void prepareTestCase6(procType proc_type, BPatch_thread *thread, forkWhen when)
{
const int TN = 6;
if(proc_type == Parent_p && when == PostFork) {
BPatch_image *parImage = thread->getImage();
BPatch_variableExpr *var7_6p =
parImage->findVariable("globalVariable7_6");
if(doError(TN, (var7_6p==NULL),
" Unable to locate variable globalVariable7_6\n")) return;
BPatch_arithExpr a_expr7_6p(BPatch_plus, *var7_6p, BPatch_constExpr(5));
BPatch_arithExpr b_expr7_6p(BPatch_assign, *var7_6p, a_expr7_6p);
thread->oneTimeCode(b_expr7_6p);
} else if(proc_type == Child_p && when == PostFork) {
BPatch_image *childImage = thread->getImage();
BPatch_variableExpr *var7_6c =
childImage->findVariable("globalVariable7_6");
if(doError(TN, (var7_6c==NULL),
" Unable to locate variable globalVariable7_6\n")) return;
BPatch_arithExpr a_expr7_6c(BPatch_plus, *var7_6c, BPatch_constExpr(9));
BPatch_arithExpr b_expr7_6c(BPatch_assign, *var7_6c, a_expr7_6c);
thread->oneTimeCode(b_expr7_6c);
}
}
test_results_t test1_8_Mutator::executeTest()
{
// Find the entry point to the procedure "test1_8_func1"
const char *funcName = "test1_8_func1";
BPatch_Vector<BPatch_function *> found_funcs;
if ((NULL == appImage->findFunction(funcName, found_funcs))
|| !found_funcs.size())
{
logerror(" Unable to find function %s\n", funcName);
return FAILED;
}
if (1 < found_funcs.size())
{
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), funcName);
}
BPatch_Vector<BPatch_point *> *point8_1 = found_funcs[0]->findPoint(BPatch_entry);
if (!point8_1 || ((*point8_1).size() == 0))
{
logerror("Unable to find entry point to \"%s\".\n", funcName);
return FAILED;
}
BPatch_Vector<BPatch_snippet*> vect8_1;
const char *globalVar = "test1_8_globalVariable1";
BPatch_variableExpr *expr8_1 = findVariable(appImage, globalVar,
point8_1);
if (!expr8_1)
{
logerror("**Failed** test #3 (passing variables)\n");
logerror(" Unable to locate variable %s\n", globalVar);
return FAILED;
}
BPatch_arithExpr arith8_1 (BPatch_assign, *expr8_1,
BPatch_arithExpr(BPatch_plus,
BPatch_arithExpr(BPatch_plus,
BPatch_arithExpr(BPatch_plus, BPatch_constExpr(81),
BPatch_constExpr(82)),
BPatch_arithExpr(BPatch_plus, BPatch_constExpr(83),
BPatch_constExpr(84))),
BPatch_arithExpr(BPatch_plus,
BPatch_arithExpr(BPatch_plus, BPatch_constExpr(85),
BPatch_constExpr(86)),
BPatch_arithExpr(BPatch_plus, BPatch_constExpr(87),
BPatch_constExpr(88)))));
vect8_1.push_back(&arith8_1);
checkCost(BPatch_sequence(vect8_1));
if(!appAddrSpace->insertSnippet( BPatch_sequence(vect8_1), *point8_1))
return FAILED;
return PASSED;
}
BPatch_snippet * snip_ref_shlib_var_Mutator::doVarArrayAssign(
const char *to, const char *from, unsigned idx)
{
BPatch_variableExpr *to_v = appImage->findVariable(to);
if (!to_v)
{
logerror("%s[%d]: failed to find var %s\n", FILE__, __LINE__, to);
return NULL;
}
BPatch_variableExpr *from_v = appImage->findVariable(from);
if (!from_v)
{
logerror("%s[%d]: failed to find var %s\n", FILE__, __LINE__, from);
return NULL;
}
BPatch_snippet *ret;
ret = new BPatch_arithExpr(BPatch_assign,
BPatch_arithExpr(BPatch_ref, *to_v, BPatch_constExpr(idx)), *from_v);
assert(ret);
return ret;
}
void prepareTestCase9(procType proc_type, BPatch_thread *thread, forkWhen when)
{
const int TN = 9;
if(proc_type == Parent_p && when == PreFork) {
BPatch_image *parImage = thread->getImage();
var7_9p = thread->malloc(*(parImage->findType("int")));
if(doError(TN, (var7_9p==NULL),
" Unable to malloc variable in parent\n")) return;
BPatch_arithExpr a_expr7_9p(BPatch_assign, *var7_9p,
BPatch_constExpr(10));
thread->oneTimeCode(a_expr7_9p);
} else if(proc_type == Parent_p && when == PostFork) {
// can't delete var7_9p here, since then the getInheritedVariable
// would be operating on a freed variable
} else if(proc_type == Child_p && when == PostFork) {
var7_9c = thread->getInheritedVariable(*var7_9p);
parentThread->free(*var7_9p);
BPatch_image *childImage = thread->getImage();
BPatch_Vector<BPatch_function *> found_funcs;
const char *inFunction = "func7_9";
if ((NULL == childImage->findFunction(inFunction, found_funcs, 1)) || !found_funcs.size()) {
fprintf(stderr, " Unable to find function %s\n",
inFunction);
exit(1);
}
if (1 < found_funcs.size()) {
fprintf(stderr, "%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), inFunction);
}
BPatch_Vector<BPatch_point *> *points7_9c = found_funcs[0]->findPoint(BPatch_entry);
if(doError(TN, !points7_9c || ((*points7_9c).size() == 0),
" Unable to find entry point to \"func7_9\".\n")) return;
BPatch_point *point7_9c = (*points7_9c)[0];
BPatch_arithExpr a_expr7_9c(BPatch_plus, *var7_9c, BPatch_constExpr(5));
BPatch_arithExpr b_expr7_9c(BPatch_assign, *var7_9c, a_expr7_9c);
thread->insertSnippet(b_expr7_9c, *point7_9c, BPatch_callBefore);
}
}
static int genRelTest(BPatch_image *appImage,
BPatch_Vector<BPatch_snippet*> &vect7_1,
BPatch_relOp op, int r1, int r2, const char *var1)
{
const char *funcName = "test1_7_func2";
BPatch_Vector<BPatch_function *> found_funcs;
if ((NULL == appImage->findFunction(funcName, found_funcs))
|| !found_funcs.size())
{
logerror(" Unable to find function %s\n", funcName);
return -1;
}
if (1 < found_funcs.size())
{
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), funcName);
}
BPatch_Vector<BPatch_point *> *point7_1 = found_funcs[0]->findPoint(BPatch_entry);
if (!point7_1 || ((*point7_1).size() == 0))
{
logerror("Unable to find entry point to \"%s\".\n", funcName);
return -1;
}
BPatch_variableExpr *expr1_1 = findVariable (appImage, var1, point7_1);
if (!expr1_1)
{
logerror("**Failed** test #7 (relational operators)\n");
logerror(" Unable to locate variable %s\n", var1);
return -1;
}
BPatch_ifExpr *tempExpr1 = new BPatch_ifExpr(
BPatch_boolExpr(op, BPatch_constExpr(r1), BPatch_constExpr(r2)),
BPatch_arithExpr(BPatch_assign, *expr1_1, BPatch_constExpr(72)));
vect7_1.push_back(tempExpr1);
return 0;
}
void prepareTestCase1(procType proc_type, BPatch_thread *thread, forkWhen when)
{
static BPatchSnippetHandle *parSnippetHandle1;
if(proc_type == Parent_p && when == PreFork) {
BPatch_image *parImage = thread->getImage();
BPatch_Vector<BPatch_function *> found_funcs;
const char *inFunction = "func7_1";
if ((NULL == parImage->findFunction(inFunction, found_funcs, 1)) || !found_funcs.size()) {
fprintf(stderr, " Unable to find function %s\n",
inFunction);
exit(1);
}
if (1 < found_funcs.size()) {
fprintf(stderr, "%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), inFunction);
}
BPatch_Vector<BPatch_point *> *point7_1p = found_funcs[0]->findPoint(BPatch_entry);
if(doError(1, !point7_1p || ((*point7_1p).size() == 0),
" Unable to find entry point to \"func7_1\".\n")) return;
BPatch_variableExpr *var7_1p =
parImage->findVariable("globalVariable7_1");
if(doError(1, (var7_1p==NULL),
" Unable to locate variable globalVariable7_1\n")) return;
BPatch_arithExpr expr7_1p(BPatch_assign, *var7_1p,BPatch_constExpr(321));
parSnippetHandle1 =
thread->insertSnippet(expr7_1p, *point7_1p, BPatch_callBefore);
if(doError(1, (parSnippetHandle1 == NULL),
" Unable to insert snippet into parent for test 1\n")) return;
} else if(proc_type == Parent_p && when == PostFork) {
thread->deleteSnippet(parSnippetHandle1);
}
}
void prepareTestCase4(procType proc_type, BPatch_thread *thread, forkWhen when)
{
const int TN = 4;
static BPatchSnippetHandle *parSnippetHandle4;
if(proc_type == Child_p && when == PostFork) {
BPatch_image *childImage = thread->getImage();
BPatch_Vector<BPatch_function *> found_funcs;
const char *inFunction = "func7_4";
if ((NULL == childImage->findFunction(inFunction, found_funcs, 1)) || !found_funcs.size()) {
fprintf(stderr, " Unable to find function %s\n",
inFunction);
exit(1);
}
if (1 < found_funcs.size()) {
fprintf(stderr, "%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), inFunction);
}
BPatch_Vector<BPatch_point *> *points7_4c = found_funcs[0]->findPoint(BPatch_entry);
if(doError(TN, !points7_4c || ((*points7_4c).size() == 0),
" Unable to find entry point to \"func7_4\".\n")) return;
BPatch_point *point7_4c = (*points7_4c)[0];
BPatch_variableExpr *var7_4c =
childImage->findVariable("globalVariable7_4");
if(doError(TN, (var7_4c==NULL),
" Unable to locate variable globalVariable7_4\n")) return;
BPatch_arithExpr a_expr7_4c(BPatch_plus, *var7_4c,BPatch_constExpr(211));
BPatch_arithExpr b_expr7_4c(BPatch_assign, *var7_4c, a_expr7_4c);
parSnippetHandle4 =
thread->insertSnippet(b_expr7_4c, *point7_4c, BPatch_callBefore);
}
}
test_results_t test1_5_Mutator::executeTest()
{
// Find the entry point to the procedure "func5_2"
const char *funcName = "test1_5_func2";
BPatch_Vector<BPatch_function *> found_funcs;
if ((NULL == appImage->findFunction(funcName, found_funcs))
|| !found_funcs.size())
{
logerror(" Unable to find function %s\n", funcName);
return FAILED;
}
if (1 < found_funcs.size())
{
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), funcName);
}
BPatch_Vector<BPatch_point *> *point5_1 = found_funcs[0]->findPoint(BPatch_entry);
if (!point5_1 || ((*point5_1).size() == 0))
{
logerror("Unable to find entry point to \"%s\".\n", funcName);
return FAILED;
}
const char *funcName2 = "test1_5_func1";
BPatch_Vector<BPatch_function *> found_funcs2;
if ((NULL == appImage->findFunction(funcName2, found_funcs2))
|| !found_funcs2.size())
{
logerror(" Unable to find function %s\n", funcName2);
return FAILED;
}
if (1 < found_funcs2.size())
{
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs2.size(), funcName2);
}
BPatch_Vector<BPatch_point *> *point5_2 = found_funcs2[0]->findPoint(BPatch_subroutine);
if (!point5_2 || ((*point5_2).size() == 0))
{
logerror("Unable to find subroutine call points in \"%s\".\n", funcName2);
return FAILED;
}
const char *globalVar1 = "test1_5_globalVariable5_1";
const char *globalVar2 = "test1_5_globalVariable5_2";
BPatch_variableExpr *expr5_1 = findVariable (appImage, globalVar1, point5_1);
BPatch_variableExpr *expr5_2 = findVariable (appImage, globalVar2, point5_1);
if (!expr5_1 || !expr5_2)
{
logerror("**Failed** test #5 (1f w.o. else)\n");
logerror(" Unable to locate variable %s or ", globalVar1);
logerror(" variable %s\n", globalVar2);
return FAILED;
}
BPatch_Vector<BPatch_snippet*> vect5_1;
// if (0 == 1) globalVariable5_1 = 52;
BPatch_ifExpr expr5_3(BPatch_boolExpr(BPatch_eq, BPatch_constExpr(0),
BPatch_constExpr(1)),
BPatch_arithExpr(BPatch_assign, *expr5_1,
BPatch_constExpr(52)));
// if (1 == 1) globalVariable5_2 = 53;
BPatch_ifExpr expr5_4(BPatch_boolExpr(BPatch_eq, BPatch_constExpr(1),
BPatch_constExpr(1)),
BPatch_arithExpr(BPatch_assign, *expr5_2,
BPatch_constExpr(53)));
vect5_1.push_back(&expr5_3);
vect5_1.push_back(&expr5_4);
BPatch_sequence expr5_5(vect5_1);
checkCost(expr5_5);
appAddrSpace->insertSnippet(expr5_5, *point5_1);
return PASSED;
}
test_results_t test1_23_Mutator::executeTest()
{
const char *funcName = "test1_23_call1";
BPatch_Vector<BPatch_function *> found_funcs;
if ((NULL == appImage->findFunction(funcName, found_funcs, 1))
|| !found_funcs.size())
{
logerror(" Unable to find function %s\n", funcName);
return FAILED;
}
if (1 < found_funcs.size())
{
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), funcName);
}
BPatch_Vector<BPatch_point *> *point23_calls = found_funcs[0]->findPoint(BPatch_subroutine);
if (!point23_calls || (point23_calls->size() < 1))
{
logerror("**Failed** test #23 (local variables)\n");
logerror(" Unable to find point %s - subroutine calls\n", funcName);
return FAILED;
}
/* We only want the first one... */
BPatch_Vector<BPatch_point *> point23_1;
point23_1.push_back((*point23_calls)[0]);
BPatch_variableExpr *var1 = appImage->findVariable(*(point23_1[0]),
"localVariable23_1");
BPatch_variableExpr *var2 = appImage->findVariable(*(point23_1[0]),
"test1_23_shadowVariable1");
BPatch_variableExpr *var3 = appImage->findVariable("test1_23_shadowVariable2");
BPatch_variableExpr *var4 = appImage->findVariable("test1_23_globalVariable1");
if (!var1 || !var2 || !var3 || !var4)
{
logerror("**Failed** test #23 (local variables)\n");
if (!var1)
{
logerror(" can't find local variable localVariable23_1\n");
BPatch_function *f = point23_1[0]->getCalledFunction();
assert(f);
BPatch_Vector<BPatch_localVar *> *lvars = f->getVars();
