From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <systemtap-return-1457-listarch-systemtap=sources.redhat.com@sources.redhat.com>
Received: (qmail 2962 invoked by alias); 7 Oct 2005 15:35:51 -0000
Mailing-List: contact systemtap-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:systemtap-subscribe@sources.redhat.com>
List-Post: <mailto:systemtap@sources.redhat.com>
List-Help: <mailto:systemtap-help@sources.redhat.com>, <http://sources.redhat.com/lists.html#faqs>
Sender: systemtap-owner@sources.redhat.com
Received: (qmail 2925 invoked by uid 22791); 7 Oct 2005 15:35:45 -0000
In-Reply-To: <1122975636.14331.236.camel@chronos>
Subject: Re: Hitachi djprobe mechanism
Sensitivity: 
To: Mathieu Lacage <Mathieu.Lacage@sophia.inria.fr>
Cc: systemtap@sources.redhat.com
X-Mailer: Lotus Notes Release 6.5.1IBM February 19, 2004
Message-ID: <OF70F39591.E5887E85-ON41257093.0054AA39-41257093.0055669A@uk.ibm.com>
From: Richard J Moore <richardj_moore@uk.ibm.com>
Date: Fri, 07 Oct 2005 15:35:00 -0000
X-MIMETrack: Serialize by Router on D06ML065/06/M/IBM(Release 6.53HF247 | January 6, 2005) at
 07/10/2005 16:35:42
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
X-SW-Source: 2005-q4/txt/msg00017.txt.bz2





I've  been back through the discussion on placement of a djprobe jmp on a
instruction less than the jmp size.  I don't see any resolution to this. As
far as I can see there is no safe way to overlay an instruction less than
the size of a jmp with a jmp. So for X86, djprobes would have to be
excluded from probepoints on instructions less than 5 bytes.

I don't see why block analysis is helpful. Unless one can guarantee fixing
up all jmp to an instruction following the probed instruction then we
simply cannot allow jmp to overlay anything smaller than its length.

So are we agreed that djprobe only operates under x86 on instructions >= 5
bytes?



- -
Richard J Moore
IBM Linux Technology Centre


                                                                           
             Mathieu Lacage                                                
             <Mathieu.Lacage                                               
             @sophia.inria.f                                            To 
             r>                        karim@opersys.com                   
             Sent by:                                                   cc 
             systemtap-owner           systemtap@sources.redhat.com        
             @sources.redhat                                           bcc 
             .com                                                          
                                                                   Subject 
                                       Re: Hitachi djprobe mechanism       
             02/08/2005                                                    
             10:40                                                         
                                                                           




[trimming the CC list and assuming all CCed persons are subscribed to
systemtap]

On Mon, 2005-08-01 at 16:31 -0400, Karim Yaghmour wrote:

> > step 3: (after all CPU pass safety check) replace with jmp
> >          instruction without first byte. leave int 3 instruction
> >          unchanged at this time (new step).
>
> This still fails to cover the very simple case I explained earlier:
>     if (...)
>           goto label;
>     <more code>
>     single_byte_asm_instruction_code();
> label:
>     foo();
>
> You still can't replace the instruction right before the label, and you'd
> have to have an integrated disassembler to go through all the code and
> make sure it too doesn't have a reference to the address of "label:".

This problem probably should be addressed in userspace and the way this
should be solved is by calculating the location of the basic blocks of
the function in which you want to insert the probe. Then, any basic
block bigger than 5 bytes will be an acceptable candidate for probe
insertion.

Clearly, this is one of the reasons the kerninst people built a system-
wide daemon which did perform the basic-block calculation.

The attached ugly perl script evaluates the basic blocks and outputs
statistics about their size. Please, note the "evaluate" verb used
above. It means that I am pretty sure this script is not 100% reliable
but it should give non-skewed results given the size of most binaries.
Beware: this thing will suck away your CPU time.

objdump -d -j .text /usr/lib/libgtk.so |./analysis.pl --print-stats
[...]
percentage of basic blocks bigger than 5 bytes: 97.45
bytes percentage of basic blocks bigger than 5 bytes: 99.68


objdump -d -j .text /usr/lib/libgtk-x11-2.0.so |./analysis.pl --print-
stats
[...]
percentage of basic blocks bigger than 5 bytes: 92.87
bytes percentage of basic blocks bigger than 5 bytes: 99.09


objdump -d -j .text /usr/X11R6/bin/X |./analysis.pl --print-stats
[...]
percentage of basic blocks bigger than 5 bytes: 96.63
bytes percentage of basic blocks bigger than 5 bytes: 99.60


objdump -d -j .text /usr/X11R6/lib/libX11.so |./analysis.pl --print-
stats
[...]
percentage of basic blocks bigger than 5 bytes: 96.98
bytes percentage of basic blocks bigger than 5 bytes: 99.60


I must say that I am pretty surprised by this rather positive result
which means that if you perform a proper bb-analysis of your binaries,
you should be able to put a probe almost anywhere in your binary without
much complicated instruction relocation work (modulo the issues related
to inserting and removing the probe itself).

regards,
Mathieu
--



#### analysis.pl has been deleted (was saved in repository MyAttachments
Repository ->(Document link: Link to the attachment in the repository))
from this note on 03 August 2005 by Richard J Moore