CN103559123B - Based on function call stack analytical approach and the device of vxworks operating system - Google Patents

Based on function call stack analytical approach and the device of vxworks operating system Download PDF

Info

Publication number
CN103559123B
CN103559123B CN201310506592.XA CN201310506592A CN103559123B CN 103559123 B CN103559123 B CN 103559123B CN 201310506592 A CN201310506592 A CN 201310506592A CN 103559123 B CN103559123 B CN 103559123B
Authority
CN
China
Prior art keywords
value
function
stack
instruction
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310506592.XA
Other languages
Chinese (zh)
Other versions
CN103559123A (en
Inventor
曾颜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fiberhome Telecommunication Technologies Co Ltd
Original Assignee
Fiberhome Telecommunication Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fiberhome Telecommunication Technologies Co Ltd filed Critical Fiberhome Telecommunication Technologies Co Ltd
Priority to CN201310506592.XA priority Critical patent/CN103559123B/en
Publication of CN103559123A publication Critical patent/CN103559123A/en
Application granted granted Critical
Publication of CN103559123B publication Critical patent/CN103559123B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Debugging And Monitoring (AREA)
  • Executing Machine-Instructions (AREA)

Abstract

The invention discloses a kind of function call stack analytical approach based on vxworks operating system and device, relate to function call stack analysis field, the method comprises the following steps: main frame is to the TCB information of target machine request task t1, and target machine returns the TCB information of task t1; Main frame gets SP value, PC value, RA value from the TCB information returned, and information is to the information of target machine request stack space according at the bottom of SP value and stack for main frame, and target machine returns corresponding stack information; Main frame, according to the TCB information of target machine, the information of stack space and dis-assembling file, carries out the analysis of function call stack.The present invention can parse the function name of local functions, find the Article 1 instruction of PC value institute membership fuction easily, under the scene not having feature instruction, also the analysis of function call stack can be carried out, simultaneously can not also by the restriction of target machine resource, complete function call stack is provided, is conducive to localizing faults and exception.

Description

Based on function call stack analytical approach and the device of vxworks operating system
Technical field
The present invention relates to function call stack analysis field, particularly relate to a kind of function call stack analytical approach based on vxworks operating system and device.
Background technology
In computer science, stack is defined as a special container, and its rule observed is popped after first stacked data.Data can be pressed in stack by user, namely stacked, also the data be pressed in stack can be ejected, namely pop.Stack has very important status in program is run, most important, stack saves the maintenance information required for a function call, and this is usually called as stack frame, the stack frame of a function takies a continuous print region, and each stack frame corresponds to the function that does not complete operation.When function starts, corresponding stack frame intactly establishes; When function exits, this function stack frame will be destroyed.Because function call is normally nested, therefore at synchronization, have the stack frame information of multiple function in stack, call stack is exactly that the stack frame used by multiple nesting allocation function forms.
Call stack embodies function calling relationship, is also a function call chain.Such as, function f 1call function f 2, function f 2call function f 3, then f 1→ f 2→ f 3it is exactly a call stack.Wherein for function f 1call function f 2, f 1for caller, f 2for callee.In the running software of reality, call relation between a function to another function may exist and multiplely calls situation, this call stack can not pre-determine, therefore when program occur abnormal, mistake detected or by breakpoint inter rupt time, need the call stack checking current function, to determine the abnormal scene occurred.This is also a common method of software debugging.
Below with the MIPS(Microprocessorwithoutinterlockedpipedstages of 32, microprocessor without inner interlocked pipelining-stage) system is example, the ultimate principle that prior art function call stack is analyzed is described, the function call stack analytical approach of other system is also similar.MIPS has 32 general-purpose registers, wherein SP(StackPointer, stack pointer) register, RA(ReturnAddress, return address) register and PC(ProgramCounter, programmable counter) register plays important role.Convenient in order to describe, the content in SP register, RA register, PC register is called SP value, RA value, PC value in the present invention.Because MIPS only just adjusts SP value in the moment that function enters and exits usually, therefore the ultimate principle of MIPS minor function call stack analysis is: the code command on evaluating objects machine, obtain the SP value of current task, PC value and RA value, instruction address scan forward instruction from PC value, until search the feature instruction of function entrance, determine the stack frame sign of function, calculate the stack pointer of caller thus.Search for RA value and the access instruction of RA on stack simultaneously, analyze the return address of callee, thus obtain the address of caller.Obtain the complete function call chain of current task by that analogy.For each function address, search the symbol table in kernel, thus obtain the title of function.
General debugger can provide the instrument checking function call stack.Such as under VxWorks system, can by an order: displayastacktraceofatask(shows the stack trace of a task), hereinafter referred tt order, check the function call stack of task, this order can run directly on target machine, and other system also has similar debug command.
But following problem may be there is in these debug commands:
(1) symbol table of VxWorks dynamically deposits in systems in which, and what usual VxWorks image file loaded is globak symbol, and local symbol does not load.When call stack is analyzed, the function name parsed is overall situation function name, local functions name can not be parsed, its local functions name adds address offset to identify by overall situation function name, therefore, VxWorks target machine when utilizing tt order to run the program of function call stack analysis, cannot provide the function name of local functions accurately.
(2) in prior art, the Measures compare that target machine is searched by PC value the Article 1 instruction of PC institute membership fuction is loaded down with trivial details, simultaneously or insecure, because its supposed premise also has function before this function.
(3) call stack analysis depends on feature instruction, and such as: assembly subroutine embedded under MIPS system may not have explicit to enter stack instruction, then the content cannot carrying out the analysis of call stack or analysis is incorrect.
(4) order of call stack analysis mostly operates on target machine, in embedded systems, due to the resource-constrained of target machine, to the size of the single function that can follow the tracks of and the function call degree of depth that can follow the tracks of all restricted, therefore when function size has exceeded the instruction length of following the tracks of of systemic presupposition, or when the degree of depth of function call has exceeded the degree of depth of systemic presupposition, then the function call stack information obtained is imperfect.
Summary of the invention
The object of the invention is the deficiency in order to overcome above-mentioned background technology, a kind of function call stack analytical approach based on vxworks operating system and device are provided, the function name of local functions can be parsed, find the Article 1 instruction of PC value institute membership fuction easily, do not have feature instruction such as explicit enter the scene of stack instruction under, also can carry out the analysis of function call stack, simultaneously can not also by the restriction of target machine resource, complete function call stack is provided, is conducive to localizing faults and exception.
The invention provides a kind of function call stack analytical approach based on vxworks operating system, comprise the following steps:
The performed link form ELF file that S1, the VxWorks inputting the current operation of target machine on main frame are videoed, generates the symbol table file of image file simultaneously on main frame;
S2, supposition need the task of carrying out the analysis of function call stack to be t1, and main frame issues request command to target machine: suspended task t1, and target machine performs this order;
S3, main frame are to the task control block (TCB) TCB information of target machine request task t1, and target machine returns the TCB information of task t1, comprise at the bottom of general-purpose register information, stack and stack size;
S4, main frame get stack pointer SP value, PC value of program counter, return address RA value from the TCB information returned, what the microprocessor MIPS stack space without inner interlocked pipelining-stage adopted is the mode increased downwards, at high address at the bottom of stack, during operation, SP value is exactly the stack pointer of current function, what its pointed to is the position of stack top, the content deposited in each stack frame and deposit order and defined by the calling convention of complex framework; Current SP value is the SP value that program runs to current state, and the SP value of function entrance point is then enter SP value when this function does not also perform the instruction of function Article 1;
S5, main frame according to the information of information at the bottom of SP value and stack to target machine request stack space, the stack top of the stack information of asking pointed by SP value at the bottom of stack between memory headroom information, target machine returns corresponding stack information;
S6, main frame are according to the TCB information of target machine, and the information of stack space and dis-assembling file, carry out the analysis of function call stack;
S7, main frame issue request command to target machine: recover to need the task t1 of carrying out the analysis of function call stack, target machine performs this order.
On the basis of technique scheme, function call stack analysis in step S6 is the process of a recurrence, when carrying out the analysis of top-level function call stack, PC value and SP value are respectively PC value in the TCB information that target machine returns and SP value, in follow-up recursive procedure, the analysis of every one deck then depends on the new PC value and SP value that last layer generates, until SP value arrives at the bottom of stack.
On the basis of technique scheme, the function call stack analytic process in step S6 is as follows:
Step 601, judge whether SP value arrives at the bottom of stack, if so, then forward step 602 to; If not, then step 603 is forwarded to;
