/thirdparty/breakpad/processor/stackwalker_x86.cc

http://github.com/tomahawk-player/tomahawk · C++ · 604 lines · 278 code · 63 blank · 263 comment · 57 complexity · 56aee0e7d611424e4c99c0f7a6a5a9ea MD5 · raw file

  1. // Copyright (c) 2010 Google Inc.
  2. // All rights reserved.
  3. //
  4. // Redistribution and use in source and binary forms, with or without
  5. // modification, are permitted provided that the following conditions are
  6. // met:
  7. //
  8. // * Redistributions of source code must retain the above copyright
  9. // notice, this list of conditions and the following disclaimer.
  10. // * Redistributions in binary form must reproduce the above
  11. // copyright notice, this list of conditions and the following disclaimer
  12. // in the documentation and/or other materials provided with the
  13. // distribution.
  14. // * Neither the name of Google Inc. nor the names of its
  15. // contributors may be used to endorse or promote products derived from
  16. // this software without specific prior written permission.
  17. //
  18. // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. // stackwalker_x86.cc: x86-specific stackwalker.
  30. //
  31. // See stackwalker_x86.h for documentation.
  32. //
  33. // Author: Mark Mentovai
  34. #include "processor/postfix_evaluator-inl.h"
  35. #include "google_breakpad/processor/call_stack.h"
  36. #include "google_breakpad/processor/code_modules.h"
  37. #include "google_breakpad/processor/memory_region.h"
  38. #include "google_breakpad/processor/source_line_resolver_interface.h"
  39. #include "google_breakpad/processor/stack_frame_cpu.h"
  40. #include "processor/logging.h"
  41. #include "processor/scoped_ptr.h"
  42. #include "processor/stackwalker_x86.h"
  43. #include "processor/windows_frame_info.h"
  44. #include "processor/cfi_frame_info.h"
  45. namespace google_breakpad {
  46. const StackwalkerX86::CFIWalker::RegisterSet
  47. StackwalkerX86::cfi_register_map_[] = {
  48. // It may seem like $eip and $esp are callee-saves, because (with Unix or
  49. // cdecl calling conventions) the callee is responsible for having them
  50. // restored upon return. But the callee_saves flags here really means
  51. // that the walker should assume they're unchanged if the CFI doesn't
  52. // mention them, which is clearly wrong for $eip and $esp.
  53. { "$eip", ".ra", false,
  54. StackFrameX86::CONTEXT_VALID_EIP, &MDRawContextX86::eip },
  55. { "$esp", ".cfa", false,
  56. StackFrameX86::CONTEXT_VALID_ESP, &MDRawContextX86::esp },
  57. { "$ebp", NULL, true,
  58. StackFrameX86::CONTEXT_VALID_EBP, &MDRawContextX86::ebp },
  59. { "$eax", NULL, false,
  60. StackFrameX86::CONTEXT_VALID_EAX, &MDRawContextX86::eax },
  61. { "$ebx", NULL, true,
  62. StackFrameX86::CONTEXT_VALID_EBX, &MDRawContextX86::ebx },
  63. { "$ecx", NULL, false,
  64. StackFrameX86::CONTEXT_VALID_ECX, &MDRawContextX86::ecx },
  65. { "$edx", NULL, false,
  66. StackFrameX86::CONTEXT_VALID_EDX, &MDRawContextX86::edx },
  67. { "$esi", NULL, true,
  68. StackFrameX86::CONTEXT_VALID_ESI, &MDRawContextX86::esi },
  69. { "$edi", NULL, true,
  70. StackFrameX86::CONTEXT_VALID_EDI, &MDRawContextX86::edi },
  71. };
  72. StackwalkerX86::StackwalkerX86(const SystemInfo *system_info,
  73. const MDRawContextX86 *context,
  74. MemoryRegion *memory,
  75. const CodeModules *modules,
  76. SymbolSupplier *supplier,
  77. SourceLineResolverInterface *resolver)
  78. : Stackwalker(system_info, memory, modules, supplier, resolver),
  79. context_(context),
  80. cfi_walker_(cfi_register_map_,
  81. (sizeof(cfi_register_map_) / sizeof(cfi_register_map_[0]))) {
  82. if (memory_->GetBase() + memory_->GetSize() - 1 > 0xffffffff) {
  83. // The x86 is a 32-bit CPU, the limits of the supplied stack are invalid.
  84. // Mark memory_ = NULL, which will cause stackwalking to fail.
  85. BPLOG(ERROR) << "Memory out of range for stackwalking: " <<
  86. HexString(memory_->GetBase()) << "+" <<
  87. HexString(memory_->GetSize());
  88. memory_ = NULL;
  89. }
  90. }
  91. StackFrameX86::~StackFrameX86() {
  92. if (windows_frame_info)
  93. delete windows_frame_info;
  94. windows_frame_info = NULL;
  95. if (cfi_frame_info)
  96. delete cfi_frame_info;
  97. cfi_frame_info = NULL;
  98. }
  99. StackFrame *StackwalkerX86::GetContextFrame() {
  100. if (!context_ || !memory_) {
  101. BPLOG(ERROR) << "Can't get context frame without context or memory";
  102. return NULL;
  103. }
  104. StackFrameX86 *frame = new StackFrameX86();
  105. // The instruction pointer is stored directly in a register, so pull it
  106. // straight out of the CPU context structure.
  107. frame->context = *context_;
  108. frame->context_validity = StackFrameX86::CONTEXT_VALID_ALL;
  109. frame->trust = StackFrame::FRAME_TRUST_CONTEXT;
  110. frame->instruction = frame->context.eip;
  111. return frame;
  112. }
  113. StackFrameX86 *StackwalkerX86::GetCallerByWindowsFrameInfo(
  114. const vector<StackFrame *> &frames,
  115. WindowsFrameInfo *last_frame_info) {
  116. StackFrame::FrameTrust trust = StackFrame::FRAME_TRUST_NONE;
  117. StackFrameX86 *last_frame = static_cast<StackFrameX86 *>(frames.back());
  118. // Save the stack walking info we found, in case we need it later to
  119. // find the callee of the frame we're constructing now.
  120. last_frame->windows_frame_info = last_frame_info;
  121. // This function only covers the full STACK WIN case. If
  122. // last_frame_info is VALID_PARAMETER_SIZE-only, then we should
  123. // assume the traditional frame format or use some other strategy.
  124. if (last_frame_info->valid != WindowsFrameInfo::VALID_ALL)
  125. return NULL;
  126. // This stackwalker sets each frame's %esp to its value immediately prior
  127. // to the CALL into the callee. This means that %esp points to the last
  128. // callee argument pushed onto the stack, which may not be where %esp points
  129. // after the callee returns. Specifically, the value is correct for the
  130. // cdecl calling convention, but not other conventions. The cdecl
  131. // convention requires a caller to pop its callee's arguments from the
  132. // stack after the callee returns. This is usually accomplished by adding
  133. // the known size of the arguments to %esp. Other calling conventions,
  134. // including stdcall, thiscall, and fastcall, require the callee to pop any
  135. // parameters stored on the stack before returning. This is usually
  136. // accomplished by using the RET n instruction, which pops n bytes off
  137. // the stack after popping the return address.
  138. //
  139. // Because each frame's %esp will point to a location on the stack after
  140. // callee arguments have been PUSHed, when locating things in a stack frame
  141. // relative to %esp, the size of the arguments to the callee need to be
  142. // taken into account. This seems a little bit unclean, but it's better
  143. // than the alternative, which would need to take these same things into
  144. // account, but only for cdecl functions. With this implementation, we get
  145. // to be agnostic about each function's calling convention. Furthermore,
  146. // this is how Windows debugging tools work, so it means that the %esp
  147. // values produced by this stackwalker directly correspond to the %esp
  148. // values you'll see there.
  149. //
  150. // If the last frame has no callee (because it's the context frame), just
  151. // set the callee parameter size to 0: the stack pointer can't point to
  152. // callee arguments because there's no callee. This is correct as long
  153. // as the context wasn't captured while arguments were being pushed for
  154. // a function call. Note that there may be functions whose parameter sizes
  155. // are unknown, 0 is also used in that case. When that happens, it should
  156. // be possible to walk to the next frame without reference to %esp.
