|
From: Geoff S. <gs...@us...> - 2006-02-10 08:25:15
|
We would like to propose a new tool for valgrind to generate instruction
traces. Perhaps the most direct way to explain this would be to offer the
new chapter for the valgrind users manual.
We have used this with success internally. Would this feature be of
general interest to the community?
-------------------------------------------------------------------------------------------
10. Itrace: an instruction tracer
To use this tool, specify --tool=itrace on the Valgrind command line.
10.1 Tracing
Itrace is a simple tool to output a trace of the instructions executed by
the processor. The resulting output is simple enough to perform ad hoc
analysis with scripts, or it can be used by subsequent,
architecture-specific tools to look for problematic code sequences, to
find misaligned memory access, for calculating cycle counts (often complex
as processors develop deeper and more sophisticated pipelines), to
determine structural coverage on an object-code basis, or for analyzing
suboptimal sequences and mis-optimizations in executing instruction
streams.
In addition to recording instructions executed, itrace also records memory
accesses associated with each instruction.
10.2 Command-line options specific to itrace
--trace-function=foo
When specified, indicates that only instructions in the indicated function
are traced. With this option, you can examine a specific function;
without it, you get the trace for the entire execution which will consist
of tens of thousands of lines of output at the minimum.
10.3 Output Format
The output of itrace is an ASCII-formatted trace of the instructions
executed. The format is very simple to facilitate post-processing. The
first character of each line or record indicates what kind of data is
included in the line.
Example ("..." indicates skipped records)
==14778== valgrind-itrace, Instruction and memory tracer.
==14778== Copyright (C) 2005, and GNU GPL'd.
==14778== Using LibVEX rev 1471, a library for dynamic binary translation.
==14778== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==14778== Using valgrind-3.1.0, a dynamic binary instrumentation
framework.
==14778== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==14778== For more details, rerun with: -v
==14778==
H valgrind-itrace
J 00244C67 55 ; dl_start
...
J 08048394 55 ; main
W BE8619A8 BE861A08
I 89E5
I 83EC08
I 83E4F0
I B800000000
I 83C00F
I 83C00F
I C1E804
I C1E004
I 29C4
I E8C7FFFFFF
W BE86198C 080483B5
G
J 0804837C 55 ; print
W BE861988 BE8619A8
I 89E5
...
Record definitions
H whatever ...
Indicates the start of the trace, possibly with additional data in no
specific format.
J aaaa xxxx [; symbol]
Instruction-with-address record. aaaa is the address of the instruction,
xxxx is a byte dump of the instruction itself. All values are in hex.
Optionally, a symbol name associated with the address may be provided.
Note that "J" does not imply that a branch occurred, it merely indicates
that the record includes the address of the instruction executed.
I xxxx
Instruction record for an instruction that immediately follows the
previous instruction. The address can be determined from the length of
the preceding instruction.
G
Indicates a gap in the trace. This will happen, for instance, when
valgrind simulates a system call via an int 80 (on x86) or sc (on ppc)
instruction, or when a branch occurs to code not being traced.
R aaaaaaaa rrrr
W aaaaaaaa wwwwwwww
Indicates that the previous instruction caused a read of the bytes rrrr at
the address, or a write of bytes wwww. The length of the read or write is
indicated by the number of bytes shown. R and W records occur in order;
for example, an increment-memory instruction will show the read followed
by the write.
|