NAME¶

libunwind-dynamic -- libunwind-support for runtime-generated code

INTRODUCTION¶

For libunwind to do its job, it needs to be able to reconstruct the frame state of each frame in a call-chain. The frame state describes the subset of the machine-state that consists of the frame registers (typically the instruction-pointer and the stack-pointer) and all callee-saved registers (preserved registers). The frame state describes each register either by providing its current value (for frame registers) or by providing the location at which the current value is stored (callee-saved registers). For statically generated code, the compiler normally takes care of emitting unwind-info which provides the minimum amount of information needed to reconstruct the frame-state for each instruction in a procedure. For dynamically generated code, the runtime code generator must use the dynamic unwind-info interface provided by libunwind to supply the equivalent information. This manual page describes the format of this information in detail. For the purpose of this discussion, a procedure is defined to be an arbitrary piece of contiguous code. Normally, each procedure directly corresponds to a function in the source-language but this is not strictly required. For example, a runtime code-generator could translate a given function into two separate (discontiguous) procedures: one for frequently-executed (hot) code and one for rarely-executed (cold) code. Similarly, simple source-language functions (usually leaf functions) may get translated into code for which the default unwind-conventions apply and for such code, it is not strictly necessary to register dynamic unwind-info. A procedure logically consists of a sequence of regions. Regions are nested in the sense that the frame state at the end of one region is, by default, assumed to be the frame state for the next region. Each region is thought of as being divided into a prologue, a body, and an epilogue. Each of them can be empty. If non-empty, the prologue sets up the frame state for the body. For example, the prologue may need to allocate some space on the stack and save certain callee-saved registers. The body performs the actual work of the procedure but does not change the frame state in any way. If non-empty, the epilogue restores the previous frame state and as such it undoes or cancels the effect of the prologue. In fact, a single epilogue may undo the effect of the prologues of several (nested) regions. We should point out that even though the prologue, body, and epilogue are logically separate entities, optimizing code-generators will generally interleave instructions from all three entities. For this reason, the dynamic unwind-info interface of libunwind makes no distinction whatsoever between prologue and body. Similarly, the exact set of instructions that make up an epilogue is also irrelevant. The only point in the epilogue that needs to be described explicitly by the dynamic unwind-info is the point at which the stack-pointer gets restored. The reason this point needs to be described is that once the stack-pointer is restored, all values saved in the deallocated portion of the stack frame become invalid and hence libunwind needs to know about it. The portion of the frame state not saved on the stack is assume to remain valid through the end of the region. For this reason, there is usually no need to describe instructions which restore the contents of callee-saved registers. Within a region, each instruction that affects the frame state in some fashion needs to be described with an operation descriptor. For this purpose, each instruction in the region is assigned a unique index. Exactly how this index is derived depends on the architecture. For example, on RISC and EPIC-style architecture, instructions have a fixed size so it's possible to simply number the instructions. In contrast, most CISC use variable-length instruction encodings, so it is usually necessary to use a byte-offset as the index. Given the instruction index, the operation descriptor specifies the effect of the instruction in an abstract manner. For example, it might express that the instruction stores calle-saved register r1 at offset 16 in the stack frame.

PROCEDURES¶

A runtime code-generator registers the dynamic unwind-info of a procedure by setting up a structure of type unw_dyn_info_t and calling _U_dyn_register(), passing the address of the structure as the sole argument. The members of the unw_dyn_info_t structure are described below:

void *next

Private to libunwind. Must not be used by the application.

void *prev

Private to libunwind. Must not be used by the application.

unw_word_t start_ip

The start-address of the instructions of the procedure (remember: procedure are defined to be contiguous pieces of code, so a single code-range is sufficient).

unw_word_t end_ip

The end-address of the instructions of the procedure (non-inclusive, that is, end_ip-start_ip is the size of the procedure in bytes).

unw_word_t gp

The global-pointer value in use for this procedure. The exact meaing of the global-pointer is architecture-specific and on some architecture, it is not used at all.

int32_t format

The format of the unwind-info. This member can be one of UNW_INFO_FORMAT_DYNAMIC, UNW_INFO_FORMAT_TABLE, or UNW_INFO_FORMAT_REMOTE_TABLE.

union u

This union contains one sub-member structure for every possible unwind-info format:

PROC-INFO FORMAT¶

This is the preferred dynamic unwind-info format and it is generally the one used by full-blown runtime code-generators. In this format, the details of a procedure are described by a structure of type unw_dyn_proc_info_t. This structure contains the following members:

unw_word_t name_ptr

The address of a (human-readable) name of the procedure or 0 if no such name is available. If non-zero, The string stored at this address must be ASCII NUL terminated. For source languages that use name-mangling (such as C++ or Java) the string stored at this address should be the demangled version of the name.

unw_word_t handler

The address of the personality-routine for this procedure. Personality-routines are used in conjunction with exception handling. See the C++ ABI draft (http://www.codesourcery.com/cxx-abi/) for an overview and a description of the personality routine. If the procedure has no personality routine, handler must be set to 0.

uint32_t flags

A bitmask of flags. At the moment, no flags have been defined and this member must be set to 0.

unw_dyn_region_info_t *regions

A NULL-terminated linked list of region-descriptors. See section ``Region descriptors'' below for more details.

TABLE-INFO FORMAT¶

This format is generally used when the dynamically generated code was derived from static code and the unwind-info for the dynamic and the static versions is identical. For example, this format can be useful when loading statically-generated code into an address-space in a non-standard fashion (i.e., through some means other than dlopen()). In this format, the details of a group of procedures is described by a structure of type unw_dyn_table_info. This structure contains the following members:

unw_word_t name_ptr

The address of a (human-readable) name of the procedure or 0 if no such name is available. If non-zero, The string stored at this address must be ASCII NUL terminated. For source languages that use name-mangling (such as C++ or Java) the string stored at this address should be the demangled version of the name.

unw_word_t segbase

The segment-base value that needs to be added to the segment-relative values stored in the unwind-info. The exact meaning of this value is architecture-specific.

unw_word_t table_len

The length of the unwind-info (table_data) counted in units of words (unw_word_t).

unw_word_t table_data

A pointer to the actual data encoding the unwind-info. The exact format is architecture-specific (see architecture-specific sections below).

REMOTE TABLE-INFO FORMAT¶

The remote table-info format has the same basic purpose as the regular table-info format. The only difference is that when libunwind uses the unwind-info, it will keep the table data in the target address-space (which may be remote). Consequently, the type of the table_data member is unw_word_t rather than a pointer. This implies that libunwind will have to access the table-data via the address-space's access_mem() call-back, rather than through a direct memory reference. From the point of view of a runtime-code generator, the remote table-info format offers no advantage and it is expected that such generators will describe their procedures either with the proc-info format or the normal table-info format. The main reason that the remote table-info format exists is to enable the address-space-specific find_proc_info() callback (see unw_create_addr_space(3)) to return unwind tables whose data remains in remote memory. This can speed up unwinding (e.g., for a debugger) because it reduces the amount of data that needs to be loaded from remote memory.

REGIONS DESCRIPTORS¶

A region descriptor is a variable length structure that describes how each instruction in the region affects the frame state. Of course, most instructions in a region usualy do not change the frame state and for those, nothing needs to be recorded in the region descriptor. A region descriptor is a structure of type unw_dyn_region_info_t and has the following members:

unw_dyn_region_info_t *next

A pointer to the next region. If this is the last region, next is NULL.

int32_t insn_count

The length of the region in instructions. Each instruction is assumed to have a fixed size (see architecture-specific sections for details). The value of insn_count may be negative in the last region of a procedure (i.e., it may be negative only if next is NULL). A negative value indicates that the region covers the last N instructions of the procedure, where N is the absolute value of insn_count.

uint32_t op_count

The (allocated) length of the op_count array.

unw_dyn_op_t op

An array of dynamic unwind directives. See Section ``Dynamic unwind directives'' for a description of the directives.

A region descriptor with an insn_count of zero is an empty region and such regions are perfectly legal. In fact, empty regions can be useful to establish a particular frame state before the start of another region. A single region list can be shared across multiple procedures provided those procedures share a common prologue and epilogue (their bodies may differ, of course). Normally, such procedures consist of a canned prologue, the body, and a canned epilogue. This could be described by two regions: one covering the prologue and one covering the epilogue. Since the body length is variable, the latter region would need to specify a negative value in insn_count such that libunwind knows that the region covers the end of the procedure (up to the address specified by end_ip). The region descriptor is a variable length structure to make it possible to allocate all the necessary memory with a single memory-allocation request. To facilitate the allocation of a region descriptors libunwind provides a helper routine with the following synopsis: size_t _U_dyn_region_size(int op_count); This routine returns the number of bytes needed to hold a region descriptor with space for op_count unwind directives. Note that the length of the op array does not have to match exactly with the number of directives in a region. Instead, it is sufficient if the op array contains at least as many entries as there are directives, since the end of the directives can always be indicated with the UNW_DYN_STOP directive.

DYNAMIC UNWIND DIRECTIVES¶

A dynamic unwind directive describes how the frame state changes at a particular point within a region. The description is in the form of a structure of type unw_dyn_op_t. This structure has the following members:

int8_t tag

The operation tag. Must be one of the unw_dyn_operation_t values described below.

int8_t qp

The qualifying predicate that controls whether or not this directive is active. This is useful for predicated architecturs such as IA-64 or ARM, where the contents of another (callee-saved) register determines whether or not an instruction is executed (takes effect). If the directive is always active, this member should be set to the manifest constant _U_QP_TRUE (this constant is defined for all architectures, predicated or not).

int16_t reg

The number of the register affected by the instruction.

int32_t when

The region-relative number of the instruction to which this directive applies. For example, a value of 0 means that the effect described by this directive has taken place once the first instruction in the region has executed.

unw_word_t val

The value to be applied by the operation tag. The exact meaning of this value varies by tag. See Section ``Operation tags'' below.

It is perfectly legitimate to specify multiple dynamic unwind directives with the same when value, if a particular instruction has a complex effect on the frame state. Empty regions by definition contain no actual instructions and as such the directives are not tied to a particular instruction. By convention, the when member should be set to 0, however. There is no need for the dynamic unwind directives to appear in order of increasing when values. If the directives happen to be sorted in that order, it may result in slightly faster execution, but a runtime code-generator should not go to extra lengths just to ensure that the directives are sorted. IMPLEMENTATION NOTE: should libunwind implementations for certain architectures prefer the list of unwind directives to be sorted, it is recommended that such implementations first check whether the list happens to be sorted already and, if not, sort the directives explicitly before the first use. With this approach, the overhead of explicit sorting is only paid when there is a real benefit and if the runtime code-generator happens to generated sorted lists naturally, the performance penalty is limited to a simple O(N) check.

OPERATIONS TAGS¶

The possible operation tags are defined by enumeration type unw_dyn_operation_t which defines the following values:

UNW_DYN_STOP

Marks the end of the dynamic unwind directive list. All remaining entries in the op array of the region-descriptor are ignored. This tag is guaranteed to have a value of 0.

UNW_DYN_SAVE_REG

Marks an instruction which saves register reg to register val.

UNW_DYN_SPILL_FP_REL

Marks an instruction which spills register reg to a frame-pointer-relative location. The frame-pointer-relative offset is given by the value stored in member val. See the architecture-specific sections for a description of the stack frame layout.

UNW_DYN_SPILL_SP_REL

Marks an instruction which spills register reg to a stack-pointer-relative location. The stack-pointer-relative offset is given by the value stored in member val. See the architecture-specific sections for a description of the stack frame layout.

UNW_DYN_ADD

Marks an instruction which adds the constant value val to register reg. To add subtract a constant value, store the two's-complement of the value in val. The set of registers that can be specified for this tag is described in the architecture-specific sections below.

UNW_DYN_POP_FRAMES

.PP

UNW_DYN_LABEL_STATE

.PP

UNW_DYN_COPY_STATE

.PP

UNW_DYN_ALIAS

.PP unw_dyn_op_t

_U_dyn_op_save_reg(); _U_dyn_op_spill_fp_rel(); _U_dyn_op_spill_sp_rel(); _U_dyn_op_add(); _U_dyn_op_pop_frames(); _U_dyn_op_label_state(); _U_dyn_op_copy_state(); _U_dyn_op_alias(); _U_dyn_op_stop();

IA-64 SPECIFICS¶

- meaning of segbase member in table-info/table-remote-info format - format of table_data in table-info/table-remote-info format - instruction size: each bundle is counted as 3 instructions, regardless of template (MLX) - describe stack-frame layout, especially with regards to sp-relative and fp-relative addressing - UNW_DYN_ADD can only add to ``sp'' (always a negative value); use POP_FRAMES otherwise

SEE ALSO¶

libunwind(3), _U_dyn_register(3), _U_dyn_cancel(3)

AUTHOR¶

David Mosberger-Tang Email: dmosberger@gmail.com WWW: http://www.nongnu.org/libunwind/.