* Copyright (c) 2011-2021 Google, Inc. All rights reserved.
* Copyright (c) 2010 Massachusetts Institute of Technology All rights reserved.
* ******************************************************************************/
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* * Neither the name of VMware, Inc. nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
* memtrace_simple.c
*
* Collects the memory reference information and dumps it to a file as text.
*
* (1) It fills a per-thread-buffer with inlined instrumentation.
* (2) It calls a clean call to dump the buffer into a file.
*
* The profile consists of list of <type, size, addr> entries representing
* - mem ref instr: e.g., { type = 42 (call), size = 5, addr = 0x7f59c2d002d3 }
* - mem ref info: e.g., { type = 1 (write), size = 8, addr = 0x7ffeacab0ec8 }.
*
* Each memory-referencing instruction is output as an instruction entry followed
* by a sequence of loads and stores performed by that instruction, if any.
*
* This sample illustrates
* - the use of drutil_expand_rep_string() to expand string loops to obtain
* every memory reference;
* - the use of drx_expand_scatter_gather() to expand scatter/gather instrs
* into a set of functionally equivalent stores/loads;
* - the use of drutil_opnd_mem_size_in_bytes() to obtain the size of OP_enter
* memory references;
* - the use of drutil_insert_get_mem_addr() to insert instructions to compute
* the address of each memory reference.
*
* This client is a simple implementation of a memory reference tracing tool
* without instrumentation optimization. Additionally, dumping as
* text is much slower than dumping as binary. See memtrace_x86.c for
* a higher-performance sample.
*/
#include <stdio.h>
#include <stddef.h>
#include <string.h>
#include "dr_api.h"
#include "drmgr.h"
#include "drreg.h"
#include "drutil.h"
#include "drx.h"
#include "utils.h"
enum {
REF_TYPE_READ = 0,
REF_TYPE_WRITE = 1,
};
* instruction or the reference information, e.g.:
* - mem ref instr: { type = 42 (call), size = 5, addr = 0x7f59c2d002d3 }
* - mem ref info: { type = 1 (write), size = 8, addr = 0x7ffeacab0ec8 }
*/
typedef struct _mem_ref_t {
ushort type;
ushort size;
app_pc addr;
} mem_ref_t;
* to hold all entries between clean calls.
*/
#define MAX_NUM_MEM_REFS 4096
#define MEM_BUF_SIZE (sizeof(mem_ref_t) * MAX_NUM_MEM_REFS)
typedef struct {
byte *seg_base;
mem_ref_t *buf_base;
file_t log;
FILE *logf;
uint64 num_refs;
} per_thread_t;
static client_id_t client_id;
static void *mutex;
static uint64 num_refs;
static bool log_to_stderr;
enum {
MEMTRACE_TLS_OFFS_BUF_PTR,
MEMTRACE_TLS_COUNT,
};
static reg_id_t tls_seg;
static uint tls_offs;
static int tls_idx;
#define TLS_SLOT(tls_base, enum_val) (void **)((byte *)(tls_base) + tls_offs + (enum_val))
#define BUF_PTR(tls_base) *(mem_ref_t **)TLS_SLOT(tls_base, MEMTRACE_TLS_OFFS_BUF_PTR)
#define MINSERT instrlist_meta_preinsert
#ifdef AARCH64
static bool reported_sg_warning = false;
#endif
static void
memtrace(void *drcontext)
{
per_thread_t *data;
mem_ref_t *mem_ref, *buf_ptr;
data = drmgr_get_tls_field(drcontext, tls_idx);
buf_ptr = BUF_PTR(data->seg_base);
* 0x00007f59c2d002d3: 5, call
* 0x00007ffeacab0ec8: 8, w
*/
* for repeated printing that dominates performance, as the printing does here.
