m_stacktrace.c revision 38a74d2cc4670e3eb559adff51a376cd6ec98005
1 2/*--------------------------------------------------------------------*/ 3/*--- Take snapshots of client stacks. m_stacktrace.c ---*/ 4/*--------------------------------------------------------------------*/ 5 6/* 7 This file is part of Valgrind, a dynamic binary instrumentation 8 framework. 9 10 Copyright (C) 2000-2013 Julian Seward 11 jseward@acm.org 12 13 This program is free software; you can redistribute it and/or 14 modify it under the terms of the GNU General Public License as 15 published by the Free Software Foundation; either version 2 of the 16 License, or (at your option) any later version. 17 18 This program is distributed in the hope that it will be useful, but 19 WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with this program; if not, write to the Free Software 25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 26 02111-1307, USA. 27 28 The GNU General Public License is contained in the file COPYING. 29*/ 30 31#include "pub_core_basics.h" 32#include "pub_core_vki.h" 33#include "pub_core_libcsetjmp.h" // to keep _threadstate.h happy 34#include "pub_core_threadstate.h" 35#include "pub_core_debuginfo.h" // XXX: circular dependency 36#include "pub_core_aspacemgr.h" // For VG_(is_addressable)() 37#include "pub_core_libcbase.h" 38#include "pub_core_libcassert.h" 39#include "pub_core_libcprint.h" 40#include "pub_core_machine.h" 41#include "pub_core_options.h" 42#include "pub_core_stacks.h" // VG_(stack_limits) 43#include "pub_core_stacktrace.h" 44#include "pub_core_xarray.h" 45#include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80) 46#include "pub_core_trampoline.h" 47 48 49/*------------------------------------------------------------*/ 50/*--- ---*/ 51/*--- BEGIN platform-dependent unwinder worker functions ---*/ 52/*--- ---*/ 53/*------------------------------------------------------------*/ 54 55/* Take a snapshot of the client's stack, putting up to 'max_n_ips' 56 IPs into 'ips'. In order to be thread-safe, we pass in the 57 thread's IP SP, FP if that's meaningful, and LR if that's 58 meaningful. Returns number of IPs put in 'ips'. 59 60 If you know what the thread ID for this stack is, send that as the 61 first parameter, else send zero. This helps generate better stack 62 traces on ppc64-linux and has no effect on other platforms. 63*/ 64 65/* Do frame merging in the _i frames in _ips array of recursive cycles 66 of up to _nframes. The merge is done during stack unwinding 67 (i.e. in platform specific unwinders) to collect as many 68 "interesting" stack traces as possible. */ 69#define RECURSIVE_MERGE(_nframes,_ips,_i){ \ 70 Int dist; \ 71 for (dist = 1; dist <= _nframes && dist < (Int)_i; dist++) { \ 72 if (_ips[_i-1] == _ips[_i-1-dist]) { \ 73 _i = _i - dist; \ 74 break; \ 75 } \ 76 } \ 77} 78 79 80/* ------------------------ x86 ------------------------- */ 81 82#if defined(VGP_x86_linux) || defined(VGP_x86_darwin) 83 84#define N_FP_CF_VERIF 1021 85// prime number so that size of fp_CF_verif is just below 4K or 8K 86// Note that this prime nr differs from the one chosen in 87// m_debuginfo/debuginfo.c for the cfsi cache : in case we have 88// a collision here between two IPs, we expect to not (often) have the 89// same collision in the cfsi cache (and vice-versa). 90 91// unwinding with fp chain is ok: 92#define FPUNWIND 0 93// there is no CFI info for this IP: 94#define NOINFO 1 95// Unwind with FP is not ok, must use CF unwind: 96#define CFUNWIND 2 97 98static Addr fp_CF_verif_cache [N_FP_CF_VERIF]; 99 100/* An unwind done by following the fp chain technique can be incorrect 101 as not all frames are respecting the standard bp/sp ABI. 102 The CF information is now generated by default by gcc 103 (as part of the dwarf info). However, unwinding using CF information 104 is significantly slower : a slowdown of 20% has been observed 105 on an helgrind test case. 106 So, by default, the unwinding will be done using the fp chain. 107 But before accepting to unwind an IP with fp_chain, the result 108 of the unwind will be checked with the CF information. 109 This check can give 3 results: 110 FPUNWIND (0): there is CF info, and it gives the same result as fp unwind. 111 => it is assumed that future unwind for this IP can be done 112 with the fast fp chain, without further CF checking 113 NOINFO (1): there is no CF info (so, fp unwind is the only do-able thing) 114 CFUNWIND (2): there is CF info, but unwind result differs. 115 => it is assumed that future unwind for this IP must be done 116 with the CF info. 117 Of course, if each fp unwind implies a check done with a CF unwind, 118 it would just be slower => we cache the check result in an 119 array of checked Addr. 120 The check for an IP will be stored at 121 fp_CF_verif_cache[IP % N_FP_CF_VERIF] as one of: 122 IP ^ FPUNWIND 123 IP ^ NOINFO 124 IP ^ CFUNWIND 125 126 Note: we can re-use the last (ROUNDDOWN (log (N_FP_CF_VERIF))) bits 127 to store the check result, as they are guaranteed to be non significant 128 in the comparison between 2 IPs stored in fp_CF_verif_cache). 129 In other words, if two IPs are only differing on the last 2 bits, 130 then they will not land in the same cache bucket. 131*/ 132 133static UInt fp_CF_verif_generation = 0; 134// Our cache has to be maintained in sync with the CFI cache. 135// Each time the CFI cache is changed, its generation will be incremented. 136// We will clear our cache when our saved generation differs from 137// the CFI cache generation. 138 139UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 140 /*OUT*/Addr* ips, UInt max_n_ips, 141 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 142 UnwindStartRegs* startRegs, 143 Addr fp_max_orig ) 144{ 145 const Bool do_stats = False; // compute and output some stats regularly. 146 static struct { 147 UInt nr; // nr of stacktraces computed 148 UInt nf; // nr of frames computed 149 UInt Ca; // unwind for which cache indicates CFUnwind must be used. 150 UInt FF; // unwind for which cache indicates FPUnwind can be used. 151 UInt Cf; // unwind at end of stack+store CFUNWIND (xip not end of stack). 152 UInt Fw; // unwind at end of stack+store FPUNWIND 153 UInt FO; // unwind + store FPUNWIND 154 UInt CF; // unwind + store CFUNWIND. Details below. 155 UInt xi; UInt xs; UInt xb; // register(s) which caused a 'store CFUNWIND'. 