started on ir

ir.c

@@ -1,12 +1,245 @@
 #include <assert.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <linux/bpf.h>
 
 #include "ir.h"
 
 const uint16_t vreg_base = 0x8000;
 
+static const char *bpf_func_name(enum bpf_func_id id)
+{
+	switch (id) {
+	case BPF_FUNC_get_current_comm:
+		return "get_current_comm";
+	case BPF_FUNC_get_current_pid_tgid:
+		return "get_current_pid_tgid";
+	case BPF_FUNC_get_current_uid_gid:
+		return "get_current_uid_gid";
+	case BPF_FUNC_get_stackid:
+		return "get_stackid";
+	case BPF_FUNC_ktime_get_ns:
+		return "ktime_get_ns";
+	case BPF_FUNC_map_delete_elem:
+		return "map_delete_elem";
+	case BPF_FUNC_map_lookup_elem:
+		return "map_lookup_elem";
+	case BPF_FUNC_map_update_elem:
+		return "map_update_elem";
+	case BPF_FUNC_perf_event_output:
+		return "perf_event_output";
+	case BPF_FUNC_probe_read:
+		return "probe_read";
+	case BPF_FUNC_trace_printk:
+		return "trace_printk";
+	default:
+		return NULL;
+	}
+}
+
+static void reg_name(uint16_t reg, char *name)
+{
+        if (reg & vreg_base) {
+		sprintf(name, "v%u", reg & ~vreg_base);		
+	} else if (reg == BPF_REG_10) {
+		strcpy(name, "bp");
+	} else {
+		sprintf(name, "r%u", reg);
+	}
+}
+
+static void reg_dump(uint16_t reg, int16_t off, FILE *fp)
+{
+	char name[8];
+
+	reg_name(reg, name);
+
+	if (off < 0)
+		fprintf(fp, "[%s - 0x%x]", name, -off);
+	else if (off > 0)
+		fprintf(fp, "[%s + 0x%x]", name, off);
+	else
+		fprintf(fp, "%s", name);
+}
+
+static char size_name(uint8_t code)
+{
+	switch (BPF_SIZE(code)) {
+	case BPF_B:  return 'b';
+	case BPF_H:  return 'h';
+	case BPF_W:  return 'w';
+	case BPF_DW: return 'q';
+	}
+
+	return '?';
+}		
+
+static void alu_dump(uint8_t code, FILE *fp)
+{
+	switch (BPF_OP(code)) {
+	case BPF_MOV: fputs("mov", fp); break;
+	case BPF_ADD: fputs("add", fp); break;
+	case BPF_SUB: fputs("sub", fp); break;
+	case BPF_MUL: fputs("mul", fp); break;
+	case BPF_DIV: fputs("div", fp); break;
+	case BPF_OR : fputs("or",  fp); break;
+	case BPF_AND: fputs("and", fp); break;
+	case BPF_LSH: fputs("lsh", fp); break;
+	case BPF_RSH: fputs("rsh", fp); break;
+	case BPF_NEG: fputs("neg", fp); break;
+	case BPF_MOD: fputs("mod", fp); break;
+	case BPF_XOR: fputs("xor", fp); break;
+	}
+
+	switch (BPF_CLASS(code)) {
+	case BPF_ALU:   fputc(size_name(BPF_W), fp);
+	case BPF_ALU64: fputc(size_name(BPF_DW), fp);
+	}
+}
+
+static void offset_dump(int16_t off, FILE *fp)
+{
+	if (off < 0)
+		fprintf(fp, "L%d", -off);
+	else
+		fprintf(fp, "+%d", off);
+}
+
+static void __insn_dump(const struct bpf_insn insn, uint16_t dst, uint16_t src,
+			FILE *fp)
+{
+	const char *name;
+	enum {
+		OFF_NONE,
+		OFF_DST,
+		OFF_SRC,
+		OFF_EXP,
+	} off = OFF_NONE;
+
+	switch (BPF_CLASS(insn.code)) {
+	case BPF_LD:
+	case BPF_LDX:
+		off = OFF_SRC;
+		fprintf(fp, "ld%c", size_name(insn.code));
+		break;
+
+	case BPF_ST:
+	case BPF_STX:
+		off = OFF_DST;
+		fprintf(fp, "st%c", size_name(insn.code));
+		break;
+
+	case BPF_ALU:
+	case BPF_ALU64:
+		alu_dump(insn.code, fp);
+		break;
+
+	case BPF_JMP:
+		off = OFF_EXP;
+
+		switch (BPF_OP(insn.code)) {
+		case BPF_EXIT:
+			fputs("exit", fp);
+			return;
+		case BPF_CALL:
+			fputs("call\t", fp);
+
+			name = bpf_func_name(insn.imm);
+			if (name)
+				fputs(name, fp);
+			else
+				fprintf(fp, "%d", insn.imm);
+			return;
+		case BPF_JA:
+			fputs("ja\t", fp);
+			offset_dump(insn.off, fp);
+			return;
+
+		case BPF_JEQ:  fputs("jeq", fp); break;
+		case BPF_JNE:  fputs("jne", fp); break;
+		case BPF_JGT:  fputs("jgt", fp); break;
+		case BPF_JGE:  fputs("jge", fp); break;
+		case BPF_JSGE: fputs("jsge", fp); break;
+		case BPF_JSGT: fputs("jsgt", fp); break;
+		default:
+			goto unknown;
+		}
+		break;
+
+	default:
+		goto unknown;
+	}
+
+	fputc('\t', fp);
+	reg_dump(dst, off == OFF_DST ? insn.off : 0, fp);		
+	fputs(", ", fp);
+
+	if (BPF_CLASS(insn.code) == BPF_LDX || BPF_CLASS(insn.code) == BPF_STX)
+		goto reg_src;
+
+	switch (BPF_SRC(insn.code)) {
+	case BPF_K:
+		fprintf(fp, "#%s0x%x", insn.imm < 0 ? "-" : "",
+			insn.imm < 0 ? -insn.imm : insn.imm);
+		break;
+	case BPF_X:
+	reg_src:
+		reg_dump(src, off == OFF_SRC ? insn.off : 0, fp);		
+		break;
+	}
+
+	if (off == OFF_EXP) {
+		fputs(", ", fp);
+		offset_dump(insn.off, fp);
+	}
+
+	return;
+
+unknown:
+	fprintf(fp, "data\t0x%16.16" PRIx64 "\n", *((uint64_t *)&insn));	
+}
+
+void insn_dump(struct bpf_insn insn, FILE *fp)
+{
+	__insn_dump(insn, insn.dst_reg, insn.src_reg, fp);
+}
+
+void vinsn_dump(vinsn_t *vi, FILE *fp)
+{
+	switch (vi->vitype) {
+	case VI_INSN:
+		__insn_dump(vi->insn.bpf, vi->insn.dst, vi->insn.src, fp);
+		return;
+	case VI_LABEL:
+		offset_dump(vi->label, fp);
+		fputc(':', fp);
+		return;
+	case VI_REG_GET:
+	case VI_REG_PUT:
+		fputs((vi->vitype == VI_REG_GET) ? "+ " : "- ", fp);
+		reg_dump(vi->reg, 0, fp);
+		return;
+	}
+}
+
+void ir_dump(ir_t *ir, FILE *fp)
+{
+	size_t i;
+
+	for (i = 0; i < ir->len; i++) {
+		if (ir->vi[i].vitype == VI_INSN)
+			fputc('\t', fp);
+
+		vinsn_dump(&ir->vi[i], fp);
+		fputc('\n', fp);
+	}
+}
+
 static void ir_emit(ir_t *ir, vinsn_t *vi)
 {
-	ir->vi = realloc(ir->vi, ++ir->len);
+	ir->vi = realloc(ir->vi, (++ir->len)*sizeof(*vi));
 	assert(ir->vi);
 
 	ir->vi[ir->len - 1] = *vi;
@@ -29,6 +262,7 @@ void ir_emit_label  (ir_t *ir, int16_t label)
 
 	vi.vitype = VI_LABEL;
 	vi.label = label;
+	ir_emit(ir, &vi);
 }
 
 void ir_emit_reg_get(ir_t *ir, uint16_t reg)
@@ -37,6 +271,7 @@ void ir_emit_reg_get(ir_t *ir, uint16_t reg)
 
 	vi.vitype = VI_REG_GET;
 	vi.reg = reg;
+	ir_emit(ir, &vi);
 }
 
 void ir_emit_reg_put(ir_t *ir, uint16_t reg)
@@ -45,6 +280,7 @@ void ir_emit_reg_put(ir_t *ir, uint16_t reg)
 
 	vi.vitype = VI_REG_PUT;
 	vi.reg = reg;
+	ir_emit(ir, &vi);
 }
 
 int16_t ir_alloc_label (ir_t *ir)

ir.h

@@ -6,6 +6,37 @@
 
 #include <linux/bpf.h>
 
+#define INSN(_code, _dst, _src, _off, _imm)	\
+	((struct bpf_insn) {			\
+		.code  = _code,			\
+		.dst_reg = _dst,		\
+		.src_reg = _src,		\
+		.off   = _off,			\
+		.imm   = _imm			\
+	})
+
+#define MOV(_dst, _src)     INSN(BPF_ALU64 | BPF_MOV | BPF_X, _dst, _src, 0, 0)
+#define MOV_IMM(_dst, _imm) INSN(BPF_ALU64 | BPF_MOV | BPF_K, _dst, 0, 0, _imm)
+
+#define EXIT INSN(BPF_JMP | BPF_EXIT, 0, 0, 0, 0)
+#define CALL(_imm) INSN(BPF_JMP | BPF_CALL, 0, 0, 0, _imm)
+#define JMP(_op, _dst, _src, _off)     INSN(BPF_JMP | BPF_OP((_op)) | BPF_X, _dst, _src, _off, 0)
+#define JMP_IMM(_op, _dst, _imm, _off) INSN(BPF_JMP | BPF_OP((_op)) | BPF_K, _dst, 0, _off, _imm)
+
+#define ALU(_op, _dst, _src)     INSN(BPF_ALU64 | BPF_OP((_op)) | BPF_X, _dst, _src, 0, 0)
+#define ALU_IMM(_op, _dst, _imm) INSN(BPF_ALU64 | BPF_OP((_op)) | BPF_K, _dst, 0, 0, _imm)
+
+#define STW_IMM(_dst, _off, _imm) INSN(BPF_ST  | BPF_SIZE(BPF_W)  | BPF_MEM, _dst, 0, _off, _imm)
+#define STXB(_dst, _off, _src)   INSN(BPF_STX | BPF_SIZE(BPF_B) | BPF_MEM, _dst, _src, _off, 0)
+#define STXH(_dst, _off, _src)   INSN(BPF_STX | BPF_SIZE(BPF_H) | BPF_MEM, _dst, _src, _off, 0)
+#define STXW(_dst, _off, _src)   INSN(BPF_STX | BPF_SIZE(BPF_W) | BPF_MEM, _dst, _src, _off, 0)
+#define STXDW(_dst, _off, _src)   INSN(BPF_STX | BPF_SIZE(BPF_DW) | BPF_MEM, _dst, _src, _off, 0)
+
+#define LDXB(_dst, _off, _src)  INSN(BPF_LDX | BPF_SIZE(BPF_B)  | BPF_MEM, _dst, _src, _off, 0)
+#define LDXH(_dst, _off, _src)  INSN(BPF_LDX | BPF_SIZE(BPF_H)  | BPF_MEM, _dst, _src, _off, 0)
+#define LDXW(_dst, _off, _src)  INSN(BPF_LDX | BPF_SIZE(BPF_W)  | BPF_MEM, _dst, _src, _off, 0)
+#define LDXDW(_dst, _off, _src) INSN(BPF_LDX | BPF_SIZE(BPF_DW) | BPF_MEM, _dst, _src, _off, 0)
+
 typedef enum vitype {
 	VI_INSN,
 	VI_LABEL,
@@ -36,6 +67,10 @@ typedef struct ir {
 	uint16_t next_reg;
 } ir_t;
 
