ProcControlAPI and StackwalkerAPI Integration into Dyninst
description
Transcript of ProcControlAPI and StackwalkerAPI Integration into Dyninst
Paradyn Project
Paradyn / Dyninst WeekMadison, Wisconsin
May 2-4, 2011
ProcControlAPI and StackwalkerAPIIntegration into Dyninst
Todd Frederick and Dan McNulty
AST
Binary
Process
StackwalkerAPI
PatchAPI
SymtabAPI
DataFlowAPI
InstructionAPI
ParseAPI
CodeGen
ProcControlAPI
Binary
= Existing Component = New Component
= Proposed
Dyninst and the Components
StackwalkerAPI
ProcControlAPI
Process Control and Stackwalking in Dyninsto Process control:
oModify processes’ memory during instrumentation
oCapture events such as exit, fork, library load
o Start and stop processes and threadso Stackwalking:
oAnalysis during instrumentationo Provide stackwalks to users
Stackwalking needs process control to access memory and registers 3ProcControlAPI and StackwalkerAPI Integration
ProcControlAPI and StackwalkerAPIo Already releasedo Who is using these components now?
o Who is not using these components now?o Dyninst gains new features and stability when
integrated with these components
4ProcControlAPI and StackwalkerAPI Integration
ProcControlAPIo proc++ Filesystemo StackwalkerAPI o Dyninst
StackwalkerAPIo STATo Librao PnMPIo ATPo …and moreo Dyninst
5ProcControlAPI and StackwalkerAPI Integration
Ideal Componentization Processo New components should separate
existing functionality out of Dyninsto Keeping Dyninst in mind ensures the
components work together correctly
DyninstDyninstDyninst
Process ControlFunctionality
Process ControlComponent
Process Control
Component
6ProcControlAPI and StackwalkerAPI Integration
Actual Componentization Processo We developed ProcControlAPI and
StackwalkerAPI separately from Dyninst
o Interfaces to these components do not exactly match Dyninst’s requirements
DyninstDyninst
Process ControlFunctionality
Process Control
Component
Why Separate ProcControlAPI?o Clean interface to complex,
notoriously buggy, OS-dependent debugger interfaces
7ProcControlAPI and StackwalkerAPI Integration
Your Code/
Stackwalker/Dyninst
ProcControlAPI
Linux Debugger Interface
Breakpoints
Thread events
FreeBSD Debugger InterfaceWindows Debugger InterfaceBlueGene Debugger InterfaceVxWorks Debugger Interface
Read memoryStop process
Low LevelCommands
Low LevelEvents
System Interface
Threading inside Dyninst/ProcControlAPI
8ProcControlAPI and StackwalkerAPI Integration
o Integrating ProcControlAPI into Dyninst introduces a new threading model
o Leverage threads to handle multiple inputsoUser API callso System debug interfaceo Internal event handling
o Types of threadso Event decoderso Event handlers
Dyninst 7.0 Threading Modelo 2 threads per mutatee
process
9ProcControlAPI and StackwalkerAPI Integration
Mutator
Process
Model
Target Process
RT Lib
Target Process
RT Lib
Mutatee Process
Runtime
LibraryEvent
Decoders
Runtime Library Event
Handler
Event Handler
s
Event notifications
User Thread
Execute callbacks
Update data structures
Abstractevents
OS events
Asynchronous events
Update data structures
Event notifications
DyninstAPI
Dyninst+ProcControlAPI
Dyninst+ProcControlAPI Threading Modelo 1 event decoder, 2 event
handlers
10ProcControlAPI and StackwalkerAPI Integration
Mutator
Target Process
RT Lib
Target Process
RT Lib
Mutatee Process
Event Decoder
Event Handl
er
Event Handl
er
Abstract events
Update data structures
Execute callbacks OS
events
Event notifications
Process Model
Event notifications
Process Model
No longer update data structures
DyninstAPI
ProcControlAPI
User Thread
Runtime
Library
New functionality with ProcControlAPIo Synchronous events for mutatee thread
creation and destructionoNo more “Dead On Arrival” threads
o Possible new DyninstAPI featureso Separate kernel-level and user-level thread
eventsoReal breakpoints and single-stepping
11ProcControlAPI and StackwalkerAPI Integration
Target ProcessTarget
Process
New Feature – Detach-on-the-flyo Useful when multiple target processes
generate many events that require no Dyninst action o e.g., profiling timers generating signals
o Temporarily detach from mutatee process
12ProcControlAPI and StackwalkerAPI Integration
Old
Mutatee Process
Mutator Process
DyninstAPI Library
Temporary Detach
Events
Re-attach
Events
Forward EventsEvents
ProcControlAPI and StackwalkerAPI Integration
StackwalkerAPI and Dyninsto Many tools already use
StackwalkerAPIo Dyninst still uses separate, older
code for walking stacks
13
Dyninst
Old StackwalkingFunctionality
StackwalkerAPI
ATP
STATLibra
PnMPI
Why Separate StackwalkerAPI?o Dyninst currently has separate stackwalking
functionality for each platformo StackwalkerAPI abstracts common
stackwalkingpatterns across platforms
14ProcControlAPI and StackwalkerAPI Integration
Stackwalking Interface
Platform-Specific Support
Debug Informatio
nInstrumentat
ionSignal
HandlersFrame
Functions HeuristicsPlatform-Specific Stackwalking
Frame FunctionsDebug Information
Signal Handlers
InstrumentationHeuristics
Why Separate StackwalkerAPI?o Stack frames on different architectures have
different binary layoutso StackwalkerAPI Frame objects are a cross-
architecture representation
15ProcControlAPI and StackwalkerAPI Integration
StackwalkerAPI Frame
• Return Address
• Frame Pointer
• Stack Pointer
x86 Stack Frame
Stack Pointer
Frame Pointer
PreviousStack Pointer
Return Address
Previous Frame Pointer
Previous Return Address
POWER Stack Frame
Frame Pointer
Previous Frame Pointer
Return Address
Previous Return Address
PreviousStack Pointer
...
...
New Functionality with StackwalkerAPIo Extensible with frame steppers
oUsers can tell Dyninst how to walk through non-standard frames
oDyninst uses this feature to handle its own instrumentation
o Binary analysis-based frame stepperoDetermines how binary code creates stack
framesoMore robust than existing heuristics
o Uses ProcControlAPI for third-party walkso Improved stability by sharing Dyninst’s
view of a process16ProcControlAPI and StackwalkerAPI Integration
Extending StackwalkerAPI with Steppers o Frame stepper objects encapsulate the logic to
walk different kinds of stack frameso Users can add new Frame teppers, as Dyninst
does to walk through instrumentation
17ProcControlAPI and StackwalkerAPI Integration
main() { signal(SIGALRM,
signal_handler); alarm(1);}
signal_handler() { // Instrument // with foo}
foo() { walkStack(); }
Stack Framefoo
_start__libc_start_main
main__restore_rt
signal_handler[Dyninst Tramp]
Debug Information Stepper
Signal HandlerStepper
Instrumentation Stepper
Analysis-Based Stackwalkingo Our analysis tracks how each
instruction changes the height of the stack
18ProcControlAPI and StackwalkerAPI Integration
Analysis:Stack
Heights
Stack FrameStack FrameStack Frame
Stack Pointer
Stack PointerStack Pointer
0x4: -16
0x0: -8
0x4: SUB 40, RBP
0x1: MOV RSP, RBP
0x0: PUSH RBP
0x1: -16
0x8: -56
0x8: ...
Analysis-Based Stackwalkingo Using the stack height at an instruction,
we determine how to find the next stack frame
19ProcControlAPI and StackwalkerAPI Integration
Analysis:Stack
Heights
Stack Frame
0x8: -56
0x1: -16
0x0: -8
0x4: SUB 40, RBP
0x1: MOV RSP, RBP
0x0: PUSH RBP
0x8: ...
0x4: -16
Frame ObjectStack
Pointer
Frame ObjectStack
Pointer
0x8: -56
Where we areo In-development version of Dyninst fully
integrated with ProcControlAPI and StackwalkerAPIo Stable on Linux
o Incomplete platform support for ProcControlAPI and StackwalkerAPI
20ProcControlAPI and StackwalkerAPI Integration
Linux Windows FreeBSD VxWorks BG/P
ProcControlAPI
StackwalkerAPI
Dyninst 8.0o Complete support of ProcControlAPI and
StackwalkerAPI on all missing platformso Dynamic instrumentation on new
platformsoBlueGene/P, FreeBSD
o New features from integration effortoDetach-on-the-flyoBinary analysis-based frame stepper
21ProcControlAPI and StackwalkerAPI Integration
Questions
22ProcControlAPI and StackwalkerAPI Integration