|
From: Vinay C. <vin...@gm...> - 2012-01-19 11:39:47
|
Hi all,
I have a basic question regarding the capabilities of Valgrind. I
am looking for ways to manipulate the execution of a given software (mostly
by changing the values of instruction operands). I would like to develop a
valgrind tool that goes through each instruction (or a subset of
instructions) of the software, changes the values of the operands and
executes the software with the modified operands.
From the valgrind documentation and the list of standard tools
(memcheck, cachegrind etc.,), I felt that the executing code was just being
monitored/observed but not modified. However, the wiki link of valgrind
clearly states that the execution can be manipulated
*Valgrind first translates the program into a temporary, simpler form
called Intermediate Representation (IR), which is a
processor-neutral, SSA-based form. After the conversion, a tool (see below)
is free to do whatever transformations it would like on the IR, before
Valgrind translates the IR back into machine code and lets the host
processor run it. *
I also looked through the discussion archives and found that there were
some patches related to fault injection but I was unable to infer anything
from those mails.
I would be glad if someone can provide information on the
capabilities of valgrind in regards to code manipulation and if possible,
give some pointers to existing tools that employ these capabilities.
Thanks,
Vinay.
|
|
From: WAROQUIERS P. <phi...@eu...> - 2012-01-19 11:53:00
|
All the Valgrind tools (except the "none" tool) are doing code manipulation. These Valgrind tools are only "augmenting" the code, trying hard to not change the semantic of the code (e.g. memcheck instruments the code to see if uninitialised values are used, helgrind instruments the code to detect race condition, etc ...). But you can for sure write a tool which modifies the semantic of the code. For example, if the tool gets an IR expression "Add32" (means: an addition of two values), the tool instrumentation function might transform this into a "Mul32", thereby injecting a fault). Philippe ________________________________ From: Vinay Chippa [mailto:vin...@gm...] Sent: Thursday 19 January 2012 12:39 To: val...@li... Subject: [Valgrind-users] Execution Manipulation using valgrind Hi all, I have a basic question regarding the capabilities of Valgrind. I am looking for ways to manipulate the execution of a given software (mostly by changing the values of instruction operands). I would like to develop a valgrind tool that goes through each instruction (or a subset of instructions) of the software, changes the values of the operands and executes the software with the modified operands. From the valgrind documentation and the list of standard tools (memcheck, cachegrind etc.,), I felt that the executing code was just being monitored/observed but not modified. However, the wiki link of valgrind clearly states that the execution can be manipulated *Valgrind first translates the program into a temporary, simpler form called Intermediate Representation (IR), which is a processor-neutral, SSA-based form. After the conversion, a tool (see below) is free to do whatever transformations it would like on the IR, before Valgrind translates the IR back into machine code and lets the host processor run it. * I also looked through the discussion archives and found that there were some patches related to fault injection but I was unable to infer anything from those mails. I would be glad if someone can provide information on the capabilities of valgrind in regards to code manipulation and if possible, give some pointers to existing tools that employ these capabilities. Thanks, Vinay. |
|
From: Vinay C. <vin...@gm...> - 2012-01-19 12:28:48
|
Hi,
Thanks for the quick reply. I think I get what you mean. I have
been going through the lackey tool code. And it seems like the tool takes a
code superblock (SB) as input and outputs a different superblock. And all
these tools (lackey, cachegrind, memcheck etc.,) are trying to keep the
output SB same as input SB. This answers my basic question and I think I
can use Valgrind for my requirement.
I have one more question. Most of these tools (lackey, memcheck,
cachegrind etc.,) are instrumenting memory related instructions. Are there
any popular tools that instrument other/all instructions (add, mul etc.,)?.
Thanks,
Vinay.
On Thu, Jan 19, 2012 at 6:52 AM, WAROQUIERS Philippe <
phi...@eu...> wrote:
> **
> All the Valgrind tools (except the "none" tool) are doing code
> manipulation.
>
> These Valgrind tools are only "augmenting" the code, trying hard to not
> change
> the semantic of the code (e.g. memcheck instruments the code to see if
> uninitialised values are used, helgrind instruments the code to detect
> race condition, etc ...).
>
> But you can for sure write a tool which modifies the semantic of the code.
> For example, if the tool gets an IR expression "Add32" (means: an addition
> of two values), the tool
> instrumentation function might transform this into a "Mul32", thereby
> injecting a fault).
>
> Philippe
>
>
> ------------------------------
> *From:* Vinay Chippa [mailto:vin...@gm...]
> *Sent:* Thursday 19 January 2012 12:39
> *To:* val...@li...
