| blob | c8a6124a2cb9b485cec59f1accdb28bce08a09d3 |
1 /* -*- mode: C; c-basic-offset: 3; -*- */
3 /*--------------------------------------------------------------------*/
4 /*--- Top level management of symbols and debugging information. ---*/
5 /*--- debuginfo.c ---*/
6 /*--------------------------------------------------------------------*/
8 /*
9 This file is part of Valgrind, a dynamic binary instrumentation
10 framework.
12 Copyright (C) 2000-2017 Julian Seward
13 jseward@acm.org
15 This program is free software; you can redistribute it and/or
16 modify it under the terms of the GNU General Public License as
17 published by the Free Software Foundation; either version 2 of the
18 License, or (at your option) any later version.
20 This program is distributed in the hope that it will be useful, but
21 WITHOUT ANY WARRANTY; without even the implied warranty of
22 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 General Public License for more details.
25 You should have received a copy of the GNU General Public License
26 along with this program; if not, write to the Free Software
27 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
28 02111-1307, USA.
30 The GNU General Public License is contained in the file COPYING.
31 */
60 #if defined(VGO_linux) || defined(VGO_solaris)
64 #elif defined(VGO_darwin)
67 #endif
70 /* Set this to 1 to enable debug printing for the
71 should-we-load-debuginfo-now? finite state machine. */
72 #define DEBUG_FSM 0
74 /* Set this to 1 to enable somewhat minimal debug printing for the
75 debuginfo-epoch machinery. */
76 #define DEBUG_EPOCHS 0
79 /*------------------------------------------------------------*/
80 /*--- The _svma / _avma / _image / _bias naming scheme ---*/
81 /*------------------------------------------------------------*/
83 /* JRS 11 Jan 07: I find the different kinds of addresses involved in
84 debuginfo reading confusing. Recently I arrived at some
85 terminology which makes it clearer (to me, at least). There are 3
86 kinds of address used in the debuginfo reading process:
88 stated VMAs - the address where (eg) a .so says a symbol is, that
89 is, what it tells you if you consider the .so in
90 isolation
92 actual VMAs - the address where (eg) said symbol really wound up
93 after the .so was mapped into memory
95 image addresses - pointers into the copy of the .so (etc)
96 transiently mmaped aboard whilst we read its info
98 Additionally I use the term 'bias' to denote the difference
99 between stated and actual VMAs for a given entity.
101 This terminology is not used consistently, but a start has been
102 made. readelf.c and the call-frame info reader in readdwarf.c now
103 use it. Specifically, various variables and structure fields have
104 been annotated with _avma / _svma / _image / _bias. In places _img
105 is used instead of _image for the sake of brevity.
106 */
109 /*------------------------------------------------------------*/
110 /*--- fwdses ---*/
111 /*------------------------------------------------------------*/
116 /*------------------------------------------------------------*/
117 /*--- Epochs ---*/
118 /*------------------------------------------------------------*/
120 /* The DebugInfo epoch is incremented every time we either load debuginfo in
121 response to an object mapping, or an existing DebugInfo becomes
122 non-current (or will be discarded) due to an object unmap. By storing,
123 in each DebugInfo, the first and last epoch for which it is valid, we can
124 unambiguously identify the set of DebugInfos which should be used to
125 provide metadata for a code or data address, provided we know the epoch
126 to which that address pertains.
128 Note, this isn't the same as the "handle_counter" below. That only
129 advances when new DebugInfos are created. "current_epoch" advances both
130 at DebugInfo created and destruction-or-making-non-current.
131 */
133 // The value zero is reserved for indicating an invalid epoch number.
138 }
141 current_epoch++;
145 }
149 }
151 // Is this DebugInfo currently "allocated" (pre-use state, only FSM active) ?
153 {
159 }
160 }
162 // Is this DebugInfo currently "active" (valid for the current epoch) ?
164 {
167 // Yes it is active. Sanity check ..
172 }
173 }
175 // Is this DebugInfo currently "archived" ?
177 {
180 // Yes it is archived. Sanity checks ..
186 }
187 }
189 // Is this DebugInfo valid for the specified epoch?
191 {
192 // Stay sane
200 // Both valid. di is in Archived state.
203 // First is valid, last is invalid. di is in Active state.
205 }
208 // Neither is valid. di is in Allocated state.
210 }
212 }
215 {
217 }
220 /*------------------------------------------------------------*/
221 /*--- Root structure ---*/
222 /*------------------------------------------------------------*/
224 /* The root structure for the entire debug info system. It is a
225 linked list of DebugInfos. */
229 /* Find 'di' in the debugInfo_list and move it one step closer to the
230 front of the list, so as to make subsequent searches for it
231 cheaper. When used in a controlled way, makes a major improvement
232 in some DebugInfo-search-intensive situations, most notably stack
233 unwinding on amd64-linux. */
235 {
248 }
252 /* di0 points to di, di1 to its predecessor, and di2 to di1's
253 predecessor. Swap di0 and di1, that is, move di0 one step
254 closer to the start of the list. */
261 }
262 else
264 /* it's second in the list. */
270 }
271 }
274 // Debugging helper for epochs
276 {
281 current_epoch);
285 }
287 }
288 }
291 /*------------------------------------------------------------*/
292 /*--- Notification (acquire/discard) helpers ---*/
293 /*------------------------------------------------------------*/
295 /* Gives out unique abstract handles for allocated DebugInfos. See
296 comment in priv_storage.h, declaration of struct _DebugInfo, for
297 details. */
300 /* Allocate and zero out a new DebugInfo record. */
301 static
303 {
304 Bool traceme;
318 /* Everything else -- pointers, sizes, arrays -- is zeroed by
319 ML_(dinfo_zalloc). Now set up the debugging-output flags. */
320 traceme
328 }
331 }
334 /* Free a DebugInfo, and also all the stuff hanging off it. */
336 {
357 /* We have to visit all the entries so as to free up any
358 sec_names arrays that might exist. */
364 }
365 /* and finally .. */
367 }
374 /* Delete the two admin arrays. These lists exist primarily so
375 that we can visit each object exactly once when we need to
376 delete them. */
381 /* Dump anything hanging off this ent */
383 }
386 }
393 }
396 }
398 /* Dump the variable info. This is kinda complex: we must take
399 care not to free items which reside in either the admin lists
400 (as we have just freed them) or which reside in the DebugInfo's
401 string table. */
406 /* iterate over all entries in 'scope' */
411 /* for each var in 'arange' */
416 /* Nothing to free in var: all the pointer fields refer
417 to stuff either on an admin list, or in
418 .strpool */
419 }
421 /* Don't free arange itself, as OSetGen_Destroy does
422 that */
423 }
425 }
427 }
430 }
433 /* 'di' is a member of debugInfo_list. Find it, and either (remove it from
434 the list and free all storage reachable from it) or archive it.
435 Notify m_redir that this removal/archiving has happened.
437 Note that 'di' can't be archived. Is a DebugInfo is archived then we
438 want to hold on to it forever. This is asserted for.
440 Note also, we don't advance the current epoch here. That's the
441 responsibility of some (non-immediate) caller.
442 */
444 {
451 /* It must be active! */
455 /* Found it; (remove from list and free it), or archive it. */
465 reason);
469 }
472 }
474 /* Adjust the epoch markers appropriately. */
480 }
482 }
485 }
487 /* Not found. */
488 }
491 /* Repeatedly scan debugInfo_list, looking for DebugInfos with text
492 AVMAs intersecting [start,start+length), and call discard_DebugInfo
493 to get rid of them. This modifies the list, hence the multiple
494 iterations. Returns True iff any such DebugInfos were found.
495 */
497 {
499 Bool found;
515 /* no overlap */
519 }
521 }
526 }
529 }
532 /* Does [s1,+len1) overlap [s2,+len2) ? Note: does not handle
533 wraparound at the end of the address space -- just asserts in that
534 case. */
536 {
542 /* Assert that we don't have wraparound. If we do it would imply
543 that file sections are getting mapped around the end of the
544 address space, which sounds unlikely. */
549 }
552 /* Do the basic mappings of the two DebugInfos overlap in any way? */
554 {
564 }
565 }
568 }
571 /* Discard or archive all elements of debugInfo_list whose .mark bit is set.
572 */
574 {
586 }
591 }
592 }
595 /* Discard any elements of debugInfo_list which overlap with diRef.
596 Clearly diRef must have its mapping information set to something sane. */
598 {
601 /* Mark all the DebugInfos in debugInfo_list that need to be
602 deleted. First, clear all the mark bits; then set them if they
603 overlap with siRef. Since siRef itself is in this list we at
604 least expect its own mark bit to be set. */
612 }
613 }
615 }
618 /* Find the existing DebugInfo for |filename| or if not found, create
619 one. In the latter case |filename| is strdup'd into VG_AR_DINFO,
620 and the new DebugInfo is added to debugInfo_list. */
622 {
631 }
637 }
640 }
643 /* Debuginfo reading for 'di' has just been successfully completed.
644 Check that the invariants stated in
645 "Comment_on_IMPORTANT_CFSI_REPRESENTATIONAL_INVARIANTS" in
646 priv_storage.h are observed. */
648 {
654 /* This fn isn't called until after debuginfo for this object has
655 been successfully read. And that shouldn't happen until we have
656 both a r-x and rw- mapping for the object. Hence: */
661 /* We are interested in r-x mappings only */
665 /* degenerate case: r-x section is empty */
670 /* normal case: r-x section is nonempty */
671 /* invariant (0) */
674 /* invariant (1) */
684 }
685 }
688 /* invariant (2) */
691 /* Assume the csfi fits completely into one individual mapping
692 for now. This might need to be improved/reworked later. */
696 }
697 }
699 /* degenerate case: all r-x sections are empty */
703 }
705 /* invariant (2) - cont. */
709 /* invariants (3) and (4) */
721 }
722 }
726 }
727 }
730 /*--------------------------------------------------------------*/
731 /*--- ---*/
732 /*--- TOP LEVEL: INITIALISE THE DEBUGINFO SYSTEM ---*/
733 /*--- ---*/
734 /*--------------------------------------------------------------*/
737 {
738 /* There's actually very little to do here, since everything
739 centers around the DebugInfos in debugInfo_list, they are
740 created and destroyed on demand, and each one is treated more or
741 less independently. */
744 /* flush the debug info caches. */
746 }
749 /*--------------------------------------------------------------*/
750 /*--- ---*/
751 /*--- TOP LEVEL: NOTIFICATION (ACQUIRE/DISCARD INFO) (LINUX) ---*/
752 /*--- ---*/
753 /*--------------------------------------------------------------*/
755 #if defined(VGO_linux) || defined(VGO_darwin) || defined(VGO_solaris)
757 /* Helper (indirect) for di_notify_ACHIEVE_ACCEPT_STATE */
760 {
766 }
769 /* Helper (indirect) for di_notify_ACHIEVE_ACCEPT_STATE */
770 static void show_DebugInfoMappings
773 {
785 }
786 }
789 /* Helper for di_notify_ACHIEVE_ACCEPT_STATE. This removes overlaps
790 in |maps|, in a fairly weak way, by truncating overlapping ends.
791 This may need to be strengthened in future. Currently it performs
792 a post-fixup check, so as least we can be sure that if this
793 function returns (rather than asserts) that |maps| is overlap
794 free. */
795 static void truncate_DebugInfoMapping_overlaps
798 {
819 /* map_j was observed later than map_i, since the entries are
820 in the XArray in the order in which they were observed.
821 If map_j starts inside map_i, trim map_i's end so it does
822 not overlap map_j. This reflects the reality that when
823 two mmaped areas overlap, the later mmap silently
824 overwrites the earlier mmap's mapping. */
830 }
832 }
833 }
848 Bool overlap
850 /* If the following assert ever fails, it means the de-overlapping
851 scheme above is too weak, and needs improvement. */
853 }
854 }
857 }
860 /* The debug info system is driven by notifications that a text
861 segment has been mapped in, or unmapped, or when sections change
862 permission. It's all a bit kludgey and basically means watching
863 syscalls, trying to second-guess when the system's dynamic linker
864 is done with mapping in a new object for execution. This is all
865 tracked using the DebugInfoFSM struct for the object. Anyway, once
866 we finally decide we've got to an accept state, this section then
867 will acquire whatever info is available for the corresponding
868 object. This section contains the notification handlers, which
869 update the FSM and determine when an accept state has been reached.
870 */
872 /* When the sequence of observations causes a DebugInfoFSM to move
873 into the accept state, call here to actually get the debuginfo read
874 in. Returns a ULong whose purpose is described in comments
875 preceding VG_(di_notify_mmap) just below.
876 */
878 {
879 ULong di_handle;
880 Bool ok;
887 "-------------------------"
892 /* We're going to read symbols and debug info for the avma
893 ranges specified in the _DebugInfoFsm mapping array. First
894 get rid of any other DebugInfos which overlap any of those
895 ranges (to avoid total confusion). But only those valid in
896 the current epoch. We don't want to discard archived DebugInfos. */
899 /* The DebugInfoMappings that now exist in the FSM may involve
900 overlaps. This confuses ML_(read_elf_debug_info), and may cause
901 it to compute wrong biases. So de-overlap them now.
902 See http://bugzilla.mozilla.org/show_bug.cgi?id=788974 */
905 /* And acquire new info. */
906 # if defined(VGO_linux) || defined(VGO_solaris)
908 # elif defined(VGO_darwin)
910 # else
912 # endif
918 /* invalidate the debug info caches. */
920 /* prepare read data for use */
922 /* Check invariants listed in
923 Comment_on_IMPORTANT_REPRESENTATIONAL_INVARIANTS in
924 priv_storage.h. */
928 // Mark di's first epoch point as a valid epoch. Because its
929 // last_epoch value is still invalid, this changes di's state from
930 // "allocated" to "active".
936 /* notify m_redir about it */
939 /* Note that we succeeded */
946 /* Something went wrong (eg. bad ELF file). Should we delete
947 this DebugInfo? No - it contains info on the rw/rx
948 mappings, at least. */
951 }
956 "-------------------------"
961 }
964 /* Notify the debuginfo system about a new mapping. This is the way
965 new debug information gets loaded. If allow_SkFileV is True, it
966 will try load debug info if the mapping at 'a' belongs to Valgrind;
967 whereas normally (False) it will not do that. This allows us to
968 carefully control when the thing will read symbols from the
969 Valgrind executable itself.
971 If use_fd is not -1, that is used instead of the filename; this
972 avoids perturbing fcntl locks, which are released by simply
973 re-opening and closing the same file (even via different fd!).
975 If a call to VG_(di_notify_mmap) causes debug info to be read, then
976 the returned ULong is an abstract handle which can later be used to
977 refer to the debuginfo read as a result of this specific mapping,
978 in later queries to m_debuginfo. In this case the handle value
979 will be one or above. If the returned value is zero, no debug info
980 was read. */
983 {
989 SysRes preadres;
992 SysRes statres;
997 /* In short, figure out if this mapping is of interest to us, and
998 if so, try to guess what ld.so is doing and when/if we should
999 read debug info. */
1009 }
1011 /* guaranteed by aspacemgr-linux.c, sane_NSegment() */
1014 /* Ignore non-file mappings */
1019 /* If the file doesn't have a name, we're hosed. Give up. */
1024 /*
1025 * Cannot read from these magic files:
1026 * --20208-- WARNING: Serious error when reading debug info
1027 * --20208-- When reading debug info from /proc/xen/privcmd:
1028 * --20208-- can't read file to inspect ELF header
1029 */
1036 /* Only try to read debug information from regular files. */
1039 /* stat dereferences symlinks, so we don't expect it to succeed and
1040 yet produce something that is a symlink. */
1043 /* Don't let the stat call fail silently. Filter out some known
1044 sources of noise before complaining, though. */
1046 DebugInfo fake_di;
1053 }
1055 }
1057 /* Finally, the point of all this stattery: if it's not a regular file,
1058 don't try to read debug info from it. */
1062 /* no uses of statbuf below here. */
1064 /* Now we have to guess if this is a text-like mapping, a data-like
1065 mapping, neither or both. The rules are:
1067 text if: x86-linux r and x
1068 other-linux r and x and not w
1070 data if: x86-linux r and w
1071 other-linux r and w and not x
1073 Background: On x86-linux, objects are typically mapped twice:
1075 1b8fb000-1b8ff000 r-xp 00000000 08:02 4471477 vgpreload_memcheck.so
1076 1b8ff000-1b900000 rw-p 00004000 08:02 4471477 vgpreload_memcheck.so
1078 whereas ppc32-linux mysteriously does this:
1080 118a6000-118ad000 r-xp 00000000 08:05 14209428 vgpreload_memcheck.so
1081 118ad000-118b6000 ---p 00007000 08:05 14209428 vgpreload_memcheck.so
1082 118b6000-118bd000 rwxp 00000000 08:05 14209428 vgpreload_memcheck.so
1084 The third mapping should not be considered to have executable
1085 code in. Therefore a test which works for both is: r and x and
1086 NOT w. Reading symbols from the rwx segment -- which overlaps
1087 the r-x segment in the file -- causes the redirection mechanism
1088 to redirect to addresses in that third segment, which is wrong
1089 and causes crashes.
1091 JRS 28 Dec 05: unfortunately icc 8.1 on x86 has been seen to
1092 produce executables with a single rwx segment rather than a
1093 (r-x,rw-) pair. That means the rules have to be modified thusly:
1095 x86-linux: consider if r and x
1096 all others: consider if r and x and not w
1098 2009 Aug 16: apply similar kludge to ppc32-linux.
1099 See http://bugs.kde.org/show_bug.cgi?id=190820
1101 There are two modes on s390x: with and without the noexec kernel
1102 parameter. Together with some older kernels, this leads to several
1103 variants:
1104 executable: r and x
1105 data: r and w and x
1106 or
1107 executable: r and x
1108 data: r and w
1109 */
1114 # if defined(VGA_x86) || defined(VGA_ppc32) || defined(VGA_mips32) \
1115 || defined(VGA_mips64)
1118 # elif defined(VGA_amd64) || defined(VGA_ppc64be) || defined(VGA_ppc64le) \
1119 || defined(VGA_arm) || defined(VGA_arm64)
1122 # elif defined(VGP_s390x_linux)
1125 # else
1127 # endif
1129 # if defined(VGP_x86_darwin) && DARWIN_VERS >= DARWIN_10_7
1131 # endif
1133 # if defined(VGO_solaris)
1136 # endif
1143 /* Ignore mappings with permissions we can't possibly be interested in. */
1147 /* Peer at the first few bytes of the file, to see if it is an ELF */
1148 /* object file. Ignore the file if we do not have read permission. */
1151 # if defined(VKI_O_LARGEFILE)
1153 # endif
1159 DebugInfo fake_di;
1162 filename);
1165 }
1167 }
1171 }
1176 }
1179 DebugInfo fake_di;
1184 }
1189 /* We're only interested in mappings of object files. */
1190 # if defined(VGO_linux) || defined(VGO_solaris)
1193 # elif defined(VGO_darwin)
1196 # else
1198 # endif
1200 /* See if we have a DebugInfo for this filename. If not,
1201 create one. */
1209 /* Note the details about the mapping. */
1210 DebugInfoMapping map;
1219 /* Update flags about what kind of mappings we've already seen. */
1224 /* So, finally, are we in an accept state? */
1226 /* Ok, so, finally, we found what we need, and we haven't
1227 already read debuginfo for this object. So let's do so now.
1228 Yee-ha! */
1234 /* If we don't have an rx and rw mapping, or if we already have
1235 debuginfo for this mapping for whatever reason, go no
1236 further. */
1238 }
1239 }
1242 /* Unmap is simpler - throw away any SegInfos intersecting
1243 [a, a+len). */
1245 {
1246 Bool anyFound;
1253 }
1254 }
1257 /* Uh, this doesn't do anything at all. IIRC glibc (or ld.so, I don't
1258 remember) does a bunch of mprotects on itself, and if we follow
1259 through here, it causes the debug info for that object to get
1260 discarded. */
1262 {
1264 # if defined(VGA_x86)
1266 # endif
1272 }
1273 }
1274 }
1277 /* This is a MacOSX >= 10.7 32-bit only special. See comments on the
1278 declaration of struct _DebugInfoFSM for details. */
1280 {
1291 }
1294 # if defined(VGP_x86_darwin) && (DARWIN_VERS >= DARWIN_10_7)
1296 # endif
1302 }
1307 /* Find a DebugInfo containing a FSM that has [a, +len) previously
1308 observed as a r-- mapping, plus some other rw- mapping. If such
1309 is found, conclude we're in an accept state and read debuginfo
1310 accordingly. */
1315 Word i;
1326 /* Try to find a mapping matching the memory area. */
1332 }
1335 /* looks like we're in luck! */
1337 }
1343 di);
1345 /* Do the upgrade. Simply update the flags of the mapping
1346 and pretend we never saw the RO map at all. */
1352 /* See if there are any more ro mappings */
1358 }
1359 }
1361 /* Check if we're now in an accept state and read debuginfo. Finally. */
1368 /* di_handle is ignored. That's not a problem per se -- it just
1369 means nobody will ever be able to refer to this debuginfo by
1370 handle since nobody will know what the handle value is. */
1371 }
1372 }
1375 /*--------- PDB (windows debug info) reading --------- */
1377 /* this should really return ULong, as per VG_(di_notify_mmap). */
1380 {
1385 SysRes sres;
1386 Int fd_pdbimage;
1387 SizeT n_pdbimage;
1393 "LOAD_PDB_DEBUGINFO: clreq: fd=%d, avma=%#lx, total_size=%lu, "
1396 );
1397 }
1399 /* 'fd' refers to the .exe/.dll we're dealing with. Get its modification
1400 time into obj_mtime. */
1407 /* and get its name into exename. */
1417 }
1419 /* Try to get the PDB file name from the executable. */
1423 /* So we successfully extracted a name from the PE file. But it's
1424 likely to be of the form
1425 e:\foo\bar\xyzzy\wibble.pdb
1426 and we need to change it into something we can actually open
1427 in Wine-world, which basically means turning it into
1428 $HOME/.wine/drive_e/foo/bar/xyzzy/wibble.pdb
1429 We also take into account $WINEPREFIX, if it is set.
1430 For the moment, if the name isn't fully qualified, just forget it
1431 (we'd have to root around to find where the pdb actually is)
1432 */
1433 /* Change all the backslashes to forward slashes */
1437 }
1438 Bool is_quald
1445 /* Change e:/foo/bar/xyzzy/wibble.pdb
1446 to $WINEPREFIX/drive_e/foo/bar/xyzzy/wibble.pdb
1447 */
1455 }
1457 /* Change e:/foo/bar/xyzzy/wibble.pdb
1458 to $HOME/.wine/drive_e/foo/bar/xyzzy/wibble.pdb
1459 */
1468 /* It's not a fully qualified path, or neither $HOME nor $WINE
1469 are set (strange). Give up. */
1472 }
1473 }
1475 /* Try s/exe/pdb/ if we don't have a valid pdbname. */
1477 /* Try to find a matching PDB file from which to read debuginfo.
1478 Windows PE files have symbol tables and line number information,
1479 but MSVC doesn't seem to use them. */
1480 /* Why +5 ? Because in the worst case, we could find a dot as the
1481 last character of pdbname, and we'd then put "pdb" right after
1482 it, hence extending it a bit. */
1494 else
1498 }
1500 /* See if we can find it, and check it's in-dateness. */
1504 pdbname);
1508 }
1512 /* PDB file is older than PE file. Really, the PDB should be
1513 newer than the PE, but that doesn't always seem to be the
1514 case. Allow the PDB to be up to one minute older.
1515 Otherwise, it's probably out of date, in which case ignore it
1516 or we will either (a) print wrong stack traces or more likely
1517 (b) crash.
1518 */
1523 }
1529 }
1531 /* Looks promising; go on to try and read stuff from it. But don't
1532 mmap the file. Instead mmap free space and read the file into
1533 it. This is because files on CIFS filesystems that are mounted
1534 '-o directio' can't be mmap'd, and that mount option is needed
1535 to make CIFS work reliably. (See
1536 http://www.nabble.com/Corrupted-data-on-write-to-
1537 Windows-2003-Server-t2782623.html)
1538 This is slower, but at least it works reliably. */
1542 // 0x7FFFFFFF: why? Because the VG_(read) just below only
1543 // can deal with a signed int as the size of data to read,
1544 // so we can't reliably check for read failure for files
1545 // greater than that size. Hence just skip them; we're
1546 // unlikely to encounter a PDB that large anyway.
1549 }
1554 }
1562 }
1567 /* play safe; always invalidate the debug info caches. I don't know if
1568 this is necessary, but anyway .. */
1570 /* dump old info for this range, if any */
1576 /* this di must be new, since we just nuked any old stuff in the range */
1580 /* don't set up any of the di-> fields; let
1581 ML_(read_pdb_debug_info) do it. */
1589 }
1593 /* We cannot make any sense of this pdb, so (force) discard it,
1594 even if VG_(clo_keep_debuginfo) is True. */
1597 // The below will assert if di is not active. Not too sure what
1598 // the state of di in this failed loading state.
1601 }
1605 }
1607 out:
1609 }
1614 /*------------------------------------------------------------*/
1615 /*--- ---*/
1616 /*--- TOP LEVEL: QUERYING EXISTING DEBUG INFO ---*/
1617 /*--- ---*/
1618 /*------------------------------------------------------------*/
1621 {
1629 }
1630 }
1634 {
1635 Word i;
1638 /* Optimization: Try to use the last matched rx mapping first */
1650 }
1651 }
1654 }
1656 /*------------------------------------------------------------*/
1657 /*--- Types and functions for inlined IP cursor ---*/
1658 /*------------------------------------------------------------*/
1666 // Note that not all inlined fn calls in this range
1667 // are necessarily covering eip.
1670 // 0 means to describe eip itself.
1673 // level.
1674 };
1677 {
1679 }
1682 {
1684 }
1687 {
1688 Word i;
1699 }
1709 }
1710 }
1716 else
1720 }
1722 /* Forward */
1726 /* Returns the position after which eip would be inserted in inltab.
1727 (-1 if eip should be inserted before position 0).
1728 This is the highest position with an addr_lo <= eip.
1729 As inltab is sorted on addr_lo, dichotomic search can be done
1730 (note that inltab might have duplicates addr_lo). */
1732 {
1733 Word mid,
1741 }
1744 lo++;
1745 #if 0
1750 #endif
1752 }
1755 {
1757 Word locno;
1758 Word i;
1760 Bool avail;
1765 /* Search the DebugInfo for (ep, eip) */
1770 /* Search the entry in di->inltab with the highest addr_lo that
1771 contains eip. */
1772 /* We start from the highest pos in inltab after which eip would
1773 be inserted. */
1777 }
1778 /* Stop the backward scan when reaching an addr_lo which
1779 cannot anymore contain eip : we know that all ranges before
1780 i also cannot contain eip. */
1783 }
1788 /* We have found the highest entry containing eip.
1789 Build a cursor. */
1798 }
1804 /* MAX_LEVEL is higher than any stored level. We can use
1805 VG_(next_IIPC) to get to the 'real' first highest call level. */
1810 }
1813 {
1816 }
1819 /*------------------------------------------------------------*/
1820 /*--- Use of symbol table & location info to create ---*/
1821 /*--- plausible-looking stack dumps. ---*/
1822 /*------------------------------------------------------------*/
1824 /* Search all symtabs that we know about to locate ptr. If found, set
1825 *pdi to the relevant DebugInfo, and *symno to the symtab entry
1826 *number within that. If not found, *psi is set to NULL.
1827 If findText==True, only text symbols are searched for.
1828 If findText==False, only data symbols are searched for.
1829 */
1832 Bool findText )
1833 {
1834 Word sno;
1836 Bool inRange;
1844 /* Consider any symbol in the r-x mapped area to be text.
1845 See Comment_Regarding_Text_Range_Checks in storage.c for
1846 details. */
1854 ||
1859 ||
1864 ||
1869 ||
1874 }
1884 }
1885 not_found:
1887 }
1890 /* Search all loctabs that we know about to locate ptr at epoch ep. If
1891 *found, set pdi to the relevant DebugInfo, and *locno to the loctab entry
1892 *number within that. If not found, *pdi is set to NULL. */
1895 {
1896 Word lno;
1910 }
1911 }
1912 not_found:
1914 }
1916 /* Caching of queries to symbol names. */
1917 // Prime number, giving about 6Kbytes cache on 32 bits,
1918 // 12Kbytes cache on 64 bits.
1919 #define N_SYM_NAME_CACHE 509
1921 typedef
1923 // (sym_epoch, sym_avma) are the hash table key.
1924 DiEpoch sym_epoch;
1925 Addr sym_avma;
1926 // Fields below here are not part of the key.
1930 }
1931 Sym_Name_CacheEnt;
1932 /* Sym_Name_CacheEnt associates a queried (epoch, address) pair to the sym
1933 name found. By nature, if a sym name was found, it means the searched
1934 address stored in the cache is an avma (see e.g. search_all_symtabs).
1935 Note however that the caller is responsible to work with 'avma' addresses
1936 e.g. when calling VG_(get_fnname) : m_debuginfo.c has no way to
1937 differentiate an 'svma a' from an 'avma a'. It is however unlikely that
1938 svma would percolate outside of this module. */
1943 /* We need a special marker for the address 0 : a not used entry has
1944 a zero sym_avma. So, if ever the 0 address is really queried, we need
1945 to be able to detect there is no sym name for this address.
1946 If on some platforms, 0 is associated to a symbol, the cache would
1947 work properly. */
1952 }
1954 /* The whole point of this whole big deal: map an (epoch, code address) pair
1955 to a plausible symbol name. Returns False if no idea; otherwise True.
1957 Caller supplies buf. If do_cxx_demangling is False, don't do
1958 C++ demangling, regardless of VG_(clo_demangle) -- probably because the
1959 call has come from VG_(get_fnname_raw)(). findText
1960 indicates whether we're looking for a text symbol or a data symbol
1961 -- caller must choose one kind or the other.
1963 NOTE: See IMPORTANT COMMENT above about persistence and ownership
1964 in pub_tool_debuginfo.h
1965 get_sym_name and the fact it calls the demangler is the main reason
1966 for non persistence of the information returned by m_debuginfo.c
1967 functions : the string returned in *BUF is persistent as long as
1968 (1) the DebugInfo it belongs to is not discarded
1969 (2) the demangler is not invoked again
1970 Also, the returned string is owned by "somebody else". Callers must
1971 not free it or modify it. */
1972 static
1974 Bool do_below_main_renaming,
1978 {
1979 // Compute the hash from 'ep' and 'a'. The latter contains lots of
1980 // significant bits, but 'ep' is expected to be a small number, typically
1981 // less than 500. So rotate it around a bit in the hope of spreading the
1982 // bits out somewhat.
1993 Word sno;
2005 }
2006 }
2012 }
2017 /* Do the below-main hack */
2018 // To reduce the endless nuisance of multiple different names
2019 // for "the frame below main()" screwing up the testsuite, change all
2020 // known incarnations of said into a single name, "(below main)", if
2021 // --show-below-main=yes.
2024 {
2026 }
2040 }
2047 }
2050 }
2052 /* ppc64be-linux only: find the TOC pointer (R2 value) that should be in
2053 force at the entry point address of the function containing
2054 guest_code_addr. Returns 0 if not known. */
2056 {
2057 #if defined(VGA_ppc64be) || defined(VGA_ppc64le)
2059 Word sno;
2065 else
2067 #else
2069 #endif
2070 }
2072 /* This is available to tools... always demangle C++ names,
2073 match anywhere in function, but don't show offsets.
2074 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2075 in pub_tool_debuginfo.h */
2077 {
2085 }
2087 /* This is available to tools... always demangle C++ names,
2088 match anywhere in function, and show offset if nonzero.
2089 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2090 in pub_tool_debuginfo.h */
2092 {
2100 }
2102 /* This is available to tools... always demangle C++ names,
2103 only succeed if 'a' matches first instruction of function,
2104 and don't show offsets.
2105 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2106 in pub_tool_debuginfo.h */
2108 {
2110 Bool res;
2122 }
2124 /* This is only available to core... don't C++-demangle, don't Z-demangle,
2125 don't rename below-main, match anywhere in function, and don't show
2126 offsets.
2127 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2128 in pub_tool_debuginfo.h */
2130 {
2138 }
2140 /* This is only available to core... don't demangle C++ names, but do
2141 do Z-demangling and below-main-renaming, match anywhere in function, and
2142 don't show offsets.
2143 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2144 in pub_tool_debuginfo.h */
2147 {
2148 // All the callers of VG_(get_fnname_no_cxx_demangle) must build
2149 // the iipc with the same ep as provided to VG_(get_fnname_no_cxx_demangle).
2150 // So, if we have an iipc, iipc->di must be valid in the provided ep.
2151 // Functionally, we could equally use iipc->di->first_epoch or ep, as
2152 // all the inlined fn calls will be described by the same di.
2155 }
2158 // At the bottom (towards main), we describe the fn at eip.
2171 // The function we are in is called by next_inl.
2174 }
2175 }
2177 /* mips-linux only: find the offset of current address. This is needed for
2178 stack unwinding for MIPS.
2179 */
2182 {
2190 offset );
2191 }
2194 {
2199 # if defined(VGO_linux)
2202 # if defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
2204 # endif
2205 # elif defined(VGO_darwin)
2206 // See readmacho.c for an explanation of this.
2208 # elif defined(VGO_solaris)
2210 # else
2212 # endif
2218 }
2219 }
2222 {
2225 // We don't demangle, because it's faster not to, and the special names
2226 // we're looking for won't be mangled.
2232 }
2233 }
2235 /* Looks up data_addr in the collection of data symbols, and if found
2236 puts a pointer to its name into dname. The name is zero terminated.
2237 Also data_addr's offset from the symbol start is put into *offset.
2238 NOTE: See IMPORTANT COMMENT above about persistence and ownership
2239 in pub_tool_debuginfo.h */
2243 {
2250 offset );
2251 }
2253 /* Map a code address to the name of a shared object file or the
2254 executable. Returns False if no idea; otherwise True.
2255 Note: the string returned in *BUF is persistent as long as
2256 (1) the DebugInfo it belongs to is not discarded
2257 (2) the segment containing the address is not merged with another segment
2258 */
2260 {
2265 /* Look in the debugInfo_list to find the name. In most cases we
2266 expect this to produce a result. */
2276 }
2277 }
2278 /* Last-ditch fallback position: if we don't find the address in
2279 the debugInfo_list, ask the address space manager whether it
2280 knows the name of the file associated with this mapping. This
2281 allows us to print the names of exe/dll files in the stack trace
2282 when running programs under wine.
2284 Restrict this to the case where 'ep' is the current epoch, though, so
2285 that we don't return information about this epoch when the caller was
2286 enquiring about a different one. */
2292 }
2294 }
2296 /* Map a code address to its DebugInfo. Returns NULL if not found. Doesn't
2297 require debug info. */
2299 {
2302 n_search++;
2313 }
2314 }
2316 }
2318 /* Map a code address to a filename. Returns True if successful. The
2319 returned string is persistent as long as the DebugInfo to which it
2320 belongs is not discarded. */
2322 {
2324 Word locno;
2325 UInt fndn_ix;
2333 }
2335 /* Map a code address to a line number. Returns True if successful. */
2337 {
2339 Word locno;
2346 }
2348 /* Map a code address to a filename/line number/dir name info.
2349 See prototype for detailed description of behaviour.
2350 */
2355 {
2357 Word locno;
2358 UInt fndn_ix;
2364 }
2367 }
2374 /* caller wants directory info too .. */
2376 }
2379 }
2382 /* Map a function name to its entry point and toc pointer. Is done by
2383 sequential search of all symbol tables, so is very slow. To
2384 mitigate the worst performance effects, you may specify a soname
2385 pattern, and only objects matching that pattern are searched.
2386 Therefore specify "*" to search all the objects. On TOC-afflicted
2387 platforms, a symbol is deemed to be found only if it has a nonzero
2388 TOC pointer. */
2392 {
2394 Int i;
2397 # if defined(VG_PLAT_USES_PPCTOC)
2399 # endif
2409 }
2417 }
2423 && (require_pToc
2427 }
2428 sec_names++;
2429 }
2430 }
2431 }
2432 }
2434 }
2437 /* VG_(describe_IP): return info on code address, function name and
2438 filename. The returned string is allocated in a static buffer and will
2439 be overwritten in the next invocation. */
2441 /* Copy str into *buf starting at n, ensuring that buf is zero-terminated.
2442 Return the index of the terminating null character. */
2443 static SizeT
2445 {
2453 }
2458 }
2460 /* Same as putStr, but escaping chars for XML output. */
2461 static SizeT
2463 {
2482 }
2483 }
2485 }
2488 {
2491 # define APPEND(_str) \
2492 n = putStr(n, &buf, &bufsiz, _str)
2493 # define APPEND_ESC(_str) \
2494 n = putStrEsc(n, &buf, &bufsiz, _str)
2496 UInt lineno;
2500 // An InlIPCursor is associated with one specific DebugInfo. So if
2501 // it exists, make sure that it is valid for the specified DiEpoch.
2510 Bool know_dirinfo;
2511 Bool know_fnname;
2512 Bool know_objname;
2513 Bool know_srcloc;
2516 // At the bottom (towards main), we describe the fn at eip.
2525 // The function we are in is called by next_inl.
2529 // INLINED????
2530 // ??? Can we compute an offset for an inlined fn call ?
2531 // ??? Offset from what ? The beginning of the inl info ?
2532 // ??? But that is not necessarily the beginning of the fn
2533 // ??? as e.g. an inlined fn call can be in several ranges.
2534 // ??? Currently never showing an offset.
2535 }
2540 // The source for the highest level is in the loctab entry.
2545 &lineno
2546 );
2556 // The fndn_ix and lineno for the caller of the inlined fn is in cur_inl.
2565 }
2567 }
2570 }
2578 /* Print in XML format, dumping in as much info as we know.
2579 Ensure all tags are balanced. */
2589 }
2595 }
2602 }
2612 }
2618 /* Print for humans to read */
2619 //
2620 // Possible forms:
2621 //
2622 // 0x80483BF: really (a.c:20)
2623 // 0x80483BF: really (in /foo/a.out)
2624 // 0x80483BF: really (in ???)
2625 // 0x80483BF: ??? (in /foo/a.out)
2626 // 0x80483BF: ??? (a.c:20)
2627 // 0x80483BF: ???
2628 //
2635 }
2638 // Get the directory name, if any, possibly pruned, into dirname.
2641 Int i;
2643 // Remove leading prefixes from the dirname.
2644 // If user supplied --fullpath-after=foo, this will remove
2645 // a leading string which matches '.*foo' (not greedy).
2653 }
2654 }
2655 /* remove leading "./" */
2658 }
2659 // do we have any interesting directory name to show? If so
2660 // add it in.
2664 }
2675 // Nb: do this in two steps because "??)" is a trigraph!
2678 }
2680 }
2683 # undef APPEND
2684 # undef APPEND_ESC
2685 }
2688 /*--------------------------------------------------------------*/
2689 /*--- ---*/
2690 /*--- TOP LEVEL: FOR UNWINDING THE STACK USING ---*/
2691 /*--- DWARF3 .eh_frame INFO ---*/
2692 /*--- ---*/
2693 /*--------------------------------------------------------------*/
2695 /* Note that the CFI machinery pertains to unwinding the stack "right now".
2696 There is no support for unwinding stack images obtained from some time in
2697 the past. That means that:
2699 (1) We only deal with CFI from DebugInfos that are valid for the current
2700 debuginfo epoch. Unlike in the rest of the file, there is no
2701 epoch-awareness.
2703 (2) We assume that the CFI cache will be invalidated every time the the
2704 epoch changes. This is done by ensuring (in the file above) that
2705 every call to advance_current_DiEpoch has a call to
2706 caches__invalidate alongside it.
2707 */
2709 /* Gather up all the constant pieces of info needed to evaluate
2710 a CfiExpr into one convenient struct. */
2711 typedef
2714 Addr min_accessible;
2715 Addr max_accessible;
2716 }
2717 CfiExprEvalContext;
2719 /* Evaluate the CfiExpr rooted at ix in exprs given the context eec.
2720 *ok is set to False on failure, but not to True on success. The
2721 caller must set it to True before calling. */
2723 static
2726 {
2728 Addr a;
2741 }
2742 /*NOTREACHED*/
2762 }
2763 /*NOTREACHED*/
2766 # if defined(VGA_x86) || defined(VGA_amd64)
2770 # elif defined(VGA_arm)
2776 # elif defined(VGA_s390x)
2781 # elif defined(VGA_mips32) || defined(VGA_mips64)
2786 # elif defined(VGA_ppc32) || defined(VGA_ppc64be) \
2787 || defined(VGA_ppc64le)
2788 # elif defined(VGP_arm64_linux)
2790 # else
2792 # endif
2794 }
2795 /*NOTREACHED*/
2805 }
2806 /* let's hope it doesn't trap! */
2810 }
2811 /*NOTREACHED*/
2812 unhandled:
2817 /*NOTREACHED*/
2819 }
2822 /* Search all the DebugInfos in the entire system, to find the DiCfSI_m
2823 that pertains to 'ip'.
2825 If found, set *diP to the DebugInfo in which it resides, and
2826 *cfsi_mP to the cfsi_m pointer in that DebugInfo's cfsi_m_pool.
2828 If not found, set *diP to (DebugInfo*)1 and *cfsi_mP to zero.
2830 Per comments at the top of this section, we only look for CFI in
2831 DebugInfos that are valid for the current epoch.
2832 */
2836 Addr ip )
2837 {
2843 n_search++;
2850 Word j;
2851 n_steps++;
2856 /* Use the per-DebugInfo summary address ranges to skip
2857 inapplicable DebugInfos quickly. */
2863 // This di must be active (because we have explicitly chosen not to
2864 // allow unwinding stacks that pertain to some past epoch). It can't
2865 // be archived or not-yet-active.
2868 /* It might be in this DebugInfo. Search it. */
2875 }
2876 }
2880 /* we didn't find it. */
2886 /* found a di corresponding to ip. */
2887 /* ensure that di is 4-aligned (at least), so it can't possibly
2888 be equal to (DebugInfo*)1. */
2892 // This is a cfsi hole. Report no cfi information found.
2894 // But we will still perform the hack below.
2897 }
2899 /* Start of performance-enhancing hack: once every 64 (chosen
2900 hackily after profiling) successful searches, move the found
2901 DebugInfo one step closer to the start of the list. This
2902 makes future searches cheaper. For starting konqueror on
2903 amd64, this in fact reduces the total amount of searching
2904 done by the above find-the-right-DebugInfo loop by more than
2905 a factor of 20. */
2907 /* Move di one step closer to the start of the list. */
2909 }
2910 /* End of performance-enhancing hack. */
2917 }
2919 }
2922 /* Now follows a mechanism for caching queries to find_DiCfSI, since
2923 they are extremely frequent on amd64-linux, during stack unwinding.
2925 Each cache entry binds an ip value to a (di, cfsi_m*) pair. Possible
2926 values:
2928 di is non-null, cfsi_m* >= 0 ==> cache slot in use, "cfsi_m*"
2929 di is (DebugInfo*)1 ==> cache slot in use, no associated di
2930 di is NULL ==> cache slot not in use
2932 Hence simply zeroing out the entire cache invalidates all
2933 entries.
2935 We can map an ip value directly to a (di, cfsi_m*) pair as
2936 once a DebugInfo is read, adding new DiCfSI_m* is not possible
2937 anymore, as the cfsi_m_pool is frozen once the reading is terminated.
2938 Also, the cache is invalidated when new debuginfo is read due to
2939 an mmap or some debuginfo is discarded due to an munmap. */
2941 // Prime number, giving about 6Kbytes cache on 32 bits,
2942 // 12Kbytes cache on 64 bits.
2943 #define N_CFSI_M_CACHE 509
2945 typedef
2947 CFSI_m_CacheEnt;
2953 }
2956 {
2959 # ifdef N_Q_M_STATS
2961 n_q++;
2964 # endif
2967 /* found an entry in the cache .. */
2969 /* not found in cache. Search and update. */
2970 # ifdef N_Q_M_STATS
2971 n_m++;
2972 # endif
2975 }
2978 /* no DiCfSI for this address */
2981 /* found a DiCfSI for this address */
2983 }
2984 }
2987 {
2989 }
2993 inline
2997 {
2998 CfiExprEvalContext eec;
2999 Addr cfa;
3000 Bool ok;
3002 /* Compute the CFA. */
3005 # if defined(VGA_x86) || defined(VGA_amd64)
3012 # elif defined(VGA_arm)
3025 # elif defined(VGA_s390x)
3030 {
3036 }
3043 # elif defined(VGA_mips32) || defined(VGA_mips64)
3053 # elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
3054 # elif defined(VGP_arm64_linux)
3061 # else
3063 # endif
3069 }
3079 }
3081 }
3084 /* Get the call frame address (CFA) given an IP/SP/FP triple. */
3085 /* NOTE: This function may rearrange the order of entries in the
3086 DebugInfo list. */
3089 {
3097 /* Temporary impedance-matching kludge so that this keeps working
3098 on x86-linux and amd64-linux. */
3099 # if defined(VGA_x86) || defined(VGA_amd64)
3106 }
3107 #elif defined(VGA_s390x)
3114 }
3115 #elif defined(VGA_mips32) || defined(VGA_mips64)
3122 }
3124 # else
3126 # endif
3127 }
3130 {
3133 Addr ce_from;
3140 from++;
3153 }
3156 }
3157 }
3158 }
3161 /* The main function for DWARF2/3 CFI-based stack unwinding. Given a
3162 set of registers in UREGS, modify it to hold the register values
3163 for the previous frame, if possible. Returns True if successful.
3164 If not successful, *UREGS is not changed.
3166 For x86 and amd64, the unwound registers are: {E,R}IP,
3167 {E,R}SP, {E,R}BP.
3169 For arm, the unwound registers are: R7 R11 R12 R13 R14 R15.
3171 For arm64, the unwound registers are: X29(FP) X30(LR) SP PC.
3172 */
3174 Addr min_accessible,
3175 Addr max_accessible )
3176 {
3182 D3UnwindRegs uregsPrev;
3184 # if defined(VGA_x86) || defined(VGA_amd64)
3186 # elif defined(VGA_arm)
3188 # elif defined(VGA_s390x)
3190 # elif defined(VGA_mips32) || defined(VGA_mips64)
3192 # elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
3193 # elif defined(VGP_arm64_linux)
3195 # else
3197 # endif
3209 }
3213 /* First compute the CFA. */
3219 /* Now we know the CFA, use it to roll back the registers we're
3220 interested in. */
3222 # define COMPUTE(_prev, _here, _how, _off) \
3223 do { \
3224 switch (_how) { \
3225 case CFIR_UNKNOWN: \
3226 return False; \
3227 case CFIR_SAME: \
3228 _prev = _here; break; \
3229 case CFIR_MEMCFAREL: { \
3230 Addr a = cfa + (Word)_off; \
3231 if (a < min_accessible \
3232 || a > max_accessible-sizeof(Addr)) \
3233 return False; \
3234 _prev = ML_(read_Addr)((void *)a); \
3235 break; \
3236 } \
3237 case CFIR_CFAREL: \
3238 _prev = cfa + (Word)_off; \
3239 break; \
3240 case CFIR_EXPR: \
3241 if (0) \
3242 ML_(ppCfiExpr)(di->cfsi_exprs,_off); \
3243 eec.uregs = uregsHere; \
3244 eec.min_accessible = min_accessible; \
3245 eec.max_accessible = max_accessible; \
3246 Bool ok = True; \
3247 _prev = evalCfiExpr(di->cfsi_exprs, _off, &eec, &ok ); \
3248 if (!ok) return False; \
3249 break; \
3250 default: \
3251 vg_assert(0); \
3252 } \
3253 } while (0)
3255 # if defined(VGA_x86) || defined(VGA_amd64)
3259 # elif defined(VGA_arm)
3266 # elif defined(VGA_s390x)
3270 # elif defined(VGA_mips32) || defined(VGA_mips64)
3274 # elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
3275 # elif defined(VGP_arm64_linux)
3280 # else
3282 # endif
3284 # undef COMPUTE
3288 }
3291 /*--------------------------------------------------------------*/
3292 /*--- ---*/
3293 /*--- TOP LEVEL: FOR UNWINDING THE STACK USING ---*/
3294 /*--- MSVC FPO INFO ---*/
3295 /*--- ---*/
3296 /*--------------------------------------------------------------*/
3301 DiEpoch ep,
3302 Addr min_accessible,
3303 Addr max_accessible )
3304 {
3305 Word i;
3308 Addr spHere;
3312 n_search++;
3317 n_steps++;
3322 /* Use the per-DebugInfo summary address ranges to skip
3323 inapplicable DebugInfos quickly. */
3331 Word j;
3333 /* debug printing only */
3339 }
3343 }
3344 }
3355 /* Start of performance-enhancing hack: once every 64 (chosen
3356 hackily after profiling) successful searches, move the found
3357 DebugInfo one step closer to the start of the list. This makes
3358 future searches cheaper. For starting konqueror on amd64, this
3359 in fact reduces the total amount of searching done by the above
3360 find-the-right-DebugInfo loop by more than a factor of 20. */
3362 /* Move si one step closer to the start of the list. */
3363 //move_DebugInfo_one_step_forward( di );
3364 }
3365 /* End of performance-enhancing hack. */
3369 //ML_(ppFPO)(fpo);
3370 }
3372 /*
3373 Stack layout is:
3374 %esp->
3375 4*.cbRegs {%edi, %esi, %ebp, %ebx}
3376 4*.cdwLocals
3377 return_pc
3378 4*.cdwParams
3379 prior_%esp->
3381 Typical code looks like:
3382 sub $4*.cdwLocals,%esp
3383 Alternative to above for >=4KB (and sometimes for smaller):
3384 mov $size,%eax
3385 call __chkstk # WinNT performs page-by-page probe!
3386 __chkstk is much like alloc(), except that on return
3387 %eax= 5+ &CALL. Thus it could be used as part of
3388 Position Independent Code to locate the Global Offset Table.
3389 push %ebx
3390 push %ebp
3391 push %esi
3392 Other once-only instructions often scheduled >here<.
3393 push %edi
3395 If the pc is within the first .cbProlog bytes of the function,
3396 then you must disassemble to see how many registers have been pushed,
3397 because instructions in the prolog may be scheduled for performance.
3398 The order of PUSH is always %ebx, %ebp, %esi, %edi, with trailing
3399 registers not pushed when .cbRegs < 4. This seems somewhat strange
3400 because %ebp is the register whose usage you want to minimize,
3401 yet it is in the first half of the PUSH list.
