--- /dev/null
+This patch provides Eraser-like lock set checking for Bochs.
+See the Pintos documentation for more information.
+
+This patch is provided by Sorav Bansal <sbansal@cs.stanford.edu>.
+
+diff -urpN bochs-2.1.1.orig/Makefile.in checkbochs-2.1.1/Makefile.in
+--- bochs-2.1.1.orig/Makefile.in 2004-02-11 14:28:02.000000000 -0800
++++ checkbochs-2.1.1/Makefile.in 2005-06-29 10:59:56.000000000 -0700
+@@ -177,11 +177,11 @@ all: @PRIMARY_TARGET@ @PLUGIN_TARGET@ bx
+ @EXTERNAL_DEPENDENCY@
+
+ bochs@EXE@: @IODEV_LIB_VAR@ @DEBUGGER_VAR@ \
+- cpu/libcpu.a memory/libmemory.a gui/libgui.a \
++ cpu/libcpu.a memory/libmemory.a gui/libgui.a taint/libtaint.a \
+ @DISASM_VAR@ @INSTRUMENT_VAR@ $(BX_OBJS) \
+ $(SIMX86_OBJS) @FPU_VAR@ @GDBSTUB_VAR@ @PLUGIN_VAR@
+ @LINK@ -export-dynamic $(BX_OBJS) $(SIMX86_OBJS) \
+- iodev/libiodev.a cpu/libcpu.a memory/libmemory.a gui/libgui.a \
++ iodev/libiodev.a cpu/libcpu.a memory/libmemory.a gui/libgui.a taint/libtaint.a \
+ @DEBUGGER_VAR@ @DISASM_VAR@ @INSTRUMENT_VAR@ @PLUGIN_VAR@ \
+ @GDBSTUB_VAR@ @FPU_VAR@ \
+ @NONPLUGIN_GUI_LINK_OPTS@ \
+@@ -195,19 +195,19 @@ bochs@EXE@: @IODEV_LIB_VAR@ @DEBUGGER_VA
+ # libtool. This creates a .DEF file, and exports file, an import library,
+ # and then links bochs.exe with the exports file.
+ .win32_dll_plugin_target: @IODEV_LIB_VAR@ @DEBUGGER_VAR@ \
+- cpu/libcpu.a memory/libmemory.a gui/libgui.a \
++ cpu/libcpu.a memory/libmemory.a gui/libgui.a taint/libtaint.a \
+ @DISASM_VAR@ @INSTRUMENT_VAR@ $(BX_OBJS) \
+ $(SIMX86_OBJS) @FPU_VAR@ @GDBSTUB_VAR@ @PLUGIN_VAR@
+ $(DLLTOOL) --export-all-symbols --output-def bochs.def \
+ $(BX_OBJS) $(SIMX86_OBJS) \
+- @IODEV_LIB_VAR@ cpu/libcpu.a memory/libmemory.a gui/libgui.a \
++ @IODEV_LIB_VAR@ cpu/libcpu.a memory/libmemory.a gui/libgui.a taint/libtaint.a \
+ @DEBUGGER_VAR@ @DISASM_VAR@ @INSTRUMENT_VAR@ @PLUGIN_VAR@ \
+ @GDBSTUB_VAR@ @FPU_VAR@
+ $(DLLTOOL) --dllname bochs.exe --def bochs.def --output-lib dllexports.a
+ $(DLLTOOL) --dllname bochs.exe --output-exp bochs.exp --def bochs.def
+ $(CXX) -o bochs.exe $(CXXFLAGS) $(LDFLAGS) -export-dynamic \
+ $(BX_OBJS) bochs.exp $(SIMX86_OBJS) \
+- @IODEV_LIB_VAR@ cpu/libcpu.a memory/libmemory.a gui/libgui.a \
++ @IODEV_LIB_VAR@ cpu/libcpu.a memory/libmemory.a gui/libgui.a taint/libtaint.a \
+ @DEBUGGER_VAR@ @DISASM_VAR@ @INSTRUMENT_VAR@ @PLUGIN_VAR@ \
+ @GDBSTUB_VAR@ @FPU_VAR@ \
+ $(GUI_LINK_OPTS) \
+@@ -274,6 +274,11 @@ gui/libgui.a::
+ $(MAKE) $(MDEFINES) libgui.a
+ @CD_UP_ONE@
+
++taint/libtaint.a::
++ cd taint @COMMAND_SEPARATOR@
++ $(MAKE) $(MDEFINES) libtaint.a
++ @CD_UP_ONE@
++
+ disasm/libdisasm.a::
+ cd disasm @COMMAND_SEPARATOR@
+ $(MAKE) $(MDEFINES) libdisasm.a
+@@ -503,6 +508,9 @@ all-clean: clean
+ cd fpu @COMMAND_SEPARATOR@
+ $(MAKE) clean
+ @CD_UP_ONE@
++ cd taint @COMMAND_SEPARATOR@
++ $(MAKE) clean
++ @CD_UP_ONE@
+ cd doc/docbook @COMMAND_SEPARATOR@
+ $(MAKE) clean
+ @CD_UP_TWO@
+@@ -538,6 +546,9 @@ dist-clean: local-dist-clean
+ cd fpu @COMMAND_SEPARATOR@
+ $(MAKE) dist-clean
+ @CD_UP_ONE@
++ cd taint @COMMAND_SEPARATOR@
++ $(MAKE) dist-clean
++ @CD_UP_ONE@
+ cd doc/docbook @COMMAND_SEPARATOR@
+ $(MAKE) dist-clean
+ @CD_UP_TWO@
+diff -urpN bochs-2.1.1.orig/bochs.h checkbochs-2.1.1/bochs.h
+--- bochs-2.1.1.orig/bochs.h 2004-02-11 14:28:03.000000000 -0800
++++ checkbochs-2.1.1/bochs.h 2005-06-29 10:59:53.000000000 -0700
+@@ -671,6 +671,7 @@ typedef struct BOCHSAPI {
+ bx_gdbstub_t gdbstub;
+ bx_param_enum_c *Osel_config;
+ bx_param_enum_c *Osel_displaylib;
++ bx_param_enum_c *Otaint_type ;
+ } bx_options_t;
+
+ BOCHSAPI extern bx_options_t bx_options;
+diff -urpN bochs-2.1.1.orig/configure checkbochs-2.1.1/configure
+--- bochs-2.1.1.orig/configure 2004-02-11 14:28:40.000000000 -0800
++++ checkbochs-2.1.1/configure 2005-06-29 10:59:53.000000000 -0700
+@@ -36189,7 +36189,7 @@ echo "${ECHO_T}no" >&6
+ fi
+
+
+- ac_config_files="$ac_config_files Makefile iodev/Makefile bx_debug/Makefile bios/Makefile cpu/Makefile memory/Makefile gui/Makefile disasm/Makefile ${INSTRUMENT_DIR}/Makefile misc/Makefile fpu/Makefile doc/docbook/Makefile build/linux/bochs-dlx bxversion.h build/macosx/Info.plist build/win32/nsis/Makefile build/win32/nsis/bochs.nsi"
++ ac_config_files="$ac_config_files Makefile iodev/Makefile bx_debug/Makefile bios/Makefile cpu/Makefile memory/Makefile gui/Makefile disasm/Makefile ${INSTRUMENT_DIR}/Makefile misc/Makefile fpu/Makefile taint/Makefile doc/docbook/Makefile build/linux/bochs-dlx bxversion.h build/macosx/Info.plist build/win32/nsis/Makefile build/win32/nsis/bochs.nsi"
+ cat >confcache <<\_ACEOF
+ # This file is a shell script that caches the results of configure
+ # tests run on this system so they can be shared between configure
+@@ -36724,6 +36724,7 @@ do
+ "${INSTRUMENT_DIR}/Makefile" ) CONFIG_FILES="$CONFIG_FILES ${INSTRUMENT_DIR}/Makefile" ;;
+ "misc/Makefile" ) CONFIG_FILES="$CONFIG_FILES misc/Makefile" ;;
+ "fpu/Makefile" ) CONFIG_FILES="$CONFIG_FILES fpu/Makefile" ;;
++ "taint/Makefile" ) CONFIG_FILES="$CONFIG_FILES taint/Makefile" ;;
+ "doc/docbook/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/docbook/Makefile" ;;
+ "build/linux/bochs-dlx" ) CONFIG_FILES="$CONFIG_FILES build/linux/bochs-dlx" ;;
+ "bxversion.h" ) CONFIG_FILES="$CONFIG_FILES bxversion.h" ;;
+diff -urpN bochs-2.1.1.orig/cpu/cpu.cc checkbochs-2.1.1/cpu/cpu.cc
+--- bochs-2.1.1.orig/cpu/cpu.cc 2004-02-11 14:28:51.000000000 -0800
++++ checkbochs-2.1.1/cpu/cpu.cc 2005-06-29 10:59:54.000000000 -0700
+@@ -30,6 +30,9 @@
+ #include "bochs.h"
+ #define LOG_THIS BX_CPU_THIS_PTR
+
++#include "taint/globals.h"
++#include "taint/mydebug.h"
++
+ #if BX_USE_CPU_SMF
+ #define this (BX_CPU(0))
+ #endif
+@@ -111,7 +114,9 @@ BX_CPU_C::cpu_loop(Bit32s max_instr_coun
+ bxInstruction_c iStorage BX_CPP_AlignN(32);
+ bxInstruction_c *i = &iStorage;
+
+- BxExecutePtr_t execute;
++ BxExecutePtr_t execute, taint_execute ;
++
++ BX_CPU_THIS_PTR curInstruction = i ;
+
+ #if BX_DEBUGGER
+ BX_CPU_THIS_PTR break_point = 0;
+@@ -209,6 +214,10 @@ BX_CPU_C::cpu_loop(Bit32s max_instr_coun
+ BxExecutePtr_tR resolveModRM = i->ResolveModrm; // Get as soon as possible for speculation.
+
+ execute = i->execute; // fetch as soon as possible for speculation.
++
++ taint_execute = i->taint_execute ;
++ if (!taint_execute) taint_execute = &BX_CPU_C::NOP ;
++
+ if (resolveModRM) {
+ BX_CPU_CALL_METHODR(resolveModRM, (i));
+ }
+@@ -281,6 +290,10 @@ BX_CPU_C::cpu_loop(Bit32s max_instr_coun
+ }
+ #endif
+ execute = i->execute; // fetch as soon as possible for speculation.
++
++ taint_execute = i->taint_execute ;
++ if (!taint_execute) taint_execute = &BX_CPU_C::NOP ;
++
+ if (resolveModRM) {
+ BX_CPU_CALL_METHODR(resolveModRM, (i));
+ }
+@@ -303,6 +316,7 @@ BX_CPU_C::cpu_loop(Bit32s max_instr_coun
+ BX_INSTR_BEFORE_EXECUTION(BX_CPU_ID);
+ RIP += i->ilen();
+ BX_CPU_CALL_METHOD(execute, (i));
++ BX_CPU_CALL_METHOD(taint_execute, (i));
+ BX_CPU_THIS_PTR prev_eip = RIP; // commit new EIP
+ BX_CPU_THIS_PTR prev_esp = RSP; // commit new ESP
+ BX_INSTR_AFTER_EXECUTION(BX_CPU_ID);
+@@ -323,6 +337,7 @@ repeat_loop:
+ if (i->as64L()) {
+ if (RCX != 0) {
+ BX_CPU_CALL_METHOD(execute, (i));
++ BX_CPU_CALL_METHOD(taint_execute, (i));
+ RCX --;
+ }
+ if ((i->repUsedValue()==3) && (get_ZF()==0)) goto repeat_done;
+@@ -335,6 +350,7 @@ repeat_loop:
+ if (i->as32L()) {
+ if (ECX != 0) {
+ BX_CPU_CALL_METHOD(execute, (i));
++ BX_CPU_CALL_METHOD(taint_execute, (i));
+ ECX --;
+ }
+ if ((i->repUsedValue()==3) && (get_ZF()==0)) goto repeat_done;
+@@ -345,6 +361,7 @@ repeat_loop:
+ else {
+ if (CX != 0) {
+ BX_CPU_CALL_METHOD(execute, (i));
++ BX_CPU_CALL_METHOD(taint_execute, (i));
+ CX --;
+ }
+ if ((i->repUsedValue()==3) && (get_ZF()==0)) goto repeat_done;
+@@ -358,6 +375,7 @@ repeat_loop:
+ if (i->as64L()) {
+ if (RCX != 0) {
+ BX_CPU_CALL_METHOD(execute, (i));
++ BX_CPU_CALL_METHOD(taint_execute, (i));
+ RCX --;
+ }
+ if (RCX == 0) goto repeat_done;
+@@ -368,6 +386,7 @@ repeat_loop:
+ if (i->as32L()) {
+ if (ECX != 0) {
+ BX_CPU_CALL_METHOD(execute, (i));
++ BX_CPU_CALL_METHOD(taint_execute, (i));
+ ECX --;
+ }
+ if (ECX == 0) goto repeat_done;
+@@ -376,6 +395,7 @@ repeat_loop:
+ else { // 16bit addrsize
+ if (CX != 0) {
+ BX_CPU_CALL_METHOD(execute, (i));
++ BX_CPU_CALL_METHOD(taint_execute, (i));
+ CX --;
+ }
+ if (CX == 0) goto repeat_done;
+@@ -865,6 +885,17 @@ BX_CPU_THIS_PTR eipPageWindowSize = 0; /
+ BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.d_b);
+ }
+
++void
++BX_CPU_C::panic(const char *fmt, ...)
++{
++ va_list arg;
++
++ printf("backtrace: %s.\n",backtrace(btstr));
++
++ va_start(arg,fmt);
++ logfunctions::panic(fmt,arg);
++ va_end(arg);
++}
+
+ #if BX_EXTERNAL_DEBUGGER
+
+diff -urpN bochs-2.1.1.orig/cpu/cpu.h checkbochs-2.1.1/cpu/cpu.h
+--- bochs-2.1.1.orig/cpu/cpu.h 2004-02-11 14:28:51.000000000 -0800
++++ checkbochs-2.1.1/cpu/cpu.h 2005-06-29 10:59:54.000000000 -0700
+@@ -739,9 +739,11 @@ public:
+ #if BX_USE_CPU_SMF
+ void (*ResolveModrm)(bxInstruction_c *) BX_CPP_AttrRegparmN(1);
+ void (*execute)(bxInstruction_c *);
++ void (*taint_execute)(bxInstruction_c *);
+ #else
+ void (BX_CPU_C::*ResolveModrm)(bxInstruction_c *) BX_CPP_AttrRegparmN(1);
+ void (BX_CPU_C::*execute)(bxInstruction_c *);
++ void (BX_CPU_C::*taint_execute)(bxInstruction_c *);
+ #endif
+
+ // 26..23 ilen (0..15). Leave this one on top so no mask is needed.
+@@ -821,6 +823,11 @@ public:
+ #endif
+ };
+
++ /* sorav: to check if the instruction has a lock prefix */
++ bool locked; //whether lock prefix is held
++ BX_CPP_INLINE void setLocked(bool val) { locked = val; }
++ BX_CPP_INLINE bool isLocked(void) { return locked ; }
++
+ BX_CPP_INLINE unsigned opcodeReg() {
+ // The opcodeReg form (low 3 bits of the opcode byte (extended
+ // by REX.B on x86-64) can be accessed by IxForm or IqForm. They
+@@ -1428,8 +1435,18 @@ union {
+ // is greated than 2 (the maximum possible for
+ // normal cases) it is a native pointer and is used
+ // for a direct write access.
++
++ /* taint fields */
++ Bit32u taint_paddress1;
++ Bit32u taint_paddress2;
++ Bit32u taint_len1;
++ Bit32u taint_len2;
++ bx_ptr_equiv_t taint_pages;
++
+ } address_xlation;
+
++ bxInstruction_c *curInstruction ;
++
+ #if BX_SUPPORT_X86_64
+ // data upper 32 bits - not used any longer
+ //Bit32s daddr_upper; // upper bits must be canonical (-virtmax --> + virtmax)
+@@ -2952,6 +2969,33 @@ union {
+ #if BX_SUPPORT_APIC
+ bx_local_apic_c local_apic;
+ #endif
++
++ /* taint functions */
++ void panic(const char *fmt, ...);
++ BX_SMF Bit32u thread_current(void) ;
++ BX_SMF Bit32s BX_CPP_AttrRegparmN(3) BX_CPU_C::taint_dtranslate_linear(bx_address laddr, unsigned pl, unsigned rw);
++ BX_SMF Bit32u BX_CPP_AttrRegparmN(2) BX_CPU_C::taint_itranslate_linear(bx_address laddr, unsigned pl);
++ BX_SMF int BX_CPP_AttrRegparmN(3) BX_CPU_C::access_linear_taint(bx_address laddr, unsigned length, unsigned pl, unsigned rw, void *taint_value);
++//SHADOW STATE FUNCTIONS
++ BX_SMF void TT_TaintSaveRegs(bxInstruction_c *i);
++ BX_SMF void TT_TaintRestoreRegs(bxInstruction_c *i);
++ BX_SMF void TT_Lock(bxInstruction_c *i);
++ BX_SMF void TT_Unlock(bxInstruction_c *i);
++ BX_SMF void TT_CommonOps(bxInstruction_c *i);
++
++ BX_SMF int read_virtual_checks_silent(bx_segment_reg_t *seg, bx_address offset, unsigned length) BX_CPP_AttrRegparmN(3);
++ BX_SMF int read_virtual_byte_silent(unsigned s, bx_address offset, Bit8u *data);
++ BX_SMF int read_virtual_word_silent(unsigned s, bx_address offset, Bit16u *data);
++ BX_SMF int read_virtual_dword_silent(unsigned s, bx_address offset, Bit32u *data);
++ BX_SMF int access_linear_silent(bx_address laddr, unsigned length, unsigned pl, unsigned rw, void *data);
++
++ BX_SMF char *backtrace(char *s);
++ BX_SMF Bit32u callingEIP(void);
++
++ BX_SMF void eraser_access_linear(bx_address laddr, unsigned len, unsigned pl, unsigned rw, void *data);
++
++ BX_SMF void eraser_init_globals (void) ;
++
+ };
+
+
+@@ -3299,6 +3343,7 @@ IMPLEMENT_EFLAG_ACCESSOR (TF, 8)
+ #define BxGroup14 BxGroupN
+ #define BxGroup15 BxGroupN
+ #define BxGroup16 BxGroupN
++#define BxGroupTaint BxGroupN
+
+ #if BX_DEBUGGER
+ typedef enum _show_flags {
+diff -urpN bochs-2.1.1.orig/cpu/cpuid.cc checkbochs-2.1.1/cpu/cpuid.cc
+--- bochs-2.1.1.orig/cpu/cpuid.cc 2003-12-31 09:35:43.000000000 -0800
++++ checkbochs-2.1.1/cpu/cpuid.cc 2005-06-29 10:59:54.000000000 -0700
+@@ -251,6 +251,12 @@ void BX_CPU_C::CPUID(bxInstruction_c *i)
+ RDX = get_std_cpuid_features ();
+ break;
+
++ case 3: /*added by sorav */
++ RBX = 0x6e696154; // "Tain"
++ RDX = 0x49646574; // "tedI"
++ RCX = 0x6c65746e; // "ntel"
++ break;
++
+ #if 0
+ #if BX_CPU_LEVEL >= 6
+ case 2:
+diff -urpN bochs-2.1.1.orig/cpu/fetchdecode.cc checkbochs-2.1.1/cpu/fetchdecode.cc
+--- bochs-2.1.1.orig/cpu/fetchdecode.cc 2003-12-28 10:19:41.000000000 -0800
++++ checkbochs-2.1.1/cpu/fetchdecode.cc 2005-06-29 10:59:54.000000000 -0700
+@@ -29,6 +29,8 @@
+ #include "bochs.h"
+ #define LOG_THIS BX_CPU_THIS_PTR
+
++#include "taint/eraser.h"
++
+
+ ///////////////////////////
+ // prefix bytes
+@@ -156,6 +158,7 @@ typedef struct BxOpcodeInfo_t {
+ Bit16u Attr;
+ BxExecutePtr_t ExecutePtr;
+ struct BxOpcodeInfo_t *AnotherArray;
++ BxExecutePtr_t TaintExecutePtr ;
+ } BxOpcodeInfo_t;
+
+
+@@ -458,6 +461,17 @@ static BxOpcodeInfo_t BxOpcodeInfoG16[8]
+ /* 7 */ { 0, &BX_CPU_C::BxError }
+ };
+
++BxOpcodeInfo_t BxOpcodeInfoGTaint[8] = {
++ /* 0 */ { BxImmediate_Iv, &BX_CPU_C::NOP, NULL, &BX_CPU_C::TT_TaintSaveRegs},
++ /* 1 */ { BxImmediate_Iv, &BX_CPU_C::NOP, NULL, &BX_CPU_C::TT_TaintRestoreRegs},
++ /* 2 */ { BxImmediate_Iv, &BX_CPU_C::NOP, NULL, &BX_CPU_C::TT_Lock /*&BX_CPU_C::TT_RegionTaint*/},
++ /* 3 */ { BxImmediate_Iv, &BX_CPU_C::NOP, NULL, &BX_CPU_C::TT_Unlock /*&BX_CPU_C::TT_RegionCheck*/},
++ /* 4 */ { BxImmediate_Iv, &BX_CPU_C::NOP, NULL, &BX_CPU_C::TT_CommonOps },
++ /* 5 */ { 0, &BX_CPU_C::NOP, NULL, NULL /*&BX_CPU_C::TT_Taint*/ },
++ /* 6 */ { 0, &BX_CPU_C::NOP, NULL, NULL /*&BX_CPU_C::TT_Untaint*/ },
++ /* 7 */ { 0, &BX_CPU_C::NOP, NULL, NULL /*&BX_CPU_C::TT_Check*/}
++ };
++
+
+ /* ************************** */
+ /* 512 entries for 16bit mode */
+@@ -728,7 +742,8 @@ static BxOpcodeInfo_t BxOpcodeInfo[512*2
+ /* 0F 01 */ { BxAnother | BxGroup7, NULL, BxOpcodeInfoG7 },
+ /* 0F 02 */ { BxAnother, &BX_CPU_C::LAR_GvEw },
+ /* 0F 03 */ { BxAnother, &BX_CPU_C::LSL_GvEw },
+- /* 0F 04 */ { 0, &BX_CPU_C::BxError },
++ ///* 0F 04 */ { 0, &BX_CPU_C::BxError },
++ /* 0F 04 : sorav */ { BxAnother | BxGroupTaint, NULL, BxOpcodeInfoGTaint }, // 2-byte escape
+ #if BX_SUPPORT_X86_64
+ /* 0F 05 */ { 0, &BX_CPU_C::SYSCALL },
+ #else
+@@ -1263,7 +1278,7 @@ static BxOpcodeInfo_t BxOpcodeInfo[512*2
+ /* 0F 01 */ { BxAnother | BxGroup7, NULL, BxOpcodeInfoG7 },
+ /* 0F 02 */ { BxAnother, &BX_CPU_C::LAR_GvEw },
+ /* 0F 03 */ { BxAnother, &BX_CPU_C::LSL_GvEw },
+- /* 0F 04 */ { 0, &BX_CPU_C::BxError },
++ /* 0F 04 : sorav */ { BxAnother | BxGroupTaint, NULL, BxOpcodeInfoGTaint }, // 2-byte escape
+ #if BX_SUPPORT_X86_64
+ /* 0F 05 */ { 0, &BX_CPU_C::SYSCALL },
+ #else
+@@ -1564,6 +1580,8 @@ BX_CPU_C::fetchDecode(Bit8u *iptr, bxIns
+ /*os64*/ 0, /*as64*/ 0,
+ /*extend8bit*/ 0, /*repUsed*/ 0);
+
++ instruction->setLocked (false) ;
++
+ sse_prefix = SSE_PREFIX_NONE;
+
+ fetch_b1:
+@@ -1669,6 +1687,7 @@ another_byte:
+ case 0xf0: // LOCK:
+ BX_INSTR_PREFIX_LOCK(BX_CPU_ID);
+ lock = 1;
++ instruction->setLocked (false) ;
+ if (ilen < remain) {
+ ilen++;
+ goto fetch_b1;
+@@ -1883,6 +1902,7 @@ modrm_done:
+ }
+
+ instruction->execute = OpcodeInfoPtr->ExecutePtr;
++ instruction->taint_execute = OpcodeInfoPtr->TaintExecutePtr;
+ instruction->setRepAttr(attr & (BxRepeatable | BxRepeatableZF));
+ }
+ else {
+@@ -1891,6 +1911,7 @@ modrm_done:
+ // the if() above after fetching the 2nd byte, so this path is
+ // taken in all cases if a modrm byte is NOT required.
+ instruction->execute = BxOpcodeInfo[b1+offset].ExecutePtr;
++ instruction->taint_execute = BxOpcodeInfo[b1+offset].TaintExecutePtr;
+ instruction->IxForm.opcodeReg = b1 & 7;
+ }
+
+diff -urpN bochs-2.1.1.orig/cpu/paging.cc checkbochs-2.1.1/cpu/paging.cc
+--- bochs-2.1.1.orig/cpu/paging.cc 2003-12-30 14:12:45.000000000 -0800
++++ checkbochs-2.1.1/cpu/paging.cc 2005-06-29 10:59:54.000000000 -0700
+@@ -38,6 +38,8 @@
+ #include "bochs.h"
+ #define LOG_THIS BX_CPU_THIS_PTR
+
++#include "taint/globals.h"
++
+ #if BX_USE_CPU_SMF
+ #define this (BX_CPU(0))
+ #endif
+@@ -1124,6 +1126,7 @@ BX_CPU_C::access_linear(bx_address laddr
+ BX_CPU_THIS_PTR mem->writePhysicalPage(this,
+ BX_CPU_THIS_PTR address_xlation.paddress1, length, data);
+ }
++ BX_CPU_THIS_PTR eraser_access_linear(laddr,length,pl,rw,data);
+ return;
+ }
+ else {
+@@ -1195,6 +1198,7 @@ BX_CPU_C::access_linear(bx_address laddr
+ }
+ #endif
+
++ BX_CPU_THIS_PTR eraser_access_linear(laddr,length,pl,rw,data);
+ return;
+ }
+ }
+@@ -1216,6 +1220,7 @@ BX_CPU_C::access_linear(bx_address laddr
+ lpf = laddr & 0xfffff000;
+ if (BX_CPU_THIS_PTR TLB.entry[tlbIndex].lpf == BX_TLB_LPF_VALUE(lpf)) {
+ BX_CPU_THIS_PTR mem->readPhysicalPage(this, laddr, length, data);
++ BX_CPU_THIS_PTR eraser_access_linear(laddr,length,pl,rw,data);
+ return;
+ }
+ // We haven't seen this page, or it's been bumped before.
+@@ -1258,6 +1263,7 @@ BX_CPU_C::access_linear(bx_address laddr
+ lpf = laddr & 0xfffff000;
+ if (BX_CPU_THIS_PTR TLB.entry[tlbIndex].lpf == BX_TLB_LPF_VALUE(lpf)) {
+ BX_CPU_THIS_PTR mem->writePhysicalPage(this, laddr, length, data);
++ BX_CPU_THIS_PTR eraser_access_linear(laddr,length,pl,rw,data);
+ return;
+ }
+ // We haven't seen this page, or it's been bumped before.
+@@ -1401,6 +1407,8 @@ BX_CPU_C::access_linear(Bit32u laddr, un
+ BX_CPU_THIS_PTR mem->readPhysicalPage(this, laddr, length, data);
+ else
+ BX_CPU_THIS_PTR mem->writePhysicalPage(this, laddr, length, data);
++
++ BX_CPU_THIS_PTR eraser_access_linear(laddr,length,pl,rw,data);
+ return;
+ }
+
+diff -urpN bochs-2.1.1.orig/gdbstub.cc checkbochs-2.1.1/gdbstub.cc
+diff -urpN bochs-2.1.1.orig/gdbstub.cc.rej checkbochs-2.1.1/gdbstub.cc.rej
+diff -urpN bochs-2.1.1.orig/gui/Makefile.in checkbochs-2.1.1/gui/Makefile.in
+--- bochs-2.1.1.orig/gui/Makefile.in 2003-11-28 07:07:28.000000000 -0800
++++ checkbochs-2.1.1/gui/Makefile.in 2005-06-29 10:13:21.000000000 -0700
+@@ -44,7 +44,7 @@ SHELL = /bin/sh
+ @SET_MAKE@
+
+ CXX = @CXX@
+-CXXFLAGS = $(BX_INCDIRS) @CXXFLAGS@ @GUI_CXXFLAGS@
++CXXFLAGS = $(BX_INCDIRS) @CXXFLAGS@ @GUI_CXXFLAGS@ -fms-extensions
+ LOCAL_CXXFLAGS =
+ LDFLAGS = @LDFLAGS@
+ LIBS = @LIBS@
+diff -urpN bochs-2.1.1.orig/gui/siminterface.h checkbochs-2.1.1/gui/siminterface.h
+--- bochs-2.1.1.orig/gui/siminterface.h 2004-02-11 14:28:52.000000000 -0800
++++ checkbochs-2.1.1/gui/siminterface.h 2005-06-29 10:59:55.000000000 -0700
+@@ -464,6 +464,7 @@ typedef enum {
+ #endif
+ BXP_SEL_CONFIG_INTERFACE,
+ BXP_SEL_DISPLAY_LIBRARY,
++ BXP_SEL_TAINT_TYPE,
+ BXP_THIS_IS_THE_LAST // used to determine length of list
+ } bx_id;
+
+diff -urpN bochs-2.1.1.orig/iodev/pit82c54.cc checkbochs-2.1.1/iodev/pit82c54.cc
+diff -urpN bochs-2.1.1.orig/iodev/pit82c54.cc~ checkbochs-2.1.1/iodev/pit82c54.cc~
+diff -urpN bochs-2.1.1.orig/iodev/serial.cc checkbochs-2.1.1/iodev/serial.cc
+diff -urpN bochs-2.1.1.orig/iodev/serial.cc.rej checkbochs-2.1.1/iodev/serial.cc.rej
+diff -urpN bochs-2.1.1.orig/main.cc checkbochs-2.1.1/main.cc
+--- bochs-2.1.1.orig/main.cc 2004-02-11 14:28:41.000000000 -0800
++++ checkbochs-2.1.1/main.cc 2005-06-29 11:29:46.000000000 -0700
+@@ -28,6 +28,10 @@
+ #include <assert.h>
+ #include "state_file.h"
+
++#include "taint/taint_type.h"
++#include "taint/mydebug.h"
++#include "taint/globals.h"
++
+ #ifdef HAVE_LOCALE_H
+ #include <locale.h>
+ #endif
+@@ -1768,6 +1773,7 @@ int bxmain () {
+ if (setjmp (context) == 0) {
+ SIM->set_quit_context (&context);
+ if (bx_init_main (bx_startup_flags.argc, bx_startup_flags.argv) < 0)
++ BX_CPU(0)->eraser_init_globals() ;
+ return 0;
+ // read a param to decide which config interface to start.
+ // If one exists, start it. If not, just begin.
+@@ -2309,6 +2322,18 @@ bx_begin_simulation (int argc, char *arg
+ SIM->set_init_done (1);
+
+ // update headerbar buttons since drive status can change during init
++ static char *taint_type_list[] = {
++ "eraser",
++ "none",
++ NULL
++ };
++ bx_options.Otaint_type = new bx_param_enum_c (BXP_SEL_TAINT_TYPE,
++ "Taint Type (Eraser,..)",
++ "Select Taint Type",
++ taint_type_list,
++ 0,
++ 0);
++
+ bx_gui->update_drive_status_buttons ();
+
+ // The set handler for mouse_enabled does not actually update the gui
+@@ -2507,7 +2532,7 @@ bx_init_hardware()
+ #if !BX_DEBUGGER
+ signal(SIGINT, bx_signal_handler);
+ #endif
+-
++ assign_taint_functions ("eraser") ;
+ #if BX_SHOW_IPS
+ #ifndef __MINGW32__
+ signal(SIGALRM, bx_signal_handler);
+@@ -3971,6 +3996,20 @@ parse_line_formatted(char *context, int
+ if (!bx_options.Osel_config->set_by_name (params[1]))
+ PARSE_ERR(("%s: config_interface '%s' not available", context, params[1]));
+ }
++ else if (!strcmp (params[0], "taint")) {
++ if (num_params!=2) {
++ PARSE_ERR(("%s: taint directive: wrong # of args. Usage: taint <option>",context)) ;
++ }
++ if (!bx_options.Otaint_type->set_by_name (params[1])) {
++ PARSE_ERR(("%s: taint type '%s' not available.", context, params[1]));
++ }
++ }
++ else if (!strcmp (params[0], "logfile")) {
++ if (num_params!=2) {
++ PARSE_ERR(("%s: logfile directive: wrong # of args. Usage- logfile: <filename>",context)) ;
++ }
++ strncpy (g_logfn, params[1], 128) ;
++ }
+ else if (!strcmp(params[0], "display_library")) {
+ if (num_params != 2) {
+ PARSE_ERR(("%s: display_library directive: wrong # args.", context));
+diff -urpN bochs-2.1.1.orig/main.cc~ checkbochs-2.1.1/main.cc~
+diff -urpN bochs-2.1.1.orig/memory/memory.h checkbochs-2.1.1/memory/memory.h
+--- bochs-2.1.1.orig/memory/memory.h 2004-02-11 14:28:54.000000000 -0800
++++ checkbochs-2.1.1/memory/memory.h 2005-06-29 10:59:56.000000000 -0700
+@@ -45,6 +45,10 @@ class BOCHSAPI BX_MEM_C : public logfunc
+ public:
+ Bit8u *actual_vector;
+ Bit8u *vector; // aligned correctly
++
++ Bit32u *actual_taint_vector; //keep a word for every byte
++ Bit32u *taint_vector; // aligned correctly
++
+ size_t len;
+ size_t megabytes; // (len in Megabytes)
+ #if BX_PCI_SUPPORT
+@@ -77,6 +81,12 @@ public:
+ unsigned long (*f)(unsigned char *buf, int len),
+ Bit32u addr1, Bit32u addr2, Bit32u *crc);
+ BX_MEM_SMF Bit8u * getHostMemAddr(BX_CPU_C *cpu, Bit32u a20Addr, unsigned op) BX_CPP_AttrRegparmN(3);
++
++//Taint functions
++ BX_MEM_SMF void readPhysicalTaintPage(BX_CPU_C *cpu, Bit32u addr,
++ unsigned len, void *data) BX_CPP_AttrRegparmN(3);
++ BX_MEM_SMF void writePhysicalTaintPage(BX_CPU_C *cpu, Bit32u addr,
++ unsigned len, void *data) BX_CPP_AttrRegparmN(3);
+ };
+
+ #if BX_PROVIDE_CPU_MEMORY==1
+diff -urpN bochs-2.1.1.orig/memory/misc_mem.cc checkbochs-2.1.1/memory/misc_mem.cc
+--- bochs-2.1.1.orig/memory/misc_mem.cc 2004-02-11 14:28:54.000000000 -0800
++++ checkbochs-2.1.1/memory/misc_mem.cc 2005-06-29 10:59:56.000000000 -0700
+@@ -54,7 +54,9 @@ BX_MEM_C::BX_MEM_C(void)
+ settype(MEMLOG);
+
+ vector = NULL;
++ taint_vector = NULL;
+ actual_vector = NULL;
++ actual_taint_vector = NULL;
+ len = 0;
+ megabytes = 0;
+ }
+@@ -69,11 +71,15 @@ BX_MEM_C::alloc_vector_aligned (size_t b
+ if (actual_vector != NULL) {
+ BX_INFO (("freeing existing memory vector"));
+ delete [] actual_vector;
++ delete [] actual_taint_vector;
+ actual_vector = NULL;
++ actual_taint_vector = NULL;
+ vector = NULL;
++ taint_vector = NULL;
+ }
+ Bit64u test_mask = alignment - 1;
+ actual_vector = new Bit8u [bytes+test_mask];
++ actual_taint_vector = new Bit32u [bytes+test_mask];
+ // round address forward to nearest multiple of alignment. Alignment
+ // MUST BE a power of two for this to work.
+ Bit64u masked = ((Bit64u)(actual_vector + test_mask)) & ~test_mask;
+@@ -84,6 +90,13 @@ BX_MEM_C::alloc_vector_aligned (size_t b
+ BX_ASSERT (vector+bytes <= actual_vector+bytes+test_mask);
+ BX_INFO (("allocated memory at %p. after alignment, vector=%p",
+ actual_vector, vector));
++
++ //sorav
++ unsigned int wasted_memory = masked - (Bit64u)vector ;
++ BX_ASSERT(wasted_memory<=test_mask);
++ taint_vector = &(actual_taint_vector[wasted_memory]);
++ //sanity check: after realignment, everything fits in allocated space
++ BX_ASSERT(&(taint_vector[bytes]) <= &(actual_taint_vector[bytes+test_mask]));
+ }
+ #endif
+
+@@ -136,6 +150,7 @@ BX_MEM_C::init_memory(int memsize)
+
+ if (BX_MEM_THIS vector == NULL) {
+ // memory not already allocated, do now...
++ assert (taint_vector==NULL) ;
+ alloc_vector_aligned (memsize, BX_MEM_VECTOR_ALIGN);
+ BX_MEM_THIS len = memsize;
+ BX_MEM_THIS megabytes = memsize / (1024*1024);
+diff -urpN bochs-2.1.1.orig/taint/Makefile.in checkbochs-2.1.1/taint/Makefile.in
+--- bochs-2.1.1.orig/taint/Makefile.in 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/Makefile.in 2005-06-29 11:14:31.000000000 -0700
+@@ -0,0 +1,184 @@
++.SUFFIXES: .cc
++
++VPATH = @srcdir@
++
++srcdir = @srcdir@
++
++top_builddir = $(srcdir)/..
++top_srcdir = $(srcdir)/..
++
++SHELL = /bin/sh
++
++
++
++CXX = g++
++CXXFLAGS = -g -O2 -D_FILE_OFFSET_BITS=64 -D_LARGE_FILES $(X_CFLAGS)
++
++LDFLAGS =
++LIBS = -lm
++X_LIBS = -L/usr/X11R6/lib
++X_PRE_LIBS = -lSM -lICE
++RANLIB = ranlib
++
++
++
++BX_INCDIRS = -I.. -I$(srcdir)/.. -I../instrument/stubs -I$(srcdir)/../instrument/stubs
++
++APIC_OBJS =
++EXT_DEBUG_OBJS =
++
++# Objects which are synced between the cpu and cpu64 code and
++# are used for either compile.
