fixup capstone mode

Author: nia-e

src/alloc_addresses/mod.rs

@@ -485,108 +485,26 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
  /// lost!
  #[cfg(target_os = "linux")]
  fn apply_events(&mut self, events: crate::shims::trace::MemEvents) -> InterpResult<'tcx> {
- use rustc_index::bit_set::DenseBitSet;
-
  let this = self.eval_context_mut();
 
- // In order to not overexpose provenances, we only want to mark as read
- // bytes that were read before being written. That's inefficient to track
- // live as it's happening, but cheaper (relatively) to do here. The alternative
- // is that we could feed our AccessEvent enum into rustc itself, but that
- // would come at a larger perf cost in most cases and make the API it
- // exposes less generic (as right now we can feed it arbitrary reads and
- // writes and just trust that it logs them down). Therefore, we have this.
-
- // Each bitset holds alloc_cutoff bits
- let alloc_cutoff = events.alloc_cutoff;
- // FIXME: these could be u16s
- //eprintln!("bare accesses: {:#0x?}", events.acc_events);
- let mut reads_bitset: Vec<(DenseBitSet<u32>, usize)> = vec![];
- let mut writes_bitset: Vec<(DenseBitSet<u32>, usize)> = vec![];
+ let mut reads = vec![];
+ let mut writes = vec![];
  for acc in events.acc_events {
  match acc {
- // Reads have more logic to them since we don't want to count
- // them at all if a write already occurred but obviously we do
- // if the write has yet to happen
+ // Ideally, we'd skip reads that occur after certain bytes were
+ // already written to. However, these are always just conservative
+ // overestimates - Read(range) means "a read maybe happened
+ // spanning at most range" - so we can't make use of this for
+ // now. Maybe we could also skip over reads/writes that hit the
+ // same bytes, but that's best added together with the stuff above.
  shims::trace::AccessEvent::Read(range) => {
- // The tracer ensures access ranges don't go over this alignment
- let pg = range.start - range.start % alloc_cutoff;
- for byte in range {
- #[expect(clippy::as_conversions)]
- let ofs = (byte - pg) as u32;
- // Checks if any of the write-tracking bitsets match the page address
- if !writes_bitset.iter().fold(false, |found, (set, p)| {
- if found {
- true
- } else {
- // And if yes, whether they have this particular byte
- if *p == pg { set.contains(ofs) } else { false }
- }
- }) {
- // If this byte hasn't been written to yet, mark a read
- let pos = reads_bitset.iter().position(|(_, p)| *p == pg).unwrap_or({
- reads_bitset.push((DenseBitSet::new_empty(alloc_cutoff), pg));
- reads_bitset.len() - 1
- });
- reads_bitset[pos].0.insert(ofs);
- }
- }
+ reads.push(range)
  }
- // Writes don't have much going on, but we need to track them
- // at the same time as reads for this to be useful. We just
- // insert ranges into the appropriate bitset
  shims::trace::AccessEvent::Write(range) => {
- let pg = range.start - range.start % alloc_cutoff;
- #[expect(clippy::as_conversions)]
- let rg_norm = ((range.start - pg) as u32)..((range.end - pg) as u32);
- let pos = writes_bitset.iter().position(|(_, p)| *p == pg).unwrap_or({
- writes_bitset.push((DenseBitSet::new_empty(alloc_cutoff), pg));
- writes_bitset.len() - 1
- });
- writes_bitset[pos].0.insert_range(rg_norm);
+ writes.push(range);
  }
  }
  }
- // The rustc side expects a `Vec<Range<usize>>`, not our monstrosity, so
- // this turns our bitset vector into one of ranges
- let decompress: fn(Vec<(DenseBitSet<u32>, usize)>, &mut Vec<std::ops::Range<usize>>) =
- |sets, into| {
- sets.into_iter().for_each(|(set, p)| {
- // Iterates over the indices of 1s and so long as they
- // are contiguous, opt_so_far keeps growing
- let mut opt_so_far: Option<std::ops::Range<u32>> = None;
- #[expect(clippy::as_conversions)]
- for bit in set.iter() {
- match opt_so_far {
- Some(mut so_far) =>
- if so_far.end == bit {
- so_far.end = bit + 1;
- opt_so_far = Some(so_far);
- } else {
- // When there's a jump, push what we have so far and start anew
- into.push(
- (so_far.start as usize + p)..(so_far.end as usize + p),
- );
- opt_so_far = Some(bit..bit + 1);
- },
- // 1st time we obviously need to insert it
- None => opt_so_far = Some(bit..bit + 1),
- }
- }
- // When this set is out of bits, push what's been counted
- // (or this set was empty)
- #[expect(clippy::as_conversions)]
- if let Some(so_far) = opt_so_far {
- into.push((so_far.start as usize + p)..(so_far.end as usize + p));
- }
- });
- };
- let mut reads = vec![];
- let mut writes = vec![];
- decompress(reads_bitset, &mut reads);
- decompress(writes_bitset, &mut writes);
- //eprintln!("reads: {reads:#0x?}");
- //eprintln!("writes: {writes:#0x?}");
  let _exposed: Vec<AllocId> =
  this.machine.alloc_addresses.get_mut().exposed.iter().copied().collect();
  interp_ok(())

src/shims/trace/mod.rs

@@ -41,7 +41,4 @@ pub enum AccessEvent {
 pub struct MemEvents {
  /// An ordered list of memory accesses that occurred.
  pub acc_events: Vec<AccessEvent>,
- /// A value modulo which `AccessEvent` ranges stay the same length. Makes
- /// parsing the events a lot easier. Should likely just be the page size.
- pub alloc_cutoff: usize,
 }

src/shims/trace/parent.rs

@@ -289,7 +289,7 @@ pub fn sv_loop(
  // end_ffi was called by the child
  ExecEvent::End => {
  // Hand over the access info we traced
- event_tx.send(MemEvents { acc_events, alloc_cutoff: page_size }).unwrap();
+ event_tx.send(MemEvents { acc_events }).unwrap();
  // And reset our values
  acc_events = Vec::new();
  ch_stack = None;
@@ -354,9 +354,9 @@ fn get_disasm() -> capstone::Capstone {
  #[cfg(target_arch = "x86")]
  {cs_pre.x86().mode(arch::x86::ArchMode::Mode32)}
  #[cfg(target_arch = "aarch64")]
- {cs_pre.arm64()}
+ {cs_pre.arm64().mode(arch::arm64::ArchMode::Arm)}
  #[cfg(target_arch = "arm")]
- {cs_pre.arm()}
+ {cs_pre.arm().mode(arch::arm::ArchMode::Arm)}
  #[cfg(target_arch = "riscv64")]
  {cs_pre.riscv().mode(arch::riscv::ArchMode::RiscV64)}
  #[cfg(target_arch = "riscv32")]
@@ -421,7 +421,6 @@ fn handle_segfault(
  fn capstone_disassemble(
  instr: &[u8],
  addr: usize,
- page_size: usize,
  cs: &capstone::Capstone,
  acc_events: &mut Vec<AccessEvent>,
  ) -> capstone::CsResult<()> {
@@ -434,53 +433,21 @@ fn handle_segfault(
  let ins_detail = cs.insn_detail(&insns[0])?;
  let arch_detail = ins_detail.arch_detail();
 
