This is an archive of the discontinued LLVM Phabricator instance.

Differential D58952

[llvm] Skip over empty line table entries.
ClosedPublic

Authored by mtrofin on Mar 4 2019, 10:07 PM.

Details

Reviewers
dblaikie
friss
JDevlieghere
Commits
rG2c3ab665393c: [llvm] Skip over empty line table entries.
rL356265: [llvm] Skip over empty line table entries.
rG0c29402eb406: [llvm] Skip over empty line table entries.
rL355972: [llvm] Skip over empty line table entries.
Summary

This is similar to how addr2line handles consecutive entries with the
same address - pick the last one.

Diff Detail

Event Timeline

mtrofin created this revision.Mar 4 2019, 10:07 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 4 2019, 10:07 PM
Herald added subscribers: llvm-commits, jdoerfert, rupprecht, hiraditya. · View Herald Transcript
mtrofin added a reviewer: dblaikie.Mar 4 2019, 10:07 PM
Harbormaster completed remote builds in B28788: Diff 189277.Mar 4 2019, 10:10 PM
mtrofin updated this revision to Diff 189278.Mar 4 2019, 10:37 PM
  • Fix search.
Harbormaster completed remote builds in B28789: Diff 189278.Mar 4 2019, 10:37 PM
dblaikie added a project: debug-info.Mar 6 2019, 9:15 AM
dblaikie added subscribers: aprantl, probinson, JDevlieghere.
dblaikie added a comment.Mar 6 2019, 9:36 AM

Might be worth a separate/targeted test with some of the interesting edge cases? (like empty range at the end of the sequence, etc)

llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
875–876

I'd probably flip these conditions - even though there is the last row (so RowPos + 1 is valid here), I think it'd read a bit better, maybe?

Also - what happens if the empty range is at the end (eg: LastRowIndex address == second-to-LastRowIndex address)? Maybe that's already handled by the "containsPC" test above?

aprantl added reviewers: friss, JDevlieghere.Mar 6 2019, 12:54 PM

@JDevlieghere since this is in general code: Could this affect dsymutil at all?

aprantl added a comment.Mar 6 2019, 12:59 PM

@JDevlieghere since this is in general code: Could this affect dsymutil at all?

llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
871

Doesn't the DWARF spec require all PC values in the line table to be strictly monotonically increasing? How is it possible to have more than one entry at the same address?

probinson added inline comments.Mar 6 2019, 1:59 PM
llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
871

The DWARF spec's model is based on increasing PC values, however the encoding allows advancing PC by 0. So it's entirely possible to have a line table that (for example) advances line by 2 and PC by 0.

dblaikie added a subscriber: echristo.Mar 6 2019, 2:01 PM
dblaikie added inline comments.
llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
871

I couldn't find specific wording about that - but please do take a look, quite possible I missed it.

LLVM's been generating line tables like this for a while (the test updates show evidence of that) & it might be justifiable to fix this code even if it's technically invalid DWARF, given how long we've been generating it. (to my mind, it is wasted DWARF - it doesn't describe any location, so I think it should be correct to remove it if we wanted to, but not a high priority bug (@echristo reckons there might be consumers using these empty ranges to find the start of a function or the like))

probinson added inline comments.Mar 6 2019, 2:27 PM
llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
871

The non-normative text on the first couple pages of section 6.2 describe the line table as notionally "a large matrix, with one row for each instruction" (p.149 of DWARF 5). However, the normative text describes how special opcodes are formed (section 6.2.5.1, pp. 160-162) without requiring "operation advance" to be nonzero. This permits a special opcode to increment the line number without changing the (address, op_index) tuple.
It's skating on thin ice because DWARF doesn't explicitly give a meaning to this, but the encoding allows it.

aprantl added inline comments.Mar 6 2019, 2:36 PM
llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
871

That's quite interesting for a completely unrelated reason: If the linetable encoding actually supports more than one entry per PC, we could change the implementation of getMergedLocation to emit both locations and then teach the debugger to disambiguate the locations based on DW_AT_call_* information or something.

it might be justifiable to fix this code even if it's technically invalid DWARF, given how long we've been generating it.

Agreed.

dblaikie added inline comments.Mar 6 2019, 2:42 PM
llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
871

I don't know/think I'd say "the linetable encoding actually supports more than one entry per PC"

I think each pair of addresses in the line table is the half-open range [X, Y), so if you have two lines after each other you have [X, X) - I would argue that is the empty range (it certainly is with C++ iterators, for instance), not X. So it doesn't describe any addresses at all.

probinson added inline comments.Mar 6 2019, 2:52 PM
llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
871

Not so fast... We don't encode the line table until deep in the bowels of the assembler. getMergedLocation is working out what to attach to an IR instruction, which doesn't know how to attach more than one location. Teach it that first, and getMergedLocation can return you a list.
It will confuse the heck out of consumers that aren't expecting it, and this will be especially weird for profilers.
I think this particular dark corner of the spec might be exploitable, but it won't be smooth going.

As far as the current patch is concerned, I am uncertain. Having addr2line do something consistent seems likely to do more good than harm, but I can imagine this could cause some confusion in other clients.

probinson added inline comments.Mar 6 2019, 2:59 PM
llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
871

Treating the zero-increment case as an empty range has some appeal. However, it can be confusing. You tell the debugger to plant a breakpoint on foo(), which the debugger will tell you is on line 12; and yet when you hit said breakpoint, you're told that address is on line 15, because things got folded and optimized and the instruction range for lines 12-14 has gone to nothing.
Maybe we hand-wave that away as "what do you expect from optimized code" but it's still not a great debugging experience.

dblaikie added inline comments.Mar 6 2019, 3:11 PM
llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
871

Treating the zero-increment case as an empty range has some appeal. However, it can be confusing. You tell the debugger to plant a breakpoint on foo(), which the debugger will tell you is on line 12; and yet when you hit said breakpoint, you're told that address is on line 15, because things got folded and optimized and the instruction range for lines 12-14 has gone to nothing.
Maybe we hand-wave that away as "what do you expect from optimized code" but it's still not a great debugging experience.

