1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Convert sample address to data type using DWARF debug info. 4 * 5 * Written by Namhyung Kim <namhyung@kernel.org> 6 */ 7 8 #include <stdio.h> 9 #include <stdlib.h> 10 #include <inttypes.h> 11 #include <linux/zalloc.h> 12 13 #include "annotate.h" 14 #include "annotate-data.h" 15 #include "debuginfo.h" 16 #include "debug.h" 17 #include "dso.h" 18 #include "dwarf-regs.h" 19 #include "evsel.h" 20 #include "evlist.h" 21 #include "map.h" 22 #include "map_symbol.h" 23 #include "sort.h" 24 #include "strbuf.h" 25 #include "symbol.h" 26 #include "symbol_conf.h" 27 #include "thread.h" 28 29 /* register number of the stack pointer */ 30 #define X86_REG_SP 7 31 32 static void delete_var_types(struct die_var_type *var_types); 33 34 enum type_state_kind { 35 TSR_KIND_INVALID = 0, 36 TSR_KIND_TYPE, 37 TSR_KIND_PERCPU_BASE, 38 TSR_KIND_CONST, 39 TSR_KIND_POINTER, 40 TSR_KIND_CANARY, 41 }; 42 43 #define pr_debug_dtp(fmt, ...) \ 44 do { \ 45 if (debug_type_profile) \ 46 pr_info(fmt, ##__VA_ARGS__); \ 47 else \ 48 pr_debug3(fmt, ##__VA_ARGS__); \ 49 } while (0) 50 51 static void pr_debug_type_name(Dwarf_Die *die, enum type_state_kind kind) 52 { 53 struct strbuf sb; 54 char *str; 55 Dwarf_Word size = 0; 56 57 if (!debug_type_profile && verbose < 3) 58 return; 59 60 switch (kind) { 61 case TSR_KIND_INVALID: 62 pr_info("\n"); 63 return; 64 case TSR_KIND_PERCPU_BASE: 65 pr_info(" percpu base\n"); 66 return; 67 case TSR_KIND_CONST: 68 pr_info(" constant\n"); 69 return; 70 case TSR_KIND_POINTER: 71 pr_info(" pointer"); 72 /* it also prints the type info */ 73 break; 74 case TSR_KIND_CANARY: 75 pr_info(" stack canary\n"); 76 return; 77 case TSR_KIND_TYPE: 78 default: 79 break; 80 } 81 82 dwarf_aggregate_size(die, &size); 83 84 strbuf_init(&sb, 32); 85 die_get_typename_from_type(die, &sb); 86 str = strbuf_detach(&sb, NULL); 87 pr_info(" type='%s' size=%#lx (die:%#lx)\n", 88 str, (long)size, (long)dwarf_dieoffset(die)); 89 free(str); 90 } 91 92 static void pr_debug_location(Dwarf_Die *die, u64 pc, int reg) 93 { 94 ptrdiff_t off = 0; 95 Dwarf_Attribute attr; 96 Dwarf_Addr base, start, end; 97 Dwarf_Op *ops; 98 size_t nops; 99 100 if (!debug_type_profile && verbose < 3) 101 return; 102 103 if (dwarf_attr(die, DW_AT_location, &attr) == NULL) 104 return; 105 106 while ((off = dwarf_getlocations(&attr, off, &base, &start, &end, &ops, &nops)) > 0) { 107 if (reg != DWARF_REG_PC && end < pc) 108 continue; 109 if (reg != DWARF_REG_PC && start > pc) 110 break; 111 112 pr_info(" variable location: "); 113 switch (ops->atom) { 114 case DW_OP_reg0 ...DW_OP_reg31: 115 pr_info("reg%d\n", ops->atom - DW_OP_reg0); 116 break; 117 case DW_OP_breg0 ...DW_OP_breg31: 118 pr_info("base=reg%d, offset=%#lx\n", 119 ops->atom - DW_OP_breg0, (long)ops->number); 120 break; 121 case DW_OP_regx: 122 pr_info("reg%ld\n", (long)ops->number); 123 break; 124 case DW_OP_bregx: 125 pr_info("base=reg%ld, offset=%#lx\n", 126 (long)ops->number, (long)ops->number2); 127 break; 128 case DW_OP_fbreg: 129 pr_info("use frame base, offset=%#lx\n", (long)ops->number); 130 break; 131 case DW_OP_addr: 132 pr_info("address=%#lx\n", (long)ops->number); 133 break; 134 default: 135 pr_info("unknown: code=%#x, number=%#lx\n", 136 ops->atom, (long)ops->number); 137 break; 138 } 139 break; 140 } 141 } 142 143 /* 144 * Type information in a register, valid when @ok is true. 145 * The @caller_saved registers are invalidated after a function call. 146 */ 147 struct type_state_reg { 148 Dwarf_Die type; 149 u32 imm_value; 150 bool ok; 151 bool caller_saved; 152 u8 kind; 153 }; 154 155 /* Type information in a stack location, dynamically allocated */ 156 struct type_state_stack { 157 struct list_head list; 158 Dwarf_Die type; 159 int offset; 160 int size; 161 bool compound; 162 u8 kind; 163 }; 164 165 /* FIXME: This should be arch-dependent */ 166 #define TYPE_STATE_MAX_REGS 16 167 168 /* 169 * State table to maintain type info in each register and stack location. 170 * It'll be updated when new variable is allocated or type info is moved 171 * to a new location (register or stack). As it'd be used with the 172 * shortest path of basic blocks, it only maintains a single table. 173 */ 174 struct type_state { 175 /* state of general purpose registers */ 176 struct type_state_reg regs[TYPE_STATE_MAX_REGS]; 177 /* state of stack location */ 178 struct list_head stack_vars; 179 /* return value register */ 180 int ret_reg; 181 /* stack pointer register */ 182 int stack_reg; 183 }; 184 185 static bool has_reg_type(struct type_state *state, int reg) 186 { 187 return (unsigned)reg < ARRAY_SIZE(state->regs); 188 } 189 190 static void init_type_state(struct type_state *state, struct arch *arch) 191 { 192 memset(state, 0, sizeof(*state)); 193 INIT_LIST_HEAD(&state->stack_vars); 194 195 if (arch__is(arch, "x86")) { 196 state->regs[0].caller_saved = true; 197 state->regs[1].caller_saved = true; 198 state->regs[2].caller_saved = true; 199 state->regs[4].caller_saved = true; 200 state->regs[5].caller_saved = true; 201 state->regs[8].caller_saved = true; 202 state->regs[9].caller_saved = true; 203 state->regs[10].caller_saved = true; 204 state->regs[11].caller_saved = true; 205 state->ret_reg = 0; 206 state->stack_reg = X86_REG_SP; 207 } 208 } 209 210 static void exit_type_state(struct type_state *state) 211 { 212 struct type_state_stack *stack, *tmp; 213 214 list_for_each_entry_safe(stack, tmp, &state->stack_vars, list) { 215 list_del(&stack->list); 216 free(stack); 217 } 218 } 219 220 /* 221 * Compare type name and size to maintain them in a tree. 222 * I'm not sure if DWARF would have information of a single type in many 223 * different places (compilation units). If not, it could compare the 224 * offset of the type entry in the .debug_info section. 225 */ 226 static int data_type_cmp(const void *_key, const struct rb_node *node) 227 { 228 const struct annotated_data_type *key = _key; 229 struct annotated_data_type *type; 230 231 type = rb_entry(node, struct annotated_data_type, node); 232 233 if (key->self.size != type->self.size) 234 return key->self.size - type->self.size; 235 return strcmp(key->self.type_name, type->self.type_name); 236 } 237 238 static bool data_type_less(struct rb_node *node_a, const struct rb_node *node_b) 239 { 240 struct annotated_data_type *a, *b; 241 242 a = rb_entry(node_a, struct annotated_data_type, node); 243 b = rb_entry(node_b, struct annotated_data_type, node); 244 245 if (a->self.size != b->self.size) 246 return a->self.size < b->self.size; 247 return strcmp(a->self.type_name, b->self.type_name) < 0; 248 } 249 250 /* Recursively add new members for struct/union */ 251 static int __add_member_cb(Dwarf_Die *die, void *arg) 252 { 253 struct annotated_member *parent = arg; 254 struct annotated_member *member; 255 Dwarf_Die member_type, die_mem; 256 Dwarf_Word size, loc; 257 Dwarf_Attribute attr; 258 struct strbuf sb; 259 int tag; 260 261 if (dwarf_tag(die) != DW_TAG_member) 262 return DIE_FIND_CB_SIBLING; 263 264 member = zalloc(sizeof(*member)); 265 if (member == NULL) 266 return DIE_FIND_CB_END; 267 268 strbuf_init(&sb, 32); 269 