1 2 /*--------------------------------------------------------------------*/ 3 /*--- Take snapshots of client stacks. m_stacktrace.c ---*/ 4 /*--------------------------------------------------------------------*/ 5 6 /* 7 This file is part of Valgrind, a dynamic binary instrumentation 8 framework. 9 10 Copyright (C) 2000-2012 Julian Seward 11 jseward (at) acm.org 12 13 This program is free software; you can redistribute it and/or 14 modify it under the terms of the GNU General Public License as 15 published by the Free Software Foundation; either version 2 of the 16 License, or (at your option) any later version. 17 18 This program is distributed in the hope that it will be useful, but 19 WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with this program; if not, write to the Free Software 25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 26 02111-1307, USA. 27 28 The GNU General Public License is contained in the file COPYING. 29 */ 30 31 #include "pub_core_basics.h" 32 #include "pub_core_vki.h" 33 #include "pub_core_libcsetjmp.h" // to keep _threadstate.h happy 34 #include "pub_core_threadstate.h" 35 #include "pub_core_debuginfo.h" // XXX: circular dependency 36 #include "pub_core_aspacemgr.h" // For VG_(is_addressable)() 37 #include "pub_core_libcbase.h" 38 #include "pub_core_libcassert.h" 39 #include "pub_core_libcprint.h" 40 #include "pub_core_machine.h" 41 #include "pub_core_options.h" 42 #include "pub_core_stacks.h" // VG_(stack_limits) 43 #include "pub_core_stacktrace.h" 44 #include "pub_core_xarray.h" 45 #include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80) 46 #include "pub_core_trampoline.h" 47 48 49 /*------------------------------------------------------------*/ 50 /*--- ---*/ 51 /*--- BEGIN platform-dependent unwinder worker functions ---*/ 52 /*--- ---*/ 53 /*------------------------------------------------------------*/ 54 55 /* Take a snapshot of the client's stack, putting up to 'max_n_ips' 56 IPs into 'ips'. In order to be thread-safe, we pass in the 57 thread's IP SP, FP if that's meaningful, and LR if that's 58 meaningful. Returns number of IPs put in 'ips'. 59 60 If you know what the thread ID for this stack is, send that as the 61 first parameter, else send zero. This helps generate better stack 62 traces on ppc64-linux and has no effect on other platforms. 63 */ 64 65 /* ------------------------ x86 ------------------------- */ 66 67 #if defined(VGP_x86_linux) || defined(VGP_x86_darwin) 68 69 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 70 /*OUT*/Addr* ips, UInt max_n_ips, 71 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 72 UnwindStartRegs* startRegs, 73 Addr fp_max_orig ) 74 { 75 Bool debug = False; 76 Int i; 77 Addr fp_max; 78 UInt n_found = 0; 79 80 vg_assert(sizeof(Addr) == sizeof(UWord)); 81 vg_assert(sizeof(Addr) == sizeof(void*)); 82 83 D3UnwindRegs uregs; 84 uregs.xip = (Addr)startRegs->r_pc; 85 uregs.xsp = (Addr)startRegs->r_sp; 86 uregs.xbp = startRegs->misc.X86.r_ebp; 87 Addr fp_min = uregs.xsp; 88 89 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 90 stopping when the trail goes cold, which we guess to be 91 when FP is not a reasonable stack location. */ 92 93 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 94 // current page, at least. Dunno if it helps. 95 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 96 fp_max = VG_PGROUNDUP(fp_max_orig); 97 if (fp_max >= sizeof(Addr)) 98 fp_max -= sizeof(Addr); 99 100 if (debug) 101 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 102 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 103 max_n_ips, fp_min, fp_max_orig, fp_max, 104 uregs.xip, uregs.xbp); 105 106 /* Assertion broken before main() is reached in pthreaded programs; the 107 * offending stack traces only have one item. --njn, 2002-aug-16 */ 108 /* vg_assert(fp_min <= fp_max);*/ 109 // On Darwin, this kicks in for pthread-related stack traces, so they're 110 // only 1 entry long which is wrong. 111 # if !defined(VGO_darwin) 112 if (fp_min + 512 >= fp_max) { 113 /* If the stack limits look bogus, don't poke around ... but 114 don't bomb out either. */ 115 if (sps) sps[0] = uregs.xsp; 116 if (fps) fps[0] = uregs.xbp; 117 ips[0] = uregs.xip; 118 return 1; 119 } 120 # endif 121 122 /* fp is %ebp. sp is %esp. ip is %eip. */ 123 124 if (sps) sps[0] = uregs.xsp; 125 if (fps) fps[0] = uregs.xbp; 126 ips[0] = uregs.xip; 127 i = 1; 128 129 /* Loop unwinding the stack. Note that the IP value we get on 130 * each pass (whether from CFI info or a stack frame) is a 131 * return address so is actually after the calling instruction 132 * in the calling function. 133 * 134 * Because of this we subtract one from the IP after each pass 135 * of the loop so that we find the right CFI block on the next 136 * pass - otherwise we can find the wrong CFI info if it happens 137 * to change after the calling instruction and that will mean 138 * that we will fail to unwind the next step. 139 * 140 * This most frequently happens at the end of a function when 141 * a tail call occurs and we wind up using the CFI info for the 142 * next function which is completely wrong. 143 */ 144 while (True) { 145 146 if (i >= max_n_ips) 147 break; 148 149 /* Try to derive a new (ip,sp,fp) triple from the current 150 set. */ 151 152 /* On x86, first try the old-fashioned method of following the 153 %ebp-chain. Code which doesn't use this (that is, compiled 154 with -fomit-frame-pointer) is not ABI compliant and so 155 relatively rare. Besides, trying the CFI first almost always 156 fails, and is expensive. */ 157 /* Deal with frames resulting from functions which begin "pushl% 158 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */ 159 if (fp_min <= uregs.xbp && 160 uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/) 161 { 162 /* fp looks sane, so use it. */ 163 uregs.xip = (((UWord*)uregs.xbp)[1]); 164 // We stop if we hit a zero (the traditional end-of-stack 165 // marker) or a one -- these correspond to recorded IPs of 0 or -1. 166 // The latter because r8818 (in this file) changes the meaning of 167 // entries [1] and above in a stack trace, by subtracting 1 from 168 // them. Hence stacks that used to end with a zero value now end in 169 // -1 and so we must detect that too. 170 if (0 == uregs.xip || 1 == uregs.xip) break; 171 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/ 172 + sizeof(Addr) /*ra*/; 173 uregs.xbp = (((UWord*)uregs.xbp)[0]); 174 if (sps) sps[i] = uregs.xsp; 175 if (fps) fps[i] = uregs.xbp; 176 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 177 if (debug) 178 VG_(printf)(" ipsF[%d]=0x%08lx\n", i-1, ips[i-1]); 179 uregs.xip = uregs.xip - 1; 180 /* as per comment at the head of this loop */ 181 continue; 182 } 183 184 /* That didn't work out, so see if there is any CF info to hand 185 which can be used. */ 186 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 187 if (0 == uregs.xip || 1 == uregs.xip) break; 188 if (sps) sps[i] = uregs.xsp; 189 if (fps) fps[i] = uregs.xbp; 190 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 191 if (debug) 192 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]); 193 uregs.xip = uregs.xip - 1; 194 /* as per comment at the head of this loop */ 195 continue; 196 } 197 198 /* And, similarly, try for MSVC FPO unwind info. */ 199 if ( VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp, 200 fp_min, fp_max ) ) { 201 if (0 == uregs.xip || 1 == uregs.xip) break; 202 if (sps) sps[i] = uregs.xsp; 203 if (fps) fps[i] = uregs.xbp; 204 ips[i++] = uregs.xip; 205 if (debug) 206 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]); 207 uregs.xip = uregs.xip - 1; 208 continue; 209 } 210 211 /* No luck. We have to give up. */ 212 break; 213 } 214 215 n_found = i; 216 return n_found; 217 } 218 219 #endif 220 221 /* ----------------------- amd64 ------------------------ */ 222 223 #if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) 224 225 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 226 /*OUT*/Addr* ips, UInt max_n_ips, 227 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 228 UnwindStartRegs* startRegs, 229 Addr fp_max_orig ) 230 { 231 Bool debug = False; 232 Int i; 233 Addr fp_max; 234 UInt n_found = 0; 235 236 vg_assert(sizeof(Addr) == sizeof(UWord)); 237 vg_assert(sizeof(Addr) == sizeof(void*)); 238 239 D3UnwindRegs uregs; 240 uregs.xip = startRegs->r_pc; 241 uregs.xsp = startRegs->r_sp; 242 uregs.xbp = startRegs->misc.AMD64.r_rbp; 243 Addr fp_min = uregs.xsp; 244 245 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 246 stopping when the trail goes cold, which we guess to be 247 when FP is not a reasonable stack location. */ 248 249 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 250 // current page, at least. Dunno if it helps. 251 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 252 fp_max = VG_PGROUNDUP(fp_max_orig); 253 if (fp_max >= sizeof(Addr)) 254 fp_max -= sizeof(Addr); 255 256 if (debug) 257 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 258 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 259 max_n_ips, fp_min, fp_max_orig, fp_max, 260 uregs.xip, uregs.xbp); 261 262 /* Assertion broken before main() is reached in pthreaded programs; the 263 * offending stack traces only have one item. --njn, 2002-aug-16 */ 264 /* vg_assert(fp_min <= fp_max);*/ 265 // On Darwin, this kicks in for pthread-related stack traces, so they're 266 // only 1 entry long which is wrong. 267 # if !defined(VGO_darwin) 268 if (fp_min + 256 >= fp_max) { 269 /* If the stack limits look bogus, don't poke around ... but 270 don't bomb out either. */ 271 if (sps) sps[0] = uregs.xsp; 272 if (fps) fps[0] = uregs.xbp; 273 ips[0] = uregs.xip; 274 return 1; 275 } 276 # endif 277 278 /* fp is %rbp. sp is %rsp. ip is %rip. */ 279 280 ips[0] = uregs.xip; 281 if (sps) sps[0] = uregs.xsp; 282 if (fps) fps[0] = uregs.xbp; 283 i = 1; 284 285 /* Loop unwinding the stack. Note that the IP value we get on 286 * each pass (whether from CFI info or a stack frame) is a 287 * return address so is actually after the calling instruction 288 * in the calling function. 289 * 290 * Because of this we subtract one from the IP after each pass 291 * of the loop so that we find the right CFI block on the next 292 * pass - otherwise we can find the wrong CFI info if it happens 293 * to change after the calling instruction and that will mean 294 * that we will fail to unwind the next step. 295 * 296 * This most frequently happens at the end of a function when 297 * a tail call occurs and we wind up using the CFI info for the 298 * next function which is completely wrong. 299 */ 300 while (True) { 301 302 if (i >= max_n_ips) 303 break; 304 305 /* Try to derive a new (ip,sp,fp) triple from the current set. */ 306 307 /* First off, see if there is any CFI info to hand which can 308 be used. */ 309 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 310 if (0 == uregs.xip || 1 == uregs.xip) break; 311 if (sps) sps[i] = uregs.xsp; 312 if (fps) fps[i] = uregs.xbp; 313 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 314 if (debug) 315 VG_(printf)(" ipsC[%d]=%#08lx\n", i-1, ips[i-1]); 316 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 317 continue; 318 } 319 320 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so 321 we can safely try the old-fashioned method. */ 322 /* This bit is supposed to deal with frames resulting from 323 functions which begin "pushq %rbp ; movq %rsp, %rbp". 324 Unfortunately, since we can't (easily) look at the insns at 325 the start of the fn, like GDB does, there's no reliable way 326 to tell. Hence the hack of first trying out CFI, and if that 327 fails, then use this as a fallback. */ 328 /* Note: re "- 1 * sizeof(UWord)", need to take account of the 329 fact that we are prodding at & ((UWord*)fp)[1] and so need to 330 adjust the limit check accordingly. Omitting this has been 331 observed to cause segfaults on rare occasions. */ 332 if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) { 333 /* fp looks sane, so use it. */ 334 uregs.xip = (((UWord*)uregs.xbp)[1]); 335 if (0 == uregs.xip || 1 == uregs.xip) break; 336 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/ 337 + sizeof(Addr) /*ra*/; 338 uregs.xbp = (((UWord*)uregs.xbp)[0]); 339 if (sps) sps[i] = uregs.xsp; 340 if (fps) fps[i] = uregs.xbp; 341 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 342 if (debug) 343 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]); 344 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 345 continue; 346 } 347 348 /* Last-ditch hack (evidently GDB does something similar). We 349 are in the middle of nowhere and we have a nonsense value for 350 the frame pointer. If the stack pointer is still valid, 351 assume that what it points at is a return address. Yes, 352 desperate measures. Could do better here: 353 - check that the supposed return address is in 354 an executable page 355 - check that the supposed return address is just after a call insn 356 - given those two checks, don't just consider *sp as the return 357 address; instead scan a likely section of stack (eg sp .. sp+256) 358 and use suitable values found there. 359 */ 360 if (fp_min <= uregs.xsp && uregs.xsp < fp_max) { 361 uregs.xip = ((UWord*)uregs.xsp)[0]; 362 if (0 == uregs.xip || 1 == uregs.xip) break; 363 if (sps) sps[i] = uregs.xsp; 364 if (fps) fps[i] = uregs.xbp; 365 ips[i++] = uregs.xip == 0 366 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a 367 thread stack */ 368 : uregs.xip - 1; 369 /* -1: refer to calling insn, not the RA */ 370 if (debug) 371 VG_(printf)(" ipsH[%d]=%#08lx\n", i-1, ips[i-1]); 372 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 373 uregs.xsp += 8; 374 continue; 375 } 376 377 /* No luck at all. We have to give up. */ 378 break; 379 } 380 381 n_found = i; 382 return n_found; 383 } 384 385 #endif 386 387 /* -----------------------ppc32/64 ---------------------- */ 388 389 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux) 390 391 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 392 /*OUT*/Addr* ips, UInt max_n_ips, 393 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 394 UnwindStartRegs* startRegs, 395 Addr fp_max_orig ) 396 { 397 Bool lr_is_first_RA = False; 398 # if defined(VG_PLAT_USES_PPCTOC) 399 Word redir_stack_size = 0; 400 Word redirs_used = 0; 401 # endif 402 403 Bool debug = False; 404 Int i; 405 Addr fp_max; 406 UInt n_found = 0; 407 408 vg_assert(sizeof(Addr) == sizeof(UWord)); 409 vg_assert(sizeof(Addr) == sizeof(void*)); 410 411 Addr ip = (Addr)startRegs->r_pc; 412 Addr sp = (Addr)startRegs->r_sp; 413 Addr fp = sp; 414 # if defined(VGP_ppc32_linux) 415 Addr lr = startRegs->misc.PPC32.r_lr; 416 # elif defined(VGP_ppc64_linux) 417 Addr lr = startRegs->misc.PPC64.r_lr; 418 # endif 419 Addr fp_min = sp; 420 421 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 422 stopping when the trail goes cold, which we guess to be 423 when FP is not a reasonable stack location. */ 424 425 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 426 // current page, at least. Dunno if it helps. 427 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 428 fp_max = VG_PGROUNDUP(fp_max_orig); 429 if (fp_max >= sizeof(Addr)) 430 fp_max -= sizeof(Addr); 431 432 if (debug) 433 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 434 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 435 max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp); 436 437 /* Assertion broken before main() is reached in pthreaded programs; the 438 * offending stack traces only have one item. --njn, 2002-aug-16 */ 439 /* vg_assert(fp_min <= fp_max);*/ 440 if (fp_min + 512 >= fp_max) { 441 /* If the stack limits look bogus, don't poke around ... but 442 don't bomb out either. */ 443 if (sps) sps[0] = sp; 444 if (fps) fps[0] = fp; 445 ips[0] = ip; 446 return 1; 447 } 448 449 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and 450 frame pointers. */ 451 452 # if defined(VGP_ppc64_linux) 453 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE; 454 redirs_used = 0; 455 # endif 456 457 # if defined(VG_PLAT_USES_PPCTOC) 458 /* Deal with bogus LR values caused by function 459 interception/wrapping on ppc-TOC platforms; see comment on 460 similar code a few lines further down. */ 461 if (ULong_to_Ptr(lr) == (void*)&VG_(ppctoc_magic_redirect_return_stub) 462 && VG_(is_valid_tid)(tid_if_known)) { 463 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP; 464 redirs_used++; 465 if (hsp >= 1 && hsp < redir_stack_size) 466 lr = VG_(threads)[tid_if_known] 467 .arch.vex.guest_REDIR_STACK[hsp-1]; 468 } 469 # endif 470 471 /* We have to determine whether or not LR currently holds this fn 472 (call it F)'s return address. It might not if F has previously 473 called some other function, hence overwriting LR with a pointer 474 to some part of F. Hence if LR and IP point to the same 475 function then we conclude LR does not hold this function's 476 return address; instead the LR at entry must have been saved in 477 the stack by F's prologue and so we must get it from there 478 instead. Note all this guff only applies to the innermost 479 frame. */ 480 lr_is_first_RA = False; 481 { 482 # define M_VG_ERRTXT 1000 483 UChar buf_lr[M_VG_ERRTXT], buf_ip[M_VG_ERRTXT]; 484 /* The following conditional looks grossly inefficient and 485 surely could be majorly improved, with not much effort. */ 486 if (VG_(get_fnname_raw) (lr, buf_lr, M_VG_ERRTXT)) 487 if (VG_(get_fnname_raw) (ip, buf_ip, M_VG_ERRTXT)) 488 if (VG_(strncmp)(buf_lr, buf_ip, M_VG_ERRTXT)) 489 lr_is_first_RA = True; 490 # undef M_VG_ERRTXT 491 } 492 493 if (sps) sps[0] = fp; /* NB. not sp */ 494 if (fps) fps[0] = fp; 495 ips[0] = ip; 496 i = 1; 497 498 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) { 499 500 /* initial FP is sane; keep going */ 501 fp = (((UWord*)fp)[0]); 502 503 while (True) { 504 505 /* On ppc64-linux (ppc64-elf, really), the lr save 506 slot is 2 words back from sp, whereas on ppc32-elf(?) it's 507 only one word back. */ 508 # if defined(VG_PLAT_USES_PPCTOC) 509 const Int lr_offset = 2; 510 # else 511 const Int lr_offset = 1; 512 # endif 513 514 if (i >= max_n_ips) 515 break; 516 517 /* Try to derive a new (ip,fp) pair from the current set. */ 518 519 if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) { 520 /* fp looks sane, so use it. */ 521 522 if (i == 1 && lr_is_first_RA) 523 ip = lr; 524 else 525 ip = (((UWord*)fp)[lr_offset]); 526 527 # if defined(VG_PLAT_USES_PPCTOC) 528 /* Nasty hack to do with function replacement/wrapping on 529 ppc64-linux. If LR points to our magic return stub, 530 then we are in a wrapped or intercepted function, in 531 which LR has been messed with. The original LR will 532 have been pushed onto the thread's hidden REDIR stack 533 one down from the top (top element is the saved R2) and 534 so we should restore the value from there instead. 535 Since nested redirections can and do happen, we keep 536 track of the number of nested LRs used by the unwinding 537 so far with 'redirs_used'. */ 538 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub) 539 && VG_(is_valid_tid)(tid_if_known)) { 540 Word hsp = VG_(threads)[tid_if_known] 541 .arch.vex.guest_REDIR_SP; 542 hsp -= 2 * redirs_used; 543 redirs_used ++; 544 if (hsp >= 1 && hsp < redir_stack_size) 545 ip = VG_(threads)[tid_if_known] 546 .arch.vex.guest_REDIR_STACK[hsp-1]; 547 } 548 # endif 549 550 if (0 == ip || 1 == ip) break; 551 if (sps) sps[i] = fp; /* NB. not sp */ 552 if (fps) fps[i] = fp; 553 fp = (((UWord*)fp)[0]); 554 ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */ 555 if (debug) 556 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]); 557 ip = ip - 1; /* ip is probably dead at this point, but 558 play safe, a la x86/amd64 above. See 559 extensive comments above. */ 560 continue; 561 } 562 563 /* No luck there. We have to give up. */ 564 break; 565 } 566 } 567 568 n_found = i; 569 return n_found; 570 } 571 572 #endif 573 574 /* ------------------------ arm ------------------------- */ 575 576 #if defined(VGP_arm_linux) 577 578 static Bool in_same_fn ( Addr a1, Addr a2 ) 579 { 580 # define M_VG_ERRTXT 500 581 UChar buf_a1[M_VG_ERRTXT], buf_a2[M_VG_ERRTXT]; 582 /* The following conditional looks grossly inefficient and 583 surely could be majorly improved, with not much effort. */ 584 if (VG_(get_fnname_raw) (a1, buf_a1, M_VG_ERRTXT)) 585 if (VG_(get_fnname_raw) (a2, buf_a2, M_VG_ERRTXT)) 586 if (VG_(strncmp)(buf_a1, buf_a2, M_VG_ERRTXT)) 587 return True; 588 # undef M_VG_ERRTXT 589 return False; 590 } 591 592 static Bool in_same_page ( Addr a1, Addr a2 ) { 593 return (a1 & ~0xFFF) == (a2 & ~0xFFF); 594 } 595 596 static Addr abs_diff ( Addr a1, Addr a2 ) { 597 return (Addr)(a1 > a2 ? a1 - a2 : a2 - a1); 598 } 599 600 static Bool has_XT_perms ( Addr a ) 601 { 602 NSegment const* seg = VG_(am_find_nsegment)(a); 603 return seg && seg->hasX && seg->hasT; 604 } 605 606 static Bool looks_like_Thumb_call32 ( UShort w0, UShort w1 ) 607 { 608 if (0) 609 VG_(printf)("isT32call %04x %04x\n", (UInt)w0, (UInt)w1); 610 // BL simm26 611 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True; 612 // BLX simm26 613 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True; 614 return False; 615 } 616 617 static Bool looks_like_Thumb_call16 ( UShort w0 ) 618 { 619 return False; 620 } 621 622 static Bool looks_like_ARM_call ( UInt a0 ) 623 { 624 if (0) 625 VG_(printf)("isA32call %08x\n", a0); 626 // Leading E forces unconditional only -- fix 627 if ((a0 & 0xFF000000) == 0xEB000000) return True; 628 return False; 629 } 630 631 static Bool looks_like_RA ( Addr ra ) 632 { 633 /* 'ra' is a plausible return address if it points to 634 an instruction after a call insn. */ 635 Bool isT = (ra & 1); 636 if (isT) { 637 // returning to Thumb code 638 ra &= ~1; 639 ra -= 4; 640 if (has_XT_perms(ra)) { 641 UShort w0 = *(UShort*)ra; 642 UShort w1 = in_same_page(ra, ra+2) ? *(UShort*)(ra+2) : 0; 643 if (looks_like_Thumb_call16(w1) || looks_like_Thumb_call32(w0,w1)) 644 return True; 645 } 646 } else { 647 // ARM 648 ra &= ~3; 649 ra -= 4; 650 if (has_XT_perms(ra)) { 651 UInt a0 = *(UInt*)ra; 652 if (looks_like_ARM_call(a0)) 653 return True; 654 } 655 } 656 return False; 657 } 658 659 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 660 /*OUT*/Addr* ips, UInt max_n_ips, 661 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 662 UnwindStartRegs* startRegs, 663 Addr fp_max_orig ) 664 { 665 Bool debug = False; 666 Int i; 667 Addr fp_max; 668 UInt n_found = 0; 669 670 vg_assert(sizeof(Addr) == sizeof(UWord)); 671 vg_assert(sizeof(Addr) == sizeof(void*)); 672 673 D3UnwindRegs uregs; 674 uregs.r15 = startRegs->r_pc & 0xFFFFFFFE; 675 uregs.r14 = startRegs->misc.ARM.r14; 676 uregs.r13 = startRegs->r_sp; 677 uregs.r12 = startRegs->misc.ARM.r12; 678 uregs.r11 = startRegs->misc.ARM.r11; 679 uregs.r7 = startRegs->misc.ARM.r7; 680 Addr fp_min = uregs.r13; 681 682 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 683 stopping when the trail goes cold, which we guess to be 684 when FP is not a reasonable stack location. */ 685 686 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 687 // current page, at least. Dunno if it helps. 