chore: replace magic value with enum

Wenkang Huang · hwk2077 · commit 1ddbc21d1838 · 2023-09-08T18:33:20.000+08:00
diff --git a/libs2eplugins/src/s2e/Plugins/Searchers/ValidPathSearcher.cpp b/libs2eplugins/src/s2e/Plugins/Searchers/ValidPathSearcher.cpp
@@ -21,6 +21,8 @@ void ValidPathSearcher::initialize() {
     s2e()->getExecutor()->setSearcher(this);
     m_onStateForkConn =
         s2e()->getCorePlugin()->onStateFork.connect(sigc::mem_fun(*this, &ValidPathSearcher::onStateFork));
+    m_onTranslateBlockEndConn = s2e()->getCorePlugin()->onTranslateBlockEnd.connect(
+        sigc::mem_fun(*this, &ValidPathSearcher::onTranslateBlockEnd));
 
     onARMFunctionConn = s2e()->getPlugin<ARMFunctionMonitor>();
     onARMFunctionConn->onARMFunctionCallEvent.connect(sigc::mem_fun(*this, &ValidPathSearcher::onARMFunctionCall));
@@ -31,67 +33,37 @@ void ValidPathSearcher::initialize() {
     m_searcherActive = false;
 }
 
-bool ValidPathSearcher::insertToForkStates(uint32_t callerPC, uint32_t forkPC, S2EExecutionState *state) {
-    const auto &foundSameCallerPC = m_forkStateItems.find(callerPC);
-    if (foundSameCallerPC != m_forkStateItems.end()) {
-        const auto &foundSameForkPC = foundSameCallerPC->second.find(forkPC);
-        if (foundSameForkPC != foundSameCallerPC->second.end()) {
-            if (foundSameForkPC->second.size() >= 2) {
-                return false;
-            }
-        }
-    }
-    m_forkStateItems[callerPC][forkPC].push_back(state);
-    m_idStateMap[state->getID()] = {state, forkPC, 0};
-    return true;
-}
-
-void ValidPathSearcher::onStateFork(S2EExecutionState *state, const std::vector<S2EExecutionState *> &newStates,
-                                    const std::vector<klee::ref<klee::Expr>> &newConditions) {
-    getDebugStream() << "onStateFork" << '\n';
-
-    uint32_t forkPC = state->regs()->getPc();
-    getDebugStream() << "[forkPC: " << hexval(forkPC) << "] "
-                     << "[stateID: " << hexval(state->getID()) << "] "
-                     << "[new stateID: " << hexval(newStates[0]->getID()) << "] "
-                     << "[new stateID: " << hexval(newStates[1]->getID()) << "] "
-                     << "\n";
-    insertToForkStates(m_callerPC, forkPC, newStates[0]);
-    insertToForkStates(m_callerPC, forkPC, newStates[1]);
-    m_searcherActive = true;
-}
-
 klee::ExecutionState &ValidPathSearcher::selectState() {
     getDebugStream() << "selectState"
                      << "\n";
 
     if (m_selfSwitch) {
         m_selfSwitch = false;
-        m_idStateMap[m_curState->getID()].flag = 2;
+        m_idStateMap[m_curState->getID()].flag = VALID;
         getDebugStream() << "[self switch, stateID: " << m_curState->getID() << "] "
                          << "\n";
         return *m_curState;
     }
 
     // flag 0 firstly
     for (auto it = m_idStateMap.rbegin(); it != m_idStateMap.rend(); ++it) {
-        if (it->second.flag == 0) {
-            it->second.flag = 2;
+        if (it->second.flag == UNVISITED) {
+            it->second.flag = VALID;
             m_curState = it->second.state;
-            getDebugStream() << "[flag 0: selected stateID: " << m_curState->getID() << "] "
+            getDebugStream() << "[selected unvisited stateID: " << m_curState->getID() << "] "
                              << "\n";
             return *m_curState;
         }
     }
-    // flag 2 secondly
-    //    for (auto it = m_idStateMap.rbegin(); it != m_idStateMap.rend(); ++it) {
-    //        if (it->second.flag == 2) {
-    //            m_curState = it->second.state;
-    //            getDebugStream() << "[flag 2: selected stateID: " << m_curState->getID() << "] "
-    //                             << "\n";
-    //            return *m_curState;
-    //        }
-    //    }
+     // flag 2 secondly
+        for (auto it = m_idStateMap.rbegin(); it != m_idStateMap.rend(); ++it) {
+            if (it->second.flag == VALID) {
+                m_curState = it->second.state;
+                getDebugStream() << "[selected valid stateID: " << m_curState->getID() << "] "
+                                 << "\n";
+                return *m_curState;
+            }
+        }
 
     getDebugStream() << "[no option, stateID: " << m_curState->getID() << "] "
                      << "\n";
@@ -104,22 +76,62 @@ void ValidPathSearcher::update(klee::ExecutionState *current, const klee::StateS
         S2EExecutionState *removedState = static_cast<S2EExecutionState *>(it);
         auto found = m_idStateMap.find(removedState->getID());
         if (found != m_idStateMap.end()) {
-            found->second.flag = 1;
+            found->second.flag = INVALID;
         }
     }
 }
 
 bool ValidPathSearcher::empty() {
-    getDebugStream() << "empty"
-                     << "\n";
     for (const auto &it : m_idStateMap) {
-        if (it.second.flag == 0 || it.second.flag == 2) {
+        if (it.second.flag == UNVISITED || it.second.flag == VALID) {
+            getDebugStream() << "empty"
+                             << "\n";
             return false;
         }
     }
     return true;
 }
 
