| blob | d082316172ce7b514f466842a977e644e90cc3cb |
1 /* Target-dependent code for GDB, the GNU debugger.
3 Copyright 1986, 1987, 1989, 1991, 1992, 1993, 1994, 1995, 1996, 1997,
4 2000, 2001 Free Software Foundation, Inc.
6 This file is part of GDB.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 59 Temple Place - Suite 330,
21 Boston, MA 02111-1307, USA. */
36 /* The following two instructions are used in the signal trampoline
37 code on linux/ppc */
38 #define INSTR_LI_R0_0x7777 0x38007777
39 #define INSTR_SC 0x44000002
41 /* Since the *-tdep.c files are platform independent (i.e, they may be
42 used to build cross platform debuggers), we can't include system
43 headers. Therefore, details concerning the sigcontext structure
44 must be painstakingly rerecorded. What's worse, if these details
45 ever change in the header files, they'll have to be changed here
46 as well. */
48 /* __SIGNAL_FRAMESIZE from <asm/ptrace.h> */
49 #define PPC_LINUX_SIGNAL_FRAMESIZE 64
51 /* From <asm/sigcontext.h>, offsetof(struct sigcontext_struct, regs) == 0x1c */
52 #define PPC_LINUX_REGS_PTR_OFFSET (PPC_LINUX_SIGNAL_FRAMESIZE + 0x1c)
54 /* From <asm/sigcontext.h>,
55 offsetof(struct sigcontext_struct, handler) == 0x14 */
56 #define PPC_LINUX_HANDLER_PTR_OFFSET (PPC_LINUX_SIGNAL_FRAMESIZE + 0x14)
58 /* From <asm/ptrace.h>, values for PT_NIP, PT_R1, and PT_LNK */
59 #define PPC_LINUX_PT_R0 0
60 #define PPC_LINUX_PT_R1 1
61 #define PPC_LINUX_PT_R2 2
62 #define PPC_LINUX_PT_R3 3
63 #define PPC_LINUX_PT_R4 4
64 #define PPC_LINUX_PT_R5 5
65 #define PPC_LINUX_PT_R6 6
66 #define PPC_LINUX_PT_R7 7
67 #define PPC_LINUX_PT_R8 8
68 #define PPC_LINUX_PT_R9 9
69 #define PPC_LINUX_PT_R10 10
70 #define PPC_LINUX_PT_R11 11
71 #define PPC_LINUX_PT_R12 12
72 #define PPC_LINUX_PT_R13 13
73 #define PPC_LINUX_PT_R14 14
74 #define PPC_LINUX_PT_R15 15
75 #define PPC_LINUX_PT_R16 16
76 #define PPC_LINUX_PT_R17 17
77 #define PPC_LINUX_PT_R18 18
78 #define PPC_LINUX_PT_R19 19
79 #define PPC_LINUX_PT_R20 20
80 #define PPC_LINUX_PT_R21 21
81 #define PPC_LINUX_PT_R22 22
82 #define PPC_LINUX_PT_R23 23
83 #define PPC_LINUX_PT_R24 24
84 #define PPC_LINUX_PT_R25 25
85 #define PPC_LINUX_PT_R26 26
86 #define PPC_LINUX_PT_R27 27
87 #define PPC_LINUX_PT_R28 28
88 #define PPC_LINUX_PT_R29 29
89 #define PPC_LINUX_PT_R30 30
90 #define PPC_LINUX_PT_R31 31
91 #define PPC_LINUX_PT_NIP 32
92 #define PPC_LINUX_PT_MSR 33
93 #define PPC_LINUX_PT_CTR 35
94 #define PPC_LINUX_PT_LNK 36
95 #define PPC_LINUX_PT_XER 37
96 #define PPC_LINUX_PT_CCR 38
97 #define PPC_LINUX_PT_MQ 39
99 #define PPC_LINUX_PT_FPR31 (PPC_LINUX_PT_FPR0 + 2*31)
100 #define PPC_LINUX_PT_FPSCR (PPC_LINUX_PT_FPR0 + 2*32 + 1)
104 /* Determine if pc is in a signal trampoline...
106 Ha! That's not what this does at all. wait_for_inferior in infrun.c
107 calls IN_SIGTRAMP in order to detect entry into a signal trampoline
108 just after delivery of a signal. But on linux, signal trampolines
109 are used for the return path only. The kernel sets things up so that
110 the signal handler is called directly.
112 If we use in_sigtramp2() in place of in_sigtramp() (see below)
113 we'll (often) end up with stop_pc in the trampoline and prev_pc in
114 the (now exited) handler. The code there will cause a temporary
115 breakpoint to be set on prev_pc which is not very likely to get hit
116 again.
118 If this is confusing, think of it this way... the code in
119 wait_for_inferior() needs to be able to detect entry into a signal
120 trampoline just after a signal is delivered, not after the handler
121 has been run.
123 So, we define in_sigtramp() below to return 1 if the following is
124 true:
126 1) The previous frame is a real signal trampoline.
128 - and -
130 2) pc is at the first or second instruction of the corresponding
131 handler.
133 Why the second instruction? It seems that wait_for_inferior()
134 never sees the first instruction when single stepping. When a
135 signal is delivered while stepping, the next instruction that
136 would've been stepped over isn't, instead a signal is delivered and
137 the first instruction of the handler is stepped over instead. That
138 puts us on the second instruction. (I added the test for the
139 first instruction long after the fact, just in case the observed
140 behavior is ever fixed.)
142 IN_SIGTRAMP is called from blockframe.c as well in order to set
143 the signal_handler_caller flag. Because of our strange definition
144 of in_sigtramp below, we can't rely on signal_handler_caller getting
145 set correctly from within blockframe.c. This is why we take pains
146 to set it in init_extra_frame_info(). */
148 int
150 {
151 CORE_ADDR lr;
152 CORE_ADDR sp;
153 CORE_ADDR tramp_sp;
155 CORE_ADDR handler;
175 }
177 /*
178 * The signal handler trampoline is on the stack and consists of exactly
179 * two instructions. The easiest and most accurate way of determining
180 * whether the pc is in one of these trampolines is by inspecting the
181 * instructions. It'd be faster though if we could find a way to do this
182 * via some simple address comparisons.
183 */
184 static int
186 {
192 /* extract the instruction at the pc */
198 ||
201 }
203 CORE_ADDR
205 {
215 CORE_ADDR plt_table;
216 CORE_ADDR reloc;
217 CORE_ADDR sym;
222 /* Find the section pc is in; return if not in .plt */
229 /* Pick up the instruction at pc. It had better be of the
230 form
231 li r11, IDX
233 where IDX is an index into the plt_table. */
244 /* Find the objfile that pc is in and obtain the information
245 necessary for finding the symbol name. */
247 {
257 }
259 /* Make sure we have all the information we need. */
263 /* Compute the value of the plt table */
266 /* Get address of the relocation entry (Elf32_Rela) */
278 /* Now get the r_info field which is the relocation type and symbol
279 index. */
284 /* Shift out the relocation type leaving just the symbol index */
285 /* symidx = ELF32_R_SYM(symidx); */
288 /* compute the address of the symbol */
291 /* Fetch the string table index */
296 /* Fetch the string; we don't know how long it is. Is it possible
297 that the following will fail because we're trying to fetch too
298 much? */
302 /* This might not work right if we have multiple symbols with the
303 same name; the only way to really get it right is to perform
304 the same sort of lookup as the dynamic linker. */
310 }
312 /* The rs6000 version of FRAME_SAVED_PC will almost work for us. The
313 signal handler details are different, so we'll handle those here
314 and call the rs6000 version to do the rest. */
315 CORE_ADDR
317 {
319 {
320 CORE_ADDR regs_addr =
322 /* return the NIP in the regs array */
324 }
326 {
327 CORE_ADDR regs_addr =
329 /* return LNK in the regs array */
331 }
332 else
334 }
336 void
338 {
342 {
343 /* We're called from get_prev_frame_info; check to see if
344 this is a signal frame by looking to see if the pc points
345 at trampoline code */
348 else
350 }
351 }
353 int
355 {
356 /* We'll find the wrong thing if we let
357 rs6000_frameless_function_invocation () search for a signal trampoline */
360 else
362 }
364 void
366 {
368 {
369 CORE_ADDR regs_addr;
376 regs_addr =
389 }
390 else
392 }
394 CORE_ADDR
396 {
397 /* Kernel properly constructs the frame chain for the handler */
400 else
402 }
404 /* FIXME: Move the following to rs6000-tdep.c (or some other file where
405 it may be used generically by ports which use either the SysV ABI or
406 the EABI */
408 /* round2 rounds x up to the nearest multiple of s assuming that s is a
409 power of 2 */
411 #undef round2
412 #define round2(x,s) ((((long) (x) - 1) & ~(long)((s)-1)) + (s))
414 /* Pass the arguments in either registers, or in the stack. Using the
415 ppc sysv ABI, the first eight words of the argument list (that might
416 be less than eight parameters if some parameters occupy more than one
417 word) are passed in r3..r10 registers. float and double parameters are
418 passed in fpr's, in addition to that. Rest of the parameters if any
419 are passed in user stack.
