i#1834 memval Part 4: Adds memval sample #2174
Conversation
Introduces a sample client which inserts instrumentation after the current instruction to dereference app memory, and to fill a per-thread buffer. Fixes DynamoRIO#1834
|
Note I'm adding ARM support currently, so I'm still working out some kinks. x86 works fine however. Also I will look at the Windows build failure in the morning. |
|
I'm currently looking at the ARM failure in memval_simple, but it seems to be a problem with how I'm using diff --git a/ext/drx/drx_buf.c b/ext/drx/drx_buf.c
index 0caf226..ca28fd3 100644
--- a/ext/drx/drx_buf.c
+++ b/ext/drx/drx_buf.c
@@ -696,6 +696,7 @@ safe_memcpy(drx_buf_t *buf, void *src, size_t len)
size_t written;
bool ok;
+ dr_printf("safe_memcpy(buf: %p, src: %p, len: %d)\n", buf, src, len);
DR_ASSERT_MSG(buf->buf_size >= len,
"buffer was too small to fit requested memcpy() operation");
/* try to perform a safe memcpy */
@@ -711,6 +712,12 @@ safe_memcpy(drx_buf_t *buf, void *src, size_t len)
BUF_PTR(data->seg_base, buf->tls_offs) += len;
}
+static void
+dump_arg(void *foo)
+{
+ dr_printf("%p\n", foo);
+}
+
DR_EXPORT
void
drx_buf_insert_buf_memcpy(void *drcontext, drx_buf_t *buf, instrlist_t *ilist,
@@ -722,6 +729,9 @@ drx_buf_insert_buf_memcpy(void *drcontext, drx_buf_t *buf, instrlist_t *ilist,
opnd_t buf_opnd = OPND_CREATE_INTPTR(buf);
opnd_t src_opnd = opnd_create_reg(src);
opnd_t len_opnd = OPND_CREATE_INTPTR((short)len);
+ dr_insert_clean_call(drcontext, ilist, where, (void *)dump_arg, false, 1, buf_opnd);
+ dr_insert_clean_call(drcontext, ilist, where, (void *)dump_arg, false, 1, src_opnd);
+ dr_insert_clean_call(drcontext, ilist, where, (void *)dump_arg, false, 1, len_opnd);
dr_insert_clean_call(drcontext, ilist, where, (void *)safe_memcpy, false, 3,
buf_opnd, src_opnd, len_opnd);
} else {I see the following behaviour: We're clearly crashing because |
|
Is there a bug in ARM's clean call impl for 3 args? Maybe all the tests of it only pass 1 or 2 args? |
|
Hmm, when looking through the AArchXX implementation of /* FIXME i#1551, i#1569: we only implement naive parameter preparation,
* where args are all regs or immeds and do not conflict with param regs.
*/If I remember correctly, memval_simple crashed on the second usage of More InfoConfirmed, Also, I'm pretty sure we didn't crash on drx_buf-test.dll.c, because we hardcoded the scratch registers to be |
api/samples/memval_simple.c
Outdated
| * Records and dumps app write addresses, and their corresponding written values. | ||
| * | ||
| * (1) It fills two per-thread-buffers with inlined instrumentation. | ||
| * (2) Once the buffer has been filled up, a fault handler will redirect execution |
There was a problem hiding this comment.
s/buffer has/buffers have/
api/samples/memval_simple.c
Outdated
| * - inserting instrumentation after the current instruction to read the value | ||
| * written by it. | ||
| * - the use of drutil_expand_rep_string() to expand string loops to obtain | ||
| * every memory reference, |
There was a problem hiding this comment.
nit: some list items end in . while some end in ,
api/samples/memval_simple.c
Outdated
| char *hexstring = hex_buf, *needle = hex_buf; | ||
|
|
||
| for (i = mem_ref->size - 1; i >= 0; --i) | ||
| needle += dr_snprintf(needle, 2*mem_ref->size+1-2*i, "%02x", write_base[i]); |
There was a problem hiding this comment.
Safer to use the returned value for the size: so 2*mem_ref->size+1-(needle-hex_buf)
api/samples/memval_simple.c
Outdated
| /* write the memrefs to disk */ | ||
| for (mem_ref = trace_base; mem_ref < trace_ptr; mem_ref++) { | ||
| /* Each memref in the trace buffer has an "associated" write in the write buffer. | ||
| * We pull mem_reg->size bytes from the write buffer, and assert we haven't yet |
api/samples/memval_simple.c
Outdated
| bool ok; | ||
|
|
||
| if (drreg_reserve_register(drcontext, ilist, where, NULL, ®_tmp) | ||
| != DRREG_SUCCESS) { |
There was a problem hiding this comment.
style: indent should be under 'd' of 'drreg' -- but prob fits on line above? I wish github let me set a max line width and show a marker there.
There was a problem hiding this comment.
Done, I checked and it doesn't fit (by one char).
api/samples/memval_simple.c
Outdated
| return DR_REG_NULL; | ||
| } | ||
| if (drreg_reserve_register(drcontext, ilist, where, NULL, ®_ptr) | ||
| != DRREG_SUCCESS) { |
api/samples/memval_simple.c
Outdated
| * will get clobbered on ARM. | ||
| */ | ||
| if (drreg_reserve_register(drcontext, ilist, where, NULL, ®_addr) | ||
| != DRREG_SUCCESS) { |
api/samples/memval_simple.c
Outdated
| ushort stride = (ushort)drutil_opnd_mem_size_in_bytes(memref, write); | ||
|
|
||
| if (drreg_reserve_register(drcontext, ilist, where, NULL, ®_ptr) | ||
| != DRREG_SUCCESS) { |
|
Should I wait for the FIXME in |
It would be great if you fixed it :) (Via separate pull request.) Or you could disable for ARM the part of drx_buf-test that will fail and in drx.h mark the routine that uses the clean call as NYI on ARM. |
|
For future pull requests, please take a look at the new workflow: we're using feature branches in the DR repo itself now, so no private clone. |
|
With regards to maybe fixing up |
|
FYI Because I'm a little busy with school atm, I'll just disable the build of memval_simple on ARM for now, and later this week I'll look into cleaning up |
|
Hmm it's been a couple hours and travis says all tests passed here but it looks like the github UI says it hasn't yet finished. Is there a problem or is there just some lag? |
|
I have never seen this before. I've seen the Mac build sit in a queue waiting for a free Travis machine for hours, but here Mac has run. I'll go ahead and override. Maybe we should file a bug against Travis. |
Introduces a sample client which inserts instrumentation after the
current instruction to dereference app memory, and to fill a per-thread
buffer.
Fixes #1834