fix: recover inline entry values via incoming call sites

Author: swananan

e2e-tests/tests/optimized_inline_call_value_execution.rs

@@ -9,11 +9,6 @@ use std::time::Duration;
 // Keep this on the first executable line before consume_pair() is called.
 const INLINE_BEFORE_CALL_TRACE_LINE: u32 = 20;
 // Keep this on the first executable line after consume_pair() returns.
-// This is intentionally a negative regression point: at this PC the inline
-// parameters have already fallen out of their own location-list coverage, so
-// we only assert that GhostScope does not misreport them as consume_pair's
-// argument registers. We do not expect post-call value recovery to work until
-// full DW_OP_entry_value + caller-side call-site evaluation is implemented.
 const INLINE_AFTER_CALL_TRACE_LINE: u32 = 22;
 
 async fn spawn_inline_call_value_program(
@@ -272,3 +267,71 @@ async fn test_optimized_inline_parameters_survive_internal_call_sites() -> anyho
 
     Ok(())
 }
+
+#[tokio::test]
+async fn test_entry_value_recovers_outer_parameter_inside_optimized_inline_after_internal_call(
+) -> anyhow::Result<()> {
+    init();
+
+    let binary_path = FIXTURES.get_test_binary("inline_call_value_program")?;
+    let mut analyzer = ghostscope_dwarf::DwarfAnalyzer::from_exec_path(&binary_path).await?;
+    let addrs = analyzer.lookup_addresses_by_source_line(
+        "inline_call_value_program.c",
+        INLINE_AFTER_CALL_TRACE_LINE,
+    );
+    anyhow::ensure!(
+        !addrs.is_empty(),
+        "No DWARF addresses found for inline_call_value_program.c:{INLINE_AFTER_CALL_TRACE_LINE}"
+    );
+    for module_address in &addrs {
+        anyhow::ensure!(
+            analyzer.is_inline_at(module_address) == Some(true),
+            "Expected inline address at 0x{:x}",
+            module_address.address
+        );
+    }
+
+    let target = spawn_inline_call_value_program(&binary_path).await?;
+    let script = format!(
+        "trace inline_call_value_program.c:{INLINE_AFTER_CALL_TRACE_LINE} {{\n    print \"POSTCALL:{{}}:{{}}\", seed, after_call;\n}}\n"
+    );
+    let (exit_code, stdout, stderr) =
+        run_ghostscope_with_script_for_target(&script, 4, &target).await?;
+    target.terminate().await?;
+
+    if should_skip_for_ebpf_env(exit_code, &stderr) {
+        return Ok(());
+    }
+
+    assert_eq!(exit_code, 0, "stderr={stderr} stdout={stdout}");
+    assert!(
+        !stdout.contains("ExprError"),
+        "Expected exact entry_value recovery inside the inline body. STDOUT: {stdout}\nSTDERR: {stderr}"
+    );
+    assert!(
+        !stdout.contains("<optimized_out>"),
+        "Inline post-call entry_value should not be optimized out. STDOUT: {stdout}\nSTDERR: {stderr}"
+    );
+
+    let re = Regex::new(r"POSTCALL:([0-9-]+):([0-9-]+)")?;
+    let mut seen = 0;
+    for caps in re.captures_iter(&stdout) {
+        let seed: i64 = caps[1].parse()?;
+        let after_call: i64 = caps[2].parse()?;
+        let original_x = seed * 7;
+        let original_y = seed + 11;
+        let combined = (original_x + original_y) * (original_x - original_y);
+        assert_eq!(
+            after_call,
+            combined + 7,
+            "Expected seed/after_call to match wrapper(seed) on the first post-call line. STDOUT: {stdout}"
+        );
+        seen += 1;
+    }
+
+    assert!(
+        seen >= 2,
+        "Expected multiple post-call entry_value events. STDOUT: {stdout}\nSTDERR: {stderr}"
+    );
+    Ok(())
+}

ghostscope-dwarf/src/index/block_index.rs

@@ -172,29 +172,9 @@ impl FunctionBlocks {
         out
     }
 
-    /// Find the nearest caller-side call-site parameter binding whose return_pc
-    /// is at or before `pc` and whose callee entry register matches `register`.
-    pub fn entry_value_parameter_for_pc(
-        &self,
-        pc: u64,
-        register: u16,
-    ) -> Option<&CallSiteParameter> {
-        for (_, records) in self.call_sites.range(..=pc).rev() {
-            for record in records.iter().rev() {
-                if let Some(parameter) = record
-                    .parameters
-                    .iter()
-                    .find(|parameter| parameter.callee_register == register)
-                {
-                    return Some(parameter);
-                }
-            }
-        }
-        None
-    }
-
     /// Collect all incoming caller-side call-site bindings for a callee
-    /// register. These are used for non-inline DW_OP_entry_value recovery.
+    /// register. These drive DW_OP_entry_value recovery without consulting
+    /// nested outgoing call sites inside the current function body.
     pub fn incoming_entry_value_parameters(&self, register: u16) -> Vec<(u64, &CallSiteParameter)> {
         let mut out = Vec::new();
         for (return_pc, records) in &self.incoming_call_sites {
@@ -208,17 +188,6 @@ impl FunctionBlocks {
         }
         out
     }
-
-    /// True when `pc` is inside an inlined-subroutine scope in this function.
-    pub fn is_inline_context_at(&self, pc: u64) -> bool {
-        if !self.function_contains_pc(pc) {
-            return false;
-        }
-        self.block_path_for_pc(pc)
-            .into_iter()
-            .skip(1)
-            .any(|idx| self.nodes[idx].entry_pc.is_some())
-    }
 }
 
