How to get fullstacktrace using _Unwind_Backtrace on SIGSEGV

Asked 6/6, 2011 at 15:6 Answered 25/4, 2018 at 17:40

c gcc signals stack-trace stack-unwinding

I handle SIGSEGV by code:

int C()
{
  int *i = NULL;
  *i = 10; // Crash there
}

int B()
{
  return C();
}

int A()
{
   return B();
}

int main(void)
{
  struct sigaction handler;
  memset(&handler,0,sizeof(handler));
  handler.sa_sigaction = handler_func;
  handler.sa_flags = SA_SIGINFO;
  sigaction(SIGSEGV,&handler,NULL);
  return(C());
}

Where handler code are:

static int handler_func(int signal, siginfo_t info, void* rserved)
{
  const void* stack[MAX_DEPTH];
  StackCrowlState state;
  state.addr = stack;
  state.count = MAX_DEPTH;

  _Unwind_Reason_Code code = _Unwind_Backtrace(trace_func,&state);
  printf("Stack trace count: %d, code: %d\n",MAX_DEPTH - state.count, code);

  kill(getpid(),SIGKILL);
}

static _Unwind_Reason_Code trace_func(void* context, void* arg)
{
  StackCrowlState *state = (StackCrowlState *)arg;
  if(state->count>0)
  {
     void *ip = (void *)_Unwind_GetIP(context);
     if(ip)
     {
       state->addr[0] = ip;
       state->count--;
       state->addr++;
     }
  }
  return(_URC_NO_REASON);
}

But trace_func where called only once, and shows only on _Unwind_Backtrace calls. Is it possible to get stacktrace of code which cause SIGSEGV signal using _Unwind_Backtrace?

thnx

Evident answered 6/6, 2011 at 15:6 Comment(0)

If you want to use particularly _Unwind_Context(), you can do it like this (the code is 32-bit ARM specific):

struct BacktraceState {
    const ucontext_t*   signal_ucontext;
    size_t              address_count = 0;
    static const size_t address_count_max = 30;
    uintptr_t           addresses[address_count_max] = {};

    BacktraceState(const ucontext_t* ucontext) : signal_ucontext(ucontext) {}

    bool AddAddress(uintptr_t ip) {
        // No more space in the storage. Fail.
        if (address_count >= address_count_max)
            return false;

        // Reset the Thumb bit, if it is set.
        const uintptr_t thumb_bit = 1;
        ip &= ~thumb_bit;

        // Ignore null addresses.
        // They sometimes happen when using _Unwind_Backtrace()
        // with the compiler optimizations,
        // when the Link Register is overwritten by the inner
        // stack frames.
        if (ip == 0)
            return true;

        // Ignore duplicate addresses.
        // They sometimes happen when using _Unwind_Backtrace()
        // with the compiler optimizations,
        // because we both add the second address from the Link Register
        // in ProcessRegisters() and receive the same address
        // in UnwindBacktraceCallback().
        if (address_count > 0 && ip == addresses[address_count - 1])
            return true;

        // Finally add the address to the storage.
        addresses[address_count++] = ip;
        return true;
    }
};

void ProcessRegisters(
        _Unwind_Context* unwind_context, BacktraceState* state) {
    assert(state);
    assert(unwind_context);

    const ucontext_t* signal_ucontext = state->signal_ucontext;
    assert(signal_ucontext);

    const sigcontext* signal_mcontext = &(signal_ucontext->uc_mcontext);
    assert(signal_mcontext);

