> Uh... fine-grained dynamic analysis w/o program recompilation is
> somewhat above current state of the art for dynamic analysis.
> It's possible to insert lots of NOPs into code, and then dynamically
> patch it. This will bloat code size, and thus potentially decrease
> execution speed.
You don't have to insert NOPs. DTrace patches the code, and when
it traps it will emulate what it was overwritten. Very similar to
floating point emulation in the kernel. Programs are slowed down
only when traced, and in practice the overhead is very small,
fractions of a percent for usual scripts. I regularly use DTrace
to debug time-sensitive races. Even if you trace every function in
the program, the time overhead is less than 2x.
> Moreover all these approaches can only answer questions about future,
> e.g. tell me who will modify this variable. Answering questions
> about program past, e.g. now that I got this panic, tell me who
> modified this variable, requires memorization of astonishing amount
> of information.
That's why you can do speculative tracing, which is the biggest
architectural difference between DTrace and perf/ktap. You can
record a huge amount of data, and at some point in the future you
decide if you really need it or not. If you don't need it (e.g. the
code didn't exhibit the behavior you are interested in), the data
is discarded. It's not magic, you can't just ask "who modified this
variable in the past?", but you can tell it to record that information
and the volume of information is in practice manageable.
> So it can't run on live applications and is usually specialized to
> answer very particular type of questions.
Very much disagree, I run it on live production binaries to answer
arbitrary types of questions. For Go, it's not quite there yet;
e.g. for C I can just inspect any data using C-like sytax. I have
full access to types and everything. I can easily walk trees and
lists. For Go all the functionality is there, I can access the data,
but it's raw data. I have to a priory generate struct offsets and
write casts by hand. It's very ugly, that's why I want to make it
on par with C.
I'll try to find some time to write about this.