FreeBSD: add file descriptor tracking for _umtx_op
[valgrind.git] / coregrind / m_stacktrace.c
blob0889a6517c01c041f40e3f82ae88041fcca98845
2 /*--------------------------------------------------------------------*/
3 /*--- Take snapshots of client stacks. m_stacktrace.c ---*/
4 /*--------------------------------------------------------------------*/
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
10 Copyright (C) 2000-2017 Julian Seward
11 jseward@acm.org
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, see <http://www.gnu.org/licenses/>.
26 The GNU General Public License is contained in the file COPYING.
29 #include "pub_core_basics.h"
30 #include "pub_core_vki.h"
31 #include "pub_core_threadstate.h"
32 #include "pub_core_debuginfo.h" // XXX: circular dependency
33 #include "pub_core_aspacemgr.h" // For VG_(is_addressable)()
34 #include "pub_core_libcbase.h"
35 #include "pub_core_libcassert.h"
36 #include "pub_core_libcprint.h"
37 #include "pub_core_machine.h"
38 #include "pub_core_options.h"
39 #include "pub_core_stacks.h" // VG_(stack_limits)
40 #include "pub_core_stacktrace.h"
41 #include "pub_core_syswrap.h" // VG_(is_in_syscall)
42 #include "pub_core_xarray.h"
43 #include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80)
44 #include "pub_core_trampoline.h"
45 #include "config.h"
48 /*------------------------------------------------------------*/
49 /*--- ---*/
50 /*--- BEGIN platform-dependent unwinder worker functions ---*/
51 /*--- ---*/
52 /*------------------------------------------------------------*/
54 /* Take a snapshot of the client's stack, putting up to 'max_n_ips'
55 IPs into 'ips'. In order to be thread-safe, we pass in the
56 thread's IP SP, FP if that's meaningful, and LR if that's
57 meaningful. Returns number of IPs put in 'ips'.
59 If you know what the thread ID for this stack is, send that as the
60 first parameter, else send zero. This helps generate better stack
61 traces on ppc64-linux and has no effect on other platforms.
64 /* Do frame merging in the _i frames in _ips array of recursive cycles
65 of up to _nframes. The merge is done during stack unwinding
66 (i.e. in platform specific unwinders) to collect as many
67 "interesting" stack traces as possible. */
68 #define RECURSIVE_MERGE(_nframes,_ips,_i) if (UNLIKELY(_nframes > 0)) \
69 do { \
70 Int dist; \
71 for (dist = 1; dist <= _nframes && dist < (Int)_i; dist++) { \
72 if (_ips[_i-1] == _ips[_i-1-dist]) { \
73 _i = _i - dist; \
74 break; \
75 } \
76 } \
77 } while (0)
79 /* Note about calculation of fp_min : fp_min is the lowest address
80 which can be accessed during unwinding. This is SP - VG_STACK_REDZONE_SZB.
81 On most platforms, this will be equal to SP (as VG_STACK_REDZONE_SZB
82 is 0). However, on some platforms (e.g. amd64), there is an accessible
83 redzone below the SP. Some CFI unwind info are generated, taking this
84 into account. As an example, the following is a CFI unwind info on
85 amd64 found for a 'retq' instruction:
86 [0x400f7e .. 0x400f7e]: let cfa=oldSP+8 in RA=*(cfa+-8) SP=cfa+0 BP=*(cfa+-16)
87 0x400f7e: retq
88 As you can see, the previous BP is found 16 bytes below the cfa, which
89 is the oldSP+8. So, effectively, the BP is found 8 bytes below the SP.
90 The fp_min must take this into account, otherwise, VG_(use_CF_info) will
91 not unwind the BP. */
93 /* ------------------------ x86 ------------------------- */
95 #if defined(VGP_x86_linux) || defined(VGP_x86_darwin) \
96 || defined(VGP_x86_solaris) || defined(VGP_x86_freebsd)
98 #define N_FP_CF_VERIF 1021
99 // prime number so that size of fp_CF_verif is just below 4K or 8K
100 // Note that this prime nr differs from the one chosen in
101 // m_debuginfo/debuginfo.c for the cfsi cache : in case we have
102 // a collision here between two IPs, we expect to not (often) have the
103 // same collision in the cfsi cache (and vice-versa).
105 // unwinding with fp chain is ok:
106 #define FPUNWIND 0
107 // there is no CFI info for this IP:
108 #define NOINFO 1
109 // Unwind with FP is not ok, must use CF unwind:
110 #define CFUNWIND 2
112 static Addr fp_CF_verif_cache [N_FP_CF_VERIF];
114 /* An unwind done by following the fp chain technique can be incorrect
115 as not all frames are respecting the standard bp/sp ABI.
116 The CF information is now generated by default by gcc
117 (as part of the dwarf info). However, unwinding using CF information
118 is significantly slower : a slowdown of 20% has been observed
119 on an helgrind test case.
120 So, by default, the unwinding will be done using the fp chain.
121 But before accepting to unwind an IP with fp_chain, the result
122 of the unwind will be checked with the CF information.
123 This check can give 3 results:
124 FPUNWIND (0): there is CF info, and it gives the same result as fp unwind.
125 => it is assumed that future unwind for this IP can be done
126 with the fast fp chain, without further CF checking
127 NOINFO (1): there is no CF info (so, fp unwind is the only do-able thing)
128 CFUNWIND (2): there is CF info, but unwind result differs.
129 => it is assumed that future unwind for this IP must be done
130 with the CF info.
131 Of course, if each fp unwind implies a check done with a CF unwind,
132 it would just be slower => we cache the check result in an
133 array of checked Addr.
134 The check for an IP will be stored at
135 fp_CF_verif_cache[IP % N_FP_CF_VERIF] as one of:
136 IP ^ FPUNWIND
137 IP ^ NOINFO
138 IP ^ CFUNWIND
140 Note: we can re-use the last (ROUNDDOWN (log (N_FP_CF_VERIF))) bits
141 to store the check result, as they are guaranteed to be non significant
142 in the comparison between 2 IPs stored in fp_CF_verif_cache).
143 In other words, if two IPs are only differing on the last 2 bits,
144 then they will not land in the same cache bucket.
147 /* cached result of VG_(FPO_info_present)(). Refreshed each time
148 the fp_CF_verif_generation is different of the current debuginfo
149 generation. */
150 static Bool FPO_info_present = False;
152 static UInt fp_CF_verif_generation = 0;
153 // Our cache has to be maintained in sync with the CFI cache.
154 // Each time the debuginfo is changed, its generation will be incremented.
155 // We will clear our cache when our saved generation differs from
156 // the debuginfo generation.
158 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
159 /*OUT*/Addr* ips, UInt max_n_ips,
160 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
161 const UnwindStartRegs* startRegs,
162 Addr fp_max_orig )
164 const Bool do_stats = False; // compute and output some stats regularly.
165 static struct {
166 UInt nr; // nr of stacktraces computed
167 UInt nf; // nr of frames computed
168 UInt Ca; // unwind for which cache indicates CFUnwind must be used.
169 UInt FF; // unwind for which cache indicates FPUnwind can be used.
170 UInt Cf; // unwind at end of stack+store CFUNWIND (xip not end of stack).
171 UInt Fw; // unwind at end of stack+store FPUNWIND
172 UInt FO; // unwind + store FPUNWIND
173 UInt CF; // unwind + store CFUNWIND. Details below.
174 UInt xi; UInt xs; UInt xb; // register(s) which caused a 'store CFUNWIND'.
175 UInt Ck; // unwind fp invalid+store FPUNWIND
176 UInt MS; // microsoft unwind
177 } stats;
179 const Bool debug = False;
180 // = VG_(debugLog_getLevel) () > 3;
181 // = True;
182 // = stats.nr >= 123456;
183 const HChar* unwind_case; // used when debug is True.
184 // Debugging this function is not straightforward.
185 // Here is the easiest way I have found:
186 // 1. Change the above to True.
187 // 2. Start your program under Valgrind with --tool=none --vgdb-error=0
188 // 3. Use GDB/vgdb to put a breakpoint where you want to debug the stacktrace
189 // 4. Continue till breakpoint is encountered
190 // 5. From GDB, use 'monitor v.info scheduler' and examine the unwind traces.
191 // You might have to do twice 'monitor v.info scheduler' to see
192 // the effect of caching the results of the verification.
193 // You can also modify the debug dynamically using by using
194 // 'monitor v.set debuglog 4.
196 Int i;
197 Addr fp_max;
198 UInt n_found = 0;
199 const Int cmrf = VG_(clo_merge_recursive_frames);
201 vg_assert(sizeof(Addr) == sizeof(UWord));
202 vg_assert(sizeof(Addr) == sizeof(void*));
204 D3UnwindRegs fpverif_uregs; // result of CF unwind for a check reason.
205 Addr xip_verified = 0; // xip for which we have calculated fpverif_uregs
206 // 0 assigned to silence false positive -Wuninitialized warning
207 // This is a false positive as xip_verified is assigned when
208 // xip_verif > CFUNWIND and only used if xip_verif > CFUNWIND.
210 D3UnwindRegs uregs;
211 uregs.xip = (Addr)startRegs->r_pc;
212 uregs.xsp = (Addr)startRegs->r_sp;
213 uregs.xbp = startRegs->misc.X86.r_ebp;
214 Addr fp_min = uregs.xsp - VG_STACK_REDZONE_SZB;
216 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
217 stopping when the trail goes cold, which we guess to be
218 when FP is not a reasonable stack location. */
220 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
221 // current page, at least. Dunno if it helps.
222 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
223 fp_max = VG_PGROUNDUP(fp_max_orig);
224 if (fp_max >= sizeof(Addr))
225 fp_max -= sizeof(Addr);
227 if (debug)
228 VG_(printf)("max_n_ips=%u fp_min=0x%08lx fp_max_orig=0x08%lx, "
229 "fp_max=0x%08lx ip=0x%08lx fp=0x%08lx\n",
230 max_n_ips, fp_min, fp_max_orig, fp_max,
231 uregs.xip, uregs.xbp);
233 /* Assertion broken before main() is reached in pthreaded programs; the
234 * offending stack traces only have one item. --njn, 2002-aug-16 */
235 /* vg_assert(fp_min <= fp_max);*/
236 // On Darwin, this kicks in for pthread-related stack traces, so they're
237 // only 1 entry long which is wrong.
238 # if defined(VGO_linux)
239 if (fp_min + 512 >= fp_max) {
240 /* If the stack limits look bogus, don't poke around ... but
241 don't bomb out either. */
242 # elif defined(VGO_solaris) || defined(VGO_freebsd)
243 if (fp_max == 0) {
244 /* VG_(get_StackTrace)() can be called by tools very early when
245 various tracing options are enabled. Don't proceed further
246 if the stack limits look bogus.
248 # endif
249 # if defined(VGO_linux) || defined(VGO_solaris) || defined(VGO_freebsd)
250 if (sps) sps[0] = uregs.xsp;
251 if (fps) fps[0] = uregs.xbp;
252 ips[0] = uregs.xip;
253 return 1;
255 # endif
257 if (UNLIKELY (fp_CF_verif_generation != VG_(debuginfo_generation)())) {
258 fp_CF_verif_generation = VG_(debuginfo_generation)();
259 VG_(memset)(&fp_CF_verif_cache, 0, sizeof(fp_CF_verif_cache));
260 FPO_info_present = VG_(FPO_info_present)();
264 /* Loop unwinding the stack. Note that the IP value we get on
265 * each pass (whether from CFI info or a stack frame) is a
266 * return address so is actually after the calling instruction
267 * in the calling function.
269 * Because of this we subtract one from the IP after each pass
270 * of the loop so that we find the right CFI block on the next
271 * pass - otherwise we can find the wrong CFI info if it happens
272 * to change after the calling instruction and that will mean
273 * that we will fail to unwind the next step.
275 * This most frequently happens at the end of a function when
276 * a tail call occurs and we wind up using the CFI info for the
277 * next function which is completely wrong.
279 if (sps) sps[0] = uregs.xsp;
280 if (fps) fps[0] = uregs.xbp;
281 ips[0] = uregs.xip;
282 i = 1;
283 if (do_stats) stats.nr++;
285 // Does this apply to macOS 10.14 and earlier?
286 # if defined(VGO_freebsd) && (FREEBSD_VERS < FREEBSD_13_0)
287 if (VG_(is_valid_tid)(tid_if_known) &&
288 VG_(is_in_syscall)(tid_if_known) &&
289 i < max_n_ips) {
290 /* On FreeBSD, all the system call stubs have no function
291 * prolog. So instead of top of the stack being a new
292 * frame comprising a saved BP and a return address, we
293 * just have the return address in the caller's frame.
294 * Adjust for this by recording the return address.
296 if (debug)
297 VG_(printf)(" in syscall, use XSP-1\n");
298 ips[i] = *(Addr *)uregs.xsp - 1;
299 if (sps) sps[i] = uregs.xsp;
300 if (fps) fps[i] = uregs.xbp;
301 i++;
303 # endif
305 while (True) {
307 if (i >= max_n_ips)
308 break;
310 UWord hash = uregs.xip % N_FP_CF_VERIF;
311 Addr xip_verif = uregs.xip ^ fp_CF_verif_cache [hash];
312 if (debug)
313 VG_(printf)(" uregs.xip 0x%08lx xip_verif[0x%08lx]"
314 " xbp 0x%08lx xsp 0x%08lx\n",
315 uregs.xip, xip_verif,
316 uregs.xbp, uregs.xsp);
317 // If xip is in cache, then xip_verif will be <= CFUNWIND.
318 // Otherwise, if not in cache, xip_verif will be > CFUNWIND.
320 /* Try to derive a new (ip,sp,fp) triple from the current set. */
322 /* Do we have to do CFI unwinding ?
323 We do CFI unwinding if one of the following condition holds:
324 a. fp_CF_verif_cache contains xip but indicates CFUNWIND must
325 be done (i.e. fp unwind check failed when we did the first
326 unwind for this IP).
327 b. fp_CF_verif_cache does not contain xip.
328 We will try CFI unwinding in fpverif_uregs and compare with
329 FP unwind result to insert xip in the cache with the correct
330 indicator. */
331 if (UNLIKELY(xip_verif >= CFUNWIND)) {
332 if (xip_verif == CFUNWIND) {
333 /* case a : do "real" cfi unwind */
334 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
335 if (debug) unwind_case = "Ca";
336 if (do_stats) stats.Ca++;
337 goto unwind_done;
339 /* ??? cache indicates we have to do CFI unwind (so, we
340 previously found CFI info, and failed the fp unwind
341 check). Now, we just failed with CFI. So, once we
342 succeed, once we fail. No idea what is going on =>
343 cleanup the cache entry and fallover to fp unwind (this
344 time). */
345 fp_CF_verif_cache [hash] = 0;
346 if (debug) VG_(printf)(" cache reset as CFI ok then nok\n");
347 //??? stats
348 xip_verif = NOINFO;
349 } else {
350 /* case b : do "verif" cfi unwind in fpverif_uregs */
351 fpverif_uregs = uregs;
352 xip_verified = uregs.xip;
353 if ( !VG_(use_CF_info)( &fpverif_uregs, fp_min, fp_max ) ) {
354 fp_CF_verif_cache [hash] = uregs.xip ^ NOINFO;
355 if (debug) VG_(printf)(" cache NOINFO fpverif_uregs\n");
356 xip_verif = NOINFO;
361 /* On x86, try the old-fashioned method of following the
362 %ebp-chain. This can be done if the fp_CF_verif_cache for xip
363 indicate fp unwind is ok. This must be done if the cache indicates
364 there is no info. This is also done to confirm what to put in the cache
365 if xip was not in the cache. */
366 /* This deals with frames resulting from functions which begin "pushl%
367 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */
368 if (fp_min <= uregs.xbp &&
369 uregs.xbp <= fp_max - 1 * sizeof(UWord)/*see comment below*/ &&
370 VG_IS_4_ALIGNED(uregs.xbp))
372 Addr old_xsp;
374 /* fp looks sane, so use it. */
375 uregs.xip = (((UWord*)uregs.xbp)[1]);
376 // We stop if we hit a zero (the traditional end-of-stack
377 // marker) or a one -- these correspond to recorded IPs of 0 or -1.
