|
From: Josef W. <Jos...@gm...> - 2011-08-24 20:03:47
|
On Wednesday 24 August 2011, Emilio Coppa wrote:
> Hi
>
> I am trying to write a new tool. For my purpose i need to track function
> entry/exit, I read tracking-fn-entry-exit.txt and see some code of callgrind
> (it's not easy to isolate the code that i need), but I am not so good and so
> I have some problem.
> I write some code that basically insert a call to an helper function at the
> beginning of each BB (guest_chase_thresh = 0). Then I simulate a stack
> during the execution of the program based on SP changes:
> - if VG_(get_fnname_if_entry) is true, I simulate a call
> - if the stack pointer provided by Valgrind is bigger than the SP on my
> stack, I simulate one or more return (callgrind, I think, call this
> operation unwind_call_stack)
> This does not work correctly (I compare my result with callgrind), something
> is missing. The code fo the simulated stack is attached to this email.
Can you show us an example of the differences you get?
Callgrind not only assumes a call if VG_(get_fnname_if_entry) is true, but also,
if VEX returns jump kind "Call" for the last BB.
You should be aware that you get problems with
- tail recursions (jumping to the beginning of a function)
- multithreaded code (you need a shadow stack for every thread)
- signal handlers (you will see arbitrary function calls when a signal handler
calls a function)
I found that the shadow stack with synchronization of SP (yes, using unwind_call_stack)
is quite robust, especially for exception handling e.g. in C++ or longjumps.
However, this does not work nicely with RISC architectures (PPC/ARM), as a call or
a return does not need to change the SP there. Instead, the return address is stored
and restored from a specific register ("link register") using regular branch instructions.
Callgrind does not do this right at the moment, too.
> Do you have any suggestion? How can I correcly trace function entry/exit
> without analyse all jumps?
>
> Sorry for my bad english.
>
> Emilio.
>
|