mirror of
https://sourceware.org/git/binutils-gdb.git
synced 2024-11-27 20:14:06 +08:00
cf141dd8cc
This commit aims to address a problem that exists with the current approach to displaced stepping, and was identified in PR gdb/22921. Displaced stepping is currently supported on AArch64, ARM, amd64, i386, rs6000 (ppc), and s390. Of these, I believe there is a problem with the current approach which will impact amd64 and ARM, and can lead to random register corruption when the inferior makes use of asynchronous signals and GDB is using displaced stepping. The problem can be found in displaced_step_buffers::finish in displaced-stepping.c, and is this; after GDB tries to perform a displaced step, and the inferior stops, GDB classifies the stop into one of two states, either the displaced step succeeded, or the displaced step failed. If the displaced step succeeded then gdbarch_displaced_step_fixup is called, which has the job of fixing up the state of the current inferior as if the step had not been performed in a displaced manner. This all seems just fine. However, if the displaced step is considered to have not completed then GDB doesn't call gdbarch_displaced_step_fixup, instead GDB remains in displaced_step_buffers::finish and just performs a minimal fixup which involves adjusting the program counter back to its original value. The problem here is that for amd64 and ARM setting up for a displaced step can involve changing the values in some temporary registers. If the displaced step succeeds then this is fine; after the step the temporary registers are restored to their original values in the architecture specific code. But if the displaced step does not succeed then the temporary registers are never restored, and they retain their modified values. In this context a temporary register is simply any register that is not otherwise used by the instruction being stepped that the architecture specific code considers safe to borrow for the lifetime of the instruction being stepped. In the bug PR gdb/22921, the amd64 instruction being stepped is an rip-relative instruction like this: jmp *0x2fe2(%rip) When we displaced step this instruction we borrow a register, and modify the instruction to something like: jmp *0x2fe2(%rcx) with %rcx having its value adjusted to contain the original %rip value. Now if the displaced step does not succeed, then %rcx will be left with a corrupted value. Obviously corrupting any register is bad; in the bug report this problem was spotted because %rcx is used as a function argument register. And finally, why might a displaced step not succeed? Asynchronous signals provides one reason. GDB sets up for the displaced step and, at that precise moment, the OS delivers a signal (SIGALRM in the bug report), the signal stops the inferior at the address of the displaced instruction. GDB cancels the displaced instruction, handles the signal, and then tries again with the displaced step. But it is that first cancellation of the displaced step that causes the problem; in that case GDB (correctly) sees the displaced step as having not completed, and so does not perform the architecture specific fixup, leaving the register corrupted. The reason why I think AArch64, rs600, i386, and s390 are not effected by this problem is that I don't believe these architectures make use of any temporary registers, so when a displaced step is not completed successfully, the minimal fix up is sufficient. On amd64 we use at most one temporary register. On ARM, looking at arm_displaced_step_copy_insn_closure, we could modify up to 16 temporary registers, and the instruction being displaced stepped could be expanded to multiple replacement instructions, which increases the chances of this bug triggering. This commit only aims to address the issue on amd64 for now, though I believe that the approach I'm proposing here might be applicable for ARM too. What I propose is that we always call gdbarch_displaced_step_fixup. We will now pass an extra argument to gdbarch_displaced_step_fixup, this a boolean that indicates whether GDB thinks the displaced step completed successfully or not. When this flag is false this indicates that the displaced step halted for some "other" reason. On ARM GDB can potentially read the inferior's program counter in order figure out how far through the sequence of replacement instructions we got, and from that GDB can figure out what fixup needs to be performed. On targets like amd64 the problem is slightly easier as displaced stepping only uses a single replacement instruction. If the displaced step didn't complete the GDB knows that the single instruction didn't execute. The point is that by always calling gdbarch_displaced_step_fixup, each architecture can now ensure that the inferior state is fixed up correctly in all cases, not just the success case. On amd64 this ensures that we always restore the temporary register value, and so bug PR gdb/22921 is resolved. In order to move all architectures to this new API, I have moved the minimal roll-back version of the code inside the architecture specific fixup functions for AArch64, rs600, s390, and ARM. For all of these except ARM I think this is good enough, as no temporaries are used all that's needed is the program counter restore anyway. For ARM the minimal code is no worse than what we had before, though I do consider this architecture's displaced-stepping broken. I've updated the gdb.arch/amd64-disp-step.exp test to cover the 'jmpq*' instruction that was causing problems in the original bug, and also added support for testing the displaced step in the presence of asynchronous signal delivery. I've also added two new tests (for amd64 and i386) that check that GDB can correctly handle displaced stepping over a single instruction that branches to itself. I added these tests after a first version of this patch relied too much on checking the program-counter value in order to see if the displaced instruction had executed. This works fine in almost all cases, but when an instruction branches to itself a pure program counter check is not sufficient. The new tests expose this problem. Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22921 Approved-By: Pedro Alves <pedro@palves.net>
330 lines
11 KiB
C++
330 lines
11 KiB
C++
/* Common target dependent code for GDB on ARM systems.
|
|
Copyright (C) 2002-2023 Free Software Foundation, Inc.
|
|
|
|
This file is part of GDB.
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>. */
|
|
|
|
#ifndef ARM_TDEP_H
|
|
#define ARM_TDEP_H
|
|
|
|
/* Forward declarations. */
|
|
struct regset;
|
|
struct address_space;
|
|
struct get_next_pcs;
|
|
struct arm_get_next_pcs;
|
|
struct gdb_get_next_pcs;
|
|
|
|
/* Set to true if the 32-bit mode is in use. */
|
|
|
|
extern bool arm_apcs_32;
|
|
|
|
#include "gdbarch.h"
|
|
#include "arch/arm.h"
|
|
#include "infrun.h"
|
|
|
|
#include <vector>
|
|
|
|
/* Number of machine registers. The only define actually required
|
|
is gdbarch_num_regs. The other definitions are used for documentation
|
|
purposes and code readability. */
|
|
/* For 26 bit ARM code, a fake copy of the PC is placed in register 25 (PS)
|
|
(and called PS for processor status) so the status bits can be cleared
|
|
from the PC (register 15). For 32 bit ARM code, a copy of CPSR is placed
|
|
in PS. */
|
|
#define NUM_FREGS 8 /* Number of floating point registers. */
|
|
#define NUM_SREGS 2 /* Number of status registers. */
|
|
#define NUM_GREGS 16 /* Number of general purpose registers. */
|
|
|
|
|
|
|
|
/* Type of floating-point code in use by inferior. There are really 3 models
|
|
that are traditionally supported (plus the endianness issue), but gcc can
|
|
only generate 2 of those. The third is APCS_FLOAT, where arguments to
|
|
functions are passed in floating-point registers.
|
|
|
|
In addition to the traditional models, VFP adds two more.
|
|
|
|
If you update this enum, don't forget to update fp_model_strings in
|
|
arm-tdep.c. */
|
|
|
|
enum arm_float_model
|
|
{
|
|
ARM_FLOAT_AUTO, /* Automatic detection. Do not set in tdep. */
|
|
ARM_FLOAT_SOFT_FPA, /* Traditional soft-float (mixed-endian on LE ARM). */
|
|
ARM_FLOAT_FPA, /* FPA co-processor. GCC calling convention. */
|
|
ARM_FLOAT_SOFT_VFP, /* Soft-float with pure-endian doubles. */
|
|
ARM_FLOAT_VFP, /* Full VFP calling convention. */
|
|
ARM_FLOAT_LAST /* Keep at end. */
|
|
};
|
|
|
|
/* ABI used by the inferior. */
|
|
enum arm_abi_kind
|
|
{
|
|
ARM_ABI_AUTO,
|
|
ARM_ABI_APCS,
|
|
ARM_ABI_AAPCS,
|
|
ARM_ABI_LAST
|
|
};
|
|
|
|
/* Convention for returning structures. */
|
|
|
|
enum struct_return
|
|
{
|
|
pcc_struct_return, /* Return "short" structures in memory. */
|
|
reg_struct_return /* Return "short" structures in registers. */
|
|
};
|
|
|
|
/* Target-dependent structure in gdbarch. */
|
|
struct arm_gdbarch_tdep : gdbarch_tdep_base
|
|
{
|
|
/* The ABI for this architecture. It should never be set to
|
|
ARM_ABI_AUTO. */
|
|
enum arm_abi_kind arm_abi {};
|
|
|
|
enum arm_float_model fp_model {}; /* Floating point calling conventions. */
|
|
|
|
bool have_fpa_registers = false; /* Does the target report the FPA registers? */
|
|
bool have_wmmx_registers = false; /* Does the target report the WMMX registers? */
|
|
/* The number of VFP registers reported by the target. It is zero
|
|
if VFP registers are not supported. */
|
|
int vfp_register_count = 0;
|
|
bool have_s_pseudos = false; /* Are we synthesizing the single precision
|
|
VFP registers? */
|
|
int s_pseudo_base = 0; /* Register number for the first S pseudo
|
|
register. */
|
|
int s_pseudo_count = 0; /* Number of S pseudo registers. */
|
|
bool have_q_pseudos = false; /* Are we synthesizing the quad precision
|
|
Q (NEON or MVE) registers? Requires
|
|
have_s_pseudos. */
|
|
int q_pseudo_base = 0; /* Register number for the first quad
|
|
precision pseudo register. */
|
|
int q_pseudo_count = 0; /* Number of quad precision pseudo
|
|
registers. */
|
|
bool have_neon = false; /* Do we have a NEON unit? */
|
|
|
|
bool have_mve = false; /* Do we have a MVE extension? */
|
|
int mve_vpr_regnum = 0; /* MVE VPR register number. */
|
|
int mve_pseudo_base = 0; /* Number of the first MVE pseudo register. */
|
|
int mve_pseudo_count = 0; /* Total number of MVE pseudo registers. */
|
|
|
|
bool have_pacbti = false; /* True if we have the ARMv8.1-m PACBTI
|
|
extensions. */
|
|
int pacbti_pseudo_base = 0; /* Number of the first PACBTI pseudo
|
|
register. */
|
|
int pacbti_pseudo_count = 0; /* Total number of PACBTI pseudo registers. */
|
|
|
|
int m_profile_msp_regnum = ARM_SP_REGNUM; /* M-profile MSP register number. */
|
|
int m_profile_psp_regnum = ARM_SP_REGNUM; /* M-profile PSP register number. */
|
|
|
|
/* Secure and Non-secure stack pointers with security extension. */
|
|
int m_profile_msp_ns_regnum = ARM_SP_REGNUM; /* M-profile MSP_NS register number. */
|
|
int m_profile_psp_ns_regnum = ARM_SP_REGNUM; /* M-profile PSP_NS register number. */
|
|
int m_profile_msp_s_regnum = ARM_SP_REGNUM; /* M-profile MSP_S register number. */
|
|
int m_profile_psp_s_regnum = ARM_SP_REGNUM; /* M-profile PSP_S register number. */
|
|
|
|
int tls_regnum = 0; /* Number of the tpidruro register. */
|
|
|
|
bool is_m = false; /* Does the target follow the "M" profile. */
|
|
bool have_sec_ext = false; /* Do we have security extensions? */
|
|
CORE_ADDR lowest_pc = 0; /* Lowest address at which instructions
|
|
will appear. */
|
|
|
|
const gdb_byte *arm_breakpoint = nullptr; /* Breakpoint pattern for an ARM insn. */
|
|
int arm_breakpoint_size = 0; /* And its size. */
|
|
const gdb_byte *thumb_breakpoint = nullptr; /* Breakpoint pattern for a Thumb insn. */
|
|
int thumb_breakpoint_size = 0; /* And its size. */
|
|
|
|
/* If the Thumb breakpoint is an undefined instruction (which is
|
|
affected by IT blocks) rather than a BKPT instruction (which is
|
|
not), then we need a 32-bit Thumb breakpoint to preserve the
|
|
instruction count in IT blocks. */
|
|
const gdb_byte *thumb2_breakpoint = nullptr;
|
|
int thumb2_breakpoint_size = 0;
|
|
|
|
int jb_pc = 0; /* Offset to PC value in jump buffer.
|
|
If this is negative, longjmp support
|
|
will be disabled. */
|
|
size_t jb_elt_size = 0; /* And the size of each entry in the buf. */
|
|
|
|
/* Convention for returning structures. */
|
|
enum struct_return struct_return {};
|
|
|
|
/* ISA-specific data types. */
|
|
struct type *arm_ext_type = nullptr;
|
|
struct type *neon_double_type = nullptr;
|
|
struct type *neon_quad_type = nullptr;
|
|
|
|
/* syscall record. */
|
|
int (*arm_syscall_record) (struct regcache *regcache,
|
|
unsigned long svc_number) = nullptr;
|
|
};
|
|
|
|
/* Structures used for displaced stepping. */
|
|
|
|
/* The maximum number of temporaries available for displaced instructions. */
|
|
#define DISPLACED_TEMPS 16
|
|
/* The maximum number of modified instructions generated for one single-stepped
|
|
instruction, including the breakpoint (usually at the end of the instruction
|
|
sequence) and any scratch words, etc. */
|
|
#define ARM_DISPLACED_MODIFIED_INSNS 8
|
|
|
|
struct arm_displaced_step_copy_insn_closure
|
|
: public displaced_step_copy_insn_closure
|
|
{
|
|
ULONGEST tmp[DISPLACED_TEMPS];
|
|
int rd;
|
|
int wrote_to_pc;
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
int xfersize;
|
|
int rn; /* Writeback register. */
|
|
unsigned int immed : 1; /* Offset is immediate. */
|
|
unsigned int writeback : 1; /* Perform base-register writeback. */
|
|
unsigned int restore_r4 : 1; /* Used r4 as scratch. */
|
|
} ldst;
|
|
|
|
struct
|
|
{
|
|
unsigned long dest;
|
|
unsigned int link : 1;
|
|
unsigned int exchange : 1;
|
|
unsigned int cond : 4;
|
|
} branch;
|
|
|
|
struct
|
|
{
|
|
unsigned int regmask;
|
|
int rn;
|
|
CORE_ADDR xfer_addr;
|
|
unsigned int load : 1;
|
|
unsigned int user : 1;
|
|
unsigned int increment : 1;
|
|
unsigned int before : 1;
|
|
unsigned int writeback : 1;
|
|
unsigned int cond : 4;
|
|
} block;
|
|
|
|
struct
|
|
{
|
|
unsigned int immed : 1;
|
|
} preload;
|
|
|
|
struct
|
|
{
|
|
/* If non-NULL, override generic SVC handling (e.g. for a particular
|
|
OS). */
|
|
int (*copy_svc_os) (struct gdbarch *gdbarch, struct regcache *regs,
|
|
arm_displaced_step_copy_insn_closure *dsc);
|
|
} svc;
|
|
} u;
|
|
|
|
/* The size of original instruction, 2 or 4. */
|
|
unsigned int insn_size;
|
|
/* True if the original insn (and thus all replacement insns) are Thumb
|
|
instead of ARM. */
|
|
unsigned int is_thumb;
|
|
|
|
/* The slots in the array is used in this way below,
|
|
- ARM instruction occupies one slot,
|
|
- Thumb 16 bit instruction occupies one slot,
|
|
- Thumb 32-bit instruction occupies *two* slots, one part for each. */
|
|
unsigned long modinsn[ARM_DISPLACED_MODIFIED_INSNS];
|
|
int numinsns;
|
|
CORE_ADDR insn_addr;
|
|
CORE_ADDR scratch_base;
|
|
void (*cleanup) (struct gdbarch *, struct regcache *,
|
|
