xref: /qemu/contrib/plugins/drcov.c (revision 336d354b) 
1 /*
2  * Copyright (C) 2021, Ivanov Arkady <arkadiy.ivanov@ispras.ru>
3  *
4  * Drcov - a DynamoRIO-based tool that collects coverage information
5  * from a binary. Primary goal this script is to have coverage log
6  * files that work in Lighthouse.
7  *
8  * License: GNU GPL, version 2 or later.
9  *   See the COPYING file in the top-level directory.
10  */
11 
12 #include <inttypes.h>
13 #include <assert.h>
14 #include <stdlib.h>
15 #include <inttypes.h>
16 #include <string.h>
17 #include <unistd.h>
18 #include <stdio.h>
19 #include <glib.h>
20 
21 #include <qemu-plugin.h>
22 
23 QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
24 
25 static char header[] = "DRCOV VERSION: 2\n"
26                 "DRCOV FLAVOR: drcov-64\n"
27                 "Module Table: version 2, count 1\n"
28                 "Columns: id, base, end, entry, path\n";
29 
30 static FILE *fp;
31 static const char *file_name = "file.drcov.trace";
32 static GMutex lock;
33 
34 typedef struct {
35     uint32_t start;
36     uint16_t size;
37     uint16_t mod_id;
38     bool     exec;
39 } bb_entry_t;
40 
41 /* Translated blocks */
42 static GPtrArray *blocks;
43 
44 static void printf_header(unsigned long count)
45 {
46     fprintf(fp, "%s", header);
47     const char *path = qemu_plugin_path_to_binary();
48     uint64_t start_code = qemu_plugin_start_code();
49     uint64_t end_code = qemu_plugin_end_code();
50     uint64_t entry = qemu_plugin_entry_code();
51     fprintf(fp, "0, 0x%lx, 0x%lx, 0x%lx, %s\n",
52             start_code, end_code, entry, path);
53     fprintf(fp, "BB Table: %ld bbs\n", count);
54 }
55 
56 static void printf_char_array32(uint32_t data)
57 {
58     const uint8_t *bytes = (const uint8_t *)(&data);
59     fwrite(bytes, sizeof(char), sizeof(data), fp);
60 }
61 
62 static void printf_char_array16(uint16_t data)
63 {
64     const uint8_t *bytes = (const uint8_t *)(&data);
65     fwrite(bytes, sizeof(char), sizeof(data), fp);
66 }
67 
68 
69 static void printf_el(gpointer data, gpointer user_data)
70 {
71     bb_entry_t *bb = (bb_entry_t *)data;
72     if (bb->exec) {
73         printf_char_array32(bb->start);
74         printf_char_array16(bb->size);
75         printf_char_array16(bb->mod_id);
76     }
77     g_free(bb);
78 }
79 
80 static void count_block(gpointer data, gpointer user_data)
81 {
82     unsigned long *count = (unsigned long *) user_data;
83     bb_entry_t *bb = (bb_entry_t *)data;
84     if (bb->exec) {
85         *count = *count + 1;
86     }
87 }
88 
89 static void plugin_exit(qemu_plugin_id_t id, void *p)
90 {
91     unsigned long count = 0;
92     g_mutex_lock(&lock);
93     g_ptr_array_foreach(blocks, count_block, &count);
94 
95     /* Print function */
96     printf_header(count);
97     g_ptr_array_foreach(blocks, printf_el, NULL);
98 
99     /* Clear */
100     g_ptr_array_free(blocks, true);
101 
102     fclose(fp);
103 
104     g_mutex_unlock(&lock);
105 }
106 
107 static void plugin_init(void)
108 {
109     fp = fopen(file_name, "wb");
110     blocks = g_ptr_array_sized_new(128);
111 }
112 
113 static void vcpu_tb_exec(unsigned int cpu_index, void *udata)
114 {
115     bb_entry_t *bb = (bb_entry_t *) udata;
116 
117     g_mutex_lock(&lock);
118     bb->exec = true;
119     g_mutex_unlock(&lock);
120 }
121 
122 static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb)
123 {
124     uint64_t pc = qemu_plugin_tb_vaddr(tb);
125     size_t n = qemu_plugin_tb_n_insns(tb);
126 
127     g_mutex_lock(&lock);
128 
129     bb_entry_t *bb = g_new0(bb_entry_t, 1);
130     for (int i = 0; i < n; i++) {
131         bb->size += qemu_plugin_insn_size(qemu_plugin_tb_get_insn(tb, i));
132     }
133 
134     bb->start = pc;
135     bb->mod_id = 0;
136     bb->exec = false;
137     g_ptr_array_add(blocks, bb);
138 
139     g_mutex_unlock(&lock);
140     qemu_plugin_register_vcpu_tb_exec_cb(tb, vcpu_tb_exec,
141                                          QEMU_PLUGIN_CB_NO_REGS,
142                                          (void *)bb);
143 
144 }
145 
146 QEMU_PLUGIN_EXPORT
147 int qemu_plugin_install(qemu_plugin_id_t id, const qemu_info_t *info,
148                         int argc, char **argv)
149 {
150     for (int i = 0; i < argc; i++) {
151         g_autofree char **tokens = g_strsplit(argv[i], "=", 2);
152         if (g_strcmp0(tokens[0], "filename") == 0) {
153             file_name = g_strdup(tokens[1]);
154         }
155     }
156 
157     plugin_init();
158 
159     qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans);
160     qemu_plugin_register_atexit_cb(id, plugin_exit, NULL);
161 
162     return 0;
163 }
164