+void insn_dump(struct bpf_insn insn, FILE *fp);
+void vinsn_dump(vinsn_t *vi, FILE *fp);
+void ir_dump(ir_t *ir, FILE *fp);
+
 int16_t  ir_alloc_label   (ir_t *ir);
 uint16_t ir_alloc_register(ir_t *ir);
 

kprobe.c

@@ -10,6 +10,21 @@
 struct kprobe {
 };
 
+static int kprobe_ir_prologue(prog_t *prog)
+{
+	sym_t *ctx = sym_get(prog->locals, "ctx");
+
+	if (!ctx)
+		return 0;
+
+	ctx->reg = ir_alloc_register(prog->ir);
+	ir_emit_reg_get(prog->ir, ctx->reg);
+
+	/* kernel sets r1 to the address of the context */
+	ir_emit_insn(prog->ir, MOV(0, 0), ctx->reg, BPF_REG_1);
+	return 0;
+}
+
 static inline int is_arg(const char *name)
 {
 	return (strstr(name, "arg") == name)
@@ -21,7 +36,7 @@ static int kprobe_rewrite_arg(prog_t *prog, node_t *n)
 {
 	const char *reg;
 	int arg = n->ident[3] - '0';
-	node_t *new;
+	node_t *new, *ctx;
 
 	reg = arch_register_argument(arg);
 	if (!reg) {
@@ -32,20 +47,24 @@ static int kprobe_rewrite_arg(prog_t *prog, node_t *n)
 		return -EINVAL;
 	}
 
+	ctx = node_ident("ctx");
+
 	/* argN => (*ctx).REG */
 	new = node_vlist(node_keyword('.', 0),
 			 node_vlist(node_keyword('*', 0),
-				    node_ident("ctx"),
+				    ctx,
 				    NULL),
 			 node_string(reg),
 			 NULL);
 
+	ctx->type = type_ptr_of(&t_pt_regs);
 	new->type = n->type;
 	new->list->type = &t_void;
 	new->list->next->type = &t_pt_regs;
 	new->list->next->list->type = &t_void;
-	new->list->next->list->next->type = type_ptr_of(&t_pt_regs);
-	return node_replace(n, new);
+	node_replace(n, new);
+
+	return sym_add(prog->locals, ctx->ident, ctx->type, &ctx->sym);
 }
 
 static int kprobe_rewrite_node(prog_t *prog, node_t *n)
@@ -85,6 +104,7 @@ static int kprobe_probe(prog_t *prog)
 provider_t kprobe = {
 	.name = "kprobe",
 
+	.ir_prologue = kprobe_ir_prologue,
 	.rewrite_node = kprobe_rewrite_node,
 	.resolve = kprobe_resolve,
 	.probe = kprobe_probe,

ply.c

@@ -83,6 +83,7 @@ ctx_t *ctx_get(void)
 
 	prog->provider = provider_get("k");
 	prog->provider->probe(prog);
+	prog->ir = ir_new();
 	ctx->progs[0] = prog;
 
 	/* PROBE1 */
@@ -111,6 +112,7 @@ ctx_t *ctx_get(void)
 
 	prog->provider = provider_get("k");
 	prog->provider->probe(prog);
+	prog->ir = ir_new();
 	ctx->progs[1] = prog;
 
 	return ctx;
@@ -374,7 +376,45 @@ int pass_rewrite_ast(node_t *n, void *_prog)
 	return 0;
 }
 
