This is the mail archive of the
systemtap@sources.redhat.com
mailing list for the systemtap project.
probe to track destinations of calls and branches
- From: William Cohen <wcohen at redhat dot com>
- To: SystemTAP <systemtap at sources dot redhat dot com>
- Date: Thu, 24 Mar 2005 16:48:37 -0500
- Subject: probe to track destinations of calls and branches
Fleshing out another building block for instrumentation, tracking
destinations of branches and calls. The attached probe has a parameter
that is the address of the branch or call instruction be instrumented.
The probe records the destinations of the call or branch in a map. This
can be used to examine the destinations of indirect calls and jumps.
So I found out the address for the call for the syscall call from the
disassembled code:
c0103f1c <syscall_call>:
c0103f1c: ff 14 85 3c 7a 35 c0 call *0xc0357a3c(,%eax,4)
c0103f23: 89 44 24 18 mov %eax,0x18(%esp)
# /sbin/insmod kprobe_dest_branch.ko branch_address=0xc0103f1c
Let things run for a little while then:
# /sbin/rmmod kprobe_dest_branch
Below is a portion of the output in /var/log/messages:
Mar 24 16:31:57 slingshot kernel: STP: c0103f1c() branched 2064 times.
Mar 24 16:31:57 slingshot kernel: STP: NUM Brancher Addr Brancher
Name
Mar 24 16:31:57 slingshot kernel: STP: 2 0xc01241ac
(sys_exit_group+0x0/0xd)
Mar 24 16:31:57 slingshot kernel: STP: 56 0xc012cc7f
(sys_rt_sigprocmask+0x0/0xc7)
Mar 24 16:31:57 slingshot kernel: STP: 42 0xc016f045
(sys_ioctl+0x0/0x6f)
Mar 24 16:31:57 slingshot kernel: STP: 4 0xc01254d9
(sys_waitpid+0x0/0x2b)
...
Right now the code is hard coded for the x86 program counter. That will
be fixed once there is an entry in the runtime libraries for the program
counter.
An oddity I found was that I need to to have a pre_handler function.
Without the pre_handler function the instrumentation would die in the
post handler. Is there some expectation that there has to be a
pre_handler function in the kprobe? For this example there really is no
need for pre_handler and I would get rid of it if the probe didn't crash
when it was removed.
-Will
Attachment:
dest_branch.tar.gz
Description: Unix tar archive