Add DRD suppression patterns for races triggered by std::ostream
[valgrind.git] / coregrind / m_stacktrace.c
blob24f1409ddb819ea8258bf57b5c31c6c49e66ffe0
2 /*--------------------------------------------------------------------*/
3 /*--- Take snapshots of client stacks. m_stacktrace.c ---*/
4 /*--------------------------------------------------------------------*/
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
10 Copyright (C) 2000-2017 Julian Seward
11 jseward@acm.org
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
26 02111-1307, USA.
28 The GNU General Public License is contained in the file COPYING.
31 #include "pub_core_basics.h"
32 #include "pub_core_vki.h"
33 #include "pub_core_threadstate.h"
34 #include "pub_core_debuginfo.h" // XXX: circular dependency
35 #include "pub_core_aspacemgr.h" // For VG_(is_addressable)()
36 #include "pub_core_libcbase.h"
37 #include "pub_core_libcassert.h"
38 #include "pub_core_libcprint.h"
39 #include "pub_core_machine.h"
40 #include "pub_core_options.h"
41 #include "pub_core_stacks.h" // VG_(stack_limits)
42 #include "pub_core_stacktrace.h"
43 #include "pub_core_syswrap.h" // VG_(is_in_syscall)
44 #include "pub_core_xarray.h"
45 #include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80)
46 #include "pub_core_trampoline.h"
49 /*------------------------------------------------------------*/
50 /*--- ---*/
51 /*--- BEGIN platform-dependent unwinder worker functions ---*/
52 /*--- ---*/
53 /*------------------------------------------------------------*/
55 /* Take a snapshot of the client's stack, putting up to 'max_n_ips'
56 IPs into 'ips'. In order to be thread-safe, we pass in the
57 thread's IP SP, FP if that's meaningful, and LR if that's
58 meaningful. Returns number of IPs put in 'ips'.
60 If you know what the thread ID for this stack is, send that as the
61 first parameter, else send zero. This helps generate better stack
62 traces on ppc64-linux and has no effect on other platforms.
65 /* Do frame merging in the _i frames in _ips array of recursive cycles
66 of up to _nframes. The merge is done during stack unwinding
67 (i.e. in platform specific unwinders) to collect as many
68 "interesting" stack traces as possible. */
69 #define RECURSIVE_MERGE(_nframes,_ips,_i) if (UNLIKELY(_nframes > 0)) \
70 do { \
71 Int dist; \
72 for (dist = 1; dist <= _nframes && dist < (Int)_i; dist++) { \
73 if (_ips[_i-1] == _ips[_i-1-dist]) { \
74 _i = _i - dist; \
75 break; \
76 } \
77 } \
78 } while (0)
80 /* Note about calculation of fp_min : fp_min is the lowest address
81 which can be accessed during unwinding. This is SP - VG_STACK_REDZONE_SZB.
82 On most platforms, this will be equal to SP (as VG_STACK_REDZONE_SZB
83 is 0). However, on some platforms (e.g. amd64), there is an accessible
84 redzone below the SP. Some CFI unwind info are generated, taking this
85 into account. As an example, the following is a CFI unwind info on
86 amd64 found for a 'retq' instruction:
87 [0x400f7e .. 0x400f7e]: let cfa=oldSP+8 in RA=*(cfa+-8) SP=cfa+0 BP=*(cfa+-16)
88 0x400f7e: retq
89 As you can see, the previous BP is found 16 bytes below the cfa, which
90 is the oldSP+8. So, effectively, the BP is found 8 bytes below the SP.
91 The fp_min must take this into account, otherwise, VG_(use_CF_info) will
92 not unwind the BP. */
94 /* ------------------------ x86 ------------------------- */
96 #if defined(VGP_x86_linux) || defined(VGP_x86_darwin) \
97 || defined(VGP_x86_solaris)
99 #define N_FP_CF_VERIF 1021
100 // prime number so that size of fp_CF_verif is just below 4K or 8K
101 // Note that this prime nr differs from the one chosen in
102 // m_debuginfo/debuginfo.c for the cfsi cache : in case we have
103 // a collision here between two IPs, we expect to not (often) have the
104 // same collision in the cfsi cache (and vice-versa).
106 // unwinding with fp chain is ok:
107 #define FPUNWIND 0
108 // there is no CFI info for this IP:
109 #define NOINFO 1
110 // Unwind with FP is not ok, must use CF unwind:
111 #define CFUNWIND 2
113 static Addr fp_CF_verif_cache [N_FP_CF_VERIF];
115 /* An unwind done by following the fp chain technique can be incorrect
116 as not all frames are respecting the standard bp/sp ABI.
117 The CF information is now generated by default by gcc
118 (as part of the dwarf info). However, unwinding using CF information
119 is significantly slower : a slowdown of 20% has been observed
120 on an helgrind test case.
121 So, by default, the unwinding will be done using the fp chain.
122 But before accepting to unwind an IP with fp_chain, the result
123 of the unwind will be checked with the CF information.
124 This check can give 3 results:
125 FPUNWIND (0): there is CF info, and it gives the same result as fp unwind.
126 => it is assumed that future unwind for this IP can be done
127 with the fast fp chain, without further CF checking
128 NOINFO (1): there is no CF info (so, fp unwind is the only do-able thing)
129 CFUNWIND (2): there is CF info, but unwind result differs.
130 => it is assumed that future unwind for this IP must be done
131 with the CF info.
132 Of course, if each fp unwind implies a check done with a CF unwind,
133 it would just be slower => we cache the check result in an
134 array of checked Addr.
135 The check for an IP will be stored at
136 fp_CF_verif_cache[IP % N_FP_CF_VERIF] as one of:
137 IP ^ FPUNWIND
138 IP ^ NOINFO
139 IP ^ CFUNWIND
141 Note: we can re-use the last (ROUNDDOWN (log (N_FP_CF_VERIF))) bits
142 to store the check result, as they are guaranteed to be non significant
143 in the comparison between 2 IPs stored in fp_CF_verif_cache).
144 In other words, if two IPs are only differing on the last 2 bits,
145 then they will not land in the same cache bucket.
148 /* cached result of VG_(FPO_info_present)(). Refreshed each time
149 the fp_CF_verif_generation is different of the current debuginfo
150 generation. */
151 static Bool FPO_info_present = False;
153 static UInt fp_CF_verif_generation = 0;
154 // Our cache has to be maintained in sync with the CFI cache.
155 // Each time the debuginfo is changed, its generation will be incremented.
156 // We will clear our cache when our saved generation differs from
157 // the debuginfo generation.
159 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
160 /*OUT*/Addr* ips, UInt max_n_ips,
161 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
162 const UnwindStartRegs* startRegs,
163 Addr fp_max_orig )
165 const Bool do_stats = False; // compute and output some stats regularly.
166 static struct {
167 UInt nr; // nr of stacktraces computed
168 UInt nf; // nr of frames computed
169 UInt Ca; // unwind for which cache indicates CFUnwind must be used.
170 UInt FF; // unwind for which cache indicates FPUnwind can be used.
171 UInt Cf; // unwind at end of stack+store CFUNWIND (xip not end of stack).
172 UInt Fw; // unwind at end of stack+store FPUNWIND
173 UInt FO; // unwind + store FPUNWIND
174 UInt CF; // unwind + store CFUNWIND. Details below.
175 UInt xi; UInt xs; UInt xb; // register(s) which caused a 'store CFUNWIND'.
176 UInt Ck; // unwind fp invalid+store FPUNWIND
177 UInt MS; // microsoft unwind
178 } stats;
180 const Bool debug = False;
181 // = VG_(debugLog_getLevel) () > 3;
182 // = True;
183 // = stats.nr >= 123456;
184 const HChar* unwind_case; // used when debug is True.
185 // Debugging this function is not straightforward.
186 // Here is the easiest way I have found:
187 // 1. Change the above to True.
188 // 2. Start your program under Valgrind with --tool=none --vgdb-error=0
189 // 3. Use GDB/vgdb to put a breakpoint where you want to debug the stacktrace
190 // 4. Continue till breakpoint is encountered
191 // 5. From GDB, use 'monitor v.info scheduler' and examine the unwind traces.
192 // You might have to do twice 'monitor v.info scheduler' to see
193 // the effect of caching the results of the verification.
194 // You can also modify the debug dynamically using by using
195 // 'monitor v.set debuglog 4.
197 Int i;
198 Addr fp_max;
199 UInt n_found = 0;
200 const Int cmrf = VG_(clo_merge_recursive_frames);
202 vg_assert(sizeof(Addr) == sizeof(UWord));
203 vg_assert(sizeof(Addr) == sizeof(void*));
205 D3UnwindRegs fpverif_uregs; // result of CF unwind for a check reason.
206 Addr xip_verified = 0; // xip for which we have calculated fpverif_uregs
207 // 0 assigned to silence false positive -Wuninitialized warning
208 // This is a false positive as xip_verified is assigned when
209 // xip_verif > CFUNWIND and only used if xip_verif > CFUNWIND.
211 D3UnwindRegs uregs;
212 uregs.xip = (Addr)startRegs->r_pc;
213 uregs.xsp = (Addr)startRegs->r_sp;
214 uregs.xbp = startRegs->misc.X86.r_ebp;
215 Addr fp_min = uregs.xsp - VG_STACK_REDZONE_SZB;
217 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
218 stopping when the trail goes cold, which we guess to be
219 when FP is not a reasonable stack location. */
221 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
222 // current page, at least. Dunno if it helps.
223 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
224 fp_max = VG_PGROUNDUP(fp_max_orig);
225 if (fp_max >= sizeof(Addr))
226 fp_max -= sizeof(Addr);
228 if (debug)
229 VG_(printf)("max_n_ips=%u fp_min=0x%08lx fp_max_orig=0x08%lx, "
230 "fp_max=0x%08lx ip=0x%08lx fp=0x%08lx\n",
231 max_n_ips, fp_min, fp_max_orig, fp_max,
232 uregs.xip, uregs.xbp);
234 /* Assertion broken before main() is reached in pthreaded programs; the
235 * offending stack traces only have one item. --njn, 2002-aug-16 */
236 /* vg_assert(fp_min <= fp_max);*/
237 // On Darwin, this kicks in for pthread-related stack traces, so they're
238 // only 1 entry long which is wrong.
239 # if defined(VGO_linux)
240 if (fp_min + 512 >= fp_max) {
241 /* If the stack limits look bogus, don't poke around ... but
242 don't bomb out either. */
243 # elif defined(VGO_solaris)
244 if (fp_max == 0) {
245 /* VG_(get_StackTrace)() can be called by tools very early when
246 various tracing options are enabled. Don't proceed further
247 if the stack limits look bogus.
249 # endif
250 # if defined(VGO_linux) || defined(VGO_solaris)
251 if (sps) sps[0] = uregs.xsp;
252 if (fps) fps[0] = uregs.xbp;
253 ips[0] = uregs.xip;
254 return 1;
256 # endif
258 if (UNLIKELY (fp_CF_verif_generation != VG_(debuginfo_generation)())) {
259 fp_CF_verif_generation = VG_(debuginfo_generation)();
260 VG_(memset)(&fp_CF_verif_cache, 0, sizeof(fp_CF_verif_cache));
261 FPO_info_present = VG_(FPO_info_present)();
265 /* Loop unwinding the stack. Note that the IP value we get on
266 * each pass (whether from CFI info or a stack frame) is a
267 * return address so is actually after the calling instruction
268 * in the calling function.
270 * Because of this we subtract one from the IP after each pass
271 * of the loop so that we find the right CFI block on the next
272 * pass - otherwise we can find the wrong CFI info if it happens
273 * to change after the calling instruction and that will mean
274 * that we will fail to unwind the next step.
276 * This most frequently happens at the end of a function when
277 * a tail call occurs and we wind up using the CFI info for the
278 * next function which is completely wrong.
280 if (sps) sps[0] = uregs.xsp;
281 if (fps) fps[0] = uregs.xbp;
282 ips[0] = uregs.xip;
283 i = 1;
284 if (do_stats) stats.nr++;
286 while (True) {
288 if (i >= max_n_ips)
289 break;
291 UWord hash = uregs.xip % N_FP_CF_VERIF;
292 Addr xip_verif = uregs.xip ^ fp_CF_verif_cache [hash];
293 if (debug)
294 VG_(printf)(" uregs.xip 0x%08lx xip_verif[0x%08lx]"
295 " xbp 0x%08lx xsp 0x%08lx\n",
296 uregs.xip, xip_verif,
297 uregs.xbp, uregs.xsp);
298 // If xip is in cache, then xip_verif will be <= CFUNWIND.
299 // Otherwise, if not in cache, xip_verif will be > CFUNWIND.
301 /* Try to derive a new (ip,sp,fp) triple from the current set. */
303 /* Do we have to do CFI unwinding ?
304 We do CFI unwinding if one of the following condition holds:
305 a. fp_CF_verif_cache contains xip but indicates CFUNWIND must
306 be done (i.e. fp unwind check failed when we did the first
307 unwind for this IP).
308 b. fp_CF_verif_cache does not contain xip.
309 We will try CFI unwinding in fpverif_uregs and compare with
310 FP unwind result to insert xip in the cache with the correct
311 indicator. */
312 if (UNLIKELY(xip_verif >= CFUNWIND)) {
313 if (xip_verif == CFUNWIND) {
314 /* case a : do "real" cfi unwind */
315 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
316 if (debug) unwind_case = "Ca";
317 if (do_stats) stats.Ca++;
318 goto unwind_done;
320 /* ??? cache indicates we have to do CFI unwind (so, we
321 previously found CFI info, and failed the fp unwind
322 check). Now, we just failed with CFI. So, once we
323 succeed, once we fail. No idea what is going on =>
324 cleanup the cache entry and fallover to fp unwind (this
325 time). */
326 fp_CF_verif_cache [hash] = 0;
327 if (debug) VG_(printf)(" cache reset as CFI ok then nok\n");
328 //??? stats
329 xip_verif = NOINFO;
330 } else {
331 /* case b : do "verif" cfi unwind in fpverif_uregs */
332 fpverif_uregs = uregs;
333 xip_verified = uregs.xip;
334 if ( !VG_(use_CF_info)( &fpverif_uregs, fp_min, fp_max ) ) {
335 fp_CF_verif_cache [hash] = uregs.xip ^ NOINFO;
336 if (debug) VG_(printf)(" cache NOINFO fpverif_uregs\n");
337 xip_verif = NOINFO;
342 /* On x86, try the old-fashioned method of following the
343 %ebp-chain. This can be done if the fp_CF_verif_cache for xip
344 indicate fp unwind is ok. This must be done if the cache indicates
345 there is no info. This is also done to confirm what to put in the cache
346 if xip was not in the cache. */
347 /* This deals with frames resulting from functions which begin "pushl%
348 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */
349 if (fp_min <= uregs.xbp &&
350 uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/ &&
351 VG_IS_4_ALIGNED(uregs.xbp))
353 Addr old_xsp;
355 /* fp looks sane, so use it. */
356 uregs.xip = (((UWord*)uregs.xbp)[1]);
357 // We stop if we hit a zero (the traditional end-of-stack
358 // marker) or a one -- these correspond to recorded IPs of 0 or -1.
359 // The latter because r8818 (in this file) changes the meaning of
360 // entries [1] and above in a stack trace, by subtracting 1 from
361 // them. Hence stacks that used to end with a zero value now end in
362 // -1 and so we must detect that too.
363 if (0 == uregs.xip || 1 == uregs.xip) {
364 if (xip_verif > CFUNWIND) {
365 // Check if we obtain the same result with fp unwind.
366 // If same result, then mark xip as fp unwindable
367 if (uregs.xip == fpverif_uregs.xip) {
368 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND;
369 if (debug) VG_(printf)(" cache FPUNWIND 0\n");
370 unwind_case = "Fw";
371 if (do_stats) stats.Fw++;
372 break;
373 } else {
374 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
375 uregs = fpverif_uregs;
376 if (debug) VG_(printf)(" cache CFUNWIND 0\n");
377 unwind_case = "Cf";
378 if (do_stats) stats.Cf++;
379 goto unwind_done;
381 } else {
382 // end of stack => out of the loop.
383 break;
387 old_xsp = uregs.xsp;
388 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/
389 + sizeof(Addr) /*ra*/;
390 uregs.xbp = (((UWord*)uregs.xbp)[0]);
391 if (xip_verif > CFUNWIND) {
392 if (uregs.xip == fpverif_uregs.xip
393 && uregs.xsp == fpverif_uregs.xsp
394 && uregs.xbp == fpverif_uregs.xbp) {
395 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND;
396 if (debug) VG_(printf)(" cache FPUNWIND >2\n");
397 if (debug) unwind_case = "FO";
398 if (do_stats) stats.FO++;
399 if (old_xsp >= uregs.xsp) {
400 if (debug)
401 VG_(printf) (" FO end of stack old_xsp %p >= xsp %p\n",
402 (void*)old_xsp, (void*)uregs.xsp);
403 break;
405 } else {
406 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
407 if (debug) VG_(printf)(" cache CFUNWIND >2\n");
408 if (do_stats && uregs.xip != fpverif_uregs.xip) stats.xi++;
409 if (do_stats && uregs.xsp != fpverif_uregs.xsp) stats.xs++;
410 if (do_stats && uregs.xbp != fpverif_uregs.xbp) stats.xb++;
411 uregs = fpverif_uregs;
412 if (debug) unwind_case = "CF";
413 if (do_stats) stats.CF++;
415 } else {
416 if (debug) unwind_case = "FF";
417 if (do_stats) stats.FF++;
418 if (old_xsp >= uregs.xsp) {
419 if (debug)
420 VG_(printf) (" FF end of stack old_xsp %p >= xsp %p\n",
421 (void*)old_xsp, (void*)uregs.xsp);
422 break;
425 goto unwind_done;
426 } else {
427 // fp unwind has failed.
428 // If we were checking the validity of the cfi unwinding,
429 // we mark in the cache that the fp unwind cannot be done, and that
430 // cfi unwind is desired.
431 if (xip_verif > CFUNWIND) {
432 // We know that fpverif_uregs contains valid information,
433 // as a failed cf unwind would have put NOINFO in xip_verif.
434 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
435 if (debug) VG_(printf)(" cache CFUNWIND as fp failed\n");
436 uregs = fpverif_uregs;
437 if (debug) unwind_case = "Ck";
438 if (do_stats) stats.Ck++;
439 goto unwind_done;
441 // xip_verif is FPUNWIND or NOINFO.
442 // We failed the cfi unwind and/or the fp unwind.
443 // => fallback to FPO info.
446 /* And, similarly, try for MSVC FPO unwind info. */
447 if (FPO_info_present
448 && VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp,
449 VG_(current_DiEpoch)(),
450 fp_min, fp_max ) ) {
451 if (debug) unwind_case = "MS";
452 if (do_stats) stats.MS++;
453 goto unwind_done;
456 /* No luck. We have to give up. */
457 break;
459 unwind_done:
460 /* Add a frame in ips/sps/fps */
461 /* fp is %ebp. sp is %esp. ip is %eip. */
462 if (0 == uregs.xip || 1 == uregs.xip) break;
463 if (sps) sps[i] = uregs.xsp;
464 if (fps) fps[i] = uregs.xbp;
465 ips[i++] = uregs.xip - 1;
466 /* -1: refer to calling insn, not the RA */
467 if (debug)
468 VG_(printf)(" ips%s[%d]=0x%08lx\n", unwind_case, i-1, ips[i-1]);
469 uregs.xip = uregs.xip - 1;
470 /* as per comment at the head of this loop */
471 RECURSIVE_MERGE(cmrf,ips,i);
474 if (do_stats) stats.nf += i;
475 if (do_stats && stats.nr % 10000 == 0) {
476 VG_(printf)("nr %u nf %u "
477 "Ca %u FF %u "
478 "Cf %u "
479 "Fw %u FO %u "
480 "CF %u (xi %u xs %u xb %u) "
481 "Ck %u MS %u\n",
482 stats.nr, stats.nf,
483 stats.Ca, stats.FF,
484 stats.Cf,
485 stats.Fw, stats.FO,
486 stats.CF, stats.xi, stats.xs, stats.xb,
487 stats.Ck, stats.MS);
489 n_found = i;
490 return n_found;
493 #undef N_FP_CF_VERIF
494 #undef FPUNWIND
495 #undef NOINFO
496 #undef CFUNWIND
498 #endif
500 /* ----------------------- amd64 ------------------------ */
502 #if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) \
503 || defined(VGP_amd64_solaris)
505 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
506 /*OUT*/Addr* ips, UInt max_n_ips,
507 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
508 const UnwindStartRegs* startRegs,
509 Addr fp_max_orig )
511 const Bool debug = False;
512 Int i;
513 Addr fp_max;
514 UInt n_found = 0;
515 const Int cmrf = VG_(clo_merge_recursive_frames);
517 vg_assert(sizeof(Addr) == sizeof(UWord));
518 vg_assert(sizeof(Addr) == sizeof(void*));
520 D3UnwindRegs uregs;
521 uregs.xip = startRegs->r_pc;
522 uregs.xsp = startRegs->r_sp;
523 uregs.xbp = startRegs->misc.AMD64.r_rbp;
524 Addr fp_min = uregs.xsp - VG_STACK_REDZONE_SZB;
526 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
527 stopping when the trail goes cold, which we guess to be
528 when FP is not a reasonable stack location. */
530 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
531 // current page, at least. Dunno if it helps.
532 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
533 fp_max = VG_PGROUNDUP(fp_max_orig);
534 if (fp_max >= sizeof(Addr))
535 fp_max -= sizeof(Addr);
537 if (debug)
538 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
539 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
540 max_n_ips, fp_min, fp_max_orig, fp_max,
541 uregs.xip, uregs.xbp);
543 /* Assertion broken before main() is reached in pthreaded programs; the
544 * offending stack traces only have one item. --njn, 2002-aug-16 */
545 /* vg_assert(fp_min <= fp_max);*/
546 // On Darwin, this kicks in for pthread-related stack traces, so they're
547 // only 1 entry long which is wrong.
548 # if defined(VGO_linux)
549 if (fp_min + 256 >= fp_max) {
550 /* If the stack limits look bogus, don't poke around ... but
551 don't bomb out either. */
552 # elif defined(VGO_solaris)
553 if (fp_max == 0) {
554 /* VG_(get_StackTrace)() can be called by tools very early when
555 various tracing options are enabled. Don't proceed further
556 if the stack limits look bogus.
558 # endif
559 # if defined(VGO_linux) || defined(VGO_solaris)
561 if (sps) sps[0] = uregs.xsp;
562 if (fps) fps[0] = uregs.xbp;
563 ips[0] = uregs.xip;
564 return 1;
566 # endif
568 /* fp is %rbp. sp is %rsp. ip is %rip. */
570 ips[0] = uregs.xip;
571 if (sps) sps[0] = uregs.xsp;
572 if (fps) fps[0] = uregs.xbp;
573 i = 1;
574 if (debug)
575 VG_(printf)(" ipsS[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
576 i-1, ips[i-1], uregs.xbp, uregs.xsp);
578 # if defined(VGO_darwin)
579 if (VG_(is_valid_tid)(tid_if_known) &&
580 VG_(is_in_syscall)(tid_if_known) &&
581 i < max_n_ips) {
582 /* On Darwin, all the system call stubs have no function
583 * prolog. So instead of top of the stack being a new
584 * frame comprising a saved BP and a return address, we
585 * just have the return address in the caller's frame.
586 * Adjust for this by recording the return address.
588 ips[i] = *(Addr *)uregs.xsp - 1;
589 if (sps) sps[i] = uregs.xsp;
590 if (fps) fps[i] = uregs.xbp;
591 i++;
593 # endif
595 /* Loop unwinding the stack. Note that the IP value we get on
596 * each pass (whether from CFI info or a stack frame) is a
597 * return address so is actually after the calling instruction
598 * in the calling function.
600 * Because of this we subtract one from the IP after each pass
601 * of the loop so that we find the right CFI block on the next
602 * pass - otherwise we can find the wrong CFI info if it happens
603 * to change after the calling instruction and that will mean
604 * that we will fail to unwind the next step.
606 * This most frequently happens at the end of a function when
607 * a tail call occurs and we wind up using the CFI info for the
608 * next function which is completely wrong.
610 while (True) {
611 Addr old_xsp;
613 if (i >= max_n_ips)
614 break;
616 old_xsp = uregs.xsp;
618 /* Try to derive a new (ip,sp,fp) triple from the current set. */
620 /* First off, see if there is any CFI info to hand which can
621 be used. */
622 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
623 if (0 == uregs.xip || 1 == uregs.xip) break;
624 if (old_xsp >= uregs.xsp) {
625 if (debug)
626 VG_(printf) (" CF end of stack old_xsp %p >= xsp %p\n",
627 (void*)old_xsp, (void*)uregs.xsp);
628 break;
630 if (sps) sps[i] = uregs.xsp;
631 if (fps) fps[i] = uregs.xbp;
632 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
633 if (debug)
634 VG_(printf)(" ipsC[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
635 i-1, ips[i-1], uregs.xbp, uregs.xsp);
636 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
637 RECURSIVE_MERGE(cmrf,ips,i);
638 continue;
641 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so
642 we can safely try the old-fashioned method. */
643 /* This bit is supposed to deal with frames resulting from
644 functions which begin "pushq %rbp ; movq %rsp, %rbp".
645 Unfortunately, since we can't (easily) look at the insns at
646 the start of the fn, like GDB does, there's no reliable way
647 to tell. Hence the hack of first trying out CFI, and if that
648 fails, then use this as a fallback. */
649 /* Note: re "- 1 * sizeof(UWord)", need to take account of the
650 fact that we are prodding at & ((UWord*)fp)[1] and so need to
651 adjust the limit check accordingly. Omitting this has been
652 observed to cause segfaults on rare occasions. */
653 if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) {
654 /* fp looks sane, so use it. */
655 uregs.xip = (((UWord*)uregs.xbp)[1]);
656 if (0 == uregs.xip || 1 == uregs.xip) break;
657 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/
658 + sizeof(Addr) /*ra*/;
659 if (old_xsp >= uregs.xsp) {
660 if (debug)
661 VG_(printf) (" FF end of stack old_xsp %p >= xsp %p\n",
662 (void*)old_xsp, (void*)uregs.xsp);
663 break;
665 uregs.xbp = (((UWord*)uregs.xbp)[0]);
666 if (sps) sps[i] = uregs.xsp;
667 if (fps) fps[i] = uregs.xbp;
668 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
669 if (debug)
670 VG_(printf)(" ipsF[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
671 i-1, ips[i-1], uregs.xbp, uregs.xsp);
672 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
673 RECURSIVE_MERGE(cmrf,ips,i);
674 continue;
677 /* Last-ditch hack (evidently GDB does something similar). We
678 are in the middle of nowhere and we have a nonsense value for
679 the frame pointer. If the stack pointer is still valid,
680 assume that what it points at is a return address. Yes,
681 desperate measures. Could do better here:
682 - check that the supposed return address is in
683 an executable page
684 - check that the supposed return address is just after a call insn
685 - given those two checks, don't just consider *sp as the return
686 address; instead scan a likely section of stack (eg sp .. sp+256)
687 and use suitable values found there.
689 if (fp_min <= uregs.xsp && uregs.xsp < fp_max) {
690 uregs.xip = ((UWord*)uregs.xsp)[0];
691 if (0 == uregs.xip || 1 == uregs.xip) break;
692 if (sps) sps[i] = uregs.xsp;
693 if (fps) fps[i] = uregs.xbp;
694 ips[i++] = uregs.xip == 0
695 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a
696 thread stack */
697 : uregs.xip - 1;
698 /* -1: refer to calling insn, not the RA */
699 if (debug)
700 VG_(printf)(" ipsH[%d]=%#08lx\n", i-1, ips[i-1]);
701 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
702 uregs.xsp += 8;
703 RECURSIVE_MERGE(cmrf,ips,i);
704 continue;
707 /* No luck at all. We have to give up. */
708 break;
711 n_found = i;
712 return n_found;
715 #endif
717 /* -----------------------ppc32/64 ---------------------- */
719 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \
720 || defined(VGP_ppc64le_linux)
722 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
723 /*OUT*/Addr* ips, UInt max_n_ips,
724 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
725 const UnwindStartRegs* startRegs,
726 Addr fp_max_orig )
728 Bool lr_is_first_RA = False;
729 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
730 Word redir_stack_size = 0;
731 Word redirs_used = 0;
732 # endif
733 const Int cmrf = VG_(clo_merge_recursive_frames);
734 const DiEpoch cur_ep = VG_(current_DiEpoch)();
736 Bool debug = False;
737 Int i;
738 Addr fp_max;
739 UInt n_found = 0;
741 vg_assert(sizeof(Addr) == sizeof(UWord));
742 vg_assert(sizeof(Addr) == sizeof(void*));
744 Addr ip = (Addr)startRegs->r_pc;
745 Addr sp = (Addr)startRegs->r_sp;
746 Addr fp = sp;
747 # if defined(VGP_ppc32_linux)
748 Addr lr = startRegs->misc.PPC32.r_lr;
749 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
750 Addr lr = startRegs->misc.PPC64.r_lr;
751 # endif
752 Addr fp_min = sp - VG_STACK_REDZONE_SZB;
754 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
755 stopping when the trail goes cold, which we guess to be
756 when FP is not a reasonable stack location. */
758 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
759 // current page, at least. Dunno if it helps.
760 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
761 fp_max = VG_PGROUNDUP(fp_max_orig);
762 if (fp_max >= sizeof(Addr))
763 fp_max -= sizeof(Addr);
765 if (debug)
766 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
767 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
768 max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp);
770 /* Assertion broken before main() is reached in pthreaded programs; the
771 * offending stack traces only have one item. --njn, 2002-aug-16 */
772 /* vg_assert(fp_min <= fp_max);*/
773 if (fp_min + 512 >= fp_max) {
774 /* If the stack limits look bogus, don't poke around ... but
775 don't bomb out either. */
776 if (sps) sps[0] = sp;
777 if (fps) fps[0] = fp;
778 ips[0] = ip;
779 return 1;
782 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and
783 frame pointers. */
785 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
786 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE;
787 redirs_used = 0;
788 # endif
790 # if defined(VG_PLAT_USES_PPCTOC) || defined (VGP_ppc64le_linux)
791 /* Deal with bogus LR values caused by function
792 interception/wrapping on ppc-TOC platforms; see comment on
793 similar code a few lines further down. */
794 if (lr == (Addr)&VG_(ppctoc_magic_redirect_return_stub)
795 && VG_(is_valid_tid)(tid_if_known)) {
796 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP;
797 redirs_used++;
798 if (hsp >= 1 && hsp < redir_stack_size)
799 lr = VG_(threads)[tid_if_known]
800 .arch.vex.guest_REDIR_STACK[hsp-1];
802 # endif
804 /* We have to determine whether or not LR currently holds this fn
805 (call it F)'s return address. It might not if F has previously
806 called some other function, hence overwriting LR with a pointer
807 to some part of F. Hence if LR and IP point to the same
808 function then we conclude LR does not hold this function's
809 return address; instead the LR at entry must have been saved in
810 the stack by F's prologue and so we must get it from there
811 instead. Note all this guff only applies to the innermost
812 frame. */
813 lr_is_first_RA = False;
815 const HChar *buf_lr, *buf_ip;
816 /* The following conditional looks grossly inefficient and
817 surely could be majorly improved, with not much effort. */
818 if (VG_(get_fnname_raw) (cur_ep, lr, &buf_lr)) {
819 HChar buf_lr_copy[VG_(strlen)(buf_lr) + 1];
820 VG_(strcpy)(buf_lr_copy, buf_lr);
821 if (VG_(get_fnname_raw) (cur_ep, ip, &buf_ip))
822 if (VG_(strcmp)(buf_lr_copy, buf_ip))
823 lr_is_first_RA = True;
827 if (sps) sps[0] = fp; /* NB. not sp */
828 if (fps) fps[0] = fp;
829 ips[0] = ip;
830 i = 1;
832 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) {
834 /* initial FP is sane; keep going */
835 fp = (((UWord*)fp)[0]);
837 while (True) {
839 /* On ppc64-linux (ppc64-elf, really), the lr save
840 slot is 2 words back from sp, whereas on ppc32-elf(?) it's
841 only one word back. */
842 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
843 const Int lr_offset = 2;
844 # else
845 const Int lr_offset = 1;
846 # endif
848 if (i >= max_n_ips)
849 break;
851 /* Try to derive a new (ip,fp) pair from the current set. */
853 if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) {
854 /* fp looks sane, so use it. */
856 if (i == 1 && lr_is_first_RA)
857 ip = lr;
858 else
859 ip = (((UWord*)fp)[lr_offset]);
861 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
862 /* Nasty hack to do with function replacement/wrapping on
863 ppc64-linux. If LR points to our magic return stub,
864 then we are in a wrapped or intercepted function, in
865 which LR has been messed with. The original LR will
866 have been pushed onto the thread's hidden REDIR stack
867 one down from the top (top element is the saved R2) and
868 so we should restore the value from there instead.
869 Since nested redirections can and do happen, we keep
870 track of the number of nested LRs used by the unwinding
871 so far with 'redirs_used'. */
872 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub)
873 && VG_(is_valid_tid)(tid_if_known)) {
874 Word hsp = VG_(threads)[tid_if_known]
875 .arch.vex.guest_REDIR_SP;
876 hsp -= 2 * redirs_used;
877 redirs_used ++;
878 if (hsp >= 1 && hsp < redir_stack_size)
879 ip = VG_(threads)[tid_if_known]
880 .arch.vex.guest_REDIR_STACK[hsp-1];
882 # endif
884 if (0 == ip || 1 == ip) break;
885 if (sps) sps[i] = fp; /* NB. not sp */
886 if (fps) fps[i] = fp;
887 fp = (((UWord*)fp)[0]);
888 ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */
889 if (debug)
890 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]);
891 ip = ip - 1; /* ip is probably dead at this point, but
892 play safe, a la x86/amd64 above. See
893 extensive comments above. */
894 RECURSIVE_MERGE(cmrf,ips,i);
895 continue;
898 /* No luck there. We have to give up. */
899 break;
903 n_found = i;
904 return n_found;
907 #endif
909 /* ------------------------ arm ------------------------- */
911 #if defined(VGP_arm_linux)
913 static Bool in_same_fn ( Addr a1, Addr a2 )
915 const HChar *buf_a1, *buf_a2;
916 /* The following conditional looks grossly inefficient and
917 surely could be majorly improved, with not much effort. */
918 const DiEpoch cur_ep = VG_(current_DiEpoch)();
919 if (VG_(get_fnname_raw) (cur_ep, a1, &buf_a1)) {
920 HChar buf_a1_copy[VG_(strlen)(buf_a1) + 1];
921 VG_(strcpy)(buf_a1_copy, buf_a1);
922 if (VG_(get_fnname_raw) (cur_ep, a2, &buf_a2))
923 if (VG_(strcmp)(buf_a1_copy, buf_a2))
924 return True;
926 return False;
929 static Bool in_same_page ( Addr a1, Addr a2 ) {
930 return (a1 & ~0xFFF) == (a2 & ~0xFFF);
933 static Addr abs_diff ( Addr a1, Addr a2 ) {
934 return (Addr)(a1 > a2 ? a1 - a2 : a2 - a1);
937 static Bool has_XT_perms ( Addr a )
939 NSegment const* seg = VG_(am_find_nsegment)(a);
940 return seg && seg->hasX && seg->hasT;
943 static Bool looks_like_Thumb_call32 ( UShort w0, UShort w1 )
945 if (0)
946 VG_(printf)("isT32call %04x %04x\n", (UInt)w0, (UInt)w1);
947 // BL simm26
948 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
949 // BLX simm26
950 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
951 return False;
954 static Bool looks_like_Thumb_call16 ( UShort w0 )
956 return False;
959 static Bool looks_like_ARM_call ( UInt a0 )
961 if (0)
962 VG_(printf)("isA32call %08x\n", a0);
963 // Leading E forces unconditional only -- fix
964 if ((a0 & 0xFF000000) == 0xEB000000) return True;
965 return False;
968 static Bool looks_like_RA ( Addr ra )
970 /* 'ra' is a plausible return address if it points to
971 an instruction after a call insn. */
972 Bool isT = (ra & 1);
973 if (isT) {
974 // returning to Thumb code
975 ra &= ~1;
976 ra -= 4;
977 if (has_XT_perms(ra)) {
978 UShort w0 = *(UShort*)ra;
979 UShort w1 = in_same_page(ra, ra+2) ? *(UShort*)(ra+2) : 0;
980 if (looks_like_Thumb_call16(w1) || looks_like_Thumb_call32(w0,w1))
981 return True;
983 } else {
984 // ARM
985 ra &= ~3;
986 ra -= 4;
987 if (has_XT_perms(ra)) {
988 UInt a0 = *(UInt*)ra;
989 if (looks_like_ARM_call(a0))
990 return True;
993 return False;
996 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
997 /*OUT*/Addr* ips, UInt max_n_ips,
998 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
999 const UnwindStartRegs* startRegs,
1000 Addr fp_max_orig )
1002 Bool debug = False;
1003 Int i;
1004 Addr fp_max;
1005 UInt n_found = 0;
1006 const Int cmrf = VG_(clo_merge_recursive_frames);
1008 vg_assert(sizeof(Addr) == sizeof(UWord));
1009 vg_assert(sizeof(Addr) == sizeof(void*));
1011 D3UnwindRegs uregs;
1012 uregs.r15 = startRegs->r_pc & 0xFFFFFFFE;
1013 uregs.r14 = startRegs->misc.ARM.r14;
1014 uregs.r13 = startRegs->r_sp;
1015 uregs.r12 = startRegs->misc.ARM.r12;
1016 uregs.r11 = startRegs->misc.ARM.r11;
1017 uregs.r7 = startRegs->misc.ARM.r7;
1018 Addr fp_min = uregs.r13 - VG_STACK_REDZONE_SZB;
1020 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1021 stopping when the trail goes cold, which we guess to be
1022 when FP is not a reasonable stack location. */
1024 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1025 // current page, at least. Dunno if it helps.
