Google Git
Sign in
chromium / external / github.com / DynamoRIO / dynamorio / refs/tags/cronbuild-7.0.17921
commit259c182a75ce80112bcad329c97ada8d56ba854d[log] [tgz]
authorDerek Bruening <bruening@google.com>Fri Jan 25 05:41:19 2019
committerGitHub <noreply@github.com>Fri Jan 25 05:41:19 2019
tree759cb47958c78ef0e9241e22b10de5324d22b44a
parent8ed57e3e4509ded79f09e8e90d54b0174d042d9d [diff]
i#3356: work around AMD gs base context switch bug (#3357)

Adds work-arounds for an AMD processor bug where the processor does
not clear the hidden gs base when the gs selector is written.  Pre-4.7
Linux kernels leave the prior thread's base in place on a switch due
to this.  When we attach and receive SIGUSR2 in a new thread, we can
thus get the wrong dcontext; worse, we can get NULL in the handler but
the wrong dcontext later during init.

To solve the problem on attach, we check the tid for threads receiving
a takeover signal.  For incorrect tid cases or unknown threads we set
a non-zero "pre-init" value (the kernel ignores zero) in the gs base.
We have to be careful to not clobber the valid gs base value of a
temporarily-native thread whose magic field was deliberately set to
invalid.

On detach, we now set a non-zero value rather than zero in the gs base.

When sending a thread native or cloning a child thread, we're already
leaving a copy of our base in place (with an invalid .magic field),
which eliminates any problems there.

Manually tested on an AMD machine with an older kernel: api.startstop
succeeded 1000 times in a row where before it failed every single run.

Fixes #3356
6 files changed
tree: 759cb47958c78ef0e9241e22b10de5324d22b44a
  1. api/
  2. clients/
  3. core/
  4. ext/
  5. libutil/
  6. make/
  7. suite/
  8. third_party/
  9. tools/
  10. .appveyor.yml
  11. .clang-format
  12. .travis.yml
  13. ACKNOWLEDGEMENTS
  14. CMakeLists.txt
  15. CONTRIBUTING.md
  16. CTestConfig.cmake
  17. License.txt
  18. README
  19. README.md
README.md

DynamoRIO

DynamoRIO logo

About DynamoRIO

DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64/ARM/AArch64 instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows, Linux, or Android) and commodity IA-32, AMD64, ARM, and AArch64 hardware. Mac OSX support is in progress.

Existing DynamoRIO-based tools

Tools built on DynamoRIO and provided in our release package include:

  • The memory debugging tool Dr. Memory
  • The multi-process cache simulator and memory address trace collection and analysis platform drcachesim
  • The legacy processor emulator drcpusim
  • The “strace for Windows” tool drstrace
  • The code coverage tool drcov
  • The library tracing tool drltrace
  • The memory tracing tool memtrace
  • The basic block tracing tool bbbuf
  • The instruction counting tool inscount

Building your own custom tools

DynamoRIO‘s powerful API abstracts away the details of the underlying infrastructure and allows the tool builder to concentrate on analyzing or modifying the application’s runtime code stream. API documentation is included in the release package and can also be browsed online. Slides from our past tutorials are also available.

Downloading DynamoRIO

DynamoRIO is available free of charge as a binary package for both Windows and Linux. DynamoRIO's source code is available under a BSD license.

Obtaining Help

Use the discussion list to ask questions.

To report a bug, use the issue tracker.

See also the DynamoRIO home page: http://dynamorio.org/