156 UInt Ck; // unwind fp invalid+store FPUNWIND 157 UInt MS; // microsoft unwind 158 } stats; 159 160 const Bool debug = False; 161 // = VG_(debugLog_getLevel) () > 3; 162 // = True; 163 // = stats.nr >= 123456; 164 const HChar* unwind_case; // used when debug is True. 165 // Debugging this function is not straightforward. 166 // Here is the easiest way I have found: 167 // 1. Change the above to True. 168 // 2. Start your program under Valgrind with --tool=none --vgdb-error=0 169 // 3. Use GDB/vgdb to put a breakpoint where you want to debug the stacktrace 170 // 4. Continue till breakpoint is encountered 171 // 5. From GDB, use 'monitor v.info scheduler' and examine the unwind traces. 172 // You might have to do twice 'monitor v.info scheduler' to see 173 // the effect of caching the results of the verification. 174 // You can also modify the debug dynamically using by using 175 // 'monitor v.set debuglog 4. 176 177 Int i; 178 Addr fp_max; 179 UInt n_found = 0; 180 const Int cmrf = VG_(clo_merge_recursive_frames); 181 182 vg_assert(sizeof(Addr) == sizeof(UWord)); 183 vg_assert(sizeof(Addr) == sizeof(void*)); 184 185 D3UnwindRegs fpverif_uregs; // result of CF unwind for a check reason. 186 Addr xip_verified = 0; // xip for which we have calculated fpverif_uregs 187 // 0 assigned to silence false positive -Wuninitialized warning 188 // This is a false positive as xip_verified is assigned when 189 // xip_verif > CFUNWIND and only used if xip_verif > CFUNWIND. 190 191 D3UnwindRegs uregs; 192 uregs.xip = (Addr)startRegs->r_pc; 193 uregs.xsp = (Addr)startRegs->r_sp; 194 uregs.xbp = startRegs->misc.X86.r_ebp; 195 Addr fp_min = uregs.xsp; 196 197 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 198 stopping when the trail goes cold, which we guess to be 199 when FP is not a reasonable stack location. */ 200 201 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 202 // current page, at least. Dunno if it helps. 203 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 204 fp_max = VG_PGROUNDUP(fp_max_orig); 205 if (fp_max >= sizeof(Addr)) 206 fp_max -= sizeof(Addr); 207 208 if (debug) 209 VG_(printf)("max_n_ips=%d fp_min=0x%08lx fp_max_orig=0x08%lx, " 210 "fp_max=0x%08lx ip=0x%08lx fp=0x%08lx\n", 211 max_n_ips, fp_min, fp_max_orig, fp_max, 212 uregs.xip, uregs.xbp); 213 214 /* Assertion broken before main() is reached in pthreaded programs; the 215 * offending stack traces only have one item. --njn, 2002-aug-16 */ 216 /* vg_assert(fp_min <= fp_max);*/ 217 // On Darwin, this kicks in for pthread-related stack traces, so they're 218 // only 1 entry long which is wrong. 219# if !defined(VGO_darwin) 220 if (fp_min + 512 >= fp_max) { 221 /* If the stack limits look bogus, don't poke around ... but 222 don't bomb out either. */ 223 if (sps) sps[0] = uregs.xsp; 224 if (fps) fps[0] = uregs.xbp; 225 ips[0] = uregs.xip; 226 return 1; 227 } 228# endif 229 230 if (UNLIKELY (fp_CF_verif_generation != VG_(CF_info_generation)())) { 231 fp_CF_verif_generation = VG_(CF_info_generation)(); 232 VG_(memset)(&fp_CF_verif_cache, 0, sizeof(fp_CF_verif_cache)); 233 } 234 235 236 /* Loop unwinding the stack. Note that the IP value we get on 237 * each pass (whether from CFI info or a stack frame) is a 238 * return address so is actually after the calling instruction 239 * in the calling function. 240 * 241 * Because of this we subtract one from the IP after each pass 242 * of the loop so that we find the right CFI block on the next 243 * pass - otherwise we can find the wrong CFI info if it happens 244 * to change after the calling instruction and that will mean 245 * that we will fail to unwind the next step. 246 * 247 * This most frequently happens at the end of a function when 248 * a tail call occurs and we wind up using the CFI info for the 249 * next function which is completely wrong. 250 */ 251 if (sps) sps[0] = uregs.xsp; 252 if (fps) fps[0] = uregs.xbp; 253 ips[0] = uregs.xip; 254 i = 1; 255 if (do_stats) stats.nr++; 256 257 while (True) { 258 259 if (i >= max_n_ips) 260 break; 261 262 UWord hash = uregs.xip % N_FP_CF_VERIF; 263 Addr xip_verif = uregs.xip ^ fp_CF_verif_cache [hash]; 264 if (debug) 265 VG_(printf)(" uregs.xip 0x%08lx xip_verif[0x%08lx]" 266 " xbp 0x%08lx xsp 0x%08lx\n", 267 uregs.xip, xip_verif, 268 uregs.xbp, uregs.xsp); 269 // If xip is in cache, then xip_verif will be <= CFUNWIND. 270 // Otherwise, if not in cache, xip_verif will be > CFUNWIND. 271 272 /* Try to derive a new (ip,sp,fp) triple from the current set. */ 273 274 /* Do we have to do CFI unwinding ? 275 We do CFI unwinding if one of the following condition holds: 276 a. fp_CF_verif_cache contains xip but indicates CFUNWIND must 277 be done (i.e. fp unwind check failed when we did the first 278 unwind for this IP). 279 b. fp_CF_verif_cache does not contain xip. 280 We will try CFI unwinding in fpverif_uregs and compare with 281 FP unwind result to insert xip in the cache with the correct 282 indicator. */ 283 if (UNLIKELY(xip_verif >= CFUNWIND)) { 284 if (xip_verif == CFUNWIND) { 285 /* case a : do "real" cfi unwind */ 286 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 287 if (debug) unwind_case = "Ca"; 288 if (do_stats) stats.Ca++; 289 goto unwind_done; 290 } 291 /* ??? cache indicates we have to do CFI unwind (so, we 292 previously found CFI info, and failed the fp unwind 293 check). Now, we just failed with CFI. So, once we 294 succeed, once we fail. No idea what is going on => 295 cleanup the cache entry and fallover to fp unwind (this 296 time). */ 297 fp_CF_verif_cache [hash] = 0; 298 if (debug) VG_(printf)(" cache reset as CFI ok then nok\n"); 299 //??? stats 300 xip_verif = NOINFO; 301 } else { 302 /* case b : do "verif" cfi unwind in fpverif_uregs */ 303 fpverif_uregs = uregs; 304 xip_verified = uregs.xip; 305 if ( !VG_(use_CF_info)( &fpverif_uregs, fp_min, fp_max ) ) { 306 fp_CF_verif_cache [hash] = uregs.xip ^ NOINFO; 307 if (debug) VG_(printf)(" cache NOINFO fpverif_uregs\n"); 308 xip_verif = NOINFO; 309 } 310 } 311 } 312 313 /* On x86, try the old-fashioned method of following the 314 %ebp-chain. This can be done if the fp_CF_verif_cache for xip 315 indicate fp unwind is ok. This must be done if the cache indicates 316 there is no info. This is also done to confirm what to put in the cache 317 if xip was not in the cache. */ 318 /* This deals with frames resulting from functions which begin "pushl% 319 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */ 320 if (fp_min <= uregs.xbp && 321 uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/) 322 { 323 /* fp looks sane, so use it. */ 324 uregs.xip = (((UWord*)uregs.xbp)[1]); 325 // We stop if we hit a zero (the traditional end-of-stack 326 // marker) or a one -- these correspond to recorded IPs of 0 or -1. 