*/
for (mem_ref = (mem_ref_t *)data->buf_base; mem_ref < buf_ptr; mem_ref++) {
fprintf(data->logf, "" PIFX ": %2d, %s\n", (ptr_uint_t)mem_ref->addr,
mem_ref->size,
(mem_ref->type > REF_TYPE_WRITE)
? decode_opcode_name(mem_ref->type)
: (mem_ref->type == REF_TYPE_WRITE ? "w" : "r"));
data->num_refs++;
}
BUF_PTR(data->seg_base) = data->buf_base;
}
static void
clean_call(void)
{
void *drcontext = dr_get_current_drcontext();
memtrace(drcontext);
}
static void
insert_load_buf_ptr(void *drcontext, instrlist_t *ilist, instr_t *where, reg_id_t reg_ptr)
{
dr_insert_read_raw_tls(drcontext, ilist, where, tls_seg,
tls_offs + MEMTRACE_TLS_OFFS_BUF_PTR, reg_ptr);
}
static void
insert_update_buf_ptr(void *drcontext, instrlist_t *ilist, instr_t *where,
reg_id_t reg_ptr, int adjust)
{
MINSERT(
ilist, where,
XINST_CREATE_add(drcontext, opnd_create_reg(reg_ptr), OPND_CREATE_INT16(adjust)));
dr_insert_write_raw_tls(drcontext, ilist, where, tls_seg,
tls_offs + MEMTRACE_TLS_OFFS_BUF_PTR, reg_ptr);
}
static void
insert_save_type(void *drcontext, instrlist_t *ilist, instr_t *where, reg_id_t base,
reg_id_t scratch, ushort type)
{
scratch = reg_resize_to_opsz(scratch, OPSZ_2);
MINSERT(ilist, where,
XINST_CREATE_load_int(drcontext, opnd_create_reg(scratch),
OPND_CREATE_INT16(type)));
MINSERT(ilist, where,
XINST_CREATE_store_2bytes(drcontext,
OPND_CREATE_MEM16(base, offsetof(mem_ref_t, type)),
opnd_create_reg(scratch)));
}
static void
insert_save_size(void *drcontext, instrlist_t *ilist, instr_t *where, reg_id_t base,
reg_id_t scratch, ushort size)
{
scratch = reg_resize_to_opsz(scratch, OPSZ_2);
MINSERT(ilist, where,
XINST_CREATE_load_int(drcontext, opnd_create_reg(scratch),
OPND_CREATE_INT16(size)));
MINSERT(ilist, where,
XINST_CREATE_store_2bytes(drcontext,
OPND_CREATE_MEM16(base, offsetof(mem_ref_t, size)),
opnd_create_reg(scratch)));
}
static void
insert_save_pc(void *drcontext, instrlist_t *ilist, instr_t *where, reg_id_t base,
reg_id_t scratch, app_pc pc)
{
instrlist_insert_mov_immed_ptrsz(drcontext, (ptr_int_t)pc, opnd_create_reg(scratch),
ilist, where, NULL, NULL);
MINSERT(ilist, where,
XINST_CREATE_store(drcontext,
OPND_CREATE_MEMPTR(base, offsetof(mem_ref_t, addr)),
opnd_create_reg(scratch)));
}
static void
insert_save_addr(void *drcontext, instrlist_t *ilist, instr_t *where, opnd_t ref,
reg_id_t reg_ptr, reg_id_t reg_addr)
{
bool ok;
ok = drutil_insert_get_mem_addr(drcontext, ilist, where, ref, reg_addr, reg_ptr);
DR_ASSERT(ok);
insert_load_buf_ptr(drcontext, ilist, where, reg_ptr);
MINSERT(ilist, where,
XINST_CREATE_store(drcontext,
OPND_CREATE_MEMPTR(reg_ptr, offsetof(mem_ref_t, addr)),
opnd_create_reg(reg_addr)));
}
static void
instrument_instr(void *drcontext, instrlist_t *ilist, instr_t *where, instr_t *instr)
{
reg_id_t reg_ptr, reg_tmp;
instrlist_set_auto_predicate(ilist, DR_PRED_NONE);
if (drreg_reserve_register(drcontext, ilist, where, NULL, ®_ptr) !=
DRREG_SUCCESS ||
drreg_reserve_register(drcontext, ilist, where, NULL, ®_tmp) !=
DRREG_SUCCESS) {
DR_ASSERT(false);
return;
}
insert_load_buf_ptr(drcontext, ilist, where, reg_ptr);
insert_save_type(drcontext, ilist, where, reg_ptr, reg_tmp,
(ushort)instr_get_opcode(instr));
insert_save_size(drcontext, ilist, where, reg_ptr, reg_tmp,
(ushort)instr_length(drcontext, instr));
insert_save_pc(drcontext, ilist, where, reg_ptr, reg_tmp, instr_get_app_pc(instr));
insert_update_buf_ptr(drcontext, ilist, where, reg_ptr, sizeof(mem_ref_t));
if (drreg_unreserve_register(drcontext, ilist, where, reg_ptr) != DRREG_SUCCESS ||
drreg_unreserve_register(drcontext, ilist, where, reg_tmp) != DRREG_SUCCESS)
DR_ASSERT(false);
instrlist_set_auto_predicate(ilist, instr_get_predicate(where));
}
static void
instrument_mem(void *drcontext, instrlist_t *ilist, instr_t *where, opnd_t ref,
bool write)
{
reg_id_t reg_ptr, reg_tmp;
if (drreg_reserve_register(drcontext, ilist, where, NULL, ®_ptr) !=
DRREG_SUCCESS ||
drreg_reserve_register(drcontext, ilist, where, NULL, ®_tmp) !=
DRREG_SUCCESS) {
DR_ASSERT(false);
return;
}
insert_save_addr(drcontext, ilist, where, ref, reg_ptr, reg_tmp);
insert_save_type(drcontext, ilist, where, reg_ptr, reg_tmp,
write ? REF_TYPE_WRITE : REF_TYPE_READ);
insert_save_size(drcontext, ilist, where, reg_ptr, reg_tmp,
(ushort)drutil_opnd_mem_size_in_bytes(ref, where));
insert_update_buf_ptr(drcontext, ilist, where, reg_ptr, sizeof(mem_ref_t));
if (drreg_unreserve_register(drcontext, ilist, where, reg_ptr) != DRREG_SUCCESS ||
drreg_unreserve_register(drcontext, ilist, where, reg_tmp) != DRREG_SUCCESS)
DR_ASSERT(false);
}
* with an instruction entry and memory reference entries.
