2 /*--------------------------------------------------------------------*/
3 /*--- The core/tool interface. pub_tool_tooliface.h ---*/
4 /*--------------------------------------------------------------------*/
7 This file is part of Valgrind, a dynamic binary instrumentation
10 Copyright (C) 2000-2017 Julian Seward
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, see <http://www.gnu.org/licenses/>.
26 The GNU General Public License is contained in the file COPYING.
29 #ifndef __PUB_TOOL_TOOLIFACE_H
30 #define __PUB_TOOL_TOOLIFACE_H
32 #include "pub_tool_errormgr.h" // for Error, Supp
33 #include "libvex.h" // for all Vex stuff
35 /* ------------------------------------------------------------------ */
36 /* The interface version */
38 /* Initialise tool. Must do the following:
39 - initialise the `details' struct, via the VG_(details_*)() functions
40 - register the basic tool functions, via VG_(basic_tool_funcs)().
42 - initialise the `needs' struct to indicate certain requirements, via
43 the VG_(needs_*)() functions
44 - any other tool-specific initialisation
46 extern void (*VG_(tl_pre_clo_init
)) ( void );
48 /* Every tool must include this macro somewhere, exactly once. The
49 interface version is no longer relevant, but we kept the same name
50 to avoid requiring changes to tools.
52 #define VG_DETERMINE_INTERFACE_VERSION(pre_clo_init) \
53 void (*VG_(tl_pre_clo_init)) ( void ) = pre_clo_init;
55 /* ------------------------------------------------------------------ */
56 /* Basic tool functions */
58 /* The tool_instrument function is passed as a callback to
59 LibVEX_Translate. VgCallbackClosure carries additional info
60 which the instrumenter might like to know, but which is opaque to
65 Addr nraddr
; /* non-redirected guest address */
66 Addr readdr
; /* redirected guest address */
67 ThreadId tid
; /* tid requesting translation */
71 extern void VG_(basic_tool_funcs
)(
72 // Do any initialisation that can only be done after command line
74 void (*post_clo_init
)(void),
76 // Instrument a basic block. Must be a true function, ie. the same
77 // input always results in the same output, because basic blocks
78 // can be retranslated, unless you're doing something really
79 // strange. Anyway, the arguments. Mostly they are straightforward
80 // except for the distinction between redirected and non-redirected
81 // guest code addresses, which is important to understand.
83 // VgCallBackClosure* closure contains extra arguments passed
84 // from Valgrind to the instrumenter, which Vex doesn't know about.
85 // You are free to look inside this structure.
87 // * closure->tid is the ThreadId of the thread requesting the
88 // translation. Not sure why this is here; perhaps callgrind
91 // * closure->nraddr is the non-redirected guest address of the
92 // start of the translation. In other words, the translation is
93 // being constructed because the guest program jumped to
94 // closure->nraddr but no translation of it was found.
96 // * closure->readdr is the redirected guest address, from which
97 // the translation was really made.
99 // To clarify this, consider what happens when, in Memcheck, the
100 // first call to malloc() happens. The guest program will be
101 // trying to jump to malloc() in libc; hence ->nraddr will contain
102 // that address. However, Memcheck intercepts and replaces
103 // malloc, hence ->readdr will be the address of Memcheck's
104 // malloc replacement in
105 // coregrind/m_replacemalloc/vg_replacemalloc.c. It follows
106 // that the first IMark in the translation will be labelled as
107 // from ->readdr rather than ->nraddr.
109 // Since most functions are not redirected, the majority of the
110 // time ->nraddr will be the same as ->readdr. However, you
111 // cannot assume this: if your tool has metadata associated
112 // with code addresses it will get into deep trouble if it does
113 // make this assumption.
115 // IRSB* sb_in is the incoming superblock to be instrumented,
118 // VexGuestLayout* layout contains limited info on the layout of
119 // the guest state: where the stack pointer and program counter
120 // are, and which fields should be regarded as 'always defined'.
121 // Memcheck uses this.
123 // VexGuestExtents* vge points to a structure which states the
124 // precise byte ranges of original code from which this translation
125 // was made (there may be up to three different ranges involved).
126 // Note again that these are the real addresses from which the code
127 // came. And so it should be the case that closure->readdr is the
128 // same as vge->base[0]; indeed Cachegrind contains this assertion.
130 // Tools which associate shadow data with code addresses
131 // (cachegrind, callgrind) need to be particularly clear about
132 // whether they are making the association with redirected or
133 // non-redirected code addresses. Both approaches are viable
134 // but you do need to understand what's going on. See comments
135 // below on discard_basic_block_info().
137 // IRType gWordTy and IRType hWordTy contain the types of native
138 // words on the guest (simulated) and host (real) CPUs. They will
139 // by either Ity_I32 or Ity_I64. So far we have never built a
140 // cross-architecture Valgrind so they should always be the same.
142 /* --- Further comments about the IR that your --- */
143 /* --- instrumentation function will receive. --- */
145 In the incoming IRSB, the IR for each instruction begins with an
146 IRStmt_IMark, which states the address and length of the
147 instruction from which this IR came. This makes it easy for
148 profiling-style tools to know precisely which guest code
149 addresses are being executed.
151 However, before the first IRStmt_IMark, there may be other IR
152 statements -- a preamble. In most cases this preamble is empty,
153 but when it isn't, what it contains is some supporting IR that
154 the JIT uses to ensure control flow works correctly. This
155 preamble does not modify any architecturally defined guest state
156 (registers or memory) and so does not contain anything that will
157 be of interest to your tool.
161 (1) copy any IR preceding the first IMark verbatim to the start
164 (2) not try to instrument it or modify it in any way.
166 For the record, stuff that may be in the preamble at
169 - A self-modifying-code check has been requested for this block.
170 The preamble will contain instructions to checksum the block,
171 compare against the expected value, and exit the dispatcher
172 requesting a discard (hence forcing a retranslation) if they
175 - This block is known to be the entry point of a wrapper of some
176 function F. In this case the preamble contains code to write
177 the address of the original F (the fn being wrapped) into a
178 'hidden' guest state register _NRADDR. The wrapper can later
179 read this register using a client request and make a
180 non-redirected call to it using another client-request-like
183 - For platforms that use the AIX ABI (including ppc64-linux), it
184 is necessary to have a preamble even for replacement functions
185 (not just for wrappers), because it is necessary to switch the
186 R2 register (constant-pool pointer) to a different value when
187 swizzling the program counter.
189 Hence the preamble pushes both R2 and LR (the return address)
190 on a small 16-entry stack in the guest state and sets R2 to an
191 appropriate value for the wrapper/replacement fn. LR is then
192 set so that the wrapper/replacement fn returns to a magic IR
193 stub which restores R2 and LR and returns.
195 It's all hugely ugly and fragile. And it places a stringent
196 requirement on m_debuginfo to find out the correct R2 (toc
197 pointer) value for the wrapper/replacement function. So much
198 so that m_redir will refuse to honour a redirect-to-me request
199 if it cannot find (by asking m_debuginfo) a plausible R2 value
202 Because this mechanism maintains a shadow stack of (R2,LR)
203 pairs in the guest state, it will fail if the
204 wrapper/redirection function, or anything it calls, longjumps
205 out past the wrapper, because then the magic return stub will
206 not be run and so the shadow stack will not be popped. So it
207 will quickly fill up. Fortunately none of this applies to
208 {x86,amd64,ppc32}-linux; on those platforms, wrappers can
209 longjump and recurse arbitrarily and everything should work
212 Note that copying the preamble verbatim may cause complications
213 for your instrumenter if you shadow IR temporaries. See big
214 comment in MC_(instrument) in memcheck/mc_translate.c for
217 IRSB
*(*instrument
)(VgCallbackClosure
* closure
,
219 const VexGuestLayout
* layout
,
220 const VexGuestExtents
* vge
,
221 const VexArchInfo
* archinfo_host
,
225 // Finish up, print out any results, etc. `exitcode' is program's exit
226 // code. The shadow can be found with VG_(get_exit_status_shadow)().
