Changeset 88366 in vbox for trunk

Timestamp:

Apr 5, 2021 7:08:37 AM (4 years ago)

Author:

vboxsync

Message:

VMM/DBGFR3Flow: Add ability to put call instructions into separate basic blocks which will aid the flow tracing code to instrument calls to other functions more easily

Location:

trunk

Files:

• include/VBox/vmm/dbgf.h (modified) (3 diffs)
• src/VBox/VMM/VMMR3/DBGFR3Flow.cpp (modified) (11 diffs)
• src/VBox/VMM/VMMR3/VMMR3.def (modified) (1 diff)

trunk/include/VBox/vmm/dbgf.h

@@ -2918 +2918 @@
  * @{ */
 /** The basic block is the entry into the owning control flow graph. */
-#define DBGF_FLOW_BB_F_ENTRY             RT_BIT_32(0)
+#define DBGF_FLOW_BB_F_ENTRY                                RT_BIT_32(0)
 /** The basic block was not populated because the limit was reached. */
-#define DBGF_FLOW_BB_F_EMPTY             RT_BIT_32(1)
+#define DBGF_FLOW_BB_F_EMPTY                                RT_BIT_32(1)
 /** The basic block is not complete because an error happened during disassembly. */
-#define DBGF_FLOW_BB_F_INCOMPLETE_ERR    RT_BIT_32(2)
+#define DBGF_FLOW_BB_F_INCOMPLETE_ERR                       RT_BIT_32(2)
 /** The basic block is reached through a branch table. */
-#define DBGF_FLOW_BB_F_BRANCH_TABLE      RT_BIT_32(3)
+#define DBGF_FLOW_BB_F_BRANCH_TABLE                         RT_BIT_32(3)
+/** The basic block consists only of a single call instruction because
+ * DBGF_FLOW_CREATE_F_CALL_INSN_SEPARATE_BB was given. */
+#define DBGF_FLOW_BB_F_CALL_INSN                            RT_BIT_32(4)
+/** The branch target of the call instruction could be deduced and can be queried with
+ * DBGFR3FlowBbGetBranchAddress(). May only be available when DBGF_FLOW_BB_F_CALL_INSN
+ * is set. */
+#define DBGF_FLOW_BB_F_CALL_INSN_TARGET_KNOWN               RT_BIT_32(5)
 /** @} */
 
@@ -2930 +2937 @@
  * @{ */
 /** Default options. */
-#define DBGF_FLOW_CREATE_F_DEFAULT                       0
+#define DBGF_FLOW_CREATE_F_DEFAULT                          0
 /** Tries to resolve indirect branches, useful for code using
  * jump tables generated for large switch statements by some compilers. */
-#define DBGF_FLOW_CREATE_F_TRY_RESOLVE_INDIRECT_BRANCHES RT_BIT_32(0)
+#define DBGF_FLOW_CREATE_F_TRY_RESOLVE_INDIRECT_BRANCHES    RT_BIT_32(0)
+/** Call instructions are placed in a separate basic block. */
+#define DBGF_FLOW_CREATE_F_CALL_INSN_SEPARATE_BB            RT_BIT_32(1)
 /** @} */
 
@@ -2994 +3003 @@
 VMMR3DECL(uint32_t)          DBGFR3FlowGetBbCount(DBGFFLOW hFlow);
 VMMR3DECL(uint32_t)          DBGFR3FlowGetBranchTblCount(DBGFFLOW hFlow);
+VMMR3DECL(uint32_t)          DBGFR3FlowGetCallInsnCount(DBGFFLOW hFlow);
 
 VMMR3DECL(uint32_t)          DBGFR3FlowBbRetain(DBGFFLOWBB hFlowBb);

trunk/src/VBox/VMM/VMMR3/DBGFR3Flow.cpp

@@ -68 +68 @@
     /** Number of branch tables in this control flow graph. */
     uint32_t                cBranchTbls;
+    /** Number of call instructions in this control flow graph. */
+    uint32_t                cCallInsns;
     /** The lowest addres of a basic block. */
     DBGFADDRESS             AddrLowest;
@@ -1148 +1150 @@
         }
 
