1 2 /*--------------------------------------------------------------------*/ 3 /*--- Take snapshots of client stacks. m_stacktrace.c ---*/ 4 /*--------------------------------------------------------------------*/ 5 6 /* 7 This file is part of Valgrind, a dynamic binary instrumentation 8 framework. 9 10 Copyright (C) 2000-2010 Julian Seward 11 jseward (at) acm.org 12 13 This program is free software; you can redistribute it and/or 14 modify it under the terms of the GNU General Public License as 15 published by the Free Software Foundation; either version 2 of the 16 License, or (at your option) any later version. 17 18 This program is distributed in the hope that it will be useful, but 19 WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with this program; if not, write to the Free Software 25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 26 02111-1307, USA. 27 28 The GNU General Public License is contained in the file COPYING. 29 */ 30 31 #include "pub_core_basics.h" 32 #include "pub_core_vki.h" 33 #include "pub_core_threadstate.h" 34 #include "pub_core_debuginfo.h" // XXX: circular dependency 35 #include "pub_core_aspacemgr.h" // For VG_(is_addressable)() 36 #include "pub_core_libcbase.h" 37 #include "pub_core_libcassert.h" 38 #include "pub_core_libcprint.h" 39 #include "pub_core_machine.h" 40 #include "pub_core_options.h" 41 #include "pub_core_stacks.h" // VG_(stack_limits) 42 #include "pub_core_stacktrace.h" 43 #include "pub_core_xarray.h" 44 #include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80) 45 #include "pub_core_trampoline.h" 46 47 48 /*------------------------------------------------------------*/ 49 /*--- ---*/ 50 /*--- BEGIN platform-dependent unwinder worker functions ---*/ 51 /*--- ---*/ 52 /*------------------------------------------------------------*/ 53 54 /* Take a snapshot of the client's stack, putting up to 'max_n_ips' 55 IPs into 'ips'. In order to be thread-safe, we pass in the 56 thread's IP SP, FP if that's meaningful, and LR if that's 57 meaningful. Returns number of IPs put in 'ips'. 58 59 If you know what the thread ID for this stack is, send that as the 60 first parameter, else send zero. This helps generate better stack 61 traces on ppc64-linux and has no effect on other platforms. 62 */ 63 64 /* ------------------------ x86 ------------------------- */ 65 66 #if defined(VGP_x86_linux) || defined(VGP_x86_darwin) 67 68 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 69 /*OUT*/Addr* ips, UInt max_n_ips, 70 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 71 UnwindStartRegs* startRegs, 72 Addr fp_max_orig ) 73 { 74 Bool debug = False; 75 Int i; 76 Addr fp_max; 77 UInt n_found = 0; 78 79 vg_assert(sizeof(Addr) == sizeof(UWord)); 80 vg_assert(sizeof(Addr) == sizeof(void*)); 81 82 D3UnwindRegs uregs; 83 uregs.xip = (Addr)startRegs->r_pc; 84 uregs.xsp = (Addr)startRegs->r_sp; 85 uregs.xbp = startRegs->misc.X86.r_ebp; 86 Addr fp_min = uregs.xsp; 87 88 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 89 stopping when the trail goes cold, which we guess to be 90 when FP is not a reasonable stack location. */ 91 92 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 93 // current page, at least. Dunno if it helps. 94 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 95 fp_max = VG_PGROUNDUP(fp_max_orig); 96 if (fp_max >= sizeof(Addr)) 97 fp_max -= sizeof(Addr); 98 99 if (debug) 100 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 101 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 102 max_n_ips, fp_min, fp_max_orig, fp_max, 103 uregs.xip, uregs.xbp); 104 105 /* Assertion broken before main() is reached in pthreaded programs; the 106 * offending stack traces only have one item. --njn, 2002-aug-16 */ 107 /* vg_assert(fp_min <= fp_max);*/ 108 // On Darwin, this kicks in for pthread-related stack traces, so they're 109 // only 1 entry long which is wrong. 110 # if !defined(VGO_darwin) 111 if (fp_min + 512 >= fp_max) { 112 /* If the stack limits look bogus, don't poke around ... but 113 don't bomb out either. */ 114 if (sps) sps[0] = uregs.xsp; 115 if (fps) fps[0] = uregs.xbp; 116 ips[0] = uregs.xip; 117 return 1; 118 } 119 # endif 120 121 /* fp is %ebp. sp is %esp. ip is %eip. */ 122 123 if (sps) sps[0] = uregs.xsp; 124 if (fps) fps[0] = uregs.xbp; 125 ips[0] = uregs.xip; 126 i = 1; 127 128 /* Loop unwinding the stack. Note that the IP value we get on 129 * each pass (whether from CFI info or a stack frame) is a 130 * return address so is actually after the calling instruction 131 * in the calling function. 132 * 133 * Because of this we subtract one from the IP after each pass 134 * of the loop so that we find the right CFI block on the next 135 * pass - otherwise we can find the wrong CFI info if it happens 136 * to change after the calling instruction and that will mean 137 * that we will fail to unwind the next step. 138 * 139 * This most frequently happens at the end of a function when 140 * a tail call occurs and we wind up using the CFI info for the 141 * next function which is completely wrong. 142 */ 143 while (True) { 144 145 if (i >= max_n_ips) 146 break; 147 148 /* Try to derive a new (ip,sp,fp) triple from the current 149 set. */ 150 151 /* On x86, first try the old-fashioned method of following the 152 %ebp-chain. Code which doesn't use this (that is, compiled 153 with -fomit-frame-pointer) is not ABI compliant and so 154 relatively rare. Besides, trying the CFI first almost always 155 fails, and is expensive. */ 156 /* Deal with frames resulting from functions which begin "pushl% 157 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */ 158 if (fp_min <= uregs.xbp && 159 uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/) 160 { 161 /* fp looks sane, so use it. */ 162 uregs.xip = (((UWord*)uregs.xbp)[1]); 163 // We stop if we hit a zero (the traditional end-of-stack 164 // marker) or a one -- these correspond to recorded IPs of 0 or -1. 165 // The latter because r8818 (in this file) changes the meaning of 166 // entries [1] and above in a stack trace, by subtracting 1 from 167 // them. Hence stacks that used to end with a zero value now end in 168 // -1 and so we must detect that too. 169 if (0 == uregs.xip || 1 == uregs.xip) break; 170 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/ 171 + sizeof(Addr) /*ra*/; 172 uregs.xbp = (((UWord*)uregs.xbp)[0]); 173 if (sps) sps[i] = uregs.xsp; 174 if (fps) fps[i] = uregs.xbp; 175 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 176 if (debug) 177 VG_(printf)(" ipsF[%d]=0x%08lx\n", i-1, ips[i-1]); 178 uregs.xip = uregs.xip - 1; 179 /* as per comment at the head of this loop */ 180 continue; 181 } 182 183 /* That didn't work out, so see if there is any CF info to hand 184 which can be used. */ 185 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 186 if (0 == uregs.xip || 1 == uregs.xip) break; 187 if (sps) sps[i] = uregs.xsp; 188 if (fps) fps[i] = uregs.xbp; 189 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 190 if (debug) 191 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]); 192 uregs.xip = uregs.xip - 1; 193 /* as per comment at the head of this loop */ 194 continue; 195 } 196 197 /* And, similarly, try for MSVC FPO unwind info. */ 198 if ( VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp, 199 fp_min, fp_max ) ) { 200 if (0 == uregs.xip || 1 == uregs.xip) break; 201 if (sps) sps[i] = uregs.xsp; 202 if (fps) fps[i] = uregs.xbp; 203 ips[i++] = uregs.xip; 204 if (debug) 205 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]); 206 uregs.xip = uregs.xip - 1; 207 continue; 208 } 209 210 /* No luck. We have to give up. */ 211 break; 212 } 213 214 n_found = i; 215 return n_found; 216 } 217 218 #endif 219 220 /* ----------------------- amd64 ------------------------ */ 221 222 #if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) 223 224 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 225 /*OUT*/Addr* ips, UInt max_n_ips, 226 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 227 UnwindStartRegs* startRegs, 228 Addr fp_max_orig ) 229 { 230 Bool debug = False; 231 Int i; 232 Addr fp_max; 233 UInt n_found = 0; 234 235 vg_assert(sizeof(Addr) == sizeof(UWord)); 236 vg_assert(sizeof(Addr) == sizeof(void*)); 237 238 D3UnwindRegs uregs; 239 uregs.xip = startRegs->r_pc; 240 uregs.xsp = startRegs->r_sp; 241 uregs.xbp = startRegs->misc.AMD64.r_rbp; 242 Addr fp_min = uregs.xsp; 243 244 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 245 stopping when the trail goes cold, which we guess to be 246 when FP is not a reasonable stack location. */ 247 248 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 249 // current page, at least. Dunno if it helps. 250 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 251 fp_max = VG_PGROUNDUP(fp_max_orig); 252 if (fp_max >= sizeof(Addr)) 253 fp_max -= sizeof(Addr); 254 255 extern unsigned long nacl_head; 256 257 if (nacl_head && uregs.xip > nacl_head && uregs.xip < nacl_head + (1ULL << 32)) { 258 fp_min = nacl_head; 259 fp_max = nacl_head + (1ULL << 32) - 1; 260 } 261 262 263 if (debug) 264 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 265 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 266 max_n_ips, fp_min, fp_max_orig, fp_max, 267 uregs.xip, uregs.xbp); 268 269 /* Assertion broken before main() is reached in pthreaded programs; the 270 * offending stack traces only have one item. --njn, 2002-aug-16 */ 271 /* vg_assert(fp_min <= fp_max);*/ 272 // On Darwin, this kicks in for pthread-related stack traces, so they're 273 // only 1 entry long which is wrong. 274 # if !defined(VGO_darwin) 275 if (fp_min + 256 >= fp_max) { 276 /* If the stack limits look bogus, don't poke around ... but 277 don't bomb out either. */ 278 if (sps) sps[0] = uregs.xsp; 279 if (fps) fps[0] = uregs.xbp; 280 ips[0] = uregs.xip; 281 return 1; 282 } 283 # endif 284 285 /* fp is %rbp. sp is %rsp. ip is %rip. */ 286 287 ips[0] = uregs.xip; 288 if (sps) sps[0] = uregs.xsp; 289 if (fps) fps[0] = uregs.xbp; 290 i = 1; 291 292 /* Loop unwinding the stack. Note that the IP value we get on 293 * each pass (whether from CFI info or a stack frame) is a 294 * return address so is actually after the calling instruction 295 * in the calling function. 296 * 297 * Because of this we subtract one from the IP after each pass 298 * of the loop so that we find the right CFI block on the next 299 * pass - otherwise we can find the wrong CFI info if it happens 300 * to change after the calling instruction and that will mean 301 * that we will fail to unwind the next step. 302 * 303 * This most frequently happens at the end of a function when 304 * a tail call occurs and we wind up using the CFI info for the 305 * next function which is completely wrong. 306 */ 307 while (True) { 308 309 if (i >= max_n_ips) 310 break; 311 312 /* Try to derive a new (ip,sp,fp) triple from the current set. */ 313 314 /* First off, see if there is any CFI info to hand which can 315 be used. */ 316 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 317 if (0 == uregs.xip || 1 == uregs.xip) break; 318 if (sps) sps[i] = uregs.xsp; 319 if (fps) fps[i] = uregs.xbp; 320 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 321 if (debug) 322 VG_(printf)(" ipsC[%d]=%#08lx\n", i-1, ips[i-1]); 323 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 324 continue; 325 } 326 327 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so 328 we can safely try the old-fashioned method. */ 329 /* This bit is supposed to deal with frames resulting from 330 functions which begin "pushq %rbp ; movq %rsp, %rbp". 