Deconstructing Dyninst: The StackwalkerAPI - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Deconstructing Dyninst: The StackwalkerAPI

Description:

frame ptr. Basic stack walking is essentially following a linked list. Stack Ptr (ESP) Frame Ptr (EBP) Instruc Ptr (EIP) Registers (x86) sighandler. saved regs. func2 ... – PowerPoint PPT presentation

Number of Views:49
Avg rating:3.0/5.0
Slides: 21
Provided by: matthewl151
Category:

less

Transcript and Presenter's Notes

Title: Deconstructing Dyninst: The StackwalkerAPI


1
Deconstructing DyninstThe StackwalkerAPI
  • Matthew LeGendre
  • University of Wisconsin
  • legendre_at_cs.wisc.edu
  • http//www.paradyn.org

2
StackwalkerAPI
  • Stackwalking used for
  • Performance analysis sampling
  • Path profiling
  • Dynamic instrumentation
  • Debugging
  • A library for walking call stacks
  • Accurate
  • Portable
  • Extensible

3
Easy Stackwalking
main
frame ptr
func1
frame ptr
func2
  • Basic stack walking is essentially following a
    linked list.

4
Easy Tricky Stackwalking
main
frame ptr
func1
frame ptr
func2
frame ptr
c
saved regs
sighandler
  • Signal handlers and instrumentation tools may add
    non-standard frame layouts.

5
Easy Tricky Difficult Stackwalking
main
frame ptr
func1
frame ptr
func2
frame ptr
c
saved regs
sighandler
frame ptr
opt_func
  • Optimized functions may trash frame pointers

6
Easy Tricky Very Difficult Stackwalking
main
frame ptr
func1
frame ptr
func2
frame ptr
c
saved regs
sighandler
frame ptr
opt_func
func3
  • Functions may not yet have created stack frames,
    or could change stack frames during execution.

7
Identifying Types of Stack Frames
  • Must decide when to use different mechanisms.

?
main
Regular Functions
frame ptr
func1
?
frame ptr
func2
frame ptr
?
saved regs
sighandler
?
frame ptr
opt_func
?
func3
8
Stackwalker Interface
  • Collecting a

party stackwalk
1st
3rd
, with symbols
(PID)
()
  • Walker walker WalkernewWalker
  • stdvectorltFramegt stackwalk
  • walker-gtwalkStack(stackwalk)

stdstring s for (int i0 iltstackwalk.size()
i) stackwalki.getFuncName(s) cout
ltlt s
9
Callback Interface
User Tool
Callback Interface
Stackwalker Interface
10
Callback Interface FrameStepper
  • Mechanisms to walk various stack frame types
  • Given a parent frame, walks through the next
    frame on the stack.
  • Tracks regions in the address space that create
    this type of frame.
  • Defaults for each platform

11
Callback Interface StepperGroup
  • A set of FrameStepper objects
  • Tracks FrameSteppers
  • Given an address, determines which FrameStepper
    should be used.
  • Uses a priority system if FrameSteppers overlap.

Sys. Calls
Sig Handlers
Optimized Frames
Normal Frames
0x00000000
0x40000000
0x80000000
0xc0000000
0xffffffff
12
Callback Interface ProcessState
  • Provides access to the target process
  • Read memory
  • Read register values
  • Track thread creation/deletion
  • Used by
  • FrameSteppers to access the target process.
  • Users to access threading information.

13
Default ProcessState Objects
  • 1st Party Stackwalker

libstackwalk.so
User Tool
signal handlers
function calls
Target Application
  • 3rd Party Stackwalker

libstackwalk.so
Target Application
Debugger Interface
User Tool
14
Callback Interface SymbolLookup
  • Maps addresses from stack frames to symbol names
  • Given an address, returns the containing
    functions name.
  • Helps track library loads and unloads.
  • Single default implementation provided by
    SymtabAPI.
  • Can be done online or offline

15
Specializing StackwalkerAPI
16
Future Work Optimized Functions
?4 ?8 ?28 ?28 ?28
push eax push edx sub 0x20, esp cmp ebx,
0 je ...
mov 8, ecx add ecx, eax inc (eax) jmp
...
push 4 push 8 call foo add 8,esp
  • ?28
  • ?28
  • ?28
  • ?28

?32 ?36 ?36 ?28
pop edx pop eax add 20, esp ret
?24 ?20 ?0 ?0
  • Use static analysis to determine ?, the distance
    to the top of the stack frame, for each
    instruction.

17
Future Work Optimized Functions
  • Use heuristics to search the stack for frames

An Address Space
The Stack
... 0x00000482 0x080483f9 0xbfed6b30 0x4010a7f0 0x
0000000c ...
080483f5 call foo 080483f9 40000000
Heap 41000000 Heap End bfe00000 Stack
Top c0000000 Stack Bottom
  • An address is likely the top of a frame if
  • it points to an instruction that follows a call
  • the following address points into the stack

18
Future Work Platforms
19
Conclusions
  • StackwalkerAPI provides a simple cross-platform
    interface for walking call stacks
  • Callback Interface allows StackwalkerAPI to be
    easily extended and ported
  • Future work includes handling more optimized
    stack frames

20
Questions?
Matthew LeGendre University of Wisconsin legendre_at_
cs.wisc.edu http//www.paradyn.org
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Deconstructing Dyninst: The StackwalkerAPI" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!