| blob | 0ffab17922a61c1d66c365f51e6161cdad677e8f |
1 /* -*- mode: C; c-basic-offset: 3; -*- */
3 /*--------------------------------------------------------------------*/
4 /*--- Top level management of symbols and debugging information. ---*/
5 /*--- debuginfo.c ---*/
6 /*--------------------------------------------------------------------*/
8 /*
9 This file is part of Valgrind, a dynamic binary instrumentation
10 framework.
12 Copyright (C) 2000-2017 Julian Seward
13 jseward@acm.org
15 This program is free software; you can redistribute it and/or
16 modify it under the terms of the GNU General Public License as
17 published by the Free Software Foundation; either version 2 of the
18 License, or (at your option) any later version.
20 This program is distributed in the hope that it will be useful, but
21 WITHOUT ANY WARRANTY; without even the implied warranty of
22 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 General Public License for more details.
25 You should have received a copy of the GNU General Public License
26 along with this program; if not, see <http://www.gnu.org/licenses/>.
28 The GNU General Public License is contained in the file COPYING.
29 */
60 #if defined(VGO_linux) || defined(VGO_solaris) || defined(VGO_freebsd)
64 #elif defined(VGO_darwin)
67 #endif
70 /* Set this to 1 to enable somewhat minimal debug printing for the
71 debuginfo-epoch machinery. */
72 #define DEBUG_EPOCHS 0
75 /*------------------------------------------------------------*/
76 /*--- The _svma / _avma / _image / _bias naming scheme ---*/
77 /*------------------------------------------------------------*/
79 /* JRS 11 Jan 07: I find the different kinds of addresses involved in
80 debuginfo reading confusing. Recently I arrived at some
81 terminology which makes it clearer (to me, at least). There are 3
82 kinds of address used in the debuginfo reading process:
84 stated VMAs - the address where (eg) a .so says a symbol is, that
85 is, what it tells you if you consider the .so in
86 isolation
88 actual VMAs - the address where (eg) said symbol really wound up
89 after the .so was mapped into memory
91 image addresses - pointers into the copy of the .so (etc)
92 transiently mmaped aboard whilst we read its info
94 Additionally I use the term 'bias' to denote the difference
95 between stated and actual VMAs for a given entity.
97 This terminology is not used consistently, but a start has been
98 made. readelf.c and the call-frame info reader in readdwarf.c now
99 use it. Specifically, various variables and structure fields have
100 been annotated with _avma / _svma / _image / _bias. In places _img
101 is used instead of _image for the sake of brevity.
102 */
105 /*------------------------------------------------------------*/
106 /*--- fwdses ---*/
107 /*------------------------------------------------------------*/
112 /*------------------------------------------------------------*/
113 /*--- Epochs ---*/
114 /*------------------------------------------------------------*/
116 /* The DebugInfo epoch is incremented every time we either load debuginfo in
117 response to an object mapping, or an existing DebugInfo becomes
118 non-current (or will be discarded) due to an object unmap. By storing,
119 in each DebugInfo, the first and last epoch for which it is valid, we can
120 unambiguously identify the set of DebugInfos which should be used to
121 provide metadata for a code or data address, provided we know the epoch
122 to which that address pertains.
124 Note, this isn't the same as the "handle_counter" below. That only
125 advances when new DebugInfos are created. "current_epoch" advances both
126 at DebugInfo created and destruction-or-making-non-current.
127 */
129 // The value zero is reserved for indicating an invalid epoch number.
134 }
137 current_epoch++;
141 }
145 }
147 // Is this DebugInfo currently "allocated" (pre-use state, only FSM active) ?
149 {
155 }
156 }
158 // Is this DebugInfo currently "active" (valid for the current epoch) ?
160 {
163 // Yes it is active. Sanity check ..
168 }
169 }
171 // Is this DebugInfo currently "archived" ?
173 {
176 // Yes it is archived. Sanity checks ..
182 }
183 }
185 // Is this DebugInfo valid for the specified epoch?
187 {
188 // Stay sane
196 // Both valid. di is in Archived state.
199 // First is valid, last is invalid. di is in Active state.
201 }
204 // Neither is valid. di is in Allocated state.
206 }
208 }
211 {
213 }
216 /*------------------------------------------------------------*/
217 /*--- Root structure ---*/
218 /*------------------------------------------------------------*/
220 /* The root structure for the entire debug info system. It is a
221 linked list of DebugInfos. */
225 /* Find 'di' in the debugInfo_list and move it one step closer to the
226 front of the list, so as to make subsequent searches for it
227 cheaper. When used in a controlled way, makes a major improvement
228 in some DebugInfo-search-intensive situations, most notably stack
229 unwinding on amd64-linux. */
231 {
244 }
248 /* di0 points to di, di1 to its predecessor, and di2 to di1's
249 predecessor. Swap di0 and di1, that is, move di0 one step
250 closer to the start of the list. */
257 }
258 else
260 /* it's second in the list. */
266 }
267 }
270 // Debugging helper for epochs
272 {
277 current_epoch);
281 }
283 }
284 }
287 /*------------------------------------------------------------*/
288 /*--- Notification (acquire/discard) helpers ---*/
289 /*------------------------------------------------------------*/
291 /* Gives out unique abstract handles for allocated DebugInfos. See
292 comment in priv_storage.h, declaration of struct _DebugInfo, for
293 details. */
296 /* Allocate and zero out a new DebugInfo record. */
297 static
299 {
300 Bool traceme;
314 /* Everything else -- pointers, sizes, arrays -- is zeroed by
315 ML_(dinfo_zalloc). Now set up the debugging-output flags. */
316 traceme
324 }
327 }
330 /* Free a DebugInfo, and also all the stuff hanging off it. */
332 {
353 /* We have to visit all the entries so as to free up any
354 sec_names arrays that might exist. */
360 }
361 /* and finally .. */
363 }
370 /* Delete the two admin arrays. These lists exist primarily so
371 that we can visit each object exactly once when we need to
372 delete them. */
377 /* Dump anything hanging off this ent */
379 }
382 }
389 }
392 }
394 /* Dump the variable info. This is kinda complex: we must take
395 care not to free items which reside in either the admin lists
396 (as we have just freed them) or which reside in the DebugInfo's
397 string table. */
402 /* iterate over all entries in 'scope' */
407 /* for each var in 'arange' */
412 /* Nothing to free in var: all the pointer fields refer
413 to stuff either on an admin list, or in
414 .strpool */
415 }
417 /* Don't free arange itself, as OSetGen_Destroy does
418 that */
419 }
421 }
423 }
426 }
429 /* 'di' is a member of debugInfo_list. Find it, and either (remove it from
430 the list and free all storage reachable from it) or archive it.
431 Notify m_redir that this removal/archiving has happened.
433 Note that 'di' can't be archived. Is a DebugInfo is archived then we
434 want to hold on to it forever. This is asserted for.
436 Note also, we don't advance the current epoch here. That's the
437 responsibility of some (non-immediate) caller.
438 */
440 {
441 /* di->have_dinfo can be False when an object is mapped "ro"
442 and then unmapped before the debug info is loaded.
443 In other words, debugInfo_list might contain many di that have
444 no OS mappings, even if their fsm.maps still contain mappings.
445 Such (left over) mappings can overlap with real mappings.
446 Search for FSMMAPSNOTCLEANEDUP: below for more details. */
447 /* If a di has no dinfo, we can discard even if VG_(clo_keep_debuginfo). */
453 /* If di->have_dinfo, then it must be active! */
457 /* Found it; (remove from list and free it), or archive it. */
469 }
472 }
474 /* Adjust the epoch markers appropriately. */
481 }
483 }
486 }
488 /* Not found. */
489 }
492 /* Repeatedly scan debugInfo_list, looking for DebugInfos with text
493 AVMAs intersecting [start,start+length), and call discard_DebugInfo
494 to get rid of them. This modifies the list, hence the multiple
495 iterations. Returns True iff any such DebugInfos were found.
496 */
498 {
500 Bool found;
516 /* no overlap */
520 }
522 }
527 }
530 }
533 /* Does [s1,+len1) overlap [s2,+len2) ? Note: does not handle
534 wraparound at the end of the address space -- just asserts in that
535 case. */
537 {
543 /* Assert that we don't have wraparound. If we do it would imply
544 that file sections are getting mapped around the end of the
545 address space, which sounds unlikely. */
550 }
552 /*
553 * PJF 2023-09-23
554 *
555 * FreeBSD can perform a temporary mapping when loading exes
556 * and shared libraries. This is seen as a single page mapped
557 * before the ro/rx/rw mappings from the ELF file itself. More
558 * importantly, FreeBSD can reuse that same page when loading
559 * subsequent shared libraries. That means that we see this
560 * page as an overlap. Previously we noted that the mapping
561 * was not fixed and ignored it by returning early from
562 * VG_(di_notify_mmap).
563 *
564 * That works OK in general, but not for the tool itself.
565 * In order to read symbols for the tool, ML_(read_elf_object)
566 * needs to match up the ELF headers with the DebugInfo maps
567 * (populated from the global nsegments array).
568 *
569 * Two possible solutions would be to hack parse_procselfmaps
570 * even more so that it doesn't record the ro segment (is
571 * that info in kve_flags?). The other, which was also my
572 * original fix for this problem, is to just ignore identical
573 * ro mappings for different files on FreeBSD. I'm not certain
574 * that the size is always one page - that could be used to
575 * tighten the check even more.
576 */
578 /* Do the basic mappings of the two DebugInfos overlap in any way? */
580 {
589 #if defined(VGO_freebsd)
595 }
597 }
598 #endif
600 }
601 }
602 }
605 }
608 /* Discard or archive all elements of debugInfo_list whose .mark bit is set.
609 */
611 {
623 }
627 // If |curr| is going to remain in the debugInfo_list, and merely change
628 // state, then we need to clear its mark bit so we don't subsequently
629 // try to archive it again later. Possibly related to #393146.
635 }
636 }
639 /* Discard any elements of debugInfo_list which overlap with diRef.
640 Clearly diRef must have its mapping information set to something sane. */
642 {
645 /* Mark all the DebugInfos in debugInfo_list that need to be
646 deleted. First, clear all the mark bits; then set them if they
647 overlap with siRef. Since siRef itself is in this list we at
648 least expect its own mark bit to be set. */
657 }
658 }
660 }
663 /* Find the existing DebugInfo for |filename| or if not found, create
664 one. In the latter case |filename| is strdup'd into VG_AR_DINFO,
665 and the new DebugInfo is added to debugInfo_list. */
667 {
676 }
682 }
685 }
688 /* Debuginfo reading for 'di' has just been successfully completed.
689 Check that the invariants stated in
690 "Comment_on_IMPORTANT_CFSI_REPRESENTATIONAL_INVARIANTS" in
691 priv_storage.h are observed. */
693 {
700 /* This fn isn't called until after debuginfo for this object has
701 been successfully read. And that shouldn't happen until we have
702 both a r-x and rw- mapping for the object. Hence: */
707 /* We are interested in r-x mappings only */
711 /* degenerate case: r-x section is empty */
716 /* normal case: r-x section is nonempty */
717 /* invariant (0) */
720 /* invariant (1) */
731 }
732 }
734 }
736 /* degenerate case: all r-x sections are empty */
740 }
742 /* invariant (2) */
745 /* It may be that the cfsi range doesn't fit into any one individual
746 mapping, but it is covered by the combination of all the mappings.
747 That's a bit tricky to establish. To do so, create a RangeMap with
748 the cfsi range as the single only non-zero mapping, then zero out all
749 the parts described by di->fsm.maps, and check that there's nothing
750 left. */
757 /* We are interested in r-x mappings only */
762 }
763 /* Typically, the range map contains one single range with value 0,
764 meaning that the cfsi range is entirely covered by the rx mappings.
765 However, in some cases, there are holes in the rx mappings
766 (see BZ #398028).
767 In such a case, check that no cfsi refers to these holes. */
769 // Check the ranges in the map.
777 {
778 // Sanity-check the range-map operation
790 }
792 /* This is a part of cfsi_minavma .. cfsi_maxavma not covered.
793 Check no cfsi overlaps with this range. */
799 }
800 }
801 }
805 }
807 /* invariants (3) and (4) */
819 }
820 }
824 }
825 }
828 /*--------------------------------------------------------------*/
829 /*--- ---*/
830 /*--- TOP LEVEL: INITIALISE THE DEBUGINFO SYSTEM ---*/
831 /*--- ---*/
832 /*--------------------------------------------------------------*/
835 {
836 /* There's actually very little to do here, since everything
837 centers around the DebugInfos in debugInfo_list, they are
838 created and destroyed on demand, and each one is treated more or
839 less independently. */
842 /* flush the debug info caches. */
844 }
847 /*--------------------------------------------------------------*/
848 /*--- ---*/
849 /*--- TOP LEVEL: NOTIFICATION (ACQUIRE/DISCARD INFO) (LINUX) ---*/
850 /*--- ---*/
851 /*--------------------------------------------------------------*/
853 #if defined(VGO_linux) || defined(VGO_darwin) || defined(VGO_solaris) || defined(VGO_freebsd)
855 /* Helper (indirect) for di_notify_ACHIEVE_ACCEPT_STATE */
858 {
864 }
867 /* Helper (indirect) for di_notify_ACHIEVE_ACCEPT_STATE */
868 static void show_DebugInfoMappings
871 {
883 }
884 }
887 /* Helper for di_notify_ACHIEVE_ACCEPT_STATE. This removes overlaps
888 in |maps|, in a fairly weak way, by truncating overlapping ends.
889 This may need to be strengthened in future. Currently it performs
890 a post-fixup check, so as least we can be sure that if this
891 function returns (rather than asserts) that |maps| is overlap
892 free. */
893 static void truncate_DebugInfoMapping_overlaps
896 {
917 /* map_j was observed later than map_i, since the entries are
918 in the XArray in the order in which they were observed.
919 If map_j starts inside map_i, trim map_i's end so it does
920 not overlap map_j. This reflects the reality that when
921 two mmaped areas overlap, the later mmap silently
922 overwrites the earlier mmap's mapping. */
928 }
930 }
931 }
946 Bool overlap
948 /* If the following assert ever fails, it means the de-overlapping
949 scheme above is too weak, and needs improvement. */
951 }
952 }
955 }
958 /* The debug info system is driven by notifications that a text
959 segment has been mapped in, or unmapped, or when sections change
960 permission. It's all a bit kludgey and basically means watching
961 syscalls, trying to second-guess when the system's dynamic linker
962 is done with mapping in a new object for execution. This is all
963 tracked using the DebugInfoFSM struct for the object. Anyway, once
964 we finally decide we've got to an accept state, this section then
965 will acquire whatever info is available for the corresponding
966 object. This section contains the notification handlers, which
967 update the FSM and determine when an accept state has been reached.
968 */
970 /* When the sequence of observations causes a DebugInfoFSM to move
971 into the accept state, call here to actually get the debuginfo read
972 in. Returns a ULong whose purpose is described in comments
973 preceding VG_(di_notify_mmap) just below.
974 */
976 {
977 ULong di_handle;
978 Bool ok;
985 "-------------------------"
990 /* We're going to read symbols and debug info for the avma
991 ranges specified in the _DebugInfoFsm mapping array. First
992 get rid of any other DebugInfos which overlap any of those
993 ranges (to avoid total confusion). But only those valid in
994 the current epoch. We don't want to discard archived DebugInfos. */
997 /* The DebugInfoMappings that now exist in the FSM may involve
998 overlaps. This confuses ML_(read_elf_*), and may cause
999 it to compute wrong biases. So de-overlap them now.
1000 See http://bugzilla.mozilla.org/show_bug.cgi?id=788974 */
1003 /* And acquire new info. */
1004 # if defined(VGO_linux) || defined(VGO_solaris) || defined(VGO_freebsd)
1008 # elif defined(VGO_darwin)
1010 # else
1012 # endif
1018 /* invalidate the debug info caches. */
1020 /* prepare read data for use */
1022 /* Check invariants listed in
1023 Comment_on_IMPORTANT_REPRESENTATIONAL_INVARIANTS in
1024 priv_storage.h. */
1028 // Mark di's first epoch point as a valid epoch. Because its
1029 // last_epoch value is still invalid, this changes di's state from
1030 // "allocated" to "active".
1036 /* notify m_redir about it */
1039 /* Note that we succeeded */
1046 /* Something went wrong (eg. bad ELF file). Should we delete
1047 this DebugInfo? No - it contains info on the rw/rx
1048 mappings, at least. */
1051 }
1056 "-------------------------"
1061 }
1064 /* Notify the debuginfo system about a new mapping. This is the way
1065 new debug information gets loaded.
1067 readelf -e will output something like
1069 Program Headers:
1070 Type Offset VirtAddr PhysAddr
1071 FileSiz MemSiz Flg Align
1072 PHDR 0x0000000000000040 0x0000000000200040 0x0000000000200040
1073 0x0000000000000268 0x0000000000000268 R 0x8
1074 INTERP 0x00000000000002a8 0x00000000002002a8 0x00000000002002a8
1075 0x0000000000000015 0x0000000000000015 R 0x1
1076 [Requesting program interpreter: /libexec/ld-elf.so.1]
1077 LOAD 0x0000000000000000 0x0000000000200000 0x0000000000200000
1078 0x0000000000002acc 0x0000000000002acc R 0x1000
1079 LOAD 0x0000000000002ad0 0x0000000000203ad0 0x0000000000203ad0
1080 0x0000000000004a70 0x0000000000004a70 R E 0x1000
1081 LOAD 0x0000000000007540 0x0000000000209540 0x0000000000209540
1082 0x00000000000001d8 0x00000000000001d8 RW 0x1000
1083 LOAD 0x0000000000007720 0x000000000020a720 0x000000000020a720
1084 0x00000000000002b8 0x00000000000005a0 RW 0x1000
1085 DYNAMIC 0x0000000000007570 0x0000000000209570 0x0000000000209570
1086 0x00000000000001a0 0x00000000000001a0 RW 0x8
1087 GNU_RELRO 0x0000000000007540 0x0000000000209540 0x0000000000209540
1088 0x00000000000001d8 0x00000000000001d8 R 0x1
1089 GNU_EH_FRAME 0x0000000000002334 0x0000000000202334 0x0000000000202334
1090 0x000000000000012c 0x000000000000012c R 0x4
1091 GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
1092 0x0000000000000000 0x0000000000000000 RW 0
1093 NOTE 0x00000000000002c0 0x00000000002002c0 0x00000000002002c0
1094 0x0000000000000048 0x0000000000000048 R 0x4
1096 This function will be called for the "LOAD" segments above.
1098 This function gets called from 2 contexts
1100 "HOST TRIGGERED"
1102 1a. For the tool exe, called from valgrind_main. This is already
1103 mmap'd when the host starts so we look at something like the
1104 /proc filesystem to get the mapping after the event and build
1105 up the NSegments from that.
1107 1b. Then the host loads ld.so and the guest exe. This is done in
1108 the sequence
1109 load_client -> VG_(do_exec) -> VG_(do_exec_inner) ->
1110 exe_handlers->load_fn ( == VG_(load_ELF) )
1111 [or load_MACHO].
1113 This does the mmap'ing and creates the associated NSegments.
1115 The NSegments may get merged, (see maybe_merge_nsegments)
1116 so there could be more PT_LOADs than there are NSegments.
1117 VG_(di_notify_mmap) is called by iterating over the
1118 NSegments
1120 "GUEST TRIGGERED"
1122 2. When the guest loads any further shared libs (valgrind core and
1123 tool preload shared libraries, libc, other dependencies, dlopens)
1124 using mmap. The call will be from ML_(generic_PRE_sys_mmap) or
1125 a platform-specific variation.
1127 There are a few variations for syswraps/platforms.
1129 In this case the NSegment could possibly be merged,
1130 but that is irrelevant because di_notify_mmap is being
1131 called directly on the mmap result.
1133 If allow_SkFileV is True, it will try load debug info if the
1134 mapping at 'a' belongs to Valgrind; whereas normally (False)
1135 it will not do that. This allows us to carefully control when
1136 the thing will read symbols from the Valgrind executable itself.
1138 If use_fd is not -1, that is used instead of the filename; this
1139 avoids perturbing fcntl locks, which are released by simply
1140 re-opening and closing the same file (even via different fd!).
1142 Read-only mappings will be ignored.
1143 There may be 1 or 2 RW mappings.
1144 There will also be 1 RX mapping.
1146 If there is no RX or no RW mapping then we will not attempt to
1147 read debuginfo for the file.
1149 In order to know whether there are 1 or 2 RW mappings we
1150 need to check the ELF headers. And in the case that we
1151 detect 2 RW mappings we need to double check that they
1152 aren't contiguous in memory resulting in merged NSegemnts.
1154 This does not apply to Darwin which just checks the Mach-O header
1156 If a call to VG_(di_notify_mmap) causes debug info to be read, then
1157 the returned ULong is an abstract handle which can later be used to
1158 refer to the debuginfo read as a result of this specific mapping,
1159 in later queries to m_debuginfo. In this case the handle value
1160 will be one or above. If the returned value is zero, no debug info
1161 was read. */
1164 {
1166 Int rw_load_count;
1172 #if defined(VGO_darwin)
1173 SysRes preadres;
1175 #else
1176 Bool elf_ok;
1177 #endif
1180 SysRes statres;
1185 /* In short, figure out if this mapping is of interest to us, and
1186 if so, try to guess what ld.so is doing and when/if we should
1187 read debug info. */
1197 }
1199 /* guaranteed by aspacemgr-linux.c, sane_NSegment() */
1202 /* Ignore non-file mappings */
1207 /* If the file doesn't have a name, we're hosed. Give up. */
1212 /*
1213 * Cannot read from these magic files:
1214 * --20208-- WARNING: Serious error when reading debug info
1215 * --20208-- When reading debug info from /proc/xen/privcmd:
1216 * --20208-- can't read file to inspect ELF header
1217 */
1224 /* Only try to read debug information from regular files. */
1227 /* stat dereferences symlinks, so we don't expect it to succeed and
1228 yet produce something that is a symlink. */
1231 /* Don't let the stat call fail silently. Filter out some known
1232 sources of noise before complaining, though. */
1234 DebugInfo fake_di;
1241 }
1243 }
1245 /* Finally, the point of all this stattery: if it's not a regular file,
1246 don't try to read debug info from it. */
1250 /* no uses of statbuf below here. */
1252 /* Now we have to guess if this is a text-like mapping, a data-like
1253 mapping, neither or both. The rules are:
1255 text if: x86-linux r and x
1256 other-linux r and x and not w
1258 data if: x86-linux r and w
1259 other-linux r and w and not x
1261 Background: On x86-linux, objects are typically mapped twice:
1263 1b8fb000-1b8ff000 r-xp 00000000 08:02 4471477 vgpreload_memcheck.so
1264 1b8ff000-1b900000 rw-p 00004000 08:02 4471477 vgpreload_memcheck.so
1266 whereas ppc32-linux mysteriously does this:
1268 118a6000-118ad000 r-xp 00000000 08:05 14209428 vgpreload_memcheck.so
1269 118ad000-118b6000 ---p 00007000 08:05 14209428 vgpreload_memcheck.so
1270 118b6000-118bd000 rwxp 00000000 08:05 14209428 vgpreload_memcheck.so
1272 The third mapping should not be considered to have executable
1273 code in. Therefore a test which works for both is: r and x and
1274 NOT w. Reading symbols from the rwx segment -- which overlaps
1275 the r-x segment in the file -- causes the redirection mechanism
1276 to redirect to addresses in that third segment, which is wrong
1277 and causes crashes.
1279 JRS 28 Dec 05: unfortunately icc 8.1 on x86 has been seen to
1280 produce executables with a single rwx segment rather than a
1281 (r-x,rw-) pair. That means the rules have to be modified thusly:
1283 x86-linux: consider if r and x
1284 all others: consider if r and x and not w
1286 2009 Aug 16: apply similar kludge to ppc32-linux.
1287 See http://bugs.kde.org/show_bug.cgi?id=190820
1289 There are two modes on s390x: with and without the noexec kernel
1290 parameter. Together with some older kernels, this leads to several
1291 variants:
1292 executable: r and x
1293 data: r and w and x
1294 or
1295 executable: r and x
1296 data: r and w
1297 */
1302 # if defined(VGA_x86) || defined(VGA_ppc32) || defined(VGA_mips32) \
1303 || defined(VGA_mips64) || defined(VGA_nanomips)
1306 # elif defined(VGA_amd64) || defined(VGA_ppc64be) || defined(VGA_ppc64le) \
1307 || defined(VGA_arm) || defined(VGA_arm64)
1310 # elif defined(VGP_s390x_linux)
1313 # else
1315 # endif
1319 # if defined(VGO_solaris)
1322 # endif
1329 /* Ignore mappings with permissions we can't possibly be interested in. */
1333 #if defined(VGO_freebsd)
1334 /* Ignore non-fixed read-only mappings. The dynamic linker may be
1335 * mapping something for its own transient purposes. */
1338 }
1339 #endif
1341 #if defined(VGO_darwin)
1342 /* Peer at the first few bytes of the file, to see if it is an ELF */
1343 /* object file. Ignore the file if we do not have read permission. */
1345 #endif
1348 # if defined(VKI_O_LARGEFILE)
1350 # endif
1356 DebugInfo fake_di;
1359 filename);
1362 }
1364 }
1368 }
1370 #if defined(VGO_darwin)
1374 }
1377 DebugInfo fake_di;
1382 }
1386 #endif
1388 /* We're only interested in mappings of object files. */
1389 # if defined(VGO_linux) || defined(VGO_solaris) || defined(VGO_freebsd)
1397 }
1401 }
1403 # elif defined(VGO_darwin)
1407 # else
1409 # endif
1411 /* See if we have a DebugInfo for this filename. If not,
1412 create one. */
1416 /* Ignore all mappings for this filename once we've read debuginfo for it.
1417 This avoids the confusion of picking up "irrelevant" mappings in
1418 applications which mmap their objects outside of ld.so, for example
1419 Firefox's Gecko profiler.
1421 What happens in that case is: the application maps the object "ro" for
1422 whatever reason. We record the mapping di->fsm.maps. The application
1423 later unmaps the object. However, the mapping is not removed from
1424 di->fsm.maps. Later, when some other (unrelated) object is mapped (via
1425 ld.so) into that address space, we first unload any debuginfo that has a
1426 mapping intersecting that area. That means we will end up incorrectly
1427 unloading debuginfo for the object with the "irrelevant" mappings. This
1428 causes various problems, not least because it can unload the debuginfo
1429 for libc.so and so cause malloc intercepts to become un-intercepted.
1431 This fix assumes that all mappings made once we've read debuginfo for
1432 an object are irrelevant. I think that's OK, but need to check with
1433 mjw/thh. */
1437 "ignoring mapping because we already read debuginfo "
1440 }
1446 /* Note the details about the mapping. */
1447 DebugInfoMapping map;
1451 #if defined(VGO_freebsd)
1453 #endif
1459 /* Update flags about what kind of mappings we've already seen. */
1461 /* This is a bit of a hack, using a Bool as a counter */
1466 /* So, finally, are we in an accept state? */
1471 /* Ok, so, finally, we found what we need, and we haven't
1472 already read debuginfo for this object. So let's do so now.
1473 Yee-ha! */
1480 /* If we don't have an rx and rw mapping, go no further. */
1485 }
1486 }
1488 /* Load DI if it hasn't already been been loaded. */
1490 {
1493 #if defined(VGO_darwin)
1495 #else
1497 #endif
1500 /* Check invariants listed in
1501 Comment_on_IMPORTANT_REPRESENTATIONAL_INVARIANTS in
1502 priv_storage.h. */
1505 }
1506 }
1508 /* Load DI if it has a text segment containing A and DI hasn't already
1509 been loaded. */
1512 {
1520 }
1522 /* Attempt to load DebugInfo with a text segment containing A,
1523 if such a debuginfo hasn't already been loaded. */
1526 {
1532 }
1534 /* Unmap is simpler - throw away any SegInfos intersecting
1535 [a, a+len). */
1537 {
1538 Bool anyFound;
1545 }
1546 }
1549 /* Uh, this doesn't do anything at all. IIRC glibc (or ld.so, I don't
1550 remember) does a bunch of mprotects on itself, and if we follow
1551 through here, it causes the debug info for that object to get
1552 discarded. */
1554 {
1556 # if defined(VGA_x86)
1558 # endif
1564 }
1565 }
1566 }
1569 /* This is a MacOSX >= 10.7 32-bit only special. See comments on the
1570 declaration of struct _DebugInfoFSM for details. */
1572 {
1583 }
1586 # if defined(VGP_x86_darwin) && (DARWIN_VERS >= DARWIN_10_7)
1588 # endif
1594 }
1599 /* Find a DebugInfo containing a FSM that has [a, +len) previously
1600 observed as a r-- mapping, plus some other rw- mapping. If such
1601 is found, conclude we're in an accept state and read debuginfo
1602 accordingly. */
1607 Word i;
1618 /* Try to find a mapping matching the memory area. */
1624 }
1627 /* looks like we're in luck! */
1629 }
1635 di);
1637 /* Do the upgrade. Simply update the flags of the mapping
1638 and pretend we never saw the RO map at all. */
1644 /* See if there are any more ro mappings */
1650 }
1651 }
1653 /* Check if we're now in an accept state and read debuginfo. Finally. */
1660 /* di_handle is ignored. That's not a problem per se -- it just
1661 means nobody will ever be able to refer to this debuginfo by
1662 handle since nobody will know what the handle value is. */
1663 }
1664 }
1667 /*--------- PDB (windows debug info) reading --------- */
1669 /* this should really return ULong, as per VG_(di_notify_mmap). */
1672 {
1677 SysRes sres;
1678 Int fd_pdbimage;
1679 SizeT n_pdbimage;
1685 "LOAD_PDB_DEBUGINFO: clreq: fd=%d, avma=%#lx, total_size=%lu, "
1688 );
1689 }
1691 /* 'fd' refers to the .exe/.dll we're dealing with. Get its modification
1692 time into obj_mtime. */
1699 /* and get its name into exename. */
1709 }
1711 /* Try to get the PDB file name from the executable. */
1715 /* So we successfully extracted a name from the PE file. But it's
1716 likely to be of the form
1717 e:\foo\bar\xyzzy\wibble.pdb
1718 and we need to change it into something we can actually open
1719 in Wine-world, which basically means turning it into
1720 $HOME/.wine/drive_e/foo/bar/xyzzy/wibble.pdb
1721 We also take into account $WINEPREFIX, if it is set.
1722 For the moment, if the name isn't fully qualified, just forget it
1723 (we'd have to root around to find where the pdb actually is)
1724 */
1725 /* Change all the backslashes to forward slashes */
1729 }
1730 Bool is_quald
1737 /* Change e:/foo/bar/xyzzy/wibble.pdb
1738 to $WINEPREFIX/drive_e/foo/bar/xyzzy/wibble.pdb
1739 */
1747 }
1749 /* Change e:/foo/bar/xyzzy/wibble.pdb
1750 to $HOME/.wine/drive_e/foo/bar/xyzzy/wibble.pdb
1751 */
1760 /* It's not a fully qualified path, or neither $HOME nor $WINE
1761 are set (strange). Give up. */
1764 }
1765 }
1767 /* Try s/exe/pdb/ if we don't have a valid pdbname. */
1769 /* Try to find a matching PDB file from which to read debuginfo.
1770 Windows PE files have symbol tables and line number information,
1771 but MSVC doesn't seem to use them. */
1772 /* Why +5 ? Because in the worst case, we could find a dot as the
1773 last character of pdbname, and we'd then put "pdb" right after
1774 it, hence extending it a bit. */
1786 else
1790 }
1792 /* See if we can find it, and check it's in-dateness. */
1796 pdbname);
1800 }
1804 /* PDB file is older than PE file. Really, the PDB should be
1805 newer than the PE, but that doesn't always seem to be the
1806 case. Allow the PDB to be up to one minute older.
1807 Otherwise, it's probably out of date, in which case ignore it
1808 or we will either (a) print wrong stack traces or more likely
1809 (b) crash.
1810 */
1815 }
1821 }
1823 /* Looks promising; go on to try and read stuff from it. But don't
1824 mmap the file. Instead mmap free space and read the file into
1825 it. This is because files on CIFS filesystems that are mounted
1826 '-o directio' can't be mmap'd, and that mount option is needed
1827 to make CIFS work reliably. (See
1828 http://www.nabble.com/Corrupted-data-on-write-to-
1829 Windows-2003-Server-t2782623.html)
1830 This is slower, but at least it works reliably. */
1834 // 0x7FFFFFFF: why? Because the VG_(read) just below only
1835 // can deal with a signed int as the size of data to read,
1836 // so we can't reliably check for read failure for files
1837 // greater than that size. Hence just skip them; we're
1838 // unlikely to encounter a PDB that large anyway.
1841 }
1846 }
1854 }
1859 /* play safe; always invalidate the debug info caches. I don't know if
1860 this is necessary, but anyway .. */
1862 /* dump old info for this range, if any */
1868 /* this di must be new, since we just nuked any old stuff in the range */
1872 /* don't set up any of the di-> fields; let
1873 ML_(read_pdb_debug_info) do it. */
1881 }
1885 /* We cannot make any sense of this pdb, so (force) discard it,
1886 even if VG_(clo_keep_debuginfo) is True. */
1889 // The below will assert if di is not active. Not too sure what
1890 // the state of di in this failed loading state.
1893 }
1897 }
1899 out:
1901 }
1903 #endif /* defined(VGO_linux) || defined(VGO_darwin) || defined(VGO_solaris) || defined(VGO_freebsd) */
1906 /*------------------------------------------------------------*/
1907 /*--- ---*/
1908 /*--- TOP LEVEL: QUERYING EXISTING DEBUG INFO ---*/
1909 /*--- ---*/
1910 /*------------------------------------------------------------*/
1913 {
1921 }
1922 }
1926 {
1927 Word i;
1930 /* Optimization: Try to use the last matched rx mapping first */
1942 }
1943 }
1946 }
1948 /*------------------------------------------------------------*/
1949 /*--- Types and functions for inlined IP cursor ---*/
1950 /*------------------------------------------------------------*/
1958 // Note that not all inlined fn calls in this range
1959 // are necessarily covering eip.
1962 // 0 means to describe eip itself.
1965 // level.
1966 };
1969 {
1971 }
1974 {
1976 }
1979 {
1980 Word i;
1991 }
2001 }
2002 }
2008 else
2012 }
2014 /* Forward */
2018 /* Returns the position after which eip would be inserted in inltab.
2019 (-1 if eip should be inserted before position 0).
2020 This is the highest position with an addr_lo <= eip.
2021 As inltab is sorted on addr_lo, dichotomic search can be done
2022 (note that inltab might have duplicates addr_lo). */
2024 {
2025 Word mid,
2033 }
2036 lo++;
2037 #if 0
2042 #endif
2044 }
2047 {
2049 Word locno;
2050 Word i;
2052 Bool avail;
2057 /* Search the DebugInfo for (ep, eip) */
2062 /* Search the entry in di->inltab with the highest addr_lo that
2063 contains eip. */
2064 /* We start from the highest pos in inltab after which eip would
2065 be inserted. */
2069 }
2070 /* Stop the backward scan when reaching an addr_lo which
2071 cannot anymore contain eip : we know that all ranges before
2072 i also cannot contain eip. */
2075 }
2080 /* We have found the highest entry containing eip.
2081 Build a cursor. */
2090 }
2096 /* MAX_LEVEL is higher than any stored level. We can use
2097 VG_(next_IIPC) to get to the 'real' first highest call level. */
2102 }
2105 {
2108 }
2111 /*------------------------------------------------------------*/
2112 /*--- Use of symbol table & location info to create ---*/
2113 /*--- plausible-looking stack dumps. ---*/
2114 /*------------------------------------------------------------*/
2116 /* Search all symtabs that we know about to locate ptr. If found, set
2117 *pdi to the relevant DebugInfo, and *symno to the symtab entry
2118 *number within that. If not found, *psi is set to NULL.
2119 If findText==True, only text symbols are searched for.
2120 If findText==False, only data symbols are searched for.
2121 */
2124 Bool findText )
2125 {
2126 Word sno;
2128 Bool inRange;
2136 /* Consider any symbol in the r-x mapped area to be text.
2137 See Comment_Regarding_Text_Range_Checks in storage.c for
2138 details. */
2146 ||
2151 ||
2156 ||
2161 ||
2166 }
2176 }
2177 not_found:
2179 }
2182 /* Search all loctabs that we know about to locate ptr at epoch ep. If
2183 *found, set pdi to the relevant DebugInfo, and *locno to the loctab entry
2184 *number within that. If not found, *pdi is set to NULL. */
2187 {
2188 Word lno;
2202 }
2203 }
2204 not_found:
2206 }
2208 /* Caching of queries to symbol names. */
2209 // Prime number, giving about 6Kbytes cache on 32 bits,
2210 // 12Kbytes cache on 64 bits.
2211 #define N_SYM_NAME_CACHE 509
2213 typedef
2215 // (sym_epoch, sym_avma) are the hash table key.
2216 DiEpoch sym_epoch;
2217 Addr sym_avma;
2218 // Fields below here are not part of the key.
2222 }
2223 Sym_Name_CacheEnt;
2224 /* Sym_Name_CacheEnt associates a queried (epoch, address) pair to the sym
2225 name found. By nature, if a sym name was found, it means the searched
2226 address stored in the cache is an avma (see e.g. search_all_symtabs).
2227 Note however that the caller is responsible to work with 'avma' addresses
2228 e.g. when calling VG_(get_fnname) : m_debuginfo.c has no way to
2229 differentiate an 'svma a' from an 'avma a'. It is however unlikely that
2230 svma would percolate outside of this module. */
2235 /* We need a special marker for the address 0 : a not used entry has
2236 a zero sym_avma. So, if ever the 0 address is really queried, we need
2237 to be able to detect there is no sym name for this address.
2238 If on some platforms, 0 is associated to a symbol, the cache would
2239 work properly. */
2244 }
2246 /* The whole point of this whole big deal: map an (epoch, code address) pair
2247 to a plausible symbol name. Returns False if no idea; otherwise True.
2249 Caller supplies buf. If do_cxx_demangling is False, don't do
2250 C++ demangling, regardless of VG_(clo_demangle) -- probably because the
2251 call has come from VG_(get_fnname_raw)(). findText
2252 indicates whether we're looking for a text symbol or a data symbol
2253 -- caller must choose one kind or the other.
2255 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2256 in pub_tool_debuginfo.h
2257 get_sym_name and the fact it calls the demangler is the main reason
2258 for non persistence of the information returned by m_debuginfo.c
2259 functions : the string returned in *BUF is persistent as long as
2260 (1) the DebugInfo it belongs to is not discarded
2261 (2) the demangler is not invoked again
2262 Also, the returned string is owned by "somebody else". Callers must
2263 not free it or modify it. */
2264 static
2266 Bool do_below_main_renaming,
2270 {
2271 // Compute the hash from 'ep' and 'a'. The latter contains lots of
2272 // significant bits, but 'ep' is expected to be a small number, typically
2273 // less than 500. So rotate it around a bit in the hope of spreading the
2274 // bits out somewhat.
2285 Word sno;
2297 }
2298 }
2304 }
2309 /* Do the below-main hack */
2310 // To reduce the endless nuisance of multiple different names
2311 // for "the frame below main()" screwing up the testsuite, change all
2312 // known incarnations of said into a single name, "(below main)", if
2313 // --show-below-main=yes.
2316 {
2318 }
2332 }
2339 }
2342 }
2344 /* ppc64be-linux only: find the TOC pointer (R2 value) that should be in
2345 force at the entry point address of the function containing
2346 guest_code_addr. Returns 0 if not known. */
2348 {
2349 #if defined(VGA_ppc64be) || defined(VGA_ppc64le)
2351 Word sno;
2357 else
2359 #else
2361 #endif
2362 }
2364 /* This is available to tools... always demangle C++ names,
2365 match anywhere in function, but don't show offsets.
2366 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2367 in pub_tool_debuginfo.h */
2369 {
2377 }
2382 {
2385 }
2402 }
2403 }
2405 /* This is available to tools... always demangle C++ names,
2406 match anywhere in function, and show offset if nonzero.
2407 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2408 in pub_tool_debuginfo.h */
2410 {
2418 }
2420 /* This is available to tools... always demangle C++ names,
2421 only succeed if 'a' matches first instruction of function,
2422 and don't show offsets.
2423 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2424 in pub_tool_debuginfo.h */
2426 {
2428 Bool res;
2440 }
2442 /* This is only available to core... don't C++-demangle, don't Z-demangle,
2443 don't rename below-main, match anywhere in function, and don't show
2444 offsets.
2445 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2446 in pub_tool_debuginfo.h */
2448 {
2456 }
2458 /* This is only available to core... don't demangle C++ names, but do
2459 do Z-demangling and below-main-renaming, match anywhere in function, and
2460 don't show offsets.
2461 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2462 in pub_tool_debuginfo.h */
2465 {
2466 // All the callers of VG_(get_fnname_no_cxx_demangle) must build
2467 // the iipc with the same ep as provided to VG_(get_fnname_no_cxx_demangle).
2468 // So, if we have an iipc, iipc->di must be valid in the provided ep.
2469 // Functionally, we could equally use iipc->di->first_epoch or ep, as
2470 // all the inlined fn calls will be described by the same di.
2473 }
2476 // At the bottom (towards main), we describe the fn at eip.
2489 // The function we are in is called by next_inl.
2492 }
2493 }
2495 /* mips-linux only: find the offset of current address. This is needed for
2496 stack unwinding for MIPS.
2497 */
2500 {
2508 offset );
2509 }
2512 {
2517 # if defined(VGO_linux)
2524 # elif defined(VGO_freebsd)
2526 # elif defined(VGO_darwin)
2527 // See readmacho.c for an explanation of this.
2529 # elif defined(VGO_solaris)
2531 # else
2533 # endif
2539 }
2540 }
2543 {
2546 // We don't demangle, because it's faster not to, and the special names
2547 // we're looking for won't be mangled.
2553 }
2554 }
2556 /* Looks up data_addr in the collection of data symbols, and if found
2557 puts a pointer to its name into dname. The name is zero terminated.
2558 Also data_addr's offset from the symbol start is put into *offset.
2559 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2560 in pub_tool_debuginfo.h */
2564 {
2571 offset );
2572 }
2574 /* Map a code address to the name of a shared object file or the
2575 executable. Returns False if no idea; otherwise True.
2576 Note: the string returned in *BUF is persistent as long as
2577 (1) the DebugInfo it belongs to is not discarded
2578 (2) the segment containing the address is not merged with another segment
2579 */
2581 {
2586 /* Look in the debugInfo_list to find the name. In most cases we
2587 expect this to produce a result. */
2597 }
2598 }
2599 /* Last-ditch fallback position: if we don't find the address in
2600 the debugInfo_list, ask the address space manager whether it
2601 knows the name of the file associated with this mapping. This
2602 allows us to print the names of exe/dll files in the stack trace
2603 when running programs under wine.
2605 Restrict this to the case where 'ep' is the current epoch, though, so
2606 that we don't return information about this epoch when the caller was
2607 enquiring about a different one. */
2613 }
2615 }
2617 /* Map a code address to its DebugInfo. Returns NULL if not found. Doesn't
2618 require debug info. */
2620 {
2623 n_search++;
2634 }
2635 }
2637 }
2639 /* Map a code address to a filename. Returns True if successful. The
2640 returned string is persistent as long as the DebugInfo to which it
2641 belongs is not discarded. */
2643 {
2645 Word locno;
2646 UInt fndn_ix;
2654 }
2656 /* Map a code address to a line number. Returns True if successful. */
2658 {
2660 Word locno;
2667 }
2669 /* Map a code address to a filename/line number/dir name info.
2670 See prototype for detailed description of behaviour.
2671 */
2676 {
2678 Word locno;
2679 UInt fndn_ix;
2685 }
2688 }
2695 /* caller wants directory info too .. */
2697 }
2700 }
2703 /* Map a function name to its entry point and toc pointer. Is done by
2704 sequential search of all symbol tables, so is very slow. To
2705 mitigate the worst performance effects, you may specify a soname
2706 pattern, and only objects matching that pattern are searched.
2707 Therefore specify "*" to search all the objects. On TOC-afflicted
2708 platforms, a symbol is deemed to be found only if it has a nonzero
2709 TOC pointer. */
2713 {
2715 Int i;
2718 # if defined(VG_PLAT_USES_PPCTOC)
2720 # endif
2730 }
2738 }
2744 && (require_pToc
2748 }
2749 sec_names++;
2750 }
2751 }
2752 }
2753 }
2755 }
2758 /* VG_(describe_IP): return info on code address, function name and
2759 filename. The returned string is allocated in a static buffer and will
2760 be overwritten in the next invocation. */
2762 /* Copy str into *buf starting at n, ensuring that buf is zero-terminated.
2763 Return the index of the terminating null character. */
2764 static SizeT
2766 {
2774 }
2779 }
2781 /* Same as putStr, but escaping chars for XML output. */
2782 static SizeT
2784 {
2803 }
2804 }
2806 }
2809 {
2812 # define APPEND(_str) \
2813 n = putStr(n, &buf, &bufsiz, _str)
2814 # define APPEND_ESC(_str) \
2815 n = putStrEsc(n, &buf, &bufsiz, _str)
2817 UInt lineno;
2821 // An InlIPCursor is associated with one specific DebugInfo. So if
2822 // it exists, make sure that it is valid for the specified DiEpoch.
2831 Bool know_dirinfo;
2832 Bool know_fnname;
2833 Bool know_objname;
2834 Bool know_srcloc;
2838 else
2842 // At the bottom (towards main), we describe the fn at eip.
2851 // The function we are in is called by next_inl.
2855 // INLINED????
2856 // ??? Can we compute an offset for an inlined fn call ?
2857 // ??? Offset from what ? The beginning of the inl info ?
2858 // ??? But that is not necessarily the beginning of the fn
2859 // ??? as e.g. an inlined fn call can be in several ranges.
2860 // ??? Currently never showing an offset.
2861 }
2866 // The source for the highest level is in the loctab entry.
2871 &lineno
2872 );
2882 // The fndn_ix and lineno for the caller of the inlined fn is in cur_inl.
2891 }
2893 }
2896 }
2904 /* Print in XML format, dumping in as much info as we know.
2905 Ensure all tags are balanced. */
2915 }
2921 }
2928 }
2938 }
2944 /* Print for humans to read */
2945 //
2946 // Possible forms:
2947 //
2948 // 0x80483BF: really (a.c:20)
2949 // 0x80483BF: really (in /foo/a.out)
2950 // 0x80483BF: really (in ???)
2951 // 0x80483BF: ??? (in /foo/a.out)
2952 // 0x80483BF: ??? (a.c:20)
2953 // 0x80483BF: ???
2954 //
2961 }
2964 // Get the directory name, if any, possibly pruned, into dirname.
2967 Int i;
2969 // Remove leading prefixes from the dirname.
2970 // If user supplied --fullpath-after=foo, this will remove
2971 // a leading string which matches '.*foo' (not greedy).
2979 }
2980 }
2981 /* remove leading "./" */
2984 }
2985 // do we have any interesting directory name to show? If so
2986 // add it in.
2990 }
3001 // Nb: do this in two steps because "??)" is a trigraph!
3004 }
3006 }
3009 # undef APPEND
3010 # undef APPEND_ESC
3011 }
3014 /*--------------------------------------------------------------*/
3015 /*--- ---*/
3016 /*--- TOP LEVEL: FOR UNWINDING THE STACK USING ---*/
3017 /*--- DWARF3 .eh_frame INFO ---*/
3018 /*--- ---*/
3019 /*--------------------------------------------------------------*/
3021 /* Note that the CFI machinery pertains to unwinding the stack "right now".
3022 There is no support for unwinding stack images obtained from some time in
3023 the past. That means that:
3025 (1) We only deal with CFI from DebugInfos that are valid for the current
3026 debuginfo epoch. Unlike in the rest of the file, there is no
3027 epoch-awareness.
3029 (2) We assume that the CFI cache will be invalidated every time the the
3030 epoch changes. This is done by ensuring (in the file above) that
3031 every call to advance_current_DiEpoch has a call to
3032 caches__invalidate alongside it.
3033 */
3035 /* Gather up all the constant pieces of info needed to evaluate
3036 a CfiExpr into one convenient struct. */
3037 typedef
3040 Addr min_accessible;
3041 Addr max_accessible;
3042 }
3043 CfiExprEvalContext;
3045 /* Evaluate the CfiExpr rooted at ix in exprs given the context eec.
3046 *ok is set to False on failure, but not to True on success. The
3047 caller must set it to True before calling. */
3049 static
3052 {
3054 Addr a;
3067 }
3068 /*NOTREACHED*/
3088 }
3089 /*NOTREACHED*/
3092 # if defined(VGA_x86) || defined(VGA_amd64)
3096 # elif defined(VGA_arm)
3102 # elif defined(VGA_s390x)
3107 # elif defined(VGA_mips32) || defined(VGA_mips64) \
3108 || defined(VGA_nanomips)
3113 # elif defined(VGA_ppc32) || defined(VGA_ppc64be) \
3114 || defined(VGA_ppc64le)
3115 # elif defined(VGP_arm64_linux)
3119 # else
3121 # endif
3123 }
3124 /*NOTREACHED*/
3134 }
3135 /* let's hope it doesn't trap! */
3139 }
3140 /*NOTREACHED*/
3141 unhandled:
3146 /*NOTREACHED*/
3148 }
3151 /* Search all the DebugInfos in the entire system, to find the DiCfSI_m
3152 that pertains to 'ip'.
3154 If found, set *diP to the DebugInfo in which it resides, and
3155 *cfsi_mP to the cfsi_m pointer in that DebugInfo's cfsi_m_pool.
3157 If not found, set *diP to (DebugInfo*)1 and *cfsi_mP to zero.
3159 Per comments at the top of this section, we only look for CFI in
3160 DebugInfos that are valid for the current epoch.
3161 */
3165 Addr ip )
3166 {
3172 n_search++;
3179 Word j;
3180 n_steps++;
3187 /* Use the per-DebugInfo summary address ranges to skip
3188 inapplicable DebugInfos quickly. */
3194 // This di must be active (because we have explicitly chosen not to
3195 // allow unwinding stacks that pertain to some past epoch). It can't
3196 // be archived or not-yet-active.
3199 /* It might be in this DebugInfo. Search it. */
3206 }
3207 }
3211 /* we didn't find it. */
3217 /* found a di corresponding to ip. */
3218 /* ensure that di is 4-aligned (at least), so it can't possibly
3219 be equal to (DebugInfo*)1. */
3223 // This is a cfsi hole. Report no cfi information found.
3225 // But we will still perform the hack below.
3228 }
3230 /* Start of performance-enhancing hack: once every 64 (chosen
3231 hackily after profiling) successful searches, move the found
3232 DebugInfo one step closer to the start of the list. This
3233 makes future searches cheaper. For starting konqueror on
3234 amd64, this in fact reduces the total amount of searching
3235 done by the above find-the-right-DebugInfo loop by more than
3236 a factor of 20. */
3238 /* Move di one step closer to the start of the list. */
3240 }
3241 /* End of performance-enhancing hack. */
3248 }
3250 }
3253 /* Now follows a mechanism for caching queries to find_DiCfSI, since
3254 they are extremely frequent on amd64-linux, during stack unwinding.
3256 Each cache entry binds an ip value to a (di, cfsi_m*) pair. Possible
3257 values:
3259 di is non-null, cfsi_m* >= 0 ==> cache slot in use, "cfsi_m*"
3260 di is (DebugInfo*)1 ==> cache slot in use, no associated di
3261 di is NULL ==> cache slot not in use
3263 Hence simply zeroing out the entire cache invalidates all
3264 entries.
3266 We can map an ip value directly to a (di, cfsi_m*) pair as
3267 once a DebugInfo is read, adding new DiCfSI_m* is not possible
3268 anymore, as the cfsi_m_pool is frozen once the reading is terminated.
3269 Also, the cache is invalidated when new debuginfo is read due to
3270 an mmap or some debuginfo is discarded due to an munmap. */
3272 // Prime number, giving about 6Kbytes cache on 32 bits,
3273 // 12Kbytes cache on 64 bits.
3274 #define N_CFSI_M_CACHE 509
3276 typedef
3278 CFSI_m_CacheEnt;
3284 }
3287 {
3290 # ifdef N_Q_M_STATS
3292 n_q++;
3295 # endif
3298 /* found an entry in the cache .. */
3300 /* not found in cache. Search and update. */
3301 # ifdef N_Q_M_STATS
3302 n_m++;
3303 # endif
3306 }
3309 /* no DiCfSI for this address */
3312 /* found a DiCfSI for this address */
3314 }
3315 }
3318 {
3320 }
3324 inline
3328 {
3329 CfiExprEvalContext eec;
3330 Addr cfa;
3331 Bool ok;
3333 /* Compute the CFA. */
3336 # if defined(VGA_x86) || defined(VGA_amd64)
3343 # elif defined(VGA_arm)
3356 # elif defined(VGA_s390x)
3361 {
3367 }
3374 # elif defined(VGA_mips32) || defined(VGA_mips64) || defined(VGA_nanomips)
3384 # elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
3385 # elif defined(VGP_arm64_linux)
3392 # else
3394 # endif
3400 }
3410 }
3412 }
3415 /* Get the call frame address (CFA) given an IP/SP/FP triple. */
3416 /* NOTE: This function may rearrange the order of entries in the
3417 DebugInfo list. */
3420 {
3428 /* Temporary impedance-matching kludge so that this keeps working
3429 on x86-linux and amd64-linux. */
3430 # if defined(VGA_x86) || defined(VGA_amd64)
3437 }
3438 #elif defined(VGA_s390x)
3443 /* JRS FIXME 3 Apr 2019: surely we can do better for f0..f7 */
3454 }
3455 #elif defined(VGA_mips32) || defined(VGA_mips64)
3462 }
3464 # else
3466 # endif
3467 }
3470 {
3473 Addr ce_from;
3480 from++;
3493 }
3496 }
3497 }
3498 }
3501 /* The main function for DWARF2/3 CFI-based stack unwinding. Given a
3502 set of registers in UREGS, modify it to hold the register values
3503 for the previous frame, if possible. Returns True if successful.
3504 If not successful, *UREGS is not changed.
3506 For x86 and amd64, the unwound registers are: {E,R}IP,
3507 {E,R}SP, {E,R}BP.
3509 For arm, the unwound registers are: R7 R11 R12 R13 R14 R15.
3511 For arm64, the unwound registers are: X29(FP) X30(LR) SP PC.
3513 For s390, the unwound registers are: R11(FP) R14(LR) R15(SP) F0..F7 PC.
3514 */
3516 Addr min_accessible,
3517 Addr max_accessible )
3518 {
3524 D3UnwindRegs uregsPrev;
3526 # if defined(VGA_x86) || defined(VGA_amd64)
3528 # elif defined(VGA_arm)
3530 # elif defined(VGA_s390x)
3532 # elif defined(VGA_mips32) || defined(VGA_mips64) || defined(VGA_nanomips)
3534 # elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
3535 # elif defined(VGP_arm64_linux)
3537 # else
3539 # endif
3551 }
3555 /* First compute the CFA. */
3561 /* Now we know the CFA, use it to roll back the registers we're
3562 interested in. */
3564 # if defined(VGA_mips64) && defined(VGABI_N32)
3565 # define READ_REGISTER(addr) ML_(read_ULong)((addr))
3566 # else
3567 # define READ_REGISTER(addr) ML_(read_Addr)((addr))
3568 # endif
3570 # if defined(VGA_s390x)
3580 # else
3590 # endif
3592 # define COMPUTE(_prev, _here, _how, _off) \
3593 do { \
3594 switch (_how) { \
3595 case CFIR_UNKNOWN: \
3596 return False; \
3597 case CFIR_SAME: \
3598 _prev = _here; break; \
3599 case CFIR_MEMCFAREL: { \
3600 Addr a = cfa + (Word)_off; \
3601 if (a < min_accessible \
3602 || a > max_accessible-sizeof(Addr)) \
3603 return False; \
3604 _prev = READ_REGISTER((void *)a); \
3605 break; \
3606 } \
3607 case CFIR_CFAREL: \
3608 _prev = cfa + (Word)_off; \
3609 break; \
3610 case CFIR_EXPR: \
3611 if (0) \
3612 ML_(ppCfiExpr)(di->cfsi_exprs,_off); \
3613 eec.uregs = uregsHere; \
3614 eec.min_accessible = min_accessible; \
3615 eec.max_accessible = max_accessible; \
3616 Bool ok = True; \
3617 _prev = evalCfiExpr(di->cfsi_exprs, _off, &eec, &ok ); \
3618 if (!ok) return False; \
3619 break; \
3620 case CFIR_S390X_F0: \
3621 if (is_s390x) { _prev = old_S390X_F0; break; } \
3622 vg_assert(0+0-0); \
3623 case CFIR_S390X_F1: \
3624 if (is_s390x) { _prev = old_S390X_F1; break; } \
3625 vg_assert(0+1-1); \
3626 case CFIR_S390X_F2: \
3627 if (is_s390x) { _prev = old_S390X_F2; break; } \
3628 vg_assert(0+2-2); \
3629 case CFIR_S390X_F3: \
3630 if (is_s390x) { _prev = old_S390X_F3; break; } \
3631 vg_assert(0+3-3); \
3632 case CFIR_S390X_F4: \
3633 if (is_s390x) { _prev = old_S390X_F4; break; } \
3634 vg_assert(0+4-4); \
3635 case CFIR_S390X_F5: \
3636 if (is_s390x) { _prev = old_S390X_F5; break; } \
3637 vg_assert(0+5-5); \
3638 case CFIR_S390X_F6: \
3639 if (is_s390x) { _prev = old_S390X_F6; break; } \
3640 vg_assert(0+6-6); \
3641 case CFIR_S390X_F7: \
3642 if (is_s390x) { _prev = old_S390X_F7; break; } \
3643 vg_assert(0+7-7); \
3644 default: \
3645 vg_assert(0*0); \
3646 } \
3647 } while (0)
3649 # if defined(VGA_x86) || defined(VGA_amd64)
3653 # elif defined(VGA_arm)
3660 # elif defined(VGA_s390x)
3672 # elif defined(VGA_mips32) || defined(VGA_mips64) || defined(VGA_nanomips)
3676 # elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
3677 # elif defined(VGP_arm64_linux)
3682 # else
3684 # endif
3686 # undef READ_REGISTER
3687 # undef COMPUTE
3691 }
3694 /*--------------------------------------------------------------*/
3695 /*--- ---*/
3696 /*--- TOP LEVEL: FOR UNWINDING THE STACK USING ---*/
3697 /*--- MSVC FPO INFO ---*/
3698 /*--- ---*/
3699 /*--------------------------------------------------------------*/
3704 DiEpoch ep,
3705 Addr min_accessible,
3706 Addr max_accessible )
3707 {
3708 Word i;
3711 Addr spHere;
3715 n_search++;
3720 n_steps++;
3725 /* Use the per-DebugInfo summary address ranges to skip
3726 inapplicable DebugInfos quickly. */
3734 Word j;
3736 /* debug printing only */
3742 }
3746 }
3747 }
3758 /* Start of performance-enhancing hack: once every 64 (chosen
3759 hackily after profiling) successful searches, move the found
3760 DebugInfo one step closer to the start of the list. This makes
3761 future searches cheaper. For starting konqueror on amd64, this
3762 in fact reduces the total amount of searching done by the above
3763 find-the-right-DebugInfo loop by more than a factor of 20. */
3765 /* Move si one step closer to the start of the list. */
3766 //move_DebugInfo_one_step_forward( di );
3767 }
3768 /* End of performance-enhancing hack. */
3772 //ML_(ppFPO)(fpo);
3773 }
3775 /*
3776 Stack layout is:
3777 %esp->
3778 4*.cbRegs {%edi, %esi, %ebp, %ebx}
3779 4*.cdwLocals
3780 return_pc
3781 4*.cdwParams
3782 prior_%esp->
3784 Typical code looks like:
3785 sub $4*.cdwLocals,%esp
3786 Alternative to above for >=4KB (and sometimes for smaller):
3787 mov $size,%eax
3788 call __chkstk # WinNT performs page-by-page probe!
3789 __chkstk is much like alloc(), except that on return
3790 %eax= 5+ &CALL. Thus it could be used as part of
3791 Position Independent Code to locate the Global Offset Table.
3792 push %ebx
3793 push %ebp
3794 push %esi
3795 Other once-only instructions often scheduled >here<.
3796 push %edi
3798 If the pc is within the first .cbProlog bytes of the function,
3799 then you must disassemble to see how many registers have been pushed,
3800 because instructions in the prolog may be scheduled for performance.
3801 The order of PUSH is always %ebx, %ebp, %esi, %edi, with trailing
3802 registers not pushed when .cbRegs < 4. This seems somewhat strange
3803 because %ebp is the register whose usage you want to minimize,
3804 yet it is in the first half of the PUSH list.
3806 I don't know what happens when the compiler constructs an outgoing CALL.
3807 %esp could move if outgoing parameters are PUSHed, and this affects
3808 traceback for errors during the PUSHes. */
3817 }
3820 {
3825 }
3827 }
3830 /*--------------------------------------------------------------*/
3831 /*--- ---*/
3832 /*--- TOP LEVEL: GENERATE DESCRIPTION OF DATA ADDRESSES ---*/
3833 /*--- FROM DWARF3 DEBUG INFO ---*/
3834 /*--- ---*/
3835 /*--------------------------------------------------------------*/
3837 /* Try to make p2XA(dst, fmt, args..) turn into
3838 VG_(xaprintf)(dst, fmt, args) without having to resort to
3839 vararg macros. As usual with everything to do with varargs, it's
3840 an ugly hack.
3842 //#define p2XA(dstxa, format, args...)
3843 // VG_(xaprintf)(dstxa, format, ##args)
3844 */
3845 #define p2XA VG_(xaprintf)
3847 /* Add a zero-terminating byte to DST, which must be an XArray* of
3848 HChar. */
3850 {
3853 }
3856 /* Evaluate the location expression/list for var, to see whether or
3857 not data_addr falls within the variable. If so also return the
3858 offset of data_addr from the start of the variable. Note that
3859 regs, which supplies ip,sp,fp values, will be NULL for global
3860 variables, and non-NULL for local variables. */
3865 Addr data_addr,
3867 {
3868 MaybeULong mul;
3869 SizeT var_szB;
3870 GXResult res;
3876 /* Figure out how big the variable is. */
3878 /* If this var has a type whose size is unknown, zero, or
3879 impossibly large, it should never have been added. ML_(addVar)
3880 should have rejected it. */
3884 /* After this point, we assume we can truncate mul.ul to a host word
3885 safely (without loss of info). */
3894 }
3896 /* ignore zero-sized vars; they can never match anything. */
3901 }
3909 }
3918 }
3919 }
3922 /* Format the acquired information into DN(AME)1 and DN(AME)2, which
3923 are XArray*s of HChar, that have been initialised by the caller.
3924 Resulting strings will be zero terminated. Information is
3925 formatted in an understandable way. Not so easy. If frameNo is
3926 -1, this is assumed to be a global variable; else a local
3927 variable. */
3930 Addr data_addr,
3933 PtrdiffT var_offset,
3934 PtrdiffT residual_offset,
3936 Int frameNo,
3937 ThreadId tid )
3938 {
3946 // fileName will be "???" if var->fndn_ix == 0.
3947 // fileName will only be used if have_descr is True.
3951 }
3954 }
3957 }
3972 }
3981 /* ------ local cases ------ */
3984 /* no srcloc, no description:
3985 Location 0x7fefff6cf is 543 bytes inside local var "a",
3986 in frame #1 of thread 1
3987 */
4004 }
4005 }
4006 else
4008 /* no description:
4009 Location 0x7fefff6cf is 543 bytes inside local var "a"
4010 declared at dsyms7.c:17, in frame #1 of thread 1
4011 */
4024 // FIXME: also do <dir>
4036 }
4037 }
4038 else
4040 /* no srcloc:
4041 Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2
4042 in frame #1 of thread 1
4043 */
4062 }
4063 }
4064 else
4066 /* Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2,
4067 declared at dsyms7.c:17, in frame #1 of thread 1 */
4081 // FIXME: also do <dir>
4094 }
4095 }
4096 else
4097 /* ------ global cases ------ */
4099 /* no srcloc, no description:
4100 Location 0x7fefff6cf is 543 bytes inside global var "a"
4101 */
4112 }
4113 }
4114 else
4116 /* no description:
4117 Location 0x7fefff6cf is 543 bytes inside global var "a"
4118 declared at dsyms7.c:17
4119 */
4132 // FIXME: also do <dir>
4144 }
4145 }
4146 else
4148 /* no srcloc:
4149 Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2,
4150 a global variable
4151 */
4170 }
4171 }
4172 else
4174 /* Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2,
4175 a global variable declared at dsyms7.c:17 */
4189 // FIXME: also do <dir>
4202 }
4203 }
4204 else
4207 /* Zero terminate both strings */
4211 # undef TAGL
4212 # undef TAGR
4213 # undef XAGL
4214 # undef XAGR
4215 # undef TXTL
4216 # undef TXTR
4217 }
4220 /* Determine if data_addr is a local variable in the frame
4221 characterised by (ip,sp,fp), and if so write its description at the
4222 ends of DNAME{1,2}, which are XArray*s of HChar, that have been
4223 initialised by the caller, zero terminate both, and return True.
4224 If it's not a local variable in said frame, return False. */
4225 static
4228 DiEpoch ep,
4229 Addr data_addr,
4231 /* shown to user: */
4233 {
4234 Word i;
4236 RegSummary regs;
4241 n_search++;
4244 /* first, find the DebugInfo that pertains to 'ip'. */
4246 n_steps++;
4249 /* text segment missing? unlikely, but handle it .. */
4252 /* Ok. So does this text mapping bracket the ip? */
4255 }
4257 /* Didn't find it. Strange -- means ip is a code address outside
4258 of any mapped text segment. Unlikely but not impossible -- app
4259 could be generating code to run. */
4267 /* Start of performance-enhancing hack: once every ??? (chosen
4268 hackily after profiling) successful searches, move the found
4269 DebugInfo one step closer to the start of the list. This makes
4270 future searches cheaper. */
4272 /* Move si one step closer to the start of the list. */
4274 }
4275 /* End of performance-enhancing hack. */
4277 /* any var info at all? */
4281 /* Work through the scopes from most deeply nested outwards,
4282 looking for code address ranges that bracket 'ip'. The
4283 variables on each such address range found are in scope right
4284 now. Don't descend to level zero as that is the global
4285 scope. */
4290 /* "for each scope, working outwards ..." */
4293 Word j;
4295 OSet* this_scope
4301 /* Find the set of variables in this scope that
4302 bracket the program counter. */
4306 );
4309 /* stay sane */
4311 /* It must bracket the ip we asked for, else
4312 ML_(cmp_for_DiAddrRange_range) is somehow broken. */
4314 /* It must have an attached XArray of DiVariables. */
4317 /* But it mustn't cover the entire address range. We only
4318 expect that to happen for the global scope (level 0), which
4319 we're not looking at here. Except, it may cover the entire
4320 address range, but in that case the vars array must be
4321 empty. */
4327 PtrdiffT offset;
4343 }
4344 }
4345 }
4348 }
4350 /* Try to form some description of DATA_ADDR by looking at the DWARF3
4351 debug info we have. This considers all global variables, and 8
4352 frames in the stacks of all threads. Result is written at the ends
4353 of DNAME{1,2}V, which are XArray*s of HChar, that have been
4354 initialised by the caller, and True is returned. If no description
4355 is created, False is returned. Regardless of the return value,
4356 DNAME{1,2}V are guaranteed to be zero terminated after the call.
4358 Note that after the call, DNAME{1,2} may have more than one
4359 trailing zero, so callers should establish the useful text length
4360 using VG_(strlen) on the contents, rather than VG_(sizeXA) on the
4361 XArray itself.
4362 */
4366 DiEpoch ep, Addr data_addr
4367 )
4368 {
4369 # define N_FRAMES 8
4371 UInt n_frames;
4374 ThreadId tid;
4375 Bool found;
4377 Word j;
4380 /* First, see if data_addr is (or is part of) a global variable.
4381 Loop over the DebugInfos we have. Check data_addr against the
4382 outermost scope of all of them, as that should be a global
4383 scope. */
4386 Word gs_size;
4387 Addr zero;
4389 Word i;
4392 /* text segment missing? unlikely, but handle it .. */
4395 /* any var info at all? */
4398 /* perhaps this object didn't contribute any vars at all? */
4404 /* The global scope might be completely empty if this
4405 compilation unit declared locals but nothing global. */
4408 /* But if it isn't empty, then it must contain exactly one
4409 element, which covers the entire address range. */
4411 /* Fish out the global scope and check it is as expected. */
4413 global_arange
4415 /* The global range from (Addr)0 to ~(Addr)0 must exist */
4419 /* Any vars in this range? */
4422 /* Ok, there are some vars in the global scope of this
4423 DebugInfo. Wade through them and see if the data addresses
4424 of any of them bracket data_addr. */
4427 PtrdiffT offset;
4430 /* Note we use a NULL RegSummary* here. It can't make any
4431 sense for a global variable to have a location expression
4432 which depends on a SP/FP/IP value. So don't supply any.
4433 This means, if the evaluation of the location
4434 expression/list requires a register, we have to let it
4435 fail. */
4446 VG_INVALID_THREADID );
4451 }
4452 }
4453 }
4455 /* Ok, well it's not a global variable. So now let's snoop around
4456 in the stacks of all the threads. First try to figure out which
4457 thread's stack data_addr is in. */
4459 /* Perhaps it's on a thread's stack? */
4469 }
4470 }
4475 }
4477 /* We conclude data_addr is in thread tid's stack. Unwind the
4478 stack to get a bunch of (ip,sp,fp) triples describing the
4479 frames, and for each frame, consider the local variables. */
4492 }
4493 /* Now, it appears that gcc sometimes appears to produce
4494 location lists whose ranges don't actually cover the call
4495 instruction, even though the address of the variable in
4496 question is passed as a parameter in the call. AFAICS this
4497 is simply a bug in gcc - how can the variable be claimed not
4498 exist in memory (on the stack) for the duration of a call in
4499 which its address is passed? But anyway, in the particular
4500 case I investigated (memcheck/tests/varinfo6.c, call to croak
4501 on line 2999, local var budget declared at line 3115
4502 appearing not to exist across the call to mainSort on line
4503 3143, "gcc.orig (GCC) 3.4.4 20050721 (Red Hat 3.4.4-2)" on
4504 amd64), the variable's location list does claim it exists
4505 starting at the first byte of the first instruction after the
4506 call instruction. So, call consider_vars_in_frame a second
4507 time, but this time add 1 to the IP. GDB handles this
4508 example with no difficulty, which leads me to believe that
4509 either (1) I misunderstood something, or (2) GDB has an
4510 equivalent kludge. */
4519 }
4520 }
4522 /* We didn't find anything useful. */
4526 # undef N_FRAMES
4527 }
4530 //////////////////////////////////////////////////////////////////
4531 // //
4532 // Support for other kinds of queries to the Dwarf3 var info //
4533 // //
4534 //////////////////////////////////////////////////////////////////
4536 /* Figure out if the variable 'var' has a location that is linearly
4537 dependent on a stack pointer value, or a frame pointer value, and
4538 if it is, add a description of it to 'blocks'. Otherwise ignore
4539 it. If 'arrays_only' is True, also ignore it unless it has an
4540 array type. */
4542 static
4546 Bool arrays_only )
4547 {
4549 RegSummary regs;
4550 MaybeULong mul;
4551 Bool isVec;
4558 /* Figure out how big the variable is. */
4560 /* If this var has a type whose size is unknown, zero, or
4561 impossibly large, it should never have been added. ML_(addVar)
4562 should have rejected it. */
4566 /* After this point, we assume we can truncate mul.ul to a host word
4567 safely (without loss of info). */
4569 /* skip if non-array and we're only interested in arrays */
4582 /* Do some test evaluations of the variable's location expression,
4583 in order to guess whether it is sp-relative, fp-relative, or
4584 none. A crude hack, which can be interpreted roughly as finding
4585 the first derivative of the location expression w.r.t. the
4586 supplied frame and stack pointer values. */
4612 StackBlock block;
4613 GXResult res;
4620 /* depends neither on sp nor fp, so it can't be a stack
4621 local. Ignore it. */
4622 }
4623 else
4641 }
4642 else
4660 }
4663 }
4664 }
4665 }
4668 /* Get an XArray of StackBlock which describe the stack (auto) blocks
4669 for this ip. The caller is expected to free the XArray at some
4670 point. If 'arrays_only' is True, only array-typed blocks are
4671 returned; otherwise blocks of all types are returned. */
4675 {
4676 /* This is a derivation of consider_vars_in_frame() above. */
4677 Word i;
4687 n_search++;
4690 /* first, find the DebugInfo that pertains to 'ip'. */
4692 n_steps++;
4693 /* text segment missing? unlikely, but handle it .. */
4696 /* Ok. So does this text mapping bracket the ip? */
4699 }
4701 /* Didn't find it. Strange -- means ip is a code address outside
4702 of any mapped text segment. Unlikely but not impossible -- app
4703 could be generating code to run. */
4711 /* Start of performance-enhancing hack: once every ??? (chosen
4712 hackily after profiling) successful searches, move the found
4713 DebugInfo one step closer to the start of the list. This makes
4714 future searches cheaper. */
4716 /* Move si one step closer to the start of the list. */
4718 }
4719 /* End of performance-enhancing hack. */
4721 /* any var info at all? */
4725 /* Work through the scopes from most deeply nested outwards,
4726 looking for code address ranges that bracket 'ip'. The
4727 variables on each such address range found are in scope right
4728 now. Don't descend to level zero as that is the global
4729 scope. */
4731 /* "for each scope, working outwards ..." */
4734 Word j;
4736 OSet* this_scope
4742 /* Find the set of variables in this scope that
4743 bracket the program counter. */
4747 );
4750 /* stay sane */
4752 /* It must bracket the ip we asked for, else
4753 ML_(cmp_for_DiAddrRange_range) is somehow broken. */
4755 /* It must have an attached XArray of DiVariables. */
4758 /* But it mustn't cover the entire address range. We only
4759 expect that to happen for the global scope (level 0), which
4760 we're not looking at here. Except, it may cover the entire
4761 address range, but in that case the vars array must be
4762 empty. */
4773 }
4774 }
4777 }
4780 /* Get an array of GlobalBlock which describe the global blocks owned
4781 by the shared object characterised by the given di_handle. Asserts
4782 if the handle is invalid. The caller is responsible for freeing
4783 the array at some point. If 'arrays_only' is True, only
4784 array-typed blocks are returned; otherwise blocks of all types are
4785 returned. */
4789 {
4790 /* This is a derivation of consider_vars_in_frame() above. */
4796 /* The first thing to do is find the DebugInfo that
4797 pertains to 'di_handle'. */
4802 }
4804 /* If this fails, we were unable to find any DebugInfo with the
4805 given handle. This is considered an error on the part of the
4806 caller. */
4809 /* we'll put the collected variables in here. */
4813 /* any var info at all? */
4817 /* we'll iterate over all the variables we can find, even if
4818 it seems senseless to visit stack-allocated variables */
4819 /* Iterate over all scopes */
4823 /* Iterate over each (code) address range at the current scope */
4831 /* Iterate over each variable in the current address range */
4837 Bool isVec;
4838 GXResult res;
4839 MaybeULong mul;
4840 GlobalBlock gb;
4846 /* Now figure out if this variable has a constant address
4847 (that is, independent of FP, SP, phase of moon, etc),
4848 and if so, what the address is. Any variable with a
4849 constant address is deemed to be a global so we collect
4850 it. */
4855 /* Not a constant address => not interesting */
4859 }
4861 /* Ok, it's a constant address. See if we want to collect
4862 it. */
4865 /* Figure out how big the variable is. */
4868 /* If this var has a type whose size is unknown, zero, or
4869 impossibly large, it should never have been added.
4870 ML_(addVar) should have rejected it. */
4874 /* After this point, we assume we can truncate mul.ul to a
4875 host word safely (without loss of info). */
4877 /* skip if non-array and we're only interested in
4878 arrays */
4889 /* Ok, so collect it! */
4913 }
4916 /*------------------------------------------------------------*/
4917 /*--- DebugInfo accessor functions ---*/
4918 /*------------------------------------------------------------*/
4921 {
4925 }
4928 {
4930 }
4933 {
4935 }
4938 {
4940 }
4943 {
4945 }
4948 {
4950 }
4953 {
4955 }
4958 {
4960 }
4963 {
4965 }
4968 {
4970 }
4973 {
4975 }
4978 {
4980 }
4983 {
4985 }
4988 {
4990 }
4993 {
4995 }
4998 Int idx,
5006 {
5015 }
5018 /*------------------------------------------------------------*/
5019 /*--- SectKind query functions ---*/
5020 /*------------------------------------------------------------*/
5022 /* Convert a VgSectKind to a string, which must be copied if you want
5023 to change it. */
5025 {
5036 }
5037 }
5039 /* Given an address 'a', make a guess of which section of which object
5040 it comes from. If name is non-NULL, then the object's name is put
5041 in *name. The returned name, if any, should be saved away, if there is
5042 a chance that a debug-info will be discarded and the name is being
5043 used later on. */
5045 {
5053 "addr=%#lx di=%p %s got=%#lx,%lu plt=%#lx,%lu "
5066 }
5072 }
5078 }
5084 }
5090 }
5096 }
5102 }
5108 }
5114 }
5115 /* we could also check for .eh_frame, if anyone really cares */
5116 }
5126 }
5127 }
5131 }
5136 {
5138 }
5143 debuginfo_generation++;
5144 }
5146 #if defined(VGO_freebsd)
5147 /*
5148 * Used by FreeBSD if we detect a syscall cap_enter. That
5149 * means capability mode, and lots of things won't work any more.
5150 * Like opening new file handles. So try to make the most of a bad job
5151 * and read all debuginfo in one go.
5152 */
5154 {
5157 }
5158 }
5159 #endif
5161 /*--------------------------------------------------------------------*/
5162 /*--- end ---*/
5163 /*--------------------------------------------------------------------*/