This is the mail archive of the
systemtap@sources.redhat.com
mailing list for the systemtap project.
Re: [Fwd: Re: [PATCH] Return probe]
- From: Prasanna S Panchamukhi <prasanna at in dot ibm dot com>
- To: jkenisto at us dot ibm dot com, Hien Nguyen <hien at us dot ibm dot com>
- Cc: SystemTAP <systemtap at sources dot redhat dot com>
- Date: Fri, 22 Apr 2005 12:29:03 +0530
- Subject: Re: [Fwd: Re: [PATCH] Return probe]
- References: <425C30F1.5080900@us.ibm.com> <20050413140945.GA21330@in.ibm.com> <425D6756.3040305@us.ibm.com> <20050414122006.GA22259@in.ibm.com> <425F1F90.1010405@us.ibm.com> <20050419131855.GA13004@in.ibm.com> <42652DC7.2010502@us.ibm.com>
- Reply-to: prasanna at in dot ibm dot com
Hi Jim, Hien,
Now this patch looks much better. Please note that this patch requires to call
kprobe_flush_task() at every do_exit()/do_execv() which adds to some amount of
performance overhead. Also this method could not use multiple handlers feature
in a cleaner way.
Just a thought if a probe inside the tampoline can be avoided, since we change
the return address on stack to tampoline and now within the tampoline we can
call the handlers. Then the return from tampoline can be changed to actual
return address. We may need to get the pt_regs structure and avoid preemption
during the handler execution .
Do you feel that there are some performance benefits by avoiding int3
in a tampoline?
Can we make this patch still cleaner by using multiple handlers feature?
Should we proceed wth this patch now?
Also from discussions followed on the mailing lists that this method does not
handle the case where the return address stored on the stack is corrupted. This
can be avoided by reistering a watchpoint at the place where the return
address is stored. There are other issue such as watchpoint register depletion
etc, which might add some amount of complexity.
Should we proceed with this limitation?
If this limitation is not acceptable should we prototype the above approach?
Just a thought if we can implement the exit probe feature in much cleaner and
simpler way.
One of the alternative methods mentioned in your design document that
"inserting a probepoint every time a probed function is entered, and the
removal of the probepoint after the function returns" seems to be much simpler.
Also the problem mentioned in your design document about this method that "the
instruction at the RA may be executed even if the probed function isn't called"
can be solved by tracking the current task associated with probe.
Ofcourse the problem of return address corruption will exist here also.
How about prototyping this alternative approach just to see how this looks ?
Is there a simpler way of implementing the exit probe feature ?
Your suggestions are welcome.
Thanks
Prasanna
--
Prasanna S Panchamukhi
Linux Technology Center
India Software Labs, IBM Bangalore
Ph: 91-80-25044636
<prasanna@in.ibm.com>