230 /* ------------------------------------------------------------------ */
233 /* Default value for avg_translations_sizeB (in bytes), indicating typical
234 code expansion of about 6:1. */
235 #define VG_DEFAULT_TRANS_SIZEB 172
237 /* Information used in the startup message. `name' also determines the
238 string used for identifying suppressions in a suppression file as
239 belonging to this tool. `version' can be NULL, in which case (not
240 surprisingly) no version info is printed; this mechanism is designed for
241 tools distributed with Valgrind that share a version number with
242 Valgrind. Other tools not distributed as part of Valgrind should
243 probably have their own version number. */
244 extern void VG_(details_name
) ( const HChar
* name
);
245 extern void VG_(details_version
) ( const HChar
* version
);
246 extern void VG_(details_description
) ( const HChar
* description
);
247 extern void VG_(details_copyright_author
) ( const HChar
* copyright_author
);
249 /* Average size of a translation, in bytes, so that the translation
250 storage machinery can allocate memory appropriately. Not critical,
251 setting is optional. */
252 extern void VG_(details_avg_translation_sizeB
) ( UInt size
);
254 /* String printed if an `tl_assert' assertion fails or VG_(tool_panic)
255 is called. Should probably be an email address. */
256 extern void VG_(details_bug_reports_to
) ( const HChar
* bug_reports_to
);
258 /* ------------------------------------------------------------------ */
261 /* Should __libc_freeres() be run? Bugs in it can crash the tool. */
262 extern void VG_(needs_libc_freeres
) ( void );
264 /* Should __gnu_cxx::__freeres() be run? Bugs in it can crash the tool. */
265 extern void VG_(needs_cxx_freeres
) ( void );
267 /* Want to have errors detected by Valgrind's core reported? Includes:
268 - pthread API errors (many; eg. unlocking a non-locked mutex)
270 - invalid file descriptors to syscalls like read() and write()
271 - bad signal numbers passed to sigaction()
272 - attempt to install signal handler for SIGKILL or SIGSTOP */
273 extern void VG_(needs_core_errors
) ( void );
275 /* Booleans that indicate extra operations are defined; if these are True,
276 the corresponding template functions (given below) must be defined. A
277 lot like being a member of a type class. */
279 /* Want to report errors from tool? This implies use of suppressions, too. */
280 extern void VG_(needs_tool_errors
) (
281 // Identify if two errors are equal, or close enough. This function is
282 // only called if e1 and e2 will have the same error kind. `res' indicates
283 // how close is "close enough". `res' should be passed on as necessary,
284 // eg. if the Error's `extra' part contains an ExeContext, `res' should be
285 // passed to VG_(eq_ExeContext)() if the ExeContexts are considered. Other
286 // than that, probably don't worry about it unless you have lots of very
287 // similar errors occurring.
288 Bool (*eq_Error
)(VgRes res
, const Error
* e1
, const Error
* e2
),
290 // We give tools a chance to have a look at errors
291 // just before they are printed. That is, before_pp_Error is
292 // called just before pp_Error itself. This gives the tool a
293 // chance to look at the just-about-to-be-printed error, so as to
294 // emit any arbitrary output if wants to, before the error itself
295 // is printed. This functionality was added to allow Helgrind to
296 // print thread-announcement messages immediately before the
297 // errors that refer to them.
298 void (*before_pp_Error
)(const Error
* err
),
300 // Print error context.
301 void (*pp_Error
)(const Error
* err
),
303 // Should the core indicate which ThreadId each error comes from?
304 Bool show_ThreadIDs_for_errors
,
306 // Should fill in any details that could be postponed until after the
307 // decision whether to ignore the error (ie. details not affecting the
308 // result of VG_(tdict).tool_eq_Error()). This saves time when errors
311 // Return value: must be the size of the `extra' part in bytes -- used by
312 // the core to make a copy.
313 UInt (*update_extra
)(const Error
* err
),
315 // Return value indicates recognition. If recognised, must set skind using
316 // VG_(set_supp_kind)().
317 Bool (*recognised_suppression
)(const HChar
* name
, Supp
* su
),
319 // Read any extra info for this suppression kind. Most likely for filling
320 // in the `extra' and `string' parts (with VG_(set_supp_{extra, string})())
321 // of a suppression if necessary. Should return False if a syntax error
322 // occurred, True otherwise.
323 // fd, bufpp, nBufp and lineno are the same as for VG_(get_line).
324 Bool (*read_extra_suppression_info
)(Int fd
, HChar
** bufpp
, SizeT
* nBufp
,
325 Int
* lineno
, Supp
* su
),
327 // This should just check the kinds match and maybe some stuff in the
328 // `string' and `extra' field if appropriate (using VG_(get_supp_*)() to
329 // get the relevant suppression parts).
