2 /*--------------------------------------------------------------------*/
3 /*--- Take snapshots of client stacks. m_stacktrace.c ---*/
4 /*--------------------------------------------------------------------*/
7 This file is part of Valgrind, a dynamic binary instrumentation
10 Copyright (C) 2000-2017 Julian Seward
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, see <http://www.gnu.org/licenses/>.
26 The GNU General Public License is contained in the file COPYING.
29 #include "pub_core_basics.h"
30 #include "pub_core_vki.h"
31 #include "pub_core_threadstate.h"
32 #include "pub_core_debuginfo.h" // XXX: circular dependency
33 #include "pub_core_aspacemgr.h" // For VG_(is_addressable)()
34 #include "pub_core_libcbase.h"
35 #include "pub_core_libcassert.h"
36 #include "pub_core_libcprint.h"
37 #include "pub_core_machine.h"
38 #include "pub_core_options.h"
39 #include "pub_core_stacks.h" // VG_(stack_limits)
40 #include "pub_core_stacktrace.h"
41 #include "pub_core_syswrap.h" // VG_(is_in_syscall)
42 #include "pub_core_xarray.h"
43 #include "pub_core_clientstate.h" // VG_(client__dl_sysinfo_int80)
44 #include "pub_core_trampoline.h"
47 /*------------------------------------------------------------*/
49 /*--- BEGIN platform-dependent unwinder worker functions ---*/
51 /*------------------------------------------------------------*/
53 /* Take a snapshot of the client's stack, putting up to 'max_n_ips'
54 IPs into 'ips'. In order to be thread-safe, we pass in the
55 thread's IP SP, FP if that's meaningful, and LR if that's
56 meaningful. Returns number of IPs put in 'ips'.
58 If you know what the thread ID for this stack is, send that as the
59 first parameter, else send zero. This helps generate better stack
60 traces on ppc64-linux and has no effect on other platforms.
63 /* Do frame merging in the _i frames in _ips array of recursive cycles
64 of up to _nframes. The merge is done during stack unwinding
65 (i.e. in platform specific unwinders) to collect as many
66 "interesting" stack traces as possible. */
67 #define RECURSIVE_MERGE(_nframes,_ips,_i) if (UNLIKELY(_nframes > 0)) \
70 for (dist = 1; dist <= _nframes && dist < (Int)_i; dist++) { \
71 if (_ips[_i-1] == _ips[_i-1-dist]) { \
78 /* Note about calculation of fp_min : fp_min is the lowest address
79 which can be accessed during unwinding. This is SP - VG_STACK_REDZONE_SZB.
80 On most platforms, this will be equal to SP (as VG_STACK_REDZONE_SZB
81 is 0). However, on some platforms (e.g. amd64), there is an accessible
82 redzone below the SP. Some CFI unwind info are generated, taking this
83 into account. As an example, the following is a CFI unwind info on
84 amd64 found for a 'retq' instruction:
85 [0x400f7e .. 0x400f7e]: let cfa=oldSP+8 in RA=*(cfa+-8) SP=cfa+0 BP=*(cfa+-16)
87 As you can see, the previous BP is found 16 bytes below the cfa, which
88 is the oldSP+8. So, effectively, the BP is found 8 bytes below the SP.
89 The fp_min must take this into account, otherwise, VG_(use_CF_info) will
92 /* ------------------------ x86 ------------------------- */
94 #if defined(VGP_x86_linux) || defined(VGP_x86_darwin) \
95 || defined(VGP_x86_solaris)
97 #define N_FP_CF_VERIF 1021
98 // prime number so that size of fp_CF_verif is just below 4K or 8K
99 // Note that this prime nr differs from the one chosen in
100 // m_debuginfo/debuginfo.c for the cfsi cache : in case we have
101 // a collision here between two IPs, we expect to not (often) have the
102 // same collision in the cfsi cache (and vice-versa).
104 // unwinding with fp chain is ok:
106 // there is no CFI info for this IP:
108 // Unwind with FP is not ok, must use CF unwind:
111 static Addr fp_CF_verif_cache
[N_FP_CF_VERIF
];
113 /* An unwind done by following the fp chain technique can be incorrect
114 as not all frames are respecting the standard bp/sp ABI.
115 The CF information is now generated by default by gcc
116 (as part of the dwarf info). However, unwinding using CF information
117 is significantly slower : a slowdown of 20% has been observed
118 on an helgrind test case.
119 So, by default, the unwinding will be done using the fp chain.
120 But before accepting to unwind an IP with fp_chain, the result
121 of the unwind will be checked with the CF information.
122 This check can give 3 results:
123 FPUNWIND (0): there is CF info, and it gives the same result as fp unwind.
124 => it is assumed that future unwind for this IP can be done
125 with the fast fp chain, without further CF checking
126 NOINFO (1): there is no CF info (so, fp unwind is the only do-able thing)
127 CFUNWIND (2): there is CF info, but unwind result differs.
128 => it is assumed that future unwind for this IP must be done
130 Of course, if each fp unwind implies a check done with a CF unwind,
131 it would just be slower => we cache the check result in an
132 array of checked Addr.
133 The check for an IP will be stored at
134 fp_CF_verif_cache[IP % N_FP_CF_VERIF] as one of:
139 Note: we can re-use the last (ROUNDDOWN (log (N_FP_CF_VERIF))) bits
140 to store the check result, as they are guaranteed to be non significant
141 in the comparison between 2 IPs stored in fp_CF_verif_cache).
142 In other words, if two IPs are only differing on the last 2 bits,
143 then they will not land in the same cache bucket.
146 /* cached result of VG_(FPO_info_present)(). Refreshed each time
147 the fp_CF_verif_generation is different of the current debuginfo
149 static Bool FPO_info_present
= False
;
151 static UInt fp_CF_verif_generation
= 0;
152 // Our cache has to be maintained in sync with the CFI cache.
153 // Each time the debuginfo is changed, its generation will be incremented.
154 // We will clear our cache when our saved generation differs from
155 // the debuginfo generation.
157 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
158 /*OUT*/Addr
* ips
, UInt max_n_ips
,
159 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
160 const UnwindStartRegs
* startRegs
,
163 const Bool do_stats
= False
; // compute and output some stats regularly.
165 UInt nr
; // nr of stacktraces computed
166 UInt nf
; // nr of frames computed
167 UInt Ca
; // unwind for which cache indicates CFUnwind must be used.
168 UInt FF
; // unwind for which cache indicates FPUnwind can be used.
169 UInt Cf
; // unwind at end of stack+store CFUNWIND (xip not end of stack).
170 UInt Fw
; // unwind at end of stack+store FPUNWIND
171 UInt FO
; // unwind + store FPUNWIND
172 UInt CF
; // unwind + store CFUNWIND. Details below.
173 UInt xi
; UInt xs
; UInt xb
; // register(s) which caused a 'store CFUNWIND'.
174 UInt Ck
; // unwind fp invalid+store FPUNWIND
175 UInt MS
; // microsoft unwind
178 const Bool debug
= False
;
179 // = VG_(debugLog_getLevel) () > 3;
181 // = stats.nr >= 123456;
182 const HChar
* unwind_case
; // used when debug is True.
183 // Debugging this function is not straightforward.
184 // Here is the easiest way I have found:
185 // 1. Change the above to True.
186 // 2. Start your program under Valgrind with --tool=none --vgdb-error=0
187 // 3. Use GDB/vgdb to put a breakpoint where you want to debug the stacktrace
188 // 4. Continue till breakpoint is encountered
189 // 5. From GDB, use 'monitor v.info scheduler' and examine the unwind traces.
190 // You might have to do twice 'monitor v.info scheduler' to see
191 // the effect of caching the results of the verification.
192 // You can also modify the debug dynamically using by using
193 // 'monitor v.set debuglog 4.
198 const Int cmrf
= VG_(clo_merge_recursive_frames
);
200 vg_assert(sizeof(Addr
) == sizeof(UWord
));
201 vg_assert(sizeof(Addr
) == sizeof(void*));
203 D3UnwindRegs fpverif_uregs
; // result of CF unwind for a check reason.
204 Addr xip_verified
= 0; // xip for which we have calculated fpverif_uregs
205 // 0 assigned to silence false positive -Wuninitialized warning
206 // This is a false positive as xip_verified is assigned when
207 // xip_verif > CFUNWIND and only used if xip_verif > CFUNWIND.
210 uregs
.xip
= (Addr
)startRegs
->r_pc
;
211 uregs
.xsp
= (Addr
)startRegs
->r_sp
;
212 uregs
.xbp
= startRegs
->misc
.X86
.r_ebp
;
213 Addr fp_min
= uregs
.xsp
- VG_STACK_REDZONE_SZB
;
215 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
216 stopping when the trail goes cold, which we guess to be
217 when FP is not a reasonable stack location. */
219 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
220 // current page, at least. Dunno if it helps.
221 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
222 fp_max
= VG_PGROUNDUP(fp_max_orig
);
223 if (fp_max
>= sizeof(Addr
))
224 fp_max
-= sizeof(Addr
);
227 VG_(printf
)("max_n_ips=%u fp_min=0x%08lx fp_max_orig=0x08%lx, "
228 "fp_max=0x%08lx ip=0x%08lx fp=0x%08lx\n",
229 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
230 uregs
.xip
, uregs
.xbp
);
232 /* Assertion broken before main() is reached in pthreaded programs; the
233 * offending stack traces only have one item. --njn, 2002-aug-16 */
234 /* vg_assert(fp_min <= fp_max);*/
235 // On Darwin, this kicks in for pthread-related stack traces, so they're
236 // only 1 entry long which is wrong.
237 # if defined(VGO_linux)
238 if (fp_min
+ 512 >= fp_max
) {
239 /* If the stack limits look bogus, don't poke around ... but
240 don't bomb out either. */
241 # elif defined(VGO_solaris)
243 /* VG_(get_StackTrace)() can be called by tools very early when
244 various tracing options are enabled. Don't proceed further
245 if the stack limits look bogus.
248 # if defined(VGO_linux) || defined(VGO_solaris)
249 if (sps
) sps
[0] = uregs
.xsp
;
250 if (fps
) fps
[0] = uregs
.xbp
;
256 if (UNLIKELY (fp_CF_verif_generation
!= VG_(debuginfo_generation
)())) {
257 fp_CF_verif_generation
= VG_(debuginfo_generation
)();
258 VG_(memset
)(&fp_CF_verif_cache
, 0, sizeof(fp_CF_verif_cache
));
259 FPO_info_present
= VG_(FPO_info_present
)();
263 /* Loop unwinding the stack. Note that the IP value we get on
264 * each pass (whether from CFI info or a stack frame) is a
265 * return address so is actually after the calling instruction
266 * in the calling function.
268 * Because of this we subtract one from the IP after each pass
269 * of the loop so that we find the right CFI block on the next
270 * pass - otherwise we can find the wrong CFI info if it happens
271 * to change after the calling instruction and that will mean
272 * that we will fail to unwind the next step.
274 * This most frequently happens at the end of a function when
275 * a tail call occurs and we wind up using the CFI info for the
276 * next function which is completely wrong.
278 if (sps
) sps
[0] = uregs
.xsp
;
279 if (fps
) fps
[0] = uregs
.xbp
;
282 if (do_stats
) stats
.nr
++;
289 UWord hash
= uregs
.xip
% N_FP_CF_VERIF
;
290 Addr xip_verif
= uregs
.xip
^ fp_CF_verif_cache
[hash
];
292 VG_(printf
)(" uregs.xip 0x%08lx xip_verif[0x%08lx]"
293 " xbp 0x%08lx xsp 0x%08lx\n",
294 uregs
.xip
, xip_verif
,
295 uregs
.xbp
, uregs
.xsp
);
296 // If xip is in cache, then xip_verif will be <= CFUNWIND.
297 // Otherwise, if not in cache, xip_verif will be > CFUNWIND.
299 /* Try to derive a new (ip,sp,fp) triple from the current set. */
301 /* Do we have to do CFI unwinding ?
302 We do CFI unwinding if one of the following condition holds:
303 a. fp_CF_verif_cache contains xip but indicates CFUNWIND must
304 be done (i.e. fp unwind check failed when we did the first
306 b. fp_CF_verif_cache does not contain xip.
307 We will try CFI unwinding in fpverif_uregs and compare with
308 FP unwind result to insert xip in the cache with the correct
310 if (UNLIKELY(xip_verif
>= CFUNWIND
)) {
311 if (xip_verif
== CFUNWIND
) {
312 /* case a : do "real" cfi unwind */
313 if ( VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
) ) {
314 if (debug
) unwind_case
= "Ca";
315 if (do_stats
) stats
.Ca
++;
318 /* ??? cache indicates we have to do CFI unwind (so, we
319 previously found CFI info, and failed the fp unwind
320 check). Now, we just failed with CFI. So, once we
321 succeed, once we fail. No idea what is going on =>
322 cleanup the cache entry and fallover to fp unwind (this
324 fp_CF_verif_cache
[hash
] = 0;
325 if (debug
) VG_(printf
)(" cache reset as CFI ok then nok\n");
329 /* case b : do "verif" cfi unwind in fpverif_uregs */
330 fpverif_uregs
= uregs
;
331 xip_verified
= uregs
.xip
;
332 if ( !VG_(use_CF_info
)( &fpverif_uregs
, fp_min
, fp_max
) ) {
333 fp_CF_verif_cache
[hash
] = uregs
.xip
^ NOINFO
;
334 if (debug
) VG_(printf
)(" cache NOINFO fpverif_uregs\n");
340 /* On x86, try the old-fashioned method of following the
341 %ebp-chain. This can be done if the fp_CF_verif_cache for xip
342 indicate fp unwind is ok. This must be done if the cache indicates
343 there is no info. This is also done to confirm what to put in the cache
344 if xip was not in the cache. */
345 /* This deals with frames resulting from functions which begin "pushl%
346 ebp ; movl %esp, %ebp" which is the ABI-mandated preamble. */
347 if (fp_min
<= uregs
.xbp
&&
348 uregs
.xbp
<= fp_max
- 1 * sizeof(UWord
)/*see comment below*/ &&
349 VG_IS_4_ALIGNED(uregs
.xbp
))
353 /* fp looks sane, so use it. */
354 uregs
.xip
= (((UWord
*)uregs
.xbp
)[1]);
355 // We stop if we hit a zero (the traditional end-of-stack
356 // marker) or a one -- these correspond to recorded IPs of 0 or -1.
357 // The latter because r8818 (in this file) changes the meaning of
358 // entries [1] and above in a stack trace, by subtracting 1 from
359 // them. Hence stacks that used to end with a zero value now end in
360 // -1 and so we must detect that too.
361 if (0 == uregs
.xip
|| 1 == uregs
.xip
) {
362 if (xip_verif
> CFUNWIND
) {
363 // Check if we obtain the same result with fp unwind.
364 // If same result, then mark xip as fp unwindable
365 if (uregs
.xip
== fpverif_uregs
.xip
) {
366 fp_CF_verif_cache
[hash
] = xip_verified
^ FPUNWIND
;
367 if (debug
) VG_(printf
)(" cache FPUNWIND 0\n");
369 if (do_stats
) stats
.Fw
++;
372 fp_CF_verif_cache
[hash
] = xip_verified
^ CFUNWIND
;
373 uregs
= fpverif_uregs
;
374 if (debug
) VG_(printf
)(" cache CFUNWIND 0\n");
376 if (do_stats
) stats
.Cf
++;
380 // end of stack => out of the loop.
386 uregs
.xsp
= uregs
.xbp
+ sizeof(Addr
) /*saved %ebp*/
387 + sizeof(Addr
) /*ra*/;
388 uregs
.xbp
= (((UWord
*)uregs
.xbp
)[0]);
389 if (xip_verif
> CFUNWIND
) {
390 if (uregs
.xip
== fpverif_uregs
.xip
391 && uregs
.xsp
== fpverif_uregs
.xsp
392 && uregs
.xbp
== fpverif_uregs
.xbp
) {
393 fp_CF_verif_cache
[hash
] = xip_verified
^ FPUNWIND
;
394 if (debug
) VG_(printf
)(" cache FPUNWIND >2\n");
395 if (debug
) unwind_case
= "FO";
396 if (do_stats
) stats
.FO
++;
397 if (old_xsp
>= uregs
.xsp
) {
399 VG_(printf
) (" FO end of stack old_xsp %p >= xsp %p\n",
400 (void*)old_xsp
, (void*)uregs
.xsp
);
404 fp_CF_verif_cache
[hash
] = xip_verified
^ CFUNWIND
;
405 if (debug
) VG_(printf
)(" cache CFUNWIND >2\n");
406 if (do_stats
&& uregs
.xip
!= fpverif_uregs
.xip
) stats
.xi
++;
407 if (do_stats
&& uregs
.xsp
!= fpverif_uregs
.xsp
) stats
.xs
++;
408 if (do_stats
&& uregs
.xbp
!= fpverif_uregs
.xbp
) stats
.xb
++;
409 uregs
= fpverif_uregs
;
410 if (debug
) unwind_case
= "CF";
411 if (do_stats
) stats
.CF
++;
414 if (debug
) unwind_case
= "FF";
415 if (do_stats
) stats
.FF
++;
416 if (old_xsp
>= uregs
.xsp
) {
418 VG_(printf
) (" FF end of stack old_xsp %p >= xsp %p\n",
419 (void*)old_xsp
, (void*)uregs
.xsp
);
425 // fp unwind has failed.
426 // If we were checking the validity of the cfi unwinding,
427 // we mark in the cache that the fp unwind cannot be done, and that
428 // cfi unwind is desired.
429 if (xip_verif
> CFUNWIND
) {
430 // We know that fpverif_uregs contains valid information,
431 // as a failed cf unwind would have put NOINFO in xip_verif.
432 fp_CF_verif_cache
[hash
] = xip_verified
^ CFUNWIND
;
433 if (debug
) VG_(printf
)(" cache CFUNWIND as fp failed\n");
434 uregs
= fpverif_uregs
;
435 if (debug
) unwind_case
= "Ck";
436 if (do_stats
) stats
.Ck
++;
439 // xip_verif is FPUNWIND or NOINFO.
440 // We failed the cfi unwind and/or the fp unwind.
441 // => fallback to FPO info.
444 /* And, similarly, try for MSVC FPO unwind info. */
446 && VG_(use_FPO_info
)( &uregs
.xip
, &uregs
.xsp
, &uregs
.xbp
,
447 VG_(current_DiEpoch
)(),
449 if (debug
) unwind_case
= "MS";
450 if (do_stats
) stats
.MS
++;
454 /* No luck. We have to give up. */
458 /* Add a frame in ips/sps/fps */
459 /* fp is %ebp. sp is %esp. ip is %eip. */
460 if (0 == uregs
.xip
|| 1 == uregs
.xip
) break;
461 if (sps
) sps
[i
] = uregs
.xsp
;
462 if (fps
) fps
[i
] = uregs
.xbp
;
463 ips
[i
++] = uregs
.xip
- 1;
464 /* -1: refer to calling insn, not the RA */
466 VG_(printf
)(" ips%s[%d]=0x%08lx\n", unwind_case
, i
-1, ips
[i
-1]);
467 uregs
.xip
= uregs
.xip
- 1;
468 /* as per comment at the head of this loop */
469 RECURSIVE_MERGE(cmrf
,ips
,i
);
472 if (do_stats
) stats
.nf
+= i
;
473 if (do_stats
&& stats
.nr
% 10000 == 0) {
474 VG_(printf
)("nr %u nf %u "
478 "CF %u (xi %u xs %u xb %u) "
484 stats
.CF
, stats
.xi
, stats
.xs
, stats
.xb
,
498 /* ----------------------- amd64 ------------------------ */
500 #if defined(VGP_amd64_linux) || defined(VGP_amd64_darwin) \
501 || defined(VGP_amd64_solaris)
503 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
504 /*OUT*/Addr
* ips
, UInt max_n_ips
,
505 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
506 const UnwindStartRegs
* startRegs
,
509 const Bool debug
= False
;
513 const Int cmrf
= VG_(clo_merge_recursive_frames
);
515 vg_assert(sizeof(Addr
) == sizeof(UWord
));
516 vg_assert(sizeof(Addr
) == sizeof(void*));
519 uregs
.xip
= startRegs
->r_pc
;
520 uregs
.xsp
= startRegs
->r_sp
;
521 uregs
.xbp
= startRegs
->misc
.AMD64
.r_rbp
;
522 Addr fp_min
= uregs
.xsp
- VG_STACK_REDZONE_SZB
;
524 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
525 stopping when the trail goes cold, which we guess to be
526 when FP is not a reasonable stack location. */
528 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
529 // current page, at least. Dunno if it helps.
530 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
531 fp_max
= VG_PGROUNDUP(fp_max_orig
);
532 if (fp_max
>= sizeof(Addr
))
533 fp_max
-= sizeof(Addr
);
536 VG_(printf
)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
537 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
538 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
539 uregs
.xip
, uregs
.xbp
);
541 /* Assertion broken before main() is reached in pthreaded programs; the
542 * offending stack traces only have one item. --njn, 2002-aug-16 */
543 /* vg_assert(fp_min <= fp_max);*/
544 // On Darwin, this kicks in for pthread-related stack traces, so they're
545 // only 1 entry long which is wrong.
546 # if defined(VGO_linux)
547 if (fp_min
+ 256 >= fp_max
) {
548 /* If the stack limits look bogus, don't poke around ... but
549 don't bomb out either. */
550 # elif defined(VGO_solaris)
552 /* VG_(get_StackTrace)() can be called by tools very early when
553 various tracing options are enabled. Don't proceed further
554 if the stack limits look bogus.
557 # if defined(VGO_linux) || defined(VGO_solaris)
559 if (sps
) sps
[0] = uregs
.xsp
;
560 if (fps
) fps
[0] = uregs
.xbp
;
566 /* fp is %rbp. sp is %rsp. ip is %rip. */
569 if (sps
) sps
[0] = uregs
.xsp
;
570 if (fps
) fps
[0] = uregs
.xbp
;
573 VG_(printf
)(" ipsS[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
574 i
-1, ips
[i
-1], uregs
.xbp
, uregs
.xsp
);
576 # if defined(VGO_darwin)
577 if (VG_(is_valid_tid
)(tid_if_known
) &&
578 VG_(is_in_syscall
)(tid_if_known
) &&
580 /* On Darwin, all the system call stubs have no function
581 * prolog. So instead of top of the stack being a new
582 * frame comprising a saved BP and a return address, we
583 * just have the return address in the caller's frame.
584 * Adjust for this by recording the return address.
