Home | History | Annotate | Download | only in lackey
      1 
      2 /*--------------------------------------------------------------------*/
      3 /*--- An example Valgrind tool.                          lk_main.c ---*/
      4 /*--------------------------------------------------------------------*/
      5 
      6 /*
      7    This file is part of Lackey, an example Valgrind tool that does
      8    some simple program measurement and tracing.
      9 
     10    Copyright (C) 2002-2015 Nicholas Nethercote
     11       njn (at) valgrind.org
     12 
     13    This program is free software; you can redistribute it and/or
     14    modify it under the terms of the GNU General Public License as
     15    published by the Free Software Foundation; either version 2 of the
     16    License, or (at your option) any later version.
     17 
     18    This program is distributed in the hope that it will be useful, but
     19    WITHOUT ANY WARRANTY; without even the implied warranty of
     20    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     21    General Public License for more details.
     22 
     23    You should have received a copy of the GNU General Public License
     24    along with this program; if not, write to the Free Software
     25    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
     26    02111-1307, USA.
     27 
     28    The GNU General Public License is contained in the file COPYING.
     29 */
     30 
     31 // This tool shows how to do some basic instrumentation.
     32 //
     33 // There are four kinds of instrumentation it can do.  They can be turned
     34 // on/off independently with command line options:
     35 //
     36 // * --basic-counts   : do basic counts, eg. number of instructions
     37 //                      executed, jumps executed, etc.
     38 // * --detailed-counts: do more detailed counts:  number of loads, stores
     39 //                      and ALU operations of different sizes.
     40 // * --trace-mem=yes:   trace all (data) memory accesses.
     41 // * --trace-superblocks=yes:
     42 //                      trace all superblock entries.  Mostly of interest
     43 //                      to the Valgrind developers.
     44 //
     45 // The code for each kind of instrumentation is guarded by a clo_* variable:
     46 // clo_basic_counts, clo_detailed_counts, clo_trace_mem and clo_trace_sbs.
     47 //
     48 // If you want to modify any of the instrumentation code, look for the code
     49 // that is guarded by the relevant clo_* variable (eg. clo_trace_mem)
     50 // If you're not interested in the other kinds of instrumentation you can
     51 // remove them.  If you want to do more complex modifications, please read
     52 // VEX/pub/libvex_ir.h to understand the intermediate representation.
     53 //
     54 //
     55 // Specific Details about --trace-mem=yes
     56 // --------------------------------------
     57 // Lackey's --trace-mem code is a good starting point for building Valgrind
     58 // tools that act on memory loads and stores.  It also could be used as is,
     59 // with its output used as input to a post-mortem processing step.  However,
     60 // because memory traces can be very large, online analysis is generally
     61 // better.
     62 //
     63 // It prints memory data access traces that look like this:
     64 //
     65 //   I  0023C790,2  # instruction read at 0x0023C790 of size 2
     66 //   I  0023C792,5
     67 //    S BE80199C,4  # data store at 0xBE80199C of size 4
     68 //   I  0025242B,3
     69 //    L BE801950,4  # data load at 0xBE801950 of size 4
     70 //   I  0023D476,7
     71 //    M 0025747C,1  # data modify at 0x0025747C of size 1
     72 //   I  0023DC20,2
     73 //    L 00254962,1
     74 //    L BE801FB3,1
     75 //   I  00252305,1
     76 //    L 00254AEB,1
     77 //    S 00257998,1
     78 //
     79 // Every instruction executed has an "instr" event representing it.
     80 // Instructions that do memory accesses are followed by one or more "load",
     81 // "store" or "modify" events.  Some instructions do more than one load or
     82 // store, as in the last two examples in the above trace.
     83 //
     84 // Here are some examples of x86 instructions that do different combinations
     85 // of loads, stores, and modifies.
     86 //
     87 //    Instruction          Memory accesses                  Event sequence
     88 //    -----------          ---------------                  --------------
     89 //    add %eax, %ebx       No loads or stores               instr
     90 //
     91 //    movl (%eax), %ebx    loads (%eax)                     instr, load
     92 //
     93 //    movl %eax, (%ebx)    stores (%ebx)                    instr, store
     94 //
     95 //    incl (%ecx)          modifies (%ecx)                  instr, modify
     96 //
     97 //    cmpsb                loads (%esi), loads(%edi)        instr, load, load
     98 //
     99 //    call*l (%edx)        loads (%edx), stores -4(%esp)    instr, load, store
    100 //    pushl (%edx)         loads (%edx), stores -4(%esp)    instr, load, store
    101 //    movsw                loads (%esi), stores (%edi)      instr, load, store
    102 //
    103 // Instructions using x86 "rep" prefixes are traced as if they are repeated
    104 // N times.
    105 //
    106 // Lackey with --trace-mem gives good traces, but they are not perfect, for
    107 // the following reasons:
    108 //
    109 // - It does not trace into the OS kernel, so system calls and other kernel
    110 //   operations (eg. some scheduling and signal handling code) are ignored.
    111 //
    112 // - It could model loads and stores done at the system call boundary using
    113 //   the pre_mem_read/post_mem_write events.  For example, if you call
    114 //   fstat() you know that the passed in buffer has been written.  But it
    115 //   currently does not do this.
    116 //
    117 // - Valgrind replaces some code (not much) with its own, notably parts of
    118 //   code for scheduling operations and signal handling.  This code is not
    119 //   traced.
    120 //
    121 // - There is no consideration of virtual-to-physical address mapping.
    122 //   This may not matter for many purposes.
    123 //
    124 // - Valgrind modifies the instruction stream in some very minor ways.  For
    125 //   example, on x86 the bts, btc, btr instructions are incorrectly
    126 //   considered to always touch memory (this is a consequence of these
    127 //   instructions being very difficult to simulate).
    128 //
    129 // - Valgrind tools layout memory differently to normal programs, so the
    130 //   addresses you get will not be typical.  Thus Lackey (and all Valgrind
    131 //   tools) is suitable for getting relative memory traces -- eg. if you
    132 //   want to analyse locality of memory accesses -- but is not good if
    133 //   absolute addresses are important.
    134 //
    135 // Despite all these warnings, Lackey's results should be good enough for a
    136 // wide range of purposes.  For example, Cachegrind shares all the above
    137 // shortcomings and it is still useful.
    138 //
    139 // For further inspiration, you should look at cachegrind/cg_main.c which
    140 // uses the same basic technique for tracing memory accesses, but also groups
    141 // events together for processing into twos and threes so that fewer C calls
    142 // are made and things run faster.
    143 //
    144 // Specific Details about --trace-superblocks=yes
    145 // ----------------------------------------------
    146 // Valgrind splits code up into single entry, multiple exit blocks
    147 // known as superblocks.  By itself, --trace-superblocks=yes just
    148 // prints a message as each superblock is run:
    149 //
    150 //  SB 04013170
    151 //  SB 04013177
    152 //  SB 04013173
    153 //  SB 04013177
    154 //
    155 // The hex number is the address of the first instruction in the
    156 // superblock.  You can see the relationship more obviously if you use
    157 // --trace-superblocks=yes and --trace-mem=yes together.  Then a "SB"
    158 // message at address X is immediately followed by an "instr:" message
    159 // for that address, as the first instruction in the block is
    160 // executed, for example:
    161 //
    162 //  SB 04014073
    163 //  I  04014073,3
    164 //   L 7FEFFF7F8,8
    165 //  I  04014076,4
    166 //  I  0401407A,3
    167 //  I  0401407D,3
    168 //  I  04014080,3
    169 //  I  04014083,6
    170 
    171 
    172 #include "pub_tool_basics.h"
    173 #include "pub_tool_tooliface.h"
    174 #include "pub_tool_libcassert.h"
    175 #include "pub_tool_libcprint.h"
    176 #include "pub_tool_debuginfo.h"
    177 #include "pub_tool_libcbase.h"
    178 #include "pub_tool_options.h"
    179 #include "pub_tool_machine.h"     // VG_(fnptr_to_fnentry)
    180 
    181 /*------------------------------------------------------------*/
    182 /*--- Command line options                                 ---*/
    183 /*------------------------------------------------------------*/
    184 
    185 /* Command line options controlling instrumentation kinds, as described at
    186  * the top of this file. */
    187 static Bool clo_basic_counts    = True;
    188 static Bool clo_detailed_counts = False;
    189 static Bool clo_trace_mem       = False;
    190 static Bool clo_trace_sbs       = False;
    191 
    192 /* The name of the function of which the number of calls (under
    193  * --basic-counts=yes) is to be counted, with default. Override with command
    194  * line option --fnname. */
    195 static const HChar* clo_fnname = "main";
    196 
    197 static Bool lk_process_cmd_line_option(const HChar* arg)
    198 {
    199    if VG_STR_CLO(arg, "--fnname", clo_fnname) {}
    200    else if VG_BOOL_CLO(arg, "--basic-counts",      clo_basic_counts) {}
    201    else if VG_BOOL_CLO(arg, "--detailed-counts",   clo_detailed_counts) {}
    202    else if VG_BOOL_CLO(arg, "--trace-mem",         clo_trace_mem) {}
    203    else if VG_BOOL_CLO(arg, "--trace-superblocks", clo_trace_sbs) {}
    204    else
    205       return False;
    206 
    207    tl_assert(clo_fnname);
    208    tl_assert(clo_fnname[0]);
    209    return True;
    210 }
    211 
    212 static void lk_print_usage(void)
    213 {
    214    VG_(printf)(
    215 "    --basic-counts=no|yes     count instructions, jumps, etc. [yes]\n"
    216 "    --detailed-counts=no|yes  count loads, stores and alu ops [no]\n"
    217 "    --trace-mem=no|yes        trace all loads and stores [no]\n"
    218 "    --trace-superblocks=no|yes  trace all superblock entries [no]\n"
    219 "    --fnname=<name>           count calls to <name> (only used if\n"
    220 "                              --basic-count=yes)  [main]\n"
    221    );
    222 }
    223 
    224 static void lk_print_debug_usage(void)
    225 {
    226    VG_(printf)(
    227 "    (none)\n"
    228    );
    229 }
    230 
    231 /*------------------------------------------------------------*/
    232 /*--- Stuff for --basic-counts                             ---*/
    233 /*------------------------------------------------------------*/
    234 
    235 /* Nb: use ULongs because the numbers can get very big */
    236 static ULong n_func_calls    = 0;
    237 static ULong n_SBs_entered   = 0;
    238 static ULong n_SBs_completed = 0;
    239 static ULong n_IRStmts       = 0;
    240 static ULong n_guest_instrs  = 0;
    241 static ULong n_Jccs          = 0;
    242 static ULong n_Jccs_untaken  = 0;
    243 static ULong n_IJccs         = 0;
    244 static ULong n_IJccs_untaken = 0;
    245 
    246 static void add_one_func_call(void)
    247 {
    248    n_func_calls++;
    249 }
    250 
    251 static void add_one_SB_entered(void)
    252 {
    253    n_SBs_entered++;
    254 }
    255 
    256 static void add_one_SB_completed(void)
    257 {
    258    n_SBs_completed++;
    259 }
    260 
    261 static void add_one_IRStmt(void)
    262 {
    263    n_IRStmts++;
    264 }
    265 
    266 static void add_one_guest_instr(void)
    267 {
    268    n_guest_instrs++;
    269 }
    270 
    271 static void add_one_Jcc(void)
    272 {
    273    n_Jccs++;
    274 }
    275 
    276 static void add_one_Jcc_untaken(void)
    277 {
    278    n_Jccs_untaken++;
    279 }
    280 
    281 static void add_one_inverted_Jcc(void)
    282 {
    283    n_IJccs++;
    284 }
    285 
    286 static void add_one_inverted_Jcc_untaken(void)
    287 {
    288    n_IJccs_untaken++;
    289 }
    290 
    291 /*------------------------------------------------------------*/
    292 /*--- Stuff for --detailed-counts                          ---*/
    293 /*------------------------------------------------------------*/
    294 
    295 typedef
    296    IRExpr
    297    IRAtom;
    298 
    299 /* --- Operations --- */
    300 
    301 typedef enum { OpLoad=0, OpStore=1, OpAlu=2 } Op;
    302 
    303 #define N_OPS 3
    304 
    305 
    306 /* --- Types --- */
    307 
    308 #define N_TYPES 14
    309 
    310 static Int type2index ( IRType ty )
    311 {
    312    switch (ty) {
    313       case Ity_I1:      return 0;
    314       case Ity_I8:      return 1;
    315       case Ity_I16:     return 2;
    316       case Ity_I32:     return 3;
    317       case Ity_I64:     return 4;
    318       case Ity_I128:    return 5;
    319       case Ity_F32:     return 6;
    320       case Ity_F64:     return 7;
    321       case Ity_F128:    return 8;
    322       case Ity_V128:    return 9;
    323       case Ity_V256:    return 10;
    324       case Ity_D32:     return 11;
    325       case Ity_D64:     return 12;
    326       case Ity_D128:    return 13;
    327       default: tl_assert(0);
    328    }
    329 }
    330 
    331 static const HChar* nameOfTypeIndex ( Int i )
    332 {
    333    switch (i) {
    334       case 0: return "I1";   break;
    335       case 1: return "I8";   break;
    336       case 2: return "I16";  break;
    337       case 3: return "I32";  break;
    338       case 4: return "I64";  break;
    339       case 5: return "I128"; break;
    340       case 6: return "F32";  break;
    341       case 7: return "F64";  break;
    342       case 8: return "F128";  break;
    343       case 9: return "V128";  break;
    344       case 10: return "V256"; break;
    345       case 11: return "D32";  break;
    346       case 12: return "D64";  break;
    347       case 13: return "D128"; break;
    348       default: tl_assert(0);
    349    }
    350 }
    351 
    352 
    353 /* --- Counts --- */
    354 
    355 static ULong detailCounts[N_OPS][N_TYPES];
    356 
    357 /* The helper that is called from the instrumented code. */
    358 static VG_REGPARM(1)
    359 void increment_detail(ULong* detail)
    360 {
    361    (*detail)++;
    362 }
    363 
    364 /* A helper that adds the instrumentation for a detail.  guard ::
    365    Ity_I1 is the guarding condition for the event.  If NULL it is
    366    assumed to mean "always True". */
    367 static void instrument_detail(IRSB* sb, Op op, IRType type, IRAtom* guard)
    368 {
    369    IRDirty* di;
    370    IRExpr** argv;
    371    const UInt typeIx = type2index(type);
    372 
    373    tl_assert(op < N_OPS);
    374    tl_assert(typeIx < N_TYPES);
    375 
    376    argv = mkIRExprVec_1( mkIRExpr_HWord( (HWord)&detailCounts[op][typeIx] ) );
    377    di = unsafeIRDirty_0_N( 1, "increment_detail",
    378                               VG_(fnptr_to_fnentry)( &increment_detail ),
    379                               argv);
    380    if (guard) di->guard = guard;
    381    addStmtToIRSB( sb, IRStmt_Dirty(di) );
    382 }
    383 
    384 /* Summarize and print the details. */
    385 static void print_details ( void )
    386 {
    387    Int typeIx;
    388    VG_(umsg)("   Type        Loads       Stores       AluOps\n");
    389    VG_(umsg)("   -------------------------------------------\n");
    390    for (typeIx = 0; typeIx < N_TYPES; typeIx++) {
    391       VG_(umsg)("   %-4s %'12llu %'12llu %'12llu\n",
    392                 nameOfTypeIndex( typeIx ),
    393                 detailCounts[OpLoad ][typeIx],
    394                 detailCounts[OpStore][typeIx],
    395                 detailCounts[OpAlu  ][typeIx]
    396       );
    397    }
    398 }
    399 
    400 
    401 /*------------------------------------------------------------*/
    402 /*--- Stuff for --trace-mem                                ---*/
    403 /*------------------------------------------------------------*/
    404 
    405 #define MAX_DSIZE    512
    406 
    407 typedef
    408    enum { Event_Ir, Event_Dr, Event_Dw, Event_Dm }
    409    EventKind;
    410 
    411 typedef
    412    struct {
    413       EventKind  ekind;
    414       IRAtom*    addr;
    415       Int        size;
    416       IRAtom*    guard; /* :: Ity_I1, or NULL=="always True" */
    417    }
    418    Event;
    419 
    420 /* Up to this many unnotified events are allowed.  Must be at least two,
    421    so that reads and writes to the same address can be merged into a modify.