330 Bool (*error_matches_suppression
)(const Error
* err
, const Supp
* su
),
332 // This should return the suppression name, for --gen-suppressions, or NULL
333 // if that error type cannot be suppressed. This is the inverse of
334 // VG_(tdict).tool_recognised_suppression().
335 const HChar
* (*get_error_name
)(const Error
* err
),
337 // This should print into buf[0..nBuf-1] any extra info for the
338 // error, for --gen-suppressions, but not including any leading
339 // spaces nor a trailing newline. The string needs to be null
340 // terminated. If the buffer is large enough to hold the string
341 // including the terminating null character the function shall
342 // return the value that strlen would return for the string.
343 // If the buffer is too small the function shall return nBuf.
344 SizeT (*print_extra_suppression_info
)(const Error
* err
,
345 /*OUT*/HChar
* buf
, Int nBuf
),
347 // This is similar to print_extra_suppression_info, but is used
348 // to print information such as additional statistical counters
349 // as part of the used suppression list produced by -v.
350 SizeT (*print_extra_suppression_use
)(const Supp
* su
,
351 /*OUT*/HChar
* buf
, Int nBuf
),
353 // Called by error mgr once it has been established that err
354 // is suppressed by su. update_extra_suppression_use typically
355 // can be used to update suppression extra information such as
356 // some statistical counters that will be printed by
357 // print_extra_suppression_use.
358 void (*update_extra_suppression_use
)(const Error
* err
, const Supp
* su
)
361 /* Is information kept by the tool about specific instructions or
362 translations? (Eg. for cachegrind there are cost-centres for every
363 instruction, stored in a per-translation fashion.) If so, the info
364 may have to be discarded when translations are unloaded (eg. due to
365 .so unloading, or otherwise at the discretion of m_transtab, eg
366 when the table becomes too full) to avoid stale information being
367 reused for new translations. */
368 extern void VG_(needs_superblock_discards
) (
369 // Discard any information that pertains to specific translations
370 // or instructions within the address range given. There are two
371 // possible approaches.
372 // - If info is being stored at a per-translation level, use orig_addr
373 // to identify which translation is being discarded. Each translation
374 // will be discarded exactly once.
375 // This orig_addr will match the closure->nraddr which was passed to
376 // to instrument() (see extensive comments above) when this
377 // translation was made. Note that orig_addr won't necessarily be
378 // the same as the first address in "extents".
379 // - If info is being stored at a per-instruction level, you can get
380 // the address range(s) being discarded by stepping through "extents".
381 // Note that any single instruction may belong to more than one
382 // translation, and so could be covered by the "extents" of more than
383 // one call to this function.
384 // Doing it the first way (as eg. Cachegrind does) is probably easier.
385 void (*discard_superblock_info
)(Addr orig_addr
, VexGuestExtents extents
)
388 /* Tool defines its own command line options? */
389 extern void VG_(needs_command_line_options
) (
390 // Return True if option was recognised, False if it wasn't (but also see
391 // below). Presumably sets some state to record the option as well.
393 // Nb: tools can assume that the argv will never disappear. So they can,
394 // for example, store a pointer to a string within an option, rather than
395 // having to make a copy.
397 // Options (and combinations of options) should be checked in this function
398 // if possible rather than in post_clo_init(), and if they are bad then
399 // VG_(fmsg_bad_option)() should be called. This ensures that the
400 // messaging is consistent with command line option errors from the core.
401 Bool (*process_cmd_line_option
)(const HChar
* argv
),
403 // Print out command line usage for options for normal tool operation.
404 void (*print_usage
)(void),
406 // Print out command line usage for options for debugging the tool.
407 void (*print_debug_usage
)(void)
410 /* Tool defines its own client requests? */
411 extern void VG_(needs_client_requests
) (
412 // If using client requests, the number of the first request should be equal
413 // to VG_USERREQ_TOOL_BASE('X', 'Y'), where 'X' and 'Y' form a suitable two
414 // character identification for the string. The second and subsequent
415 // requests should follow.
417 // This function should use the VG_IS_TOOL_USERREQ macro (in
418 // include/valgrind.h) to first check if it's a request for this tool. Then
419 // should handle it if it's recognised (and return True), or return False if
420 // not recognised. arg_block[0] holds the request number, any further args
421 // from the request are in arg_block[1..]. 'ret' is for the return value...