die_get_typename(die, &sb); 270 271 die_get_real_type(die, &member_type); 272 if (dwarf_aggregate_size(&member_type, &size) < 0) 273 size = 0; 274 275 if (!dwarf_attr_integrate(die, DW_AT_data_member_location, &attr)) 276 loc = 0; 277 else 278 dwarf_formudata(&attr, &loc); 279 280 member->type_name = strbuf_detach(&sb, NULL); 281 /* member->var_name can be NULL */ 282 if (dwarf_diename(die)) 283 member->var_name = strdup(dwarf_diename(die)); 284 member->size = size; 285 member->offset = loc + parent->offset; 286 INIT_LIST_HEAD(&member->children); 287 list_add_tail(&member->node, &parent->children); 288 289 tag = dwarf_tag(&member_type); 290 switch (tag) { 291 case DW_TAG_structure_type: 292 case DW_TAG_union_type: 293 die_find_child(&member_type, __add_member_cb, member, &die_mem); 294 break; 295 default: 296 break; 297 } 298 return DIE_FIND_CB_SIBLING; 299 } 300 301 static void add_member_types(struct annotated_data_type *parent, Dwarf_Die *type) 302 { 303 Dwarf_Die die_mem; 304 305 die_find_child(type, __add_member_cb, &parent->self, &die_mem); 306 } 307 308 static void delete_members(struct annotated_member *member) 309 { 310 struct annotated_member *child, *tmp; 311 312 list_for_each_entry_safe(child, tmp, &member->children, node) { 313 list_del(&child->node); 314 delete_members(child); 315 zfree(&child->type_name); 316 zfree(&child->var_name); 317 free(child); 318 } 319 } 320 321 static struct annotated_data_type *dso__findnew_data_type(struct dso *dso, 322 Dwarf_Die *type_die) 323 { 324 struct annotated_data_type *result = NULL; 325 struct annotated_data_type key; 326 struct rb_node *node; 327 struct strbuf sb; 328 char *type_name; 329 Dwarf_Word size; 330 331 strbuf_init(&sb, 32); 332 if (die_get_typename_from_type(type_die, &sb) < 0) 333 strbuf_add(&sb, "(unknown type)", 14); 334 type_name = strbuf_detach(&sb, NULL); 335 dwarf_aggregate_size(type_die, &size); 336 337 /* Check existing nodes in dso->data_types tree */ 338 key.self.type_name = type_name; 339 key.self.size = size; 340 node = rb_find(&key, dso__data_types(dso), data_type_cmp); 341 if (node) { 342 result = rb_entry(node, struct annotated_data_type, node); 343 free(type_name); 344 return result; 345 } 346 347 /* If not, add a new one */ 348 result = zalloc(sizeof(*result)); 349 if (result == NULL) { 350 free(type_name); 351 return NULL; 352 } 353 354 result->self.type_name = type_name; 355 result->self.size = size; 356 INIT_LIST_HEAD(&result->self.children); 357 358 if (symbol_conf.annotate_data_member) 359 add_member_types(result, type_die); 360 361 rb_add(&result->node, dso__data_types(dso), data_type_less); 362 return result; 363 } 364 365 static bool find_cu_die(struct debuginfo *di, u64 pc, Dwarf_Die *cu_die) 366 { 367 Dwarf_Off off, next_off; 368 size_t header_size; 369 370 if (dwarf_addrdie(di->dbg, pc, cu_die) != NULL) 371 return cu_die; 372 373 /* 374 * There are some kernels don't have full aranges and contain only a few 375 * aranges entries. Fallback to iterate all CU entries in .debug_info 376 * in case it's missing. 377 */ 378 off = 0; 379 while (dwarf_nextcu(di->dbg, off, &next_off, &header_size, 380 NULL, NULL, NULL) == 0) { 381 if (dwarf_offdie(di->dbg, off + header_size, cu_die) && 382 dwarf_haspc(cu_die, pc)) 383 return true; 384 385 off = next_off; 386 } 387 return false; 388 } 389 390 /* The type info will be saved in @type_die */ 391 static int check_variable(struct data_loc_info *dloc, Dwarf_Die *var_die, 392 Dwarf_Die *type_die, int reg, int offset, bool is_fbreg) 393 { 394 Dwarf_Word size; 395 bool is_pointer = true; 396 397 if (reg == DWARF_REG_PC) 398 is_pointer = false; 399 else if (reg == dloc->fbreg || is_fbreg) 400 is_pointer = false; 401 else if (arch__is(dloc->arch, "x86") && reg == X86_REG_SP) 402 is_pointer = false; 403 404 /* Get the type of the variable */ 405 if (die_get_real_type(var_die, type_die) == NULL) { 406 pr_debug_dtp("variable has no type\n"); 407 ann_data_stat.no_typeinfo++; 408 return -1; 409 } 410 411 /* 412 * Usually it expects a pointer type for a memory access. 413 * Convert to a real type it points to. But global variables 414 * and local variables are accessed directly without a pointer. 415 */ 416 if (is_pointer) { 417 if ((dwarf_tag(type_die) != DW_TAG_pointer_type && 418 dwarf_tag(type_die) != DW_TAG_array_type) || 419 die_get_real_type(type_die, type_die) == NULL) { 420 pr_debug_dtp("no pointer or no type\n"); 421 ann_data_stat.no_typeinfo++; 422 return -1; 423 } 424 } 425 426 /* Get the size of the actual type */ 427 if (dwarf_aggregate_size(type_die, &size) < 0) { 428 pr_debug_dtp("type size is unknown\n"); 429 ann_data_stat.invalid_size++; 430 return -1; 431 } 432 433 /* Minimal sanity check */ 434 if ((unsigned)offset >= size) { 435 pr_debug_dtp("offset: %d is bigger than size: %"PRIu64"\n", 436 offset, size); 437 ann_data_stat.bad_offset++; 438 return -1; 439 } 440 441 return 0; 442 } 443 444 static struct type_state_stack *find_stack_state(struct type_state *state, 445 int offset) 446 { 447 struct type_state_stack *stack; 448 449 list_for_each_entry(stack, &state->stack_vars, list) { 450 if (offset == stack->offset) 451 return stack; 452 453 if (stack->compound && stack->offset < offset && 454 offset < stack->offset + stack->size) 455 return stack; 456 } 457 return NULL; 458 } 459 460 static void set_stack_state(struct type_state_stack *stack, int offset, u8 kind, 461 Dwarf_Die *type_die) 462 { 463 int tag; 464 Dwarf_Word size; 465 466 if (dwarf_aggregate_size(type_die, &size) < 0) 467 size = 0; 468 469 tag = dwarf_tag(type_die); 470 471 stack->type = *type_die; 472 stack->size = size; 473 stack->offset = offset; 474 stack->kind = kind; 475 476 switch (tag) { 477 case DW_TAG_structure_type: 478 case DW_TAG_union_type: 479 stack->compound = (kind != TSR_KIND_POINTER); 480 break; 481 default: 482 stack->compound = false; 483 break; 484 } 485 } 486 487 static struct type_state_stack *findnew_stack_state(struct type_state *state, 488 int offset, u8 kind, 489 Dwarf_Die *type_die) 490 { 491 struct type_state_stack *stack = find_stack_state(state, offset); 492 493 if (stack) { 494 set_stack_state(stack, offset, kind, type_die); 495 return stack; 496 } 497 498 stack = malloc(sizeof(*stack)); 499 if (stack) { 500 set_stack_state(stack, offset, kind, type_die); 501 list_add(&stack->list, &state->stack_vars); 502 } 503 return stack; 504 } 505 506 /* Maintain a cache for quick global variable lookup */ 507 struct global_var_entry { 508 struct rb_node node; 509 char *name; 510 u64 start; 511 u64 end; 512 u64 die_offset; 513 }; 514 515 static int global_var_cmp(const void *_key, const struct rb_node *node) 516 { 517 const u64 addr = (uintptr_t)_key; 518 struct global_var_entry *gvar; 519 520 gvar = rb_entry(node, struct global_var_entry, node); 521 522 if (gvar->start <= addr && addr < gvar->end) 523 return 0; 524 return gvar->start > addr ? -1 : 1; 525 } 526 527 static bool global_var_less(struct rb_node *node_a, const struct rb_node *node_b) 528 { 529 struct global_var_entry *gvar_a, *gvar_b; 530 531 gvar_a = rb_entry(node_a, struct global_var_entry, node); 532 gvar_b = rb_entry(node_b, struct