1 /* -*- mode: C; c-basic-offset: 3; -*- */
2 
3 /*--------------------------------------------------------------------*/
4 /*--- Read DWARF1/2/3/4 debug info.                    readdwarf.c ---*/
5 /*--------------------------------------------------------------------*/
6 
7 /*
8    This file is part of Valgrind, a dynamic binary instrumentation
9    framework.
10 
11    Copyright (C) 2000-2015 Julian Seward
12       jseward@acm.org
13 
14    This program is free software; you can redistribute it and/or
15    modify it under the terms of the GNU General Public License as
16    published by the Free Software Foundation; either version 2 of the
17    License, or (at your option) any later version.
18 
19    This program is distributed in the hope that it will be useful, but
20    WITHOUT ANY WARRANTY; without even the implied warranty of
21    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
22    General Public License for more details.
23 
24    You should have received a copy of the GNU General Public License
25    along with this program; if not, write to the Free Software
26    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
27    02111-1307, USA.
28 
29    The GNU General Public License is contained in the file COPYING.
30 */
31 
32 #if defined(VGO_linux) || defined(VGO_darwin) || defined(VGO_solaris)
33 
34 #include "pub_core_basics.h"
35 #include "pub_core_debuginfo.h"
36 #include "pub_core_libcbase.h"
37 #include "pub_core_libcassert.h"
38 #include "pub_core_libcprint.h"
39 #include "pub_core_options.h"
40 #include "pub_core_xarray.h"
41 #include "pub_core_tooliface.h"    /* VG_(needs) */
42 #include "priv_misc.h"             /* dinfo_zalloc/free/strdup */
43 #include "priv_image.h"
44 #include "priv_d3basics.h"
45 #include "priv_tytypes.h"
46 #include "priv_storage.h"
47 #include "priv_readdwarf.h"        /* self */
48 
49 
50 /*------------------------------------------------------------*/
51 /*---                                                      ---*/
52 /*--- Read line number and CFI info from DWARF1, DWARF2    ---*/
53 /*--- and to some extent DWARF3 sections.                  ---*/
54 /*---                                                      ---*/
55 /*------------------------------------------------------------*/
56 
57 /* The below "safe_*ix" functions allow to resist to malformed dwarf info:
58    if dwarf info contains wrong file or dirname indexes, these are (silently!)
59    ignored. */
60 
61 /* if xa_ix is a valid index in fndn_ix_xa,
62     return the element (i.e. the UInt indexing in fndnpool).
63    If xa_ix is invalid, return 0 (i.e. the "null" element in fndnpool). */
safe_fndn_ix(XArray * fndn_ix_xa,Int xa_ix)64 static UInt safe_fndn_ix (XArray* fndn_ix_xa, Int xa_ix)
65 {
66    if (xa_ix < 0) return 0;
67    if (xa_ix >= VG_(sizeXA) (fndn_ix_xa)) return 0;
68    return *(UInt*)VG_(indexXA) ( fndn_ix_xa, xa_ix );
69 }
70 
71 /* if xa_ix is a valid index in dirname_xa,
72     return the element (i.e. the HChar*).
73    If xa_ix is invalid, return NULL. */
safe_dirname_ix(XArray * dirname_xa,Int xa_ix)74 static const HChar* safe_dirname_ix (XArray* dirname_xa, Int xa_ix)
75 {
76    if (xa_ix < 0) return NULL;
77    if (xa_ix >= VG_(sizeXA) (dirname_xa)) return NULL;
78    return *(HChar**)VG_(indexXA) ( dirname_xa, xa_ix );
79 }
80 
81 /*------------------------------------------------------------*/
82 /*--- Read DWARF2 format line number info.                 ---*/
83 /*------------------------------------------------------------*/
84 
85 /* Structure holding info extracted from the a .debug_line
86    section.  */
87 typedef struct
88 {
89   ULong  li_length;
90   UShort li_version;
91   ULong  li_header_length;
92   UChar  li_min_insn_length;
93   UChar  li_max_ops_per_insn;
94   UChar  li_default_is_stmt;
95   Int    li_line_base;
96   UChar  li_line_range;
97   UChar  li_opcode_base;
98 }
99 DebugLineInfo;
100 
101 /* Structure holding additional infos found from a .debug_info
102  * compilation unit block */
103 typedef struct
104 {
105   /* Feel free to add more members here if you need ! */
106   DiCursor compdir;  /* Compilation directory - points to .debug_info */
107   DiCursor name;     /* Main file name - points to .debug_info */
108   ULong    stmt_list; /* Offset in .debug_line */
109   Bool     dw64;      /* 64-bit Dwarf? */
110 }
111 UnitInfo;
112 
113 /* Line number opcodes.  */
114 enum dwarf_line_number_ops
115   {
116     DW_LNS_extended_op = 0,
117     DW_LNS_copy = 1,
118     DW_LNS_advance_pc = 2,
119     DW_LNS_advance_line = 3,
120     DW_LNS_set_file = 4,
121     DW_LNS_set_column = 5,
122     DW_LNS_negate_stmt = 6,
123     DW_LNS_set_basic_block = 7,
124     DW_LNS_const_add_pc = 8,
125     DW_LNS_fixed_advance_pc = 9,
126     /* DWARF 3.  */
127     DW_LNS_set_prologue_end = 10,
128     DW_LNS_set_epilogue_begin = 11,
129     DW_LNS_set_isa = 12
130   };
131 
132 /* Line number extended opcodes.  */
133 enum dwarf_line_number_x_ops
134   {
135     DW_LNE_end_sequence = 1,
136     DW_LNE_set_address = 2,
137     DW_LNE_define_file = 3,
138     DW_LNE_set_discriminator = 4
139   };
140 
141 typedef struct
142 {
143   /* Information for the last statement boundary.
144    * Needed to calculate statement lengths. */
145   Addr  last_address;
146   UInt  last_file;
147   UInt  last_line;
148 
149   Addr  address;
150   UInt  file;
151   UInt  line;
152   UInt  column;
153   Int   is_stmt;
154   Int   basic_block;
155   UChar end_sequence;
156 } LineSMR;
157 
158 
159 /* FIXME: duplicated in readdwarf3.c */
160 /* Read a 'leb128' and advance *data accordingly. */
step_leb128(DiCursor * data,Int sign)161 static ULong step_leb128 ( DiCursor* data, Int sign )
162 {
163    ULong  result = 0;
164    Int    shift = 0;
165    UChar  byte;
166 
167    vg_assert(sign == 0 || sign == 1);
168 
169    do {
170       byte = ML_(cur_step_UChar)(data);
171       result |= ((ULong)(byte & 0x7f)) << shift;
172       shift += 7;
173    }
174    while (byte & 0x80);
175 
176    if (sign && (shift < 64) && (byte & 0x40))
177       result |= -(1ULL << shift);
178 
179    return result;
180 }
181 
182 /* FIXME: duplicated in readdwarf3.c */
step_leb128U(DiCursor * data)183 static ULong step_leb128U( DiCursor* data ) {
184    return step_leb128( data, 0 );
185 }
186 
187 /* FIXME: duplicated in readdwarf3.c */
step_leb128S(DiCursor * data)188 static Long step_leb128S( DiCursor* data ) {
189    return step_leb128( data, 1 );
190 }
191 
192 /* Read what the DWARF3 spec calls an "initial length field".  This
193    uses up either 4 or 12 bytes of the input and produces a 32-bit or
194    64-bit number respectively.
195 
196    Read 32-bit value from p.  If it is 0xFFFFFFFF, instead read a
197    64-bit bit value from p+4.  This is used in 64-bit dwarf to encode
198    some table lengths.  Advance the cursor (p) accordingly.
199 
200    XXX this is a hack: the endianness of the initial length field is
201    specified by the DWARF we're reading.  This happens to work only
202    because we don't do cross-arch jitting, hence this code runs on a
203    platform of the same endianness as the DWARF it is reading.  Same
204    applies for initial lengths for CIE/FDEs and probably in zillions
205    of other places -- to be precise, exactly the places where
206    binutils/dwarf.c calls byte_get().
207 */
208 static
step_initial_length_field(DiCursor * p_img,Bool * is64)209 ULong step_initial_length_field ( DiCursor* p_img, /*OUT*/Bool* is64 )
210 {
211    UInt w32 = ML_(cur_step_UInt)(p_img);
212    if (w32 == 0xFFFFFFFF) {
213       *is64 = True;
214       return ML_(cur_step_ULong)(p_img);
215    } else {
216       *is64 = False;
217       return (ULong)w32;
218    }
219 }
220 
221 static
read_initial_length_field(DiCursor p_img,Bool * is64)222 ULong read_initial_length_field ( DiCursor p_img, /*OUT*/Bool* is64 )
223 {
224    /* Something of a roundabout approach .. the modification to p_img
225       is abandoned. */
226    return step_initial_length_field( &p_img, is64 );
227 }
228 
229 
230 static LineSMR state_machine_regs;
231 
232 static
reset_state_machine(Int is_stmt)233 void reset_state_machine ( Int is_stmt )
234 {
235    if (0) VG_(printf)("smr.a := %p (reset)\n", NULL );
236    state_machine_regs.last_address = 0;
237    state_machine_regs.last_file = 1;
238    state_machine_regs.last_line = 1;
239    state_machine_regs.address = 0;
240    state_machine_regs.file = 1;
241    state_machine_regs.line = 1;
242    state_machine_regs.column = 0;
243    state_machine_regs.is_stmt = is_stmt;
244    state_machine_regs.basic_block = 0;
245    state_machine_regs.end_sequence = 0;
246 }
247 
248 ////////////////////////////////////////////////////////////////////
249 ////////////////////////////////////////////////////////////////////
250 
251 /* Handled an extended line op starting at *data, and advance *data
252    accordingly. */
253 static
process_extended_line_op(struct _DebugInfo * di,XArray * fndn_ix_xa,DiCursor * data,Int is_stmt)254 void process_extended_line_op( struct _DebugInfo* di,
255                                XArray* fndn_ix_xa,
256                                DiCursor* data, Int is_stmt)
257 {
258    UInt len = step_leb128U(data);
259    if (len == 0) {
260       VG_(message)(Vg_UserMsg,
261                    "Warning: DWARF2 reader: "
262                    "Badly formed extended line op encountered\n");
263       return;
264    }
265 
266    UChar op_code = ML_(cur_step_UChar)(data);
267    if (0) VG_(printf)("dwarf2: ext OPC: %d\n", op_code);
268 
269    switch (op_code) {
270       case DW_LNE_end_sequence:
271          if (0) VG_(printf)("1001: si->o %#lx, smr.a %#lx\n",
272                             (UWord)di->text_debug_bias,
273                             state_machine_regs.address );
274          /* JRS: added for compliance with spec; is pointless due to
275             reset_state_machine below */
276          state_machine_regs.end_sequence = 1;
277 
278          if (state_machine_regs.is_stmt) {
279             if (state_machine_regs.last_address) {
280                ML_(addLineInfo) (
281                   di,
282                   safe_fndn_ix (fndn_ix_xa,
283                                 state_machine_regs.last_file),
284                   di->text_debug_bias + state_machine_regs.last_address,
285                   di->text_debug_bias + state_machine_regs.address,
286                   state_machine_regs.last_line, 0
287                );
288             }
289          }
290          reset_state_machine (is_stmt);
291          if (di->ddump_line)
292             VG_(printf)("  Extended opcode %d: End of Sequence\n\n",
293                         (Int)op_code);
294          break;
295 
296       case DW_LNE_set_address: {
297          Addr adr = ML_(cur_step_Addr)(data);
298          state_machine_regs.address = adr;
299          if (di->ddump_line)
300             VG_(printf)("  Extended opcode %d: set Address to 0x%lx\n",
301                         (Int)op_code, (Addr)adr);
302          break;
303       }
304 
305       case DW_LNE_define_file: {
306          HChar* name = ML_(cur_step_strdup)(data, "di.pelo.1");
307          UInt fndn_ix = ML_(addFnDn) (di, name, NULL);
308          VG_(addToXA) (fndn_ix_xa, &fndn_ix);
309          ML_(dinfo_free)(name);
310          (void)step_leb128U(data); // ignored: dir index
311          (void)step_leb128U(data); // ignored: mod time
312          (void)step_leb128U(data); // ignored: file size
313          if (di->ddump_line)
314             VG_(printf)("  DWARF2-line: set_address\n");
315          break;
316       }
317 
318       case DW_LNE_set_discriminator:
319          (void)step_leb128U(data); // ignored: new 'discriminator' value
320          break;
321 
322       default:
323          if (di->ddump_line)
324             VG_(printf)("process_extended_line_op:default\n");
325          break;
326    }
327 }
328 
329 ////////////////////////////////////////////////////////////////////
330 ////////////////////////////////////////////////////////////////////
331 
332 /* read a .debug_line section block for a compilation unit
333  *
334  * Input:   - theBlock must point to the start of the block
335  *            for the given compilation unit
336  *          - ui contains additional info like the compilation dir
337  *            for this unit
338  *
339  * Output: - si debug info structures get updated
340  */
341 static
read_dwarf2_lineblock(struct _DebugInfo * di,const UnitInfo * ui,DiCursor theBlock,Int noLargerThan)342 void read_dwarf2_lineblock ( struct _DebugInfo* di,
343                              const UnitInfo* ui,
344                              DiCursor  theBlock, /* IMAGE */
345                              Int       noLargerThan )
346 {
347    Int            i;
348    DebugLineInfo  info;
349    Bool           is64;
350    XArray*        fndn_ix_xa; /* xarray of UInt fndn_ix */
351    UInt           fndn_ix;
352    XArray*        dirname_xa;   /* xarray of const HChar* dirname */
353    const HChar*   dirname;
354 
355    DiCursor       external = theBlock;
356    DiCursor       data = theBlock;
357 
358    /* fndn_ix_xa is an xarray of fndn_ix (indexes in di->fndnpool) which
359       are build from file names harvested from the DWARF2
360       info.  Entry [0] is the "null" pool index and is never referred to
361       by the state machine.
362 
363       Similarly, dirname_xa is an xarray of directory names.  Entry [0]
364       is also NULL and denotes "we don't know what the path is", since
365       that is different from "the path is the empty string".  Unlike
366       the fndn_ix_xa table, the state machine does refer to entry [0],
367       which basically means "." ("the current directory of the
368       compilation", whatever that means, according to the DWARF3
369       spec.)
370    */
371 
372    /* Fails due to gcc padding ...
373    vg_assert(sizeof(DWARF2_External_LineInfo)
374              == sizeof(DWARF2_Internal_LineInfo));
375    */
376 
377    dirname_xa = VG_(newXA) (ML_(dinfo_zalloc), "di.rd2l.1", ML_(dinfo_free),
378                             sizeof(HChar*) );
379    fndn_ix_xa = VG_(newXA) (ML_(dinfo_zalloc), "di.rd2l.2", ML_(dinfo_free),
380                             sizeof(UInt) );
381 
382    /* DWARF2 starts numbering filename entries at 1, so we need to
383       add a dummy zeroth entry to the table. */
384    fndn_ix = 0; // 0 is the "null" index in a fixed pool.
385    VG_(addToXA) (fndn_ix_xa, &fndn_ix);
386 
387    if (ML_(cur_is_valid)(ui->compdir))
388       dirname = ML_(addStrFromCursor)(di, ui->compdir);
389    else
390       dirname = ML_(addStr)(di, ".", -1);
391    VG_(addToXA) (dirname_xa, &dirname);
392 
393    info.li_length = step_initial_length_field( &external, &is64 );
394    if (di->ddump_line)
395       VG_(printf)("  Length:                      %llu\n",
396                   info.li_length);
397 
398    /* Check the length of the block.  */
399    if (info.li_length > noLargerThan) {
400       ML_(symerr)(di, True,
401                   "DWARF line info appears to be corrupt "
402                   "- the section is too small");
403       goto out;
404    }
405 
406    /* Check its version number.  */
407    info.li_version = ML_(cur_step_UShort)(&external);
408    if (di->ddump_line)
409       VG_(printf)("  DWARF Version:               %d\n",
410                   (Int)info.li_version);
411 
412    if (info.li_version != 2 && info.li_version != 3 && info.li_version != 4) {
413       ML_(symerr)(di, True,
414                   "Only DWARF version 2, 3 and 4 line info "
415                   "is currently supported.");
416       goto out;
417    }
418 
419    info.li_header_length = is64 ? ML_(cur_step_ULong)(&external)
420                                 : (ULong)(ML_(cur_step_UInt)(&external));
421    if (di->ddump_line)
422       VG_(printf)("  Prologue Length:             %llu\n",
423                   info.li_header_length);
424 
425    info.li_min_insn_length = ML_(cur_step_UChar)(&external);
426    if (di->ddump_line)
427       VG_(printf)("  Minimum Instruction Length:  %d\n",
428                   (Int)info.li_min_insn_length);
429 
430    /* We only support machines with one opcode per instruction
431       for now. If we ever want to support VLIW machines there is
432       code to handle multiple opcodes per instruction in the
433       patch attached to BZ#233595.
434    */
435    if (info.li_version >= 4) {
436       info.li_max_ops_per_insn = ML_(cur_step_UChar)(&external);
437       if (info.li_max_ops_per_insn != 1) {
438          ML_(symerr)(di, True,
439                      "Invalid Maximum Ops Per Insn in line info.");
440          goto out;
441       }
442       if (di->ddump_line)
443          VG_(printf)("  Maximum Ops Per Insn:        %d\n",
444                   (Int)info.li_max_ops_per_insn);
445    } else {
446       info.li_max_ops_per_insn = 1;
447    }
448 
449    info.li_default_is_stmt = ML_(cur_step_UChar)(&external);
450    if (di->ddump_line)
451       VG_(printf)("  Initial value of 'is_stmt':  %d\n",
452                   (Int)info.li_default_is_stmt);
453 
454    /* Josef Weidendorfer (20021021) writes:
455 
456       It seems to me that the Intel Fortran compiler generates bad
457       DWARF2 line info code: It sets "is_stmt" of the state machine in
458       the line info reader to be always false. Thus, there is never
459       a statement boundary generated and therefore never an instruction
460       range/line number mapping generated for valgrind.
461 
462       Please have a look at the DWARF2 specification, Ch. 6.2
463       (x86.ddj.com/ftp/manuals/tools/dwarf.pdf).  Perhaps I understand
464       this wrong, but I don't think so.
465 
466       I just had a look at the GDB DWARF2 reader...  They completely
467       ignore "is_stmt" when recording line info ;-) That's the reason
468       "objdump -S" works on files from the intel fortran compiler.
469 
470       Therefore: */
471    info.li_default_is_stmt = True;
472 
473    /* JRS: changed (UInt*) to (UChar*) */
474    info.li_line_base = ML_(cur_step_UChar)(&external);
475    info.li_line_base = (Int)(Char)info.li_line_base;
476    if (di->ddump_line)
477       VG_(printf)("  Line Base:                   %d\n",
478                   info.li_line_base);
479 
480    info.li_line_range = ML_(cur_step_UChar)(&external);
481    if (di->ddump_line)
482       VG_(printf)("  Line Range:                  %d\n",
483                   (Int)info.li_line_range);
484 
485    info.li_opcode_base = ML_(cur_step_UChar)(&external);
486    if (di->ddump_line)
487       VG_(printf)("  Opcode Base:                 %d\n\n",
488                   info.li_opcode_base);
489 
490    if (0) VG_(printf)("dwarf2: line base: %d, range %d, opc base: %d\n",
491                       (Int)info.li_line_base,
492                       (Int)info.li_line_range,
493                       (Int)info.li_opcode_base);
494 
495    DiCursor end_of_sequence
496      = ML_(cur_plus)(data, info.li_length + (is64 ? 12 : 4));
497 
498    reset_state_machine (info.li_default_is_stmt);
499 
500    /* Read the contents of the Opcodes table.  */
501    DiCursor standard_opcodes = external;
502    if (di->ddump_line) {
503       VG_(printf)(" Opcodes:\n");
504       for (i = 1; i < (Int)info.li_opcode_base; i++) {
505          VG_(printf)("  Opcode %d has %d args\n",
506                      i, (Int)ML_(cur_read_UChar)(
507                                 ML_(cur_plus)(standard_opcodes,
508                                               (i-1) * sizeof(UChar)) ));
509       }
510       VG_(printf)("\n");
511    }
512    /* skip over "standard_opcode_lengths" */
513    data = ML_(cur_plus)(standard_opcodes, info.li_opcode_base - 1);
514 
515    /* Read the contents of the Directory table.  */
516    if (di->ddump_line)
517       VG_(printf)(" The Directory Table%s\n",
518                   ML_(cur_read_UChar)(data) == 0 ? " is empty." : ":" );
519 
520    while (ML_(cur_read_UChar)(data) != 0) {
521 
522       HChar* data_str = ML_(cur_read_strdup)(data, "di.rd2l.1");
523       if (di->ddump_line)
524          VG_(printf)("  %s\n", data_str);
525 
526       /* If data[0] is '/', then 'data' is an absolute path and we
527          don't mess with it.  Otherwise, construct the
528          path 'ui->compdir' ++ "/" ++ 'data'. */
529 
530       if (data_str[0] != '/'
531           /* not an absolute path */
532           && ML_(cur_is_valid)(ui->compdir)
533           /* actually got something sensible for compdir */
534           && ML_(cur_strlen)(ui->compdir))
535       {
536          HChar* compdir_str = ML_(cur_read_strdup)(ui->compdir, "di.rd2l.1b");
537          SizeT  len = VG_(strlen)(compdir_str) + 1 + VG_(strlen)(data_str);
538          HChar *buf = ML_(dinfo_zalloc)("di.rd2l.1c", len + 1);
539 
540          VG_(strcpy)(buf, compdir_str);
541          VG_(strcat)(buf, "/");
542          VG_(strcat)(buf, data_str);
543 
544          dirname = ML_(addStr)(di, buf, len);
545          VG_(addToXA) (dirname_xa, &dirname);
546          if (0) VG_(printf)("rel path  %s\n", buf);
547          ML_(dinfo_free)(compdir_str);
548          ML_(dinfo_free)(buf);
549       } else {
550          /* just use 'data'. */
551          dirname = ML_(addStr)(di,data_str,-1);
552          VG_(addToXA) (dirname_xa, &dirname);
553          if (0) VG_(printf)("abs path  %s\n", data_str);
554       }
555 
556       data = ML_(cur_plus)(data, VG_(strlen)(data_str) + 1);
557       ML_(dinfo_free)(data_str);
558    }
559 
560    if (di->ddump_line)
561       VG_(printf)("\n");
562 
563    if (ML_(cur_read_UChar)(data) != 0) {
564       ML_(symerr)(di, True,
565                   "can't find NUL at end of DWARF2 directory table");
566       goto out;
567    }
568    data = ML_(cur_plus)(data, 1);
569 
570    /* Read the contents of the File Name table.  This produces a bunch
571       of fndn_ix in fndn_ix_xa. */
572    if (di->ddump_line) {
573       VG_(printf)(" The File Name Table:\n");
574       VG_(printf)("  Entry	Dir	Time	Size	Name\n");
575    }
576 
577    i = 1;
578    while (ML_(cur_read_UChar)(data) != 0) {
579       HChar* name    = ML_(cur_step_strdup)(&data, "di.rd2l.2");
580       Int    diridx  = step_leb128U(&data);
581       Int    uu_time = step_leb128U(&data); /* unused */
582       Int    uu_size = step_leb128U(&data); /* unused */
583 
584       dirname = safe_dirname_ix( dirname_xa, diridx );
585       fndn_ix = ML_(addFnDn) (di, name, dirname);
586       VG_(addToXA) (fndn_ix_xa, &fndn_ix);
587       if (0) VG_(printf)("file %s diridx %d\n", name, diridx );
588       if (di->ddump_line)
589          VG_(printf)("  %d\t%d\t%d\t%d\t%s\n",
590                      i, diridx, uu_time, uu_size, name);
591       i++;
592       ML_(dinfo_free)(name);
593    }
594 
595    if (di->ddump_line)
596       VG_(printf)("\n");
597 
598    if (ML_(cur_read_UChar)(data) != 0) {
599       ML_(symerr)(di, True,
600                   "can't find NUL at end of DWARF2 file name table");
601       goto out;
602    }
603    data = ML_(cur_plus)(data, 1);
604 
605    if (di->ddump_line)
606       VG_(printf)(" Line Number Statements:\n");
607 
608    /* Now display the statements.  */
609 
610    while (ML_(cur_cmpLT)(data, end_of_sequence)) {
611       UChar op_code = ML_(cur_step_UChar)(&data);
612 
613       if (0) VG_(printf)("dwarf2: OPC: %d\n", op_code);
614 
615       if (op_code >= info.li_opcode_base) {
616          op_code -= info.li_opcode_base;
617          Word adv = (op_code / info.li_line_range)
618                        * info.li_min_insn_length;
619          Int advAddr = adv;
620          state_machine_regs.address += adv;
621 
622          if (0) VG_(printf)("smr.a += %#lx\n", (UWord)adv );
623          adv = (op_code % info.li_line_range) + info.li_line_base;
624          if (0) VG_(printf)("1002: di->o %#lx, smr.a %#lx\n",
625                             (UWord)di->text_debug_bias,
626                             state_machine_regs.address );
627          state_machine_regs.line += adv;
628 
629          if (di->ddump_line)
630             VG_(printf)("  Special opcode %d: advance Address by %d "
631                         "to 0x%lx and Line by %d to %d\n",
632                         (Int)op_code, advAddr, state_machine_regs.address,
633                         (Int)adv, (Int)state_machine_regs.line );
634 
635          if (state_machine_regs.is_stmt) {
636             /* only add a statement if there was a previous boundary */
637             if (state_machine_regs.last_address) {
638                ML_(addLineInfo)(
639                   di,
640                   safe_fndn_ix (fndn_ix_xa,
641                                 state_machine_regs.last_file),
642                   di->text_debug_bias + state_machine_regs.last_address,
643                   di->text_debug_bias + state_machine_regs.address,
644                   state_machine_regs.last_line,
645                   0
646                );
647             }
648             state_machine_regs.last_address = state_machine_regs.address;
649             state_machine_regs.last_file = state_machine_regs.file;
650             state_machine_regs.last_line = state_machine_regs.line;
651          }
652       }
653 
654       else { /* ! (op_code >= info.li_opcode_base) */
655 
656       switch (op_code) {
657          case DW_LNS_extended_op:
658             process_extended_line_op (
659                        di, fndn_ix_xa,
660                        &data, info.li_default_is_stmt);
661             break;
662 
663          case DW_LNS_copy:
664             if (0) VG_(printf)("1002: di->o %#lx, smr.a %#lx\n",
665                                (UWord)di->text_debug_bias,
666                                state_machine_regs.address );
667             if (state_machine_regs.is_stmt) {
668                /* only add a statement if there was a previous boundary */
669                if (state_machine_regs.last_address) {
670                   ML_(addLineInfo)(
671                      di,
672                      safe_fndn_ix (fndn_ix_xa,
673                                    state_machine_regs.last_file),
674                      di->text_debug_bias + state_machine_regs.last_address,
675                      di->text_debug_bias + state_machine_regs.address,
676                      state_machine_regs.last_line,
677                      0
678                   );
679                }
680                state_machine_regs.last_address = state_machine_regs.address;
681                state_machine_regs.last_file = state_machine_regs.file;
682                state_machine_regs.last_line = state_machine_regs.line;
683             }
684             state_machine_regs.basic_block = 0; /* JRS added */
685             if (di->ddump_line)
686                VG_(printf)("  Copy\n");
687             break;
688 
689          case DW_LNS_advance_pc: {
690             UWord adv = info.li_min_insn_length * step_leb128U(&data);
691             state_machine_regs.address += adv;
692             if (0) VG_(printf)("smr.a += %#lx\n", adv );
693             if (di->ddump_line)
694                VG_(printf)("  Advance PC by %lu to 0x%lx\n",
695                            adv, state_machine_regs.address);
696             break;
697          }
698          case DW_LNS_advance_line: {
699             Word adv = step_leb128S(&data);
700             state_machine_regs.line += adv;
701             if (di->ddump_line)
702                VG_(printf)("  Advance Line by %ld to %d\n",
703                            adv, (Int)state_machine_regs.line);
704             break;
705          }
706          case DW_LNS_set_file: {
707             Word adv = step_leb128U(&data);
708             state_machine_regs.file = adv;
709             if (di->ddump_line)
710                VG_(printf)("  Set File Name to entry %ld in the "
711                            "File Name Table\n", adv);
712             break;
713          }
714          case DW_LNS_set_column: {
715             Word adv = step_leb128U(&data);
716             state_machine_regs.column = adv;
717             if (di->ddump_line)
718                VG_(printf)("  Set column to %ld\n", adv);
719             break;
720          }
721          case DW_LNS_negate_stmt: {
722             Int adv = state_machine_regs.is_stmt;
723             adv = ! adv;
724             state_machine_regs.is_stmt = adv;
725             if (di->ddump_line)
726                VG_(printf)("  DWARF2-line: negate_stmt\n");
727             break;
728          }
729          case DW_LNS_set_basic_block: {
730             state_machine_regs.basic_block = 1;
731             if (di->ddump_line)
732                VG_(printf)("  DWARF2-line: set_basic_block\n");
733             break;
734          }
735          case DW_LNS_const_add_pc: {
736             Word adv = (((255 - info.li_opcode_base) / info.li_line_range)
737                           * info.li_min_insn_length);
738             state_machine_regs.address += adv;
739             if (0) VG_(printf)("smr.a += %#lx\n", (UWord)adv );
740             if (di->ddump_line)
741                VG_(printf)("  Advance PC by constant %ld to 0x%lx\n",
742                            adv, (Addr)state_machine_regs.address);
743             break;
744          }
745          case DW_LNS_fixed_advance_pc: {
746             /* XXX: Need something to get 2 bytes */
747             UWord adv = ML_(cur_step_UShort)(&data);
748             state_machine_regs.address += adv;
749             if (0) VG_(printf)("smr.a += %#lx\n", adv );
750             if (di->ddump_line)
751                VG_(printf)("  DWARF2-line: fixed_advance_pc\n");
752             break;
753          }
754          case DW_LNS_set_prologue_end:
755             if (di->ddump_line)
756                VG_(printf)("  DWARF2-line: set_prologue_end\n");
757             break;
758 
759          case DW_LNS_set_epilogue_begin:
760             if (di->ddump_line)
761                VG_(printf)("  DWARF2-line: set_epilogue_begin\n");
762             break;
763 
764          case DW_LNS_set_isa:
765             (void)step_leb128U(&data);
766             if (di->ddump_line)
767                VG_(printf)("  DWARF2-line: set_isa\n");
768             break;
769 
770          default: {
771             Int j;
772             for (j = (Int)ML_(cur_read_UChar)(
773                              ML_(cur_plus)(standard_opcodes,
774                                            (op_code-1) * sizeof(UChar)));
775                  j > 0 ; --j) {
776                step_leb128U(&data);
777             }
778             if (di->ddump_line)
779                VG_(printf)("  Unknown opcode %d\n", (Int)op_code);
780             break;
781          }
782       } /* switch (op_code) */
783 
784       } /* if (op_code >= info.li_opcode_base) */
785 
786    } /* while (data < end_of_sequence) */
787 
788    if (di->ddump_line)
789       VG_(printf)("\n");
790 
791   out:
792    VG_(deleteXA)(dirname_xa);
793    VG_(deleteXA)(fndn_ix_xa);
794 }
795 
796 ////////////////////////////////////////////////////////////////////
797 ////////////////////////////////////////////////////////////////////
798 
799 /* Return abbrev for given code
800  * Returned cursor points to the tag
801  * */
lookup_abbrev(DiCursor p,ULong acode)802 static DiCursor lookup_abbrev( DiCursor p, ULong acode )
803 {
804    while (1) {
805       ULong code = step_leb128U(&p);
806       if (code == acode)
807          return p;
808       (void)step_leb128U(&p);  /* skip tag */
809       p = ML_(cur_plus)(p,1);  /* skip has_children flag */
810       ULong name;
811       do {
812          name = step_leb128U(&p); /* name */
813          (void)step_leb128U(&p);  /* form */
814       }
815       while (name != 0); /* until name == form == 0 */
816    }
817 }
818 
819 /* Read general information for a particular compile unit block in
820  * the .debug_info section. In particular read the name, compdir and
821  * stmt_list needed to parse the line number information.
822  *
823  * Input: - unitblock is the start of a compilation
824  *          unit block in .debuginfo section
825  *        - debugabbrev is start of .debug_abbrev section
826  *        - debugstr is start of .debug_str section
827  *        - debugstr_alt_img is start of .debug_str section in alt debug file
828  *
829  * Output: Fill members of ui pertaining to the compilation unit:
830  *         - ui->name is the name of the compilation unit
831  *         - ui->compdir is the compilation unit directory
832  *         - ui->stmt_list is the offset in .debug_line section
833  *                for the dbginfos of this compilation unit
834  *
835  * Note : the output strings are not allocated and point
836  * directly to the memory-mapped section.
837  */
838 static
read_unitinfo_dwarf2(UnitInfo * ui,DiCursor unitblock_img,DiCursor debugabbrev_img,DiCursor debugstr_img,DiCursor debugstr_alt_img)839 void read_unitinfo_dwarf2( /*OUT*/UnitInfo* ui,
840                                   DiCursor  unitblock_img,
841                                   DiCursor  debugabbrev_img,
842                                   DiCursor  debugstr_img,
843                                   DiCursor  debugstr_alt_img )
844 {
845    UInt   acode, abcode;
846    ULong  atoffs, blklen;
847    UShort ver;
848 
849    UChar    addr_size;
850    DiCursor p = unitblock_img;
851    DiCursor end_img;
852    DiCursor abbrev_img;
853 
854    VG_(memset)( ui, 0, sizeof( UnitInfo ) );
855    ui->stmt_list = -1LL;
856 
857    /* Read the compilation unit header in .debug_info section - See p 70 */
858 
859    /* This block length */
860    blklen = step_initial_length_field( &p, &ui->dw64 );
861 
862    /* version should be 2, 3 or 4 */
863    ver = ML_(cur_step_UShort)(&p);
864 
865    /* get offset in abbrev */
866    atoffs = ui->dw64 ? ML_(cur_step_ULong)(&p)
867                      : (ULong)(ML_(cur_step_UInt)(&p));
868 
869    /* Address size */
870    addr_size = ML_(cur_step_UChar)(&p);
871 
872    /* End of this block */
873    end_img = ML_(cur_plus)(unitblock_img, blklen + (ui->dw64 ? 12 : 4));
874 
875    /* Abbreviation data for this block */
876    abbrev_img = ML_(cur_plus)(debugabbrev_img, atoffs);
877 
878    /* Read the compilation unit entry - this is always the first DIE.
879     * See DWARF4 para 7.5. */
880    if (ML_(cur_cmpLT)(p, end_img)) {
881       UInt tag;
882 
883       acode = step_leb128U( &p ); /* abbreviation code */
884 
885       /* Read abbreviation header */
886       abcode = step_leb128U( &abbrev_img ); /* abbreviation code */
887       if ( acode != abcode ) {
888          /* This isn't illegal, but somewhat unlikely. Normally the
889           * first abbrev describes the first DIE, the compile_unit.
890           * But maybe this abbrevation data is shared with another
891           * or it is a NULL entry used for padding. See para 7.5.3. */
892          abbrev_img = lookup_abbrev( ML_(cur_plus)(debugabbrev_img, atoffs),
893                                      acode );
894       }
895 
896       tag = step_leb128U( &abbrev_img );
897 
898       if ( tag != 0x0011 /*TAG_compile_unit*/ )
899          return; /* Not a compile unit (might be partial) or broken DWARF. */
900 
901       /* DW_CHILDREN_yes or DW_CHILDREN_no */
902       abbrev_img = ML_(cur_plus)(abbrev_img, 1);
903 
904       /* And loop on entries */
905       for ( ; ; ) {
906          /* Read entry definition */
907          ULong    cval = -1LL;  /* Constant value read */
908          DiCursor sval = DiCursor_INVALID; /* String value read */
909          UInt     name = step_leb128U( &abbrev_img );
910          UInt     form = step_leb128U( &abbrev_img );
911          if (name == 0)
912             break;
913 
914          /* Read data */
915          /* Attributes encoding explained p 71 */
916          if ( form == 0x16 /* FORM_indirect */ )
917             form = step_leb128U( &p );
918          /* Decode form. For most kinds, Just skip the amount of data since
919             we don't use it for now */
920          /* JRS 9 Feb 06: This now handles 64-bit DWARF too.  In
921             64-bit DWARF, lineptr (and loclistptr,macptr,rangelistptr
922             classes) use FORM_data8, not FORM_data4.  Also,
923             FORM_ref_addr and FORM_strp are 64-bit values, not 32-bit
924             values. */
925          /* TJH 27 Apr 10: in DWARF 4 lineptr (and loclistptr,macptr,
926             rangelistptr classes) use FORM_sec_offset which is 64 bits
927             in 64 bit DWARF and 32 bits in 32 bit DWARF. */
928          /* JRS 20 Apr 11: LLVM-2.9 encodes DW_AT_stmt_list using
929             FORM_addr rather than the FORM_data4 that GCC uses.  Hence
930             handle FORM_addr too. */
931          switch( form ) {
932             /* Those cases extract the data properly */
933             case 0x05: /* FORM_data2 */
934                cval = ML_(cur_step_UShort)(&p);
935                break;
936             case 0x06: /* FORM_data4 */
937                cval = ML_(cur_step_UInt)(&p);
938                break;
939             case 0x0e: /* FORM_strp */      /* pointer in .debug_str */
940                /* 2006-01-01: only generate a value if a debug_str
941                   section was found) */
942                if (ML_(cur_is_valid)(debugstr_img) && !ui->dw64)
943                   sval = ML_(cur_plus)(debugstr_img, ML_(cur_read_UInt)(p));
944                if (ML_(cur_is_valid)(debugstr_img) && ui->dw64)
945                   sval = ML_(cur_plus)(debugstr_img, ML_(cur_read_ULong)(p));
946                p = ML_(cur_plus)(p, ui->dw64 ? 8 : 4);
947                break;
948             case 0x08: /* FORM_string */
949                sval = p;
950                p = ML_(cur_plus)(p, ML_(cur_strlen)(p) + 1);
951                break;
952             case 0x0b: /* FORM_data1 */
953                cval = ML_(cur_step_UChar)(&p);
954                break;
955             case 0x17: /* FORM_sec_offset */
956                if (ui->dw64) {
957                  cval = ML_(cur_step_ULong)(&p);
958                } else {
959                  cval = ML_(cur_step_UInt)(&p);
960                };
961                break;
962             case 0x07: /* FORM_data8 */
963                if (ui->dw64) cval = ML_(cur_read_ULong)(p);
964                p = ML_(cur_plus)(p, 8);
965                /* perhaps should assign unconditionally to cval? */
966                break;
967             /* TODO : Following ones just skip data - implement if you need */
968             case 0x01: /* FORM_addr */
969                p = ML_(cur_plus)(p, addr_size);
970                break;
971             case 0x03: /* FORM_block2 */
972                p = ML_(cur_plus)(p, ML_(cur_read_UShort)(p) + 2);
973                break;
974             case 0x04: /* FORM_block4 */
975                p = ML_(cur_plus)(p, ML_(cur_read_UInt)(p) + 4);
976                break;
977             case 0x09:   /* FORM_block */     /* fallthrough */
978             case 0x18: { /* FORM_exprloc */
979                ULong block_len = step_leb128U(&p);
980                p = ML_(cur_plus)(p, block_len);
981                break;
982             }
983             case 0x0a: /* FORM_block1 */
984                p = ML_(cur_plus)(p, ML_(cur_read_UChar)(p) + 1);
985                break;
986             case 0x0c: /* FORM_flag */
987                p = ML_(cur_plus)(p, 1);
988                break;
989             case 0x0d: /* FORM_sdata */
990                (void)step_leb128S(&p);
991                break;
992             case 0x0f: /* FORM_udata */
993                (void)step_leb128U(&p);
994                break;
995             case 0x10: /* FORM_ref_addr */
996                p = ML_(cur_plus)(p, (ver == 2) ? addr_size
997                                                : (ui->dw64 ? 8 : 4));
998                break;
999             case 0x11: /* FORM_ref1 */
1000                p = ML_(cur_plus)(p, 1);
1001                break;
1002             case 0x12: /* FORM_ref2 */
1003                p = ML_(cur_plus)(p, 2);
1004                break;
1005             case 0x13: /* FORM_ref4 */
1006                p = ML_(cur_plus)(p, 4);
1007                break;
1008             case 0x14: /* FORM_ref8 */
1009                p = ML_(cur_plus)(p, 8);
1010                break;
1011             case 0x15: /* FORM_ref_udata */
1012                (void)step_leb128U(&p);
1013                break;
1014             case 0x19: /* FORM_flag_present */
1015                break;
1016             case 0x20: /* FORM_ref_sig8 */
1017                p = ML_(cur_plus)(p, 8);
1018                break;
1019             case 0x1f20: /* FORM_GNU_ref_alt */
1020                p = ML_(cur_plus)(p, ui->dw64 ? 8 : 4);
1021                break;
1022             case 0x1f21: /* FORM_GNU_strp_alt */
1023                if (ML_(cur_is_valid)(debugstr_alt_img) && !ui->dw64)
1024                   sval = ML_(cur_plus)(debugstr_alt_img,
1025                                        ML_(cur_read_UInt)(p));
1026                if (ML_(cur_is_valid)(debugstr_alt_img) && ui->dw64)
1027                   sval = ML_(cur_plus)(debugstr_alt_img,
1028                                        ML_(cur_read_ULong)(p));
1029                p = ML_(cur_plus)(p, ui->dw64 ? 8 : 4);
1030                break;
1031 
1032             default:
1033                VG_(printf)( "### unhandled dwarf2 abbrev form code 0x%x\n",
1034                             form );
1035                break;
1036          }
1037 
1038          /* Now store the members we need in the UnitInfo structure */
1039          if ( tag == 0x0011 /*TAG_compile_unit*/ ) {
1040                  if ( name == 0x03 ) ui->name = sval;      /* DW_AT_name */
1041             else if ( name == 0x1b ) ui->compdir = sval;   /* DW_AT_compdir */
1042             else if ( name == 0x10 ) ui->stmt_list = cval; /* DW_AT_stmt_list */
1043          }
1044       }
1045    } /* Just read the first DIE, if that wasn't the compile_unit then
1046       * this might have been a partial unit or broken DWARF info.
1047       * That's enough info for us, and we are not gdb ! */
1048 }
1049 
1050 
1051 ////////////////////////////////////////////////////////////////////
1052 ////////////////////////////////////////////////////////////////////
1053 
1054 /* Collect the debug info from DWARF3 debugging sections
1055  * of a given module.
1056  *
1057  * Inputs: given .debug_xxx sections
1058  * Output: update di to contain all the DWARF3 debug infos
1059  */
ML_(read_debuginfo_dwarf3)1060 void ML_(read_debuginfo_dwarf3)
1061         ( struct _DebugInfo* di,
1062           DiSlice escn_debug_info,      /* .debug_info */
1063           DiSlice escn_debug_types,     /* .debug_types */
1064           DiSlice escn_debug_abbv,      /* .debug_abbrev */
1065           DiSlice escn_debug_line,      /* .debug_line */
1066           DiSlice escn_debug_str,       /* .debug_str */
1067           DiSlice escn_debug_str_alt )  /* .debug_str */
1068 {
1069    UnitInfo ui;
1070    UShort   ver;
1071    ULong    blklen;
1072    Bool     blklen_is_64;
1073 
1074    /* Make sure we at least have a header for the first block */
1075    if (escn_debug_info.szB < 4) {
1076       ML_(symerr)( di, True,
1077                    "Last block truncated in .debug_info; ignoring" );
1078       return;
1079    }
1080 
1081    DiCursor block_img = DiCursor_INVALID;
1082    DiCursor end1_img  = ML_(cur_plus)( ML_(cur_from_sli)(escn_debug_info),
1083                                        escn_debug_info.szB );
1084    Int blklen_len = 0;
1085 
1086    /* Iterate on all the blocks we find in .debug_info */
1087    for ( block_img = ML_(cur_from_sli)(escn_debug_info);
1088          ML_(cur_cmpLT)(block_img, ML_(cur_plus)(end1_img, -(DiOffT)4));
1089          block_img = ML_(cur_plus)(block_img, blklen + blklen_len) ) {
1090 
1091       /* Read the compilation unit header in .debug_info section - See
1092          p 70 */
1093       /* This block length */
1094       blklen     = read_initial_length_field( block_img, &blklen_is_64 );
1095       blklen_len = blklen_is_64 ? 12 : 4;
1096 
1097       if (ML_(cur_cmpGT)( ML_(cur_plus)(block_img, blklen + blklen_len),
1098                           end1_img )) {
1099          ML_(symerr)( di, True,
1100                       "Last block truncated in .debug_info; ignoring" );
1101          return;
1102       }
1103 
1104       /* version should be 2 */
1105       ver = ML_(cur_read_UShort)( ML_(cur_plus)(block_img, blklen_len) );
1106       if ( ver != 2 && ver != 3 && ver != 4 ) {
1107          ML_(symerr)( di, True,
1108                       "Ignoring non-Dwarf2/3/4 block in .debug_info" );
1109          continue;
1110       }
1111 
1112       /* Fill ui with offset in .debug_line and compdir */
1113       if (0)
1114          VG_(printf)(
1115             "Reading UnitInfo at 0x%llx.....\n",
1116             (ULong)ML_(cur_minus)( block_img,
1117                                    ML_(cur_from_sli)(escn_debug_info)) );
1118       read_unitinfo_dwarf2( &ui, block_img,
1119                                  ML_(cur_from_sli)(escn_debug_abbv),
1120                                  ML_(cur_from_sli)(escn_debug_str),
1121                                  ML_(cur_from_sli)(escn_debug_str_alt) );
1122       if (0) {
1123          HChar* str_name    = ML_(cur_read_strdup)(ui.name,    "di.rdd3.1");
1124          HChar* str_compdir = ML_(cur_read_strdup)(ui.compdir, "di.rdd3.2");
1125          VG_(printf)( "   => LINES=0x%llx    NAME=%s     DIR=%s\n",
1126                       ui.stmt_list, str_name, str_compdir );
1127          ML_(dinfo_free)(str_name);
1128          ML_(dinfo_free)(str_compdir);
1129       }
1130 
1131       /* Ignore blocks with no .debug_line associated block */
1132       if ( ui.stmt_list == -1LL )
1133          continue;
1134 
1135       if (0) {
1136          HChar* str_name = ML_(cur_read_strdup)(ui.name, "di.rdd3.3");
1137          VG_(printf)("debug_line_sz %llu, ui.stmt_list %llu  %s\n",
1138                      escn_debug_line.szB, ui.stmt_list, str_name );
1139          ML_(dinfo_free)(str_name);
1140       }
1141 
1142       /* Read the .debug_line block for this compile unit */
1143       read_dwarf2_lineblock(
1144          di, &ui,
1145          ML_(cur_plus)(ML_(cur_from_sli)(escn_debug_line), ui.stmt_list),
1146          escn_debug_line.szB  - ui.stmt_list
1147       );
1148    }
1149 }
1150 
1151 
1152 ////////////////////////////////////////////////////////////////////
1153 ////////////////////////////////////////////////////////////////////
1154 
1155 /*------------------------------------------------------------*/
1156 /*--- Read DWARF1 format line number info.                 ---*/
1157 /*------------------------------------------------------------*/
1158 
1159 /* DWARF1 appears to be redundant, but nevertheless the Lahey Fortran
1160    compiler generates it.
