diff options
Diffstat (limited to 'src/VBox/VMM/VMMR3/DBGFR3Flow.cpp')
-rw-r--r-- | src/VBox/VMM/VMMR3/DBGFR3Flow.cpp | 2322 |
1 files changed, 2322 insertions, 0 deletions
diff --git a/src/VBox/VMM/VMMR3/DBGFR3Flow.cpp b/src/VBox/VMM/VMMR3/DBGFR3Flow.cpp new file mode 100644 index 00000000..9afe9e57 --- /dev/null +++ b/src/VBox/VMM/VMMR3/DBGFR3Flow.cpp @@ -0,0 +1,2322 @@ +/* $Id: DBGFR3Flow.cpp $ */ +/** @file + * DBGF - Debugger Facility, Control Flow Graph Interface (CFG). + */ + +/* + * Copyright (C) 2016-2023 Oracle and/or its affiliates. + * + * This file is part of VirtualBox base platform packages, as + * available from https://www.virtualbox.org. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, in version 3 of the + * License. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <https://www.gnu.org/licenses>. + * + * SPDX-License-Identifier: GPL-3.0-only + */ + + +/** @page pg_dbgf_cfg DBGFR3Flow - Control Flow Graph Interface + * + * The control flow graph interface provides an API to disassemble + * guest code providing the result in a control flow graph. + */ + + +/********************************************************************************************************************************* +* Header Files * +*********************************************************************************************************************************/ +#define LOG_GROUP LOG_GROUP_DBGF +#include <VBox/vmm/dbgf.h> +#include "DBGFInternal.h" +#include <VBox/vmm/mm.h> +#include <VBox/vmm/uvm.h> +#include <VBox/vmm/vm.h> +#include <VBox/err.h> +#include <VBox/log.h> + +#include <iprt/assert.h> +#include <iprt/thread.h> +#include <iprt/param.h> +#include <iprt/list.h> +#include <iprt/mem.h> +#include <iprt/sort.h> +#include <iprt/strcache.h> + + +/********************************************************************************************************************************* +* Structures and Typedefs * +*********************************************************************************************************************************/ + +/** + * Internal control flow graph state. + */ +typedef struct DBGFFLOWINT +{ + /** Reference counter. */ + uint32_t volatile cRefs; + /** Internal reference counter for basic blocks. */ + uint32_t volatile cRefsBb; + /** Flags during creation. */ + uint32_t fFlags; + /** List of all basic blocks. */ + RTLISTANCHOR LstFlowBb; + /** List of identified branch tables. */ + RTLISTANCHOR LstBranchTbl; + /** Number of basic blocks in this control flow graph. */ + uint32_t cBbs; + /** Number of branch tables in this control flow graph. */ + uint32_t cBranchTbls; + /** Number of call instructions in this control flow graph. */ + uint32_t cCallInsns; + /** The lowest addres of a basic block. */ + DBGFADDRESS AddrLowest; + /** The highest address of a basic block. */ + DBGFADDRESS AddrHighest; + /** String cache for disassembled instructions. */ + RTSTRCACHE hStrCacheInstr; +} DBGFFLOWINT; +/** Pointer to an internal control flow graph state. */ +typedef DBGFFLOWINT *PDBGFFLOWINT; + +/** + * Instruction record + */ +typedef struct DBGFFLOWBBINSTR +{ + /** Instruction address. */ + DBGFADDRESS AddrInstr; + /** Size of instruction. */ + uint32_t cbInstr; + /** Disassembled instruction string. */ + const char *pszInstr; +} DBGFFLOWBBINSTR; +/** Pointer to an instruction record. */ +typedef DBGFFLOWBBINSTR *PDBGFFLOWBBINSTR; + + +/** + * A branch table identified by the graph processor. + */ +typedef struct DBGFFLOWBRANCHTBLINT +{ + /** Node for the list of branch tables. */ + RTLISTNODE NdBranchTbl; + /** The owning control flow graph. */ + PDBGFFLOWINT pFlow; + /** Reference counter. */ + uint32_t volatile cRefs; + /** The general register index holding the bracnh table base. */ + uint8_t idxGenRegBase; + /** Start address of the branch table. */ + DBGFADDRESS AddrStart; + /** Number of valid entries in the branch table. */ + uint32_t cSlots; + /** The addresses contained in the branch table - variable in size. */ + DBGFADDRESS aAddresses[1]; +} DBGFFLOWBRANCHTBLINT; +/** Pointer to a branch table structure. */ +typedef DBGFFLOWBRANCHTBLINT *PDBGFFLOWBRANCHTBLINT; + + +/** + * Internal control flow graph basic block state. + */ +typedef struct DBGFFLOWBBINT +{ + /** Node for the list of all basic blocks. */ + RTLISTNODE NdFlowBb; + /** The control flow graph the basic block belongs to. */ + PDBGFFLOWINT pFlow; + /** Reference counter. */ + uint32_t volatile cRefs; + /** Basic block end type. */ + DBGFFLOWBBENDTYPE enmEndType; + /** Start address of this basic block. */ + DBGFADDRESS AddrStart; + /** End address of this basic block. */ + DBGFADDRESS AddrEnd; + /** Address of the block succeeding. + * This is valid for conditional jumps + * (the other target is referenced by AddrEnd+1) and + * unconditional jumps (not ret, iret, etc.) except + * if we can't infer the jump target (jmp *eax for example). */ + DBGFADDRESS AddrTarget; + /** The indirect branch table identified for indirect branches. */ + PDBGFFLOWBRANCHTBLINT pFlowBranchTbl; + /** Last status error code if DBGF_FLOW_BB_F_INCOMPLETE_ERR is set. */ + int rcError; + /** Error message if DBGF_FLOW_BB_F_INCOMPLETE_ERR is set. */ + char *pszErr; + /** Flags for this basic block. */ + uint32_t fFlags; + /** Number of instructions in this basic block. */ + uint32_t cInstr; + /** Maximum number of instruction records for this basic block. */ + uint32_t cInstrMax; + /** Instruction records, variable in size. */ + DBGFFLOWBBINSTR aInstr[1]; +} DBGFFLOWBBINT; +/** Pointer to an internal control flow graph basic block state. */ +typedef DBGFFLOWBBINT *PDBGFFLOWBBINT; + + +/** + * Control flow graph iterator state. + */ +typedef struct DBGFFLOWITINT +{ + /** Pointer to the control flow graph (holding a reference). */ + PDBGFFLOWINT pFlow; + /** Next basic block to return. */ + uint32_t idxBbNext; + /** Array of basic blocks sorted by the specified order - variable in size. */ + PDBGFFLOWBBINT apBb[1]; +} DBGFFLOWITINT; +/** Pointer to the internal control flow graph iterator state. */ +typedef DBGFFLOWITINT *PDBGFFLOWITINT; + + +/** + * Control flow graph branch table iterator state. + */ +typedef struct DBGFFLOWBRANCHTBLITINT +{ + /** Pointer to the control flow graph (holding a reference). */ + PDBGFFLOWINT pFlow; + /** Next branch table to return. */ + uint32_t idxTblNext; + /** Array of branch table pointers sorted by the specified order - variable in size. */ + PDBGFFLOWBRANCHTBLINT apBranchTbl[1]; +} DBGFFLOWBRANCHTBLITINT; +/** Pointer to the internal control flow graph branch table iterator state. */ +typedef DBGFFLOWBRANCHTBLITINT *PDBGFFLOWBRANCHTBLITINT; + + +/********************************************************************************************************************************* +* Internal Functions * +*********************************************************************************************************************************/ + +static uint32_t dbgfR3FlowBbReleaseInt(PDBGFFLOWBBINT pFlowBb, bool fMayDestroyFlow); +static void dbgfR3FlowBranchTblDestroy(PDBGFFLOWBRANCHTBLINT pFlowBranchTbl); + + +/** + * Checks whether both addresses are equal. + * + * @returns true if both addresses point to the same location, false otherwise. + * @param pAddr1 First address. + * @param pAddr2 Second address. + */ +static bool dbgfR3FlowAddrEqual(PDBGFADDRESS pAddr1, PDBGFADDRESS pAddr2) +{ + return pAddr1->Sel == pAddr2->Sel + && pAddr1->off == pAddr2->off; +} + + +/** + * Checks whether the first given address is lower than the second one. + * + * @returns true if both addresses point to the same location, false otherwise. + * @param pAddr1 First address. + * @param pAddr2 Second address. + */ +static bool dbgfR3FlowAddrLower(PDBGFADDRESS pAddr1, PDBGFADDRESS pAddr2) +{ + return pAddr1->Sel == pAddr2->Sel + && pAddr1->off < pAddr2->off; +} + + +/** + * Checks whether the given basic block and address intersect. + * + * @returns true if they intersect, false otherwise. + * @param pFlowBb The basic block to check. + * @param pAddr The address to check for. + */ +static bool dbgfR3FlowAddrIntersect(PDBGFFLOWBBINT pFlowBb, PDBGFADDRESS pAddr) +{ + return (pFlowBb->AddrStart.Sel == pAddr->Sel) + && (pFlowBb->AddrStart.off <= pAddr->off) + && (pFlowBb->AddrEnd.off >= pAddr->off); +} + + +/** + * Returns the distance of the two given addresses. + * + * @returns Distance of the addresses. + * @param pAddr1 The first address. + * @param pAddr2 The second address. + */ +static RTGCUINTPTR dbgfR3FlowAddrGetDistance(PDBGFADDRESS pAddr1, PDBGFADDRESS pAddr2) +{ + if (pAddr1->Sel == pAddr2->Sel) + { + if (pAddr1->off >= pAddr2->off) + return pAddr1->off - pAddr2->off; + else + return pAddr2->off - pAddr1->off; + } + else + AssertFailed(); + + return 0; +} + + +/** + * Creates a new basic block. + * + * @returns Pointer to the basic block on success or NULL if out of memory. + * @param pThis The control flow graph. + * @param pAddrStart The start of the basic block. + * @param fFlowBbFlags Additional flags for this bascic block. + * @param cInstrMax Maximum number of instructions this block can hold initially. + */ +static PDBGFFLOWBBINT dbgfR3FlowBbCreate(PDBGFFLOWINT pThis, PDBGFADDRESS pAddrStart, uint32_t fFlowBbFlags, + uint32_t cInstrMax) +{ + PDBGFFLOWBBINT pFlowBb = (PDBGFFLOWBBINT)RTMemAllocZ(RT_UOFFSETOF_DYN(DBGFFLOWBBINT, aInstr[cInstrMax])); + if (RT_LIKELY(pFlowBb)) + { + RTListInit(&pFlowBb->NdFlowBb); + pFlowBb->cRefs = 1; + pFlowBb->enmEndType = DBGFFLOWBBENDTYPE_INVALID; + pFlowBb->pFlow = pThis; + pFlowBb->fFlags = DBGF_FLOW_BB_F_EMPTY | fFlowBbFlags; + pFlowBb->AddrStart = *pAddrStart; + pFlowBb->AddrEnd = *pAddrStart; + pFlowBb->rcError = VINF_SUCCESS; + pFlowBb->pszErr = NULL; + pFlowBb->cInstr = 0; + pFlowBb->cInstrMax = cInstrMax; + pFlowBb->pFlowBranchTbl = NULL; + ASMAtomicIncU32(&pThis->cRefsBb); + } + + return pFlowBb; +} + + +/** + * Creates an empty branch table with the given size. + * + * @returns Pointer to the empty branch table on success or NULL if out of memory. + * @param pThis The control flow graph. + * @param pAddrStart The start of the branch table. + * @param idxGenRegBase The general register index holding the base address. + * @param cSlots Number of slots the table has. + */ +static PDBGFFLOWBRANCHTBLINT +dbgfR3FlowBranchTblCreate(PDBGFFLOWINT pThis, PDBGFADDRESS pAddrStart, uint8_t idxGenRegBase, uint32_t cSlots) +{ + PDBGFFLOWBRANCHTBLINT pBranchTbl = (PDBGFFLOWBRANCHTBLINT)RTMemAllocZ(RT_UOFFSETOF_DYN(DBGFFLOWBRANCHTBLINT, + aAddresses[cSlots])); + if (RT_LIKELY(pBranchTbl)) + { + RTListInit(&pBranchTbl->NdBranchTbl); + pBranchTbl->pFlow = pThis; + pBranchTbl->idxGenRegBase = idxGenRegBase; + pBranchTbl->AddrStart = *pAddrStart; + pBranchTbl->cSlots = cSlots; + pBranchTbl->cRefs = 1; + } + + return pBranchTbl; +} + + +/** + * Destroys a control flow graph. + * + * @param pThis The control flow graph to destroy. + */ +static void dbgfR3FlowDestroy(PDBGFFLOWINT pThis) +{ + /* Defer destruction if there are still basic blocks referencing us. */ + PDBGFFLOWBBINT pFlowBb; + PDBGFFLOWBBINT pFlowBbNext; + RTListForEachSafe(&pThis->LstFlowBb, pFlowBb, pFlowBbNext, DBGFFLOWBBINT, NdFlowBb) + { + dbgfR3FlowBbReleaseInt(pFlowBb, false /*fMayDestroyFlow*/); + } + + Assert(!pThis->cRefs); + if (!pThis->cRefsBb) + { + /* Destroy the branch tables. */ + PDBGFFLOWBRANCHTBLINT pTbl = NULL; + PDBGFFLOWBRANCHTBLINT pTblNext = NULL; + RTListForEachSafe(&pThis->LstBranchTbl, pTbl, pTblNext, DBGFFLOWBRANCHTBLINT, NdBranchTbl) + { + dbgfR3FlowBranchTblDestroy(pTbl); + } + + RTStrCacheDestroy(pThis->hStrCacheInstr); + RTMemFree(pThis); + } +} + + +/** + * Destroys a basic block. + * + * @param pFlowBb The basic block to destroy. + * @param fMayDestroyFlow Flag whether the control flow graph container + * should be destroyed when there is nothing referencing it. + */ +static void dbgfR3FlowBbDestroy(PDBGFFLOWBBINT pFlowBb, bool fMayDestroyFlow) +{ + PDBGFFLOWINT pThis = pFlowBb->pFlow; + + RTListNodeRemove(&pFlowBb->NdFlowBb); + pThis->cBbs--; + for (uint32_t idxInstr = 0; idxInstr < pFlowBb->cInstr; idxInstr++) + RTStrCacheRelease(pThis->hStrCacheInstr, pFlowBb->aInstr[idxInstr].pszInstr); + uint32_t cRefsBb = ASMAtomicDecU32(&pThis->cRefsBb); + RTMemFree(pFlowBb); + + if (!cRefsBb && !pThis->cRefs && fMayDestroyFlow) + dbgfR3FlowDestroy(pThis); +} + + +/** + * Destroys a given branch table. + * + * @param pFlowBranchTbl The flow branch table to destroy. + */ +static void dbgfR3FlowBranchTblDestroy(PDBGFFLOWBRANCHTBLINT pFlowBranchTbl) +{ + RTListNodeRemove(&pFlowBranchTbl->NdBranchTbl); + RTMemFree(pFlowBranchTbl); +} + + +/** + * Internal basic block release worker. + * + * @returns New reference count of the released basic block, on 0 + * it is destroyed. + * @param pFlowBb The basic block to release. + * @param fMayDestroyFlow Flag whether the control flow graph container + * should be destroyed when there is nothing referencing it. + */ +static uint32_t dbgfR3FlowBbReleaseInt(PDBGFFLOWBBINT pFlowBb, bool fMayDestroyFlow) +{ + uint32_t cRefs = ASMAtomicDecU32(&pFlowBb->cRefs); + AssertMsg(cRefs < _1M, ("%#x %p %d\n", cRefs, pFlowBb, pFlowBb->enmEndType)); + if (cRefs == 0) + dbgfR3FlowBbDestroy(pFlowBb, fMayDestroyFlow); + return cRefs; +} + + +/** + * Links the given basic block into the control flow graph. + * + * @param pThis The control flow graph to link into. + * @param pFlowBb The basic block to link. + */ +DECLINLINE(void) dbgfR3FlowLink(PDBGFFLOWINT pThis, PDBGFFLOWBBINT pFlowBb) +{ + RTListAppend(&pThis->LstFlowBb, &pFlowBb->NdFlowBb); + pThis->cBbs++; +} + + +/** + * Links the given branch table into the control flow graph. + * + * @param pThis The control flow graph to link into. + * @param pBranchTbl The branch table to link. + */ +DECLINLINE(void) dbgfR3FlowBranchTblLink(PDBGFFLOWINT pThis, PDBGFFLOWBRANCHTBLINT pBranchTbl) +{ + RTListAppend(&pThis->LstBranchTbl, &pBranchTbl->NdBranchTbl); + pThis->cBranchTbls++; +} + + +/** + * Returns the first unpopulated basic block of the given control flow graph. + * + * @returns The first unpopulated control flow graph or NULL if not found. + * @param pThis The control flow graph. + */ +DECLINLINE(PDBGFFLOWBBINT) dbgfR3FlowGetUnpopulatedBb(PDBGFFLOWINT pThis) +{ + PDBGFFLOWBBINT pFlowBb; + RTListForEach(&pThis->LstFlowBb, pFlowBb, DBGFFLOWBBINT, NdFlowBb) + { + if (pFlowBb->fFlags & DBGF_FLOW_BB_F_EMPTY) + return pFlowBb; + } + + return NULL; +} + + +/** + * Returns the branch table with the given address if it exists. + * + * @returns Pointer to the branch table record or NULL if not found. + * @param pThis The control flow graph. + * @param pAddrTbl The branch table address. + */ +DECLINLINE(PDBGFFLOWBRANCHTBLINT) dbgfR3FlowBranchTblFindByAddr(PDBGFFLOWINT pThis, PDBGFADDRESS pAddrTbl) +{ + PDBGFFLOWBRANCHTBLINT pTbl; + RTListForEach(&pThis->LstBranchTbl, pTbl, DBGFFLOWBRANCHTBLINT, NdBranchTbl) + { + if (dbgfR3FlowAddrEqual(&pTbl->AddrStart, pAddrTbl)) + return pTbl; + } + + return NULL; +} + + +/** + * Sets the given error status for the basic block. + * + * @param pFlowBb The basic block causing the error. + * @param rcError The error to set. + * @param pszFmt Format string of the error description. + * @param ... Arguments for the format string. + */ +static void dbgfR3FlowBbSetError(PDBGFFLOWBBINT pFlowBb, int rcError, const char *pszFmt, ...) +{ + va_list va; + va_start(va, pszFmt); + + Assert(!(pFlowBb->fFlags & DBGF_FLOW_BB_F_INCOMPLETE_ERR)); + pFlowBb->fFlags |= DBGF_FLOW_BB_F_INCOMPLETE_ERR; + pFlowBb->fFlags &= ~DBGF_FLOW_BB_F_EMPTY; + pFlowBb->rcError = rcError; + pFlowBb->pszErr = RTStrAPrintf2V(pszFmt, va); + va_end(va); +} + + +/** + * Checks whether the given control flow graph contains a basic block + * with the given start address. + * + * @returns true if there is a basic block with the start address, false otherwise. + * @param pThis The control flow graph. + * @param pAddr The address to check for. + */ +static bool dbgfR3FlowHasBbWithStartAddr(PDBGFFLOWINT pThis, PDBGFADDRESS pAddr) +{ + PDBGFFLOWBBINT pFlowBb; + RTListForEach(&pThis->LstFlowBb, pFlowBb, DBGFFLOWBBINT, NdFlowBb) + { + if (dbgfR3FlowAddrEqual(&pFlowBb->AddrStart, pAddr)) + return true; + } + return false; +} + + +/** + * Splits a given basic block into two at the given address. + * + * @returns VBox status code. + * @param pThis The control flow graph. + * @param pFlowBb The basic block to split. + * @param pAddr The address to split at. + */ +static int dbgfR3FlowBbSplit(PDBGFFLOWINT pThis, PDBGFFLOWBBINT pFlowBb, PDBGFADDRESS pAddr) +{ + int rc = VINF_SUCCESS; + uint32_t idxInstrSplit; + + /* If the block is empty it will get populated later so there is nothing to split, + * same if the start address equals. */ + if ( pFlowBb->fFlags & DBGF_FLOW_BB_F_EMPTY + || dbgfR3FlowAddrEqual(&pFlowBb->AddrStart, pAddr)) + return VINF_SUCCESS; + + /* Find the instruction to split at. */ + for (idxInstrSplit = 1; idxInstrSplit < pFlowBb->cInstr; idxInstrSplit++) + if (dbgfR3FlowAddrEqual(&pFlowBb->aInstr[idxInstrSplit].AddrInstr, pAddr)) + break; + + Assert(idxInstrSplit > 0); + + /* + * Given address might not be on instruction boundary, this is not supported + * so far and results in an error. + */ + if (idxInstrSplit < pFlowBb->cInstr) + { + /* Create new basic block. */ + uint32_t cInstrNew = pFlowBb->cInstr - idxInstrSplit; + PDBGFFLOWBBINT pFlowBbNew = dbgfR3FlowBbCreate(pThis, &pFlowBb->aInstr[idxInstrSplit].AddrInstr, + 0 /*fFlowBbFlags*/, cInstrNew); + if (pFlowBbNew) + { + /* Move instructions over. */ + pFlowBbNew->cInstr = cInstrNew; + pFlowBbNew->AddrEnd = pFlowBb->AddrEnd; + pFlowBbNew->enmEndType = pFlowBb->enmEndType; + pFlowBbNew->AddrTarget = pFlowBb->AddrTarget; + pFlowBbNew->fFlags = pFlowBb->fFlags & ~DBGF_FLOW_BB_F_ENTRY; + pFlowBbNew->pFlowBranchTbl = pFlowBb->pFlowBranchTbl; + pFlowBb->pFlowBranchTbl = NULL; + + /* Move any error to the new basic block and clear them in the old basic block. */ + pFlowBbNew->rcError = pFlowBb->rcError; + pFlowBbNew->pszErr = pFlowBb->pszErr; + pFlowBb->rcError = VINF_SUCCESS; + pFlowBb->pszErr = NULL; + pFlowBb->fFlags &= ~DBGF_FLOW_BB_F_INCOMPLETE_ERR; + + memcpy(&pFlowBbNew->aInstr[0], &pFlowBb->aInstr[idxInstrSplit], cInstrNew * sizeof(DBGFFLOWBBINSTR)); + pFlowBb->cInstr = idxInstrSplit; + pFlowBb->enmEndType = DBGFFLOWBBENDTYPE_UNCOND; + pFlowBb->AddrEnd = pFlowBb->aInstr[idxInstrSplit-1].AddrInstr; + pFlowBb->AddrTarget = pFlowBbNew->AddrStart; + DBGFR3AddrAdd(&pFlowBb->AddrEnd, pFlowBb->aInstr[idxInstrSplit-1].cbInstr - 1); + RT_BZERO(&pFlowBb->aInstr[idxInstrSplit], cInstrNew * sizeof(DBGFFLOWBBINSTR)); + + dbgfR3FlowLink(pThis, pFlowBbNew); + } + else + rc = VERR_NO_MEMORY; + } + else + AssertFailedStmt(rc = VERR_INVALID_STATE); /** @todo Proper status code. */ + + return rc; +} + + +/** + * Makes sure there is an successor at the given address splitting already existing + * basic blocks if they intersect. + * + * @returns VBox status code. + * @param pThis The control flow graph. + * @param pAddrSucc The guest address the new successor should start at. + * @param fNewBbFlags Flags for the new basic block. + * @param pBranchTbl Branch table candidate for this basic block. + */ +static int dbgfR3FlowBbSuccessorAdd(PDBGFFLOWINT pThis, PDBGFADDRESS pAddrSucc, + uint32_t fNewBbFlags, PDBGFFLOWBRANCHTBLINT pBranchTbl) +{ + PDBGFFLOWBBINT pFlowBb; + RTListForEach(&pThis->LstFlowBb, pFlowBb, DBGFFLOWBBINT, NdFlowBb) + { + /* + * The basic block must be split if it intersects with the given address + * and the start address does not equal the given one. + */ + if (dbgfR3FlowAddrIntersect(pFlowBb, pAddrSucc)) + return dbgfR3FlowBbSplit(pThis, pFlowBb, pAddrSucc); + } + + int rc = VINF_SUCCESS; + pFlowBb = dbgfR3FlowBbCreate(pThis, pAddrSucc, fNewBbFlags, 10); + if (pFlowBb) + { + pFlowBb->pFlowBranchTbl = pBranchTbl; + dbgfR3FlowLink(pThis, pFlowBb); + } + else + rc = VERR_NO_MEMORY; + + return rc; +} + + +/** + * Returns whether the parameter indicates an indirect branch. + * + * @returns Flag whether this is an indirect branch. + * @param pDisParam The parameter from the disassembler. + */ +DECLINLINE(bool) dbgfR3FlowBranchTargetIsIndirect(PDISOPPARAM pDisParam) +{ + bool fIndirect = true; + + if ( pDisParam->fUse & (DISUSE_IMMEDIATE8 | DISUSE_IMMEDIATE16 | DISUSE_IMMEDIATE32 | DISUSE_IMMEDIATE64) + || pDisParam->fUse & (DISUSE_IMMEDIATE8_REL | DISUSE_IMMEDIATE16_REL | DISUSE_IMMEDIATE32_REL | DISUSE_IMMEDIATE64_REL)) + fIndirect = false; + + return fIndirect; +} + + +/** + * Resolves the direct branch target address if possible from the given instruction address + * and instruction parameter. + * + * @returns VBox status code. + * @param pUVM The usermode VM handle. + * @param idCpu CPU id for resolving the address. + * @param pDisParam The parameter from the disassembler. + * @param pAddrInstr The instruction address. + * @param cbInstr Size of instruction in bytes. + * @param fRelJmp Flag whether this is a reltive jump. + * @param pAddrJmpTarget Where to store the address to the jump target on success. + */ +static int dbgfR3FlowQueryDirectBranchTarget(PUVM pUVM, VMCPUID idCpu, PDISOPPARAM pDisParam, PDBGFADDRESS pAddrInstr, + uint32_t cbInstr, bool fRelJmp, PDBGFADDRESS pAddrJmpTarget) +{ + int rc = VINF_SUCCESS; + + Assert(!dbgfR3FlowBranchTargetIsIndirect(pDisParam)); + + /* Relative jumps are always from the beginning of the next instruction. */ + *pAddrJmpTarget = *pAddrInstr; + DBGFR3AddrAdd(pAddrJmpTarget, cbInstr); + + if (fRelJmp) + { + RTGCINTPTR iRel = 0; + if (pDisParam->fUse & DISUSE_IMMEDIATE8_REL) + iRel = (int8_t)pDisParam->uValue; + else if (pDisParam->fUse & DISUSE_IMMEDIATE16_REL) + iRel = (int16_t)pDisParam->uValue; + else if (pDisParam->fUse & DISUSE_IMMEDIATE32_REL) + iRel = (int32_t)pDisParam->uValue; + else if (pDisParam->fUse & DISUSE_IMMEDIATE64_REL) + iRel = (int64_t)pDisParam->uValue; + else + AssertFailedStmt(rc = VERR_NOT_SUPPORTED); + + if (iRel < 0) + DBGFR3AddrSub(pAddrJmpTarget, -iRel); + else + DBGFR3AddrAdd(pAddrJmpTarget, iRel); + } + else + { + if (pDisParam->fUse & (DISUSE_IMMEDIATE8 | DISUSE_IMMEDIATE16 | DISUSE_IMMEDIATE32 | DISUSE_IMMEDIATE64)) + { + if (DBGFADDRESS_IS_FLAT(pAddrInstr)) + DBGFR3AddrFromFlat(pUVM, pAddrJmpTarget, pDisParam->uValue); + else + DBGFR3AddrFromSelOff(pUVM, idCpu, pAddrJmpTarget, pAddrInstr->Sel, pDisParam->uValue); + } + else + AssertFailedStmt(rc = VERR_INVALID_STATE); + } + + return rc; +} + + +/** + * Returns the CPU mode based on the given assembler flags. + * + * @returns CPU mode. + * @param pUVM The user mode VM handle. + * @param idCpu CPU id for disassembling. + * @param fFlagsDisasm The flags used for disassembling. + */ +static CPUMMODE dbgfR3FlowGetDisasCpuMode(PUVM pUVM, VMCPUID idCpu, uint32_t fFlagsDisasm) +{ + CPUMMODE enmMode = CPUMMODE_INVALID; + uint32_t fDisasMode = fFlagsDisasm & DBGF_DISAS_FLAGS_MODE_MASK; + if (fDisasMode == DBGF_DISAS_FLAGS_DEFAULT_MODE) + enmMode = DBGFR3CpuGetMode(pUVM, idCpu); + else if ( fDisasMode == DBGF_DISAS_FLAGS_16BIT_MODE + || fDisasMode == DBGF_DISAS_FLAGS_16BIT_REAL_MODE) + enmMode = CPUMMODE_REAL; + else if (fDisasMode == DBGF_DISAS_FLAGS_32BIT_MODE) + enmMode = CPUMMODE_PROTECTED; + else if (fDisasMode == DBGF_DISAS_FLAGS_64BIT_MODE) + enmMode = CPUMMODE_LONG; + else + AssertFailed(); + + return enmMode; +} + + +/** + * Searches backwards in the given basic block starting the given instruction index for + * a mov instruction with the given register as the target where the constant looks like + * a pointer. + * + * @returns Flag whether a candidate was found. + * @param pFlowBb The basic block containing the indirect branch. + * @param idxRegTgt The general register the mov targets. + * @param cbPtr The pointer size to look for. + * @param pUVM The user mode VM handle. + * @param idCpu CPU id for disassembling. + * @param fFlagsDisasm The flags to use for disassembling. + * @param pidxInstrStart The instruction index to start searching for on input, + * The last instruction evaluated on output. + * @param pAddrDest Where to store the candidate address on success. + */ +static bool dbgfR3FlowSearchMovWithConstantPtrSizeBackwards(PDBGFFLOWBBINT pFlowBb, uint8_t idxRegTgt, uint32_t cbPtr, + PUVM pUVM, VMCPUID idCpu, uint32_t fFlagsDisasm, + uint32_t *pidxInstrStart, PDBGFADDRESS pAddrDest) +{ + bool fFound = false; + uint32_t idxInstrCur = *pidxInstrStart; + uint32_t cInstrCheck = idxInstrCur + 1; + + for (;;) + { + /** @todo Avoid to disassemble again. */ + PDBGFFLOWBBINSTR pInstr = &pFlowBb->aInstr[idxInstrCur]; + DBGFDISSTATE DisState; + char szOutput[_4K]; + + int rc = dbgfR3DisasInstrStateEx(pUVM, idCpu, &pInstr->AddrInstr, fFlagsDisasm, + &szOutput[0], sizeof(szOutput), &DisState); + if (RT_SUCCESS(rc)) + { + if ( DisState.pCurInstr->uOpcode == OP_MOV + && (DisState.Param1.fUse & (DISUSE_REG_GEN16 | DISUSE_REG_GEN32 | DISUSE_REG_GEN64)) + && DisState.Param1.Base.idxGenReg == idxRegTgt + /*&& DisState.Param1.cb == cbPtr*/ + && DisState.Param2.cb == cbPtr + && (DisState.Param2.fUse & (DISUSE_IMMEDIATE16 | DISUSE_IMMEDIATE32 | DISUSE_IMMEDIATE64))) + { + /* Found possible candidate. */ + fFound = true; + if (DBGFADDRESS_IS_FLAT(&pInstr->AddrInstr)) + DBGFR3AddrFromFlat(pUVM, pAddrDest, DisState.Param2.uValue); + else + DBGFR3AddrFromSelOff(pUVM, idCpu, pAddrDest, pInstr->AddrInstr.Sel, DisState.Param2.uValue); + break; + } + } + else + break; + + cInstrCheck--; + if (!cInstrCheck) + break; + + idxInstrCur--; + } + + *pidxInstrStart = idxInstrCur; + return fFound; +} + + +/** + * Verifies the given branch table candidate and adds it to the control flow graph on success. + * + * @returns VBox status code. + * @param pThis The flow control graph. + * @param pFlowBb The basic block causing the indirect branch. + * @param pAddrBranchTbl Address of the branch table location. + * @param idxGenRegBase The general register holding the base address. + * @param cbPtr Guest pointer size. + * @param pUVM The user mode VM handle. + * @param idCpu CPU id for disassembling. + * + * @todo Handle branch tables greater than 4KB (lazy coder). + */ +static int dbgfR3FlowBranchTblVerifyAdd(PDBGFFLOWINT pThis, PDBGFFLOWBBINT pFlowBb, PDBGFADDRESS pAddrBranchTbl, + uint8_t idxGenRegBase, uint32_t cbPtr, PUVM pUVM, VMCPUID idCpu) +{ + int rc = VINF_SUCCESS; + PDBGFFLOWBRANCHTBLINT pBranchTbl = dbgfR3FlowBranchTblFindByAddr(pThis, pAddrBranchTbl); + + if (!pBranchTbl) + { + uint32_t cSlots = 0; + uint8_t abBuf[_4K]; + + rc = DBGFR3MemRead(pUVM, idCpu, pAddrBranchTbl, &abBuf[0], sizeof(abBuf)); + if (RT_SUCCESS(rc)) + { + uint8_t *pbBuf = &abBuf[0]; + while (pbBuf < &abBuf[0] + sizeof(abBuf)) + { + DBGFADDRESS AddrDest; + RTGCUINTPTR GCPtr = cbPtr == sizeof(uint64_t) + ? *(uint64_t *)pbBuf + : cbPtr == sizeof(uint32_t) + ? *(uint32_t *)pbBuf + : *(uint16_t *)pbBuf; + pbBuf += cbPtr; + + if (DBGFADDRESS_IS_FLAT(pAddrBranchTbl)) + DBGFR3AddrFromFlat(pUVM, &AddrDest, GCPtr); + else + DBGFR3AddrFromSelOff(pUVM, idCpu, &AddrDest, pAddrBranchTbl->Sel, GCPtr); + + if (dbgfR3FlowAddrGetDistance(&AddrDest, &pFlowBb->AddrEnd) > _512K) + break; + + cSlots++; + } + + /* If there are any slots use it. */ + if (cSlots) + { + pBranchTbl = dbgfR3FlowBranchTblCreate(pThis, pAddrBranchTbl, idxGenRegBase, cSlots); + if (pBranchTbl) + { + /* Get the addresses. */ + for (unsigned i = 0; i < cSlots && RT_SUCCESS(rc); i++) + { + RTGCUINTPTR GCPtr = cbPtr == sizeof(uint64_t) + ? *(uint64_t *)&abBuf[i * cbPtr] + : cbPtr == sizeof(uint32_t) + ? *(uint32_t *)&abBuf[i * cbPtr] + : *(uint16_t *)&abBuf[i * cbPtr]; + + if (DBGFADDRESS_IS_FLAT(pAddrBranchTbl)) + DBGFR3AddrFromFlat(pUVM, &pBranchTbl->aAddresses[i], GCPtr); + else + DBGFR3AddrFromSelOff(pUVM, idCpu, &pBranchTbl->aAddresses[i], + pAddrBranchTbl->Sel, GCPtr); + rc = dbgfR3FlowBbSuccessorAdd(pThis, &pBranchTbl->aAddresses[i], DBGF_FLOW_BB_F_BRANCH_TABLE, + pBranchTbl); + } + dbgfR3FlowBranchTblLink(pThis, pBranchTbl); + } + else + rc = VERR_NO_MEMORY; + } + } + } + + if (pBranchTbl) + pFlowBb->pFlowBranchTbl = pBranchTbl; + + return rc; +} + + +/** + * Checks whether the location for the branch target candidate contains a valid code address. + * + * @returns VBox status code. + * @param pThis The flow control graph. + * @param pFlowBb The basic block causing the indirect branch. + * @param pAddrBranchTgt Address of the branch target location. + * @param idxGenRegBase The general register holding the address of the location. + * @param cbPtr Guest pointer size. + * @param pUVM The user mode VM handle. + * @param idCpu CPU id for disassembling. + * @param fBranchTbl Flag whether this is a possible branch table containing multiple + * targets. + */ +static int dbgfR3FlowCheckBranchTargetLocation(PDBGFFLOWINT pThis, PDBGFFLOWBBINT pFlowBb, PDBGFADDRESS pAddrBranchTgt, + uint8_t idxGenRegBase, uint32_t cbPtr, PUVM pUVM, VMCPUID idCpu, bool fBranchTbl) +{ + int rc = VINF_SUCCESS; + + if (!fBranchTbl) + { + union { uint16_t u16Val; uint32_t u32Val; uint64_t u64Val; } uVal; + rc = DBGFR3MemRead(pUVM, idCpu, pAddrBranchTgt, &uVal, cbPtr); + if (RT_SUCCESS(rc)) + { + DBGFADDRESS AddrTgt; + RTGCUINTPTR GCPtr = cbPtr == sizeof(uint64_t) + ? uVal.u64Val + : cbPtr == sizeof(uint32_t) + ? uVal.u32Val + : uVal.u16Val; + if (DBGFADDRESS_IS_FLAT(pAddrBranchTgt)) + DBGFR3AddrFromFlat(pUVM, &AddrTgt, GCPtr); + else + DBGFR3AddrFromSelOff(pUVM, idCpu, &AddrTgt, pAddrBranchTgt->Sel, GCPtr); + + if (dbgfR3FlowAddrGetDistance(&AddrTgt, &pFlowBb->AddrEnd) <= _128K) + { + /* Finish the basic block. */ + pFlowBb->AddrTarget = AddrTgt; + rc = dbgfR3FlowBbSuccessorAdd(pThis, &AddrTgt, + (pFlowBb->fFlags & DBGF_FLOW_BB_F_BRANCH_TABLE), + pFlowBb->pFlowBranchTbl); + } + else + rc = VERR_NOT_FOUND; + } + } + else + rc = dbgfR3FlowBranchTblVerifyAdd(pThis, pFlowBb, pAddrBranchTgt, + idxGenRegBase, cbPtr, pUVM, idCpu); + + return rc; +} + + +/** + * Tries to resolve the indirect branch. + * + * @returns VBox status code. + * @param pThis The flow control graph. + * @param pFlowBb The basic block causing the indirect branch. + * @param pUVM The user mode VM handle. + * @param idCpu CPU id for disassembling. + * @param pDisParam The parameter from the disassembler. + * @param fFlagsDisasm Flags for the disassembler. + */ +static int dbgfR3FlowTryResolveIndirectBranch(PDBGFFLOWINT pThis, PDBGFFLOWBBINT pFlowBb, PUVM pUVM, + VMCPUID idCpu, PDISOPPARAM pDisParam, uint32_t fFlagsDisasm) +{ + Assert(dbgfR3FlowBranchTargetIsIndirect(pDisParam)); + + uint32_t cbPtr = 0; + CPUMMODE enmMode = dbgfR3FlowGetDisasCpuMode(pUVM, idCpu, fFlagsDisasm); + + switch (enmMode) + { + case CPUMMODE_REAL: + cbPtr = sizeof(uint16_t); + break; + case CPUMMODE_PROTECTED: + cbPtr = sizeof(uint32_t); + break; + case CPUMMODE_LONG: + cbPtr = sizeof(uint64_t); + break; + default: + AssertMsgFailed(("Invalid CPU mode %u\n", enmMode)); + } + + if (pDisParam->fUse & DISUSE_BASE) + { + uint8_t idxRegBase = pDisParam->Base.idxGenReg; + + /* Check that the used register size and the pointer size match. */ + if ( ((pDisParam->fUse & DISUSE_REG_GEN16) && cbPtr == sizeof(uint16_t)) + || ((pDisParam->fUse & DISUSE_REG_GEN32) && cbPtr == sizeof(uint32_t)) + || ((pDisParam->fUse & DISUSE_REG_GEN64) && cbPtr == sizeof(uint64_t))) + { + /* + * Search all instructions backwards until a move to the used general register + * is detected with a constant using the pointer size. + */ + uint32_t idxInstrStart = pFlowBb->cInstr - 1 - 1; /* Don't look at the branch. */ + bool fCandidateFound = false; + bool fBranchTbl = RT_BOOL(pDisParam->fUse & DISUSE_INDEX); + DBGFADDRESS AddrBranchTgt; + do + { + fCandidateFound = dbgfR3FlowSearchMovWithConstantPtrSizeBackwards(pFlowBb, idxRegBase, cbPtr, + pUVM, idCpu, fFlagsDisasm, + &idxInstrStart, &AddrBranchTgt); + if (fCandidateFound) + { + /* Check that the address is not too far away from the instruction address. */ + RTGCUINTPTR offPtr = dbgfR3FlowAddrGetDistance(&AddrBranchTgt, &pFlowBb->AddrEnd); + if (offPtr <= 20 * _1M) + { + /* Read the content at the address and check that it is near this basic block too. */ + int rc = dbgfR3FlowCheckBranchTargetLocation(pThis, pFlowBb, &AddrBranchTgt, idxRegBase, + cbPtr, pUVM, idCpu, fBranchTbl); + if (RT_SUCCESS(rc)) + break; + fCandidateFound = false; + } + + if (idxInstrStart > 0) + idxInstrStart--; + } + } while (idxInstrStart > 0 && !fCandidateFound); + } + else + dbgfR3FlowBbSetError(pFlowBb, VERR_INVALID_STATE, + "The base register size and selected pointer size do not match (fUse=%#x cbPtr=%u)", + pDisParam->fUse, cbPtr); + } + + return VINF_SUCCESS; +} + + +/** + * Tries to resolve the indirect branch. + * + * @returns VBox status code. + * @param pThis The flow control graph. + * @param pFlowBb The basic block causing the indirect branch. + * @param pUVM The user mode VM handle. + * @param idCpu CPU id for disassembling. + * @param pDisParam The parameter from the disassembler. + * @param fFlagsDisasm Flags for the disassembler. + */ +static int dbgfR3FlowBbCheckBranchTblCandidate(PDBGFFLOWINT pThis, PDBGFFLOWBBINT pFlowBb, PUVM pUVM, + VMCPUID idCpu, PDISOPPARAM pDisParam, uint32_t fFlagsDisasm) +{ + int rc = VINF_SUCCESS; + + Assert(pFlowBb->fFlags & DBGF_FLOW_BB_F_BRANCH_TABLE && pFlowBb->pFlowBranchTbl); + + uint32_t cbPtr = 0; + CPUMMODE enmMode = dbgfR3FlowGetDisasCpuMode(pUVM, idCpu, fFlagsDisasm); + + switch (enmMode) + { + case CPUMMODE_REAL: + cbPtr = sizeof(uint16_t); + break; + case CPUMMODE_PROTECTED: + cbPtr = sizeof(uint32_t); + break; + case CPUMMODE_LONG: + cbPtr = sizeof(uint64_t); + break; + default: + AssertMsgFailed(("Invalid CPU mode %u\n", enmMode)); + } + + if (pDisParam->fUse & DISUSE_BASE) + { + uint8_t idxRegBase = pDisParam->Base.idxGenReg; + + /* Check that the used register size and the pointer size match. */ + if ( ((pDisParam->fUse & DISUSE_REG_GEN16) && cbPtr == sizeof(uint16_t)) + || ((pDisParam->fUse & DISUSE_REG_GEN32) && cbPtr == sizeof(uint32_t)) + || ((pDisParam->fUse & DISUSE_REG_GEN64) && cbPtr == sizeof(uint64_t))) + { + if (idxRegBase != pFlowBb->pFlowBranchTbl->idxGenRegBase) + { + /* Try to find the new branch table. */ + pFlowBb->pFlowBranchTbl = NULL; + rc = dbgfR3FlowTryResolveIndirectBranch(pThis, pFlowBb, pUVM, idCpu, pDisParam, fFlagsDisasm); + } + /** @todo else check that the base register is not modified in this basic block. */ + } + else + dbgfR3FlowBbSetError(pFlowBb, VERR_INVALID_STATE, + "The base register size and selected pointer size do not match (fUse=%#x cbPtr=%u)", + pDisParam->fUse, cbPtr); + } + else + dbgfR3FlowBbSetError(pFlowBb, VERR_INVALID_STATE, + "The instruction does not use a register"); + + return rc; +} + + +/** + * Processes and fills one basic block. + * + * @returns VBox status code. + * @param pUVM The user mode VM handle. + * @param idCpu CPU id for disassembling. + * @param pThis The control flow graph to populate. + * @param pFlowBb The basic block to fill. + * @param cbDisasmMax The maximum amount to disassemble. + * @param fFlags Combination of DBGF_DISAS_FLAGS_*. + */ +static int dbgfR3FlowBbProcess(PUVM pUVM, VMCPUID idCpu, PDBGFFLOWINT pThis, PDBGFFLOWBBINT pFlowBb, + uint32_t cbDisasmMax, uint32_t fFlags) +{ + int rc = VINF_SUCCESS; + uint32_t cbDisasmLeft = cbDisasmMax ? cbDisasmMax : UINT32_MAX; + DBGFADDRESS AddrDisasm = pFlowBb->AddrEnd; + + Assert(pFlowBb->fFlags & DBGF_FLOW_BB_F_EMPTY); + + /* + * Disassemble instruction by instruction until we get a conditional or + * unconditional jump or some sort of return. + */ + while ( cbDisasmLeft + && RT_SUCCESS(rc)) + { + DBGFDISSTATE DisState; + char szOutput[_4K]; + + /* + * Before disassembling we have to check whether the address belongs + * to another basic block and stop here. + */ + if ( !