This is the mail archive of the systemtap@sources.redhat.com mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: arch paper section on safety

From: "Frank Ch. Eigler" <fche at redhat dot com>
To: "Chen, Brad" <brad dot chen at intel dot com>
Cc: systemtap at sources dot redhat dot com
Date: Thu, 7 Apr 2005 21:17:57 -0400
Subject: Re: arch paper section on safety
References: <75EC4D5486CAC247B84AAAA6F96AA5580485838E@orsmsx402.amr.corp.intel.com>

Hi -

brad.chen wrote:

> Before I check this in I was hoping to get through
> one round of review.

Looks good overall, within the context of the ongoing debate
about portals and static checkers.

> [...]
> By default, kernel code cannot be invoked directly from a Systemtap 
> script.  

Not just by default: I am aware of no construct being contemplated for
supporting invocation of kernel code from script.  Perhaps an abuse of
the "embedded C" idea, or of the dpcc expression string could do it,
but both of these are hypothetical and nonessential to the system.

> The Systemtap runtime can use kernel subroutines, and these
> references are assumed to be safe.

It may be informative to enumerate here certain other aspects of
safety, in terms of operating probes within the tight constraints
of the kernel:

- avoiding excessive usage of kernel stack by using explicitly
  synthesized frames in heap/static memory for probe local variables
- strictly terminating, nonblocking body code in probes
- no assumption of user context, as far as possible
- as little as possible dynamic memory allocation during probe
  operation

- FChE

Attachment: pgp00000.pgp
Description: PGP signature

References:
- arch paper section on safety
  - From: Chen, Brad

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]