1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Convert sample address to data type using DWARF debug info. 4 * 5 * Written by Namhyung Kim <namhyung@kernel.org> 6 */ 7 8 #include <stdio.h> 9 #include <stdlib.h> 10 #include <inttypes.h> 11 12 #include "annotate.h" 13 #include "annotate-data.h" 14 #include "debuginfo.h" 15 #include "debug.h" 16 #include "dso.h" 17 #include "dwarf-regs.h" 18 #include "evsel.h" 19 #include "evlist.h" 20 #include "map.h" 21 #include "map_symbol.h" 22 #include "strbuf.h" 23 #include "symbol.h" 24 #include "symbol_conf.h" 25 #include "thread.h" 26 27 enum type_state_kind { 28 TSR_KIND_INVALID = 0, 29 TSR_KIND_TYPE, 30 TSR_KIND_PERCPU_BASE, 31 TSR_KIND_CONST, 32 TSR_KIND_POINTER, 33 TSR_KIND_CANARY, 34 }; 35 36 #define pr_debug_dtp(fmt, ...) \ 37 do { \ 38 if (debug_type_profile) \ 39 pr_info(fmt, ##__VA_ARGS__); \ 40 else \ 41 pr_debug3(fmt, ##__VA_ARGS__); \ 42 } while (0) 43 44 static void pr_debug_type_name(Dwarf_Die *die, enum type_state_kind kind) 45 { 46 struct strbuf sb; 47 char *str; 48 49 if (!debug_type_profile && verbose < 3) 50 return; 51 52 switch (kind) { 53 case TSR_KIND_INVALID: 54 pr_info("\n"); 55 return; 56 case TSR_KIND_PERCPU_BASE: 57 pr_info(" percpu base\n"); 58 return; 59 case TSR_KIND_CONST: 60 pr_info(" constant\n"); 61 return; 62 case TSR_KIND_POINTER: 63 pr_info(" pointer"); 64 /* it also prints the type info */ 65 break; 66 case TSR_KIND_CANARY: 67 pr_info(" stack canary\n"); 68 return; 69 case TSR_KIND_TYPE: 70 default: 71 break; 72 } 73 74 strbuf_init(&sb, 32); 75 die_get_typename_from_type(die, &sb); 76 str = strbuf_detach(&sb, NULL); 77 pr_info(" type=%s (die:%lx)\n", str, (long)dwarf_dieoffset(die)); 78 free(str); 79 } 80 81 /* 82 * Type information in a register, valid when @ok is true. 83 * The @caller_saved registers are invalidated after a function call. 84 */ 85 struct type_state_reg { 86 Dwarf_Die type; 87 u32 imm_value; 88 bool ok; 89 bool caller_saved; 90 u8 kind; 91 }; 92 93 /* Type information in a stack location, dynamically allocated */ 94 struct type_state_stack { 95 struct list_head list; 96 Dwarf_Die type; 97 int offset; 98 int size; 99 bool compound; 100 u8 kind; 101 }; 102 103 /* FIXME: This should be arch-dependent */ 104 #define TYPE_STATE_MAX_REGS 16 105 106 /* 107 * State table to maintain type info in each register and stack location. 108 * It'll be updated when new variable is allocated or type info is moved 109 * to a new location (register or stack). As it'd be used with the 110 * shortest path of basic blocks, it only maintains a single table. 111 */ 112 struct type_state { 113 /* state of general purpose registers */ 114 struct type_state_reg regs[TYPE_STATE_MAX_REGS]; 115 /* state of stack location */ 116 struct list_head stack_vars; 117 /* return value register */ 118 int ret_reg; 119 /* stack pointer register */ 120 int stack_reg; 121 }; 122 123 static bool has_reg_type(struct type_state *state, int reg) 124 { 125 return (unsigned)reg < ARRAY_SIZE(state->regs); 126 } 127 128 static void init_type_state(struct type_state *state, struct arch *arch) 129 { 130 memset(state, 0, sizeof(*state)); 131 INIT_LIST_HEAD(&state->stack_vars); 132 133 if (arch__is(arch, "x86")) { 134 state->regs[0].caller_saved = true; 135 state->regs[1].caller_saved = true; 136 state->regs[2].caller_saved = true; 137 state->regs[4].caller_saved = true; 138 state->regs[5].caller_saved = true; 139 state->regs[8].caller_saved = true; 140 state->regs[9].caller_saved = true; 141 state->regs[10].caller_saved = true; 142 state->regs[11].caller_saved = true; 143 state->ret_reg = 0; 144 state->stack_reg = 7; 145 } 146 } 147 148 static void exit_type_state(struct type_state *state) 149 { 150 struct type_state_stack *stack, *tmp; 151 152 list_for_each_entry_safe(stack, tmp, &state->stack_vars, list) { 153 list_del(&stack->list); 154 free(stack); 155 } 156 } 157 158 /* 159 * Compare type name and size to maintain them in a tree. 160 * I'm not sure if DWARF would have information of a single type in many 161 * different places (compilation units). If not, it could compare the 162 * offset of the type entry in the .debug_info section. 163 */ 164 static int data_type_cmp(const void *_key, const struct rb_node *node) 165 { 166 const struct annotated_data_type *key = _key; 167 struct annotated_data_type *type; 168 169 type = rb_entry(node, struct annotated_data_type, node); 170 171 if (key->self.size != type->self.size) 172 return key->self.size - type->self.size; 173 return strcmp(key->self.type_name, type->self.type_name); 174 } 175 176 static bool data_type_less(struct rb_node *node_a, const struct rb_node *node_b) 177 { 178 struct annotated_data_type *a, *b; 179 180 a = rb_entry(node_a, struct annotated_data_type, node); 181 b = rb_entry(node_b, struct annotated_data_type, node); 182 183 if (a->self.size != b->self.size) 184 return a->self.size < b->self.size; 185 return strcmp(a->self.type_name, b->self.type_name) < 0; 186 } 187 188 /* Recursively add new members for struct/union */ 189 static int __add_member_cb(Dwarf_Die *die, void *arg) 190 { 191 struct annotated_member *parent = arg; 192 struct annotated_member *member; 193 Dwarf_Die member_type, die_mem; 194 Dwarf_Word size, loc; 195 Dwarf_Attribute attr; 196 struct strbuf sb; 197 int tag; 198 199 if (dwarf_tag(die) != DW_TAG_member) 200 return DIE_FIND_CB_SIBLING; 201 202 member = zalloc(sizeof(*member)); 203 if (member == NULL) 204 return DIE_FIND_CB_END; 205 206 strbuf_init(&sb, 32); 207 die_get_typename(die, &sb); 208 209 die_get_real_type(die, &member_type); 210 if (dwarf_aggregate_size(&member_type, &size) < 0) 211 size = 0; 212 213 if (!dwarf_attr_integrate(die, DW_AT_data_member_location, &attr)) 214 loc = 0; 215 else 216 dwarf_formudata(&attr, &loc); 217 218 member->type_name = strbuf_detach(&sb, NULL); 219 /* member->var_name can be NULL */ 220 if (dwarf_diename(die)) 221 member->var_name = strdup(dwarf_diename(die)); 222 member->size = size; 223 member->offset = loc + parent->offset; 224 INIT_LIST_HEAD(&member->children); 225 list_add_tail(&member->node, &parent->children); 226 227 tag = dwarf_tag(&member_type); 228 switch (tag) { 229 case DW_TAG_structure_type: 230 case DW_TAG_union_type: 231 die_find_child(&member_type, __add_member_cb, member, &die_mem); 232 break; 233 default: 234 break; 235 } 236 return DIE_FIND_CB_SIBLING; 237 } 238 239 static void add_member_types(struct annotated_data_type *parent, Dwarf_Die *type) 240 { 241 Dwarf_Die die_mem; 242 243 die_find_child(type, __add_member_cb, &parent->self, &die_mem); 244 } 245 246 static void delete_members(struct annotated_member *member) 247 { 248 struct annotated_member *child, *tmp; 249 250 list_for_each_entry_safe(child, tmp, &member->children, node) { 251 list_del(&child->node); 252 delete_members(child); 253 free(child->type_name); 254 free(child->var_name); 255 free(child); 256 } 257 } 258 259 static struct annotated_data_type *dso__findnew_data_type(struct dso *dso, 260 Dwarf_Die *type_die) 261 { 262 struct annotated_data_type *result = NULL; 263 struct annotated_data_type key; 264 struct rb_node *node; 265 struct strbuf sb; 266 char *type_name; 267 Dwarf_Word size; 268 269 strbuf_init(&sb, 32); 270 if (die_get_typename_from_type(type_die, &sb) < 0) 271 strbuf_add(&sb, "(unknown type)", 14); 272 type_name = strbuf_detach(&sb, NULL); 273 dwarf_aggregate_size(type_die, &size); 274 275 /* Check existing nodes in dso->data_types tree */ 276 key.self.type_name = type_name; 277 key.self.size = size; 278 node = rb_find(&key, &dso->data_types, data_type_cmp); 279 if (node) { 280 result = rb_entry(node, struct annotated_data_type, node); 281 free(type_name); 282 return result; 283 } 284 285 /* If not, add a new one */ 286 result = zalloc(sizeof(*result)); 287 if (result == NULL) { 288 free(type_name); 289 return NULL; 290 } 291 292 result->self.type_name = type_name; 293 result->self.size = size; 294 INIT_LIST_HEAD(&result->self.children); 295 296 if (symbol_conf.annotate_data_member) 297 add_member_types(result, type_die); 298 299 rb_add(&result->node, &dso->data_types, data_type_less); 300 return result; 301 } 302 303 static bool find_cu_die(struct debuginfo *di, u64 pc, Dwarf_Die *cu_die) 304 { 305 Dwarf_Off off, next_off; 306 size_t header_size; 307 308 if (dwarf_addrdie(di->dbg, pc, cu_die) != NULL) 309 return cu_die; 310 311 /* 312 * There are some kernels don't have full aranges and contain only a few 313 * aranges entries. Fallback to iterate all CU entries in .debug_info 314 * in case it's missing. 315 */ 316 off = 0; 317 while (dwarf_nextcu(di->dbg, off, &next_off, &header_size, 318 NULL, NULL, NULL) == 0) { 319 if (dwarf_offdie(di->dbg, off + header_size, cu_die) && 320 dwarf_haspc(cu_die, pc)) 321 return true; 322 323 off = next_off; 324 } 325 return false; 326 } 327 328 /* The type info will be saved in @type_die */ 329 static int check_variable(Dwarf_Die *var_die, Dwarf_Die *type_die, int offset, 330 bool is_pointer) 331 { 332 Dwarf_Word size; 333 334 /* Get the type of the variable */ 335 if (die_get_real_type(var_die, type_die) == NULL) { 336 pr_debug_dtp("variable has no type\n"); 337 ann_data_stat.no_typeinfo++; 338 return -1; 339 } 340 341 /* 342 * Usually it expects a pointer type for a memory access. 343 * Convert to a real type it points to. But global variables 344 * and local variables are accessed directly without a pointer. 345 */ 346 if (is_pointer) { 347 if ((dwarf_tag(type_die) != DW_TAG_pointer_type && 348 dwarf_tag(type_die) != DW_TAG_array_type) || 349 die_get_real_type(type_die, type_die) == NULL) { 350 pr_debug_dtp("no pointer or no type\n"); 351 ann_data_stat.no_typeinfo++; 352 return -1; 353 } 354 } 355 356 /* Get the size of the actual type */ 357 if (dwarf_aggregate_size(type_die, &size) < 0) { 358 pr_debug_dtp("type size is unknown\n"); 359 ann_data_stat.invalid_size++; 360 return -1; 361 } 362 363 /* Minimal sanity check */ 364 if ((unsigned)offset >= size) { 365 pr_debug_dtp("offset: %d is bigger than size: %"PRIu64"\n", 366 offset, size); 367 ann_data_stat.bad_offset++; 368 return -1; 369 } 370 371 return 0; 372 } 373 374 static struct type_state_stack *find_stack_state(struct type_state *state, 375 int offset) 376 { 377 struct type_state_stack *stack; 378 379 list_for_each_entry(stack, &state->stack_vars, list) { 380 if (offset == stack->offset) 381 return stack; 382 383 if (stack->compound && stack->offset < offset && 384 offset < stack->offset + stack->size) 385 return stack; 386 } 387 return NULL; 388 } 389 390 static void set_stack_state(struct type_state_stack *stack, int offset, u8 kind, 391 Dwarf_Die *type_die) 392 { 393 int tag; 394 Dwarf_Word size; 395 396 if (dwarf_aggregate_size(type_die, &size) < 0) 397 size = 0; 398 399 tag = dwarf_tag(type_die); 400 401 stack->type = *type_die; 402 stack->size = size; 403 stack->offset = offset; 404 stack->kind = kind; 405 406 switch (tag) { 407 case DW_TAG_structure_type: 408 case DW_TAG_union_type: 409 stack->compound = (kind != TSR_KIND_POINTER); 410 break; 411 default: 412 stack->compound = false; 413 break; 414 } 415 } 416 417 static struct type_state_stack *findnew_stack_state(struct type_state *state, 418 int offset, u8 kind, 419 Dwarf_Die *type_die) 420 { 421 struct type_state_stack *stack = find_stack_state(state, offset); 422 423 if (stack) { 424 set_stack_state(stack, offset, kind, type_die); 425 return stack; 426 } 427 428 stack = malloc(sizeof(*stack)); 429 if (stack) { 430 set_stack_state(stack, offset, kind, type_die); 431 list_add(&stack->list, &state->stack_vars); 432 } 433 return stack; 434 } 435 436 /* Maintain a cache for quick global variable lookup */ 437 struct global_var_entry { 438 struct rb_node node; 439 char *name; 440 u64 start; 441 u64 end; 442 u64 die_offset; 443 }; 444 445 static int global_var_cmp(const void *_key, const struct rb_node *node) 446 { 447 const u64 addr = (uintptr_t)_key; 448 struct global_var_entry *gvar; 449 450 gvar = rb_entry(node, struct global_var_entry, node); 451 452 if (gvar->start <= addr && addr < gvar->end) 453 return 0; 454 return gvar->start > addr ? -1 : 1; 455 } 456 457 static bool global_var_less(struct rb_node *node_a, const struct rb_node *node_b) 458 { 459 struct global_var_entry *gvar_a, *gvar_b; 460 461 gvar_a = rb_entry(node_a, struct global_var_entry, node); 462 gvar_b = rb_entry(node_b, struct global_var_entry, node); 463 464 return gvar_a->start < gvar_b->start; 465 } 466 467 static struct global_var_entry *global_var__find(struct data_loc_info *dloc, u64 addr) 468 { 469 struct dso *dso = map__dso(dloc->ms->map); 470 struct rb_node *node; 471 472 node = rb_find((void *)(uintptr_t)addr, &dso->global_vars, global_var_cmp); 473 if (node == NULL) 474 return NULL; 475 476 return rb_entry(node, struct global_var_entry, node); 477 } 478 479 static bool global_var__add(struct data_loc_info *dloc, u64 addr, 480 const char *name, Dwarf_Die *type_die) 481 { 482 struct dso *dso = map__dso(dloc->ms->map); 483 struct global_var_entry *gvar; 484 Dwarf_Word size; 485 486 if (dwarf_aggregate_size(type_die, &size) < 0) 487 return false; 488 489 gvar = malloc(sizeof(*gvar)); 490 if (gvar == NULL) 491 return false; 492 493 gvar->name = strdup(name); 494 if (gvar->name == NULL) { 495 free(gvar); 496 return false; 497 } 498 499 gvar->start = addr; 500 gvar->end = addr + size; 501 gvar->die_offset = dwarf_dieoffset(type_die); 502 503 rb_add(&gvar->node, &dso->global_vars, global_var_less); 504 return true; 505 } 506 507 void global_var_type__tree_delete(struct rb_root *root) 508 { 509 struct global_var_entry *gvar; 510 511 while (!RB_EMPTY_ROOT(root)) { 512 struct rb_node *node = rb_first(root); 513 514 rb_erase(node, root); 515 gvar = rb_entry(node, struct global_var_entry, node); 516 free(gvar->name); 517 free(gvar); 518 } 519 } 520 521 static bool get_global_var_info(struct data_loc_info *dloc, u64 addr, 522 const char **var_name, int *var_offset) 523 { 524 struct addr_location al; 525 struct symbol *sym; 526 u64 mem_addr; 527 528 /* Kernel symbols might be relocated */ 529 mem_addr = addr + map__reloc(dloc->ms->map); 530 531 addr_location__init(&al); 532 sym = thread__find_symbol_fb(dloc->thread, dloc->cpumode, 533 mem_addr, &al); 534 if (sym) { 535 *var_name = sym->name; 536 /* Calculate type offset from the start of variable */ 537 *var_offset = mem_addr - map__unmap_ip(al.map, sym->start); 538 } else { 539 *var_name = NULL; 540 } 541 addr_location__exit(&al); 542 if (*var_name == NULL) 543 return false; 544 545 return true; 546 } 547 548 static bool get_global_var_type(Dwarf_Die *cu_die, struct data_loc_info *dloc, 549 u64 ip, u64 var_addr, int *var_offset, 550 Dwarf_Die *type_die) 551 { 552 u64 pc; 553 int offset; 554 bool is_pointer = false; 555 const char *var_name = NULL; 556 struct global_var_entry *gvar; 557 Dwarf_Die var_die; 558 559 gvar = global_var__find(dloc, var_addr); 560 if (gvar) { 561 if (!dwarf_offdie(dloc->di->dbg, gvar->die_offset, type_die)) 562 return false; 563 564 *var_offset = var_addr - gvar->start; 565 return true; 566 } 567 568 /* Try to get the variable by address first */ 569 if (die_find_variable_by_addr(cu_die, var_addr, &var_die, &offset) && 570 check_variable(&var_die, type_die, offset, is_pointer) == 0) { 571 var_name = dwarf_diename(&var_die); 572 *var_offset = offset; 573 goto ok; 574 } 575 576 if (!get_global_var_info(dloc, var_addr, &var_name, var_offset)) 577 return false; 578 579 pc = map__rip_2objdump(dloc->ms->map, ip); 580 581 /* Try to get the name of global variable */ 582 if (die_find_variable_at(cu_die, var_name, pc, &var_die) && 583 check_variable(&var_die, type_die, *var_offset, is_pointer) == 0) 584 goto ok; 585 586 return false; 587 588 ok: 589 /* The address should point to the start of the variable */ 590 global_var__add(dloc, var_addr - *var_offset, var_name, type_die); 591 return true; 592 } 593 594 /** 595 * update_var_state - Update type state using given variables 596 * @state: type state table 597 * @dloc: data location info 598 * @addr: instruction address to match with variable 599 * @insn_offset: instruction offset (for debug) 600 * @var_types: list of variables with type info 601 * 602 * This function fills the @state table using @var_types info. Each variable 603 * is used only at the given location and updates an entry in the table. 604 */ 605 static void update_var_state(struct type_state *state, struct data_loc_info *dloc, 606 u64 addr, u64 insn_offset, struct die_var_type *var_types) 607 { 608 Dwarf_Die mem_die; 609 struct die_var_type *var; 610 int fbreg = dloc->fbreg; 611 int fb_offset = 0; 612 613 if (dloc->fb_cfa) { 614 if (die_get_cfa(dloc->di->dbg, addr, &fbreg, &fb_offset) < 0) 615 fbreg = -1; 616 } 617 618 for (var = var_types; var != NULL; var = var->next) { 619 if (var->addr != addr) 620 continue; 621 /* Get the type DIE using the offset */ 622 if (!dwarf_offdie(dloc->di->dbg, var->die_off, &mem_die)) 623 continue; 624 625 if (var->reg == DWARF_REG_FB) { 626 findnew_stack_state(state, var->offset, TSR_KIND_TYPE, 627 &mem_die); 628 629 pr_debug_dtp("var [%"PRIx64"] -%#x(stack)", 630 insn_offset, -var->offset); 631 pr_debug_type_name(&mem_die, TSR_KIND_TYPE); 632 } else if (var->reg == fbreg) { 633 findnew_stack_state(state, var->offset - fb_offset, 634 TSR_KIND_TYPE, &mem_die); 635 636 pr_debug_dtp("var [%"PRIx64"] -%#x(stack)", 637 insn_offset, -var->offset + fb_offset); 638 pr_debug_type_name(&mem_die, TSR_KIND_TYPE); 639 } else if (has_reg_type(state, var->reg) && var->offset == 0) { 640 struct type_state_reg *reg; 641 642 reg = &state->regs[var->reg]; 643 reg->type = mem_die; 644 reg->kind = TSR_KIND_TYPE; 645 reg->ok = true; 646 647 pr_debug_dtp("var [%"PRIx64"] reg%d", 648 insn_offset, var->reg); 649 pr_debug_type_name(&mem_die, TSR_KIND_TYPE); 650 } 651 } 652 } 653 654 static void update_insn_state_x86(struct type_state *state, 655 struct data_loc_info *dloc, Dwarf_Die *cu_die, 656 struct disasm_line *dl) 657 { 658 struct annotated_insn_loc loc; 659 struct annotated_op_loc *src = &loc.ops[INSN_OP_SOURCE]; 660 struct annotated_op_loc *dst = &loc.ops[INSN_OP_TARGET]; 661 struct type_state_reg *tsr; 662 Dwarf_Die type_die; 663 u32 insn_offset = dl->al.offset; 664 int fbreg = dloc->fbreg; 665 int fboff = 0; 666 667 if (annotate_get_insn_location(dloc->arch, dl, &loc) < 0) 668 return; 669 670 if (ins__is_call(&dl->ins)) { 671 struct symbol *func = dl->ops.target.sym; 672 673 if (func == NULL) 674 return; 675 676 /* __fentry__ will preserve all registers */ 677 if (!strcmp(func->name, "__fentry__")) 678 return; 679 680 pr_debug_dtp("call [%x] %s\n", insn_offset, func->name); 681 682 /* Otherwise invalidate caller-saved registers after call */ 683 for (unsigned i = 0; i < ARRAY_SIZE(state->regs); i++) { 684 if (state->regs[i].caller_saved) 685 state->regs[i].ok = false; 686 } 687 688 /* Update register with the return type (if any) */ 689 if (die_find_func_rettype(cu_die, func->name, &type_die)) { 690 tsr = &state->regs[state->ret_reg]; 691 tsr->type = type_die; 692 tsr->kind = TSR_KIND_TYPE; 693 tsr->ok = true; 694 695 pr_debug_dtp("call [%x] return -> reg%d", 696 insn_offset, state->ret_reg); 697 pr_debug_type_name(&type_die, tsr->kind); 698 } 699 return; 700 } 701 702 if (!strncmp(dl->ins.name, "add", 3)) { 703 u64 imm_value = -1ULL; 704 int offset; 705 const char *var_name = NULL; 706 struct map_symbol *ms = dloc->ms; 707 u64 ip = ms->sym->start + dl->al.offset; 708 709 if (!has_reg_type(state, dst->reg1)) 710 return; 711 712 tsr = &state->regs[dst->reg1]; 713 714 if (src->imm) 715 imm_value = src->offset; 716 else if (has_reg_type(state, src->reg1) && 717 state->regs[src->reg1].kind == TSR_KIND_CONST) 718 imm_value = state->regs[src->reg1].imm_value; 719 else if (src->reg1 == DWARF_REG_PC) { 720 u64 var_addr = annotate_calc_pcrel(dloc->ms, ip, 721 src->offset, dl); 722 723 if (get_global_var_info(dloc, var_addr, 724 &var_name, &offset) && 725 !strcmp(var_name, "this_cpu_off") && 726 tsr->kind == TSR_KIND_CONST) { 727 tsr->kind = TSR_KIND_PERCPU_BASE; 728 imm_value = tsr->imm_value; 729 } 730 } 731 else 732 return; 733 734 if (tsr->kind != TSR_KIND_PERCPU_BASE) 735 return; 736 737 if (get_global_var_type(cu_die, dloc, ip, imm_value, &offset, 738 &type_die) && offset == 0) { 739 /* 740 * This is not a pointer type, but it should be treated 741 * as a pointer. 742 */ 743 tsr->type = type_die; 744 tsr->kind = TSR_KIND_POINTER; 745 tsr->ok = true; 746 747 pr_debug_dtp("add [%x] percpu %#"PRIx64" -> reg%d", 748 insn_offset, imm_value, dst->reg1); 749 pr_debug_type_name(&tsr->type, tsr->kind); 750 } 751 return; 752 } 753 754 if (strncmp(dl->ins.name, "mov", 3)) 755 return; 756 757 if (dloc->fb_cfa) { 758 u64 ip = dloc->ms->sym->start + dl->al.offset; 759 u64 pc = map__rip_2objdump(dloc->ms->map, ip); 760 761 if (die_get_cfa(dloc->di->dbg, pc, &fbreg, &fboff) < 0) 762 fbreg = -1; 763 } 764 765 /* Case 1. register to register or segment:offset to register transfers */ 766 if (!src->mem_ref && !dst->mem_ref) { 767 if (!has_reg_type(state, dst->reg1)) 768 return; 769 770 tsr = &state->regs[dst->reg1]; 771 if (map__dso(dloc->ms->map)->kernel && 772 src->segment == INSN_SEG_X86_GS && src->imm) { 773 u64 ip = dloc->ms->sym->start + dl->al.offset; 774 u64 var_addr; 775 int offset; 776 777 /* 778 * In kernel, %gs points to a per-cpu region for the 779 * current CPU. Access with a constant offset should 780 * be treated as a global variable access. 781 */ 782 var_addr = src->offset; 783 784 if (var_addr == 40) { 785 tsr->kind = TSR_KIND_CANARY; 786 tsr->ok = true; 787 788 pr_debug_dtp("mov [%x] stack canary -> reg%d\n", 789 insn_offset, dst->reg1); 790 return; 791 } 792 793 if (!get_global_var_type(cu_die, dloc, ip, var_addr, 794 &offset, &type_die) || 795 !die_get_member_type(&type_die, offset, &type_die)) { 796 tsr->ok = false; 797 return; 798 } 799 800 tsr->type = type_die; 801 tsr->kind = TSR_KIND_TYPE; 802 tsr->ok = true; 803 804 pr_debug_dtp("mov [%x] this-cpu addr=%#"PRIx64" -> reg%d", 805 insn_offset, var_addr, dst->reg1); 806 pr_debug_type_name(&tsr->type, tsr->kind); 807 return; 808 } 809 810 if (src->imm) { 811 tsr->kind = TSR_KIND_CONST; 812 tsr->imm_value = src->offset; 813 tsr->ok = true; 814 815 pr_debug_dtp("mov [%x] imm=%#x -> reg%d\n", 816 insn_offset, tsr->imm_value, dst->reg1); 817 return; 818 } 819 820 if (!has_reg_type(state, src->reg1) || 821 !state->regs[src->reg1].ok) { 822 tsr->ok = false; 823 return; 824 } 825 826 tsr->type = state->regs[src->reg1].type; 827 tsr->kind = state->regs[src->reg1].kind; 828 tsr->ok = true; 829 830 pr_debug_dtp("mov [%x] reg%d -> reg%d", 831 insn_offset, src->reg1, dst->reg1); 832 pr_debug_type_name(&tsr->type, tsr->kind); 833 } 834 /* Case 2. memory to register transers */ 835 if (src->mem_ref && !dst->mem_ref) { 836 int sreg = src->reg1; 837 838 if (!has_reg_type(state, dst->reg1)) 839 return; 840 841 tsr = &state->regs[dst->reg1]; 842 843 retry: 844 /* Check stack variables with offset */ 845 if (sreg == fbreg) { 846 struct type_state_stack *stack; 847 int offset = src->offset - fboff; 848 849 stack = find_stack_state(state, offset); 850 if (stack == NULL) { 851 tsr->ok = false; 852 return; 853 } else if (!stack->compound) { 854 tsr->type = stack->type; 855 tsr->kind = stack->kind; 856 tsr->ok = true; 857 } else if (die_get_member_type(&stack->type, 858 offset - stack->offset, 859 &type_die)) { 860 tsr->type = type_die; 861 tsr->kind = TSR_KIND_TYPE; 862 tsr->ok = true; 863 } else { 864 tsr->ok = false; 865 return; 866 } 867 868 pr_debug_dtp("mov [%x] -%#x(stack) -> reg%d", 869 insn_offset, -offset, dst->reg1); 870 pr_debug_type_name(&tsr->type, tsr->kind); 871 } 872 /* And then dereference the pointer if it has one */ 873 else if (has_reg_type(state, sreg) && state->regs[sreg].ok && 874 state->regs[sreg].kind == TSR_KIND_TYPE && 875 die_deref_ptr_type(&state->regs[sreg].type, 876 src->offset, &type_die)) { 877 tsr->type = type_die; 878 tsr->kind = TSR_KIND_TYPE; 879 tsr->ok = true; 880 881 pr_debug_dtp("mov [%x] %#x(reg%d) -> reg%d", 882 insn_offset, src->offset, sreg, dst->reg1); 883 pr_debug_type_name(&tsr->type, tsr->kind); 884 } 885 /* Or check if it's a global variable */ 886 else if (sreg == DWARF_REG_PC) { 887 struct map_symbol *ms = dloc->ms; 888 u64 ip = ms->sym->start + dl->al.offset; 889 u64 addr; 890 int offset; 891 892 addr = annotate_calc_pcrel(ms, ip, src->offset, dl); 893 894 if (!get_global_var_type(cu_die, dloc, ip, addr, &offset, 895 &type_die) || 896 !die_get_member_type(&type_die, offset, &type_die)) { 897 tsr->ok = false; 898 return; 899 } 900 901 tsr->type = type_die; 902 tsr->kind = TSR_KIND_TYPE; 903 tsr->ok = true; 904 905 pr_debug_dtp("mov [%x] global addr=%"PRIx64" -> reg%d", 906 insn_offset, addr, dst->reg1); 907 pr_debug_type_name(&type_die, tsr->kind); 908 } 909 /* And check percpu access with base register */ 910 else if (has_reg_type(state, sreg) && 911 state->regs[sreg].kind == TSR_KIND_PERCPU_BASE) { 912 u64 ip = dloc->ms->sym->start + dl->al.offset; 913 int offset; 914 915 /* 916 * In kernel, %gs points to a per-cpu region for the 917 * current CPU. Access with a constant offset should 918 * be treated as a global variable access. 919 */ 920 if (get_global_var_type(cu_die, dloc, ip, src->offset, 921 &offset, &type_die) && 922 die_get_member_type(&type_die, offset, &type_die)) { 923 tsr->type = type_die; 924 tsr->kind = TSR_KIND_TYPE; 925 tsr->ok = true; 926 927 pr_debug_dtp("mov [%x] percpu %#x(reg%d) -> reg%d", 928 insn_offset, src->offset, sreg, dst->reg1); 929 pr_debug_type_name(&tsr->type, tsr->kind); 930 } else { 931 tsr->ok = false; 932 } 933 } 934 /* And then dereference the calculated pointer if it has one */ 935 else if (has_reg_type(state, sreg) && state->regs[sreg].ok && 936 state->regs[sreg].kind == TSR_KIND_POINTER && 937 die_get_member_type(&state->regs[sreg].type, 938 src->offset, &type_die)) { 939 tsr->type = type_die; 940 tsr->kind = TSR_KIND_TYPE; 941 tsr->ok = true; 942 943 pr_debug_dtp("mov [%x] pointer %#x(reg%d) -> reg%d", 944 insn_offset, src->offset, sreg, dst->reg1); 945 pr_debug_type_name(&tsr->type, tsr->kind); 946 } 947 /* Or try another register if any */ 948 else if (src->multi_regs && sreg == src->reg1 && 949 src->reg1 != src->reg2) { 950 sreg = src->reg2; 951 goto retry; 952 } 953 else { 954 int offset; 955 const char *var_name = NULL; 956 957 /* it might be per-cpu variable (in kernel) access */ 958 if (src->offset < 0) { 959 if (get_global_var_info(dloc, (s64)src->offset, 960 &var_name, &offset) && 961 !strcmp(var_name, "__per_cpu_offset")) { 962 tsr->kind = TSR_KIND_PERCPU_BASE; 963 964 pr_debug_dtp("mov [%x] percpu base reg%d\n", 965 insn_offset, dst->reg1); 966 } 967 } 968 969 tsr->ok = false; 970 } 971 } 972 /* Case 3. register to memory transfers */ 973 if (!src->mem_ref && dst->mem_ref) { 974 if (!has_reg_type(state, src->reg1) || 975 !state->regs[src->reg1].ok) 976 return; 977 978 /* Check stack variables with offset */ 979 if (dst->reg1 == fbreg) { 980 struct type_state_stack *stack; 981 int offset = dst->offset - fboff; 982 983 tsr = &state->regs[src->reg1]; 984 985 stack = find_stack_state(state, offset); 986 if (stack) { 987 /* 988 * The source register is likely to hold a type 989 * of member if it's a compound type. Do not 990 * update the stack variable type since we can 991 * get the member type later by using the 992 * die_get_member_type(). 993 */ 994 if (!stack->compound) 995 set_stack_state(stack, offset, tsr->kind, 996 &tsr->type); 997 } else { 998 findnew_stack_state(state, offset, tsr->kind, 999 &tsr->type); 1000 } 1001 1002 pr_debug_dtp("mov [%x] reg%d -> -%#x(stack)", 1003 insn_offset, src->reg1, -offset); 1004 pr_debug_type_name(&tsr->type, tsr->kind); 1005 } 1006 /* 1007 * Ignore other transfers since it'd set a value in a struct 1008 * and won't change the type. 1009 */ 1010 } 1011 /* Case 4. memory to memory transfers (not handled for now) */ 1012 } 1013 1014 /** 1015 * update_insn_state - Update type state for an instruction 1016 * @state: type state table 1017 * @dloc: data location info 1018 * @cu_die: compile unit debug entry 1019 * @dl: disasm line for the instruction 1020 * 1021 * This function updates the @state table for the target operand of the 1022 * instruction at @dl if it transfers the type like MOV on x86. Since it 1023 * tracks the type, it won't care about the values like in arithmetic 1024 * instructions like ADD/SUB/MUL/DIV and INC/DEC. 1025 * 1026 * Note that ops->reg2 is only available when both mem_ref and multi_regs 1027 * are true. 1028 */ 1029 static void update_insn_state(struct type_state *state, struct data_loc_info *dloc, 1030 Dwarf_Die *cu_die, struct disasm_line *dl) 1031 { 1032 if (arch__is(dloc->arch, "x86")) 1033 update_insn_state_x86(state, dloc, cu_die, dl); 1034 } 1035 1036 /* 1037 * Prepend this_blocks (from the outer scope) to full_blocks, removing 1038 * duplicate disasm line. 1039 */ 1040 static void prepend_basic_blocks(struct list_head *this_blocks, 1041 struct list_head *full_blocks) 1042 { 1043 struct annotated_basic_block *first_bb, *last_bb; 1044 1045 last_bb = list_last_entry(this_blocks, typeof(*last_bb), list); 1046 first_bb = list_first_entry(full_blocks, typeof(*first_bb), list); 1047 1048 if (list_empty(full_blocks)) 1049 goto out; 1050 1051 /* Last insn in this_blocks should be same as first insn in full_blocks */ 1052 if (last_bb->end != first_bb->begin) { 1053 pr_debug("prepend basic blocks: mismatched disasm line %"PRIx64" -> %"PRIx64"\n", 1054 last_bb->end->al.offset, first_bb->begin->al.offset); 1055 goto out; 1056 } 1057 1058 /* Is the basic block have only one disasm_line? */ 1059 if (last_bb->begin == last_bb->end) { 1060 list_del(&last_bb->list); 1061 free(last_bb); 1062 goto out; 1063 } 1064 1065 /* Point to the insn before the last when adding this block to full_blocks */ 1066 last_bb->end = list_prev_entry(last_bb->end, al.node); 1067 1068 out: 1069 list_splice(this_blocks, full_blocks); 1070 } 1071 1072 static void delete_basic_blocks(struct list_head *basic_blocks) 1073 { 1074 struct annotated_basic_block *bb, *tmp; 1075 1076 list_for_each_entry_safe(bb, tmp, basic_blocks, list) { 1077 list_del(&bb->list); 1078 free(bb); 1079 } 1080 } 1081 1082 /* Make sure all variables have a valid start address */ 1083 static void fixup_var_address(struct die_var_type *var_types, u64 addr) 1084 { 1085 while (var_types) { 1086 /* 1087 * Some variables have no address range meaning it's always 1088 * available in the whole scope. Let's adjust the start 1089 * address to the start of the scope. 