Add caching functionality and improve TTD code coverage analysis

Copilot · xusheng6 · Copilot · commit 8b0eedb059dd · 2025-09-09T07:32:27.000Z
Co-authored-by: xusheng6 &lt;94503187+xusheng6@users.noreply.github.com&gt;
diff --git a/api/debuggerapi.h b/api/debuggerapi.h
@@ -671,6 +671,9 @@ namespace BinaryNinjaDebuggerAPI {
 		// TTD Code Coverage Analysis Methods
 		bool IsInstructionExecuted(uint64_t address);
 		bool RunCodeCoverageAnalysis();
+		size_t GetExecutedInstructionCount() const;
+		bool SaveCodeCoverageToFile(const std::string& filePath) const;
+		bool LoadCodeCoverageFromFile(const std::string& filePath);
 
 		void PostDebuggerEvent(const DebuggerEvent& event);
 
diff --git a/api/debuggercontroller.cpp b/api/debuggercontroller.cpp
@@ -999,6 +999,24 @@ bool DebuggerController::RunCodeCoverageAnalysis()
 }
 
 
+size_t DebuggerController::GetExecutedInstructionCount() const
+{
+	return BNDebuggerGetExecutedInstructionCount(m_object);
+}
+
+
+bool DebuggerController::SaveCodeCoverageToFile(const std::string& filePath) const
+{
+	return BNDebuggerSaveCodeCoverageToFile(m_object, filePath.c_str());
+}
+
+
+bool DebuggerController::LoadCodeCoverageFromFile(const std::string& filePath)
+{
+	return BNDebuggerLoadCodeCoverageFromFile(m_object, filePath.c_str());
+}
+
+
 void DebuggerController::PostDebuggerEvent(const DebuggerEvent &event)
 {
 	BNDebuggerEvent* evt = new BNDebuggerEvent;
diff --git a/api/ffi.h b/api/ffi.h
@@ -540,6 +540,9 @@ extern "C"
 	// TTD Code Coverage Analysis Functions
 	DEBUGGER_FFI_API bool BNDebuggerIsInstructionExecuted(BNDebuggerController* controller, uint64_t address);
 	DEBUGGER_FFI_API bool BNDebuggerRunCodeCoverageAnalysis(BNDebuggerController* controller);
+	DEBUGGER_FFI_API size_t BNDebuggerGetExecutedInstructionCount(BNDebuggerController* controller);
+	DEBUGGER_FFI_API bool BNDebuggerSaveCodeCoverageToFile(BNDebuggerController* controller, const char* filePath);
+	DEBUGGER_FFI_API bool BNDebuggerLoadCodeCoverageFromFile(BNDebuggerController* controller, const char* filePath);
 
 	DEBUGGER_FFI_API void BNDebuggerPostDebuggerEvent(BNDebuggerController* controller, BNDebuggerEvent* event);
 
diff --git a/core/debuggercontroller.cpp b/core/debuggercontroller.cpp
@@ -16,6 +16,7 @@ limitations under the License.
 
 #include "debuggercontroller.h"
 #include <thread>
+#include <fstream>
 #include "lowlevelilinstruction.h"
 #include "mediumlevelilinstruction.h"
 #include "highlevelilinstruction.h"
@@ -2918,31 +2919,158 @@ bool DebuggerController::RunCodeCoverageAnalysis()
 	
 	LogInfo("Starting TTD code coverage analysis...");
 	
-	// Iterate through all functions and their instruction addresses
+	// Get all instruction addresses from all functions
+	std::set<uint64_t> allInstructionAddresses;
 	for (auto func : bv->GetAnalysisFunctionList())
 	{
-		uint64_t funcStart = func->GetStart();
-		uint64_t funcEnd = func->GetHighestAddress();
-		
-		// Query TTD for execute access at each instruction address
-		auto events = GetTTDMemoryAccessForAddress(funcStart, funcEnd, TTDMemoryExecute);
-		
-		for (const auto& event : events)
+		for (auto block : func->GetBasicBlocks())
+		{
+			uint64_t addr = block->GetStart();
+			uint64_t end = block->GetEnd();
+			while (addr < end)
+			{
+				allInstructionAddresses.insert(addr);
+				size_t instrLen = func->GetArchitecture()->GetInstructionLength(bv, addr);
+				if (instrLen == 0)
+					instrLen = 1; // Fallback to avoid infinite loop
+				addr += instrLen;
+			}
+		}
+	}
+	
+	LogInfo("Analyzing {} instruction addresses for execution traces...", allInstructionAddresses.size());
+	
+	// Query TTD for execute access covering the entire executable range
+	uint64_t minAddr = *allInstructionAddresses.begin();
+	uint64_t maxAddr = *allInstructionAddresses.rbegin();
+	
+	auto events = GetTTDMemoryAccessForAddress(minAddr, maxAddr - minAddr + 16, TTDMemoryExecute);
+	
+	for (const auto& event : events)
+	{
+		if (event.accessType == TTDMemoryExecute)
 		{
-			if (event.accessType == TTDMemoryExecute)
+			// Only count instruction addresses that we actually care about
+			if (allInstructionAddresses.find(event.instructionAddress) != allInstructionAddresses.end())
 			{
 				m_executedInstructions.insert(event.instructionAddress);
 			}
 		}
 	}
 	
 	m_codeCoverageAnalysisRun = true;
-	LogInfo("TTD code coverage analysis completed. Found {} executed instructions.", m_executedInstructions.size());
+	LogInfo("TTD code coverage analysis completed. Found {} executed instructions out of {} total.", 
+			m_executedInstructions.size(), allInstructionAddresses.size());
 	
 	return true;
 }
 
 
+size_t DebuggerController::GetExecutedInstructionCount() const
+{
+	return m_executedInstructions.size();
+}
+
+
+bool DebuggerController::SaveCodeCoverageToFile(const std::string& filePath) const
+{
+	if (!m_codeCoverageAnalysisRun)
+	{
+		LogError("No code coverage analysis has been run");
+		return false;
+	}
+	
+	try
+	{
+		std::ofstream file(filePath, std::ios::binary);
+		if (!file.is_open())
+		{
+			LogError("Failed to open file for writing: {}", filePath);
+			return false;
+		}
+		
+		// Write header
+		uint32_t magic = 0x54544443; // "TTDC" - TTD Coverage
+		uint32_t version = 1;
+		size_t count = m_executedInstructions.size();
+		
+		file.write(reinterpret_cast<const char*>(&magic), sizeof(magic));
+		file.write(reinterpret_cast<const char*>(&version), sizeof(version));
+		file.write(reinterpret_cast<const char*>(&count), sizeof(count));
+		
+		// Write addresses
+		for (uint64_t addr : m_executedInstructions)
+		{
+			file.write(reinterpret_cast<const char*>(&addr), sizeof(addr));
+		}
+		
+		file.close();
+		LogInfo("Saved {} executed instruction addresses to {}", count, filePath);
+		return true;
+	}
+	catch (const std::exception& e)
+	{
+		LogError("Error saving code coverage: {}", e.what());
+		return false;
+	}
+}
+
+
+bool DebuggerController::LoadCodeCoverageFromFile(const std::string& filePath)
+{
+	try
+	{
+		std::ifstream file(filePath, std::ios::binary);
+		if (!file.is_open())
+		{
+			LogError("Failed to open file for reading: {}", filePath);
+			return false;
+		}
+		
+		// Read header
+		uint32_t magic, version;
+		size_t count;
+		
+		file.read(reinterpret_cast<char*>(&magic), sizeof(magic));
+		if (magic != 0x54544443)
+		{
+			LogError("Invalid file format (magic number mismatch)");
+			return false;
+		}
+		
+		file.read(reinterpret_cast<char*>(&version), sizeof(version));
+		if (version != 1)
+		{
+			LogError("Unsupported file version: {}", version);
+			return false;
+		}
+		
+		file.read(reinterpret_cast<char*>(&count), sizeof(count));
+		
+		// Clear existing data and read addresses
+		m_executedInstructions.clear();
+		
+		for (size_t i = 0; i < count; i++)
+		{
+			uint64_t addr;
+			file.read(reinterpret_cast<char*>(&addr), sizeof(addr));
+			m_executedInstructions.insert(addr);
+		}
+		
+		file.close();
+		m_codeCoverageAnalysisRun = true;
+		
+		LogInfo("Loaded {} executed instruction addresses from {}", count, filePath);
+		return true;
+	}
+	catch (const std::exception& e)
+	{
+		LogError("Error loading code coverage: {}", e.what());
+		return false;
+	}
+}
+
+
 void DebuggerController::OnRebased(BinaryView* oldView, BinaryView* newView)
 {
 	m_data = newView;
diff --git a/core/debuggercontroller.h b/core/debuggercontroller.h
@@ -366,6 +366,9 @@ namespace BinaryNinjaDebugger {
 		// TTD Code Coverage Analysis Methods
 		bool IsInstructionExecuted(uint64_t address);
 		bool RunCodeCoverageAnalysis();
+		size_t GetExecutedInstructionCount() const;
+		bool SaveCodeCoverageToFile(const std::string& filePath) const;
+		bool LoadCodeCoverageFromFile(const std::string& filePath);
 
