This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: user kprobes vs debuggers


On 2/3/06, Stone, Joshua I <joshua.i.stone@intel.com> wrote:
> Vara Prasad wrote:
> > Let us say if there is no user space probes involved debugger
> > remembers the original instruction before replacing it is with
> > breakpoint instruction. It single steps the original instruction that
> > is stored in the userspace. Let us say if there is no debugger and
> > there is only userspace probes userspace pobes does the same single
> > stepping but in the kernel space. Another important distinction to
> > remember here is each of them have their own handlers to run when the
> > break point is hit. Based on the above background there is a global
> > registry of the breakpoints in the kernel that is only used to notify
> > who all would like to handle this breakpoint but it is up to each of
> > the owners to run their own handlers and as well as handle single
> > stepping.
>
> Sure, I see no issue when only a debugger or a userspace probe
> instruments a given address - they just single-step it themselves.  The
> issue I was referring to is when a debugger and a userspace probe try to
> instrument the same address.  In that scenario it's not clear who should
> single-step the original instruction and how.
>
> It's made worse if probes & debuggers are registered & removed in an
> interleaved fashion - e.g. probe A registers; debugger B registers; A is
> removed; what happens to B?
>
> > I think it would have been o.k to disallow but due to common uses like
> > strace people might object to userspace probes  feature.
>
> You only have to disallow probes & debugger breakpoints coexisting at
> the same address - if they're at different addresses then there's no
> problem.  If that's still too restrictive, then we need to resolve the
> issues above.
>

what happens in the case of  debugger put a breakpoint in a private
copy of a shared library? how do we probe and monitor this? and also
all calls to function XXX of a non private library so can monitor all 
malloc's done by userland apps for instance.


James Dickens
uadmin.blogspot.com

> Josh
>


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]