688 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 689 fp_max = VG_PGROUNDUP(fp_max_orig); 690 if (fp_max >= sizeof(Addr)) 691 fp_max -= sizeof(Addr); 692 693 if (debug) 694 VG_(printf)("\nmax_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 695 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n", 696 max_n_ips, fp_min, fp_max_orig, fp_max, 697 uregs.r15, uregs.r13); 698 699 /* Assertion broken before main() is reached in pthreaded programs; the 700 * offending stack traces only have one item. --njn, 2002-aug-16 */ 701 /* vg_assert(fp_min <= fp_max);*/ 702 // On Darwin, this kicks in for pthread-related stack traces, so they're 703 // only 1 entry long which is wrong. 704 if (fp_min + 512 >= fp_max) { 705 /* If the stack limits look bogus, don't poke around ... but 706 don't bomb out either. */ 707 if (sps) sps[0] = uregs.r13; 708 if (fps) fps[0] = 0; 709 ips[0] = uregs.r15; 710 return 1; 711 } 712 713 /* */ 714 715 if (sps) sps[0] = uregs.r13; 716 if (fps) fps[0] = 0; 717 ips[0] = uregs.r15; 718 i = 1; 719 720 /* Loop unwinding the stack. */ 721 Bool do_stack_scan = False; 722 723 while (True) { 724 if (debug) { 725 VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n", 726 i, uregs.r15, uregs.r13); 727 } 728 729 if (i >= max_n_ips) 730 break; 731 732 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 733 if (sps) sps[i] = uregs.r13; 734 if (fps) fps[i] = 0; 735 ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1; 736 if (debug) 737 VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n", 738 uregs.r15, uregs.r13); 739 uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1; 740 continue; 741 } 742 /* No luck. We have to give up. */ 743 do_stack_scan = True; 744 break; 745 } 746 747 if (0/*DISABLED BY DEFAULT*/ && do_stack_scan && i < max_n_ips && i <= 2) { 748 Int nByStackScan = 0; 749 Addr lr = uregs.r14; 750 Addr sp = uregs.r13 & ~3; 751 Addr pc = uregs.r15; 752 // First see if LR contains 753 // something that could be a valid return address. 754 if (!in_same_fn(lr, pc) && looks_like_RA(lr)) { 755 // take it only if 'cand' isn't obviously a duplicate 756 // of the last found IP value 757 Addr cand = (lr & 0xFFFFFFFE) - 1; 758 if (abs_diff(cand, ips[i-1]) > 1) { 759 if (sps) sps[i] = 0; 760 if (fps) fps[i] = 0; 761 ips[i++] = cand; 762 nByStackScan++; 763 } 764 } 765 while (in_same_page(sp, uregs.r13)) { 766 if (i >= max_n_ips) 767 break; 768 // we're in the same page; fairly safe to keep going 769 UWord w = *(UWord*)(sp & ~0x3); 770 if (looks_like_RA(w)) { 771 Addr cand = (w & 0xFFFFFFFE) - 1; 772 // take it only if 'cand' isn't obviously a duplicate 773 // of the last found IP value 774 if (abs_diff(cand, ips[i-1]) > 1) { 775 if (sps) sps[i] = 0; 776 if (fps) fps[i] = 0; 777 ips[i++] = cand; 778 if (++nByStackScan >= 5) break; 779 } 780 } 781 sp += 4; 782 } 783 } 784 785 n_found = i; 786 return n_found; 787 } 788 789 #endif 790 791 /* ------------------------ s390x ------------------------- */ 792 793 #if defined(VGP_s390x_linux) 794 795 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 796 /*OUT*/Addr* ips, UInt max_n_ips, 797 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 798 UnwindStartRegs* startRegs, 799 Addr fp_max_orig ) 800 { 801 Bool debug = False; 802 Int i; 803 Addr fp_max; 804 UInt n_found = 0; 805 806 vg_assert(sizeof(Addr) == sizeof(UWord)); 807 vg_assert(sizeof(Addr) == sizeof(void*)); 808 809 D3UnwindRegs uregs; 810 uregs.ia = startRegs->r_pc; 811 uregs.sp = startRegs->r_sp; 812 Addr fp_min = uregs.sp; 813 uregs.fp = startRegs->misc.S390X.r_fp; 814 uregs.lr = startRegs->misc.S390X.r_lr; 815 816 fp_max = VG_PGROUNDUP(fp_max_orig); 817 if (fp_max >= sizeof(Addr)) 818 fp_max -= sizeof(Addr); 819 820 if (debug) 821 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 822 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n", 823 max_n_ips, fp_min, fp_max_orig, fp_max, 824 uregs.ia, uregs.sp,uregs.fp); 825 826 /* The first frame is pretty obvious */ 827 ips[0] = uregs.ia; 828 if (sps) sps[0] = uregs.sp; 829 if (fps) fps[0] = uregs.fp; 830 i = 1; 831 832 /* for everything else we have to rely on the eh_frame. gcc defaults to 833 not create a backchain and all the other tools (like gdb) also have 834 to use the CFI. */ 835 while (True) { 836 if (i >= max_n_ips) 837 break; 838 839 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 840 if (sps) sps[i] = uregs.sp; 841 if (fps) fps[i] = uregs.fp; 842 ips[i++] = uregs.ia - 1; 843 uregs.ia = uregs.ia - 1; 844 continue; 845 } 846 /* A problem on the first frame? Lets assume it was a bad jump. 