search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
FreeBSD Helgrind: turn off check for locks held on exit for FreeBSD 14.2
[valgrind.git] / coregrind / m_stacktrace.c
blob2cb0f3233e3d0a84c722b2ac60f85782be882a06
1
2 /*--------------------------------------------------------------------*/
3 /*--- Take snapshots of client stacks. m_stacktrace.c ---*/
4 /*--------------------------------------------------------------------*/
5
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
9
10 Copyright (C) 2000-2017 Julian Seward
11 jseward@acm.org
12
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
17
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
22
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, see <http://www.gnu.org/licenses/>.
25
26 The GNU General Public License is contained in the file COPYING.
27 */
28
29 #include "pub_core_basics.h"
30 #include "pub_core_vki.h"
31 #include "pub_core_threadstate.h"
32 #include "pub_core_debuginfo.h" // XXX: circular dependency
33 #include "pub_core_aspacemgr.h" // For VG_(is_addressable)()
34 #include "pub_core_libcbase.h"
35 #include "pub_core_libcassert.h"
36 #include "pub_core_libcprint.h"
37 #include "pub_core_machine.h"
38 #include "pub_core_options.h"
39 #include "pub_core_stacks.h" // VG_(stack_limits)
40 #include "pub_core_stacktrace.h"
41 #include "pub_core_syswrap.h" // VG_(is_in_syscall)
42 #include "pub_core_xarray.h"
43 #include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80)
44 #include "pub_core_trampoline.h"
45 #include "config.h"
46
47
48 /*------------------------------------------------------------*/
49 /*--- ---*/
50 /*--- BEGIN platform-dependent unwinder worker functions ---*/
51 /*--- ---*/
52 /*------------------------------------------------------------*/
53
54 /* Take a snapshot of the client's stack, putting up to 'max_n_ips'
55 IPs into 'ips'. In order to be thread-safe, we pass in the
56 thread's IP SP, FP if that's meaningful, and LR if that's
57 meaningful. Returns number of IPs put in 'ips'.
58
59 If you know what the thread ID for this stack is, send that as the
60 first parameter, else send zero. This helps generate better stack
61 traces on ppc64-linux and has no effect on other platforms.
62 */
63
64 /* Do frame merging in the _i frames in _ips array of recursive cycles
65 of up to _nframes. The merge is done during stack unwinding
66 (i.e. in platform specific unwinders) to collect as many
67 "interesting" stack traces as possible. */
68 #define RECURSIVE_MERGE(_nframes,_ips,_i) if (UNLIKELY(_nframes > 0)) \
69 do { \
70 Int dist; \
71 for (dist = 1; dist <= _nframes && dist < (Int)_i; dist++) { \
72 if (_ips[_i-1] == _ips[_i-1-dist]) { \
73 _i = _i - dist; \
74 break; \
75 } \
76 } \
77 } while (0)
78
79 /* Note about calculation of fp_min : fp_min is the lowest address
80 which can be accessed during unwinding. This is SP - VG_STACK_REDZONE_SZB.
81 On most platforms, this will be equal to SP (as VG_STACK_REDZONE_SZB
82 is 0). However, on some platforms (e.g. amd64), there is an accessible
83 redzone below the SP. Some CFI unwind info are generated, taking this
84 into account. As an example, the following is a CFI unwind info on
85 amd64 found for a 'retq' instruction:
86 [0x400f7e .. 0x400f7e]: let cfa=oldSP+8 in RA=*(cfa+-8) SP=cfa+0 BP=*(cfa+-16)
87 0x400f7e: retq
88 As you can see, the previous BP is found 16 bytes below the cfa, which
89 is the oldSP+8. So, effectively, the BP is found 8 bytes below the SP.
90 The fp_min must take this into account, otherwise, VG_(use_CF_info) will
91 not unwind the BP. */
92
93 /* ------------------------ x86 ------------------------- */
94
95 #if defined(VGP_x86_linux) || defined(VGP_x86_darwin) \
96 || defined(VGP_x86_solaris) || defined(VGP_x86_freebsd)
97
98 #define N_FP_CF_VERIF 1021
99 // prime number so that size of fp_CF_verif is just below 4K or 8K
100 // Note that this prime nr differs from the one chosen in
101 // m_debuginfo/debuginfo.c for the cfsi cache : in case we have
102 // a collision here between two IPs, we expect to not (often) have the
103 // same collision in the cfsi cache (and vice-versa).
104
105 // unwinding with fp chain is ok:
106 #define FPUNWIND 0
107 // there is no CFI info for this IP:
108 #define NOINFO 1
109 // Unwind with FP is not ok, must use CF unwind:
110 #define CFUNWIND 2
111
112 static Addr fp_CF_verif_cache [N_FP_CF_VERIF];
113
114 /* An unwind done by following the fp chain technique can be incorrect
115 as not all frames are respecting the standard bp/sp ABI.
116 The CF information is now generated by default by gcc
117 (as part of the dwarf info). However, unwinding using CF information
118 is significantly slower : a slowdown of 20% has been observed
119 on an helgrind test case.
120 So, by default, the unwinding will be done using the fp chain.
121 But before accepting to unwind an IP with fp_chain, the result
122 of the unwind will be checked with the CF information.
123 This check can give 3 results:
124 FPUNWIND (0): there is CF info, and it gives the same result as fp unwind.
125 => it is assumed that future unwind for this IP can be done
126 with the fast fp chain, without further CF checking
127 NOINFO (1): there is no CF info (so, fp unwind is the only do-able thing)
128 CFUNWIND (2): there is CF info, but unwind result differs.
129 => it is assumed that future unwind for this IP must be done
130 with the CF info.
131 Of course, if each fp unwind implies a check done with a CF unwind,
132 it would just be slower => we cache the check result in an
133 array of checked Addr.
134 The check for an IP will be stored at
135 fp_CF_verif_cache[IP % N_FP_CF_VERIF] as one of:
136 IP ^ FPUNWIND
137 IP ^ NOINFO
138 IP ^ CFUNWIND
139
140 Note: we can re-use the last (ROUNDDOWN (log (N_FP_CF_VERIF))) bits
141 to store the check result, as they are guaranteed to be non significant
142 in the comparison between 2 IPs stored in fp_CF_verif_cache).
143 In other words, if two IPs are only differing on the last 2 bits,
144 then they will not land in the same cache bucket.
145 */
146
147 /* cached result of VG_(FPO_info_present)(). Refreshed each time
148 the fp_CF_verif_generation is different of the current debuginfo
149 generation. */
150 static Bool FPO_info_present = False;
151
152 static UInt fp_CF_verif_generation = 0;
153 // Our cache has to be maintained in sync with the CFI cache.
154 // Each time the debuginfo is changed, its generation will be incremented.
155 // We will clear our cache when our saved generation differs from
156 // the debuginfo generation.
157
158 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
159 /*OUT*/Addr* ips, UInt max_n_ips,
160 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
161 const UnwindStartRegs* startRegs,
162 Addr fp_max_orig )
163 {
164 const Bool do_stats = False; // compute and output some stats regularly.
165 static struct {
166 UInt nr; // nr of stacktraces computed
167 UInt nf; // nr of frames computed
168 UInt Ca; // unwind for which cache indicates CFUnwind must be used.
169 UInt FF; // unwind for which cache indicates FPUnwind can be used.
170 UInt Cf; // unwind at end of stack+store CFUNWIND (xip not end of stack).
171 UInt Fw; // unwind at end of stack+store FPUNWIND
172 UInt FO; // unwind + store FPUNWIND
173 UInt CF; // unwind + store CFUNWIND. Details below.
174 UInt xi; UInt xs; UInt xb; // register(s) which caused a 'store CFUNWIND'.
175 UInt Ck; // unwind fp invalid+store FPUNWIND
176 UInt MS; // microsoft unwind
177 } stats;
178
179 const Bool debug = False;
180 // = VG_(debugLog_getLevel) () > 3;
181 // = True;
182 // = stats.nr >= 123456;
183 const HChar* unwind_case; // used when debug is True.
184 // Debugging this function is not straightforward.
185 // Here is the easiest way I have found:
186 // 1. Change the above to True.
187 // 2. Start your program under Valgrind with --tool=none --vgdb-error=0
188 // 3. Use GDB/vgdb to put a breakpoint where you want to debug the stacktrace
189 // 4. Continue till breakpoint is encountered
190 // 5. From GDB, use 'monitor v.info scheduler' and examine the unwind traces.
191 // You might have to do twice 'monitor v.info scheduler' to see
192 // the effect of caching the results of the verification.
193 // You can also modify the debug dynamically using by using
194 // 'monitor v.set debuglog 4.
195
196 Int i;
197 Addr fp_max;
198 UInt n_found = 0;
199 const Int cmrf = VG_(clo_merge_recursive_frames);
200
201 vg_assert(sizeof(Addr) == sizeof(UWord));
202 vg_assert(sizeof(Addr) == sizeof(void*));
203
204 D3UnwindRegs fpverif_uregs; // result of CF unwind for a check reason.
205 Addr xip_verified = 0; // xip for which we have calculated fpverif_uregs
206 // 0 assigned to silence false positive -Wuninitialized warning
207 // This is a false positive as xip_verified is assigned when
208 // xip_verif > CFUNWIND and only used if xip_verif > CFUNWIND.
209
210 D3UnwindRegs uregs;
211 uregs.xip = (Addr)startRegs->r_pc;
212 uregs.xsp = (Addr)startRegs->r_sp;
213 uregs.xbp = startRegs->misc.X86.r_ebp;
214 Addr fp_min = uregs.xsp - VG_STACK_REDZONE_SZB;
215
216 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
217 stopping when the trail goes cold, which we guess to be
218 when FP is not a reasonable stack location. */
219
220 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
221 // current page, at least. Dunno if it helps.
222 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
223 fp_max = VG_PGROUNDUP(fp_max_orig);
224 if (fp_max >= sizeof(Addr))
225 fp_max -= sizeof(Addr);
226
227 if (debug)
228 VG_(printf)("max_n_ips=%u fp_min=0x%08lx fp_max_orig=0x08%lx, "
229 "fp_max=0x%08lx ip=0x%08lx fp=0x%08lx\n",
230 max_n_ips, fp_min, fp_max_orig, fp_max,
231 uregs.xip, uregs.xbp);
232
233 /* Assertion broken before main() is reached in pthreaded programs; the
234 * offending stack traces only have one item. --njn, 2002-aug-16 */
235 /* vg_assert(fp_min <= fp_max);*/
236 // On Darwin, this kicks in for pthread-related stack traces, so they're
237 // only 1 entry long which is wrong.
238 # if defined(VGO_linux)
239 if (fp_min + 512 >= fp_max) {
240 /* If the stack limits look bogus, don't poke around ... but
241 don't bomb out either. */
242 # elif defined(VGO_solaris) || defined(VGO_freebsd)
243 if (fp_max == 0) {
244 /* VG_(get_StackTrace)() can be called by tools very early when
245 various tracing options are enabled. Don't proceed further
246 if the stack limits look bogus.
247 */
248 # endif
249 # if defined(VGO_linux) || defined(VGO_solaris) || defined(VGO_freebsd)
250 if (sps) sps[0] = uregs.xsp;
251 if (fps) fps[0] = uregs.xbp;
252 ips[0] = uregs.xip;
253 return 1;
254 }
255 # endif
256
257 if (UNLIKELY (fp_CF_verif_generation != VG_(debuginfo_generation)())) {
258 fp_CF_verif_generation = VG_(debuginfo_generation)();
259 VG_(memset)(&fp_CF_verif_cache, 0, sizeof(fp_CF_verif_cache));
260 FPO_info_present = VG_(FPO_info_present)();
261 }
262
263
264 /* Loop unwinding the stack. Note that the IP value we get on
265 * each pass (whether from CFI info or a stack frame) is a
266 * return address so is actually after the calling instruction
267 * in the calling function.
268 *
269 * Because of this we subtract one from the IP after each pass
270 * of the loop so that we find the right CFI block on the next
271 * pass - otherwise we can find the wrong CFI info if it happens
272 * to change after the calling instruction and that will mean
273 * that we will fail to unwind the next step.
274 *
275 * This most frequently happens at the end of a function when
276 * a tail call occurs and we wind up using the CFI info for the
277 * next function which is completely wrong.
278 */
279 if (sps) sps[0] = uregs.xsp;
280 if (fps) fps[0] = uregs.xbp;
281 ips[0] = uregs.xip;
282 i = 1;
283 if (do_stats) stats.nr++;
284
285 while (True) {
286
287 if (i >= max_n_ips)
288 break;
289
290 UWord hash = uregs.xip % N_FP_CF_VERIF;
291 Addr xip_verif = uregs.xip ^ fp_CF_verif_cache [hash];
292 if (debug)
293 VG_(printf)(" uregs.xip 0x%08lx xip_verif[0x%08lx]"
294 " xbp 0x%08lx xsp 0x%08lx\n",
295 uregs.xip, xip_verif,
296 uregs.xbp, uregs.xsp);
297 // If xip is in cache, then xip_verif will be <= CFUNWIND.
298 // Otherwise, if not in cache, xip_verif will be > CFUNWIND.
299
300 /* Try to derive a new (ip,sp,fp) triple from the current set. */
301
302 /* Do we have to do CFI unwinding ?
303 We do CFI unwinding if one of the following condition holds:
304 a. fp_CF_verif_cache contains xip but indicates CFUNWIND must
305 be done (i.e. fp unwind check failed when we did the first
306 unwind for this IP).
307 b. fp_CF_verif_cache does not contain xip.
308 We will try CFI unwinding in fpverif_uregs and compare with
309 FP unwind result to insert xip in the cache with the correct
310 indicator. */
311 if (UNLIKELY(xip_verif >= CFUNWIND)) {
312 if (xip_verif == CFUNWIND) {
313 /* case a : do "real" cfi unwind */
314 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
315 if (debug) unwind_case = "Ca";
316 if (do_stats) stats.Ca++;
317 goto unwind_done;
318 }
319 /* ??? cache indicates we have to do CFI unwind (so, we
320 previously found CFI info, and failed the fp unwind
321 check). Now, we just failed with CFI. So, once we
322 succeed, once we fail. No idea what is going on =>
323 cleanup the cache entry and fallover to fp unwind (this
324 time). */
325 fp_CF_verif_cache [hash] = 0;
326 if (debug) VG_(printf)(" cache reset as CFI ok then nok\n");
327 //??? stats
328 xip_verif = NOINFO;
329 } else {
330 /* case b : do "verif" cfi unwind in fpverif_uregs */
331 fpverif_uregs = uregs;
332 xip_verified = uregs.xip;
333 if ( !VG_(use_CF_info)( &fpverif_uregs, fp_min, fp_max ) ) {
334 fp_CF_verif_cache [hash] = uregs.xip ^ NOINFO;
335 if (debug) VG_(printf)(" cache NOINFO fpverif_uregs\n");
336 xip_verif = NOINFO;
337 }
338 }
339 }
340
341 /* On x86, try the old-fashioned method of following the
342 %ebp-chain. This can be done if the fp_CF_verif_cache for xip
343 indicate fp unwind is ok. This must be done if the cache indicates
344 there is no info. This is also done to confirm what to put in the cache
345 if xip was not in the cache. */
346 /* This deals with frames resulting from functions which begin "pushl%
347 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */
348 if (fp_min <= uregs.xbp &&
349 uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/ &&
350 VG_IS_4_ALIGNED(uregs.xbp))
351 {
352 Addr old_xsp;
353
354 /* fp looks sane, so use it. */
355 uregs.xip = (((UWord*)uregs.xbp)[1]);
356 // We stop if we hit a zero (the traditional end-of-stack
357 // marker) or a one -- these correspond to recorded IPs of 0 or -1.
358 // The latter because r8818 (in this file) changes the meaning of
359 // entries [1] and above in a stack trace, by subtracting 1 from
360 // them. Hence stacks that used to end with a zero value now end in
361 // -1 and so we must detect that too.
362 if (0 == uregs.xip || 1 == uregs.xip) {
363 if (xip_verif > CFUNWIND) {
364 // Check if we obtain the same result with fp unwind.
365 // If same result, then mark xip as fp unwindable
366 if (uregs.xip == fpverif_uregs.xip) {
367 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND;
368 if (debug) VG_(printf)(" cache FPUNWIND 0\n");
369 unwind_case = "Fw";
370 if (do_stats) stats.Fw++;
371 break;
372 } else {
373 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
374 uregs = fpverif_uregs;
375 if (debug) VG_(printf)(" cache CFUNWIND 0\n");
376 unwind_case = "Cf";
377 if (do_stats) stats.Cf++;
378 goto unwind_done;
379 }
380 } else {
381 // end of stack => out of the loop.
382 break;
383 }
384 }
385
386 old_xsp = uregs.xsp;
387 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/
388 + sizeof(Addr) /*ra*/;
389 uregs.xbp = (((UWord*)uregs.xbp)[0]);
390 if (xip_verif > CFUNWIND) {
391 if (uregs.xip == fpverif_uregs.xip
392 && uregs.xsp == fpverif_uregs.xsp
393 && uregs.xbp == fpverif_uregs.xbp) {
394 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND;
395 if (debug) VG_(printf)(" cache FPUNWIND >2\n");
396 if (debug) unwind_case = "FO";
397 if (do_stats) stats.FO++;
398 if (old_xsp >= uregs.xsp) {
399 if (debug)
400 VG_(printf) (" FO end of stack old_xsp %p >= xsp %p\n",
401 (void*)old_xsp, (void*)uregs.xsp);
402 break;
403 }
404 } else {
405 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
406 if (debug) VG_(printf)(" cache CFUNWIND >2\n");
407 if (do_stats && uregs.xip != fpverif_uregs.xip) stats.xi++;
408 if (do_stats && uregs.xsp != fpverif_uregs.xsp) stats.xs++;
409 if (do_stats && uregs.xbp != fpverif_uregs.xbp) stats.xb++;
410 uregs = fpverif_uregs;
411 if (debug) unwind_case = "CF";
412 if (do_stats) stats.CF++;
413 }
414 } else {
415 if (debug) unwind_case = "FF";
416 if (do_stats) stats.FF++;
417 if (old_xsp >= uregs.xsp) {
418 if (debug)
419 VG_(printf) (" FF end of stack old_xsp %p >= xsp %p\n",
420 (void*)old_xsp, (void*)uregs.xsp);
421 break;
422 }
423 }
424 goto unwind_done;
425 } else {
426 // fp unwind has failed.
427 // If we were checking the validity of the cfi unwinding,
428 // we mark in the cache that the fp unwind cannot be done, and that
429 // cfi unwind is desired.
430 if (xip_verif > CFUNWIND) {
431 // We know that fpverif_uregs contains valid information,
432 // as a failed cf unwind would have put NOINFO in xip_verif.
433 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
434 if (debug) VG_(printf)(" cache CFUNWIND as fp failed\n");
435 uregs = fpverif_uregs;
436 if (debug) unwind_case = "Ck";
437 if (do_stats) stats.Ck++;
438 goto unwind_done;
439 }
440 // xip_verif is FPUNWIND or NOINFO.
441 // We failed the cfi unwind and/or the fp unwind.
442 // => fallback to FPO info.
443 }
444
445 /* And, similarly, try for MSVC FPO unwind info. */
446 if (FPO_info_present
447 && VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp,
448 VG_(current_DiEpoch)(),
449 fp_min, fp_max ) ) {
450 if (debug) unwind_case = "MS";
451 if (do_stats) stats.MS++;
452 goto unwind_done;
453 }
454
455 /* No luck. We have to give up. */
456 break;
457
458 unwind_done:
459 /* Add a frame in ips/sps/fps */
460 /* fp is %ebp. sp is %esp. ip is %eip. */
461 if (0 == uregs.xip || 1 == uregs.xip) break;
462 if (sps) sps[i] = uregs.xsp;
463 if (fps) fps[i] = uregs.xbp;
464 ips[i++] = uregs.xip - 1;
465 /* -1: refer to calling insn, not the RA */
466 if (debug)
467 VG_(printf)(" ips%s[%d]=0x%08lx\n", unwind_case, i-1, ips[i-1]);
468 uregs.xip = uregs.xip - 1;
469 /* as per comment at the head of this loop */
470 RECURSIVE_MERGE(cmrf,ips,i);
471 }
472
473 if (do_stats) stats.nf += i;
474 if (do_stats && stats.nr % 10000 == 0) {
475 VG_(printf)("nr %u nf %u "
476 "Ca %u FF %u "
477 "Cf %u "
478 "Fw %u FO %u "
479 "CF %u (xi %u xs %u xb %u) "
480 "Ck %u MS %u\n",
481 stats.nr, stats.nf,
482 stats.Ca, stats.FF,
483 stats.Cf,
484 stats.Fw, stats.FO,
485 stats.CF, stats.xi, stats.xs, stats.xb,
486 stats.Ck, stats.MS);
487 }
488 n_found = i;
489 return n_found;
490 }
491
492 #undef N_FP_CF_VERIF
493 #undef FPUNWIND
494 #undef NOINFO
495 #undef CFUNWIND
496
497 #endif
498
499 /* ----------------------- amd64 ------------------------ */
500
501 #if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) \
502 || defined(VGP_amd64_solaris) || defined(VGP_amd64_freebsd)
503
504 /*
505 * Concerning the comment in the function about syscalls, this also used to
506 * apply to FreeBSD. I'm not sure what changed or when. The situation with
507 * FreeBSD going at least as far back as version 12.1 (so Nov 2019) is that
508 * system calls are implemented with generated wrappers that call through
509 * an interposing table of function pointers. The restult when built with
510 * clang is that code for the frame pointer prolog is generated but then
511 * an optimized sibling call is made. That means the frame pointer is popped
512 * off the stack and a jmp is made to the function in the table rather than
513 * a call.
514 *
515 * The end result is that, when we are in a syscall it is as though there were
516 * no prolog but a copy of the frame pointer is stored 64byte word below the
517 * stack pointer. If FreeBSD uses the hack for Darwin that sets
518 * ips[i] = *(Addr *)uregs.xsp - 1;
519 * then the caller of the syscall gets added twice.
520 */
521
522 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
523 /*OUT*/Addr* ips, UInt max_n_ips,
524 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
525 const UnwindStartRegs* startRegs,
526 Addr fp_max_orig )
527 {
528 const Bool debug = False;
529 Int i;
530 Addr fp_max;
531 UInt n_found = 0;
532 const Int cmrf = VG_(clo_merge_recursive_frames);
533
534 vg_assert(sizeof(Addr) == sizeof(UWord));
535 vg_assert(sizeof(Addr) == sizeof(void*));
536
537 D3UnwindRegs uregs;
538 uregs.xip = startRegs->r_pc;
539 uregs.xsp = startRegs->r_sp;
540 uregs.xbp = startRegs->misc.AMD64.r_rbp;
541 Addr fp_min = uregs.xsp - VG_STACK_REDZONE_SZB;
542
543 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
544 stopping when the trail goes cold, which we guess to be
545 when FP is not a reasonable stack location. */
546
547 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
548 // current page, at least. Dunno if it helps.
549 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
550 fp_max = VG_PGROUNDUP(fp_max_orig);
551 if (fp_max >= sizeof(Addr))
552 fp_max -= sizeof(Addr);
553
554 if (debug)
555 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
556 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
557 max_n_ips, fp_min, fp_max_orig, fp_max,
558 uregs.xip, uregs.xbp);
559
560 /* Assertion broken before main() is reached in pthreaded programs; the
561 * offending stack traces only have one item. --njn, 2002-aug-16 */
562 /* vg_assert(fp_min <= fp_max);*/
563 // On Darwin, this kicks in for pthread-related stack traces, so they're
564 // only 1 entry long which is wrong.
565 # if defined(VGO_linux)
566 if (fp_min + 256 >= fp_max) {
567 /* If the stack limits look bogus, don't poke around ... but
568 don't bomb out either. */
569 # elif defined(VGO_solaris)
570 if (fp_max == 0) {
571 /* VG_(get_StackTrace)() can be called by tools very early when
572 various tracing options are enabled. Don't proceed further
573 if the stack limits look bogus.
574 */
575 # endif
576 # if defined(VGO_linux) || defined(VGO_solaris)
577
578 if (sps) sps[0] = uregs.xsp;
579 if (fps) fps[0] = uregs.xbp;
580 ips[0] = uregs.xip;
581 return 1;
582 }
583 # endif
584
585 /* fp is %rbp. sp is %rsp. ip is %rip. */
586
587 ips[0] = uregs.xip;
588 if (sps) sps[0] = uregs.xsp;
589 if (fps) fps[0] = uregs.xbp;
590 i = 1;
591 if (debug)
592 VG_(printf)(" ipsS[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
593 i-1, ips[i-1], uregs.xbp, uregs.xsp);
594
595 # if defined(VGO_darwin)
596 if (VG_(is_valid_tid)(tid_if_known) &&
597 VG_(is_in_syscall)(tid_if_known) &&
598 i < max_n_ips) {
599 /* On Darwin, all the system call stubs have no function
600 * prolog. So instead of top of the stack being a new
601 * frame comprising a saved BP and a return address, we
602 * just have the return address in the caller's frame.
603 * Adjust for this by recording the return address.
604 */
605 if (debug)
606 VG_(printf)(" in syscall, use XSP-1\n");
607 ips[i] = *(Addr *)uregs.xsp - 1;
608 if (sps) sps[i] = uregs.xsp;
609 if (fps) fps[i] = uregs.xbp;
610 i++;
611 }
612 # endif
613
614 /* Loop unwinding the stack. Note that the IP value we get on
615 * each pass (whether from CFI info or a stack frame) is a
616 * return address so is actually after the calling instruction
617 * in the calling function.
618 *
619 * Because of this we subtract one from the IP after each pass
620 * of the loop so that we find the right CFI block on the next
621 * pass - otherwise we can find the wrong CFI info if it happens
622 * to change after the calling instruction and that will mean
623 * that we will fail to unwind the next step.
624 *
625 * This most frequently happens at the end of a function when
626 * a tail call occurs and we wind up using the CFI info for the
627 * next function which is completely wrong.
628 */
629 while (True) {
630 Addr old_xsp;
631
632 if (i >= max_n_ips)
633 break;
634
635 old_xsp = uregs.xsp;
636
637 /* Try to derive a new (ip,sp,fp) triple from the current set. */
638
639 /* First off, see if there is any CFI info to hand which can
640 be used. */
641 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
642 if (0 == uregs.xip || 1 == uregs.xip) break;
643 if (old_xsp >= uregs.xsp) {
644 if (debug)
645 VG_(printf) (" CF end of stack old_xsp %p >= xsp %p\n",
646 (void*)old_xsp, (void*)uregs.xsp);
647 break;
648 }
649 if (sps) sps[i] = uregs.xsp;
650 if (fps) fps[i] = uregs.xbp;
651 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
652 if (debug)
653 VG_(printf)(" ipsC[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
654 i-1, ips[i-1], uregs.xbp, uregs.xsp);
655 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
656 RECURSIVE_MERGE(cmrf,ips,i);
657 continue;
658 }
659
660 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so
661 we can safely try the old-fashioned method. */
662 /* This bit is supposed to deal with frames resulting from
663 functions which begin "pushq %rbp ; movq %rsp, %rbp".
664 Unfortunately, since we can't (easily) look at the insns at
665 the start of the fn, like GDB does, there's no reliable way
666 to tell. Hence the hack of first trying out CFI, and if that
667 fails, then use this as a fallback. */
668 /* Note: re "- 1 * sizeof(UWord)", need to take account of the
669 fact that we are prodding at & ((UWord*)fp)[1] and so need to
670 adjust the limit check accordingly. Omitting this has been
671 observed to cause segfaults on rare occasions. */
672 if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) {
673 /* fp looks sane, so use it. */
674 uregs.xip = (((UWord*)uregs.xbp)[1]);
675 if (0 == uregs.xip || 1 == uregs.xip) break;
676 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/
677 + sizeof(Addr) /*ra*/;
678 if (old_xsp >= uregs.xsp) {
679 if (debug)
680 VG_(printf) (" FF end of stack old_xsp %p >= xsp %p\n",
681 (void*)old_xsp, (void*)uregs.xsp);
682 break;
683 }
684 uregs.xbp = (((UWord*)uregs.xbp)[0]);
685 if (sps) sps[i] = uregs.xsp;
686 if (fps) fps[i] = uregs.xbp;
687 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
688 if (debug)
689 VG_(printf)(" ipsF[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
690 i-1, ips[i-1], uregs.xbp, uregs.xsp);
691 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
692 RECURSIVE_MERGE(cmrf,ips,i);
693 continue;
694 }
695
696 /* Last-ditch hack (evidently GDB does something similar). We
697 are in the middle of nowhere and we have a nonsense value for
698 the frame pointer. If the stack pointer is still valid,
699 assume that what it points at is a return address. Yes,
700 desperate measures. Could do better here:
701 - check that the supposed return address is in
702 an executable page
703 - check that the supposed return address is just after a call insn
704 - given those two checks, don't just consider *sp as the return
705 address; instead scan a likely section of stack (eg sp .. sp+256)
706 and use suitable values found there.
707 */
708 if (fp_min <= uregs.xsp && uregs.xsp < fp_max) {
709 uregs.xip = ((UWord*)uregs.xsp)[0];
710 if (0 == uregs.xip || 1 == uregs.xip) break;
711 if (sps) sps[i] = uregs.xsp;
712 if (fps) fps[i] = uregs.xbp;
713 ips[i++] = uregs.xip == 0
714 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a
715 thread stack */
716 : uregs.xip - 1;
717 /* -1: refer to calling insn, not the RA */
718 if (debug)
719 VG_(printf)(" ipsH[%d]=%#08lx\n", i-1, ips[i-1]);
720 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
721 uregs.xsp += 8;
722 RECURSIVE_MERGE(cmrf,ips,i);
723 continue;
724 }
725
726 /* No luck at all. We have to give up. */
727 break;
728 }
729
730 n_found = i;
731 return n_found;
732 }
733
734 #endif
735
736 /* -----------------------ppc32/64 ---------------------- */
737
738 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \
739 || defined(VGP_ppc64le_linux)
740
741 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
742 /*OUT*/Addr* ips, UInt max_n_ips,
743 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
744 const UnwindStartRegs* startRegs,
745 Addr fp_max_orig )
746 {
747 Bool lr_is_first_RA = False;
748 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
749 Word redir_stack_size = 0;
750 Word redirs_used = 0;
751 # endif
752 const Int cmrf = VG_(clo_merge_recursive_frames);
753 const DiEpoch cur_ep = VG_(current_DiEpoch)();
754
755 Bool debug = False;
756 Int i;
757 Addr fp_max;
758 UInt n_found = 0;
759
760 vg_assert(sizeof(Addr) == sizeof(UWord));
761 vg_assert(sizeof(Addr) == sizeof(void*));
762
763 Addr ip = (Addr)startRegs->r_pc;
764 Addr sp = (Addr)startRegs->r_sp;
765 Addr fp = sp;
766 # if defined(VGP_ppc32_linux)
767 Addr lr = startRegs->misc.PPC32.r_lr;
768 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
769 Addr lr = startRegs->misc.PPC64.r_lr;
770 # endif
771 Addr fp_min = sp - VG_STACK_REDZONE_SZB;
772
773 VG_(addr_load_di)(ip);
774
775 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
776 stopping when the trail goes cold, which we guess to be
777 when FP is not a reasonable stack location. */
778
779 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
780 // current page, at least. Dunno if it helps.
781 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
782 fp_max = VG_PGROUNDUP(fp_max_orig);
783 if (fp_max >= sizeof(Addr))
784 fp_max -= sizeof(Addr);
785
786 if (debug)
787 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
788 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
789 max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp);
790
791 /* Assertion broken before main() is reached in pthreaded programs; the
792 * offending stack traces only have one item. --njn, 2002-aug-16 */
793 /* vg_assert(fp_min <= fp_max);*/
794 if (fp_min + 512 >= fp_max) {
795 /* If the stack limits look bogus, don't poke around ... but
796 don't bomb out either. */
797 if (sps) sps[0] = sp;
798 if (fps) fps[0] = fp;
799 ips[0] = ip;
800 return 1;
801 }
802
803 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and
804 frame pointers. */
805
806 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
807 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE;
808 redirs_used = 0;
809 # endif
810
811 # if defined(VG_PLAT_USES_PPCTOC) || defined (VGP_ppc64le_linux)
812 /* Deal with bogus LR values caused by function
813 interception/wrapping on ppc-TOC platforms; see comment on
814 similar code a few lines further down. */
815 if (lr == (Addr)&VG_(ppctoc_magic_redirect_return_stub)
816 && VG_(is_valid_tid)(tid_if_known)) {
817 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP;
818 redirs_used++;
819 if (hsp >= 1 && hsp < redir_stack_size)
820 lr = VG_(threads)[tid_if_known]
821 .arch.vex.guest_REDIR_STACK[hsp-1];
822 }
823 # endif
824
825 /* We have to determine whether or not LR currently holds this fn
826 (call it F)'s return address. It might not if F has previously
827 called some other function, hence overwriting LR with a pointer
828 to some part of F. Hence if LR and IP point to the same
829 function then we conclude LR does not hold this function's
830 return address; instead the LR at entry must have been saved in
831 the stack by F's prologue and so we must get it from there
832 instead. Note all this guff only applies to the innermost
833 frame. */
834 lr_is_first_RA = False;
835 {
836 const HChar *buf_lr, *buf_ip;
837 /* The following conditional looks grossly inefficient and
838 surely could be majorly improved, with not much effort. */
839 if (VG_(get_fnname_raw) (cur_ep, lr, &buf_lr)) {
840 HChar buf_lr_copy[VG_(strlen)(buf_lr) + 1];
841 VG_(strcpy)(buf_lr_copy, buf_lr);
842 if (VG_(get_fnname_raw) (cur_ep, ip, &buf_ip))
843 if (VG_(strcmp)(buf_lr_copy, buf_ip))
844 lr_is_first_RA = True;
845 }
846 }
847
848 if (sps) sps[0] = fp; /* NB. not sp */
849 if (fps) fps[0] = fp;
850 ips[0] = ip;
851 i = 1;
852
853 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) {
854
855 /* initial FP is sane; keep going */
856 fp = (((UWord*)fp)[0]);
857
858 while (True) {
859
860 /* On ppc64-linux (ppc64-elf, really), the lr save
861 slot is 2 words back from sp, whereas on ppc32-elf(?) it's
862 only one word back. */
863 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
864 const Int lr_offset = 2;
865 # else
866 const Int lr_offset = 1;
867 # endif
868
869 if (i >= max_n_ips)
870 break;
871
872 /* Try to derive a new (ip,fp) pair from the current set. */
873
874 if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) {
875 /* fp looks sane, so use it. */
876
877 if (i == 1 && lr_is_first_RA)
878 ip = lr;
879 else
880 ip = (((UWord*)fp)[lr_offset]);
881
882 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
883 /* Nasty hack to do with function replacement/wrapping on
884 ppc64-linux. If LR points to our magic return stub,
885 then we are in a wrapped or intercepted function, in
886 which LR has been messed with. The original LR will
887 have been pushed onto the thread's hidden REDIR stack
888 one down from the top (top element is the saved R2) and
889 so we should restore the value from there instead.
890 Since nested redirections can and do happen, we keep
891 track of the number of nested LRs used by the unwinding
892 so far with 'redirs_used'. */
893 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub)
894 && VG_(is_valid_tid)(tid_if_known)) {
895 Word hsp = VG_(threads)[tid_if_known]
896 .arch.vex.guest_REDIR_SP;
897 hsp -= 2 * redirs_used;
898 redirs_used ++;
899 if (hsp >= 1 && hsp < redir_stack_size)
900 ip = VG_(threads)[tid_if_known]
901 .arch.vex.guest_REDIR_STACK[hsp-1];
902 }
903 # endif
904
905 if (0 == ip || 1 == ip) break;
906 if (sps) sps[i] = fp; /* NB. not sp */
907 if (fps) fps[i] = fp;
908 fp = (((UWord*)fp)[0]);
909 ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */
910 if (debug)
911 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]);
912 ip = ip - 1; /* ip is probably dead at this point, but
913 play safe, a la x86/amd64 above. See
914 extensive comments above. */
915 RECURSIVE_MERGE(cmrf,ips,i);
916 VG_(addr_load_di)(ip);
917 continue;
918 }
919
920 /* No luck there. We have to give up. */
921 break;
922 }
923 }
924
925 n_found = i;
926 return n_found;
927 }
928
929 #endif
930
931 /* ------------------------ arm ------------------------- */
932
933 #if defined(VGP_arm_linux)
934
935 static Bool in_same_fn ( Addr a1, Addr a2 )
936 {
937 const HChar *buf_a1, *buf_a2;
938 /* The following conditional looks grossly inefficient and
939 surely could be majorly improved, with not much effort. */
940 const DiEpoch cur_ep = VG_(current_DiEpoch)();
941 if (VG_(get_fnname_raw) (cur_ep, a1, &buf_a1)) {
942 HChar buf_a1_copy[VG_(strlen)(buf_a1) + 1];
943 VG_(strcpy)(buf_a1_copy, buf_a1);
944 if (VG_(get_fnname_raw) (cur_ep, a2, &buf_a2))
945 if (VG_(strcmp)(buf_a1_copy, buf_a2))
946 return True;
947 }
948 return False;
949 }
950
951 static Bool in_same_page ( Addr a1, Addr a2 ) {
952 return (a1 & ~0xFFF) == (a2 & ~0xFFF);
953 }
954
955 static Addr abs_diff ( Addr a1, Addr a2 ) {
956 return (Addr)(a1 > a2 ? a1 - a2 : a2 - a1);
957 }
958
959 static Bool has_XT_perms ( Addr a )
960 {
961 NSegment const* seg = VG_(am_find_nsegment)(a);
962 return seg && seg->hasX && seg->hasT;
963 }
964
965 static Bool looks_like_Thumb_call32 ( UShort w0, UShort w1 )
966 {
967 if (0)
968 VG_(printf)("isT32call %04x %04x\n", (UInt)w0, (UInt)w1);
969 // BL simm26
970 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
971 // BLX simm26
972 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
973 return False;
974 }
975
976 static Bool looks_like_Thumb_call16 ( UShort w0 )
977 {
978 return False;
979 }
980
981 static Bool looks_like_ARM_call ( UInt a0 )
982 {
983 if (0)
984 VG_(printf)("isA32call %08x\n", a0);
985 // Leading E forces unconditional only -- fix
986 if ((a0 & 0xFF000000) == 0xEB000000) return True;
987 return False;
988 }
989
990 static Bool looks_like_RA ( Addr ra )
991 {
992 /* 'ra' is a plausible return address if it points to
993 an instruction after a call insn. */
994 Bool isT = (ra & 1);
995 if (isT) {
996 // returning to Thumb code
997 ra &= ~1;
998 ra -= 4;
999 if (has_XT_perms(ra)) {
1000 UShort w0 = *(UShort*)ra;
1001 UShort w1 = in_same_page(ra, ra+2) ? *(UShort*)(ra+2) : 0;
1002 if (looks_like_Thumb_call16(w1) || looks_like_Thumb_call32(w0,w1))
1003 return True;
1004 }
1005 } else {
1006 // ARM
1007 ra &= ~3;
1008 ra -= 4;
1009 if (has_XT_perms(ra)) {
1010 UInt a0 = *(UInt*)ra;
1011 if (looks_like_ARM_call(a0))
1012 return True;
1013 }
1014 }
1015 return False;
1016 }
1017
1018 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1019 /*OUT*/Addr* ips, UInt max_n_ips,
1020 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1021 const UnwindStartRegs* startRegs,
1022 Addr fp_max_orig )
1023 {
1024 Bool debug = False;
1025 Int i;
1026 Addr fp_max;
1027 UInt n_found = 0;
1028 const Int cmrf = VG_(clo_merge_recursive_frames);
1029
1030 vg_assert(sizeof(Addr) == sizeof(UWord));
1031 vg_assert(sizeof(Addr) == sizeof(void*));
1032
1033 D3UnwindRegs uregs;
1034 uregs.r15 = startRegs->r_pc & 0xFFFFFFFE;
1035 uregs.r14 = startRegs->misc.ARM.r14;
1036 uregs.r13 = startRegs->r_sp;
1037 uregs.r12 = startRegs->misc.ARM.r12;
1038 uregs.r11 = startRegs->misc.ARM.r11;
1039 uregs.r7 = startRegs->misc.ARM.r7;
1040 Addr fp_min = uregs.r13 - VG_STACK_REDZONE_SZB;
1041
1042 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1043 stopping when the trail goes cold, which we guess to be
1044 when FP is not a reasonable stack location. */
1045
1046 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1047 // current page, at least. Dunno if it helps.
1048 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1049 fp_max = VG_PGROUNDUP(fp_max_orig);
1050 if (fp_max >= sizeof(Addr))
1051 fp_max -= sizeof(Addr);
1052
1053 if (debug)
1054 VG_(printf)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1055 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n",
1056 max_n_ips, fp_min, fp_max_orig, fp_max,
1057 uregs.r15, uregs.r13);
1058
1059 /* Assertion broken before main() is reached in pthreaded programs; the
1060 * offending stack traces only have one item. --njn, 2002-aug-16 */
1061 /* vg_assert(fp_min <= fp_max);*/
1062 // On Darwin, this kicks in for pthread-related stack traces, so they're
1063 // only 1 entry long which is wrong.
1064 if (fp_min + 512 >= fp_max) {
1065 /* If the stack limits look bogus, don't poke around ... but
1066 don't bomb out either. */
1067 if (sps) sps[0] = uregs.r13;
1068 if (fps) fps[0] = 0;
1069 ips[0] = uregs.r15;
1070 return 1;
1071 }
1072
1073 /* */
1074
1075 if (sps) sps[0] = uregs.r13;
1076 if (fps) fps[0] = 0;
1077 ips[0] = uregs.r15;
1078 i = 1;
1079
1080 /* Loop unwinding the stack. */
1081 Bool do_stack_scan = False;
1082
1083 /* First try the Official Way, using Dwarf CFI. */
1084 while (True) {
1085 if (debug) {
1086 VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n",
1087 i, uregs.r15, uregs.r13);
1088 }
1089
1090 if (i >= max_n_ips)
1091 break;
1092
1093 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1094 if (sps) sps[i] = uregs.r13;
1095 if (fps) fps[i] = 0;
1096 ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1;
1097 if (debug)
1098 VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n",
1099 uregs.r15, uregs.r13);
1100 uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1;
1101 RECURSIVE_MERGE(cmrf,ips,i);
1102 continue;
1103 }
1104
1105 /* No luck. We have to give up. */
1106 do_stack_scan = True;
1107 break;
1108 }
1109
1110 /* Now try Plan B (maybe) -- stack scanning. This often gives
1111 pretty bad results, so this has to be enabled explicitly by the
1112 user. */
1113 if (do_stack_scan
1114 && i < max_n_ips && i < (Int)VG_(clo_unw_stack_scan_thresh)) {
1115 Int nByStackScan = 0;
1116 Addr lr = uregs.r14;
1117 Addr sp = uregs.r13 & ~3;
1118 Addr pc = uregs.r15;
1119 // First see if LR contains
1120 // something that could be a valid return address.
1121 if (!in_same_fn(lr, pc) && looks_like_RA(lr)) {
1122 // take it only if 'cand' isn't obviously a duplicate
1123 // of the last found IP value
1124 Addr cand = (lr & 0xFFFFFFFE) - 1;
1125 if (abs_diff(cand, ips[i-1]) > 1) {
1126 if (sps) sps[i] = 0;
1127 if (fps) fps[i] = 0;
1128 ips[i++] = cand;
1129 RECURSIVE_MERGE(cmrf,ips,i);
1130 nByStackScan++;
1131 }
1132 }
1133 while (in_same_page(sp, uregs.r13)) {
1134 if (i >= max_n_ips)
1135 break;
1136 // we're in the same page; fairly safe to keep going
1137 UWord w = *(UWord*)(sp & ~0x3);
1138 if (looks_like_RA(w)) {
1139 Addr cand = (w & 0xFFFFFFFE) - 1;
1140 // take it only if 'cand' isn't obviously a duplicate
1141 // of the last found IP value
1142 if (abs_diff(cand, ips[i-1]) > 1) {
1143 if (sps) sps[i] = 0;
1144 if (fps) fps[i] = 0;
1145 ips[i++] = cand;
1146 RECURSIVE_MERGE(cmrf,ips,i);
1147 if (++nByStackScan >= VG_(clo_unw_stack_scan_frames)) break;
1148 }
1149 }
1150 sp += 4;
1151 }
1152 }
1153
1154 n_found = i;
1155 return n_found;
1156 }
1157
1158 #endif
1159
1160 /* ------------------------ arm64 ------------------------- */
1161
1162 #if defined(VGP_arm64_linux) || defined(VGP_arm64_freebsd)
1163
1164 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1165 /*OUT*/Addr* ips, UInt max_n_ips,
1166 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1167 const UnwindStartRegs* startRegs,
1168 Addr fp_max_orig )
1169 {
1170 Bool debug = False;
1171 Int i;
1172 Addr fp_max;
1173 UInt n_found = 0;
1174 const Int cmrf = VG_(clo_merge_recursive_frames);
1175
1176 vg_assert(sizeof(Addr) == sizeof(UWord));
1177 vg_assert(sizeof(Addr) == sizeof(void*));
1178
1179 D3UnwindRegs uregs;
1180 uregs.pc = startRegs->r_pc;
1181 uregs.sp = startRegs->r_sp;
1182 uregs.x30 = startRegs->misc.ARM64.x30;
1183 uregs.x29 = startRegs->misc.ARM64.x29;
1184 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1185
1186 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1187 stopping when the trail goes cold, which we guess to be
1188 when FP is not a reasonable stack location. */
1189
1190 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1191 // current page, at least. Dunno if it helps.
1192 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1193 fp_max = VG_PGROUNDUP(fp_max_orig);
1194 if (fp_max >= sizeof(Addr))
1195 fp_max -= sizeof(Addr);
1196
1197 if (debug)
1198 VG_(printf)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1199 "fp_max=0x%lx PC=0x%lx SP=0x%lx\n",
1200 max_n_ips, fp_min, fp_max_orig, fp_max,
1201 uregs.pc, uregs.sp);
1202
1203 /* Assertion broken before main() is reached in pthreaded programs; the
1204 * offending stack traces only have one item. --njn, 2002-aug-16 */
1205 /* vg_assert(fp_min <= fp_max);*/
1206 // On Darwin, this kicks in for pthread-related stack traces, so they're
1207 // only 1 entry long which is wrong.
