• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 
2 /*--------------------------------------------------------------------*/
3 /*--- Take snapshots of client stacks.              m_stacktrace.c ---*/
4 /*--------------------------------------------------------------------*/
5 
6 /*
7    This file is part of Valgrind, a dynamic binary instrumentation
8    framework.
9 
10    Copyright (C) 2000-2012 Julian Seward
11       jseward@acm.org
12 
13    This program is free software; you can redistribute it and/or
14    modify it under the terms of the GNU General Public License as
15    published by the Free Software Foundation; either version 2 of the
16    License, or (at your option) any later version.
17 
18    This program is distributed in the hope that it will be useful, but
19    WITHOUT ANY WARRANTY; without even the implied warranty of
20    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
21    General Public License for more details.
22 
23    You should have received a copy of the GNU General Public License
24    along with this program; if not, write to the Free Software
25    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
26    02111-1307, USA.
27 
28    The GNU General Public License is contained in the file COPYING.
29 */
30 
31 #include "pub_core_basics.h"
32 #include "pub_core_vki.h"
33 #include "pub_core_libcsetjmp.h"    // to keep _threadstate.h happy
34 #include "pub_core_threadstate.h"
35 #include "pub_core_debuginfo.h"     // XXX: circular dependency
36 #include "pub_core_aspacemgr.h"     // For VG_(is_addressable)()
37 #include "pub_core_libcbase.h"
38 #include "pub_core_libcassert.h"
39 #include "pub_core_libcprint.h"
40 #include "pub_core_machine.h"
41 #include "pub_core_options.h"
42 #include "pub_core_stacks.h"        // VG_(stack_limits)
43 #include "pub_core_stacktrace.h"
44 #include "pub_core_xarray.h"
45 #include "pub_core_clientstate.h"   // VG_(client__dl_sysinfo_int80)
46 #include "pub_core_trampoline.h"
47 
48 
49 /*------------------------------------------------------------*/
50 /*---                                                      ---*/
51 /*--- BEGIN platform-dependent unwinder worker functions   ---*/
52 /*---                                                      ---*/
53 /*------------------------------------------------------------*/
54 
55 /* Take a snapshot of the client's stack, putting up to 'max_n_ips'
56    IPs into 'ips'.  In order to be thread-safe, we pass in the
57    thread's IP SP, FP if that's meaningful, and LR if that's
58    meaningful.  Returns number of IPs put in 'ips'.
59 
60    If you know what the thread ID for this stack is, send that as the
61    first parameter, else send zero.  This helps generate better stack
62    traces on ppc64-linux and has no effect on other platforms.
63 */
64 
65 /* ------------------------ x86 ------------------------- */
66 
67 #if defined(VGP_x86_linux) || defined(VGP_x86_darwin)
68 
VG_(get_StackTrace_wrk)69 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
70                                /*OUT*/Addr* ips, UInt max_n_ips,
71                                /*OUT*/Addr* sps, /*OUT*/Addr* fps,
72                                UnwindStartRegs* startRegs,
73                                Addr fp_max_orig )
74 {
75    Bool  debug = False;
76    Int   i;
77    Addr  fp_max;
78    UInt  n_found = 0;
79 
80    vg_assert(sizeof(Addr) == sizeof(UWord));
81    vg_assert(sizeof(Addr) == sizeof(void*));
82 
83    D3UnwindRegs uregs;
84    uregs.xip = (Addr)startRegs->r_pc;
85    uregs.xsp = (Addr)startRegs->r_sp;
86    uregs.xbp = startRegs->misc.X86.r_ebp;
87    Addr fp_min = uregs.xsp;
88 
89    /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
90       stopping when the trail goes cold, which we guess to be
91       when FP is not a reasonable stack location. */
92 
93    // JRS 2002-sep-17: hack, to round up fp_max to the end of the
94    // current page, at least.  Dunno if it helps.
95    // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
96    fp_max = VG_PGROUNDUP(fp_max_orig);
97    if (fp_max >= sizeof(Addr))
98       fp_max -= sizeof(Addr);
99 
100    if (debug)
101       VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
102                   "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
103                   max_n_ips, fp_min, fp_max_orig, fp_max,
104                   uregs.xip, uregs.xbp);
105 
106    /* Assertion broken before main() is reached in pthreaded programs;  the
107     * offending stack traces only have one item.  --njn, 2002-aug-16 */
108    /* vg_assert(fp_min <= fp_max);*/
109    // On Darwin, this kicks in for pthread-related stack traces, so they're
110    // only 1 entry long which is wrong.
111 #  if !defined(VGO_darwin)
112    if (fp_min + 512 >= fp_max) {
113       /* If the stack limits look bogus, don't poke around ... but
114          don't bomb out either. */
115       if (sps) sps[0] = uregs.xsp;
116       if (fps) fps[0] = uregs.xbp;
117       ips[0] = uregs.xip;
118       return 1;
119    }
120 #  endif
121 
122    /* fp is %ebp.  sp is %esp.  ip is %eip. */
123 
124    if (sps) sps[0] = uregs.xsp;
125    if (fps) fps[0] = uregs.xbp;
126    ips[0] = uregs.xip;
127    i = 1;
128 
129    /* Loop unwinding the stack. Note that the IP value we get on
130     * each pass (whether from CFI info or a stack frame) is a
131     * return address so is actually after the calling instruction
132     * in the calling function.
133     *
134     * Because of this we subtract one from the IP after each pass
135     * of the loop so that we find the right CFI block on the next
136     * pass - otherwise we can find the wrong CFI info if it happens
137     * to change after the calling instruction and that will mean
138     * that we will fail to unwind the next step.
139     *
140     * This most frequently happens at the end of a function when
141     * a tail call occurs and we wind up using the CFI info for the
142     * next function which is completely wrong.
143     */
144    while (True) {
145 
146       if (i >= max_n_ips)
147          break;
148 
149       /* Try to derive a new (ip,sp,fp) triple from the current
150          set. */
151 
152       /* On x86, first try the old-fashioned method of following the
153          %ebp-chain.  Code which doesn't use this (that is, compiled
154          with -fomit-frame-pointer) is not ABI compliant and so
155          relatively rare.  Besides, trying the CFI first almost always
156          fails, and is expensive. */
157       /* Deal with frames resulting from functions which begin "pushl%
158          ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */
159       if (fp_min <= uregs.xbp &&
160           uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/)
161       {
162          /* fp looks sane, so use it. */
163          uregs.xip = (((UWord*)uregs.xbp)[1]);
164          // We stop if we hit a zero (the traditional end-of-stack
165          // marker) or a one -- these correspond to recorded IPs of 0 or -1.
166          // The latter because r8818 (in this file) changes the meaning of
167          // entries [1] and above in a stack trace, by subtracting 1 from
168          // them.  Hence stacks that used to end with a zero value now end in
169          // -1 and so we must detect that too.
170          if (0 == uregs.xip || 1 == uregs.xip) break;
171          uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/
172                                + sizeof(Addr) /*ra*/;
173          uregs.xbp = (((UWord*)uregs.xbp)[0]);
174          if (sps) sps[i] = uregs.xsp;
175          if (fps) fps[i] = uregs.xbp;
176          ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
177          if (debug)
178             VG_(printf)("     ipsF[%d]=0x%08lx\n", i-1, ips[i-1]);
179          uregs.xip = uregs.xip - 1;
180             /* as per comment at the head of this loop */
181          continue;
182       }
183 
184       /* That didn't work out, so see if there is any CF info to hand
185          which can be used. */
186       if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
187          if (0 == uregs.xip || 1 == uregs.xip) break;
188          if (sps) sps[i] = uregs.xsp;
189          if (fps) fps[i] = uregs.xbp;
190          ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
191          if (debug)
192             VG_(printf)("     ipsC[%d]=0x%08lx\n", i-1, ips[i-1]);
193          uregs.xip = uregs.xip - 1;
194             /* as per comment at the head of this loop */
195          continue;
196       }
197 
198       /* And, similarly, try for MSVC FPO unwind info. */
199       if ( VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp,
200                               fp_min, fp_max ) ) {
201          if (0 == uregs.xip || 1 == uregs.xip) break;
202          if (sps) sps[i] = uregs.xsp;
203          if (fps) fps[i] = uregs.xbp;
204          ips[i++] = uregs.xip;
205          if (debug)
206             VG_(printf)("     ipsC[%d]=0x%08lx\n", i-1, ips[i-1]);
207          uregs.xip = uregs.xip - 1;
208          continue;
209       }
210 
211       /* No luck.  We have to give up. */
212       break;
213    }
214 
215    n_found = i;
216    return n_found;
217 }
218 
219 #endif
220 
221 /* ----------------------- amd64 ------------------------ */
222 
223 #if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin)
224 
VG_(get_StackTrace_wrk)225 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
226                                /*OUT*/Addr* ips, UInt max_n_ips,
227                                /*OUT*/Addr* sps, /*OUT*/Addr* fps,
228                                UnwindStartRegs* startRegs,
229                                Addr fp_max_orig )
230 {
231    Bool  debug = False;
232    Int   i;
233    Addr  fp_max;
234    UInt  n_found = 0;
235 
236    vg_assert(sizeof(Addr) == sizeof(UWord));
237    vg_assert(sizeof(Addr) == sizeof(void*));
238 
239    D3UnwindRegs uregs;
240    uregs.xip = startRegs->r_pc;
241    uregs.xsp = startRegs->r_sp;
242    uregs.xbp = startRegs->misc.AMD64.r_rbp;
243    Addr fp_min = uregs.xsp;
244 
245    /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
246       stopping when the trail goes cold, which we guess to be
247       when FP is not a reasonable stack location. */
248 
249    // JRS 2002-sep-17: hack, to round up fp_max to the end of the
250    // current page, at least.  Dunno if it helps.
251    // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
252    fp_max = VG_PGROUNDUP(fp_max_orig);
253    if (fp_max >= sizeof(Addr))
254       fp_max -= sizeof(Addr);
255 
256    if (debug)
257       VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
258                   "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
259                   max_n_ips, fp_min, fp_max_orig, fp_max,
260                   uregs.xip, uregs.xbp);
261 
262    /* Assertion broken before main() is reached in pthreaded programs;  the
263     * offending stack traces only have one item.  --njn, 2002-aug-16 */
264    /* vg_assert(fp_min <= fp_max);*/
265    // On Darwin, this kicks in for pthread-related stack traces, so they're
266    // only 1 entry long which is wrong.
267 #  if !defined(VGO_darwin)
268    if (fp_min + 256 >= fp_max) {
269       /* If the stack limits look bogus, don't poke around ... but
270          don't bomb out either. */
271       if (sps) sps[0] = uregs.xsp;
272       if (fps) fps[0] = uregs.xbp;
273       ips[0] = uregs.xip;
274       return 1;
275    }
276 #  endif
277 
278    /* fp is %rbp.  sp is %rsp.  ip is %rip. */
279 
280    ips[0] = uregs.xip;
281    if (sps) sps[0] = uregs.xsp;
282    if (fps) fps[0] = uregs.xbp;
283    i = 1;
284 
285    /* Loop unwinding the stack. Note that the IP value we get on
286     * each pass (whether from CFI info or a stack frame) is a
287     * return address so is actually after the calling instruction
288     * in the calling function.