++OBJS = common.o globals.o taint_type.o eraser.o paging.o memory.o \
++ lockset.o list.o hash.o silent_access.o silent_paging.o
++
++OBJS64 =
++
++
++BX_INCLUDES = ../bochs.h ../config.h
++
++
++all: libtaint.a
++
++.cc.o:
++ $(CXX) -c $(BX_INCDIRS) $(CXXFLAGS) $< -o $@
++
++
++libtaint.a: $(OBJS)
++ rm -f libtaint.a
++ ar rv $@ $(OBJS)
++ $(RANLIB) libtaint.a
++
++$(OBJS): $(BX_INCLUDES)
++
++$(OBJS64): $(BX_INCLUDES)
++
++clean:
++ rm -f *.o
++ rm -f *.a
++
++dist-clean: clean
++ rm -f Makefile
++
++common.o: common.cc ../bochs.h ../config.h ../osdep.h ../bx_debug/debug.h \
++ ../bxversion.h ../gui/siminterface.h ../state_file.h ../cpu/cpu.h \
++ ../cpu/lazy_flags.h ../cpu/i387.h ../cpu/xmm.h ../memory/memory.h \
++ ../pc_system.h ../plugin.h ../extplugin.h ../gui/gui.h \
++ ../gui/textconfig.h ../gui/keymap.h ../iodev/iodev.h ../iodev/pci.h \
++ ../iodev/pci2isa.h ../iodev/pcivga.h ../iodev/vga.h ../iodev/ioapic.h \
++ ../iodev/biosdev.h ../iodev/cmos.h ../iodev/dma.h ../iodev/floppy.h \
++ ../iodev/harddrv.h ../iodev/cdrom.h ../iodev/vmware3.h \
++ ../iodev/keyboard.h ../iodev/parallel.h ../iodev/pic.h ../iodev/pit.h \
++ ../iodev/pit_wrap.h ../iodev/pit82c54.h ../iodev/virt_timer.h \
++ ../iodev/serial.h ../iodev/unmapped.h ../iodev/eth.h ../iodev/ne2k.h \
++ ../iodev/guest2host.h ../iodev/slowdown_timer.h ../iodev/extfpuirq.h \
++ ../instrument/stubs/instrument.h mydebug.h
++
++taint_type.o: taint_type.cc taint_type.h \
++ ../bochs.h ../config.h ../osdep.h ../bx_debug/debug.h \
++ ../bxversion.h ../gui/siminterface.h ../state_file.h ../cpu/cpu.h \
++ ../cpu/lazy_flags.h ../cpu/i387.h ../cpu/xmm.h ../memory/memory.h \
++ ../pc_system.h ../plugin.h ../extplugin.h ../gui/gui.h \
++ ../gui/textconfig.h ../gui/keymap.h ../iodev/iodev.h ../iodev/pci.h \
++ ../iodev/pci2isa.h ../iodev/pcivga.h ../iodev/vga.h ../iodev/ioapic.h \
++ ../iodev/biosdev.h ../iodev/cmos.h ../iodev/dma.h ../iodev/floppy.h \
++ ../iodev/harddrv.h ../iodev/cdrom.h ../iodev/vmware3.h \
++ ../iodev/keyboard.h ../iodev/parallel.h ../iodev/pic.h ../iodev/pit.h \
++ ../iodev/pit_wrap.h ../iodev/pit82c54.h ../iodev/virt_timer.h \
++ ../iodev/serial.h ../iodev/unmapped.h ../iodev/eth.h ../iodev/ne2k.h \
++ ../iodev/guest2host.h ../iodev/slowdown_timer.h ../iodev/extfpuirq.h \
++ ../instrument/stubs/instrument.h mydebug.h
++
++memory.o: memory.cc ../bochs.h ../config.h ../osdep.h ../bx_debug/debug.h \
++ ../bxversion.h ../gui/siminterface.h ../state_file.h ../cpu/cpu.h \
++ ../cpu/lazy_flags.h ../cpu/i387.h ../cpu/xmm.h ../memory/memory.h \
++ ../pc_system.h ../plugin.h ../extplugin.h ../gui/gui.h \
++ ../gui/textconfig.h ../gui/keymap.h ../iodev/iodev.h ../iodev/pci.h \
++ ../iodev/pci2isa.h ../iodev/pcivga.h ../iodev/vga.h ../iodev/ioapic.h \
++ ../iodev/biosdev.h ../iodev/cmos.h ../iodev/dma.h ../iodev/floppy.h \
++ ../iodev/harddrv.h ../iodev/cdrom.h ../iodev/vmware3.h \
++ ../iodev/keyboard.h ../iodev/parallel.h ../iodev/pic.h ../iodev/pit.h \
++ ../iodev/pit_wrap.h ../iodev/pit82c54.h ../iodev/virt_timer.h \
++ ../iodev/serial.h ../iodev/unmapped.h ../iodev/eth.h ../iodev/ne2k.h \
++ ../iodev/guest2host.h ../iodev/slowdown_timer.h ../iodev/extfpuirq.h \
++ ../instrument/stubs/instrument.h mydebug.h
++
++paging.o: paging.cc ../bochs.h ../config.h ../osdep.h ../bx_debug/debug.h \
++ ../bxversion.h ../gui/siminterface.h ../state_file.h ../cpu/cpu.h \
++ ../cpu/lazy_flags.h ../cpu/i387.h ../cpu/xmm.h ../memory/memory.h \
++ ../pc_system.h ../plugin.h ../extplugin.h ../gui/gui.h \
++ ../gui/textconfig.h ../gui/keymap.h ../iodev/iodev.h ../iodev/pci.h \
++ ../iodev/pci2isa.h ../iodev/pcivga.h ../iodev/vga.h ../iodev/ioapic.h \
++ ../iodev/biosdev.h ../iodev/cmos.h ../iodev/dma.h ../iodev/floppy.h \
++ ../iodev/harddrv.h ../iodev/cdrom.h ../iodev/vmware3.h \
++ ../iodev/keyboard.h ../iodev/parallel.h ../iodev/pic.h ../iodev/pit.h \
++ ../iodev/pit_wrap.h ../iodev/pit82c54.h ../iodev/virt_timer.h \
++ ../iodev/serial.h ../iodev/unmapped.h ../iodev/eth.h ../iodev/ne2k.h \
++ ../iodev/guest2host.h ../iodev/slowdown_timer.h ../iodev/extfpuirq.h \
++ ../instrument/stubs/instrument.h mydebug.h
++
++eraser.o: eraser.cc lockset.h eraser.h \
++ ../bochs.h ../config.h ../osdep.h ../bx_debug/debug.h \
++ ../bxversion.h ../gui/siminterface.h ../state_file.h ../cpu/cpu.h \
++ ../cpu/lazy_flags.h ../cpu/i387.h ../cpu/xmm.h ../memory/memory.h \
++ ../pc_system.h ../plugin.h ../extplugin.h ../gui/gui.h \
++ ../gui/textconfig.h ../gui/keymap.h ../iodev/iodev.h ../iodev/pci.h \
++ ../iodev/pci2isa.h ../iodev/pcivga.h ../iodev/vga.h ../iodev/ioapic.h \
++ ../iodev/biosdev.h ../iodev/cmos.h ../iodev/dma.h ../iodev/floppy.h \
++ ../iodev/harddrv.h ../iodev/cdrom.h ../iodev/vmware3.h \
++ ../iodev/keyboard.h ../iodev/parallel.h ../iodev/pic.h ../iodev/pit.h \
++ ../iodev/pit_wrap.h ../iodev/pit82c54.h ../iodev/virt_timer.h \
++ ../iodev/serial.h ../iodev/unmapped.h ../iodev/eth.h ../iodev/ne2k.h \
++ ../iodev/guest2host.h ../iodev/slowdown_timer.h ../iodev/extfpuirq.h \
++ ../instrument/stubs/instrument.h mydebug.h
++
++silent_paging.o: silent_paging.cc \
++ ../bochs.h ../config.h ../osdep.h ../bx_debug/debug.h \
++ ../bxversion.h ../gui/siminterface.h ../state_file.h ../cpu/cpu.h \
++ ../cpu/lazy_flags.h ../cpu/i387.h ../cpu/xmm.h ../memory/memory.h \
++ ../pc_system.h ../plugin.h ../extplugin.h ../gui/gui.h \
++ ../gui/textconfig.h ../gui/keymap.h ../iodev/iodev.h ../iodev/pci.h \
++ ../iodev/pci2isa.h ../iodev/pcivga.h ../iodev/vga.h ../iodev/ioapic.h \
++ ../iodev/biosdev.h ../iodev/cmos.h ../iodev/dma.h ../iodev/floppy.h \
++ ../iodev/harddrv.h ../iodev/cdrom.h ../iodev/vmware3.h \
++ ../iodev/keyboard.h ../iodev/parallel.h ../iodev/pic.h ../iodev/pit.h \
++ ../iodev/pit_wrap.h ../iodev/pit82c54.h ../iodev/virt_timer.h \
++ ../iodev/serial.h ../iodev/unmapped.h ../iodev/eth.h ../iodev/ne2k.h \
++ ../iodev/guest2host.h ../iodev/slowdown_timer.h ../iodev/extfpuirq.h \
++ ../instrument/stubs/instrument.h mydebug.h
++
++silent_access.o: silent_access.cc \
++ ../bochs.h ../config.h ../osdep.h ../bx_debug/debug.h \
++ ../bxversion.h ../gui/siminterface.h ../state_file.h ../cpu/cpu.h \
++ ../cpu/lazy_flags.h ../cpu/i387.h ../cpu/xmm.h ../memory/memory.h \
++ ../pc_system.h ../plugin.h ../extplugin.h ../gui/gui.h \
++ ../gui/textconfig.h ../gui/keymap.h ../iodev/iodev.h ../iodev/pci.h \
++ ../iodev/pci2isa.h ../iodev/pcivga.h ../iodev/vga.h ../iodev/ioapic.h \
++ ../iodev/biosdev.h ../iodev/cmos.h ../iodev/dma.h ../iodev/floppy.h \
++ ../iodev/harddrv.h ../iodev/cdrom.h ../iodev/vmware3.h \
++ ../iodev/keyboard.h ../iodev/parallel.h ../iodev/pic.h ../iodev/pit.h \
++ ../iodev/pit_wrap.h ../iodev/pit82c54.h ../iodev/virt_timer.h \
++ ../iodev/serial.h ../iodev/unmapped.h ../iodev/eth.h ../iodev/ne2k.h \
++ ../iodev/guest2host.h ../iodev/slowdown_timer.h ../iodev/extfpuirq.h \
++ ../instrument/stubs/instrument.h mydebug.h
++
++globals.o: globals.cc \
++ ../bochs.h ../config.h ../osdep.h ../bx_debug/debug.h \
++ ../bxversion.h ../gui/siminterface.h ../state_file.h ../cpu/cpu.h \
++ ../cpu/lazy_flags.h ../cpu/i387.h ../cpu/xmm.h ../memory/memory.h \
++ ../pc_system.h ../plugin.h ../extplugin.h ../gui/gui.h \
++ ../gui/textconfig.h ../gui/keymap.h ../iodev/iodev.h ../iodev/pci.h \
++ ../iodev/pci2isa.h ../iodev/pcivga.h ../iodev/vga.h ../iodev/ioapic.h \
++ ../iodev/biosdev.h ../iodev/cmos.h ../iodev/dma.h ../iodev/floppy.h \
++ ../iodev/harddrv.h ../iodev/cdrom.h ../iodev/vmware3.h \
++ ../iodev/keyboard.h ../iodev/parallel.h ../iodev/pic.h ../iodev/pit.h \
++ ../iodev/pit_wrap.h ../iodev/pit82c54.h ../iodev/virt_timer.h \
++ ../iodev/serial.h ../iodev/unmapped.h ../iodev/eth.h ../iodev/ne2k.h \
++ ../iodev/guest2host.h ../iodev/slowdown_timer.h ../iodev/extfpuirq.h \
++ ../instrument/stubs/instrument.h mydebug.h
++
++lockset.o: lockset.h lockset.cc hash.h mydebug.h
++
++hash.o: hash.h hash.cc
++
++list.o: list.h list.cc
+diff -urpN bochs-2.1.1.orig/taint/common.cc checkbochs-2.1.1/taint/common.cc
+--- bochs-2.1.1.orig/taint/common.cc 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/common.cc 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,146 @@
++#define NEED_CPU_REG_SHORTCUTS 1
++#include "bochs.h"
++#define LOG_THIS BX_CPU_THIS_PTR
++
++#include "taint/mydebug.h"
++#include "taint/globals.h"
++
++#define PINTOS
++
++#define STACK_DEPTH 256
++
++#if BX_USE_CPU_SMF
++#define this (BX_CPU(0))
++#endif
++
++#define MASK(SHIFT, CNT) (((1ul << (CNT)) - 1) << (SHIFT))
++
++/* Page offset (bits 0:13). */
++#define PGSHIFT 0 /* Index of first offset bit. */
++
++#ifdef LINUX
++#define PGBITS 13 /* Number of offset bits. */
++#else
++#ifdef PINTOS
++#define PGBITS 12
++#else
++#define PGBITS 13 /* Number of offset bits. */
++#warning "Dont know whether compiling for Pintos or Linux. Assuming Linux (PGBITS=13)"
++#endif
++#endif
++
++#define PGMASK MASK(PGSHIFT, PGBITS) /* Page offset bits (0:12). */
++#define PGSIZE (1 << PGBITS) /* Bytes in a page. */
++
++struct stack {
++ Bit32u arr[STACK_DEPTH];
++ unsigned int top;
++} savedRegsStack;
++bool savedRegsStackInitialized = false;
++
++void push(struct stack *s, Bit32u val) {
++ assert(s->top>=0);
++ if (s->top++==STACK_DEPTH) {
++ DBG(ERR,("Stack Overflow. Exiting.."));
++ exit(1);
++ }
++ s->arr[s->top-1] = val;
++}
++
++Bit32u pop(struct stack *s) {
++ Bit32u ret;
++ assert(s->top>=0);
++ if (s->top==0) {
++ DBG(ERR,("Stack Underflow. Exiting.."));
++ exit(1);
++ }
++ ret = s->arr[s->top-1];
++ s->top--;
++ return ret;
++}
++
++Bit32u stack_init(struct stack *s) {
++ s->top = 0;
++}
++
++void BX_CPU_C::TT_TaintSaveRegs(bxInstruction_c *i) {
++ Bit32u opId = i->Id();
++
++ if (!savedRegsStackInitialized) {
++ stack_init(&savedRegsStack);
++ savedRegsStackInitialized = true;
++ }
++ //if (opId==999) mylog(D1,("%s %d: called with opId 999.\n",__func__,__LINE__));
++ push(&savedRegsStack, EAX);
++ push(&savedRegsStack, EBX);
++ push(&savedRegsStack, ECX);
++ push(&savedRegsStack, EDX);
++ //DBG(L1,("pushing EAX=%x, EBX=%x, ECX=%x, EDX=%x.\n",EAX,EBX,ECX,EDX));
++ //g_instruction_display_count = 10;
++}
++
++void BX_CPU_C::TT_TaintRestoreRegs(bxInstruction_c *i) {
++ assert(savedRegsStackInitialized);
++ //mylog(D1,("%s %d: ECX=%x, EDX=%x\n",__func__,__LINE__,ECX,EDX));
++ EDX = pop(&savedRegsStack);
++ ECX = pop(&savedRegsStack);
++ EBX = pop(&savedRegsStack);
++ EAX = pop(&savedRegsStack);
++ //DBG(L1,("popping EAX=%x, EBX=%x, ECX=%x, EDX=%x.\n",EAX,EBX,ECX,EDX));
++}
++
++Bit32u
++BX_CPU_C::thread_current(void) {
++ unsigned kernelPL = 0;
++ Bit32u pid;
++ if (CPL==kernelPL) {
++ //pid = (ESP & 0xffffe000);
++ pid = ((ESP-1) & ~PGMASK); //subtract 1 so that we do not get incorrect pid, if stack is empty
++ } else {
++ /*Bit32u esp;
++ Bit16u ss;
++ get_SS_ESP_from_TSS(kernelPL,&ss,&esp);
++ pid = esp;*/
++ }
++ return pid;
++}
++
++char *BX_CPU_C::backtrace(char *s) {
++ Bit32u ebp, eip;
++ int stackdepth = 0, readsuccessful = 1;
++ char tmp[17];
++ //printf("EIP = %x.\n",EIP);
++ snprintf(s,16,"%x ",EIP);
++ ebp = EBP;
++ //while (ebp>0xc0000000 && stackdepth<10 && readsuccessful) {
++ while (ebp>0xc0000000 && stackdepth<10) {
++ readsuccessful &= read_virtual_dword_silent(BX_SEG_REG_SS, ebp+4, &eip);
++ readsuccessful &= read_virtual_dword_silent(BX_SEG_REG_SS, ebp, &ebp);
++ snprintf(tmp,16,"%x ",eip);
++ s = strncat(s,tmp,16);
++ stackdepth++;
++ }
++ return s;
++}
++
++Bit32u BX_CPU_C::callingEIP(void) {
++ Bit32u ebp, eip;
++ int stackdepth = 0, readsuccessful = 1;
++ char tmp[17];
++ ebp = EBP;
++ readsuccessful = read_virtual_dword_silent(BX_SEG_REG_SS, ebp+4, &eip);
++ if (readsuccessful) return eip;
++ else return 0;
++}
++
++void checkbochs_log (const char *fmt, ...)
++{
++ va_list ap;
++
++ if (!g_logfp) {
++ return ;
++ }
++ va_start (ap, fmt) ;
++ vfprintf (g_logfp, fmt, ap) ;
++ va_end (ap) ;
++}
+diff -urpN bochs-2.1.1.orig/taint/common.cc.bak checkbochs-2.1.1/taint/common.cc.bak
+diff -urpN bochs-2.1.1.orig/taint/eraser.cc checkbochs-2.1.1/taint/eraser.cc
+--- bochs-2.1.1.orig/taint/eraser.cc 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/eraser.cc 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,240 @@
++#define NEED_CPU_REG_SHORTCUTS 1
++#include "bochs.h"
++#define LOG_THIS BX_CPU_THIS_PTR
++
++#if BX_USE_CPU_SMF
++#define this (BX_CPU(0))
++#endif
++
++#define PHYS_BASE 0xc0000000
++
++#include "mydebug.h"
++#include "taint_type.h"
++#include "lockset.h"
++#include "hash.h"
++#include "eraser.h"
++#include "globals.h"
++#include "mydebug.h"
++
++void breakme() {}
++
++#define WRN_UNINIT(loc) do { \
++ /* DBG(WRN,("Thread %x: Read on uninitialized location %x, backtrace: %s\n",myid,loc, backtrace(btstr))); */ \
++} while (0)
++
++#define WRN_ERASER(myid,loc,tval) do { \
++ if (!already_warned(loc)) { \
++ warn(loc); \
++ DBG(WRN,("Thread %x: Warning on location %x, backtrace: %s\n",myid,loc, backtrace(btstr))); \
++ breakme(); \
++ } \
++} while (0)
++
++struct warn_table_entry {
++ unsigned loc;
++ hash_elem h_elem;
++};
++
++static int warn_table_initialized = 0;
++static struct hash warn_table ;
++
++unsigned warn_hash (const hash_elem *e, void *aux)
++{
++ struct warn_table_entry *h = hash_entry (e, struct warn_table_entry, h_elem);
++ return h->loc;
++}
++
++bool
++warn_less (const hash_elem *a_, const hash_elem *b_,
++ void *aux)
++{
++ struct warn_table_entry *a = hash_entry (a_, struct warn_table_entry, h_elem);
++ struct warn_table_entry *b = hash_entry (b_, struct warn_table_entry, h_elem);
++ return (a->loc < b->loc);
++}
++
++static int
++already_warned(unsigned loc) {
++ struct warn_table_entry tmp;
++ hash_elem *h_element;
++ if (!warn_table_initialized) return 0;
++ tmp.loc = loc;
++ h_element = hash_find(&warn_table, &tmp.h_elem);
++ if (h_element) return 1;
++ else return 0;
++}
++
++static int
++warn(unsigned loc) {
++ struct warn_table_entry *tmp = (struct warn_table_entry*)malloc(sizeof(struct warn_table_entry));
++ if (!warn_table_initialized) {
++ hash_init(&warn_table, warn_hash, warn_less, NULL);
++ warn_table_initialized = 1;
++ }
++ tmp->loc = loc;
++ hash_insert(&warn_table, &tmp->h_elem);
++}
++
++
++void BX_CPU_C::TT_Lock(bxInstruction_c *i) {
++ Bit32u opId = i->Id();
++ if (opId!=ERASER_ID) return;
++
++ Bit32u myid = (BX_CPU_THIS_PTR thread_current())&0x3fffffff;
++ DBG(LOCKS,("%x: acquiring lock %x. backtrace: %s\n",myid,ECX,backtrace(btstr)));
++ eraser_lock(ECX);
++ //lockset_t lset = add_lock(cur_held(myid),ECX);
++ //update_lockset(myid,lset);
++}
++
++void BX_CPU_C::TT_Unlock(bxInstruction_c *i) {
++ Bit32u opId = i->Id();
++ if (opId!=ERASER_ID) return;
++
++ Bit32u myid = (BX_CPU_THIS_PTR thread_current())&0x3fffffff;
++ DBG(LOCKS,("%x: releasing lock %x. backtrace: %s\n",myid,ECX,backtrace(btstr)));
++ eraser_unlock(ECX);
++ //Bit32u myid = (BX_CPU_THIS_PTR thread_current())&0x3fffffff;
++ //lockset_t lset = remove_lock(cur_held(myid),ECX);
++ //update_lockset(myid,lset);
++}
++
++void BX_CPU_C::eraser_access_linear(bx_address laddr, unsigned len, unsigned pl, unsigned rw, void *notused) {
++ Bit32u myid = (BX_CPU_THIS_PTR thread_current())&0x3fffffff;
++ Bit32u taintval[4], origval;
++ int i, try_access;
++ if (ignore_on(myid)) return;
++ if (laddr + len <= PHYS_BASE) return ;
++ if (laddr < PHYS_BASE) {
++ len -= (PHYS_BASE-laddr) ;
++ laddr = PHYS_BASE ;
++ }
++ DBG (ACCESS_LINEAR, ("%s() %d: entry. laddr=%x, len=%x, rw=%x\n",__func__,__LINE__,laddr,len,rw)) ;
++ if (!BX_CPU_THIS_PTR get_IF()) {
++ eraser_lock(INTERRUPT_LOCK); //acquire a dummy lock for disabled interrupts
++ assert(cur_held(myid)!=0);
++ }
++ if (BX_CPU_THIS_PTR curInstruction->isLocked()) {
++ DBG(LOCKS,("acquiring HW_PREFIX_LOCK. laddr=%x, len=%d.\n",laddr,len));
++ eraser_lock(HW_PREFIX_LOCK); //acquire a dummy lock for h/w prefix "LOCK"
++ assert(cur_held(myid)!=0);
++ }
++
++ for (i=0;i<len;i++) {
++ //taintval[i] = 0x0;
++ try_access = access_linear_taint(laddr+i,1,pl,BX_READ,&taintval[i]);
++ ASSERT(try_access);
++ origval = taintval[i];
++ if (get_state(taintval[i])==VIRGIN) {
++ if (rw==BX_WRITE || rw==BX_RW) {
++ taintval[i] = set_state(taintval[i], EXCLUSIVE);
++ taintval[i] = set_value(taintval[i], myid);
++ DBG(CHECKBOCHS,("%x: Virgin->Exclusive(%x) location %x.if=%x. backtrace: %s\n",myid,taintval[i],laddr+i,BX_CPU_THIS_PTR get_IF(),backtrace(btstr)));
++ } else {
++ WRN_UNINIT(laddr) ;
++ }
++ }
++ else if (get_state(taintval[i])==EXCLUSIVE) {
++ if (get_value(taintval[i])!=myid) {
++ taintval[i] = set_value(taintval[i],cur_held(myid));
++ if (rw==BX_WRITE || rw==BX_RW) {
++ taintval[i] = set_state(taintval[i],SHARED_MOD);
++ DBG(CHECKBOCHS,("%x: Ex(%x)->SM(%x) location %x from exclusive to shared-mod state. if=%x, cur_held=%d. backtrace: %s\n",myid,origval,taintval[i],laddr+i,BX_CPU_THIS_PTR get_IF(),cur_held(myid),backtrace(btstr)));
++ } else {
++ taintval[i] = set_state(taintval[i],SHARED);
++ DBG(CHECKBOCHS,("%x: Ex(%x)->Shared(%x) location %x from exclusive to shared-mod state. if=%x, cur_held=%d. backtrace: %s\n",myid,origval,taintval[i],laddr+i,BX_CPU_THIS_PTR get_IF(),cur_held(myid),backtrace(btstr)));
++ }
++ }
++ }
++ else if (get_state(taintval[i])==SHARED) {
++ taintval[i] = set_value(taintval[i],intersect_locksets(get_value(taintval[i]),cur_held(myid)));
++ if (rw==BX_WRITE || rw==BX_RW) {
++ taintval[i] = set_state(taintval[i],SHARED_MOD);
++ DBG(CHECKBOCHS,("%x: Shared(%x)->SM(%x) location %x from shared to shared-mod state. if=%x, cur_held=%d. backtrace: %s\n",myid,origval,taintval[i],laddr+i,BX_CPU_THIS_PTR get_IF(),cur_held(myid),backtrace(btstr)));
++ } else
++ if (origval!=taintval[i]) {
++ DBG(CHECKBOCHS,("%x: Shared(%x)->Shared(%x) location %x from shared to shared-mod state. if=%x, cur_held=%d. backtrace: %s\n",myid,origval,taintval[i],laddr+i,BX_CPU_THIS_PTR get_IF(),cur_held(myid),backtrace(btstr)));
++ }
++ }
++ else if (get_state(taintval[i])==SHARED_MOD) {
++ taintval[i] = set_value(taintval[i],intersect_locksets(get_value(taintval[i]),cur_held(myid)));
++ if (origval!=taintval[i]) {
++ DBG(CHECKBOCHS,("%x: SM(%x)->SM(%x) location %x from exclusive to shared-mod state. if=%x, cur_held=%d. backtrace: %s\n",myid,origval,taintval[i],laddr+i,BX_CPU_THIS_PTR get_IF(),cur_held(myid),backtrace(btstr)));
++ }
++ }
++
++ /* Update the taintval in shadow memory */
++ if (origval!=taintval[i]) {
++ try_access = access_linear_taint(laddr+i,1,pl,BX_WRITE,
++ &taintval[i]);
++ ASSERT(try_access);
++ }
++
++ /* Warn if needed */
++ if (get_state(taintval[i])==SHARED_MOD && get_value(taintval[i])==LOCKSET_EMPTY) WRN_ERASER(myid,laddr+i,taintval[i]);
