reliable and fast dwarf based stack unwinding
play

Reliable and Fast DWARF-based Stack Unwinding Thophile Bastian - PowerPoint PPT Presentation

Jun 18, 2023 •282 likes •841 views

Reliable and Fast DWARF-based Stack Unwinding Thophile Bastian Stephen Kell Francesco Zappa Nardelli ENS Paris, University of Kent, Inria Webpage (incl. slides) Funding ONR VerticA https://huit.re/frdwarf Google Research Fellowship $

  1. Reliable and Fast DWARF-based Stack Unwinding Théophile Bastian Stephen Kell Francesco Zappa Nardelli ENS Paris, University of Kent, Inria Webpage (incl. slides) Funding ONR VerticA https://huit.re/frdwarf Google Research Fellowship

  2. $ ./a.out Segmentation fault. 1/18

  3. $ ./a.out Segmentation fault. (gdb) backtrace #0 0x54625 in fct_b #1 0x54663 in fct_a #2 0x54674 in main 1/18

  4. $ ./a.out Segmentation fault. (gdb) backtrace #0 0x54625 in fct_b #1 0x54663 in fct_a #2 0x54674 in main How does it work? 1/18

  5. $ ./a.out Segmentation fault. (gdb) backtrace #0 0x54625 in fct_b #1 0x54663 in fct_a #2 0x54674 in main How does it work? 1/18

  6. How do we get the return address? 2/18

  7. How do we get the return address? What if we only have %rsp? 2/18

  8. DWARF unwinding data PC CFA rbx rbp r12 r13 r14 r15 ra 0084950 rsp+8 u u u u u u c-8 0084952 rsp+16 u u u u u c-16 c-8 0084954 rsp+24 u u u u c-24 c-16 c-8 0084956 rsp+32 u u u c-32 c-24 c-16 c-8 0084958 rsp+40 u u c-40 c-32 c-24 c-16 c-8 0084959 rsp+48 u c-48 c-40 c-32 c-24 c-16 c-8 008495a rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084962 rsp+64 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a19 rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1d rsp+48 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1e rsp+40 c-56 c-48 c-40 c-32 c-24 c-16 c-8 3/18

  9. DWARF unwinding data PC CFA rbx rbp r12 r13 r14 r15 ra 0084950 rsp+8 u u u u u u c-8 0084952 rsp+16 u u u u u c-16 c-8 0084954 rsp+24 u u u u c-24 c-16 c-8 0084956 rsp+32 u u u c-32 c-24 c-16 c-8 0084958 rsp+40 u u c-40 c-32 c-24 c-16 c-8 0084959 rsp+48 u c-48 c-40 c-32 c-24 c-16 c-8 008495a rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084962 rsp+64 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a19 rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1d rsp+48 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1e rsp+40 c-56 c-48 c-40 c-32 c-24 c-16 c-8 For each instruction. . . (identified by its program counter) 3/18

  10. DWARF unwinding data PC CFA rbx rbp r12 r13 r14 r15 ra 0084950 rsp+8 u u u u u u c-8 0084952 rsp+16 u u u u u c-16 c-8 0084954 rsp+24 u u u u c-24 c-16 c-8 0084956 rsp+32 u u u c-32 c-24 c-16 c-8 0084958 rsp+40 u u c-40 c-32 c-24 c-16 c-8 0084959 rsp+48 u c-48 c-40 c-32 c-24 c-16 c-8 008495a rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084962 rsp+64 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a19 rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1d rsp+48 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1e rsp+40 c-56 c-48 c-40 c-32 c-24 c-16 c-8 . . . an expression For each instruction. . . to compute its (identified by its return address program counter) location on the stack 3/18

  11. The real DWARF 30 24 34 FDE pc =004020..004040 DW_CFA_def_cfa_offset: 16 DW_CFA_advance_loc: 6 to 0000000000004026 DW_CFA_def_cfa_offset: 24 DW_CFA_advance_loc: 10 to 0000000000004030 DW_CFA_def_cfa_expression (DW_OP_breg7 (rsp): 8; DW_OP_breg16 (rip): 0; DW_OP_lit15; DW_OP_and; DW_OP_lit11; DW_OP_ge; DW_OP_lit3; DW_OP_shl; DW_OP_plus) [...] 4/18

  12. The real DWARF 30 24 34 FDE pc =004020..004040 DW_CFA_def_cfa_offset: 16 DW_CFA_advance_loc: 6 to 0000000000004026 DW_CFA_def_cfa_offset: 24 DW_CFA_advance_loc: 10 to 0000000000004030 DW_CFA_def_cfa_expression (DW_OP_breg7 (rsp): 8; DW_OP_breg16 (rip): 0; DW_OP_lit15; DW_OP_and; DW_OP_lit11; DW_OP_ge; DW_OP_lit3; DW_OP_shl; DW_OP_plus) [...] → bytecode for a Turing-complete stack machine − → which is interpreted on demand at runtime − to reconstruct the table 4/18

  13. What does this imply? Your compiler generates code for two machines: your processor and the DWARF VM. $ gcc -S foo.c main: .cfi_startproc pushq %rbp .cfi_def_cfa_offset 16 .cfi_offset 6, -16 movq %rsp , %rbp .cfi_def_cfa_register 6 subq $32 , %rsp movl %edi , -20(%rbp) movq %rsi , -32(%rbp) .cfi_* : inline DWARF! 5/18

  14. What does this imply? Your compiler generates code for two machines: your processor and the DWARF VM. $ gcc -S foo.c main: = ⇒ Cumbersome to generate for .cfi_startproc the compiler pushq %rbp � might do it wrong .cfi_def_cfa_offset 16 .cfi_offset 6, -16 � might not do it at all movq %rsp , %rbp = ⇒ If you write inline asm, you .cfi_def_cfa_register 6 must write inline DWARF! subq $32 , %rsp movl %edi , -20(%rbp) movq %rsi , -32(%rbp) .cfi_* : inline DWARF! 5/18

  15. .section .eh_frame ,"a",@progbits 5: .long 7f-6f # Length of Common Information Entry 6: .long 0x0 # CIE Identifier Tag .byte 0x1 # CIE Version .ascii "zR\\0" # CIE Augmentation .uleb128 0x1 # CIE Code Alignment Factor .sleb128 -4 # CIE RA Column .byte 0x8 # Augmentation size .uleb128 0x1 # FDE Encoding (pcrel sdata4) .byte 0x1b # DW_CFA_def_cfa .byte 0xc .uleb128 0x4 .uleb128 0x0 .align 4 7: .long 17f-8f # FDE Length 8: .long 8b-5b # FDE CIE offset .long 1b-. # FDE initial location .long 4b-1b # FDE address range .uleb128 0x0 # Augmentation size .byte 0x16 # DW_CFA_val_expression .uleb128 0x8 .uleb128 10f-9f 9: .byte 0x78 # DW_OP_breg8 .sleb128 3b-1b 6/18

  16. .section .eh_frame ,"a",@progbits 5: .long 7f-6f # Length of Common Information Entry 6: .long 0x0 # CIE Identifier Tag .byte 0x1 # CIE Version .ascii "zR\\0" # CIE Augmentation .uleb128 0x1 # CIE Code Alignment Factor .sleb128 -4 # CIE RA Column In glibc , lowlevellock.h : .byte 0x8 # Augmentation size off by one error in .uleb128 0x1 # FDE Encoding (pcrel sdata4) .byte 0x1b # DW_CFA_def_cfa unwinding data. .byte 0xc .uleb128 0x4 (gdb) backtrace .uleb128 0x0 .align 4 #0 0x406c2c in _L_lock_19 7: .long 17f-8f # FDE Length #1 0x406c2c in _L_lock_19 8: .long 8b-5b # FDE CIE offset #2 0x4069c6 in abort .long 1b-. # FDE initial location .long 4b-1b # FDE address range #3 0x401017 in main .uleb128 0x0 # Augmentation size .byte 0x16 # DW_CFA_val_expression .uleb128 0x8 .uleb128 10f-9f 9: .byte 0x78 # DW_OP_breg8 .sleb128 3b-1b 6/18

  17. .section .eh_frame ,"a",@progbits 5: .long 7f-6f # Length of Common Information Entry Complex & slow 6: .long 0x0 # CIE Identifier Tag .byte 0x1 # CIE Version .ascii "zR\\0" # CIE Augmentation .uleb128 0x1 # CIE Code Alignment Factor .sleb128 -4 # CIE RA Column .byte 0x8 # Augmentation size .uleb128 0x1 # FDE Encoding (pcrel sdata4) .byte 0x1b # DW_CFA_def_cfa .byte 0xc .uleb128 0x4 .uleb128 0x0 .align 4 7: .long 17f-8f # FDE Length 8: .long 8b-5b # FDE CIE offset .long 1b-. # FDE initial location .long 4b-1b # FDE address range .uleb128 0x0 # Augmentation size .byte 0x16 # DW_CFA_val_expression .uleb128 0x8 .uleb128 10f-9f 9: .byte 0x78 # DW_OP_breg8 .sleb128 3b-1b 6/18

  18. .section .eh_frame ,"a",@progbits 5: .long 7f-6f # Length of Common Information Entry Complex & slow 6: .long 0x0 # CIE Identifier Tag .byte 0x1 # CIE Version .ascii "zR\\0" # CIE Augmentation .uleb128 0x1 # CIE Code Alignment Factor .sleb128 -4 # CIE RA Column .byte 0x8 # Augmentation size Pervasive: .uleb128 0x1 # FDE Encoding (pcrel sdata4) .byte 0x1b # DW_CFA_def_cfa .byte 0xc relied upon by profilers, .uleb128 0x4 .uleb128 0x0 .align 4 debuggers, aaand. . . 7: .long 17f-8f # FDE Length 8: .long 8b-5b # FDE CIE offset .long 1b-. # FDE initial location .long 4b-1b # FDE address range .uleb128 0x0 # Augmentation size .byte 0x16 # DW_CFA_val_expression .uleb128 0x8 .uleb128 10f-9f 9: .byte 0x78 # DW_OP_breg8 .sleb128 3b-1b 6/18

  19. .section .eh_frame ,"a",@progbits 5: .long 7f-6f # Length of Common Information Entry Complex & slow 6: .long 0x0 # CIE Identifier Tag .byte 0x1 # CIE Version .ascii "zR\\0" # CIE Augmentation .uleb128 0x1 # CIE Code Alignment Factor .sleb128 -4 # CIE RA Column .byte 0x8 # Augmentation size Pervasive: .uleb128 0x1 # FDE Encoding (pcrel sdata4) .byte 0x1b # DW_CFA_def_cfa .byte 0xc relied upon by profilers, .uleb128 0x4 .uleb128 0x0 .align 4 debuggers, aaand. . . 7: .long 17f-8f # FDE Length 8: .long 8b-5b # FDE CIE offset .long 1b-. # FDE initial location C++ exceptions. .long 4b-1b # FDE address range .uleb128 0x0 # Augmentation size .byte 0x16 # DW_CFA_val_expression � not only for .uleb128 0x8 .uleb128 10f-9f 9: .byte 0x78 # DW_OP_breg8 debuggers! .sleb128 3b-1b 6/18

  20. “Sorry, but last time was too f. . . painful. The whole (and only) point of unwinders is to make debugging easy when a bug occurs. But the dwarf unwinder had bugs itself, or our dwarf information had bugs, and in either case it actually turned several trivial bugs into a total undebuggable hell.” — Linus Torvalds, 2012 7/18