assert(lvars);
logerror("%s[%d]: have vars\n", FILE__, __LINE__);
for (unsigned int i = 0; i < lvars->size(); ++i)
{
logerror("\t%s\n", (*lvars)[i]->getName());
}
}
if (!var2)
logerror(" can't find local variable test1_23_shadowVariable1\n");
if (!var3)
logerror(" can't find global variable test1_23_shadowVariable2\n");
return FAILED;
}
BPatch_arithExpr expr23_1(BPatch_assign, *var1, BPatch_constExpr(2300001));
BPatch_arithExpr expr23_2(BPatch_assign, *var2, BPatch_constExpr(2300012));
BPatch_arithExpr expr23_3(BPatch_assign, *var3, BPatch_constExpr(2300023));
BPatch_arithExpr expr23_4(BPatch_assign, *var4, *var1);
BPatch_Vector<BPatch_snippet *> exprs;
exprs.push_back(&expr23_1);
exprs.push_back(&expr23_2);
exprs.push_back(&expr23_3);
exprs.push_back(&expr23_4);
BPatch_sequence allParts(exprs);
appAddrSpace->insertSnippet(allParts, point23_1);
return PASSED;
}
void prepareTestCase3(procType proc_type, BPatch_thread *thread, forkWhen when)
{
static BPatchSnippetHandle *parSnippetHandle3;
if(proc_type == Parent_p && when == PreFork) {
BPatch_image *parImage = thread->getImage();
BPatch_Vector<BPatch_function *> found_funcs;
const char *inFunction = "func7_3";
if ((NULL == parImage->findFunction(inFunction, found_funcs, 1)) || !found_funcs.size()) {
fprintf(stderr, " Unable to find function %s\n",
inFunction);
exit(1);
}
if (1 < found_funcs.size()) {
fprintf(stderr, "%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), inFunction);
}
BPatch_Vector<BPatch_point *> *points7_3p = found_funcs[0]->findPoint(BPatch_entry);
if(doError(3, !points7_3p || ((*points7_3p).size() == 0),
" Unable to find entry point to \"func7_3\".\n")) return;
BPatch_point *point7_3p = (*points7_3p)[0];
BPatch_variableExpr *var7_3p =
parImage->findVariable("globalVariable7_3");
if(doError(3, (var7_3p==NULL),
" Unable to locate variable globalVariable7_3\n")) return;
BPatch_arithExpr expr7_3p(BPatch_assign, *var7_3p,BPatch_constExpr(642));
parSnippetHandle3 =
thread->insertSnippet(expr7_3p, *point7_3p, BPatch_callBefore);
} else if(proc_type == Parent_p && when == PostFork) {
bool result = thread->deleteSnippet(parSnippetHandle3);
if(result == false) {
fprintf(stderr, " error, couldn't delete snippet\n");
passedTest[3] = false;
return;
}
} else if(proc_type == Child_p && when == PostFork) {
BPatch_image *childImage = thread->getImage();
BPatch_Vector<BPatch_function *> found_funcs;
const char *inFunction = "func7_3";
if ((NULL == childImage->findFunction(inFunction, found_funcs, 1)) || !found_funcs.size()) {
fprintf(stderr, " Unable to find function %s\n",
inFunction);
exit(1);
}
if (1 < found_funcs.size()) {
fprintf(stderr, "%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), inFunction);
}
BPatch_Vector<BPatch_point *> *points7_3c = found_funcs[0]->findPoint(BPatch_entry);
if(doError(3, !points7_3c || ((*points7_3c).size() == 0),
" Unable to find entry point to \"func7_3\".\n")) return;
BPatch_point *point7_3c = (*points7_3c)[0];
BPatch_Vector<BPatchSnippetHandle *> childSnippets =
point7_3c->getCurrentSnippets();
if(doError(3, (childSnippets.size()==0),
" No snippets were found at func7_3\n")) return;
for(unsigned i=0; i<childSnippets.size(); i++) {
bool result = thread->deleteSnippet(childSnippets[i]);
if(result == false) {
fprintf(stderr, " error, couldn't delete snippet\n");
passedTest[3] = false;
return;
}
}
}
}
test_results_t test1_3_Mutator::executeTest()
{
// Find the entry point to the procedure "func3_1"
const char *funcName = "test1_3_func3_1";
BPatch_Vector<BPatch_function *> found_funcs;
if ((NULL == appImage->findFunction(funcName, found_funcs))
|| !found_funcs.size())
{
logerror(" Unable to find function %s\n", funcName);
return FAILED;
}
if (1 < found_funcs.size())
{
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), funcName);
}
BPatch_Vector<BPatch_point *> *point3_1 = found_funcs[0]->findPoint(BPatch_entry);
if (!point3_1 || ((*point3_1).size() == 0))
{
logerror("Unable to find entry point to \"%s.\"\n", funcName);
return FAILED;
}
BPatch_Vector<BPatch_function *> bpfv;
const char *fn = "test1_3_call3_1";
if (NULL == appImage->findFunction(fn, bpfv) || !bpfv.size()
|| NULL == bpfv[0])
{
logerror(" Unable to find function %s\n", fn);
return FAILED;
}
if (1 < bpfv.size())
{
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, bpfv.size(), fn);
}
BPatch_function *call3_func = bpfv[0];
BPatch_Vector<BPatch_snippet *> call3_args;
BPatch_Vector<BPatch_point *> *call3_1 = call3_func->findPoint(BPatch_subroutine);
if (!call3_1 || ((*call3_1).size() == 0))
{
logerror(" Unable to find subroutine calls in \"call3_1.\"\n");
return FAILED;
}
const char *globalVar = "test1_3_globalVariable3_1";
BPatch_variableExpr *expr3_1 = findVariable(appImage, globalVar, call3_1);
if (!expr3_1)
{
logerror("**Failed** test #3 (passing variables)\n");
logerror(" Unable to locate variable %s\n", globalVar);
return FAILED;
}
// see if we can find the address
if (expr3_1->getBaseAddr() <= 0)
{
logerror("*Error*: address %p for %s is not valid\n",
expr3_1->getBaseAddr(), globalVar);
}
BPatch_variableExpr *expr3_2 = appAddrSpace->malloc(*appImage->findType("int"));
if (!expr3_2)
{
logerror("**Failed** test #3 (passing variables)\n");
logerror(" Unable to create new int variable\n");
return FAILED;
}
BPatch_constExpr expr3_3 (expr3_1->getBaseAddr ());
BPatch_constExpr expr3_4 (expr3_2->getBaseAddr ());
int mutateeFortran = isMutateeFortran(appImage);
if (mutateeFortran)
{
call3_args.push_back (&expr3_3);
call3_args.push_back (&expr3_4);
}
else
{
call3_args.push_back(expr3_1);
call3_args.push_back(expr3_2);
}
BPatch_funcCallExpr call3Expr(*call3_func, call3_args);
checkCost(call3Expr);
appAddrSpace->insertSnippet(call3Expr, *point3_1);
BPatch_arithExpr expr3_5(BPatch_assign, *expr3_2, BPatch_constExpr(32));
checkCost(expr3_5);
appAddrSpace->insertSnippet(expr3_5, *point3_1);
dprintf("Inserted snippet3\n");
return PASSED;
}
test_results_t test1_9_Mutator::executeTest()
{
// Find the entry point to the procedure "test1_9_func1"
const char *funcName = "test1_9_func1";
