1501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown/* 2501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * Copyright (C) 2011 The Android Open Source Project 3501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * 4501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * Licensed under the Apache License, Version 2.0 (the "License"); 5501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * you may not use this file except in compliance with the License. 6501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * You may obtain a copy of the License at 7501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * 8501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * http://www.apache.org/licenses/LICENSE-2.0 9501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * 10501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * Unless required by applicable law or agreed to in writing, software 11501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * distributed under the License is distributed on an "AS IS" BASIS, 12501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * See the License for the specific language governing permissions and 14501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * limitations under the License. 15501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown */ 16501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 17501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown/* 18501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * Backtracing functions for ARM. 19501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * 20501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * This implementation uses the exception unwinding tables provided by 21501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * the compiler to unwind call frames. Refer to the ARM Exception Handling ABI 22501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * documentation (EHABI) for more details about what's going on here. 23501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * 24501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * An ELF binary may contain an EXIDX section that provides an index to 25501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * the exception handling table of each function, sorted by program 26501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * counter address. 27501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * 28501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * This implementation also supports unwinding other processes via ptrace(). 29501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * In that case, the EXIDX section is found by reading the ELF section table 30501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * structures using ptrace(). 31501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * 32501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * Because the tables are used for exception handling, it can happen that 33501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * a given function will not have an exception handling table. In particular, 349524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * exceptions are assumed to only ever be thrown at call sites. Therefore, 35501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * by definition leaf functions will not have exception handling tables. 36501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * This may make unwinding impossible in some cases although we can still get 37501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * some idea of the call stack by examining the PC and LR registers. 38501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * 39501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * As we are only interested in backtrace information, we do not need 40501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * to perform all of the work of unwinding such as restoring register 41501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * state and running cleanup functions. Unwinding is performed virtually on 42501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * an abstract machine context consisting of just the ARM core registers. 43501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * Furthermore, we do not run generic "personality functions" because 44501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * we may not be in a position to execute arbitrary code, especially if 45501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * we are running in a signal handler or using ptrace()! 46501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown */ 47501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 48501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#define LOG_TAG "Corkscrew" 49501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown//#define LOG_NDEBUG 0 50501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 51501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include "../backtrace-arch.h" 52501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include "../backtrace-helper.h" 53501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include "../ptrace-arch.h" 54501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include <corkscrew/ptrace.h> 55501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 56501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include <stdlib.h> 57501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include <signal.h> 58501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include <stdbool.h> 59501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include <limits.h> 60501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include <errno.h> 61501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include <sys/ptrace.h> 62501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include <sys/exec_elf.h> 63501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown#include <cutils/log.h> 64501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 65b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner#if !defined(__BIONIC_HAVE_UCONTEXT_T) 66b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner/* Old versions of the Android <signal.h> didn't define ucontext_t. */ 67b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner#include <asm/sigcontext.h> /* Ensure 'struct sigcontext' is defined. */ 68b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner 69501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown/* Machine context at the time a signal was raised. */ 70501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Browntypedef struct ucontext { 71501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t uc_flags; 72501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown struct ucontext* uc_link; 73501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown stack_t uc_stack; 74b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner struct sigcontext uc_mcontext; 75501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t uc_sigmask; 76501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} ucontext_t; 77b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner#endif /* !__BIONIC_HAVE_UCONTEXT_T */ 78501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 79501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown/* Unwind state. */ 80501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Browntypedef struct { 81501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t gregs[16]; 82501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} unwind_state_t; 83501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 84501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brownstatic const int R_SP = 13; 85501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brownstatic const int R_LR = 14; 86501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brownstatic const int R_PC = 15; 87501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 88501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown/* Special EXIDX value that indicates that a frame cannot be unwound. */ 89501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brownstatic const uint32_t EXIDX_CANTUNWIND = 1; 90501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 919524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown/* Get the EXIDX section start and size for the module that contains a 929524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * given program counter address. 939524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * 949524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * When the executable is statically linked, the EXIDX section can be 959524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * accessed by querying the values of the __exidx_start and __exidx_end 969524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * symbols. 979524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * 989524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * When the executable is dynamically linked, the linker exports a function 999524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * called dl_unwind_find_exidx that obtains the EXIDX section for a given 1009524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * absolute program counter address. 1019524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * 1029524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * Bionic exports a helpful function called __gnu_Unwind_Find_exidx that 1039524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown * handles both cases, so we use that here. 1049524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown */ 1059524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Browntypedef long unsigned int* _Unwind_Ptr; 1069524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brownextern _Unwind_Ptr __gnu_Unwind_Find_exidx(_Unwind_Ptr pc, int *pcount); 1079524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown 1089524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brownstatic uintptr_t find_exidx(uintptr_t pc, size_t* out_exidx_size) { 1099524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown int count; 1109524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown uintptr_t start = (uintptr_t)__gnu_Unwind_Find_exidx((_Unwind_Ptr)pc, &count); 1119524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown *out_exidx_size = count; 1129524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown return start; 1139524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown} 114501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 115501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown/* Transforms a 31-bit place-relative offset to an absolute address. 116501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * We assume the most significant bit is clear. */ 117501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brownstatic uintptr_t prel_to_absolute(uintptr_t place, uint32_t prel_offset) { 118501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return place + (((int32_t)(prel_offset << 1)) >> 1); 119501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} 120501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 121f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brownstatic uintptr_t get_exception_handler(const memory_t* memory, 122f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown const map_info_t* map_info_list, uintptr_t pc) { 123f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!pc) { 124f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown ALOGV("get_exception_handler: pc is zero, no handler"); 125f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown return 0; 126f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown } 127f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown 128501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uintptr_t exidx_start; 129501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown size_t exidx_size; 130bd57bd00b2172af9f315f2d3d62d68ca369e3666Jeff Brown const map_info_t* mi; 131f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (memory->tid < 0) { 132bd57bd00b2172af9f315f2d3d62d68ca369e3666Jeff Brown mi = NULL; 1339524e4158fbb988b6a5e4f5be68ee10b7e4dd6d8Jeff Brown exidx_start = find_exidx(pc, &exidx_size); 134501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else { 135f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown mi = find_map_info(map_info_list, pc); 136501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (mi && mi->data) { 137501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown const map_info_data_t* data = (const map_info_data_t*)mi->data; 138501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown exidx_start = data->exidx_start; 139f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown exidx_size = data->exidx_size; 140501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else { 141501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown exidx_start = 0; 142501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown exidx_size = 0; 143501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 144501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 145501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 146bd57bd00b2172af9f315f2d3d62d68ca369e3666Jeff Brown uintptr_t handler = 0; 14719b39f371be5250e7b9e88016be1e5e665367b3fJeff Brown int32_t handler_index = -1; 148501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (exidx_start) { 149501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t low = 0; 150501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t high = exidx_size; 151501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown while (low < high) { 152501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t index = (low + high) / 2; 153501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uintptr_t entry = exidx_start + index * 8; 154501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t entry_prel_pc; 15519b39f371be5250e7b9e88016be1e5e665367b3fJeff Brown ALOGV("XXX low=%u, high=%u, index=%u", low, high, index); 156f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_get_word(memory, entry, &entry_prel_pc)) { 157501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 158501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 159501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uintptr_t entry_pc = prel_to_absolute(entry, entry_prel_pc); 16019b39f371be5250e7b9e88016be1e5e665367b3fJeff Brown ALOGV("XXX entry_pc=0x%08x", entry_pc); 161501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (pc < entry_pc) { 162501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown high = index; 163501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown continue; 164501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 165501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (index + 1 < exidx_size) { 166501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uintptr_t next_entry = entry + 8; 167501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t next_entry_prel_pc; 168f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_get_word(memory, next_entry, &next_entry_prel_pc)) { 169501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 170501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 171501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uintptr_t next_entry_pc = prel_to_absolute(next_entry, next_entry_prel_pc); 17219b39f371be5250e7b9e88016be1e5e665367b3fJeff Brown ALOGV("XXX next_entry_pc=0x%08x", next_entry_pc); 173501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (pc >= next_entry_pc) { 174501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown low = index + 1; 175501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown continue; 176501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 177501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 178501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 179501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uintptr_t entry_handler_ptr = entry + 4; 180501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t entry_handler; 181f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_get_word(memory, entry_handler_ptr, &entry_handler)) { 182501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 183501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 184501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (entry_handler & (1L << 31)) { 185501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown handler = entry_handler_ptr; // in-place handler data 186501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if (entry_handler != EXIDX_CANTUNWIND) { 187501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown handler = prel_to_absolute(entry_handler_ptr, entry_handler); 188501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 18919b39f371be5250e7b9e88016be1e5e665367b3fJeff Brown handler_index = index; 190501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 191501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 192501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 193f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (mi) { 194f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown ALOGV("get_exception_handler: pc=0x%08x, module='%s', module_start=0x%08x, " 19519b39f371be5250e7b9e88016be1e5e665367b3fJeff Brown "exidx_start=0x%08x, exidx_size=%d, handler=0x%08x, handler_index=%d", 19619b39f371be5250e7b9e88016be1e5e665367b3fJeff Brown pc, mi->name, mi->start, exidx_start, exidx_size, handler, handler_index); 197f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown } else { 198f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown ALOGV("get_exception_handler: pc=0x%08x, " 19919b39f371be5250e7b9e88016be1e5e665367b3fJeff Brown "exidx_start=0x%08x, exidx_size=%d, handler=0x%08x, handler_index=%d", 20019b39f371be5250e7b9e88016be1e5e665367b3fJeff Brown pc, exidx_start, exidx_size, handler, handler_index); 201f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown } 202501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return handler; 203501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} 204501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 205501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Browntypedef struct { 206501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uintptr_t ptr; 207501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t word; 208501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} byte_stream_t; 209501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 210f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brownstatic bool try_next_byte(const memory_t* memory, byte_stream_t* stream, uint8_t* out_value) { 211501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t result; 212501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown switch (stream->ptr & 3) { 213501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown case 0: 214f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_get_word(memory, stream->ptr, &stream->word)) { 215501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown *out_value = 0; 216501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 217501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 218501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown *out_value = stream->word >> 24; 219501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 220501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 221501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown case 1: 222501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown *out_value = stream->word >> 16; 223501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 224501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 225501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown case 2: 226501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown *out_value = stream->word >> 8; 227501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 228501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 229501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown default: 230501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown *out_value = stream->word; 231501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 232501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 233501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 23469f4cd7f5add7a7c7f5915e5292aab7eb2a42e9fSteve Block ALOGV("next_byte: ptr=0x%08x, value=0x%02x", stream->ptr, *out_value); 235501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown stream->ptr += 1; 236501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return true; 237501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} 238501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 239501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brownstatic void set_reg(unwind_state_t* state, uint32_t reg, uint32_t value) { 24069f4cd7f5add7a7c7f5915e5292aab7eb2a42e9fSteve Block ALOGV("set_reg: reg=%d, value=0x%08x", reg, value); 241501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown state->gregs[reg] = value; 242501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} 243501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 244f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brownstatic bool try_pop_registers(const memory_t* memory, unwind_state_t* state, uint32_t mask) { 245501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t sp = state->gregs[R_SP]; 246501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown bool sp_updated = false; 247501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown for (int i = 0; i < 16; i++) { 248501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (mask & (1 << i)) { 249501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t value; 250f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_get_word(memory, sp, &value)) { 251501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 252501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 253501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (i == R_SP) { 254501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown sp_updated = true; 255501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 256501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, i, value); 257501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown sp += 4; 258501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 259501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 260501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (!sp_updated) { 261501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, sp); 262501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 263501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return true; 264501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} 265501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 266501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown/* Executes a built-in personality routine as defined in the EHABI. 267501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * Returns true if unwinding should continue. 268501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * 269501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * The data for the built-in personality routines consists of a sequence 270501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * of unwinding instructions, followed by a sequence of scope descriptors, 271501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * each of which has a length and offset encoded using 16-bit or 32-bit 272501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * values. 273501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * 274501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * We only care about the unwinding instructions. They specify the 275501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * operations of an abstract machine whose purpose is to transform the 276501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * virtual register state (including the stack pointer) such that 277501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown * the call frame is unwound and the PC register points to the call site. 278501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown */ 279f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brownstatic bool execute_personality_routine(const memory_t* memory, 280f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown unwind_state_t* state, byte_stream_t* stream, int pr_index) { 281501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown size_t size; 282501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown switch (pr_index) { 283501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown case 0: // Personality routine #0, short frame, descriptors have 16-bit scope. 284501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown size = 3; 285501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 286501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown case 1: // Personality routine #1, long frame, descriptors have 16-bit scope. 287501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown case 2: { // Personality routine #2, long frame, descriptors have 32-bit scope. 288501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t size_byte; 289f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_next_byte(memory, stream, &size_byte)) { 290501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 291501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 292501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown size = (uint32_t)size_byte * sizeof(uint32_t) + 2; 293501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 294501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 295501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown default: // Unknown personality routine. Stop here. 296501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 297501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 298501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 299501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown bool pc_was_set = false; 300501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown while (size--) { 301501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t op; 302f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_next_byte(memory, stream, &op)) { 303501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 304501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 305501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if ((op & 0xc0) == 0x00) { 306501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "vsp = vsp + (xxxxxx << 2) + 4" 307501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[R_SP] + ((op & 0x3f) << 2) + 4); 308501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if ((op & 0xc0) == 0x40) { 309501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "vsp = vsp - (xxxxxx << 2) - 4" 310501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[R_SP] - ((op & 0x3f) << 2) - 4); 311501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if ((op & 0xf0) == 0x80) { 312501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t op2; 313f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!(size--) || !try_next_byte(memory, stream, &op2)) { 314501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 315501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 316501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t mask = (((uint32_t)op & 0x0f) << 12) | ((uint32_t)op2 << 4); 317501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (mask) { 318501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Pop up to 12 integer registers under masks {r15-r12}, {r11-r4}" 319f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_pop_registers(memory, state, mask)) { 320501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 321501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 322501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (mask & (1 << R_PC)) { 323501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown pc_was_set = true; 324501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 325501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else { 326501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Refuse to unwind" 327501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 328501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 329501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if ((op & 0xf0) == 0x90) { 330501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (op != 0x9d && op != 0x9f) { 331501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Set vsp = r[nnnn]" 332501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[op & 0x0f]); 333501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else { 334501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Reserved as prefix for ARM register to register moves" 335501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Reserved as prefix for Intel Wireless MMX register to register moves" 336501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 337501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 338501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if ((op & 0xf8) == 0xa0) { 339501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Pop r4-r[4+nnn]" 340501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t mask = (0x0ff0 >> (7 - (op & 0x07))) & 0x0ff0; 341f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_pop_registers(memory, state, mask)) { 342501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 343501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 344501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if ((op & 0xf8) == 0xa8) { 345501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Pop r4-r[4+nnn], r14" 346501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t mask = ((0x0ff0 >> (7 - (op & 0x07))) & 0x0ff0) | 0x4000; 347f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_pop_registers(memory, state, mask)) { 348501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 349501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 350501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if (op == 0xb0) { 351501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Finish" 352501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 353501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if (op == 0xb1) { 354501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t op2; 355f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!(size--) || !try_next_byte(memory, stream, &op2)) { 356501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 357501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 358501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (op2 != 0x00 && (op2 & 0xf0) == 0x00) { 359501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Pop integer registers under mask {r3, r2, r1, r0}" 360f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_pop_registers(memory, state, op2)) { 361501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 362501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 363501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else { 364501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Spare" 365501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 366501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 367501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if (op == 0xb2) { 368501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "vsp = vsp + 0x204 + (uleb128 << 2)" 369501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t value = 0; 370501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint32_t shift = 0; 371501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t op2; 372501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown do { 373f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!(size--) || !try_next_byte(memory, stream, &op2)) { 374501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 375501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 376501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown value |= (op2 & 0x7f) << shift; 377501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown shift += 7; 378501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } while (op2 & 0x80); 379501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[R_SP] + (value << 2) + 0x204); 380501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if (op == 0xb3) { 381501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Pop VFP double-precision registers D[ssss]-D[ssss+cccc] saved (as if) by FSTMFDX" 382501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t op2; 383f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!(size--) || !try_next_byte(memory, stream, &op2)) { 384501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 385501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 386501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[R_SP] + (uint32_t)(op2 & 0x0f) * 8 + 12); 387501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if ((op & 0xf8) == 0xb8) { 388501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Pop VFP double-precision registers D[8]-D[8+nnn] saved (as if) by FSTMFDX" 389501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[R_SP] + (uint32_t)(op & 0x07) * 8 + 12); 390501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if ((op & 0xf8) == 0xc0) { 391501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Intel Wireless MMX pop wR[10]-wR[10+nnn]" 392501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[R_SP] + (uint32_t)(op & 0x07) * 8 + 8); 393501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if (op == 0xc6) { 394501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Intel Wireless MMX pop wR[ssss]-wR[ssss+cccc]" 395501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t op2; 396f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!(size--) || !try_next_byte(memory, stream, &op2)) { 397501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 398501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 399501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[R_SP] + (uint32_t)(op2 & 0x0f) * 8 + 8); 400501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if (op == 0xc7) { 401501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t op2; 402f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!(size--) || !try_next_byte(memory, stream, &op2)) { 403501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 404501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 405501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (op2 != 0x00 && (op2 & 0xf0) == 0x00) { 406501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Intel Wireless MMX pop wCGR registers under mask {wCGR3,2,1,0}" 407501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[R_SP] + __builtin_popcount(op2) * 4); 408501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else { 409501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Spare" 410501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 411501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 412501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if (op == 0xc8) { 413501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Pop VFP double precision registers D[16+ssss]-D[16+ssss+cccc] 414501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // saved (as if) by FSTMFD" 415501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t op2; 416f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!(size--) || !try_next_byte(memory, stream, &op2)) { 417501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 418501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 419501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[R_SP] + (uint32_t)(op2 & 0x0f) * 8 + 8); 420501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if (op == 0xc9) { 421501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Pop VFP double precision registers D[ssss]-D[ssss+cccc] saved (as if) by FSTMFDD" 422501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t op2; 423f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!