1*9712c20fSFrederick Mayle // Copyright 2010 Google LLC
2*9712c20fSFrederick Mayle //
3*9712c20fSFrederick Mayle // Redistribution and use in source and binary forms, with or without
4*9712c20fSFrederick Mayle // modification, are permitted provided that the following conditions are
5*9712c20fSFrederick Mayle // met:
6*9712c20fSFrederick Mayle //
7*9712c20fSFrederick Mayle // * Redistributions of source code must retain the above copyright
8*9712c20fSFrederick Mayle // notice, this list of conditions and the following disclaimer.
9*9712c20fSFrederick Mayle // * Redistributions in binary form must reproduce the above
10*9712c20fSFrederick Mayle // copyright notice, this list of conditions and the following disclaimer
11*9712c20fSFrederick Mayle // in the documentation and/or other materials provided with the
12*9712c20fSFrederick Mayle // distribution.
13*9712c20fSFrederick Mayle // * Neither the name of Google LLC nor the names of its
14*9712c20fSFrederick Mayle // contributors may be used to endorse or promote products derived from
15*9712c20fSFrederick Mayle // this software without specific prior written permission.
16*9712c20fSFrederick Mayle //
17*9712c20fSFrederick Mayle // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18*9712c20fSFrederick Mayle // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19*9712c20fSFrederick Mayle // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20*9712c20fSFrederick Mayle // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
21*9712c20fSFrederick Mayle // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22*9712c20fSFrederick Mayle // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23*9712c20fSFrederick Mayle // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24*9712c20fSFrederick Mayle // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25*9712c20fSFrederick Mayle // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26*9712c20fSFrederick Mayle // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27*9712c20fSFrederick Mayle // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28*9712c20fSFrederick Mayle
29*9712c20fSFrederick Mayle // stackwalker_x86.cc: x86-specific stackwalker.
30*9712c20fSFrederick Mayle //
31*9712c20fSFrederick Mayle // See stackwalker_x86.h for documentation.
32*9712c20fSFrederick Mayle //
33*9712c20fSFrederick Mayle // Author: Mark Mentovai
34*9712c20fSFrederick Mayle
35*9712c20fSFrederick Mayle #ifdef HAVE_CONFIG_H
36*9712c20fSFrederick Mayle #include <config.h> // Must come first
37*9712c20fSFrederick Mayle #endif
38*9712c20fSFrederick Mayle
39*9712c20fSFrederick Mayle #include <assert.h>
40*9712c20fSFrederick Mayle #include <string>
41*9712c20fSFrederick Mayle
42*9712c20fSFrederick Mayle #include "common/scoped_ptr.h"
43*9712c20fSFrederick Mayle #include "google_breakpad/processor/call_stack.h"
44*9712c20fSFrederick Mayle #include "google_breakpad/processor/code_modules.h"
45*9712c20fSFrederick Mayle #include "google_breakpad/processor/memory_region.h"
46*9712c20fSFrederick Mayle #include "google_breakpad/processor/source_line_resolver_interface.h"
47*9712c20fSFrederick Mayle #include "google_breakpad/processor/stack_frame_cpu.h"
48*9712c20fSFrederick Mayle #include "processor/logging.h"
49*9712c20fSFrederick Mayle #include "processor/postfix_evaluator-inl.h"
50*9712c20fSFrederick Mayle #include "processor/stackwalker_x86.h"
51*9712c20fSFrederick Mayle #include "processor/windows_frame_info.h"
52*9712c20fSFrederick Mayle #include "processor/cfi_frame_info.h"
53*9712c20fSFrederick Mayle
54*9712c20fSFrederick Mayle namespace google_breakpad {
55*9712c20fSFrederick Mayle
56*9712c20fSFrederick Mayle // Max reasonable size for a single x86 frame is 128 KB. This value is used in
57*9712c20fSFrederick Mayle // a heuristic for recovering of the EBP chain after a scan for return address.
58*9712c20fSFrederick Mayle // This value is based on a stack frame size histogram built for a set of
59*9712c20fSFrederick Mayle // popular third party libraries which suggests that 99.5% of all frames are
60*9712c20fSFrederick Mayle // smaller than 128 KB.
61*9712c20fSFrederick Mayle static const uint32_t kMaxReasonableGapBetweenFrames = 128 * 1024;
62*9712c20fSFrederick Mayle
63*9712c20fSFrederick Mayle const StackwalkerX86::CFIWalker::RegisterSet
64*9712c20fSFrederick Mayle StackwalkerX86::cfi_register_map_[] = {
65*9712c20fSFrederick Mayle // It may seem like $eip and $esp are callee-saves, because (with Unix or
66*9712c20fSFrederick Mayle // cdecl calling conventions) the callee is responsible for having them
67*9712c20fSFrederick Mayle // restored upon return. But the callee_saves flags here really means
68*9712c20fSFrederick Mayle // that the walker should assume they're unchanged if the CFI doesn't
69*9712c20fSFrederick Mayle // mention them, which is clearly wrong for $eip and $esp.
70*9712c20fSFrederick Mayle { "$eip", ".ra", false,
71*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_EIP, &MDRawContextX86::eip },
72*9712c20fSFrederick Mayle { "$esp", ".cfa", false,
73*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_ESP, &MDRawContextX86::esp },
74*9712c20fSFrederick Mayle { "$ebp", NULL, true,
75*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_EBP, &MDRawContextX86::ebp },
76*9712c20fSFrederick Mayle { "$eax", NULL, false,
77*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_EAX, &MDRawContextX86::eax },
78*9712c20fSFrederick Mayle { "$ebx", NULL, true,
79*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_EBX, &MDRawContextX86::ebx },
80*9712c20fSFrederick Mayle { "$ecx", NULL, false,
81*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_ECX, &MDRawContextX86::ecx },
82*9712c20fSFrederick Mayle { "$edx", NULL, false,
83*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_EDX, &MDRawContextX86::edx },
84*9712c20fSFrederick Mayle { "$esi", NULL, true,
85*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_ESI, &MDRawContextX86::esi },
86*9712c20fSFrederick Mayle { "$edi", NULL, true,
87*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_EDI, &MDRawContextX86::edi },
88*9712c20fSFrederick Mayle };
89*9712c20fSFrederick Mayle
StackwalkerX86(const SystemInfo * system_info,const MDRawContextX86 * context,MemoryRegion * memory,const CodeModules * modules,StackFrameSymbolizer * resolver_helper)90*9712c20fSFrederick Mayle StackwalkerX86::StackwalkerX86(const SystemInfo* system_info,
91*9712c20fSFrederick Mayle const MDRawContextX86* context,
92*9712c20fSFrederick Mayle MemoryRegion* memory,
93*9712c20fSFrederick Mayle const CodeModules* modules,
94*9712c20fSFrederick Mayle StackFrameSymbolizer* resolver_helper)
95*9712c20fSFrederick Mayle : Stackwalker(system_info, memory, modules, resolver_helper),
96*9712c20fSFrederick Mayle context_(context),
97*9712c20fSFrederick Mayle cfi_walker_(cfi_register_map_,
98*9712c20fSFrederick Mayle (sizeof(cfi_register_map_) / sizeof(cfi_register_map_[0]))) {
99*9712c20fSFrederick Mayle if (memory_ && memory_->GetBase() + memory_->GetSize() - 1 > 0xffffffff) {
100*9712c20fSFrederick Mayle // The x86 is a 32-bit CPU, the limits of the supplied stack are invalid.
101*9712c20fSFrederick Mayle // Mark memory_ = NULL, which will cause stackwalking to fail.
102*9712c20fSFrederick Mayle BPLOG(ERROR) << "Memory out of range for stackwalking: " <<
103*9712c20fSFrederick Mayle HexString(memory_->GetBase()) << "+" <<
104*9712c20fSFrederick Mayle HexString(memory_->GetSize());
105*9712c20fSFrederick Mayle memory_ = NULL;
106*9712c20fSFrederick Mayle }
107*9712c20fSFrederick Mayle }
108*9712c20fSFrederick Mayle
~StackFrameX86()109*9712c20fSFrederick Mayle StackFrameX86::~StackFrameX86() {
110*9712c20fSFrederick Mayle if (windows_frame_info)
111*9712c20fSFrederick Mayle delete windows_frame_info;
112*9712c20fSFrederick Mayle windows_frame_info = NULL;
113*9712c20fSFrederick Mayle if (cfi_frame_info)
114*9712c20fSFrederick Mayle delete cfi_frame_info;
115*9712c20fSFrederick Mayle cfi_frame_info = NULL;
116*9712c20fSFrederick Mayle }
117*9712c20fSFrederick Mayle
ReturnAddress() const118*9712c20fSFrederick Mayle uint64_t StackFrameX86::ReturnAddress() const {
119*9712c20fSFrederick Mayle assert(context_validity & StackFrameX86::CONTEXT_VALID_EIP);
120*9712c20fSFrederick Mayle return context.eip;
121*9712c20fSFrederick Mayle }
122*9712c20fSFrederick Mayle
GetContextFrame()123*9712c20fSFrederick Mayle StackFrame* StackwalkerX86::GetContextFrame() {
124*9712c20fSFrederick Mayle if (!context_) {
125*9712c20fSFrederick Mayle BPLOG(ERROR) << "Can't get context frame without context";
126*9712c20fSFrederick Mayle return NULL;
127*9712c20fSFrederick Mayle }
128*9712c20fSFrederick Mayle
129*9712c20fSFrederick Mayle StackFrameX86* frame = new StackFrameX86();
130*9712c20fSFrederick Mayle
131*9712c20fSFrederick Mayle // The instruction pointer is stored directly in a register, so pull it
132*9712c20fSFrederick Mayle // straight out of the CPU context structure.
133*9712c20fSFrederick Mayle frame->context = *context_;
134*9712c20fSFrederick Mayle frame->context_validity = StackFrameX86::CONTEXT_VALID_ALL;
135*9712c20fSFrederick Mayle frame->trust = StackFrame::FRAME_TRUST_CONTEXT;
136*9712c20fSFrederick Mayle frame->instruction = frame->context.eip;
137*9712c20fSFrederick Mayle
138*9712c20fSFrederick Mayle return frame;
139*9712c20fSFrederick Mayle }
140*9712c20fSFrederick Mayle
GetCallerByWindowsFrameInfo(const vector<StackFrame * > & frames,WindowsFrameInfo * last_frame_info,bool stack_scan_allowed)141*9712c20fSFrederick Mayle StackFrameX86* StackwalkerX86::GetCallerByWindowsFrameInfo(
142*9712c20fSFrederick Mayle const vector<StackFrame*>& frames,
143*9712c20fSFrederick Mayle WindowsFrameInfo* last_frame_info,
144*9712c20fSFrederick Mayle bool stack_scan_allowed) {
145*9712c20fSFrederick Mayle StackFrame::FrameTrust trust = StackFrame::FRAME_TRUST_NONE;
146*9712c20fSFrederick Mayle
147*9712c20fSFrederick Mayle // The last frame can never be inline. A sequence of inline frames always
148*9712c20fSFrederick Mayle // finishes with a conventional frame.
149*9712c20fSFrederick Mayle assert(frames.back()->trust != StackFrame::FRAME_TRUST_INLINE);
150*9712c20fSFrederick Mayle StackFrameX86* last_frame = static_cast<StackFrameX86*>(frames.back());
151*9712c20fSFrederick Mayle
152*9712c20fSFrederick Mayle // Save the stack walking info we found, in case we need it later to
153*9712c20fSFrederick Mayle // find the callee of the frame we're constructing now.
154*9712c20fSFrederick Mayle last_frame->windows_frame_info = last_frame_info;
155*9712c20fSFrederick Mayle
156*9712c20fSFrederick Mayle // This function only covers the full STACK WIN case. If
157*9712c20fSFrederick Mayle // last_frame_info is VALID_PARAMETER_SIZE-only, then we should
158*9712c20fSFrederick Mayle // assume the traditional frame format or use some other strategy.
159*9712c20fSFrederick Mayle if (last_frame_info->valid != WindowsFrameInfo::VALID_ALL)
160*9712c20fSFrederick Mayle return NULL;
161*9712c20fSFrederick Mayle
162*9712c20fSFrederick Mayle // This stackwalker sets each frame's %esp to its value immediately prior
163*9712c20fSFrederick Mayle // to the CALL into the callee. This means that %esp points to the last
164*9712c20fSFrederick Mayle // callee argument pushed onto the stack, which may not be where %esp points
165*9712c20fSFrederick Mayle // after the callee returns. Specifically, the value is correct for the
166*9712c20fSFrederick Mayle // cdecl calling convention, but not other conventions. The cdecl
167*9712c20fSFrederick Mayle // convention requires a caller to pop its callee's arguments from the
168*9712c20fSFrederick Mayle // stack after the callee returns. This is usually accomplished by adding
169*9712c20fSFrederick Mayle // the known size of the arguments to %esp. Other calling conventions,
170*9712c20fSFrederick Mayle // including stdcall, thiscall, and fastcall, require the callee to pop any
171*9712c20fSFrederick Mayle // parameters stored on the stack before returning. This is usually
172*9712c20fSFrederick Mayle // accomplished by using the RET n instruction, which pops n bytes off
173*9712c20fSFrederick Mayle // the stack after popping the return address.
174*9712c20fSFrederick Mayle //
175*9712c20fSFrederick Mayle // Because each frame's %esp will point to a location on the stack after
176*9712c20fSFrederick Mayle // callee arguments have been PUSHed, when locating things in a stack frame
177*9712c20fSFrederick Mayle // relative to %esp, the size of the arguments to the callee need to be
178*9712c20fSFrederick Mayle // taken into account. This seems a little bit unclean, but it's better
179*9712c20fSFrederick Mayle // than the alternative, which would need to take these same things into
180*9712c20fSFrederick Mayle // account, but only for cdecl functions. With this implementation, we get
181*9712c20fSFrederick Mayle // to be agnostic about each function's calling convention. Furthermore,
182*9712c20fSFrederick Mayle // this is how Windows debugging tools work, so it means that the %esp
183*9712c20fSFrederick Mayle // values produced by this stackwalker directly correspond to the %esp
184*9712c20fSFrederick Mayle // values you'll see there.
185*9712c20fSFrederick Mayle //
186*9712c20fSFrederick Mayle // If the last frame has no callee (because it's the context frame), just
187*9712c20fSFrederick Mayle // set the callee parameter size to 0: the stack pointer can't point to
188*9712c20fSFrederick Mayle // callee arguments because there's no callee. This is correct as long
189*9712c20fSFrederick Mayle // as the context wasn't captured while arguments were being pushed for
190*9712c20fSFrederick Mayle // a function call. Note that there may be functions whose parameter sizes
191*9712c20fSFrederick Mayle // are unknown, 0 is also used in that case. When that happens, it should
192*9712c20fSFrederick Mayle // be possible to walk to the next frame without reference to %esp.
193*9712c20fSFrederick Mayle
194*9712c20fSFrederick Mayle uint32_t last_frame_callee_parameter_size = 0;
195*9712c20fSFrederick Mayle int frames_already_walked = frames.size();
196*9712c20fSFrederick Mayle for (int last_frame_callee_id = frames_already_walked - 2;
197*9712c20fSFrederick Mayle last_frame_callee_id >= 0; last_frame_callee_id--) {
198*9712c20fSFrederick Mayle // Searching for a real callee frame. Skipping inline frames since they
199*9712c20fSFrederick Mayle // cannot be downcasted to StackFrameX86.
200*9712c20fSFrederick Mayle if (frames[last_frame_callee_id]->trust == StackFrame::FRAME_TRUST_INLINE) {
201*9712c20fSFrederick Mayle continue;
202*9712c20fSFrederick Mayle }
203*9712c20fSFrederick Mayle const StackFrameX86* last_frame_callee
204*9712c20fSFrederick Mayle = static_cast<StackFrameX86*>(frames[last_frame_callee_id]);
205*9712c20fSFrederick Mayle WindowsFrameInfo* last_frame_callee_info
206*9712c20fSFrederick Mayle = last_frame_callee->windows_frame_info;
207*9712c20fSFrederick Mayle if (last_frame_callee_info &&
208*9712c20fSFrederick Mayle (last_frame_callee_info->valid
209*9712c20fSFrederick Mayle & WindowsFrameInfo::VALID_PARAMETER_SIZE)) {
210*9712c20fSFrederick Mayle last_frame_callee_parameter_size =
211*9712c20fSFrederick Mayle last_frame_callee_info->parameter_size;
212*9712c20fSFrederick Mayle }
213*9712c20fSFrederick Mayle }
214*9712c20fSFrederick Mayle
215*9712c20fSFrederick Mayle // Set up the dictionary for the PostfixEvaluator. %ebp, %esp, and sometimes
216*9712c20fSFrederick Mayle // %ebx are used in program strings, and their previous values are known, so
217*9712c20fSFrederick Mayle // set them here.
218*9712c20fSFrederick Mayle PostfixEvaluator<uint32_t>::DictionaryType dictionary;
219*9712c20fSFrederick Mayle // Provide the current register values.
220*9712c20fSFrederick Mayle dictionary["$ebp"] = last_frame->context.ebp;
221*9712c20fSFrederick Mayle dictionary["$esp"] = last_frame->context.esp;
222*9712c20fSFrederick Mayle if (last_frame->context_validity & StackFrameX86::CONTEXT_VALID_EBX)
223*9712c20fSFrederick Mayle dictionary["$ebx"] = last_frame->context.ebx;
224*9712c20fSFrederick Mayle // Provide constants from the debug info for last_frame and its callee.
225*9712c20fSFrederick Mayle // .cbCalleeParams is a Breakpad extension that allows us to use the
226*9712c20fSFrederick Mayle // PostfixEvaluator engine when certain types of debugging information
227*9712c20fSFrederick Mayle // are present without having to write the constants into the program
228*9712c20fSFrederick Mayle // string as literals.
229*9712c20fSFrederick Mayle dictionary[".cbCalleeParams"] = last_frame_callee_parameter_size;
230*9712c20fSFrederick Mayle dictionary[".cbSavedRegs"] = last_frame_info->saved_register_size;
231*9712c20fSFrederick Mayle dictionary[".cbLocals"] = last_frame_info->local_size;
232*9712c20fSFrederick Mayle
233*9712c20fSFrederick Mayle uint32_t raSearchStart = last_frame->context.esp +
234*9712c20fSFrederick Mayle last_frame_callee_parameter_size +
235*9712c20fSFrederick Mayle last_frame_info->local_size +
236*9712c20fSFrederick Mayle last_frame_info->saved_register_size;
237*9712c20fSFrederick Mayle
238*9712c20fSFrederick Mayle uint32_t raSearchStartOld = raSearchStart;
239*9712c20fSFrederick Mayle uint32_t found = 0; // dummy value
240*9712c20fSFrederick Mayle // Scan up to three words above the calculated search value, in case
241*9712c20fSFrederick Mayle // the stack was aligned to a quadword boundary.
242*9712c20fSFrederick Mayle //
243*9712c20fSFrederick Mayle // TODO(ivan.penkov): Consider cleaning up the scan for return address that
244*9712c20fSFrederick Mayle // follows. The purpose of this scan is to adjust the .raSearchStart
245*9712c20fSFrederick Mayle // calculation (which is based on register %esp) in the cases where register
246*9712c20fSFrederick Mayle // %esp may have been aligned (up to a quadword). There are two problems
247*9712c20fSFrederick Mayle // with this approach:
248*9712c20fSFrederick Mayle // 1) In practice, 64 byte boundary alignment is seen which clearly can not
249*9712c20fSFrederick Mayle // be handled by a three word scan.
250*9712c20fSFrederick Mayle // 2) A search for a return address is "guesswork" by definition because
251*9712c20fSFrederick Mayle // the results will be different depending on what is left on the stack
252*9712c20fSFrederick Mayle // from previous executions.
253*9712c20fSFrederick Mayle // So, basically, the results from this scan should be ignored if other means
254*9712c20fSFrederick Mayle // for calculation of the value of .raSearchStart are available.
255*9712c20fSFrederick Mayle if (ScanForReturnAddress(raSearchStart, &raSearchStart, &found, 3) &&
256*9712c20fSFrederick Mayle last_frame->trust == StackFrame::FRAME_TRUST_CONTEXT &&
257*9712c20fSFrederick Mayle last_frame->windows_frame_info != NULL &&
258*9712c20fSFrederick Mayle last_frame_info->type_ == WindowsFrameInfo::STACK_INFO_FPO &&
259*9712c20fSFrederick Mayle raSearchStartOld == raSearchStart &&
260*9712c20fSFrederick Mayle found == last_frame->context.eip) {
261*9712c20fSFrederick Mayle // The context frame represents an FPO-optimized Windows system call.
262*9712c20fSFrederick Mayle // On the top of the stack we have a pointer to the current instruction.
263*9712c20fSFrederick Mayle // This means that the callee has returned but the return address is still
264*9712c20fSFrederick Mayle // on the top of the stack which is very atypical situaltion.
265*9712c20fSFrederick Mayle // Skip one slot from the stack and do another scan in order to get the
266*9712c20fSFrederick Mayle // actual return address.
267*9712c20fSFrederick Mayle raSearchStart += 4;
268*9712c20fSFrederick Mayle ScanForReturnAddress(raSearchStart, &raSearchStart, &found, 3);
269*9712c20fSFrederick Mayle }
270*9712c20fSFrederick Mayle
271*9712c20fSFrederick Mayle dictionary[".cbParams"] = last_frame_info->parameter_size;
272*9712c20fSFrederick Mayle
273*9712c20fSFrederick Mayle // Decide what type of program string to use. The program string is in
274*9712c20fSFrederick Mayle // postfix notation and will be passed to PostfixEvaluator::Evaluate.
275*9712c20fSFrederick Mayle // Given the dictionary and the program string, it is possible to compute
276*9712c20fSFrederick Mayle // the return address and the values of other registers in the calling
277*9712c20fSFrederick Mayle // function. Because of bugs described below, the stack may need to be
278*9712c20fSFrederick Mayle // scanned for these values. The results of program string evaluation
279*9712c20fSFrederick Mayle // will be used to determine whether to scan for better values.
280*9712c20fSFrederick Mayle string program_string;
281*9712c20fSFrederick Mayle bool recover_ebp = true;
282*9712c20fSFrederick Mayle
283*9712c20fSFrederick Mayle trust = StackFrame::FRAME_TRUST_CFI;
284*9712c20fSFrederick Mayle if (!last_frame_info->program_string.empty()) {
285*9712c20fSFrederick Mayle // The FPO data has its own program string, which will tell us how to
286*9712c20fSFrederick Mayle // get to the caller frame, and may even fill in the values of
287*9712c20fSFrederick Mayle // nonvolatile registers and provide pointers to local variables and
288*9712c20fSFrederick Mayle // parameters. In some cases, particularly with program strings that use
289*9712c20fSFrederick Mayle // .raSearchStart, the stack may need to be scanned afterward.
290*9712c20fSFrederick Mayle program_string = last_frame_info->program_string;
291*9712c20fSFrederick Mayle } else if (last_frame_info->allocates_base_pointer) {
292*9712c20fSFrederick Mayle // The function corresponding to the last frame doesn't use the frame
293*9712c20fSFrederick Mayle // pointer for conventional purposes, but it does allocate a new
294*9712c20fSFrederick Mayle // frame pointer and use it for its own purposes. Its callee's
295*9712c20fSFrederick Mayle // information is still accessed relative to %esp, and the previous
296*9712c20fSFrederick Mayle // value of %ebp can be recovered from a location in its stack frame,
297*9712c20fSFrederick Mayle // within the saved-register area.
298*9712c20fSFrederick Mayle //
299*9712c20fSFrederick Mayle // Functions that fall into this category use the %ebp register for
300*9712c20fSFrederick Mayle // a purpose other than the frame pointer. They restore the caller's
301*9712c20fSFrederick Mayle // %ebp before returning. These functions create their stack frame
302*9712c20fSFrederick Mayle // after a CALL by decrementing the stack pointer in an amount
303*9712c20fSFrederick Mayle // sufficient to store local variables, and then PUSHing saved
304*9712c20fSFrederick Mayle // registers onto the stack. Arguments to a callee function, if any,
305*9712c20fSFrederick Mayle // are PUSHed after that. Walking up to the caller, therefore,
306*9712c20fSFrederick Mayle // can be done solely with calculations relative to the stack pointer
307*9712c20fSFrederick Mayle // (%esp). The return address is recovered from the memory location
308*9712c20fSFrederick Mayle // above the known sizes of the callee's parameters, saved registers,
309*9712c20fSFrederick Mayle // and locals. The caller's stack pointer (the value of %esp when
310*9712c20fSFrederick Mayle // the caller executed CALL) is the location immediately above the
311*9712c20fSFrederick Mayle // saved return address. The saved value of %ebp to be restored for
312*9712c20fSFrederick Mayle // the caller is at a known location in the saved-register area of
313*9712c20fSFrederick Mayle // the stack frame.
314*9712c20fSFrederick Mayle //
315*9712c20fSFrederick Mayle // For this type of frame, MSVC 14 (from Visual Studio 8/2005) in
316*9712c20fSFrederick Mayle // link-time code generation mode (/LTCG and /GL) can generate erroneous
317*9712c20fSFrederick Mayle // debugging data. The reported size of saved registers can be 0,
318*9712c20fSFrederick Mayle // which is clearly an error because these frames must, at the very
319*9712c20fSFrederick Mayle // least, save %ebp. For this reason, in addition to those given above
320*9712c20fSFrederick Mayle // about the use of .raSearchStart, the stack may need to be scanned
321*9712c20fSFrederick Mayle // for a better return address and a better frame pointer after the
322*9712c20fSFrederick Mayle // program string is evaluated.
323*9712c20fSFrederick Mayle //
324*9712c20fSFrederick Mayle // %eip_new = *(%esp_old + callee_params + saved_regs + locals)
325*9712c20fSFrederick Mayle // %ebp_new = *(%esp_old + callee_params + saved_regs - 8)
326*9712c20fSFrederick Mayle // %esp_new = %esp_old + callee_params + saved_regs + locals + 4
327*9712c20fSFrederick Mayle program_string = "$eip .raSearchStart ^ = "
328*9712c20fSFrederick Mayle "$ebp $esp .cbCalleeParams + .cbSavedRegs + 8 - ^ = "
329*9712c20fSFrederick Mayle "$esp .raSearchStart 4 + =";
330*9712c20fSFrederick Mayle } else {
331*9712c20fSFrederick Mayle // The function corresponding to the last frame doesn't use %ebp at
332*9712c20fSFrederick Mayle // all. The callee frame is located relative to %esp.
333*9712c20fSFrederick Mayle //
334*9712c20fSFrederick Mayle // The called procedure's instruction pointer and stack pointer are
335*9712c20fSFrederick Mayle // recovered in the same way as the case above, except that no
336*9712c20fSFrederick Mayle // frame pointer (%ebp) is used at all, so it is not saved anywhere
337*9712c20fSFrederick Mayle // in the callee's stack frame and does not need to be recovered.
338*9712c20fSFrederick Mayle // Because %ebp wasn't used in the callee, whatever value it has
339*9712c20fSFrederick Mayle // is the value that it had in the caller, so it can be carried
340*9712c20fSFrederick Mayle // straight through without bringing its validity into question.
341*9712c20fSFrederick Mayle //
342*9712c20fSFrederick Mayle // Because of the use of .raSearchStart, the stack will possibly be
343*9712c20fSFrederick Mayle // examined to locate a better return address after program string
344*9712c20fSFrederick Mayle // evaluation. The stack will not be examined to locate a saved
345*9712c20fSFrederick Mayle // %ebp value, because these frames do not save (or use) %ebp.
346*9712c20fSFrederick Mayle //
347*9712c20fSFrederick Mayle // We also propagate %ebx through, as it is commonly unmodifed after
348*9712c20fSFrederick Mayle // calling simple forwarding functions in ntdll (that are this non-EBP
349*9712c20fSFrederick Mayle // using type). It's not clear that this is always correct, but it is
350*9712c20fSFrederick Mayle // important for some functions to get a correct walk.
351*9712c20fSFrederick Mayle //
352*9712c20fSFrederick Mayle // %eip_new = *(%esp_old + callee_params + saved_regs + locals)
353*9712c20fSFrederick Mayle // %esp_new = %esp_old + callee_params + saved_regs + locals + 4
354*9712c20fSFrederick Mayle // %ebp_new = %ebp_old
355*9712c20fSFrederick Mayle // %ebx_new = %ebx_old // If available.
356*9712c20fSFrederick Mayle program_string = "$eip .raSearchStart ^ = "
357*9712c20fSFrederick Mayle "$esp .raSearchStart 4 + =";
358*9712c20fSFrederick Mayle if (last_frame->context_validity & StackFrameX86::CONTEXT_VALID_EBX)
359*9712c20fSFrederick Mayle program_string += " $ebx $ebx =";
360*9712c20fSFrederick Mayle recover_ebp = false;
361*9712c20fSFrederick Mayle }
362*9712c20fSFrederick Mayle
363*9712c20fSFrederick Mayle // Check for alignment operators in the program string. If alignment
364*9712c20fSFrederick Mayle // operators are found, then current %ebp must be valid and it is the only
365*9712c20fSFrederick Mayle // reliable data point that can be used for getting to the previous frame.
366*9712c20fSFrederick Mayle // E.g. the .raSearchStart calculation (above) is based on %esp and since
367*9712c20fSFrederick Mayle // %esp was aligned in the current frame (which is a lossy operation) the
368*9712c20fSFrederick Mayle // calculated value of .raSearchStart cannot be correct and should not be
369*9712c20fSFrederick Mayle // used. Instead .raSearchStart must be calculated based on %ebp.
370*9712c20fSFrederick Mayle // The code that follows assumes that .raSearchStart is supposed to point
371*9712c20fSFrederick Mayle // at the saved return address (ebp + 4).
372*9712c20fSFrederick Mayle // For some more details on this topic, take a look at the following thread:
373*9712c20fSFrederick Mayle // https://groups.google.com/forum/#!topic/google-breakpad-dev/ZP1FA9B1JjM
374*9712c20fSFrederick Mayle if ((StackFrameX86::CONTEXT_VALID_EBP & last_frame->context_validity) != 0 &&
375*9712c20fSFrederick Mayle program_string.find('@') != string::npos) {
376*9712c20fSFrederick Mayle raSearchStart = last_frame->context.ebp + 4;
377*9712c20fSFrederick Mayle }
378*9712c20fSFrederick Mayle
379*9712c20fSFrederick Mayle // The difference between raSearch and raSearchStart is unknown,
380*9712c20fSFrederick Mayle // but making them the same seems to work well in practice.
381*9712c20fSFrederick Mayle dictionary[".raSearchStart"] = raSearchStart;
382*9712c20fSFrederick Mayle dictionary[".raSearch"] = raSearchStart;
383*9712c20fSFrederick Mayle
384*9712c20fSFrederick Mayle // Now crank it out, making sure that the program string set at least the
385*9712c20fSFrederick Mayle // two required variables.
386*9712c20fSFrederick Mayle PostfixEvaluator<uint32_t> evaluator =
387*9712c20fSFrederick Mayle PostfixEvaluator<uint32_t>(&dictionary, memory_);
388*9712c20fSFrederick Mayle PostfixEvaluator<uint32_t>::DictionaryValidityType dictionary_validity;
389*9712c20fSFrederick Mayle if (!evaluator.Evaluate(program_string, &dictionary_validity) ||
390*9712c20fSFrederick Mayle dictionary_validity.find("$eip") == dictionary_validity.end() ||
391*9712c20fSFrederick Mayle dictionary_validity.find("$esp") == dictionary_validity.end()) {
392*9712c20fSFrederick Mayle // Program string evaluation failed. It may be that %eip is not somewhere
393*9712c20fSFrederick Mayle // with stack frame info, and %ebp is pointing to non-stack memory, so
394*9712c20fSFrederick Mayle // our evaluation couldn't succeed. We'll scan the stack for a return
395*9712c20fSFrederick Mayle // address. This can happen if the stack is in a module for which
396*9712c20fSFrederick Mayle // we don't have symbols, and that module is compiled without a
397*9712c20fSFrederick Mayle // frame pointer.
398*9712c20fSFrederick Mayle uint32_t location_start = last_frame->context.esp;
399*9712c20fSFrederick Mayle uint32_t location, eip;
400*9712c20fSFrederick Mayle if (!stack_scan_allowed ||
401*9712c20fSFrederick Mayle !ScanForReturnAddress(location_start, &location, &eip,
402*9712c20fSFrederick Mayle /*is_context_frame=*/last_frame->trust ==
403*9712c20fSFrederick Mayle StackFrame::FRAME_TRUST_CONTEXT)) {
404*9712c20fSFrederick Mayle // if we can't find an instruction pointer even with stack scanning,
405*9712c20fSFrederick Mayle // give up.
406*9712c20fSFrederick Mayle return NULL;
407*9712c20fSFrederick Mayle }
408*9712c20fSFrederick Mayle
409*9712c20fSFrederick Mayle // This seems like a reasonable return address. Since program string
410*9712c20fSFrederick Mayle // evaluation failed, use it and set %esp to the location above the
411*9712c20fSFrederick Mayle // one where the return address was found.
412*9712c20fSFrederick Mayle dictionary["$eip"] = eip;
413*9712c20fSFrederick Mayle dictionary["$esp"] = location + 4;
414*9712c20fSFrederick Mayle trust = StackFrame::FRAME_TRUST_SCAN;
415*9712c20fSFrederick Mayle }
416*9712c20fSFrederick Mayle
417*9712c20fSFrederick Mayle // Since this stack frame did not use %ebp in a traditional way,
418*9712c20fSFrederick Mayle // locating the return address isn't entirely deterministic. In that
419*9712c20fSFrederick Mayle // case, the stack can be scanned to locate the return address.
420*9712c20fSFrederick Mayle //
421*9712c20fSFrederick Mayle // However, if program string evaluation resulted in both %eip and
422*9712c20fSFrederick Mayle // %ebp values of 0, trust that the end of the stack has been
423*9712c20fSFrederick Mayle // reached and don't scan for anything else.
424*9712c20fSFrederick Mayle if (dictionary["$eip"] != 0 || dictionary["$ebp"] != 0) {
425*9712c20fSFrederick Mayle int offset = 0;
426*9712c20fSFrederick Mayle
427*9712c20fSFrederick Mayle // This scan can only be done if a CodeModules object is available, to
428*9712c20fSFrederick Mayle // check that candidate return addresses are in fact inside a module.
429*9712c20fSFrederick Mayle //
430*9712c20fSFrederick Mayle // TODO(mmentovai): This ignores dynamically-generated code. One possible
431*9712c20fSFrederick Mayle // solution is to check the minidump's memory map to see if the candidate
432*9712c20fSFrederick Mayle // %eip value comes from a mapped executable page, although this would
433*9712c20fSFrederick Mayle // require dumps that contain MINIDUMP_MEMORY_INFO, which the Breakpad
434*9712c20fSFrederick Mayle // client doesn't currently write (it would need to call MiniDumpWriteDump
435*9712c20fSFrederick Mayle // with the MiniDumpWithFullMemoryInfo type bit set). Even given this
436*9712c20fSFrederick Mayle // ability, older OSes (pre-XP SP2) and CPUs (pre-P4) don't enforce
437*9712c20fSFrederick Mayle // an independent execute privilege on memory pages.
438*9712c20fSFrederick Mayle
439*9712c20fSFrederick Mayle uint32_t eip = dictionary["$eip"];
440*9712c20fSFrederick Mayle if (modules_ && !modules_->GetModuleForAddress(eip)) {
441*9712c20fSFrederick Mayle // The instruction pointer at .raSearchStart was invalid, so start
442*9712c20fSFrederick Mayle // looking one 32-bit word above that location.
443*9712c20fSFrederick Mayle uint32_t location_start = dictionary[".raSearchStart"] + 4;
444*9712c20fSFrederick Mayle uint32_t location;
445*9712c20fSFrederick Mayle if (stack_scan_allowed &&
446*9712c20fSFrederick Mayle ScanForReturnAddress(location_start, &location, &eip,
447*9712c20fSFrederick Mayle /*is_context_frame=*/last_frame->trust ==
448*9712c20fSFrederick Mayle StackFrame::FRAME_TRUST_CONTEXT)) {
449*9712c20fSFrederick Mayle // This is a better return address that what program string
450*9712c20fSFrederick Mayle // evaluation found. Use it, and set %esp to the location above the
451*9712c20fSFrederick Mayle // one where the return address was found.
452*9712c20fSFrederick Mayle dictionary["$eip"] = eip;
453*9712c20fSFrederick Mayle dictionary["$esp"] = location + 4;
454*9712c20fSFrederick Mayle offset = location - location_start;
455*9712c20fSFrederick Mayle trust = StackFrame::FRAME_TRUST_CFI_SCAN;
456*9712c20fSFrederick Mayle }
457*9712c20fSFrederick Mayle }
458*9712c20fSFrederick Mayle
459*9712c20fSFrederick Mayle if (recover_ebp) {
460*9712c20fSFrederick Mayle // When trying to recover the previous value of the frame pointer (%ebp),
461*9712c20fSFrederick Mayle // start looking at the lowest possible address in the saved-register
462*9712c20fSFrederick Mayle // area, and look at the entire saved register area, increased by the
463*9712c20fSFrederick Mayle // size of |offset| to account for additional data that may be on the
464*9712c20fSFrederick Mayle // stack. The scan is performed from the highest possible address to
465*9712c20fSFrederick Mayle // the lowest, because the expectation is that the function's prolog
466*9712c20fSFrederick Mayle // would have saved %ebp early.
467*9712c20fSFrederick Mayle uint32_t ebp = dictionary["$ebp"];
468*9712c20fSFrederick Mayle
469*9712c20fSFrederick Mayle // When a scan for return address is used, it is possible to skip one or
470*9712c20fSFrederick Mayle // more frames (when return address is not in a known module). One
471*9712c20fSFrederick Mayle // indication for skipped frames is when the value of %ebp is lower than
472*9712c20fSFrederick Mayle // the location of the return address on the stack
473*9712c20fSFrederick Mayle bool has_skipped_frames =
474*9712c20fSFrederick Mayle (trust != StackFrame::FRAME_TRUST_CFI && ebp <= raSearchStart + offset);
475*9712c20fSFrederick Mayle
476*9712c20fSFrederick Mayle uint32_t value; // throwaway variable to check pointer validity
477*9712c20fSFrederick Mayle if (has_skipped_frames || !memory_->GetMemoryAtAddress(ebp, &value)) {
478*9712c20fSFrederick Mayle int fp_search_bytes = last_frame_info->saved_register_size + offset;
479*9712c20fSFrederick Mayle uint32_t location_end = last_frame->context.esp +
480*9712c20fSFrederick Mayle last_frame_callee_parameter_size;
481*9712c20fSFrederick Mayle
482*9712c20fSFrederick Mayle for (uint32_t location = location_end + fp_search_bytes;
483*9712c20fSFrederick Mayle location >= location_end;
484*9712c20fSFrederick Mayle location -= 4) {
485*9712c20fSFrederick Mayle if (!memory_->GetMemoryAtAddress(location, &ebp))
486*9712c20fSFrederick Mayle break;
487*9712c20fSFrederick Mayle
488*9712c20fSFrederick Mayle if (memory_->GetMemoryAtAddress(ebp, &value)) {
489*9712c20fSFrederick Mayle // The candidate value is a pointer to the same memory region
490*9712c20fSFrederick Mayle // (the stack). Prefer it as a recovered %ebp result.
491*9712c20fSFrederick Mayle dictionary["$ebp"] = ebp;
492*9712c20fSFrederick Mayle break;
493*9712c20fSFrederick Mayle }
494*9712c20fSFrederick Mayle }
495*9712c20fSFrederick Mayle }
496*9712c20fSFrederick Mayle }
497*9712c20fSFrederick Mayle }
498*9712c20fSFrederick Mayle
499*9712c20fSFrederick Mayle // Create a new stack frame (ownership will be transferred to the caller)
500*9712c20fSFrederick Mayle // and fill it in.
501*9712c20fSFrederick Mayle StackFrameX86* frame = new StackFrameX86();
502*9712c20fSFrederick Mayle
503*9712c20fSFrederick Mayle frame->trust = trust;
504*9712c20fSFrederick Mayle frame->context = last_frame->context;
505*9712c20fSFrederick Mayle frame->context.eip = dictionary["$eip"];
506*9712c20fSFrederick Mayle frame->context.esp = dictionary["$esp"];
507*9712c20fSFrederick Mayle frame->context.ebp = dictionary["$ebp"];
508*9712c20fSFrederick Mayle frame->context_validity = StackFrameX86::CONTEXT_VALID_EIP |
509*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_ESP |
510*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_EBP;
511*9712c20fSFrederick Mayle
512*9712c20fSFrederick Mayle // These are nonvolatile (callee-save) registers, and the program string
513*9712c20fSFrederick Mayle // may have filled them in.
514*9712c20fSFrederick Mayle if (dictionary_validity.find("$ebx") != dictionary_validity.end()) {
515*9712c20fSFrederick Mayle frame->context.ebx = dictionary["$ebx"];
516*9712c20fSFrederick Mayle frame->context_validity |= StackFrameX86::CONTEXT_VALID_EBX;
517*9712c20fSFrederick Mayle }
518*9712c20fSFrederick Mayle if (dictionary_validity.find("$esi") != dictionary_validity.end()) {
519*9712c20fSFrederick Mayle frame->context.esi = dictionary["$esi"];
520*9712c20fSFrederick Mayle frame->context_validity |= StackFrameX86::CONTEXT_VALID_ESI;
521*9712c20fSFrederick Mayle }
522*9712c20fSFrederick Mayle if (dictionary_validity.find("$edi") != dictionary_validity.end()) {
523*9712c20fSFrederick Mayle frame->context.edi = dictionary["$edi"];
524*9712c20fSFrederick Mayle frame->context_validity |= StackFrameX86::CONTEXT_VALID_EDI;
525*9712c20fSFrederick Mayle }
526*9712c20fSFrederick Mayle
527*9712c20fSFrederick Mayle return frame;
528*9712c20fSFrederick Mayle }
529*9712c20fSFrederick Mayle
GetCallerByCFIFrameInfo(const vector<StackFrame * > & frames,CFIFrameInfo * cfi_frame_info)530*9712c20fSFrederick Mayle StackFrameX86* StackwalkerX86::GetCallerByCFIFrameInfo(
531*9712c20fSFrederick Mayle const vector<StackFrame*>& frames,
532*9712c20fSFrederick Mayle CFIFrameInfo* cfi_frame_info) {
533*9712c20fSFrederick Mayle // The last frame can never be inline. A sequence of inline frames always
534*9712c20fSFrederick Mayle // finishes with a conventional frame.
535*9712c20fSFrederick Mayle assert(frames.back()->trust != StackFrame::FRAME_TRUST_INLINE);
536*9712c20fSFrederick Mayle StackFrameX86* last_frame = static_cast<StackFrameX86*>(frames.back());
537*9712c20fSFrederick Mayle last_frame->cfi_frame_info = cfi_frame_info;
538*9712c20fSFrederick Mayle
539*9712c20fSFrederick Mayle scoped_ptr<StackFrameX86> frame(new StackFrameX86());
540*9712c20fSFrederick Mayle if (!cfi_walker_
541*9712c20fSFrederick Mayle .FindCallerRegisters(*memory_, *cfi_frame_info,
542*9712c20fSFrederick Mayle last_frame->context, last_frame->context_validity,
543*9712c20fSFrederick Mayle &frame->context, &frame->context_validity))
544*9712c20fSFrederick Mayle return NULL;
545*9712c20fSFrederick Mayle
546*9712c20fSFrederick Mayle // Make sure we recovered all the essentials.
547*9712c20fSFrederick Mayle static const int essentials = (StackFrameX86::CONTEXT_VALID_EIP
548*9712c20fSFrederick Mayle | StackFrameX86::CONTEXT_VALID_ESP
549*9712c20fSFrederick Mayle | StackFrameX86::CONTEXT_VALID_EBP);
550*9712c20fSFrederick Mayle if ((frame->context_validity & essentials) != essentials)
551*9712c20fSFrederick Mayle return NULL;
552*9712c20fSFrederick Mayle
553*9712c20fSFrederick Mayle frame->trust = StackFrame::FRAME_TRUST_CFI;
554*9712c20fSFrederick Mayle
555*9712c20fSFrederick Mayle return frame.release();
556*9712c20fSFrederick Mayle }
557*9712c20fSFrederick Mayle
GetCallerByEBPAtBase(const vector<StackFrame * > & frames,bool stack_scan_allowed)558*9712c20fSFrederick Mayle StackFrameX86* StackwalkerX86::GetCallerByEBPAtBase(
559*9712c20fSFrederick Mayle const vector<StackFrame*>& frames,
560*9712c20fSFrederick Mayle bool stack_scan_allowed) {
561*9712c20fSFrederick Mayle StackFrame::FrameTrust trust;
562*9712c20fSFrederick Mayle // The last frame can never be inline. A sequence of inline frames always
563*9712c20fSFrederick Mayle // finishes with a conventional frame.
564*9712c20fSFrederick Mayle assert(frames.back()->trust != StackFrame::FRAME_TRUST_INLINE);
565*9712c20fSFrederick Mayle StackFrameX86* last_frame = static_cast<StackFrameX86*>(frames.back());
566*9712c20fSFrederick Mayle uint32_t last_esp = last_frame->context.esp;
567*9712c20fSFrederick Mayle uint32_t last_ebp = last_frame->context.ebp;
568*9712c20fSFrederick Mayle
569*9712c20fSFrederick Mayle // Assume that the standard %ebp-using x86 calling convention is in
570*9712c20fSFrederick Mayle // use.
571*9712c20fSFrederick Mayle //
572*9712c20fSFrederick Mayle // The typical x86 calling convention, when frame pointers are present,
573*9712c20fSFrederick Mayle // is for the calling procedure to use CALL, which pushes the return
574*9712c20fSFrederick Mayle // address onto the stack and sets the instruction pointer (%eip) to
575*9712c20fSFrederick Mayle // the entry point of the called routine. The called routine then
576*9712c20fSFrederick Mayle // PUSHes the calling routine's frame pointer (%ebp) onto the stack
577*9712c20fSFrederick Mayle // before copying the stack pointer (%esp) to the frame pointer (%ebp).
578*9712c20fSFrederick Mayle // Therefore, the calling procedure's frame pointer is always available
579*9712c20fSFrederick Mayle // by dereferencing the called procedure's frame pointer, and the return
580*9712c20fSFrederick Mayle // address is always available at the memory location immediately above
581*9712c20fSFrederick Mayle // the address pointed to by the called procedure's frame pointer. The
582*9712c20fSFrederick Mayle // calling procedure's stack pointer (%esp) is 8 higher than the value
583*9712c20fSFrederick Mayle // of the called procedure's frame pointer at the time the calling
584*9712c20fSFrederick Mayle // procedure made the CALL: 4 bytes for the return address pushed by the
585*9712c20fSFrederick Mayle // CALL itself, and 4 bytes for the callee's PUSH of the caller's frame
586*9712c20fSFrederick Mayle // pointer.
587*9712c20fSFrederick Mayle //
588*9712c20fSFrederick Mayle // %eip_new = *(%ebp_old + 4)
589*9712c20fSFrederick Mayle // %esp_new = %ebp_old + 8
590*9712c20fSFrederick Mayle // %ebp_new = *(%ebp_old)
591*9712c20fSFrederick Mayle
592*9712c20fSFrederick Mayle uint32_t caller_eip, caller_esp, caller_ebp;
593*9712c20fSFrederick Mayle
594*9712c20fSFrederick Mayle if (memory_->GetMemoryAtAddress(last_ebp + 4, &caller_eip) &&
595*9712c20fSFrederick Mayle memory_->GetMemoryAtAddress(last_ebp, &caller_ebp)) {
596*9712c20fSFrederick Mayle caller_esp = last_ebp + 8;
597*9712c20fSFrederick Mayle trust = StackFrame::FRAME_TRUST_FP;
598*9712c20fSFrederick Mayle } else {
599*9712c20fSFrederick Mayle // We couldn't read the memory %ebp refers to. It may be that %ebp
600*9712c20fSFrederick Mayle // is pointing to non-stack memory. We'll scan the stack for a
601*9712c20fSFrederick Mayle // return address. This can happen if last_frame is executing code
602*9712c20fSFrederick Mayle // for a module for which we don't have symbols, and that module
603*9712c20fSFrederick Mayle // is compiled without a frame pointer.
604*9712c20fSFrederick Mayle if (!stack_scan_allowed ||
605*9712c20fSFrederick Mayle !ScanForReturnAddress(last_esp, &caller_esp, &caller_eip,
606*9712c20fSFrederick Mayle /*is_context_frame=*/last_frame->trust ==
607*9712c20fSFrederick Mayle StackFrame::FRAME_TRUST_CONTEXT)) {
608*9712c20fSFrederick Mayle // if we can't find an instruction pointer even with stack scanning,
609*9712c20fSFrederick Mayle // give up.
610*9712c20fSFrederick Mayle return NULL;
611*9712c20fSFrederick Mayle }
612*9712c20fSFrederick Mayle
613*9712c20fSFrederick Mayle // ScanForReturnAddress found a reasonable return address. Advance %esp to
614*9712c20fSFrederick Mayle // the location immediately above the one where the return address was
615*9712c20fSFrederick Mayle // found.
616*9712c20fSFrederick Mayle caller_esp += 4;
617*9712c20fSFrederick Mayle // Try to restore the %ebp chain. The caller %ebp should be stored at a
618*9712c20fSFrederick Mayle // location immediately below the one where the return address was found.
619*9712c20fSFrederick Mayle // A valid caller %ebp must be greater than the address where it is stored
620*9712c20fSFrederick Mayle // and the gap between the two adjacent frames should be reasonable.
621*9712c20fSFrederick Mayle uint32_t restored_ebp_chain = caller_esp - 8;
622*9712c20fSFrederick Mayle if (!memory_->GetMemoryAtAddress(restored_ebp_chain, &caller_ebp) ||
623*9712c20fSFrederick Mayle caller_ebp <= restored_ebp_chain ||
624*9712c20fSFrederick Mayle caller_ebp - restored_ebp_chain > kMaxReasonableGapBetweenFrames) {
625*9712c20fSFrederick Mayle // The restored %ebp chain doesn't appear to be valid.
626*9712c20fSFrederick Mayle // Assume that %ebp is unchanged.
627*9712c20fSFrederick Mayle caller_ebp = last_ebp;
628*9712c20fSFrederick Mayle }
629*9712c20fSFrederick Mayle
630*9712c20fSFrederick Mayle trust = StackFrame::FRAME_TRUST_SCAN;
631*9712c20fSFrederick Mayle }
632*9712c20fSFrederick Mayle
633*9712c20fSFrederick Mayle // Create a new stack frame (ownership will be transferred to the caller)
634*9712c20fSFrederick Mayle // and fill it in.
635*9712c20fSFrederick Mayle StackFrameX86* frame = new StackFrameX86();
636*9712c20fSFrederick Mayle
637*9712c20fSFrederick Mayle frame->trust = trust;
638*9712c20fSFrederick Mayle frame->context = last_frame->context;
639*9712c20fSFrederick Mayle frame->context.eip = caller_eip;
640*9712c20fSFrederick Mayle frame->context.esp = caller_esp;
641*9712c20fSFrederick Mayle frame->context.ebp = caller_ebp;
642*9712c20fSFrederick Mayle frame->context_validity = StackFrameX86::CONTEXT_VALID_EIP |
643*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_ESP |
644*9712c20fSFrederick Mayle StackFrameX86::CONTEXT_VALID_EBP;
645*9712c20fSFrederick Mayle
646*9712c20fSFrederick Mayle return frame;
647*9712c20fSFrederick Mayle }
648*9712c20fSFrederick Mayle
GetCallerFrame(const CallStack * stack,bool stack_scan_allowed)649*9712c20fSFrederick Mayle StackFrame* StackwalkerX86::GetCallerFrame(const CallStack* stack,
650*9712c20fSFrederick Mayle bool stack_scan_allowed) {
651*9712c20fSFrederick Mayle if (!memory_ || !stack) {
652*9712c20fSFrederick Mayle BPLOG(ERROR) << "Can't get caller frame without memory or stack";
653*9712c20fSFrederick Mayle return NULL;
654*9712c20fSFrederick Mayle }
655*9712c20fSFrederick Mayle
656*9712c20fSFrederick Mayle const vector<StackFrame*>& frames = *stack->frames();
657*9712c20fSFrederick Mayle StackFrameX86* last_frame = static_cast<StackFrameX86*>(frames.back());
658*9712c20fSFrederick Mayle // The last frame can never be inline. A sequence of inline frames always
659*9712c20fSFrederick Mayle // finishes with a conventional frame.
660*9712c20fSFrederick Mayle assert(last_frame->trust != StackFrame::FRAME_TRUST_INLINE);
661*9712c20fSFrederick Mayle scoped_ptr<StackFrameX86> new_frame;
662*9712c20fSFrederick Mayle
663*9712c20fSFrederick Mayle // If the resolver has Windows stack walking information, use that.
664*9712c20fSFrederick Mayle WindowsFrameInfo* windows_frame_info
665*9712c20fSFrederick Mayle = frame_symbolizer_->FindWindowsFrameInfo(last_frame);
666*9712c20fSFrederick Mayle if (windows_frame_info)
667*9712c20fSFrederick Mayle new_frame.reset(GetCallerByWindowsFrameInfo(frames, windows_frame_info,
668*9712c20fSFrederick Mayle stack_scan_allowed));
669*9712c20fSFrederick Mayle
670*9712c20fSFrederick Mayle // If the resolver has DWARF CFI information, use that.
671*9712c20fSFrederick Mayle if (!new_frame.get()) {
672*9712c20fSFrederick Mayle CFIFrameInfo* cfi_frame_info =
673*9712c20fSFrederick Mayle frame_symbolizer_->FindCFIFrameInfo(last_frame);
674*9712c20fSFrederick Mayle if (cfi_frame_info)
675*9712c20fSFrederick Mayle new_frame.reset(GetCallerByCFIFrameInfo(frames, cfi_frame_info));
676*9712c20fSFrederick Mayle }
677*9712c20fSFrederick Mayle
678*9712c20fSFrederick Mayle // Otherwise, hope that the program was using a traditional frame structure.
679*9712c20fSFrederick Mayle if (!new_frame.get())
680*9712c20fSFrederick Mayle new_frame.reset(GetCallerByEBPAtBase(frames, stack_scan_allowed));
681*9712c20fSFrederick Mayle
682*9712c20fSFrederick Mayle // If nothing worked, tell the caller.
683*9712c20fSFrederick Mayle if (!new_frame.get())
684*9712c20fSFrederick Mayle return NULL;
685*9712c20fSFrederick Mayle
686*9712c20fSFrederick Mayle // Should we terminate the stack walk? (end-of-stack or broken invariant)
687*9712c20fSFrederick Mayle if (TerminateWalk(new_frame->context.eip, new_frame->context.esp,
688*9712c20fSFrederick Mayle last_frame->context.esp,
689*9712c20fSFrederick Mayle /*first_unwind=*/last_frame->trust ==
690*9712c20fSFrederick Mayle StackFrame::FRAME_TRUST_CONTEXT)) {
691*9712c20fSFrederick Mayle return NULL;
692*9712c20fSFrederick Mayle }
693*9712c20fSFrederick Mayle
694*9712c20fSFrederick Mayle // new_frame->context.eip is the return address, which is the instruction
695*9712c20fSFrederick Mayle // after the CALL that caused us to arrive at the callee. Set
696*9712c20fSFrederick Mayle // new_frame->instruction to one less than that, so it points within the
697*9712c20fSFrederick Mayle // CALL instruction. See StackFrame::instruction for details, and
698*9712c20fSFrederick Mayle // StackFrameAMD64::ReturnAddress.
699*9712c20fSFrederick Mayle new_frame->instruction = new_frame->context.eip - 1;
700*9712c20fSFrederick Mayle
701*9712c20fSFrederick Mayle return new_frame.release();
702*9712c20fSFrederick Mayle }
703*9712c20fSFrederick Mayle
704*9712c20fSFrederick Mayle } // namespace google_breakpad
705