(pFlowBb->fFlags & DBGF_FLOW_BB_F_EMPTY) + && dbgfR3FlowHasBbWithStartAddr(pThis, &AddrDisasm)) + { + pFlowBb->AddrTarget = AddrDisasm; + pFlowBb->enmEndType = DBGFFLOWBBENDTYPE_UNCOND; + break; + } + + rc = dbgfR3DisasInstrStateEx(pUVM, idCpu, &AddrDisasm, fFlags, + &szOutput[0], sizeof(szOutput), &DisState); + if (RT_SUCCESS(rc)) + { + if ( pThis->fFlags & DBGF_FLOW_CREATE_F_CALL_INSN_SEPARATE_BB + && DisState.pCurInstr->uOpcode == OP_CALL + && !(pFlowBb->fFlags & DBGF_FLOW_BB_F_EMPTY)) + { + /* + * If the basic block is not empty, the basic block is terminated and the successor is added + * which will contain the call instruction. + */ + pFlowBb->AddrTarget = AddrDisasm; + pFlowBb->enmEndType = DBGFFLOWBBENDTYPE_UNCOND; + rc = dbgfR3FlowBbSuccessorAdd(pThis, &AddrDisasm, + (pFlowBb->fFlags & DBGF_FLOW_BB_F_BRANCH_TABLE), + pFlowBb->pFlowBranchTbl); + if (RT_FAILURE(rc)) + dbgfR3FlowBbSetError(pFlowBb, rc, "Adding successor blocks failed with %Rrc", rc); + break; + } + + pFlowBb->fFlags &= ~DBGF_FLOW_BB_F_EMPTY; + cbDisasmLeft -= DisState.cbInstr; + + if (pFlowBb->cInstr == pFlowBb->cInstrMax) + { + /* Reallocate. */ + RTListNodeRemove(&pFlowBb->NdFlowBb); + PDBGFFLOWBBINT pFlowBbNew = (PDBGFFLOWBBINT)RTMemRealloc(pFlowBb, + RT_UOFFSETOF_DYN(DBGFFLOWBBINT, aInstr[pFlowBb->cInstrMax + 10])); + if (pFlowBbNew) + { + pFlowBbNew->cInstrMax += 10; + pFlowBb = pFlowBbNew; + } + else + rc = VERR_NO_MEMORY; + RTListAppend(&pThis->LstFlowBb, &pFlowBb->NdFlowBb); + } + + if (RT_SUCCESS(rc)) + { + PDBGFFLOWBBINSTR pInstr = &pFlowBb->aInstr[pFlowBb->cInstr]; + + pInstr->AddrInstr = AddrDisasm; + pInstr->cbInstr = DisState.cbInstr; + pInstr->pszInstr = RTStrCacheEnter(pThis->hStrCacheInstr, &szOutput[0]); + pFlowBb->cInstr++; + + pFlowBb->AddrEnd = AddrDisasm; + DBGFR3AddrAdd(&pFlowBb->AddrEnd, pInstr->cbInstr - 1); + DBGFR3AddrAdd(&AddrDisasm, pInstr->cbInstr); + + /* + * Check control flow instructions and create new basic blocks + * marking the current one as complete. + */ + if (DisState.pCurInstr->fOpType & DISOPTYPE_CONTROLFLOW) + { + uint16_t uOpc = DisState.pCurInstr->uOpcode; + + if (uOpc == OP_CALL) + pThis->cCallInsns++; + + if ( uOpc == OP_RETN || uOpc == OP_RETF || uOpc == OP_IRET + || uOpc == OP_SYSEXIT || uOpc == OP_SYSRET) + pFlowBb->enmEndType = DBGFFLOWBBENDTYPE_EXIT; + else if (uOpc == OP_JMP) + { + Assert(DisState.pCurInstr->fOpType & DISOPTYPE_UNCOND_CONTROLFLOW); + + if (dbgfR3FlowBranchTargetIsIndirect(&DisState.Param1)) + { + pFlowBb->enmEndType = DBGFFLOWBBENDTYPE_UNCOND_INDIRECT_JMP; + + if (pFlowBb->fFlags & DBGF_FLOW_BB_F_BRANCH_TABLE) + { + Assert(pThis->fFlags & DBGF_FLOW_CREATE_F_TRY_RESOLVE_INDIRECT_BRANCHES); + + /* + * This basic block was already discovered by parsing a jump table and + * there should be a candidate for the branch table. Check whether it uses the + * same branch table. + */ + rc = dbgfR3FlowBbCheckBranchTblCandidate(pThis, pFlowBb, pUVM, idCpu, + &DisState.Param1, fFlags); + } + else + { + if (pThis->fFlags & DBGF_FLOW_CREATE_F_TRY_RESOLVE_INDIRECT_BRANCHES) + rc = dbgfR3FlowTryResolveIndirectBranch(pThis, pFlowBb, pUVM, idCpu, + &DisState.Param1, fFlags); + else + dbgfR3FlowBbSetError(pFlowBb, VERR_NOT_SUPPORTED, + "Detected indirect branch and resolving it not being enabled"); + } + } + else + { + pFlowBb->enmEndType = DBGFFLOWBBENDTYPE_UNCOND_JMP; + + /* Create one new basic block with the jump target address. */ + rc = dbgfR3FlowQueryDirectBranchTarget(pUVM, idCpu, &DisState.Param1, &pInstr->AddrInstr, pInstr->cbInstr, + RT_BOOL(DisState.pCurInstr->fOpType & DISOPTYPE_RELATIVE_CONTROLFLOW), + &pFlowBb->AddrTarget); + if (RT_SUCCESS(rc)) + rc = dbgfR3FlowBbSuccessorAdd(pThis, &pFlowBb->AddrTarget, + (pFlowBb->fFlags & DBGF_FLOW_BB_F_BRANCH_TABLE), + pFlowBb->pFlowBranchTbl); + } + } + else if (uOpc != OP_CALL) + { + Assert(DisState.pCurInstr->fOpType & DISOPTYPE_COND_CONTROLFLOW); + pFlowBb->enmEndType = DBGFFLOWBBENDTYPE_COND; + + /* + * Create two new basic blocks, one with the jump target address + * and one starting after the current instruction. + */ + rc = dbgfR3FlowBbSuccessorAdd(pThis, &AddrDisasm, + (pFlowBb->fFlags & DBGF_FLOW_BB_F_BRANCH_TABLE), + pFlowBb->pFlowBranchTbl); + if (RT_SUCCESS(rc)) + { + rc = dbgfR3FlowQueryDirectBranchTarget(pUVM, idCpu, &DisState.Param1, &pInstr->AddrInstr, pInstr->cbInstr, + RT_BOOL(DisState.pCurInstr->fOpType & DISOPTYPE_RELATIVE_CONTROLFLOW), + &pFlowBb->AddrTarget); + if (RT_SUCCESS(rc)) + rc = dbgfR3FlowBbSuccessorAdd(pThis, &pFlowBb->AddrTarget, + (pFlowBb->fFlags & DBGF_FLOW_BB_F_BRANCH_TABLE), + pFlowBb->pFlowBranchTbl); + } + } + else if (pThis->fFlags & DBGF_FLOW_CREATE_F_CALL_INSN_SEPARATE_BB) + { + pFlowBb->enmEndType = DBGFFLOWBBENDTYPE_UNCOND; + pFlowBb->fFlags |= DBGF_FLOW_BB_F_CALL_INSN; + + /* Add new basic block coming after the call instruction. */ + rc = dbgfR3FlowBbSuccessorAdd(pThis, &AddrDisasm, + (pFlowBb->fFlags & DBGF_FLOW_BB_F_BRANCH_TABLE), + pFlowBb->pFlowBranchTbl); + if ( RT_SUCCESS(rc) + && !dbgfR3FlowBranchTargetIsIndirect(&DisState.Param1)) + { + /* Resolve the branch target. */ + rc = dbgfR3FlowQueryDirectBranchTarget(pUVM, idCpu, &DisState.Param1, &pInstr->AddrInstr, pInstr->cbInstr, + RT_BOOL(DisState.pCurInstr->fOpType & DISOPTYPE_RELATIVE_CONTROLFLOW), + &pFlowBb->AddrTarget); + if (RT_SUCCESS(rc)) + pFlowBb->fFlags |= DBGF_FLOW_BB_F_CALL_INSN_TARGET_KNOWN; + } + } + + if (RT_FAILURE(rc)) + dbgfR3FlowBbSetError(pFlowBb, rc, "Adding successor blocks failed with %Rrc", rc); + + /* Quit disassembling. */ + if ( ( uOpc != OP_CALL + || (pThis->fFlags & DBGF_FLOW_CREATE_F_CALL_INSN_SEPARATE_BB)) + || RT_FAILURE(rc)) + break; + } + } + else + dbgfR3FlowBbSetError(pFlowBb, rc, "Increasing basic block failed with %Rrc", rc); + } + else + dbgfR3FlowBbSetError(pFlowBb, rc, "Disassembling the instruction failed with %Rrc", rc); + } + + return VINF_SUCCESS; +} + +/** + * Populate all empty basic blocks. + * + * @returns VBox status code. + * @param pUVM The user mode VM handle. + * @param idCpu CPU id for disassembling. + * @param pThis The control flow graph to populate. + * @param cbDisasmMax The maximum amount to disassemble. + * @param fFlags Combination of DBGF_DISAS_FLAGS_*. + */ +static int dbgfR3FlowPopulate(PUVM pUVM, VMCPUID idCpu, PDBGFFLOWINT pThis, uint32_t cbDisasmMax, uint32_t fFlags) +{ + int rc = VINF_SUCCESS; + PDBGFFLOWBBINT pFlowBb = dbgfR3FlowGetUnpopulatedBb(pThis); + + while (pFlowBb != NULL) + { + rc = dbgfR3FlowBbProcess(pUVM, idCpu, pThis, pFlowBb, cbDisasmMax, fFlags); + if (RT_FAILURE(rc)) + break; + + pFlowBb = dbgfR3FlowGetUnpopulatedBb(pThis); + } + + return rc; +} + +/** + * Creates a new control flow graph from the given start address. + * + * @returns VBox status code. + * @param pUVM The user mode VM handle. + * @param idCpu CPU id for disassembling. + * @param pAddressStart Where to start creating the control flow graph. + * @param cbDisasmMax Limit the amount of bytes to disassemble, 0 for no limit. + * @param fFlagsFlow Combination of DBGF_FLOW_CREATE_F_* to control the creation of the flow graph. + * @param fFlagsDisasm Combination of DBGF_DISAS_FLAGS_* controlling the style of the disassembled + * instructions. + * @param phFlow Where to store the handle to the control flow graph on success. + */ +VMMR3DECL(int) DBGFR3FlowCreate(PUVM pUVM, VMCPUID idCpu, PDBGFADDRESS pAddressStart, uint32_t cbDisasmMax, + uint32_t fFlagsFlow, uint32_t fFlagsDisasm, PDBGFFLOW phFlow) +{ + UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE); + PVM pVM = pUVM->pVM; + VM_ASSERT_VALID_EXT_RETURN(pVM, VERR_INVALID_VM_HANDLE); + AssertReturn(idCpu < pUVM->cCpus, VERR_INVALID_CPU_ID); + AssertPtrReturn(pAddressStart, VERR_INVALID_POINTER); + AssertReturn(!