++ }
++ if (!BX_CPU_THIS_PTR get_IF()) eraser_unlock(INTERRUPT_LOCK); //release the lock that I had earlier acquired (to avoid duplicates)
++
++ if (BX_CPU_THIS_PTR curInstruction->isLocked()) {
++ DBG(LOCKS,("releasing HW_PREFIX_LOCK. laddr=%x, len=%d.\n",laddr,len));
++ eraser_unlock(HW_PREFIX_LOCK);
++ }
++}
++
++void BX_CPU_C::TT_CommonOps(bxInstruction_c *i) {
++ Bit32u opId = i->Id();
++ Bit32u myid = (BX_CPU_THIS_PTR thread_current())&0x3fffffff;
++ if (opId!=ERASER_ID) return;
++
++ if (EAX==IGNORE_OP) {
++ for (int i=0;i<ECX;i++) warn(EDX+i);
++ DBG(L1,("ignoring location %x (%d).\n",EDX,ECX));
++ }
++ else if (EAX==LOCKINIT_OP) {
++ eraser_init(ECX);
++ }
++ else if (EAX==IGNOREON_OP) {
++ if (global_startup_ignore) {
++ return ;
++ }
++ set_ignore(myid,true);
++ DBG(L1,("setting ignore on for thread %x. backtrace: %s\n",myid,backtrace(btstr)));
++ }
++ else if (EAX==IGNOREOFF_OP) {
++ if (global_startup_ignore) {
++ return ;
++ }
++ set_ignore(myid,false);
++ DBG(L1,("setting ignore off for thread %x. backtrace: %s\n",myid,backtrace(btstr)));
++ }
++ else if (EAX==REUSE_OP) {
++ Bit32u taintval = 0;
++ int pl = 0; //kernel privileges
++ DBG(L1,("%x: reusing location %x (%d). ESP=%x\n",myid,EDX,ECX,ESP));
++ for (int i=0;i<ECX;i++) {
++ int ret = access_linear_taint(EDX+i,1,pl,BX_WRITE,&taintval);
++ if (ret==0) DBG(L1,("reuse on location %x failed.\n",EDX+i));
++ }
++ } else if (EAX==DBG_MARK_OP) {
++ Bit32u taintval = 0;
++ char str[MAX_STRLEN];
++ int pl = 0; //kernel privileges
++ int ret, i=0;
++ do {
++ ret = access_linear_silent(EDX+i,1,pl,BX_READ,&str[i]) ;
++ } while (ret && str[i] && ++i<MAX_STRLEN);
++ str[i] = '\0';
++ DBG(L1,("%x: dbg mark at %s:%d. EIP=%x\n",myid,str,ECX,EIP));
++ } else if (EAX==GLOBAL_STARTUP_IGNOREOFF_OP) {
++ assert (global_startup_ignore) ;
++ global_startup_ignore = false ;
++ DBG(L1,("%x: setting global_startup_ignore to off\n",myid));
++ }
++}
++
++void BX_CPU_C::eraser_init_globals(void) {
++ g_logfp = fopen (g_logfn, "w") ;
++ if (g_logfp==NULL) {
++ DBG (ERR, ("%s(): Error opening checkbochs log %s for writing.\n",__func__,g_logfn)) ;
++ }
++}
+diff -urpN bochs-2.1.1.orig/taint/eraser.cc.bak checkbochs-2.1.1/taint/eraser.cc.bak
+diff -urpN bochs-2.1.1.orig/taint/eraser.h checkbochs-2.1.1/taint/eraser.h
+--- bochs-2.1.1.orig/taint/eraser.h 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/eraser.h 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,37 @@
++#ifndef __ERASER_H
++#define __ERASER_H
++
++#define IGNORE_OP 0
++#define LOCKINIT_OP 1
++#define IGNOREON_OP 2
++#define IGNOREOFF_OP 3
++#define REUSE_OP 4
++#define DBG_MARK_OP 5
++#define GLOBAL_STARTUP_IGNOREOFF_OP 6
++
++#define eraser_lock(x) do { \
++ Bit32u myid = (BX_CPU_THIS_PTR thread_current())&0x3fffffff; \
++ lockset_t lset = add_lock(cur_held(myid),x); \
++ update_lockset(myid,lset); \
++} while (0);
++
++#define eraser_unlock(x) do { \
++ Bit32u myid = (BX_CPU_THIS_PTR thread_current())&0x3fffffff; \
++ lockset_t lset = remove_lock(cur_held(myid),x); \
++ update_lockset(myid,lset); \
++} while (0);
++
++#define eraser_init(x) do { \
++ Bit32u myid = (BX_CPU_THIS_PTR thread_current())&0x3fffffff; \
++ lockset_t mylocks = cur_held(myid); \
++ lockset_t lset; \
++ if (belongs(mylocks,x)) { \
++ lset = remove_lock(mylocks,x); \
++ update_lockset(myid,lset); \
++ } \
++} while (0);
++
++#define INTERRUPT_LOCK 0x1234
++#define HW_PREFIX_LOCK 0x2345
++
++#endif
+diff -urpN bochs-2.1.1.orig/taint/eraser.h.bak checkbochs-2.1.1/taint/eraser.h.bak
+diff -urpN bochs-2.1.1.orig/taint/globals.cc checkbochs-2.1.1/taint/globals.cc
+--- bochs-2.1.1.orig/taint/globals.cc 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/globals.cc 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,13 @@
++#define NEED_CPU_REG_SHORTCUTS 1
++#include "bochs.h"
++#define LOG_THIS BX_CPU_THIS_PTR
++
++#include "taint/globals.h"
++
++void (*g_access_linear_fptr)(bx_address laddr, unsigned length, unsigned pl, unsigned rw, void *taint_value) = NULL;
++
++char btstr[512]; //a global string to print the backtrace
++int disassemble_num = 0;
++bool global_startup_ignore = true ;
++FILE *g_logfp = NULL ;
++char g_logfn [128] = "checkbochs.log" ;
+diff -urpN bochs-2.1.1.orig/taint/globals.cc.bak checkbochs-2.1.1/taint/globals.cc.bak
+diff -urpN bochs-2.1.1.orig/taint/globals.h checkbochs-2.1.1/taint/globals.h
+--- bochs-2.1.1.orig/taint/globals.h 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/globals.h 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,15 @@
++#ifndef __GLOBALS_H
++#define __GLOBALS_H
++
++#define MAX_STRLEN 128
++
++extern void (*g_access_linear_fptr)(bx_address laddr, unsigned length, unsigned pl, unsigned rw, void *taint_value);
++extern char btstr[512]; //a global string to print the backtrace
++
++extern bool global_startup_ignore ;
++extern int disassemble_num ;
++
++extern FILE *g_logfp ;
++extern char g_logfn[128] ;
++
++#endif
+diff -urpN bochs-2.1.1.orig/taint/globals.h.bak checkbochs-2.1.1/taint/globals.h.bak
+diff -urpN bochs-2.1.1.orig/taint/hash.cc checkbochs-2.1.1/taint/hash.cc
+--- bochs-2.1.1.orig/taint/hash.cc 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/hash.cc 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,353 @@
++#include <stdlib.h>
++#include <stdio.h>
++#include <assert.h>
++#include "hash.h"
++
++static struct list *find_bucket (struct hash *, hash_elem *);
++static struct list_elem *find_elem (struct hash *, struct list *, hash_elem *);
++static void insert_elem (struct hash *, struct list *, hash_elem *);
++static void remove_elem (struct hash *, hash_elem *);
++static void rehash (struct hash *);
++
++/* Initializes hash table H to compute hash values using HASH and
++ compare hash elements using LESS, given auxiliary data AUX.
++ this function can sleep on malloc. hence, CANNOT be called from thread_init.
++ */
++bool
++hash_init (struct hash *h,
++ hash_hash_func *hash, hash_less_func *less, void *aux)
++{
++ h->elem_cnt = 0;
++ h->bucket_cnt = 4;
++ h->buckets = (list *)(malloc (sizeof *h->buckets * h->bucket_cnt));
++ h->hash = hash;
++ h->less = less;
++ h->aux = aux;
++
++ if (h->buckets != NULL)
++ {
++ hash_clear (h);
++ return true;
++ }
++ else
++ return false;
++}
++
++/* Removes all the elements from H. */
++void
++hash_clear (struct hash *h)
++{
++ size_t i;
++
++ for (i = 0; i < h->bucket_cnt; i++)
++ list_init (&h->buckets[i]);
++ h->elem_cnt = 0;
++}
++
++/* Destroys hash table H. */
++void
++hash_destroy (struct hash *h)
++{
++ free (h->buckets);
++}
++
++/* Inserts NEW into hash table H and returns a null pointer, if
++ no equal element is already in the table.
++ If an equal element is already in the table, returns it
++ without inserting NEW. */
++hash_elem *
++hash_insert (struct hash *h, hash_elem *newelem)
++{
++ struct list *bucket = find_bucket (h, newelem);
++ struct list_elem *old = find_elem (h, bucket, newelem);
++
++ if (old == NULL)
++ insert_elem (h, bucket, newelem);
++
++ rehash (h);
++
++ return old;
++}
++
++/* Inserts NEW into hash table H, replacing any equal element
++ already in the table, which is returned. */
++hash_elem *
++hash_replace (struct hash *h, hash_elem *newelem)
++{
++ struct list *bucket = find_bucket (h, newelem);
++ struct list_elem *old = find_elem (h, bucket, newelem);
++
++ if (old != NULL)
++ remove_elem (h, old);
++ insert_elem (h, bucket, newelem);
++
++ rehash (h);
++
++ return old;
++}
++
++/* Finds and returns an element equal to E in hash table H, or a
++ null pointer if no equal element exists in the table. */
++hash_elem *
++hash_find (struct hash *h, hash_elem *e)
++{
++ return find_elem (h, find_bucket (h, e), e);
++}
++
++/* Finds, removes, and returns an element equal to E in hash
++ table H. Returns a null pointer if no equal element existed
++ in the table. */
++hash_elem *
++hash_delete (struct hash *h, hash_elem *e)
++{
++ struct list_elem *found = find_elem (h, find_bucket (h, e), e);
++ if (found != NULL)
++ {
++ remove_elem (h, found);
++ rehash (h);
++ }
++ return found;
++}
++
++/* Initializes I for iterating hash table H.
++
++ Iteration idiom:
++
++ struct hash_iterator i;
++
++ hash_first (&i, h);
++ while (hash_next (&i))
++ {
++ struct foo *f = hash_entry (hash_cur (&i), struct foo, elem);
++ ...do something with f...
++ }
++
++ NOTE: Modifying a hash table during iteration invalidates all
++ iterators.
++*/
++void
++hash_first (struct hash_iterator *i, struct hash *h)
++{
++ assert (i != NULL);
++ assert (h != NULL);
++
++ i->hash = h;
++ i->bucket = i->hash->buckets;
++ i->elem = list_head (i->bucket);
++}
++
++/* Advances I to the next element in the hash table and returns
++ it. Returns a null pointer if no elements are left. Elements
++ are returned in arbitrary order.
++
++ NOTE: Modifying a hash table during iteration invalidates all
++ iterators. */
++hash_elem *
++hash_next (struct hash_iterator *i)
++{
++ assert (i != NULL);
++
++ i->elem = list_next (i->elem);
++ while (i->elem == list_end (i->bucket))
++ {
++ if (++i->bucket >= i->hash->buckets + i->hash->bucket_cnt)
++ {
++ i->elem = NULL;
++ break;
++ }
++ i->elem = list_begin (i->bucket);
++ }
++
++ return i->elem;
++}
++
++/* Returns the current element in the hash table iteration, or a
++ null pointer at the end of the table. Undefined behavior
++ after calling hash_first() but before hash_next(). */
++hash_elem *
++hash_cur (struct hash_iterator *i)
++{
++ return i->elem;
++}
++
++/* Returns the number of elements in H. */
++size_t
++hash_size (struct hash *h)
++{
++ return h->elem_cnt;
++}
++
++/* Returns true if H contains no elements, false otherwise. */
++bool
++hash_empty (struct hash *h)
++{
++ return h->elem_cnt == 0;
++}
++
++/* Fowler-Noll-Vo hash constants, for 32-bit word sizes. */
++#define FNV_32_PRIME 16777619u
++#define FNV_32_BASIS 2166136261u
++
++/* Returns a hash of the SIZE bytes in BUF. */
++unsigned
++hash_bytes (const void *buf_, size_t size)
++{
++ /* Fowler-Noll-Vo 32-bit hash, for bytes. */
++ const unsigned char *buf = (unsigned char *)buf_;
++ unsigned hash;
++
++ assert (buf != NULL);
++
++ hash = FNV_32_BASIS;
++ while (size-- > 0)
++ hash = (hash * FNV_32_PRIME) ^ *buf++;
++
++ return hash;
++}
++
++/* Returns a hash of string S. */
++unsigned
++hash_string (const char *s_)
++{
++ const unsigned char *s = (unsigned char *)s_;
++ unsigned hash;
++
++ assert (s != NULL);
++
++ hash = FNV_32_BASIS;
++ while (*s != '\0')
++ hash = (hash * FNV_32_PRIME) ^ *s++;
++
++ return hash;
++}
++
++/* Returns a hash of integer I. */
++unsigned
++hash_int (int i)
++{
++ return hash_bytes (&i, sizeof i);
++}
++\f
++/* Returns the bucket in H that E belongs in. */
++static struct list *
++find_bucket (struct hash *h, hash_elem *e)
++{
++ size_t bucket_idx = h->hash (e, h->aux) & (h->bucket_cnt - 1);
++ return &h->buckets[bucket_idx];
++}
++
++/* Searches BUCKET in H for a hash element equal to E. Returns
++ it if found or a null pointer otherwise. */
++static struct list_elem *
++find_elem (struct hash *h, struct list *bucket, hash_elem *e)
++{
++ struct list_elem *i;
++
++ for (i = list_begin (bucket); i != list_end (bucket); i = list_next (i))
++ if (!h->less (i, e, h->aux) && !h->less (e, i, h->aux))
++ return i;
++ return NULL;
++}
++
++/* Returns X with its lowest-order bit set to 1 turned off. */
++static inline size_t
++turn_off_least_1bit (size_t x)
++{
++ return x & (x - 1);
++}
++
++/* Returns true if X is a power of 2, otherwise false. */
++static inline size_t
++is_power_of_2 (size_t x)
++{
++ return x != 0 && turn_off_least_1bit (x) == 0;
++}
++
++/* Element per bucket ratios. */
++#define MIN_ELEMS_PER_BUCKET 1 /* Elems/bucket < 1: reduce # of buckets. */
++#define BEST_ELEMS_PER_BUCKET 2 /* Ideal elems/bucket. */
++#define MAX_ELEMS_PER_BUCKET 4 /* Elems/bucket > 4: increase # of buckets. */
++
++/* Changes the number of buckets in hash table H to match the
++ ideal. This function can fail because of an out-of-memory
++ condition, but that'll just make hash accesses less efficient;
++ we can still continue. */
++static void
++rehash (struct hash *h)
++{
++ size_t old_bucket_cnt, new_bucket_cnt;
++ struct list *new_buckets, *old_buckets;
++ size_t i;
++
++ assert (h != NULL);
++
++ /* Save old bucket info for later use. */
++ old_buckets = h->buckets;
++ old_bucket_cnt = h->bucket_cnt;
++
++ /* Calculate the number of buckets to use now.
++ We want one bucket for about every BEST_ELEMS_PER_BUCKET.
++ We must have at least four buckets, and the number of
++ buckets must be a power of 2. */
++ new_bucket_cnt = h->elem_cnt / BEST_ELEMS_PER_BUCKET;
++ if (new_bucket_cnt < 4)
++ new_bucket_cnt = 4;
++ while (!is_power_of_2 (new_bucket_cnt))
++ new_bucket_cnt = turn_off_least_1bit (new_bucket_cnt);
++
++ /* Don't do anything if the bucket count wouldn't change. */
++ if (new_bucket_cnt == old_bucket_cnt)
++ return;
++
++ /* Allocate new buckets and initialize them as empty. */
++ new_buckets = (struct list *)malloc (sizeof *new_buckets * new_bucket_cnt);
++ if (new_buckets == NULL)
++ {
++ /* Allocation failed. This means that use of the hash table will
++ be less efficient. However, it is still usable, so
++ there's no reason for it to be an error. */
++ return;
++ }
++ for (i = 0; i < new_bucket_cnt; i++)
++ list_init (&new_buckets[i]);
++
++ /* Install new bucket info. */
++ h->buckets = new_buckets;
++ h->bucket_cnt = new_bucket_cnt;
++
++ /* Move each old element into the appropriate new bucket. */
++ for (i = 0; i < old_bucket_cnt; i++)
++ {
++ struct list *old_bucket;
++ struct list_elem *elem, *next;
++
++ old_bucket = &old_buckets[i];
++ for (elem = list_begin (old_bucket);
++ elem != list_end (old_bucket); elem = next)
++ {
++ struct list *new_bucket = find_bucket (h, elem);
++ next = list_next (elem);
++ list_remove (elem);
++ list_push_front (new_bucket, elem);
++ }
++ }
++
++ free (old_buckets);
++}
++
++/* Inserts E into BUCKET (in hash table H). */
++static void
++insert_elem (struct hash *h, struct list *bucket, hash_elem *e)
++{
++ h->elem_cnt++;
++ list_push_front (bucket, e);
++}
++
++/* Removes E from hash table H. */
++static void
++remove_elem (struct hash *h, hash_elem *e)
++{
++ h->elem_cnt--;
++ list_remove (e);
++}
++
+diff -urpN bochs-2.1.1.orig/taint/hash.cc.bak checkbochs-2.1.1/taint/hash.cc.bak
+diff -urpN bochs-2.1.1.orig/taint/hash.h checkbochs-2.1.1/taint/hash.h
+--- bochs-2.1.1.orig/taint/hash.h 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/hash.h 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,92 @@
++#ifndef __HASH_H
++#define __HASH_H
++
++/* Hash table.
++
++ This is a standard hash table with chaining. To locate an
++ element in the table, we compute a hash function over the
++ element's data and use that as an index into an array of
++ doubly linked lists, then linearly search the list.
++
++ The chain lists do not use dynamic allocation. Instead, each
++ structure that can potentially be in a hash must embed a
++ hash_elem member. All of the hash functions operate on these
++ `hash_elem's. The hash_entry macro allows conversion from a
++ hash_elem back to a structure object that contains it. This
++ is the same technique used in the linked list implementation.
++ Refer to lib/kernel/list.h for a detailed explanation.
++
++ The FAQ for the VM project contains a detailed example of how
++ to use the hash table. */
++
++#include <stdbool.h>
++#include <stddef.h>
++#include <inttypes.h>
++#include "list.h"
++
++/* Hash element. */
++typedef list_elem hash_elem;
++
++/* Converts pointer to hash element HASH_ELEM into a pointer to
++ the structure that HASH_ELEM is embedded inside. Supply the
++ name of the outer structure STRUCT and the member name MEMBER
++ of the hash element. See the big comment at the top of the
++ file for an example. */
++#define hash_entry(HASH_ELEM, STRUCT, MEMBER) \
++ ((STRUCT *) ((uint8_t *) (HASH_ELEM) - offsetof (STRUCT, MEMBER)))
++
++/* Computes and returns the hash value for hash element E, given
++ auxiliary data AUX. */
++typedef unsigned hash_hash_func (const hash_elem *e, void *aux);
++
++/* Compares the value of two hash elements A and B, given
++ auxiliary data AUX. Returns true if A is less than B, or
++ false if A is greater than or equal to B. */
++typedef bool hash_less_func (const hash_elem *a, const hash_elem *b,
++ void *aux);
++
++/* Hash table. */
++struct hash
++ {
++ size_t elem_cnt; /* Number of elements in table. */
++ size_t bucket_cnt; /* Number of buckets, a power of 2. */
++ struct list *buckets; /* Array of `bucket_cnt' lists. */
++ hash_hash_func *hash; /* Hash function. */
++ hash_less_func *less; /* Comparison function. */
++ void *aux; /* Auxiliary data for `hash' and `less'. */
++ };
++
++/* A hash table iterator. */
++struct hash_iterator
++ {
++ struct hash *hash; /* The hash table. */
++ struct list *bucket; /* Current bucket. */
++ hash_elem *elem; /* Current hash element in current bucket. */
++ };
++
++/* Basic life cycle. */
++bool hash_init (struct hash *, hash_hash_func *, hash_less_func *, void *aux);
++void hash_clear (struct hash *);
++void hash_destroy (struct hash *);
++
++/* Search, insertion, deletion. */
++hash_elem *hash_insert (struct hash *, hash_elem *);
++hash_elem *hash_replace (struct hash *, hash_elem *);
++hash_elem *hash_find (struct hash *, hash_elem *);
++hash_elem *hash_delete (struct hash *, hash_elem *);
++
++/* Iteration. */
++void hash_first (struct hash_iterator *, struct hash *);
++hash_elem *hash_next (struct hash_iterator *);
++hash_elem *hash_cur (struct hash_iterator *);
++
++/* Information. */
++size_t hash_size (struct hash *);
++bool hash_empty (struct hash *);
++
++/* Sample hash functions. */
++unsigned hash_bytes (const void *, size_t);
++unsigned hash_string (const char *);
++unsigned hash_int (int);
++
++#endif /* lib/kernel/hash.h */
+diff -urpN bochs-2.1.1.orig/taint/hash.h.bak checkbochs-2.1.1/taint/hash.h.bak
+diff -urpN bochs-2.1.1.orig/taint/list.cc checkbochs-2.1.1/taint/list.cc
+--- bochs-2.1.1.orig/taint/list.cc 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/list.cc 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,471 @@
++#include <stdlib.h>
++#include <assert.h>
++#include "list.h"
++
++/* Our doubly linked lists have two header elements: the "head"
++ just before the first element and the "tail" just after the
++ last element. The `prev' link of the front header is null, as
++ is the `next' link of the back header. Their other two links
++ point toward each other via the interior elements of the list.