331 Unfortunately, since we can't (easily) look at the insns at 332 the start of the fn, like GDB does, there's no reliable way 333 to tell. Hence the hack of first trying out CFI, and if that 334 fails, then use this as a fallback. */ 335 /* Note: re "- 1 * sizeof(UWord)", need to take account of the 336 fact that we are prodding at & ((UWord*)fp)[1] and so need to 337 adjust the limit check accordingly. Omitting this has been 338 observed to cause segfaults on rare occasions. */ 339 if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) { 340 /* fp looks sane, so use it. */ 341 uregs.xip = (((UWord*)uregs.xbp)[1]); 342 if (0 == uregs.xip || 1 == uregs.xip) break; 343 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/ 344 + sizeof(Addr) /*ra*/; 345 uregs.xbp = (((UWord*)uregs.xbp)[0]); 346 if (sps) sps[i] = uregs.xsp; 347 if (fps) fps[i] = uregs.xbp; 348 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 349 if (debug) 350 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]); 351 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 352 continue; 353 } 354 355 /* Last-ditch hack (evidently GDB does something similar). We 356 are in the middle of nowhere and we have a nonsense value for 357 the frame pointer. If the stack pointer is still valid, 358 assume that what it points at is a return address. Yes, 359 desperate measures. Could do better here: 360 - check that the supposed return address is in 361 an executable page 362 - check that the supposed return address is just after a call insn 363 - given those two checks, don't just consider *sp as the return 364 address; instead scan a likely section of stack (eg sp .. sp+256) 365 and use suitable values found there. 366 */ 367 if (fp_min <= uregs.xsp && uregs.xsp < fp_max) { 368 uregs.xip = ((UWord*)uregs.xsp)[0]; 369 if (0 == uregs.xip || 1 == uregs.xip) break; 370 if (sps) sps[i] = uregs.xsp; 371 if (fps) fps[i] = uregs.xbp; 372 ips[i++] = uregs.xip == 0 373 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a 374 thread stack */ 375 : uregs.xip - 1; 376 /* -1: refer to calling insn, not the RA */ 377 if (debug) 378 VG_(printf)(" ipsH[%d]=%#08lx\n", i-1, ips[i-1]); 379 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 380 uregs.xsp += 8; 381 continue; 382 } 383 384 /* No luck at all. We have to give up. */ 385 break; 386 } 387 388 n_found = i; 389 return n_found; 390 } 391 392 #endif 393 394 /* -----------------------ppc32/64 ---------------------- */ 395 396 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux) \ 397 || defined(VGP_ppc32_aix5) || defined(VGP_ppc64_aix5) 398 399 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 400 /*OUT*/Addr* ips, UInt max_n_ips, 401 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 402 UnwindStartRegs* startRegs, 403 Addr fp_max_orig ) 404 { 405 Bool lr_is_first_RA = False; 406 # if defined(VG_PLAT_USES_PPCTOC) 407 Word redir_stack_size = 0; 408 Word redirs_used = 0; 409 # endif 410 411 Bool debug = False; 412 Int i; 413 Addr fp_max; 414 UInt n_found = 0; 415 416 vg_assert(sizeof(Addr) == sizeof(UWord)); 417 vg_assert(sizeof(Addr) == sizeof(void*)); 418 419 Addr ip = (Addr)startRegs->r_pc; 420 Addr sp = (Addr)startRegs->r_sp; 421 Addr fp = sp; 422 # if defined(VGP_ppc32_linux) || defined(VGP_ppc32_aix5) 423 Addr lr = startRegs->misc.PPC32.r_lr; 424 # elif defined(VGP_ppc64_linux) || defined(VGP_ppc64_aix5) 425 Addr lr = startRegs->misc.PPC64.r_lr; 426 # endif 427 Addr fp_min = sp; 428 429 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 430 stopping when the trail goes cold, which we guess to be 431 when FP is not a reasonable stack location. */ 432 433 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 434 // current page, at least. Dunno if it helps. 