void MemoryTracer::traceDataMemoryAccess(S2EExecutionState *state,
klee::ref<klee::Expr> &address,
klee::ref<klee::Expr> &hostAddress,
klee::ref<klee::Expr> &value,
bool isWrite, bool isIO)
{
if (m_catchAbove || m_catchBelow) {
if (m_catchAbove && (m_catchAbove >= state->getPc())) {
return;
}
if (m_catchBelow && (m_catchBelow < state->getPc())) {
return;
}
}
bool isAddrCste = isa<klee::ConstantExpr>(address);
bool isValCste = isa<klee::ConstantExpr>(value);
bool isHostAddrCste = isa<klee::ConstantExpr>(hostAddress);
//Output to the trace entry here
ExecutionTraceMemory e;
e.flags = 0;
e.pc = state->getPc();
uint64_t concreteAddress = 0xdeadbeef;
uint64_t concreteValue = 0xdeadbeef;
if (ConcolicMode) {
klee::ref<klee::ConstantExpr> ce = dyn_cast<klee::ConstantExpr>(state->concolics.evaluate(address));
concreteAddress = ce->getZExtValue();
ce = dyn_cast<klee::ConstantExpr>(state->concolics.evaluate(value));
concreteValue = ce->getZExtValue();
}
e.address = isAddrCste ? cast<klee::ConstantExpr>(address)->getZExtValue(64) : concreteAddress;
e.value = isValCste ? cast<klee::ConstantExpr>(value)->getZExtValue(64) : concreteValue;
e.size = klee::Expr::getMinBytesForWidth(value->getWidth());
e.flags = isWrite*EXECTRACE_MEM_WRITE |
isIO*EXECTRACE_MEM_IO;
e.hostAddress = isHostAddrCste ? cast<klee::ConstantExpr>(hostAddress)->getZExtValue(64) : 0xDEADBEEF;
if (m_traceHostAddresses) {
e.flags |= EXECTRACE_MEM_HASHOSTADDR;
e.flags |= EXECTRACE_MEM_OBJECTSTATE;
klee::ObjectPair op = state->addressSpace.findObject(e.hostAddress & S2E_RAM_OBJECT_MASK);
e.concreteBuffer = 0;
if (op.first && op.second) {
e.concreteBuffer = (uint64_t) op.second->getConcreteStore();
if (isWrite && m_debugObjectStates) {
assert(state->addressSpace.isOwnedByUs(op.second));
}
}
}
if (!isAddrCste) {
e.flags |= EXECTRACE_MEM_SYMBADDR;
}
if (!isValCste) {
e.flags |= EXECTRACE_MEM_SYMBVAL;
}
if (!isHostAddrCste) {
e.flags |= EXECTRACE_MEM_SYMBHOSTADDR;
}
unsigned strucSize = sizeof(e);
if (!(e.flags & EXECTRACE_MEM_HASHOSTADDR) && !(e.flags & EXECTRACE_MEM_OBJECTSTATE)) {
strucSize -= (sizeof(e.hostAddress) + sizeof(e.concreteBuffer));
}
m_tracer->writeData(state, &e, sizeof(e), TRACE_MEMORY);
}
void MemoryTracer::traceDataMemoryAccess(S2EExecutionState *state,
klee::ref<klee::Expr> &address,
klee::ref<klee::Expr> &hostAddress,
klee::ref<klee::Expr> &value,
bool isWrite, bool isIO)
{
if (m_catchAbove || m_catchBelow) {
if (m_catchAbove && (m_catchAbove >= state->getPc())) {
return;
}
if (m_catchBelow && (m_catchBelow < state->getPc())) {
return;
}
}
bool isAddrCste = isa<klee::ConstantExpr>(address);
bool isValCste = isa<klee::ConstantExpr>(value);
bool isHostAddrCste = isa<klee::ConstantExpr>(hostAddress);
//Output to the trace entry here
ExecutionTraceMemory e;
e.flags = 0;
e.pc = state->getPc();
uint64_t concreteAddress = 0xdeadbeef;
uint64_t concreteValue = 0xdeadbeef;
if (ConcolicMode) {
klee::ref<klee::ConstantExpr> ce = dyn_cast<klee::ConstantExpr>(state->concolics.evaluate(address));
concreteAddress = ce->getZExtValue();
ce = dyn_cast<klee::ConstantExpr>(state->concolics.evaluate(value));
concreteValue = ce->getZExtValue();
}
e.address = isAddrCste ? cast<klee::ConstantExpr>(address)->getZExtValue(64) : concreteAddress;
e.value = isValCste ? cast<klee::ConstantExpr>(value)->getZExtValue(64) : concreteValue;
e.size = klee::Expr::getMinBytesForWidth(value->getWidth());
e.flags = isWrite*EXECTRACE_MEM_WRITE |
isIO*EXECTRACE_MEM_IO;
e.hostAddress = isHostAddrCste ? cast<klee::ConstantExpr>(hostAddress)->getZExtValue(64) : 0xDEADBEEF;
if (m_traceHostAddresses) {
e.flags |= EXECTRACE_MEM_HASHOSTADDR;
}
if (!isAddrCste) {
e.flags |= EXECTRACE_MEM_SYMBADDR;
}
if (!isValCste) {
e.flags |= EXECTRACE_MEM_SYMBVAL;
}
if (!isHostAddrCste) {
e.flags |= EXECTRACE_MEM_SYMBHOSTADDR;
}
unsigned strucSize = sizeof(e);
if (!(e.flags & EXECTRACE_MEM_HASHOSTADDR)) {
strucSize -= sizeof(e.hostAddress);
}
m_tracer->writeData(state, &e, sizeof(e), TRACE_MEMORY);
}