422 // it should probably be filled, if only with 0.
423 Bool (*handle_client_request
)(ThreadId tid
, UWord
* arg_block
, UWord
* ret
)
426 /* Tool does stuff before and/or after system calls? */
427 // Nb: If either of the pre_ functions malloc() something to return, the
428 // corresponding post_ function had better free() it!
429 // Also, the args are the 'original args' -- that is, it may be
430 // that the syscall pre-wrapper will modify the args before the
431 // syscall happens. So these args are the original, un-modified
432 // args. Finally, nArgs merely indicates the length of args[..],
433 // it does not indicate how many of those values are actually
434 // relevant to the syscall. args[0 .. nArgs-1] is guaranteed
435 // to be defined and to contain all the args for this syscall,
436 // possibly including some trailing zeroes.
437 extern void VG_(needs_syscall_wrapper
) (
438 void (* pre_syscall
)(ThreadId tid
, UInt syscallno
,
439 UWord
* args
, UInt nArgs
),
440 void (*post_syscall
)(ThreadId tid
, UInt syscallno
,
441 UWord
* args
, UInt nArgs
, SysRes res
)
444 /* Are tool-state sanity checks performed? */
445 // Can be useful for ensuring a tool's correctness. cheap_sanity_check()
446 // is called very frequently; expensive_sanity_check() is called less
447 // frequently and can be more involved.
448 extern void VG_(needs_sanity_checks
) (
449 Bool(*cheap_sanity_check
)(void),
450 Bool(*expensive_sanity_check
)(void)
453 /* Can the tool produce stats during execution? */
454 extern void VG_(needs_print_stats
) (
455 // Print out tool status. Note that the stats at end of execution
456 // should be output by the VG_(basic_tool_funcs) "fini" function.
457 void (*print_stats
)(void)
460 /* Has the tool a tool specific function to retrieve and print location info
462 extern void VG_(needs_info_location
) (
463 // Get and pp information about Addr
464 void (*info_location
)(DiEpoch
, Addr
)
467 /* Do we need to see variable type and location information? */
468 extern void VG_(needs_var_info
) ( void );
470 /* Does the tool replace malloc() and friends with its own versions?
471 This has to be combined with the use of a vgpreload_<tool>.so module
472 or it won't work. See massif/Makefile.am for how to build it. */
473 // The 'p' prefix avoids GCC complaints about overshadowing global names.
474 extern void VG_(needs_malloc_replacement
)(
475 void* (*pmalloc
) ( ThreadId tid
, SizeT n
),
476 void* (*p__builtin_new
) ( ThreadId tid
, SizeT n
),
477 void* (*p__builtin_vec_new
) ( ThreadId tid
, SizeT n
),
478 void* (*pmemalign
) ( ThreadId tid
, SizeT align
, SizeT n
),
479 void* (*pcalloc
) ( ThreadId tid
, SizeT nmemb
, SizeT size1
),
480 void (*pfree
) ( ThreadId tid
, void* p
),
481 void (*p__builtin_delete
) ( ThreadId tid
, void* p
),
482 void (*p__builtin_vec_delete
) ( ThreadId tid
, void* p
),
483 void* (*prealloc
) ( ThreadId tid
, void* p
, SizeT new_size
),
484 SizeT (*pmalloc_usable_size
) ( ThreadId tid
, void* p
),
485 SizeT client_malloc_redzone_szB
488 /* Can the tool do XML output? This is a slight misnomer, because the tool
489 * is not requesting the core to do anything, rather saying "I can handle
491 extern void VG_(needs_xml_output
) ( void );
493 /* Does the tool want to have one final pass over the IR after tree
494 building but before instruction selection? If so specify the
496 extern void VG_(needs_final_IR_tidy_pass
) ( IRSB
*(*final_tidy
)(IRSB
*) );
499 /* ------------------------------------------------------------------ */
500 /* Core events to track */
502 /* Part of the core from which this call was made. Useful for determining
503 what kind of error message should be emitted. */
505 enum { Vg_CoreStartup
=1, Vg_CoreSignal
, Vg_CoreSysCall
,
506 // This is for platforms where syscall args are passed on the
507 // stack; although pre_mem_read is the callback that will be
508 // called, such an arg should be treated (with respect to
509 // presenting information to the user) as if it was passed in a
510 // register, ie. like pre_reg_read.
511 Vg_CoreSysCallArgInMem
,
512 Vg_CoreTranslate
, Vg_CoreClientReq
515 /* Events happening in core to track. To be notified, pass a callback
516 function to the appropriate function. To ignore an event, don't do
517 anything (the default is for events to be ignored).
519 Note that most events aren't passed a ThreadId. If the event is one called
520 from generated code (eg. new_mem_stack_*), you can use
521 VG_(get_running_tid)() to find it. Otherwise, it has to be passed in,
522 as in pre_mem_read, and so the event signature will require changing.
524 Memory events (Nb: to track heap allocation/freeing, a tool must replace
525 malloc() et al. See above how to do this.)
527 These ones occur at startup, upon some signals, and upon some syscalls.
529 For new_mem_brk and new_mem_stack_signal, the supplied ThreadId
530 indicates the thread for whom the new memory is being allocated.
532 For new_mem_startup and new_mem_mmap, the di_handle argument is a
533 handle which can be used to retrieve debug info associated with the
534 mapping or allocation (because it is of a file that Valgrind has
535 decided to read debug info from). If the value is zero, there is
536 no associated debug info. If the value exceeds zero, it can be
537 supplied as an argument to selected queries in m_debuginfo.
539 void VG_(track_new_mem_startup
) (void(*f
)(Addr a
, SizeT len
,
540 Bool rr
, Bool ww
, Bool xx
,
542 void VG_(track_new_mem_stack_signal
)(void(*f
)(Addr a
, SizeT len
, ThreadId tid
));
543 void VG_(track_new_mem_brk
) (void(*f
)(Addr a
, SizeT len
, ThreadId tid
));
544 void VG_(track_new_mem_mmap
) (void(*f
)(Addr a
, SizeT len
,
545 Bool rr
, Bool ww
, Bool xx
,
548 void VG_(track_copy_mem_remap
) (void(*f
)(Addr from
, Addr to
, SizeT len
));
549 void VG_(track_change_mem_mprotect
) (void(*f
)(Addr a
, SizeT len
,
550 Bool rr
, Bool ww
, Bool xx
));
551 void VG_(track_die_mem_stack_signal
)(void(*f
)(Addr a
, SizeT len
));
552 void VG_(track_die_mem_brk
) (void(*f
)(Addr a
, SizeT len
));
553 void VG_(track_die_mem_munmap
) (void(*f
)(Addr a
, SizeT len
));
555 /* These ones are called when SP changes. A tool could track these itself
556 (except for ban_mem_stack) but it's much easier to use the core's help.
558 The specialised ones are called in preference to the general one, if they
559 are defined. These functions are called a lot if they are used, so
560 specialising can optimise things significantly. If any of the
561 specialised cases are defined, the general case must be defined too.
563 Nb: all the specialised ones must use the VG_REGPARM(n) attribute.
565 For the _new functions, a tool may specify with with-ECU
566 (ExeContext Unique) or without-ECU version for each size, but not
567 both. If the with-ECU version is supplied, then the core will
568 arrange to pass, as the ecu argument, a 32-bit int which uniquely
569 identifies the instruction moving the stack pointer down. This
570 32-bit value is as obtained from VG_(get_ECU_from_ExeContext).
571 VG_(get_ExeContext_from_ECU) can then be used to retrieve the
572 associated depth-1 ExeContext for the location. All this
573 complexity is provided to support origin tracking in Memcheck.
575 void VG_(track_new_mem_stack_4_w_ECU
) (VG_REGPARM(2) void(*f
)(Addr new_ESP
, UInt ecu
));
576 void VG_(track_new_mem_stack_8_w_ECU
) (VG_REGPARM(2) void(*f
)(Addr new_ESP
, UInt ecu
));
577 void VG_(track_new_mem_stack_12_w_ECU
) (VG_REGPARM(2) void(*f
)(Addr new_ESP
, UInt ecu
));
578 void VG_(track_new_mem_stack_16_w_ECU
) (VG_REGPARM(2) void(*f
)(Addr new_ESP
, UInt ecu
));
579 void VG_(track_new_mem_stack_32_w_ECU
) (VG_REGPARM(2) void(*f
)(Addr new_ESP
, UInt ecu
));
580 void VG_(track_new_mem_stack_112_w_ECU
)(VG_REGPARM(2) void(*f
)(Addr new_ESP
, UInt ecu
));
581 void VG_(track_new_mem_stack_128_w_ECU
)(VG_REGPARM(2) void(*f
)(Addr new_ESP
, UInt ecu
));
582 void VG_(track_new_mem_stack_144_w_ECU
)(VG_REGPARM(2) void(*f
)(Addr new_ESP
, UInt ecu
));
583 void VG_(track_new_mem_stack_160_w_ECU
)(VG_REGPARM(2) void(*f
)(Addr new_ESP
, UInt ecu
));
584 void VG_(track_new_mem_stack_w_ECU
) (void(*f
)(Addr a
, SizeT len
,
587 void VG_(track_new_mem_stack_4
) (VG_REGPARM(1) void(*f
)(Addr new_ESP
));
588 void VG_(track_new_mem_stack_8
) (VG_REGPARM(1) void(*f
)(Addr new_ESP
));
589 void VG_(track_new_mem_stack_12
) (VG_REGPARM(1) void(*f
)(Addr new_ESP
));
590 void VG_(track_new_mem_stack_16
) (VG_REGPARM(1) void(*f
)(Addr new_ESP
));
591 void VG_(track_new_mem_stack_32
) (VG_REGPARM(1) void(*f
)(Addr new_ESP
));
592 void VG_(track_new_mem_stack_112
)(VG_REGPARM(1) void(*f
)(Addr new_ESP
));
593 void VG_(track_new_mem_stack_128
)(VG_REGPARM(1) void(*f
)(Addr new_ESP
));
594 void VG_(track_new_mem_stack_144
)(VG_REGPARM(1) void(*f
)(Addr new_ESP
));
595 void VG_(track_new_mem_stack_160
)(VG_REGPARM(1) void(*f
)(Addr new_ESP
));
596 void VG_(track_new_mem_stack
) (void(*f
)(Addr a
, SizeT len
));
598 void VG_(track_die_mem_stack_4
) (VG_REGPARM(1) void(*f
)(Addr die_ESP
));
599 void VG_(track_die_mem_stack_8
) (VG_REGPARM(1) void(*f
)(Addr die_ESP
));
600 void VG_(track_die_mem_stack_12
) (VG_REGPARM(1) void(*f
)(Addr die_ESP
));
601 void VG_(track_die_mem_stack_16
) (VG_REGPARM(1) void(*f
)(Addr die_ESP
));
602 void VG_(track_die_mem_stack_32
) (VG_REGPARM(1) void(*f
)(Addr die_ESP
));
603 void VG_(track_die_mem_stack_112
)(VG_REGPARM(1) void(*f
)(Addr die_ESP
));
604 void VG_(track_die_mem_stack_128
)(VG_REGPARM(1) void(*f
)(Addr die_ESP
));
605 void VG_(track_die_mem_stack_144
)(VG_REGPARM(1) void(*f
)(Addr die_ESP
));
606 void VG_(track_die_mem_stack_160
)(VG_REGPARM(1) void(*f
)(Addr die_ESP
));
607 void VG_(track_die_mem_stack
) (void(*f
)(Addr a
, SizeT len
));
609 /* Used for redzone at end of thread stacks */
610 void VG_(track_ban_mem_stack
) (void(*f
)(Addr a
, SizeT len
));
612 /* These ones occur around syscalls, signal handling, etc */
613 void VG_(track_pre_mem_read
) (void(*f
)(CorePart part
, ThreadId tid
,
614 const HChar
* s
, Addr a
, SizeT size
));
615 void VG_(track_pre_mem_read_asciiz
)(void(*f
)(CorePart part
, ThreadId tid
,
616 const HChar
* s
, Addr a
));
617 void VG_(track_pre_mem_write
) (void(*f
)(CorePart part
, ThreadId tid
,
618 const HChar
* s
, Addr a
, SizeT size
));
619 void VG_(track_post_mem_write
) (void(*f
)(CorePart part
, ThreadId tid
,
620 Addr a
, SizeT size
));
622 /* Register events. Use VG_(set_shadow_state_area)() to set the shadow regs
624 void VG_(track_pre_reg_read
) (void(*f
)(CorePart part
, ThreadId tid
,
625 const HChar
* s
, PtrdiffT guest_state_offset
,
627 void VG_(track_post_reg_write
)(void(*f
)(CorePart part
, ThreadId tid
,
628 PtrdiffT guest_state_offset
,
631 /* This one is called for malloc() et al if they are replaced by a tool. */
632 void VG_(track_post_reg_write_clientcall_return
)(
633 void(*f
)(ThreadId tid
, PtrdiffT guest_state_offset
, SizeT size
, Addr f
));
635 /* Mem-to-reg or reg-to-mem copy functions, these ones occur around syscalls
636 and signal handling when the VCPU state is saved to (or restored from) the
638 void VG_(track_copy_mem_to_reg
)(void(*f
)(CorePart part
, ThreadId tid
,
639 Addr a
, PtrdiffT guest_state_offset
,
641 void VG_(track_copy_reg_to_mem
)(void(*f
)(CorePart part
, ThreadId tid
,
642 PtrdiffT guest_state_offset
,
643 Addr a
, SizeT size
));
646 /* Scheduler events (not exhaustive) */
648 /* Called when 'tid' starts or stops running client code blocks.
649 Gives the total dispatched block count at that event. Note, this
650 is not the same as 'tid' holding the BigLock (the lock that ensures
651 that only one thread runs at a time): a thread can hold the lock
652 for other purposes (making translations, etc) yet not be running
653 client blocks. Obviously though, a thread must hold the lock in
654 order to run client code blocks, so the times bracketed by
655 'start_client_code'..'stop_client_code' are a subset of the times
656 when thread 'tid' holds the cpu lock.
658 void VG_(track_start_client_code
)(
659 void(*f
)(ThreadId tid
, ULong blocks_dispatched
)
661 void VG_(track_stop_client_code
)(
662 void(*f
)(ThreadId tid
, ULong blocks_dispatched
)
666 /* Thread events (not exhaustive)
668 ll_create: low level thread creation. Called before the new thread
669 has run any instructions (or touched any memory). In fact, called
670 immediately before the new thread has come into existence; the new
671 thread can be assumed to exist when notified by this call.
673 ll_exit: low level thread exit. Called after the exiting thread
674 has run its last instruction.
676 The _ll_ part makes it clear these events are not to do with
677 pthread_create or pthread_exit/pthread_join (etc), which are a
678 higher level abstraction synthesised by libpthread. What you can
679 be sure of from _ll_create/_ll_exit is the absolute limits of each
680 thread's lifetime, and hence be assured that all memory references
681 made by the thread fall inside the _ll_create/_ll_exit pair. This
682 is important for tools that need a 100% accurate account of which
683 thread is responsible for every memory reference in the process.
685 pthread_create/join/exit do not give this property. Calls/returns
686 to/from them happen arbitrarily far away from the relevant
687 low-level thread create/quit event. In general a few hundred
688 instructions; hence a few hundred(ish) memory references could get
689 misclassified each time.
691 pre_thread_first_insn: is called when the thread is all set up and
692 ready to go (stack in place, etc) but has not executed its first
693 instruction yet. Gives threading tools a chance to ask questions
694 about the thread (eg, what is its initial client stack pointer)
695 that are not easily answered at pre_thread_ll_create time.
697 For a given thread, the call sequence is:
698 ll_create (in the parent's context)
699 first_insn (in the child's context)
700 ll_exit (in the child's context)
702 void VG_(track_pre_thread_ll_create
) (void(*f
)(ThreadId tid
, ThreadId child
));
703 void VG_(track_pre_thread_first_insn
)(void(*f
)(ThreadId tid
));
704 void VG_(track_pre_thread_ll_exit
) (void(*f
)(ThreadId tid
));
707 /* Signal events (not exhaustive)
709 ... pre_send_signal, post_send_signal ...
711 Called before a signal is delivered; `alt_stack' indicates if it is
712 delivered on an alternative stack. */
713 void VG_(track_pre_deliver_signal
) (void(*f
)(ThreadId tid
, Int sigNo
,
715 /* Called after a signal is delivered. Nb: unfortunately, if the signal
716 handler longjmps, this won't be called. */
717 void VG_(track_post_deliver_signal
)(void(*f
)(ThreadId tid
, Int sigNo
));
719 #endif // __PUB_TOOL_TOOLIFACE_H
721 /*--------------------------------------------------------------------*/
723 /*--------------------------------------------------------------------*/