1 //===- DWARFVerifier.cpp --------------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 #include "llvm/DebugInfo/DWARF/DWARFVerifier.h" 9 #include "llvm/ADT/SmallSet.h" 10 #include "llvm/BinaryFormat/Dwarf.h" 11 #include "llvm/DebugInfo/DWARF/DWARFCompileUnit.h" 12 #include "llvm/DebugInfo/DWARF/DWARFContext.h" 13 #include "llvm/DebugInfo/DWARF/DWARFDebugLine.h" 14 #include "llvm/DebugInfo/DWARF/DWARFDie.h" 15 #include "llvm/DebugInfo/DWARF/DWARFExpression.h" 16 #include "llvm/DebugInfo/DWARF/DWARFFormValue.h" 17 #include "llvm/DebugInfo/DWARF/DWARFSection.h" 18 #include "llvm/Support/DJB.h" 19 #include "llvm/Support/FormatVariadic.h" 20 #include "llvm/Support/WithColor.h" 21 #include "llvm/Support/raw_ostream.h" 22 #include <map> 23 #include <set> 24 #include <vector> 25 26 using namespace llvm; 27 using namespace dwarf; 28 using namespace object; 29 30 Optional<DWARFAddressRange> 31 DWARFVerifier::DieRangeInfo::insert(const DWARFAddressRange &R) { 32 auto Begin = Ranges.begin(); 33 auto End = Ranges.end(); 34 auto Pos = std::lower_bound(Begin, End, R); 35 36 if (Pos != End) { 37 DWARFAddressRange Range(*Pos); 38 if (Pos->merge(R)) 39 return Range; 40 } 41 if (Pos != Begin) { 42 auto Iter = Pos - 1; 43 DWARFAddressRange Range(*Iter); 44 if (Iter->merge(R)) 45 return Range; 46 } 47 48 Ranges.insert(Pos, R); 49 return None; 50 } 51 52 DWARFVerifier::DieRangeInfo::die_range_info_iterator 53 DWARFVerifier::DieRangeInfo::insert(const DieRangeInfo &RI) { 54 if (RI.Ranges.empty()) 55 return Children.end(); 56 57 auto End = Children.end(); 58 auto Iter = Children.begin(); 59 while (Iter != End) { 60 if (Iter->intersects(RI)) 61 return Iter; 62 ++Iter; 63 } 64 Children.insert(RI); 65 return Children.end(); 66 } 67 68 bool DWARFVerifier::DieRangeInfo::contains(const DieRangeInfo &RHS) const { 69 auto I1 = Ranges.begin(), E1 = Ranges.end(); 70 auto I2 = RHS.Ranges.begin(), E2 = RHS.Ranges.end(); 71 if (I2 == E2) 72 return true; 73 74 DWARFAddressRange R = *I2; 75 while (I1 != E1) { 76 bool Covered = I1->LowPC <= R.LowPC; 77 if (R.LowPC == R.HighPC || (Covered && R.HighPC <= I1->HighPC)) { 78 if (++I2 == E2) 79 return true; 80 R = *I2; 81 continue; 82 } 83 if (!Covered) 84 return false; 85 if (R.LowPC < I1->HighPC) 86 R.LowPC = I1->HighPC; 87 ++I1; 88 } 89 return false; 90 } 91 92 bool DWARFVerifier::DieRangeInfo::intersects(const DieRangeInfo &RHS) const { 93 auto I1 = Ranges.begin(), E1 = Ranges.end(); 94 auto I2 = RHS.Ranges.begin(), E2 = RHS.Ranges.end(); 95 while (I1 != E1 && I2 != E2) { 96 if (I1->intersects(*I2)) 97 return true; 98 if (I1->LowPC < I2->LowPC) 99 ++I1; 100 else 101 ++I2; 102 } 103 return false; 104 } 105 106 bool DWARFVerifier::verifyUnitHeader(const DWARFDataExtractor DebugInfoData, 107 uint64_t *Offset, unsigned UnitIndex, 108 uint8_t &UnitType, bool &isUnitDWARF64) { 109 uint64_t AbbrOffset, Length; 110 uint8_t AddrSize = 0; 111 uint16_t Version; 112 bool Success = true; 113 114 bool ValidLength = false; 115 bool ValidVersion = false; 116 bool ValidAddrSize = false; 117 bool ValidType = true; 118 bool ValidAbbrevOffset = true; 119 120 uint64_t OffsetStart = *Offset; 121 DwarfFormat Format; 122 std::tie(Length, Format) = DebugInfoData.getInitialLength(Offset); 123 isUnitDWARF64 = Format == DWARF64; 124 Version = DebugInfoData.getU16(Offset); 125 126 if (Version >= 5) { 127 UnitType = DebugInfoData.getU8(Offset); 128 AddrSize = DebugInfoData.getU8(Offset); 129 AbbrOffset = isUnitDWARF64 ? DebugInfoData.getU64(Offset) : DebugInfoData.getU32(Offset); 130 ValidType = dwarf::isUnitType(UnitType); 131 } else { 132 UnitType = 0; 133 AbbrOffset = isUnitDWARF64 ? DebugInfoData.getU64(Offset) : DebugInfoData.getU32(Offset); 134 AddrSize = DebugInfoData.getU8(Offset); 135 } 136 137 if (!DCtx.getDebugAbbrev()->getAbbreviationDeclarationSet(AbbrOffset)) 138 ValidAbbrevOffset = false; 139 140 ValidLength = DebugInfoData.isValidOffset(OffsetStart + Length + 3); 141 ValidVersion = DWARFContext::isSupportedVersion(Version); 142 ValidAddrSize = DWARFContext::isAddressSizeSupported(AddrSize); 143 if (!ValidLength || !ValidVersion || !ValidAddrSize || !ValidAbbrevOffset || 144 !ValidType) { 145 Success = false; 146 error() << format("Units[%d] - start offset: 0x%08" PRIx64 " \n", UnitIndex, 147 OffsetStart); 148 if (!ValidLength) 149 note() << "The length for this unit is too " 150 "large for the .debug_info provided.\n"; 151 if (!ValidVersion) 152 note() << "The 16 bit unit header version is not valid.\n"; 153 if (!ValidType) 154 note() << "The unit type encoding is not valid.\n"; 155 if (!ValidAbbrevOffset) 156 note() << "The offset into the .debug_abbrev section is " 157 "not valid.\n"; 158 if (!ValidAddrSize) 159 note() << "The address size is unsupported.\n"; 160 } 161 *Offset = OffsetStart + Length + (isUnitDWARF64 ? 12 : 4); 162 return Success; 163 } 164 165 bool DWARFVerifier::verifyName(const DWARFDie &Die) { 166 // FIXME Add some kind of record of which DIE names have already failed and 167 // don't bother checking a DIE that uses an already failed DIE. 168 169 std::string ReconstructedName; 170 raw_string_ostream OS(ReconstructedName); 171 std::string OriginalFullName; 172 Die.getFullName(OS, &OriginalFullName); 173 OS.flush(); 174 if (!OriginalFullName.empty() && OriginalFullName != ReconstructedName) { 175 error() << "Simplified template DW_AT_name could not be reconstituted:\n" 176 << formatv(" original: {0}\n" 177 " reconstituted: {1}\n", 178 OriginalFullName, ReconstructedName); 179 dump(Die) << '\n'; 180 dump(Die.getDwarfUnit()->getUnitDIE()) << '\n'; 181 } 182 return 0; 183 } 184 185 unsigned DWARFVerifier::verifyUnitContents(DWARFUnit &Unit, 186 ReferenceMap &UnitLocalReferences, 187 ReferenceMap &CrossUnitReferences) { 188 unsigned NumUnitErrors = 0; 189 unsigned NumDies = Unit.getNumDIEs(); 190 for (unsigned I = 0; I < NumDies; ++I) { 191 auto Die = Unit.getDIEAtIndex(I); 192 193 if (Die.getTag() == DW_TAG_null) 194 continue; 195 196 for (auto AttrValue : Die.attributes()) { 197 NumUnitErrors += verifyDebugInfoAttribute(Die, AttrValue); 198 NumUnitErrors += verifyDebugInfoForm(Die, AttrValue, UnitLocalReferences, 199 CrossUnitReferences); 200 } 201 202 NumUnitErrors += verifyName(Die); 203 204 if (Die.hasChildren()) { 205 if (Die.getFirstChild().isValid() && 206 Die.getFirstChild().getTag() == DW_TAG_null) { 207 warn() << dwarf::TagString(Die.getTag()) 208 << " has DW_CHILDREN_yes but DIE has no children: "; 209 Die.dump(OS); 210 } 211 } 212 213 NumUnitErrors += verifyDebugInfoCallSite(Die); 214 } 215 216 DWARFDie Die = Unit.getUnitDIE(/* ExtractUnitDIEOnly = */ false); 217 if (!Die) { 218 error() << "Compilation unit without DIE.\n"; 219 NumUnitErrors++; 220 return NumUnitErrors; 221 } 222 223 if (!dwarf::isUnitType(Die.getTag())) { 224 error() << "Compilation unit root DIE is not a unit DIE: " 225 << dwarf::TagString(Die.getTag()) << ".