[PATCH v2] trace: print alloca pointers as actual pointer values

[PATCH v2] trace: print alloca pointers as actual pointer values

[Kris Van Hees]

Because alloca pointers are stored internally as ofssets into the
scratchmem area, they were printed as small integers.  They are
now printed as actual pointer values into kernel space.

Signed-off-by: Kris Van Hees <kris.van.hees@oracle.com>
---
 libdtrace/dt_cg.c                          | 40 ++++++++++++++++------
 test/unittest/actions/trace/tst.alloca.d   | 24 +++++++++++++
 test/unittest/actions/trace/tst.alloca.r   |  1 +
 test/unittest/actions/trace/tst.alloca.r.p | 11 ++++++
 4 files changed, 65 insertions(+), 11 deletions(-)
 create mode 100644 test/unittest/actions/trace/tst.alloca.d
 create mode 100644 test/unittest/actions/trace/tst.alloca.r
 create mode 100755 test/unittest/actions/trace/tst.alloca.r.p

diff --git a/libdtrace/dt_cg.c b/libdtrace/dt_cg.c
index 78f29a2a..2456e8b2 100644
--- a/libdtrace/dt_cg.c
+++ b/libdtrace/dt_cg.c
@@ -1687,18 +1687,36 @@ dt_cg_store_val(dt_pcb_t *pcb, dt_node_t *dnp, dtrace_actkind_t kind,
 		align = vtype.dtdt_align;
 
 		/*
-		 * A DEREF of a REF node does not get resolved in dt_cg_node()
-		 * because the ref node already holds the pointer.  But for
-		 * alloca pointers, that will be the offset into scratchmem so
-		 * we still need to turn it into a real pointer here.
+		 * Alloca pointers are stored as an offset into scratchmem, so
+		 * they need to be converted into real pointers before we go on.
+		 * If the alloca pointer is a REF or ref-by-value is requested,
+		 * we need to do bounds checking before turning the alloca
+		 * pointer into a real pointer.
+		 * If not, we should scalarize it so that the BPF verifier does
+		 * not complain.
 		 */
-		if (dnp->dn_kind == DT_NODE_OP1 &&
-		    dnp->dn_op == DT_TOK_DEREF && (dnp->dn_flags & DT_NF_REF) &&
-		    (dnp->dn_child->dn_flags & DT_NF_ALLOCA)) {
-			dt_cg_alloca_access_check(dlp, drp, dnp->dn_reg,
-						  DT_ISIMM, size);
-			dt_cg_alloca_ptr(dlp, drp, dnp->dn_reg, dnp->dn_reg);
-			not_null = 1;
+		if (dnp->dn_flags & DT_NF_ALLOCA) {
+			if ((dnp->dn_flags & DT_NF_REF) || (arg & DT_NF_REF)) {
+				dt_cg_alloca_access_check(dlp, drp, dnp->dn_reg,
+							  DT_ISIMM, size);
+
+				dt_cg_alloca_ptr(dlp, drp, dnp->dn_reg, dnp->dn_reg);
+				not_null = 1;
+			} else {
+				int	reg;
+
+				dt_regset_xalloc(drp, BPF_REG_0);
+				emit(dlp,  BPF_LOAD(BPF_DW, BPF_REG_0, BPF_REG_FP, DT_STK_DCTX));
+				if ((reg = dt_regset_alloc(drp)) == -1)
+					longjmp(yypcb->pcb_jmpbuf, EDT_NOREG);
+				emit(dlp, BPF_LOAD(BPF_DW, reg, BPF_REG_0, DCTX_SCRATCHMEM));
+				emit(dlp, BPF_LOAD(BPF_DW, BPF_REG_0, BPF_REG_0, DCTX_MST));
+				emit(dlp, BPF_STORE(BPF_DW, BPF_REG_0, DMST_SCALARIZER, reg));
+				emit(dlp, BPF_LOAD(BPF_DW, reg, BPF_REG_0, DMST_SCALARIZER));
+				dt_regset_free(drp, BPF_REG_0);
+				emit(dlp,  BPF_ALU64_REG(BPF_ADD, dnp->dn_reg, reg));
+				dt_regset_free(drp, reg);
+			}
 		}
 	}
 
diff --git a/test/unittest/actions/trace/tst.alloca.d b/test/unittest/actions/trace/tst.alloca.d
new file mode 100644
index 00000000..d2ff5152
--- /dev/null
+++ b/test/unittest/actions/trace/tst.alloca.d
@@ -0,0 +1,24 @@
+#pragma D option quiet
+
+BEGIN
+{
+	arr = (int *)alloca(5 * sizeof(int));
+	idx = 4;
+	arr[0] = 1;
+	arr[1] = 22;
+	arr[2] = 333;
+	arr[3] = 4444;
+	arr[4] = 55555;
+	trace(arr);
+	trace(" ");
+	trace(*arr);
+	trace(" ");
+	trace(arr + 2);
+	trace(" ");
+	trace(*(arr + 2));
+	trace(" ");
+	trace(arr + idx);
+	trace(" ");
+	trace(*(arr + idx));
+	exit(0);
+}
diff --git a/test/unittest/actions/trace/tst.alloca.r b/test/unittest/actions/trace/tst.alloca.r
new file mode 100644
index 00000000..e9bbf2f5
--- /dev/null
+++ b/test/unittest/actions/trace/tst.alloca.r
@@ -0,0 +1 @@
+OK 1 OK 333 OK 55555
diff --git a/test/unittest/actions/trace/tst.alloca.r.p b/test/unittest/actions/trace/tst.alloca.r.p
new file mode 100755
index 00000000..8515861a
--- /dev/null
+++ b/test/unittest/actions/trace/tst.alloca.r.p
@@ -0,0 +1,11 @@
+#!/usr/bin/gawk -f
+
+{
+	$1 = $1 > 0x7fffffff ? "OK" : "BAD";
+	$3 = $3 > 0x7fffffff ? "OK" : "BAD";
+	$5 = $5 > 0x7fffffff ? "OK" : "BAD";
+}
+
+{
+	print;
+}
-- 
2.43.5

Re: [PATCH v2] trace: print alloca pointers as actual pointer values

[Eugene Loh]

Similar comments to v1:

On 9/12/25 00:16, Kris Van Hees wrote:
> Because alloca pointers are stored internally as ofssets into the

Again, s/ofssets/offsets/.

> scratchmem area, they were printed as small integers.  They are
> now printed as actual pointer values into kernel space.

And again test failures.  This time, not with the new test, but as you 
say, "Ah, tehe joy of fixing one problem only to uncover another."  So 
this time:

         test/unittest/funcs/alloca/tst.alloca-funcs.d: FAIL: expected 
results differ.
             Diff against expected:
              a/b
             -8b11/b/b3a/b//baba
             +18446671313727729520b11/b/b3a/b//baba

Here, "8" has become "18446671313727729520".  So, need some .r change 
(and some .r.p magic and possibly .d tweak).

         test/unittest/funcs/alloca/tst.string-alloca.d: FAIL: expected 
results differ.
             Diff against expected:
             -abc
             +

Here, simply a bug?

Re: [PATCH v2] trace: print alloca pointers as actual pointer values

[Kris Van Hees]

On Fri, Sep 12, 2025 at 08:36:19PM -0400, Eugene Loh wrote:
> Similar comments to v1:
> 
> On 9/12/25 00:16, Kris Van Hees wrote:
> > Because alloca pointers are stored internally as ofssets into the
> 
> Again, s/ofssets/offsets/.
> 
> > scratchmem area, they were printed as small integers.  They are
> > now printed as actual pointer values into kernel space.
> 
> And again test failures.  This time, not with the new test, but as you say,
> "Ah, tehe joy of fixing one problem only to uncover another."  So this time:
> 
>         test/unittest/funcs/alloca/tst.alloca-funcs.d: FAIL: expected
> results differ.
>             Diff against expected:
>              a/b
>             -8b11/b/b3a/b//baba
>             +18446671313727729520b11/b/b3a/b//baba
> 
> Here, "8" has become "18446671313727729520".  So, need some .r change (and
> some .r.p magic and possibly .d tweak).

This is resolved by the other patch about subtracting pointers.  With both
patches, this failure is no longer.

>         test/unittest/funcs/alloca/tst.string-alloca.d: FAIL: expected
> results differ.
>             Diff against expected:
>             -abc
>             +
> 
> Here, simply a bug?

Hm...  This passed on my end somehow.  Let me look (perhaps I forgot to include
a change when I prepared the v2).