[Feature] Corepoint: generate a core dump the enxt time you meet a given asm instruction (x64 implementation only)

[GoogleCodeExporter]

Hi,

We developed in Amadeus a small extension to Google Coredumper to allow to very 
basically mimic gdb's breakpoint on process running in production environment.

The idea is to put a corepoint at time T at a given assembly instruction 
address. Then at a time T + 1, when one thread of the process meets this 
corepoint then a core dump file is generated, with the exact stack frame the 
thread had when it met the corepoint. Corepoints are one-time use only, so you 
can sefely use them in loops.

This is done without performance penalty, except at time T when you put the 
corepoint, and at time T + 1 when you remove the corepoint and you generate the 
core file: we need to completely stop all the threads via ptrace calls.

The implementation is quite basic (x64 only): like gdb, a corepoint is nothing 
more than replacing the original instruction by an interruption 3. This in 
terms generate a SIGTRAP signal handled in the faulty thread (if this signal is 
not masked). Coredumper registers a SIGTRAP signal handler which:
 - stops all threads with ptrace
 - replaces the int3 instruction by the original one
 - moves the saved $rip register to go back one instruction earlier (sizeof(int3) = 1)
 - generates a FRAME struct from the signal handler saved registers
 - generates a core dump file
 - resumes all threads

I guess the same could also be done in x86 or ARM.

The whole git patch is attached. Note that it requires that you generate all 
autotools files with autoreconf --install to build properly.

Cheers,
Romain

Original issue reported on code.google.com by romain.g...@amadeus.com on 19 Mar 2015 at 11:15

Attachments:

• 0001-Corepoint-implementation.patch