github_mirrors/vectorscan
3
0
Fork 1
mirror of https://github.com/VectorCamp/vectorscan.git synced 2025-06-28 16:41:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
vectorscan/src/report.h
Justin Viiret 36150bbc19 Rose: replace internal_report with program 
Replace the use of the internal_report structure (for reports from
engines, MPV etc) with the Rose program interpreter.

SOM processing was reworked to use a new som_operation structure that is
embedded in the appropriate instructions.
2016-04-20 13:34:57 +10:00

232 lines
8.0 KiB
C
Raw Blame History

/*
* Copyright (c) 2016, Intel Corporation
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Intel Corporation nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/** \file
* \brief Runtime functions to do with reports, inlined into callers.
*/
#ifndef REPORT_H
#define REPORT_H
#include "hs_internal.h"
#include "hs_runtime.h"
#include "scratch.h"
#include "ue2common.h"
#include "nfa/callback.h"
#include "nfa/nfa_internal.h"
#include "rose/runtime.h"
#include "som/som_runtime.h"
#include "util/exhaust.h"
#include "util/fatbit.h"
static really_inline
int satisfiesMinLength(u64a min_len, u64a from_offset,
u64a to_offset) {
assert(min_len);
if (from_offset == HS_OFFSET_PAST_HORIZON) {
DEBUG_PRINTF("SOM beyond horizon\n");
return 1;
}
DEBUG_PRINTF("match len=%llu, min len=%llu\n", to_offset - from_offset,
min_len);
return to_offset - from_offset >= min_len;
}
enum DedupeResult {
DEDUPE_CONTINUE, //!< Continue with match, not a dupe.
DEDUPE_SKIP, //!< Don't report this match, dupe or delayed due to SOM.
DEDUPE_HALT //!< User instructed us to stop matching.
};
static really_inline
enum DedupeResult dedupeCatchup(const struct RoseEngine *rose,
struct hs_scratch *scratch, u64a offset,
u64a from_offset, u64a to_offset, u32 dkey,
s32 offset_adjust, char is_external_report,
char quash_som, const char do_som) {
DEBUG_PRINTF("offset=%llu, match=[%llu,%llu], dkey=%u, do_som=%d\n", offset,
from_offset, to_offset, dkey, do_som);
// We should not have been called if there's no dedupe work to do.
assert(do_som || dkey != MO_INVALID_IDX);
struct match_deduper *deduper = &scratch->deduper;
if (offset != deduper->current_report_offset) {
assert(deduper->current_report_offset == ~0ULL ||
deduper->current_report_offset < offset);
if (offset == deduper->current_report_offset + 1) {
fatbit_clear(deduper->log[offset % 2]);
} else {
fatbit_clear(deduper->log[0]);
fatbit_clear(deduper->log[1]);
}
if (do_som && flushStoredSomMatches(scratch, offset)) {
return DEDUPE_HALT;
}
deduper->current_report_offset = offset;
}
if (dkey != MO_INVALID_IDX) {
const u32 dkeyCount = rose->dkeyCount;
if (is_external_report || quash_som) {
DEBUG_PRINTF("checking dkey %u at offset %llu\n", dkey, to_offset);
assert(offset_adjust == 0 || offset_adjust == -1);
if (fatbit_set(deduper->log[to_offset % 2], dkeyCount, dkey)) {
/* we have already raised this report at this offset, squash
* dupe match. */
DEBUG_PRINTF("dedupe\n");
return DEDUPE_SKIP;
}
} else if (do_som) {
/* SOM external event */
DEBUG_PRINTF("checking dkey %u at offset %llu\n", dkey, to_offset);
assert(offset_adjust == 0 || offset_adjust == -1);
u64a *starts = deduper->som_start_log[to_offset % 2];
if (fatbit_set(deduper->som_log[to_offset % 2], dkeyCount, dkey)) {
starts[dkey] = MIN(starts[dkey], from_offset);
} else {
starts[dkey] = from_offset;
}
DEBUG_PRINTF("starts[%u]=%llu\n", dkey, starts[dkey]);
if (offset_adjust) {
deduper->som_log_dirty |= 1;
} else {
deduper->som_log_dirty |= 2;
}
return DEDUPE_SKIP;
}
}
return DEDUPE_CONTINUE;
}
/**
* \brief Deliver the given report to the user callback.
*
* Assumes all preconditions (bounds, exhaustion etc) have been checked and
* that dedupe catchup has been done.
*/
static really_inline
int roseDeliverReport(u64a offset, ReportID onmatch, s32 offset_adjust,
struct hs_scratch *scratch, u32 ekey) {
assert(scratch);
assert(scratch->magic == SCRATCH_MAGIC);
struct core_info *ci = &scratch->core_info;
u32 flags = 0;
#ifndef RELEASE_BUILD
if (offset_adjust) {
// alert testing tools that we've got adjusted matches
flags |= HS_MATCH_FLAG_ADJUSTED;
}
#endif
assert(!can_stop_matching(scratch));
assert(ekey == INVALID_EKEY ||
!isExhausted(ci->rose, ci->exhaustionVector, ekey));
u64a from_offset = 0;
u64a to_offset = offset + offset_adjust;
DEBUG_PRINTF(">> reporting match @[%llu,%llu] for sig %u ctxt %p <<\n",
from_offset, to_offset, onmatch, ci->userContext);
int halt = ci->userCallback(onmatch, from_offset, to_offset, flags,
ci->userContext);
if (halt) {
DEBUG_PRINTF("callback requested to terminate matches\n");
ci->status |= STATUS_TERMINATED;
return MO_HALT_MATCHING;
}
if (ekey != INVALID_EKEY) {
markAsMatched(ci->rose, ci->exhaustionVector, ekey);
return MO_CONTINUE_MATCHING;
} else {
return ROSE_CONTINUE_MATCHING_NO_EXHAUST;
}
}
/**
* \brief Deliver the given SOM report to the user callback.
*
* Assumes all preconditions (bounds, exhaustion etc) have been checked and
* that dedupe catchup has been done.
*/
static really_inline
int roseDeliverSomReport(u64a from_offset, u64a to_offset, ReportID onmatch,
s32 offset_adjust, struct hs_scratch *scratch,
u32 ekey) {
assert(scratch);
assert(scratch->magic == SCRATCH_MAGIC);
struct core_info *ci = &scratch->core_info;
u32 flags = 0;
#ifndef RELEASE_BUILD
if (offset_adjust) {
// alert testing tools that we've got adjusted matches
flags |= HS_MATCH_FLAG_ADJUSTED;
}
#endif
assert(!can_stop_matching(scratch));
assert(ekey == INVALID_EKEY ||
!isExhausted(ci->rose, ci->exhaustionVector, ekey));
to_offset += offset_adjust;
assert(from_offset == HS_OFFSET_PAST_HORIZON || from_offset <= to_offset);
DEBUG_PRINTF(">> reporting match @[%llu,%llu] for sig %u ctxt %p <<\n",
from_offset, to_offset, onmatch, ci->userContext);
int halt = ci->userCallback(onmatch, from_offset, to_offset, flags,
ci->userContext);
if (halt) {
DEBUG_PRINTF("callback requested to terminate matches\n");
ci->status |= STATUS_TERMINATED;
return MO_HALT_MATCHING;
}
if (ekey != INVALID_EKEY) {
markAsMatched(ci->rose, ci->exhaustionVector, ekey);
return MO_CONTINUE_MATCHING;
} else {
return ROSE_CONTINUE_MATCHING_NO_EXHAUST;
}
}
#endif // REPORT_H
Reference in New Issue View Git Blame Copy Permalink