Evaluating CFI rules may fail due to e.g. the unavailability of the
memory or some register values. Failures in recovering registers other
than CFA or return address can be ignored because they are optional.
Bug: fuchsia:102034
Change-Id: Ia1d8bdb12766e32b5445b49d353fc71c63ab73e7
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3701260
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Since the introduction of inlined frames, it is not sufficient to check
the stack trace length (== 1) in order to identify context frames.
Updating all location that were depending on this assumption to check
for frame trust level instead.
Change-Id: I98f966889367c2270c268b8e78b67418c89c50f1
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3499020
Reviewed-by: Mark Mentovai <mark@chromium.org>
for Windows x64 stacks.
According to https://reviews.llvm.org/D2474, LLVM does't generate unwind info for leaf function which doesn't touch any callee-saved
registers. According to MSDN, leaf functions can be unwound simply by
simulating a return.
Change-Id: Ic0503e2aca90b0ba5799133ea8439f1b5f2eefda
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3489332
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This is needed in order to properly detect and highlight frames that
correspond to multiple functions, for example as the result of identical
code folding by the linker.
Bug: google-breakpad:751
Change-Id: I2ee7c147fcff6493c2454383ad5422b38269759a
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3471034
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Inline frames are always of the base-class type (StackFrame). Treating them as derived-class and accessing members was causing heap buffer overflows.
Change-Id: Id4122ab6a31f016933038a1cb63d45d5c38481f5
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3425445
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
- FastSourceLineResolver::Module::LoadMapFromMemory now rejects an older version of the serialization format.
- Cleaned up several unneeded usages of scoped_ptr::get.
- Fixed the serialization of bool. The serialization code was using 255 for 'true' while the deserialization code was expecting to see 1.
- Serialization for PublicSymbol.is_multiple was missing. Deserialization was expecting it
- Added some logging to processor/source_line_resolver_base.cc
Change-Id: Iadc7d8ee23bf3a07e4ea280d5d4c3f25f6278b69
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3324395
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
- Ignore DW_TAG_inlined_subroutine with empty range.
- Don't stop parsing after parsing malformed INLINE/INLINE_ORIGIN
records, because reports can still be generated without them but won't
have inlined frames.
Bug: 1190878
Change-Id: I445105ad06b9146268f7d064e85b0d162c3f2a39
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3321166
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This adds a new mode in ContainedRangeMap which allows existance of
equal ranges. Among those equal ranges, the most recently added range is
the innermost range.
This also adds a function to ContainedRangeMap and
StaticContainedRangeMap to allow users get a vector of entries that
contains given address from innermost to outermost ranges.
Change-Id: I84c1f2e49ffcaf8238df60e41498730103d1ead6
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3291137
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This is a more practical reserved capacity than
std::numeric_limits<int>::max() for the vector.
Change-Id: Ic8d4e812c3804e4f15cc51650f7a91bae7313415
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3301419
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Minidumps can contain extended, and compacted extended, contexts to
include xstate data such as the state of the cet registers cetumsr
and cetussp. Previously breakpad would reject dumps with contexts
larger than expected. With this chage, breakpad now accepts and reads
these minidumps. This change does not yet add processing for this
extra data, but will allow any minidumps to be passed on to other
processing tools, or be available for manual inspection.
See chromium-review.googlesource.com/c/crashpad/crashpad/+/2575920
for motivation.
Bug: 1250098
Change-Id: Id67649738ef1c7fb6308e05e6cd8fde790771cb2
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3256483
Reviewed-by: Robert Sesek <rsesek@chromium.org>
This is similar to the processor part of
https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3232838/,
but added compatibility to process both old and new format of
INLINE/INLINE_ORIGIN records in symbol file.
Old INLINE format:
INLINE <inline_nest_level> <call_site_line> <origin_id>
[<address> <size>]+
New INLINE format:
INLINE <inline_nest_level> <call_site_line> <call_site_file_id>
<origin_id> [<address> <size>]+
Old INLINE_ORIGIN format:
INLINE_ORIGIN <origin_id> <file_id> <name>
New INLINE_ORIGIN format:
INLINE_ORIGIN <origin_id> <name>
Change-Id: I555d9747bfd44a1a95113b9946dcd509b7710876
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3248433
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This reverts commit 54d878abcb.
54d878abcb changed the dump_syms format incompatibly. This must be
redone in a multi-step process: the processor must be made to understand
the old and new formats simultaneously and the processor service must be
rebuilt and run with that update before dump_syms output can change to
use the new format.
Bug: chromium:1263390
Change-Id: I5b6f8aff8ea2916b2c07ac6a74b569fa27db51b9
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3244775
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Processor shows incorrect source file name if a frame have an inlined
frame and their source files are different.
Consider this example:
FILE 0 /tmp/a.h
FILE 1 /tmp/a.cpp
INLINE_ORIGIN 0 0 foo()
FUNC 1110 a 0 main
INLINE 0 22 0 1110 7
1110 7 3 0
1117 3 23 1
When querying the address 0x1110, we know this line 0x1110 corresponds
to /tmp/a.h line 3 and it's inside a inlined function foo() which is
defined at /tmp/a.h and called at line 22. But we don't know at which
file it's being called at line 22. So, we will get stacks like this:
void foo() /tmp/a.h:3
int main() /tmp/a.h:22
The correct stacks should be this:
void foo() /tmp/a.h:3
int main() /tmp/a.cpp:22
In this change:
1. Remove file_id field for INLINE_ORIGIN record.
2. Add call_site_file_id for INLINE record to represents the file where
this call being inlined.
After adding call_site_file_id to it (as third field), it looks like
this:
FILE 0 /tmp/a.h
FILE 1 /tmp/a.cpp
INLINE_ORIGIN 0 foo()
FUNC 1110 a 0 main
INLINE 0 22 1 0 1110 7
1110 7 3 0
1117 3 23 1
Bug: 1190878
Change-Id: Ibbb697d2f7e1b6ac3208cac6fae4353c8743198d
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3232838
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Building fails for some people because configure requires c++11 but make_unique is a c++14 feature.
Change-Id: I23ce689fc92e9e90a95e7643ff29602f6b32ccbb
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3107784
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This adds the support to process INLINE and INLINE_ORIGIN records in
symbol files and to generate inlined frames using those records if
possible.
Bug: 1190878
Change-Id: Ia0b6d56c9de37cf818d9bb6842d58c9b68f235b2
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3024690
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Make various tools print just their names as part of the usage
instructions, rather than the full path. Also fix a missing space in the
dump_syms usage output.
Change-Id: I2b796678cd47e7dbabcc03df2b57cdc3420c008c
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/2787678
Reviewed-by: Mike Frysinger <vapier@chromium.org>
This reverts commit f2b3ab5e0a.
Reason for revert: Causes symbolization errors on ARM ChromeOS
devices crbug.com/1182948.
Original change's description:
> arm: Allow the first function to use linked register as return pc
>
> For a crash at the function entry with corrupted PC, the caller's PC
> could be lying in the link register. Using the PC from link register
> would be more effective than blindly scanning the stack immediately.
>
> Change-Id: I51673b7298e70faeeab2bfa97075e3c4793f94bc
> Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/2678992
> Reviewed-by: Mike Frysinger <vapier@chromium.org>
> Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Bug: 1182948
Change-Id: I2818b35ab1fb99012919cccc0fb80368e456ca15
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/2765164
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
For a crash at the function entry with corrupted PC, the caller's PC
could be lying in the link register. Using the PC from link register
would be more effective than blindly scanning the stack immediately.
Change-Id: I51673b7298e70faeeab2bfa97075e3c4793f94bc
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/2678992
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
CFI might compute invalid rsp/rip values if the values in the callee
frame were corrupted, as in stack overflow. Rejecting the frame
computed by CFI allows Breakpad to fall-back to scanning.
Bug: b/169611285
Change-Id: Ifeb08ab5639932c0e23722a161d9d15403738019
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/2456037
Reviewed-by: Mark Mentovai <mark@chromium.org>
We do this in a lot of places, but we're inconsistent.
Normalize the code to the Google C++ style guide.
Change-Id: Ic2aceab661ce8f6b993dda21b1cdf5d2198dcbbf
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/2262932
Reviewed-by: Sterling Augustine <saugustine@google.com>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Previously, the processor truncated the upper of two
overlapping module ranges to compensate for incorrect
reporting of module ranges by the Breakpad client.
Crashpad correctly reports module load ranges, so
this truncation strategy is no longer necessary.
However, when partitioned libraries are used, the base
library may have a range which encompasses the other
partitions. When this is combined with the truncate
upper merge strategy, the base library's executable
segment is truncated causing symbolization failures.
This patch changes Android's merge strategy to truncate
the lower range (which is still the base library, but
this strategy truncates from the high end of the
library's range, instead of its base).
Bug: b/149845120
Change-Id: Ic75ecd3e919432690740eb21ebd4265fc0bbaa86
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/2067952
Reviewed-by: Mark Mentovai <mark@chromium.org>
Stackwalk can't recover caller's register X30($LR) value by STACK CFI info.
This will lead unwinding stop immediately when fallback to frame pointer unwinder.
This PR will use try to use second last frame to recover register X30($LR) by frame pointer.
And we will give up correction if STACK CFI info doesn't agree with frame pointer info.
Bug: https://bugs.chromium.org/p/google-breakpad/issues/detail?id=808
Change-Id: I50649e3398e268b02ff297e83db21d05705c2a2d
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/1992641
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This code indicates termination under “kill” semantics due to a module’s
code signature becoming invalid.
Bug: chromium:1023239
Change-Id: I3d453af9ef6c6925edcf9c08dbd78e563877522f
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/1930177
Reviewed-by: Robert Sesek <rsesek@chromium.org>
A recent commit converted some source from C to C++. Chrome has
checks against unannotated switch case fallthroughs in C++ code, so the
converted source needs annotations.
Bug: 990190
Change-Id: Ib92435b4877be936f837928a70b552ec4975d42a
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/1898429
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Pointer authentication codes are used to validate pointers against
accidental or malicious modification by storing a hash of the address
and a secret value in the pointer's unused, upper bits. The exact
bits used may vary by implementation and depend on the size of the
virtual address space of the target system, and whether other tagged
pointer features are in use.
Apple has implemented PACs in the Apple A12.
https://developer.apple.com/documentation/security/preparing_your_app_to_work_with_pointer_authentication
The documented method of stripping PACs from a pointer is to call
ptrauth_strip(), which ultimately emits an `xpaci` instruction, but
this option isn't available to the Breakpad processor not running on
the device. Instead, this patch selects likely address bits from
link register values by examining the address range of loaded modules.
Change-Id: I054bd1a03605719937fc85dcc8d8b9fe927f44be
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/1713650
Reviewed-by: Mark Mentovai <mark@chromium.org>
Now decoding the OS name and exception codes for Fuchsia. Still not decoding exception flags (can be added later, if needed).
Change-Id: If66cb000828be18f0c1b35d1b1f52b3ca3e1fd67
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/1699049
Reviewed-by: Mark Mentovai <mark@chromium.org>
ELF modules are loaded in memory in several, possibly discontiguous,
segments. If the holes between segments are large enough, other things,
possibly other ELF modules may be mapped in that space. Crashpad
records the range of modules as the base address of the lowest mapped
segment to the high address of the highest mapped segment. This means
that when one module is mapped into a hole in another, it appears to
the Breakpad processor as overlapping modules. Module ranges are
relevant to the Breakpad processor during stackwalking for identifying
which module a particular program counter belongs to (i.e. mapping the
address to a module's text segment). This patch addresses this issue of
overlapping modules by truncating the range of the module with the
lower base address. A typical module's text segment is the first loaded
segment which would leave the text segment range unaffected. Module
producers can restrict the size of holes in their ELF modules with the
flag "-Wl,-z,max-page-size=4096", preventing other modules from being
mapped in their address range.
Properly contemplating ELF module address ranges would require
extensions to the minidump format to encode any holes.
crbug.com/crashpad/298
This patch also renames the concept of "shrinking down" (which
truncated the upper of two overlapping ranges) to "truncate upper".
Change-Id: I4599201f1e43918db036c390961f8b39e3af1849
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/1646932
Reviewed-by: Mark Mentovai <mark@chromium.org>
Certain minidumps for 32-bit crashes have the upper 32-bit of the crash
address (which is a 64-bit value) set to non-zero values. This caused a
crash address with more than 32-bits to be printed out for minidumps of
32-bit architectures. This patch masks out those bits when reading the
raw minidump data to ensure this doesn't happen anymore.
Bug: google-breakpad:783
Change-Id: Ieef6dff759fd0ee2efc47c4c4a3cf863a48f0659
Reviewed-on: https://chromium-review.googlesource.com/c/1427819
Reviewed-by: Ted Mielczarek <ted.mielczarek@gmail.com>
This affects the output of tools like minidump_stackwalk which currently
print out the hexadecimal representation of the architecture instead of
the "arm64" string.
BUG=780
Change-Id: Id1d9d65fa5f3509c8c6580e2e3042f7d682b52be
Reviewed-on: https://chromium-review.googlesource.com/c/1412004
Reviewed-by: Mike Frysinger <vapier@chromium.org>
This allows BPLOG_LAZY_STREAM to be overridden by BP_LOGGING_INCLUDE
Change-Id: I5c9ec19b619ad5db9e97f3a1813b0f965a357b38
Reviewed-on: https://chromium-review.googlesource.com/c/1351361
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
This allows BPLOG_IF to be overriden by defines in BP_LOGGING_INCLUDE.
Change-Id: Ic6e8373476cc4d1f73d55e13a23686a2c8309fdc
Reviewed-on: https://chromium-review.googlesource.com/c/1278104
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
