m_stacktrace.c revision 4d474d086188fd1f29fa97dbd84d8ea2e589a9b8
1 2/*--------------------------------------------------------------------*/ 3/*--- Take snapshots of client stacks. m_stacktrace.c ---*/ 4/*--------------------------------------------------------------------*/ 5 6/* 7 This file is part of Valgrind, a dynamic binary instrumentation 8 framework. 9 10 Copyright (C) 2000-2008 Julian Seward 11 jseward@acm.org 12 13 This program is free software; you can redistribute it and/or 14 modify it under the terms of the GNU General Public License as 15 published by the Free Software Foundation; either version 2 of the 16 License, or (at your option) any later version. 17 18 This program is distributed in the hope that it will be useful, but 19 WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with this program; if not, write to the Free Software 25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 26 02111-1307, USA. 27 28 The GNU General Public License is contained in the file COPYING. 29*/ 30 31#include "pub_core_basics.h" 32#include "pub_core_vki.h" 33#include "pub_core_threadstate.h" 34#include "pub_core_debuginfo.h" 35#include "pub_core_aspacemgr.h" // For VG_(is_addressable)() 36#include "pub_core_libcbase.h" 37#include "pub_core_libcassert.h" 38#include "pub_core_libcprint.h" 39#include "pub_core_machine.h" 40#include "pub_core_options.h" 41#include "pub_core_stacks.h" // VG_(stack_limits) 42#include "pub_core_stacktrace.h" 43#include "pub_core_xarray.h" 44#include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80) 45#include "pub_core_trampoline.h" 46 47/*------------------------------------------------------------*/ 48/*--- Exported functions. ---*/ 49/*------------------------------------------------------------*/ 50 51/* Take a snapshot of the client's stack, putting the up to 'n_ips' 52 IPs into 'ips'. In order to be thread-safe, we pass in the 53 thread's IP SP, FP if that's meaningful, and LR if that's 54 meaningful. Returns number of IPs put in 'ips'. 55 56 If you know what the thread ID for this stack is, send that as the 57 first parameter, else send zero. This helps generate better stack 58 traces on ppc64-linux and has no effect on other platforms. 59*/ 60UInt VG_(get_StackTrace2) ( ThreadId tid_if_known, 61 Addr* ips, UInt n_ips, 62 Addr ip, Addr sp, Addr fp, Addr lr, 63 Addr fp_min, Addr fp_max_orig ) 64{ 65# if defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux) \ 66 || defined(VGP_ppc32_aix5) \ 67 || defined(VGP_ppc64_aix5) 68 Bool lr_is_first_RA = False; 69# endif 70# if defined(VGP_ppc64_linux) || defined(VGP_ppc64_aix5) \ 71 || defined(VGP_ppc32_aix5) 72 Word redir_stack_size = 0; 73 Word redirs_used = 0; 74# endif 75 76 Bool debug = False; 77 Int i; 78 Addr fp_max; 79 UInt n_found = 0; 80 81 vg_assert(sizeof(Addr) == sizeof(UWord)); 82 vg_assert(sizeof(Addr) == sizeof(void*)); 83 84 /* Snaffle IPs from the client's stack into ips[0 .. n_ips-1], 85 stopping when the trail goes cold, which we guess to be 86 when FP is not a reasonable stack location. */ 87 88 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 89 // current page, at least. Dunno if it helps. 