[lldb-dev] [RFC] Fast Conditional Breakpoints (FCB)

Ismail Bennani via lldb-dev lldb-dev at lists.llvm.org
Wed Aug 21 16:36:56 PDT 2019


Hi Pedro,

> On Aug 21, 2019, at 3:48 PM, Pedro Alves <palves at redhat.com> wrote:
> 
> Hi,
> 
> Very interesting.
> 
> One comment below, about something that jumped at me when
> I skimmed the proposal.
> 
> On 8/14/19 9:52 PM, Ismail Bennani via lldb-dev wrote:
>> 
>> Since the x86_64 ISA has variable instruction size, LLDB moves enough
>> instructions in the trampoline to be able to overwrite them with a jump to the
>> trampoline.
> 
> If I understood you correctly, you meant to say that LLDB moves
> enough instructions _at the breakpoint address_ to be able to 
> overwrite them with a jump to the trampoline?
> 
> It's the plural (instructionS) that jumped at me.
> If so, how do you plan to handle the case of some thread currently
> executing one of the instructions that you're overwriting?
> 
> Say, you're using a 5 bytes jmp instruction to jump to the
> trampoline, so you need to replace 5 bytes at the breakpoint address.
> But the instruction at the breakpoint address is shorter than
> 5 bytes.  Like:
> 
> ADDR | BEFORE           | AFTER
> ---------------------------------------
> 0000 | INSN1 (1 byte)   | JMP (5 bytes)
> 0001 | INSN2 (2 bytes)  |                   <<< thread T's PC points here
> 0002 |                  |
> 0003 | INSN3 (2 bytes)  |
> 
> Now once you resume execution, thread T is going to execute a bogus
> instruction at ADDR 0001.

That’s a relevant point.

I haven’t thought of it, but I think this can be mitigated by checking at
the time of replacing the instructions if any thread is within the copied
instructions bounds.

If so, I’ll change all the threads' pcs that are in the critical region to
point to new copied instruction location (inside the trampoline).

This way, it won’t change the execution flow of the program.

Thanks for pointing out this issue, I’ll make sure to add a fix to my
implementation.

If you have any other suggestion on how to tackle this problem, I’d like
really to know about it :).

> 
> GDB does something similar to this for fast tracepoints (replaces
> the tracepointed instruction with a jump to a trampoline area
> that does the tracepoint collection, all without traps), and because
> of the above, GDB currently keeps it simple and only allows setting
> fast tracepoints at addresses with instructions longer than
> the jump-to-trampoline jump instruction used.
> 
> Thanks,
> Pedro Alves

Sincerely,

Ismail



More information about the lldb-dev mailing list