1 /* libunwind - a platform-independent unwind library
2 Copyright (C) 2010, 2011 by FERMI NATIONAL ACCELERATOR LABORATORY
3
4 This file is part of libunwind.
5
6 Permission is hereby granted, free of charge, to any person obtaining
7 a copy of this software and associated documentation files (the
8 "Software"), to deal in the Software without restriction, including
9 without limitation the rights to use, copy, modify, merge, publish,
10 distribute, sublicense, and/or sell copies of the Software, and to
11 permit persons to whom the Software is furnished to do so, subject to
12 the following conditions:
13
14 The above copyright notice and this permission notice shall be
15 included in all copies or substantial portions of the Software.
16
17 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
21 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
22 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
23 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
24
25 #include "libunwind_i.h"
26 #include "unwind_i.h"
27 #include "ucontext_i.h"
28 #include <signal.h>
29 #include <limits.h>
30
31 #pragma weak pthread_once
32 #pragma weak pthread_key_create
33 #pragma weak pthread_getspecific
34 #pragma weak pthread_setspecific
35
36 /* Initial hash table size. Table expands by 2 bits (times four). */
37 #define HASH_MIN_BITS 14
38
39 typedef struct
40 {
41 unw_tdep_frame_t *frames;
42 size_t log_size;
43 size_t used;
44 size_t dtor_count; /* Counts how many times our destructor has already
45 been called. */
46 } unw_trace_cache_t;
47
48 static const unw_tdep_frame_t empty_frame = { 0, UNW_X86_64_FRAME_OTHER, -1, -1, 0, -1, -1 };
49 static define_lock (trace_init_lock);
50 static pthread_once_t trace_cache_once = PTHREAD_ONCE_INIT;
51 static sig_atomic_t trace_cache_once_happen;
52 static pthread_key_t trace_cache_key;
53 static struct mempool trace_cache_pool;
54 static _Thread_local unw_trace_cache_t *tls_cache;
55 static _Thread_local int tls_cache_destroyed;
56
57 /* Free memory for a thread's trace cache. */
58 static void
trace_cache_free(void * arg)59 trace_cache_free (void *arg)
60 {
61 unw_trace_cache_t *cache = arg;
62 if (++cache->dtor_count < PTHREAD_DESTRUCTOR_ITERATIONS)
63 {
64 /* Not yet our turn to get destroyed. Re-install ourselves into the key. */
65 pthread_setspecific(trace_cache_key, cache);
66 Debug(5, "delayed freeing cache %p (%zx to go)\n", cache,
67 PTHREAD_DESTRUCTOR_ITERATIONS - cache->dtor_count);
68 return;
69 }
70 tls_cache_destroyed = 1;
71 tls_cache = NULL;
72 munmap (cache->frames, (1u << cache->log_size) * sizeof(unw_tdep_frame_t));
73 mempool_free (&trace_cache_pool, cache);
74 Debug(5, "freed cache %p\n", cache);
75 }
76
77 /* Initialise frame tracing for threaded use. */
78 static void
trace_cache_init_once(void)79 trace_cache_init_once (void)
80 {
81 pthread_key_create (&trace_cache_key, &trace_cache_free);
82 mempool_init (&trace_cache_pool, sizeof (unw_trace_cache_t), 0);
83 trace_cache_once_happen = 1;
84 }
85
86 static unw_tdep_frame_t *
trace_cache_buckets(size_t n)87 trace_cache_buckets (size_t n)
88 {
89 unw_tdep_frame_t *frames;
90 size_t i;
91
92 GET_MEMORY(frames, n * sizeof (unw_tdep_frame_t));
93 if (likely(frames != NULL))
94 for (i = 0; i < n; ++i)
95 frames[i] = empty_frame;
96
97 return frames;
98 }
99
100 /* Allocate and initialise hash table for frame cache lookups.
101 Returns the cache initialised with (1u << HASH_LOW_BITS) hash
102 buckets, or NULL if there was a memory allocation problem. */
103 static unw_trace_cache_t *
trace_cache_create(void)104 trace_cache_create (void)
105 {
106 unw_trace_cache_t *cache;
107
108 if (tls_cache_destroyed)
109 {
110 /* The current thread is in the process of exiting. Don't recreate
111 cache, as we wouldn't have another chance to free it. */
112 Debug(5, "refusing to reallocate cache: "
113 "thread-locals are being deallocated\n");
114 return NULL;
115 }
116
117 if (! (cache = mempool_alloc(&trace_cache_pool)))
118 {
119 Debug(5, "failed to allocate cache\n");
120 return NULL;
121 }
122
123 if (! (cache->frames = trace_cache_buckets(1u << HASH_MIN_BITS)))
124 {
125 Debug(5, "failed to allocate buckets\n");
126 mempool_free(&trace_cache_pool, cache);
127 return NULL;
128 }
129
130 cache->log_size = HASH_MIN_BITS;
131 cache->used = 0;
132 cache->dtor_count = 0;
133 tls_cache_destroyed = 0; /* Paranoia: should already be 0. */
134 Debug(5, "allocated cache %p\n", cache);
135 return cache;
136 }
137
138 /* Expand the hash table in the frame cache if possible. This always
139 quadruples the hash size, and clears all previous frame entries. */
140 static int
trace_cache_expand(unw_trace_cache_t * cache)141 trace_cache_expand (unw_trace_cache_t *cache)
142 {
143 size_t old_size = (1u << cache->log_size);
144 size_t new_log_size = cache->log_size + 2;
145 unw_tdep_frame_t *new_frames = trace_cache_buckets (1u << new_log_size);
146
147 if (unlikely(! new_frames))
148 {
149 Debug(5, "failed to expand cache to 2^%lu buckets\n", new_log_size);
150 return -UNW_ENOMEM;
151 }
152
153 Debug(5, "expanded cache from 2^%lu to 2^%lu buckets\n", cache->log_size, new_log_size);
154 munmap(cache->frames, old_size * sizeof(unw_tdep_frame_t));
155 cache->frames = new_frames;
156 cache->log_size = new_log_size;
157 cache->used = 0;
158 return 0;
159 }
160
161 static unw_trace_cache_t *
trace_cache_get_unthreaded(void)162 trace_cache_get_unthreaded (void)
163 {
164 unw_trace_cache_t *cache;
165 intrmask_t saved_mask;
166 static unw_trace_cache_t *global_cache = NULL;
167 lock_acquire (&trace_init_lock, saved_mask);
168 if (! global_cache)
169 {
170 mempool_init (&trace_cache_pool, sizeof (unw_trace_cache_t), 0);
171 global_cache = trace_cache_create ();
172 }
173 cache = global_cache;
174 lock_release (&trace_init_lock, saved_mask);
175 Debug(5, "using cache %p\n", cache);
176 return cache;
177 }
178
179 /* Get the frame cache for the current thread. Create it if there is none. */
180 static unw_trace_cache_t *
trace_cache_get(void)181 trace_cache_get (void)
182 {
183 unw_trace_cache_t *cache;
184 if (likely (pthread_once != NULL))
185 {
186 pthread_once(&trace_cache_once, &trace_cache_init_once);
187 if (!trace_cache_once_happen)
188 {
189 return trace_cache_get_unthreaded();
190 }
191 if (! (cache = tls_cache))
192 {
193 cache = trace_cache_create();
194 pthread_setspecific(trace_cache_key, cache);
195 tls_cache = cache;
196 }
197 Debug(5, "using cache %p\n", cache);
198 return cache;
199 }
200 else
201 {
202 return trace_cache_get_unthreaded();
203 }
204 }
205
206 /* Initialise frame properties for address cache slot F at address
207 RIP using current CFA, RBP and RSP values. Modifies CURSOR to
208 that location, performs one unw_step(), and fills F with what
209 was discovered about the location. Returns F.
210 */
211 static unw_tdep_frame_t *
trace_init_addr(unw_tdep_frame_t * f,unw_cursor_t * cursor,unw_word_t cfa,unw_word_t rip,unw_word_t rbp,unw_word_t rsp)212 trace_init_addr (unw_tdep_frame_t *f,
213 unw_cursor_t *cursor,
214 unw_word_t cfa,
215 unw_word_t rip,
216 unw_word_t rbp,
217 unw_word_t rsp)
218 {
219 struct cursor *c = (struct cursor *) cursor;
220 struct dwarf_cursor *d = &c->dwarf;
221 int ret = -UNW_EINVAL;
222
223 /* Initialise frame properties: unknown, not last. */
224 f->virtual_address = rip;
225 f->frame_type = UNW_X86_64_FRAME_OTHER;
226 f->last_frame = 0;
227 f->cfa_reg_rsp = -1;
228 f->cfa_reg_offset = 0;
229 f->rbp_cfa_offset = -1;
230 f->rsp_cfa_offset = -1;
231
232 /* Reinitialise cursor to this instruction - but undo next/prev RIP
233 adjustment because unw_step will redo it - and force RIP, RBP
234 RSP into register locations (=~ ucontext we keep), then set
235 their desired values. Then perform the step. */
236 d->ip = rip + d->use_prev_instr;
237 d->cfa = cfa;
238 for(int i = 0; i < DWARF_NUM_PRESERVED_REGS; i++) {
239 d->loc[i] = DWARF_NULL_LOC;
240 }
241 d->loc[UNW_X86_64_RIP] = DWARF_REG_LOC (d, UNW_X86_64_RIP);
242 d->loc[UNW_X86_64_RBP] = DWARF_REG_LOC (d, UNW_X86_64_RBP);
243 d->loc[UNW_X86_64_RSP] = DWARF_REG_LOC (d, UNW_X86_64_RSP);
244 c->frame_info = *f;
245
246 if (likely(dwarf_put (d, d->loc[UNW_X86_64_RIP], rip) >= 0)
247 && likely(dwarf_put (d, d->loc[UNW_X86_64_RBP], rbp) >= 0)
248 && likely(dwarf_put (d, d->loc[UNW_X86_64_RSP], rsp) >= 0)
249 && likely((ret = unw_step (cursor)) >= 0))
250 *f = c->frame_info;
251
252 /* If unw_step() stopped voluntarily, remember that, even if it
253 otherwise could not determine anything useful. This avoids
254 failing trace if we hit frames without unwind info, which is
255 common for the outermost frame (CRT stuff) on many systems.
256 This avoids failing trace in very common circumstances; failing
257 to unw_step() loop wouldn't produce any better result. */
258 if (ret == 0)
259 f->last_frame = -1;
260
261 Debug (3, "frame va %lx type %d last %d cfa %s+%d rbp @ cfa%+d rsp @ cfa%+d\n",
262 f->virtual_address, f->frame_type, f->last_frame,
263 f->cfa_reg_rsp ? "rsp" : "rbp", f->cfa_reg_offset,
264 f->rbp_cfa_offset, f->rsp_cfa_offset);
265
266 return f;
267 }
268
269 /* Look up and if necessary fill in frame attributes for address RIP
270 in CACHE using current CFA, RBP and RSP values. Uses CURSOR to
271 perform any unwind steps necessary to fill the cache. Returns the
272 frame cache slot which describes RIP. */
273 static unw_tdep_frame_t *
trace_lookup(unw_cursor_t * cursor,unw_trace_cache_t * cache,unw_word_t cfa,unw_word_t rip,unw_word_t rbp,unw_word_t rsp)274 trace_lookup (unw_cursor_t *cursor,
275 unw_trace_cache_t *cache,
276 unw_word_t cfa,
277 unw_word_t rip,
278 unw_word_t rbp,
279 unw_word_t rsp)
280 {
281 /* First look up for previously cached information using cache as
282 linear probing hash table with probe step of 1. Majority of
283 lookups should be completed within few steps, but it is very
284 important the hash table does not fill up, or performance falls
285 off the cliff. */
286 uint64_t i, addr;
287 uint64_t cache_size = 1u << cache->log_size;
288 uint64_t slot = ((rip * 0x9e3779b97f4a7c16) >> 43) & (cache_size-1);
289 unw_tdep_frame_t *frame;
290
291 for (i = 0; i < 16; ++i)
292 {
293 frame = &cache->frames[slot];
294 addr = frame->virtual_address;
295
296 /* Return if we found the address. */
297 if (likely(addr == rip))
298 {
299 Debug (4, "found address after %ld steps\n", i);
300 return frame;
301 }
302
303 /* If slot is empty, reuse it. */
304 if (likely(! addr))
305 break;
306
307 /* Linear probe to next slot candidate, step = 1. */
308 if (++slot >= cache_size)
309 slot -= cache_size;
310 }
311
312 /* If we collided after 16 steps, or if the hash is more than half
313 full, force the hash to expand. Fill the selected slot, whether
314 it's free or collides. Note that hash expansion drops previous
315 contents; further lookups will refill the hash. */
316 Debug (4, "updating slot %lu after %ld steps, replacing 0x%lx\n", slot, i, addr);
317 if (unlikely(addr || cache->used >= cache_size / 2))
318 {
319 if (unlikely(trace_cache_expand (cache) < 0))
320 return NULL;
321
322 cache_size = 1u << cache->log_size;
323 slot = ((rip * 0x9e3779b97f4a7c16) >> 43) & (cache_size-1);
324 frame = &cache->frames[slot];
325 addr = frame->virtual_address;
326 }
327
328 if (! addr)
329 ++cache->used;
330
331 return trace_init_addr (frame, cursor, cfa, rip, rbp, rsp);
332 }
333
334 /* Fast stack backtrace for x86-64.
335
336 This is used by backtrace() implementation to accelerate frequent
337 queries for current stack, without any desire to unwind. It fills
338 BUFFER with the call tree from CURSOR upwards for at most SIZE
339 stack levels. The first frame, backtrace itself, is omitted. When
340 called, SIZE should give the maximum number of entries that can be
341 stored into BUFFER. Uses an internal thread-specific cache to
342 accelerate queries.
343
344 The caller should fall back to a unw_step() loop if this function
345 fails by returning -UNW_ESTOPUNWIND, meaning the routine hit a
346 stack frame that is too complex to be traced in the fast path.
347
348 This function is tuned for clients which only need to walk the
349 stack to get the call tree as fast as possible but without any
350 other details, for example profilers sampling the stack thousands
351 to millions of times per second. The routine handles the most
352 common x86-64 ABI stack layouts: CFA is RBP or RSP plus/minus
353 constant offset, return address is at CFA-8, and RBP and RSP are
354 either unchanged or saved on stack at constant offset from the CFA;
355 the signal return frame; and frames without unwind info provided
356 they are at the outermost (final) frame or can conservatively be
357 assumed to be frame-pointer based.
358
359 Any other stack layout will cause the routine to give up. There
360 are only a handful of relatively rarely used functions which do
361 not have a stack in the standard form: vfork, longjmp, setcontext
362 and _dl_runtime_profile on common linux systems for example.
363
364 On success BUFFER and *SIZE reflect the trace progress up to *SIZE
365 stack levels or the outermost frame, which ever is less. It may
366 stop short of outermost frame if unw_step() loop would also do so,
367 e.g. if there is no more unwind information; this is not reported
368 as an error.
369
370 The function returns a negative value for errors, -UNW_ESTOPUNWIND
371 if tracing stopped because of an unusual frame unwind info. The
372 BUFFER and *SIZE reflect tracing progress up to the error frame.
373
374 Callers of this function would normally look like this:
375
376 unw_cursor_t cur;
377 unw_context_t ctx;
378 void addrs[128];
379 int depth = 128;
380 int ret;
381
382 unw_getcontext(&ctx);
383 unw_init_local(&cur, &ctx);
384 if ((ret = unw_tdep_trace(&cur, addrs, &depth)) < 0)
385 {
386 depth = 0;
387 unw_getcontext(&ctx);
388 unw_init_local(&cur, &ctx);
389 while ((ret = unw_step(&cur)) > 0 && depth < 128)
390 {
391 unw_word_t ip;
392 unw_get_reg(&cur, UNW_REG_IP, &ip);
393 addresses[depth++] = (void *) ip;
394 }
395 }
396 */
397 HIDDEN int
tdep_trace(unw_cursor_t * cursor,void ** buffer,int * size)398 tdep_trace (unw_cursor_t *cursor, void **buffer, int *size)
399 {
400 struct cursor *c = (struct cursor *) cursor;
401 struct dwarf_cursor *d = &c->dwarf;
402 unw_trace_cache_t *cache;
403 unw_word_t rbp, rsp, rip, cfa;
404 int maxdepth = 0;
405 int depth = 0;
406 int ret;
407 int validate = 0;
408
409 /* Check input parametres. */
410 if (unlikely(! cursor || ! buffer || ! size || (maxdepth = *size) <= 0))
411 return -UNW_EINVAL;
412
413 Debug (1, "begin ip 0x%lx cfa 0x%lx\n", d->ip, d->cfa);
414
415 /* Tell core dwarf routines to call back to us. */
416 d->stash_frames = 1;
417
418 /* Determine initial register values. These are direct access safe
419 because we know they come from the initial machine context. */
420 rip = d->ip;
421 rsp = cfa = d->cfa;
422 ACCESS_MEM_FAST(ret, 0, d, DWARF_GET_LOC(d->loc[UNW_X86_64_RBP]), rbp);
423 assert(ret == 0);
424
425 /* Get frame cache. */
426 if (unlikely(! (cache = trace_cache_get())))
427 {
428 Debug (1, "returning %d, cannot get trace cache\n", -UNW_ENOMEM);
429 *size = 0;
430 d->stash_frames = 0;
431 return -UNW_ENOMEM;
432 }
433
434 /* Trace the stack upwards, starting from current RIP. Adjust
435 the RIP address for previous/next instruction as the main
436 unwinding logic would also do. We undo this before calling
437 back into unw_step(). */
438 while (depth < maxdepth)
439 {
440 rip -= d->use_prev_instr;
441 Debug (2, "depth %d cfa 0x%lx rip 0x%lx rsp 0x%lx rbp 0x%lx\n",
442 depth, cfa, rip, rsp, rbp);
443
444 /* See if we have this address cached. If not, evaluate enough of
445 the dwarf unwind information to fill the cache line data, or to
446 decide this frame cannot be handled in fast trace mode. We
447 cache negative results too to prevent unnecessary dwarf parsing
448 for common failures. */
449 unw_tdep_frame_t *f = trace_lookup (cursor, cache, cfa, rip, rbp, rsp);
450
451 /* If we don't have information for this frame, give up. */
452 if (unlikely(! f))
453 {
454 ret = -UNW_ENOINFO;
455 break;
456 }
457
458 Debug (3, "frame va %lx type %d last %d cfa %s+%d rbp @ cfa%+d rsp @ cfa%+d\n",
459 f->virtual_address, f->frame_type, f->last_frame,
460 f->cfa_reg_rsp ? "rsp" : "rbp", f->cfa_reg_offset,
461 f->rbp_cfa_offset, f->rsp_cfa_offset);
462
463 assert (f->virtual_address == rip);
464
465 /* Stop if this was the last frame. In particular don't evaluate
466 new register values as it may not be safe - we don't normally
467 run with full validation on, and do not want to - and there's
468 enough bad unwind info floating around that we need to trust
469 what unw_step() previously said, in potentially bogus frames. */
470 if (f->last_frame)
471 break;
472
473 /* Evaluate CFA and registers for the next frame. */
474 switch (f->frame_type)
475 {
476 case UNW_X86_64_FRAME_GUESSED:
477 /* Fall thru to standard processing after forcing validation. */
478 if (d->as == unw_local_addr_space)
479 dwarf_set_validate(d, 1);
480
481 case UNW_X86_64_FRAME_STANDARD:
482 /* Advance standard traceable frame. */
483 cfa = (f->cfa_reg_rsp ? rsp : rbp) + f->cfa_reg_offset;
484 if (d->as == unw_local_addr_space)
485 validate = dwarf_get_validate(d);
486 ACCESS_MEM_FAST(ret, validate, d, cfa - 8, rip);
487 if (likely(ret >= 0) && likely(f->rbp_cfa_offset != -1))
488 ACCESS_MEM_FAST(ret, validate, d, cfa + f->rbp_cfa_offset, rbp);
489
490 /* Don't bother reading RSP from DWARF, CFA becomes new RSP. */
491 rsp = cfa;
492
493 /* Next frame needs to back up for unwind info lookup. */
494 d->use_prev_instr = 1;
495 break;
496
497 case UNW_X86_64_FRAME_SIGRETURN:
498 cfa = cfa + f->cfa_reg_offset; /* cfa now points to ucontext_t. */
499
500 if (d->as == unw_local_addr_space)
501 validate = dwarf_get_validate(d);
502 ACCESS_MEM_FAST(ret, validate, d, cfa + UC_MCONTEXT_GREGS_RIP, rip);
503 if (likely(ret >= 0))
504 ACCESS_MEM_FAST(ret, validate, d, cfa + UC_MCONTEXT_GREGS_RBP, rbp);
505 if (likely(ret >= 0))
506 ACCESS_MEM_FAST(ret, validate, d, cfa + UC_MCONTEXT_GREGS_RSP, rsp);
507
508 /* Resume stack at signal restoration point. The stack is not
509 necessarily continuous here, especially with sigaltstack(). */
510 cfa = rsp;
511
512 /* Next frame should not back up. */
513 d->use_prev_instr = 0;
514 break;
515
516 case UNW_X86_64_FRAME_ALIGNED:
517 /* Address of RIP was pushed on the stack via a simple
518 * def_cfa_expr - result stack offset stored in cfa_reg_offset */
519 cfa = (f->cfa_reg_rsp ? rsp : rbp) + f->cfa_reg_offset;
520 if (d->as == unw_local_addr_space)
521 validate = dwarf_get_validate(d);
522 ACCESS_MEM_FAST(ret, validate, d, cfa, cfa);
523 if (likely(ret >= 0))
524 ACCESS_MEM_FAST(ret, validate, d, cfa - 8, rip);
525 if (likely(ret >= 0))
526 ACCESS_MEM_FAST(ret, validate, d, rbp, rbp);
527
528 /* Don't bother reading RSP from DWARF, CFA becomes new RSP. */
529 rsp = cfa;
530
531 /* Next frame needs to back up for unwind info lookup. */
532 d->use_prev_instr = 1;
533
534 break;
535
536 default:
537 /* We cannot trace through this frame, give up and tell the
538 caller we had to stop. Data collected so far may still be
539 useful to the caller, so let it know how far we got. */
540 ret = -UNW_ESTOPUNWIND;
541 break;
542 }
543
544 Debug (4, "new cfa 0x%lx rip 0x%lx rsp 0x%lx rbp 0x%lx\n",
545 cfa, rip, rsp, rbp);
546
547 /* If we failed or ended up somewhere bogus, stop. */
548 if (unlikely(ret < 0 || rip < 0x4000))
549 break;
550
551 /* Record this address in stack trace. We skipped the first address. */
552 buffer[depth++] = (void *) rip;
553 }
554
555 #if UNW_DEBUG
556 Debug (1, "returning %d, depth %d\n", ret, depth);
557 #endif
558 *size = depth;
559 return ret;
560 }
561