* Copyright (c) 2014-2020 Google, Inc. All rights reserved.
* **********************************************************/
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* * Neither the name of VMware, Inc. nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
* hot_bbcount.c
*
* Reports the dynamic execution count of hot basic blocks.
* Illustrates how to use drbbdup to create different versions of
* basic block instrumentation.
*
* Two cases of instrumentation are set for a basic block. The first
* version is executed when a basic block is cold. The basic block's hit
* count is recorded by performing a clean call in this instrumentation case.
* The second version is executed when the basic block has reached the appropriate
* hit count (i.e., it is now considered hot). Code is inserted to count the
* execution of the hot basic block similar to the bbcount client.
*/
#include <stddef.h>
#include "dr_api.h"
#include "drmgr.h"
#include "drreg.h"
#include "drbbdup.h"
#include "drx.h"
#include "hashtable.h"
#define HIT_THRESHOLD 1000
#ifdef WINDOWS
# define DISPLAY_STRING(msg) dr_messagebox(msg)
#else
# define DISPLAY_STRING(msg) dr_printf("%s\n", msg);
#endif
#define NULL_TERMINATE(buf) (buf)[(sizeof((buf)) / sizeof((buf)[0])) - 1] = '\0'
static int global_count;
static hashtable_t hit_count_table;
#define HASH_BITS 13
static reg_id_t tls_raw_reg;
static uint tls_raw_offset;
static void
event_exit(void)
{
#ifdef SHOW_RESULTS
char msg[512];
int len;
len = dr_snprintf(msg, sizeof(msg) / sizeof(msg[0]),
"Instrumentation results:\n"
"%10d hot basic block executions\n",
global_count);
DR_ASSERT(len > 0);
NULL_TERMINATE(msg);
DISPLAY_STRING(msg);
#endif
hashtable_delete(&hit_count_table);
dr_raw_tls_cfree(tls_raw_offset, 1);
drbbdup_exit();
drx_exit();
drreg_exit();
drmgr_exit();
}
static uintptr_t
set_up_bb_dups(void *drbbdup_ctx, void *drcontext, void *tag, instrlist_t *bb,
bool *enable_dups, bool *enable_dynamic_handling, void *user_data)
{
app_pc bb_pc = instr_get_app_pc(instrlist_first_app(bb));
hashtable_lock(&hit_count_table);
if (hashtable_lookup(&hit_count_table, bb_pc) == NULL) {
uint *hit_count = dr_global_alloc(sizeof(uint));
*hit_count = HIT_THRESHOLD;
hashtable_add(&hit_count_table, bb_pc, hit_count);
}
hashtable_unlock(&hit_count_table);
*enable_dups = true;
*enable_dynamic_handling = false;
drbbdup_register_case_encoding(drbbdup_ctx, (uintptr_t) true );
return 0;
}
static void
analyse_orig_bb(void *drcontext, void *tag, instrlist_t *bb, void *user_data,
IN void **orig_analysis_data)
{
app_pc *bb_pc = dr_thread_alloc(drcontext, sizeof(app_pc));
*bb_pc = instr_get_app_pc(instrlist_first_app(bb));
*orig_analysis_data = bb_pc;
}
static void
destroy_orig_analysis(void *drcontext, void *user_data, void *bb_pc)
{
DR_ASSERT(bb_pc != NULL);
dr_thread_free(drcontext, bb_pc, sizeof(app_pc));
}
static void
encode(app_pc bb_pc)
{
bool is_hot;
hashtable_lock(&hit_count_table);
uint *hit_count = hashtable_lookup(&hit_count_table, bb_pc);
DR_ASSERT_MSG(hit_count != NULL, "hit count must be present");
is_hot = *hit_count == 0;
hashtable_unlock(&hit_count_table);
byte *base = dr_get_dr_segment_base(tls_raw_reg);
uintptr_t *runtime_case = (uintptr_t *)(base + tls_raw_offset);
*runtime_case = (uintptr_t)is_hot;
}
static void
insert_encode(void *drcontext, void *tag, instrlist_t *bb, instr_t *where,
void *user_data, void *orig_analysis_data)
{
app_pc *bb_pc = (app_pc *)orig_analysis_data;
dr_insert_clean_call(drcontext, bb, where, (void *)encode, false, 1,
OPND_CREATE_INTPTR(*bb_pc));
}
static void
register_hit(app_pc bb_pc)
{
* basic block is considered as hot.
*/
hashtable_lock(&hit_count_table);
uint *hit_count = hashtable_lookup(&hit_count_table, bb_pc);
DR_ASSERT_MSG(hit_count != NULL, "hit count must be present");
DR_ASSERT_MSG(hit_count > 0, "bb cannot be hot");
(*hit_count)--;
hashtable_unlock(&hit_count_table);
}
static void
instrument_instr(void *drcontext, void *tag, instrlist_t *bb, instr_t *instr,
instr_t *where, uintptr_t encoding, void *user_data,
void *orig_analysis_data, void *analysis_data)
{
bool is_start;
* the predicate of the current instruction on ARM.
* We disable it here because we want to unconditionally execute the following
* instrumentation.
*/
drmgr_disable_auto_predication(drcontext, bb);
* currently considered basic block copy.
*/
drbbdup_is_first_instr(drcontext, instr, &is_start);
if (is_start) {
if (encoding == 1) {
drx_insert_counter_update(drcontext, bb, where ,
* here won't be used: drreg's slots will be.
*/
SPILL_SLOT_MAX + 1, &global_count, 1, 0);
} else {
app_pc *bb_pc = (app_pc *)orig_analysis_data;
dr_insert_clean_call(drcontext, bb, where ,
(void *)register_hit, false, 1,
OPND_CREATE_INTPTR(*bb_pc));
}
}
}
static void
destroy_hit_count(void *entry)
{
uint *hit_count = (uint *)entry;
dr_global_free(hit_count, sizeof(uint));
}
DR_EXPORT void
dr_client_main(client_id_t id, int argc, const char *argv[])
{
drreg_options_t drreg_ops = { sizeof(drreg_ops), 1 ,
false };
dr_set_client_name("DynamoRIO Sample Client 'hot_bbcount'",
"http://dynamorio.org/issues");
if (!drmgr_init() || !drx_init() || drreg_init(&drreg_ops) != DRREG_SUCCESS)
DR_ASSERT(false);
dr_register_exit_event(event_exit);
hashtable_init_ex(&hit_count_table, HASH_BITS, HASH_INTPTR, false ,
false , destroy_hit_count, NULL,
NULL);
if (!dr_raw_tls_calloc(&tls_raw_reg, &tls_raw_offset, 1 , 0))
DR_ASSERT(false);
* the client to pass a set of call-back functions and
* the memory operand that the dispatcher will use
* to load the current runtime case encoding.
*/
drbbdup_options_t drbbdup_ops = { 0 };
drbbdup_ops.struct_size = sizeof(drbbdup_options_t);
drbbdup_ops.set_up_bb_dups = set_up_bb_dups;
drbbdup_ops.insert_encode = insert_encode;
drbbdup_ops.analyze_orig = analyse_orig_bb;
drbbdup_ops.destroy_orig_analysis = destroy_orig_analysis;
drbbdup_ops.instrument_instr = instrument_instr;
drbbdup_ops.runtime_case_opnd =
dr_raw_tls_opnd(dr_get_current_drcontext(), tls_raw_reg, tls_raw_offset);
drbbdup_ops.non_default_case_limit = 1;
drbbdup_ops.is_stat_enabled = false;
if (drbbdup_init(&drbbdup_ops) != DRBBDUP_SUCCESS)
DR_ASSERT(false);
dr_log(NULL, DR_LOG_ALL, 1, "Client 'hot_bbcount' initializing\n");
#ifdef SHOW_RESULTS
if (dr_is_notify_on()) {
# ifdef WINDOWS
dr_enable_console_printing();
# endif
dr_fprintf(STDERR, "Client hot_bbcount is running\n");
}
#endif
}