(size--) || !try_next_byte(memory, stream, &op2)) { 424501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 425501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 426501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[R_SP] + (uint32_t)(op2 & 0x0f) * 8 + 8); 427501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else if ((op == 0xf8) == 0xd0) { 428501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Pop VFP double-precision registers D[8]-D[8+nnn] saved (as if) by FSTMFDD" 429501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_SP, state->gregs[R_SP] + (uint32_t)(op & 0x07) * 8 + 8); 430501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } else { 431501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // "Spare" 432501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return false; 433501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 434501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 435501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (!pc_was_set) { 436501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown set_reg(state, R_PC, state->gregs[R_LR]); 437501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 438501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return true; 439501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} 440501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 441f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brownstatic bool try_get_half_word(const memory_t* memory, uint32_t pc, uint16_t* out_value) { 442f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown uint32_t word; 443f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (try_get_word(memory, pc & ~2, &word)) { 444f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown *out_value = pc & 2 ? word >> 16 : word & 0xffff; 445f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown return true; 446f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown } 447f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown return false; 448f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown} 449f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown 450f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brownuintptr_t rewind_pc_arch(const memory_t* memory, uintptr_t pc) { 451f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (pc & 1) { 452f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown /* Thumb mode - need to check whether the bl(x) has long offset or not. 453f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * Examples: 454f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 455f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * arm blx in the middle of thumb: 456f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 187ae: 2300 movs r3, #0 457f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 187b0: f7fe ee1c blx 173ec 458f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 187b4: 2c00 cmp r4, #0 459f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 460f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * arm bl in the middle of thumb: 461f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 187d8: 1c20 adds r0, r4, #0 462f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 187da: f136 fd15 bl 14f208 463f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 187de: 2800 cmp r0, #0 464f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 465f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * pure thumb: 466f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 18894: 189b adds r3, r3, r2 467f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 18896: 4798 blx r3 468f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown * 18898: b001 add sp, #4 469f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown */ 470f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown uint16_t prev1, prev2; 47119b39f371be5250e7b9e88016be1e5e665367b3fJeff Brown if (try_get_half_word(memory, pc - 5, &prev1) 472f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown && ((prev1 & 0xf000) == 0xf000) 47319b39f371be5250e7b9e88016be1e5e665367b3fJeff Brown && try_get_half_word(memory, pc - 3, &prev2) 474f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown && ((prev2 & 0xe000) == 0xe000)) { 475f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown pc -= 4; // long offset 476f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown } else { 477f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown pc -= 2; 478f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown } 479f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown } else { 480f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown /* ARM mode, all instructions are 32bit. Yay! */ 481f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown pc -= 4; 482f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown } 483f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown return pc; 484f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown} 485f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown 486f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brownstatic ssize_t unwind_backtrace_common(const memory_t* memory, 487f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown const map_info_t* map_info_list, 488501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown unwind_state_t* state, backtrace_frame_t* backtrace, 489501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown size_t ignore_depth, size_t max_depth) { 490501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown size_t ignored_frames = 0; 491501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown size_t returned_frames = 0; 492501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 493f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown for (size_t index = 0; returned_frames < max_depth; index++) { 494f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown uintptr_t pc = index ? rewind_pc_arch(memory, state->gregs[R_PC]) 495f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown : state->gregs[R_PC]; 496f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown backtrace_frame_t* frame = add_backtrace_entry(pc, 497f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown backtrace, ignore_depth, max_depth, &ignored_frames, &returned_frames); 498501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (frame) { 499501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown frame->stack_top = state->gregs[R_SP]; 500501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 501501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 502f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown uintptr_t handler = get_exception_handler(memory, map_info_list, pc); 503501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (!handler) { 504f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown // If there is no handler for the PC and this is the first frame, 505f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown // then the program may have branched to an invalid address. 506f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown // Try starting from the LR instead, otherwise stop unwinding. 507f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (index == 0 && state->gregs[R_LR] 508f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown && state->gregs[R_LR] != state->gregs[R_PC]) { 509f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown set_reg(state, R_PC, state->gregs[R_LR]); 510f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown continue; 511f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown } else { 512f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown break; 513501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 514501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 515501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 516501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown byte_stream_t stream; 517501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown stream.ptr = handler; 518501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown uint8_t pr; 519f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!try_next_byte(memory, &stream, &pr)) { 520501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 521501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 522501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if ((pr & 0xf0) != 0x80) { 523501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // The first word is a place-relative pointer to a generic personality 524501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // routine function. We don't support invoking such functions, so stop here. 525501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 526501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 527501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 528501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // The first byte indicates the personality routine to execute. 529501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown // Following bytes provide instructions to the personality routine. 530f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!execute_personality_routine(memory, state, &stream, pr & 0x0f)) { 531501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown break; 532501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 533501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (frame && state->gregs[R_SP] > frame->stack_top) { 534501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown frame->stack_size = state->gregs[R_SP] - frame->stack_top; 535501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 536f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (!state->gregs[R_PC]) { 537f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown break; 538f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown } 539f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown } 540501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 541f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown // Ran out of frames that we could unwind using handlers. 542f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown // Add a final entry for the LR if it looks sane and call it good. 543f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown if (returned_frames < max_depth 544f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown && state->gregs[R_LR] 545f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown && state->gregs[R_LR] != state->gregs[R_PC] 546f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown && is_executable_map(map_info_list, state->gregs[R_LR])) { 547f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown // We don't know where the stack for this extra frame starts so we 548f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown // don't return any stack information for it. 549f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown add_backtrace_entry(rewind_pc_arch(memory, state->gregs[R_LR]), 550f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown backtrace, ignore_depth, max_depth, &ignored_frames, &returned_frames); 551501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 552501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return returned_frames; 553501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} 554501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 555501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brownssize_t unwind_backtrace_signal_arch(siginfo_t* siginfo, void* sigcontext, 556f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown const map_info_t* map_info_list, 557501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown backtrace_frame_t* backtrace, size_t ignore_depth, size_t max_depth) { 558501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown const ucontext_t* uc = (const ucontext_t*)sigcontext; 559501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 560501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown unwind_state_t state; 561b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner 562b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[0] = uc->uc_mcontext.arm_r0; 563b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[1] = uc->uc_mcontext.arm_r1; 564b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[2] = uc->uc_mcontext.arm_r2; 565b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[3] = uc->uc_mcontext.arm_r3; 566b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[4] = uc->uc_mcontext.arm_r4; 567b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[5] = uc->uc_mcontext.arm_r5; 568b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[6] = uc->uc_mcontext.arm_r6; 569b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[7] = uc->uc_mcontext.arm_r7; 570b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[8] = uc->uc_mcontext.arm_r8; 571b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[9] = uc->uc_mcontext.arm_r9; 572b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[10] = uc->uc_mcontext.arm_r10; 573b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[11] = uc->uc_mcontext.arm_fp; 574b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[12] = uc->uc_mcontext.arm_ip; 575b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[13] = uc->uc_mcontext.arm_sp; 576b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[14] = uc->uc_mcontext.arm_lr; 577b4ef91b97513434a13d6d84a810512315ecf4768David 'Digit' Turner state.gregs[15] = uc->uc_mcontext.arm_pc; 578501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 579f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown memory_t memory; 580f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown init_memory(&memory, map_info_list); 581f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown return unwind_backtrace_common(&memory, map_info_list, &state, 582f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown backtrace, ignore_depth, max_depth); 583501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} 584501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 585501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brownssize_t unwind_backtrace_ptrace_arch(pid_t tid, const ptrace_context_t* context, 586501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown backtrace_frame_t* backtrace, size_t ignore_depth, size_t max_depth) { 587501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown struct pt_regs regs; 588501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown if (ptrace(PTRACE_GETREGS, tid, 0, ®s)) { 589501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown return -1; 590501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 591501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 592501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown unwind_state_t state; 593501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown for (int i = 0; i < 16; i++) { 594501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown state.gregs[i] = regs.uregs[i]; 595501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown } 596501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown 597f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown memory_t memory; 598f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown init_memory_ptrace(&memory, tid); 599f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown return unwind_backtrace_common(&memory, context->map_info_list, &state, 600f0c5872637a63e28e3cd314cfc915c07f76df9c6Jeff Brown backtrace, ignore_depth, max_depth); 601501edd29b823ce1301d2effdd3a9e4b6e2b20b76Jeff Brown} 602