[PATCH v3 0/3] plugins: add a drcov plugin

[PATCH v3 0/3] plugins: add a drcov plugin

[NDNF]

These patches adds the ability to generate files in drcov format.
Primary goal this scripts is to have coverage
logfiles thatwork in Lighthouse.

Changelog:
v3:
  * Increased speed of the plugin.
  * Added documentation to the helper functions.
  * Sorted qemu-plugins.symbols.

v2:
  * Added path to executable binary file.
  * base, end, entry have correct values now.
  * Added option: "filename" for output file.
  * Install an actual tracer when the TB gets executed.

Signed-off-by: Ivanov Arkady <arkadiy.ivanov@ispras.ru>

---

Ivanov Arkady (3):
      src/plugins: sorted list
      This patch adds helper functions to the drcov plugin.
      contrib/plugins: add a drcov plugin


 contrib/plugins/Makefile     |    1 
 contrib/plugins/drcov.c      |  152 ++++++++++++++++++++++++++++++++++++++++++
 include/qemu/qemu-plugin.h   |   17 +++++
 plugins/api.c                |   44 ++++++++++++
 plugins/qemu-plugins.symbols |   56 ++++++++-------
 5 files changed, 244 insertions(+), 26 deletions(-)
 create mode 100644 contrib/plugins/drcov.c

--
Ivanov Arkady

[PATCH v3 1/3] src/plugins: sorted list

[NDNF]

The list is sorted to make it easier to find missing characters

Signed-off-by: Ivanov Arkady <arkadiy.ivanov@ispras.ru>
---
 plugins/qemu-plugins.symbols |   52 +++++++++++++++++++++---------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/plugins/qemu-plugins.symbols b/plugins/qemu-plugins.symbols
index 4bdb381f48..688db92773 100644
--- a/plugins/qemu-plugins.symbols
+++ b/plugins/qemu-plugins.symbols
@@ -1,40 +1,40 @@
 {
-  qemu_plugin_uninstall;
-  qemu_plugin_reset;
-  qemu_plugin_register_vcpu_init_cb;
+  qemu_plugin_get_hwaddr;
+  qemu_plugin_hwaddr_is_io;
+  qemu_plugin_hwaddr_to_raddr;
+  qemu_plugin_insn_data;
+  qemu_plugin_insn_disas;
+  qemu_plugin_insn_haddr;
+  qemu_plugin_insn_size;
+  qemu_plugin_insn_vaddr;
+  qemu_plugin_mem_is_big_endian;
+  qemu_plugin_mem_is_sign_extended;
+  qemu_plugin_mem_is_store;
+  qemu_plugin_mem_size_shift;
+  qemu_plugin_n_max_vcpus;
+  qemu_plugin_n_vcpus;
+  qemu_plugin_outs;
+  qemu_plugin_ram_addr_from_host;
+  qemu_plugin_register_atexit_cb;
+  qemu_plugin_register_flush_cb;
   qemu_plugin_register_vcpu_exit_cb;
   qemu_plugin_register_vcpu_idle_cb;
-  qemu_plugin_register_vcpu_resume_cb;
+  qemu_plugin_register_vcpu_init_cb;
   qemu_plugin_register_vcpu_insn_exec_cb;
   qemu_plugin_register_vcpu_insn_exec_inline;
   qemu_plugin_register_vcpu_mem_cb;
   qemu_plugin_register_vcpu_mem_haddr_cb;
   qemu_plugin_register_vcpu_mem_inline;
-  qemu_plugin_ram_addr_from_host;
-  qemu_plugin_register_vcpu_tb_trans_cb;
-  qemu_plugin_register_vcpu_tb_exec_cb;
-  qemu_plugin_register_vcpu_tb_exec_inline;
-  qemu_plugin_register_flush_cb;
+  qemu_plugin_register_vcpu_resume_cb;
   qemu_plugin_register_vcpu_syscall_cb;
   qemu_plugin_register_vcpu_syscall_ret_cb;
-  qemu_plugin_register_atexit_cb;
-  qemu_plugin_tb_n_insns;
+  qemu_plugin_register_vcpu_tb_exec_cb;
+  qemu_plugin_register_vcpu_tb_exec_inline;
+  qemu_plugin_register_vcpu_tb_trans_cb;
+  qemu_plugin_reset;
   qemu_plugin_tb_get_insn;
+  qemu_plugin_tb_n_insns;
   qemu_plugin_tb_vaddr;
-  qemu_plugin_insn_data;
-  qemu_plugin_insn_size;
-  qemu_plugin_insn_vaddr;
-  qemu_plugin_insn_haddr;
-  qemu_plugin_insn_disas;
-  qemu_plugin_mem_size_shift;
-  qemu_plugin_mem_is_sign_extended;
-  qemu_plugin_mem_is_big_endian;
-  qemu_plugin_mem_is_store;
-  qemu_plugin_get_hwaddr;
-  qemu_plugin_hwaddr_is_io;
-  qemu_plugin_hwaddr_to_raddr;
+  qemu_plugin_uninstall;
   qemu_plugin_vcpu_for_each;
-  qemu_plugin_n_vcpus;
-  qemu_plugin_n_max_vcpus;
-  qemu_plugin_outs;
 };

