0

As I understand, the [heap] virtual memory area (VMA) in the process address space in Linux, contains both the .bss data and the heap data (Link).

I want to capture heap accesses in the [heap] VMA. Again as far as I know, .bss mappings happen at compile time by the fronted (e.g., Clang). Where should I change, in order to filter heap accesses?

TheAhmad
  • 810
  • 1
  • 9
  • 21
  • You forgot to include your current solution. – Erki Aring Feb 04 '19 at 13:34
  • Currently, I can use `Pin` to trace dynamic allocations by tracking specific calls, e.g., to `malloc()` and `calloc()`. Then I should check if the accesses in the range for `[heap]` overlap with the regions allocated using the above calls. If so, they are not for the `.bss` section. But this leads to overhead. Because the allocated regions should be tracked using a data structure such as an `interval tree`. I think a semi-offline solution will be much better. For example, I can dump all `.bss` addresses and ignore them during tracing. Seems more efficient. – TheAhmad Feb 04 '19 at 13:51
  • As the answer for your linked question mentions, the notion of "heap" is obsolete. So ignoring something you think is `.bss` from something you think is `heap` will not give you meaningful results for anything else than most trivial programs. Iif you want to track accesses to the memory allocated by malloc()-s, tracking the allocated regions seems to be the most reliable option. Maybe you can make some optimizations by knowing how exactly your malloc() implementation allocates regions, so you can merge them... – Erki Aring Feb 04 '19 at 15:34
  • 1
    There is still some overhead. I checked the source code for `exp-dhat` tool in `Valgrind`. It also uses a `built-in` interval tree and this delays execution. The allocations are small and almost all of them are located in `[heap]` (i.e., almost no `mmap()`). I think that I found the solution. The `.bss` addresses are contained in the elf binary and the number of symbols are quite limited, e.g., only `1537` `.bss` symbols for `MPlayer-1.2.1` of my `Ubuntu-16.04`. – TheAhmad Feb 04 '19 at 15:40
  • 1
    If your are going this way, you can probably use address of `__bss_start` variable and the size of the `.bss` section defined int ELF to detect the `bss` region. – Erki Aring Feb 04 '19 at 15:43
  • There seems to be another symbol called `_end`. Is this the last symbol for the `.bss` section? – TheAhmad Feb 04 '19 at 15:47

0 Answers0