|
From: Chris E. <chr...@gm...> - 2007-01-10 21:24:50
|
When using --vex-guest-chase-thresh=0, and all IR blocks represent true basic blocks from the guest code, shouldn't I expect to see all IR blocks end with the first Ist.Exit? Looking at my output from lackey, that doesn't seem to be the case. Are there Exit stmts that result from translation that end up in an IR block but don't represent a branch in the guest BB? If that is the case, are the only Ist.Exit JumpKinds that actually represent branches in the guest code Ijk_Boring, Ijk_Call, and Ijk_Ret? Thanks, - Chris > > Try running with --vex-guest-chase-thresh=0 to disable this; does that > > change the results? > > Yes, it does, but not for the better. Leaving that out, a function that I > know is called 5 times is correctly detected 5 times by the > instrumentation, but when this parameter is set as above, that value jumps > to 224 :) > > vex-guest-chase-thresh #of times seeing foo() > ------------------------------------------------- > not included 5 (correct) > 0 224 > 1 1 > 2 5 > 3 5 > 4 5 > 10 5 > > What is the effect of the value of vex-guest-chase-thresh ? > coregrind/m_main.c indicates a range of 0 to 99 but no further info. That's strange. You should investigate. --vex-guest-chase-thresh=N (where the default N = 10, iirc) controls the extent to which vex will continue disassembling across unconditional branches and call instructions. When it sees such an instruction, it will continue disassembling into the current IR block (at the target of the insn, of course) providing that no more than N instructions have already been disassembled into this IR block. So if N=0, vex will never chase across such a branch, which means the IR really does represent a straight line piece of code. This simplifies the problem of finding calls/returns. Recent callgrinds - the one released with 3.1.0, at least (0.10.1?) forces this value to zero at startup for just such reasons. You might also want to play with --vex-guest-max-insns. Setting this to 1 will trash performance, but give you a simpler baseline scenario in which each insn is translated into its own IR block. J |