378 // The latter because r8818 (in this file) changes the meaning of
379 // entries [1] and above in a stack trace, by subtracting 1 from
380 // them. Hence stacks that used to end with a zero value now end in
381 // -1 and so we must detect that too.
382 if (0 == uregs.xip || 1 == uregs.xip) {
383 if (xip_verif > CFUNWIND) {
384 // Check if we obtain the same result with fp unwind.
385 // If same result, then mark xip as fp unwindable
386 if (uregs.xip == fpverif_uregs.xip) {
387 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND;
388 if (debug) VG_(printf)(" cache FPUNWIND 0\n");
389 unwind_case = "Fw";
390 if (do_stats) stats.Fw++;
391 break;
392 } else {
393 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
394 uregs = fpverif_uregs;
395 if (debug) VG_(printf)(" cache CFUNWIND 0\n");
396 unwind_case = "Cf";
397 if (do_stats) stats.Cf++;
398 goto unwind_done;
400 } else {
401 // end of stack => out of the loop.
402 break;
406 old_xsp = uregs.xsp;
407 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %ebp*/
408 + sizeof(Addr) /*ra*/;
409 uregs.xbp = (((UWord*)uregs.xbp)[0]);
410 if (xip_verif > CFUNWIND) {
411 if (uregs.xip == fpverif_uregs.xip
412 && uregs.xsp == fpverif_uregs.xsp
413 && uregs.xbp == fpverif_uregs.xbp) {
414 fp_CF_verif_cache [hash] = xip_verified ^ FPUNWIND;
415 if (debug) VG_(printf)(" cache FPUNWIND >2\n");
416 if (debug) unwind_case = "FO";
417 if (do_stats) stats.FO++;
418 if (old_xsp >= uregs.xsp) {
419 if (debug)
420 VG_(printf) (" FO end of stack old_xsp %p >= xsp %p\n",
421 (void*)old_xsp, (void*)uregs.xsp);
422 break;
424 } else {
425 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
426 if (debug) VG_(printf)(" cache CFUNWIND >2\n");
427 if (do_stats && uregs.xip != fpverif_uregs.xip) stats.xi++;
428 if (do_stats && uregs.xsp != fpverif_uregs.xsp) stats.xs++;
429 if (do_stats && uregs.xbp != fpverif_uregs.xbp) stats.xb++;
430 uregs = fpverif_uregs;
431 if (debug) unwind_case = "CF";
432 if (do_stats) stats.CF++;
434 } else {
435 if (debug) unwind_case = "FF";
436 if (do_stats) stats.FF++;
437 if (old_xsp >= uregs.xsp) {
438 if (debug)
439 VG_(printf) (" FF end of stack old_xsp %p >= xsp %p\n",
440 (void*)old_xsp, (void*)uregs.xsp);
441 break;
444 goto unwind_done;
445 } else {
446 // fp unwind has failed.
447 // If we were checking the validity of the cfi unwinding,
448 // we mark in the cache that the fp unwind cannot be done, and that
449 // cfi unwind is desired.
450 if (xip_verif > CFUNWIND) {
451 // We know that fpverif_uregs contains valid information,
452 // as a failed cf unwind would have put NOINFO in xip_verif.
453 fp_CF_verif_cache [hash] = xip_verified ^ CFUNWIND;
454 if (debug) VG_(printf)(" cache CFUNWIND as fp failed\n");
455 uregs = fpverif_uregs;
456 if (debug) unwind_case = "Ck";
457 if (do_stats) stats.Ck++;
458 goto unwind_done;
460 // xip_verif is FPUNWIND or NOINFO.
461 // We failed the cfi unwind and/or the fp unwind.
462 // => fallback to FPO info.
465 /* And, similarly, try for MSVC FPO unwind info. */
466 if (FPO_info_present
467 && VG_(use_FPO_info)( &uregs.xip, &uregs.xsp, &uregs.xbp,
468 VG_(current_DiEpoch)(),
469 fp_min, fp_max ) ) {
470 if (debug) unwind_case = "MS";
471 if (do_stats) stats.MS++;
472 goto unwind_done;
475 /* No luck. We have to give up. */
476 break;
478 unwind_done:
479 /* Add a frame in ips/sps/fps */
480 /* fp is %ebp. sp is %esp. ip is %eip. */
481 if (0 == uregs.xip || 1 == uregs.xip) break;
482 if (sps) sps[i] = uregs.xsp;
483 if (fps) fps[i] = uregs.xbp;
484 ips[i++] = uregs.xip - 1;
485 /* -1: refer to calling insn, not the RA */
486 if (debug)
487 VG_(printf)(" ips%s[%d]=0x%08lx\n", unwind_case, i-1, ips[i-1]);
488 uregs.xip = uregs.xip - 1;
489 /* as per comment at the head of this loop */
490 RECURSIVE_MERGE(cmrf,ips,i);
493 if (do_stats) stats.nf += i;
494 if (do_stats && stats.nr % 10000 == 0) {
495 VG_(printf)("nr %u nf %u "
496 "Ca %u FF %u "
497 "Cf %u "
498 "Fw %u FO %u "
499 "CF %u (xi %u xs %u xb %u) "
500 "Ck %u MS %u\n",
501 stats.nr, stats.nf,
502 stats.Ca, stats.FF,
503 stats.Cf,
504 stats.Fw, stats.FO,
505 stats.CF, stats.xi, stats.xs, stats.xb,
506 stats.Ck, stats.MS);
508 n_found = i;
509 return n_found;
512 #undef N_FP_CF_VERIF
513 #undef FPUNWIND
514 #undef NOINFO
515 #undef CFUNWIND
517 #endif
519 /* ----------------------- amd64 ------------------------ */
521 #if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) \
522 || defined(VGP_amd64_solaris) || defined(VGP_amd64_freebsd)
524 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
525 /*OUT*/Addr* ips, UInt max_n_ips,
526 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
527 const UnwindStartRegs* startRegs,
528 Addr fp_max_orig )
530 const Bool debug = False;
531 Int i;
532 Addr fp_max;
533 UInt n_found = 0;
534 const Int cmrf = VG_(clo_merge_recursive_frames);
536 vg_assert(sizeof(Addr) == sizeof(UWord));
537 vg_assert(sizeof(Addr) == sizeof(void*));
539 D3UnwindRegs uregs;
540 uregs.xip = startRegs->r_pc;
541 uregs.xsp = startRegs->r_sp;
542 uregs.xbp = startRegs->misc.AMD64.r_rbp;
543 Addr fp_min = uregs.xsp - VG_STACK_REDZONE_SZB;
545 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
546 stopping when the trail goes cold, which we guess to be
547 when FP is not a reasonable stack location. */
549 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
550 // current page, at least. Dunno if it helps.
551 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
552 fp_max = VG_PGROUNDUP(fp_max_orig);
553 if (fp_max >= sizeof(Addr))
554 fp_max -= sizeof(Addr);
556 if (debug)
557 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
558 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
559 max_n_ips, fp_min, fp_max_orig, fp_max,
560 uregs.xip, uregs.xbp);
562 /* Assertion broken before main() is reached in pthreaded programs; the
563 * offending stack traces only have one item. --njn, 2002-aug-16 */
564 /* vg_assert(fp_min <= fp_max);*/
565 // On Darwin, this kicks in for pthread-related stack traces, so they're
566 // only 1 entry long which is wrong.
567 # if defined(VGO_linux)
568 if (fp_min + 256 >= fp_max) {
569 /* If the stack limits look bogus, don't poke around ... but
570 don't bomb out either. */
571 # elif defined(VGO_solaris)
572 if (fp_max == 0) {
573 /* VG_(get_StackTrace)() can be called by tools very early when
574 various tracing options are enabled. Don't proceed further
575 if the stack limits look bogus.
577 # endif
578 # if defined(VGO_linux) || defined(VGO_solaris)
580 if (sps) sps[0] = uregs.xsp;
581 if (fps) fps[0] = uregs.xbp;
582 ips[0] = uregs.xip;
583 return 1;
585 # endif
587 /* fp is %rbp. sp is %rsp. ip is %rip. */
589 ips[0] = uregs.xip;
590 if (sps) sps[0] = uregs.xsp;
591 if (fps) fps[0] = uregs.xbp;
592 i = 1;
593 if (debug)
594 VG_(printf)(" ipsS[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
595 i-1, ips[i-1], uregs.xbp, uregs.xsp);
597 # if defined(VGO_darwin) || (defined(VGO_freebsd) && (FREEBSD_VERS < FREEBSD_13_0))
598 if (VG_(is_valid_tid)(tid_if_known) &&
599 VG_(is_in_syscall)(tid_if_known) &&
600 i < max_n_ips) {
601 /* On Darwin and FreeBSD, all the system call stubs have no function
602 * prolog. So instead of top of the stack being a new
603 * frame comprising a saved BP and a return address, we
604 * just have the return address in the caller's frame.
605 * Adjust for this by recording the return address.
607 if (debug)
608 VG_(printf)(" in syscall, use XSP-1\n");
609 ips[i] = *(Addr *)uregs.xsp - 1;
610 if (sps) sps[i] = uregs.xsp;
611 if (fps) fps[i] = uregs.xbp;
612 i++;
614 # endif
616 /* Loop unwinding the stack. Note that the IP value we get on
617 * each pass (whether from CFI info or a stack frame) is a
618 * return address so is actually after the calling instruction
619 * in the calling function.
621 * Because of this we subtract one from the IP after each pass
622 * of the loop so that we find the right CFI block on the next
623 * pass - otherwise we can find the wrong CFI info if it happens
624 * to change after the calling instruction and that will mean
625 * that we will fail to unwind the next step.
627 * This most frequently happens at the end of a function when
628 * a tail call occurs and we wind up using the CFI info for the
629 * next function which is completely wrong.
631 while (True) {
632 Addr old_xsp;
634 if (i >= max_n_ips)
635 break;
637 old_xsp = uregs.xsp;
639 /* Try to derive a new (ip,sp,fp) triple from the current set. */
641 /* First off, see if there is any CFI info to hand which can
642 be used. */
643 if ( VG_(use_CF_info)( &uregs, fp_min, fp_max ) ) {
644 if (0 == uregs.xip || 1 == uregs.xip) break;
645 if (old_xsp >= uregs.xsp) {
646 if (debug)
647 VG_(printf) (" CF end of stack old_xsp %p >= xsp %p\n",
648 (void*)old_xsp, (void*)uregs.xsp);
649 break;
651 if (sps) sps[i] = uregs.xsp;
652 if (fps) fps[i] = uregs.xbp;
653 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
654 if (debug)
655 VG_(printf)(" ipsC[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
656 i-1, ips[i-1], uregs.xbp, uregs.xsp);
657 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
658 RECURSIVE_MERGE(cmrf,ips,i);
659 continue;
662 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so
663 we can safely try the old-fashioned method. */
664 /* This bit is supposed to deal with frames resulting from
665 functions which begin "pushq %rbp ; movq %rsp, %rbp".
666 Unfortunately, since we can't (easily) look at the insns at
667 the start of the fn, like GDB does, there's no reliable way
668 to tell. Hence the hack of first trying out CFI, and if that
669 fails, then use this as a fallback. */
670 /* Note: re "- 1 * sizeof(UWord)", need to take account of the
671 fact that we are prodding at & ((UWord*)fp)[1] and so need to
672 adjust the limit check accordingly. Omitting this has been
673 observed to cause segfaults on rare occasions. */
674 if (fp_min <= uregs.xbp && uregs.xbp <= fp_max - 1 * sizeof(UWord)) {
675 /* fp looks sane, so use it. */
676 uregs.xip = (((UWord*)uregs.xbp)[1]);
677 if (0 == uregs.xip || 1 == uregs.xip) break;
678 uregs.xsp = uregs.xbp + sizeof(Addr) /*saved %rbp*/
679 + sizeof(Addr) /*ra*/;
680 if (old_xsp >= uregs.xsp) {
681 if (debug)
682 VG_(printf) (" FF end of stack old_xsp %p >= xsp %p\n",
683 (void*)old_xsp, (void*)uregs.xsp);
684 break;
686 uregs.xbp = (((UWord*)uregs.xbp)[0]);
687 if (sps) sps[i] = uregs.xsp;
688 if (fps) fps[i] = uregs.xbp;
689 ips[i++] = uregs.xip - 1; /* -1: refer to calling insn, not the RA */
690 if (debug)
691 VG_(printf)(" ipsF[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
692 i-1, ips[i-1], uregs.xbp, uregs.xsp);
693 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
694 RECURSIVE_MERGE(cmrf,ips,i);
695 continue;
698 /* Last-ditch hack (evidently GDB does something similar). We
699 are in the middle of nowhere and we have a nonsense value for
700 the frame pointer. If the stack pointer is still valid,
701 assume that what it points at is a return address. Yes,
702 desperate measures. Could do better here:
703 - check that the supposed return address is in
704 an executable page
705 - check that the supposed return address is just after a call insn
706 - given those two checks, don't just consider *sp as the return
707 address; instead scan a likely section of stack (eg sp .. sp+256)
708 and use suitable values found there.
710 if (fp_min <= uregs.xsp && uregs.xsp < fp_max) {
711 uregs.xip = ((UWord*)uregs.xsp)[0];
712 if (0 == uregs.xip || 1 == uregs.xip) break;
713 if (sps) sps[i] = uregs.xsp;
714 if (fps) fps[i] = uregs.xbp;
715 ips[i++] = uregs.xip == 0
716 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a
717 thread stack */
718 : uregs.xip - 1;
719 /* -1: refer to calling insn, not the RA */
720 if (debug)
721 VG_(printf)(" ipsH[%d]=%#08lx\n", i-1, ips[i-1]);
722 uregs.xip = uregs.xip - 1; /* as per comment at the head of this loop */
723 uregs.xsp += 8;
724 RECURSIVE_MERGE(cmrf,ips,i);
725 continue;
728 /* No luck at all. We have to give up. */
729 break;
732 n_found = i;
733 return n_found;
736 #endif
738 /* -----------------------ppc32/64 ---------------------- */
740 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \
741 || defined(VGP_ppc64le_linux)
743 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
744 /*OUT*/Addr* ips, UInt max_n_ips,
745 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
746 const UnwindStartRegs* startRegs,
747 Addr fp_max_orig )
749 Bool lr_is_first_RA = False;
750 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
751 Word redir_stack_size = 0;
752 Word redirs_used = 0;
753 # endif
754 const Int cmrf = VG_(clo_merge_recursive_frames);
755 const DiEpoch cur_ep = VG_(current_DiEpoch)();
757 Bool debug = False;
758 Int i;
759 Addr fp_max;
760 UInt n_found = 0;
762 vg_assert(sizeof(Addr) == sizeof(UWord));
763 vg_assert(sizeof(Addr) == sizeof(void*));
765 Addr ip = (Addr)startRegs->r_pc;
766 Addr sp = (Addr)startRegs->r_sp;
767 Addr fp = sp;
768 # if defined(VGP_ppc32_linux)
769 Addr lr = startRegs->misc.PPC32.r_lr;
770 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
771 Addr lr = startRegs->misc.PPC64.r_lr;
772 # endif
773 Addr fp_min = sp - VG_STACK_REDZONE_SZB;
775 VG_(addr_load_di)(ip);
777 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
778 stopping when the trail goes cold, which we guess to be
779 when FP is not a reasonable stack location. */
781 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
782 // current page, at least. Dunno if it helps.
783 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
784 fp_max = VG_PGROUNDUP(fp_max_orig);
785 if (fp_max >= sizeof(Addr))
786 fp_max -= sizeof(Addr);
788 if (debug)
789 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
790 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
791 max_n_ips, fp_min, fp_max_orig, fp_max, ip, fp);
793 /* Assertion broken before main() is reached in pthreaded programs; the
794 * offending stack traces only have one item. --njn, 2002-aug-16 */
795 /* vg_assert(fp_min <= fp_max);*/
796 if (fp_min + 512 >= fp_max) {
797 /* If the stack limits look bogus, don't poke around ... but
798 don't bomb out either. */
799 if (sps) sps[0] = sp;
800 if (fps) fps[0] = fp;
801 ips[0] = ip;
802 return 1;
805 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and
806 frame pointers. */
808 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
809 redir_stack_size = VEX_GUEST_PPC64_REDIR_STACK_SIZE;
810 redirs_used = 0;
811 # endif
813 # if defined(VG_PLAT_USES_PPCTOC) || defined (VGP_ppc64le_linux)
814 /* Deal with bogus LR values caused by function
815 interception/wrapping on ppc-TOC platforms; see comment on
816 similar code a few lines further down. */
817 if (lr == (Addr)&VG_(ppctoc_magic_redirect_return_stub)
818 && VG_(is_valid_tid)(tid_if_known)) {
819 Word hsp = VG_(threads)[tid_if_known].arch.vex.guest_REDIR_SP;
820 redirs_used++;
821 if (hsp >= 1 && hsp < redir_stack_size)
822 lr = VG_(threads)[tid_if_known]
823 .arch.vex.guest_REDIR_STACK[hsp-1];
825 # endif
827 /* We have to determine whether or not LR currently holds this fn
828 (call it F)'s return address. It might not if F has previously
829 called some other function, hence overwriting LR with a pointer
830 to some part of F. Hence if LR and IP point to the same
831 function then we conclude LR does not hold this function's
832 return address; instead the LR at entry must have been saved in
833 the stack by F's prologue and so we must get it from there
834 instead. Note all this guff only applies to the innermost
835 frame. */
836 lr_is_first_RA = False;
838 const HChar *buf_lr, *buf_ip;
839 /* The following conditional looks grossly inefficient and
840 surely could be majorly improved, with not much effort. */
841 if (VG_(get_fnname_raw) (cur_ep, lr, &buf_lr)) {
842 HChar buf_lr_copy[VG_(strlen)(buf_lr) + 1];
843 VG_(strcpy)(buf_lr_copy, buf_lr);
844 if (VG_(get_fnname_raw) (cur_ep, ip, &buf_ip))
845 if (VG_(strcmp)(buf_lr_copy, buf_ip))
846 lr_is_first_RA = True;
850 if (sps) sps[0] = fp; /* NB. not sp */
851 if (fps) fps[0] = fp;
852 ips[0] = ip;
853 i = 1;
855 if (fp_min <= fp && fp < fp_max-VG_WORDSIZE+1) {
857 /* initial FP is sane; keep going */
858 fp = (((UWord*)fp)[0]);
860 while (True) {
862 /* On ppc64-linux (ppc64-elf, really), the lr save
863 slot is 2 words back from sp, whereas on ppc32-elf(?) it's
864 only one word back. */
865 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
866 const Int lr_offset = 2;
867 # else
868 const Int lr_offset = 1;
869 # endif
871 if (i >= max_n_ips)
872 break;
874 /* Try to derive a new (ip,fp) pair from the current set. */
876 if (fp_min <= fp && fp <= fp_max - lr_offset * sizeof(UWord)) {
877 /* fp looks sane, so use it. */
879 if (i == 1 && lr_is_first_RA)
880 ip = lr;
881 else
882 ip = (((UWord*)fp)[lr_offset]);
884 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
885 /* Nasty hack to do with function replacement/wrapping on
886 ppc64-linux. If LR points to our magic return stub,
887 then we are in a wrapped or intercepted function, in
888 which LR has been messed with. The original LR will
889 have been pushed onto the thread's hidden REDIR stack
890 one down from the top (top element is the saved R2) and
891 so we should restore the value from there instead.
892 Since nested redirections can and do happen, we keep
893 track of the number of nested LRs used by the unwinding
894 so far with 'redirs_used'. */
895 if (ip == (Addr)&VG_(ppctoc_magic_redirect_return_stub)
896 && VG_(is_valid_tid)(tid_if_known)) {
897 Word hsp = VG_(threads)[tid_if_known]
898 .arch.vex.guest_REDIR_SP;
899 hsp -= 2 * redirs_used;
900 redirs_used ++;
901 if (hsp >= 1 && hsp < redir_stack_size)
902 ip = VG_(threads)[tid_if_known]
903 .arch.vex.guest_REDIR_STACK[hsp-1];
905 # endif
907 if (0 == ip || 1 == ip) break;
908 if (sps) sps[i] = fp; /* NB. not sp */
909 if (fps) fps[i] = fp;
910 fp = (((UWord*)fp)[0]);
911 ips[i++] = ip - 1; /* -1: refer to calling insn, not the RA */
912 if (debug)
913 VG_(printf)(" ipsF[%d]=%#08lx\n", i-1, ips[i-1]);
914 ip = ip - 1; /* ip is probably dead at this point, but
915 play safe, a la x86/amd64 above. See
916 extensive comments above. */
917 RECURSIVE_MERGE(cmrf,ips,i);
918 VG_(addr_load_di)(ip);
919 continue;
922 /* No luck there. We have to give up. */
923 break;
927 n_found = i;
928 return n_found;
931 #endif
933 /* ------------------------ arm ------------------------- */
935 #if defined(VGP_arm_linux)
937 static Bool in_same_fn ( Addr a1, Addr a2 )
939 const HChar *buf_a1, *buf_a2;
940 /* The following conditional looks grossly inefficient and
941 surely could be majorly improved, with not much effort. */
942 const DiEpoch cur_ep = VG_(current_DiEpoch)();
943 if (VG_(get_fnname_raw) (cur_ep, a1, &buf_a1)) {
944 HChar buf_a1_copy[VG_(strlen)(buf_a1) + 1];
945 VG_(strcpy)(buf_a1_copy, buf_a1);
946 if (VG_(get_fnname_raw) (cur_ep, a2, &buf_a2))
947 if (VG_(strcmp)(buf_a1_copy, buf_a2))
948 return True;
950 return False;
953 static Bool in_same_page ( Addr a1, Addr a2 ) {
954 return (a1 & ~0xFFF) == (a2 & ~0xFFF);
957 static Addr abs_diff ( Addr a1, Addr a2 ) {
958 return (Addr)(a1 > a2 ? a1 - a2 : a2 - a1);
961 static Bool has_XT_perms ( Addr a )
963 NSegment const* seg = VG_(am_find_nsegment)(a);
964 return seg && seg->hasX && seg->hasT;
967 static Bool looks_like_Thumb_call32 ( UShort w0, UShort w1 )
969 if (0)
970 VG_(printf)("isT32call %04x %04x\n", (UInt)w0, (UInt)w1);
971 // BL simm26
972 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
973 // BLX simm26
974 if ((w0 & 0xF800) == 0xF000 && (w1 & 0xC000) == 0xC000) return True;
975 return False;
978 static Bool looks_like_Thumb_call16 ( UShort w0 )
980 return False;
983 static Bool looks_like_ARM_call ( UInt a0 )
985 if (0)
986 VG_(printf)("isA32call %08x\n", a0);
987 // Leading E forces unconditional only -- fix
988 if ((a0 & 0xFF000000) == 0xEB000000) return True;
989 return False;
992 static Bool looks_like_RA ( Addr ra )
994 /* 'ra' is a plausible return address if it points to
995 an instruction after a call insn. */
996 Bool isT = (ra & 1);
997 if (isT) {
998 // returning to Thumb code
999 ra &= ~1;
1000 ra -= 4;
1001 if (has_XT_perms(ra)) {
1002 UShort w0 = *(UShort*)ra;
1003 UShort w1 = in_same_page(ra, ra+2) ? *(UShort*)(ra+2) : 0;
1004 if (looks_like_Thumb_call16(w1) || looks_like_Thumb_call32(w0,w1))
1005 return True;
1007 } else {
1008 // ARM
1009 ra &= ~3;
1010 ra -= 4;
1011 if (has_XT_perms(ra)) {
1012 UInt a0 = *(UInt*)ra;
1013 if (looks_like_ARM_call(a0))
1014 return True;
1017 return False;
1020 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1021 /*OUT*/Addr* ips, UInt max_n_ips,
1022 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1023 const UnwindStartRegs* startRegs,
1024 Addr fp_max_orig )
1026 Bool debug = False;
1027 Int i;
1028 Addr fp_max;
1029 UInt n_found = 0;
1030 const Int cmrf = VG_(clo_merge_recursive_frames);
1032 vg_assert(sizeof(Addr) == sizeof(UWord));
1033 vg_assert(sizeof(Addr) == sizeof(void*));
1035 D3UnwindRegs uregs;
1036 uregs.r15 = startRegs->r_pc & 0xFFFFFFFE;
1037 uregs.r14 = startRegs->misc.ARM.r14;
1038 uregs.r13 = startRegs->r_sp;
1039 uregs.r12 = startRegs->misc.ARM.r12;
1040 uregs.r11 = startRegs->misc.ARM.r11;
1041 uregs.r7 = startRegs->misc.ARM.r7;
1042 Addr fp_min = uregs.r13 - VG_STACK_REDZONE_SZB;
1044 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1045 stopping when the trail goes cold, which we guess to be
1046 when FP is not a reasonable stack location. */
1048 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1049 // current page, at least. Dunno if it helps.
1050 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1051 fp_max = VG_PGROUNDUP(fp_max_orig);
1052 if (fp_max >= sizeof(Addr))
1053 fp_max -= sizeof(Addr);
1055 if (debug)
1056 VG_(printf)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1057 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n",
1058 max_n_ips, fp_min, fp_max_orig, fp_max,
1059 uregs.r15, uregs.r13);
1061 /* Assertion broken before main() is reached in pthreaded programs; the
1062 * offending stack traces only have one item. --njn, 2002-aug-16 */
1063 /* vg_assert(fp_min <= fp_max);*/
1064 // On Darwin, this kicks in for pthread-related stack traces, so they're
1065 // only 1 entry long which is wrong.
1066 if (fp_min + 512 >= fp_max) {
1067 /* If the stack limits look bogus, don't poke around ... but
1068 don't bomb out either. */
1069 if (sps) sps[0] = uregs.r13;
1070 if (fps) fps[0] = 0;
1071 ips[0] = uregs.r15;
1072 return 1;
1075 /* */
1077 if (sps) sps[0] = uregs.r13;
1078 if (fps) fps[0] = 0;
1079 ips[0] = uregs.r15;
1080 i = 1;
1082 /* Loop unwinding the stack. */
1083 Bool do_stack_scan = False;
1085 /* First try the Official Way, using Dwarf CFI. */
1086 while (True) {
1087 if (debug) {
1088 VG_(printf)("i: %d, r15: 0x%lx, r13: 0x%lx\n",
1089 i, uregs.r15, uregs.r13);
1092 if (i >= max_n_ips)
1093 break;
1095 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1096 if (sps) sps[i] = uregs.r13;
1097 if (fps) fps[i] = 0;
1098 ips[i++] = (uregs.r15 & 0xFFFFFFFE) - 1;
1099 if (debug)
1100 VG_(printf)("USING CFI: r15: 0x%lx, r13: 0x%lx\n",
1101 uregs.r15, uregs.r13);
1102 uregs.r15 = (uregs.r15 & 0xFFFFFFFE) - 1;
1103 RECURSIVE_MERGE(cmrf,ips,i);
1104 continue;
1107 /* No luck. We have to give up. */
1108 do_stack_scan = True;
1109 break;
1112 /* Now try Plan B (maybe) -- stack scanning. This often gives
1113 pretty bad results, so this has to be enabled explicitly by the
1114 user. */
1115 if (do_stack_scan
1116 && i < max_n_ips && i < (Int)VG_(clo_unw_stack_scan_thresh)) {
1117 Int nByStackScan = 0;
1118 Addr lr = uregs.r14;
1119 Addr sp = uregs.r13 & ~3;
1120 Addr pc = uregs.r15;
1121 // First see if LR contains
1122 // something that could be a valid return address.
1123 if (!in_same_fn(lr, pc) && looks_like_RA(lr)) {
1124 // take it only if 'cand' isn't obviously a duplicate
1125 // of the last found IP value
1126 Addr cand = (lr & 0xFFFFFFFE) - 1;
1127 if (abs_diff(cand, ips[i-1]) > 1) {
1128 if (sps) sps[i] = 0;
1129 if (fps) fps[i] = 0;
1130 ips[i++] = cand;
1131 RECURSIVE_MERGE(cmrf,ips,i);
1132 nByStackScan++;
1135 while (in_same_page(sp, uregs.r13)) {
1136 if (i >= max_n_ips)
1137 break;
1138 // we're in the same page; fairly safe to keep going
1139 UWord w = *(UWord*)(sp & ~0x3);
1140 if (looks_like_RA(w)) {
1141 Addr cand = (w & 0xFFFFFFFE) - 1;
1142 // take it only if 'cand' isn't obviously a duplicate
1143 // of the last found IP value
1144 if (abs_diff(cand, ips[i-1]) > 1) {
1145 if (sps) sps[i] = 0;
1146 if (fps) fps[i] = 0;
1147 ips[i++] = cand;
1148 RECURSIVE_MERGE(cmrf,ips,i);
1149 if (++nByStackScan >= VG_(clo_unw_stack_scan_frames)) break;
1152 sp += 4;
1156 n_found = i;
1157 return n_found;
1160 #endif
1162 /* ------------------------ arm64 ------------------------- */
1164 #if defined(VGP_arm64_linux) || defined(VGP_arm64_freebsd)
1166 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1167 /*OUT*/Addr* ips, UInt max_n_ips,
1168 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1169 const UnwindStartRegs* startRegs,
1170 Addr fp_max_orig )
1172 Bool debug = False;
1173 Int i;
1174 Addr fp_max;
1175 UInt n_found = 0;
1176 const Int cmrf = VG_(clo_merge_recursive_frames);
1178 vg_assert(sizeof(Addr) == sizeof(UWord));
1179 vg_assert(sizeof(Addr) == sizeof(void*));
1181 D3UnwindRegs uregs;
1182 uregs.pc = startRegs->r_pc;
1183 uregs.sp = startRegs->r_sp;
1184 uregs.x30 = startRegs->misc.ARM64.x30;
1185 uregs.x29 = startRegs->misc.ARM64.x29;
1186 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1188 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1189 stopping when the trail goes cold, which we guess to be
1190 when FP is not a reasonable stack location. */
1192 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1193 // current page, at least. Dunno if it helps.
1194 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1195 fp_max = VG_PGROUNDUP(fp_max_orig);
1196 if (fp_max >= sizeof(Addr))
1197 fp_max -= sizeof(Addr);
1199 if (debug)
1200 VG_(printf)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1201 "fp_max=0x%lx PC=0x%lx SP=0x%lx\n",
1202 max_n_ips, fp_min, fp_max_orig, fp_max,
1203 uregs.pc, uregs.sp);
1205 /* Assertion broken before main() is reached in pthreaded programs; the
1206 * offending stack traces only have one item. --njn, 2002-aug-16 */
1207 /* vg_assert(fp_min <= fp_max);*/
1208 // On Darwin, this kicks in for pthread-related stack traces, so they're
1209 // only 1 entry long which is wrong.
