Renamed polling loop detector to edge killer, which is what it really is.

Author: Vitaly Chipounov

qemu/Makefile.target

@@ -350,7 +350,7 @@ s2eobj-y += s2e/Plugins/ExecutionTracers/TranslationBlockTracer.o
 s2eobj-y += s2e/Plugins/CacheSim.o
 s2eobj-y += s2e/Plugins/Debugger.o
 s2eobj-y += s2e/Plugins/SymbolicHardware.o
-s2eobj-y += s2e/Plugins/PollingLoopDetector.o
+s2eobj-y += s2e/Plugins/EdgeKiller.o
 s2eobj-y += s2e/Plugins/StateManager.o
 s2eobj-y += s2e/Plugins/Annotation.o
 s2eobj-y += s2e/Plugins/Searchers/MaxTbSearcher.o

qemu/s2e/Plugin.cpp

@@ -60,7 +60,7 @@
 #include <s2e/Plugins/CacheSim.h>
 #include <s2e/Plugins/Debugger.h>
 #include <s2e/Plugins/SymbolicHardware.h>
-#include <s2e/Plugins/PollingLoopDetector.h>
+#include <s2e/Plugins/EdgeKiller.h>
 #include <s2e/Plugins/StateManager.h>
 #include <s2e/Plugins/Annotation.h>
 #include <s2e/Plugins/X86ExceptionInterceptor.h>
@@ -121,7 +121,7 @@ PluginsFactory::PluginsFactory()
     __S2E_REGISTER_PLUGIN(plugins::TranslationBlockTracer);
 
     __S2E_REGISTER_PLUGIN(plugins::SymbolicHardware);
-    __S2E_REGISTER_PLUGIN(plugins::PollingLoopDetector);
+    __S2E_REGISTER_PLUGIN(plugins::EdgeKiller);
     __S2E_REGISTER_PLUGIN(plugins::Annotation);
     __S2E_REGISTER_PLUGIN(plugins::X86ExceptionInterceptor);
 

qemu/s2e/Plugins/PollingLoopDetector.cpp qemu/s2e/Plugins/EdgeKiller.cpp

@@ -41,27 +41,27 @@
 
 #include <sstream>
 
-#include "PollingLoopDetector.h"
+#include "EdgeKiller.h"
 
 namespace s2e {
 namespace plugins {
 
-S2E_DEFINE_PLUGIN(PollingLoopDetector, "Kills states stuck in a polling loop", "PollingLoopDetector",
+S2E_DEFINE_PLUGIN(EdgeKiller, "Kills states when a specified sequence of instructions has been executed", "EdgeKiller",
                   "ModuleExecutionDetector", "Interceptor");
 
-void PollingLoopDetector::initialize()
+void EdgeKiller::initialize()
 {
     m_detector = (ModuleExecutionDetector*)s2e()->getPlugin("ModuleExecutionDetector");
     m_monitor = (OSMonitor*)s2e()->getPlugin("Interceptor");
 
     m_monitor->onModuleLoad.connect(
             sigc::mem_fun(*this,
-                    &PollingLoopDetector::onModuleLoad)
+                    &EdgeKiller::onModuleLoad)
             );
 
     m_monitor->onModuleUnload.connect(
             sigc::mem_fun(*this,
-                    &PollingLoopDetector::onModuleUnload)
+                    &EdgeKiller::onModuleUnload)
             );
 
 
@@ -71,18 +71,18 @@ void PollingLoopDetector::initialize()
 /**
  *  Read the config section of the module
  */
-void PollingLoopDetector::onModuleLoad(
+void EdgeKiller::onModuleLoad(
         S2EExecutionState* state,
         const ModuleDescriptor &module
         )
 {
-    DECLARE_PLUGINSTATE(PollingLoopDetectorState, state);
+    DECLARE_PLUGINSTATE(EdgeKillerState, state);
 