586 ips
[i
] = *(Addr
*)uregs
.xsp
- 1;
587 if (sps
) sps
[i
] = uregs
.xsp
;
588 if (fps
) fps
[i
] = uregs
.xbp
;
593 /* Loop unwinding the stack. Note that the IP value we get on
594 * each pass (whether from CFI info or a stack frame) is a
595 * return address so is actually after the calling instruction
596 * in the calling function.
598 * Because of this we subtract one from the IP after each pass
599 * of the loop so that we find the right CFI block on the next
600 * pass - otherwise we can find the wrong CFI info if it happens
601 * to change after the calling instruction and that will mean
602 * that we will fail to unwind the next step.
604 * This most frequently happens at the end of a function when
605 * a tail call occurs and we wind up using the CFI info for the
606 * next function which is completely wrong.
616 /* Try to derive a new (ip,sp,fp) triple from the current set. */
618 /* First off, see if there is any CFI info to hand which can
620 if ( VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
) ) {
621 if (0 == uregs
.xip
|| 1 == uregs
.xip
) break;
622 if (old_xsp
>= uregs
.xsp
) {
624 VG_(printf
) (" CF end of stack old_xsp %p >= xsp %p\n",
625 (void*)old_xsp
, (void*)uregs
.xsp
);
628 if (sps
) sps
[i
] = uregs
.xsp
;
629 if (fps
) fps
[i
] = uregs
.xbp
;
630 ips
[i
++] = uregs
.xip
- 1; /* -1: refer to calling insn, not the RA */
632 VG_(printf
)(" ipsC[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
633 i
-1, ips
[i
-1], uregs
.xbp
, uregs
.xsp
);
634 uregs
.xip
= uregs
.xip
- 1; /* as per comment at the head of this loop */
635 RECURSIVE_MERGE(cmrf
,ips
,i
);
639 /* If VG_(use_CF_info) fails, it won't modify ip/sp/fp, so
640 we can safely try the old-fashioned method. */
641 /* This bit is supposed to deal with frames resulting from
642 functions which begin "pushq %rbp ; movq %rsp, %rbp".
643 Unfortunately, since we can't (easily) look at the insns at
644 the start of the fn, like GDB does, there's no reliable way
645 to tell. Hence the hack of first trying out CFI, and if that
646 fails, then use this as a fallback. */
647 /* Note: re "- 1 * sizeof(UWord)", need to take account of the
648 fact that we are prodding at & ((UWord*)fp)[1] and so need to
649 adjust the limit check accordingly. Omitting this has been
650 observed to cause segfaults on rare occasions. */
651 if (fp_min
<= uregs
.xbp
&& uregs
.xbp
<= fp_max
- 1 * sizeof(UWord
)) {
652 /* fp looks sane, so use it. */
653 uregs
.xip
= (((UWord
*)uregs
.xbp
)[1]);
654 if (0 == uregs
.xip
|| 1 == uregs
.xip
) break;
655 uregs
.xsp
= uregs
.xbp
+ sizeof(Addr
) /*saved %rbp*/
656 + sizeof(Addr
) /*ra*/;
657 if (old_xsp
>= uregs
.xsp
) {
659 VG_(printf
) (" FF end of stack old_xsp %p >= xsp %p\n",
660 (void*)old_xsp
, (void*)uregs
.xsp
);
663 uregs
.xbp
= (((UWord
*)uregs
.xbp
)[0]);
664 if (sps
) sps
[i
] = uregs
.xsp
;
665 if (fps
) fps
[i
] = uregs
.xbp
;
666 ips
[i
++] = uregs
.xip
- 1; /* -1: refer to calling insn, not the RA */
668 VG_(printf
)(" ipsF[%d]=%#08lx rbp %#08lx rsp %#08lx\n",
669 i
-1, ips
[i
-1], uregs
.xbp
, uregs
.xsp
);
670 uregs
.xip
= uregs
.xip
- 1; /* as per comment at the head of this loop */
671 RECURSIVE_MERGE(cmrf
,ips
,i
);
675 /* Last-ditch hack (evidently GDB does something similar). We
676 are in the middle of nowhere and we have a nonsense value for
677 the frame pointer. If the stack pointer is still valid,
678 assume that what it points at is a return address. Yes,
679 desperate measures. Could do better here:
680 - check that the supposed return address is in
682 - check that the supposed return address is just after a call insn
683 - given those two checks, don't just consider *sp as the return
684 address; instead scan a likely section of stack (eg sp .. sp+256)
685 and use suitable values found there.
687 if (fp_min
<= uregs
.xsp
&& uregs
.xsp
< fp_max
) {
688 uregs
.xip
= ((UWord
*)uregs
.xsp
)[0];
689 if (0 == uregs
.xip
|| 1 == uregs
.xip
) break;
690 if (sps
) sps
[i
] = uregs
.xsp
;
691 if (fps
) fps
[i
] = uregs
.xbp
;
692 ips
[i
++] = uregs
.xip
== 0
693 ? 0 /* sp[0] == 0 ==> stuck at the bottom of a
696 /* -1: refer to calling insn, not the RA */
698 VG_(printf
)(" ipsH[%d]=%#08lx\n", i
-1, ips
[i
-1]);
699 uregs
.xip
= uregs
.xip
- 1; /* as per comment at the head of this loop */
701 RECURSIVE_MERGE(cmrf
,ips
,i
);
705 /* No luck at all. We have to give up. */
715 /* -----------------------ppc32/64 ---------------------- */
717 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \
718 || defined(VGP_ppc64le_linux)
720 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
721 /*OUT*/Addr
* ips
, UInt max_n_ips
,
722 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
723 const UnwindStartRegs
* startRegs
,
726 Bool lr_is_first_RA
= False
;
727 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
728 Word redir_stack_size
= 0;
729 Word redirs_used
= 0;
731 const Int cmrf
= VG_(clo_merge_recursive_frames
);
732 const DiEpoch cur_ep
= VG_(current_DiEpoch
)();
739 vg_assert(sizeof(Addr
) == sizeof(UWord
));
740 vg_assert(sizeof(Addr
) == sizeof(void*));
742 Addr ip
= (Addr
)startRegs
->r_pc
;
743 Addr sp
= (Addr
)startRegs
->r_sp
;
745 # if defined(VGP_ppc32_linux)
746 Addr lr
= startRegs
->misc
.PPC32
.r_lr
;
747 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
748 Addr lr
= startRegs
->misc
.PPC64
.r_lr
;
750 Addr fp_min
= sp
- VG_STACK_REDZONE_SZB
;
752 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
753 stopping when the trail goes cold, which we guess to be
754 when FP is not a reasonable stack location. */
756 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
757 // current page, at least. Dunno if it helps.
