1 /* Copyright (C) 2021 Free Software Foundation, Inc.
4 This file is part of GNU Binutils.
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3, or (at your option)
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, 51 Franklin Street - Fifth Floor, Boston,
19 MA 02110-1301, USA. */
30 #include "collector.h"
31 #include "gp-experiment.h"
35 /* Get dynamic module interface*/
36 #include "collector_module.h"
38 /* Get definitions for SP_LEAF_CHECK_MARKER, SP_TRUNC_STACK_MARKER */
39 #include "data_pckts.h"
44 long fr_local[8]; /* saved locals */
45 long fr_arg[6]; /* saved arguments [0 - 5] */
46 struct frame *fr_savfp; /* saved frame pointer */
47 long fr_savpc; /* saved program counter */
49 char *fr_stret; /* struct return addr */
51 long fr_argd[6]; /* arg dump area */
52 long fr_argx[1]; /* array of args past the sixth */
58 unsigned long fr_savfp;
59 unsigned long fr_savpc;
63 /* Set the debug trace level */
69 int (*__collector_VM_ReadByteInstruction)(unsigned char *) = NULL;
70 #define VM_NO_ACCESS (-1)
71 #define VM_NOT_VM_MEMORY (-2)
72 #define VM_NOT_X_SEGMENT (-3)
74 #define isInside(p, bgn, end) ((p) >= (bgn) && (p) < (end))
77 * Weed through all the arch dependent stuff to get the right definition
78 * for 'pc' in the ucontext structure. The system header files are mess
79 * dealing with all the arch (just look for PC, R_PC, REG_PC).
85 #define IN_BARRIER(x) \
87 (unsigned long)x >= barrier_hdl && \
88 (unsigned long)x < barrier_hdlx )
89 static unsigned long barrier_hdl = 0;
90 static unsigned long barrier_hdlx = 0;
93 #define STACK_BIAS 2047
94 #define IN_TRAP_HANDLER(x) \
96 (unsigned long)x >= misalign_hdl && \
97 (unsigned long)x < misalign_hdlx )
98 static unsigned long misalign_hdl = 0;
99 static unsigned long misalign_hdlx = 0;
105 #define GET_GREG(ctx,reg) (((ucontext_t*)ctx)->uc_mcontext.mc_gregs[(reg)])
106 #define GET_SP(ctx) (((ucontext_t*)ctx)->uc_mcontext.mc_gregs[MC_O6])
107 #define GET_PC(ctx) (((ucontext_t*)ctx)->uc_mcontext.mc_gregs[MC_PC])
109 #define GET_GREG(ctx,reg) (((ucontext_t*)ctx)->uc_mcontext.gregs[(reg)])
110 #define GET_SP(ctx) (((ucontext_t*)ctx)->uc_mcontext.gregs[REG_O6])
111 #define GET_PC(ctx) (((ucontext_t*)ctx)->uc_mcontext.gregs[REG_PC])
115 #include "opcodes/disassemble.h"
118 fprintf_func (void *arg ATTRIBUTE_UNUSED, const char *fmt ATTRIBUTE_UNUSED, ...)
124 fprintf_styled_func (void *arg ATTRIBUTE_UNUSED,
125 enum disassembler_style st ATTRIBUTE_UNUSED,
126 const char *fmt ATTRIBUTE_UNUSED, ...)
131 /* Get LENGTH bytes from info's buffer, at target address memaddr.
132 Transfer them to myaddr. */
134 read_memory_func (bfd_vma memaddr, bfd_byte *myaddr, unsigned int length,
135 disassemble_info *info)
137 unsigned int opb = info->octets_per_byte;
138 size_t end_addr_offset = length / opb;
139 size_t max_addr_offset = info->buffer_length / opb;
140 size_t octets = (memaddr - info->buffer_vma) * opb;
141 if (memaddr < info->buffer_vma
142 || memaddr - info->buffer_vma > max_addr_offset
143 || memaddr - info->buffer_vma + end_addr_offset > max_addr_offset
144 || (info->stop_vma && (memaddr >= info->stop_vma
145 || memaddr + end_addr_offset > info->stop_vma)))
147 memcpy (myaddr, info->buffer + octets, length);
152 print_address_func (bfd_vma addr ATTRIBUTE_UNUSED,
153 disassemble_info *info ATTRIBUTE_UNUSED) { }
156 symbol_at_address_func (bfd_vma addr ATTRIBUTE_UNUSED,
157 disassemble_info *info ATTRIBUTE_UNUSED)
163 symbol_is_valid (asymbol *sym ATTRIBUTE_UNUSED,
164 disassemble_info *info ATTRIBUTE_UNUSED)
170 memory_error_func (int status ATTRIBUTE_UNUSED, bfd_vma addr ATTRIBUTE_UNUSED,
171 disassemble_info *info ATTRIBUTE_UNUSED) { }
175 #define GET_PC(ctx) (((ucontext_t*)ctx)->uc_mcontext.gregs[REG_EIP])
176 #define GET_SP(ctx) (((ucontext_t*)ctx)->uc_mcontext.gregs[REG_ESP])
177 #define GET_FP(ctx) (((ucontext_t*)ctx)->uc_mcontext.gregs[REG_EBP])
180 #define GET_PC(ctx) (((ucontext_t*)ctx)->uc_mcontext.gregs[REG_RIP])
181 #define GET_SP(ctx) (((ucontext_t*)ctx)->uc_mcontext.gregs[REG_RSP])
182 #define GET_FP(ctx) (((ucontext_t*)ctx)->uc_mcontext.gregs[REG_RBP])
186 #define GET_PC(ctx) (((ucontext_t*)ctx)->uc_mcontext.regs[15])
187 #define GET_SP(ctx) (((ucontext_t*)ctx)->uc_mcontext.regs[13])
188 #define GET_FP(ctx) (((ucontext_t*)ctx)->uc_mcontext.regs[14])
192 * FILL_CONTEXT() for all platforms
193 * Could use getcontext() except:
194 * - it's not guaranteed to be async signal safe
195 * - it's a system call and not that lightweight
196 * - it's not portable as of POSIX.1-2008
197 * So we just use low-level mechanisms to fill in the few fields we need.
201 #define FILL_CONTEXT(context) \
204 __asm__ __volatile__( "mov %%i6, %0" : "=r" (fp) ); \
205 __asm__ __volatile__( "ta 3" ); \
206 GET_SP(context) = fp; \
207 GET_PC(context) = (greg_t)0; \
211 #define FILL_CONTEXT(context) \
214 __asm__ __volatile__( "mov %%i6, %0" : "=r" (fp) ); \
215 __asm__ __volatile__( "flushw" ); \
216 GET_SP(context) = fp; \
217 GET_PC(context) = (greg_t)0; \
222 #define FILL_CONTEXT(context) \
224 context->uc_link = NULL; \
225 void *sp = __collector_getsp(); \
226 GET_SP(context) = (intptr_t)sp; \
227 GET_FP(context) = (intptr_t)__collector_getfp(); \
228 GET_PC(context) = (intptr_t)__collector_getpc(); \
229 context->uc_stack.ss_sp = sp; \
230 context->uc_stack.ss_size = 0x100000; \
234 #define FILL_CONTEXT(context) \
235 { CALL_UTIL (getcontext) (context); \
236 context->uc_mcontext.sp = (__u64) __builtin_frame_address(0); \
242 getByteInstruction (unsigned char *p)
244 if (__collector_VM_ReadByteInstruction)
246 int v = __collector_VM_ReadByteInstruction (p);
247 if (v != VM_NOT_VM_MEMORY)
253 struct DataHandle *dhndl = NULL;
255 static unsigned unwind_key = COLLECTOR_TSD_INVALID_KEY;
257 /* To support two OpenMP API's we use a pointer
258 * to the actual function.
260 int (*__collector_omp_stack_trace)(char*, int, hrtime_t, void*) = NULL;
261 int (*__collector_mpi_stack_trace)(char*, int, hrtime_t) = NULL;
263 #define DEFAULT_MAX_NFRAMES 256
264 static int max_native_nframes = DEFAULT_MAX_NFRAMES;
265 static int max_java_nframes = DEFAULT_MAX_NFRAMES;
267 #define NATIVE_FRAME_BYTES(nframes) ( ((nframes)+1) * sizeof(long) )
268 #define JAVA_FRAME_BYTES(nframes) ( ((nframes)+1) * sizeof(long) * 2 + 16 )
269 #define OVERHEAD_BYTES ( 2 * sizeof(long) + 2 * sizeof(Stack_info) )
271 #define ROOT_UID 801425552975190205ULL
272 #define ROOT_UID_INV 92251691606677ULL
273 #define ROOT_IDX 13907816567264074199ULL
274 #define ROOT_IDX_INV 2075111ULL
275 #define UIDTableSize 1048576
276 static volatile uint64_t *UIDTable = NULL;
277 static volatile int seen_omp = 0;
279 static int stack_unwind (char *buf, int size, void *bptr, void *eptr, ucontext_t *context, int mode);
280 static FrameInfo compute_uid (Frame_packet *frp);
281 static int omp_no_walk = 0;
284 #define ValTableSize 1048576
285 #define OmpValTableSize 65536
286 static unsigned long *AddrTable_RA_FROMFP = NULL; // Cache for RA_FROMFP pcs
287 static unsigned long *AddrTable_RA_EOSTCK = NULL; // Cache for RA_EOSTCK pcs
288 static struct WalkContext *OmpCurCtxs = NULL;
289 static struct WalkContext *OmpCtxs = NULL;
290 static uint32_t *OmpVals = NULL;
291 static unsigned long *OmpRAs = NULL;
292 static unsigned long adjust_ret_addr (unsigned long ra, unsigned long segoff, unsigned long tend);
293 static int parse_x86_AVX_instruction (unsigned char *pc);
301 unsigned long sbase; /* stack boundary */
302 unsigned long tbgn; /* current memory segment start */
303 unsigned long tend; /* current memory segment end */
307 #if defined(DEBUG) && ARCH(Intel)
308 #include <execinfo.h>
311 dump_stack (int nline)
313 if ((__collector_tracelevel & SP_DUMP_STACK) == 0)
316 enum Constexpr { MAX_SIZE = 1024 };
317 void *array[MAX_SIZE];
318 size_t sz = backtrace (array, MAX_SIZE);
319 char **strings = backtrace_symbols (array, sz);
320 DprintfT (SP_DUMP_STACK, "\ndump_stack: %d size=%d\n", nline, (int) sz);
321 for (int i = 0; i < sz; i++)
322 DprintfT (SP_DUMP_STACK, " %3d: %p %s\n", i, array[i],
323 strings[i] ? strings[i] : "???");
326 #define dump_targets(nline, ntrg, targets) \
327 if ((__collector_tracelevel & SP_DUMP_UNWIND) != 0) \
328 for(int i = 0; i < ntrg; i++) \
329 DprintfT (SP_DUMP_UNWIND, " %2d: 0x%lx\n", i, (long) targets[i])
331 #define dump_stack(x)
332 #define dump_targets(nline, ntrg, targets)
336 __collector_ext_unwind_key_init (int isPthread, void * stack)
338 void * ptr = __collector_tsd_get_by_key (unwind_key);
341 TprintfT (DBG_LT2, "__collector_ext_unwind_key_init: cannot get tsd\n");
346 size_t stack_size = 0;
347 void *stack_addr = 0;
348 pthread_t pthread = pthread_self ();
350 int err = pthread_getattr_np (pthread, &attr);
351 TprintfT (DBG_LT1, "__collector_ext_unwind_key_init: pthread: 0x%lx err: %d\n", pthread, err);
354 err = pthread_attr_getstack (&attr, &stack_addr, &stack_size);
356 stack_addr = (char*) stack_addr + stack_size;
357 TprintfT (DBG_LT1, "__collector_ext_unwind_key_init: stack_size=0x%lx eos=%p err=%d\n",
358 (long) stack_size, stack_addr, err);
359 err = pthread_attr_destroy (&attr);
360 TprintfT (DBG_LT1, "__collector_ext_unwind_key_init: destroy: %d\n", err);
362 *(void**) ptr = stack_addr;
365 *(void**) ptr = stack; // cloned thread
369 __collector_ext_unwind_init (int record)
371 int sz = UIDTableSize * sizeof (*UIDTable);
372 UIDTable = (uint64_t*) __collector_allocCSize (__collector_heap, sz, 1);
373 if (UIDTable == NULL)
375 __collector_terminate_expt ();
378 CALL_UTIL (memset)((void*) UIDTable, 0, sz);
380 char *str = CALL_UTIL (getenv)("GPROFNG_JAVA_MAX_CALL_STACK_DEPTH");
381 if (str != NULL && *str != 0)
384 int n = CALL_UTIL (strtol)(str, &endptr, 0);
385 if (endptr != str && n >= 0)
389 if (n > MAX_STACKDEPTH)
391 max_java_nframes = n;
395 str = CALL_UTIL (getenv)("GPROFNG_MAX_CALL_STACK_DEPTH");
396 if (str != NULL && *str != 0)
399 int n = CALL_UTIL (strtol)(str, &endptr, 0);
400 if (endptr != str && n >= 0)
404 if (n > MAX_STACKDEPTH)
406 max_native_nframes = n;
410 TprintfT (DBG_LT0, "GPROFNG_MAX_CALL_STACK_DEPTH=%d GPROFNG_JAVA_MAX_CALL_STACK_DEPTH=%d\n",
411 max_native_nframes, max_java_nframes);
414 if (__collector_VM_ReadByteInstruction == NULL)
415 __collector_VM_ReadByteInstruction = (int(*)()) dlsym (RTLD_DEFAULT, "Async_VM_ReadByteInstruction");
419 misalign_hdl = (unsigned long) dlsym (RTLD_DEFAULT, "__misalign_trap_handler");
420 misalign_hdlx = (unsigned long) dlsym (RTLD_DEFAULT, "__misalign_trap_handler_end");
421 if (misalign_hdlx == 0)
422 misalign_hdlx = misalign_hdl + 292;
423 barrier_hdl = (unsigned long) dlsym (RTLD_DEFAULT, "__mt_EndOfTask_Barrier_");
424 barrier_hdlx = (unsigned long) dlsym (RTLD_DEFAULT, "__mt_EndOfTask_Barrier_Dummy_");
425 if (barrier_hdlx == 0)
428 barrier_hdl = (unsigned long) dlsym (RTLD_DEFAULT, "__mt_EndOfTask_Barrier_");
429 barrier_hdlx = (unsigned long) dlsym (RTLD_DEFAULT, "__mt_EndOfTask_Barrier_Dummy_");
430 if (barrier_hdlx == 0)
435 sz = ValTableSize * sizeof (*AddrTable_RA_FROMFP);
436 AddrTable_RA_FROMFP = (unsigned long*) __collector_allocCSize (__collector_heap, sz, 1);
437 sz = ValTableSize * sizeof (*AddrTable_RA_EOSTCK);
438 AddrTable_RA_EOSTCK = (unsigned long*) __collector_allocCSize (__collector_heap, sz, 1);
439 if (omp_no_walk && (__collector_omp_stack_trace != NULL || __collector_mpi_stack_trace != NULL))
441 sz = OmpValTableSize * sizeof (*OmpCurCtxs);
442 OmpCurCtxs = (struct WalkContext *) __collector_allocCSize (__collector_heap, sz, 1);
443 sz = OmpValTableSize * sizeof (*OmpCtxs);
444 OmpCtxs = (struct WalkContext *) __collector_allocCSize (__collector_heap, sz, 1);
445 sz = OmpValTableSize * sizeof (*OmpVals);
446 OmpVals = (uint32_t*) __collector_allocCSize (__collector_heap, sz, 1);
447 sz = OmpValTableSize * sizeof (*OmpRAs);
448 OmpRAs = (unsigned long*) __collector_allocCSize (__collector_heap, sz, 1);
449 if (OmpCurCtxs == NULL || OmpCtxs == NULL || OmpVals == NULL || OmpRAs == NULL)
451 TprintfT (0, "unwind_init() ERROR: failed; terminating experiment\n");
452 __collector_terminate_expt ();
460 dhndl = __collector_create_handle (SP_FRINFO_FILE);
461 __collector_log_write ("<%s name=\"%s\" format=\"binary\"/>\n", SP_TAG_DATAPTR, SP_FRINFO_FILE);
464 unwind_key = __collector_tsd_create_key (sizeof (void*), NULL, NULL);
465 if (unwind_key == COLLECTOR_TSD_INVALID_KEY)
467 TprintfT (0, "unwind_init: ERROR: TSD key create failed.\n");
468 __collector_log_write ("<%s kind=\"%s\" id=\"%d\">TSD key not created</%s>\n",
469 SP_TAG_EVENT, SP_JCMD_CERROR, COL_ERROR_GENERAL, SP_TAG_EVENT);
472 TprintfT (0, "unwind_init() completed normally\n");
477 __collector_ext_unwind_close ()
479 __collector_delete_handle (dhndl);
484 __collector_ext_return_address (unsigned level)
486 if (NULL == UIDTable) //unwind not initialized yet
488 unsigned size = (level + 4) * sizeof (long); // need to strip __collector_get_return_address and its caller
490 FILL_CONTEXT ((&context));
491 char* buf = (char*) alloca (size);
494 TprintfT (DBG_LT0, "__collector_get_return_address: ERROR: alloca(%d) fails\n", size);
497 int sz = stack_unwind (buf, size, NULL, NULL, &context, 0);
498 if (sz < (level + 3) * sizeof (long))
500 TprintfT (DBG_LT0, "__collector_get_return_address: size=%d, but stack_unwind returns %d\n", size, sz);
503 long *lbuf = (long*) buf;
504 TprintfT (DBG_LT2, "__collector_get_return_address: return %lx\n", lbuf[level + 2]);
505 return (void *) (lbuf[level + 2]);
508 * Collector interface method getFrameInfo
511 __collector_get_frame_info (hrtime_t ts, int mode, void *arg)
513 ucontext_t *context = NULL;
515 CM_Array *array = NULL;
520 if (mode & FRINFO_NO_WALK)
522 int bmode = mode & 0xffff;
523 int pseudo_context = 0;
524 if (bmode == FRINFO_FROM_STACK_ARG || bmode == FRINFO_FROM_STACK)
527 context = (ucontext_t*) alloca (sizeof (ucontext_t));
528 FILL_CONTEXT (context);
529 unwind_mode |= bmode;
531 else if (bmode == FRINFO_FROM_UC)
533 context = (ucontext_t*) arg;
535 return (FrameInfo) 0;
536 if (GET_SP (context) == 0)
539 else if (bmode == FRINFO_FROM_ARRAY)
541 array = (CM_Array*) arg;
542 if (array == NULL || array->length <= 0)
543 return (FrameInfo) 0;
546 return (FrameInfo) 0;
548 int max_frame_size = OVERHEAD_BYTES + NATIVE_FRAME_BYTES (max_native_nframes);
549 if (__collector_java_mode && __collector_java_asyncgetcalltrace_loaded && context && !pseudo_context)
550 max_frame_size += JAVA_FRAME_BYTES (max_java_nframes);
552 Frame_packet *frpckt = alloca (sizeof (Frame_packet) + max_frame_size);
553 frpckt->type = FRAME_PCKT;
554 frpckt->hsize = sizeof (Frame_packet);
556 char *d = (char*) (frpckt + 1);
557 int size = max_frame_size;
559 #define MIN(a,b) ((a)<(b)?(a):(b))
560 #if defined(GPROFNG_JAVA_PROFILING)
562 if (__collector_java_mode && __collector_java_asyncgetcalltrace_loaded && context && !pseudo_context)
564 /* use only 2/3 of the buffer and leave the rest for the native stack */
565 int tmpsz = MIN (size, JAVA_FRAME_BYTES (max_java_nframes));
568 int sz = __collector_ext_jstack_unwind (d, tmpsz, context);
575 /* get native stack */
578 Stack_info *sinfo = (Stack_info*) d;
579 int sz = sizeof (Stack_info);
583 if (omp_no_walk == 0)
587 unwind_mode |= FRINFO_NO_WALK;
589 int tmpsz = MIN (size, NATIVE_FRAME_BYTES (max_native_nframes));
592 sz = stack_unwind (d, tmpsz, bptr, NULL, context, unwind_mode);
596 sinfo->kind = STACK_INFO;
597 sinfo->hsize = (d - (char*) sinfo);
600 /* create a stack image from user data */
601 if (array && array->length > 0)
603 Stack_info *sinfo = (Stack_info*) d;
604 int sz = sizeof (Stack_info);
609 sz = size; // YXXX should we mark this with truncation frame?
610 __collector_memcpy (d, array->bytes, sz);
613 sinfo->kind = STACK_INFO;
614 sinfo->hsize = (d - (char*) sinfo);
617 /* Compute the total size */
618 frpckt->tsize = d - (char*) frpckt;
619 FrameInfo uid = compute_uid (frpckt);
624 compute_uid (Frame_packet *frp)
626 uint64_t idxs[LAST_INFO];
627 uint64_t uid = ROOT_UID;
628 uint64_t idx = ROOT_IDX;
630 Common_info *cinfo = (Common_info*) ((char*) frp + frp->hsize);
631 char *end = (char*) frp + frp->tsize;
634 if ((char*) cinfo >= end || cinfo->hsize == 0 ||
635 (char*) cinfo + cinfo->hsize > end)
638 /* Start with a different value to avoid matching with uid */
641 long *ptr = (long*) ((char*) cinfo + cinfo->hsize);
642 long *bnd = (long*) ((char*) cinfo + sizeof (Common_info));
643 TprintfT (DBG_LT2, "compute_uid: Cnt=%ld: ", (long) cinfo->hsize);
647 tprintf (DBG_LT2, "0x%8.8llx ", (unsigned long long) val);
648 uidt = (uidt + val) * ROOT_UID;
649 idxt = (idxt + val) * ROOT_IDX;
650 uid = (uid + val) * ROOT_UID;
651 idx = (idx + val) * ROOT_IDX;
653 if (cinfo->kind == STACK_INFO || cinfo->kind == JAVA_INFO)
656 idxs[cinfo->kind] = idxt;
658 cinfo = (Common_info*) ((char*) cinfo + cinfo->hsize);
660 tprintf (DBG_LT2, "\n");
662 /* Check if we have already recorded that uid.
663 * The following fragment contains benign data races.
664 * It's important, though, that all reads from UIDTable
665 * happen before writes.
668 int idx1 = (int) ((idx >> 44) % UIDTableSize);
669 if (UIDTable[idx1] == uid)
672 int idx2 = (int) ((idx >> 24) % UIDTableSize);
673 if (UIDTable[idx2] == uid)
676 int idx3 = (int) ((idx >> 4) % UIDTableSize);
677 if (UIDTable[idx3] == uid)
680 UIDTable[idx1] = uid;
682 UIDTable[idx2] = uid;
684 UIDTable[idx3] = uid;
686 if (found1 || found2 || found3)
687 return (FrameInfo) uid;
690 /* Compress info's */
691 cinfo = (Common_info*) ((char*) frp + frp->hsize);
694 if ((char*) cinfo >= end || cinfo->hsize == 0 ||
695 (char*) cinfo + cinfo->hsize > end)
697 if (cinfo->kind == STACK_INFO || cinfo->kind == JAVA_INFO)
699 long *ptr = (long*) ((char*) cinfo + sizeof (Common_info));
700 long *bnd = (long*) ((char*) cinfo + cinfo->hsize);
701 uint64_t uidt = cinfo->uid;
702 uint64_t idxt = idxs[cinfo->kind];
705 while (ptr < bnd - 1)
707 int idx1 = (int) ((idxt >> 44) % UIDTableSize);
708 if (UIDTable[idx1] == uidt)
716 UIDTable[idx1] = uidt;
719 uidt = uidt * ROOT_UID_INV - val;
720 idxt = idxt * ROOT_IDX_INV - val;
724 char *d = (char*) ptr;
725 char *s = (char*) bnd;
729 for (i = 0; i<sizeof (uidt); i++)
738 cinfo->kind |= COMPRESSED_INFO;
739 cinfo->hsize -= delta;
744 cinfo = (Common_info*) ((char*) cinfo + cinfo->hsize);
746 __collector_write_packet (dhndl, (CM_Packet*) frp);
747 return (FrameInfo) uid;
751 __collector_getUID (CM_Array *arg, FrameInfo suid)
753 if (arg->length % sizeof (long) != 0 ||
754 (long) arg->bytes % sizeof (long) != 0)
755 return (FrameInfo) - 1;
756 if (arg->length == 0)
759 uint64_t uid = suid ? suid : 1;
760 uint64_t idx = suid ? suid : 1;
761 long *ptr = (long*) ((char*) arg->bytes + arg->length);
762 long *bnd = (long*) (arg->bytes);
766 uid = (uid + val) * ROOT_UID;
767 idx = (idx + val) * ROOT_IDX;
770 /* Check if we have already recorded that uid.
771 * The following fragment contains benign data races.
772 * It's important, though, that all reads from UIDTable
773 * happen before writes.
776 int idx1 = (int) ((idx >> 44) % UIDTableSize);
777 if (UIDTable[idx1] == uid)
780 int idx2 = (int) ((idx >> 24) % UIDTableSize);
781 if (UIDTable[idx2] == uid)
784 int idx3 = (int) ((idx >> 4) % UIDTableSize);
785 if (UIDTable[idx3] == uid)
789 UIDTable[idx1] = uid;
791 UIDTable[idx2] = uid;
793 UIDTable[idx3] = uid;
794 if (found1 || found2 || found3)
795 return (FrameInfo) uid;
797 int sz = sizeof (Uid_packet) + arg->length;
800 Uid_packet *uidp = alloca (sz);
802 uidp->type = UID_PCKT;
807 ptr = (long*) (arg->bytes);
808 bnd = (long*) ((char*) arg->bytes + arg->length);
809 long *dst = (long*) (uidp + 1);
812 uint64_t luid = suid; /* link uid */
820 if ((bnd - ptr) > sizeof (uidt))
822 uidt = uidt * ROOT_UID_INV - val;
823 idxt = idxt * ROOT_IDX_INV - val;
824 int idx1 = (int) ((idxt >> 44) % UIDTableSize);
825 if (UIDTable[idx1] == uidt)
834 char *d = (char*) dst;
835 for (int i = 0; i<sizeof (luid); i++)
840 uidp->flags |= COMPRESSED_INFO;
841 uidp->tsize = d - (char*) uidp;
843 __collector_write_packet (dhndl, (CM_Packet*) uidp);
845 return (FrameInfo) uid;
849 __collector_getStackTrace (void *buf, int size, void *bptr, void *eptr, void *arg)
851 if (arg == (void*) __collector_omp_stack_trace)
854 if (arg == NULL || arg == (void*) __collector_omp_stack_trace)
856 do_walk = (arg == (void*) __collector_omp_stack_trace && omp_no_walk) ? 0 : 1;
857 ucontext_t *context = (ucontext_t*) alloca (sizeof (ucontext_t));
858 FILL_CONTEXT (context);
863 unwind_mode |= FRINFO_NO_WALK;
864 return stack_unwind (buf, size, bptr, eptr, arg, unwind_mode);
869 * These are important data structures taken from the header files reg.h and
870 * ucontext.h. They are used for the stack trace algorithm explained below.
872 * typedef struct ucontext {
874 * struct ucontext *uc_link;
875 * usigset_t uc_sigmask;
877 * mcontext_t uc_mcontext;
878 * long uc_filler[23];
881 * #define SPARC_MAXREGWINDOW 31
884 * greg_t rw_local[8];
888 * #define rw_fp rw_in[6]
889 * #define rw_rtn rw_in[7]
893 * int *spbuf[SPARC_MAXREGWINDOW];
894 * struct rwindow wbuf[SPARC_MAXREGWINDOW];
897 * typedef struct gwindows gwindows_t;
906 * The stack would look like this when SIGPROF occurrs.
908 * ------------------------- <- high memory
911 * -------------------------
913 * ------------------------- <- fp' <-|
917 * ------------------------- |
920 * ------------------------- <- sp'
922 * | gwins | <- saved stack pointers & | |
923 * | | register windows | |- mcontext
924 * ------------------------- | |
925 * | gregs | <- saved registers | |
926 * ------------------------- |
928 * ------------------------- <- ucp (ucontext pointer) |
931 * ------------------------- <- sip (siginfo pointer) |
933 * ------------------------- <- sp
935 * Then the signal handler is called with:
936 * handler( signo, sip, uip );
937 * When gwins is null, all the stack frames are saved in the user stack.
938 * In that case we can find sp' from gregs and walk the stack for a backtrace.
939 * However, if gwins is not null we will have a more complicated case.
940 * Wbcnt(in gwins) tells you how many saved register windows are valid.
941 * This is important because the kernel does not allocate the entire array.
942 * And the top most frame is saved in the lowest index element. The next
943 * paragraph explains the possible causes.
945 * There are two routines in the kernel to flush out user register windows.
946 * flush_user_windows and flush_user_windows_to_stack
947 * The first routine will not cause a page fault. Therefore if the user
948 * stack is not in memory, the register windows will be saved to the pcb.
949 * This can happen when the kernel is trying to deliver a signal and
950 * the user stack got swap out. The kernel will then build a new context for
951 * the signal handler and the saved register windows will
952 * be copied to the ucontext as show above. On the other hand,
953 * flush_user_windows_to_stack can cause a page fault, and if it failed
954 * then there is something wrong (stack overflow, misalign).
955 * The first saved register window does not necessary correspond to the
956 * first stack frame. So the current stack pointer must be compare with
957 * the stack pointers in spbuf to find a match.
959 * We will also follow the uc_link field in ucontext to trace also nested
960 * signal stack frames.
964 /* Dealing with trap handlers.
965 * When a user defined trap handler is invoked the return address
966 * (or actually the address of an instruction that raised the trap)
967 * is passed to the trap handler in %l6, whereas saved %o7 contains
968 * garbage. First, we need to find out if a particular pc belongs
969 * to the trap handler, and if so, take the %l6 value from the stack rather
970 * than %o7 from either the stack or the register.
971 * There are three possible situations represented
972 * by the following stacks:
974 * MARKER MARKER MARKER
975 * trap handler pc __func pc before 'save' __func pc after 'save'
976 * %l6 %o7 from reg %o7 (garbage)
977 * ... %l6 trap handler pc
980 * where __func is a function called from the trap handler.
982 * Currently this is implemented to only deal with __misalign_trap_handler
983 * set for v9 FORTRAN applications. Implementation of IN_TRAP_HANDLER
984 * macro shows it. A general solution is postponed.
987 /* Special handling of unwind through the parallel loop barrier code:
989 * The library defines two symbols, __mt_EndOfTask_Barrier_ and
990 * __mt_EndOfTask_Barrier_Dummy_ representing the first word of
991 * the barrier sychronization code, and the first word following
992 * it. Whenever the leaf PC is between these two symbols,
993 * the unwind code is special-cased as follows:
994 * The __mt_EndOfTask_Barrier_ function is guaranteed to be a leaf
995 * function, so its return address is in a register, not saved on
999 * __mt_EndOfTask_Barrier_ PC -- the leaf PC
1000 * loop body function address for the task -- implied caller of __mt_EndOfTask_Barrier_
1001 * this address is taken from the %O0 register
1002 * {mt_master or mt_slave} -- real caller of __mt_EndOfTask_Barrier_
1005 * With this trick, the analyzer will show the time in the barrier
1006 * attributed to the loop at the end of which the barrier synchronization
1007 * is taking place. That loop body routine, will be shown as called
1008 * from the function from which it was extracted, which will be shown
1009 * as called from the real caller, either the slave or master library routine.
1013 * These no-fault-load (0x82) assembly functions are courtesy of Rob Gardner.
1015 * Note that 0x82 is ASI_PNF. See
1016 * http://lxr.free-electrons.com/source/arch/sparc/include/uapi/asm/asi.h#L134
1017 * ASI address space identifier; PNF primary no fault
1020 /* load an int from an address */
1022 /* if the address is illegal, return a 0 */
1024 SPARC_no_fault_load_int (void *addr)
1027 __asm__ __volatile__(
1028 "lda [%1] 0x82, %0\n\t"
1036 /* check if an address is invalid
1038 * A no-fault load of an illegal address still faults, but it does so silently to the calling process.
1039 * It returns a 0, but so could a load of a legal address.
1040 * So, we time the load. A "fast" load must be a successful load.
1041 * A "slow" load is probably a fault.
1042 * Since it could also be a cache/TLB miss or other abnormality,
1043 * it's safest to retry a slow load.
1044 * The cost of trying a valid address should be some nanosecs.
1045 * The cost of trying an invalid address up to 10 times could be some microsecs.
1049 int invalid_SPARC_addr(void *addr)
1054 for (i=0; i<10; i++) {
1055 __asm__ __volatile__(
1057 "lduba [%2] 0x82, %%g0\n\t"
1059 : "=r" (t1), "=r" (t2)
1061 if ( (t2 - t1) < 100 )
1069 * The standard SPARC procedure-calling convention is that the
1070 * calling PC (for determining the return address when the procedure
1071 * is finished) is placed in register %o7. A called procedure
1072 * typically executes a "save" instruction that shifts the register
1073 * window, and %o7 becomes %i7.
1075 * Optimized leaf procedures do not shift the register window.
1076 * They assume the return address will remain %o7. So when
1077 * we process a leaf PC, we walk instructions to see if there
1078 * is a call, restore, or other instruction that would indicate
1079 * we can IGNORE %o7 because this is NOT a leaf procedure.
1081 * If a limited instruction walk uncovers no such hint, we save
1082 * not only the PC but the %o7 value as well... just to be safe.
1083 * Later, in DBE post-processing of the call stacks, we decide
1084 * whether any recorded %o7 value should be used as a caller
1085 * frame or should be discarded.
1088 #define IS_ILLTRAP(x) (((x) & 0xc1c00000) == 0)
1089 #define IS_SAVE(x) (((x) & 0xc1f80000) == 0x81e00000)
1090 #define IS_MOVO7R(x) (((x) & 0xc1f8201f) == 0x8160000f)
1091 #define IS_MOVRO7(x) (((x) & 0xfff82000) == 0x9f600000)
1092 #define IS_ORRG0O7(x) (((x) & 0xff78201f) == 0x9e100000)
1093 #define IS_ORG0RO7(x) (((x) & 0xff7fe000) == 0x9e100000)
1094 #define IS_ORG0O7R(x) (((x) & 0xc17fe01f) == 0x8010000f)
1095 #define IS_ORO7G0R(x) (((x) & 0xc17fe01f) == 0x8013c000)
1096 #define IS_RESTORE(x) (((x) & 0xc1f80000) == 0x81e80000)
1097 #define IS_RET(x) ((x) == 0x81c7e008)
1098 #define IS_RETL(x) ((x) == 0x81c3e008)
1099 #define IS_RETURN(x) (((x) & 0xc1f80000) == 0x81c80000)
1100 #define IS_BRANCH(x) ((((x) & 0xc0000000) == 0) && (((x) & 0x01c00000) != 0x01000000))
1101 #define IS_CALL(x) (((x) & 0xc0000000) == 0x40000000)
1102 #define IS_LDO7(x) (((x) & 0xfff80000) == 0xde000000)
1104 static long pagesize = 0;
1107 process_leaf (long *lbuf, int ind, int lsize, void *context)
1109 greg_t pc = GET_PC (context);
1110 greg_t o7 = GET_GREG (context, REG_O7);
1112 /* omazur: TBR START -- not used */
1113 if (IN_BARRIER (pc))
1118 lbuf[ind++] = GET_GREG (context, REG_O0);
1121 /* omazur: TBR END */
1123 if (IN_TRAP_HANDLER (pc))
1130 unsigned *instrp = (unsigned *) pc;
1131 unsigned *end_addr = instrp + 20;
1132 while (instrp < end_addr)
1134 unsigned instr = *instrp++;
1135 if (IS_ILLTRAP (instr))
1137 else if (IS_SAVE (instr))
1141 if (o7 && ind < lsize)
1145 else if (IS_MOVO7R (instr) || IS_ORG0O7R (instr) || IS_ORO7G0R (instr))
1147 else if (IS_MOVRO7 (instr) || IS_ORG0RO7 (instr))
1149 int rs2 = (instr & 0x1f) + REG_G1 - 1;
1150 o7 = (rs2 <= REG_O7) ? GET_GREG (context, rs2) : 0;
1153 else if (IS_ORRG0O7 (instr))
1155 int rs2 = ((instr & 0x7c000) >> 14) + REG_G1 - 1;
1156 o7 = (rs2 <= REG_O7) ? GET_GREG (context, rs2) : 0;
1159 else if (IS_RESTORE (instr))
1164 else if (IS_RETURN (instr))
1169 else if (IS_RET (instr))
1174 else if (IS_RETL (instr))
1176 /* process delay slot */
1178 if (IS_RESTORE (instr))
1182 else if (IS_BRANCH (instr))
1184 unsigned *backbegin = ((unsigned *) pc - 1);
1185 unsigned *backend = backbegin - 12 + (instrp - (unsigned *) pc);
1186 while (backbegin > backend)
1188 // 21920143 stack unwind: SPARC process_leaf backtracks too far
1190 * We've already dereferenced backbegin+1.
1191 * So if backbegin is on the same page, we're fine.
1192 * If we've gone to a different page, possibly things are not fine.
1193 * We don't really know how to test that.
1194 * Let's just assume the worst: that dereferencing backbegin would segv.
1195 * We won't know if we're in a leaf function or not.
1198 pagesize = CALL_UTIL (sysconf)(_SC_PAGESIZE);
1199 if ((((long) (backbegin + 1)) & (pagesize - 1)) < sizeof (unsigned*))
1201 unsigned backinstr = *backbegin--;
1202 if (IS_LDO7 (backinstr))
1207 else if (IS_ILLTRAP (backinstr))
1209 else if (IS_RETURN (backinstr))
1211 else if (IS_RET (backinstr))
1213 else if (IS_RETL (backinstr))
1215 else if (IS_CALL (backinstr))
1217 else if (IS_SAVE (backinstr))
1225 else if (IS_CALL (instr))
1230 if (o7 != 0 && ((long) o7) < 32 && ((long) o7) > -32)
1232 /* 20924821 SEGV in unwind code on SPARC/Linux
1233 * We've seen this condition in some SPARC-Linux runs.
1234 * o7 is non-zero but not a valid address.
1235 * Values like 4 or -7 have been seen.
1236 * Let's check if o7 is unreasonably small.
1237 * If so, set to 0 so that it won't be recorded.
1238 * Otherwise, there is risk of it being dereferenced in process_sigreturn().
1240 // __collector_log_write("<event kind=\"%s\" id=\"%d\">time %lld, internal debug unwind at leaf; o7 = %ld, pc = %x</event>\n",
1241 // SP_JCMD_COMMENT, COL_COMMENT_NONE, __collector_gethrtime() - __collector_start_time, (long) o7, pc );
1249 lbuf[ind++] = SP_LEAF_CHECK_MARKER;
1255 else if (ind < lsize)
1261 // detect signal handler
1263 process_sigreturn (long *lbuf, int ind, int lsize, unsigned char * tpc,
1264 struct frame **pfp, void * bptr, int extra_frame)
1266 // cheap checks whether tpc is obviously not an instruction address
1267 if ((4096 > (unsigned long) tpc) // the first page is off limits
1268 || (3 & (unsigned long) tpc))
1269 return ind; // the address is not aligned
1271 // get the instruction at tpc, skipping over as many as 7 nop's (0x01000000)
1273 for (i = 0; i < 7; i++)
1275 insn = SPARC_no_fault_load_int ((void *) tpc);
1276 if (insn != 0x01000000)
1281 // we're not expecting 0 (and it could mean an illegal address)
1285 // We are looking for __rt_sigreturn_stub with the instruction
1286 // 0x82102065 : mov 0x65 /* __NR_rt_sigreturn */, %g1
1287 if (insn == 0x82102065)
1290 * according to linux kernel source code,
1291 * syscall(_NR_rt_sigreturn) uses the following data in stack:
1292 * struct rt_signal_frame {
1293 * struct sparc_stackf ss;
1295 * struct pt_regs regs;
1297 * sizeof(struct sparc_stackf) is 192;
1298 * sizeof(siginfo_t) is 128;
1299 * we need to get the register values from regs, which is defined as:
1301 * unsigned long u_regs[16];
1302 * unsigned long tstate;
1303 * unsigned long tpc;
1304 * unsigned long tnpc;
1306 * pc and fp register has offset of 120 and 112;
1307 * the pc of kill() is stored in tnpc, whose offest is 136.
1309 greg_t pc = *((unsigned long*) ((char*) ((*pfp)) + 192 + 128 + 136));
1310 greg_t pc1 = *((unsigned long*) ((char*) ((*pfp)) + 192 + 128 + 120));
1311 (*pfp) = *((struct frame**) ((char*) ((*pfp)) + 192 + 128 + 112));
1314 if (bptr != NULL && extra_frame && ((char*) (*pfp) + STACK_BIAS) < (char*) bptr && ind < 2)
1320 if (bptr == NULL || ((char*) (*pfp) + STACK_BIAS) >= (char*) bptr)
1323 lbuf[ind++] = (unsigned long) tpc;
1330 DprintfT (SP_DUMP_UNWIND, "unwind.c: resolved sigreturn pc=0x%lx, pc1=0x%lx, fp=0x%lx\n", pc, pc1, *(pfp));
1337 * int stack_unwind( char *buf, int size, ucontext_t *context )
1338 * This routine looks into the mcontext and
1339 * trace stack frames to record return addresses.
1342 stack_unwind (char *buf, int size, void *bptr, void *eptr, ucontext_t *context, int mode)
1345 * trace the stack frames from user stack.
1346 * We are assuming that the frame pointer and return address
1347 * are null when we are at the top level.
1349 long *lbuf = (long*) buf;
1350 int lsize = size / sizeof (long);
1351 struct frame *fp = (struct frame *) GET_SP (context); /* frame pointer */
1352 greg_t pc; /* program counter */
1353 int extra_frame = 0;
1354 if ((mode & 0xffff) == FRINFO_FROM_STACK)
1359 ind = process_leaf (lbuf, ind, lsize, context);
1361 int extra_frame = 0;
1362 if ((mode & 0xffff) == FRINFO_FROM_STACK)
1366 ind = process_leaf (lbuf, ind, lsize, context);
1372 fp = (struct frame *) ((char *) fp + STACK_BIAS);
1373 if (eptr && fp >= (struct frame *) eptr)
1375 ind = ind >= 2 ? ind - 2 : 0;
1378 #if WSIZE(64) // detect signal handler
1379 unsigned char * tpc = ((unsigned char*) (fp->fr_savpc));
1380 struct frame * tfp = (struct frame*) ((char*) (fp->fr_savfp) + STACK_BIAS);
1382 ind = process_sigreturn (lbuf, old_ind, lsize, tpc, &tfp, bptr, extra_frame);
1392 if (IN_TRAP_HANDLER (lbuf[ind - 1]))
1393 pc = fp->fr_local[6];
1402 if (bptr != NULL && extra_frame && ((char*) fp + STACK_BIAS) < (char*) bptr && ind < 2)
1408 if (bptr == NULL || ((char*) fp + STACK_BIAS) >= (char*) bptr)
1413 /* 4616238: _door_return may have a frame that has non-zero
1414 * saved stack pointer and zero pc
1416 if (pc == (greg_t) NULL)
1421 { /* truncated stack handling */
1423 lbuf[ind++] = SP_TRUNC_STACK_MARKER;
1425 return ind * sizeof (long);
1430 /* get __NR_<syscall_name> constants */
1431 #include <syscall.h>
1434 * From uts/intel/ia32/os/sendsig.c:
1436 * An amd64 signal frame looks like this on the stack:
1439 * <128 bytes of untouched stack space>
1440 * <a siginfo_t [optional]>
1444 * new %rsp: <return address (deliberately invalid)>
1446 * The signal number and siginfo_t pointer are only pushed onto the stack in
1447 * order to allow stack backtraces. The actual signal handling code expects the
1448 * arguments in registers.
1450 * An i386 SVR4/ABI signal frame looks like this on the stack:
1453 * <a siginfo32_t [optional]>
1455 * <pointer to that ucontext32_t>
1456 * <pointer to that siginfo32_t>
1458 * new %esp: <return address (deliberately invalid)>
1462 #define OPC_REG(x) ((x)&0x7)
1463 #define MRM_REGD(x) (((x)>>3)&0x7)
1464 #define MRM_REGS(x) ((x)&0x7)
1467 #define OPC_REG(x) (B|((x)&0x7))
1468 #define MRM_REGD(x) (R|(((x)>>3)&0x7))
1469 #define MRM_REGS(x) (B|((x)&0x7))
1472 #define MRM_EXT(x) (((x)>>3)&0x7)
1473 #define MRM_MOD(x) ((x)&0xc0)
1480 struct AdvWalkContext
1484 unsigned long *sp_safe;
1486 unsigned long *fp_sav;
1487 unsigned long *fp_loc;
1490 unsigned long ra_sav;
1491 unsigned long *ra_loc;
1492 unsigned long regs[16];
1493 int tidx; /* targets table index */
1494 uint32_t cval; /* cache value */
1497 static unsigned long
1498 getRegVal (struct AdvWalkContext *cur, int r, int *undefRez)
1500 if (cur->regs[r] == 0)
1504 tprintf (DBG_LT3, "getRegVal: returns cur->regs[RBP]=0x%lx cur->pc=0x%lx\n",
1505 (unsigned long) cur->fp, (unsigned long) cur->pc);
1506 return (unsigned long) cur->fp;
1510 tprintf (DBG_LT3, "getRegVal: cur->regs[%d]=0x%lx cur->pc=0x%lx\n",
1511 r, (unsigned long) cur->regs[r], (unsigned long) cur->pc);
1512 return cur->regs[r];
1515 static unsigned char *
1516 check_modrm (unsigned char *pc)
1518 unsigned char modrm = *pc++;
1519 unsigned char mod = MRM_MOD (modrm);
1522 unsigned char regs = modrm & 0x07;
1526 return pc + 2; // SIB + disp8
1528 return pc + 5; // SIB + disp32
1529 return pc + 1; // SIB
1536 else if (mod == 0x40)
1538 else if (mod == 0x80)
1544 read_int (unsigned char *pc, int w)
1547 return *((char *) pc);
1549 return *(short*) pc;
1563 /* Cache value encodings */
1564 static const uint32_t RA_FROMFP = (uint32_t) - 1; /* get the RA from the frame pointer */
1565 static const uint32_t RA_EOSTCK = (uint32_t) - 2; /* end-of-stack */
1571 #define MAXJMPREGCTX 3
1573 #define DELETE_CURCTX() __collector_memcpy (cur, buf + (--nctx), sizeof (*cur))
1576 * Look for pc in AddrTable_RA_FROMFP and in AddrTable_RA_EOSTCK
1581 cache_get (struct WalkContext *wctx)
1584 if (AddrTable_RA_FROMFP != NULL)
1586 uint64_t idx = wctx->pc % ValTableSize;
1587 addr = AddrTable_RA_FROMFP[ idx ];
1588 if (addr == wctx->pc)
1589 { // Found in AddrTable_RA_FROMFP
1590 unsigned long *sp = NULL;
1591 unsigned long fp = wctx->fp;
1592 /* validate fp before use */
1593 if (fp < wctx->sp || fp >= wctx->sbase - sizeof (*sp))
1595 sp = (unsigned long *) fp;
1597 unsigned long ra = *sp++;
1598 unsigned long tbgn = wctx->tbgn;
1599 unsigned long tend = wctx->tend;
1600 if (ra < tbgn || ra >= tend)
1601 if (!__collector_check_segment (ra, &tbgn, &tend, 0))
1603 unsigned long npc = adjust_ret_addr (ra, ra - tbgn, tend);
1606 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d cached pc=0x%lX\n", __LINE__, npc);
1608 wctx->sp = (unsigned long) sp;
1615 if (NULL == AddrTable_RA_EOSTCK)
1617 uint64_t idx = wctx->pc % ValTableSize;
1618 addr = AddrTable_RA_EOSTCK[ idx ];
1619 if (addr != wctx->pc)
1621 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d cached RA_END_OF_STACK\n", __LINE__);
1622 return RA_END_OF_STACK;
1625 * Save pc in RA_FROMFP or RA_EOSTCK cache depending on val
1629 cache_put (struct WalkContext *wctx, const uint32_t val)
1631 if (RA_FROMFP == val)
1633 // save pc in RA_FROMFP cache
1634 if (NULL != AddrTable_RA_FROMFP)
1636 uint64_t idx = wctx->pc % ValTableSize;
1637 AddrTable_RA_FROMFP[ idx ] = wctx->pc;
1638 if (NULL != AddrTable_RA_EOSTCK)
1639 if (AddrTable_RA_EOSTCK[ idx ] == wctx->pc)
1640 // invalidate pc in RA_EOSTCK cache
1641 AddrTable_RA_EOSTCK[ idx ] = 0;
1645 if (RA_EOSTCK == val)
1647 // save pc in RA_EOSTCK cache
1648 if (NULL != AddrTable_RA_EOSTCK)
1650 uint64_t idx = wctx->pc % ValTableSize;
1651 AddrTable_RA_EOSTCK[ idx ] = wctx->pc;
1652 if (NULL != AddrTable_RA_FROMFP)
1654 if (AddrTable_RA_FROMFP[ idx ] == wctx->pc)
1655 // invalidate pc in RA_FROMFP cache
1656 AddrTable_RA_FROMFP[ idx ] = 0;
1664 process_return_real (struct WalkContext *wctx, struct AdvWalkContext *cur, int cache_on)
1666 if ((unsigned long) cur->sp >= wctx->sbase ||
1667 (unsigned long) cur->sp < wctx->sp)
1669 DprintfT (SP_DUMP_UNWIND, "unwind.c: not in stack: %p [0x%lX-0x%lX]\n",
1670 cur->sp, wctx->sp, wctx->sbase);
1675 if (cur->sp == cur->ra_loc)
1680 else if (cur->sp >= cur->sp_safe && (unsigned long) cur->sp < wctx->sbase)
1684 DprintfT (SP_DUMP_UNWIND, "unwind.c: not safe: %p >= %p\n", cur->sp, cur->sp_safe);
1690 cache_put (wctx, RA_EOSTCK);
1692 wctx->sp = (unsigned long) cur->sp;
1693 wctx->fp = (unsigned long) cur->fp;
1694 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d RA_END_OF_STACK\n", __LINE__);
1695 return RA_END_OF_STACK;
1698 unsigned long tbgn = wctx->tbgn;
1699 unsigned long tend = wctx->tend;
1700 if (ra < tbgn || ra >= tend)
1702 if (!__collector_check_segment (ra, &tbgn, &tend, 0))
1704 DprintfT (SP_DUMP_UNWIND, "unwind.c: not in segment: 0x%lX [0x%lX-0x%lX]\n",
1705 ra, wctx->tbgn, wctx->tend);
1710 if (cur->cval == RA_FROMFP)
1712 if (wctx->fp == (unsigned long) (cur->sp - 2))
1715 cache_put (wctx, RA_FROMFP);
1721 unsigned long npc = adjust_ret_addr (ra, ra - tbgn, tend);
1724 if (cur->cval == RA_FROMFP)
1726 /* We have another evidence that we can trust this RA */
1727 DprintfT (SP_DUMP_UNWIND, "unwind.c: trusted fp, pc = 0x%lX\n", wctx->pc);
1732 DprintfT (SP_DUMP_UNWIND, "unwind.c: 0 after adjustment\n");
1738 wctx->sp = (unsigned long) cur->sp;
1739 wctx->fp = (unsigned long) cur->fp;
1746 process_return (struct WalkContext *wctx, struct AdvWalkContext *cur)
1748 return process_return_real (wctx, cur, 1);
1752 omp_cache_put (unsigned long *cur_sp_safe, struct WalkContext * wctx_pc_save,
1753 struct WalkContext *wctx, uint32_t val)
1755 if (omp_no_walk && (OmpCurCtxs == NULL || OmpCtxs == NULL || OmpVals == NULL || OmpRAs == NULL))
1757 size_t sz = OmpValTableSize * sizeof (*OmpCurCtxs);
1758 OmpCurCtxs = (struct WalkContext *) __collector_allocCSize (__collector_heap, sz, 1);
1759 sz = OmpValTableSize * sizeof (*OmpCtxs);
1760 OmpCtxs = (struct WalkContext *) __collector_allocCSize (__collector_heap, sz, 1);
1761 sz = OmpValTableSize * sizeof (*OmpVals);
1762 OmpVals = (uint32_t*) __collector_allocCSize (__collector_heap, sz, 1);
1763 sz = OmpValTableSize * sizeof (*OmpRAs);
1764 OmpRAs = (unsigned long*) __collector_allocCSize (__collector_heap, sz, 1);
1766 if (OmpCurCtxs == NULL || OmpCtxs == NULL || OmpVals == NULL || OmpRAs == NULL)
1769 #define USE_18434988_OMP_CACHE_WORKAROUND
1770 #ifndef USE_18434988_OMP_CACHE_WORKAROUND
1771 uint64_t idx = wctx_pc_save->pc * ROOT_IDX;
1772 OmpVals[ idx % OmpValTableSize ] = val;
1773 idx = (idx + val) * ROOT_IDX;
1774 __collector_memcpy (&(OmpCurCtxs[ idx % OmpValTableSize ]), wctx_pc_save, sizeof (struct WalkContext));
1775 idx = (idx + val) * ROOT_IDX;
1776 __collector_memcpy (&(OmpCtxs[ idx % OmpValTableSize ]), wctx, sizeof (struct WalkContext));
1778 unsigned long *sp = NULL;
1779 unsigned long fp = wctx_pc_save->fp;
1781 if (val == RA_END_OF_STACK)
1783 sp = (unsigned long *) (wctx->sp);
1785 TprintfT (DBG_LT1, "omp_cache_put: get sp from EOS, sp=%p\n", sp);
1789 if (fp < wctx_pc_save->sp || fp >= wctx_pc_save->sbase - sizeof (*sp))
1791 sp = (unsigned long *) (wctx->sp);
1793 TprintfT (DBG_LT1, "omp_cache_put: get sp from sp, sp=%p\n", sp);
1797 TprintfT (DBG_LT1, "omp_cache_put: get sp from fp=0x%lx\n", fp);
1798 sp = (unsigned long *) fp;
1803 if (sp < cur_sp_safe || ((unsigned long) sp >= wctx->sbase))
1806 unsigned long ra = *sp++;
1809 unsigned long tbgn = wctx_pc_save->tbgn;
1810 unsigned long tend = wctx_pc_save->tend;
1811 if (ra < tbgn || ra >= tend)
1813 sp = (unsigned long *) (wctx->sp);
1818 #ifdef USE_18434988_OMP_CACHE_WORKAROUND
1819 uint64_t idx1 = wctx_pc_save->pc * ROOT_IDX;
1820 uint64_t idx2 = (idx1 + val) * ROOT_IDX;
1821 uint64_t idx3 = (idx2 + val) * ROOT_IDX;
1822 uint64_t idx4 = (idx3 + val) * ROOT_IDX;
1823 OmpRAs [ idx4 % OmpValTableSize ] = 0; // lock
1824 OmpVals[ idx1 % OmpValTableSize ] = val;
1825 __collector_memcpy (&(OmpCurCtxs[ idx2 % OmpValTableSize ]), wctx_pc_save, sizeof (struct WalkContext));
1826 __collector_memcpy (&(OmpCtxs [ idx3 % OmpValTableSize ]), wctx, sizeof (struct WalkContext));
1827 OmpRAs [ idx4 % OmpValTableSize ] = ra;
1829 idx = (idx + val) * ROOT_IDX;
1830 OmpRAs[ idx % OmpValTableSize ] = ra;
1832 TprintfT (DBG_LT1, "omp_cache_put: pc=0x%lx\n", wctx_pc_save->pc);
1836 * See bug 17166877 - malloc_internal unwind failure.
1837 * Sometimes there are several calls right after ret, like:
1843 * If they are also jump targets, we should better not
1844 * create new jump context for those, since they may
1845 * end up into some other function.
1848 is_after_ret (unsigned char * npc)
1852 unsigned char * onpc = npc;
1857 while (*(npc - 5) == 0xe8 && steps < maxsteps)
1863 if (*(npc - 1) != 0xc3 || *(npc - 2) != 0xc9)
1866 while (*(onpc + 5) == 0xe8 && steps < maxsteps)
1872 if (ncall < mincalls)
1878 find_i386_ret_addr (struct WalkContext *wctx, int do_walk)
1881 // Some artificial contexts may have %sp set to 0. See SETFUNCTIONCONTEXT()
1884 /* Check cached values */
1885 int retc = cache_get (wctx);
1886 if (retc != RA_FAILURE)
1889 /* An attempt to perform code analysis for call stack tracing */
1890 unsigned char opcode;
1891 unsigned char extop;
1892 unsigned char extop2;
1893 unsigned char modrm;
1894 int imm8; /* immediate operand, byte */
1895 int immv; /* immediate operand, word(2) or doubleword(4) */
1896 int reg; /* register code */
1898 /* Buffer for branch targets (analysis stoppers) */
1899 unsigned char *targets[MAXTRGTS];
1900 int ntrg = 0; /* number of entries in the table */
1901 targets[ntrg++] = (unsigned char*) wctx->pc;
1902 targets[ntrg++] = (unsigned char*) - 1;
1904 struct AdvWalkContext buf[MAXCTX];
1905 struct AdvWalkContext *cur = buf;
1906 CALL_UTIL (memset)((void*) cur, 0, sizeof (*cur));
1908 cur->pc = (unsigned char*) wctx->pc;
1909 cur->sp = (unsigned long*) wctx->sp;
1910 cur->sp_safe = cur->sp - RED_ZONE; /* allow for the 128-byte red zone on amd64 */
1911 cur->fp = (unsigned long*) wctx->fp;
1913 DprintfT (SP_DUMP_UNWIND, "\nstack_unwind (x86 walk):%d %p start\n", __LINE__, cur->pc);
1915 int nctx = 1; /* number of contexts being processed */
1916 int cnt = 8192; /* number of instructions to analyse */
1919 * The basic idea of our x86 stack unwind is that we don't know
1920 * if we can trust the frame-pointer register. So we walk
1921 * instructions to find a return instruction, at which point
1922 * we know the return address is on the top of the stack, etc.
1924 * A severe challenge to walking x86 instructions is when we
1925 * encounter "jmp *(reg)" instructions, where we are expected
1926 * to jump to the (unknown-to-us) contents of a register.
1928 * The "jmp_reg" code here attempts to keep track of the
1929 * context for such a jump, deferring any handling of such
1930 * a difficult case. We continue with other contexts, hoping
1931 * that some other walk will take us to a return instruction.
1933 * If no other walk helps, we return to "jmp_reg" contexts.
1934 * While we don't know the jump target, it is possible that the
1935 * bytes immediately following the jmp_reg instruction represent
1936 * one possible target, as might be the case when a "switch"
1937 * statement is compiled.
1939 * Unfortunately, the bytes following a "jmp_reg" instruction might
1940 * instead be a jump target from somewhere else -- execution might
1941 * never "fall through" from the preceding "jmp_reg". Those bytes
1942 * might not even be instructions at all. There are many uses of
1943 * jmp_reg instructions beyond just compiling switch statements.
1945 * So walking the bytes after a "jmp_reg" instruction can lead
1946 * to bugs and undefined behavior, including SEGV and core dump.
1948 * We currently do not really understand the "jmp_reg" code below.
1950 int jmp_reg_switch_mode = 0;
1951 int num_jmp_reg = 0; // number of jmp *reg met when switch mode is off or when in current switch case
1952 int total_num_jmp_reg = 0; // number of total jmp *reg met
1953 struct AdvWalkContext * jmp_reg_ctx[MAXJMPREG]; // context of jmp *reg met when switch mode is off or when in current switch case
1954 struct AdvWalkContext * jmp_reg_switch_ctx[MAXJMPREG]; // context of jmp *reg used in switch cases
1955 struct AdvWalkContext * jmp_reg_switch_backup_ctx = NULL; // context of the first jmp *reg used in switch cases
1957 int cur_jmp_reg_switch = 0; // current switch table
1958 int num_jmp_reg_switch = 0; // number of switch table
1959 int jmp_reg_switch_case = 0; // case number in current switch table
1960 unsigned char * jmp_reg_switch_pc = NULL; // the start pc of current switch case
1961 unsigned char * jmp_reg_switch_pc_old = NULL; // backup for deleteing context of jump target
1962 unsigned char * jmp_reg_switch_base = NULL; // start pc for checking offsets
1963 int max_jmp_reg_switch_case = 2;
1965 int max_switch_pc_offset = 512;
1967 int max_switch_pc_offset = 1024;
1969 int expected_num_jmp_reg = 1; // should be smaller than MAXJMPREG
1970 int max_num_jmp_reg_seen = 4; // try to resolve return if there are so many such instructions
1973 int save_ctx = 0; // flag to save walk context in the cache to speed up unwind
1974 struct WalkContext wctx_pc_save;
1976 // do_walk is the flag indicating not walking through the instructions, resolving the RA from the stack fp first
1977 __collector_memcpy (&wctx_pc_save, wctx, sizeof (struct WalkContext));
1981 { // try to resolve RA from stack frame pointer
1982 if (OmpCurCtxs == NULL || OmpCtxs == NULL || OmpVals == NULL || OmpRAs == NULL)
1987 // before goto checkFP, try the RA from cache (key: WalkContext -> value: caller's WalkContext))
1988 uint64_t idx = wctx->pc * ROOT_IDX;
1989 uint32_t val = OmpVals[idx % OmpValTableSize];
1990 idx = (idx + val) * ROOT_IDX;
1991 #ifdef USE_18434988_OMP_CACHE_WORKAROUND
1992 // Check ra: if it is 0 - then cache is invalid
1994 idx4 = (idx + val) * ROOT_IDX;
1995 idx4 = (idx4 + val) * ROOT_IDX;
1996 if (0 == OmpRAs[ idx4 % OmpValTableSize ]) // Invalid cache
1999 struct WalkContext saved_ctx;
2000 __collector_memcpy (&saved_ctx, &OmpCurCtxs[ idx % OmpValTableSize ], sizeof (struct WalkContext));
2001 if (wctx->pc == saved_ctx.pc
2002 && wctx->sp == saved_ctx.sp
2003 && wctx->fp == saved_ctx.fp
2004 && wctx->tbgn == saved_ctx.tbgn
2005 && wctx->tend == saved_ctx.tend)
2006 { // key match, RA may be valid
2007 idx = (idx + val) * ROOT_IDX;
2008 unsigned long *sp = NULL;
2009 unsigned long fp = wctx->fp;
2011 if (val == RA_END_OF_STACK)
2013 DprintfT (SP_DUMP_UNWIND, "find_i386_ret_addr:%d -- RA_END_OF_STACK: pc=0x%lx\n", __LINE__, wctx->pc);
2014 __collector_memcpy (wctx, &OmpCtxs[ idx % OmpValTableSize ], sizeof (struct WalkContext));
2019 if (fp < wctx->sp || fp >= wctx->sbase - sizeof (*sp))
2021 TprintfT (DBG_LT1, "omp_cache_get -- wrong fp: pc=0x%lx\n", wctx->pc);
2022 sp = (unsigned long *) (OmpCtxs[ idx % OmpValTableSize ].sp);
2024 if (sp < cur->sp_safe || (unsigned long) sp >= wctx->sbase)
2028 unsigned long ra = *sp;
2029 uint64_t idx2 = (idx + val) * ROOT_IDX;
2030 if (OmpRAs[ idx2 % OmpValTableSize ] == ra)
2032 __collector_memcpy (wctx, &OmpCtxs[ idx % OmpValTableSize ], sizeof (struct WalkContext));
2033 TprintfT (DBG_LT1, "omp_cache_get -- ra match with target sp: pc=0x%lx, ra=0x%lx, val=%d\n", wctx->pc, ra, val);
2036 TprintfT (DBG_LT1, "omp_cache_get -- ra mismatch: ra=0x%lx, expected ra=0x%lx, val=%d\n", ra, OmpRAs[ idx2 % OmpValTableSize ], val);
2039 sp = (unsigned long *) fp;
2043 uint64_t idx2 = (idx + val) * ROOT_IDX;
2044 unsigned long ra = *sp++;
2047 unsigned long tbgn = wctx->tbgn;
2048 unsigned long tend = wctx->tend;
2049 if (ra < tbgn || ra >= tend)
2051 sp = (unsigned long *) (OmpCtxs[ idx % OmpValTableSize ].sp);
2053 //if (sp < cur->sp_safe - 16 || (unsigned long)sp >= wctx->sbase - sizeof(*sp)) {
2054 // The check above was replaced with the check below,
2055 // because we do not know why "- 16" and "- sizeof(*sp)" was used.
2056 if (sp < cur->sp_safe || (unsigned long) sp >= wctx->sbase)
2062 if (OmpRAs[ idx2 % OmpValTableSize ] == ra)
2064 TprintfT (DBG_LT1, "omp_cache_get -- ra match: pc=0x%lx\n", wctx->pc);
2065 __collector_memcpy (wctx, &OmpCtxs[ idx % OmpValTableSize ], sizeof (struct WalkContext));
2073 CALL_UTIL (memset)(jmp_reg_ctx, 0, MAXJMPREG * sizeof (struct AdvWalkContext *));
2074 CALL_UTIL (memset)(jmp_reg_switch_ctx, 0, MAXJMPREG * sizeof (struct AdvWalkContext *));
2078 if (nctx == 0 && (num_jmp_reg == expected_num_jmp_reg || jmp_reg_switch_mode == 1))
2079 { // no context available, try jmp switch mode
2081 if (num_jmp_reg == expected_num_jmp_reg)
2082 jmp_reg_switch_mode = 0; // first jmp reg expected, restart switch mode
2083 DprintfT (SP_DUMP_UNWIND, "unwind.c: begin switch mode, num_jmp_reg = %d, jmp_reg_switch_backup_ctx=%p, jmp_reg_switch_case=%d, jmp_reg_switch_mode=%d.\n",
2084 num_jmp_reg, jmp_reg_switch_backup_ctx, jmp_reg_switch_case, jmp_reg_switch_mode);
2085 // the ideal asm of switch is
2092 if (jmp_reg_switch_mode == 0)
2094 num_jmp_reg_switch = num_jmp_reg; // backup num_jmp_reg
2095 jmp_reg_switch_mode = 1; // begin switch mode
2096 for (i = 0; i < num_jmp_reg_switch; i++)
2098 if (jmp_reg_switch_ctx[i] == NULL)
2099 jmp_reg_switch_ctx[i] = (struct AdvWalkContext*) alloca (sizeof (*jmp_reg_switch_ctx[i]));
2100 if (jmp_reg_switch_ctx[i] != NULL)
2101 { // backup jmp_reg_ctx
2102 __collector_memcpy (jmp_reg_switch_ctx[i], jmp_reg_ctx[i], sizeof (*jmp_reg_switch_ctx[i]));
2103 cur_jmp_reg_switch = 0; // reset the current switch table
2104 jmp_reg_switch_case = 0; // reset the case number in current switch table
2107 if (jmp_reg_switch_backup_ctx == NULL)
2108 { // only backup when the first jmp *reg is met for restoring later, if switch mode fails to resolve RA
2109 jmp_reg_switch_backup_ctx = (struct AdvWalkContext*) alloca (sizeof (*jmp_reg_switch_backup_ctx));
2110 if (jmp_reg_switch_backup_ctx != NULL)
2111 __collector_memcpy (jmp_reg_switch_backup_ctx, cur, sizeof (*cur));
2112 DprintfT (SP_DUMP_UNWIND, "unwind.c: back up context for switch mode.\n");
2115 if (jmp_reg_switch_mode == 1)
2116 { // in the process of trying switch cases
2117 if (cur_jmp_reg_switch == num_jmp_reg_switch)
2119 DprintfT (SP_DUMP_UNWIND, "unwind.c: have tried all switch with max_jmp_reg_switch_case for each\n");
2120 if (jmp_reg_switch_backup_ctx != NULL)
2121 __collector_memcpy (cur, jmp_reg_switch_backup_ctx, sizeof (*cur));
2122 int rc = process_return_real (wctx, cur, 0);
2123 if (rc == RA_SUCCESS)
2126 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
2129 break; // have tried all switch with max_jmp_reg_switch_case for each, goto checkFP
2131 unsigned char *npc = jmp_reg_switch_ctx[cur_jmp_reg_switch]->pc;
2132 if (jmp_reg_switch_case == 0)
2133 // first switch case
2134 npc = check_modrm (npc); // pc next to "jmp reg" instruction
2135 else if (jmp_reg_switch_pc != NULL)
2136 npc = jmp_reg_switch_pc; // // pc next to "ret" instruction of previous case
2139 DprintfT (SP_DUMP_UNWIND, "unwind.c: unexpected jum switch mode situation, jmp_reg_switch_case=%d, jmp_reg_switch_pc=%p\n",
2140 jmp_reg_switch_case, jmp_reg_switch_pc);
2141 break; //goto checkFP
2143 jmp_reg_switch_base = npc;
2144 struct AdvWalkContext *new = buf + nctx;
2146 __collector_memcpy (new, jmp_reg_switch_ctx[cur_jmp_reg_switch], sizeof (*new));
2148 cur = new; /* advance the new context first */
2149 jmp_reg_switch_pc = NULL;
2150 jmp_reg_switch_case++;
2151 if (jmp_reg_switch_case == max_jmp_reg_switch_case)
2152 { // done many cases, change to another switch table
2153 cur_jmp_reg_switch++;
2154 jmp_reg_switch_case = 0;
2159 if (jmp_reg_switch_mode == 1)
2160 { // when processing switch cases, check pc each time
2161 unsigned long tbgn = wctx->tbgn;
2162 unsigned long tend = wctx->tend;
2163 if ((unsigned long) (cur->pc) < tbgn || (unsigned long) (cur->pc) >= tend)
2165 DprintfT (SP_DUMP_UNWIND, "unwind.c: pc out of range, pc=0x%lx\n", (unsigned long) (cur->pc));
2168 if (jmp_reg_switch_base != NULL && cur->pc > jmp_reg_switch_base + max_switch_pc_offset)
2170 DprintfT (SP_DUMP_UNWIND, "unwind.c: limit the walk offset after jmp reg instruction\n");
2171 if (jmp_reg_switch_backup_ctx != NULL)
2172 __collector_memcpy (cur, jmp_reg_switch_backup_ctx, sizeof (*cur));
2173 int rc = process_return_real (wctx, cur, 0);
2174 if (rc == RA_SUCCESS)
2177 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
2180 break; // limit the walk offset after jmp reg instruction, got checkFP
2186 // dump_targets (__LINE__, ntrg, targets);
2187 while (cur->pc > targets[cur->tidx])
2189 if (cur->pc == targets[cur->tidx])
2191 /* Stop analysis. Delete context. */
2192 if (jmp_reg_switch_mode == 0 || cur->pc != jmp_reg_switch_pc_old)
2194 if (jmp_reg_switch_mode == 1 && nctx == 1 && jmp_reg_switch_pc == NULL)
2196 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d old target, cur->pc=%p, jmp_reg_switch_pc=%p, nctx=%d\n",
2197 __LINE__, cur->pc, jmp_reg_switch_pc, nctx);
2198 jmp_reg_switch_pc = cur->pc; // save cp before delete context, may be used as a start of switch case
2199 jmp_reg_switch_pc_old = jmp_reg_switch_pc;
2201 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, old target.\n", __LINE__);
2203 if (cur >= buf + nctx)
2207 if (jmp_reg_switch_mode == 1 && cur->pc == jmp_reg_switch_pc_old)
2208 jmp_reg_switch_pc_old = NULL; // reset jmp_reg_switch_pc_old to delete the context later when cur->pc != jmp_reg_switch_pc_old
2211 /* let's walk the next x86 instruction */
2212 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d cur:%ld pc=0x%lx %02x %02x %02x %02x %02x %02x %02x sp=0x%lx\n",
2213 __LINE__, (long) (cur - buf), (unsigned long) cur->pc,
2214 (int) cur->pc[0], (int) cur->pc[1], (int) cur->pc[2],
2215 (int) cur->pc[3], (int) cur->pc[4], (int) cur->pc[5],
2216 (int) cur->pc[6], (unsigned long) cur->sp);
2217 int v = 4; /* Operand size */
2218 int a = 4; /* Address size */
2219 /* int W = 0; REX.W bit */
2221 int R = 0; /* REX.R bit */
2223 int X = 0; /* REX.X bit */
2224 int B = 0; /* REX.B bit */
2225 /* Check prefixes */
2229 opcode = *cur->pc++;
2232 case 0x66: /* opd size override */
2235 case 0x67: /*addr size override */
2239 case 0x40: /* REX */
2255 B = (opcode & 0x1) ? 8 : 0;
2256 X = (opcode & 0x2) ? 8 : 0;
2257 R = (opcode & 0x4) ? 8 : 0;
2258 if (opcode & 0x8) /* 64 bit operand size */
2260 opcode = *cur->pc++;
2269 int z = (v == 8) ? 4 : v;
2272 case 0x0: /* add Eb,Gb */
2273 case 0x01: /* add Ev,Gv */
2274 case 0x02: /* add Gb,Eb */
2275 case 0x03: /* add Gv,Ev */
2276 cur->pc = check_modrm (cur->pc);
2278 case 0x04: /* add %al,Ib */
2281 case 0x05: /* add %eax,Iz */
2284 case 0x06: /* push es */
2287 case 0x07: /* pop es */
2289 if (cur->sp - RED_ZONE > cur->sp_safe)
2290 cur->sp_safe = cur->sp - RED_ZONE;
2292 case 0x08: /* or Eb,Gb */
2293 case 0x09: /* or Ev,Gv */
2294 case 0x0a: /* or Gb,Eb */
2295 case 0x0b: /* or Gv,Ev */
2296 cur->pc = check_modrm (cur->pc);
2298 case 0x0c: /* or %al,Ib */
2301 case 0x0d: /* or %eax,Iz */
2304 case 0x0e: /* push cs */
2307 case 0x0f: /* two-byte opcodes */
2315 case 0xd5: /* xend */
2316 case 0xd6: /* xtest */
2324 cur->pc = check_modrm (cur->pc);
2327 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, undefined instruction. opcode=0x%02x\n",
2328 __LINE__, (int) opcode);
2331 case 0x05: /* syscall */
2332 case 0x34: /* sysenter */
2333 if (cur->rax == __NR_exit)
2335 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, opcode=0x%02x\n",
2336 __LINE__, (int) opcode);
2340 else if (cur->rax == __NR_rt_sigreturn)
2342 if (jmp_reg_switch_mode == 1)
2344 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d give up return address under jmp switch mode, opcode=0x%02x\n",
2345 __LINE__, (int) opcode);
2348 wctx->sp = (unsigned long) cur->sp;
2350 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_RT_SIGRETURN);
2351 return RA_RT_SIGRETURN;
2354 else if (cur->rax == __NR_sigreturn)
2356 if (jmp_reg_switch_mode == 1)
2358 DprintfT (SP_DUMP_UNWIND, "unwind.c: give up return address under jmp switch mode, opcode = 0x34\n");
2361 wctx->sp = (unsigned long) cur->sp;
2363 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_SIGRETURN);
2364 return RA_SIGRETURN;
2367 /* Check for Linus' trick in the vsyscall page */
2368 while (*cur->pc == 0x90) /* nop */
2370 if (*cur->pc == 0xeb) /* jmp imm8 */
2373 case 0x0d: /* nop Ev */
2374 cur->pc = check_modrm (cur->pc);
2376 case 0x10: /* xmm Vq,Wq */
2384 cur->pc = check_modrm (cur->pc);
2386 case 0x18: /* prefetch */
2387 cur->pc = check_modrm (cur->pc);
2389 case 0x1E: /* endbr64/endbr32 (f3 0f 1e .. ) is parsing as repz nop edx */
2392 case 0x1f: /* nop Ev */
2393 cur->pc = check_modrm (cur->pc);
2395 case 0x28: /* xmm Vq,Wq */
2403 cur->pc = check_modrm (cur->pc);
2405 case 0x30: /* wrmsr */
2406 case 0x31: /* rdtsc */
2407 case 0x32: /* rdmsr */
2408 case 0x33: /* rdpmc */
2410 /* case 0x34: sysenter (see above) */
2411 case 0x38: case 0x3a:
2412 extop2 = *cur->pc++;
2413 cur->pc = check_modrm (cur->pc);
2414 // 21275311 Unwind failure in native stack for java application running on jdk8
2415 // Three-byte opcodes "66 0f 3a ??" should consume an additional "immediate" byte.
2419 case 0x40: case 0x41: case 0x42: case 0x43: /* CMOVcc Gv,Ev */
2420 case 0x44: case 0x45: case 0x46: case 0x47:
2421 case 0x48: case 0x49: case 0x4a: case 0x4b:
2422 case 0x4c: case 0x4d: case 0x4e: case 0x4f:
2423 cur->pc = check_modrm (cur->pc);
2425 case 0x50: case 0x51: case 0x52: case 0x53:
2426 case 0x54: case 0x55: case 0x56: case 0x57:
2427 case 0x58: case 0x59: case 0x5a: case 0x5b:
2428 case 0x5c: case 0x5d: case 0x5e: case 0x5f:
2429 case 0x60: case 0x61: case 0x62: case 0x63:
2430 case 0x64: case 0x65: case 0x66: case 0x67:
2431 case 0x68: case 0x69: case 0x6a: case 0x6b:
2432 case 0x6c: case 0x6d: case 0x6e: case 0x6f:
2433 cur->pc = check_modrm (cur->pc);
2435 case 0x70: case 0x71: case 0x72: case 0x73:
2436 cur->pc = check_modrm (cur->pc) + 1;
2438 case 0x74: case 0x75: case 0x76:
2439 cur->pc = check_modrm (cur->pc);
2443 case 0x7c: case 0x7d: case 0x7e: case 0x7f:
2444 cur->pc = check_modrm (cur->pc);
2446 case 0x80: case 0x81: case 0x82: case 0x83: /* Jcc Jz */
2447 case 0x84: case 0x85: case 0x86: case 0x87:
2448 case 0x88: case 0x89: case 0x8a: case 0x8b:
2449 case 0x8c: case 0x8d: case 0x8e: case 0x8f:
2450 immv = read_int (cur->pc, z);
2452 if (nctx < (jmp_reg_switch_mode ? MAXJMPREGCTX : MAXCTX))
2455 unsigned char *npc = cur->pc + immv;
2456 if ((unsigned long) npc < wctx->tbgn || (unsigned long) npc >= wctx->tend)
2458 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, opcode=0x%02x\n",
2459 __LINE__, (int) opcode);
2463 if (is_after_ret (npc))
2465 while (npc > targets[tidx])
2467 if (npc != targets[tidx])
2469 if (ntrg < MAXTRGTS)
2471 for (int i = 0; i < nctx; i++)
2472 if (buf[i].tidx >= tidx)
2475 /* insert a new target */
2476 for (int i = ntrg; i > tidx; i--)
2477 targets[i] = targets[i - 1];
2479 targets[tidx++] = npc;
2482 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d ntrg=max(%d)\n",
2484 struct AdvWalkContext *new = buf + nctx;
2486 __collector_memcpy (new, cur, sizeof (*new));
2489 cur = new; /* advance the new context first */
2494 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d nctx=max(%d)\n",
2497 case 0x90: case 0x91: case 0x92: case 0x93: /* setcc Eb */
2498 case 0x94: case 0x95: case 0x96: case 0x97:
2499 case 0x98: case 0x99: case 0x9a: case 0x9b:
2500 case 0x9c: case 0x9d: case 0x9e: case 0x9f:
2501 cur->pc = check_modrm (cur->pc);
2503 case 0xa0: /* push fs */
2506 case 0xa1: /* pop fs */
2508 if (cur->sp - RED_ZONE > cur->sp_safe)
2509 cur->sp_safe = cur->sp - RED_ZONE;
2511 case 0xa2: /* cpuid */
2513 case 0xa3: /* bt Ev,Gv */
2514 cur->pc = check_modrm (cur->pc);
2516 case 0xa4: /* shld Ev,Gv,Ib */
2517 cur->pc = check_modrm (cur->pc);
2520 case 0xa5: /* shld Ev,Gv,%cl */
2521 cur->pc = check_modrm (cur->pc);
2523 case 0xa8: /* push gs */
2526 case 0xa9: /* pop gs */
2528 if (cur->sp - RED_ZONE > cur->sp_safe)
2529 cur->sp_safe = cur->sp - RED_ZONE;
2531 case 0xaa: /* rsm */
2533 case 0xab: /* bts Ev,Gv */
2534 cur->pc = check_modrm (cur->pc);
2536 case 0xac: /* shrd Ev,Gv,Ib */
2537 cur->pc = check_modrm (cur->pc);
2540 case 0xad: /* shrd Ev,Gv,%cl */
2541 cur->pc = check_modrm (cur->pc);
2543 case 0xae: /* group15 */
2544 cur->pc = check_modrm (cur->pc);
2546 case 0xaf: /* imul Gv,Ev */
2547 cur->pc = check_modrm (cur->pc);
2549 case 0xb1: /* cmpxchg Ev,Gv */
2550 cur->pc = check_modrm (cur->pc);
2553 case 0xb6: /* movzx Gv,Eb */
2554 case 0xb7: /* movzx Gv,Ew */
2555 cur->pc = check_modrm (cur->pc);
2557 case 0xba: /* group8 Ev,Ib */
2558 cur->pc = check_modrm (cur->pc);
2561 case 0xbb: /* btc Ev,Gv */
2562 case 0xbc: /* bsf Gv,Ev */
2563 case 0xbd: /* bsr Gv,Ev */
2564 cur->pc = check_modrm (cur->pc);
2566 case 0xbe: /* movsx Gv,Eb */
2567 case 0xbf: /* movsx Gv,Ew */
2568 cur->pc = check_modrm (cur->pc);
2570 case 0xc0: /* xadd Eb,Gb */
2571 case 0xc1: /* xadd Ev,Gv */
2572 cur->pc = check_modrm (cur->pc);
2574 case 0xc2: /* cmpps V,W,Ib */
2575 cur->pc = check_modrm (cur->pc);
2578 case 0xc3: /* movnti M,G */
2579 cur->pc = check_modrm (cur->pc);
2581 case 0xc6: /* shufps V,W,Ib */
2582 cur->pc = check_modrm (cur->pc);
2585 case 0xc7: /* RDRAND */
2586 cur->pc = check_modrm (cur->pc);
2588 case 0xc8: case 0xc9: case 0xca: case 0xcb: /* bswap */
2589 case 0xcc: case 0xcd: case 0xce: case 0xcf:
2591 case 0xd0: case 0xd1: case 0xd2: case 0xd3:
2592 case 0xd4: case 0xd5: case 0xd6: case 0xd7:
2593 case 0xd8: case 0xd9: case 0xda: case 0xdb:
2594 case 0xdc: case 0xdd: case 0xde: case 0xdf:
2595 case 0xe0: case 0xe1: case 0xe2: case 0xe3:
2596 case 0xe4: case 0xe5: case 0xe6: case 0xe7:
2597 case 0xe8: case 0xe9: case 0xea: case 0xeb:
2598 case 0xec: case 0xed: case 0xee: case 0xef:
2599 case 0xf0: case 0xf1: case 0xf2: case 0xf3:
2600 case 0xf4: case 0xf5: case 0xf6: case 0xf7:
2601 case 0xf8: case 0xf9: case 0xfa: case 0xfb:
2602 case 0xfc: case 0xfd: case 0xfe: case 0xff:
2603 cur->pc = check_modrm (cur->pc);
2606 if (jmp_reg_switch_mode == 1 && extop == 0x0b)
2607 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d invalid opcode ub2: 0x0f %x jmp_reg_switch_mode=%d\n",
2608 __LINE__, (int) extop, jmp_reg_switch_mode);
2611 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d unknown opcode: 0x0f %x jmp_reg_switch_mode=%d\n",
2612 __LINE__, (int) extop, jmp_reg_switch_mode);
2618 case 0x10: /* adc Eb,Gb */
2619 case 0x11: /* adc Ev,Gv */
2620 case 0x12: /* adc Gb,Eb */
2621 case 0x13: /* adc Gv,Ev */
2622 cur->pc = check_modrm (cur->pc);
2624 case 0x14: /* adc %al,Ib */
2627 case 0x15: /* adc %eax,Iz */
2630 case 0x16: /* push ss */
2633 case 0x17: /* pop ss */
2635 if (cur->sp - RED_ZONE > cur->sp_safe)
2636 cur->sp_safe = cur->sp - RED_ZONE;
2638 case 0x18: /* sbb Eb,Gb */
2639 case 0x19: /* sbb Ev,Gv */
2640 case 0x1a: /* sbb Gb,Eb */
2641 case 0x1b: /* sbb Gv,Ev */
2642 cur->pc = check_modrm (cur->pc);
2644 case 0x1c: /* sbb %al,Ib */
2647 case 0x1d: /* sbb %eax,Iz */
2650 case 0x1e: /* push ds */
2653 case 0x1f: /* pop ds */
2655 if (cur->sp - RED_ZONE > cur->sp_safe)
2656 cur->sp_safe = cur->sp - RED_ZONE;
2658 case 0x20: /* and Eb,Gb */
2659 case 0x21: /* and Ev,Gv */
2660 case 0x22: /* and Gb,Eb */
2661 case 0x23: /* and Gv,Ev */
2662 cur->pc = check_modrm (cur->pc);
2664 case 0x24: /* and %al,Ib */
2667 case 0x25: /* and %eax,Iz */
2670 case 0x26: /* seg=es prefix */
2672 case 0x27: /* daa */
2674 case 0x28: /* sub Eb,Gb */
2675 case 0x29: /* sub Ev,Gv */
2676 case 0x2a: /* sub Gb,Eb */
2677 case 0x2b: /* sub Gv,Ev */
2678 cur->pc = check_modrm (cur->pc);
2680 case 0x2c: /* sub %al,Ib */
2683 case 0x2d: /* sub %eax,Iz */
2686 case 0x2e: /* seg=cs prefix */
2688 case 0x2f: /* das */
2690 case 0x30: /* xor Eb,Gb */
2691 case 0x31: /* xor Ev,Gv */
2692 case 0x32: /* xor Gb,Eb */
2693 case 0x33: /* xor Gv,Ev */
2694 cur->pc = check_modrm (cur->pc);
2696 case 0x34: /* xor %al,Ib */
2699 case 0x35: /* xor %eax,Iz */
2702 case 0x36: /* seg=ss prefix */
2704 case 0x37: /* aaa */
2706 case 0x38: /* cmp Eb,Gb */
2707 case 0x39: /* cmp Ev,Gv */
2708 case 0x3a: /* cmp Gb,Eb */
2709 case 0x3b: /* cmp Gv,Ev */
2710 cur->pc = check_modrm (cur->pc);
2712 case 0x3c: /* cmp %al,Ib */
2715 case 0x3d: /* cmp %eax,Iz */
2718 case 0x3e: /* seg=ds prefix */
2720 case 0x3f: /* aas */
2723 case 0x40: /* inc %eax */
2724 case 0x41: /* inc %ecx */
2725 case 0x42: /* inc %edx */
2726 case 0x43: /* inc %ebx */
2728 case 0x44: /* inc %esp */
2729 /* Can't be a valid stack pointer - delete context */
2730 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, opcode 0x44.\n", __LINE__);
2733 case 0x45: /* inc %ebp */
2734 case 0x46: /* inc %esi */
2735 case 0x47: /* inc %edi */
2736 case 0x48: /* dec %eax */
2737 case 0x49: /* dec %ecx */
2738 case 0x4a: /* dec %edx */
2739 case 0x4b: /* dec %ebx */
2741 case 0x4c: /* dec %esp */
2742 /* Can't be a valid stack pointer - delete context */
2743 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, opcode 0x4c.\n", __LINE__);
2746 case 0x4d: /* dec %ebp */
2747 case 0x4e: /* dec %esi */
2748 case 0x4f: /* dec %edi */
2751 case 0x50: /* push %eax */
2752 case 0x51: /* push %ecx */
2753 case 0x52: /* push %edx */
2754 case 0x53: /* push %ebx */
2755 case 0x54: /* push %esp */
2756 case 0x55: /* push %ebp */
2757 case 0x56: /* push %esi */
2758 case 0x57: /* push %edi */
2760 reg = OPC_REG (opcode);
2764 /* Don't do this check yet. Affects tail calls. */
2765 /* avoid other function's prologue */
2766 if ((cur->pc[0] == 0x89 && cur->pc[1] == 0xe5) ||
2767 (cur->pc[0] == 0x8b && cur->pc[1] == 0xec))
2774 if (cur->fp_loc == NULL)
2776 cur->fp_loc = cur->sp;
2777 cur->fp_sav = cur->fp;
2781 case 0x58: /* pop %eax */
2782 case 0x59: /* pop %ecx */
2783 case 0x5a: /* pop %edx */
2784 case 0x5b: /* pop %ebx */
2785 case 0x5c: /* pop %esp */
2786 case 0x5d: /* pop %ebp */
2787 case 0x5e: /* pop %esi */
2788 case 0x5f: /* pop %edi */
2789 reg = OPC_REG (opcode);
2791 if (isInside ((unsigned long) cur->sp, (unsigned long) cur->sp_safe, wctx->sbase))
2792 cur->regs[reg] = *cur->sp;
2793 DprintfT (SP_DUMP_UNWIND, "stack_unwind:%d cur->regs[%d]=0x%lx\n",
2794 __LINE__, reg, (unsigned long) cur->regs[reg]);
2797 if (cur->sp >= cur->sp_safe &&
2798 (unsigned long) cur->sp < wctx->sbase)
2799 cur->rdx = *cur->sp;
2801 else if (reg == RBP)
2803 if (cur->fp_loc == cur->sp)
2805 cur->fp = cur->fp_sav;
2808 else if (cur->sp >= cur->sp_safe &&
2809 (unsigned long) cur->sp < wctx->sbase)
2810 cur->fp = (unsigned long*) (*cur->sp);
2812 else if (reg == RSP)
2814 /* f.e. JVM I2CAdapter */
2815 if (cur->sp >= cur->sp_safe && (unsigned long) cur->sp < wctx->sbase)
2817 unsigned long *nsp = (unsigned long*) (*cur->sp);
2818 if (nsp >= cur->sp && nsp <= cur->fp)
2824 DprintfT (SP_DUMP_UNWIND, "stack_unwind%d give up return address, opcode=0x%02x\n",
2831 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d give up return address, opcode=0x%02x\n",
2838 if (cur->sp - RED_ZONE > cur->sp_safe)
2840 cur->sp_safe = cur->sp - RED_ZONE;
2843 case 0x60: /* pusha(d) */
2846 case 0x61: /* popa(d) */
2848 if (cur->sp - RED_ZONE > cur->sp_safe)
2849 cur->sp_safe = cur->sp - RED_ZONE;
2851 case 0x62: /* group AVX, 4-bytes EVEX prefix */
2853 unsigned char *pc = cur->pc - 1; // points to the beginning of the instruction
2854 int len = parse_x86_AVX_instruction (pc);
2866 case 0x63: /* arpl Ew,Gw (32) movsxd Gv,Ev (64)*/
2867 cur->pc = check_modrm (cur->pc);
2869 case 0x64: /* seg=fs prefix */
2870 case 0x65: /* seg=gs prefix */
2872 case 0x66: /* opd size override */
2873 case 0x67: /* addr size override */
2875 case 0x68: /* push Iz */
2876 cur->sp = (unsigned long*) ((long) cur->sp - z);
2879 case 0x69: /* imul Gv,Ev,Iz */
2880 cur->pc = check_modrm (cur->pc);
2883 case 0x6a: /* push Ib */
2884 cur->sp = (unsigned long*) ((long) cur->sp - v);
2887 case 0x6b: /* imul Gv,Ev,Ib */
2888 cur->pc = check_modrm (cur->pc);
2891 case 0x6c: case 0x6d: case 0x6e: case 0x6f:
2892 cur->pc = check_modrm (cur->pc);
2894 case 0x70: /* jo Jb */
2895 case 0x71: /* jno Jb */
2896 case 0x72: /* jb Jb */
2897 case 0x73: /* jnb Jb */
2898 case 0x74: /* jz Jb */
2899 case 0x75: /* jnz Jb */
2900 case 0x76: /* jna Jb */
2901 case 0x77: /* ja Jb */
2902 case 0x78: /* js Jb */
2903 case 0x79: /* jns Jb */
2904 case 0x7a: /* jp Jb */
2905 case 0x7b: /* jnp Jb */
2906 case 0x7c: /* jl Jb */
2907 case 0x7d: /* jge Jb */
2908 case 0x7e: /* jle Jb */
2909 case 0x7f: /* jg Jb */
2910 imm8 = *(char*) cur->pc++;
2911 if (nctx < (jmp_reg_switch_mode ? MAXJMPREGCTX : MAXCTX))
2914 unsigned char *npc = cur->pc + imm8;
2915 if (is_after_ret (npc))
2917 while (npc > targets[tidx])
2919 if (npc != targets[tidx])
2921 if (ntrg < MAXTRGTS)
2923 for (int i = 0; i < nctx; i++)
2924 if (buf[i].tidx >= tidx)
2927 /* insert a new target */
2928 for (int i = ntrg; i > tidx; i--)
2929 targets[i] = targets[i - 1];
2931 targets[tidx++] = npc;
2934 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d ntrg(%d)=max\n", __LINE__, ntrg);
2935 struct AdvWalkContext *new = buf + nctx;
2937 __collector_memcpy (new, cur, sizeof (*new));
2940 cur = new; /* advance the new context first */
2945 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d nctx(%d)=max\n", __LINE__, nctx);
2947 case 0x80: /* group1 Eb,Ib */
2948 cur->pc = check_modrm (cur->pc);
2951 case 0x81: /* group1 Ev,Iz */
2953 if (MRM_MOD (modrm) == 0xc0 && MRM_REGS (modrm) == RSP)
2955 int immz = read_int (cur->pc + 1, z);
2956 extop = MRM_EXT (modrm);
2957 if (extop == 0) /* add imm32,%esp */
2958 cur->sp = (unsigned long*) ((long) cur->sp + immz);
2959 else if (extop == 4) /* and imm32,%esp */
2960 cur->sp = (unsigned long*) ((long) cur->sp & immz);
2961 else if (extop == 5) /* sub imm32,%esp */
2962 cur->sp = (unsigned long*) ((long) cur->sp - immz);
2963 if (cur->sp - RED_ZONE > cur->sp_safe)
2964 cur->sp_safe = cur->sp - RED_ZONE;
2966 cur->pc = check_modrm (cur->pc);
2969 case 0x82: /* group1 Eb,Ib */
2970 cur->pc = check_modrm (cur->pc);
2973 case 0x83: /* group1 Ev,Ib */
2975 if (MRM_MOD (modrm) == 0xc0 && MRM_REGS (modrm) == RSP)
2977 imm8 = (char) cur->pc[1]; /* sign extension */
2978 extop = MRM_EXT (modrm);
2979 if (extop == 0) /* add imm8,%esp */
2980 cur->sp = (unsigned long*) ((long) cur->sp + imm8);
2981 else if (extop == 4) /* and imm8,%esp */
2982 cur->sp = (unsigned long*) ((long) cur->sp & imm8);
2983 else if (extop == 5) /* sub imm8,%esp */
2984 cur->sp = (unsigned long*) ((long) cur->sp - imm8);
2985 if (cur->sp - RED_ZONE > cur->sp_safe)
2986 cur->sp_safe = cur->sp - RED_ZONE;
2988 cur->pc = check_modrm (cur->pc);
2991 case 0x84: /* test Eb,Gb */
2992 case 0x85: /* test Ev,Gv */
2993 case 0x86: /* xchg Eb,Gb */
2994 case 0x87: /* xchg Ev,Gv */
2995 cur->pc = check_modrm (cur->pc);
2997 case 0x88: /* mov Eb,Gb */
2998 cur->pc = check_modrm (cur->pc);
3000 case 0x89: /* mov Ev,Gv */
3002 if (MRM_MOD (modrm) == 0xc0)
3004 if (MRM_REGS (modrm) == RBP && MRM_REGD (modrm) == RSP)
3005 /* movl %esp,%ebp */
3007 else if (MRM_REGS (modrm) == RSP && MRM_REGD (modrm) == RBP)
3008 { /* mov %ebp,%esp */
3010 if (cur->sp - RED_ZONE > cur->sp_safe)
3011 cur->sp_safe = cur->sp - RED_ZONE;
3012 if (wctx->fp == (unsigned long) cur->sp)
3013 cur->cval = RA_FROMFP;
3016 else if (MRM_MOD (modrm) == 0x80)
3018 if (MRM_REGS (modrm) == RSP && MRM_REGD (modrm) == RBP)
3020 if (cur->pc[1] == 0x24)
3021 { /* mov %ebp,disp32(%esp) - JVM */
3022 immv = read_int (cur->pc + 2, 4);
3023 cur->fp_loc = (unsigned long*) ((char*) cur->sp + immv);
3024 cur->fp_sav = cur->fp;
3028 else if (MRM_MOD (modrm) == 0x40)
3030 if (MRM_REGS (modrm) == RSP && MRM_REGD (modrm) == RDX)
3032 if (cur->pc[1] == 0x24 && cur->pc[2] == 0x0)
3033 { /* movl %edx,0(%esp) */
3034 cur->ra_loc = cur->sp;
3035 cur->ra_sav = cur->rdx;
3038 else if (MRM_REGS (modrm) == RSP && MRM_REGD (modrm) == RBP)
3040 if (cur->pc[1] == 0x24)
3041 { /* mov %ebp,disp8(%esp) - JVM */
3042 imm8 = ((char*) (cur->pc))[2];
3043 cur->fp_loc = (unsigned long*) ((char*) cur->sp + imm8);
3044 cur->fp_sav = cur->fp;
3048 else if (MRM_MOD (modrm) == 0x0)
3050 if (MRM_REGS (modrm) == RSP && MRM_REGD (modrm) == RBP)
3052 if (cur->pc[1] == 0x24)
3053 { /* mov %ebp,(%esp) */
3054 cur->fp_loc = cur->sp;
3055 cur->fp_sav = cur->fp;
3058 else if (MRM_REGS (modrm) == RSP && MRM_REGD (modrm) == RDX)
3060 if (cur->pc[1] == 0x24)
3061 { /* movl %edx,(%esp) */
3062 cur->ra_loc = cur->sp;
3063 cur->ra_sav = cur->rdx;
3067 cur->pc = check_modrm (cur->pc);
3069 case 0x8a: /* mov Gb,Eb */
3070 cur->pc = check_modrm (cur->pc);
3072 case 0x8b: /* mov Gv,Ev */
3074 if (MRM_MOD (modrm) == 0xc0)
3076 if (MRM_REGS (modrm) == RSP && MRM_REGD (modrm) == RBP)
3079 else if (MRM_REGS (modrm) == RBP && MRM_REGD (modrm) == RSP)
3080 { /* mov %ebp,%esp */
3082 if (cur->sp - RED_ZONE > cur->sp_safe)
3083 cur->sp_safe = cur->sp - RED_ZONE;
3084 if (wctx->fp == (unsigned long) cur->sp)
3085 cur->cval = RA_FROMFP;
3088 else if (MRM_MOD (modrm) == 0x80)
3090 if (MRM_REGS (modrm) == RSP && MRM_REGD (modrm) == RBP)
3092 if (cur->pc[1] == 0x24)
3093 { /* mov disp32(%esp),%ebp */
3094 immv = read_int (cur->pc + 2, 4);
3095 unsigned long *ptr = (unsigned long*) ((char*) cur->sp + immv);
3096 if (cur->fp_loc == ptr)
3098 cur->fp = cur->fp_sav;
3101 else if (ptr >= cur->sp_safe && (unsigned long) ptr < wctx->sbase)
3102 cur->fp = (unsigned long*) (*ptr);
3106 else if (MRM_MOD (modrm) == 0x40)
3108 if (MRM_REGS (modrm) == RSP && MRM_REGD (modrm) == RBP)
3110 if (cur->pc[1] == 0x24)
3111 { /* mov disp8(%esp),%ebp - JVM */
3112 imm8 = ((char*) (cur->pc))[2];
3113 unsigned long *ptr = (unsigned long*) ((char*) cur->sp + imm8);
3114 if (cur->fp_loc == ptr)
3116 cur->fp = cur->fp_sav;
3119 else if (ptr >= cur->sp_safe && (unsigned long) ptr < wctx->sbase)
3120 cur->fp = (unsigned long*) (*ptr);
3124 else if (MRM_MOD (modrm) == 0x0)
3126 if (MRM_REGS (modrm) == RSP && MRM_REGD (modrm) == RBP)
3128 if (cur->pc[1] == 0x24)
3129 { /* mov (%esp),%ebp */
3130 if (cur->fp_loc == cur->sp)
3132 cur->fp = cur->fp_sav;
3135 else if (cur->sp >= cur->sp_safe &&
3136 (unsigned long) cur->sp < wctx->sbase)
3137 cur->fp = (unsigned long*) *cur->sp;
3141 cur->pc = check_modrm (cur->pc);
3143 case 0x8c: /* mov Mw,Sw */
3144 cur->pc = check_modrm (cur->pc);
3146 case 0x8d: /* lea Gv,M */
3148 if (MRM_REGD (modrm) == RSP)
3150 unsigned char *pc = cur->pc;
3151 // Mez: need to use always regs[RSP/RBP] instead cur->sp(or fp):
3152 cur->regs[RSP] = (unsigned long) cur->sp;
3153 cur->regs[RBP] = (unsigned long) cur->fp;
3155 int mod = (modrm >> 6) & 3;
3156 int r_m = modrm & 7;
3160 val = getRegVal (cur, MRM_REGS (modrm), &undefRez);
3162 { // SP or R12. Decode SIB-byte.
3163 int sib = *cur->pc++;
3164 int scale = 1 << (sib >> 6);
3165 int index = X | ((sib >> 3) & 7);
3166 int base = B | (sib & 7);
3169 if ((base & 7) == 5)
3171 if (index != 4) // SP
3172 val += getRegVal (cur, index, &undefRez) * scale;
3173 val += read_int (cur->pc, 4);
3178 val += getRegVal (cur, base, &undefRez);
3179 if (index != 4) // SP
3180 val += getRegVal (cur, index, &undefRez) * scale;
3185 val += getRegVal (cur, base, &undefRez);
3186 if (index != 4) // SP
3187 val += getRegVal (cur, index, &undefRez) * scale;
3190 val += read_int (cur->pc, 1);
3195 val += read_int (cur->pc, 4);
3204 val += read_int (cur->pc, 4);
3208 val += getRegVal (cur, MRM_REGS (modrm), &undefRez);
3211 { // mod == 1 || mod == 2
3212 val += getRegVal (cur, MRM_REGS (modrm), &undefRez);
3215 val += read_int (cur->pc, 1);
3220 val += read_int (cur->pc, 4);
3226 DprintfT (SP_DUMP_UNWIND, "stack_unwind%d cannot calculate RSP. cur->pc=0x%lx val=0x%lx\n",
3227 __LINE__, (unsigned long) cur->pc, (unsigned long) val);
3230 cur->regs[MRM_REGD (modrm)] = val;
3231 DprintfT (SP_DUMP_UNWIND, "stack_unwind%d cur->pc=0x%lx val=0x%lx wctx->sp=0x%lx wctx->sbase=0x%lx\n",
3232 __LINE__, (unsigned long) cur->pc, (unsigned long) val,
3233 (unsigned long) wctx->sp, (unsigned long) wctx->sbase);
3234 if (cur->pc != check_modrm (pc))
3235 DprintfT (SP_DUMP_UNWIND, "stack_unwind%d ERROR: cur->pc=0x%lx != check_modrm(0x%lx)=0x%lx\n",
3236 __LINE__, (unsigned long) cur->pc, (unsigned long) pc,
3237 (unsigned long) check_modrm (pc));
3238 if (MRM_REGD (modrm) == RSP)
3240 if (!isInside ((unsigned long) val, wctx->sp, wctx->sbase))
3242 DprintfT (SP_DUMP_UNWIND, "stack_unwind%d cannot calculate RSP. cur->pc=0x%lx opcode=0x%02x val=0x%lx wctx->sp=0x%lx wctx->sbase=0x%lx\n",
3243 __LINE__, (unsigned long) cur->pc, opcode, (unsigned long) val,
3244 (unsigned long) wctx->sp, (unsigned long) wctx->sbase);
3247 cur->sp = (unsigned long *) val;
3248 if (cur->sp - RED_ZONE > cur->sp_safe)
3249 cur->sp_safe = cur->sp - RED_ZONE;
3253 cur->pc = check_modrm (cur->pc);
3255 case 0x8e: /* mov Sw,Ew */
3256 cur->pc = check_modrm (cur->pc);
3258 case 0x8f: /* pop Ev */
3259 cur->pc = check_modrm (cur->pc);
3261 if (cur->sp - RED_ZONE > cur->sp_safe)
3262 cur->sp_safe = cur->sp - RED_ZONE;
3264 case 0x90: /* nop */
3266 case 0x91: /* xchg %eax,%ecx */
3267 case 0x92: /* xchg %eax,%edx */
3268 case 0x93: /* xchg %eax,%ebx */
3269 case 0x94: /* xchg %eax,%esp XXXX */
3270 case 0x95: /* xchg %eax,%ebp XXXX */
3271 case 0x96: /* xchg %eax,%esi */
3272 case 0x97: /* xchg %eax,%edi */
3274 case 0x98: /* cbw/cwde */
3275 case 0x99: /* cwd/cwq */
3277 case 0x9a: /* callf Ap */
3278 if (jmp_reg_switch_mode == 1)
3280 struct AdvWalkContext* tmpctx = (struct AdvWalkContext *) alloca (sizeof (*cur));
3281 __collector_memcpy (tmpctx, cur, sizeof (*cur));
3282 int rc = process_return (wctx, tmpctx);
3283 if (rc != RA_FAILURE)
3286 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
3292 case 0x9b: /* fwait */
3293 case 0x9c: /* pushf Fv */
3294 case 0x9d: /* popf Fv */
3295 case 0x9e: /* sahf */
3296 case 0x9f: /* lahf */
3298 case 0xa0: /* mov al,Ob */
3299 case 0xa1: /* mov eax,Ov */
3300 case 0xa2: /* mov Ob,al */
3301 case 0xa3: /* mov Ov,eax */
3304 case 0xa4: /* movsb Yb,Xb */
3305 case 0xa5: /* movsd Yv,Xv */
3306 case 0xa6: /* cmpsb Yb,Xb */
3307 case 0xa7: /* cmpsd Xv,Yv */
3309 case 0xa8: /* test al,Ib */
3312 case 0xa9: /* test eax,Iz */
3315 case 0xaa: /* stosb Yb,%al */
3316 case 0xab: /* stosd Yv,%eax */
3317 case 0xac: /* lodsb %al,Xb */
3318 case 0xad: /* lodsd %eax,Xv */
3319 case 0xae: /* scasb %al,Yb */
3320 case 0xaf: /* scasd %eax,Yv */
3322 case 0xb0: /* mov %al,Ib */
3323 case 0xb1: /* mov %cl,Ib */
3324 case 0xb2: /* mov %dl,Ib */
3325 case 0xb3: /* mov %bl,Ib */
3326 case 0xb4: /* mov %ah,Ib */
3327 case 0xb5: /* mov %ch,Ib */
3328 case 0xb6: /* mov %dh,Ib */
3329 case 0xb7: /* mov %bh,Ib */
3332 case 0xb8: /* mov Iv,%eax */
3333 case 0xb9: /* mov Iv,%ecx */
3334 case 0xba: /* mov Iv,%edx */
3335 case 0xbb: /* mov Iv,%ebx */
3336 case 0xbc: /* mov Iv,%esp */
3337 case 0xbd: /* mov Iv,%rbp */
3338 case 0xbe: /* mov Iv,%esi */
3339 case 0xbf: /* mov Iv,%edi */
3340 reg = OPC_REG (opcode);
3342 cur->rax = read_int (cur->pc, v);
3345 case 0xc0: /* group2 Eb,Ib */
3346 case 0xc1: /* group2 Ev,Ib */
3347 cur->pc = check_modrm (cur->pc) + 1;
3349 case 0xc2: /* ret Iw */
3350 /* In the dynamic linker we may see that
3351 * the actual return address is at sp+immv,
3352 * while sp points to the resolved address.