    422    Beyond that, larger numbers just potentially induce more spilling due to
    423    extending live ranges of address temporaries. */
    424 #define N_EVENTS 4
    425 
    426 /* Maintain an ordered list of memory events which are outstanding, in
    427    the sense that no IR has yet been generated to do the relevant
    428    helper calls.  The SB is scanned top to bottom and memory events
    429    are added to the end of the list, merging with the most recent
    430    notified event where possible (Dw immediately following Dr and
    431    having the same size and EA can be merged).
    432 
    433    This merging is done so that for architectures which have
    434    load-op-store instructions (x86, amd64), the instr is treated as if
    435    it makes just one memory reference (a modify), rather than two (a
    436    read followed by a write at the same address).
    437 
    438    At various points the list will need to be flushed, that is, IR
    439    generated from it.  That must happen before any possible exit from
    440    the block (the end, or an IRStmt_Exit).  Flushing also takes place
    441    when there is no space to add a new event, and before entering a
    442    RMW (read-modify-write) section on processors supporting LL/SC.
    443 
    444    If we require the simulation statistics to be up to date with
    445    respect to possible memory exceptions, then the list would have to
    446    be flushed before each memory reference.  That's a pain so we don't
    447    bother.
    448 
    449    Flushing the list consists of walking it start to end and emitting
    450    instrumentation IR for each event, in the order in which they
    451    appear. */
    452 
    453 static Event events[N_EVENTS];
    454 static Int   events_used = 0;
    455 
    456 
    457 static VG_REGPARM(2) void trace_instr(Addr addr, SizeT size)
    458 {
    459    VG_(printf)("I  %08lx,%lu\n", addr, size);
    460 }
    461 
    462 static VG_REGPARM(2) void trace_load(Addr addr, SizeT size)
    463 {
    464    VG_(printf)(" L %08lx,%lu\n", addr, size);
    465 }
    466 
    467 static VG_REGPARM(2) void trace_store(Addr addr, SizeT size)
    468 {
    469    VG_(printf)(" S %08lx,%lu\n", addr, size);
    470 }
    471 
    472 static VG_REGPARM(2) void trace_modify(Addr addr, SizeT size)
    473 {
    474    VG_(printf)(" M %08lx,%lu\n", addr, size);
    475 }
    476 
    477 
    478 static void flushEvents(IRSB* sb)
    479 {
    480    Int        i;
    481    const HChar* helperName;
    482    void*      helperAddr;
    483    IRExpr**   argv;
    484    IRDirty*   di;
    485    Event*     ev;
    486 
    487    for (i = 0; i < events_used; i++) {
    488 
    489       ev = &events[i];
    490 
    491       // Decide on helper fn to call and args to pass it.
    492       switch (ev->ekind) {
    493          case Event_Ir: helperName = "trace_instr";
    494                         helperAddr =  trace_instr;  break;
    495 
    496          case Event_Dr: helperName = "trace_load";
    497                         helperAddr =  trace_load;   break;
    498 
    499          case Event_Dw: helperName = "trace_store";
    500                         helperAddr =  trace_store;  break;
    501 
    502          case Event_Dm: helperName = "trace_modify";
    503                         helperAddr =  trace_modify; break;
    504          default:
    505             tl_assert(0);
    506       }
    507 
    508       // Add the helper.
    509       argv = mkIRExprVec_2( ev->addr, mkIRExpr_HWord( ev->size ) );
    510       di   = unsafeIRDirty_0_N( /*regparms*/2,
    511                                 helperName, VG_(fnptr_to_fnentry)( helperAddr ),
    512                                 argv );
    513       if (ev->guard) {
    514          di->guard = ev->guard;
    515       }
    516       addStmtToIRSB( sb, IRStmt_Dirty(di) );
    517    }
    518 
    519    events_used = 0;
    520 }
    521 
    522 // WARNING:  If you aren't interested in instruction reads, you can omit the
    523 // code that adds calls to trace_instr() in flushEvents().  However, you
    524 // must still call this function, addEvent_Ir() -- it is necessary to add
    525 // the Ir events to the events list so that merging of paired load/store
    526 // events into modify events works correctly.