- // Take an (addr, size, cutoff_size) and split an access into multiple if needed
- let get_ranges: fn(usize, usize, usize) -> Vec<std::ops::Range<usize>> =
- |addr, size, cutoff_size: usize| {
- let addr_added = addr.strict_add(size);
- let mut counter = 0usize;
- let mut ret = vec![];
- loop {
- let curr = addr.strict_add(counter.strict_mul(cutoff_size));
- let next = curr.strict_add(cutoff_size);
- if next >= addr_added {
- ret.push(curr..addr_added);
- break;
- } else {
- ret.push(curr..curr.strict_add(cutoff_size));
- counter = counter.strict_add(1);
- }
- }
- ret
- };
-
  for op in arch_detail.operands() {
  match op {
  #[cfg(any(target_arch = "x86", target_arch = "x86_64"))]
  arch::ArchOperand::X86Operand(x86_operand) => {
  match x86_operand.op_type {
  // We only care about memory accesses
  arch::x86::X86OperandType::Mem(_) => {
- let append = get_ranges(addr, x86_operand.size.into(), page_size);
+ let push = addr..addr.strict_add(usize::from(x86_operand.size));
  // It's called a "RegAccessType" but it also applies to memory
  let acc_ty = x86_operand.access.unwrap();
  if acc_ty.is_readable() {
- acc_events.append(
- &mut append
- .clone()
- .into_iter()
- .map(AccessEvent::Read)
- .collect(),
- );
+ acc_events.push(AccessEvent::Read(push.clone()));
  }
  if acc_ty.is_writable() {
- acc_events.append(
- &mut append
- .clone()
- .into_iter()
- .map(AccessEvent::Write)
- .collect(),
- );
+ acc_events.push(AccessEvent::Write(push));
  }
  }
  _ => (),
@@ -515,16 +482,12 @@ fn handle_segfault(
  | arch::arm64::Arm64Vas::ARM64_VAS_2D
  | arch::arm64::Arm64Vas::ARM64_VAS_1Q => 16,
  };
- let append = get_ranges(addr, size, page_size);
+ let push = addr..addr.strict_add(size);
  // FIXME: This now has access type info in the latest
  // git version of capstone because this pissed me off
  // and I added it. Change this when it updates
- acc_events.append(
- &mut append.clone().into_iter().map(AccessEvent::Read).collect(),
- );
- acc_events.append(
- &mut append.clone().into_iter().map(AccessEvent::Write).collect(),
- );
+ acc_events.push(AccessEvent::Read(push.clone()));
+ acc_events.push(AccessEvent::Write(push));
  }
  _ => (),
  }
@@ -540,25 +503,13 @@ fn handle_segfault(
  } else {
  ARCH_WORD_SIZE
  };
- let append = get_ranges(addr, size, page_size);
+ let push = addr..addr.strict_add(size);
  let acc_ty = arm_operand.access.unwrap();
  if acc_ty.is_readable() {
- acc_events.append(
- &mut append
- .clone()
- .into_iter()
- .map(AccessEvent::Read)
- .collect(),
- );
+ acc_events.push(AccessEvent::Read(push.clone()));
  }
  if acc_ty.is_writable() {
- acc_events.append(
- &mut append
- .clone()
- .into_iter()
- .map(AccessEvent::Write)
- .collect(),
- );
+ acc_events.push(AccessEvent::Write(push));
  }
  }
  _ => (),
@@ -568,13 +519,9 @@ fn handle_segfault(
  match risc_voperand {
  arch::riscv::RiscVOperand::Mem(_) => {
  // We get basically no info here
- let append = get_ranges(addr, ARCH_MAX_ACCESS_SIZE, page_size);
- acc_events.append(
- &mut append.clone().into_iter().map(AccessEvent::Read).collect(),
- );
- acc_events.append(
- &mut append.clone().into_iter().map(AccessEvent::Write).collect(),
- );
+ let push = addr..addr.strict_add(size);
+ acc_events.push(AccessEvent::Read(push.clone()));
+ acc_events.push(AccessEvent::Write(push));
  }
  _ => (),
  }
@@ -666,7 +613,7 @@ fn handle_segfault(
  // Now figure out the size + type of access and log it down
  // This will mark down e.g. the same area being read multiple times,
  // since it's more efficient to compress the accesses at the end
- if capstone_disassemble(&instr, addr, page_size, cs, acc_events).is_err() {
+ if capstone_disassemble(&instr, addr, cs, acc_events).is_err() {
  // Read goes first because we need to be pessimistic
  acc_events.push(AccessEvent::Read(addr..addr.strict_add(ARCH_MAX_ACCESS_SIZE)));
  acc_events.push(AccessEvent::Write(addr..addr.strict_add(ARCH_MAX_ACCESS_SIZE)));