我正在使用一种名为Intel Pin的二进制检测工具。然而,当我检查 Pin 附带的部分示例时,我遇到了这个奇怪的术语。以下是相关部分:
VOID CallTrace(TRACE trace, INS ins)
{
if (!KnobTraceCalls)
return;
if (INS_IsCall(ins) && !INS_IsDirectBranchOrCall(ins))
{
// Indirect call
string s = "Call " + FormatAddress(INS_Address(ins), TRACE_Rtn(trace));
s += " -> ";
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(EmitIndirectCall), IARG_THREAD_ID,
IARG_PTR, new string(s), IARG_BRANCH_TARGET_ADDR,
IARG_G_ARG0_CALLER, IARG_G_ARG1_CALLER, IARG_END);
}
else if (INS_IsDirectBranchOrCall(ins))
{
// Is this a tail call?
RTN sourceRtn = TRACE_Rtn(trace);
RTN destRtn = RTN_FindByAddress(INS_DirectBranchOrCallTargetAddress(ins));
if (INS_IsCall(ins) // conventional call
|| sourceRtn != destRtn // tail call
)
{
BOOL tailcall = !INS_IsCall(ins);
string s = "";
if (tailcall)
{
s += "Tailcall ";
}
else
{
if( INS_IsProcedureCall(ins) )
s += "Call ";
else
{
s += "PcMaterialization ";
tailcall=1;
}
}
//s += INS_Mnemonic(ins) + " ";
s += FormatAddress(INS_Address(ins), TRACE_Rtn(trace));
s += " -> ";
ADDRINT target = INS_DirectBranchOrCallTargetAddress(ins);
s += FormatAddress(target, RTN_FindByAddress(target));
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(EmitDirectCall),
IARG_THREAD_ID, IARG_PTR, new string(s), IARG_BOOL, tailcall,
IARG_G_ARG0_CALLER, IARG_G_ARG1_CALLER, IARG_END);
}
}
else if (INS_IsRet(ins))
{
RTN rtn = TRACE_Rtn(trace);
#if defined(TARGET_LINUX) && defined(TARGET_IA32)
// if( RTN_Name(rtn) == "_dl_debug_state") return;
if( RTN_Valid(rtn) && RTN_Name(rtn) == "_dl_runtime_resolve") return;
#endif
string tracestring = "Return " + FormatAddress(INS_Address(ins), rtn);
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(EmitReturn),
IARG_THREAD_ID, IARG_PTR, new string(tracestring), IARG_G_RESULT0, IARG_END);
}
}
此方法确定指令实际执行的操作(直接调用、间接调用、尾调用、返回和未知的 Pc Materialization)。
这是完整的代码。
那么这到底是什么意思呢?我试过谷歌搜索 - 没有相关结果。