[Lldb-commits] [PATCH] D136557: [trace][intel pt] Simple detection of infinite decoding loops

walter erquinigo via Phabricator via lldb-commits lldb-commits at lists.llvm.org
Sun Oct 23 10:44:26 PDT 2022 

wallace created this revision.
wallace added reviewers: jj10306, persona0220.
Herald added a project: All.
wallace requested review of this revision.
Herald added a project: LLDB.
Herald added a subscriber: lldb-commits.

The low-level decoder might fall into an infinite decoding loop for
various reasons, the simplest being an infinite direct loop reached due
to wrong handling of self-modified in the kernel, e.g.

  0x0A: pause
  0x0C: jump to 0x0A

In this case, all the code is sequential and requires no packets to be
decoded. The low-level decoder would produce an output like the
following

  0x0A: pause
  0x0C: jump to 0x0A
  0x0A: pause
  0x0C: jump to 0x0A
  0x0A: pause
  0x0C: jump to 0x0A
  ... infinite amount of times

These cases are pretty much undecodable, so the least we can do is to
identify if we have found a case like this one and show then an error in
the trace.

- Add a check that breaks decoding of a single PSB once 200k

instructions have been decoding after the last packet was processed.

- Add a `settings` property for tweaking this number. This is nice

because does the basic work needed for future settings.

Some notes are added in the code. I haven't been unable to create a test
case, but it's found in the thread #12 of the trace
72533820-3eb8-4465-b8e4-4e6bf0ccca99 at Meta. We have to figure out how to
artificially create traces with this kind of anomalies.

With this change, that anomalous thread now shows:

  (lldb) thread trace dump instructions 12 -e -i 213100
  
  thread #12: tid = 8
      ...missing instructions
      213100: (error) decoding truncated: possible infinite decoding loop detected
    vmlinux-5.12.0-0_fbk8_clang_6656_gc85768aa64da`panic_smp_self_stop + 7 at panic.c:87:2
      213099: 0xffffffff81342787    jmp    0xffffffff81342785        ; <+5> [inlined] rep_nop at processor.h:13:2
    vmlinux-5.12.0-0_fbk8_clang_6656_gc85768aa64da`panic_smp_self_stop + 5 [inlined] rep_nop at processor.h:13:2
      213098: 0xffffffff81342785    pause
    vmlinux-5.12.0-0_fbk8_clang_6656_gc85768aa64da`panic_smp_self_stop + 7 at panic.c:87:2
      213097: 0xffffffff81342787    jmp    0xffffffff81342785        ; <+5> [inlined] rep_nop at processor.h:13:2
    vmlinux-5.12.0-0_fbk8_clang_6656_gc85768aa64da`panic_smp_self_stop + 5 [inlined] rep_nop at processor.h:13:2
      213096: 0xffffffff81342785    pause
    vmlinux-5.12.0-0_fbk8_clang_6656_gc85768aa64da`panic_smp_self_stop + 7 at panic.c:87:2
      213095: 0xffffffff81342787    jmp    0xffffffff81342785        ; <+5> [inlined] rep_nop at processor.h:13:2
    vmlinux-5.12.0-0_fbk8_clang_6656_gc85768aa64da`panic_smp_self_stop + 5 [inlined] rep_nop at processor.h:13:2
      213094: 0xffffffff81342785    pause
    vmlinux-5.12.0-0_fbk8_clang_6656_gc85768aa64da`panic_smp_self_stop + 7 at panic.c:87:2
      213093: 0xffffffff81342787    jmp    0xffffffff81342785        ; <+5> [inlined] rep_nop at processor.h:13:2
    ...

It used to be in an infinite loop.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D136557

Files:
  lldb/include/lldb/Core/PluginManager.h
  lldb/source/Core/PluginManager.cpp
  lldb/source/Plugins/Trace/intel-pt/CMakeLists.txt
  lldb/source/Plugins/Trace/intel-pt/LibiptDecoder.cpp
  lldb/source/Plugins/Trace/intel-pt/TraceIntelPT.cpp
  lldb/source/Plugins/Trace/intel-pt/TraceIntelPT.h
  lldb/source/Plugins/Trace/intel-pt/TraceIntelPTProperties.td

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D136557.469992.patch
Type: text/x-patch
Size: 14259 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20221023/0e16f86b/attachment-0001.bin>

More information about the lldb-commits mailing list