shadow memory

[zachturing]

There is a place on shadow memory that doesn't quite understand, as described below:

Take memory size 4G as an example.

In taint_memory.h：
#define BITPAGE_LEAF_BITS TARGET_PAGE_BITS
#define BITPAGE_MIDDLE_BITS (32-TARGET_PAGE_BITS)/2

BITPAGE_LEAF_BITS=12，BITPAGE_MIDDLE_BITS=(32-12)/2=10

//definition of leaf node
typedef struct _tbitpage_leaf {
uint8_t bitmap[2 << BITPAGE_LEAF_BITS]; //bitmap[2^13]
} tbitpage_leaf_t;
The bitmap size is 2^13bytes（8KB）

/* Middle node for holding memory taint information */
typedef struct _tbitpage_middle {
tbitpage_leaf_t *leaf[2 << BITPAGE_MIDDLE_BITS]; //leaf[2^11]
} tbitpage_middle_t;
Each middle node contains 2^11 leaf nods。

/* Root node for holding memory taint information */
tbitpage_middle_t **taint_memory_page_table = NULL;

static void allocate_taint_memory_page_table(void) {
if (taint_memory_page_table) return; // AWH - Don't allocate if one exists
taint_memory_page_table_root_size = ram_size >> (BITPAGE_LEAF_BITS + BITPAGE_MIDDLE_BITS); //ram_size=2^32,taint_memory_page_table_root_size=2^10
taint_memory_page_table = (tbitpage_middle_t *)
g_malloc0(taint_memory_page_table_root_size * sizeof(void));
allocate_leaf_pool();
allocate_middle_pool();
middle_nodes_in_use = 0;
leaf_nodes_in_use = 0;
}

In the function allocate_taint_memory_page_table(), we assign the size of the root node,ram_size = 2^32，taint_memory_page_table_root_size = ram_size >> (BITPAGE_LEAF_BITS + BITPAGE_MIDDLE_BITS)=(2^32)> > (12 + 10)= 2^10 = 1024

Qeustion1:Generally, the page size of 4G RAM is 4KB, and the size of a leaf node defined here is not equal to the size of a page. Why?
Qeustion2:From the above allocation, if the ram_size is 4G, then the size of the entire shadow memory should be 2^13 * 2^11 * 2^10 bytes = 2^34bytes = 16G > ram_size, which is wrong or deliberate So designed?