pub struct CoverageMap { /* private fields */ }Expand description
Per-address execution + write metadata harvested over the lifetime of one (or more) interpreter runs.
The map is always-on inside the Mmu;
callers that don’t want coverage data simply ignore it.
Cost is two hash operations per executed instruction and
one per memory write, which is dwarfed by the rest of the
interpreter.
Implementations§
Source§impl CoverageMap
impl CoverageMap
Sourcepub fn clear(&mut self)
pub fn clear(&mut self)
Drop everything. Useful between runs when the caller wants per-export coverage instead of cumulative.
Sourcepub fn record_exec(&mut self, eip: u32, _insn_size: u8)
pub fn record_exec(&mut self, eip: u32, _insn_size: u8)
Record an instruction fetch at eip. The first byte of
every dispatched instruction lands here exactly once per
occurrence — multiple hits at the same address share the
set entry. insn_size lets the analyzer infer per-
instruction coverage spans without re-decoding; today
only the first byte is recorded (size hint is reserved
for a future per-instruction-span variant).
Sourcepub fn record_write(&mut self, addr: u32, size: u32)
pub fn record_write(&mut self, addr: u32, size: u32)
Record a guest memory write. size is the access width
in bytes (1/2/4/8). Each address tracks the maximum
width seen so the recorded write spans cover the
widest store that touched the byte.
Sourcepub fn executed_addresses(&self) -> impl Iterator<Item = u32> + '_
pub fn executed_addresses(&self) -> impl Iterator<Item = u32> + '_
Iterator over every executed address.
Sourcepub fn executed_count(&self) -> usize
pub fn executed_count(&self) -> usize
Total number of distinct executed addresses.
Sourcepub fn written_addresses(&self) -> impl Iterator<Item = u32> + '_
pub fn written_addresses(&self) -> impl Iterator<Item = u32> + '_
Iterator over every written address. Re-yielding for
each byte covered by a wider write means a single
4-byte mov [addr], eax produces 4 entries.
Sourcepub fn is_self_modifying(&self, addr: u32) -> bool
pub fn is_self_modifying(&self, addr: u32) -> bool
True when addr was both written and later executed
(in this map’s lifetime). Detection is conservative —
the same address being written and executed out of
order still trips the check, since the static
decompiler treats either ordering as suspect.
Sourcepub fn self_modifying_addresses(&self) -> impl Iterator<Item = u32> + '_
pub fn self_modifying_addresses(&self) -> impl Iterator<Item = u32> + '_
Every address that was both written and executed.
Sourcepub fn executed_ranges(&self) -> Vec<Range<u32>>
pub fn executed_ranges(&self) -> Vec<Range<u32>>
Collapse the executed-address set into contiguous
[start, end) ranges (end is exclusive). Two
consecutive addresses count as contiguous; gaps of any
size start a new range. Useful for spotting unaligned
code chunks the static function discovery missed.
Trait Implementations§
Source§impl Clone for CoverageMap
impl Clone for CoverageMap
Source§fn clone(&self) -> CoverageMap
fn clone(&self) -> CoverageMap
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more