Step 602, be connected in series function f unc formation function call chain belonging to every one deck PC value, terminate;
Step 603, search affiliated function address and function name according to PC value, concrete search procedure is: in symbol table file, search address be no more than and closest to PC value function address and function name, this function be designated as func; Forward step 604 to;
Step 604, utilize existing instrument to obtain the assembly instruction of function f unc, forward step 605 to;
Step 605, the acquisition SP value of function f unc entrance and the return address of function f unc, and calculate new PC value and SP value, wherein new PC value is the value of return address RA value after calculating of function f unc, the return address of function f unc and the caller address of function f unc, new SP value is the SP value of function f unc entrance; Return step 601.
On the basis of technique scheme, step 605 specifically comprises the following steps:
Step 6051, from the Article 1 instruction of function, scan every bar instruction one by one;
Whether the present instruction that step 6052, judgement scan meets one of four kinds of situations below:
The stacked adjustment instruction of (a) SP;
(b) RA holding instruction on stack;
The recovery instruction of (c) RA on stack or register jump instruction;
D () SP pops adjustment instruction;
If met, then forward step 6053 to; If do not met, be other instruction, forward step 6055 to;
Step 6053, according to above-mentioned four kinds of situations and the address of current scanned present instruction and the magnitude relationship of PC value, the SP value of computing function entrance or acquisition function RA value respectively:
The stacked adjustment instruction of (a) SP:
The size of computing function stack frame, compares address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the size of the SP value=current SP value+function stack frame of function entrance point; Otherwise, the SP value=current SP value of function entrance point;
(b) RA holding instruction on stack:
Compare address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the RA value on function RA value=stack, add the preservation address of offset address as RA of relative SP value in instruction by current SP value, thus obtain RA value; Otherwise, the RA value in function RA value=current TCB information;
The recovery instruction of (c) RA on stack or register jump instruction:
Compare address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the RA value in function RA value=current TCB information; Otherwise the RA value on function RA value=stack, adds the preservation address of offset address as RA of relative SP value in instruction by current SP value, thus obtain RA value;
D () SP pops adjustment instruction:
The size of computing function stack frame, compares address and the PC value of scanned present instruction simultaneously, if the address of the present instruction scanned is less than PC value, then: the SP value=current SP value of function entrance point; Otherwise, the size of the SP value=current SP value+function stack frame of function entrance point;
Step 6054, judge whether the SP value and the function RA value that get function entrance point, if meet, then forward step 6056 to, otherwise, go to step 6055;
Step 6055, continue to scan next instruction until the instruction scan of function f unc terminates.
Step 6056, using the return address of function and RA value after calculating as new PC value, in MIPS system, RA value is deducted as new PC value after 8, using the SP value of function f unc entrance as new SP value.
On the basis of technique scheme, in step 6052, the implication of Partial Feature instruction is as follows:
Shape is as addiu sp, and the instruction of sp, x is SP value adjustment instruction, and be exactly the size of function stack frame after the value of x carries out sign extended, when x is negative value, this instruction represents the stacked adjustment instruction of SP, x be on the occasion of time, this instruction represents that SP pops adjustment instruction;
The instruction of shape as sw $ ra, x ($ sp) is RA holding instruction on stack, for the content of RA register is saved in stack;
The instruction of shape as lw $ ra, x ($ sp) is the recovery instruction of RA on stack, for the content recovery that will stack be preserved in RA register;
The instruction of shape as jr $ ra is register jump instruction, and function passes back through this instruction and completes.
The present invention also provides a kind of function call stack analytical equipment based on vxworks operating system, and comprise main frame and target machine, main frame sends operational order to target machine, analyzes data and shows result data; Target machine performs the operational order of main frame and returns actual running status;
Main frame inputs the performed link form ELF file of the VxWorks reflection of the current operation of target machine, on main frame, generates the symbol table file of image file simultaneously;
Assuming that need the task of carrying out the analysis of function call stack to be t1, main frame issues request command to target machine: suspended task t1, and target machine performs this order;
Main frame is to the task control block (TCB) TCB information of target machine request task t1, and target machine returns the TCB information of task t1, comprises at the bottom of general-purpose register information, stack and stack size;
Main frame gets stack pointer SP value, PC value of program counter, return address RA value from the TCB information returned, what the microprocessor MIPS stack space without inner interlocked pipelining-stage adopted is the mode increased downwards, at high address at the bottom of stack, during operation, SP value is exactly the stack pointer of current function, what its pointed to is the position of stack top, the content deposited in each stack frame and deposit order and defined by the calling convention of complex framework; Current SP value is the SP value that program runs to current state, and the SP value of function entrance point is then enter SP value when this function does not also perform the instruction of function Article 1;
Main frame according to the information of information at the bottom of SP value and stack to target machine request stack space, the stack top of the stack information of asking pointed by SP value at the bottom of stack between memory headroom information, target machine returns corresponding stack information;
Main frame is according to the TCB information of target machine, and the information of stack space and dis-assembling file, carry out the analysis of function call stack;
Main frame issues request command to target machine: recover to need the task t1 of carrying out the analysis of function call stack, target machine performs this order.
On the basis of technique scheme, the analysis of described function call stack is the process of a recurrence, when carrying out the analysis of top-level function call stack, PC value and SP value are respectively PC value in the TCB information that target machine returns and SP value, in follow-up recursive procedure, the analysis of every one deck then depends on the new PC value and SP value that last layer generates, until SP value arrives at the bottom of stack.
On the basis of technique scheme, described function call stack analytic process is as follows:
Step 601, judge whether SP value arrives at the bottom of stack, if so, then forward step 602 to; If not, then step 603 is forwarded to;
Step 602, be connected in series function f unc formation function call chain belonging to every one deck PC value, terminate;
Step 603, search affiliated function address and function name according to PC value, concrete search procedure is: in symbol table file, search address be no more than and closest to PC value function address and function name, this function be designated as func; Forward step 604 to;
Step 604, utilize existing instrument to obtain the assembly instruction of function f unc, forward step 605 to;
Step 605, the acquisition SP value of function f unc entrance and the return address of function f unc, and calculate new PC value and SP value, wherein new PC value is the value of return address RA value after calculating of function f unc, the return address of function f unc and the caller address of function f unc, new SP value is the SP value of function f unc entrance; Return step 601.
On the basis of technique scheme, step 605 specifically comprises the following steps:
Step 6051, from the Article 1 instruction of function, scan every bar instruction one by one;
Whether the present instruction that step 6052, judgement scan meets one of four kinds of situations below:
The stacked adjustment instruction of (a) SP;
(b) RA holding instruction on stack;
The recovery instruction of (c) RA on stack or register jump instruction;
D () SP pops adjustment instruction;
If met, then forward step 6053 to; If do not met, be other instruction, forward step 6055 to;
Step 6053, according to above-mentioned four kinds of situations and the address of current scanned present instruction and the magnitude relationship of PC value, the SP value of computing function entrance or acquisition function RA value respectively:
The stacked adjustment instruction of (a) SP:
The size of computing function stack frame, compares address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the size of the SP value=current SP value+function stack frame of function entrance point; Otherwise, the SP value=current SP value of function entrance point;
(b) RA holding instruction on stack:
Compare address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the RA value on function RA value=stack, add the preservation address of offset address as RA of relative SP value in instruction by current SP value, thus obtain RA value; Otherwise, the RA value in function RA value=current TCB information;
The recovery instruction of (c) RA on stack or register jump instruction:
Compare address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the RA value in function RA value=current TCB information; Otherwise the RA value on function RA value=stack, adds the preservation address of offset address as RA of relative SP value in instruction by current SP value, thus obtain RA value;
D () SP pops adjustment instruction:
The size of computing function stack frame, compares address and the PC value of scanned present instruction simultaneously, if the address of the present instruction scanned is less than PC value, then: the SP value=current SP value of function entrance point; Otherwise, the size of the SP value=current SP value+function stack frame of function entrance point;
Step 6054, judge whether the SP value and the function RA value that get function entrance point, if meet, then forward step 6056 to, otherwise, go to step 6055;
Step 6055, continue to scan next instruction until the instruction scan of function f unc terminates.
Step 6056, using the return address of function and RA value after calculating as new PC value, in MIPS system, RA value is deducted as new PC value after 8, using the SP value of function f unc entrance as new SP value.
On the basis of technique scheme, in step 6052, the implication of Partial Feature instruction is as follows:
Shape is as addiu sp, and the instruction of sp, x is SP value adjustment instruction, and be exactly the size of function stack frame after the value of x carries out sign extended, when x is negative value, this instruction represents the stacked adjustment instruction of SP, x be on the occasion of time, this instruction represents that SP pops adjustment instruction;
The instruction of shape as sw $ ra, x ($ sp) is RA holding instruction on stack, for the content of RA register is saved in stack;
The instruction of shape as lw $ ra, x ($ sp) is the recovery instruction of RA on stack, for the content recovery that will stack be preserved in RA register;
The instruction of shape as jr $ ra is register jump instruction, and function passes back through this instruction and completes.
Compared with prior art, advantage of the present invention is as follows:
(1) the present invention utilizes the image file of compiling to parse the function name of local functions, accurately searches globak symbol and local symbol, i.e. overall situation function name and local function name.
(2) the corresponding given PC value of the present invention, searches address and is no more than and closest to the function address of PC value, gets the Article 1 instruction address of PC register institute membership fuction in symbol table file.Because main frame can check ELF(ExecutableandLinkableFormat by instrument, link form can be performed) symbol table of file, therefore, it is possible to obtain function address more accurately.
(3) the present invention carry out function call stack analyze time instruction scan time, no matter more whether this instruction and PC value are performed scanning search all downwards to characteristic of correspondence instruction, thus obtain the stack frame sign of function, the SP value of computing function entrance thus, do not have feature instruction such as explicit enter the scene of stack instruction under, also can carry out the analysis of function call stack.
(4) the present invention is in the analysis of the enterprising line function call stack of main frame, compare target machine, its resource is unconfined, the size comprising the single function that can follow the tracks of and the function call degree of depth that can follow the tracks of, therefore can not by the restriction of target machine resource, complete function call stack is provided, is conducive to localizing faults and exception.
Accompanying drawing explanation
Fig. 1 is the mutual schematic diagram in the embodiment of the present invention between main frame and target machine.
Fig. 2 is the structural representation of the stack frame of MIPS system minor function.
Fig. 3 is the recursive procedure process flow diagram that in the embodiment of the present invention, function call stack is analyzed.
Fig. 4 is that in the recursive procedure of function call stack analysis in the embodiment of the present invention, each level calculates new PC value and the process flow diagram of SP value.
Embodiment
Below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
The embodiment of the present invention provides a kind of function call stack analytical equipment based on vxworks operating system, and comprise main frame and target machine, main frame is generally PC, is mainly used to send operational order to target machine, analyzes data and shows result data; Target machine is then mainly used to perform the operational order of main frame and return the running status of reality.
Shown in Figure 1, the embodiment of the present invention provides a kind of function call stack analytical approach based on vxworks operating system, comprises the following steps:
The ELF file that S1, the VxWorks inputting the current operation of target machine on main frame are videoed, utilizes existing instrument on main frame, generate the symbol table file of image file simultaneously.
S2, supposition need the task of carrying out the analysis of function call stack to be t1, and main frame issues request command to target machine: suspended task t1, and target machine performs this order.
S3, main frame to the TCB(TaskControlBlock of target machine request task t1, task control block (TCB)) information, target machine returns the TCB information of task t1, comprises at the bottom of general-purpose register information, stack and the information such as stack size.
S4, main frame get the value of the general-purpose registers such as SP value, PC value, RA value from the TCB information returned.Fig. 2 shows typical MIPS stack frame organizational form, and what MIPS stack space adopted is the mode increased downwards, and at high address at the bottom of stack, during operation, SP value is exactly the stack pointer of current function (callee), its sensing be the position of stack top.The content deposited in each stack frame is sequentially defined by the calling convention of complex framework with depositing.In Fig. 2, the stack frame of current function represents this function self stack space used, and the region above it belongs to caller.Region in stack frame is all optional.General-purpose register generally preserves RA, GP(GlobalPointer as required, global pointer), FP(FramePointer, frame pointer) etc. the register information of caller.Under normal circumstances, MIPS system only just adjusts SP value in the moment that function enters and exits.Current SP value is the SP value that program runs to current state, and the SP value of function entrance point is then enter SP value when this function does not also perform the instruction of function Article 1.
S5, main frame according to the information of information at the bottom of SP value and stack to target machine request stack space, the stack top of the stack information of asking pointed by SP value at the bottom of stack between memory headroom information, target machine returns corresponding stack information.
S6, main frame are according to the TCB information of target machine, and the information of stack space and dis-assembling file, carry out the analysis of function call stack according to the method shown in Fig. 3.
S7, main frame issue request command to target machine: recover to need the task t1 of carrying out the analysis of function call stack, target machine performs this order.
