|
From: Olivier S. <oli...@re...> - 2008-02-19 10:32:58
|
Hi everyone, I'm a french student using Valgrind framework to write a Redux-like dataflow analyser to be used for intrusion detection. I had initially planned to work from Redux Source Code but it's seems too old to work with the latests versions of Valgrind, and hence i decided to rebuild it from scratch. Unhappily, i fall in trouble shadowing temporaries. For instance, if i want to trace an addition, how to obtain the content of t3 = Add32(Get::I32(0), Get::I32(6)), whithout manually shadowing all temps used in the SB ? In a nutshell, how to access the result of the operations processed by Valgrind for the guest program ? That's it .... If anyone could help me ! Thanks for everyone's job on Valgrind project and sorry for my poor english .... Olivier Sarrouy Master Student Supélec, Rennes France |
|
From: Julian S. <js...@ac...> - 2008-02-19 12:28:36
|
> I'd like to see the result of the operation Add32(Get::I32(0), Get::I32(6). You should note that "Add32(Get::I32(0), Get::I32(6))" is not in the flat-SSA form that will be sent to your tool. To see the actual input to your instrumentation function, use --trace-flags=01000000 --trace-notbelow=0. Learn to use --trace-flags and --trace-notbelow; they are your friends. What you will see is something like "t3 = Add32(t99,t88)" Anyway: to see the value of t3 you need to construct IRExpr_RdTmp(t3) (where the arg to IRExpr_RdTmp is the IRTemp which is t3). J > > For the temporary which holds some information associated with t3 i've > build up a shadow manager (hope it is not useless !). > > Thanks > > Olivier > > Julian Seward a écrit : > >> Unhappily, i fall in trouble shadowing temporaries. For instance, if i > >> want to trace an addition, how to obtain the content of t3 = > >> Add32(Get::I32(0), Get::I32(6)), whithout manually shadowing all temps > >> used in the SB ? > > > > Not sure what you are asking. You want to see the value of t3, or > > you want a new temporary which holds some information associated > > with t3, or something different? > > > > J |
|
From: Julian S. <js...@ac...> - 2008-02-20 11:38:51
|
On Wednesday 20 February 2008 09:26, you wrote: > In fact, i think i've explained my problem in a very silly way (and i'm > sorry for that ...). > Let's suppose we're given a input IRSB with a t3 = Add32(t2,t5) statement. > What i intend to do is to access, at run-time, the value of t3. > My first idea was to use a helper c function which would, at run time, > access the temporaries (via pointers f.e.). But how to access this > temporaries at run time, via pointers ? You can't access them via pointers. The temporaries are stored in registers by a later stage of the compilation (JIT) pipeline. Your instrumentation function will scan the input IRSB. It must copy all the input code into a new IRSB (else the program won't work properly). But when it does the copy, it can add new code of its own. For example, if it sees t3 = Add32(t2,t5) then after that you can create an IRStmt which contains an IRExpr_RdTmp(t3). For example, you could create an IRStmt which calls a C helper function, passing it the value of t3. Many tools do that kind of thing. Try studying lackey, it is relatively simple. Try to understand the output of --trace-flags=10001000. It is better to generate in-inline IR instrumentation than to generate many calls to C helper functions, since calling C helpers a lot will make your programs run slowly. J |
|
From: Nicholas N. <nj...@cs...> - 2008-02-20 21:13:23
|
On Wed, 20 Feb 2008, Olivier Sarrouy wrote: > But how can i, at run-time, access the content of temporaries (for example > to obtain the result of an Add32) ? Temporaries don't exist at run-time as such -- they all get converted into real registers. But, at instrumentation time that isn't relevant... if you want the value in a temporary, you just use it. Eg. if you have t3 = Add32(t1, t2) the result in t3 is accessed simply by using t3. So you can pass it into a helper function, for example. Look at Memcheck's code, and also the code after it has instrumented it (using --trace-flags). Or you might find the example in http://www.valgrind.org/docs/valgrind2007.pdf useful. Nick |
|
From: Julian S. <js...@ac...> - 2008-02-19 11:24:21
|
> Unhappily, i fall in trouble shadowing temporaries. For instance, if i > want to trace an addition, how to obtain the content of t3 = > Add32(Get::I32(0), Get::I32(6)), whithout manually shadowing all temps > used in the SB ? Not sure what you are asking. You want to see the value of t3, or you want a new temporary which holds some information associated with t3, or something different? J |
|
From: Nicholas N. <nj...@cs...> - 2008-02-19 20:54:53
|
On Tue, 19 Feb 2008, Olivier Sarrouy wrote: > Unhappily, i fall in trouble shadowing temporaries. For instance, if i > want to trace an addition, how to obtain the content of t3 = > Add32(Get::I32(0), Get::I32(6)), whithout manually shadowing all temps > used in the SB ? In a nutshell, how to access the result of the > operations processed by Valgrind for the guest program ? You will need to shadow all temps in the SB. Nick |