commit	43db19b99b87570726051289c7887556b93d13a0	[log] [tgz]
author	Derek Bruening <bruening@google.com>	Thu Oct 05 21:55:26 2023
committer	GitHub <noreply@github.com>	Thu Oct 05 21:55:26 2023
tree	5a55e727337562b3c4da0c7c126798f35f192ea5
parent	d3304e724646d4b689e9774b04a19e391fd6f85d [diff]

i#6344: Add -record_syscall to drmemtrace (#6348)

Adds a new option -record_sysall to drmemtrace which records the
parameter and success values for the given system call numbers. Just
like with -record_function, the user must specify the parameter count.

SYS_futex is left as traced by default, but it can be disabled.

Adds documentation and a test.

Further manual testing:
```
  ---------------------------------------------------------------------------
  $ rm -rf drmemtrace.*.dir; bin64/drrun -t drcachesim -offline -record_syscall '1|-3&12|4&9|2' -record_syscall '12|2&158|4' -- suite/tests/bin/simple_app && bin64/drrun -t drcachesim -indir drmemtrace.*.dir -simulator_type view 2>&1 | egrep 'system call |function'
  Error: -record_syscall invalid parameter count -3
  ---------------------------------------------------------------------------

  ---------------------------------------------------------------------------
  $ rm -rf drmemtrace.*.dir; bin64/drrun -t drcachesim -offline -record_syscall '1|-3&12|4&9|2' -record_syscall '12|2&158|4' -- suite/tests/bin/simple_app && bin64/drrun -t drcachesim -indir drmemtrace.*.dir -simulator_type view 2>&1 | egrep 'system call |function'
  <Application simple_app (484125) DynamoRIO usage error : invalid system call parameter number>
  ---------------------------------------------------------------------------

  ---------------------------------------------------------------------------
  $ rm -rf drmemtrace.*.dir; bin64/drrun -t drcachesim -offline -record_syscall '1|3&12|4&9|2' -record_syscall '12|2&158|4' -- suite/tests/bin/simple_app && bin64/drrun -t drcachesim -indir drmemtrace.*.dir -simulator_type view 2>&1 | egrep 'system call |function'
  ...
  Hello, world!
  <Stopping application simple_app (484049)>
         32411       26808:      484049 <marker: system call 12>
         32412       26808:      484049 <marker: function==syscall #12>
         32413       26808:      484049 <marker: function argument 0x0>
         32414       26808:      484049 <marker: function argument 0x7ffc87c52d4c>
         32415       26808:      484049 <marker: function==syscall #12>
         32416       26808:      484049 <marker: function return value 0x1>
         50436       41126:      484049 <marker: system call 9>
         50437       41126:      484049 <marker: function==syscall #9>
         50438       41126:      484049 <marker: function argument 0x0>
         50439       41126:      484049 <marker: function argument 0x2000>
         50440       41126:      484049 <marker: function==syscall #9>
         50441       41126:      484049 <marker: function return value 0x1>
         50980       41485:      484049 <marker: system call 21>
         52193       42391:      484049 <marker: system call 257>
         52223       42409:      484049 <marker: system call 262>
         52253       42430:      484049 <marker: system call 9>
         52254       42430:      484049 <marker: function==syscall #9>
         52255       42430:      484049 <marker: function argument 0x0>
         52256       42430:      484049 <marker: function argument 0x1b5c7>
         52257       42430:      484049 <marker: function==syscall #9>
         52258       42430:      484049 <marker: function return value 0x1>
         52274       42439:      484049 <marker: system call 3>
         54224       44056:      484049 <marker: system call 257>
         54252       44074:      484049 <marker: system call 0>
         54329       44130:      484049 <marker: system call 17>
         54455       44208:      484049 <marker: system call 262>
         54988       44591:      484049 <marker: system call 17>
         55653       45105:      484049 <marker: system call 9>
         55654       45105:      484049 <marker: function==syscall #9>
         55655       45105:      484049 <marker: function argument 0x0>
         55656       45105:      484049 <marker: function argument 0x1e1f50>
         55657       45105:      484049 <marker: function==syscall #9>
         55658       45105:      484049 <marker: function return value 0x1>
         ...
  ---------------------------------------------------------------------------
```
Fixes #6344

9 files changed

tree: 5a55e727337562b3c4da0c7c126798f35f192ea5

README.md

DynamoRIO

DynamoRIO logo

About DynamoRIO

DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64/ARM/AArch64 instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows, Linux, or Android) and commodity IA-32, AMD64, ARM, and AArch64 hardware. Mac OSX support is in progress.

Existing DynamoRIO-based tools

DynamoRIO is the basis for some well-known external tools:

The Arm Instruction Emulator (ArmIE)
WinAFL, the Windows fuzzing tool, as an instrumentation and code coverage engine
The fine-grained profiler for ARM DrCCTProf
The portable and efficient framework for fine-grained value profilers VClinic

Tools built on DynamoRIO and available in the release package include:

The memory debugging tool Dr. Memory
The tracing and analysis framework drmemtrace with multiple tools that operate on both online (with multi-process support) and offline instruction and memory address traces:
- The cache simulator drcachesim
- TLB simulation
- Reuse distance
- Reuse time
- Opcode mix
- Function call tracing
The legacy processor emulator drcpusim
The “strace for Windows” tool drstrace
The code coverage tool drcov
The library tracing tool drltrace
The memory address tracing tool memtrace (drmemtrace's offline traces are faster with more surrounding infrastructure, but this is a simpler starting point for customized memory address tracing)
The memory value tracing tool memval
The instruction tracing tool instrace (drmemtrace's offline traces are faster with more surrounding infrastructure, but this is a simpler starting point for customized instruction tracing)
The basic block tracing tool bbbuf
The instruction counting tool inscount
The dynamic fuzz testing tool Dr. Fuzz
The disassembly tool drdisas
And more, including opcode counts, branch instrumentation, etc.: see API samples

Building your own custom tools

DynamoRIO‘s powerful API abstracts away the details of the underlying infrastructure and allows the tool builder to concentrate on analyzing or modifying the application’s runtime code stream. API documentation is included in the release package and can also be browsed online. Slides from our past tutorials are also available.

Downloading DynamoRIO

DynamoRIO is available free of charge as a binary package for both Windows and Linux. DynamoRIO's source code is available primarily under a BSD license.

Obtaining Help

Use the discussion list to ask questions.

To report a bug, use the issue tracker.