BPatch_Vector<BPatch_function *> found_funcs;
if ((NULL == appImage->findFunction(funcName, found_funcs))
|| !found_funcs.size())
{
logerror(" Unable to find function %s\n", funcName);
return FAILED;
}
if (1 < found_funcs.size())
{
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), funcName);
}
BPatch_Vector<BPatch_point *> *point9_1 = found_funcs[0]->findPoint(BPatch_entry);
if (!point9_1 || ((*point9_1).size() == 0))
{
logerror("Unable to find entry point to \"%s\".\n", funcName);
return FAILED;
}
BPatch_Vector<BPatch_function *> bpfv;
const char *fn = "test1_9_call1";
if (NULL == appImage->findFunction(fn, bpfv) || !bpfv.size()
|| NULL == bpfv[0])
{
logerror(" Unable to find function %s\n", fn);
return FAILED;
}
BPatch_function *call9_func = bpfv[0];
BPatch_Vector<BPatch_snippet *> call9_args;
BPatch_variableExpr *expr9_1 = appAddrSpace->malloc (*appImage->findType ("int"));
BPatch_constExpr constExpr9_1 (0);
BPatch_arithExpr arithexpr9_1 (BPatch_assign, *expr9_1, BPatch_constExpr (91));
appAddrSpace->insertSnippet (arithexpr9_1, *point9_1);
int mutateeFortran = isMutateeFortran(appImage);
if (mutateeFortran)
{
constExpr9_1 = expr9_1->getBaseAddr ();
}
else
{
constExpr9_1 = 91;
}
call9_args.push_back(&constExpr9_1);
BPatch_variableExpr *expr9_2 = appAddrSpace->malloc (*appImage->findType ("int"));
BPatch_constExpr constExpr9_2 (0);
BPatch_arithExpr arithexpr9_2 (BPatch_assign, *expr9_2, BPatch_constExpr (92));
appAddrSpace->insertSnippet (arithexpr9_2, *point9_1);
if (mutateeFortran)
{
constExpr9_2 = expr9_2->getBaseAddr ();
}
else
{
constExpr9_2 = 92;
}
call9_args.push_back(&constExpr9_2);
BPatch_variableExpr *expr9_3 = appAddrSpace->malloc (*appImage->findType ("int"));
BPatch_constExpr constExpr9_3 (0);
BPatch_arithExpr arithexpr9_3 (BPatch_assign, *expr9_3, BPatch_constExpr (93));
appAddrSpace->insertSnippet (arithexpr9_3, *point9_1);
if (mutateeFortran)
{
constExpr9_3 = expr9_3->getBaseAddr ();
}
else
{
constExpr9_3 = 93;
}
call9_args.push_back(&constExpr9_3);
BPatch_variableExpr *expr9_4 = appAddrSpace->malloc (*appImage->findType ("int"));
BPatch_constExpr constExpr9_4 (0);
BPatch_arithExpr arithexpr9_4 (BPatch_assign, *expr9_4, BPatch_constExpr (94));
appAddrSpace->insertSnippet (arithexpr9_4, *point9_1);
if (mutateeFortran)
{
constExpr9_4 = expr9_4->getBaseAddr ();
}
else
{
constExpr9_4 = 94;
}
call9_args.push_back(&constExpr9_4);
BPatch_variableExpr *expr9_5 = appAddrSpace->malloc (*appImage->findType ("int"));
BPatch_constExpr constExpr9_5 (0);
BPatch_arithExpr arithexpr9_5 (BPatch_assign, *expr9_5, BPatch_constExpr (95));
appAddrSpace->insertSnippet (arithexpr9_5, *point9_1);
if (mutateeFortran)
{
constExpr9_5 = expr9_5->getBaseAddr ();
}
else
{
constExpr9_5 = 95;
}
call9_args.push_back(&constExpr9_5);
BPatch_funcCallExpr call9Expr(*call9_func, call9_args);
checkCost(call9Expr);
appAddrSpace->insertSnippet(call9Expr, *point9_1, BPatch_callBefore, BPatch_lastSnippet);
return PASSED;
}
static void prepareTestCase5(procType proc_type, BPatch_thread *thread, forkWhen when)
{
static BPatchSnippetHandle *parSnippetHandle5;
logerror("prepareTestCase5, %d, %p, %d\n",
proc_type, thread, when);
if(proc_type == Parent_p && when == PreFork) {
BPatch_image *parImage = thread->getProcess()->getImage();
BPatch_Vector<BPatch_function *> found_funcs;
const char *inFunction = "test_fork_9_func1";
if ((NULL == parImage->findFunction(inFunction, found_funcs, 1)) || !found_funcs.size()) {
logerror(" Unable to find function %s\n",
inFunction);
exit(1);
}
if (1 < found_funcs.size()) {
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), inFunction);
}
BPatch_Vector<BPatch_point *> *points7_5p = found_funcs[0]->findPoint(BPatch_entry);
if(doError(&passedTest, !points7_5p || ((*points7_5p).size() == 0),
" Unable to find entry point to \"test_fork_9_func1\".\n")) return;
BPatch_point *point7_5p = (*points7_5p)[0];
BPatch_variableExpr *var7_5p =
parImage->findVariable("test_fork_9_global1");
if(doError(&passedTest, (var7_5p==NULL),
" Unable to locate variable test_fork_9_global1\n")) return;
BPatch_arithExpr expr7_5p(BPatch_plus, *var7_5p, BPatch_constExpr(9));
BPatch_arithExpr b_expr7_5p(BPatch_assign, *var7_5p, expr7_5p);
parSnippetHandle5 =
thread->getProcess()->insertSnippet(b_expr7_5p, *point7_5p, BPatch_callBefore);
} else if(proc_type == Parent_p && when == PostFork) {
BPatch_image *parImage = thread->getProcess()->getImage();
BPatch_Vector<BPatch_function *> found_funcs;
const char *inFunction = "test_fork_9_func1";
if ((NULL == parImage->findFunction(inFunction, found_funcs, 1)) || !found_funcs.size()) {
logerror(" Unable to find function %s\n",
inFunction);
exit(1);
}
if (1 < found_funcs.size()) {
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), inFunction);
}
BPatch_Vector<BPatch_point *> *points7_5p = found_funcs[0]->findPoint(BPatch_entry);
if(doError(&passedTest, !points7_5p || ((*points7_5p).size() == 0),
" Unable to find entry point to \"test_fork_9_func1\".\n")) return;
BPatch_point *point7_5p = (*points7_5p)[0];
BPatch_variableExpr *var7_5p =
parImage->findVariable("test_fork_9_global1");
if(doError(&passedTest, (var7_5p==NULL),
" Unable to locate variable test_fork_9_global1\n")) return;
BPatch_arithExpr a_expr7_5p(BPatch_plus, *var7_5p, BPatch_constExpr(11));
BPatch_arithExpr b_expr7_5p(BPatch_assign, *var7_5p, a_expr7_5p);
parSnippetHandle5 =
thread->getProcess()->insertSnippet(b_expr7_5p, *point7_5p, BPatch_callBefore,
BPatch_lastSnippet);
BPatch_arithExpr c_expr7_5p(BPatch_plus, *var7_5p, BPatch_constExpr(13));
BPatch_arithExpr d_expr7_5p(BPatch_assign, *var7_5p, c_expr7_5p);
parSnippetHandle5 =
thread->getProcess()->insertSnippet(d_expr7_5p, *point7_5p, BPatch_callBefore);
} else if(proc_type == Child_p && when == PostFork) {
BPatch_image *childImage = thread->getProcess()->getImage();
BPatch_Vector<BPatch_function *> found_funcs;
const char *inFunction = "test_fork_9_func1";
if ((NULL == childImage->findFunction(inFunction, found_funcs, 1)) || !found_funcs.size()) {
logerror(" Unable to find function %s\n",
inFunction);
exit(1);
}
if (1 < found_funcs.size()) {
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), inFunction);
}
BPatch_Vector<BPatch_point *> *points7_5c = found_funcs[0]->findPoint(BPatch_entry);
if(doError(&passedTest, !points7_5c || ((*points7_5c).size() == 0),
" Unable to find entry point to \"test_fork_9_func1\".\n")) return;
BPatch_point *point7_5c = (*points7_5c)[0];
BPatch_variableExpr *var7_5c =
childImage->findVariable("test_fork_9_global1");
if(doError(&passedTest, (var7_5c==NULL),
" Unable to locate variable test_fork_9_global1\n")) return;
BPatch_arithExpr a_expr7_5c(BPatch_plus, *var7_5c, BPatch_constExpr(5));
BPatch_arithExpr b_expr7_5c(BPatch_assign, *var7_5c, a_expr7_5c);
parSnippetHandle5 =
thread->getProcess()->insertSnippet(b_expr7_5c, *point7_5c, BPatch_callBefore,
BPatch_lastSnippet);
BPatch_arithExpr c_expr7_5c(BPatch_plus, *var7_5c, BPatch_constExpr(3));
BPatch_arithExpr d_expr7_5c(BPatch_assign, *var7_5c, c_expr7_5c);
parSnippetHandle5 =
thread->getProcess()->insertSnippet(d_expr7_5c, *point7_5c, BPatch_callBefore);
}
}
test_results_t test1_28_Mutator::executeTest()
{
int i;
if (isMutateeFortran(appImage))
{
return SKIPPED;
}
// Create the types
BPatch_type *intType = appImage->findType("int");
assert(intType);
BPatch_Vector<char *> names;
BPatch_Vector<BPatch_type *> types;
names.push_back(const_cast<char*>("field1"));
names.push_back(const_cast<char*>("field2"));
types.push_back(intType);
types.push_back(intType);
// struct28_1 { int field1, int field 2; }
BPatch_type *struct28_1 = BPatch::bpatch->createStruct("test1_28_struct1", names, types);
BPatch_type *union28_1 = BPatch::bpatch->createUnion("testUnion27_1", names, types);
assert(union28_1);
names.push_back(const_cast<char*>("field3"));
names.push_back(const_cast<char*>("field4"));
BPatch_type *intArray = BPatch::bpatch->createArray("intArray", intType, 0, 9);
types.push_back(intArray);
types.push_back(struct28_1);
// struct28_2 { int field1, int field 2, int field3[10],struct26_1 field4 }
BPatch_type *struct28_2 = BPatch::bpatch->createStruct("test1_28_struct2", names, types);
BPatch_type *type28_2 = BPatch::bpatch->createTypedef("type28_2", struct28_2);
// now create variables of these types.
BPatch_variableExpr *globalVariable28_1 =
appImage->findVariable("test1_28_globalVariable1");
if (!globalVariable28_1)
{
logerror("[%s:%u] - Unable to find variable test1_28_globalVariable1\n",
__FILE__, __LINE__);
return FAILED;
}
globalVariable28_1->setType(type28_2);
BPatch_variableExpr *globalVariable28_8 =
appImage->findVariable("test1_28_globalVariable8");
if (!globalVariable28_8)
{
logerror("[%s:%u] - Unable to find variable test1_28_globalVariable8\n",
__FILE__, __LINE__);
return FAILED;
}
globalVariable28_8->setType(union28_1);
// Next verify that we can find a local variable in call28
const char *fname = "test1_28_call1";
BPatch_Vector<BPatch_function *> found_funcs;
if ((NULL == appImage->findFunction(fname, found_funcs)) || !found_funcs.size())
{
logerror(" Unable to find function %s\n", fname);
return FAILED;
}
if (1 < found_funcs.size())
{
logerror("%s[%d]: WARNING : found %d functions named %s. Using the first.\n",
__FILE__, __LINE__, found_funcs.size(), fname);
}
BPatch_Vector<BPatch_point *> *point28 = found_funcs[0]->findPoint(BPatch_entry);
assert(point28 && (point28->size() == 1));
// FIXME We didn't look up a local variable!?
BPatch_variableExpr *gvar[8];
for (i=1; i <= 7; i++)
{
char name[80];
sprintf(name, "test1_28_globalVariable%d", i);
gvar[i] = appImage->findVariable(name);
if (!gvar[i])
{
logerror("**Failed** test #28 (user defined fields)\n");
logerror(" can't find variable %s\n", name);
return FAILED;
}
}
// start of code for globalVariable28
BPatch_Vector<BPatch_variableExpr *> *fields = gvar[1]->getComponents();
assert(fields && (fields->size() == 4));
for (i=0; i < 4; i++)
{
char fieldName[80];
sprintf(fieldName, "field%d", i+1);
if (strcmp(fieldName, (*fields)[i]->getName()))
{
logerror("field %d of the struct is %s, not %s\n",
i+1, fieldName, (*fields)[i]->getName());
return FAILED;
}
}
// globalVariable28 = globalVariable28.field1
BPatch_arithExpr assignment1(BPatch_assign, *gvar[2], *((*fields)[0]));
appAddrSpace->insertSnippet(assignment1, *point28);
// globalVariable28 = globalVariable28.field2
BPatch_arithExpr assignment2(BPatch_assign, *gvar[3], *((*fields)[1]));
appAddrSpace->insertSnippet(assignment2, *point28);
// globalVariable28 = globalVariable28.field3[0]
BPatch_arithExpr assignment3(BPatch_assign, *gvar[4],
BPatch_arithExpr(BPatch_ref, *((*fields)[2]), BPatch_constExpr(0)));
appAddrSpace->insertSnippet(assignment3, *point28);
// globalVariable28 = globalVariable28.field3[5]
BPatch_arithExpr assignment4(BPatch_assign, *gvar[5],
BPatch_arithExpr(BPatch_ref, *((*fields)[2]), BPatch_constExpr(5)));
appAddrSpace->insertSnippet(assignment4, *point28);
BPatch_Vector<BPatch_variableExpr *> *subfields =
(*fields)[3]->getComponents();
assert(subfields != NULL);
// globalVariable28 = globalVariable28.field4.field1
BPatch_arithExpr assignment5(BPatch_assign, *gvar[6], *((*subfields)[0]));
appAddrSpace->insertSnippet(assignment5, *point28);
// globalVariable28 = globalVariable28.field4.field2
BPatch_arithExpr assignment6(BPatch_assign, *gvar[7], *((*subfields)[1]));
appAddrSpace->insertSnippet(assignment6, *point28);
//
BPatch_Vector<BPatch_variableExpr *> *unionfields = globalVariable28_8->getComponents();
int n=1;
int val1, val2, val3;
((*unionfields)[0])->writeValue(&n,true);
((*unionfields)[0])->readValue(&val1);
if (val1 != 1)
{
logerror("**Failed** test #28 (user defined fields)\n");
logerror(" union field1 has wrong value after first set\n");
return FAILED;
}
n=2;
((*unionfields)[1])->writeValue(&n,true);
((*unionfields)[1])->readValue(&val2);
if (val2 != 2)
{
logerror("**Failed** test #28 (user defined fields)\n");
logerror(" union field2 has wrong value after second set\n");
return FAILED;
}
((*unionfields)[1])->readValue(&val3);
if (val3 != 2)
{
logerror("**Failed** test #28 (user defined fields)\n");
logerror(" union field1 has wrong value after second set\n");