[PATCH v3 2/3] This patch adds helper functions to the drcov plugin.

[NDNF]

Which provide information about:
- start_code.
- end_code.
- entry.
- path to the executable binary.

Signed-off-by: Ivanov Arkady <arkadiy.ivanov@ispras.ru>
---
 include/qemu/qemu-plugin.h   |   17 ++++++++++++++++
 plugins/api.c                |   44 ++++++++++++++++++++++++++++++++++++++++++
 plugins/qemu-plugins.symbols |    4 ++++
 3 files changed, 65 insertions(+)

diff --git a/include/qemu/qemu-plugin.h b/include/qemu/qemu-plugin.h
index 5775e82c4e..68af67acf2 100644
--- a/include/qemu/qemu-plugin.h
+++ b/include/qemu/qemu-plugin.h
@@ -405,4 +405,21 @@ int qemu_plugin_n_max_vcpus(void);
  */
 void qemu_plugin_outs(const char *string);
 
+/**
+ * qemu_plugin_path_to_binary() - returns path to binary file being executed
+ */
+QEMU_PLUGIN_EXPORT const char *qemu_plugin_path_to_binary(void);
+/**
+ * qemu_plugin_start_code() - returns start of text segment
+ */
+QEMU_PLUGIN_EXPORT uint64_t qemu_plugin_start_code(void);
+/**
+ * qemu_plugin_end_code() - returns end of text segment
+ */
+QEMU_PLUGIN_EXPORT uint64_t qemu_plugin_end_code(void);
+/**
+ * qemu_plugin_entry_code() - returns start address for module
+ */
+QEMU_PLUGIN_EXPORT uint64_t qemu_plugin_entry_code(void);
+
 #endif /* QEMU_PLUGIN_API_H */
diff --git a/plugins/api.c b/plugins/api.c
index bbdc5a4eb4..064eebacd1 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -48,6 +48,10 @@
 #endif
 #include "trace/mem.h"
 
+#ifdef CONFIG_USER_ONLY
+#include "qemu.h"
+#endif
+
 /* Uninstall and Reset handlers */
 
 void qemu_plugin_uninstall(qemu_plugin_id_t id, qemu_plugin_simple_cb_t cb)
@@ -340,3 +344,43 @@ void qemu_plugin_outs(const char *string)
 {
     qemu_log_mask(CPU_LOG_PLUGIN, "%s", string);
 }
+
+const char *qemu_plugin_path_to_binary(void)
+{
+#ifdef CONFIG_USER_ONLY
+    TaskState *ts = (TaskState *) current_cpu->opaque;
+    return ts->bprm->filename;
+#else
+    return "path";
+#endif
+}
+
+uint64_t qemu_plugin_start_code(void)
+{
+#ifdef CONFIG_USER_ONLY
+    TaskState *ts = (TaskState *) current_cpu->opaque;
+    return ts->info->start_code;
+#else
+    return 0;
+#endif
+}
+
+uint64_t qemu_plugin_end_code(void)
+{
+#ifdef CONFIG_USER_ONLY
+    TaskState *ts = (TaskState *) current_cpu->opaque;
+    return ts->info->end_code;
+#else
+    return 0xFFFFFFFF;
+#endif
+}
+
+uint64_t qemu_plugin_entry_code(void)
+{
+#ifdef CONFIG_USER_ONLY
+    TaskState *ts = (TaskState *) current_cpu->opaque;
+    return ts->info->entry;
+#else
+    return 0;
+#endif
+}
diff --git a/plugins/qemu-plugins.symbols b/plugins/qemu-plugins.symbols
index 688db92773..d956888f67 100644
--- a/plugins/qemu-plugins.symbols
+++ b/plugins/qemu-plugins.symbols
@@ -1,4 +1,6 @@
 {
+  qemu_plugin_end_code;
+  qemu_plugin_entry_code;
   qemu_plugin_get_hwaddr;
   qemu_plugin_hwaddr_is_io;
   qemu_plugin_hwaddr_to_raddr;
@@ -14,6 +16,7 @@
   qemu_plugin_n_max_vcpus;
   qemu_plugin_n_vcpus;
   qemu_plugin_outs;
+  qemu_plugin_path_to_binary;
   qemu_plugin_ram_addr_from_host;
   qemu_plugin_register_atexit_cb;
   qemu_plugin_register_flush_cb;
@@ -32,6 +35,7 @@
   qemu_plugin_register_vcpu_tb_exec_inline;
   qemu_plugin_register_vcpu_tb_trans_cb;
   qemu_plugin_reset;
+  qemu_plugin_start_code;
   qemu_plugin_tb_get_insn;
   qemu_plugin_tb_n_insns;
   qemu_plugin_tb_vaddr;

