Implements drstatecmp, a library for machine state comparison for detecting instrumentation-induced clobbering of application state. This implementation supports checks for side-effect-free basic blocks (with the exception of the terminating instruction that could be a function call with side effects). The check involves executing two versions of these basic blocks, one with instrumentation and one without, and then comparing the resulting state to detect bugs. When a mismatch is detected, by default, the disassembled basic block that involved the bug will be emitted.
Introduces a new fifth instrumentation phase in drmgr (called post-instrumentation) to enable the drstatecmp library to perform the duplication and the state comparison after all other instrumentation passes and without breaking any drmgr instrumentation contract (e.g., by adding app instructions in the instru2instru phase).
Illustrates the use of the drstatecmp library by providing a sample client. This sample client introduces an instrumentation bug that is caught by drstatecmp. This sample client also shows how to specify an user-defined callback to be invoked on state comparison mismatches.
Adds a fuzzing app for AArch64 that automatically generates from the decoding files a random sequence of side-effect-free and non-branch instructions with fuzzed operands for stress-testing clients with drstatecmp. This enables automatic testing of even newly inserted instructions in the decoder.
Adds an option in drcachesim to enable drstatecmp and an AArch64 test that enables this option along with delayed tracing for the fuzzing app. Testing with an older DR version showed that this test would have eventually automatically detected #5023 (closed) (instrumentation-clobbering of aflags).
Split up into 4 smaller PRs: #5059, #5090, #5107, #5125.
Issue: #4678