return FAILED;
}
// create a scalar
BPatch_type *newScalar1 = BPatch::bpatch->createScalar("scalar1", 8);
assert(newScalar1);
int scalarSize = newScalar1->getSize();
if (scalarSize != 8)
{
logerror("**Failed** test #28 (user defined fields)\n");
logerror(" created scalar is %d bytes, expected %d\n", scalarSize, 8);
return FAILED;
}
// create an enum
BPatch_Vector<char *> enumItems;
BPatch_Vector<int> enumVals;
enumItems.push_back(const_cast<char*>("item1"));
enumItems.push_back(const_cast<char*>("item2"));
enumItems.push_back(const_cast<char*>("item3"));
enumVals.push_back(42);
enumVals.push_back(43);
enumVals.push_back(44);
BPatch_type *newEnum1 = BPatch::bpatch->createEnum("enum1", enumItems);
BPatch_type *newEnum2 = BPatch::bpatch->createEnum("enum2", enumItems, enumVals);
if (!newEnum1 || !newEnum2)
{
logerror("**Failed** test #28 (user defined fields)\n");
logerror(" failed to create enums as expected\n");
return FAILED;
}
if (!newEnum1->isCompatible(newEnum1))
{
logerror("**Failed** test #28 (user defined fields)\n");
logerror(" identical enums reported incompatible\n");
return FAILED;
}
if (newEnum1->isCompatible(newEnum2))
{
logerror("**Failed** test #28 (user defined fields)\n");
logerror(" different enums declared compatible\n");
return FAILED;
}
return PASSED;
}
int main(int argc, char *argv[], char* envp[])
{
if (argc < 2) {
fprintf(stderr, "Usage: %s prog_filename prog_aruments\n", argv[0]);
return 3;
}
#if 0
if (strcmp(argv[1], "prog") != 0 && strcmp(argv[1], "all"))
{
fprintf(stderr, "Options for patch selection are 'progonly' or 'all'\n");
return 3;
}
#endif
int patchall = 0; //strcmp(argv[1], "all") != 0;
// Create process
BPatch_process *appProc = bpatch.processCreate(argv[1], (const char**) &(argv[1]));
// Load pthread into the process...
appProc->loadLibrary("libpthread.so.0");
// Get the process image
BPatch_image *appImage = appProc->getImage();
// Find all the instrumentable procedures
BPatch_Vector<BPatch_function*> *functions = appImage->getProcedures();
/*************************************************************************
* General function search *
*************************************************************************/
// Find the printf function
BPatch_Vector<BPatch_function*> printfFuncs;
appImage->findFunction("printf", printfFuncs);
if (printfFuncs.size() == 0)
appImage->findFunction("_printf", printfFuncs);
if (printfFuncs.size() == 0)
appImage->findFunction("__printf", printfFuncs);
if(printfFuncs.size() == 0)
{
fprintf(stderr, "Could not find printf() function");
return 2;
}
// Find the exit function
BPatch_Vector<BPatch_function*> exitFuncs;
appImage->findFunction("exit", exitFuncs);
if (exitFuncs.size() == 0)
appImage->findFunction("_exit", exitFuncs);
if (exitFuncs.size() == 0)
appImage->findFunction("__exit", exitFuncs);
if(exitFuncs.size() == 0)
{
fprintf(stderr, "Could not find exit() function");
return 2;
}
// Find the perror function
BPatch_Vector<BPatch_function*> perrorFuncs;
appImage->findFunction("perror", perrorFuncs);
if (perrorFuncs.size() == 0)
appImage->findFunction("_perror", perrorFuncs);
if (perrorFuncs.size() == 0)
appImage->findFunction("__perror", perrorFuncs);
if(perrorFuncs.size() == 0)
{
fprintf(stderr, "Could not find perror() function");
return 2;
}
BPatch_Vector<BPatch_snippet*> mainEntryBlock;
/************************************************************************
* Error exit call *
************************************************************************/
BPatch_Vector<BPatch_snippet*> exitArgs;
BPatch_constExpr exitCode(-2);
exitArgs.push_back(&exitCode);
// Open call
BPatch_funcCallExpr exitOnErrorCall(*exitFuncs[0], exitArgs);
/************************************************************************
* Open imitate device patch *
* **********************************************************************/
// Find main()
BPatch_Vector<BPatch_function*> mainFunctions;
appImage->findFunction("main", mainFunctions);
if (mainFunctions.size() == 0)
appImage->findFunction("_main", mainFunctions);
if (mainFunctions.size() == 0)
appImage->findFunction("__main", mainFunctions);
if(mainFunctions.size() == 0)
{
fprintf(stderr, "Could not find main() function");
return 2;
}
// find open()
BPatch_Vector<BPatch_function*> openFunctions;
appImage->findFunction("open64", openFunctions);
if (openFunctions.size() == 0)
appImage->findFunction("open", openFunctions);
if (openFunctions.size() == 0)
appImage->findFunction("_open", openFunctions);
if (openFunctions.size() == 0)
appImage->findFunction("__open", openFunctions);
if(openFunctions.size() == 0)
{
fprintf(stderr, "Could not find open() function");
return 2;
}
// Get main() entry point
BPatch_Vector<BPatch_point*> *mainPoints = mainFunctions[0]->findPoint(BPatch_entry);
// Open call arguments
BPatch_Vector<BPatch_snippet*> openArgs;
BPatch_constExpr fileName("/dev/imitate0");
BPatch_constExpr fileFlags(O_RDWR);
openArgs.push_back(&fileName);
openArgs.push_back(&fileFlags);
// Open call
BPatch_funcCallExpr openDevCall(*openFunctions[0], openArgs);
// Allocate file descriptor
BPatch_variableExpr *devFd = appProc->malloc(*appImage->findType("int"));
// Assign fd with result of open call
BPatch_arithExpr openDevice(BPatch_assign, *devFd, openDevCall);
// defFd check
BPatch_boolExpr devFdCheck(BPatch_lt, *devFd, BPatch_constExpr(0));
// perror message
BPatch_Vector<BPatch_snippet*> devFdErrorArgs;
BPatch_constExpr devFdErrorMsg("Opening imitate kernel device");
devFdErrorArgs.push_back(&devFdErrorMsg);
BPatch_funcCallExpr devFdError(*perrorFuncs[0], devFdErrorArgs);
BPatch_Vector<BPatch_snippet*> openErrorBlock;
openErrorBlock.push_back(&devFdError);
openErrorBlock.push_back(&exitOnErrorCall);
// if (devFd < 0) { perror(...) }
BPatch_ifExpr devFdBlock(devFdCheck, BPatch_sequence(openErrorBlock));
mainEntryBlock.push_back(&openDevice);
mainEntryBlock.push_back(&devFdBlock);
/*************************************************************************
* Send ioctl IMITATE_APP_RECORD to module *
