m_stacktrace.c revision ea395fa739ff23592fe268d54a450903d908e051
1 2/*--------------------------------------------------------------------*/ 3/*--- Take snapshots of client stacks. m_stacktrace.c ---*/ 4/*--------------------------------------------------------------------*/ 5 6/* 7 This file is part of Valgrind, a dynamic binary instrumentation 8 framework. 9 10 Copyright (C) 2000-2012 Julian Seward 11 jseward@acm.org 12 13 This program is free software; you can redistribute it and/or 14 modify it under the terms of the GNU General Public License as 15 published by the Free Software Foundation; either version 2 of the 16 License, or (at your option) any later version. 17 18 This program is distributed in the hope that it will be useful, but 19 WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with this program; if not, write to the Free Software 25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 26 02111-1307, USA. 27 28 The GNU General Public License is contained in the file COPYING. 29*/ 30 31#include "pub_core_basics.h" 32#include "pub_core_vki.h" 33#include "pub_core_libcsetjmp.h" // to keep _threadstate.h happy 34#include "pub_core_threadstate.h" 35#include "pub_core_debuginfo.h" // XXX: circular dependency 36#include "pub_core_aspacemgr.h" // For VG_(is_addressable)() 37#include "pub_core_libcbase.h" 38#include "pub_core_libcassert.h" 39#include "pub_core_libcprint.h" 40#include "pub_core_machine.h" 41#include "pub_core_options.h" 42#include "pub_core_stacks.h" // VG_(stack_limits) 43#include "pub_core_stacktrace.h" 44#include "pub_core_xarray.h" 45#include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80) 46#include "pub_core_trampoline.h" 47 48 49/*------------------------------------------------------------*/ 50/*--- ---*/ 51/*--- BEGIN platform-dependent unwinder worker functions ---*/ 52/*--- ---*/ 53/*------------------------------------------------------------*/ 54 55/* Take a snapshot of the client's stack, putting up to 'max_n_ips' 56 IPs into 'ips'. In order to be thread-safe, we pass in the 57 thread's IP SP, FP if that's meaningful, and LR if that's 58 meaningful. Returns number of IPs put in 'ips'. 59 60 If you know what the thread ID for this stack is, send that as the 61 first parameter, else send zero. This helps generate better stack 62 traces on ppc64-linux and has no effect on other platforms. 63*/ 64 65/* ------------------------ x86 ------------------------- */ 66 67#if defined(VGP_x86_linux) || defined(VGP_x86_darwin) 68 69UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 70 /*OUT*/Addr* ips, UInt max_n_ips, 71 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 72 UnwindStartRegs* startRegs, 73 Addr fp_max_orig ) 74{ 75 Bool debug = False; 76 Int i; 77 Addr fp_max; 78 UInt n_found = 0; 79 80 vg_assert(sizeof(Addr) == sizeof(UWord)); 81 vg_assert(sizeof(Addr) == sizeof(void*)); 82 83 D3UnwindRegs uregs; 84 uregs.xip = (Addr)startRegs->r_pc; 85 uregs.xsp = (Addr)startRegs->r_sp; 86 uregs.xbp = startRegs->misc.X86.r_ebp; 87 Addr fp_min = uregs.xsp; 88 89 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 90 stopping when the trail goes cold, which we guess to be 91 when FP is not a reasonable stack location. */ 92 93 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 94 // current page, at least. Dunno if it helps. 95 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 96 fp_max = VG_PGROUNDUP(fp_max_orig); 97 if (fp_max >= sizeof(Addr)) 98 fp_max -= sizeof(Addr); 99 100 if (debug) 101 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 102 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 103 max_n_ips, fp_min, fp_max_orig, fp_max, 104 uregs.xip, uregs.xbp); 105 106 /* Assertion broken before main() is reached in pthreaded programs; the 107 * offending stack traces only have one item. --njn, 2002-aug-16 */ 108 /* vg_assert(fp_min <= fp_max);*/ 109 // On Darwin, this kicks in for pthread-related stack traces, so they're 110 // only 1 entry long which is wrong. 111# if !defined(VGO_darwin) 112 if (fp_min + 512 >= fp_max) { 113 /* If the stack limits look bogus, don't poke around ... but 114 don't bomb out either. */ 115 if (sps) sps[0] = uregs.xsp; 116 if (fps) fps[0] = uregs.xbp; 117 ips[0] = uregs.xip; 118 return 1; 119 } 120# endif 121 122 /* fp is %ebp. sp is %esp. ip is %eip. */ 123 124 if (sps) sps[0] = uregs.xsp; 125 if (fps) fps[0] = uregs.xbp; 126 ips[0] = uregs.xip; 127 i = 1; 128 129 /* Loop unwinding the stack. Note that the IP value we get on 130 * each pass (whether from CFI info or a stack frame) is a 131 * return address so is actually after the calling instruction 132 * in the calling function. 