Coverage for Syzygy/block_graph/transforms/fuzzing

Coverage for /Syzygy/block_graph/transforms/fuzzing_transform.cc

Coverage	Lines executed / instrumented / missing			exe / inst / miss	Language	Group
98.1%	53	54	0	.	C++	source
Line-by-line coverage:

   1    :  // Copyright 2013 Google Inc. All Rights Reserved.
   2    :  //
   3    :  // Licensed under the Apache License, Version 2.0 (the "License");
   4    :  // you may not use this file except in compliance with the License.
   5    :  // You may obtain a copy of the License at
   6    :  //
   7    :  //     http://www.apache.org/licenses/LICENSE-2.0
   8    :  //
   9    :  // Unless required by applicable law or agreed to in writing, software
  10    :  // distributed under the License is distributed on an "AS IS" BASIS,
  11    :  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12    :  // See the License for the specific language governing permissions and
  13    :  // limitations under the License.
  14    :  
  15    :  #include "syzygy/block_graph/transforms/fuzzing_transform.h"
  16    :  
  17    :  #include "base/logging.h"
  18    :  #include "base/string_util.h"
  19    :  #include "base/stringprintf.h"
  20    :  #include "syzygy/block_graph/basic_block_assembler.h"
  21    :  #include "syzygy/block_graph/block_builder.h"
  22    :  #include "syzygy/block_graph/block_util.h"
  23    :  #include "syzygy/block_graph/analysis/liveness_analysis.h"
  24    :  #include "syzygy/common/defs.h"
  25    :  
  26    :  namespace block_graph {
  27    :  namespace transforms {
  28    :  namespace {
  29    :  
  30    :  using block_graph::BasicBlock;
  31    :  using block_graph::BasicBlockAssembler;
  32    :  using block_graph::BasicCodeBlock;
  33    :  using block_graph::Instruction;
  34    :  using block_graph::Immediate;
  35    :  using core::Register;
  36    :  
  37    :  }  // namespace
  38    :  
  39    :  const char LivenessFuzzingBasicBlockTransform::kTransformName[]
  40    :      = "LivenessFuzzingBasicBlockTransform";
  41    :  const char FuzzingTransform::kTransformName[] = "FuzzingTransform";
  42    :  
  43    :  bool LivenessFuzzingBasicBlockTransform::TransformBasicBlockSubGraph(
  44  E :      BlockGraph* block_graph, BasicBlockSubGraph* subgraph) {
  45  E :    DCHECK(block_graph != NULL);
  46  E :    DCHECK(subgraph != NULL);
  47    :  
  48    :    // Perform the global liveness analysis.
  49  E :    block_graph::analysis::LivenessAnalysis liveness;
  50  E :    liveness.Analyze(subgraph);
  51    :  
  52    :    // Iterate through each basic block and instrument it.
  53    :    BasicBlockSubGraph::BBCollection::iterator bb_iter =
  54  E :        subgraph->basic_blocks().begin();
  55  E :    for (; bb_iter != subgraph->basic_blocks().end(); ++bb_iter) {
  56  E :      BasicCodeBlock* bb = BasicCodeBlock::Cast(*bb_iter);
  57  E :      if (bb == NULL)
  58  E :        continue;
  59    :  
  60  E :      block_graph::analysis::LivenessAnalysis::State state;
  61  E :      liveness.GetStateAtExitOf(bb, &state);
  62    :  
  63  E :      BasicBlock::Instructions& instructions = bb->instructions();
  64    :  
  65  E :      if (instructions.empty())
  66  E :        continue;
  67    :  
  68  E :      BasicBlock::Instructions::iterator instr_iter = instructions.end();
  69  E :      --instr_iter;
  70    :  
  71  E :      while (true) {
  72    :        // Propagate liveness through the current instruction.
  73  E :        Instruction instr = *instr_iter;
  74  E :        liveness.PropagateBackward(instr, &state);
  75    :  
  76    :        // Rewrite dead registers.
  77  E :        uint32 reg_code = core::kRegisterEax;
  78  E :        for ( ; reg_code <= core::kRegisterEdi; ++reg_code) {
  79  E :          Register reg(static_cast<core::RegisterCode>(reg_code));
  80  E :          if (state.IsLive(reg))
  81  E :            continue;
  82    :  
  83  E :          BasicBlockAssembler assembly(instr_iter, &instructions);
  84    :  
  85    :          // Write some garbage in the dead register.
  86  E :          assembly.mov(reg, Immediate(0xCCCCCCCC));
  87  E :          --instr_iter;
  88  E :        }
  89    :  
  90  E :        if (!state.AreArithmeticFlagsLive()) {
  91    :          // Write some garbage to the flags register when they are not alive.
  92  E :          BasicBlockAssembler assembly(instr_iter, &instructions);
  93  E :          assembly.add(core::ebp, Immediate(0, core::kSize32Bit));
  94  E :          --instr_iter;
  95    :        }
  96    :  
  97    :        // Move to the previous instruction.
  98  E :        if (instr_iter == instructions.begin())
  99  E :          break;
 100  E :        --instr_iter;
 101  E :      }
 102  E :    }
 103    :  
 104  E :    return true;
 105  E :  }
 106    :  
 107  E :  FuzzingTransform::FuzzingTransform() {
 108  E :  }
 109    :  
 110    :  bool FuzzingTransform::OnBlock(
 111  E :      BlockGraph* block_graph, BlockGraph::Block* block) {
 112    :  
 113  E :    DCHECK(block_graph != NULL);
 114  E :    DCHECK(block != NULL);
 115  E :    if (block->type() != BlockGraph::CODE_BLOCK)
 116  E :      return true;
 117    :  
 118  E :    if (!CodeBlockAttributesAreBasicBlockSafe(block))
 119  E :      return true;
 120    :  
 121    :    // Apply a basic block transform.
 122  E :    LivenessFuzzingBasicBlockTransform liveness_transform;
 123    :    if (!ApplyBasicBlockSubGraphTransform(
 124  E :             &liveness_transform, block_graph, block, NULL)) {
 125  i :      return false;
 126    :    }
 127    :  
 128  E :    return true;
 129  E :  }
 130    :  
 131    :  }  // namespace transforms
 132    :  }  // namespace instrument
Coverage information generated Tue Jun 25 13:56:24 2013.