The first was that 64b ELF binaries using user-space (USDT) probes
couldnt correctly notify the kernel of the probe points. This was
tracked down to a strange issue in the libelf binary where attempts
to update the relocatable symbol table entries weren't being committed
to the output file. I also found a lack of symmetry in the Solaris
code, which probably worked because the Solaris libelf routines
allow for a problem of storing a RELA entry into a REL slot.
The second issue was that user space breakpoints being ignored
by the interrupt routines by a previous cleanup/change. i386 and
x64 are now in sync.
Heres an example of the sample program demonstrating the USDT
probes in action:
In one terminal, we run the simple-c tool:
$ build/simple-c
__SUNW_dof header:
dofh_flags 00000000
dofh_hdrsize 00000040
dofh_secsize 00000020
dofh_secnum 00000009
dofh_secoff 0x40
dofh_loadsz 0x270
dofh_filesz 0x400
0: 0008 0001 0001 0000 0000023c 00000034
1: 0010 0008 0001 0030 00000160 00000060
2: 0011 0001 0001 0001 000001c0 00000002
3: 0012 0004 0001 0004 000001c4 0000000c
4: 000f 0004 0001 0000 000001d0 0000002c
5: 000a 0008 0001 0018 00000200 00000030
6: 000c 0004 0001 0000 00000230 0000000c
7: 0001 0001 0000 0000 00000270 0000000a
8: 0014 0001 0000 0000 0000027a 00000186
PID:14632 0: here on line 93: crc=00008998
PID:14632 here on line 95
PID:14632 here on line 97
PID:14632 here on line 99
PID:14632 1: here on line 93: crc=00008998
PID:14632 here on line 95
PID:14632 here on line 97
PID:14632 here on line 99
PID:14632 2: here on line 93: crc=00008a4c
PID:14632 here on line 95
PID:14632 here on line 97
PID:14632 here on line 99
PID:14632 3: here on line 93: crc=00008a4c
PID:14632 here on line 95
PID:14632 here on line 97
PID:14632 here on line 99
PID:14632 4: here on line 93: crc=00008a4c
PID:14632 here on line 95
PID:14632 here on line 97
PID:14632 here on line 99
...
Ignore the dof dump at the top - that was for my benefit to debug
what was being sent to the kernel. Note the "here on line" messages, and
the CRC. As the app started, but before the USDT probes were enabled, the
code segment had one checksum. After I started dtrace in another window,
the checksum changes, (which proves something happened to the code segment,
namely the NOPs are replaced by breakpoint instructions):
$ dtrace -n :simple-c::
dtrace: description ':simple-c::' matched 2 probes
CPU ID FUNCTION:NAME
1 312224 main:saw-line
1 312225 main:saw-word
1 312225 main:saw-word
1 312224 main:saw-line
1 312225 main:saw-word
1 312225 main:saw-word
....
Theres still some problems to resolve. When the simple app terminates, the
probes are left active. We need to detect process exit (or exec) and
remove the probes.
Theres some more examples/details on dtrace.org on USDT, here:
http://dtrace.org/blogs/dap/2011/12/13/usdt-providers-redux/
Post created by CRiSP v10.0.21a-b6141
No comments:
Post a Comment