Re: [PATCH v2 12/16] perf annotate-arm64: Support 'mov' instruction tracking

[Tengda Wu]

On 2026/4/10 14:39, Namhyung Kim wrote:
> On Fri, Apr 03, 2026 at 09:47:56AM +0000, Tengda Wu wrote:
>> Extend update_insn_state() for arm64 to handle register-to-register
>> 'mov' instructions.
>>
>> When a 'mov' instruction occurs between two registers, the data type
>> information (DWARF type, kind, and offset) needs to be propagated from
>> the source register to the destination register. This ensures that if
>> a pointer or a structure was previously identified in one register,
>> the tracker continues to recognize it after it is moved.
>>
>> A real-world example is shown below:
>>
>>   ffff8000803eebf8 <get_vma_policy>:
>>   ffff8000803eec20:  mov  x21, x0  // x0 (struct vm_area_struct*) -> x21
>>   ffff8000803eec28:  ldr  x2, [x0, #112]
>>   ffff8000803eec2c:  cbz  x2, ffff8000803eec94 <get_vma_policy+0x9c>
>>   ffff8000803eec94:  ldr  x0, [x21, #152]  // PMU sample
>>
>> Before this commit, the type of x21 was unknown, causing the subsequent
>> inference to fail:
>>
>>   var [0] reg0 offset 0 type='struct vm_area_struct*' size=0x8
>>   chk [9c] reg21 offset=0x98 ok=0 kind=0 cfa : no type information
>>   final result: no type information
>>
>> After this commit, the type of x21 is correctly inferred as 'vm_area_struct':
>>
>>   var [0] reg0 offset 0 type='struct vm_area_struct*' size=0x8
>>   mov [28] reg0 -> reg21 type='struct vm_area_struct*' size=0x8
>>   chk [9c] reg21 offset=0x98 ok=1 kind=1 (struct vm_area_struct*) : Good!
>>   found by insn track: 0x98(reg21) type-offset=0x98
>>   final result:  type='struct vm_area_struct' size=0xb0
>>
>> Signed-off-by: Tengda Wu <wutengda@xxxxxxxxxxxxxxx>
>> ---
>>  .../perf/util/annotate-arch/annotate-arm64.c  | 28 +++++++++++++++++++
>>  1 file changed, 28 insertions(+)
>>
>> diff --git a/tools/perf/util/annotate-arch/annotate-arm64.c b/tools/perf/util/annotate-arch/annotate-arm64.c
>> index f9100230c2f6..013b673f4861 100644
>> --- a/tools/perf/util/annotate-arch/annotate-arm64.c
>> +++ b/tools/perf/util/annotate-arch/annotate-arm64.c
>> @@ -308,6 +308,34 @@ static void update_insn_state_arm64(struct type_state *state,
>>  	sreg = src->reg1;
>>  	dreg = dst->reg1;
>>  
>> +	/* Register to register transfers */
>> +	if (!strcmp(dl->ins.name, "mov")) {
>> +		if (!has_reg_type(state, sreg))
>> +			return;
>> +
>> +		tsr = &state->regs[sreg];
>> +		tsr->copied_from = -1;
>> +
>> +		if (!has_reg_type(state, dreg) ||
>> +		    !state->regs[dreg].ok) {
>> +			tsr->ok = false;
>> +			return;
>> +		}
> 
> Does this handle an immediate value?
> 

I actually had immediate value support in an earlier draft, but I removed it
because the introduction of a new TSR_KIND_CONST type made state maintenance
a bit complex, and I hadn't fully thought through the logic at that time.

However, supporting it is definitely better for completeness. I'll try to
implement it properly.

Thanks,
Tengda

>> +
>> +		tsr->type = state->regs[dreg].type;
>> +		tsr->kind = state->regs[dreg].kind;
>> +		tsr->offset = state->regs[dreg].offset;
>> +		tsr->ok = true;
> 
> Probably safe to use 'state->regs[dreg].ok'.
> 
> Anyway, the same concern.  The src and dst are reversed.
> 
> Thanks,
> Namhyung
> 
>> +
>> +		if (tsr->kind == TSR_KIND_TYPE || tsr->kind == TSR_KIND_POINTER)
>> +			tsr->copied_from = dreg;
>> +
>> +		pr_debug_dtp("mov [%x] reg%d -> reg%d",
>> +			     insn_offset, dreg, sreg);
>> +		pr_debug_type_name(&tsr->type, tsr->kind);
>> +		return;
>> +	}
>> +
>>  	if (dloc->fb_cfa) {
>>  		u64 ip = dloc->ms->sym->start + dl->al.offset;
>>  		u64 pc = map__rip_2objdump(dloc->ms->map, ip);
>> -- 
>> 2.34.1
>>