From: Namhyung Kim <namhyung@kernel.org>
To: Tengda Wu <wutengda@huaweicloud.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
leo.yan@linux.dev, Li Huafei <lihuafei1@huawei.com>,
Ian Rogers <irogers@google.com>,
Kim Phillips <kim.phillips@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>, Bill Wendling <morbo@google.com>,
Nick Desaulniers <nick.desaulniers+lkml@gmail.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Adrian Hunter <adrian.hunter@intel.com>,
Zecheng Li <zli94@ncsu.edu>,
linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org,
llvm@lists.linux.dev
Subject: Re: [PATCH v2 13/16] perf annotate-arm64: Support 'add' instruction tracking
Date: Thu, 9 Apr 2026 23:42:59 -0700 [thread overview]
Message-ID: <adib8wD8NPtxpQEL@google.com> (raw)
In-Reply-To: <20260403094800.1418825-14-wutengda@huaweicloud.com>
On Fri, Apr 03, 2026 at 09:47:57AM +0000, Tengda Wu wrote:
> Extend update_insn_state() for arm64 to track pointer arithmetic and
> member address calculations.
>
> The arm64 'add' instruction frequently calculates structure member
> addresses, such as 'add x0, x1, #offset'. Tracking this is essential
> to maintain the connection between a base pointer and its derived
> member addresses.
What about other arithmetic instructions? Can 'sub' be used in a
similar manner? Maybe we want to invalidate the target register state
for all(?) other instructions.
Thanks,
Namhyung
>
> The implementation checks if the base register contains a pointer
> or a structure type. When an immediate offset is added, use
> die_get_member_type() to verify that the resulting offset points to
> a valid member within the data type. If valid, update the target
> register's type state with the new offset while preserving the base
> type information.
>
> A real-world example is shown below:
>
> ffff80008001c9a8 <flush_ptrace_hw_breakpoint>:
> ffff80008001c9c4: add x19, x0, #0xeb8 // x0 (task_struct*) + 0xeb8 -> x19
> ffff80008001c9d0: ldr x0, [x19] // PMU sample
>
> Before this commit, the type flow broke at the 'add' instruction,
> leaving the subsequent load with no type information:
>
> chk [28] reg19 offset=0 ok=0 kind=0 cfa : no type information
> final result: no type information
>
> After this commit, the tracker correctly follows the member address
> calculation:
>
> var [0] reg0 offset 0 type='struct task_struct*'
> add [1c] address of 0xeb8(reg0) -> reg19 type='struct task_struct*'
> chk [28] reg19 offset=0 ok=1 kind=1 (struct task_struct*) : Good!
> found by insn track: 0(reg19) type-offset=0xeb8
> final result: type='struct task_struct'
>
> Signed-off-by: Tengda Wu <wutengda@huaweicloud.com>
> ---
> .../perf/util/annotate-arch/annotate-arm64.c | 45 +++++++++++++++++++
> 1 file changed, 45 insertions(+)
>
> diff --git a/tools/perf/util/annotate-arch/annotate-arm64.c b/tools/perf/util/annotate-arch/annotate-arm64.c
> index 013b673f4861..d2557b9d6909 100644
> --- a/tools/perf/util/annotate-arch/annotate-arm64.c
> +++ b/tools/perf/util/annotate-arch/annotate-arm64.c
> @@ -7,6 +7,7 @@
> #include <linux/zalloc.h>
> #include <linux/string.h>
> #include <regex.h>
> +#include <inttypes.h>
> #include "../annotate.h"
> #include "../disasm.h"
> #include "../annotate-data.h"
> @@ -308,6 +309,50 @@ static void update_insn_state_arm64(struct type_state *state,
> sreg = src->reg1;
> dreg = dst->reg1;
>
> + if (!strcmp(dl->ins.name, "add")) {
> + struct type_state_reg dst_tsr;
> +
> + if (!has_reg_type(state, sreg) ||
> + !has_reg_type(state, dreg) ||
> + !state->regs[dreg].ok)
> + return;
> +
> + tsr = &state->regs[sreg];
> + tsr->copied_from = -1;
> + dst_tsr = state->regs[dreg];
> +
> + /* Handle calculation of a register holding a typed pointer */
> + if (dst_tsr.kind == TSR_KIND_POINTER ||
> + (dst_tsr.kind == TSR_KIND_TYPE &&
> + dwarf_tag(&dst_tsr.type) == DW_TAG_pointer_type)) {
> + s32 offset;
> +
> + if (dst_tsr.kind == TSR_KIND_TYPE &&
> + __die_get_real_type(&dst_tsr.type, &type_die) == NULL)
> + return;
> +
> + if (dst_tsr.kind == TSR_KIND_POINTER)
> + type_die = dst_tsr.type;
> +
> + /* Check if the target type has a member at the new offset */
> + offset = dst->offset + dst_tsr.offset;
> + if (die_get_member_type(&type_die, offset, &type_die) == NULL)
> + return;
> +
> + tsr->type = dst_tsr.type;
> + tsr->kind = dst_tsr.kind;
> + tsr->offset = offset;
> + tsr->ok = true;
> +
> + pr_debug_dtp("add [%x] address of %s%#x(reg%d) -> reg%d",
> + insn_offset, dst->offset < 0 ? "-" : "",
> + abs(dst->offset), dreg, sreg);
> +
> + pr_debug_type_name(&tsr->type, tsr->kind);
> + }
> + return;
> + }
> +
> /* Register to register transfers */
> if (!strcmp(dl->ins.name, "mov")) {
> if (!has_reg_type(state, sreg))
> --
> 2.34.1
>
next prev parent reply other threads:[~2026-04-10 6:43 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-03 9:47 [PATCH v2 00/16] perf arm64: Support data type profiling Tengda Wu
2026-04-03 9:47 ` [PATCH v2 01/16] perf llvm: Fix arm64 adrp instruction disassembly mismatch with objdump Tengda Wu
2026-04-03 9:47 ` [PATCH v2 02/16] perf capstone: Fix arm64 jump/adrp " Tengda Wu
2026-04-07 6:43 ` Namhyung Kim
2026-04-10 9:08 ` Tengda Wu
2026-04-14 13:51 ` James Clark
2026-04-03 9:47 ` [PATCH v2 03/16] perf annotate-arm64: Generalize arm64_mov__parse to support standard operands Tengda Wu
2026-04-07 6:58 ` Namhyung Kim
2026-04-10 10:06 ` Tengda Wu
2026-04-14 14:13 ` James Clark
2026-04-03 9:47 ` [PATCH v2 04/16] perf annotate-arm64: Handle load and store instructions Tengda Wu
2026-04-07 7:09 ` Namhyung Kim
2026-04-10 10:16 ` Tengda Wu
2026-04-03 9:47 ` [PATCH v2 05/16] perf annotate: Introduce extract_op_location callback for arch-specific parsing Tengda Wu
2026-04-03 9:47 ` [PATCH v2 06/16] perf dwarf-regs: Adapt get_dwarf_regnum() for arm64 Tengda Wu
2026-04-03 9:47 ` [PATCH v2 07/16] perf annotate-arm64: Implement extract_op_location() callback Tengda Wu
2026-04-07 7:26 ` Namhyung Kim
2026-04-10 10:27 ` Tengda Wu
2026-04-03 9:47 ` [PATCH v2 08/16] perf annotate-arm64: Enable instruction tracking support Tengda Wu
2026-04-10 6:09 ` Namhyung Kim
2026-04-10 10:29 ` Tengda Wu
2026-04-03 9:47 ` [PATCH v2 09/16] perf annotate-arm64: Support load instruction tracking Tengda Wu
2026-04-10 6:23 ` Namhyung Kim
2026-04-10 10:37 ` Tengda Wu
2026-04-03 9:47 ` [PATCH v2 10/16] perf annotate-arm64: Support store " Tengda Wu
2026-04-03 9:47 ` [PATCH v2 11/16] perf annotate-arm64: Support stack variable tracking Tengda Wu
2026-04-10 6:29 ` Namhyung Kim
2026-04-10 10:41 ` Tengda Wu
2026-04-03 9:47 ` [PATCH v2 12/16] perf annotate-arm64: Support 'mov' instruction tracking Tengda Wu
2026-04-10 6:39 ` Namhyung Kim
2026-04-10 10:53 ` Tengda Wu
2026-04-03 9:47 ` [PATCH v2 13/16] perf annotate-arm64: Support 'add' " Tengda Wu
2026-04-10 6:42 ` Namhyung Kim [this message]
2026-04-10 10:49 ` Tengda Wu
2026-04-03 9:47 ` [PATCH v2 14/16] perf annotate-arm64: Support 'adrp' instruction to track global variables Tengda Wu
2026-04-03 9:47 ` [PATCH v2 15/16] perf annotate-arm64: Support per-cpu variable access tracking Tengda Wu
2026-04-03 9:48 ` [PATCH v2 16/16] perf annotate-arm64: Support 'mrs' instruction to track 'current' pointer Tengda Wu
2026-04-10 6:52 ` Namhyung Kim
2026-04-10 10:44 ` Tengda Wu
2026-04-07 6:31 ` [PATCH v2 00/16] perf arm64: Support data type profiling Namhyung Kim
2026-04-08 11:35 ` Tengda Wu
2026-04-10 7:00 ` Namhyung Kim
2026-04-10 8:17 ` Tengda Wu
2026-04-14 15:10 ` James Clark
2026-04-15 1:34 ` Tengda Wu
2026-04-16 15:31 ` James Clark
2026-04-17 1:53 ` Tengda Wu
2026-04-20 9:31 ` James Clark
2026-04-22 9:50 ` James Clark
2026-04-27 8:43 ` Tengda Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=adib8wD8NPtxpQEL@google.com \
--to=namhyung@kernel.org \
--cc=acme@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=irogers@google.com \
--cc=kim.phillips@arm.com \
--cc=leo.yan@linux.dev \
--cc=lihuafei1@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=morbo@google.com \
--cc=nick.desaulniers+lkml@gmail.com \
--cc=peterz@infradead.org \
--cc=wutengda@huaweicloud.com \
--cc=zli94@ncsu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.