-        pFlowBb->fFlags &= ~DBGF_FLOW_BB_F_EMPTY;
-
         rc = dbgfR3DisasInstrStateEx(pUVM, idCpu, &AddrDisasm, fFlags,
                                      &szOutput[0], sizeof(szOutput), &DisState);
         if (RT_SUCCESS(rc))
         {
+            if (   pThis->fFlags & DBGF_FLOW_CREATE_F_CALL_INSN_SEPARATE_BB
+                && DisState.pCurInstr->uOpcode == OP_CALL
+                && !(pFlowBb->fFlags & DBGF_FLOW_BB_F_EMPTY))
+            {
+                /*
+                 * If the basic block is not empty, the basic block is terminated and the successor is added
+                 * which will contain the call instruction.
+                 */
+                pFlowBb->AddrTarget = AddrDisasm;
+                pFlowBb->enmEndType = DBGFFLOWBBENDTYPE_UNCOND;
+                rc = dbgfR3FlowBbSuccessorAdd(pThis, &AddrDisasm,
+                                              (pFlowBb->fFlags & DBGF_FLOW_BB_F_BRANCH_TABLE),
+                                              pFlowBb->pFlowBranchTbl);
+                if (RT_FAILURE(rc))
+                    dbgfR3FlowBbSetError(pFlowBb, rc, "Adding successor blocks failed with %Rrc", rc);
+                break;
+            }
+
+            pFlowBb->fFlags &= ~DBGF_FLOW_BB_F_EMPTY;
             cbDisasmLeft -= DisState.cbInstr;
 
@@ -1192 +1211 @@
                 {
                     uint16_t uOpc = DisState.pCurInstr->uOpcode;
+
+                    if (uOpc == OP_CALL)
+                        pThis->cCallInsns++;
 
                     if (   uOpc == OP_RETN || uOpc == OP_RETF || uOpc == OP_IRET
@@ -1263 +1285 @@
                         }
                     }
+                    else if (pThis->fFlags & DBGF_FLOW_CREATE_F_CALL_INSN_SEPARATE_BB)
+                    {
+                        pFlowBb->enmEndType = DBGFFLOWBBENDTYPE_UNCOND;
+                        pFlowBb->fFlags    |= DBGF_FLOW_BB_F_CALL_INSN;
+
+                        /* Add new basic block coming after the call instruction. */
+                        rc = dbgfR3FlowBbSuccessorAdd(pThis, &AddrDisasm,
+                                                      (pFlowBb->fFlags & DBGF_FLOW_BB_F_BRANCH_TABLE),
+                                                      pFlowBb->pFlowBranchTbl);
+                        if (   RT_SUCCESS(rc)
+                            && !dbgfR3FlowBranchTargetIsIndirect(&DisState.Param1))
+                        {
+                            /* Resolve the branch target. */
+                            rc = dbgfR3FlowQueryDirectBranchTarget(pUVM, idCpu, &DisState.Param1, &pInstr->AddrInstr, pInstr->cbInstr,
+                                                                   RT_BOOL(DisState.pCurInstr->fOpType & DISOPTYPE_RELATIVE_CONTROLFLOW),
+                                                                   &pFlowBb->AddrTarget);
+                            if (RT_SUCCESS(rc))
+                                pFlowBb->fFlags |= DBGF_FLOW_BB_F_CALL_INSN_TARGET_KNOWN;
+                        }
+                    }
 