+bool ValidPathSearcher::insertToForkStates(uint32_t callerPC, uint32_t forkPC, S2EExecutionState *state) {
+    const auto &foundSameCallerPC = m_forkStateItems.find(callerPC);
+    if (foundSameCallerPC != m_forkStateItems.end()) {
+        const auto &foundSameForkPC = foundSameCallerPC->second.find(forkPC);
+        if (foundSameForkPC != foundSameCallerPC->second.end()) {
+            if (foundSameForkPC->second.size() >= 2) {
+                return false;
+            }
+        }
+    }
+    m_forkStateItems[callerPC][forkPC].push_back(state);
+    m_idStateMap[state->getID()] = {state, forkPC, UNVISITED};
+    return true;
+}
+
+void ValidPathSearcher::onStateFork(S2EExecutionState *state, const std::vector<S2EExecutionState *> &newStates,
+                                    const std::vector<klee::ref<klee::Expr>> &newConditions) {
+    getDebugStream() << "onStateFork" << '\n';
+
+    uint32_t forkPC = state->regs()->getPc();
+    getDebugStream() << "[forkPC: " << hexval(forkPC) << "] "
+                     << "[stateID: " << hexval(state->getID()) << "] "
+                     << "[new stateID: " << hexval(newStates[0]->getID()) << "] "
+                     << "[new stateID: " << hexval(newStates[1]->getID()) << "] "
+                     << "\n";
+    insertToForkStates(m_callerPC, forkPC, newStates[0]);
+    insertToForkStates(m_callerPC, forkPC, newStates[1]);
+    m_idStateMap[state->getID()].flag = VALID;
+    m_searcherActive = true;
+}
+
+void ValidPathSearcher::onTranslateBlockEnd(ExecutionSignal *signal, S2EExecutionState *state, TranslationBlock *tb,
+                                            uint64_t pc, bool isStatic, uint64_t staticTargetPc) {
+    getDebugStream() << "onTranslateBlockEnd" << '\n';
+
+    m_tbNum++;
+    getDebugStream() << "[the number of blocks: " << m_tbNum << "]"
+                     << "\n";
+}
+
 void ValidPathSearcher::onARMFunctionCall(S2EExecutionState *state, uint32_t pcCaller, uint64_t pcCtxHashVal,
                                           uint32_t pcReturn) {
     getDebugStream() << "onARMFunctionCall"
@@ -147,9 +159,11 @@ void ValidPathSearcher::onARMFunctionReturn(S2EExecutionState *state, uint32_t p
     uint32_t forkPC = m_idStateMap[state->getID()].forkPC;
 
     for (auto &it : m_forkStateItems[callerPC][forkPC]) {
-        if (m_idStateMap[it->getID()].flag == 0) {
+        if (m_idStateMap[it->getID()].flag == INVALID) {
             m_selfSwitch = true;
             m_curState = m_idStateMap[it->getID()].state;
+            getDebugStream() << "self switch"
+                             << "\n";
             void *cp = g_s2e->getPlugin("CorePlugin");
             s2e()->getExecutor()->validPathSearcherStateSwitchCallback(cp);
             s2e()->getExecutor()->setCpuExitRequest();
diff --git a/libs2eplugins/src/s2e/Plugins/Searchers/ValidPathSearcher.h b/libs2eplugins/src/s2e/Plugins/Searchers/ValidPathSearcher.h
@@ -37,6 +37,8 @@ struct StateItem {
     uint32_t flag;
 };
 
+enum StatePhase { UNVISITED, INVALID, VALID };
+
 class ValidPathSearcher : public Plugin, public klee::Searcher {
     S2E_PLUGIN
 
@@ -48,8 +50,10 @@ class ValidPathSearcher : public Plugin, public klee::Searcher {
 
 private:
     sigc::connection m_onStateForkConn;
+    sigc::connection m_onTranslateBlockEndConn;
     ARMFunctionMonitor *onARMFunctionConn;
 
+    uint32_t m_tbNum;
     uint32_t m_callerPC;
     uint32_t m_returnPC;
     S2EExecutionState *m_curState;
@@ -69,6 +73,19 @@ class ValidPathSearcher : public Plugin, public klee::Searcher {
      */
     void onStateFork(S2EExecutionState *state, const std::vector<S2EExecutionState *> &newStates,
                      const std::vector<klee::ref<klee::Expr>> &newConditions);
+
+    /**
+     *
+     * @param signal
+     * @param state
+     * @param tb
+     * @param pc
+     * @param isStatic
+     * @param staticTargetPc
+     */
+    void onTranslateBlockEnd(ExecutionSignal *signal, S2EExecutionState *state, TranslationBlock *tb, uint64_t pc,
+                             bool isStatic, uint64_t staticTargetPc);
+
     /**
      * callback when function call.
      *
