/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ts=8 sts=2 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "LulDwarfSummariser.h" #include "mozilla/Assertions.h" // Set this to 1 for verbose logging #define DEBUG_SUMMARISER 0 namespace lul { // Do |s64|'s lowest 32 bits sign extend back to |s64| itself? static inline bool fitsIn32Bits(int64 s64) { return s64 == ((s64 & 0xffffffff) ^ 0x80000000) - 0x80000000; } // Check a LExpr prefix expression, starting at pfxInstrs[start] up to // the next PX_End instruction, to ensure that: // * It only mentions registers that are tracked on this target // * The start point is sane // If the expression is ok, return NULL. Else return a pointer // a const char* holding a bit of text describing the problem. static const char* checkPfxExpr(const vector<PfxInstr>* pfxInstrs, int64_t start) { size_t nInstrs = pfxInstrs->size(); if (start < 0 || start >= (ssize_t)nInstrs) { return "bogus start point"; } size_t i; for (i = start; i < nInstrs; i++) { PfxInstr pxi = (*pfxInstrs)[i]; if (pxi.mOpcode == PX_End) break; if (pxi.mOpcode == PX_DwReg && !registerIsTracked((DW_REG_NUMBER)pxi.mOperand)) { return "uses untracked reg"; } } return nullptr; // success } Summariser::Summariser(SecMap* aSecMap, uintptr_t aTextBias, void(*aLog)(const char*)) : mSecMap(aSecMap) , mTextBias(aTextBias) , mLog(aLog) { mCurrAddr = 0; mMax1Addr = 0; // Gives an empty range. // Initialise the running RuleSet to "haven't got a clue" status. new (&mCurrRules) RuleSet(); } void Summariser::Entry(uintptr_t aAddress, uintptr_t aLength) { aAddress += mTextBias; if (DEBUG_SUMMARISER) { char buf[100]; SprintfLiteral(buf, "LUL Entry(%llx, %llu)\n", (unsigned long long int)aAddress, (unsigned long long int)aLength); mLog(buf); } // This throws away any previous summary, that is, assumes // that the previous summary, if any, has been properly finished // by a call to End(). mCurrAddr = aAddress; mMax1Addr = aAddress + aLength; new (&mCurrRules) RuleSet(); } void Summariser::Rule(uintptr_t aAddress, int aNewReg, LExprHow how, int16_t oldReg, int64_t offset) { aAddress += mTextBias; if (DEBUG_SUMMARISER) { char buf[100]; if (how == NODEREF || how == DEREF) { bool deref = how == DEREF; SprintfLiteral(buf, "LUL 0x%llx old-r%d = %sr%d + %lld%s\n", (unsigned long long int)aAddress, aNewReg, deref ? "*(" : "", (int)oldReg, (long long int)offset, deref ? ")" : ""); } else if (how == PFXEXPR) { SprintfLiteral(buf, "LUL 0x%llx old-r%d = pfx-expr-at %lld\n", (unsigned long long int)aAddress, aNewReg, (long long int)offset); } else { SprintfLiteral(buf, "LUL 0x%llx old-r%d = (invalid LExpr!)\n", (unsigned long long int)aAddress, aNewReg); } mLog(buf); } if (mCurrAddr < aAddress) { // Flush the existing summary first. mCurrRules.mAddr = mCurrAddr; mCurrRules.mLen = aAddress - mCurrAddr; mSecMap->AddRuleSet(&mCurrRules); if (DEBUG_SUMMARISER) { mLog("LUL "); mCurrRules.Print(mLog); mLog("\n"); } mCurrAddr = aAddress; } // If for some reason summarisation fails, either or both of these // become non-null and point at constant text describing the // problem. Using two rather than just one avoids complications of // having to concatenate two strings to produce a complete error message. const char* reason1 = nullptr; const char* reason2 = nullptr; // |offset| needs to be a 32 bit value that sign extends to 64 bits // on