327 // The latter because r8818 (in this file) changes the meaning of 328 // entries [1] and above in a stack trace, by subtracting 1 from 329 // them. Hence stacks that used to end with a zero value now end in 330 // -1 and so we must detect that too. 331 if (0 == uregs.xip || 1 == uregs.xip) { 332 if (xip_verif > CFUNWIND) { 333 // Check if we obtain the same result with fp unwind. 334 // If same result, then mark xip as fp unwindable 335 if (uregs.xip == fpverif_uregs.xip) { 336 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND; 337 if (debug) VG_(printf)(" cache FPUNWIND 0\n"); 338 unwind_case = "Fw"; 339 if (do_stats) stats.Fw++; 340 break; 341 } else { 342 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND; 343 uregs = fpverif_uregs; 344 if (debug) VG_(printf)(" cache CFUNWIND 0\n"); 345 unwind_case = "Cf"; 346 if (do_stats) stats.Cf++; 347 goto unwind_done; 348 } 349 } else { 350 // end of stack => out of the loop. 351 break; 352 } 353 } 354 355 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/ 356 + sizeof(Addr) /*ra*/; 357 uregs.xbp = (((UWord*)uregs.xbp)[0]); 358 if (xip_verif > CFUNWIND) { 359 if (uregs.xip == fpverif_uregs.xip 360 && uregs.xsp == fpverif_uregs.xsp 361 && uregs.xbp == fpverif_uregs.xbp) { 362 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND; 363 if (debug) VG_(printf)(" cache FPUNWIND >2\n"); 364 if (debug) unwind_case = "FO"; 365 if (do_stats) stats.FO++; 366 } else { 367 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND; 368 if (debug) VG_(printf)(" cache CFUNWIND >2\n"); 369 if (do_stats && uregs.xip != fpverif_uregs.xip) stats.xi++; 370 if (do_stats && uregs.xsp != fpverif_uregs.xsp) stats.xs++; 371 if (do_stats && uregs.xbp != fpverif_uregs.xbp) stats.xb++; 372 uregs = fpverif_uregs; 373 if (debug) unwind_case = "CF"; 374 if (do_stats) stats.CF++; 375 } 376 } else { 377 if (debug) unwind_case = "FF"; 378 if (do_stats) stats.FF++; 379 } 380 goto unwind_done; 381 } else { 382 // fp unwind has failed. 383 // If we were checking the validity of the cfi unwinding, 384 // we mark in the cache that the fp unwind cannot be done, and that 385 // cfi unwind is desired. 386 if (xip_verif > CFUNWIND) { 387 // We know that fpverif_uregs contains valid information, 388 // as a failed cf unwind would have put NOINFO in xip_verif. 389 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND; 390 if (debug) VG_(printf)(" cache CFUNWIND as fp failed\n"); 391 uregs = fpverif_uregs; 392 if (debug) unwind_case = "Ck"; 393 if (do_stats) stats.Ck++; 394 goto unwind_done; 395 } 396 // xip_verif is FPUNWIND or NOINFO. 397 // We failed the cfi unwind and/or the fp unwind. 398 // => fallback to FPO info. 399 } 400 401 /* And, similarly, try for MSVC FPO unwind info. */ 402 if ( VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp, 403 fp_min, fp_max ) ) { 404 if (debug) unwind_case = "MS"; 405 if (do_stats) stats.MS++; 406 goto unwind_done; 407 } 408 409 /* No luck. We have to give up. */ 410 break; 411 412 unwind_done: 413 /* Add a frame in ips/sps/fps */ 414 /* fp is %ebp. sp is %esp. ip is %eip. */ 415 if (0 == uregs.xip || 1 == uregs.xip) break; 416 if (sps) sps[i] = uregs.xsp; 417 if (fps) fps[i] = uregs.xbp; 418 ips[i++] = uregs.xip - 1; 419 /* -1: refer to calling insn, not the RA */ 420 if (debug) 421 VG_(printf)(" ips%s[%d]=0x%08lx\n", unwind_case, i-1, ips[i-1]); 422 uregs.xip = uregs.xip - 1; 423 /* as per comment at the head of this loop */ 424 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 425 } 426 427 if (do_stats) stats.nf += i; 428 if (do_stats && stats.nr % 10000 == 0) { 429 VG_(printf)("nr %u nf %u " 430 "Ca %u FF %u " 431 "Cf %u " 432 "Fw %u FO %u " 433 "CF %u (xi %u xs %u xb %u) " 434 "Ck %u MS %u\n", 435 stats.nr, stats.nf, 436 stats.Ca, stats.FF, 437 stats.Cf, 438 stats.Fw, stats.FO, 439 stats.CF, stats.xi, stats.xs, stats.xb, 440 stats.Ck, stats.MS); 441 } 442 n_found = i; 443 return n_found; 444} 445 446#undef N_FP_CF_VERIF 447#undef FPUNWIND 448#undef NOINFO 449#undef CFUNWIND 450 451#endif 452 453/* ----------------------- amd64 ------------------------ */ 454 455#if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) 456 457UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 458 /*OUT*/Addr* ips, UInt max_n_ips, 459 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 460 UnwindStartRegs* startRegs, 461 Addr fp_max_orig ) 462{ 463 Bool debug = False; 464 Int i; 465 Addr fp_max; 466 UInt n_found = 0; 467 const Int cmrf = VG_(clo_merge_recursive_frames); 468 469 vg_assert(sizeof(Addr) == sizeof(UWord)); 470 vg_assert(sizeof(Addr) == sizeof(void*)); 471 472 D3UnwindRegs uregs; 473 uregs.xip = startRegs->r_pc; 474 uregs.xsp = startRegs->r_sp; 475 uregs.xbp = startRegs->misc.AMD64.r_rbp; 476 Addr fp_min = uregs.xsp; 477 478 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 479 stopping when the trail goes cold, which we guess to be 480 when FP is not a reasonable stack location. */ 481 482 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 483 // current page, at least. Dunno if it helps. 484 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 485 fp_max = VG_PGROUNDUP(fp_max_orig); 486 if (fp_max >= sizeof(Addr)) 487 fp_max -= sizeof(Addr); 488 489 if (debug) 490 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 491 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 492 max_n_ips, fp_min, fp_max_orig, fp_max, 493 uregs.xip, uregs.xbp); 494 495 /* Assertion broken before main() is reached in pthreaded programs; the 496 * offending stack traces only have one item. --njn, 2002-aug-16 */ 497 /* vg_assert(fp_min <= fp_max);*/ 498 // On Darwin, this kicks in for pthread-related stack traces, so they're 499 // only 1 entry long which is wrong. 