*************************************************************************/
// find ioctl()
BPatch_Vector<BPatch_function*> ioctlFunctions;
appImage->findFunction("ioctl", ioctlFunctions);
if (ioctlFunctions.size() == 0)
appImage->findFunction("_ioctl", ioctlFunctions);
if (ioctlFunctions.size() == 0)
appImage->findFunction("__ioctl", ioctlFunctions);
if(ioctlFunctions.size() == 0)
{
fprintf(stderr, "Could not find ioctl() function");
return 2;
}
// ioctl() arguments
BPatch_Vector<BPatch_snippet*> ioctlArgs;
BPatch_constExpr operation(IMITATE_APP_RECORD);
fprintf(stderr, "PPID: %d\n", getppid());
BPatch_constExpr monitorPid(getppid());
ioctlArgs.push_back(devFd);
ioctlArgs.push_back(&operation);
ioctlArgs.push_back(&monitorPid);
// ioctl() call
BPatch_funcCallExpr ioctlCall(*ioctlFunctions[0], ioctlArgs);
// ioctl() result check
BPatch_boolExpr ioctlCheck(BPatch_lt, ioctlCall, BPatch_constExpr(0));
// perror message
BPatch_Vector<BPatch_snippet*> ioctlErrorArgs;
BPatch_constExpr ioctlErrorMsg("Notifying imitate kernel driver of RECORD");
ioctlErrorArgs.push_back(&ioctlErrorMsg);
BPatch_funcCallExpr ioctlError(*perrorFuncs[0], ioctlErrorArgs);
BPatch_Vector<BPatch_snippet*> ioctlErrorBlock;
ioctlErrorBlock.push_back(&ioctlError);
ioctlErrorBlock.push_back(&exitOnErrorCall);
// if (ioctl(...) < 0) { perror(...) }
BPatch_ifExpr ioctlBlock(ioctlCheck, BPatch_sequence(ioctlErrorBlock));
// Add ioctl check to entry block
mainEntryBlock.push_back(&ioctlBlock);
/*************************************************************************
* Counter mmap() *
*************************************************************************/
// Find the mmap function
BPatch_Vector<BPatch_function*> mmapFuncs;
appImage->findFunction("mmap", mmapFuncs);
if (mmapFuncs.size() == 0)
appImage->findFunction("_mmap", mmapFuncs);
if (mmapFuncs.size() == 0)
appImage->findFunction("__mmap", mmapFuncs);
if(mmapFuncs.size() == 0)
{
fprintf(stderr, "Could not find mmap() function");
return 2;
}
// Allocate counter
BPatch_variableExpr *counterAddr = appProc->malloc(sizeof(sched_counter_t*));
sched_counter_t counterVal = 0;
counterAddr->writeValue(&counterVal, sizeof(sched_counter_t*), false);
// Notify kernel of address
BPatch_Vector<BPatch_snippet*> mmapArgs;
BPatch_constExpr mmapStart(0);
BPatch_constExpr mmapLength(sizeof(sched_counter_t));
BPatch_constExpr mmapProt(PROT_READ | PROT_WRITE);
BPatch_constExpr mmapFlags(MAP_SHARED);
BPatch_constExpr mmapOffset(0);
mmapArgs.push_back(&mmapStart);
mmapArgs.push_back(&mmapLength);
mmapArgs.push_back(&mmapProt);
mmapArgs.push_back(&mmapFlags);
mmapArgs.push_back(devFd);
mmapArgs.push_back(&mmapOffset);
// mmap() call
BPatch_funcCallExpr mmapCall(*mmapFuncs[0], mmapArgs);
// assign result to counterAddr
BPatch_arithExpr mmapAssign(BPatch_assign, *counterAddr, mmapCall);
// Add to entry block
mainEntryBlock.push_back(&mmapAssign);
// mmap() result check
BPatch_boolExpr mmapCheck(BPatch_eq, *counterAddr, BPatch_constExpr(MAP_FAILED));
// perror message
BPatch_Vector<BPatch_snippet*> mmapErrorArgs;
BPatch_constExpr mmapErrorMsg("Memory mapping schedule (back edge) counter");
mmapErrorArgs.push_back(&mmapErrorMsg);
BPatch_funcCallExpr mmapError(*perrorFuncs[0], mmapErrorArgs);
BPatch_Vector<BPatch_snippet*> mmapErrorBlock;
mmapErrorBlock.push_back(&mmapError);
mmapErrorBlock.push_back(&exitOnErrorCall);
// if (mmap(...) == MAP_FAILED) { perror(...) }
BPatch_ifExpr mmapBlock(mmapCheck, BPatch_sequence(mmapErrorBlock));
mainEntryBlock.push_back(&mmapBlock);
// Patch main entry
BPatch_sequence mainEntrySeq(mainEntryBlock);
appProc->insertSnippet(mainEntrySeq, *mainPoints);
/*************************************************************************
* Back-edge patching *
*************************************************************************/
#if 0
printf("intCounter address: %x\n PID: %d\n", intCounter->getBaseAddr(), appProc->getPid());
fflush(stdout);
#endif
// Find the mutex lock/unlock functions
BPatch_Vector<BPatch_function*> mutexLockFunctions;
appImage->findFunction("pthread_mutex_lock", mutexLockFunctions);
if (mutexLockFunctions.size() == 0)
appImage->findFunction("_pthread_mutex_lock", mutexLockFunctions);
if (mutexLockFunctions.size() == 0)
appImage->findFunction("__pthread_mutex_lock", mutexLockFunctions);
if(mutexLockFunctions.size() == 0)
{
fprintf(stderr, "Could not find pthread_mutex_lock() function");
return 2;
}
BPatch_Vector<BPatch_function*> mutexUnlockFunctions;
appImage->findFunction("pthread_mutex_unlock", mutexUnlockFunctions);
if (mutexUnlockFunctions.size() == 0)
appImage->findFunction("_pthread_mutex_unlock", mutexUnlockFunctions);
if (mutexUnlockFunctions.size() == 0)
appImage->findFunction("__pthread_mutex_unlock", mutexUnlockFunctions);
if(mutexUnlockFunctions.size() == 0)
{
fprintf(stderr, "Could not find pthread_mutex_unlock() function");
return 2;
}
// Allocate a mutex
pthread_mutex_t mutexValue = PTHREAD_MUTEX_INITIALIZER;
BPatch_variableExpr *mutex = appProc->malloc(sizeof(pthread_mutex_t));
mutex->writeValue(&mutexValue, sizeof(pthread_mutex_t), false);
// Build mutex lock call
BPatch_Vector<BPatch_snippet*> mutexArgs;
BPatch_constExpr mutexAddress(mutex->getBaseAddr());
mutexArgs.push_back(&mutexAddress);
BPatch_funcCallExpr mutexLockCall(*mutexLockFunctions[0], mutexArgs);
BPatch_funcCallExpr mutexUnlockCall(*mutexUnlockFunctions[0], mutexArgs);
BPatch_arithExpr derefCounter(BPatch_deref, *counterAddr);
// Create 'increment counter' snippet
BPatch_arithExpr addOneToCounter(BPatch_assign, derefCounter,
BPatch_arithExpr(BPatch_plus, derefCounter, BPatch_constExpr(1)));
BPatch_Vector<BPatch_snippet*> snippet;
snippet.push_back(&mutexLockCall);
snippet.push_back(&addOneToCounter);
snippet.push_back(&mutexUnlockCall);
BPatch_sequence addOneAtomic(snippet);
char *name = (char*) malloc(sizeof(char)*200);
char *modname = (char*) malloc(sizeof(char)*200);
if (! (name && modname))
{
fprintf(stderr, "%s %d: Out of memory!", __FILE__, __LINE__);
return 1;
}
appProc->beginInsertionSet();
// Iterate through the procedures
for (int i = 0; i < functions->size(); i++)
