search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
-> 3.17.0 final.
[valgrind.git] / coregrind / m_stacktrace.c
blobd26280cc909aa6ecee5089ffd9d1085cdd8ce405
1
2 /*--------------------------------------------------------------------*/
3 /*--- Take snapshots of client stacks. m_stacktrace.c ---*/
4 /*--------------------------------------------------------------------*/
5
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
9
10 Copyright (C) 2000-2017 Julian Seward
11 jseward@acm.org
12
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
17
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
22
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, see <http://www.gnu.org/licenses/>.
25
26 The GNU General Public License is contained in the file COPYING.
27 */
28
29 #include "pub_core_basics.h"
30 #include "pub_core_vki.h"
31 #include "pub_core_threadstate.h"
32 #include "pub_core_debuginfo.h" // XXX: circular dependency
33 #include "pub_core_aspacemgr.h" // For VG_(is_addressable)()
34 #include "pub_core_libcbase.h"
35 #include "pub_core_libcassert.h"
36 #include "pub_core_libcprint.h"
37 #include "pub_core_machine.h"
38 #include "pub_core_options.h"
39 #include "pub_core_stacks.h" // VG_(stack_limits)
40 #include "pub_core_stacktrace.h"
41 #include "pub_core_syswrap.h" // VG_(is_in_syscall)
42 #include "pub_core_xarray.h"
43 #include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80)
44 #include "pub_core_trampoline.h"
45
46
47 /*------------------------------------------------------------*/
48 /*--- ---*/
49 /*--- BEGIN platform-dependent unwinder worker functions ---*/
50 /*--- ---*/
51 /*------------------------------------------------------------*/
52
53 /* Take a snapshot of the client's stack, putting up to 'max_n_ips'
54 IPs into 'ips'. In order to be thread-safe, we pass in the
55 thread's IP SP, FP if that's meaningful, and LR if that's
56 meaningful. Returns number of IPs put in 'ips'.
57
58 If you know what the thread ID for this stack is, send that as the
59 first parameter, else send zero. This helps generate better stack
60 traces on ppc64-linux and has no effect on other platforms.
61 */
62
63 /* Do frame merging in the _i frames in _ips array of recursive cycles
64 of up to _nframes. The merge is done during stack unwinding
65 (i.e. in platform specific unwinders) to collect as many
66 "interesting" stack traces as possible. */
67 #define RECURSIVE_MERGE(_nframes,_ips,_i) if (UNLIKELY(_nframes > 0)) \
68 do { \
69 Int dist; \
70 for (dist = 1; dist <= _nframes && dist < (Int)_i; dist++) { \
71 if (_ips[_i-1] == _ips[_i-1-dist]) { \
72 _i = _i - dist; \
73 break; \
74 } \
75 } \
76 } while (0)
77
78 /* Note about calculation of fp_min : fp_min is the lowest address
79 which can be accessed during unwinding. This is SP - VG_STACK_REDZONE_SZB.
80 On most platforms, this will be equal to SP (as VG_STACK_REDZONE_SZB
81 is 0). However, on some platforms (e.g. amd64), there is an accessible
82 redzone below the SP. Some CFI unwind info are generated, taking this
83 into account. As an example, the following is a CFI unwind info on
84 amd64 found for a 'retq' instruction:
85 [0x400f7e .. 0x400f7e]: let cfa=oldSP+8 in RA=*(cfa+-8) SP=cfa+0 BP=*(cfa+-16)
86 0x400f7e: retq
87 As you can see, the previous BP is found 16 bytes below the cfa, which
88 is the oldSP+8. So, effectively, the BP is found 8 bytes below the SP.
89 The fp_min must take this into account, otherwise, VG_(use_CF_info) will
90 not unwind the BP. */
91
92 /* ------------------------ x86 ------------------------- */
93
94 #if defined(VGP_x86_linux) || defined(VGP_x86_darwin) \
95 || defined(VGP_x86_solaris)
96
97 #define N_FP_CF_VERIF 1021
98 // prime number so that size of fp_CF_verif is just below 4K or 8K
99 // Note that this prime nr differs from the one chosen in
100 // m_debuginfo/debuginfo.c for the cfsi cache : in case we have
101 // a collision here between two IPs, we expect to not (often) have the
102 // same collision in the cfsi cache (and vice-versa).
103
104 // unwinding with fp chain is ok:
105 #define FPUNWIND 0
106 // there is no CFI info for this IP:
107 #define NOINFO 1
108 // Unwind with FP is not ok, must use CF unwind:
109 #define CFUNWIND 2
110
111 static Addr fp_CF_verif_cache [N_FP_CF_VERIF];
112
113 /* An unwind done by following the fp chain technique can be incorrect
114 as not all frames are respecting the standard bp/sp ABI.
115 The CF information is now generated by default by gcc
116 (as part of the dwarf info). However, unwinding using CF information
117 is significantly slower : a slowdown of 20% has been observed
118 on an helgrind test case.
119 So, by default, the unwinding will be done using the fp chain.
120 But before accepting to unwind an IP with fp_chain, the result
121 of the unwind will be checked with the CF information.
122 This check can give 3 results:
123 FPUNWIND (0): there is CF info, and it gives the same result as fp unwind.
124 => it is assumed that future unwind for this IP can be done
125 with the fast fp chain, without further CF checking
126 NOINFO (1): there is no CF info (so, fp unwind is the only do-able thing)
127 CFUNWIND (2): there is CF info, but unwind result differs.
128 => it is assumed that future unwind for this IP must be done
129 with the CF info.
130 Of course, if each fp unwind implies a check done with a CF unwind,
131 it would just be slower => we cache the check result in an
132 array of checked Addr.
133 The check for an IP will be stored at
134 fp_CF_verif_cache[IP % N_FP_CF_VERIF] as one of:
135 IP ^ FPUNWIND
136 IP ^ NOINFO
137 IP ^ CFUNWIND
138
139 Note: we can re-use the last (ROUNDDOWN (log (N_FP_CF_VERIF))) bits
140 to store the check result, as they are guaranteed to be non significant
141 in the comparison between 2 IPs stored in fp_CF_verif_cache).
142 In other words, if two IPs are only differing on the last 2 bits,
143 then they will not land in the same cache bucket.
144 */
145
146 /* cached result of VG_(FPO_info_present)(). Refreshed each time
147 the fp_CF_verif_generation is different of the current debuginfo
148 generation. */
149 static Bool FPO_info_present = False;
150
151 static UInt fp_CF_verif_generation = 0;
152 // Our cache has to be maintained in sync with the CFI cache.
153 // Each time the debuginfo is changed, its generation will be incremented.
154 // We will clear our cache when our saved generation differs from
155 // the debuginfo generation.
156
157 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
158 /*OUT*/Addr* ips, UInt max_n_ips,
159 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
160 const UnwindStartRegs* startRegs,
161 Addr fp_max_orig )
162 {
163 const Bool do_stats = False; // compute and output some stats regularly.
164 static struct {
165 UInt nr; // nr of stacktraces computed
166 UInt nf; // nr of frames computed
167 UInt Ca; // unwind for which cache indicates CFUnwind must be used.
168 UInt FF; // unwind for which cache indicates FPUnwind can be used.
169 UInt Cf; // unwind at end of stack+store CFUNWIND (xip not end of stack).
170 UInt Fw; // unwind at end of stack+store FPUNWIND
171 UInt FO; // unwind + store FPUNWIND
172 UInt CF; // unwind + store CFUNWIND. Details below.
173 UInt xi; UInt xs; UInt xb; // register(s) which caused a 'store CFUNWIND'.
174 UInt Ck; // unwind fp invalid+store FPUNWIND
175 UInt MS; // microsoft unwind
176 } stats;
177
178 const Bool debug = False;
179 // = VG_(debugLog_getLevel) () > 3;
180 // = True;
181 // = stats.nr >= 123456;
182 const HChar* unwind_case; // used when debug is True.
183 // Debugging this function is not straightforward.
184 // Here is the easiest way I have found:
185 // 1. Change the above to True.
186 // 2. Start your program under Valgrind with --tool=none --vgdb-error=0
187 // 3. Use GDB/vgdb to put a breakpoint where you want to debug the stacktrace
188 // 4. Continue till breakpoint is encountered
189 // 5. From GDB, use 'monitor v.info scheduler' and examine the unwind traces.
190 // You might have to do twice 'monitor v.info scheduler' to see
191 // the effect of caching the results of the verification.
192 // You can also modify the debug dynamically using by using
193 // 'monitor v.set debuglog 4.
194
195 Int i;
196 Addr fp_max;
197 UInt n_found = 0;
198 const Int cmrf = VG_(clo_merge_recursive_frames);
199
200 vg_assert(sizeof(Addr) == sizeof(UWord));
201 vg_assert(sizeof(Addr) == sizeof(void*));
202
203 D3UnwindRegs fpverif_uregs; // result of CF unwind for a check reason.
204 Addr xip_verified = 0; // xip for which we have calculated fpverif_uregs
205 // 0 assigned to silence false positive -Wuninitialized warning
206 // This is a false positive as xip_verified is assigned when
207 // xip_verif > CFUNWIND and only used if xip_verif > CFUNWIND.
208
209 D3UnwindRegs uregs;
210 uregs.xip = (Addr)startRegs->r_pc;
211 uregs.xsp = (Addr)startRegs->r_sp;
212 uregs.xbp = startRegs->misc.X86.r_ebp;
213 Addr fp_min = uregs.xsp - VG_STACK_REDZONE_SZB;
214
215 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
216 stopping when the trail goes cold, which we guess to be
217 when FP is not a reasonable stack location. */
218
219 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
220 // current page, at least. Dunno if it helps.
221 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
222 fp_max = VG_PGROUNDUP(fp_max_orig);
223 if (fp_max >= sizeof(Addr))
224 fp_max -= sizeof(Addr);
225
226 if (debug)
227 VG_(printf)("max_n_ips=%u fp_min=0x%08lx fp_max_orig=0x08%lx, "
228 "fp_max=0x%08lx ip=0x%08lx fp=0x%08lx\n",
229 max_n_ips, fp_min, fp_max_orig, fp_max,
230 uregs.xip, uregs.xbp);
231
232 /* Assertion broken before main() is reached in pthreaded programs; the
233 * offending stack traces only have one item. --njn, 2002-aug-16 */
234 /* vg_assert(fp_min <= fp_max);*/
235 // On Darwin, this kicks in for pthread-related stack traces, so they're
236 // only 1 entry long which is wrong.
237 # if defined(VGO_linux)
238 if (fp_min + 512 >= fp_max) {
239 /* If the stack limits look bogus, don't poke around ... but
240 don't bomb out either. */
241 # elif defined(VGO_solaris)
242 if (fp_max == 0) {
243 /* VG_(get_StackTrace)() can be called by tools very early when
244 various tracing options are enabled. Don't proceed further
245 if the stack limits look bogus.
246 */
247 # endif
248 # if defined(VGO_linux) || defined(VGO_solaris)
249 if (sps) sps[0] = uregs.xsp;
250 if (fps) fps[0] = uregs.xbp;
251 ips[0] = uregs.xip;
252 return 1;
253 }
254 # endif
255
256 if (UNLIKELY (fp_CF_verif_generation != VG_(debuginfo_generation)())) {
257 fp_CF_verif_generation = VG_(debuginfo_generation)();
258 VG_(memset)(&fp_CF_verif_cache, 0, sizeof(fp_CF_verif_cache));
259 FPO_info_present = VG_(FPO_info_present)();
260 }
261
262
263 /* Loop unwinding the stack. Note that the IP value we get on
264 * each pass (whether from CFI info or a stack frame) is a
265 * return address so is actually after the calling instruction
266 * in the calling function.
267 *
268 * Because of this we subtract one from the IP after each pass
269 * of the loop so that we find the right CFI block on the next
270 * pass - otherwise we can find the wrong CFI info if it happens
271 * to change after the calling instruction and that will mean
272 * that we will fail to unwind the next step.
273 *
274 * This most frequently happens at the end of a function when
275 * a tail call occurs and we wind up using the CFI info for the
276 * next function which is completely wrong.
277 */
278 if (sps) sps[0] = uregs.xsp;
279 if (fps) fps[0] = uregs.xbp;
280 ips[0] = uregs.xip;
281 i = 1;
282 if (do_stats) stats.nr++;
283
284 while (True) {
285
286 if (i >= max_n_ips)
287 break;
288
289 UWord hash = uregs.xip % N_FP_CF_VERIF;
290 Addr xip_verif = uregs.xip ^ fp_CF_verif_cache [hash];
291 if (debug)
292 VG_(printf)(" uregs.xip 0x%08lx xip_verif[0x%08lx]"
293 " xbp 0x%08lx xsp 0x%08lx\n",
294 uregs.xip, xip_verif,
295 uregs.xbp, uregs.xsp);
296 // If xip is in cache, then xip_verif will be <= CFUNWIND.
297 // Otherwise, if not in cache, xip_verif will be > CFUNWIND.
298
299 /* Try to derive a new (ip,sp,fp) triple from the current set. */
300
301 /* Do we have to do CFI unwinding ?
302 We do CFI unwinding if one of the following condition holds:
303 a. fp_CF_verif_cache contains xip but indicates CFUNWIND must
304 be done (i.e. fp unwind check failed when we did the first
305 unwind for this IP).
306 b. fp_CF_verif_cache does not contain xip.
307 We will try CFI unwinding in fpverif_uregs and compare with
308 FP unwind result to insert xip in the cache with the correct
309 indicator. */
310 if (UNLIKELY(xip_verif >= CFUNWIND)) {
311 if (xip_verif == CFUNWIND) {
312 /* case a : do "real" cfi unwind */
313 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
314 if (debug) unwind_case = "Ca";
315 if (do_stats) stats.Ca++;
316 goto unwind_done;
317 }
318 /* ??? cache indicates we have to do CFI unwind (so, we
319 previously found CFI info, and failed the fp unwind
320 check). Now, we just failed with CFI. So, once we
321 succeed, once we fail. No idea what is going on =>
322 cleanup the cache entry and fallover to fp unwind (this
323 time). */
324 fp_CF_verif_cache [hash] = 0;
325 if (debug) VG_(printf)(" cache reset as CFI ok then nok\n");
326 //??? stats
327 xip_verif = NOINFO;
328 } else {
329 /* case b : do "verif" cfi unwind in fpverif_uregs */
330 fpverif_uregs = uregs;
331 xip_verified = uregs.xip;
332 if ( !VG_(use_CF_info)( &fpverif_uregs, fp_min, fp_max ) ) {
333 fp_CF_verif_cache [hash] = uregs.xip ^ NOINFO;
334 if (debug) VG_(printf)(" cache NOINFO fpverif_uregs\n");
335 xip_verif = NOINFO;
336 }
337 }
338 }
339
340 /* On x86, try the old-fashioned method of following the
341 %ebp-chain. This can be done if the fp_CF_verif_cache for xip
342 indicate fp unwind is ok. This must be done if the cache indicates
343 there is no info. This is also done to confirm what to put in the cache
344 if xip was not in the cache. */
345 /* This deals with frames resulting from functions which begin "pushl%
346 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */
347 if (fp_min <= uregs.xbp &&
348 uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/ &&
349 VG_IS_4_ALIGNED(uregs.xbp))
350 {
351 Addr old_xsp;
352
353 /* fp looks sane, so use it. */
354 uregs.xip = (((UWord*)uregs.xbp)[1]);
355 // We stop if we hit a zero (the traditional end-of-stack
356 // marker) or a one -- these correspond to recorded IPs of 0 or -1.
357 // The latter because r8818 (in this file) changes the meaning of
358 // entries [1] and above in a stack trace, by subtracting 1 from
359 // them. Hence stacks that used to end with a zero value now end in
360 // -1 and so we must detect that too.