    527 static void addEvent_Ir ( IRSB* sb, IRAtom* iaddr, UInt isize )
    528 {
    529    Event* evt;
    530    tl_assert(clo_trace_mem);
    531    tl_assert( (VG_MIN_INSTR_SZB <= isize && isize <= VG_MAX_INSTR_SZB)
    532             || VG_CLREQ_SZB == isize );
    533    if (events_used == N_EVENTS)
    534       flushEvents(sb);
    535    tl_assert(events_used >= 0 && events_used < N_EVENTS);
    536    evt = &events[events_used];
    537    evt->ekind = Event_Ir;
    538    evt->addr  = iaddr;
    539    evt->size  = isize;
    540    evt->guard = NULL;
    541    events_used++;
    542 }
    543 
    544 /* Add a guarded read event. */
    545 static
    546 void addEvent_Dr_guarded ( IRSB* sb, IRAtom* daddr, Int dsize, IRAtom* guard )
    547 {
    548    Event* evt;
    549    tl_assert(clo_trace_mem);
    550    tl_assert(isIRAtom(daddr));
    551    tl_assert(dsize >= 1 && dsize <= MAX_DSIZE);
    552    if (events_used == N_EVENTS)
    553       flushEvents(sb);
    554    tl_assert(events_used >= 0 && events_used < N_EVENTS);
    555    evt = &events[events_used];
    556    evt->ekind = Event_Dr;
    557    evt->addr  = daddr;
    558    evt->size  = dsize;
    559    evt->guard = guard;
    560    events_used++;
    561 }
    562 
    563 /* Add an ordinary read event, by adding a guarded read event with an
    564    always-true guard. */
    565 static
    566 void addEvent_Dr ( IRSB* sb, IRAtom* daddr, Int dsize )
    567 {
    568    addEvent_Dr_guarded(sb, daddr, dsize, NULL);
    569 }
    570 
    571 /* Add a guarded write event. */
    572 static
    573 void addEvent_Dw_guarded ( IRSB* sb, IRAtom* daddr, Int dsize, IRAtom* guard )
    574 {
    575    Event* evt;
    576    tl_assert(clo_trace_mem);
    577    tl_assert(isIRAtom(daddr));
    578    tl_assert(dsize >= 1 && dsize <= MAX_DSIZE);
    579    if (events_used == N_EVENTS)
    580       flushEvents(sb);
    581    tl_assert(events_used >= 0 && events_used < N_EVENTS);
    582    evt = &events[events_used];
    583    evt->ekind = Event_Dw;
    584    evt->addr  = daddr;
    585    evt->size  = dsize;
    586    evt->guard = guard;
    587    events_used++;
    588 }
    589 
    590 /* Add an ordinary write event.  Try to merge it with an immediately
    591    preceding ordinary read event of the same size to the same
    592    address. */
    593 static
    594 void addEvent_Dw ( IRSB* sb, IRAtom* daddr, Int dsize )
    595 {
    596    Event* lastEvt;
    597    Event* evt;
    598    tl_assert(clo_trace_mem);
    599    tl_assert(isIRAtom(daddr));
    600    tl_assert(dsize >= 1 && dsize <= MAX_DSIZE);
    601 
    602    // Is it possible to merge this write with the preceding read?
    603    lastEvt = &events[events_used-1];
    604    if (events_used > 0
    605        && lastEvt->ekind == Event_Dr
    606        && lastEvt->size  == dsize
    607        && lastEvt->guard == NULL
    608        && eqIRAtom(lastEvt->addr, daddr))
    609    {
    610       lastEvt->ekind = Event_Dm;
    611       return;
    612    }
    613 
    614    // No.  Add as normal.
    615    if (events_used == N_EVENTS)
    616       flushEvents(sb);
    617    tl_assert(events_used >= 0 && events_used < N_EVENTS);
    618    evt = &events[events_used];
    619    evt->ekind = Event_Dw;
    620    evt->size  = dsize;
    621    evt->addr  = daddr;
    622    evt->guard = NULL;
    623    events_used++;
    624 }
    625 
    626 
    627 /*------------------------------------------------------------*/
    628 /*--- Stuff for --trace-superblocks                        ---*/
    629 /*------------------------------------------------------------*/
    630 
    631 static void trace_superblock(Addr addr)
    632 {
    633    VG_(printf)("SB %08lx\n", addr);
    634 }
    635 
    636 
    637 /*------------------------------------------------------------*/
    638 /*--- Basic tool functions                                 ---*/
    639 /*------------------------------------------------------------*/
    640 
    641 static void lk_post_clo_init(void)
    642 {
    643    Int op, tyIx;
    644 
    645    if (clo_detailed_counts) {
    646       for (op = 0; op < N_OPS; op++)
    647          for (tyIx = 0; tyIx < N_TYPES; tyIx++)
    648             detailCounts[op][tyIx] = 0;
    649    }
    650 }
    651 
    652 static
    653 IRSB* lk_instrument ( VgCallbackClosure* closure,
    654                       IRSB* sbIn,
    655                       const VexGuestLayout* layout,
    656                       const VexGuestExtents* vge,
    657                       const VexArchInfo* archinfo_host,
    658                       IRType gWordTy, IRType hWordTy )
    659 {
    660    IRDirty*   di;
    661    Int        i;
    662    IRSB*      sbOut;
    663    IRTypeEnv* tyenv = sbIn->tyenv;
    664    Addr       iaddr = 0, dst;
    665    UInt       ilen = 0;
    666    Bool       condition_inverted = False;
    667 
    668    if (gWordTy != hWordTy) {
    669       /* We don't currently support this case. */
    670       VG_(tool_panic)("host/guest word size mismatch");
    671    }
    672 
    673    /* Set up SB */
    674    sbOut = deepCopyIRSBExceptStmts(sbIn);
    675 
    676    // Copy verbatim any IR preamble preceding the first IMark
    677    i = 0;
    678    while (i < sbIn->stmts_used && sbIn->stmts[i]->tag != Ist_IMark) {
    679       addStmtToIRSB( sbOut, sbIn->stmts[i] );
    680       i++;
    681    }
    682 
    683    if (clo_basic_counts) {
    684       /* Count this superblock. */
    685       di = unsafeIRDirty_0_N( 0, "add_one_SB_entered",
    686                                  VG_(fnptr_to_fnentry)( &add_one_SB_entered ),
    687                                  mkIRExprVec_0() );
    688       addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
    689    }
    690 
    691    if (clo_trace_sbs) {
    692       /* Print this superblock's address. */
    693       di = unsafeIRDirty_0_N(
    694               0, "trace_superblock",
    695               VG_(fnptr_to_fnentry)( &trace_superblock ),
    696               mkIRExprVec_1( mkIRExpr_HWord( vge->base[0] ) )
    697            );
    698       addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
    699    }
    700 
    701    if (clo_trace_mem) {
    702       events_used = 0;
    703    }
    704 
    705    for (/*use current i*/; i < sbIn->stmts_used; i++) {
    706       IRStmt* st = sbIn->stmts[i];
    707       if (!st || st->tag == Ist_NoOp) continue;
    708 
    709       if (clo_basic_counts) {
    710          /* Count one VEX statement. */
    711          di = unsafeIRDirty_0_N( 0, "add_one_IRStmt",
    712                                     VG_(fnptr_to_fnentry)( &add_one_IRStmt ),
    713                                     mkIRExprVec_0() );
    714          addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
