This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: user kprobes vs debuggers
- From: James Dickens <jamesd dot wi at gmail dot com>
- To: "Stone, Joshua I" <joshua dot i dot stone at intel dot com>
- Cc: Vara Prasad <prasadav at us dot ibm dot com>, "Frank Ch. Eigler" <fche at redhat dot com>, systemtap at sources dot redhat dot com
- Date: Fri, 3 Feb 2006 15:08:52 -0600
- Subject: Re: user kprobes vs debuggers
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=DVhb+/p5U/3zomXsxDlvgin12KAk/tn8CByBsc/Wtrh1zWgLhvfI7wpvRUn/nBSFbuIEhrsGNifSnWS+Yoo9Nsa+O+BHYMHgcijxo9mKgyU9H6DHC0Qc/wR7m62wEBP3lxB6ENeSCJ6aEe2EPc9kwGHHCqzMdtD0i71yBHAuDDo=
- References: <CBDB88BFD06F7F408399DBCF8776B3DC064BF010@scsmsx403.amr.corp.intel.com>
On 2/3/06, Stone, Joshua I <joshua.i.stone@intel.com> wrote:
> Vara Prasad wrote:
> > Let us say if there is no user space probes involved debugger
> > remembers the original instruction before replacing it is with
> > breakpoint instruction. It single steps the original instruction that
> > is stored in the userspace. Let us say if there is no debugger and
> > there is only userspace probes userspace pobes does the same single
> > stepping but in the kernel space. Another important distinction to
> > remember here is each of them have their own handlers to run when the
> > break point is hit. Based on the above background there is a global
> > registry of the breakpoints in the kernel that is only used to notify
> > who all would like to handle this breakpoint but it is up to each of
> > the owners to run their own handlers and as well as handle single
> > stepping.
>
> Sure, I see no issue when only a debugger or a userspace probe
> instruments a given address - they just single-step it themselves. The
> issue I was referring to is when a debugger and a userspace probe try to
> instrument the same address. In that scenario it's not clear who should
> single-step the original instruction and how.
>
> It's made worse if probes & debuggers are registered & removed in an
> interleaved fashion - e.g. probe A registers; debugger B registers; A is
> removed; what happens to B?
>
> > I think it would have been o.k to disallow but due to common uses like
> > strace people might object to userspace probes feature.
>
> You only have to disallow probes & debugger breakpoints coexisting at
> the same address - if they're at different addresses then there's no
> problem. If that's still too restrictive, then we need to resolve the
> issues above.
>
what happens in the case of debugger put a breakpoint in a private
copy of a shared library? how do we probe and monitor this? and also
all calls to function XXX of a non private library so can monitor all
malloc's done by userland apps for instance.
James Dickens
uadmin.blogspot.com
> Josh
>