1
2 /*--------------------------------------------------------------------*/
3 /*--- Take snapshots of client stacks. m_stacktrace.c ---*/
4 /*--------------------------------------------------------------------*/
5
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
9
10 Copyright (C) 2000-2012 Julian Seward
11 jseward@acm.org
12
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
17
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
22
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
26 02111-1307, USA.
27
28 The GNU General Public License is contained in the file COPYING.
29 */
30
31 #include "pub_core_basics.h"
32 #include "pub_core_vki.h"
33 #include "pub_core_libcsetjmp.h" // to keep _threadstate.h happy
34 #include "pub_core_threadstate.h"
35 #include "pub_core_debuginfo.h" // XXX: circular dependency
36 #include "pub_core_aspacemgr.h" // For VG_(is_addressable)()
37 #include "pub_core_libcbase.h"
38 #include "pub_core_libcassert.h"
39 #include "pub_core_libcprint.h"
40 #include "pub_core_machine.h"
41 #include "pub_core_options.h"
42 #include "pub_core_stacks.h" // VG_(stack_limits)
43 #include "pub_core_stacktrace.h"
44 #include "pub_core_xarray.h"
45 #include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80)
46 #include "pub_core_trampoline.h"
47
48
49 /*------------------------------------------------------------*/
50 /*--- ---*/
51 /*--- BEGIN platform-dependent unwinder worker functions ---*/
52 /*--- ---*/
53 /*------------------------------------------------------------*/
54
55 /* Take a snapshot of the client's stack, putting up to 'max_n_ips'
56 IPs into 'ips'. In order to be thread-safe, we pass in the
57 thread's IP SP, FP if that's meaningful, and LR if that's
58 meaningful. Returns number of IPs put in 'ips'.
59
60 If you know what the thread ID for this stack is, send that as the
61 first parameter, else send zero. This helps generate better stack
62 traces on ppc64-linux and has no effect on other platforms.
63 */
64
65 /* ------------------------ x86 ------------------------- */
66
67 #if defined(VGP_x86_linux) || defined(VGP_x86_darwin)
68
VG_(get_StackTrace_wrk)69 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
70 /*OUT*/Addr* ips, UInt max_n_ips,
71 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
72 UnwindStartRegs* startRegs,
73 Addr fp_max_orig )
74 {
75 Bool debug = False;
76 Int i;
77 Addr fp_max;
78 UInt n_found = 0;
79
80 vg_assert(sizeof(Addr) == sizeof(UWord));
81 vg_assert(sizeof(Addr) == sizeof(void*));
82
83 D3UnwindRegs uregs;
84 uregs.xip = (Addr)startRegs->r_pc;
85 uregs.xsp = (Addr)startRegs->r_sp;
86 uregs.xbp = startRegs->misc.X86.r_ebp;
87 Addr fp_min = uregs.xsp;
88
89 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
90 stopping when the trail goes cold, which we guess to be
91 when FP is not a reasonable stack location. */
92
93 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
94 // current page, at least. Dunno if it helps.
95 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
96 fp_max = VG_PGROUNDUP(fp_max_orig);
97 if (fp_max >= sizeof(Addr))
98 fp_max -= sizeof(Addr);
99
100 if (debug)
101 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
102 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
103 max_n_ips, fp_min, fp_max_orig, fp_max,
104 uregs.xip, uregs.xbp);
105
106 /* Assertion broken before main() is reached in pthreaded programs; the
107 * offending stack traces only have one item. --njn, 2002-aug-16 */
108 /* vg_assert(fp_min <= fp_max);*/
109 // On Darwin, this kicks in for pthread-related stack traces, so they're
110 // only 1 entry long which is wrong.
111 # if !defined(VGO_darwin)
112 if (fp_min + 512 >= fp_max) {
113 /* If the stack limits look bogus, don't poke around ... but
114 don't bomb out either. */
115 if (sps) sps[0] = uregs.xsp;
116 if (fps) fps[0] = uregs.xbp;
117 ips[0] = uregs.xip;
118 return 1;
119 }
120 # endif
121
122 /* fp is %ebp. sp is %esp. ip is %eip. */
123
124 if (sps) sps[0] = uregs.xsp;
125 if (fps) fps[0] = uregs.xbp;
126 ips[0] = uregs.xip;
127 i = 1;
128
129 /* Loop unwinding the stack. Note that the IP value we get on
130 * each pass (whether from CFI info or a stack frame) is a
131 * return address so is actually after the calling instruction
132 * in the calling function.
133 *
134 * Because of this we subtract one from the IP after each pass
135 * of the loop so that we find the right CFI block on the next
136 * pass - otherwise we can find the wrong CFI info if it happens
137 * to change after the calling instruction and that will mean
138 * that we will fail to unwind the next step.
139 *
140 * This most frequently happens at the end of a function when
141 * a tail call occurs and we wind up using the CFI info for the
142 * next function which is completely wrong.
