taking useful changes from wait-till-ret branch

matthewfl · Aug 28, 2016 · baffd83 · baffd83
1 parent a62fcc0
commit baffd83
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 27 deletions.
diff --git a/make b/make
@@ -10,6 +10,8 @@ from fabricate import *
 
 TARGET = 'jit-test'
 
+VERSION = '1.0.0'
+
 UNIT_TARGET = 'build/unit_tests'
 
 GIT_VERSION = Shell('git describe --always --long --dirty --abbrev=12', silent=True).strip()
@@ -59,9 +61,9 @@ def release():
     clean()
     build()
     Run('mkdir -p release')
-    Run('cp build/libredmagic.so.1.0.0 release/')
+    Run('cp build/libredmagic.so.{} release/'.format(VERSION))
     Run('cp src/redmagic.h release/')
-    Run('strip --strip-unneeded -w -K redmagic_* release/libredmagic.so.1.0.0')
+    Run('strip --strip-unneeded -w -K redmagic_* release/libredmagic.so.{}'.format(VERSION))
 
 
 def clean():
@@ -87,11 +89,11 @@ def link():
     udis_libs = ' '.join(glob.glob('deps/udis86/libudis86/.libs/*.o'))
     # we are not using the compiler interface, just the assembler
     asmjit_libs = ' '.join(filter(lambda x: 'compiler' not in x, glob.glob('build/asmjit/CMakeFiles/asmjit.dir/src/asmjit/*/*.o')))
-    Run('{LD} {LD_FLAGS} -shared -fPIC -Wl,-Bsymbolic -Wl,-soname,libredmagic.so.1.0.0 -o build/libredmagic.so.1.0.0 {objs} {udis_libs} {asmjit_libs} {LIBS}'.format(
+    Run('{LD} {LD_FLAGS} -shared -fPIC -Wl,-Bsymbolic -Wl,-soname,libredmagic.so.{VERSION} -o build/libredmagic.so.{VERSION} {objs} {udis_libs} {asmjit_libs} {LIBS}'.format(
         **dict(globals(), **locals())
     ))
     after()
-    Run('{LD} -o {TARGET} build/main.o build/libredmagic.so.1.0.0 -Wl,-rpath=$ORIGIN/build/'.format(
+    Run('{LD} -o {TARGET} build/main.o build/libredmagic.so.{VERSION} -Wl,-rpath=$ORIGIN/build/'.format(
         **dict(globals(), **locals())
     ))
     after()
@@ -101,8 +103,9 @@ def compile():
         f.write('''
 #ifndef RED_BUILD_VERSION
 #define RED_BUILD_VERSION "{}"
+#define RED_OBJ_VERSION "{}"
 #endif
-        '''.format(GIT_VERSION))
+        '''.format(GIT_VERSION, VERSION))
 
     for f in glob.glob('src/*.cc'):
         Run('{CXX} {} -c {} -o {}'.format(

diff --git a/src/asm_interface.S b/src/asm_interface.S
@@ -23,6 +23,10 @@ red_asm_resume_tracer_block_end:
 
   .global red_asm_resume_eval_block
 red_asm_resume_eval_block:
+  // check if there is somewhere we are going to stash these values
+  test %rdi, %rdi
+  jz 1f
+
   movq %rsp, 56(%rdi)
 
   movq %r12, 0(%rdi)
@@ -32,6 +36,7 @@ red_asm_resume_eval_block:
   movq %rbx, 32(%rdi)
   movq %rbp, 40(%rdi)
 
+1:
   movq %rsi, %rsp
   m_pop_all_regs
   jmpq *-TRACE_RESUME_ADDRESS_OFFSET(%rsp)

diff --git a/src/manager.cc b/src/manager.cc
@@ -686,13 +686,15 @@ void* Manager::fellthrough_branch(void *id, void *ret_addr) {
       l = head->tracer;
       // this will pop the head of the stack internally
       ret = l->EndTraceFallthrough();
+      // the tracer ^^^ will delete itself
+
       info->tracer = head->tracer = nullptr;
 