500# if !defined(VGO_darwin) 501 if (fp_min + 256 >= fp_max) { 502 /* If the stack limits look bogus, don't poke around ... but 503 don't bomb out either. */ 504 if (sps) sps[0] = uregs.xsp; 505 if (fps) fps[0] = uregs.xbp; 506 ips[0] = uregs.xip; 507 return 1; 508 } 509# endif 510 511 /* fp is %rbp. sp is %rsp. ip is %rip. */ 512 513 ips[0] = uregs.xip; 514 if (sps) sps[0] = uregs.xsp; 515 if (fps) fps[0] = uregs.xbp; 516 i = 1; 517 518 /* Loop unwinding the stack. Note that the IP value we get on 519 * each pass (whether from CFI info or a stack frame) is a 520 * return address so is actually after the calling instruction 521 * in the calling function. 522 * 523 * Because of this we subtract one from the IP after each pass 524 * of the loop so that we find the right CFI block on the next 525 * pass - otherwise we can find the wrong CFI info if it happens 526 * to change after the calling instruction and that will mean 527 * that we will fail to unwind the next step. 528 * 529 * This most frequently happens at the end of a function when 530 * a tail call occurs and we wind up using the CFI info for the 531 * next function which is completely wrong. 532 */ 533 while (True) { 534 535 if (i >= max_n_ips) 536 break; 537 538 /* Try to derive a new (ip,sp,fp) triple from the current set. */ 539 540 /* First off, see if there is any CFI info to hand which can 541 be used. */ 542 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 543 if (0 == uregs.xip || 1 == uregs.xip) break; 544 if (sps) sps[i] = uregs.xsp; 545 if (fps) fps[i] = uregs.xbp; 546 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 547 if (debug) 548 VG_(printf)(" ipsC[%d]=%#08lx\n", i-1, ips[i-1]); 549 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 550 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 551 continue; 552 } 553 554 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so 555 we can safely try the old-fashioned method. */ 556 /* This bit is supposed to deal with frames resulting from 557 functions which begin "pushq %rbp ; movq %rsp, %rbp". 558 Unfortunately, since we can't (easily) look at the insns at 559 the start of the fn, like GDB does, there's no reliable way 560 to tell. Hence the hack of first trying out CFI, and if that 561 fails, then use this as a fallback. */ 562 /* Note: re "- 1 * sizeof(UWord)", need to take account of the 563 fact that we are prodding at & ((UWord*)fp)[1] and so need to 564 adjust the limit check accordingly. Omitting this has been 565 observed to cause segfaults on rare occasions. */ 566 if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) { 567 /* fp looks sane, so use it. */ 568 uregs.xip = (((UWord*)uregs.xbp)[1]); 569 if (0 == uregs.xip || 1 == uregs.xip) break; 570 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/ 571 + sizeof(Addr) /*ra*/; 572 uregs.xbp = (((UWord*)uregs.xbp)[0]); 573 if (sps) sps[i] = uregs.xsp; 574 if (fps) fps[i] = uregs.xbp; 575 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 576 if (debug) 577 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]); 578 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 579 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 580 continue; 581 } 582 583 /* Last-ditch hack (evidently GDB does something similar). We 584 are in the middle of nowhere and we have a nonsense value for 585 the frame pointer. If the stack pointer is still valid, 586 assume that what it points at is a return address. Yes, 587 desperate measures. Could do better here: 588 - check that the supposed return address is in 589 an executable page 590 - check that the supposed return address is just after a call insn 591 - given those two checks, don't just consider *sp as the return 592 address; instead scan a likely section of stack (eg sp .. sp+256) 593 and use suitable values found there. 594 */ 595 if (fp_min <= uregs.xsp && uregs.xsp < fp_max) { 596 uregs.xip = ((UWord*)uregs.xsp)[0]; 597 if (0 == uregs.xip || 1 == uregs.xip) break; 598 if (sps) sps[i] = uregs.xsp; 599 if (fps) fps[i] = uregs.xbp; 600 ips[i++] = uregs.xip == 0 601 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a 602 thread stack */ 603 : uregs.xip - 1; 604 /* -1: refer to calling insn, not the RA */ 605 if (debug) 606 VG_(printf)(" ipsH[%d]=%#08lx\n", i-1, ips[i-1]); 607 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 608 uregs.xsp += 8; 609 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 610 continue; 611 } 612 613 /* No luck at all. We have to give up. */ 614 break; 615 } 616 617 n_found = i; 618 return n_found; 619} 620 621#endif 622 623/* -----------------------ppc32/64 ---------------------- */ 624 625#if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \ 626 || defined(VGP_ppc64le_linux) 627 628UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 629 /*OUT*/Addr* ips, UInt max_n_ips, 630 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 631 UnwindStartRegs* startRegs, 632 Addr fp_max_orig ) 633{ 634 Bool lr_is_first_RA = False; 635# if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux) 636 Word redir_stack_size = 0; 637 Word redirs_used = 0; 638# endif 639 const Int cmrf = VG_(clo_merge_recursive_frames); 640 641 Bool debug = False; 642 Int i; 643 Addr fp_max; 644 UInt n_found = 0; 645 646 vg_assert(sizeof(Addr) == sizeof(UWord)); 647 vg_assert(sizeof(Addr) == sizeof(void*)); 648 649 Addr ip = (Addr)startRegs->r_pc; 650 Addr sp = (Addr)startRegs->r_sp; 651 Addr fp = sp; 652# if defined(VGP_ppc32_linux) 653 Addr lr = startRegs->misc.PPC32.r_lr; 654# elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux) 655 Addr lr = startRegs->misc.PPC64.r_lr; 656# endif 657 Addr fp_min = sp; 658 659 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 660 stopping when the trail goes cold, which we guess to be 661 when FP is not a reasonable stack location. */ 662 663 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 664 // current page, at least. Dunno if it helps. 665 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 666 fp_max = VG_PGROUNDUP(fp_max_orig); 667 if (fp_max >= sizeof(Addr)) 668 fp_max -= sizeof(Addr); 669 670 if (debug) 671 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 672 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 673 max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp); 674 675 /* Assertion broken before main() is reached in pthreaded programs; the 676 * offending stack traces only have one item. --njn, 2002-aug-16 */ 677 /* vg_assert(fp_min <= fp_max);*/ 678 if (fp_min + 512 >= fp_max) { 679 /* If the stack limits look bogus, don't poke around ... but 680 don't bomb out either. */ 681 if (sps) sps[0] = sp; 682 if (fps) fps[0] = fp; 683 ips[0] = ip; 684 return 1; 685 } 686 687 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and 688 frame pointers. */ 689 690# if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux) 691 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE; 692 redirs_used = 0; 693# endif 694 695# if defined(VG_PLAT_USES_PPCTOC) 696 /* Deal with bogus LR values caused by function 697 interception/wrapping on ppc-TOC platforms; see comment on 698 similar code a few lines further down. */ 699 if (ULong_to_Ptr(lr) == (void*)&VG_(ppctoc_magic_redirect_return_stub) 700 && VG_(is_valid_tid)(tid_if_known)) { 701 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP; 702 redirs_used++; 703 if (hsp >= 1 && hsp < redir_stack_size) 704 lr = VG_(threads)[tid_if_known] 705 .arch.vex.guest_REDIR_STACK[hsp-1]; 706 } 707# endif 708 709 /* We have to determine whether or not LR currently holds this fn 710 (call it F)'s return address. It might not if F has previously 711 called some other function, hence overwriting LR with a pointer 712 to some part of F. Hence if LR and IP point to the same 713 function then we conclude LR does not hold this function's 714 return address; instead the LR at entry must have been saved in 715 the stack by F's prologue and so we must get it from there 716 instead. Note all this guff only applies to the innermost 717 frame. */ 718 lr_is_first_RA = False; 719 { 720# define M_VG_ERRTXT 1000 721 HChar buf_lr[M_VG_ERRTXT], buf_ip[M_VG_ERRTXT]; 722 /* The following conditional looks grossly inefficient and 723 surely could be majorly improved, with not much effort. */ 724 if (VG_(get_fnname_raw) (lr, buf_lr, M_VG_ERRTXT)) 725 if (VG_(get_fnname_raw) (ip, buf_ip, M_VG_ERRTXT)) 726 if (VG_(strncmp)(buf_lr, buf_ip, M_VG_ERRTXT)) 727 lr_is_first_RA = True; 728# undef M_VG_ERRTXT 729 } 730 731 if (sps) sps[0] = fp; /* NB. not sp */ 732 if (fps) fps[0] = fp; 733 ips[0] = ip; 734 i = 1; 735 736 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) { 737 738 /* initial FP is sane; keep going */ 739 fp = (((UWord*)fp)[0]); 740 741 while (True) { 742 743 /* On ppc64-linux (ppc64-elf, really), the lr save 744 slot is 2 words back from sp, whereas on ppc32-elf(?) it's 745 only one word back. */ 746# if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux) 747 const Int lr_offset = 2; 748# else 749 const Int lr_offset = 1; 750# endif 751 752 if (i >= max_n_ips) 753 break; 754 755 /* Try to derive a new (ip,fp) pair from the current set. */ 756 757 if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) { 758 /* fp looks sane, so use it. */ 759 760 if (i == 1 && lr_is_first_RA) 761 ip = lr; 762 else 763 ip = (((UWord*)fp)[lr_offset]); 764 765# if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux) 766 /* Nasty hack to do with function replacement/wrapping on 767 ppc64-linux. If LR points to our magic return stub, 768 then we are in a wrapped or intercepted function, in 769 which LR has been messed with. The original LR will 770 have been pushed onto the thread's hidden REDIR stack 771 one down from the top (top element is the saved R2) and 772 so we should restore the value from there instead. 773 Since nested redirections can and do happen, we keep 774 track of the number of nested LRs used by the unwinding 775 so far with 'redirs_used'. */ 776 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub) 777 && VG_(is_valid_tid)(tid_if_known)) { 778 Word hsp = VG_(threads)[tid_if_known] 779 .arch.vex.guest_REDIR_SP; 780 hsp -= 2 * redirs_used; 781 redirs_used ++; 782 if (hsp >= 1 && hsp < redir_stack_size) 783 ip = VG_(threads)[tid_if_known] 784 .arch.vex.guest_REDIR_STACK[hsp-1]; 785 } 786# endif 787 788 if (0 == ip || 1 == ip) break; 789 if (sps) sps[i] = fp; /* NB. not sp */ 790 if (fps) fps[i] = fp; 791 fp = (((UWord*)fp)[0]); 792 ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */ 793 if (debug) 794 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]); 795 ip = ip - 1; /* ip is probably dead at this point, but 796 play safe, a la x86/amd64 above. See 797 extensive comments above. */ 798 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 799 continue; 800 } 801 802 /* No luck there. We have to give up. */ 803 break; 804 } 805 } 806 807 n_found = i; 808 return n_found; 809} 810 811#endif 812 813/* ------------------------ arm ------------------------- */ 814 815#if defined(VGP_arm_linux) 816 817static Bool in_same_fn ( Addr a1, Addr a2 ) 818{ 819# define M_VG_ERRTXT 500 820 HChar buf_a1[M_VG_ERRTXT], buf_a2[M_VG_ERRTXT]; 821 /* The following conditional looks grossly inefficient and 822 surely could be majorly improved, with not much effort. */ 823 if (VG_(get_fnname_raw) (a1, buf_a1, M_VG_ERRTXT)) 824 if (VG_(get_fnname_raw) (a2, buf_a2, M_VG_ERRTXT)) 825 if (VG_(strncmp)(buf_a1, buf_a2, M_VG_ERRTXT)) 826 return True; 827# undef M_VG_ERRTXT 828 return False; 829} 830 831static Bool in_same_page ( Addr a1, Addr a2 ) { 832 return (a1 & ~0xFFF) == (a2 & ~0xFFF); 833} 834 835static Addr abs_diff ( Addr a1, Addr a2 ) { 836 return (Addr)(a1 > a2 ? a1 - a2 : a2 - a1); 837} 838 839static Bool has_XT_perms ( Addr a ) 840{ 841 NSegment const* seg = VG_(am_find_nsegment)(a); 842 return seg && seg->hasX && seg->hasT; 843} 844 845static Bool looks_like_Thumb_call32 ( UShort w0, UShort w1 ) 846{ 847 if (0) 848 VG_(printf)("isT32call %04x %04x\n", (UInt)w0, (UInt)w1); 849 // BL simm26 850 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True; 851 // BLX simm26 852 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True; 853 return False; 854} 855 856static Bool looks_like_Thumb_call16 ( UShort w0 ) 857{ 858 return False; 859} 860 861static Bool looks_like_ARM_call ( UInt a0 ) 862{ 863 if (0) 864 VG_(printf)("isA32call %08x\n", a0); 865 // Leading E forces unconditional only -- fix 866 if ((a0 & 0xFF000000) == 0xEB000000) return True; 867 return False; 868} 869 870static Bool looks_like_RA ( Addr ra ) 871{ 872 /* 'ra' is a plausible return address if it points to 873 an instruction after a call insn. */ 874 Bool isT = (ra & 1); 875 if (isT) { 876 // returning to Thumb code 877 ra &= ~1; 878 ra -= 4; 879 if (has_XT_perms(ra)) { 880 UShort w0 = *(UShort*)ra; 881 UShort w1 = in_same_page(ra, ra+2) ? *(UShort*)(ra+2) : 0; 882 if (looks_like_Thumb_call16(w1) || looks_like_Thumb_call32(w0,w1)) 883 return True; 884 } 885 } else { 886 // ARM 887 ra &= ~3; 888 ra -= 4; 889 if (has_XT_perms(ra)) { 890 UInt a0 = *(UInt*)ra; 891 if (looks_like_ARM_call(a0)) 892 return True; 893 } 894 } 895 return False; 896} 897 898UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 899 /*OUT*/Addr* ips, UInt max_n_ips, 900 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 901 UnwindStartRegs* startRegs, 902 Addr fp_max_orig ) 903{ 904 Bool debug = False; 905 Int i; 906 Addr fp_max; 907 UInt n_found = 0; 908 const Int cmrf = VG_(clo_merge_recursive_frames); 909 910 vg_assert(sizeof(Addr) == sizeof(UWord)); 911 vg_assert(sizeof(Addr) == sizeof(void*)); 912 913 D3UnwindRegs uregs; 914 uregs.r15 = startRegs->r_pc & 0xFFFFFFFE; 915 uregs.r14 = startRegs->misc.ARM.r14; 916 uregs.r13 = startRegs->r_sp; 917 uregs.r12 = startRegs->misc.ARM.r12; 918 uregs.r11 = startRegs->misc.ARM.r11; 919 uregs.r7 = startRegs->misc.ARM.r7; 920 Addr fp_min = uregs.r13; 921 922 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 923 stopping when the trail goes cold, which we guess to be 924 when FP is not a reasonable stack location. */ 925 926 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 927 // current page, at least. Dunno if it helps. 928 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 929 fp_max = VG_PGROUNDUP(fp_max_orig); 930 if (fp_max >= sizeof(Addr)) 931 fp_max -= sizeof(Addr); 932 933 if (debug) 934 VG_(printf)("\nmax_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 935 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n", 936 max_n_ips, fp_min, fp_max_orig, fp_max, 937 uregs.r15, uregs.r13); 938 939 /* Assertion broken before main() is reached in pthreaded programs; the 940 * offending stack traces only have one item. --njn, 2002-aug-16 */ 941 /* vg_assert(fp_min <= fp_max);*/ 942 // On Darwin, this kicks in for pthread-related stack traces, so they're 943 // only 1 entry long which is wrong. 944 if (fp_min + 512 >= fp_max) { 945 /* If the stack limits look bogus, don't poke around ... but 946 don't bomb out either. */ 947 if (sps) sps[0] = uregs.r13; 948 if (fps) fps[0] = 0; 949 ips[0] = uregs.r15; 950 return 1; 951 } 952 953 /* */ 954 955 if (sps) sps[0] = uregs.r13; 956 if (fps) fps[0] = 0; 957 ips[0] = uregs.r15; 958 i = 1; 959 960 /* Loop unwinding the stack. */ 961 Bool do_stack_scan = False; 962 963 /* First try the Official Way, using Dwarf CFI. */ 964 while (True) { 965 if (debug) { 966 VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n", 967 i, uregs.r15, uregs.r13); 968 } 969 970 if (i >= max_n_ips) 971 break; 972 973 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 974 if (sps) sps[i] = uregs.r13; 975 if (fps) fps[i] = 0; 976 ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1; 977 if (debug) 978 VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n", 979 uregs.r15, uregs.r13); 980 uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1; 981 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 982 continue; 983 } 984 985 /* No luck. We have to give up. */ 986 do_stack_scan = True; 987 break; 988 } 989 990 /* Now try Plan B (maybe) -- stack scanning. This often gives 991 pretty bad results, so this has to be enabled explicitly by the 992 user. */ 993 if (do_stack_scan 994 && i < max_n_ips && i < (Int)VG_(clo_unw_stack_scan_thresh)) { 995 Int nByStackScan = 0; 996 Addr lr = uregs.r14; 997 Addr sp = uregs.r13 & ~3; 998 Addr pc = uregs.r15; 999 // First see if LR contains 1000 // something that could be a valid return address. 1001 if (!in_same_fn(lr, pc) && looks_like_RA(lr)) { 1002 // take it only if 'cand' isn't obviously a duplicate 1003 // of the last found IP value 1004 Addr cand = (lr & 0xFFFFFFFE) - 1; 1005 if (abs_diff(cand, ips[i-1]) > 1) { 1006 if (sps) sps[i] = 0; 1007 if (fps) fps[i] = 0; 1008 ips[i++] = cand; 1009 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 1010 nByStackScan++; 1011 } 1012 } 1013 while (in_same_page(sp, uregs.r13)) { 1014 if (i >= max_n_ips) 1015 break; 1016 // we're in the same page; fairly safe to keep going 1017 UWord w = *(UWord*)(sp & ~0x3); 1018 if (looks_like_RA(w)) { 1019 Addr cand = (w & 0xFFFFFFFE) - 1; 1020 // take it only if 'cand' isn't obviously a duplicate 1021 // of the last found IP value 1022 if (abs_diff(cand, ips[i-1]) > 1) { 1023 if (sps) sps[i] = 0; 1024 if (fps) fps[i] = 0; 1025 ips[i++] = cand; 1026 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 1027 if (++nByStackScan >= VG_(clo_unw_stack_scan_frames)) break; 1028 } 1029 } 1030 sp += 4; 1031 } 1032 } 1033 1034 n_found = i; 1035 return n_found; 1036} 1037 1038#endif 1039 1040/* ------------------------ arm64 ------------------------- */ 1041 1042#if defined(VGP_arm64_linux) 1043 1044UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 1045 /*OUT*/Addr* ips, UInt max_n_ips, 1046 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 1047 UnwindStartRegs* startRegs, 1048 Addr fp_max_orig ) 1049{ 1050 Bool debug = False; 1051 Int i; 1052 Addr fp_max; 1053 UInt n_found = 0; 1054 const Int cmrf = VG_(clo_merge_recursive_frames); 1055 1056 vg_assert(sizeof(Addr) == sizeof(UWord)); 1057 vg_assert(sizeof(Addr) == sizeof(void*)); 1058 1059 D3UnwindRegs uregs; 1060 uregs.pc = startRegs->r_pc; 1061 uregs.sp = startRegs->r_sp; 1062 uregs.x30 = startRegs->misc.ARM64.x30; 1063 uregs.x29 = startRegs->misc.ARM64.x29; 1064 Addr fp_min = uregs.sp; 1065 1066 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 1067 stopping when the trail goes cold, which we guess to be 1068 when FP is not a reasonable stack location. */ 1069 1070 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 1071 // current page, at least. Dunno if it helps. 1072 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 1073 fp_max = VG_PGROUNDUP(fp_max_orig); 1074 if (fp_max >= sizeof(Addr)) 1075 fp_max -= sizeof(Addr); 1076 1077 if (debug) 1078 VG_(printf)("\nmax_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 1079 "fp_max=0x%lx PC=0x%lx SP=0x%lx\n", 1080 max_n_ips, fp_min, fp_max_orig, fp_max, 1081 uregs.pc, uregs.sp); 1082 1083 /* Assertion broken before main() is reached in pthreaded programs; the 1084 * offending stack traces only have one item. --njn, 2002-aug-16 */ 1085 /* vg_assert(fp_min <= fp_max);*/ 1086 // On Darwin, this kicks in for pthread-related stack traces, so they're 1087 // only 1 entry long which is wrong. 1088 if (fp_min + 512 >= fp_max) { 1089 /* If the stack limits look bogus, don't poke around ... but 1090 don't bomb out either. */ 1091 if (sps) sps[0] = uregs.sp; 1092 if (fps) fps[0] = uregs.x29; 1093 ips[0] = uregs.pc; 1094 return 1; 1095 } 1096 1097 /* */ 1098 1099 if (sps) sps[0] = uregs.sp; 1100 if (fps) fps[0] = uregs.x29; 1101 ips[0] = uregs.pc; 1102 i = 1; 1103 1104 /* Loop unwinding the stack, using CFI. */ 1105 while (True) { 1106 if (debug) { 1107 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx\n", 1108 i, uregs.pc, uregs.sp); 1109 } 1110 1111 if (i >= max_n_ips) 1112 break; 1113 1114 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 1115 if (sps) sps[i] = uregs.sp; 1116 if (fps) fps[i] = uregs.x29; 1117 ips[i++] = uregs.pc - 1; 1118 if (debug) 1119 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx\n", 1120 uregs.pc, uregs.sp); 1121 uregs.pc = uregs.pc - 1; 1122 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 1123 continue; 1124 } 1125 1126 /* No luck. We have to give up. */ 1127 break; 1128 } 1129 1130 n_found = i; 1131 return n_found; 1132} 1133 1134#endif 1135 1136/* ------------------------ s390x ------------------------- */ 1137 1138#if defined(VGP_s390x_linux) 1139 1140UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 1141 /*OUT*/Addr* ips, UInt max_n_ips, 1142 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 1143 UnwindStartRegs* startRegs, 1144 Addr fp_max_orig ) 1145{ 1146 Bool debug = False; 1147 Int i; 1148 Addr fp_max; 1149 UInt n_found = 0; 1150 const Int cmrf = VG_(clo_merge_recursive_frames); 1151 1152 vg_assert(sizeof(Addr) == sizeof(UWord)); 1153 vg_assert(sizeof(Addr) == sizeof(void*)); 1154 1155 D3UnwindRegs uregs; 1156 uregs.ia = startRegs->r_pc; 1157 uregs.sp = startRegs->r_sp; 1158 Addr fp_min = uregs.sp; 1159 uregs.fp = startRegs->misc.S390X.r_fp; 1160 uregs.lr = startRegs->misc.S390X.r_lr; 1161 1162 fp_max = VG_PGROUNDUP(fp_max_orig); 1163 if (fp_max >= sizeof(Addr)) 1164 fp_max -= sizeof(Addr); 1165 1166 if (debug) 1167 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 1168 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n", 1169 max_n_ips, fp_min, fp_max_orig, fp_max, 1170 uregs.ia, uregs.sp,uregs.fp); 1171 1172 /* The first frame is pretty obvious */ 1173 ips[0] = uregs.ia; 1174 if (sps) sps[0] = uregs.sp; 1175 if (fps) fps[0] = uregs.fp; 1176 i = 1; 1177 1178 /* for everything else we have to rely on the eh_frame. gcc defaults to 1179 not create a backchain and all the other tools (like gdb) also have 1180 to use the CFI. */ 1181 while (True) { 1182 if (i >= max_n_ips) 1183 break; 1184 1185 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 1186 if (sps) sps[i] = uregs.sp; 1187 if (fps) fps[i] = uregs.fp; 1188 ips[i++] = uregs.ia - 1; 1189 uregs.ia = uregs.ia - 1; 1190 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 1191 continue; 1192 } 1193 /* A problem on the first frame? Lets assume it was a bad jump. 1194 We will use the link register and the current stack and frame 1195 pointers and see if we can use the CFI in the next round. */ 1196 if (i == 1) { 1197 if (sps) { 1198 sps[i] = sps[0]; 1199 uregs.sp = sps[0]; 1200 } 1201 if (fps) { 1202 fps[i] = fps[0]; 1203 uregs.fp = fps[0]; 1204 } 1205 uregs.ia = uregs.lr - 1; 1206 ips[i++] = uregs.lr - 1; 1207 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 1208 continue; 1209 } 1210 1211 /* No luck. We have to give up. */ 1212 break; 1213 } 1214 1215 n_found = i; 1216 return n_found; 1217} 1218 1219#endif 1220 1221/* ------------------------ mips 32/64 ------------------------- */ 1222#if defined(VGP_mips32_linux) || defined(VGP_mips64_linux) 1223UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 1224 /*OUT*/Addr* ips, UInt max_n_ips, 1225 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 1226 UnwindStartRegs* startRegs, 1227 Addr fp_max_orig ) 1228{ 1229 Bool debug = False; 1230 Int i; 1231 Addr fp_max; 1232 UInt n_found = 0; 1233 const Int cmrf = VG_(clo_merge_recursive_frames); 1234 1235 vg_assert(sizeof(Addr) == sizeof(UWord)); 1236 vg_assert(sizeof(Addr) == sizeof(void*)); 1237 1238 D3UnwindRegs uregs; 1239 uregs.pc = startRegs->r_pc; 1240 uregs.sp = startRegs->r_sp; 1241 Addr fp_min = uregs.sp; 1242 1243#if defined(VGP_mips32_linux) 1244 uregs.fp = startRegs->misc.MIPS32.r30; 1245 uregs.ra = startRegs->misc.MIPS32.r31; 1246#elif defined(VGP_mips64_linux) 1247 uregs.fp = startRegs->misc.MIPS64.r30; 1248 uregs.ra = startRegs->misc.MIPS64.r31; 1249#endif 1250 1251 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 1252 stopping when the trail goes cold, which we guess to be 1253 when FP is not a reasonable stack location. */ 1254 1255 fp_max = VG_PGROUNDUP(fp_max_orig); 1256 if (fp_max >= sizeof(Addr)) 1257 fp_max -= sizeof(Addr); 1258 1259 if (debug) 1260 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 1261 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n", 1262 max_n_ips, fp_min, fp_max_orig, fp_max, 1263 uregs.pc, uregs.sp, uregs.fp); 1264 1265 if (sps) sps[0] = uregs.sp; 1266 if (fps) fps[0] = uregs.fp; 1267 ips[0] = uregs.pc; 1268 i = 1; 1269 1270 /* Loop unwinding the stack. */ 1271 1272 while (True) { 1273 if (debug) { 1274 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n", 1275 i, uregs.pc, uregs.sp, uregs.ra); 1276 } 1277 if (i >= max_n_ips) 1278 break; 1279 1280 D3UnwindRegs uregs_copy = uregs; 1281 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 1282 if (debug) 1283 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n", 1284 uregs.pc, uregs.sp, uregs.ra); 1285 if (0 != uregs.pc && 1 != uregs.pc) { 1286 if (sps) sps[i] = uregs.sp; 1287 if (fps) fps[i] = uregs.fp; 1288 ips[i++] = uregs.pc - 4; 1289 uregs.pc = uregs.pc - 4; 1290 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 1291 continue; 1292 } else 1293 uregs = uregs_copy; 1294 } 1295 1296 int seen_sp_adjust = 0; 1297 long frame_offset = 0; 1298 PtrdiffT offset; 1299 if (VG_(get_inst_offset_in_function)(uregs.pc, &offset)) { 1300 Addr start_pc = uregs.pc - offset; 1301 Addr limit_pc = uregs.pc; 1302 Addr cur_pc; 1303 for (cur_pc = start_pc; cur_pc < limit_pc; cur_pc += 4) { 1304 unsigned long inst, high_word, low_word; 1305 unsigned long * cur_inst; 1306 /* Fetch the instruction. */ 1307 cur_inst = (unsigned long *)cur_pc; 1308 inst = *((UInt *) cur_inst); 1309 if(debug) 1310 VG_(printf)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc, inst); 1311 1312 /* Save some code by pre-extracting some useful fields. */ 1313 high_word = (inst >> 16) & 0xffff; 1314 low_word = inst & 0xffff; 1315 1316 if (high_word == 0x27bd /* addiu $sp,$sp,-i */ 1317 || high_word == 0x23bd /* addi $sp,$sp,-i */ 1318 || high_word == 0x67bd) { /* daddiu $sp,$sp,-i */ 1319 if (low_word & 0x8000) /* negative stack adjustment? */ 1320 frame_offset += 0x10000 - low_word; 1321 else 1322 /* Exit loop if a positive stack adjustment is found, which 1323 usually means that the stack cleanup code in the function 1324 epilogue is reached. */ 1325 break; 1326 seen_sp_adjust = 1; 1327 } 1328 } 1329 if(debug) 1330 VG_(printf)("offset: 0x%lx\n", frame_offset); 1331 } 1332 if (seen_sp_adjust) { 1333 if (0 == uregs.pc || 1 == uregs.pc) break; 1334 if (uregs.pc == uregs.ra - 8) break; 1335 if (sps) { 1336 sps[i] = uregs.sp + frame_offset; 1337 } 1338 uregs.sp = uregs.sp + frame_offset; 1339 1340 if (fps) { 1341 fps[i] = fps[0]; 1342 uregs.fp = fps[0]; 1343 } 1344 if (0 == uregs.ra || 1 == uregs.ra) break; 1345 uregs.pc = uregs.ra - 8; 1346 ips[i++] = uregs.ra - 8; 1347 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 1348 continue; 1349 } 1350 1351 if (i == 1) { 1352 if (sps) { 1353 sps[i] = sps[0]; 1354 uregs.sp = sps[0]; 1355 } 1356 if (fps) { 1357 fps[i] = fps[0]; 1358 uregs.fp = fps[0]; 1359 } 1360 if (0 == uregs.ra || 1 == uregs.ra) break; 1361 uregs.pc = uregs.ra - 8; 1362 ips[i++] = uregs.ra - 8; 1363 if (UNLIKELY(cmrf > 0)) {RECURSIVE_MERGE(cmrf,ips,i);}; 1364 continue; 1365 } 1366 /* No luck. We have to give up. */ 1367 break; 1368 } 1369 1370 n_found = i; 1371 return n_found; 1372} 1373 1374#endif 1375 1376 1377/*------------------------------------------------------------*/ 1378/*--- ---*/ 1379/*--- END platform-dependent unwinder worker functions ---*/ 1380/*--- ---*/ 1381/*------------------------------------------------------------*/ 1382 1383/*------------------------------------------------------------*/ 1384/*--- Exported functions. ---*/ 1385/*------------------------------------------------------------*/ 1386 1387UInt VG_(get_StackTrace) ( ThreadId tid, 1388 /*OUT*/StackTrace ips, UInt max_n_ips, 1389 /*OUT*/StackTrace sps, 1390 /*OUT*/StackTrace fps, 1391 Word first_ip_delta ) 1392{ 1393 /* Get the register values with which to start the unwind. */ 1394 UnwindStartRegs startRegs; 1395 VG_(memset)( &startRegs, 0, sizeof(startRegs) ); 1396 VG_(get_UnwindStartRegs)( &startRegs, tid ); 1397 1398 Addr stack_highest_byte = VG_(threads)[tid].client_stack_highest_byte; 1399 Addr stack_lowest_byte = 0; 1400 1401# if defined(VGP_x86_linux) 1402 /* Nasty little hack to deal with syscalls - if libc is using its 1403 _dl_sysinfo_int80 function for syscalls (the TLS version does), 1404 then ip will always appear to be in that function when doing a 1405 syscall, not the actual libc function doing the syscall. This 1406 check sees if IP is within that function, and pops the return 1407 address off the stack so that ip is placed within the library 1408 function calling the syscall. This makes stack backtraces much 1409 more useful. 1410 1411 The function is assumed to look like this (from glibc-2.3.6 sources): 1412 _dl_sysinfo_int80: 1413 int $0x80 1414 ret 1415 That is 3 (2+1) bytes long. We could be more thorough and check 1416 the 3 bytes of the function are as expected, but I can't be 1417 bothered. 1418 */ 1419 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */ 1420 && startRegs.r_pc >= VG_(client__dl_sysinfo_int80) 1421 && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3 1422 && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr), 1423 VKI_PROT_READ)) { 1424 startRegs.r_pc = (ULong) *(Addr*)(UWord)startRegs.r_sp; 1425 startRegs.r_sp += (ULong) sizeof(Addr); 1426 } 1427# endif 1428 1429 /* See if we can get a better idea of the stack limits */ 1430 VG_(stack_limits)( (Addr)startRegs.r_sp, 1431 &stack_lowest_byte, &stack_highest_byte ); 1432 1433 /* Take into account the first_ip_delta. */ 1434 startRegs.r_pc += (Long)(Word)first_ip_delta; 1435 1436 if (0) 1437 VG_(printf)("tid %d: stack_highest=0x%08lx ip=0x%010llx " 1438 "sp=0x%010llx\n", 1439 tid, stack_highest_byte, 1440 startRegs.r_pc, startRegs.r_sp); 1441 1442 return VG_(get_StackTrace_wrk)(tid, ips, max_n_ips, 1443 sps, fps, 1444 &startRegs, 1445 stack_highest_byte); 1446} 1447 1448static void printIpDesc(UInt n, Addr ip, void* uu_opaque) 1449{ 1450 #define BUF_LEN 4096 1451 1452 static HChar buf[BUF_LEN]; 1453 1454 InlIPCursor *iipc = VG_(new_IIPC)(ip); 1455 1456 do { 1457 VG_(describe_IP)(ip, buf, BUF_LEN, iipc); 1458 if (VG_(clo_xml)) { 1459 VG_(printf_xml)(" %s\n", buf); 1460 } else { 1461 VG_(message)(Vg_UserMsg, " %s %s\n", 1462 ( n == 0 ? "at" : "by" ), buf); 1463 } 1464 n++; 1465 // Increase n to show "at" for only one level. 1466 } while (VG_(next_IIPC)(iipc)); 1467 VG_(delete_IIPC)(iipc); 1468} 1469 1470/* Print a StackTrace. */ 1471void VG_(pp_StackTrace) ( StackTrace ips, UInt n_ips ) 1472{ 1473 vg_assert( n_ips > 0 ); 1474 1475 if (VG_(clo_xml)) 1476 VG_(printf_xml)(" <stack>\n"); 1477 1478 VG_(apply_StackTrace)( printIpDesc, NULL, ips, n_ips ); 1479 1480 if (VG_(clo_xml)) 1481 VG_(printf_xml)(" </stack>\n"); 1482} 1483 1484/* Get and immediately print a StackTrace. */ 1485void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips ) 1486{ 1487 Addr ips[max_n_ips]; 1488 UInt n_ips 1489 = VG_(get_StackTrace)(tid, ips, max_n_ips, 1490 NULL/*array to dump SP values in*/, 1491 NULL/*array to dump FP values in*/, 1492 0/*first_ip_delta*/); 1493 VG_(pp_StackTrace)(ips, n_ips); 1494} 1495 1496void VG_(apply_StackTrace)( 1497 void(*action)(UInt n, Addr ip, void* opaque), 1498 void* opaque, 1499 StackTrace ips, UInt n_ips 1500 ) 1501{ 1502 Bool main_done = False; 1503 Int i = 0; 1504 1505 vg_assert(n_ips > 0); 1506 do { 1507 Addr ip = ips[i]; 1508 1509 // Stop after the first appearance of "main" or one of the other names 1510 // (the appearance of which is a pretty good sign that we've gone past 1511 // main without seeing it, for whatever reason) 1512 if ( ! VG_(clo_show_below_main) ) { 1513 Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ip); 1514 if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind) { 1515 main_done = True; 1516 } 1517 } 1518 1519 // Act on the ip 1520 action(i, ip, opaque); 1521 1522 i++; 1523 } while (i < n_ips && !main_done); 1524} 1525 1526 1527/*--------------------------------------------------------------------*/ 1528/*--- end ---*/ 1529/*--------------------------------------------------------------------*/ 1530