  157. u_int32_t last_frame_callee_parameter_size = 0;
  158. int frames_already_walked = frames.size();
  159. if (frames_already_walked >= 2) {
  160. const StackFrameX86 *last_frame_callee
  161. = static_cast<StackFrameX86 *>(frames[frames_already_walked - 2]);
  162. WindowsFrameInfo *last_frame_callee_info
  163. = last_frame_callee->windows_frame_info;
  164. if (last_frame_callee_info &&
  165. (last_frame_callee_info->valid
  166. & WindowsFrameInfo::VALID_PARAMETER_SIZE)) {
  167. last_frame_callee_parameter_size =
  168. last_frame_callee_info->parameter_size;
  169. }
  170. }
  171. // Set up the dictionary for the PostfixEvaluator. %ebp and %esp are used
  172. // in each program string, and their previous values are known, so set them
  173. // here.
  174. PostfixEvaluator<u_int32_t>::DictionaryType dictionary;
  175. // Provide the current register values.
  176. dictionary["$ebp"] = last_frame->context.ebp;
  177. dictionary["$esp"] = last_frame->context.esp;
  178. // Provide constants from the debug info for last_frame and its callee.
  179. // .cbCalleeParams is a Breakpad extension that allows us to use the
  180. // PostfixEvaluator engine when certain types of debugging information
  181. // are present without having to write the constants into the program
  182. // string as literals.
  183. dictionary[".cbCalleeParams"] = last_frame_callee_parameter_size;
  184. dictionary[".cbSavedRegs"] = last_frame_info->saved_register_size;
  185. dictionary[".cbLocals"] = last_frame_info->local_size;
  186. u_int32_t raSearchStart = last_frame->context.esp +
  187. last_frame_callee_parameter_size +
  188. last_frame_info->local_size +
  189. last_frame_info->saved_register_size;
  190. u_int32_t raSearchStartOld = raSearchStart;
  191. u_int32_t found = 0; // dummy value
  192. // Scan up to three words above the calculated search value, in case
  193. // the stack was aligned to a quadword boundary.
  194. if (ScanForReturnAddress(raSearchStart, &raSearchStart, &found, 3) &&
  195. last_frame->trust == StackFrame::FRAME_TRUST_CONTEXT &&
  196. last_frame->windows_frame_info != NULL &&
  197. last_frame_info->type_ == WindowsFrameInfo::STACK_INFO_FPO &&
  198. raSearchStartOld == raSearchStart &&
  199. found == last_frame->context.eip) {
  200. // The context frame represents an FPO-optimized Windows system call.
  201. // On the top of the stack we have a pointer to the current instruction.
  202. // This means that the callee has returned but the return address is still
  203. // on the top of the stack which is very atypical situaltion.
  204. // Skip one slot from the stack and do another scan in order to get the
  205. // actual return address.
  206. raSearchStart += 4;
  207. ScanForReturnAddress(raSearchStart, &raSearchStart, &found, 3);
  208. }
  209. // The difference between raSearch and raSearchStart is unknown,
  210. // but making them the same seems to work well in practice.
  211. dictionary[".raSearchStart"] = raSearchStart;
  212. dictionary[".raSearch"] = raSearchStart;
  213. dictionary[".cbParams"] = last_frame_info->parameter_size;
  214. // Decide what type of program string to use. The program string is in
  215. // postfix notation and will be passed to PostfixEvaluator::Evaluate.
  216. // Given the dictionary and the program string, it is possible to compute
  217. // the return address and the values of other registers in the calling
  218. // function. Because of bugs described below, the stack may need to be
  219. // scanned for these values. The results of program string evaluation
  220. // will be used to determine whether to scan for better values.
  221. string program_string;
  222. bool recover_ebp = true;
  223. trust = StackFrame::FRAME_TRUST_CFI;
  224. if (!last_frame_info->program_string.empty()) {
  225. // The FPO data has its own program string, which will tell us how to
  226. // get to the caller frame, and may even fill in the values of
  227. // nonvolatile registers and provide pointers to local variables and
  228. // parameters. In some cases, particularly with program strings that use
  229. // .raSearchStart, the stack may need to be scanned afterward.
  230. program_string = last_frame_info->program_string;
  231. } else if (last_frame_info->allocates_base_pointer) {
  232. // The function corresponding to the last frame doesn't use the frame
  233. // pointer for conventional purposes, but it does allocate a new
  234. // frame pointer and use it for its own purposes. Its callee's
  235. // information is still accessed relative to %esp, and the previous
  236. // value of %ebp can be recovered from a location in its stack frame,
  237. // within the saved-register area.
  238. //
  239. // Functions that fall into this category use the %ebp register for
  240. // a purpose other than the frame pointer. They restore the caller's
  241. // %ebp before returning. These functions create their stack frame
  242. // after a CALL by decrementing the stack pointer in an amount
  243. // sufficient to store local variables, and then PUSHing saved
  244. // registers onto the stack. Arguments to a callee function, if any,
  245. // are PUSHed after that. Walking up to the caller, therefore,
  246. // can be done solely with calculations relative to the stack pointer
  247. // (%esp). The return address is recovered from the memory location
  248. // above the known sizes of the callee's parameters, saved registers,
  249. // and locals. The caller's stack pointer (the value of %esp when
  250. // the caller executed CALL) is the location immediately above the
  251. // saved return address. The saved value of %ebp to be restored for
  252. // the caller is at a known location in the saved-register area of
  253. // the stack frame.
  254. //
  255. // For this type of frame, MSVC 14 (from Visual Studio 8/2005) in
  256. // link-time code generation mode (/LTCG and /GL) can generate erroneous
  257. // debugging data. The reported size of saved registers can be 0,
  258. // which is clearly an error because these frames must, at the very
  259. // least, save %ebp. For this reason, in addition to those given above
  260. // about the use of .raSearchStart, the stack may need to be scanned
  261. // for a better return address and a better frame pointer after the
  262. // program string is evaluated.
  263. //
  264. // %eip_new = *(%esp_old + callee_params + saved_regs + locals)
  265. // %ebp_new = *(%esp_old + callee_params + saved_regs - 8)
  266. // %esp_new = %esp_old + callee_params + saved_regs + locals + 4
  267. program_string = "$eip .raSearchStart ^ = "
  268. "$ebp $esp .cbCalleeParams + .cbSavedRegs + 8 - ^ = "
  269. "$esp .raSearchStart 4 + =";
  270. } else {
  271. // The function corresponding to the last frame doesn't use %ebp at
  272. // all. The callee frame is located relative to %esp.
  273. //
  274. // The called procedure's instruction pointer and stack pointer are
  275. // recovered in the same way as the case above, except that no
  276. // frame pointer (%ebp) is used at all, so it is not saved anywhere
  277. // in the callee's stack frame and does not need to be recovered.
  278. // Because %ebp wasn't used in the callee, whatever value it has
  279. // is the value that it had in the caller, so it can be carried
  280. // straight through without bringing its validity into question.
  281. //
  282. // Because of the use of .raSearchStart, the stack will possibly be
  283. // examined to locate a better return address after program string
  284. // evaluation. The stack will not be examined to locate a saved
  285. // %ebp value, because these frames do not save (or use) %ebp.
  286. //
  287. // %eip_new = *(%esp_old + callee_params + saved_regs + locals)
  288. // %esp_new = %esp_old + callee_params + saved_regs + locals + 4
  289. // %ebp_new = %ebp_old
  290. program_string = "$eip .raSearchStart ^ = "
  291. "$esp .raSearchStart 4 + =";
  292. recover_ebp = false;
  293. }
  294. // Now crank it out, making sure that the program string set at least the
  295. // two required variables.
  296. PostfixEvaluator<u_int32_t> evaluator =
  297. PostfixEvaluator<u_int32_t>(&dictionary, memory_);
  298. PostfixEvaluator<u_int32_t>::DictionaryValidityType dictionary_validity;
  299. if (!evaluator.Evaluate(program_string, &dictionary_validity) ||
  300. dictionary_validity.find("$eip") == dictionary_validity.end() ||
  301. dictionary_validity.find("$esp") == dictionary_validity.end()) {
  302. // Program string evaluation failed. It may be that %eip is not somewhere
  303. // with stack frame info, and %ebp is pointing to non-stack memory, so
  304. // our evaluation couldn't succeed. We'll scan the stack for a return
  305. // address. This can happen if the stack is in a module for which
  306. // we don't have symbols, and that module is compiled without a
  307. // frame pointer.
  308. u_int32_t location_start = last_frame->context.esp;
  309. u_int32_t location, eip;
  310. if (!ScanForReturnAddress(location_start, &location, &eip)) {
  311. // if we can't find an instruction pointer even with stack scanning,
  312. // give up.
  313. return NULL;
  314. }
  315. // This seems like a reasonable return address. Since program string
  316. // evaluation failed, use it and set %esp to the location above the
  317. // one where the return address was found.
  318. dictionary["$eip"] = eip;
  319. dictionary["$esp"] = location + 4;
  320. trust = StackFrame::FRAME_TRUST_SCAN;
  321. }
  322. // Since this stack frame did not use %ebp in a traditional way,
  323. // locating the return address isn't entirely deterministic. In that
  324. // case, the stack can be scanned to locate the return address.
  325. //
  326. // However, if program string evaluation resulted in both %eip and
  327. // %ebp values of 0, trust that the end of the stack has been
  328. // reached and don't scan for anything else.
  329. if (dictionary["$eip"] != 0 || dictionary["$ebp"] != 0) {
  330. int offset = 0;
  331. // This scan can only be done if a CodeModules object is available, to
  332. // check that candidate return addresses are in fact inside a module.
  333. //
  334. // TODO(mmentovai): This ignores dynamically-generated code. One possible
  335. // solution is to check the minidump's memory map to see if the candidate
  336. // %eip value comes from a mapped executable page, although this would
  337. // require dumps that contain MINIDUMP_MEMORY_INFO, which the Breakpad
  338. // client doesn't currently write (it would need to call MiniDumpWriteDump
  339. // with the MiniDumpWithFullMemoryInfo type bit set). Even given this
  340. // ability, older OSes (pre-XP SP2) and CPUs (pre-P4) don't enforce
  341. // an independent execute privilege on memory pages.
  342. u_int32_t eip = dictionary["$eip"];
  343. if (modules_ && !modules_->GetModuleForAddress(eip)) {
  344. // The instruction pointer at .raSearchStart was invalid, so start
  345. // looking one 32-bit word above that location.
  346. u_int32_t location_start = dictionary[".raSearchStart"] + 4;
  347. u_int32_t location;
  348. if (ScanForReturnAddress(location_start, &location, &eip)) {
  349. // This is a better return address that what program string
  350. // evaluation found. Use it, and set %esp to the location above the
  351. // one where the return address was found.
  352. dictionary["$eip"] = eip;
  353. dictionary["$esp"] = location + 4;
  354. offset = location - location_start;
  355. trust = StackFrame::FRAME_TRUST_CFI_SCAN;
  356. }
  357. }
  358. // When trying to recover the previous value of the frame pointer (%ebp),
  359. // start looking at the lowest possible address in the saved-register
  360. // area, and look at the entire saved register area, increased by the
  361. // size of |offset| to account for additional data that may be on the
  362. // stack. The scan is performed from the highest possible address to
  363. // the lowest, because we expect that the function's prolog would have
  364. // saved %ebp early.
  365. u_int32_t ebp = dictionary["$ebp"];
  366. u_int32_t value; // throwaway variable to check pointer validity
  367. if (recover_ebp && !memory_->GetMemoryAtAddress(ebp, &value)) {
  368. int fp_search_bytes = last_frame_info->saved_register_size + offset;
  369. u_int32_t location_end = last_frame->context.esp +
  370. last_frame_callee_parameter_size;
  371. for (u_int32_t location = location_end + fp_search_bytes;
  372. location >= location_end;
  373. location -= 4) {
  374. if (!memory_->GetMemoryAtAddress(location, &ebp))
  375. break;
  376. if (memory_->GetMemoryAtAddress(ebp, &value)) {
  377. // The candidate value is a pointer to the same memory region
  378. // (the stack). Prefer it as a recovered %ebp result.
  379. dictionary["$ebp"] = ebp;
  380. break;
  381. }
  382. }
  383. }
  384. }
  385. // Create a new stack frame (ownership will be transferred to the caller)
  386. // and fill it in.
  387. StackFrameX86 *frame = new StackFrameX86();
  388. frame->trust = trust;
  389. frame->context = last_frame->context;
  390. frame->context.eip = dictionary["$eip"];
  391. frame->context.esp = dictionary["$esp"];
  392. frame->context.ebp = dictionary["$ebp"];
  393. frame->context_validity = StackFrameX86::CONTEXT_VALID_EIP |
  394. StackFrameX86::CONTEXT_VALID_ESP |
  395. StackFrameX86::CONTEXT_VALID_EBP;
  396. // These are nonvolatile (callee-save) registers, and the program string
  397. // may have filled them in.
  398. if (dictionary_validity.find("$ebx") != dictionary_validity.end()) {
  399. frame->context.ebx = dictionary["$ebx"];
  400. frame->context_validity |= StackFrameX86::CONTEXT_VALID_EBX;
  401. }
  402. if (dictionary_validity.find("$esi") != dictionary_validity.end()) {
  403. frame->context.esi = dictionary["$esi"];
  404. frame->context_validity |= StackFrameX86::CONTEXT_VALID_ESI;
  405. }
  406. if (dictionary_validity.find("$edi") != dictionary_validity.end()) {
  407. frame->context.edi = dictionary["$edi"];
  408. frame->context_validity |= StackFrameX86::CONTEXT_VALID_EDI;
  409. }
  410. return frame;
  411. }
  412. StackFrameX86 *StackwalkerX86::GetCallerByCFIFrameInfo(
  413. const vector<StackFrame*> &frames,
  414. CFIFrameInfo *cfi_frame_info) {
  415. StackFrameX86 *last_frame = static_cast<StackFrameX86*>(frames.back());
  416. last_frame->cfi_frame_info = cfi_frame_info;
  417. scoped_ptr<StackFrameX86> frame(new StackFrameX86());
  418. if (!cfi_walker_
  419. .FindCallerRegisters(*memory_, *cfi_frame_info,
  420. last_frame->context, last_frame->context_validity,
  421. &frame->context, &frame->context_validity))
  422. return NULL;
  423. // Make sure we recovered all the essentials.
  424. static const int essentials = (StackFrameX86::CONTEXT_VALID_EIP
  425. | StackFrameX86::CONTEXT_VALID_ESP
  426. | StackFrameX86::CONTEXT_VALID_EBP);
  427. if ((frame->context_validity & essentials) != essentials)
  428. return NULL;
  429. frame->trust = StackFrame::FRAME_TRUST_CFI;
  430. return frame.release();
  431. }
  432. StackFrameX86 *StackwalkerX86::GetCallerByEBPAtBase(
  433. const vector<StackFrame *> &frames) {
  434. StackFrame::FrameTrust trust;
  435. StackFrameX86 *last_frame = static_cast<StackFrameX86 *>(frames.back());
  436. u_int32_t last_esp = last_frame->context.esp;
  437. u_int32_t last_ebp = last_frame->context.ebp;
  438. // Assume that the standard %ebp-using x86 calling convention is in
  439. // use.
  440. //
  441. // The typical x86 calling convention, when frame pointers are present,
  442. // is for the calling procedure to use CALL, which pushes the return
  443. // address onto the stack and sets the instruction pointer (%eip) to
  444. // the entry point of the called routine. The called routine then
  445. // PUSHes the calling routine's frame pointer (%ebp) onto the stack
  446. // before copying the stack pointer (%esp) to the frame pointer (%ebp).
  447. // Therefore, the calling procedure's frame pointer is always available
  448. // by dereferencing the called procedure's frame pointer, and the return
  449. // address is always available at the memory location immediately above
  450. // the address pointed to by the called procedure's frame pointer. The
  451. // calling procedure's stack pointer (%esp) is 8 higher than the value
  452. // of the called procedure's frame pointer at the time the calling
  453. // procedure made the CALL: 4 bytes for the return address pushed by the
  454. // CALL itself, and 4 bytes for the callee's PUSH of the caller's frame
  455. // pointer.
  456. //
  457. // %eip_new = *(%ebp_old + 4)
  458. // %esp_new = %ebp_old + 8
  459. // %ebp_new = *(%ebp_old)
  460. u_int32_t caller_eip, caller_esp, caller_ebp;
  461. if (memory_->GetMemoryAtAddress(last_ebp + 4, &caller_eip) &&
  462. memory_->GetMemoryAtAddress(last_ebp, &caller_ebp)) {
  463. caller_esp = last_ebp + 8;
  464. trust = StackFrame::FRAME_TRUST_FP;
  465. } else {
  466. // We couldn't read the memory %ebp refers to. It may be that %ebp
  467. // is pointing to non-stack memory. We'll scan the stack for a
  468. // return address. This can happen if last_frame is executing code
  469. // for a module for which we don't have symbols, and that module
  470. // is compiled without a frame pointer.
  471. if (!ScanForReturnAddress(last_esp, &caller_esp, &caller_eip)) {
  472. // if we can't find an instruction pointer even with stack scanning,
  473. // give up.
  474. return NULL;
  475. }
  476. // ScanForReturnAddress found a reasonable return address. Advance
  477. // %esp to the location above the one where the return address was
  478. // found. Assume that %ebp is unchanged.
  479. caller_esp += 4;
  480. caller_ebp = last_ebp;
  481. trust = StackFrame::FRAME_TRUST_SCAN;
  482. }
  483. // Create a new stack frame (ownership will be transferred to the caller)
  484. // and fill it in.
  485. StackFrameX86 *frame = new StackFrameX86();
  486. frame->trust = trust;
  487. frame->context = last_frame->context;
  488. frame->context.eip = caller_eip;
  489. frame->context.esp = caller_esp;
  490. frame->context.ebp = caller_ebp;
  491. frame->context_validity = StackFrameX86::CONTEXT_VALID_EIP |
  492. StackFrameX86::CONTEXT_VALID_ESP |
  493. StackFrameX86::CONTEXT_VALID_EBP;
  494. return frame;
  495. }
  496. StackFrame *StackwalkerX86::GetCallerFrame(const CallStack *stack) {
  497. if (!memory_ || !stack) {
  498. BPLOG(ERROR) << "Can't get caller frame without memory or stack";
  499. return NULL;
  500. }
  501. const vector<StackFrame *> &frames = *stack->frames();
  502. StackFrameX86 *last_frame = static_cast<StackFrameX86 *>(frames.back());
  503. scoped_ptr<StackFrameX86> new_frame;
  504. // If the resolver has Windows stack walking information, use that.
  505. WindowsFrameInfo *windows_frame_info
  506. = resolver_ ? resolver_->FindWindowsFrameInfo(last_frame) : NULL;
  507. if (windows_frame_info)
  508. new_frame.reset(GetCallerByWindowsFrameInfo(frames, windows_frame_info));
  509. // If the resolver has DWARF CFI information, use that.
  510. if (!new_frame.get()) {
  511. CFIFrameInfo *cfi_frame_info =
  512. resolver_ ? resolver_->FindCFIFrameInfo(last_frame) : NULL;
  513. if (cfi_frame_info)
  514. new_frame.reset(GetCallerByCFIFrameInfo(frames, cfi_frame_info));
  515. }
  516. // Otherwise, hope that the program was using a traditional frame structure.
  517. if (!new_frame.get())
  518. new_frame.reset(GetCallerByEBPAtBase(frames));
  519. // If nothing worked, tell the caller.
  520. if (!new_frame.get())
  521. return NULL;
  522. // Treat an instruction address of 0 as end-of-stack.
  523. if (new_frame->context.eip == 0)
  524. return NULL;
  525. // If the new stack pointer is at a lower address than the old, then
  526. // that's clearly incorrect. Treat this as end-of-stack to enforce
  527. // progress and avoid infinite loops.
  528. if (new_frame->context.esp <= last_frame->context.esp)
  529. return NULL;
  530. // new_frame->context.eip is the return address, which is one instruction
  531. // past the CALL that caused us to arrive at the callee. Set
  532. // new_frame->instruction to one less than that. This won't reference the
  533. // beginning of the CALL instruction, but it's guaranteed to be within
  534. // the CALL, which is sufficient to get the source line information to
  535. // match up with the line that contains a function call. Callers that
  536. // require the exact return address value may access the context.eip
  537. // field of StackFrameX86.
  538. new_frame->instruction = new_frame->context.eip - 1;
  539. return new_frame.release();
  540. }
  541. } // namespace google_breakpad