is no reason not to keep it locally. Implemented a basic disassembler which can be used
to scan bytecode for interesting conditions. This should be pretty easy to add to for
things other than exploitability if there is a desire. This also adds several tests to
the windows exploitability ranking code to take advantage of the disassembler for x86
code.
BUG=None
TEST=DisassemblerX86Test.*
Review URL: http://breakpad.appspot.com/203001
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@705 4c0a9323-5329-0410-9bdc-e9ce6186880e
This patch avoids unnecessary use of the <cfoo> headers in files that don't
actually use the identifiers they declare in the std:: namespace.
It also changes some files to better conform with the "Names and Order of
Includes" rules in the Google C++ Style Guide.
A=jimb R=mark
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@619 4c0a9323-5329-0410-9bdc-e9ce6186880e
The google_breakpad::TestAssembler classes are used in both the processor's
and the Linux dumper's test suites, and will soon be used in the Mac
dumper's tests as well. This patch moves their source files from
src/processor to src/common.
a=jimblandy, r=thestig
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@574 4c0a9323-5329-0410-9bdc-e9ce6186880e
When building with G++ 4.1.2, src/processor/cfi_frame_info.cc fails to
build with the error below. G++ 4.2.1 and later do not seem to report this
problem.
This patch works around the problem by casting stream.tellp() to
std::streamoff before doing the comparison.
src/processor/cfi_frame_info.cc: In member function `std::string google_breakpad::CFIFrameInfo::Serialize() const':
src/processor/cfi_frame_info.cc:105: error: ambiguous overload for `operator!=' in `stream.std::basic_ostringstream<char, std::char_traits<char>, std::allocator<char> >::<anonymous>.std::basic_ostream<_CharT, _Traits>::tellp [with _CharT = char, _Traits = std::char_traits<char>]() != 0'
src/processor/cfi_frame_info.cc:105: note: candidates are: operator!=(std::streamoff, int) <built-in>
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/postypes.h:143: note: bool std::fpos<_StateT>::operator!=(const std::fpos<_StateT>&) const [with _StateT = __mbstate_t]
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@572 4c0a9323-5329-0410-9bdc-e9ce6186880e
pdb filenames in crash reports may contain embedded newlines. When
minidump-stackwalk prints these lines, it ends up with:
Module|olek8r4u.dll|6.0.6000.16386|\\xc2\\xeb\\x17\\x04J\\xb6:\\xbaT\\xf3\\xef\\xe8Y\\x90\\x86\\xaa\\xe5\\x16n\\xb1\\x80\\x85\\t\\x12!\\x16\\x0f\\x98\\xf8\\x89\\x16"\\x96\\xd4\\x84\\x88\\xea\\xe3\\r\\r\\x1b\\xca\\x85*^h\\xf5\\xdc\n\\xd9\\xf4}j\\x1d7\\xe39o\\x1f\\xc5\\xc4\\xa6x\\x8ba\\xe8\\xd6K\\x89H\\xe1\\xff\\xe7\\xf5\\xf0Y\\xfd\\xf5\\xdbu\\x0c\\x07\\x86\\xed|29E0B04FCCBE47EB86A6C819E8B89D051|0x00f60000|0x00ff2fff|0\n
Which has an embedded newline and the machine parser can't handle it. This
patch just strips the embedded newline, just as we strip embedded |
separator characters.
a=bsmedberg, r=jimblandy
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@571 4c0a9323-5329-0410-9bdc-e9ce6186880e
This adds support for 'STACK CFI' records (DWARF CFI) to the AMD64
stack walker. This is necessary for the stack trace to include any
frames other than the youngest. Unit tests are included.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@554 4c0a9323-5329-0410-9bdc-e9ce6186880e
This patch allows the Breakpad minidump processor to use data from
STACK CFI records to generate stack traces for the ARM processor.
In the symbol dumper, we need a table mapping DWARF CFI register
numbers to their names: STACK CFI records refer to registers by name.
In the processor, we expand StackwalkerARM::GetCallerFrame to see if
there are STACK CFI records covering the callee, and then use those to
recover the caller's register values.
There's no good reason the ARM walker couldn't use the SimpleCFIWalker
interface declared in cfi_frame_info.h. Unfortunately, that interface
assumes that one can map register names to member pointers of the raw
context type, while MDRawContextARM uses an array to hold the
registers' values: C++ pointer-to-member types can't refer to elements
of member arrays. So we have to write out SimpleCFIWalker::FindCallerRegisters
in StackwalkerARM::GetCallerFrame.
We define enum MDARMRegisterNumbers in minidump_cpu_arm.h, for
convenience in referring to certain ARM registers with dedicated
purposes, like the stack pointer and the PC.
We define validity flags in StackFrameARM for all the registers, since
CFI could theoretically recover any of them. In the same vein, we
expand minidump_stackwalk.cc to print the values of all valid
callee-saves registers in the context --- and use the proper names for
special-purpose registers.
We provide unit tests that give full code and branch coverage (with
minor exceptions). We add a testing interface to StackwalkerARM that
allows us to create context frames that lack some register values.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@553 4c0a9323-5329-0410-9bdc-e9ce6186880e
Add a CFIFrameInfo class (named for symmetry with WindowsFrameInfo) to
represent the set of STACK CFI rules in effect at a given instruction,
and apply them to a set of register values. Provide a SimpleCFIWalker
class template, to allow the essential CFI code to be shared amongst
the different architectures.
Teach BasicSourceLineResolver to partially parse 'STACK CFI' records,
and produce the set of rules in effect at a given instruction on
demand, by combining the initial rule set and the appropriate rule
deltas in a CFIFrameInfo object.
Adapt StackwalkerX86 and StackFrameX86 to retrieve, store, and apply
CFI stack walking information.
Add validity flags for all the general-purpose registers to
StackFrameX86::ContextValidity.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@549 4c0a9323-5329-0410-9bdc-e9ce6186880e
Issue 53001 (http://breakpad.appspot.com/53001) defines the
TestAssembler classes; those, along with a new set of mock classes
defined in stackwalker_unittest_utils.h, make it possible for us to
actually do proper unit testing of a stack walker. These tests get us
full code coverage for stackwalker_x86.cc.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@548 4c0a9323-5329-0410-9bdc-e9ce6186880e
This also adds two new test utility class groups, TestAssembler and
SynthMinidump. These are overkill for what I'm doing with them here
(and may simply be overkill, period), but they make it easy to write
unit tests for code that works on binary files or raw memory contents
in a cross-platform way. I'm planning to use them for the DWARF CFI
unwinding tests and the DWARF CFI parser tests.
a=jimblandy, r=nealsid
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@547 4c0a9323-5329-0410-9bdc-e9ce6186880e
Some versions of the libstdc++, the GNU standard C++ library, have
stream extractors for unsigned integer values that permit a leading
'-' sign (6.0.13); others do not (6.0.9). Regardless of the behavior
of the extractors, Breakpad postfix expressions should support
negative literals.
a=jimblandy, r=nealsid
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@537 4c0a9323-5329-0410-9bdc-e9ce6186880e
We've gotten mixed advice from the lawyery types about whether this
matters. But it's easy enough to do.
a=jimblandy, r=nealsid
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@517 4c0a9323-5329-0410-9bdc-e9ce6186880e
This looks a little odd right now, since ParseStackInfo has only one
alternative to handle, but I think breaking this out should make the
subsequent addition of STACK CFI record support easier to review.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@514 4c0a9323-5329-0410-9bdc-e9ce6186880e
Rename BasicSourceLineResolver::Module::StackInfoTypes to
WindowsFrameInfoTypes. This enum really describes the forms of
Windows-specific stack unwinding data (STACK WIN records), and its
name should reflect that, especially since we'll be adding support for
other kinds of stack walking information.
The 'stack' -> 'frame' shift matches the naming of the
WindowsFrameInfo type.
Similarly, rename BasicSourceLineResolver::Module::stack_info_ to
windows_frame_info_.
Do similar renamings in basic_source_line_resolver_unittest.cc.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@513 4c0a9323-5329-0410-9bdc-e9ce6186880e
This patch moves the code for finding caller frames using STACK WIN
data and the code to do so using the traditional frame layout (%ebp
points at saved %ebp, pushed just after return address) into their own
functions. In addition to making things a little clearer, this is
preparation for adding support for STACK CFI records into the mix.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@512 4c0a9323-5329-0410-9bdc-e9ce6186880e
This adds an EvaluateForValue member function to PostfixEvaluator, and
along with appropriate unit tests.
a=jimblandy, r=nealsid
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@511 4c0a9323-5329-0410-9bdc-e9ce6186880e
The Google C++ Style Guide requires all parameters passed by reference
to be labeled 'const', and says that pointers should be used for
output arguments. This patch brings google_breakpad::StackwalkerX86
into line.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@510 4c0a9323-5329-0410-9bdc-e9ce6186880e
In order to be able to treat any MemoryRegion as const, the accessor
functions need to be declared this-const, which means annotations on
all the subclasses, etc. etc.
Since MinidumpMemoryRegion fills its memory_ member on demand, that
member needs to be marked 'mutable', but this is exactly the sort of
situation the 'mutable' keyword was intended for, so that seems all
right.
a=jimblandy, r=nealsid
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@509 4c0a9323-5329-0410-9bdc-e9ce6186880e
At the moment, StackwalkerX86::GetCallerFrame doesn't save the
WindowsFrameInfo that it finds for a frame unless it successfully
constructs the caller frame. This means that the windows_frame_info
field of the last frame on the stack is left unset, even when that
frame does have windows unwinding information.
This is not user-visible behavior, so it doesn't matter, but it is a
blemish on the interface, and unit tests (added in a later patch)
expect it.
This patch saves the information in the frame as soon as we find it.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@508 4c0a9323-5329-0410-9bdc-e9ce6186880e
In r480, I botched the change to make the comparisons that decide
whether an address falls within a function's range safe from overflow.
The original code said:
address >= function_base && address < function_base + function_size
which is fine unless the function abuts the end of the address space,
in which case the addition overflows and you get a false negative.
My change subtracted function_size from both sides of the latter
comparison, which is meaning-preserving in true math, and gets you:
address >= function_base && address - function_size < function_base
This not only reads strangely, but also still overflows if
function_size is greater than address. That's rare, but I've added a
case to the unit tests that checks it.
My intent had been to replace the addition which could overflow with a
subtraction that was known not to overflow, namely:
address >= function_base && address - function_base < function_size
This is equivalent to the original in true math, and because of the
first comparison, we know the subtraction won't underflow in MemAddr
math.
The patch includes similar fixes to the public symbol lookup code, and
to FindWindowsFrameInfo, which was the only other function affected by
r480.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@503 4c0a9323-5329-0410-9bdc-e9ce6186880e
RangeMaps use the range's upper end as the key in the underlying map,
but RetrieveNearestRange was treating the key as the lower end.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@501 4c0a9323-5329-0410-9bdc-e9ce6186880e
At the moment, the StackWalker GetCallerFrame member function expects
a vector of WindowsFrameInfo structures, even though WindowsFrameInfo
is only used or useful on one one implementation (StackWalkerX86).
This patch changes StackWalker::GetCallerFrame to no longer expect the
WindowsFrameInfo structures, and changes all implementations to match.
In particular, StackWalkerX86 is changed to find the WindowsFrameInfo
data itself, and store a pointer to whatever it got in the StackFrame
object itself (which is really a StackFrameX86).
To allow GetCallerFrame implementations to look up stack walking data,
StackWalker::resolver_ needs to be made protected, not private.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@491 4c0a9323-5329-0410-9bdc-e9ce6186880e
src/processor/minidump.cc:1067: warning: format ‘%llx’ expects type ‘long long unsigned int’, but argument 3 has type ‘unsigned int’
src/processor/stackwalker_arm.cc:83: warning: unused variable ‘last_frame’
src/processor/minidump_stackwalk.cc:163: warning: ‘trust_name’ may be used uninitialized in this function
a=jimblandy, r=ted.mielczarek
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@481 4c0a9323-5329-0410-9bdc-e9ce6186880e
At the moment, FillSourceLineInfo returns Windows DIA-based stack
walking data. In addition to being ugly, this makes it difficult to
provide access to DWARF CFI-based stack walking data in a symmetrical
way.
