This is an archive of the discontinued LLVM Phabricator instance.

Differential D124492

Update CFA to be in terms of $sp instead of $fp when $fp is overwritten in epilogue on AArch64
ClosedPublic

Authored by jasonmolenda on Apr 26 2022, 5:46 PM.

Details

Reviewers
jingham
JDevlieghere
Commits
rGdf552edb08c4: Update the CFA to use $sp when $fp is restored on arm64
Summary

When we can the instructions of an AArch64 to create an unwind plan, and we see an instruction to add a value to $fp and assign it to $sp, lldb recognizes this as meaning that CFA is now set in terms of $sp. e.g.

28: 0xd10043bf sub sp, x29, #0x10
32: 0xa9417bfd ldp x29, x30, [sp, #0x10]

This is a common method used in clang codegen. But clang will sometimes overwrite $fp by restoring it from the stack, to the caller's $fp value. At this point, lldb is still expressing the CFA in terms of $fp but $fp is now the caller's $fp and our CFA value changes, which can confuse the stepper algorithms.

This change recognizes the restoring of $fp to mean the CFA should switch back to $sp. e.g.

12: 0xa9417bfd ldp x29, x30, [sp, #0x10]
16: 0x910083ff add sp, sp, #0x20

Backtraces are not impacted; we get all of the register values correct, but because the CFA changes, stepping algorithms can get confused and stop in the middle of the epilogue.

Diff Detail

Event Timeline

jasonmolenda created this revision.Apr 26 2022, 5:46 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 26 2022, 5:46 PM
Herald added a subscriber: kristof.beyls. · View Herald Transcript
jasonmolenda requested review of this revision.Apr 26 2022, 5:46 PM
Herald added a subscriber: lldb-commits. · View Herald TranscriptApr 26 2022, 5:46 PM
Harbormaster completed remote builds in B161505: Diff 425369.Apr 26 2022, 5:47 PM
jasonmolenda updated this revision to Diff 425901.Apr 28 2022, 2:09 PM

cleanup patch to remove an unintended diff.

Harbormaster completed remote builds in B161873: Diff 425901.Apr 28 2022, 2:12 PM
JDevlieghere accepted this revision.May 4 2022, 1:11 PM

I'm far from an expert on this but the change makes sense to me and has good test coverage. LGTM.

This revision is now accepted and ready to land.May 4 2022, 1:11 PM
Closed by commit rGdf552edb08c4: Update the CFA to use $sp when $fp is restored on arm64 (authored by jasonmolenda). · Explain WhyMay 4 2022, 2:54 PM
This revision was automatically updated to reflect the committed changes.
jasonmolenda added a commit: rGdf552edb08c4: Update the CFA to use $sp when $fp is restored on arm64.
jasonmolenda mentioned this in rGa6553d97df39: Remove expected fail for TestStepNoDebug on AArch64.May 4 2022, 3:28 PM

Revision Contents

PathSize
lldb/
source/
Plugins/
UnwindAssembly/
InstEmulation/
20 lines
unittests/
UnwindAssembly/
ARM64/
62 lines

Diff 427149

lldb/source/Plugins/UnwindAssembly/InstEmulation/UnwindAssemblyInstEmulation.cpp

Show First 20 LinesShow All 608 Lines▼ Show 20 Lines if (reg_num != LLDB_INVALID_REGNUM &&
generic_regnum != LLDB_REGNUM_GENERIC_SP) { generic_regnum != LLDB_REGNUM_GENERIC_SP) {
switch (context.info_type) { switch (context.info_type) {
case EmulateInstruction::eInfoTypeAddress: case EmulateInstruction::eInfoTypeAddress:
if (m_pushed_regs.find(reg_num) != m_pushed_regs.end() && if (m_pushed_regs.find(reg_num) != m_pushed_regs.end() &&
context.info.address == m_pushed_regs[reg_num]) { context.info.address == m_pushed_regs[reg_num]) {
m_curr_row->SetRegisterLocationToSame(reg_num, m_curr_row->SetRegisterLocationToSame(reg_num,
false /*must_replace*/); false /*must_replace*/);
m_curr_row_modified = true; m_curr_row_modified = true;
// FP has been restored to its original value, we are back
// to using SP to calculate the CFA.
if (m_fp_is_cfa) {
m_fp_is_cfa = false;
RegisterInfo sp_reg_info;
lldb::RegisterKind sp_reg_kind = eRegisterKindGeneric;
uint32_t sp_reg_num = LLDB_REGNUM_GENERIC_SP;
m_inst_emulator_up->GetRegisterInfo(sp_reg_kind, sp_reg_num,
sp_reg_info);
RegisterValue sp_reg_val;
if (GetRegisterValue(sp_reg_info, sp_reg_val)) {
m_cfa_reg_info = sp_reg_info;
const uint32_t cfa_reg_num =
sp_reg_info.kinds[m_unwind_plan_ptr->GetRegisterKind()];
assert(cfa_reg_num != LLDB_INVALID_REGNUM);
m_curr_row->GetCFAValue().SetIsRegisterPlusOffset(
cfa_reg_num, m_initial_sp - sp_reg_val.GetAsUInt64());
}
}
} }
break; break;
case EmulateInstruction::eInfoTypeISA: case EmulateInstruction::eInfoTypeISA:
assert( assert(
(generic_regnum == LLDB_REGNUM_GENERIC_PC || (generic_regnum == LLDB_REGNUM_GENERIC_PC ||
generic_regnum == LLDB_REGNUM_GENERIC_FLAGS) && generic_regnum == LLDB_REGNUM_GENERIC_FLAGS) &&
"eInfoTypeISA used for popping a register other the PC/FLAGS"); "eInfoTypeISA used for popping a register other the PC/FLAGS");
if (generic_regnum != LLDB_REGNUM_GENERIC_FLAGS) { if (generic_regnum != LLDB_REGNUM_GENERIC_FLAGS) {
▲ Show 20 LinesShow All 51 LinesShow Last 20 Lines

lldb/unittests/UnwindAssembly/ARM64/TestArm64InstEmulation.cpp

Show First 20 LinesShow All 772 Lines▼ Show 20 LinesTEST_F(TestArm64InstEmulation, TestCFARegisterTrackedAcrossJumps) {
// defining the CFA in terms of $sp. // defining the CFA in terms of $sp.
row_sp = unwind_plan.GetRowForFunctionOffset(64); row_sp = unwind_plan.GetRowForFunctionOffset(64);
EXPECT_EQ(64ull, row_sp->GetOffset()); EXPECT_EQ(64ull, row_sp->GetOffset());
EXPECT_TRUE(row_sp->GetCFAValue().GetRegisterNumber() == gpr_sp_arm64); EXPECT_TRUE(row_sp->GetCFAValue().GetRegisterNumber() == gpr_sp_arm64);
EXPECT_TRUE(row_sp->GetCFAValue().IsRegisterPlusOffset() == true); EXPECT_TRUE(row_sp->GetCFAValue().IsRegisterPlusOffset() == true);
EXPECT_EQ(32, row_sp->GetCFAValue().GetOffset()); EXPECT_EQ(32, row_sp->GetCFAValue().GetOffset());
} }
TEST_F(TestArm64InstEmulation, TestCFAResetToSP) {
ArchSpec arch("arm64-apple-ios15");
std::unique_ptr<UnwindAssemblyInstEmulation> engine(
static_cast<UnwindAssemblyInstEmulation *>(
UnwindAssemblyInstEmulation::CreateInstance(arch)));
ASSERT_NE(nullptr, engine);
UnwindPlan::RowSP row_sp;
AddressRange sample_range;
UnwindPlan unwind_plan(eRegisterKindLLDB);
UnwindPlan::Row::RegisterLocation regloc;
// The called_from_nodebug() from TestStepNoDebug.py
// Most of the previous unit tests have $sp being set as
// $fp plus an offset, and the unwinder recognizes that
// as a CFA change. This codegen overwrites $fp and we
// need to know that CFA is now in terms of $sp.
uint8_t data[] = {
// prologue
0xff, 0x83, 0x00, 0xd1, // 0: 0xd10083ff sub sp, sp, #0x20
0xfd, 0x7b, 0x01, 0xa9, // 4: 0xa9017bfd stp x29, x30, [sp, #0x10]
0xfd, 0x43, 0x00, 0x91, // 8: 0x910043fd add x29, sp, #0x10
// epilogue
0xfd, 0x7b, 0x41, 0xa9, // 12: 0xa9417bfd ldp x29, x30, [sp, #0x10]
0xff, 0x83, 0x00, 0x91, // 16: 0x910083ff add sp, sp, #0x20
0xc0, 0x03, 0x5f, 0xd6, // 20: 0xd65f03c0 ret
};
// UnwindPlan we expect:
// row[0]: 0: CFA=sp +0 =>
// row[1]: 4: CFA=sp+32 =>
// row[2]: 8: CFA=sp+32 => fp=[CFA-16] lr=[CFA-8]
// row[3]: 12: CFA=fp+16 => fp=[CFA-16] lr=[CFA-8]
// row[4]: 16: CFA=sp+32 => x0= <same> fp= <same> lr= <same>
// row[5]: 20: CFA=sp +0 => x0= <same> fp= <same> lr= <same>
// The specific issue we're testing for is after the
// ldp x29, x30, [sp, #0x10]
// when $fp and $lr have been restored to the original values,
// the CFA is now set in terms of the stack pointer. If it is
// left as being in terms of the frame pointer, $fp now has the
// caller function's $fp value and our StackID will be wrong etc.
sample_range = AddressRange(0x1000, sizeof(data));
EXPECT_TRUE(engine->GetNonCallSiteUnwindPlanFromAssembly(
sample_range, data, sizeof(data), unwind_plan));
// Confirm CFA before epilogue instructions is in terms of $fp
row_sp = unwind_plan.GetRowForFunctionOffset(12);
EXPECT_EQ(12ull, row_sp->GetOffset());
EXPECT_TRUE(row_sp->GetCFAValue().GetRegisterNumber() == gpr_fp_arm64);
EXPECT_TRUE(row_sp->GetCFAValue().IsRegisterPlusOffset() == true);
// Confirm that after restoring $fp to caller's value, CFA is now in
// terms of $sp
row_sp = unwind_plan.GetRowForFunctionOffset(16);
EXPECT_EQ(16ull, row_sp->GetOffset());
EXPECT_TRUE(row_sp->GetCFAValue().GetRegisterNumber() == gpr_sp_arm64);
EXPECT_TRUE(row_sp->GetCFAValue().IsRegisterPlusOffset() == true);
}