arm_displaced_step_copy_insn_closure *);
|
|
};
|
|
|
|
/* Values for the WRITE_PC argument to displaced_write_reg. If the register
|
|
write may write to the PC, specifies the way the CPSR T bit, etc. is
|
|
modified by the instruction. */
|
|
|
|
enum pc_write_style
|
|
{
|
|
BRANCH_WRITE_PC,
|
|
BX_WRITE_PC,
|
|
LOAD_WRITE_PC,
|
|
ALU_WRITE_PC,
|
|
CANNOT_WRITE_PC
|
|
};
|
|
|
|
extern void
|
|
arm_process_displaced_insn (struct gdbarch *gdbarch, CORE_ADDR from,
|
|
CORE_ADDR to, struct regcache *regs,
|
|
arm_displaced_step_copy_insn_closure *dsc);
|
|
extern void
|
|
arm_displaced_init_closure (struct gdbarch *gdbarch, CORE_ADDR from,
|
|
CORE_ADDR to,
|
|
arm_displaced_step_copy_insn_closure *dsc);
|
|
extern ULONGEST
|
|
displaced_read_reg (regcache *regs, arm_displaced_step_copy_insn_closure *dsc,
|
|
int regno);
|
|
extern void
|
|
displaced_write_reg (struct regcache *regs,
|
|
arm_displaced_step_copy_insn_closure *dsc, int regno,
|
|
ULONGEST val, enum pc_write_style write_pc);
|
|
|
|
CORE_ADDR arm_skip_stub (frame_info_ptr, CORE_ADDR);
|
|
|
|
ULONGEST arm_get_next_pcs_read_memory_unsigned_integer (CORE_ADDR memaddr,
|
|
int len,
|
|
int byte_order);
|
|
|
|
CORE_ADDR arm_get_next_pcs_addr_bits_remove (struct arm_get_next_pcs *self,
|
|
CORE_ADDR val);
|
|
|
|
int arm_get_next_pcs_is_thumb (struct arm_get_next_pcs *self);
|
|
|
|
std::vector<CORE_ADDR> arm_software_single_step (struct regcache *);
|
|
int arm_is_thumb (struct regcache *regcache);
|
|
int arm_frame_is_thumb (frame_info_ptr frame);
|
|
|
|
extern void arm_displaced_step_fixup (struct gdbarch *,
|
|
displaced_step_copy_insn_closure *,
|
|
CORE_ADDR, CORE_ADDR,
|
|
struct regcache *, bool);
|
|
|
|
/* Return the bit mask in ARM_PS_REGNUM that indicates Thumb mode. */
|
|
extern int arm_psr_thumb_bit (struct gdbarch *);
|
|
|
|
/* Is the instruction at the given memory address a Thumb or ARM
|
|
instruction? */
|
|
extern int arm_pc_is_thumb (struct gdbarch *, CORE_ADDR);
|
|
|
|
extern int arm_process_record (struct gdbarch *gdbarch,
|
|
struct regcache *regcache, CORE_ADDR addr);
|
|
/* Functions exported from arm-bsd-tdep.h. */
|
|
|
|
/* Return the appropriate register set for the core section identified
|
|
by SECT_NAME and SECT_SIZE. */
|
|
|
|
extern void
|
|
armbsd_iterate_over_regset_sections (struct gdbarch *gdbarch,
|
|
iterate_over_regset_sections_cb *cb,
|
|
void *cb_data,
|
|
const struct regcache *regcache);
|
|
|
|
/* Get the correct Arm target description with given FP hardware type. */
|
|
const target_desc *arm_read_description (arm_fp_type fp_type, bool tls);
|
|
|
|
/* Get the correct Arm M-Profile target description with given hardware
|
|
type. */
|
|
const target_desc *arm_read_mprofile_description (arm_m_profile_type m_type);
|
|
|
|
#endif /* arm-tdep.h */
|