133 * 134 * Because of this we subtract one from the IP after each pass 135 * of the loop so that we find the right CFI block on the next 136 * pass - otherwise we can find the wrong CFI info if it happens 137 * to change after the calling instruction and that will mean 138 * that we will fail to unwind the next step. 139 * 140 * This most frequently happens at the end of a function when 141 * a tail call occurs and we wind up using the CFI info for the 142 * next function which is completely wrong. 143 */ 144 while (True) { 145 146 if (i >= max_n_ips) 147 break; 148 149 /* Try to derive a new (ip,sp,fp) triple from the current 150 set. */ 151 152 /* On x86, first try the old-fashioned method of following the 153 %ebp-chain. Code which doesn't use this (that is, compiled 154 with -fomit-frame-pointer) is not ABI compliant and so 155 relatively rare. Besides, trying the CFI first almost always 156 fails, and is expensive. */ 157 /* Deal with frames resulting from functions which begin "pushl% 158 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */ 159 if (fp_min <= uregs.xbp && 160 uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/) 161 { 162 /* fp looks sane, so use it. */ 163 uregs.xip = (((UWord*)uregs.xbp)[1]); 164 // We stop if we hit a zero (the traditional end-of-stack 165 // marker) or a one -- these correspond to recorded IPs of 0 or -1. 166 // The latter because r8818 (in this file) changes the meaning of 167 // entries [1] and above in a stack trace, by subtracting 1 from 168 // them. Hence stacks that used to end with a zero value now end in 169 // -1 and so we must detect that too. 170 if (0 == uregs.xip || 1 == uregs.xip) break; 171 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/ 172 + sizeof(Addr) /*ra*/; 173 uregs.xbp = (((UWord*)uregs.xbp)[0]); 174 if (sps) sps[i] = uregs.xsp; 175 if (fps) fps[i] = uregs.xbp; 176 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 177 if (debug) 178 VG_(printf)(" ipsF[%d]=0x%08lx\n", i-1, ips[i-1]); 179 uregs.xip = uregs.xip - 1; 180 /* as per comment at the head of this loop */ 181 continue; 182 } 183 184 /* That didn't work out, so see if there is any CF info to hand 185 which can be used. */ 186 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 187 if (0 == uregs.xip || 1 == uregs.xip) break; 188 if (sps) sps[i] = uregs.xsp; 189 if (fps) fps[i] = uregs.xbp; 190 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 191 if (debug) 192 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]); 193 uregs.xip = uregs.xip - 1; 194 /* as per comment at the head of this loop */ 195 continue; 196 } 197 198 /* And, similarly, try for MSVC FPO unwind info. */ 199 if ( VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp, 200 fp_min, fp_max ) ) { 201 if (0 == uregs.xip || 1 == uregs.xip) break; 202 if (sps) sps[i] = uregs.xsp; 203 if (fps) fps[i] = uregs.xbp; 204 ips[i++] = uregs.xip; 205 if (debug) 206 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]); 207 uregs.xip = uregs.xip - 1; 208 continue; 209 } 210 211 /* No luck. We have to give up. */ 212 break; 213 } 214 215 n_found = i; 216 return n_found; 217} 218 219#endif 220 221/* ----------------------- amd64 ------------------------ */ 222 223#if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) 224 225UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 226 /*OUT*/Addr* ips, UInt max_n_ips, 227 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 228 UnwindStartRegs* startRegs, 229 Addr fp_max_orig ) 230{ 231 Bool debug = False; 232 Int i; 233 Addr fp_max; 234 UInt n_found = 0; 235 236 vg_assert(sizeof(Addr) == sizeof(UWord)); 237 vg_assert(sizeof(Addr) == sizeof(void*)); 238 239 D3UnwindRegs uregs; 240 uregs.xip = startRegs->r_pc; 241 uregs.xsp = startRegs->r_sp; 242 uregs.xbp = startRegs->misc.AMD64.r_rbp; 243 Addr fp_min = uregs.xsp; 244 245 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 246 stopping when the trail goes cold, which we guess to be 247 when FP is not a reasonable stack location. */ 248 249 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 250 // current page, at least. Dunno if it helps. 251 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 252 fp_max = VG_PGROUNDUP(fp_max_orig); 253 if (fp_max >= sizeof(Addr)) 254 fp_max -= sizeof(Addr); 255 256 if (debug) 257 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 258 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 259 max_n_ips, fp_min, fp_max_orig, fp_max, 260 uregs.xip, uregs.xbp); 261 262 /* Assertion broken before main() is reached in pthreaded programs; the 263 * offending stack traces only have one item. --njn, 2002-aug-16 */ 264 /* vg_assert(fp_min <= fp_max);*/ 265 // On Darwin, this kicks in for pthread-related stack traces, so they're 266 // only 1 entry long which is wrong. 267# if !defined(VGO_darwin) 268 if (fp_min + 256 >= fp_max) { 269 /* If the stack limits look bogus, don't poke around ... but 270 don't bomb out either. */ 271 if (sps) sps[0] = uregs.xsp; 272 if (fps) fps[0] = uregs.xbp; 273 ips[0] = uregs.xip; 274 return 1; 275 } 276# endif 277 278 /* fp is %rbp. sp is %rsp. ip is %rip. */ 279 280 ips[0] = uregs.xip; 281 if (sps) sps[0] = uregs.xsp; 282 if (fps) fps[0] = uregs.xbp; 283 i = 1; 284 285 /* Loop unwinding the stack. Note that the IP value we get on 286 * each pass (whether from CFI info or a stack frame) is a 287 * return address so is actually after the calling instruction 288 * in the calling function. 289 * 290 * Because of this we subtract one from the IP after each pass 291 * of the loop so that we find the right CFI block on the next 292 * pass - otherwise we can find the wrong CFI info if it happens 293 * to change after the calling instruction and that will mean 294 * that we will fail to unwind the next step. 295 * 296 * This most frequently happens at the end of a function when 297 * a tail call occurs and we wind up using the CFI info for the 298 * next function which is completely wrong. 299 */ 300 while (True) { 301 302 if (i >= max_n_ips) 303 break; 304 305 /* Try to derive a new (ip,sp,fp) triple from the current set. */ 306 307 /* First off, see if there is any CFI info to hand which can 308 be used. */ 309 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) { 310 if (0 == uregs.xip || 1 == uregs.xip) break; 311 if (sps) sps[i] = uregs.xsp; 312 if (fps) fps[i] = uregs.xbp; 313 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 314 if (debug) 315 VG_(printf)(" ipsC[%d]=%#08lx\n", i-1, ips[i-1]); 316 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 317 continue; 318 } 319 320 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so 321 we can safely try the old-fashioned method. */ 322 /* This bit is supposed to deal with frames resulting from 323 functions which begin "pushq %rbp ; movq %rsp, %rbp". 324 Unfortunately, since we can't (easily) look at the insns at 325 the start of the fn, like GDB does, there's no reliable way 326 to tell. Hence the hack of first trying out CFI, and if that 327 fails, then use this as a fallback. */ 328 /* Note: re "- 1 * sizeof(UWord)", need to take account of the 329 fact that we are prodding at & ((UWord*)fp)[1] and so need to 330 adjust the limit check accordingly. Omitting this has been 331 observed to cause segfaults on rare occasions. */ 332 if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) { 333 /* fp looks sane, so use it. */ 334 uregs.xip = (((UWord*)uregs.xbp)[1]); 335 if (0 == uregs.xip || 1 == uregs.xip) break; 336 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/ 337 + sizeof(Addr) /*ra*/; 338 uregs.xbp = (((UWord*)uregs.xbp)[0]); 339 if (sps) sps[i] = uregs.xsp; 340 if (fps) fps[i] = uregs.xbp; 341 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */ 342 if (debug) 343 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]); 344 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 345 continue; 346 } 347 348 /* Last-ditch hack (evidently GDB does something similar). We 349 are in the middle of nowhere and we have a nonsense value for 350 the frame pointer. If the stack pointer is still valid, 351 assume that what it points at is a return address. Yes, 352 desperate measures. Could do better here: 353 - check that the supposed return address is in 354 an executable page 355 - check that the supposed return address is just after a call insn 356 - given those two checks, don't just consider *sp as the return 357 address; instead scan a likely section of stack (eg sp .. sp+256) 358 and use suitable values found there. 359 */ 360 if (fp_min <= uregs.xsp && uregs.xsp < fp_max) { 361 uregs.xip = ((UWord*)uregs.xsp)[0]; 362 if (0 == uregs.xip || 1 == uregs.xip) break; 363 if (sps) sps[i] = uregs.xsp; 364 if (fps) fps[i] = uregs.xbp; 365 ips[i++] = uregs.xip == 0 366 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a 367 thread stack */ 368 : uregs.xip - 1; 369 /* -1: refer to calling insn, not the RA */ 370 if (debug) 371 VG_(printf)(" ipsH[%d]=%#08lx\n", i-1, ips[i-1]); 372 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */ 373 uregs.xsp += 8; 374 continue; 375 } 376 377 /* No luck at all. We have to give up. */ 378 break; 379 } 380 381 n_found = i; 382 return n_found; 383} 384 385#endif 386 387/* -----------------------ppc32/64 ---------------------- */ 388 389#if defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux) 390 391UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 392 /*OUT*/Addr* ips, UInt max_n_ips, 393 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 394 UnwindStartRegs* startRegs, 395 Addr fp_max_orig ) 396{ 397 Bool lr_is_first_RA = False; 398# if defined(VG_PLAT_USES_PPCTOC) 399 Word redir_stack_size = 0; 400 Word redirs_used = 0; 401# endif 402 403 Bool debug = False; 404 Int i; 405 Addr fp_max; 406 UInt n_found = 0; 407 408 vg_assert(sizeof(Addr) == sizeof(UWord)); 409 vg_assert(sizeof(Addr) == sizeof(void*)); 410 411 Addr ip = (Addr)startRegs->r_pc; 412 Addr sp = (Addr)startRegs->r_sp; 413 Addr fp = sp; 414# if defined(VGP_ppc32_linux) 415 Addr lr = startRegs->misc.PPC32.r_lr; 416# elif defined(VGP_ppc64_linux) 417 Addr lr = startRegs->misc.PPC64.r_lr; 418# endif 419 Addr fp_min = sp; 420 421 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 422 stopping when the trail goes cold, which we guess to be 423 when FP is not a reasonable stack location. */ 424 425 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 426 // current page, at least. Dunno if it helps. 427 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 428 fp_max = VG_PGROUNDUP(fp_max_orig); 429 if (fp_max >= sizeof(Addr)) 430 fp_max -= sizeof(Addr); 431 432 if (debug) 433 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 434 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n", 435 max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp); 436 437 /* Assertion broken before main() is reached in pthreaded programs; the 438 * offending stack traces only have one item. --njn, 2002-aug-16 */ 439 /* vg_assert(fp_min <= fp_max);*/ 440 if (fp_min + 512 >= fp_max) { 441 /* If the stack limits look bogus, don't poke around ... but 442 don't bomb out either. */ 443 if (sps) sps[0] = sp; 444 if (fps) fps[0] = fp; 445 ips[0] = ip; 446 return 1; 447 } 448 449 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and 450 frame pointers. */ 451 452# if defined(VGP_ppc64_linux) 453 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE; 454 redirs_used = 0; 455# endif 456 457# if defined(VG_PLAT_USES_PPCTOC) 458 /* Deal with bogus LR values caused by function 459 interception/wrapping on ppc-TOC platforms; see comment on 460 similar code a few lines further down. */ 461 if (ULong_to_Ptr(lr) == (void*)&VG_(ppctoc_magic_redirect_return_stub) 462 && VG_(is_valid_tid)(tid_if_known)) { 463 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP; 464 redirs_used++; 465 if (hsp >= 1 && hsp < redir_stack_size) 466 lr = VG_(threads)[tid_if_known] 467 .arch.vex.guest_REDIR_STACK[hsp-1]; 468 } 469# endif 470 471 /* We have to determine whether or not LR currently holds this fn 472 (call it F)'s return address. It might not if F has previously 473 called some other function, hence overwriting LR with a pointer 474 to some part of F. Hence if LR and IP point to the same 475 function then we conclude LR does not hold this function's 476 return address; instead the LR at entry must have been saved in 477 the stack by F's prologue and so we must get it from there 478 instead. Note all this guff only applies to the innermost 479 frame. */ 480 lr_is_first_RA = False; 481 { 482# define M_VG_ERRTXT 1000 483 HChar buf_lr[M_VG_ERRTXT], buf_ip[M_VG_ERRTXT]; 484 /* The following conditional looks grossly inefficient and 485 surely could be majorly improved, with not much effort. */ 486 if (VG_(get_fnname_raw) (lr, buf_lr, M_VG_ERRTXT)) 487 if (VG_(get_fnname_raw) (ip, buf_ip, M_VG_ERRTXT)) 488 if (VG_(strncmp)(buf_lr, buf_ip, M_VG_ERRTXT)) 489 lr_is_first_RA = True; 490# undef M_VG_ERRTXT 491 } 492 493 if (sps) sps[0] = fp; /* NB. not sp */ 494 if (fps) fps[0] = fp; 495 ips[0] = ip; 496 i = 1; 497 498 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) { 499 500 /* initial FP is sane; keep going */ 501 fp = (((UWord*)fp)[0]); 502 503 while (True) { 504 505 /* On ppc64-linux (ppc64-elf, really), the lr save 506 slot is 2 words back from sp, whereas on ppc32-elf(?) it's 507 only one word back. */ 508# if defined(VG_PLAT_USES_PPCTOC) 509 const Int lr_offset = 2; 510# else 511 const Int lr_offset = 1; 512# endif 513 514 if (i >= max_n_ips) 515 break; 516 517 /* Try to derive a new (ip,fp) pair from the current set. */ 518 519 if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) { 520 /* fp looks sane, so use it. */ 521 522 if (i == 1 && lr_is_first_RA) 523 ip = lr; 524 else 525 ip = (((UWord*)fp)[lr_offset]); 526 527# if defined(VG_PLAT_USES_PPCTOC) 528 /* Nasty hack to do with function replacement/wrapping on 529 ppc64-linux. If LR points to our magic return stub, 530 then we are in a wrapped or intercepted function, in 531 which LR has been messed with. The original LR will 532 have been pushed onto the thread's hidden REDIR stack 533 one down from the top (top element is the saved R2) and 534 so we should restore the value from there instead. 