1161 */
1162 
1163 /* The following three enums (dwarf_tag, dwarf_form, dwarf_attribute)
1164    are taken from the file include/elf/dwarf.h in the GNU gdb-6.0
1165    sources, which are Copyright 1992, 1993, 1995, 1999 Free Software
1166    Foundation, Inc and naturally licensed under the GNU General Public
1167    License version 2 or later.
1168 */
1169 
1170 /* Tag names and codes.  */
1171 
1172 enum dwarf_tag {
1173     TAG_padding			= 0x0000,
1174     TAG_array_type		= 0x0001,
1175     TAG_class_type		= 0x0002,
1176     TAG_entry_point		= 0x0003,
1177     TAG_enumeration_type	= 0x0004,
1178     TAG_formal_parameter	= 0x0005,
1179     TAG_global_subroutine	= 0x0006,
1180     TAG_global_variable		= 0x0007,
1181     				/* 0x0008 -- reserved */
1182 				/* 0x0009 -- reserved */
1183     TAG_label			= 0x000a,
1184     TAG_lexical_block		= 0x000b,
1185     TAG_local_variable		= 0x000c,
1186     TAG_member			= 0x000d,
1187 				/* 0x000e -- reserved */
1188     TAG_pointer_type		= 0x000f,
1189     TAG_reference_type		= 0x0010,
1190     TAG_compile_unit		= 0x0011,
1191     TAG_string_type		= 0x0012,
1192     TAG_structure_type		= 0x0013,
1193     TAG_subroutine		= 0x0014,
1194     TAG_subroutine_type		= 0x0015,
1195     TAG_typedef			= 0x0016,
1196     TAG_union_type		= 0x0017,
1197     TAG_unspecified_parameters	= 0x0018,
1198     TAG_variant			= 0x0019,
1199     TAG_common_block		= 0x001a,
1200     TAG_common_inclusion	= 0x001b,
1201     TAG_inheritance		= 0x001c,
1202     TAG_inlined_subroutine	= 0x001d,
1203     TAG_module			= 0x001e,
1204     TAG_ptr_to_member_type	= 0x001f,
1205     TAG_set_type		= 0x0020,
1206     TAG_subrange_type		= 0x0021,
1207     TAG_with_stmt		= 0x0022,
1208 
1209     /* GNU extensions */
1210 
1211     TAG_format_label		= 0x8000,  /* for FORTRAN 77 and Fortran 90 */
1212     TAG_namelist		= 0x8001,  /* For Fortran 90 */
1213     TAG_function_template	= 0x8002,  /* for C++ */
1214     TAG_class_template		= 0x8003   /* for C++ */
1215 };
1216 
1217 /* Form names and codes.  */
1218 
1219 enum dwarf_form {
1220     FORM_ADDR	= 0x1,
1221     FORM_REF	= 0x2,
1222     FORM_BLOCK2	= 0x3,
1223     FORM_BLOCK4	= 0x4,
1224     FORM_DATA2	= 0x5,
1225     FORM_DATA4	= 0x6,
1226     FORM_DATA8	= 0x7,
1227     FORM_STRING	= 0x8
1228 };
1229 
1230 /* Attribute names and codes.  */
1231 
1232 enum dwarf_attribute {
1233     AT_sibling			= (0x0010|FORM_REF),
1234     AT_location			= (0x0020|FORM_BLOCK2),
1235     AT_name			= (0x0030|FORM_STRING),
1236     AT_fund_type		= (0x0050|FORM_DATA2),
1237     AT_mod_fund_type		= (0x0060|FORM_BLOCK2),
1238     AT_user_def_type		= (0x0070|FORM_REF),
1239     AT_mod_u_d_type		= (0x0080|FORM_BLOCK2),
1240     AT_ordering			= (0x0090|FORM_DATA2),
1241     AT_subscr_data		= (0x00a0|FORM_BLOCK2),
1242     AT_byte_size		= (0x00b0|FORM_DATA4),
1243     AT_bit_offset		= (0x00c0|FORM_DATA2),
1244     AT_bit_size			= (0x00d0|FORM_DATA4),
1245 				/* (0x00e0|FORM_xxxx) -- reserved */
1246     AT_element_list		= (0x00f0|FORM_BLOCK4),
1247     AT_stmt_list		= (0x0100|FORM_DATA4),
1248     AT_low_pc			= (0x0110|FORM_ADDR),
1249     AT_high_pc			= (0x0120|FORM_ADDR),
1250     AT_language			= (0x0130|FORM_DATA4),
1251     AT_member			= (0x0140|FORM_REF),
1252     AT_discr			= (0x0150|FORM_REF),
1253     AT_discr_value		= (0x0160|FORM_BLOCK2),
1254 				/* (0x0170|FORM_xxxx) -- reserved */
1255 				/* (0x0180|FORM_xxxx) -- reserved */
1256     AT_string_length		= (0x0190|FORM_BLOCK2),
1257     AT_common_reference		= (0x01a0|FORM_REF),
1258     AT_comp_dir			= (0x01b0|FORM_STRING),
1259         AT_const_value_string	= (0x01c0|FORM_STRING),
1260         AT_const_value_data2	= (0x01c0|FORM_DATA2),
1261         AT_const_value_data4	= (0x01c0|FORM_DATA4),
1262         AT_const_value_data8	= (0x01c0|FORM_DATA8),
1263         AT_const_value_block2	= (0x01c0|FORM_BLOCK2),
1264         AT_const_value_block4	= (0x01c0|FORM_BLOCK4),
1265     AT_containing_type		= (0x01d0|FORM_REF),
1266         AT_default_value_addr	= (0x01e0|FORM_ADDR),
1267         AT_default_value_data2	= (0x01e0|FORM_DATA2),
1268         AT_default_value_data4	= (0x01e0|FORM_DATA4),
1269         AT_default_value_data8	= (0x01e0|FORM_DATA8),
1270         AT_default_value_string	= (0x01e0|FORM_STRING),
1271     AT_friends			= (0x01f0|FORM_BLOCK2),
1272     AT_inline			= (0x0200|FORM_STRING),
1273     AT_is_optional		= (0x0210|FORM_STRING),
1274         AT_lower_bound_ref	= (0x0220|FORM_REF),
1275         AT_lower_bound_data2	= (0x0220|FORM_DATA2),
1276         AT_lower_bound_data4	= (0x0220|FORM_DATA4),
1277         AT_lower_bound_data8	= (0x0220|FORM_DATA8),
1278     AT_private			= (0x0240|FORM_STRING),
1279     AT_producer			= (0x0250|FORM_STRING),
1280     AT_program			= (0x0230|FORM_STRING),
1281     AT_protected		= (0x0260|FORM_STRING),
1282     AT_prototyped		= (0x0270|FORM_STRING),
1283     AT_public			= (0x0280|FORM_STRING),
1284     AT_pure_virtual		= (0x0290|FORM_STRING),
1285     AT_return_addr		= (0x02a0|FORM_BLOCK2),
1286     AT_abstract_origin		= (0x02b0|FORM_REF),
1287     AT_start_scope		= (0x02c0|FORM_DATA4),
1288     AT_stride_size		= (0x02e0|FORM_DATA4),
1289         AT_upper_bound_ref	= (0x02f0|FORM_REF),
1290         AT_upper_bound_data2	= (0x02f0|FORM_DATA2),
1291         AT_upper_bound_data4	= (0x02f0|FORM_DATA4),
1292         AT_upper_bound_data8	= (0x02f0|FORM_DATA8),
1293     AT_virtual			= (0x0300|FORM_STRING),
1294 
1295     /* GNU extensions.  */
1296 
1297     AT_sf_names			= (0x8000|FORM_DATA4),
1298     AT_src_info			= (0x8010|FORM_DATA4),
1299     AT_mac_info			= (0x8020|FORM_DATA4),
1300     AT_src_coords		= (0x8030|FORM_DATA4),
1301     AT_body_begin		= (0x8040|FORM_ADDR),
1302     AT_body_end			= (0x8050|FORM_ADDR)
1303 };
1304 
1305 /* end of enums taken from gdb-6.0 sources */
1306 #if 0
1307 void ML_(read_debuginfo_dwarf1) (
1308         struct _DebugInfo* di,
1309         UChar* dwarf1d, Int dwarf1d_sz,
1310         UChar* dwarf1l, Int dwarf1l_sz )
1311 {
1312    UInt   stmt_list;
1313    Bool   stmt_list_found;
1314    Int    die_offset, die_szb, at_offset;
1315    UShort die_kind, at_kind;
1316    UChar* at_base;
1317    HChar* src_filename;
1318 
1319    if (0)
1320       VG_(printf)("read_debuginfo_dwarf1 ( %p, %d, %p, %d )\n",
1321 	          dwarf1d, dwarf1d_sz, dwarf1l, dwarf1l_sz );
1322 
1323    /* This loop scans the DIEs. */
1324    die_offset = 0;
1325    while (True) {
1326       if (die_offset >= dwarf1d_sz) break;
1327 
1328       die_szb  = ML_(read_Int)(dwarf1d + die_offset);
1329       die_kind = ML_(read_UShort)(dwarf1d + die_offset + 4);
1330 
1331       /* We're only interested in compile_unit DIEs; ignore others. */
1332       if (die_kind != TAG_compile_unit) {
1333          die_offset += die_szb;
1334          continue;
1335       }
1336 
1337       if (0)
1338          VG_(printf)("compile-unit DIE: offset %d, tag 0x%x, size %d\n",
1339                      die_offset, (Int)die_kind, die_szb );
1340 
1341       /* We've got a compile_unit DIE starting at (dwarf1d +
1342          die_offset+6).  Try and find the AT_name and AT_stmt_list
1343          attributes.  Then, finally, we can read the line number info
1344          for this source file. */
1345 
1346       /* The next 3 are set as we find the relevant attrs. */
1347       src_filename    = NULL;
1348       stmt_list_found = False;
1349       stmt_list       = 0;
1350 
1351       /* This loop scans the Attrs inside compile_unit DIEs. */
1352       at_base = dwarf1d + die_offset + 6;
1353       at_offset = 0;
1354       while (True) {
1355          if (at_offset >= die_szb-6) break;
1356 
1357          at_kind = ML_(read_UShort)(at_base + at_offset);
1358          if (0) VG_(printf)("atoffset %d, attag 0x%x\n",
1359                             at_offset, (Int)at_kind );
1360          at_offset += 2; /* step over the attribute itself */
1361 	 /* We have to examine the attribute to figure out its
1362             length. */
1363          switch (at_kind) {
1364             case AT_stmt_list:
1365             case AT_language:
1366             case AT_sibling:
1367                if (at_kind == AT_stmt_list) {
1368                   stmt_list_found = True;
1369                   stmt_list = ML_(read_Int)(at_base+at_offset);
1370                }
1371                at_offset += 4; break;
1372             case AT_high_pc:
1373             case AT_low_pc:
1374                at_offset += sizeof(void*); break;
1375             case AT_name:
1376             case AT_producer:
1377             case AT_comp_dir:
1378                /* Zero terminated string, step over it. */
1379                if (at_kind == AT_name)
1380                  src_filename = (HChar *)(at_base + at_offset);
1381                while (at_offset < die_szb-6 && at_base[at_offset] != 0)
1382                   at_offset++;
1383                at_offset++;
1384                break;
1385             default:
1386                VG_(printf)("Unhandled DWARF-1 attribute 0x%x\n",
1387                            (Int)at_kind );
1388                VG_(core_panic)("Unhandled DWARF-1 attribute");
1389          } /* switch (at_kind) */
1390       } /* looping over attributes */
1391 
1392       /* So, did we find the required stuff for a line number table in
1393          this DIE?  If yes, read it. */
1394       if (stmt_list_found /* there is a line number table */
1395           && src_filename != NULL /* we know the source filename */
1396          ) {
1397          /* Table starts:
1398                Length:
1399                   4 bytes, includes the entire table
1400                Base address:
1401                   unclear (4? 8?), assuming native pointer size here.
1402             Then a sequence of triples
1403                (source line number -- 32 bits
1404                 source line column -- 16 bits
1405                 address delta -- 32 bits)
1406 	 */
1407          Addr   base;
1408 	 Int    len;
1409          HChar* curr_filenm;
1410          UChar* ptr;
1411          UInt   prev_line, prev_delta;
1412 
1413          curr_filenm = ML_(addStr) ( di, src_filename, -1 );
1414          prev_line = prev_delta = 0;
1415 
1416          ptr = dwarf1l + stmt_list;
1417          len  = ML_(read_Int)(ptr);  ptr += sizeof(Int);
1418          base = ML_(read_Addr)(ptr); ptr += sizeof(void*);
1419          len -= (sizeof(Int) + sizeof(void*));
1420          while (len > 0) {
1421             UInt   line;
1422             UShort col;
1423             UInt   delta;
1424             line = ML_(read_UInt)(ptr);    ptr += sizeof(UInt);
1425             col  = ML_(read_UShort)(ptr);  ptr += sizeof(UShort);
1426             delta = ML_(read_UInt)(ptr);   ptr += sizeof(UInt);
1427 	    if (0) VG_(printf)("line %d, col %d, delta %d\n",
1428                                line, (Int)col, delta );
1429             len -= (sizeof(UInt) + sizeof(UShort) + sizeof(UInt));
1430 
1431 	    if (delta > 0 && prev_line > 0) {
1432 	       if (0) VG_(printf) ("     %d  %d-%d\n",
1433                                    prev_line, prev_delta, delta-1);
1434 	       ML_(addLineInfo) ( di, curr_filenm, NULL,
1435 		 	          base + prev_delta, base + delta,
1436 			          prev_line, 0 );
1437 	    }
1438 	    prev_line = line;
1439 	    prev_delta = delta;
1440 	 }
1441       }
1442 
1443       /* Move on the next DIE. */
1444       die_offset += die_szb;
1445 
1446    } /* Looping over DIEs */
1447 
1448 }
1449 #endif
1450 
1451 /*------------------------------------------------------------*/
1452 /*--- Read call-frame info from an .eh_frame section       ---*/
1453 /*------------------------------------------------------------*/
1454 
1455 /* Sources of info:
1456 
1457    The DWARF3 spec, available from http://www.dwarfstd.org/Download.php
1458 
1459    This describes how to read CFA data from .debug_frame sections.
1460    So as to maximise everybody's annoyance and confusion, .eh_frame
1461    sections are almost the same as .debug_frame sections, but differ
1462    in a few subtle and ill documented but important aspects.
1463 
1464    Generic ELF Specification, sections 7.5 (DWARF Extensions) and 7.6
1465    (Exception Frames), available from
1466 
1467    http://www.linux-foundation.org/spec/book/ELF-generic/ELF-generic.html
1468 
1469    This really does describe .eh_frame, at least the aspects that
1470    differ from standard DWARF3.  It's better than guessing, and
1471    (marginally) more fun than reading the gdb source code.
1472 */
1473 
1474 /* Useful info ..
1475 
1476    In general:
1477    gdb-6.3/gdb/dwarf2-frame.c
1478 
1479    gdb-6.3/gdb/i386-tdep.c:
1480 
1481    DWARF2/GCC uses the stack address *before* the function call as a
1482    frame's CFA.  [jrs: I presume this means %esp before the call as
1483    the CFA].
1484 
1485    JRS: on amd64, the dwarf register numbering is, as per
1486    gdb-6.3/gdb/amd64-tdep.c and also amd64-abi-0.98.pdf:
1487 
1488       0    1    2    3    4    5    6    7
1489       RAX  RDX  RCX  RBX  RSI  RDI  RBP  RSP
1490 
1491       8  ...  15
1492       R8 ... R15
1493 
1494       16 is the return address (RIP)
1495       "The table defines Return Address to have a register number,
1496       even though the address is stored in 0(%rsp) and not in a
1497       physical register."
1498 
1499       17   ...   24
1500       XMM0 ... XMM7
1501 
1502       25   ...    32
1503       XMM8 ... XMM15
1504 
1505       33   ...   40
1506       ST0  ...  ST7
1507 
1508       41   ...   48
1509       MM0  ...  MM7
1510 
1511       49                  RFLAGS
1512       50,51,52,53,54,55   ES,CS,SS,DS,FS,GS
1513       58                  FS.BASE  (what's that?)
1514       59                  GS.BASE  (what's that?)
1515       62                  TR (task register)
1516       63                  LDTR (LDT register)
1517       64                  MXCSR
1518       65                  FCW (x87 control word)
1519       66                  FSW (x86 status word)
1520 
1521    On x86 I cannot find any documentation.  It _appears_ to be the
1522    actual instruction encoding, viz:
1523 
1524       0    1    2    3    4    5    6    7
1525       EAX  ECX  EDX  EBX  ESP  EBP  ESI  EDI
1526 
1527       8 is the return address (EIP) */
1528 
1529 
1530 /* Comments re DW_CFA_set_loc, 16 Nov 06.
1531 
1532    JRS:
1533    Someone recently sent me a libcrypto.so.0.9.8 as distributed with
1534    Ubuntu of some flavour, compiled with gcc 4.1.2 on amd64.  It
1535    causes V's CF reader to complain a lot:
1536 
1537    >> --19976-- DWARF2 CFI reader: unhandled CFI instruction 0:24
1538    >> --19976-- DWARF2 CFI reader: unhandled CFI instruction 0:24
1539    >> --19976-- DWARF2 CFI reader: unhandled CFI instruction 0:24
1540    >> --19976-- DWARF2 CFI reader: unhandled CFI instruction 0:24
1541    >> --19976-- DWARF2 CFI reader: unhandled CFI instruction 0:48
1542    >> --19976-- DWARF2 CFI reader: unhandled CFI instruction 0:24
1543 
1544    After chasing this around a bit it seems that the CF bytecode
1545    parser lost sync at a DW_CFA_set_loc, which has a single argument
1546    denoting an address.
1547 
1548    As it stands that address is extracted by read_Addr().  On amd64
1549    that just fetches 8 bytes regardless of anything else.
1550 
1551    read_encoded_Addr() is more sophisticated.  This appears to take
1552    into account some kind of encoding flag.  When I replace the uses
1553    of read_Addr by read_encoded_Addr for DW_CFA_set_loc, the
1554    complaints go away, there is no loss of sync, and the parsed CF
1555    instructions are the same as shown by readelf --debug-dump=frames.
1556 
1557    So it seems a plausible fix.  The problem is I looked in the DWARF3
1558    spec and completely failed to figure out whether or not the arg to
1559    DW_CFA_set_loc is supposed to be encoded in a way suitable for
1560    read_encoded_Addr, nor for that matter any description of what it
1561    is that read_encoded_Addr is really decoding.
1562 
1563    TomH:
1564    The problem is that the encoding is not standard - the eh_frame
1565    section uses the same encoding as the dwarf_frame section except
1566    for a few small changes, and this is one of them. So this is not
1567    something the DWARF standard covers.
1568 
1569    There is an augmentation string to indicate what is going on though
1570    so that programs can recognise it.
1571 
1572    What we are doing seems to match what gdb 6.5 and libdwarf 20060614
1573    do though. I'm not sure about readelf though.
1574 
1575    (later): Well dwarfdump barfs on it:
1576 
1577       dwarfdump ERROR:  dwarf_get_fde_info_for_reg:
1578                         DW_DLE_DF_FRAME_DECODING_ERROR(193) (193)
1579 
1580    I've looked at binutils as well now, and the code in readelf agrees
1581    with your patch - ie it treats set_loc as having an encoded address
1582    if there is a zR augmentation indicating an encoding.
1583 
1584    Quite why gdb and libdwarf don't understand this is an interesting
1585    question...
1586 
1587    Final outcome: all uses of read_Addr were replaced by
1588    read_encoded_Addr.  A new type AddressDecodingInfo was added to
1589    make it relatively clean to plumb through the extra info needed by
1590    read_encoded_Addr.
1591 */
1592 
1593 /* More badness re address encoding, 12 Jan 07.
1594 
1595    Most gcc provided CIEs have a "zR" augmentation, which means they
1596    supply their own address encoding, and that works fine.  However,
1597    some icc9 supplied CIEs have no augmentation, which means they use
1598    the default_Addr_encoding().  That says to use a machine-word sized
1599    value, literally unmodified.
1600 
1601    Since .so's are, in general, relocated when loaded, having absolute
1602    addresses in the CFI data makes no sense when read_encoded_Addr is
1603    used to find the initial location for a FDE.  The resulting saga:
1604 
1605    TomH:
1606    > I'm chasing a stack backtrace failure for an amd64 .so which was
1607    > created I believe by icc 9.1.  After a while I wound up looking at
1608    > this: (readdwarf.c)
1609    >
1610    >   5083        tom static UChar default_Addr_encoding ( void )
1611    >   3584        tom {
1612    >   3584        tom    switch (sizeof(Addr)) {
1613    >   3584        tom       case 4: return DW_EH_PE_udata4;
1614    >   3584        tom       case 8: return DW_EH_PE_udata8;
1615    >   3584        tom       default: vg_assert(0);
1616    >   3584        tom    }
1617    >   3584        tom }
1618    >
1619    > If a CIE does not have an "augmentation string" (typically "zR") then
1620    > addresses are decoded as described by default_Addr_encoding.  If there
1621    > is an 'R' in the augmentation string then the encoding to use
1622    > is specified by the CIE itself, which works fine with GCC compiled code
1623    > since that always appears to specify zR.
1624 
1625    Correct.
1626 
1627    > Problem is this .so has no augmentation string and so uses the
1628    > default encoding, viz DW_EH_PE_udata8.  That appears to mean
1629    > "read a 64 bit number" and use that as-is (for the starting value
1630    > of the program counter when running the CFA program).
1631 
1632    Strictly speaking the default is DW_EH_PE_absptr, but that amounts
1633    to either udata4 or udata8 depending on the platform's pointer size
1634    which is a shortcut I used.
1635 
1636    > For this .so that gives nonsense (very small) PCs which are later
1637    > rejected by the sanity check which ensures PC ranges fall inside
1638    > the mapped text segment.  It seems like the .so expects to have the
1639    > start VMA of the text segment added on.  This would correspond to
1640    >
1641    >   static UChar default_Addr_encoding ( void )
1642    >   {
1643    >      switch (sizeof(Addr)) {
1644    >         case 4: return DW_EH_PE_textrel + DW_EH_PE_udata4;
1645    >         case 8: return DW_EH_PE_textrel + DW_EH_PE_udata8;
1646    >         default: vg_assert(0);
1647    >      }
1648    >   }
1649 
1650    The problem you're seeing is that you have absolute pointers inside
1651    a shared library, which obviously makes little sense on the face of
1652    things as how would the linker know where the library will be
1653    loaded?
1654 
1655    The answer of course is that it doesn't, so if it points absolute
1656    pointers in the frame unwind data is has to include relocations for
1657    them, and I'm betting that if you look at the relocations in the
1658    library you will there are some for that data.
1659 
1660    That is fine of course when ld.so maps the library - it will
1661    relocate the eh_frame data as it maps it (or prelinking will
1662    already have done so) and when the g++ exception code kicks in and
1663    unwinds the stack it will see relocated data.
1664 
1665    We of course are mapping the section from the ELF file ourselves
1666    and are not applying the relocations, hence the problem you are
1667    seeing.
1668 
1669    Strictly speaking we should apply the relocations but the cheap
1670    solution is essentially to do what you've done - strictly speaking
1671    you should adjust by the difference between the address the library
1672    was linked for and the address it has been loaded at, but a shared
1673    library will normally be linked for address zero I believe. It's
1674    possible that prelinking might change that though?
1675 
1676    JRS:
1677    That all syncs with what I am seeing.
1678 
1679    So what I am inclined to do is:
1680 
1681    - Leave default_Addr_encoding as it is
1682 
1683    - Change read_encoded_Addr's handling of "case DW_EH_PE_absptr" so
1684      it sets base to, as you say, the difference between the address
1685      the library was linked for and the address it has been loaded at
1686      (== the SegInfo's text_bias)
1687 
1688    Does that sound sane?  I think it should even handle the prelinked
1689    case.
1690 
1691    (JRS, later)
1692 
1693    Hmm.  Plausible as it sounds, it doesn't work.  It now produces
1694    bogus backtraces for locations inside the (statically linked)
1695    memcheck executable.
1696 
1697    Besides, there are a couple of other places where read_encoded_Addr
1698    is used -- one of which is used to establish the length of the
1699    address range covered by the current FDE:
1700 
1701          fde_arange = read_encoded_Addr(&nbytes, &adi, data);
1702 
1703    and it doesn't seem to make any sense for read_encoded_Addr to add
1704    on the text segment bias in that context.  The DWARF3 spec says
1705    that both the initial_location and address_range (length) fields
1706    are encoded the same way ("target address"), so it is unclear at
1707    what stage in the process it would be appropriate to relocate the
1708    former but not the latter.
1709 
1710    One unprincipled kludge that does work is the following: just
1711    before handing one of the address range fragments off to
1712    ML_(addDiCfSI) for permanent storage, check its start address.  If
1713    that is very low (less than 2 M), and is far below the mapped text
1714    segment, and adding the text bias would move the fragment entirely
1715    inside the mapped text segment, then do so.  A kind of kludged
1716    last-minute relocation, if you like.
1717 
1718    12 Jan 07: committing said kludge (see kludge_then_addDiCfSI).  If
1719    the situation clarifies, it can easily enough be backed out and
1720    replaced by a better fix.
1721 */
1722 
1723 /* --------------- Decls --------------- */
1724 
1725 #if defined(VGP_x86_linux) || defined(VGP_x86_solaris)
1726 #  define FP_REG         5
1727 #  define SP_REG         4
1728 #  define RA_REG_DEFAULT 8
1729 #elif defined(VGP_amd64_linux) || defined(VGP_amd64_solaris)
1730 #  define FP_REG         6
1731 #  define SP_REG         7
1732 #  define RA_REG_DEFAULT 16
1733 #elif defined(VGP_ppc32_linux)
1734 #  define FP_REG         1
1735 #  define SP_REG         1
1736 #  define RA_REG_DEFAULT 65
1737 #elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1738 #  define FP_REG         1
1739 #  define SP_REG         1
1740 #  define RA_REG_DEFAULT 65
1741 #elif defined(VGP_arm_linux)
1742 #  define FP_REG         12
1743 #  define SP_REG         13
1744 #  define RA_REG_DEFAULT 14
1745 #elif defined(VGP_arm64_linux)
1746 #  define FP_REG         29
1747 #  define SP_REG         31
1748 #  define RA_REG_DEFAULT 30
1749 #elif defined(VGP_x86_darwin)
1750 #  define FP_REG         5
1751 #  define SP_REG         4
1752 #  define RA_REG_DEFAULT 8
1753 #elif defined(VGP_amd64_darwin)
1754 #  define FP_REG         6
1755 #  define SP_REG         7
1756 #  define RA_REG_DEFAULT 16
1757 #elif defined(VGP_s390x_linux)
1758 #  define FP_REG         11    // sometimes s390 has a frame pointer in r11
1759 #  define SP_REG         15    // stack is always r15
1760 #  define RA_REG_DEFAULT 14    // the return address is in r14
1761 #elif defined(VGP_mips32_linux)
1762 #  define FP_REG         30
1763 #  define SP_REG         29
1764 #  define RA_REG_DEFAULT 31
1765 #elif defined(VGP_mips64_linux)
1766 #  define FP_REG         30
1767 #  define SP_REG         29
1768 #  define RA_REG_DEFAULT 31
1769 #elif defined(VGP_tilegx_linux)
1770 #  define FP_REG         52
1771 #  define SP_REG         54
1772 #  define RA_REG_DEFAULT 55
1773 #else
1774 #  error "Unknown platform"
1775 #endif
1776 
1777 /* The number of regs we are prepared to unwind.  The number for
1778    arm-linux (320) seems ludicrously high, but the ARM IHI 0040A page
1779    7 (DWARF for the ARM Architecture) specifies that values up to 320
1780    might exist, for Neon/VFP-v3. */
1781 #if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \
1782      || defined(VGP_ppc64le_linux) || defined(VGP_mips32_linux) \
1783      || defined(VGP_mips64_linux)
1784 # define N_CFI_REGS 72
1785 #elif defined(VGP_arm_linux) || defined(VGP_tilegx_linux)
1786 # define N_CFI_REGS 320
1787 #elif defined(VGP_arm64_linux)
1788 # define N_CFI_REGS 128
1789 #else
1790 # define N_CFI_REGS 20
1791 #endif
1792 
1793 /* Instructions for the automaton */
1794 enum dwarf_cfa_primary_ops
1795   {
1796     DW_CFA_use_secondary = 0,
1797     DW_CFA_advance_loc   = 1,
1798     DW_CFA_offset        = 2,
1799     DW_CFA_restore       = 3
1800   };
1801 
1802 enum dwarf_cfa_secondary_ops
1803   {
1804     DW_CFA_nop                = 0x00,
1805     DW_CFA_set_loc            = 0x01,
1806     DW_CFA_advance_loc1       = 0x02,
1807     DW_CFA_advance_loc2       = 0x03,
1808     DW_CFA_advance_loc4       = 0x04,
1809     DW_CFA_offset_extended    = 0x05,
1810     DW_CFA_restore_extended   = 0x06,
1811     DW_CFA_undefined          = 0x07,
1812     DW_CFA_same_value         = 0x08,
1813     DW_CFA_register           = 0x09,
1814     DW_CFA_remember_state     = 0x0a,
1815     DW_CFA_restore_state      = 0x0b,
1816     DW_CFA_def_cfa            = 0x0c,
1817     DW_CFA_def_cfa_register   = 0x0d,
1818     DW_CFA_def_cfa_offset     = 0x0e,
1819     DW_CFA_def_cfa_expression = 0x0f, /* DWARF3 only */
1820     DW_CFA_expression         = 0x10, /* DWARF3 only */
1821     DW_CFA_offset_extended_sf = 0x11, /* DWARF3 only */
1822     DW_CFA_def_cfa_sf         = 0x12, /* DWARF3 only */
1823     DW_CFA_def_cfa_offset_sf  = 0x13, /* DWARF3 only */
1824     DW_CFA_val_offset         = 0x14, /* DWARF3 only */
1825     DW_CFA_val_offset_sf      = 0x15, /* DWARF3 only */
1826     DW_CFA_val_expression     = 0x16, /* DWARF3 only */
1827     DW_CFA_lo_user            = 0x1c,
1828     DW_CFA_GNU_window_save    = 0x2d, /* GNU extension */
1829     DW_CFA_GNU_args_size      = 0x2e, /* GNU extension */
1830     DW_CFA_GNU_negative_offset_extended = 0x2f, /* GNU extension */
1831     DW_CFA_ORCL_arg_loc       = 0x30, /* Oracle extension */
1832     DW_CFA_hi_user            = 0x3f
1833   };
1834 
1835 #define DW_EH_PE_absptr		0x00
1836 #define DW_EH_PE_omit		0xff
1837 
1838 #define DW_EH_PE_uleb128	0x01
1839 #define DW_EH_PE_udata2		0x02
1840 #define DW_EH_PE_udata4		0x03
1841 #define DW_EH_PE_udata8		0x04
1842 #define DW_EH_PE_sleb128	0x09
1843 #define DW_EH_PE_sdata2		0x0A
1844 #define DW_EH_PE_sdata4		0x0B
1845 #define DW_EH_PE_sdata8		0x0C
1846 #define DW_EH_PE_signed		0x08
1847 
1848 #define DW_EH_PE_pcrel		0x10
1849 #define DW_EH_PE_textrel	0x20
1850 #define DW_EH_PE_datarel	0x30
1851 #define DW_EH_PE_funcrel	0x40
1852 #define DW_EH_PE_aligned	0x50
1853 
1854 #define DW_EH_PE_indirect	0x80
1855 
1856 
1857 /* RegRule and UnwindContext are used temporarily to do the unwinding.
1858    The result is then summarised into a sequence of CfiSIs, if
1859    possible.  UnwindContext effectively holds the state of the
1860    abstract machine whilst it is running.
1861 
1862    The CFA can either be a signed offset from a register,
1863    or an expression:
1864 
1865    CFA = cfa_reg + cfa_off   when UnwindContext.cfa_is_regoff==True
1866        | [[ cfa_expr_id ]]
1867 
1868    When .cfa_is_regoff == True,  cfa_expr_id must be zero
1869    When .cfa_is_regoff == False, cfa_reg must be zero
1870                                  and cfa_off must be zero
1871 
1872    RegRule describes, for each register, how to get its
1873    value in the previous frame, where 'cfa' denotes the cfa
1874    for the frame as a whole:
1875 
1876    RegRule = RR_Undef          -- undefined
1877            | RR_Same           -- same as in previous frame
1878            | RR_CFAOff    arg  -- is at * ( cfa + arg )
1879            | RR_CFAValOff arg  -- is ( cfa + arg )
1880            | RR_Reg       arg  -- is in register 'arg'
1881            | RR_Expr      arg  -- is at * [[ arg ]]
1882            | RR_ValExpr   arg  -- is [[ arg ]]
1883            | RR_Arch           -- dunno
1884 
1885    Note that RR_Expr is redundant since the same can be represented
1886    using RR_ValExpr with an explicit dereference (CfiExpr_Deref) at
1887    the outermost level.
1888 
1889    All expressions are stored in exprs in the containing
1890    UnwindContext.  Since the UnwindContext gets reinitialised for each
1891    new FDE, summarise_context needs to copy out any expressions it
1892    wants to keep into the cfsi_exprs field of the containing SegInfo.
1893 */
1894 typedef
1895    struct {
1896       enum { RR_Undef, RR_Same, RR_CFAOff, RR_CFAValOff,
1897              RR_Reg, /*RR_Expr,*/ RR_ValExpr, RR_Arch } tag;
1898       /* meaning:  int offset for CFAoff/CFAValOff
1899                    reg # for Reg
1900                    expr index for Expr/ValExpr */
1901       Int arg;
1902    }
1903    RegRule;
1904 
ppRegRule(const XArray * exprs,const RegRule * rrule)1905 static void ppRegRule ( const XArray* exprs, const RegRule* rrule )
1906 {
1907    vg_assert(exprs);
1908    switch (rrule->tag) {
1909       case RR_Undef:     VG_(printf)("u  "); break;
1910       case RR_Same:      VG_(printf)("s  "); break;
1911       case RR_CFAOff:    VG_(printf)("c%d ", rrule->arg); break;
1912       case RR_CFAValOff: VG_(printf)("v%d ", rrule->arg); break;
1913       case RR_Reg:       VG_(printf)("r%d ", rrule->arg); break;
1914       case RR_ValExpr:   VG_(printf)("ve{");
1915                          ML_(ppCfiExpr)( exprs, rrule->arg );
1916                          VG_(printf)("} ");
1917                          break;
1918       case RR_Arch:      VG_(printf)("a  "); break;
1919       default:           VG_(core_panic)("ppRegRule");
1920    }
1921 }
1922 
1923 
1924 /* Size of the stack of register unwind rules.  This is only
1925    exceedingly rarely used, so a stack of size 1 should actually work
1926    with almost all compiler-generated CFA. */
1927 #define N_RR_STACK 4
1928 
1929 typedef
1930    struct {
1931       /* Read-only fields (set by the CIE) */
1932       Int     code_a_f;
1933       Int     data_a_f;
1934       Addr    initloc;
1935       Int     ra_reg;
1936       /* The rest of these fields can be modifed by
1937          run_CF_instruction. */
1938       /* The LOC entry */
1939       Addr    loc;
1940       /* We need a stack of these in order to handle
1941          DW_CFA_{remember,restore}_state. */
1942       struct UnwindContextState {
1943           /* The CFA entry.  This can be either reg+/-offset or an expr. */
1944           Bool    cfa_is_regoff; /* True=>is reg+offset; False=>is expr */
1945           Int     cfa_reg;
1946           Int     cfa_off;  /* in bytes */
1947           Int     cfa_expr_ix; /* index into cfa_exprs */
1948           /* Register unwind rules.  */
1949           RegRule reg[N_CFI_REGS];
1950       }
1951       state[N_RR_STACK];
1952       Int     state_sp; /* 0 <= state_sp < N_RR_STACK; points at the
1953                            currently-in-use rule set. */
1954       /* array of CfiExpr, shared by reg[] and cfa_expr_ix */
1955       XArray* exprs;
1956    }
1957    UnwindContext;
1958 
ppUnwindContext(const UnwindContext * ctx)1959 static void ppUnwindContext ( const UnwindContext* ctx )
1960 {
1961    Int j, i;
1962    VG_(printf)("0x%llx: ", (ULong)ctx->loc);
1963    for (j = 0; j <= ctx->state_sp; j++) {
1964       const struct UnwindContextState* ctxs = &ctx->state[j];
1965       VG_(printf)("%s[%d]={ ", j > 0 ? " " : "", j);
1966       if (ctxs->cfa_is_regoff) {
1967          VG_(printf)("%d(r%d) ", ctxs->cfa_off, ctxs->cfa_reg);
1968       } else {
1969          vg_assert(ctx->exprs);
1970          VG_(printf)("{");
1971          ML_(ppCfiExpr)( ctx->exprs, ctxs->cfa_expr_ix );
1972          VG_(printf)("} ");
1973       }
1974       VG_(printf)("{ ");
1975       for (i = 0; i < N_CFI_REGS; i++)
1976          ppRegRule(ctx->exprs, &ctxs->reg[i]);
1977       VG_(printf)("}");
1978    }
1979    VG_(printf)("\n");
1980 }
1981 
initUnwindContext(UnwindContext * ctx)1982 static void initUnwindContext ( /*OUT*/UnwindContext* ctx )
1983 {
1984    Int j, i;
1985    VG_(memset)(ctx, 0, sizeof(*ctx));
1986    /* ctx->code_a_f   = 0;
1987    ctx->data_a_f      = 0;
1988    ctx->initloc       = 0; */
1989    ctx->ra_reg        = RA_REG_DEFAULT;
1990    /* ctx->loc        = 0;
1991    ctx->exprs         = NULL;
1992    ctx->state_sp        = 0; */
1993    for (j = 0; j < N_RR_STACK; j++) {
1994       ctx->state[j].cfa_is_regoff = True;
1995       /* ctx->state[j].cfa_reg    = 0;
1996       ctx->state[j].cfa_off       = 0;
1997       ctx->state[j].cfa_expr_ix   = 0; */
1998       for (i = 0; i < N_CFI_REGS; i++) {
1999          if (RR_Undef != 0)
2000            ctx->state[j].reg[i].tag = RR_Undef;
2001          /* ctx->state[j].reg[i].arg = 0; */
2002       }
2003 #     if defined(VGA_arm)
2004       /* All callee-saved registers (or at least the ones we are
2005          summarising for) should start out as RR_Same, on ARM. */
2006       ctx->state[j].reg[11].tag = RR_Same;
2007       /* ctx->state[j].reg[13].tag = RR_Same; */
2008       ctx->state[j].reg[14].tag = RR_Same;
2009       ctx->state[j].reg[12].tag = RR_Same;
2010       ctx->state[j].reg[7].tag  = RR_Same;
2011       /* this can't be right though: R12 (IP) isn't callee saved. */
2012 #     elif defined(VGA_arm64)
2013       /* Callee-saved registers (that we are interested in) should
2014          start out as RR_Same. */
2015       ctx->state[j].reg[29/*FP*/].tag = RR_Same;
2016       ctx->state[j].reg[30/*LR*/].tag = RR_Same;
2017 #     endif
2018    }
2019 }
2020 
2021 
2022 /* A structure which holds information needed by read_encoded_Addr().
2023 */
2024 typedef
2025    struct {
2026       UChar    encoding;
2027       DiCursor ehframe_image;
2028       Addr     ehframe_avma;
2029       Addr     text_bias;
2030       Addr     got_avma;
2031    }
2032    AddressDecodingInfo;
2033 
2034 
2035 /* ------------ Deal with summary-info records ------------ */
2036 
2037 /* --------------- Summarisation --------------- */
2038 
2039 /* Forward */
2040 static
2041 Int copy_convert_CfiExpr_tree ( XArray* dst, const UnwindContext* srcuc,
2042                                 Int nd );
2043 
2044 /* Summarise ctx into si, if possible.  Returns True if successful.
2045    This is taken to be just after ctx's loc advances; hence the
2046    summary is up to but not including the current loc.  This works
2047    on both x86 and amd64.
2048 */
summarise_context(Addr * base,UInt * len,DiCfSI_m * si_m,Addr loc_start,const UnwindContext * ctx,DebugInfo * debuginfo)2049 static Bool summarise_context(/*OUT*/Addr* base,
2050                               /*OUT*/UInt* len,
2051                               /*OUT*/DiCfSI_m* si_m,
2052                                Addr loc_start,
2053 	                       const UnwindContext* ctx,
2054                                DebugInfo* debuginfo )
2055 {
2056    Int why = 0;
2057    const struct UnwindContextState* ctxs;
2058 
2059    *base = 0;
2060    *len = 0;
2061    VG_(bzero_inline)(si_m, sizeof(*si_m));
2062 
2063 
2064    /* Guard against obviously stupid settings of the reg-rule stack
2065       pointer. */
2066    if (ctx->state_sp < 0)           { why = 8; goto failed; }
2067    if (ctx->state_sp >= N_RR_STACK) { why = 9; goto failed; }
2068    ctxs = &ctx->state[ctx->state_sp];
2069 
2070    /* First, summarise the method for generating the CFA */
2071    if (!ctxs->cfa_is_regoff) {
2072       /* it was set by DW_CFA_def_cfa_expression; try to convert */
2073       XArray *src, *dst;
2074       Int    conv;
2075       src = ctx->exprs;
2076       dst = debuginfo->cfsi_exprs;
2077       if (src && (VG_(sizeXA)(src) > 0) && (!dst)) {
2078          dst = VG_(newXA)( ML_(dinfo_zalloc), "di.ccCt.1", ML_(dinfo_free),
2079                            sizeof(CfiExpr) );
2080          debuginfo->cfsi_exprs = dst;
2081       }
2082       conv = copy_convert_CfiExpr_tree
2083                     ( dst, ctx, ctxs->cfa_expr_ix );
2084       vg_assert(conv >= -1);
2085       if (conv == -1) { why = 6; goto failed; }
2086       si_m->cfa_how = CFIC_EXPR;
2087       si_m->cfa_off = conv;
2088       if (0 && debuginfo->ddump_frames)
2089          ML_(ppCfiExpr)(dst, conv);
2090    }
2091    else
2092    if (ctxs->cfa_is_regoff && ctxs->cfa_reg == SP_REG) {
2093       si_m->cfa_off = ctxs->cfa_off;
2094 #     if defined(VGA_x86) || defined(VGA_amd64) || defined(VGA_s390x) \
2095          || defined(VGA_mips32) || defined(VGA_mips64) \
2096          || defined(VGA_tilegx)
2097       si_m->cfa_how = CFIC_IA_SPREL;
2098 #     elif defined(VGA_arm)
2099       si_m->cfa_how = CFIC_ARM_R13REL;
2100 #     elif defined(VGA_arm64)
2101       si_m->cfa_how = CFIC_ARM64_SPREL;
2102 #     else
2103       si_m->cfa_how = 0; /* invalid */
2104 #     endif
2105    }
2106    else
2107    if (ctxs->cfa_is_regoff && ctxs->cfa_reg == FP_REG) {
2108       si_m->cfa_off = ctxs->cfa_off;
2109 #     if defined(VGA_x86) || defined(VGA_amd64) || defined(VGA_s390x) \
2110          || defined(VGA_mips32) || defined(VGA_mips64) \
2111          || defined(VGA_tilegx)
2112       si_m->cfa_how = CFIC_IA_BPREL;
2113 #     elif defined(VGA_arm)
2114       si_m->cfa_how = CFIC_ARM_R12REL;
2115 #     elif defined(VGA_arm64)
2116       si_m->cfa_how = CFIC_ARM64_X29REL;
2117 #     else
2118       si_m->cfa_how = 0; /* invalid */
2119 #     endif
2120    }
2121 #  if defined(VGA_arm)
2122    else
2123    if (ctxs->cfa_is_regoff && ctxs->cfa_reg == 11/*??_REG*/) {
2124       si_m->cfa_how = CFIC_ARM_R11REL;
2125       si_m->cfa_off = ctxs->cfa_off;
2126    }
2127    else
2128    if (ctxs->cfa_is_regoff && ctxs->cfa_reg == 7/*??_REG*/) {
2129       si_m->cfa_how = CFIC_ARM_R7REL;
2130       si_m->cfa_off = ctxs->cfa_off;
2131    }
2132 #  elif defined(VGA_arm64)
2133    // do we need any arm64 specifics here?
2134 #  endif
2135    else {
2136       why = 1;
2137       goto failed;
2138    }
2139 
2140 #  define SUMMARISE_HOW(_how, _off, _ctxreg)                  \
2141    switch (_ctxreg.tag) {                                     \
2142       case RR_Undef:                                          \
2143          _how = CFIR_UNKNOWN;   _off = 0; break;              \
2144       case RR_Same:                                           \
2145          _how = CFIR_SAME;      _off = 0; break;              \
2146       case RR_CFAOff:                                         \
2147          _how = CFIR_MEMCFAREL; _off = _ctxreg.arg; break;    \
2148       case RR_CFAValOff:                                      \
2149          _how = CFIR_CFAREL;    _off = _ctxreg.arg; break;    \
2150       case RR_ValExpr: {                                      \
2151          XArray *src, *dst;                                   \
2152          Int    conv;                                         \
2153          src = ctx->exprs;                                    \
2154          dst = debuginfo->cfsi_exprs;                         \
2155          if (src && (VG_(sizeXA)(src) > 0) && (!dst)) {       \
2156             dst = VG_(newXA)( ML_(dinfo_zalloc),              \
2157                               "di.ccCt.2",                    \
2158                               ML_(dinfo_free),                \
2159                               sizeof(CfiExpr) );              \
2160             debuginfo->cfsi_exprs = dst;                      \
2161          }                                                    \
2162          conv = copy_convert_CfiExpr_tree                     \
2163                        ( dst, ctx, _ctxreg.arg );             \
2164          vg_assert(conv >= -1);                               \
2165          if (conv == -1) { why = 7; goto failed; }            \
2166          _how = CFIR_EXPR;                                    \
2167          _off = conv;                                         \
2168          if (0 && debuginfo->ddump_frames)                    \
2169             ML_(ppCfiExpr)(dst, conv);                        \
2170          break;                                               \
2171       }                                                       \
2172       default:                                                \
2173          why = 2; goto failed; /* otherwise give up */        \
2174    }
2175 
2176 
2177 #  if defined(VGA_x86) || defined(VGA_amd64)
2178 
2179    /* --- entire tail of this fn specialised for x86/amd64 --- */
2180 
2181    SUMMARISE_HOW(si_m->ra_how, si_m->ra_off,
2182                                ctxs->reg[ctx->ra_reg] );
2183    SUMMARISE_HOW(si_m->bp_how, si_m->bp_off,
2184                                ctxs->reg[FP_REG] );
2185 
2186    /* on x86/amd64, it seems the old %{e,r}sp value before the call is
2187       always the same as the CFA.  Therefore ... */
2188    si_m->sp_how = CFIR_CFAREL;
2189    si_m->sp_off = 0;
2190 
2191    /* also, gcc says "Undef" for %{e,r}bp when it is unchanged.  So
2192       .. */
2193    if (ctxs->reg[FP_REG].tag == RR_Undef)
2194       si_m->bp_how = CFIR_SAME;
2195 
2196    /* knock out some obviously stupid cases */
2197    if (si_m->ra_how == CFIR_SAME)
2198       { why = 3; goto failed; }
2199 
2200    /* bogus looking range?  Note, we require that the difference is
2201       representable in 32 bits. */
2202    if (loc_start >= ctx->loc)
2203       { why = 4; goto failed; }
2204    if (ctx->loc - loc_start > 10000000 /* let's say */)
2205       { why = 5; goto failed; }
2206 
2207    *base = loc_start + ctx->initloc;
2208    *len  = (UInt)(ctx->loc - loc_start);
2209 
2210    return True;
2211 
2212 #  elif defined(VGA_arm)
2213 
2214    /* ---- entire tail of this fn specialised for arm ---- */
2215 
2216    SUMMARISE_HOW(si_m->r14_how, si_m->r14_off,
2217                                 ctxs->reg[14] );
2218 
2219    //SUMMARISE_HOW(si_m->r13_how, si_m->r13_off,
2220    //                             ctxs->reg[13] );
2221 
2222    SUMMARISE_HOW(si_m->r12_how, si_m->r12_off,
2223                                 ctxs->reg[FP_REG] );
2224 
2225    SUMMARISE_HOW(si_m->r11_how, si_m->r11_off,
2226                                 ctxs->reg[11/*FP_REG*/] );
2227 
2228    SUMMARISE_HOW(si_m->r7_how, si_m->r7_off,
2229                                ctxs->reg[7] );
2230 
2231    if (ctxs->reg[14/*LR*/].tag == RR_Same
2232        && ctx->ra_reg == 14/*as we expect it always to be*/) {
2233       /* Generate a trivial CfiExpr, which merely says "r14".  First
2234          ensure this DebugInfo has a cfsi_expr array in which to park
2235          it. */
2236       if (!debuginfo->cfsi_exprs)
2237          debuginfo->cfsi_exprs = VG_(newXA)( ML_(dinfo_zalloc),
2238                                              "di.ccCt.2a",
2239                                              ML_(dinfo_free),
2240                                              sizeof(CfiExpr) );
2241       si_m->ra_off = ML_(CfiExpr_CfiReg)( debuginfo->cfsi_exprs,
2242                                          Creg_ARM_R14);
2243       si_m->ra_how = CFIR_EXPR;
2244    } else {
2245       /* Just summarise it in the normal way */
2246       SUMMARISE_HOW(si_m->ra_how, si_m->ra_off,
2247                                   ctxs->reg[ctx->ra_reg] );
2248    }
2249 
2250    /* on arm, it seems the old r13 (SP) value before the call is
2251       always the same as the CFA.  Therefore ... */
2252    si_m->r13_how = CFIR_CFAREL;
2253    si_m->r13_off = 0;
2254 
2255    /* bogus looking range?  Note, we require that the difference is
2256       representable in 32 bits. */
2257    if (loc_start >= ctx->loc)
2258       { why = 4; goto failed; }
2259    if (ctx->loc - loc_start > 10000000 /* let's say */)
2260       { why = 5; goto failed; }
2261 
2262    *base = loc_start + ctx->initloc;
2263    *len  = (UInt)(ctx->loc - loc_start);
2264 
2265    return True;
2266 
2267 #  elif defined(VGA_arm64)
2268 
2269    /* --- entire tail of this fn specialised for arm64 --- */
2270 
2271    SUMMARISE_HOW(si_m->x30_how, si_m->x30_off, ctxs->reg[30/*LR*/]);
2272    SUMMARISE_HOW(si_m->x29_how, si_m->x29_off, ctxs->reg[29/*FP*/]);
2273 
2274    if (ctxs->reg[30/*LR*/].tag == RR_Same
2275        && ctx->ra_reg == 30/*as we expect it always to be*/) {
2276       /* Generate a trivial CfiExpr, which merely says "x30".  First
2277          ensure this DebugInfo has a cfsi_expr array in which to park
2278          it. */
2279       if (!debuginfo->cfsi_exprs)
2280          debuginfo->cfsi_exprs = VG_(newXA)( ML_(dinfo_zalloc),
2281                                              "di.ccCt.2a-arm64",
2282                                              ML_(dinfo_free),
2283                                              sizeof(CfiExpr) );
2284       si_m->ra_off = ML_(CfiExpr_CfiReg)( debuginfo->cfsi_exprs,
2285                                           Creg_ARM64_X30);
2286       si_m->ra_how = CFIR_EXPR;
2287    } else {
2288       /* Just summarise it in the normal way */
2289       SUMMARISE_HOW(si_m->ra_how, si_m->ra_off, ctxs->reg[ctx->ra_reg]);
2290    }
2291 
2292    /* on arm64, it seems the old SP value before the call is always
2293       the same as the CFA.  Therefore ... */
2294    si_m->sp_how = CFIR_CFAREL;
2295    si_m->sp_off = 0;
2296 
2297    /* bogus looking range?  Note, we require that the difference is
2298       representable in 32 bits. */
2299    if (loc_start >= ctx->loc)
2300       { why = 4; goto failed; }
2301    if (ctx->loc - loc_start > 10000000 /* let's say */)
2302       { why = 5; goto failed; }
2303 
2304    *base = loc_start + ctx->initloc;
2305    *len  = (UInt)(ctx->loc - loc_start);
2306 
2307    return True;
2308 
2309 #  elif defined(VGA_s390x)
2310 
2311    /* --- entire tail of this fn specialised for s390 --- */
2312 
2313    SUMMARISE_HOW(si_m->ra_how, si_m->ra_off,
2314                                ctxs->reg[ctx->ra_reg] );
2315    SUMMARISE_HOW(si_m->fp_how, si_m->fp_off,
2316                                ctxs->reg[FP_REG] );
2317    SUMMARISE_HOW(si_m->sp_how, si_m->sp_off,
2318                                ctxs->reg[SP_REG] );
2319 
2320    /* change some defaults to consumable values */
2321    if (si_m->sp_how == CFIR_UNKNOWN)
2322       si_m->sp_how = CFIR_SAME;
2323 
2324    if (si_m->fp_how == CFIR_UNKNOWN)
2325       si_m->fp_how = CFIR_SAME;
2326 
2327    if (si_m->cfa_how == CFIR_UNKNOWN) {
2328       si_m->cfa_how = CFIC_IA_SPREL;
2329       si_m->cfa_off = 160;
2330    }
2331    if (si_m->ra_how == CFIR_UNKNOWN) {
2332       if (!debuginfo->cfsi_exprs)
2333          debuginfo->cfsi_exprs = VG_(newXA)( ML_(dinfo_zalloc),
2334                                              "di.ccCt.2a",
2335                                              ML_(dinfo_free),
2336                                              sizeof(CfiExpr) );
2337       si_m->ra_how = CFIR_EXPR;
2338       si_m->ra_off = ML_(CfiExpr_CfiReg)( debuginfo->cfsi_exprs,
2339                                           Creg_S390_LR);
2340    }
2341 
2342    /* knock out some obviously stupid cases */
2343    if (si_m->ra_how == CFIR_SAME)
2344       { why = 3; goto failed; }
2345 
2346    /* bogus looking range?  Note, we require that the difference is
2347       representable in 32 bits. */
2348    if (loc_start >= ctx->loc)
2349       { why = 4; goto failed; }
2350    if (ctx->loc - loc_start > 10000000 /* let's say */)
2351       { why = 5; goto failed; }
2352 
2353    *base = loc_start + ctx->initloc;
2354    *len  = (UInt)(ctx->loc - loc_start);
2355 
2356    return True;
2357 
2358 #  elif defined(VGA_mips32) || defined(VGA_mips64)
2359 
2360    /* --- entire tail of this fn specialised for mips --- */
2361 
2362    SUMMARISE_HOW(si_m->ra_how, si_m->ra_off,
2363                                ctxs->reg[ctx->ra_reg] );
2364    SUMMARISE_HOW(si_m->fp_how, si_m->fp_off,
2365                                ctxs->reg[FP_REG] );
2366    SUMMARISE_HOW(si_m->sp_how, si_m->sp_off,
2367                                ctxs->reg[SP_REG] );
2368    si_m->sp_how = CFIR_CFAREL;
2369    si_m->sp_off = 0;
2370 
2371    if (si_m->fp_how == CFIR_UNKNOWN)
2372        si_m->fp_how = CFIR_SAME;
2373    if (si_m->cfa_how == CFIR_UNKNOWN) {
2374       si_m->cfa_how = CFIC_IA_SPREL;
2375       si_m->cfa_off = 160;
2376    }
2377    if (si_m->ra_how == CFIR_UNKNOWN) {
2378       if (!debuginfo->cfsi_exprs)
2379          debuginfo->cfsi_exprs = VG_(newXA)( ML_(dinfo_zalloc),
2380                                              "di.ccCt.2a",
2381                                              ML_(dinfo_free),
2382                                              sizeof(CfiExpr) );
2383       si_m->ra_how = CFIR_EXPR;
2384       si_m->ra_off = ML_(CfiExpr_CfiReg)( debuginfo->cfsi_exprs,
2385                                           Creg_MIPS_RA);
2386    }
2387 
2388    if (si_m->ra_how == CFIR_SAME)
2389       { why = 3; goto failed; }
2390 
2391    if (loc_start >= ctx->loc)
2392       { why = 4; goto failed; }
2393    if (ctx->loc - loc_start > 10000000 /* let's say */)
2394       { why = 5; goto failed; }
2395 
2396    *base = loc_start + ctx->initloc;
2397    *len  = (UInt)(ctx->loc - loc_start);
2398 
2399    return True;
2400 #  elif defined(VGA_tilegx)
2401 
2402    /* --- entire tail of this fn specialised for tilegx --- */
2403 
2404    SUMMARISE_HOW(si_m->ra_how, si_m->ra_off,
2405                                ctxs->reg[ctx->ra_reg] );
2406    SUMMARISE_HOW(si_m->fp_how, si_m->fp_off,
2407                                ctxs->reg[FP_REG] );
2408    SUMMARISE_HOW(si_m->sp_how, si_m->sp_off,
2409                                ctxs->reg[SP_REG] );
2410    si_m->sp_how = CFIR_CFAREL;
2411    si_m->sp_off = 0;
2412 
2413    if (si_m->fp_how == CFIR_UNKNOWN)
2414        si_m->fp_how = CFIR_SAME;
2415    if (si_m->cfa_how == CFIR_UNKNOWN) {
2416       si_m->cfa_how = CFIC_IA_SPREL;
2417       si_m->cfa_off = 160;
2418    }
2419    if (si_m->ra_how == CFIR_UNKNOWN) {
2420       if (!debuginfo->cfsi_exprs)
2421          debuginfo->cfsi_exprs = VG_(newXA)( ML_(dinfo_zalloc),
2422                                              "di.ccCt.2a",
2423                                              ML_(dinfo_free),
2424                                              sizeof(CfiExpr) );
2425       si_m->ra_how = CFIR_EXPR;
2426       si_m->ra_off = ML_(CfiExpr_CfiReg)( debuginfo->cfsi_exprs,
2427                                           Creg_TILEGX_LR);
2428    }
2429 
2430    if (si_m->ra_how == CFIR_SAME)
2431       { why = 3; goto failed; }
2432 
2433    if (loc_start >= ctx->loc)
2434       { why = 4; goto failed; }
2435    if (ctx->loc - loc_start > 10000000 /* let's say */)
2436       { why = 5; goto failed; }
2437 
2438    *base = loc_start + ctx->initloc;
2439    *len  = (UInt)(ctx->loc - loc_start);
2440 
2441    return True;
2442 #  elif defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
2443    /* These don't use CFI based unwinding (is that really true?) */
2444 
2445 #  else
2446 #    error "Unknown arch"
2447 #  endif
2448 
2449    /* --- non-specialised code after this point --- */
2450 
2451 #  undef SUMMARISE_HOW
2452 
2453   failed:
2454    if (VG_(clo_verbosity) > 2 || debuginfo->trace_cfi) {
2455       VG_(message)(Vg_DebugMsg,
2456                   "summarise_context(loc_start = %#lx)"
2457                   ": cannot summarise(why=%d):   \n", loc_start, why);
2458       ppUnwindContext(ctx);
2459    }
2460    return False;
2461 }
2462 
2463 /* Copy the tree rooted at srcuc->exprs node srcix to dstxa, on the
2464    way converting any DwReg regs (regs numbered using the Dwarf scheme
2465    defined by each architecture's ABI) into CfiRegs, which are
2466    platform independent.  If the conversion isn't possible because
2467    there is no equivalent register, return -1.  This has the
2468    undesirable side effect of de-dagifying the input; oh well. */
copy_convert_CfiExpr_tree(XArray * dstxa,const UnwindContext * srcuc,Int srcix)2469 static Int copy_convert_CfiExpr_tree ( XArray*        dstxa,
2470                                        const UnwindContext* srcuc,
2471                                        Int            srcix )
2472 {
2473    CfiExpr* src;
2474    Int      cpL, cpR, cpA;
2475    XArray*  srcxa = srcuc->exprs;
2476    vg_assert(srcxa);
2477    vg_assert(dstxa);
2478    vg_assert(srcix >= 0 && srcix < VG_(sizeXA)(srcxa));
2479 
2480    src = VG_(indexXA)( srcxa, srcix );
2481    switch (src->tag) {
2482       case Cex_Undef:
2483          return ML_(CfiExpr_Undef)( dstxa );
2484       case Cex_Deref:
2485          cpA = copy_convert_CfiExpr_tree( dstxa, srcuc, src->Cex.Deref.ixAddr );
2486          if (cpA == -1)
2487             return -1; /* propagate failure */
2488          return ML_(CfiExpr_Deref)( dstxa, cpA );
2489       case Cex_Const:
2490          return ML_(CfiExpr_Const)( dstxa, src->Cex.Const.con );
2491       case Cex_Binop:
2492          cpL = copy_convert_CfiExpr_tree( dstxa, srcuc, src->Cex.Binop.ixL );
2493          cpR = copy_convert_CfiExpr_tree( dstxa, srcuc, src->Cex.Binop.ixR );
2494          vg_assert(cpL >= -1 && cpR >= -1);
2495          if (cpL == -1 || cpR == -1)
2496             return -1; /* propagate failure */
2497          return ML_(CfiExpr_Binop)( dstxa, src->Cex.Binop.op, cpL, cpR );
2498       case Cex_CfiReg:
2499          /* should not see these in input (are created only by this
2500             conversion step!) */
2501          VG_(core_panic)("copy_convert_CfiExpr_tree: CfiReg in input");
2502       case Cex_DwReg: {
2503          /* This is the only place where the conversion can fail. */
2504          Int dwreg __attribute__((unused));
2505          dwreg = src->Cex.DwReg.reg;
2506 #        if defined(VGA_x86) || defined(VGA_amd64)
2507          if (dwreg == SP_REG)
2508             return ML_(CfiExpr_CfiReg)( dstxa, Creg_IA_SP );
2509          if (dwreg == FP_REG)
2510             return ML_(CfiExpr_CfiReg)( dstxa, Creg_IA_BP );
2511          if (dwreg == srcuc->ra_reg)
2512             return ML_(CfiExpr_CfiReg)( dstxa, Creg_IA_IP ); /* correct? */
2513 #        elif defined(VGA_arm)
2514          if (dwreg == SP_REG)
2515             return ML_(CfiExpr_CfiReg)( dstxa, Creg_ARM_R13 );
2516          if (dwreg == FP_REG)
2517             return ML_(CfiExpr_CfiReg)( dstxa, Creg_ARM_R12 );
2518          if (dwreg == srcuc->ra_reg)
2519            return ML_(CfiExpr_CfiReg)( dstxa, Creg_ARM_R15 ); /* correct? */
2520 #        elif defined(VGA_s390x)
2521          if (dwreg == SP_REG)
2522             return ML_(CfiExpr_CfiReg)( dstxa, Creg_S390_SP );
2523          if (dwreg == FP_REG)
2524             return ML_(CfiExpr_CfiReg)( dstxa, Creg_S390_FP );
2525          if (dwreg == srcuc->ra_reg)
2526             return ML_(CfiExpr_CfiReg)( dstxa, Creg_S390_IA );
2527 #        elif defined(VGA_mips32) || defined(VGA_mips64)
2528          if (dwreg == SP_REG)
2529             return ML_(CfiExpr_CfiReg)( dstxa, Creg_IA_SP );
2530          if (dwreg == FP_REG)
2531             return ML_(CfiExpr_CfiReg)( dstxa, Creg_IA_BP );
2532          if (dwreg == srcuc->ra_reg)
2533             return ML_(CfiExpr_CfiReg)( dstxa, Creg_IA_IP );
2534 #        elif defined(VGA_arm64)
2535          I_die_here;
2536 #        elif defined(VGA_ppc32) || defined(VGA_ppc64be) \
2537             || defined(VGA_ppc64le)
2538 #        elif defined(VGA_tilegx)
2539          if (dwreg == SP_REG)
2540             return ML_(CfiExpr_CfiReg)( dstxa, Creg_TILEGX_SP );
2541          if (dwreg == FP_REG)
2542             return ML_(CfiExpr_CfiReg)( dstxa, Creg_TILEGX_BP );
2543          if (dwreg == srcuc->ra_reg)
2544             return ML_(CfiExpr_CfiReg)( dstxa, Creg_TILEGX_IP );
2545 #        else
2546 #           error "Unknown arch"
2547 #        endif
2548          /* else we must fail - can't represent the reg */
2549          return -1;
2550       }
2551       default:
2552          VG_(core_panic)("copy_convert_CfiExpr_tree: default");
2553    }
2554 }
2555 
2556 
ppUnwindContext_summary(const UnwindContext * ctx)2557 static void ppUnwindContext_summary ( const UnwindContext* ctx )
2558 {
2559    const struct UnwindContextState* ctxs = &ctx->state[ctx->state_sp];
2560 
2561    VG_(printf)("0x%llx-1: ", (ULong)ctx->loc);
2562 
2563    if (ctxs->cfa_reg == SP_REG) {
2564       VG_(printf)("SP/CFA=%d+SP   ", ctxs->cfa_off);
2565    } else
2566    if (ctxs->cfa_reg == FP_REG) {
2567       VG_(printf)("SP/CFA=%d+FP   ", ctxs->cfa_off);
2568    } else {
2569       VG_(printf)("SP/CFA=unknown  ");
2570    }
2571 
2572    VG_(printf)("RA=");
2573    ppRegRule( ctx->exprs, &ctxs->reg[ctx->ra_reg] );
2574 
2575    VG_(printf)("FP=");
2576    ppRegRule( ctx->exprs, &ctxs->reg[FP_REG] );
2577    VG_(printf)("\n");
2578 }
2579 
2580 
2581 /* ------------ Pick apart DWARF2 byte streams ------------ */
2582 
step_le_u_encoded_literal(DiCursor * data,UInt size)2583 static ULong step_le_u_encoded_literal ( DiCursor* data, UInt size )
2584 {
2585    switch (size) {
2586       case 8:  return (ULong)ML_(cur_step_ULong)( data );
2587       case 4:  return (ULong)ML_(cur_step_UInt)( data );
2588       case 2:  return (ULong)ML_(cur_step_UShort)( data );
2589       case 1:  return (ULong)ML_(cur_step_UChar)( data );
2590       default: vg_assert(0); /*NOTREACHED*/ return 0;
2591    }
2592 }
2593 
step_le_s_encoded_literal(DiCursor * data,UInt size)2594 static Long step_le_s_encoded_literal ( DiCursor* data, UInt size )
2595 {
2596    ULong u64 = step_le_u_encoded_literal( data, size );
2597    Long s64;
2598    switch (size) {
2599       case 8:  s64 = u64; break;
2600       case 4:  s64 = u64 << 32; s64 >>= 32; break;
2601       case 2:  s64 = u64 << 48; s64 >>= 48; break;
2602       case 1:  s64 = u64 << 56; s64 >>= 56; break;
2603       default: vg_assert(0); /*NOTREACHED*/ return 0;
2604    }
2605    return s64;
2606 }
2607 
default_Addr_encoding(void)2608 static UChar default_Addr_encoding ( void )
2609 {
2610    switch (sizeof(Addr)) {
2611       case 4: return DW_EH_PE_udata4;
2612       case 8: return DW_EH_PE_udata8;
2613       default: vg_assert(0);
2614    }
2615 }
2616 
size_of_encoded_Addr(UChar encoding)2617 static UInt size_of_encoded_Addr ( UChar encoding )
2618 {
2619    if (encoding == DW_EH_PE_omit)
2620       return 0;
2621 
2622    switch (encoding & 0x07) {
2623       case DW_EH_PE_absptr: return sizeof(Addr);
2624       case DW_EH_PE_udata2: return sizeof(UShort);
2625       case DW_EH_PE_udata4: return sizeof(UInt);
2626       case DW_EH_PE_udata8: return sizeof(ULong);
2627       default: vg_assert(0);
2628    }
2629 }
2630 
step_encoded_Addr(const AddressDecodingInfo * adi,DiCursor * data)2631 static Addr step_encoded_Addr ( const AddressDecodingInfo* adi,
2632                                 /*MOD*/DiCursor* data )
2633 {
2634    /* Regarding the handling of DW_EH_PE_absptr.  DWARF3 says this
2635       denotes an absolute address, hence you would think 'base' is
2636       zero.  However, that is nonsensical (unless relocations are to
2637       be applied to the unwind data before reading it, which sounds
2638       unlikely).  My interpretation is that DW_EH_PE_absptr indicates
2639       an address relative to where the object was loaded (technically,
2640       relative to its stated load VMA, hence the use of text_bias
2641       rather than text_avma).  Hmm, should we use text_bias or
2642       text_avma here?  Not sure.
2643 
2644       This view appears to be supported by DWARF3 spec sec 7.3
2645       "Executable Objects and Shared Objects":
2646 
2647          This requirement makes the debugging information for shared
2648          objects position independent.  Virtual addresses in a shared
2649          object may be calculated by adding the offset to the base
2650          address at which the object was attached.  This offset is
2651          available in the run-time linker's data structures.
2652    */
2653    Addr     base;
2654    Word     offset;
2655    UChar    encoding      = adi->encoding;
2656    DiCursor ehframe_image = adi->ehframe_image;
2657    Addr     ehframe_avma  = adi->ehframe_avma;
2658    Addr     got_avma      = adi->got_avma;
2659 
2660    vg_assert((encoding & DW_EH_PE_indirect) == 0);
2661 
2662    switch (encoding & 0x70) {
2663       case DW_EH_PE_absptr:
2664          base = adi->text_bias;
2665          break;
2666       case DW_EH_PE_pcrel:
2667          base = ehframe_avma + ML_(cur_minus)(*data, ehframe_image);
2668          break;
2669       case DW_EH_PE_datarel:
2670          base = got_avma;
2671          break;
2672       case DW_EH_PE_textrel:
2673          vg_assert(0);
2674          base = /* text base address */ 0;
2675          break;
2676       case DW_EH_PE_funcrel:
2677          base = 0;
2678          break;
2679       case DW_EH_PE_aligned:
2680          base = 0;
2681          offset = ML_(cur_minus)(*data, ehframe_image);
2682          if ((offset % sizeof(Addr)) != 0) {
2683             Word nbytes = sizeof(Addr) - (offset % sizeof(Addr));
2684             *data = ML_(cur_plus)(*data, nbytes);
2685          }
2686          break;
2687       default:
2688          vg_assert(0);
2689    }
2690 
2691    if ((encoding & 0x07) == 0x00)
2692       encoding |= default_Addr_encoding();
2693 
2694    switch (encoding & 0x0f) {
2695       case DW_EH_PE_udata2:
2696          return base + ML_(cur_step_UShort)(data);
2697       case DW_EH_PE_udata4:
2698          return base + ML_(cur_step_UInt)(data);
2699       case DW_EH_PE_udata8:
2700          return base + ML_(cur_step_ULong)(data);
2701       case DW_EH_PE_sdata2:
2702          return base + ML_(cur_step_Short)(data);
2703       case DW_EH_PE_sdata4:
2704          return base + ML_(cur_step_Int)(data);
2705       case DW_EH_PE_sdata8:
2706          return base + ML_(cur_step_Long)(data);
2707       default:
2708          vg_assert2(0, "read encoded address %d\n", encoding & 0x0f);
2709    }
2710 }
2711 
2712 
2713 /* ------------ Run/show DWARF3 expressions ---------- */
2714 
2715 /* Convert the DWARF3 expression in expr[0 .. exprlen-1] into a dag
2716    (of CfiExprs) stored in ctx->exprs, and return the index in
2717    ctx->exprs of the root node.  Or fail in which case return -1. */
2718 /* IMPORTANT: when adding expression forms here, also remember to
2719    add suitable evaluation code in evalCfiExpr in debuginfo.c. */
dwarfexpr_to_dag(const UnwindContext * ctx,DiCursor expr,Int exprlen,Bool push_cfa_at_start,Bool ddump_frames)2720 static Int dwarfexpr_to_dag ( const UnwindContext* ctx,
2721                               DiCursor expr, Int exprlen,
2722                               Bool push_cfa_at_start,
2723                               Bool ddump_frames )
2724 {
2725 #  define N_EXPR_STACK 20
2726 
2727 #  define PUSH(_arg)                               \
2728       do {                                         \
2729          vg_assert(sp >= -1 && sp < N_EXPR_STACK); \
2730          if (sp == N_EXPR_STACK-1)                 \
2731             return -1;                             \
2732          sp++;                                     \
2733          stack[sp] = (_arg);                       \
2734       } while (0)
2735 
2736 #  define POP(_lval)                               \
2737       do {                                         \
2738          vg_assert(sp >= -1 && sp < N_EXPR_STACK); \
2739          if (sp == -1)                             \
2740             return -1;                             \
2741          _lval = stack[sp];                        \
2742          sp--;                                     \
2743       } while (0)
2744 
2745    Int      ix, ix2, reg;
2746    UChar    opcode;
2747    Word     sw;
2748    UWord    uw;
2749    CfiUnop  uop;
2750    CfiBinop bop;
2751    const HChar* opname;
2752 
2753    Int sp; /* # of top element: valid is -1 .. N_EXPR_STACK-1 */
2754    Int stack[N_EXPR_STACK];  /* indices into ctx->exprs */
2755    const struct UnwindContextState* ctxs = &ctx->state[ctx->state_sp];
2756 
2757    XArray*  dst   = ctx->exprs;
2758    DiCursor limit = ML_(cur_plus)(expr, exprlen);
2759 
2760    vg_assert(dst);
2761    vg_assert(exprlen >= 0);
2762 
2763    sp = -1; /* empty */
2764 
2765    /* Synthesise the CFA as a CfiExpr */
2766    if (push_cfa_at_start) {
2767       if (ctxs->cfa_is_regoff) {
2768          /* cfa is reg +/- offset */
2769          ix = ML_(CfiExpr_Binop)( dst,
2770                  Cbinop_Add,
2771                  ML_(CfiExpr_DwReg)( dst, ctxs->cfa_reg ),
2772                  ML_(CfiExpr_Const)( dst, (UWord)(Word)ctxs->cfa_off )
2773               );
2774          PUSH(ix);
2775       } else {
2776          /* CFA is already an expr; use its root node */
2777          PUSH(ctxs->cfa_expr_ix);
2778       }
2779    }
2780 
2781    while (True) {
2782 
2783       vg_assert(sp >= -1 && sp < N_EXPR_STACK);
2784 
2785       if (ML_(cur_cmpGT)(expr, limit)) /* "expr > limit" */
2786          return -1;  /* overrun - something's wrong */
2787 
2788       if (ML_(cur_cmpEQ)(expr, limit)) { /* "expr == limit" */
2789         /* end of expr - return expr on the top of stack. */
2790         if (sp == -1)
2791            return -1; /* stack empty.  Bad. */
2792         else
2793            break;
2794       }
2795 
2796       uop = 0; bop = 0; opname = NULL; /* excessively conservative */
2797 
2798       opcode = ML_(cur_step_UChar)(&expr);
2799       switch (opcode) {
2800 
2801          case DW_OP_lit0 ... DW_OP_lit31:
2802             /* push: literal 0 .. 31 */
2803             sw = (Word)opcode - (Word)DW_OP_lit0;
2804             vg_assert(sw >= 0 && sw <= 31);
2805             PUSH( ML_(CfiExpr_Const)( dst, (UWord)sw ) );
2806             if (ddump_frames)
2807                VG_(printf)("DW_OP_lit%ld", sw);
2808             break;
2809 
2810          case DW_OP_breg0 ... DW_OP_breg31:
2811             /* push: reg + sleb128 */
2812             reg = (Int)opcode - (Int)DW_OP_breg0;
2813             vg_assert(reg >= 0 && reg <= 31);
2814             sw = step_leb128S( &expr );
2815             ix = ML_(CfiExpr_Binop)( dst,
2816                     Cbinop_Add,
2817                     ML_(CfiExpr_DwReg)( dst, reg ),
2818                     ML_(CfiExpr_Const)( dst, (UWord)sw )
2819                  );
2820             PUSH(ix);
2821             if (ddump_frames)
2822                VG_(printf)("DW_OP_breg%d: %ld", reg, sw);
2823             break;
2824 
2825          case DW_OP_reg0 ... DW_OP_reg31:
2826             /* push: reg */
2827             reg = (Int)opcode - (Int)DW_OP_reg0;
2828             vg_assert(reg >= 0 && reg <= 31);
2829             ix = ML_(CfiExpr_DwReg)( dst, reg );
2830             PUSH(ix);
2831             if (ddump_frames)
2832                VG_(printf)("DW_OP_reg%d", reg);
2833             break;
2834 
2835          case DW_OP_plus_uconst:
2836             uw = step_leb128U( &expr );
2837             PUSH( ML_(CfiExpr_Const)( dst, uw ) );
2838             POP( ix );
2839             POP( ix2 );
2840             PUSH( ML_(CfiExpr_Binop)( dst, Cbinop_Add, ix2, ix ) );
2841             if (ddump_frames)
2842                VG_(printf)("DW_OP_plus_uconst: %lu", uw);
2843             break;
2844 
2845          case DW_OP_const4s:
2846             /* push: 32-bit signed immediate */
2847             sw = step_le_s_encoded_literal( &expr, 4 );
2848             PUSH( ML_(CfiExpr_Const)( dst, (UWord)sw ) );
2849             if (ddump_frames)
2850                VG_(printf)("DW_OP_const4s: %ld", sw);
2851             break;
2852 
2853          case DW_OP_const2s:
2854             /* push: 16-bit signed immediate */
2855             sw = step_le_s_encoded_literal( &expr, 2 );
2856             PUSH( ML_(CfiExpr_Const)( dst, (UWord)sw ) );
2857             if (ddump_frames)
2858                VG_(printf)("DW_OP_const2s: %ld", sw);
2859             break;
2860 
2861          case DW_OP_const1s:
2862             /* push: 8-bit signed immediate */
2863             sw = step_le_s_encoded_literal( &expr, 1 );
2864             PUSH( ML_(CfiExpr_Const)( dst, (UWord)sw ) );
2865             if (ddump_frames)
2866                VG_(printf)("DW_OP_const1s: %ld", sw);
2867             break;
2868 
2869          case DW_OP_const1u:
2870             /* push: 8-bit unsigned immediate */
2871             uw = step_le_u_encoded_literal( &expr, 1 );
2872             PUSH( ML_(CfiExpr_Const)( dst, uw ) );
2873             if (ddump_frames)
2874                VG_(printf)("DW_OP_const1: %lu", uw);
2875             break;
2876 
2877          case DW_OP_const2u:
2878             /* push: 16-bit unsigned immediate */
2879             uw = step_le_u_encoded_literal( &expr, 2 );
2880             PUSH( ML_(CfiExpr_Const)( dst, uw ) );
2881             if (ddump_frames)
2882                VG_(printf)("DW_OP_const2: %lu", uw);
2883             break;
2884 
2885          case DW_OP_const4u:
2886             /* push: 32-bit unsigned immediate */
2887             uw = step_le_u_encoded_literal( &expr, 4 );
2888             PUSH( ML_(CfiExpr_Const)( dst, uw ) );
2889             if (ddump_frames)
2890                VG_(printf)("DW_OP_const4: %lu", uw);
2891             break;
2892 
2893          case DW_OP_abs:
2894             uop = Cunop_Abs; opname = "abs"; goto unop;
2895          case DW_OP_neg:
2896             uop = Cunop_Neg; opname = "neg"; goto unop;
2897          case DW_OP_not:
2898             uop = Cunop_Not; opname = "not"; goto unop;
2899          unop:
2900             POP( ix );
2901             PUSH( ML_(CfiExpr_Unop)( dst, uop, ix ) );
2902             if (ddump_frames)
2903                VG_(printf)("DW_OP_%s", opname);
2904             break;
2905 
2906          case DW_OP_minus:
2907             bop = Cbinop_Sub; opname = "minus"; goto binop;
2908          case DW_OP_plus:
2909             bop = Cbinop_Add; opname = "plus"; goto binop;
2910          case DW_OP_and:
2911             bop = Cbinop_And; opname = "and"; goto binop;
2912          case DW_OP_mul:
2913             bop = Cbinop_Mul; opname = "mul"; goto binop;
2914          case DW_OP_shl:
2915             bop = Cbinop_Shl; opname = "shl"; goto binop;
2916          case DW_OP_shr:
2917             bop = Cbinop_Shr; opname = "shr"; goto binop;
2918          case DW_OP_eq:
2919             bop = Cbinop_Eq; opname = "eq"; goto binop;
2920          case DW_OP_ge:
2921             bop = Cbinop_Ge; opname = "ge"; goto binop;
2922          case DW_OP_gt:
2923             bop = Cbinop_Gt; opname = "gt"; goto binop;
2924          case DW_OP_le:
2925             bop = Cbinop_Le; opname = "le"; goto binop;
2926          case DW_OP_lt:
2927             bop = Cbinop_Lt; opname = "lt"; goto binop;
2928          case DW_OP_ne:
2929             bop = Cbinop_Ne; opname = "ne"; goto binop;
2930          binop:
2931             POP( ix );
2932             POP( ix2 );
2933             PUSH( ML_(CfiExpr_Binop)( dst, bop, ix2, ix ) );
2934             if (ddump_frames)
2935                VG_(printf)("DW_OP_%s", opname);
2936             break;
2937 
2938          case DW_OP_deref:
2939             POP( ix );
2940             PUSH( ML_(CfiExpr_Deref)( dst, ix ) );
2941             if (ddump_frames)
2942                VG_(printf)("DW_OP_deref");
2943             break;
2944 
2945          default:
2946             if (!VG_(clo_xml))
2947                VG_(message)(Vg_DebugMsg,
2948                             "Warning: DWARF2 CFI reader: unhandled DW_OP_ "
2949                             "opcode 0x%x\n", (Int)opcode);
2950             return -1;
2951       }
2952 
2953       if (ML_(cur_cmpLT)(expr, limit) && ddump_frames)
2954          VG_(printf)("; ");
2955 
2956    }
2957 
2958    vg_assert(sp >= -1 && sp < N_EXPR_STACK);
2959    if (sp == -1)
2960       return -1;
2961 
2962    if (0 && ddump_frames)
2963       ML_(ppCfiExpr)( dst, stack[sp] );
2964    return stack[sp];
2965 
2966 #  undef POP
2967 #  undef PUSH
2968 #  undef N_EXPR_STACK
2969 }
2970 
2971 
2972 /* ------------ Run/show CFI instructions ------------ */
2973 
2974 /* Run a CFI instruction, and also return its length.
2975    Returns 0 if the instruction could not be executed.
2976 */
run_CF_instruction(UnwindContext * ctx,DiCursor instrIN,const UnwindContext * restore_ctx,const AddressDecodingInfo * adi,const DebugInfo * di)2977 static Int run_CF_instruction ( /*MOD*/UnwindContext* ctx,
2978                                 DiCursor instrIN,
2979                                 const UnwindContext* restore_ctx,
2980                                 const AddressDecodingInfo* adi,
2981                                 const DebugInfo* di )
2982 {
2983    Int      off, reg, reg2, len, j;
2984    UInt     delta;
2985    Addr     printing_bias = ((Addr)ctx->initloc) - ((Addr)di->text_bias);
2986    struct UnwindContextState* ctxs;
2987 
2988    DiCursor instr   = instrIN;
2989    UChar    instr_0 = ML_(cur_step_UChar)(&instr);
2990    UChar    hi2     = (instr_0 >> 6) & 3;
2991    UChar    lo6     = instr_0 & 0x3F;
2992 
2993    if (ctx->state_sp < 0 || ctx->state_sp >= N_RR_STACK)
2994       return 0; /* bogus reg-rule stack pointer */
2995 
2996    ctxs = &ctx->state[ctx->state_sp];
2997    if (hi2 == DW_CFA_advance_loc) {
2998       delta = (UInt)lo6;
2999       delta *= ctx->code_a_f;
3000       ctx->loc += delta;
3001       if (di->ddump_frames)
3002          VG_(printf)("  DW_CFA_advance_loc: %d to %08lx\n",
3003                      (Int)delta, (Addr)ctx->loc + printing_bias);
3004       return ML_(cur_minus)(instr, instrIN);
3005    }
3006 
3007    if (hi2 == DW_CFA_offset) {
3008       /* Set rule for reg 'lo6' to CFAOff(off * data_af) */
3009       off = step_leb128( &instr, 0 );
3010       reg = (Int)lo6;
3011       if (reg < 0 || reg >= N_CFI_REGS)
3012          return 0; /* fail */
3013       ctxs->reg[reg].tag = RR_CFAOff;
3014       ctxs->reg[reg].arg = off * ctx->data_a_f;
3015       if (di->ddump_frames)
3016          VG_(printf)("  DW_CFA_offset: r%d at cfa%s%d\n",
3017                      (Int)reg,
3018                      ctxs->reg[reg].arg < 0 ? "" : "+",
3019                      (Int)ctxs->reg[reg].arg );
3020       return ML_(cur_minus)(instr, instrIN);
3021    }
3022 
3023    if (hi2 == DW_CFA_restore) {
3024       reg = (Int)lo6;
3025       if (reg < 0 || reg >= N_CFI_REGS)
3026          return 0; /* fail */
3027       if (restore_ctx == NULL)
3028          return 0; /* fail */
3029       ctxs->reg[reg] = restore_ctx->state[restore_ctx->state_sp].reg[reg];
3030       if (di->ddump_frames)
3031          VG_(printf)("  DW_CFA_restore: r%d\n", (Int)reg);
3032       return ML_(cur_minus)(instr, instrIN);
3033    }
3034 
3035    vg_assert(hi2 == DW_CFA_use_secondary);
3036 
3037    switch (lo6) {
3038       case DW_CFA_nop:
3039          if (di->ddump_frames)
3040             VG_(printf)("  DW_CFA_nop\n");
3041          break;
3042       case DW_CFA_set_loc:
3043          /* WAS:
3044             ctx->loc = read_Addr(&instr[i]) - ctx->initloc; i+= sizeof(Addr);
3045             Was this ever right? */
3046          /* 2007 Feb 23: No.  binutils/dwarf.c treats it as an encoded
3047             address and that appears to be in accordance with the
3048             DWARF3 spec. */
3049          ctx->loc = step_encoded_Addr(adi, &instr);
3050          if (di->ddump_frames)
3051             VG_(printf)("  rci:DW_CFA_set_loc\n");
3052          break;
3053       case DW_CFA_advance_loc1:
3054          delta = (UInt)ML_(cur_step_UChar)(&instr);
3055          delta *= ctx->code_a_f;
3056          ctx->loc += delta;
3057          if (di->ddump_frames)
3058             VG_(printf)("  DW_CFA_advance_loc1: %d to %08lx\n",
3059                         (Int)delta, (Addr)ctx->loc + printing_bias);
3060          break;
3061       case DW_CFA_advance_loc2:
3062          delta = (UInt)ML_(cur_step_UShort)(&instr);
3063          delta *= ctx->code_a_f;
3064          ctx->loc += delta;
3065          if (di->ddump_frames)
3066             VG_(printf)("  DW_CFA_advance_loc2: %d to %08lx\n",
3067                         (Int)delta, (Addr)ctx->loc + printing_bias);
3068          break;
3069       case DW_CFA_advance_loc4:
3070          delta = (UInt)ML_(cur_step_UInt)(&instr);
3071          delta *= ctx->code_a_f;
3072          ctx->loc += delta;
3073          if (di->ddump_frames)
3074             VG_(printf)("  DW_CFA_advance_loc4: %d to %08lx\n",
3075                         (Int)delta, (Addr)ctx->loc + printing_bias);
3076          break;
3077 
3078       case DW_CFA_def_cfa:
3079          reg = step_leb128( &instr, 0 );
3080          off = step_leb128( &instr, 0 );
3081          if (reg < 0 || reg >= N_CFI_REGS)
3082             return 0; /* fail */
3083          ctxs->cfa_is_regoff = True;
3084          ctxs->cfa_expr_ix   = 0;
3085          ctxs->cfa_reg       = reg;
3086          ctxs->cfa_off       = off;
3087          if (di->ddump_frames)
3088             VG_(printf)("  DW_CFA_def_cfa: r%d ofs %d\n", (Int)reg, (Int)off);
3089          break;
3090 
3091       case DW_CFA_def_cfa_sf:
3092          reg = step_leb128( &instr, 0 );
3093          off = step_leb128( &instr, 1 );
3094          if (reg < 0 || reg >= N_CFI_REGS)
3095             return 0; /* fail */
3096          ctxs->cfa_is_regoff = True;
3097          ctxs->cfa_expr_ix   = 0;
3098          ctxs->cfa_reg       = reg;
3099          ctxs->cfa_off       = off * ctx->data_a_f;
3100          if (di->ddump_frames)
3101             VG_(printf)("  rci:DW_CFA_def_cfa_sf\n");
3102          break;
3103 
3104       case DW_CFA_register:
3105          reg  = step_leb128( &instr, 0 );
3106          reg2 = step_leb128( &instr, 0 );
3107          if (reg < 0 || reg >= N_CFI_REGS)
3108             return 0; /* fail */
3109          if (reg2 < 0 || reg2 >= N_CFI_REGS)
3110             return 0; /* fail */
3111          ctxs->reg[reg].tag = RR_Reg;
3112          ctxs->reg[reg].arg = reg2;
3113          if (di->ddump_frames)
3114             VG_(printf)("  DW_CFA_register: r%d in r%d\n",
3115                         (Int)reg, (Int)reg2);
3116          break;
3117 
3118       case DW_CFA_offset_extended:
3119          reg = step_leb128( &instr, 0 );
3120          off = step_leb128( &instr, 0 );
3121          if (reg < 0 || reg >= N_CFI_REGS)
3122             return 0; /* fail */
3123          ctxs->reg[reg].tag = RR_CFAOff;
3124          ctxs->reg[reg].arg = off * ctx->data_a_f;
3125          if (di->ddump_frames)
3126             VG_(printf)("  rci:DW_CFA_offset_extended\n");
3127          break;
3128 
3129       case DW_CFA_offset_extended_sf:
3130          reg = step_leb128( &instr, 0 );
3131          off = step_leb128( &instr, 1 );
3132          if (reg < 0 || reg >= N_CFI_REGS)
3133             return 0; /* fail */
3134          ctxs->reg[reg].tag = RR_CFAOff;
3135          ctxs->reg[reg].arg = off * ctx->data_a_f;
3136          if (di->ddump_frames)
3137             VG_(printf)("  DW_CFA_offset_extended_sf: r%d at cfa%s%d\n",
3138                         reg,
3139                         ctxs->reg[reg].arg < 0 ? "" : "+",
3140                         (Int)ctxs->reg[reg].arg);
3141          break;
3142 
3143       case DW_CFA_GNU_negative_offset_extended:
3144          reg = step_leb128( &instr, 0 );
3145          off = step_leb128( &instr, 0 );
3146          if (reg < 0 || reg >= N_CFI_REGS)
3147             return 0; /* fail */
3148          ctxs->reg[reg].tag = RR_CFAOff;
3149          ctxs->reg[reg].arg = (-off) * ctx->data_a_f;
3150          if (di->ddump_frames)
3151             VG_(printf)("  rci:DW_CFA_GNU_negative_offset_extended\n");
3152          break;
3153 
3154       case DW_CFA_restore_extended:
3155          reg = step_leb128( &instr, 0 );
3156          if (reg < 0 || reg >= N_CFI_REGS)
3157             return 0; /* fail */
3158 	 if (restore_ctx == NULL)
3159 	    return 0; /* fail */
3160 	 ctxs->reg[reg] = restore_ctx->state[restore_ctx->state_sp].reg[reg];
3161          if (di->ddump_frames)
3162             VG_(printf)("  rci:DW_CFA_restore_extended\n");
3163          break;
3164 
3165       case DW_CFA_val_offset:
3166          reg = step_leb128( &instr, 0 );
3167          off = step_leb128( &instr, 0 );
3168          if (reg < 0 || reg >= N_CFI_REGS)
3169             return 0; /* fail */
3170          ctxs->reg[reg].tag = RR_CFAValOff;
3171          ctxs->reg[reg].arg = off * ctx->data_a_f;
3172          if (di->ddump_frames)
3173             VG_(printf)("  rci:DW_CFA_val_offset\n");
3174          break;
3175 
3176       case DW_CFA_val_offset_sf:
3177          reg = step_leb128( &instr, 0 );
3178          off = step_leb128( &instr, 1 );
3179          if (reg < 0 || reg >= N_CFI_REGS)
3180             return 0; /* fail */
3181          ctxs->reg[reg].tag = RR_CFAValOff;
3182          ctxs->reg[reg].arg = off * ctx->data_a_f;
3183          if (di->ddump_frames)
3184             VG_(printf)("  rci:DW_CFA_val_offset_sf\n");
3185          break;
3186 
3187       case DW_CFA_def_cfa_register:
3188          reg = step_leb128( &instr, 0);
3189          if (reg < 0 || reg >= N_CFI_REGS)
3190             return 0; /* fail */
3191          ctxs->cfa_is_regoff = True;
3192          ctxs->cfa_expr_ix   = 0;
3193          ctxs->cfa_reg       = reg;
3194          /* ->cfa_off unchanged */
3195          if (di->ddump_frames)
3196             VG_(printf)("  DW_CFA_def_cfa_register: r%d\n", (Int)reg );
3197          break;
3198 
3199       case DW_CFA_def_cfa_offset:
3200          off = step_leb128( &instr, 0);
3201          ctxs->cfa_is_regoff = True;
3202          ctxs->cfa_expr_ix   = 0;
3203          /* ->reg is unchanged */