3355 immv = read_int (cur->pc, 2);
3356 int rc = process_return (wctx, cur);
3357 if (rc != RA_FAILURE)
3359 if (jmp_reg_switch_mode == 1)
3361 DprintfT (SP_DUMP_UNWIND, "stack_unwind%d give up return address under jmp switch mode, opcode = 0xc2\n", __LINE__);
3366 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
3369 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, opcode 0xc2.\n", __LINE__);
3373 case 0xc3: /* ret */
3375 int rc = process_return (wctx, cur);
3376 if (rc != RA_FAILURE)
3379 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
3382 if (jmp_reg_switch_mode == 1)
3383 jmp_reg_switch_pc = cur->pc;
3384 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, opcode 0xc3.\n", __LINE__);
3388 case 0xc4: /* group AVX, 3-bytes VEX prefix */
3390 unsigned char *pc = cur->pc - 1; // points to the beginning of the instruction
3391 int len = parse_x86_AVX_instruction (pc);
3401 case 0xc5: /* group AVX, 2-bytes VEX prefix */
3403 unsigned char *pc = cur->pc - 1; // points to the beginning of the instruction
3404 int len = parse_x86_AVX_instruction (pc);
3416 if (modrm == 0xf8) /* xabort */
3418 else /* mov Eb,Ib */
3419 cur->pc = check_modrm (cur->pc) + 1;
3423 if (modrm == 0xf8) /* xbegin */
3427 extop = MRM_EXT (modrm);
3430 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d give up return address, opcode = 0xc7\n", __LINE__);
3433 if (MRM_MOD (modrm) == 0xc0 && MRM_REGS (modrm) == RAX)
3434 cur->rax = read_int (cur->pc + 1, z);
3435 cur->pc = check_modrm (cur->pc) + z;
3438 case 0xc8: /* enter Iw,Ib */
3441 case 0xc9: /* leave */
3445 if (cur->fp_loc == cur->sp)
3447 cur->fp = cur->fp_sav;
3450 else if (cur->sp >= cur->sp_safe &&
3451 (unsigned long) cur->sp < wctx->sbase)
3453 cur->fp = (unsigned long*) (*cur->sp);
3454 if (wctx->fp == (unsigned long) cur->sp)
3455 cur->cval = RA_FROMFP;
3458 if (cur->sp - RED_ZONE > cur->sp_safe)
3459 cur->sp_safe = cur->sp - RED_ZONE;
3461 case 0xca: /* retf Iw */
3462 cur->pc += 2; /* XXXX process return */
3464 case 0xcb: /* retf */
3465 break; /* XXXX process return */
3466 case 0xcc: /* int 3 */
3468 case 0xcd: /* int Ib */
3469 if (*cur->pc == 0x80)
3471 if (cur->rax == __NR_exit)
3473 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, opcode 0xcd.\n", __LINE__);
3477 else if (cur->rax == __NR_rt_sigreturn)
3479 if (jmp_reg_switch_mode == 1)
3481 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d give up return address under jmp switch mode, opcode=0xcd\n",
3485 wctx->sp = (unsigned long) cur->sp;
3487 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_RT_SIGRETURN);
3488 return RA_RT_SIGRETURN;
3491 else if (cur->rax == __NR_sigreturn)
3493 if (jmp_reg_switch_mode == 1)
3495 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d give up return address under jmp switch mode, opcode = 0xc2\n",
3499 wctx->sp = (unsigned long) cur->sp;
3501 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_SIGRETURN);
3502 return RA_SIGRETURN;
3508 case 0xce: /* into */
3509 case 0xcf: /* iret */
3511 case 0xd0: /* shift group2 Eb,1 */
3512 case 0xd1: /* shift group2 Ev,1 */
3513 case 0xd2: /* shift group2 Eb,%cl */
3514 case 0xd3: /* shift group2 Ev,%cl */
3515 cur->pc = check_modrm (cur->pc);
3517 case 0xd4: /* aam Ib */
3520 case 0xd5: /* aad Ib */
3523 case 0xd6: /* falc? */
3526 cur->pc = check_modrm (cur->pc);
3529 case 0xd8: /* esc instructions */
3537 cur->pc = check_modrm (cur->pc);
3539 case 0xe0: /* loopne Jb */
3540 case 0xe1: /* loope Jb */
3541 case 0xe2: /* loop Jb */
3542 case 0xe3: /* jcxz Jb */
3543 imm8 = *(char*) cur->pc++;
3544 if (nctx < (jmp_reg_switch_mode ? MAXJMPREGCTX : MAXCTX))
3547 unsigned char *npc = cur->pc + imm8;
3548 if (is_after_ret (npc))
3550 while (npc > targets[tidx])
3552 if (npc != targets[tidx])
3554 if (ntrg < MAXTRGTS)
3556 for (int i = 0; i < nctx; i++)
3557 if (buf[i].tidx >= tidx)
3559 /* insert a new target */
3560 for (int i = ntrg; i > tidx; i--)
3561 targets[i] = targets[i - 1];
3563 targets[tidx++] = npc;
3566 DprintfT (SP_DUMP_UNWIND, "unwind.c: ntrg = max\n");
3567 struct AdvWalkContext *new = buf + nctx;
3569 __collector_memcpy (new, cur, sizeof (*new));
3572 cur = new; /* advance the new context first */
3577 DprintfT (SP_DUMP_UNWIND, "unwind.c: nctx = max\n");
3579 case 0xe4: case 0xe5:
3580 cur->pc = check_modrm (cur->pc);
3583 case 0xe6: case 0xe7:
3585 cur->pc = check_modrm (cur->pc);
3587 case 0xec: case 0xed: case 0xee: case 0xef:
3588 cur->pc = check_modrm (cur->pc);
3590 case 0xe8: /* call Jz (f64) */
3592 if (jmp_reg_switch_mode == 1)
3594 struct AdvWalkContext* tmpctx = (struct AdvWalkContext *) alloca (sizeof (*cur));
3595 __collector_memcpy (tmpctx, cur, sizeof (*cur));
3596 int rc = process_return (wctx, tmpctx);
3597 if (rc != RA_FAILURE)
3600 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
3604 int immz = read_int (cur->pc, z);
3606 /* special case in PIC code */
3611 case 0xe9: /* jump Jz */
3613 int immz = read_int (cur->pc, z);
3614 unsigned char *npc = cur->pc + z + immz;
3615 if ((unsigned long) npc < wctx->tbgn || (unsigned long) npc >= wctx->tend)
3617 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, opcode 0xe9.\n", __LINE__);
3622 while (npc > targets[tidx])
3624 if (npc != targets[tidx])
3626 if (ntrg < MAXTRGTS)
3628 for (int i = 0; i < nctx; i++)
3629 if (buf[i].tidx >= tidx)
3631 /* insert a new target */
3632 for (int i = ntrg; i > tidx; i--)
3633 targets[i] = targets[i - 1];
3635 targets[tidx++] = npc;
3638 DprintfT (SP_DUMP_UNWIND, "unwind.c: ntrg = max\n");
3641 continue; /* advance this context first */
3645 /* Delete context */
3646 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, opcode 0xe9.\n", __LINE__);
3651 case 0xeb: /* jump imm8 */
3653 imm8 = *(char*) cur->pc++;
3655 unsigned char *npc = cur->pc + imm8;
3656 while (npc > targets[tidx])
3658 if (npc != targets[tidx])
3660 if (ntrg < MAXTRGTS)
3662 for (int i = 0; i < nctx; i++)
3663 if (buf[i].tidx >= tidx)
3665 /* insert a new target */
3666 for (int i = ntrg; i > tidx; i--)
3667 targets[i] = targets[i - 1];
3669 targets[tidx++] = npc;
3672 DprintfT (SP_DUMP_UNWIND, "unwind.c: ntrg = max\n");
3675 continue; /* advance this context first */
3679 /* Delete context */
3680 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, opcode 0xeb.\n", __LINE__);
3685 case 0xf0: /* lock prefix */
3686 case 0xf2: /* repne prefix */
3687 case 0xf3: /* repz prefix */
3689 case 0xf4: /* hlt */
3690 extop2 = *(cur->pc - 3);
3693 // 17851712 occasional SEGV in find_i386_ret_addr in unwind.c during attach
3695 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_END_OF_STACK);
3696 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d returns RA_END_OF_STACK\n", __LINE__);
3697 return RA_END_OF_STACK;
3699 /* We see 'hlt' in _start. Stop analysis, revert to FP */
3700 /* A workaround for the Linux main stack */
3708 if (jmp_reg_switch_mode == 1)
3710 DprintfT (SP_DUMP_UNWIND, "unwind.c: give up return address under jmp switch mode, opcode = 0xf4\n");
3713 cache_put (wctx, RA_EOSTCK);
3718 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_END_OF_STACK);
3719 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d returns RA_END_OF_STACK\n", __LINE__);
3720 return RA_END_OF_STACK;
3722 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d give up return address, opcode = 0xf4\n", __LINE__);
3724 case 0xf5: /* cmc */
3726 case 0xf6: /* group3 Eb */
3728 extop = MRM_EXT (modrm);
3729 cur->pc = check_modrm (cur->pc);
3730 if (extop == 0x0) /* test Ib */
3733 case 0xf7: /* group3 Ev */
3735 extop = MRM_EXT (modrm);
3736 cur->pc = check_modrm (cur->pc);
3737 if (extop == 0x0) /* test Iz */
3740 case 0xf8: /* clc */
3741 case 0xf9: /* stc */
3742 case 0xfa: /* cli */
3743 case 0xfb: /* sti */
3744 case 0xfc: /* cld */
3745 case 0xfd: /* std */
3747 case 0xfe: /* group4 */
3749 extop = MRM_EXT (modrm);
3752 case 0x0: /* inc Eb */
3753 case 0x1: /* dec Eb */
3754 cur->pc = check_modrm (cur->pc);
3757 cur->pc = check_modrm (cur->pc);
3760 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d unknown opcode: 0xfe %x\n",
3766 case 0xff: /* group5 */
3768 extop = MRM_EXT (modrm);
3771 case 0x0: /* inc Ev */
3772 case 0x1: /* dec Ev */
3773 cur->pc = check_modrm (cur->pc);
3775 case 0x2: /* calln Ev */
3776 if (jmp_reg_switch_mode == 1)
3778 struct AdvWalkContext* tmpctx = (struct AdvWalkContext *) alloca (sizeof (*cur));
3779 __collector_memcpy (tmpctx, cur, sizeof (*cur));
3780 int rc = process_return (wctx, tmpctx);
3781 if (rc != RA_FAILURE)
3784 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
3788 cur->pc = check_modrm (cur->pc);
3790 case 0x3: /* callf Ep */
3791 if (jmp_reg_switch_mode == 1)
3793 struct AdvWalkContext* tmpctx = (struct AdvWalkContext *) alloca (sizeof (*cur));
3794 __collector_memcpy (tmpctx, cur, sizeof (*cur));
3795 int rc = process_return (wctx, tmpctx);
3796 if (rc != RA_FAILURE)
3799 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
3803 cur->pc = check_modrm (cur->pc); /* XXXX */
3805 case 0x4: /* jumpn Ev */
3806 /* This instruction appears in PLT or
3807 * in tail call optimization.
3808 * In both cases treat it as return.
3809 * Save jump *(reg) - switch, etc, for later use when no ctx left
3811 if (modrm == 0x25 || /* jumpn *disp32 */
3812 MRM_MOD (modrm) == 0x40 || /* jumpn byte(reg) */
3813 MRM_MOD (modrm) == 0x80) /* jumpn word(reg) */
3815 DprintfT (SP_DUMP_UNWIND, "unwind.c: PLT or tail call: %p\n", cur->pc - 1);
3816 int rc = process_return (wctx, cur);
3817 if (rc != RA_FAILURE)
3819 if (jmp_reg_switch_mode == 1 && total_num_jmp_reg < max_num_jmp_reg_seen)
3821 DprintfT (SP_DUMP_UNWIND, "unwind.c: give up return address under jmp switch mode, opcode = 0xff\n");
3825 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
3829 else if (modrm != 0x24 /*ignore SIB*/) /* jumpn *(reg) or jumpn reg */
3831 // 22846120 stack unwind does not find caller of __memcpy_ssse3_back with B64 intel-Linux
3833 * For now, let's deal rather narrowly with this scenario. If:
3834 * - we are in the middle of an "ff e2" instruction, and
3835 * - the next instruction is undefined ( 0f 0b == ud2 )
3836 * then test return. (Might eventually have to broaden the scope
3837 * of this fix to other registers/etc.)
3839 if (cur->pc[0] == 0xe2 && cur->pc[1] == 0x0f && cur->pc[2] == 0x0b)
3841 int rc = process_return_real (wctx, cur, 0);
3842 if (rc == RA_SUCCESS)
3845 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
3850 // 22691241 shjsynprog, jsynprog core dump from find_i386_ret_addr
3852 * Here is another oddity. Java 9 seems to emit dynamically generated
3853 * code where a code block ends with a "jmp *reg" and then padding to a
3854 * multiple-of-16 boundary and then a bunch of 0s. In this case, let's
3855 * not continue to walk bytes since we would be walking off the end of
3856 * the instructions into ... something. Treating them as instructions
3857 * can lead to unexpected results, including SEGV.
3860 * While the general problem deserves a better solution, let's look
3861 * here only for one particular case:
3862 * 0xff 0xe7 jmp *reg
3863 * nop to bring us to a multiple-of-16 boundary
3864 * 0x0000000000000a00 something that does not look like an instruction
3866 * A different nop might be used depending on how much padding is needed
3867 * to reach that multiple-of-16 boundary. We've seen two:
3869 * 0x0f 0x1f 0x40 0x00 four bytes
3871 // confirm the instruction is 0xff 0xe7
3872 if (cur->pc[0] == 0xe7)
3874 // check for correct-length nop and find next 16-byte boundary
3876 unsigned long long *boundary = 0;
3877 switch ((((unsigned long) (cur->pc)) & 0xf))
3879 case 0xb: // look for 4-byte nop
3880 if (*((unsigned *) (cur->pc + 1)) == 0x00401f0f)
3882 boundary = (unsigned long long *) (cur->pc + 5);
3884 case 0xe: // look for 1-byte nop
3885 if (cur->pc[1] == 0x90)
3887 boundary = (unsigned long long *) (cur->pc + 2);
3893 // if nop is found, check what's at the boundary
3894 if (found_nop && *boundary == 0x000000000a00)
3901 DprintfT (SP_DUMP_UNWIND, "unwind.c: probably PLT or tail call or switch table: %p\n",
3903 if (num_jmp_reg < expected_num_jmp_reg)
3905 if (jmp_reg_ctx[num_jmp_reg] == NULL)
3906 jmp_reg_ctx[num_jmp_reg] = (struct AdvWalkContext *) alloca (sizeof (*cur));
3907 if (jmp_reg_ctx[num_jmp_reg] != NULL)
3908 __collector_memcpy (jmp_reg_ctx[num_jmp_reg], cur, sizeof (*cur));
3910 if (num_jmp_reg < expected_num_jmp_reg ||
3911 (num_jmp_reg >= expected_num_jmp_reg &&
3912 jmp_reg_ctx[expected_num_jmp_reg - 1] != NULL &&
3913 cur->pc != jmp_reg_ctx[expected_num_jmp_reg - 1]->pc))
3916 total_num_jmp_reg++;
3918 if (jmp_reg_switch_mode == 1 && total_num_jmp_reg >= max_num_jmp_reg_seen)
3920 int rc = process_return_real (wctx, cur, 0);
3921 if (rc == RA_SUCCESS)
3924 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
3929 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d delete context, opcode 0xff.\n", __LINE__);
3932 case 0x5: /* jmpf Ep */
3933 cur->pc = check_modrm (cur->pc); /* XXXX */
3935 case 0x6: /* push Ev */
3936 cur->pc = check_modrm (cur->pc);
3940 cur->pc = check_modrm (cur->pc); /* XXXX */
3941 if (jmp_reg_switch_mode == 1)
3943 int rc = process_return_real (wctx, cur, 0);
3944 if (rc == RA_SUCCESS)
3947 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, rc);
3953 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d unknown opcode: 0xff %x\n",
3954 __LINE__, (int) extop);
3960 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d unknown opcode: 0x%x\n",
3961 __LINE__, (int) opcode);
3966 /* switch to next context */
3967 if (++cur >= buf + nctx)
3969 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d switch context: cur=0x%lx(%ld) nctx=%d cnt=%d\n",
3970 __LINE__, (unsigned long) cur, (long) (cur - buf), (int) nctx, (int) cnt);
3974 Tprintf (DBG_LT3, "find_i386_ret_addr:%d checkFP: wctx=0x%lx fp=0x%lx ln=0x%lx pc=0x%lx sbase=0x%lx sp=0x%lx tbgn=0x%lx tend=0x%lx\n",
3975 __LINE__, (unsigned long) wctx, (unsigned long) wctx->fp,
3976 (unsigned long) wctx->ln, (unsigned long) wctx->pc, (unsigned long) wctx->sbase,
3977 (unsigned long) wctx->sp, (unsigned long) wctx->tbgn, (unsigned long) wctx->tend);
3979 if (jmp_reg_switch_mode == 1)
3980 { // not deal with switch cases not ending with ret
3981 if (jmp_reg_switch_backup_ctx != NULL)
3982 __collector_memcpy (cur, jmp_reg_switch_backup_ctx, sizeof (*cur));
3983 DprintfT (SP_DUMP_UNWIND, "stack_unwind jmp reg mode on: pc = 0x%lx cnt = %d, nctx = %d\n", wctx->pc, cnt, nctx);
3986 unsigned long *cur_fp = cur->fp;
3987 unsigned long *cur_sp = cur->sp;
3989 __collector_memcpy (&wctx_pc_save, wctx, sizeof (struct WalkContext));
3991 /* Resort to the frame pointer */
3993 cur->fp = cur->fp_sav;
3995 if ((unsigned long) cur->sp >= wctx->sbase ||
3996 (unsigned long) cur->sp < wctx->sp)
3998 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d do_walk=%d cur->sp=0x%p out of range. wctx->sbase=0x%lx wctx->sp=0x%lx wctx->pc=0x%lx\n",
3999 __LINE__, (int) do_walk, cur->sp, (unsigned long) wctx->sbase,
4000 (unsigned long) wctx->sp, (unsigned long) wctx->pc);
4010 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_FAILURE);
4014 unsigned long fp = *cur->sp++;
4015 if (fp <= (unsigned long) cur->sp || fp >= wctx->sbase)
4017 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d fp=0x%016llx out of range. cur->sp=%p wctx->sbase=0x%lx wctx->pc=0x%lx\n",
4018 __LINE__, (unsigned long long) fp, cur->sp,
4019 (unsigned long) wctx->sbase, (unsigned long) wctx->pc);
4029 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_FAILURE);
4033 unsigned long ra = *cur->sp++;
4036 cache_put (wctx, RA_EOSTCK);
4037 DprintfT (SP_DUMP_UNWIND, "unwind.c:%d returns RA_END_OF_STACK wctx->pc = 0x%lx\n", __LINE__, wctx->pc);
4039 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_END_OF_STACK);
4040 return RA_END_OF_STACK;
4043 unsigned long tbgn = wctx->tbgn;
4044 unsigned long tend = wctx->tend;
4045 if (ra < tbgn || ra >= tend)
4047 // We do not know yet if update_map_segments is really needed
4048 if (!__collector_check_segment (ra, &tbgn, &tend, 0))
4050 DprintfT (SP_DUMP_UNWIND, "unwind.c: __collector_check_segment fail. wctx->pc = 0x%lx\n", wctx->pc);
4060 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_FAILURE);
4065 unsigned long npc = adjust_ret_addr (ra, ra - tbgn, tend);
4068 DprintfT (SP_DUMP_UNWIND, "unwind.c: adjust_ret_addr fail. wctx->pc = 0x%lx\n", wctx->pc);
4078 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_FAILURE);
4082 wctx->sp = (unsigned long) cur->sp;
4089 omp_cache_put (cur->sp_safe, &wctx_pc_save, wctx, RA_SUCCESS);
4090 DprintfT (SP_DUMP_UNWIND, "unwind.c: cache walk context. wctx_pc_save->pc = 0x%lx\n", wctx_pc_save.pc);
4096 * We have the return address, but we would like to report to the user
4097 * the calling PC, which is the instruction immediately preceding the
4098 * return address. Unfortunately, x86 instructions can have variable
4099 * length. So we back up 8 bytes and try to figure out where the
4100 * calling PC starts. (FWIW, call instructions are often 5-bytes long.)
4103 adjust_ret_addr (unsigned long ra, unsigned long segoff, unsigned long tend)
4105 unsigned long npc = 0;
4106 int i = segoff < 8 ? segoff : 8;
4109 unsigned char *ptr = (unsigned char*) ra - i;
4116 bVal = getByteInstruction (ptr);
4129 bVal = getByteInstruction (ptr + 1);
4133 // a workaround for bug 16193041, assuming "call Jz" has no segment override prefix
4152 bVal = getByteInstruction (ptr);
4155 if (bVal >= 0x40 && bVal <= 0x4f)
4156 { /* XXXX not all REX codes applicable */
4162 int opcode = getByteInstruction (ptr);
4168 case 0xe8: /* call Jz (f64) */
4171 case 0x9a: /* callf Ap */
4174 case 0xff: /* calln Ev , callf Ep */
4176 int extop = MRM_EXT (*ptr);
4177 if (extop == 2 || extop == 3)
4178 ptr = check_modrm (ptr);
4184 if ((unsigned long) ptr == ra)
4192 unsigned char * ptr = (unsigned char *) ra;
4194 // test __kernel_sigreturn or __kernel_rt_sigreturn
4195 if ((ra + 7 < tend && getByteInstruction (ptr) == 0x58
4196 && getByteInstruction (ptr + 1) == 0xb8
4197 && getByteInstruction (ptr + 6) == 0xcd
4198 && getByteInstruction (ptr + 7) == 0x80) /* pop %eax; mov $NNNN, %eax; int */
4199 || (ra + 7 < tend && getByteInstruction (ptr) == 0x58
4200 && getByteInstruction (ptr + 1) == 0xb8
4201 && getByteInstruction (ptr + 6) == 0x0f
4202 && getByteInstruction (ptr + 7) == 0x05) /* pop %eax; mov $NNNN, %eax; syscall */
4203 || (ra + 6 < tend && getByteInstruction (ptr) == 0xb8
4204 && getByteInstruction (ptr + 5) == 0xcd
4205 && getByteInstruction (ptr + 6) == 0x80) /* mov $NNNN, %eax; int */
4206 || (ra + 6 < tend && getByteInstruction (ptr) == 0xb8
4207 && getByteInstruction (ptr + 5) == 0x0f
4208 && getByteInstruction (ptr + 6) == 0x05)) /* mov $NNNN, %eax; syscall */
4210 // test __restore_rt
4211 if (ra + 8 < tend && getByteInstruction (ptr) == 0x48
4212 && getByteInstruction (ptr + 7) == 0x0f
4213 && getByteInstruction (ptr + 8) == 0x05) /* mov $NNNNNNNN, %rax; syscall */
4219 if (npc == 0 && __collector_java_mode
4220 && __collector_java_asyncgetcalltrace_loaded)
4221 { // detect jvm interpreter code for java user threads
4222 unsigned char * ptr = (unsigned char *) ra;
4226 * ff 24 9d e0 64 02 f5 jmp *-0xafd9b20(,%ebx,4)
4227 * 8b 4e 01 movl 1(%esi),%ecx
4229 * 8b 5d ec movl -0x14(%ebp),%ebx
4230 * c1 e1 02 shll $2,%ecx
4231 * eb d8 jmp .-0x26 [ 0x92a ]
4232 * 83 ec 08 subl $8,%esp || 8b 65 f8 movl -8(%ebp),%esp
4234 if (ra - 20 >= (ra - segoff) && ((*ptr == 0x83 && *(ptr + 1) == 0xec) || (*ptr == 0x8b && *(ptr + 1) == 0x65))
4235 && *(ptr - 2) == 0xeb
4236 && *(ptr - 5) == 0xc1 && *(ptr - 4) == 0xe1
4237 && *(ptr - 8) == 0x8b && *(ptr - 7) == 0x5d
4238 && *(ptr - 10) == 0xf7 && *(ptr - 9) == 0xd1
4239 && *(ptr - 13) == 0x8b && *(ptr - 12) == 0x4e
4240 && *(ptr - 20) == 0xff && *(ptr - 19) == 0x24 && *(ptr - 18) == 0x9d)
4245 // ff 24 9d ** ** ** ** jmp *-0x*******(,%ebx,4)
4247 && ra - 7 >= (ra - segoff)
4248 && *(ptr - 7) == 0xff
4249 && *(ptr - 6) == 0x24
4250 && *(ptr - 5) == 0x9d)
4257 * 41 ff 24 da jmp *(%r10,%rbx,8)
4258 * 41 8b 4d 01 movl 1(%r13),%ecx
4260 * 48 8b 5d d8 movq -0x28(%rbp),%rbx
4261 * c1 e1 02 shll $2,%ecx
4262 * eb cc jmp .-0x32 [ 0xd23 ]
4263 * 48 8b 65 f0 movq -0x10(%rbp),%rsp
4265 if (ra - 19 >= (ra - segoff) && *ptr == 0x48 && ((*(ptr + 1) == 0x8b && *(ptr + 2) == 0x65) || (*(ptr + 1) == 0x83 && *(ptr + 2) == 0xec))
4266 && *(ptr - 2) == 0xeb
4267 && *(ptr - 5) == 0xc1 && *(ptr - 4) == 0xe1
4268 && *(ptr - 9) == 0x48 && *(ptr - 8) == 0x8b && *(ptr - 7) == 0x5d
4269 && *(ptr - 11) == 0xf7 && *(ptr - 10) == 0xd1
4270 && *(ptr - 15) == 0x41 && *(ptr - 14) == 0x8b && *(ptr - 13) == 0x4d
4271 && *(ptr - 19) == 0x41 && *(ptr - 18) == 0xff)
4274 // 41 ff 24 da jmp *(%r10,%rbx,8)
4276 && ra - 4 >= (ra - segoff)
4277 && *(ptr - 4) == 0x41
4278 && *(ptr - 3) == 0xff
4279 && *(ptr - 2) == 0x24
4280 && *(ptr - 1) == 0xda)
4289 * Parses AVX instruction and returns its length.
4290 * Returns 0 if parsing failed.
4291 * https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf
4294 parse_x86_AVX_instruction (unsigned char *pc)
4297 * VEX prefix has a two-byte form (0xc5) and a three byte form (0xc4).
4298 * If an instruction syntax can be encoded using the two-byte form,
4299 * it can also be encoded using the three byte form of VEX.
4300 * The latter increases the length of the instruction by one byte.
4301 * This may be helpful in some situations for code alignment.
4303 Byte 0 Byte 1 Byte 2 Byte 3
4304 (Bit Position) 7 0 7 6 5 4 0 7 6 3 2 10
4305 3-byte VEX [ 11000100 ] [ R X B | m-mmmm ] [ W | vvvv | L | pp ]
4307 2-byte VEX [ 11000101 ] [ R | vvvv | L | pp ]
4308 7 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
4309 4-byte EVEX [ 01100010 ] [ R X B R1 0 0 m m ] [ W v v v v 1 p p ] [ z L1 L B1 V1 a a a ]
4311 R: REX.R in 1's complement (inverted) form
4312 0: Same as REX.R=1 (64-bit mode only)
4313 1: Same as REX.R=0 (must be 1 in 32-bit mode)
4315 X: REX.X in 1's complement (inverted) form
4316 0: Same as REX.X=1 (64-bit mode only)
4317 1: Same as REX.X=0 (must be 1 in 32-bit mode)
4319 B: REX.B in 1's complement (inverted) form
4320 0: Same as REX.B=1 (64-bit mode only)
4321 1: Same as REX.B=0 (Ignored in 32-bit mode).
4323 W: opcode specific (use like REX.W, or used for opcode
4324 extension, or ignored, depending on the opcode byte)
4327 00000: Reserved for future use (will #UD)
4328 00001: implied 0F leading opcode byte
4329 00010: implied 0F 38 leading opcode bytes
4330 00011: implied 0F 3A leading opcode bytes
4331 00100-11111: Reserved for future use (will #UD)
4333 vvvv: a register specifier (in 1's complement form) or 1111 if unused.
4336 0: scalar or 128-bit vector
4339 pp: opcode extension providing equivalent functionality of a SIMD prefix
4345 * Example: 0xc5f877L vzeroupper
4346 * VEX prefix: 0xc5 0x77
4351 disassemble_info dis_info;
4352 dis_info.arch = bfd_arch_i386;
4353 dis_info.mach = bfd_mach_x86_64;
4354 dis_info.flavour = bfd_target_unknown_flavour;
4355 dis_info.endian = BFD_ENDIAN_UNKNOWN;
4356 dis_info.endian_code = dis_info.endian;
4357 dis_info.octets_per_byte = 1;
4358 dis_info.disassembler_needs_relocs = FALSE;
4359 dis_info.fprintf_func = fprintf_func;
4360 dis_info.fprintf_styled_func = fprintf_styled_func;
4361 dis_info.stream = NULL;
4362 dis_info.disassembler_options = NULL;
4363 dis_info.read_memory_func = read_memory_func;
4364 dis_info.memory_error_func = memory_error_func;
4365 dis_info.print_address_func = print_address_func;
4366 dis_info.symbol_at_address_func = symbol_at_address_func;
4367 dis_info.symbol_is_valid = symbol_is_valid;
4368 dis_info.display_endian = BFD_ENDIAN_UNKNOWN;
4369 dis_info.symtab = NULL;
4370 dis_info.symtab_size = 0;
4371 dis_info.buffer_vma = 0;
4372 dis_info.buffer = pc;
4373 dis_info.buffer_length = 8;
4375 disassembler_ftype disassemble = print_insn_i386;
4376 if (disassemble == NULL)
4378 DprintfT (SP_DUMP_UNWIND, "parse_x86_AVX_instruction ERROR: unsupported disassemble\n");
4381 len = disassemble (0, &dis_info);
4382 DprintfT (SP_DUMP_UNWIND, "parse_x86_AVX_instruction: returned %d pc: %p\n", len, pc);
4387 * In the Intel world, a stack frame looks like this:
4390 * |-------------------------------|
4391 * | Args to next subroutine |
4392 * |-------------------------------|-\
4393 * %sp0->| One word struct-ret address | |
4394 * |-------------------------------| > minimum stack frame (8 bytes)
4395 * | Previous frame pointer (%fp0)| |
4396 * %fp1->|-------------------------------|-/
4397 * | Local variables |
4398 * %sp1->|-------------------------------|
4403 stack_unwind (char *buf, int size, void *bptr, void *eptr, ucontext_t *context, int mode)
4405 long *lbuf = (long*) buf;
4406 int lsize = size / sizeof (long);
4409 int extra_frame = 0;
4410 if (mode & FRINFO_NO_WALK)
4412 if ((mode & 0xffff) == FRINFO_FROM_STACK)
4416 * trace the stack frames from user stack.
4417 * We are assuming that the frame pointer and return address
4418 * are null when we are at the top level.
4420 struct WalkContext wctx;
4421 wctx.pc = GET_PC (context);
4422 wctx.sp = GET_SP (context);
4423 wctx.fp = GET_FP (context);
4424 wctx.ln = (unsigned long) context->uc_link;
4425 unsigned long *sbase = (unsigned long*) __collector_tsd_get_by_key (unwind_key);
4426 if (sbase && *sbase > wctx.sp)
4427 wctx.sbase = *sbase;
4430 wctx.sbase = wctx.sp + 0x100000;
4431 if (wctx.sbase < wctx.sp) /* overflow */
4432 wctx.sbase = (unsigned long) - 1;
4434 // We do not know yet if update_map_segments is really needed
4435 __collector_check_segment (wctx.pc, &wctx.tbgn, &wctx.tend, 0);
4439 if (ind >= lsize || wctx.pc == 0)
4441 if (bptr != NULL && extra_frame && wctx.sp <= (unsigned long) bptr && ind < 2)
4451 if (bptr == NULL || wctx.sp > (unsigned long) bptr)
4453 lbuf[ind++] = wctx.pc;
4460 if (eptr != NULL && wctx.sp >= (unsigned long) eptr)
4462 ind = ind >= 2 ? ind - 2 : 0;
4465 int ret = find_i386_ret_addr (&wctx, do_walk);
4466 DprintfT (SP_DUMP_UNWIND, "stack_unwind (x86 walk):%d find_i386_ret_addr returns %d\n", __LINE__, ret);
4467 if (ret == RA_FAILURE)
4469 /* lbuf[ind++] = SP_FAILED_UNWIND_MARKER; */
4473 if (ret == RA_END_OF_STACK)
4476 if (ret == RA_RT_SIGRETURN)
4483 } *sframe = (struct SigFrame*) wctx.sp;
4484 ucontext_t *ncontext = (ucontext_t*) sframe->arg2;
4485 wctx.pc = GET_PC (ncontext);
4486 if (!__collector_check_segment (wctx.pc, &wctx.tbgn, &wctx.tend, 0))
4488 /* lbuf[ind++] = SP_FAILED_UNWIND_MARKER; */
4491 unsigned long nsp = GET_SP (ncontext);
4492 /* Check the new stack pointer */
4493 if (nsp <= sframe->arg2 || nsp > sframe->arg2 + sizeof (ucontext_t) + 1024)
4495 /* lbuf[ind++] = SP_FAILED_UNWIND_MARKER; */
4499 wctx.fp = GET_FP (ncontext);
4502 else if (ret == RA_SIGRETURN)
4504 struct sigcontext *sctx = (struct sigcontext*) wctx.sp;
4505 wctx.pc = sctx->eip;
4506 if (!__collector_check_segment (wctx.pc, &wctx.tbgn, &wctx.tend, 0))
4508 /* lbuf[ind++] = SP_FAILED_UNWIND_MARKER; */
4511 wctx.sp = sctx->esp;
4512 wctx.fp = sctx->ebp;
4516 if (ret == RA_RT_SIGRETURN)
4518 ucontext_t *ncontext = (ucontext_t*) wctx.sp;
4519 wctx.pc = GET_PC (ncontext);
4520 if (!__collector_check_segment (wctx.pc, &wctx.tbgn, &wctx.tend, 0))
4522 /* lbuf[ind++] = SP_FAILED_UNWIND_MARKER; */
4525 unsigned long nsp = GET_SP (ncontext);
4526 /* Check the new stack pointer */
4527 if (nsp <= wctx.sp || nsp > wctx.sp + sizeof (ucontext_t) + 1024)
4529 /* lbuf[ind++] = SP_FAILED_UNWIND_MARKER; */
4533 wctx.fp = GET_FP (ncontext);
4536 #endif /* WSIZE() */
4537 if (bptr != NULL && extra_frame && wctx.sp <= (unsigned long) bptr && ind < 2)
4547 if (bptr == NULL || wctx.sp > (unsigned long) bptr)
4549 lbuf[ind++] = wctx.pc;
4558 if ((SP_DUMP_UNWIND & __collector_tracelevel) != 0)
4560 DprintfT (SP_DUMP_UNWIND, "stack_unwind (x86 walk):%d found %d frames\n\n", __LINE__, ind);
4561 for (int i = 0; i < ind; i++)
4562 DprintfT (SP_DUMP_UNWIND, " %3d: 0x%lx\n", i, (unsigned long) lbuf[i]);
4565 dump_stack (__LINE__);
4569 lbuf[ind++] = (unsigned long) SP_TRUNC_STACK_MARKER;
4571 return ind * sizeof (long);
4577 stack_unwind (char *buf, int size, void *bptr, void *eptr, ucontext_t *context, int mode)
4579 if (buf && bptr && eptr && context && size + mode > 0)
4580 getByteInstruction ((unsigned char *) eptr);
4582 __u64 *lbuf = (void *) buf;
4583 int lsize = size / sizeof (__u64);
4584 __u64 pc = context->uc_mcontext.pc;
4585 __u64 sp = context->uc_mcontext.sp;
4587 unsigned long tbgn = 0;
4588 unsigned long tend = 0;
4590 unsigned long *sbase = (unsigned long*) __collector_tsd_get_by_key (unwind_key);
4591 if (sbase && *sbase > sp)
4592 stack_base = *sbase;
4595 stack_base = sp + 0x100000;
4596 if (stack_base < sp) // overflow
4597 stack_base = (__u64) -1;
4599 DprintfT (SP_DUMP_UNWIND,
4600 "unwind.c:%d stack_unwind %2d pc=0x%llx sp=0x%llx stack_base=0x%llx\n",
4601 __LINE__, ind, (unsigned long long) pc, (unsigned long long) sp,
4602 (unsigned long long) stack_base);
4606 DprintfT (SP_DUMP_UNWIND,
4607 "unwind.c:%d stack_unwind %2d pc=0x%llx sp=0x%llx\n",
4608 __LINE__, ind, (unsigned long long) pc, (unsigned long long) sp);
4610 // if (!dladdr ((void *) pc, &dlinfo))
4612 // DprintfT (SP_DUMP_UNWIND, "%2d: %llx <%s+%llu> (%s)\n",
4613 // ind, (unsigned long long) pc,
4614 // dlinfo.dli_sname ? dlinfo.dli_sname : "(?)",
4615 // (unsigned long long) pc - (unsigned long long) dlinfo.dli_saddr,
4616 // dlinfo.dli_fname);
4618 if (ind >= lsize || sp >= stack_base || (sp & 15) != 0)
4620 if (pc < tbgn || pc >= tend)
4621 if (!__collector_check_segment ((unsigned long) pc, &tbgn, &tend, 0))
4623 DprintfT (SP_DUMP_UNWIND,
4624 "unwind.c:%d __collector_check_segment failed. sp=0x%lx\n",
4625 __LINE__, (unsigned long) sp);
4628 pc = ((__u64 *) sp)[1];
4630 sp = ((__u64 *) sp)[0];
4637 lbuf[ind++] = (__u64) SP_TRUNC_STACK_MARKER;
4639 return ind * sizeof (__u64);
projects / binutils.git / blob