361 if (0 == uregs.xip || 1 == uregs.xip) {
362 if (xip_verif > CFUNWIND) {
363 // Check if we obtain the same result with fp unwind.
364 // If same result, then mark xip as fp unwindable
365 if (uregs.xip == fpverif_uregs.xip) {
366 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND;
367 if (debug) VG_(printf)(" cache FPUNWIND 0\n");
368 unwind_case = "Fw";
369 if (do_stats) stats.Fw++;
370 break;
371 } else {
372 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
373 uregs = fpverif_uregs;
374 if (debug) VG_(printf)(" cache CFUNWIND 0\n");
375 unwind_case = "Cf";
376 if (do_stats) stats.Cf++;
377 goto unwind_done;
378 }
379 } else {
380 // end of stack => out of the loop.
381 break;
382 }
383 }
384
385 old_xsp = uregs.xsp;
386 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/
387 + sizeof(Addr) /*ra*/;
388 uregs.xbp = (((UWord*)uregs.xbp)[0]);
389 if (xip_verif > CFUNWIND) {
390 if (uregs.xip == fpverif_uregs.xip
391 && uregs.xsp == fpverif_uregs.xsp
392 && uregs.xbp == fpverif_uregs.xbp) {
393 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND;
394 if (debug) VG_(printf)(" cache FPUNWIND >2\n");
395 if (debug) unwind_case = "FO";
396 if (do_stats) stats.FO++;
397 if (old_xsp >= uregs.xsp) {
398 if (debug)
399 VG_(printf) (" FO end of stack old_xsp %p >= xsp %p\n",
400 (void*)old_xsp, (void*)uregs.xsp);
401 break;
402 }
403 } else {
404 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
405 if (debug) VG_(printf)(" cache CFUNWIND >2\n");
406 if (do_stats && uregs.xip != fpverif_uregs.xip) stats.xi++;
407 if (do_stats && uregs.xsp != fpverif_uregs.xsp) stats.xs++;
408 if (do_stats && uregs.xbp != fpverif_uregs.xbp) stats.xb++;
409 uregs = fpverif_uregs;
410 if (debug) unwind_case = "CF";
411 if (do_stats) stats.CF++;
412 }
413 } else {
414 if (debug) unwind_case = "FF";
415 if (do_stats) stats.FF++;
416 if (old_xsp >= uregs.xsp) {
417 if (debug)
418 VG_(printf) (" FF end of stack old_xsp %p >= xsp %p\n",
419 (void*)old_xsp, (void*)uregs.xsp);
420 break;
421 }
422 }
423 goto unwind_done;
424 } else {
425 // fp unwind has failed.
426 // If we were checking the validity of the cfi unwinding,
427 // we mark in the cache that the fp unwind cannot be done, and that
428 // cfi unwind is desired.
429 if (xip_verif > CFUNWIND) {
430 // We know that fpverif_uregs contains valid information,
431 // as a failed cf unwind would have put NOINFO in xip_verif.
432 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
433 if (debug) VG_(printf)(" cache CFUNWIND as fp failed\n");
434 uregs = fpverif_uregs;
435 if (debug) unwind_case = "Ck";
436 if (do_stats) stats.Ck++;
437 goto unwind_done;
438 }
439 // xip_verif is FPUNWIND or NOINFO.
440 // We failed the cfi unwind and/or the fp unwind.
441 // => fallback to FPO info.
442 }
443
444 /* And, similarly, try for MSVC FPO unwind info. */
445 if (FPO_info_present
446 && VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp,
447 VG_(current_DiEpoch)(),
448 fp_min, fp_max ) ) {
449 if (debug) unwind_case = "MS";
450 if (do_stats) stats.MS++;
451 goto unwind_done;
452 }
453
454 /* No luck. We have to give up. */
455 break;
456
457 unwind_done:
458 /* Add a frame in ips/sps/fps */
459 /* fp is %ebp. sp is %esp. ip is %eip. */
460 if (0 == uregs.xip || 1 == uregs.xip) break;
461 if (sps) sps[i] = uregs.xsp;
462 if (fps) fps[i] = uregs.xbp;
463 ips[i++] = uregs.xip - 1;
464 /* -1: refer to calling insn, not the RA */
465 if (debug)
466 VG_(printf)(" ips%s[%d]=0x%08lx\n", unwind_case, i-1, ips[i-1]);
467 uregs.xip = uregs.xip - 1;
468 /* as per comment at the head of this loop */
469 RECURSIVE_MERGE(cmrf,ips,i);
470 }
471
472 if (do_stats) stats.nf += i;
473 if (do_stats && stats.nr % 10000 == 0) {
474 VG_(printf)("nr %u nf %u "
475 "Ca %u FF %u "
476 "Cf %u "
477 "Fw %u FO %u "
478 "CF %u (xi %u xs %u xb %u) "
479 "Ck %u MS %u\n",
480 stats.nr, stats.nf,
481 stats.Ca, stats.FF,
482 stats.Cf,
483 stats.Fw, stats.FO,
484 stats.CF, stats.xi, stats.xs, stats.xb,
485 stats.Ck, stats.MS);
486 }
487 n_found = i;
488 return n_found;
489 }
490
491 #undef N_FP_CF_VERIF
492 #undef FPUNWIND
493 #undef NOINFO
494 #undef CFUNWIND
495
496 #endif
497
498 /* ----------------------- amd64 ------------------------ */
499
500 #if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) \
501 || defined(VGP_amd64_solaris)
502
503 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
504 /*OUT*/Addr* ips, UInt max_n_ips,
505 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
506 const UnwindStartRegs* startRegs,
507 Addr fp_max_orig )
508 {
509 const Bool debug = False;
510 Int i;
511 Addr fp_max;
512 UInt n_found = 0;
513 const Int cmrf = VG_(clo_merge_recursive_frames);
514
515 vg_assert(sizeof(Addr) == sizeof(UWord));
516 vg_assert(sizeof(Addr) == sizeof(void*));
517
518 D3UnwindRegs uregs;
519 uregs.xip = startRegs->r_pc;
520 uregs.xsp = startRegs->r_sp;
521 uregs.xbp = startRegs->misc.AMD64.r_rbp;
522 Addr fp_min = uregs.xsp - VG_STACK_REDZONE_SZB;
523
524 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
525 stopping when the trail goes cold, which we guess to be
526 when FP is not a reasonable stack location. */
527
528 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
529 // current page, at least. Dunno if it helps.
530 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
531 fp_max = VG_PGROUNDUP(fp_max_orig);
532 if (fp_max >= sizeof(Addr))
533 fp_max -= sizeof(Addr);
534
535 if (debug)
536 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
537 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
538 max_n_ips, fp_min, fp_max_orig, fp_max,
539 uregs.xip, uregs.xbp);
540
541 /* Assertion broken before main() is reached in pthreaded programs; the
542 * offending stack traces only have one item. --njn, 2002-aug-16 */
543 /* vg_assert(fp_min <= fp_max);*/
544 // On Darwin, this kicks in for pthread-related stack traces, so they're
545 // only 1 entry long which is wrong.
546 # if defined(VGO_linux)
547 if (fp_min + 256 >= fp_max) {
548 /* If the stack limits look bogus, don't poke around ... but
549 don't bomb out either. */
550 # elif defined(VGO_solaris)
551 if (fp_max == 0) {
552 /* VG_(get_StackTrace)() can be called by tools very early when
553 various tracing options are enabled. Don't proceed further
554 if the stack limits look bogus.
555 */
556 # endif
557 # if defined(VGO_linux) || defined(VGO_solaris)
558
559 if (sps) sps[0] = uregs.xsp;
560 if (fps) fps[0] = uregs.xbp;
561 ips[0] = uregs.xip;
562 return 1;
563 }
564 # endif
565
566 /* fp is %rbp. sp is %rsp. ip is %rip. */
567
568 ips[0] = uregs.xip;
569 if (sps) sps[0] = uregs.xsp;
570 if (fps) fps[0] = uregs.xbp;
571 i = 1;
572 if (debug)
573 VG_(printf)(" ipsS[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
574 i-1, ips[i-1], uregs.xbp, uregs.xsp);
575
576 # if defined(VGO_darwin)
577 if (VG_(is_valid_tid)(tid_if_known) &&
578 VG_(is_in_syscall)(tid_if_known) &&
579 i < max_n_ips) {
580 /* On Darwin, all the system call stubs have no function
581 * prolog. So instead of top of the stack being a new
582 * frame comprising a saved BP and a return address, we
583 * just have the return address in the caller's frame.
584 * Adjust for this by recording the return address.
585 */
586 ips[i] = *(Addr *)uregs.xsp - 1;
587 if (sps) sps[i] = uregs.xsp;
588 if (fps) fps[i] = uregs.xbp;
589 i++;
590 }
591 # endif
592
593 /* Loop unwinding the stack. Note that the IP value we get on
594 * each pass (whether from CFI info or a stack frame) is a
595 * return address so is actually after the calling instruction
596 * in the calling function.
597 *
598 * Because of this we subtract one from the IP after each pass
599 * of the loop so that we find the right CFI block on the next
600 * pass - otherwise we can find the wrong CFI info if it happens
601 * to change after the calling instruction and that will mean
602 * that we will fail to unwind the next step.
603 *
604 * This most frequently happens at the end of a function when
605 * a tail call occurs and we wind up using the CFI info for the
606 * next function which is completely wrong.
607 */
608 while (True) {
609 Addr old_xsp;
610
611 if (i >= max_n_ips)
612 break;
613
614 old_xsp = uregs.xsp;
615
616 /* Try to derive a new (ip,sp,fp) triple from the current set. */
617
618 /* First off, see if there is any CFI info to hand which can
619 be used. */
620 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
621 if (0 == uregs.xip || 1 == uregs.xip) break;
622 if (old_xsp >= uregs.xsp) {
623 if (debug)
624 VG_(printf) (" CF end of stack old_xsp %p >= xsp %p\n",
625 (void*)old_xsp, (void*)uregs.xsp);
626 break;
627 }
628 if (sps) sps[i] = uregs.xsp;
629 if (fps) fps[i] = uregs.xbp;
630 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
631 if (debug)
632 VG_(printf)(" ipsC[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
633 i-1, ips[i-1], uregs.xbp, uregs.xsp);
634 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
635 RECURSIVE_MERGE(cmrf,ips,i);
636 continue;
637 }
638
639 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so
640 we can safely try the old-fashioned method. */
641 /* This bit is supposed to deal with frames resulting from
642 functions which begin "pushq %rbp ; movq %rsp, %rbp".
643 Unfortunately, since we can't (easily) look at the insns at
644 the start of the fn, like GDB does, there's no reliable way
645 to tell. Hence the hack of first trying out CFI, and if that
646 fails, then use this as a fallback. */
647 /* Note: re "- 1 * sizeof(UWord)", need to take account of the
648 fact that we are prodding at & ((UWord*)fp)[1] and so need to
649 adjust the limit check accordingly. Omitting this has been
650 observed to cause segfaults on rare occasions. */
651 if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) {
652 /* fp looks sane, so use it. */
653 uregs.xip = (((UWord*)uregs.xbp)[1]);
654 if (0 == uregs.xip || 1 == uregs.xip) break;
655 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/
656 + sizeof(Addr) /*ra*/;
657 if (old_xsp >= uregs.xsp) {
658 if (debug)
659 VG_(printf) (" FF end of stack old_xsp %p >= xsp %p\n",
660 (void*)old_xsp, (void*)uregs.xsp);
661 break;
662 }
663 uregs.xbp = (((UWord*)uregs.xbp)[0]);
664 if (sps) sps[i] = uregs.xsp;
665 if (fps) fps[i] = uregs.xbp;
666 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
667 if (debug)
668 VG_(printf)(" ipsF[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
669 i-1, ips[i-1], uregs.xbp, uregs.xsp);
670 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
671 RECURSIVE_MERGE(cmrf,ips,i);
672 continue;
673 }
674
675 /* Last-ditch hack (evidently GDB does something similar). We
676 are in the middle of nowhere and we have a nonsense value for
677 the frame pointer. If the stack pointer is still valid,
678 assume that what it points at is a return address. Yes,
679 desperate measures. Could do better here:
680 - check that the supposed return address is in
681 an executable page
682 - check that the supposed return address is just after a call insn
683 - given those two checks, don't just consider *sp as the return
684 address; instead scan a likely section of stack (eg sp .. sp+256)
685 and use suitable values found there.
686 */
687 if (fp_min <= uregs.xsp && uregs.xsp < fp_max) {
688 uregs.xip = ((UWord*)uregs.xsp)[0];
689 if (0 == uregs.xip || 1 == uregs.xip) break;
690 if (sps) sps[i] = uregs.xsp;
691 if (fps) fps[i] = uregs.xbp;
692 ips[i++] = uregs.xip == 0
693 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a
694 thread stack */
695 : uregs.xip - 1;
696 /* -1: refer to calling insn, not the RA */
697 if (debug)
698 VG_(printf)(" ipsH[%d]=%#08lx\n", i-1, ips[i-1]);
699 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
700 uregs.xsp += 8;
701 RECURSIVE_MERGE(cmrf,ips,i);
702 continue;
703 }
704
705 /* No luck at all. We have to give up. */
706 break;
707 }
708
709 n_found = i;
710 return n_found;
711 }
712
713 #endif
714
715 /* -----------------------ppc32/64 ---------------------- */
716
717 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \
718 || defined(VGP_ppc64le_linux)
719
720 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
721 /*OUT*/Addr* ips, UInt max_n_ips,
722 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
723 const UnwindStartRegs* startRegs,
724 Addr fp_max_orig )
725 {
726 Bool lr_is_first_RA = False;
727 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
728 Word redir_stack_size = 0;
729 Word redirs_used = 0;
730 # endif
731 const Int cmrf = VG_(clo_merge_recursive_frames);
732 const DiEpoch cur_ep = VG_(current_DiEpoch)();
733
734 Bool debug = False;
735 Int i;
736 Addr fp_max;
737 UInt n_found = 0;
738
739 vg_assert(sizeof(Addr) == sizeof(UWord));
740 vg_assert(sizeof(Addr) == sizeof(void*));
741
742 Addr ip = (Addr)startRegs->r_pc;
743 Addr sp = (Addr)startRegs->r_sp;
744 Addr fp = sp;
745 # if defined(VGP_ppc32_linux)
746 Addr lr = startRegs->misc.PPC32.r_lr;
747 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
748 Addr lr = startRegs->misc.PPC64.r_lr;
749 # endif
750 Addr fp_min = sp - VG_STACK_REDZONE_SZB;
751
752 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
753 stopping when the trail goes cold, which we guess to be
754 when FP is not a reasonable stack location. */
755
756 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
757 // current page, at least. Dunno if it helps.
