Re: [Valgrind-developers] Return predictor

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

ok, I guess here's what i'm not getting about SP

I've got the following code in the instrument function to retrieve the
stack pointer

-===========
type = layout->sizeof_SP == 8 ? Ity_I64 : Ity_I32;

IRExpr* ee = IRExpr_Get(layout->offset_SP,type);

IRTemp temp = newIRTemp (sbIn->tyenv, gWordTy);
addStmtToIRSB (sbIn,
              IRStmt_WrTmp (temp,
                            IRExpr_Get (offsetof (VexGuestX86State,
                                                   guest_EIP),
                                         gWordTy)));

Int spAddress = offsetof (VexGuestX86State,guest_ESP);

VG_(printf)("%d",spAddress);     /* this value does not change    */
VG_(printf)("%d",temp);                  /* this value changes a lot  
*/   
VG_(printf)("\n");
}
   return sbOut;

============

problem is, i can't find any consistency, the first one (spAddress),
gives me the same value throughout the program (in each superblock)

the second one (temp) gives me totally different values everytime,
though I can't believe the stack pointer changes with that frequency

is there anything I'm missing here?

my approach is that I'm trying to get the stack pointer, if it changes
that would mean either a function is called or a return is occuring
(that's my logic anyway)

-------- Original Message  --------
Subject: Re: [Valgrind-developers] Return predictor
From: Alexander Potapenko <gl...@go...>
To: Ali Khalfan <akh...@in...>
Cc: val...@li...
Date: Mon Apr 26 2010 05:21:09 GMT-0400 (EDT)
> It's possible to handle the changes of SP, although sometimes a
> call-return pair may not change SP.
>
> You may want to look at how it's done in ThreadSanitizer
> (http://code.google.com/p/data-race-test/), see
> http://code.google.com/p/data-race-test/source/browse/trunk/tsan/ts_valgrind.cc
> ThreadSanitizer keeps the shadow stack to speed up unwinding.
>
> Alex
>
> On Sat, Apr 24, 2010 at 7:31 AM, Ali Khalfan <akh...@in...> wrote:
>   
>> Hi,
>>
>> I'm trying to develop a tool that would predict return addresses.  So I
>> intend to store a function call address in a buffer once a call takes
>> places and then remove it from the buffer once the return happens.
>>
>>
>> Is there a way I could get the return instructions using valgrind?  I've
>> been looking at the lackey examples and see that that jumps can be
>> processed,
>>
>> so is there a way to get just the return statements?
>>
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Valgrind-developers mailing list
>> Val...@li...
>> https://lists.sourceforge.net/lists/listinfo/valgrind-developers
>>
>>     
>
>
>
>   