Quantcast

About lua memory/address breakpoints.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

About lua memory/address breakpoints.

Xianfu Pan
I wanna achieve a function that mark value as a watch point, when the value changes, it triggers an event LUA_HOOKWATCH. My intention is to find at witch point and who stealthily changed the value of a specific address(TValue).

I redefine TValuefiled as "Value value_, int watch_:1, int tt_:31". So when TValue, the variant,  who stores the value executes assignment operation, it notifies, if watch_ flag == 1;

I also redefine setobj "...; if (o1->watch_) luaD_hook(LUA_HOOKWATCH); o1->value_ = o2->value_; o1->tt_ = o2->tt_";

My issue is how to mark all Tvalues born with watch_ = 0(not to be watched by default);  and how to locate the Tvalue I hope to watch so that I can mark its watch_ = 1.

More detail, what assignment macros such as setobj, setobj2s, should I redefine?

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: About lua memory/address breakpoints.

彭 书呆
在 2017/5/13 13:36, Xianfu Pan 写道:

> I wanna achieve a function that mark value as a watch point, when the value changes, it triggers an event LUA_HOOKWATCH. My intention is to findat witch point and who stealthily changed the value of a specific address(TValue).
>
> I redefine TValuefiled as "Value value_, int watch_:1, int tt_:31". So when TValue, the variant,  who stores the value executes assignment operation, it notifies, if watch_ flag == 1;
>
> I also redefine setobj "...; if (o1->watch_) luaD_hook(LUA_HOOKWATCH); o1->value_ = o2->value_; o1->tt_ = o2->tt_";
>
> My issue is how to mark all Tvaluesborn with watch_ = 0(not to be watched by default);  and how to locate the Tvalue I hope to watch so that Ican mark its watch_ = 1.
>
> More detail, what assignment macros such as setobj, setobj2s, should I redefine?
>

I'd rather suggest another solution: add a new special type tag instead of changing the existing tag's meaning.
then add a function to create a value with this special type. then you just need a simple check.

you may fine tune your policies like on what occasion should Lua trigger the hook, whether overwriting a guard
value with another guard value triggers the hook, whether the guard valuecan be used as table keys, etc.

the mechanism is simple and flexible.


e.g. the new tag could be called LUA_TGUARD, a function lua_pushguard(L) to create a guard value. depending on
your requirement, you might or might not expose the function to Lua side,possibly inside the debug.* namespace.

--
the nerdy Peng / 书呆彭 /


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: About lua memory/address breakpoints.

彭 书呆
在 2017/5/13 15:43, 彭 书呆 写道:

> 在 2017/5/13 13:36, Xianfu Pan 写道:
>> I wanna achieve a function that mark value as a watch point, when the value changes, it triggers an event LUA_HOOKWATCH. My intention is to findat witch point and who stealthily changed the value of a specific address(TValue).
>>
>> I redefine TValuefiled as "Value value_, int watch_:1, int tt_:31". Sowhen TValue, the variant,  who stores the value executes assignment operation, it notifies, if watch_ flag == 1;
>>
>> I also redefine setobj "...; if (o1->watch_) luaD_hook(LUA_HOOKWATCH);o1->value_ = o2->value_; o1->tt_ = o2->tt_";
>>
>> My issue is how to mark all Tvaluesborn with watch_ = 0(not to be watched by default);  and how to locate the Tvalue I hope to watch so that Ican mark its watch_ = 1.
>>
>> More detail, what assignment macros such as setobj, setobj2s, should Iredefine?
>>
>
> I'd rather suggest another solution: add a new special type tag insteadof changing the existing tag's meaning.
> then add a function to create a value with this special type. then you just need a simple check.
>
> you may fine tune your policies like on what occasion should Lua trigger the hook, whether overwriting a guard
> value with another guard value triggers the hook, whether the guard valuecan be used as table keys, etc.
>
> the mechanism is simple and flexible.
>
>
> e.g. the new tag could be called LUA_TGUARD, a function lua_pushguard(L) to create a guard value. depending on
> your requirement, you might or might not expose the function to Lua side,possibly inside the debug.* namespace.
>

that being said, I suppose there might be a better way to solve your problem. I mean, I don't think you really
need to pay so much penalty just to figure out "who is the sneaky guy", unless you are dealing with some
extreme uncanny situation that I can't imagine.