++
++ An empty list looks like this:
++
++ +------+ +------+
++ <---| head |<--->| tail |--->
++ +------+ +------+
++
++ A list with two elements in it looks like this:
++
++ +------+ +-------+ +-------+ +------+
++ <---| head |<--->| 1 |<--->| 2 |<--->| tail |<--->
++ +------+ +-------+ +-------+ +------+
++
++ The symmetry of this arrangement eliminates lots of special
++ cases in list processing. For example, take a look at
++ list_remove(): it takes only two pointer assignments and no
++ conditionals. That's a lot simpler than the code would be
++ without header elements.
++
++ (Because only one of the pointers in each header element is used,
++ we could in fact combine them into a single header element
++ without sacrificing this simplicity. But using two separate
++ elements allows us to do a little bit of checking on some
++ operations, which can be valuable.) */
++
++/* Returns true if ELEM is a head, false otherwise. */
++inline bool
++is_head (list_elem *elem)
++{
++ return elem != NULL && elem->prev == NULL && elem->next != NULL;
++}
++
++/* Returns true if ELEM is an interior element,
++ false otherwise. */
++static inline bool
++is_interior (list_elem *elem)
++{
++ return elem != NULL && elem->prev != NULL && elem->next != NULL;
++}
++
++/* Returns true if ELEM is a tail, false otherwise. */
++static inline bool
++is_tail (list_elem *elem)
++{
++ return elem != NULL && elem->prev != NULL && elem->next == NULL;
++}
++
++/* Initializes LIST as an empty list. */
++void
++list_init (struct list *list)
++{
++ assert (list != NULL);
++ list->head.prev = NULL;
++ list->head.next = &list->tail;
++ list->tail.prev = &list->head;
++ list->tail.next = NULL;
++}
++
++/* Returns the beginning of LIST. */
++list_elem *
++list_begin (struct list *list)
++{
++ assert (list != NULL);
++ return list->head.next;
++}
++
++/* Returns the element after ELEM in its list. If ELEM is the
++ last element in its list, returns the list tail. Results are
++ undefined if ELEM is itself a list tail. */
++list_elem *
++list_next (list_elem *elem)
++{
++ assert (is_head (elem) || is_interior (elem));
++ return elem->next;
++}
++
++/* Returns LIST's tail.
++
++ list_end() is often used in iterating through a list from
++ front to back. See the big comment at the top of list.h for
++ an example. */
++list_elem *
++list_end (struct list *list)
++{
++ assert (list != NULL);
++ return &list->tail;
++}
++
++/* Returns the LIST's reverse beginning, for iterating through
++ LIST in reverse order, from back to front. */
++list_elem *
++list_rbegin (struct list *list)
++{
++ assert (list != NULL);
++ return list->tail.prev;
++}
++
++/* Returns the element before ELEM in its list. If ELEM is the
++ first element in its list, returns the list head. Results are
++ undefined if ELEM is itself a list head. */
++list_elem *
++list_prev (list_elem *elem)
++{
++ assert (is_interior (elem) || is_tail (elem));
++ return elem->prev;
++}
++
++/* Returns LIST's head.
++
++ list_rend() is often used in iterating through a list in
++ reverse order, from back to front. Here's typical usage,
++ following the example from the top of list.h:
++
++ for (e = list_rbegin (&foo_list); e != list_rend (&foo_list);
++ e = list_prev (e))
++ {
++ struct foo *f = list_entry (e, struct foo, elem);
++ ...do something with f...
++ }
++*/
++list_elem *
++list_rend (struct list *list)
++{
++ assert (list != NULL);
++ return &list->head;
++}
++
++/* Return's LIST's head.
++
++ list_head() can be used for an alternate style of iterating
++ through a list, e.g.:
++
++ e = list_head (&list);
++ while ((e = list_next (e)) != list_end (&list))
++ {
++ ...
++ }
++*/
++list_elem *
++list_head (struct list *list)
++{
++ assert (list != NULL);
++ return &list->head;
++}
++
++/* Return's LIST's tail. */
++list_elem *
++list_tail (struct list *list)
++{
++ assert (list != NULL);
++ return &list->tail;
++}
++
++/* Inserts ELEM just before BEFORE, which may be either an
++ interior element or a tail. The latter case is equivalent to
++ list_push_back(). */
++void
++list_insert (list_elem *before, list_elem *elem)
++{
++ assert (is_interior (before) || is_tail (before));
++ assert (elem != NULL);
++
++ elem->prev = before->prev;
++ elem->next = before;
++ before->prev->next = elem;
++ before->prev = elem;
++}
++
++/* Removes elements FIRST though LAST (exclusive) from their
++ current list, then inserts them just before BEFORE, which may
++ be either an interior element or a tail. */
++void
++list_splice (list_elem *before,
++ list_elem *first, list_elem *last)
++{
++ assert (is_interior (before) || is_tail (before));
++ if (first == last)
++ return;
++ last = list_prev (last);
++
++ assert (is_interior (first));
++ assert (is_interior (last));
++
++ /* Cleanly remove FIRST...LAST from its current list. */
++ first->prev->next = last->next;
++ last->next->prev = first->prev;
++
++ /* Splice FIRST...LAST into new list. */
++ first->prev = before->prev;
++ last->next = before;
++ before->prev->next = first;
++ before->prev = last;
++}
++
++/* Inserts ELEM at the beginning of LIST, so that it becomes the
++ front in LIST. */
++void
++list_push_front (struct list *list, list_elem *elem)
++{
++ list_insert (list_begin (list), elem);
++}
++
++/* Inserts ELEM at the end of LIST, so that it becomes the
++ back in LIST. */
++void
++list_push_back (struct list *list, list_elem *elem)
++{
++ list_insert (list_end (list), elem);
++}
++
++/* Removes ELEM from its list and returns the element that
++ followed it. Undefined behavior if ELEM is not in a list. */
++list_elem *
++list_remove (list_elem *elem)
++{
++ assert (is_interior (elem));
++ elem->prev->next = elem->next;
++ elem->next->prev = elem->prev;
++ return elem->next;
++}
++
++/* Removes the front element from LIST and returns it.
++ Undefined behavior if LIST is empty before removal. */
++list_elem *
++list_pop_front (struct list *list)
++{
++ list_elem *front = list_front (list);
++ list_remove (front);
++ return front;
++}
++
++/* Removes the back element from LIST and returns it.
++ Undefined behavior if LIST is empty before removal. */
++list_elem *
++list_pop_back (struct list *list)
++{
++ list_elem *back = list_back (list);
++ list_remove (back);
++ return back;
++}
++
++/* Returns the front element in LIST.
++ Undefined behavior if LIST is empty. */
++list_elem *
++list_front (struct list *list)
++{
++ assert (!list_empty (list));
++ return list->head.next;
++}
++
++/* Returns the back element in LIST.
++ Undefined behavior if LIST is empty. */
++list_elem *
++list_back (struct list *list)
++{
++ assert (!list_empty (list));
++ return list->tail.prev;
++}
++
++/* Returns the number of elements in LIST.
++ Runs in O(n) in the number of elements. */
++size_t
++list_size (struct list *list)
++{
++ list_elem *e;
++ size_t cnt = 0;
++
++ for (e = list_begin (list); e != list_end (list); e = list_next (e))
++ cnt++;
++ return cnt;
++}
++
++/* Returns true if LIST is empty, false otherwise. */
++bool
++list_empty (struct list *list)
++{
++ return list_begin (list) == list_end (list);
++}
++
++/* Swaps the `list_elem *'s that A and B point to. */
++static void
++swap (list_elem **a, list_elem **b)
++{
++ list_elem *t = *a;
++ *a = *b;
++ *b = t;
++}
++
++/* Reverses the order of LIST. */
++void
++list_reverse (struct list *list)
++{
++ if (!list_empty (list))
++ {
++ list_elem *e;
++
++ for (e = list_begin (list); e != list_end (list); e = e->prev)
++ swap (&e->prev, &e->next);
++ swap (&list->head.next, &list->tail.prev);
++ swap (&list->head.next->prev, &list->tail.prev->next);
++ }
++}
++
++/* Merges lists AL and BL, which must each be sorted according to
++ LESS given auxiliary data AUX, by inserting each element of BL
++ at the proper place in AL to preserve the ordering.
++ Runs in O(n) in the combined length of AL and BL. */
++void
++list_merge (struct list *al, struct list *bl,
++ list_less_func *less, void *aux)
++{
++ list_elem *a;
++
++ assert (al != NULL);
++ assert (bl != NULL);
++ assert (less != NULL);
++
++ a = list_begin (al);
++ while (a != list_end (al))
++ {
++ list_elem *b = list_begin (bl);
++ if (less (b, a, aux))
++ {
++ list_splice (a, b, list_next (b));
++ if (list_empty (bl))
++ break;
++ }
++ else
++ a = list_next (a);
++ }
++ list_splice (list_end (al), list_begin (bl), list_end (bl));
++}
++
++/* Returns the middle element in LIST, that is, the N/2'th
++ element (rounding down) in a N-element list.
++ Given an empty list, returns the list tail. */
++static list_elem *
++middle_of_list (struct list *list)
++{
++ list_elem *middle, *last;
++
++ middle = last = list_begin (list);
++ while (last != list_end (list) && list_next (last) != list_end (list))
++ {
++ middle = list_next (middle);
++ last = list_next (list_next (last));
++ }
++ return middle;
++}
++
++/* Sorts LIST according to LESS given auxiliary data AUX.
++ Runs in O(n lg n) time in the number of elements in LIST. */
++void
++list_sort (struct list *list,
++ list_less_func *less, void *aux)
++{
++ /* Find the middle of the list. */
++ list_elem *middle = middle_of_list (list);
++ if (middle != list_begin (list))
++ {
++ /* Extract first half of LIST into a temporary list. */
++ struct list tmp;
++ list_init (&tmp);
++ list_splice (list_begin (&tmp), list_begin (list), middle);
++
++ /* Sort each half-list and merge the result. */
++ list_sort (&tmp, less, aux);
++ list_sort (list, less, aux);
++ list_merge (list, &tmp, less, aux);
++ }
++ else
++ {
++ /* The middle is at the beginning of the list.
++ This only happens in empty lists and 1-element lists.
++ Because such lists are already sorted, we have nothing
++ to do. */
++ }
++}
++
++/* Inserts ELEM in the proper position in LIST, which must be
++ sorted according to LESS given auxiliary data AUX.
++ Runs in O(n) average case in the number of elements in LIST. */
++void
++list_insert_ordered (struct list *list, list_elem *elem,
++ list_less_func *less, void *aux)
++{
++ list_elem *e;
++
++ assert (list != NULL);
++ assert (elem != NULL);
++ assert (less != NULL);
++
++ for (e = list_begin (list); e != list_end (list); e = list_next (e))
++ if (less (elem, e, aux))
++ break;
++ return list_insert (e, elem);
++}
++
++/* Iterates through LIST and removes all but the first in each
++ set of adjacent elements that are equal according to LESS
++ given auxiliary data AUX. If DUPLICATES is non-null, then the
++ elements from LIST are appended to DUPLICATES. */
++void
++list_unique (struct list *list, struct list *duplicates,
++ list_less_func *less, void *aux)
++{
++ list_elem *elem, *next;
++
++ assert (list != NULL);
++ assert (less != NULL);
++ if (list_empty (list))
++ return;
++
++ elem = list_begin (list);
++ while ((next = list_next (elem)) != list_end (list))
++ if (!less (elem, next, aux) && !less (next, elem, aux))
++ {
++ list_remove (next);
++ if (duplicates != NULL)
++ list_push_back (duplicates, next);
++ }
++ else
++ elem = next;
++}
++
++/* Returns the element in LIST with the largest value according
++ to LESS given auxiliary data AUX. If there is more than one
++ maximum, returns the one that appears earlier in the list. If
++ the list is empty, returns its tail. */
++list_elem *
++list_max (struct list *list, list_less_func *less, void *aux)
++{
++ list_elem *max = list_begin (list);
++ if (max != list_end (list))
++ {
++ list_elem *e;
++
++ for (e = list_next (max); e != list_end (list); e = list_next (e))
++ if (less (max, e, aux))
++ max = e;
++ }
++ return max;
++}
++
++/* Returns the element in LIST with the smallest value according
++ to LESS given auxiliary data AUX. If there is more than one
++ minimum, returns the one that appears earlier in the list. If
++ the list is empty, returns its tail. */
++list_elem *
++list_min (struct list *list, list_less_func *less, void *aux)
++{
++ list_elem *min = list_begin (list);
++ if (min != list_end (list))
++ {
++ list_elem *e;
++
++ for (e = list_next (min); e != list_end (list); e = list_next (e))
++ if (less (e, min, aux))
++ min = e;
++ }
++ return min;
++}
+diff -urpN bochs-2.1.1.orig/taint/list.cc.bak checkbochs-2.1.1/taint/list.cc.bak
+diff -urpN bochs-2.1.1.orig/taint/list.h checkbochs-2.1.1/taint/list.h
+--- bochs-2.1.1.orig/taint/list.h 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/list.h 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,171 @@
++#ifndef __LIB_KERNEL_LIST_H
++#define __LIB_KERNEL_LIST_H
++
++/* Doubly linked list.
++
++ This implementation of a doubly linked list does not require
++ use of dynamically allocated memory. Instead, each structure
++ that is a potential list element must embed a list_elem
++ member. All of the list functions operate on these
++ `list_elem's. The list_entry macro allows conversion from a
++ list_elem back to a structure object that contains it.
++
++ For example, suppose there is a needed for a list of `struct
++ foo'. `struct foo' should contain a `list_elem' member, like
++ so:
++
++ struct foo
++ {
++ list_elem elem;
++ int bar;
++ ...other members...
++ };
++
++ Then a list of `struct foo' can be be declared and initialized
++ like so:
++
++ struct list foo_list;
++
++ list_init (&foo_list);
++
++ Iteration is a typical situation where it is necessary to
++ convert from a list_elem back to its enclosing structure.
++ Here's an example using foo_list:
++
++ list_elem *e;
++
++ for (e = list_begin (&foo_list); e != list_end (&foo_list);
++ e = list_next (e))
++ {
++ struct foo *f = list_entry (e, struct foo, elem);
++ ...do something with f...
++ }
++
++ You can find real examples of list usage throughout the
++ source; for example, malloc.c, palloc.c, and thread.c in the
++ threads directory all use lists.
++
++ The interface for this list is inspired by the list<> template
++ in the C++ STL. If you're familiar with list<>, you should
++ find this easy to use. However, it should be emphasized that
++ these lists do *no* type checking and can't do much other
++ correctness checking. If you screw up, it will bite you.
++
++ Glossary of list terms:
++
++ - "front": The first element in a list. Undefined in an
++ empty list. Returned by list_front().
++
++ - "back": The last element in a list. Undefined in an empty
++ list. Returned by list_back().
++
++ - "tail": The element figuratively just after the last
++ element of a list. Well defined even in an empty list.
++ Returned by list_end(). Used as the end sentinel for an
++ iteration from front to back.
++
++ - "beginning": In a non-empty list, the front. In an empty
++ list, the tail. Returned by list_begin(). Used as the
++ starting point for an iteration from front to back.
++
++ - "head": The element figuratively just before the first
++ element of a list. Well defined even in an empty list.
++ Returned by list_rend(). Used as the end sentinel for an
++ iteration from back to front.
++
++ - "reverse beginning": In a non-empty list, the back. In an
++ empty list, the head. Returned by list_rbegin(). Used as
++ the starting point for an iteration from back to front.
++
++ - "interior element": An element that is not the head or
++ tail, that is, a real list element. An empty list does
++ not have any interior elements.
++*/
++
++#include <stdbool.h>
++#include <stddef.h>
++#include <inttypes.h>
++
++/* List element. */
++typedef struct list_elem
++ {
++ struct list_elem *prev; /* Previous list element. */
++ struct list_elem *next; /* Next list element. */
++ }
++list_elem;
++
++/* List. */
++struct list
++ {
++ list_elem head; /* List head. */
++ list_elem tail; /* List tail. */
++ };
++
++/* Converts pointer to list element LIST_ELEM into a pointer to
++ the structure that LIST_ELEM is embedded inside. Supply the
++ name of the outer structure STRUCT and the member name MEMBER
++ of the list element. See the big comment at the top of the
++ file for an example. */
++#define list_entry(LIST_ELEM, STRUCT, MEMBER) \
++ ((STRUCT *) ((uint8_t *) (LIST_ELEM) - offsetof (STRUCT, MEMBER)))
++
++void list_init (struct list *);
++
++/* List traversal. */
++list_elem *list_begin (struct list *);
++list_elem *list_next (list_elem *);
++list_elem *list_end (struct list *);
++
++list_elem *list_rbegin (struct list *);
++list_elem *list_prev (list_elem *);
++list_elem *list_rend (struct list *);
++
++list_elem *list_head (struct list *);
++list_elem *list_tail (struct list *);
++
++/* List insertion. */
++void list_insert (list_elem *, list_elem *);
++void list_splice (list_elem *before,
++ list_elem *first, list_elem *last);
++void list_push_front (struct list *, list_elem *);
++void list_push_back (struct list *, list_elem *);
++
++/* List removal. */
++list_elem *list_remove (list_elem *);
++list_elem *list_pop_front (struct list *);
++list_elem *list_pop_back (struct list *);
++
++/* List elements. */
++list_elem *list_front (struct list *);
++list_elem *list_back (struct list *);
++
++/* List properties. */
++size_t list_size (struct list *);
++bool list_empty (struct list *);
++
++/* Miscellaneous. */
++void list_reverse (struct list *);
++\f
++/* Compares the value of two list elements A and B, given
++ auxiliary data AUX. Returns true if A is less than B, or
++ false if A is greater than or equal to B. */
++typedef bool list_less_func (const list_elem *a, const list_elem *b,
++ void *aux);
++
++/* Operations on lists with ordered elements. */
++void list_merge (struct list *, struct list *,
++ list_less_func *, void *aux);
++void list_sort (struct list *,
++ list_less_func *, void *aux);
++void list_insert_ordered (struct list *, list_elem *,
++ list_less_func *, void *aux);
++void list_unique (struct list *, struct list *duplicates,
++ list_less_func *, void *aux);
++
++/* Max and min. */
++list_elem *list_max (struct list *, list_less_func *, void *aux);
++list_elem *list_min (struct list *, list_less_func *, void *aux);
++
++inline bool
++is_head (list_elem *elem);
++#endif /* lib/kernel/list.h */
+diff -urpN bochs-2.1.1.orig/taint/list.h.bak checkbochs-2.1.1/taint/list.h.bak
+diff -urpN bochs-2.1.1.orig/taint/lockset.cc checkbochs-2.1.1/taint/lockset.cc
+--- bochs-2.1.1.orig/taint/lockset.cc 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/lockset.cc 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,635 @@
++#include <stdio.h>
++#include <stdlib.h>
++#include <assert.h>
++
++#define NEED_CPU_REG_SHORTCUTS 1
++#include "bochs.h"
++#define LOG_THIS BX_CPU_THIS_PTR
++#include "lockset.h"
++#include "hash.h"
++#include "eraser.h"
++#include "globals.h"
++#include "mydebug.h"
++
++
++#define MAX_LOCKSETS ((unsigned int)100000)
++#define HTABLE_SIZE ((unsigned int)4*MAX_LOCKSETS) //overprovision for closed hashing
++
++typedef unsigned int hval_t;
++
++struct add_lock_entry {
++ locksetidx_t oldindex;
++ address_t newlock;
++ locksetidx_t newindex;
++ hash_elem h_elem; /* Hash element */
++};
++
++struct remove_lock_entry {
++ locksetidx_t oldindex;
++ address_t oldlock;
++ locksetidx_t newindex;
++ hash_elem h_elem; /* Hash element */
++};
++
++
++struct intersect_entry {
++ locksetidx_t index1, index2, newindex;
++ hash_elem h_elem; /* Hash element */
++};
++
++unsigned add_lock_hash (const hash_elem *e, void *aux)
++{
++ struct add_lock_entry *h = hash_entry (e, struct add_lock_entry, h_elem);
++ return hash_int ((h->oldindex << 16) | (h->newlock&0x0000ffff) );
++}
++
++bool
++add_lock_less (const hash_elem *a_, const hash_elem *b_,
++ void *aux)
++{
++ struct add_lock_entry *a = hash_entry (a_, struct add_lock_entry, h_elem);
++ struct add_lock_entry *b = hash_entry (b_, struct add_lock_entry, h_elem);
++ return (a->oldindex < b->oldindex || (a->oldindex==b->oldindex && a->newlock < b->newlock));
++}
++
++unsigned remove_lock_hash (const hash_elem *e, void *aux)
++{
++ struct remove_lock_entry *h = hash_entry (e, struct remove_lock_entry, h_elem);
++ return hash_int ((h->oldindex << 16) | (h->oldlock&0x0000ffff));
++}
++
++bool
++remove_lock_less (const hash_elem *a_, const hash_elem *b_,
++ void *aux)
++{
++ struct remove_lock_entry *a = hash_entry (a_, struct remove_lock_entry, h_elem);
++ struct remove_lock_entry *b = hash_entry (b_, struct remove_lock_entry, h_elem);
++ return (a->oldindex < b->oldindex || (a->oldindex==b->oldindex && a->oldlock < b->oldlock));
++}
++
++unsigned intersect_hash (const hash_elem *e, void *aux)
++{
++ struct intersect_entry *h = hash_entry (e, struct intersect_entry, h_elem);
++ return hash_int ((h->index1 << 16) | (h->index2&0x0000ffff));
++}
++
++bool
++intersect_less (const hash_elem *a_, const hash_elem *b_,
++ void *aux)
++{
++ struct intersect_entry *a = hash_entry (a_, struct intersect_entry, h_elem);
++ struct intersect_entry *b = hash_entry (b_, struct intersect_entry, h_elem);
++ return (a->index1 < b->index1 || (a->index1==b->index1 && a->index2 < b->index2));
++}
++
++
++
++
++static int add_lock_cache_initialized = 0;
++static struct hash add_lock_cache;
++
++static int remove_lock_cache_initialized = 0;
++static struct hash remove_lock_cache;
++
++static int intersect_cache_initialized = 0;
++static struct hash intersect_cache;
++
++typedef struct lockvector {
++ address_t lockaddress;
++ struct lockvector *next;
++} lockvector_t;
++
++
++static locksetidx_t lockset_index = 1;
++static lockvector_t *index_table[MAX_LOCKSETS];
++static locksetidx_t hash_table[HTABLE_SIZE];
++
++static unsigned int cum_hash(unsigned int a, address_t b) {
++ return (3*a+b);
++}
++
++static unsigned int hashfn(lockvector_t *vec) {
++ lockvector_t *cur;
++ unsigned int ret=0;
++ assert(vec);
++ cur = vec;
++ while (cur) {
++ ret = cum_hash(ret,cur->lockaddress);
++ cur = cur->next;
++ }
++ return ret;
++}
++
++static void
++freevector(lockvector_t *lockvec) {
++ static lockvector_t *cur, *prev;
++ cur = lockvec;
++ while (cur) {
++ prev = cur;
++ cur = cur->next;
++ free(prev);
++ }
++}
++
++static lockvector_t *
++clonevector(lockvector_t *lockvec) {
++ static lockvector_t *cur, *newlockvec,*newprev;
++ if (!lockvec) return NULL;
++ assert(lockvec);
++ newlockvec = (lockvector_t*)malloc(sizeof(lockvector_t));
++ newlockvec->lockaddress = lockvec->lockaddress;
++ newprev = newlockvec;
++ cur = lockvec->next;
++ while (cur) {
++ newprev->next = (lockvector_t*)malloc(sizeof(lockvector_t));
++ newprev->next->lockaddress = cur->lockaddress;
++ cur = cur->next;
++ newprev = newprev->next;
++ }
++ newprev->next = NULL;
++ return newlockvec;
++}
++
++static lockvector_t *
++remove_from_lockvector(lockvector_t *lockvec, address_t oldlock) {
++ lockvector_t *ret, *cur, *newlockvec, *tmp;
++ assert(lockvec);
++
++ if (oldlock<lockvec->lockaddress) assert(0);
++ if (oldlock==lockvec->lockaddress) {
++ ret = clonevector(lockvec->next);
++ return ret;
++ }
++
++ cur = newlockvec = clonevector(lockvec);
++ while (cur->next && oldlock>cur->next->lockaddress) {
++ cur = cur->next;
++ }
++ assert(oldlock==cur->next->lockaddress);
++
++ tmp = cur->next;
++ cur->next = cur->next->next;
++ tmp->lockaddress = 0;
++ tmp->next = NULL;
++ free(tmp);
++ return newlockvec;
++}
++
++static lockvector_t *
++intersect_lockvectors(lockvector_t *lockvec1, lockvector_t *lockvec2) {
++ lockvector_t *cur1, *cur2, *out, *ret;
++ cur1 = lockvec1;
++ cur2 = lockvec2;
++ ret = out = NULL;
++ while (cur1 && cur2) {
++ if (cur1->lockaddress < cur2->lockaddress) {
++ cur1 = cur1->next;
++ } else if (cur1->lockaddress > cur2->lockaddress) {
++ cur2 = cur2->next;
++ } else {
++ if (out) {
++ out->next = (lockvector_t *)malloc(sizeof(lockvector_t));
++ out = out->next;
++ } else {
++ ret = out = (lockvector_t *)malloc(sizeof(lockvector_t));
++ }
++ out->lockaddress = cur1->lockaddress;
++ out->next = NULL;
++ cur1 = cur1->next;
++ cur2 = cur2->next;
++ }
++ }
++ return ret;
++}
++
++
++
++
++static lockvector_t *
++add_to_lockvector(lockvector_t *lockvec, address_t newlock) {
++ lockvector_t *ret, *cur, *newlockvec;
++ if (lockvec==NULL) {
++ ret = (lockvector_t *)malloc(sizeof(lockvector_t));
++ ret->lockaddress = newlock;
++ ret->next = NULL;
++ return ret;
++ }
++ if (newlock<lockvec->lockaddress) {
++ ret = (lockvector_t *)malloc(sizeof(lockvector_t));
++ ret->lockaddress = newlock;
++ ret->next = clonevector(lockvec);
++ return ret;
++ }
++ if (newlock==lockvec->lockaddress) {
++ if (BX_CPU(0)) BX_CPU(0)->backtrace(btstr);
++ assert(0);
++ return clonevector(lockvec);
++ }
++ assert(newlock>lockvec->lockaddress);
++
++ cur = newlockvec = clonevector(lockvec);
++ while (cur->next && newlock>cur->next->lockaddress) {
++ cur = cur->next;
++ }
++
++ if (!cur->next) {
++ ret = (lockvector_t *)malloc(sizeof(lockvector_t));
++ ret->lockaddress = newlock;
++ cur->next = ret;
++ ret->next = NULL;
++ return newlockvec;
++ }
++
++ if (newlock==cur->next->lockaddress) {
++ BX_CPU(0)->backtrace(btstr);
++ assert(0); //acquiring the same lock twice
++ return newlockvec;
++ }
++
++ ret = (lockvector_t *)malloc(sizeof(lockvector_t));
++ ret->lockaddress = newlock;
++ ret->next = cur->next;
++ cur->next = ret;
++ return newlockvec;
++}
++
++void add_to_hashtable(lockvector_t *newlockset, locksetidx_t index) {
++ hval_t hval = (hashfn(newlockset))%HTABLE_SIZE;
++ int numtries = 0;
++ while (hash_table[hval]) {
++ hval = (hval+1)%HTABLE_SIZE; //closed hashing
++ //printf("hval=%d.\n",hval);
++ numtries++;
++ }
++ if (numtries>20) printf("%s: Warning: numtries too large for closed hashing (=%d).\n",__func__,numtries);
++ hash_table[hval] = index;
++}
++
++//returns true if they are equal
++static int
++compare_locksets(lockvector_t *vec1, lockvector_t *vec2) {
++ lockvector_t *cur1, *cur2;
++
++ assert(vec1);
++ assert(vec2);
++
++ cur1 = vec1;
++ cur2 = vec2;
++ while (cur1 && cur2 && cur1->lockaddress==cur2->lockaddress) {
++ cur1 = cur1->next;
++ cur2 = cur2->next;
++ }
++
++ if (cur1) return 0;
++ if (cur2) return 0;
++ return 1;
++}
++
++
++static locksetidx_t
++find_in_add_cache(locksetidx_t index, address_t newlock) {
++ hval_t hval;
++ locksetidx_t new_index;
++ hash_elem *h_element = NULL;
++ struct add_lock_entry tmp;
++ tmp.oldindex = index; tmp.newlock = newlock;
++ if (add_lock_cache_initialized) h_element = hash_find(&add_lock_cache, &tmp.h_elem);
++ if (h_element) {
++ struct add_lock_entry *answer = hash_entry(h_element, struct add_lock_entry, h_elem);
++ //printf("%s: returning (%d, %x)->%d from cache.\n",__func__,index,newlock,answer->newindex);
++ return answer->newindex;
++ }
++ return 0;
++}
++
++
++static locksetidx_t
++find_in_remove_cache(locksetidx_t index, address_t oldlock) {
++ hval_t hval;
++ locksetidx_t new_index;
++ hash_elem *h_element = NULL;
++ struct remove_lock_entry tmp;
++ tmp.oldindex = index; tmp.oldlock = oldlock;
++ if (remove_lock_cache_initialized) h_element = hash_find(&remove_lock_cache, &tmp.h_elem);
++ if (h_element) {
++ struct remove_lock_entry *answer = hash_entry(h_element, struct remove_lock_entry, h_elem);
++ //printf("%s: returning (%d, %d)->%d from cache.\n",__func__,index,oldlock,answer->newindex);
++ return answer->newindex;
++ }
++
++ return 0;
++}
++
++static locksetidx_t
++find_in_intersect_cache(locksetidx_t index1, locksetidx_t index2) {
++ hval_t hval;
++ locksetidx_t new_index;
++ hash_elem *h_element = NULL;
++ struct intersect_entry tmp;
++ tmp.index1 = index1; tmp.index2 = index2;
++ if (intersect_cache_initialized) h_element = hash_find(&intersect_cache, &tmp.h_elem);
++ if (h_element) {
++ struct intersect_entry *answer = hash_entry(h_element, struct intersect_entry, h_elem);
++ //printf("%s: returning (%d, %x)->%d from cache.\n",__func__,index1,index2,answer->newindex);
++ return answer->newindex;
++ }
++ return 0;
++}
++
++
++void insert_in_remove_cache(locksetidx_t index, address_t lock, locksetidx_t new_index)
++{
++ struct remove_lock_entry *e;
++ if (!remove_lock_cache_initialized) {
++ hash_init(&remove_lock_cache, remove_lock_hash, remove_lock_less, NULL);
++ remove_lock_cache_initialized = 1;
++ }
++ e = (struct remove_lock_entry *)malloc(sizeof(struct remove_lock_entry));
++ e->oldindex = index; e->oldlock = lock; e->newindex = new_index;
++ hash_insert(&remove_lock_cache, &e->h_elem);
++}
++
++void
++insert_in_add_cache(locksetidx_t index, address_t lock, locksetidx_t new_index)
++{
++ struct add_lock_entry *e;
++ if (!add_lock_cache_initialized) {
++ hash_init(&add_lock_cache, add_lock_hash, add_lock_less, NULL);
++ add_lock_cache_initialized = 1;
++ }
++ e = (struct add_lock_entry *)malloc(sizeof(struct add_lock_entry));
++ e->oldindex = index; e->newlock = lock; e->newindex = new_index;
++ hash_insert(&add_lock_cache, &e->h_elem);
++}
++
++void
++insert_in_intersect_cache(locksetidx_t index1, locksetidx_t index2, locksetidx_t new_index)
++{
++ struct intersect_entry *e;
++ if (!intersect_cache_initialized) {
++ hash_init(&intersect_cache, intersect_hash, intersect_less, NULL);
++ intersect_cache_initialized = 1;
++ }
++ e = (struct intersect_entry *)malloc(sizeof(struct intersect_entry));
++ e->index1 = index1; e->index2 = index2; e->newindex = new_index;
++ hash_insert(&intersect_cache, &e->h_elem);
++}
++
++static locksetidx_t
++find_duplicate(lockvector_t *vec) {
++ hval_t hval;
++ locksetidx_t new_index;
++ hash_elem *h_element = NULL;
++
++ hval = (hashfn(vec))%HTABLE_SIZE;
++ new_index = hash_table[hval];
++
++ while (new_index) {
++ if (compare_locksets(vec,index_table[new_index])) {
++ return new_index;
++ }
++ hval = (hval+1)%HTABLE_SIZE;
++ new_index = hash_table[hval];
++ }
++ return 0;
++}
++
++locksetidx_t add_lock(locksetidx_t index, address_t newlock) {
++ lockvector_t *newlockset;
++ locksetidx_t ret_index;
++ ret_index = find_in_add_cache(index,newlock);
++ if (ret_index) return ret_index;
++
++ if (lockset_index >= MAX_LOCKSETS) {
++ printf("%s: Number of locksets exceed %d. returning 0\n",__func__,MAX_LOCKSETS);
++ return 0;
++ }
++
++ if (!index) { //adding a lock to an empty lockset
++ newlockset = (lockvector_t *)malloc(sizeof(lockvector_t));
++ newlockset->lockaddress = newlock;
++ newlockset->next = NULL;
++ } else {
++ newlockset = add_to_lockvector(index_table[index],newlock);
++ }
++ assert(newlockset);
++ ret_index = find_duplicate(newlockset);
++ if (ret_index) {
++ insert_in_add_cache(index,newlock,ret_index);
++ freevector(newlockset);
++ return ret_index;
++ }
++
++ index_table[lockset_index] = newlockset;
++ add_to_hashtable(newlockset,lockset_index);
++ ret_index = lockset_index;
++ lockset_index++;
++ return ret_index;
++}
++
++static int
++singleton_lockset(lockvector_t *vec) {
++ assert(vec);
++ if (vec->next==NULL) return 1;
++ return 0;
++}
++
++locksetidx_t remove_lock(locksetidx_t index, address_t oldlock) {
++ lockvector_t *newlockset;
++ locksetidx_t ret_index;
++ if (!index_table[index]) {
++ assert(oldlock==INTERRUPT_LOCK);
++ assert(index==0);
++ return 0;
++ }
++ if (singleton_lockset(index_table[index])) {
++ if (index_table[index]->lockaddress!=oldlock) {
++ BX_CPU(0)->backtrace(btstr);
++ printf("ERROR: index=%d, index_table[index]->lockaddress=%x, oldlock=%x.\n",index,index_table[index]->lockaddress,oldlock);
++ }
++ assert(index_table[index]->lockaddress==oldlock);
++ return 0;
++ }
++ ret_index = find_in_remove_cache(index,oldlock);
++ if (ret_index) return ret_index;
++
++ if (lockset_index >= MAX_LOCKSETS) {
++ printf("%s: Number of locksets exceed %d. returning 0\n",__func__,MAX_LOCKSETS);
++ return 0;
++ }
++
++ assert(index); //you cannot remove from an empty lockset
++ newlockset = remove_from_lockvector(index_table[index],oldlock);
++ assert(newlockset);
++
++ ret_index = find_duplicate(newlockset);
++ if (ret_index) {
++ insert_in_remove_cache(index,oldlock,ret_index);
++ freevector(newlockset);
++ return ret_index;
++ }
++
++ index_table[lockset_index] = newlockset;
++ add_to_hashtable(newlockset,lockset_index);
++ ret_index = lockset_index;
++ lockset_index++;
++ return ret_index;
++}
++
++locksetidx_t intersect_locksets(locksetidx_t index1, locksetidx_t index2) {
++ lockvector_t *newlockset;
++ locksetidx_t ret_index;
++
++ if (index1==0) return 0;
++ if (index2==0) return 0;
++
++ ret_index = find_in_intersect_cache(index1,index2);
++ if (ret_index) return ret_index;
++
++ if (lockset_index >= MAX_LOCKSETS) {
++ printf("%s: Number of locksets exceed %d. returning 0\n",__func__,MAX_LOCKSETS);
++ return 0;
++ }
++ assert(index1);
++ assert(index2);
++
++ newlockset = intersect_lockvectors(index_table[index1],index_table[index2]);
++ if (!newlockset) return 0; //empty lockset
++ ret_index = find_duplicate(newlockset);
++ if (ret_index) {
++ insert_in_intersect_cache(index1,index2,ret_index);
++ freevector(newlockset);
++ return ret_index;
++ }
++
++ index_table[lockset_index] = newlockset;
++ add_to_hashtable(newlockset,lockset_index);
++ ret_index = lockset_index;
++ lockset_index++;
++ return ret_index;
++}
++
++typedef struct locks_held {
++ unsigned threadId;
++ locksetidx_t locks_held;
++ int ignore; //whether this thread should be ignored. =0 if not. otherwise stores ignore depth
++ hash_elem h_elem; /* Hash element */
++} locks_held_t ;
++
++static int locks_held_table_initialized = 0;
++static struct hash locks_held_table ;
++
++unsigned locks_held_hash (const hash_elem *e, void *aux)
++{
++ locks_held_t *h = hash_entry (e, struct locks_held, h_elem);
++ return hash_int (h->threadId);
++}
++
++bool
++locks_held_less (const hash_elem *a_, const hash_elem *b_,
++ void *aux)
++{
++ locks_held_t *a = hash_entry (a_, struct locks_held, h_elem);
++ locks_held_t *b = hash_entry (b_, struct locks_held, h_elem);
++ return (a->threadId < b->threadId);
++}
++
++
++locksetidx_t
++cur_held(unsigned threadId) {
++ hash_elem *h_element;
++ locks_held_t tmp;
++ if (!locks_held_table_initialized) return 0;
++ tmp.threadId = threadId;
++ h_element = hash_find(&locks_held_table, &tmp.h_elem);
++ if (h_element) {
++ locks_held_t *answer = hash_entry(h_element, struct locks_held, h_elem);
++ assert(answer->locks_held<lockset_index);
++ return answer->locks_held;
++ }
++ return 0;
++}
++
++void update_lockset(unsigned threadId, locksetidx_t lset) {
++ locks_held_t *e;
++ hash_elem *h_element;
++ locks_held_t tmp;
++ assert(lset<lockset_index);
++ if (!locks_held_table_initialized) {
++ hash_init(&locks_held_table, locks_held_hash, locks_held_less, NULL);
++ locks_held_table_initialized = 1;
++ }
++ tmp.threadId = threadId;
++ h_element = hash_find(&locks_held_table, &tmp.h_elem);
++ if (!h_element) {
++ e = (struct locks_held *)malloc(sizeof(struct locks_held));
++ e->threadId = threadId; e->locks_held = lset; e->ignore = 0;
++ hash_insert(&locks_held_table, &e->h_elem);
++ } else {
++ e = hash_entry(h_element, struct locks_held, h_elem);
++ assert(e->threadId==threadId);
++ e->locks_held = lset;
++ }
++}
++
++
++static bool
++find_in_lockvector(lockvector_t *lockvec, address_t lock) {
++ lockvector_t *cur;
++ assert(lockvec!=NULL);
++ if (lock<lockvec->lockaddress) return false;
++ if (lock==lockvec->lockaddress) return true;
++ cur = lockvec;
++ while (cur->next && lock>cur->next->lockaddress) {
++ cur = cur->next;
++ }
++ if (!cur->next) return false;
++ if (cur->next->lockaddress==lock) return true;
++ return false;
++}
++
++bool belongs(locksetidx_t index, address_t lock) {
++ if (!index) return false;
++ return (find_in_lockvector(index_table[index],lock));
++}
++
++void set_ignore(unsigned threadId, bool val) {
++ locks_held_t *e;
++ hash_elem *h_element;
++ locks_held_t tmp;
++ if (!locks_held_table_initialized) {
++ hash_init(&locks_held_table, locks_held_hash, locks_held_less, NULL);
++ locks_held_table_initialized = 1;
++ }
++ tmp.threadId = threadId;
++ h_element = hash_find(&locks_held_table, &tmp.h_elem);
++ if (!h_element) {
++ e = (struct locks_held *)malloc(sizeof(struct locks_held));
++ e->threadId = threadId; e->locks_held = LOCKSET_EMPTY; e->ignore=0;
++ if (val) e->ignore++; else if (e->ignore) e->ignore--;
++ assert(e->ignore>=0);
++ hash_insert(&locks_held_table, &e->h_elem);
++ } else {
++ e = hash_entry(h_element, struct locks_held, h_elem);
++ assert(e->threadId==threadId);
++ if (val) e->ignore++; else if (e->ignore) e->ignore--;
++ assert(e->ignore>=0);
++ }
++ DBG(L1,("ignore value for thread %x = %d.\n",threadId,e->ignore));
++}
++
++bool
++ignore_on(unsigned threadId) {
++ hash_elem *h_element;
++ locks_held_t tmp;
++ if (global_startup_ignore) return true;
++ if (!locks_held_table_initialized) return 0;
++ tmp.threadId = threadId;
++ h_element = hash_find(&locks_held_table, &tmp.h_elem);
++ if (h_element) {
++ locks_held_t *answer = hash_entry(h_element, struct locks_held, h_elem);
++ assert(answer->ignore>=0);
++ return answer->ignore > 0;
++ }
++ return false;
++}
+diff -urpN bochs-2.1.1.orig/taint/lockset.cc.bak checkbochs-2.1.1/taint/lockset.cc.bak
+diff -urpN bochs-2.1.1.orig/taint/lockset.h checkbochs-2.1.1/taint/lockset.h
+--- bochs-2.1.1.orig/taint/lockset.h 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/lockset.h 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,32 @@
++#ifndef __LOCKSET_H
++#define __LOCKSET_H
++
++#define LOCKSET_EMPTY 0
++
++#define VIRGIN 0x0
++#define EXCLUSIVE 0x40000000
++#define SHARED 0x80000000
++#define SHARED_MOD 0xc0000000
++
++#define get_state(x) (x&0xc0000000)
++#define set_state(x,s) ((x&0x3fffffff)|s)
++
++#define get_value(x) (x&0x3fffffff)
++#define set_value(x,v) ((x&0xc0000000)|(v&0x3fffffff))
++
++typedef unsigned int address_t;
++typedef unsigned long locksetidx_t;
++typedef locksetidx_t lockset_t;
++
++locksetidx_t add_lock(locksetidx_t index, address_t newlock);
++locksetidx_t remove_lock(locksetidx_t index, address_t newlock);
++locksetidx_t intersect_locksets(locksetidx_t index1, locksetidx_t index2);
++bool belongs(locksetidx_t index, address_t lock);
++
++locksetidx_t cur_held(unsigned threadId);
++void update_lockset(unsigned threadId, locksetidx_t lockset);
++
++void set_ignore(unsigned threadId, bool val);
++bool ignore_on(unsigned threadId);
++
++#endif
+diff -urpN bochs-2.1.1.orig/taint/lockset.h.bak checkbochs-2.1.1/taint/lockset.h.bak
+diff -urpN bochs-2.1.1.orig/taint/main.c checkbochs-2.1.1/taint/main.c
+--- bochs-2.1.1.orig/taint/main.c 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/main.c 2005-06-16 18:14:07.000000000 -0700
+@@ -0,0 +1,32 @@
++#include "lockset.h"
++
++int main() {
++ int i1, i2, i3, i12, i21, i31, i32, i123, i312, i321, i312_2, i321m2, i312m2;
++ int i312i123, i312i21, i312i1, i32i1;
++
++ i1 = add_lock(0,1);
++ i2 = add_lock(0,2);
++ i3 = add_lock(0,3);
++ i12 = add_lock(i1,2);
++ i21 = add_lock(i2,1);
++ i21 = add_lock(i2,1);
++ i31 = add_lock(i3,1);
++ i32 = add_lock(i3,2);
++ i123 = add_lock(i12,3);
++ i312 = add_lock(i31,2);
++ i321 = add_lock(i32,1);
++ i321m2 = remove_lock(i321,2);
++ i312m2 = remove_lock(i312,2);
++ i312i123 = intersect_locksets(i312,i321);
++ i312i123 = intersect_locksets(i312,i321);
++ i312i123 = intersect_locksets(i312,i321);
++ i312i21 = intersect_locksets(i312,i21);
++ i312i1 = intersect_locksets(i312,i1);
++ i312i1 = intersect_locksets(i312,i1);
++ i312i1 = intersect_locksets(i312,i1);
++ i32i1 = intersect_locksets(i32,i1);
++ i32i1 = intersect_locksets(i32,i1);
++
++ printf("i12 = %d, i21 = %d, i123=%d, i312=%d, i321=%d, i321m2=%d, i312m2=%d.\n",i12,i21,i123,i312,i321,i321m2,i312m2);
++ printf("i312i123 = %d, i312i21 = %d, i312i1=%d, i32i1=%d.\n",i312i123,i312i21,i312i1,i32i1);
++}
+diff -urpN bochs-2.1.1.orig/taint/memory.cc checkbochs-2.1.1/taint/memory.cc
+--- bochs-2.1.1.orig/taint/memory.cc 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/memory.cc 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,360 @@
++
++#include "bochs.h"
++#define LOG_THIS BX_MEM_THIS
++
++
++ void BX_CPP_AttrRegparmN(3)
++BX_MEM_C::readPhysicalTaintPage(BX_CPU_C *cpu, Bit32u addr, unsigned len, void *data)
++{
++ Bit32u *data_ptr;
++ Bit32u a20addr;
++
++ a20addr = A20ADDR(addr);
++ assert(len==1);
++ *(Bit32u *)data = 0x0; //initialize, so that if we are unable to read mem, we return 0
++
++ if ( (a20addr + len) <= BX_MEM_THIS len ) {
++ // all of data is within limits of physical memory
++ if ( (a20addr & 0xfff80000) != 0x00080000 ) {
++ if (len == 4) {
++#ifdef __i386__
++ *(Bit32u *)data = taint_vector[a20addr];
++ *((Bit32u *)data+1) = taint_vector[a20addr+1];
++ *((Bit32u *)data+2) = taint_vector[a20addr+2];
++ *((Bit32u *)data+3) = taint_vector[a20addr+3];
++#else
++ printf("Not yet supported for big endian host platforms.\n");
++ assert(0);
++#endif
++ return;
++ }
++ if (len == 2) {
++#ifdef __i386__
++ *(Bit32u *)data = taint_vector[a20addr];
++ *((Bit32u *)data+1) = taint_vector[a20addr+1];
++#else
++ printf("Not yet supported for big endian host platforms.\n");
++ assert(0);
++#endif
++ /*
++ if (*(Bit16u *)data && g_instruction_display_count>0) {
++ printf("%s %d: tainted dword read from addr %x. data=%x.\n",__func__,__LINE__,addr,*(Bit16u*)data);
++ g_instruction_display_count = 512;
++ }
++ */
++ return;
++ }
++ if (len == 1) {
++#ifdef __i386__
++ *(Bit32u *)data = taint_vector[a20addr];
++#else
++ printf("Not yet supported for big endian host platforms.\n");
++ assert(0);
++#endif
++ return;
++ }
++ // len == 3 case can just fall thru to special cases handling
++ }
++
++
++#ifdef BX_LITTLE_ENDIAN
++ data_ptr = (Bit32u *) data;
++#else // BX_BIG_ENDIAN
++ data_ptr = (Bit32u *) data + (len - 1);
++#endif
++
++
++
++read_one:
++ if ( (a20addr & 0xfff80000) != 0x00080000 ) {
++ // addr *not* in range 00080000 .. 000FFFFF
++ *data_ptr = taint_vector[a20addr];
++inc_one:
++ if (len == 1) return;
++ len--;
++ a20addr++;
++#ifdef BX_LITTLE_ENDIAN
++ data_ptr++;
++#else // BX_BIG_ENDIAN
++ data_ptr--;
++#endif
++ goto read_one;
++ }
++
++ // addr in range 00080000 .. 000FFFFF
++#if BX_PCI_SUPPORT == 0
++ if ((a20addr <= 0x0009ffff) || (a20addr >= 0x000c0000) ) {
++ // regular memory 80000 .. 9FFFF, C0000 .. F0000
++ *data_ptr = taint_vector[a20addr];
++ goto inc_one;
++ }
++ return; //assert(0);
++ // VGA memory A0000 .. BFFFF
++ //*data_ptr = DEV_vga_mem_read(a20addr);
++ //BX_DBG_UCMEM_REPORT(a20addr, 1, BX_READ, *data_ptr); // obsolete
++ //goto inc_one;
++#else // #if BX_PCI_SUPPORT == 0
++ if (a20addr <= 0x0009ffff) {
++ *data_ptr = taint_vector[a20addr];
++ goto inc_one;
++ }
++ if (a20addr <= 0x000BFFFF) {
++ assert(0);
++ // VGA memory A0000 .. BFFFF
++ //*data_ptr = DEV_vga_mem_read(a20addr);
++ //BX_DBG_UCMEM_REPORT(a20addr, 1, BX_READ, *data_ptr);
++ //goto inc_one;
++ }
++
++ // a20addr in C0000 .. FFFFF
++ if (!bx_options.Oi440FXSupport->get ()) {
++ *data_ptr = taint_vector[a20addr];
++ goto inc_one;
++ }
++ else assert(0);
++ goto inc_one;
++#endif // #if BX_PCI_SUPPORT == 0
++ }
++ else {
++ // some or all of data is outside limits of physical memory
++ unsigned i;
++
++#ifdef BX_LITTLE_ENDIAN
++ data_ptr = (Bit32u *) data;
++#else // BX_BIG_ENDIAN
++ data_ptr = (Bit32u *) data + (len - 1);
++#endif
++
++#if BX_SUPPORT_VBE
++ // Check VBE LFB support
++ if ((a20addr >= VBE_DISPI_LFB_PHYSICAL_ADDRESS) &&
++ (a20addr < (VBE_DISPI_LFB_PHYSICAL_ADDRESS + VBE_DISPI_TOTAL_VIDEO_MEMORY_BYTES)))
++ {
++ assert(0);
++ return;
++ }
++#endif
++
++#if BX_SUPPORT_APIC
++ //assert(0);
++ return;
++#endif
++ for (i = 0; i < len; i++) {
++#if BX_PCI_SUPPORT == 0
++ if (a20addr < BX_MEM_THIS len)
++ *data_ptr = taint_vector[a20addr];
++ else
++ *data_ptr = 0xffffffff;
++#else // BX_PCI_SUPPORT == 0
++ if (a20addr < BX_MEM_THIS len) {
++ if ((a20addr >= 0x000C0000) && (a20addr <= 0x000FFFFF)) {
++ if (!bx_options.Oi440FXSupport->get ())
++ *data_ptr = taint_vector[a20addr];
++ else {
++ switch (DEV_pci_rd_memtype(a20addr & 0xFC000)) {
++ case 0x0: // Read from ROM
++ *data_ptr = taint_vector[a20addr];
++ //BX_INFO(("Reading from ROM %08x, Data %02x ", (unsigned) a20addr, *data_ptr));
++ break;
++
++ case 0x1: // Read from Shadow RAM
++ assert(0);
++ break;
++ default:
++ BX_PANIC(("readPhysicalPage: default case"));
++ } // Switch
++ }
++ }
++ else {
++ *data_ptr = taint_vector[a20addr];
++ BX_INFO(("Reading from Norm %08x, Data %02x ", (unsigned) a20addr, *data_ptr));
++ }
++ }
++ else
++ *data_ptr = 0xffffffff;
++#endif // BX_PCI_SUPPORT == 0
++ addr++;
++ a20addr = (addr);
++#ifdef BX_LITTLE_ENDIAN
++ data_ptr++;
++#else // BX_BIG_ENDIAN
++ data_ptr--;
++#endif
++ }
++ return;
++ }
++}
++
++ void BX_CPP_AttrRegparmN(3)
++BX_MEM_C::writePhysicalTaintPage(BX_CPU_C *cpu, Bit32u addr, unsigned len, void *data)
++{
++ Bit32u *data_ptr;
++ Bit32u a20addr;
++
++ assert(len==1);
++
++ a20addr = A20ADDR(addr);
++
++ // Note: accesses should always be contained within a single page now.
++
++ //if (*(Bit8u *)data!=0xff && *(Bit8u *)data!=0) assert(0);
++ //if (*(Bit8u *)data==0xff) assert(0);
++
++ if ( a20addr <= BX_MEM_THIS len ) {
++
++ //LOG_MEM_TAINT(cpu,addr,len,&taint_vector[a20addr],data,true);
++
++ // all of data is within limits of physical memory
++ if ( (a20addr & 0xfff80000) != 0x00080000 ) {
++ if (len == 4) {
++#ifdef __i386__
++ taint_vector[a20addr] = *(Bit32u*)data;
++ taint_vector[a20addr+1] = *((Bit32u*)data+1);
++ taint_vector[a20addr+2] = *((Bit32u*)data+2);
++ taint_vector[a20addr+3] = *((Bit32u*)data+3);
++#else
++ printf("Not yet supported for big endian host platforms.\n");
++ assert(0);
++#endif
++ return;
++ }
++ if (len == 2) {
++#ifdef __i386__
++ taint_vector[a20addr] = *(Bit32u*)data;
++ taint_vector[a20addr+1] = *((Bit32u*)data+1);
++#else
++ printf("Not yet supported for big endian host platforms.\n");
++ assert(0);
++#endif
++ return;
++ }
++ if (len == 1) {
++#ifdef __i386__
++ taint_vector[a20addr] = *(Bit32u*)data;
++#else
++ printf("Not yet supported for big endian host platforms.\n");
++ assert(0);
++#endif
++ return;
++ }
++ // len == other, just fall thru to special cases handling
++ }
++
++#ifdef BX_LITTLE_ENDIAN
++ data_ptr = (Bit32u *) data;
++#else // BX_BIG_ENDIAN
++ data_ptr = (Bit32u *) data + (len - 1);
++#endif
++
++write_one:
++ if ( (a20addr & 0xfff80000) != 0x00080000 ) {
++ // addr *not* in range 00080000 .. 000FFFFF
++ taint_vector[a20addr] = *data_ptr;
++inc_one:
++ if (len == 1) return;
++ len--;
++ a20addr++;
++#ifdef BX_LITTLE_ENDIAN
++ data_ptr++;
++#else // BX_BIG_ENDIAN
++ data_ptr--;
++#endif
++ goto write_one;
++ }
++
++ // addr in range 00080000 .. 000FFFFF
++
++ if (a20addr <= 0x0009ffff) {
++ // regular memory 80000 .. 9FFFF
++ taint_vector[a20addr] = *data_ptr;
++ goto inc_one;
++ }
++ if (a20addr <= 0x000bffff) {
++ // VGA memory A0000 .. BFFFF
++ return; //assert(0);
++ //DEV_vga_mem_write(a20addr, *data_ptr);
++ //BX_DBG_DIRTY_PAGE(a20addr >> 12);
++ //BX_DBG_UCMEM_REPORT(a20addr, 1, BX_WRITE, *data_ptr); // obsolete
++ goto inc_one;
++ }
++ // adapter ROM C0000 .. DFFFF
++ // ROM BIOS memory E0000 .. FFFFF
++ // (ignore write)
++ //BX_INFO(("ROM lock %08x: len=%u",
++ // (unsigned) a20addr, (unsigned) len));
++#if BX_PCI_SUPPORT == 0
++#if BX_SHADOW_RAM
++ // Write it since its in shadow RAM
++ taint_vector[a20addr] = *data_ptr;
++#else
++ // ignore write to ROM
++#endif
++#else
++ // Write Based on 440fx Programming
++ if (bx_options.Oi440FXSupport->get () &&
++ ((a20addr >= 0xC0000) && (a20addr <= 0xFFFFF))) {
++ switch (DEV_pci_wr_memtype(a20addr & 0xFC000)) {
++ case 0x1: // Writes to ShadowRAM
++ assert(0);
++// BX_INFO(("Writing to ShadowRAM %08x, len %u ! ", (unsigned) a20addr, (unsigned) len));
++ shadow[a20addr - 0xc0000] = *data_ptr;
++ BX_DBG_DIRTY_PAGE(a20addr >> 12);
++ goto inc_one;
++
++ case 0x0: // Writes to ROM, Inhibit
++ assert(0);
++ //BX_DEBUG(("Write to ROM ignored: address %08x, data %02x", (unsigned) a20addr, *data_ptr));
++ goto inc_one;
++ default:
++ BX_PANIC(("writePhysicalPage: default case"));
++ goto inc_one;
++ }
++ }
++#endif
++ goto inc_one;
++ }
++
++ else {
++ // some or all of data is outside limits of physical memory
++ unsigned i;
++
++#ifdef BX_LITTLE_ENDIAN
++ data_ptr = (Bit32u *) data;
++#else // BX_BIG_ENDIAN
++ data_ptr = (Bit32u *) data + (len - 1);
++#endif
++
++
++#if BX_SUPPORT_VBE
++ // Check VBE LFB support
++
++ if ((a20addr >= VBE_DISPI_LFB_PHYSICAL_ADDRESS) &&
++ (a20addr < (VBE_DISPI_LFB_PHYSICAL_ADDRESS + VBE_DISPI_TOTAL_VIDEO_MEMORY_BYTES)))
++ {
++ assert(0);
++ return;
++ }
++
++#endif
++
++
++#if BX_SUPPORT_APIC
++ //assert(0);
++ return;
++#endif
++ for (i = 0; i < len; i++) {
++ if (a20addr < BX_MEM_THIS len) {
++ taint_vector[a20addr] = *data_ptr;
++ }
++ // otherwise ignore byte, since it overruns memory
++ addr++;
++ a20addr = (addr);
++#ifdef BX_LITTLE_ENDIAN
++ data_ptr++;
++#else // BX_BIG_ENDIAN
++ data_ptr--;
++#endif
++ }
++ return;
++ }
++}
+diff -urpN bochs-2.1.1.orig/taint/memory.cc.bak checkbochs-2.1.1/taint/memory.cc.bak
+diff -urpN bochs-2.1.1.orig/taint/mydebug.h checkbochs-2.1.1/taint/mydebug.h
+--- bochs-2.1.1.orig/taint/mydebug.h 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/mydebug.h 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,28 @@
++#ifndef __MYDEBUG_H
++#define __MYDEBUG_H
++
++#define ACCESS_LINEAR 0
++#define L1 0
++#define LOCKS 0
++#define CHECKBOCHS 1
++#define WRN 1
++#define ERR 1
++
++void checkbochs_log (const char *fmt, ...) ;
++
++#define DBG(l,x) if (l) { \
++ checkbochs_log x; \
++ /*bx_dbg_disassemble_current(-1,0);*/ \
++}
++
++#define PANIC(...) do { \
++ printf("PANIC at %s:%d in %s(): ",__FILE__,__LINE__,__func__); \
++ BX_CPU(0)->panic(__VA_ARGS__); \
++} while(0)
++
++#define ASSERT(CONDITION) \
++ if (CONDITION) { } else { \
++ PANIC ("assertion `%s' failed.", #CONDITION); \
++ }
++
++#endif
+diff -urpN bochs-2.1.1.orig/taint/mydebug.h.bak checkbochs-2.1.1/taint/mydebug.h.bak
+diff -urpN bochs-2.1.1.orig/taint/paging.cc checkbochs-2.1.1/taint/paging.cc
+--- bochs-2.1.1.orig/taint/paging.cc 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/paging.cc 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,241 @@
++#define NEED_CPU_REG_SHORTCUTS 1
++#include "bochs.h"
++#define LOG_THIS BX_CPU_THIS_PTR
++
++#include "taint/globals.h"
++#include "taint/mydebug.h"
++#include "taint/lockset.h"
++
++#if BX_USE_CPU_SMF
++#define this (BX_CPU(0))
++#endif
++
++
++#if BX_SUPPORT_PAGING
++
++#define InstrTLB_Stats()
++#define InstrTLB_Increment(v)
++
++// ==============================================================
++
++
++// Translate a linear address to a physical address, for
++// a data access (D)
++
++ Bit32s BX_CPP_AttrRegparmN(3)
++BX_CPU_C::taint_dtranslate_linear(bx_address laddr, unsigned pl, unsigned rw)
++{
++ bx_address lpf;
++ Bit32u ppf, poffset, TLB_index, error_code, paddress;
++ Bit32u pde, pde_addr;
++ bx_bool isWrite;
++ Bit32u accessBits, combined_access;
++ unsigned priv_index;
++
++ // CR4.PAE==0 (and MSR.LMA==0)
++
++ lpf = laddr & 0xfffff000; // linear page frame
++ poffset = laddr & 0x00000fff; // physical offset
++ TLB_index = BX_TLB_INDEX_OF(lpf);
++
++
++ //isWrite = (rw>=BX_WRITE); // write or r-m-w
++ isWrite = 0; // sorav: allow write accesses even if you have only read permissions on the address
++
++ if (BX_CPU_THIS_PTR TLB.entry[TLB_index].lpf == BX_TLB_LPF_VALUE(lpf)) {
++ paddress = BX_CPU_THIS_PTR TLB.entry[TLB_index].ppf | poffset;
++ accessBits = BX_CPU_THIS_PTR TLB.entry[TLB_index].accessBits;
++ if (accessBits & (1 << ((isWrite<<1) | pl)) ) {
++ return(paddress);
++ }
++
++ // The current access does not have permission according to the info
++ // in our TLB cache entry. Re-walk the page tables, in case there is
++ // updated information in the memory image, and let the long path code
++ // generate an exception if one is warranted.
++ }
++
++ return(-1); //return -1 for failure
++}
++
++
++// Translate a linear address to a physical address, for
++// an instruction fetch access (I)
++
++ Bit32u BX_CPP_AttrRegparmN(2)
++BX_CPU_C::taint_itranslate_linear(bx_address laddr, unsigned pl)
++{
++ //assign_type(type8,generic_type_executed_code8);
++
++ ////Bit32u pAddr = dtranslate_linear_type(laddr, pl, BX_READ);
++ //printf("Assigning a codebyte.\n");
++ //access_linear_type(laddr,1,pl,BX_WRITE,type8);
++ //typestats_t stats;
++ //stats.print(BX_CPU_THIS_PTR mem->type_vector,BX_CPU_THIS_PTR mem->len);
++ exit(0);
++}
++
++
++ int BX_CPP_AttrRegparmN(3)
++BX_CPU_C::access_linear_taint(bx_address laddr, unsigned length, unsigned pl,
++ unsigned rw, void *taint_value)
++{
++ Bit32u pageOffset;
++ unsigned xlate_rw;
++ int try_access;
++
++ assert(length==1);
++ ASSERT(rw==BX_READ || get_value(*(Bit32u*)taint_value)<2 || get_state(*(Bit32u*)taint_value));
++ if (rw==BX_RW) {
++ xlate_rw = BX_RW;
++ rw = BX_READ;
++ }
++ else {
++ xlate_rw = rw;
++ }
++
++ pageOffset = laddr & 0x00000fff;
++
++ if (BX_CPU_THIS_PTR cr0.pg) {
++ /* check for reference across multiple pages */
++ if ( (pageOffset + length) <= 4096 ) {
++ // Access within single page.
++ try_access = taint_dtranslate_linear(laddr, pl, xlate_rw);
++ if (try_access==-1) return 0;
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1 = try_access;
++ BX_CPU_THIS_PTR address_xlation.taint_pages = 1;
++
++ if (rw == BX_READ) {
++ BX_INSTR_LIN_READ(BX_CPU_ID, laddr, BX_CPU_THIS_PTR address_xlation.taint_paddress1, length);
++ BX_CPU_THIS_PTR mem->readPhysicalTaintPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1, length, taint_value);
++ }
++ else {
++ BX_INSTR_LIN_WRITE(BX_CPU_ID, laddr, BX_CPU_THIS_PTR address_xlation.taint_paddress1, length);
++ BX_CPU_THIS_PTR mem->writePhysicalTaintPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1, length, taint_value);
++ }
++ //if (rw==BX_WRITE) BX_CPU_THIS_PTR address_xlation.taint_write_paddress1 = BX_CPU_THIS_PTR address_xlation.taint_paddress1;
++ }
++ else {
++ try_access = taint_dtranslate_linear(laddr, pl, xlate_rw);
++ if (try_access==-1) return 0;
++ // access across 2 pages
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1 = try_access;
++ BX_CPU_THIS_PTR address_xlation.taint_len1 = 4096 - pageOffset;
++ BX_CPU_THIS_PTR address_xlation.taint_len2 = length -
++ BX_CPU_THIS_PTR address_xlation.taint_len1;
++ BX_CPU_THIS_PTR address_xlation.taint_pages = 2;
++ try_access = taint_dtranslate_linear(laddr + BX_CPU_THIS_PTR address_xlation.taint_len1, pl, xlate_rw);
++ if (try_access==-1) return 0;
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2 = try_access;
++
++#ifdef BX_LITTLE_ENDIAN
++ if (rw == BX_READ) {
++ BX_CPU_THIS_PTR mem->readPhysicalTaintPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1, taint_value);
++ BX_CPU_THIS_PTR mem->readPhysicalTaintPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2,
++ ((Bit32u*)taint_value) + BX_CPU_THIS_PTR address_xlation.taint_len1);
++ }
++ else {
++ BX_CPU_THIS_PTR mem->writePhysicalTaintPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1, taint_value);
++ BX_CPU_THIS_PTR mem->writePhysicalTaintPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2,
++ ((Bit32u*)taint_value) + BX_CPU_THIS_PTR address_xlation.taint_len1);
++ }
++
++#else // BX_BIG_ENDIAN
++ if (rw == BX_READ) {
++ BX_CPU_THIS_PTR mem->readPhysicalTaintPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1,
++ ((Bit32u*)taint_value) + (length - BX_CPU_THIS_PTR address_xlation.taint_len1));
++ BX_CPU_THIS_PTR mem->readPhysicalTaintPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2, taint_value);
++ }
++ else {
++ BX_CPU_THIS_PTR mem->writePhysicalTaintPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1,
++ ((Bit32u*)taint_value) + (length - BX_CPU_THIS_PTR address_xlation.taint_len1));
++ BX_CPU_THIS_PTR mem->writePhysicalTaintPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2, taint_value);
++ }
++#endif
++
++ //if (rw==BX_WRITE) BX_CPU_THIS_PTR address_xlation.taint_write_paddress1 = BX_CPU_THIS_PTR address_xlation.taint_paddress1;
++ }
++ }
++
++ else {
++ // Paging off.