Function call stack analysis in step S6 is the process of a recurrence, when carrying out the analysis of top-level function call stack, PC value and SP value are respectively PC value in the TCB information that target machine returns and SP value, in follow-up recursive procedure, the analysis of every one deck then depends on the new PC value and SP value that last layer generates, until SP value arrives at the bottom of stack.
Shown in Figure 3, the function call stack analytic process in step S6 is as follows:
Step 601, judge whether SP value arrives at the bottom of stack, if so, then forward step 602 to; If not, then step 603 is forwarded to;
Step 602, be connected in series function f unc formation function call chain belonging to every one deck PC value, terminate;
Step 603, search affiliated function address and function name according to PC value, concrete search procedure is: in symbol table file, search address be no more than and closest to PC value function address and function name, this function be designated as func; Forward step 604 to;
Step 604, utilize existing instrument to obtain the assembly instruction of function f unc, forward step 605 to;
Step 605, the acquisition SP value of function f unc entrance and the return address of function f unc, and calculate new PC value and SP value, wherein new PC value is the value of return address (i.e. RA value) after calculating of function f unc, the return address of function f unc and the caller address of function f unc, new SP value is the SP value of function f unc entrance; Return step 601;
Shown in Figure 4, step 605 specifically comprises the following steps:
Step 6051, from the Article 1 instruction of function, scan every bar instruction one by one;
Whether the present instruction that step 6052, judgement scan meets one of four kinds of situations below:
The stacked adjustment instruction of (a) SP;
(b) RA holding instruction on stack;
The recovery instruction of (c) RA on stack or register jump instruction;
D () SP pops adjustment instruction;
If met, then forward step 6053 to; If do not met, be other instruction, forward step 6055 to;
Step 6053, according to above-mentioned four kinds of situations and the address of current scanned present instruction and the magnitude relationship of PC value, the SP value of computing function entrance or acquisition function RA value respectively:
The stacked adjustment instruction of (a) SP:
The size of computing function stack frame, compares address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the size of the SP value=current SP value+function stack frame of function entrance point; Otherwise, the SP value=current SP value of function entrance point;
(b) RA holding instruction on stack:
Compare address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the RA value on function RA value=stack, add the preservation address of offset address as RA of relative SP value in instruction by current SP value, thus obtain RA value; Otherwise, the RA value in function RA value=current TCB information;
The recovery instruction of (c) RA on stack or register jump instruction:
Compare address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the RA value in function RA value=current TCB information; Otherwise the RA value on function RA value=stack, adds the preservation address of offset address as RA of relative SP value in instruction by current SP value, thus obtain RA value;
D () SP pops adjustment instruction:
The size of computing function stack frame, compares address and the PC value of scanned present instruction simultaneously, if the address of the present instruction scanned is less than PC value, then: the SP value=current SP value of function entrance point; Otherwise, the size of the SP value=current SP value+function stack frame of function entrance point;
Step 6054, judge whether the SP value and the function RA value that get function entrance point, if meet, then forward step 6056 to, otherwise, go to step 6055;
Step 6055, continue to scan next instruction until the instruction scan of function f unc terminates.
Step 6056, using the return address of function and RA value after calculating as new PC value, in MIPS system, need RA value to be deducted as new PC value after 8, using the SP value of function f unc entrance as new SP value;
In order to description of step 6052 in further detail, the implication of supplementary notes Partial Feature instruction:
Shape is as addiu $ sp, and the instruction of $ sp, x is SP value adjustment instruction, be exactly the size of function stack frame after the value of usual x carries out sign extended, when x is negative value, the stacked adjustment instruction of this instruction ordinary representation SP, x be on the occasion of time, this instruction ordinary representation SP pops adjustment instruction;
The instruction of shape as sw $ ra, x ($ sp) is RA holding instruction on stack, for the content of RA register is saved in stack;
The instruction that shape is as such in lw $ ra, x ($ sp) is the recovery instruction of RA on stack, for the content recovery that will stack be preserved in RA register;
The instruction of shape as jr $ ra is register jump instruction, and general function passes back through this instruction and completes.
The assembly instruction of function is divided into four kinds of scenes to be below described by the embodiment of the present invention, and in each scene, every bar assembly instruction arranges from left to right and is followed successively by instruction address, instruction binary code, pseudoinstruction.
(1) all have explicit SP at the entrance and exit of function and adjust instruction and the access instruction of RA on stack, assembly instruction is as follows:
80a79a64:27bdffb8addiu$sp,$sp,-72
……
80a79a7c:afbf0030sw$ra,48($sp)
……
80a79cd0:8fbf0030lw$ra,48($sp)
……
80a79ce8:03e00008jr$ra
80a79cec:27bd0048addiu$sp,$sp,72
(2) only have explicit SP in the outlet of function and adjust instruction, such as embedded under MIPS system assembly subroutine, assembly instruction is as follows:
8099c094:40886000mtc0$t0,$12
8099c098:000000c0sll$zero,$zero,0x3
……
8099c0d0:8fbf0018lw$ra,24($sp)
8099c0d4:03e00008jr$ra
8099c0d8:27bd0020addiu$sp,$sp,32
(3) only at the entrance of function, there is explicit SP and adjust instruction.Such as when function body is infinite loop, assembly instruction is as follows:
8086c534:27bdffc8addiu$sp,$sp,-56
8086c538:afbf0034sw$ra,52($sp)
……
8086c550:27c20018addiu$v0,$s8,24
……
8086c844:0821b154j8086c550
8086c848:00000000nop
(4) explicit SP is not all had to adjust instruction at the entrance and exit of function.Such as:
……
80101770:03e00008jr$ra
……
The principle of the embodiment of the present invention is elaborated as follows:
The embodiment of the present invention introduces the use of main frame, moved on main frame by the original call stack routine analyzer run on target machine and run, main frame completes the analysis of function call stack by the TCB information of current operation on static analysis ELF file and Dynamic Acquisition target machine and stack information.The executable file that the method is generated by static linkage mode under being applicable to vxworks operating system, because executable file is actually mapped Virtual Space, so in fact this executable ELF file is exactly VxWorks image file when loading.In VxWorks system, virtual address and the physical address of program program when loading of most of static linkage are identical.In the prior art, the call stack analysis of target machine is all with the instruction of current PC value straight line, until find the Article 1 instruction of this function, obviously for scene 2, is the Article 1 instruction being difficult to determine function, thus the failure causing call stack to analyze.And in the present invention, the Article 1 instruction of function can be obtained according to the instrument of main frame, and scan from the Article 1 instruction of function, no matter more whether this instruction and PC value are performed each instruction of scanning function downwards all successively, until search characteristic of correspondence instruction, thus obtain the stack frame sign of function, the SP value of computing function entrance thus, even if function does not have explicit to enter stack instruction like this, also call stack analysis can be carried out.Obtain the return address of function according to feature instruction, whether the return address of function may be stored in RA register, also may be stored on stack, be performed according to different feature instructions and this instruction and determine simultaneously.
Those skilled in the art can carry out various modifications and variations to the embodiment of the present invention, if these amendments and modification are within the scope of the claims in the present invention and equivalent technologies thereof, then these revise and modification also within protection scope of the present invention.
The prior art that the content do not described in detail in instructions is known to the skilled person.

Claims (10)

1., based on a function call stack analytical approach for vxworks operating system, it is characterized in that, comprise the following steps:
The performed link form ELF file that S1, the VxWorks inputting the current operation of target machine on main frame are videoed, generates the symbol table file of image file simultaneously on main frame;
S2, supposition need the task of carrying out the analysis of function call stack to be t1, and main frame issues request command to target machine: suspended task t1, and target machine performs this order;
S3, main frame are to the task control block (TCB) TCB information of target machine request task t1, and target machine returns the TCB information of task t1, comprise at the bottom of general-purpose register information, stack and stack size;
S4, main frame get stack pointer SP value, PC value of program counter, return address RA value from the TCB information returned, what the microprocessor MIPS stack space without inner interlocked pipelining-stage adopted is the mode increased downwards, at high address at the bottom of stack, during operation, SP value is exactly the stack pointer of current function, what its pointed to is the position of stack top, the content deposited in each stack frame and deposit order and defined by the calling convention of complex framework; Current SP value is the SP value that program runs to current state, and the SP value of function entrance point is then enter SP value when this function does not also perform the instruction of function Article 1;
S5, main frame according to the information of information at the bottom of SP value and stack to target machine request stack space, the stack top of the stack information of asking pointed by SP value at the bottom of stack between memory headroom information, target machine returns corresponding stack information;
S6, main frame are according to the TCB information of target machine, and the information of stack space and dis-assembling file, carry out the analysis of function call stack;
S7, main frame issue request command to target machine: recover to need the task t1 of carrying out the analysis of function call stack, target machine performs this order.
2. as claimed in claim 1 based on the function call stack analytical approach of vxworks operating system, it is characterized in that: the function call stack analysis in step S6 is the process of a recurrence, when carrying out the analysis of top-level function call stack, PC value and SP value are respectively PC value in the TCB information that target machine returns and SP value, in follow-up recursive procedure, the analysis of every one deck then depends on the new PC value and SP value that last layer generates, until SP value arrives at the bottom of stack.
3., as claimed in claim 2 based on the function call stack analytical approach of vxworks operating system, it is characterized in that: the function call stack analytic process in step S6 is as follows:
Step 601, judge whether SP value arrives at the bottom of stack, if so, then forward step 602 to; If not, then step 603 is forwarded to;
Step 602, be connected in series function f unc formation function call chain belonging to every one deck PC value, terminate;
Step 603, search affiliated function address and function name according to PC value, concrete search procedure is: in symbol table file, search address be no more than and closest to the function address of PC value and function name, this function be designated as func; Forward step 604 to;
Step 604, utilize existing instrument to obtain the assembly instruction of function f unc, forward step 605 to;
Step 605, the acquisition SP value of function f unc entrance and the return address of function f unc, and calculate new PC value and SP value, wherein new PC value is the value of return address RA value after calculating of function f unc, the return address of function f unc and the caller address of function f unc, new SP value is the SP value of function f unc entrance; Return step 601.
4., as claimed in claim 3 based on the function call stack analytical approach of vxworks operating system, it is characterized in that: step 605 specifically comprises the following steps:
Step 6051, from the Article 1 instruction of function, scan every bar instruction one by one;
Whether the present instruction that step 6052, judgement scan meets one of four kinds of situations below:
The stacked adjustment instruction of (a) SP;
(b) RA holding instruction on stack;
The recovery instruction of (c) RA on stack or register jump instruction;
D () SP pops adjustment instruction;
If met, then forward step 6053 to; If do not met, be other instruction, forward step 6055 to;
Step 6053, according to above-mentioned four kinds of situations and the address of current scanned present instruction and the magnitude relationship of PC value, the SP value of computing function entrance or acquisition function RA value respectively:
The stacked adjustment instruction of (a) SP:
The size of computing function stack frame, compares address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the size of the SP value=current SP value+function stack frame of function entrance point; Otherwise, the SP value=current SP value of function entrance point;
(b) RA holding instruction on stack:
Compare address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the RA value on function RA value=stack, add the preservation address of offset address as RA of relative SP value in instruction by current SP value, thus obtain RA value; Otherwise, the RA value in function RA value=current TCB information;
The recovery instruction of (c) RA on stack or register jump instruction:
Compare address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the RA value in function RA value=current TCB information; Otherwise the RA value on function RA value=stack, adds the preservation address of offset address as RA of relative SP value in instruction by current SP value, thus obtain RA value;
D () SP pops adjustment instruction:
The size of computing function stack frame, compares address and the PC value of scanned present instruction simultaneously, if the address of the present instruction scanned is less than PC value, then: the SP value=current SP value of function entrance point; Otherwise, the size of the SP value=current SP value+function stack frame of function entrance point;
Step 6054, judge whether the SP value and the function RA value that get function entrance point, if meet, then forward step 6056 to, otherwise, go to step 6055;
Step 6055, continue to scan next instruction until the instruction scan of function f unc terminates;
Step 6056, using the return address of function and RA value after calculating as new PC value, in MIPS system, RA value is deducted as new PC value after 8, using the SP value of function f unc entrance as new SP value.
5., as claimed in claim 4 based on the function call stack analytical approach of vxworks operating system, it is characterized in that: in step 6052, the implication of instruction is as follows:
Shape is as addiu sp, and the instruction of sp, x is SP value adjustment instruction, and be exactly the size of function stack frame after the value of x carries out sign extended, when x is negative value, this instruction represents the stacked adjustment instruction of SP, x be on the occasion of time, this instruction represents that SP pops adjustment instruction;
The instruction of shape as sw $ ra, x ($ sp) is RA holding instruction on stack, for the content of RA register is saved in stack;
The instruction of shape as lw $ ra, x ($ sp) is the recovery instruction of RA on stack, for the content recovery that will stack be preserved in RA register;
The instruction of shape as jr $ ra is register jump instruction, and function passes back through this instruction and completes.
6. based on a function call stack analytical equipment for vxworks operating system, comprise main frame and target machine, main frame sends operational order to target machine, analyzes data and shows result data; Target machine performs the operational order of main frame and returns actual running status, it is characterized in that:
Main frame inputs the performed link form ELF file of the VxWorks reflection of the current operation of target machine, on main frame, generates the symbol table file of image file simultaneously;
Assuming that need the task of carrying out the analysis of function call stack to be t1, main frame issues request command to target machine: suspended task t1, and target machine performs this order;
Main frame is to the task control block (TCB) TCB information of target machine request task t1, and target machine returns the TCB information of task t1, comprises at the bottom of general-purpose register information, stack and stack size;
Main frame gets stack pointer SP value, PC value of program counter, return address RA value from the TCB information returned, what the microprocessor MIPS stack space without inner interlocked pipelining-stage adopted is the mode increased downwards, at high address at the bottom of stack, during operation, SP value is exactly the stack pointer of current function, what its pointed to is the position of stack top, the content deposited in each stack frame and deposit order and defined by the calling convention of complex framework; Current SP value is the SP value that program runs to current state, and the SP value of function entrance point is then enter SP value when this function does not also perform the instruction of function Article 1;
Main frame according to the information of information at the bottom of SP value and stack to target machine request stack space, the stack top of the stack information of asking pointed by SP value at the bottom of stack between memory headroom information, target machine returns corresponding stack information;
Main frame is according to the TCB information of target machine, and the information of stack space and dis-assembling file, carry out the analysis of function call stack;
Main frame issues request command to target machine: recover to need the task t1 of carrying out the analysis of function call stack, target machine performs this order.
7. as claimed in claim 6 based on the function call stack analytical equipment of vxworks operating system, it is characterized in that: the analysis of described function call stack is the process of a recurrence, when carrying out the analysis of top-level function call stack, PC value and SP value are respectively PC value in the TCB information that target machine returns and SP value, in follow-up recursive procedure, the analysis of every one deck then depends on the new PC value and SP value that last layer generates, until SP value arrives at the bottom of stack.
8., as claimed in claim 7 based on the function call stack analytical equipment of vxworks operating system, it is characterized in that: described function call stack analytic process is as follows:
Step 601, judge whether SP value arrives at the bottom of stack, if so, then forward step 602 to; If not, then step 603 is forwarded to;
Step 602, be connected in series function f unc formation function call chain belonging to every one deck PC value, terminate;
Step 603, search affiliated function address and function name according to PC value, concrete search procedure is: in symbol table file, search address be no more than and closest to the function address of PC value and function name, this function be designated as func; Forward step 604 to;
Step 604, utilize existing instrument to obtain the assembly instruction of function f unc, forward step 605 to;
Step 605, the acquisition SP value of function f unc entrance and the return address of function f unc, and calculate new PC value and SP value, wherein new PC value is the value of return address RA value after calculating of function f unc, the return address of function f unc and the caller address of function f unc, new SP value is the SP value of function f unc entrance; Return step 601.
9., as claimed in claim 8 based on the function call stack analytical equipment of vxworks operating system, it is characterized in that: step 605 specifically comprises the following steps:
Step 6051, from the Article 1 instruction of function, scan every bar instruction one by one;
Whether the present instruction that step 6052, judgement scan meets one of four kinds of situations below:
The stacked adjustment instruction of (a) SP;
(b) RA holding instruction on stack;
The recovery instruction of (c) RA on stack or register jump instruction;
D () SP pops adjustment instruction;
If met, then forward step 6053 to; If do not met, be other instruction, forward step 6055 to;
Step 6053, according to above-mentioned four kinds of situations and the address of current scanned present instruction and the magnitude relationship of PC value, the SP value of computing function entrance or acquisition function RA value respectively:
The stacked adjustment instruction of (a) SP:
The size of computing function stack frame, compares address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the size of the SP value=current SP value+function stack frame of function entrance point; Otherwise, the SP value=current SP value of function entrance point;
(b) RA holding instruction on stack:
Compare address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the RA value on function RA value=stack, add the preservation address of offset address as RA of relative SP value in instruction by current SP value, thus obtain RA value; Otherwise, the RA value in function RA value=current TCB information;
The recovery instruction of (c) RA on stack or register jump instruction:
Compare address and the PC value of scanned present instruction, if the address of the present instruction scanned is less than PC value, then: the RA value in function RA value=current TCB information; Otherwise the RA value on function RA value=stack, adds the preservation address of offset address as RA of relative SP value in instruction by current SP value, thus obtain RA value;
D () SP pops adjustment instruction:
The size of computing function stack frame, compares address and the PC value of scanned present instruction simultaneously, if the address of the present instruction scanned is less than PC value, then: the SP value=current SP value of function entrance point; Otherwise, the size of the SP value=current SP value+function stack frame of function entrance point;
Step 6054, judge whether the SP value and the function RA value that get function entrance point, if meet, then forward step 6056 to, otherwise, go to step 6055;
Step 6055, continue to scan next instruction until the instruction scan of function f unc terminates;
Step 6056, using the return address of function and RA value after calculating as new PC value, in MIPS system, RA value is deducted as new PC value after 8, using the SP value of function f unc entrance as new SP value.
10., as claimed in claim 9 based on the function call stack analytical equipment of vxworks operating system, it is characterized in that: in step 6052, the implication of instruction is as follows:
Shape is as addiu sp, and the instruction of sp, x is SP value adjustment instruction, and be exactly the size of function stack frame after the value of x carries out sign extended, when x is negative value, this instruction represents the stacked adjustment instruction of SP, x be on the occasion of time, this instruction represents that SP pops adjustment instruction;
The instruction of shape as sw $ ra, x ($ sp) is RA holding instruction on stack, for the content of RA register is saved in stack;
The instruction of shape as lw $ ra, x ($ sp) is the recovery instruction of RA on stack, for the content recovery that will stack be preserved in RA register;
The instruction of shape as jr $ ra is register jump instruction, and function passes back through this instruction and completes.
CN201310506592.XA 2013-10-24 2013-10-24 Based on function call stack analytical approach and the device of vxworks operating system Active CN103559123B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310506592.XA CN103559123B (en) 2013-10-24 2013-10-24 Based on function call stack analytical approach and the device of vxworks operating system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310506592.XA CN103559123B (en) 2013-10-24 2013-10-24 Based on function call stack analytical approach and the device of vxworks operating system

Publications (2)

Publication Number Publication Date
CN103559123A CN103559123A (en) 2014-02-05
CN103559123B true CN103559123B (en) 2016-02-10

Family

ID=50013374

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310506592.XA Active CN103559123B (en) 2013-10-24 2013-10-24 Based on function call stack analytical approach and the device of vxworks operating system

Country Status (1)

Country Link
CN (1) CN103559123B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104572094B (en) * 2014-12-25 2017-09-19 上海斐讯数据通信技术有限公司 A kind of method of analytic function stack size
CN107818034B (en) * 2016-09-14 2021-02-12 华为技术有限公司 Method and device for monitoring running space of process in computer equipment
CN107544896B (en) * 2017-08-11 2021-04-20 深圳震有科技股份有限公司 Function call frequency counting method, storage medium and terminal equipment
CN109753414A (en) * 2017-11-01 2019-05-14 阿里巴巴集团控股有限公司 Acquisition method, methods of exhibiting, electronic equipment and the client of performance data
CN110489165B (en) * 2019-08-02 2021-10-15 北京字节跳动网络技术有限公司 Method, device, medium and equipment for acquiring call stack frame instruction offset
CN113448815B (en) * 2020-03-26 2022-10-18 华为技术有限公司 Method for collecting and tracking trace call chain and electronic equipment
CN113238883B (en) * 2021-04-30 2022-09-02 烽火通信科技股份有限公司 Stack backtracking method and device
CN115495084A (en) * 2021-06-17 2022-12-20 华为技术有限公司 Program running method and device and related equipment
CN113342431B (en) * 2021-06-29 2023-02-07 苏州科达科技股份有限公司 Function call stack backtracking and program exception handling method, device, equipment and medium
CN115705294A (en) * 2021-08-12 2023-02-17 华为技术有限公司 Method, device, electronic equipment and medium for acquiring function call information
CN113821257B (en) * 2021-09-29 2023-05-23 杭州迪普科技股份有限公司 Method and device for inquiring information of processor kernel call stack

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1949187A (en) * 2006-11-17 2007-04-18 深圳市领测科技有限公司 Program testing system and method
CN1949186A (en) * 2006-11-17 2007-04-18 深圳市领测科技有限公司 Program testing system and mapping method for said program testing system
CN101178684A (en) * 2006-11-06 2008-05-14 中兴通讯股份有限公司 Symbol locating method of embedded system
CN103106132A (en) * 2013-03-05 2013-05-15 中标软件有限公司 Kernel function calling stack analyzing and debugging method in case of Linux system breakdown

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8132170B2 (en) * 2007-08-07 2012-03-06 International Business Machines Corporation Call stack sampling in a data processing system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101178684A (en) * 2006-11-06 2008-05-14 中兴通讯股份有限公司 Symbol locating method of embedded system
CN1949187A (en) * 2006-11-17 2007-04-18 深圳市领测科技有限公司 Program testing system and method
CN1949186A (en) * 2006-11-17 2007-04-18 深圳市领测科技有限公司 Program testing system and mapping method for said program testing system
CN103106132A (en) * 2013-03-05 2013-05-15 中标软件有限公司 Kernel function calling stack analyzing and debugging method in case of Linux system breakdown

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于VxWorks的异常问题分析及调试方法的研究";房同忠等;《工业控制计算机》;20120625;第25卷(第6期);第23-24页 *

Also Published As

Publication number Publication date
CN103559123A (en) 2014-02-05

Similar Documents

Publication Publication Date Title
CN103559123B (en) Based on function call stack analytical approach and the device of vxworks operating system
CN103246602B (en) Code coverage determines method and system, code coverage detection method and system
Orso et al. Scaling regression testing to large software systems
CN103019787B (en) Function calling relationship determines method, hot patch upgrade method and device
CN104407973A (en) Automatic unit test realizing method and device
CN104636256A (en) Memory access abnormity detecting method and memory access abnormity detecting device
US9329974B2 (en) Technologies for determining binary loop trip count using dynamic binary instrumentation
CN106294134A (en) The collapse localization method of code and device
CN109871319A (en) Item code scan method, device, computer equipment and storage medium
CN104778032A (en) Method and equipment used for carrying out continuous integration
KR101979329B1 (en) Method and apparatus for tracking security vulnerable input data of executable binaries thereof
WO2017128952A1 (en) Stack protection method and device
CN105183789A (en) File merging method and system based on git source code confliction
KR102013582B1 (en) Apparatus and method for detecting error and determining corresponding position in source code of mixed mode application program source code thereof
US8225286B2 (en) Debugging interpreted input
US9563541B2 (en) Software defect detection identifying location of diverging paths
KR102013657B1 (en) Apparatus for statically analyzing assembly code including assoxiated multi files
CN108897678B (en) Static code detection method, static code detection system and storage device
KR20200023882A (en) Processing method of process data of smart factory
CN111209135A (en) Log processing method and device
CN113805861B (en) Code generation method based on machine learning, code editing system and storage medium
CN115033434B (en) Method and device for calculating kernel performance theoretical value and storage medium
CN102799528A (en) Script debugging method, script debugging device and system thereof for circuit board level test
Barabanova et al. Modeling and Investigating a Race Condition Detection Algorithm for Multithread Computational Systems
CN110990271A (en) Code performance detection method, device, equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant