|
From: Nicholas N. <nj...@cs...> - 2005-12-06 15:48:57
|
On Tue, 6 Dec 2005, Peter Hornyack wrote: > I'm working on an academic research project involving profiling, and we're > using the lackey tool that comes with valgrind. We'd like to extend the tool > to count more specific instructions, like x86 push and pop, for example. > > In lackey, lk_instrument() switches on st->tag, where st is the current > IRStmt in the basic block; if the tag is Ist_Tmp, it also switches on > expr->tag. > > Question 1: from the possible values of the IRStmt and IRExpr tags (those > currently defined in libvex_ir.h), is it possible to determine whether st > represents a host push/pop/etc. instruction? I suspect that it's not > possible, because the information is lost in the VEX translation. It's not really possible. Valgrind's IR is deliberately architecture-neutral so that you can write each tool once and have it work on all architectures. The downside of this is that you can't really work with the original instructions. You might have more luck with DynamoRIO or Pin, both of which let you instrument code like Valgrind, but give you access to the original instruction stream. I think I've seen a Pin tool that counts x86 instructions. They're also faster if you're doing simple things like counting instructions. > Question 2 (answer me this question and I can probably answer question 1 > myself): where in the source code are the tags for st set? We've been trying > to trace it for a while, but have been unsuccessful so far. If we can find > where the tags are set, then we could add any tags we need for the profiling > we want to do. I think it's VEX/priv/guest-*/toIR.c. Nick |