global_var_entry, node); 533 534 return gvar_a->start < gvar_b->start; 535 } 536 537 static struct global_var_entry *global_var__find(struct data_loc_info *dloc, u64 addr) 538 { 539 struct dso *dso = map__dso(dloc->ms->map); 540 struct rb_node *node; 541 542 node = rb_find((void *)(uintptr_t)addr, dso__global_vars(dso), global_var_cmp); 543 if (node == NULL) 544 return NULL; 545 546 return rb_entry(node, struct global_var_entry, node); 547 } 548 549 static bool global_var__add(struct data_loc_info *dloc, u64 addr, 550 const char *name, Dwarf_Die *type_die) 551 { 552 struct dso *dso = map__dso(dloc->ms->map); 553 struct global_var_entry *gvar; 554 Dwarf_Word size; 555 556 if (dwarf_aggregate_size(type_die, &size) < 0) 557 return false; 558 559 gvar = malloc(sizeof(*gvar)); 560 if (gvar == NULL) 561 return false; 562 563 gvar->name = name ? strdup(name) : NULL; 564 if (name && gvar->name == NULL) { 565 free(gvar); 566 return false; 567 } 568 569 gvar->start = addr; 570 gvar->end = addr + size; 571 gvar->die_offset = dwarf_dieoffset(type_die); 572 573 rb_add(&gvar->node, dso__global_vars(dso), global_var_less); 574 return true; 575 } 576 577 void global_var_type__tree_delete(struct rb_root *root) 578 { 579 struct global_var_entry *gvar; 580 581 while (!RB_EMPTY_ROOT(root)) { 582 struct rb_node *node = rb_first(root); 583 584 rb_erase(node, root); 585 gvar = rb_entry(node, struct global_var_entry, node); 586 zfree(&gvar->name); 587 free(gvar); 588 } 589 } 590 591 static bool get_global_var_info(struct data_loc_info *dloc, u64 addr, 592 const char **var_name, int *var_offset) 593 { 594 struct addr_location al; 595 struct symbol *sym; 596 u64 mem_addr; 597 598 /* Kernel symbols might be relocated */ 599 mem_addr = addr + map__reloc(dloc->ms->map); 600 601 addr_location__init(&al); 602 sym = thread__find_symbol_fb(dloc->thread, dloc->cpumode, 603 mem_addr, &al); 604 if (sym) { 605 *var_name = sym->name; 606 /* Calculate type offset from the start of variable */ 607 *var_offset = mem_addr - map__unmap_ip(al.map, sym->start); 608 } else { 609 *var_name = NULL; 610 } 611 addr_location__exit(&al); 612 if (*var_name == NULL) 613 return false; 614 615 return true; 616 } 617 618 static void global_var__collect(struct data_loc_info *dloc) 619 { 620 Dwarf *dwarf = dloc->di->dbg; 621 Dwarf_Off off, next_off; 622 Dwarf_Die cu_die, type_die; 623 size_t header_size; 624 625 /* Iterate all CU and collect global variables that have no location in a register. */ 626 off = 0; 627 while (dwarf_nextcu(dwarf, off, &next_off, &header_size, 628 NULL, NULL, NULL) == 0) { 629 struct die_var_type *var_types = NULL; 630 struct die_var_type *pos; 631 632 if (dwarf_offdie(dwarf, off + header_size, &cu_die) == NULL) { 633 off = next_off; 634 continue; 635 } 636 637 die_collect_global_vars(&cu_die, &var_types); 638 639 for (pos = var_types; pos; pos = pos->next) { 640 const char *var_name = NULL; 641 int var_offset = 0; 642 643 if (pos->reg != -1) 644 continue; 645 646 if (!dwarf_offdie(dwarf, pos->die_off, &type_die)) 647 continue; 648 649 if (!get_global_var_info(dloc, pos->addr, &var_name, 650 &var_offset)) 651 continue; 652 653 if (var_offset != 0) 654 continue; 655 656 global_var__add(dloc, pos->addr, var_name, &type_die); 657 } 658 659 delete_var_types(var_types); 660 661 off = next_off; 662 } 663 } 664 665 static bool get_global_var_type(Dwarf_Die *cu_die, struct data_loc_info *dloc, 666 u64 ip, u64 var_addr, int *var_offset, 667 Dwarf_Die *type_die) 668 { 669 u64 pc; 670 int offset; 671 const char *var_name = NULL; 672 struct global_var_entry *gvar; 673 struct dso *dso = map__dso(dloc->ms->map); 674 Dwarf_Die var_die; 675 676 if (RB_EMPTY_ROOT(dso__global_vars(dso))) 677 global_var__collect(dloc); 678 679 gvar = global_var__find(dloc, var_addr); 680 if (gvar) { 681 if (!dwarf_offdie(dloc->di->dbg, gvar->die_offset, type_die)) 682 return false; 683 684 *var_offset = var_addr - gvar->start; 685 return true; 686 } 687 688 /* Try to get the variable by address first */ 689 if (die_find_variable_by_addr(cu_die, var_addr, &var_die, &offset) && 690 check_variable(dloc, &var_die, type_die, DWARF_REG_PC, offset, 691 /*is_fbreg=*/false) == 0) { 692 var_name = dwarf_diename(&var_die); 693 *var_offset = offset; 694 goto ok; 695 } 696 697 if (!get_global_var_info(dloc, var_addr, &var_name, var_offset)) 698 return false; 699 700 pc = map__rip_2objdump(dloc->ms->map, ip); 701 702 /* Try to get the name of global variable */ 703 if (die_find_variable_at(cu_die, var_name, pc, &var_die) && 704 check_variable(dloc, &var_die, type_die, DWARF_REG_PC, *var_offset, 705 /*is_fbreg=*/false) == 0) 706 goto ok; 707 708 return false; 709 710 ok: 711 /* The address should point to the start of the variable */ 712 global_var__add(dloc, var_addr - *var_offset, var_name, type_die); 713 return true; 714 } 715 716 /** 717 * update_var_state - Update type state using given variables 718 * @state: type state table 719 * @dloc: data location info 720 * @addr: instruction address to match with variable 721 * @insn_offset: instruction offset (for debug) 722 * @var_types: list of variables with type info 723 * 724 * This function fills the @state table using @var_types info. Each variable 725 * is used only at the given location and updates an entry in the table. 726 */ 727 static void update_var_state(struct type_state *state, struct data_loc_info *dloc, 728 u64 addr, u64 insn_offset, struct die_var_type *var_types) 729 { 730 Dwarf_Die mem_die; 731 struct die_var_type *var; 732 int fbreg = dloc->fbreg; 733 int fb_offset = 0; 734 735 if (dloc->fb_cfa) { 736 if (die_get_cfa(dloc->di->dbg, addr, &fbreg, &fb_offset) < 0) 737 fbreg = -1; 738 } 739 740 for (var = var_types; var != NULL; var = var->next) { 741 if (var->addr != addr) 742 continue; 743 /* Get the type DIE using the offset */ 744 if (!dwarf_offdie(dloc->di->dbg, var->die_off, &mem_die)) 745 continue; 746 747 if (var->reg == DWARF_REG_FB) { 748 findnew_stack_state(state, var->offset, TSR_KIND_TYPE, 749 &mem_die); 750 751 pr_debug_dtp("var [%"PRIx64"] -%#x(stack)", 752 insn_offset, -var->offset); 753 pr_debug_type_name(&mem_die, TSR_KIND_TYPE); 754 } else if (var->reg == fbreg) { 755 findnew_stack_state(state, var->offset - fb_offset, 756 TSR_KIND_TYPE, &mem_die); 757 758 pr_debug_dtp("var [%"PRIx64"] -%#x(stack)", 759 insn_offset, -var->offset + fb_offset); 760 pr_debug_type_name(&mem_die, TSR_KIND_TYPE); 761 } else if (has_reg_type(state, var->reg) && var->offset == 0) { 762 struct type_state_reg *reg; 763 764 reg = &state->regs[var->reg]; 765 reg->type = mem_die; 766 reg->kind = TSR_KIND_TYPE; 767 reg->ok = true; 768 769 pr_debug_dtp("var [%"PRIx64"] reg%d", 770 insn_offset, var->reg); 771 pr_debug_type_name(&mem_die, TSR_KIND_TYPE); 772 } 773 } 774 } 775 776 static void update_insn_state_x86(struct type_state *state, 777 struct data_loc_info *dloc, Dwarf_Die *cu_die, 778 struct disasm_line *dl) 779 { 780 struct annotated_insn_loc loc; 781 struct annotated_op_loc *src = &loc.ops[INSN_OP_SOURCE]; 782 struct annotated_op_loc *dst = &loc.ops[INSN_OP_TARGET]; 783 struct type_state_reg *tsr; 784 Dwarf_Die type_die; 785 u32 insn_offset = dl->al.offset; 786 int fbreg = dloc->fbreg; 787 int fboff = 0; 788 789 if (annotate_get_insn_location(dloc->arch, dl, &loc) < 0) 790 return; 791 792 if (ins__is_call(&dl->ins)) { 793 struct symbol *func = dl->ops.target.sym; 794 795 if (func == NULL) 796 return; 797 798 /* __fentry__ will preserve all registers */ 799 if (!strcmp(func->name, "__fentry__")) 800 return; 801 802 pr_debug_dtp("call [%x] %s\n", insn_offset, func->name); 803 804 /* Otherwise invalidate caller-saved registers after call */ 805 for (unsigned i = 0; i < ARRAY_SIZE(state->regs); i++) { 806 if (state->regs[i].caller_saved) 807 state->regs[i].ok = false; 808 } 809 810 /* Update register with the return type (if any) */ 811 if (die_find_func_rettype(cu_die, func->name, &type_die)) { 812 tsr = &state->regs[state->ret_reg]; 813 tsr->type = type_die; 814 tsr->kind = TSR_KIND_TYPE; 815 tsr->ok = true; 816 817 pr_debug_dtp("call [%x] return -> reg%d", 818 insn_offset, state->ret_reg); 819 pr_debug_type_name(&type_die, tsr->kind); 820 } 821 return; 822 } 823 824 if (!strncmp(dl->ins.name, "add", 3)) { 825 u64 imm_value = -1ULL; 826 int offset; 827 const char *var_name = NULL; 828 struct map_symbol *ms = dloc->ms; 829 u64 ip = ms->sym->start + dl->al.offset; 830 831 if (!has_reg_type(state, dst->reg1)) 832 return; 833 834 tsr = &state->regs[dst->reg1]; 835 836 if (src->imm) 837 imm_value = src->offset; 838 else if (has_reg_type(state, src->reg1) && 839 state->regs[src->reg1].kind == TSR_KIND_CONST) 840 imm_value = state->regs[src->reg1].imm_value; 841 else if (src->reg1 == DWARF_REG_PC) { 842 u64 var_addr = annotate_calc_pcrel(dloc->ms, ip, 843 src->offset, dl); 844 845 if (get_global_var_info(dloc, var_addr, 846 &var_name, &offset) && 847 !strcmp(var_name, "this_cpu_off") && 848 tsr->kind == TSR_KIND_CONST) { 849 tsr->kind = TSR_KIND_PERCPU_BASE; 850 imm_value = tsr->imm_value; 851 } 852 } 853 else 854 return; 855 856 if (tsr->kind != TSR_KIND_PERCPU_BASE) 857 return; 858 859 if (get_global_var_type(cu_die, dloc, ip, imm_value, &offset, 860 &type_die) && offset == 0) { 861 /* 862 * This is not a pointer type, but it should be treated 863 * as a pointer. 864 */ 865 tsr->type = type_die; 866 tsr->kind = TSR_KIND_POINTER; 867 tsr->ok = true; 868 869 pr_debug_dtp("add [%x] percpu %#"PRIx64" -> reg%d", 870 insn_offset, imm_value, dst->reg1); 871 pr_debug_type_name(&tsr->type, tsr->kind); 872 } 873 return; 874 } 875 876 if (strncmp(dl->ins.name, "mov", 3)) 877 return; 878 879 if (dloc->fb_cfa) { 880 u64 ip = dloc->ms->sym->start + dl->al.offset; 881 u64 pc = map__rip_2objdump(dloc->ms->map, ip); 882 883 if (die_get_cfa(dloc->di->dbg, pc, &fbreg, &fboff) < 0) 884 fbreg = -1; 885 } 886 887 /* Case 1. register to register or segment:offset to register transfers */ 888 if (!src->mem_ref && !dst->mem_ref) { 889 if (!has_reg_type(state, dst->reg1)) 890 return; 891 892 tsr = &state->regs[dst->reg1]; 893 if (dso__kernel(map__dso(dloc->ms->map)) && 894 src->segment == INSN_SEG_X86_GS && src->imm) { 895 u64 ip = dloc->ms->sym->start + dl->al.offset; 896 u64 var_addr; 897 int offset; 898 899 /* 900 * In kernel, %gs points to a per-cpu region for the 901 * current CPU. Access with a constant offset should 902 * be treated as a global variable access. 903 */ 904 var_addr = src->offset; 905 906 if (var_addr == 40) { 907 tsr->kind = TSR_KIND_CANARY; 908 tsr->ok = true; 909 910 pr_debug_dtp("mov [%x] stack canary -> reg%d\n", 911 insn_offset, dst->reg1); 912 return; 913 } 914 915 if (!get_global_var_type(cu_die, dloc, ip, var_addr, 916 &offset, &type_die) || 917 !die_get_member_type(&type_die, offset, &type_die)) { 918 tsr->ok = false; 919 return; 920 } 921 922 tsr->type = type_die; 923 tsr->kind = TSR_KIND_TYPE; 924 tsr->ok = true; 925 926 pr_debug_dtp("mov [%x] this-cpu addr=%#"PRIx64" -> reg%d", 927 insn_offset, var_addr, dst->reg1); 928 pr_debug_type_name(&tsr->type, tsr->kind); 929 return; 930 } 931 932 if (src->imm) { 933 tsr->kind = TSR_KIND_CONST; 934 tsr->imm_value = src->offset; 935 tsr->ok = true; 936 937 pr_debug_dtp("mov [%x] imm=%#x -> reg%d\n", 938 insn_offset, tsr->imm_value, dst->reg1); 939 return; 940 } 941 942 if (!has_reg_type(state, src->reg1) || 943 !state->regs[src->reg1].ok) { 944 tsr->ok = false; 945 return; 946 } 947 948 tsr->type = state->regs[src->reg1].type; 949 tsr->kind = state->regs[src->reg1].kind; 950 tsr->ok = true; 951 952 pr_debug_dtp("mov [%x] reg%d -> reg%d", 953 insn_offset, src->reg1, dst->reg1); 954 pr_debug_type_name(&tsr->type, tsr->kind); 955 } 956 /* Case 2. memory to register transers */ 957 if (src->mem_ref && !dst->mem_ref) { 958 int sreg = src->reg1; 959 960 if (!has_reg_type(state, dst->reg1)) 961 return; 962 963 tsr = &state->regs[dst->reg1]; 964 965 retry: 966 /* Check stack variables with offset */ 967 if (sreg == fbreg) { 968 struct type_state_stack *stack; 969 int offset = src->offset - fboff; 970 971 stack = find_stack_state(state, offset); 972 if (stack == NULL) { 973 tsr->ok = false; 974 return; 975 } else if (!stack->compound) { 976 tsr->type = stack->type; 977 tsr->kind = stack->kind; 978 tsr->ok = true; 979 } else if (die_get_member_type(&stack->type, 980 offset - stack->offset, 981 &type_die)) { 982 tsr->type = type_die; 983 tsr->kind = TSR_KIND_TYPE; 984 tsr->ok = true; 985 } else { 986 tsr->ok = false; 987 return; 988 } 989 990 pr_debug_dtp("mov [%x] -%#x(stack) -> reg%d", 991 insn_offset, -offset, dst->reg1); 992 pr_debug_type_name(&tsr->type, tsr->kind); 993 } 994 /* And then dereference the pointer if it has one */ 995 else if (has_reg_type(state, sreg) && state->regs[sreg].ok && 996 state->regs[sreg].kind == TSR_KIND_TYPE && 997 die_deref_ptr_type(&state->regs[sreg].type, 998 src->offset, &type_die)) { 999 tsr->type = type_die; 1000 tsr->kind = TSR_KIND_TYPE; 1001 tsr->ok = true; 1002 1003 pr_debug_dtp("mov [%x] %#x(reg%d) -> reg%d", 1004 insn_offset, src->offset, sreg, dst->reg1); 1005 pr_debug_type_name(&tsr->type, tsr->kind); 1006 } 1007 /* Or check if it's a global variable */ 1008 else if (sreg == DWARF_REG_PC) { 1009 struct map_symbol *ms = dloc->ms; 1010 u64 ip = ms->sym->start + dl->al.offset; 1011 u64 addr; 1012 int offset; 1013 1014 addr = annotate_calc_pcrel(ms, ip, src->offset, dl); 1015 1016 if (!get_global_var_type(cu_die, dloc, ip, addr, &offset, 1017 &type_die) || 1018 !die_get_member_type(&type_die, offset, &type_die)) { 1019 tsr->ok = false; 1020 return; 1021 } 1022 1023 tsr->type = type_die; 1024 tsr->kind = TSR_KIND_TYPE; 1025 tsr->ok = true; 1026 1027 pr_debug_dtp("mov [%x] global addr=%"PRIx64" -> reg%d", 1028 insn_offset, addr, dst->reg1); 1029 pr_debug_type_name(&type_die, tsr->kind); 1030 } 1031 /* And check percpu access with base register */ 1032 else if (has_reg_type(state, sreg) && 1033 state->regs[sreg].kind == TSR_KIND_PERCPU_BASE) { 1034 u64 ip = dloc->ms->sym->start + dl->al.offset; 1035 u64 var_addr = src->offset; 1036 int offset; 1037 1038 if (src->multi_regs) { 1039 int reg2 = (sreg == src->reg1) ? src->reg2 : src->reg1; 1040 1041 if (has_reg_type(state, reg2) && state->regs[reg2].ok && 1042 state->regs[reg2].kind == TSR_KIND_CONST) 1043 var_addr += state->regs[reg2].imm_value; 1044 } 1045 1046 /* 1047 * In kernel, %gs points to a per-cpu region for the 1048 * current CPU. Access with a constant offset should 1049 * be treated as a global variable access. 