Adding untrusted crash dump / stack trace tests.

tests/untrusted_crash_dump/untrusted_crash_dump.c

+/*
+ * Copyright (c) 2012 The Native Client Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+
+#include <assert.h>
+#include <inttypes.h>
+#include <pthread.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/nacl_syscalls.h>
+
+#ifdef __GLIBC__
+#include <elf.h>
+#include <link.h>
+#endif  /* __GLIBC__ */
+
+#include "native_client/src/untrusted/nacl/syscall_bindings_trampoline.h"
+#include "native_client/tests/untrusted_crash_dump/untrusted_crash_dump.h"
+
+
+#define CRASH_STACK_SIZE 4096
+
+
+static void (*g_PrevHandler)(int prog_ctr, int stack_ptr) = 0;
+static pthread_key_t g_CrashStackKey;
+static char *g_ProgramName = 0;
+
+
+#ifdef __GLIBC__
+
+typedef struct {
+  FILE *core;
+  uint32_t addr;

[Mark Seaborn, 2012/02/06 19:44:06]

uintptr_t

[bradn, 2012/02/06 22:27:48]

Done.

+  int first;
+} PROGRAM_TABLE_DATA;

[Mark Seaborn, 2012/02/06 19:44:06]

Naming style: Just call it 'struct ProgramTableData'?

[bradn, 2012/02/06 22:27:48]

Done.

+
+
+static int PrintSectionsOne(
+    struct dl_phdr_info *info, size_t size, void *data) {
+  int i;
+  PROGRAM_TABLE_DATA *ptd = (PROGRAM_TABLE_DATA*)data;
+
+  if (ptd->first) {
+    ptd->first = 0;
+  } else {
+    fprintf(ptd->core, ",\n");
+  }
+  fprintf(ptd->core, "{\n");
+  fprintf(ptd->core, "\"dlpi_name\": \"%s\",\n", info->dlpi_name);
+  fprintf(ptd->core, "\"dlpi_addr\": %"PRIu32",\n", info->dlpi_addr);
+  fprintf(ptd->core, "\"dlpi_phdr\": [\n");
+  for (i = 0; i < info->dlpi_phnum; i++) {
+    /* Skip non-LOAD type segments. */
+    if (info->dlpi_phdr[i].p_type != PT_LOAD) {
+      continue;
+    }
+    if (i != 0) {
+      fprintf(ptd->core, ",\n");
+    }
+    fprintf(ptd->core, "{\n");
+    fprintf(ptd->core, "\"p_vaddr\": %"PRIu32",\n", info->dlpi_phdr[i].p_vaddr);
+    fprintf(ptd->core, "\"p_memsz\": %"PRIu32"\n", info->dlpi_phdr[i].p_memsz);
+    fprintf(ptd->core, "}\n");
+  }
+  fprintf(ptd->core, "]\n");
+  fprintf(ptd->core, "}\n");
+  return 0;
+}
+
+static void PrintSections(FILE *core) {
+  PROGRAM_TABLE_DATA data;
+  data.core = core;
+  data.first = 1;
+  dl_iterate_phdr(PrintSectionsOne, &data);
+}
+
+static int PrintMappedAddressOne(
+    struct dl_phdr_info *info, size_t size, void *data) {
+  int i;
+  PROGRAM_TABLE_DATA *ptd = (PROGRAM_TABLE_DATA *) data;
+  uint32_t addr = ptd->addr;
+  uint32_t start, end;

[Mark Seaborn, 2012/02/06 19:44:06]

One var per line is our usual style, I think.

[bradn, 2012/02/06 22:27:48]

Done.

+
+  /* Consider relative to phdr base addr. */
+  addr -= info->dlpi_addr;
+
+  for (i = 0; i < info->dlpi_phnum; i++) {
+    /* Skip non-LOAD type segments. */
+    if (info->dlpi_phdr[i].p_type != PT_LOAD) {
+      continue;
+    }
+    /* See if it's in range for this part. */
+    start = info->dlpi_phdr[i].p_vaddr;
+    end = start + info->dlpi_phdr[i].p_memsz;
+    if (addr >= start && addr < end) {
+      if (info->dlpi_name[0] == '\0') {
+        fprintf(ptd->core, "{\"file\": \"%s\", \"addr\": %"PRIu32"}",
+                g_ProgramName, addr);
+      } else {
+        fprintf(ptd->core, "{\"file\": \"%s\", \"addr\": %"PRIu32"}",
+                info->dlpi_name, addr);
+      }
+      return 1;
+    }
+  }
+  return 0;
+}
+
+static void PrintMappedAddress(FILE *core, uint32_t addr) {
+  PROGRAM_TABLE_DATA ptd;
+  int result;
+
+  ptd.core = core;
+  ptd.addr = addr;
+  result = dl_iterate_phdr(PrintMappedAddressOne, &ptd);
+  if (!result) {
+    fprintf(core, "{\"file\": \"%s\", \"addr\": %"PRIu32"}",
+            g_ProgramName, addr);
+  }
+}
+
+#else  /* __GLIBC__ */
+
+static void PrintSections(FILE *core) {
+  (void)core;

[Mark Seaborn, 2012/02/06 19:44:06]

Use UNREFERENCED_PARAMETER(), or nothing if the warning is not enabled.

