2 /*--------------------------------------------------------------------*/
3 /*--- Take snapshots of client stacks. m_stacktrace.c ---*/
4 /*--------------------------------------------------------------------*/
7 This file is part of Valgrind, a dynamic binary instrumentation
10 Copyright (C) 2000-2017 Julian Seward
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
28 The GNU General Public License is contained in the file COPYING.
31 #include "pub_core_basics.h"
32 #include "pub_core_vki.h"
33 #include "pub_core_threadstate.h"
34 #include "pub_core_debuginfo.h" // XXX: circular dependency
35 #include "pub_core_aspacemgr.h" // For VG_(is_addressable)()
36 #include "pub_core_libcbase.h"
37 #include "pub_core_libcassert.h"
38 #include "pub_core_libcprint.h"
39 #include "pub_core_machine.h"
40 #include "pub_core_options.h"
41 #include "pub_core_stacks.h" // VG_(stack_limits)
42 #include "pub_core_stacktrace.h"
43 #include "pub_core_syswrap.h" // VG_(is_in_syscall)
44 #include "pub_core_xarray.h"
45 #include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80)
46 #include "pub_core_trampoline.h"
49 /*------------------------------------------------------------*/
51 /*--- BEGIN platform-dependent unwinder worker functions ---*/
53 /*------------------------------------------------------------*/
55 /* Take a snapshot of the client's stack, putting up to 'max_n_ips'
56 IPs into 'ips'. In order to be thread-safe, we pass in the
57 thread's IP SP, FP if that's meaningful, and LR if that's
58 meaningful. Returns number of IPs put in 'ips'.
60 If you know what the thread ID for this stack is, send that as the
61 first parameter, else send zero. This helps generate better stack
62 traces on ppc64-linux and has no effect on other platforms.
65 /* Do frame merging in the _i frames in _ips array of recursive cycles
66 of up to _nframes. The merge is done during stack unwinding
67 (i.e. in platform specific unwinders) to collect as many
68 "interesting" stack traces as possible. */
69 #define RECURSIVE_MERGE(_nframes,_ips,_i) if (UNLIKELY(_nframes > 0)) \
72 for (dist = 1; dist <= _nframes && dist < (Int)_i; dist++) { \
73 if (_ips[_i-1] == _ips[_i-1-dist]) { \
80 /* Note about calculation of fp_min : fp_min is the lowest address
81 which can be accessed during unwinding. This is SP - VG_STACK_REDZONE_SZB.
82 On most platforms, this will be equal to SP (as VG_STACK_REDZONE_SZB
83 is 0). However, on some platforms (e.g. amd64), there is an accessible
84 redzone below the SP. Some CFI unwind info are generated, taking this
85 into account. As an example, the following is a CFI unwind info on
86 amd64 found for a 'retq' instruction:
87 [0x400f7e .. 0x400f7e]: let cfa=oldSP+8 in RA=*(cfa+-8) SP=cfa+0 BP=*(cfa+-16)
89 As you can see, the previous BP is found 16 bytes below the cfa, which
90 is the oldSP+8. So, effectively, the BP is found 8 bytes below the SP.
91 The fp_min must take this into account, otherwise, VG_(use_CF_info) will
94 /* ------------------------ x86 ------------------------- */
96 #if defined(VGP_x86_linux) || defined(VGP_x86_darwin) \
97 || defined(VGP_x86_solaris)
99 #define N_FP_CF_VERIF 1021
100 // prime number so that size of fp_CF_verif is just below 4K or 8K
101 // Note that this prime nr differs from the one chosen in
102 // m_debuginfo/debuginfo.c for the cfsi cache : in case we have
103 // a collision here between two IPs, we expect to not (often) have the
104 // same collision in the cfsi cache (and vice-versa).
106 // unwinding with fp chain is ok:
108 // there is no CFI info for this IP:
110 // Unwind with FP is not ok, must use CF unwind:
113 static Addr fp_CF_verif_cache
[N_FP_CF_VERIF
];
115 /* An unwind done by following the fp chain technique can be incorrect
116 as not all frames are respecting the standard bp/sp ABI.
117 The CF information is now generated by default by gcc
118 (as part of the dwarf info). However, unwinding using CF information
119 is significantly slower : a slowdown of 20% has been observed
120 on an helgrind test case.
121 So, by default, the unwinding will be done using the fp chain.
122 But before accepting to unwind an IP with fp_chain, the result
123 of the unwind will be checked with the CF information.
124 This check can give 3 results:
125 FPUNWIND (0): there is CF info, and it gives the same result as fp unwind.
126 => it is assumed that future unwind for this IP can be done
127 with the fast fp chain, without further CF checking
128 NOINFO (1): there is no CF info (so, fp unwind is the only do-able thing)
129 CFUNWIND (2): there is CF info, but unwind result differs.
130 => it is assumed that future unwind for this IP must be done
132 Of course, if each fp unwind implies a check done with a CF unwind,
133 it would just be slower => we cache the check result in an
134 array of checked Addr.
135 The check for an IP will be stored at
136 fp_CF_verif_cache[IP % N_FP_CF_VERIF] as one of:
141 Note: we can re-use the last (ROUNDDOWN (log (N_FP_CF_VERIF))) bits
142 to store the check result, as they are guaranteed to be non significant
143 in the comparison between 2 IPs stored in fp_CF_verif_cache).
144 In other words, if two IPs are only differing on the last 2 bits,
145 then they will not land in the same cache bucket.
148 /* cached result of VG_(FPO_info_present)(). Refreshed each time
149 the fp_CF_verif_generation is different of the current debuginfo
151 static Bool FPO_info_present
= False
;
153 static UInt fp_CF_verif_generation
= 0;
154 // Our cache has to be maintained in sync with the CFI cache.
155 // Each time the debuginfo is changed, its generation will be incremented.
156 // We will clear our cache when our saved generation differs from
157 // the debuginfo generation.
159 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
160 /*OUT*/Addr
* ips
, UInt max_n_ips
,
161 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
162 const UnwindStartRegs
* startRegs
,
165 const Bool do_stats
= False
; // compute and output some stats regularly.
167 UInt nr
; // nr of stacktraces computed
168 UInt nf
; // nr of frames computed
169 UInt Ca
; // unwind for which cache indicates CFUnwind must be used.
170 UInt FF
; // unwind for which cache indicates FPUnwind can be used.
171 UInt Cf
; // unwind at end of stack+store CFUNWIND (xip not end of stack).
172 UInt Fw
; // unwind at end of stack+store FPUNWIND
173 UInt FO
; // unwind + store FPUNWIND
174 UInt CF
; // unwind + store CFUNWIND. Details below.
175 UInt xi
; UInt xs
; UInt xb
; // register(s) which caused a 'store CFUNWIND'.
176 UInt Ck
; // unwind fp invalid+store FPUNWIND
177 UInt MS
; // microsoft unwind
180 const Bool debug
= False
;
181 // = VG_(debugLog_getLevel) () > 3;
183 // = stats.nr >= 123456;
184 const HChar
* unwind_case
; // used when debug is True.
185 // Debugging this function is not straightforward.
186 // Here is the easiest way I have found:
187 // 1. Change the above to True.
188 // 2. Start your program under Valgrind with --tool=none --vgdb-error=0
189 // 3. Use GDB/vgdb to put a breakpoint where you want to debug the stacktrace
190 // 4. Continue till breakpoint is encountered
191 // 5. From GDB, use 'monitor v.info scheduler' and examine the unwind traces.