This patch changes FillSourceLineInfo to do the single job its name
suggests, and adds a second member function to
SourceLineResolverInterface to retrieve Windows DIA stack walking
information. A sibling member function will provide access to DWARF
CFI stack walking data.
a=jimblandy, r=mmentovai
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@480 4c0a9323-5329-0410-9bdc-e9ce6186880e
Also, rename stack_frame_info.h to windows_frame_info.h.
If it seems odd to have functions like FillSourceLineInfo returning
Windows-specific data structures... well, it is! This patch just makes
it more obvious what's going on.
a=jimblandy, r=nealsid
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@471 4c0a9323-5329-0410-9bdc-e9ce6186880e
This patch avoids comparisons between signed and unsigned values, as
warned about by G++ 4.4.1.
a=jimblandy, r=nealsid
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@469 4c0a9323-5329-0410-9bdc-e9ce6186880e
Modern GNU compilers warn about the #inclusion of <ext/hash_map>; that
container is deprecated, and code should use <tr1/unordered_map>
instead. However, to stay within the boundaries of C++ '98, it's
probably fine just to use plain old std::map.
Breakpad uses hash_map in three cases:
o The DWARF reader's SectionMap type maps object file section names to
data. This map is consulted once per section kind per DWARF
compilation unit; it is not performance-critical.
o The Mac dump_syms tool uses it to map machine architectures to
section maps in Universal binaries. It's hard to imagine there
ever being more than two entries in such a map.
o The processor's BasicSourceLineResolver uses a hash_map to map file
numbers to file names. This is the map that will probably have the
most entries, but it's only accessed once per frame, after we've
found the frame's line entry.
a=jimblandy
r=nealsid
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@393 4c0a9323-5329-0410-9bdc-e9ce6186880e
ExceptionHandler on Windows. Patch by John Abd-El-Malek. r=me
Interface change: post-dump and pre-dump (filter) callbacks now must accept
an additional EXCEPTION_POINTERS* argument.
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@103 4c0a9323-5329-0410-9bdc-e9ce6186880e
- Provide an optional filter callback that gets triggered before attempting
to write a dump, to give client code a chance to refuse handling early
in the process.
- Allow exceptions that are unhandled by Airbag (due to filter callback or
dump callback return value, or failure to write a dump) to be passed to the
previous handler or to the system.
- In order to pass exceptions unhandled by the topmost Airbag handler to
lower handlers, fix up the stacking of ExceptionHandler objects, and give
each ExceptionHandler object its own thread (like the Mac implementation)
to avoid deadlock.
- Provide a dump_path argument to callbacks, as requested by developers and
already implemented in the Mac handler.
- Avoid calling c_str in exception handler code (#90).
http://groups.google.com/group/airbag-dev/browse_thread/thread/4771825ced38a84c
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@79 4c0a9323-5329-0410-9bdc-e9ce6186880e
- Introduces a standard API for dealing with modules. MinidumpModule
is now a concrete implementation of this API. Code may interact with
single modules using the CodeModule interface, and collections of
modules using its container, the CodeModules interface.
- CodeModule is used directly by SymbolSupplier implementations and
SourceLineResolver. Reliance on the specific implementation in
MinidumpModule has been eliminated.
- Module lists are now added to ProcessState objects. Module references
in each stack frame are now pointers to objects in these module lists.
- The sample minidump_stackwalk tool prints the module list after printing
all threads' stacks.
http://groups.google.com/group/airbag-dev/browse_frm/thread/a9c0550edde54cf8
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@74 4c0a9323-5329-0410-9bdc-e9ce6186880e
- The dumped symbol format now begins with a MODULE line identifying the
uuid, age, and name of the source pdb file.
- The processor ignores MODULE lines, but they are useful in figuring out
how to index symbol files in a symbol store.
- dump_syms and symupload now both accept either a pdb or exe/dll and
will read the pdb regardless.
- Figured out that MSSS always represents a module's age in pathnames in
hexadecimal, and updated SimpleSymbolSupplier to match.
http://groups.google.com/group/airbag-dev/browse_thread/thread/572108d6567edd58
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@59 4c0a9323-5329-0410-9bdc-e9ce6186880e
- minidump_stackwalk is now much more useful as a debugging tool and
even as a standalone tool.
- Reimplementation of minidump_stackwalk around MinidumpProcessor.
- minidump_stackwalk displays all pertinent information returned by
MinidumpProcessor in the ProcessState.
- New PathnameStripper::File static utility method to display only the
leaf file name in a pathname, cleaning up minidump_stackwalk's output.
- New SimpleSymbolSupplier class, which implements a simple
filesystem-based symbol supplier compatible with the layout used by
Microsoft Symbol Server and its client cache.
- minidump_stackwalk now accepts an optional second argument, a pathname
to use as a symbol directory for a SimpleSymbolSupplier.
- Updated test data to be compatible with SimpleSymbolSupplier, and added
test data for kernel32.pdb. Test data converted from CRLF line endings
to LF.
http://groups.google.com/group/airbag-dev/browse_thread/thread/cce30a84f6b2d728
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@53 4c0a9323-5329-0410-9bdc-e9ce6186880e
- MinidumpProcessor now processes all threads and returns a new ProcessState
object. (Interface change.)
- ProcessState contains a CallStack for each thread in the process, and
additional information about whether the process crashed, which thread
crashed, the reason for the crash, and identifying attributes for the
OS and CPU.
- MinidumpSystemInfo now contains a GetCPUVendor() method that returns the
vendor information from CPUID 0 on x86 processors ("GenuineIntel").
http://groups.google.com/group/airbag-dev/browse_thread/thread/16dd2c981e3361ba
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@47 4c0a9323-5329-0410-9bdc-e9ce6186880e
- PDBSourceLineWriter (dump_syms) outputs stack frame debugging information
- SourceLineResolver reads the new information and puts it into a
new StackFrameInfo structure, which is stored in a ContainedRangeMap.
FillSourceLineInfo passes the StackFrameInfo back to the caller.
- The base Stackwalker makes StackFrameInfo data available to subclasses
during stackwalking, but does not use this information directly itself.
Stackwalkers may access stack_frame_info_ for enhanced stackwalking
(this will be part 4).
- New test data for the updated dumped-symbol format
http://groups.google.com/group/airbag-dev/browse_thread/thread/735f191c9a1a1de4
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@38 4c0a9323-5329-0410-9bdc-e9ce6186880e
- Test StackwalkerX86 and StackwalkerPPC on the current process, if built
by a supported compiler (gcc) on a supported (walkable) CPU (x86, ppc).
- This test is not enabled by default because of certain optimizations
that interfere with it (stack frame reuse, frame pointer omission). See
the comments at the top of stackwalker_selftest.cc. To enable this
test in the standard "make check" suite, configure with --enable-selftest.
http://groups.google.com/group/airbag-dev/browse_thread/thread/2ca1c8e72c809bec
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@35 4c0a9323-5329-0410-9bdc-e9ce6186880e
- Eliminate MemAddrMap from source_line_resolver.cc and adapt it to use
RangeMap, also used by minidump.cc.
- RangeMap operates on both a base address and a size, where MemAddrMap
only used a base address, so the dumped symbol file format is modified
to include size information. dump_syms produces these files and
SourceLineResolver consumes them.
- Provide updated test data conforming to the new dumped symbol format.
http://groups.google.com/group/airbag-dev/browse_thread/thread/e9403cf3ad6336a1
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@21 4c0a9323-5329-0410-9bdc-e9ce6186880e
caller-implemented SymbolSupplier object to get a symbol file.
Add a CrashReportProcessor object which provides a simple API for processing
a CrashReport struct, given a SymbolSupplier and a minidump file.
r=mmentovai (#17))
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@18 4c0a9323-5329-0410-9bdc-e9ce6186880e
- In class definitions, one-space indent for public/protected/private.
- Multi-line initializer format puts comma at end of line.
Also:
- Eliminate the long list of friends in Minidump by making swap() public.
(People who need to access unknown stream types directly will need
access to swap() too.)
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@16 4c0a9323-5329-0410-9bdc-e9ce6186880e
- Use gmtime (UTC) instead of localtime for human-readable presentation of
(MDRawHeader).time_date_stamp.
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@15 4c0a9323-5329-0410-9bdc-e9ce6186880e
- Place objects in the appropriate directories, instead of filling up
the root directory.
- Remove namespace macros, which made maintenance troublesome and which
created a dependency on config.h in public headers
- Skip useless Fortran checks at configure time
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@8 4c0a9323-5329-0410-9bdc-e9ce6186880e