    _Unwind_SetGR(unwind_context, REG_R0,  signal_mcontext->arm_r0);
    _Unwind_SetGR(unwind_context, REG_R1,  signal_mcontext->arm_r1);
    _Unwind_SetGR(unwind_context, REG_R2,  signal_mcontext->arm_r2);
    _Unwind_SetGR(unwind_context, REG_R3,  signal_mcontext->arm_r3);
    _Unwind_SetGR(unwind_context, REG_R4,  signal_mcontext->arm_r4);
    _Unwind_SetGR(unwind_context, REG_R5,  signal_mcontext->arm_r5);
    _Unwind_SetGR(unwind_context, REG_R6,  signal_mcontext->arm_r6);
    _Unwind_SetGR(unwind_context, REG_R7,  signal_mcontext->arm_r7);
    _Unwind_SetGR(unwind_context, REG_R8,  signal_mcontext->arm_r8);
    _Unwind_SetGR(unwind_context, REG_R9,  signal_mcontext->arm_r9);
    _Unwind_SetGR(unwind_context, REG_R10, signal_mcontext->arm_r10);
    _Unwind_SetGR(unwind_context, REG_R11, signal_mcontext->arm_fp);
    _Unwind_SetGR(unwind_context, REG_R12, signal_mcontext->arm_ip);
    _Unwind_SetGR(unwind_context, REG_R13, signal_mcontext->arm_sp);
    _Unwind_SetGR(unwind_context, REG_R14, signal_mcontext->arm_lr);
    _Unwind_SetGR(unwind_context, REG_R15, signal_mcontext->arm_pc);

    // Program Counter register aka Instruction Pointer will contain
    // the address of the instruction where the crash happened.
    // UnwindBacktraceCallback() will not supply us with it.
    state->AddAddress(signal_mcontext->arm_pc);

    // UnwindBacktraceCallback() does not always supply us with
    // the return address of the frame where the crash happened.
    // Sometimes Link Register will contain this address
    // (noticed when compiling with Clang without optimization),
    // but LR may also contain address of some previously visitied frame
    // (noticed when compiling with GCC without optimization),
    // or LR may contain null address
    // (noticed when compiling with Clang with optimization).
    // These heuristics are unreliable.
#if __clang__
    state->AddAddress(signal_mcontext->arm_lr);
#endif
}

_Unwind_Reason_Code UnwindBacktraceCallback(
        struct _Unwind_Context* unwind_context, void* state_voidp) {
    assert(unwind_context);
    assert(state_voidp);

    BacktraceState* state = (BacktraceState*)state_voidp;
    assert(state);

    // On the first UnwindBacktraceCallback() call,
    // set registers to _Unwind_Context and BacktraceState.
    if (state->address_count == 0) {
        ProcessRegisters(unwind_context, state);
        return _URC_NO_REASON;
    }

    uintptr_t ip = _Unwind_GetIP(unwind_context);
    bool ok = state->AddAddress(ip);
    if (!ok)
        return _URC_END_OF_STACK;

    return _URC_NO_REASON;
}

void CaptureBacktrace(BacktraceState* state) {
    assert(state);
    _Unwind_Backtrace(UnwindBacktraceCallback, state);
}

void SigActionHandler(int sig, siginfo_t* info, void* ucontext) {
    const ucontext_t* signal_ucontext = (const ucontext_t*)ucontext;
    assert(signal_ucontext);

    BacktraceState backtrace_state(signal_ucontext);
    CaptureBacktrace(&backtrace_state);
    // Do something with the backtrace - print, save to file, etc.
}

But I am advising you to not use _Unwind_Context(), but instead use precompiled libunwind for 32-bit ARM, bundled with modern Android NDKs (at sources/cxx-stl/llvm-libc++/libs/armeabi-v7a/libunwind.a) and with all LLVM. You will have to use use libc++ (LLVM STL). How to do it, is demonstrated in this my answer, you'd have to combine the examples here.

https://mcmap.net/q/333162/-android-ndk-getting-the-backtrace

If you use libstdc++ (GNU STL), you could use the Dar Hoo's solution:

https://mcmap.net/q/784419/-how-to-get-fullstacktrace-using-_unwind_backtrace-on-sigsegv

Mendelson answered 25/4, 2018 at 17:40 Comment(5)

Sorry, why downvoting? Is my advice not correct or not useful? I am trying linking in order to deduplicate several threads with the same question by pointing them to the same answers. – Mendelson 25/4, 2018 at 17:50

A link to a solution is welcome, but please ensure your answer is useful without it: add context around the link so your fellow users will have some idea what it is and why it’s there, then quote the most relevant part of the page you're linking to in case the target page is unavailable. Answers that are little more than a link may be deleted. – Potto 25/4, 2018 at 17:51

I have provided the essential part of the answer. Hoping it is better now. – Mendelson 25/4, 2018 at 18:34

Why prefer the libunwind unw_set_reg to _Unwind_SetGR are they different? Thanks! – Fachan 24/12, 2021 at 19:33

In my experience, libunwind works better than _Unwind_Context() on 32-bit ARM CPUs, i.e. captures more addresses in the backtrace. Apparently it works slightly differently. Though, on 64-bit CPUs, both in 64-bit mode and in 32-bit mode, _Unwind_Context() with frame skipping may work better. I was writing the answer in April 2018 when 32-bit CPUs were popular in Android phones, but now in the end of 2021 Android phones mostly contain 64-bit CPUs. You can try 3 backtracing methods using my small testing app: github.com/alexeikh/android-ndk-backtrace-test and see what works best for you. – Mendelson 27/12, 2021 at 7:39

You want to backtrace from the signal triggering function, but you backtrace from the signal handler function. That's two different stacks. (Note, the SA_ONSTACK flag in sigaction is irrelevant to your question.)

To find the stack pointer of the of the triggering function, use the third parameter of the handler, i.e. void *rserved. You can reference to the answer in this question: Getting the saved instruction pointer address from a signal handler

Hadfield answered 1/11, 2012 at 2:9 Comment(3)

Do you know what to do with the stack pointer of the triggering function once it's retrieved from the third argument of the signal handler? Can you still use _Unwind_Backtrace? I have this exact problem and I can't really understand what to do after reading your answer. – Hysterectomy 17/4, 2013 at 15:19

It's another year+ later and I also have no idea what to do in this case... how do I make _Unwind_Backtrace actually work with the old stack pointer? – Baloney 21/7, 2014 at 14:4

One more year and the same question: I know how to get the SP, but I don't know what to do with it! – Megaspore 10/4, 2015 at 8:28

better you use backtrace and backtrace_symbols_fd to get a stacktrace from a signal handler.

Yonita answered 21/7, 2012 at 18:56 Comment(2)

Except on platforms that use gcc, and thus have _Unwind_Backtrace, but not GNU libc, and thus don't have backtrace and backtrace_symbols_fd. – Declinometer 22/11, 2012 at 13:11

Some linux distributions use musl libc. – Knighterrantry 3/7, 2020 at 15:32

You may use __gnu_Unwind_Backtrace instead. Example for ARM32:

typedef struct
{
    uintptr_t r[16];
} core_regs;

typedef struct
{
    uintptr_t demand_save_flags;
    core_regs   core;
} phase2_vrs;

extern "C" _Unwind_Reason_Code __gnu_Unwind_Backtrace(_Unwind_Trace_Fn trace, void * trace_argument, phase2_vrs * entry_vrs);

int AndroidGetBackTraceWithContext(VOID **stack, UINT32 size, ucontext_t *ctx)
{
    ANDROID_UNWIND_STATE state;
    state.count = size;
    state.stack = stack;

    // First call stack is current pc
    state.stack[0] = (VOID *)ctx->uc_mcontext.arm_pc;
    state.stack++;
    state.count--;

    phase2_vrs pre_signal_state;
    pre_signal_state.demand_save_flags = 0;
    pre_signal_state.core = *reinterpret_cast<const core_regs*>(&(ctx->uc_mcontext.arm_r0));

    // Return value is of no use and might be wrong on some systems
    __gnu_Unwind_Backtrace(DmpAndroidUnwindCallback, &state, &pre_signal_state);

    return size - state.count;
}

Dialogism answered 3/2, 2018 at 2:41 Comment(0)

Recommended topics

Hot tags