192 // You might have to do twice 'monitor v.info scheduler' to see
193 // the effect of caching the results of the verification.
194 // You can also modify the debug dynamically using by using
195 // 'monitor v.set debuglog 4.
200 const Int cmrf
= VG_(clo_merge_recursive_frames
);
202 vg_assert(sizeof(Addr
) == sizeof(UWord
));
203 vg_assert(sizeof(Addr
) == sizeof(void*));
205 D3UnwindRegs fpverif_uregs
; // result of CF unwind for a check reason.
206 Addr xip_verified
= 0; // xip for which we have calculated fpverif_uregs
207 // 0 assigned to silence false positive -Wuninitialized warning
208 // This is a false positive as xip_verified is assigned when
209 // xip_verif > CFUNWIND and only used if xip_verif > CFUNWIND.
212 uregs
.xip
= (Addr
)startRegs
->r_pc
;
213 uregs
.xsp
= (Addr
)startRegs
->r_sp
;
214 uregs
.xbp
= startRegs
->misc
.X86
.r_ebp
;
215 Addr fp_min
= uregs
.xsp
- VG_STACK_REDZONE_SZB
;
217 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
218 stopping when the trail goes cold, which we guess to be
219 when FP is not a reasonable stack location. */
221 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
222 // current page, at least. Dunno if it helps.
223 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
224 fp_max
= VG_PGROUNDUP(fp_max_orig
);
225 if (fp_max
>= sizeof(Addr
))
226 fp_max
-= sizeof(Addr
);
229 VG_(printf
)("max_n_ips=%u fp_min=0x%08lx fp_max_orig=0x08%lx, "
230 "fp_max=0x%08lx ip=0x%08lx fp=0x%08lx\n",
231 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
232 uregs
.xip
, uregs
.xbp
);
234 /* Assertion broken before main() is reached in pthreaded programs; the
235 * offending stack traces only have one item. --njn, 2002-aug-16 */
236 /* vg_assert(fp_min <= fp_max);*/
237 // On Darwin, this kicks in for pthread-related stack traces, so they're
238 // only 1 entry long which is wrong.
239 # if defined(VGO_linux)
240 if (fp_min
+ 512 >= fp_max
) {
241 /* If the stack limits look bogus, don't poke around ... but
242 don't bomb out either. */
243 # elif defined(VGO_solaris)
245 /* VG_(get_StackTrace)() can be called by tools very early when
246 various tracing options are enabled. Don't proceed further
247 if the stack limits look bogus.
250 # if defined(VGO_linux) || defined(VGO_solaris)
251 if (sps
) sps
[0] = uregs
.xsp
;
252 if (fps
) fps
[0] = uregs
.xbp
;
258 if (UNLIKELY (fp_CF_verif_generation
!= VG_(debuginfo_generation
)())) {
259 fp_CF_verif_generation
= VG_(debuginfo_generation
)();
260 VG_(memset
)(&fp_CF_verif_cache
, 0, sizeof(fp_CF_verif_cache
));
261 FPO_info_present
= VG_(FPO_info_present
)();
265 /* Loop unwinding the stack. Note that the IP value we get on
266 * each pass (whether from CFI info or a stack frame) is a
267 * return address so is actually after the calling instruction
268 * in the calling function.
270 * Because of this we subtract one from the IP after each pass
271 * of the loop so that we find the right CFI block on the next
272 * pass - otherwise we can find the wrong CFI info if it happens
273 * to change after the calling instruction and that will mean
274 * that we will fail to unwind the next step.
276 * This most frequently happens at the end of a function when
277 * a tail call occurs and we wind up using the CFI info for the
278 * next function which is completely wrong.
280 if (sps
) sps
[0] = uregs
.xsp
;
281 if (fps
) fps
[0] = uregs
.xbp
;
284 if (do_stats
) stats
.nr
++;
291 UWord hash
= uregs
.xip
% N_FP_CF_VERIF
;
292 Addr xip_verif
= uregs
.xip
^ fp_CF_verif_cache
[hash
];
294 VG_(printf
)(" uregs.xip 0x%08lx xip_verif[0x%08lx]"
295 " xbp 0x%08lx xsp 0x%08lx\n",
296 uregs
.xip
, xip_verif
,
297 uregs
.xbp
, uregs
.xsp
);
298 // If xip is in cache, then xip_verif will be <= CFUNWIND.
299 // Otherwise, if not in cache, xip_verif will be > CFUNWIND.
301 /* Try to derive a new (ip,sp,fp) triple from the current set. */
303 /* Do we have to do CFI unwinding ?
304 We do CFI unwinding if one of the following condition holds:
305 a. fp_CF_verif_cache contains xip but indicates CFUNWIND must
306 be done (i.e. fp unwind check failed when we did the first
308 b. fp_CF_verif_cache does not contain xip.
309 We will try CFI unwinding in fpverif_uregs and compare with
310 FP unwind result to insert xip in the cache with the correct
312 if (UNLIKELY(xip_verif
>= CFUNWIND
)) {
313 if (xip_verif
== CFUNWIND
) {
314 /* case a : do "real" cfi unwind */
315 if ( VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
) ) {
316 if (debug
) unwind_case
= "Ca";
317 if (do_stats
) stats
.Ca
++;
320 /* ??? cache indicates we have to do CFI unwind (so, we
321 previously found CFI info, and failed the fp unwind
322 check). Now, we just failed with CFI. So, once we
323 succeed, once we fail. No idea what is going on =>
324 cleanup the cache entry and fallover to fp unwind (this
326 fp_CF_verif_cache
[hash
] = 0;
327 if (debug
) VG_(printf
)(" cache reset as CFI ok then nok\n");
331 /* case b : do "verif" cfi unwind in fpverif_uregs */
332 fpverif_uregs
= uregs
;
333 xip_verified
= uregs
.xip
;
334 if ( !VG_(use_CF_info
)( &fpverif_uregs
, fp_min
, fp_max
) ) {
335 fp_CF_verif_cache
[hash
] = uregs
.xip
^ NOINFO
;
336 if (debug
) VG_(printf
)(" cache NOINFO fpverif_uregs\n");
342 /* On x86, try the old-fashioned method of following the
343 %ebp-chain. This can be done if the fp_CF_verif_cache for xip
344 indicate fp unwind is ok. This must be done if the cache indicates
345 there is no info. This is also done to confirm what to put in the cache
346 if xip was not in the cache. */
347 /* This deals with frames resulting from functions which begin "pushl%
348 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */
349 if (fp_min
<= uregs
.xbp
&&
350 uregs
.xbp
<= fp_max
- 1 * sizeof(UWord
)/*see comment below*/ &&
351 VG_IS_4_ALIGNED(uregs
.xbp
))
355 /* fp looks sane, so use it. */
356 uregs
.xip
= (((UWord
*)uregs
.xbp
)[1]);
357 // We stop if we hit a zero (the traditional end-of-stack
358 // marker) or a one -- these correspond to recorded IPs of 0 or -1.
359 // The latter because r8818 (in this file) changes the meaning of
360 // entries [1] and above in a stack trace, by subtracting 1 from
361 // them. Hence stacks that used to end with a zero value now end in
362 // -1 and so we must detect that too.
363 if (0 == uregs
.xip
|| 1 == uregs
.xip
) {
364 if (xip_verif
> CFUNWIND
) {
365 // Check if we obtain the same result with fp unwind.
366 // If same result, then mark xip as fp unwindable
367 if (uregs
.xip
== fpverif_uregs
.xip
) {
368 fp_CF_verif_cache
[hash
] = xip_verified
^ FPUNWIND
;
369 if (debug
) VG_(printf
)(" cache FPUNWIND 0\n");
371 if (do_stats
) stats
.Fw
++;
374 fp_CF_verif_cache
[hash
] = xip_verified
^ CFUNWIND
;
375 uregs
= fpverif_uregs
;
376 if (debug
) VG_(printf
)(" cache CFUNWIND 0\n");
378 if (do_stats
) stats
.Cf
++;
382 // end of stack => out of the loop.
388 uregs
.xsp
= uregs
.xbp
+ sizeof(Addr
) /*saved %ebp*/
389 + sizeof(Addr
) /*ra*/;
390 uregs
.xbp
= (((UWord
*)uregs
.xbp
)[0]);
391 if (xip_verif
> CFUNWIND
) {
392 if (uregs
.xip
== fpverif_uregs
.xip
393 && uregs
.xsp
== fpverif_uregs
.xsp
394 && uregs
.xbp
== fpverif_uregs
.xbp
) {
395 fp_CF_verif_cache
[hash
] = xip_verified
^ FPUNWIND
;
396 if (debug
) VG_(printf
)(" cache FPUNWIND >2\n");
397 if (debug
) unwind_case
= "FO";
398 if (do_stats
) stats
.FO
++;
399 if (old_xsp
>= uregs
.xsp
) {
401 VG_(printf
) (" FO end of stack old_xsp %p >= xsp %p\n",
402 (void*)old_xsp
, (void*)uregs
.xsp
);
406 fp_CF_verif_cache
[hash
] = xip_verified
^ CFUNWIND
;
407 if (debug
) VG_(printf
)(" cache CFUNWIND >2\n");
408 if (do_stats
&& uregs
.xip
!= fpverif_uregs
.xip
) stats
.xi
++;
409 if (do_stats
&& uregs
.xsp
!= fpverif_uregs
.xsp
) stats
.xs
++;
410 if (do_stats
&& uregs
.xbp
!= fpverif_uregs
.xbp
) stats
.xb
++;
411 uregs
= fpverif_uregs
;
412 if (debug
) unwind_case
= "CF";
413 if (do_stats
) stats
.CF
++;
416 if (debug
) unwind_case
= "FF";
417 if (do_stats
) stats
.FF
++;
418 if (old_xsp
>= uregs
.xsp
) {
420 VG_(printf
) (" FF end of stack old_xsp %p >= xsp %p\n",
421 (void*)old_xsp
, (void*)uregs
.xsp
);
427 // fp unwind has failed.
428 // If we were checking the validity of the cfi unwinding,
429 // we mark in the cache that the fp unwind cannot be done, and that
430 // cfi unwind is desired.
431 if (xip_verif
> CFUNWIND
) {
432 // We know that fpverif_uregs contains valid information,
433 // as a failed cf unwind would have put NOINFO in xip_verif.
434 fp_CF_verif_cache
[hash
] = xip_verified
^ CFUNWIND
;
435 if (debug
) VG_(printf
)(" cache CFUNWIND as fp failed\n");
436 uregs
= fpverif_uregs
;
437 if (debug
) unwind_case
= "Ck";
438 if (do_stats
) stats
.Ck
++;
441 // xip_verif is FPUNWIND or NOINFO.
442 // We failed the cfi unwind and/or the fp unwind.
443 // => fallback to FPO info.
446 /* And, similarly, try for MSVC FPO unwind info. */
448 && VG_(use_FPO_info
)( &uregs
.xip
, &uregs
.xsp
, &uregs
.xbp
,
449 VG_(current_DiEpoch
)(),
451 if (debug
) unwind_case
= "MS";
452 if (do_stats
) stats
.MS
++;
456 /* No luck. We have to give up. */
460 /* Add a frame in ips/sps/fps */
461 /* fp is %ebp. sp is %esp. ip is %eip. */
462 if (0 == uregs
.xip
|| 1 == uregs
.xip
) break;
463 if (sps
) sps
[i
] = uregs
.xsp
;
464 if (fps
) fps
[i
] = uregs
.xbp
;
465 ips
[i
++] = uregs
.xip
- 1;
466 /* -1: refer to calling insn, not the RA */
468 VG_(printf
)(" ips%s[%d]=0x%08lx\n", unwind_case
, i
-1, ips
[i
-1]);
469 uregs
.xip
= uregs
.xip
- 1;
470 /* as per comment at the head of this loop */
471 RECURSIVE_MERGE(cmrf
,ips
,i
);
474 if (do_stats
) stats
.nf
+= i
;
475 if (do_stats
&& stats
.nr
% 10000 == 0) {
476 VG_(printf
)("nr %u nf %u "
480 "CF %u (xi %u xs %u xb %u) "
486 stats
.CF
, stats
.xi
, stats
.xs
, stats
.xb
,
500 /* ----------------------- amd64 ------------------------ */
502 #if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) \
503 || defined(VGP_amd64_solaris)
505 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
506 /*OUT*/Addr
* ips
, UInt max_n_ips
,
507 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
508 const UnwindStartRegs
* startRegs
,
511 const Bool debug
= False
;
515 const Int cmrf
= VG_(clo_merge_recursive_frames
);
517 vg_assert(sizeof(Addr
) == sizeof(UWord
));
518 vg_assert(sizeof(Addr
) == sizeof(void*));
521 uregs
.xip
= startRegs
->r_pc
;
522 uregs
.xsp
= startRegs
->r_sp
;
523 uregs
.xbp
= startRegs
->misc
.AMD64
.r_rbp
;
524 Addr fp_min
= uregs
.xsp
- VG_STACK_REDZONE_SZB
;
526 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
527 stopping when the trail goes cold, which we guess to be
528 when FP is not a reasonable stack location. */
530 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
531 // current page, at least. Dunno if it helps.
532 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
533 fp_max
= VG_PGROUNDUP(fp_max_orig
);
534 if (fp_max
>= sizeof(Addr
))
535 fp_max
-= sizeof(Addr
);
538 VG_(printf
)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
539 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
540 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
541 uregs
.xip
, uregs
.xbp
);
543 /* Assertion broken before main() is reached in pthreaded programs; the
544 * offending stack traces only have one item. --njn, 2002-aug-16 */
545 /* vg_assert(fp_min <= fp_max);*/
546 // On Darwin, this kicks in for pthread-related stack traces, so they're
547 // only 1 entry long which is wrong.
548 # if defined(VGO_linux)
549 if (fp_min
+ 256 >= fp_max
) {
550 /* If the stack limits look bogus, don't poke around ... but
551 don't bomb out either. */
552 # elif defined(VGO_solaris)
554 /* VG_(get_StackTrace)() can be called by tools very early when
555 various tracing options are enabled. Don't proceed further
556 if the stack limits look bogus.
559 # if defined(VGO_linux) || defined(VGO_solaris)
561 if (sps
) sps
[0] = uregs
.xsp
;
562 if (fps
) fps
[0] = uregs
.xbp
;
568 /* fp is %rbp. sp is %rsp. ip is %rip. */
571 if (sps
) sps
[0] = uregs
.xsp
;
572 if (fps
) fps
[0] = uregs
.xbp
;
575 VG_(printf
)(" ipsS[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
576 i
-1, ips
[i
-1], uregs
.xbp
, uregs
.xsp
);
578 # if defined(VGO_darwin)
579 if (VG_(is_valid_tid
)(tid_if_known
) &&
580 VG_(is_in_syscall
)(tid_if_known
) &&
582 /* On Darwin, all the system call stubs have no function
583 * prolog. So instead of top of the stack being a new
584 * frame comprising a saved BP and a return address, we
585 * just have the return address in the caller's frame.
586 * Adjust for this by recording the return address.
588 ips
[i
] = *(Addr
*)uregs
.xsp
- 1;
589 if (sps
) sps
[i
] = uregs
.xsp
;
590 if (fps
) fps
[i
] = uregs
.xbp
;
595 /* Loop unwinding the stack. Note that the IP value we get on
596 * each pass (whether from CFI info or a stack frame) is a
597 * return address so is actually after the calling instruction
598 * in the calling function.
600 * Because of this we subtract one from the IP after each pass
601 * of the loop so that we find the right CFI block on the next
602 * pass - otherwise we can find the wrong CFI info if it happens
603 * to change after the calling instruction and that will mean
604 * that we will fail to unwind the next step.
606 * This most frequently happens at the end of a function when
607 * a tail call occurs and we wind up using the CFI info for the
608 * next function which is completely wrong.
618 /* Try to derive a new (ip,sp,fp) triple from the current set. */
620 /* First off, see if there is any CFI info to hand which can
622 if ( VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
) ) {
623 if (0 == uregs
.xip
|| 1 == uregs
.xip
) break;
624 if (old_xsp
>= uregs
.xsp
) {
626 VG_(printf
) (" CF end of stack old_xsp %p >= xsp %p\n",
627 (void*)old_xsp
, (void*)uregs
.xsp
);
630 if (sps
) sps
[i
] = uregs
.xsp
;
631 if (fps
) fps
[i
] = uregs
.xbp
;
632 ips
[i
++] = uregs
.xip
- 1; /* -1: refer to calling insn, not the RA */
634 VG_(printf
)(" ipsC[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
635 i
-1, ips
[i
-1], uregs
.xbp
, uregs
.xsp
);
636 uregs
.xip
= uregs
.xip
- 1; /* as per comment at the head of this loop */
637 RECURSIVE_MERGE(cmrf
,ips
,i
);
641 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so
642 we can safely try the old-fashioned method. */
643 /* This bit is supposed to deal with frames resulting from
644 functions which begin "pushq %rbp ; movq %rsp, %rbp".
645 Unfortunately, since we can't (easily) look at the insns at
646 the start of the fn, like GDB does, there's no reliable way
647 to tell. Hence the hack of first trying out CFI, and if that
648 fails, then use this as a fallback. */
649 /* Note: re "- 1 * sizeof(UWord)", need to take account of the
650 fact that we are prodding at & ((UWord*)fp)[1] and so need to
651 adjust the limit check accordingly. Omitting this has been
652 observed to cause segfaults on rare occasions. */
653 if (fp_min
<= uregs
.xbp
&& uregs
.xbp
<= fp_max
- 1 * sizeof(UWord
)) {
654 /* fp looks sane, so use it. */
655 uregs
.xip
= (((UWord
*)uregs
.xbp
)[1]);
656 if (0 == uregs
.xip
|| 1 == uregs
.xip
) break;
657 uregs
.xsp
= uregs
.xbp
+ sizeof(Addr
) /*saved %rbp*/
658 + sizeof(Addr
) /*ra*/;
659 if (old_xsp
>= uregs
.xsp
) {
661 VG_(printf
) (" FF end of stack old_xsp %p >= xsp %p\n",
662 (void*)old_xsp
, (void*)uregs
.xsp
);
665 uregs
.xbp
= (((UWord
*)uregs
.xbp
)[0]);
666 if (sps
) sps
[i
] = uregs
.xsp
;
667 if (fps
) fps
[i
] = uregs
.xbp
;
668 ips
[i
++] = uregs
.xip
- 1; /* -1: refer to calling insn, not the RA */
670 VG_(printf
)(" ipsF[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
671 i
-1, ips
[i
-1], uregs
.xbp
, uregs
.xsp
);
672 uregs
.xip
= uregs
.xip
- 1; /* as per comment at the head of this loop */
673 RECURSIVE_MERGE(cmrf
,ips
,i
);
677 /* Last-ditch hack (evidently GDB does something similar). We
678 are in the middle of nowhere and we have a nonsense value for
679 the frame pointer. If the stack pointer is still valid,
680 assume that what it points at is a return address. Yes,
681 desperate measures. Could do better here:
682 - check that the supposed return address is in
684 - check that the supposed return address is just after a call insn
685 - given those two checks, don't just consider *sp as the return
686 address; instead scan a likely section of stack (eg sp .. sp+256)
687 and use suitable values found there.
689 if (fp_min
<= uregs
.xsp
&& uregs
.xsp
< fp_max
) {
690 uregs
.xip
= ((UWord
*)uregs
.xsp
)[0];
691 if (0 == uregs
.xip
|| 1 == uregs
.xip
) break;
692 if (sps
) sps
[i
] = uregs
.xsp
;
693 if (fps
) fps
[i
] = uregs
.xbp
;
694 ips
[i
++] = uregs
.xip
== 0
695 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a
698 /* -1: refer to calling insn, not the RA */
700 VG_(printf
)(" ipsH[%d]=%#08lx\n", i
-1, ips
[i
-1]);
701 uregs
.xip
= uregs
.xip
- 1; /* as per comment at the head of this loop */
703 RECURSIVE_MERGE(cmrf
,ips
,i
);
707 /* No luck at all. We have to give up. */
717 /* -----------------------ppc32/64 ---------------------- */
719 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \
720 || defined(VGP_ppc64le_linux)
722 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
723 /*OUT*/Addr
* ips
, UInt max_n_ips
,
724 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
725 const UnwindStartRegs
* startRegs
,
728 Bool lr_is_first_RA
= False
;
729 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
730 Word redir_stack_size
= 0;
731 Word redirs_used
= 0;
733 const Int cmrf
= VG_(clo_merge_recursive_frames
);
734 const DiEpoch cur_ep
= VG_(current_DiEpoch
)();
741 vg_assert(sizeof(Addr
) == sizeof(UWord
));
742 vg_assert(sizeof(Addr
) == sizeof(void*));
744 Addr ip
= (Addr
)startRegs
->r_pc
;
745 Addr sp
= (Addr
)startRegs
->r_sp
;
747 # if defined(VGP_ppc32_linux)
748 Addr lr
= startRegs
->misc
.PPC32
.r_lr
;
749 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
750 Addr lr
= startRegs
->misc
.PPC64
.r_lr
;
752 Addr fp_min
= sp
- VG_STACK_REDZONE_SZB
;
754 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
755 stopping when the trail goes cold, which we guess to be
756 when FP is not a reasonable stack location. */
758 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
759 // current page, at least. Dunno if it helps.
