• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 
2 /*--------------------------------------------------------------------*/
3 /*--- Top level management of symbols and debugging information.   ---*/
4 /*---                                                  debuginfo.c ---*/
5 /*--------------------------------------------------------------------*/
6 
7 /*
8    This file is part of Valgrind, a dynamic binary instrumentation
9    framework.
10 
11    Copyright (C) 2000-2012 Julian Seward
12       jseward@acm.org
13 
14    This program is free software; you can redistribute it and/or
15    modify it under the terms of the GNU General Public License as
16    published by the Free Software Foundation; either version 2 of the
17    License, or (at your option) any later version.
18 
19    This program is distributed in the hope that it will be useful, but
20    WITHOUT ANY WARRANTY; without even the implied warranty of
21    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
22    General Public License for more details.
23 
24    You should have received a copy of the GNU General Public License
25    along with this program; if not, write to the Free Software
26    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
27    02111-1307, USA.
28 
29    The GNU General Public License is contained in the file COPYING.
30 */
31 
32 #include "pub_core_basics.h"
33 #include "pub_core_vki.h"
34 #include "pub_core_libcsetjmp.h" // to keep _threadstate.h happy
35 #include "pub_core_threadstate.h"
36 #include "pub_core_debuginfo.h"  /* self */
37 #include "pub_core_demangle.h"
38 #include "pub_core_libcbase.h"
39 #include "pub_core_libcassert.h"
40 #include "pub_core_libcprint.h"
41 #include "pub_core_libcfile.h"
42 #include "pub_core_libcproc.h"   // VG_(getenv)
43 #include "pub_core_seqmatch.h"
44 #include "pub_core_options.h"
45 #include "pub_core_redir.h"      // VG_(redir_notify_{new,delete}_SegInfo)
46 #include "pub_core_aspacemgr.h"
47 #include "pub_core_machine.h"    // VG_PLAT_USES_PPCTOC
48 #include "pub_core_xarray.h"
49 #include "pub_core_oset.h"
50 #include "pub_core_stacktrace.h" // VG_(get_StackTrace) XXX: circular dependency
51 #include "pub_core_ume.h"
52 
53 #include "priv_misc.h"           /* dinfo_zalloc/free */
54 #include "priv_d3basics.h"       /* ML_(pp_GX) */
55 #include "priv_tytypes.h"
56 #include "priv_storage.h"
57 #include "priv_readdwarf.h"
58 #include "priv_readstabs.h"
59 #if defined(VGO_linux)
60 # include "priv_readelf.h"
61 # include "priv_readdwarf3.h"
62 # include "priv_readpdb.h"
63 #elif defined(VGO_darwin)
64 # include "priv_readmacho.h"
65 # include "priv_readpdb.h"
66 #endif
67 
68 
69 /*------------------------------------------------------------*/
70 /*--- The _svma / _avma / _image / _bias naming scheme     ---*/
71 /*------------------------------------------------------------*/
72 
73 /* JRS 11 Jan 07: I find the different kinds of addresses involved in
74    debuginfo reading confusing.  Recently I arrived at some
75    terminology which makes it clearer (to me, at least).  There are 3
76    kinds of address used in the debuginfo reading process:
77 
78    stated VMAs - the address where (eg) a .so says a symbol is, that
79                  is, what it tells you if you consider the .so in
80                  isolation
81 
82    actual VMAs - the address where (eg) said symbol really wound up
83                  after the .so was mapped into memory
84 
85    image addresses - pointers into the copy of the .so (etc)
86                      transiently mmaped aboard whilst we read its info
87 
88    Additionally I use the term 'bias' to denote the difference
89    between stated and actual VMAs for a given entity.
90 
91    This terminology is not used consistently, but a start has been
92    made.  readelf.c and the call-frame info reader in readdwarf.c now
93    use it.  Specifically, various variables and structure fields have
94    been annotated with _avma / _svma / _image / _bias.  In places _img
95    is used instead of _image for the sake of brevity.
96 */
97 
98 
99 /*------------------------------------------------------------*/
100 /*--- fwdses                                               ---*/
101 /*------------------------------------------------------------*/
102 
103 static void cfsi_cache__invalidate ( void );
104 
105 
106 /*------------------------------------------------------------*/
107 /*--- Root structure                                       ---*/
108 /*------------------------------------------------------------*/
109 
110 /* The root structure for the entire debug info system.  It is a
111    linked list of DebugInfos. */
112 static DebugInfo* debugInfo_list = NULL;
113 
114 
115 /* Find 'di' in the debugInfo_list and move it one step closer the the
116    front of the list, so as to make subsequent searches for it
117    cheaper.  When used in a controlled way, makes a major improvement
118    in some DebugInfo-search-intensive situations, most notably stack
119    unwinding on amd64-linux. */
move_DebugInfo_one_step_forward(DebugInfo * di)120 static void move_DebugInfo_one_step_forward ( DebugInfo* di )
121 {
122    DebugInfo *di0, *di1, *di2;
123    if (di == debugInfo_list)
124       return; /* already at head of list */
125    vg_assert(di != NULL);
126    di0 = debugInfo_list;
127    di1 = NULL;
128    di2 = NULL;
129    while (True) {
130       if (di0 == NULL || di0 == di) break;
131       di2 = di1;
132       di1 = di0;
133       di0 = di0->next;
134    }
135    vg_assert(di0 == di);
136    if (di0 != NULL && di1 != NULL && di2 != NULL) {
137       DebugInfo* tmp;
138       /* di0 points to di, di1 to its predecessor, and di2 to di1's
139          predecessor.  Swap di0 and di1, that is, move di0 one step
140          closer to the start of the list. */
141       vg_assert(di2->next == di1);
142       vg_assert(di1->next == di0);
143       tmp = di0->next;
144       di2->next = di0;
145       di0->next = di1;
146       di1->next = tmp;
147    }
148    else
149    if (di0 != NULL && di1 != NULL && di2 == NULL) {
150       /* it's second in the list. */
151       vg_assert(debugInfo_list == di1);
152       vg_assert(di1->next == di0);
153       di1->next = di0->next;
154       di0->next = di1;
155       debugInfo_list = di0;
156    }
157 }
158 
159 
160 /*------------------------------------------------------------*/
161 /*--- Notification (acquire/discard) helpers               ---*/
162 /*------------------------------------------------------------*/
163 
164 /* Gives out unique abstract handles for allocated DebugInfos.  See
165    comment in priv_storage.h, declaration of struct _DebugInfo, for
166    details. */
167 static ULong handle_counter = 1;
168 
169 /* Allocate and zero out a new DebugInfo record. */
170 static
alloc_DebugInfo(const UChar * filename)171 DebugInfo* alloc_DebugInfo( const UChar* filename )
172 {
173    Bool       traceme;
174    DebugInfo* di;
175 
176    vg_assert(filename);
177 
178    di = ML_(dinfo_zalloc)("di.debuginfo.aDI.1", sizeof(DebugInfo));
179    di->handle       = handle_counter++;
180    di->fsm.filename = ML_(dinfo_strdup)("di.debuginfo.aDI.2", filename);
181    di->fsm.maps     = VG_(newXA)(
182                          ML_(dinfo_zalloc), "di.debuginfo.aDI.3",
183                          ML_(dinfo_free), sizeof(struct _DebugInfoMapping));
184 
185    /* Everything else -- pointers, sizes, arrays -- is zeroed by
186       ML_(dinfo_zalloc).  Now set up the debugging-output flags. */
187    traceme
188       = VG_(string_match)( VG_(clo_trace_symtab_patt), filename );
189    if (traceme) {
190       di->trace_symtab = VG_(clo_trace_symtab);
191       di->trace_cfi    = VG_(clo_trace_cfi);
192       di->ddump_syms   = VG_(clo_debug_dump_syms);
193       di->ddump_line   = VG_(clo_debug_dump_line);
194       di->ddump_frames = VG_(clo_debug_dump_frames);
195    }
196 
197    return di;
198 }
199 
200 
201 /* Free a DebugInfo, and also all the stuff hanging off it. */
free_DebugInfo(DebugInfo * di)202 static void free_DebugInfo ( DebugInfo* di )
203 {
204    Word i, j, n;
205    struct strchunk *chunk, *next;
206    TyEnt* ent;
207    GExpr* gexpr;
208 
209    vg_assert(di != NULL);
210    if (di->fsm.maps)     VG_(deleteXA)(di->fsm.maps);
211    if (di->fsm.filename) ML_(dinfo_free)(di->fsm.filename);
212    if (di->soname)       ML_(dinfo_free)(di->soname);
213    if (di->loctab)       ML_(dinfo_free)(di->loctab);
214    if (di->cfsi)         ML_(dinfo_free)(di->cfsi);
215    if (di->cfsi_exprs)   VG_(deleteXA)(di->cfsi_exprs);
216    if (di->fpo)          ML_(dinfo_free)(di->fpo);
217 
218    if (di->symtab) {
219       /* We have to visit all the entries so as to free up any
220          sec_names arrays that might exist. */
221       n = di->symtab_used;
222       for (i = 0; i < n; i++) {
223          DiSym* sym = &di->symtab[i];
224          if (sym->sec_names)
225             ML_(dinfo_free)(sym->sec_names);
226       }
227       /* and finally .. */
228       ML_(dinfo_free)(di->symtab);
229    }
230 
231    for (chunk = di->strchunks; chunk != NULL; chunk = next) {
232       next = chunk->next;
233       ML_(dinfo_free)(chunk);
234    }
235 
236    /* Delete the two admin arrays.  These lists exist primarily so
237       that we can visit each object exactly once when we need to
238       delete them. */
239    if (di->admin_tyents) {
240       n = VG_(sizeXA)(di->admin_tyents);
241       for (i = 0; i < n; i++) {
242          ent = (TyEnt*)VG_(indexXA)(di->admin_tyents, i);
243          /* Dump anything hanging off this ent */
244          ML_(TyEnt__make_EMPTY)(ent);
245       }
246       VG_(deleteXA)(di->admin_tyents);
247       di->admin_tyents = NULL;
248    }
249 
250    if (di->admin_gexprs) {
251       n = VG_(sizeXA)(di->admin_gexprs);
252       for (i = 0; i < n; i++) {
253          gexpr = *(GExpr**)VG_(indexXA)(di->admin_gexprs, i);
254          ML_(dinfo_free)(gexpr);
255       }
256       VG_(deleteXA)(di->admin_gexprs);
257       di->admin_gexprs = NULL;
258    }
259 
260    /* Dump the variable info.  This is kinda complex: we must take
261       care not to free items which reside in either the admin lists
262       (as we have just freed them) or which reside in the DebugInfo's
263       string table. */
264    if (di->varinfo) {
265       for (i = 0; i < VG_(sizeXA)(di->varinfo); i++) {
266          OSet* scope = *(OSet**)VG_(indexXA)(di->varinfo, i);
267          if (!scope) continue;
268          /* iterate over all entries in 'scope' */
269          VG_(OSetGen_ResetIter)(scope);
270          while (True) {
271             DiAddrRange* arange = VG_(OSetGen_Next)(scope);
272             if (!arange) break;
273             /* for each var in 'arange' */
274             vg_assert(arange->vars);
275             for (j = 0; j < VG_(sizeXA)( arange->vars ); j++) {
276                DiVariable* var = (DiVariable*)VG_(indexXA)(arange->vars,j);
277                vg_assert(var);
278                /* Nothing to free in var: all the pointer fields refer
279                   to stuff either on an admin list, or in
280                   .strchunks */
281             }
282             VG_(deleteXA)(arange->vars);
283             /* Don't free arange itself, as OSetGen_Destroy does
284                that */
285          }
286          VG_(OSetGen_Destroy)(scope);
287       }
288       VG_(deleteXA)(di->varinfo);
289    }
290 
291    ML_(dinfo_free)(di);
292 }
293 
294 
295 /* 'si' is a member of debugInfo_list.  Find it, remove it from the
296    list, notify m_redir that this has happened, and free all storage
297    reachable from it.
298 */
discard_DebugInfo(DebugInfo * di)299 static void discard_DebugInfo ( DebugInfo* di )
300 {
301    HChar* reason = "munmap";
302 
303    DebugInfo** prev_next_ptr = &debugInfo_list;
304    DebugInfo*  curr          =  debugInfo_list;
305 
306    while (curr) {
307       if (curr == di) {
308          /* Found it;  remove from list and free it. */
309          if (curr->have_dinfo
310              && (VG_(clo_verbosity) > 1 || VG_(clo_trace_redir)))
311             VG_(message)(Vg_DebugMsg,
312                          "Discarding syms at %#lx-%#lx in %s due to %s()\n",
313                          di->text_avma,
314                          di->text_avma + di->text_size,
315                          curr->fsm.filename ? curr->fsm.filename
316                                             : (UChar*)"???",
317                          reason);
318          vg_assert(*prev_next_ptr == curr);
319          *prev_next_ptr = curr->next;
320          if (curr->have_dinfo)
321             VG_(redir_notify_delete_DebugInfo)( curr );
322          free_DebugInfo(curr);
323          return;
324       }
325       prev_next_ptr = &curr->next;
326       curr          =  curr->next;
327    }
328 
329    /* Not found. */
330 }
331 
332 
333 /* Repeatedly scan debugInfo_list, looking for DebugInfos with text
334    AVMAs intersecting [start,start+length), and call discard_DebugInfo
335    to get rid of them.  This modifies the list, hence the multiple
336    iterations.  Returns True iff any such DebugInfos were found.
337 */
discard_syms_in_range(Addr start,SizeT length)338 static Bool discard_syms_in_range ( Addr start, SizeT length )
339 {
340    Bool       anyFound = False;
341    Bool       found;
342    DebugInfo* curr;
343 
344    while (True) {
345       found = False;
346 
347       curr = debugInfo_list;
348       while (True) {
349          if (curr == NULL)
350             break;
351          if (curr->text_present
352              && curr->text_size > 0
353              && (start+length - 1 < curr->text_avma
354                  || curr->text_avma + curr->text_size - 1 < start)) {
355             /* no overlap */
356 	 } else {
357 	    found = True;
358 	    break;
359 	 }
360 	 curr = curr->next;
361       }
362 
363       if (!found) break;
364       anyFound = True;
365       discard_DebugInfo( curr );
366    }
367 
368    return anyFound;
369 }
370 
371 
372 /* Does [s1,+len1) overlap [s2,+len2) ?  Note: does not handle
373    wraparound at the end of the address space -- just asserts in that
374    case. */
ranges_overlap(Addr s1,SizeT len1,Addr s2,SizeT len2)375 static Bool ranges_overlap (Addr s1, SizeT len1, Addr s2, SizeT len2 )
376 {
377    Addr e1, e2;
378    if (len1 == 0 || len2 == 0)
379       return False;
380    e1 = s1 + len1 - 1;
381    e2 = s2 + len2 - 1;
382    /* Assert that we don't have wraparound.  If we do it would imply
383       that file sections are getting mapped around the end of the
384       address space, which sounds unlikely. */
385    vg_assert(s1 <= e1);
386    vg_assert(s2 <= e2);
387    if (e1 < s2 || e2 < s1) return False;
388    return True;
389 }
390 
391 
392 /* Do the basic mappings of the two DebugInfos overlap in any way? */
do_DebugInfos_overlap(DebugInfo * di1,DebugInfo * di2)393 static Bool do_DebugInfos_overlap ( DebugInfo* di1, DebugInfo* di2 )
394 {
395    Word i, j;
396    vg_assert(di1);
397    vg_assert(di2);
398    for (i = 0; i < VG_(sizeXA)(di1->fsm.maps); i++) {
399       struct _DebugInfoMapping* map1 = VG_(indexXA)(di1->fsm.maps, i);
400       for (j = 0; j < VG_(sizeXA)(di2->fsm.maps); j++) {
401          struct _DebugInfoMapping* map2 = VG_(indexXA)(di2->fsm.maps, j);
402          if (ranges_overlap(map1->avma, map1->size, map2->avma, map2->size))
403             return True;
404       }
405    }
406 
407    return False;
408 }
409 
410 
411 /* Discard all elements of debugInfo_list whose .mark bit is set.
412 */
discard_marked_DebugInfos(void)413 static void discard_marked_DebugInfos ( void )
414 {
415    DebugInfo* curr;
416 
417    while (True) {
418 
419       curr = debugInfo_list;
420       while (True) {
421          if (!curr)
422             break;
423          if (curr->mark)
424             break;
425 	 curr = curr->next;
426       }
427 
428       if (!curr) break;
429       discard_DebugInfo( curr );
430 
431    }
432 }
433 
434 
435 /* Discard any elements of debugInfo_list which overlap with diRef.
436    Clearly diRef must have its mapping information set to something sane. */
discard_DebugInfos_which_overlap_with(DebugInfo * diRef)437 static void discard_DebugInfos_which_overlap_with ( DebugInfo* diRef )
438 {
439    DebugInfo* di;
440    /* Mark all the DebugInfos in debugInfo_list that need to be
441       deleted.  First, clear all the mark bits; then set them if they
442       overlap with siRef.  Since siRef itself is in this list we at
443       least expect its own mark bit to be set. */
444    for (di = debugInfo_list; di; di = di->next) {
445       di->mark = do_DebugInfos_overlap( di, diRef );
446       if (di == diRef) {
447          vg_assert(di->mark);
448          di->mark = False;
449       }
450    }
451    discard_marked_DebugInfos();
452 }
453 
454 
455 /* Find the existing DebugInfo for |filename| or if not found, create
456    one.  In the latter case |filename| is strdup'd into VG_AR_DINFO,
457    and the new DebugInfo is added to debugInfo_list. */
find_or_create_DebugInfo_for(UChar * filename)458 static DebugInfo* find_or_create_DebugInfo_for ( UChar* filename )
459 {
460    DebugInfo* di;
461    vg_assert(filename);
462    for (di = debugInfo_list; di; di = di->next) {
463       vg_assert(di->fsm.filename);
464       if (0==VG_(strcmp)(di->fsm.filename, filename))
465          break;
466    }
467    if (!di) {
468       di = alloc_DebugInfo(filename);
469       vg_assert(di);
470       di->next = debugInfo_list;
471       debugInfo_list = di;
472    }
473    return di;
474 }
475 
476 
477 /* Debuginfo reading for 'di' has just been successfully completed.
478    Check that the invariants stated in
479    "Comment_on_IMPORTANT_CFSI_REPRESENTATIONAL_INVARIANTS" in
480    priv_storage.h are observed. */
check_CFSI_related_invariants(DebugInfo * di)481 static void check_CFSI_related_invariants ( DebugInfo* di )
482 {
483    DebugInfo* di2 = NULL;
484    Bool has_nonempty_rx = False;
485    Bool cfsi_fits = False;
486    Word i, j;
487    vg_assert(di);
488    /* This fn isn't called until after debuginfo for this object has
489       been successfully read.  And that shouldn't happen until we have
490       both a r-x and rw- mapping for the object.  Hence: */
491    vg_assert(di->fsm.have_rx_map);
492    vg_assert(di->fsm.have_rw_map);
493    for (i = 0; i < VG_(sizeXA)(di->fsm.maps); i++) {
494       struct _DebugInfoMapping* map = VG_(indexXA)(di->fsm.maps, i);
495       /* We are interested in r-x mappings only */
496       if (!map->rx)
497          continue;
498 
499       /* degenerate case: r-x section is empty */
500       if (map->size == 0)
501          continue;
502       has_nonempty_rx = True;
503 
504       /* normal case: r-x section is nonempty */
505       /* invariant (0) */
506       vg_assert(map->size > 0);
507 
508       /* invariant (1) */
509       for (di2 = debugInfo_list; di2; di2 = di2->next) {
510          if (di2 == di)
511             continue;
512          for (j = 0; j < VG_(sizeXA)(di2->fsm.maps); j++) {
513             struct _DebugInfoMapping* map2 = VG_(indexXA)(di2->fsm.maps, j);
514             if (!map2->rx || map2->size == 0)
515                continue;
516             vg_assert(!ranges_overlap(map->avma,  map->size,
517                                       map2->avma, map2->size));
518          }
519       }
520       di2 = NULL;
521 
522       /* invariant (2) */
523       if (di->cfsi) {
524          vg_assert(di->cfsi_minavma <= di->cfsi_maxavma); /* duh! */
525          /* Assume the csfi fits completely into one individual mapping
526             for now. This might need to be improved/reworked later. */
527          if (di->cfsi_minavma >= map->avma &&
528              di->cfsi_maxavma <  map->avma + map->size)
529             cfsi_fits = True;
530       }
531    }
532 
533    /* degenerate case: all r-x sections are empty */
534    if (!has_nonempty_rx) {
535       vg_assert(di->cfsi == NULL);
536       return;
537    }
538 
539    /* invariant (2) - cont. */
540    if (di->cfsi)
541       vg_assert(cfsi_fits);
542 
543    /* invariants (3) and (4) */
544    if (di->cfsi) {
545       vg_assert(di->cfsi_used > 0);
546       vg_assert(di->cfsi_size > 0);
547       for (i = 0; i < di->cfsi_used; i++) {
548          DiCfSI* cfsi = &di->cfsi[i];
549          vg_assert(cfsi->len > 0);
550          vg_assert(cfsi->base >= di->cfsi_minavma);
551          vg_assert(cfsi->base + cfsi->len - 1 <= di->cfsi_maxavma);
552          if (i > 0) {
553             DiCfSI* cfsip = &di->cfsi[i-1];
554             vg_assert(cfsip->base + cfsip->len <= cfsi->base);
555          }
556       }
557    } else {
558       vg_assert(di->cfsi_used == 0);
559       vg_assert(di->cfsi_size == 0);
560    }
561 }
562 
563 
564 /*--------------------------------------------------------------*/
565 /*---                                                        ---*/
566 /*--- TOP LEVEL: INITIALISE THE DEBUGINFO SYSTEM             ---*/
567 /*---                                                        ---*/
568 /*--------------------------------------------------------------*/
569 
VG_(di_initialise)570 void VG_(di_initialise) ( void )
571 {
572    /* There's actually very little to do here, since everything
573       centers around the DebugInfos in debugInfo_list, they are
574       created and destroyed on demand, and each one is treated more or
575       less independently. */
576    vg_assert(debugInfo_list == NULL);
577 
578    /* flush the CFI fast query cache. */
579    cfsi_cache__invalidate();
580 }
581 
582 
583 /*--------------------------------------------------------------*/
584 /*---                                                        ---*/
585 /*--- TOP LEVEL: NOTIFICATION (ACQUIRE/DISCARD INFO) (LINUX) ---*/
586 /*---                                                        ---*/
587 /*--------------------------------------------------------------*/
588 
589 #if defined(VGO_linux)  ||  defined(VGO_darwin)
590 
591 /* The debug info system is driven by notifications that a text
592    segment has been mapped in, or unmapped, or when sections change
593    permission.  It's all a bit kludgey and basically means watching
594    syscalls, trying to second-guess when the system's dynamic linker
595    is done with mapping in a new object for execution.  This is all
596    tracked using the DebugInfoFSM struct for the object.  Anyway, once
597    we finally decide we've got to an accept state, this section then
598    will acquire whatever info is available for the corresponding
599    object.  This section contains the notification handlers, which
600    update the FSM and determine when an accept state has been reached.
601 */
602 
603 /* When the sequence of observations causes a DebugInfoFSM to move
604    into the accept state, call here to actually get the debuginfo read
605    in.  Returns a ULong whose purpose is described in comments
606    preceding VG_(di_notify_mmap) just below.
607 */
di_notify_ACHIEVE_ACCEPT_STATE(struct _DebugInfo * di)608 static ULong di_notify_ACHIEVE_ACCEPT_STATE ( struct _DebugInfo* di )
609 {
610    ULong di_handle;
611    Bool  ok;
612 
613    vg_assert(di->fsm.filename);
614    TRACE_SYMTAB("\n");
615    TRACE_SYMTAB("------ start ELF OBJECT "
616                 "------------------------------\n");
617    TRACE_SYMTAB("------ name = %s\n", di->fsm.filename);
618    TRACE_SYMTAB("\n");
619 
620    /* We're going to read symbols and debug info for the avma
621       ranges specified in the _DebugInfoFsm mapping array. First
622       get rid of any other DebugInfos which overlap any of those
623       ranges (to avoid total confusion). */
624    discard_DebugInfos_which_overlap_with( di );
625 
626    /* .. and acquire new info. */
627 #  if defined(VGO_linux)
628    ok = ML_(read_elf_debug_info)( di );
629 #  elif defined(VGO_darwin)
630    ok = ML_(read_macho_debug_info)( di );
631 #  else
632 #    error "unknown OS"
633 #  endif
634 
635    if (ok) {
636 
637       TRACE_SYMTAB("\n------ Canonicalising the "
638                    "acquired info ------\n");
639       /* invalidate the CFI unwind cache. */
640       cfsi_cache__invalidate();
641       /* prepare read data for use */
642       ML_(canonicaliseTables)( di );
643       /* notify m_redir about it */
644       TRACE_SYMTAB("\n------ Notifying m_redir ------\n");
645       VG_(redir_notify_new_DebugInfo)( di );
646       /* Note that we succeeded */
647       di->have_dinfo = True;
648       tl_assert(di->handle > 0);
649       di_handle = di->handle;
650       /* Check invariants listed in
651          Comment_on_IMPORTANT_REPRESENTATIONAL_INVARIANTS in
652          priv_storage.h. */
653       check_CFSI_related_invariants(di);
654 
655    } else {
656       TRACE_SYMTAB("\n------ ELF reading failed ------\n");
657       /* Something went wrong (eg. bad ELF file).  Should we delete
658          this DebugInfo?  No - it contains info on the rw/rx
659          mappings, at least. */
660       di_handle = 0;
661       vg_assert(di->have_dinfo == False);
662    }
663 
664    TRACE_SYMTAB("\n");
665    TRACE_SYMTAB("------ name = %s\n", di->fsm.filename);
666    TRACE_SYMTAB("------ end ELF OBJECT "
667                 "------------------------------\n");
668    TRACE_SYMTAB("\n");
669 
670    return di_handle;
671 }
672 
673 
674 /* Notify the debuginfo system about a new mapping.  This is the way
675    new debug information gets loaded.  If allow_SkFileV is True, it
676    will try load debug info if the mapping at 'a' belongs to Valgrind;
677    whereas normally (False) it will not do that.  This allows us to
678    carefully control when the thing will read symbols from the
679    Valgrind executable itself.
680 
681    If use_fd is not -1, that is used instead of the filename; this
682    avoids perturbing fcntl locks, which are released by simply
683    re-opening and closing the same file (even via different fd!).
684 
685    If a call to VG_(di_notify_mmap) causes debug info to be read, then
686    the returned ULong is an abstract handle which can later be used to
687    refer to the debuginfo read as a result of this specific mapping,
688    in later queries to m_debuginfo.  In this case the handle value
689    will be one or above.  If the returned value is zero, no debug info
690    was read. */
691 
VG_(di_notify_mmap)692 ULong VG_(di_notify_mmap)( Addr a, Bool allow_SkFileV, Int use_fd )
693 {
694    NSegment const * seg;
695    HChar*     filename;
696    Bool       is_rx_map, is_rw_map, is_ro_map;
697    DebugInfo* di;
698    Int        actual_fd, oflags;
699    SysRes     preadres;
700    HChar      buf1k[1024];
701    Bool       debug = False;
702    SysRes     statres;
703    struct vg_stat statbuf;
704 
705    vg_assert(use_fd >= -1);
706 
707    /* In short, figure out if this mapping is of interest to us, and
708       if so, try to guess what ld.so is doing and when/if we should
709       read debug info. */
710    seg = VG_(am_find_nsegment)(a);
711    vg_assert(seg);
712 
713    if (debug)
714       VG_(printf)("di_notify_mmap-1: %#lx-%#lx %c%c%c\n",
715                   seg->start, seg->end,
716                   seg->hasR ? 'r' : '-',
717                   seg->hasW ? 'w' : '-',seg->hasX ? 'x' : '-' );
718 
719    /* guaranteed by aspacemgr-linux.c, sane_NSegment() */
720    vg_assert(seg->end > seg->start);
721 
722    /* Ignore non-file mappings */
723    if ( ! (seg->kind == SkFileC
724            || (seg->kind == SkFileV && allow_SkFileV)) )
725       return 0;
726 
727    /* If the file doesn't have a name, we're hosed.  Give up. */
728    filename = VG_(am_get_filename)( (NSegment*)seg );
729    if (!filename)
730       return 0;
731 
732    if (debug)
733       VG_(printf)("di_notify_mmap-2: %s\n", filename);
734 
735    /* Only try to read debug information from regular files.  */
736    statres = VG_(stat)(filename, &statbuf);
737 
738    /* stat dereferences symlinks, so we don't expect it to succeed and
739       yet produce something that is a symlink. */
740    vg_assert(sr_isError(statres) || ! VKI_S_ISLNK(statbuf.mode));
741 
742    /* Don't let the stat call fail silently.  Filter out some known
743       sources of noise before complaining, though. */
744    if (sr_isError(statres)) {
745       DebugInfo fake_di;
746       Bool quiet = VG_(strstr)(filename, "/var/run/nscd/") != NULL;
747       if (!quiet && VG_(clo_verbosity) > 1) {
748          VG_(memset)(&fake_di, 0, sizeof(fake_di));
749          fake_di.fsm.filename = filename;
750          ML_(symerr)(&fake_di, True, "failed to stat64/stat this file");
751       }
752       return 0;
753    }
754 
755    /* Finally, the point of all this stattery: if it's not a regular file,
756       don't try to read debug info from it. */
757    if (! VKI_S_ISREG(statbuf.mode))
758       return 0;
759 
760    /* no uses of statbuf below here. */
761 
762    /* Now we have to guess if this is a text-like mapping, a data-like
763       mapping, neither or both.  The rules are:
764 
765         text if:   x86-linux    r and x
766                    other-linux  r and x and not w
767 
768         data if:   x86-linux    r and w
769                    other-linux  r and w and not x
770 
771       Background: On x86-linux, objects are typically mapped twice:
772 
773       1b8fb000-1b8ff000 r-xp 00000000 08:02 4471477 vgpreload_memcheck.so
774       1b8ff000-1b900000 rw-p 00004000 08:02 4471477 vgpreload_memcheck.so
775 
776       whereas ppc32-linux mysteriously does this:
777 
778       118a6000-118ad000 r-xp 00000000 08:05 14209428 vgpreload_memcheck.so
779       118ad000-118b6000 ---p 00007000 08:05 14209428 vgpreload_memcheck.so
780       118b6000-118bd000 rwxp 00000000 08:05 14209428 vgpreload_memcheck.so
781 
782       The third mapping should not be considered to have executable
783       code in.  Therefore a test which works for both is: r and x and
784       NOT w.  Reading symbols from the rwx segment -- which overlaps
785       the r-x segment in the file -- causes the redirection mechanism
786       to redirect to addresses in that third segment, which is wrong
787       and causes crashes.
788 
789       JRS 28 Dec 05: unfortunately icc 8.1 on x86 has been seen to
790       produce executables with a single rwx segment rather than a
791       (r-x,rw-) pair. That means the rules have to be modified thusly:
792 
793       x86-linux:   consider if r and x
794       all others:  consider if r and x and not w
795 
796       2009 Aug 16: apply similar kludge to ppc32-linux.
797       See http://bugs.kde.org/show_bug.cgi?id=190820
798 
799       There are two modes on s390x: with and without the noexec kernel
800       parameter. Together with some older kernels, this leads to several
801       variants:
802       executable: r and x
803       data:       r and w and x
804       or
805       executable: r and x
806       data:       r and w
807    */
808    is_rx_map = False;
809    is_rw_map = False;
810    is_ro_map = False;
811 
812 #  if defined(VGA_x86) || defined(VGA_ppc32) || defined(VGA_mips32)
813    is_rx_map = seg->hasR && seg->hasX;
814    is_rw_map = seg->hasR && seg->hasW;
815 #  elif defined(VGA_amd64) || defined(VGA_ppc64) || defined(VGA_arm)
816    is_rx_map = seg->hasR && seg->hasX && !seg->hasW;
817    is_rw_map = seg->hasR && seg->hasW && !seg->hasX;
818 #  elif defined(VGP_s390x_linux)
819    is_rx_map = seg->hasR && seg->hasX && !seg->hasW;
820    is_rw_map = seg->hasR && seg->hasW;
821 #  else
822 #    error "Unknown platform"
823 #  endif
824 
825 #  if defined(VGP_x86_darwin) && DARWIN_VERS == DARWIN_10_7
826    is_ro_map = seg->hasR && !seg->hasW && !seg->hasX;
827 #  endif
828 
829    if (debug)
830       VG_(printf)("di_notify_mmap-3: is_rx_map %d, is_rw_map %d\n",
831                   (Int)is_rx_map, (Int)is_rw_map);
832 
833    /* Ignore mappings with permissions we can't possibly be interested in. */
834    if (!(is_rx_map || is_rw_map || is_ro_map))
835       return 0;
836 
837    /* Peer at the first few bytes of the file, to see if it is an ELF */
838    /* object file. Ignore the file if we do not have read permission. */
839    VG_(memset)(buf1k, 0, sizeof(buf1k));
840    oflags = VKI_O_RDONLY;
841 #  if defined(VKI_O_LARGEFILE)
842    oflags |= VKI_O_LARGEFILE;
843 #  endif
844 
845    if (use_fd == -1) {
846       SysRes fd = VG_(open)( filename, oflags, 0 );
847       if (sr_isError(fd)) {
848          if (sr_Err(fd) != VKI_EACCES) {
849             DebugInfo fake_di;
850             VG_(memset)(&fake_di, 0, sizeof(fake_di));
851             fake_di.fsm.filename = filename;
852             ML_(symerr)(&fake_di, True,
853                         "can't open file to inspect ELF header");
854          }
855          return 0;
856       }
857       actual_fd = sr_Res(fd);
858    } else {
859       actual_fd = use_fd;
860    }
861 
862    preadres = VG_(pread)( actual_fd, buf1k, sizeof(buf1k), 0 );
863    if (use_fd == -1) {
864       VG_(close)( actual_fd );
865    }
866 
867    if (sr_isError(preadres)) {
868       DebugInfo fake_di;
869       VG_(memset)(&fake_di, 0, sizeof(fake_di));
870       fake_di.fsm.filename = filename;
871       ML_(symerr)(&fake_di, True, "can't read file to inspect ELF header");
872       return 0;
873    }
874    if (sr_Res(preadres) == 0)
875       return 0;
876    vg_assert(sr_Res(preadres) > 0 && sr_Res(preadres) <= sizeof(buf1k) );
877 
878    /* We're only interested in mappings of object files. */
879 #  if defined(VGO_linux)
880    if (!ML_(is_elf_object_file)( buf1k, (SizeT)sr_Res(preadres), False ))
881       return 0;
882 #  elif defined(VGO_darwin)
883    if (!ML_(is_macho_object_file)( buf1k, (SizeT)sr_Res(preadres) ))
884       return 0;
885 #  else
886 #    error "unknown OS"
887 #  endif
888 
889    /* See if we have a DebugInfo for this filename.  If not,
890       create one. */
891    di = find_or_create_DebugInfo_for( filename );
892    vg_assert(di);
893 
894    /* Note the details about the mapping. */
895    struct _DebugInfoMapping map;
896    map.avma = a;
897    map.size = seg->end + 1 - seg->start;
898    map.foff = seg->offset;
899    map.rx   = is_rx_map;
900    map.rw   = is_rw_map;
901    map.ro   = is_ro_map;
902    VG_(addToXA)(di->fsm.maps, &map);
903 
904    /* Update flags about what kind of mappings we've already seen. */
905    di->fsm.have_rx_map |= is_rx_map;
906    di->fsm.have_rw_map |= is_rw_map;
907    di->fsm.have_ro_map |= is_ro_map;
908 
909    /* So, finally, are we in an accept state? */
910    if (di->fsm.have_rx_map && di->fsm.have_rw_map && !di->have_dinfo) {
911       /* Ok, so, finally, we found what we need, and we haven't
912          already read debuginfo for this object.  So let's do so now.
913          Yee-ha! */
914       return di_notify_ACHIEVE_ACCEPT_STATE ( di );
915    } else {
916       /* If we don't have an rx and rw mapping, or if we already have
917          debuginfo for this mapping for whatever reason, go no
918          further. */
919       return 0;
920    }
921 }
922 
923 
924 /* Unmap is simpler - throw away any SegInfos intersecting
925    [a, a+len).  */
VG_(di_notify_munmap)926 void VG_(di_notify_munmap)( Addr a, SizeT len )
927 {
928    Bool anyFound;
929    if (0) VG_(printf)("DISCARD %#lx %#lx\n", a, a+len);
930    anyFound = discard_syms_in_range(a, len);
931    if (anyFound)
932       cfsi_cache__invalidate();
933 }
934 
935 
936 /* Uh, this doesn't do anything at all.  IIRC glibc (or ld.so, I don't
937    remember) does a bunch of mprotects on itself, and if we follow
938    through here, it causes the debug info for that object to get
939    discarded. */
VG_(di_notify_mprotect)940 void VG_(di_notify_mprotect)( Addr a, SizeT len, UInt prot )
941 {
942    Bool exe_ok = toBool(prot & VKI_PROT_EXEC);
943 #  if defined(VGA_x86)
944    exe_ok = exe_ok || toBool(prot & VKI_PROT_READ);
945 #  endif
946    if (0 && !exe_ok) {
947       Bool anyFound = discard_syms_in_range(a, len);
948       if (anyFound)
949          cfsi_cache__invalidate();
950    }
951 }
952 
953 
954 /* This is a MacOSX 10.7 32-bit only special.  See comments on the
955    declaration of struct _DebugInfoFSM for details. */
VG_(di_notify_vm_protect)956 void VG_(di_notify_vm_protect)( Addr a, SizeT len, UInt prot )
957 {
958    Bool do_nothing = True;
959 #  if defined(VGP_x86_darwin) && (DARWIN_VERS == DARWIN_10_7 || DARWIN_VERS == DARWIN_10_8)
960    do_nothing = False;
961 #  endif
962    if (do_nothing /* wrong platform */)
963       return;
964 
965    Bool r_ok = toBool(prot & VKI_PROT_READ);
966    Bool w_ok = toBool(prot & VKI_PROT_WRITE);
967    Bool x_ok = toBool(prot & VKI_PROT_EXEC);
968    if (! (r_ok && !w_ok && x_ok))
969       return; /* not an upgrade to r-x */
970 
971    /* Find a DebugInfo containing a FSM that has [a, +len) previously
972       observed as a r-- mapping, plus some other rw- mapping.  If such
973       is found, conclude we're in an accept state and read debuginfo
974       accordingly. */
975    DebugInfo* di;
976    struct _DebugInfoMapping *map = NULL;
977    Word i;
978    for (di = debugInfo_list; di; di = di->next) {
979       vg_assert(di->fsm.filename);
980       if (di->have_dinfo)
981          continue; /* already have debuginfo for this object */
982       if (!di->fsm.have_ro_map)
983          continue; /* need to have a r-- mapping for this object */
984       if (di->fsm.have_rx_map)
985          continue; /* rx- mapping already exists */
986       if (!di->fsm.have_rw_map)
987          continue; /* need to have a rw- mapping */
988       /* Try to find a mapping matching the memory area. */
989       for (i = 0; i < VG_(sizeXA)(di->fsm.maps); i++) {
990          map = (struct _DebugInfoMapping*)VG_(indexXA)(di->fsm.maps, i);
991          if (map->ro && map->avma == a && map->size == len)
992             break;
993          map = NULL;
994       }
995       if (!map)
996          continue; /* this isn't an upgrade of an r-- mapping */
997       /* looks like we're in luck! */
998       break;
999    }
1000    if (di == NULL)
1001       return; /* didn't find anything */
1002 
1003    /* Do the upgrade.  Simply update the flags of the mapping
1004       and pretend we never saw the RO map at all. */
1005    vg_assert(di->fsm.have_ro_map);
1006    map->rx = True;
1007    map->ro = False;
1008    di->fsm.have_rx_map = True;
1009    di->fsm.have_ro_map = False;
1010    /* See if there are any more ro mappings */
1011    for (i = 0; i < VG_(sizeXA)(di->fsm.maps); i++) {
1012       map = (struct _DebugInfoMapping*)VG_(indexXA)(di->fsm.maps, i);
1013       if (map->ro) {
1014          di->fsm.have_ro_map = True;
1015          break;
1016       }
1017    }
1018 
1019    /* Check if we're now in an accept state and read debuginfo.  Finally. */
1020    if (di->fsm.have_rx_map && di->fsm.have_rw_map && !di->have_dinfo) {
1021       ULong di_handle __attribute__((unused))
1022          = di_notify_ACHIEVE_ACCEPT_STATE( di );
1023       /* di_handle is ignored. That's not a problem per se -- it just
1024          means nobody will ever be able to refer to this debuginfo by
1025          handle since nobody will know what the handle value is. */
1026    }
1027 }
1028 
1029 
1030 /*--------- PDB (windows debug info) reading --------- */
1031 
1032 /* this should really return ULong, as per VG_(di_notify_mmap). */
VG_(di_notify_pdb_debuginfo)1033 void VG_(di_notify_pdb_debuginfo)( Int fd_obj, Addr avma_obj,
1034                                    SizeT total_size, PtrdiffT bias_obj )
1035 {
1036    Int    i, r, sz_exename;
1037    ULong  obj_mtime, pdb_mtime;
1038    Char   exename[VKI_PATH_MAX];
1039    Char*  pdbname = NULL;
1040    Char*  dot;
1041    SysRes sres;
1042    Int    fd_pdbimage;
1043    SizeT  n_pdbimage;
1044    struct vg_stat stat_buf;
1045 
1046    if (VG_(clo_verbosity) > 0) {
1047       VG_(message)(Vg_UserMsg, "\n");
1048       VG_(message)(Vg_UserMsg,
1049          "LOAD_PDB_DEBUGINFO: clreq:   fd=%d, avma=%#lx, total_size=%lu, "
1050          "bias=%#lx\n",
1051          fd_obj, avma_obj, total_size, bias_obj
1052       );
1053    }
1054 
1055    /* 'fd' refers to the .exe/.dll we're dealing with.  Get its modification
1056       time into obj_mtime. */
1057    r = VG_(fstat)(fd_obj, &stat_buf);
1058    if (r == -1)
1059       goto out; /* stat failed ?! */
1060    vg_assert(r == 0);
1061    obj_mtime = stat_buf.mtime;
1062 
1063    /* and get its name into exename[]. */
1064    vg_assert(VKI_PATH_MAX > 100); /* to ensure /proc/self/fd/%d is safe */
1065    VG_(memset)(exename, 0, sizeof(exename));
1066    VG_(sprintf)(exename, "/proc/self/fd/%d", fd_obj);
1067    /* convert exename from a symlink to real name .. overwrites the
1068       old contents of the buffer.  Ick. */
1069    sz_exename = VG_(readlink)(exename, exename, sizeof(exename)-2 );
1070    if (sz_exename == -1)
1071       goto out; /* readlink failed ?! */
1072    vg_assert(sz_exename >= 0 && sz_exename < sizeof(exename));
1073    vg_assert(exename[sizeof(exename)-1] == 0);
1074 
1075    if (VG_(clo_verbosity) > 0) {
1076       VG_(message)(Vg_UserMsg, "LOAD_PDB_DEBUGINFO: objname: %s\n", exename);
1077    }
1078 
1079    /* Try to get the PDB file name from the executable. */
1080    pdbname = ML_(find_name_of_pdb_file)(exename);
1081    if (pdbname) {
1082       vg_assert(VG_(strlen)(pdbname) >= 5); /* 5 = strlen("X.pdb") */
1083       /* So we successfully extracted a name from the PE file.  But it's
1084          likely to be of the form
1085             e:\foo\bar\xyzzy\wibble.pdb
1086          and we need to change it into something we can actually open
1087          in Wine-world, which basically means turning it into
1088             $HOME/.wine/drive_e/foo/bar/xyzzy/wibble.pdb
1089          We also take into account $WINEPREFIX, if it is set.
1090          For the moment, if the name isn't fully qualified, just forget it
1091          (we'd have to root around to find where the pdb actually is)
1092       */
1093       /* Change all the backslashes to forward slashes */
1094       for (i = 0; pdbname[i]; i++) {
1095          if (pdbname[i] == '\\')
1096             pdbname[i] = '/';
1097       }
1098       Bool is_quald
1099          = ('a' <= VG_(tolower)(pdbname[0]) && VG_(tolower)(pdbname[0]) <= 'z')
1100            && pdbname[1] == ':'
1101            && pdbname[2] == '/';
1102       HChar* home = VG_(getenv)("HOME");
1103       HChar* wpfx = VG_(getenv)("WINEPREFIX");
1104       if (is_quald && wpfx) {
1105          /* Change e:/foo/bar/xyzzy/wibble.pdb
1106                 to $WINEPREFIX/drive_e/foo/bar/xyzzy/wibble.pdb
1107          */
1108          Int mashedSzB = VG_(strlen)(pdbname) + VG_(strlen)(wpfx) + 50/*misc*/;
1109          HChar* mashed = ML_(dinfo_zalloc)("di.debuginfo.dnpdi.1", mashedSzB);
1110          VG_(snprintf)(mashed, mashedSzB, "%s/drive_%c%s",
1111                        wpfx, pdbname[0], &pdbname[2]);
1112          vg_assert(mashed[mashedSzB-1] == 0);
1113          ML_(dinfo_free)(pdbname);
1114          pdbname = mashed;
1115       }
1116       else if (is_quald && home && !wpfx) {
1117          /* Change e:/foo/bar/xyzzy/wibble.pdb
1118                 to $HOME/.wine/drive_e/foo/bar/xyzzy/wibble.pdb
1119          */
1120          Int mashedSzB = VG_(strlen)(pdbname) + VG_(strlen)(home) + 50/*misc*/;
1121          HChar* mashed = ML_(dinfo_zalloc)("di.debuginfo.dnpdi.2", mashedSzB);
1122          VG_(snprintf)(mashed, mashedSzB, "%s/.wine/drive_%c%s",
1123 		       home, pdbname[0], &pdbname[2]);
1124          vg_assert(mashed[mashedSzB-1] == 0);
1125          ML_(dinfo_free)(pdbname);
1126          pdbname = mashed;
1127       } else {
1128          /* It's not a fully qualified path, or neither $HOME nor $WINE
1129             are set (strange).  Give up. */
1130          ML_(dinfo_free)(pdbname);
1131          pdbname = NULL;
1132       }
1133    }
1134 
1135    /* Try s/exe/pdb/ if we don't have a valid pdbname. */
1136    if (!pdbname) {
1137       /* Try to find a matching PDB file from which to read debuginfo.
1138          Windows PE files have symbol tables and line number information,
1139          but MSVC doesn't seem to use them. */
1140       /* Why +5 ?  Because in the worst case, we could find a dot as the
1141          last character of pdbname, and we'd then put "pdb" right after
1142          it, hence extending it a bit. */
1143       pdbname = ML_(dinfo_zalloc)("di.debuginfo.lpd1", sz_exename+5);
1144       VG_(strcpy)(pdbname, exename);
1145       vg_assert(pdbname[sz_exename+5-1] == 0);
1146       dot = VG_(strrchr)(pdbname, '.');
1147       if (!dot)
1148          goto out; /* there's no dot in the exe's name ?! */
1149       if (dot[1] == 0)
1150          goto out; /* hmm, path ends in "." */
1151 
1152       if ('A' <= dot[1] && dot[1] <= 'Z')
1153          VG_(strcpy)(dot, ".PDB");
1154       else
1155          VG_(strcpy)(dot, ".pdb");
1156 
1157       vg_assert(pdbname[sz_exename+5-1] == 0);
1158    }
1159 
1160    /* See if we can find it, and check it's in-dateness. */
1161    sres = VG_(stat)(pdbname, &stat_buf);
1162    if (sr_isError(sres)) {
1163       VG_(message)(Vg_UserMsg, "Warning: Missing or un-stat-able %s\n",
1164                                pdbname);
1165    if (VG_(clo_verbosity) > 0)
1166       VG_(message)(Vg_UserMsg, "LOAD_PDB_DEBUGINFO: missing: %s\n", pdbname);
1167       goto out;
1168    }
1169    pdb_mtime = stat_buf.mtime;
1170 
1171    if (obj_mtime > pdb_mtime + 60ULL) {
1172       /* PDB file is older than PE file.  Really, the PDB should be
1173          newer than the PE, but that doesn't always seem to be the
1174          case.  Allow the PDB to be up to one minute older.
1175          Otherwise, it's probably out of date, in which case ignore it
1176          or we will either (a) print wrong stack traces or more likely
1177          (b) crash.
1178       */
1179       VG_(message)(Vg_UserMsg,
1180                    "Warning:       %s (mtime = %llu)\n"
1181                    " is older than %s (mtime = %llu)\n",
1182                    pdbname, pdb_mtime, exename, obj_mtime);
1183    }
1184 
1185    sres = VG_(open)(pdbname, VKI_O_RDONLY, 0);
1186    if (sr_isError(sres)) {
1187       VG_(message)(Vg_UserMsg, "Warning: Can't open %s\n", pdbname);
1188       goto out;
1189    }
1190 
1191    /* Looks promising; go on to try and read stuff from it.  But don't
1192       mmap the file.  Instead mmap free space and read the file into
1193       it.  This is because files on CIFS filesystems that are mounted
1194       '-o directio' can't be mmap'd, and that mount option is needed
1195       to make CIFS work reliably.  (See
1196       http://www.nabble.com/Corrupted-data-on-write-to-
1197                             Windows-2003-Server-t2782623.html)
1198       This is slower, but at least it works reliably. */
1199    fd_pdbimage = sr_Res(sres);
1200    n_pdbimage  = stat_buf.size;
1201    if (n_pdbimage == 0 || n_pdbimage > 0x7FFFFFFF) {
1202       // 0x7FFFFFFF: why?  Because the VG_(read) just below only
1203       // can deal with a signed int as the size of data to read,
1204       // so we can't reliably check for read failure for files
1205       // greater than that size.  Hence just skip them; we're
1206       // unlikely to encounter a PDB that large anyway.
1207       VG_(close)(fd_pdbimage);
1208       goto out;
1209    }
1210    sres = VG_(am_mmap_anon_float_valgrind)( n_pdbimage );
1211    if (sr_isError(sres)) {
1212       VG_(close)(fd_pdbimage);
1213       goto out;
1214    }
1215 
1216    void* pdbimage = (void*)sr_Res(sres);
1217    r = VG_(read)( fd_pdbimage, pdbimage, (Int)n_pdbimage );
1218    if (r < 0 || r != (Int)n_pdbimage) {
1219       VG_(am_munmap_valgrind)( (Addr)pdbimage, n_pdbimage );
1220       VG_(close)(fd_pdbimage);
1221       goto out;
1222    }
1223 
1224    if (VG_(clo_verbosity) > 0)
1225       VG_(message)(Vg_UserMsg, "LOAD_PDB_DEBUGINFO: pdbname: %s\n", pdbname);
1226 
1227    /* play safe; always invalidate the CFI cache.  I don't know if
1228       this is necessary, but anyway .. */
1229    cfsi_cache__invalidate();
1230    /* dump old info for this range, if any */
1231    discard_syms_in_range( avma_obj, total_size );
1232 
1233    { DebugInfo* di = find_or_create_DebugInfo_for(exename);
1234 
1235      /* this di must be new, since we just nuked any old stuff in the range */
1236      vg_assert(di && !di->fsm.have_rx_map && !di->fsm.have_rw_map);
1237      vg_assert(!di->have_dinfo);
1238 
1239      /* don't set up any of the di-> fields; let
1240         ML_(read_pdb_debug_info) do it. */
1241      ML_(read_pdb_debug_info)( di, avma_obj, bias_obj,
1242                                pdbimage, n_pdbimage, pdbname, pdb_mtime );
1243      // JRS fixme: take notice of return value from read_pdb_debug_info,
1244      // and handle failure
1245      vg_assert(di->have_dinfo); // fails if PDB read failed
1246      VG_(am_munmap_valgrind)( (Addr)pdbimage, n_pdbimage );
1247      VG_(close)(fd_pdbimage);
1248 
1249      if (VG_(clo_verbosity) > 0) {
1250         VG_(message)(Vg_UserMsg, "LOAD_PDB_DEBUGINFO: done:    "
1251                                  "%lu syms, %lu src locs, %lu fpo recs\n",
1252                      di->symtab_used, di->loctab_used, di->fpo_size);
1253      }
1254    }
1255 
1256   out:
1257    if (pdbname) ML_(dinfo_free)(pdbname);
1258 }
1259 
1260 #endif /* defined(VGO_linux) || defined(VGO_darwin) */
1261 
1262 
1263 /*------------------------------------------------------------*/
1264 /*---                                                      ---*/
1265 /*--- TOP LEVEL: QUERYING EXISTING DEBUG INFO              ---*/
1266 /*---                                                      ---*/
1267 /*------------------------------------------------------------*/
1268 
VG_(di_discard_ALL_debuginfo)1269 void VG_(di_discard_ALL_debuginfo)( void )
1270 {
1271    DebugInfo *di, *di2;
1272    di = debugInfo_list;
1273    while (di) {
1274       di2 = di->next;
1275       VG_(printf)("XXX rm %p\n", di);
1276       free_DebugInfo( di );
1277       di = di2;
1278    }
1279 }
1280 
1281 
ML_(find_rx_mapping)1282 struct _DebugInfoMapping* ML_(find_rx_mapping) ( struct _DebugInfo* di,
1283                                                  Addr lo, Addr hi )
1284 {
1285    Word i;
1286    vg_assert(lo <= hi);
1287 
1288    /* Optimization: Try to use the last matched rx mapping first */
1289    if (   di->last_rx_map
1290        && lo >= di->last_rx_map->avma
1291        && hi <  di->last_rx_map->avma + di->last_rx_map->size)
1292       return di->last_rx_map;
1293 
1294    for (i = 0; i < VG_(sizeXA)(di->fsm.maps); i++) {
1295       struct _DebugInfoMapping* map = VG_(indexXA)(di->fsm.maps, i);
1296       if (   map->rx && map->size > 0
1297           && lo >= map->avma && hi < map->avma + map->size) {
1298          di->last_rx_map = map;
1299          return map;
1300       }
1301    }
1302 
1303    return NULL;
1304 }
1305 
1306 
1307 /*------------------------------------------------------------*/
1308 /*--- Use of symbol table & location info to create        ---*/
1309 /*--- plausible-looking stack dumps.                       ---*/
1310 /*------------------------------------------------------------*/
1311 
1312 /* Search all symtabs that we know about to locate ptr.  If found, set
1313    *pdi to the relevant DebugInfo, and *symno to the symtab entry
1314    *number within that.  If not found, *psi is set to NULL.
1315    If findText==True,  only text symbols are searched for.
1316    If findText==False, only data symbols are searched for.
1317 */
search_all_symtabs(Addr ptr,DebugInfo ** pdi,Word * symno,Bool match_anywhere_in_sym,Bool findText)1318 static void search_all_symtabs ( Addr ptr, /*OUT*/DebugInfo** pdi,
1319                                            /*OUT*/Word* symno,
1320                                  Bool match_anywhere_in_sym,
1321                                  Bool findText )
1322 {
1323    Word       sno;
1324    DebugInfo* di;
1325    Bool       inRange;
1326 
1327    for (di = debugInfo_list; di != NULL; di = di->next) {
1328 
1329       if (findText) {
1330          /* Consider any symbol in the r-x mapped area to be text.
1331             See Comment_Regarding_Text_Range_Checks in storage.c for
1332             details. */
1333          inRange = di->fsm.have_rx_map
1334                    && (ML_(find_rx_mapping)(di, ptr, ptr) != NULL);
1335       } else {
1336          inRange = (di->data_present
1337                     && di->data_size > 0
1338                     && di->data_avma <= ptr
1339                     && ptr < di->data_avma + di->data_size)
1340                    ||
1341                    (di->sdata_present
1342                     && di->sdata_size > 0
1343                     && di->sdata_avma <= ptr
1344                     && ptr < di->sdata_avma + di->sdata_size)
1345                    ||
1346                    (di->bss_present
1347                     && di->bss_size > 0
1348                     && di->bss_avma <= ptr
1349                     && ptr < di->bss_avma + di->bss_size)
1350                    ||
1351                    (di->sbss_present
1352                     && di->sbss_size > 0
1353                     && di->sbss_avma <= ptr
1354                     && ptr < di->sbss_avma + di->sbss_size)
1355                    ||
1356                    (di->rodata_present
1357                     && di->rodata_size > 0
1358                     && di->rodata_avma <= ptr
1359                     && ptr < di->rodata_avma + di->rodata_size);
1360       }
1361 
1362       if (!inRange) continue;
1363 
1364       sno = ML_(search_one_symtab) (
1365                di, ptr, match_anywhere_in_sym, findText );
1366       if (sno == -1) goto not_found;
1367       *symno = sno;
1368       *pdi = di;
1369       return;
1370 
1371    }
1372   not_found:
1373    *pdi = NULL;
1374 }
1375 
1376 
1377 /* Search all loctabs that we know about to locate ptr.  If found, set
1378    *pdi to the relevant DebugInfo, and *locno to the loctab entry
1379    *number within that.  If not found, *pdi is set to NULL. */
search_all_loctabs(Addr ptr,DebugInfo ** pdi,Word * locno)1380 static void search_all_loctabs ( Addr ptr, /*OUT*/DebugInfo** pdi,
1381                                            /*OUT*/Word* locno )
1382 {
1383    Word       lno;
1384    DebugInfo* di;
1385    for (di = debugInfo_list; di != NULL; di = di->next) {
1386       if (di->text_present
1387           && di->text_size > 0
1388           && di->text_avma <= ptr
1389           && ptr < di->text_avma + di->text_size) {
1390          lno = ML_(search_one_loctab) ( di, ptr );
1391          if (lno == -1) goto not_found;
1392          *locno = lno;
1393          *pdi = di;
1394          return;
1395       }
1396    }
1397   not_found:
1398    *pdi = NULL;
1399 }
1400 
1401 
1402 /* The whole point of this whole big deal: map a code address to a
1403    plausible symbol name.  Returns False if no idea; otherwise True.
1404    Caller supplies buf and nbuf.  If do_cxx_demangling is False, don't do
1405    C++ demangling, regardless of VG_(clo_demangle) -- probably because the
1406    call has come from VG_(get_fnname_raw)().  findText
1407    indicates whether we're looking for a text symbol or a data symbol
1408    -- caller must choose one kind or the other. */
1409 static
get_sym_name(Bool do_cxx_demangling,Bool do_z_demangling,Bool do_below_main_renaming,Addr a,Char * buf,Int nbuf,Bool match_anywhere_in_sym,Bool show_offset,Bool findText,PtrdiffT * offsetP)1410 Bool get_sym_name ( Bool do_cxx_demangling, Bool do_z_demangling,
1411                     Bool do_below_main_renaming,
1412                     Addr a, Char* buf, Int nbuf,
1413                     Bool match_anywhere_in_sym, Bool show_offset,
1414                     Bool findText, /*OUT*/PtrdiffT* offsetP )
1415 {
1416    DebugInfo* di;
1417    Word       sno;
1418    PtrdiffT   offset;
1419 
1420    search_all_symtabs ( a, &di, &sno, match_anywhere_in_sym, findText );
1421    if (di == NULL)
1422       return False;
1423 
1424    vg_assert(di->symtab[sno].pri_name);
1425    VG_(demangle) ( do_cxx_demangling, do_z_demangling,
1426                    di->symtab[sno].pri_name, buf, nbuf );
1427 
1428    /* Do the below-main hack */
1429    // To reduce the endless nuisance of multiple different names
1430    // for "the frame below main()" screwing up the testsuite, change all
1431    // known incarnations of said into a single name, "(below main)", if
1432    // --show-below-main=yes.
1433    if ( do_below_main_renaming && ! VG_(clo_show_below_main) &&
1434         Vg_FnNameBelowMain == VG_(get_fnname_kind)(buf) )
1435    {
1436       VG_(strncpy_safely)(buf, "(below main)", nbuf);
1437    }
1438    offset = a - di->symtab[sno].addr;
1439    if (offsetP) *offsetP = offset;
1440 
1441    if (show_offset && offset != 0) {
1442       Char     buf2[12];
1443       Char*    symend = buf + VG_(strlen)(buf);
1444       Char*    end = buf + nbuf;
1445       Int      len;
1446 
1447       len = VG_(sprintf)(buf2, "%c%ld",
1448 			 offset < 0 ? '-' : '+',
1449 			 offset < 0 ? -offset : offset);
1450       vg_assert(len < (Int)sizeof(buf2));
1451 
1452       if (len < (end - symend)) {
1453 	 Char *cp = buf2;
1454 	 VG_(memcpy)(symend, cp, len+1);
1455       }
1456    }
1457 
1458    buf[nbuf-1] = 0; /* paranoia */
1459 
1460    return True;
1461 }
1462 
1463 /* ppc64-linux only: find the TOC pointer (R2 value) that should be in
1464    force at the entry point address of the function containing
1465    guest_code_addr.  Returns 0 if not known. */
VG_(get_tocptr)1466 Addr VG_(get_tocptr) ( Addr guest_code_addr )
1467 {
1468    DebugInfo* si;
1469    Word       sno;
1470    search_all_symtabs ( guest_code_addr,
1471                         &si, &sno,
1472                         True/*match_anywhere_in_fun*/,
1473                         True/*consider text symbols only*/ );
1474    if (si == NULL)
1475       return 0;
1476    else
1477       return si->symtab[sno].tocptr;
1478 }
1479 
1480 /* This is available to tools... always demangle C++ names,
1481    match anywhere in function, but don't show offsets. */
VG_(get_fnname)1482 Bool VG_(get_fnname) ( Addr a, Char* buf, Int nbuf )
1483 {
1484    return get_sym_name ( /*C++-demangle*/True, /*Z-demangle*/True,
1485                          /*below-main-renaming*/True,
1486                          a, buf, nbuf,
1487                          /*match_anywhere_in_fun*/True,
1488                          /*show offset?*/False,
1489                          /*text syms only*/True,
1490                          /*offsetP*/NULL );
1491 }
1492 
1493 /* This is available to tools... always demangle C++ names,
1494    match anywhere in function, and show offset if nonzero. */
VG_(get_fnname_w_offset)1495 Bool VG_(get_fnname_w_offset) ( Addr a, Char* buf, Int nbuf )
1496 {
1497    return get_sym_name ( /*C++-demangle*/True, /*Z-demangle*/True,
1498                          /*below-main-renaming*/True,
1499                          a, buf, nbuf,
1500                          /*match_anywhere_in_fun*/True,
1501                          /*show offset?*/True,
1502                          /*text syms only*/True,
1503                          /*offsetP*/NULL );
1504 }
1505 
1506 /* This is available to tools... always demangle C++ names,
1507    only succeed if 'a' matches first instruction of function,
1508    and don't show offsets. */
VG_(get_fnname_if_entry)1509 Bool VG_(get_fnname_if_entry) ( Addr a, Char* buf, Int nbuf )
1510 {
1511    return get_sym_name ( /*C++-demangle*/True, /*Z-demangle*/True,
1512                          /*below-main-renaming*/True,
1513                          a, buf, nbuf,
1514                          /*match_anywhere_in_fun*/False,
1515                          /*show offset?*/False,
1516                          /*text syms only*/True,
1517                          /*offsetP*/NULL );
1518 }
1519 
1520 /* This is only available to core... don't C++-demangle, don't Z-demangle,
1521    don't rename below-main, match anywhere in function, and don't show
1522    offsets. */
VG_(get_fnname_raw)1523 Bool VG_(get_fnname_raw) ( Addr a, Char* buf, Int nbuf )
1524 {
1525    return get_sym_name ( /*C++-demangle*/False, /*Z-demangle*/False,
1526                          /*below-main-renaming*/False,
1527                          a, buf, nbuf,
1528                          /*match_anywhere_in_fun*/True,
1529                          /*show offset?*/False,
1530                          /*text syms only*/True,
1531                          /*offsetP*/NULL );
1532 }
1533 
1534 /* This is only available to core... don't demangle C++ names, but do
1535    do Z-demangling and below-main-renaming, match anywhere in function, and
1536    don't show offsets. */
VG_(get_fnname_no_cxx_demangle)1537 Bool VG_(get_fnname_no_cxx_demangle) ( Addr a, Char* buf, Int nbuf )
1538 {
1539    return get_sym_name ( /*C++-demangle*/False, /*Z-demangle*/True,
1540                          /*below-main-renaming*/True,
1541                          a, buf, nbuf,
1542                          /*match_anywhere_in_fun*/True,
1543                          /*show offset?*/False,
1544                          /*text syms only*/True,
1545                          /*offsetP*/NULL );
1546 }
1547 
1548 /* mips-linux only: find the offset of current address. This is needed for
1549    stack unwinding for MIPS.
1550 */
VG_(get_inst_offset_in_function)1551 Bool VG_(get_inst_offset_in_function)( Addr a,
1552                                        /*OUT*/PtrdiffT* offset )
1553 {
1554    Char fnname[64];
1555    return get_sym_name ( /*C++-demangle*/False, /*Z-demangle*/False,
1556                          /*below-main-renaming*/False,
1557                          a, fnname, 64,
1558                          /*match_anywhere_in_sym*/True,
1559                          /*show offset?*/True,
1560                          /*data syms only please*/True,
1561                          offset );
1562 }
1563 
VG_(get_fnname_kind)1564 Vg_FnNameKind VG_(get_fnname_kind) ( Char* name )
1565 {
1566    if (VG_STREQ("main", name)) {
1567       return Vg_FnNameMain;
1568 
1569    } else if (
1570 #      if defined(VGO_linux)
1571        VG_STREQ("__libc_start_main",  name) ||  // glibc glibness
1572        VG_STREQ("generic_start_main", name) ||  // Yellow Dog doggedness
1573 #      elif defined(VGO_darwin)
1574        // See readmacho.c for an explanation of this.
1575        VG_STREQ("start_according_to_valgrind", name) ||  // Darwin, darling
1576 #      else
1577 #        error "Unknown OS"
1578 #      endif
1579        0) {
1580       return Vg_FnNameBelowMain;
1581 
1582    } else {
1583       return Vg_FnNameNormal;
1584    }
1585 }
1586 
VG_(get_fnname_kind_from_IP)1587 Vg_FnNameKind VG_(get_fnname_kind_from_IP) ( Addr ip )
1588 {
1589    // We don't need a big buffer;  all the special names are small.
1590    #define BUFLEN 50
1591    Char buf[50];
1592 
1593    // We don't demangle, because it's faster not to, and the special names
1594    // we're looking for won't be demangled.
1595    if (VG_(get_fnname_raw) ( ip, buf, BUFLEN )) {
1596       buf[BUFLEN-1] = '\0';      // paranoia
1597       return VG_(get_fnname_kind)(buf);
1598    } else {
1599       return Vg_FnNameNormal;    // Don't know the name, treat it as normal.
1600    }
1601 }
1602 
1603 /* Looks up data_addr in the collection of data symbols, and if found
1604    puts its name (or as much as will fit) into dname[0 .. n_dname-1],
1605    which is guaranteed to be zero terminated.  Also data_addr's offset
1606    from the symbol start is put into *offset. */
VG_(get_datasym_and_offset)1607 Bool VG_(get_datasym_and_offset)( Addr data_addr,
1608                                   /*OUT*/Char* dname, Int n_dname,
1609                                   /*OUT*/PtrdiffT* offset )
1610 {
1611    Bool ok;
1612    vg_assert(n_dname > 1);
1613    ok = get_sym_name ( /*C++-demangle*/False, /*Z-demangle*/False,
1614                        /*below-main-renaming*/False,
1615                        data_addr, dname, n_dname,
1616                        /*match_anywhere_in_sym*/True,
1617                        /*show offset?*/False,
1618                        /*data syms only please*/False,
1619                        offset );
1620    if (!ok)
1621       return False;
1622    dname[n_dname-1] = 0;
1623    return True;
1624 }
1625 
1626 /* Map a code address to the name of a shared object file or the
1627    executable.  Returns False if no idea; otherwise True.  Doesn't
1628    require debug info.  Caller supplies buf and nbuf. */
VG_(get_objname)1629 Bool VG_(get_objname) ( Addr a, Char* buf, Int nbuf )
1630 {
1631    DebugInfo* di;
1632    const NSegment *seg;
1633    HChar* filename;
1634    vg_assert(nbuf > 0);
1635    /* Look in the debugInfo_list to find the name.  In most cases we
1636       expect this to produce a result. */
1637    for (di = debugInfo_list; di != NULL; di = di->next) {
1638       if (di->text_present
1639           && di->text_size > 0
1640           && di->text_avma <= a
1641           && a < di->text_avma + di->text_size) {
1642          VG_(strncpy_safely)(buf, di->fsm.filename, nbuf);
1643          buf[nbuf-1] = 0;
1644          return True;
1645       }
1646    }
1647    /* Last-ditch fallback position: if we don't find the address in
1648       the debugInfo_list, ask the address space manager whether it
1649       knows the name of the file associated with this mapping.  This
1650       allows us to print the names of exe/dll files in the stack trace
1651       when running programs under wine. */
1652    if ( (seg = VG_(am_find_nsegment(a))) != NULL
1653         && (filename = VG_(am_get_filename)(seg)) != NULL ) {
1654       VG_(strncpy_safely)(buf, filename, nbuf);
1655       return True;
1656    }
1657    return False;
1658 }
1659 
1660 /* Map a code address to its DebugInfo.  Returns NULL if not found.  Doesn't
1661    require debug info. */
VG_(find_DebugInfo)1662 DebugInfo* VG_(find_DebugInfo) ( Addr a )
1663 {
1664    static UWord n_search = 0;
1665    DebugInfo* di;
1666    n_search++;
1667    for (di = debugInfo_list; di != NULL; di = di->next) {
1668       if (di->text_present
1669           && di->text_size > 0
1670           && di->text_avma <= a
1671           && a < di->text_avma + di->text_size) {
1672          if (0 == (n_search & 0xF))
1673             move_DebugInfo_one_step_forward( di );
1674          return di;
1675       }
1676    }
1677    return NULL;
1678 }
1679 
1680 /* Map a code address to a filename.  Returns True if successful.  */
VG_(get_filename)1681 Bool VG_(get_filename)( Addr a, Char* filename, Int n_filename )
1682 {
1683    DebugInfo* si;
1684    Word       locno;
1685    search_all_loctabs ( a, &si, &locno );
1686    if (si == NULL)
1687       return False;
1688    VG_(strncpy_safely)(filename, si->loctab[locno].filename, n_filename);
1689    return True;
1690 }
1691 
1692 /* Map a code address to a line number.  Returns True if successful. */
VG_(get_linenum)1693 Bool VG_(get_linenum)( Addr a, UInt* lineno )
1694 {
1695    DebugInfo* si;
1696    Word       locno;
1697    search_all_loctabs ( a, &si, &locno );
1698    if (si == NULL)
1699       return False;
1700    *lineno = si->loctab[locno].lineno;
1701 
1702    return True;
1703 }
1704 
1705 /* Map a code address to a filename/line number/dir name info.
1706    See prototype for detailed description of behaviour.
1707 */
VG_(get_filename_linenum)1708 Bool VG_(get_filename_linenum) ( Addr a,
1709                                  /*OUT*/Char* filename, Int n_filename,
1710                                  /*OUT*/Char* dirname,  Int n_dirname,
1711                                  /*OUT*/Bool* dirname_available,
1712                                  /*OUT*/UInt* lineno )
1713 {
1714    DebugInfo* si;
1715    Word       locno;
1716 
1717    vg_assert( (dirname == NULL && dirname_available == NULL)
1718               ||
1719               (dirname != NULL && dirname_available != NULL) );
1720 
1721    search_all_loctabs ( a, &si, &locno );
1722    if (si == NULL) {
1723       if (dirname_available) {
1724          *dirname_available = False;
1725          *dirname = 0;
1726       }
1727       return False;
1728    }
1729 
1730    VG_(strncpy_safely)(filename, si->loctab[locno].filename, n_filename);
1731    *lineno = si->loctab[locno].lineno;
1732 
1733    if (dirname) {
1734       /* caller wants directory info too .. */
1735       vg_assert(n_dirname > 0);
1736       if (si->loctab[locno].dirname) {
1737          /* .. and we have some */
1738          *dirname_available = True;
1739          VG_(strncpy_safely)(dirname, si->loctab[locno].dirname,
1740                                       n_dirname);
1741       } else {
1742          /* .. but we don't have any */
1743          *dirname_available = False;
1744          *dirname = 0;
1745       }
1746    }
1747 
1748    return True;
1749 }
1750 
1751 
1752 /* Map a function name to its entry point and toc pointer.  Is done by
1753    sequential search of all symbol tables, so is very slow.  To
1754    mitigate the worst performance effects, you may specify a soname
1755    pattern, and only objects matching that pattern are searched.
1756    Therefore specify "*" to search all the objects.  On TOC-afflicted
1757    platforms, a symbol is deemed to be found only if it has a nonzero
1758    TOC pointer.  */
VG_(lookup_symbol_SLOW)1759 Bool VG_(lookup_symbol_SLOW)(UChar* sopatt, UChar* name,
1760                              Addr* pEnt, Addr* pToc)
1761 {
1762    Bool     require_pToc = False;
1763    Int      i;
1764    DebugInfo* si;
1765    Bool     debug = False;
1766 #  if defined(VG_PLAT_USES_PPCTOC)
1767    require_pToc = True;
1768 #  endif
1769    for (si = debugInfo_list; si; si = si->next) {
1770       if (debug)
1771          VG_(printf)("lookup_symbol_SLOW: considering %s\n", si->soname);
1772       if (!VG_(string_match)(sopatt, si->soname)) {
1773          if (debug)
1774             VG_(printf)(" ... skip\n");
1775          continue;
1776       }
1777       for (i = 0; i < si->symtab_used; i++) {
1778          UChar* pri_name = si->symtab[i].pri_name;
1779          tl_assert(pri_name);
1780          if (0==VG_(strcmp)(name, pri_name)
1781              && (require_pToc ? si->symtab[i].tocptr : True)) {
1782             *pEnt = si->symtab[i].addr;
1783             *pToc = si->symtab[i].tocptr;
1784             return True;
1785          }
1786          UChar** sec_names = si->symtab[i].sec_names;
1787          if (sec_names) {
1788             tl_assert(sec_names[0]);
1789             while (*sec_names) {
1790                if (0==VG_(strcmp)(name, *sec_names)
1791                    && (require_pToc ? si->symtab[i].tocptr : True)) {
1792                   *pEnt = si->symtab[i].addr;
1793                   *pToc = si->symtab[i].tocptr;
1794                   return True;
1795                }
1796                sec_names++;
1797             }
1798          }
1799       }
1800    }
1801    return False;
1802 }
1803 
1804 
1805 /* VG_(describe_IP): print into buf info on code address, function
1806    name and filename. */
1807 
1808 /* Copy str into buf starting at n, but not going past buf[n_buf-1]
1809    and always ensuring that buf is zero-terminated. */
1810 
putStr(Int n,Int n_buf,Char * buf,Char * str)1811 static Int putStr ( Int n, Int n_buf, Char* buf, Char* str )
1812 {
1813    vg_assert(n_buf > 0);
1814    vg_assert(n >= 0 && n < n_buf);
1815    for (; n < n_buf-1 && *str != 0; n++,str++)
1816       buf[n] = *str;
1817    vg_assert(n >= 0 && n < n_buf);
1818    buf[n] = '\0';
1819    return n;
1820 }
1821 
1822 /* Same as putStr, but escaping chars for XML output, and
1823    also not adding more than count chars to n_buf. */
1824 
putStrEsc(Int n,Int n_buf,Int count,Char * buf,Char * str)1825 static Int putStrEsc ( Int n, Int n_buf, Int count, Char* buf, Char* str )
1826 {
1827    Char alt[2];
1828    vg_assert(n_buf > 0);
1829    vg_assert(count >= 0 && count < n_buf);
1830    vg_assert(n >= 0 && n < n_buf);
1831    for (; *str != 0; str++) {
1832       vg_assert(count >= 0);
1833       if (count <= 0)
1834          goto done;
1835       switch (*str) {
1836          case '&':
1837             if (count < 5) goto done;
1838             n = putStr( n, n_buf, buf, "&amp;");
1839             count -= 5;
1840             break;
1841          case '<':
1842             if (count < 4) goto done;
1843             n = putStr( n, n_buf, buf, "&lt;");
1844             count -= 4;
1845             break;
1846          case '>':
1847             if (count < 4) goto done;
1848             n = putStr( n, n_buf, buf, "&gt;");
1849             count -= 4;
1850             break;
1851          default:
1852             if (count < 1) goto done;
1853             alt[0] = *str;
1854             alt[1] = 0;
1855             n = putStr( n, n_buf, buf, alt );
1856             count -= 1;
1857             break;
1858       }
1859    }
1860   done:
1861    vg_assert(count >= 0); /* should not go -ve in loop */
1862    vg_assert(n >= 0 && n < n_buf);
1863    return n;
1864 }
1865 
VG_(describe_IP)1866 Char* VG_(describe_IP)(Addr eip, Char* buf, Int n_buf)
1867 {
1868 #  define APPEND(_str) \
1869       n = putStr(n, n_buf, buf, _str)
1870 #  define APPEND_ESC(_count,_str) \
1871       n = putStrEsc(n, n_buf, (_count), buf, (_str))
1872 #  define BUF_LEN    4096
1873 
1874    UInt  lineno;
1875    UChar ibuf[50];
1876    Int   n = 0;
1877 
1878    static UChar buf_fn[BUF_LEN];
1879    static UChar buf_obj[BUF_LEN];
1880    static UChar buf_srcloc[BUF_LEN];
1881    static UChar buf_dirname[BUF_LEN];
1882    buf_fn[0] = buf_obj[0] = buf_srcloc[0] = buf_dirname[0] = 0;
1883 
1884    Bool  know_dirinfo = False;
1885    Bool  know_fnname  = VG_(clo_sym_offsets)
1886                         ? VG_(get_fnname_w_offset) (eip, buf_fn, BUF_LEN)
1887                         : VG_(get_fnname) (eip, buf_fn, BUF_LEN);
1888    Bool  know_objname = VG_(get_objname)(eip, buf_obj, BUF_LEN);
1889    Bool  know_srcloc  = VG_(get_filename_linenum)(
1890                            eip,
1891                            buf_srcloc,  BUF_LEN,
1892                            buf_dirname, BUF_LEN, &know_dirinfo,
1893                            &lineno
1894                         );
1895    buf_fn     [ sizeof(buf_fn)-1      ]  = 0;
1896    buf_obj    [ sizeof(buf_obj)-1     ]  = 0;
1897    buf_srcloc [ sizeof(buf_srcloc)-1  ]  = 0;
1898    buf_dirname[ sizeof(buf_dirname)-1 ]  = 0;
1899 
1900    if (VG_(clo_xml)) {
1901 
1902       Bool   human_readable = True;
1903       HChar* maybe_newline  = human_readable ? "\n      " : "";
1904       HChar* maybe_newline2 = human_readable ? "\n    "   : "";
1905 
1906       /* Print in XML format, dumping in as much info as we know.
1907          Ensure all tags are balanced even if the individual strings
1908          are too long.  Allocate 1/10 of BUF_LEN to the object name,
1909          6/10s to the function name, 1/10 to the directory name and
1910          1/10 to the file name, leaving 1/10 for all the fixed-length
1911          stuff. */
1912       APPEND("<frame>");
1913       VG_(sprintf)(ibuf,"<ip>0x%llX</ip>", (ULong)eip);
1914       APPEND(maybe_newline);
1915       APPEND(ibuf);
1916       if (know_objname) {
1917          APPEND(maybe_newline);
1918          APPEND("<obj>");
1919          APPEND_ESC(1*BUF_LEN/10, buf_obj);
1920          APPEND("</obj>");
1921       }
1922       if (know_fnname) {
1923          APPEND(maybe_newline);
1924          APPEND("<fn>");
1925          APPEND_ESC(6*BUF_LEN/10, buf_fn);
1926          APPEND("</fn>");
1927       }
1928       if (know_srcloc) {
1929          if (know_dirinfo) {
1930             APPEND(maybe_newline);
1931             APPEND("<dir>");
1932             APPEND_ESC(1*BUF_LEN/10, buf_dirname);
1933             APPEND("</dir>");
1934          }
1935          APPEND(maybe_newline);
1936          APPEND("<file>");
1937          APPEND_ESC(1*BUF_LEN/10, buf_srcloc);
1938          APPEND("</file>");
1939          APPEND(maybe_newline);
1940          APPEND("<line>");
1941          VG_(sprintf)(ibuf,"%d",lineno);
1942          APPEND(ibuf);
1943          APPEND("</line>");
1944       }
1945       APPEND(maybe_newline2);
1946       APPEND("</frame>");
1947 
1948    } else {
1949 
1950       /* Print for humans to read */
1951       //
1952       // Possible forms:
1953       //
1954       //   0x80483BF: really (a.c:20)
1955       //   0x80483BF: really (in /foo/a.out)
1956       //   0x80483BF: really (in ???)
1957       //   0x80483BF: ??? (in /foo/a.out)
1958       //   0x80483BF: ??? (a.c:20)
1959       //   0x80483BF: ???
1960       //
1961       VG_(sprintf)(ibuf,"0x%llX: ", (ULong)eip);
1962       APPEND(ibuf);
1963       if (know_fnname) {
1964          APPEND(buf_fn);
1965       } else {
1966          APPEND("???");
1967       }
1968       if (know_srcloc) {
1969          APPEND(" (");
1970          // Get the directory name, if any, possibly pruned, into dirname.
1971          UChar* dirname = NULL;
1972          if (VG_(clo_n_fullpath_after) > 0) {
1973             Int i;
1974             dirname = buf_dirname;
1975             // Remove leading prefixes from the dirname.
1976             // If user supplied --fullpath-after=foo, this will remove
1977             // a leading string which matches '.*foo' (not greedy).
1978             for (i = 0; i < VG_(clo_n_fullpath_after); i++) {
1979                UChar* prefix = VG_(clo_fullpath_after)[i];
1980                UChar* str    = VG_(strstr)(dirname, prefix);
1981                if (str) {
1982                   dirname = str + VG_(strlen)(prefix);
1983                   break;
1984                }
1985             }
1986             /* remove leading "./" */
1987             if (dirname[0] == '.' && dirname[1] == '/')
1988                dirname += 2;
1989          }
1990          // do we have any interesting directory name to show?  If so
1991          // add it in.
1992          if (dirname && dirname[0] != 0) {
1993             APPEND(dirname);
1994             APPEND("/");
1995          }
1996          APPEND(buf_srcloc);
1997          APPEND(":");
1998          VG_(sprintf)(ibuf,"%d",lineno);
1999          APPEND(ibuf);
2000          APPEND(")");
2001       } else if (know_objname) {
2002          APPEND(" (in ");
2003          APPEND(buf_obj);
2004          APPEND(")");
2005       } else if (know_fnname) {
2006          // Nb: do this in two steps because "??)" is a trigraph!
2007          APPEND(" (in ???");
2008          APPEND(")");
2009       }
2010 
2011    }
2012    return buf;
2013 
2014 #  undef APPEND
2015 #  undef APPEND_ESC
2016 #  undef BUF_LEN
2017 }
2018 
2019 
2020 /*--------------------------------------------------------------*/
2021 /*---                                                        ---*/
2022 /*--- TOP LEVEL: FOR UNWINDING THE STACK USING               ---*/
2023 /*---            DWARF3 .eh_frame INFO                       ---*/
2024 /*---                                                        ---*/
2025 /*--------------------------------------------------------------*/
2026 
2027 /* Gather up all the constant pieces of info needed to evaluate
2028    a CfiExpr into one convenient struct. */
2029 typedef
2030    struct {
2031       D3UnwindRegs* uregs;
2032       Addr          min_accessible;
2033       Addr          max_accessible;
2034    }
2035    CfiExprEvalContext;
2036 
2037 /* Evaluate the CfiExpr rooted at ix in exprs given the context eec.
2038    *ok is set to False on failure, but not to True on success.  The
2039    caller must set it to True before calling. */
2040 __attribute__((noinline))
2041 static
evalCfiExpr(XArray * exprs,Int ix,CfiExprEvalContext * eec,Bool * ok)2042 UWord evalCfiExpr ( XArray* exprs, Int ix,
2043                     CfiExprEvalContext* eec, Bool* ok )
2044 {
2045    UWord wL, wR;
2046    Addr  a;
2047    CfiExpr* e;
2048    vg_assert(sizeof(Addr) == sizeof(UWord));
2049    e = VG_(indexXA)( exprs, ix );
2050    switch (e->tag) {
2051       case Cex_Binop:
2052          wL = evalCfiExpr( exprs, e->Cex.Binop.ixL, eec, ok );
2053          if (!(*ok)) return 0;
2054          wR = evalCfiExpr( exprs, e->Cex.Binop.ixR, eec, ok );
2055          if (!(*ok)) return 0;
2056          switch (e->Cex.Binop.op) {
2057             case Cop_Add: return wL + wR;
2058             case Cop_Sub: return wL - wR;
2059             case Cop_And: return wL & wR;
2060             case Cop_Mul: return wL * wR;
2061             case Cop_Shl: return wL << wR;
2062             case Cop_Shr: return wL >> wR;
2063             case Cop_Eq: return wL == wR ? 1 : 0;
2064             case Cop_Ge: return (Word) wL >= (Word) wR ? 1 : 0;
2065             case Cop_Gt: return (Word) wL > (Word) wR ? 1 : 0;
2066             case Cop_Le: return (Word) wL <= (Word) wR ? 1 : 0;
2067             case Cop_Lt: return (Word) wL < (Word) wR ? 1 : 0;
2068             case Cop_Ne: return wL != wR ? 1 : 0;
2069             default: goto unhandled;
2070          }
2071          /*NOTREACHED*/
2072       case Cex_CfiReg:
2073          switch (e->Cex.CfiReg.reg) {
2074 #           if defined(VGA_x86) || defined(VGA_amd64)
2075             case Creg_IA_IP: return eec->uregs->xip;
2076             case Creg_IA_SP: return eec->uregs->xsp;
2077             case Creg_IA_BP: return eec->uregs->xbp;
2078 #           elif defined(VGA_arm)
2079             case Creg_ARM_R15: return eec->uregs->r15;
2080             case Creg_ARM_R14: return eec->uregs->r14;
2081             case Creg_ARM_R13: return eec->uregs->r13;
2082             case Creg_ARM_R12: return eec->uregs->r12;
2083 #           elif defined(VGA_s390x)
2084             case Creg_IA_IP: return eec->uregs->ia;
2085             case Creg_IA_SP: return eec->uregs->sp;
2086             case Creg_IA_BP: return eec->uregs->fp;
2087             case Creg_S390_R14: return eec->uregs->lr;
2088 #           elif defined(VGA_mips32)
2089             case Creg_IA_IP: return eec->uregs->pc;
2090             case Creg_IA_SP: return eec->uregs->sp;
2091             case Creg_IA_BP: return eec->uregs->fp;
2092             case Creg_MIPS_RA: return eec->uregs->ra;
2093 #           elif defined(VGA_ppc32) || defined(VGA_ppc64)
2094 #           else
2095 #             error "Unsupported arch"
2096 #           endif
2097             default: goto unhandled;
2098          }
2099          /*NOTREACHED*/
2100       case Cex_Const:
2101          return e->Cex.Const.con;
2102       case Cex_Deref:
2103          a = evalCfiExpr( exprs, e->Cex.Deref.ixAddr, eec, ok );
2104          if (!(*ok)) return 0;
2105          if (a < eec->min_accessible
2106              || a > eec->max_accessible - sizeof(UWord) + 1) {
2107             *ok = False;
2108             return 0;
2109          }
2110          /* let's hope it doesn't trap! */
2111          return ML_(read_UWord)((void *)a);
2112       default:
2113          goto unhandled;
2114    }
2115    /*NOTREACHED*/
2116   unhandled:
2117    VG_(printf)("\n\nevalCfiExpr: unhandled\n");
2118    ML_(ppCfiExpr)( exprs, ix );
2119    VG_(printf)("\n");
2120    vg_assert(0);
2121    /*NOTREACHED*/
2122    return 0;
2123 }
2124 
2125 
2126 /* Search all the DebugInfos in the entire system, to find the DiCfSI
2127    that pertains to 'ip'.
2128 
2129    If found, set *diP to the DebugInfo in which it resides, and
2130    *ixP to the index in that DebugInfo's cfsi array.
2131 
2132    If not found, set *diP to (DebugInfo*)1 and *ixP to zero.
2133 */
2134 __attribute__((noinline))
find_DiCfSI(DebugInfo ** diP,Word * ixP,Addr ip)2135 static void find_DiCfSI ( /*OUT*/DebugInfo** diP,
2136                           /*OUT*/Word* ixP,
2137                           Addr ip )
2138 {
2139    DebugInfo* di;
2140    Word       i = -1;
2141 
2142    static UWord n_search = 0;
2143    static UWord n_steps = 0;
2144    n_search++;
2145 
2146    if (0) VG_(printf)("search for %#lx\n", ip);
2147 
2148    for (di = debugInfo_list; di != NULL; di = di->next) {
2149       Word j;
2150       n_steps++;
2151 
2152       /* Use the per-DebugInfo summary address ranges to skip
2153          inapplicable DebugInfos quickly. */
2154       if (di->cfsi_used == 0)
2155          continue;
2156       if (ip < di->cfsi_minavma || ip > di->cfsi_maxavma)
2157          continue;
2158 
2159       /* It might be in this DebugInfo.  Search it. */
2160       j = ML_(search_one_cfitab)( di, ip );
2161       vg_assert(j >= -1 && j < (Word)di->cfsi_used);
2162 
2163       if (j != -1) {
2164          i = j;
2165          break; /* found it */
2166       }
2167    }
2168 
2169    if (i == -1) {
2170 
2171       /* we didn't find it. */
2172       *diP = (DebugInfo*)1;
2173       *ixP = 0;
2174 
2175    } else {
2176 
2177       /* found it. */
2178       /* ensure that di is 4-aligned (at least), so it can't possibly
2179          be equal to (DebugInfo*)1. */
2180       vg_assert(di && VG_IS_4_ALIGNED(di));
2181       vg_assert(i >= 0 && i < di->cfsi_used);
2182       *diP = di;
2183       *ixP = i;
2184 
2185       /* Start of performance-enhancing hack: once every 64 (chosen
2186          hackily after profiling) successful searches, move the found
2187          DebugInfo one step closer to the start of the list.  This
2188          makes future searches cheaper.  For starting konqueror on
2189          amd64, this in fact reduces the total amount of searching
2190          done by the above find-the-right-DebugInfo loop by more than
2191          a factor of 20. */
2192       if ((n_search & 0xF) == 0) {
2193          /* Move di one step closer to the start of the list. */
2194          move_DebugInfo_one_step_forward( di );
2195       }
2196       /* End of performance-enhancing hack. */
2197 
2198       if (0 && ((n_search & 0x7FFFF) == 0))
2199          VG_(printf)("find_DiCfSI: %lu searches, "
2200                      "%lu DebugInfos looked at\n",
2201                      n_search, n_steps);
2202 
2203    }
2204 
2205 }
2206 
2207 
2208 /* Now follows a mechanism for caching queries to find_DiCfSI, since
2209    they are extremely frequent on amd64-linux, during stack unwinding.
2210 
2211    Each cache entry binds an ip value to a (di, ix) pair.  Possible
2212    values:
2213 
2214    di is non-null, ix >= 0  ==>  cache slot in use, "di->cfsi[ix]"
2215    di is (DebugInfo*)1      ==>  cache slot in use, no associated di
2216    di is NULL               ==>  cache slot not in use
2217 
2218    Hence simply zeroing out the entire cache invalidates all
2219    entries.
2220 
2221    Why not map ip values directly to DiCfSI*'s?  Because this would
2222    cause problems if/when the cfsi array is moved due to resizing.
2223    Instead we cache .cfsi array index value, which should be invariant
2224    across resizing.  (That said, I don't think the current
2225    implementation will resize whilst during queries, since the DiCfSI
2226    records are added all at once, when the debuginfo for an object is
2227    read, and is not changed ever thereafter. */
2228 
2229 #define N_CFSI_CACHE 511
2230 
2231 typedef
2232    struct { Addr ip; DebugInfo* di; Word ix; }
2233    CFSICacheEnt;
2234 
2235 static CFSICacheEnt cfsi_cache[N_CFSI_CACHE];
2236 
cfsi_cache__invalidate(void)2237 static void cfsi_cache__invalidate ( void ) {
2238    VG_(memset)(&cfsi_cache, 0, sizeof(cfsi_cache));
2239 }
2240 
2241 
cfsi_cache__find(Addr ip)2242 static inline CFSICacheEnt* cfsi_cache__find ( Addr ip )
2243 {
2244    UWord         hash = ip % N_CFSI_CACHE;
2245    CFSICacheEnt* ce = &cfsi_cache[hash];
2246    static UWord  n_q = 0, n_m = 0;
2247 
2248    n_q++;
2249    if (0 && 0 == (n_q & 0x1FFFFF))
2250       VG_(printf)("QQQ %lu %lu\n", n_q, n_m);
2251 
2252    if (LIKELY(ce->ip == ip) && LIKELY(ce->di != NULL)) {
2253       /* found an entry in the cache .. */
2254    } else {
2255       /* not found in cache.  Search and update. */
2256       n_m++;
2257       ce->ip = ip;
2258       find_DiCfSI( &ce->di, &ce->ix, ip );
2259    }
2260 
2261    if (UNLIKELY(ce->di == (DebugInfo*)1)) {
2262       /* no DiCfSI for this address */
2263       return NULL;
2264    } else {
2265       /* found a DiCfSI for this address */
2266       return ce;
2267    }
2268 }
2269 
2270 
2271 inline
compute_cfa(D3UnwindRegs * uregs,Addr min_accessible,Addr max_accessible,DebugInfo * di,DiCfSI * cfsi)2272 static Addr compute_cfa ( D3UnwindRegs* uregs,
2273                           Addr min_accessible, Addr max_accessible,
2274                           DebugInfo* di, DiCfSI* cfsi )
2275 {
2276    CfiExprEvalContext eec;
2277    Addr               cfa;
2278    Bool               ok;
2279 
2280    /* Compute the CFA. */
2281    cfa = 0;
2282    switch (cfsi->cfa_how) {
2283 #     if defined(VGA_x86) || defined(VGA_amd64)
2284       case CFIC_IA_SPREL:
2285          cfa = cfsi->cfa_off + uregs->xsp;
2286          break;
2287       case CFIC_IA_BPREL:
2288          cfa = cfsi->cfa_off + uregs->xbp;
2289          break;
2290 #     elif defined(VGA_arm)
2291       case CFIC_ARM_R13REL:
2292          cfa = cfsi->cfa_off + uregs->r13;
2293          break;
2294       case CFIC_ARM_R12REL:
2295          cfa = cfsi->cfa_off + uregs->r12;
2296          break;
2297       case CFIC_ARM_R11REL:
2298          cfa = cfsi->cfa_off + uregs->r11;
2299          break;
2300       case CFIC_ARM_R7REL:
2301          cfa = cfsi->cfa_off + uregs->r7;
2302          break;
2303 #     elif defined(VGA_s390x)
2304       case CFIC_IA_SPREL:
2305          cfa = cfsi->cfa_off + uregs->sp;
2306          break;
2307       case CFIR_MEMCFAREL:
2308       {
2309          Addr a = uregs->sp + cfsi->cfa_off;
2310          if (a < min_accessible || a > max_accessible-sizeof(Addr))
2311             break;
2312          cfa = ML_(read_Addr)((void *)a);
2313          break;
2314       }
2315       case CFIR_SAME:
2316          cfa = uregs->fp;
2317          break;
2318       case CFIC_IA_BPREL:
2319          cfa = cfsi->cfa_off + uregs->fp;
2320          break;
2321 #     elif defined(VGA_mips32)
2322       case CFIC_IA_SPREL:
2323          cfa = cfsi->cfa_off + uregs->sp;
2324          break;
2325       case CFIR_SAME:
2326          cfa = uregs->fp;
2327          break;
2328       case CFIC_IA_BPREL:
2329          cfa = cfsi->cfa_off + uregs->fp;
2330          break;
2331 #     elif defined(VGA_ppc32) || defined(VGA_ppc64)
2332 #     else
2333 #       error "Unsupported arch"
2334 #     endif
2335       case CFIC_EXPR: /* available on all archs */
2336          if (0) {
2337             VG_(printf)("CFIC_EXPR: ");
2338             ML_(ppCfiExpr)(di->cfsi_exprs, cfsi->cfa_off);
2339             VG_(printf)("\n");
2340          }
2341          eec.uregs          = uregs;
2342          eec.min_accessible = min_accessible;
2343          eec.max_accessible = max_accessible;
2344          ok = True;
2345          cfa = evalCfiExpr(di->cfsi_exprs, cfsi->cfa_off, &eec, &ok );
2346          if (!ok) return 0;
2347          break;
2348       default:
2349          vg_assert(0);
2350    }
2351    return cfa;
2352 }
2353 
2354 
2355 /* Get the call frame address (CFA) given an IP/SP/FP triple. */
2356 /* NOTE: This function may rearrange the order of entries in the
2357    DebugInfo list. */
ML_(get_CFA)2358 Addr ML_(get_CFA) ( Addr ip, Addr sp, Addr fp,
2359                     Addr min_accessible, Addr max_accessible )
2360 {
2361    CFSICacheEnt* ce;
2362    DebugInfo*    di;
2363    DiCfSI*       cfsi __attribute__((unused));
2364 
2365    ce = cfsi_cache__find(ip);
2366 
2367    if (UNLIKELY(ce == NULL))
2368       return 0; /* no info.  Nothing we can do. */
2369 
2370    di = ce->di;
2371    cfsi = &di->cfsi[ ce->ix ];
2372 
2373    /* Temporary impedance-matching kludge so that this keeps working
2374       on x86-linux and amd64-linux. */
2375 #  if defined(VGA_x86) || defined(VGA_amd64)
2376    { D3UnwindRegs uregs;
2377      uregs.xip = ip;
2378      uregs.xsp = sp;
2379      uregs.xbp = fp;
2380      return compute_cfa(&uregs,
2381                         min_accessible,  max_accessible, di, cfsi);
2382    }
2383 #elif defined(VGA_s390x)
2384    { D3UnwindRegs uregs;
2385      uregs.ia = ip;
2386      uregs.sp = sp;
2387      uregs.fp = fp;
2388      return compute_cfa(&uregs,
2389                         min_accessible,  max_accessible, di, cfsi);
2390    }
2391 
2392 #  else
2393    return 0; /* indicates failure */
2394 #  endif
2395 }
2396 
2397 
2398 /* The main function for DWARF2/3 CFI-based stack unwinding.  Given a
2399    set of registers in UREGS, modify it to hold the register values
2400    for the previous frame, if possible.  Returns True if successful.
2401    If not successful, *UREGS is not changed.
2402 
2403    For x86 and amd64, the unwound registers are: {E,R}IP,
2404    {E,R}SP, {E,R}BP.
2405 
2406    For arm, the unwound registers are: R7 R11 R12 R13 R14 R15.
2407 */
VG_(use_CF_info)2408 Bool VG_(use_CF_info) ( /*MOD*/D3UnwindRegs* uregsHere,
2409                         Addr min_accessible,
2410                         Addr max_accessible )
2411 {
2412    DebugInfo*         di;
2413    DiCfSI*            cfsi = NULL;
2414    Addr               cfa, ipHere = 0;
2415    CFSICacheEnt*      ce;
2416    CfiExprEvalContext eec __attribute__((unused));
2417    D3UnwindRegs       uregsPrev;
2418 
2419 #  if defined(VGA_x86) || defined(VGA_amd64)
2420    ipHere = uregsHere->xip;
2421 #  elif defined(VGA_arm)
2422    ipHere = uregsHere->r15;
2423 #  elif defined(VGA_s390x)
2424    ipHere = uregsHere->ia;
2425 #  elif defined(VGA_mips32)
2426    ipHere = uregsHere->pc;
2427 #  elif defined(VGA_ppc32) || defined(VGA_ppc64)
2428 #  else
2429 #    error "Unknown arch"
2430 #  endif
2431    ce = cfsi_cache__find(ipHere);
2432 
2433    if (UNLIKELY(ce == NULL))
2434       return False; /* no info.  Nothing we can do. */
2435 
2436    di = ce->di;
2437    cfsi = &di->cfsi[ ce->ix ];
2438 
2439    if (0) {
2440       VG_(printf)("found cfisi: ");
2441       ML_(ppDiCfSI)(di->cfsi_exprs, cfsi);
2442    }
2443 
2444    VG_(bzero_inline)(&uregsPrev, sizeof(uregsPrev));
2445 
2446    /* First compute the CFA. */
2447    cfa = compute_cfa(uregsHere,
2448                      min_accessible, max_accessible, di, cfsi);
2449    if (UNLIKELY(cfa == 0))
2450       return False;
2451 
2452    /* Now we know the CFA, use it to roll back the registers we're
2453       interested in. */
2454 
2455 #  define COMPUTE(_prev, _here, _how, _off)             \
2456       do {                                              \
2457          switch (_how) {                                \
2458             case CFIR_UNKNOWN:                          \
2459                return False;                            \
2460             case CFIR_SAME:                             \
2461                _prev = _here; break;                    \
2462             case CFIR_MEMCFAREL: {                      \
2463                Addr a = cfa + (Word)_off;               \
2464                if (a < min_accessible                   \
2465                    || a > max_accessible-sizeof(Addr))  \
2466                   return False;                         \
2467                _prev = ML_(read_Addr)((void *)a);       \
2468                break;                                   \
2469             }                                           \
2470             case CFIR_CFAREL:                           \
2471                _prev = cfa + (Word)_off;                \
2472                break;                                   \
2473             case CFIR_EXPR:                             \
2474                if (0)                                   \
2475                   ML_(ppCfiExpr)(di->cfsi_exprs,_off);  \
2476                eec.uregs = uregsHere;                   \
2477                eec.min_accessible = min_accessible;     \
2478                eec.max_accessible = max_accessible;     \
2479                Bool ok = True;                          \
2480                _prev = evalCfiExpr(di->cfsi_exprs, _off, &eec, &ok ); \
2481                if (!ok) return False;                   \
2482                break;                                   \
2483             default:                                    \
2484                vg_assert(0);                            \
2485          }                                              \
2486       } while (0)
2487 
2488 #  if defined(VGA_x86) || defined(VGA_amd64)
2489    COMPUTE(uregsPrev.xip, uregsHere->xip, cfsi->ra_how, cfsi->ra_off);
2490    COMPUTE(uregsPrev.xsp, uregsHere->xsp, cfsi->sp_how, cfsi->sp_off);
2491    COMPUTE(uregsPrev.xbp, uregsHere->xbp, cfsi->bp_how, cfsi->bp_off);
2492 #  elif defined(VGA_arm)
2493    COMPUTE(uregsPrev.r15, uregsHere->r15, cfsi->ra_how,  cfsi->ra_off);
2494    COMPUTE(uregsPrev.r14, uregsHere->r14, cfsi->r14_how, cfsi->r14_off);
2495    COMPUTE(uregsPrev.r13, uregsHere->r13, cfsi->r13_how, cfsi->r13_off);
2496    COMPUTE(uregsPrev.r12, uregsHere->r12, cfsi->r12_how, cfsi->r12_off);
2497    COMPUTE(uregsPrev.r11, uregsHere->r11, cfsi->r11_how, cfsi->r11_off);
2498    COMPUTE(uregsPrev.r7,  uregsHere->r7,  cfsi->r7_how,  cfsi->r7_off);
2499 #  elif defined(VGA_s390x)
2500    COMPUTE(uregsPrev.ia, uregsHere->ia, cfsi->ra_how, cfsi->ra_off);
2501    COMPUTE(uregsPrev.sp, uregsHere->sp, cfsi->sp_how, cfsi->sp_off);
2502    COMPUTE(uregsPrev.fp, uregsHere->fp, cfsi->fp_how, cfsi->fp_off);
2503 #  elif defined(VGA_mips32)
2504    COMPUTE(uregsPrev.pc, uregsHere->pc, cfsi->ra_how, cfsi->ra_off);
2505    COMPUTE(uregsPrev.sp, uregsHere->sp, cfsi->sp_how, cfsi->sp_off);
2506    COMPUTE(uregsPrev.fp, uregsHere->fp, cfsi->fp_how, cfsi->fp_off);
2507 #  elif defined(VGA_ppc32) || defined(VGA_ppc64)
2508 #  else
2509 #    error "Unknown arch"
2510 #  endif
2511 
2512 #  undef COMPUTE
2513 
2514    *uregsHere = uregsPrev;
2515    return True;
2516 }
2517 
2518 
2519 /*--------------------------------------------------------------*/
2520 /*---                                                        ---*/
2521 /*--- TOP LEVEL: FOR UNWINDING THE STACK USING               ---*/
2522 /*---            MSVC FPO INFO                               ---*/
2523 /*---                                                        ---*/
2524 /*--------------------------------------------------------------*/
2525 
VG_(use_FPO_info)2526 Bool VG_(use_FPO_info) ( /*MOD*/Addr* ipP,
2527                          /*MOD*/Addr* spP,
2528                          /*MOD*/Addr* fpP,
2529                          Addr min_accessible,
2530                          Addr max_accessible )
2531 {
2532    Word       i;
2533    DebugInfo* di;
2534    FPO_DATA*  fpo = NULL;
2535    Addr       spHere;
2536 
2537    static UWord n_search = 0;
2538    static UWord n_steps = 0;
2539    n_search++;
2540 
2541    if (0) VG_(printf)("search FPO for %#lx\n", *ipP);
2542 
2543    for (di = debugInfo_list; di != NULL; di = di->next) {
2544       n_steps++;
2545 
2546       /* Use the per-DebugInfo summary address ranges to skip
2547          inapplicable DebugInfos quickly. */
2548       if (di->fpo == NULL)
2549          continue;
2550       if (*ipP < di->fpo_minavma || *ipP > di->fpo_maxavma)
2551          continue;
2552 
2553       i = ML_(search_one_fpotab)( di, *ipP );
2554       if (i != -1) {
2555          Word j;
2556          if (0) {
2557             /* debug printing only */
2558             VG_(printf)("look for %#lx  size %ld i %ld\n",
2559                         *ipP, di->fpo_size, i);
2560             for (j = 0; j < di->fpo_size; j++)
2561                VG_(printf)("[%02ld] %#x %d\n",
2562                             j, di->fpo[j].ulOffStart, di->fpo[j].cbProcSize);
2563          }
2564          vg_assert(i >= 0 && i < di->fpo_size);
2565          fpo = &di->fpo[i];
2566          break;
2567       }
2568    }
2569 
2570    if (fpo == NULL)
2571       return False;
2572 
2573    if (0 && ((n_search & 0x7FFFF) == 0))
2574       VG_(printf)("VG_(use_FPO_info): %lu searches, "
2575                   "%lu DebugInfos looked at\n",
2576                   n_search, n_steps);
2577 
2578 
2579    /* Start of performance-enhancing hack: once every 64 (chosen
2580       hackily after profiling) successful searches, move the found
2581       DebugInfo one step closer to the start of the list.  This makes
2582       future searches cheaper.  For starting konqueror on amd64, this
2583       in fact reduces the total amount of searching done by the above
2584       find-the-right-DebugInfo loop by more than a factor of 20. */
2585    if ((n_search & 0x3F) == 0) {
2586       /* Move si one step closer to the start of the list. */
2587       //move_DebugInfo_one_step_forward( di );
2588    }
2589    /* End of performance-enhancing hack. */
2590 
2591    if (0) {
2592       VG_(printf)("found fpo: ");
2593       //ML_(ppFPO)(fpo);
2594    }
2595 
2596    /*
2597    Stack layout is:
2598    %esp->
2599       4*.cbRegs  {%edi, %esi, %ebp, %ebx}
2600       4*.cdwLocals
2601       return_pc
2602       4*.cdwParams
2603    prior_%esp->
2604 
2605    Typical code looks like:
2606       sub $4*.cdwLocals,%esp
2607          Alternative to above for >=4KB (and sometimes for smaller):
2608             mov $size,%eax
2609             call __chkstk  # WinNT performs page-by-page probe!
2610                __chkstk is much like alloc(), except that on return
2611                %eax= 5+ &CALL.  Thus it could be used as part of
2612                Position Independent Code to locate the Global Offset Table.
2613       push %ebx
2614       push %ebp
2615       push %esi
2616          Other once-only instructions often scheduled >here<.
2617       push %edi
2618 
2619    If the pc is within the first .cbProlog bytes of the function,
2620    then you must disassemble to see how many registers have been pushed,
2621    because instructions in the prolog may be scheduled for performance.
2622    The order of PUSH is always %ebx, %ebp, %esi, %edi, with trailing
2623    registers not pushed when .cbRegs < 4.  This seems somewhat strange
2624    because %ebp is the register whose usage you want to minimize,
2625    yet it is in the first half of the PUSH list.
2626 
2627    I don't know what happens when the compiler constructs an outgoing CALL.
2628    %esp could move if outgoing parameters are PUSHed, and this affects
2629    traceback for errors during the PUSHes. */
2630 
2631    spHere = *spP;
2632 
2633    *ipP = ML_(read_Addr)((void *)(spHere + 4*(fpo->cbRegs + fpo->cdwLocals)));
2634    *spP =                         spHere + 4*(fpo->cbRegs + fpo->cdwLocals + 1
2635                                                           + fpo->cdwParams);
2636    *fpP = ML_(read_Addr)((void *)(spHere + 4*2));
2637    return True;
2638 }
2639 
2640 
2641 /*--------------------------------------------------------------*/
2642 /*---                                                        ---*/
2643 /*--- TOP LEVEL: GENERATE DESCRIPTION OF DATA ADDRESSES      ---*/
2644 /*---            FROM DWARF3 DEBUG INFO                      ---*/
2645 /*---                                                        ---*/
2646 /*--------------------------------------------------------------*/
2647 
2648 /* Try to make p2XA(dst, fmt, args..) turn into
2649    VG_(xaprintf)(dst, fmt, args) without having to resort to
2650    vararg macros.  As usual with everything to do with varargs, it's
2651    an ugly hack.
2652 
2653    //#define p2XA(dstxa, format, args...)
2654    //   VG_(xaprintf)(dstxa, format, ##args)
2655 */
2656 #define  p2XA  VG_(xaprintf)
2657 
2658 /* Add a zero-terminating byte to DST, which must be an XArray* of
2659    HChar. */
zterm_XA(XArray * dst)2660 static void zterm_XA ( XArray* dst )
2661 {
2662    HChar zero = 0;
2663    (void) VG_(addBytesToXA)( dst, &zero, 1 );
2664 }
2665 
2666 
2667 /* Evaluate the location expression/list for var, to see whether or
2668    not data_addr falls within the variable.  If so also return the
2669    offset of data_addr from the start of the variable.  Note that
2670    regs, which supplies ip,sp,fp values, will be NULL for global
2671    variables, and non-NULL for local variables. */
data_address_is_in_var(PtrdiffT * offset,XArray * tyents,DiVariable * var,RegSummary * regs,Addr data_addr,const DebugInfo * di)2672 static Bool data_address_is_in_var ( /*OUT*/PtrdiffT* offset,
2673                                      XArray* /* TyEnt */ tyents,
2674                                      DiVariable*   var,
2675                                      RegSummary*   regs,
2676                                      Addr          data_addr,
2677                                      const DebugInfo* di )
2678 {
2679    MaybeULong mul;
2680    SizeT      var_szB;
2681    GXResult   res;
2682    Bool       show = False;
2683 
2684    vg_assert(var->name);
2685    vg_assert(var->gexpr);
2686 
2687    /* Figure out how big the variable is. */
2688    mul = ML_(sizeOfType)(tyents, var->typeR);
2689    /* If this var has a type whose size is unknown, zero, or
2690       impossibly large, it should never have been added.  ML_(addVar)
2691       should have rejected it. */
2692    vg_assert(mul.b == True);
2693    vg_assert(mul.ul > 0);
2694    if (sizeof(void*) == 4) vg_assert(mul.ul < (1ULL << 32));
2695    /* After this point, we assume we can truncate mul.ul to a host word
2696       safely (without loss of info). */
2697 
2698    var_szB = (SizeT)mul.ul; /* NB: truncate to host word */
2699 
2700    if (show) {
2701       VG_(printf)("VVVV: data_address_%#lx_is_in_var: %s :: ",
2702                   data_addr, var->name );
2703       ML_(pp_TyEnt_C_ishly)( tyents, var->typeR );
2704       VG_(printf)("\n");
2705    }
2706 
2707    /* ignore zero-sized vars; they can never match anything. */
2708    if (var_szB == 0) {
2709       if (show)
2710          VG_(printf)("VVVV: -> Fail (variable is zero sized)\n");
2711       return False;
2712    }
2713 
2714    res = ML_(evaluate_GX)( var->gexpr, var->fbGX, regs, di );
2715 
2716    if (show) {
2717       VG_(printf)("VVVV: -> ");
2718       ML_(pp_GXResult)( res );
2719       VG_(printf)("\n");
2720    }
2721 
2722    if (res.kind == GXR_Addr
2723        && res.word <= data_addr
2724        && data_addr < res.word + var_szB) {
2725       *offset = data_addr - res.word;
2726       return True;
2727    } else {
2728       return False;
2729    }
2730 }
2731 
2732 
2733 /* Format the acquired information into DN(AME)1 and DN(AME)2, which
2734    are XArray*s of HChar, that have been initialised by the caller.
2735    Resulting strings will be zero terminated.  Information is
2736    formatted in an understandable way.  Not so easy.  If frameNo is
2737    -1, this is assumed to be a global variable; else a local
2738    variable. */
format_message(XArray * dn1,XArray * dn2,Addr data_addr,DiVariable * var,PtrdiffT var_offset,PtrdiffT residual_offset,XArray * described,Int frameNo,ThreadId tid)2739 static void format_message ( /*MOD*/XArray* /* of HChar */ dn1,
2740                              /*MOD*/XArray* /* of HChar */ dn2,
2741                              Addr     data_addr,
2742                              DiVariable* var,
2743                              PtrdiffT var_offset,
2744                              PtrdiffT residual_offset,
2745                              XArray* /*UChar*/ described,
2746                              Int      frameNo,
2747                              ThreadId tid )
2748 {
2749    Bool   have_descr, have_srcloc;
2750    Bool   xml       = VG_(clo_xml);
2751    UChar* vo_plural = var_offset == 1 ? "" : "s";
2752    UChar* ro_plural = residual_offset == 1 ? "" : "s";
2753    UChar* basetag   = "auxwhat"; /* a constant */
2754    UChar tagL[32], tagR[32], xagL[32], xagR[32];
2755 
2756    if (frameNo < -1) {
2757       vg_assert(0); /* Not allowed */
2758    }
2759    else if (frameNo == -1) {
2760       vg_assert(tid == VG_INVALID_THREADID);
2761    }
2762    else /* (frameNo >= 0) */ {
2763       vg_assert(tid != VG_INVALID_THREADID);
2764    }
2765 
2766    vg_assert(dn1 && dn2);
2767    vg_assert(described);
2768    vg_assert(var && var->name);
2769    have_descr = VG_(sizeXA)(described) > 0
2770                 && *(UChar*)VG_(indexXA)(described,0) != '\0';
2771    have_srcloc = var->fileName && var->lineNo > 0;
2772 
2773    tagL[0] = tagR[0] = xagL[0] = xagR[0] = 0;
2774    if (xml) {
2775       VG_(sprintf)(tagL, "<%s>",   basetag); // <auxwhat>
2776       VG_(sprintf)(tagR, "</%s>",  basetag); // </auxwhat>
2777       VG_(sprintf)(xagL, "<x%s>",  basetag); // <xauxwhat>
2778       VG_(sprintf)(xagR, "</x%s>", basetag); // </xauxwhat>
2779    }
2780 
2781 #  define TAGL(_xa) p2XA(_xa, "%s", tagL)
2782 #  define TAGR(_xa) p2XA(_xa, "%s", tagR)
2783 #  define XAGL(_xa) p2XA(_xa, "%s", xagL)
2784 #  define XAGR(_xa) p2XA(_xa, "%s", xagR)
2785 #  define TXTL(_xa) p2XA(_xa, "%s", "<text>")
2786 #  define TXTR(_xa) p2XA(_xa, "%s", "</text>")
2787 
2788    /* ------ local cases ------ */
2789 
2790    if ( frameNo >= 0 && (!have_srcloc) && (!have_descr) ) {
2791       /* no srcloc, no description:
2792          Location 0x7fefff6cf is 543 bytes inside local var "a",
2793          in frame #1 of thread 1
2794       */
2795       if (xml) {
2796          TAGL( dn1 );
2797          p2XA( dn1,
2798                "Location 0x%lx is %lu byte%s inside local var \"%pS\",",
2799                data_addr, var_offset, vo_plural, var->name );
2800          TAGR( dn1 );
2801          TAGL( dn2 );
2802          p2XA( dn2,
2803                "in frame #%d of thread %d", frameNo, (Int)tid );
2804          TAGR( dn2 );
2805       } else {
2806          p2XA( dn1,
2807                "Location 0x%lx is %lu byte%s inside local var \"%s\",",
2808                data_addr, var_offset, vo_plural, var->name );
2809          p2XA( dn2,
2810                "in frame #%d of thread %d", frameNo, (Int)tid );
2811       }
2812    }
2813    else
2814    if ( frameNo >= 0 && have_srcloc && (!have_descr) ) {
2815       /* no description:
2816          Location 0x7fefff6cf is 543 bytes inside local var "a"
2817          declared at dsyms7.c:17, in frame #1 of thread 1
2818       */
2819       if (xml) {
2820          TAGL( dn1 );
2821          p2XA( dn1,
2822                "Location 0x%lx is %lu byte%s inside local var \"%pS\"",
2823                data_addr, var_offset, vo_plural, var->name );
2824          TAGR( dn1 );
2825          XAGL( dn2 );
2826          TXTL( dn2 );
2827          p2XA( dn2,
2828                "declared at %pS:%d, in frame #%d of thread %d",
2829                var->fileName, var->lineNo, frameNo, (Int)tid );
2830          TXTR( dn2 );
2831          // FIXME: also do <dir>
2832          p2XA( dn2,
2833                " <file>%pS</file> <line>%d</line> ",
2834                var->fileName, var->lineNo );
2835          XAGR( dn2 );
2836       } else {
2837          p2XA( dn1,
2838                "Location 0x%lx is %lu byte%s inside local var \"%s\"",
2839                data_addr, var_offset, vo_plural, var->name );
2840          p2XA( dn2,
2841                "declared at %s:%d, in frame #%d of thread %d",
2842                var->fileName, var->lineNo, frameNo, (Int)tid );
2843       }
2844    }
2845    else
2846    if ( frameNo >= 0 && (!have_srcloc) && have_descr ) {
2847       /* no srcloc:
2848          Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2
2849          in frame #1 of thread 1
2850       */
2851       if (xml) {
2852          TAGL( dn1 );
2853          p2XA( dn1,
2854                "Location 0x%lx is %lu byte%s inside %pS%pS",
2855                data_addr, residual_offset, ro_plural, var->name,
2856                (HChar*)(VG_(indexXA)(described,0)) );
2857          TAGR( dn1 );
2858          TAGL( dn2 );
2859          p2XA( dn2,
2860                "in frame #%d of thread %d", frameNo, (Int)tid );
2861          TAGR( dn2 );
2862       } else {
2863          p2XA( dn1,
2864                "Location 0x%lx is %lu byte%s inside %s%s",
2865                data_addr, residual_offset, ro_plural, var->name,
2866                (HChar*)(VG_(indexXA)(described,0)) );
2867          p2XA( dn2,
2868                "in frame #%d of thread %d", frameNo, (Int)tid );
2869       }
2870    }
2871    else
2872    if ( frameNo >= 0 && have_srcloc && have_descr ) {
2873       /* Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2,
2874          declared at dsyms7.c:17, in frame #1 of thread 1 */
2875       if (xml) {
2876          TAGL( dn1 );
2877          p2XA( dn1,
2878                "Location 0x%lx is %lu byte%s inside %pS%pS,",
2879                data_addr, residual_offset, ro_plural, var->name,
2880                (HChar*)(VG_(indexXA)(described,0)) );
2881          TAGR( dn1 );
2882          XAGL( dn2 );
2883          TXTL( dn2 );
2884          p2XA( dn2,
2885                "declared at %pS:%d, in frame #%d of thread %d",
2886                var->fileName, var->lineNo, frameNo, (Int)tid );
2887          TXTR( dn2 );
2888          // FIXME: also do <dir>
2889          p2XA( dn2,
2890                " <file>%pS</file> <line>%d</line> ",
2891                var->fileName, var->lineNo );
2892          XAGR( dn2 );
2893       } else {
2894          p2XA( dn1,
2895                "Location 0x%lx is %lu byte%s inside %s%s,",
2896                data_addr, residual_offset, ro_plural, var->name,
2897                (HChar*)(VG_(indexXA)(described,0)) );
2898          p2XA( dn2,
2899                "declared at %s:%d, in frame #%d of thread %d",
2900                var->fileName, var->lineNo, frameNo, (Int)tid );
2901       }
2902    }
2903    else
2904    /* ------ global cases ------ */
2905    if ( frameNo >= -1 && (!have_srcloc) && (!have_descr) ) {
2906       /* no srcloc, no description:
2907          Location 0x7fefff6cf is 543 bytes inside global var "a"
2908       */
2909       if (xml) {
2910          TAGL( dn1 );
2911          p2XA( dn1,
2912                "Location 0x%lx is %lu byte%s inside global var \"%pS\"",
2913                data_addr, var_offset, vo_plural, var->name );
2914          TAGR( dn1 );
2915       } else {
2916          p2XA( dn1,
2917                "Location 0x%lx is %lu byte%s inside global var \"%s\"",
2918                data_addr, var_offset, vo_plural, var->name );
2919       }
2920    }
2921    else
2922    if ( frameNo >= -1 && have_srcloc && (!have_descr) ) {
2923       /* no description:
2924          Location 0x7fefff6cf is 543 bytes inside global var "a"
2925          declared at dsyms7.c:17
2926       */
2927       if (xml) {
2928          TAGL( dn1 );
2929          p2XA( dn1,
2930                "Location 0x%lx is %lu byte%s inside global var \"%pS\"",
2931                data_addr, var_offset, vo_plural, var->name );
2932          TAGR( dn1 );
2933          XAGL( dn2 );
2934          TXTL( dn2 );
2935          p2XA( dn2,
2936                "declared at %pS:%d",
2937                var->fileName, var->lineNo);
2938          TXTR( dn2 );
2939          // FIXME: also do <dir>
2940          p2XA( dn2,
2941                " <file>%pS</file> <line>%d</line> ",
2942                var->fileName, var->lineNo );
2943          XAGR( dn2 );
2944       } else {
2945          p2XA( dn1,
2946                "Location 0x%lx is %lu byte%s inside global var \"%s\"",
2947                data_addr, var_offset, vo_plural, var->name );
2948          p2XA( dn2,
2949                "declared at %s:%d",
2950                var->fileName, var->lineNo);
2951       }
2952    }
2953    else
2954    if ( frameNo >= -1 && (!have_srcloc) && have_descr ) {
2955       /* no srcloc:
2956          Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2,
2957          a global variable
2958       */
2959       if (xml) {
2960          TAGL( dn1 );
2961          p2XA( dn1,
2962                "Location 0x%lx is %lu byte%s inside %pS%pS,",
2963                data_addr, residual_offset, ro_plural, var->name,
2964                (HChar*)(VG_(indexXA)(described,0)) );
2965          TAGR( dn1 );
2966          TAGL( dn2 );
2967          p2XA( dn2,
2968                "a global variable");
2969          TAGR( dn2 );
2970       } else {
2971          p2XA( dn1,
2972                "Location 0x%lx is %lu byte%s inside %s%s,",
2973                data_addr, residual_offset, ro_plural, var->name,
2974                (char*)(VG_(indexXA)(described,0)) );
2975          p2XA( dn2,
2976                "a global variable");
2977       }
2978    }
2979    else
2980    if ( frameNo >= -1 && have_srcloc && have_descr ) {
2981       /* Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2,
2982          a global variable declared at dsyms7.c:17 */
2983       if (xml) {
2984          TAGL( dn1 );
2985          p2XA( dn1,
2986                "Location 0x%lx is %lu byte%s inside %pS%pS,",
2987                data_addr, residual_offset, ro_plural, var->name,
2988                (HChar*)(VG_(indexXA)(described,0)) );
2989          TAGR( dn1 );
2990          XAGL( dn2 );
2991          TXTL( dn2 );
2992          p2XA( dn2,
2993                "a global variable declared at %pS:%d",
2994                var->fileName, var->lineNo);
2995          TXTR( dn2 );
2996          // FIXME: also do <dir>
2997          p2XA( dn2,
2998                " <file>%pS</file> <line>%d</line> ",
2999                var->fileName, var->lineNo );
3000          XAGR( dn2 );
3001       } else {
3002          p2XA( dn1,
3003                "Location 0x%lx is %lu byte%s inside %s%s,",
3004                data_addr, residual_offset, ro_plural, var->name,
3005                (HChar*)(VG_(indexXA)(described,0)) );
3006          p2XA( dn2,
3007                "a global variable declared at %s:%d",
3008                var->fileName, var->lineNo);
3009       }
3010    }
3011    else
3012       vg_assert(0);
3013 
3014    /* Zero terminate both strings */
3015    zterm_XA( dn1 );
3016    zterm_XA( dn2 );
3017 
3018 #  undef TAGL
3019 #  undef TAGR
3020 #  undef XAGL
3021 #  undef XAGR
3022 #  undef TXTL
3023 #  undef TXTR
3024 }
3025 
3026 
3027 /* Determine if data_addr is a local variable in the frame
3028    characterised by (ip,sp,fp), and if so write its description at the
3029    ends of DNAME{1,2}, which are XArray*s of HChar, that have been
3030    initialised by the caller, zero terminate both, and return True.
3031    If it's not a local variable in said frame, return False. */
3032 static
consider_vars_in_frame(XArray * dname1,XArray * dname2,Addr data_addr,Addr ip,Addr sp,Addr fp,ThreadId tid,Int frameNo)3033 Bool consider_vars_in_frame ( /*MOD*/XArray* /* of HChar */ dname1,
3034                               /*MOD*/XArray* /* of HChar */ dname2,
3035                               Addr data_addr,
3036                               Addr ip, Addr sp, Addr fp,
3037                               /* shown to user: */
3038                               ThreadId tid, Int frameNo )
3039 {
3040    Word       i;
3041    DebugInfo* di;
3042    RegSummary regs;
3043    Bool debug = False;
3044 
3045    static UInt n_search = 0;
3046    static UInt n_steps = 0;
3047    n_search++;
3048    if (debug)
3049       VG_(printf)("QQQQ: cvif: ip,sp,fp %#lx,%#lx,%#lx\n", ip,sp,fp);
3050    /* first, find the DebugInfo that pertains to 'ip'. */
3051    for (di = debugInfo_list; di; di = di->next) {
3052       n_steps++;
3053       /* text segment missing? unlikely, but handle it .. */
3054       if (!di->text_present || di->text_size == 0)
3055          continue;
3056       /* Ok.  So does this text mapping bracket the ip? */
3057       if (di->text_avma <= ip && ip < di->text_avma + di->text_size)
3058          break;
3059    }
3060 
3061    /* Didn't find it.  Strange -- means ip is a code address outside
3062       of any mapped text segment.  Unlikely but not impossible -- app
3063       could be generating code to run. */
3064    if (!di)
3065       return False;
3066 
3067    if (0 && ((n_search & 0x1) == 0))
3068       VG_(printf)("consider_vars_in_frame: %u searches, "
3069                   "%u DebugInfos looked at\n",
3070                   n_search, n_steps);
3071    /* Start of performance-enhancing hack: once every ??? (chosen
3072       hackily after profiling) successful searches, move the found
3073       DebugInfo one step closer to the start of the list.  This makes
3074       future searches cheaper. */
3075    if ((n_search & 0xFFFF) == 0) {
3076       /* Move si one step closer to the start of the list. */
3077       move_DebugInfo_one_step_forward( di );
3078    }
3079    /* End of performance-enhancing hack. */
3080 
3081    /* any var info at all? */
3082    if (!di->varinfo)
3083       return False;
3084 
3085    /* Work through the scopes from most deeply nested outwards,
3086       looking for code address ranges that bracket 'ip'.  The
3087       variables on each such address range found are in scope right
3088       now.  Don't descend to level zero as that is the global
3089       scope. */
3090    regs.ip = ip;
3091    regs.sp = sp;
3092    regs.fp = fp;
3093 
3094    /* "for each scope, working outwards ..." */
3095    for (i = VG_(sizeXA)(di->varinfo) - 1; i >= 1; i--) {
3096       XArray*      vars;
3097       Word         j;
3098       DiAddrRange* arange;
3099       OSet*        this_scope
3100          = *(OSet**)VG_(indexXA)( di->varinfo, i );
3101       if (debug)
3102          VG_(printf)("QQQQ:   considering scope %ld\n", (Word)i);
3103       if (!this_scope)
3104          continue;
3105       /* Find the set of variables in this scope that
3106          bracket the program counter. */
3107       arange = VG_(OSetGen_LookupWithCmp)(
3108                   this_scope, &ip,
3109                   ML_(cmp_for_DiAddrRange_range)
3110                );
3111       if (!arange)
3112          continue;
3113       /* stay sane */
3114       vg_assert(arange->aMin <= arange->aMax);
3115       /* It must bracket the ip we asked for, else
3116          ML_(cmp_for_DiAddrRange_range) is somehow broken. */
3117       vg_assert(arange->aMin <= ip && ip <= arange->aMax);
3118       /* It must have an attached XArray of DiVariables. */
3119       vars = arange->vars;
3120       vg_assert(vars);
3121       /* But it mustn't cover the entire address range.  We only
3122          expect that to happen for the global scope (level 0), which
3123          we're not looking at here.  Except, it may cover the entire
3124          address range, but in that case the vars array must be
3125          empty. */
3126       vg_assert(! (arange->aMin == (Addr)0
3127                    && arange->aMax == ~(Addr)0
3128                    && VG_(sizeXA)(vars) > 0) );
3129       for (j = 0; j < VG_(sizeXA)( vars ); j++) {
3130          DiVariable* var = (DiVariable*)VG_(indexXA)( vars, j );
3131          PtrdiffT    offset;
3132          if (debug)
3133             VG_(printf)("QQQQ:    var:name=%s %#lx-%#lx %#lx\n",
3134                         var->name,arange->aMin,arange->aMax,ip);
3135          if (data_address_is_in_var( &offset, di->admin_tyents,
3136                                      var, &regs,
3137                                      data_addr, di )) {
3138             PtrdiffT residual_offset = 0;
3139             XArray* described = ML_(describe_type)( &residual_offset,
3140                                                     di->admin_tyents,
3141                                                     var->typeR, offset );
3142             format_message( dname1, dname2,
3143                             data_addr, var, offset, residual_offset,
3144                             described, frameNo, tid );
3145             VG_(deleteXA)( described );
3146             return True;
3147          }
3148       }
3149    }
3150 
3151    return False;
3152 }
3153 
3154 /* Try to form some description of DATA_ADDR by looking at the DWARF3
3155    debug info we have.  This considers all global variables, and all
3156    frames in the stacks of all threads.  Result is written at the ends
3157    of DNAME{1,2}V, which are XArray*s of HChar, that have been
3158    initialised by the caller, and True is returned.  If no description
3159    is created, False is returned.  Regardless of the return value,
3160    DNAME{1,2}V are guaranteed to be zero terminated after the call.
3161 
3162    Note that after the call, DNAME{1,2} may have more than one
3163    trailing zero, so callers should establish the useful text length
3164    using VG_(strlen) on the contents, rather than VG_(sizeXA) on the
3165    XArray itself.
3166 */
VG_(get_data_description)3167 Bool VG_(get_data_description)(
3168         /*MOD*/ void* /* really, XArray* of HChar */ dname1v,
3169         /*MOD*/ void* /* really, XArray* of HChar */ dname2v,
3170         Addr data_addr
3171      )
3172 {
3173 #  define N_FRAMES 8
3174    Addr ips[N_FRAMES], sps[N_FRAMES], fps[N_FRAMES];
3175    UInt n_frames;
3176 
3177    Addr       stack_min, stack_max;
3178    ThreadId   tid;
3179    Bool       found;
3180    DebugInfo* di;
3181    Word       j;
3182 
3183    XArray*    dname1 = (XArray*)dname1v;
3184    XArray*    dname2 = (XArray*)dname2v;
3185 
3186    if (0) VG_(printf)("get_data_description: dataaddr %#lx\n", data_addr);
3187    /* First, see if data_addr is (or is part of) a global variable.
3188       Loop over the DebugInfos we have.  Check data_addr against the
3189       outermost scope of all of them, as that should be a global
3190       scope. */
3191    for (di = debugInfo_list; di != NULL; di = di->next) {
3192       OSet*        global_scope;
3193       Word         gs_size;
3194       Addr         zero;
3195       DiAddrRange* global_arange;
3196       Word         i;
3197       XArray*      vars;
3198 
3199       /* text segment missing? unlikely, but handle it .. */
3200       if (!di->text_present || di->text_size == 0)
3201          continue;
3202       /* any var info at all? */
3203       if (!di->varinfo)
3204          continue;
3205       /* perhaps this object didn't contribute any vars at all? */
3206       if (VG_(sizeXA)( di->varinfo ) == 0)
3207          continue;
3208       global_scope = *(OSet**)VG_(indexXA)( di->varinfo, 0 );
3209       vg_assert(global_scope);
3210       gs_size = VG_(OSetGen_Size)( global_scope );
3211       /* The global scope might be completely empty if this
3212          compilation unit declared locals but nothing global. */
3213       if (gs_size == 0)
3214           continue;
3215       /* But if it isn't empty, then it must contain exactly one
3216          element, which covers the entire address range. */
3217       vg_assert(gs_size == 1);
3218       /* Fish out the global scope and check it is as expected. */
3219       zero = 0;
3220       global_arange
3221          = VG_(OSetGen_Lookup)( global_scope, &zero );
3222       /* The global range from (Addr)0 to ~(Addr)0 must exist */
3223       vg_assert(global_arange);
3224       vg_assert(global_arange->aMin == (Addr)0
3225                 && global_arange->aMax == ~(Addr)0);
3226       /* Any vars in this range? */
3227       if (!global_arange->vars)
3228          continue;
3229       /* Ok, there are some vars in the global scope of this
3230          DebugInfo.  Wade through them and see if the data addresses
3231          of any of them bracket data_addr. */
3232       vars = global_arange->vars;
3233       for (i = 0; i < VG_(sizeXA)( vars ); i++) {
3234          PtrdiffT offset;
3235          DiVariable* var = (DiVariable*)VG_(indexXA)( vars, i );
3236          vg_assert(var->name);
3237          /* Note we use a NULL RegSummary* here.  It can't make any
3238             sense for a global variable to have a location expression
3239             which depends on a SP/FP/IP value.  So don't supply any.
3240             This means, if the evaluation of the location
3241             expression/list requires a register, we have to let it
3242             fail. */
3243          if (data_address_is_in_var( &offset, di->admin_tyents, var,
3244                                      NULL/* RegSummary* */,
3245                                      data_addr, di )) {
3246             PtrdiffT residual_offset = 0;
3247             XArray* described = ML_(describe_type)( &residual_offset,
3248                                                     di->admin_tyents,
3249                                                     var->typeR, offset );
3250             format_message( dname1, dname2,
3251                             data_addr, var, offset, residual_offset,
3252                             described, -1/*frameNo*/,
3253                             VG_INVALID_THREADID );
3254             VG_(deleteXA)( described );
3255             zterm_XA( dname1 );
3256             zterm_XA( dname2 );
3257             return True;
3258          }
3259       }
3260    }
3261 
3262    /* Ok, well it's not a global variable.  So now let's snoop around
3263       in the stacks of all the threads.  First try to figure out which
3264       thread's stack data_addr is in. */
3265 
3266    /* --- KLUDGE --- Try examining the top frame of all thread stacks.
3267       This finds variables which are not stack allocated but are not
3268       globally visible either; specifically it appears to pick up
3269       variables which are visible only within a compilation unit.
3270       These will have the address range of the compilation unit and
3271       tend to live at Scope level 1. */
3272    VG_(thread_stack_reset_iter)(&tid);
3273    while ( VG_(thread_stack_next)(&tid, &stack_min, &stack_max) ) {
3274       if (stack_min >= stack_max)
3275          continue; /* ignore obviously stupid cases */
3276       if (consider_vars_in_frame( dname1, dname2,
3277                                   data_addr,
3278                                   VG_(get_IP)(tid),
3279                                   VG_(get_SP)(tid),
3280                                   VG_(get_FP)(tid), tid, 0 )) {
3281          zterm_XA( dname1 );
3282          zterm_XA( dname2 );
3283          return True;
3284       }
3285    }
3286    /* --- end KLUDGE --- */
3287 
3288    /* Perhaps it's on a thread's stack? */
3289    found = False;
3290    VG_(thread_stack_reset_iter)(&tid);
3291    while ( VG_(thread_stack_next)(&tid, &stack_min, &stack_max) ) {
3292       if (stack_min >= stack_max)
3293          continue; /* ignore obviously stupid cases */
3294       if (stack_min - VG_STACK_REDZONE_SZB <= data_addr
3295           && data_addr <= stack_max) {
3296          found = True;
3297          break;
3298       }
3299    }
3300    if (!found) {
3301       zterm_XA( dname1 );
3302       zterm_XA( dname2 );
3303       return False;
3304    }
3305 
3306    /* We conclude data_addr is in thread tid's stack.  Unwind the
3307       stack to get a bunch of (ip,sp,fp) triples describing the
3308       frames, and for each frame, consider the local variables. */
3309    n_frames = VG_(get_StackTrace)( tid, ips, N_FRAMES,
3310                                    sps, fps, 0/*first_ip_delta*/ );
3311 
3312    /* As a result of KLUDGE above, starting the loop at j = 0
3313       duplicates examination of the top frame and so isn't necessary.
3314       Oh well. */
3315    vg_assert(n_frames >= 0 && n_frames <= N_FRAMES);
3316    for (j = 0; j < n_frames; j++) {
3317       if (consider_vars_in_frame( dname1, dname2,
3318                                   data_addr,
3319                                   ips[j],
3320                                   sps[j], fps[j], tid, j )) {
3321          zterm_XA( dname1 );
3322          zterm_XA( dname2 );
3323          return True;
3324       }
3325       /* Now, it appears that gcc sometimes appears to produce
3326          location lists whose ranges don't actually cover the call
3327          instruction, even though the address of the variable in
3328          question is passed as a parameter in the call.  AFAICS this
3329          is simply a bug in gcc - how can the variable be claimed not
3330          exist in memory (on the stack) for the duration of a call in
3331          which its address is passed?  But anyway, in the particular
3332          case I investigated (memcheck/tests/varinfo6.c, call to croak
3333          on line 2999, local var budget declared at line 3115
3334          appearing not to exist across the call to mainSort on line
3335          3143, "gcc.orig (GCC) 3.4.4 20050721 (Red Hat 3.4.4-2)" on
3336          amd64), the variable's location list does claim it exists
3337          starting at the first byte of the first instruction after the
3338          call instruction.  So, call consider_vars_in_frame a second
3339          time, but this time add 1 to the IP.  GDB handles this
3340          example with no difficulty, which leads me to believe that
3341          either (1) I misunderstood something, or (2) GDB has an
3342          equivalent kludge. */
3343       if (j > 0 /* this is a non-innermost frame */
3344           && consider_vars_in_frame( dname1, dname2,
3345                                      data_addr,
3346                                      ips[j] + 1,
3347                                      sps[j], fps[j], tid, j )) {
3348          zterm_XA( dname1 );
3349          zterm_XA( dname2 );
3350          return True;
3351       }
3352    }
3353 
3354    /* We didn't find anything useful. */
3355    zterm_XA( dname1 );
3356    zterm_XA( dname2 );
3357    return False;
3358 #  undef N_FRAMES
3359 }
3360 
3361 
3362 //////////////////////////////////////////////////////////////////
3363 //                                                              //
3364 // Support for other kinds of queries to the Dwarf3 var info    //
3365 //                                                              //
3366 //////////////////////////////////////////////////////////////////
3367 
3368 /* Figure out if the variable 'var' has a location that is linearly
3369    dependent on a stack pointer value, or a frame pointer value, and
3370    if it is, add a description of it to 'blocks'.  Otherwise ignore
3371    it.  If 'arrays_only' is True, also ignore it unless it has an
3372    array type. */
3373 
3374 static
analyse_deps(XArray * blocks,XArray * tyents,Addr ip,const DebugInfo * di,DiVariable * var,Bool arrays_only)3375 void analyse_deps ( /*MOD*/XArray* /* of FrameBlock */ blocks,
3376                     XArray* /* TyEnt */ tyents,
3377                     Addr ip, const DebugInfo* di, DiVariable* var,
3378                     Bool arrays_only )
3379 {
3380    GXResult   res_sp_6k, res_sp_7k, res_fp_6k, res_fp_7k;
3381    RegSummary regs;
3382    MaybeULong mul;
3383    Bool       isVec;
3384    TyEnt*     ty;
3385 
3386    Bool debug = False;
3387    if (0&&debug)
3388       VG_(printf)("adeps: var %s\n", var->name );
3389 
3390    /* Figure out how big the variable is. */
3391    mul = ML_(sizeOfType)(tyents, var->typeR);
3392    /* If this var has a type whose size is unknown, zero, or
3393       impossibly large, it should never have been added.  ML_(addVar)
3394       should have rejected it. */
3395    vg_assert(mul.b == True);
3396    vg_assert(mul.ul > 0);
3397    if (sizeof(void*) == 4) vg_assert(mul.ul < (1ULL << 32));
3398    /* After this point, we assume we can truncate mul.ul to a host word
3399       safely (without loss of info). */
3400 
3401    /* skip if non-array and we're only interested in arrays */
3402    ty = ML_(TyEnts__index_by_cuOff)( tyents, NULL, var->typeR );
3403    vg_assert(ty);
3404    vg_assert(ty->tag == Te_UNKNOWN || ML_(TyEnt__is_type)(ty));
3405    if (ty->tag == Te_UNKNOWN)
3406       return; /* perhaps we should complain in this case? */
3407    isVec = ty->tag == Te_TyArray;
3408    if (arrays_only && !isVec)
3409       return;
3410 
3411    if (0) {ML_(pp_TyEnt_C_ishly)(tyents, var->typeR);
3412            VG_(printf)("  %s\n", var->name);}
3413 
3414    /* Do some test evaluations of the variable's location expression,
3415       in order to guess whether it is sp-relative, fp-relative, or
3416       none.  A crude hack, which can be interpreted roughly as finding
3417       the first derivative of the location expression w.r.t. the
3418       supplied frame and stack pointer values. */
3419    regs.fp   = 0;
3420    regs.ip   = ip;
3421    regs.sp   = 6 * 1024;
3422    res_sp_6k = ML_(evaluate_GX)( var->gexpr, var->fbGX, &regs, di );
3423 
3424    regs.fp   = 0;
3425    regs.ip   = ip;
3426    regs.sp   = 7 * 1024;
3427    res_sp_7k = ML_(evaluate_GX)( var->gexpr, var->fbGX, &regs, di );
3428 
3429    regs.fp   = 6 * 1024;
3430    regs.ip   = ip;
3431    regs.sp   = 0;
3432    res_fp_6k = ML_(evaluate_GX)( var->gexpr, var->fbGX, &regs, di );
3433 
3434    regs.fp   = 7 * 1024;
3435    regs.ip   = ip;
3436    regs.sp   = 0;
3437    res_fp_7k = ML_(evaluate_GX)( var->gexpr, var->fbGX, &regs, di );
3438 
3439    vg_assert(res_sp_6k.kind == res_sp_7k.kind);
3440    vg_assert(res_sp_6k.kind == res_fp_6k.kind);
3441    vg_assert(res_sp_6k.kind == res_fp_7k.kind);
3442 
3443    if (res_sp_6k.kind == GXR_Addr) {
3444       StackBlock block;
3445       GXResult res;
3446       UWord sp_delta = res_sp_7k.word - res_sp_6k.word;
3447       UWord fp_delta = res_fp_7k.word - res_fp_6k.word;
3448       tl_assert(sp_delta == 0 || sp_delta == 1024);
3449       tl_assert(fp_delta == 0 || fp_delta == 1024);
3450 
3451       if (sp_delta == 0 && fp_delta == 0) {
3452          /* depends neither on sp nor fp, so it can't be a stack
3453             local.  Ignore it. */
3454       }
3455       else
3456       if (sp_delta == 1024 && fp_delta == 0) {
3457          regs.sp = regs.fp = 0;
3458          regs.ip = ip;
3459          res = ML_(evaluate_GX)( var->gexpr, var->fbGX, &regs, di );
3460          tl_assert(res.kind == GXR_Addr);
3461          if (debug)
3462          VG_(printf)("   %5ld .. %5ld (sp) %s\n",
3463                      res.word, res.word + ((UWord)mul.ul) - 1, var->name);
3464          block.base  = res.word;
3465          block.szB   = (SizeT)mul.ul;
3466          block.spRel = True;
3467          block.isVec = isVec;
3468          VG_(memset)( &block.name[0], 0, sizeof(block.name) );
3469          if (var->name)
3470             VG_(strncpy)( &block.name[0], var->name, sizeof(block.name)-1 );
3471          block.name[ sizeof(block.name)-1 ] = 0;
3472          VG_(addToXA)( blocks, &block );
3473       }
3474       else
3475       if (sp_delta == 0 && fp_delta == 1024) {
3476          regs.sp = regs.fp = 0;
3477          regs.ip = ip;
3478          res = ML_(evaluate_GX)( var->gexpr, var->fbGX, &regs, di );
3479          tl_assert(res.kind == GXR_Addr);
3480          if (debug)
3481          VG_(printf)("   %5ld .. %5ld (FP) %s\n",
3482                      res.word, res.word + ((UWord)mul.ul) - 1, var->name);
3483          block.base  = res.word;
3484          block.szB   = (SizeT)mul.ul;
3485          block.spRel = False;
3486          block.isVec = isVec;
3487          VG_(memset)( &block.name[0], 0, sizeof(block.name) );
3488          if (var->name)
3489             VG_(strncpy)( &block.name[0], var->name, sizeof(block.name)-1 );
3490          block.name[ sizeof(block.name)-1 ] = 0;
3491          VG_(addToXA)( blocks, &block );
3492       }
3493       else {
3494          vg_assert(0);
3495       }
3496    }
3497 }
3498 
3499 
3500 /* Get an XArray of StackBlock which describe the stack (auto) blocks
3501    for this ip.  The caller is expected to free the XArray at some
3502    point.  If 'arrays_only' is True, only array-typed blocks are
3503    returned; otherwise blocks of all types are returned. */
3504 
3505 void* /* really, XArray* of StackBlock */
VG_(di_get_stack_blocks_at_ip)3506       VG_(di_get_stack_blocks_at_ip)( Addr ip, Bool arrays_only )
3507 {
3508    /* This is a derivation of consider_vars_in_frame() above. */
3509    Word       i;
3510    DebugInfo* di;
3511    Bool debug = False;
3512 
3513    XArray* res = VG_(newXA)( ML_(dinfo_zalloc), "di.debuginfo.dgsbai.1",
3514                              ML_(dinfo_free),
3515                              sizeof(StackBlock) );
3516 
3517    static UInt n_search = 0;
3518    static UInt n_steps = 0;
3519    n_search++;
3520    if (debug)
3521       VG_(printf)("QQQQ: dgsbai: ip %#lx\n", ip);
3522    /* first, find the DebugInfo that pertains to 'ip'. */
3523    for (di = debugInfo_list; di; di = di->next) {
3524       n_steps++;
3525       /* text segment missing? unlikely, but handle it .. */
3526       if (!di->text_present || di->text_size == 0)
3527          continue;
3528       /* Ok.  So does this text mapping bracket the ip? */
3529       if (di->text_avma <= ip && ip < di->text_avma + di->text_size)
3530          break;
3531    }
3532 
3533    /* Didn't find it.  Strange -- means ip is a code address outside
3534       of any mapped text segment.  Unlikely but not impossible -- app
3535       could be generating code to run. */
3536    if (!di)
3537       return res; /* currently empty */
3538 
3539    if (0 && ((n_search & 0x1) == 0))
3540       VG_(printf)("VG_(di_get_stack_blocks_at_ip): %u searches, "
3541                   "%u DebugInfos looked at\n",
3542                   n_search, n_steps);
3543    /* Start of performance-enhancing hack: once every ??? (chosen
3544       hackily after profiling) successful searches, move the found
3545       DebugInfo one step closer to the start of the list.  This makes
3546       future searches cheaper. */
3547    if ((n_search & 0xFFFF) == 0) {
3548       /* Move si one step closer to the start of the list. */
3549       move_DebugInfo_one_step_forward( di );
3550    }
3551    /* End of performance-enhancing hack. */
3552 
3553    /* any var info at all? */
3554    if (!di->varinfo)
3555       return res; /* currently empty */
3556 
3557    /* Work through the scopes from most deeply nested outwards,
3558       looking for code address ranges that bracket 'ip'.  The
3559       variables on each such address range found are in scope right
3560       now.  Don't descend to level zero as that is the global
3561       scope. */
3562 
3563    /* "for each scope, working outwards ..." */
3564    for (i = VG_(sizeXA)(di->varinfo) - 1; i >= 1; i--) {
3565       XArray*      vars;
3566       Word         j;
3567       DiAddrRange* arange;
3568       OSet*        this_scope
3569          = *(OSet**)VG_(indexXA)( di->varinfo, i );
3570       if (debug)
3571          VG_(printf)("QQQQ:   considering scope %ld\n", (Word)i);
3572       if (!this_scope)
3573          continue;
3574       /* Find the set of variables in this scope that
3575          bracket the program counter. */
3576       arange = VG_(OSetGen_LookupWithCmp)(
3577                   this_scope, &ip,
3578                   ML_(cmp_for_DiAddrRange_range)
3579                );
3580       if (!arange)
3581          continue;
3582       /* stay sane */
3583       vg_assert(arange->aMin <= arange->aMax);
3584       /* It must bracket the ip we asked for, else
3585          ML_(cmp_for_DiAddrRange_range) is somehow broken. */
3586       vg_assert(arange->aMin <= ip && ip <= arange->aMax);
3587       /* It must have an attached XArray of DiVariables. */
3588       vars = arange->vars;
3589       vg_assert(vars);
3590       /* But it mustn't cover the entire address range.  We only
3591          expect that to happen for the global scope (level 0), which
3592          we're not looking at here.  Except, it may cover the entire
3593          address range, but in that case the vars array must be
3594          empty. */
3595       vg_assert(! (arange->aMin == (Addr)0
3596                    && arange->aMax == ~(Addr)0
3597                    && VG_(sizeXA)(vars) > 0) );
3598       for (j = 0; j < VG_(sizeXA)( vars ); j++) {
3599          DiVariable* var = (DiVariable*)VG_(indexXA)( vars, j );
3600          if (debug)
3601             VG_(printf)("QQQQ:    var:name=%s %#lx-%#lx %#lx\n",
3602                         var->name,arange->aMin,arange->aMax,ip);
3603          analyse_deps( res, di->admin_tyents, ip,
3604                        di, var, arrays_only );
3605       }
3606    }
3607 
3608    return res;
3609 }
3610 
3611 
3612 /* Get an array of GlobalBlock which describe the global blocks owned
3613    by the shared object characterised by the given di_handle.  Asserts
3614    if the handle is invalid.  The caller is responsible for freeing
3615    the array at some point.  If 'arrays_only' is True, only
3616    array-typed blocks are returned; otherwise blocks of all types are
3617    returned. */
3618 
3619 void* /* really, XArray* of GlobalBlock */
VG_(di_get_global_blocks_from_dihandle)3620       VG_(di_get_global_blocks_from_dihandle) ( ULong di_handle,
3621                                                 Bool  arrays_only )
3622 {
3623    /* This is a derivation of consider_vars_in_frame() above. */
3624 
3625    DebugInfo* di;
3626    XArray* gvars; /* XArray* of GlobalBlock */
3627    Word nScopes, scopeIx;
3628 
3629    /* The first thing to do is find the DebugInfo that
3630       pertains to 'di_handle'. */
3631    tl_assert(di_handle > 0);
3632    for (di = debugInfo_list; di; di = di->next) {
3633       if (di->handle == di_handle)
3634          break;
3635    }
3636 
3637    /* If this fails, we were unable to find any DebugInfo with the
3638       given handle.  This is considered an error on the part of the
3639       caller. */
3640    tl_assert(di != NULL);
3641 
3642    /* we'll put the collected variables in here. */
3643    gvars = VG_(newXA)( ML_(dinfo_zalloc), "di.debuginfo.dggbfd.1",
3644                        ML_(dinfo_free), sizeof(GlobalBlock) );
3645    tl_assert(gvars);
3646 
3647    /* any var info at all? */
3648    if (!di->varinfo)
3649       return gvars;
3650 
3651    /* we'll iterate over all the variables we can find, even if
3652       it seems senseless to visit stack-allocated variables */
3653    /* Iterate over all scopes */
3654    nScopes = VG_(sizeXA)( di->varinfo );
3655    for (scopeIx = 0; scopeIx < nScopes; scopeIx++) {
3656 
3657       /* Iterate over each (code) address range at the current scope */
3658       DiAddrRange* range;
3659       OSet* /* of DiAddrInfo */ scope
3660          = *(OSet**)VG_(indexXA)( di->varinfo, scopeIx );
3661       tl_assert(scope);
3662       VG_(OSetGen_ResetIter)(scope);
3663       while ( (range = VG_(OSetGen_Next)(scope)) ) {
3664 
3665          /* Iterate over each variable in the current address range */
3666          Word nVars, varIx;
3667          tl_assert(range->vars);
3668          nVars = VG_(sizeXA)( range->vars );
3669          for (varIx = 0; varIx < nVars; varIx++) {
3670 
3671             Bool        isVec;
3672             GXResult    res;
3673             MaybeULong  mul;
3674             GlobalBlock gb;
3675             TyEnt*      ty;
3676             DiVariable* var = VG_(indexXA)( range->vars, varIx );
3677             tl_assert(var->name);
3678             if (0) VG_(printf)("at depth %ld var %s ", scopeIx, var->name );
3679 
3680             /* Now figure out if this variable has a constant address
3681                (that is, independent of FP, SP, phase of moon, etc),
3682                and if so, what the address is.  Any variable with a
3683                constant address is deemed to be a global so we collect
3684                it. */
3685             if (0) { VG_(printf)("EVAL: "); ML_(pp_GX)(var->gexpr);
3686                      VG_(printf)("\n"); }
3687             res = ML_(evaluate_trivial_GX)( var->gexpr, di );
3688 
3689             /* Not a constant address => not interesting */
3690             if (res.kind != GXR_Addr) {
3691                if (0) VG_(printf)("FAIL\n");
3692                continue;
3693             }
3694 
3695             /* Ok, it's a constant address.  See if we want to collect
3696                it. */
3697             if (0) VG_(printf)("%#lx\n", res.word);
3698 
3699             /* Figure out how big the variable is. */
3700             mul = ML_(sizeOfType)(di->admin_tyents, var->typeR);
3701 
3702             /* If this var has a type whose size is unknown, zero, or
3703                impossibly large, it should never have been added.
3704                ML_(addVar) should have rejected it. */
3705             vg_assert(mul.b == True);
3706             vg_assert(mul.ul > 0);
3707             if (sizeof(void*) == 4) vg_assert(mul.ul < (1ULL << 32));
3708             /* After this point, we assume we can truncate mul.ul to a
3709                host word safely (without loss of info). */
3710 
3711             /* skip if non-array and we're only interested in
3712                arrays */
3713             ty = ML_(TyEnts__index_by_cuOff)( di->admin_tyents, NULL,
3714                                               var->typeR );
3715             vg_assert(ty);
3716             vg_assert(ty->tag == Te_UNKNOWN || ML_(TyEnt__is_type)(ty));
3717             if (ty->tag == Te_UNKNOWN)
3718                continue; /* perhaps we should complain in this case? */
3719 
3720             isVec = ty->tag == Te_TyArray;
3721             if (arrays_only && !isVec) continue;
3722 
3723             /* Ok, so collect it! */
3724             tl_assert(var->name);
3725             tl_assert(di->soname);
3726             if (0) VG_(printf)("XXXX %s %s %d\n", var->name,
3727                                 var->fileName?(HChar*)var->fileName
3728                                              :"??",var->lineNo);
3729             VG_(memset)(&gb, 0, sizeof(gb));
3730             gb.addr  = res.word;
3731             gb.szB   = (SizeT)mul.ul;
3732             gb.isVec = isVec;
3733             VG_(strncpy)(&gb.name[0], var->name, sizeof(gb.name)-1);
3734             VG_(strncpy)(&gb.soname[0], di->soname, sizeof(gb.soname)-1);
3735             tl_assert(gb.name[ sizeof(gb.name)-1 ] == 0);
3736             tl_assert(gb.soname[ sizeof(gb.soname)-1 ] == 0);
3737 
3738             VG_(addToXA)( gvars, &gb );
3739 
3740          } /* for (varIx = 0; varIx < nVars; varIx++) */
3741 
3742       } /* while ( (range = VG_(OSetGen_Next)(scope)) ) */
3743 
3744    } /* for (scopeIx = 0; scopeIx < nScopes; scopeIx++) */
3745 
3746    return gvars;
3747 }
3748 
3749 
3750 /*------------------------------------------------------------*/
3751 /*--- DebugInfo accessor functions                         ---*/
3752 /*------------------------------------------------------------*/
3753 
VG_(next_DebugInfo)3754 const DebugInfo* VG_(next_DebugInfo)(const DebugInfo* di)
3755 {
3756    if (di == NULL)
3757       return debugInfo_list;
3758    return di->next;
3759 }
3760 
VG_(DebugInfo_get_text_avma)3761 Addr VG_(DebugInfo_get_text_avma)(const DebugInfo* di)
3762 {
3763    return di->text_present ? di->text_avma : 0;
3764 }
3765 
VG_(DebugInfo_get_text_size)3766 SizeT VG_(DebugInfo_get_text_size)(const DebugInfo* di)
3767 {
3768    return di->text_present ? di->text_size : 0;
3769 }
3770 
VG_(DebugInfo_get_plt_avma)3771 Addr VG_(DebugInfo_get_plt_avma)(const DebugInfo* di)
3772 {
3773    return di->plt_present ? di->plt_avma : 0;
3774 }
3775 
VG_(DebugInfo_get_plt_size)3776 SizeT VG_(DebugInfo_get_plt_size)(const DebugInfo* di)
3777 {
3778    return di->plt_present ? di->plt_size : 0;
3779 }
3780 
VG_(DebugInfo_get_gotplt_avma)3781 Addr VG_(DebugInfo_get_gotplt_avma)(const DebugInfo* di)
3782 {
3783    return di->gotplt_present ? di->gotplt_avma : 0;
3784 }
3785 
VG_(DebugInfo_get_gotplt_size)3786 SizeT VG_(DebugInfo_get_gotplt_size)(const DebugInfo* di)
3787 {
3788    return di->gotplt_present ? di->gotplt_size : 0;
3789 }
3790 
VG_(DebugInfo_get_soname)3791 const UChar* VG_(DebugInfo_get_soname)(const DebugInfo* di)
3792 {
3793    return di->soname;
3794 }
3795 
VG_(DebugInfo_get_filename)3796 const UChar* VG_(DebugInfo_get_filename)(const DebugInfo* di)
3797 {
3798    return di->fsm.filename;
3799 }
3800 
VG_(DebugInfo_get_text_bias)3801 PtrdiffT VG_(DebugInfo_get_text_bias)(const DebugInfo* di)
3802 {
3803    return di->text_present ? di->text_bias : 0;
3804 }
3805 
VG_(DebugInfo_syms_howmany)3806 Int VG_(DebugInfo_syms_howmany) ( const DebugInfo *si )
3807 {
3808    return si->symtab_used;
3809 }
3810 
VG_(DebugInfo_syms_getidx)3811 void VG_(DebugInfo_syms_getidx) ( const DebugInfo *si,
3812                                         Int idx,
3813                                   /*OUT*/Addr*    avma,
3814                                   /*OUT*/Addr*    tocptr,
3815                                   /*OUT*/UInt*    size,
3816                                   /*OUT*/UChar**  pri_name,
3817                                   /*OUT*/UChar*** sec_names,
3818                                   /*OUT*/Bool*    isText,
3819                                   /*OUT*/Bool*    isIFunc )
3820 {
3821    vg_assert(idx >= 0 && idx < si->symtab_used);
3822    if (avma)      *avma      = si->symtab[idx].addr;
3823    if (tocptr)    *tocptr    = si->symtab[idx].tocptr;
3824    if (size)      *size      = si->symtab[idx].size;
3825    if (pri_name)  *pri_name  = si->symtab[idx].pri_name;
3826    if (sec_names) *sec_names = si->symtab[idx].sec_names;
3827    if (isText)    *isText    = si->symtab[idx].isText;
3828    if (isIFunc)   *isIFunc   = si->symtab[idx].isIFunc;
3829 }
3830 
3831 
3832 /*------------------------------------------------------------*/
3833 /*--- SectKind query functions                             ---*/
3834 /*------------------------------------------------------------*/
3835 
3836 /* Convert a VgSectKind to a string, which must be copied if you want
3837    to change it. */
VG_(pp_SectKind)3838 const HChar* VG_(pp_SectKind)( VgSectKind kind )
3839 {
3840    switch (kind) {
3841       case Vg_SectUnknown: return "Unknown";
3842       case Vg_SectText:    return "Text";
3843       case Vg_SectData:    return "Data";
3844       case Vg_SectBSS:     return "BSS";
3845       case Vg_SectGOT:     return "GOT";
3846       case Vg_SectPLT:     return "PLT";
3847       case Vg_SectOPD:     return "OPD";
3848       case Vg_SectGOTPLT:  return "GOTPLT";
3849       default:             vg_assert(0);
3850    }
3851 }
3852 
3853 /* Given an address 'a', make a guess of which section of which object
3854    it comes from.  If name is non-NULL, then the last n_name-1
3855    characters of the object's name is put in name[0 .. n_name-2], and
3856    name[n_name-1] is set to zero (guaranteed zero terminated). */
3857 
VG_(DebugInfo_sect_kind)3858 VgSectKind VG_(DebugInfo_sect_kind)( /*OUT*/UChar* name, SizeT n_name,
3859                                      Addr a)
3860 {
3861    DebugInfo* di;
3862    VgSectKind res = Vg_SectUnknown;
3863 
3864    for (di = debugInfo_list; di != NULL; di = di->next) {
3865 
3866       if (0)
3867          VG_(printf)(
3868             "addr=%#lx di=%p %s got=%#lx,%ld plt=%#lx,%ld "
3869             "data=%#lx,%ld bss=%#lx,%ld\n",
3870             a, di, di->fsm.filename,
3871             di->got_avma,  di->got_size,
3872             di->plt_avma,  di->plt_size,
3873             di->data_avma, di->data_size,
3874             di->bss_avma,  di->bss_size);
3875 
3876       if (di->text_present
3877           && di->text_size > 0
3878           && a >= di->text_avma && a < di->text_avma + di->text_size) {
3879          res = Vg_SectText;
3880          break;
3881       }
3882       if (di->data_present
3883           && di->data_size > 0
3884           && a >= di->data_avma && a < di->data_avma + di->data_size) {
3885          res = Vg_SectData;
3886          break;
3887       }
3888       if (di->sdata_present
3889           && di->sdata_size > 0
3890           && a >= di->sdata_avma && a < di->sdata_avma + di->sdata_size) {
3891          res = Vg_SectData;
3892          break;
3893       }
3894       if (di->bss_present
3895           && di->bss_size > 0
3896           && a >= di->bss_avma && a < di->bss_avma + di->bss_size) {
3897          res = Vg_SectBSS;
3898          break;
3899       }
3900       if (di->sbss_present
3901           && di->sbss_size > 0
3902           && a >= di->sbss_avma && a < di->sbss_avma + di->sbss_size) {
3903          res = Vg_SectBSS;
3904          break;
3905       }
3906       if (di->plt_present
3907           && di->plt_size > 0
3908           && a >= di->plt_avma && a < di->plt_avma + di->plt_size) {
3909          res = Vg_SectPLT;
3910          break;
3911       }
3912       if (di->got_present
3913           && di->got_size > 0
3914           && a >= di->got_avma && a < di->got_avma + di->got_size) {
3915          res = Vg_SectGOT;
3916          break;
3917       }
3918       if (di->gotplt_present
3919           && di->gotplt_size > 0
3920           && a >= di->gotplt_avma && a < di->gotplt_avma + di->gotplt_size) {
3921          res = Vg_SectGOTPLT;
3922          break;
3923       }
3924       if (di->opd_present
3925           && di->opd_size > 0
3926           && a >= di->opd_avma && a < di->opd_avma + di->opd_size) {
3927          res = Vg_SectOPD;
3928          break;
3929       }
3930       /* we could also check for .eh_frame, if anyone really cares */
3931    }
3932 
3933    vg_assert( (di == NULL && res == Vg_SectUnknown)
3934               || (di != NULL && res != Vg_SectUnknown) );
3935 
3936    if (name) {
3937 
3938       vg_assert(n_name >= 8);
3939 
3940       if (di && di->fsm.filename) {
3941          Int i, j;
3942          Int fnlen = VG_(strlen)(di->fsm.filename);
3943          Int start_at = 1 + fnlen - n_name;
3944          if (start_at < 0) start_at = 0;
3945          vg_assert(start_at < fnlen);
3946          i = start_at; j = 0;
3947          while (True) {
3948             vg_assert(j >= 0 && j < n_name);
3949             vg_assert(i >= 0 && i <= fnlen);
3950             name[j] = di->fsm.filename[i];
3951             if (di->fsm.filename[i] == 0) break;
3952             i++; j++;
3953          }
3954          vg_assert(i == fnlen);
3955       } else {
3956          VG_(snprintf)(name, n_name, "%s", "???");
3957       }
3958 
3959       name[n_name-1] = 0;
3960    }
3961 
3962    return res;
3963 
3964 }
3965 
3966 /*--------------------------------------------------------------------*/
3967 /*--- end                                                          ---*/
3968 /*--------------------------------------------------------------------*/
3969