-      Tracer *expected = nullptr;
-      if(!free_tracer_list.compare_exchange_strong(expected, l)) {
-        // failled to save the tracer to the free list head
-        delete l;
-      }
+      // Tracer *expected = nullptr;
+      // if(!free_tracer_list.compare_exchange_strong(expected, l)) {
+      //   // failled to save the tracer to the free list head
+      //   delete l;
+      // }
 
       return ret;
     } else {

diff --git a/src/tracer.cc b/src/tracer.cc
@@ -822,12 +822,22 @@ void* Tracer::EndMergeBlock() {
   mem_loc_t res_addr = buffer->getRawBuffer() + buffer->getOffset();
   write_interrupt_block();
   mem_loc_t ret = merge_close_core();
-  if(ret == 0)
+  if(ret == 0) {
     ret = res_addr;
+  } else {
+    Tracer *expected = nullptr;
+    if(!free_tracer_list.compare_exchange_strong(expected, this)) {
+      // gaaaa
+      protected_malloc = false;
+      delete this;
+      protected_malloc = true;
+    }
+  }
 
   return (void*)ret;
 }
 
+// calling method has to free tracer if result is non zero
 mem_loc_t Tracer::merge_close_core() {
 #ifdef CONF_CHECK_MERGE_RIP
   mem_loc_t check_rip;
@@ -891,13 +901,13 @@ mem_loc_t Tracer::merge_close_core() {
     // head->tracer = info->tracer = nullptr;
 
     // have to free this tracer
-    Tracer *expected = nullptr;
-    if(!free_tracer_list.compare_exchange_strong(expected, this)) {
-      // gaaaa
-      protected_malloc = false;
-      delete this;
-      protected_malloc = true;
-    }
+    // Tracer *expected = nullptr;
+    // if(!free_tracer_list.compare_exchange_strong(expected, this)) {
+    //   // gaaaa
+    //   protected_malloc = false;
+    //   delete this;
+    //   protected_malloc = true;
+    // }
 
 #ifdef CONF_VERBOSE
     red_printf("merge block closing back to parent: %#016lx\n", head->trace_id);
@@ -973,6 +983,41 @@ void Tracer::continue_program(mem_loc_t resume_loc) {
 }
 
