in cmd/seccomp-profiler/disasm/disasm.go [207:244]
func parseX86_64(p *parser, line, caller string, instructions []string) (*Syscall, error) {
var m *regexp.Regexp
if p.isRawSyscall(line) && !isSyscallFunction(caller) {
m = x86_64RawSyscallRegex
// Special case to handle a compiler optimization. This is a read
// syscall found in cgo binaries.
if inst := lastInstruction(instructions); inst != "" {
if strings.Contains(inst, "XORL AX, AX") {
fields := strings.Fields(line)
return &Syscall{
Location: fields[0],
Function: strings.Join(fields[3:], " "),
Num: 0,
Assembly: "XORL AX, AX",
}, nil
}
}
} else if p.isFunctionCall(line) && isSyscallFunction(line) {
m = x86_64SyscallRegex
}
if m == nil {
return nil, nil
}
fields := strings.Fields(line)
s := &Syscall{
Location: fields[0],
Function: strings.Join(fields[3:], " "),
}
if err := findSyscallNum(instructions, s, m); err != nil {
return nil, fmt.Errorf("failed to extract syscall from '%v': %v",
strings.TrimSpace(line), err)
}
return s, nil
}