I am not sure whether we should jump from v1 to v2 at all. If you got
any kind of state, moving from v1 to v2 is just asking for trouble.
The more I think about it, the more I believe that it is at least very
very hard to do right. (But I would be more than happy to be put right)
Actually, single stepping the threads sounds pretty good to me. You only
need to do that if the thread is pointing to relocated code that gets
overwritten. Probably that does not happen too often.
Marc
On 29/01/2016 03:28, Bill Williams wrote:
Nice find, Marc. I admire the bug.
The problem here, I think, is that going relocated->original->relocated
is a lossy transformation; what we want to be able to do is go from
relocated v1 to relocated v2 directly so that we don't wind up getting
rewound to the beginning of instrumentation. (Alternately, we could have
the write process include single-stepping all threads until their PCs
point to safe instructions; I'm not sure that's 100% desirable behavior,
though.)
I'm happy to hear suggestions from the list on how to handle this safely...
--bw
On 01/28/2016 03:53 AM, Marc BrÃnink wrote:
I found the problem, but I do not really know how to solve it:
1. A springboard overwrites 3 instructions.
2. The PC of the thread is at the second instruction.
3. The PC of the thread is not changed, because the TrackerElement was
merged in CodeTracker::addTracker
4. The thread continues and crashes.
The first approach would be to simply disable merging. But that leads
to other issues. For example, with disabled merging I see the following
1. I am at 2aaab5ab032e
2. 2aaab5ab032e is relocated code and maps to the original address
2aaaab0fd0d1
3. Mapping the original address back to relocated code will return
2aaab5ab030a
Thus the PC is set to 2aaab5ab030a and I will re-execute the
instructions between 2aaab5ab030a and 2aaab5ab032e
2aaab5ab030a: lea RSP, RSP + ffffff58
2aaab5ab0312: mov [RSP + 20], RAX
2aaab5ab0317: lea RAX, RSP + a8
2aaab5ab031f: and RSP, ffffffe0
2aaab5ab0323: mov [RSP], RAX
2aaab5ab0327: mov RAX, [RAX + ffffff78]
2aaab5ab032e: push RAX, RSP
Marc
On 22/01/2016 19:34, Marc BrÃnink wrote:
Hi all,
if I deleteSnippet, does the relocation code get deleted as well? Or
do the relocated code regions get reused?
If yes, where? I was unable to find anything.
I insert and delete snippets quite a lot. Sometimes I will end up
with threads pointing into broken relocation regions. And I donât
know why.
Marc
_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}