760 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
761 fp_max
= VG_PGROUNDUP(fp_max_orig
);
762 if (fp_max
>= sizeof(Addr
))
763 fp_max
-= sizeof(Addr
);
766 VG_(printf
)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
767 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
768 max_n_ips
, fp_min
, fp_max_orig
, fp_max
, ip
, fp
);
770 /* Assertion broken before main() is reached in pthreaded programs; the
771 * offending stack traces only have one item. --njn, 2002-aug-16 */
772 /* vg_assert(fp_min <= fp_max);*/
773 if (fp_min
+ 512 >= fp_max
) {
774 /* If the stack limits look bogus, don't poke around ... but
775 don't bomb out either. */
776 if (sps
) sps
[0] = sp
;
777 if (fps
) fps
[0] = fp
;
782 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and
785 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
786 redir_stack_size
= VEX_GUEST_PPC64_REDIR_STACK_SIZE
;
790 # if defined(VG_PLAT_USES_PPCTOC) || defined (VGP_ppc64le_linux)
791 /* Deal with bogus LR values caused by function
792 interception/wrapping on ppc-TOC platforms; see comment on
793 similar code a few lines further down. */
794 if (lr
== (Addr
)&VG_(ppctoc_magic_redirect_return_stub
)
795 && VG_(is_valid_tid
)(tid_if_known
)) {
796 Word hsp
= VG_(threads
)[tid_if_known
].arch
.vex
.guest_REDIR_SP
;
798 if (hsp
>= 1 && hsp
< redir_stack_size
)
799 lr
= VG_(threads
)[tid_if_known
]
800 .arch
.vex
.guest_REDIR_STACK
[hsp
-1];
804 /* We have to determine whether or not LR currently holds this fn
805 (call it F)'s return address. It might not if F has previously
806 called some other function, hence overwriting LR with a pointer
807 to some part of F. Hence if LR and IP point to the same
808 function then we conclude LR does not hold this function's
809 return address; instead the LR at entry must have been saved in
810 the stack by F's prologue and so we must get it from there
811 instead. Note all this guff only applies to the innermost
813 lr_is_first_RA
= False
;
815 const HChar
*buf_lr
, *buf_ip
;
816 /* The following conditional looks grossly inefficient and
817 surely could be majorly improved, with not much effort. */
818 if (VG_(get_fnname_raw
) (cur_ep
, lr
, &buf_lr
)) {
819 HChar buf_lr_copy
[VG_(strlen
)(buf_lr
) + 1];
820 VG_(strcpy
)(buf_lr_copy
, buf_lr
);
821 if (VG_(get_fnname_raw
) (cur_ep
, ip
, &buf_ip
))
822 if (VG_(strcmp
)(buf_lr_copy
, buf_ip
))
823 lr_is_first_RA
= True
;
827 if (sps
) sps
[0] = fp
; /* NB. not sp */
828 if (fps
) fps
[0] = fp
;
832 if (fp_min
<= fp
&& fp
< fp_max
-VG_WORDSIZE
+1) {
834 /* initial FP is sane; keep going */
835 fp
= (((UWord
*)fp
)[0]);
839 /* On ppc64-linux (ppc64-elf, really), the lr save
840 slot is 2 words back from sp, whereas on ppc32-elf(?) it's
841 only one word back. */
842 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
843 const Int lr_offset
= 2;
845 const Int lr_offset
= 1;
851 /* Try to derive a new (ip,fp) pair from the current set. */
853 if (fp_min
<= fp
&& fp
<= fp_max
- lr_offset
* sizeof(UWord
)) {
854 /* fp looks sane, so use it. */
856 if (i
== 1 && lr_is_first_RA
)
859 ip
= (((UWord
*)fp
)[lr_offset
]);
861 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
862 /* Nasty hack to do with function replacement/wrapping on
863 ppc64-linux. If LR points to our magic return stub,
864 then we are in a wrapped or intercepted function, in
865 which LR has been messed with. The original LR will
866 have been pushed onto the thread's hidden REDIR stack
867 one down from the top (top element is the saved R2) and
868 so we should restore the value from there instead.
869 Since nested redirections can and do happen, we keep
870 track of the number of nested LRs used by the unwinding
871 so far with 'redirs_used'. */
872 if (ip
== (Addr
)&VG_(ppctoc_magic_redirect_return_stub
)
873 && VG_(is_valid_tid
)(tid_if_known
)) {
874 Word hsp
= VG_(threads
)[tid_if_known
]
875 .arch
.vex
.guest_REDIR_SP
;
876 hsp
-= 2 * redirs_used
;
878 if (hsp
>= 1 && hsp
< redir_stack_size
)
879 ip
= VG_(threads
)[tid_if_known
]
880 .arch
.vex
.guest_REDIR_STACK
[hsp
-1];
884 if (0 == ip
|| 1 == ip
) break;
885 if (sps
) sps
[i
] = fp
; /* NB. not sp */
886 if (fps
) fps
[i
] = fp
;
887 fp
= (((UWord
*)fp
)[0]);
888 ips
[i
++] = ip
- 1; /* -1: refer to calling insn, not the RA */
890 VG_(printf
)(" ipsF[%d]=%#08lx\n", i
-1, ips
[i
-1]);
891 ip
= ip
- 1; /* ip is probably dead at this point, but
892 play safe, a la x86/amd64 above. See
893 extensive comments above. */
894 RECURSIVE_MERGE(cmrf
,ips
,i
);
898 /* No luck there. We have to give up. */
909 /* ------------------------ arm ------------------------- */
911 #if defined(VGP_arm_linux)
913 static Bool
in_same_fn ( Addr a1
, Addr a2
)
915 const HChar
*buf_a1
, *buf_a2
;
916 /* The following conditional looks grossly inefficient and
917 surely could be majorly improved, with not much effort. */
918 const DiEpoch cur_ep
= VG_(current_DiEpoch
)();
919 if (VG_(get_fnname_raw
) (cur_ep
, a1
, &buf_a1
)) {
920 HChar buf_a1_copy
[VG_(strlen
)(buf_a1
) + 1];
921 VG_(strcpy
)(buf_a1_copy
, buf_a1
);
922 if (VG_(get_fnname_raw
) (cur_ep
, a2
, &buf_a2
))
923 if (VG_(strcmp
)(buf_a1_copy
, buf_a2
))
929 static Bool
in_same_page ( Addr a1
, Addr a2
) {
930 return (a1
& ~0xFFF) == (a2
& ~0xFFF);
933 static Addr
abs_diff ( Addr a1
, Addr a2
) {
934 return (Addr
)(a1
> a2
? a1
- a2
: a2
- a1
);
937 static Bool
has_XT_perms ( Addr a
)
939 NSegment
const* seg
= VG_(am_find_nsegment
)(a
);
940 return seg
&& seg
->hasX
&& seg
->hasT
;
943 static Bool
looks_like_Thumb_call32 ( UShort w0
, UShort w1
)
946 VG_(printf
)("isT32call %04x %04x\n", (UInt
)w0
, (UInt
)w1
);
948 if ((w0
& 0xF800) == 0xF000 && (w1
& 0xC000) == 0xC000) return True
;
950 if ((w0
& 0xF800) == 0xF000 && (w1
& 0xC000) == 0xC000) return True
;
954 static Bool
looks_like_Thumb_call16 ( UShort w0
)
959 static Bool
looks_like_ARM_call ( UInt a0
)
962 VG_(printf
)("isA32call %08x\n", a0
);
963 // Leading E forces unconditional only -- fix
964 if ((a0
& 0xFF000000) == 0xEB000000) return True
;
968 static Bool
looks_like_RA ( Addr ra
)
970 /* 'ra' is a plausible return address if it points to
971 an instruction after a call insn. */
974 // returning to Thumb code
977 if (has_XT_perms(ra
)) {
978 UShort w0
= *(UShort
*)ra
;
979 UShort w1
= in_same_page(ra
, ra
+2) ? *(UShort
*)(ra
+2) : 0;
980 if (looks_like_Thumb_call16(w1
) || looks_like_Thumb_call32(w0
,w1
))
987 if (has_XT_perms(ra
)) {
988 UInt a0
= *(UInt
*)ra
;
989 if (looks_like_ARM_call(a0
))
996 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
997 /*OUT*/Addr
* ips
, UInt max_n_ips
,
998 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
999 const UnwindStartRegs
* startRegs
,
1006 const Int cmrf
= VG_(clo_merge_recursive_frames
);
1008 vg_assert(sizeof(Addr
) == sizeof(UWord
));
1009 vg_assert(sizeof(Addr
) == sizeof(void*));
1012 uregs
.r15
= startRegs
->r_pc
& 0xFFFFFFFE;
1013 uregs
.r14
= startRegs
->misc
.ARM
.r14
;
1014 uregs
.r13
= startRegs
->r_sp
;
1015 uregs
.r12
= startRegs
->misc
.ARM
.r12
;
1016 uregs
.r11
= startRegs
->misc
.ARM
.r11
;
1017 uregs
.r7
= startRegs
->misc
.ARM
.r7
;
1018 Addr fp_min
= uregs
.r13
- VG_STACK_REDZONE_SZB
;
1020 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1021 stopping when the trail goes cold, which we guess to be
1022 when FP is not a reasonable stack location. */
1024 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1025 // current page, at least. Dunno if it helps.
