[PATCH v2 14/16] perf annotate-arm64: Support 'adrp' instruction to track global variables
From: Tengda Wu
Date: Fri Apr 03 2026 - 05:52:05 EST
Extend update_insn_state() for arm64 to track global variable types
calculated via PC-relative addressing.
On arm64, global variables are typically accessed by first calculating
the page address using 'adrp', followed by an 'add' or 'ldr' to get the
specific symbol address. Without tracking 'adrp', the instruction
tracker loses the base address, making it impossible to resolve
global symbols and their associated DWARF types.
Introduce TSR_KIND_GLOBAL_ADDR to represent a partial global address
state. When encountering 'adrp', store the page-aligned target address
in the register's type state. Upon a subsequent 'add' or 'ldr'
instruction that references a TSR_KIND_GLOBAL_ADDR register, combine
the page address with the immediate offset.
A real-world example is shown below:
ffff80008032e008 <folios_put_refs>:
ffff80008032e048: adrp x24, ffff80008202f000 <nr_cpu_ids>
ffff80008032e050: add x24, x24, #0xd40
ffff80008032e078: ldr x0, [x24] // PMU sample
Before this commit, x24 was unknown, leading to no type information:
chk [70] reg24 offset=0 ok=0 kind=0 cfa : no type information
final result: no type information
After this commit, the tracker correctly follows the adrp/add flow:
adrp [40] global addr=ffff80008202f000 -> reg24
add [48] global addr=ffff80008202fd40 -> reg24
chk [70] reg24 offset=0 ok=1 kind=7 global addr : Good!
final result: type='struct folio*'
Signed-off-by: Li Huafei <lihuafei1@xxxxxxxxxx>
Signed-off-by: Tengda Wu <wutengda@xxxxxxxxxxxxxxx>
---
.../perf/util/annotate-arch/annotate-arm64.c | 64 ++++++++++++++++++-
tools/perf/util/annotate-arch/annotate-x86.c | 6 +-
tools/perf/util/annotate-data.c | 32 ++++++++--
tools/perf/util/annotate-data.h | 7 +-
4 files changed, 97 insertions(+), 12 deletions(-)
diff --git a/tools/perf/util/annotate-arch/annotate-arm64.c b/tools/perf/util/annotate-arch/annotate-arm64.c
index d2557b9d6909..6b954bbfaf8d 100644
--- a/tools/perf/util/annotate-arch/annotate-arm64.c
+++ b/tools/perf/util/annotate-arch/annotate-arm64.c
@@ -290,7 +290,7 @@ static void adjust_reg_index_state(struct type_state *state, int reg,
}
static void update_insn_state_arm64(struct type_state *state,
- struct data_loc_info *dloc, Dwarf_Die * cu_die __maybe_unused,
+ struct data_loc_info *dloc, Dwarf_Die *cu_die,
struct disasm_line *dl)
{
struct annotated_insn_loc loc;
@@ -309,6 +309,23 @@ static void update_insn_state_arm64(struct type_state *state,
sreg = src->reg1;
dreg = dst->reg1;
+ if (!strcmp(dl->ins.name, "adrp")) {
+ if (!has_reg_type(state, sreg) || !dl->ops.target.addr)
+ return;
+
+ tsr = &state->regs[sreg];
+ tsr->copied_from = -1;
+ tsr->kind = TSR_KIND_GLOBAL_ADDR;
+ /* Partial page-relative address, finalized in next 'add/ldr' */
+ tsr->addr = dl->ops.target.addr;
+ tsr->offset = 0;
+ tsr->ok = true;
+
+ pr_debug_dtp("adrp [%x] global addr=%"PRIx64" -> reg%d\n",
+ insn_offset, tsr->addr, sreg);
+ return;
+ }
+
if (!strcmp(dl->ins.name, "add")) {
struct type_state_reg dst_tsr;
@@ -342,6 +359,7 @@ static void update_insn_state_arm64(struct type_state *state,
tsr->type = dst_tsr.type;
tsr->kind = dst_tsr.kind;
tsr->offset = offset;
+ tsr->addr = 0;
tsr->ok = true;
pr_debug_dtp("add [%x] address of %s%#x(reg%d) -> reg%d",
@@ -350,6 +368,18 @@ static void update_insn_state_arm64(struct type_state *state,
pr_debug_type_name(&tsr->type, tsr->kind);
}
+
+ /* Handle PC-relative global address calculation (adrp/add pair) */
+ if (dst_tsr.kind == TSR_KIND_GLOBAL_ADDR) {
+ tsr->kind = dst_tsr.kind;
+ tsr->addr = dst_tsr.addr + dst->offset;
+ tsr->offset = 0;
+ tsr->ok = true;
+
+ pr_debug_dtp("add [%x] global addr=%"PRIx64" -> reg%d\n",
+ insn_offset, tsr->addr, sreg);
+ }
+
return;
}
@@ -370,6 +400,7 @@ static void update_insn_state_arm64(struct type_state *state,
tsr->type = state->regs[dreg].type;
tsr->kind = state->regs[dreg].kind;
tsr->offset = state->regs[dreg].offset;
+ tsr->addr = state->regs[dreg].addr;
tsr->ok = true;
if (tsr->kind == TSR_KIND_TYPE || tsr->kind == TSR_KIND_POINTER)
@@ -444,6 +475,7 @@ static void update_insn_state_arm64(struct type_state *state,
tsr->type = type_die;
tsr->kind = TSR_KIND_TYPE;
tsr->offset = 0;
+ tsr->addr = 0;
tsr->ok = true;
pr_debug_dtp("ldr [%x] %#x(reg%d) -> reg%d",
@@ -451,6 +483,30 @@ static void update_insn_state_arm64(struct type_state *state,
pr_debug_type_name(&tsr->type, tsr->kind);
adjust_reg_index_state(state, dreg, dst, "ldr", insn_offset);
+ return;
+ }
+
+ /* Or check if it's a global variable */
+ if (dst_tsr.kind == TSR_KIND_GLOBAL_ADDR) {
+ u64 ip = dloc->ms->sym->start + dl->al.offset;
+ u64 addr = dst_tsr.addr + dst->offset;
+ int offset;
+
+ if (!get_global_var_type(cu_die, dloc, ip, addr, &offset,
+ &type_die) ||
+ !die_get_member_type(&type_die, offset, &type_die)) {
+ tsr->ok = false;
+ return;
+ }
+
+ tsr->type = type_die;
+ tsr->kind = TSR_KIND_TYPE;
+ tsr->offset = offset;
+ tsr->addr = addr;
+ tsr->ok = true;
+ pr_debug_dtp("ldr [%x] global (%"PRIx64") -> reg%d",
+ insn_offset, addr, sreg);
+ pr_debug_type_name(&tsr->type, tsr->kind);
}
return;
}
@@ -472,10 +528,12 @@ static void update_insn_state_arm64(struct type_state *state,
if (stack) {
if (!stack->compound)
set_stack_state(stack, offset, tsr->kind,
- &tsr->type, tsr->offset);
+ &tsr->type, tsr->offset,
+ tsr->addr);
} else {
findnew_stack_state(state, offset, tsr->kind,
- &tsr->type, tsr->offset);
+ &tsr->type, tsr->offset,
+ tsr->addr);
}
pr_debug_dtp("str [%x] reg%d -> -%#x(stack)",
diff --git a/tools/perf/util/annotate-arch/annotate-x86.c b/tools/perf/util/annotate-arch/annotate-x86.c
index c63ca3250b95..24adfbef8b76 100644
--- a/tools/perf/util/annotate-arch/annotate-x86.c
+++ b/tools/perf/util/annotate-arch/annotate-x86.c
@@ -780,10 +780,12 @@ static void update_insn_state_x86(struct type_state *state,
*/
if (!stack->compound)
set_stack_state(stack, offset, tsr->kind,
- &tsr->type, tsr->offset);
+ &tsr->type, tsr->offset,
+ tsr->addr);
} else {
findnew_stack_state(state, offset, tsr->kind,
- &tsr->type, tsr->offset);
+ &tsr->type, tsr->offset,
+ tsr->addr);
}
if (dst->reg1 == fbreg) {
diff --git a/tools/perf/util/annotate-data.c b/tools/perf/util/annotate-data.c
index fd6416d43a2e..b75d50b2c46f 100644
--- a/tools/perf/util/annotate-data.c
+++ b/tools/perf/util/annotate-data.c
@@ -70,6 +70,9 @@ void pr_debug_type_name(Dwarf_Die *die, enum type_state_kind kind)
case TSR_KIND_CANARY:
pr_info(" stack canary\n");
return;
+ case TSR_KIND_GLOBAL_ADDR:
+ pr_info(" global address\n");
+ return;
case TSR_KIND_TYPE:
default:
break;
@@ -577,7 +580,7 @@ struct type_state_stack *find_stack_state(struct type_state *state,
}
void set_stack_state(struct type_state_stack *stack, int offset, u8 kind,
- Dwarf_Die *type_die, int ptr_offset)
+ Dwarf_Die *type_die, int ptr_offset, u64 addr)
{
int tag;
Dwarf_Word size;
@@ -594,6 +597,7 @@ void set_stack_state(struct type_state_stack *stack, int offset, u8 kind,
stack->offset = offset;
stack->ptr_offset = ptr_offset;
stack->kind = kind;
+ stack->addr = addr;
if (kind == TSR_KIND_POINTER) {
stack->compound = false;
@@ -616,18 +620,18 @@ void set_stack_state(struct type_state_stack *stack, int offset, u8 kind,
struct type_state_stack *findnew_stack_state(struct type_state *state,
int offset, u8 kind,
Dwarf_Die *type_die,
- int ptr_offset)
+ int ptr_offset, u64 addr)
{
struct type_state_stack *stack = find_stack_state(state, offset);
if (stack) {
- set_stack_state(stack, offset, kind, type_die, ptr_offset);
+ set_stack_state(stack, offset, kind, type_die, ptr_offset, addr);
return stack;
}
stack = malloc(sizeof(*stack));
if (stack) {
- set_stack_state(stack, offset, kind, type_die, ptr_offset);
+ set_stack_state(stack, offset, kind, type_die, ptr_offset, addr);
list_add(&stack->list, &state->stack_vars);
}
return stack;
@@ -913,7 +917,7 @@ static void update_var_state(struct type_state *state, struct data_loc_info *dlo
continue;
findnew_stack_state(state, offset, TSR_KIND_TYPE,
- &mem_die, /*ptr_offset=*/0);
+ &mem_die, /*ptr_offset=*/0, /*addr=*/0);
if (var->reg == state->stack_reg) {
pr_debug_dtp("var [%"PRIx64"] %#x(reg%d)",
@@ -1256,6 +1260,24 @@ static enum type_match_result check_matching_type(struct type_state *state,
if (dloc->op->offset < 0 && reg != state->stack_reg && reg != dloc->fbreg)
goto check_kernel;
}
+
+ if (state->regs[reg].kind == TSR_KIND_GLOBAL_ADDR) {
+ int var_offset;
+
+ pr_debug_dtp("global addr");
+
+ /*
+ * The register holds the address of a global variable. Try to
+ * find the variable by the address and get its type.
+ */
+ if (get_global_var_type(cu_die, dloc, dloc->ip, state->regs[reg].addr,
+ &var_offset, type_die)) {
+ dloc->type_offset = var_offset;
+ return PERF_TMR_OK;
+ }
+ /* No need to retry global variables */
+ return PERF_TMR_BAIL_OUT;
+ }
check_non_register:
if (reg == dloc->fbreg || reg == state->stack_reg) {
struct type_state_stack *stack;
diff --git a/tools/perf/util/annotate-data.h b/tools/perf/util/annotate-data.h
index c26130744260..bae15e1d6db8 100644
--- a/tools/perf/util/annotate-data.h
+++ b/tools/perf/util/annotate-data.h
@@ -37,6 +37,7 @@ enum type_state_kind {
TSR_KIND_PERCPU_POINTER,
TSR_KIND_POINTER,
TSR_KIND_CANARY,
+ TSR_KIND_GLOBAL_ADDR,
};
/**
@@ -187,6 +188,7 @@ struct type_state_reg {
u64 lifetime_end;
u8 kind;
u8 copied_from;
+ u64 addr;
};
/* Type information in a stack location, dynamically allocated */
@@ -199,6 +201,7 @@ struct type_state_stack {
int size;
bool compound;
u8 kind;
+ u64 addr;
};
/*
@@ -253,9 +256,9 @@ bool has_reg_type(struct type_state *state, int reg);
struct type_state_stack *findnew_stack_state(struct type_state *state,
int offset, u8 kind,
Dwarf_Die *type_die,
- int ptr_offset);
+ int ptr_offset, u64 addr);
void set_stack_state(struct type_state_stack *stack, int offset, u8 kind,
- Dwarf_Die *type_die, int ptr_offset);
+ Dwarf_Die *type_die, int ptr_offset, u64 addr);
struct type_state_stack *find_stack_state(struct type_state *state,
int offset);
bool get_global_var_type(Dwarf_Die *cu_die, struct data_loc_info *dloc,
--
2.34.1