535 Since nested redirections can and do happen, we keep 536 track of the number of nested LRs used by the unwinding 537 so far with 'redirs_used'. */ 538 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub) 539 && VG_(is_valid_tid)(tid_if_known)) { 540 Word hsp = VG_(threads)[tid_if_known] 541 .arch.vex.guest_REDIR_SP; 542 hsp -= 2 * redirs_used; 543 redirs_used ++; 544 if (hsp >= 1 && hsp < redir_stack_size) 545 ip = VG_(threads)[tid_if_known] 546 .arch.vex.guest_REDIR_STACK[hsp-1]; 547 } 548# endif 549 550 if (0 == ip || 1 == ip) break; 551 if (sps) sps[i] = fp; /* NB. not sp */ 552 if (fps) fps[i] = fp; 553 fp = (((UWord*)fp)[0]); 554 ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */ 555 if (debug) 556 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]); 557 ip = ip - 1; /* ip is probably dead at this point, but 558 play safe, a la x86/amd64 above. See 559 extensive comments above. */ 560 continue; 561 } 562 563 /* No luck there. We have to give up. */ 564 break; 565 } 566 } 567 568 n_found = i; 569 return n_found; 570} 571 572#endif 573 574/* ------------------------ arm ------------------------- */ 575 576#if defined(VGP_arm_linux) 577 578static Bool in_same_fn ( Addr a1, Addr a2 ) 579{ 580# define M_VG_ERRTXT 500 581 UChar buf_a1[M_VG_ERRTXT], buf_a2[M_VG_ERRTXT]; 582 /* The following conditional looks grossly inefficient and 583 surely could be majorly improved, with not much effort. */ 584 if (VG_(get_fnname_raw) (a1, buf_a1, M_VG_ERRTXT)) 585 if (VG_(get_fnname_raw) (a2, buf_a2, M_VG_ERRTXT)) 586 if (VG_(strncmp)(buf_a1, buf_a2, M_VG_ERRTXT)) 587 return True; 588# undef M_VG_ERRTXT 589 return False; 590} 591 592static Bool in_same_page ( Addr a1, Addr a2 ) { 593 return (a1 & ~0xFFF) == (a2 & ~0xFFF); 594} 595 596static Addr abs_diff ( Addr a1, Addr a2 ) { 597 return (Addr)(a1 > a2 ? a1 - a2 : a2 - a1); 598} 599 600static Bool has_XT_perms ( Addr a ) 601{ 602 NSegment const* seg = VG_(am_find_nsegment)(a); 603 return seg && seg->hasX && seg->hasT; 604} 605 606static Bool looks_like_Thumb_call32 ( UShort w0, UShort w1 ) 607{ 608 if (0) 609 VG_(printf)("isT32call %04x %04x\n", (UInt)w0, (UInt)w1); 610 // BL simm26 611 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True; 612 // BLX simm26 613 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True; 614 return False; 615} 616 617static Bool looks_like_Thumb_call16 ( UShort w0 ) 618{ 619 return False; 620} 621 622static Bool looks_like_ARM_call ( UInt a0 ) 623{ 624 if (0) 625 VG_(printf)("isA32call %08x\n", a0); 626 // Leading E forces unconditional only -- fix 627 if ((a0 & 0xFF000000) == 0xEB000000) return True; 628 return False; 629} 630 631static Bool looks_like_RA ( Addr ra ) 632{ 633 /* 'ra' is a plausible return address if it points to 634 an instruction after a call insn. */ 635 Bool isT = (ra & 1); 636 if (isT) { 637 // returning to Thumb code 638 ra &= ~1; 639 ra -= 4; 640 if (has_XT_perms(ra)) { 641 UShort w0 = *(UShort*)ra; 642 UShort w1 = in_same_page(ra, ra+2) ? *(UShort*)(ra+2) : 0; 643 if (looks_like_Thumb_call16(w1) || looks_like_Thumb_call32(w0,w1)) 644 return True; 645 } 646 } else { 647 // ARM 648 ra &= ~3; 649 ra -= 4; 650 if (has_XT_perms(ra)) { 651 UInt a0 = *(UInt*)ra; 652 if (looks_like_ARM_call(a0)) 653 return True; 654 } 655 } 656 return False; 657} 658 659UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 660 /*OUT*/Addr* ips, UInt max_n_ips, 661 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 662 UnwindStartRegs* startRegs, 663 Addr fp_max_orig ) 664{ 665 Bool debug = False; 666 Int i; 667 Addr fp_max; 668 UInt n_found = 0; 669 670 vg_assert(sizeof(Addr) == sizeof(UWord)); 671 vg_assert(sizeof(Addr) == sizeof(void*)); 672 673 D3UnwindRegs uregs; 674 uregs.r15 = startRegs->r_pc & 0xFFFFFFFE; 675 uregs.r14 = startRegs->misc.ARM.r14; 676 uregs.r13 = startRegs->r_sp; 677 uregs.r12 = startRegs->misc.ARM.r12; 678 uregs.r11 = startRegs->misc.ARM.r11; 679 uregs.r7 = startRegs->misc.ARM.r7; 680 Addr fp_min = uregs.r13; 681 682 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 683 stopping when the trail goes cold, which we guess to be 684 when FP is not a reasonable stack location. */ 685 686 // JRS 2002-sep-17: hack, to round up fp_max to the end of the 687 // current page, at least. Dunno if it helps. 688 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again 689 fp_max = VG_PGROUNDUP(fp_max_orig); 690 if (fp_max >= sizeof(Addr)) 691 fp_max -= sizeof(Addr); 692 693 if (debug) 694 VG_(printf)("\nmax_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 695 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n", 696 max_n_ips, fp_min, fp_max_orig, fp_max, 697 uregs.r15, uregs.r13); 698 699 /* Assertion broken before main() is reached in pthreaded programs; the 700 * offending stack traces only have one item. --njn, 2002-aug-16 */ 701 /* vg_assert(fp_min <= fp_max);*/ 702 // On Darwin, this kicks in for pthread-related stack traces, so they're 703 // only 1 entry long which is wrong. 704 if (fp_min + 512 >= fp_max) { 705 /* If the stack limits look bogus, don't poke around ... but 706 don't bomb out either. */ 707 if (sps) sps[0] = uregs.r13; 708 if (fps) fps[0] = 0; 709 ips[0] = uregs.r15; 710 return 1; 711 } 712 713 /* */ 714 715 if (sps) sps[0] = uregs.r13; 716 if (fps) fps[0] = 0; 717 ips[0] = uregs.r15; 718 i = 1; 719 720 /* Loop unwinding the stack. */ 721 Bool do_stack_scan = False; 722 723 while (True) { 724 if (debug) { 725 VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n", 726 i, uregs.r15, uregs.r13); 727 } 728 729 if (i >= max_n_ips) 730 break; 731 732 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 733 if (sps) sps[i] = uregs.r13; 734 if (fps) fps[i] = 0; 735 ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1; 736 if (debug) 737 VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n", 738 uregs.r15, uregs.r13); 739 uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1; 740 continue; 741 } 742 /* No luck. We have to give up. */ 743 do_stack_scan = True; 744 break; 745 } 746 747 if (0/*DISABLED BY DEFAULT*/ && do_stack_scan && i < max_n_ips && i <= 2) { 748 Int nByStackScan = 0; 749 Addr lr = uregs.r14; 750 Addr sp = uregs.r13 & ~3; 751 Addr pc = uregs.r15; 752 // First see if LR contains 753 // something that could be a valid return address. 754 if (!in_same_fn(lr, pc) && looks_like_RA(lr)) { 755 // take it only if 'cand' isn't obviously a duplicate 756 // of the last found IP value 757 Addr cand = (lr & 0xFFFFFFFE) - 1; 758 if (abs_diff(cand, ips[i-1]) > 1) { 759 if (sps) sps[i] = 0; 760 if (fps) fps[i] = 0; 761 ips[i++] = cand; 762 nByStackScan++; 763 } 764 } 765 while (in_same_page(sp, uregs.r13)) { 766 if (i >= max_n_ips) 767 break; 768 // we're in the same page; fairly safe to keep going 769 UWord w = *(UWord*)(sp & ~0x3); 770 if (looks_like_RA(w)) { 771 Addr cand = (w & 0xFFFFFFFE) - 1; 772 // take it only if 'cand' isn't obviously a duplicate 773 // of the last found IP value 774 if (abs_diff(cand, ips[i-1]) > 1) { 775 if (sps) sps[i] = 0; 776 if (fps) fps[i] = 0; 777 ips[i++] = cand; 778 if (++nByStackScan >= 5) break; 779 } 780 } 781 sp += 4; 782 } 783 } 784 785 n_found = i; 786 return n_found; 787} 788 789#endif 790 791/* ------------------------ s390x ------------------------- */ 792 793#if defined(VGP_s390x_linux) 794 795UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 796 /*OUT*/Addr* ips, UInt max_n_ips, 797 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 798 UnwindStartRegs* startRegs, 799 Addr fp_max_orig ) 800{ 801 Bool debug = False; 802 Int i; 803 Addr fp_max; 804 UInt n_found = 0; 805 806 vg_assert(sizeof(Addr) == sizeof(UWord)); 807 vg_assert(sizeof(Addr) == sizeof(void*)); 808 809 D3UnwindRegs uregs; 810 uregs.ia = startRegs->r_pc; 811 uregs.sp = startRegs->r_sp; 812 Addr fp_min = uregs.sp; 813 uregs.fp = startRegs->misc.S390X.r_fp; 814 uregs.lr = startRegs->misc.S390X.r_lr; 815 816 fp_max = VG_PGROUNDUP(fp_max_orig); 817 if (fp_max >= sizeof(Addr)) 818 fp_max -= sizeof(Addr); 819 820 if (debug) 821 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 822 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n", 823 max_n_ips, fp_min, fp_max_orig, fp_max, 824 uregs.ia, uregs.sp,uregs.fp); 825 826 /* The first frame is pretty obvious */ 827 ips[0] = uregs.ia; 828 if (sps) sps[0] = uregs.sp; 829 if (fps) fps[0] = uregs.fp; 830 i = 1; 831 832 /* for everything else we have to rely on the eh_frame. gcc defaults to 833 not create a backchain and all the other tools (like gdb) also have 834 to use the CFI. */ 835 while (True) { 836 if (i >= max_n_ips) 837 break; 838 839 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 840 if (sps) sps[i] = uregs.sp; 841 if (fps) fps[i] = uregs.fp; 842 ips[i++] = uregs.ia - 1; 843 uregs.ia = uregs.ia - 1; 844 continue; 845 } 846 /* A problem on the first frame? Lets assume it was a bad jump. 847 We will use the link register and the current stack and frame 848 pointers and see if we can use the CFI in the next round. */ 849 if (i == 1) { 850 if (sps) { 851 sps[i] = sps[0]; 852 uregs.sp = sps[0]; 853 } 854 if (fps) { 855 fps[i] = fps[0]; 856 uregs.fp = fps[0]; 857 } 858 uregs.ia = uregs.lr - 1; 859 ips[i++] = uregs.lr - 1; 860 continue; 861 } 862 863 /* No luck. We have to give up. */ 864 break; 865 } 866 867 n_found = i; 868 return n_found; 869} 870 871#endif 872 873/* ------------------------ mips 32------------------------- */ 874 875#if defined(VGP_mips32_linux) 876 877UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known, 878 /*OUT*/Addr* ips, UInt max_n_ips, 879 /*OUT*/Addr* sps, /*OUT*/Addr* fps, 880 UnwindStartRegs* startRegs, 881 Addr fp_max_orig ) 882{ 883 Bool debug = False; 884 Int i; 885 Addr fp_max; 886 UInt n_found = 0; 887 888 vg_assert(sizeof(Addr) == sizeof(UWord)); 889 vg_assert(sizeof(Addr) == sizeof(void*)); 890 891 D3UnwindRegs uregs; 892 uregs.pc = startRegs->r_pc; 893 uregs.sp = startRegs->r_sp; 894 Addr fp_min = uregs.sp; 895 896 uregs.fp = startRegs->misc.MIPS32.r30; 897 uregs.ra = startRegs->misc.MIPS32.r31; 898 899 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1], 900 stopping when the trail goes cold, which we guess to be 901 when FP is not a reasonable stack location. */ 902 903 fp_max = VG_PGROUNDUP(fp_max_orig); 904 if (fp_max >= sizeof(Addr)) 905 fp_max -= sizeof(Addr); 906 907 if (debug) 908 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, " 909 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n", 910 max_n_ips, fp_min, fp_max_orig, fp_max, 911 uregs.pc, uregs.sp, uregs.fp); 912 913 if (sps) sps[0] = uregs.sp; 914 if (fps) fps[0] = uregs.fp; 915 ips[0] = uregs.pc; 916 i = 1; 917 918 /* Loop unwinding the stack. */ 919 920 while (True) { 921 if (debug) { 922 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n", 923 i, uregs.pc, uregs.sp, uregs.ra); 924 } 925 if (i >= max_n_ips) 926 break; 927 928 D3UnwindRegs uregs_copy = uregs; 929 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) { 930 if (debug) 931 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n", 932 uregs.pc, uregs.sp, uregs.ra); 933 if (0 != uregs.pc && 1 != uregs.pc) { 934 if (sps) sps[i] = uregs.sp; 935 if (fps) fps[i] = uregs.fp; 936 ips[i++] = uregs.pc - 4; 937 uregs.pc = uregs.pc - 4; 938 continue; 939 } else 940 uregs = uregs_copy; 941 } 942 943 int seen_sp_adjust = 0; 944 long frame_offset = 0; 945 PtrdiffT offset; 946 if (VG_(get_inst_offset_in_function)(uregs.pc, &offset)) { 947 Addr start_pc = uregs.pc - offset; 948 Addr limit_pc = uregs.pc; 949 Addr cur_pc; 950 for (cur_pc = start_pc; cur_pc < limit_pc; cur_pc += 4) { 951 unsigned long inst, high_word, low_word; 952 unsigned long * cur_inst; 953 int reg; 954 /* Fetch the instruction. */ 955 cur_inst = (unsigned long *)cur_pc; 956 inst = *((UInt *) cur_inst); 957 if(debug) 958 VG_(printf)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc, inst); 959 960 /* Save some code by pre-extracting some useful fields. */ 961 high_word = (inst >> 16) & 0xffff; 962 low_word = inst & 0xffff; 963 reg = high_word & 0x1f; 964 965 if (high_word == 0x27bd /* addiu $sp,$sp,-i */ 966 || high_word == 0x23bd /* addi $sp,$sp,-i */ 967 || high_word == 0x67bd) { /* daddiu $sp,$sp,-i */ 968 if (low_word & 0x8000) /* negative stack adjustment? */ 969 frame_offset += 0x10000 - low_word; 970 else 971 /* Exit loop if a positive stack adjustment is found, which 972 usually means that the stack cleanup code in the function 973 epilogue is reached. */ 974 break; 975 seen_sp_adjust = 1; 976 } 977 } 978 if(debug) 979 VG_(printf)("offset: 0x%lx\n", frame_offset); 980 } 981 if (seen_sp_adjust) { 982 if (0 == uregs.pc || 1 == uregs.pc) break; 983 if (uregs.pc == uregs.ra - 8) break; 984 if (sps) { 985 sps[i] = uregs.sp + frame_offset; 986 } 987 uregs.sp = uregs.sp + frame_offset; 988 989 if (fps) { 990 fps[i] = fps[0]; 991 uregs.fp = fps[0]; 992 } 993 if (0 == uregs.ra || 1 == uregs.ra) break; 994 uregs.pc = uregs.ra - 8; 995 ips[i++] = uregs.ra - 8; 996 continue; 997 } 998 999 if (i == 1) { 1000 if (sps) { 1001 sps[i] = sps[0]; 1002 uregs.sp = sps[0]; 1003 } 1004 if (fps) { 1005 fps[i] = fps[0]; 1006 uregs.fp = fps[0]; 1007 } 1008 if (0 == uregs.ra || 1 == uregs.ra) break; 1009 uregs.pc = uregs.ra - 8; 1010 ips[i++] = uregs.ra - 8; 1011 continue; 1012 } 1013 /* No luck. We have to give up. */ 1014 break; 1015 } 1016 1017 n_found = i; 1018 return n_found; 1019} 1020 1021#endif 1022 1023 1024/*------------------------------------------------------------*/ 1025/*--- ---*/ 1026/*--- END platform-dependent unwinder worker functions ---*/ 1027/*--- ---*/ 1028/*------------------------------------------------------------*/ 1029 1030/*------------------------------------------------------------*/ 1031/*--- Exported functions. ---*/ 1032/*------------------------------------------------------------*/ 1033 1034UInt VG_(get_StackTrace) ( ThreadId tid, 1035 /*OUT*/StackTrace ips, UInt max_n_ips, 1036 /*OUT*/StackTrace sps, 1037 /*OUT*/StackTrace fps, 1038 Word first_ip_delta ) 1039{ 1040 /* Get the register values with which to start the unwind. */ 1041 UnwindStartRegs startRegs; 1042 VG_(memset)( &startRegs, 0, sizeof(startRegs) ); 1043 VG_(get_UnwindStartRegs)( &startRegs, tid ); 1044 1045 Addr stack_highest_word = VG_(threads)[tid].client_stack_highest_word; 1046 Addr stack_lowest_word = 0; 1047 1048# if defined(VGP_x86_linux) 1049 /* Nasty little hack to deal with syscalls - if libc is using its 1050 _dl_sysinfo_int80 function for syscalls (the TLS version does), 1051 then ip will always appear to be in that function when doing a 1052 syscall, not the actual libc function doing the syscall. This 1053 check sees if IP is within that function, and pops the return 1054 address off the stack so that ip is placed within the library 1055 function calling the syscall. This makes stack backtraces much 1056 more useful. 1057 1058 The function is assumed to look like this (from glibc-2.3.6 sources): 1059 _dl_sysinfo_int80: 1060 int $0x80 1061 ret 1062 That is 3 (2+1) bytes long. We could be more thorough and check 1063 the 3 bytes of the function are as expected, but I can't be 1064 bothered. 1065 */ 1066 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */ 1067 && startRegs.r_pc >= VG_(client__dl_sysinfo_int80) 1068 && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3 1069 && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr), 1070 VKI_PROT_READ)) { 1071 startRegs.r_pc = (ULong) *(Addr*)(UWord)startRegs.r_sp; 1072 startRegs.r_sp += (ULong) sizeof(Addr); 1073 } 1074# endif 1075 1076 /* See if we can get a better idea of the stack limits */ 1077 VG_(stack_limits)( (Addr)startRegs.r_sp, 1078 &stack_lowest_word, &stack_highest_word ); 1079 1080 /* Take into account the first_ip_delta. */ 1081 startRegs.r_pc += (Long)(Word)first_ip_delta; 1082 1083 if (0) 1084 VG_(printf)("tid %d: stack_highest=0x%08lx ip=0x%010llx " 1085 "sp=0x%010llx\n", 1086 tid, stack_highest_word, 1087 startRegs.r_pc, startRegs.r_sp); 1088 1089 return VG_(get_StackTrace_wrk)(tid, ips, max_n_ips, 1090 sps, fps, 1091 &startRegs, 1092 stack_highest_word); 1093} 1094 1095static void printIpDesc(UInt n, Addr ip, void* uu_opaque) 1096{ 1097 #define BUF_LEN 4096 1098 1099 static HChar buf[BUF_LEN]; 1100 1101 VG_(describe_IP)(ip, buf, BUF_LEN); 1102 1103 if (VG_(clo_xml)) { 1104 VG_(printf_xml)(" %s\n", buf); 1105 } else { 1106 VG_(message)(Vg_UserMsg, " %s %s\n", ( n == 0 ? "at" : "by" ), buf); 1107 } 1108} 1109 1110/* Print a StackTrace. */ 1111void VG_(pp_StackTrace) ( StackTrace ips, UInt n_ips ) 1112{ 1113 vg_assert( n_ips > 0 ); 1114 1115 if (VG_(clo_xml)) 1116 VG_(printf_xml)(" <stack>\n"); 1117 1118 VG_(apply_StackTrace)( printIpDesc, NULL, ips, n_ips ); 1119 1120 if (VG_(clo_xml)) 1121 VG_(printf_xml)(" </stack>\n"); 1122} 1123 1124/* Get and immediately print a StackTrace. */ 1125void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips ) 1126{ 1127 Addr ips[max_n_ips]; 1128 UInt n_ips 1129 = VG_(get_StackTrace)(tid, ips, max_n_ips, 1130 NULL/*array to dump SP values in*/, 1131 NULL/*array to dump FP values in*/, 1132 0/*first_ip_delta*/); 1133 VG_(pp_StackTrace)(ips, n_ips); 1134} 1135 1136void VG_(apply_StackTrace)( 1137 void(*action)(UInt n, Addr ip, void* opaque), 1138 void* opaque, 1139 StackTrace ips, UInt n_ips 1140 ) 1141{ 1142 Bool main_done = False; 1143 Int i = 0; 1144 1145 vg_assert(n_ips > 0); 1146 do { 1147 Addr ip = ips[i]; 1148 1149 // Stop after the first appearance of "main" or one of the other names 1150 // (the appearance of which is a pretty good sign that we've gone past 1151 // main without seeing it, for whatever reason) 1152 if ( ! VG_(clo_show_below_main) ) { 1153 Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ip); 1154 if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind) { 1155 main_done = True; 1156 } 1157 } 1158 1159 // Act on the ip 1160 action(i, ip, opaque); 1161 1162 i++; 1163 } while (i < n_ips && !main_done); 1164 1165 #undef MYBUF_LEN 1166} 1167 1168 1169/*--------------------------------------------------------------------*/ 1170/*--- end ---*/ 1171/*--------------------------------------------------------------------*/ 1172