90 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 91 fp_max = VG_PGROUNDUP(fp_max_orig); 92 fp_max -= sizeof(Addr); 93 94 if (debug) 95 VG_(printf)("n_ips=%d fp_min=%p fp_max_orig=%p, fp_max=%p ip=%p fp=%p\n", 96 n_ips, fp_min, fp_max_orig, fp_max, ip, fp); 97 98 /* Assertion broken before main() is reached in pthreaded programs; the 99 * offending stack traces only have one item. --njn, 2002-aug-16 */ 100 /* vg_assert(fp_min <= fp_max);*/ 101 if (fp_min + 512 >= fp_max) { 102 /* If the stack limits look bogus, don't poke around ... but 103 don't bomb out either. */ 104 ips[0] = ip; 105 return 1; 106 } 107 108 /* Otherwise unwind the stack in a platform-specific way. Trying 109 to merge the x86, amd64, ppc32 and ppc64 logic into a single 110 piece of code is just too confusing and difficult to 111 performance-tune. */ 112 113# if defined(VGP_x86_linux) 114 115 /*--------------------- x86 ---------------------*/ 116 117 /* fp is %ebp. sp is %esp. ip is %eip. */ 118 119 ips[0] = ip; 120 i = 1; 121 122 /* Loop unwinding the stack. Note that the IP value we get on 123 * each pass (whether from CFI info or a stack frame) is a 124 * return address so is actually after the calling instruction 125 * in the calling function. 126 * 127 * Because of this we subtract one from the IP after each pass 128 * of the loop so that we find the right CFI block on the next 129 * pass - otherwise we can find the wrong CFI info if it happens 130 * to change after the calling instruction and that will mean 131 * that we will fail to unwind the next step. 132 * 133 * This most frequently happens at the end of a function when 134 * a tail call occurs and we wind up using the CFI info for the 135 * next function which is completely wrong. 136 */ 137 while (True) { 138 139 if (i >= n_ips) 140 break; 141 142 /* Try to derive a new (ip,sp,fp) triple from the current 143 set. */ 144 145 /* On x86, first try the old-fashioned method of following the 146 %ebp-chain. Code which doesn't use this (that is, compiled 147 with -fomit-frame-pointer) is not ABI compliant and so 148 relatively rare. Besides, trying the CFI first almost always 149 fails, and is expensive. */ 150 /* Deal with frames resulting from functions which begin "pushl% 151 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */ 152 if (fp_min <= fp && fp <= fp_max) { 153 /* fp looks sane, so use it. */ 154 ip = (((UWord*)fp)[1]); 155 sp = fp + sizeof(Addr) /*saved %ebp*/ 156 + sizeof(Addr) /*ra*/; 157 fp = (((UWord*)fp)[0]); 158 ips[i++] = ip; 159 if (debug) 160 VG_(printf)(" ipsF[%d]=0x%08lx\n", i-1, ips[i-1]); 161 ip = ip - 1; 162 continue; 163 } 164 165 /* That didn't work out, so see if there is any CF info to hand 166 which can be used. */ 167 if ( VG_(use_CF_info)( &ip, &sp, &fp, fp_min, fp_max ) ) { 168 ips[i++] = ip; 169 if (debug) 170 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]); 171 ip = ip - 1; 172 continue; 173 } 174 175 /* No luck. We have to give up. */ 176 break; 177 } 178 179# elif defined(VGP_amd64_linux) 180 181 /*--------------------- amd64 ---------------------*/ 182 183 /* fp is %rbp. sp is %rsp. ip is %rip. */ 184 185 ips[0] = ip; 186 i = 1; 187 188 /* Loop unwinding the stack. Note that the IP value we get on 189 * each pass (whether from CFI info or a stack frame) is a 190 * return address so is actually after the calling instruction 191 * in the calling function. 192 * 193 * Because of this we subtract one from the IP after each pass 194 * of the loop so that we find the right CFI block on the next 195 * pass - otherwise we can find the wrong CFI info if it happens 196 * to change after the calling instruction and that will mean 197 * that we will fail to unwind the next step. 198 * 199 * This most frequently happens at the end of a function when 200 * a tail call occurs and we wind up using the CFI info for the 201 * next function which is completely wrong. 202 */ 203 while (True) { 204 205 if (i >= n_ips) 206 break; 207 208 /* Try to derive a new (ip,sp,fp) triple from the current 209 set. */ 210 211 /* First off, see if there is any CFI info to hand which can 212 be used. */ 213 if ( VG_(use_CF_info)( &ip, &sp, &fp, fp_min, fp_max ) ) { 214 ips[i++] = ip; 215 if (debug) 216 VG_(printf)(" ipsC[%d]=%08p\n", i-1, ips[i-1]); 217 ip = ip - 1; 218 continue; 219 } 220 221 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so 222 we can safely try the old-fashioned method. */ 223 /* This bit is supposed to deal with frames resulting from 224 functions which begin "pushq %rbp ; movq %rsp, %rbp". 225 Unfortunately, since we can't (easily) look at the insns at 226 the start of the fn, like GDB does, there's no reliable way 227 to tell. Hence the hack of first trying out CFI, and if that 228 fails, then use this as a fallback. */ 229 if (fp_min <= fp && fp <= fp_max) { 230 /* fp looks sane, so use it. */ 231 ip = (((UWord*)fp)[1]); 232 sp = fp + sizeof(Addr) /*saved %rbp*/ 233 + sizeof(Addr) /*ra*/; 234 fp = (((UWord*)fp)[0]); 235 ips[i++] = ip; 236 if (debug) 237 VG_(printf)(" ipsF[%d]=%08p\n", i-1, ips[i-1]); 238 ip = ip - 1; 239 continue; 240 } 241 242 /* Last-ditch hack (evidently GDB does something similar). We 243 are in the middle of nowhere and we have a nonsense value for 244 the frame pointer. If the stack pointer is still valid, 245 assume that what it points at is a return address. Yes, 246 desperate measures. Could do better here: 247 - check that the supposed return address is in 248 an executable page 249 - check that the supposed return address is just after a call insn 250 - given those two checks, don't just consider *sp as the return 251 address; instead scan a likely section of stack (eg sp .. sp+256) 252 and use suitable values found there. 253 */ 254 if (fp_min <= sp && sp < fp_max) { 255 ip = ((UWord*)sp)[0]; 256 ips[i++] = ip; 257 if (debug) 258 VG_(printf)(" ipsH[%d]=%08p\n", i-1, ips[i-1]); 259 ip = ip - 1; 260 sp += 8; 261 continue; 262 } 263 264 /* No luck at all. We have to give up. */ 265 break; 266 } 267 268# elif defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux) \ 269 || defined(VGP_ppc32_aix5) || defined(VGP_ppc64_aix5) 270 271 /*--------------------- ppc32/64 ---------------------*/ 272 273 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and 274 frame pointers. */ 275 276# if defined(VGP_ppc64_linux) || defined(VGP_ppc64_aix5) 277 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE; 278 redirs_used = 0; 279# elif defined(VGP_ppc32_aix5) 280 redir_stack_size = VEX_GUEST_PPC32_REDIR_STACK_SIZE; 281 redirs_used = 0; 282# endif 283 284# if defined(VG_PLAT_USES_PPCTOC) 285 /* Deal with bogus LR values caused by function 286 interception/wrapping on ppc-TOC platforms; see comment on 287 similar code a few lines further down. */ 288 if (ULong_to_Ptr(lr) == (void*)&VG_(ppctoc_magic_redirect_return_stub) 289 && VG_(is_valid_tid)(tid_if_known)) { 290 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP; 291 redirs_used++; 292 if (hsp >= 1 && hsp < redir_stack_size) 293 lr = VG_(threads)[tid_if_known] 294 .arch.vex.guest_REDIR_STACK[hsp-1]; 295 } 296# endif 297 298 /* We have to determine whether or not LR currently holds this fn 299 (call it F)'s return address. It might not if F has previously 300 called some other function, hence overwriting LR with a pointer 301 to some part of F. Hence if LR and IP point to the same 302 function then we conclude LR does not hold this function's 303 return address; instead the LR at entry must have been saved in 304 the stack by F's prologue and so we must get it from there 305 instead. Note all this guff only applies to the innermost 306 frame. */ 307 lr_is_first_RA = False; 308 { 309# define M_VG_ERRTXT 1000 310 UChar buf_lr[M_VG_ERRTXT], buf_ip[M_VG_ERRTXT]; 311 if (VG_(get_fnname_nodemangle) (lr, buf_lr, M_VG_ERRTXT)) 312 if (VG_(get_fnname_nodemangle) (ip, buf_ip, M_VG_ERRTXT)) 313 if (VG_(strncmp)(buf_lr, buf_ip, M_VG_ERRTXT)) 314 lr_is_first_RA = True; 315# undef M_VG_ERRTXT 316 } 317 318 ips[0] = ip; 319 i = 1; 320 321 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) { 322 323 /* initial FP is sane; keep going */ 324 fp = (((UWord*)fp)[0]); 325 326 while (True) { 327 328 /* On ppc64-linux (ppc64-elf, really), and on AIX, the lr save 329 slot is 2 words back from sp, whereas on ppc32-elf(?) it's 330 only one word back. */ 331# if defined(VGP_ppc64_linux) \ 332 || defined(VGP_ppc32_aix5) || defined(VGP_ppc64_aix5) 333 const Int lr_offset = 2; 334# else 335 const Int lr_offset = 1; 336# endif 337 338 if (i >= n_ips) 339 break; 340 341 /* Try to derive a new (ip,fp) pair from the current set. */ 342 343 if (fp_min <= fp && fp <= fp_max) { 344 /* fp looks sane, so use it. */ 345 346 if (i == 1 && lr_is_first_RA) 347 ip = lr; 348 else 349 ip = (((UWord*)fp)[lr_offset]); 350 351# if defined(VG_PLAT_USES_PPCTOC) 352 /* Nasty hack to do with function replacement/wrapping on 353 ppc64-linux/ppc64-aix/ppc32-aix. If LR points to our 354 magic return stub, then we are in a wrapped or 355 intercepted function, in which LR has been messed with. 356 The original LR will have been pushed onto the thread's 357 hidden REDIR stack one down from the top (top element 358 is the saved R2) and so we should restore the value 359 from there instead. Since nested redirections can and 360 do happen, we keep track of the number of nested LRs 361 used by the unwinding so far with 'redirs_used'. */ 362 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub) 363 && VG_(is_valid_tid)(tid_if_known)) { 364 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP; 365 hsp -= 2 * redirs_used; 366 redirs_used ++; 367 if (hsp >= 1 && hsp < redir_stack_size) 368 ip = VG_(threads)[tid_if_known] 369 .arch.vex.guest_REDIR_STACK[hsp-1]; 370 } 371# endif 372 373 fp = (((UWord*)fp)[0]); 374 ips[i++] = ip; 375 if (debug) 376 VG_(printf)(" ipsF[%d]=%08p\n", i-1, ips[i-1]); 377 continue; 378 } 379 380 /* No luck there. We have to give up. */ 381 break; 382 } 383 } 384 385# else 386# error "Unknown platform" 387# endif 388 389 n_found = i; 390 return n_found; 391} 392 393UInt VG_(get_StackTrace) ( ThreadId tid, StackTrace ips, UInt n_ips, 394 Word first_ip_delta ) 395{ 396 /* thread in thread table */ 397 Addr ip = VG_(get_IP)(tid); 398 Addr fp = VG_(get_FP)(tid); 399 Addr sp = VG_(get_SP)(tid); 400 Addr lr = VG_(get_LR)(tid); 401 Addr stack_highest_word = VG_(threads)[tid].client_stack_highest_word; 402 Addr stack_lowest_word = 0; 403 404# if defined(VGP_x86_linux) 405 /* Nasty little hack to deal with syscalls - if libc is using its 406 _dl_sysinfo_int80 function for syscalls (the TLS version does), 407 then ip will always appear to be in that function when doing a 408 syscall, not the actual libc function doing the syscall. This 409 check sees if IP is within that function, and pops the return 410 address off the stack so that ip is placed within the library 411 function calling the syscall. This makes stack backtraces much 412 more useful. 