On Tue, May 27, 2014 at 04:16:24PM -0400, erik quanstrom wrote:
> > you can see there is a JMP over _tracein and a RET before _traceout.
> > what gives?
> 
> ah, that's the magic!  the idea is to be able to enable and disable these tracepoints
> at runtime in a multiprocessor environment without any locking.
> 
> - erik
> 

ok. i'm beginning to understand better. is there a specific use case,
such as the kernel or userland?

i didn't see anything like a tool that could poke nops into the right
places. i started to write an acid function to put the nops in one
 named function, and then i realized that the ret can appear several
 times in one function and i would need to search for and patch them
 out. but only the *first* ret, not second, e.g.:

 setvar+0x3a 0x0000adf5	RET			<--- should be NOP
 setvar+0x3b 0x0000adf6	CALL	_traceout(SB)
 setvar+0x40 0x0000adfb	RET			<--- should not be NOP

 i was able to patch the JMP, and the RET but only in the case where it
 appears at the bottom of a function.

defn traceon(fn){
	bound = fnbound(fn);

	// nop first jmp
	*(bound[0]) = 0x90\b;
	*(bound[0]+1) = 0x90\b;

	// and the ret
	// XXX should search for ret
	*(bound[1]-7) = 0x90\b;
}


maybe these were not the droids i was looking for.
my real goal is to make timing statistics for function calls in a program.
perhaps this goal is better fulfilled simply by prof!