contrib/plugins/drcov.c

   1 /*
   2  * Copyright (C) 2021, Ivanov Arkady <arkadiy.ivanov@ispras.ru>
   3  *
   4  * Drcov - a DynamoRIO-based tool that collects coverage information
   5  * from a binary. Primary goal this script is to have coverage log
   6  * files that work in Lighthouse.
   7  *
   8  * License: GNU GPL, version 2 or later.
   9  *   See the COPYING file in the top-level directory.
  10  */
  11
  12 #include <inttypes.h>
  13 #include <assert.h>
  14 #include <stdlib.h>
  15 #include <inttypes.h>
  16 #include <string.h>
  17 #include <unistd.h>
  18 #include <stdio.h>
  19 #include <glib.h>
  20
  21 #include <qemu-plugin.h>
  22
  23 QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
  24
  25 static char header[] = "DRCOV VERSION: 2\n"
  26                 "DRCOV FLAVOR: drcov-64\n"
  27                 "Module Table: version 2, count 1\n"
  28                 "Columns: id, base, end, entry, path\n";
  29
  30 static FILE *fp;
  31 static const char *file_name = "file.drcov.trace";
  32 static GMutex lock;
  33
  34 typedef struct {
  35     uint32_t start;
  36     uint16_t size;
  37     uint16_t mod_id;
  38     bool     exec;
  39 } bb_entry_t;
  40
  41 /* Translated blocks */
  42 static GPtrArray *blocks;
  43
  44 static void printf_header(unsigned long count)
  45 {
  46     fprintf(fp, "%s", header);
  47     const char *path = qemu_plugin_path_to_binary();
  48     uint64_t start_code = qemu_plugin_start_code();
  49     uint64_t end_code = qemu_plugin_end_code();
  50     uint64_t entry = qemu_plugin_entry_code();
  51     fprintf(fp, "0, 0x%lx, 0x%lx, 0x%lx, %s\n",
  52             start_code, end_code, entry, path);
  53     fprintf(fp, "BB Table: %ld bbs\n", count);
  54 }
  55
  56 static void printf_char_array32(uint32_t data)
  57 {
  58     const uint8_t *bytes = (const uint8_t *)(&data);
  59     fwrite(bytes, sizeof(char), sizeof(data), fp);
  60 }
  61
  62 static void printf_char_array16(uint16_t data)
  63 {
  64     const uint8_t *bytes = (const uint8_t *)(&data);
  65     fwrite(bytes, sizeof(char), sizeof(data), fp);
  66 }
  67
  68
  69 static void printf_el(gpointer data, gpointer user_data)
  70 {
  71     bb_entry_t *bb = (bb_entry_t *)data;
  72     if (bb->exec) {
  73         printf_char_array32(bb->start);
  74         printf_char_array16(bb->size);
  75         printf_char_array16(bb->mod_id);
  76     }
  77     g_free(bb);
  78 }
  79
  80 static void count_block(gpointer data, gpointer user_data)
  81 {
  82     unsigned long *count = (unsigned long *) user_data;
  83     bb_entry_t *bb = (bb_entry_t *)data;
  84     if (bb->exec) {
  85         *count = *count + 1;
  86     }
  87 }
  88
  89 static void plugin_exit(qemu_plugin_id_t id, void *p)
  90 {
  91     unsigned long count = 0;
  92     g_mutex_lock(&lock);
  93     g_ptr_array_foreach(blocks, count_block, &count);
  94
  95     /* Print function */
  96     printf_header(count);
  97     g_ptr_array_foreach(blocks, printf_el, NULL);
  98
  99     /* Clear */
 100     g_ptr_array_free(blocks, true);
 101
 102     fclose(fp);
 103
 104     g_mutex_unlock(&lock);
 105 }
 106
 107 static void plugin_init(void)
 108 {
 109     fp = fopen(file_name, "wb");
 110     blocks = g_ptr_array_sized_new(128);
 111 }
 112
 113 static void vcpu_tb_exec(unsigned int cpu_index, void *udata)
 114 {
 115     bb_entry_t *bb = (bb_entry_t *) udata;
 116
 117     g_mutex_lock(&lock);
 118     bb->exec = true;
 119     g_mutex_unlock(&lock);
 120 }
 121
 122 static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb)
 123 {
 124     uint64_t pc = qemu_plugin_tb_vaddr(tb);
 125     size_t n = qemu_plugin_tb_n_insns(tb);
 126
 127     g_mutex_lock(&lock);
 128
 129     bb_entry_t *bb = g_new0(bb_entry_t, 1);
 130     for (int i = 0; i < n; i++) {
 131         bb->size += qemu_plugin_insn_size(qemu_plugin_tb_get_insn(tb, i));
 132     }
 133
 134     bb->start = pc;
 135     bb->mod_id = 0;
 136     bb->exec = false;
 137     g_ptr_array_add(blocks, bb);
 138
 139     g_mutex_unlock(&lock);
 140     qemu_plugin_register_vcpu_tb_exec_cb(tb, vcpu_tb_exec,
 141                                          QEMU_PLUGIN_CB_NO_REGS,
 142                                          (void *)bb);
 143
 144 }
 145
 146 QEMU_PLUGIN_EXPORT
 147 int qemu_plugin_install(qemu_plugin_id_t id, const qemu_info_t *info,
 148                         int argc, char **argv)
 149 {
 150     for (int i = 0; i < argc; i++) {
 151         g_autofree char **tokens = g_strsplit(argv[i], "=", 2);
 152         if (g_strcmp0(tokens[0], "filename") == 0) {
 153             file_name = g_strdup(tokens[1]);
 154         }
 155     }
 156
 157     plugin_init();
 158
 159     qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans);
 160     qemu_plugin_register_atexit_cb(id, plugin_exit, NULL);
 161
 162     return 0;
 163 }