From: mathieu lacage <Mathieu.Lacage@sophia.inria.fr>
To: Richard J Moore <richardj_moore@uk.ibm.com>
Cc: systemtap@sources.redhat.com
Subject: Re: Hitachi djprobe mechanism
Date: Sat, 08 Oct 2005 18:33:00 -0000 [thread overview]
Message-ID: <434810E9.6070901@sophia.inria.fr> (raw)
In-Reply-To: <OF70F39591.E5887E85-ON41257093.0054AA39-41257093.0055669A@uk.ibm.com>
hi richard,
>I don't see why block analysis is helpful. Unless one can guarantee fixing
>up all jmp to an instruction following the probed instruction then we
>simply cannot allow jmp to overlay anything smaller than its length.
Block analysis should allow you to detect all jmp targets which become
the boundaries of the blocks. Thus, inserting any instruction in any
block is harmless provided you do not cross the block boundaries because
a jump target cannot fall _within_ the block. Does this answer your
implicit question about the usefulness of the block analysis ?
Of course, the question becomes: how do you detect all jmp targets when
some of them are indirect jumps. I did spend quite a bit of time trying
to answer this question. So far, it is clear to me that non PIC code
contains very few indirect jumps so you should be able to get close to
90% function coverage with a simple block analysis taking into account
only direct absolute and relative jumps. However, the hard part comes
when you want to deal with functions which contain a switch statement.
Being able to parse this last 10% of functions represents a lot of more
work than what can be achieved with simple analysis.
The simple perl analysis code can be useful if you want to convince
yourself about the figures above. I also wrote some prototyping code to
familiarize myself with the x86 ISA: I think the code should be able to
correctly parse and report direct jumps as well as their targets. I have
stopped efforts in this direction since I started looking into the
harder question of indirect jumps. I believe that an answer to the
indirect jump question requires a real analysis of the code which means
being able to perform constant propagation as well as dead code
elimination passes on an intermediate representation of the code to be
able to infer the location of the indirect jump tables as well as their
size statically. I have a start of a framework to do this sort of stuff
but nothing of practical interest to anyone.
Note that the above specifically ignores the issue of indirect _calls_
because I assume they are not able to call in the middle of another
function.
For now, you can find my mostly finished C prototype in there:
http://cutebugs.net/code/bozo-profiler/?cmd=manifest;manifest=fff970e1713fe16f8f637cd2065d2287f1d162d6;path=/libdebug/
Look for the files x86-opcode.c/h. I also started writing
x86-opcode-print.c/h to debug the previous code but I stopped halfway.
>So are we agreed that djprobe only operates under x86 on instructions >= 5
>bytes?
I think this is the safe assumption you could fall back to if you found
yourself being unable to parse the basic blocks of a function because of
an indirect jump. Should you think that such a block analysis is useful,
I can cleanup my parsing code and make it useful enough to detect the
case where it fails and report all block boundaries otherwise.
regards,
Mathieu
next prev parent reply other threads:[~2005-10-08 18:33 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-27 21:05 Keshavamurthy, Anil S
2005-07-28 1:51 ` Karim Yaghmour
2005-07-28 2:10 ` Karim Yaghmour
2005-07-28 16:23 ` Masami Hiramatsu
2005-07-28 16:28 ` Karim Yaghmour
2005-07-28 17:36 ` Mathieu Desnoyers
[not found] ` <20050728110717.A30199@unix-os.sc.intel.com>
2005-07-28 18:33 ` Mathieu Desnoyers
[not found] ` <20050728133456.A32210@unix-os.sc.intel.com>
2005-07-28 23:53 ` Richard J Moore
2005-07-29 5:59 ` Mathieu Desnoyers
2005-07-29 7:55 ` Andi Kleen
2005-07-29 8:44 ` Richard J Moore
2005-07-29 8:46 ` Andi Kleen
2005-07-29 15:51 ` Mathieu Desnoyers
2005-07-30 15:55 ` Andi Kleen
2005-07-30 16:54 ` Mathieu Desnoyers
2005-07-31 22:03 ` Andi Kleen
2005-07-31 23:11 ` Mathieu Desnoyers
2005-08-01 15:37 ` Andi Kleen
2005-08-01 8:44 ` Richard J Moore
2005-08-01 13:21 ` Mathieu Desnoyers
2005-08-01 19:57 ` Satoshi Oshima
2005-08-01 20:21 ` Karim Yaghmour
2005-08-01 22:12 ` Satoshi Oshima
2005-08-01 22:54 ` Karim Yaghmour
2005-08-02 18:42 ` Satoshi Oshima
2005-08-03 14:50 ` Karim Yaghmour
2005-08-04 1:19 ` Mathieu Desnoyers
2005-08-04 3:31 ` Mathieu Desnoyers
2005-08-02 9:42 ` Mathieu Lacage
2005-08-02 15:09 ` Karim Yaghmour
2005-10-07 15:35 ` Richard J Moore
2005-10-08 18:33 ` mathieu lacage [this message]
2005-10-08 21:59 ` Richard J Moore
2005-10-08 23:24 ` Roland McGrath
2005-10-22 11:49 ` mathieu lacage
2005-10-22 22:09 ` Roland McGrath
2005-10-24 6:33 ` Mathieu Lacage
2005-10-24 19:48 ` Roland McGrath
[not found] ` <43621B0D.70204@sophia.inria.fr>
2005-11-07 10:04 ` mathieu lacage
2005-11-07 10:06 ` mathieu lacage
2005-11-08 9:49 ` Richard J Moore
2005-10-09 16:47 ` mathieu lacage
2005-08-02 15:33 ` Mathieu Lacage
2005-08-02 15:36 ` Mathieu Lacage
2005-08-02 16:12 ` Karim Yaghmour
2005-08-02 16:30 ` Mathieu Lacage
2005-08-02 16:46 ` Karim Yaghmour
2005-08-04 17:09 ` Mathieu Lacage
2005-08-03 14:46 ` Andi Kleen
2005-07-29 16:06 ` Frank Ch. Eigler
2005-07-29 18:24 ` sugita
2005-07-28 18:13 ` Richard J Moore
-- strict thread matches above, loose matches on Subject: below --
2005-08-01 22:49 Keshavamurthy, Anil S
2005-08-01 23:05 ` Karim Yaghmour
2005-08-01 23:18 ` Karim Yaghmour
2005-08-01 22:41 Keshavamurthy, Anil S
2005-08-02 3:21 ` Roland McGrath
2005-08-02 3:35 ` Karim Yaghmour
2005-08-01 20:46 Keshavamurthy, Anil S
2005-08-01 21:08 ` Karim Yaghmour
2005-08-01 16:14 Keshavamurthy, Anil S
2005-08-01 20:31 ` Roland McGrath
2005-08-04 0:28 ` Mathieu Desnoyers
2005-08-04 10:01 ` Andi Kleen
2005-08-05 16:25 ` Mathieu Desnoyers
2005-08-05 16:39 ` Andi Kleen
2005-08-01 15:50 Keshavamurthy, Anil S
2005-08-01 16:03 ` Mathieu Desnoyers
2005-07-29 0:18 Keshavamurthy, Anil S
2005-07-29 1:48 ` Karim Yaghmour
2005-07-29 3:41 ` Mathieu Desnoyers
2005-07-29 3:47 ` Karim Yaghmour
2005-07-29 1:53 ` Frank Ch. Eigler
2005-08-01 9:02 ` Mathieu Lacage
2005-08-01 13:18 ` Mathieu Desnoyers
2005-08-02 7:07 ` Mathieu Lacage
2005-07-22 18:09 Frank Ch. Eigler
2005-07-21 22:32 Richard J Moore
2005-07-21 22:52 ` Roland McGrath
2005-07-22 2:52 ` Richard J Moore
2005-07-26 7:14 ` Masami Hiramatsu
2005-07-26 7:53 ` Roland McGrath
2005-07-27 13:02 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=434810E9.6070901@sophia.inria.fr \
--to=mathieu.lacage@sophia.inria.fr \
--cc=richardj_moore@uk.ibm.com \
--cc=systemtap@sources.redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).