Since the whole expression, unary operator included, is replaced by a
call to bpf_probe_read, the dereference operator is currently the
only unary operator properly rewritten. When rewriting an increment
expression (++val) for instance, the increment operator is lost in
translation.
Trying to rewrite all unary operators sometimes confuses bcc and
results in improper code, for instance when trying to rewrite a
logical negation.
return true;
}
bool ProbeVisitor::VisitUnaryOperator(UnaryOperator *E) {
- if (E->getOpcode() == UO_AddrOf)
+ if (E->getOpcode() != UO_Deref)
return true;
if (memb_visited_.find(E) != memb_visited_.end())
return true;
"""
b = BPF(text=text)
+ def test_unary_operator(self):
+ text = """
+#include <linux/fs.h>
+#include <uapi/linux/ptrace.h>
+int trace_read_entry(struct pt_regs *ctx, struct file *file) {
+ return !file->f_op->read_iter;
+}
+ """
+ b = BPF(text=text)
+ b.attach_kprobe(event="__vfs_read", fn_name="trace_read_entry")
+
if __name__ == "__main__":
main()