reliable and fast dwarf based stack unwinding
play

Reliable and Fast DWARF-based Stack Unwinding Thophile Bastian - PowerPoint PPT Presentation

Jun 18, 2023 •282 likes •841 views

Reliable and Fast DWARF-based Stack Unwinding Thophile Bastian Stephen Kell Francesco Zappa Nardelli ENS Paris, University of Kent, Inria Webpage (incl. slides) Funding ONR VerticA https://huit.re/frdwarf Google Research Fellowship $

  1. Reliable and Fast DWARF-based Stack Unwinding Théophile Bastian Stephen Kell Francesco Zappa Nardelli ENS Paris, University of Kent, Inria Webpage (incl. slides) Funding ONR VerticA https://huit.re/frdwarf Google Research Fellowship

  2. $ ./a.out Segmentation fault. 1/18

  3. $ ./a.out Segmentation fault. (gdb) backtrace #0 0x54625 in fct_b #1 0x54663 in fct_a #2 0x54674 in main 1/18

  4. $ ./a.out Segmentation fault. (gdb) backtrace #0 0x54625 in fct_b #1 0x54663 in fct_a #2 0x54674 in main How does it work? 1/18

  5. $ ./a.out Segmentation fault. (gdb) backtrace #0 0x54625 in fct_b #1 0x54663 in fct_a #2 0x54674 in main How does it work? 1/18

  6. How do we get the return address? 2/18

  7. How do we get the return address? What if we only have %rsp? 2/18

  8. DWARF unwinding data PC CFA rbx rbp r12 r13 r14 r15 ra 0084950 rsp+8 u u u u u u c-8 0084952 rsp+16 u u u u u c-16 c-8 0084954 rsp+24 u u u u c-24 c-16 c-8 0084956 rsp+32 u u u c-32 c-24 c-16 c-8 0084958 rsp+40 u u c-40 c-32 c-24 c-16 c-8 0084959 rsp+48 u c-48 c-40 c-32 c-24 c-16 c-8 008495a rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084962 rsp+64 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a19 rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1d rsp+48 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1e rsp+40 c-56 c-48 c-40 c-32 c-24 c-16 c-8 3/18

  9. DWARF unwinding data PC CFA rbx rbp r12 r13 r14 r15 ra 0084950 rsp+8 u u u u u u c-8 0084952 rsp+16 u u u u u c-16 c-8 0084954 rsp+24 u u u u c-24 c-16 c-8 0084956 rsp+32 u u u c-32 c-24 c-16 c-8 0084958 rsp+40 u u c-40 c-32 c-24 c-16 c-8 0084959 rsp+48 u c-48 c-40 c-32 c-24 c-16 c-8 008495a rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084962 rsp+64 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a19 rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1d rsp+48 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1e rsp+40 c-56 c-48 c-40 c-32 c-24 c-16 c-8 For each instruction. . . (identified by its program counter) 3/18

  10. DWARF unwinding data PC CFA rbx rbp r12 r13 r14 r15 ra 0084950 rsp+8 u u u u u u c-8 0084952 rsp+16 u u u u u c-16 c-8 0084954 rsp+24 u u u u c-24 c-16 c-8 0084956 rsp+32 u u u c-32 c-24 c-16 c-8 0084958 rsp+40 u u c-40 c-32 c-24 c-16 c-8 0084959 rsp+48 u c-48 c-40 c-32 c-24 c-16 c-8 008495a rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084962 rsp+64 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a19 rsp+56 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1d rsp+48 c-56 c-48 c-40 c-32 c-24 c-16 c-8 0084a1e rsp+40 c-56 c-48 c-40 c-32 c-24 c-16 c-8 . . . an expression For each instruction. . . to compute its (identified by its return address program counter) location on the stack 3/18

  11. The real DWARF 30 24 34 FDE pc =004020..004040 DW_CFA_def_cfa_offset: 16 DW_CFA_advance_loc: 6 to 0000000000004026 DW_CFA_def_cfa_offset: 24 DW_CFA_advance_loc: 10 to 0000000000004030 DW_CFA_def_cfa_expression (DW_OP_breg7 (rsp): 8; DW_OP_breg16 (rip): 0; DW_OP_lit15; DW_OP_and; DW_OP_lit11; DW_OP_ge; DW_OP_lit3; DW_OP_shl; DW_OP_plus) [...] 4/18

  12. The real DWARF 30 24 34 FDE pc =004020..004040 DW_CFA_def_cfa_offset: 16 DW_CFA_advance_loc: 6 to 0000000000004026 DW_CFA_def_cfa_offset: 24 DW_CFA_advance_loc: 10 to 0000000000004030 DW_CFA_def_cfa_expression (DW_OP_breg7 (rsp): 8; DW_OP_breg16 (rip): 0; DW_OP_lit15; DW_OP_and; DW_OP_lit11; DW_OP_ge; DW_OP_lit3; DW_OP_shl; DW_OP_plus) [...] → bytecode for a Turing-complete stack machine − → which is interpreted on demand at runtime − to reconstruct the table 4/18

  13. What does this imply? Your compiler generates code for two machines: your processor and the DWARF VM. $ gcc -S foo.c main: .cfi_startproc pushq %rbp .cfi_def_cfa_offset 16 .cfi_offset 6, -16 movq %rsp , %rbp .cfi_def_cfa_register 6 subq $32 , %rsp movl %edi , -20(%rbp) movq %rsi , -32(%rbp) .cfi_* : inline DWARF! 5/18

  14. What does this imply? Your compiler generates code for two machines: your processor and the DWARF VM. $ gcc -S foo.c main: = ⇒ Cumbersome to generate for .cfi_startproc the compiler pushq %rbp � might do it wrong .cfi_def_cfa_offset 16 .cfi_offset 6, -16 � might not do it at all movq %rsp , %rbp = ⇒ If you write inline asm, you .cfi_def_cfa_register 6 must write inline DWARF! subq $32 , %rsp movl %edi , -20(%rbp) movq %rsi , -32(%rbp) .cfi_* : inline DWARF! 5/18

  15. .section .eh_frame ,"a",@progbits 5: .long 7f-6f # Length of Common Information Entry 6: .long 0x0 # CIE Identifier Tag .byte 0x1 # CIE Version .ascii "zR\\0" # CIE Augmentation .uleb128 0x1 # CIE Code Alignment Factor .sleb128 -4 # CIE RA Column .byte 0x8 # Augmentation size .uleb128 0x1 # FDE Encoding (pcrel sdata4) .byte 0x1b # DW_CFA_def_cfa .byte 0xc .uleb128 0x4 .uleb128 0x0 .align 4 7: .long 17f-8f # FDE Length 8: .long 8b-5b # FDE CIE offset .long 1b-. # FDE initial location .long 4b-1b # FDE address range .uleb128 0x0 # Augmentation size .byte 0x16 # DW_CFA_val_expression .uleb128 0x8 .uleb128 10f-9f 9: .byte 0x78 # DW_OP_breg8 .sleb128 3b-1b 6/18

  16. .section .eh_frame ,"a",@progbits 5: .long 7f-6f # Length of Common Information Entry 6: .long 0x0 # CIE Identifier Tag .byte 0x1 # CIE Version .ascii "zR\\0" # CIE Augmentation .uleb128 0x1 # CIE Code Alignment Factor .sleb128 -4 # CIE RA Column In glibc , lowlevellock.h : .byte 0x8 # Augmentation size off by one error in .uleb128 0x1 # FDE Encoding (pcrel sdata4) .byte 0x1b # DW_CFA_def_cfa unwinding data. .byte 0xc .uleb128 0x4 (gdb) backtrace .uleb128 0x0 .align 4 #0 0x406c2c in _L_lock_19 7: .long 17f-8f # FDE Length #1 0x406c2c in _L_lock_19 8: .long 8b-5b # FDE CIE offset #2 0x4069c6 in abort .long 1b-. # FDE initial location .long 4b-1b # FDE address range #3 0x401017 in main .uleb128 0x0 # Augmentation size .byte 0x16 # DW_CFA_val_expression .uleb128 0x8 .uleb128 10f-9f 9: .byte 0x78 # DW_OP_breg8 .sleb128 3b-1b 6/18

