Let x86 stackwalker scan stack in cases where program evaluation fails. Original patch by Jeff Muizelaar <jmuizelaar@mozilla.com> with some changes by me. r=mento at http://breakpad.appspot.com/32003/show

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@409 4c0a9323-5329-0410-9bdc-e9ce6186880e
This commit is contained in:
ted.mielczarek 2009-10-08 14:21:50 +00:00
parent 760d66430e
commit 8d70618ffc
7 changed files with 161 additions and 27 deletions

View file

@ -58,7 +58,23 @@ struct StackFrameX86 : public StackFrame {
CONTEXT_VALID_ALL = -1 CONTEXT_VALID_ALL = -1
}; };
StackFrameX86() : context(), context_validity(CONTEXT_VALID_NONE) {} // Indicates how well we trust the instruction pointer we derived
// during stack walking. Since the stack walker can resort to
// stack scanning, we can wind up with dubious frames.
// In rough order of "trust metric".
enum FrameTrust {
FRAME_TRUST_NONE, // Unknown
FRAME_TRUST_SCAN, // Scanned the stack, found this
FRAME_TRUST_CFI_SCAN, // Scanned the stack using call frame info, found this
FRAME_TRUST_FP, // Derived from frame pointer
FRAME_TRUST_CFI, // Derived from call frame info
FRAME_TRUST_CONTEXT // Given as instruction pointer in a context
};
StackFrameX86()
: context(),
context_validity(CONTEXT_VALID_NONE),
trust(FRAME_TRUST_NONE) {}
// Register state. This is only fully valid for the topmost frame in a // Register state. This is only fully valid for the topmost frame in a
// stack. In other frames, the values of nonvolatile registers may be // stack. In other frames, the values of nonvolatile registers may be
@ -70,6 +86,10 @@ struct StackFrameX86 : public StackFrame {
// the OR operator doesn't work well with enumerated types. This indicates // the OR operator doesn't work well with enumerated types. This indicates
// which fields in context are valid. // which fields in context are valid.
int context_validity; int context_validity;
// Amount of trust the stack walker has in the instruction pointer
// of this frame.
FrameTrust trust;
}; };
struct StackFramePPC : public StackFrame { struct StackFramePPC : public StackFrame {

View file

@ -42,6 +42,7 @@
#define GOOGLE_BREAKPAD_PROCESSOR_STACKWALKER_H__ #define GOOGLE_BREAKPAD_PROCESSOR_STACKWALKER_H__
#include <vector> #include <vector>
#include "google_breakpad/common/breakpad_types.h"
namespace google_breakpad { namespace google_breakpad {
@ -95,6 +96,16 @@ class Stackwalker {
SymbolSupplier *supplier, SymbolSupplier *supplier,
SourceLineResolverInterface *resolver); SourceLineResolverInterface *resolver);
// This can be used to filter out potential return addresses when
// the stack walker resorts to stack scanning.
// Returns true if any of:
// * This address is within a loaded module, but we don't have symbols
// for that module.
// * This address is within a loaded module for which we have symbols,
// and falls inside a function in that module.
// Returns false otherwise.
bool InstructionAddressSeemsValid(u_int64_t address);
// Information about the system that produced the minidump. Subclasses // Information about the system that produced the minidump. Subclasses
// and the SymbolSupplier may find this information useful. // and the SymbolSupplier may find this information useful.
const SystemInfo *system_info_; const SystemInfo *system_info_;

View file

@ -160,6 +160,28 @@ static void PrintStack(const CallStack *stack, const string &cpu) {
sequence = PrintRegister("edx", frame_x86->context.edx, sequence); sequence = PrintRegister("edx", frame_x86->context.edx, sequence);
sequence = PrintRegister("efl", frame_x86->context.eflags, sequence); sequence = PrintRegister("efl", frame_x86->context.eflags, sequence);
} }
const char *trust_name;
switch (frame_x86->trust) {
case StackFrameX86::FRAME_TRUST_NONE:
trust_name = "unknown";
break;
case StackFrameX86::FRAME_TRUST_CONTEXT:
trust_name = "given as instruction pointer in context";
break;
case StackFrameX86::FRAME_TRUST_CFI:
trust_name = "call frame info";
break;
case StackFrameX86::FRAME_TRUST_CFI_SCAN:
trust_name = "call frame info with scanning";
break;
case StackFrameX86::FRAME_TRUST_FP:
trust_name = "previous frame's frame pointer";
break;
case StackFrameX86::FRAME_TRUST_SCAN:
trust_name = "stack scanning";
break;
}
printf("\n Found by: %s", trust_name);
} else if (cpu == "ppc") { } else if (cpu == "ppc") {
const StackFramePPC *frame_ppc = const StackFramePPC *frame_ppc =
reinterpret_cast<const StackFramePPC*>(frame); reinterpret_cast<const StackFramePPC*>(frame);

View file

@ -189,5 +189,39 @@ Stackwalker* Stackwalker::StackwalkerForCPU(
return cpu_stackwalker; return cpu_stackwalker;
} }
bool Stackwalker::InstructionAddressSeemsValid(u_int64_t address) {
const CodeModule *module = modules_->GetModuleForAddress(address);
if (!module) {
// not inside any loaded module
return false;
}
if (!resolver_ || !supplier_) {
// we don't have a resolver and or symbol supplier,
// but we're inside a known module
return true;
}
if (!resolver_->HasModule(module->code_file())) {
string symbol_data, symbol_file;
SymbolSupplier::SymbolResult symbol_result =
supplier_->GetSymbolFile(module, system_info_,
&symbol_file, &symbol_data);
if (symbol_result != SymbolSupplier::FOUND ||
!resolver_->LoadModuleUsingMapBuffer(module->code_file(),
symbol_data)) {
// we don't have symbols, but we're inside a loaded module
return true;
}
}
StackFrame frame;
frame.module = module;
frame.instruction = address;
resolver_->FillSourceLineInfo(&frame);
// we have symbols, so return true if inside a function
return !frame.function_name.empty();
}
} // namespace google_breakpad } // namespace google_breakpad

View file

@ -79,6 +79,7 @@ StackFrame* StackwalkerX86::GetContextFrame() {
// straight out of the CPU context structure. // straight out of the CPU context structure.
frame->context = *context_; frame->context = *context_;
frame->context_validity = StackFrameX86::CONTEXT_VALID_ALL; frame->context_validity = StackFrameX86::CONTEXT_VALID_ALL;
frame->trust = StackFrameX86::FRAME_TRUST_CONTEXT;
frame->instruction = frame->context.eip; frame->instruction = frame->context.eip;
return frame; return frame;
@ -92,7 +93,7 @@ StackFrame* StackwalkerX86::GetCallerFrame(
BPLOG(ERROR) << "Can't get caller frame without memory or stack"; BPLOG(ERROR) << "Can't get caller frame without memory or stack";
return NULL; return NULL;
} }
StackFrameX86::FrameTrust trust = StackFrameX86::FRAME_TRUST_NONE;
StackFrameX86 *last_frame = static_cast<StackFrameX86*>( StackFrameX86 *last_frame = static_cast<StackFrameX86*>(
stack->frames()->back()); stack->frames()->back());
StackFrameInfo *last_frame_info = stack_frame_info.back().get(); StackFrameInfo *last_frame_info = stack_frame_info.back().get();
@ -183,6 +184,7 @@ StackFrame* StackwalkerX86::GetCallerFrame(
if (last_frame_info && last_frame_info->valid == StackFrameInfo::VALID_ALL) { if (last_frame_info && last_frame_info->valid == StackFrameInfo::VALID_ALL) {
// FPO data available. // FPO data available.
traditional_frame = false; traditional_frame = false;
trust = StackFrameX86::FRAME_TRUST_CFI;
if (!last_frame_info->program_string.empty()) { if (!last_frame_info->program_string.empty()) {
// The FPO data has its own program string, which will tell us how to // The FPO data has its own program string, which will tell us how to
// get to the caller frame, and may even fill in the values of // get to the caller frame, and may even fill in the values of
@ -280,6 +282,7 @@ StackFrame* StackwalkerX86::GetCallerFrame(
// %eip_new = *(%ebp_old + 4) // %eip_new = *(%ebp_old + 4)
// %esp_new = %ebp_old + 8 // %esp_new = %ebp_old + 8
// %ebp_new = *(%ebp_old) // %ebp_new = *(%ebp_old)
trust = StackFrameX86::FRAME_TRUST_FP;
program_string = "$eip $ebp 4 + ^ = " program_string = "$eip $ebp 4 + ^ = "
"$esp $ebp 8 + = " "$esp $ebp 8 + = "
"$ebp $ebp ^ ="; "$ebp $ebp ^ =";
@ -293,9 +296,28 @@ StackFrame* StackwalkerX86::GetCallerFrame(
if (!evaluator.Evaluate(program_string, &dictionary_validity) || if (!evaluator.Evaluate(program_string, &dictionary_validity) ||
dictionary_validity.find("$eip") == dictionary_validity.end() || dictionary_validity.find("$eip") == dictionary_validity.end() ||
dictionary_validity.find("$esp") == dictionary_validity.end()) { dictionary_validity.find("$esp") == dictionary_validity.end()) {
// Program string evaluation failed. It may be that %eip is not somewhere
// with stack frame info, and %ebp is pointing to non-stack memory, so
// our evaluation couldn't succeed. We'll scan the stack for a return
// address. This can happen if the stack is in a module for which
// we don't have symbols, and that module is compiled without a
// frame pointer.
u_int32_t location_start = last_frame->context.esp;
u_int32_t location, eip;
if (!ScanForReturnAddress(location_start, location, eip)) {
// if we can't find an instruction pointer even with stack scanning,
// give up.
return NULL; return NULL;
} }
// This seems like a reasonable return address. Since program string
// evaluation failed, use it and set %esp to the location above the
// one where the return address was found.
dictionary["$eip"] = eip;
dictionary["$esp"] = location + 4;
trust = StackFrameX86::FRAME_TRUST_SCAN;
}
// If this stack frame did not use %ebp in a traditional way, locating the // If this stack frame did not use %ebp in a traditional way, locating the
// return address isn't entirely deterministic. In that case, the stack // return address isn't entirely deterministic. In that case, the stack
// can be scanned to locate the return address. // can be scanned to locate the return address.
@ -321,33 +343,18 @@ StackFrame* StackwalkerX86::GetCallerFrame(
u_int32_t eip = dictionary["$eip"]; u_int32_t eip = dictionary["$eip"];
if (modules_ && !modules_->GetModuleForAddress(eip)) { if (modules_ && !modules_->GetModuleForAddress(eip)) {
const int kRASearchWords = 15;
// The instruction pointer at .raSearchStart was invalid, so start // The instruction pointer at .raSearchStart was invalid, so start
// looking one 32-bit word above that location. // looking one 32-bit word above that location.
u_int32_t location_start = dictionary[".raSearchStart"] + 4; u_int32_t location_start = dictionary[".raSearchStart"] + 4;
u_int32_t location;
for (u_int32_t location = location_start; if (ScanForReturnAddress(location_start, location, eip)) {
location <= location_start + kRASearchWords * 4;
location += 4) {
if (!memory_->GetMemoryAtAddress(location, &eip))
break;
if (modules_->GetModuleForAddress(eip)) {
// This is a better return address that what program string // This is a better return address that what program string
// evaluation found. Use it, and set %esp to the location above the // evaluation found. Use it, and set %esp to the location above the
// one where the return address was found. // one where the return address was found.
//
// TODO(mmentovai): The return-address check can be made even
// stronger in modules for which debugging data is available. In
// that case, it's possible to check that the candidate return
// address is inside a known function.
dictionary["$eip"] = eip; dictionary["$eip"] = eip;
dictionary["$esp"] = location + 4; dictionary["$esp"] = location + 4;
offset = location - location_start; offset = location - location_start;
break; trust = StackFrameX86::FRAME_TRUST_CFI_SCAN;
}
} }
} }
@ -392,6 +399,7 @@ StackFrame* StackwalkerX86::GetCallerFrame(
// and fill it in. // and fill it in.
StackFrameX86 *frame = new StackFrameX86(); StackFrameX86 *frame = new StackFrameX86();
frame->trust = trust;
frame->context = last_frame->context; frame->context = last_frame->context;
frame->context.eip = dictionary["$eip"]; frame->context.eip = dictionary["$eip"];
frame->context.esp = dictionary["$esp"]; frame->context.esp = dictionary["$esp"];
@ -428,5 +436,27 @@ StackFrame* StackwalkerX86::GetCallerFrame(
return frame; return frame;
} }
bool StackwalkerX86::ScanForReturnAddress(u_int32_t location_start,
u_int32_t &location_found,
u_int32_t &eip_found) {
const int kRASearchWords = 15;
for (u_int32_t location = location_start;
location <= location_start + kRASearchWords * 4;
location += 4) {
u_int32_t eip;
if (!memory_->GetMemoryAtAddress(location, &eip))
break;
if (modules_->GetModuleForAddress(eip) &&
InstructionAddressSeemsValid(eip)) {
eip_found = eip;
location_found = location;
return true;
}
}
// nothing found
return false;
}
} // namespace google_breakpad } // namespace google_breakpad

View file

@ -70,6 +70,19 @@ class StackwalkerX86 : public Stackwalker {
const CallStack *stack, const CallStack *stack,
const vector< linked_ptr<StackFrameInfo> > &stack_frame_info); const vector< linked_ptr<StackFrameInfo> > &stack_frame_info);
// Scan the stack starting at location_start, looking for an address
// that looks like a valid instruction pointer. Addresses must
// 1) be contained in the current stack memory
// 2) pass the checks in Stackwalker::InstructionAddressSeemsValid
//
// Returns true if a valid-looking instruction pointer was found.
// When returning true, sets location_found to the address at which
// the value was found, and eip_found to the value contained at that
// location in memory.
bool ScanForReturnAddress(u_int32_t location_start,
u_int32_t &location_found,
u_int32_t &eip_found);
// Stores the CPU context corresponding to the innermost stack frame to // Stores the CPU context corresponding to the innermost stack frame to
// be returned by GetContextFrame. // be returned by GetContextFrame.
const MDRawContextX86 *context_; const MDRawContextX86 *context_;

View file

@ -12,12 +12,16 @@ Thread 0 (crashed)
eip = 0x0040429e esp = 0x0012fe84 ebp = 0x0012fe88 ebx = 0x7c80abc1 eip = 0x0040429e esp = 0x0012fe84 ebp = 0x0012fe88 ebx = 0x7c80abc1
esi = 0x00000002 edi = 0x00000a28 eax = 0x00000045 ecx = 0x0012fe94 esi = 0x00000002 edi = 0x00000a28 eax = 0x00000045 ecx = 0x0012fe94
edx = 0x0042bc58 efl = 0x00010246 edx = 0x0042bc58 efl = 0x00010246
Found by: given as instruction pointer in context
1 test_app.exe!main [test_app.cc : 65 + 0x4] 1 test_app.exe!main [test_app.cc : 65 + 0x4]
eip = 0x00404200 esp = 0x0012fe90 ebp = 0x0012ff70 eip = 0x00404200 esp = 0x0012fe90 ebp = 0x0012ff70
Found by: call frame info
2 test_app.exe!__tmainCRTStartup [crt0.c : 327 + 0x11] 2 test_app.exe!__tmainCRTStartup [crt0.c : 327 + 0x11]
eip = 0x004053ec esp = 0x0012ff78 ebp = 0x0012ffc0 eip = 0x004053ec esp = 0x0012ff78 ebp = 0x0012ffc0
Found by: call frame info
3 kernel32.dll!BaseProcessStart + 0x22 3 kernel32.dll!BaseProcessStart + 0x22
eip = 0x7c816fd7 esp = 0x0012ffc8 ebp = 0x0012fff0 eip = 0x7c816fd7 esp = 0x0012ffc8 ebp = 0x0012fff0
Found by: call frame info
Loaded modules: Loaded modules:
0x00400000 - 0x0042cfff test_app.exe ??? (main) 0x00400000 - 0x0042cfff test_app.exe ??? (main)