421 If the function is returning a structure, then the return address is passed
422 in r3, then the first 7 words of the parametes can be passed in registers,
423 starting from r4. */
425 CORE_ADDR
428 {
435 value_ptr arg;
439 CORE_ADDR saved_sp;
446 /* Figure out how much new stack space is required for arguments
447 which don't fit in registers. Unlike the PowerOpen ABI, the
448 SysV ABI doesn't reserve any extra space for parameters which
449 are put in registers. */
451 {
457 {
459 freg++;
460 else
461 {
462 /* SysV ABI converts floats to doubles when placed in
463 memory and requires 8 byte alignment */
467 }
468 }
470 {
472 {
477 }
478 else
479 {
481 greg++;
483 }
484 }
485 else
486 {
490 {
491 /* Rounding to the nearest multiple of 8 may not be necessary,
492 but it is safe. Particularly since we don't know the
493 field types of the structure */
495 }
497 greg++;
498 else
500 }
501 }
503 /* Get current SP location */
508 /* Allocate space for backchain and callee's saved lr */
511 /* Make sure that we maintain 16 byte alignment */
514 /* Update %sp before proceeding any further */
517 /* write the backchain */
525 /* Fill in r3 with the return structure, if any */
527 {
531 greg++;
532 }
533 /* Now fill in the registers and stack... */
535 {
541 {
543 {
549 freg++;
550 }
551 else
552 {
553 /* SysV ABI converts floats to doubles when placed in
554 memory and requires 8 byte alignment */
555 /* FIXME: Convert floats to doubles */
560 }
561 }
563 {
565 {
571 }
572 else
573 {
575 greg++;
582 }
583 }
584 else
585 {
590 {
594 }
595 else
596 {
599 }
601 {
604 greg++;
605 }
606 else
607 {
610 }
611 }
612 }
616 }
618 /* ppc_linux_memory_remove_breakpoints attempts to remove a breakpoint
619 in much the same fashion as memory_remove_breakpoint in mem-break.c,
620 but is careful not to write back the previous contents if the code
621 in question has changed in between inserting the breakpoint and
622 removing it.
624 Here is the problem that we're trying to solve...
626 Once upon a time, before introducing this function to remove
627 breakpoints from the inferior, setting a breakpoint on a shared
628 library function prior to running the program would not work
629 properly. In order to understand the problem, it is first
630 necessary to understand a little bit about dynamic linking on
631 this platform.
633 A call to a shared library function is accomplished via a bl
634 (branch-and-link) instruction whose branch target is an entry
635 in the procedure linkage table (PLT). The PLT in the object
636 file is uninitialized. To gdb, prior to running the program, the
637 entries in the PLT are all zeros.
639 Once the program starts running, the shared libraries are loaded
640 and the procedure linkage table is initialized, but the entries in
641 the table are not (necessarily) resolved. Once a function is
642 actually called, the code in the PLT is hit and the function is
643 resolved. In order to better illustrate this, an example is in
644 order; the following example is from the gdb testsuite.