758 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
759 fp_max = VG_PGROUNDUP(fp_max_orig);
760 if (fp_max >= sizeof(Addr))
761 fp_max -= sizeof(Addr);
762
763 if (debug)
764 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
765 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
766 max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp);
767
768 /* Assertion broken before main() is reached in pthreaded programs; the
769 * offending stack traces only have one item. --njn, 2002-aug-16 */
770 /* vg_assert(fp_min <= fp_max);*/
771 if (fp_min + 512 >= fp_max) {
772 /* If the stack limits look bogus, don't poke around ... but
773 don't bomb out either. */
774 if (sps) sps[0] = sp;
775 if (fps) fps[0] = fp;
776 ips[0] = ip;
777 return 1;
778 }
779
780 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and
781 frame pointers. */
782
783 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
784 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE;
785 redirs_used = 0;
786 # endif
787
788 # if defined(VG_PLAT_USES_PPCTOC) || defined (VGP_ppc64le_linux)
789 /* Deal with bogus LR values caused by function
790 interception/wrapping on ppc-TOC platforms; see comment on
791 similar code a few lines further down. */
792 if (lr == (Addr)&VG_(ppctoc_magic_redirect_return_stub)
793 && VG_(is_valid_tid)(tid_if_known)) {
794 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP;
795 redirs_used++;
796 if (hsp >= 1 && hsp < redir_stack_size)
797 lr = VG_(threads)[tid_if_known]
798 .arch.vex.guest_REDIR_STACK[hsp-1];
799 }
800 # endif
801
802 /* We have to determine whether or not LR currently holds this fn
803 (call it F)'s return address. It might not if F has previously
804 called some other function, hence overwriting LR with a pointer
805 to some part of F. Hence if LR and IP point to the same
806 function then we conclude LR does not hold this function's
807 return address; instead the LR at entry must have been saved in
808 the stack by F's prologue and so we must get it from there
809 instead. Note all this guff only applies to the innermost
810 frame. */
811 lr_is_first_RA = False;
812 {
813 const HChar *buf_lr, *buf_ip;
814 /* The following conditional looks grossly inefficient and
815 surely could be majorly improved, with not much effort. */
816 if (VG_(get_fnname_raw) (cur_ep, lr, &buf_lr)) {
817 HChar buf_lr_copy[VG_(strlen)(buf_lr) + 1];
818 VG_(strcpy)(buf_lr_copy, buf_lr);
819 if (VG_(get_fnname_raw) (cur_ep, ip, &buf_ip))
820 if (VG_(strcmp)(buf_lr_copy, buf_ip))
821 lr_is_first_RA = True;
822 }
823 }
824
825 if (sps) sps[0] = fp; /* NB. not sp */
826 if (fps) fps[0] = fp;
827 ips[0] = ip;
828 i = 1;
829
830 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) {
831
832 /* initial FP is sane; keep going */
833 fp = (((UWord*)fp)[0]);
834
835 while (True) {
836
837 /* On ppc64-linux (ppc64-elf, really), the lr save
838 slot is 2 words back from sp, whereas on ppc32-elf(?) it's
839 only one word back. */
840 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
841 const Int lr_offset = 2;
842 # else
843 const Int lr_offset = 1;
844 # endif
845
846 if (i >= max_n_ips)
847 break;
848
849 /* Try to derive a new (ip,fp) pair from the current set. */
850
851 if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) {
852 /* fp looks sane, so use it. */
853
854 if (i == 1 && lr_is_first_RA)
855 ip = lr;
856 else
857 ip = (((UWord*)fp)[lr_offset]);
858
859 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
860 /* Nasty hack to do with function replacement/wrapping on
861 ppc64-linux. If LR points to our magic return stub,
862 then we are in a wrapped or intercepted function, in
863 which LR has been messed with. The original LR will
864 have been pushed onto the thread's hidden REDIR stack
865 one down from the top (top element is the saved R2) and
866 so we should restore the value from there instead.
867 Since nested redirections can and do happen, we keep
868 track of the number of nested LRs used by the unwinding
869 so far with 'redirs_used'. */
870 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub)
871 && VG_(is_valid_tid)(tid_if_known)) {
872 Word hsp = VG_(threads)[tid_if_known]
873 .arch.vex.guest_REDIR_SP;
874 hsp -= 2 * redirs_used;
875 redirs_used ++;
876 if (hsp >= 1 && hsp < redir_stack_size)
877 ip = VG_(threads)[tid_if_known]
878 .arch.vex.guest_REDIR_STACK[hsp-1];
879 }
880 # endif
881
882 if (0 == ip || 1 == ip) break;
883 if (sps) sps[i] = fp; /* NB. not sp */
884 if (fps) fps[i] = fp;
885 fp = (((UWord*)fp)[0]);
886 ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */
887 if (debug)
888 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]);
889 ip = ip - 1; /* ip is probably dead at this point, but
890 play safe, a la x86/amd64 above. See
891 extensive comments above. */
892 RECURSIVE_MERGE(cmrf,ips,i);
893 continue;
894 }
895
896 /* No luck there. We have to give up. */
897 break;
898 }
899 }
900
901 n_found = i;
902 return n_found;
903 }
904
905 #endif
906
907 /* ------------------------ arm ------------------------- */
908
909 #if defined(VGP_arm_linux)
910
911 static Bool in_same_fn ( Addr a1, Addr a2 )
912 {
913 const HChar *buf_a1, *buf_a2;
914 /* The following conditional looks grossly inefficient and
915 surely could be majorly improved, with not much effort. */
916 const DiEpoch cur_ep = VG_(current_DiEpoch)();
917 if (VG_(get_fnname_raw) (cur_ep, a1, &buf_a1)) {
918 HChar buf_a1_copy[VG_(strlen)(buf_a1) + 1];
919 VG_(strcpy)(buf_a1_copy, buf_a1);
920 if (VG_(get_fnname_raw) (cur_ep, a2, &buf_a2))
921 if (VG_(strcmp)(buf_a1_copy, buf_a2))
922 return True;
923 }
924 return False;
925 }
926
927 static Bool in_same_page ( Addr a1, Addr a2 ) {
928 return (a1 & ~0xFFF) == (a2 & ~0xFFF);
929 }
930
931 static Addr abs_diff ( Addr a1, Addr a2 ) {
932 return (Addr)(a1 > a2 ? a1 - a2 : a2 - a1);
933 }
934
935 static Bool has_XT_perms ( Addr a )
936 {
937 NSegment const* seg = VG_(am_find_nsegment)(a);
938 return seg && seg->hasX && seg->hasT;
939 }
940
941 static Bool looks_like_Thumb_call32 ( UShort w0, UShort w1 )
942 {
943 if (0)
944 VG_(printf)("isT32call %04x %04x\n", (UInt)w0, (UInt)w1);
945 // BL simm26
946 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
947 // BLX simm26
948 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
949 return False;
950 }
951
952 static Bool looks_like_Thumb_call16 ( UShort w0 )
953 {
954 return False;
955 }
956
957 static Bool looks_like_ARM_call ( UInt a0 )
958 {
959 if (0)
960 VG_(printf)("isA32call %08x\n", a0);
961 // Leading E forces unconditional only -- fix
962 if ((a0 & 0xFF000000) == 0xEB000000) return True;
963 return False;
964 }
965
966 static Bool looks_like_RA ( Addr ra )
967 {
968 /* 'ra' is a plausible return address if it points to
969 an instruction after a call insn. */
970 Bool isT = (ra & 1);
971 if (isT) {
972 // returning to Thumb code
973 ra &= ~1;
974 ra -= 4;
975 if (has_XT_perms(ra)) {
976 UShort w0 = *(UShort*)ra;
977 UShort w1 = in_same_page(ra, ra+2) ? *(UShort*)(ra+2) : 0;
978 if (looks_like_Thumb_call16(w1) || looks_like_Thumb_call32(w0,w1))
979 return True;
980 }
981 } else {
982 // ARM
983 ra &= ~3;
984 ra -= 4;
985 if (has_XT_perms(ra)) {
986 UInt a0 = *(UInt*)ra;
987 if (looks_like_ARM_call(a0))
988 return True;
989 }
990 }
991 return False;
992 }
993
994 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
995 /*OUT*/Addr* ips, UInt max_n_ips,
996 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
997 const UnwindStartRegs* startRegs,
998 Addr fp_max_orig )
999 {
1000 Bool debug = False;
1001 Int i;
1002 Addr fp_max;
1003 UInt n_found = 0;
1004 const Int cmrf = VG_(clo_merge_recursive_frames);
1005
1006 vg_assert(sizeof(Addr) == sizeof(UWord));
1007 vg_assert(sizeof(Addr) == sizeof(void*));
1008
1009 D3UnwindRegs uregs;
1010 uregs.r15 = startRegs->r_pc & 0xFFFFFFFE;
1011 uregs.r14 = startRegs->misc.ARM.r14;
1012 uregs.r13 = startRegs->r_sp;
1013 uregs.r12 = startRegs->misc.ARM.r12;
1014 uregs.r11 = startRegs->misc.ARM.r11;
1015 uregs.r7 = startRegs->misc.ARM.r7;
1016 Addr fp_min = uregs.r13 - VG_STACK_REDZONE_SZB;
1017
1018 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1019 stopping when the trail goes cold, which we guess to be
1020 when FP is not a reasonable stack location. */
1021
1022 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1023 // current page, at least. Dunno if it helps.
1024 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1025 fp_max = VG_PGROUNDUP(fp_max_orig);
1026 if (fp_max >= sizeof(Addr))
1027 fp_max -= sizeof(Addr);
1028
1029 if (debug)
1030 VG_(printf)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1031 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n",
1032 max_n_ips, fp_min, fp_max_orig, fp_max,
1033 uregs.r15, uregs.r13);
1034
1035 /* Assertion broken before main() is reached in pthreaded programs; the
1036 * offending stack traces only have one item. --njn, 2002-aug-16 */
1037 /* vg_assert(fp_min <= fp_max);*/
1038 // On Darwin, this kicks in for pthread-related stack traces, so they're
1039 // only 1 entry long which is wrong.
1040 if (fp_min + 512 >= fp_max) {
1041 /* If the stack limits look bogus, don't poke around ... but
1042 don't bomb out either. */
1043 if (sps) sps[0] = uregs.r13;
1044 if (fps) fps[0] = 0;
1045 ips[0] = uregs.r15;
1046 return 1;
1047 }
1048
1049 /* */
1050
1051 if (sps) sps[0] = uregs.r13;
1052 if (fps) fps[0] = 0;
1053 ips[0] = uregs.r15;
1054 i = 1;
1055
1056 /* Loop unwinding the stack. */
1057 Bool do_stack_scan = False;
1058
1059 /* First try the Official Way, using Dwarf CFI. */
1060 while (True) {
1061 if (debug) {
1062 VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n",
1063 i, uregs.r15, uregs.r13);
1064 }
1065
1066 if (i >= max_n_ips)
1067 break;
1068
1069 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1070 if (sps) sps[i] = uregs.r13;
1071 if (fps) fps[i] = 0;
1072 ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1;
1073 if (debug)
1074 VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n",
1075 uregs.r15, uregs.r13);
1076 uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1;
1077 RECURSIVE_MERGE(cmrf,ips,i);
1078 continue;
1079 }
1080
1081 /* No luck. We have to give up. */
1082 do_stack_scan = True;
1083 break;
1084 }
1085
1086 /* Now try Plan B (maybe) -- stack scanning. This often gives
1087 pretty bad results, so this has to be enabled explicitly by the
1088 user. */
1089 if (do_stack_scan
1090 && i < max_n_ips && i < (Int)VG_(clo_unw_stack_scan_thresh)) {
1091 Int nByStackScan = 0;
1092 Addr lr = uregs.r14;
1093 Addr sp = uregs.r13 & ~3;
1094 Addr pc = uregs.r15;
1095 // First see if LR contains
1096 // something that could be a valid return address.
1097 if (!in_same_fn(lr, pc) && looks_like_RA(lr)) {
1098 // take it only if 'cand' isn't obviously a duplicate
1099 // of the last found IP value
1100 Addr cand = (lr & 0xFFFFFFFE) - 1;
1101 if (abs_diff(cand, ips[i-1]) > 1) {
1102 if (sps) sps[i] = 0;
1103 if (fps) fps[i] = 0;
1104 ips[i++] = cand;
1105 RECURSIVE_MERGE(cmrf,ips,i);
1106 nByStackScan++;
1107 }
1108 }
1109 while (in_same_page(sp, uregs.r13)) {
1110 if (i >= max_n_ips)
1111 break;
1112 // we're in the same page; fairly safe to keep going
1113 UWord w = *(UWord*)(sp & ~0x3);
1114 if (looks_like_RA(w)) {
1115 Addr cand = (w & 0xFFFFFFFE) - 1;
1116 // take it only if 'cand' isn't obviously a duplicate
1117 // of the last found IP value
1118 if (abs_diff(cand, ips[i-1]) > 1) {
1119 if (sps) sps[i] = 0;
1120 if (fps) fps[i] = 0;
1121 ips[i++] = cand;
1122 RECURSIVE_MERGE(cmrf,ips,i);
1123 if (++nByStackScan >= VG_(clo_unw_stack_scan_frames)) break;
1124 }
1125 }
1126 sp += 4;
1127 }
1128 }
1129
1130 n_found = i;
1131 return n_found;
1132 }
1133
1134 #endif
1135
1136 /* ------------------------ arm64 ------------------------- */
1137
1138 #if defined(VGP_arm64_linux)
1139
1140 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1141 /*OUT*/Addr* ips, UInt max_n_ips,
1142 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1143 const UnwindStartRegs* startRegs,
1144 Addr fp_max_orig )
1145 {
1146 Bool debug = False;
1147 Int i;
1148 Addr fp_max;
1149 UInt n_found = 0;
1150 const Int cmrf = VG_(clo_merge_recursive_frames);
1151
1152 vg_assert(sizeof(Addr) == sizeof(UWord));
1153 vg_assert(sizeof(Addr) == sizeof(void*));
1154
1155 D3UnwindRegs uregs;
1156 uregs.pc = startRegs->r_pc;
1157 uregs.sp = startRegs->r_sp;
1158 uregs.x30 = startRegs->misc.ARM64.x30;
1159 uregs.x29 = startRegs->misc.ARM64.x29;
1160 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1161
1162 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1163 stopping when the trail goes cold, which we guess to be
1164 when FP is not a reasonable stack location. */
1165
1166 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1167 // current page, at least. Dunno if it helps.
1168 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1169 fp_max = VG_PGROUNDUP(fp_max_orig);
1170 if (fp_max >= sizeof(Addr))
1171 fp_max -= sizeof(Addr);
1172
1173 if (debug)
1174 VG_(printf)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1175 "fp_max=0x%lx PC=0x%lx SP=0x%lx\n",
1176 max_n_ips, fp_min, fp_max_orig, fp_max,
1177 uregs.pc, uregs.sp);
1178
1179 /* Assertion broken before main() is reached in pthreaded programs; the
1180 * offending stack traces only have one item. --njn, 2002-aug-16 */
1181 /* vg_assert(fp_min <= fp_max);*/
1182 // On Darwin, this kicks in for pthread-related stack traces, so they're
1183 // only 1 entry long which is wrong.
1184 if (fp_min + 512 >= fp_max) {
1185 /* If the stack limits look bogus, don't poke around ... but
1186 don't bomb out either. */
1187 if (sps) sps[0] = uregs.sp;
1188 if (fps) fps[0] = uregs.x29;
1189 ips[0] = uregs.pc;
1190 return 1;
1191 }
1192
1193 /* */
1194
1195 if (sps) sps[0] = uregs.sp;
1196 if (fps) fps[0] = uregs.x29;
1197 ips[0] = uregs.pc;
1198 i = 1;
1199
1200 /* Loop unwinding the stack, using CFI. */
1201 while (True) {
1202 if (debug) {
1203 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx\n",
1204 i, uregs.pc, uregs.sp);
1205 }
1206
1207 if (i >= max_n_ips)
1208 break;
1209
1210 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1211 if (sps) sps[i] = uregs.sp;
1212 if (fps) fps[i] = uregs.x29;
1213 ips[i++] = uregs.pc - 1;
1214 if (debug)
1215 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx\n",
1216 uregs.pc, uregs.sp);
1217 uregs.pc = uregs.pc - 1;
1218 RECURSIVE_MERGE(cmrf,ips,i);
1219 continue;
1220 }
1221
1222 /* No luck. We have to give up. */
1223 break;
1224 }
1225
1226 n_found = i;
1227 return n_found;
1228 }
1229
1230 #endif
1231
1232 /* ------------------------ s390x ------------------------- */
1233
1234 #if defined(VGP_s390x_linux)
1235
1236 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1237 /*OUT*/Addr* ips, UInt max_n_ips,
1238 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1239 const UnwindStartRegs* startRegs,
1240 Addr fp_max_orig )
1241 {
1242 Bool debug = False;
1243 Int i;
1244 Addr fp_max;
1245 UInt n_found = 0;
1246 const Int cmrf = VG_(clo_merge_recursive_frames);
1247
1248 vg_assert(sizeof(Addr) == sizeof(UWord));
1249 vg_assert(sizeof(Addr) == sizeof(void*));
1250
1251 D3UnwindRegs uregs;
1252 uregs.ia = startRegs->r_pc;
1253 uregs.sp = startRegs->r_sp;
1254 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1255 uregs.fp = startRegs->misc.S390X.r_fp;
1256 uregs.lr = startRegs->misc.S390X.r_lr;
1257 uregs.f0 = startRegs->misc.S390X.r_f0;
1258 uregs.f1 = startRegs->misc.S390X.r_f1;
1259 uregs.f2 = startRegs->misc.S390X.r_f2;
1260 uregs.f3 = startRegs->misc.S390X.r_f3;
1261 uregs.f4 = startRegs->misc.S390X.r_f4;
1262 uregs.f5 = startRegs->misc.S390X.r_f5;
1263 uregs.f6 = startRegs->misc.S390X.r_f6;
1264 uregs.f7 = startRegs->misc.S390X.r_f7;
1265
1266 fp_max = VG_PGROUNDUP(fp_max_orig);
1267 if (fp_max >= sizeof(Addr))
1268 fp_max -= sizeof(Addr);
1269
1270 if (debug)
1271 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1272 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n",
1273 max_n_ips, fp_min, fp_max_orig, fp_max,
1274 uregs.ia, uregs.sp,uregs.fp);
1275
1276 /* The first frame is pretty obvious */
1277 ips[0] = uregs.ia;
1278 if (sps) sps[0] = uregs.sp;
1279 if (fps) fps[0] = uregs.fp;
1280 i = 1;
1281
1282 /* for everything else we have to rely on the eh_frame. gcc defaults to
1283 not create a backchain and all the other tools (like gdb) also have
1284 to use the CFI. */
1285 while (True) {
1286 if (i >= max_n_ips)
1287 break;
1288
1289 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1290 if (sps) sps[i] = uregs.sp;
1291 if (fps) fps[i] = uregs.fp;
1292 ips[i++] = uregs.ia - 1;
1293 uregs.ia = uregs.ia - 1;
1294 RECURSIVE_MERGE(cmrf,ips,i);
1295 continue;
1296 }
1297 /* A problem on the first frame? Lets assume it was a bad jump.
1298 We will use the link register and the current stack and frame
1299 pointers and see if we can use the CFI in the next round. */
1300 if (i == 1) {
1301 if (sps) {
1302 sps[i] = sps[0];
1303 uregs.sp = sps[0];
1304 }
1305 if (fps) {
1306 fps[i] = fps[0];
1307 uregs.fp = fps[0];
1308 }
1309 uregs.ia = uregs.lr - 1;
1310 ips[i++] = uregs.lr - 1;
1311 RECURSIVE_MERGE(cmrf,ips,i);
1312 continue;
1313 }
1314
1315 /* No luck. We have to give up. */
1316 break;
1317 }
1318
1319 n_found = i;
1320 return n_found;
1321 }
1322
1323 #endif
1324
1325 /* ------------------------ mips 32/64 ------------------------- */
1326 #if defined(VGP_mips32_linux) || defined(VGP_mips64_linux) \
1327 || defined(VGP_nanomips_linux)
1328 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1329 /*OUT*/Addr* ips, UInt max_n_ips,
1330 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1331 const UnwindStartRegs* startRegs,
1332 Addr fp_max_orig )
1333 {
1334 Bool debug = False;
1335 Int i;
1336 Addr fp_max;
1337 UInt n_found = 0;
1338 const Int cmrf = VG_(clo_merge_recursive_frames);
1339
1340 vg_assert(sizeof(Addr) == sizeof(UWord));
1341 vg_assert(sizeof(Addr) == sizeof(void*));
1342
1343 D3UnwindRegs uregs;
1344 uregs.pc = startRegs->r_pc;
1345 uregs.sp = startRegs->r_sp;
1346 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1347
1348 #if defined(VGP_mips32_linux) || defined(VGP_nanomips_linux)
1349 uregs.fp = startRegs->misc.MIPS32.r30;
1350 uregs.ra = startRegs->misc.MIPS32.r31;
1351 #elif defined(VGP_mips64_linux)
1352 uregs.fp = startRegs->misc.MIPS64.r30;
1353 uregs.ra = startRegs->misc.MIPS64.r31;
1354 #endif
1355
1356 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1357 stopping when the trail goes cold, which we guess to be
1358 when FP is not a reasonable stack location. */
1359
1360 fp_max = VG_PGROUNDUP(fp_max_orig);
1361 if (fp_max >= sizeof(Addr))
1362 fp_max -= sizeof(Addr);
1363
1364 if (debug)
1365 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1366 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n",
1367 max_n_ips, fp_min, fp_max_orig, fp_max,
1368 uregs.pc, uregs.sp, uregs.fp);
1369
1370 if (sps) sps[0] = uregs.sp;
1371 if (fps) fps[0] = uregs.fp;
1372 ips[0] = uregs.pc;
1373 i = 1;
1374
1375 /* Loop unwinding the stack. */
1376
1377 while (True) {
1378 if (debug) {
1379 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1380 i, uregs.pc, uregs.sp, uregs.ra);
1381 }
1382 if (i >= max_n_ips)
1383 break;
1384
1385 D3UnwindRegs uregs_copy = uregs;
1386 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1387 if (debug)
1388 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1389 uregs.pc, uregs.sp, uregs.ra);
1390 if (0 != uregs.pc && 1 != uregs.pc) {
1391 if (sps) sps[i] = uregs.sp;
1392 if (fps) fps[i] = uregs.fp;
1393 ips[i++] = uregs.pc - 4;
1394 uregs.pc = uregs.pc - 4;
1395 RECURSIVE_MERGE(cmrf,ips,i);
1396 continue;
1397 } else
1398 uregs = uregs_copy;
1399 }
1400
1401 int seen_sp_adjust = 0;
1402 long frame_offset = 0;
1403 PtrdiffT offset;
1404 const DiEpoch cur_ep = VG_(current_DiEpoch)();
1405 if (VG_(get_inst_offset_in_function)(cur_ep, uregs.pc, &offset)) {
1406 Addr start_pc = uregs.pc - offset;
1407 Addr limit_pc = uregs.pc;
1408 Addr cur_pc;
1409 for (cur_pc = start_pc; cur_pc < limit_pc; cur_pc += 4) {
1410 unsigned long inst, high_word, low_word;
1411 unsigned long * cur_inst;
1412 /* Fetch the instruction. */
1413 cur_inst = (unsigned long *)cur_pc;
1414 inst = *((UInt *) cur_inst);
1415 if(debug)
1416 VG_(printf)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc, inst);
1417
1418 /* Save some code by pre-extracting some useful fields. */
1419 high_word = (inst >> 16) & 0xffff;
1420 low_word = inst & 0xffff;
