On 10/26/2015 02:35 PM, Yasser Shalabi wrote:
Yeah there is a better way. LLVM compiler pass :P
But what I am compiling uses GCC specific features unimplemented in
LLVM... so my pass is useless. And GCC backend is not something I feel
like learning right now...
Okay. So after setting it the program runs to termination. But only
one int3 is inserted, even when I add each point in the program to the
vector of points to instrument.
...at the entry point of main(), right?
Also, there is a huge new section being inserted into the binary.
.dyninstInst, where all of the code got relocated to. There should be
calls to the rtlib breakpoint function, which should in turn int3 for
you, but if you need the PC where the breakpoint "was inserted", you'll
need a stackwalk back out and a relocated->original address mapping,
which is a lot of work to get what you're after.
Yeah, Dyninst is really not the right tool for precise code generation
like this. You could do a couple of things:
* Use the patchAPI interface directly to wire in traps; a snippet that
always returns a trap instruction will do the trick there, though you
still have to deal with relocating code appropriately. A very
dumbed-down version of CRAFT (http://sourceforge.net/projects/crafthpc/)
would be the model here.
* { __asm int 3 } in your source at the appropriate points.
The source solution is quick and easy if the number of points is small
and well-behaved under compilation; the PatchAPI solution is more
difficult but quite robust.
--bw
Thoughts?
Yasser
On Mon, Oct 26, 2015 at 1:25 PM, Bill Williams <bill@xxxxxxxxxxx> wrote:
On 10/26/2015 01:11 PM, Yasser Shalabi wrote:
I need int3 to trigger the hypervisor. I am running in virtualized settings.
I want to statically instrument the binary at points of interest to trigger
these virtualization exits.
Makes sense, though I have a nagging feeling there may be a better way to do
this.
Anyhow. Breakpoint snippets go through our runtime library's
platform-independent breakpoint function; what you're seeing makes sense
(possibly) if your DYNINSTAPI_RT_LIB environment variable is not set. We
should be checking that before we blithely try to insert calls into the RT
lib, though...
I know rewriter mode on Linux can generally talk to the RT lib, though, and
rewriter mode on Windows is still not working (it's on my ever-expanding
TODO list, but it's not there yet). So I would guess it's either platform or
environment problems.
--bw
On Mon, Oct 26, 2015, 1:07 PM Bill Williams <bill@xxxxxxxxxxx> wrote:
On 10/26/2015 01:00 PM, Yasser Shalabi wrote:
Thanks for the quick reply bill!
When I try:
app->insertSnippet(BPatch_breakPointExpr(),
instrumentation_points);
BPatch_binaryEdit *appBin = dynamic_cast<BPatch_binaryEdit *>(app);
appBin->writeFile(newName);
I get an assertion failure:
DyninstAPI-9.0.3/dyninstAPI/src/ast.C:2072: virtual bool
AstCallNode::initRegisters(codeGen&): Assertion `callee' failed.
Any tips on how to approach?
...what function is it trying to insert a call to? (A call stack from
gdb should be sufficient.) And what platform are you on?
In any event, a breakpointexpr may well not do the right thing in
rewriter mode; it's intended for use when Dyninst is serving as a live
debugger for the process. What's the bigger picture? What do you want to
accomplish when these traps are hit?
On Mon, Oct 26, 2015 at 11:11 AM, Bill Williams <bill@xxxxxxxxxxx> wrote:
On 10/26/2015 10:33 AM, Yasser Shalabi wrote:
I want to insert int3 before points of interest.I have collected these
points using Dyninst. Any pointers on which parts of the API to
instrument
these points with int3 instructions?
A BPatch_breakpointExpr should do the trick.
Thanks!
Yasser
_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}