dtrace discuss - Feb 2007 - FBT implementation on x86

Hi,

I was going through the implementation of FBT provider on x86. I figured out
that entry and the exit instructions in a function will be replaced by the
"lock" instruction on a probe enable which on execution causes a
invalid
opcode exception. Is there any reason why lock was choosen as the
instruction to cause the invalid opcode trap? Is there any chance of a
"ret"
instruction followed by ADD,CMPXCHG and other instructions which can be
prefixed by the "lock" instruction in memory. In that case, if we
replace
ret by lock we might not trap in to the invoptrap routine?

Thanks in advance
Saravanan S
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/dtrace-discuss/attachments/20070213/59c4c499/attachment.html>

> I was going through the implementation of FBT provider on x86. I figured
out
> that entry and the exit instructions in a function will be replaced by the
> "lock" instruction on a probe enable which on execution causes a
invalid
> opcode exception. Is there any reason why lock was choosen as the
> instruction to cause the invalid opcode trap? 
It could be done with a 0xcc (INT 3) as well -- and in fact, this is how
we do it for return probes on amd64.
> Is there any chance of a "ret"
> instruction followed by ADD,CMPXCHG and other instructions which can be
> prefixed by the "lock" instruction in memory. In that case, if we
replace
> ret by lock we might not trap in to the invoptrap routine?
No.  On x86, we don''t instrument the ret, we instrument the leave.  So
the sequence is "lock ret" which is always illegal.  On amd64, we do
instrument the ret -- but we instrument it with a 0xcc, which always
generates the INT 3.

	- Bryan

--------------------------------------------------------------------------
Bryan Cantrill, Solaris Kernel Development.       http://blogs.sun.com/bmc