289     *
290     * Because of this we subtract one from the IP after each pass
291     * of the loop so that we find the right CFI block on the next
292     * pass - otherwise we can find the wrong CFI info if it happens
293     * to change after the calling instruction and that will mean
294     * that we will fail to unwind the next step.
295     *
296     * This most frequently happens at the end of a function when
297     * a tail call occurs and we wind up using the CFI info for the
298     * next function which is completely wrong.
299     */
300    while (True) {
301 
302       if (i >= max_n_ips)
303          break;
304 
305       /* Try to derive a new (ip,sp,fp) triple from the current set. */
306 
307       /* First off, see if there is any CFI info to hand which can
308          be used. */
309       if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
310          if (0 == uregs.xip || 1 == uregs.xip) break;
311          if (sps) sps[i] = uregs.xsp;
312          if (fps) fps[i] = uregs.xbp;
313          ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
314          if (debug)
315             VG_(printf)("     ipsC[%d]=%#08lx\n", i-1, ips[i-1]);
316          uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
317          continue;
318       }
319 
320       /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so
321          we can safely try the old-fashioned method. */
322       /* This bit is supposed to deal with frames resulting from
323          functions which begin "pushq %rbp ; movq %rsp, %rbp".
324          Unfortunately, since we can't (easily) look at the insns at
325          the start of the fn, like GDB does, there's no reliable way
326          to tell.  Hence the hack of first trying out CFI, and if that
327          fails, then use this as a fallback. */
328       /* Note: re "- 1 * sizeof(UWord)", need to take account of the
329          fact that we are prodding at & ((UWord*)fp)[1] and so need to
330          adjust the limit check accordingly.  Omitting this has been
331          observed to cause segfaults on rare occasions. */
332       if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) {
333          /* fp looks sane, so use it. */
334          uregs.xip = (((UWord*)uregs.xbp)[1]);
335          if (0 == uregs.xip || 1 == uregs.xip) break;
336          uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/
337                                + sizeof(Addr) /*ra*/;
338          uregs.xbp = (((UWord*)uregs.xbp)[0]);
339          if (sps) sps[i] = uregs.xsp;
340          if (fps) fps[i] = uregs.xbp;
341          ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
342          if (debug)
343             VG_(printf)("     ipsF[%d]=%#08lx\n", i-1, ips[i-1]);
344          uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
345          continue;
346       }
347 
348       /* Last-ditch hack (evidently GDB does something similar).  We
349          are in the middle of nowhere and we have a nonsense value for
350          the frame pointer.  If the stack pointer is still valid,
351          assume that what it points at is a return address.  Yes,
352          desperate measures.  Could do better here:
353          - check that the supposed return address is in
354            an executable page
355          - check that the supposed return address is just after a call insn
356          - given those two checks, don't just consider *sp as the return
357            address; instead scan a likely section of stack (eg sp .. sp+256)
358            and use suitable values found there.
359       */
360       if (fp_min <= uregs.xsp && uregs.xsp < fp_max) {
361          uregs.xip = ((UWord*)uregs.xsp)[0];
362          if (0 == uregs.xip || 1 == uregs.xip) break;
363          if (sps) sps[i] = uregs.xsp;
364          if (fps) fps[i] = uregs.xbp;
365          ips[i++] = uregs.xip == 0
366                     ? 0 /* sp[0] == 0 ==> stuck at the bottom of a
367                            thread stack */
368                     : uregs.xip - 1;
369                         /* -1: refer to calling insn, not the RA */
370          if (debug)
371             VG_(printf)("     ipsH[%d]=%#08lx\n", i-1, ips[i-1]);
372          uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
373          uregs.xsp += 8;
374          continue;
375       }
376 
377       /* No luck at all.  We have to give up. */
378       break;
379    }
380 
381    n_found = i;
382    return n_found;
383 }
384 
385 #endif
386 
387 /* -----------------------ppc32/64 ---------------------- */
388 
389 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux)
390 
VG_(get_StackTrace_wrk)391 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
392                                /*OUT*/Addr* ips, UInt max_n_ips,
393                                /*OUT*/Addr* sps, /*OUT*/Addr* fps,
394                                UnwindStartRegs* startRegs,
395                                Addr fp_max_orig )
396 {
397    Bool  lr_is_first_RA = False;
398 #  if defined(VG_PLAT_USES_PPCTOC)
399    Word redir_stack_size = 0;
400    Word redirs_used      = 0;
401 #  endif
402 
403    Bool  debug = False;
404    Int   i;
405    Addr  fp_max;
406    UInt  n_found = 0;
407 
408    vg_assert(sizeof(Addr) == sizeof(UWord));
409    vg_assert(sizeof(Addr) == sizeof(void*));
410 
411    Addr ip = (Addr)startRegs->r_pc;
412    Addr sp = (Addr)startRegs->r_sp;
413    Addr fp = sp;
414 #  if defined(VGP_ppc32_linux)
415    Addr lr = startRegs->misc.PPC32.r_lr;
416 #  elif defined(VGP_ppc64_linux)
417    Addr lr = startRegs->misc.PPC64.r_lr;
418 #  endif
419    Addr fp_min = sp;
420 
421    /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
422       stopping when the trail goes cold, which we guess to be
423       when FP is not a reasonable stack location. */
424 
425    // JRS 2002-sep-17: hack, to round up fp_max to the end of the
426    // current page, at least.  Dunno if it helps.
