-
Notifications
You must be signed in to change notification settings - Fork 53
/
va_execute.cpp
182 lines (153 loc) · 5.2 KB
/
va_execute.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
#include <catch2/catch_test_macros.hpp>
#include <catch2/matchers/catch_matchers_string.hpp>
#include <libriscv/machine.hpp>
#include <libriscv/debug.hpp>
extern std::vector<uint8_t> build_and_load(const std::string& code,
const std::string& args = "-O2 -static", bool cpp = false);
static const uint64_t MAX_MEMORY = 8ul << 20; /* 8MB */
static const uint64_t MAX_INSTRUCTIONS = 10'000'000ul;
using namespace riscv;
TEST_CASE("Calculate fib(2560000) on execute page", "[VA]")
{
const auto binary = build_and_load(R"M(
#define uintptr_t __UINTPTR_TYPE__
typedef long (*fib_func)(long, long, long);
static long syscall(long n, long arg0);
static long syscall3(long n, long arg0, long arg1, long arg2);
static void copy(uintptr_t dst, const void *src, unsigned len) {
for (unsigned i = 0; i < len; i++)
((char *)dst)[i] = ((const char *)src)[i];
}
static long fib(long n, long acc, long prev)
{
if (n == 0)
return acc;
else
return fib(n - 1, prev + acc, acc);
}
static void fib_end() {}
int main()
{
const uintptr_t DST = 0xF0000000;
copy(DST, &fib, (char*)&fib_end - (char*)&fib);
// mprotect +execute
syscall3(226, DST, 0x1000, 0x4);
const volatile long n = 50;
fib_func other_fib = (fib_func)DST;
// exit(...)
syscall(93, other_fib(n, 0, 1));
}
long syscall(long n, long arg0) {
register long a0 __asm__("a0") = arg0;
register long syscall_id __asm__("a7") = n;
__asm__ volatile ("scall" : "+r"(a0) : "r"(syscall_id));
return a0;
}
long syscall3(long n, long arg0, long arg1, long arg2) {
register long a0 __asm__("a0") = arg0;
register long a1 __asm__("a1") = arg1;
register long a2 __asm__("a2") = arg2;
register long syscall_id __asm__("a7") = n;
__asm__ volatile ("scall" : "+r"(a0) : "r"(a1), "r"(a2), "r"(syscall_id));
return a0;
})M");
static constexpr uint32_t VA_FUNC = 0xF0000000;
// Normal (fastest) simulation
{
riscv::Machine<RISCV64> machine { binary, { .memory_max = MAX_MEMORY } };
// We need to install Linux system calls for maximum gucciness
machine.setup_linux_syscalls();
// We need to create a Linux environment for runtimes to work well
machine.setup_linux(
{"va_exec"},
{"LC_TYPE=C", "LC_ALL=C", "USER=root"});
// Run for at most X instructions before giving up
machine.simulate(MAX_INSTRUCTIONS);
REQUIRE(machine.return_value<long>() == 12586269025L);
// VM call into new execute segment
REQUIRE(machine.vmcall(VA_FUNC, 50, 0, 1) == 12586269025L);
}
// Precise (step-by-step) simulation
{
riscv::Machine<RISCV64> machine{binary, { .memory_max = MAX_MEMORY }};
machine.setup_linux_syscalls();
machine.setup_linux(
{"va_exec"},
{"LC_TYPE=C", "LC_ALL=C", "USER=root"});
// Verify step-by-step simulation
machine.set_max_instructions(MAX_INSTRUCTIONS);
machine.cpu.simulate_precise();
REQUIRE(machine.return_value<long>() == 12586269025L);
// VM call into new execute segment
REQUIRE(machine.vmcall(VA_FUNC, 50, 0, 1) == 12586269025L);
}
// Debug-assisted simulation
{
riscv::Machine<RISCV64> machine{binary, {.memory_max = MAX_MEMORY}};
machine.setup_linux_syscalls();
machine.setup_linux(
{"va_exec"},
{"LC_TYPE=C", "LC_ALL=C", "USER=root"});
riscv::DebugMachine debugger { machine };
//debugger.verbose_instructions = true;
// Verify step-by-step simulation
debugger.simulate(MAX_INSTRUCTIONS);
REQUIRE(machine.return_value<long>() == 12586269025L);
// VM call into new execute segment
REQUIRE(machine.vmcall(VA_FUNC, 50, 0, 1) == 12586269025L);
}
}
TEST_CASE("Calculate fib(50) on high-memory page", "[VA]")
{
const auto binary = build_and_load(R"M(
#include <stdlib.h>
long fib(long n, long acc, long prev)
{
if (n < 1)
return acc;
else
return fib(n - 1, prev + acc, acc);
}
long main(int argc, char** argv) {
const long n = atoi(argv[1]);
return fib(n, 0, 1);
})M", "-O2 -static -Wl,-Ttext-segment=0x20000000");
// Normal (fastest) simulation
{
riscv::Machine<RISCV64> machine { binary, { .memory_max = MAX_MEMORY } };
// We need to install Linux system calls for maximum gucciness
machine.setup_linux_syscalls(false, false);
// We need to create a Linux environment for runtimes to work well
machine.setup_linux(
{"va_exec", "50"},
{"LC_TYPE=C", "LC_ALL=C", "USER=root"});
// Run for at most X instructions before giving up
machine.simulate(MAX_INSTRUCTIONS);
REQUIRE(machine.return_value<long>() == 12586269025L);
}
// Precise (step-by-step) simulation
{
riscv::Machine<RISCV64> machine{binary, { .memory_max = MAX_MEMORY }};
machine.setup_linux_syscalls(false, false);
machine.setup_linux(
{"va_exec", "50"},
{"LC_TYPE=C", "LC_ALL=C", "USER=root"});
// Verify step-by-step simulation
machine.set_max_instructions(MAX_INSTRUCTIONS);
machine.cpu.simulate_precise();
REQUIRE(machine.return_value<long>() == 12586269025L);
}
// Debug-assisted simulation
{
riscv::Machine<RISCV64> machine{binary, {.memory_max = MAX_MEMORY}};
machine.setup_linux_syscalls(false, false);
machine.setup_linux(
{"va_exec", "50"},
{"LC_TYPE=C", "LC_ALL=C", "USER=root"});
riscv::DebugMachine debugger { machine };
//debugger.verbose_instructions = true;
// Verify step-by-step simulation
debugger.simulate(MAX_INSTRUCTIONS);
REQUIRE(machine.return_value<long>() == 12586269025L);
}
}