-int pass_walk(pass_t *pass, ctx_t *ctx)
+int pass_generate_ir(node_t *n, void *_prog)
+{
+	prog_t *prog = _prog;
+
+	return 0;
+}
+
+int run_generate_ir(pass_t *pass, ctx_t *ctx)
+{
+	prog_t **progp;
+	int err;
+
+	for (progp = ctx->progs; *progp; progp++) {
+		prog_t *prog = *progp;
+
+		int return_label = ir_alloc_label(prog->ir);
+
+		err = prog->provider->ir_prologue ?
+			prog->provider->ir_prologue(prog) : 0;
+		if (err)
+			return err;
+
+		err = node_walk(prog->ast, pass->pre, pass->post, prog);
+		if (err)
+			return err;
+
+		err = prog->provider->ir_epilogue ?
+			prog->provider->ir_epilogue(prog) : 0;
+		if (err)
+			return err;
+
+		ir_emit_label(prog->ir, return_label);
+		ir_emit_insn(prog->ir, EXIT, 0, 0);
+	}
+
+	return 0;
+}
+
+int run_walk(pass_t *pass, ctx_t *ctx)
 {
 	prog_t **prog;
 	int err;
@@ -389,12 +429,13 @@ int pass_walk(pass_t *pass, ctx_t *ctx)
 }
 
 pass_t passes[] = {
-	{ .run = pass_walk, .post = pass_resolve_symbols },
-	{ .run = pass_walk, .post = pass_infer_types },
-	{ .run = pass_walk, .post = pass_infer_types },
-	{ .run = pass_walk, .post = pass_infer_types },
-	{ .run = pass_walk, .post = pass_validate_types },
-	{ .run = pass_walk, .post = pass_rewrite_ast },
+	{ .run = run_walk, .post = pass_resolve_symbols },
+	{ .run = run_walk, .post = pass_infer_types },
+	{ .run = run_walk, .post = pass_infer_types },
+	{ .run = run_walk, .post = pass_infer_types },
+	{ .run = run_walk, .post = pass_validate_types },
+	{ .run = run_walk, .post = pass_rewrite_ast },
+	{ .run = run_generate_ir },
 
 	{ NULL }
 };
@@ -417,6 +458,8 @@ int main(void)
 		node_dump((*prog)->ast, stdout);
 		printf("\n-- locals\n");
 		symtab_dump((*prog)->locals, stdout);
+		printf("-- ir\n");
+		ir_dump((*prog)->ir, stdout);
 	}
 
 	printf("\n\n-- globals\n");

ply.h

@@ -5,6 +5,7 @@
 #include "sym.h"
 #include "type.h"
 #include "arch.h"
+#include "ir.h"
 
 typedef struct prog prog_t;
 typedef struct provider provider_t;
@@ -18,6 +19,8 @@ struct prog {
 
 	provider_t *provider;
 	void *provider_data;
+
+	ir_t *ir;
 };
 
 typedef struct ctx {
@@ -32,6 +35,8 @@ struct provider {
 	int (*probe)(prog_t *);
 	int (*resolve)(prog_t *, node_t *);
 	int (*rewrite_node)(prog_t *, node_t *);
+	int (*ir_prologue)(prog_t *);
+	int (*ir_epilogue)(prog_t *);
 };
 
 void provider_register(provider_t *prov);

sym.h

@@ -1,6 +1,8 @@
 #ifndef _PLY_SYM_H
 #define _PLY_SYM_H
 
+#include <stdint.h>
+
 #include "type.h"
 
 typedef struct symtab symtab_t;
@@ -9,6 +11,8 @@ typedef struct sym {
 	symtab_t *st;
 	const char *name;
 	type_t *type;
+
+	uint16_t reg;
 } sym_t;
 
 struct symtab {