1090 */ 1091 if (var_types->addr == 0) 1092 var_types->addr = addr; 1093 1094 var_types = var_types->next; 1095 } 1096 } 1097 1098 static void delete_var_types(struct die_var_type *var_types) 1099 { 1100 while (var_types) { 1101 struct die_var_type *next = var_types->next; 1102 1103 free(var_types); 1104 var_types = next; 1105 } 1106 } 1107 1108 /* should match to is_stack_canary() in util/annotate.c */ 1109 static void setup_stack_canary(struct data_loc_info *dloc) 1110 { 1111 if (arch__is(dloc->arch, "x86")) { 1112 dloc->op->segment = INSN_SEG_X86_GS; 1113 dloc->op->imm = true; 1114 dloc->op->offset = 40; 1115 } 1116 } 1117 1118 /* 1119 * It's at the target address, check if it has a matching type. 1120 * It returns 1 if found, 0 if not or -1 if not found but no need to 1121 * repeat the search. The last case is for per-cpu variables which 1122 * are similar to global variables and no additional info is needed. 1123 */ 1124 static int check_matching_type(struct type_state *state, 1125 struct data_loc_info *dloc, int reg, 1126 Dwarf_Die *cu_die, Dwarf_Die *type_die) 1127 { 1128 Dwarf_Word size; 1129 u32 insn_offset = dloc->ip - dloc->ms->sym->start; 1130 1131 pr_debug_dtp("chk [%x] reg%d offset=%#x ok=%d kind=%d", 1132 insn_offset, reg, dloc->op->offset, 1133 state->regs[reg].ok, state->regs[reg].kind); 1134 1135 if (state->regs[reg].ok && state->regs[reg].kind == TSR_KIND_TYPE) { 1136 int tag = dwarf_tag(&state->regs[reg].type); 1137 1138 pr_debug_dtp("\n"); 1139 1140 /* 1141 * Normal registers should hold a pointer (or array) to 1142 * dereference a memory location. 1143 */ 1144 if (tag != DW_TAG_pointer_type && tag != DW_TAG_array_type) 1145 return -1; 1146 1147 /* Remove the pointer and get the target type */ 1148 if (die_get_real_type(&state->regs[reg].type, type_die) == NULL) 1149 return -1; 1150 1151 dloc->type_offset = dloc->op->offset; 1152 1153 /* Get the size of the actual type */ 1154 if (dwarf_aggregate_size(type_die, &size) < 0 || 1155 (unsigned)dloc->type_offset >= size) 1156 return -1; 1157 1158 return 1; 1159 } 1160 1161 if (reg == dloc->fbreg) { 1162 struct type_state_stack *stack; 1163 1164 pr_debug_dtp(" fbreg\n"); 1165 1166 stack = find_stack_state(state, dloc->type_offset); 1167 if (stack == NULL) 1168 return 0; 1169 1170 if (stack->kind == TSR_KIND_CANARY) { 1171 setup_stack_canary(dloc); 1172 return -1; 1173 } 1174 1175 *type_die = stack->type; 1176 /* Update the type offset from the start of slot */ 1177 dloc->type_offset -= stack->offset; 1178 1179 return 1; 1180 } 1181 1182 if (dloc->fb_cfa) { 1183 struct type_state_stack *stack; 1184 u64 pc = map__rip_2objdump(dloc->ms->map, dloc->ip); 1185 int fbreg, fboff; 1186 1187 pr_debug_dtp(" cfa\n"); 1188 1189 if (die_get_cfa(dloc->di->dbg, pc, &fbreg, &fboff) < 0) 1190 fbreg = -1; 1191 1192 if (reg != fbreg) 1193 return 0; 1194 1195 stack = find_stack_state(state, dloc->type_offset - fboff); 1196 if (stack == NULL) 1197 return 0; 1198 1199 if (stack->kind == TSR_KIND_CANARY) { 1200 setup_stack_canary(dloc); 1201 return -1; 1202 } 1203 1204 *type_die = stack->type; 1205 /* Update the type offset from the start of slot */ 1206 dloc->type_offset -= fboff + stack->offset; 1207 1208 return 1; 1209 } 1210 1211 if (state->regs[reg].kind == TSR_KIND_PERCPU_BASE) { 1212 u64 var_addr = dloc->op->offset; 1213 int var_offset; 1214 1215 pr_debug_dtp(" percpu var\n"); 1216 1217 if (get_global_var_type(cu_die, dloc, dloc->ip, var_addr, 1218 &var_offset, type_die)) { 1219 dloc->type_offset = var_offset; 1220 return 1; 1221 } 1222 /* No need to retry per-cpu (global) variables */ 1223 return -1; 1224 } 1225 1226 if (state->regs[reg].ok && state->regs[reg].kind == TSR_KIND_POINTER) { 1227 pr_debug_dtp(" percpu ptr\n"); 1228 1229 /* 1230 * It's actaully pointer but the address was calculated using 1231 * some arithmetic. So it points to the actual type already. 1232 */ 1233 *type_die = state->regs[reg].type; 1234 1235 dloc->type_offset = dloc->op->offset; 1236 1237 /* Get the size of the actual type */ 1238 if (dwarf_aggregate_size(type_die, &size) < 0 || 1239 (unsigned)dloc->type_offset >= size) 1240 return -1; 1241 1242 return 1; 1243 } 1244 1245 if (state->regs[reg].ok && state->regs[reg].kind == TSR_KIND_CANARY) { 1246 pr_debug_dtp(" stack canary\n"); 1247 1248 /* 1249 * This is a saved value of the stack canary which will be handled 1250 * in the outer logic when it returns failure here. Pretend it's 1251 * from the stack canary directly. 1252 */ 1253 setup_stack_canary(dloc); 1254 1255 return -1; 1256 } 1257 1258 if (map__dso(dloc->ms->map)->kernel && arch__is(dloc->arch, "x86")) { 1259 u64 addr; 1260 int offset; 1261 1262 /* Direct this-cpu access like "%gs:0x34740" */ 1263 if (dloc->op->segment == INSN_SEG_X86_GS && dloc->op->imm) { 1264 pr_debug_dtp(" this-cpu var\n"); 1265 1266 addr = dloc->op->offset; 1267 1268 if (get_global_var_type(cu_die, dloc, dloc->ip, addr, 1269 &offset, type_die)) { 1270 dloc->type_offset = offset; 1271 return 1; 1272 } 1273 return -1; 1274 } 1275 1276 /* Access to per-cpu base like "-0x7dcf0500(,%rdx,8)" */ 1277 if (dloc->op->offset < 0 && reg != state->stack_reg) { 1278 const char *var_name = NULL; 1279 1280 addr = (s64) dloc->op->offset; 1281 1282 if (get_global_var_info(dloc, addr, &var_name, &offset) && 1283 !strcmp(var_name, "__per_cpu_offset") && offset == 0 && 1284 get_global_var_type(cu_die, dloc, dloc->ip, addr, 1285 &offset, type_die)) { 1286 pr_debug_dtp(" percpu base\n"); 1287 1288 dloc->type_offset = offset; 1289 return 1; 1290 } 1291 pr_debug_dtp(" negative offset\n"); 1292 return -1; 1293 } 1294 } 1295 1296 pr_debug_dtp("\n"); 1297 return 0; 1298 } 1299 1300 /* Iterate instructions in basic blocks and update type table */ 1301 static int find_data_type_insn(struct data_loc_info *dloc, int reg, 1302 struct list_head *basic_blocks, 1303 struct die_var_type *var_types, 1304 Dwarf_Die *cu_die, Dwarf_Die *type_die) 1305 { 1306 struct type_state state; 1307 struct symbol *sym = dloc->ms->sym; 1308 struct annotation *notes = symbol__annotation(sym); 1309 struct annotated_basic_block *bb; 1310 int ret = 0; 1311 1312 init_type_state(&state, dloc->arch); 1313 1314 list_for_each_entry(bb, basic_blocks, list) { 1315 struct disasm_line *dl = bb->begin; 1316 1317 pr_debug_dtp("bb: [%"PRIx64" - %"PRIx64"]\n", 1318 bb->begin->al.offset, bb->end->al.offset); 1319 1320 list_for_each_entry_from(dl, ¬es->src->source, al.node) { 1321 u64 this_ip = sym->start + dl->al.offset; 1322 u64 addr = map__rip_2objdump(dloc->ms->map, this_ip); 1323 1324 /* Update variable type at this address */ 1325 update_var_state(&state, dloc, addr, dl->al.offset, var_types); 1326 1327 if (this_ip == dloc->ip) { 1328 ret = check_matching_type(&state, dloc, reg, 1329 cu_die, type_die); 1330 goto out; 1331 } 1332 1333 /* Update type table after processing the instruction */ 1334 update_insn_state(&state, dloc, cu_die, dl); 1335 if (dl == bb->end) 1336 break; 1337 } 1338 } 1339 1340 out: 1341 exit_type_state(&state); 1342 return ret; 1343 } 1344 1345 /* 1346 * Construct a list of basic blocks for each scope with variables and try to find 1347 * the data type by updating a type state table through instructions. 1348 */ 1349 static int find_data_type_block(struct data_loc_info *dloc, int reg, 1350 Dwarf_Die *cu_die, Dwarf_Die *scopes, 1351 int nr_scopes, Dwarf_Die *type_die) 1352 { 1353 LIST_HEAD(basic_blocks); 1354 struct die_var_type *var_types = NULL; 1355 u64 src_ip, dst_ip, prev_dst_ip; 1356 int ret = -1; 1357 1358 /* TODO: other architecture support */ 1359 if (!arch__is(dloc->arch, "x86")) 1360 return -1; 1361 1362 prev_dst_ip = dst_ip = dloc->ip; 1363 for (int i = nr_scopes - 1; i >= 0; i--) { 1364 Dwarf_Addr base, start, end; 1365 LIST_HEAD(this_blocks); 1366 int found; 1367 1368 if (dwarf_ranges(&scopes[i], 0, &base, &start, &end) < 0) 1369 break; 1370 1371 pr_debug_dtp("scope: [%d/%d] (die:%lx)\n", 1372 i + 1, nr_scopes, (long)dwarf_dieoffset(&scopes[i])); 1373 src_ip = map__objdump_2rip(dloc->ms->map, start); 1374 1375 again: 1376 /* Get basic blocks for this scope */ 1377 if (annotate_get_basic_blocks(dloc->ms->sym, src_ip, dst_ip, 1378 &this_blocks) < 0) { 1379 /* Try previous block if they are not connected */ 1380 if (prev_dst_ip != dst_ip) { 1381 dst_ip = prev_dst_ip; 1382 goto again; 1383 } 1384 1385 pr_debug_dtp("cannot find a basic block from %"PRIx64" to %"PRIx64"\n", 1386 src_ip - dloc->ms->sym->start, 1387 dst_ip - dloc->ms->sym->start); 1388 continue; 1389 } 1390 prepend_basic_blocks(&this_blocks, &basic_blocks); 1391 1392 /* Get variable info for this scope and add to var_types list */ 1393 die_collect_vars(&scopes[i], &var_types); 1394 fixup_var_address(var_types, start); 1395 1396 /* Find from start of this scope to the target instruction */ 1397 found = find_data_type_insn(dloc, reg, &basic_blocks, var_types, 1398 cu_die, type_die); 1399 if (found > 0) { 1400 pr_debug_dtp("found by insn track: %#x(reg%d) type-offset=%#x", 1401 dloc->op->offset, reg, dloc->type_offset); 1402 pr_debug_type_name(type_die, TSR_KIND_TYPE); 1403 ret = 0; 1404 break; 1405 } 1406 1407 if (found < 0) 1408 break; 1409 1410 /* Go up to the next scope and find blocks to the start */ 1411 prev_dst_ip = dst_ip; 1412 dst_ip = src_ip; 1413 } 1414 1415 delete_basic_blocks(&basic_blocks); 1416 delete_var_types(var_types); 1417 return ret; 1418 } 1419 1420 /* The result will be saved in @type_die */ 1421 static int find_data_type_die(struct data_loc_info *dloc, Dwarf_Die *type_die) 1422 { 1423 struct annotated_op_loc *loc = dloc->op; 1424 Dwarf_Die cu_die, var_die; 1425 Dwarf_Die *scopes = NULL; 1426 int reg, offset; 1427 int ret = -1; 1428 int i, nr_scopes; 1429 int fbreg = -1; 1430 int fb_offset = 0; 1431 bool is_fbreg = false; 1432 u64 pc; 1433 char buf[64]; 1434 1435 if (dloc->op->multi_regs) 1436 snprintf(buf, sizeof(buf), " or reg%d", dloc->op->reg2); 1437 else if (dloc->op->reg1 == DWARF_REG_PC) 1438 snprintf(buf, sizeof(buf), " (PC)"); 1439 else 1440 buf[0] = '\0'; 1441 1442 pr_debug_dtp("-----------------------------------------------------------\n"); 1443 pr_debug_dtp("%s [%"PRIx64"] for reg%d%s offset=%#x in %s\n", 1444 __func__, dloc->ip - dloc->ms->sym->start, 1445 dloc->op->reg1, buf, dloc->op->offset, dloc->ms->sym->name); 1446 1447 /* 1448 * IP is a relative instruction address from the start of the map, as 1449 * it can be randomized/relocated, it needs to translate to PC which is 1450 * a file address for DWARF processing. 1451 */ 1452 pc = map__rip_2objdump(dloc->ms->map, dloc->ip); 1453 1454 /* Get a compile_unit for this address */ 1455 if (!find_cu_die(dloc->di, pc, &cu_die)) { 1456 pr_debug_dtp("cannot find CU for address %"PRIx64"\n", pc); 1457 ann_data_stat.no_cuinfo++; 1458 return -1; 1459 } 1460 1461 reg = loc->reg1; 1462 offset = loc->offset; 1463 1464 pr_debug_dtp("CU die offset: %#lx\n", (long)dwarf_dieoffset(&cu_die)); 1465 1466 if (reg == DWARF_REG_PC) { 1467 if (get_global_var_type(&cu_die, dloc, dloc->ip, dloc->var_addr, 1468 &offset, type_die)) { 1469 dloc->type_offset = offset; 1470 1471 pr_debug_dtp("found PC-rel by addr=%#"PRIx64" offset=%#x\n", 1472 dloc->var_addr, offset); 1473 goto out; 1474 } 1475 } 1476 1477 /* Get a list of nested scopes - i.e. (inlined) functions and blocks. */ 1478 nr_scopes = die_get_scopes(&cu_die, pc, &scopes); 1479 1480 if (reg != DWARF_REG_PC && dwarf_hasattr(&scopes[0], DW_AT_frame_base)) { 1481 Dwarf_Attribute attr; 1482 Dwarf_Block block; 1483 1484 /* Check if the 'reg' is assigned as frame base register */ 1485 if (dwarf_attr(&scopes[0], DW_AT_frame_base, &attr) != NULL && 1486 dwarf_formblock(&attr, &block) == 0 && block.length == 1) { 1487 switch (*block.data) { 1488 case DW_OP_reg0 ... DW_OP_reg31: 1489 fbreg = dloc->fbreg = *block.data - DW_OP_reg0; 1490 break; 1491 case DW_OP_call_frame_cfa: 1492 dloc->fb_cfa = true; 1493 if (die_get_cfa(dloc->di->dbg, pc, &fbreg, 1494 &fb_offset) < 0) 1495 fbreg = -1; 1496 break; 1497 default: 1498 break; 1499 } 1500 1501 pr_debug_dtp("frame base: cfa=%d fbreg=%d\n", 1502 dloc->fb_cfa, fbreg); 1503 } 1504 } 1505 1506 retry: 1507 is_fbreg = (reg == fbreg); 1508 if (is_fbreg) 1509 offset = loc->offset - fb_offset; 1510 1511 /* Search from the inner-most scope to the outer */ 1512 for (i = nr_scopes - 1; i >= 0; i--) { 1513 if (reg == DWARF_REG_PC) { 1514 if (!die_find_variable_by_addr(&scopes[i], dloc->var_addr, 1515 &var_die, &offset)) 1516 continue; 1517 } else { 1518 /* Look up variables/parameters in this scope */ 1519 if (!die_find_variable_by_reg(&scopes[i], pc, reg, 1520 &offset, is_fbreg, &var_die)) 1521 continue; 1522 } 1523 1524 /* Found a variable, see if it's correct */ 1525 ret = check_variable(&var_die, type_die, offset, 1526 reg != DWARF_REG_PC && !is_fbreg); 1527 if (ret == 0) { 1528 pr_debug_dtp("found \"%s\" in scope=%d/%d (die: %#lx) ", 1529 dwarf_diename(&var_die), i+1, nr_scopes, 1530 (long)dwarf_dieoffset(&scopes[i])); 1531 if (reg == DWARF_REG_PC) 1532 pr_debug_dtp("%#x(PC) offset=%#x", loc->offset, offset); 1533 else if (reg == DWARF_REG_FB || is_fbreg) 1534 pr_debug_dtp("%#x(reg%d) stack fb_offset=%#x offset=%#x", 1535 loc->offset, reg, fb_offset, offset); 1536 else 1537 pr_debug_dtp("%#x(reg%d)", loc->offset, reg); 1538 pr_debug_type_name(type_die, TSR_KIND_TYPE); 1539 } 1540 dloc->type_offset = offset; 1541 goto out; 1542 } 1543 1544 if (reg != DWARF_REG_PC) { 1545 ret = find_data_type_block(dloc, reg, &cu_die, scopes, 1546 nr_scopes, type_die); 1547 if (ret == 0) { 1548 ann_data_stat.insn_track++; 1549 goto out; 1550 } 1551 } 1552 1553 if (loc->multi_regs && reg == loc->reg1 && loc->reg1 != loc->reg2) { 1554 reg = loc->reg2; 1555 goto retry; 1556 } 1557 1558 if (ret < 0) { 1559 pr_debug_dtp("no variable found\n"); 1560 ann_data_stat.no_var++; 1561 } 1562 1563 out: 1564 free(scopes); 1565 return ret; 1566 } 1567 1568 /** 1569 * find_data_type - Return a data type at the location 1570 * @dloc: data location 1571 * 1572 * This functions searches the debug information of the binary to get the data 1573 * type it accesses. The exact location is expressed by (ip, reg, offset) 1574 * for pointer variables or (ip, addr) for global variables. Note that global 1575 * variables might update the @dloc->type_offset after finding the start of the 1576 * variable. If it cannot find a global variable by address, it tried to find 1577 * a declaration of the variable using var_name. In that case, @dloc->offset 1578 * won't be updated. 1579 * 1580 * It return %NULL if not found. 1581 */ 1582 struct annotated_data_type *find_data_type(struct data_loc_info *dloc) 1583 { 1584 struct annotated_data_type *result = NULL; 1585 struct dso *dso = map__dso(dloc->ms->map); 1586 Dwarf_Die type_die; 1587 1588 dloc->di = debuginfo__new(dso->long_name); 1589 if (dloc->di == NULL) { 1590 pr_debug_dtp("cannot get the debug info\n"); 1591 return NULL; 1592 } 1593 1594 /* 1595 * The type offset is the same as instruction offset by default. 1596 * But when finding a global variable, the offset won't be valid. 1597 */ 1598 dloc->type_offset = dloc->op->offset; 1599 1600 dloc->fbreg = -1; 1601 1602 if (find_data_type_die(dloc, &type_die) < 0) 1603 goto out; 1604 1605 result = dso__findnew_data_type(dso, &type_die); 1606 1607 out: 1608 debuginfo__delete(dloc->di); 1609 return result; 1610 } 1611 1612 static int alloc_data_type_histograms(struct annotated_data_type *adt, int nr_entries) 1613 { 1614 int i; 1615 size_t sz = sizeof(struct type_hist); 1616 1617 sz += sizeof(struct type_hist_entry) * adt->self.size; 1618 1619 /* Allocate a table of pointers for each event */ 1620 adt->nr_histograms = nr_entries; 1621 adt->histograms = calloc(nr_entries, sizeof(*adt->histograms)); 1622 if (adt->histograms == NULL) 1623 return -ENOMEM; 1624 1625 /* 1626 * Each histogram is allocated for the whole size of the type. 1627 * TODO: Probably we can move the histogram to members. 1628 */ 1629 for (i = 0; i < nr_entries; i++) { 1630 adt->histograms[i] = zalloc(sz); 1631 if (adt->histograms[i] == NULL) 1632 goto err; 1633 } 1634 return 0; 1635 1636 err: 1637 while (--i >= 0) 1638 free(adt->histograms[i]); 1639 free(adt->histograms); 1640 return -ENOMEM; 1641 } 1642 1643 static void delete_data_type_histograms(struct annotated_data_type *adt) 1644 { 1645 for (int i = 0; i < adt->nr_histograms; i++) 1646 free(adt->histograms[i]); 1647 free(adt->histograms); 1648 } 1649 1650 void annotated_data_type__tree_delete(struct rb_root *root) 1651 { 1652 struct annotated_data_type *pos; 1653 1654 while (!RB_EMPTY_ROOT(root)) { 1655 struct rb_node *node = rb_first(root); 1656 1657 rb_erase(node, root); 1658 pos = rb_entry(node, struct annotated_data_type, node); 1659 delete_members(&pos->self); 1660 delete_data_type_histograms(pos); 1661 free(pos->self.type_name); 1662 free(pos); 1663 } 1664 } 1665 1666 /** 1667 * annotated_data_type__update_samples - Update histogram 1668 * @adt: Data type to update 1669 * @evsel: Event to update 1670 * @offset: Offset in the type 1671 * @nr_samples: Number of samples at this offset 1672 * @period: Event count at this offset 1673 * 1674 * This function updates type histogram at @ofs for @evsel. Samples are 1675 * aggregated before calling this function so it can be called with more 1676 * than one samples at a certain offset. 1677 */ 1678 int annotated_data_type__update_samples(struct annotated_data_type *adt, 1679 struct evsel *evsel, int offset, 1680 int nr_samples, u64 period) 1681 { 1682 struct type_hist *h; 1683 1684 if (adt == NULL) 1685 return 0; 1686 1687 if (adt->histograms == NULL) { 1688 int nr = evsel->evlist->core.nr_entries; 1689 1690 if (alloc_data_type_histograms(adt, nr) < 0) 1691 return -1; 1692 } 1693 1694 if (offset < 0 || offset >= adt->self.size) 1695 return -1; 1696 1697 h = adt->histograms[evsel->core.idx]; 1698 1699 h->nr_samples += nr_samples; 1700 h->addr[offset].nr_samples += nr_samples; 1701 h->period += period; 1702 h->addr[offset].period += period; 1703 return 0; 1704 } 1705