trace.c revision d4a5447503b7bddfb6d7667747ee1eedd20ae491
1/* 2 * This file is part of ltrace. 3 * Copyright (C) 2012, 2013 Petr Machata, Red Hat Inc. 4 * Copyright (C) 1998,2004,2008,2009 Juan Cespedes 5 * Copyright (C) 2006 Ian Wienand 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation; either version 2 of the 10 * License, or (at your option) any later version. 11 * 12 * This program is distributed in the hope that it will be useful, but 13 * WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 20 * 02110-1301 USA 21 */ 22 23#include "config.h" 24 25#include <string.h> 26#include <sys/types.h> 27#include <sys/wait.h> 28#include <signal.h> 29#include <sys/ptrace.h> 30#include <asm/ptrace.h> 31 32#include "bits.h" 33#include "common.h" 34#include "proc.h" 35#include "output.h" 36#include "ptrace.h" 37#include "regs.h" 38 39#if (!defined(PTRACE_PEEKUSER) && defined(PTRACE_PEEKUSR)) 40# define PTRACE_PEEKUSER PTRACE_PEEKUSR 41#endif 42 43#if (!defined(PTRACE_POKEUSER) && defined(PTRACE_POKEUSR)) 44# define PTRACE_POKEUSER PTRACE_POKEUSR 45#endif 46 47#define off_r0 ((void *)0) 48#define off_r7 ((void *)28) 49#define off_ip ((void *)48) 50#define off_pc ((void *)60) 51#define off_cpsr ((void *)64) 52 53void 54get_arch_dep(struct process *proc) 55{ 56 proc_archdep *a; 57 58 if (!proc->arch_ptr) 59 proc->arch_ptr = (void *)malloc(sizeof(proc_archdep)); 60 a = (proc_archdep *) (proc->arch_ptr); 61 a->valid = (ptrace(PTRACE_GETREGS, proc->pid, 0, &a->regs) >= 0); 62} 63 64/* Returns 0 if not a syscall, 65 * 1 if syscall entry, 2 if syscall exit, 66 * 3 if arch-specific syscall entry, 4 if arch-specific syscall exit, 67 * -1 on error. 68 */ 69int 70syscall_p(struct process *proc, int status, int *sysnum) 71{ 72 if (WIFSTOPPED(status) 73 && WSTOPSIG(status) == (SIGTRAP | proc->tracesysgood)) { 74 /* get the user's pc (plus 8) */ 75 unsigned pc = ptrace(PTRACE_PEEKUSER, proc->pid, off_pc, 0); 76 pc = pc - 4; 77 /* fetch the SWI instruction */ 78 unsigned insn = ptrace(PTRACE_PEEKTEXT, proc->pid, 79 (void *)pc, 0); 80 int ip = ptrace(PTRACE_PEEKUSER, proc->pid, off_ip, 0); 81 82 if (insn == 0xef000000 || insn == 0x0f000000 83 || (insn & 0xffff0000) == 0xdf000000) { 84 /* EABI syscall */ 85 *sysnum = ptrace(PTRACE_PEEKUSER, proc->pid, off_r7, 0); 86 } else if ((insn & 0xfff00000) == 0xef900000) { 87 /* old ABI syscall */ 88 *sysnum = insn & 0xfffff; 89 } else { 90 /* TODO: handle swi<cond> variations */ 91 /* one possible reason for getting in here is that we 92 * are coming from a signal handler, so the current 93 * PC does not point to the instruction just after the 94 * "swi" one. */ 95 output_line(proc, "unexpected instruction 0x%x at %p", 96 insn, pc); 97 return 0; 98 } 99 if ((*sysnum & 0xf0000) == 0xf0000) { 100 /* arch-specific syscall */ 101 *sysnum &= ~0xf0000; 102 return ip ? 4 : 3; 103 } 104 /* ARM syscall convention: on syscall entry, ip is zero; 105 * on syscall exit, ip is non-zero */ 106 return ip ? 2 : 1; 107 } 108 return 0; 109} 110 111long 112gimme_arg(enum tof type, struct process *proc, int arg_num, 113 struct arg_type_info *info) 114{ 115 proc_archdep *a = (proc_archdep *) proc->arch_ptr; 116 117 if (arg_num == -1) { /* return value */ 118 return ptrace(PTRACE_PEEKUSER, proc->pid, off_r0, 0); 119 } 120 121 /* deal with the ARM calling conventions */ 122 if (type == LT_TOF_FUNCTION || type == LT_TOF_FUNCTIONR) { 123 if (arg_num < 4) { 124 if (a->valid && type == LT_TOF_FUNCTION) 125 return a->regs.uregs[arg_num]; 126 if (a->valid && type == LT_TOF_FUNCTIONR) 127 return a->func_arg[arg_num]; 128 return ptrace(PTRACE_PEEKUSER, proc->pid, 129 (void *)(4 * arg_num), 0); 130 } else { 131 return ptrace(PTRACE_PEEKDATA, proc->pid, 132 proc->stack_pointer + 4 * (arg_num - 4), 133 0); 134 } 135 } else if (type == LT_TOF_SYSCALL || type == LT_TOF_SYSCALLR) { 136 if (arg_num < 5) { 137 if (a->valid && type == LT_TOF_SYSCALL) 138 return a->regs.uregs[arg_num]; 139 if (a->valid && type == LT_TOF_SYSCALLR) 140 return a->sysc_arg[arg_num]; 141 return ptrace(PTRACE_PEEKUSER, proc->pid, 142 (void *)(4 * arg_num), 0); 143 } else { 144 return ptrace(PTRACE_PEEKDATA, proc->pid, 145 proc->stack_pointer + 4 * (arg_num - 5), 146 0); 147 } 148 } else { 149 fprintf(stderr, "gimme_arg called with wrong arguments\n"); 150 exit(1); 151 } 152 153 return 0; 154} 155 156static arch_addr_t 157arm_branch_dest(const arch_addr_t pc, const uint32_t insn) 158{ 159 /* Bits 0-23 are signed immediate value. */ 160 return pc + ((((insn & 0xffffff) ^ 0x800000) - 0x800000) << 2) + 8; 161} 162 163/* Addresses for calling Thumb functions have the bit 0 set. 164 Here are some macros to test, set, or clear bit 0 of addresses. */ 165/* XXX double cast */ 166#define IS_THUMB_ADDR(addr) ((uintptr_t)(addr) & 1) 167#define MAKE_THUMB_ADDR(addr) ((arch_addr_t)((uintptr_t)(addr) | 1)) 168#define UNMAKE_THUMB_ADDR(addr) ((arch_addr_t)((uintptr_t)(addr) & ~1)) 169 170static int 171arm_get_next_pcs(struct process *proc, 172 const arch_addr_t pc, arch_addr_t next_pcs[2]) 173{ 174 uint32_t this_instr; 175 uint32_t status; 176 if (proc_read_32(proc, pc, &this_instr) < 0 177 || arm_get_register(proc, ARM_REG_CPSR, &status) < 0) 178 return -1; 179 180 /* In theory, we sometimes don't even need to add any 181 * breakpoints at all. If the conditional bits of the 182 * instruction indicate that it should not be taken, then we 183 * can just skip it altogether without bothering. We could 184 * also emulate the instruction under the breakpoint. 185 * 186 * Here, we make it as simple as possible (though We Accept 187 * Patches). */ 188 int nr = 0; 189 190 /* ARM can branch either relatively by using a branch 191 * instruction, or absolutely, by doing arbitrary arithmetic 192 * with PC as the destination. */ 193 enum { 194 COND_ALWAYS = 0xe, 195 COND_NV = 0xf, 196 FLAG_C = 0x20000000, 197 }; 198 const unsigned cond = BITS(this_instr, 28, 31); 199 const unsigned opcode = BITS(this_instr, 24, 27); 200 201 if (cond == COND_NV) 202 switch (opcode) { 203 arch_addr_t addr; 204 case 0xa: 205 case 0xb: 206 /* Branch with Link and change to Thumb. */ 207 /* XXX double cast. */ 208 addr = (arch_addr_t) 209 ((uint32_t)arm_branch_dest(pc, this_instr) 210 | (((this_instr >> 24) & 0x1) << 1)); 211 next_pcs[nr++] = MAKE_THUMB_ADDR(addr); 212 break; 213 } 214 else 215 switch (opcode) { 216 uint32_t operand1, operand2, result = 0; 217 case 0x0: 218 case 0x1: /* data processing */ 219 case 0x2: 220 case 0x3: 221 if (BITS(this_instr, 12, 15) != ARM_REG_PC) 222 break; 223 224 if (BITS(this_instr, 22, 25) == 0 225 && BITS(this_instr, 4, 7) == 9) { /* multiply */ 226 invalid: 227 fprintf(stderr, 228 "Invalid update to pc in instruction.