[PATCH v3 3/3] contrib/plugins: add a drcov plugin

[NDNF]

This patch adds the ability to generate files in drcov format.
Primary goal this script is to have coverage
logfiles thatwork in Lighthouse.

Signed-off-by: Ivanov Arkady <arkadiy.ivanov@ispras.ru>
---
 contrib/plugins/Makefile |    1 
 contrib/plugins/drcov.c  |  152 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 153 insertions(+)
 create mode 100644 contrib/plugins/drcov.c

diff --git a/contrib/plugins/Makefile b/contrib/plugins/Makefile
index 7801b08b0d..0a681efeec 100644
--- a/contrib/plugins/Makefile
+++ b/contrib/plugins/Makefile
@@ -17,6 +17,7 @@ NAMES += hotblocks
 NAMES += hotpages
 NAMES += howvec
 NAMES += lockstep
+NAMES += drcov
 
 SONAMES := $(addsuffix .so,$(addprefix lib,$(NAMES)))
 
diff --git a/contrib/plugins/drcov.c b/contrib/plugins/drcov.c
new file mode 100644
index 0000000000..a655f1337c
--- /dev/null
+++ b/contrib/plugins/drcov.c
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2021, Ivanov Arkady <arkadiy.ivanov@ispras.ru>
+ *
+ * Drcov - a DynamoRIO-based tool that collects coverage information
+ * from a binary. Primary goal this script is to have coverage log
+ * files that work in Lighthouse.
+ *
+ * License: GNU GPL, version 2 or later.
+ *   See the COPYING file in the top-level directory.
+ */
+
+#include <inttypes.h>
+#include <assert.h>
+#include <stdlib.h>
+#include <inttypes.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <glib.h>
+
+#include <qemu-plugin.h>
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
+
+static char header[] = "DRCOV VERSION: 2\n"
+                "DRCOV FLAVOR: drcov-64\n"
+                "Module Table: version 2, count 1\n"
+                "Columns: id, base, end, entry, path\n";
+
+static FILE *fp;
+static char *file_name = "file.drcov.trace";
+static GMutex lock;
+
+typedef struct {
+    uint32_t start;
+    uint16_t size;
+    uint16_t mod_id;
+    bool exec;
+} bb_entry_t;
+
+static GSList *bbs;
+
+static void printf_header(void)
+{
+    fprintf(fp, "%s", header);
+    const char *path = qemu_plugin_path_to_binary();
+    uint64_t start_code = qemu_plugin_start_code();
+    uint64_t end_code = qemu_plugin_end_code();
+    uint64_t entry = qemu_plugin_entry_code();
+    fprintf(fp, "0, 0x%lx, 0x%lx, 0x%lx, %s\n",
+            start_code, end_code, entry, path);
+    fprintf(fp, "BB Table: %d bbs\n", g_slist_length(bbs));
+}
+
+static void printf_char_array32(uint32_t data)
+{
+    const uint8_t *bytes = (const uint8_t *)(&data);
+    fwrite(bytes, sizeof(char), sizeof(data), fp);
+}
+
+static void printf_char_array16(uint16_t data)
+{
+    const uint8_t *bytes = (const uint8_t *)(&data);
+    fwrite(bytes, sizeof(char), sizeof(data), fp);
+}
+
+
+static void printf_el(gpointer data, gpointer user_data)
+{
+    g_mutex_lock(&lock);
+
+    bb_entry_t *bb = (bb_entry_t *)data;
+    if (bb->exec) {
+        printf_char_array32(bb->start);
+        printf_char_array16(bb->size);
+        printf_char_array16(bb->mod_id);
+    }
+
+    g_mutex_unlock(&lock);
+}
+
+static void plugin_exit(qemu_plugin_id_t id, void *p)
+{
+    /* Print function */
+    printf_header();
+    bbs = g_slist_reverse(bbs);
+    g_slist_foreach(bbs, printf_el, NULL);
+
+    /* Clear */
+    g_slist_free_full(bbs, &g_free);
+    fclose(fp);
+}
+
+static void plugin_init(void)
+{
+    fp = fopen(file_name, "wb");
+}
+
+static void vcpu_tb_exec(unsigned int cpu_index, void *udata)
+{
+    g_mutex_lock(&lock);
+
+    bb_entry_t *bb = (bb_entry_t *)udata;
+    bb->exec = true;
+
+    g_mutex_unlock(&lock);
+}
+
+static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb)
+{
+    uint64_t pc = qemu_plugin_tb_vaddr(tb);
+
+    size_t n = qemu_plugin_tb_n_insns(tb);
+
+    g_mutex_lock(&lock);
+
+    bb_entry_t *bb = g_new0(bb_entry_t, 1);
+    for (int i = 0; i < n; i++) {
+        bb->size += qemu_plugin_insn_size(qemu_plugin_tb_get_insn(tb, i));
+    }
+
+    bb->start = pc;
+    bb->mod_id = 0;
+    bb->exec = false;
+
+    bbs = g_slist_prepend(bbs, bb);
+    g_mutex_unlock(&lock);
+
+    qemu_plugin_register_vcpu_tb_exec_cb(tb, vcpu_tb_exec,
+                                         QEMU_PLUGIN_CB_NO_REGS,
+                                         (void *)bb);
+
+}
+
+QEMU_PLUGIN_EXPORT
+int qemu_plugin_install(qemu_plugin_id_t id, const qemu_info_t *info,
+                        int argc, char **argv)
+{
+    for (int i = 0; i < argc; i++) {
+        g_autofree char **tokens = g_strsplit(argv[i], "=", 2);
+        if (g_strcmp0(tokens[0], "filename") == 0) {
+            file_name = g_strdup(tokens[1]);
+        }
+    }
+
+    plugin_init();
+
+    qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans);
+    qemu_plugin_register_atexit_cb(id, plugin_exit, NULL);
+
+    return 0;
+}

Re: [PATCH v3 1/3] src/plugins: sorted list

[Alex Bennée]

NDNF <arkaisp2021@gmail.com> writes:

> The list is sorted to make it easier to find missing characters
>
> Signed-off-by: Ivanov Arkady <arkadiy.ivanov@ispras.ru>
> ---
>  plugins/qemu-plugins.symbols |   52 +++++++++++++++++++++---------------------
>  1 file changed, 26 insertions(+), 26 deletions(-)

Your baseline must be old because we already have a sorted list since:

  1156a03372 (plugins: sort exported symbol list)

-- 
Alex Bennée

Re: [PATCH v3 0/3] plugins: add a drcov plugin

[Alex Bennée]

NDNF <arkaisp2021@gmail.com> writes:

> These patches adds the ability to generate files in drcov format.
> Primary goal this scripts is to have coverage
> logfiles thatwork in Lighthouse.

Queued with some fixes to plugins/next, thanks.

-- 
Alex Bennée

Re: [PATCH v3 0/3] plugins: add a drcov plugin

[Pavel Dovgalyuk]

On 25.10.2021 22:03, Alex Bennée wrote:
> 
> NDNF <arkaisp2021@gmail.com> writes:
> 
>> These patches adds the ability to generate files in drcov format.
>> Primary goal this scripts is to have coverage
>> logfiles thatwork in Lighthouse.
> 
> Queued with some fixes to plugins/next, thanks.
> 

ping

Re: [PATCH v3 0/3] plugins: add a drcov plugin

[Alex Bennée]

Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru> writes:

> On 25.10.2021 22:03, Alex Bennée wrote:
>> NDNF <arkaisp2021@gmail.com> writes:
>> 
>>> These patches adds the ability to generate files in drcov format.
>>> Primary goal this scripts is to have coverage
>>> logfiles thatwork in Lighthouse.
>> Queued with some fixes to plugins/next, thanks.
>> 
>
> ping

I would still like to find a decent way of testing these coverage files.
I looked at a number of FLOSS tools and I think radare2 can handle the
drcov format but I couldn't get anything out of it.

I'll be posting the state of my plugins/next tree soon and we can get
some final reviews before submitting the PR.

-- 
Alex Bennée