847 We will use the link register and the current stack and frame 848 pointers and see if we can use the CFI in the next round. */ 849 if (i == 1) { 850 if (sps) { 851 sps[i] = sps[0]; 852 uregs.sp = sps[0]; 853 } 854 if (fps) { 855 fps[i] = fps[0]; 856 uregs.fp = fps[0]; 857 } 858 uregs.ia = uregs.lr - 1; 859 ips[i++] = uregs.lr - 1; 860 continue; 861 } 862 863 /* No luck. We have to give up. */ 864 break; 865 } 866 867 n_found = i; 868 return n_found; 869 } 870 871 #endif 872 873 /* ------------------------ mips 32------------------------- */ 874 875 #if defined(VGP_mips32_linux) 876 877 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 878 /*OUT*/Addr* ips, UInt max_n_ips, 879 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 880 UnwindStartRegs* startRegs, 881 Addr fp_max_orig ) 882 { 883 Bool debug = False; 884 Int i; 885 Addr fp_max; 886 UInt n_found = 0; 887 888 vg_assert(sizeof(Addr) == sizeof(UWord)); 889 vg_assert(sizeof(Addr) == sizeof(void*)); 890 891 D3UnwindRegs uregs; 892 uregs.pc = startRegs->r_pc; 893 uregs.sp = startRegs->r_sp; 894 Addr fp_min = uregs.sp; 895 896 uregs.fp = startRegs->misc.MIPS32.r30; 897 uregs.ra = startRegs->misc.MIPS32.r31; 898 899 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 900 stopping when the trail goes cold, which we guess to be 901 when FP is not a reasonable stack location. */ 902 903 fp_max = VG_PGROUNDUP(fp_max_orig); 904 if (fp_max >= sizeof(Addr)) 905 fp_max -= sizeof(Addr); 906 907 if (debug) 908 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 909 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n", 910 max_n_ips, fp_min, fp_max_orig, fp_max, 911 uregs.pc, uregs.sp, uregs.fp); 912 913 if (sps) sps[0] = uregs.sp; 914 if (fps) fps[0] = uregs.fp; 915 ips[0] = uregs.pc; 916 i = 1; 917 918 /* Loop unwinding the stack. */ 919 920 while (True) { 921 if (debug) { 922 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n", 923 i, uregs.pc, uregs.sp, uregs.ra); 924 } 925 if (i >= max_n_ips) 926 break; 927 928 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 929 if (debug) 930 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n", 931 uregs.pc, uregs.sp, uregs.ra); 932 if (0 == uregs.pc || 1 == uregs.pc) break; 933 if (sps) sps[i] = uregs.sp; 934 if (fps) fps[i] = uregs.fp; 935 ips[i++] = uregs.pc - 4; 936 uregs.pc = uregs.pc - 4; 937 continue; 938 } 939 940 int seen_sp_adjust = 0; 941 long frame_offset = 0; 942 PtrdiffT offset; 943 if (VG_(get_inst_offset_in_function)(uregs.pc, &offset)) { 944 Addr start_pc = uregs.pc - offset; 945 Addr limit_pc = uregs.pc; 946 Addr cur_pc; 947 for (cur_pc = start_pc; cur_pc < limit_pc; cur_pc += 4) { 948 unsigned long inst, high_word, low_word; 949 unsigned long * cur_inst; 950 int reg; 951 /* Fetch the instruction. */ 952 cur_inst = (unsigned long *)cur_pc; 953 inst = *((UInt *) cur_inst); 954 if(debug) 955 VG_(printf)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc, inst); 956 957 /* Save some code by pre-extracting some useful fields. */ 958 high_word = (inst >> 16) & 0xffff; 959 low_word = inst & 0xffff; 960 reg = high_word & 0x1f; 961 962 if (high_word == 0x27bd /* addiu $sp,$sp,-i */ 963 || high_word == 0x23bd /* addi $sp,$sp,-i */ 964 || high_word == 0x67bd) { /* daddiu $sp,$sp,-i */ 965 if (low_word & 0x8000) /* negative stack adjustment? */ 966 frame_offset += 0x10000 - low_word; 967 else 968 /* Exit loop if a positive stack adjustment is found, which 969 usually means that the stack cleanup code in the function 970 epilogue is reached. */ 971 break; 972 seen_sp_adjust = 1; 973 } 974 } 975 if(debug) 976 VG_(printf)("offset: 0x%lx\n", frame_offset); 977 } 978 if (seen_sp_adjust) { 979 if (0 == uregs.pc || 1 == uregs.pc) break; 980 if (uregs.pc == uregs.ra - 8) break; 981 if (sps) { 982 sps[i] = uregs.sp + frame_offset; 983 } 984 uregs.sp = uregs.sp + frame_offset; 985 986 if (fps) { 987 fps[i] = fps[0]; 988 uregs.fp = fps[0]; 989 } 990 if (0 == uregs.ra || 1 == uregs.ra) break; 991 uregs.pc = uregs.ra - 8; 992 ips[i++] = uregs.ra - 8; 993 continue; 994 } 995 996 if (i == 1) { 997 if (sps) { 998 sps[i] = sps[0]; 999 uregs.sp = sps[0]; 1000 } 1001 if (fps) { 1002 fps[i] = fps[0]; 1003 uregs.fp = fps[0]; 1004 } 1005 if (0 == uregs.ra || 1 == uregs.ra) break; 1006 uregs.pc = uregs.ra - 8; 1007 ips[i++] = uregs.ra - 8; 1008 continue; 1009 } 1010 /* No luck. We have to give up. */ 1011 break; 1012 } 1013 1014 n_found = i; 1015 return n_found; 1016 } 1017 1018 #endif 1019 1020 1021 /*------------------------------------------------------------*/ 1022 /*--- ---*/ 1023 /*--- END platform-dependent unwinder worker functions ---*/ 1024 /*--- ---*/ 1025 /*------------------------------------------------------------*/ 1026 1027 /*------------------------------------------------------------*/ 1028 /*--- Exported functions. ---*/ 1029 /*------------------------------------------------------------*/ 1030 1031 UInt VG_(get_StackTrace) ( ThreadId tid, 1032 /*OUT*/StackTrace ips, UInt max_n_ips, 1033 /*OUT*/StackTrace sps, 1034 /*OUT*/StackTrace fps, 1035 Word first_ip_delta ) 1036 { 1037 /* Get the register values with which to start the unwind. */ 1038 UnwindStartRegs startRegs; 1039 VG_(memset)( &startRegs, 0, sizeof(startRegs) ); 1040 VG_(get_UnwindStartRegs)( &startRegs, tid ); 1041 1042 Addr stack_highest_word = VG_(threads)[tid].client_stack_highest_word; 1043 Addr stack_lowest_word = 0; 1044 1045 # if defined(VGP_x86_linux) 1046 /* Nasty little hack to deal with syscalls - if libc is using its 1047 _dl_sysinfo_int80 function for syscalls (the TLS version does), 1048 then ip will always appear to be in that function when doing a 1049 syscall, not the actual libc function doing the syscall. This 1050 check sees if IP is within that function, and pops the return 1051 address off the stack so that ip is placed within the library 1052 function calling the syscall. This makes stack backtraces much 1053 more useful. 1054 1055 The function is assumed to look like this (from glibc-2.3.6 sources): 1056 _dl_sysinfo_int80: 1057 int $0x80 1058 ret 1059 That is 3 (2+1) bytes long. We could be more thorough and check 1060 the 3 bytes of the function are as expected, but I can't be 1061 bothered. 1062 */ 1063 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */ 1064 && startRegs.r_pc >= VG_(client__dl_sysinfo_int80) 1065 && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3 1066 && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr), 1067 VKI_PROT_READ)) { 1068 startRegs.r_pc = (ULong) *(Addr*)(UWord)startRegs.r_sp; 1069 startRegs.r_sp += (ULong) sizeof(Addr); 1070 } 1071 # endif 1072 1073 /* See if we can get a better idea of the stack limits */ 1074 VG_(stack_limits)( (Addr)startRegs.r_sp, 1075 &stack_lowest_word, &stack_highest_word ); 1076 1077 /* Take into account the first_ip_delta. */ 1078 startRegs.r_pc += (Long)(Word)first_ip_delta; 1079 1080 if (0) 1081 VG_(printf)("tid %d: stack_highest=0x%08lx ip=0x%010llx " 1082 "sp=0x%010llx\n", 1083 tid, stack_highest_word, 1084 startRegs.r_pc, startRegs.r_sp); 1085 1086 return VG_(get_StackTrace_wrk)(tid, ips, max_n_ips, 1087 sps, fps, 1088 &startRegs, 1089 stack_highest_word); 1090 } 1091 1092 static void printIpDesc(UInt n, Addr ip, void* uu_opaque) 1093 { 1094 #define BUF_LEN 4096 1095 1096 static UChar buf[BUF_LEN]; 1097 1098 VG_(describe_IP)(ip, buf, BUF_LEN); 1099 1100 if (VG_(clo_xml)) { 1101 VG_(printf_xml)(" %s\n", buf); 1102 } else { 1103 VG_(message)(Vg_UserMsg, " %s %s\n", ( n == 0 ? "at" : "by" ), buf); 1104 } 1105 } 1106 1107 /* Print a StackTrace. */ 1108 void VG_(pp_StackTrace) ( StackTrace ips, UInt n_ips ) 1109 { 1110 vg_assert( n_ips > 0 ); 1111 1112 if (VG_(clo_xml)) 1113 VG_(printf_xml)(" <stack>\n"); 1114 1115 VG_(apply_StackTrace)( printIpDesc, NULL, ips, n_ips ); 1116 1117 if (VG_(clo_xml)) 1118 VG_(printf_xml)(" </stack>\n"); 1119 } 1120 1121 /* Get and immediately print a StackTrace. */ 1122 void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips ) 1123 { 1124 Addr ips[max_n_ips]; 1125 UInt n_ips 1126 = VG_(get_StackTrace)(tid, ips, max_n_ips, 1127 NULL/*array to dump SP values in*/, 1128 NULL/*array to dump FP values in*/, 1129 0/*first_ip_delta*/); 1130 VG_(pp_StackTrace)(ips, n_ips); 1131 } 1132 1133 void VG_(apply_StackTrace)( 1134 void(*action)(UInt n, Addr ip, void* opaque), 1135 void* opaque, 1136 StackTrace ips, UInt n_ips 1137 ) 1138 { 1139 Bool main_done = False; 1140 Int i = 0; 1141 1142 vg_assert(n_ips > 0); 1143 do { 1144 Addr ip = ips[i]; 1145 1146 // Stop after the first appearance of "main" or one of the other names 1147 // (the appearance of which is a pretty good sign that we've gone past 1148 // main without seeing it, for whatever reason) 1149 if ( ! VG_(clo_show_below_main) ) { 1150 Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ip); 1151 if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind) { 1152 main_done = True; 1153 } 1154 } 1155 1156 // Act on the ip 1157 action(i, ip, opaque); 1158 1159 i++; 1160 } while (i < n_ips && !main_done); 1161 1162 #undef MYBUF_LEN 1163 } 1164 1165 1166 /*--------------------------------------------------------------------*/ 1167 /*--- end ---*/ 1168 /*--------------------------------------------------------------------*/ 1169