  17. .section .eh_frame ,"a",@progbits 5: .long 7f-6f # Length of Common Information Entry Complex & slow 6: .long 0x0 # CIE Identifier Tag .byte 0x1 # CIE Version .ascii "zR\\0" # CIE Augmentation .uleb128 0x1 # CIE Code Alignment Factor .sleb128 -4 # CIE RA Column .byte 0x8 # Augmentation size .uleb128 0x1 # FDE Encoding (pcrel sdata4) .byte 0x1b # DW_CFA_def_cfa .byte 0xc .uleb128 0x4 .uleb128 0x0 .align 4 7: .long 17f-8f # FDE Length 8: .long 8b-5b # FDE CIE offset .long 1b-. # FDE initial location .long 4b-1b # FDE address range .uleb128 0x0 # Augmentation size .byte 0x16 # DW_CFA_val_expression .uleb128 0x8 .uleb128 10f-9f 9: .byte 0x78 # DW_OP_breg8 .sleb128 3b-1b 6/18

  18. .section .eh_frame ,"a",@progbits 5: .long 7f-6f # Length of Common Information Entry Complex & slow 6: .long 0x0 # CIE Identifier Tag .byte 0x1 # CIE Version .ascii "zR\\0" # CIE Augmentation .uleb128 0x1 # CIE Code Alignment Factor .sleb128 -4 # CIE RA Column .byte 0x8 # Augmentation size Pervasive: .uleb128 0x1 # FDE Encoding (pcrel sdata4) .byte 0x1b # DW_CFA_def_cfa .byte 0xc relied upon by profilers, .uleb128 0x4 .uleb128 0x0 .align 4 debuggers, aaand. . . 7: .long 17f-8f # FDE Length 8: .long 8b-5b # FDE CIE offset .long 1b-. # FDE initial location .long 4b-1b # FDE address range .uleb128 0x0 # Augmentation size .byte 0x16 # DW_CFA_val_expression .uleb128 0x8 .uleb128 10f-9f 9: .byte 0x78 # DW_OP_breg8 .sleb128 3b-1b 6/18

  19. .section .eh_frame ,"a",@progbits 5: .long 7f-6f # Length of Common Information Entry Complex & slow 6: .long 0x0 # CIE Identifier Tag .byte 0x1 # CIE Version .ascii "zR\\0" # CIE Augmentation .uleb128 0x1 # CIE Code Alignment Factor .sleb128 -4 # CIE RA Column .byte 0x8 # Augmentation size Pervasive: .uleb128 0x1 # FDE Encoding (pcrel sdata4) .byte 0x1b # DW_CFA_def_cfa .byte 0xc relied upon by profilers, .uleb128 0x4 .uleb128 0x0 .align 4 debuggers, aaand. . . 7: .long 17f-8f # FDE Length 8: .long 8b-5b # FDE CIE offset .long 1b-. # FDE initial location C++ exceptions. .long 4b-1b # FDE address range .uleb128 0x0 # Augmentation size .byte 0x16 # DW_CFA_val_expression � not only for .uleb128 0x8 .uleb128 10f-9f 9: .byte 0x78 # DW_OP_breg8 debuggers! .sleb128 3b-1b 6/18

  20. “Sorry, but last time was too f. . . painful. The whole (and only) point of unwinders is to make debugging easy when a bug occurs. But the dwarf unwinder had bugs itself, or our dwarf information had bugs, and in either case it actually turned several trivial bugs into a total undebuggable hell.” — Linus Torvalds, 2012 7/18

  21. “Sorry, but last time was too f. . . painful. The whole (and only) point of unwinders is to make debugging easy when a bug occurs. But the dwarf unwinder had bugs itself, or our dwarf information had bugs, and in either case it actually turned several trivial bugs into a total undebuggable hell.” — Linus Torvalds, 2012 This is where we still are! 7/18

Recommend

Speeding up stack unwinding by compiling DWARF debug data Thophile Bastian Under supervision of

Speeding up stack unwinding by compiling DWARF debug data Thophile Bastian Under supervision of

Speeding up stack unwinding by compiling DWARF debug data Thophile Bastian Under supervision of Francesco Zappa Nardelli Team PARKAS, INRIA, Paris March August 2018 Slides: https://tobast.fr/m2/slides.pdf Report:

718 views • 41 slides
WHEN GDB IS NOT ENOUGH PAUL SEMEL KEVIN TAVUKCIYAN TALKING ABOUT DWARF TALKING ABOUT DWARF

WHEN GDB IS NOT ENOUGH PAUL SEMEL KEVIN TAVUKCIYAN TALKING ABOUT DWARF TALKING ABOUT DWARF

WHEN GDB IS NOT ENOUGH PAUL SEMEL KEVIN TAVUKCIYAN TALKING ABOUT DWARF TALKING ABOUT DWARF DEBUGGING WITH ATTRIBUTE RECORD FORMATS WHAT IS DWARF? WHAT IS DWARF? Format used to store debug informations Generated by the compiler Sections in

830 views • 35 slides
Self-Hosted Scripting in Guile Fast Start with ELF and DWARF Andy Wingo Igalia, S.L.

Self-Hosted Scripting in Guile Fast Start with ELF and DWARF Andy Wingo Igalia, S.L.

Self-Hosted Scripting in Guile Fast Start with ELF and DWARF Andy Wingo Igalia, S.L. @andywingo / wingolog.org Self-hosted runtimes can be heavy Wanted: Fast start Scripting source model Self-hosted runtime, compiler,

666 views • 20 slides
UNWINDING SATURNS TURNS : PROBING THE FAR ULTRAVIOLET PROPERTIES OF SATURNS RINGS Based on

UNWINDING SATURNS TURNS : PROBING THE FAR ULTRAVIOLET PROPERTIES OF SATURNS RINGS Based on

UNWINDING SATURNS TURNS : PROBING THE FAR ULTRAVIOLET PROPERTIES OF SATURNS RINGS Based on the paper by Bradley et al. (2010): Far ultraviolet spectral properties of Saturns rings from Cassini UVIS Milena Crnogorevi ASTR630 Term

323 views • 8 slides
1 Array-based Stack (2.1.1) Algorithm pop (): if isEmpty () then A simple way of throw

1 Array-based Stack (2.1.1) Algorithm pop (): if isEmpty () then A simple way of throw

Elementary Data Structures Stacks, Queues, Vectors, Lists & Sequences Trees The Stack ADT (2.1.1) The Stack ADT stores arbitrary objects Insertions and deletions Auxiliary stack follow the last-in first-out operations: scheme

473 views • 13 slides
An open source user space fast path TCP/IP stack Industry network challenges Growth in data

An open source user space fast path TCP/IP stack Industry network challenges Growth in data

An open source user space fast path TCP/IP stack Industry network challenges Growth in data traffic means that even small network nodes needs a fast path The Linux IP stack is slow and does not scale High throughput IP processing

361 views • 20 slides
Are Code Examples on an Online Q&A Forum Reliable? A Study of API Misuse on Stack Overflow

Are Code Examples on an Online Q&A Forum Reliable? A Study of API Misuse on Stack Overflow

Are Code Examples on an Online Q&A Forum Reliable? A Study of API Misuse on Stack Overflow Tianyi Zhang 1 ,Ganesha Upadhyaya 2 , Anastasia Reinhart 3 , Hridesh Rajan 2 , Miryung Kim 1 1 University of California, Los Angeles 2 Iowa State

916 views • 52 slides
Development of a DWARF-based display component for 3D scences on the iPAQ -

Development of a DWARF-based display component for 3D scences on the iPAQ -

Development of a DWARF-based display component for 3D scences on the iPAQ - Systementwicklungsprojekt - Marco Feuerstein Lehrstuhl fr Angewandte Softwaretechnik Institut fr Informatik Technische Universitt Mnchen feuerste@in.tum.de

780 views • 15 slides
Checking Unwinding Conditions for Finite State Systems Deepak DSouza, Raghavendra K.R.

Checking Unwinding Conditions for Finite State Systems Deepak DSouza, Raghavendra K.R.

Checking Unwinding Conditions for Finite State Systems Deepak DSouza, Raghavendra K.R. Indian Institute of Science, Bangalore, India Checking Unwinding Conditions for Finite State Systems p.1/14 MAKS Framework of Heiko Events. V isible,

1.04k views • 56 slides
Evaluating arithmetic expressions Stack-based algorithms are used for syntactical analysis (

Evaluating arithmetic expressions Stack-based algorithms are used for syntactical analysis (

ITI 1121. Introduction to Computing II Marcel Turcotte School of Electrical Engineering and Computer Science Version of February 2, 2013 Abstract Abstract data type: Stack Stack-based algorithms These lecture notes are meant to

1.69k views • 153 slides
Accretion in dwarf novae Nicolas Scepi supervised by Guillaume Dubus and Geoffroy Lesur

Accretion in dwarf novae Nicolas Scepi supervised by Guillaume Dubus and Geoffroy Lesur

Accretion in dwarf novae Nicolas Scepi supervised by Guillaume Dubus and Geoffroy Lesur Dautreppe, 4th of December 2018 1 Dwarf novae Accretion disk Solar type star White dwarf Dwarf novae are ideal to study accretion : - emission in the

983 views • 25 slides
4/19/2013 Fast and reliable Portable and easy to install PRESERVING, GENERATING, AND

4/19/2013 Fast and reliable Portable and easy to install PRESERVING, GENERATING, AND

4/19/2013 Fast and reliable Portable and easy to install PRESERVING, GENERATING, AND VISUALIZING KNOWLEDGE OF ARCHITECTURALLY SIGNIFICANT REQUIREMENTS IN SOURCE CODE Institute for Software Research Distinguished Speaker Series University

534 views • 25 slides
Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed

Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed

Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed Wearable Augmented Reality Framework Studienarbeit Lothar Richter Chair for Applied Software Engineering Summary Development of a short and easy

430 views • 30 slides
Ludger BioQuant Chitotriose Standard for Glycan Quantitation A fast, reliable method for

Ludger BioQuant Chitotriose Standard for Glycan Quantitation A fast, reliable method for

Ludger BioQuant Chitotriose Standard for Glycan Quantitation A fast, reliable method for quantifying your glycans Highlights of the Chitotriose Standard System for Glycan Quantification Regulatory Submissions Reliable quantification

78 views • 7 slides
Phase 2 Data Launch 12/6/17 Whats the Problem? Fast, reliable and resilient internet

Phase 2 Data Launch 12/6/17 Whats the Problem? Fast, reliable and resilient internet

Fastershire Phase 2 Data Launch 12/6/17 Whats the Problem? Fast, reliable and resilient internet access increasingly important for business and society Growing number of commercial and service interactions delivered exclusively

405 views • 27 slides
Fast, Reliable, Secure, Affordable MongoDB on AWS EC2 Paul Marcelin Why are we here today?

Fast, Reliable, Secure, Affordable MongoDB on AWS EC2 Paul Marcelin Why are we here today?

Fast, Reliable, Secure, Affordable MongoDB on AWS EC2 Paul Marcelin Why are we here today? Among open-source databases, MongoDB is a complete production-ready solution Self-managing MongoDB is worthwhile , for the best AWS performance at

444 views • 20 slides
Dwarf Galaxy Formation with Dwarf Galaxy Formation with H 2 -regulated Star Formation H 2

Dwarf Galaxy Formation with Dwarf Galaxy Formation with H 2 -regulated Star Formation H 2

Dwarf Galaxy Formation with Dwarf Galaxy Formation with H 2 -regulated Star Formation H 2 -regulated Star Formation Michael Kuhlen, UC Berkeley arXiv:1105.2376 w/ M. Krumholz, P. Madau, B. Smith, J. Wise August 9 th 2011 2011 UC Santa Cruz

708 views • 33 slides
On- -line diagnostic of a PEM fuel cell stack line diagnostic of a PEM fuel cell stack On based

On- -line diagnostic of a PEM fuel cell stack line diagnostic of a PEM fuel cell stack On based

International Symposium on Diagnostic Tools for Fuel Cell Technologies Trondheim, June 24th, 2009 On- -line diagnostic of a PEM fuel cell stack line diagnostic of a PEM fuel cell stack On based on the electrical power converter based on the

477 views • 20 slides
Outline and Reading The Stack ADT (2.1.1) Stacks Applications of Stacks (2.1.1) Array-based

Outline and Reading The Stack ADT (2.1.1) Stacks Applications of Stacks (2.1.1) Array-based

Outline and Reading The Stack ADT (2.1.1) Stacks Applications of Stacks (2.1.1) Array-based implementation (2.1.1) Growable array-based stack (1.5) Stacks 2 Abstract Data Types (ADTs) The Stack ADT An abstract data The Stack ADT

197 views • 4 slides
MEAN Stack Jay Urbain, PhD h6p://expressjs.com/

MEAN Stack Jay Urbain, PhD h6p://expressjs.com/

MEAN Stack Jay Urbain, PhD h6p://expressjs.com/ Requirements for a modern web app Low latency, fast response Ime Minimize page reloads

518 views • 30 slides
Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping

Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping

Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping etc. Implementations of stacks using array linked list The Stack ADT A stack is a list with the restriction that insertions and

566 views • 44 slides
FAST. CONVENIENT. RELIABLE. www.placetgroup.com Who are we? Founded in 2005, the Placet Group

FAST. CONVENIENT. RELIABLE. www.placetgroup.com Who are we? Founded in 2005, the Placet Group

FAST. CONVENIENT. RELIABLE. www.placetgroup.com Who are we? Founded in 2005, the Placet Group issued its first loan in 2007 The company provides both secured and unsecured loans to individuals and legal entities. The company was issued a

432 views • 18 slides
APRIS Fast Reliable Intuitive Acoustic Pulse Reflectometry Inspection System for heat

APRIS Fast Reliable Intuitive Acoustic Pulse Reflectometry Inspection System for heat

APRIS Fast Reliable Intuitive Acoustic Pulse Reflectometry Inspection System for heat exchanger tubes TODAYS INSPECTION Conventional Tube inspection Technologies EDDYCURRENT IRIS VIDEO SCOPE optics electromagnetic test

1.83k views • 32 slides
Asmodeus Isaac Sheff The Dwarf @ . isheff@cs.cornell.edu

Asmodeus Isaac Sheff The Dwarf @ . isheff@cs.cornell.edu

I SAAC S HEFF BEYOND OPTIMAL: COMPILER BLACK MAGIC BASED ON EQUIVALENT EXCHANGE BEYOND OPTIMAL Asmodeus Isaac Sheff The Dwarf @ . isheff@cs.cornell.edu the flask BACKGROUND COMPILERS SOURCE

442 views • 26 slides

More recommend