1

In my previous question, I was trying to see if I could programmatically obtain a stack trace of a child process from its parent.

I've successfully done so, but now another question has arisen in my mind - is it safe to directly examine these frames during program execution? I'm defining "safe" here as meaning "will not modify the values on the child's stack".

For example, here's a sample stack trace I obtained from running the NPB-Serial CG Class A benchmark:

0x400c7e : (conj_grad_+0x12e) [0x400c7e]
  Saved regs:
    RIP: 0x400c7e
    RSP: 0x7ffe5e3662a0
    RBP: 0x36b1
0x401ec8 : (MAIN__+0x739) [0x401ec8]
  Saved regs:
    RIP: 0x401ec8
    RSP: 0x7ffe5e366300
    RBP: (nil)
0x402b39 : (main+0x1d) [0x402b39]
  Saved regs:
    RIP: 0x402b39
    RSP: 0x7ffe5e368d40
    RBP: (nil)
0x7f76b7114ec5 : (__libc_start_main+0xf5) [0x7f76b7114ec5]
  Saved regs:
    RIP: 0x7f76b7114ec5
    RSP: 0x7ffe5e368d50
    RBP: (nil)
0x400a89 : (_start+0x29) [0x400a89]
  Saved regs:
    RIP: 0x400a89
    RSP: 0x7ffe5e368e10
    RBP: (nil)

I would like to obtain a dump of the stack by copying the values at each stack-pointer entry - for example, by starting at 0x7ffe5e368e10 and copying every value from that address to the current stack pointer into a separate location.

Are there any risks to doing this? Or am I thinking about this incorrectly (as in, there's an easier way to do this)?

Community
  • 1
  • 1
tonysdg
  • 1,335
  • 11
  • 32
  • 1
    If the other process is still running then yes there's a risk. What if the other process does a function call while you're copying or worse, does a few `returns`? – Some programmer dude Jul 16 '15 at 18:40
  • @JoachimPileborg While this is happening, the child process is stopped via `ptrace`, so I don't think that would be a concern, would it? – tonysdg Jul 16 '15 at 18:41
  • 1
    In that case, since there's no chance of the call-stack changing, then it should be "safe", or at least you should be able to get the whole call-stack but once you let the process start executing again it will start to get inaccurate pretty quickly. – Some programmer dude Jul 16 '15 at 18:44
  • @JoachimPileborg - I've got no plans to let it start executing again in my final program (in fact I'll likely send it a `SIGKILL` myself after I get the trace), so that answers my question. Thank you! If you'd like to put your comment in an answer, I'll mark it as my accepted answer. – tonysdg Jul 16 '15 at 18:46
  • 2
    You're outside of the language. Define "safe". – Lightness Races in Orbit Jul 16 '15 at 18:53
  • @LightnessRacesinOrbit "Safe" as in "not going to modify values on the child process's stack". – tonysdg Jul 16 '15 at 19:13
  • Add this crucial detail into your question please. – Lightness Races in Orbit Jul 16 '15 at 19:13
  • @LightnessRacesinOrbit Done! Thanks for the advice! – tonysdg Jul 16 '15 at 19:15

0 Answers0