3403 I don't know what happens when the compiler constructs an outgoing CALL.
3404 %esp could move if outgoing parameters are PUSHed, and this affects
3405 traceback for errors during the PUSHes. */
3414 }
3417 {
3422 }
3424 }
3427 /*--------------------------------------------------------------*/
3428 /*--- ---*/
3429 /*--- TOP LEVEL: GENERATE DESCRIPTION OF DATA ADDRESSES ---*/
3430 /*--- FROM DWARF3 DEBUG INFO ---*/
3431 /*--- ---*/
3432 /*--------------------------------------------------------------*/
3434 /* Try to make p2XA(dst, fmt, args..) turn into
3435 VG_(xaprintf)(dst, fmt, args) without having to resort to
3436 vararg macros. As usual with everything to do with varargs, it's
3437 an ugly hack.
3439 //#define p2XA(dstxa, format, args...)
3440 // VG_(xaprintf)(dstxa, format, ##args)
3441 */
3442 #define p2XA VG_(xaprintf)
3444 /* Add a zero-terminating byte to DST, which must be an XArray* of
3445 HChar. */
3447 {
3450 }
3453 /* Evaluate the location expression/list for var, to see whether or
3454 not data_addr falls within the variable. If so also return the
3455 offset of data_addr from the start of the variable. Note that
3456 regs, which supplies ip,sp,fp values, will be NULL for global
3457 variables, and non-NULL for local variables. */
3462 Addr data_addr,
3464 {
3465 MaybeULong mul;
3466 SizeT var_szB;
3467 GXResult res;
3473 /* Figure out how big the variable is. */
3475 /* If this var has a type whose size is unknown, zero, or
3476 impossibly large, it should never have been added. ML_(addVar)
3477 should have rejected it. */
3481 /* After this point, we assume we can truncate mul.ul to a host word
3482 safely (without loss of info). */
3491 }
3493 /* ignore zero-sized vars; they can never match anything. */
3498 }
3506 }
3515 }
3516 }
3519 /* Format the acquired information into DN(AME)1 and DN(AME)2, which
3520 are XArray*s of HChar, that have been initialised by the caller.
3521 Resulting strings will be zero terminated. Information is
3522 formatted in an understandable way. Not so easy. If frameNo is
3523 -1, this is assumed to be a global variable; else a local
3524 variable. */
3527 Addr data_addr,
3530 PtrdiffT var_offset,
3531 PtrdiffT residual_offset,
3533 Int frameNo,
3534 ThreadId tid )
3535 {
3543 // fileName will be "???" if var->fndn_ix == 0.
3544 // fileName will only be used if have_descr is True.
3548 }
3551 }
3554 }
3569 }
3578 /* ------ local cases ------ */
3581 /* no srcloc, no description:
3582 Location 0x7fefff6cf is 543 bytes inside local var "a",
3583 in frame #1 of thread 1
3584 */
3601 }
3602 }
3603 else
3605 /* no description:
3606 Location 0x7fefff6cf is 543 bytes inside local var "a"
3607 declared at dsyms7.c:17, in frame #1 of thread 1
3608 */
3621 // FIXME: also do <dir>
3633 }
3634 }
3635 else
3637 /* no srcloc:
3638 Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2
3639 in frame #1 of thread 1
3640 */
3659 }
3660 }
3661 else
3663 /* Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2,
3664 declared at dsyms7.c:17, in frame #1 of thread 1 */
3678 // FIXME: also do <dir>
3691 }
3692 }
3693 else
3694 /* ------ global cases ------ */
3696 /* no srcloc, no description:
3697 Location 0x7fefff6cf is 543 bytes inside global var "a"
3698 */
3709 }
3710 }
3711 else
3713 /* no description:
3714 Location 0x7fefff6cf is 543 bytes inside global var "a"
3715 declared at dsyms7.c:17
3716 */
3729 // FIXME: also do <dir>
3741 }
3742 }
3743 else
3745 /* no srcloc:
3746 Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2,
3747 a global variable
3748 */
3767 }
3768 }
3769 else
3771 /* Location 0x7fefff6cf is 2 bytes inside a[3].xyzzy[21].c2,
3772 a global variable declared at dsyms7.c:17 */
3786 // FIXME: also do <dir>
3799 }
3800 }
3801 else
3804 /* Zero terminate both strings */
3808 # undef TAGL
3809 # undef TAGR
3810 # undef XAGL
3811 # undef XAGR
3812 # undef TXTL
3813 # undef TXTR
3814 }
3817 /* Determine if data_addr is a local variable in the frame
3818 characterised by (ip,sp,fp), and if so write its description at the
3819 ends of DNAME{1,2}, which are XArray*s of HChar, that have been
3820 initialised by the caller, zero terminate both, and return True.
3821 If it's not a local variable in said frame, return False. */
3822 static
3825 DiEpoch ep,
3826 Addr data_addr,
3828 /* shown to user: */
3830 {
3831 Word i;
3833 RegSummary regs;
3838 n_search++;
3841 /* first, find the DebugInfo that pertains to 'ip'. */
3843 n_steps++;
3846 /* text segment missing? unlikely, but handle it .. */
3849 /* Ok. So does this text mapping bracket the ip? */
3852 }
3854 /* Didn't find it. Strange -- means ip is a code address outside
3855 of any mapped text segment. Unlikely but not impossible -- app
3856 could be generating code to run. */
3864 /* Start of performance-enhancing hack: once every ??? (chosen
3865 hackily after profiling) successful searches, move the found
3866 DebugInfo one step closer to the start of the list. This makes
3867 future searches cheaper. */
3869 /* Move si one step closer to the start of the list. */
3871 }
3872 /* End of performance-enhancing hack. */
3874 /* any var info at all? */
3878 /* Work through the scopes from most deeply nested outwards,
3879 looking for code address ranges that bracket 'ip'. The
3880 variables on each such address range found are in scope right
3881 now. Don't descend to level zero as that is the global
3882 scope. */
3887 /* "for each scope, working outwards ..." */
3890 Word j;
3892 OSet* this_scope
3898 /* Find the set of variables in this scope that
3899 bracket the program counter. */
3903 );
3906 /* stay sane */
3908 /* It must bracket the ip we asked for, else
3909 ML_(cmp_for_DiAddrRange_range) is somehow broken. */
3911 /* It must have an attached XArray of DiVariables. */
3914 /* But it mustn't cover the entire address range. We only
3915 expect that to happen for the global scope (level 0), which
3916 we're not looking at here. Except, it may cover the entire
3917 address range, but in that case the vars array must be
3918 empty. */
3924 PtrdiffT offset;
3940 }
3941 }
3942 }
3945 }
3947 /* Try to form some description of DATA_ADDR by looking at the DWARF3
3948 debug info we have. This considers all global variables, and 8
3949 frames in the stacks of all threads. Result is written at the ends
3950 of DNAME{1,2}V, which are XArray*s of HChar, that have been
3951 initialised by the caller, and True is returned. If no description
3952 is created, False is returned. Regardless of the return value,
3953 DNAME{1,2}V are guaranteed to be zero terminated after the call.
3955 Note that after the call, DNAME{1,2} may have more than one
3956 trailing zero, so callers should establish the useful text length
3957 using VG_(strlen) on the contents, rather than VG_(sizeXA) on the
3958 XArray itself.
3959 */
3963 DiEpoch ep, Addr data_addr
3964 )
3965 {
3966 # define N_FRAMES 8
3968 UInt n_frames;
3971 ThreadId tid;
3972 Bool found;
3974 Word j;
3977 /* First, see if data_addr is (or is part of) a global variable.
3978 Loop over the DebugInfos we have. Check data_addr against the
3979 outermost scope of all of them, as that should be a global
3980 scope. */
3983 Word gs_size;
3984 Addr zero;
3986 Word i;
3989 /* text segment missing? unlikely, but handle it .. */
3992 /* any var info at all? */
3995 /* perhaps this object didn't contribute any vars at all? */
4001 /* The global scope might be completely empty if this
4002 compilation unit declared locals but nothing global. */
4005 /* But if it isn't empty, then it must contain exactly one
4006 element, which covers the entire address range. */
4008 /* Fish out the global scope and check it is as expected. */
4010 global_arange
4012 /* The global range from (Addr)0 to ~(Addr)0 must exist */
4016 /* Any vars in this range? */
4019 /* Ok, there are some vars in the global scope of this
4020 DebugInfo. Wade through them and see if the data addresses
4021 of any of them bracket data_addr. */
4024 PtrdiffT offset;
4027 /* Note we use a NULL RegSummary* here. It can't make any
4028 sense for a global variable to have a location expression
4029 which depends on a SP/FP/IP value. So don't supply any.