427    // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
428    fp_max = VG_PGROUNDUP(fp_max_orig);
429    if (fp_max >= sizeof(Addr))
430       fp_max -= sizeof(Addr);
431 
432    if (debug)
433       VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
434                   "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
435 		  max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp);
436 
437    /* Assertion broken before main() is reached in pthreaded programs;  the
438     * offending stack traces only have one item.  --njn, 2002-aug-16 */
439    /* vg_assert(fp_min <= fp_max);*/
440    if (fp_min + 512 >= fp_max) {
441       /* If the stack limits look bogus, don't poke around ... but
442          don't bomb out either. */
443       if (sps) sps[0] = sp;
444       if (fps) fps[0] = fp;
445       ips[0] = ip;
446       return 1;
447    }
448 
449    /* fp is %r1.  ip is %cia.  Note, ppc uses r1 as both the stack and
450       frame pointers. */
451 
452 #  if defined(VGP_ppc64_linux)
453    redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE;
454    redirs_used      = 0;
455 #  endif
456 
457 #  if defined(VG_PLAT_USES_PPCTOC)
458    /* Deal with bogus LR values caused by function
459       interception/wrapping on ppc-TOC platforms; see comment on
460       similar code a few lines further down. */
461    if (ULong_to_Ptr(lr) == (void*)&VG_(ppctoc_magic_redirect_return_stub)
462        && VG_(is_valid_tid)(tid_if_known)) {
463       Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP;
464       redirs_used++;
465       if (hsp >= 1 && hsp < redir_stack_size)
466          lr = VG_(threads)[tid_if_known]
467                  .arch.vex.guest_REDIR_STACK[hsp-1];
468    }
469 #  endif
470 
471    /* We have to determine whether or not LR currently holds this fn
472       (call it F)'s return address.  It might not if F has previously
473       called some other function, hence overwriting LR with a pointer
474       to some part of F.  Hence if LR and IP point to the same
475       function then we conclude LR does not hold this function's
476       return address; instead the LR at entry must have been saved in
477       the stack by F's prologue and so we must get it from there
478       instead.  Note all this guff only applies to the innermost
479       frame. */
480    lr_is_first_RA = False;
481    {
482 #     define M_VG_ERRTXT 1000
483       UChar buf_lr[M_VG_ERRTXT], buf_ip[M_VG_ERRTXT];
484       /* The following conditional looks grossly inefficient and
485          surely could be majorly improved, with not much effort. */
486       if (VG_(get_fnname_raw) (lr, buf_lr, M_VG_ERRTXT))
487          if (VG_(get_fnname_raw) (ip, buf_ip, M_VG_ERRTXT))
488             if (VG_(strncmp)(buf_lr, buf_ip, M_VG_ERRTXT))
489                lr_is_first_RA = True;
490 #     undef M_VG_ERRTXT
491    }
492 
493    if (sps) sps[0] = fp; /* NB. not sp */
494    if (fps) fps[0] = fp;
495    ips[0] = ip;
496    i = 1;
497 
498    if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) {
499 
500       /* initial FP is sane; keep going */
501       fp = (((UWord*)fp)[0]);
502 
503       while (True) {
504 
505         /* On ppc64-linux (ppc64-elf, really), the lr save
506            slot is 2 words back from sp, whereas on ppc32-elf(?) it's
507            only one word back. */
508 #        if defined(VG_PLAT_USES_PPCTOC)
509          const Int lr_offset = 2;
510 #        else
511          const Int lr_offset = 1;
512 #        endif
513 
514          if (i >= max_n_ips)
515             break;
516 
517          /* Try to derive a new (ip,fp) pair from the current set. */
518 
519          if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) {
520             /* fp looks sane, so use it. */
521 
522             if (i == 1 && lr_is_first_RA)
523                ip = lr;
524             else
525                ip = (((UWord*)fp)[lr_offset]);
526 
527 #           if defined(VG_PLAT_USES_PPCTOC)
528             /* Nasty hack to do with function replacement/wrapping on
529                ppc64-linux.  If LR points to our magic return stub,
530                then we are in a wrapped or intercepted function, in
531                which LR has been messed with.  The original LR will
532                have been pushed onto the thread's hidden REDIR stack
533                one down from the top (top element is the saved R2) and
534                so we should restore the value from there instead.
535                Since nested redirections can and do happen, we keep
536                track of the number of nested LRs used by the unwinding
537                so far with 'redirs_used'. */
538             if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub)
539                 && VG_(is_valid_tid)(tid_if_known)) {
540                Word hsp = VG_(threads)[tid_if_known]
541                              .arch.vex.guest_REDIR_SP;
542                hsp -= 2 * redirs_used;
543                redirs_used ++;
544                if (hsp >= 1 && hsp < redir_stack_size)
545                   ip = VG_(threads)[tid_if_known]
546                           .arch.vex.guest_REDIR_STACK[hsp-1];
547             }
548 #           endif
549 
550             if (0 == ip || 1 == ip) break;
551             if (sps) sps[i] = fp; /* NB. not sp */
552             if (fps) fps[i] = fp;
553             fp = (((UWord*)fp)[0]);
554             ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */
555             if (debug)
556                VG_(printf)("     ipsF[%d]=%#08lx\n", i-1, ips[i-1]);
557             ip = ip - 1; /* ip is probably dead at this point, but
558                             play safe, a la x86/amd64 above.  See
559                             extensive comments above. */
560             continue;
561          }
562 
563          /* No luck there.  We have to give up. */
564          break;
565       }
566    }
567 
568    n_found = i;
569    return n_found;
570 }
571 
572 #endif
573 
574 /* ------------------------ arm ------------------------- */
575 
576 #if defined(VGP_arm_linux)
577 
in_same_fn(Addr a1,Addr a2)578 static Bool in_same_fn ( Addr a1, Addr a2 )
579 {
580 #  define M_VG_ERRTXT 500
581    UChar buf_a1[M_VG_ERRTXT], buf_a2[M_VG_ERRTXT];
582    /* The following conditional looks grossly inefficient and
583       surely could be majorly improved, with not much effort. */
584    if (VG_(get_fnname_raw) (a1, buf_a1, M_VG_ERRTXT))
585       if (VG_(get_fnname_raw) (a2, buf_a2, M_VG_ERRTXT))
586          if (VG_(strncmp)(buf_a1, buf_a2, M_VG_ERRTXT))
587             return True;
588 #  undef M_VG_ERRTXT
589    return False;
590 }
591 
in_same_page(Addr a1,Addr a2)592 static Bool in_same_page ( Addr a1, Addr a2 ) {
593    return (a1 & ~0xFFF) == (a2 & ~0xFFF);
594 }
595 
abs_diff(Addr a1,Addr a2)596 static Addr abs_diff ( Addr a1, Addr a2 ) {
597    return (Addr)(a1 > a2 ? a1 - a2 : a2 - a1);
598 }
599 
has_XT_perms(Addr a)600 static Bool has_XT_perms ( Addr a )
601 {
602    NSegment const* seg = VG_(am_find_nsegment)(a);
603    return seg && seg->hasX && seg->hasT;
604 }
605 
looks_like_Thumb_call32(UShort w0,UShort w1)606 static Bool looks_like_Thumb_call32 ( UShort w0, UShort w1 )
607 {
608    if (0)
609       VG_(printf)("isT32call %04x %04x\n", (UInt)w0, (UInt)w1);
610    // BL  simm26
611    if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
612    // BLX simm26
613    if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
614    return False;
615 }
616 
looks_like_Thumb_call16(UShort w0)617 static Bool looks_like_Thumb_call16 ( UShort w0 )
618 {
619    return False;
620 }
621 
looks_like_ARM_call(UInt a0)622 static Bool looks_like_ARM_call ( UInt a0 )
623 {
624    if (0)
625       VG_(printf)("isA32call %08x\n", a0);
626    // Leading E forces unconditional only -- fix
627    if ((a0 & 0xFF000000) == 0xEB000000) return True;
628    return False;
629 }
630 
looks_like_RA(Addr ra)631 static Bool looks_like_RA ( Addr ra )
632 {
633    /* 'ra' is a plausible return address if it points to
634        an instruction after a call insn. */
635    Bool isT = (ra & 1);
636    if (isT) {
637       // returning to Thumb code
638       ra &= ~1;
639       ra -= 4;
640       if (has_XT_perms(ra)) {
641          UShort w0 = *(UShort*)ra;
642          UShort w1 = in_same_page(ra, ra+2) ? *(UShort*)(ra+2) : 0;
643          if (looks_like_Thumb_call16(w1) || looks_like_Thumb_call32(w0,w1))
644             return True;
645       }
646    } else {
647       // ARM
648       ra &= ~3;
649       ra -= 4;
650       if (has_XT_perms(ra)) {
651          UInt a0 = *(UInt*)ra;
652          if (looks_like_ARM_call(a0))
653             return True;
654       }
655    }
656    return False;
657 }
658 
VG_(get_StackTrace_wrk)659 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
660                                /*OUT*/Addr* ips, UInt max_n_ips,
661                                /*OUT*/Addr* sps, /*OUT*/Addr* fps,
662                                UnwindStartRegs* startRegs,
663                                Addr fp_max_orig )
664 {
665    Bool  debug = False;
666    Int   i;
667    Addr  fp_max;
668    UInt  n_found = 0;
669 
670    vg_assert(sizeof(Addr) == sizeof(UWord));
671    vg_assert(sizeof(Addr) == sizeof(void*));
672 
673    D3UnwindRegs uregs;
674    uregs.r15 = startRegs->r_pc & 0xFFFFFFFE;
675    uregs.r14 = startRegs->misc.ARM.r14;
676    uregs.r13 = startRegs->r_sp;
677    uregs.r12 = startRegs->misc.ARM.r12;
678    uregs.r11 = startRegs->misc.ARM.r11;
679    uregs.r7  = startRegs->misc.ARM.r7;
680    Addr fp_min = uregs.r13;
681 
682    /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
683       stopping when the trail goes cold, which we guess to be
684       when FP is not a reasonable stack location. */
685 
686    // JRS 2002-sep-17: hack, to round up fp_max to the end of the
687    // current page, at least.  Dunno if it helps.
688    // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
689    fp_max = VG_PGROUNDUP(fp_max_orig);
690    if (fp_max >= sizeof(Addr))
691       fp_max -= sizeof(Addr);
692 
693    if (debug)
694       VG_(printf)("\nmax_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
695                   "fp_max=0x%lx r15=0x%lx r13=0x%lx\n",
696                   max_n_ips, fp_min, fp_max_orig, fp_max,
697                   uregs.r15, uregs.r13);
698 
699    /* Assertion broken before main() is reached in pthreaded programs;  the
700     * offending stack traces only have one item.  --njn, 2002-aug-16 */
701    /* vg_assert(fp_min <= fp_max);*/
702    // On Darwin, this kicks in for pthread-related stack traces, so they're
703    // only 1 entry long which is wrong.
704    if (fp_min + 512 >= fp_max) {
705       /* If the stack limits look bogus, don't poke around ... but
706          don't bomb out either. */
707       if (sps) sps[0] = uregs.r13;
708       if (fps) fps[0] = 0;
709       ips[0] = uregs.r15;
710       return 1;
711    }
712 
713    /* */
714 
715    if (sps) sps[0] = uregs.r13;
716    if (fps) fps[0] = 0;
717    ips[0] = uregs.r15;
718    i = 1;
719 
720    /* Loop unwinding the stack. */
721    Bool do_stack_scan = False;
722 
723    while (True) {
724       if (debug) {
725          VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n",
726                      i, uregs.r15, uregs.r13);
727       }
728 
729       if (i >= max_n_ips)
730          break;
731 
732       if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
733          if (sps) sps[i] = uregs.r13;
734          if (fps) fps[i] = 0;
735          ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1;
736          if (debug)
737             VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n",
738                         uregs.r15, uregs.r13);
739          uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1;
740          continue;
741       }
742       /* No luck.  We have to give up. */
743       do_stack_scan = True;
744       break;
745    }
746 
747    if (0/*DISABLED BY DEFAULT*/ && do_stack_scan && i < max_n_ips && i <= 2) {
748       Int  nByStackScan = 0;
749       Addr lr = uregs.r14;
750       Addr sp = uregs.r13 & ~3;
751       Addr pc = uregs.r15;
752       // First see if LR contains
753       // something that could be a valid return address.
754       if (!in_same_fn(lr, pc) && looks_like_RA(lr)) {
755          // take it only if 'cand' isn't obviously a duplicate
756          // of the last found IP value
757          Addr cand = (lr & 0xFFFFFFFE) - 1;
758          if (abs_diff(cand, ips[i-1]) > 1) {
759             if (sps) sps[i] = 0;
760             if (fps) fps[i] = 0;
761             ips[i++] = cand;
762             nByStackScan++;
763          }
764       }
765       while (in_same_page(sp, uregs.r13)) {
766          if (i >= max_n_ips)
767             break;
768          // we're in the same page; fairly safe to keep going
769          UWord w = *(UWord*)(sp & ~0x3);
770          if (looks_like_RA(w)) {
771             Addr cand = (w & 0xFFFFFFFE) - 1;
772             // take it only if 'cand' isn't obviously a duplicate
773             // of the last found IP value
774             if (abs_diff(cand, ips[i-1]) > 1) {
775                if (sps) sps[i] = 0;
776                if (fps) fps[i] = 0;
777                ips[i++] = cand;
778                if (++nByStackScan >= 5) break;
779             }
780          }
781          sp += 4;
782       }
783    }
784 
785    n_found = i;
786    return n_found;
787 }
788 
789 #endif
790 
791 /* ------------------------ s390x ------------------------- */
792 
793 #if defined(VGP_s390x_linux)
794 
VG_(get_StackTrace_wrk)795 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
796                                /*OUT*/Addr* ips, UInt max_n_ips,
797                                /*OUT*/Addr* sps, /*OUT*/Addr* fps,
798                                UnwindStartRegs* startRegs,
799                                Addr fp_max_orig )
800 {
801    Bool  debug = False;
802    Int   i;
803    Addr  fp_max;
804    UInt  n_found = 0;
805 
806    vg_assert(sizeof(Addr) == sizeof(UWord));
807    vg_assert(sizeof(Addr) == sizeof(void*));
808 
809    D3UnwindRegs uregs;
810    uregs.ia = startRegs->r_pc;
811    uregs.sp = startRegs->r_sp;
812    Addr fp_min = uregs.sp;
813    uregs.fp = startRegs->misc.S390X.r_fp;
814    uregs.lr = startRegs->misc.S390X.r_lr;
815 
816    fp_max = VG_PGROUNDUP(fp_max_orig);
817    if (fp_max >= sizeof(Addr))
818       fp_max -= sizeof(Addr);
819 
820    if (debug)
821       VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
822                   "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n",
823                   max_n_ips, fp_min, fp_max_orig, fp_max,
824                   uregs.ia, uregs.sp,uregs.fp);
825 
826    /* The first frame is pretty obvious */
827    ips[0] = uregs.ia;
828    if (sps) sps[0] = uregs.sp;
829    if (fps) fps[0] = uregs.fp;
830    i = 1;
831 
832    /* for everything else we have to rely on the eh_frame. gcc defaults to
833       not create a backchain and all the other  tools (like gdb) also have
834       to use the CFI. */
835    while (True) {
836       if (i >= max_n_ips)
837          break;
838 
839       if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
840          if (sps) sps[i] = uregs.sp;
841          if (fps) fps[i] = uregs.fp;
842          ips[i++] = uregs.ia - 1;
843          uregs.ia = uregs.ia - 1;
844          continue;
845       }
846       /* A problem on the first frame? Lets assume it was a bad jump.
847          We will use the link register and the current stack and frame
848          pointers and see if we can use the CFI in the next round. */
849       if (i == 1) {
850          if (sps) {
851             sps[i] = sps[0];
852             uregs.sp = sps[0];
853          }
854          if (fps) {
855             fps[i] = fps[0];
856             uregs.fp = fps[0];
857          }
858          uregs.ia = uregs.lr - 1;
859          ips[i++] = uregs.lr - 1;
860          continue;
861       }
862 
863       /* No luck.  We have to give up. */
864       break;
865    }
866 
867    n_found = i;
868    return n_found;
869 }
870 
871 #endif
872 
873 /* ------------------------ mips 32------------------------- */
874 
875 #if defined(VGP_mips32_linux)
876 
VG_(get_StackTrace_wrk)877 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
878                                /*OUT*/Addr* ips, UInt max_n_ips,
879                                /*OUT*/Addr* sps, /*OUT*/Addr* fps,
880                                UnwindStartRegs* startRegs,
881                                Addr fp_max_orig )
882 {
883    Bool  debug = False;
884    Int   i;
885    Addr  fp_max;
886    UInt  n_found = 0;
887 
888    vg_assert(sizeof(Addr) == sizeof(UWord));
889    vg_assert(sizeof(Addr) == sizeof(void*));
890 
891    D3UnwindRegs uregs;
892    uregs.pc = startRegs->r_pc;
893    uregs.sp = startRegs->r_sp;
894    Addr fp_min = uregs.sp;
895 
896    uregs.fp = startRegs->misc.MIPS32.r30;
897    uregs.ra = startRegs->misc.MIPS32.r31;
898 
899    /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
900       stopping when the trail goes cold, which we guess to be
901       when FP is not a reasonable stack location. */
902 
903    fp_max = VG_PGROUNDUP(fp_max_orig);
904    if (fp_max >= sizeof(Addr))
905       fp_max -= sizeof(Addr);
906 
907    if (debug)
908       VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
909                   "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n",
910                   max_n_ips, fp_min, fp_max_orig, fp_max,
911                   uregs.pc, uregs.sp, uregs.fp);
912 
913    if (sps) sps[0] = uregs.sp;
914    if (fps) fps[0] = uregs.fp;
915    ips[0] = uregs.pc;
916    i = 1;
917 
918    /* Loop unwinding the stack. */
919 
920    while (True) {
921       if (debug) {
922          VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
923                      i, uregs.pc, uregs.sp, uregs.ra);
924       }
925       if (i >= max_n_ips)
926          break;
927 
928       if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
929          if (debug)
930             VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
931                         uregs.pc, uregs.sp, uregs.ra);
932          if (0 == uregs.pc || 1 == uregs.pc) break;
933          if (sps) sps[i] = uregs.sp;
934          if (fps) fps[i] = uregs.fp;
935          ips[i++] = uregs.pc - 4;
936          uregs.pc = uregs.pc - 4;
937          continue;
938       }
939 
940       int seen_sp_adjust = 0;
941       long frame_offset = 0;
942       PtrdiffT offset;
943       if (VG_(get_inst_offset_in_function)(uregs.pc, &offset)) {
944          Addr start_pc = uregs.pc - offset;
945          Addr limit_pc = uregs.pc;
946          Addr cur_pc;
947          for (cur_pc = start_pc; cur_pc < limit_pc; cur_pc += 4) {
948             unsigned long inst, high_word, low_word;
949             unsigned long * cur_inst;
950             int reg;
951             /* Fetch the instruction.   */
952             cur_inst = (unsigned long *)cur_pc;
953             inst = *((UInt *) cur_inst);
954             if(debug)
955                VG_(printf)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc, inst);
956 
957             /* Save some code by pre-extracting some useful fields.  */
958             high_word = (inst >> 16) & 0xffff;
959             low_word = inst & 0xffff;
960             reg = high_word & 0x1f;
961 
962             if (high_word == 0x27bd        /* addiu $sp,$sp,-i */
963                 || high_word == 0x23bd     /* addi $sp,$sp,-i */
964                 || high_word == 0x67bd) {  /* daddiu $sp,$sp,-i */
965                if (low_word & 0x8000)	/* negative stack adjustment? */
966                   frame_offset += 0x10000 - low_word;
967                else
968                   /* Exit loop if a positive stack adjustment is found, which
969                      usually means that the stack cleanup code in the function
970                      epilogue is reached.  */
971                break;
972             seen_sp_adjust = 1;
973             }
974          }
975          if(debug)
976             VG_(printf)("offset: 0x%lx\n", frame_offset);
977       }
978       if (seen_sp_adjust) {
979          if (0 == uregs.pc || 1 == uregs.pc) break;
980          if (uregs.pc == uregs.ra - 8) break;
981          if (sps) {
982             sps[i] = uregs.sp + frame_offset;
983          }
984          uregs.sp = uregs.sp + frame_offset;
985 
986          if (fps) {
987             fps[i] = fps[0];
988             uregs.fp = fps[0];
989          }
990          if (0 == uregs.ra || 1 == uregs.ra) break;
991          uregs.pc = uregs.ra - 8;
992          ips[i++] = uregs.ra - 8;
993          continue;
994       }
995 
996       if (i == 1) {
997          if (sps) {
998             sps[i] = sps[0];
999             uregs.sp = sps[0];
1000          }
1001          if (fps) {
1002             fps[i] = fps[0];
1003             uregs.fp = fps[0];
1004          }
1005          if (0 == uregs.ra || 1 == uregs.ra) break;
1006          uregs.pc = uregs.ra - 8;
1007          ips[i++] = uregs.ra - 8;
1008          continue;
1009       }
1010       /* No luck.  We have to give up. */
1011       break;
1012    }
1013 
1014    n_found = i;
1015    return n_found;
1016 }
1017 
1018 #endif
1019 
1020 
1021 /*------------------------------------------------------------*/
1022 /*---                                                      ---*/
1023 /*--- END platform-dependent unwinder worker functions     ---*/
1024 /*---                                                      ---*/
1025 /*------------------------------------------------------------*/
1026 
1027 /*------------------------------------------------------------*/
1028 /*--- Exported functions.                                  ---*/
1029 /*------------------------------------------------------------*/
1030 
VG_(get_StackTrace)1031 UInt VG_(get_StackTrace) ( ThreadId tid,
1032                            /*OUT*/StackTrace ips, UInt max_n_ips,
1033                            /*OUT*/StackTrace sps,
1034                            /*OUT*/StackTrace fps,
1035                            Word first_ip_delta )
1036 {
1037    /* Get the register values with which to start the unwind. */
1038    UnwindStartRegs startRegs;
1039    VG_(memset)( &startRegs, 0, sizeof(startRegs) );
1040    VG_(get_UnwindStartRegs)( &startRegs, tid );
1041 
1042    Addr stack_highest_word = VG_(threads)[tid].client_stack_highest_word;
1043    Addr stack_lowest_word  = 0;
1044 
1045 #  if defined(VGP_x86_linux)
1046    /* Nasty little hack to deal with syscalls - if libc is using its
1047       _dl_sysinfo_int80 function for syscalls (the TLS version does),
1048       then ip will always appear to be in that function when doing a
1049       syscall, not the actual libc function doing the syscall.  This
1050       check sees if IP is within that function, and pops the return
1051       address off the stack so that ip is placed within the library
1052       function calling the syscall.  This makes stack backtraces much
1053       more useful.
1054 
1055       The function is assumed to look like this (from glibc-2.3.6 sources):
1056          _dl_sysinfo_int80:
1057             int $0x80
1058             ret
1059       That is 3 (2+1) bytes long.  We could be more thorough and check
1060       the 3 bytes of the function are as expected, but I can't be
1061       bothered.
1062    */
1063    if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */
1064        && startRegs.r_pc >= VG_(client__dl_sysinfo_int80)
1065        && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3
1066        && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr),
1067                                       VKI_PROT_READ)) {
1068       startRegs.r_pc  = (ULong) *(Addr*)(UWord)startRegs.r_sp;
1069       startRegs.r_sp += (ULong) sizeof(Addr);
1070    }
1071 #  endif
1072 
1073    /* See if we can get a better idea of the stack limits */
1074    VG_(stack_limits)( (Addr)startRegs.r_sp,
1075                       &stack_lowest_word, &stack_highest_word );
1076 
1077    /* Take into account the first_ip_delta. */
1078    startRegs.r_pc += (Long)(Word)first_ip_delta;
1079 
1080    if (0)
1081       VG_(printf)("tid %d: stack_highest=0x%08lx ip=0x%010llx "
1082                   "sp=0x%010llx\n",
1083 		  tid, stack_highest_word,
1084                   startRegs.r_pc, startRegs.r_sp);
1085 
1086    return VG_(get_StackTrace_wrk)(tid, ips, max_n_ips,
1087                                        sps, fps,
1088                                        &startRegs,
1089                                        stack_highest_word);
1090 }
1091 
printIpDesc(UInt n,Addr ip,void * uu_opaque)1092 static void printIpDesc(UInt n, Addr ip, void* uu_opaque)
1093 {
1094    #define BUF_LEN   4096
1095 
1096    static UChar buf[BUF_LEN];
1097 
1098    VG_(describe_IP)(ip, buf, BUF_LEN);
1099 
1100    if (VG_(clo_xml)) {
1101       VG_(printf_xml)("    %s\n", buf);
1102    } else {
1103       VG_(message)(Vg_UserMsg, "   %s %s\n", ( n == 0 ? "at" : "by" ), buf);
1104    }
1105 }
1106 
1107 /* Print a StackTrace. */
VG_(pp_StackTrace)1108 void VG_(pp_StackTrace) ( StackTrace ips, UInt n_ips )
1109 {
1110    vg_assert( n_ips > 0 );
1111 
1112    if (VG_(clo_xml))
1113       VG_(printf_xml)("  <stack>\n");
1114 
1115    VG_(apply_StackTrace)( printIpDesc, NULL, ips, n_ips );
1116 
1117    if (VG_(clo_xml))
1118       VG_(printf_xml)("  </stack>\n");
1119 }
1120 
1121 /* Get and immediately print a StackTrace. */
VG_(get_and_pp_StackTrace)1122 void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips )
1123 {
1124    Addr ips[max_n_ips];
1125    UInt n_ips
1126       = VG_(get_StackTrace)(tid, ips, max_n_ips,
1127                             NULL/*array to dump SP values in*/,
1128                             NULL/*array to dump FP values in*/,
1129                             0/*first_ip_delta*/);
1130    VG_(pp_StackTrace)(ips, n_ips);
1131 }
1132 
VG_(apply_StackTrace)1133 void VG_(apply_StackTrace)(
1134         void(*action)(UInt n, Addr ip, void* opaque),
1135         void* opaque,
1136         StackTrace ips, UInt n_ips
1137      )
1138 {
1139    Bool main_done = False;
1140    Int i = 0;
1141 
1142    vg_assert(n_ips > 0);
1143    do {
1144       Addr ip = ips[i];
1145 
1146       // Stop after the first appearance of "main" or one of the other names
1147       // (the appearance of which is a pretty good sign that we've gone past
1148       // main without seeing it, for whatever reason)
1149       if ( ! VG_(clo_show_below_main) ) {
1150          Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ip);
1151          if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind) {
1152             main_done = True;
1153          }
1154       }
1155 
1156       // Act on the ip
1157       action(i, ip, opaque);
1158 
1159       i++;
1160    } while (i < n_ips && !main_done);
1161 
1162    #undef MYBUF_LEN
1163 }
1164 
1165 
1166 /*--------------------------------------------------------------------*/
1167 /*--- end                                                          ---*/
1168 /*--------------------------------------------------------------------*/
1169