0x" << TRACE_CodeCacheAddress(trace) << " has " << inscount << " INS. ";
}
}
//--------------------------------------------------------------------------
static VOID trace_cb(TRACE trace, VOID *v)
{
// Visit every basic block in the trace
for ( BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl) )
{
for( INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins=INS_Next(ins) )
{
ADDRINT ea = INS_Address(ins);
if ( !valid_ea(ea) )
continue;
if ( was_writen(ea) )
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)check_unpacked_cb,
IARG_INST_PTR,
IARG_CONST_CONTEXT,
IARG_THREAD_ID,
IARG_END);
}
// Instruments memory accesses using a predicated call, i.e.
// the instrumentation is called iff the instruction will actually be executed.
//
// The IA-64 architecture has explicitly predicated instructions.
// On the IA-32 and Intel(R) 64 architectures conditional moves and REP
// prefixed instructions appear as predicated instructions in Pin.
UINT32 mem_operands = INS_MemoryOperandCount(ins);
// Iterate over each memory operand of the instruction.
for ( UINT32 mem_op = 0; mem_op < mem_operands; mem_op++ )
{
// Note that in some architectures a single memory operand can be
// both read and written (for instance incl (%eax) on IA-32)
// In that case we instrument it once for read and once for write.
if ( INS_MemoryOperandIsWritten(ins, mem_op) )
{
INS_InsertIfPredicatedCall(ins, IPOINT_BEFORE, (AFUNPTR)valid_ea,
IARG_MEMORYOP_EA,
mem_op,
IARG_END);
INS_InsertThenPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)record_mem_write_cb,
IARG_INST_PTR,
IARG_MEMORYOP_EA, mem_op,
IARG_END);
}
}
}
}
}
// Inspect the sequence, but do not instrument
VOID Trace(TRACE trace, VOID *v)
{
fprintf(out, "Trace address %p\n",(CHAR*)(TRACE_Address(trace)));
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
fprintf(out, " %p\n",(CHAR*)(INS_Address(ins)));
}
}
fprintf(out, "\n");
}
VOID Trace(TRACE trace, VOID *v)
{
// Only instrument the main executable, we're not interested in anything in dynamic libraries.
if (!traceFromExecutable(trace))
return;
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
Instrument(ins);
}
}
}
static VOID BasicBlockTrace(TRACE trace, BBL bbl)
{
if (!KnobTraceBasicBlocks)
return;
INS ins = BBL_InsHead(bbl);
INS_InsertCall(ins, IPOINT_BEFORE,
AFUNPTR(EmitBasicBlock),
IARG_THREAD_ID,
IARG_INST_PTR,
IARG_END
);
}
