Dear Bill,
Thank you for your help.
It's possible, though not
ideal--you can use arbitrary
instpoints to instrument pre- or post-
instruction by address. The overhead
should be better than valgrind but
it'll still be high. The lookup
function you want is
BPatch_image::findPoints(Address,
vector<BPatch_point*>&).
I missed this function from Dyninst
documentation. I tried to use simple
instrumentation for every instruction
and all seems OK. I'm going to use
static binary libraries instrumentation
since it's more acceptable for iterative
analysis.
Overhead is a real problem, but
static instrumentation should decrease
it.
Â
The best trick I can suggest is
to analyze each basic block
statically such that you can
determine (e.g. via slicing and
reaching definitions) which
instructions are relevant to your
taint analysis and path condition
analysis, and at what points in the
block the information you seek is
valid. That will allow you to
consolidate the instrumentation into
fewer points, and possibly reuse
values or otherwise reduce the
workload.
We've had some conversations over
the years about how to automate the
above process, so that Dyninst could
automatically transform
instrumentation into its most
efficient equivalent form, but those
have not turned into code--it's a
hard problem in the general case.
If I correctly understand, in terms
of static instrumentation, it means some
kind of code optimization after
instrumentation?
Almost precisely the opposite--you'd perform static analysis to find
the most efficient way to get the full data set you want out of a
given function (e.g. tracing a value as it moves from register to
stack to register untouched and only collecting it via
instrumentation once), and then adjust your instrumentation requests
accordingly. So if you want to determine how to flip all path
conditions, you'd start with control and data flow analysis that
tells you as precisely as possible what the path conditions are, and
then find a minimal set of points that let you probe those path
conditions and find how to alter them.
Thanks for your help.
Sergey Vartanov.
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}