> *Subject:* [Valgrind-users] Execution Manipulation using valgrind
>
> Hi all,
> I have a basic question regarding the capabilities of Valgrind.
> I am looking for ways to manipulate the execution of a given software
> (mostly by changing the values of instruction operands). I would like to
> develop a valgrind tool that goes through each instruction (or a subset of
> instructions) of the software, changes the values of the operands and
> executes the software with the modified operands.
> From the valgrind documentation and the list of standard tools
> (memcheck, cachegrind etc.,), I felt that the executing code was just being
> monitored/observed but not modified. However, the wiki link of valgrind
> clearly states that the execution can be manipulated
>
> *Valgrind first translates the program into a temporary, simpler form
> called Intermediate Representation (IR), which is a
> processor-neutral, SSA-based form. After the conversion, a tool (see below)
> is free to do whatever transformations it would like on the IR, before
> Valgrind translates the IR back into machine code and lets the host
> processor run it. *
>
> I also looked through the discussion archives and found that there were
> some patches related to fault injection but I was unable to infer anything
> from those mails.
> I would be glad if someone can provide information on the
> capabilities of valgrind in regards to code manipulation and if possible,
> give some pointers to existing tools that employ these capabilities.
>
> Thanks,
> Vinay.
>
>
|
|
From: WAROQUIERS P. <phi...@eu...> - 2012-01-19 16:22:45
|
memcheck at least is instrumenting other/all instructions. For example, to keep track of uninitialised bits, it has to instrument an Add32 expression which would make an addition between something initialised and something not initialised. Philippe ________________________________ From: Vinay Chippa [mailto:vin...@gm...] Sent: Thursday 19 January 2012 13:28 To: WAROQUIERS Philippe Cc: val...@li... Subject: Re: [Valgrind-users] Execution Manipulation using valgrind Hi, Thanks for the quick reply. I think I get what you mean. I have been going through the lackey tool code. And it seems like the tool takes a code superblock (SB) as input and outputs a different superblock. And all these tools (lackey, cachegrind, memcheck etc.,) are trying to keep the output SB same as input SB. This answers my basic question and I think I can use Valgrind for my requirement. I have one more question. Most of these tools (lackey, memcheck, cachegrind etc.,) are instrumenting memory related instructions. Are there any popular tools that instrument other/all instructions (add, mul etc.,)?. Thanks, Vinay. On Thu, Jan 19, 2012 at 6:52 AM, WAROQUIERS Philippe <phi...@eu...> wrote: All the Valgrind tools (except the "none" tool) are doing code manipulation. These Valgrind tools are only "augmenting" the code, trying hard to not change the semantic of the code (e.g. memcheck instruments the code to see if uninitialised values are used, helgrind instruments the code to detect race condition, etc ...). But you can for sure write a tool which modifies the semantic of the code. For example, if the tool gets an IR expression "Add32" (means: an addition of two values), the tool instrumentation function might transform this into a "Mul32", thereby injecting a fault). Philippe ________________________________ From: Vinay Chippa [mailto:vin...@gm...] Sent: Thursday 19 January 2012 12:39 To: val...@li... Subject: [Valgrind-users] Execution Manipulation using valgrind Hi all, I have a basic question regarding the capabilities of Valgrind. I am looking for ways to manipulate the execution of a given software (mostly by changing the values of instruction operands). I would like to develop a valgrind tool that goes through each instruction (or a subset of instructions) of the software, changes the values of the operands and executes the software with the modified operands. From the valgrind documentation and the list of standard tools (memcheck, cachegrind etc.,), I felt that the executing code was just being monitored/observed but not modified. However, the wiki link of valgrind clearly states that the execution can be manipulated *Valgrind first translates the program into a temporary, simpler form called Intermediate Representation (IR), which is a processor-neutral, SSA-based form. After the conversion, a tool (see below) is free to do whatever transformations it would like on the IR, before Valgrind translates the IR back into machine code and lets the host processor run it. * I also looked through the discussion archives and found that there were some patches related to fault injection but I was unable to infer anything from those mails. I would be glad if someone can provide information on the capabilities of valgrind in regards to code manipulation and if possible, give some pointers to existing tools that employ these capabilities. Thanks, Vinay. ____ This message and any files transmitted with it are legally privileged and intended for the sole use of the individual(s) or entity to whom they are addressed. If you are not the intended recipient, please notify the sender by reply and delete the message and any attachments from your system. Any unauthorised use or disclosure of the content of this message is strictly prohibited and may be unlawful. Nothing in this e-mail message amounts to a contractual or legal commitment on the part of EUROCONTROL, unless it is confirmed by appropriately signed hard copy. Any views expressed in this message are those of the sender. |