1 /*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <libdebuggerd/tombstone.h>
18
19 #include <inttypes.h>
20
21 #include <functional>
22 #include <set>
23 #include <string>
24 #include <unordered_set>
25 #include <utility>
26 #include <vector>
27
28 #include <android-base/stringprintf.h>
29 #include <android-base/strings.h>
30 #include <android-base/unique_fd.h>
31 #include <async_safe/log.h>
32 #include <bionic/macros.h>
33
34 #include "tombstone.pb.h"
35
36 using android::base::StringAppendF;
37 using android::base::StringPrintf;
38
39 #define CB(log, ...) callback(StringPrintf(__VA_ARGS__), log)
40 #define CBL(...) CB(true, __VA_ARGS__)
41 #define CBS(...) CB(false, __VA_ARGS__)
42 using CallbackType = std::function<void(const std::string& line, bool should_log)>;
43
abi_string(const Tombstone & tombstone)44 static const char* abi_string(const Tombstone& tombstone) {
45 switch (tombstone.arch()) {
46 case Architecture::ARM32:
47 return "arm";
48 case Architecture::ARM64:
49 return "arm64";
50 case Architecture::X86:
51 return "x86";
52 case Architecture::X86_64:
53 return "x86_64";
54 default:
55 return "<unknown>";
56 }
57 }
58
pointer_width(const Tombstone & tombstone)59 static int pointer_width(const Tombstone& tombstone) {
60 switch (tombstone.arch()) {
61 case Architecture::ARM32:
62 return 4;
63 case Architecture::ARM64:
64 return 8;
65 case Architecture::X86:
66 return 4;
67 case Architecture::X86_64:
68 return 8;
69 default:
70 return 8;
71 }
72 }
73
print_thread_header(CallbackType callback,const Tombstone & tombstone,const Thread & thread,bool should_log)74 static void print_thread_header(CallbackType callback, const Tombstone& tombstone,
75 const Thread& thread, bool should_log) {
76 const char* process_name = "<unknown>";
77 if (!tombstone.command_line().empty()) {
78 process_name = tombstone.command_line()[0].c_str();
79 CB(should_log, "Cmdline: %s", android::base::Join(tombstone.command_line(), " ").c_str());
80 }
81 CB(should_log, "pid: %d, tid: %d, name: %s >>> %s <<<", tombstone.pid(), thread.id(),
82 thread.name().c_str(), process_name);
83 CB(should_log, "uid: %d", tombstone.uid());
84 if (thread.tagged_addr_ctrl() != -1) {
85 CB(should_log, "tagged_addr_ctrl: %016" PRIx64 "%s", thread.tagged_addr_ctrl(),
86 describe_tagged_addr_ctrl(thread.tagged_addr_ctrl()).c_str());
87 }
88 if (thread.pac_enabled_keys() != -1) {
89 CB(should_log, "pac_enabled_keys: %016" PRIx64 "%s", thread.pac_enabled_keys(),
90 describe_pac_enabled_keys(thread.pac_enabled_keys()).c_str());
91 }
92 }
93
print_register_row(CallbackType callback,int word_size,std::vector<std::pair<std::string,uint64_t>> row,bool should_log)94 static void print_register_row(CallbackType callback, int word_size,
95 std::vector<std::pair<std::string, uint64_t>> row, bool should_log) {
96 std::string output = " ";
97 for (const auto& [name, value] : row) {
98 output += android::base::StringPrintf(" %-3s %0*" PRIx64, name.c_str(), 2 * word_size,
99 static_cast<uint64_t>(value));
100 }
101 callback(output, should_log);
102 }
103
print_thread_registers(CallbackType callback,const Tombstone & tombstone,const Thread & thread,bool should_log)104 static void print_thread_registers(CallbackType callback, const Tombstone& tombstone,
105 const Thread& thread, bool should_log) {
106 static constexpr size_t column_count = 4;
107 std::vector<std::pair<std::string, uint64_t>> current_row;
108 std::vector<std::pair<std::string, uint64_t>> special_row;
109 std::unordered_set<std::string> special_registers;
110
111 int word_size = pointer_width(tombstone);
112
113 switch (tombstone.arch()) {
114 case Architecture::ARM32:
115 special_registers = {"ip", "lr", "sp", "pc", "pst"};
116 break;
117
118 case Architecture::ARM64:
119 special_registers = {"ip", "lr", "sp", "pc", "pst"};
120 break;
121
122 case Architecture::X86:
123 special_registers = {"ebp", "esp", "eip"};
124 break;
125
126 case Architecture::X86_64:
127 special_registers = {"rbp", "rsp", "rip"};
128 break;
129
130 default:
131 async_safe_fatal("unknown architecture");
132 }
133
134 for (const auto& reg : thread.registers()) {
135 auto row = ¤t_row;
136 if (special_registers.count(reg.name()) == 1) {
137 row = &special_row;
138 }
139
140 row->emplace_back(reg.name(), reg.u64());
141 if (current_row.size() == column_count) {
142 print_register_row(callback, word_size, current_row, should_log);
143 current_row.clear();
144 }
145 }
146
147 if (!current_row.empty()) {
148 print_register_row(callback, word_size, current_row, should_log);
149 }
150
151 print_register_row(callback, word_size, special_row, should_log);
152 }
153
print_backtrace(CallbackType callback,const Tombstone & tombstone,const google::protobuf::RepeatedPtrField<BacktraceFrame> & backtrace,bool should_log)154 static void print_backtrace(CallbackType callback, const Tombstone& tombstone,
155 const google::protobuf::RepeatedPtrField<BacktraceFrame>& backtrace,
156 bool should_log) {
157 int index = 0;
158 for (const auto& frame : backtrace) {
159 std::string function;
160
161 if (!frame.function_name().empty()) {
162 function =
163 StringPrintf(" (%s+%" PRId64 ")", frame.function_name().c_str(), frame.function_offset());
164 }
165
166 std::string build_id;
167 if (!frame.build_id().empty()) {
168 build_id = StringPrintf(" (BuildId: %s)", frame.build_id().c_str());
169 }
170
171 std::string line =
172 StringPrintf(" #%02d pc %0*" PRIx64 " %s", index++, pointer_width(tombstone) * 2,
173 frame.rel_pc(), frame.file_name().c_str());
174 if (frame.file_map_offset() != 0) {
175 line += StringPrintf(" (offset 0x%" PRIx64 ")", frame.file_map_offset());
176 }
177 line += function + build_id;
178 CB(should_log, "%s", line.c_str());
179 }
180 }
181
print_thread_backtrace(CallbackType callback,const Tombstone & tombstone,const Thread & thread,bool should_log)182 static void print_thread_backtrace(CallbackType callback, const Tombstone& tombstone,
183 const Thread& thread, bool should_log) {
184 CBS("");
185 CB(should_log, "backtrace:");
186 if (!thread.backtrace_note().empty()) {
187 CB(should_log, " NOTE: %s",
188 android::base::Join(thread.backtrace_note(), "\n NOTE: ").c_str());
189 }
190 print_backtrace(callback, tombstone, thread.current_backtrace(), should_log);
191 }
192
print_thread_memory_dump(CallbackType callback,const Tombstone & tombstone,const Thread & thread)193 static void print_thread_memory_dump(CallbackType callback, const Tombstone& tombstone,
194 const Thread& thread) {
195 static constexpr size_t bytes_per_line = 16;
196 static_assert(bytes_per_line == kTagGranuleSize);
197 int word_size = pointer_width(tombstone);
198 for (const auto& mem : thread.memory_dump()) {
199 CBS("");
200 if (mem.mapping_name().empty()) {
201 CBS("memory near %s:", mem.register_name().c_str());
202 } else {
203 CBS("memory near %s (%s):", mem.register_name().c_str(), mem.mapping_name().c_str());
204 }
205 uint64_t addr = mem.begin_address();
206 for (size_t offset = 0; offset < mem.memory().size(); offset += bytes_per_line) {
207 uint64_t tagged_addr = addr;
208 if (mem.has_arm_mte_metadata() &&
209 mem.arm_mte_metadata().memory_tags().size() > offset / kTagGranuleSize) {
210 tagged_addr |=
211 static_cast<uint64_t>(mem.arm_mte_metadata().memory_tags()[offset / kTagGranuleSize])
212 << 56;
213 }
214 std::string line = StringPrintf(" %0*" PRIx64, word_size * 2, tagged_addr + offset);
215
216 size_t bytes = std::min(bytes_per_line, mem.memory().size() - offset);
217 for (size_t i = 0; i < bytes; i += word_size) {
218 uint64_t word = 0;
219
220 // Assumes little-endian, but what doesn't?
221 memcpy(&word, mem.memory().data() + offset + i, word_size);
222
223 StringAppendF(&line, " %0*" PRIx64, word_size * 2, word);
224 }
225
226 char ascii[bytes_per_line + 1];
227
228 memset(ascii, '.', sizeof(ascii));
229 ascii[bytes_per_line] = '\0';
230
231 for (size_t i = 0; i < bytes; ++i) {
232 uint8_t byte = mem.memory()[offset + i];
233 if (byte >= 0x20 && byte < 0x7f) {
234 ascii[i] = byte;
235 }
236 }
237
238 CBS("%s %s", line.c_str(), ascii);
239 }
240 }
241 }
242
print_thread(CallbackType callback,const Tombstone & tombstone,const Thread & thread)243 static void print_thread(CallbackType callback, const Tombstone& tombstone, const Thread& thread) {
244 print_thread_header(callback, tombstone, thread, false);
245 print_thread_registers(callback, tombstone, thread, false);
246 print_thread_backtrace(callback, tombstone, thread, false);
247 print_thread_memory_dump(callback, tombstone, thread);
248 }
249
print_tag_dump(CallbackType callback,const Tombstone & tombstone)250 static void print_tag_dump(CallbackType callback, const Tombstone& tombstone) {
251 if (!tombstone.has_signal_info()) return;
252
253 const Signal& signal = tombstone.signal_info();
254
255 if (!signal.has_fault_address() || !signal.has_fault_adjacent_metadata()) {
256 return;
257 }
258
259 const MemoryDump& memory_dump = signal.fault_adjacent_metadata();
260
261 if (!memory_dump.has_arm_mte_metadata() || memory_dump.arm_mte_metadata().memory_tags().empty()) {
262 return;
263 }
264
265 const std::string& tags = memory_dump.arm_mte_metadata().memory_tags();
266
267 CBS("");
268 CBS("Memory tags around the fault address (0x%" PRIx64 "), one tag per %zu bytes:",
269 signal.fault_address(), kTagGranuleSize);
270 constexpr uintptr_t kRowStartMask = ~(kNumTagColumns * kTagGranuleSize - 1);
271
272 size_t tag_index = 0;
273 size_t num_tags = tags.length();
274 uintptr_t fault_granule = untag_address(signal.fault_address()) & ~(kTagGranuleSize - 1);
275 for (size_t row = 0; tag_index < num_tags; ++row) {
276 uintptr_t row_addr =
277 (memory_dump.begin_address() + row * kNumTagColumns * kTagGranuleSize) & kRowStartMask;
278 std::string row_contents;
279 bool row_has_fault = false;
280
281 for (size_t column = 0; column < kNumTagColumns; ++column) {
282 uintptr_t granule_addr = row_addr + column * kTagGranuleSize;
283 if (granule_addr < memory_dump.begin_address() ||
284 granule_addr >= memory_dump.begin_address() + num_tags * kTagGranuleSize) {
285 row_contents += " . ";
286 } else if (granule_addr == fault_granule) {
287 row_contents += StringPrintf("[%1hhx]", tags[tag_index++]);
288 row_has_fault = true;
289 } else {
290 row_contents += StringPrintf(" %1hhx ", tags[tag_index++]);
291 }
292 }
293
294 if (row_contents.back() == ' ') row_contents.pop_back();
295
296 if (row_has_fault) {
297 CBS(" =>0x%" PRIxPTR ":%s", row_addr, row_contents.c_str());
298 } else {
299 CBS(" 0x%" PRIxPTR ":%s", row_addr, row_contents.c_str());
300 }
301 }
302 }
303
print_main_thread(CallbackType callback,const Tombstone & tombstone,const Thread & thread)304 static void print_main_thread(CallbackType callback, const Tombstone& tombstone,
305 const Thread& thread) {
306 int word_size = pointer_width(tombstone);
307 print_thread_header(callback, tombstone, thread, true);
308
309 const Signal& signal_info = tombstone.signal_info();
310 std::string sender_desc;
311
312 if (signal_info.has_sender()) {
313 sender_desc =
314 StringPrintf(" from pid %d, uid %d", signal_info.sender_pid(), signal_info.sender_uid());
315 }
316
317 if (!tombstone.has_signal_info()) {
318 CBL("signal information missing");
319 } else {
320 std::string fault_addr_desc;
321 if (signal_info.has_fault_address()) {
322 fault_addr_desc = StringPrintf("0x%0*" PRIx64, 2 * word_size, signal_info.fault_address());
323 } else {
324 fault_addr_desc = "--------";
325 }
326
327 CBL("signal %d (%s), code %d (%s%s), fault addr %s", signal_info.number(),
328 signal_info.name().c_str(), signal_info.code(), signal_info.code_name().c_str(),
329 sender_desc.c_str(), fault_addr_desc.c_str());
330 }
331
332 if (tombstone.causes_size() == 1) {
333 CBL("Cause: %s", tombstone.causes(0).human_readable().c_str());
334 }
335
336 if (!tombstone.abort_message().empty()) {
337 CBL("Abort message: '%s'", tombstone.abort_message().c_str());
338 }
339
340 print_thread_registers(callback, tombstone, thread, true);
341 print_thread_backtrace(callback, tombstone, thread, true);
342
343 if (tombstone.causes_size() > 1) {
344 CBS("");
345 CBL("Note: multiple potential causes for this crash were detected, listing them in decreasing "
346 "order of likelihood.");
347 }
348
349 for (const Cause& cause : tombstone.causes()) {
350 if (tombstone.causes_size() > 1) {
351 CBS("");
352 CBL("Cause: %s", cause.human_readable().c_str());
353 }
354
355 if (cause.has_memory_error() && cause.memory_error().has_heap()) {
356 const HeapObject& heap_object = cause.memory_error().heap();
357
358 if (heap_object.deallocation_backtrace_size() != 0) {
359 CBS("");
360 CBL("deallocated by thread %" PRIu64 ":", heap_object.deallocation_tid());
361 print_backtrace(callback, tombstone, heap_object.deallocation_backtrace(), true);
362 }
363
364 if (heap_object.allocation_backtrace_size() != 0) {
365 CBS("");
366 CBL("allocated by thread %" PRIu64 ":", heap_object.allocation_tid());
367 print_backtrace(callback, tombstone, heap_object.allocation_backtrace(), true);
368 }
369 }
370 }
371
372 print_tag_dump(callback, tombstone);
373
374 print_thread_memory_dump(callback, tombstone, thread);
375
376 CBS("");
377
378 // No memory maps to print.
379 if (tombstone.memory_mappings().empty()) {
380 CBS("No memory maps found");
381 return;
382 }
383
384 const auto format_pointer = [word_size](uint64_t ptr) -> std::string {
385 if (word_size == 8) {
386 uint64_t top = ptr >> 32;
387 uint64_t bottom = ptr & 0xFFFFFFFF;
388 return StringPrintf("%08" PRIx64 "'%08" PRIx64, top, bottom);
389 }
390
391 return StringPrintf("%0*" PRIx64, word_size * 2, ptr);
392 };
393
394 std::string memory_map_header =
395 StringPrintf("memory map (%d %s):", tombstone.memory_mappings().size(),
396 tombstone.memory_mappings().size() == 1 ? "entry" : "entries");
397
398 bool has_fault_address = signal_info.has_fault_address();
399 uint64_t fault_address = untag_address(signal_info.fault_address());
400 bool preamble_printed = false;
401 bool printed_fault_address_marker = false;
402 for (const auto& map : tombstone.memory_mappings()) {
403 if (!preamble_printed) {
404 preamble_printed = true;
405 if (has_fault_address) {
406 if (fault_address < map.begin_address()) {
407 memory_map_header +=
408 StringPrintf("\n--->Fault address falls at %s before any mapped regions",
409 format_pointer(fault_address).c_str());
410 printed_fault_address_marker = true;
411 } else {
412 memory_map_header += " (fault address prefixed with --->)";
413 }
414 }
415 CBS("%s", memory_map_header.c_str());
416 }
417
418 std::string line = " ";
419 if (has_fault_address && !printed_fault_address_marker) {
420 if (fault_address < map.begin_address()) {
421 printed_fault_address_marker = true;
422 CBS("--->Fault address falls at %s between mapped regions",
423 format_pointer(fault_address).c_str());
424 } else if (fault_address >= map.begin_address() && fault_address < map.end_address()) {
425 printed_fault_address_marker = true;
426 line = "--->";
427 }
428 }
429 StringAppendF(&line, "%s-%s", format_pointer(map.begin_address()).c_str(),
430 format_pointer(map.end_address() - 1).c_str());
431 StringAppendF(&line, " %s%s%s", map.read() ? "r" : "-", map.write() ? "w" : "-",
432 map.execute() ? "x" : "-");
433 StringAppendF(&line, " %8" PRIx64 " %8" PRIx64, map.offset(),
434 map.end_address() - map.begin_address());
435
436 if (!map.mapping_name().empty()) {
437 StringAppendF(&line, " %s", map.mapping_name().c_str());
438
439 if (!map.build_id().empty()) {
440 StringAppendF(&line, " (BuildId: %s)", map.build_id().c_str());
441 }
442
443 if (map.load_bias() != 0) {
444 StringAppendF(&line, " (load bias 0x%" PRIx64 ")", map.load_bias());
445 }
446 }
447
448 CBS("%s", line.c_str());
449 }
450
451 if (has_fault_address && !printed_fault_address_marker) {
452 CBS("--->Fault address falls at %s after any mapped regions",
453 format_pointer(fault_address).c_str());
454 }
455 }
456
print_logs(CallbackType callback,const Tombstone & tombstone,int tail)457 void print_logs(CallbackType callback, const Tombstone& tombstone, int tail) {
458 for (const auto& buffer : tombstone.log_buffers()) {
459 if (tail) {
460 CBS("--------- tail end of log %s", buffer.name().c_str());
461 } else {
462 CBS("--------- log %s", buffer.name().c_str());
463 }
464
465 int begin = 0;
466 if (tail != 0) {
467 begin = std::max(0, buffer.logs().size() - tail);
468 }
469
470 for (int i = begin; i < buffer.logs().size(); ++i) {
471 const LogMessage& msg = buffer.logs(i);
472
473 static const char* kPrioChars = "!.VDIWEFS";
474 char priority = (msg.priority() < strlen(kPrioChars) ? kPrioChars[msg.priority()] : '?');
475 CBS("%s %5u %5u %c %-8s: %s", msg.timestamp().c_str(), msg.pid(), msg.tid(), priority,
476 msg.tag().c_str(), msg.message().c_str());
477 }
478 }
479 }
480
tombstone_proto_to_text(const Tombstone & tombstone,CallbackType callback)481 bool tombstone_proto_to_text(const Tombstone& tombstone, CallbackType callback) {
482 CBL("*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***");
483 CBL("Build fingerprint: '%s'", tombstone.build_fingerprint().c_str());
484 CBL("Revision: '%s'", tombstone.revision().c_str());
485 CBL("ABI: '%s'", abi_string(tombstone));
486 CBL("Timestamp: %s", tombstone.timestamp().c_str());
487 CBL("Process uptime: %ds", tombstone.process_uptime());
488
489 // Process header
490 const auto& threads = tombstone.threads();
491 auto main_thread_it = threads.find(tombstone.tid());
492 if (main_thread_it == threads.end()) {
493 CBL("failed to find entry for main thread in tombstone");
494 return false;
495 }
496
497 const auto& main_thread = main_thread_it->second;
498
499 print_main_thread(callback, tombstone, main_thread);
500
501 print_logs(callback, tombstone, 50);
502
503 // protobuf's map is unordered, so sort the keys first.
504 std::set<int> thread_ids;
505 for (const auto& [tid, _] : threads) {
506 if (tid != tombstone.tid()) {
507 thread_ids.insert(tid);
508 }
509 }
510
511 for (const auto& tid : thread_ids) {
512 CBS("--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---");
513 print_thread(callback, tombstone, threads.find(tid)->second);
514 }
515
516 if (tombstone.open_fds().size() > 0) {
517 CBS("");
518 CBS("open files:");
519 for (const auto& fd : tombstone.open_fds()) {
520 std::optional<std::string> owner;
521 if (!fd.owner().empty()) {
522 owner = StringPrintf("owned by %s 0x%" PRIx64, fd.owner().c_str(), fd.tag());
523 }
524
525 CBS(" fd %d: %s (%s)", fd.fd(), fd.path().c_str(), owner ? owner->c_str() : "unowned");
526 }
527 }
528
529 print_logs(callback, tombstone, 0);
530
531 return true;
532 }
533