(fFlagsDisasm & ~DBGF_DISAS_FLAGS_VALID_MASK), VERR_INVALID_PARAMETER); + AssertReturn((fFlagsDisasm & DBGF_DISAS_FLAGS_MODE_MASK) <= DBGF_DISAS_FLAGS_64BIT_MODE, VERR_INVALID_PARAMETER); + + /* Create the control flow graph container. */ + int rc = VINF_SUCCESS; + PDBGFFLOWINT pThis = (PDBGFFLOWINT)RTMemAllocZ(sizeof(DBGFFLOWINT)); + if (RT_LIKELY(pThis)) + { + rc = RTStrCacheCreate(&pThis->hStrCacheInstr, "DBGFFLOW"); + if (RT_SUCCESS(rc)) + { + pThis->cRefs = 1; + pThis->cRefsBb = 0; + pThis->cBbs = 0; + pThis->cBranchTbls = 0; + pThis->cCallInsns = 0; + pThis->fFlags = fFlagsFlow; + RTListInit(&pThis->LstFlowBb); + RTListInit(&pThis->LstBranchTbl); + /* Create the entry basic block and start the work. */ + + PDBGFFLOWBBINT pFlowBb = dbgfR3FlowBbCreate(pThis, pAddressStart, DBGF_FLOW_BB_F_ENTRY, 10); + if (RT_LIKELY(pFlowBb)) + { + dbgfR3FlowLink(pThis, pFlowBb); + rc = dbgfR3FlowPopulate(pUVM, idCpu, pThis, cbDisasmMax, fFlagsDisasm); + if (RT_SUCCESS(rc)) + { + *phFlow = pThis; + return VINF_SUCCESS; + } + } + else + rc = VERR_NO_MEMORY; + } + + ASMAtomicDecU32(&pThis->cRefs); + dbgfR3FlowDestroy(pThis); + } + else + rc = VERR_NO_MEMORY; + + return rc; +} + + +/** + * Retains the control flow graph handle. + * + * @returns Current reference count. + * @param hFlow The control flow graph handle to retain. + */ +VMMR3DECL(uint32_t) DBGFR3FlowRetain(DBGFFLOW hFlow) +{ + PDBGFFLOWINT pThis = hFlow; + AssertPtrReturn(pThis, UINT32_MAX); + + uint32_t cRefs = ASMAtomicIncU32(&pThis->cRefs); + AssertMsg(cRefs > 1 && cRefs < _1M, ("%#x %p\n", cRefs, pThis)); + return cRefs; +} + + +/** + * Releases the control flow graph handle. + * + * @returns Current reference count, on 0 the control flow graph will be destroyed. + * @param hFlow The control flow graph handle to release. + */ +VMMR3DECL(uint32_t) DBGFR3FlowRelease(DBGFFLOW hFlow) +{ + PDBGFFLOWINT pThis = hFlow; + if (!pThis) + return 0; + AssertPtrReturn(pThis, UINT32_MAX); + + uint32_t cRefs = ASMAtomicDecU32(&pThis->cRefs); + AssertMsg(cRefs < _1M, ("%#x %p\n", cRefs, pThis)); + if (cRefs == 0) + dbgfR3FlowDestroy(pThis); + return cRefs; +} + + +/** + * Queries the basic block denoting the entry point into the control flow graph. + * + * @returns VBox status code. + * @param hFlow The control flow graph handle. + * @param phFlowBb Where to store the basic block handle on success. + */ +VMMR3DECL(int) DBGFR3FlowQueryStartBb(DBGFFLOW hFlow, PDBGFFLOWBB phFlowBb) +{ + PDBGFFLOWINT pThis = hFlow; + AssertPtrReturn(pThis, VERR_INVALID_HANDLE); + + PDBGFFLOWBBINT pFlowBb; + RTListForEach(&pThis->LstFlowBb, pFlowBb, DBGFFLOWBBINT, NdFlowBb) + { + if (pFlowBb->fFlags & DBGF_FLOW_BB_F_ENTRY) + { + *phFlowBb = pFlowBb; + return VINF_SUCCESS; + } + } + + AssertFailed(); /* Should never get here. */ + return VERR_INTERNAL_ERROR; +} + + +/** + * Queries a basic block in the given control flow graph which covers the given + * address. + * + * @returns VBox status code. + * @retval VERR_NOT_FOUND if there is no basic block intersecting with the address. + * @param hFlow The control flow graph handle. + * @param pAddr The address to look for. + * @param phFlowBb Where to store the basic block handle on success. + */ +VMMR3DECL(int) DBGFR3FlowQueryBbByAddress(DBGFFLOW hFlow, PDBGFADDRESS pAddr, PDBGFFLOWBB phFlowBb) +{ + PDBGFFLOWINT pThis = hFlow; + AssertPtrReturn(pThis, VERR_INVALID_HANDLE); + AssertPtrReturn(pAddr, VERR_INVALID_POINTER); + AssertPtrReturn(phFlowBb, VERR_INVALID_POINTER); + + PDBGFFLOWBBINT pFlowBb; + RTListForEach(&pThis->LstFlowBb, pFlowBb, DBGFFLOWBBINT, NdFlowBb) + { + if (dbgfR3FlowAddrIntersect(pFlowBb, pAddr)) + { + DBGFR3FlowBbRetain(pFlowBb); + *phFlowBb = pFlowBb; + return VINF_SUCCESS; + } + } + + return VERR_NOT_FOUND; +} + + +/** + * Queries a branch table in the given control flow graph by the given address. + * + * @returns VBox status code. + * @retval VERR_NOT_FOUND if there is no branch table with the given address. + * @param hFlow The control flow graph handle. + * @param pAddr The address of the branch table. + * @param phFlowBranchTbl Where to store the handle to branch table on success. + * + * @note Call DBGFR3FlowBranchTblRelease() when the handle is not required anymore. + */ +VMMR3DECL(int) DBGFR3FlowQueryBranchTblByAddress(DBGFFLOW hFlow, PDBGFADDRESS pAddr, PDBGFFLOWBRANCHTBL phFlowBranchTbl) +{ + PDBGFFLOWINT pThis = hFlow; + AssertPtrReturn(pThis, VERR_INVALID_HANDLE); + AssertPtrReturn(pAddr, VERR_INVALID_POINTER); + AssertPtrReturn(phFlowBranchTbl, VERR_INVALID_POINTER); + + PDBGFFLOWBRANCHTBLINT pBranchTbl = dbgfR3FlowBranchTblFindByAddr(pThis, pAddr); + if (pBranchTbl) + { + DBGFR3FlowBranchTblRetain(pBranchTbl); + *phFlowBranchTbl = pBranchTbl; + return VINF_SUCCESS; + } + + return VERR_NOT_FOUND; +} + + +/** + * Returns the number of basic blcoks inside the control flow graph. + * + * @returns Number of basic blocks. + * @param hFlow The control flow graph handle. + */ +VMMR3DECL(uint32_t) DBGFR3FlowGetBbCount(DBGFFLOW hFlow) +{ + PDBGFFLOWINT pThis = hFlow; + AssertPtrReturn(pThis, 0); + + return pThis->cBbs; +} + + +/** + * Returns the number of branch tables inside the control flow graph. + * + * @returns Number of basic blocks. + * @param hFlow The control flow graph handle. + */ +VMMR3DECL(uint32_t) DBGFR3FlowGetBranchTblCount(DBGFFLOW hFlow) +{ + PDBGFFLOWINT pThis = hFlow; + AssertPtrReturn(pThis, 0); + + return pThis->cBranchTbls; +} + + +/** + * Returns the number of call instructions encountered in the given + * control flow graph. + * + * @returns Number of call instructions. + * @param hFlow The control flow graph handle. + */ +VMMR3DECL(uint32_t) DBGFR3FlowGetCallInsnCount(DBGFFLOW hFlow) +{ + PDBGFFLOWINT pThis = hFlow; + AssertPtrReturn(pThis, 0); + + return pThis->cCallInsns; +} + + +/** + * Retains the basic block handle. + * + * @returns Current reference count. + * @param hFlowBb The basic block handle to retain. + */ +VMMR3DECL(uint32_t) DBGFR3FlowBbRetain(DBGFFLOWBB hFlowBb) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, UINT32_MAX); + + uint32_t cRefs = ASMAtomicIncU32(&pFlowBb->cRefs); + AssertMsg(cRefs > 1 && cRefs < _1M, ("%#x %p %d\n", cRefs, pFlowBb, pFlowBb->enmEndType)); + return cRefs; +} + + +/** + * Releases the basic block handle. + * + * @returns Current reference count, on 0 the basic block will be destroyed. + * @param hFlowBb The basic block handle to release. + */ +VMMR3DECL(uint32_t) DBGFR3FlowBbRelease(DBGFFLOWBB hFlowBb) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + if (!pFlowBb) + return 0; + + return dbgfR3FlowBbReleaseInt(pFlowBb, true /* fMayDestroyFlow */); +} + + +/** + * Returns the start address of the basic block. + * + * @returns Pointer to DBGF adress containing the start address of the basic block. + * @param hFlowBb The basic block handle. + * @param pAddrStart Where to store the start address of the basic block. + */ +VMMR3DECL(PDBGFADDRESS) DBGFR3FlowBbGetStartAddress(DBGFFLOWBB hFlowBb, PDBGFADDRESS pAddrStart) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, NULL); + AssertPtrReturn(pAddrStart, NULL); + + *pAddrStart = pFlowBb->AddrStart; + return pAddrStart; +} + + +/** + * Returns the end address of the basic block (inclusive). + * + * @returns Pointer to DBGF adress containing the end address of the basic block. + * @param hFlowBb The basic block handle. + * @param pAddrEnd Where to store the end address of the basic block. + */ +VMMR3DECL(PDBGFADDRESS) DBGFR3FlowBbGetEndAddress(DBGFFLOWBB hFlowBb, PDBGFADDRESS pAddrEnd) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, NULL); + AssertPtrReturn(pAddrEnd, NULL); + + *pAddrEnd = pFlowBb->AddrEnd; + return pAddrEnd; +} + + +/** + * Returns the address the last instruction in the basic block branches to. + * + * @returns Pointer to DBGF adress containing the branch address of the basic block. + * @param hFlowBb The basic block handle. + * @param pAddrTarget Where to store the branch address of the basic block. + * + * @note This is only valid for unconditional or conditional branches, or for a basic block + * containing only a call instruction when DBGF_FLOW_CREATE_F_CALL_INSN_SEPARATE_BB was given + * during creation and the branch target could be deduced as indicated by the DBGF_FLOW_BB_F_CALL_INSN_TARGET_KNOWN + * flag for the basic block. This method will assert for every other basic block type. + * @note For indirect unconditional branches using a branch table this will return the start address + * of the branch table. + */ +VMMR3DECL(PDBGFADDRESS) DBGFR3FlowBbGetBranchAddress(DBGFFLOWBB hFlowBb, PDBGFADDRESS pAddrTarget) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, NULL); + AssertPtrReturn(pAddrTarget, NULL); + AssertReturn( pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND_JMP + || pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_COND + || pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND_INDIRECT_JMP + || ( pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND + && (pFlowBb->fFlags & DBGF_FLOW_BB_F_CALL_INSN_TARGET_KNOWN)), + NULL); + + if ( pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND_INDIRECT_JMP + && pFlowBb->pFlowBranchTbl) + *pAddrTarget = pFlowBb->pFlowBranchTbl->AddrStart; + else + *pAddrTarget = pFlowBb->AddrTarget; + return pAddrTarget; +} + + +/** + * Returns the address of the next block following this one in the instruction stream. + * (usually end address + 1). + * + * @returns Pointer to DBGF adress containing the following address of the basic block. + * @param hFlowBb The basic block handle. + * @param pAddrFollow Where to store the following address of the basic block. + * + * @note This is only valid for conditional branches and if the last instruction in the + * given basic block doesn't change the control flow but the blocks were split + * because the successor is referenced by multiple other blocks as an entry point. + */ +VMMR3DECL(PDBGFADDRESS) DBGFR3FlowBbGetFollowingAddress(DBGFFLOWBB hFlowBb, PDBGFADDRESS pAddrFollow) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, NULL); + AssertPtrReturn(pAddrFollow, NULL); + AssertReturn( pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND + || pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_COND, + NULL); + + *pAddrFollow = pFlowBb->AddrEnd; + DBGFR3AddrAdd(pAddrFollow, 1); + return pAddrFollow; +} + + +/** + * Returns the type of the last instruction in the basic block. + * + * @returns Last instruction type. + * @param hFlowBb The basic block handle. + */ +VMMR3DECL(DBGFFLOWBBENDTYPE) DBGFR3FlowBbGetType(DBGFFLOWBB hFlowBb) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, DBGFFLOWBBENDTYPE_INVALID); + + return pFlowBb->enmEndType; +} + + +/** + * Get the number of instructions contained in the basic block. + * + * @returns Number of instructions in the basic block. + * @param hFlowBb The basic block handle. + */ +VMMR3DECL(uint32_t) DBGFR3FlowBbGetInstrCount(DBGFFLOWBB hFlowBb) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, 0); + + return pFlowBb->cInstr; +} + + +/** + * Get flags for the given basic block. + * + * @returns Combination of DBGF_FLOW_BB_F_* + * @param hFlowBb The basic block handle. + */ +VMMR3DECL(uint32_t) DBGFR3FlowBbGetFlags(DBGFFLOWBB hFlowBb) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, 0); + + return pFlowBb->fFlags; +} + + +/** + * Queries the branch table used if the given basic block ends with an indirect branch + * and has a branch table referenced. + * + * @returns VBox status code. + * @param hFlowBb The basic block handle. + * @param phBranchTbl Where to store the branch table handle on success. + * + * @note Release the branch table reference with DBGFR3FlowBranchTblRelease() when not required + * anymore. + */ +VMMR3DECL(int) DBGFR3FlowBbQueryBranchTbl(DBGFFLOWBB hFlowBb, PDBGFFLOWBRANCHTBL phBranchTbl) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, VERR_INVALID_HANDLE); + AssertReturn(pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND_INDIRECT_JMP, VERR_INVALID_STATE); + AssertPtrReturn(pFlowBb->pFlowBranchTbl, VERR_INVALID_STATE); + AssertPtrReturn(phBranchTbl, VERR_INVALID_POINTER); + + DBGFR3FlowBranchTblRetain(pFlowBb->pFlowBranchTbl); + *phBranchTbl = pFlowBb->pFlowBranchTbl; + return VINF_SUCCESS; +} + + +/** + * Returns the error status and message if the given basic block has an error. + * + * @returns VBox status code of the error for the basic block. + * @param hFlowBb The basic block handle. + * @param ppszErr Where to store the pointer to the error message - optional. + */ +VMMR3DECL(int) DBGFR3FlowBbQueryError(DBGFFLOWBB hFlowBb, const char **ppszErr) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, VERR_INVALID_HANDLE); + + if (ppszErr) + *ppszErr = pFlowBb->pszErr; + + return pFlowBb->rcError; +} + + +/** + * Store the disassembled instruction as a string in the given output buffer. + * + * @returns VBox status code. + * @param hFlowBb The basic block handle. + * @param idxInstr The instruction to query. + * @param pAddrInstr Where to store the guest instruction address on success, optional. + * @param pcbInstr Where to store the instruction size on success, optional. + * @param ppszInstr Where to store the pointer to the disassembled instruction string, optional. + */ +VMMR3DECL(int) DBGFR3FlowBbQueryInstr(DBGFFLOWBB hFlowBb, uint32_t idxInstr, PDBGFADDRESS pAddrInstr, + uint32_t *pcbInstr, const char **ppszInstr) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, VERR_INVALID_POINTER); + AssertReturn(idxInstr < pFlowBb->cInstr, VERR_INVALID_PARAMETER); + + if (pAddrInstr) + *pAddrInstr = pFlowBb->aInstr[idxInstr].AddrInstr; + if (pcbInstr) + *pcbInstr = pFlowBb->aInstr[idxInstr].cbInstr; + if (ppszInstr) + *ppszInstr = pFlowBb->aInstr[idxInstr].pszInstr; + + return VINF_SUCCESS; +} + + +/** + * Queries the successors of the basic block. + * + * @returns VBox status code. + * @param hFlowBb The basic block handle. + * @param phFlowBbFollow Where to store the handle to the basic block following + * this one (optional). + * @param phFlowBbTarget Where to store the handle to the basic block being the + * branch target for this one (optional). + */ +VMMR3DECL(int) DBGFR3FlowBbQuerySuccessors(DBGFFLOWBB hFlowBb, PDBGFFLOWBB phFlowBbFollow, PDBGFFLOWBB phFlowBbTarget) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, VERR_INVALID_POINTER); + + if ( phFlowBbFollow + && ( pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND + || pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_COND)) + { + DBGFADDRESS AddrStart = pFlowBb->AddrEnd; + DBGFR3AddrAdd(&AddrStart, 1); + int rc = DBGFR3FlowQueryBbByAddress(pFlowBb->pFlow, &AddrStart, phFlowBbFollow); + AssertRC(rc); + } + + if ( phFlowBbTarget + && ( pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND_JMP + || pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_COND)) + { + int rc = DBGFR3FlowQueryBbByAddress(pFlowBb->pFlow, &pFlowBb->AddrTarget, phFlowBbTarget); + AssertRC(rc); + } + + return VINF_SUCCESS; +} + + +/** + * Returns the number of basic blocks referencing this basic block as a target. + * + * @returns Number of other basic blocks referencing this one. + * @param hFlowBb The basic block handle. + * + * @note If the given basic block references itself (loop, etc.) this will be counted as well. + */ +VMMR3DECL(uint32_t) DBGFR3FlowBbGetRefBbCount(DBGFFLOWBB hFlowBb) +{ + PDBGFFLOWBBINT pFlowBb = hFlowBb; + AssertPtrReturn(pFlowBb, 0); + + uint32_t cRefsBb = 0; + PDBGFFLOWBBINT pFlowBbCur; + RTListForEach(&pFlowBb->pFlow->LstFlowBb, pFlowBbCur, DBGFFLOWBBINT, NdFlowBb) + { + if (pFlowBbCur->fFlags & DBGF_FLOW_BB_F_INCOMPLETE_ERR) + continue; + + if ( pFlowBbCur->enmEndType == DBGFFLOWBBENDTYPE_UNCOND + || pFlowBbCur->enmEndType == DBGFFLOWBBENDTYPE_COND) + { + DBGFADDRESS AddrStart = pFlowBb->AddrEnd; + DBGFR3AddrAdd(&AddrStart, 1); + if (dbgfR3FlowAddrEqual(&pFlowBbCur->AddrStart, &AddrStart)) + cRefsBb++; + } + + if ( ( pFlowBbCur->enmEndType == DBGFFLOWBBENDTYPE_UNCOND_JMP + || pFlowBbCur->enmEndType == DBGFFLOWBBENDTYPE_COND) + && dbgfR3FlowAddrEqual(&pFlowBbCur->AddrStart, &pFlowBb->AddrTarget)) + cRefsBb++; + } + return cRefsBb; +} + + +/** + * Returns the basic block handles referencing the given basic block. + * + * @returns VBox status code. + * @retval VERR_BUFFER_OVERFLOW if the array can't hold all the basic blocks. + * @param hFlowBb The basic block handle. + * @param paFlowBbRef Pointer to the array containing the referencing basic block handles on success. + * @param cRef Number of entries in the given array. + */ +VMMR3DECL(int) DBGFR3FlowBbGetRefBb(DBGFFLOWBB hFlowBb, PDBGFFLOWBB paFlowBbRef, uint32_t cRef) +{ + RT_NOREF3(hFlowBb, paFlowBbRef, cRef); + return VERR_NOT_IMPLEMENTED; +} + + +/** + * Retains a reference for the given control flow graph branch table. + * + * @returns new reference count. + * @param hFlowBranchTbl The branch table handle. + */ +VMMR3DECL(uint32_t) DBGFR3FlowBranchTblRetain(DBGFFLOWBRANCHTBL hFlowBranchTbl) +{ + PDBGFFLOWBRANCHTBLINT pFlowBranchTbl = hFlowBranchTbl; + AssertPtrReturn(pFlowBranchTbl, UINT32_MAX); + + uint32_t cRefs = ASMAtomicIncU32(&pFlowBranchTbl->cRefs); + AssertMsg(cRefs > 1 && cRefs < _1M, ("%#x %p\n", cRefs, pFlowBranchTbl)); + return cRefs; +} + + +/** + * Releases a given branch table handle. + * + * @returns the new reference count of the given branch table, on 0 it is destroyed. + * @param hFlowBranchTbl The branch table handle. + */ +VMMR3DECL(uint32_t) DBGFR3FlowBranchTblRelease(DBGFFLOWBRANCHTBL hFlowBranchTbl) +{ + PDBGFFLOWBRANCHTBLINT pFlowBranchTbl = hFlowBranchTbl; + if (!pFlowBranchTbl) + return 0; + AssertPtrReturn(pFlowBranchTbl, UINT32_MAX); + + uint32_t cRefs = ASMAtomicDecU32(&pFlowBranchTbl->cRefs); + AssertMsg(cRefs < _1M, ("%#x %p\n", cRefs, pFlowBranchTbl)); + if (cRefs == 0) + dbgfR3FlowBranchTblDestroy(pFlowBranchTbl); + return cRefs; +} + + +/** + * Return the number of slots the branch table has. + * + * @returns Number of slots in the branch table. + * @param hFlowBranchTbl The branch table handle. + */ +VMMR3DECL(uint32_t) DBGFR3FlowBranchTblGetSlots(DBGFFLOWBRANCHTBL hFlowBranchTbl) +{ + PDBGFFLOWBRANCHTBLINT pFlowBranchTbl = hFlowBranchTbl; + AssertPtrReturn(pFlowBranchTbl, 0); + + return pFlowBranchTbl->cSlots; +} + + +/** + * Returns the start address of the branch table in the guest. + * + * @returns Pointer to start address of the branch table (pAddrStart). + * @param hFlowBranchTbl The branch table handle. + * @param pAddrStart Where to store the branch table address. + */ +VMMR3DECL(PDBGFADDRESS) DBGFR3FlowBranchTblGetStartAddress(DBGFFLOWBRANCHTBL hFlowBranchTbl, PDBGFADDRESS pAddrStart) +{ + PDBGFFLOWBRANCHTBLINT pFlowBranchTbl = hFlowBranchTbl; + AssertPtrReturn(pFlowBranchTbl, NULL); + AssertPtrReturn(pAddrStart, NULL); + + *pAddrStart = pFlowBranchTbl->AddrStart; + return pAddrStart; +} + + +/** + * Returns one address in the branch table at the given slot index. + * + * @return Pointer to the address at the given slot in the given branch table. + * @param hFlowBranchTbl The