This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[Bug translator/6702] New: combination of "probe ... if()" and argument refering at return probe causes array overflow error.
- From: "mhiramat at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: systemtap at sources dot redhat dot com
- Date: 27 Jun 2008 15:48:02 -0000
- Subject: [Bug translator/6702] New: combination of "probe ... if()" and argument refering at return probe causes array overflow error.
- Reply-to: sourceware-bugzilla at sourceware dot org
When I executed below script, stap caused an Array overflow error.
---
global flag
probe syscall.read.return if (flag) {
printf("read count = %d\n", $count)
}
probe begin {
flag = 0
}
probe procfs.write {
flag = strtol($value,10)
}
---
$ stap -v ./script
Pass 1: parsed user script and 42 library script(s) in 280usr/10sys/304real ms.
Pass 2: analyzed script: 4 probe(s), 4 function(s), 2 embed(s), 3 global(s) in
270usr/80sys/361real ms.
Pass 3: translated to C into
"/tmp/stapo8bkMe/stap_d4b424cfc8957f11a460f1059d6d7f5d_7192.c" in
20usr/10sys/53real ms.
/home/mhiramat/.systemtap/cache/d4/stap_d4b424cfc8957f11a460f1059d6d7f5d_7192.ko
Pass 4: compiled C into "stap_d4b424cfc8957f11a460f1059d6d7f5d_7192.ko" in
3620usr/470sys/7321real ms.
Pass 5: starting run.
ERROR: Array overflow, check MAXMAPENTRIES near identifier '$count' at ./script:3:30
WARNING: Removal of /proc/systemtap/stap_d4b424cfc8957f11a460f1059d6d7f5d_7192
is deferred until it is no longer in use.
Systemtap module removal will block.
WARNING: Number of errors: 1, skipped probes: 0
---
This was happened because probe "if(flag)" statement will be executed
before deleting unused array element.
Here is the result of '-p2' option.
---
# probes
kernel.function("sys_read@fs/read_write.c:354").return if (flag) /* pc=0x807e6
*/ /* <- syscall.read.return = kernel.function("sys_read").return if (flag) <-
syscall.read.return if (flag) */
# locals
_dwarf_tvar_tid:long
_dwarf_tvar_count_0_tmp:long
{
if (!(flag)) next
{
{
(_dwarf_tvar_tid) = (tid())
(_dwarf_tvar_count_0_tmp) = (_dwarf_tvar_count_0[_dwarf_tvar_tid,
_dwarf_tvar_count_0_ctr[_dwarf_tvar_tid]])
delete _dwarf_tvar_count_0[_dwarf_tvar_tid,
(_dwarf_tvar_count_0_ctr[_dwarf_tvar_tid])--]
if (!(_dwarf_tvar_count_0_ctr[_dwarf_tvar_tid])) delete
_dwarf_tvar_count_0_ctr[_dwarf_tvar_tid]
}
printf("read count = %d\\n", _dwarf_tvar_count_0_tmp)
}
}
---
When I wrote it as 'probe syscall.read.return { if (!flag) next; ... }',
stap showed below result;
---
# probes
kernel.function("sys_read@fs/read_write.c:354").return /* pc=0x807e6 */ /* <-
syscall.read.return = kernel.function("sys_read").return <- syscall.read.return */
# locals
_dwarf_tvar_tid:long
_dwarf_tvar_count_0_tmp:long
{
{
(_dwarf_tvar_tid) = (tid())
(_dwarf_tvar_count_0_tmp) = (_dwarf_tvar_count_0[_dwarf_tvar_tid,
_dwarf_tvar_count_0_ctr[_dwarf_tvar_tid]])
delete _dwarf_tvar_count_0[_dwarf_tvar_tid,
(_dwarf_tvar_count_0_ctr[_dwarf_tvar_tid])--]
if (!(_dwarf_tvar_count_0_ctr[_dwarf_tvar_tid])) delete
_dwarf_tvar_count_0_ctr[_dwarf_tvar_tid]
}
{
if (!(flag)) next
printf("read count = %d\\n", _dwarf_tvar_count_0_tmp)
}
}
---
the place of if() statement was changed after deleting unused array element.
--
Summary: combination of "probe ... if()" and argument refering at
return probe causes array overflow error.
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: translator
AssignedTo: systemtap at sources dot redhat dot com
ReportedBy: mhiramat at redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=6702
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.