From owner-freebsd-hackers@FreeBSD.ORG Mon Jul 12 11:52:59 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDCCF16A4CE for ; Mon, 12 Jul 2004 11:52:59 +0000 (GMT) Received: from comsys.ntu-kpi.kiev.ua (comsys.ntu-kpi.kiev.ua [194.125.244.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8441D43D41 for ; Mon, 12 Jul 2004 11:52:56 +0000 (GMT) (envelope-from simon@comsys.ntu-kpi.kiev.ua) Received: from pm514-9.comsys.ntu-kpi.kiev.ua (pm514-9.comsys.ntu-kpi.kiev.ua [10.18.54.109]) (authenticated bits=0)i6CEv5rg034551 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Jul 2004 14:57:06 GMT Received: by pm514-9.comsys.ntu-kpi.kiev.ua (Postfix, from userid 1000) id D6C3F14F; Mon, 12 Jul 2004 14:51:34 +0300 (EEST) From: Andrey Simonenko To: Steven Smith In-Reply-To: <1089501790.00086820.1089489001@10.7.7.3> X-Newsgroups: lucky.freebsd.hackers User-Agent: tin/1.6.2-20030910 ("Pabbay") (UNIX) (FreeBSD/4.9-STABLE (i386)) Message-Id: <20040712115134.D6C3F14F@pm514-9.comsys.ntu-kpi.kiev.ua> Date: Mon, 12 Jul 2004 14:51:34 +0300 (EEST) X-Mailman-Approved-At: Mon, 12 Jul 2004 12:13:02 +0000 cc: freebsd-hackers@freebsd.org Subject: Re: Article on Sun's DTrace X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2004 11:53:00 -0000 On Sat, 10 Jul 2004 20:45:14 +0100 in lucky.freebsd.hackers, Steven Smith wrote: > >> > It's also possible to put probes on the return instruction of the >> > function. I'm not sure how they're actually finding that, though. >> I think the return probe is done by adding a call probe that changes the >> return address. > Yeah, I thought that when I first saw it, but the probe is passed the > address of the return instruction when it fires, and I can't see how > you could get that if it was just invoked by modifying the return > address on the call stack. Don't you think that they disassemble functions on-the-fly to find out prolog and return sequence of a function? On their DTrace support forum there is the article about the problem with different byte patterns of "movl %esp, %ebp" produced by different assemblers. (As an optimization fbt:::entry and fbt:::return probes' entry points can be found before and be placed in well known section.) At least if the control goes from the target function to some DTrace probe dispatch function, then this DTrace function should know which commands to emulate before returning to the target function, and it is impossible to run original function's commands without knowing their size, I mean that DTrace function should copy exactly complete sequence of commands from target function, not some bytes. I haven't opportunity to test DTrace, but there is another interesting question. fbt:::entry probe (or similar so called wild card probe) can create tens of thousands entry points on-the-fly. How does this creation affect on whole system? Also modifying functions on-the-fly require some sort of synchronization: noone should run function which currently is being modified (fbt provider).