                     if (RT_FAILURE(rc))
@@ -1268 +1310 @@
 
                     /* Quit disassembling. */
-                    if (   uOpc != OP_CALL
+                    if (   (   uOpc != OP_CALL
+                            || (pThis->fFlags & DBGF_FLOW_CREATE_F_CALL_INSN_SEPARATE_BB))
                         || RT_FAILURE(rc))
                         break;
@@ -1290 +1333 @@
  * @param   idCpu               CPU id for disassembling.
  * @param   pThis               The control flow graph to populate.
- * @param   pAddrStart          The start address to disassemble at.
  * @param   cbDisasmMax         The maximum amount to disassemble.
  * @param   fFlags              Combination of DBGF_DISAS_FLAGS_*.
  */
-static int dbgfR3FlowPopulate(PUVM pUVM, VMCPUID idCpu, PDBGFFLOWINT pThis, PDBGFADDRESS pAddrStart,
+static int dbgfR3FlowPopulate(PUVM pUVM, VMCPUID idCpu, PDBGFFLOWINT pThis,
                              uint32_t cbDisasmMax, uint32_t fFlags)
 {
     int rc = VINF_SUCCESS;
     PDBGFFLOWBBINT pFlowBb = dbgfR3FlowGetUnpopulatedBb(pThis);
-    DBGFADDRESS AddrEnd = *pAddrStart;
-    DBGFR3AddrAdd(&AddrEnd, cbDisasmMax);
 
     while (VALID_PTR(pFlowBb))
@@ -1350 +1390 @@
             pThis->cBbs        = 0;
             pThis->cBranchTbls = 0;
+            pThis->cCallInsns  = 0;
             pThis->fFlags      = fFlagsFlow;
             RTListInit(&pThis->LstFlowBb);
@@ -1359 +1400 @@
             {
                 dbgfR3FlowLink(pThis, pFlowBb);
-                rc = dbgfR3FlowPopulate(pUVM, idCpu, pThis, pAddressStart, cbDisasmMax, fFlagsDisasm);
+                rc = dbgfR3FlowPopulate(pUVM, idCpu, pThis, cbDisasmMax, fFlagsDisasm);
                 if (RT_SUCCESS(rc))
                 {
@@ -1538 +1579 @@
 
 /**
+ * Returns the number of call instructions encountered in the given
+ * control flow graph.
+ *
+ * @returns Number of call instructions.
+ * @param   hFlow                The control flow graph handle.
+ */
+VMMR3DECL(uint32_t) DBGFR3FlowGetCallInsnCount(DBGFFLOW hFlow)
+{
+    PDBGFFLOWINT pThis = hFlow;
+    AssertPtrReturn(pThis, 0);
+
+    return pThis->cCallInsns;
+}
+
+
+/**
  * Retains the basic block handle.
  *
@@ -1613 +1670 @@
  * @param   pAddrTarget         Where to store the branch address of the basic block.
  *
- * @note This is only valid for unconditional or conditional branches and will assert
- *       for every other basic block type.
+ * @note This is only valid for unconditional or conditional branches, or for a basic block
+ *       containing only a call instruction when DBGF_FLOW_CREATE_F_CALL_INSN_SEPARATE_BB was given
+ *       during creation and the branch target could be deduced as indicated by the DBGF_FLOW_BB_F_CALL_INSN_TARGET_KNOWN
+ *       flag for the basic block. This method will assert for every other basic block type.
  * @note For indirect unconditional branches using a branch table this will return the start address
  *       of the branch table.
@@ -1625 +1684 @@
     AssertReturn(   pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND_JMP
                  || pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_COND
-                 || pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND_INDIRECT_JMP,
+                 || pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND_INDIRECT_JMP
+                 || (   pFlowBb->enmEndType == DBGFFLOWBBENDTYPE_UNCOND
+                     && (pFlowBb->fFlags & DBGF_FLOW_BB_F_CALL_INSN_TARGET_KNOWN)),
                  NULL);
 

trunk/src/VBox/VMM/VMMR3/VMMR3.def

@@ -163 +163 @@
     DBGFR3FlowGetBbCount
     DBGFR3FlowGetBranchTblCount
+    DBGFR3FlowGetCallInsnCount
     DBGFR3FlowBbRetain
     DBGFR3FlowBbRelease