1 2 /*--------------------------------------------------------------------*/ 3 /*--- Take snapshots of client stacks. m_stacktrace.c ---*/ 4 /*--------------------------------------------------------------------*/ 5 6 /* 7 This file is part of Valgrind, a dynamic binary instrumentation 8 framework. 9 10 Copyright (C) 2000-2017 Julian Seward 11 jseward (at) acm.org 12 13 This program is free software; you can redistribute it and/or 14 modify it under the terms of the GNU General Public License as 15 published by the Free Software Foundation; either version 2 of the 16 License, or (at your option) any later version. 17 18 This program is distributed in the hope that it will be useful, but 19 WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with this program; if not, write to the Free Software 25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 26 02111-1307, USA. 27 28 The GNU General Public License is contained in the file COPYING. 29 */ 30 31 #include "pub_core_basics.h" 32 #include "pub_core_vki.h" 33 #include "pub_core_threadstate.h" 34 #include "pub_core_debuginfo.h" // XXX: circular dependency 35 #include "pub_core_aspacemgr.h" // For VG_(is_addressable)() 36 #include "pub_core_libcbase.h" 37 #include "pub_core_libcassert.h" 38 #include "pub_core_libcprint.h" 39 #include "pub_core_machine.h" 40 #include "pub_core_options.h" 41 #include "pub_core_stacks.h" // VG_(stack_limits) 42 #include "pub_core_stacktrace.h" 43 #include "pub_core_syswrap.h" // VG_(is_in_syscall) 44 #include "pub_core_xarray.h" 45 #include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80) 46 #include "pub_core_trampoline.h" 47 48 49 /*------------------------------------------------------------*/ 50 /*--- ---*/ 51 /*--- BEGIN platform-dependent unwinder worker functions ---*/ 52 /*--- ---*/ 53 /*------------------------------------------------------------*/ 54 55 /* Take a snapshot of the client's stack, putting up to 'max_n_ips' 56 IPs into 'ips'. In order to be thread-safe, we pass in the 57 thread's IP SP, FP if that's meaningful, and LR if that's 58 meaningful. Returns number of IPs put in 'ips'. 59 60 If you know what the thread ID for this stack is, send that as the 61 first parameter, else send zero. This helps generate better stack 62 traces on ppc64-linux and has no effect on other platforms. 63 */ 64 65 /* Do frame merging in the _i frames in _ips array of recursive cycles 66 of up to _nframes. The merge is done during stack unwinding 67 (i.e. in platform specific unwinders) to collect as many 68 "interesting" stack traces as possible. */ 69 #define RECURSIVE_MERGE(_nframes,_ips,_i) if (UNLIKELY(_nframes > 0)) \ 70 do { \ 71 Int dist; \ 72 for (dist = 1; dist <= _nframes && dist < (Int)_i; dist++) { \ 73 if (_ips[_i-1] == _ips[_i-1-dist]) { \ 74 _i = _i - dist; \ 75 break; \ 76 } \ 77 } \ 78 } while (0) 79 80 /* Note about calculation of fp_min : fp_min is the lowest address 81 which can be accessed during unwinding. This is SP - VG_STACK_REDZONE_SZB. 82 On most platforms, this will be equal to SP (as VG_STACK_REDZONE_SZB 83 is 0). However, on some platforms (e.g. amd64), there is an accessible 84 redzone below the SP. Some CFI unwind info are generated, taking this 85 into account. As an example, the following is a CFI unwind info on 86 amd64 found for a 'retq' instruction: 87 [0x400f7e .. 0x400f7e]: let cfa=oldSP+8 in RA=*(cfa+-8) SP=cfa+0 BP=*(cfa+-16) 88 0x400f7e: retq 89 As you can see, the previous BP is found 16 bytes below the cfa, which 90 is the oldSP+8. So, effectively, the BP is found 8 bytes below the SP. 91 The fp_min must take this into account, otherwise, VG_(use_CF_info) will 92 not unwind the BP. */ 93 94 /* ------------------------ x86 ------------------------- */ 95 96 #if defined(VGP_x86_linux) || defined(VGP_x86_darwin) \ 97 || defined(VGP_x86_solaris) 98 99 #define N_FP_CF_VERIF 1021 100 // prime number so that size of fp_CF_verif is just below 4K or 8K 101 // Note that this prime nr differs from the one chosen in 102 // m_debuginfo/debuginfo.c for the cfsi cache : in case we have 103 // a collision here between two IPs, we expect to not (often) have the 104 // same collision in the cfsi cache (and vice-versa). 105 106 // unwinding with fp chain is ok: 107 #define FPUNWIND 0 108 // there is no CFI info for this IP: 109 #define NOINFO 1 110 // Unwind with FP is not ok, must use CF unwind: 111 #define CFUNWIND 2 112 113 static Addr fp_CF_verif_cache [N_FP_CF_VERIF]; 114 115 /* An unwind done by following the fp chain technique can be incorrect 116 as not all frames are respecting the standard bp/sp ABI. 117 The CF information is now generated by default by gcc 118 (as part of the dwarf info). However, unwinding using CF information 119 is significantly slower : a slowdown of 20% has been observed 120 on an helgrind test case. 121 So, by default, the unwinding will be done using the fp chain. 122 But before accepting to unwind an IP with fp_chain, the result 123 of the unwind will be checked with the CF information. 124 This check can give 3 results: 125 FPUNWIND (0): there is CF info, and it gives the same result as fp unwind. 126 => it is assumed that future unwind for this IP can be done 127 with the fast fp chain, without further CF checking 128 NOINFO (1): there is no CF info (so, fp unwind is the only do-able thing) 129 CFUNWIND (2): there is CF info, but unwind result differs. 130 => it is assumed that future unwind for this IP must be done 131 with the CF info. 132 Of course, if each fp unwind implies a check done with a CF unwind, 133 it would just be slower => we cache the check result in an 134 array of checked Addr. 135 The check for an IP will be stored at 136 fp_CF_verif_cache[IP % N_FP_CF_VERIF] as one of: 137 IP ^ FPUNWIND 138 IP ^ NOINFO 139 IP ^ CFUNWIND 140 141 Note: we can re-use the last (ROUNDDOWN (log (N_FP_CF_VERIF))) bits 142 to store the check result, as they are guaranteed to be non significant 143 in the comparison between 2 IPs stored in fp_CF_verif_cache). 144 In other words, if two IPs are only differing on the last 2 bits, 145 then they will not land in the same cache bucket. 146 */ 147 148 /* cached result of VG_(FPO_info_present)(). Refreshed each time 149 the fp_CF_verif_generation is different of the current debuginfo 150 generation. */ 151 static Bool FPO_info_present = False; 152 153 static UInt fp_CF_verif_generation = 0; 154 // Our cache has to be maintained in sync with the CFI cache. 155 // Each time the debuginfo is changed, its generation will be incremented. 156 // We will clear our cache when our saved generation differs from 157 // the debuginfo generation. 158 159 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 160 /*OUT*/Addr* ips, UInt max_n_ips, 161 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 162 const UnwindStartRegs* startRegs, 163 Addr fp_max_orig ) 164 { 165 const Bool do_stats = False; // compute and output some stats regularly. 166 static struct { 167 UInt nr; // nr of stacktraces computed 168 UInt nf; // nr of frames computed 169 UInt Ca; // unwind for which cache indicates CFUnwind must be used. 170 UInt FF; // unwind for which cache indicates FPUnwind can be used. 171 UInt Cf; // unwind at end of stack+store CFUNWIND (xip not end of stack). 172 UInt Fw; // unwind at end of stack+store FPUNWIND 173 UInt FO; // unwind + store FPUNWIND 174 UInt CF; // unwind + store CFUNWIND. Details below. 175 UInt xi; UInt xs; UInt xb; // register(s) which caused a 'store CFUNWIND'. 176 UInt Ck; // unwind fp invalid+store FPUNWIND 177 UInt MS; // microsoft unwind 178 } stats; 179 180 const Bool debug = False; 181 // = VG_(debugLog_getLevel) () > 3; 182 // = True; 183 // = stats.nr >= 123456; 184 const HChar* unwind_case; // used when debug is True. 185 // Debugging this function is not straightforward. 186 // Here is the easiest way I have found: 187 // 1. Change the above to True. 188 // 2. Start your program under Valgrind with --tool=none --vgdb-error=0 189 // 3. Use GDB/vgdb to put a breakpoint where you want to debug the stacktrace 190 // 4. Continue till breakpoint is encountered 191 // 5. From GDB, use 'monitor v.info scheduler' and examine the unwind traces. 192 // You might have to do twice 'monitor v.info scheduler' to see 193 // the effect of caching the results of the verification. 194 // You can also modify the debug dynamically using by using 195 // 'monitor v.set debuglog 4. 196 197 Int i; 198 Addr fp_max; 199 UInt n_found = 0; 200 const Int cmrf = VG_(clo_merge_recursive_frames); 201 202 vg_assert(sizeof(Addr) == sizeof(UWord)); 203 vg_assert(sizeof(Addr) == sizeof(void*)); 204 205 D3UnwindRegs fpverif_uregs; // result of CF unwind for a check reason. 206 Addr xip_verified = 0; // xip for which we have calculated fpverif_uregs 207 // 0 assigned to silence false positive -Wuninitialized warning 208 // This is a false positive as xip_verified is assigned when 209 // xip_verif > CFUNWIND and only used if xip_verif > CFUNWIND. 210 211 D3UnwindRegs uregs; 212 uregs.xip = (Addr)startRegs->r_pc; 213 uregs.xsp = (Addr)startRegs->r_sp; 214 uregs.xbp = startRegs->misc.X86.r_ebp; 215 Addr fp_min = uregs.xsp - VG_STACK_REDZONE_SZB; 216 217 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 218 stopping when the trail goes cold, which we guess to be 219 when FP is not a reasonable stack location. */ 220 221 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 222 // current page, at least. Dunno if it helps. 223 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 224 fp_max = VG_PGROUNDUP(fp_max_orig); 225 if (fp_max >= sizeof(Addr)) 226 fp_max -= sizeof(Addr); 227 228 if (debug) 229 VG_(printf)("max_n_ips=%u fp_min=0x%08lx fp_max_orig=0x08%lx, " 230 "fp_max=0x%08lx ip=0x%08lx fp=0x%08lx\n", 231 max_n_ips, fp_min, fp_max_orig, fp_max, 232 uregs.xip, uregs.xbp); 233 234 /* Assertion broken before main() is reached in pthreaded programs; the 235 * offending stack traces only have one item. --njn, 2002-aug-16 */ 236 /* vg_assert(fp_min <= fp_max);*/ 237 // On Darwin, this kicks in for pthread-related stack traces, so they're 238 // only 1 entry long which is wrong. 239 # if defined(VGO_linux) 240 if (fp_min + 512 >= fp_max) { 241 /* If the stack limits look bogus, don't poke around ... but 242 don't bomb out either. */ 243 # elif defined(VGO_solaris) 244 if (fp_max == 0) { 245 /* VG_(get_StackTrace)() can be called by tools very early when 246 various tracing options are enabled. Don't proceed further 247 if the stack limits look bogus. 248 */ 249 # endif 250 # if defined(VGO_linux) || defined(VGO_solaris) 251 if (sps) sps[0] = uregs.xsp; 252 if (fps) fps[0] = uregs.xbp; 253 ips[0] = uregs.xip; 254 return 1; 255 } 256 # endif 257 258 if (UNLIKELY (fp_CF_verif_generation != VG_(debuginfo_generation)())) { 259 fp_CF_verif_generation = VG_(debuginfo_generation)(); 260 VG_(memset)(&fp_CF_verif_cache, 0, sizeof(fp_CF_verif_cache)); 261 FPO_info_present = VG_(FPO_info_present)(); 262 } 263 264 265 /* Loop unwinding the stack. Note that the IP value we get on 266 * each pass (whether from CFI info or a stack frame) is a 267 * return address so is actually after the calling instruction 268 * in the calling function. 269 * 270 * Because of this we subtract one from the IP after each pass 271 * of the loop so that we find the right CFI block on the next 272 * pass - otherwise we can find the wrong CFI info if it happens 273 * to change after the calling instruction and that will mean 274 * that we will fail to unwind the next step. 275 * 276 * This most frequently happens at the end of a function when 277 * a tail call occurs and we wind up using the CFI info for the 278 * next function which is completely wrong. 279 */ 280 if (sps) sps[0] = uregs.xsp; 281 if (fps) fps[0] = uregs.xbp; 282 ips[0] = uregs.xip; 283 i = 1; 284 if (do_stats) stats.nr++; 285 286 while (True) { 287 288 if (i >= max_n_ips) 289 break; 290 291 UWord hash = uregs.xip % N_FP_CF_VERIF; 292 Addr xip_verif = uregs.xip ^ fp_CF_verif_cache [hash]; 293 if (debug) 294 VG_(printf)(" uregs.xip 0x%08lx xip_verif[0x%08lx]" 295 " xbp 0x%08lx xsp 0x%08lx\n", 296 uregs.xip, xip_verif, 297 uregs.xbp, uregs.xsp); 298 // If xip is in cache, then xip_verif will be <= CFUNWIND. 299 // Otherwise, if not in cache, xip_verif will be > CFUNWIND. 300 301 /* Try to derive a new (ip,sp,fp) triple from the current set. */ 302 303 /* Do we have to do CFI unwinding ? 304 We do CFI unwinding if one of the following condition holds: 305 a. fp_CF_verif_cache contains xip but indicates CFUNWIND must 306 be done (i.e. fp unwind check failed when we did the first 307 unwind for this IP). 308 b. fp_CF_verif_cache does not contain xip. 309 We will try CFI unwinding in fpverif_uregs and compare with 310 FP unwind result to insert xip in the cache with the correct 311 indicator. */ 312 if (UNLIKELY(xip_verif >= CFUNWIND)) { 313 if (xip_verif == CFUNWIND) { 314 /* case a : do "real" cfi unwind */ 315 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 316 if (debug) unwind_case = "Ca"; 317 if (do_stats) stats.Ca++; 318 goto unwind_done; 319 } 320 /* ??? cache indicates we have to do CFI unwind (so, we 321 previously found CFI info, and failed the fp unwind 322 check). Now, we just failed with CFI. So, once we 323 succeed, once we fail. No idea what is going on => 324 cleanup the cache entry and fallover to fp unwind (this 325 time). */ 326 fp_CF_verif_cache [hash] = 0; 327 if (debug) VG_(printf)(" cache reset as CFI ok then nok\n"); 328 //??? stats 329 xip_verif = NOINFO; 330 } else { 331 /* case b : do "verif" cfi unwind in fpverif_uregs */ 332 fpverif_uregs = uregs; 333 xip_verified = uregs.xip; 334 if ( !VG_(use_CF_info)( &fpverif_uregs, fp_min, fp_max ) ) { 335 fp_CF_verif_cache [hash] = uregs.xip ^ NOINFO; 336 if (debug) VG_(printf)(" cache NOINFO fpverif_uregs\n"); 337 xip_verif = NOINFO; 338 } 339 } 340 } 341 342 /* On x86, try the old-fashioned method of following the 343 %ebp-chain. This can be done if the fp_CF_verif_cache for xip 344 indicate fp unwind is ok. This must be done if the cache indicates 345 there is no info. This is also done to confirm what to put in the cache 346 if xip was not in the cache. */ 347 /* This deals with frames resulting from functions which begin "pushl% 348 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */ 349 if (fp_min <= uregs.xbp && 350 uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/ && 351 VG_IS_4_ALIGNED(uregs.xbp)) 352 { 353 Addr old_xsp; 354 355 /* fp looks sane, so use it. */ 356 uregs.xip = (((UWord*)uregs.xbp)[1]); 357 // We stop if we hit a zero (the traditional end-of-stack 358 // marker) or a one -- these correspond to recorded IPs of 0 or -1. 359 // The latter because r8818 (in this file) changes the meaning of 360 // entries [1] and above in a stack trace, by subtracting 1 from 361 // them. Hence stacks that used to end with a zero value now end in 362 // -1 and so we must detect that too. 363 if (0 == uregs.xip || 1 == uregs.xip) { 364 if (xip_verif > CFUNWIND) { 365 // Check if we obtain the same result with fp unwind. 366 // If same result, then mark xip as fp unwindable 367 if (uregs.xip == fpverif_uregs.xip) { 368 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND; 369 if (debug) VG_(printf)(" cache FPUNWIND 0\n"); 370 unwind_case = "Fw"; 371 if (do_stats) stats.Fw++; 372 break; 373 } else { 374 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND; 375 uregs = fpverif_uregs; 376 if (debug) VG_(printf)(" cache CFUNWIND 0\n"); 377 unwind_case = "Cf"; 378 if (do_stats) stats.Cf++; 379 goto unwind_done; 380 } 381 } else { 382 // end of stack => out of the loop. 383 break; 384 } 385 } 386 387 old_xsp = uregs.xsp; 388 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/ 389 + sizeof(Addr) /*ra*/; 390 uregs.xbp = (((UWord*)uregs.xbp)[0]); 391 if (xip_verif > CFUNWIND) { 392 if (uregs.xip == fpverif_uregs.xip 393 && uregs.xsp == fpverif_uregs.xsp 394 && uregs.xbp == fpverif_uregs.xbp) { 395 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND; 396 if (debug) VG_(printf)(" cache FPUNWIND >2\n"); 397 if (debug) unwind_case = "FO"; 398 if (do_stats) stats.FO++; 399 if (old_xsp >= uregs.xsp) { 400 if (debug) 401 VG_(printf) (" FO end of stack old_xsp %p >= xsp %p\n", 402 (void*)old_xsp, (void*)uregs.xsp); 403 break; 404 } 405 } else { 406 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND; 407 if (debug) VG_(printf)(" cache CFUNWIND >2\n"); 408 if (do_stats && uregs.xip != fpverif_uregs.xip) stats.xi++; 409 if (do_stats && uregs.xsp != fpverif_uregs.xsp) stats.xs++; 410 if (do_stats && uregs.xbp != fpverif_uregs.xbp) stats.xb++; 411 uregs = fpverif_uregs; 412 if (debug) unwind_case = "CF"; 413 if (do_stats) stats.CF++; 414 } 415 } else { 416 if (debug) unwind_case = "FF"; 417 if (do_stats) stats.FF++; 418 if (old_xsp >= uregs.xsp) { 419 if (debug) 420 VG_(printf) (" FF end of stack old_xsp %p >= xsp %p\n", 421 (void*)old_xsp, (void*)uregs.xsp); 422 break; 423 } 424 } 425 goto unwind_done; 426 } else { 427 // fp unwind has failed. 428 // If we were checking the validity of the cfi unwinding, 429 // we mark in the cache that the fp unwind cannot be done, and that 430 // cfi unwind is desired. 431 if (xip_verif > CFUNWIND) { 432 // We know that fpverif_uregs contains valid information, 433 // as a failed cf unwind would have put NOINFO in xip_verif. 434 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND; 435 if (debug) VG_(printf)(" cache CFUNWIND as fp failed\n"); 436 uregs = fpverif_uregs; 437 if (debug) unwind_case = "Ck"; 438 if (do_stats) stats.Ck++; 439 goto unwind_done; 440 } 441 // xip_verif is FPUNWIND or NOINFO. 442 // We failed the cfi unwind and/or the fp unwind. 443 // => fallback to FPO info. 444 } 445 446 /* And, similarly, try for MSVC FPO unwind info. */ 447 if (FPO_info_present 448 && VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp, 449 fp_min, fp_max ) ) { 450 if (debug) unwind_case = "MS"; 451 if (do_stats) stats.MS++; 452 goto unwind_done; 453 } 454 455 /* No luck. We have to give up. */ 456 break; 457 458 unwind_done: 459 /* Add a frame in ips/sps/fps */ 460 /* fp is %ebp. sp is %esp. ip is %eip. */ 461 if (0 == uregs.xip || 1 == uregs.xip) break; 462 if (sps) sps[i] = uregs.xsp; 463 if (fps) fps[i] = uregs.xbp; 464 ips[i++] = uregs.xip - 1; 465 /* -1: refer to calling insn, not the RA */ 466 if (debug) 467 VG_(printf)(" ips%s[%d]=0x%08lx\n", unwind_case, i-1, ips[i-1]); 468 uregs.xip = uregs.xip - 1; 469 /* as per comment at the head of this loop */ 470 RECURSIVE_MERGE(cmrf,ips,i); 471 } 472 473 if (do_stats) stats.nf += i; 474 if (do_stats && stats.nr % 10000 == 0) { 475 VG_(printf)("nr %u nf %u " 476 "Ca %u FF %u " 477 "Cf %u " 478 "Fw %u FO %u " 479 "CF %u (xi %u xs %u xb %u) " 480 "Ck %u MS %u\n", 481 stats.nr, stats.nf, 482 stats.Ca, stats.FF, 483 stats.Cf, 484 stats.Fw, stats.FO, 485 stats.CF, stats.xi, stats.xs, stats.xb, 486 stats.Ck, stats.MS); 487 } 488 n_found = i; 489 return n_found; 490 } 491 492 #undef N_FP_CF_VERIF 493 #undef FPUNWIND 494 #undef NOINFO 495 #undef CFUNWIND 496 497 #endif 498 499 /* ----------------------- amd64 ------------------------ */ 500 501 #if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) \ 502 || defined(VGP_amd64_solaris) 503 504 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 505 /*OUT*/Addr* ips, UInt max_n_ips, 506 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 507 const UnwindStartRegs* startRegs, 508 Addr fp_max_orig ) 509 { 510 const Bool debug = False; 511 Int i; 512 Addr fp_max; 513 UInt n_found = 0; 514 const Int cmrf = VG_(clo_merge_recursive_frames); 515 516 vg_assert(sizeof(Addr) == sizeof(UWord)); 517 vg_assert(sizeof(Addr) == sizeof(void*)); 518 519 D3UnwindRegs uregs; 520 uregs.xip = startRegs->r_pc; 521 uregs.xsp = startRegs->r_sp; 522 uregs.xbp = startRegs->misc.AMD64.r_rbp; 523 Addr fp_min = uregs.xsp - VG_STACK_REDZONE_SZB; 524 525 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 526 stopping when the trail goes cold, which we guess to be 527 when FP is not a reasonable stack location. */ 528 529 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 530 // current page, at least. Dunno if it helps. 531 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 532 fp_max = VG_PGROUNDUP(fp_max_orig); 533 if (fp_max >= sizeof(Addr)) 534 fp_max -= sizeof(Addr); 535 536 if (debug) 537 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, " 538 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 539 max_n_ips, fp_min, fp_max_orig, fp_max, 540 uregs.xip, uregs.xbp); 541 542 /* Assertion broken before main() is reached in pthreaded programs; the 543 * offending stack traces only have one item. --njn, 2002-aug-16 */ 544 /* vg_assert(fp_min <= fp_max);*/ 545 // On Darwin, this kicks in for pthread-related stack traces, so they're 546 // only 1 entry long which is wrong. 547 # if defined(VGO_linux) 548 if (fp_min + 256 >= fp_max) { 549 /* If the stack limits look bogus, don't poke around ... but 550 don't bomb out either. */ 551 # elif defined(VGO_solaris) 552 if (fp_max == 0) { 553 /* VG_(get_StackTrace)() can be called by tools very early when 554 various tracing options are enabled. Don't proceed further 555 if the stack limits look bogus. 556 */ 557 # endif 558 # if defined(VGO_linux) || defined(VGO_solaris) 559 560 if (sps) sps[0] = uregs.xsp; 561 if (fps) fps[0] = uregs.xbp; 562 ips[0] = uregs.xip; 563 return 1; 564 } 565 # endif 566 567 /* fp is %rbp. sp is %rsp. ip is %rip. */ 568 569 ips[0] = uregs.xip; 570 if (sps) sps[0] = uregs.xsp; 571 if (fps) fps[0] = uregs.xbp; 572 i = 1; 573 if (debug) 574 VG_(printf)(" ipsS[%d]=%#08lx rbp %#08lx rsp %#08lx\n", 575 i-1, ips[i-1], uregs.xbp, uregs.xsp); 576 577 # if defined(VGO_darwin) 578 if (VG_(is_valid_tid)(tid_if_known) && 579 VG_(is_in_syscall)(tid_if_known) && 580 i < max_n_ips) { 581 /* On Darwin, all the system call stubs have no function 582 * prolog. So instead of top of the stack being a new 583 * frame comprising a saved BP and a return address, we 584 * just have the return address in the caller's frame. 585 * Adjust for this by recording the return address. 586 */ 587 ips[i] = *(Addr *)uregs.xsp - 1; 588 if (sps) sps[i] = uregs.xsp; 589 if (fps) fps[i] = uregs.xbp; 590 i++; 591 } 592 # endif 593 594 /* Loop unwinding the stack. Note that the IP value we get on 595 * each pass (whether from CFI info or a stack frame) is a 596 * return address so is actually after the calling instruction 597 * in the calling function. 598 * 599 * Because of this we subtract one from the IP after each pass 600 * of the loop so that we find the right CFI block on the next 601 * pass - otherwise we can find the wrong CFI info if it happens 602 * to change after the calling instruction and that will mean 603 * that we will fail to unwind the next step. 604 * 605 * This most frequently happens at the end of a function when 606 * a tail call occurs and we wind up using the CFI info for the 607 * next function which is completely wrong. 608 */ 609 while (True) { 610 Addr old_xsp; 611 612 if (i >= max_n_ips) 613 break; 614 615 old_xsp = uregs.xsp; 616 617 /* Try to derive a new (ip,sp,fp) triple from the current set. */ 618 619 /* First off, see if there is any CFI info to hand which can 620 be used. */ 621 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 622 if (0 == uregs.xip || 1 == uregs.xip) break; 623 if (old_xsp >= uregs.xsp) { 624 if (debug) 625 VG_(printf) (" CF end of stack old_xsp %p >= xsp %p\n", 626 (void*)old_xsp, (void*)uregs.xsp); 627 break; 628 } 629 if (sps) sps[i] = uregs.xsp; 630 if (fps) fps[i] = uregs.xbp; 631 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 632 if (debug) 633 VG_(printf)(" ipsC[%d]=%#08lx rbp %#08lx rsp %#08lx\n", 634 i-1, ips[i-1], uregs.xbp, uregs.xsp); 635 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 636 RECURSIVE_MERGE(cmrf,ips,i); 637 continue; 638 } 639 640 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so 641 we can safely try the old-fashioned method. */ 642 /* This bit is supposed to deal with frames resulting from 643 functions which begin "pushq %rbp ; movq %rsp, %rbp". 644 Unfortunately, since we can't (easily) look at the insns at 645 the start of the fn, like GDB does, there's no reliable way 646 to tell. Hence the hack of first trying out CFI, and if that 647 fails, then use this as a fallback. */ 648 /* Note: re "- 1 * sizeof(UWord)", need to take account of the 649 fact that we are prodding at & ((UWord*)fp)[1] and so need to 650 adjust the limit check accordingly. Omitting this has been 651 observed to cause segfaults on rare occasions. */ 652 if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) { 653 /* fp looks sane, so use it. */ 654 uregs.xip = (((UWord*)uregs.xbp)[1]); 655 if (0 == uregs.xip || 1 == uregs.xip) break; 656 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/ 657 + sizeof(Addr) /*ra*/; 658 if (old_xsp >= uregs.xsp) { 659 if (debug) 660 VG_(printf) (" FF end of stack old_xsp %p >= xsp %p\n", 661 (void*)old_xsp, (void*)uregs.xsp); 662 break; 663 } 664 uregs.xbp = (((UWord*)uregs.xbp)[0]); 665 if (sps) sps[i] = uregs.xsp; 666 if (fps) fps[i] = uregs.xbp; 667 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 668 if (debug) 669 VG_(printf)(" ipsF[%d]=%#08lx rbp %#08lx rsp %#08lx\n", 670 i-1, ips[i-1], uregs.xbp, uregs.xsp); 671 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 672 RECURSIVE_MERGE(cmrf,ips,i); 673 continue; 674 } 675 676 /* Last-ditch hack (evidently GDB does something similar). We 677 are in the middle of nowhere and we have a nonsense value for 678 the frame pointer. If the stack pointer is still valid, 679 assume that what it points at is a return address. Yes, 680 desperate measures. Could do better here: 681 - check that the supposed return address is in 682 an executable page 683 - check that the supposed return address is just after a call insn 684 - given those two checks, don't just consider *sp as the return 685 address; instead scan a likely section of stack (eg sp .. sp+256) 686 and use suitable values found there. 687 */ 688 if (fp_min <= uregs.xsp && uregs.xsp < fp_max) { 689 uregs.xip = ((UWord*)uregs.xsp)[0]; 690 if (0 == uregs.xip || 1 == uregs.xip) break; 691 if (sps) sps[i] = uregs.xsp; 692 if (fps) fps[i] = uregs.xbp; 693 ips[i++] = uregs.xip == 0 694 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a 695 thread stack */ 696 : uregs.xip - 1; 697 /* -1: refer to calling insn, not the RA */ 698 if (debug) 699 VG_(printf)(" ipsH[%d]=%#08lx\n", i-1, ips[i-1]); 700 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 701 uregs.xsp += 8; 702 RECURSIVE_MERGE(cmrf,ips,i); 703 continue; 704 } 705 706 /* No luck at all. We have to give up. */ 707 break; 708 } 709 710 n_found = i; 711 return n_found; 712 } 713 714 #endif 715 716 /* -----------------------ppc32/64 ---------------------- */ 717 718 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \ 719 || defined(VGP_ppc64le_linux) 720 721 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 722 /*OUT*/Addr* ips, UInt max_n_ips, 723 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 724 const UnwindStartRegs* startRegs, 725 Addr fp_max_orig ) 726 { 727 Bool lr_is_first_RA = False; 728 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux) 729 Word redir_stack_size = 0; 730 Word redirs_used = 0; 731 # endif 732 const Int cmrf = VG_(clo_merge_recursive_frames); 733 734 Bool debug = False; 735 Int i; 736 Addr fp_max; 737 UInt n_found = 0; 738 739 vg_assert(sizeof(Addr) == sizeof(UWord)); 740 vg_assert(sizeof(Addr) == sizeof(void*)); 741 742 Addr ip = (Addr)startRegs->r_pc; 743 Addr sp = (Addr)startRegs->r_sp; 744 Addr fp = sp; 745 # if defined(VGP_ppc32_linux) 746 Addr lr = startRegs->misc.PPC32.r_lr; 747 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux) 748 Addr lr = startRegs->misc.PPC64.r_lr; 749 # endif 750 Addr fp_min = sp - VG_STACK_REDZONE_SZB; 751 752 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 753 stopping when the trail goes cold, which we guess to be 754 when FP is not a reasonable stack location. */ 755 756 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 757 // current page, at least. Dunno if it helps. 758 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 759 fp_max = VG_PGROUNDUP(fp_max_orig); 760 if (fp_max >= sizeof(Addr)) 761 fp_max -= sizeof(Addr); 762 763 if (debug) 764 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, " 765 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 766 max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp); 767 768 /* Assertion broken before main() is reached in pthreaded programs; the 769 * offending stack traces only have one item. --njn, 2002-aug-16 */ 770 /* vg_assert(fp_min <= fp_max);*/ 771 if (fp_min + 512 >= fp_max) { 772 /* If the stack limits look bogus, don't poke around ... but 773 don't bomb out either. */ 774 if (sps) sps[0] = sp; 775 if (fps) fps[0] = fp; 776 ips[0] = ip; 777 return 1; 778 } 779 780 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and 781 frame pointers. */ 782 783 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux) 784 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE; 785 redirs_used = 0; 786 # endif 787 788 # if defined(VG_PLAT_USES_PPCTOC) || defined (VGP_ppc64le_linux) 789 /* Deal with bogus LR values caused by function 790 interception/wrapping on ppc-TOC platforms; see comment on 791 similar code a few lines further down. */ 792 if (lr == (Addr)&VG_(ppctoc_magic_redirect_return_stub) 793 && VG_(is_valid_tid)(tid_if_known)) { 794 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP; 795 redirs_used++; 796 if (hsp >= 1 && hsp < redir_stack_size) 797 lr = VG_(threads)[tid_if_known] 798 .arch.vex.guest_REDIR_STACK[hsp-1]; 799 } 800 # endif 801 802 /* We have to determine whether or not LR currently holds this fn 803 (call it F)'s return address. It might not if F has previously 804 called some other function, hence overwriting LR with a pointer 805 to some part of F. Hence if LR and IP point to the same 806 function then we conclude LR does not hold this function's 807 return address; instead the LR at entry must have been saved in 808 the stack by F's prologue and so we must get it from there 809 instead. Note all this guff only applies to the innermost 810 frame. */ 811 lr_is_first_RA = False; 812 { 813 const HChar *buf_lr, *buf_ip; 814 /* The following conditional looks grossly inefficient and 815 surely could be majorly improved, with not much effort. */ 816 if (VG_(get_fnname_raw) (lr, &buf_lr)) { 817 HChar buf_lr_copy[VG_(strlen)(buf_lr) + 1]; 818 VG_(strcpy)(buf_lr_copy, buf_lr); 819 if (VG_(get_fnname_raw) (ip, &buf_ip)) 820 if (VG_(strcmp)(buf_lr_copy, buf_ip)) 821 lr_is_first_RA = True; 822 } 823 } 824 825 if (sps) sps[0] = fp; /* NB. not sp */ 826 if (fps) fps[0] = fp; 827 ips[0] = ip; 828 i = 1; 829 830 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) { 831 832 /* initial FP is sane; keep going */ 833 fp = (((UWord*)fp)[0]); 834 835 while (True) { 836 837 /* On ppc64-linux (ppc64-elf, really), the lr save 838 slot is 2 words back from sp, whereas on ppc32-elf(?) it's 839 only one word back. */ 840 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux) 841 const Int lr_offset = 2; 842 # else 843 const Int lr_offset = 1; 844 # endif 845 846 if (i >= max_n_ips) 847 break; 848 849 /* Try to derive a new (ip,fp) pair from the current set. */ 850 851 if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) { 852 /* fp looks sane, so use it. */ 853 854 if (i == 1 && lr_is_first_RA) 855 ip = lr; 856 else 857 ip = (((UWord*)fp)[lr_offset]); 858 859 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux) 860 /* Nasty hack to do with function replacement/wrapping on 861 ppc64-linux. If LR points to our magic return stub, 862 then we are in a wrapped or intercepted function, in 863 which LR has been messed with. The original LR will 864 have been pushed onto the thread's hidden REDIR stack 865 one down from the top (top element is the saved R2) and 866 so we should restore the value from there instead. 867 Since nested redirections can and do happen, we keep 868 track of the number of nested LRs used by the unwinding 869 so far with 'redirs_used'. */ 870 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub) 871 && VG_(is_valid_tid)(tid_if_known)) { 872 Word hsp = VG_(threads)[tid_if_known] 873 .arch.vex.guest_REDIR_SP; 874 hsp -= 2 * redirs_used; 875 redirs_used ++; 876 if (hsp >= 1 && hsp < redir_stack_size) 877 ip = VG_(threads)[tid_if_known] 878 .arch.vex.guest_REDIR_STACK[hsp-1]; 879 } 880 # endif 881 882 if (0 == ip || 1 == ip) break; 883 if (sps) sps[i] = fp; /* NB. not sp */ 884 if (fps) fps[i] = fp; 885 fp = (((UWord*)fp)[0]); 886 ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */ 887 if (debug) 888 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]); 889 ip = ip - 1; /* ip is probably dead at this point, but 890 play safe, a la x86/amd64 above. See 891 extensive comments above. */ 892 RECURSIVE_MERGE(cmrf,ips,i); 893 continue; 894 } 895 896 /* No luck there. We have to give up. */ 897 break; 898 } 899 } 900 901 n_found = i; 902 return n_found; 903 } 904 905 #endif 906 907 /* ------------------------ arm ------------------------- */ 908 909 #if defined(VGP_arm_linux) 910 911 static Bool in_same_fn ( Addr a1, Addr a2 ) 912 { 913 const HChar *buf_a1, *buf_a2; 914 /* The following conditional looks grossly inefficient and 915 surely could be majorly improved, with not much effort. */ 916 if (VG_(get_fnname_raw) (a1, &buf_a1)) { 917 HChar buf_a1_copy[VG_(strlen)(buf_a1) + 1]; 918 VG_(strcpy)(buf_a1_copy, buf_a1); 919 if (VG_(get_fnname_raw) (a2, &buf_a2)) 920 if (VG_(strcmp)(buf_a1_copy, buf_a2)) 921 return True; 922 } 923 return False; 924 } 925 926 static Bool in_same_page ( Addr a1, Addr a2 ) { 927 return (a1 & ~0xFFF) == (a2 & ~0xFFF); 928 } 929 930 static Addr abs_diff ( Addr a1, Addr a2 ) { 931 return (Addr)(a1 > a2 ? a1 - a2 : a2 - a1); 932 } 933 934 static Bool has_XT_perms ( Addr a ) 935 { 936 NSegment const* seg = VG_(am_find_nsegment)(a); 937 return seg && seg->hasX && seg->hasT; 938 } 939 940 static Bool looks_like_Thumb_call32 ( UShort w0, UShort w1 ) 941 { 942 if (0) 943 VG_(printf)("isT32call %04x %04x\n", (UInt)w0, (UInt)w1); 944 // BL simm26 945 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True; 946 // BLX simm26 947 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True; 948 return False; 949 } 950 951 static Bool looks_like_Thumb_call16 ( UShort w0 ) 952 { 953 return False; 954 } 955 956 static Bool looks_like_ARM_call ( UInt a0 ) 957 { 958 if (0) 959 VG_(printf)("isA32call %08x\n", a0); 960 // Leading E forces unconditional only -- fix 961 if ((a0 & 0xFF000000) == 0xEB000000) return True; 962 return False; 963 } 964 965 static Bool looks_like_RA ( Addr ra ) 966 { 967 /* 'ra' is a plausible return address if it points to 968 an instruction after a call insn. */ 969 Bool isT = (ra & 1); 970 if (isT) { 971 // returning to Thumb code 972 ra &= ~1; 973 ra -= 4; 974 if (has_XT_perms(ra)) { 975 UShort w0 = *(UShort*)ra; 976 UShort w1 = in_same_page(ra, ra+2) ? *(UShort*)(ra+2) : 0; 977 if (looks_like_Thumb_call16(w1) || looks_like_Thumb_call32(w0,w1)) 978 return True; 979 } 980 } else { 981 // ARM 982 ra &= ~3; 983 ra -= 4; 984 if (has_XT_perms(ra)) { 985 UInt a0 = *(UInt*)ra; 986 if (looks_like_ARM_call(a0)) 987 return True; 988 } 989 } 990 return False; 991 } 992 993 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 994 /*OUT*/Addr* ips, UInt max_n_ips, 995 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 996 const UnwindStartRegs* startRegs, 997 Addr fp_max_orig ) 998 { 999 Bool debug = False; 1000 Int i; 1001 Addr fp_max; 1002 UInt n_found = 0; 1003 const Int cmrf = VG_(clo_merge_recursive_frames); 1004 1005 vg_assert(sizeof(Addr) == sizeof(UWord)); 1006 vg_assert(sizeof(Addr) == sizeof(void*)); 1007 1008 D3UnwindRegs uregs; 1009 uregs.r15 = startRegs->r_pc & 0xFFFFFFFE; 1010 uregs.r14 = startRegs->misc.ARM.r14; 1011 uregs.r13 = startRegs->r_sp; 1012 uregs.r12 = startRegs->misc.ARM.r12; 1013 uregs.r11 = startRegs->misc.ARM.r11; 1014 uregs.r7 = startRegs->misc.ARM.r7; 1015 Addr fp_min = uregs.r13 - VG_STACK_REDZONE_SZB; 1016 1017 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 1018 stopping when the trail goes cold, which we guess to be 1019 when FP is not a reasonable stack location. */ 1020 1021 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 1022 // current page, at least. Dunno if it helps. 1023 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 1024 fp_max = VG_PGROUNDUP(fp_max_orig); 1025 if (fp_max >= sizeof(Addr)) 1026 fp_max -= sizeof(Addr); 1027 1028 if (debug) 1029 VG_(printf)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, " 1030 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n", 1031 max_n_ips, fp_min, fp_max_orig, fp_max, 1032 uregs.r15, uregs.r13); 1033 1034 /* Assertion broken before main() is reached in pthreaded programs; the 1035 * offending stack traces only have one item. --njn, 2002-aug-16 */ 1036 /* vg_assert(fp_min <= fp_max);*/ 1037 // On Darwin, this kicks in for pthread-related stack traces, so they're 1038 // only 1 entry long which is wrong. 1039 if (fp_min + 512 >= fp_max) { 1040 /* If the stack limits look bogus, don't poke around ... but 1041 don't bomb out either. */ 1042 if (sps) sps[0] = uregs.r13; 1043 if (fps) fps[0] = 0; 1044 ips[0] = uregs.r15; 1045 return 1; 1046 } 1047 1048 /* */ 1049 1050 if (sps) sps[0] = uregs.r13; 1051 if (fps) fps[0] = 0; 1052 ips[0] = uregs.r15; 1053 i = 1; 1054 1055 /* Loop unwinding the stack. */ 1056 Bool do_stack_scan = False; 1057 1058 /* First try the Official Way, using Dwarf CFI. */ 1059 while (True) { 1060 if (debug) { 1061 VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n", 1062 i, uregs.r15, uregs.r13); 1063 } 1064 1065 if (i >= max_n_ips) 1066 break; 1067 1068 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 1069 if (sps) sps[i] = uregs.r13; 1070 if (fps) fps[i] = 0; 1071 ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1; 1072 if (debug) 1073 VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n", 1074 uregs.r15, uregs.r13); 1075 uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1; 1076 RECURSIVE_MERGE(cmrf,ips,i); 1077 continue; 1078 } 1079 1080 /* No luck. We have to give up. */ 1081 do_stack_scan = True; 1082 break; 1083 } 1084 1085 /* Now try Plan B (maybe) -- stack scanning. This often gives 1086 pretty bad results, so this has to be enabled explicitly by the 1087 user. */ 1088 if (do_stack_scan 1089 && i < max_n_ips && i < (Int)VG_(clo_unw_stack_scan_thresh)) { 1090 Int nByStackScan = 0; 1091 Addr lr = uregs.r14; 1092 Addr sp = uregs.r13 & ~3; 1093 Addr pc = uregs.r15; 1094 // First see if LR contains 1095 // something that could be a valid return address. 1096 if (!in_same_fn(lr, pc) && looks_like_RA(lr)) { 1097 // take it only if 'cand' isn't obviously a duplicate 1098 // of the last found IP value 1099 Addr cand = (lr & 0xFFFFFFFE) - 1; 1100 if (abs_diff(cand, ips[i-1]) > 1) { 1101 if (sps) sps[i] = 0; 1102 if (fps) fps[i] = 0; 1103 ips[i++] = cand; 1104 RECURSIVE_MERGE(cmrf,ips,i); 1105 nByStackScan++; 1106 } 1107 } 1108 while (in_same_page(sp, uregs.r13)) { 1109 if (i >= max_n_ips) 1110 break; 1111 // we're in the same page; fairly safe to keep going 1112 UWord w = *(UWord*)(sp & ~0x3); 1113 if (looks_like_RA(w)) { 1114 Addr cand = (w & 0xFFFFFFFE) - 1; 1115 // take it only if 'cand' isn't obviously a duplicate 1116 // of the last found IP value 1117 if (abs_diff(cand, ips[i-1]) > 1) { 1118 if (sps) sps[i] = 0; 1119 if (fps) fps[i] = 0; 1120 ips[i++] = cand; 1121 RECURSIVE_MERGE(cmrf,ips,i); 1122 if (++nByStackScan >= VG_(clo_unw_stack_scan_frames)) break; 1123 } 1124 } 1125 sp += 4; 1126 } 1127 } 1128 1129 n_found = i; 1130 return n_found; 1131 } 1132 1133 #endif 1134 1135 /* ------------------------ arm64 ------------------------- */ 1136 1137 #if defined(VGP_arm64_linux) 1138 1139 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 1140 /*OUT*/Addr* ips, UInt max_n_ips, 1141 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 1142 const UnwindStartRegs* startRegs, 1143 Addr fp_max_orig ) 1144 { 1145 Bool debug = False; 1146 Int i; 1147 Addr fp_max; 1148 UInt n_found = 0; 1149 const Int cmrf = VG_(clo_merge_recursive_frames); 1150 1151 vg_assert(sizeof(Addr) == sizeof(UWord)); 1152 vg_assert(sizeof(Addr) == sizeof(void*)); 1153 1154 D3UnwindRegs uregs; 1155 uregs.pc = startRegs->r_pc; 1156 uregs.sp = startRegs->r_sp; 1157 uregs.x30 = startRegs->misc.ARM64.x30; 1158 uregs.x29 = startRegs->misc.ARM64.x29; 1159 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB; 1160 1161 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 1162 stopping when the trail goes cold, which we guess to be 1163 when FP is not a reasonable stack location. */ 1164 1165 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 1166 // current page, at least. Dunno if it helps. 1167 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 1168 fp_max = VG_PGROUNDUP(fp_max_orig); 1169 if (fp_max >= sizeof(Addr)) 1170 fp_max -= sizeof(Addr); 1171 1172 if (debug) 1173 VG_(printf)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, " 1174 "fp_max=0x%lx PC=0x%lx SP=0x%lx\n", 1175 max_n_ips, fp_min, fp_max_orig, fp_max, 1176 uregs.pc, uregs.sp); 1177 1178 /* Assertion broken before main() is reached in pthreaded programs; the 1179 * offending stack traces only have one item. --njn, 2002-aug-16 */ 1180 /* vg_assert(fp_min <= fp_max);*/ 1181 // On Darwin, this kicks in for pthread-related stack traces, so they're 1182 // only 1 entry long which is wrong. 1183 if (fp_min + 512 >= fp_max) { 1184 /* If the stack limits look bogus, don't poke around ... but 1185 don't bomb out either. */ 1186 if (sps) sps[0] = uregs.sp; 1187 if (fps) fps[0] = uregs.x29; 1188 ips[0] = uregs.pc; 1189 return 1; 1190 } 1191 1192 /* */ 1193 1194 if (sps) sps[0] = uregs.sp; 1195 if (fps) fps[0] = uregs.x29; 1196 ips[0] = uregs.pc; 1197 i = 1; 1198 1199 /* Loop unwinding the stack, using CFI. */ 1200 while (True) { 1201 if (debug) { 1202 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx\n", 1203 i, uregs.pc, uregs.sp); 1204 } 1205 1206 if (i >= max_n_ips) 1207 break; 1208 1209 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 1210 if (sps) sps[i] = uregs.sp; 1211 if (fps) fps[i] = uregs.x29; 1212 ips[i++] = uregs.pc - 1; 1213 if (debug) 1214 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx\n", 1215 uregs.pc, uregs.sp); 1216 uregs.pc = uregs.pc - 1; 1217 RECURSIVE_MERGE(cmrf,ips,i); 1218 continue; 1219 } 1220 1221 /* No luck. We have to give up. */ 1222 break; 1223 } 1224 1225 n_found = i; 1226 return n_found; 1227 } 1228 1229 #endif 1230 1231 /* ------------------------ s390x ------------------------- */ 1232 1233 #if defined(VGP_s390x_linux) 1234 1235 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 1236 /*OUT*/Addr* ips, UInt max_n_ips, 1237 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 1238 const UnwindStartRegs* startRegs, 1239 Addr fp_max_orig ) 1240 { 1241 Bool debug = False; 1242 Int i; 1243 Addr fp_max; 1244 UInt n_found = 0; 1245 const Int cmrf = VG_(clo_merge_recursive_frames); 1246 1247 vg_assert(sizeof(Addr) == sizeof(UWord)); 1248 vg_assert(sizeof(Addr) == sizeof(void*)); 1249 1250 D3UnwindRegs uregs; 1251 uregs.ia = startRegs->r_pc; 1252 uregs.sp = startRegs->r_sp; 1253 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB; 1254 uregs.fp = startRegs->misc.S390X.r_fp; 1255 uregs.lr = startRegs->misc.S390X.r_lr; 1256 1257 fp_max = VG_PGROUNDUP(fp_max_orig); 1258 if (fp_max >= sizeof(Addr)) 1259 fp_max -= sizeof(Addr); 1260 1261 if (debug) 1262 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, " 1263 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n", 1264 max_n_ips, fp_min, fp_max_orig, fp_max, 1265 uregs.ia, uregs.sp,uregs.fp); 1266 1267 /* The first frame is pretty obvious */ 1268 ips[0] = uregs.ia; 1269 if (sps) sps[0] = uregs.sp; 1270 if (fps) fps[0] = uregs.fp; 1271 i = 1; 1272 1273 /* for everything else we have to rely on the eh_frame. gcc defaults to 1274 not create a backchain and all the other tools (like gdb) also have 1275 to use the CFI. */ 1276 while (True) { 1277 if (i >= max_n_ips) 1278 break; 1279 1280 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 1281 if (sps) sps[i] = uregs.sp; 1282 if (fps) fps[i] = uregs.fp; 1283 ips[i++] = uregs.ia - 1; 1284 uregs.ia = uregs.ia - 1; 1285 RECURSIVE_MERGE(cmrf,ips,i); 1286 continue; 1287 } 1288 /* A problem on the first frame? Lets assume it was a bad jump. 1289 We will use the link register and the current stack and frame 1290 pointers and see if we can use the CFI in the next round. */ 1291 if (i == 1) { 1292 if (sps) { 1293 sps[i] = sps[0]; 1294 uregs.sp = sps[0]; 1295 } 1296 if (fps) { 1297 fps[i] = fps[0]; 1298 uregs.fp = fps[0]; 1299 } 1300 uregs.ia = uregs.lr - 1; 1301 ips[i++] = uregs.lr - 1; 1302 RECURSIVE_MERGE(cmrf,ips,i); 1303 continue; 1304 } 1305 1306 /* No luck. We have to give up. */ 1307 break; 1308 } 1309 1310 n_found = i; 1311 return n_found; 1312 } 1313 1314 #endif 1315 1316 /* ------------------------ mips 32/64 ------------------------- */ 1317 #if defined(VGP_mips32_linux) || defined(VGP_mips64_linux) 1318 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 1319 /*OUT*/Addr* ips, UInt max_n_ips, 1320 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 1321 const UnwindStartRegs* startRegs, 1322 Addr fp_max_orig ) 1323 { 1324 Bool debug = False; 1325 Int i; 1326 Addr fp_max; 1327 UInt n_found = 0; 1328 const Int cmrf = VG_(clo_merge_recursive_frames); 1329 1330 vg_assert(sizeof(Addr) == sizeof(UWord)); 1331 vg_assert(sizeof(Addr) == sizeof(void*)); 1332 1333 D3UnwindRegs uregs; 1334 uregs.pc = startRegs->r_pc; 1335 uregs.sp = startRegs->r_sp; 1336 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB; 1337 1338 #if defined(VGP_mips32_linux) 1339 uregs.fp = startRegs->misc.MIPS32.r30; 1340 uregs.ra = startRegs->misc.MIPS32.r31; 1341 #elif defined(VGP_mips64_linux) 1342 uregs.fp = startRegs->misc.MIPS64.r30; 1343 uregs.ra = startRegs->misc.MIPS64.r31; 1344 #endif 1345 1346 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 1347 stopping when the trail goes cold, which we guess to be 1348 when FP is not a reasonable stack location. */ 1349 1350 fp_max = VG_PGROUNDUP(fp_max_orig); 1351 if (fp_max >= sizeof(Addr)) 1352 fp_max -= sizeof(Addr); 1353 1354 if (debug) 1355 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, " 1356 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n", 1357 max_n_ips, fp_min, fp_max_orig, fp_max, 1358 uregs.pc, uregs.sp, uregs.fp); 1359 1360 if (sps) sps[0] = uregs.sp; 1361 if (fps) fps[0] = uregs.fp; 1362 ips[0] = uregs.pc; 1363 i = 1; 1364 1365 /* Loop unwinding the stack. */ 1366 1367 while (True) { 1368 if (debug) { 1369 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n", 1370 i, uregs.pc, uregs.sp, uregs.ra); 1371 } 1372 if (i >= max_n_ips) 1373 break; 1374 1375 D3UnwindRegs uregs_copy = uregs; 1376 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 1377 if (debug) 1378 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n", 1379 uregs.pc, uregs.sp, uregs.ra); 1380 if (0 != uregs.pc && 1 != uregs.pc) { 1381 if (sps) sps[i] = uregs.sp; 1382 if (fps) fps[i] = uregs.fp; 1383 ips[i++] = uregs.pc - 4; 1384 uregs.pc = uregs.pc - 4; 1385 RECURSIVE_MERGE(cmrf,ips,i); 1386 continue; 1387 } else 1388 uregs = uregs_copy; 1389 } 1390 1391 int seen_sp_adjust = 0; 1392 long frame_offset = 0; 1393 PtrdiffT offset; 1394 if (VG_(get_inst_offset_in_function)(uregs.pc, &offset)) { 1395 Addr start_pc = uregs.pc - offset; 1396 Addr limit_pc = uregs.pc; 1397 Addr cur_pc; 1398 for (cur_pc = start_pc; cur_pc < limit_pc; cur_pc += 4) { 1399 unsigned long inst, high_word, low_word; 1400 unsigned long * cur_inst; 1401 /* Fetch the instruction. */ 1402 cur_inst = (unsigned long *)cur_pc; 1403 inst = *((UInt *) cur_inst); 1404 if(debug) 1405 VG_(printf)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc, inst); 1406 1407 /* Save some code by pre-extracting some useful fields. */ 1408 high_word = (inst >> 16) & 0xffff; 1409 low_word = inst & 0xffff; 1410 1411 if (high_word == 0x27bd /* addiu $sp,$sp,-i */ 1412 || high_word == 0x23bd /* addi $sp,$sp,-i */ 1413 || high_word == 0x67bd) { /* daddiu $sp,$sp,-i */ 1414 if (low_word & 0x8000) /* negative stack adjustment? */ 1415 frame_offset += 0x10000 - low_word; 1416 else 1417 /* Exit loop if a positive stack adjustment is found, which 1418 usually means that the stack cleanup code in the function 1419 epilogue is reached. */ 1420 break; 1421 seen_sp_adjust = 1; 1422 } 1423 } 1424 if(debug) 1425 VG_(printf)("offset: 0x%lx\n", frame_offset); 1426 } 1427 if (seen_sp_adjust) { 1428 if (0 == uregs.pc || 1 == uregs.pc) break; 1429 if (uregs.pc == uregs.ra - 8) break; 1430 if (sps) { 1431 sps[i] = uregs.sp + frame_offset; 1432 } 1433 uregs.sp = uregs.sp + frame_offset; 1434 1435 if (fps) { 1436 fps[i] = fps[0]; 1437 uregs.fp = fps[0]; 1438 } 1439 if (0 == uregs.ra || 1 == uregs.ra) break; 1440 uregs.pc = uregs.ra - 8; 1441 ips[i++] = uregs.ra - 8; 1442 RECURSIVE_MERGE(cmrf,ips,i); 1443 continue; 1444 } 1445 1446 if (i == 1) { 1447 if (sps) { 1448 sps[i] = sps[0]; 1449 uregs.sp = sps[0]; 1450 } 1451 if (fps) { 1452 fps[i] = fps[0]; 1453 uregs.fp = fps[0]; 1454 } 1455 if (0 == uregs.ra || 1 == uregs.ra) break; 1456 uregs.pc = uregs.ra - 8; 1457 ips[i++] = uregs.ra - 8; 1458 RECURSIVE_MERGE(cmrf,ips,i); 1459 continue; 1460 } 1461 /* No luck. We have to give up. */ 1462 break; 1463 } 1464 1465 n_found = i; 1466 return n_found; 1467 } 1468 1469 #endif 1470 1471 /*------------------------------------------------------------*/ 1472 /*--- ---*/ 1473 /*--- END platform-dependent unwinder worker functions ---*/ 1474 /*--- ---*/ 1475 /*------------------------------------------------------------*/ 1476 1477 /*------------------------------------------------------------*/ 1478 /*--- Exported functions. ---*/ 1479 /*------------------------------------------------------------*/ 1480 1481 UInt VG_(get_StackTrace) ( ThreadId tid, 1482 /*OUT*/StackTrace ips, UInt max_n_ips, 1483 /*OUT*/StackTrace sps, 1484 /*OUT*/StackTrace fps, 1485 Word first_ip_delta ) 1486 { 1487 /* Get the register values with which to start the unwind. */ 1488 UnwindStartRegs startRegs; 1489 VG_(memset)( &startRegs, 0, sizeof(startRegs) ); 1490 VG_(get_UnwindStartRegs)( &startRegs, tid ); 1491 1492 Addr stack_highest_byte = VG_(threads)[tid].client_stack_highest_byte; 1493 Addr stack_lowest_byte = 0; 1494 1495 # if defined(VGP_x86_linux) 1496 /* Nasty little hack to deal with syscalls - if libc is using its 1497 _dl_sysinfo_int80 function for syscalls (the TLS version does), 1498 then ip will always appear to be in that function when doing a 1499 syscall, not the actual libc function doing the syscall. This 1500 check sees if IP is within that function, and pops the return 1501 address off the stack so that ip is placed within the library 1502 function calling the syscall. This makes stack backtraces much 1503 more useful. 1504 1505 The function is assumed to look like this (from glibc-2.3.6 sources): 1506 _dl_sysinfo_int80: 1507 int $0x80 1508 ret 1509 That is 3 (2+1) bytes long. We could be more thorough and check 1510 the 3 bytes of the function are as expected, but I can't be 1511 bothered. 1512 */ 1513 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */ 1514 && startRegs.r_pc >= VG_(client__dl_sysinfo_int80) 1515 && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3 1516 && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr), 1517 VKI_PROT_READ)) { 1518 startRegs.r_pc = (ULong) *(Addr*)(UWord)startRegs.r_sp; 1519 startRegs.r_sp += (ULong) sizeof(Addr); 1520 } 1521 # endif 1522 1523 /* See if we can get a better idea of the stack limits */ 1524 VG_(stack_limits)( (Addr)startRegs.r_sp, 1525 &stack_lowest_byte, &stack_highest_byte ); 1526 1527 /* Take into account the first_ip_delta. */ 1528 startRegs.r_pc += (Long)(Word)first_ip_delta; 1529 1530 if (0) 1531 VG_(printf)("tid %u: stack_highest=0x%08lx ip=0x%010llx " 1532 "sp=0x%010llx\n", 1533 tid, stack_highest_byte, 1534 startRegs.r_pc, startRegs.r_sp); 1535 1536 return VG_(get_StackTrace_wrk)(tid, ips, max_n_ips, 1537 sps, fps, 1538 &startRegs, 1539 stack_highest_byte); 1540 } 1541 1542 static void printIpDesc(UInt n, Addr ip, void* uu_opaque) 1543 { 1544 InlIPCursor *iipc = VG_(new_IIPC)(ip); 1545 1546 do { 1547 const HChar *buf = VG_(describe_IP)(ip, iipc); 1548 if (VG_(clo_xml)) { 1549 VG_(printf_xml)(" %s\n", buf); 1550 } else { 1551 VG_(message)(Vg_UserMsg, " %s %s\n", 1552 ( n == 0 ? "at" : "by" ), buf); 1553 } 1554 n++; 1555 // Increase n to show "at" for only one level. 1556 } while (VG_(next_IIPC)(iipc)); 1557 VG_(delete_IIPC)(iipc); 1558 } 1559 1560 /* Print a StackTrace. */ 1561 void VG_(pp_StackTrace) ( StackTrace ips, UInt n_ips ) 1562 { 1563 vg_assert( n_ips > 0 ); 1564 1565 if (VG_(clo_xml)) 1566 VG_(printf_xml)(" <stack>\n"); 1567 1568 VG_(apply_StackTrace)( printIpDesc, NULL, ips, n_ips ); 1569 1570 if (VG_(clo_xml)) 1571 VG_(printf_xml)(" </stack>\n"); 1572 } 1573 1574 /* Get and immediately print a StackTrace. */ 1575 void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips ) 1576 { 1577 Addr ips[max_n_ips]; 1578 UInt n_ips 1579 = VG_(get_StackTrace)(tid, ips, max_n_ips, 1580 NULL/*array to dump SP values in*/, 1581 NULL/*array to dump FP values in*/, 1582 0/*first_ip_delta*/); 1583 VG_(pp_StackTrace)(ips, n_ips); 1584 } 1585 1586 void VG_(apply_StackTrace)( 1587 void(*action)(UInt n, Addr ip, void* opaque), 1588 void* opaque, 1589 StackTrace ips, UInt n_ips 1590 ) 1591 { 1592 Int i; 1593 1594 vg_assert(n_ips > 0); 1595 if ( ! VG_(clo_show_below_main) ) { 1596 // Search (from the outer frame onwards) the appearance of "main" 1597 // or the last appearance of a below main function. 1598 // Then decrease n_ips so as to not call action for the below main 1599 for (i = n_ips - 1; i >= 0; i--) { 1600 Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ips[i]); 1601 if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind) 1602 n_ips = i + 1; 1603 if (Vg_FnNameMain == kind) 1604 break; 1605 } 1606 } 1607 1608 for (i = 0; i < n_ips; i++) 1609 // Act on the ip 1610 action(i, ips[i], opaque); 1611 } 1612 1613 1614 /*--------------------------------------------------------------------*/ 1615 /*--- end ---*/ 1616 /*--------------------------------------------------------------------*/ 1617
