Analysis of binary executable programs is performed to analyze program performance, verify correctness, and optimization, for example. Some analyses are performed prior to runtime (static analysis), while other analyses are performed during runtime (dynamic analysis). For both static and dynamic analysis, however, the analysis is often performed at the function level.
The term, “function”, refers to named sections of code that are callable in the source program and encompasses routines, procedures, methods and other similar constructs known to those skilled in the art. The functions in the source code are compiled into segments of executable code. For convenience, the segments of executable code that correspond to the functions in the source code are also referred to as “functions”.
One category of analysis performed on executable programs is “instrumentation”. Instrumentation is generally used to gather runtime characteristics of a program. For example, the number of times that a function is executed while the application is executing is determined through instrumentation. While the information gathered through instrumentation may be extremely useful for purposes of enhancing program performance, the process of setting up a program for instrumentation can be time-consuming and very complicated.
Some dynamic instrumentation tools relocate instrumented functions during execution of the program into a new address space, such as shared memory address space, on the stack of a target program, on the heap of a target program or other similar methods. These different methods are referenced in this description under the term “shared memory”. The shared memory space is allocated by the instrumentation tool and shared by the instrumentation tool and the executable program. The instrumented functions in the shared memory space are executed in lieu of the un-instrumented versions of the functions in the original address space. Some instrumented functions in the shared memory space may call other instrumented functions in the shared memory space, depending on the application.
In certain situations the call graph (or the “call chain”) of a program must be traversed. The call graph refers to the order in which functions of the program are called and which of the functions are the calling and called functions. Traversal of the call graph is often referred to as “stack unwinding”. Stack unwinding allows identification of calling and called functions. For example, if foo1( ) calls foo2( ),foo2( ) calls foo3( ), and foo3( ) calls foo4( ), stack unwinding from a location in foo4( ) allows identification of the chain of functions that were called in getting to the location in foo4( ). Functions in the call graph can be functions that have not been instrumented (“non-instrumented functions”) or relocated instrumented functions.
An example situation in which stack unwinding is performed is when a program error occurs and a programmer is interested the function calling sequence relative to the location in the program at which the error occurred. This is sometimes referred to as a stack trace. Another example is where a C++ exception is “thrown” in a C++ program. The C++ runtime mechanism unwinds the stack upwards until it finds a matching “catch clause” (C++ terminology).
In some architectures, stack unwinding can be trivial. For example, where a single format is used for stack frames, traversing the call graph is easily achieved by reading values from the stack of the application in a well-defined way. However, stack unwinding in other architectures is more complicated because stack frames can have different formats. For example, in the IA-64 processor architecture from Hewlett-Packard different formats of stack frames are used to optimize performance of a given code stream. Unwinding is performed by reading supplemental unwind information that describes the format and content of each individual stack frame.
In the HP-UX system from Hewlett-Packard, the dynamic loader maintains information that associates loaded modules and the locations of unwind information for the loaded modules. When unwinding is needed, for example, because a C++ exception has been thrown, a function of the dynamic loader is called by the unwinder (libunwind on HP-UX) to identify the unwind information of the load module and the function within which the exception was raised. If unwinding is requested in an instrumented function, e.g. a C++ exception is thrown in the instrumented function, the dynamic loader will be unable to provide a reference to the required unwind information because the dynamic loader maintains only the unwind information for the un-instrumented version of the function. Unwinding through instrumented functions would therefore fail.
A system and method that address the aforementioned problems, as well as other related problems, are therefore desirable.