++ if ( (pageOffset + length) <= 4096 ) {
++ // Access within single page.
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1 = laddr;
++ BX_CPU_THIS_PTR address_xlation.taint_pages = 1;
++ if (rw == BX_READ) {
++
++ // Let access fall through to the following for this iteration.
++ BX_CPU_THIS_PTR mem->readPhysicalTaintPage(this, laddr, length, taint_value);
++ }
++ else { // Write
++ BX_CPU_THIS_PTR mem->writePhysicalTaintPage(this, laddr, length, taint_value);
++ }
++ }
++ else {
++ // Access spans two pages.
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1 = laddr;
++ BX_CPU_THIS_PTR address_xlation.taint_len1 = 4096 - pageOffset;
++ BX_CPU_THIS_PTR address_xlation.taint_len2 = length -
++ BX_CPU_THIS_PTR address_xlation.taint_len1;
++ BX_CPU_THIS_PTR address_xlation.taint_pages = 2;
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2 = laddr +
++ BX_CPU_THIS_PTR address_xlation.taint_len1;
++
++#ifdef BX_LITTLE_ENDIAN
++ if (rw == BX_READ) {
++ BX_CPU_THIS_PTR mem->readPhysicalTaintPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1, taint_value);
++ BX_CPU_THIS_PTR mem->readPhysicalTaintPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2,
++ ((Bit32u*)taint_value) + BX_CPU_THIS_PTR address_xlation.taint_len1);
++ }
++ else {
++ BX_CPU_THIS_PTR mem->writePhysicalTaintPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1, taint_value);
++ BX_CPU_THIS_PTR mem->writePhysicalTaintPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2,
++ ((Bit32u*)taint_value) + BX_CPU_THIS_PTR address_xlation.taint_len1);
++ }
++
++#else // BX_BIG_ENDIAN
++ if (rw == BX_READ) {
++ BX_CPU_THIS_PTR mem->readPhysicalTaintPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1,
++ ((Bit32u*)taint_value) + (length - BX_CPU_THIS_PTR address_xlation.taint_len1));
++ BX_CPU_THIS_PTR mem->readPhysicalTaintPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2, taint_value);
++ }
++ else {
++ BX_CPU_THIS_PTR mem->writePhysicalTaintPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1,
++ ((Bit32u*)taint_value) + (length - BX_CPU_THIS_PTR address_xlation.taint_len1));
++ BX_CPU_THIS_PTR mem->writePhysicalTaintPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2, taint_value);
++ }
++#endif
++ }
++ //if (rw==BX_WRITE) BX_CPU_THIS_PTR address_xlation.taint_write_paddress1 = BX_CPU_THIS_PTR address_xlation.taint_paddress1;
++ }
++ return 1;
++}
++
++#endif
+diff -urpN bochs-2.1.1.orig/taint/paging.cc.bak checkbochs-2.1.1/taint/paging.cc.bak
+diff -urpN bochs-2.1.1.orig/taint/silent_access.cc checkbochs-2.1.1/taint/silent_access.cc
+--- bochs-2.1.1.orig/taint/silent_access.cc 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/silent_access.cc 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,210 @@
++#define NEED_CPU_REG_SHORTCUTS 1
++#include "bochs.h"
++#define LOG_THIS BX_CPU_THIS_PTR
++
++#if BX_SUPPORT_X86_64
++#define IsLongMode() (BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_64)
++#define LPFOf(laddr) ((laddr) & BX_CONST64(0xfffffffffffff000))
++#define BX_CANONICAL_BITS 48
++#define IsCanonical(offset) ((Bit64u)((((Bit64s)(offset)) >> (BX_CANONICAL_BITS-1)) + 1) < 2)
++
++//#define BX_CANONICAL_LO BX_CONST64(0xffff800000000000)
++//#define BX_CANONICAL_HI BX_CONST64(0x0000800000000000)
++//#define IsCanonical(offset) ((Bit64u)(offset-BX_CANONICAL_LO) < (Bit64u)(BX_CANONICAL_HI-BX_CANONICAL_LO))
++
++#else
++#define IsLongMode() (0)
++#define LPFOf(laddr) ((laddr) & 0xfffff000)
++#define IsCanonical(offset) (0)
++#endif
++
++
++ int BX_CPP_AttrRegparmN(3)
++BX_CPU_C::read_virtual_checks_silent(bx_segment_reg_t *seg, bx_address offset,
++ unsigned length)
++{
++ Bit32u upper_limit;
++
++ if (protected_mode()) {
++ if (seg->cache.valid==0) {
++ BX_ERROR(("seg = %s", BX_CPU_THIS_PTR strseg(seg)));
++ BX_ERROR(("seg->selector.value = %04x", (unsigned) seg->selector.value));
++ //exception(BX_GP_EXCEPTION, 0, 0);
++ return 0;
++ }
++
++ if (seg->cache.p == 0) { /* not present */
++ BX_INFO(("read_virtual_checks(): segment not present"));
++ //exception(int_number(seg), 0, 0);
++ return 0;
++ }
++
++ switch (seg->cache.type) {
++ case 0: case 1: /* read only */
++ case 10: case 11: /* execute/read */
++ case 14: case 15: /* execute/read-only, conforming */
++ if (offset > (seg->cache.u.segment.limit_scaled - length + 1)
++ || (length-1 > seg->cache.u.segment.limit_scaled)) {
++ BX_INFO(("read_virtual_checks(): write beyond limit"));
++ //exception(int_number(seg), 0, 0);
++ return 0;
++ }
++ if (seg->cache.u.segment.limit_scaled >= 7) {
++ // Mark cache as being OK type for succeeding writes. See notes for
++ // write checks; similar code.
++ seg->cache.valid |= SegAccessROK;
++ }
++ break;
++
++ case 2: case 3: /* read/write */
++ if (offset > (seg->cache.u.segment.limit_scaled - length + 1)
++ || (length-1 > seg->cache.u.segment.limit_scaled)) {
++ BX_INFO(("read_virtual_checks(): write beyond limit"));
++ //exception(int_number(seg), 0, 0);
++ return 0;
++ }
++ if (seg->cache.u.segment.limit_scaled >= 7) {
++ // Mark cache as being OK type for succeeding writes. See notes for
++ // write checks; similar code.
++ seg->cache.valid |= SegAccessROK;
++ }
++ break;
++
++ case 4: case 5: /* read only, expand down */
++ if (seg->cache.u.segment.d_b)
++ upper_limit = 0xffffffff;
++ else
++ upper_limit = 0x0000ffff;
++ if ((offset <= seg->cache.u.segment.limit_scaled) ||
++ (offset > upper_limit) ||
++ ((upper_limit - offset) < (length - 1))) {
++ BX_INFO(("read_virtual_checks(): write beyond limit"));
++ //exception(int_number(seg), 0, 0);
++ return 0;
++ }
++ break;
++
++ case 6: case 7: /* read write, expand down */
++ if (seg->cache.u.segment.d_b)
++ upper_limit = 0xffffffff;
++ else
++ upper_limit = 0x0000ffff;
++ if ((offset <= seg->cache.u.segment.limit_scaled) ||
++ (offset > upper_limit) ||
++ ((upper_limit - offset) < (length - 1))) {
++ BX_INFO(("read_virtual_checks(): write beyond limit"));
++ //exception(int_number(seg), 0, 0);
++ return 0;
++ }
++ break;
++
++ case 8: case 9: /* execute only */
++ case 12: case 13: /* execute only, conforming */
++ /* can't read or write an execute-only segment */
++ BX_INFO(("read_virtual_checks(): execute only"));
++ //exception(int_number(seg), 0, 0);
++ return 0;
++ break;
++ }
++ return 1;
++ }
++
++ else { /* real mode */
++ if (offset > (seg->cache.u.segment.limit_scaled - length + 1)
++ || (length-1 > seg->cache.u.segment.limit_scaled)) {
++ //BX_ERROR(("read_virtual_checks() SEG EXCEPTION: %x:%x + %x",
++ // (unsigned) seg->selector.value, (unsigned) offset, (unsigned) length));
++ if (seg == & BX_CPU_THIS_PTR sregs[2]) {
++ //exception(BX_SS_EXCEPTION, 0, 0);
++ return 0;
++ } else {
++ //exception(BX_GP_EXCEPTION, 0, 0);
++ return 0;
++ }
++ }
++ if (seg->cache.u.segment.limit_scaled >= 7) {
++ // Mark cache as being OK type for succeeding writes. See notes for
++ // write checks; similar code.
++ seg->cache.valid |= SegAccessROK;
++ }
++ return 1;
++ }
++}
++
++ int BX_CPP_AttrRegparmN(3)
++BX_CPU_C::read_virtual_byte_silent(unsigned s, bx_address offset, Bit8u *data)
++{
++ bx_address laddr;
++ bx_segment_reg_t *seg;
++ int ret = 1;
++
++ seg = &BX_CPU_THIS_PTR sregs[s];
++ if (seg->cache.valid & SegAccessROK) {
++ if ((IsLongMode() && IsCanonical(offset))
++ || (offset <= seg->cache.u.segment.limit_scaled)) {
++ unsigned pl;
++accessOK:
++ laddr = seg->cache.u.segment.base + offset;
++ BX_INSTR_MEM_DATA(BX_CPU_ID, laddr, 1, BX_READ);
++ pl = (CPL==3);
++
++ ret = access_linear_silent(laddr, 1, pl, BX_READ, (void *) data);
++ return ret;
++ }
++ }
++ ret = read_virtual_checks_silent(seg, offset, 1); //if exception would be raised return 0
++ if (!ret) return 0;
++ goto accessOK;
++}
++
++ int BX_CPP_AttrRegparmN(3)
++BX_CPU_C::read_virtual_word_silent(unsigned s, bx_address offset, Bit16u *data)
++{
++ bx_address laddr;
++ bx_segment_reg_t *seg;
++ int ret;
++
++ seg = &BX_CPU_THIS_PTR sregs[s];
++ if (seg->cache.valid & SegAccessROK) {
++ if ((IsLongMode() && IsCanonical(offset))
++ || (offset < seg->cache.u.segment.limit_scaled)) {
++ unsigned pl;
++accessOK:
++ laddr = seg->cache.u.segment.base + offset;
++ BX_INSTR_MEM_DATA(BX_CPU_ID, laddr, 2, BX_READ);
++ pl = (CPL==3);
++
++ ret = access_linear_silent(laddr, 2, pl, BX_READ, (void *) data);
++ return ret;
++ }
++ }
++ ret = read_virtual_checks_silent(seg, offset, 2);
++ if (!ret) return 0;
++ goto accessOK;
++}
++
++ int BX_CPP_AttrRegparmN(3)
++BX_CPU_C::read_virtual_dword_silent(unsigned s, bx_address offset, Bit32u *data)
++{
++ bx_address laddr;
++ bx_segment_reg_t *seg;
++ int ret;
++
++ seg = &BX_CPU_THIS_PTR sregs[s];
++ if (seg->cache.valid & SegAccessROK) {
++ if ((IsLongMode() && IsCanonical(offset))
++ || (offset < (seg->cache.u.segment.limit_scaled-2))) {
++ unsigned pl;
++accessOK:
++ laddr = seg->cache.u.segment.base + offset;
++ BX_INSTR_MEM_DATA(BX_CPU_ID, laddr, 4, BX_READ);
++ pl = (CPL==3);
++
++ ret = access_linear_silent(laddr, 4, pl, BX_READ, (void *) data);
++ return ret;
++ }
++ }
++ ret = read_virtual_checks_silent(seg, offset, 4);
++ if (!ret) return 0;
++ goto accessOK;
++}
+diff -urpN bochs-2.1.1.orig/taint/silent_access.cc.bak checkbochs-2.1.1/taint/silent_access.cc.bak
+diff -urpN bochs-2.1.1.orig/taint/silent_paging.cc checkbochs-2.1.1/taint/silent_paging.cc
+--- bochs-2.1.1.orig/taint/silent_paging.cc 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/silent_paging.cc 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,175 @@
++#define NEED_CPU_REG_SHORTCUTS 1
++#include "bochs.h"
++#define LOG_THIS BX_CPU_THIS_PTR
++
++#if BX_USE_CPU_SMF
++#define this (BX_CPU(0))
++#endif
++
++
++#if BX_SUPPORT_PAGING
++
++#define InstrTLB_Stats()
++#define InstrTLB_Increment(v)
++
++// ==============================================================
++
++
++ int BX_CPP_AttrRegparmN(3)
++BX_CPU_C::access_linear_silent(bx_address laddr, unsigned length, unsigned pl,
++ unsigned rw, void *data)
++{
++ Bit32u pageOffset;
++ unsigned xlate_rw;
++
++ assert(rw==BX_READ);
++ if (rw==BX_RW) {
++ xlate_rw = BX_RW;
++ rw = BX_READ;
++ }
++ else {
++ xlate_rw = rw;
++ }
++
++ pageOffset = laddr & 0x00000fff;
++
++ if (BX_CPU_THIS_PTR cr0.pg) {
++ /* check for reference across multiple pages */
++ if ( (pageOffset + length) <= 4096 ) {
++ // Access within single page.
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1 =
++ taint_dtranslate_linear(laddr, pl, xlate_rw);
++ BX_CPU_THIS_PTR address_xlation.taint_pages = 1;
++
++ if (rw == BX_READ) {
++ BX_INSTR_LIN_READ(BX_CPU_ID, laddr, BX_CPU_THIS_PTR address_xlation.taint_paddress1, length);
++ BX_CPU_THIS_PTR mem->readPhysicalPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1, length, data );
++ }
++ else {
++ BX_INSTR_LIN_WRITE(BX_CPU_ID, laddr, BX_CPU_THIS_PTR address_xlation.taint_paddress1, length);
++ BX_CPU_THIS_PTR mem->writePhysicalPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1, length, data);
++ }
++ //if (rw==BX_WRITE) BX_CPU_THIS_PTR address_xlation.taint_write_paddress1 = BX_CPU_THIS_PTR address_xlation.taint_paddress1;
++ }
++ else {
++ // access across 2 pages
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1 =
++ taint_dtranslate_linear(laddr, pl, xlate_rw);
++ BX_CPU_THIS_PTR address_xlation.taint_len1 = 4096 - pageOffset;
++ BX_CPU_THIS_PTR address_xlation.taint_len2 = length -
++ BX_CPU_THIS_PTR address_xlation.taint_len1;
++ BX_CPU_THIS_PTR address_xlation.taint_pages = 2;
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2 =
++ taint_dtranslate_linear(laddr + BX_CPU_THIS_PTR address_xlation.taint_len1,
++ pl, xlate_rw);
++
++#ifdef BX_LITTLE_ENDIAN
++ if (rw == BX_READ) {
++ BX_CPU_THIS_PTR mem->readPhysicalPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1, data);
++ BX_CPU_THIS_PTR mem->readPhysicalPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2,
++ ((Bit32u*)data) + BX_CPU_THIS_PTR address_xlation.taint_len1);
++ }
++ else {
++ BX_CPU_THIS_PTR mem->writePhysicalPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1, data);
++ BX_CPU_THIS_PTR mem->writePhysicalPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2,
++ ((Bit32u*)data) + BX_CPU_THIS_PTR address_xlation.taint_len1);
++ }
++
++#else // BX_BIG_ENDIAN
++ if (rw == BX_READ) {
++ BX_CPU_THIS_PTR mem->readPhysicalPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1,
++ ((Bit32u*)data) + (length - BX_CPU_THIS_PTR address_xlation.taint_len1));
++ BX_CPU_THIS_PTR mem->readPhysicalPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2, data);
++ }
++ else {
++ BX_CPU_THIS_PTR mem->writePhysicalPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1,
++ ((Bit32u*)data) + (length - BX_CPU_THIS_PTR address_xlation.taint_len1));
++ BX_CPU_THIS_PTR mem->writePhysicalPage(this, BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2, data);
++ }
++#endif
++
++ //if (rw==BX_WRITE) BX_CPU_THIS_PTR address_xlation.taint_write_paddress1 = BX_CPU_THIS_PTR address_xlation.taint_paddress1;
++ }
++ }
++
++ else {
++ // Paging off.
++ if ( (pageOffset + length) <= 4096 ) {
++ // Access within single page.
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1 = laddr;
++ BX_CPU_THIS_PTR address_xlation.taint_pages = 1;
++ if (rw == BX_READ) {
++
++ // Let access fall through to the following for this iteration.
++ BX_CPU_THIS_PTR mem->readPhysicalPage(this, laddr, length, data);
++ }
++ else { // Write
++ BX_CPU_THIS_PTR mem->writePhysicalPage(this, laddr, length, data);
++ }
++ }
++ else {
++ // Access spans two pages.
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1 = laddr;
++ BX_CPU_THIS_PTR address_xlation.taint_len1 = 4096 - pageOffset;
++ BX_CPU_THIS_PTR address_xlation.taint_len2 = length -
++ BX_CPU_THIS_PTR address_xlation.taint_len1;
++ BX_CPU_THIS_PTR address_xlation.taint_pages = 2;
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2 = laddr +
++ BX_CPU_THIS_PTR address_xlation.taint_len1;
++
++#ifdef BX_LITTLE_ENDIAN
++ if (rw == BX_READ) {
++ BX_CPU_THIS_PTR mem->readPhysicalPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1, data);
++ BX_CPU_THIS_PTR mem->readPhysicalPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2,
++ ((Bit32u*)data) + BX_CPU_THIS_PTR address_xlation.taint_len1);
++ }
++ else {
++ BX_CPU_THIS_PTR mem->writePhysicalPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1, data);
++ BX_CPU_THIS_PTR mem->writePhysicalPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2,
++ ((Bit32u*)data) + BX_CPU_THIS_PTR address_xlation.taint_len1);
++ }
++
++#else // BX_BIG_ENDIAN
++ if (rw == BX_READ) {
++ BX_CPU_THIS_PTR mem->readPhysicalPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1,
++ ((Bit32u*)data) + (length - BX_CPU_THIS_PTR address_xlation.taint_len1));
++ BX_CPU_THIS_PTR mem->readPhysicalPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2, data);
++ }
++ else {
++ BX_CPU_THIS_PTR mem->writePhysicalPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress1,
++ BX_CPU_THIS_PTR address_xlation.taint_len1,
++ ((Bit32u*)data) + (length - BX_CPU_THIS_PTR address_xlation.taint_len1));
++ BX_CPU_THIS_PTR mem->writePhysicalPage(this,
++ BX_CPU_THIS_PTR address_xlation.taint_paddress2,
++ BX_CPU_THIS_PTR address_xlation.taint_len2, data);
++ }
++#endif
++ }
++ //if (rw==BX_WRITE) BX_CPU_THIS_PTR address_xlation.taint_write_paddress1 = BX_CPU_THIS_PTR address_xlation.taint_paddress1;
++ }
++}
++
++#endif
+diff -urpN bochs-2.1.1.orig/taint/silent_paging.cc.bak checkbochs-2.1.1/taint/silent_paging.cc.bak
+diff -urpN bochs-2.1.1.orig/taint/taint_type.cc checkbochs-2.1.1/taint/taint_type.cc
+--- bochs-2.1.1.orig/taint/taint_type.cc 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/taint_type.cc 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,13 @@
++#define NEED_CPU_REG_SHORTCUTS 1
++#include "bochs.h"
++#define LOG_THIS BX_CPU_THIS_PTR
++
++#include "taint/taint_type.h"
++#include "taint/globals.h"
++
++void assign_taint_functions(char *type) {
++ if (!strcmp(type,"none")) return;
++ if (!strcmp(type,"eraser")) {
++ //g_access_linear_fptr = &(BX_CPU_C::eraser_access_linear);
++ }
++}
+diff -urpN bochs-2.1.1.orig/taint/taint_type.cc.bak checkbochs-2.1.1/taint/taint_type.cc.bak
+diff -urpN bochs-2.1.1.orig/taint/taint_type.h checkbochs-2.1.1/taint/taint_type.h
+--- bochs-2.1.1.orig/taint/taint_type.h 1969-12-31 16:00:00.000000000 -0800
++++ checkbochs-2.1.1/taint/taint_type.h 2005-06-29 11:19:16.000000000 -0700
+@@ -0,0 +1,8 @@
++#ifndef __TAINT_TYPE_H
++#define __TAINT_TYPE_H
++
++#define ERASER_ID 0
++
++void assign_taint_functions(char *taint_type);
++
++#endif
+diff -urpN bochs-2.1.1.orig/taint/taint_type.h.bak checkbochs-2.1.1/taint/taint_type.h.bak
projects / pintos-anon / commitdiff