{
(*functions)[i]->getName(name, 199);
(*functions)[i]->getModuleName(modname, 199);
if ((patchall && strcmp(modname, "DEFAULT_MODULE") != 0) ||
strncmp(name, "pthread", 7) == 0 ||
strncmp(modname, "libpthread", 10) == 0 ||
strncmp(modname, "libdyninst", 10) == 0 ||
(name[0] == '_' && name[1] != '_' && strncmp(modname, "libc", 4) == 0))
continue;
fprintf(stderr, "patcher: Patching function: '%s' (%s)", name, modname);
// Patch back-edge for call
if (strcmp(name, "main") != 0)
appProc->insertSnippet(addOneAtomic, *((*functions)[i]->findPoint(BPatch_entry)));
// Get the control flow graph for the procedure
BPatch_flowGraph *graph = (*functions)[i]->getCFG();
// Find the loops
BPatch_Vector<BPatch_basicBlockLoop*> *loops = new BPatch_Vector<BPatch_basicBlockLoop*>();
graph->getLoops(*loops);
// Patch the loop back-edges
for(int j = 0; j < loops->size(); j++)
{
appProc->insertSnippet(addOneAtomic, *((*loops)[j]->getBackEdge()->getPoint()));
fprintf(stderr, ".", (int) (*loops)[j]->getBackEdge()->getPoint()->getAddress());
}
fprintf(stderr, "\n");
// Free the loops found
delete(loops);
}
fprintf(stderr, "Finalising patches...");
fflush(stderr);
appProc->finalizeInsertionSet(false);
fprintf(stderr, "Done.\n----------------------------------------\n");
// Clear up memory used to store the name
free(name);
free(modname);
#if 0
/*************************************************************************
* Exit point counter print patch *
*************************************************************************/
// Patch exit() function to print out no of back branches at the end
// Get exit() exit point
BPatch_Vector<BPatch_point*> *exitPoints = exitFuncs[0]->findPoint(BPatch_entry);
// Build printf() call:
// printf("Total Total Back-branches: %d\n", counter);
// Build arguments to printf()
BPatch_Vector<BPatch_snippet*> printfArgs;
BPatch_constExpr formatString("Total Back-branches: %d\n");
printfArgs.push_back(&formatString);
printfArgs.push_back(&derefCounter);
// Build call to printf()
BPatch_funcCallExpr printfCall(*printfFuncs[0], printfArgs);
// Patch into exit()
appProc->insertSnippet(printfCall, *exitPoints);
#endif
// Continue mutatee...
appProc->continueExecution();
// Wait for mutatee to finish
while (!appProc->isTerminated())
{
bpatch.waitForStatusChange();
}
fprintf(stderr, "----------------------------------------\n");
fprintf(stderr, "Done.\n");
return 0;
}
//
// Start Test Case #1 - (C++ argument pass)
//
// static int mutatorTest(BPatch_thread *appThread, BPatch_image *appImage)
test_results_t test5_1_Mutator::executeTest() {
BPatch_Vector<BPatch_function *> bpfv;
const char *fn = "arg_test::call_cpp";
if (NULL == appImage->findFunction(fn, bpfv) || !bpfv.size()
|| NULL == bpfv[0]){
logerror("**Failed** test #1\n");
logerror(" Unable to find function %s\n", fn);
return FAILED;
}
BPatch_function *f1 = bpfv[0];
BPatch_Vector<BPatch_point *> *point1_1 = f1->findPoint(BPatch_subroutine);
assert(point1_1);
assert((*point1_1)[0]);
// check the paramter passing modes
BPatch_variableExpr *arg0 = appImage->findVariable(*(*point1_1)[0],
"reference");
BPatch_variableExpr *arg1 = appImage->findVariable(*(*point1_1)[0],
"arg1");
BPatch_variableExpr *arg2 = appImage->findVariable(*(*point1_1)[0],
"arg2");
BPatch_variableExpr *arg3 = appImage->findVariable(*(*point1_1)[0],
"arg3");
BPatch_variableExpr *arg4 = appImage->findVariable(*(*point1_1)[0],
"m");
if (!arg0 || !arg1 || !arg2 || !arg3 || !arg4) {
logerror("**Failed** test #1 (argument passing)\n");
if ( !arg0 )
logerror(" can't find local variable 'reference'\n");
if ( !arg1 )
logerror(" can't find local variable 'arg1'\n");
if ( !arg2 )
logerror(" can't find local variable 'arg2'\n");
if ( !arg3 )
logerror(" can't find local variable 'arg3'\n");
if ( !arg4 )
logerror(" can't find local variable 'm'\n");
return FAILED;
}
BPatch_type *type1_0 = const_cast<BPatch_type *> (arg0->getType());
BPatch_type *type1_1 = const_cast<BPatch_type *> (arg1->getType());
BPatch_type *type1_2 = const_cast<BPatch_type *> (arg2->getType());
BPatch_type *type1_3 = const_cast<BPatch_type *> (arg4->getType());
assert(type1_0 && type1_1 && type1_2 && type1_3);
if (!type1_1->isCompatible(type1_3)) {
logerror("**Failed** test #1 (C++ argument pass)\n");
logerror(" type1_1 reported as incompatibile with type1_3\n");
return FAILED;
}
if (!type1_2->isCompatible(type1_0)) {
logerror("**Failed** test #1 (C++ argument pass)\n");
logerror(" type1_2 reported as incompatibile with type1_0\n");
return FAILED;
}
BPatch_arithExpr expr1_1(BPatch_assign, *arg3, BPatch_constExpr(1));
checkCost(expr1_1);
appAddrSpace->insertSnippet(expr1_1, *point1_1);
// pass a paramter to a class member function
bpfv.clear();
const char *fn2 = "arg_test::func_cpp";
if (NULL == appImage->findFunction(fn2, bpfv) || !bpfv.size()
|| NULL == bpfv[0]){
logerror("**Failed** test #1 (C++ argument pass)\n");
logerror(" Unable to find function %s\n", fn2);
return FAILED;
}
BPatch_function *f2 = bpfv[0];
BPatch_Vector<BPatch_point *> *point1_2 = f2->findPoint(BPatch_subroutine);
if (!point1_2 || (point1_2->size() < 1)) {
logerror("**Failed** test #1 (C++ argument pass)\n");
logerror("Unable to find point arg_test::func_cpp - exit.\n");
return FAILED;
}
bpfv.clear();
const char *fn3 = "arg_test::arg_pass";
if (NULL == appImage->findFunction(fn3, bpfv) || !bpfv.size()
|| NULL == bpfv[0]) {
logerror("**Failed** test #1 (C++ argument pass)\n");
logerror(" Unable to find function %s\n", fn3);
return FAILED;
}
BPatch_function *call1_func = bpfv[0];
BPatch_variableExpr *this1 = appImage->findVariable("test1");
if (this1 == NULL) {
logerror("**Failed** test #1 (C++ argument pass)\n");
logerror("Unable to find variable \"test1\"\n");
return FAILED;
}
BPatch_Vector<BPatch_snippet *> call1_args;
BPatch_arithExpr expr1_2(BPatch_addr, *this1);
call1_args.push_back(&expr1_2);
BPatch_constExpr expr1_3(1);
call1_args.push_back(&expr1_3);
BPatch_funcCallExpr call1Expr(*call1_func, call1_args);
checkCost(call1Expr);
appAddrSpace->insertSnippet(call1Expr, *point1_2);
return PASSED;
}
