ProcControlAPI and StackwalkerAPI Integration into Dyninst

Paradyn Project

Paradyn / Dyninst WeekMadison, Wisconsin

May 2-4, 2011

ProcControlAPI and StackwalkerAPIIntegration into Dyninst

Todd Frederick and Dan McNulty

AST

Binary

Process

StackwalkerAPI

PatchAPI

SymtabAPI

DataFlowAPI

InstructionAPI

ParseAPI

CodeGen

ProcControlAPI

Binary

= Existing Component = New Component

= Proposed

Dyninst and the Components

StackwalkerAPI

ProcControlAPI

Process Control and Stackwalking in Dyninsto Process control:

oModify processes’ memory during instrumentation

oCapture events such as exit, fork, library load

o Start and stop processes and threadso Stackwalking:

oAnalysis during instrumentationo Provide stackwalks to users

Stackwalking needs process control to access memory and registers 3ProcControlAPI and StackwalkerAPI Integration

ProcControlAPI and StackwalkerAPIo Already releasedo Who is using these components now?

o Who is not using these components now?o Dyninst gains new features and stability when

integrated with these components

4ProcControlAPI and StackwalkerAPI Integration

ProcControlAPIo proc++ Filesystemo StackwalkerAPI o Dyninst

StackwalkerAPIo STATo Librao PnMPIo ATPo …and moreo Dyninst


Ideal Componentization Processo New components should separate

existing functionality out of Dyninsto Keeping Dyninst in mind ensures the

components work together correctly

DyninstDyninstDyninst

Process ControlFunctionality

Process ControlComponent

Process Control

Component


Actual Componentization Processo We developed ProcControlAPI and

StackwalkerAPI separately from Dyninst

o Interfaces to these components do not exactly match Dyninst’s requirements

DyninstDyninst

Process ControlFunctionality

Process Control

Component

Why Separate ProcControlAPI?o Clean interface to complex,

notoriously buggy, OS-dependent debugger interfaces


Your Code/

Stackwalker/Dyninst

ProcControlAPI

Linux Debugger Interface

Breakpoints

Thread events

FreeBSD Debugger InterfaceWindows Debugger InterfaceBlueGene Debugger InterfaceVxWorks Debugger Interface

Read memoryStop process

Low LevelCommands

Low LevelEvents

System Interface

Threading inside Dyninst/ProcControlAPI


o Integrating ProcControlAPI into Dyninst introduces a new threading model

o Leverage threads to handle multiple inputsoUser API callso System debug interfaceo Internal event handling

o Types of threadso Event decoderso Event handlers

Dyninst 7.0 Threading Modelo 2 threads per mutatee

process


Mutator

Process

Model

Target Process

RT Lib

Target Process

RT Lib

Mutatee Process

Runtime

LibraryEvent

Decoders

Runtime Library Event

Handler

Event Handler

s

Event notifications

User Thread

Execute callbacks

Update data structures

Abstractevents

OS events

Asynchronous events


Event notifications

DyninstAPI

Dyninst+ProcControlAPI

Dyninst+ProcControlAPI Threading Modelo 1 event decoder, 2 event

handlers


Mutator

Target Process

RT Lib

Target Process

RT Lib

Mutatee Process

Event Decoder

Event Handl

er

Event Handl

er

Abstract events


Execute callbacks OS

events

Event notifications

Process Model

Event notifications

Process Model

No longer update data structures

DyninstAPI

ProcControlAPI

User Thread

Runtime

Library

New functionality with ProcControlAPIo Synchronous events for mutatee thread

creation and destructionoNo more “Dead On Arrival” threads

o Possible new DyninstAPI featureso Separate kernel-level and user-level thread

eventsoReal breakpoints and single-stepping


Target ProcessTarget

Process

New Feature – Detach-on-the-flyo Useful when multiple target processes

generate many events that require no Dyninst action o e.g., profiling timers generating signals

