S2E provides a means for guest code code to communicate with plugins by providing a special machine instruction.
S2E extends the x86 instruction set with a custom instruction. When guest code executes this instruction, S2E
invokes plugins that listen for that instruction (using the
The instruction has the following format:
# S2E custom instruction format 0f 3f XX XX YY YY YY YY YY YY XX: 16-bit instruction code. Each plugin should have a unique one. YY: 6-bytes operands. Freely defined by the instruction code.
BaseInstructions plugin uses the above format to implement basic functionality (e.g., creating symbolic
variables, get current state id, check if a memory location is symbolic, etc.). Refer to
guest/common/include/s2e/s2e.h for a complete set of APIs.
Plugins should not define new custom instruction codes. There are two problems with this format: (1) one needs to manually allocate plugin-specific opcodes and (2) each plugin is forced to listen to all S2E instruction invocations and filter out those of no interest.
Instead, plugins should implement the
IPluginInvoker interface. This interface provides a method that
BaseInstructions plugin calls when the guest invokes the
s2e_invoke_plugin() API. This API lets guest
code pass arbitrary data to specific plugins. Each plugin can define its own data format.
# Definition in s2e.h static inline int s2e_invoke_plugin(const char *pluginName, void *data, uint32_t dataSize); ... s2e_invoke_plugin("MyPlugin", &command, sizeof(command));
See the source code for more information about custom instructions.