1208 # if defined(VGO_linux)
1209 if (fp_min + 512 >= fp_max) {
1210 # elif defined(VGO_freebsd)
1211 if (fp_max == 0) {
1212 #endif
1213 # if defined(VGO_linux) || defined(VGO_freebsd)
1214 /* If the stack limits look bogus, don't poke around ... but
1215 don't bomb out either. */
1216 if (sps) sps[0] = uregs.sp;
1217 if (fps) fps[0] = uregs.x29;
1218 ips[0] = uregs.pc;
1219 return 1;
1220 }
1221 #endif
1222
1223 /* */
1224
1225 if (sps) sps[0] = uregs.sp;
1226 if (fps) fps[0] = uregs.x29;
1227 ips[0] = uregs.pc;
1228 i = 1;
1229
1230 /* Loop unwinding the stack, using CFI. */
1231 while (True) {
1232 if (debug) {
1233 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx\n",
1234 i, uregs.pc, uregs.sp);
1235 }
1236
1237 if (i >= max_n_ips)
1238 break;
1239
1240 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1241 if (sps) sps[i] = uregs.sp;
1242 if (fps) fps[i] = uregs.x29;
1243 ips[i++] = uregs.pc - 1;
1244 if (debug)
1245 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx\n",
1246 uregs.pc, uregs.sp);
1247 uregs.pc = uregs.pc - 1;
1248 RECURSIVE_MERGE(cmrf,ips,i);
1249 continue;
1250 }
1251
1252 /* No luck. We have to give up. */
1253 break;
1254 }
1255
1256 n_found = i;
1257 return n_found;
1258 }
1259
1260 #endif
1261
1262 /* ------------------------ s390x ------------------------- */
1263
1264 #if defined(VGP_s390x_linux)
1265
1266 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1267 /*OUT*/Addr* ips, UInt max_n_ips,
1268 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1269 const UnwindStartRegs* startRegs,
1270 Addr fp_max_orig )
1271 {
1272 Bool debug = False;
1273 Int i;
1274 Addr fp_max;
1275 UInt n_found = 0;
1276 const Int cmrf = VG_(clo_merge_recursive_frames);
1277
1278 vg_assert(sizeof(Addr) == sizeof(UWord));
1279 vg_assert(sizeof(Addr) == sizeof(void*));
1280
1281 D3UnwindRegs uregs;
1282 uregs.ia = startRegs->r_pc;
1283 uregs.sp = startRegs->r_sp;
1284 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1285 uregs.fp = startRegs->misc.S390X.r_fp;
1286 uregs.lr = startRegs->misc.S390X.r_lr;
1287 uregs.f0 = startRegs->misc.S390X.r_f0;
1288 uregs.f1 = startRegs->misc.S390X.r_f1;
1289 uregs.f2 = startRegs->misc.S390X.r_f2;
1290 uregs.f3 = startRegs->misc.S390X.r_f3;
1291 uregs.f4 = startRegs->misc.S390X.r_f4;
1292 uregs.f5 = startRegs->misc.S390X.r_f5;
1293 uregs.f6 = startRegs->misc.S390X.r_f6;
1294 uregs.f7 = startRegs->misc.S390X.r_f7;
1295
1296 fp_max = VG_PGROUNDUP(fp_max_orig);
1297 if (fp_max >= sizeof(Addr))
1298 fp_max -= sizeof(Addr);
1299
1300 if (debug)
1301 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1302 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n",
1303 max_n_ips, fp_min, fp_max_orig, fp_max,
1304 uregs.ia, uregs.sp,uregs.fp);
1305
1306 /* The first frame is pretty obvious */
1307 ips[0] = uregs.ia;
1308 if (sps) sps[0] = uregs.sp;
1309 if (fps) fps[0] = uregs.fp;
1310 i = 1;
1311
1312 /* for everything else we have to rely on the eh_frame. gcc defaults to
1313 not create a backchain and all the other tools (like gdb) also have
1314 to use the CFI. */
1315 while (True) {
1316 if (i >= max_n_ips)
1317 break;
1318
1319 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1320 if (sps) sps[i] = uregs.sp;
1321 if (fps) fps[i] = uregs.fp;
1322 ips[i++] = uregs.ia - 1;
1323 uregs.ia = uregs.ia - 1;
1324 RECURSIVE_MERGE(cmrf,ips,i);
1325 continue;
1326 }
1327 /* A problem on the first frame? Lets assume it was a bad jump.
1328 We will use the link register and the current stack and frame
1329 pointers and see if we can use the CFI in the next round. */
1330 if (i == 1) {
1331 if (sps) {
1332 sps[i] = sps[0];
1333 uregs.sp = sps[0];
1334 }
1335 if (fps) {
1336 fps[i] = fps[0];
1337 uregs.fp = fps[0];
1338 }
1339 uregs.ia = uregs.lr - 1;
1340 ips[i++] = uregs.lr - 1;
1341 RECURSIVE_MERGE(cmrf,ips,i);
1342 continue;
1343 }
1344
1345 /* No luck. We have to give up. */
1346 break;
1347 }
1348
1349 n_found = i;
1350 return n_found;
1351 }
1352
1353 #endif
1354
1355 /* ------------------------ mips 32/64 ------------------------- */
1356 #if defined(VGP_mips32_linux) || defined(VGP_mips64_linux) \
1357 || defined(VGP_nanomips_linux)
1358 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1359 /*OUT*/Addr* ips, UInt max_n_ips,
1360 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1361 const UnwindStartRegs* startRegs,
1362 Addr fp_max_orig )
1363 {
1364 Bool debug = False;
1365 Int i;
1366 Addr fp_max;
1367 UInt n_found = 0;
1368 const Int cmrf = VG_(clo_merge_recursive_frames);
1369
1370 vg_assert(sizeof(Addr) == sizeof(UWord));
1371 vg_assert(sizeof(Addr) == sizeof(void*));
1372
1373 D3UnwindRegs uregs;
1374 uregs.pc = startRegs->r_pc;
1375 uregs.sp = startRegs->r_sp;
1376 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1377
1378 #if defined(VGP_mips32_linux) || defined(VGP_nanomips_linux)
1379 uregs.fp = startRegs->misc.MIPS32.r30;
1380 uregs.ra = startRegs->misc.MIPS32.r31;
1381 #elif defined(VGP_mips64_linux)
1382 uregs.fp = startRegs->misc.MIPS64.r30;
1383 uregs.ra = startRegs->misc.MIPS64.r31;
1384 #endif
1385
1386 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1387 stopping when the trail goes cold, which we guess to be
1388 when FP is not a reasonable stack location. */
1389
1390 fp_max = VG_PGROUNDUP(fp_max_orig);
1391 if (fp_max >= sizeof(Addr))
1392 fp_max -= sizeof(Addr);
1393
1394 if (debug)
1395 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1396 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n",
1397 max_n_ips, fp_min, fp_max_orig, fp_max,
1398 uregs.pc, uregs.sp, uregs.fp);
1399
1400 if (sps) sps[0] = uregs.sp;
1401 if (fps) fps[0] = uregs.fp;
1402 ips[0] = uregs.pc;
1403 i = 1;
1404
1405 /* Loop unwinding the stack. */
1406
1407 while (True) {
1408 if (debug) {
1409 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1410 i, uregs.pc, uregs.sp, uregs.ra);
1411 }
1412 if (i >= max_n_ips)
1413 break;
1414
1415 D3UnwindRegs uregs_copy = uregs;
1416 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1417 if (debug)
1418 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1419 uregs.pc, uregs.sp, uregs.ra);
1420 if (0 != uregs.pc && 1 != uregs.pc) {
1421 if (sps) sps[i] = uregs.sp;
1422 if (fps) fps[i] = uregs.fp;
1423 ips[i++] = uregs.pc - 4;
1424 uregs.pc = uregs.pc - 4;
1425 RECURSIVE_MERGE(cmrf,ips,i);
1426 continue;
1427 } else
1428 uregs = uregs_copy;
1429 }
1430
1431 int seen_sp_adjust = 0;
1432 long frame_offset = 0;
1433 PtrdiffT offset;
1434 const DiEpoch cur_ep = VG_(current_DiEpoch)();
1435 if (VG_(get_inst_offset_in_function)(cur_ep, uregs.pc, &offset)) {
1436 Addr start_pc = uregs.pc - offset;
1437 Addr limit_pc = uregs.pc;
1438 Addr cur_pc;
1439 for (cur_pc = start_pc; cur_pc < limit_pc; cur_pc += 4) {
1440 unsigned long inst, high_word, low_word;
1441 unsigned long * cur_inst;
1442 /* Fetch the instruction. */
1443 cur_inst = (unsigned long *)cur_pc;
1444 inst = *((UInt *) cur_inst);
1445 if(debug)
1446 VG_(printf)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc, inst);
1447
1448 /* Save some code by pre-extracting some useful fields. */
1449 high_word = (inst >> 16) & 0xffff;
1450 low_word = inst & 0xffff;
1451
1452 if (high_word == 0x27bd /* addiu $sp,$sp,-i */
1453 || high_word == 0x23bd /* addi $sp,$sp,-i */
1454 || high_word == 0x67bd) { /* daddiu $sp,$sp,-i */
1455 if (low_word & 0x8000) /* negative stack adjustment? */
1456 frame_offset += 0x10000 - low_word;
1457 else
1458 /* Exit loop if a positive stack adjustment is found, which
1459 usually means that the stack cleanup code in the function
1460 epilogue is reached. */
1461 break;
1462 seen_sp_adjust = 1;
1463 }
1464 }
1465 if(debug)
1466 VG_(printf)("offset: 0x%ld\n", frame_offset);
1467 }
1468 if (seen_sp_adjust) {
1469 if (0 == uregs.pc || 1 == uregs.pc) break;
1470 if (uregs.pc == uregs.ra - 8) break;
1471 if (sps) {
1472 sps[i] = uregs.sp + frame_offset;
1473 }
1474 uregs.sp = uregs.sp + frame_offset;
1475
1476 if (fps) {
1477 fps[i] = fps[0];
1478 uregs.fp = fps[0];
1479 }
1480 if (0 == uregs.ra || 1 == uregs.ra) break;
1481 uregs.pc = uregs.ra - 8;
1482 ips[i++] = uregs.ra - 8;
1483 RECURSIVE_MERGE(cmrf,ips,i);
1484 continue;
1485 }
1486
1487 if (i == 1) {
1488 if (sps) {
1489 sps[i] = sps[0];
1490 uregs.sp = sps[0];
1491 }
1492 if (fps) {
1493 fps[i] = fps[0];
1494 uregs.fp = fps[0];
1495 }
1496 if (0 == uregs.ra || 1 == uregs.ra) break;
1497 uregs.pc = uregs.ra - 8;
1498 ips[i++] = uregs.ra - 8;
1499 RECURSIVE_MERGE(cmrf,ips,i);
1500 continue;
1501 }
1502 /* No luck. We have to give up. */
1503 break;
1504 }
1505
1506 n_found = i;
1507 return n_found;
1508 }
1509
1510 #endif
1511
1512 /*------------------------------------------------------------*/
1513 /*--- ---*/
1514 /*--- END platform-dependent unwinder worker functions ---*/
1515 /*--- ---*/
1516 /*------------------------------------------------------------*/
1517
1518 /*------------------------------------------------------------*/
1519 /*--- Exported functions. ---*/
1520 /*------------------------------------------------------------*/
1521
1522 UInt VG_(get_StackTrace_with_deltas)(
1523 ThreadId tid,
1524 /*OUT*/StackTrace ips, UInt n_ips,
1525 /*OUT*/StackTrace sps,
1526 /*OUT*/StackTrace fps,
1527 Word first_ip_delta,
1528 Word first_sp_delta
1529 )
1530 {
1531 /* Get the register values with which to start the unwind. */
1532 UnwindStartRegs startRegs;
1533 VG_(memset)( &startRegs, 0, sizeof(startRegs) );
1534 VG_(get_UnwindStartRegs)( &startRegs, tid );
1535
1536 Addr stack_highest_byte = VG_(threads)[tid].client_stack_highest_byte;
1537 Addr stack_lowest_byte = 0;
1538
1539 # if defined(VGP_x86_linux)
1540 /* Nasty little hack to deal with syscalls - if libc is using its
1541 _dl_sysinfo_int80 function for syscalls (the TLS version does),
1542 then ip will always appear to be in that function when doing a
1543 syscall, not the actual libc function doing the syscall. This
1544 check sees if IP is within that function, and pops the return
1545 address off the stack so that ip is placed within the library
1546 function calling the syscall. This makes stack backtraces much
1547 more useful.
1548
1549 The function is assumed to look like this (from glibc-2.3.6 sources):
1550 _dl_sysinfo_int80:
1551 int $0x80
1552 ret
1553 That is 3 (2+1) bytes long. We could be more thorough and check
1554 the 3 bytes of the function are as expected, but I can't be
1555 bothered.
1556 */
1557 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */
1558 && startRegs.r_pc >= VG_(client__dl_sysinfo_int80)
1559 && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3
1560 && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr),
1561 VKI_PROT_READ)) {
1562 startRegs.r_pc = (ULong) *(Addr*)(UWord)startRegs.r_sp;
1563 startRegs.r_sp += (ULong) sizeof(Addr);
1564 }
1565 # endif
1566
1567 /* See if we can get a better idea of the stack limits */
1568 VG_(stack_limits)( (Addr)startRegs.r_sp,
1569 &stack_lowest_byte, &stack_highest_byte );
1570
1571 /* Take into account the first_ip_delta and first_sp_delta. */
1572 startRegs.r_pc += (Long)first_ip_delta;
1573 startRegs.r_sp += (Long)first_sp_delta;
1574
1575 if (0)
1576 VG_(printf)("tid %u: stack_highest=0x%08lx ip=0x%010llx "
1577 "sp=0x%010llx\n",
1578 tid, stack_highest_byte,
1579 startRegs.r_pc, startRegs.r_sp);
1580
1581 return VG_(get_StackTrace_wrk)(tid, ips, n_ips,
1582 sps, fps,
1583 &startRegs,
1584 stack_highest_byte);
1585 }
1586
1587 UInt VG_(get_StackTrace) ( ThreadId tid,
1588 /*OUT*/StackTrace ips, UInt max_n_ips,
1589 /*OUT*/StackTrace sps,
1590 /*OUT*/StackTrace fps,
1591 Word first_ip_delta )
1592 {
1593 return VG_(get_StackTrace_with_deltas) (tid,
1594 ips, max_n_ips,
1595 sps,
1596 fps,
1597 first_ip_delta,
1598 0 /* first_sp_delta */
1599 );
1600 }
1601
1602 static void printIpDesc(UInt n, DiEpoch ep, Addr ip, void* uu_opaque)
1603 {
1604 InlIPCursor *iipc = VG_(new_IIPC)(ep, ip);
1605
1606 do {
1607 const HChar *buf = VG_(describe_IP)(ep, ip, iipc);
1608 if (VG_(clo_xml)) {
1609 VG_(printf_xml)(" %s\n", buf);
1610 } else {
1611 VG_(message)(Vg_UserMsg, " %s %s\n",
1612 ( n == 0 ? "at" : "by" ), buf);
1613 }
1614 n++;
1615 // Increase n to show "at" for only one level.
1616 } while (VG_(next_IIPC)(iipc));
1617 VG_(delete_IIPC)(iipc);
1618 }
1619
1620 /* Print a StackTrace. */
1621 void VG_(pp_StackTrace) ( DiEpoch ep, StackTrace ips, UInt n_ips )
1622 {
1623 vg_assert( n_ips > 0 );
1624
1625 if (VG_(clo_xml))
1626 VG_(printf_xml)(" <stack>\n");
1627
1628 VG_(apply_StackTrace)( printIpDesc, NULL, ep, ips, n_ips );
1629
1630 if (VG_(clo_xml))
1631 VG_(printf_xml)(" </stack>\n");
1632 }
1633
1634 /* Get and immediately print a StackTrace. */
1635 void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips )
1636 {
1637 Addr ips[max_n_ips];
1638 UInt n_ips
1639 = VG_(get_StackTrace)(tid, ips, max_n_ips,
1640 NULL/*array to dump SP values in*/,
1641 NULL/*array to dump FP values in*/,
1642 0/*first_ip_delta*/);
1643 VG_(pp_StackTrace)(VG_(current_DiEpoch)(), ips, n_ips);
1644 }
1645
1646 void VG_(apply_StackTrace)(
1647 void(*action)(UInt n, DiEpoch ep, Addr ip, void* opaque),
1648 void* opaque,
1649 DiEpoch ep, StackTrace ips, UInt n_ips
1650 )
1651 {
1652 Int i;
1653
1654 vg_assert(n_ips > 0);
1655 if ( ! VG_(clo_show_below_main) ) {
1656 // Search (from the outer frame onwards) the appearance of "main"
1657 // or the last appearance of a below main function.
1658 // Then decrease n_ips so as to not call action for the below main
1659 for (i = n_ips - 1; i >= 0; i--) {
1660 Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ep, ips[i]);
1661 if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind)
1662 n_ips = i + 1;
1663 if (Vg_FnNameMain == kind)
1664 break;
1665 }
1666 }
1667
1668 for (i = 0; i < n_ips; i++)
1669 // Act on the ip
1670 action(i, ep, ips[i], opaque);
1671 }
1672
1673
1674 /*--------------------------------------------------------------------*/
1675 /*--- end ---*/
1676 /*--------------------------------------------------------------------*/
Instrumentation framework for detecting many memory management and threading bugs, and profile your programs in detail.