m_stacktrace.c revision 5fa87802b2b0934807a776d62ef5900177938cad
1 2/*--------------------------------------------------------------------*/ 3/*--- Take snapshots of client stacks. m_stacktrace.c ---*/ 4/*--------------------------------------------------------------------*/ 5 6/* 7 This file is part of Valgrind, a dynamic binary instrumentation 8 framework. 9 10 Copyright (C) 2000-2008 Julian Seward 11 jseward@acm.org 12 13 This program is free software; you can redistribute it and/or 14 modify it under the terms of the GNU General Public License as 15 published by the Free Software Foundation; either version 2 of the 16 License, or (at your option) any later version. 17 18 This program is distributed in the hope that it will be useful, but 19 WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with this program; if not, write to the Free Software 25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 26 02111-1307, USA. 27 28 The GNU General Public License is contained in the file COPYING. 29*/ 30 31#include "pub_core_basics.h" 32#include "pub_core_vki.h" 33#include "pub_core_threadstate.h" 34#include "pub_core_debuginfo.h" 35#include "pub_core_aspacemgr.h" // For VG_(is_addressable)() 36#include "pub_core_libcbase.h" 37#include "pub_core_libcassert.h" 38#include "pub_core_libcprint.h" 39#include "pub_core_machine.h" 40#include "pub_core_options.h" 41#include "pub_core_stacks.h" // VG_(stack_limits) 42#include "pub_core_stacktrace.h" 43#include "pub_core_xarray.h" 44#include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80) 45#include "pub_core_trampoline.h" 46 47/*------------------------------------------------------------*/ 48/*--- Exported functions. ---*/ 49/*------------------------------------------------------------*/ 50 51/* Take a snapshot of the client's stack, putting the up to 'n_ips' 52 IPs into 'ips'. In order to be thread-safe, we pass in the 53 thread's IP SP, FP if that's meaningful, and LR if that's 54 meaningful. Returns number of IPs put in 'ips'. 55 56 If you know what the thread ID for this stack is, send that as the 57 first parameter, else send zero. This helps generate better stack 58 traces on ppc64-linux and has no effect on other platforms. 59*/ 60UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 61 /*OUT*/Addr* ips, UInt n_ips, 62 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 63 Addr ip, Addr sp, Addr fp, Addr lr, 64 Addr fp_min, Addr fp_max_orig ) 65{ 66# if defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux) \ 67 || defined(VGP_ppc32_aix5) \ 68 || defined(VGP_ppc64_aix5) 69 Bool lr_is_first_RA = False; 70# endif 71# if defined(VGP_ppc64_linux) || defined(VGP_ppc64_aix5) \ 72 || defined(VGP_ppc32_aix5) 73 Word redir_stack_size = 0; 74 Word redirs_used = 0; 75# endif 76 77 Bool debug = False; 78 Int i; 79 Addr fp_max; 80 UInt n_found = 0; 81 82 vg_assert(sizeof(Addr) == sizeof(UWord)); 83 vg_assert(sizeof(Addr) == sizeof(void*)); 84 85 /* Snaffle IPs from the client's stack into ips[0 .. n_ips-1], 86 stopping when the trail goes cold, which we guess to be 87 when FP is not a reasonable stack location. */ 88 89 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 90 // current page, at least. Dunno if it helps. 91 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 92 fp_max = VG_PGROUNDUP(fp_max_orig); 93 if (fp_max >= sizeof(Addr)) 94 fp_max -= sizeof(Addr); 95 96 if (debug) 97 VG_(printf)("n_ips=%d fp_min=%p fp_max_orig=%p, " 98 "fp_max=%p ip=%p fp=%p\n", 99 n_ips, fp_min, fp_max_orig, fp_max, ip, fp); 100 101 /* Assertion broken before main() is reached in pthreaded programs; the 102 * offending stack traces only have one item. --njn, 2002-aug-16 */ 103 /* vg_assert(fp_min <= fp_max);*/ 104 if (fp_min + 512 >= fp_max) { 105 /* If the stack limits look bogus, don't poke around ... but 106 don't bomb out either. */ 107 if (sps) sps[0] = sp; 108 if (fps) fps[0] = fp; 109 ips[0] = ip; 110 return 1; 111 } 112 113 /* Otherwise unwind the stack in a platform-specific way. Trying 114 to merge the x86, amd64, ppc32 and ppc64 logic into a single 115 piece of code is just too confusing and difficult to 116 performance-tune. */ 117 118# if defined(VGP_x86_linux) 119 120 /*--------------------- x86 ---------------------*/ 121 122 /* fp is %ebp. sp is %esp. ip is %eip. */ 123 124 if (sps) sps[0] = sp; 125 if (fps) fps[0] = fp; 126 ips[0] = ip; 127 i = 1; 128 129 /* Loop unwinding the stack. Note that the IP value we get on 130 * each pass (whether from CFI info or a stack frame) is a 131 * return address so is actually after the calling instruction 132 * in the calling function. 133 * 134 * Because of this we subtract one from the IP after each pass 135 * of the loop so that we find the right CFI block on the next 136 * pass - otherwise we can find the wrong CFI info if it happens 137 * to change after the calling instruction and that will mean 138 * that we will fail to unwind the next step. 139 * 140 * This most frequently happens at the end of a function when 141 * a tail call occurs and we wind up using the CFI info for the 142 * next function which is completely wrong. 143 * 144 * Note that VG_(get_data_description) (in m_debuginfo) has to take 145 * this same problem into account when unwinding the stack to 146 * examine local variable descriptions (as documented therein in 147 * comments). 148 */ 149 while (True) { 150 151 if (i >= n_ips) 152 break; 153 154 /* Try to derive a new (ip,sp,fp) triple from the current 155 set. */ 156 157 /* On x86, first try the old-fashioned method of following the 158 %ebp-chain. Code which doesn't use this (that is, compiled 159 with -fomit-frame-pointer) is not ABI compliant and so 160 relatively rare. Besides, trying the CFI first almost always 161 fails, and is expensive. */ 162 /* Deal with frames resulting from functions which begin "pushl% 163 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */ 164 if (fp_min <= fp && fp <= fp_max) { 165 /* fp looks sane, so use it. */ 166 ip = (((UWord*)fp)[1]); 167 sp = fp + sizeof(Addr) /*saved %ebp*/ 168 + sizeof(Addr) /*ra*/; 169 fp = (((UWord*)fp)[0]); 170 if (sps) sps[i] = sp; 171 if (fps) fps[i] = fp; 172 ips[i++] = ip; 173 if (debug) 174 VG_(printf)(" ipsF[%d]=0x%08lx\n", i-1, ips[i-1]); 175 ip = ip - 1; 176 continue; 177 } 178 179 /* That didn't work out, so see if there is any CF info to hand 180 which can be used. */ 181 if ( VG_(use_CF_info)( &ip, &sp, &fp, fp_min, fp_max ) ) { 182 if (sps) sps[i] = sp; 183 if (fps) fps[i] = fp; 184 ips[i++] = ip; 185 if (debug) 186 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]); 187 ip = ip - 1; 188 continue; 189 } 190 191 /* No luck. We have to give up. */ 192 break; 193 } 194 195# elif defined(VGP_amd64_linux) 196 197 /*--------------------- amd64 ---------------------*/ 198 199 /* fp is %rbp. sp is %rsp. ip is %rip. */ 200 201 ips[0] = ip; 202 if (sps) sps[0] = sp; 203 if (fps) fps[0] = fp; 204 i = 1; 205 206 /* Loop unwinding the stack. Note that the IP value we get on 207 * each pass (whether from CFI info or a stack frame) is a 208 * return address so is actually after the calling instruction 209 * in the calling function. 210 * 211 * Because of this we subtract one from the IP after each pass 212 * of the loop so that we find the right CFI block on the next 213 * pass - otherwise we can find the wrong CFI info if it happens 214 * to change after the calling instruction and that will mean 215 * that we will fail to unwind the next step. 216 * 217 * This most frequently happens at the end of a function when 218 * a tail call occurs and we wind up using the CFI info for the 219 * next function which is completely wrong. 220 * 221 * Note that VG_(get_data_description) (in m_debuginfo) has to take 222 * this same problem into account when unwinding the stack to 223 * examine local variable descriptions (as documented therein in 224 * comments). 225 */ 226 while (True) { 227 228 if (i >= n_ips) 229 break; 230 231 /* Try to derive a new (ip,sp,fp) triple from the current 232 set. */ 233 234 /* First off, see if there is any CFI info to hand which can 235 be used. */ 236 if ( VG_(use_CF_info)( &ip, &sp, &fp, fp_min, fp_max ) ) { 237 if (sps) sps[i] = sp; 238 if (fps) fps[i] = fp; 239 ips[i++] = ip; 240 if (debug) 241 VG_(printf)(" ipsC[%d]=%08p\n", i-1, ips[i-1]); 242 ip = ip - 1; 243 continue; 244 } 245 246 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so 247 we can safely try the old-fashioned method. */ 248 /* This bit is supposed to deal with frames resulting from 249 functions which begin "pushq %rbp ; movq %rsp, %rbp". 250 Unfortunately, since we can't (easily) look at the insns at 251 the start of the fn, like GDB does, there's no reliable way 252 to tell. Hence the hack of first trying out CFI, and if that 253 fails, then use this as a fallback. */ 254 if (fp_min <= fp && fp <= fp_max) { 255 /* fp looks sane, so use it. */ 256 ip = (((UWord*)fp)[1]); 257 sp = fp + sizeof(Addr) /*saved %rbp*/ 258 + sizeof(Addr) /*ra*/; 259 fp = (((UWord*)fp)[0]); 260 if (sps) sps[i] = sp; 261 if (fps) fps[i] = fp; 262 ips[i++] = ip; 263 if (debug) 264 VG_(printf)(" ipsF[%d]=%08p\n", i-1, ips[i-1]); 265 ip = ip - 1; 266 continue; 267 } 268 269 /* Last-ditch hack (evidently GDB does something similar). We 270 are in the middle of nowhere and we have a nonsense value for 271 the frame pointer. If the stack pointer is still valid, 272 assume that what it points at is a return address. Yes, 273 desperate measures. Could do better here: 274 - check that the supposed return address is in 275 an executable page 276 - check that the supposed return address is just after a call insn 277 - given those two checks, don't just consider *sp as the return 278 address; instead scan a likely section of stack (eg sp .. sp+256) 279 and use suitable values found there. 280 */ 281 if (fp_min <= sp && sp < fp_max) { 282 ip = ((UWord*)sp)[0]; 283 if (sps) sps[i] = sp; 284 if (fps) fps[i] = fp; 285 ips[i++] = ip; 286 if (debug) 287 VG_(printf)(" ipsH[%d]=%08p\n", i-1, ips[i-1]); 288 ip = ip - 1; 289 sp += 8; 290 continue; 291 } 292 293 /* No luck at all. We have to give up. */ 294 break; 295 } 296 297# elif defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux) \ 298 || defined(VGP_ppc32_aix5) || defined(VGP_ppc64_aix5) 299 300 /*--------------------- ppc32/64 ---------------------*/ 301 302 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and 303 frame pointers. */ 304 305# if defined(VGP_ppc64_linux) || defined(VGP_ppc64_aix5) 306 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE; 307 redirs_used = 0; 308# elif defined(VGP_ppc32_aix5) 309 redir_stack_size = VEX_GUEST_PPC32_REDIR_STACK_SIZE; 310 redirs_used = 0; 311# endif 312 313# if defined(VG_PLAT_USES_PPCTOC) 314 /* Deal with bogus LR values caused by function 315 interception/wrapping on ppc-TOC platforms; see comment on 316 similar code a few lines further down. */ 317 if (ULong_to_Ptr(lr) == (void*)&VG_(ppctoc_magic_redirect_return_stub) 318 && VG_(is_valid_tid)(tid_if_known)) { 319 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP; 320 redirs_used++; 321 if (hsp >= 1 && hsp < redir_stack_size) 322 lr = VG_(threads)[tid_if_known] 323 .arch.vex.guest_REDIR_STACK[hsp-1]; 324 } 325# endif 326 327 /* We have to determine whether or not LR currently holds this fn 328 (call it F)'s return address. It might not if F has previously 329 called some other function, hence overwriting LR with a pointer 330 to some part of F. Hence if LR and IP point to the same 331 function then we conclude LR does not hold this function's 332 return address; instead the LR at entry must have been saved in 333 the stack by F's prologue and so we must get it from there 334 instead. Note all this guff only applies to the innermost 335 frame. */ 336 lr_is_first_RA = False; 337 { 338# define M_VG_ERRTXT 1000 339 UChar buf_lr[M_VG_ERRTXT], buf_ip[M_VG_ERRTXT]; 340 if (VG_(get_fnname_nodemangle) (lr, buf_lr, M_VG_ERRTXT)) 341 if (VG_(get_fnname_nodemangle) (ip, buf_ip, M_VG_ERRTXT)) 342 if (VG_(strncmp)(buf_lr, buf_ip, M_VG_ERRTXT)) 343 lr_is_first_RA = True; 344# undef M_VG_ERRTXT 345 } 346 347 if (sps) sps[0] = fp; /* NB. not sp */ 348 if (fps) fps[0] = fp; 349 ips[0] = ip; 350 i = 1; 351 352 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) { 353 354 /* initial FP is sane; keep going */ 355 fp = (((UWord*)fp)[0]); 356 357 while (True) { 358 359 /* On ppc64-linux (ppc64-elf, really), and on AIX, the lr save 360 slot is 2 words back from sp, whereas on ppc32-elf(?) it's 361 only one word back. */ 362# if defined(VGP_ppc64_linux) \ 363 || defined(VGP_ppc32_aix5) || defined(VGP_ppc64_aix5) 364 const Int lr_offset = 2; 365# else 366 const Int lr_offset = 1; 367# endif 368 369 if (i >= n_ips) 370 break; 371 372 /* Try to derive a new (ip,fp) pair from the current set. */ 373 374 if (fp_min <= fp && fp <= fp_max) { 375 /* fp looks sane, so use it. */ 376 377 if (i == 1 && lr_is_first_RA) 378 ip = lr; 379 else 380 ip = (((UWord*)fp)[lr_offset]); 381 382# if defined(VG_PLAT_USES_PPCTOC) 383 /* Nasty hack to do with function replacement/wrapping on 384 ppc64-linux/ppc64-aix/ppc32-aix. If LR points to our 385 magic return stub, then we are in a wrapped or 386 intercepted function, in which LR has been messed with. 387 The original LR will have been pushed onto the thread's 388 hidden REDIR stack one down from the top (top element 389 is the saved R2) and so we should restore the value 390 from there instead. Since nested redirections can and 391 do happen, we keep track of the number of nested LRs 392 used by the unwinding so far with 'redirs_used'. */ 393 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub) 394 && VG_(is_valid_tid)(tid_if_known)) { 395 Word hsp = VG_(threads)[tid_if_known] 396 .arch.vex.guest_REDIR_SP; 397 hsp -= 2 * redirs_used; 398 redirs_used ++; 399 if (hsp >= 1 && hsp < redir_stack_size) 400 ip = VG_(threads)[tid_if_known] 401 .arch.vex.guest_REDIR_STACK[hsp-1]; 402 } 403# endif 404 405 fp = (((UWord*)fp)[0]); 406 if (sps) sps[i] = fp; /* NB. not sp */ 407 if (fps) fps[i] = fp; 408 ips[i++] = ip; 409 if (debug) 410 VG_(printf)(" ipsF[%d]=%08p\n", i-1, ips[i-1]); 411 continue; 412 } 413 414 /* No luck there. We have to give up. */ 415 break; 416 } 417 } 418 419# else 420# error "Unknown platform" 421# endif 422 423 n_found = i; 424 return n_found; 425} 426 427UInt VG_(get_StackTrace) ( ThreadId tid, 428 /*OUT*/StackTrace ips, UInt n_ips, 429 /*OUT*/StackTrace sps, 430 /*OUT*/StackTrace fps, 431 Word first_ip_delta ) 432{ 433 /* thread in thread table */ 434 Addr ip = VG_(get_IP)(tid); 435 Addr fp = VG_(get_FP)(tid); 436 Addr sp = VG_(get_SP)(tid); 437 Addr lr = VG_(get_LR)(tid); 438 Addr stack_highest_word = VG_(threads)[tid].client_stack_highest_word; 439 Addr stack_lowest_word = 0; 440 441# if defined(VGP_x86_linux) 442 /* Nasty little hack to deal with syscalls - if libc is using its 443 _dl_sysinfo_int80 function for syscalls (the TLS version does), 444 then ip will always appear to be in that function when doing a 445 syscall, not the actual libc function doing the syscall. This 446 check sees if IP is within that function, and pops the return 447 address off the stack so that ip is placed within the library 448 function calling the syscall. This makes stack backtraces much 449 more useful. 450 451 The function is assumed to look like this (from glibc-2.3.6 sources): 452 _dl_sysinfo_int80: 453 int $0x80 454 ret 455 That is 3 (2+1) bytes long. We could be more thorough and check 456 the 3 bytes of the function are as expected, but I can't be 457 bothered. 458 */ 459 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */ 460 && ip >= VG_(client__dl_sysinfo_int80) 461 && ip < VG_(client__dl_sysinfo_int80)+3 462 && VG_(am_is_valid_for_client)(sp, sizeof(Addr), VKI_PROT_READ)) { 463 ip = *(Addr *)sp; 464 sp += sizeof(Addr); 465 } 466# endif 467 468 /* See if we can get a better idea of the stack limits */ 469 VG_(stack_limits)(sp, &stack_lowest_word, &stack_highest_word); 470 471 /* Take into account the first_ip_delta. */ 472 vg_assert( sizeof(Addr) == sizeof(Word) ); 473 ip += first_ip_delta; 474 475 if (0) 476 VG_(printf)("tid %d: stack_highest=0x%08lx ip=0x%08lx " 477 "sp=0x%08lx fp=0x%08lx\n", 478 tid, stack_highest_word, ip, sp, fp); 479 480 return VG_(get_StackTrace_wrk)(tid, ips, n_ips, 481 sps, fps, 482 ip, sp, fp, lr, sp, 483 stack_highest_word); 484} 485 486static void printIpDesc(UInt n, Addr ip) 487{ 488 #define BUF_LEN 4096 489 490 static UChar buf[BUF_LEN]; 491 492 VG_(describe_IP)(ip, buf, BUF_LEN); 493 494 if (VG_(clo_xml)) { 495 VG_(message)(Vg_UserMsg, " %s", buf); 496 } else { 497 VG_(message)(Vg_UserMsg, " %s %s", ( n == 0 ? "at" : "by" ), buf); 498 } 499} 500 501/* Print a StackTrace. */ 502void VG_(pp_StackTrace) ( StackTrace ips, UInt n_ips ) 503{ 504 vg_assert( n_ips > 0 ); 505 506 if (VG_(clo_xml)) 507 VG_(message)(Vg_UserMsg, " <stack>"); 508 509 VG_(apply_StackTrace)( printIpDesc, ips, n_ips ); 510 511 if (VG_(clo_xml)) 512 VG_(message)(Vg_UserMsg, " </stack>"); 513} 514 515/* Get and immediately print a StackTrace. */ 516void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt n_ips ) 517{ 518 Addr ips[n_ips]; 519 UInt n_ips_obtained 520 = VG_(get_StackTrace)(tid, ips, n_ips, 521 NULL/*array to dump SP values in*/, 522 NULL/*array to dump FP values in*/, 523 0/*first_ip_delta*/); 524 VG_(pp_StackTrace)(ips, n_ips_obtained); 525} 526 527 528void VG_(apply_StackTrace)( void(*action)(UInt n, Addr ip), 529 StackTrace ips, UInt n_ips ) 530{ 531 #define MYBUF_LEN 50 // only needs to be long enough for 532 // the names specially tested for 533 534 Bool main_done = False; 535 Char mybuf[MYBUF_LEN]; // ok to stack allocate mybuf[] -- it's tiny 536 Int i = 0; 537 538 vg_assert(n_ips > 0); 539 do { 540 Addr ip = ips[i]; 541 if (i > 0) 542 ip -= VG_MIN_INSTR_SZB; // point to calling line 543 544 // Stop after the first appearance of "main" or one of the other names 545 // (the appearance of which is a pretty good sign that we've gone past 546 // main without seeing it, for whatever reason) 547 if ( ! VG_(clo_show_below_main)) { 548 VG_(get_fnname_nodemangle)( ip, mybuf, MYBUF_LEN ); 549 mybuf[MYBUF_LEN-1] = 0; // paranoia 550 if ( VG_STREQ("main", mybuf) 551# if defined(VGO_linux) 552 || VG_STREQ("__libc_start_main", mybuf) // glibc glibness 553 || VG_STREQ("generic_start_main", mybuf) // Yellow Dog doggedness 554# endif 555 ) 556 main_done = True; 557 } 558 559 // Act on the ip 560 action(i, ip); 561 562 i++; 563 } while (i < n_ips && ips[i] != 0 && !main_done); 564 565 #undef MYBUF_LEN 566} 567 568 569/*--------------------------------------------------------------------*/ 570/*--- end ---*/ 571/*--------------------------------------------------------------------*/ 572