 		void OnRebased(BinaryView* oldView, BinaryView* newView);
 
diff --git a/core/ffi.cpp b/core/ffi.cpp
@@ -1117,6 +1117,21 @@ bool BNDebuggerRunCodeCoverageAnalysis(BNDebuggerController* controller)
 	return controller->object->RunCodeCoverageAnalysis();
 }
 
+size_t BNDebuggerGetExecutedInstructionCount(BNDebuggerController* controller)
+{
+	return controller->object->GetExecutedInstructionCount();
+}
+
+bool BNDebuggerSaveCodeCoverageToFile(BNDebuggerController* controller, const char* filePath)
+{
+	return controller->object->SaveCodeCoverageToFile(std::string(filePath));
+}
+
+bool BNDebuggerLoadCodeCoverageFromFile(BNDebuggerController* controller, const char* filePath)
+{
+	return controller->object->LoadCodeCoverageFromFile(std::string(filePath));
+}
+
 void BNDebuggerFreeTTDMemoryEvents(BNDebuggerTTDMemoryEvent* events)
 {
 	if (events)
diff --git a/ui/ttdanalysisdialog.cpp b/ui/ttdanalysisdialog.cpp
@@ -54,10 +54,8 @@ void TTDAnalysisWorker::run()
 		success = m_controller->RunCodeCoverageAnalysis();
 		if (success)
 		{
-			// The result count would need to be exposed from the controller
-			// For now, we'll use a placeholder
-			resultCount = 1; // Placeholder - would need API to get actual count
-			message = "Code coverage analysis completed successfully";
+			resultCount = m_controller->GetExecutedInstructionCount();
+			message = QString("Code coverage analysis completed successfully. Found %1 executed instructions.").arg(resultCount);
 		}
 		else
 		{
@@ -232,6 +230,15 @@ void TTDAnalysisDialog::populateAnalysisList()
 	codeCoverage.cachePath = getDefaultCachePath(TTDAnalysisType::CodeCoverage);
 	codeCoverage.resultCount = 0;
 	
+	// Check if cache file exists
+	QFileInfo cacheFile(codeCoverage.cachePath);
+	QFileInfo dataFile(codeCoverage.cachePath + ".data");
+	if (cacheFile.exists() && dataFile.exists())
+	{
+		codeCoverage.description += "\n\nCached results available from: " + cacheFile.lastModified().toString();
+		codeCoverage.status = TTDAnalysisStatus::LoadedFromCache;
+	}
+	
 	m_analysisResults.append(codeCoverage);
 	
 	// Update list widget
@@ -532,6 +539,7 @@ bool TTDAnalysisDialog::saveAnalysisResults(const TTDAnalysisResult& result)
 		cacheDir.mkpath(".");
 	}
 	
+	// Save metadata as JSON
 	QJsonObject json;
 	json["type"] = static_cast<int>(result.type);
 	json["name"] = result.name;
@@ -547,6 +555,15 @@ bool TTDAnalysisDialog::saveAnalysisResults(const TTDAnalysisResult& result)
 		return false;
 	
 	file.write(doc.toJson());
+	file.close();
+	
+	// Save actual analysis data using controller
+	if (result.type == TTDAnalysisType::CodeCoverage && m_controller)
+	{
+		QString dataPath = cachePath + ".data";
+		return m_controller->SaveCodeCoverageToFile(dataPath.toStdString());
+	}
+	
 	return true;
 }
 
@@ -570,6 +587,19 @@ bool TTDAnalysisDialog::loadAnalysisResults(TTDAnalysisResult& result)
 	result.resultCount = json["resultCount"].toVariant().toULongLong();
 	result.lastRun = QDateTime::fromString(json["lastRun"].toString(), Qt::ISODate);
 	
+	file.close();
+	
+	// Load actual analysis data using controller
+	if (result.type == TTDAnalysisType::CodeCoverage && m_controller)
+	{
+		QString dataPath = cachePath + ".data";
+		QFileInfo dataFile(dataPath);
+		if (dataFile.exists())
+		{
+			return m_controller->LoadCodeCoverageFromFile(dataPath.toStdString());
+		}
+	}
+	
 	return true;
 }
 