435 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 436 fp_max = VG_PGROUNDUP(fp_max_orig); 437 if (fp_max >= sizeof(Addr)) 438 fp_max -= sizeof(Addr); 439 440 if (debug) 441 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 442 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 443 max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp); 444 445 /* Assertion broken before main() is reached in pthreaded programs; the 446 * offending stack traces only have one item. --njn, 2002-aug-16 */ 447 /* vg_assert(fp_min <= fp_max);*/ 448 if (fp_min + 512 >= fp_max) { 449 /* If the stack limits look bogus, don't poke around ... but 450 don't bomb out either. */ 451 if (sps) sps[0] = sp; 452 if (fps) fps[0] = fp; 453 ips[0] = ip; 454 return 1; 455 } 456 457 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and 458 frame pointers. */ 459 460 # if defined(VGP_ppc64_linux) || defined(VGP_ppc64_aix5) 461 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE; 462 redirs_used = 0; 463 # elif defined(VGP_ppc32_aix5) 464 redir_stack_size = VEX_GUEST_PPC32_REDIR_STACK_SIZE; 465 redirs_used = 0; 466 # endif 467 468 # if defined(VG_PLAT_USES_PPCTOC) 469 /* Deal with bogus LR values caused by function 470 interception/wrapping on ppc-TOC platforms; see comment on 471 similar code a few lines further down. */ 472 if (ULong_to_Ptr(lr) == (void*)&VG_(ppctoc_magic_redirect_return_stub) 473 && VG_(is_valid_tid)(tid_if_known)) { 474 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP; 475 redirs_used++; 476 if (hsp >= 1 && hsp < redir_stack_size) 477 lr = VG_(threads)[tid_if_known] 478 .arch.vex.guest_REDIR_STACK[hsp-1]; 479 } 480 # endif 481 482 /* We have to determine whether or not LR currently holds this fn 483 (call it F)'s return address. It might not if F has previously 484 called some other function, hence overwriting LR with a pointer 485 to some part of F. Hence if LR and IP point to the same 486 function then we conclude LR does not hold this function's 487 return address; instead the LR at entry must have been saved in 488 the stack by F's prologue and so we must get it from there 489 instead. Note all this guff only applies to the innermost 490 frame. */ 491 lr_is_first_RA = False; 492 { 493 # define M_VG_ERRTXT 1000 494 UChar buf_lr[M_VG_ERRTXT], buf_ip[M_VG_ERRTXT]; 495 /* The following conditional looks grossly inefficient and 496 surely could be majorly improved, with not much effort. */ 497 if (VG_(get_fnname_raw) (lr, buf_lr, M_VG_ERRTXT)) 498 if (VG_(get_fnname_raw) (ip, buf_ip, M_VG_ERRTXT)) 499 if (VG_(strncmp)(buf_lr, buf_ip, M_VG_ERRTXT)) 500 lr_is_first_RA = True; 501 # undef M_VG_ERRTXT 502 } 503 504 if (sps) sps[0] = fp; /* NB. not sp */ 505 if (fps) fps[0] = fp; 506 ips[0] = ip; 507 i = 1; 508 509 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) { 510 511 /* initial FP is sane; keep going */ 512 fp = (((UWord*)fp)[0]); 513 514 while (True) { 515 516 /* On ppc64-linux (ppc64-elf, really), and on AIX, the lr save 517 slot is 2 words back from sp, whereas on ppc32-elf(?) it's 518 only one word back. */ 519 # if defined(VG_PLAT_USES_PPCTOC) 520 const Int lr_offset = 2; 521 # else 522 const Int lr_offset = 1; 523 # endif 524 525 if (i >= max_n_ips) 526 break; 527 528 /* Try to derive a new (ip,fp) pair from the current set. */ 529 530 if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) { 531 /* fp looks sane, so use it. */ 532 533 if (i == 1 && lr_is_first_RA) 534 ip = lr; 535 else 536 ip = (((UWord*)fp)[lr_offset]); 537 538 # if defined(VG_PLAT_USES_PPCTOC) 539 /* Nasty hack to do with function replacement/wrapping on 540 ppc64-linux/ppc64-aix/ppc32-aix. If LR points to our 541 magic return stub, then we are in a wrapped or 542 intercepted function, in which LR has been messed with. 543 The original LR will have been pushed onto the thread's 544 hidden REDIR stack one down from the top (top element 545 is the saved R2) and so we should restore the value 546 from there instead. Since nested redirections can and 547 do happen, we keep track of the number of nested LRs 548 used by the unwinding so far with 'redirs_used'. */ 549 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub) 550 && VG_(is_valid_tid)(tid_if_known)) { 551 Word hsp = VG_(threads)[tid_if_known] 552 .arch.vex.guest_REDIR_SP; 553 hsp -= 2 * redirs_used; 554 redirs_used ++; 555 if (hsp >= 1 && hsp < redir_stack_size) 556 ip = VG_(threads)[tid_if_known] 557 .arch.vex.guest_REDIR_STACK[hsp-1]; 558 } 559 # endif 560 561 if (0 == ip || 1 == ip) break; 562 if (sps) sps[i] = fp; /* NB. not sp */ 563 if (fps) fps[i] = fp; 564 fp = (((UWord*)fp)[0]); 565 ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */ 566 if (debug) 567 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]); 568 ip = ip - 1; /* ip is probably dead at this point, but 569 play safe, a la x86/amd64 above. See 570 extensive comments above. */ 571 continue; 572 } 573 574 /* No luck there. We have to give up. */ 575 break; 576 } 577 } 578 579 n_found = i; 580 return n_found; 581 } 582 583 #endif 584 585 /* ------------------------ arm ------------------------- */ 586 587 #if defined(VGP_arm_linux) 588 589 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 590 /*OUT*/Addr* ips, UInt max_n_ips, 591 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 592 UnwindStartRegs* startRegs, 593 Addr fp_max_orig ) 594 { 595 Bool debug = False; 596 Int i; 597 Addr fp_max; 598 UInt n_found = 0; 599 600 vg_assert(sizeof(Addr) == sizeof(UWord)); 601 vg_assert(sizeof(Addr) == sizeof(void*)); 602 603 D3UnwindRegs uregs; 604 uregs.r15 = startRegs->r_pc & 0xFFFFFFFE; 605 uregs.r14 = startRegs->misc.ARM.r14; 606 uregs.r13 = startRegs->r_sp; 607 uregs.r12 = startRegs->misc.ARM.r12; 608 uregs.r11 = startRegs->misc.ARM.r11; 609 uregs.r7 = startRegs->misc.ARM.r7; 610 Addr fp_min = uregs.r13; 611 612 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 613 stopping when the trail goes cold, which we guess to be 614 when FP is not a reasonable stack location. */ 615 616 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 617 // current page, at least. Dunno if it helps. 618 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 619 fp_max = VG_PGROUNDUP(fp_max_orig); 620 if (fp_max >= sizeof(Addr)) 621 fp_max -= sizeof(Addr); 622 623 if (debug) 624 VG_(printf)("\nmax_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 625 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n", 626 max_n_ips, fp_min, fp_max_orig, fp_max, 627 uregs.r15, uregs.r13); 628 629 /* Assertion broken before main() is reached in pthreaded programs; the 630 * offending stack traces only have one item. --njn, 2002-aug-16 */ 631 /* vg_assert(fp_min <= fp_max);*/ 632 // On Darwin, this kicks in for pthread-related stack traces, so they're 633 // only 1 entry long which is wrong. 634 if (fp_min + 512 >= fp_max) { 635 /* If the stack limits look bogus, don't poke around ... but 636 don't bomb out either. */ 637 if (sps) sps[0] = uregs.r13; 638 if (fps) fps[0] = 0; 639 ips[0] = uregs.r15; 640 return 1; 641 } 642 643 /* */ 644 645 if (sps) sps[0] = uregs.r13; 646 if (fps) fps[0] = 0; 647 ips[0] = uregs.r15; 648 i = 1; 649 650 /* Loop unwinding the stack. */ 651 652 while (True) { 653 if (debug) { 654 VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n", 655 i, uregs.r15, uregs.r13); 656 } 657 658 if (i >= max_n_ips) 659 break; 660 661 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 662 if (sps) sps[i] = uregs.r13; 663 if (fps) fps[i] = 0; 664 ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1; 665 if (debug) 666 VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n", 667 uregs.r15, uregs.r13); 668 uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1; 669 continue; 670 } 671 /* No luck. We have to give up. */ 672 break; 673 } 674 675 n_found = i; 676 return n_found; 677 } 678 679 #endif 680 681 /*------------------------------------------------------------*/ 682 /*--- ---*/ 683 /*--- END platform-dependent unwinder worker functions ---*/ 684 /*--- ---*/ 685 /*------------------------------------------------------------*/ 686 687 /*------------------------------------------------------------*/ 688 /*--- Exported functions. ---*/ 689 /*------------------------------------------------------------*/ 690 691 UInt VG_(get_StackTrace) ( ThreadId tid, 692 /*OUT*/StackTrace ips, UInt max_n_ips, 693 /*OUT*/StackTrace sps, 694 /*OUT*/StackTrace fps, 695 Word first_ip_delta ) 696 { 697 /* Get the register values with which to start the unwind. */ 