branch table handle. + * @param idxSlot The slot the address should be returned from. + * @param pAddrSlot Where to store the address. + */ +VMMR3DECL(PDBGFADDRESS) DBGFR3FlowBranchTblGetAddrAtSlot(DBGFFLOWBRANCHTBL hFlowBranchTbl, uint32_t idxSlot, PDBGFADDRESS pAddrSlot) +{ + PDBGFFLOWBRANCHTBLINT pFlowBranchTbl = hFlowBranchTbl; + AssertPtrReturn(pFlowBranchTbl, NULL); + AssertPtrReturn(pAddrSlot, NULL); + AssertReturn(idxSlot < pFlowBranchTbl->cSlots, NULL); + + *pAddrSlot = pFlowBranchTbl->aAddresses[idxSlot]; + return pAddrSlot; +} + + +/** + * Query all addresses contained in the given branch table. + * + * @returns VBox status code. + * @retval VERR_BUFFER_OVERFLOW if there is not enough space in the array to hold all addresses. + * @param hFlowBranchTbl The branch table handle. + * @param paAddrs Where to store the addresses on success. + * @param cAddrs Number of entries the array can hold. + */ +VMMR3DECL(int) DBGFR3FlowBranchTblQueryAddresses(DBGFFLOWBRANCHTBL hFlowBranchTbl, PDBGFADDRESS paAddrs, uint32_t cAddrs) +{ + PDBGFFLOWBRANCHTBLINT pFlowBranchTbl = hFlowBranchTbl; + AssertPtrReturn(pFlowBranchTbl, VERR_INVALID_HANDLE); + AssertPtrReturn(paAddrs, VERR_INVALID_POINTER); + AssertReturn(cAddrs > 0, VERR_INVALID_PARAMETER); + + if (cAddrs < pFlowBranchTbl->cSlots) + return VERR_BUFFER_OVERFLOW; + + memcpy(paAddrs, &pFlowBranchTbl->aAddresses[0], pFlowBranchTbl->cSlots * sizeof(DBGFADDRESS)); + return VINF_SUCCESS; +} + + +/** + * @callback_method_impl{FNRTSORTCMP} + */ +static DECLCALLBACK(int) dbgfR3FlowItSortCmp(void const *pvElement1, void const *pvElement2, void *pvUser) +{ + PDBGFFLOWITORDER penmOrder = (PDBGFFLOWITORDER)pvUser; + PDBGFFLOWBBINT pFlowBb1 = *(PDBGFFLOWBBINT *)pvElement1; + PDBGFFLOWBBINT pFlowBb2 = *(PDBGFFLOWBBINT *)pvElement2; + + if (dbgfR3FlowAddrEqual(&pFlowBb1->AddrStart, &pFlowBb2->AddrStart)) + return 0; + + if (*penmOrder == DBGFFLOWITORDER_BY_ADDR_LOWEST_FIRST) + { + if (dbgfR3FlowAddrLower(&pFlowBb1->AddrStart, &pFlowBb2->AddrStart)) + return -1; + else + return 1; + } + else + { + if (dbgfR3FlowAddrLower(&pFlowBb1->AddrStart, &pFlowBb2->AddrStart)) + return 1; + else + return -1; + } +} + + +/** + * Creates a new iterator for the given control flow graph. + * + * @returns VBox status code. + * @param hFlow The control flow graph handle. + * @param enmOrder The order in which the basic blocks are enumerated. + * @param phFlowIt Where to store the handle to the iterator on success. + */ +VMMR3DECL(int) DBGFR3FlowItCreate(DBGFFLOW hFlow, DBGFFLOWITORDER enmOrder, PDBGFFLOWIT phFlowIt) +{ + int rc = VINF_SUCCESS; + PDBGFFLOWINT pFlow = hFlow; + AssertPtrReturn(pFlow, VERR_INVALID_POINTER); + AssertPtrReturn(phFlowIt, VERR_INVALID_POINTER); + AssertReturn(enmOrder > DBGFFLOWITORDER_INVALID && enmOrder < DBGFFLOWITORDER_BREADTH_FIRST, + VERR_INVALID_PARAMETER); + AssertReturn(enmOrder < DBGFFLOWITORDER_DEPTH_FRIST, VERR_NOT_IMPLEMENTED); /** @todo */ + + PDBGFFLOWITINT pIt = (PDBGFFLOWITINT)RTMemAllocZ(RT_UOFFSETOF_DYN(DBGFFLOWITINT, apBb[pFlow->cBbs])); + if (RT_LIKELY(pIt)) + { + DBGFR3FlowRetain(hFlow); + pIt->pFlow = pFlow; + pIt->idxBbNext = 0; + /* Fill the list and then sort. */ + uint32_t idxBb = 0; + PDBGFFLOWBBINT pFlowBb; + RTListForEach(&pFlow->LstFlowBb, pFlowBb, DBGFFLOWBBINT, NdFlowBb) + { + DBGFR3FlowBbRetain(pFlowBb); + pIt->apBb[idxBb++] = pFlowBb; + } + + /* Sort the blocks by address. */ + RTSortShell(&pIt->apBb[0], pFlow->cBbs, sizeof(PDBGFFLOWBBINT), dbgfR3FlowItSortCmp, &enmOrder); + + *phFlowIt = pIt; + } + else + rc = VERR_NO_MEMORY; + + return rc; +} + + +/** + * Destroys a given control flow graph iterator. + * + * @param hFlowIt The control flow graph iterator handle. + */ +VMMR3DECL(void) DBGFR3FlowItDestroy(DBGFFLOWIT hFlowIt) +{ + PDBGFFLOWITINT pIt = hFlowIt; + AssertPtrReturnVoid(pIt); + + for (unsigned i = 0; i < pIt->pFlow->cBbs; i++) + DBGFR3FlowBbRelease(pIt->apBb[i]); + + DBGFR3FlowRelease(pIt->pFlow); + RTMemFree(pIt); +} + + +/** + * Returns the next basic block in the iterator or NULL if there is no + * basic block left. + * + * @returns Handle to the next basic block in the iterator or NULL if the end + * was reached. + * @param hFlowIt The iterator handle. + * + * @note If a valid handle is returned it must be release with DBGFR3FlowBbRelease() + * when not required anymore. + */ +VMMR3DECL(DBGFFLOWBB) DBGFR3FlowItNext(DBGFFLOWIT hFlowIt) +{ + PDBGFFLOWITINT pIt = hFlowIt; + AssertPtrReturn(pIt, NULL); + + PDBGFFLOWBBINT pFlowBb = NULL; + if (pIt->idxBbNext < pIt->pFlow->cBbs) + { + pFlowBb = pIt->apBb[pIt->idxBbNext++]; + DBGFR3FlowBbRetain(pFlowBb); + } + + return pFlowBb; +} + + +/** + * Resets the given iterator to the beginning. + * + * @returns VBox status code. + * @param hFlowIt The iterator handle. + */ +VMMR3DECL(int) DBGFR3FlowItReset(DBGFFLOWIT hFlowIt) +{ + PDBGFFLOWITINT pIt = hFlowIt; + AssertPtrReturn(pIt, VERR_INVALID_HANDLE); + + pIt->idxBbNext = 0; + return VINF_SUCCESS; +} + + +/** + * @callback_method_impl{FNRTSORTCMP} + */ +static DECLCALLBACK(int) dbgfR3FlowBranchTblItSortCmp(void const *pvElement1, void const *pvElement2, void *pvUser) +{ + PDBGFFLOWITORDER penmOrder = (PDBGFFLOWITORDER)pvUser; + PDBGFFLOWBRANCHTBLINT pTbl1 = *(PDBGFFLOWBRANCHTBLINT *)pvElement1; + PDBGFFLOWBRANCHTBLINT pTbl2 = *(PDBGFFLOWBRANCHTBLINT *)pvElement2; + + if (dbgfR3FlowAddrEqual(&pTbl1->AddrStart, &pTbl2->AddrStart)) + return 0; + + if (*penmOrder == DBGFFLOWITORDER_BY_ADDR_LOWEST_FIRST) + { + if (dbgfR3FlowAddrLower(&pTbl1->AddrStart, &pTbl2->AddrStart)) + return -1; + else + return 1; + } + else + { + if (dbgfR3FlowAddrLower(&pTbl1->AddrStart, &pTbl2->AddrStart)) + return 1; + else + return -1; + } +} + + +/** + * Creates a new branch table iterator for the given control flow graph. + * + * @returns VBox status code. + * @param hFlow The control flow graph handle. + * @param enmOrder The order in which the basic blocks are enumerated. + * @param phFlowBranchTblIt Where to store the handle to the iterator on success. + */ +VMMR3DECL(int) DBGFR3FlowBranchTblItCreate(DBGFFLOW hFlow, DBGFFLOWITORDER enmOrder, + PDBGFFLOWBRANCHTBLIT phFlowBranchTblIt) +{ + int rc = VINF_SUCCESS; + PDBGFFLOWINT pFlow = hFlow; + AssertPtrReturn(pFlow, VERR_INVALID_POINTER); + AssertPtrReturn(phFlowBranchTblIt, VERR_INVALID_POINTER); + AssertReturn(enmOrder > DBGFFLOWITORDER_INVALID && enmOrder < DBGFFLOWITORDER_BREADTH_FIRST, + VERR_INVALID_PARAMETER); + AssertReturn(enmOrder < DBGFFLOWITORDER_DEPTH_FRIST, VERR_NOT_SUPPORTED); + + PDBGFFLOWBRANCHTBLITINT pIt = (PDBGFFLOWBRANCHTBLITINT)RTMemAllocZ(RT_UOFFSETOF_DYN(DBGFFLOWBRANCHTBLITINT, + apBranchTbl[pFlow->cBranchTbls])); + if (RT_LIKELY(pIt)) + { + DBGFR3FlowRetain(hFlow); + pIt->pFlow = pFlow; + pIt->idxTblNext = 0; + /* Fill the list and then sort. */ + uint32_t idxTbl = 0; + PDBGFFLOWBRANCHTBLINT pFlowBranchTbl; + RTListForEach(&pFlow->LstBranchTbl, pFlowBranchTbl, DBGFFLOWBRANCHTBLINT, NdBranchTbl) + { + DBGFR3FlowBranchTblRetain(pFlowBranchTbl); + pIt->apBranchTbl[idxTbl++] = pFlowBranchTbl; + } + + /* Sort the blocks by address. */ + RTSortShell(&pIt->apBranchTbl[0], pFlow->cBranchTbls, sizeof(PDBGFFLOWBRANCHTBLINT), dbgfR3FlowBranchTblItSortCmp, &enmOrder); + + *phFlowBranchTblIt = pIt; + } + else + rc = VERR_NO_MEMORY; + + return rc; +} + + +/** + * Destroys a given control flow graph branch table iterator. + * + * @param hFlowBranchTblIt The control flow graph branch table iterator handle. + */ +VMMR3DECL(void) DBGFR3FlowBranchTblItDestroy(DBGFFLOWBRANCHTBLIT hFlowBranchTblIt) +{ + PDBGFFLOWBRANCHTBLITINT pIt = hFlowBranchTblIt; + AssertPtrReturnVoid(pIt); + + for (unsigned i = 0; i < pIt->pFlow->cBranchTbls; i++) + DBGFR3FlowBranchTblRelease(pIt->apBranchTbl[i]); + + DBGFR3FlowRelease(pIt->pFlow); + RTMemFree(pIt); +} + + +/** + * Returns the next branch table in the iterator or NULL if there is no + * branch table left. + * + * @returns Handle to the next basic block in the iterator or NULL if the end + * was reached. + * @param hFlowBranchTblIt The iterator handle. + * + * @note If a valid handle is returned it must be release with DBGFR3FlowBranchTblRelease() + * when not required anymore. + */ +VMMR3DECL(DBGFFLOWBRANCHTBL) DBGFR3FlowBranchTblItNext(DBGFFLOWBRANCHTBLIT hFlowBranchTblIt) +{ + PDBGFFLOWBRANCHTBLITINT pIt = hFlowBranchTblIt; + AssertPtrReturn(pIt, NULL); + + PDBGFFLOWBRANCHTBLINT pTbl = NULL; + if (pIt->idxTblNext < pIt->pFlow->cBranchTbls) + { + pTbl = pIt->apBranchTbl[pIt->idxTblNext++]; + DBGFR3FlowBranchTblRetain(pTbl); + } + + return pTbl; +} + + +/** + * Resets the given iterator to the beginning. + * + * @returns VBox status code. + * @param hFlowBranchTblIt The iterator handle. + */ +VMMR3DECL(int) DBGFR3FlowBranchTblItReset(DBGFFLOWBRANCHTBLIT hFlowBranchTblIt) +{ + PDBGFFLOWBRANCHTBLITINT pIt = hFlowBranchTblIt; + AssertPtrReturn(pIt, VERR_INVALID_HANDLE); + + pIt->idxTblNext = 0; + return VINF_SUCCESS; +} |