 
+void Tracer::continue_program_end_self(mem_loc_t resume_loc) {
+#ifdef CONF_VERBOSE
+  red_printf("==> %#016lx (end)\n", resume_loc);
+#endif
+  struct user_regs_struct *l_regs_struct = regs_struct;
+
+
+  assert(regs_struct->rsp - TRACE_STACK_OFFSET == (register_t)l_regs_struct);
+  l_regs_struct->rsp += move_stack_by;
+  move_stack_by = 0;
+  *((register_t*)(l_regs_struct->rsp - TRACE_RESUME_ADDRESS_OFFSET)) = resume_loc;
+
+  Tracer *expected = nullptr;
+  if(!free_tracer_list.compare_exchange_strong(expected, this)) {
+    // gaaaa
+    assert(expected != this);
+    protected_malloc = false;
+    delete this;
+    protected_malloc = true;
+  }
+
+  // this should not be returning
+  red_asm_resume_eval_block(NULL, l_regs_struct);
+
+  assert(0);
+  __builtin_unreachable();
+
+  // // assert((regs_struct->rax & ~0xff) != 0xfbfbfbfbfbfbfb00);
+  // regs_struct = (struct user_regs_struct*)
+  // // assert((regs_struct->rax & ~0xff) != 0xfbfbfbfbfbfbfb00);
+}
+
+
+
+
 #define ASM_BLOCK(label)                                    \
   extern "C" void red_asm_ ## label ## _start();            \
   extern "C" void red_asm_ ## label ## _end();              \
@@ -1613,8 +1658,8 @@ void Tracer::evaluate_instruction() {
         if(method_stack.back().return_stack_pointer == -1 ||
            method_stack.back().return_stack_pointer == regs_struct->rsp + move_stack_by - sizeof(register_t)) {
           mem_loc_t merge_close = merge_close_core();
-          if(merge_close) // this might have an issue with the tracer getting free and then using it when it trys to continue the program
-            continue_program(merge_close);
+          if(merge_close)
+            continue_program_end_self(merge_close);
         }
         assert(merge_block_stack.size() < method_stack.back().corresponding_merge_block || method_stack.back().corresponding_merge_block == 0);
 #endif
@@ -1799,9 +1844,14 @@ void Tracer::evaluate_instruction() {
     assert(merge_block_stack.size() >= method_stack.back().corresponding_merge_block);
     if((method_stack.back().return_stack_pointer == -1 && regs_struct->rsp + move_stack_by - sizeof(register_t) >= run_starting_stack_pointer) ||
        method_stack.back().return_stack_pointer == regs_struct->rsp + move_stack_by - sizeof(register_t)) {
+      bool method_merge = merge_block_stack.back().method_merge;
       mem_loc_t merge_close = merge_close_core();
-      if(merge_close) // this might have an issue with the tracer getting free and then using it when it trys to continue the program
-        continue_program(merge_close);
+      if(merge_close) {
+        // we won't have the info for this merge block since it currently isn't contained on the stack
+        continue_program_end_self(merge_close);
+      } else {
+        assert(method_merge == true);
+      }
     }
     //assert(merge_block_stack.size() >= method_stack.back().corresponding_merge_block);// || method_stack.back().corresponding_merge_block == 0);
 #endif

diff --git a/src/tracer.h b/src/tracer.h
@@ -93,6 +93,8 @@ namespace redmagic {
 
     // continue program might not return, so any cleanup needs to be peformed before it is called
     void continue_program(mem_loc_t);
+    // continue the program but prepare to delete self
+    void continue_program_end_self(mem_loc_t);
     void write_interrupt_block();
 
     // jump back to the normal execution of this program, no clean up

diff --git a/tools/biset.py b/tools/biset.py
@@ -8,7 +8,7 @@
 
 
 
-def do_run(instruction_count, process, error_search):
+def do_run(instruction_count, process, error_search, out_log):
     env = os.environ.copy()
     env['REDMAGIC_GLOBAL_ABORT'] = str(instruction_count)
 
@@ -19,10 +19,14 @@ def do_run(instruction_count, process, error_search):
 
     try:
         for li in proc.stdout:
+            if out_log:
+                out_log.write(li)
             qu.append(li)
             if cnt % 50000 == 0:
                 print(instruction_count, li)
             cnt += 1
+    except Exception as e:
+        print(e)
     finally:
         proc.kill()
 
@@ -38,8 +42,9 @@ def do_run(instruction_count, process, error_search):
 
 
 def main():
-    max_i = int(sys.argv[-1])
-    min_i = int(sys.argv[-2])
+    max_i = int(sys.argv[-2])
+    min_i = int(sys.argv[-3])
+    out_log = str(sys.argv[-1])
 
     assert max_i > min_i
 
@@ -53,14 +58,16 @@ def main():
             inst = (max_i + min_i) // 2
             print('>>>>>>>>>>>>>>>>>>>running bisect stopping at instruction {} ({}, {}, {})'.format(inst, min_i, max_i, max_i - min_i))
             time.sleep(5)
-            r = do_run(inst, process, error_search)
+            r = do_run(inst, process, error_search, None)
             if r:
                 min_i = inst
             else:
                 max_i = inst
+        with open(out_log, 'bw+') as olog:
+            do_run(2*max_i, process, error_search, olog)
     finally:
         print(min_i, max_i)
-
+