\n"); 229 break; 230 } 231 232 /* BX <reg>, BLX <reg> */ 233 if (BITS(this_instr, 4, 27) == 0x12fff1 234 || BITS(this_instr, 4, 27) == 0x12fff3) { 235 enum arm_register reg = BITS(this_instr, 0, 3); 236 /* XXX double cast: no need to go 237 * through tmp. */ 238 uint32_t tmp; 239 if (arm_get_register_offpc(proc, reg, &tmp) < 0) 240 return -1; 241 next_pcs[nr++] = (arch_addr_t)tmp; 242 return 0; 243 } 244 245 /* Multiply into PC. */ 246 if (arm_get_register_offpc 247 (proc, BITS(this_instr, 16, 19), &operand1) < 0) 248 return -1; 249 250 int c = (status & FLAG_C) ? 1 : 0; 251 if (BIT(this_instr, 25)) { 252 uint32_t immval = BITS(this_instr, 0, 7); 253 uint32_t rotate = 2 * BITS(this_instr, 8, 11); 254 operand2 = (((immval >> rotate) 255 | (immval << (32 - rotate))) 256 & 0xffffffff); 257 } else { 258 /* operand 2 is a shifted register. */ 259 if (arm_get_shifted_register 260 (proc, this_instr, c, pc, &operand2) < 0) 261 return -1; 262 } 263 264 switch (BITS(this_instr, 21, 24)) { 265 case 0x0: /*and */ 266 result = operand1 & operand2; 267 break; 268 269 case 0x1: /*eor */ 270 result = operand1 ^ operand2; 271 break; 272 273 case 0x2: /*sub */ 274 result = operand1 - operand2; 275 break; 276 277 case 0x3: /*rsb */ 278 result = operand2 - operand1; 279 break; 280 281 case 0x4: /*add */ 282 result = operand1 + operand2; 283 break; 284 285 case 0x5: /*adc */ 286 result = operand1 + operand2 + c; 287 break; 288 289 case 0x6: /*sbc */ 290 result = operand1 - operand2 + c; 291 break; 292 293 case 0x7: /*rsc */ 294 result = operand2 - operand1 + c; 295 break; 296 297 case 0x8: 298 case 0x9: 299 case 0xa: 300 case 0xb: /* tst, teq, cmp, cmn */ 301 /* Only take the default branch. */ 302 result = 0; 303 break; 304 305 case 0xc: /*orr */ 306 result = operand1 | operand2; 307 break; 308 309 case 0xd: /*mov */ 310 /* Always step into a function. */ 311 result = operand2; 312 break; 313 314 case 0xe: /*bic */ 315 result = operand1 & ~operand2; 316 break; 317 318 case 0xf: /*mvn */ 319 result = ~operand2; 320 break; 321 } 322 323 /* XXX double cast */ 324 next_pcs[nr++] = (arch_addr_t)result; 325 break; 326 327 case 0x4: 328 case 0x5: /* data transfer */ 329 case 0x6: 330 case 0x7: 331 /* Ignore if insn isn't load or Rn not PC. */ 332 if (!BIT(this_instr, 20) 333 || BITS(this_instr, 12, 15) != ARM_REG_PC) 334 break; 335 336 if (BIT(this_instr, 22)) 337 goto invalid; 338 339 /* byte write to PC */ 340 uint32_t base; 341 if (arm_get_register_offpc 342 (proc, BITS(this_instr, 16, 19), &base) < 0) 343 return -1; 344 345 if (BIT(this_instr, 24)) { 346 /* pre-indexed */ 347 int c = (status & FLAG_C) ? 1 : 0; 348 uint32_t offset; 349 if (BIT(this_instr, 25)) { 350 if (arm_get_shifted_register 351 (proc, this_instr, c, 352 pc, &offset) < 0) 353 return -1; 354 } else { 355 offset = BITS(this_instr, 0, 11); 356 } 357 358 if (BIT(this_instr, 23)) 359 base += offset; 360 else 361 base -= offset; 362 } 363 364 /* XXX two double casts. */ 365 uint32_t next; 366 if (proc_read_32(proc, (arch_addr_t)base, &next) < 0) 367 return -1; 368 next_pcs[nr++] = (arch_addr_t)next; 369 break; 370 371 case 0x8: 372 case 0x9: /* block transfer */ 373 if (!BIT(this_instr, 20)) 374 break; 375 /* LDM */ 376 if (BIT(this_instr, 15)) { 377 /* Loading pc. */ 378 int offset = 0; 379 enum arm_register rn = BITS(this_instr, 16, 19); 380 uint32_t rn_val; 381 if (arm_get_register(proc, rn, &rn_val) < 0) 382 return -1; 383 384 int pre = BIT(this_instr, 24); 385 if (BIT(this_instr, 23)) { 386 /* Bit U = up. */ 387 unsigned reglist 388 = BITS(this_instr, 0, 14); 389 offset = bitcount(reglist) * 4; 390 if (pre) 391 offset += 4; 392 } else if (pre) { 393 offset = -4; 394 } 395 396 /* XXX double cast. */ 397 arch_addr_t addr 398 = (arch_addr_t)(rn_val + offset); 399 uint32_t next; 400 if (proc_read_32(proc, addr, &next) < 0) 401 return -1; 402 next_pcs[nr++] = (arch_addr_t)next; 403 } 404 break; 405 406 case 0xb: /* branch & link */ 407 case 0xa: /* branch */ 408 next_pcs[nr++] = arm_branch_dest(pc, this_instr); 409 break; 410 411 case 0xc: 412 case 0xd: 413 case 0xe: /* coproc ops */ 414 case 0xf: /* SWI */ 415 break; 416 } 417 418 /* Otherwise take the next instruction. */ 419 if (cond != COND_ALWAYS || nr == 0) 420 next_pcs[nr++] = pc + 4; 421 return 0; 422} 423 424static int 425thumb_get_next_pcs(struct process *proc, 426 const arch_addr_t pc, arch_addr_t next_pcs[2]) 427{ 428 uint16_t inst1; 429 uint32_t status; 430 if (proc_read_16(proc, pc, &inst1) < 0 431 || arm_get_register(proc, ARM_REG_CPSR, &status) < 0) 432 return -1; 433 434 int nr = 0; 435 436 /* We currently ignore Thumb-2 conditional execution support 437 * (the IT instruction). No branches are allowed in IT block, 438 * and it's not legal to jump in the middle of it, so unless 439 * we need to singlestep through large swaths of code, which 440 * we currently don't, we can ignore them. */ 441 442 if ((inst1 & 0xff00) == 0xbd00) { /* pop {rlist, pc} */ 443 /* Fetch the saved PC from the stack. It's stored 444 * above all of the other registers. */ 445 unsigned offset = bitcount(BITS(inst1, 0, 7)) * 4; 446 uint32_t sp; 447 uint32_t next; 448 /* XXX two double casts */ 449 if (arm_get_register(proc, ARM_REG_SP, &sp) < 0 450 || proc_read_32(proc, (arch_addr_t)(sp + offset), 451 &next) < 0) 452 return -1; 453 next_pcs[nr++] = (arch_addr_t)next; 454 } 455 456 /* Otherwise take the next instruction. */ 457 if (nr == 0) 458 next_pcs[nr++] = pc + 2; 459 return 0; 460} 461 462enum sw_singlestep_status 463arch_sw_singlestep(struct process *proc, struct breakpoint *sbp, 464 int (*add_cb)(arch_addr_t, struct sw_singlestep_data *), 465 struct sw_singlestep_data *add_cb_data) 466{ 467 const arch_addr_t pc = get_instruction_pointer(proc); 468 469 uint32_t cpsr; 470 if (arm_get_register(proc, ARM_REG_CPSR, &cpsr) < 0) 471 return SWS_FAIL; 472 473 const unsigned thumb_p = BIT(cpsr, 5); 474 arch_addr_t next_pcs[2] = {}; 475 if ((thumb_p ? &thumb_get_next_pcs 476 : &arm_get_next_pcs)(proc, pc, next_pcs) < 0) 477 return SWS_FAIL; 478 479 int i; 480 for (i = 0; i < 2; ++i) { 481 /* XXX double cast. */ 482 arch_addr_t target 483 = (arch_addr_t)(((uintptr_t)next_pcs[i]) | thumb_p); 484 if (next_pcs[i] != 0 && add_cb(target, add_cb_data) < 0) 485 return SWS_FAIL; 486 } 487 488 debug(1, "PTRACE_CONT"); 489 ptrace(PTRACE_CONT, proc->pid, 0, 0); 490 return SWS_OK; 491} 492