[panda-users] PANDA_CB_BEFORE_BLOCK_EXEC doesn't fire for some basic blocks

[Igor Rubinov]

Hello,

I encountered a strange behavior of PANDA_CB_BEFORE_BLOCK_EXEC
callback, and I'd appreciate any idea on the subject.
The long story short: I noticed that this callback doesn't get called
for some BBs, which are parts of a loop.
I.e., during the first loop iteration all the BBs get invoked, but
during the subsequent iterations some BBs are missing. (OTOH,
PANDA_CB_INSN_EXEC seems to get called correctly for every iteration.)
To get the minimal reproducing sample, I subscribe to this callback
only, and print tb->pc for every BB laying within the main module of
my process. I identify the process by some predefined "cookie".

The program being tested is the following:

#include <stdio.h>

// to identify the process in PANDA plugin
const int ID = 0x12345678;

int main()
{
  int i = 0;
  for ( ; i < 10; ++i)
    printf("Hello!\n");
  return 0;
}

///////////

The plugin is as follows:


#include "config.h"
#include "qemu-common.h"
#include "cpu.h"

#include "panda_plugin.h"

#include <stdio.h>
#include <stdlib.h>

FILE *plugin_log;

int before_block_callback(CPUState *env, TranslationBlock *tb)
{
  unsigned char buf[4];
  cpu_memory_rw_debug(env, tb->pc, buf, 4, 0);
  // print only BBs belonging to the main module of our process
  if (*(int *)buf == 0x12345678 && tb->pc >= 0x08048320 && tb->pc < 0x080484b0)
  {
    fprintf(plugin_log, "0x%x", tb->pc);
    fflush(plugin_log);
  }
  return 0;
}


bool init_plugin(void *self)
{
  panda_enable_precise_pc();
  plugin_log = fopen("test_loop.txt", "w+");
  panda_cb pcb;
  pcb.before_block_exec = before_block_callback;
  panda_register_callback(self, PANDA_CB_BEFORE_BLOCK_EXEC, pcb);
  return true;
}

void uninit_plugin(void *self)
{
  fclose(plugin_log);
}