  21. “Sorry, but last time was too f. . . painful. The whole (and only) point of unwinders is to make debugging easy when a bug occurs. But the dwarf unwinder had bugs itself, or our dwarf information had bugs, and in either case it actually turned several trivial bugs into a total undebuggable hell.” — Linus Torvalds, 2012 This is where we still are! 7/18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Speeding up stack unwinding by compiling DWARF debug data Thophile Bastian Under supervision of

Speeding up stack unwinding by compiling DWARF debug data Thophile Bastian Under supervision of

Speeding up stack unwinding by compiling DWARF debug data Thophile Bastian Under supervision of Francesco Zappa Nardelli Team PARKAS, INRIA, Paris March August 2018 Slides: https://tobast.fr/m2/slides.pdf Report:

718 views • 41 slides
WHEN GDB IS NOT ENOUGH PAUL SEMEL KEVIN TAVUKCIYAN TALKING ABOUT DWARF TALKING ABOUT DWARF

WHEN GDB IS NOT ENOUGH PAUL SEMEL KEVIN TAVUKCIYAN TALKING ABOUT DWARF TALKING ABOUT DWARF

WHEN GDB IS NOT ENOUGH PAUL SEMEL KEVIN TAVUKCIYAN TALKING ABOUT DWARF TALKING ABOUT DWARF DEBUGGING WITH ATTRIBUTE RECORD FORMATS WHAT IS DWARF? WHAT IS DWARF? Format used to store debug informations Generated by the compiler Sections in

830 views • 35 slides
Self-Hosted Scripting in Guile Fast Start with ELF and DWARF Andy Wingo Igalia, S.L.

Self-Hosted Scripting in Guile Fast Start with ELF and DWARF Andy Wingo Igalia, S.L.

Self-Hosted Scripting in Guile Fast Start with ELF and DWARF Andy Wingo Igalia, S.L. @andywingo / wingolog.org Self-hosted runtimes can be heavy Wanted: Fast start Scripting source model Self-hosted runtime, compiler,

666 views • 20 slides
UNWINDING SATURNS TURNS : PROBING THE FAR ULTRAVIOLET PROPERTIES OF SATURNS RINGS Based on

UNWINDING SATURNS TURNS : PROBING THE FAR ULTRAVIOLET PROPERTIES OF SATURNS RINGS Based on

UNWINDING SATURNS TURNS : PROBING THE FAR ULTRAVIOLET PROPERTIES OF SATURNS RINGS Based on the paper by Bradley et al. (2010): Far ultraviolet spectral properties of Saturns rings from Cassini UVIS Milena Crnogorevi ASTR630 Term

323 views • 8 slides
1 Array-based Stack (2.1.1) Algorithm pop (): if isEmpty () then A simple way of throw

1 Array-based Stack (2.1.1) Algorithm pop (): if isEmpty () then A simple way of throw

Elementary Data Structures Stacks, Queues, Vectors, Lists & Sequences Trees The Stack ADT (2.1.1) The Stack ADT stores arbitrary objects Insertions and deletions Auxiliary stack follow the last-in first-out operations: scheme

473 views • 13 slides
An open source user space fast path TCP/IP stack Industry network challenges Growth in data

An open source user space fast path TCP/IP stack Industry network challenges Growth in data

An open source user space fast path TCP/IP stack Industry network challenges Growth in data traffic means that even small network nodes needs a fast path The Linux IP stack is slow and does not scale High throughput IP processing

361 views • 20 slides
Are Code Examples on an Online Q&A Forum Reliable? A Study of API Misuse on Stack Overflow

Are Code Examples on an Online Q&A Forum Reliable? A Study of API Misuse on Stack Overflow

Are Code Examples on an Online Q&A Forum Reliable? A Study of API Misuse on Stack Overflow Tianyi Zhang 1 ,Ganesha Upadhyaya 2 , Anastasia Reinhart 3 , Hridesh Rajan 2 , Miryung Kim 1 1 University of California, Los Angeles 2 Iowa State

916 views • 52 slides
Development of a DWARF-based display component for 3D scences on the iPAQ -

Development of a DWARF-based display component for 3D scences on the iPAQ -

Development of a DWARF-based display component for 3D scences on the iPAQ - Systementwicklungsprojekt - Marco Feuerstein Lehrstuhl fr Angewandte Softwaretechnik Institut fr Informatik Technische Universitt Mnchen feuerste@in.tum.de

780 views • 15 slides
Checking Unwinding Conditions for Finite State Systems Deepak DSouza, Raghavendra K.R.

Checking Unwinding Conditions for Finite State Systems Deepak DSouza, Raghavendra K.R.

Checking Unwinding Conditions for Finite State Systems Deepak DSouza, Raghavendra K.R. Indian Institute of Science, Bangalore, India Checking Unwinding Conditions for Finite State Systems p.1/14 MAKS Framework of Heiko Events. V isible,

1.04k views • 56 slides
Evaluating arithmetic expressions Stack-based algorithms are used for syntactical analysis (

Evaluating arithmetic expressions Stack-based algorithms are used for syntactical analysis (

ITI 1121. Introduction to Computing II Marcel Turcotte School of Electrical Engineering and Computer Science Version of February 2, 2013 Abstract Abstract data type: Stack Stack-based algorithms These lecture notes are meant to

1.69k views • 153 slides
Accretion in dwarf novae Nicolas Scepi supervised by Guillaume Dubus and Geoffroy Lesur

Accretion in dwarf novae Nicolas Scepi supervised by Guillaume Dubus and Geoffroy Lesur

Accretion in dwarf novae Nicolas Scepi supervised by Guillaume Dubus and Geoffroy Lesur Dautreppe, 4th of December 2018 1 Dwarf novae Accretion disk Solar type star White dwarf Dwarf novae are ideal to study accretion : - emission in the

983 views • 25 slides
4/19/2013 Fast and reliable Portable and easy to install PRESERVING, GENERATING, AND

4/19/2013 Fast and reliable Portable and easy to install PRESERVING, GENERATING, AND

4/19/2013 Fast and reliable Portable and easy to install PRESERVING, GENERATING, AND VISUALIZING KNOWLEDGE OF ARCHITECTURALLY SIGNIFICANT REQUIREMENTS IN SOURCE CODE Institute for Software Research Distinguished Speaker Series University

534 views • 25 slides
Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed

Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed

Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed Wearable Augmented Reality Framework Studienarbeit Lothar Richter Chair for Applied Software Engineering Summary Development of a short and easy

430 views • 30 slides
Ludger BioQuant Chitotriose Standard for Glycan Quantitation A fast, reliable method for

Ludger BioQuant Chitotriose Standard for Glycan Quantitation A fast, reliable method for

Ludger BioQuant Chitotriose Standard for Glycan Quantitation A fast, reliable method for quantifying your glycans Highlights of the Chitotriose Standard System for Glycan Quantification Regulatory Submissions Reliable quantification

78 views • 7 slides
Phase 2 Data Launch 12/6/17 Whats the Problem? Fast, reliable and resilient internet

Phase 2 Data Launch 12/6/17 Whats the Problem? Fast, reliable and resilient internet

Fastershire Phase 2 Data Launch 12/6/17 Whats the Problem? Fast, reliable and resilient internet access increasingly important for business and society Growing number of commercial and service interactions delivered exclusively

405 views • 27 slides
Fast, Reliable, Secure, Affordable MongoDB on AWS EC2 Paul Marcelin Why are we here today?

Fast, Reliable, Secure, Affordable MongoDB on AWS EC2 Paul Marcelin Why are we here today?