143 */
144 while (True) {
145
146 if (i >= max_n_ips)
147 break;
148
149 /* Try to derive a new (ip,sp,fp) triple from the current
150 set. */
151
152 /* On x86, first try the old-fashioned method of following the
153 %ebp-chain. Code which doesn't use this (that is, compiled
154 with -fomit-frame-pointer) is not ABI compliant and so
155 relatively rare. Besides, trying the CFI first almost always
156 fails, and is expensive. */
157 /* Deal with frames resulting from functions which begin "pushl%
158 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */
159 if (fp_min <= uregs.xbp &&
160 uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/)
161 {
162 /* fp looks sane, so use it. */
163 uregs.xip = (((UWord*)uregs.xbp)[1]);
164 // We stop if we hit a zero (the traditional end-of-stack
165 // marker) or a one -- these correspond to recorded IPs of 0 or -1.
166 // The latter because r8818 (in this file) changes the meaning of
167 // entries [1] and above in a stack trace, by subtracting 1 from
168 // them. Hence stacks that used to end with a zero value now end in
169 // -1 and so we must detect that too.
170 if (0 == uregs.xip || 1 == uregs.xip) break;
171 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/
172 + sizeof(Addr) /*ra*/;
173 uregs.xbp = (((UWord*)uregs.xbp)[0]);
174 if (sps) sps[i] = uregs.xsp;
175 if (fps) fps[i] = uregs.xbp;
176 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
177 if (debug)
178 VG_(printf)(" ipsF[%d]=0x%08lx\n", i-1, ips[i-1]);
179 uregs.xip = uregs.xip - 1;
180 /* as per comment at the head of this loop */
181 continue;
182 }
183
184 /* That didn't work out, so see if there is any CF info to hand
185 which can be used. */
186 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
187 if (0 == uregs.xip || 1 == uregs.xip) break;
188 if (sps) sps[i] = uregs.xsp;
189 if (fps) fps[i] = uregs.xbp;
190 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
191 if (debug)
192 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]);
193 uregs.xip = uregs.xip - 1;
194 /* as per comment at the head of this loop */
195 continue;
196 }
197
198 /* And, similarly, try for MSVC FPO unwind info. */
199 if ( VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp,
200 fp_min, fp_max ) ) {
201 if (0 == uregs.xip || 1 == uregs.xip) break;
202 if (sps) sps[i] = uregs.xsp;
203 if (fps) fps[i] = uregs.xbp;
204 ips[i++] = uregs.xip;
205 if (debug)
206 VG_(printf)(" ipsC[%d]=0x%08lx\n", i-1, ips[i-1]);
207 uregs.xip = uregs.xip - 1;
208 continue;
209 }
210
211 /* No luck. We have to give up. */
212 break;
213 }
214
215 n_found = i;
216 return n_found;
217 }
218
219 #endif
220
221 /* ----------------------- amd64 ------------------------ */
222
223 #if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin)
224
VG_(get_StackTrace_wrk)225 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
226 /*OUT*/Addr* ips, UInt max_n_ips,
227 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
228 UnwindStartRegs* startRegs,
229 Addr fp_max_orig )
230 {
231 Bool debug = False;
232 Int i;
233 Addr fp_max;
234 UInt n_found = 0;
235
236 vg_assert(sizeof(Addr) == sizeof(UWord));
237 vg_assert(sizeof(Addr) == sizeof(void*));
238
239 D3UnwindRegs uregs;
240 uregs.xip = startRegs->r_pc;
241 uregs.xsp = startRegs->r_sp;
242 uregs.xbp = startRegs->misc.AMD64.r_rbp;
243 Addr fp_min = uregs.xsp;
244
245 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
246 stopping when the trail goes cold, which we guess to be
247 when FP is not a reasonable stack location. */
248
249 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
250 // current page, at least. Dunno if it helps.
251 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
252 fp_max = VG_PGROUNDUP(fp_max_orig);
253 if (fp_max >= sizeof(Addr))
254 fp_max -= sizeof(Addr);
255
256 if (debug)
257 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
258 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
259 max_n_ips, fp_min, fp_max_orig, fp_max,
260 uregs.xip, uregs.xbp);
261
262 /* Assertion broken before main() is reached in pthreaded programs; the
263 * offending stack traces only have one item. --njn, 2002-aug-16 */
264 /* vg_assert(fp_min <= fp_max);*/
265 // On Darwin, this kicks in for pthread-related stack traces, so they're
266 // only 1 entry long which is wrong.
267 # if !defined(VGO_darwin)
268 if (fp_min + 256 >= fp_max) {
269 /* If the stack limits look bogus, don't poke around ... but
270 don't bomb out either. */
271 if (sps) sps[0] = uregs.xsp;
272 if (fps) fps[0] = uregs.xbp;
273 ips[0] = uregs.xip;
274 return 1;
275 }
276 # endif
277
278 /* fp is %rbp. sp is %rsp. ip is %rip. */
279
280 ips[0] = uregs.xip;
281 if (sps) sps[0] = uregs.xsp;
282 if (fps) fps[0] = uregs.xbp;
283 i = 1;
284
285 /* Loop unwinding the stack. Note that the IP value we get on
286 * each pass (whether from CFI info or a stack frame) is a
287 * return address so is actually after the calling instruction
288 * in the calling function.
289 *
290 * Because of this we subtract one from the IP after each pass
291 * of the loop so that we find the right CFI block on the next
292 * pass - otherwise we can find the wrong CFI info if it happens
293 * to change after the calling instruction and that will mean
294 * that we will fail to unwind the next step.
295 *
296 * This most frequently happens at the end of a function when
297 * a tail call occurs and we wind up using the CFI info for the
298 * next function which is completely wrong.
299 */
300 while (True) {
301
302 if (i >= max_n_ips)
303 break;
304
305 /* Try to derive a new (ip,sp,fp) triple from the current set. */
306
307 /* First off, see if there is any CFI info to hand which can
308 be used. */
309 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
310 if (0 == uregs.xip || 1 == uregs.xip) break;
311 if (sps) sps[i] = uregs.xsp;
312 if (fps) fps[i] = uregs.xbp;
313 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
314 if (debug)
315 VG_(printf)(" ipsC[%d]=%#08lx\n", i-1, ips[i-1]);
316 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
317 continue;
318 }
319
320 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so
321 we can safely try the old-fashioned method. */
322 /* This bit is supposed to deal with frames resulting from
323 functions which begin "pushq %rbp ; movq %rsp, %rbp".
324 Unfortunately, since we can't (easily) look at the insns at
325 the start of the fn, like GDB does, there's no reliable way
326 to tell. Hence the hack of first trying out CFI, and if that
327 fails, then use this as a fallback. */
328 /* Note: re "- 1 * sizeof(UWord)", need to take account of the
329 fact that we are prodding at & ((UWord*)fp)[1] and so need to
330 adjust the limit check accordingly. Omitting this has been
331 observed to cause segfaults on rare occasions. */
332 if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) {
333 /* fp looks sane, so use it. */
334 uregs.xip = (((UWord*)uregs.xbp)[1]);
335 if (0 == uregs.xip || 1 == uregs.xip) break;
336 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/
337 + sizeof(Addr) /*ra*/;
338 uregs.xbp = (((UWord*)uregs.xbp)[0]);
339 if (sps) sps[i] = uregs.xsp;
340 if (fps) fps[i] = uregs.xbp;
341 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
342 if (debug)
343 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]);
344 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
345 continue;
346 }
347
348 /* Last-ditch hack (evidently GDB does something similar). We
349 are in the middle of nowhere and we have a nonsense value for
350 the frame pointer. If the stack pointer is still valid,
351 assume that what it points at is a return address. Yes,
352 desperate measures. Could do better here:
353 - check that the supposed return address is in
354 an executable page
355 - check that the supposed return address is just after a call insn
356 - given those two checks, don't just consider *sp as the return
357 address; instead scan a likely section of stack (eg sp .. sp+256)
358 and use suitable values found there.
359 */
360 if (fp_min <= uregs.xsp && uregs.xsp < fp_max) {
361 uregs.xip = ((UWord*)uregs.xsp)[0];
362 if (0 == uregs.xip || 1 == uregs.xip) break;
363 if (sps) sps[i] = uregs.xsp;
364 if (fps) fps[i] = uregs.xbp;
365 ips[i++] = uregs.xip == 0
366 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a
367 thread stack */
368 : uregs.xip - 1;
369 /* -1: refer to calling insn, not the RA */
370 if (debug)
371 VG_(printf)(" ipsH[%d]=%#08lx\n", i-1, ips[i-1]);
372 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
373 uregs.xsp += 8;
374 continue;
375 }
376
377 /* No luck at all. We have to give up. */
378 break;
379 }
380
381 n_found = i;
382 return n_found;
383 }
384
385 #endif
386
387 /* -----------------------ppc32/64 ---------------------- */
388
389 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64_linux)
390
VG_(get_StackTrace_wrk)391 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
392 /*OUT*/Addr* ips, UInt max_n_ips,
393 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
394 UnwindStartRegs* startRegs,
395 Addr fp_max_orig )
396 {
397 Bool lr_is_first_RA = False;
398 # if defined(VG_PLAT_USES_PPCTOC)
399 Word redir_stack_size = 0;
400 Word redirs_used = 0;
401 # endif
402
403 Bool debug = False;
404 Int i;
405 Addr fp_max;
406 UInt n_found = 0;
407
408 vg_assert(sizeof(Addr) == sizeof(UWord));
409 vg_assert(sizeof(Addr) == sizeof(void*));
410
411 Addr ip = (Addr)startRegs->r_pc;
412 Addr sp = (Addr)startRegs->r_sp;
413 Addr fp = sp;
414 # if defined(VGP_ppc32_linux)
415 Addr lr = startRegs->misc.PPC32.r_lr;
416 # elif defined(VGP_ppc64_linux)
417 Addr lr = startRegs->misc.PPC64.r_lr;
418 # endif
419 Addr fp_min = sp;
420
421 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
422 stopping when the trail goes cold, which we guess to be
423 when FP is not a reasonable stack location. */
424
425 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
426 // current page, at least. Dunno if it helps.
427 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
428 fp_max = VG_PGROUNDUP(fp_max_orig);
429 if (fp_max >= sizeof(Addr))
430 fp_max -= sizeof(Addr);
431
432 if (debug)
433 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
434 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
435 max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp);
436
437 /* Assertion broken before main() is reached in pthreaded programs; the
438 * offending stack traces only have one item. --njn, 2002-aug-16 */
439 /* vg_assert(fp_min <= fp_max);*/
440 if (fp_min + 512 >= fp_max) {
441 /* If the stack limits look bogus, don't poke around ... but
442 don't bomb out either. */
443 if (sps) sps[0] = sp;
444 if (fps) fps[0] = fp;
445 ips[0] = ip;
446 return 1;
447 }
448
449 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and
450 frame pointers. */
451
452 # if defined(VGP_ppc64_linux)
453 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE;
454 redirs_used = 0;
455 # endif
456
457 # if defined(VG_PLAT_USES_PPCTOC)
458 /* Deal with bogus LR values caused by function
459 interception/wrapping on ppc-TOC platforms; see comment on
460 similar code a few lines further down. */
461 if (ULong_to_Ptr(lr) == (void*)&VG_(ppctoc_magic_redirect_return_stub)
462 && VG_(is_valid_tid)(tid_if_known)) {
463 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP;
464 redirs_used++;
465 if (hsp >= 1 && hsp < redir_stack_size)
466 lr = VG_(threads)[tid_if_known]
467 .arch.vex.guest_REDIR_STACK[hsp-1];
468 }
469 # endif
470
471 /* We have to determine whether or not LR currently holds this fn
472 (call it F)'s return address. It might not if F has previously
473 called some other function, hence overwriting LR with a pointer
474 to some part of F. Hence if LR and IP point to the same
475 function then we conclude LR does not hold this function's
476 return address; instead the LR at entry must have been saved in
477 the stack by F's prologue and so we must get it from there
478 instead. Note all this guff only applies to the innermost
479 frame. */
480 lr_is_first_RA = False;
481 {
482 # define M_VG_ERRTXT 1000
483 UChar buf_lr[M_VG_ERRTXT], buf_ip[M_VG_ERRTXT];
484 /* The following conditional looks grossly inefficient and
485 surely could be majorly improved, with not much effort. */
486 if (VG_(get_fnname_raw) (lr, buf_lr, M_VG_ERRTXT))
487 if (VG_(get_fnname_raw) (ip, buf_ip, M_VG_ERRTXT))
488 if (VG_(strncmp)(buf_lr, buf_ip, M_VG_ERRTXT))
489 lr_is_first_RA = True;
490 # undef M_VG_ERRTXT
491 }
492
493 if (sps) sps[0] = fp; /* NB. not sp */
494 if (fps) fps[0] = fp;
495 ips[0] = ip;
496 i = 1;
497
498 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) {
499
500 /* initial FP is sane; keep going */
501 fp = (((UWord*)fp)[0]);
502
503 while (True) {
504
505 /* On ppc64-linux (ppc64-elf, really), the lr save
506 slot is 2 words back from sp, whereas on ppc32-elf(?) it's
507 only one word back. */
508 # if defined(VG_PLAT_USES_PPCTOC)
509 const Int lr_offset = 2;
510 # else
511 const Int lr_offset = 1;
512 # endif
513
514 if (i >= max_n_ips)
515 break;
516
517 /* Try to derive a new (ip,fp) pair from the current set. */
518
519 if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) {
520 /* fp looks sane, so use it. */
521
522 if (i == 1 && lr_is_first_RA)
523 ip = lr;
524 else
525 ip = (((UWord*)fp)[lr_offset]);
526
527 # if defined(VG_PLAT_USES_PPCTOC)
528 /* Nasty hack to do with function replacement/wrapping on
529 ppc64-linux. If LR points to our magic return stub,
530 then we are in a wrapped or intercepted function, in
531 which LR has been messed with. The original LR will
532 have been pushed onto the thread's hidden REDIR stack
533 one down from the top (top element is the saved R2) and
534 so we should restore the value from there instead.
535 Since nested redirections can and do happen, we keep
536 track of the number of nested LRs used by the unwinding
537 so far with 'redirs_used'. */
538 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub)
539 && VG_(is_valid_tid)(tid_if_known)) {
540 Word hsp = VG_(threads)[tid_if_known]
541 .arch.vex.guest_REDIR_SP;
542 hsp -= 2 * redirs_used;
543 redirs_used ++;
544 if (hsp >= 1 && hsp < redir_stack_size)
545 ip = VG_(threads)[tid_if_known]
546 .arch.vex.guest_REDIR_STACK[hsp-1];
547 }
548 # endif
549
550 if (0 == ip || 1 == ip) break;
551 if (sps) sps[i] = fp; /* NB. not sp */
552 if (fps) fps[i] = fp;
553 fp = (((UWord*)fp)[0]);
554 ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */
555 if (debug)
556 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]);
557 ip = ip - 1; /* ip is probably dead at this point, but
558 play safe, a la x86/amd64 above. See
559 extensive comments above. */
560 continue;
561 }
562
563 /* No luck there. We have to give up. */
564 break;
565 }
566 }
567
568 n_found = i;
569 return n_found;
570 }
571
572 #endif
573
574 /* ------------------------ arm ------------------------- */
575
576 #if defined(VGP_arm_linux)
577
in_same_fn(Addr a1,Addr a2)578 static Bool in_same_fn ( Addr a1, Addr a2 )
579 {
580 # define M_VG_ERRTXT 500
581 UChar buf_a1[M_VG_ERRTXT], buf_a2[M_VG_ERRTXT];
582 /* The following conditional looks grossly inefficient and
583 surely could be majorly improved, with not much effort. */
584 if (VG_(get_fnname_raw) (a1, buf_a1, M_VG_ERRTXT))
585 if (VG_(get_fnname_raw) (a2, buf_a2, M_VG_ERRTXT))
586 if (VG_(strncmp)(buf_a1, buf_a2, M_VG_ERRTXT))
587 return True;
588 # undef M_VG_ERRTXT
589 return False;
590 }
591
in_same_page(Addr a1,Addr a2)592 static Bool in_same_page ( Addr a1, Addr a2 ) {
593 return (a1 & ~0xFFF) == (a2 & ~0xFFF);
594 }
595
abs_diff(Addr a1,Addr a2)596 static Addr abs_diff ( Addr a1, Addr a2 ) {
597 return (Addr)(a1 > a2 ? a1 - a2 : a2 - a1);
598 }
599
has_XT_perms(Addr a)600 static Bool has_XT_perms ( Addr a )
601 {
602 NSegment const* seg = VG_(am_find_nsegment)(a);
603 return seg && seg->hasX && seg->hasT;
604 }
605
looks_like_Thumb_call32(UShort w0,UShort w1)606 static Bool looks_like_Thumb_call32 ( UShort w0, UShort w1 )
607 {
608 if (0)
609 VG_(printf)("isT32call %04x %04x\n", (UInt)w0, (UInt)w1);
610 // BL simm26
611 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
612 // BLX simm26
613 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
614 return False;
615 }
616
looks_like_Thumb_call16(UShort w0)617 static Bool looks_like_Thumb_call16 ( UShort w0 )
618 {
619 return False;
620 }
621
looks_like_ARM_call(UInt a0)622 static Bool looks_like_ARM_call ( UInt a0 )
623 {
624 if (0)
625 VG_(printf)("isA32call %08x\n", a0);
626 // Leading E forces unconditional only -- fix
627 if ((a0 & 0xFF000000) == 0xEB000000) return True;
628 return False;
629 }
630
looks_like_RA(Addr ra)631 static Bool looks_like_RA ( Addr ra )
632 {
633 /* 'ra' is a plausible return address if it points to
634 an instruction after a call insn. */
635 Bool isT = (ra & 1);
636 if (isT) {
637 // returning to Thumb code
638 ra &= ~1;
639 ra -= 4;
640 if (has_XT_perms(ra)) {
641 UShort w0 = *(UShort*)ra;
642 UShort w1 = in_same_page(ra, ra+2) ? *(UShort*)(ra+2) : 0;
643 if (looks_like_Thumb_call16(w1) || looks_like_Thumb_call32(w0,w1))
644 return True;
645 }
646 } else {
647 // ARM
648 ra &= ~3;
649 ra -= 4;
650 if (has_XT_perms(ra)) {
651 UInt a0 = *(UInt*)ra;
652 if (looks_like_ARM_call(a0))
653 return True;
654 }
655 }
656 return False;
657 }
658
VG_(get_StackTrace_wrk)659 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
660 /*OUT*/Addr* ips, UInt max_n_ips,
661 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
662 UnwindStartRegs* startRegs,
663 Addr fp_max_orig )
664 {
665 Bool debug = False;
666 Int i;
667 Addr fp_max;
668 UInt n_found = 0;
669
670 vg_assert(sizeof(Addr) == sizeof(UWord));
671 vg_assert(sizeof(Addr) == sizeof(void*));
672
673 D3UnwindRegs uregs;
674 uregs.r15 = startRegs->r_pc & 0xFFFFFFFE;
675 uregs.r14 = startRegs->misc.ARM.r14;
676 uregs.r13 = startRegs->r_sp;
677 uregs.r12 = startRegs->misc.ARM.r12;
678 uregs.r11 = startRegs->misc.ARM.r11;
679 uregs.r7 = startRegs->misc.ARM.r7;
680 Addr fp_min = uregs.r13;
681
682 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
683 stopping when the trail goes cold, which we guess to be
684 when FP is not a reasonable stack location. */
685
686 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
687 // current page, at least. Dunno if it helps.
688 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
689 fp_max = VG_PGROUNDUP(fp_max_orig);
690 if (fp_max >= sizeof(Addr))
691 fp_max -= sizeof(Addr);
692
693 if (debug)
694 VG_(printf)("\nmax_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
695 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n",
696 max_n_ips, fp_min, fp_max_orig, fp_max,
697 uregs.r15, uregs.r13);
698
699 /* Assertion broken before main() is reached in pthreaded programs; the
700 * offending stack traces only have one item. --njn, 2002-aug-16 */
701 /* vg_assert(fp_min <= fp_max);*/
702 // On Darwin, this kicks in for pthread-related stack traces, so they're
703 // only 1 entry long which is wrong.
704 if (fp_min + 512 >= fp_max) {
705 /* If the stack limits look bogus, don't poke around ... but
706 don't bomb out either. */
707 if (sps) sps[0] = uregs.r13;
708 if (fps) fps[0] = 0;
709 ips[0] = uregs.r15;
710 return 1;
711 }
712
713 /* */
714
715 if (sps) sps[0] = uregs.r13;
716 if (fps) fps[0] = 0;
717 ips[0] = uregs.r15;
718 i = 1;
719
720 /* Loop unwinding the stack. */
721 Bool do_stack_scan = False;
722
723 while (True) {
724 if (debug) {
725 VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n",
726 i, uregs.r15, uregs.r13);
727 }
728
729 if (i >= max_n_ips)
730 break;
731
732 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
733 if (sps) sps[i] = uregs.r13;
734 if (fps) fps[i] = 0;
735 ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1;
736 if (debug)
737 VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n",
738 uregs.r15, uregs.r13);
739 uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1;
740 continue;
741 }
742 /* No luck. We have to give up. */
743 do_stack_scan = True;
744 break;
745 }
746
747 if (0/*DISABLED BY DEFAULT*/ && do_stack_scan && i < max_n_ips && i <= 2) {
748 Int nByStackScan = 0;
749 Addr lr = uregs.r14;
750 Addr sp = uregs.r13 & ~3;
751 Addr pc = uregs.r15;
752 // First see if LR contains
753 // something that could be a valid return address.
754 if (!in_same_fn(lr, pc) && looks_like_RA(lr)) {
755 // take it only if 'cand' isn't obviously a duplicate
756 // of the last found IP value
757 Addr cand = (lr & 0xFFFFFFFE) - 1;
758 if (abs_diff(cand, ips[i-1]) > 1) {
759 if (sps) sps[i] = 0;
760 if (fps) fps[i] = 0;
761 ips[i++] = cand;
762 nByStackScan++;
763 }
764 }
765 while (in_same_page(sp, uregs.r13)) {
766 if (i >= max_n_ips)
767 break;
768 // we're in the same page; fairly safe to keep going
769 UWord w = *(UWord*)(sp & ~0x3);
770 if (looks_like_RA(w)) {
771 Addr cand = (w & 0xFFFFFFFE) - 1;
772 // take it only if 'cand' isn't obviously a duplicate
773 // of the last found IP value
774 if (abs_diff(cand, ips[i-1]) > 1) {
775 if (sps) sps[i] = 0;
776 if (fps) fps[i] = 0;
777 ips[i++] = cand;
778 if (++nByStackScan >= 5) break;
779 }
780 }
781 sp += 4;
782 }
783 }
784
785 n_found = i;
786 return n_found;
787 }
788
789 #endif
790
791 /* ------------------------ s390x ------------------------- */
792
793 #if defined(VGP_s390x_linux)
794
VG_(get_StackTrace_wrk)795 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
796 /*OUT*/Addr* ips, UInt max_n_ips,
797 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
798 UnwindStartRegs* startRegs,
799 Addr fp_max_orig )
800 {
801 Bool debug = False;
802 Int i;
803 Addr fp_max;
804 UInt n_found = 0;
805
806 vg_assert(sizeof(Addr) == sizeof(UWord));
807 vg_assert(sizeof(Addr) == sizeof(void*));
808
809 D3UnwindRegs uregs;
810 uregs.ia = startRegs->r_pc;
811 uregs.sp = startRegs->r_sp;
812 Addr fp_min = uregs.sp;
813 uregs.fp = startRegs->misc.S390X.r_fp;
814 uregs.lr = startRegs->misc.S390X.r_lr;
815
816 fp_max = VG_PGROUNDUP(fp_max_orig);
817 if (fp_max >= sizeof(Addr))
818 fp_max -= sizeof(Addr);
819
820 if (debug)
821 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
822 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n",
823 max_n_ips, fp_min, fp_max_orig, fp_max,
824 uregs.ia, uregs.sp,uregs.fp);
825
826 /* The first frame is pretty obvious */
827 ips[0] = uregs.ia;
828 if (sps) sps[0] = uregs.sp;
829 if (fps) fps[0] = uregs.fp;
830 i = 1;
831
832 /* for everything else we have to rely on the eh_frame. gcc defaults to
833 not create a backchain and all the other tools (like gdb) also have
834 to use the CFI. */
835 while (True) {
836 if (i >= max_n_ips)
837 break;
838
839 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
840 if (sps) sps[i] = uregs.sp;
841 if (fps) fps[i] = uregs.fp;
842 ips[i++] = uregs.ia - 1;
843 uregs.ia = uregs.ia - 1;
844 continue;
845 }
846 /* A problem on the first frame? Lets assume it was a bad jump.
847 We will use the link register and the current stack and frame
848 pointers and see if we can use the CFI in the next round. */
849 if (i == 1) {
850 if (sps) {
851 sps[i] = sps[0];
852 uregs.sp = sps[0];
853 }
854 if (fps) {
855 fps[i] = fps[0];
856 uregs.fp = fps[0];
857 }
858 uregs.ia = uregs.lr - 1;
859 ips[i++] = uregs.lr - 1;
860 continue;
861 }
862
863 /* No luck. We have to give up. */
864 break;
865 }
866
867 n_found = i;
868 return n_found;
869 }
870
871 #endif
872
873 /* ------------------------ mips 32------------------------- */
874
875 #if defined(VGP_mips32_linux)
876
VG_(get_StackTrace_wrk)877 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
878 /*OUT*/Addr* ips, UInt max_n_ips,
879 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
880 UnwindStartRegs* startRegs,
881 Addr fp_max_orig )
882 {
883 Bool debug = False;
884 Int i;
885 Addr fp_max;
886 UInt n_found = 0;
887
888 vg_assert(sizeof(Addr) == sizeof(UWord));
889 vg_assert(sizeof(Addr) == sizeof(void*));
890
891 D3UnwindRegs uregs;
892 uregs.pc = startRegs->r_pc;
893 uregs.sp = startRegs->r_sp;
894 Addr fp_min = uregs.sp;
895
896 uregs.fp = startRegs->misc.MIPS32.r30;
897 uregs.ra = startRegs->misc.MIPS32.r31;
898
899 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
900 stopping when the trail goes cold, which we guess to be
901 when FP is not a reasonable stack location. */
902
903 fp_max = VG_PGROUNDUP(fp_max_orig);
904 if (fp_max >= sizeof(Addr))
905 fp_max -= sizeof(Addr);
906
907 if (debug)
908 VG_(printf)("max_n_ips=%d fp_min=0x%lx fp_max_orig=0x%lx, "
909 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n",
910 max_n_ips, fp_min, fp_max_orig, fp_max,
911 uregs.pc, uregs.sp, uregs.fp);
912
913 if (sps) sps[0] = uregs.sp;
914 if (fps) fps[0] = uregs.fp;
915 ips[0] = uregs.pc;
916 i = 1;
917
918 /* Loop unwinding the stack. */
919
920 while (True) {
921 if (debug) {
922 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
923 i, uregs.pc, uregs.sp, uregs.ra);
924 }
925 if (i >= max_n_ips)
926 break;
927
928 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
929 if (debug)
930 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
931 uregs.pc, uregs.sp, uregs.ra);
932 if (0 == uregs.pc || 1 == uregs.pc) break;
933 if (sps) sps[i] = uregs.sp;
934 if (fps) fps[i] = uregs.fp;
935 ips[i++] = uregs.pc - 4;
936 uregs.pc = uregs.pc - 4;
937 continue;
938 }
939
940 int seen_sp_adjust = 0;
941 long frame_offset = 0;
942 PtrdiffT offset;
943 if (VG_(get_inst_offset_in_function)(uregs.pc, &offset)) {
944 Addr start_pc = uregs.pc - offset;
945 Addr limit_pc = uregs.pc;
946 Addr cur_pc;
947 for (cur_pc = start_pc; cur_pc < limit_pc; cur_pc += 4) {
948 unsigned long inst, high_word, low_word;
949 unsigned long * cur_inst;
950 int reg;
951 /* Fetch the instruction. */
952 cur_inst = (unsigned long *)cur_pc;
953 inst = *((UInt *) cur_inst);
954 if(debug)
955 VG_(printf)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc, inst);
956
957 /* Save some code by pre-extracting some useful fields. */
958 high_word = (inst >> 16) & 0xffff;
959 low_word = inst & 0xffff;
960 reg = high_word & 0x1f;
961
962 if (high_word == 0x27bd /* addiu $sp,$sp,-i */
963 || high_word == 0x23bd /* addi $sp,$sp,-i */
964 || high_word == 0x67bd) { /* daddiu $sp,$sp,-i */
965 if (low_word & 0x8000) /* negative stack adjustment? */
966 frame_offset += 0x10000 - low_word;
967 else
968 /* Exit loop if a positive stack adjustment is found, which
969 usually means that the stack cleanup code in the function
970 epilogue is reached. */
971 break;
972 seen_sp_adjust = 1;
973 }
974 }
975 if(debug)
976 VG_(printf)("offset: 0x%lx\n", frame_offset);
977 }
978 if (seen_sp_adjust) {
979 if (0 == uregs.pc || 1 == uregs.pc) break;
980 if (uregs.pc == uregs.ra - 8) break;
981 if (sps) {
982 sps[i] = uregs.sp + frame_offset;
983 }
984 uregs.sp = uregs.sp + frame_offset;
985
986 if (fps) {
987 fps[i] = fps[0];
988 uregs.fp = fps[0];
989 }
990 if (0 == uregs.ra || 1 == uregs.ra) break;
991 uregs.pc = uregs.ra - 8;
992 ips[i++] = uregs.ra - 8;
993 continue;
994 }
995
996 if (i == 1) {
997 if (sps) {
998 sps[i] = sps[0];
999 uregs.sp = sps[0];
1000 }
1001 if (fps) {
1002 fps[i] = fps[0];
1003 uregs.fp = fps[0];
1004 }
1005 if (0 == uregs.ra || 1 == uregs.ra) break;
1006 uregs.pc = uregs.ra - 8;
1007 ips[i++] = uregs.ra - 8;
1008 continue;
1009 }
1010 /* No luck. We have to give up. */
1011 break;
1012 }
1013
1014 n_found = i;
1015 return n_found;
1016 }
1017
1018 #endif
1019
1020
1021 /*------------------------------------------------------------*/
1022 /*--- ---*/
1023 /*--- END platform-dependent unwinder worker functions ---*/
1024 /*--- ---*/
1025 /*------------------------------------------------------------*/
1026
1027 /*------------------------------------------------------------*/
1028 /*--- Exported functions. ---*/
1029 /*------------------------------------------------------------*/
1030
VG_(get_StackTrace)1031 UInt VG_(get_StackTrace) ( ThreadId tid,
1032 /*OUT*/StackTrace ips, UInt max_n_ips,
1033 /*OUT*/StackTrace sps,
1034 /*OUT*/StackTrace fps,
1035 Word first_ip_delta )
1036 {
1037 /* Get the register values with which to start the unwind. */
1038 UnwindStartRegs startRegs;
1039 VG_(memset)( &startRegs, 0, sizeof(startRegs) );
1040 VG_(get_UnwindStartRegs)( &startRegs, tid );
1041
1042 Addr stack_highest_word = VG_(threads)[tid].client_stack_highest_word;
1043 Addr stack_lowest_word = 0;
1044
1045 # if defined(VGP_x86_linux)
1046 /* Nasty little hack to deal with syscalls - if libc is using its
1047 _dl_sysinfo_int80 function for syscalls (the TLS version does),
1048 then ip will always appear to be in that function when doing a
1049 syscall, not the actual libc function doing the syscall. This
1050 check sees if IP is within that function, and pops the return
1051 address off the stack so that ip is placed within the library
1052 function calling the syscall. This makes stack backtraces much
1053 more useful.
1054
1055 The function is assumed to look like this (from glibc-2.3.6 sources):
1056 _dl_sysinfo_int80:
1057 int $0x80
1058 ret
1059 That is 3 (2+1) bytes long. We could be more thorough and check
1060 the 3 bytes of the function are as expected, but I can't be
1061 bothered.
1062 */
1063 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */
1064 && startRegs.r_pc >= VG_(client__dl_sysinfo_int80)
1065 && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3
1066 && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr),
1067 VKI_PROT_READ)) {
1068 startRegs.r_pc = (ULong) *(Addr*)(UWord)startRegs.r_sp;
1069 startRegs.r_sp += (ULong) sizeof(Addr);
1070 }
1071 # endif
1072
1073 /* See if we can get a better idea of the stack limits */
1074 VG_(stack_limits)( (Addr)startRegs.r_sp,
1075 &stack_lowest_word, &stack_highest_word );
1076
1077 /* Take into account the first_ip_delta. */
1078 startRegs.r_pc += (Long)(Word)first_ip_delta;
1079
1080 if (0)
1081 VG_(printf)("tid %d: stack_highest=0x%08lx ip=0x%010llx "
1082 "sp=0x%010llx\n",
1083 tid, stack_highest_word,
1084 startRegs.r_pc, startRegs.r_sp);
1085
1086 return VG_(get_StackTrace_wrk)(tid, ips, max_n_ips,
1087 sps, fps,
1088 &startRegs,
1089 stack_highest_word);
1090 }
1091
printIpDesc(UInt n,Addr ip,void * uu_opaque)1092 static void printIpDesc(UInt n, Addr ip, void* uu_opaque)
1093 {
1094 #define BUF_LEN 4096
1095
1096 static UChar buf[BUF_LEN];
1097
1098 VG_(describe_IP)(ip, buf, BUF_LEN);
1099
1100 if (VG_(clo_xml)) {
1101 VG_(printf_xml)(" %s\n", buf);
1102 } else {
1103 VG_(message)(Vg_UserMsg, " %s %s\n", ( n == 0 ? "at" : "by" ), buf);
1104 }
1105 }
1106
1107 /* Print a StackTrace. */
VG_(pp_StackTrace)1108 void VG_(pp_StackTrace) ( StackTrace ips, UInt n_ips )
1109 {
1110 vg_assert( n_ips > 0 );
1111
1112 if (VG_(clo_xml))
1113 VG_(printf_xml)(" <stack>\n");
1114
1115 VG_(apply_StackTrace)( printIpDesc, NULL, ips, n_ips );
1116
1117 if (VG_(clo_xml))
1118 VG_(printf_xml)(" </stack>\n");
1119 }
1120
1121 /* Get and immediately print a StackTrace. */
VG_(get_and_pp_StackTrace)1122 void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips )
1123 {
1124 Addr ips[max_n_ips];
1125 UInt n_ips
1126 = VG_(get_StackTrace)(tid, ips, max_n_ips,
1127 NULL/*array to dump SP values in*/,
1128 NULL/*array to dump FP values in*/,
1129 0/*first_ip_delta*/);
1130 VG_(pp_StackTrace)(ips, n_ips);
1131 }
1132
VG_(apply_StackTrace)1133 void VG_(apply_StackTrace)(
1134 void(*action)(UInt n, Addr ip, void* opaque),
1135 void* opaque,
1136 StackTrace ips, UInt n_ips
1137 )
1138 {
1139 Bool main_done = False;
1140 Int i = 0;
1141
1142 vg_assert(n_ips > 0);
1143 do {
1144 Addr ip = ips[i];
1145
1146 // Stop after the first appearance of "main" or one of the other names
1147 // (the appearance of which is a pretty good sign that we've gone past
1148 // main without seeing it, for whatever reason)
1149 if ( ! VG_(clo_show_below_main) ) {
1150 Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ip);
1151 if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind) {
1152 main_done = True;
1153 }
1154 }
1155
1156 // Act on the ip
1157 action(i, ip, opaque);
1158
1159 i++;
1160 } while (i < n_ips && !main_done);
1161
1162 #undef MYBUF_LEN
1163 }
1164
1165
1166 /*--------------------------------------------------------------------*/
1167 /*--- end ---*/
1168 /*--------------------------------------------------------------------*/
1169