*/
static dr_emit_flags_t
event_app_instruction(void *drcontext, void *tag, instrlist_t *bb, instr_t *where,
bool for_trace, bool translating, void *user_data)
{
int i;
* of drutil_expand_rep_string() and drx_expand_scatter_gather() (as well
* as another client/library emulating the instruction stream).
*/
instr_t *instr_fetch = drmgr_orig_app_instr_for_fetch(drcontext);
if (instr_fetch != NULL &&
(instr_reads_memory(instr_fetch) || instr_writes_memory(instr_fetch))) {
DR_ASSERT(instr_is_app(instr_fetch));
instrument_instr(drcontext, bb, where, instr_fetch);
}
instr_t *instr_operands = drmgr_orig_app_instr_for_operands(drcontext);
if (instr_operands == NULL ||
(!instr_reads_memory(instr_operands) && !instr_writes_memory(instr_operands)))
return DR_EMIT_DEFAULT;
DR_ASSERT(instr_is_app(instr_operands));
for (i = 0; i < instr_num_srcs(instr_operands); i++) {
const opnd_t src = instr_get_src(instr_operands, i);
if (opnd_is_memory_reference(src)) {
#ifdef AARCH64
* supported yet. To be implemented as part of scatter/gather work.
*/
if (opnd_is_base_disp(src) &&
(reg_is_z(opnd_get_base(src)) || reg_is_z(opnd_get_index(src)))) {
if (!reported_sg_warning) {
dr_fprintf(STDERR,
"WARNING: Scatter/gather is not supported, results will "
"be inaccurate\n");
reported_sg_warning = true;
}
continue;
}
#endif
instrument_mem(drcontext, bb, where, src, false);
}
}
for (i = 0; i < instr_num_dsts(instr_operands); i++) {
const opnd_t dst = instr_get_dst(instr_operands, i);
if (opnd_is_memory_reference(dst)) {
#ifdef AARCH64
* supported yet. To be implemented as part of scatter/gather work.
*/
if (opnd_is_base_disp(dst) &&
(reg_is_z(opnd_get_base(dst)) || reg_is_z(opnd_get_index(dst)))) {
if (!reported_sg_warning) {
dr_fprintf(STDERR,
"WARNING: Scatter/gather is not supported, results will "
"be inaccurate\n");
reported_sg_warning = true;
}
continue;
}
#endif
instrument_mem(drcontext, bb, where, dst, true);
}
}
if (
* so we minimize the instrumentation in between by skipping the clean call.
* As we're only inserting instrumentation on a memory reference, and the
* app should be avoiding memory accesses in between the ldrex...strex,
* the only problematic point should be before the strex.
* However, there is still a chance that the instrumentation code may clear the
* exclusive monitor state.
* Using a fault to handle a full buffer should be more robust, and the
* forthcoming buffer filling API (i#513) will provide that.
*/
IF_AARCHXX_ELSE(!instr_is_exclusive_store(instr_operands), true))
dr_insert_clean_call(drcontext, bb, where, (void *)clean_call, false, 0);
return DR_EMIT_DEFAULT;
}
* monitor every memory reference they make.