4030 This means, if the evaluation of the location
4031 expression/list requires a register, we have to let it
4032 fail. */
4043 VG_INVALID_THREADID );
4048 }
4049 }
4050 }
4052 /* Ok, well it's not a global variable. So now let's snoop around
4053 in the stacks of all the threads. First try to figure out which
4054 thread's stack data_addr is in. */
4056 /* Perhaps it's on a thread's stack? */
4066 }
4067 }
4072 }
4074 /* We conclude data_addr is in thread tid's stack. Unwind the
4075 stack to get a bunch of (ip,sp,fp) triples describing the
4076 frames, and for each frame, consider the local variables. */
4089 }
4090 /* Now, it appears that gcc sometimes appears to produce
4091 location lists whose ranges don't actually cover the call
4092 instruction, even though the address of the variable in
4093 question is passed as a parameter in the call. AFAICS this
4094 is simply a bug in gcc - how can the variable be claimed not
4095 exist in memory (on the stack) for the duration of a call in
4096 which its address is passed? But anyway, in the particular
4097 case I investigated (memcheck/tests/varinfo6.c, call to croak
4098 on line 2999, local var budget declared at line 3115
4099 appearing not to exist across the call to mainSort on line
4100 3143, "gcc.orig (GCC) 3.4.4 20050721 (Red Hat 3.4.4-2)" on
4101 amd64), the variable's location list does claim it exists
4102 starting at the first byte of the first instruction after the
4103 call instruction. So, call consider_vars_in_frame a second
4104 time, but this time add 1 to the IP. GDB handles this
4105 example with no difficulty, which leads me to believe that
4106 either (1) I misunderstood something, or (2) GDB has an
4107 equivalent kludge. */
4116 }
4117 }
4119 /* We didn't find anything useful. */
4123 # undef N_FRAMES
4124 }
4127 //////////////////////////////////////////////////////////////////
4128 // //
4129 // Support for other kinds of queries to the Dwarf3 var info //
4130 // //
4131 //////////////////////////////////////////////////////////////////
4133 /* Figure out if the variable 'var' has a location that is linearly
4134 dependent on a stack pointer value, or a frame pointer value, and
4135 if it is, add a description of it to 'blocks'. Otherwise ignore
4136 it. If 'arrays_only' is True, also ignore it unless it has an
4137 array type. */
4139 static
4143 Bool arrays_only )
4144 {
4146 RegSummary regs;
4147 MaybeULong mul;
4148 Bool isVec;
4155 /* Figure out how big the variable is. */
4157 /* If this var has a type whose size is unknown, zero, or
4158 impossibly large, it should never have been added. ML_(addVar)
4159 should have rejected it. */
4163 /* After this point, we assume we can truncate mul.ul to a host word
4164 safely (without loss of info). */
4166 /* skip if non-array and we're only interested in arrays */
4179 /* Do some test evaluations of the variable's location expression,
4180 in order to guess whether it is sp-relative, fp-relative, or
4181 none. A crude hack, which can be interpreted roughly as finding
4182 the first derivative of the location expression w.r.t. the
4183 supplied frame and stack pointer values. */
4209 StackBlock block;
4210 GXResult res;
4217 /* depends neither on sp nor fp, so it can't be a stack
4218 local. Ignore it. */
4219 }
4220 else
4238 }
4239 else
4257 }
4260 }
4261 }
4262 }
4265 /* Get an XArray of StackBlock which describe the stack (auto) blocks
4266 for this ip. The caller is expected to free the XArray at some
4267 point. If 'arrays_only' is True, only array-typed blocks are
4268 returned; otherwise blocks of all types are returned. */
4272 {
4273 /* This is a derivation of consider_vars_in_frame() above. */
4274 Word i;
4284 n_search++;
4287 /* first, find the DebugInfo that pertains to 'ip'. */
4289 n_steps++;
4290 /* text segment missing? unlikely, but handle it .. */
4293 /* Ok. So does this text mapping bracket the ip? */
4296 }
4298 /* Didn't find it. Strange -- means ip is a code address outside
4299 of any mapped text segment. Unlikely but not impossible -- app
4300 could be generating code to run. */
4308 /* Start of performance-enhancing hack: once every ??? (chosen
4309 hackily after profiling) successful searches, move the found
4310 DebugInfo one step closer to the start of the list. This makes
4311 future searches cheaper. */
4313 /* Move si one step closer to the start of the list. */
4315 }
4316 /* End of performance-enhancing hack. */
4318 /* any var info at all? */
4322 /* Work through the scopes from most deeply nested outwards,
4323 looking for code address ranges that bracket 'ip'. The
4324 variables on each such address range found are in scope right
4325 now. Don't descend to level zero as that is the global
4326 scope. */
4328 /* "for each scope, working outwards ..." */
4331 Word j;
4333 OSet* this_scope
4339 /* Find the set of variables in this scope that
4340 bracket the program counter. */
4344 );
4347 /* stay sane */
4349 /* It must bracket the ip we asked for, else
4350 ML_(cmp_for_DiAddrRange_range) is somehow broken. */
4352 /* It must have an attached XArray of DiVariables. */
4355 /* But it mustn't cover the entire address range. We only
4356 expect that to happen for the global scope (level 0), which
4357 we're not looking at here. Except, it may cover the entire
4358 address range, but in that case the vars array must be
4359 empty. */
4370 }
4371 }
4374 }
4377 /* Get an array of GlobalBlock which describe the global blocks owned
4378 by the shared object characterised by the given di_handle. Asserts
4379 if the handle is invalid. The caller is responsible for freeing
4380 the array at some point. If 'arrays_only' is True, only
4381 array-typed blocks are returned; otherwise blocks of all types are
4382 returned. */
4386 {
4387 /* This is a derivation of consider_vars_in_frame() above. */
4393 /* The first thing to do is find the DebugInfo that
4394 pertains to 'di_handle'. */
4399 }
4401 /* If this fails, we were unable to find any DebugInfo with the
4402 given handle. This is considered an error on the part of the
4403 caller. */
4406 /* we'll put the collected variables in here. */
4410 /* any var info at all? */
4414 /* we'll iterate over all the variables we can find, even if
4415 it seems senseless to visit stack-allocated variables */
4416 /* Iterate over all scopes */
4420 /* Iterate over each (code) address range at the current scope */
4428 /* Iterate over each variable in the current address range */
4434 Bool isVec;
4435 GXResult res;
4436 MaybeULong mul;
4437 GlobalBlock gb;
4443 /* Now figure out if this variable has a constant address
4444 (that is, independent of FP, SP, phase of moon, etc),
4445 and if so, what the address is. Any variable with a
4446 constant address is deemed to be a global so we collect
4447 it. */
4452 /* Not a constant address => not interesting */
4456 }
4458 /* Ok, it's a constant address. See if we want to collect
4459 it. */
4462 /* Figure out how big the variable is. */
4465 /* If this var has a type whose size is unknown, zero, or
4466 impossibly large, it should never have been added.
4467 ML_(addVar) should have rejected it. */
4471 /* After this point, we assume we can truncate mul.ul to a
4472 host word safely (without loss of info). */
4474 /* skip if non-array and we're only interested in
4475 arrays */
4486 /* Ok, so collect it! */
4510 }
4513 /*------------------------------------------------------------*/
4514 /*--- DebugInfo accessor functions ---*/
4515 /*------------------------------------------------------------*/
4518 {
4522 }
4525 {
4527 }
4530 {
4532 }
4535 {
4537 }
4540 {
4542 }
4545 {
4547 }
4550 {
4552 }
4555 {
4557 }
4560 {
4562 }
4565 {
4567 }
4570 {
4572 }
4575 {
4577 }
4580 {
4582 }
4585 {
4587 }
4590 {
4592 }
4595 Int idx,
4603 {
4612 }
4615 /*------------------------------------------------------------*/
4616 /*--- SectKind query functions ---*/
4617 /*------------------------------------------------------------*/
4619 /* Convert a VgSectKind to a string, which must be copied if you want
4620 to change it. */
4622 {
4633 }
4634 }
4636 /* Given an address 'a', make a guess of which section of which object
4637 it comes from. If name is non-NULL, then the object's name is put
4638 in *name. The returned name, if any, should be saved away, if there is
4639 a chance that a debug-info will be discarded and the name is being
4640 used later on. */
4642 {
4650 "addr=%#lx di=%p %s got=%#lx,%lu plt=%#lx,%lu "
4663 }
4669 }
4675 }
4681 }
4687 }
4693 }
4699 }
4705 }
4711 }
4712 /* we could also check for .eh_frame, if anyone really cares */
4713 }
4723 }
4724 }
4728 }
4733 {
4735 }
4740 debuginfo_generation++;
4741 }
4743 /*--------------------------------------------------------------------*/
4744 /*--- end ---*/
4745 /*--------------------------------------------------------------------*/