758 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
759 fp_max
= VG_PGROUNDUP(fp_max_orig
);
760 if (fp_max
>= sizeof(Addr
))
761 fp_max
-= sizeof(Addr
);
764 VG_(printf
)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
765 "fp_max=0x%lx ip=0x%lx fp=0x%lx\n",
766 max_n_ips
, fp_min
, fp_max_orig
, fp_max
, ip
, fp
);
768 /* Assertion broken before main() is reached in pthreaded programs; the
769 * offending stack traces only have one item. --njn, 2002-aug-16 */
770 /* vg_assert(fp_min <= fp_max);*/
771 if (fp_min
+ 512 >= fp_max
) {
772 /* If the stack limits look bogus, don't poke around ... but
773 don't bomb out either. */
774 if (sps
) sps
[0] = sp
;
775 if (fps
) fps
[0] = fp
;
780 /* fp is %r1. ip is %cia. Note, ppc uses r1 as both the stack and
783 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
784 redir_stack_size
= VEX_GUEST_PPC64_REDIR_STACK_SIZE
;
788 # if defined(VG_PLAT_USES_PPCTOC) || defined (VGP_ppc64le_linux)
789 /* Deal with bogus LR values caused by function
790 interception/wrapping on ppc-TOC platforms; see comment on
791 similar code a few lines further down. */
792 if (lr
== (Addr
)&VG_(ppctoc_magic_redirect_return_stub
)
793 && VG_(is_valid_tid
)(tid_if_known
)) {
794 Word hsp
= VG_(threads
)[tid_if_known
].arch
.vex
.guest_REDIR_SP
;
796 if (hsp
>= 1 && hsp
< redir_stack_size
)
797 lr
= VG_(threads
)[tid_if_known
]
798 .arch
.vex
.guest_REDIR_STACK
[hsp
-1];
802 /* We have to determine whether or not LR currently holds this fn
803 (call it F)'s return address. It might not if F has previously
804 called some other function, hence overwriting LR with a pointer
805 to some part of F. Hence if LR and IP point to the same
806 function then we conclude LR does not hold this function's
807 return address; instead the LR at entry must have been saved in
808 the stack by F's prologue and so we must get it from there
809 instead. Note all this guff only applies to the innermost
811 lr_is_first_RA
= False
;
813 const HChar
*buf_lr
, *buf_ip
;
814 /* The following conditional looks grossly inefficient and
815 surely could be majorly improved, with not much effort. */
816 if (VG_(get_fnname_raw
) (cur_ep
, lr
, &buf_lr
)) {
817 HChar buf_lr_copy
[VG_(strlen
)(buf_lr
) + 1];
818 VG_(strcpy
)(buf_lr_copy
, buf_lr
);
819 if (VG_(get_fnname_raw
) (cur_ep
, ip
, &buf_ip
))
820 if (VG_(strcmp
)(buf_lr_copy
, buf_ip
))
821 lr_is_first_RA
= True
;
825 if (sps
) sps
[0] = fp
; /* NB. not sp */
826 if (fps
) fps
[0] = fp
;
830 if (fp_min
<= fp
&& fp
< fp_max
-VG_WORDSIZE
+1) {
832 /* initial FP is sane; keep going */
833 fp
= (((UWord
*)fp
)[0]);
837 /* On ppc64-linux (ppc64-elf, really), the lr save
838 slot is 2 words back from sp, whereas on ppc32-elf(?) it's
839 only one word back. */
840 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
841 const Int lr_offset
= 2;
843 const Int lr_offset
= 1;
849 /* Try to derive a new (ip,fp) pair from the current set. */
851 if (fp_min
<= fp
&& fp
<= fp_max
- lr_offset
* sizeof(UWord
)) {
852 /* fp looks sane, so use it. */
854 if (i
== 1 && lr_is_first_RA
)
857 ip
= (((UWord
*)fp
)[lr_offset
]);
859 # if defined(VG_PLAT_USES_PPCTOC) || defined(VGP_ppc64le_linux)
860 /* Nasty hack to do with function replacement/wrapping on
861 ppc64-linux. If LR points to our magic return stub,
862 then we are in a wrapped or intercepted function, in
863 which LR has been messed with. The original LR will
864 have been pushed onto the thread's hidden REDIR stack
865 one down from the top (top element is the saved R2) and
866 so we should restore the value from there instead.
867 Since nested redirections can and do happen, we keep
868 track of the number of nested LRs used by the unwinding
869 so far with 'redirs_used'. */
870 if (ip
== (Addr
)&VG_(ppctoc_magic_redirect_return_stub
)
871 && VG_(is_valid_tid
)(tid_if_known
)) {
872 Word hsp
= VG_(threads
)[tid_if_known
]
873 .arch
.vex
.guest_REDIR_SP
;
874 hsp
-= 2 * redirs_used
;
876 if (hsp
>= 1 && hsp
< redir_stack_size
)
877 ip
= VG_(threads
)[tid_if_known
]
878 .arch
.vex
.guest_REDIR_STACK
[hsp
-1];
882 if (0 == ip
|| 1 == ip
) break;
883 if (sps
) sps
[i
] = fp
; /* NB. not sp */
884 if (fps
) fps
[i
] = fp
;
885 fp
= (((UWord
*)fp
)[0]);
886 ips
[i
++] = ip
- 1; /* -1: refer to calling insn, not the RA */
888 VG_(printf
)(" ipsF[%d]=%#08lx\n", i
-1, ips
[i
-1]);
889 ip
= ip
- 1; /* ip is probably dead at this point, but
890 play safe, a la x86/amd64 above. See
891 extensive comments above. */
892 RECURSIVE_MERGE(cmrf
,ips
,i
);
896 /* No luck there. We have to give up. */
907 /* ------------------------ arm ------------------------- */
909 #if defined(VGP_arm_linux)
911 static Bool
in_same_fn ( Addr a1
, Addr a2
)
913 const HChar
*buf_a1
, *buf_a2
;
914 /* The following conditional looks grossly inefficient and
915 surely could be majorly improved, with not much effort. */
916 const DiEpoch cur_ep
= VG_(current_DiEpoch
)();
917 if (VG_(get_fnname_raw
) (cur_ep
, a1
, &buf_a1
)) {
918 HChar buf_a1_copy
[VG_(strlen
)(buf_a1
) + 1];
919 VG_(strcpy
)(buf_a1_copy
, buf_a1
);
920 if (VG_(get_fnname_raw
) (cur_ep
, a2
, &buf_a2
))
921 if (VG_(strcmp
)(buf_a1_copy
, buf_a2
))
927 static Bool
in_same_page ( Addr a1
, Addr a2
) {
928 return (a1
& ~0xFFF) == (a2
& ~0xFFF);
931 static Addr
abs_diff ( Addr a1
, Addr a2
) {
932 return (Addr
)(a1
> a2
? a1
- a2
: a2
- a1
);
935 static Bool
has_XT_perms ( Addr a
)
937 NSegment
const* seg
= VG_(am_find_nsegment
)(a
);
938 return seg
&& seg
->hasX
&& seg
->hasT
;
941 static Bool
looks_like_Thumb_call32 ( UShort w0
, UShort w1
)
944 VG_(printf
)("isT32call %04x %04x\n", (UInt
)w0
, (UInt
)w1
);
946 if ((w0
& 0xF800) == 0xF000 && (w1
& 0xC000) == 0xC000) return True
;
948 if ((w0
& 0xF800) == 0xF000 && (w1
& 0xC000) == 0xC000) return True
;
952 static Bool
looks_like_Thumb_call16 ( UShort w0
)
957 static Bool
looks_like_ARM_call ( UInt a0
)
960 VG_(printf
)("isA32call %08x\n", a0
);
961 // Leading E forces unconditional only -- fix
962 if ((a0
& 0xFF000000) == 0xEB000000) return True
;
966 static Bool
looks_like_RA ( Addr ra
)
968 /* 'ra' is a plausible return address if it points to
969 an instruction after a call insn. */
972 // returning to Thumb code
975 if (has_XT_perms(ra
)) {
976 UShort w0
= *(UShort
*)ra
;
977 UShort w1
= in_same_page(ra
, ra
+2) ? *(UShort
*)(ra
+2) : 0;
978 if (looks_like_Thumb_call16(w1
) || looks_like_Thumb_call32(w0
,w1
))
985 if (has_XT_perms(ra
)) {
986 UInt a0
= *(UInt
*)ra
;
987 if (looks_like_ARM_call(a0
))
994 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
995 /*OUT*/Addr
* ips
, UInt max_n_ips
,
996 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
997 const UnwindStartRegs
* startRegs
,
1004 const Int cmrf
= VG_(clo_merge_recursive_frames
);
1006 vg_assert(sizeof(Addr
) == sizeof(UWord
));
1007 vg_assert(sizeof(Addr
) == sizeof(void*));
1010 uregs
.r15
= startRegs
->r_pc
& 0xFFFFFFFE;
1011 uregs
.r14
= startRegs
->misc
.ARM
.r14
;
1012 uregs
.r13
= startRegs
->r_sp
;
1013 uregs
.r12
= startRegs
->misc
.ARM
.r12
;
1014 uregs
.r11
= startRegs
->misc
.ARM
.r11
;
1015 uregs
.r7
= startRegs
->misc
.ARM
.r7
;
1016 Addr fp_min
= uregs
.r13
- VG_STACK_REDZONE_SZB
;
1018 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1019 stopping when the trail goes cold, which we guess to be
1020 when FP is not a reasonable stack location. */
1022 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1023 // current page, at least. Dunno if it helps.
1024 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1025 fp_max
= VG_PGROUNDUP(fp_max_orig
);
1026 if (fp_max
>= sizeof(Addr
))
1027 fp_max
-= sizeof(Addr
);
1030 VG_(printf
)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1031 "fp_max=0x%lx r15=0x%lx r13=0x%lx\n",
1032 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
1033 uregs
.r15
, uregs
.r13
);
1035 /* Assertion broken before main() is reached in pthreaded programs; the
1036 * offending stack traces only have one item. --njn, 2002-aug-16 */
1037 /* vg_assert(fp_min <= fp_max);*/
1038 // On Darwin, this kicks in for pthread-related stack traces, so they're
1039 // only 1 entry long which is wrong.
1040 if (fp_min
+ 512 >= fp_max
) {
1041 /* If the stack limits look bogus, don't poke around ... but
1042 don't bomb out either. */
1043 if (sps
) sps
[0] = uregs
.r13
;
1044 if (fps
) fps
[0] = 0;
1051 if (sps
) sps
[0] = uregs
.r13
;
1052 if (fps
) fps
[0] = 0;
1056 /* Loop unwinding the stack. */
1057 Bool do_stack_scan
= False
;
1059 /* First try the Official Way, using Dwarf CFI. */
1062 VG_(printf
)("i: %d, r15: 0x%lx, r13: 0x%lx\n",
1063 i
, uregs
.r15
, uregs
.r13
);
1069 if (VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
)) {
1070 if (sps
) sps
[i
] = uregs
.r13
;
1071 if (fps
) fps
[i
] = 0;
1072 ips
[i
++] = (uregs
.r15
& 0xFFFFFFFE) - 1;
1074 VG_(printf
)("USING CFI: r15: 0x%lx, r13: 0x%lx\n",
1075 uregs
.r15
, uregs
.r13
);
1076 uregs
.r15
= (uregs
.r15
& 0xFFFFFFFE) - 1;
1077 RECURSIVE_MERGE(cmrf
,ips
,i
);
1081 /* No luck. We have to give up. */
1082 do_stack_scan
= True
;
1086 /* Now try Plan B (maybe) -- stack scanning. This often gives
1087 pretty bad results, so this has to be enabled explicitly by the
1090 && i
< max_n_ips
&& i
< (Int
)VG_(clo_unw_stack_scan_thresh
)) {
1091 Int nByStackScan
= 0;
1092 Addr lr
= uregs
.r14
;
1093 Addr sp
= uregs
.r13
& ~3;
1094 Addr pc
= uregs
.r15
;
1095 // First see if LR contains
1096 // something that could be a valid return address.
1097 if (!in_same_fn(lr
, pc
) && looks_like_RA(lr
)) {
1098 // take it only if 'cand' isn't obviously a duplicate
1099 // of the last found IP value
1100 Addr cand
= (lr
& 0xFFFFFFFE) - 1;
1101 if (abs_diff(cand
, ips
[i
-1]) > 1) {
1102 if (sps
) sps
[i
] = 0;
1103 if (fps
) fps
[i
] = 0;
1105 RECURSIVE_MERGE(cmrf
,ips
,i
);
1109 while (in_same_page(sp
, uregs
.r13
)) {
1112 // we're in the same page; fairly safe to keep going
1113 UWord w
= *(UWord
*)(sp
& ~0x3);
1114 if (looks_like_RA(w
)) {
1115 Addr cand
= (w
& 0xFFFFFFFE) - 1;
1116 // take it only if 'cand' isn't obviously a duplicate
1117 // of the last found IP value
1118 if (abs_diff(cand
, ips
[i
-1]) > 1) {
1119 if (sps
) sps
[i
] = 0;
1120 if (fps
) fps
[i
] = 0;
1122 RECURSIVE_MERGE(cmrf
,ips
,i
);
1123 if (++nByStackScan
>= VG_(clo_unw_stack_scan_frames
)) break;
1136 /* ------------------------ arm64 ------------------------- */
1138 #if defined(VGP_arm64_linux)
1140 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
1141 /*OUT*/Addr
* ips
, UInt max_n_ips
,
1142 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
1143 const UnwindStartRegs
* startRegs
,
1150 const Int cmrf
= VG_(clo_merge_recursive_frames
);
1152 vg_assert(sizeof(Addr
) == sizeof(UWord
));
1153 vg_assert(sizeof(Addr
) == sizeof(void*));
1156 uregs
.pc
= startRegs
->r_pc
;
1157 uregs
.sp
= startRegs
->r_sp
;
1158 uregs
.x30
= startRegs
->misc
.ARM64
.x30
;
1159 uregs
.x29
= startRegs
->misc
.ARM64
.x29
;
1160 Addr fp_min
= uregs
.sp
- VG_STACK_REDZONE_SZB
;
1162 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1163 stopping when the trail goes cold, which we guess to be
1164 when FP is not a reasonable stack location. */
1166 // JRS 2002-sep-17: hack, to round up fp_max to the end of the
1167 // current page, at least. Dunno if it helps.
1168 // NJN 2002-sep-17: seems to -- stack traces look like 1.0.X again
1169 fp_max
= VG_PGROUNDUP(fp_max_orig
);
1170 if (fp_max
>= sizeof(Addr
))
1171 fp_max
-= sizeof(Addr
);
1174 VG_(printf
)("\nmax_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1175 "fp_max=0x%lx PC=0x%lx SP=0x%lx\n",
1176 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
1177 uregs
.pc
, uregs
.sp
);
1179 /* Assertion broken before main() is reached in pthreaded programs; the
1180 * offending stack traces only have one item. --njn, 2002-aug-16 */
1181 /* vg_assert(fp_min <= fp_max);*/
1182 // On Darwin, this kicks in for pthread-related stack traces, so they're
1183 // only 1 entry long which is wrong.
1184 if (fp_min
+ 512 >= fp_max
) {
1185 /* If the stack limits look bogus, don't poke around ... but
1186 don't bomb out either. */
1187 if (sps
) sps
[0] = uregs
.sp
;
1188 if (fps
) fps
[0] = uregs
.x29
;
1195 if (sps
) sps
[0] = uregs
.sp
;
1196 if (fps
) fps
[0] = uregs
.x29
;
1200 /* Loop unwinding the stack, using CFI. */
1203 VG_(printf
)("i: %d, pc: 0x%lx, sp: 0x%lx\n",
1204 i
, uregs
.pc
, uregs
.sp
);
1210 if (VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
)) {
1211 if (sps
) sps
[i
] = uregs
.sp
;
1212 if (fps
) fps
[i
] = uregs
.x29
;
1213 ips
[i
++] = uregs
.pc
- 1;
1215 VG_(printf
)("USING CFI: pc: 0x%lx, sp: 0x%lx\n",
1216 uregs
.pc
, uregs
.sp
);
1217 uregs
.pc
= uregs
.pc
- 1;
1218 RECURSIVE_MERGE(cmrf
,ips
,i
);
1222 /* No luck. We have to give up. */
1232 /* ------------------------ s390x ------------------------- */
1234 #if defined(VGP_s390x_linux)
1236 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
1237 /*OUT*/Addr
* ips
, UInt max_n_ips
,
1238 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
1239 const UnwindStartRegs
* startRegs
,
1246 const Int cmrf
= VG_(clo_merge_recursive_frames
);
1248 vg_assert(sizeof(Addr
) == sizeof(UWord
));
1249 vg_assert(sizeof(Addr
) == sizeof(void*));
1252 uregs
.ia
= startRegs
->r_pc
;
1253 uregs
.sp
= startRegs
->r_sp
;
1254 Addr fp_min
= uregs
.sp
- VG_STACK_REDZONE_SZB
;
1255 uregs
.fp
= startRegs
->misc
.S390X
.r_fp
;
1256 uregs
.lr
= startRegs
->misc
.S390X
.r_lr
;
1257 uregs
.f0
= startRegs
->misc
.S390X
.r_f0
;
1258 uregs
.f1
= startRegs
->misc
.S390X
.r_f1
;
1259 uregs
.f2
= startRegs
->misc
.S390X
.r_f2
;
1260 uregs
.f3
= startRegs
->misc
.S390X
.r_f3
;
1261 uregs
.f4
= startRegs
->misc
.S390X
.r_f4
;
1262 uregs
.f5
= startRegs
->misc
.S390X
.r_f5
;
1263 uregs
.f6
= startRegs
->misc
.S390X
.r_f6
;
1264 uregs
.f7
= startRegs
->misc
.S390X
.r_f7
;
1266 fp_max
= VG_PGROUNDUP(fp_max_orig
);
1267 if (fp_max
>= sizeof(Addr
))
1268 fp_max
-= sizeof(Addr
);
1271 VG_(printf
)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1272 "fp_max=0x%lx IA=0x%lx SP=0x%lx FP=0x%lx\n",
1273 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
1274 uregs
.ia
, uregs
.sp
,uregs
.fp
);
1276 /* The first frame is pretty obvious */
1278 if (sps
) sps
[0] = uregs
.sp
;
1279 if (fps
) fps
[0] = uregs
.fp
;
1282 /* for everything else we have to rely on the eh_frame. gcc defaults to
1283 not create a backchain and all the other tools (like gdb) also have
1289 if (VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
)) {
1290 if (sps
) sps
[i
] = uregs
.sp
;
1291 if (fps
) fps
[i
] = uregs
.fp
;
1292 ips
[i
++] = uregs
.ia
- 1;
1293 uregs
.ia
= uregs
.ia
- 1;
1294 RECURSIVE_MERGE(cmrf
,ips
,i
);
1297 /* A problem on the first frame? Lets assume it was a bad jump.
1298 We will use the link register and the current stack and frame
1299 pointers and see if we can use the CFI in the next round. */
1309 uregs
.ia
= uregs
.lr
- 1;
1310 ips
[i
++] = uregs
.lr
- 1;
1311 RECURSIVE_MERGE(cmrf
,ips
,i
);
1315 /* No luck. We have to give up. */
1325 /* ------------------------ mips 32/64 ------------------------- */
1326 #if defined(VGP_mips32_linux) || defined(VGP_mips64_linux) \
1327 || defined(VGP_nanomips_linux)
1328 UInt
VG_(get_StackTrace_wrk
) ( ThreadId tid_if_known
,
1329 /*OUT*/Addr
* ips
, UInt max_n_ips
,
1330 /*OUT*/Addr
* sps
, /*OUT*/Addr
* fps
,
1331 const UnwindStartRegs
* startRegs
,
1338 const Int cmrf
= VG_(clo_merge_recursive_frames
);
1340 vg_assert(sizeof(Addr
) == sizeof(UWord
));
1341 vg_assert(sizeof(Addr
) == sizeof(void*));
1344 uregs
.pc
= startRegs
->r_pc
;
1345 uregs
.sp
= startRegs
->r_sp
;
1346 Addr fp_min
= uregs
.sp
- VG_STACK_REDZONE_SZB
;
1348 #if defined(VGP_mips32_linux) || defined(VGP_nanomips_linux)
1349 uregs
.fp
= startRegs
->misc
.MIPS32
.r30
;
1350 uregs
.ra
= startRegs
->misc
.MIPS32
.r31
;
1351 #elif defined(VGP_mips64_linux)
1352 uregs
.fp
= startRegs
->misc
.MIPS64
.r30
;
1353 uregs
.ra
= startRegs
->misc
.MIPS64
.r31
;
1356 /* Snaffle IPs from the client's stack into ips[0 .. max_n_ips-1],
1357 stopping when the trail goes cold, which we guess to be
1358 when FP is not a reasonable stack location. */
1360 fp_max
= VG_PGROUNDUP(fp_max_orig
);
1361 if (fp_max
>= sizeof(Addr
))
1362 fp_max
-= sizeof(Addr
);
1365 VG_(printf
)("max_n_ips=%u fp_min=0x%lx fp_max_orig=0x%lx, "
1366 "fp_max=0x%lx pc=0x%lx sp=0x%lx fp=0x%lx\n",
1367 max_n_ips
, fp_min
, fp_max_orig
, fp_max
,
1368 uregs
.pc
, uregs
.sp
, uregs
.fp
);
1370 if (sps
) sps
[0] = uregs
.sp
;
1371 if (fps
) fps
[0] = uregs
.fp
;
1375 /* Loop unwinding the stack. */
1379 VG_(printf
)("i: %d, pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1380 i
, uregs
.pc
, uregs
.sp
, uregs
.ra
);
1385 D3UnwindRegs uregs_copy
= uregs
;
1386 if (VG_(use_CF_info
)( &uregs
, fp_min
, fp_max
)) {
1388 VG_(printf
)("USING CFI: pc: 0x%lx, sp: 0x%lx, ra: 0x%lx\n",
1389 uregs
.pc
, uregs
.sp
, uregs
.ra
);
1390 if (0 != uregs
.pc
&& 1 != uregs
.pc
) {
1391 if (sps
) sps
[i
] = uregs
.sp
;
1392 if (fps
) fps
[i
] = uregs
.fp
;
1393 ips
[i
++] = uregs
.pc
- 4;
1394 uregs
.pc
= uregs
.pc
- 4;
1395 RECURSIVE_MERGE(cmrf
,ips
,i
);
1401 int seen_sp_adjust
= 0;
1402 long frame_offset
= 0;
1404 const DiEpoch cur_ep
= VG_(current_DiEpoch
)();
1405 if (VG_(get_inst_offset_in_function
)(cur_ep
, uregs
.pc
, &offset
)) {
1406 Addr start_pc
= uregs
.pc
- offset
;
1407 Addr limit_pc
= uregs
.pc
;
1409 for (cur_pc
= start_pc
; cur_pc
< limit_pc
; cur_pc
+= 4) {
1410 unsigned long inst
, high_word
, low_word
;
1411 unsigned long * cur_inst
;
1412 /* Fetch the instruction. */
1413 cur_inst
= (unsigned long *)cur_pc
;
1414 inst
= *((UInt
*) cur_inst
);
1416 VG_(printf
)("cur_pc: 0x%lx, inst: 0x%lx\n", cur_pc
, inst
);
1418 /* Save some code by pre-extracting some useful fields. */
1419 high_word
= (inst
>> 16) & 0xffff;
1420 low_word
= inst
& 0xffff;
1422 if (high_word
== 0x27bd /* addiu $sp,$sp,-i */
1423 || high_word
== 0x23bd /* addi $sp,$sp,-i */
1424 || high_word
== 0x67bd) { /* daddiu $sp,$sp,-i */
1425 if (low_word
& 0x8000) /* negative stack adjustment? */
1426 frame_offset
+= 0x10000 - low_word
;
1428 /* Exit loop if a positive stack adjustment is found, which
1429 usually means that the stack cleanup code in the function
1430 epilogue is reached. */
1436 VG_(printf
)("offset: 0x%ld\n", frame_offset
);
1438 if (seen_sp_adjust
) {
1439 if (0 == uregs
.pc
|| 1 == uregs
.pc
) break;
1440 if (uregs
.pc
== uregs
.ra
- 8) break;
1442 sps
[i
] = uregs
.sp
+ frame_offset
;
1444 uregs
.sp
= uregs
.sp
+ frame_offset
;
1450 if (0 == uregs
.ra
|| 1 == uregs
.ra
) break;
1451 uregs
.pc
= uregs
.ra
- 8;
1452 ips
[i
++] = uregs
.ra
- 8;
1453 RECURSIVE_MERGE(cmrf
,ips
,i
);
1466 if (0 == uregs
.ra
|| 1 == uregs
.ra
) break;
1467 uregs
.pc
= uregs
.ra
- 8;
1468 ips
[i
++] = uregs
.ra
- 8;
1469 RECURSIVE_MERGE(cmrf
,ips
,i
);
1472 /* No luck. We have to give up. */
1482 /*------------------------------------------------------------*/
1484 /*--- END platform-dependent unwinder worker functions ---*/
1486 /*------------------------------------------------------------*/
1488 /*------------------------------------------------------------*/
1489 /*--- Exported functions. ---*/
1490 /*------------------------------------------------------------*/
1492 UInt
VG_(get_StackTrace_with_deltas
)(
1494 /*OUT*/StackTrace ips
, UInt n_ips
,
1495 /*OUT*/StackTrace sps
,
1496 /*OUT*/StackTrace fps
,
1497 Word first_ip_delta
,
1501 /* Get the register values with which to start the unwind. */
1502 UnwindStartRegs startRegs
;
1503 VG_(memset
)( &startRegs
, 0, sizeof(startRegs
) );
1504 VG_(get_UnwindStartRegs
)( &startRegs
, tid
);
1506 Addr stack_highest_byte
= VG_(threads
)[tid
].client_stack_highest_byte
;
1507 Addr stack_lowest_byte
= 0;
1509 # if defined(VGP_x86_linux)
1510 /* Nasty little hack to deal with syscalls - if libc is using its
1511 _dl_sysinfo_int80 function for syscalls (the TLS version does),
1512 then ip will always appear to be in that function when doing a
1513 syscall, not the actual libc function doing the syscall. This
1514 check sees if IP is within that function, and pops the return
1515 address off the stack so that ip is placed within the library
1516 function calling the syscall. This makes stack backtraces much
1519 The function is assumed to look like this (from glibc-2.3.6 sources):
1523 That is 3 (2+1) bytes long. We could be more thorough and check
1524 the 3 bytes of the function are as expected, but I can't be
1527 if (VG_(client__dl_sysinfo_int80
) != 0 /* we know its address */
1528 && startRegs
.r_pc
>= VG_(client__dl_sysinfo_int80
)
1529 && startRegs
.r_pc
< VG_(client__dl_sysinfo_int80
)+3
1530 && VG_(am_is_valid_for_client
)(startRegs
.r_pc
, sizeof(Addr
),
1532 startRegs
.r_pc
= (ULong
) *(Addr
*)(UWord
)startRegs
.r_sp
;
1533 startRegs
.r_sp
+= (ULong
) sizeof(Addr
);
1537 /* See if we can get a better idea of the stack limits */
1538 VG_(stack_limits
)( (Addr
)startRegs
.r_sp
,
1539 &stack_lowest_byte
, &stack_highest_byte
);
1541 /* Take into account the first_ip_delta and first_sp_delta. */
1542 startRegs
.r_pc
+= (Long
)first_ip_delta
;
1543 startRegs
.r_sp
+= (Long
)first_sp_delta
;
1546 VG_(printf
)("tid %u: stack_highest=0x%08lx ip=0x%010llx "
1548 tid
, stack_highest_byte
,
1549 startRegs
.r_pc
, startRegs
.r_sp
);
1551 return VG_(get_StackTrace_wrk
)(tid
, ips
, n_ips
,
1554 stack_highest_byte
);
1557 UInt
VG_(get_StackTrace
) ( ThreadId tid
,
1558 /*OUT*/StackTrace ips
, UInt max_n_ips
,
1559 /*OUT*/StackTrace sps
,
1560 /*OUT*/StackTrace fps
,
1561 Word first_ip_delta
)
1563 return VG_(get_StackTrace_with_deltas
) (tid
,
1568 0 /* first_sp_delta */
1572 static void printIpDesc(UInt n
, DiEpoch ep
, Addr ip
, void* uu_opaque
)
1574 InlIPCursor
*iipc
= VG_(new_IIPC
)(ep
, ip
);
1577 const HChar
*buf
= VG_(describe_IP
)(ep
, ip
, iipc
);
1579 VG_(printf_xml
)(" %s\n", buf
);
1581 VG_(message
)(Vg_UserMsg
, " %s %s\n",
1582 ( n
== 0 ? "at" : "by" ), buf
);
1585 // Increase n to show "at" for only one level.
1586 } while (VG_(next_IIPC
)(iipc
));
1587 VG_(delete_IIPC
)(iipc
);
1590 /* Print a StackTrace. */
1591 void VG_(pp_StackTrace
) ( DiEpoch ep
, StackTrace ips
, UInt n_ips
)
1593 vg_assert( n_ips
> 0 );
1596 VG_(printf_xml
)(" <stack>\n");
1598 VG_(apply_StackTrace
)( printIpDesc
, NULL
, ep
, ips
, n_ips
);
1601 VG_(printf_xml
)(" </stack>\n");
1604 /* Get and immediately print a StackTrace. */
1605 void VG_(get_and_pp_StackTrace
) ( ThreadId tid
, UInt max_n_ips
)
1607 Addr ips
[max_n_ips
];
1609 = VG_(get_StackTrace
)(tid
, ips
, max_n_ips
,
1610 NULL
/*array to dump SP values in*/,
1611 NULL
/*array to dump FP values in*/,
1612 0/*first_ip_delta*/);
1613 VG_(pp_StackTrace
)(VG_(current_DiEpoch
)(), ips
, n_ips
);
1616 void VG_(apply_StackTrace
)(
1617 void(*action
)(UInt n
, DiEpoch ep
, Addr ip
, void* opaque
),
1619 DiEpoch ep
, StackTrace ips
, UInt n_ips
1624 vg_assert(n_ips
> 0);
1625 if ( ! VG_(clo_show_below_main
) ) {
1626 // Search (from the outer frame onwards) the appearance of "main"
1627 // or the last appearance of a below main function.
1628 // Then decrease n_ips so as to not call action for the below main
1629 for (i
= n_ips
- 1; i
>= 0; i
--) {
1630 Vg_FnNameKind kind
= VG_(get_fnname_kind_from_IP
)(ep
, ips
[i
]);
1631 if (Vg_FnNameMain
== kind
|| Vg_FnNameBelowMain
== kind
)
1633 if (Vg_FnNameMain
== kind
)
1638 for (i
= 0; i
< n_ips
; i
++)
1640 action(i
, ep
, ips
[i
], opaque
);
1644 /*--------------------------------------------------------------------*/
1646 /*--------------------------------------------------------------------*/