1210 # if defined(VGO_linux)
1211 if (fp_min + 512 >= fp_max) {
1212 # elif defined(VGO_freebsd)
1213 if (fp_max == 0) {
1214 #endif
1215 # if defined(VGO_linux) || defined(VGO_freebsd)
1216 /* If the stack limits look bogus, don't poke around ... but
1217 don't bomb out either. */
1218 if (sps) sps[0] = uregs.sp;
1219 if (fps) fps[0] = uregs.x29;
1220 ips[0] = uregs.pc;
1221 return 1;
1223 #endif
1225 /* */
1227 if (sps) sps[0] = uregs.sp;
1228 if (fps) fps[0] = uregs.x29;
1229 ips[0] = uregs.pc;
1230 i = 1;
1232 /* Loop unwinding the stack, using CFI. */
1233 while (True) {
1234 if (debug) {
1235 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx\n",
1236 i, uregs.pc, uregs.sp);
1239 if (i >= max_n_ips)
1240 break;
1242 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1243 if (sps) sps[i] = uregs.sp;
1244 if (fps) fps[i] = uregs.x29;
1245 ips[i++] = uregs.pc - 1;
1246 if (debug)
1247 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx\n",
1248 uregs.pc, uregs.sp);
1249 uregs.pc = uregs.pc - 1;
1250 RECURSIVE_MERGE(cmrf,ips,i);
1251 continue;
1254 /* No luck. We have to give up. */
1255 break;
1258 n_found = i;
1259 return n_found;
1262 #endif
1264 /* ------------------------ s390x ------------------------- */
1266 #if defined(VGP_s390x_linux)
1268 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1269 /*OUT*/Addr* ips, UInt max_n_ips,
1270 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1271 const UnwindStartRegs* startRegs,
1272 Addr fp_max_orig )
1274 Bool debug = False;
1275 Int i;
1276 Addr fp_max;
1277 UInt n_found = 0;
1278 const Int cmrf = VG_(clo_merge_recursive_frames);
1280 vg_assert(sizeof(Addr) == sizeof(UWord));
1281 vg_assert(sizeof(Addr) == sizeof(void*));
1283 D3UnwindRegs uregs;
1284 uregs.ia = startRegs->r_pc;
1285 uregs.sp = startRegs->r_sp;
1286 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1287 uregs.fp = startRegs->misc.S390X.r_fp;
1288 uregs.lr = startRegs->misc.S390X.r_lr;
1289 uregs.f0 = startRegs->misc.S390X.r_f0;
1290 uregs.f1 = startRegs->misc.S390X.r_f1;
1291 uregs.f2 = startRegs->misc.S390X.r_f2;
1292 uregs.f3 = startRegs->misc.S390X.r_f3;
1293 uregs.f4 = startRegs->misc.S390X.r_f4;
1294 uregs.f5 = startRegs->misc.S390X.r_f5;
1295 uregs.f6 = startRegs->misc.S390X.r_f6;
1296 uregs.f7 = startRegs->misc.S390X.r_f7;
1298 fp_max = VG_PGROUNDUP(fp_max_orig);
1299 if (fp_max >= sizeof(Addr))
1300 fp_max -= sizeof(Addr);
1302 if (debug)
1303 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1304 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n",
1305 max_n_ips, fp_min, fp_max_orig, fp_max,
1306 uregs.ia, uregs.sp,uregs.fp);
1308 /* The first frame is pretty obvious */
1309 ips[0] = uregs.ia;
1310 if (sps) sps[0] = uregs.sp;
1311 if (fps) fps[0] = uregs.fp;
1312 i = 1;
1314 /* for everything else we have to rely on the eh_frame. gcc defaults to
1315 not create a backchain and all the other tools (like gdb) also have
1316 to use the CFI. */
1317 while (True) {
1318 if (i >= max_n_ips)
1319 break;
1321 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1322 if (sps) sps[i] = uregs.sp;
1323 if (fps) fps[i] = uregs.fp;
1324 ips[i++] = uregs.ia - 1;
1325 uregs.ia = uregs.ia - 1;
1326 RECURSIVE_MERGE(cmrf,ips,i);
1327 continue;
1329 /* A problem on the first frame? Lets assume it was a bad jump.
1330 We will use the link register and the current stack and frame
1331 pointers and see if we can use the CFI in the next round. */
1332 if (i == 1) {
1333 if (sps) {
1334 sps[i] = sps[0];
1335 uregs.sp = sps[0];
1337 if (fps) {
1338 fps[i] = fps[0];
1339 uregs.fp = fps[0];
1341 uregs.ia = uregs.lr - 1;
1342 ips[i++] = uregs.lr - 1;
1343 RECURSIVE_MERGE(cmrf,ips,i);
1344 continue;
1347 /* No luck. We have to give up. */
1348 break;
1351 n_found = i;
1352 return n_found;
1355 #endif
1357 /* ------------------------ mips 32/64 ------------------------- */
1358 #if defined(VGP_mips32_linux) || defined(VGP_mips64_linux) \
1359 || defined(VGP_nanomips_linux)
1360 UInt VG_(get_StackTrace_wrk) ( ThreadId tid_if_known,
1361 /*OUT*/Addr* ips, UInt max_n_ips,
1362 /*OUT*/Addr* sps, /*OUT*/Addr* fps,
1363 const UnwindStartRegs* startRegs,
1364 Addr fp_max_orig )
1366 Bool debug = False;
1367 Int i;
1368 Addr fp_max;
1369 UInt n_found = 0;
1370 const Int cmrf = VG_(clo_merge_recursive_frames);
1372 vg_assert(sizeof(Addr) == sizeof(UWord));
1373 vg_assert(sizeof(Addr) == sizeof(void*));
1375 D3UnwindRegs uregs;
1376 uregs.pc = startRegs->r_pc;
1377 uregs.sp = startRegs->r_sp;
1378 Addr fp_min = uregs.sp - VG_STACK_REDZONE_SZB;
1380 #if defined(VGP_mips32_linux) || defined(VGP_nanomips_linux)
1381 uregs.fp = startRegs->misc.MIPS32.r30;
1382 uregs.ra = startRegs->misc.MIPS32.r31;
1383 #elif defined(VGP_mips64_linux)
1384 uregs.fp = startRegs->misc.MIPS64.r30;
1385 uregs.ra = startRegs->misc.MIPS64.r31;
1386 #endif
1388 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1389 stopping when the trail goes cold, which we guess to be
1390 when FP is not a reasonable stack location. */
1392 fp_max = VG_PGROUNDUP(fp_max_orig);
1393 if (fp_max >= sizeof(Addr))
1394 fp_max -= sizeof(Addr);
1396 if (debug)
1397 VG_(printf)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1398 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n",
1399 max_n_ips, fp_min, fp_max_orig, fp_max,
1400 uregs.pc, uregs.sp, uregs.fp);
1402 if (sps) sps[0] = uregs.sp;
1403 if (fps) fps[0] = uregs.fp;
1404 ips[0] = uregs.pc;
1405 i = 1;
1407 /* Loop unwinding the stack. */
1409 while (True) {
1410 if (debug) {
1411 VG_(printf)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1412 i, uregs.pc, uregs.sp, uregs.ra);
1414 if (i >= max_n_ips)
1415 break;
1417 D3UnwindRegs uregs_copy = uregs;
1418 if (VG_(use_CF_info)( &uregs, fp_min, fp_max )) {
1419 if (debug)
1420 VG_(printf)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1421 uregs.pc, uregs.sp, uregs.ra);
1422 if (0 != uregs.pc && 1 != uregs.pc) {
1423 if (sps) sps[i] = uregs.sp;
1424 if (fps) fps[i] = uregs.fp;
1425 ips[i++] = uregs.pc - 4;
1426 uregs.pc = uregs.pc - 4;
1427 RECURSIVE_MERGE(cmrf,ips,i);
1428 continue;
1429 } else
1430 uregs = uregs_copy;
1433 int seen_sp_adjust = 0;
1434 long frame_offset = 0;
1435 PtrdiffT offset;
1436 const DiEpoch cur_ep = VG_(current_DiEpoch)();
1437 if (VG_(get_inst_offset_in_function)(cur_ep, uregs.pc, &offset)) {
1438 Addr start_pc = uregs.pc - offset;
1439 Addr limit_pc = uregs.pc;
1440 Addr cur_pc;
1441 for (cur_pc = start_pc; cur_pc < limit_pc; cur_pc += 4) {
1442 unsigned long inst, high_word, low_word;
1443 unsigned long * cur_inst;
1444 /* Fetch the instruction. */
1445 cur_inst = (unsigned long *)cur_pc;
1446 inst = *((UInt *) cur_inst);
1447 if(debug)
1448 VG_(printf)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc, inst);
1450 /* Save some code by pre-extracting some useful fields. */
1451 high_word = (inst >> 16) & 0xffff;
1452 low_word = inst & 0xffff;
1454 if (high_word == 0x27bd /* addiu $sp,$sp,-i */
1455 || high_word == 0x23bd /* addi $sp,$sp,-i */
1456 || high_word == 0x67bd) { /* daddiu $sp,$sp,-i */
1457 if (low_word & 0x8000) /* negative stack adjustment? */
1458 frame_offset += 0x10000 - low_word;
1459 else
1460 /* Exit loop if a positive stack adjustment is found, which
1461 usually means that the stack cleanup code in the function
1462 epilogue is reached. */
1463 break;
1464 seen_sp_adjust = 1;
1467 if(debug)
1468 VG_(printf)("offset: 0x%ld\n", frame_offset);
1470 if (seen_sp_adjust) {
1471 if (0 == uregs.pc || 1 == uregs.pc) break;
1472 if (uregs.pc == uregs.ra - 8) break;
1473 if (sps) {
1474 sps[i] = uregs.sp + frame_offset;
1476 uregs.sp = uregs.sp + frame_offset;
1478 if (fps) {
1479 fps[i] = fps[0];
1480 uregs.fp = fps[0];
1482 if (0 == uregs.ra || 1 == uregs.ra) break;
1483 uregs.pc = uregs.ra - 8;
1484 ips[i++] = uregs.ra - 8;
1485 RECURSIVE_MERGE(cmrf,ips,i);
1486 continue;
1489 if (i == 1) {
1490 if (sps) {
1491 sps[i] = sps[0];
1492 uregs.sp = sps[0];
1494 if (fps) {
1495 fps[i] = fps[0];
1496 uregs.fp = fps[0];
1498 if (0 == uregs.ra || 1 == uregs.ra) break;
1499 uregs.pc = uregs.ra - 8;
1500 ips[i++] = uregs.ra - 8;
1501 RECURSIVE_MERGE(cmrf,ips,i);
1502 continue;
1504 /* No luck. We have to give up. */
1505 break;
1508 n_found = i;
1509 return n_found;
1512 #endif
1514 /*------------------------------------------------------------*/
1515 /*--- ---*/
1516 /*--- END platform-dependent unwinder worker functions ---*/
1517 /*--- ---*/
1518 /*------------------------------------------------------------*/
1520 /*------------------------------------------------------------*/
1521 /*--- Exported functions. ---*/
1522 /*------------------------------------------------------------*/
1524 UInt VG_(get_StackTrace_with_deltas)(
1525 ThreadId tid,
1526 /*OUT*/StackTrace ips, UInt n_ips,
1527 /*OUT*/StackTrace sps,
1528 /*OUT*/StackTrace fps,
1529 Word first_ip_delta,
1530 Word first_sp_delta
1533 /* Get the register values with which to start the unwind. */
1534 UnwindStartRegs startRegs;
1535 VG_(memset)( &startRegs, 0, sizeof(startRegs) );
1536 VG_(get_UnwindStartRegs)( &startRegs, tid );
1538 Addr stack_highest_byte = VG_(threads)[tid].client_stack_highest_byte;
1539 Addr stack_lowest_byte = 0;
1541 # if defined(VGP_x86_linux)
1542 /* Nasty little hack to deal with syscalls - if libc is using its
1543 _dl_sysinfo_int80 function for syscalls (the TLS version does),
1544 then ip will always appear to be in that function when doing a
1545 syscall, not the actual libc function doing the syscall. This
1546 check sees if IP is within that function, and pops the return
1547 address off the stack so that ip is placed within the library
1548 function calling the syscall. This makes stack backtraces much
1549 more useful.
1551 The function is assumed to look like this (from glibc-2.3.6 sources):
1552 _dl_sysinfo_int80:
1553 int $0x80
1555 That is 3 (2+1) bytes long. We could be more thorough and check
1556 the 3 bytes of the function are as expected, but I can't be
1557 bothered.
1559 if (VG_(client__dl_sysinfo_int80) != 0 /* we know its address */
1560 && startRegs.r_pc >= VG_(client__dl_sysinfo_int80)
1561 && startRegs.r_pc < VG_(client__dl_sysinfo_int80)+3
1562 && VG_(am_is_valid_for_client)(startRegs.r_pc, sizeof(Addr),
1563 VKI_PROT_READ)) {
1564 startRegs.r_pc = (ULong) *(Addr*)(UWord)startRegs.r_sp;
1565 startRegs.r_sp += (ULong) sizeof(Addr);
1567 # endif
1569 /* See if we can get a better idea of the stack limits */
1570 VG_(stack_limits)( (Addr)startRegs.r_sp,
1571 &stack_lowest_byte, &stack_highest_byte );
1573 /* Take into account the first_ip_delta and first_sp_delta. */
1574 startRegs.r_pc += (Long)first_ip_delta;
1575 startRegs.r_sp += (Long)first_sp_delta;
1577 if (0)
1578 VG_(printf)("tid %u: stack_highest=0x%08lx ip=0x%010llx "
1579 "sp=0x%010llx\n",
1580 tid, stack_highest_byte,
1581 startRegs.r_pc, startRegs.r_sp);
1583 return VG_(get_StackTrace_wrk)(tid, ips, n_ips,
1584 sps, fps,
1585 &startRegs,
1586 stack_highest_byte);
1589 UInt VG_(get_StackTrace) ( ThreadId tid,
1590 /*OUT*/StackTrace ips, UInt max_n_ips,
1591 /*OUT*/StackTrace sps,
1592 /*OUT*/StackTrace fps,
1593 Word first_ip_delta )
1595 return VG_(get_StackTrace_with_deltas) (tid,
1596 ips, max_n_ips,
1597 sps,
1598 fps,
1599 first_ip_delta,
1600 0 /* first_sp_delta */
1604 static void printIpDesc(UInt n, DiEpoch ep, Addr ip, void* uu_opaque)
1606 InlIPCursor *iipc = VG_(new_IIPC)(ep, ip);
1608 do {
1609 const HChar *buf = VG_(describe_IP)(ep, ip, iipc);
1610 if (VG_(clo_xml)) {
1611 VG_(printf_xml)(" %s\n", buf);
1612 } else {
1613 VG_(message)(Vg_UserMsg, " %s %s\n",
1614 ( n == 0 ? "at" : "by" ), buf);
1616 n++;
1617 // Increase n to show "at" for only one level.
1618 } while (VG_(next_IIPC)(iipc));
1619 VG_(delete_IIPC)(iipc);
1622 /* Print a StackTrace. */
1623 void VG_(pp_StackTrace) ( DiEpoch ep, StackTrace ips, UInt n_ips )
1625 vg_assert( n_ips > 0 );
1627 if (VG_(clo_xml))
1628 VG_(printf_xml)(" <stack>\n");
1630 VG_(apply_StackTrace)( printIpDesc, NULL, ep, ips, n_ips );
1632 if (VG_(clo_xml))
1633 VG_(printf_xml)(" </stack>\n");
1636 /* Get and immediately print a StackTrace. */
1637 void VG_(get_and_pp_StackTrace) ( ThreadId tid, UInt max_n_ips )
1639 Addr ips[max_n_ips];
1640 UInt n_ips
1641 = VG_(get_StackTrace)(tid, ips, max_n_ips,
1642 NULL/*array to dump SP values in*/,
1643 NULL/*array to dump FP values in*/,
1644 0/*first_ip_delta*/);
1645 VG_(pp_StackTrace)(VG_(current_DiEpoch)(), ips, n_ips);
1648 void VG_(apply_StackTrace)(
1649 void(*action)(UInt n, DiEpoch ep, Addr ip, void* opaque),
1650 void* opaque,
1651 DiEpoch ep, StackTrace ips, UInt n_ips
1654 Int i;
1656 vg_assert(n_ips > 0);
1657 if ( ! VG_(clo_show_below_main) ) {
1658 // Search (from the outer frame onwards) the appearance of "main"
1659 // or the last appearance of a below main function.
1660 // Then decrease n_ips so as to not call action for the below main
1661 for (i = n_ips - 1; i >= 0; i--) {
1662 Vg_FnNameKind kind = VG_(get_fnname_kind_from_IP)(ep, ips[i]);
1663 if (Vg_FnNameMain == kind || Vg_FnNameBelowMain == kind)
1664 n_ips = i + 1;
1665 if (Vg_FnNameMain == kind)
1666 break;
1670 for (i = 0; i < n_ips; i++)
1671 // Act on the ip
1672 action(i, ep, ips[i], opaque);
1676 /*--------------------------------------------------------------------*/
1677 /*--- end ---*/
1678 /*--------------------------------------------------------------------*/