Why always pass "offset" as "0" to taintcheck_taint_disk/disk_check in hdwrite/hdread?

[M Chen]

Hello,

I've been reading the Decaf taint disk code and try to understand how it's implemented. 

To store taint info of disk sectors, Decaf uses a 64bit bitmap as a minimum record to store taints of 64 bytes. Each bit indicates if the corresponding byte is tainted. 

The args from functions:

    - int taintcheck_taint_disk(const uint64_t index, const uint32_t taint, const int offset, const int size, const void *bs)

    - uint32_t taintcheck_disk_check(const uint64_t index, const int offset, const int size, const void *bs)

        - arg: size are always 4 bytes

            - taintcheck_taint_disk() writes taints of the 4 bytes to the corresponding bitmap

            - taintcheck_disk_check() checks the taints of the 4 bytes from the corresponding bitmap

        - arg: offset indicates the position of the 4 bytes in the 64 bit bitmap

That's why when taintcheck_chk_hdout()/taintcheck_chk_hdin() call functions taintcheck_taint_disk()/taintcheck_disk_check(), they both pass argument "offset" as "offset & 63", such that,

        taintcheck_taint_disk(sect_num * 8 + offset / 64, taint, offset & 63, size, /*regs_records + reg * temu_plugin->taint_record_size,*/ s);

        /*taint_rec*/ cpu_single_env->tempidx = taintcheck_disk_check(sect_num * 8 + offset / 64, offset & 63, size, /*records,*/ s);

which the "offset & 63" gives the position of the 4 bytes in the target bitmap.

However, in taintcheck_chk_hdwrite()/taintcheck_chk_hdread(), when they call taintcheck_taint_disk()/taintcheck_disk_check(), they both pass "0" to the argument offset, such that,

    - taintcheck_taint_disk(sect_num * 8 + (i - paddr) / 64, /*(entry) ? entry->bitmap[((paddr & 63) >> 2)] : 0*/cpu_single_env->tempidx, 0, 4/*size*/, /*(entry) ? entry->records : NULL,*/ s);

    - cpu_single_env->tempidx = taintcheck_disk_check(sect_num * 8 + (i - paddr) / 64, 0, 4, s);

which makes me confused, because it means now the offset is fixed to 0, and taintcheck_taint_disk()/taintcheck_disk_check() will always use the lowest 4 bits of the bitmap as the taint position, whereas the rest bits of the bitmap are not used. 

Why taintcheck_chk_hdwrite()/taintcheck_chk_hdread() pass 0 to the offset, instead of passing values similar to "offset & 63" of taintcheck_chk_hdout()/taintcheck_chk_hdin().

Thanks,

Michael Chen