1421
1422 if (high_word == 0x27bd /* addiu $sp,$sp,-i */
1423 || high_word == 0x23bd /* addi $sp,$sp,-i */
1424 || high_word == 0x67bd) { /* daddiu $sp,$sp,-i */
1425 if (low_word & 0x8000) /* negative stack adjustment? */
1426 frame_offset += 0x10000 - low_word;
1427 else
1428 /* Exit loop if a positive stack adjustment is found, which
1429 usually means that the stack cleanup code in the function
1430 epilogue is reached. */
1431 break;
1432 seen_sp_adjust = 1;
1433 }
1434 }
1435 if(debug)
1436 VG_(printf)("offset: 0x%ld\n", frame_offset);
1437 }
1438 if (seen_sp_adjust) {
1439 if (0 == uregs.pc || 1 == uregs.pc) break;
1440 if (uregs.pc == uregs.ra - 8) break;
1441 if (sps) {
1442 sps[i] = uregs.sp + frame_offset;
1443 }
1444 uregs.sp = uregs.sp + frame_offset;
1445
1446 if (fps) {
1447 fps[i] = fps[0];
1448 uregs.fp = fps[0];
1449 }
1450 if (0 == uregs.ra || 1 == uregs.ra) break;
1451 uregs.pc = uregs.ra - 8;
1452 ips[i++] = uregs.ra - 8;
1453 RECURSIVE_MERGE(cmrf,ips,i);
1454 continue;
1455 }
1456
1457 if (i == 1) {
1458 if (sps) {
1459 sps[i] = sps[0];
1460 uregs.sp = sps[0];
1461 }
1462 if (fps) {
1463 fps[i] = fps[0];
1464 uregs.fp = fps[0];
1465 }
1466 if (0 == uregs.ra || 1 == uregs.ra) break;
1467 uregs.pc = uregs.ra - 8;
1468 ips[i++] = uregs.ra - 8;
1469 RECURSIVE_MERGE(cmrf,ips,i);
1470 continue;
1471 }
1472 /* No luck. We have to give up. */
1473 break;
1474 }
1475
1476 n_found = i;
1477 return n_found;
1478 }
1479
1480 #endif
1481
1482 /*------------------------------------------------------------*/
1483 /*--- ---*/
1484 /*--- END platform-dependent unwinder worker functions ---*/
1485 /*--- ---*/
1486 /*------------------------------------------------------------*/
1487
1488 /*------------------------------------------------------------*/
1489 /*--- Exported functions. ---*/
1490 /*------------------------------------------------------------*/
1491
1492 UInt VG_(get_StackTrace_with_deltas)(
1493 ThreadId tid,
1494 /*OUT*/StackTrace ips, UInt n_ips,
1495 /*OUT*/StackTrace sps,
1496 /*OUT*/StackTrace fps,
1497 Word first_ip_delta,
1498 Word first_sp_delta
1499 )
1500 {
1501 /* Get the register values with which to start the unwind. */
1502 UnwindStartRegs startRegs;
1503 VG_(memset)( &startRegs, 0, sizeof(startRegs) );
1504 VG_(get_UnwindStartRegs)( &startRegs, tid );
1505
1506 Addr stack_highest_byte = VG_(threads)[tid].client_stack_highest_byte;
1507 Addr stack_lowest_byte = 0;
1508
1509 # if defined(VGP_x86_linux)
1510 /* Nasty little hack to deal with syscalls - if libc is using its
1511 _dl_sysinfo_int80 function for syscalls (the TLS version does),
1512 then ip will always appear to be in that function when doing a
1513 syscall, not the actual libc function doing the syscall. This
1514 check sees if IP is within that function, and pops the return
1515 address off the stack so that ip is placed within the library
1516 function calling the syscall. This makes stack backtraces much
1517 more useful.
1518
1519 The function is assumed to look like this (from glibc-2.3.6 sources):
1520 _dl_sysinfo_int80:
1521 int $0x80
1522 ret
1523 That is 3 (2+1) bytes long. We could be more thorough and check
1524 the 3 bytes of the function are as expected, but I can't be
1525 bothered.
1526 */
1527 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */
1528 && startRegs.r_pc >= VG_(client__dl_sysinfo_int80)
1529 && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3
1530 && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr),
1531 VKI_PROT_READ)) {
1532 startRegs.r_pc = (ULong) *(Addr*)(UWord)startRegs.r_sp;
1533 startRegs.r_sp += (ULong) sizeof(Addr);
1534 }
1535 # endif
1536
1537 /* See if we can get a better idea of the stack limits */
1538 VG_(stack_limits)( (Addr)startRegs.r_sp,
1539 &stack_lowest_byte, &stack_highest_byte );
1540
1541 /* Take into account the first_ip_delta and first_sp_delta. */
1542 startRegs.r_pc += (Long)first_ip_delta;
1543 startRegs.r_sp += (Long)first_sp_delta;
1544
1545 if (0)
1546 VG_(printf)("tid %u: stack_highest=0x%08lx ip=0x%010llx "
1547 "sp=0x%010llx\n",
1548 tid, stack_highest_byte,
1549 startRegs.r_pc, startRegs.r_sp);
1550
1551 return VG_(get_StackTrace_wrk)(tid, ips, n_ips,
1552 sps, fps,
1553 &startRegs,
1554 stack_highest_byte);
1555 }
1556
1557 UInt VG_(get_StackTrace) ( ThreadId tid,
1558 /*OUT*/StackTrace ips, UInt max_n_ips,
1559 /*OUT*/StackTrace sps,
1560 /*OUT*/StackTrace fps,
1561 Word first_ip_delta )
1562 {
1563 return VG_(get_StackTrace_with_deltas) (tid,
1564 ips, max_n_ips,
1565 sps,
1566 fps,
1567 first_ip_delta,
1568 0 /* first_sp_delta */
1569 );
1570 }
1571
1572 static void printIpDesc(UInt n, DiEpoch ep, Addr ip, void* uu_opaque)
1573 {
1574 InlIPCursor *iipc = VG_(new_IIPC)(ep, ip);
1575
1576 do {
1577 const HChar *buf = VG_(describe_IP)(ep, ip, iipc);
1578 if (VG_(clo_xml)) {
1579 VG_(printf_xml)(" %s\n", buf);
1580 } else {
1581 VG_(message)(Vg_UserMsg, " %s %s\n",
1582 ( n == 0 ? "at" : "by" ), buf);
1583 }
1584 n++;
1585 // Increase n to show "at" for only one level.
1586 } while (VG_(next_IIPC)(iipc));
1587 VG_(delete_IIPC)(iipc);
1588 }
1589
1590 /* Print a StackTrace. */
1591 void VG_(pp_StackTrace) ( DiEpoch ep, StackTrace ips, UInt n_ips )
1592 {
1593 vg_assert( n_ips > 0 );
1594
1595 if (VG_(clo_xml))
1596 VG_(printf_xml)(" <stack>\n");
1597
1598 VG_(apply_StackTrace)( printIpDesc, NULL, ep, ips, n_ips );
1599
1600 if (VG_(clo_xml))
1601 VG_(printf_xml)(" </stack>\n");
1602 }
1603
1604 /* Get and immediately print a StackTrace. */
1605 void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips )
1606 {
1607 Addr ips[max_n_ips];
1608 UInt n_ips
1609 = VG_(get_StackTrace)(tid, ips, max_n_ips,
1610 NULL/*array to dump SP values in*/,
1611 NULL/*array to dump FP values in*/,
1612 0/*first_ip_delta*/);
1613 VG_(pp_StackTrace)(VG_(current_DiEpoch)(), ips, n_ips);
1614 }
1615
1616 void VG_(apply_StackTrace)(
1617 void(*action)(UInt n, DiEpoch ep, Addr ip, void* opaque),
1618 void* opaque,
1619 DiEpoch ep, StackTrace ips, UInt n_ips
1620 )
1621 {
1622 Int i;
1623
1624 vg_assert(n_ips > 0);
1625 if ( ! VG_(clo_show_below_main) ) {
1626 // Search (from the outer frame onwards) the appearance of "main"
1627 // or the last appearance of a below main function.
1628 // Then decrease n_ips so as to not call action for the below main
1629 for (i = n_ips - 1; i >= 0; i--) {
1630 Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ep, ips[i]);
1631 if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind)
1632 n_ips = i + 1;
1633 if (Vg_FnNameMain == kind)
1634 break;
1635 }
1636 }
1637
1638 for (i = 0; i < n_ips; i++)
1639 // Act on the ip
1640 action(i, ep, ips[i], opaque);
1641 }
1642
1643
1644 /*--------------------------------------------------------------------*/
1645 /*--- end ---*/
1646 /*--------------------------------------------------------------------*/
Instrumentation framework for detecting many memory management and threading bugs, and profile your programs in detail.