Fast, Reliable, Secure, Affordable MongoDB on AWS EC2 Paul Marcelin Why are we here today? Among open-source databases, MongoDB is a complete production-ready solution Self-managing MongoDB is worthwhile , for the best AWS performance at

444 views • 20 slides
Applied Statistical Analysis EDUC 6050 Week 7 Finding clarity using data Today Hypothesis

Applied Statistical Analysis EDUC 6050 Week 7 Finding clarity using data Today Hypothesis

Applied Statistical Analysis EDUC 6050 Week 7 Finding clarity using data Today Hypothesis Testing with ANOVA Repeated Measures ANOVA Mixed ANOVA 2 Do you know comparison population mean ! and standard deviation # ? Know

464 views • 31 slides
Higher Order Structures in Minimalist Derivations Greg Kobele TAG+13 Universitt Leipzig

Higher Order Structures in Minimalist Derivations Greg Kobele TAG+13 Universitt Leipzig

Higher Order Structures in Minimalist Derivations Greg Kobele TAG+13 Universitt Leipzig Intro Intro Grammar formalisms, like programming languages, are useful because they allow us to factor our explanation of linguistic be- haviour into

1.54k views • 135 slides
4/1/19 Housing Not Handcuffs: A CoCs response to Tent City Joe Scalise Director Housing

4/1/19 Housing Not Handcuffs: A CoCs response to Tent City Joe Scalise Director Housing

4/1/19 Housing Not Handcuffs: A CoCs response to Tent City Joe Scalise Director Housing Services United Way of Summit County UWSUMMIT.ORG OH-506 Akron/Barberton Summit County Continuum of Care Summit County Population 541,787

197 views • 3 slides
Governing not change, we have incompressible flow Equations Conservation of momentum. For

Governing not change, we have incompressible flow Equations Conservation of momentum. For

DNS of Multiphase Flows DNS of Multiphase Flows Direct Numerical Simulations of Here we will focus on: Multiphase Incompressible isothermal flow Flows-2 The one-fluid formulation of the governing equations Governing Equations

321 views • 4 slides
Debug Info Tutorial Eric Christopher (echristo@gmail.com), David Blaikie (dblaikie@gmail.com)

Debug Info Tutorial Eric Christopher (echristo@gmail.com), David Blaikie (dblaikie@gmail.com)

Debug Info Tutorial Eric Christopher (echristo@gmail.com), David Blaikie (dblaikie@gmail.com) What is debug info? Mapping of source to binary Program structure, lines, columns, variables Debuggers, Profiling, Editors Kaleidoscope Background

653 views • 36 slides
How to make a virtual machine less virtual Or: an integrated approach to dynamic language

How to make a virtual machine less virtual Or: an integrated approach to dynamic language

How to make a virtual machine less virtual Or: an integrated approach to dynamic language implementation Stephen Kell stephen.kell@comlab.ox.ac.uk How to make a VM. . . p.1 Programming languages... Programming languages are great,

579 views • 29 slides
DWARF 5 and GNU extensions New ways go from binary to source Mark J. Wielaard Who am I Mark J.

DWARF 5 and GNU extensions New ways go from binary to source Mark J. Wielaard Who am I Mark J.

DWARF 5 and GNU extensions New ways go from binary to source Mark J. Wielaard Who am I Mark J. Wielaard Red Hat perftools valgrind, elfutils, systemtap, What is DWARF From binary to source But if that was all: .debug_line mapping

407 views • 26 slides
Chapter 18 The Bizarre Stellar Graveyard 18.1 White Dwarfs Our goals for learning What

Chapter 18 The Bizarre Stellar Graveyard 18.1 White Dwarfs Our goals for learning What

Chapter 18 The Bizarre Stellar Graveyard 18.1 White Dwarfs Our goals for learning What is a white dwarf? What can happen to a white dwarf in a close binary system? White Dwarfs What is a white dwarf? White dwarfs are the

259 views • 12 slides

More recommend