for table fields modifications (including global variables, which is simply fields of the __ENV table), you can
use a proxy table to achieve that.

for inlined the stack frame slots and upvalues, I believe some kind of byte code analyzers could do the check.

even for C code that talks to Lua through the API, you can simply run your host program inside a native debugger,
and set some conditional break points at the entry of related API functions, like lua_setfield, lua_setglobal,
lua_seti, and also lua_rawset and the like, etc.


if you describe what at the first place you tried to achieve in more detail, people could give more specific advices.

good luck with the debugging rabbit hole!

--
the nerdy Peng / 书呆彭 /


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: About lua memory/address breakpoints.

Xianfu Pan
for table fields modifications (including global variables, which is simply fields of the __ENV table), you can
use a proxy table to achieve that.
Mostly, I am concerned about lua table field modified. Ups and stack slots are rarely meaningful.
But I don't hope to use a proxy because it modifies the running code.

Finally, I redefine only "setobj2t, assignment to a lua table field" as an event trigger,  and it really helps. I can ensure fields born watch_ = 0
even after rehashing.

set some conditional break points at the entry of related API functions, like lua_setfield, lua_setglobal,
lua_seti, and also lua_rawset and the like, etc.
This sounds like a good idea. 

2017-05-13 16:03 GMT+08:00 彭 书呆 <[hidden email]>:
在 2017/5/13 15:43, 彭 书呆 写道:
> 在 2017/5/13 13:36, Xianfu Pan 写道:
>> I wanna achieve a function that mark value as a watch point, when the value changes, it triggers an event LUA_HOOKWATCH. My intention is to findat witch point and who stealthily changed the value of a specific address(TValue).
>>
>> I redefine TValuefiled as "Value value_, int watch_:1, int tt_:31". Sowhen TValue, the variant,  who stores the value executes assignment operation, it notifies, if watch_ flag == 1;
>>
>> I also redefine setobj "...; if (o1->watch_) luaD_hook(LUA_HOOKWATCH);o1->value_ = o2->value_; o1->tt_ = o2->tt_";
>>
>> My issue is how to mark all Tvaluesborn with watch_ = 0(not to be watched by default);  and how to locate the Tvalue I hope to watch so that Ican mark its watch_ = 1.
>>
>> More detail, what assignment macros such as setobj, setobj2s, should Iredefine?
>>
>
> I'd rather suggest another solution: add a new special type tag insteadof changing the existing tag's meaning.
> then add a function to create a value with this special type. then you just need a simple check.
>
> you may fine tune your policies like on what occasion should Lua trigger the hook, whether overwriting a guard
> value with another guard value triggers the hook, whether the guard valuecan be used as table keys, etc.
>
> the mechanism is simple and flexible.
>
>
> e.g. the new tag could be called LUA_TGUARD, a function lua_pushguard(L) to create a guard value. depending on
> your requirement, you might or might not expose the function to Lua side,possibly inside the debug.* namespace.
>

that being said, I suppose there might be a better way to solve your problem. I mean, I don't think you really
need to pay so much penalty just to figure out "who is the sneaky guy", unless you are dealing with some
extreme uncanny situation that I can't imagine.

for table fields modifications (including global variables, which is simply fields of the __ENV table), you can
use a proxy table to achieve that.

for inlined the stack frame slots and upvalues, I believe some kind of byte code analyzers could do the check.

even for C code that talks to Lua through the API, you can simply run your host program inside a native debugger,
and set some conditional break points at the entry of related API functions, like lua_setfield, lua_setglobal,
lua_seti, and also lua_rawset and the like, etc.


if you describe what at the first place you tried to achieve in more detail, people could give more specific advices.

good luck with the debugging rabbit hole!

--
the nerdy Peng / 书呆彭 /



Loading...