    715       }
    716 
    717       switch (st->tag) {
    718          case Ist_NoOp:
    719          case Ist_AbiHint:
    720          case Ist_Put:
    721          case Ist_PutI:
    722          case Ist_MBE:
    723             addStmtToIRSB( sbOut, st );
    724             break;
    725 
    726          case Ist_IMark:
    727             if (clo_basic_counts) {
    728                /* Needed to be able to check for inverted condition in Ist_Exit */
    729                iaddr = st->Ist.IMark.addr;
    730                ilen  = st->Ist.IMark.len;
    731 
    732                /* Count guest instruction. */
    733                di = unsafeIRDirty_0_N( 0, "add_one_guest_instr",
    734                                           VG_(fnptr_to_fnentry)( &add_one_guest_instr ),
    735                                           mkIRExprVec_0() );
    736                addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
    737 
    738                /* An unconditional branch to a known destination in the
    739                 * guest's instructions can be represented, in the IRSB to
    740                 * instrument, by the VEX statements that are the
    741                 * translation of that known destination. This feature is
    742                 * called 'SB chasing' and can be influenced by command
    743                 * line option --vex-guest-chase-thresh.
    744                 *
    745                 * To get an accurate count of the calls to a specific
    746                 * function, taking SB chasing into account, we need to
    747                 * check for each guest instruction (Ist_IMark) if it is
    748                 * the entry point of a function.
    749                 */
    750                tl_assert(clo_fnname);
    751                tl_assert(clo_fnname[0]);
    752                const HChar *fnname;
    753                if (VG_(get_fnname_if_entry)(st->Ist.IMark.addr,
    754                                             &fnname)
    755                    && 0 == VG_(strcmp)(fnname, clo_fnname)) {
    756                   di = unsafeIRDirty_0_N(
    757                           0, "add_one_func_call",
    758                              VG_(fnptr_to_fnentry)( &add_one_func_call ),
    759                              mkIRExprVec_0() );
    760                   addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
    761                }
    762             }
    763             if (clo_trace_mem) {
    764                // WARNING: do not remove this function call, even if you
    765                // aren't interested in instruction reads.  See the comment
    766                // above the function itself for more detail.
    767                addEvent_Ir( sbOut, mkIRExpr_HWord( (HWord)st->Ist.IMark.addr ),
    768                             st->Ist.IMark.len );
    769             }
    770             addStmtToIRSB( sbOut, st );
    771             break;
    772 
    773          case Ist_WrTmp:
    774             // Add a call to trace_load() if --trace-mem=yes.
    775             if (clo_trace_mem) {
    776                IRExpr* data = st->Ist.WrTmp.data;
    777                if (data->tag == Iex_Load) {
    778                   addEvent_Dr( sbOut, data->Iex.Load.addr,
    779                                sizeofIRType(data->Iex.Load.ty) );
    780                }
    781             }
    782             if (clo_detailed_counts) {
    783                IRExpr* expr = st->Ist.WrTmp.data;
    784                IRType  type = typeOfIRExpr(sbOut->tyenv, expr);
    785                tl_assert(type != Ity_INVALID);
    786                switch (expr->tag) {
    787                   case Iex_Load:
    788                     instrument_detail( sbOut, OpLoad, type, NULL/*guard*/ );
    789                      break;
    790                   case Iex_Unop:
    791                   case Iex_Binop:
    792                   case Iex_Triop:
    793                   case Iex_Qop:
    794                   case Iex_ITE:
    795                      instrument_detail( sbOut, OpAlu, type, NULL/*guard*/ );
    796                      break;
    797                   default:
    798                      break;
    799                }
    800             }
    801             addStmtToIRSB( sbOut, st );
    802             break;
    803 
    804          case Ist_Store: {
    805             IRExpr* data = st->Ist.Store.data;
    806             IRType  type = typeOfIRExpr(tyenv, data);
    807             tl_assert(type != Ity_INVALID);
    808             if (clo_trace_mem) {
    809                addEvent_Dw( sbOut, st->Ist.Store.addr,
    810                             sizeofIRType(type) );
    811             }
    812             if (clo_detailed_counts) {
    813                instrument_detail( sbOut, OpStore, type, NULL/*guard*/ );
    814             }
    815             addStmtToIRSB( sbOut, st );
    816             break;
    817          }
    818 
    819          case Ist_StoreG: {
    820             IRStoreG* sg   = st->Ist.StoreG.details;
    821             IRExpr*   data = sg->data;
    822             IRType    type = typeOfIRExpr(tyenv, data);
    823             tl_assert(type != Ity_INVALID);
    824             if (clo_trace_mem) {
    825                addEvent_Dw_guarded( sbOut, sg->addr,
    826                                     sizeofIRType(type), sg->guard );
    827             }
    828             if (clo_detailed_counts) {
    829                instrument_detail( sbOut, OpStore, type, sg->guard );
    830             }
    831             addStmtToIRSB( sbOut, st );
    832             break;
    833          }
    834 
    835          case Ist_LoadG: {
    836             IRLoadG* lg       = st->Ist.LoadG.details;
    837             IRType   type     = Ity_INVALID; /* loaded type */
    838             IRType   typeWide = Ity_INVALID; /* after implicit widening */
    839             typeOfIRLoadGOp(lg->cvt, &typeWide, &type);
    840             tl_assert(type != Ity_INVALID);
    841             if (clo_trace_mem) {
    842                addEvent_Dr_guarded( sbOut, lg->addr,
    843                                     sizeofIRType(type), lg->guard );
    844             }
    845             if (clo_detailed_counts) {
    846                instrument_detail( sbOut, OpLoad, type, lg->guard );
    847             }
    848             addStmtToIRSB( sbOut, st );
    849             break;
    850          }
    851 
    852          case Ist_Dirty: {
    853             if (clo_trace_mem) {
    854                Int      dsize;
    855                IRDirty* d = st->Ist.Dirty.details;
    856                if (d->mFx != Ifx_None) {
    857                   // This dirty helper accesses memory.  Collect the details.
    858                   tl_assert(d->mAddr != NULL);
    859                   tl_assert(d->mSize != 0);
    860                   dsize = d->mSize;
    861                   if (d->mFx == Ifx_Read || d->mFx == Ifx_Modify)
    862                      addEvent_Dr( sbOut, d->mAddr, dsize );
    863                   if (d->mFx == Ifx_Write || d->mFx == Ifx_Modify)
    864                      addEvent_Dw( sbOut, d->mAddr, dsize );
    865                } else {
    866                   tl_assert(d->mAddr == NULL);
    867                   tl_assert(d->mSize == 0);
    868                }
    869             }
    870             addStmtToIRSB( sbOut, st );
    871             break;
    872          }
    873 
    874          case Ist_CAS: {
    875             /* We treat it as a read and a write of the location.  I
    876                think that is the same behaviour as it was before IRCAS
    877                was introduced, since prior to that point, the Vex
    878                front ends would translate a lock-prefixed instruction
    879                into a (normal) read followed by a (normal) write. */
    880             Int    dataSize;
    881             IRType dataTy;
    882             IRCAS* cas = st->Ist.CAS.details;
    883             tl_assert(cas->addr != NULL);
    884             tl_assert(cas->dataLo != NULL);
    885             dataTy   = typeOfIRExpr(tyenv, cas->dataLo);
    886             dataSize = sizeofIRType(dataTy);
    887             if (cas->dataHi != NULL)
    888                dataSize *= 2; /* since it's a doubleword-CAS */
    889             if (clo_trace_mem) {
    890                addEvent_Dr( sbOut, cas->addr, dataSize );
    891                addEvent_Dw( sbOut, cas->addr, dataSize );
    892             }
    893             if (clo_detailed_counts) {
    894                instrument_detail( sbOut, OpLoad, dataTy, NULL/*guard*/ );
    895                if (cas->dataHi != NULL) /* dcas */
    896                   instrument_detail( sbOut, OpLoad, dataTy, NULL/*guard*/ );
    897                instrument_detail( sbOut, OpStore, dataTy, NULL/*guard*/ );
    898                if (cas->dataHi != NULL) /* dcas */
    899                   instrument_detail( sbOut, OpStore, dataTy, NULL/*guard*/ );
    900             }
    901             addStmtToIRSB( sbOut, st );
    902             break;
    903          }
    904 
    905          case Ist_LLSC: {
    906             IRType dataTy;
    907             if (st->Ist.LLSC.storedata == NULL) {
    908                /* LL */
    909                dataTy = typeOfIRTemp(tyenv, st->Ist.LLSC.result);
    910                if (clo_trace_mem) {
    911                   addEvent_Dr( sbOut, st->Ist.LLSC.addr,
    912                                       sizeofIRType(dataTy) );
    913                   /* flush events before LL, helps SC to succeed */
    914                   flushEvents(sbOut);
    915 	       }
    916                if (clo_detailed_counts)
    917                   instrument_detail( sbOut, OpLoad, dataTy, NULL/*guard*/ );
    918             } else {
    919                /* SC */
    920                dataTy = typeOfIRExpr(tyenv, st->Ist.LLSC.storedata);
    921                if (clo_trace_mem)
    922                   addEvent_Dw( sbOut, st->Ist.LLSC.addr,
    923                                       sizeofIRType(dataTy) );
    924                if (clo_detailed_counts)
    925                   instrument_detail( sbOut, OpStore, dataTy, NULL/*guard*/ );
    926             }
    927             addStmtToIRSB( sbOut, st );
    928             break;
    929          }
    930 
    931          case Ist_Exit:
    932             if (clo_basic_counts) {
    933                // The condition of a branch was inverted by VEX if a taken
    934                // branch is in fact a fall trough according to client address
    935                tl_assert(iaddr != 0);
    936                dst = (sizeof(Addr) == 4) ? st->Ist.Exit.dst->Ico.U32 :
    937                                            st->Ist.Exit.dst->Ico.U64;
    938                condition_inverted = (dst == iaddr + ilen);
    939 
    940                /* Count Jcc */
    941                if (!condition_inverted)
    942                   di = unsafeIRDirty_0_N( 0, "add_one_Jcc",
    943                                           VG_(fnptr_to_fnentry)( &add_one_Jcc ),
    944                                           mkIRExprVec_0() );
    945                else
    946                   di = unsafeIRDirty_0_N( 0, "add_one_inverted_Jcc",
    947                                           VG_(fnptr_to_fnentry)(
    948                                              &add_one_inverted_Jcc ),
    949                                           mkIRExprVec_0() );
    950 
    951                addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
    952             }
    953             if (clo_trace_mem) {
    954                flushEvents(sbOut);
    955             }
    956 
    957             addStmtToIRSB( sbOut, st );      // Original statement
    958 
    959             if (clo_basic_counts) {
    960                /* Count non-taken Jcc */
    961                if (!condition_inverted)
    962                   di = unsafeIRDirty_0_N( 0, "add_one_Jcc_untaken",
    963                                           VG_(fnptr_to_fnentry)(
    964                                              &add_one_Jcc_untaken ),
    965                                           mkIRExprVec_0() );
    966                else
    967                   di = unsafeIRDirty_0_N( 0, "add_one_inverted_Jcc_untaken",
    968                                           VG_(fnptr_to_fnentry)(
    969                                              &add_one_inverted_Jcc_untaken ),
    970                                           mkIRExprVec_0() );
    971 
    972                addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
    973             }
    974             break;
    975 
    976          default:
    977             ppIRStmt(st);
    978             tl_assert(0);
    979       }
    980    }
    981 
    982    if (clo_basic_counts) {
    983       /* Count this basic block. */
    984       di = unsafeIRDirty_0_N( 0, "add_one_SB_completed",
    985                                  VG_(fnptr_to_fnentry)( &add_one_SB_completed ),
    986                                  mkIRExprVec_0() );
    987       addStmtToIRSB( sbOut, IRStmt_Dirty(di) );
    988    }
    989 
    990    if (clo_trace_mem) {
    991       /* At the end of the sbIn.  Flush outstandings. */
    992       flushEvents(sbOut);
    993    }
    994 
    995    return sbOut;
    996 }
    997 
    998 static void lk_fini(Int exitcode)
    999 {
   1000    tl_assert(clo_fnname);
   1001    tl_assert(clo_fnname[0]);
   1002 
   1003    if (clo_basic_counts) {
   1004       ULong total_Jccs = n_Jccs + n_IJccs;
   1005       ULong taken_Jccs = (n_Jccs - n_Jccs_untaken) + n_IJccs_untaken;
   1006 
   1007       VG_(umsg)("Counted %'llu call%s to %s()\n",
   1008                 n_func_calls, ( n_func_calls==1 ? "" : "s" ), clo_fnname);
   1009 
   1010       VG_(umsg)("\n");
   1011       VG_(umsg)("Jccs:\n");
   1012       VG_(umsg)("  total:         %'llu\n", total_Jccs);
   1013       VG_(umsg)("  taken:         %'llu (%.0f%%)\n",
   1014                 taken_Jccs, taken_Jccs * 100.0 / total_Jccs ?: 1);
   1015 
   1016       VG_(umsg)("\n");
   1017       VG_(umsg)("Executed:\n");
   1018       VG_(umsg)("  SBs entered:   %'llu\n", n_SBs_entered);
   1019       VG_(umsg)("  SBs completed: %'llu\n", n_SBs_completed);
   1020       VG_(umsg)("  guest instrs:  %'llu\n", n_guest_instrs);
   1021       VG_(umsg)("  IRStmts:       %'llu\n", n_IRStmts);
   1022 
   1023       VG_(umsg)("\n");
   1024       VG_(umsg)("Ratios:\n");
   1025       tl_assert(n_SBs_entered); // Paranoia time.
   1026       VG_(umsg)("  guest instrs : SB entered  = %'llu : 10\n",
   1027          10 * n_guest_instrs / n_SBs_entered);
   1028       VG_(umsg)("       IRStmts : SB entered  = %'llu : 10\n",
   1029          10 * n_IRStmts / n_SBs_entered);
   1030       tl_assert(n_guest_instrs); // Paranoia time.
   1031       VG_(umsg)("       IRStmts : guest instr = %'llu : 10\n",
   1032          10 * n_IRStmts / n_guest_instrs);
   1033    }
   1034 
   1035    if (clo_detailed_counts) {
   1036       VG_(umsg)("\n");
   1037       VG_(umsg)("IR-level counts by type:\n");
   1038       print_details();
   1039    }
   1040 
   1041    if (clo_basic_counts) {
   1042       VG_(umsg)("\n");
   1043       VG_(umsg)("Exit code:       %d\n", exitcode);
   1044    }
   1045 }
   1046 
   1047 static void lk_pre_clo_init(void)
   1048 {
   1049    VG_(details_name)            ("Lackey");
   1050    VG_(details_version)         (NULL);
   1051    VG_(details_description)     ("an example Valgrind tool");
   1052    VG_(details_copyright_author)(
   1053       "Copyright (C) 2002-2015, and GNU GPL'd, by Nicholas Nethercote.");
   1054    VG_(details_bug_reports_to)  (VG_BUGS_TO);
   1055    VG_(details_avg_translation_sizeB) ( 200 );
   1056 
   1057    VG_(basic_tool_funcs)          (lk_post_clo_init,
   1058                                    lk_instrument,
   1059                                    lk_fini);
   1060    VG_(needs_command_line_options)(lk_process_cmd_line_option,
   1061                                    lk_print_usage,
   1062                                    lk_print_debug_usage);
   1063 }
   1064 
   1065 VG_DETERMINE_INTERFACE_VERSION(lk_pre_clo_init)
   1066 
   1067 /*--------------------------------------------------------------------*/
   1068 /*--- end                                                lk_main.c ---*/
   1069 /*--------------------------------------------------------------------*/
   1070