     ConfigFile *cfg = s2e()->getConfig();
     const std::string *id = m_detector->getModuleId(module);
 
     if (!id) {
-        s2e()->getDebugStream() << "PollingLoopDetector could not figure out which "
+        s2e()->getDebugStream() << "EdgeKiller could not figure out which "
                 "module id was passed to onModuleLoad!" << std::endl;
         module.Print(s2e()->getDebugStream());
         return;
@@ -95,7 +95,7 @@ void PollingLoopDetector::onModuleLoad(
     ConfigFile::string_list pollingEntries = cfg->getListKeys(ss.str());
 
     if (pollingEntries.size() == 0) {
-        s2e()->getWarningsStream() << "PollingLoopDetector did not find any configured entry for "
+        s2e()->getWarningsStream() << "EdgeKiller did not find any configured entry for "
                 "the module " << *id <<  "(" << ss.str() << ")" << std::endl;
         return;
     }
@@ -105,21 +105,21 @@ void PollingLoopDetector::onModuleLoad(
         ss1 << ss.str() << "." << *it;
         ConfigFile::integer_list il = cfg->getIntegerList(ss1.str());
         if (il.size() != 2) {
-            s2e()->getWarningsStream() << "PollingLoopDetector entry " << ss1.str() <<
+            s2e()->getWarningsStream() << "EdgeKiller entry " << ss1.str() <<
                     " must be of the form {sourcePc, destPc} format" << *id << std::endl;
             continue;
         }
 
         bool ok = false;
         uint64_t source = cfg->getInt(ss1.str() + "[1]", 0, &ok);
         if (!ok) {
-            s2e()->getWarningsStream() << "PollingLoopDetector could not read " << ss1.str() << "[0]" << std::endl;
+            s2e()->getWarningsStream() << "EdgeKiller could not read " << ss1.str() << "[0]" << std::endl;
             continue;
         }
 
         uint64_t dest = cfg->getInt(ss1.str() + "[2]", 0, &ok);
         if (!ok) {
-            s2e()->getWarningsStream() << "PollingLoopDetector could not read " << ss1.str() << "[1]" << std::endl;
+            s2e()->getWarningsStream() << "EdgeKiller could not read " << ss1.str() << "[1]" << std::endl;
             continue;
         }
 
@@ -128,35 +128,35 @@ void PollingLoopDetector::onModuleLoad(
         dest = module.ToRuntime(dest);
 
         //Insert in the state
-        plgState->addEntry(source, dest);
+        plgState->addEdge(source, dest);
     }
 
     if (!m_connection.connected()) {
         m_connection = m_detector->onModuleTranslateBlockEnd.connect(
                 sigc::mem_fun(*this,
-                        &PollingLoopDetector::onModuleTranslateBlockEnd)
+                        &EdgeKiller::onModuleTranslateBlockEnd)
                 );
     }
 
 
 }
 
-void PollingLoopDetector::onModuleUnload(
+void EdgeKiller::onModuleUnload(
         S2EExecutionState* state,
         const ModuleDescriptor &module
         )
 {
-    DECLARE_PLUGINSTATE(PollingLoopDetectorState, state);
+    DECLARE_PLUGINSTATE(EdgeKillerState, state);
 
     //Remove all the polling entries that belong to the module
-    PollingLoopDetectorState::PollingEntries &entries =
+    EdgeKillerState::EdgeEntries &entries =
             plgState->getEntries();
 
-    PollingLoopDetectorState::PollingEntries::iterator it1, it2;
+    EdgeKillerState::EdgeEntries::iterator it1, it2;
 
     it1 = entries.begin();
     while(it1 != entries.end()) {
-        const PollingLoopDetectorState::PollingEntry &e = *it1;
+        const EdgeKillerState::Edge &e = *it1;
         if (module.Contains(e.source)) {
             it2 = it1;
             ++it2;
@@ -173,7 +173,7 @@ void PollingLoopDetector::onModuleUnload(
 /**
  *  Instrument only the blocks where we want to kill the state.
  */
-void PollingLoopDetector::onModuleTranslateBlockEnd(
+void EdgeKiller::onModuleTranslateBlockEnd(
         ExecutionSignal *signal,
         S2EExecutionState* state,
         const ModuleDescriptor &module,
@@ -182,23 +182,23 @@ void PollingLoopDetector::onModuleTranslateBlockEnd(
         bool staticTarget,
         uint64_t targetPc)
 {
-    DECLARE_PLUGINSTATE(PollingLoopDetectorState, state);
+    DECLARE_PLUGINSTATE(EdgeKillerState, state);
 
     //If the target instruction is a kill point, connect the killer.
-    if (plgState->isPolling(endPc)) {
+    if (plgState->isEdge(endPc)) {
         signal->connect(
-            sigc::mem_fun(*this, &PollingLoopDetector::onPollingInstruction)
+            sigc::mem_fun(*this, &EdgeKiller::onEdge)
         );
     }
 }
 
 
-void PollingLoopDetector::onPollingInstruction(S2EExecutionState* state, uint64_t sourcePc)
+void EdgeKiller::onEdge(S2EExecutionState* state, uint64_t sourcePc)
 {
-    DECLARE_PLUGINSTATE(PollingLoopDetectorState, state);
-    if (plgState->isPolling(sourcePc, state->getPc())) {
+    DECLARE_PLUGINSTATE(EdgeKillerState, state);
+    if (plgState->isEdge(sourcePc, state->getPc())) {
         std::ostringstream ss;
-        ss << "Polling loop from 0x" <<std::hex << sourcePc << " to 0x"
+        ss << "Edge from 0x" <<std::hex << sourcePc << " to 0x"
                 << state->getPc();
 
         s2e()->getMessagesStream(state) << ss.str() << std::endl;
@@ -209,60 +209,60 @@ void PollingLoopDetector::onPollingInstruction(S2EExecutionState* state, uint64_
 
 ///////////////////////////////////////////////////////////////////////////
 
-PollingLoopDetectorState::PollingLoopDetectorState()
+EdgeKillerState::EdgeKillerState()
 {
 
 }
 
-PollingLoopDetectorState::PollingLoopDetectorState(S2EExecutionState *s, Plugin *p)
+EdgeKillerState::EdgeKillerState(S2EExecutionState *s, Plugin *p)
 {
 
 }
 
-PollingLoopDetectorState::~PollingLoopDetectorState()
+EdgeKillerState::~EdgeKillerState()
 {
 
 }
 
-PluginState *PollingLoopDetectorState::clone() const
+PluginState *EdgeKillerState::clone() const
 {
-    return new PollingLoopDetectorState(*this);
+    return new EdgeKillerState(*this);
 }
 
-PluginState *PollingLoopDetectorState::factory(Plugin *p, S2EExecutionState *s)
+PluginState *EdgeKillerState::factory(Plugin *p, S2EExecutionState *s)
 {
-    return new PollingLoopDetectorState();
+    return new EdgeKillerState();
 }
 
-PollingLoopDetectorState::PollingEntries &PollingLoopDetectorState::getEntries()
+EdgeKillerState::EdgeEntries &EdgeKillerState::getEntries()
 {
-    return m_pollingEntries;
+    return m_edges;
 }
 
-void PollingLoopDetectorState::addEntry(uint64_t source, uint64_t dest)
+void EdgeKillerState::addEdge(uint64_t source, uint64_t dest)
 {
-    PollingEntry pe;
+    Edge pe;
     pe.source = source;
     pe.dest = dest;
-    m_pollingEntries.insert(pe);
+    m_edges.insert(pe);
 }
 
-bool PollingLoopDetectorState::isPolling(uint64_t source) const
+bool EdgeKillerState::isEdge(uint64_t source) const
 {
-    PollingEntry pe;
+    Edge pe;
     pe.source = source;
-    return m_pollingEntries.find(pe) != m_pollingEntries.end();
+    return m_edges.find(pe) != m_edges.end();
 }
 
-bool PollingLoopDetectorState::isPolling(uint64_t source, uint64_t dest) const
+bool EdgeKillerState::isEdge(uint64_t source, uint64_t dest) const
 {
-    PollingEntry pe;
+    Edge pe;
     pe.source = source;
     pe.dest = dest;
 
     //For now we assume unique source in the list
-    PollingEntries::const_iterator it = m_pollingEntries.find(pe);
-    if (it != m_pollingEntries.end())  {
+    EdgeEntries::const_iterator it = m_edges.find(pe);
+    if (it != m_edges.end())  {
         return pe == *it;
     }
     return false;

qemu/s2e/Plugins/PollingLoopDetector.h qemu/s2e/Plugins/EdgeKiller.h

@@ -46,11 +46,11 @@
 namespace s2e {
 namespace plugins {
 
-class PollingLoopDetector : public Plugin
+class EdgeKiller : public Plugin
 {
     S2E_PLUGIN
 public:
-    PollingLoopDetector(S2E* s2e): Plugin(s2e) {}
+    EdgeKiller(S2E* s2e): Plugin(s2e) {}
 
     void initialize();
 
@@ -77,47 +77,47 @@ class PollingLoopDetector : public Plugin
             bool staticTarget,
             uint64_t targetPc);
 
-    void onPollingInstruction(S2EExecutionState* state, uint64_t sourcePc);
+    void onEdge(S2EExecutionState* state, uint64_t sourcePc);
 
     ModuleExecutionDetector *m_detector;
     OSMonitor *m_monitor;
 
 };
 
-class PollingLoopDetectorState : public PluginState
+class EdgeKillerState : public PluginState
 {
 public:
-    struct PollingEntry {
+    struct Edge {
         uint64_t source;
         uint64_t dest;
-        bool operator()(const PollingEntry &p1, const PollingEntry &p2) const {
+        bool operator()(const Edge &p1, const Edge &p2) const {
             return p1.source < p2.source;
         }
 
-        bool operator==(const PollingEntry &p1) const {
+        bool operator==(const Edge &p1) const {
             return p1.source == source && p1.dest == dest;
         }
     };
 
-    typedef std::set<PollingEntry, PollingEntry> PollingEntries;
+    typedef std::set<Edge, Edge> EdgeEntries;
 
 private:
-    PollingEntries m_pollingEntries;
+    EdgeEntries m_edges;
 
 public:
-    PollingLoopDetectorState();
-    PollingLoopDetectorState(S2EExecutionState *s, Plugin *p);
-    virtual ~PollingLoopDetectorState();
+    EdgeKillerState();
+    EdgeKillerState(S2EExecutionState *s, Plugin *p);
+    virtual ~EdgeKillerState();
     virtual PluginState *clone() const;
     static PluginState *factory(Plugin *p, S2EExecutionState *s);
 
-    void addEntry(uint64_t source, uint64_t dest);
-    PollingEntries &getEntries();
+    void addEdge(uint64_t source, uint64_t dest);
+    EdgeEntries &getEntries();
 
-    bool isPolling(uint64_t source) const;
-    bool isPolling(uint64_t source, uint64_t dest) const;
+    bool isEdge(uint64_t source) const;
+    bool isEdge(uint64_t source, uint64_t dest) const;
 
-    friend class PollingLoopDetector;
+    friend class EdgeKiller;
 };
 
 } // namespace plugins

s2e.files

@@ -1,15 +1,51 @@
 
 .gitignore
 Makefile
+Makefile.win32
+S2E-AUTHORS
+docs/BuildingLinux.html
+docs/BuildingLinux.rst
 docs/BuildingS2E.html
 docs/BuildingS2E.rst
 docs/BuildingS2EManually.html
 docs/BuildingS2EManually.rst
+docs/BuildingS2EWindows.html
+docs/BuildingS2EWindows.rst
+docs/EquivalenceTesting.html
+docs/EquivalenceTesting.rst
+docs/ExecutionTracers.html
+docs/ExecutionTracers.rst
+docs/FAQ.html
+docs/FAQ.rst
 docs/ImageInstallation.html
 docs/ImageInstallation.rst
 docs/Makefile
+docs/Plugins/BaseInstructions.html
+docs/Plugins/BaseInstructions.rst
+docs/Plugins/FunctionMonitor.html
+docs/Plugins/FunctionMonitor.rst
+docs/Plugins/ModuleExecutionDetector.html
+docs/Plugins/ModuleExecutionDetector.rst
+docs/Plugins/RawMonitor.html
+docs/Plugins/RawMonitor.rst
+docs/Plugins/StateManager.html
+docs/Plugins/StateManager.rst
+docs/Plugins/Tracers/ExecutionTracer.html
+docs/Plugins/Tracers/ExecutionTracer.rst
+docs/Plugins/Tracers/InstructionCounter.html
+docs/Plugins/Tracers/InstructionCounter.rst
+docs/Plugins/Tracers/ModuleTracer.html
+docs/Plugins/Tracers/ModuleTracer.rst
+docs/Plugins/Tracers/TestCaseGenerator.html
+docs/Plugins/Tracers/TestCaseGenerator.rst
+docs/Plugins/Tracers/TranslationBlockTracer.html
+docs/Plugins/Tracers/TranslationBlockTracer.rst
 docs/Plugins/WindowsInterceptor/WindowsMonitor.html
 docs/Plugins/WindowsInterceptor/WindowsMonitor.rst
+docs/ProfilingS2E.html
+docs/ProfilingS2E.rst
+docs/SystemTap.html
+docs/SystemTap.rst
 docs/TestingMinimalProgram.html
 docs/TestingMinimalProgram.rst
 docs/Tools/CoverageGenerator.html
@@ -22,17 +58,34 @@ docs/Tools/ForkProfiler.html
 docs/Tools/ForkProfiler.rst
 docs/Tools/TbPrinter.html
 docs/Tools/TbPrinter.rst
+docs/UsingS2EGet.html
+docs/UsingS2EGet.rst
 docs/Windows/CheckedBuild.html
 docs/Windows/CheckedBuild.rst
 docs/Windows/DriverTutorial.html
 docs/Windows/DriverTutorial.rst
+docs/WritingPlugins.html
+docs/WritingPlugins.rst
 docs/img/lines.gif
 docs/index.html
 docs/index.rst
 docs/pygments-default.css
 docs/rst2html-pygments
 docs/rst2latex-pygments
 docs/s2e.css
+docs/sample/factorial.c
+guest/include/s2e.h
+guest/s2eget/Makefile
+guest/s2eget/s2eget.c
+guest/stp/s2e.stp
+guest/windbg-gdb/BFDInterface.cpp
+guest/windbg-gdb/BFDInterface.h
+guest/windbg-gdb/Makefile
+guest/windbg-gdb/StartSize.h
+guest/windbg-gdb/Symbols.cpp
+guest/windbg-gdb/Symbols.h
+guest/windbg-gdb/gdbsyms.def
+guest/windbg-gdb/main.cpp
 klee/LICENSE.TXT
 klee/Makefile
 klee/Makefile.common
@@ -1342,8 +1395,6 @@ qemu/s2e/Plugins/Annotation.cpp
 qemu/s2e/Plugins/Annotation.h
 qemu/s2e/Plugins/BaseInstructions.cpp
 qemu/s2e/Plugins/BaseInstructions.h
-qemu/s2e/Plugins/BranchCoverage.cpp
-qemu/s2e/Plugins/BranchCoverage.h
 qemu/s2e/Plugins/CacheSim.cpp
 qemu/s2e/Plugins/CacheSim.h
 qemu/s2e/Plugins/CodeSelector.cpp
@@ -1359,6 +1410,8 @@ qemu/s2e/Plugins/DataSelectors/WindowsService.h
 qemu/s2e/Plugins/DataStructureSpy.h
 qemu/s2e/Plugins/Debugger.cpp
 qemu/s2e/Plugins/Debugger.h
+qemu/s2e/Plugins/EdgeKiller.cpp
+qemu/s2e/Plugins/EdgeKiller.h
 qemu/s2e/Plugins/Example.cpp
 qemu/s2e/Plugins/Example.h
 qemu/s2e/Plugins/ExecutableImage.h
@@ -1381,14 +1434,16 @@ qemu/s2e/Plugins/FunctionMonitor.cpp
 qemu/s2e/Plugins/FunctionMonitor.h
 qemu/s2e/Plugins/HostFiles.cpp
 qemu/s2e/Plugins/HostFiles.h
+qemu/s2e/Plugins/MemoryChecker.cpp
+qemu/s2e/Plugins/MemoryChecker.h
 qemu/s2e/Plugins/ModuleDescriptor.h
 qemu/s2e/Plugins/ModuleExecutionDetector.cpp
 qemu/s2e/Plugins/ModuleExecutionDetector.h
 qemu/s2e/Plugins/OSMonitor.h
-qemu/s2e/Plugins/PollingLoopDetector.cpp
-qemu/s2e/Plugins/PollingLoopDetector.h
 qemu/s2e/Plugins/RawMonitor.cpp
 qemu/s2e/Plugins/RawMonitor.h
+qemu/s2e/Plugins/Searchers/CooperativeSearcher.cpp
+qemu/s2e/Plugins/Searchers/CooperativeSearcher.h
 qemu/s2e/Plugins/Searchers/MaxTbSearcher.cpp
 qemu/s2e/Plugins/Searchers/MaxTbSearcher.h
 qemu/s2e/Plugins/StateManager.cpp
@@ -2248,11 +2303,17 @@ tools/configure
 tools/include/s2etools/config.h.in
 tools/lib/BinaryReaders/BFDInterface.cpp
 tools/lib/BinaryReaders/BFDInterface.h
+tools/lib/BinaryReaders/Binary.cpp
+tools/lib/BinaryReaders/Binary.h
 tools/lib/BinaryReaders/ExecutableFile.cpp
 tools/lib/BinaryReaders/ExecutableFile.h
 tools/lib/BinaryReaders/Library.cpp
 tools/lib/BinaryReaders/Library.h
+tools/lib/BinaryReaders/Macho.cpp
+tools/lib/BinaryReaders/Macho.h
 tools/lib/BinaryReaders/Makefile
+tools/lib/BinaryReaders/Pe.cpp
+tools/lib/BinaryReaders/Pe.h
 tools/lib/BinaryReaders/TextModule.cpp
 tools/lib/BinaryReaders/TextModule.h
 tools/lib/ExecutionTracer/InstructionCounter.cpp
@@ -2287,8 +2348,10 @@ tools/tools/pfprofiler/pfprofiler.h
 tools/tools/s2etools-config/FinalLibDeps.txt
 tools/tools/s2etools-config/Makefile
 tools/tools/s2etools-config/s2etools-config.in.in
+tools/tools/scripts/ida/extractBasicBlocks.py
+tools/tools/scripts/ida/extractFunctions.py
 tools/tools/tbtrace/Makefile
 tools/tools/tbtrace/TbTrace.cpp
 tools/tools/tbtrace/TbTrace.h
-qemu/s2e/Plugins/MemoryChecker.h
-qemu/s2e/Plugins/MemoryChecker.cpp
+windows-toolchain/llvm-2.6-mingw.patch
+windows-toolchain/setupenv.sh

s2e.includes

@@ -1,9 +1,16 @@
 docs
-docs/Plugins/WindowsInterceptor
 docs/Plugins
+docs/Plugins/Tracers
+docs/Plugins/WindowsInterceptor
 docs/Tools
 docs/Windows
 docs/img
+docs/sample
+guest/include
+guest
+guest/s2eget
+guest/stp
+guest/windbg-gdb
 klee
 klee/autoconf
 klee/docs/SMT-COMP
@@ -188,7 +195,10 @@ tools/tools/debugger
 tools/tools/forkprofiler
 tools/tools/pfprofiler
 tools/tools/s2etools-config
+tools/tools/scripts/ida
+tools/tools/scripts
 tools/tools/tbtrace
+windows-toolchain
 ../llvm-2.6/include
 ../llvm-build/include
 ../stp-build/include