*/
static dr_emit_flags_t
event_bb_app2app(void *drcontext, void *tag, instrlist_t *bb, bool for_trace,
bool translating)
{
if (!drutil_expand_rep_string(drcontext, bb)) {
DR_ASSERT(false);
}
if (!drx_expand_scatter_gather(drcontext, bb, NULL)) {
DR_ASSERT(false);
}
return DR_EMIT_DEFAULT;
}
static void
event_thread_init(void *drcontext)
{
per_thread_t *data = dr_thread_alloc(drcontext, sizeof(per_thread_t));
DR_ASSERT(data != NULL);
drmgr_set_tls_field(drcontext, tls_idx, data);
* slot and find where the pointer points to in the buffer.
*/
data->seg_base = dr_get_dr_segment_base(tls_seg);
data->buf_base =
dr_raw_mem_alloc(MEM_BUF_SIZE, DR_MEMPROT_READ | DR_MEMPROT_WRITE, NULL);
DR_ASSERT(data->seg_base != NULL && data->buf_base != NULL);
BUF_PTR(data->seg_base) = data->buf_base;
data->num_refs = 0;
if (log_to_stderr) {
data->logf = stderr;
} else {
* On Windows we need an absolute path so we place it in
* the same directory as our library. We could also pass
* in a path as a client argument.
*/
data->log = log_file_open(client_id, drcontext, NULL ,
"memtrace",
#ifndef WINDOWS
DR_FILE_CLOSE_ON_FORK |
#endif
DR_FILE_ALLOW_LARGE);
data->logf = log_stream_from_file(data->log);
}
fprintf(data->logf, "Format: <data address>: <data size>, <(r)ead/(w)rite/opcode>\n");
}
static void
event_thread_exit(void *drcontext)
{
per_thread_t *data;
memtrace(drcontext);
data = drmgr_get_tls_field(drcontext, tls_idx);
dr_mutex_lock(mutex);
num_refs += data->num_refs;
dr_mutex_unlock(mutex);
if (!log_to_stderr)
log_stream_close(data->logf);
dr_raw_mem_free(data->buf_base, MEM_BUF_SIZE);
dr_thread_free(drcontext, data, sizeof(per_thread_t));
}
static void
event_exit(void)
{
dr_log(NULL, DR_LOG_ALL, 1, "Client 'memtrace' num refs seen: " SZFMT "\n", num_refs);
if (!dr_raw_tls_cfree(tls_offs, MEMTRACE_TLS_COUNT))
DR_ASSERT(false);
if (!drmgr_unregister_tls_field(tls_idx) ||
!drmgr_unregister_thread_init_event(event_thread_init) ||
!drmgr_unregister_thread_exit_event(event_thread_exit) ||
!drmgr_unregister_bb_app2app_event(event_bb_app2app) ||
!drmgr_unregister_bb_insertion_event(event_app_instruction) ||
drreg_exit() != DRREG_SUCCESS)
DR_ASSERT(false);
dr_mutex_destroy(mutex);
drutil_exit();
drmgr_exit();
drx_exit();
}
DR_EXPORT void
dr_client_main(client_id_t id, int argc, const char *argv[])
{
drreg_options_t ops = { sizeof(ops), 3, false };
dr_set_client_name("DynamoRIO Sample Client 'memtrace'",
"http://dynamorio.org/issues");
if (argc > 1) {
if (argc == 2 && strcmp(argv[1], "-log_to_stderr") == 0)
log_to_stderr = true;
else {
dr_fprintf(STDERR,
"Error: unknown options: only -log_to_stderr is supported\n");
dr_abort();
}
}
if (!drmgr_init() || drreg_init(&ops) != DRREG_SUCCESS || !drutil_init() ||
!drx_init())
DR_ASSERT(false);
dr_register_exit_event(event_exit);
if (!drmgr_register_thread_init_event(event_thread_init) ||
!drmgr_register_thread_exit_event(event_thread_exit) ||
!drmgr_register_bb_app2app_event(event_bb_app2app, NULL) ||
!drmgr_register_bb_instrumentation_event(NULL ,
event_app_instruction, NULL))
DR_ASSERT(false);
client_id = id;
mutex = dr_mutex_create();
tls_idx = drmgr_register_tls_field();
DR_ASSERT(tls_idx != -1);
* For better performance, we allocate raw TLS so that we can directly
* access and update it with a single instruction.
*/
if (!dr_raw_tls_calloc(&tls_seg, &tls_offs, MEMTRACE_TLS_COUNT, 0))
DR_ASSERT(false);
dr_log(NULL, DR_LOG_ALL, 1, "Client 'memtrace' initializing\n");
}