o Temporarily detach from mutatee process


Old

Mutatee Process

Mutator Process

DyninstAPI Library

Temporary Detach

Events

Re-attach

Events

Forward EventsEvents

ProcControlAPI and StackwalkerAPI Integration

StackwalkerAPI and Dyninsto Many tools already use

StackwalkerAPIo Dyninst still uses separate, older

code for walking stacks

13

Dyninst

Old StackwalkingFunctionality

StackwalkerAPI

ATP

STATLibra

PnMPI

Why Separate StackwalkerAPI?o Dyninst currently has separate stackwalking

functionality for each platformo StackwalkerAPI abstracts common

stackwalkingpatterns across platforms


Stackwalking Interface

Platform-Specific Support

Debug Informatio

nInstrumentat

ionSignal

HandlersFrame

Functions HeuristicsPlatform-Specific Stackwalking

Frame FunctionsDebug Information

Signal Handlers

InstrumentationHeuristics

Why Separate StackwalkerAPI?o Stack frames on different architectures have

different binary layoutso StackwalkerAPI Frame objects are a cross-

architecture representation


StackwalkerAPI Frame

• Return Address

• Frame Pointer

• Stack Pointer

x86 Stack Frame

Stack Pointer

Frame Pointer

PreviousStack Pointer

Return Address

Previous Frame Pointer

Previous Return Address

POWER Stack Frame

Frame Pointer

Previous Frame Pointer

Return Address

Previous Return Address

PreviousStack Pointer

...

...

New Functionality with StackwalkerAPIo Extensible with frame steppers

oUsers can tell Dyninst how to walk through non-standard frames

oDyninst uses this feature to handle its own instrumentation

o Binary analysis-based frame stepperoDetermines how binary code creates stack

framesoMore robust than existing heuristics

o Uses ProcControlAPI for third-party walkso Improved stability by sharing Dyninst’s

view of a process16ProcControlAPI and StackwalkerAPI Integration

Extending StackwalkerAPI with Steppers o Frame stepper objects encapsulate the logic to

walk different kinds of stack frameso Users can add new Frame teppers, as Dyninst

does to walk through instrumentation


main() { signal(SIGALRM,

signal_handler); alarm(1);}

signal_handler() { // Instrument // with foo}

foo() { walkStack(); }

Stack Framefoo

_start__libc_start_main

main__restore_rt

signal_handler[Dyninst Tramp]

Debug Information Stepper

Signal HandlerStepper

Instrumentation Stepper

Analysis-Based Stackwalkingo Our analysis tracks how each

instruction changes the height of the stack


Analysis:Stack

Heights

Stack FrameStack FrameStack Frame

Stack Pointer

Stack PointerStack Pointer

0x4: -16

0x0: -8

0x4: SUB 40, RBP

0x1: MOV RSP, RBP

0x0: PUSH RBP

0x1: -16

0x8: -56

0x8: ...

Analysis-Based Stackwalkingo Using the stack height at an instruction,

we determine how to find the next stack frame


Analysis:Stack

Heights

Stack Frame

0x8: -56

0x1: -16

0x0: -8

0x4: SUB 40, RBP

0x1: MOV RSP, RBP

0x0: PUSH RBP

0x8: ...

0x4: -16

Frame ObjectStack

Pointer

Frame ObjectStack

Pointer

0x8: -56

Where we areo In-development version of Dyninst fully

integrated with ProcControlAPI and StackwalkerAPIo Stable on Linux

o Incomplete platform support for ProcControlAPI and StackwalkerAPI


Linux Windows FreeBSD VxWorks BG/P

ProcControlAPI

StackwalkerAPI

Dyninst 8.0o Complete support of ProcControlAPI and

StackwalkerAPI on all missing platformso Dynamic instrumentation on new

platformsoBlueGene/P, FreeBSD

o New features from integration effortoDetach-on-the-flyoBinary analysis-based frame stepper


Questions


Documents

ProcControlAPI and StackwalkerAPI Integration into Dyninst