1026 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1027 fp_max
= VG_PGROUNDUP(fp_max_orig
);
1028 if (fp_max
>= sizeof(Addr
))
1029 fp_max
-= sizeof(Addr
);
1032 VG_(printf
)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1033 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n",
1034 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
1035 uregs
.r15
, uregs
.r13
);
1037 /* Assertion broken before main() is reached in pthreaded programs; the
1038 * offending stack traces only have one item. --njn, 2002-aug-16 */
1039 /* vg_assert(fp_min <= fp_max);*/
1040 // On Darwin, this kicks in for pthread-related stack traces, so they're
1041 // only 1 entry long which is wrong.
1042 if (fp_min
+ 512 >= fp_max
) {
1043 /* If the stack limits look bogus, don't poke around ... but
1044 don't bomb out either. */
1045 if (sps
) sps
[0] = uregs
.r13
;
1046 if (fps
) fps
[0] = 0;
1053 if (sps
) sps
[0] = uregs
.r13
;
1054 if (fps
) fps
[0] = 0;
1058 /* Loop unwinding the stack. */
1059 Bool do_stack_scan
= False
;
1061 /* First try the Official Way, using Dwarf CFI. */
1064 VG_(printf
)("i: %d, r15: 0x%lx, r13: 0x%lx\n",
1065 i
, uregs
.r15
, uregs
.r13
);
1071 if (VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
)) {
1072 if (sps
) sps
[i
] = uregs
.r13
;
1073 if (fps
) fps
[i
] = 0;
1074 ips
[i
++] = (uregs
.r15
& 0xFFFFFFFE) - 1;
1076 VG_(printf
)("USING CFI: r15: 0x%lx, r13: 0x%lx\n",
1077 uregs
.r15
, uregs
.r13
);
1078 uregs
.r15
= (uregs
.r15
& 0xFFFFFFFE) - 1;
1079 RECURSIVE_MERGE(cmrf
,ips
,i
);
1083 /* No luck. We have to give up. */
1084 do_stack_scan
= True
;
1088 /* Now try Plan B (maybe) -- stack scanning. This often gives
1089 pretty bad results, so this has to be enabled explicitly by the
1092 && i
< max_n_ips
&& i
< (Int
)VG_(clo_unw_stack_scan_thresh
)) {
1093 Int nByStackScan
= 0;
1094 Addr lr
= uregs
.r14
;
1095 Addr sp
= uregs
.r13
& ~3;
1096 Addr pc
= uregs
.r15
;
1097 // First see if LR contains
1098 // something that could be a valid return address.
1099 if (!in_same_fn(lr
, pc
) && looks_like_RA(lr
)) {
1100 // take it only if 'cand' isn't obviously a duplicate
1101 // of the last found IP value
1102 Addr cand
= (lr
& 0xFFFFFFFE) - 1;
1103 if (abs_diff(cand
, ips
[i
-1]) > 1) {
1104 if (sps
) sps
[i
] = 0;
1105 if (fps
) fps
[i
] = 0;
1107 RECURSIVE_MERGE(cmrf
,ips
,i
);
1111 while (in_same_page(sp
, uregs
.r13
)) {
1114 // we're in the same page; fairly safe to keep going
1115 UWord w
= *(UWord
*)(sp
& ~0x3);
1116 if (looks_like_RA(w
)) {
1117 Addr cand
= (w
& 0xFFFFFFFE) - 1;
1118 // take it only if 'cand' isn't obviously a duplicate
1119 // of the last found IP value
1120 if (abs_diff(cand
, ips
[i
-1]) > 1) {
1121 if (sps
) sps
[i
] = 0;
1122 if (fps
) fps
[i
] = 0;
1124 RECURSIVE_MERGE(cmrf
,ips
,i
);
1125 if (++nByStackScan
>= VG_(clo_unw_stack_scan_frames
)) break;
1138 /* ------------------------ arm64 ------------------------- */
1140 #if defined(VGP_arm64_linux)
1142 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
1143 /*OUT*/Addr
* ips
, UInt max_n_ips
,
1144 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
1145 const UnwindStartRegs
* startRegs
,
1152 const Int cmrf
= VG_(clo_merge_recursive_frames
);
1154 vg_assert(sizeof(Addr
) == sizeof(UWord
));
1155 vg_assert(sizeof(Addr
) == sizeof(void*));
1158 uregs
.pc
= startRegs
->r_pc
;
1159 uregs
.sp
= startRegs
->r_sp
;
1160 uregs
.x30
= startRegs
->misc
.ARM64
.x30
;
1161 uregs
.x29
= startRegs
->misc
.ARM64
.x29
;
1162 Addr fp_min
= uregs
.sp
- VG_STACK_REDZONE_SZB
;
1164 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1165 stopping when the trail goes cold, which we guess to be
1166 when FP is not a reasonable stack location. */
1168 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1169 // current page, at least. Dunno if it helps.
1170 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1171 fp_max
= VG_PGROUNDUP(fp_max_orig
);
1172 if (fp_max
>= sizeof(Addr
))
1173 fp_max
-= sizeof(Addr
);
1176 VG_(printf
)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1177 "fp_max=0x%lx PC=0x%lx SP=0x%lx\n",
1178 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
1179 uregs
.pc
, uregs
.sp
);
1181 /* Assertion broken before main() is reached in pthreaded programs; the
1182 * offending stack traces only have one item. --njn, 2002-aug-16 */
1183 /* vg_assert(fp_min <= fp_max);*/
1184 // On Darwin, this kicks in for pthread-related stack traces, so they're
1185 // only 1 entry long which is wrong.
1186 if (fp_min
+ 512 >= fp_max
) {
1187 /* If the stack limits look bogus, don't poke around ... but
1188 don't bomb out either. */
1189 if (sps
) sps
[0] = uregs
.sp
;
1190 if (fps
) fps
[0] = uregs
.x29
;
1197 if (sps
) sps
[0] = uregs
.sp
;
1198 if (fps
) fps
[0] = uregs
.x29
;
1202 /* Loop unwinding the stack, using CFI. */
1205 VG_(printf
)("i: %d, pc: 0x%lx, sp: 0x%lx\n",
1206 i
, uregs
.pc
, uregs
.sp
);
1212 if (VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
)) {
1213 if (sps
) sps
[i
] = uregs
.sp
;
1214 if (fps
) fps
[i
] = uregs
.x29
;
1215 ips
[i
++] = uregs
.pc
- 1;
1217 VG_(printf
)("USING CFI: pc: 0x%lx, sp: 0x%lx\n",
1218 uregs
.pc
, uregs
.sp
);
1219 uregs
.pc
= uregs
.pc
- 1;
1220 RECURSIVE_MERGE(cmrf
,ips
,i
);
1224 /* No luck. We have to give up. */
1234 /* ------------------------ s390x ------------------------- */
1236 #if defined(VGP_s390x_linux)
1238 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
1239 /*OUT*/Addr
* ips
, UInt max_n_ips
,
1240 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
1241 const UnwindStartRegs
* startRegs
,
1248 const Int cmrf
= VG_(clo_merge_recursive_frames
);
1250 vg_assert(sizeof(Addr
) == sizeof(UWord
));
1251 vg_assert(sizeof(Addr
) == sizeof(void*));
1254 uregs
.ia
= startRegs
->r_pc
;
1255 uregs
.sp
= startRegs
->r_sp
;
1256 Addr fp_min
= uregs
.sp
- VG_STACK_REDZONE_SZB
;
1257 uregs
.fp
= startRegs
->misc
.S390X
.r_fp
;
1258 uregs
.lr
= startRegs
->misc
.S390X
.r_lr
;
1260 fp_max
= VG_PGROUNDUP(fp_max_orig
);
1261 if (fp_max
>= sizeof(Addr
))
1262 fp_max
-= sizeof(Addr
);
1265 VG_(printf
)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1266 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n",
1267 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
1268 uregs
.ia
, uregs
.sp
,uregs
.fp
);
1270 /* The first frame is pretty obvious */
1272 if (sps
) sps
[0] = uregs
.sp
;
1273 if (fps
) fps
[0] = uregs
.fp
;
1276 /* for everything else we have to rely on the eh_frame. gcc defaults to
1277 not create a backchain and all the other tools (like gdb) also have
1283 if (VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
)) {
1284 if (sps
) sps
[i
] = uregs
.sp
;
1285 if (fps
) fps
[i
] = uregs
.fp
;
1286 ips
[i
++] = uregs
.ia
- 1;
1287 uregs
.ia
= uregs
.ia
- 1;
1288 RECURSIVE_MERGE(cmrf
,ips
,i
);
1291 /* A problem on the first frame? Lets assume it was a bad jump.
1292 We will use the link register and the current stack and frame
1293 pointers and see if we can use the CFI in the next round. */
1303 uregs
.ia
= uregs
.lr
- 1;
1304 ips
[i
++] = uregs
.lr
- 1;
1305 RECURSIVE_MERGE(cmrf
,ips
,i
);
1309 /* No luck. We have to give up. */
1319 /* ------------------------ mips 32/64 ------------------------- */
1320 #if defined(VGP_mips32_linux) || defined(VGP_mips64_linux)
1321 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
1322 /*OUT*/Addr
* ips
, UInt max_n_ips
,
1323 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
1324 const UnwindStartRegs
* startRegs
,
1331 const Int cmrf
= VG_(clo_merge_recursive_frames
);
1333 vg_assert(sizeof(Addr
) == sizeof(UWord
));
1334 vg_assert(sizeof(Addr
) == sizeof(void*));
1337 uregs
.pc
= startRegs
->r_pc
;
1338 uregs
.sp
= startRegs
->r_sp
;
1339 Addr fp_min
= uregs
.sp
- VG_STACK_REDZONE_SZB
;
1341 #if defined(VGP_mips32_linux)
1342 uregs
.fp
= startRegs
->misc
.MIPS32
.r30
;
1343 uregs
.ra
= startRegs
->misc
.MIPS32
.r31
;
1344 #elif defined(VGP_mips64_linux)
1345 uregs
.fp
= startRegs
->misc
.MIPS64
.r30
;
1346 uregs
.ra
= startRegs
->misc
.MIPS64
.r31
;
1349 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1350 stopping when the trail goes cold, which we guess to be
1351 when FP is not a reasonable stack location. */
1353 fp_max
= VG_PGROUNDUP(fp_max_orig
);
1354 if (fp_max
>= sizeof(Addr
))
1355 fp_max
-= sizeof(Addr
);
1358 VG_(printf
)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1359 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n",
1360 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
1361 uregs
.pc
, uregs
.sp
, uregs
.fp
);
1363 if (sps
) sps
[0] = uregs
.sp
;
1364 if (fps
) fps
[0] = uregs
.fp
;
1368 /* Loop unwinding the stack. */
1372 VG_(printf
)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1373 i
, uregs
.pc
, uregs
.sp
, uregs
.ra
);
1378 D3UnwindRegs uregs_copy
= uregs
;
1379 if (VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
)) {
1381 VG_(printf
)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1382 uregs
.pc
, uregs
.sp
, uregs
.ra
);
1383 if (0 != uregs
.pc
&& 1 != uregs
.pc
) {
1384 if (sps
) sps
[i
] = uregs
.sp
;
1385 if (fps
) fps
[i
] = uregs
.fp
;
1386 ips
[i
++] = uregs
.pc
- 4;
1387 uregs
.pc
= uregs
.pc
- 4;
1388 RECURSIVE_MERGE(cmrf
,ips
,i
);
1394 int seen_sp_adjust
= 0;
1395 long frame_offset
= 0;
1397 const DiEpoch cur_ep
= VG_(current_DiEpoch
)();
1398 if (VG_(get_inst_offset_in_function
)(cur_ep
, uregs
.pc
, &offset
)) {
1399 Addr start_pc
= uregs
.pc
- offset
;
1400 Addr limit_pc
= uregs
.pc
;
1402 for (cur_pc
= start_pc
; cur_pc
< limit_pc
; cur_pc
+= 4) {
1403 unsigned long inst
, high_word
, low_word
;
1404 unsigned long * cur_inst
;
1405 /* Fetch the instruction. */
1406 cur_inst
= (unsigned long *)cur_pc
;
1407 inst
= *((UInt
*) cur_inst
);
1409 VG_(printf
)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc
, inst
);
1411 /* Save some code by pre-extracting some useful fields. */
1412 high_word
= (inst
>> 16) & 0xffff;
1413 low_word
= inst
& 0xffff;
1415 if (high_word
== 0x27bd /* addiu $sp,$sp,-i */
1416 || high_word
== 0x23bd /* addi $sp,$sp,-i */
1417 || high_word
== 0x67bd) { /* daddiu $sp,$sp,-i */
1418 if (low_word
& 0x8000) /* negative stack adjustment? */
1419 frame_offset
+= 0x10000 - low_word
;
1421 /* Exit loop if a positive stack adjustment is found, which
1422 usually means that the stack cleanup code in the function
1423 epilogue is reached. */
1429 VG_(printf
)("offset: 0x%lx\n", frame_offset
);
1431 if (seen_sp_adjust
) {
1432 if (0 == uregs
.pc
|| 1 == uregs
.pc
) break;
1433 if (uregs
.pc
== uregs
.ra
- 8) break;
1435 sps
[i
] = uregs
.sp
+ frame_offset
;
1437 uregs
.sp
= uregs
.sp
+ frame_offset
;
1443 if (0 == uregs
.ra
|| 1 == uregs
.ra
) break;
1444 uregs
.pc
= uregs
.ra
- 8;
1445 ips
[i
++] = uregs
.ra
- 8;
1446 RECURSIVE_MERGE(cmrf
,ips
,i
);
1459 if (0 == uregs
.ra
|| 1 == uregs
.ra
) break;
1460 uregs
.pc
= uregs
.ra
- 8;
1461 ips
[i
++] = uregs
.ra
- 8;
1462 RECURSIVE_MERGE(cmrf
,ips
,i
);
1465 /* No luck. We have to give up. */
1475 /*------------------------------------------------------------*/
1477 /*--- END platform-dependent unwinder worker functions ---*/
1479 /*------------------------------------------------------------*/
1481 /*------------------------------------------------------------*/
1482 /*--- Exported functions. ---*/
1483 /*------------------------------------------------------------*/
1485 UInt
VG_(get_StackTrace_with_deltas
)(
1487 /*OUT*/StackTrace ips
, UInt n_ips
,
1488 /*OUT*/StackTrace sps
,
1489 /*OUT*/StackTrace fps
,
1490 Word first_ip_delta
,
1494 /* Get the register values with which to start the unwind. */
1495 UnwindStartRegs startRegs
;
1496 VG_(memset
)( &startRegs
, 0, sizeof(startRegs
) );
1497 VG_(get_UnwindStartRegs
)( &startRegs
, tid
);
1499 Addr stack_highest_byte
= VG_(threads
)[tid
].client_stack_highest_byte
;
1500 Addr stack_lowest_byte
= 0;
1502 # if defined(VGP_x86_linux)
1503 /* Nasty little hack to deal with syscalls - if libc is using its
1504 _dl_sysinfo_int80 function for syscalls (the TLS version does),
1505 then ip will always appear to be in that function when doing a
1506 syscall, not the actual libc function doing the syscall. This
1507 check sees if IP is within that function, and pops the return
1508 address off the stack so that ip is placed within the library
1509 function calling the syscall. This makes stack backtraces much
1512 The function is assumed to look like this (from glibc-2.3.6 sources):
1516 That is 3 (2+1) bytes long. We could be more thorough and check
1517 the 3 bytes of the function are as expected, but I can't be
1520 if (VG_(client__dl_sysinfo_int80
) != 0 /* we know its address */
1521 && startRegs
.r_pc
>= VG_(client__dl_sysinfo_int80
)
1522 && startRegs
.r_pc
< VG_(client__dl_sysinfo_int80
)+3
1523 && VG_(am_is_valid_for_client
)(startRegs
.r_pc
, sizeof(Addr
),
1525 startRegs
.r_pc
= (ULong
) *(Addr
*)(UWord
)startRegs
.r_sp
;
1526 startRegs
.r_sp
+= (ULong
) sizeof(Addr
);
1530 /* See if we can get a better idea of the stack limits */
1531 VG_(stack_limits
)( (Addr
)startRegs
.r_sp
,
1532 &stack_lowest_byte
, &stack_highest_byte
);
1534 /* Take into account the first_ip_delta and first_sp_delta. */
1535 startRegs
.r_pc
+= (Long
)first_ip_delta
;
1536 startRegs
.r_sp
+= (Long
)first_sp_delta
;
1539 VG_(printf
)("tid %u: stack_highest=0x%08lx ip=0x%010llx "
1541 tid
, stack_highest_byte
,
1542 startRegs
.r_pc
, startRegs
.r_sp
);
1544 return VG_(get_StackTrace_wrk
)(tid
, ips
, n_ips
,
1547 stack_highest_byte
);
1550 UInt
VG_(get_StackTrace
) ( ThreadId tid
,
1551 /*OUT*/StackTrace ips
, UInt max_n_ips
,
1552 /*OUT*/StackTrace sps
,
1553 /*OUT*/StackTrace fps
,
1554 Word first_ip_delta
)
1556 return VG_(get_StackTrace_with_deltas
) (tid
,
1561 0 /* first_sp_delta */
1565 static void printIpDesc(UInt n
, DiEpoch ep
, Addr ip
, void* uu_opaque
)
1567 InlIPCursor
*iipc
= VG_(new_IIPC
)(ep
, ip
);
1570 const HChar
*buf
= VG_(describe_IP
)(ep
, ip
, iipc
);
1572 VG_(printf_xml
)(" %s\n", buf
);
1574 VG_(message
)(Vg_UserMsg
, " %s %s\n",
1575 ( n
== 0 ? "at" : "by" ), buf
);
1578 // Increase n to show "at" for only one level.
1579 } while (VG_(next_IIPC
)(iipc
));
1580 VG_(delete_IIPC
)(iipc
);
1583 /* Print a StackTrace. */
1584 void VG_(pp_StackTrace
) ( DiEpoch ep
, StackTrace ips
, UInt n_ips
)
1586 vg_assert( n_ips
> 0 );
1589 VG_(printf_xml
)(" <stack>\n");
1591 VG_(apply_StackTrace
)( printIpDesc
, NULL
, ep
, ips
, n_ips
);
1594 VG_(printf_xml
)(" </stack>\n");
1597 /* Get and immediately print a StackTrace. */
1598 void VG_(get_and_pp_StackTrace
) ( ThreadId tid
, UInt max_n_ips
)
1600 Addr ips
[max_n_ips
];
1602 = VG_(get_StackTrace
)(tid
, ips
, max_n_ips
,
1603 NULL
/*array to dump SP values in*/,
1604 NULL
/*array to dump FP values in*/,
1605 0/*first_ip_delta*/);
1606 VG_(pp_StackTrace
)(VG_(current_DiEpoch
)(), ips
, n_ips
);
1609 void VG_(apply_StackTrace
)(
1610 void(*action
)(UInt n
, DiEpoch ep
, Addr ip
, void* opaque
),
1612 DiEpoch ep
, StackTrace ips
, UInt n_ips
1617 vg_assert(n_ips
> 0);
1618 if ( ! VG_(clo_show_below_main
) ) {
1619 // Search (from the outer frame onwards) the appearance of "main"
1620 // or the last appearance of a below main function.
1621 // Then decrease n_ips so as to not call action for the below main
1622 for (i
= n_ips
- 1; i
>= 0; i
--) {
1623 Vg_FnNameKind kind
= VG_(get_fnname_kind_from_IP
)(ep
, ips
[i
]);
1624 if (Vg_FnNameMain
== kind
|| Vg_FnNameBelowMain
== kind
)
1626 if (Vg_FnNameMain
== kind
)
1631 for (i
= 0; i
< n_ips
; i
++)
1633 action(i
, ep
, ips
[i
], opaque
);
1637 /*--------------------------------------------------------------------*/
1639 /*--------------------------------------------------------------------*/