m_stacktrace.c revision 15338c5237c0026aa0d87fc2c9cd7e665eea8fe2
1 2/*--------------------------------------------------------------------*/ 3/*--- Take snapshots of client stacks. m_stacktrace.c ---*/ 4/*--------------------------------------------------------------------*/ 5 6/* 7 This file is part of Valgrind, a dynamic binary instrumentation 8 framework. 9 10 Copyright (C) 2000-2006 Julian Seward 11 jseward@acm.org 12 13 This program is free software; you can redistribute it and/or 14 modify it under the terms of the GNU General Public License as 15 published by the Free Software Foundation; either version 2 of the 16 License, or (at your option) any later version. 17 18 This program is distributed in the hope that it will be useful, but 19 WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with this program; if not, write to the Free Software 25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 26 02111-1307, USA. 27 28 The GNU General Public License is contained in the file COPYING. 29*/ 30 31#include "pub_core_basics.h" 32#include "pub_core_vki.h" 33#include "pub_core_threadstate.h" 34#include "pub_core_debuginfo.h" 35#include "pub_core_aspacemgr.h" // For VG_(is_addressable)() 36#include "pub_core_libcbase.h" 37#include "pub_core_libcassert.h" 38#include "pub_core_libcprint.h" 39#include "pub_core_machine.h" 40#include "pub_core_options.h" 41#include "pub_core_stacktrace.h" 42#include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80) 43#include "pub_core_trampoline.h" 44 45/*------------------------------------------------------------*/ 46/*--- Exported functions. ---*/ 47/*------------------------------------------------------------*/ 48 49/* Take a snapshot of the client's stack, putting the up to 'n_ips' 50 IPs into 'ips'. In order to be thread-safe, we pass in the 51 thread's IP SP, FP if that's meaningful, and LR if that's 52 meaningful. Returns number of IPs put in 'ips'. 53 54 If you know what the thread ID for this stack is, send that as the 55 first parameter, else send zero. This helps generate better stack 56 traces on ppc64-linux and has no effect on other platforms. 57*/ 58UInt VG_(get_StackTrace2) ( ThreadId tid_if_known, 59 Addr* ips, UInt n_ips, 60 Addr ip, Addr sp, Addr fp, Addr lr, 61 Addr fp_min, Addr fp_max_orig ) 62{ 63# if defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux) \ 64 || defined(VGP_ppc32_aix5) \ 65 || defined(VGP_ppc64_aix5) 66 Bool lr_is_first_RA = False; 67# endif 68# if defined(VGP_ppc64_linux) || defined(VGP_ppc64_aix5) \ 69 || defined(VGP_ppc32_aix5) 70 Word redir_stack_size = 0; 71 Word redirs_used = 0; 72# endif 73 74 Bool debug = False; 75 Int i; 76 Addr fp_max; 77 UInt n_found = 0; 78 79 vg_assert(sizeof(Addr) == sizeof(UWord)); 80 vg_assert(sizeof(Addr) == sizeof(void*)); 81 82 /* Snaffle IPs from the client's stack into ips[0 .. n_ips-1], 83 stopping when the trail goes cold, which we guess to be 84 when FP is not a reasonable stack location. */ 85 86 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 87 // current page, at least. Dunno if it helps. 88 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 89 fp_max = VG_PGROUNDUP(fp_max_orig); 90 fp_max -= sizeof(Addr); 91 92 if (debug) 93 VG_(printf)("n_ips=%d fp_min=%p fp_max_orig=%p, fp_max=%p ip=%p fp=%p\n", 94 n_ips, fp_min, fp_max_orig, fp_max, ip, fp); 95 96 /* Assertion broken before main() is reached in pthreaded programs; the 97 * offending stack traces only have one item. --njn, 2002-aug-16 */ 98 /* vg_assert(fp_min <= fp_max);*/ 99 100 if (fp_min + VG_(clo_max_stackframe) <= fp_max) { 101 /* If the stack is ridiculously big, don't poke around ... but 102 don't bomb out either. Needed to make John Regehr's 103 user-space threads package work. JRS 20021001 */ 104 ips[0] = ip; 105 return 1; 106 } 107 108 /* Otherwise unwind the stack in a platform-specific way. Trying 109 to merge the x86, amd64, ppc32 and ppc64 logic into a single 110 piece of code is just too confusing and difficult to 111 performance-tune. */ 112 113# if defined(VGP_x86_linux) 114 115 /*--------------------- x86 ---------------------*/ 116 117 /* fp is %ebp. sp is %esp. ip is %eip. */ 118 119 ips[0] = ip; 120 i = 1; 121 122 /* Loop unwinding the stack. Note that the IP value we get on 123 * each pass (whether from CFI info or a stack frame) is a 124 * return address so is actually after the calling instruction 125 * in the calling function. 