a 64 bit target. We will need to incorporate |offset| into // any LExpr made here. So we may as well check it right now. if (!fitsIn32Bits(offset)) { reason1 = "offset not in signed 32-bit range"; goto cant_summarise; } // FIXME: factor out common parts of the arch-dependent summarisers. #if defined(LUL_ARCH_arm) // ----------------- arm ----------------- // // Now, can we add the rule to our summary? This depends on whether // the registers and the overall expression are representable. This // is the heart of the summarisation process. switch (aNewReg) { case DW_REG_CFA: // This is a rule that defines the CFA. The only forms we // choose to represent are: r7/11/12/13 + offset. The offset // must fit into 32 bits since 'uintptr_t' is 32 bit on ARM, // hence there is no need to check it for overflow. if (how != NODEREF) { reason1 = "rule for DW_REG_CFA: invalid |how|"; goto cant_summarise; } switch (oldReg) { case DW_REG_ARM_R7: case DW_REG_ARM_R11: case DW_REG_ARM_R12: case DW_REG_ARM_R13: break; default: reason1 = "rule for DW_REG_CFA: invalid |oldReg|"; goto cant_summarise; } mCurrRules.mCfaExpr = LExpr(how, oldReg, offset); break; case DW_REG_ARM_R7: case DW_REG_ARM_R11: case DW_REG_ARM_R12: case DW_REG_ARM_R13: case DW_REG_ARM_R14: case DW_REG_ARM_R15: { // This is a new rule for R7, R11, R12, R13 (SP), R14 (LR) or // R15 (the return address). switch (how) { case NODEREF: case DEREF: // Check the old register is one we're tracking. if (!registerIsTracked((DW_REG_NUMBER)oldReg) && oldReg != DW_REG_CFA) { reason1 = "rule for R7/11/12/13/14/15: uses untracked reg"; goto cant_summarise; } break; case PFXEXPR: { // Check that the prefix expression only mentions tracked registers. const vector<PfxInstr>* pfxInstrs = mSecMap->GetPfxInstrs(); reason2 = checkPfxExpr(pfxInstrs, offset); if (reason2) { reason1 = "rule for R7/11/12/13/14/15: "; goto cant_summarise; } break; } default: goto cant_summarise; } LExpr expr = LExpr(how, oldReg, offset); switch (aNewReg) { case DW_REG_ARM_R7: mCurrRules.mR7expr = expr; break; case DW_REG_ARM_R11: mCurrRules.mR11expr = expr; break; case DW_REG_ARM_R12: mCurrRules.mR12expr = expr; break; case DW_REG_ARM_R13: mCurrRules.mR13expr = expr; break; case DW_REG_ARM_R14: mCurrRules.mR14expr = expr; break; case DW_REG_ARM_R15: mCurrRules.mR15expr = expr; break; default: MOZ_ASSERT(0); } break; } default: // Leave |reason1| and |reason2| unset here. This program point // is reached so often that it causes a flood of "Can't // summarise" messages. In any case, we don't really care about // the fact that this summary would produce a new value for a // register that we're not tracking. We do on the other hand // care if the summary's expression *uses* a register that we're // not tracking. But in that case one of the above failures // should tell us which. goto cant_summarise; } // Mark callee-saved registers (r4 .. r11) as unchanged, if there is // no other information about them. FIXME: do this just once, at // the point where the ruleset is committed. if (mCurrRules.mR7expr.mHow == UNKNOWN) { mCurrRules.mR7expr = LExpr(NODEREF, DW_REG_ARM_R7, 0); } if (mCurrRules.mR11expr.mHow == UNKNOWN) { mCurrRules.mR11expr = LExpr(NODEREF, DW_REG_ARM_R11, 0); } if (mCurrRules.mR12expr.mHow == UNKNOWN) { mCurrRules.mR12expr = LExpr(NODEREF, DW_REG_ARM_R12, 0); } // The old r13 (SP) value before the call is always the same as the // CFA. mCurrRules.mR13expr = LExpr(NODEREF, DW_REG_CFA, 0); // If there's no information about R15 (the return address), say // it's a copy of R14 (the link register). if (mCurrRules.mR15expr.mHow == UNKNOWN) { mCurrRules.mR15expr = LExpr(NODEREF, DW_REG_ARM_R14, 0); } #elif defined(LUL_ARCH_x64) || defined(LUL_ARCH_x86) // ---------------- x64/x86 ---------------- // // Now, can we add the rule to our summary? This depends on whether // the registers and the overall expression are representable. This // is the heart of the summarisation process. switch (aNewReg) { case DW_REG_CFA: // This is a rule that defines the CFA. The only forms we can // represent are: = SP+offset or = FP+offset. if (how != NODEREF) { reason1 = "rule for DW_REG_CFA: invalid |how|"; goto cant_summarise; } if (oldReg != DW_REG_INTEL_XSP && oldReg != DW_REG_INTEL_XBP) { reason1 = "rule for DW_REG_CFA: invalid |oldReg|"; goto cant_summarise; } mCurrRules.mCfaExpr = LExpr(how, oldReg, offset); break; case DW_REG_INTEL_XSP: case DW_REG_INTEL_XBP: case DW_REG_INTEL_XIP: { // This is a new rule for XSP, XBP or XIP (the return address). switch (how) { case NODEREF: case DEREF: // Check the old register is one we're tracking. if (!registerIsTracked((DW_REG_NUMBER)oldReg) && oldReg != DW_REG_CFA) { reason1 = "rule for XSP/XBP/XIP: uses untracked reg"; goto cant_summarise; } break; case PFXEXPR: { // Check that the prefix expression only mentions tracked registers. const vector<PfxInstr>* pfxInstrs = mSecMap->GetPfxInstrs(); reason2 = checkPfxExpr(pfxInstrs, offset); if (reason2) { reason1 = "rule for XSP/XBP/XIP: "; goto cant_summarise; } break; } default: goto cant_summarise; } LExpr expr = LExpr(how, oldReg, offset); switch (aNewReg) { case DW_REG_INTEL_XBP: mCurrRules.mXbpExpr = expr; break; case DW_REG_INTEL_XSP: mCurrRules.mXspExpr = expr; break; case DW_REG_INTEL_XIP: mCurrRules.mXipExpr = expr; break; default: MOZ_CRASH("impossible value for aNewReg"); } break; } default: // Leave |reason1| and |reason2| unset here, for the reasons // explained in the analogous point in the ARM case just above. goto cant_summarise; } // On Intel, it seems the old SP value before the call is always the // same as the CFA. Therefore, in the absence of any other way to // recover the SP, specify that the CFA should be copied. if (mCurrRules.mXspExpr.mHow == UNKNOWN) { mCurrRules.mXspExpr = LExpr(NODEREF, DW_REG_CFA, 0); } // Also, gcc says "Undef" for BP when it is unchanged. if (mCurrRules.mXbpExpr.mHow == UNKNOWN) { mCurrRules.mXbpExpr = LExpr(NODEREF, DW_REG_INTEL_XBP, 0); } #else # error "Unsupported arch" #endif return; cant_summarise: if (reason1 || reason2) { char buf[200]; SprintfLiteral(buf, "LUL can't summarise: " "SVMA=0x%llx: %s%s, expr=LExpr(%s,%u,%lld)\n", (unsigned long long int)(aAddress - mTextBias), reason1 ? reason1 : "", reason2 ? reason2 : "", NameOf_LExprHow(how), (unsigned int)oldReg, (long long int)offset); mLog(buf); } } uint32_t Summariser::AddPfxInstr(PfxInstr pfxi) { return mSecMap->AddPfxInstr(pfxi); } void Summariser::End() { if (DEBUG_SUMMARISER) { mLog("LUL End\n"); } if (mCurrAddr < mMax1Addr) { mCurrRules.mAddr = mCurrAddr; mCurrRules.mLen = mMax1Addr - mCurrAddr; mSecMap->AddRuleSet(&mCurrRules); if (DEBUG_SUMMARISER) { mLog("LUL "); mCurrRules.Print(mLog); mLog("\n"); } } } } // namespace lul