previous_version/path_explorer.cpp

   1 #include <pin.H>
   2
   3 #include <map>
   4 #include <vector>
   5 #include <algorithm>
   6 #include <stack>
   7 #include <sstream>
   8 #include <fstream>
   9 #include <string>
  10 #include <iostream>
  11 #include <limits>
  12
  13 #include <boost/timer.hpp>
  14 #include <boost/date_time/posix_time/posix_time.hpp>
  15 #include <boost/shared_ptr.hpp>
  16 #include <boost/format.hpp>
  17 #include <boost/log/trivial.hpp>
  18
  19 #include "instruction.h"
  20 #include "checkpoint.h"
  21 #include "stuffs.h"
  22 #include "variable.h"
  23 #include "branch.h"
  24 #include "instrumentation_functions.h"
  25 #include "analysis_functions.h"
  26
  27 extern "C"
  28 {
  29 #include <xed-interface.h>
  30 }
  31
  32 /* ------------------------------------------------------------------------------------------------------------------ */
  33 /*                                                      global variables                                              */
  34 /* ------------------------------------------------------------------------------------------------------------------ */
  35 std::map<ADDRINT, instruction>                addr_ins_static_map;    // statically examined instructions
  36 std::map<UINT32, instruction>                 order_ins_dynamic_map;  // dynamically examined instructions
  37
  38 ADDRINT                                       logged_syscall_index;   // logged syscall index
  39 ADDRINT                                       logged_syscall_args[6]; // logged syscall arguments
  40
  41 UINT32                                        total_rollback_times;
  42 UINT32                                        local_rollback_times;
  43 UINT32                                        trace_size;
  44 UINT32                                        used_checkpoint_number;
  45
  46 UINT32                                        max_total_rollback_times;
  47 UINT32                                        max_local_rollback_times;
  48 UINT32                                        max_trace_size;
  49
  50
  51 bool                                          in_tainting;
  52
  53 vdep_graph                                    dta_graph;
  54 map_ins_io                                    dta_inss_io;
  55 vdep_vertex_desc_set                          dta_outer_vertices;
  56
  57 std::vector<ptr_checkpoint>                   saved_ptr_checkpoints;
  58 ptr_checkpoint                                master_ptr_checkpoint;
  59 ptr_checkpoint                                last_active_ptr_checkpoint;
  60
  61 std::set<ADDRINT>                             active_input_dep_addrs;
  62
  63 std::pair< ptr_checkpoint,
  64            std::set<ADDRINT> >                active_nearest_checkpoint;
  65
  66 std::map< UINT32,
  67           std::vector<ptr_checkpoint> >       exepoint_checkpoints_map;
  68
  69 std::map<UINT32, ptr_branch>                  order_input_dep_ptr_branch_map;
  70 std::map<UINT32, ptr_branch>                  order_input_indep_ptr_branch_map;
  71 std::map<UINT32, ptr_branch>                  order_tainted_ptr_branch_map;
  72
  73 std::vector<ptr_branch>                       found_new_ptr_branches;
  74 std::vector<ptr_branch>                       total_resolved_ptr_branches;
  75 std::vector<ptr_branch>                       total_input_dep_ptr_branches;
  76
  77 ptr_branch                                    active_ptr_branch;
  78 ptr_branch                                    last_active_ptr_branch;
  79 ptr_branch                                    exploring_ptr_branch;
  80
  81 std::vector<ADDRINT>                          explored_trace;
  82
  83 UINT8                                         received_msg_num;
  84 ADDRINT                                       received_msg_addr;
  85 UINT32                                        received_msg_size;
  86 ADDRINT                                                                                                                                                         received_msg_struct_addr;
  87
  88 UINT64                                        executed_ins_number;
  89 UINT64                                        econed_ins_number;
  90
  91 boost::shared_ptr<boost::posix_time::ptime>   start_ptr_time;
  92 boost::shared_ptr<boost::posix_time::ptime>   stop_ptr_time;
  93
  94 // std::ofstream                                 tainting_log_file;
  95
  96 /* ------------------------------------------------------------------------------------------------------------------ */
  97 /*                                               input handler functions                                              */
  98 /* ------------------------------------------------------------------------------------------------------------------ */
  99 KNOB<BOOL>    print_debug_text    (KNOB_MODE_WRITEONCE, "pintool",
 100                                    "d", "1",
 101                                    "print debug text" );
 102
 103 KNOB<UINT32>  max_local_rollback  (KNOB_MODE_WRITEONCE, "pintool",
 104                                    "r", "7000",
 105                                    "specify the maximum local number of rollback" );
 106
 107 KNOB<UINT32>  max_total_rollback  (KNOB_MODE_WRITEONCE, "pintool",
 108                                    "t", "4000000000",
 109                                    "specify the maximum total number of rollback" );
 110
 111 KNOB<UINT32>  max_trace_length    (KNOB_MODE_WRITEONCE, "pintool",
 112                                    "l", "100", "specify the length of the longest trace" );
 113
 114 /* ------------------------------------------------------------------------------------------------------------------ */
 115 /*                                                instrumental functions                                              */
 116 /* -------------------------------------------------------+---------------------------------------------------------- */
 117 VOID start_tracing(VOID *data)
 118 {
 119   max_trace_size            = max_trace_length.Value();
 120   trace_size                = 0;
 121
 122   total_rollback_times      = 0;
 123   local_rollback_times      = 0;
 124   used_checkpoint_number    = 0;
 125
 126   max_total_rollback_times  = max_total_rollback.Value();
 127   total_rollback_times      = 0;
 128
 129   max_local_rollback_times  = max_local_rollback.Value();
 130   local_rollback_times      = 0;
 131
 132   executed_ins_number       = 0;
 133   econed_ins_number         = 0;
 134
 135   in_tainting               = true;
 136   received_msg_num          = 0;
 137   logged_syscall_index      = syscall_inexist;
 138
 139   ::srand(static_cast<uint32_t>(::time(0)));
 140
 141   return;
 142 }
 143
 144 /*====================================================================================================================*/
 145
 146 VOID stop_tracing(INT32 code, VOID *data)
 147 {
 148   if (!stop_ptr_time)
 149   {
 150     stop_ptr_time.reset(new boost::posix_time::ptime(boost::posix_time::microsec_clock::local_time()));
 151   }
 152
 153   boost::posix_time::time_duration elapsed_time = *stop_ptr_time - *start_ptr_time;
 154   uint64_t elapsed_millisec = elapsed_time.total_milliseconds();
 155
 156   BOOST_LOG_TRIVIAL(info)
 157     << boost::format("\033[33mStop examining, %d milli-seconds elapsed, %d rollbacks used, and %d/%d branches resolved.\033[0m")
 158         % elapsed_millisec % total_rollback_times
 159         % (total_resolved_ptr_branches.size() + found_new_ptr_branches.size())
 160         % total_input_dep_ptr_branches.size();
 161
 162   BOOST_LOG_TRIVIAL(info)
 163     << boost::format("\033[33mEcon/total executed instruction number %d/%d\033[0m")
 164         % econed_ins_number % executed_ins_number;
 165
 166   return;
 167 }
 168
 169 /* ------------------------------------------------------------------------------------------------------------------ */
 170 /*                                                        main function                                               */
 171 /* ------------------------------------------------------------------------------------------------------------------ */
 172 int main (int argc, char *argv[])
 173 {
 174   //std::cout << "initializing image symbols\n" << std::flush;
 175   //PIN_InitSymbols();
 176
 177   std::cout << "initializaing Pin\n";
 178   PIN_Init(argc, argv);
 179
 180   std::cout << "initializing Pintool data\n";
 181   // 0 is the (unused) input data
 182   //PIN_AddApplicationStartFunction(start_tracing, 0);
 183
 184   //std::cout << "activating image_load_instrumenter\n";
 185         //IMG_AddInstrumentFunction(image_load_instrumenter, 0);
 186   //INS_AddInstrumentFunction(ins_instrumenter, 0);
 187   PIN_AddFollowChildProcessFunction(process_create_instrumenter, 0);
 188
 189   //PIN_AddSyscallEntryFunction(syscall_entry_analyzer, 0);
 190   //PIN_AddSyscallExitFunction(syscall_exit_analyzer, 0);
 191
 192   //PIN_AddFiniFunction(stop_tracing, 0);
 193
 194   // now the control is passed to pin, so the main function will never return
 195   PIN_StartProgram();
 196   return 0;
 197 }