126 * 127 * Because of this we subtract one from the IP after each pass 128 * of the loop so that we find the right CFI block on the next 129 * pass - otherwise we can find the wrong CFI info if it happens 130 * to change after the calling instruction and that will mean 131 * that we will fail to unwind the next step. 132 * 133 * This most frequently happens at the end of a function when 134 * a tail call occurs and we wind up using the CFI info for the 135 * next function which is completely wrong. 136 */ 137 while (True) { 138 139 if (i >= n_ips) 140 break; 141 142 /* Try to derive a new (ip,sp,fp) triple from the current 143 set. */ 144 145 /* On x86, first try the old-fashioned method of following the 146 %ebp-chain. Code which doesn't use this (that is, compiled 147 with -fomit-frame-pointer) is not ABI compliant and so 148 relatively rare. Besides, trying the CFI first almost always 149 fails, and is expensive. */ 150 /* Deal with frames resulting from functions which begin "pushl% 151 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */ 152 if (fp_min <= fp && fp <= fp_max) { 153 /* fp looks sane, so use it. */ 154 ip = (((UWord*)fp)[1]); 155 sp = fp + sizeof(Addr) /*saved %ebp*/ 156 + sizeof(Addr) /*ra*/; 157 fp = (((UWord*)fp)[0]); 158 ips[i++] = ip; 159 if (debug) 160 VG_(printf)(" ipsF[%d]=%08p\n", i-1, ips[i-1]); 161 ip = ip - 1; 162 continue; 163 } 164 165 /* That didn't work out, so see if there is any CF info to hand 166 which can be used. */ 167 if ( VG_(use_CF_info)( &ip, &sp, &fp, fp_min, fp_max ) ) { 168 ips[i++] = ip; 169 if (debug) 170 VG_(printf)(" ipsC[%d]=%08p\n", i-1, ips[i-1]); 171 ip = ip - 1; 172 continue; 173 } 174 175 /* No luck. We have to give up. */ 176 break; 177 } 178 179# elif defined(VGP_amd64_linux) 180 181 /*--------------------- amd64 ---------------------*/ 182 183 /* fp is %rbp. sp is %rsp. ip is %rip. */ 184 185 ips[0] = ip; 186 i = 1; 187 188 /* Loop unwinding the stack. Note that the IP value we get on 189 * each pass (whether from CFI info or a stack frame) is a 190 * return address so is actually after the calling instruction 191 * in the calling function. 192 * 193 * Because of this we subtract one from the IP after each pass 194 * of the loop so that we find the right CFI block on the next 195 * pass - otherwise we can find the wrong CFI info if it happens 196 * to change after the calling instruction and that will mean 197 * that we will fail to unwind the next step. 198 * 199 * This most frequently happens at the end of a function when 200 * a tail call occurs and we wind up using the CFI info for the 201 * next function which is completely wrong. 202 */ 203 while (True) { 204 205 if (i >= n_ips) 206 break; 207 208 /* Try to derive a new (ip,sp,fp) triple from the current 209 set. */ 210 211 /* First off, see if there is any CFI info to hand which can 212 be used. */ 213 if ( VG_(use_CF_info)( &ip, &sp, &fp, fp_min, fp_max ) ) { 214 ips[i++] = ip; 215 if (debug) 216 VG_(printf)(" ipsC[%d]=%08p\n", i-1, ips[i-1]); 217 ip = ip - 1; 218 continue; 219 } 220 221 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so 222 we can safely try the old-fashioned method. */ 223 /* This bit is supposed to deal with frames resulting from 224 functions which begin "pushq %rbp ; movq %rsp, %rbp". 225 Unfortunately, since we can't (easily) look at the insns at 226 the start of the fn, like GDB does, there's no reliable way 227 to tell. Hence the hack of first trying out CFI, and if that 228 fails, then use this as a fallback. */ 229 if (fp_min <= fp && fp <= fp_max) { 230 /* fp looks sane, so use it. */ 231 ip = (((UWord*)fp)[1]); 232 sp = fp + sizeof(Addr) /*saved %rbp*/ 233 + sizeof(Addr) /*ra*/; 234 fp = (((UWord*)fp)[0]); 235 ips[i++] = ip; 236 if (debug) 237 VG_(printf)(" ipsF[%d]=%08p\n", i-1, ips[i-1]); 238 ip = ip - 1; 239 continue; 240 } 241 242 /* No luck there. We have to give up. */ 243 break; 244 } 245 246# elif defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux) \ 247 || defined(VGP_ppc32_aix5) || defined(VGP_ppc64_aix5) 248 249 /*--------------------- ppc32/64 ---------------------*/ 250 251 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and 252 frame pointers. */ 253 254# if defined(VGP_ppc64_linux) || defined(VGP_ppc64_aix5) 255 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE; 256 redirs_used = 0; 257# elif defined(VGP_ppc32_aix5) 258 redir_stack_size = VEX_GUEST_PPC32_REDIR_STACK_SIZE; 259 redirs_used = 0; 260# endif 261 262# if defined(VG_PLAT_USES_PPCTOC) 263 /* Deal with bogus LR values caused by function 264 interception/wrapping on ppc-TOC platforms; see comment on 265 similar code a few lines further down. */ 266 if (ULong_to_Ptr(lr) == (void*)&VG_(ppctoc_magic_redirect_return_stub) 267 && VG_(is_valid_tid)(tid_if_known)) { 268 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP; 269 redirs_used++; 270 if (hsp >= 1 && hsp < redir_stack_size) 271 lr = VG_(threads)[tid_if_known] 272 .arch.vex.guest_REDIR_STACK[hsp-1]; 273 } 274# endif 275 276 /* We have to determine whether or not LR currently holds this fn 277 (call it F)'s return address. It might not if F has previously 278 called some other function, hence overwriting LR with a pointer 279 to some part of F. Hence if LR and IP point to the same 280 function then we conclude LR does not hold this function's 281 return address; instead the LR at entry must have been saved in 282 the stack by F's prologue and so we must get it from there 283 instead. Note all this guff only applies to the innermost 284 frame. */ 285 lr_is_first_RA = False; 286 { 287# define M_VG_ERRTXT 1000 288 UChar buf_lr[M_VG_ERRTXT], buf_ip[M_VG_ERRTXT]; 289 if (VG_(get_fnname_nodemangle) (lr, buf_lr, M_VG_ERRTXT)) 290 if (VG_(get_fnname_nodemangle) (ip, buf_ip, M_VG_ERRTXT)) 291 if (VG_(strncmp)(buf_lr, buf_ip, M_VG_ERRTXT)) 292 lr_is_first_RA = True; 293# undef M_VG_ERRTXT 294 } 295 296 ips[0] = ip; 297 i = 1; 298 299 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) { 300 301 /* initial FP is sane; keep going */ 302 fp = (((UWord*)fp)[0]); 303 304 while (True) { 305 306 /* On ppc64-linux (ppc64-elf, really), and on AIX, the lr save 307 slot is 2 words back from sp, whereas on ppc32-elf(?) it's 308 only one word back. */ 309# if defined(VGP_ppc64_linux) \ 310 || defined(VGP_ppc32_aix5) || defined(VGP_ppc64_aix5) 311 const Int lr_offset = 2; 312# else 313 const Int lr_offset = 1; 314# endif 315 316 if (i >= n_ips) 317 break; 318 319 /* Try to derive a new (ip,fp) pair from the current set. */ 320 321 if (fp_min <= fp && fp <= fp_max) { 322 /* fp looks sane, so use it. */ 323 324 if (i == 1 && lr_is_first_RA) 325 ip = lr; 326 else 327 ip = (((UWord*)fp)[lr_offset]); 328 329# if defined(VG_PLAT_USES_PPCTOC) 330 /* Nasty hack to do with function replacement/wrapping on 331 ppc64-linux/ppc64-aix/ppc32-aix. If LR points to our 332 magic return stub, then we are in a wrapped or 333 intercepted function, in which LR has been messed with. 334 The original LR will have been pushed onto the thread's 335 hidden REDIR stack one down from the top (top element 336 is the saved R2) and so we should restore the value 337 from there instead. Since nested redirections can and 338 do happen, we keep track of the number of nested LRs 339 used by the unwinding so far with 'redirs_used'. */ 340 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub) 341 && VG_(is_valid_tid)(tid_if_known)) { 342 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP; 343 hsp -= 2 * redirs_used; 344 redirs_used ++; 345 if (hsp >= 1 && hsp < redir_stack_size) 346 ip = VG_(threads)[tid_if_known] 347 .arch.vex.guest_REDIR_STACK[hsp-1]; 348 } 349# endif 350 351 fp = (((UWord*)fp)[0]); 352 ips[i++] = ip; 353 if (debug) 354 VG_(printf)(" ipsF[%d]=%08p\n", i-1, ips[i-1]); 355 continue; 356 } 357 358 /* No luck there. We have to give up. */ 359 break; 360 } 361 } 362 363# else 364# error "Unknown platform" 365# endif 366 367 n_found = i; 368 return n_found; 369} 370 371UInt VG_(get_StackTrace) ( ThreadId tid, StackTrace ips, UInt n_ips ) 372{ 373 /* thread in thread table */ 374 Addr ip = VG_(get_IP)(tid); 375 Addr fp = VG_(get_FP)(tid); 376 Addr sp = VG_(get_SP)(tid); 377 Addr lr = VG_(get_LR)(tid); 378 Addr stack_highest_word = VG_(threads)[tid].client_stack_highest_word; 379 380# if defined(VGP_x86_linux) 381 /* Nasty little hack to deal with syscalls - if libc is using its 382 _dl_sysinfo_int80 function for syscalls (the TLS version does), 383 then ip will always appear to be in that function when doing a 384 syscall, not the actual libc function doing the syscall. This 385 check sees if IP is within that function, and pops the return 386 address off the stack so that ip is placed within the library 387 function calling the syscall. This makes stack backtraces much 388 more useful. 389 390 The function is assumed to look like this (from glibc-2.3.6 sources): 391 _dl_sysinfo_int80: 392 int $0x80 393 ret 394 That is 3 (2+1) bytes long. We could be more thorough and check 395 the 3 bytes of the function are as expected, but I can't be 396 bothered. 397 */ 398 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */ 399 && ip >= VG_(client__dl_sysinfo_int80) 400 && ip < VG_(client__dl_sysinfo_int80)+3 401 && VG_(am_is_valid_for_client)(sp, sizeof(Addr), VKI_PROT_READ)) { 402 ip = *(Addr *)sp; 403 sp += sizeof(Addr); 404 } 405# endif 406 407 if (0) 408 VG_(printf)("tid %d: stack_highest=%p ip=%p sp=%p fp=%p\n", 409 tid, stack_highest_word, ip, sp, fp); 410 411 return VG_(get_StackTrace2)(tid, ips, n_ips, ip, sp, fp, lr, sp, 412 stack_highest_word); 413} 414 415static void printIpDesc(UInt n, Addr ip) 416{ 417 #define BUF_LEN 4096 418 419 static UChar buf[BUF_LEN]; 420 421 VG_(describe_IP)(ip, buf, BUF_LEN); 422 423 if (VG_(clo_xml)) { 424 VG_(message)(Vg_UserMsg, " %s", buf); 425 } else { 426 VG_(message)(Vg_UserMsg, " %s %s", ( n == 0 ? "at" : "by" ), buf); 427 } 428} 429 430/* Print a StackTrace. */ 431void VG_(pp_StackTrace) ( StackTrace ips, UInt n_ips ) 432{ 433 vg_assert( n_ips > 0 ); 434 435 if (VG_(clo_xml)) 436 VG_(message)(Vg_UserMsg, " <stack>"); 437 438 VG_(apply_StackTrace)( printIpDesc, ips, n_ips ); 439 440 if (VG_(clo_xml)) 441 VG_(message)(Vg_UserMsg, " </stack>"); 442} 443 444/* Get and immediately print a StackTrace. */ 445void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt n_ips ) 446{ 447 Addr ips[n_ips]; 448 UInt n_ips_obtained = VG_(get_StackTrace)(tid, ips, n_ips); 449 VG_(pp_StackTrace)(ips, n_ips_obtained); 450} 451 452 453void VG_(apply_StackTrace)( void(*action)(UInt n, Addr ip), 454 StackTrace ips, UInt n_ips ) 455{ 456 #define MYBUF_LEN 50 // only needs to be long enough for 457 // the names specially tested for 458 459 Bool main_done = False; 460 Char mybuf[MYBUF_LEN]; // ok to stack allocate mybuf[] -- it's tiny 461 Int i = 0; 462 463 vg_assert(n_ips > 0); 464 do { 465 Addr ip = ips[i]; 466 if (i > 0) 467 ip -= VG_MIN_INSTR_SZB; // point to calling line 468 469 // Stop after the first appearance of "main" or one of the other names 470 // (the appearance of which is a pretty good sign that we've gone past 471 // main without seeing it, for whatever reason) 472 if ( ! VG_(clo_show_below_main)) { 473 VG_(get_fnname_nodemangle)( ip, mybuf, MYBUF_LEN ); 474 mybuf[MYBUF_LEN-1] = 0; // paranoia 475 if ( VG_STREQ("main", mybuf) 476# if defined(VGO_linux) 477 || VG_STREQ("__libc_start_main", mybuf) // glibc glibness 478 || VG_STREQ("generic_start_main", mybuf) // Yellow Dog doggedness 479# endif 480 ) 481 main_done = True; 482 } 483 484 // Act on the ip 485 action(i, ip); 486 487 i++; 488 } while (i < n_ips && ips[i] != 0 && !main_done); 489 490 #undef MYBUF_LEN 491} 492 493 494/*--------------------------------------------------------------------*/ 495/*--- end ---*/ 496/*--------------------------------------------------------------------*/ 497