Re: [PATCH RFC 1/6] perf/x86: Add perf text poke event

[Peter Zijlstra]

On Wed, Oct 30, 2019 at 10:19:50PM +0800, Leo Yan wrote:
> On Wed, Oct 30, 2019 at 01:46:59PM +0100, Peter Zijlstra wrote:
> > On Wed, Oct 30, 2019 at 06:47:47PM +0800, Leo Yan wrote:

> > Anyway, the below argument doesn't care much, it works for NOP/JMP just
> > fine.
> 
> We can support NOP/JMP case as the first step, but later should can
> extend to support other transitions.

Since all instructions (with the possible exception of RET) are
unconditional branch instructions: NOP, JMP, CALL. It makes no read
difference to the argument below.

( I'm thinking RET might be special in that it reads the return address
from the stack and therefore must emit the whole IP into the stream, as
we cannot know the stack state )

> > > we need to update dso cache for the
> > > 'PERF_TEXT_POKE_UPDATE_PREV' event; if detect the instruction is
> > > changed from branch to nop, we need to update dso cache for
> > > 'PERF_TEXT_POKE_UPDATE_POST' event.  The main idea is to ensure the
> > > branch instructions can be safely contained in the dso file and any
> > > branch samples can read out correct branch instruction.
> > > 
> > > Could you confirm this is the same with your understanding?  Or I miss
> > > anything?  I personally even think the pair events can be used for
> > > different arches (e.g. the solution can be reused on Arm64/x86, etc).
> > 
> > So the problem we have with PT is that it is a bit-stream of
> > branch taken/not-taken decisions. In order to decode that we need to
> > have an accurate view of the unconditional code flow.
> > 
> > Both NOP/JMP are unconditional and we need to exactly know which of the
> > two was encountered.
> 
> If I understand correctly, PT decoder needs to read out instructions
> from dso and decide the instruction type (NOP or JMP), and finally
> generate the accurate code flow.
> 
> So PT decoder relies on (cached) DSO for decoding.  As I know, this
> might be different from Arm CS, since Arm CS decoder is merely
> generate packets and it doesn't need to rely on DSO for decoding.

Given a start point (from a start or sync packet) we scan the
instruction stream forward until the first conditional branch
instruction. Then we consume the next available branch decision bit to
know where to continue.

So yes, we need to have a correct text image available for this to work.

> > With your scheme, I don't see how we can ever actually know that. When
> > we get the PRE event, all we really know is that we're going to change
> > a specific instruction into another. And at the POST event we know it
> > has been done. But in between these two events, we have no clue which of
> > the two instructions is live on which CPU (two CPUs might in fact have a
> > different live instruction at the same time).
> >
> > This means we _cannot_ unambiguously decode a taken/not-taken decision
> > stream.
> > 
> > Does CS have this same problem, and how would the PRE/POST events help
> > with that?
> 
> My purpose is to use PRE event and POST event to update cached DSO,
> thus perf tool can read out 'correct' instructions and fill them into
> instruction/branch samples.

The thing is, as I argued, the instruction state between PRE and POST is
ambiguous. This makes it impossible to decode the branch decision
stream.

Suppose CPU0 emits the PRE event at T1 and the POST event at T5, but we
have CPU1 covering the instruction at T3.

How do you decide where CPU1 goes and what the next conditional branch
is?