This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/
-
lib/DebugInfo/DWARF/
-
DebugInfo/
-
DWARF/
1/2
DWARFDebugFrame.cpp
-
test/DebugInfo/X86/
-
DebugInfo/
-
X86/
-
debug-frame-cie-id-dwarf64.s
-
eh-frame-cie-id.s

Differential D73886

[DebugInfo] Refine the condition to detect CIEs.
ClosedPublic

Authored by ikudrin on Feb 3 2020, 6:08 AM.

Download Raw Diff

Details

Reviewers

probinson
dblaikie
aprantl

Commits

rG1a837569db3b: [DebugInfo] Refine the condition to detect CIEs.

Summary

The condition was not accurate enough and could interpret some FDEs in .eh_frame or 64-bit DWARF .debug_frame sections as CIEs. Even though such FDEs are unlikely in a normal situation, the wrong interpretation could hide an issue in a buggy generator.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

ikudrin created this revision.Feb 3 2020, 6:08 AM

Herald added a subscriber: hiraditya. · View Herald TranscriptFeb 3 2020, 6:08 AM

ikudrin added a child revision: D73887: [DebugInfo] Do not truncate 64-bit values when dumping CIEs and FDEs..Feb 3 2020, 6:17 AM

aprantl added inline comments.Feb 3 2020, 9:43 AM

llvm/lib/DebugInfo/DWARF/DWARFDebugFrame.cpp
395	Is there any way to break this up into subexpressions and helper variables that would make this condition more easy to follow?

ikudrin marked an inline comment as done.Feb 3 2020, 5:54 PM

ikudrin added inline comments.

llvm/lib/DebugInfo/DWARF/DWARFDebugFrame.cpp
395	What about this? bool IsCIE = (!IsEH && !IsDWARF64 && Id == DW_CIE_ID) \|\| (!IsEH && IsDWARF64 && Id == DW64_CIE_ID) \|\| (IsEH && !Id); Or we may define a helper method, `CIE::getCIEId()`, like in D73887.

Simplified the condition by using a function that returns an appropriate CIE id.

ikudrin mentioned this in D73887: [DebugInfo] Do not truncate 64-bit values when dumping CIEs and FDEs..Feb 14 2020, 7:26 AM

Ping.

The two tests look like they have an FDE with no preceding CIE? Isn't that invalid?

Well, in one test that's on purpose, but the other one looks like it's being handled as if the input were actually valid.

In D73886#1891998, @probinson wrote:

The two tests look like they have an FDE with no preceding CIE? Isn't that invalid?

The inputs are for sure invalid. The idea was to check that our consumer does not misinterpret them as valid CIEs as it did before the patch.

Well, in one test that's on purpose, but the other one looks like it's being handled as if the input were actually valid.

We allow FDEs without CIEs in .debug_frame, for good or bad. However, that is out of the scope of this patch.

Hmmm. I guess the next question is, do we have to bail out when something doesn't look right? Or can we keep going?
If we see an FDE with no preceding CIE, yes that's something we should report, but the not --crash tells me we are abandoning attempts to continue dumping the section. Does one of your other patches address this?

In D73886#1893606, @probinson wrote:

Hmmm. I guess the next question is, do we have to bail out when something doesn't look right? Or can we keep going?
If we see an FDE with no preceding CIE, yes that's something we should report, but the not --crash tells me we are abandoning attempts to continue dumping the section. Does one of your other patches address this?

DWARFDebugFrame::parse() tends to call report_fatal_error() in case of any trouble; that was initially added in https://reviews.llvm.org/rG705085da37eed9557202ff1e86f9462842ef7af9 and than extended in D15535 (https://reviews.llvm.org/rG03a670c0ec1d38de8c206de1426340041f10f8ff).

While I agree that the parser should not crash the program on invalid input, resolving that lays a bit far away from my current intentions, which are just to add support for 64-bit values here.

Fixed section flags in the test.

Ping.

@probinson, do you suggest to change the intended behavior to crash on incorrect input before fixing this issue?

In D73886#1904675, @ikudrin wrote:

Ping.

@probinson, do you suggest to change the intended behavior to crash on incorrect input before fixing this issue?

There is a longer-term effort to make parsing more tolerant, but I see that this is existing behavior in handling .debug_frame and you should not be required to fix it before committing this patch. However, I would appreciate it if you would file a bug about this, mentioning the eh-frame-cie-id.s test, so that the people trying to clean up the parsing behavior can be aware of it.

File that bug and LGTM.

This revision is now accepted and ready to land.Mar 4 2020, 7:55 AM

Thanks!

Here is the bug report.

Closed by commit rG1a837569db3b: [DebugInfo] Refine the condition to detect CIEs. (authored by ikudrin). · Explain WhyMar 5 2020, 3:19 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

llvm/

lib/

DebugInfo/

DWARF/

DWARFDebugFrame.cpp

17 lines

test/

DebugInfo/

X86/

debug-frame-cie-id-dwarf64.s

16 lines

eh-frame-cie-id.s

15 lines

Diff 248418

llvm/lib/DebugInfo/DWARF/DWARFDebugFrame.cpp

Show First 20 Lines • Show All 279 Lines • ▼ Show 20 Lines	for (const auto &Instr : Instructions) {
OS.indent(2 * IndentLevel);		OS.indent(2 * IndentLevel);
OS << CallFrameString(Opcode, Arch) << ":";		OS << CallFrameString(Opcode, Arch) << ":";
for (unsigned i = 0; i < Instr.Ops.size(); ++i)		for (unsigned i = 0; i < Instr.Ops.size(); ++i)
printOperand(OS, MRI, IsEH, Instr, i, Instr.Ops[i]);		printOperand(OS, MRI, IsEH, Instr, i, Instr.Ops[i]);
OS << '\n';		OS << '\n';
}		}
}		}

		// Returns the CIE identifier to be used by the requested format.
		// CIE ids for .debug_frame sections are defined in Section 7.24 of DWARFv5.
		// For CIE ID in .eh_frame sections see
		// https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/ehframechpt.html
		constexpr uint64_t getCIEId(bool IsDWARF64, bool IsEH) {
		if (IsEH)
		return 0;
		if (IsDWARF64)
		return DW64_CIE_ID;
		return DW_CIE_ID;
		}

void CIE::dump(raw_ostream &OS, const MCRegisterInfo *MRI, bool IsEH) const {		void CIE::dump(raw_ostream &OS, const MCRegisterInfo *MRI, bool IsEH) const {
OS << format("%08x %08x %08x CIE", (uint32_t)Offset, (uint32_t)Length,		OS << format("%08x %08x %08x CIE", (uint32_t)Offset, (uint32_t)Length,
IsEH ? 0 : DW_CIE_ID)		IsEH ? 0 : DW_CIE_ID)
<< "\n";		<< "\n";
OS << format(" Version: %d\n", Version);		OS << format(" Version: %d\n", Version);
OS << " Augmentation: \"" << Augmentation << "\"\n";		OS << " Augmentation: \"" << Augmentation << "\"\n";
if (Version >= 4) {		if (Version >= 4) {
OS << format(" Address size: %u\n", (uint32_t)AddressSize);		OS << format(" Address size: %u\n", (uint32_t)AddressSize);
▲ Show 20 Lines • Show All 78 Lines • ▼ Show 20 Lines	while (Data.isValidOffset(Offset)) {
// past the end of the structure (needed to know how many instructions to		// past the end of the structure (needed to know how many instructions to
// read).		// read).
uint64_t StartStructureOffset = Offset;		uint64_t StartStructureOffset = Offset;
uint64_t EndStructureOffset = Offset + Length;		uint64_t EndStructureOffset = Offset + Length;

// The Id field's size depends on the DWARF format		// The Id field's size depends on the DWARF format
bool IsDWARF64 = Format == DWARF64;		bool IsDWARF64 = Format == DWARF64;
Id = Data.getRelocatedValue((IsDWARF64 && !IsEH) ? 8 : 4, &Offset);		Id = Data.getRelocatedValue((IsDWARF64 && !IsEH) ? 8 : 4, &Offset);
bool IsCIE =		if (Id == getCIEId(IsDWARF64, IsEH)) {
((IsDWARF64 && Id == DW64_CIE_ID) \|\| Id == DW_CIE_ID \|\| (IsEH && !Id));

if (IsCIE) {
uint8_t Version = Data.getU8(&Offset);		uint8_t Version = Data.getU8(&Offset);
		aprantlUnsubmitted Not Done Reply Inline Actions Is there any way to break this up into subexpressions and helper variables that would make this condition more easy to follow? aprantl: Is there any way to break this up into subexpressions and helper variables that would make this…
		ikudrinAuthorUnsubmitted Done Reply Inline Actions What about this? bool IsCIE = (!IsEH && !IsDWARF64 && Id == DW_CIE_ID) \|\| (!IsEH && IsDWARF64 && Id == DW64_CIE_ID) \|\| (IsEH && !Id); Or we may define a helper method, `CIE::getCIEId()`, like in D73887. ikudrin: What about this? ``` bool IsCIE = (!IsEH && !IsDWARF64 && Id == DW_CIE_ID) \|\| (!
const char *Augmentation = Data.getCStr(&Offset);		const char *Augmentation = Data.getCStr(&Offset);
StringRef AugmentationString(Augmentation ? Augmentation : "");		StringRef AugmentationString(Augmentation ? Augmentation : "");
uint8_t AddressSize = Version < 4 ? Data.getAddressSize() :		uint8_t AddressSize = Version < 4 ? Data.getAddressSize() :
Data.getU8(&Offset);		Data.getU8(&Offset);
Data.setAddressSize(AddressSize);		Data.setAddressSize(AddressSize);
uint8_t SegmentDescriptorSize = Version < 4 ? 0 : Data.getU8(&Offset);		uint8_t SegmentDescriptorSize = Version < 4 ? 0 : Data.getU8(&Offset);
uint64_t CodeAlignmentFactor = Data.getULEB128(&Offset);		uint64_t CodeAlignmentFactor = Data.getULEB128(&Offset);
int64_t DataAlignmentFactor = Data.getSLEB128(&Offset);		int64_t DataAlignmentFactor = Data.getSLEB128(&Offset);
▲ Show 20 Lines • Show All 158 Lines • Show Last 20 Lines

llvm/test/DebugInfo/X86/debug-frame-cie-id-dwarf64.s

This file was added.

				# RUN: llvm-mc -triple x86_64-unknown-linux %s -filetype=obj -o - \| \
				# RUN: llvm-dwarfdump -debug-frame - \| \
				# RUN: FileCheck %s

				# CHECK: 00000000 {{.*}} FDE

				.section .debug_frame,"",@progbits
				## This FDE was formerly wrongly interpreted as a CIE because its CIE pointer
				## is similar to DWARF32 CIE id.
				.long 0xffffffff # DWARF64 mark
				.quad .Lend - .LCIEptr # Length
				.LCIEptr:
				.quad 0xffffffff # CIE pointer
				.quad 0x1111abcd # Initial location
				.quad 0x00010000 # Address range
				.Lend:

llvm/test/DebugInfo/X86/eh-frame-cie-id.s

This file was added.

				# RUN: llvm-mc -triple x86_64-unknown-linux %s -filetype=obj -o - \| \
				# RUN: not --crash llvm-dwarfdump -debug-frame - 2>&1 \| \
				# RUN: FileCheck %s

				# CHECK: Parsing FDE data at 0 failed due to missing CIE

				.section .eh_frame,"a",@unwind
				## This FDE was formerly wrongly interpreted as a CIE because its CIE pointer
				## is similar to CIE id of a .debug_frame FDE.
				.long .Lend - .LCIEptr # Length
				.LCIEptr:
				.long 0xffffffff # CIE pointer
				.quad 0x1111abcd # Initial location
				.quad 0x00010000 # Address range
				.Lend: