I found the problem, but I do not really know how to solve it:
1. A springboard overwrites 3 instructions.
2. The PC of the thread is at the second instruction.
3. The PC of the thread is not changed, because the TrackerElement was
merged in CodeTracker::addTracker
4. The thread continues and crashes.
The first approach would be to simply disable merging. But that leads to
other issues. For example, with disabled merging I see the following
1. I am at 2aaab5ab032e
2. 2aaab5ab032e is relocated code and maps to the original address
2aaaab0fd0d1
3. Mapping the original address back to relocated code will return
2aaab5ab030a
Thus the PC is set to 2aaab5ab030a and I will re-execute the
instructions between 2aaab5ab030a and 2aaab5ab032e
2aaab5ab030a: lea RSP, RSP + ffffff58
2aaab5ab0312: mov [RSP + 20], RAX
2aaab5ab0317: lea RAX, RSP + a8
2aaab5ab031f: and RSP, ffffffe0
2aaab5ab0323: mov [RSP], RAX
2aaab5ab0327: mov RAX, [RAX + ffffff78]
2aaab5ab032e: push RAX, RSP
Marc
On 22/01/2016 19:34, Marc BrÃnink wrote:
Hi all,
if I deleteSnippet, does the relocation code get deleted as well? Or do the relocated code regions get reused?
If yes, where? I was unable to find anything.
I insert and delete snippets quite a lot. Sometimes I will end up with threads pointing into broken relocation regions. And I donât know why.
Marc
_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}