1050 */ 1051 if (get_global_var_type(cu_die, dloc, ip, var_addr, 1052 &offset, &type_die) && 1053 die_get_member_type(&type_die, offset, &type_die)) { 1054 tsr->type = type_die; 1055 tsr->kind = TSR_KIND_TYPE; 1056 tsr->ok = true; 1057 1058 if (src->multi_regs) { 1059 pr_debug_dtp("mov [%x] percpu %#x(reg%d,reg%d) -> reg%d", 1060 insn_offset, src->offset, src->reg1, 1061 src->reg2, dst->reg1); 1062 } else { 1063 pr_debug_dtp("mov [%x] percpu %#x(reg%d) -> reg%d", 1064 insn_offset, src->offset, sreg, dst->reg1); 1065 } 1066 pr_debug_type_name(&tsr->type, tsr->kind); 1067 } else { 1068 tsr->ok = false; 1069 } 1070 } 1071 /* And then dereference the calculated pointer if it has one */ 1072 else if (has_reg_type(state, sreg) && state->regs[sreg].ok && 1073 state->regs[sreg].kind == TSR_KIND_POINTER && 1074 die_get_member_type(&state->regs[sreg].type, 1075 src->offset, &type_die)) { 1076 tsr->type = type_die; 1077 tsr->kind = TSR_KIND_TYPE; 1078 tsr->ok = true; 1079 1080 pr_debug_dtp("mov [%x] pointer %#x(reg%d) -> reg%d", 1081 insn_offset, src->offset, sreg, dst->reg1); 1082 pr_debug_type_name(&tsr->type, tsr->kind); 1083 } 1084 /* Or try another register if any */ 1085 else if (src->multi_regs && sreg == src->reg1 && 1086 src->reg1 != src->reg2) { 1087 sreg = src->reg2; 1088 goto retry; 1089 } 1090 else { 1091 int offset; 1092 const char *var_name = NULL; 1093 1094 /* it might be per-cpu variable (in kernel) access */ 1095 if (src->offset < 0) { 1096 if (get_global_var_info(dloc, (s64)src->offset, 1097 &var_name, &offset) && 1098 !strcmp(var_name, "__per_cpu_offset")) { 1099 tsr->kind = TSR_KIND_PERCPU_BASE; 1100 1101 pr_debug_dtp("mov [%x] percpu base reg%d\n", 1102 insn_offset, dst->reg1); 1103 } 1104 } 1105 1106 tsr->ok = false; 1107 } 1108 } 1109 /* Case 3. register to memory transfers */ 1110 if (!src->mem_ref && dst->mem_ref) { 1111 if (!has_reg_type(state, src->reg1) || 1112 !state->regs[src->reg1].ok) 1113 return; 1114 1115 /* Check stack variables with offset */ 1116 if (dst->reg1 == fbreg) { 1117 struct type_state_stack *stack; 1118 int offset = dst->offset - fboff; 1119 1120 tsr = &state->regs[src->reg1]; 1121 1122 stack = find_stack_state(state, offset); 1123 if (stack) { 1124 /* 1125 * The source register is likely to hold a type 1126 * of member if it's a compound type. Do not 1127 * update the stack variable type since we can 1128 * get the member type later by using the 1129 * die_get_member_type(). 1130 */ 1131 if (!stack->compound) 1132 set_stack_state(stack, offset, tsr->kind, 1133 &tsr->type); 1134 } else { 1135 findnew_stack_state(state, offset, tsr->kind, 1136 &tsr->type); 1137 } 1138 1139 pr_debug_dtp("mov [%x] reg%d -> -%#x(stack)", 1140 insn_offset, src->reg1, -offset); 1141 pr_debug_type_name(&tsr->type, tsr->kind); 1142 } 1143 /* 1144 * Ignore other transfers since it'd set a value in a struct 1145 * and won't change the type. 1146 */ 1147 } 1148 /* Case 4. memory to memory transfers (not handled for now) */ 1149 } 1150 1151 /** 1152 * update_insn_state - Update type state for an instruction 1153 * @state: type state table 1154 * @dloc: data location info 1155 * @cu_die: compile unit debug entry 1156 * @dl: disasm line for the instruction 1157 * 1158 * This function updates the @state table for the target operand of the 1159 * instruction at @dl if it transfers the type like MOV on x86. Since it 1160 * tracks the type, it won't care about the values like in arithmetic 1161 * instructions like ADD/SUB/MUL/DIV and INC/DEC. 1162 * 1163 * Note that ops->reg2 is only available when both mem_ref and multi_regs 1164 * are true. 1165 */ 1166 static void update_insn_state(struct type_state *state, struct data_loc_info *dloc, 1167 Dwarf_Die *cu_die, struct disasm_line *dl) 1168 { 1169 if (arch__is(dloc->arch, "x86")) 1170 update_insn_state_x86(state, dloc, cu_die, dl); 1171 } 1172 1173 /* 1174 * Prepend this_blocks (from the outer scope) to full_blocks, removing 1175 * duplicate disasm line. 1176 */ 1177 static void prepend_basic_blocks(struct list_head *this_blocks, 1178 struct list_head *full_blocks) 1179 { 1180 struct annotated_basic_block *first_bb, *last_bb; 1181 1182 last_bb = list_last_entry(this_blocks, typeof(*last_bb), list); 1183 first_bb = list_first_entry(full_blocks, typeof(*first_bb), list); 1184 1185 if (list_empty(full_blocks)) 1186 goto out; 1187 1188 /* Last insn in this_blocks should be same as first insn in full_blocks */ 1189 if (last_bb->end != first_bb->begin) { 1190 pr_debug("prepend basic blocks: mismatched disasm line %"PRIx64" -> %"PRIx64"\n", 1191 last_bb->end->al.offset, first_bb->begin->al.offset); 1192 goto out; 1193 } 1194 1195 /* Is the basic block have only one disasm_line? */ 1196 if (last_bb->begin == last_bb->end) { 1197 list_del(&last_bb->list); 1198 free(last_bb); 1199 goto out; 1200 } 1201 1202 /* Point to the insn before the last when adding this block to full_blocks */ 1203 last_bb->end = list_prev_entry(last_bb->end, al.node); 1204 1205 out: 1206 list_splice(this_blocks, full_blocks); 1207 } 1208 1209 static void delete_basic_blocks(struct list_head *basic_blocks) 1210 { 1211 struct annotated_basic_block *bb, *tmp; 1212 1213 list_for_each_entry_safe(bb, tmp, basic_blocks, list) { 1214 list_del(&bb->list); 1215 free(bb); 1216 } 1217 } 1218 1219 /* Make sure all variables have a valid start address */ 1220 static void fixup_var_address(struct die_var_type *var_types, u64 addr) 1221 { 1222 while (var_types) { 1223 /* 1224 * Some variables have no address range meaning it's always 1225 * available in the whole scope. Let's adjust the start 1226 * address to the start of the scope. 1227 */ 1228 if (var_types->addr == 0) 1229 var_types->addr = addr; 1230 1231 var_types = var_types->next; 1232 } 1233 } 1234 1235 static void delete_var_types(struct die_var_type *var_types) 1236 { 1237 while (var_types) { 1238 struct die_var_type *next = var_types->next; 1239 1240 free(var_types); 1241 var_types = next; 1242 } 1243 } 1244 1245 /* should match to is_stack_canary() in util/annotate.c */ 1246 static void setup_stack_canary(struct data_loc_info *dloc) 1247 { 1248 if (arch__is(dloc->arch, "x86")) { 1249 dloc->op->segment = INSN_SEG_X86_GS; 1250 dloc->op->imm = true; 1251 dloc->op->offset = 40; 1252 } 1253 } 1254 1255 /* 1256 * It's at the target address, check if it has a matching type. 1257 * It returns 1 if found, 0 if not or -1 if not found but no need to 1258 * repeat the search. The last case is for per-cpu variables which 1259 * are similar to global variables and no additional info is needed. 1260 */ 1261 static int check_matching_type(struct type_state *state, 1262 struct data_loc_info *dloc, 1263 Dwarf_Die *cu_die, Dwarf_Die *type_die) 1264 { 1265 Dwarf_Word size; 1266 u32 insn_offset = dloc->ip - dloc->ms->sym->start; 1267 int reg = dloc->op->reg1; 1268 1269 pr_debug_dtp("chk [%x] reg%d offset=%#x ok=%d kind=%d", 1270 insn_offset, reg, dloc->op->offset, 1271 state->regs[reg].ok, state->regs[reg].kind); 1272 1273 if (state->regs[reg].ok && state->regs[reg].kind == TSR_KIND_TYPE) { 1274 int tag = dwarf_tag(&state->regs[reg].type); 1275 1276 /* 1277 * Normal registers should hold a pointer (or array) to 1278 * dereference a memory location. 