646 We start the program shmain.
648 [kev@arroyo testsuite]$ ../gdb gdb.base/shmain
649 [...]
651 We place two breakpoints, one on shr1 and the other on main.
653 (gdb) b shr1
654 Breakpoint 1 at 0x100409d4
655 (gdb) b main
656 Breakpoint 2 at 0x100006a0: file gdb.base/shmain.c, line 44.
658 Examine the instruction (and the immediatly following instruction)
659 upon which the breakpoint was placed. Note that the PLT entry
660 for shr1 contains zeros.
662 (gdb) x/2i 0x100409d4
663 0x100409d4 <shr1>: .long 0x0
664 0x100409d8 <shr1+4>: .long 0x0
666 Now run 'til main.
668 (gdb) r
669 Starting program: gdb.base/shmain
670 Breakpoint 1 at 0xffaf790: file gdb.base/shr1.c, line 19.
672 Breakpoint 2, main ()
673 at gdb.base/shmain.c:44
674 44 g = 1;
676 Examine the PLT again. Note that the loading of the shared
677 library has initialized the PLT to code which loads a constant
678 (which I think is an index into the GOT) into r11 and then
679 branchs a short distance to the code which actually does the
680 resolving.
682 (gdb) x/2i 0x100409d4
683 0x100409d4 <shr1>: li r11,4
684 0x100409d8 <shr1+4>: b 0x10040984 <sg+4>
685 (gdb) c
686 Continuing.
688 Breakpoint 1, shr1 (x=1)
689 at gdb.base/shr1.c:19
690 19 l = 1;
692 Now we've hit the breakpoint at shr1. (The breakpoint was
693 reset from the PLT entry to the actual shr1 function after the
694 shared library was loaded.) Note that the PLT entry has been
695 resolved to contain a branch that takes us directly to shr1.
696 (The real one, not the PLT entry.)
698 (gdb) x/2i 0x100409d4
699 0x100409d4 <shr1>: b 0xffaf76c <shr1>
700 0x100409d8 <shr1+4>: b 0x10040984 <sg+4>
702 The thing to note here is that the PLT entry for shr1 has been
703 changed twice.
705 Now the problem should be obvious. GDB places a breakpoint (a
706 trap instruction) on the zero value of the PLT entry for shr1.
707 Later on, after the shared library had been loaded and the PLT
708 initialized, GDB gets a signal indicating this fact and attempts
709 (as it always does when it stops) to remove all the breakpoints.
711 The breakpoint removal was causing the former contents (a zero
712 word) to be written back to the now initialized PLT entry thus
713 destroying a portion of the initialization that had occurred only a
714 short time ago. When execution continued, the zero word would be
715 executed as an instruction an an illegal instruction trap was
716 generated instead. (0 is not a legal instruction.)
718 The fix for this problem was fairly straightforward. The function
719 memory_remove_breakpoint from mem-break.c was copied to this file,
720 modified slightly, and renamed to ppc_linux_memory_remove_breakpoint.
721 In tm-linux.h, MEMORY_REMOVE_BREAKPOINT is defined to call this new
722 function.
724 The differences between ppc_linux_memory_remove_breakpoint () and
725 memory_remove_breakpoint () are minor. All that the former does
726 that the latter does not is check to make sure that the breakpoint
727 location actually contains a breakpoint (trap instruction) prior
728 to attempting to write back the old contents. If it does contain
729 a trap instruction, we allow the old contents to be written back.
730 Otherwise, we silently do nothing.
732 The big question is whether memory_remove_breakpoint () should be
733 changed to have the same functionality. The downside is that more
734 traffic is generated for remote targets since we'll have an extra
735 fetch of a memory word each time a breakpoint is removed.
737 For the time being, we'll leave this self-modifying-code-friendly
738 version in ppc-linux-tdep.c, but it ought to be migrated somewhere
739 else in the event that some other platform has similar needs with
740 regard to removing breakpoints in some potentially self modifying
741 code. */
742 int
744 {
750 /* Determine appropriate breakpoint contents and size for this address. */
757 /* If our breakpoint is no longer at the address, this means that the
758 program modified the code on us, so it is wrong to put back the
759 old value */
764 }