I'm not sure I follow this - the line table maps instructions to source locations. If there are no instructions there's nothing to map - I'm pretty sure LLVM's weird zero-length line table range is because of this (set the location, emit no instructions, set the location, emit insntructions - so you end up with the two entries and no locations between them). So DWARF's representation here is pretty clear - if nothing in your function causes instructions until 10 lines in - that's where you first break when you enter the function.

If you say "break foo" - the debugger can tell you, "foo is declared at line 3 (from the DW_TAG_subprogram) and the first instruction is on line 10, which is where you'll break".

Pretty sure GCC doesn't do anything like this, and gas... hmm, nope, actually GCC and gas both do do this thing, producing two line entries at the start of functions that have nothing in the prologue.

All the more reason to support parsing them and interpreting them the same way addr2line does - even if we did decide to change Clang's behavior not to generate these.

probinson added a comment.Mar 6 2019, 4:07 PM

I'm not sure I follow this - the line table maps instructions to source locations. If there are no instructions there's nothing to map

That's the intent. However, in practice it maps instruction *addresses* to source locations. Let's say you have a table that decodes to

0x0100  line 12
0x0100  line 14
0x0104  line 15

Go through looking for address 0x0100, you get an exact match that returns line 12 (why bother looking ahead to see whether the interval is empty?).
But look for address 0x0101 and you get line 14.

I'm arguing myself into agreeing with you that the extra work to look for a non-empty interval is probably a good thing; however this is something that each consumer will have to understand to do for itself.

dblaikie added a comment.Mar 6 2019, 4:12 PM
In D58952#1420776, @probinson wrote:

I'm not sure I follow this - the line table maps instructions to source locations. If there are no instructions there's nothing to map

That's the intent. However, in practice it maps instruction *addresses* to source locations.

Well, in practice it's unspecified what it means - so we can look at this and come up with different interpretations. Mine is to interpret these as half open intervals - in which case [100, 100) is empty and you keep searching, then you find [100, 104) and that contains the address you're looking for.

Let's say you have a table that decodes to

0x0100  line 12
0x0100  line 14
0x0104  line 15

Go through looking for address 0x0100, you get an exact match that returns line 12 (why bother looking ahead to see whether the interval is empty?).
But look for address 0x0101 and you get line 14.

I'm arguing myself into agreeing with you that the extra work to look for a non-empty interval is probably a good thing; however this is something that each consumer will have to understand to do for itself.

JDevlieghere added a comment.Mar 6 2019, 4:46 PM

@aprantl This doesn't seem to affect dsymutil. I compared clang output with and without this patch just to be sure.

aprantl added a comment.Mar 6 2019, 4:49 PM

So just for the record, I'm fine with making this kind of change in case this got lost in the noise :-)

probinson added a comment.Mar 7 2019, 6:41 AM
In D58952#1420777, @dblaikie wrote:
In D58952#1420776, @probinson wrote:

I'm not sure I follow this - the line table maps instructions to source locations. If there are no instructions there's nothing to map

That's the intent. However, in practice it maps instruction *addresses* to source locations.

Well, in practice it's unspecified what it means - so we can look at this and come up with different interpretations. Mine is to interpret these as half open intervals - in which case [100, 100) is empty and you keep searching, then you find [100, 104) and that contains the address you're looking for.

Understood, but if you're walking through the line-number program looking for address 100, and you find it as an exact match, on what grounds do you require the consumer to continue looking? The consumer does not know the interval is empty unless they keep looking past the exact match. The line-number program opcodes do not tell you about ranges, they only tell you about address-to-source mappings for individual addresses.

Now, if the consumer is fully parsing the line table, and (one assumes) converting to some other internal representation, then they'll find an empty range, and have to figure out what to do with it. In that case, is throwing away the empty range really always the right thing to do? Ignoring them for address-to-source mapping seems quite reasonable, but ignoring them for source-to-address mapping ("break on line 12") seems like unnecessarily throwing information away.

dblaikie added a comment.Mar 7 2019, 10:34 AM
In D58952#1421508, @probinson wrote:
In D58952#1420777, @dblaikie wrote:
In D58952#1420776, @probinson wrote:

I'm not sure I follow this - the line table maps instructions to source locations. If there are no instructions there's nothing to map

That's the intent. However, in practice it maps instruction *addresses* to source locations.

Well, in practice it's unspecified what it means - so we can look at this and come up with different interpretations. Mine is to interpret these as half open intervals - in which case [100, 100) is empty and you keep searching, then you find [100, 104) and that contains the address you're looking for.

Understood, but if you're walking through the line-number program looking for address 100, and you find it as an exact match, on what grounds do you require the consumer to continue looking?

I don't require it - this is in unspecified territory. My interpretation is that the line table describes regions of instructions with half-open ranges.

The consumer does not know the interval is empty unless they keep looking past the exact match. The line-number program opcodes do not tell you about ranges, they only tell you about address-to-source mappings for individual addresses.

My understanding is that the source location applies to all instructions between two entries. (hence why there's an "end of sequence" entry - which describes the one-past-the-end address, not because it's saying anything about the source at that address (the range is open at that end), but because it's terminating the previous range)

If you were searching for 101 you'd keep going from 100 to find the 104 and then conclude that the entry at 100 applies to 100, 101 (what you care about), 102, and 103 (not 99, nor 104).

I'm suggesting it could come out quite naturally from an implementation scanning forward and looking at ranges, not to special case the exact match of 100 - and to scan for ranges, and test inclusion within those ranges.

Now, if the consumer is fully parsing the line table, and (one assumes) converting to some other internal representation, then they'll find an empty range, and have to figure out what to do with it. In that case, is throwing away the empty range really always the right thing to do?

My interpretation (not backed up by the spec - this is unspecified) is that yes, throwing it away is accurate, because the line table represents an address to source mapping and this entry describes a mapping from zero instructions.

Ignoring them for address-to-source mapping seems quite reasonable, but ignoring them for source-to-address mapping ("break on line 12") seems like unnecessarily throwing information away.

My interpretation is that there is no information here. LLVM said "the following instructions are at line 12" then emitted no instructions and went on to say "the following instructions are at line 15" and then emitted instructions - I think it'd be inappropriate (I can't say incorrect, because the spec doesn't say) to conclude that the instructions on line 15 have any relationship to line 12.

mtrofin updated this revision to Diff 190145.Mar 11 2019, 1:16 PM
  • Fix search.
  • Empty ranges testcase
Herald added a subscriber: ormris. · View Herald TranscriptMar 11 2019, 1:16 PM
Harbormaster completed remote builds in B29001: Diff 190145.Mar 11 2019, 1:19 PM
dblaikie added inline comments.Mar 11 2019, 3:35 PM
llvm/test/tools/llvm-symbolizer/only-empty-ranges.s
5–10

Could you include a comment describing (potentially quoting from llvm-dwarfdump output, stripping extraneous columns, line table header (but keep the line table column titles), etc) what the line table looks like & where the empty range ambiguities arise?

mtrofin updated this revision to Diff 190196.Mar 11 2019, 6:44 PM
  • improved test
Harbormaster completed remote builds in B29023: Diff 190196.Mar 11 2019, 6:47 PM
dblaikie accepted this revision.Mar 12 2019, 8:15 AM

Great - thanks for your patience!

This revision is now accepted and ready to land.Mar 12 2019, 8:15 AM
Closed by commit rL355972: [llvm] Skip over empty line table entries. (authored by mtrofin). · Explain WhyMar 12 2019, 1:50 PM
This revision was automatically updated to reflect the committed changes.
vitalybuka reopened this revision.Mar 12 2019, 5:50 PM
vitalybuka added a subscriber: vitalybuka.

The patch breaks PPC and Arm bots
http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-android/builds/20295/steps/run%20lit%20tests%20%5Baarch64%2Faosp_marlin-userdebug%2FPI%5D/logs/stdio

This revision is now accepted and ready to land.Mar 12 2019, 5:50 PM
vitalybuka added a comment.Mar 12 2019, 5:56 PM

Before the patch:

=31747==ERROR: AddressSanitizer: stack-use-after-scope on address 0x007ffd652170 at pc 0x000135f69ae4 bp 0x007ffd6520a0 sp 0x007ffd652098
READ of size 4 at 0x007ffd652170 thread T0
    #0 0x135f69ae0 in main::$_0::operator()() const /usr/local/google/home/vitalybuka/src/bbot/llvm/projects/compiler-rt/test/asan/TestCases/use-after-scope-capture.cc:11:14
    #1 0x135f69a90 in __invoke<(lambda at /usr/local/google/home/vitalybuka/src/bbot/llvm/projects/compiler-rt/test/asan/TestCases/use-after-scope-capture.cc:10:9) &> /usr/local/google/home/vitalybuka/src/bbot/android_ndk/standalone-aarch64/lib/gcc/aarch64-linux-android/4.9.x/../../../../include/c++/4.9.x/type_traits:4323:1
    #2 0x135f69a90 in int std::__ndk1::__invoke_void_return_wrapper<int>::__call<main::$_0&>(main::$_0&) /usr/local/google/home/vitalybuka/src/bbot/android_ndk/standalone-aarch64/lib/gcc/aarch64-linux-android/4.9.x/../../../../include/c++/4.9.x/__functional_base:318
    #3 0x135f699b8 in std::__ndk1::__function::__func<main::$_0, std::__ndk1::allocator<main::$_0>, int ()>::operator()() /usr/local/google/home/vitalybuka/src/bbot/android_ndk/standalone-aarch64/lib/gcc/aarch64-linux-android/4.9.x/../../../../include/c++/4.9.x/functional:1562:12
    #4 0x135f69b7c in std::__ndk1::function<int ()>::operator()() const /usr/local/google/home/vitalybuka/src/bbot/android_ndk/standalone-aarch64/lib/gcc/aarch64-linux-android/4.9.x/../../../../include/c++/4.9.x/functional:1924:12
    #5 0x135f693b0 in main /usr/local/google/home/vitalybuka/src/bbot/llvm/projects/compiler-rt/test/asan/TestCases/use-after-scope-capture.cc:16:10
    #6 0x7f836b88ec in __libc_init (/system/lib64/libc.so+0x1b8ec)
    #7 0x135f6926c in do_arm64_start (/data/local/tmp/Output/usr/local/google/home/vitalybuka/src/bbot/compiler_rt_build_android_aarch64/test/asan/AARCH64AndroidConfig/TestCases/Output/use-after-scope-capture.cc.tmp+0x126c)

After this patch:

=================================================================
==29475==ERROR: AddressSanitizer: stack-use-after-scope on address 0x007fdb2866d0 at pc 0x000102b50ae4 bp 0x007fdb286600 sp 0x007fdb2865f8
READ of size 4 at 0x007fdb2866d0 thread T0
    #0 0x102b50ae0 in main::$_0::operator()() const /usr/local/google/home/vitalybuka/src/bbot/android_ndk/standalone-aarch64/lib/gcc/aarch64-linux-android/4.9.x/../../../../include/c++/4.9.x/memory:2062
    #1 0x102b50a90 in __invoke<(lambda at /usr/local/google/home/vitalybuka/src/bbot/llvm/projects/compiler-rt/test/asan/TestCases/use-after-scope-capture.cc:10:9) &> /usr/local/google/home/vitalybuka/src/bbot/android_ndk/standalone-aarch64/lib/gcc/aarch64-linux-android/4.9.x/../../../../include/c++/4.9.x/type_traits:4323:1
    #2 0x102b50a90 in int std::__ndk1::__invoke_void_return_wrapper<int>::__call<main::$_0&>(main::$_0&) /usr/local/google/home/vitalybuka/src/bbot/android_ndk/standalone-aarch64/lib/gcc/aarch64-linux-android/4.9.x/../../../../include/c++/4.9.x/__functional_base:318
    #3 0x102b509b8 in std::__ndk1::__function::__func<main::$_0, std::__ndk1::allocator<main::$_0>, int ()>::operator()() /usr/local/google/home/vitalybuka/src/bbot/android_ndk/standalone-aarch64/lib/gcc/aarch64-linux-android/4.9.x/../../../../include/c++/4.9.x/functional:1562:12
    #4 0x102b50b7c in std::__ndk1::function<int ()>::operator()() const /usr/local/google/home/vitalybuka/src/bbot/android_ndk/standalone-aarch64/lib/gcc/aarch64-linux-android/4.9.x/../../../../include/c++/4.9.x/functional:1924:12
    #5 0x102b503b0 in main /usr/local/google/home/vitalybuka/src/bbot/llvm/projects/compiler-rt/test/asan/TestCases/use-after-scope-capture.cc:16:10
    #6 0x7fa5d658ec in __libc_init (/system/lib64/libc.so+0x1b8ec)
    #7 0x102b5026c in do_arm64_start (/data/local/tmp/Output/usr/local/google/home/vitalybuka/src/bbot/compiler_rt_build_android_aarch64/test/asan/AARCH64AndroidConfig/TestCases/Output/use-after-scope-capture.cc.tmp+0x126c)

Address 0x007fdb2866d0 is located in stack of thread T0 at offset 112 in frame
    #0 0x102b50294 in main /usr/local/google/home/vitalybuka/src/bbot/llvm/projects/compiler-rt/test/asan/TestCases/use-after-scope-capture.cc:6
vitalybuka added a subscriber: eugenis.Mar 12 2019, 6:08 PM

FYI: @eugenis (sanitizer-build-cop)

ormris removed a subscriber: ormris.Mar 12 2019, 6:13 PM
eugenis added a comment.Mar 12 2019, 6:36 PM

Reverted in r356001.

mtrofin updated this revision to Diff 190554.Mar 13 2019, 6:41 PM
  • Revert "Revert "[llvm] Skip over empty line table entries.""
  • Handle cases when query address is between ranges.
Harbormaster completed remote builds in B29123: Diff 190554.Mar 13 2019, 6:41 PM
dblaikie added a comment.Mar 14 2019, 1:07 PM

Hmm, trying to stare at this function it's confusing me a fair bit. I'd expect this to be more obvious/legible than it is, but it's possible I'm just misunderstanding.

For instance, I don't know how this bit of code:

if (RowPos->Address.Address > Address.Address) {

Ever happens - if the initial condition in the function (Seq.containsPC(Address)) is satisfied.

Similarly I think:

while (RowPos + 1 < LastRow && RowPos->Address.Address == (RowPos + 1)->Address.Address) {

I /think/ this loop should never exit through the first condition, again, if Seq.containtsPC(Address) is true - since we searched for an address that is within the sequence, we can't have been sorting for the address in the last row (because that address isn't in the sequence - because it's half open (exclusive of the last element)).

I hope this can all be simplified a bit. I'm thinking something like...

if (!containsPC)
  return Unknown
RowPos = lower_bound
if (RowPos->Address != Address)
  --RowPos; //no further bounds checking needed - could have some asserts (because if the sequence contains the address, and the row we find is > the address, it must have an earlier row
while (next(RowPos)->Address == RowPos->Address) //again, no bounds checking required, RowPos can't be the last row here for similar reasons
  ++RowPos
return Seq.FirstRowIndex + (RowPos - FirstRow);

Does this seem OK? Does it not account for some cases?

llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
890–891

I'd still be inclined to describe this as "a zero-length address range" or similar, rather than two entries for the same address - though I realize that gets into the weird semantic debate murky waters so maybe it's not worth worrying about.

892

'wrte'? Is that a typo of 'wrt'?

894

'empty ranges' perhaps? (since each row itself doesn't represent a thing that is empty/non-empty - it's pairs of rows that define ranges and those ranges can be empty)

896

s/having had/having/ I think reads more smoothly?

llvm/test/tools/llvm-symbolizer/only-empty-ranges.s
23

line /2/, col 12 I think? (

26–27

Not only the closest with a lower address, but the one that describes that range.

eg: 0x4 or 0x5 shouldn't be described by line 3, column 3 - they aren't described by this line table at all, even though it's the "closest line with a lower address".

30–31

"the last one" sounds like "the last one of the empty ranges" which isn't quite right - we want to ignore all the empty ranges and pick the range that covers 0x3 (necessarily a non-empty one).

mtrofin updated this revision to Diff 190754.Mar 14 2019, 4:49 PM
mtrofin marked 8 inline comments as done.

Simplify code

Harbormaster completed remote builds in B29186: Diff 190754.Mar 14 2019, 4:49 PM
dblaikie accepted this revision.Mar 14 2019, 5:40 PM

Thanks a bunch - looks good to me.

I take it the added test coverage covers the case that was broken the firstn time this was committed? But were you also able to reproduce that original failure locally with compiler-rt or wherever it was? & have you verified that scenario (check-compiler-rt, or, again, whatever it was - I'm just guessing roughly from the emails I saw) is completely passing now with this change? (in case there were other "interesting" situations that scenario trips over)

mtrofin added a comment.Mar 15 2019, 7:58 AM
In D58952#1430291, @dblaikie wrote:

Thanks a bunch - looks good to me.

I take it the added test coverage covers the case that was broken the firstn time this was committed? But were you also able to reproduce that original failure locally with compiler-rt or wherever it was? & have you verified that scenario (check-compiler-rt, or, again, whatever it was - I'm just guessing roughly from the emails I saw) is completely passing now with this change? (in case there were other "interesting" situations that scenario trips over)

Vitaly helped me with getting the aarch64 binary involved in the test built locally (thanks again!), and from there, I was able to identify this issue by inspecting the bot report and symbols in the local binary. I don't have an arm/ppc 'test rig' so I didn't do a real, full repro (meaning, running the binary with asan enabled, etc). The arm/ppc failures appeared to come from the same root cause (this one), based on the error. I feel comfortable submitting this at this point.

llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp
890–891

I'd have to tie it back to the fact that there are successive entries with the same address, which explains the following loop. Leaving it as-is.

Closed by commit rL356265: [llvm] Skip over empty line table entries. (authored by mtrofin). · Explain WhyMar 15 2019, 8:01 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
lib/
DebugInfo/
DWARF/
7 lines
test/
tools/
llvm-symbolizer/
2 lines
213 lines
4 lines

Diff 190196

llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp

Show First 20 LinesShow All 862 Lines▼ Show 20 Linesuint32_t DWARFDebugLine::LineTable::findRowInSeq(
// Search for instruction address in the rows describing the sequence. // Search for instruction address in the rows describing the sequence.
// Rows are stored in a vector, so we may use arithmetical operations with // Rows are stored in a vector, so we may use arithmetical operations with
// iterators. // iterators.
DWARFDebugLine::Row Row; DWARFDebugLine::Row Row;
Row.Address = Address; Row.Address = Address;
RowIter FirstRow = Rows.begin() + Seq.FirstRowIndex; RowIter FirstRow = Rows.begin() + Seq.FirstRowIndex;
RowIter LastRow = Rows.begin() + Seq.LastRowIndex; RowIter LastRow = Rows.begin() + Seq.LastRowIndex;
LineTable::RowIter RowPos = std::lower_bound( LineTable::RowIter RowPos = std::lower_bound(
FirstRow, LastRow, Row, DWARFDebugLine::Row::orderByAddress); FirstRow, LastRow, Row, DWARFDebugLine::Row::orderByAddress);
aprantlUnsubmitted
Not Done
ReplyInline Actions

Doesn't the DWARF spec require all PC values in the line table to be strictly monotonically increasing? How is it possible to have more than one entry at the same address?

aprantl: Doesn't the DWARF spec require all PC values in the line table to be strictly monotonically…
probinsonUnsubmitted
Not Done
ReplyInline Actions

The DWARF spec's model is based on increasing PC values, however the encoding allows advancing PC by 0. So it's entirely possible to have a line table that (for example) advances line by 2 and PC by 0.

probinson: The DWARF spec's model is based on increasing PC values, however the encoding allows advancing…
dblaikieUnsubmitted
Not Done
ReplyInline Actions

I couldn't find specific wording about that - but please do take a look, quite possible I missed it.

LLVM's been generating line tables like this for a while (the test updates show evidence of that) & it might be justifiable to fix this code even if it's technically invalid DWARF, given how long we've been generating it. (to my mind, it is wasted DWARF - it doesn't describe any location, so I think it should be correct to remove it if we wanted to, but not a high priority bug (@echristo reckons there might be consumers using these empty ranges to find the start of a function or the like))

dblaikie: I couldn't find specific wording about that - but please do take a look, quite possible I…
probinsonUnsubmitted
Not Done
ReplyInline Actions

The non-normative text on the first couple pages of section 6.2 describe the line table as notionally "a large matrix, with one row for each instruction" (p.149 of DWARF 5). However, the normative text describes how special opcodes are formed (section 6.2.5.1, pp. 160-162) without requiring "operation advance" to be nonzero. This permits a special opcode to increment the line number without changing the (address, op_index) tuple.
It's skating on thin ice because DWARF doesn't explicitly give a meaning to this, but the encoding allows it.

probinson: The non-normative text on the first couple pages of section 6.2 describe the line table as…
aprantlUnsubmitted
Not Done
ReplyInline Actions

That's quite interesting for a completely unrelated reason: If the linetable encoding actually supports more than one entry per PC, we could change the implementation of getMergedLocation to emit both locations and then teach the debugger to disambiguate the locations based on DW_AT_call_* information or something.

it might be justifiable to fix this code even if it's technically invalid DWARF, given how long we've been generating it.

Agreed.

aprantl: That's quite interesting for a completely unrelated reason: If the linetable encoding actually…
dblaikieUnsubmitted
Not Done
ReplyInline Actions

I don't know/think I'd say "the linetable encoding actually supports more than one entry per PC"

I think each pair of addresses in the line table is the half-open range [X, Y), so if you have two lines after each other you have [X, X) - I would argue that is the empty range (it certainly is with C++ iterators, for instance), not X. So it doesn't describe any addresses at all.

dblaikie: I don't know/think I'd say "the linetable encoding actually supports more than one entry per…
probinsonUnsubmitted
Not Done
ReplyInline Actions

Treating the zero-increment case as an empty range has some appeal. However, it can be confusing. You tell the debugger to plant a breakpoint on foo(), which the debugger will tell you is on line 12; and yet when you hit said breakpoint, you're told that address is on line 15, because things got folded and optimized and the instruction range for lines 12-14 has gone to nothing.
Maybe we hand-wave that away as "what do you expect from optimized code" but it's still not a great debugging experience.

probinson: Treating the zero-increment case as an empty range has some appeal. However, it can be…
dblaikieUnsubmitted
Not Done
ReplyInline Actions

Treating the zero-increment case as an empty range has some appeal. However, it can be confusing. You tell the debugger to plant a breakpoint on foo(), which the debugger will tell you is on line 12; and yet when you hit said breakpoint, you're told that address is on line 15, because things got folded and optimized and the instruction range for lines 12-14 has gone to nothing.
Maybe we hand-wave that away as "what do you expect from optimized code" but it's still not a great debugging experience.

I'm not sure I follow this - the line table maps instructions to source locations. If there are no instructions there's nothing to map - I'm pretty sure LLVM's weird zero-length line table range is because of this (set the location, emit no instructions, set the location, emit insntructions - so you end up with the two entries and no locations between them). So DWARF's representation here is pretty clear - if nothing in your function causes instructions until 10 lines in - that's where you first break when you enter the function.

If you say "break foo" - the debugger can tell you, "foo is declared at line 3 (from the DW_TAG_subprogram) and the first instruction is on line 10, which is where you'll break".

Pretty sure GCC doesn't do anything like this, and gas... hmm, nope, actually GCC and gas both do do this thing, producing two line entries at the start of functions that have nothing in the prologue.

All the more reason to support parsing them and interpreting them the same way addr2line does - even if we did decide to change Clang's behavior not to generate these.

dblaikie: > Treating the zero-increment case as an empty range has some appeal. However, it can be…
probinsonUnsubmitted
Not Done
ReplyInline Actions

Not so fast... We don't encode the line table until deep in the bowels of the assembler. getMergedLocation is working out what to attach to an IR instruction, which doesn't know how to attach more than one location. Teach it that first, and getMergedLocation can return you a list.
It will confuse the heck out of consumers that aren't expecting it, and this will be especially weird for profilers.
I think this particular dark corner of the spec might be exploitable, but it won't be smooth going.

As far as the current patch is concerned, I am uncertain. Having addr2line do something consistent seems likely to do more good than harm, but I can imagine this could cause some confusion in other clients.

probinson: Not so fast... We don't encode the line table until deep in the bowels of the assembler.
if (RowPos == LastRow) { if (RowPos == LastRow) {
return Seq.LastRowIndex - 1; return Seq.LastRowIndex - 1;
} }
// In some cases, e.g. first instruction in a function, the compiler generates
// two entries, both with the same address. We want the last one.
dblaikieUnsubmitted
Not Done
ReplyInline Actions

I'd probably flip these conditions - even though there is the last row (so RowPos + 1 is valid here), I think it'd read a bit better, maybe?

Also - what happens if the empty range is at the end (eg: LastRowIndex address == second-to-LastRowIndex address)? Maybe that's already handled by the "containsPC" test above?

dblaikie: I'd probably flip these conditions - even though there is the last row (so RowPos + 1 is valid…
while (RowPos + 1 < LastRow &&
RowPos->Address.Address == (RowPos + 1)->Address.Address) {
++RowPos;
}
assert(RowPos < LastRow);
assert(Seq.SectionIndex == RowPos->Address.SectionIndex); assert(Seq.SectionIndex == RowPos->Address.SectionIndex);
uint32_t Index = Seq.FirstRowIndex + (RowPos - FirstRow); uint32_t Index = Seq.FirstRowIndex + (RowPos - FirstRow);
if (RowPos->Address.Address > Address.Address) { if (RowPos->Address.Address > Address.Address) {
if (RowPos == FirstRow) if (RowPos == FirstRow)
return UnknownRowIndex; return UnknownRowIndex;
else else
Index--; Index--;
} }
return Index; return Index;
} }
dblaikieUnsubmitted
Done
ReplyInline Actions

I'd still be inclined to describe this as "a zero-length address range" or similar, rather than two entries for the same address - though I realize that gets into the weird semantic debate murky waters so maybe it's not worth worrying about.

dblaikie: I'd still be inclined to describe this as "a zero-length address range" or similar, rather than…
mtrofinAuthorUnsubmitted
Done
ReplyInline Actions

I'd have to tie it back to the fact that there are successive entries with the same address, which explains the following loop. Leaving it as-is.

mtrofin: I'd have to tie it back to the fact that there are successive entries with the same address…
dblaikieUnsubmitted
Done
ReplyInline Actions

'wrte'? Is that a typo of 'wrt'?

dblaikie: 'wrte'? Is that a typo of 'wrt'?
uint32_t DWARFDebugLine::LineTable::lookupAddress( uint32_t DWARFDebugLine::LineTable::lookupAddress(
object::SectionedAddress Address) const { object::SectionedAddress Address) const {
dblaikieUnsubmitted
Done
ReplyInline Actions

'empty ranges' perhaps? (since each row itself doesn't represent a thing that is empty/non-empty - it's pairs of rows that define ranges and those ranges can be empty)

dblaikie: 'empty ranges' perhaps? (since each row itself doesn't represent a thing that is empty/non…
// Search for relocatable addresses // Search for relocatable addresses
dblaikieUnsubmitted
Done
ReplyInline Actions

s/having had/having/ I think reads more smoothly?

dblaikie: s/having had/having/ I think reads more smoothly?
uint32_t Result = lookupAddressImpl(Address); uint32_t Result = lookupAddressImpl(Address);
if (Result != UnknownRowIndex || if (Result != UnknownRowIndex ||
Address.SectionIndex == object::SectionedAddress::UndefSection) Address.SectionIndex == object::SectionedAddress::UndefSection)
return Result; return Result;
// Search for absolute addresses // Search for absolute addresses
Address.SectionIndex = object::SectionedAddress::UndefSection; Address.SectionIndex = object::SectionedAddress::UndefSection;
▲ Show 20 LinesShow All 262 LinesShow Last 20 Lines

llvm/test/tools/llvm-symbolizer/fission-ranges.test

RUN: llvm-symbolizer --obj=%p/Inputs/fission-ranges.elf-x86_64 0x720 | FileCheck %s RUN: llvm-symbolizer --obj=%p/Inputs/fission-ranges.elf-x86_64 0x720 | FileCheck %s
CHECK: main CHECK: main
CHECK-NEXT: {{.*}}fission-ranges.cc:6 CHECK-NEXT: {{.*}}fission-ranges.cc:2

llvm/test/tools/llvm-symbolizer/only-empty-ranges.s

  • This file was added.
# REQUIRES: x86-registered-target
# RUN: llvm-mc -filetype=obj -triple=x86_64-pc-linux %s -o %t.o
# RUN: llvm-symbolizer 0x0 0x3 0x4 --obj=%t.o | FileCheck %s
# This test makes sure we don't attempt to access out of the line table boundaries
# if the last range is empty.
# Produced from the following program:
# int func(int a) {
# return 1 + a;
# }
# compiled with clang -O3 -g -S
dblaikieUnsubmitted
Not Done
ReplyInline Actions

Could you include a comment describing (potentially quoting from llvm-dwarfdump output, stripping extraneous columns, line table header (but keep the line table column titles), etc) what the line table looks like & where the empty range ambiguities arise?

dblaikie: Could you include a comment describing (potentially quoting from llvm-dwarfdump output…
# Edited by adding a redundant, empty last range.
# The line table (llvm-dwarfdump --debug-line) looks like:
#
# Address Line Column File ISA Discriminator Flags
# ------------------ ------ ------ ------ --- ------------- -------------
# 0x0000000000000000 1 0 1 0 0 is_stmt
# 0x0000000000000000 2 12 1 0 0 is_stmt prologue_end
# 0x0000000000000003 2 3 1 0 0
# 0x0000000000000003 3 3 1 0 0
# 0x0000000000000004 3 3 1 0 0 end_sequence
#
# CHECK: func
# CHECK: /scratch/a.cpp:2:12
dblaikieUnsubmitted
Done
ReplyInline Actions

line /2/, col 12 I think? (

dblaikie: line /2/, col 12 I think? (
# CHECK: func
# CHECK: /scratch/a.cpp:3:3
# CHECK: ??
# CHECK: ??:0:0
dblaikieUnsubmitted
Done
ReplyInline Actions

Not only the closest with a lower address, but the one that describes that range.

eg: 0x4 or 0x5 shouldn't be described by line 3, column 3 - they aren't described by this line table at all, even though it's the "closest line with a lower address".

dblaikie: Not only the closest with a lower address, but the one that describes that range. eg: 0x4 or…
.text
.file "a.cpp"
.globl _Z4funci # -- Begin function _Z4funci
dblaikieUnsubmitted
Done
ReplyInline Actions

"the last one" sounds like "the last one of the empty ranges" which isn't quite right - we want to ignore all the empty ranges and pick the range that covers 0x3 (necessarily a non-empty one).

dblaikie: "the last one" sounds like "the last one of the empty ranges" which isn't quite right - we want…
.p2align 4, 0x90
.type _Z4funci,@function
_Z4funci: # @_Z4funci
.Lfunc_begin0:
.file 1 "/llvm-project" "/scratch/a.cpp"
.loc 1 1 0 # /scratch/a.cpp:1:0
.cfi_startproc
# %bb.0:
#DEBUG_VALUE: func:a <- $edi
# kill: def $edi killed $edi def $rdi
#DEBUG_VALUE: func:a <- $edi
.loc 1 2 12 prologue_end # /scratch/a.cpp:2:12
leal 1(%rdi), %eax
.loc 1 2 3 # /scratch/a.cpp:2:3
.loc 1 3 3 is_stmt 0 # this forms an empty range torgether with the previous.
retq
.Ltmp0:
.Lfunc_end0:
.size _Z4funci, .Lfunc_end0-_Z4funci
.cfi_endproc
# -- End function
.section .debug_str,"MS",@progbits,1
.Linfo_string0:
.asciz "clang version 7.0.1-6 (tags/RELEASE_701/final)" # string offset=0
.Linfo_string1:
.asciz "/scratch/a.cpp" # string offset=47
.Linfo_string2:
.asciz "/llvm-project" # string offset=97
.Linfo_string3:
.asciz "_Z4funci" # string offset=146
.Linfo_string4:
.asciz "func" # string offset=155
.Linfo_string5:
.asciz "int" # string offset=160
.Linfo_string6:
.asciz "a" # string offset=164
.section .debug_loc,"",@progbits
.Ldebug_loc0:
.quad .Lfunc_begin0-.Lfunc_begin0
.quad .Lfunc_end0-.Lfunc_begin0
.short 1 # Loc expr size
.byte 85 # super-register DW_OP_reg5
.quad 0
.quad 0
.section .debug_abbrev,"",@progbits
.byte 1 # Abbreviation Code
.byte 17 # DW_TAG_compile_unit
.byte 1 # DW_CHILDREN_yes
.byte 37 # DW_AT_producer
.byte 14 # DW_FORM_strp
.byte 19 # DW_AT_language
.byte 5 # DW_FORM_data2
.byte 3 # DW_AT_name
.byte 14 # DW_FORM_strp
.byte 16 # DW_AT_stmt_list
.byte 23 # DW_FORM_sec_offset
.byte 27 # DW_AT_comp_dir
.byte 14 # DW_FORM_strp
.ascii "\264B" # DW_AT_GNU_pubnames
.byte 25 # DW_FORM_flag_present
.byte 17 # DW_AT_low_pc
.byte 1 # DW_FORM_addr
.byte 18 # DW_AT_high_pc
.byte 6 # DW_FORM_data4
.byte 0 # EOM(1)
.byte 0 # EOM(2)
.byte 2 # Abbreviation Code
.byte 46 # DW_TAG_subprogram
.byte 1 # DW_CHILDREN_yes
.byte 17 # DW_AT_low_pc
.byte 1 # DW_FORM_addr
.byte 18 # DW_AT_high_pc
.byte 6 # DW_FORM_data4
.byte 64 # DW_AT_frame_base
.byte 24 # DW_FORM_exprloc
.byte 110 # DW_AT_linkage_name
.byte 14 # DW_FORM_strp
.byte 3 # DW_AT_name
.byte 14 # DW_FORM_strp
.byte 58 # DW_AT_decl_file
.byte 11 # DW_FORM_data1
.byte 59 # DW_AT_decl_line
.byte 11 # DW_FORM_data1
.byte 73 # DW_AT_type
.byte 19 # DW_FORM_ref4
.byte 63 # DW_AT_external
.byte 25 # DW_FORM_flag_present
.byte 0 # EOM(1)
.byte 0 # EOM(2)
.byte 3 # Abbreviation Code
.byte 5 # DW_TAG_formal_parameter
.byte 0 # DW_CHILDREN_no
.byte 2 # DW_AT_location
.byte 23 # DW_FORM_sec_offset
.byte 3 # DW_AT_name
.byte 14 # DW_FORM_strp
.byte 58 # DW_AT_decl_file
.byte 11 # DW_FORM_data1
.byte 59 # DW_AT_decl_line
.byte 11 # DW_FORM_data1
.byte 73 # DW_AT_type
.byte 19 # DW_FORM_ref4
.byte 0 # EOM(1)
.byte 0 # EOM(2)
.byte 4 # Abbreviation Code
.byte 36 # DW_TAG_base_type
.byte 0 # DW_CHILDREN_no
.byte 3 # DW_AT_name
.byte 14 # DW_FORM_strp
.byte 62 # DW_AT_encoding
.byte 11 # DW_FORM_data1
.byte 11 # DW_AT_byte_size
.byte 11 # DW_FORM_data1
.byte 0 # EOM(1)
.byte 0 # EOM(2)
.byte 0 # EOM(3)
.section .debug_info,"",@progbits
.Lcu_begin0:
.long 91 # Length of Unit
.short 4 # DWARF version number
.long .debug_abbrev # Offset Into Abbrev. Section
.byte 8 # Address Size (in bytes)
.byte 1 # Abbrev [1] 0xb:0x54 DW_TAG_compile_unit
.long .Linfo_string0 # DW_AT_producer
.short 4 # DW_AT_language
.long .Linfo_string1 # DW_AT_name
.long .Lline_table_start0 # DW_AT_stmt_list
.long .Linfo_string2 # DW_AT_comp_dir
# DW_AT_GNU_pubnames
.quad .Lfunc_begin0 # DW_AT_low_pc
.long .Lfunc_end0-.Lfunc_begin0 # DW_AT_high_pc
.byte 2 # Abbrev [2] 0x2a:0x2d DW_TAG_subprogram
.quad .Lfunc_begin0 # DW_AT_low_pc
.long .Lfunc_end0-.Lfunc_begin0 # DW_AT_high_pc
.byte 1 # DW_AT_frame_base
.byte 87
.long .Linfo_string3 # DW_AT_linkage_name
.long .Linfo_string4 # DW_AT_name
.byte 1 # DW_AT_decl_file
.byte 1 # DW_AT_decl_line
.long 87 # DW_AT_type
# DW_AT_external
.byte 3 # Abbrev [3] 0x47:0xf DW_TAG_formal_parameter
.long .Ldebug_loc0 # DW_AT_location
.long .Linfo_string6 # DW_AT_name
.byte 1 # DW_AT_decl_file
.byte 1 # DW_AT_decl_line
.long 87 # DW_AT_type
.byte 0 # End Of Children Mark
.byte 4 # Abbrev [4] 0x57:0x7 DW_TAG_base_type
.long .Linfo_string5 # DW_AT_name
.byte 5 # DW_AT_encoding
.byte 4 # DW_AT_byte_size
.byte 0 # End Of Children Mark
.section .debug_macinfo,"",@progbits
.byte 0 # End Of Macro List Mark
.section .debug_pubnames,"",@progbits
.long .LpubNames_end0-.LpubNames_begin0 # Length of Public Names Info
.LpubNames_begin0:
.short 2 # DWARF Version
.long .Lcu_begin0 # Offset of Compilation Unit Info
.long 95 # Compilation Unit Length
.long 42 # DIE offset
.asciz "func" # External Name
.long 0 # End Mark
.LpubNames_end0:
.section .debug_pubtypes,"",@progbits
.long .LpubTypes_end0-.LpubTypes_begin0 # Length of Public Types Info
.LpubTypes_begin0:
.short 2 # DWARF Version
.long .Lcu_begin0 # Offset of Compilation Unit Info
.long 95 # Compilation Unit Length
.long 87 # DIE offset
.asciz "int" # External Name
.long 0 # End Mark
.LpubTypes_end0:
.ident "clang version 7.0.1-6 (tags/RELEASE_701/final)"
.section ".note.GNU-stack","",@progbits
.addrsig
.section .debug_line,"",@progbits
.Lline_table_start0:

llvm/test/tools/llvm-symbolizer/sym-verbose.test

Show All 13 Lines
RUN: llvm-symbolizer -verbose -print-address -obj=%p/Inputs/discrim < %p/Inputs/discrim.inp | FileCheck %s RUN: llvm-symbolizer -verbose -print-address -obj=%p/Inputs/discrim < %p/Inputs/discrim.inp | FileCheck %s
#CHECK: some text #CHECK: some text
#CHECK: 0x400590 #CHECK: 0x400590
#CHECK-NEXT: foo #CHECK-NEXT: foo
#CHECK-NEXT: Filename: /tmp{{[\\/]}}discrim.c #CHECK-NEXT: Filename: /tmp{{[\\/]}}discrim.c
#CHECK-NEXT: Function start line: 4 #CHECK-NEXT: Function start line: 4
#CHECK-NEXT: Line: 9 #CHECK-NEXT: Line: 5
#CHECK-NEXT: Column: 0 #CHECK-NEXT: Column: 7
#CHECK-NEXT: main #CHECK-NEXT: main
#CHECK-NEXT: Filename: /tmp{{[\\/]}}discrim.c #CHECK-NEXT: Filename: /tmp{{[\\/]}}discrim.c
#CHECK-NEXT: Function start line: 9 #CHECK-NEXT: Function start line: 9
#CHECK-NEXT: Line: 10 #CHECK-NEXT: Line: 10
#CHECK-NEXT: Column: 0 #CHECK-NEXT: Column: 0
#CHECK: 0x4005a5 #CHECK: 0x4005a5
#CHECK-NEXT: foo #CHECK-NEXT: foo
▲ Show 20 LinesShow All 66 LinesShow Last 20 Lines