| Age | Commit message (Collapse) | Author |
|---|
|
This is a breaking change to zucchini patch format:
Zucchini 1.0, see changelog.
Add major/minor patch-wide version, and element version.
Also add VerifyPatch() API and command line option to verify
patch compatibility.
Design: go/zucchini-versions
Bug: 1231882
Change-Id: I19f1fbe2ee866c23f0814ffe6a912fb72812edbc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3140224
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Reviewed-by: Calder Kitagawa <ckitagawa@chromium.org>
Cr-Commit-Position: refs/heads/main@{#936096}
NOKEYCHECK=True
GitOrigin-RevId: 559d77a9741428a48add017d389d104e431e6de7
|
|
Use template read/write functions instead of repeated versions.
Change-Id: Ie87d307ebd7b297fe802216fe07aa820d7b1fa4d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3082253
Reviewed-by: Samuel Huang <huangs@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/main@{#918237}
NOKEYCHECK=True
GitOrigin-RevId: d64aec31e8bb5e1acb9a2da1e6e92fbd5e59d5f6
|
|
This CL enables ARM-ELF (AArch32 and AArch64) support in Zucchini.
* Define ARM {AArch32, AArch64}ReferenceType.
* Add Rel32Finder{Arm, AArch32, AArch64} (with tests) to use
previously-added ARM disassembly code to extract rel32 references.
* Add DisassemblerElf{Arm, AArch32, AArch64} to parse ARM ELF files and
create reference readers / writers, and reference groups.
* For AArch32: Add heuristic detection of ARM vs. Thumb2 mode.
* Add IsTargetOffsetInElfSectionList() (with tests) to help ARM reject
false positive references.
* Add ReferenceBytesMixerElfArm to remove redundant reference target
information from bytewise correction data.
Bug: 918867
Change-Id: I1e6d3d8b8d174c85a3d44ca6d642b7ff0bd6a6a6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2922822
Commit-Queue: Samuel Huang <huangs@chromium.org>
Reviewed-by: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#908913}
NOKEYCHECK=True
GitOrigin-RevId: 85cc8a596f183487b395a59e80b2f654f241ab2c
|
|
param.
Previously DisassemblerElfIntel<TRAITS>::ParseExecSection() passes a
hard-coded 4 to Abs32GapFinder's |abs32_width| CTOR param. This is
wrong for X64, which has abs32 pointer width of 8 bytes. This can lead
to lower quality rel32 extraction.
This CL fixes the above by replacing 4 with Traits::kVAWidth, and also
cleans up TRAITS / Traits template parameter for Disassembler:
* For template param, "template <class TRAITS>" is used throughout.
* This means function params needs to use TRAITS.
* For usage, each Disassembler class with TRAITS declares
using Traits = TRAITS;
(and variant) and uses Traits in the body of all functions. Reason:
Specialized derive classes won't have TRAITS available , so:
* Function params can use DisassemblerBase::Traits.
* Function bodies can use Traits.
* For consistency, even if TRAITS is available, still use Traits.
Bug: 1233831
Change-Id: Ie796c867fb238eca462b2fb6b4e68a965996c25a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3063919
Commit-Queue: Samuel Huang <huangs@chromium.org>
Reviewed-by: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#908261}
NOKEYCHECK=True
GitOrigin-RevId: 294860c47cd3678c46422ce57da366724e1dc629
|
|
This CL performs some code cleanup to prepare for main CL that adds
ARM support for ELF files (https://crrev.com/c/2922822):
* Rename ARM32 / Arm32 to AArch32.
* Replace DISALLOW_COPY_AND_ASSIGN for affected files.
Bug: 918867
Change-Id: I0e96b66fb29e9d1a35f9d7fac65755fbeda4831f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3044420
Commit-Queue: Samuel Huang <huangs@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#904357}
NOKEYCHECK=True
GitOrigin-RevId: 33679d241940ef6221b68d3e5daef606d7dd767d
|
|
An optimization to reduce zucchini peak memory footprint.
MakeReadRel32 bring peak memory unnecessarily high due to std::vector
allocation heuristic, along with shrink_to_fit which temporarily
forces additional allocation: in the order of 32MB+19MB while only
19MB was needed.
deque puts less memory pressure than vector since it doesn't have
contiguous requirement and shrink_to_fit can be done in-place.
deque
Zucchini.PeakPagefileUsage 738876 KiB
Zucchini.PeakPagefileUsageChange 717436 KiB
Zucchini.PeakWorkingSetSize 632284 KiB
Zucchini.PeakWorkingSetSizeChange 623464 KiB
Zucchini.TotalTime 9.40955 s
vector
Zucchini.PeakPagefileUsage 755252 KiB
Zucchini.PeakPagefileUsageChange 733820 KiB
Zucchini.PeakWorkingSetSize 632660 KiB
Zucchini.PeakWorkingSetSizeChange 624616 KiB
Zucchini.TotalTime 10.3224 s
Bug: 1194281
Change-Id: Ic5a7f529d4465241990dbe27a485a67b32ab44b1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830864
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#873383}
NOKEYCHECK=True
GitOrigin-RevId: 52f908bb699f8d106a1c43e10257759cce90500d
|
|
This CL redoes section processing in DisassemblerElf to fix 4 bugs
discovered by zucchini_disassembler_elf_fuzzer that ckitagawa@ recently
added. These bugs all involve some malformed SHF_EXECINSTR section that
sneaks past early checks to reach pointer extraction, then triggers
another check. Summaries:
* Issue 1023095: |sh_type == SHT_NOBITS| helps section bypass bound
checks. DCHECK is triggered in Abs32GapFinder::Abs32GapFinder()
because |sh_size| grossly exceeds bounds.
* Issue 1023183: |sh_size == 0| and |sh_offset < image_.size()| makes
section seem benign, but |sh_offset| is ignored when computing
|offset_bound|. DCHECK is triggred in Abs32GapFinder() ctor because
|sh_offset| > estimated image size (|offset_bound|).
* Issue 1023203: ELF64. |sh_size == 0| and |sh_offset == 0| make
section seem benign. However, |sh_addr| far exceeds 32-bit bound. In
ParseExecSection(), |sh_addr| fails base::checked_cast().
* Issue 1023210: Section has vaid bounds, and |sh_addr == 0| makes
section excluded (heuristically) from AddressTranslator. Section
proceeds to ParseExecSection(), which finds a rel32 whose:
* Location offset is assumed okay.
* Location RVA, by optimization, is converted directly using section
data, and is also okay.
* Target RVA is validated by AddressTranslator.
But in Rel32ReaderX86::GetNext(), location offset -> RVA now uses
AddressTranslator, which by earlier exclusion, results in
kInvalidOffset. This pollutes target RVA and target offset, and
triggers DCHECK.
The above shows mismatches among usage of sections for the following:
* Location / RVA matching (AddressTranslator),
* ELF image size estimation (|offset_bound|),
* Pointer extraction,
against bypasses due to |sh_type == SHT_NOBITS|, |sh_size == 0|, and
|sh_addr == 0|.
To fix the issues, this CL separates decision logic from enactment.
Decision logic is moved to JudgeSections(), which takes a section and
returns a "judgement" consisting of bit field defined from new enum
SectionJudgement. The judgement is enacted in ParseHeader(), which
chooses to invalidate the ELF, ignore the section, or use the section
with greater discretion on applying pointer extraction.
Additional fix: Ignore (non-fatal) sections with SHF_TLS bit, since
these sections can have offset-RVA ranges that conflict with other
section's. Without this fix, Zucchini on Ubuntu won't recognize itself
as an ELF file!
Bug: 1023095, 1023183, 1023203, 1023210, 1022538
Change-Id: Icc86f26db17a61bb41b432177ef6c3dc0dcd1a26
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1933632
Commit-Queue: Samuel Huang <huangs@chromium.org>
Reviewed-by: Calder Kitagawa <ckitagawa@chromium.org>
Cr-Commit-Position: refs/heads/master@{#718809}
NOKEYCHECK=True
GitOrigin-RevId: f2e5fba3a476a96d5a412603385cf47116c51251
|
|
Update includes and comments, and remove some unused code.
In particular, remove TODO comments for figuring out whether ARM
abs32 references can be 4 bytes long: Turns out ARM absolute
references are 8 bytes long. It's rel32 refereneces that can be
4 bytes long.
Change-Id: I02dc905885f6cb5ff929efe0fb1f9a6593ee05a8
Reviewed-on: https://chromium-review.googlesource.com/c/1327559
Reviewed-by: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Commit-Queue: Samuel Huang <huangs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#606612}
NOKEYCHECK=True
GitOrigin-RevId: 9076fc4939ced233b85e5f8942ba947b6143aba3
|
|
Adds kVAWidth to Elf32Traits and use it in
DisassemblerElfIntel::MakeReferenceGroups as the width of
kReloc and kAbs32 reference types.
Bug: 892359
Change-Id: I28930b8978393c16ee29051c48496e4f696a3fcd
Reviewed-on: https://chromium-review.googlesource.com/c/1264816
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#597264}
NOKEYCHECK=True
GitOrigin-RevId: af95efbfe9d3f3ca90c105f7d1c9c13e43fcde8c
|
|
Creates Disassembler that recognises and parses ELF format. For now, it only supports Intel architeture. Support for Arm will be added in follow-up CLs.
Change-Id: Ibdcf113b573f22844b6a1611c5ff6df46829b9b3
Reviewed-on: https://chromium-review.googlesource.com/1136841
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#582233}
NOKEYCHECK=True
GitOrigin-RevId: 3c64e078fea9f23e44939c25ca02cf05b72b2c40
|