1026 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1027 fp_max = VG_PGROUNDUP(fp_max_orig);
1028 if (fp_max >= sizeof(Addr))
1029 fp_max -= sizeof(Addr);
1031 if (debug)
1032 VG_(printf)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1033 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n",
1034 max_n_ips, fp_min, fp_max_orig, fp_max,
1035 uregs.r15, uregs.r13);
1037 /* Assertion broken before main() is reached in pthreaded programs; the
1038 * offending stack traces only have one item. --njn, 2002-aug-16 */
1039 /* vg_assert(fp_min <= fp_max);*/
1040 // On Darwin, this kicks in for pthread-related stack traces, so they're
1041 // only 1 entry long which is wrong.
1042 if (fp_min + 512 >= fp_max) {
1043 /* If the stack limits look bogus, don't poke around ... but
1044 don't bomb out either. */
1045 if (sps) sps[0] = uregs.r13;
1046 if (fps) fps[0] = 0;
1047 ips[0] = uregs.r15;
1048 return 1;
1051 /* */
1053 if (sps) sps[0] = uregs.r13;
1054 if (fps) fps[0] = 0;
1055 ips[0] = uregs.r15;
1056 i = 1;
1058 /* Loop unwinding the stack. */
1059 Bool do_stack_scan = False;
1061 /* First try the Official Way, using Dwarf CFI. */
1062 while (True) {
1063 if (debug) {
1064 VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n",
1065 i, uregs.r15, uregs.r13);
1068 if (i >= max_n_ips)
1069 break;
1071 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1072 if (sps) sps[i] = uregs.r13;
1073 if (fps) fps[i] = 0;
1074 ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1;
1075 if (debug)
1076 VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n",
1077 uregs.r15, uregs.r13);
1078 uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1;
1079 RECURSIVE_MERGE(cmrf,ips,i);
1080 continue;
1083 /* No luck. We have to give up. */
1084 do_stack_scan = True;
1085 break;
1088 /* Now try Plan B (maybe) -- stack scanning. This often gives
1089 pretty bad results, so this has to be enabled explicitly by the
1090 user. */
1091 if (do_stack_scan
1092 && i < max_n_ips && i < (Int)VG_(clo_unw_stack_scan_thresh)) {
1093 Int nByStackScan = 0;
1094 Addr lr = uregs.r14;
1095 Addr sp = uregs.r13 & ~3;
1096 Addr pc = uregs.r15;
1097 // First see if LR contains
1098 // something that could be a valid return address.
1099 if (!in_same_fn(lr, pc) && looks_like_RA(lr)) {
1100 // take it only if 'cand' isn't obviously a duplicate
1101 // of the last found IP value
1102 Addr cand = (lr & 0xFFFFFFFE) - 1;
1103 if (abs_diff(cand, ips[i-1]) > 1) {
1104 if (sps) sps[i] = 0;
1105 if (fps) fps[i] = 0;
1106 ips[i++] = cand;
1107 RECURSIVE_MERGE(cmrf,ips,i);
1108 nByStackScan++;
1111 while (in_same_page(sp, uregs.r13)) {
1112 if (i >= max_n_ips)
1113 break;
1114 // we're in the same page; fairly safe to keep going
1115 UWord w = *(UWord*)(sp & ~0x3);
1116 if (looks_like_RA(w)) {
1117 Addr cand = (w & 0xFFFFFFFE) - 1;
1118 // take it only if 'cand' isn't obviously a duplicate
1119 // of the last found IP value
1120 if (abs_diff(cand, ips[i-1]) > 1) {
1121 if (sps) sps[i] = 0;
1122 if (fps) fps[i] = 0;
1123 ips[i++] = cand;
1124 RECURSIVE_MERGE(cmrf,ips,i);
1125 if (++nByStackScan >= VG_(clo_unw_stack_scan_frames)) break;
1128 sp += 4;
1132 n_found = i;
1133 return n_found;
1136 #endif
1138 /* ------------------------ arm64 ------------------------- */
1140 #if defined(VGP_arm64_linux)
1142 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1143 /*OUT*/Addr* ips, UInt max_n_ips,
1144 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1145 const UnwindStartRegs* startRegs,
1146 Addr fp_max_orig )
1148 Bool debug = False;
1149 Int i;
1150 Addr fp_max;
1151 UInt n_found = 0;
1152 const Int cmrf = VG_(clo_merge_recursive_frames);
1154 vg_assert(sizeof(Addr) == sizeof(UWord));
1155 vg_assert(sizeof(Addr) == sizeof(void*));
1157 D3UnwindRegs uregs;
1158 uregs.pc = startRegs->r_pc;
1159 uregs.sp = startRegs->r_sp;
1160 uregs.x30 = startRegs->misc.ARM64.x30;
1161 uregs.x29 = startRegs->misc.ARM64.x29;
1162 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1164 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1165 stopping when the trail goes cold, which we guess to be
1166 when FP is not a reasonable stack location. */
1168 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1169 // current page, at least. Dunno if it helps.
1170 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1171 fp_max = VG_PGROUNDUP(fp_max_orig);
1172 if (fp_max >= sizeof(Addr))
1173 fp_max -= sizeof(Addr);
1175 if (debug)
1176 VG_(printf)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1177 "fp_max=0x%lx PC=0x%lx SP=0x%lx\n",
1178 max_n_ips, fp_min, fp_max_orig, fp_max,
1179 uregs.pc, uregs.sp);
1181 /* Assertion broken before main() is reached in pthreaded programs; the
1182 * offending stack traces only have one item. --njn, 2002-aug-16 */
1183 /* vg_assert(fp_min <= fp_max);*/
1184 // On Darwin, this kicks in for pthread-related stack traces, so they're
1185 // only 1 entry long which is wrong.
1186 if (fp_min + 512 >= fp_max) {
1187 /* If the stack limits look bogus, don't poke around ... but
1188 don't bomb out either. */
1189 if (sps) sps[0] = uregs.sp;
1190 if (fps) fps[0] = uregs.x29;
1191 ips[0] = uregs.pc;
1192 return 1;
1195 /* */
1197 if (sps) sps[0] = uregs.sp;
1198 if (fps) fps[0] = uregs.x29;
1199 ips[0] = uregs.pc;
1200 i = 1;
1202 /* Loop unwinding the stack, using CFI. */
1203 while (True) {
1204 if (debug) {
1205 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx\n",
1206 i, uregs.pc, uregs.sp);
1209 if (i >= max_n_ips)
1210 break;
1212 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1213 if (sps) sps[i] = uregs.sp;
1214 if (fps) fps[i] = uregs.x29;
1215 ips[i++] = uregs.pc - 1;
1216 if (debug)
1217 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx\n",
1218 uregs.pc, uregs.sp);
1219 uregs.pc = uregs.pc - 1;
1220 RECURSIVE_MERGE(cmrf,ips,i);
1221 continue;
1224 /* No luck. We have to give up. */
1225 break;
1228 n_found = i;
1229 return n_found;
1232 #endif
1234 /* ------------------------ s390x ------------------------- */
1236 #if defined(VGP_s390x_linux)
1238 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1239 /*OUT*/Addr* ips, UInt max_n_ips,
1240 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1241 const UnwindStartRegs* startRegs,
1242 Addr fp_max_orig )
1244 Bool debug = False;
1245 Int i;
1246 Addr fp_max;
1247 UInt n_found = 0;
1248 const Int cmrf = VG_(clo_merge_recursive_frames);
1250 vg_assert(sizeof(Addr) == sizeof(UWord));
1251 vg_assert(sizeof(Addr) == sizeof(void*));
1253 D3UnwindRegs uregs;
1254 uregs.ia = startRegs->r_pc;
1255 uregs.sp = startRegs->r_sp;
1256 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1257 uregs.fp = startRegs->misc.S390X.r_fp;
1258 uregs.lr = startRegs->misc.S390X.r_lr;
1260 fp_max = VG_PGROUNDUP(fp_max_orig);
1261 if (fp_max >= sizeof(Addr))
1262 fp_max -= sizeof(Addr);
1264 if (debug)
1265 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1266 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n",
1267 max_n_ips, fp_min, fp_max_orig, fp_max,
1268 uregs.ia, uregs.sp,uregs.fp);
1270 /* The first frame is pretty obvious */
1271 ips[0] = uregs.ia;
1272 if (sps) sps[0] = uregs.sp;
1273 if (fps) fps[0] = uregs.fp;
1274 i = 1;
1276 /* for everything else we have to rely on the eh_frame. gcc defaults to
1277 not create a backchain and all the other tools (like gdb) also have
1278 to use the CFI. */
1279 while (True) {
1280 if (i >= max_n_ips)
1281 break;
1283 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1284 if (sps) sps[i] = uregs.sp;
1285 if (fps) fps[i] = uregs.fp;
1286 ips[i++] = uregs.ia - 1;
1287 uregs.ia = uregs.ia - 1;
1288 RECURSIVE_MERGE(cmrf,ips,i);
1289 continue;
1291 /* A problem on the first frame? Lets assume it was a bad jump.
1292 We will use the link register and the current stack and frame
1293 pointers and see if we can use the CFI in the next round. */
1294 if (i == 1) {
1295 if (sps) {
1296 sps[i] = sps[0];
1297 uregs.sp = sps[0];
1299 if (fps) {
1300 fps[i] = fps[0];
1301 uregs.fp = fps[0];
1303 uregs.ia = uregs.lr - 1;
1304 ips[i++] = uregs.lr - 1;
1305 RECURSIVE_MERGE(cmrf,ips,i);
1306 continue;
1309 /* No luck. We have to give up. */
1310 break;
1313 n_found = i;
1314 return n_found;
1317 #endif
1319 /* ------------------------ mips 32/64 ------------------------- */
1320 #if defined(VGP_mips32_linux) || defined(VGP_mips64_linux)
1321 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1322 /*OUT*/Addr* ips, UInt max_n_ips,
1323 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1324 const UnwindStartRegs* startRegs,
1325 Addr fp_max_orig )
1327 Bool debug = False;
1328 Int i;
1329 Addr fp_max;
1330 UInt n_found = 0;
1331 const Int cmrf = VG_(clo_merge_recursive_frames);
1333 vg_assert(sizeof(Addr) == sizeof(UWord));
1334 vg_assert(sizeof(Addr) == sizeof(void*));
1336 D3UnwindRegs uregs;
1337 uregs.pc = startRegs->r_pc;
1338 uregs.sp = startRegs->r_sp;
1339 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1341 #if defined(VGP_mips32_linux)
1342 uregs.fp = startRegs->misc.MIPS32.r30;
1343 uregs.ra = startRegs->misc.MIPS32.r31;
1344 #elif defined(VGP_mips64_linux)
1345 uregs.fp = startRegs->misc.MIPS64.r30;
1346 uregs.ra = startRegs->misc.MIPS64.r31;
1347 #endif
1349 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1350 stopping when the trail goes cold, which we guess to be
1351 when FP is not a reasonable stack location. */
1353 fp_max = VG_PGROUNDUP(fp_max_orig);
1354 if (fp_max >= sizeof(Addr))
1355 fp_max -= sizeof(Addr);
1357 if (debug)
1358 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1359 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n",
1360 max_n_ips, fp_min, fp_max_orig, fp_max,
1361 uregs.pc, uregs.sp, uregs.fp);
1363 if (sps) sps[0] = uregs.sp;
1364 if (fps) fps[0] = uregs.fp;
1365 ips[0] = uregs.pc;
1366 i = 1;
1368 /* Loop unwinding the stack. */
1370 while (True) {
1371 if (debug) {
1372 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1373 i, uregs.pc, uregs.sp, uregs.ra);
1375 if (i >= max_n_ips)
1376 break;
1378 D3UnwindRegs uregs_copy = uregs;
1379 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1380 if (debug)
1381 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1382 uregs.pc, uregs.sp, uregs.ra);
1383 if (0 != uregs.pc && 1 != uregs.pc) {
1384 if (sps) sps[i] = uregs.sp;
1385 if (fps) fps[i] = uregs.fp;
1386 ips[i++] = uregs.pc - 4;
1387 uregs.pc = uregs.pc - 4;
1388 RECURSIVE_MERGE(cmrf,ips,i);
1389 continue;
1390 } else
1391 uregs = uregs_copy;
1394 int seen_sp_adjust = 0;
1395 long frame_offset = 0;
1396 PtrdiffT offset;
1397 const DiEpoch cur_ep = VG_(current_DiEpoch)();
1398 if (VG_(get_inst_offset_in_function)(cur_ep, uregs.pc, &offset)) {
1399 Addr start_pc = uregs.pc - offset;
1400 Addr limit_pc = uregs.pc;
1401 Addr cur_pc;
1402 for (cur_pc = start_pc; cur_pc < limit_pc; cur_pc += 4) {
1403 unsigned long inst, high_word, low_word;
1404 unsigned long * cur_inst;
1405 /* Fetch the instruction. */
1406 cur_inst = (unsigned long *)cur_pc;
1407 inst = *((UInt *) cur_inst);
1408 if(debug)
1409 VG_(printf)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc, inst);
1411 /* Save some code by pre-extracting some useful fields. */
1412 high_word = (inst >> 16) & 0xffff;
1413 low_word = inst & 0xffff;
1415 if (high_word == 0x27bd /* addiu $sp,$sp,-i */
1416 || high_word == 0x23bd /* addi $sp,$sp,-i */
1417 || high_word == 0x67bd) { /* daddiu $sp,$sp,-i */
1418 if (low_word & 0x8000) /* negative stack adjustment? */
1419 frame_offset += 0x10000 - low_word;
1420 else
1421 /* Exit loop if a positive stack adjustment is found, which
1422 usually means that the stack cleanup code in the function
1423 epilogue is reached. */
1424 break;
1425 seen_sp_adjust = 1;
1428 if(debug)
1429 VG_(printf)("offset: 0x%lx\n", frame_offset);
1431 if (seen_sp_adjust) {
1432 if (0 == uregs.pc || 1 == uregs.pc) break;
1433 if (uregs.pc == uregs.ra - 8) break;
1434 if (sps) {
1435 sps[i] = uregs.sp + frame_offset;
1437 uregs.sp = uregs.sp + frame_offset;
1439 if (fps) {
1440 fps[i] = fps[0];
1441 uregs.fp = fps[0];
1443 if (0 == uregs.ra || 1 == uregs.ra) break;
1444 uregs.pc = uregs.ra - 8;
1445 ips[i++] = uregs.ra - 8;
1446 RECURSIVE_MERGE(cmrf,ips,i);
1447 continue;
1450 if (i == 1) {
1451 if (sps) {
1452 sps[i] = sps[0];
1453 uregs.sp = sps[0];
1455 if (fps) {
1456 fps[i] = fps[0];
1457 uregs.fp = fps[0];
1459 if (0 == uregs.ra || 1 == uregs.ra) break;
1460 uregs.pc = uregs.ra - 8;
1461 ips[i++] = uregs.ra - 8;
1462 RECURSIVE_MERGE(cmrf,ips,i);
1463 continue;
1465 /* No luck. We have to give up. */
1466 break;
1469 n_found = i;
1470 return n_found;
1473 #endif
1475 /*------------------------------------------------------------*/
1476 /*--- ---*/
1477 /*--- END platform-dependent unwinder worker functions ---*/
1478 /*--- ---*/
1479 /*------------------------------------------------------------*/
1481 /*------------------------------------------------------------*/
1482 /*--- Exported functions. ---*/
1483 /*------------------------------------------------------------*/
1485 UInt VG_(get_StackTrace_with_deltas)(
1486 ThreadId tid,
1487 /*OUT*/StackTrace ips, UInt n_ips,
1488 /*OUT*/StackTrace sps,
1489 /*OUT*/StackTrace fps,
1490 Word first_ip_delta,
1491 Word first_sp_delta
1494 /* Get the register values with which to start the unwind. */
1495 UnwindStartRegs startRegs;
1496 VG_(memset)( &startRegs, 0, sizeof(startRegs) );
1497 VG_(get_UnwindStartRegs)( &startRegs, tid );
1499 Addr stack_highest_byte = VG_(threads)[tid].client_stack_highest_byte;
1500 Addr stack_lowest_byte = 0;
1502 # if defined(VGP_x86_linux)
1503 /* Nasty little hack to deal with syscalls - if libc is using its
1504 _dl_sysinfo_int80 function for syscalls (the TLS version does),
1505 then ip will always appear to be in that function when doing a
1506 syscall, not the actual libc function doing the syscall. This
1507 check sees if IP is within that function, and pops the return
1508 address off the stack so that ip is placed within the library
1509 function calling the syscall. This makes stack backtraces much
1510 more useful.
1512 The function is assumed to look like this (from glibc-2.3.6 sources):
1513 _dl_sysinfo_int80:
1514 int $0x80
1516 That is 3 (2+1) bytes long. We could be more thorough and check
1517 the 3 bytes of the function are as expected, but I can't be
1518 bothered.
1520 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */
1521 && startRegs.r_pc >= VG_(client__dl_sysinfo_int80)
1522 && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3
1523 && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr),
1524 VKI_PROT_READ)) {
1525 startRegs.r_pc = (ULong) *(Addr*)(UWord)startRegs.r_sp;
1526 startRegs.r_sp += (ULong) sizeof(Addr);
1528 # endif
1530 /* See if we can get a better idea of the stack limits */
1531 VG_(stack_limits)( (Addr)startRegs.r_sp,
1532 &stack_lowest_byte, &stack_highest_byte );
1534 /* Take into account the first_ip_delta and first_sp_delta. */
1535 startRegs.r_pc += (Long)first_ip_delta;
1536 startRegs.r_sp += (Long)first_sp_delta;
1538 if (0)
1539 VG_(printf)("tid %u: stack_highest=0x%08lx ip=0x%010llx "
1540 "sp=0x%010llx\n",
1541 tid, stack_highest_byte,
1542 startRegs.r_pc, startRegs.r_sp);
1544 return VG_(get_StackTrace_wrk)(tid, ips, n_ips,
1545 sps, fps,
1546 &startRegs,
1547 stack_highest_byte);
1550 UInt VG_(get_StackTrace) ( ThreadId tid,
1551 /*OUT*/StackTrace ips, UInt max_n_ips,
1552 /*OUT*/StackTrace sps,
1553 /*OUT*/StackTrace fps,
1554 Word first_ip_delta )
1556 return VG_(get_StackTrace_with_deltas) (tid,
1557 ips, max_n_ips,
1558 sps,
1559 fps,
1560 first_ip_delta,
1561 0 /* first_sp_delta */
1565 static void printIpDesc(UInt n, DiEpoch ep, Addr ip, void* uu_opaque)
1567 InlIPCursor *iipc = VG_(new_IIPC)(ep, ip);
1569 do {
1570 const HChar *buf = VG_(describe_IP)(ep, ip, iipc);
1571 if (VG_(clo_xml)) {
1572 VG_(printf_xml)(" %s\n", buf);
1573 } else {
1574 VG_(message)(Vg_UserMsg, " %s %s\n",
1575 ( n == 0 ? "at" : "by" ), buf);
1577 n++;
1578 // Increase n to show "at" for only one level.
1579 } while (VG_(next_IIPC)(iipc));
1580 VG_(delete_IIPC)(iipc);
1583 /* Print a StackTrace. */
1584 void VG_(pp_StackTrace) ( DiEpoch ep, StackTrace ips, UInt n_ips )
1586 vg_assert( n_ips > 0 );
1588 if (VG_(clo_xml))
1589 VG_(printf_xml)(" <stack>\n");
1591 VG_(apply_StackTrace)( printIpDesc, NULL, ep, ips, n_ips );
1593 if (VG_(clo_xml))
1594 VG_(printf_xml)(" </stack>\n");
1597 /* Get and immediately print a StackTrace. */
1598 void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips )
1600 Addr ips[max_n_ips];
1601 UInt n_ips
1602 = VG_(get_StackTrace)(tid, ips, max_n_ips,
1603 NULL/*array to dump SP values in*/,
1604 NULL/*array to dump FP values in*/,
1605 0/*first_ip_delta*/);
1606 VG_(pp_StackTrace)(VG_(current_DiEpoch)(), ips, n_ips);
1609 void VG_(apply_StackTrace)(
1610 void(*action)(UInt n, DiEpoch ep, Addr ip, void* opaque),
1611 void* opaque,
1612 DiEpoch ep, StackTrace ips, UInt n_ips
1615 Int i;
1617 vg_assert(n_ips > 0);
1618 if ( ! VG_(clo_show_below_main) ) {
1619 // Search (from the outer frame onwards) the appearance of "main"
1620 // or the last appearance of a below main function.
1621 // Then decrease n_ips so as to not call action for the below main
1622 for (i = n_ips - 1; i >= 0; i--) {
1623 Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ep, ips[i]);
1624 if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind)
1625 n_ips = i + 1;
1626 if (Vg_FnNameMain == kind)
1627 break;
1631 for (i = 0; i < n_ips; i++)
1632 // Act on the ip
1633 action(i, ep, ips[i], opaque);
1637 /*--------------------------------------------------------------------*/
1638 /*--- end ---*/
1639 /*--------------------------------------------------------------------*/