3204          ctxs->cfa_off       = off;
3205          if (di->ddump_frames)
3206             VG_(printf)("  DW_CFA_def_cfa_offset: %d\n", (Int)off);
3207          break;
3208 
3209       case DW_CFA_def_cfa_offset_sf:
3210          off = step_leb128( &instr, 1);
3211          ctxs->cfa_is_regoff = True;
3212          ctxs->cfa_expr_ix   = 0;
3213          /* ->reg is unchanged */
3214          ctxs->cfa_off       = off * ctx->data_a_f;
3215          if (di->ddump_frames)
3216             VG_(printf)("  DW_CFA_def_cfa_offset_sf: %d\n", ctxs->cfa_off);
3217          break;
3218 
3219       case DW_CFA_undefined:
3220          reg = step_leb128( &instr, 0);
3221          if (reg < 0 || reg >= N_CFI_REGS)
3222             return 0; /* fail */
3223          ctxs->reg[reg].tag = RR_Undef;
3224          ctxs->reg[reg].arg = 0;
3225          if (di->ddump_frames)
3226             VG_(printf)("  rci:DW_CFA_undefined\n");
3227          break;
3228 
3229       case DW_CFA_same_value:
3230          reg = step_leb128( &instr, 0);
3231          if (reg < 0 || reg >= N_CFI_REGS)
3232             return 0; /* fail */
3233          ctxs->reg[reg].tag = RR_Same;
3234          ctxs->reg[reg].arg = 0;
3235          if (di->ddump_frames)
3236             VG_(printf)("  rci:DW_CFA_same_value\n");
3237          break;
3238 
3239       case DW_CFA_GNU_args_size:
3240          /* No idea what is supposed to happen.  gdb-6.3 simply
3241             ignores these. */
3242          /*off = */ (void)step_leb128( &instr, 0 );
3243          if (di->ddump_frames)
3244             VG_(printf)("  rci:DW_CFA_GNU_args_size (ignored)\n");
3245          break;
3246 
3247       case DW_CFA_expression: {
3248          /* Identical to DW_CFA_val_expression except that the value
3249             computed is an address and so needs one final
3250             dereference. */
3251          DiCursor expr;
3252          reg = step_leb128( &instr, 0 );
3253          len = step_leb128( &instr, 0 );
3254          expr = instr;
3255          instr = ML_(cur_plus)(instr, len);
3256          if (reg < 0 || reg >= N_CFI_REGS)
3257             return 0; /* fail */
3258          if (di->ddump_frames)
3259             VG_(printf)("  DW_CFA_expression: r%d (",
3260                         (Int)reg);
3261          /* Convert the expression into a dag rooted at ctx->exprs index j,
3262             or fail. */
3263          j = dwarfexpr_to_dag ( ctx, expr, len, True/*push CFA at start*/,
3264                                 di->ddump_frames);
3265          if (di->ddump_frames)
3266             VG_(printf)(")\n");
3267          vg_assert(j >= -1);
3268          if (j >= 0) {
3269             vg_assert(ctx->exprs);
3270             vg_assert( j < VG_(sizeXA)(ctx->exprs) );
3271          }
3272          if (j == -1)
3273             return 0; /* fail */
3274          /* Add an extra dereference */
3275          j = ML_(CfiExpr_Deref)( ctx->exprs, j );
3276          ctxs->reg[reg].tag = RR_ValExpr;
3277          ctxs->reg[reg].arg = j;
3278          break;
3279       }
3280 
3281       case DW_CFA_val_expression: {
3282          DiCursor expr;
3283          reg = step_leb128( &instr, 0 );
3284          len = step_leb128( &instr, 0 );
3285          expr = instr;
3286          instr = ML_(cur_plus)(instr, len);
3287          if (reg < 0 || reg >= N_CFI_REGS)
3288             return 0; /* fail */
3289          if (di->ddump_frames)
3290             VG_(printf)("  DW_CFA_val_expression: r%d (",
3291                         (Int)reg);
3292          /* Convert the expression into a dag rooted at ctx->exprs index j,
3293             or fail. */
3294          j = dwarfexpr_to_dag ( ctx, expr, len, True/*push CFA at start*/,
3295                                 di->ddump_frames);
3296          if (di->ddump_frames)
3297             VG_(printf)(")\n");
3298          vg_assert(j >= -1);
3299          if (j >= 0) {
3300             vg_assert(ctx->exprs);
3301             vg_assert( j < VG_(sizeXA)(ctx->exprs) );
3302          }
3303          if (j == -1)
3304             return 0; /* fail */
3305          ctxs->reg[reg].tag = RR_ValExpr;
3306          ctxs->reg[reg].arg = j;
3307          break;
3308       }
3309 
3310       case DW_CFA_def_cfa_expression: {
3311          DiCursor expr;
3312          len = step_leb128( &instr, 0 );
3313          expr = instr;
3314          instr = ML_(cur_plus)(instr, len);
3315          if (di->ddump_frames)
3316             VG_(printf)("  DW_CFA_def_cfa_expression (");
3317          /* Convert the expression into a dag rooted at ctx->exprs index j,
3318             or fail. */
3319          j = dwarfexpr_to_dag ( ctx, expr, len, False/*!push CFA at start*/,
3320                                 di->ddump_frames);
3321          if (di->ddump_frames)
3322             VG_(printf)(")\n");
3323          ctxs->cfa_is_regoff = False;
3324          ctxs->cfa_reg       = 0;
3325          ctxs->cfa_off       = 0;
3326          ctxs->cfa_expr_ix   = j;
3327          break;
3328       }
3329 
3330       case DW_CFA_GNU_window_save:
3331          /* Ignored.  This appears to be sparc-specific; quite why it
3332             turns up in SuSE-supplied x86 .so's beats me. */
3333          if (di->ddump_frames)
3334             VG_(printf)("  DW_CFA_GNU_window_save\n");
3335          break;
3336 
3337       case DW_CFA_remember_state:
3338          if (di->ddump_frames)
3339             VG_(printf)("  DW_CFA_remember_state\n");
3340          /* we just checked this at entry, so: */
3341          vg_assert(ctx->state_sp >= 0 && ctx->state_sp < N_RR_STACK);
3342          ctx->state_sp++;
3343          if (ctx->state_sp == N_RR_STACK) {
3344             /* stack overflow.  We're hosed. */
3345             VG_(message)(Vg_DebugMsg, "DWARF2 CFI reader: N_RR_STACK is "
3346                                       "too low; increase and recompile.");
3347             return 0; /* indicate failure */
3348          } else {
3349             VG_(memcpy)(/*dst*/&ctx->state[ctx->state_sp],
3350                         /*src*/&ctx->state[ctx->state_sp - 1],
3351                         sizeof(ctx->state[ctx->state_sp]) );
3352          }
3353          break;
3354 
3355       case DW_CFA_restore_state:
3356          if (di->ddump_frames)
3357             VG_(printf)("  DW_CFA_restore_state\n");
3358          /* we just checked this at entry, so: */
3359          vg_assert(ctx->state_sp >= 0 && ctx->state_sp < N_RR_STACK);
3360          if (ctx->state_sp == 0) {
3361             /* stack undefflow.  Give up. */
3362             return 0; /* indicate failure */
3363          } else {
3364             /* simply fall back to previous entry */
3365             ctx->state_sp--;
3366          }
3367          break;
3368 
3369       case DW_CFA_ORCL_arg_loc:
3370          if (di->ddump_frames)
3371             VG_(printf)("  DW_CFA_ORCL_arg_loc\n");
3372          break;
3373 
3374       default:
3375          VG_(message)(Vg_DebugMsg, "DWARF2 CFI reader: unhandled CFI "
3376                                    "instruction 0:%d\n", (Int)lo6);
3377          if (di->ddump_frames)
3378             VG_(printf)("  rci:run_CF_instruction:default\n");
3379          return 0; /* failure */
3380          /*NOTREACHED*/
3381    }
3382 
3383    return ML_(cur_minus)(instr, instrIN);
3384 }
3385 
3386 
3387 /* Show a CFI instruction, and also return its length.  Show it as
3388    close as possible (preferably identical) to how GNU binutils
3389    readelf --debug-dump=frames would. */
3390 
show_CF_instruction(DiCursor instrIN,const AddressDecodingInfo * adi,Int code_a_f,Int data_a_f)3391 static Int show_CF_instruction ( DiCursor instrIN,
3392                                  const AddressDecodingInfo* adi,
3393                                  Int code_a_f, Int data_a_f )
3394 {
3395    Int      off, coff, reg, reg2, len;
3396    UInt     delta;
3397    Addr     loc;
3398    DiCursor instr   = instrIN;
3399    UChar    instr_0 = ML_(cur_step_UChar)(&instr);
3400    UChar    hi2     = (instr_0 >> 6) & 3;
3401    UChar    lo6     = instr_0 & 0x3F;
3402 
3403    if (0) {
3404       DiCursor tmpi = instrIN;
3405       UInt i_0 = ML_(cur_step_UChar)(&tmpi);
3406       UInt i_1 = ML_(cur_step_UChar)(&tmpi);
3407       UInt i_2 = ML_(cur_step_UChar)(&tmpi);
3408       UInt i_3 = ML_(cur_step_UChar)(&tmpi);
3409       UInt i_4 = ML_(cur_step_UChar)(&tmpi);
3410       UInt i_5 = ML_(cur_step_UChar)(&tmpi);
3411       UInt i_6 = ML_(cur_step_UChar)(&tmpi);
3412       UInt i_7 = ML_(cur_step_UChar)(&tmpi);
3413       VG_(printf)("raw:%x/%x:%x:%x:%x:%x:%x:%x:%x:%x\n",
3414                   hi2, lo6, i_0, i_1, i_2, i_3, i_4, i_5, i_6, i_7);
3415    }
3416 
3417    if (hi2 == DW_CFA_advance_loc) {
3418       VG_(printf)("  sci:DW_CFA_advance_loc(%d)\n", (Int)lo6);
3419       return ML_(cur_minus)(instr, instrIN);
3420    }
3421 
3422    if (hi2 == DW_CFA_offset) {
3423       off = step_leb128( &instr, 0 );
3424       coff = off * data_a_f;
3425       VG_(printf)("  DW_CFA_offset: r%d at cfa%s%d\n",
3426                   (Int)lo6, coff < 0 ? "" : "+", (Int)coff );
3427       return ML_(cur_minus)(instr, instrIN);
3428    }
3429 
3430    if (hi2 == DW_CFA_restore) {
3431       VG_(printf)("  sci:DW_CFA_restore(r%d)\n", (Int)lo6);
3432       return ML_(cur_minus)(instr, instrIN);
3433    }
3434 
3435    vg_assert(hi2 == DW_CFA_use_secondary);
3436 
3437    switch (lo6) {
3438 
3439       case DW_CFA_nop:
3440          VG_(printf)("  DW_CFA_nop\n");
3441          break;
3442 
3443       case DW_CFA_set_loc:
3444          /* WAS: loc = read_Addr(&instr[i]); i+= sizeof(Addr);
3445             (now known to be incorrect -- the address is encoded) */
3446          loc = step_encoded_Addr(adi, &instr);
3447          VG_(printf)("  sci:DW_CFA_set_loc(%#lx)\n", loc);
3448          break;
3449 
3450       case DW_CFA_advance_loc1:
3451          delta = (UInt)ML_(cur_step_UChar)(&instr);
3452          VG_(printf)("  sci:DW_CFA_advance_loc1(%u)\n", delta);
3453          break;
3454 
3455       case DW_CFA_advance_loc2:
3456          delta = (UInt)ML_(cur_step_UShort)(&instr);
3457          VG_(printf)("  sci:DW_CFA_advance_loc2(%u)\n", delta);
3458          break;
3459 
3460       case DW_CFA_advance_loc4:
3461          delta = (UInt)ML_(cur_step_UInt)(&instr);
3462          VG_(printf)("  DW_CFA_advance_loc4(%u)\n", delta);
3463          break;
3464 
3465       case DW_CFA_def_cfa:
3466          reg = step_leb128( &instr, 0 );
3467          off = step_leb128( &instr, 0 );
3468          VG_(printf)("  DW_CFA_def_cfa: r%d ofs %d\n", reg, off);
3469          break;
3470 
3471       case DW_CFA_def_cfa_sf:
3472          reg = step_leb128( &instr, 0 );
3473          off = step_leb128( &instr, 1 );
3474          VG_(printf)("  DW_CFA_def_cfa_sf: r%d ofs %d\n",
3475                      reg, off * data_a_f);
3476          break;
3477 
3478       case DW_CFA_register:
3479          reg  = step_leb128( &instr, 0);
3480          reg2 = step_leb128( &instr, 0);
3481          VG_(printf)("  sci:DW_CFA_register(r%d, r%d)\n", reg, reg2);
3482          break;
3483 
3484       case DW_CFA_def_cfa_register:
3485          reg = step_leb128( &instr, 0);
3486          VG_(printf)("  sci:DW_CFA_def_cfa_register(r%d)\n", reg);
3487          break;
3488 
3489       case DW_CFA_def_cfa_offset:
3490          off = step_leb128( &instr, 0);
3491          VG_(printf)("  sci:DW_CFA_def_cfa_offset(%d)\n", off);
3492          break;
3493 
3494       case DW_CFA_def_cfa_offset_sf:
3495          off = step_leb128( &instr, 1);
3496          VG_(printf)("  sci:DW_CFA_def_cfa_offset_sf(%d)\n", off);
3497          break;
3498 
3499       case DW_CFA_restore_extended:
3500          reg = step_leb128( &instr, 0);
3501          VG_(printf)("  sci:DW_CFA_restore_extended(r%d)\n", reg);
3502          break;
3503 
3504       case DW_CFA_undefined:
3505          reg = step_leb128( &instr, 0);
3506          VG_(printf)("  sci:DW_CFA_undefined(r%d)\n", reg);
3507          break;
3508 
3509       case DW_CFA_same_value:
3510          reg = step_leb128( &instr, 0);
3511          VG_(printf)("  sci:DW_CFA_same_value(r%d)\n", reg);
3512          break;
3513 
3514       case DW_CFA_remember_state:
3515          VG_(printf)("  sci:DW_CFA_remember_state\n");
3516          break;
3517 
3518       case DW_CFA_restore_state:
3519          VG_(printf)("  sci:DW_CFA_restore_state\n");
3520          break;
3521 
3522       case DW_CFA_GNU_args_size:
3523          off = step_leb128( &instr, 0 );
3524          VG_(printf)("  sci:DW_CFA_GNU_args_size(%d)\n", off );
3525          break;
3526 
3527       case DW_CFA_def_cfa_expression:
3528          len = step_leb128( &instr, 0 );
3529          instr = ML_(cur_plus)(instr, len);
3530          VG_(printf)("  sci:DW_CFA_def_cfa_expression(length %d)\n", len);
3531          break;
3532 
3533       case DW_CFA_expression:
3534          reg = step_leb128( &instr, 0 );
3535          len = step_leb128( &instr, 0 );
3536          instr = ML_(cur_plus)(instr, len);
3537          VG_(printf)("  sci:DW_CFA_expression(r%d, length %d)\n", reg, len);
3538          break;
3539 
3540       case DW_CFA_val_expression:
3541          reg = step_leb128( &instr, 0 );
3542          len = step_leb128( &instr, 0 );
3543          instr = ML_(cur_plus)(instr, len);
3544          VG_(printf)("  sci:DW_CFA_val_expression(r%d, length %d)\n", reg, len);
3545          break;
3546 
3547       case DW_CFA_offset_extended:
3548          reg = step_leb128( &instr, 0 );
3549          off = step_leb128( &instr, 0 );
3550          VG_(printf)("  sci:DW_CFA_offset_extended(r%d, "
3551                      "off %d x data_af)\n", reg, off);
3552          break;
3553 
3554       case DW_CFA_offset_extended_sf:
3555          reg = step_leb128( &instr, 0 );
3556          off = step_leb128( &instr, 1 );
3557 	 coff = (Int)(off * data_a_f);
3558          VG_(printf)("  DW_CFA_offset_extended_sf: r%d at cfa%s%d\n",
3559                         reg, coff < 0 ? "" : "+", coff);
3560          break;
3561 
3562       case DW_CFA_GNU_negative_offset_extended:
3563          reg = step_leb128( &instr, 0 );
3564          off = step_leb128( &instr, 0 );
3565          VG_(printf)("  sci:DW_CFA_GNU_negative_offset_extended"
3566                      "(r%d, off %d x data_af)\n", reg, -off);
3567          break;
3568 
3569       case DW_CFA_val_offset:
3570          reg = step_leb128( &instr, 0 );
3571          off = step_leb128( &instr, 0 );
3572          VG_(printf)("  sci:DW_CFA_val_offset(r%d, off %d x data_af)\n",
3573                      reg, off);
3574          break;
3575 
3576        case DW_CFA_val_offset_sf:
3577          reg = step_leb128( &instr, 0 );
3578          off = step_leb128( &instr, 1 );
3579          VG_(printf)("  sci:DW_CFA_val_offset_sf(r%d, off %d x data_af)\n",
3580                      reg, off);
3581          break;
3582 
3583       case DW_CFA_GNU_window_save:
3584          VG_(printf)("  sci:DW_CFA_GNU_window_save\n");
3585          break;
3586 
3587       case DW_CFA_ORCL_arg_loc:
3588          /* :TODO: Print all arguments when implemented in libdwarf. */
3589          VG_(printf)("  sci:DW_CFA_ORCL_arg_loc\n");
3590          break;
3591 
3592       default:
3593          VG_(printf)("  sci:0:%d\n", (Int)lo6);
3594          break;
3595    }
3596 
3597    return ML_(cur_minus)(instr, instrIN);
3598 }
3599 
3600 
3601 /* Show the instructions in instrs[0 .. ilen-1]. */
show_CF_instructions(DiCursor instrs,Int ilen,const AddressDecodingInfo * adi,Int code_a_f,Int data_a_f)3602 static void show_CF_instructions ( DiCursor instrs, Int ilen,
3603                                    const AddressDecodingInfo* adi,
3604                                    Int code_a_f, Int data_a_f )
3605 {
3606    Int i = 0;
3607    while (True) {
3608       if (i >= ilen) break;
3609       i += show_CF_instruction( ML_(cur_plus)(instrs, i),
3610                                 adi, code_a_f, data_a_f );
3611    }
3612 }
3613 
3614 
3615 /* Run the CF instructions in instrs[0 .. ilen-1], until the end is
3616    reached, or until there is a failure.  Return True iff success.
3617 */
3618 static
run_CF_instructions(DebugInfo * di,Bool record,UnwindContext * ctx,DiCursor instrs,Int ilen,UWord fde_arange,const UnwindContext * restore_ctx,const AddressDecodingInfo * adi)3619 Bool run_CF_instructions ( DebugInfo* di,
3620                            Bool record,
3621                            UnwindContext* ctx, DiCursor instrs, Int ilen,
3622                            UWord fde_arange,
3623                            const UnwindContext* restore_ctx,
3624                            const AddressDecodingInfo* adi )
3625 {
3626    Addr base;
3627    UInt len;
3628    DiCfSI_m cfsi_m;
3629    Bool summ_ok;
3630    Int j, i = 0;
3631    Addr loc_prev;
3632    if (0) ppUnwindContext(ctx);
3633    if (0) ppUnwindContext_summary(ctx);
3634    while (True) {
3635       loc_prev = ctx->loc;
3636       if (i >= ilen) break;
3637       if (0) (void)show_CF_instruction( ML_(cur_plus)(instrs,i), adi,
3638                                         ctx->code_a_f, ctx->data_a_f );
3639       j = run_CF_instruction( ctx, ML_(cur_plus)(instrs,i),
3640                               restore_ctx, adi, di );
3641       if (j == 0)
3642          return False; /* execution failed */
3643       i += j;
3644       if (0) ppUnwindContext(ctx);
3645       if (record && loc_prev != ctx->loc) {
3646          summ_ok = summarise_context ( &base, &len, &cfsi_m,
3647                                        loc_prev, ctx, di );
3648          if (summ_ok) {
3649             ML_(addDiCfSI)(di, base, len, &cfsi_m);
3650             if (di->trace_cfi)
3651                ML_(ppDiCfSI)(di->cfsi_exprs, base, len, &cfsi_m);
3652          }
3653       }
3654    }
3655    if (ctx->loc < fde_arange) {
3656       loc_prev = ctx->loc;
3657       ctx->loc = fde_arange;
3658       if (record) {
3659          summ_ok = summarise_context ( &base, &len, &cfsi_m,
3660                                        loc_prev, ctx, di );
3661          if (summ_ok) {
3662             ML_(addDiCfSI)(di, base, len, &cfsi_m);
3663             if (di->trace_cfi)
3664                ML_(ppDiCfSI)(di->cfsi_exprs, base, len, &cfsi_m);
3665          }
3666       }
3667    }
3668    return True;
3669 }
3670 
3671 
3672 /* ------------ Main entry point for CFI reading ------------ */
3673 
3674 typedef
3675    struct {
3676       /* This gives the CIE an identity to which FDEs will refer. */
3677       ULong    offset;
3678       /* Code, data factors. */
3679       Int      code_a_f;
3680       Int      data_a_f;
3681       /* Return-address pseudo-register. */
3682       Int      ra_reg;
3683       UChar    address_encoding;
3684       /* Where are the instrs? */
3685       DiCursor instrs;
3686       Int      ilen;
3687       /* God knows .. don't ask */
3688       Bool     saw_z_augmentation;
3689    }
3690    CIE;
3691 
init_CIE(CIE * cie)3692 static void init_CIE ( CIE* cie )
3693 {
3694    cie->offset             = 0;
3695    cie->code_a_f           = 0;
3696    cie->data_a_f           = 0;
3697    cie->ra_reg             = 0;
3698    cie->address_encoding   = 0;
3699    cie->instrs             = DiCursor_INVALID;
3700    cie->ilen               = 0;
3701    cie->saw_z_augmentation = False;
3702 }
3703 
3704 static CIE *the_CIEs = NULL;
3705 static SizeT N_CIEs = 0;
3706 
3707 /* Read, summarise and store CFA unwind info from .eh_frame and
3708    .debug_frame sections.  is_ehframe tells us which kind we are
3709    dealing with -- they are slightly different. */
ML_(read_callframe_info_dwarf3)3710 void ML_(read_callframe_info_dwarf3)
3711         ( /*OUT*/struct _DebugInfo* di,
3712           DiSlice escn_frame, Addr frame_avma, Bool is_ehframe )
3713 {
3714    const HChar* how = NULL;
3715    Int      n_CIEs = 0;
3716    DiCursor frame_image = ML_(cur_from_sli)(escn_frame); /* fixed */
3717    DiOffT   frame_size  = escn_frame.szB;
3718    DiCursor data        = frame_image;
3719    UWord    cfsi_used_orig;
3720 
3721    /* If we're dealing with a .debug_frame, assume zero frame_avma. */
3722    if (!is_ehframe)
3723       vg_assert(frame_avma == 0);
3724 
3725 #  if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \
3726       || defined(VGP_ppc64le_linux)
3727    /* These targets don't use CFI-based stack unwinding.  */
3728    return;
3729 #  endif
3730 
3731    /* If we read more than one .debug_frame or .eh_frame for this
3732       DebugInfo*, the second and subsequent reads should only add FDEs
3733       for address ranges not already covered by the FDEs already
3734       present.  To be able to quickly check which address ranges are
3735       already present, any existing records (DiCFSIs) must be sorted,
3736       so we can binary-search them in the code below.  We also record
3737       di->cfsi_used so that we know where the boundary is between
3738       existing and new records. */
3739    if (di->cfsi_used > 0) {
3740       ML_(canonicaliseCFI) ( di );
3741    }
3742    cfsi_used_orig = di->cfsi_used;
3743 
3744    if (di->trace_cfi) {
3745       VG_(printf)("\n-----------------------------------------------\n");
3746       VG_(printf)("CFI info: szB %llu, _avma %#lx\n",
3747                   escn_frame.szB, frame_avma );
3748       VG_(printf)("CFI info: name %s\n", di->fsm.filename );
3749    }
3750 
3751    /* Loop over CIEs/FDEs */
3752 
3753    /* Conceptually, the frame info is a sequence of FDEs, one for each
3754       function.  Inside an FDE is a miniature program for a special
3755       state machine, which, when run, produces the stack-unwinding
3756       info for that function.