 /// Global per-module block index
@@ -1400,58 +1369,4 @@ mod tests {
         assert_eq!(incoming[0].call_origin, None);
         assert_eq!(incoming[0].call_target, Some(0x1200));
     }
-
-    #[test]
-    fn entry_value_parameter_lookup_uses_nearest_prior_return_pc() {
-        let mut function = FunctionBlocks::new(gimli::DebugInfoOffset(0), gimli::UnitOffset(0));
-        function.call_sites.insert(
-            0x1018,
-            vec![CallSiteRecord {
-                cu_offset: gimli::DebugInfoOffset(0),
-                die_offset: gimli::UnitOffset(1),
-                return_pc: 0x1018,
-                call_origin: None,
-                call_target: None,
-                parameters: vec![CallSiteParameter {
-                    callee_register: 5,
-                    caller_value_steps: vec![ComputeStep::PushConstant(11)],
-                }],
-            }],
-        );
-        function.call_sites.insert(
-            0x1030,
-            vec![CallSiteRecord {
-                cu_offset: gimli::DebugInfoOffset(0),
-                die_offset: gimli::UnitOffset(2),
-                return_pc: 0x1030,
-                call_origin: None,
-                call_target: None,
-                parameters: vec![CallSiteParameter {
-                    callee_register: 5,
-                    caller_value_steps: vec![ComputeStep::PushConstant(22)],
-                }],
-            }],
-        );
-
-        let parameter = function
-            .entry_value_parameter_for_pc(0x1034, 5)
-            .expect("nearest call-site parameter should be found");
-        assert_eq!(
-            parameter.caller_value_steps,
-            vec![ComputeStep::PushConstant(22)]
-        );
-
-        let earlier = function
-            .entry_value_parameter_for_pc(0x1019, 5)
-            .expect("earlier call-site parameter should be found");
-        assert_eq!(
-            earlier.caller_value_steps,
-            vec![ComputeStep::PushConstant(11)]
-        );
-
-        assert!(
-            function.entry_value_parameter_for_pc(0x1017, 5).is_none(),
-            "call sites after the current PC must not match"
-        );
-    }
 }

ghostscope-dwarf/src/parser/expression_evaluator.rs

@@ -347,12 +347,9 @@ impl ExpressionEvaluator {
                 debug!("Found DW_OP_stack_value - this is a computed value");
             }
             match &op {
-                // TODO(entry_value): This is only a minimal fallback.
-                // For inline parameters, a correct DW_OP_entry_value implementation must
-                // walk back to the caller and evaluate the matching call_site_parameter's
-                // DW_AT_call_value / DW_AT_GNU_call_site_value. Merely stripping
-                // entry_value(reg) to a bare register only preserves the simplest cases
-                // where the parameter is still equivalent to the entry register.
+                // Lower supported DW_OP_entry_value forms through caller-side
+                // call-site metadata. This keeps optimized parameters usable
+                // after their entry registers have been clobbered.
                 Operation::EntryValue { expression } => {
                     let mut inner = *expression;
                     let mut inner_ops: Vec<Operation<_>> = Vec::new();
@@ -1297,18 +1294,6 @@ impl ExpressionEvaluator {
         let function_context = function_context.ok_or_else(|| {
             anyhow::anyhow!("DW_OP_entry_value requires function call-site context")
         })?;
-        if function_context.is_inline_context_at(current_pc) {
-            if let Some(parameter) =
-                function_context.entry_value_parameter_for_pc(current_pc, register)
-            {
-                return Self::materialize_caller_value_steps(
-                    &parameter.caller_value_steps,
-                    current_pc,
-                    cfi_index,
-                );
-            }
-        }
-
         Self::build_incoming_entry_value_lookup(
             current_pc,
             register,
@@ -1703,7 +1688,7 @@ mod tests {
     }
 
     #[test]
-    fn entry_value_uses_nearest_call_site_parameter_steps_in_inline_context() {
+    fn entry_value_ignores_outgoing_call_sites_in_inline_context() {
         let mut function = FunctionBlocks {
             cu_offset: gimli::DebugInfoOffset(0),
             die_offset: gimli::UnitOffset(0),
@@ -1758,15 +1743,20 @@ mod tests {
             }],
         );
 
-        let steps = ExpressionEvaluator::resolve_entry_value_register(
+        let error = ExpressionEvaluator::resolve_entry_value_register(
             0x1034,
             5,
             None,
             Some(&function),
             None,
         )
-        .expect("entry_value should resolve to the nearest call site");
-        assert_eq!(steps, vec![ComputeStep::PushConstant(22)]);
+        .expect_err("inline entry_value must not reuse nested outgoing call-site bindings");
+        assert!(
+            error
+                .to_string()
+                .contains("DW_OP_entry_value register recovery needs CFI"),
+            "unexpected error: {error}"
+        );
     }
 
     #[test]