Skip to content

Instantly share code, notes, and snippets.

@0xB10C

0xB10C/bitcoin-core-tracepoint-nop-assembly.md

Created December 14, 2021 17:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 0xB10C/0edbbbe462fc70a0c298f64aa73ff37c to your computer and use it in GitHub Desktop.
Save 0xB10C/0edbbbe462fc70a0c298f64aa73ff37c to your computer and use it in GitHub Desktop.
Download ZIP
Answering the question "7. Can you verify that the tracepoints are NOPs in the binaries? If yes, how?" from https://bitcoincore.reviews/23724
Raw
bitcoin-core-tracepoint-nop-assembly.md

Can you verify that the tracepoints are NOPs in the binaries? If yes, how?

Yes, we can verify that the tracepoints are indeed nop assembly operations in a Bitcoin Core binary with tracepoints.

Listing tracepoint locations in the binary

The Bitcoin Core doc/tracing.md contains a section on listing avaliabe tracepoints.

For example, readelf -n src/bitcoind can be used to list ELF notes in the binary. There is an ELF note in the stapsdt section for each tracepoint. This note contains the location of the tracepoint in the binary.

$ readelf -n src/bitcoind
[..]
Displaying notes found in: .note.stapsdt
  Owner                Data size 	Description
  stapsdt              0x0000005c	NT_STAPSDT (SystemTap probe descriptors)
    Provider: net
    Name: outbound_message
    Location: 0x00000000000e89e8, Base: 0x000000000057ff20, Semaphore: 0x0000000000000000
    Arguments: -8@%r13 8@%r15 8@%rdi 8@24(%r14) 8@%rax 8@%rdx
[..]

The tracepoint location can be listed with gdb too. Using the command info probes in a gdb session with the Bitcoin Core binary loaded lists information about the tracepoints too.

$ gdb src/bitcoind
GNU gdb (GDB) 10.2
[..]
Reading symbols from src/bitcoind...
(gdb) info probes
Type Provider   Name             Where              Semaphore Object
stap net        inbound_message  0x000000000011ebef           /home/user/path/to/bitcoin/src/bitcoind
stap net        outbound_message 0x00000000000e89e8           /home/user/path/to/bitcoin/src/bitcoind
[..]

The location of the net:outbound_message tracepoint is 0x00000000000e89e8 (or 0xe89e8) in both cases.

Showing NOPs

In a gdb session we can show the instruction at the address 0xe89e8 using the display command.

(gdb) display /i 0xe89e8
1: x/i 0xe89e8
   0xe89e8 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+968>:	nop

Aditionally, we can have a look at the instructions before the nop instruction using the command display /-40i with the address 0xe89e9 (0xe89e8 + 1).

(gdb) display/-40i 0xe89e9
   0xe8924 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+772>:	cmp    %rax,%rdi
   0xe8927 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+775>:	je     0xe893a <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+794>
   0xe8929 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+777>:	mov    0xb0(%rsp),%rax
   0xe8931 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+785>:	lea    0x1(%rax),%rsi
   0xe8935 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+789>:	call   0x24bc0 <_ZdlPvm@plt>
   0xe893a <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+794>:	mov    0xc0(%rsp),%rdi
   0xe8942 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+802>:	lea    0xd0(%rsp),%rax
   0xe894a <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+810>:	cmp    %rax,%rdi
   0xe894d <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+813>:	je     0xe8960 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+832>
   0xe894f <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+815>:	mov    0xd0(%rsp),%rax
   0xe8957 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+823>:	lea    0x1(%rax),%rsi
   0xe895b <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+827>:	call   0x24bc0 <_ZdlPvm@plt>
   0xe8960 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+832>:	lea    0x180(%rsp),%r12
   0xe8968 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+840>:	lea    0x41570d(%rip),%rsi        # 0x4fe07c
   0xe896f <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+847>:	mov    %r12,%rdi
   0xe8972 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+850>:	call   0xce4f0 <_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC4IS3_EEPKcRKS3_>
   0xe8977 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+855>:	xor    %edx,%edx
   0xe8979 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+857>:	mov    %r12,%rsi
   0xe897c <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+860>:	lea    0x570d1d(%rip),%rdi        # 0x6596a0 <gArgs>
   0xe8983 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+867>:	call   0x41da40 <_ZNK11ArgsManager10GetBoolArgERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb>
   0xe8988 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+872>:	mov    0x180(%rsp),%rdi
   0xe8990 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+880>:	lea    0x190(%rsp),%rbx
   0xe8998 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+888>:	mov    %eax,%r13d
   0xe899b <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+891>:	cmp    %rbx,%rdi
   0xe899e <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+894>:	je     0xe89b1 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+913>
   0xe89a0 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+896>:	mov    0x190(%rsp),%rax
   0xe89a8 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+904>:	lea    0x1(%rax),%rsi
   0xe89ac <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+908>:	call   0x24bc0 <_ZdlPvm@plt>
   0xe89b1 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+913>:	test   %r13b,%r13b
   0xe89b4 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+916>:	jne    0xe8cd0 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+1712>
   0xe89ba <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+922>:	mov    0x2d8(%rbp),%esi
   0xe89c0 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+928>:	mov    %r12,%rdi
   0xe89c3 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+931>:	mov    0x2c8(%rbp),%r13
   0xe89ca <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+938>:	mov    0x200(%rbp),%r15
   0xe89d1 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+945>:	call   0xd1640 <_Z22ConnectionTypeAsStringB5cxx1114ConnectionType>
   0xe89d6 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+950>:	mov    (%r14),%rdx
   0xe89d9 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+953>:	mov    0x8(%r14),%rax
   0xe89dd <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+957>:	mov    0x180(%rsp),%rdi
   0xe89e5 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+965>:	sub    %rdx,%rax
   0xe89e8 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+968>:	nop

This shows (a part of) the instructions for the net:outbound_message tracepoint's arguments.

The NOP can also be displayed with objdump by setting the --start-address to 0xe89e8 and the --end-address to 0xe89e9

$ objdump --start-address 0xe89e8 --stop-address 0xe89e9 -d src/bitcoind

src/bitcoind:     file format elf64-x86-64

Disassembly of section .text:

00000000000e89e8 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+0x3c8>:
   e89e8:	90                   	nop

The instructions before the NOP can be displayed with:

$ objdump --start-address 0xe8924 --stop-address 0xe89e9 -d src/bitcoind

src/bitcoind:     file format elf64-x86-64

Disassembly of section .text:

00000000000e8924 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+0x304>:
   e8924:	48 39 c7             	cmp    %rax,%rdi
   e8927:	74 11                	je     e893a <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+0x31a>
   e8929:	48 8b 84 24 b0 00 00 	mov    0xb0(%rsp),%rax
   e8930:	00
   e8931:	48 8d 70 01          	lea    0x1(%rax),%rsi
   e8935:	e8 86 c2 f3 ff       	callq  24bc0 <_ZdlPvm@plt>
   e893a:	48 8b bc 24 c0 00 00 	mov    0xc0(%rsp),%rdi
   e8941:	00
   e8942:	48 8d 84 24 d0 00 00 	lea    0xd0(%rsp),%rax
   e8949:	00
   e894a:	48 39 c7             	cmp    %rax,%rdi
   e894d:	74 11                	je     e8960 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+0x340>
   e894f:	48 8b 84 24 d0 00 00 	mov    0xd0(%rsp),%rax
   e8956:	00
   e8957:	48 8d 70 01          	lea    0x1(%rax),%rsi
   e895b:	e8 60 c2 f3 ff       	callq  24bc0 <_ZdlPvm@plt>
   e8960:	4c 8d a4 24 80 01 00 	lea    0x180(%rsp),%r12
   e8967:	00
   e8968:	48 8d 35 0d 57 41 00 	lea    0x41570d(%rip),%rsi        # 4fe07c <_ZTSN4init12_GLOBAL__N_112BitcoindInitE+0x64fc>
   e896f:	4c 89 e7             	mov    %r12,%rdi
   e8972:	e8 79 5b fe ff       	callq  ce4f0 <_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC2IS3_EEPKcRKS3_.constprop.0>
   e8977:	31 d2                	xor    %edx,%edx
   e8979:	4c 89 e6             	mov    %r12,%rsi
   e897c:	48 8d 3d 1d 0d 57 00 	lea    0x570d1d(%rip),%rdi        # 6596a0 <gArgs>
   e8983:	e8 b8 50 33 00       	callq  41da40 <_ZNK11ArgsManager10GetBoolArgERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb>
   e8988:	48 8b bc 24 80 01 00 	mov    0x180(%rsp),%rdi
   e898f:	00
   e8990:	48 8d 9c 24 90 01 00 	lea    0x190(%rsp),%rbx
   e8997:	00
   e8998:	41 89 c5             	mov    %eax,%r13d
   e899b:	48 39 df             	cmp    %rbx,%rdi
   e899e:	74 11                	je     e89b1 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+0x391>
   e89a0:	48 8b 84 24 90 01 00 	mov    0x190(%rsp),%rax
   e89a7:	00
   e89a8:	48 8d 70 01          	lea    0x1(%rax),%rsi
   e89ac:	e8 0f c2 f3 ff       	callq  24bc0 <_ZdlPvm@plt>
   e89b1:	45 84 ed             	test   %r13b,%r13b
   e89b4:	0f 85 16 03 00 00    	jne    e8cd0 <_ZN8CConnman11PushMessageEP5CNodeO17CSerializedNetMsg+0x6b0>
   e89ba:	8b b5 d8 02 00 00    	mov    0x2d8(%rbp),%esi
   e89c0:	4c 89 e7             	mov    %r12,%rdi
   e89c3:	4c 8b ad c8 02 00 00 	mov    0x2c8(%rbp),%r13
   e89ca:	4c 8b bd 00 02 00 00 	mov    0x200(%rbp),%r15
   e89d1:	e8 6a 8c fe ff       	callq  d1640 <_Z22ConnectionTypeAsStringB5cxx1114ConnectionType>
   e89d6:	49 8b 16             	mov    (%r14),%rdx
   e89d9:	49 8b 46 08          	mov    0x8(%r14),%rax
   e89dd:	48 8b bc 24 80 01 00 	mov    0x180(%rsp),%rdi
   e89e4:	00
   e89e5:	48 29 d0             	sub    %rdx,%rax
   e89e8:	90                   	nop
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment