m_stacktrace.c revision 5db15403e889d4db339b342bc2a824ef0bfaa654
1 2/*--------------------------------------------------------------------*/ 3/*--- Take snapshots of client stacks. m_stacktrace.c ---*/ 4/*--------------------------------------------------------------------*/ 5 6/* 7 This file is part of Valgrind, a dynamic binary instrumentation 8 framework. 9 10 Copyright (C) 2000-2011 Julian Seward 11 jseward@acm.org 12 13 This program is free software; you can redistribute it and/or 14 modify it under the terms of the GNU General Public License as 15 published by the Free Software Foundation; either version 2 of the 16 License, or (at your option) any later version. 17 18 This program is distributed in the hope that it will be useful, but 19 WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with this program; if not, write to the Free Software 25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 26 02111-1307, USA. 27 28 The GNU General Public License is contained in the file COPYING. 29*/ 30 31#include "pub_core_basics.h" 32#include "pub_core_vki.h" 33#include "pub_core_libcsetjmp.h" // to keep _threadstate.h happy 34#include "pub_core_threadstate.h" 35#include "pub_core_debuginfo.h" // XXX: circular dependency 36#include "pub_core_aspacemgr.h" // For VG_(is_addressable)() 37#include "pub_core_libcbase.h" 38#include "pub_core_libcassert.h" 39#include "pub_core_libcprint.h" 40#include "pub_core_machine.h" 41#include "pub_core_options.h" 42#include "pub_core_stacks.h" // VG_(stack_limits) 43#include "pub_core_stacktrace.h" 44#include "pub_core_xarray.h" 45#include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80) 46#include "pub_core_trampoline.h" 47 48 49/*------------------------------------------------------------*/ 50/*--- ---*/ 51/*--- BEGIN platform-dependent unwinder worker functions ---*/ 52/*--- ---*/ 53/*------------------------------------------------------------*/ 54 55/* Take a snapshot of the client's stack, putting up to 'max_n_ips' 56 IPs into 'ips'. In order to be thread-safe, we pass in the 57 thread's IP SP, FP if that's meaningful, and LR if that's 58 meaningful. Returns number of IPs put in 'ips'. 59 60 If you know what the thread ID for this stack is, send that as the 61 first parameter, else send zero. This helps generate better stack 62 traces on ppc64-linux and has no effect on other platforms. 63*/ 64 65/* ------------------------ x86 ------------------------- */ 66 67#if defined(VGP_x86_linux) || defined(VGP_x86_darwin) 68 69UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 70 /*OUT*/Addr* ips, UInt max_n_ips, 71 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 72 UnwindStartRegs* startRegs, 73 Addr fp_max_orig ) 74{ 75 Bool debug = False; 76 Int i; 77 Addr fp_max; 78 UInt n_found = 0; 79 80 vg_assert(sizeof(Addr) == sizeof(UWord)); 81 vg_assert(sizeof(Addr) == sizeof(void*)); 82 83 D3UnwindRegs uregs; 84 uregs.xip = (Addr)startRegs->r_pc; 85 uregs.xsp = (Addr)startRegs->r_sp; 86 uregs.xbp = startRegs->misc.X86.r_ebp; 87 Addr fp_min = uregs.xsp; 88 89 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 90 stopping when the trail goes cold, which we guess to be 91 when FP is not a reasonable stack location. */ 92 93 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 94 // current page, at least. Dunno if it helps. 95 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 96 fp_max = VG_PGROUNDUP(fp_max_orig); 97 if (fp_max >= sizeof(Addr)) 98 fp_max -= sizeof(Addr); 99 100 if (debug) 101 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 102 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 103 max_n_ips, fp_min, fp_max_orig, fp_max, 104 uregs.xip, uregs.xbp); 105 106 /* Assertion broken before main() is reached in pthreaded programs; the 107 * offending stack traces only have one item. --njn, 2002-aug-16 */ 108 /* vg_assert(fp_min <= fp_max);*/ 109 // On Darwin, this kicks in for pthread-related stack traces, so they're 110 // only 1 entry long which is wrong. 111# if !defined(VGO_darwin) 112 if (fp_min + 512 >= fp_max) { 113 /* If the stack limits look bogus, don't poke around ... but 114 don't bomb out either. */ 115 if (sps) sps[0] = uregs.xsp; 116 if (fps) fps[0] = uregs.xbp; 117 ips[0] = uregs.xip; 118 return 1; 119 } 120# endif 121 122 /* fp is %ebp. sp is %esp. ip is %eip. */ 123 124 if (sps) sps[0] = uregs.xsp; 125 if (fps) fps[0] = uregs.xbp; 126 ips[0] = uregs.xip; 127 i = 1; 128 129 /* Loop unwinding the stack. Note that the IP value we get on 130 * each pass (whether from CFI info or a stack frame) is a 131 * return address so is actually after the calling instruction 132 * in the calling function. 133 * 134 * Because of this we subtract one from the IP after each pass 135 * of the loop so that we find the right CFI block on the next 136 * pass - otherwise we can find the wrong CFI info if it happens 137 * to change after the calling instruction and that will mean 138 * that we will fail to unwind the next step. 139 * 140 * This most frequently happens at the end of a function when 141 * a tail call occurs and we wind up using the CFI info for the 142 * next function which is completely wrong. 143 */ 144 while (True) { 145 146 if (i >= max_n_ips) 147 break; 148 149 /* Try to derive a new (ip,sp,fp) triple from the current 150 set. */ 151 152 /* On x86, first try the old-fashioned method of following the 153 %ebp-chain. Code which doesn't use this (that is, compiled 154 with -fomit-frame-pointer) is not ABI compliant and so 155 relatively rare. Besides, trying the CFI first almost always 156 fails, and is expensive. */ 157 /* Deal with frames resulting from functions which begin "pushl% 158 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */ 159 if (fp_min <= uregs.xbp && 160 uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/) 161 { 162 /* fp looks sane, so use it. */ 163 uregs.xip = (((UWord*)uregs.xbp)[1]); 164 // We stop if we hit a zero (the traditional end-of-stack 165 // marker) or a one -- these correspond to recorded IPs of 0 or -1. 166 // The latter because r8818 (in this file) changes the meaning of 167 // entries [1] and above in a stack trace, by subtracting 1 from 168 // them. Hence stacks that used to end with a zero value now end in 169 // -1 and so we must detect that too. 170 if (0 == uregs.xip || 1 == uregs.xip) break; 171 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/ 172 + sizeof(Addr) /*ra*/; 173 uregs.xbp = (((UWord*)uregs.xbp)[0]); 174 if (sps) sps[i] = uregs.xsp; 175 if (fps) fps[i] = uregs.xbp; 176 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 177 if (debug) 178 VG_(printf)(" ipsF[%d]=0x%08lx\n", i-1, ips[i-1]); 179 uregs.xip = uregs.xip - 1; 180 /* as per comment at the head of this loop */ 181 continue; 182 } 183 184 /* That didn't work out, so see if there is any CF info to hand 185 which can be used. */ 186 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 187 if (0 == uregs.xip || 1 == uregs.xip) break; 188 if (sps) sps[i] = uregs.xsp; 189 if (fps) fps[i] = uregs.xbp; 190 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 191 if (debug) 192 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]); 193 uregs.xip = uregs.xip - 1; 194 /* as per comment at the head of this loop */ 195 continue; 196 } 197 198 /* And, similarly, try for MSVC FPO unwind info. */ 199 if ( VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp, 200 fp_min, fp_max ) ) { 201 if (0 == uregs.xip || 1 == uregs.xip) break; 202 if (sps) sps[i] = uregs.xsp; 203 if (fps) fps[i] = uregs.xbp; 204 ips[i++] = uregs.xip; 205 if (debug) 206 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]); 207 uregs.xip = uregs.xip - 1; 208 continue; 209 } 210 211 /* No luck. We have to give up. */ 212 break; 213 } 214 215 n_found = i; 216 return n_found; 217} 218 219#endif 220 221/* ----------------------- amd64 ------------------------ */ 222 223#if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) 224 225UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 226 /*OUT*/Addr* ips, UInt max_n_ips, 227 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 228 UnwindStartRegs* startRegs, 229 Addr fp_max_orig ) 230{ 231 Bool debug = False; 232 Int i; 233 Addr fp_max; 234 UInt n_found = 0; 235 236 vg_assert(sizeof(Addr) == sizeof(UWord)); 237 vg_assert(sizeof(Addr) == sizeof(void*)); 238 239 D3UnwindRegs uregs; 240 uregs.xip = startRegs->r_pc; 241 uregs.xsp = startRegs->r_sp; 242 uregs.xbp = startRegs->misc.AMD64.r_rbp; 243 Addr fp_min = uregs.xsp; 244 245 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 246 stopping when the trail goes cold, which we guess to be 247 when FP is not a reasonable stack location. */ 248 249 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 250 // current page, at least. Dunno if it helps. 251 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 252 fp_max = VG_PGROUNDUP(fp_max_orig); 253 if (fp_max >= sizeof(Addr)) 254 fp_max -= sizeof(Addr); 255 256 if (debug) 257 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 258 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 259 max_n_ips, fp_min, fp_max_orig, fp_max, 260 uregs.xip, uregs.xbp); 261 262 /* Assertion broken before main() is reached in pthreaded programs; the 263 * offending stack traces only have one item. --njn, 2002-aug-16 */ 264 /* vg_assert(fp_min <= fp_max);*/ 265 // On Darwin, this kicks in for pthread-related stack traces, so they're 266 // only 1 entry long which is wrong. 267# if !defined(VGO_darwin) 268 if (fp_min + 256 >= fp_max) { 269 /* If the stack limits look bogus, don't poke around ... but 270 don't bomb out either. */ 271 if (sps) sps[0] = uregs.xsp; 272 if (fps) fps[0] = uregs.xbp; 273 ips[0] = uregs.xip; 274 return 1; 275 } 276# endif 277 278 /* fp is %rbp. sp is %rsp. ip is %rip. */ 279 280 ips[0] = uregs.xip; 281 if (sps) sps[0] = uregs.xsp; 282 if (fps) fps[0] = uregs.xbp; 283 i = 1; 284 285 /* Loop unwinding the stack. Note that the IP value we get on 286 * each pass (whether from CFI info or a stack frame) is a 287 * return address so is actually after the calling instruction 288 * in the calling function. 289 * 290 * Because of this we subtract one from the IP after each pass 291 * of the loop so that we find the right CFI block on the next 292 * pass - otherwise we can find the wrong CFI info if it happens 293 * to change after the calling instruction and that will mean 294 * that we will fail to unwind the next step. 295 * 296 * This most frequently happens at the end of a function when 297 * a tail call occurs and we wind up using the CFI info for the 298 * next function which is completely wrong. 299 */ 300 while (True) { 301 302 if (i >= max_n_ips) 303 break; 304 305 /* Try to derive a new (ip,sp,fp) triple from the current set. */ 306 307 /* First off, see if there is any CFI info to hand which can 308 be used. */ 309 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 310 if (0 == uregs.xip || 1 == uregs.xip) break; 311 if (sps) sps[i] = uregs.xsp; 312 if (fps) fps[i] = uregs.xbp; 313 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 314 if (debug) 315 VG_(printf)(" ipsC[%d]=%#08lx\n", i-1, ips[i-1]); 316 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 317 continue; 318 } 319 320 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so 321 we can safely try the old-fashioned method. */ 322 /* This bit is supposed to deal with frames resulting from 323 functions which begin "pushq %rbp ; movq %rsp, %rbp". 324 Unfortunately, since we can't (easily) look at the insns at 325 the start of the fn, like GDB does, there's no reliable way 326 to tell. Hence the hack of first trying out CFI, and if that 327 fails, then use this as a fallback. */ 328 /* Note: re "- 1 * sizeof(UWord)", need to take account of the 329 fact that we are prodding at & ((UWord*)fp)[1] and so need to 330 adjust the limit check accordingly. Omitting this has been 331 observed to cause segfaults on rare occasions. */ 332 if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) { 333 /* fp looks sane, so use it. */ 334 uregs.xip = (((UWord*)uregs.xbp)[1]); 335 if (0 == uregs.xip || 1 == uregs.xip) break; 336 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/ 337 + sizeof(Addr) /*ra*/; 338 uregs.xbp = (((UWord*)uregs.xbp)[0]); 339 if (sps) sps[i] = uregs.xsp; 340 if (fps) fps[i] = uregs.xbp; 341 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 342 if (debug) 343 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]); 344 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 345 continue; 346 } 347 348 /* Last-ditch hack (evidently GDB does something similar). We 349 are in the middle of nowhere and we have a nonsense value for 350 the frame pointer. If the stack pointer is still valid, 351 assume that what it points at is a return address. Yes, 352 desperate measures. Could do better here: 353 - check that the supposed return address is in 354 an executable page 355 - check that the supposed return address is just after a call insn 356 - given those two checks, don't just consider *sp as the return 357 address; instead scan a likely section of stack (eg sp .. sp+256) 358 and use suitable values found there. 359 */ 360 if (fp_min <= uregs.xsp && uregs.xsp < fp_max) { 361 uregs.xip = ((UWord*)uregs.xsp)[0]; 362 if (0 == uregs.xip || 1 == uregs.xip) break; 363 if (sps) sps[i] = uregs.xsp; 364 if (fps) fps[i] = uregs.xbp; 365 ips[i++] = uregs.xip == 0 366 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a 367 thread stack */ 368 : uregs.xip - 1; 369 /* -1: refer to calling insn, not the RA */ 370 if (debug) 371 VG_(printf)(" ipsH[%d]=%#08lx\n", i-1, ips[i-1]); 372 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 373 uregs.xsp += 8; 374 continue; 375 } 376 377 /* No luck at all. We have to give up. */ 378 break; 379 } 380 381 n_found = i; 382 return n_found; 383} 384 385#endif 386 387/* -----------------------ppc32/64 ---------------------- */ 388 389#if defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux) 390 391UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 392 /*OUT*/Addr* ips, UInt max_n_ips, 393 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 394 UnwindStartRegs* startRegs, 395 Addr fp_max_orig ) 396{ 397 Bool lr_is_first_RA = False; 398# if defined(VG_PLAT_USES_PPCTOC) 399 Word redir_stack_size = 0; 400 Word redirs_used = 0; 401# endif 402 403 Bool debug = False; 404 Int i; 405 Addr fp_max; 406 UInt n_found = 0; 407 408 vg_assert(sizeof(Addr) == sizeof(UWord)); 409 vg_assert(sizeof(Addr) == sizeof(void*)); 410 411 Addr ip = (Addr)startRegs->r_pc; 412 Addr sp = (Addr)startRegs->r_sp; 413 Addr fp = sp; 414# if defined(VGP_ppc32_linux) 415 Addr lr = startRegs->misc.PPC32.r_lr; 416# elif defined(VGP_ppc64_linux) 417 Addr lr = startRegs->misc.PPC64.r_lr; 418# endif 419 Addr fp_min = sp; 420 421 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 422 stopping when the trail goes cold, which we guess to be 423 when FP is not a reasonable stack location. */ 424 425 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 426 // current page, at least. Dunno if it helps. 427 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 428 fp_max = VG_PGROUNDUP(fp_max_orig); 429 if (fp_max >= sizeof(Addr)) 430 fp_max -= sizeof(Addr); 431 432 if (debug) 433 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 434 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 435 max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp); 436 437 /* Assertion broken before main() is reached in pthreaded programs; the 438 * offending stack traces only have one item. --njn, 2002-aug-16 */ 439 /* vg_assert(fp_min <= fp_max);*/ 440 if (fp_min + 512 >= fp_max) { 441 /* If the stack limits look bogus, don't poke around ... but 442 don't bomb out either. */ 443 if (sps) sps[0] = sp; 444 if (fps) fps[0] = fp; 445 ips[0] = ip; 446 return 1; 447 } 448 449 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and 450 frame pointers. */ 451 452# if defined(VGP_ppc64_linux) 453 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE; 454 redirs_used = 0; 455# endif 456 457# if defined(VG_PLAT_USES_PPCTOC) 458 /* Deal with bogus LR values caused by function 459 interception/wrapping on ppc-TOC platforms; see comment on 460 similar code a few lines further down. */ 461 if (ULong_to_Ptr(lr) == (void*)&VG_(ppctoc_magic_redirect_return_stub) 462 && VG_(is_valid_tid)(tid_if_known)) { 463 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP; 464 redirs_used++; 465 if (hsp >= 1 && hsp < redir_stack_size) 466 lr = VG_(threads)[tid_if_known] 467 .arch.vex.guest_REDIR_STACK[hsp-1]; 468 } 469# endif 470 471 /* We have to determine whether or not LR currently holds this fn 472 (call it F)'s return address. It might not if F has previously 473 called some other function, hence overwriting LR with a pointer 474 to some part of F. Hence if LR and IP point to the same 475 function then we conclude LR does not hold this function's 476 return address; instead the LR at entry must have been saved in 477 the stack by F's prologue and so we must get it from there 478 instead. Note all this guff only applies to the innermost 479 frame. */ 480 lr_is_first_RA = False; 481 { 482# define M_VG_ERRTXT 1000 483 UChar buf_lr[M_VG_ERRTXT], buf_ip[M_VG_ERRTXT]; 484 /* The following conditional looks grossly inefficient and 485 surely could be majorly improved, with not much effort. */ 486 if (VG_(get_fnname_raw) (lr, buf_lr, M_VG_ERRTXT)) 487 if (VG_(get_fnname_raw) (ip, buf_ip, M_VG_ERRTXT)) 488 if (VG_(strncmp)(buf_lr, buf_ip, M_VG_ERRTXT)) 489 lr_is_first_RA = True; 490# undef M_VG_ERRTXT 491 } 492 493 if (sps) sps[0] = fp; /* NB. not sp */ 494 if (fps) fps[0] = fp; 495 ips[0] = ip; 496 i = 1; 497 498 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) { 499 500 /* initial FP is sane; keep going */ 501 fp = (((UWord*)fp)[0]); 502 503 while (True) { 504 505 /* On ppc64-linux (ppc64-elf, really), the lr save 506 slot is 2 words back from sp, whereas on ppc32-elf(?) it's 507 only one word back. */ 508# if defined(VG_PLAT_USES_PPCTOC) 509 const Int lr_offset = 2; 510# else 511 const Int lr_offset = 1; 512# endif 513 514 if (i >= max_n_ips) 515 break; 516 517 /* Try to derive a new (ip,fp) pair from the current set. */ 518 519 if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) { 520 /* fp looks sane, so use it. */ 521 522 if (i == 1 && lr_is_first_RA) 523 ip = lr; 524 else 525 ip = (((UWord*)fp)[lr_offset]); 526 527# if defined(VG_PLAT_USES_PPCTOC) 528 /* Nasty hack to do with function replacement/wrapping on 529 ppc64-linux. If LR points to our magic return stub, 530 then we are in a wrapped or intercepted function, in 531 which LR has been messed with. The original LR will 532 have been pushed onto the thread's hidden REDIR stack 533 one down from the top (top element is the saved R2) and 534 so we should restore the value from there instead. 535 Since nested redirections can and do happen, we keep 536 track of the number of nested LRs used by the unwinding 537 so far with 'redirs_used'. */ 538 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub) 539 && VG_(is_valid_tid)(tid_if_known)) { 540 Word hsp = VG_(threads)[tid_if_known] 541 .arch.vex.guest_REDIR_SP; 542 hsp -= 2 * redirs_used; 543 redirs_used ++; 544 if (hsp >= 1 && hsp < redir_stack_size) 545 ip = VG_(threads)[tid_if_known] 546 .arch.vex.guest_REDIR_STACK[hsp-1]; 547 } 548# endif 549 550 if (0 == ip || 1 == ip) break; 551 if (sps) sps[i] = fp; /* NB. not sp */ 552 if (fps) fps[i] = fp; 553 fp = (((UWord*)fp)[0]); 554 ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */ 555 if (debug) 556 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]); 557 ip = ip - 1; /* ip is probably dead at this point, but 558 play safe, a la x86/amd64 above. See 559 extensive comments above. */ 560 continue; 561 } 562 563 /* No luck there. We have to give up. */ 564 break; 565 } 566 } 567 568 n_found = i; 569 return n_found; 570} 571 572#endif 573 574/* ------------------------ arm ------------------------- */ 575 576#if defined(VGP_arm_linux) 577 578UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 579 /*OUT*/Addr* ips, UInt max_n_ips, 580 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 581 UnwindStartRegs* startRegs, 582 Addr fp_max_orig ) 583{ 584 Bool debug = False; 585 Int i; 586 Addr fp_max; 587 UInt n_found = 0; 588 589 vg_assert(sizeof(Addr) == sizeof(UWord)); 590 vg_assert(sizeof(Addr) == sizeof(void*)); 591 592 D3UnwindRegs uregs; 593 uregs.r15 = startRegs->r_pc & 0xFFFFFFFE; 594 uregs.r14 = startRegs->misc.ARM.r14; 595 uregs.r13 = startRegs->r_sp; 596 uregs.r12 = startRegs->misc.ARM.r12; 597 uregs.r11 = startRegs->misc.ARM.r11; 598 uregs.r7 = startRegs->misc.ARM.r7; 599 Addr fp_min = uregs.r13; 600 601 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 602 stopping when the trail goes cold, which we guess to be 603 when FP is not a reasonable stack location. */ 604 605 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 606 // current page, at least. Dunno if it helps. 607 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 608 fp_max = VG_PGROUNDUP(fp_max_orig); 609 if (fp_max >= sizeof(Addr)) 610 fp_max -= sizeof(Addr); 611 612 if (debug) 613 VG_(printf)("\nmax_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 614 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n", 615 max_n_ips, fp_min, fp_max_orig, fp_max, 616 uregs.r15, uregs.r13); 617 618 /* Assertion broken before main() is reached in pthreaded programs; the 619 * offending stack traces only have one item. --njn, 2002-aug-16 */ 620 /* vg_assert(fp_min <= fp_max);*/ 621 // On Darwin, this kicks in for pthread-related stack traces, so they're 622 // only 1 entry long which is wrong. 623 if (fp_min + 512 >= fp_max) { 624 /* If the stack limits look bogus, don't poke around ... but 625 don't bomb out either. */ 626 if (sps) sps[0] = uregs.r13; 627 if (fps) fps[0] = 0; 628 ips[0] = uregs.r15; 629 return 1; 630 } 631 632 /* */ 633 634 if (sps) sps[0] = uregs.r13; 635 if (fps) fps[0] = 0; 636 ips[0] = uregs.r15; 637 i = 1; 638 639 /* Loop unwinding the stack. */ 640 641 while (True) { 642 if (debug) { 643 VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n", 644 i, uregs.r15, uregs.r13); 645 } 646 647 if (i >= max_n_ips) 648 break; 649 650 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 651 if (sps) sps[i] = uregs.r13; 652 if (fps) fps[i] = 0; 653 ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1; 654 if (debug) 655 VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n", 656 uregs.r15, uregs.r13); 657 uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1; 658 continue; 659 } 660 /* No luck. We have to give up. */ 661 break; 662 } 663 664 n_found = i; 665 return n_found; 666} 667 668#endif 669 670/* ------------------------ s390x ------------------------- */ 671 672#if defined(VGP_s390x_linux) 673 674UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 675 /*OUT*/Addr* ips, UInt max_n_ips, 676 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 677 UnwindStartRegs* startRegs, 678 Addr fp_max_orig ) 679{ 680 Bool debug = False; 681 Int i; 682 Addr fp_max; 683 UInt n_found = 0; 684 685 vg_assert(sizeof(Addr) == sizeof(UWord)); 686 vg_assert(sizeof(Addr) == sizeof(void*)); 687 688 D3UnwindRegs uregs; 689 uregs.ia = startRegs->r_pc; 690 uregs.sp = startRegs->r_sp; 691 Addr fp_min = uregs.sp; 692 uregs.fp = startRegs->misc.S390X.r_fp; 693 uregs.lr = startRegs->misc.S390X.r_lr; 694 695 fp_max = VG_PGROUNDUP(fp_max_orig); 696 if (fp_max >= sizeof(Addr)) 697 fp_max -= sizeof(Addr); 698 699 if (debug) 700 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 701 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n", 702 max_n_ips, fp_min, fp_max_orig, fp_max, 703 uregs.ia, uregs.sp,uregs.fp); 704 705 /* The first frame is pretty obvious */ 706 ips[0] = uregs.ia; 707 if (sps) sps[0] = uregs.sp; 708 if (fps) fps[0] = uregs.fp; 709 i = 1; 710 711 /* for everything else we have to rely on the eh_frame. gcc defaults to 712 not create a backchain and all the other tools (like gdb) also have 713 to use the CFI. */ 714 while (True) { 715 if (i >= max_n_ips) 716 break; 717 718 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 719 if (sps) sps[i] = uregs.sp; 720 if (fps) fps[i] = uregs.fp; 721 ips[i++] = uregs.ia - 1; 722 uregs.ia = uregs.ia - 1; 723 continue; 724 } 725 /* A problem on the first frame? Lets assume it was a bad jump. 726 We will use the link register and the current stack and frame 727 pointers and see if we can use the CFI in the next round. */ 728 if (i == 1) { 729 if (sps) { 730 sps[i] = sps[0]; 731 uregs.sp = sps[0]; 732 } 733 if (fps) { 734 fps[i] = fps[0]; 735 uregs.fp = fps[0]; 736 } 737 uregs.ia = uregs.lr - 1; 738 ips[i++] = uregs.lr - 1; 739 continue; 740 } 741 742 /* No luck. We have to give up. */ 743 break; 744 } 745 746 n_found = i; 747 return n_found; 748} 749 750#endif 751 752/* ------------------------ mips 32------------------------- */ 753 754#if defined(VGP_mips32_linux) 755 756UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 757 /*OUT*/Addr* ips, UInt max_n_ips, 758 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 759 UnwindStartRegs* startRegs, 760 Addr fp_max_orig ) 761{ 762 Bool debug = False; 763 Int i; 764 Addr fp_max; 765 UInt n_found = 0; 766 767 vg_assert(sizeof(Addr) == sizeof(UWord)); 768 vg_assert(sizeof(Addr) == sizeof(void*)); 769 770 D3UnwindRegs uregs; 771 uregs.pc = startRegs->r_pc; 772 uregs.sp = startRegs->r_sp; 773 Addr fp_min = uregs.sp; 774 775 uregs.fp = startRegs->misc.MIPS32.r30; 776 uregs.ra = startRegs->misc.MIPS32.r31; 777 778 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 779 stopping when the trail goes cold, which we guess to be 780 when FP is not a reasonable stack location. */ 781 782 fp_max = VG_PGROUNDUP(fp_max_orig); 783 if (fp_max >= sizeof(Addr)) 784 fp_max -= sizeof(Addr); 785 786 if (debug) 787 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 788 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n", 789 max_n_ips, fp_min, fp_max_orig, fp_max, 790 uregs.pc, uregs.sp, uregs.fp); 791 792 if (sps) sps[0] = uregs.sp; 793 if (fps) fps[0] = uregs.fp; 794 ips[0] = uregs.pc; 795 i = 1; 796 797 /* Loop unwinding the stack. */ 798 799 while (True) { 800 if (debug) { 801 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n", 802 i, uregs.pc, uregs.sp, uregs.ra); 803 } 804 if (i >= max_n_ips) 805 break; 806 807 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 808 if (debug) 809 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n", 810 uregs.pc, uregs.sp, uregs.ra); 811 if (0 == uregs.pc || 1 == uregs.pc) break; 812 if (sps) sps[i] = uregs.sp; 813 if (fps) fps[i] = uregs.fp; 814 ips[i++] = uregs.pc - 4; 815 uregs.pc = uregs.pc - 4; 816 continue; 817 } 818 819 int seen_sp_adjust = 0; 820 long frame_offset = 0; 821 PtrdiffT offset; 822 if (VG_(get_inst_offset_in_function)(uregs.pc, &offset)) { 823 Addr start_pc = uregs.pc - offset; 824 Addr limit_pc = uregs.pc; 825 Addr cur_pc; 826 for (cur_pc = start_pc; cur_pc < limit_pc; cur_pc += 4) { 827 unsigned long inst, high_word, low_word; 828 unsigned long * cur_inst; 829 int reg; 830 /* Fetch the instruction. */ 831 cur_inst = (unsigned long *)cur_pc; 832 inst = *((UInt *) cur_inst); 833 if(debug) 834 VG_(printf)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc, inst); 835 836 /* Save some code by pre-extracting some useful fields. */ 837 high_word = (inst >> 16) & 0xffff; 838 low_word = inst & 0xffff; 839 reg = high_word & 0x1f; 840 841 if (high_word == 0x27bd /* addiu $sp,$sp,-i */ 842 || high_word == 0x23bd /* addi $sp,$sp,-i */ 843 || high_word == 0x67bd) { /* daddiu $sp,$sp,-i */ 844 if (low_word & 0x8000) /* negative stack adjustment? */ 845 frame_offset += 0x10000 - low_word; 846 else 847 /* Exit loop if a positive stack adjustment is found, which 848 usually means that the stack cleanup code in the function 849 epilogue is reached. */ 850 break; 851 seen_sp_adjust = 1; 852 } 853 } 854 if(debug) 855 VG_(printf)("offset: 0x%lx\n", frame_offset); 856 } 857 if (seen_sp_adjust) { 858 if (0 == uregs.pc || 1 == uregs.pc) break; 859 if (uregs.pc == uregs.ra - 8) break; 860 if (sps) { 861 sps[i] = uregs.sp + frame_offset; 862 } 863 uregs.sp = uregs.sp + frame_offset; 864 865 if (fps) { 866 fps[i] = fps[0]; 867 uregs.fp = fps[0]; 868 } 869 if (0 == uregs.ra || 1 == uregs.ra) break; 870 uregs.pc = uregs.ra - 8; 871 ips[i++] = uregs.ra - 8; 872 continue; 873 } 874 875 if (i == 1) { 876 if (sps) { 877 sps[i] = sps[0]; 878 uregs.sp = sps[0]; 879 } 880 if (fps) { 881 fps[i] = fps[0]; 882 uregs.fp = fps[0]; 883 } 884 if (0 == uregs.ra || 1 == uregs.ra) break; 885 uregs.pc = uregs.ra - 8; 886 ips[i++] = uregs.ra - 8; 887 continue; 888 } 889 /* No luck. We have to give up. */ 890 break; 891 } 892 893 n_found = i; 894 return n_found; 895} 896 897#endif 898 899 900/*------------------------------------------------------------*/ 901/*--- ---*/ 902/*--- END platform-dependent unwinder worker functions ---*/ 903/*--- ---*/ 904/*------------------------------------------------------------*/ 905 906/*------------------------------------------------------------*/ 907/*--- Exported functions. ---*/ 908/*------------------------------------------------------------*/ 909 910UInt VG_(get_StackTrace) ( ThreadId tid, 911 /*OUT*/StackTrace ips, UInt max_n_ips, 912 /*OUT*/StackTrace sps, 913 /*OUT*/StackTrace fps, 914 Word first_ip_delta ) 915{ 916 /* Get the register values with which to start the unwind. */ 917 UnwindStartRegs startRegs; 918 VG_(memset)( &startRegs, 0, sizeof(startRegs) ); 919 VG_(get_UnwindStartRegs)( &startRegs, tid ); 920 921 Addr stack_highest_word = VG_(threads)[tid].client_stack_highest_word; 922 Addr stack_lowest_word = 0; 923 924# if defined(VGP_x86_linux) 925 /* Nasty little hack to deal with syscalls - if libc is using its 926 _dl_sysinfo_int80 function for syscalls (the TLS version does), 927 then ip will always appear to be in that function when doing a 928 syscall, not the actual libc function doing the syscall. This 929 check sees if IP is within that function, and pops the return 930 address off the stack so that ip is placed within the library 931 function calling the syscall. This makes stack backtraces much 932 more useful. 933 934 The function is assumed to look like this (from glibc-2.3.6 sources): 935 _dl_sysinfo_int80: 936 int $0x80 937 ret 938 That is 3 (2+1) bytes long. We could be more thorough and check 939 the 3 bytes of the function are as expected, but I can't be 940 bothered. 941 */ 942 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */ 943 && startRegs.r_pc >= VG_(client__dl_sysinfo_int80) 944 && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3 945 && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr), 946 VKI_PROT_READ)) { 947 startRegs.r_pc = (ULong) *(Addr*)(UWord)startRegs.r_sp; 948 startRegs.r_sp += (ULong) sizeof(Addr); 949 } 950# endif 951 952 /* See if we can get a better idea of the stack limits */ 953 VG_(stack_limits)( (Addr)startRegs.r_sp, 954 &stack_lowest_word, &stack_highest_word ); 955 956 /* Take into account the first_ip_delta. */ 957 startRegs.r_pc += (Long)(Word)first_ip_delta; 958 959 if (0) 960 VG_(printf)("tid %d: stack_highest=0x%08lx ip=0x%010llx " 961 "sp=0x%010llx\n", 962 tid, stack_highest_word, 963 startRegs.r_pc, startRegs.r_sp); 964 965 return VG_(get_StackTrace_wrk)(tid, ips, max_n_ips, 966 sps, fps, 967 &startRegs, 968 stack_highest_word); 969} 970 971static void printIpDesc(UInt n, Addr ip, void* uu_opaque) 972{ 973 #define BUF_LEN 4096 974 975 static UChar buf[BUF_LEN]; 976 977 VG_(describe_IP)(ip, buf, BUF_LEN); 978 979 if (VG_(clo_xml)) { 980 VG_(printf_xml)(" %s\n", buf); 981 } else { 982 VG_(message)(Vg_UserMsg, " %s %s\n", ( n == 0 ? "at" : "by" ), buf); 983 } 984} 985 986/* Print a StackTrace. */ 987void VG_(pp_StackTrace) ( StackTrace ips, UInt n_ips ) 988{ 989 vg_assert( n_ips > 0 ); 990 991 if (VG_(clo_xml)) 992 VG_(printf_xml)(" <stack>\n"); 993 994 VG_(apply_StackTrace)( printIpDesc, NULL, ips, n_ips ); 995 996 if (VG_(clo_xml)) 997 VG_(printf_xml)(" </stack>\n"); 998} 999 1000/* Get and immediately print a StackTrace. */ 1001void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips ) 1002{ 1003 Addr ips[max_n_ips]; 1004 UInt n_ips 1005 = VG_(get_StackTrace)(tid, ips, max_n_ips, 1006 NULL/*array to dump SP values in*/, 1007 NULL/*array to dump FP values in*/, 1008 0/*first_ip_delta*/); 1009 VG_(pp_StackTrace)(ips, n_ips); 1010} 1011 1012void VG_(apply_StackTrace)( 1013 void(*action)(UInt n, Addr ip, void* opaque), 1014 void* opaque, 1015 StackTrace ips, UInt n_ips 1016 ) 1017{ 1018 Bool main_done = False; 1019 Int i = 0; 1020 1021 vg_assert(n_ips > 0); 1022 do { 1023 Addr ip = ips[i]; 1024 1025 // Stop after the first appearance of "main" or one of the other names 1026 // (the appearance of which is a pretty good sign that we've gone past 1027 // main without seeing it, for whatever reason) 1028 if ( ! VG_(clo_show_below_main) ) { 1029 Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ip); 1030 if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind) { 1031 main_done = True; 1032 } 1033 } 1034 1035 // Act on the ip 1036 action(i, ip, opaque); 1037 1038 i++; 1039 } while (i < n_ips && !main_done); 1040 1041 #undef MYBUF_LEN 1042} 1043 1044 1045/*--------------------------------------------------------------------*/ 1046/*--- end ---*/ 1047/*--------------------------------------------------------------------*/ 1048