1279 */ 1280 if (tag != DW_TAG_pointer_type && tag != DW_TAG_array_type) { 1281 if (dloc->op->offset < 0 && reg != state->stack_reg) 1282 goto check_kernel; 1283 1284 pr_debug_dtp("\n"); 1285 return -1; 1286 } 1287 1288 pr_debug_dtp("\n"); 1289 1290 /* Remove the pointer and get the target type */ 1291 if (die_get_real_type(&state->regs[reg].type, type_die) == NULL) 1292 return -1; 1293 1294 dloc->type_offset = dloc->op->offset; 1295 1296 /* Get the size of the actual type */ 1297 if (dwarf_aggregate_size(type_die, &size) < 0 || 1298 (unsigned)dloc->type_offset >= size) 1299 return -1; 1300 1301 return 1; 1302 } 1303 1304 if (reg == dloc->fbreg) { 1305 struct type_state_stack *stack; 1306 1307 pr_debug_dtp(" fbreg\n"); 1308 1309 stack = find_stack_state(state, dloc->type_offset); 1310 if (stack == NULL) 1311 return 0; 1312 1313 if (stack->kind == TSR_KIND_CANARY) { 1314 setup_stack_canary(dloc); 1315 return -1; 1316 } 1317 1318 if (stack->kind != TSR_KIND_TYPE) 1319 return 0; 1320 1321 *type_die = stack->type; 1322 /* Update the type offset from the start of slot */ 1323 dloc->type_offset -= stack->offset; 1324 1325 return 1; 1326 } 1327 1328 if (dloc->fb_cfa) { 1329 struct type_state_stack *stack; 1330 u64 pc = map__rip_2objdump(dloc->ms->map, dloc->ip); 1331 int fbreg, fboff; 1332 1333 pr_debug_dtp(" cfa\n"); 1334 1335 if (die_get_cfa(dloc->di->dbg, pc, &fbreg, &fboff) < 0) 1336 fbreg = -1; 1337 1338 if (reg != fbreg) 1339 return 0; 1340 1341 stack = find_stack_state(state, dloc->type_offset - fboff); 1342 if (stack == NULL) 1343 return 0; 1344 1345 if (stack->kind == TSR_KIND_CANARY) { 1346 setup_stack_canary(dloc); 1347 return -1; 1348 } 1349 1350 if (stack->kind != TSR_KIND_TYPE) 1351 return 0; 1352 1353 *type_die = stack->type; 1354 /* Update the type offset from the start of slot */ 1355 dloc->type_offset -= fboff + stack->offset; 1356 1357 return 1; 1358 } 1359 1360 if (state->regs[reg].kind == TSR_KIND_PERCPU_BASE) { 1361 u64 var_addr = dloc->op->offset; 1362 int var_offset; 1363 1364 pr_debug_dtp(" percpu var\n"); 1365 1366 if (dloc->op->multi_regs) { 1367 int reg2 = dloc->op->reg2; 1368 1369 if (dloc->op->reg2 == reg) 1370 reg2 = dloc->op->reg1; 1371 1372 if (has_reg_type(state, reg2) && state->regs[reg2].ok && 1373 state->regs[reg2].kind == TSR_KIND_CONST) 1374 var_addr += state->regs[reg2].imm_value; 1375 } 1376 1377 if (get_global_var_type(cu_die, dloc, dloc->ip, var_addr, 1378 &var_offset, type_die)) { 1379 dloc->type_offset = var_offset; 1380 return 1; 1381 } 1382 /* No need to retry per-cpu (global) variables */ 1383 return -1; 1384 } 1385 1386 if (state->regs[reg].ok && state->regs[reg].kind == TSR_KIND_POINTER) { 1387 pr_debug_dtp(" percpu ptr\n"); 1388 1389 /* 1390 * It's actaully pointer but the address was calculated using 1391 * some arithmetic. So it points to the actual type already. 1392 */ 1393 *type_die = state->regs[reg].type; 1394 1395 dloc->type_offset = dloc->op->offset; 1396 1397 /* Get the size of the actual type */ 1398 if (dwarf_aggregate_size(type_die, &size) < 0 || 1399 (unsigned)dloc->type_offset >= size) 1400 return -1; 1401 1402 return 1; 1403 } 1404 1405 if (state->regs[reg].ok && state->regs[reg].kind == TSR_KIND_CANARY) { 1406 pr_debug_dtp(" stack canary\n"); 1407 1408 /* 1409 * This is a saved value of the stack canary which will be handled 1410 * in the outer logic when it returns failure here. Pretend it's 1411 * from the stack canary directly. 1412 */ 1413 setup_stack_canary(dloc); 1414 1415 return -1; 1416 } 1417 1418 check_kernel: 1419 if (dso__kernel(map__dso(dloc->ms->map))) { 1420 u64 addr; 1421 int offset; 1422 1423 /* Direct this-cpu access like "%gs:0x34740" */ 1424 if (dloc->op->segment == INSN_SEG_X86_GS && dloc->op->imm && 1425 arch__is(dloc->arch, "x86")) { 1426 pr_debug_dtp(" this-cpu var\n"); 1427 1428 addr = dloc->op->offset; 1429 1430 if (get_global_var_type(cu_die, dloc, dloc->ip, addr, 1431 &offset, type_die)) { 1432 dloc->type_offset = offset; 1433 return 1; 1434 } 1435 return -1; 1436 } 1437 1438 /* Access to global variable like "-0x7dcf0500(,%rdx,8)" */ 1439 if (dloc->op->offset < 0 && reg != state->stack_reg) { 1440 addr = (s64) dloc->op->offset; 1441 1442 if (get_global_var_type(cu_die, dloc, dloc->ip, addr, 1443 &offset, type_die)) { 1444 pr_debug_dtp(" global var\n"); 1445 1446 dloc->type_offset = offset; 1447 return 1; 1448 } 1449 pr_debug_dtp(" negative offset\n"); 1450 return -1; 1451 } 1452 } 1453 1454 pr_debug_dtp("\n"); 1455 return 0; 1456 } 1457 1458 /* Iterate instructions in basic blocks and update type table */ 1459 static int find_data_type_insn(struct data_loc_info *dloc, 1460 struct list_head *basic_blocks, 1461 struct die_var_type *var_types, 1462 Dwarf_Die *cu_die, Dwarf_Die *type_die) 1463 { 1464 struct type_state state; 1465 struct symbol *sym = dloc->ms->sym; 1466 struct annotation *notes = symbol__annotation(sym); 1467 struct annotated_basic_block *bb; 1468 int ret = 0; 1469 1470 init_type_state(&state, dloc->arch); 1471 1472 list_for_each_entry(bb, basic_blocks, list) { 1473 struct disasm_line *dl = bb->begin; 1474 1475 BUG_ON(bb->begin->al.offset == -1 || bb->end->al.offset == -1); 1476 1477 pr_debug_dtp("bb: [%"PRIx64" - %"PRIx64"]\n", 1478 bb->begin->al.offset, bb->end->al.offset); 1479 1480 list_for_each_entry_from(dl, ¬es->src->source, al.node) { 1481 u64 this_ip = sym->start + dl->al.offset; 1482 u64 addr = map__rip_2objdump(dloc->ms->map, this_ip); 1483 1484 /* Skip comment or debug info lines */ 1485 if (dl->al.offset == -1) 1486 continue; 1487 1488 /* Update variable type at this address */ 1489 update_var_state(&state, dloc, addr, dl->al.offset, var_types); 1490 1491 if (this_ip == dloc->ip) { 1492 ret = check_matching_type(&state, dloc, 1493 cu_die, type_die); 1494 goto out; 1495 } 1496 1497 /* Update type table after processing the instruction */ 1498 update_insn_state(&state, dloc, cu_die, dl); 1499 if (dl == bb->end) 1500 break; 1501 } 1502 } 1503 1504 out: 1505 exit_type_state(&state); 1506 return ret; 1507 } 1508 1509 /* 1510 * Construct a list of basic blocks for each scope with variables and try to find 1511 * the data type by updating a type state table through instructions. 1512 */ 1513 static int find_data_type_block(struct data_loc_info *dloc, 1514 Dwarf_Die *cu_die, Dwarf_Die *scopes, 1515 int nr_scopes, Dwarf_Die *type_die) 1516 { 1517 LIST_HEAD(basic_blocks); 1518 struct die_var_type *var_types = NULL; 1519 u64 src_ip, dst_ip, prev_dst_ip; 1520 int ret = -1; 1521 1522 /* TODO: other architecture support */ 1523 if (!arch__is(dloc->arch, "x86")) 1524 return -1; 1525 1526 prev_dst_ip = dst_ip = dloc->ip; 1527 for (int i = nr_scopes - 1; i >= 0; i--) { 1528 Dwarf_Addr base, start, end; 1529 LIST_HEAD(this_blocks); 1530 int found; 1531 1532 if (dwarf_ranges(&scopes[i], 0, &base, &start, &end) < 0) 1533 break; 1534 1535 pr_debug_dtp("scope: [%d/%d] (die:%lx)\n", 1536 i + 1, nr_scopes, (long)dwarf_dieoffset(&scopes[i])); 1537 src_ip = map__objdump_2rip(dloc->ms->map, start); 1538 1539 again: 1540 /* Get basic blocks for this scope */ 1541 if (annotate_get_basic_blocks(dloc->ms->sym, src_ip, dst_ip, 1542 &this_blocks) < 0) { 1543 /* Try previous block if they are not connected */ 1544 if (prev_dst_ip != dst_ip) { 1545 dst_ip = prev_dst_ip; 1546 goto again; 1547 } 1548 1549 pr_debug_dtp("cannot find a basic block from %"PRIx64" to %"PRIx64"\n", 1550 src_ip - dloc->ms->sym->start, 1551 dst_ip - dloc->ms->sym->start); 1552 continue; 1553 } 1554 prepend_basic_blocks(&this_blocks, &basic_blocks); 1555 1556 /* Get variable info for this scope and add to var_types list */ 1557 die_collect_vars(&scopes[i], &var_types); 1558 fixup_var_address(var_types, start); 1559 1560 /* Find from start of this scope to the target instruction */ 1561 found = find_data_type_insn(dloc, &basic_blocks, var_types, 1562 cu_die, type_die); 1563 if (found > 0) { 1564 char buf[64]; 1565 1566 if (dloc->op->multi_regs) 1567 snprintf(buf, sizeof(buf), "reg%d, reg%d", 1568 dloc->op->reg1, dloc->op->reg2); 1569 else 1570 snprintf(buf, sizeof(buf), "reg%d", dloc->op->reg1); 1571 1572 pr_debug_dtp("found by insn track: %#x(%s) type-offset=%#x\n", 1573 dloc->op->offset, buf, dloc->type_offset); 1574 pr_debug_type_name(type_die, TSR_KIND_TYPE); 1575 ret = 0; 1576 break; 1577 } 1578 1579 if (found < 0) 1580 break; 1581 1582 /* Go up to the next scope and find blocks to the start */ 1583 prev_dst_ip = dst_ip; 1584 dst_ip = src_ip; 1585 } 1586 1587 delete_basic_blocks(&basic_blocks); 1588 delete_var_types(var_types); 1589 return ret; 1590 } 1591 1592 /* The result will be saved in @type_die */ 1593 static int find_data_type_die(struct data_loc_info *dloc, Dwarf_Die *type_die) 1594 { 1595 struct annotated_op_loc *loc = dloc->op; 1596 Dwarf_Die cu_die, var_die; 1597 Dwarf_Die *scopes = NULL; 1598 int reg, offset; 1599 int ret = -1; 1600 int i, nr_scopes; 1601 int fbreg = -1; 1602 int fb_offset = 0; 1603 bool is_fbreg = false; 1604 u64 pc; 1605 char buf[64]; 1606 1607 if (dloc->op->multi_regs) 1608 snprintf(buf, sizeof(buf), "reg%d, reg%d", dloc->op->reg1, dloc->op->reg2); 1609 else if (dloc->op->reg1 == DWARF_REG_PC) 1610 snprintf(buf, sizeof(buf), "PC"); 1611 else 1612 snprintf(buf, sizeof(buf), "reg%d", dloc->op->reg1); 1613 1614 pr_debug_dtp("-----------------------------------------------------------\n"); 1615 pr_debug_dtp("find data type for %#x(%s) at %s+%#"PRIx64"\n", 1616 dloc->op->offset, buf, dloc->ms->sym->name, 1617 dloc->ip - dloc->ms->sym->start); 1618 1619 /* 1620 * IP is a relative instruction address from the start of the map, as 1621 * it can be randomized/relocated, it needs to translate to PC which is 1622 * a file address for DWARF processing. 1623 */ 1624 pc = map__rip_2objdump(dloc->ms->map, dloc->ip); 1625 1626 /* Get a compile_unit for this address */ 1627 if (!find_cu_die(dloc->di, pc, &cu_die)) { 1628 pr_debug_dtp("cannot find CU for address %"PRIx64"\n", pc); 1629 ann_data_stat.no_cuinfo++; 1630 return -1; 1631 } 1632 1633 reg = loc->reg1; 1634 offset = loc->offset; 1635 1636 pr_debug_dtp("CU for %s (die:%#lx)\n", 1637 dwarf_diename(&cu_die), (long)dwarf_dieoffset(&cu_die)); 1638 1639 if (reg == DWARF_REG_PC) { 1640 if (get_global_var_type(&cu_die, dloc, dloc->ip, dloc->var_addr, 1641 &offset, type_die)) { 1642 dloc->type_offset = offset; 1643 1644 pr_debug_dtp("found by addr=%#"PRIx64" type_offset=%#x\n", 1645 dloc->var_addr, offset); 1646 pr_debug_type_name(type_die, TSR_KIND_TYPE); 1647 ret = 0; 1648 goto out; 1649 } 1650 } 1651 1652 /* Get a list of nested scopes - i.e. (inlined) functions and blocks. */ 1653 nr_scopes = die_get_scopes(&cu_die, pc, &scopes); 1654 1655 if (reg != DWARF_REG_PC && dwarf_hasattr(&scopes[0], DW_AT_frame_base)) { 1656 Dwarf_Attribute attr; 1657 Dwarf_Block block; 1658 1659 /* Check if the 'reg' is assigned as frame base register */ 1660 if (dwarf_attr(&scopes[0], DW_AT_frame_base, &attr) != NULL && 1661 dwarf_formblock(&attr, &block) == 0 && block.length == 1) { 1662 switch (*block.data) { 1663 case DW_OP_reg0 ... DW_OP_reg31: 1664 fbreg = dloc->fbreg = *block.data - DW_OP_reg0; 1665 break; 1666 case DW_OP_call_frame_cfa: 1667 dloc->fb_cfa = true; 1668 if (die_get_cfa(dloc->di->dbg, pc, &fbreg, 1669 &fb_offset) < 0) 1670 fbreg = -1; 1671 break; 1672 default: 1673 break; 1674 } 1675 1676 pr_debug_dtp("frame base: cfa=%d fbreg=%d\n", 1677 dloc->fb_cfa, fbreg); 1678 } 1679 } 1680 1681 retry: 1682 is_fbreg = (reg == fbreg); 1683 if (is_fbreg) 1684 offset = loc->offset - fb_offset; 1685 1686 /* Search from the inner-most scope to the outer */ 1687 for (i = nr_scopes - 1; i >= 0; i--) { 1688 if (reg == DWARF_REG_PC) { 1689 if (!die_find_variable_by_addr(&scopes[i], dloc->var_addr, 1690 &var_die, &offset)) 1691 continue; 1692 } else { 1693 /* Look up variables/parameters in this scope */ 1694 if (!die_find_variable_by_reg(&scopes[i], pc, reg, 1695 &offset, is_fbreg, &var_die)) 1696 continue; 1697 } 1698 1699 /* Found a variable, see if it's correct */ 1700 ret = check_variable(dloc, &var_die, type_die, reg, offset, is_fbreg); 1701 if (ret == 0) { 1702 pr_debug_dtp("found \"%s\" in scope=%d/%d (die: %#lx) ", 1703 dwarf_diename(&var_die), i+1, nr_scopes, 1704 (long)dwarf_dieoffset(&scopes[i])); 1705 if (reg == DWARF_REG_PC) { 1706 pr_debug_dtp("addr=%#"PRIx64" type_offset=%#x\n", 1707 dloc->var_addr, offset); 1708 } else if (reg == DWARF_REG_FB || is_fbreg) { 1709 pr_debug_dtp("stack_offset=%#x type_offset=%#x\n", 1710 fb_offset, offset); 1711 } else { 1712 pr_debug_dtp("type_offset=%#x\n", offset); 1713 } 1714 pr_debug_location(&var_die, pc, reg); 1715 pr_debug_type_name(type_die, TSR_KIND_TYPE); 1716 } else { 1717 pr_debug_dtp("check variable \"%s\" failed (die: %#lx)\n", 1718 dwarf_diename(&var_die), 1719 (long)dwarf_dieoffset(&var_die)); 1720 pr_debug_location(&var_die, pc, reg); 1721 pr_debug_type_name(type_die, TSR_KIND_TYPE); 1722 } 1723 dloc->type_offset = offset; 1724 goto out; 1725 } 1726 1727 if (loc->multi_regs && reg == loc->reg1 && loc->reg1 != loc->reg2) { 1728 reg = loc->reg2; 1729 goto retry; 1730 } 1731 1732 if (reg != DWARF_REG_PC) { 1733 ret = find_data_type_block(dloc, &cu_die, scopes, 1734 nr_scopes, type_die); 1735 if (ret == 0) { 1736 ann_data_stat.insn_track++; 1737 goto out; 1738 } 1739 } 1740 1741 if (ret < 0) { 1742 pr_debug_dtp("no variable found\n"); 1743 ann_data_stat.no_var++; 1744 } 1745 1746 out: 1747 free(scopes); 1748 return ret; 1749 } 1750 1751 /** 1752 * find_data_type - Return a data type at the location 1753 * @dloc: data location 1754 * 1755 * This functions searches the debug information of the binary to get the data 1756 * type it accesses. The exact location is expressed by (ip, reg, offset) 1757 * for pointer variables or (ip, addr) for global variables. Note that global 1758 * variables might update the @dloc->type_offset after finding the start of the 1759 * variable. If it cannot find a global variable by address, it tried to find 1760 * a declaration of the variable using var_name. In that case, @dloc->offset 1761 * won't be updated. 1762 * 1763 * It return %NULL if not found. 1764 */ 1765 struct annotated_data_type *find_data_type(struct data_loc_info *dloc) 1766 { 1767 struct annotated_data_type *result = NULL; 1768 struct dso *dso = map__dso(dloc->ms->map); 1769 Dwarf_Die type_die; 1770 1771 dloc->di = debuginfo__new(dso__long_name(dso)); 1772 if (dloc->di == NULL) { 1773 pr_debug_dtp("cannot get the debug info\n"); 1774 return NULL; 1775 } 1776 1777 /* 1778 * The type offset is the same as instruction offset by default. 1779 * But when finding a global variable, the offset won't be valid. 1780 */ 1781 dloc->type_offset = dloc->op->offset; 1782 1783 dloc->fbreg = -1; 1784 1785 if (find_data_type_die(dloc, &type_die) < 0) 1786 goto out; 1787 1788 result = dso__findnew_data_type(dso, &type_die); 1789 1790 out: 1791 debuginfo__delete(dloc->di); 1792 return result; 1793 } 1794 1795 static int alloc_data_type_histograms(struct annotated_data_type *adt, int nr_entries) 1796 { 1797 int i; 1798 size_t sz = sizeof(struct type_hist); 1799 1800 sz += sizeof(struct type_hist_entry) * adt->self.size; 1801 1802 /* Allocate a table of pointers for each event */ 1803 adt->histograms = calloc(nr_entries, sizeof(*adt->histograms)); 1804 if (adt->histograms == NULL) 1805 return -ENOMEM; 1806 1807 /* 1808 * Each histogram is allocated for the whole size of the type. 1809 * TODO: Probably we can move the histogram to members. 1810 */ 1811 for (i = 0; i < nr_entries; i++) { 1812 adt->histograms[i] = zalloc(sz); 1813 if (adt->histograms[i] == NULL) 1814 goto err; 1815 } 1816 1817 adt->nr_histograms = nr_entries; 1818 return 0; 1819 1820 err: 1821 while (--i >= 0) 1822 zfree(&(adt->histograms[i])); 1823 zfree(&adt->histograms); 1824 return -ENOMEM; 1825 } 1826 1827 static void delete_data_type_histograms(struct annotated_data_type *adt) 1828 { 1829 for (int i = 0; i < adt->nr_histograms; i++) 1830 zfree(&(adt->histograms[i])); 1831 1832 zfree(&adt->histograms); 1833 adt->nr_histograms = 0; 1834 } 1835 1836 void annotated_data_type__tree_delete(struct rb_root *root) 1837 { 1838 struct annotated_data_type *pos; 1839 1840 while (!RB_EMPTY_ROOT(root)) { 1841 struct rb_node *node = rb_first(root); 1842 1843 rb_erase(node, root); 1844 pos = rb_entry(node, struct annotated_data_type, node); 1845 delete_members(&pos->self); 1846 delete_data_type_histograms(pos); 1847 zfree(&pos->self.type_name); 1848 free(pos); 1849 } 1850 } 1851 1852 /** 1853 * annotated_data_type__update_samples - Update histogram 1854 * @adt: Data type to update 1855 * @evsel: Event to update 1856 * @offset: Offset in the type 1857 * @nr_samples: Number of samples at this offset 1858 * @period: Event count at this offset 1859 * 1860 * This function updates type histogram at @ofs for @evsel. Samples are 1861 * aggregated before calling this function so it can be called with more 1862 * than one samples at a certain offset. 1863 */ 1864 int annotated_data_type__update_samples(struct annotated_data_type *adt, 1865 struct evsel *evsel, int offset, 1866 int nr_samples, u64 period) 1867 { 1868 struct type_hist *h; 1869 1870 if (adt == NULL) 1871 return 0; 1872 1873 if (adt->histograms == NULL) { 1874 int nr = evsel->evlist->core.nr_entries; 1875 1876 if (alloc_data_type_histograms(adt, nr) < 0) 1877 return -1; 1878 } 1879 1880 if (offset < 0 || offset >= adt->self.size) 1881 return -1; 1882 1883 h = adt->histograms[evsel->core.idx]; 1884 1885 h->nr_samples += nr_samples; 1886 h->addr[offset].nr_samples += nr_samples; 1887 h->period += period; 1888 h->addr[offset].period += period; 1889 return 0; 1890 } 1891 1892 static void print_annotated_data_header(struct hist_entry *he, struct evsel *evsel) 1893 { 1894 struct dso *dso = map__dso(he->ms.map); 1895 int nr_members = 1; 1896 int nr_samples = he->stat.nr_events; 1897 int width = 7; 1898 const char *val_hdr = "Percent"; 1899 1900 if (evsel__is_group_event(evsel)) { 1901 struct hist_entry *pair; 1902 1903 list_for_each_entry(pair, &he->pairs.head, pairs.node) 1904 nr_samples += pair->stat.nr_events; 1905 } 1906 1907 printf("Annotate type: '%s' in %s (%d samples):\n", 1908 he->mem_type->self.type_name, dso__name(dso), nr_samples); 1909 1910 if (evsel__is_group_event(evsel)) { 1911 struct evsel *pos; 1912 int i = 0; 1913 1914 for_each_group_evsel(pos, evsel) 1915 printf(" event[%d] = %s\n", i++, pos->name); 1916 1917 nr_members = evsel->core.nr_members; 1918 } 1919 1920 if (symbol_conf.show_total_period) { 1921 width = 11; 1922 val_hdr = "Period"; 1923 } else if (symbol_conf.show_nr_samples) { 1924 width = 7; 1925 val_hdr = "Samples"; 1926 } 1927 1928 printf("============================================================================\n"); 1929 printf("%*s %10s %10s %s\n", (width + 1) * nr_members, val_hdr, 1930 "offset", "size", "field"); 1931 } 1932 1933 static void print_annotated_data_value(struct type_hist *h, u64 period, int nr_samples) 1934 { 1935 double percent = h->period ? (100.0 * period / h->period) : 0; 1936 const char *color = get_percent_color(percent); 1937 1938 if (symbol_conf.show_total_period) 1939 color_fprintf(stdout, color, " %11" PRIu64, period); 1940 else if (symbol_conf.show_nr_samples) 1941 color_fprintf(stdout, color, " %7d", nr_samples); 1942 else 1943 color_fprintf(stdout, color, " %7.2f", percent); 1944 } 1945 1946 static void print_annotated_data_type(struct annotated_data_type *mem_type, 1947 struct annotated_member *member, 1948 struct evsel *evsel, int indent) 1949 { 1950 struct annotated_member *child; 1951 struct type_hist *h = mem_type->histograms[evsel->core.idx]; 1952 int i, nr_events = 1, samples = 0; 1953 u64 period = 0; 1954 int width = symbol_conf.show_total_period ? 11 : 7; 1955 1956 for (i = 0; i < member->size; i++) { 1957 samples += h->addr[member->offset + i].nr_samples; 1958 period += h->addr[member->offset + i].period; 1959 } 1960 print_annotated_data_value(h, period, samples); 1961 1962 if (evsel__is_group_event(evsel)) { 1963 struct evsel *pos; 1964 1965 for_each_group_member(pos, evsel) { 1966 h = mem_type->histograms[pos->core.idx]; 1967 1968 samples = 0; 1969 period = 0; 1970 for (i = 0; i < member->size; i++) { 1971 samples += h->addr[member->offset + i].nr_samples; 1972 period += h->addr[member->offset + i].period; 1973 } 1974 print_annotated_data_value(h, period, samples); 1975 } 1976 nr_events = evsel->core.nr_members; 1977 } 1978 1979 printf(" %10d %10d %*s%s\t%s", 1980 member->offset, member->size, indent, "", member->type_name, 1981 member->var_name ?: ""); 1982 1983 if (!list_empty(&member->children)) 1984 printf(" {\n"); 1985 1986 list_for_each_entry(child, &member->children, node) 1987 print_annotated_data_type(mem_type, child, evsel, indent + 4); 1988 1989 if (!list_empty(&member->children)) 1990 printf("%*s}", (width + 1) * nr_events + 24 + indent, ""); 1991 printf(";\n"); 1992 } 1993 1994 int hist_entry__annotate_data_tty(struct hist_entry *he, struct evsel *evsel) 1995 { 1996 print_annotated_data_header(he, evsel); 1997 print_annotated_data_type(he->mem_type, &he->mem_type->self, evsel, 0); 1998 printf("\n"); 1999 2000 /* move to the next entry */ 2001 return '>'; 2002 } 2003