413 414 The function is assumed to look like this (from glibc-2.3.6 sources): 415 _dl_sysinfo_int80: 416 int $0x80 417 ret 418 That is 3 (2+1) bytes long. We could be more thorough and check 419 the 3 bytes of the function are as expected, but I can't be 420 bothered. 421 */ 422 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */ 423 && ip >= VG_(client__dl_sysinfo_int80) 424 && ip < VG_(client__dl_sysinfo_int80)+3 425 && VG_(am_is_valid_for_client)(sp, sizeof(Addr), VKI_PROT_READ)) { 426 ip = *(Addr *)sp; 427 sp += sizeof(Addr); 428 } 429# endif 430 431 /* See if we can get a better idea of the stack limits */ 432 VG_(stack_limits)(sp, &stack_lowest_word, &stack_highest_word); 433 434 /* Take into account the first_ip_delta. */ 435 vg_assert( sizeof(Addr) == sizeof(Word) ); 436 ip += first_ip_delta; 437 438 if (0) 439 VG_(printf)("tid %d: stack_highest=0x%08lx ip=0x%08lx sp=0x%08lx fp=0x%08lx\n", 440 tid, stack_highest_word, ip, sp, fp); 441 442 return VG_(get_StackTrace2)(tid, ips, n_ips, ip, sp, fp, lr, sp, 443 stack_highest_word); 444} 445 446static void printIpDesc(UInt n, Addr ip) 447{ 448 #define BUF_LEN 4096 449 450 static UChar buf[BUF_LEN]; 451 452 VG_(describe_IP)(ip, buf, BUF_LEN); 453 454 if (VG_(clo_xml)) { 455 VG_(message)(Vg_UserMsg, " %s", buf); 456 } else { 457 VG_(message)(Vg_UserMsg, " %s %s", ( n == 0 ? "at" : "by" ), buf); 458 } 459} 460 461/* Print a StackTrace. */ 462void VG_(pp_StackTrace) ( StackTrace ips, UInt n_ips ) 463{ 464 vg_assert( n_ips > 0 ); 465 466 if (VG_(clo_xml)) 467 VG_(message)(Vg_UserMsg, " <stack>"); 468 469 VG_(apply_StackTrace)( printIpDesc, ips, n_ips ); 470 471 if (VG_(clo_xml)) 472 VG_(message)(Vg_UserMsg, " </stack>"); 473} 474 475/* Get and immediately print a StackTrace. */ 476void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt n_ips ) 477{ 478 Addr ips[n_ips]; 479 UInt n_ips_obtained = VG_(get_StackTrace)(tid, ips, n_ips, 480 0/*first_ip_delta*/); 481 VG_(pp_StackTrace)(ips, n_ips_obtained); 482} 483 484 485void VG_(apply_StackTrace)( void(*action)(UInt n, Addr ip), 486 StackTrace ips, UInt n_ips ) 487{ 488 #define MYBUF_LEN 50 // only needs to be long enough for 489 // the names specially tested for 490 491 Bool main_done = False; 492 Char mybuf[MYBUF_LEN]; // ok to stack allocate mybuf[] -- it's tiny 493 Int i = 0; 494 495 vg_assert(n_ips > 0); 496 do { 497 Addr ip = ips[i]; 498 if (i > 0) 499 ip -= VG_MIN_INSTR_SZB; // point to calling line 500 501 // Stop after the first appearance of "main" or one of the other names 502 // (the appearance of which is a pretty good sign that we've gone past 503 // main without seeing it, for whatever reason) 504 if ( ! VG_(clo_show_below_main)) { 505 VG_(get_fnname_nodemangle)( ip, mybuf, MYBUF_LEN ); 506 mybuf[MYBUF_LEN-1] = 0; // paranoia 507 if ( VG_STREQ("main", mybuf) 508# if defined(VGO_linux) 509 || VG_STREQ("__libc_start_main", mybuf) // glibc glibness 510 || VG_STREQ("generic_start_main", mybuf) // Yellow Dog doggedness 511# endif 512 ) 513 main_done = True; 514 } 515 516 // Act on the ip 517 action(i, ip); 518 519 i++; 520 } while (i < n_ips && ips[i] != 0 && !main_done); 521 522 #undef MYBUF_LEN 523} 524 525 526/*--------------------------------------------------------------------*/ 527/*--- end ---*/ 528/*--------------------------------------------------------------------*/ 529