698 UnwindStartRegs startRegs; 699 VG_(memset)( &startRegs, 0, sizeof(startRegs) ); 700 VG_(get_UnwindStartRegs)( &startRegs, tid ); 701 702 Addr stack_highest_word = VG_(threads)[tid].client_stack_highest_word; 703 Addr stack_lowest_word = 0; 704 705 # if defined(VGP_x86_linux) 706 /* Nasty little hack to deal with syscalls - if libc is using its 707 _dl_sysinfo_int80 function for syscalls (the TLS version does), 708 then ip will always appear to be in that function when doing a 709 syscall, not the actual libc function doing the syscall. This 710 check sees if IP is within that function, and pops the return 711 address off the stack so that ip is placed within the library 712 function calling the syscall. This makes stack backtraces much 713 more useful. 714 715 The function is assumed to look like this (from glibc-2.3.6 sources): 716 _dl_sysinfo_int80: 717 int $0x80 718 ret 719 That is 3 (2+1) bytes long. We could be more thorough and check 720 the 3 bytes of the function are as expected, but I can't be 721 bothered. 722 */ 723 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */ 724 && startRegs.r_pc >= VG_(client__dl_sysinfo_int80) 725 && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3 726 && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr), 727 VKI_PROT_READ)) { 728 startRegs.r_pc = (ULong) *(Addr*)(UWord)startRegs.r_sp; 729 startRegs.r_sp += (ULong) sizeof(Addr); 730 } 731 # endif 732 733 /* See if we can get a better idea of the stack limits */ 734 VG_(stack_limits)( (Addr)startRegs.r_sp, 735 &stack_lowest_word, &stack_highest_word ); 736 737 /* Take into account the first_ip_delta. */ 738 startRegs.r_pc += (Long)(Word)first_ip_delta; 739 740 if (0) 741 VG_(printf)("tid %d: stack_highest=0x%08lx ip=0x%010llx " 742 "sp=0x%010llx\n", 743 tid, stack_highest_word, 744 startRegs.r_pc, startRegs.r_sp); 745 746 return VG_(get_StackTrace_wrk)(tid, ips, max_n_ips, 747 sps, fps, 748 &startRegs, 749 stack_highest_word); 750 } 751 752 static void printIpDesc(UInt n, Addr ip, void* uu_opaque) 753 { 754 #define BUF_LEN 4096 755 756 static UChar buf[BUF_LEN]; 757 758 VG_(describe_IP)(ip, buf, BUF_LEN); 759 760 if (VG_(clo_xml)) { 761 VG_(printf_xml)(" %s\n", buf); 762 } else { 763 VG_(message)(Vg_UserMsg, " %s %s\n", ( n == 0 ? "at" : "by" ), buf); 764 } 765 } 766 767 /* Print a StackTrace. */ 768 void VG_(pp_StackTrace) ( StackTrace ips, UInt n_ips ) 769 { 770 vg_assert( n_ips > 0 ); 771 772 if (VG_(clo_xml)) 773 VG_(printf_xml)(" <stack>\n"); 774 775 VG_(apply_StackTrace)( printIpDesc, NULL, ips, n_ips ); 776 777 if (VG_(clo_xml)) 778 VG_(printf_xml)(" </stack>\n"); 779 } 780 781 /* Get and immediately print a StackTrace. */ 782 void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips ) 783 { 784 Addr ips[max_n_ips]; 785 UInt n_ips 786 = VG_(get_StackTrace)(tid, ips, max_n_ips, 787 NULL/*array to dump SP values in*/, 788 NULL/*array to dump FP values in*/, 789 0/*first_ip_delta*/); 790 VG_(pp_StackTrace)(ips, n_ips); 791 } 792 793 void VG_(apply_StackTrace)( 794 void(*action)(UInt n, Addr ip, void* opaque), 795 void* opaque, 796 StackTrace ips, UInt n_ips 797 ) 798 { 799 Bool main_done = False; 800 Int i = 0; 801 802 vg_assert(n_ips > 0); 803 do { 804 Addr ip = ips[i]; 805 806 // Stop after the first appearance of "main" or one of the other names 807 // (the appearance of which is a pretty good sign that we've gone past 808 // main without seeing it, for whatever reason) 809 if ( ! VG_(clo_show_below_main) ) { 810 Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ip); 811 if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind) { 812 main_done = True; 813 } 814 } 815 816 // Act on the ip 817 action(i, ip, opaque); 818 819 i++; 820 } while (i < n_ips && !main_done); 821 822 #undef MYBUF_LEN 823 } 824 825 826 /*--------------------------------------------------------------------*/ 827 /*--- end ---*/ 828 /*--------------------------------------------------------------------*/ 829