Re: [DynInst_API:] A question about dynInst's static instrumentation ability

[Shuai Wang <wangshuai901@xxxxxxxxx>]

Hello Xiaozhu,

Thank you a lot for your response. I double-checked the gdb output,Â

and I suppose only one piece of instrumentation code is indeed executed.Â

In particular,

even tough basic blocks are instrumented like this (please see the jmpqÂinstructions):

But actually in the gdb debugging code only on one "addq" instruction is indeed inserted..Â

Am I missed anything..?Â

BTW: How can you indeed put all the instrumentation code and original together in one section? IMHO,Â

as you don't have the relocation information in the disassembled output, you actually cannot directlyÂ

"inlineâ instrumentation code into the original code.. Could you please elaborate a little bit?Â

Thank you a lot for response.

Sincerely,

Shuai

On Sun, Aug 23, 2015 at 1:05 AM, Xiaozhu Meng <mxz297@xxxxxxxxx> wrote:

Hi Shuai,

Since you instrumented every basic block of a function, Dyninst would
relocate the whole original function to another section. The relocated
function would contain both the original code and the instrumentation
code. Therefore, executing all the instructions at the patched
sections would actually execute both your instrumentation and the
original code. One reason to not jump back immediately after
instrumentation is that executing two extra jumps for each basic block
would significantly slow down the execution.

Thanks

--Xiaozhu

On Sat, Aug 22, 2015 at 10:37 PM, Shuai Wang <wangshuai901@xxxxxxxxx> wrote:
> Dear list,
>
>
> I basically want to instrument an ELF binary, adding some instrumentation
> code to the beginning of every basic block. I use DynInst version 8.2.1 on
> 64-bit Linux platform. I am instrumenting some unstripped binaries now but I
> want to move forward to stripped binaries later.
>
> I found some very confusing situation in the instrumented output, could
> anyone educate me on that..? Sorry if it is really a stupid question.. Let
> me elaborate it here:
>
> 1. I insert one instruction to the beginning of every basic block.
>
> 2. After instrumentation, I use objdump to check the output, I are assured
> that basic blocks' begining instruction(s) have been substituted with a
> "jmp" instruction to the patched section, something like this:
>      jmpq Â700280 <main_dyninst>
>
> 3. I use gdb to go with the execution flow on the instrumented output, and I
> observed that when execution flow hits the first jmpq instruction (at the
> beginning of main function actually), it is redirected to the patched
> section.
>
> 4. I observed the execution at patched section, including both
> instrumentation code, also the replaced instructions at the instrumentation
> point of the original binary. However, to my surprise, the execution flow
> isn't redirected back to the original code section, and it just execute all
> the instructions at the patched sections. And as a result, even I
> instrumented every basic block, but only instrumentation code at the first
> basic block was indeed executed during runtime.
>
>
> I suppose for a static instrumentation, after execution of instrumentation
> code and replaced instructions at the patched section, the execution flow is
> then redirected back by a jmp instruction to the original code section. Am I
> missed anything here..? Or do I have to configure some options in my code
> for this type of functionality..?
>
> Sorry for my disorganized description, am I clear? If so, could anyone give
> me some help..? I really appreciate that!
>
> Sincerely,
> Shuai
>
>
>

> _______________________________________________
> Dyninst-api mailing list
> Dyninst-api@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
>