search

DynamoRIO / dynamorio

Dynamic Instrumentation Tool Platform
Other
2.57k stars 550 forks source link

Unable to see read/write addresses in dynamorio kernel traces that got generated with libipt #6785

Closed vineelreddys closed 2 months ago

vineelreddys commented 2 months ago

I tried the latest version of Dynamorio and generated an offline trace for simple helloworld program written in c/cpp. In addition, I tried to capture kernel trace using -enable_kernel_tracing flag.

The command I used to generate the trace was: sudo ./dynamorio/build/bin64/drrun -t drcachesim -offline -enable_kernel_tracing -- ./hellotest

When I tried to view the trace using view tool I see the kernel trace do not have read and write addresses. See the ret instruction with pc 0xffffffff9da753fb in the following trace snippet where we do not see a read address in the next line after the instruction. Where as we correctly capture read address for the same ret instruction with pc 0x00007f76f6faf1a8 in the user trace. This can either be a limitation of libipt tool or dynamorio is not properly processing kernel trace to generate drmemtrace. 

     9828        8028:     1965461 ifetch       1 byte(s) @ 0x00007f76f6faf19f 5d                   pop    %rbp                                                                          
      9829        8028:     1965461 read         8 byte(s) @ 0x00007ffe958f7450 by PC 0x00007f76f6faf19f                                                                                  
      9830        8029:     1965461 ifetch       2 byte(s) @ 0x00007f76f6faf1a0 41 5c                pop    %r12                                                                          
      9831        8029:     1965461 read         8 byte(s) @ 0x00007ffe958f7458 by PC 0x00007f76f6faf1a0                                                                                  
      9832        8030:     1965461 ifetch       2 byte(s) @ 0x00007f76f6faf1a2 41 5d                pop    %r13                                                                          
      9833        8030:     1965461 read         8 byte(s) @ 0x00007ffe958f7460 by PC 0x00007f76f6faf1a2                                                                                  
      9834        8031:     1965461 ifetch       2 byte(s) @ 0x00007f76f6faf1a4 41 5e                pop    %r14                                                                          
      9835        8031:     1965461 read         8 byte(s) @ 0x00007ffe958f7468 by PC 0x00007f76f6faf1a4                                                                                  
      9836        8032:     1965461 ifetch       2 byte(s) @ 0x00007f76f6faf1a6 41 5f                pop    %r15                                                                          
      9837        8032:     1965461 read         8 byte(s) @ 0x00007ffe958f7470 by PC 0x00007f76f6faf1a6                                                                                  
      9838        8033:     1965461 ifetch       1 byte(s) @ 0x00007f76f6faf1a8 c3                   ret (target 0x7f76f6fb1a9b)                                                          
      9839        8033:     1965461 read         8 byte(s) @ 0x00007ffe958f7478 by PC 0x00007f76f6faf1a8                                                                                  
      9840        8034:     1965461 ifetch       2 byte(s) @ 0x00007f76f6fb1a9b 31 ff                xor    %edi, %edi                                                                    
      9841        8035:     1965461 ifetch       5 byte(s) @ 0x00007f76f6fb1a9d e8 9e 14 00 00       call   $0x00007f76f6fb2f40                                                           
      9842        8035:     1965461 write        8 byte(s) @ 0x00007ffe958f7478 by PC 0x00007f76f6fb1a9d                                                                                  
      9843        8036:     1965461 ifetch       4 byte(s) @ 0x00007f76f6fb2f40 f3 0f 1e fa          nop    %edx                                                                          
      9844        8037:     1965461 ifetch       5 byte(s) @ 0x00007f76f6fb2f44 b8 0c 00 00 00       mov    $0x0000000c, %eax                                                             
      9845        8038:     1965461 ifetch       2 byte(s) @ 0x00007f76f6fb2f49 0f 05                syscall                                                                              
      9846        8038:     1965461 <marker: timestamp 13358016188694523>                                                                                                                 
      9847        8038:     1965461 <marker: tid 1965461 on core 23>                                                                                                                      
      9848        8038:     1965461 <marker: system call 12>                                                                                                                              
      9849        8038:     1965461 <marker: trace start for system call number 12>                                                                                                       
      9850        8039:     1965461 ifetch       5 byte(s) @ 0xffffffff9da753f6 0f 1f 44 00 00       nop    0x00(%rax,%rax)                                                               
      9851        8040:     1965461 ifetch       1 byte(s) @ 0xffffffff9da753fb c3                   ret (target 0xffffffff9da166a0)                                                      
      9852        8041:     1965461 ifetch       2 byte(s) @ 0xffffffff9da166a0 66 90                data16 nop                                                                           
      9853        8042:     1965461 ifetch       4 byte(s) @ 0xffffffff9da166a2 48 83 c4 10          add    $0x10, %rsp                                                                   
      9854        8043:     1965461 ifetch       1 byte(s) @ 0xffffffff9da166a6 5b                   pop    %rbx                                                                          
      9855        8044:     1965461 ifetch       2 byte(s) @ 0xffffffff9da166a7 41 5c                pop    %r12                                                                          
      9856        8045:     1965461 ifetch       2 byte(s) @ 0xffffffff9da166a9 41 5d                pop    %r13                                                                          
      9857        8046:     1965461 ifetch       2 byte(s) @ 0xffffffff9da166ab 41 5e                pop    %r14                                                                          
      9858        8047:     1965461 ifetch       2 byte(s) @ 0xffffffff9da166ad 41 5f                pop    %r15                                                                          
      9859        8048:     1965461 ifetch       1 byte(s) @ 0xffffffff9da166af 5d                   pop    %rbp                                                                          
      9860        8049:     1965461 ifetch       1 byte(s) @ 0xffffffff9da166b0 c3                   ret (target 0xffffffff9da1675c)                                                      
      9861        8050:     1965461 ifetch       1 byte(s) @ 0xffffffff9da1675c 5b                   pop    %rbx                                                                          
      9862        8051:     1965461 ifetch       2 byte(s) @ 0xffffffff9da1675d 41 5c                pop    %r12                                                                          
      9863        8052:     1965461 ifetch       2 byte(s) @ 0xffffffff9da1675f 41 5d                pop    %r13                                                                          
      9864        8053:     1965461 ifetch       1 byte(s) @ 0xffffffff9da16761 5d                   pop    %rbp                                                                          
      9865        8054:     1965461 ifetch       1 byte(s) @ 0xffffffff9da16762 c3                   ret (target 0xffffffff9da167cd)                                                      
      9866        8055:     1965461 ifetch       5 byte(s) @ 0xffffffff9da167cd be 00 00 00 00       mov    $0x00000000, %esi
derekbruening commented 2 months ago

Please use the users list https://groups.google.com/forum/#!forum/DynamoRIO-Users for questions like this where you're not sure whether it is a bug, as it will reach a wider audience of people who might have an answer, and it will reach other users who may find the information beneficial. The data synthesis to augment the PT instruction-only trace (PT does not support data: only instructions) is not implemented yet: that is under #5505.