\n"; 226 NumUnitErrors++; 227 } 228 229 uint8_t UnitType = Unit.getUnitType(); 230 if (!DWARFUnit::isMatchingUnitTypeAndTag(UnitType, Die.getTag())) { 231 error() << "Compilation unit type (" << dwarf::UnitTypeString(UnitType) 232 << ") and root DIE (" << dwarf::TagString(Die.getTag()) 233 << ") do not match.\n"; 234 NumUnitErrors++; 235 } 236 237 // According to DWARF Debugging Information Format Version 5, 238 // 3.1.2 Skeleton Compilation Unit Entries: 239 // "A skeleton compilation unit has no children." 240 if (Die.getTag() == dwarf::DW_TAG_skeleton_unit && Die.hasChildren()) { 241 error() << "Skeleton compilation unit has children.\n"; 242 NumUnitErrors++; 243 } 244 245 DieRangeInfo RI; 246 NumUnitErrors += verifyDieRanges(Die, RI); 247 248 return NumUnitErrors; 249 } 250 251 unsigned DWARFVerifier::verifyDebugInfoCallSite(const DWARFDie &Die) { 252 if (Die.getTag() != DW_TAG_call_site && Die.getTag() != DW_TAG_GNU_call_site) 253 return 0; 254 255 DWARFDie Curr = Die.getParent(); 256 for (; Curr.isValid() && !Curr.isSubprogramDIE(); Curr = Die.getParent()) { 257 if (Curr.getTag() == DW_TAG_inlined_subroutine) { 258 error() << "Call site entry nested within inlined subroutine:"; 259 Curr.dump(OS); 260 return 1; 261 } 262 } 263 264 if (!Curr.isValid()) { 265 error() << "Call site entry not nested within a valid subprogram:"; 266 Die.dump(OS); 267 return 1; 268 } 269 270 Optional<DWARFFormValue> CallAttr = 271 Curr.find({DW_AT_call_all_calls, DW_AT_call_all_source_calls, 272 DW_AT_call_all_tail_calls, DW_AT_GNU_all_call_sites, 273 DW_AT_GNU_all_source_call_sites, 274 DW_AT_GNU_all_tail_call_sites}); 275 if (!CallAttr) { 276 error() << "Subprogram with call site entry has no DW_AT_call attribute:"; 277 Curr.dump(OS); 278 Die.dump(OS, /*indent*/ 1); 279 return 1; 280 } 281 282 return 0; 283 } 284 285 unsigned DWARFVerifier::verifyAbbrevSection(const DWARFDebugAbbrev *Abbrev) { 286 unsigned NumErrors = 0; 287 if (Abbrev) { 288 const DWARFAbbreviationDeclarationSet *AbbrDecls = 289 Abbrev->getAbbreviationDeclarationSet(0); 290 for (auto AbbrDecl : *AbbrDecls) { 291 SmallDenseSet<uint16_t> AttributeSet; 292 for (auto Attribute : AbbrDecl.attributes()) { 293 auto Result = AttributeSet.insert(Attribute.Attr); 294 if (!Result.second) { 295 error() << "Abbreviation declaration contains multiple " 296 << AttributeString(Attribute.Attr) << " attributes.\n"; 297 AbbrDecl.dump(OS); 298 ++NumErrors; 299 } 300 } 301 } 302 } 303 return NumErrors; 304 } 305 306 bool DWARFVerifier::handleDebugAbbrev() { 307 OS << "Verifying .debug_abbrev...\n"; 308 309 const DWARFObject &DObj = DCtx.getDWARFObj(); 310 unsigned NumErrors = 0; 311 if (!DObj.getAbbrevSection().empty()) 312 NumErrors += verifyAbbrevSection(DCtx.getDebugAbbrev()); 313 if (!DObj.getAbbrevDWOSection().empty()) 314 NumErrors += verifyAbbrevSection(DCtx.getDebugAbbrevDWO()); 315 316 return NumErrors == 0; 317 } 318 319 unsigned DWARFVerifier::verifyUnitSection(const DWARFSection &S, 320 DWARFSectionKind SectionKind) { 321 const DWARFObject &DObj = DCtx.getDWARFObj(); 322 DWARFDataExtractor DebugInfoData(DObj, S, DCtx.isLittleEndian(), 0); 323 unsigned NumDebugInfoErrors = 0; 324 uint64_t OffsetStart = 0, Offset = 0, UnitIdx = 0; 325 uint8_t UnitType = 0; 326 bool isUnitDWARF64 = false; 327 bool isHeaderChainValid = true; 328 bool hasDIE = DebugInfoData.isValidOffset(Offset); 329 DWARFUnitVector TypeUnitVector; 330 DWARFUnitVector CompileUnitVector; 331 /// A map that tracks all references (converted absolute references) so we 332 /// can verify each reference points to a valid DIE and not an offset that 333 /// lies between to valid DIEs. 334 ReferenceMap CrossUnitReferences; 335 while (hasDIE) { 336 OffsetStart = Offset; 337 if (!verifyUnitHeader(DebugInfoData, &Offset, UnitIdx, UnitType, 338 isUnitDWARF64)) { 339 isHeaderChainValid = false; 340 if (isUnitDWARF64) 341 break; 342 } else { 343 DWARFUnitHeader Header; 344 Header.extract(DCtx, DebugInfoData, &OffsetStart, SectionKind); 345 ReferenceMap UnitLocalReferences; 346 DWARFUnit *Unit; 347 switch (UnitType) { 348 case dwarf::DW_UT_type: 349 case dwarf::DW_UT_split_type: { 350 Unit = TypeUnitVector.addUnit(std::make_unique<DWARFTypeUnit>( 351 DCtx, S, Header, DCtx.getDebugAbbrev(), &DObj.getRangesSection(), 352 &DObj.getLocSection(), DObj.getStrSection(), 353 DObj.getStrOffsetsSection(), &DObj.getAddrSection(), 354 DObj.getLineSection(), DCtx.isLittleEndian(), false, 355 TypeUnitVector)); 356 break; 357 } 358 case dwarf::DW_UT_skeleton: 359 case dwarf::DW_UT_split_compile: 360 case dwarf::DW_UT_compile: 361 case dwarf::DW_UT_partial: 362 // UnitType = 0 means that we are verifying a compile unit in DWARF v4. 363 case 0: { 364 Unit = CompileUnitVector.addUnit(std::make_unique<DWARFCompileUnit>( 365 DCtx, S, Header, DCtx.getDebugAbbrev(), &DObj.getRangesSection(), 366 &DObj.getLocSection(), DObj.getStrSection(), 367 DObj.getStrOffsetsSection(), &DObj.getAddrSection(), 368 DObj.getLineSection(), DCtx.isLittleEndian(), false, 369 CompileUnitVector)); 370 break; 371 } 372 default: { llvm_unreachable("Invalid UnitType."); } 373 } 374 NumDebugInfoErrors += 375 verifyUnitContents(*Unit, UnitLocalReferences, CrossUnitReferences); 376 NumDebugInfoErrors += verifyDebugInfoReferences( 377 UnitLocalReferences, [&](uint64_t Offset) { return Unit; }); 378 } 379 hasDIE = DebugInfoData.isValidOffset(Offset); 380 ++UnitIdx; 381 } 382 if (UnitIdx == 0 && !hasDIE) { 383 warn() << "Section is empty.\n"; 384 isHeaderChainValid = true; 385 } 386 if (!isHeaderChainValid) 387 ++NumDebugInfoErrors; 388 NumDebugInfoErrors += verifyDebugInfoReferences( 389 CrossUnitReferences, [&](uint64_t Offset) -> DWARFUnit * { 390 if (DWARFUnit *U = TypeUnitVector.getUnitForOffset(Offset)) 391 return U; 392 if (DWARFUnit *U = CompileUnitVector.getUnitForOffset(Offset)) 393 return U; 394 return nullptr; 395 }); 396 return NumDebugInfoErrors; 397 } 398 399 bool DWARFVerifier::handleDebugInfo() { 400 const DWARFObject &DObj = DCtx.getDWARFObj(); 401 unsigned NumErrors = 0; 402 403 OS << "Verifying .debug_info Unit Header Chain...\n"; 404 DObj.forEachInfoSections([&](const DWARFSection &S) { 405 NumErrors += verifyUnitSection(S, DW_SECT_INFO); 406 }); 407 408 OS << "Verifying .debug_types Unit Header Chain...\n"; 409 DObj.forEachTypesSections([&](const DWARFSection &S) { 410 NumErrors += verifyUnitSection(S, DW_SECT_EXT_TYPES); 411 }); 412 return NumErrors == 0; 413 } 414 415 unsigned DWARFVerifier::verifyDieRanges(const DWARFDie &Die, 416 DieRangeInfo &ParentRI) { 417 unsigned NumErrors = 0; 418 419 if (!Die.isValid()) 420 return NumErrors; 421 422 auto RangesOrError = Die.getAddressRanges(); 423 if (!RangesOrError) { 424 // FIXME: Report the error. 425 ++NumErrors; 426 llvm::consumeError(RangesOrError.takeError()); 427 return NumErrors; 428 } 429 430 const DWARFAddressRangesVector &Ranges = RangesOrError.get(); 431 // Build RI for this DIE and check that ranges within this DIE do not 432 // overlap. 433 DieRangeInfo RI(Die); 434 435 // TODO support object files better 436 // 437 // Some object file formats (i.e. non-MachO) support COMDAT. ELF in 438 // particular does so by placing each function into a section. The DWARF data 439 // for the function at that point uses a section relative DW_FORM_addrp for 440 // the DW_AT_low_pc and a DW_FORM_data4 for the offset as the DW_AT_high_pc. 441 // In such a case, when the Die is the CU, the ranges will overlap, and we 442 // will flag valid conflicting ranges as invalid. 443 // 444 // For such targets, we should read the ranges from the CU and partition them 445 // by the section id. The ranges within a particular section should be 446 // disjoint, although the ranges across sections may overlap. We would map 447 // the child die to the entity that it references and the section with which 448 // it is associated. The child would then be checked against the range 449 // information for the associated section. 450 // 451 // For now, simply elide the range verification for the CU DIEs if we are 452 // processing an object file. 453 454 if (!IsObjectFile || IsMachOObject || Die.getTag() != DW_TAG_compile_unit) { 455 bool DumpDieAfterError = false; 456 for (const auto &Range : Ranges) { 457 if (!Range.valid()) { 458 ++NumErrors; 459 error() << "Invalid address range " << Range << "\n"; 460 DumpDieAfterError = true; 461 continue; 462 } 463 464 // Verify that ranges don't intersect and also build up the DieRangeInfo 465 // address ranges. Don't break out of the loop below early, or we will 466 // think this DIE doesn't have all of the address ranges it is supposed 467 // to have. Compile units often have DW_AT_ranges that can contain one or 468 // more dead stripped address ranges which tend to all be at the same 469 // address: 0 or -1. 470 if (auto PrevRange = RI.insert(Range)) { 471 ++NumErrors; 472 error() << "DIE has overlapping ranges in DW_AT_ranges attribute: " 473 << *PrevRange << " and " << Range << '\n'; 474 DumpDieAfterError = true; 475 } 476 } 477 if (DumpDieAfterError) 478 dump(Die, 2) << '\n'; 479 } 480 481 // Verify that children don't intersect. 482 const auto IntersectingChild = ParentRI.insert(RI); 483 if (IntersectingChild != ParentRI.Children.end()) { 484 ++NumErrors; 485 error() << "DIEs have overlapping address ranges:"; 486 dump(Die); 487 dump(IntersectingChild->Die) << '\n'; 488 } 489 490 // Verify that ranges are contained within their parent. 491 bool ShouldBeContained = !RI.Ranges.empty() && !ParentRI.Ranges.empty() && 492 !(Die.getTag() == DW_TAG_subprogram && 493 ParentRI.Die.getTag() == DW_TAG_subprogram); 494 if (ShouldBeContained && !ParentRI.contains(RI)) { 495 ++NumErrors; 496 error() << "DIE address ranges are not contained in its parent's ranges:"; 497 dump(ParentRI.Die); 498 dump(Die, 2) << '\n'; 499 } 500 501 // Recursively check children. 502 for (DWARFDie Child : Die) 503 NumErrors += verifyDieRanges(Child, RI); 504 505 return NumErrors; 506 } 507 508 unsigned DWARFVerifier::verifyDebugInfoAttribute(const DWARFDie &Die, 509 DWARFAttribute &AttrValue) { 510 unsigned NumErrors = 0; 511 auto ReportError = [&](const Twine &TitleMsg) { 512 ++NumErrors; 513 error() << TitleMsg << '\n'; 514 dump(Die) << '\n'; 515 }; 516 517 const DWARFObject &DObj = DCtx.getDWARFObj(); 518 const auto Attr = AttrValue.Attr; 519 switch (Attr) { 520 case DW_AT_ranges: 521 // Make sure the offset in the DW_AT_ranges attribute is valid. 522 if (auto SectionOffset = AttrValue.Value.getAsSectionOffset()) { 523 unsigned DwarfVersion = Die.getDwarfUnit()->getVersion(); 524 const DWARFSection &RangeSection = DwarfVersion < 5 525 ? DObj.getRangesSection() 526 : DObj.getRnglistsSection(); 527 if (*SectionOffset >= RangeSection.Data.size()) 528 ReportError( 529 "DW_AT_ranges offset is beyond " + 530 StringRef(DwarfVersion < 5 ? ".debug_ranges" : ".debug_rnglists") + 531 " bounds: " + llvm::formatv("{0:x8}", *SectionOffset)); 532 break; 533 } 534 ReportError("DIE has invalid DW_AT_ranges encoding:"); 535 break; 536 case DW_AT_stmt_list: 537 // Make sure the offset in the DW_AT_stmt_list attribute is valid. 538 if (auto SectionOffset = AttrValue.Value.getAsSectionOffset()) { 539 if (*SectionOffset >= DObj.getLineSection().Data.size()) 540 ReportError("DW_AT_stmt_list offset is beyond .debug_line bounds: " + 541 llvm::formatv("{0:x8}", *SectionOffset)); 542 break; 543 } 544 ReportError("DIE has invalid DW_AT_stmt_list encoding:"); 545 break; 546 case DW_AT_location: { 547 if (Expected<std::vector<DWARFLocationExpression>> Loc = 548 Die.getLocations(DW_AT_location)) { 549 DWARFUnit *U = Die.getDwarfUnit(); 550 for (const auto &Entry : *Loc) { 551 DataExtractor Data(toStringRef(Entry.Expr), DCtx.isLittleEndian(), 0); 552 DWARFExpression Expression(Data, U->getAddressByteSize(), 553 U->getFormParams().Format); 554 bool Error = any_of(Expression, [](DWARFExpression::Operation &Op) { 555 return Op.isError(); 556 }); 557 if (Error || !Expression.verify(U)) 558 ReportError("DIE contains invalid DWARF expression:"); 559 } 560 } else 561 ReportError(toString(Loc.takeError())); 562 break; 563 } 564 case DW_AT_specification: 565 case DW_AT_abstract_origin: { 566 if (auto ReferencedDie = Die.getAttributeValueAsReferencedDie(Attr)) { 567 auto DieTag = Die.getTag(); 568 auto RefTag = ReferencedDie.getTag(); 569 if (DieTag == RefTag) 570 break; 571 if (DieTag == DW_TAG_inlined_subroutine && RefTag == DW_TAG_subprogram) 572 break; 573 if (DieTag == DW_TAG_variable && RefTag == DW_TAG_member) 574 break; 575 // This might be reference to a function declaration. 576 if (DieTag == DW_TAG_GNU_call_site && RefTag == DW_TAG_subprogram) 577 break; 578 ReportError("DIE with tag " + TagString(DieTag) + " has " + 579 AttributeString(Attr) + 580 " that points to DIE with " 581 "incompatible tag " + 582 TagString(RefTag)); 583 } 584 break; 585 } 586 case DW_AT_type: { 587 DWARFDie TypeDie = Die.getAttributeValueAsReferencedDie(DW_AT_type); 588 if (TypeDie && !isType(TypeDie.getTag())) { 589 ReportError("DIE has " + AttributeString(Attr) + 590 " with incompatible tag " + TagString(TypeDie.getTag())); 591 } 592 break; 593 } 594 case DW_AT_call_file: 595 case DW_AT_decl_file: { 596 if (auto FileIdx = AttrValue.Value.getAsUnsignedConstant()) { 597 DWARFUnit *U = Die.getDwarfUnit(); 598 const auto *LT = U->getContext().getLineTableForUnit(U); 599 if (LT) { 600 if (!LT->hasFileAtIndex(*FileIdx)) { 601 bool IsZeroIndexed = LT->Prologue.getVersion() >= 5; 602 if (Optional<uint64_t> LastFileIdx = LT->getLastValidFileIndex()) { 603 ReportError("DIE has " + AttributeString(Attr) + 604 " with an invalid file index " + 605 llvm::formatv("{0}", *FileIdx) + 606 " (valid values are [" + (IsZeroIndexed ? "0-" : "1-") + 607 llvm::formatv("{0}", *LastFileIdx) + "])"); 608 } else { 609 ReportError("DIE has " + AttributeString(Attr) + 610 " with an invalid file index " + 611 llvm::formatv("{0}", *FileIdx) + 612 " (the file table in the prologue is empty)"); 613 } 614 } 615 } else { 616 ReportError("DIE has " + AttributeString(Attr) + 617 " that references a file with index " + 618 llvm::formatv("{0}", *FileIdx) + 619 " and the compile unit has no line table"); 620 } 621 } else { 622 ReportError("DIE has " + AttributeString(Attr) + 623 " with invalid encoding"); 624 } 625 break; 626 } 627 default: 628 break; 629 } 630 return NumErrors; 631 } 632 633 unsigned DWARFVerifier::verifyDebugInfoForm(const DWARFDie &Die, 634 DWARFAttribute &AttrValue, 635 ReferenceMap &LocalReferences, 636 ReferenceMap &CrossUnitReferences) { 637 const DWARFObject &DObj = DCtx.getDWARFObj(); 638 auto DieCU = Die.getDwarfUnit(); 639 unsigned NumErrors = 0; 640 const auto Form = AttrValue.Value.getForm(); 641 switch (Form) { 642 case DW_FORM_ref1: 643 case DW_FORM_ref2: 644 case DW_FORM_ref4: 645 case DW_FORM_ref8: 646 case DW_FORM_ref_udata: { 647 // Verify all CU relative references are valid CU offsets. 648 Optional<uint64_t> RefVal = AttrValue.Value.getAsReference(); 649 assert(RefVal); 650 if (RefVal) { 651 auto CUSize = DieCU->getNextUnitOffset() - DieCU->getOffset(); 652 auto CUOffset = AttrValue.Value.getRawUValue(); 653 if (CUOffset >= CUSize) { 654 ++NumErrors; 655 error() << FormEncodingString(Form) << " CU offset " 656 << format("0x%08" PRIx64, CUOffset) 657 << " is invalid (must be less than CU size of " 658 << format("0x%08" PRIx64, CUSize) << "):\n"; 659 Die.dump(OS, 0, DumpOpts); 660 dump(Die) << '\n'; 661 } else { 662 // Valid reference, but we will verify it points to an actual 663 // DIE later. 664 LocalReferences[*RefVal].insert(Die.getOffset()); 665 } 666 } 667 break; 668 } 669 case DW_FORM_ref_addr: { 670 // Verify all absolute DIE references have valid offsets in the 671 // .debug_info section. 672 Optional<uint64_t> RefVal = AttrValue.Value.getAsReference(); 673 assert(RefVal); 674 if (RefVal) { 675 if (*RefVal >= DieCU->getInfoSection().Data.size()) { 676 ++NumErrors; 677 error() << "DW_FORM_ref_addr offset beyond .debug_info " 678 "bounds:\n"; 679 dump(Die) << '\n'; 680 } else { 681 // Valid reference, but we will verify it points to an actual 682 // DIE later. 683 CrossUnitReferences[*RefVal].insert(Die.getOffset()); 684 } 685 } 686 break; 687 } 688 case DW_FORM_strp: { 689 auto SecOffset = AttrValue.Value.getAsSectionOffset(); 690 assert(SecOffset); // DW_FORM_strp is a section offset. 691 if (SecOffset && *SecOffset >= DObj.getStrSection().size()) { 692 ++NumErrors; 693 error() << "DW_FORM_strp offset beyond .debug_str bounds:\n"; 694 dump(Die) << '\n'; 695 } 696 break; 697 } 698 case DW_FORM_strx: 699 case DW_FORM_strx1: 700 case DW_FORM_strx2: 701 case DW_FORM_strx3: 702 case DW_FORM_strx4: { 703 auto Index = AttrValue.Value.getRawUValue(); 704 auto DieCU = Die.getDwarfUnit(); 705 // Check that we have a valid DWARF v5 string offsets table. 706 if (!DieCU->getStringOffsetsTableContribution()) { 707 ++NumErrors; 708 error() << FormEncodingString(Form) 709 << " used without a valid string offsets table:\n"; 710 dump(Die) << '\n'; 711 break; 712 } 713 // Check that the index is within the bounds of the section. 714 unsigned ItemSize = DieCU->getDwarfStringOffsetsByteSize(); 715 // Use a 64-bit type to calculate the offset to guard against overflow. 716 uint64_t Offset = 717 (uint64_t)DieCU->getStringOffsetsBase() + Index * ItemSize; 718 if (DObj.getStrOffsetsSection().Data.size() < Offset + ItemSize) { 719 ++NumErrors; 720 error() << FormEncodingString(Form) << " uses index " 721 << format("%" PRIu64, Index) << ", which is too large:\n"; 722 dump(Die) << '\n'; 723 break; 724 } 725 // Check that the string offset is valid. 726 uint64_t StringOffset = *DieCU->getStringOffsetSectionItem(Index); 727 if (StringOffset >= DObj.getStrSection().size()) { 728 ++NumErrors; 729 error() << FormEncodingString(Form) << " uses index " 730 << format("%" PRIu64, Index) 731 << ", but the referenced string" 732 " offset is beyond .debug_str bounds:\n"; 733 dump(Die) << '\n'; 734 } 735 break; 736 } 737 default: 738 break; 739 } 740 return NumErrors; 741 } 742 743 unsigned DWARFVerifier::verifyDebugInfoReferences( 744 const ReferenceMap &References, 745 llvm::function_ref<DWARFUnit *(uint64_t)> GetUnitForOffset) { 746 auto GetDIEForOffset = [&](uint64_t Offset) { 747 if (DWARFUnit *U = GetUnitForOffset(Offset)) 748 return U->getDIEForOffset(Offset); 749 return DWARFDie(); 750 }; 751 unsigned NumErrors = 0; 752 for (const std::pair<const uint64_t, std::set<uint64_t>> &Pair : 753 References) { 754 if (GetDIEForOffset(Pair.first)) 755 continue; 756 ++NumErrors; 757 error() << "invalid DIE reference " << format("0x%08" PRIx64, Pair.first) 758 << ". Offset is in between DIEs:\n"; 759 for (auto Offset : Pair.second) 760 dump(GetDIEForOffset(Offset)) << '\n'; 761 OS << "\n"; 762 } 763 return NumErrors; 764 } 765 766 void DWARFVerifier::verifyDebugLineStmtOffsets() { 767 std::map<uint64_t, DWARFDie> StmtListToDie; 768 for (const auto &CU : DCtx.compile_units()) { 769 auto Die = CU->getUnitDIE(); 770 // Get the attribute value as a section offset. No need to produce an 771 // error here if the encoding isn't correct because we validate this in 772 // the .debug_info verifier. 773 auto StmtSectionOffset = toSectionOffset(Die.find(DW_AT_stmt_list)); 774 if (!StmtSectionOffset) 775 continue; 776 const uint64_t LineTableOffset = *StmtSectionOffset; 777 auto LineTable = DCtx.getLineTableForUnit(CU.get()); 778 if (LineTableOffset < DCtx.getDWARFObj().getLineSection().Data.size()) { 779 if (!LineTable) { 780 ++NumDebugLineErrors; 781 error() << ".debug_line[" << format("0x%08" PRIx64, LineTableOffset) 782 << "] was not able to be parsed for CU:\n"; 783 dump(Die) << '\n'; 784 continue; 785 } 786 } else { 787 // Make sure we don't get a valid line table back if the offset is wrong. 788 assert(LineTable == nullptr); 789 // Skip this line table as it isn't valid. No need to create an error 790 // here because we validate this in the .debug_info verifier. 791 continue; 792 } 793 auto Iter = StmtListToDie.find(LineTableOffset); 794 if (Iter != StmtListToDie.end()) { 795 ++NumDebugLineErrors; 796 error() << "two compile unit DIEs, " 797 << format("0x%08" PRIx64, Iter->second.getOffset()) << " and " 798 << format("0x%08" PRIx64, Die.getOffset()) 799 << ", have the same DW_AT_stmt_list section offset:\n"; 800 dump(Iter->second); 801 dump(Die) << '\n'; 802 // Already verified this line table before, no need to do it again. 803 continue; 804 } 805 StmtListToDie[LineTableOffset] = Die; 806 } 807 } 808 809 void DWARFVerifier::verifyDebugLineRows() { 810 for (const auto &CU : DCtx.compile_units()) { 811 auto Die = CU->getUnitDIE(); 812 auto LineTable = DCtx.getLineTableForUnit(CU.get()); 813 // If there is no line table we will have created an error in the 814 // .debug_info verifier or in verifyDebugLineStmtOffsets(). 815 if (!LineTable) 816 continue; 817 818 // Verify prologue. 819 uint32_t MaxDirIndex = LineTable->Prologue.IncludeDirectories.size(); 820 uint32_t FileIndex = 1; 821 StringMap<uint16_t> FullPathMap; 822 for (const auto &FileName : LineTable->Prologue.FileNames) { 823 // Verify directory index. 824 if (FileName.DirIdx > MaxDirIndex) { 825 ++NumDebugLineErrors; 826 error() << ".debug_line[" 827 << format("0x%08" PRIx64, 828 *toSectionOffset(Die.find(DW_AT_stmt_list))) 829 << "].prologue.file_names[" << FileIndex 830 << "].dir_idx contains an invalid index: " << FileName.DirIdx 831 << "\n"; 832 } 833 834 // Check file paths for duplicates. 835 std::string FullPath; 836 const bool HasFullPath = LineTable->getFileNameByIndex( 837 FileIndex, CU->getCompilationDir(), 838 DILineInfoSpecifier::FileLineInfoKind::AbsoluteFilePath, FullPath); 839 assert(HasFullPath && "Invalid index?"); 840 (void)HasFullPath; 841 auto It = FullPathMap.find(FullPath); 842 if (It == FullPathMap.end()) 843 FullPathMap[FullPath] = FileIndex; 844 else if (It->second != FileIndex) { 845 warn() << ".debug_line[" 846 << format("0x%08" PRIx64, 847 *toSectionOffset(Die.find(DW_AT_stmt_list))) 848 << "].prologue.file_names[" << FileIndex 849 << "] is a duplicate of file_names[" << It->second << "]\n"; 850 } 851 852 FileIndex++; 853 } 854 855 // Verify rows. 856 uint64_t PrevAddress = 0; 857 uint32_t RowIndex = 0; 858 for (const auto &Row : LineTable->Rows) { 859 // Verify row address. 860 if (Row.Address.Address < PrevAddress) { 861 ++NumDebugLineErrors; 862 error() << ".debug_line[" 863 << format("0x%08" PRIx64, 864 *toSectionOffset(Die.find(DW_AT_stmt_list))) 865 << "] row[" << RowIndex 866 << "] decreases in address from previous row:\n"; 867 868 DWARFDebugLine::Row::dumpTableHeader(OS, 0); 869 if (RowIndex > 0) 870 LineTable->Rows[RowIndex - 1].dump(OS); 871 Row.dump(OS); 872 OS << '\n'; 873 } 874 875 // Verify file index. 876 if (!LineTable->hasFileAtIndex(Row.File)) { 877 ++NumDebugLineErrors; 878 bool isDWARF5 = LineTable->Prologue.getVersion() >= 5; 879 error() << ".debug_line[" 880 << format("0x%08" PRIx64, 881 *toSectionOffset(Die.find(DW_AT_stmt_list))) 882 << "][" << RowIndex << "] has invalid file index " << Row.File 883 << " (valid values are [" << (isDWARF5 ? "0," : "1,") 884 << LineTable->Prologue.FileNames.size() 885 << (isDWARF5 ? ")" : "]") << "):\n"; 886 DWARFDebugLine::Row::dumpTableHeader(OS, 0); 887 Row.dump(OS); 888 OS << '\n'; 889 } 890 if (Row.EndSequence) 891 PrevAddress = 0; 892 else 893 PrevAddress = Row.Address.Address; 894 ++RowIndex; 895 } 896 } 897 } 898 899 DWARFVerifier::DWARFVerifier(raw_ostream &S, DWARFContext &D, 900 DIDumpOptions DumpOpts) 901 : OS(S), DCtx(D), DumpOpts(std::move(DumpOpts)), IsObjectFile(false), 902 IsMachOObject(false) { 903 if (const auto *F = DCtx.getDWARFObj().getFile()) { 904 IsObjectFile = F->isRelocatableObject(); 905 IsMachOObject = F->isMachO(); 906 } 907 } 908 909 bool DWARFVerifier::handleDebugLine() { 910 NumDebugLineErrors = 0; 911 OS << "Verifying .debug_line...\n"; 912 verifyDebugLineStmtOffsets(); 913 verifyDebugLineRows(); 914 return NumDebugLineErrors == 0; 915 } 916 917 unsigned DWARFVerifier::verifyAppleAccelTable(const DWARFSection *AccelSection, 918 DataExtractor *StrData, 919 const char *SectionName) { 920 unsigned NumErrors = 0; 921 DWARFDataExtractor AccelSectionData(DCtx.getDWARFObj(), *AccelSection, 922 DCtx.isLittleEndian(), 0); 923 AppleAcceleratorTable AccelTable(AccelSectionData, *StrData); 924 925 OS << "Verifying " << SectionName << "...\n"; 926 927 // Verify that the fixed part of the header is not too short. 928 if (!AccelSectionData.isValidOffset(AccelTable.getSizeHdr())) { 929 error() << "Section is too small to fit a section header.\n"; 930 return 1; 931 } 932 933 // Verify that the section is not too short. 934 if (Error E = AccelTable.extract()) { 935 error() << toString(std::move(E)) << '\n'; 936 return 1; 937 } 938 939 // Verify that all buckets have a valid hash index or are empty. 940 uint32_t NumBuckets = AccelTable.getNumBuckets(); 941 uint32_t NumHashes = AccelTable.getNumHashes(); 942 943 uint64_t BucketsOffset = 944 AccelTable.getSizeHdr() + AccelTable.getHeaderDataLength(); 945 uint64_t HashesBase = BucketsOffset + NumBuckets * 4; 946 uint64_t OffsetsBase = HashesBase + NumHashes * 4; 947 for (uint32_t BucketIdx = 0; BucketIdx < NumBuckets; ++BucketIdx) { 948 uint32_t HashIdx = AccelSectionData.getU32(&BucketsOffset); 949 if (HashIdx >= NumHashes && HashIdx != UINT32_MAX) { 950 error() << format("Bucket[%d] has invalid hash index: %u.\n", BucketIdx, 951 HashIdx); 952 ++NumErrors; 953 } 954 } 955 uint32_t NumAtoms = AccelTable.getAtomsDesc().size(); 956 if (NumAtoms == 0) { 957 error() << "No atoms: failed to read HashData.\n"; 958 return 1; 959 } 960 if (!AccelTable.validateForms()) { 961 error() << "Unsupported form: failed to read HashData.\n"; 962 return 1; 963 } 964 965 for (uint32_t HashIdx = 0; HashIdx < NumHashes; ++HashIdx) { 966 uint64_t HashOffset = HashesBase + 4 * HashIdx; 967 uint64_t DataOffset = OffsetsBase + 4 * HashIdx; 968 uint32_t Hash = AccelSectionData.getU32(&HashOffset); 969 uint64_t HashDataOffset = AccelSectionData.getU32(&DataOffset); 970 if (!AccelSectionData.isValidOffsetForDataOfSize(HashDataOffset, 971 sizeof(uint64_t))) { 972 error() << format("Hash[%d] has invalid HashData offset: " 973 "0x%08" PRIx64 ".\n", 974 HashIdx, HashDataOffset); 975 ++NumErrors; 976 } 977 978 uint64_t StrpOffset; 979 uint64_t StringOffset; 980 uint32_t StringCount = 0; 981 uint64_t Offset; 982 unsigned Tag; 983 while ((StrpOffset = AccelSectionData.getU32(&HashDataOffset)) != 0) { 984 const uint32_t NumHashDataObjects = 985 AccelSectionData.getU32(&HashDataOffset); 986 for (uint32_t HashDataIdx = 0; HashDataIdx < NumHashDataObjects; 987 ++HashDataIdx) { 988 std::tie(Offset, Tag) = AccelTable.readAtoms(&HashDataOffset); 989 auto Die = DCtx.getDIEForOffset(Offset); 990 if (!Die) { 991 const uint32_t BucketIdx = 992 NumBuckets ? (Hash % NumBuckets) : UINT32_MAX; 993 StringOffset = StrpOffset; 994 const char *Name = StrData->getCStr(&StringOffset); 995 if (!Name) 996 Name = "<NULL>"; 997 998 error() << format( 999 "%s Bucket[%d] Hash[%d] = 0x%08x " 1000 "Str[%u] = 0x%08" PRIx64 " DIE[%d] = 0x%08" PRIx64 " " 1001 "is not a valid DIE offset for \"%s\".\n", 1002 SectionName, BucketIdx, HashIdx, Hash, StringCount, StrpOffset, 1003 HashDataIdx, Offset, Name); 1004 1005 ++NumErrors; 1006 continue; 1007 } 1008 if ((Tag != dwarf::DW_TAG_null) && (Die.getTag() != Tag)) { 1009 error() << "Tag " << dwarf::TagString(Tag) 1010 << " in accelerator table does not match Tag " 1011 << dwarf::TagString(Die.getTag()) << " of DIE[" << HashDataIdx 1012 << "].\n"; 1013 ++NumErrors; 1014 } 1015 } 1016 ++StringCount; 1017 } 1018 } 1019 return NumErrors; 1020 } 1021 1022 unsigned 1023 DWARFVerifier::verifyDebugNamesCULists(const DWARFDebugNames &AccelTable) { 1024 // A map from CU offset to the (first) Name Index offset which claims to index 1025 // this CU. 1026 DenseMap<uint64_t, uint64_t> CUMap; 1027 const uint64_t NotIndexed = std::numeric_limits<uint64_t>::max(); 1028 1029 CUMap.reserve(DCtx.getNumCompileUnits()); 1030 for (const auto &CU : DCtx.compile_units()) 1031 CUMap[CU->getOffset()] = NotIndexed; 1032 1033 unsigned NumErrors = 0; 1034 for (const DWARFDebugNames::NameIndex &NI : AccelTable) { 1035 if (NI.getCUCount() == 0) { 1036 error() << formatv("Name Index @ {0:x} does not index any CU\n", 1037 NI.getUnitOffset()); 1038 ++NumErrors; 1039 continue; 1040 } 1041 for (uint32_t CU = 0, End = NI.getCUCount(); CU < End; ++CU) { 1042 uint64_t Offset = NI.getCUOffset(CU); 1043 auto Iter = CUMap.find(Offset); 1044 1045 if (Iter == CUMap.end()) { 1046 error() << formatv( 1047 "Name Index @ {0:x} references a non-existing CU @ {1:x}\n", 1048 NI.getUnitOffset(), Offset); 1049 ++NumErrors; 1050 continue; 1051 } 1052 1053 if (Iter->second != NotIndexed) { 1054 error() << formatv("Name Index @ {0:x} references a CU @ {1:x}, but " 1055 "this CU is already indexed by Name Index @ {2:x}\n", 1056 NI.getUnitOffset(), Offset, Iter->second); 1057 continue; 1058 } 1059 Iter->second = NI.getUnitOffset(); 1060 } 1061 } 1062 1063 for (const auto &KV : CUMap) { 1064 if (KV.second == NotIndexed) 1065 warn() << formatv("CU @ {0:x} not covered by any Name Index\n", KV.first); 1066 } 1067 1068 return NumErrors; 1069 } 1070 1071 unsigned 1072 DWARFVerifier::verifyNameIndexBuckets(const DWARFDebugNames::NameIndex &NI, 1073 const DataExtractor &StrData) { 1074 struct BucketInfo { 1075 uint32_t Bucket; 1076 uint32_t Index; 1077 1078 constexpr BucketInfo(uint32_t Bucket, uint32_t Index) 1079 : Bucket(Bucket), Index(Index) {} 1080 bool operator<(const BucketInfo &RHS) const { return Index < RHS.Index; } 1081 }; 1082 1083 uint32_t NumErrors = 0; 1084 if (NI.getBucketCount() == 0) { 1085 warn() << formatv("Name Index @ {0:x} does not contain a hash table.\n", 1086 NI.getUnitOffset()); 1087 return NumErrors; 1088 } 1089 1090 // Build up a list of (Bucket, Index) pairs. We use this later to verify that 1091 // each Name is reachable from the appropriate bucket. 1092 std::vector<BucketInfo> BucketStarts; 1093 BucketStarts.reserve(NI.getBucketCount() + 1); 1094 for (uint32_t Bucket = 0, End = NI.getBucketCount(); Bucket < End; ++Bucket) { 1095 uint32_t Index = NI.getBucketArrayEntry(Bucket); 1096 if (Index > NI.getNameCount()) { 1097 error() << formatv("Bucket {0} of Name Index @ {1:x} contains invalid " 1098 "value {2}. Valid range is [0, {3}].\n", 1099 Bucket, NI.getUnitOffset(), Index, NI.getNameCount()); 1100 ++NumErrors; 1101 continue; 1102 } 1103 if (Index > 0) 1104 BucketStarts.emplace_back(Bucket, Index); 1105 } 1106 1107 // If there were any buckets with invalid values, skip further checks as they 1108 // will likely produce many errors which will only confuse the actual root 1109 // problem. 1110 if (NumErrors > 0) 1111 return NumErrors; 1112 1113 // Sort the list in the order of increasing "Index" entries. 1114 array_pod_sort(BucketStarts.begin(), BucketStarts.end()); 1115 1116 // Insert a sentinel entry at the end, so we can check that the end of the 1117 // table is covered in the loop below. 1118 BucketStarts.emplace_back(NI.getBucketCount(), NI.getNameCount() + 1); 1119 1120 // Loop invariant: NextUncovered is the (1-based) index of the first Name 1121 // which is not reachable by any of the buckets we processed so far (and 1122 // hasn't been reported as uncovered). 1123 uint32_t NextUncovered = 1; 1124 for (const BucketInfo &B : BucketStarts) { 1125 // Under normal circumstances B.Index be equal to NextUncovered, but it can 1126 // be less if a bucket points to names which are already known to be in some 1127 // bucket we processed earlier. In that case, we won't trigger this error, 1128 // but report the mismatched hash value error instead. (We know the hash 1129 // will not match because we have already verified that the name's hash 1130 // puts it into the previous bucket.) 1131 if (B.Index > NextUncovered) { 1132 error() << formatv("Name Index @ {0:x}: Name table entries [{1}, {2}] " 1133 "are not covered by the hash table.\n", 1134 NI.getUnitOffset(), NextUncovered, B.Index - 1); 1135 ++NumErrors; 1136 } 1137 uint32_t Idx = B.Index; 1138 1139 // The rest of the checks apply only to non-sentinel entries. 1140 if (B.Bucket == NI.getBucketCount()) 1141 break; 1142 1143 // This triggers if a non-empty bucket points to a name with a mismatched 1144 // hash. Clients are likely to interpret this as an empty bucket, because a 1145 // mismatched hash signals the end of a bucket, but if this is indeed an 1146 // empty bucket, the producer should have signalled this by marking the 1147 // bucket as empty. 1148 uint32_t FirstHash = NI.getHashArrayEntry(Idx); 1149 if (FirstHash % NI.getBucketCount() != B.Bucket) { 1150 error() << formatv( 1151 "Name Index @ {0:x}: Bucket {1} is not empty but points to a " 1152 "mismatched hash value {2:x} (belonging to bucket {3}).\n", 1153 NI.getUnitOffset(), B.Bucket, FirstHash, 1154 FirstHash % NI.getBucketCount()); 1155 ++NumErrors; 1156 } 1157 1158 // This find the end of this bucket and also verifies that all the hashes in 1159 // this bucket are correct by comparing the stored hashes to the ones we 1160 // compute ourselves. 1161 while (Idx <= NI.getNameCount()) { 1162 uint32_t Hash = NI.getHashArrayEntry(Idx); 1163 if (Hash % NI.getBucketCount() != B.Bucket) 1164 break; 1165 1166 const char *Str = NI.getNameTableEntry(Idx).getString(); 1167 if (caseFoldingDjbHash(Str) != Hash) { 1168 error() << formatv("Name Index @ {0:x}: String ({1}) at index {2} " 1169 "hashes to {3:x}, but " 1170 "the Name Index hash is {4:x}\n", 1171 NI.getUnitOffset(), Str, Idx, 1172 caseFoldingDjbHash(Str), Hash); 1173 ++NumErrors; 1174 } 1175 1176 ++Idx; 1177 } 1178 NextUncovered = std::max(NextUncovered, Idx); 1179 } 1180 return NumErrors; 1181 } 1182 1183 unsigned DWARFVerifier::verifyNameIndexAttribute( 1184 const DWARFDebugNames::NameIndex &NI, const DWARFDebugNames::Abbrev &Abbr, 1185 DWARFDebugNames::AttributeEncoding AttrEnc) { 1186 StringRef FormName = dwarf::FormEncodingString(AttrEnc.Form); 1187 if (FormName.empty()) { 1188 error() << formatv("NameIndex @ {0:x}: Abbreviation {1:x}: {2} uses an " 1189 "unknown form: {3}.\n", 1190 NI.getUnitOffset(), Abbr.Code, AttrEnc.Index, 1191 AttrEnc.Form); 1192 return 1; 1193 } 1194 1195 if (AttrEnc.Index == DW_IDX_type_hash) { 1196 if (AttrEnc.Form != dwarf::DW_FORM_data8) { 1197 error() << formatv( 1198 "NameIndex @ {0:x}: Abbreviation {1:x}: DW_IDX_type_hash " 1199 "uses an unexpected form {2} (should be {3}).\n", 1200 NI.getUnitOffset(), Abbr.Code, AttrEnc.Form, dwarf::DW_FORM_data8); 1201 return 1; 1202 } 1203 } 1204 1205 // A list of known index attributes and their expected form classes. 1206 // DW_IDX_type_hash is handled specially in the check above, as it has a 1207 // specific form (not just a form class) we should expect. 1208 struct FormClassTable { 1209 dwarf::Index Index; 1210 DWARFFormValue::FormClass Class; 1211 StringLiteral ClassName; 1212 }; 1213 static constexpr FormClassTable Table[] = { 1214 {dwarf::DW_IDX_compile_unit, DWARFFormValue::FC_Constant, {"constant"}}, 1215 {dwarf::DW_IDX_type_unit, DWARFFormValue::FC_Constant, {"constant"}}, 1216 {dwarf::DW_IDX_die_offset, DWARFFormValue::FC_Reference, {"reference"}}, 1217 {dwarf::DW_IDX_parent, DWARFFormValue::FC_Constant, {"constant"}}, 1218 }; 1219 1220 ArrayRef<FormClassTable> TableRef(Table); 1221 auto Iter = find_if(TableRef, [AttrEnc](const FormClassTable &T) { 1222 return T.Index == AttrEnc.Index; 1223 }); 1224 if (Iter == TableRef.end()) { 1225 warn() << formatv("NameIndex @ {0:x}: Abbreviation {1:x} contains an " 1226 "unknown index attribute: {2}.\n", 1227 NI.getUnitOffset(), Abbr.Code, AttrEnc.Index); 1228 return 0; 1229 } 1230 1231 if (!DWARFFormValue(AttrEnc.Form).isFormClass(Iter->Class)) { 1232 error() << formatv("NameIndex @ {0:x}: Abbreviation {1:x}: {2} uses an " 1233 "unexpected form {3} (expected form class {4}).\n", 1234 NI.getUnitOffset(), Abbr.Code, AttrEnc.Index, 1235 AttrEnc.Form, Iter->ClassName); 1236 return 1; 1237 } 1238 return 0; 1239 } 1240 1241 unsigned 1242 DWARFVerifier::verifyNameIndexAbbrevs(const DWARFDebugNames::NameIndex &NI) { 1243 if (NI.getLocalTUCount() + NI.getForeignTUCount() > 0) { 1244 warn() << formatv("Name Index @ {0:x}: Verifying indexes of type units is " 1245 "not currently supported.\n", 1246 NI.getUnitOffset()); 1247 return 0; 1248 } 1249 1250 unsigned NumErrors = 0; 1251 for (const auto &Abbrev : NI.getAbbrevs()) { 1252 StringRef TagName = dwarf::TagString(Abbrev.Tag); 1253 if (TagName.empty()) { 1254 warn() << formatv("NameIndex @ {0:x}: Abbreviation {1:x} references an " 1255 "unknown tag: {2}.\n", 1256 NI.getUnitOffset(), Abbrev.Code, Abbrev.Tag); 1257 } 1258 SmallSet<unsigned, 5> Attributes; 1259 for (const auto &AttrEnc : Abbrev.Attributes) { 1260 if (!Attributes.insert(AttrEnc.Index).second) { 1261 error() << formatv("NameIndex @ {0:x}: Abbreviation {1:x} contains " 1262 "multiple {2} attributes.\n", 1263 NI.getUnitOffset(), Abbrev.Code, AttrEnc.Index); 1264 ++NumErrors; 1265 continue; 1266 } 1267 NumErrors += verifyNameIndexAttribute(NI, Abbrev, AttrEnc); 1268 } 1269 1270 if (NI.getCUCount() > 1 && !Attributes.count(dwarf::DW_IDX_compile_unit)) { 1271 error() << formatv("NameIndex @ {0:x}: Indexing multiple compile units " 1272 "and abbreviation {1:x} has no {2} attribute.\n", 1273 NI.getUnitOffset(), Abbrev.Code, 1274 dwarf::DW_IDX_compile_unit); 1275 ++NumErrors; 1276 } 1277 if (!Attributes.count(dwarf::DW_IDX_die_offset)) { 1278 error() << formatv( 1279 "NameIndex @ {0:x}: Abbreviation {1:x} has no {2} attribute.\n", 1280 NI.getUnitOffset(), Abbrev.Code, dwarf::DW_IDX_die_offset); 1281 ++NumErrors; 1282 } 1283 } 1284 return NumErrors; 1285 } 1286 1287 static SmallVector<StringRef, 2> getNames(const DWARFDie &DIE, 1288 bool IncludeLinkageName = true) { 1289 SmallVector<StringRef, 2> Result; 1290 if (const char *Str = DIE.getName(DINameKind::ShortName)) 1291 Result.emplace_back(Str); 1292 else if (DIE.getTag() == dwarf::DW_TAG_namespace) 1293 Result.emplace_back("(anonymous namespace)"); 1294 1295 if (IncludeLinkageName) { 1296 if (const char *Str = DIE.getName(DINameKind::LinkageName)) { 1297 if (Result.empty() || Result[0] != Str) 1298 Result.emplace_back(Str); 1299 } 1300 } 1301 1302 return Result; 1303 } 1304 1305 unsigned DWARFVerifier::verifyNameIndexEntries( 1306 const DWARFDebugNames::NameIndex &NI, 1307 const DWARFDebugNames::NameTableEntry &NTE) { 1308 // Verifying type unit indexes not supported. 1309 if (NI.getLocalTUCount() + NI.getForeignTUCount() > 0) 1310 return 0; 1311 1312 const char *CStr = NTE.getString(); 1313 if (!CStr) { 1314 error() << formatv( 1315 "Name Index @ {0:x}: Unable to get string associated with name {1}.\n", 1316 NI.getUnitOffset(), NTE.getIndex()); 1317 return 1; 1318 } 1319 StringRef Str(CStr); 1320 1321 unsigned NumErrors = 0; 1322 unsigned NumEntries = 0; 1323 uint64_t EntryID = NTE.getEntryOffset(); 1324 uint64_t NextEntryID = EntryID; 1325 Expected<DWARFDebugNames::Entry> EntryOr = NI.getEntry(&NextEntryID); 1326 for (; EntryOr; ++NumEntries, EntryID = NextEntryID, 1327 EntryOr = NI.getEntry(&NextEntryID)) { 1328 uint32_t CUIndex = *EntryOr->getCUIndex(); 1329 if (CUIndex > NI.getCUCount()) { 1330 error() << formatv("Name Index @ {0:x}: Entry @ {1:x} contains an " 1331 "invalid CU index ({2}).\n", 1332 NI.getUnitOffset(), EntryID, CUIndex); 1333 ++NumErrors; 1334 continue; 1335 } 1336 uint64_t CUOffset = NI.getCUOffset(CUIndex); 1337 uint64_t DIEOffset = CUOffset + *EntryOr->getDIEUnitOffset(); 1338 DWARFDie DIE = DCtx.getDIEForOffset(DIEOffset); 1339 if (!DIE) { 1340 error() << formatv("Name Index @ {0:x}: Entry @ {1:x} references a " 1341 "non-existing DIE @ {2:x}.\n", 1342 NI.getUnitOffset(), EntryID, DIEOffset); 1343 ++NumErrors; 1344 continue; 1345 } 1346 if (DIE.getDwarfUnit()->getOffset() != CUOffset) { 1347 error() << formatv("Name Index @ {0:x}: Entry @ {1:x}: mismatched CU of " 1348 "DIE @ {2:x}: index - {3:x}; debug_info - {4:x}.\n", 1349 NI.getUnitOffset(), EntryID, DIEOffset, CUOffset, 1350 DIE.getDwarfUnit()->getOffset()); 1351 ++NumErrors; 1352 } 1353 if (DIE.getTag() != EntryOr->tag()) { 1354 error() << formatv("Name Index @ {0:x}: Entry @ {1:x}: mismatched Tag of " 1355 "DIE @ {2:x}: index - {3}; debug_info - {4}.\n", 1356 NI.getUnitOffset(), EntryID, DIEOffset, EntryOr->tag(), 1357 DIE.getTag()); 1358 ++NumErrors; 1359 } 1360 1361 auto EntryNames = getNames(DIE); 1362 if (!is_contained(EntryNames, Str)) { 1363 error() << formatv("Name Index @ {0:x}: Entry @ {1:x}: mismatched Name " 1364 "of DIE @ {2:x}: index - {3}; debug_info - {4}.\n", 1365 NI.getUnitOffset(), EntryID, DIEOffset, Str, 1366 make_range(EntryNames.begin(), EntryNames.end())); 1367 ++NumErrors; 1368 } 1369 } 1370 handleAllErrors(EntryOr.takeError(), 1371 [&](const DWARFDebugNames::SentinelError &) { 1372 if (NumEntries > 0) 1373 return; 1374 error() << formatv("Name Index @ {0:x}: Name {1} ({2}) is " 1375 "not associated with any entries.\n", 1376 NI.getUnitOffset(), NTE.getIndex(), Str); 1377 ++NumErrors; 1378 }, 1379 [&](const ErrorInfoBase &Info) { 1380 error() 1381 << formatv("Name Index @ {0:x}: Name {1} ({2}): {3}\n", 1382 NI.getUnitOffset(), NTE.getIndex(), Str, 1383 Info.message()); 1384 ++NumErrors; 1385 }); 1386 return NumErrors; 1387 } 1388 1389 static bool isVariableIndexable(const DWARFDie &Die, DWARFContext &DCtx) { 1390 Expected<std::vector<DWARFLocationExpression>> Loc = 1391 Die.getLocations(DW_AT_location); 1392 if (!Loc) { 1393 consumeError(Loc.takeError()); 1394 return false; 1395 } 1396 DWARFUnit *U = Die.getDwarfUnit(); 1397 for (const auto &Entry : *Loc) { 1398 DataExtractor Data(toStringRef(Entry.Expr), DCtx.isLittleEndian(), 1399 U->getAddressByteSize()); 1400 DWARFExpression Expression(Data, U->getAddressByteSize(), 1401 U->getFormParams().Format); 1402 bool IsInteresting = any_of(Expression, [](DWARFExpression::Operation &Op) { 1403 return !Op.isError() && (Op.getCode() == DW_OP_addr || 1404 Op.getCode() == DW_OP_form_tls_address || 1405 Op.getCode() == DW_OP_GNU_push_tls_address); 1406 }); 1407 if (IsInteresting) 1408 return true; 1409 } 1410 return false; 1411 } 1412 1413 unsigned DWARFVerifier::verifyNameIndexCompleteness( 1414 const DWARFDie &Die, const DWARFDebugNames::NameIndex &NI) { 1415 1416 // First check, if the Die should be indexed. The code follows the DWARF v5 1417 // wording as closely as possible. 1418 1419 // "All non-defining declarations (that is, debugging information entries 1420 // with a DW_AT_declaration attribute) are excluded." 1421 if (Die.find(DW_AT_declaration)) 1422 return 0; 1423 1424 // "DW_TAG_namespace debugging information entries without a DW_AT_name 1425 // attribute are included with the name “(anonymous namespace)”. 1426 // All other debugging information entries without a DW_AT_name attribute 1427 // are excluded." 1428 // "If a subprogram or inlined subroutine is included, and has a 1429 // DW_AT_linkage_name attribute, there will be an additional index entry for 1430 // the linkage name." 1431 auto IncludeLinkageName = Die.getTag() == DW_TAG_subprogram || 1432 Die.getTag() == DW_TAG_inlined_subroutine; 1433 auto EntryNames = getNames(Die, IncludeLinkageName); 1434 if (EntryNames.empty()) 1435 return 0; 1436 1437 // We deviate from the specification here, which says: 1438 // "The name index must contain an entry for each debugging information entry 1439 // that defines a named subprogram, label, variable, type, or namespace, 1440 // subject to ..." 1441 // Explicitly exclude all TAGs that we know shouldn't be indexed. 1442 switch (Die.getTag()) { 1443 // Compile units and modules have names but shouldn't be indexed. 1444 case DW_TAG_compile_unit: 1445 case DW_TAG_module: 1446 return 0; 1447 1448 // Function and template parameters are not globally visible, so we shouldn't 1449 // index them. 1450 case DW_TAG_formal_parameter: 1451 case DW_TAG_template_value_parameter: 1452 case DW_TAG_template_type_parameter: 1453 case DW_TAG_GNU_template_parameter_pack: 1454 case DW_TAG_GNU_template_template_param: 1455 return 0; 1456 1457 // Object members aren't globally visible. 1458 case DW_TAG_member: 1459 return 0; 1460 1461 // According to a strict reading of the specification, enumerators should not 1462 // be indexed (and LLVM currently does not do that). However, this causes 1463 // problems for the debuggers, so we may need to reconsider this. 1464 case DW_TAG_enumerator: 1465 return 0; 1466 1467 // Imported declarations should not be indexed according to the specification 1468 // and LLVM currently does not do that. 1469 case DW_TAG_imported_declaration: 1470 return 0; 1471 1472 // "DW_TAG_subprogram, DW_TAG_inlined_subroutine, and DW_TAG_label debugging 1473 // information entries without an address attribute (DW_AT_low_pc, 1474 // DW_AT_high_pc, DW_AT_ranges, or DW_AT_entry_pc) are excluded." 1475 case DW_TAG_subprogram: 1476 case DW_TAG_inlined_subroutine: 1477 case DW_TAG_label: 1478 if (Die.findRecursively( 1479 {DW_AT_low_pc, DW_AT_high_pc, DW_AT_ranges, DW_AT_entry_pc})) 1480 break; 1481 return 0; 1482 1483 // "DW_TAG_variable debugging information entries with a DW_AT_location 1484 // attribute that includes a DW_OP_addr or DW_OP_form_tls_address operator are 1485 // included; otherwise, they are excluded." 1486 // 1487 // LLVM extension: We also add DW_OP_GNU_push_tls_address to this list. 1488 case DW_TAG_variable: 1489 if (isVariableIndexable(Die, DCtx)) 1490 break; 1491 return 0; 1492 1493 default: 1494 break; 1495 } 1496 1497 // Now we know that our Die should be present in the Index. Let's check if 1498 // that's the case. 1499 unsigned NumErrors = 0; 1500 uint64_t DieUnitOffset = Die.getOffset() - Die.getDwarfUnit()->getOffset(); 1501 for (StringRef Name : EntryNames) { 1502 if (none_of(NI.equal_range(Name), [&](const DWARFDebugNames::Entry &E) { 1503 return E.getDIEUnitOffset() == DieUnitOffset; 1504 })) { 1505 error() << formatv("Name Index @ {0:x}: Entry for DIE @ {1:x} ({2}) with " 1506 "name {3} missing.\n", 1507 NI.getUnitOffset(), Die.getOffset(), Die.getTag(), 1508 Name); 1509 ++NumErrors; 1510 } 1511 } 1512 return NumErrors; 1513 } 1514 1515 unsigned DWARFVerifier::verifyDebugNames(const DWARFSection &AccelSection, 1516 const DataExtractor &StrData) { 1517 unsigned NumErrors = 0; 1518 DWARFDataExtractor AccelSectionData(DCtx.getDWARFObj(), AccelSection, 1519 DCtx.isLittleEndian(), 0); 1520 DWARFDebugNames AccelTable(AccelSectionData, StrData); 1521 1522 OS << "Verifying .debug_names...\n"; 1523 1524 // This verifies that we can read individual name indices and their 1525 // abbreviation tables. 1526 if (Error E = AccelTable.extract()) { 1527 error() << toString(std::move(E)) << '\n'; 1528 return 1; 1529 } 1530 1531 NumErrors += verifyDebugNamesCULists(AccelTable); 1532 for (const auto &NI : AccelTable) 1533 NumErrors += verifyNameIndexBuckets(NI, StrData); 1534 for (const auto &NI : AccelTable) 1535 NumErrors += verifyNameIndexAbbrevs(NI); 1536 1537 // Don't attempt Entry validation if any of the previous checks found errors 1538 if (NumErrors > 0) 1539 return NumErrors; 1540 for (const auto &NI : AccelTable) 1541 for (const DWARFDebugNames::NameTableEntry &NTE : NI) 1542 NumErrors += verifyNameIndexEntries(NI, NTE); 1543 1544 if (NumErrors > 0) 1545 return NumErrors; 1546 1547 for (const std::unique_ptr<DWARFUnit> &U : DCtx.compile_units()) { 1548 if (const DWARFDebugNames::NameIndex *NI = 1549 AccelTable.getCUNameIndex(U->getOffset())) { 1550 auto *CU = cast<DWARFCompileUnit>(U.get()); 1551 for (const DWARFDebugInfoEntry &Die : CU->dies()) 1552 NumErrors += verifyNameIndexCompleteness(DWARFDie(CU, &Die), *NI); 1553 } 1554 } 1555 return NumErrors; 1556 } 1557 1558 bool DWARFVerifier::handleAccelTables() { 1559 const DWARFObject &D = DCtx.getDWARFObj(); 1560 DataExtractor StrData(D.getStrSection(), DCtx.isLittleEndian(), 0); 1561 unsigned NumErrors = 0; 1562 if (!D.getAppleNamesSection().Data.empty()) 1563 NumErrors += verifyAppleAccelTable(&D.getAppleNamesSection(), &StrData, 1564 ".apple_names"); 1565 if (!D.getAppleTypesSection().Data.empty()) 1566 NumErrors += verifyAppleAccelTable(&D.getAppleTypesSection(), &StrData, 1567 ".apple_types"); 1568 if (!D.getAppleNamespacesSection().Data.empty()) 1569 NumErrors += verifyAppleAccelTable(&D.getAppleNamespacesSection(), &StrData, 1570 ".apple_namespaces"); 1571 if (!D.getAppleObjCSection().Data.empty()) 1572 NumErrors += verifyAppleAccelTable(&D.getAppleObjCSection(), &StrData, 1573 ".apple_objc"); 1574 1575 if (!D.getNamesSection().Data.empty()) 1576 NumErrors += verifyDebugNames(D.getNamesSection(), StrData); 1577 return NumErrors == 0; 1578 } 1579 1580 raw_ostream &DWARFVerifier::error() const { return WithColor::error(OS); } 1581 1582 raw_ostream &DWARFVerifier::warn() const { return WithColor::warning(OS); } 1583 1584 raw_ostream &DWARFVerifier::note() const { return WithColor::note(OS); } 1585 1586 raw_ostream &DWARFVerifier::dump(const DWARFDie &Die, unsigned indent) const { 1587 Die.dump(OS, indent, DumpOpts); 1588 return OS; 1589 } 1590