3757 
3758       Because the FDEs typically have much in common, and because the
3759       DWARF designers appear to have been fanatical about space
3760       saving, the common parts are factored out into so-called CIEs.
3761       That means that what we traverse is a sequence of structs, each
3762       of which is either a FDE (usually) or a CIE (occasionally).
3763       Each FDE has a field indicating which CIE is the one pertaining
3764       to it.
3765 
3766       The following loop traverses the sequence.  FDEs are dealt with
3767       immediately; once we harvest the useful info in an FDE, it is
3768       then forgotten about.  By contrast, CIEs are validated and
3769       dumped into an array, because later FDEs may refer to any
3770       previously-seen CIE.
3771    */
3772    while (True) {
3773       DiCursor ciefde_start;
3774       ULong    ciefde_len;
3775       ULong    cie_pointer;
3776       Bool     dw64;
3777 
3778       /* Are we done? */
3779       if (ML_(cur_cmpEQ)(data, ML_(cur_plus)(frame_image, frame_size)))
3780          return;
3781 
3782       /* Overshot the end?  Means something is wrong */
3783       if (ML_(cur_cmpGT)(data, ML_(cur_plus)(frame_image, frame_size))) {
3784          how = "overran the end of .eh_frame";
3785          goto bad;
3786       }
3787 
3788       /* Ok, we must be looking at the start of a new CIE or FDE.
3789          Figure out which it is. */
3790 
3791       ciefde_start = data;
3792       if (di->trace_cfi)
3793          VG_(printf)("\ncie/fde.start   = (frame_image + 0x%llx)\n",
3794                      (ULong)ML_(cur_minus)(ciefde_start, frame_image));
3795 
3796       ciefde_len = (ULong)ML_(cur_step_UInt)(&data);
3797       if (di->trace_cfi)
3798          VG_(printf)("cie/fde.length  = %llu\n", ciefde_len);
3799 
3800       /* Apparently, if the .length field is zero, we are at the end
3801          of the sequence.  This is stated in the Generic Elf
3802          Specification (see comments far above here) and is one of the
3803          places where .eh_frame and .debug_frame data differ. */
3804       if (ciefde_len == 0) {
3805          if (di->ddump_frames)
3806             VG_(printf)("%08llx ZERO terminator\n\n",
3807                         (ULong)ML_(cur_minus)(ciefde_start, frame_image));
3808          return;
3809       }
3810 
3811       /* If the .length field is 0xFFFFFFFF then we're dealing with
3812          64-bit DWARF, and the real length is stored as a 64-bit
3813          number immediately following it. */
3814       dw64 = False;
3815       if (ciefde_len == 0xFFFFFFFFUL) {
3816          dw64 = True;
3817          ciefde_len = ML_(cur_step_ULong)(&data);
3818       }
3819 
3820       /* Now get the CIE ID, whose size depends on the DWARF 32 vs
3821 	 64-ness. */
3822       if (dw64) {
3823          /* see XXX below */
3824          cie_pointer = ML_(cur_step_ULong)(&data);
3825       } else {
3826          /* see XXX below */
3827          cie_pointer = (ULong)ML_(cur_step_UInt)(&data);
3828       }
3829 
3830       if (di->trace_cfi)
3831          VG_(printf)("cie.pointer     = %llu\n", cie_pointer);
3832 
3833       /* If cie_pointer is zero for .eh_frame or all ones for .debug_frame,
3834          we've got a CIE; else it's an FDE. */
3835       if (cie_pointer == (is_ehframe ? 0ULL
3836                           : dw64 ? 0xFFFFFFFFFFFFFFFFULL : 0xFFFFFFFFULL)) {
3837 
3838          Int      this_CIE;
3839          UChar    cie_version;
3840          DiCursor cie_augmentation;
3841 
3842          /* --------- CIE --------- */
3843 	 if (di->trace_cfi)
3844             VG_(printf)("------ new CIE #%d ------\n", n_CIEs);
3845 
3846 	 /* Allocate a new CIE record. */
3847          vg_assert(n_CIEs >= 0);
3848          if (n_CIEs == N_CIEs) {
3849             N_CIEs += 1000;
3850             the_CIEs = ML_(dinfo_realloc)("di.rcid3.2", the_CIEs,
3851                                           N_CIEs * sizeof the_CIEs[0]);
3852          }
3853 
3854          this_CIE = n_CIEs;
3855          n_CIEs++;
3856          init_CIE( &the_CIEs[this_CIE] );
3857 
3858 	 /* Record its offset.  This is how we will find it again
3859             later when looking at an FDE. */
3860          the_CIEs[this_CIE].offset
3861             = (ULong)ML_(cur_minus)(ciefde_start, frame_image);
3862 
3863          if (di->ddump_frames)
3864             VG_(printf)("%08lx %08lx %08lx CIE\n",
3865                         (Addr)ML_(cur_minus)(ciefde_start, frame_image),
3866                         (Addr)ciefde_len,
3867                         (Addr)(UWord)cie_pointer );
3868 
3869          cie_version = ML_(cur_step_UChar)(&data);
3870          if (di->trace_cfi)
3871             VG_(printf)("cie.version     = %d\n", (Int)cie_version);
3872          if (di->ddump_frames)
3873             VG_(printf)("  Version:               %d\n", (Int)cie_version);
3874          if (cie_version != 1 && cie_version != 3 && cie_version != 4) {
3875             how = "unexpected CIE version (not 1 nor 3 nor 4)";
3876             goto bad;
3877          }
3878 
3879          cie_augmentation = data;
3880          data = ML_(cur_plus)(data, 1 + ML_(cur_strlen)(cie_augmentation));
3881 
3882          if (di->trace_cfi || di->ddump_frames) {
3883             HChar* str = ML_(cur_read_strdup)(cie_augmentation, "di.rcid3.1");
3884             if (di->trace_cfi)
3885                VG_(printf)("cie.augment     = \"%s\"\n", str);
3886             if (di->ddump_frames)
3887                VG_(printf)("  Augmentation:          \"%s\"\n", str);
3888             ML_(dinfo_free)(str);
3889          }
3890 
3891          if (ML_(cur_read_UChar)(cie_augmentation) == 'e'
3892              && ML_(cur_read_UChar)
3893                    (ML_(cur_plus)(cie_augmentation, 1)) == 'h') {
3894             data = ML_(cur_plus)(data, sizeof(Addr));
3895             cie_augmentation = ML_(cur_plus)(cie_augmentation, 2);
3896          }
3897 
3898          if (cie_version >= 4) {
3899             if (ML_(cur_step_UChar)(&data) != sizeof(Addr)) {
3900                how = "unexpected address size";
3901                goto bad;
3902             }
3903             if (ML_(cur_step_UChar)(&data) != 0) {
3904                how = "unexpected non-zero segment size";
3905                goto bad;
3906             }
3907          }
3908 
3909          the_CIEs[this_CIE].code_a_f = step_leb128( &data, 0);
3910          if (di->trace_cfi)
3911             VG_(printf)("cie.code_af     = %d\n",
3912                         the_CIEs[this_CIE].code_a_f);
3913          if (di->ddump_frames)
3914             VG_(printf)("  Code alignment factor: %d\n",
3915                         (Int)the_CIEs[this_CIE].code_a_f);
3916 
3917          the_CIEs[this_CIE].data_a_f = step_leb128( &data, 1);
3918          if (di->trace_cfi)
3919             VG_(printf)("cie.data_af     = %d\n",
3920                         the_CIEs[this_CIE].data_a_f);
3921          if (di->ddump_frames)
3922             VG_(printf)("  Data alignment factor: %d\n",
3923                         (Int)the_CIEs[this_CIE].data_a_f);
3924 
3925          if (cie_version == 1) {
3926             the_CIEs[this_CIE].ra_reg = (Int)ML_(cur_step_UChar)(&data);
3927          } else {
3928             the_CIEs[this_CIE].ra_reg = step_leb128( &data, 0);
3929          }
3930          if (di->trace_cfi)
3931             VG_(printf)("cie.ra_reg      = %d\n",
3932                         the_CIEs[this_CIE].ra_reg);
3933          if (di->ddump_frames)
3934             VG_(printf)("  Return address column: %d\n",
3935                         (Int)the_CIEs[this_CIE].ra_reg);
3936 
3937          if (the_CIEs[this_CIE].ra_reg < 0
3938              || the_CIEs[this_CIE].ra_reg >= N_CFI_REGS) {
3939             how = "cie.ra_reg has implausible value";
3940             goto bad;
3941          }
3942 
3943          the_CIEs[this_CIE].saw_z_augmentation
3944             = ML_(cur_read_UChar)(cie_augmentation) == 'z';
3945          if (the_CIEs[this_CIE].saw_z_augmentation) {
3946             UInt length = step_leb128( &data, 0);
3947             the_CIEs[this_CIE].instrs = ML_(cur_plus)(data, length);
3948             cie_augmentation = ML_(cur_plus)(cie_augmentation, 1);
3949             if (di->ddump_frames) {
3950                UInt i;
3951                VG_(printf)("  Augmentation data:    ");
3952                for (i = 0; i < length; i++)
3953                   VG_(printf)(" %02x", (UInt)ML_(cur_read_UChar)
3954                                                 (ML_(cur_plus)(data, i)));
3955                VG_(printf)("\n");
3956             }
3957          } else {
3958             the_CIEs[this_CIE].instrs = DiCursor_INVALID;
3959          }
3960 
3961          the_CIEs[this_CIE].address_encoding = default_Addr_encoding();
3962 
3963          while (ML_(cur_read_UChar)(cie_augmentation)) {
3964             switch (ML_(cur_read_UChar)(cie_augmentation)) {
3965                case 'L':
3966                   data = ML_(cur_plus)(data, 1);
3967                   cie_augmentation = ML_(cur_plus)(cie_augmentation, 1);
3968                   break;
3969                case 'R':
3970                   the_CIEs[this_CIE].address_encoding
3971                      = ML_(cur_step_UChar)(&data);
3972                   cie_augmentation = ML_(cur_plus)(cie_augmentation, 1);
3973                   break;
3974                case 'P':
3975                   data = ML_(cur_plus)(data, size_of_encoded_Addr(
3976                                                 ML_(cur_read_UChar)(data) ));
3977                   data = ML_(cur_plus)(data, 1);
3978                   cie_augmentation = ML_(cur_plus)(cie_augmentation, 1);
3979                   break;
3980                case 'S':
3981                   cie_augmentation = ML_(cur_plus)(cie_augmentation, 1);
3982                   break;
3983                default:
3984                   if (!ML_(cur_is_valid)(the_CIEs[this_CIE].instrs)) {
3985                      how = "unhandled cie.augmentation";
3986                      goto bad;
3987                   }
3988                   data = the_CIEs[this_CIE].instrs;
3989                   goto done_augmentation;
3990             }
3991          }
3992 
3993         done_augmentation:
3994 
3995          if (di->trace_cfi)
3996             VG_(printf)("cie.encoding    = 0x%x\n",
3997                         the_CIEs[this_CIE].address_encoding);
3998 
3999          the_CIEs[this_CIE].instrs = data;
4000          the_CIEs[this_CIE].ilen   = ML_(cur_minus)(ciefde_start, data)
4001                                      + (Long)ciefde_len + (Long)sizeof(UInt);
4002          if (di->trace_cfi) {
4003             //VG_(printf)("cie.instrs      = %p\n", the_CIEs[this_CIE].instrs);
4004             VG_(printf)("cie.ilen        = %d\n", the_CIEs[this_CIE].ilen);
4005 	 }
4006 
4007          if (the_CIEs[this_CIE].ilen < 0
4008              || the_CIEs[this_CIE].ilen > frame_size) {
4009             how = "implausible # cie initial insns";
4010             goto bad;
4011          }
4012 
4013          data = ML_(cur_plus)(data, the_CIEs[this_CIE].ilen);
4014 
4015          /* Show the CIE's instructions (the preamble for each FDE
4016             that uses this CIE). */
4017          if (di->ddump_frames)
4018             VG_(printf)("\n");
4019 
4020          if (di->trace_cfi || di->ddump_frames) {
4021             AddressDecodingInfo adi;
4022             adi.encoding      = the_CIEs[this_CIE].address_encoding;
4023             adi.ehframe_image = frame_image;
4024             adi.ehframe_avma  = frame_avma;
4025             adi.text_bias     = di->text_debug_bias;
4026             adi.got_avma      = di->got_avma;
4027             show_CF_instructions( the_CIEs[this_CIE].instrs,
4028                                   the_CIEs[this_CIE].ilen, &adi,
4029                                   the_CIEs[this_CIE].code_a_f,
4030                                   the_CIEs[this_CIE].data_a_f );
4031          }
4032 
4033          if (di->ddump_frames)
4034             VG_(printf)("\n");
4035 
4036       } else {
4037 
4038          AddressDecodingInfo adi;
4039          UnwindContext ctx, restore_ctx;
4040          Int      cie;
4041          ULong    look_for;
4042          Bool     ok;
4043          Addr     fde_initloc;
4044          UWord    fde_arange;
4045          DiCursor fde_instrs;
4046          Int      fde_ilen;
4047 
4048          /* --------- FDE --------- */
4049 
4050          /* Find the relevant CIE.  The CIE we want is located
4051             cie_pointer bytes back from here. */
4052 
4053          /* re sizeof(UInt) / sizeof(ULong), matches XXX above. */
4054          if (is_ehframe)
4055             look_for = ML_(cur_minus)(data, frame_image)
4056                        - (dw64 ? sizeof(ULong) : sizeof(UInt))
4057                        - cie_pointer;
4058          else
4059             look_for = cie_pointer;
4060 
4061          for (cie = 0; cie < n_CIEs; cie++) {
4062             if (0) VG_(printf)("look for %llu   %llu\n",
4063                                look_for, the_CIEs[cie].offset );
4064             if (the_CIEs[cie].offset == look_for)
4065                break;
4066 	 }
4067          vg_assert(cie >= 0 && cie <= n_CIEs);
4068          if (cie == n_CIEs) {
4069             how = "FDE refers to not-findable CIE";
4070             goto bad;
4071 	 }
4072 
4073          adi.encoding      = the_CIEs[cie].address_encoding;
4074          adi.ehframe_image = frame_image;
4075          adi.ehframe_avma  = frame_avma;
4076          adi.text_bias     = di->text_debug_bias;
4077          adi.got_avma      = di->got_avma;
4078          fde_initloc = step_encoded_Addr(&adi, &data);
4079          if (di->trace_cfi)
4080             VG_(printf)("fde.initloc     = %#lx\n", fde_initloc);
4081 
4082          adi.encoding      = the_CIEs[cie].address_encoding & 0xf;
4083          adi.ehframe_image = frame_image;
4084          adi.ehframe_avma  = frame_avma;
4085          adi.text_bias     = di->text_debug_bias;
4086          adi.got_avma      = di->got_avma;
4087 
4088          /* WAS (incorrectly):
4089             fde_arange = read_encoded_Addr(&nbytes, &adi, data);
4090             data += nbytes;
4091             The following corresponds to what binutils/dwarf.c does:
4092          */
4093          { UInt ptr_size = size_of_encoded_Addr( adi.encoding );
4094            switch (ptr_size) {
4095               case 8: case 4: case 2: case 1:
4096                  fde_arange
4097                     = (UWord)step_le_u_encoded_literal(&data, ptr_size);
4098                  break;
4099               default:
4100                  how = "unknown arange field encoding in FDE";
4101                  goto bad;
4102            }
4103          }
4104 
4105          if (di->trace_cfi)
4106             VG_(printf)("fde.arangec     = %#lx\n", fde_arange);
4107 
4108          if (di->ddump_frames)
4109             VG_(printf)("%08lx %08lx %08lx FDE cie=%08lx pc=%08lx..%08lx\n",
4110                         (Addr)ML_(cur_minus)(ciefde_start, frame_image),
4111                         (Addr)ciefde_len,
4112                         (Addr)(UWord)cie_pointer,
4113                         (Addr)look_for,
4114                         ((Addr)fde_initloc) - di->text_debug_bias,
4115                         ((Addr)fde_initloc) - di->text_debug_bias + fde_arange);
4116 
4117          if (the_CIEs[cie].saw_z_augmentation) {
4118             UInt length = step_leb128( &data, 0);
4119             if (di->ddump_frames && (length > 0)) {
4120                UInt i;
4121                VG_(printf)("  Augmentation data:    ");
4122                for (i = 0; i < length; i++)
4123                   VG_(printf)(" %02x", (UInt)ML_(cur_read_UChar)
4124                                                 (ML_(cur_plus)(data, i)));
4125                VG_(printf)("\n\n");
4126             }
4127             data = ML_(cur_plus)(data, length);
4128          }
4129 
4130          fde_instrs = data;
4131          fde_ilen   = ML_(cur_minus)(ciefde_start, data)
4132                       + (Long)ciefde_len + (Long)sizeof(UInt);
4133          if (di->trace_cfi) {
4134             //VG_(printf)("fde.instrs      = %p\n", fde_instrs);
4135             VG_(printf)("fde.ilen        = %d\n", (Int)fde_ilen);
4136 	 }
4137 
4138          if (fde_ilen < 0 || fde_ilen > frame_size) {
4139             how = "implausible # fde insns";
4140             goto bad;
4141          }
4142 
4143 	 data = ML_(cur_plus)(data, fde_ilen);
4144 
4145          /* If this object's DebugInfo* had some DiCFSIs from a
4146             previous .eh_frame or .debug_frame read, we must check
4147             that we're not adding a duplicate. */
4148          if (cfsi_used_orig > 0) {
4149             Addr a_mid_lo, a_mid_hi;
4150             Word mid, size,
4151                  lo = 0,
4152                  hi = cfsi_used_orig-1;
4153             while (True) {
4154                /* current unsearched space is from lo to hi, inclusive. */
4155                if (lo > hi) break; /* not found */
4156                mid      = (lo + hi) / 2;
4157                a_mid_lo = di->cfsi_rd[mid].base;
4158                size     = di->cfsi_rd[mid].len;
4159                a_mid_hi = a_mid_lo + size - 1;
4160                vg_assert(a_mid_hi >= a_mid_lo);
4161                if (fde_initloc + fde_arange <= a_mid_lo) {
4162                   hi = mid-1; continue;
4163                }
4164                if (fde_initloc > a_mid_hi) { lo = mid+1; continue; }
4165                break;
4166             }
4167 
4168             /* The range this .debug_frame FDE covers has been already
4169                covered in .eh_frame section.  Don't add it from .debug_frame
4170                section again.  */
4171             if (lo <= hi)
4172                continue;
4173          }
4174 
4175          adi.encoding      = the_CIEs[cie].address_encoding;
4176          adi.ehframe_image = frame_image;
4177          adi.ehframe_avma  = frame_avma;
4178          adi.text_bias     = di->text_debug_bias;
4179          adi.got_avma      = di->got_avma;
4180 
4181          if (di->trace_cfi)
4182             show_CF_instructions( fde_instrs, fde_ilen, &adi,
4183                                   the_CIEs[cie].code_a_f,
4184                                   the_CIEs[cie].data_a_f );
4185 
4186 	 initUnwindContext(&ctx);
4187          ctx.code_a_f = the_CIEs[cie].code_a_f;
4188          ctx.data_a_f = the_CIEs[cie].data_a_f;
4189          ctx.initloc  = fde_initloc;
4190          ctx.ra_reg   = the_CIEs[cie].ra_reg;
4191          ctx.exprs    = VG_(newXA)( ML_(dinfo_zalloc), "di.rcid.1",
4192                                     ML_(dinfo_free),
4193                                     sizeof(CfiExpr) );
4194 
4195 	 /* Run the CIE's instructions.  Ugly hack: if
4196             --debug-dump=frames is in effect, suppress output for
4197             these instructions since they will already have been shown
4198             at the time the CIE was first encountered.  Note, not
4199             thread safe - if this reader is ever made threaded, should
4200             fix properly. */
4201 	 { Bool hack = di->ddump_frames;
4202            di->ddump_frames = False;
4203            initUnwindContext(&restore_ctx);
4204            ok = run_CF_instructions(
4205                    di, False, &ctx, the_CIEs[cie].instrs,
4206                    the_CIEs[cie].ilen, 0, NULL, &adi
4207                 );
4208            di->ddump_frames = hack;
4209          }
4210          /* And now run the instructions for the FDE, starting from
4211             the state created by running the CIE preamble
4212             instructions. */
4213          if (ok) {
4214             restore_ctx = ctx;
4215 	    ok = run_CF_instructions(
4216                     di, True, &ctx, fde_instrs, fde_ilen, fde_arange,
4217                     &restore_ctx, &adi
4218                  );
4219             if (di->ddump_frames)
4220                VG_(printf)("\n");
4221 	 }
4222 
4223          VG_(deleteXA)( ctx.exprs );
4224       }
4225    }
4226 
4227    return;
4228 
4229    bad:
4230     if (!VG_(clo_xml) && VG_(clo_verbosity) > 1)
4231        VG_(message)(Vg_UserMsg,
4232                     "Warning: %s in DWARF2 CFI reading\n", how);
4233     return;
4234 }
4235 
4236 #endif // defined(VGO_linux) || defined(VGO_darwin) || defined(VGO_solaris)
4237 
4238 /*--------------------------------------------------------------------*/
4239 /*--- end                                                          ---*/
4240 /*--------------------------------------------------------------------*/
4241