[bradn, 2012/02/06 22:27:48]

Done.

+}
+
+static void PrintMappedAddress(FILE *core, uint32_t addr) {
+  fprintf(core, "{\"file\": \"%s\", \"addr\": %"PRIu32"}",
+          g_ProgramName, addr);
+}
+
+#endif  /* __GLIBC__ */
+
+uint32_t SafeRead(uint32_t a) {

[Mark Seaborn, 2012/02/06 19:44:06]

SafeRead() is not safe.  Does it need a TODO?

Types should probably be uintptr_t.

[bradn, 2012/02/06 22:27:48]

Done.

+  return *(uint32_t*)a;
+}
+
+static void StackWalk(FILE *core, uint32_t ip, uint32_t sp) {
+  uint32_t next;
+  uint32_t i;
+  int first = 1;
+
+  fprintf(core, "\"frames\": [\n");
+  for (;;) {
+    next = SafeRead(sp);
+    if (next <= sp || next == 0) {
+      break;
+    }
+    if (first) {
+      first = 0;
+    } else {
+      fprintf(core, ",");
+    }
+    fprintf(core, "{\n");
+    fprintf(core, "\"sp\": %"PRIu32",\n", sp);
+    fprintf(core, "\"ip\": %"PRIu32",\n", ip);
+    fprintf(core, "\"ip_mapped\": ");
+    PrintMappedAddress(core, ip);
+    fprintf(core, ",\n");
+    fprintf(core, "\"data\": [\n");
+    for (i = sp + 8; i < next; i += 4) {
+      if (i != sp + 8) {
+        fprintf(core, ",");
+      }
+      fprintf(core, "%"PRIu32"\n", SafeRead(i));
+    }
+    fprintf(core, "]\n");
+    fprintf(core, "}\n");
+
+    ip = SafeRead(sp + 4);
+    sp = next;
+  }
+
+  fprintf(core, "]\n");
+}
+
+static void CrashHandler(int prog_ctr, int stack_ptr) {
+  FILE *core;
+  const char *core_filename;
+
+  /* Pick core file name. */
+  core_filename=getenv("NACLCOREFILE");

[Mark Seaborn, 2012/02/06 19:44:06]

spaces around '='

[bradn, 2012/02/06 22:27:48]

Done.

+  if (!core_filename) {
+    core_filename = "naclcore.json";
+  }
+
+  /* Attempt to open core file, otherwise use stdout. */
+  core = fopen(core_filename, "w");
+  if (!core) {
+    core = stdout;
+  }
+
+  fprintf(core, "{\n");
+
+  fprintf(core, "\"sections\": [");
+  PrintSections(core);
+  fprintf(core, "],\n");
+
+  fprintf(core, "\"handler\": {\n");
+  fprintf(core, "\"prog_ctr\": %"PRIu32",\n", prog_ctr);
+  fprintf(core, "\"stack_ptr\": %"PRIu32"\n", stack_ptr);
+  fprintf(core, "},\n");
+  StackWalk(core, (uint32_t) prog_ctr, (uint32_t) stack_ptr);
+
+  fprintf(core, "}\n");
+
+  if (core != stdout) {
+    fclose(core);
+  }
+
+  exit(166);
+}
+
+void NaClCrashDumpThreadDestructor(void *arg) {
+  free(arg);
+}
+
+void NaClCrashDumpInit(char *program_name) {
+  int result;
+  g_ProgramName = program_name;
+  result = pthread_key_create(&g_CrashStackKey, NaClCrashDumpThreadDestructor);
+  assert(!result);

[Mark Seaborn, 2012/02/06 19:44:06]

assert(result == 0);

[bradn, 2012/02/06 22:27:48]

Done.

+  result = NACL_SYSCALL(exception_handler)(CrashHandler, &g_PrevHandler);
+  assert(!result);
+  NaClCrashDumpInitThread();
+}
+
+void NaClCrashDumpDestroy(void) {
+  int result;
+  void (*old)(int, int);
+  result = NACL_SYSCALL(exception_handler)(g_PrevHandler, &old);

[Mark Seaborn, 2012/02/06 19:44:06]

'old' is unused.  Use NULL.

[bradn, 2012/02/06 22:27:48]

Done.

+  assert(!result);
+  result = pthread_key_delete(g_CrashStackKey);
+  assert(!result);
+  g_ProgramName = 0;
+}
+
+void NaClCrashDumpInitThread(void) {
+  void *stack;
+  int result;
+  stack = malloc(CRASH_STACK_SIZE);

[Mark Seaborn, 2012/02/06 19:44:06]

mallocing stacks is bad because there's no guard page.  Preferably mmap and set
a guard page.  Or leave exception stacks to a later improvement?

[bradn, 2012/02/06 22:27:48]

Switched to mmap + guard.

+  pthread_setspecific(g_CrashStackKey, stack);
+  result = NACL_SYSCALL(exception_stack)(stack, CRASH_STACK_SIZE);

[Mark Seaborn, 2012/02/06 19:44:06]

FYI, you don't really need to set an exception stack.  Comment that calling this
is optional?

[bradn, 2012/02/06 22:27:48]

Done.

+  assert(!result);
+}