From: sashiko-bot@kernel.org
To: "Tengda Wu" <wutengda@huaweicloud.com>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v3 13/21] perf annotate-arm64: Enable instruction tracking support
Date: Wed, 01 Jul 2026 04:12:01 +0000 [thread overview]
Message-ID: <20260701041202.000111F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260701035355.752944-14-wutengda@huaweicloud.com>
Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
New issues:
- [High] Missing function call register invalidation for ARM64 data type tracking.
- [Medium] Failure to invalidate secondary destination registers (`reg2`) in multi-register instructions.
Pre-existing issues:
- [High] Missing `multi_regs` evaluation for register operands in load/store instructions.
--
commit a1f858405ccf3b88519235d7e08cb42762d969ac
Author: Tengda Wu <wutengda@huaweicloud.com>
perf annotate-arm64: Enable instruction tracking support
Enable basic instruction tracking for arm64 by implementing three essential
functions in the find_data_type_block() call path: arch_supports_insn_tracking,
init_type_state, and update_insn_state.
> diff --git a/tools/perf/util/annotate-arch/annotate-arm64.c b/tools/perf/util/annotate-arch/annotate-arm64.c
> index 77b6f4841c849..48b1c94273eb6 100644
> --- a/tools/perf/util/annotate-arch/annotate-arm64.c
> +++ b/tools/perf/util/annotate-arch/annotate-arm64.c
[ ... ]
> @@ -324,6 +326,31 @@ static int extract_op_location_arm64(const struct arch *arch,
> return 0;
> }
>
> +#ifdef HAVE_LIBDW_SUPPORT
> +static void update_insn_state_arm64(struct type_state *state,
> + struct data_loc_info *dloc, Dwarf_Die *cu_die __maybe_unused,
> + struct disasm_line *dl)
> +{
> + struct annotated_insn_loc loc;
> + struct annotated_op_loc *dst = &loc.ops[INSN_OP_TARGET];
> + u32 insn_offset = dl->al.offset;
> +
> + if (annotate_get_insn_location(dloc->arch, dl, &loc) < 0)
> + return;
> +
[Severity: High]
Does this function miss a check for function calls?
When an instruction is a function call (e.g., bl or blr), this code does not
check ins__is_call(&dl->ins). As a result, it fails to invalidate the
caller-saved registers (x0-x17) and update the return type in x0.
While init_type_state() correctly initializes the caller_saved flags for
these registers, won't omitting the invalidation here cause subsequent
accesses to inherit incorrect type states across function calls?
> + /*
> + * For unsupported instructions with a destination register, invalidate
> + * the destination register itself to prevent incorrect type propagation.
> + */
> + if (has_reg_type(state, dst->reg1)) {
> + pr_debug_dtp("%s [%x] invalidate reg%d\n",
> + dl->ins.name, insn_offset, dst->reg1);
> + invalidate_reg_state(&state->regs[dst->reg1]);
> + return;
> + }
[Severity: Medium]
Does this fallback logic need to handle secondary destination registers?
When an unsupported instruction modifies multiple registers (e.g., casp),
this only checks and invalidates the primary destination register
(dst->reg1).
If the instruction has a secondary register (where dst->multi_regs is
true), should we also invalidate dst->reg2 so it doesn't retain an
incorrect type state?
[Severity: High]
This is a pre-existing issue, but I noticed a potential problem in
arm64_ldst__parse() regarding multi-register instructions:
tools/perf/util/annotate-arch/annotate-arm64.c:arm64_ldst__parse() {
...
if (arm64__insn_is_source_first(dl)) {
ops->source.raw = left;
ops->source.mem_ref = false;
ops->target.raw = right;
ops->target.mem_ref = true;
ops->target.multi_regs = arm64__check_multi_regs(arch, ops->target.raw);
}
...
}
Here, arm64__check_multi_regs() is only applied to the memory operand side
(ops->target in this case). The register operand side is left with
multi_regs = false.
Because of this, extract_op_location_arm64() fails to parse the second
register (reg2) for instructions like ldp and stp, leaving it as -1. Won't
this cause the data type tracking logic to silently miss type updates and
queries for the secondary register?
> +}
> +#endif
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260701035355.752944-1-wutengda@huaweicloud.com?part=13
next prev parent reply other threads:[~2026-07-01 4:12 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-01 3:53 [PATCH v3 00/21] perf arm64: Support data type profiling Tengda Wu
2026-07-01 3:53 ` [PATCH v3 01/21] perf capstone: Fix kernel map reference count leak Tengda Wu
2026-07-01 3:53 ` [PATCH v3 02/21] perf capstone: Fix arm64 jump/adrp disassembly mismatch with objdump Tengda Wu
2026-07-01 4:07 ` sashiko-bot
2026-07-01 6:44 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 03/21] perf llvm: Fix arm64 adrp instruction " Tengda Wu
2026-07-01 4:05 ` sashiko-bot
2026-07-01 6:45 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 04/21] perf annotate-arm64: Generalize arm64_mov__parse to support more instructions Tengda Wu
2026-07-01 4:03 ` sashiko-bot
2026-07-01 6:57 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 05/21] perf annotate-arm64: Handle load and store instructions Tengda Wu
2026-07-01 4:07 ` sashiko-bot
2026-07-01 7:03 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 06/21] perf dwarf-regs: Adapt get_dwarf_regnum() for arm64 Tengda Wu
2026-07-01 4:07 ` sashiko-bot
2026-07-01 7:14 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 07/21] perf annotate: Adapt arch__dwarf_regnum() " Tengda Wu
2026-07-01 3:53 ` [PATCH v3 08/21] perf annotate: Introduce extract_op_location callback for arch-specific parsing Tengda Wu
2026-07-01 4:06 ` sashiko-bot
2026-07-01 7:29 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 09/21] perf annotate-arm64: Implement extract_op_location() callback Tengda Wu
2026-07-01 4:10 ` sashiko-bot
2026-07-01 7:36 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 10/21] perf annotate: Deduplicate overlapping ARM SPE events for data type profiling Tengda Wu
2026-07-01 4:06 ` sashiko-bot
2026-07-01 3:53 ` [PATCH v3 11/21] perf auxtrace: Set default period to 1 for PERF_ITRACE_PERIOD_INSTRUCTIONS type Tengda Wu
2026-07-01 4:05 ` sashiko-bot
2026-07-01 3:53 ` [PATCH v3 12/21] perf annotate-data: Extract invalidate_reg_state() as a common helper Tengda Wu
2026-07-01 3:53 ` [PATCH v3 13/21] perf annotate-arm64: Enable instruction tracking support Tengda Wu
2026-07-01 4:12 ` sashiko-bot [this message]
2026-07-01 7:56 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 14/21] perf annotate-arm64: Support load instruction tracking Tengda Wu
2026-07-01 4:14 ` sashiko-bot
2026-07-01 8:37 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 15/21] perf annotate-arm64: Support store " Tengda Wu
2026-07-01 3:53 ` [PATCH v3 16/21] perf annotate-arm64: Support stack variable tracking Tengda Wu
2026-07-01 4:16 ` sashiko-bot
2026-07-01 3:53 ` [PATCH v3 17/21] perf annotate-arm64: Support 'mov' instruction tracking Tengda Wu
2026-07-01 4:21 ` sashiko-bot
2026-07-01 8:46 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 18/21] perf annotate-arm64: Support 'add' " Tengda Wu
2026-07-01 4:16 ` sashiko-bot
2026-07-01 8:47 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 19/21] perf annotate-arm64: Support 'adrp' instruction to track global variables Tengda Wu
2026-07-01 4:15 ` sashiko-bot
2026-07-01 8:48 ` Tengda Wu
2026-07-01 3:53 ` [PATCH v3 20/21] perf annotate-arm64: Support per-cpu variable access tracking Tengda Wu
2026-07-01 4:18 ` sashiko-bot
2026-07-01 3:53 ` [PATCH v3 21/21] perf annotate-arm64: Support 'mrs' instruction to track 'current' pointer Tengda Wu
2026-07-01 4:16 ` sashiko-bot
2026-07-01 8:56 ` Tengda Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260701041202.000111F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=wutengda@huaweicloud.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox