1 //===- DWARFVerifier.cpp --------------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 #include "llvm/DebugInfo/DWARF/DWARFVerifier.h"
9 #include "llvm/ADT/SmallSet.h"
10 #include "llvm/DebugInfo/DWARF/DWARFCompileUnit.h"
11 #include "llvm/DebugInfo/DWARF/DWARFContext.h"
12 #include "llvm/DebugInfo/DWARF/DWARFDebugLine.h"
13 #include "llvm/DebugInfo/DWARF/DWARFDie.h"
14 #include "llvm/DebugInfo/DWARF/DWARFExpression.h"
15 #include "llvm/DebugInfo/DWARF/DWARFFormValue.h"
16 #include "llvm/DebugInfo/DWARF/DWARFSection.h"
17 #include "llvm/Support/DJB.h"
18 #include "llvm/Support/FormatVariadic.h"
19 #include "llvm/Support/WithColor.h"
20 #include "llvm/Support/raw_ostream.h"
21 #include <map>
22 #include <set>
23 #include <vector>
24
25 using namespace llvm;
26 using namespace dwarf;
27 using namespace object;
28
29 DWARFVerifier::DieRangeInfo::address_range_iterator
insert(const DWARFAddressRange & R)30 DWARFVerifier::DieRangeInfo::insert(const DWARFAddressRange &R) {
31 auto Begin = Ranges.begin();
32 auto End = Ranges.end();
33 auto Pos = std::lower_bound(Begin, End, R);
34
35 if (Pos != End) {
36 if (Pos->intersects(R))
37 return std::move(Pos);
38 if (Pos != Begin) {
39 auto Iter = Pos - 1;
40 if (Iter->intersects(R))
41 return std::move(Iter);
42 }
43 }
44
45 Ranges.insert(Pos, R);
46 return Ranges.end();
47 }
48
49 DWARFVerifier::DieRangeInfo::die_range_info_iterator
insert(const DieRangeInfo & RI)50 DWARFVerifier::DieRangeInfo::insert(const DieRangeInfo &RI) {
51 auto End = Children.end();
52 auto Iter = Children.begin();
53 while (Iter != End) {
54 if (Iter->intersects(RI))
55 return Iter;
56 ++Iter;
57 }
58 Children.insert(RI);
59 return Children.end();
60 }
61
contains(const DieRangeInfo & RHS) const62 bool DWARFVerifier::DieRangeInfo::contains(const DieRangeInfo &RHS) const {
63 auto I1 = Ranges.begin(), E1 = Ranges.end();
64 auto I2 = RHS.Ranges.begin(), E2 = RHS.Ranges.end();
65 if (I2 == E2)
66 return true;
67
68 DWARFAddressRange R = *I2;
69 while (I1 != E1) {
70 bool Covered = I1->LowPC <= R.LowPC;
71 if (R.LowPC == R.HighPC || (Covered && R.HighPC <= I1->HighPC)) {
72 if (++I2 == E2)
73 return true;
74 R = *I2;
75 continue;
76 }
77 if (!Covered)
78 return false;
79 if (R.LowPC < I1->HighPC)
80 R.LowPC = I1->HighPC;
81 ++I1;
82 }
83 return false;
84 }
85
intersects(const DieRangeInfo & RHS) const86 bool DWARFVerifier::DieRangeInfo::intersects(const DieRangeInfo &RHS) const {
87 auto I1 = Ranges.begin(), E1 = Ranges.end();
88 auto I2 = RHS.Ranges.begin(), E2 = RHS.Ranges.end();
89 while (I1 != E1 && I2 != E2) {
90 if (I1->intersects(*I2))
91 return true;
92 if (I1->LowPC < I2->LowPC)
93 ++I1;
94 else
95 ++I2;
96 }
97 return false;
98 }
99
verifyUnitHeader(const DWARFDataExtractor DebugInfoData,uint64_t * Offset,unsigned UnitIndex,uint8_t & UnitType,bool & isUnitDWARF64)100 bool DWARFVerifier::verifyUnitHeader(const DWARFDataExtractor DebugInfoData,
101 uint64_t *Offset, unsigned UnitIndex,
102 uint8_t &UnitType, bool &isUnitDWARF64) {
103 uint64_t AbbrOffset, Length;
104 uint8_t AddrSize = 0;
105 uint16_t Version;
106 bool Success = true;
107
108 bool ValidLength = false;
109 bool ValidVersion = false;
110 bool ValidAddrSize = false;
111 bool ValidType = true;
112 bool ValidAbbrevOffset = true;
113
114 uint64_t OffsetStart = *Offset;
115 Length = DebugInfoData.getU32(Offset);
116 if (Length == dwarf::DW_LENGTH_DWARF64) {
117 Length = DebugInfoData.getU64(Offset);
118 isUnitDWARF64 = true;
119 }
120 Version = DebugInfoData.getU16(Offset);
121
122 if (Version >= 5) {
123 UnitType = DebugInfoData.getU8(Offset);
124 AddrSize = DebugInfoData.getU8(Offset);
125 AbbrOffset = isUnitDWARF64 ? DebugInfoData.getU64(Offset) : DebugInfoData.getU32(Offset);
126 ValidType = dwarf::isUnitType(UnitType);
127 } else {
128 UnitType = 0;
129 AbbrOffset = isUnitDWARF64 ? DebugInfoData.getU64(Offset) : DebugInfoData.getU32(Offset);
130 AddrSize = DebugInfoData.getU8(Offset);
131 }
132
133 if (!DCtx.getDebugAbbrev()->getAbbreviationDeclarationSet(AbbrOffset))
134 ValidAbbrevOffset = false;
135
136 ValidLength = DebugInfoData.isValidOffset(OffsetStart + Length + 3);
137 ValidVersion = DWARFContext::isSupportedVersion(Version);
138 ValidAddrSize = AddrSize == 4 || AddrSize == 8;
139 if (!ValidLength || !ValidVersion || !ValidAddrSize || !ValidAbbrevOffset ||
140 !ValidType) {
141 Success = false;
142 error() << format("Units[%d] - start offset: 0x%08" PRIx64 " \n", UnitIndex,
143 OffsetStart);
144 if (!ValidLength)
145 note() << "The length for this unit is too "
146 "large for the .debug_info provided.\n";
147 if (!ValidVersion)
148 note() << "The 16 bit unit header version is not valid.\n";
149 if (!ValidType)
150 note() << "The unit type encoding is not valid.\n";
151 if (!ValidAbbrevOffset)
152 note() << "The offset into the .debug_abbrev section is "
153 "not valid.\n";
154 if (!ValidAddrSize)
155 note() << "The address size is unsupported.\n";
156 }
157 *Offset = OffsetStart + Length + (isUnitDWARF64 ? 12 : 4);
158 return Success;
159 }
160
verifyUnitContents(DWARFUnit & Unit)161 unsigned DWARFVerifier::verifyUnitContents(DWARFUnit &Unit) {
162 unsigned NumUnitErrors = 0;
163 unsigned NumDies = Unit.getNumDIEs();
164 for (unsigned I = 0; I < NumDies; ++I) {
165 auto Die = Unit.getDIEAtIndex(I);
166
167 if (Die.getTag() == DW_TAG_null)
168 continue;
169
170 for (auto AttrValue : Die.attributes()) {
171 NumUnitErrors += verifyDebugInfoAttribute(Die, AttrValue);
172 NumUnitErrors += verifyDebugInfoForm(Die, AttrValue);
173 }
174
175 NumUnitErrors += verifyDebugInfoCallSite(Die);
176 }
177
178 DWARFDie Die = Unit.getUnitDIE(/* ExtractUnitDIEOnly = */ false);
179 if (!Die) {
180 error() << "Compilation unit without DIE.\n";
181 NumUnitErrors++;
182 return NumUnitErrors;
183 }
184
185 if (!dwarf::isUnitType(Die.getTag())) {
186 error() << "Compilation unit root DIE is not a unit DIE: "
187 << dwarf::TagString(Die.getTag()) << ".\n";
188 NumUnitErrors++;
189 }
190
191 uint8_t UnitType = Unit.getUnitType();
192 if (!DWARFUnit::isMatchingUnitTypeAndTag(UnitType, Die.getTag())) {
193 error() << "Compilation unit type (" << dwarf::UnitTypeString(UnitType)
194 << ") and root DIE (" << dwarf::TagString(Die.getTag())
195 << ") do not match.\n";
196 NumUnitErrors++;
197 }
198
199 // According to DWARF Debugging Information Format Version 5,
200 // 3.1.2 Skeleton Compilation Unit Entries:
201 // "A skeleton compilation unit has no children."
202 if (Die.getTag() == dwarf::DW_TAG_skeleton_unit && Die.hasChildren()) {
203 error() << "Skeleton compilation unit has children.\n";
204 NumUnitErrors++;
205 }
206
207 DieRangeInfo RI;
208 NumUnitErrors += verifyDieRanges(Die, RI);
209
210 return NumUnitErrors;
211 }
212
verifyDebugInfoCallSite(const DWARFDie & Die)213 unsigned DWARFVerifier::verifyDebugInfoCallSite(const DWARFDie &Die) {
214 if (Die.getTag() != DW_TAG_call_site && Die.getTag() != DW_TAG_GNU_call_site)
215 return 0;
216
217 DWARFDie Curr = Die.getParent();
218 for (; Curr.isValid() && !Curr.isSubprogramDIE(); Curr = Die.getParent()) {
219 if (Curr.getTag() == DW_TAG_inlined_subroutine) {
220 error() << "Call site entry nested within inlined subroutine:";
221 Curr.dump(OS);
222 return 1;
223 }
224 }
225
226 if (!Curr.isValid()) {
227 error() << "Call site entry not nested within a valid subprogram:";
228 Die.dump(OS);
229 return 1;
230 }
231
232 Optional<DWARFFormValue> CallAttr =
233 Curr.find({DW_AT_call_all_calls, DW_AT_call_all_source_calls,
234 DW_AT_call_all_tail_calls, DW_AT_GNU_all_call_sites,
235 DW_AT_GNU_all_source_call_sites,
236 DW_AT_GNU_all_tail_call_sites});
237 if (!CallAttr) {
238 error() << "Subprogram with call site entry has no DW_AT_call attribute:";
239 Curr.dump(OS);
240 Die.dump(OS, /*indent*/ 1);
241 return 1;
242 }
243
244 return 0;
245 }
246
verifyAbbrevSection(const DWARFDebugAbbrev * Abbrev)247 unsigned DWARFVerifier::verifyAbbrevSection(const DWARFDebugAbbrev *Abbrev) {
248 unsigned NumErrors = 0;
249 if (Abbrev) {
250 const DWARFAbbreviationDeclarationSet *AbbrDecls =
251 Abbrev->getAbbreviationDeclarationSet(0);
252 for (auto AbbrDecl : *AbbrDecls) {
253 SmallDenseSet<uint16_t> AttributeSet;
254 for (auto Attribute : AbbrDecl.attributes()) {
255 auto Result = AttributeSet.insert(Attribute.Attr);
256 if (!Result.second) {
257 error() << "Abbreviation declaration contains multiple "
258 << AttributeString(Attribute.Attr) << " attributes.\n";
259 AbbrDecl.dump(OS);
260 ++NumErrors;
261 }
262 }
263 }
264 }
265 return NumErrors;
266 }
267
handleDebugAbbrev()268 bool DWARFVerifier::handleDebugAbbrev() {
269 OS << "Verifying .debug_abbrev...\n";
270
271 const DWARFObject &DObj = DCtx.getDWARFObj();
272 unsigned NumErrors = 0;
273 if (!DObj.getAbbrevSection().empty())
274 NumErrors += verifyAbbrevSection(DCtx.getDebugAbbrev());
275 if (!DObj.getAbbrevDWOSection().empty())
276 NumErrors += verifyAbbrevSection(DCtx.getDebugAbbrevDWO());
277
278 return NumErrors == 0;
279 }
280
verifyUnitSection(const DWARFSection & S,DWARFSectionKind SectionKind)281 unsigned DWARFVerifier::verifyUnitSection(const DWARFSection &S,
282 DWARFSectionKind SectionKind) {
283 const DWARFObject &DObj = DCtx.getDWARFObj();
284 DWARFDataExtractor DebugInfoData(DObj, S, DCtx.isLittleEndian(), 0);
285 unsigned NumDebugInfoErrors = 0;
286 uint64_t OffsetStart = 0, Offset = 0, UnitIdx = 0;
287 uint8_t UnitType = 0;
288 bool isUnitDWARF64 = false;
289 bool isHeaderChainValid = true;
290 bool hasDIE = DebugInfoData.isValidOffset(Offset);
291 DWARFUnitVector TypeUnitVector;
292 DWARFUnitVector CompileUnitVector;
293 while (hasDIE) {
294 OffsetStart = Offset;
295 if (!verifyUnitHeader(DebugInfoData, &Offset, UnitIdx, UnitType,
296 isUnitDWARF64)) {
297 isHeaderChainValid = false;
298 if (isUnitDWARF64)
299 break;
300 } else {
301 DWARFUnitHeader Header;
302 Header.extract(DCtx, DebugInfoData, &OffsetStart, SectionKind);
303 DWARFUnit *Unit;
304 switch (UnitType) {
305 case dwarf::DW_UT_type:
306 case dwarf::DW_UT_split_type: {
307 Unit = TypeUnitVector.addUnit(std::make_unique<DWARFTypeUnit>(
308 DCtx, S, Header, DCtx.getDebugAbbrev(), &DObj.getRangesSection(),
309 &DObj.getLocSection(), DObj.getStrSection(),
310 DObj.getStrOffsetsSection(), &DObj.getAppleObjCSection(),
311 DObj.getLineSection(), DCtx.isLittleEndian(), false,
312 TypeUnitVector));
313 break;
314 }
315 case dwarf::DW_UT_skeleton:
316 case dwarf::DW_UT_split_compile:
317 case dwarf::DW_UT_compile:
318 case dwarf::DW_UT_partial:
319 // UnitType = 0 means that we are verifying a compile unit in DWARF v4.
320 case 0: {
321 Unit = CompileUnitVector.addUnit(std::make_unique<DWARFCompileUnit>(
322 DCtx, S, Header, DCtx.getDebugAbbrev(), &DObj.getRangesSection(),
323 &DObj.getLocSection(), DObj.getStrSection(),
324 DObj.getStrOffsetsSection(), &DObj.getAppleObjCSection(),
325 DObj.getLineSection(), DCtx.isLittleEndian(), false,
326 CompileUnitVector));
327 break;
328 }
329 default: { llvm_unreachable("Invalid UnitType."); }
330 }
331 NumDebugInfoErrors += verifyUnitContents(*Unit);
332 }
333 hasDIE = DebugInfoData.isValidOffset(Offset);
334 ++UnitIdx;
335 }
336 if (UnitIdx == 0 && !hasDIE) {
337 warn() << "Section is empty.\n";
338 isHeaderChainValid = true;
339 }
340 if (!isHeaderChainValid)
341 ++NumDebugInfoErrors;
342 NumDebugInfoErrors += verifyDebugInfoReferences();
343 return NumDebugInfoErrors;
344 }
345
handleDebugInfo()346 bool DWARFVerifier::handleDebugInfo() {
347 const DWARFObject &DObj = DCtx.getDWARFObj();
348 unsigned NumErrors = 0;
349
350 OS << "Verifying .debug_info Unit Header Chain...\n";
351 DObj.forEachInfoSections([&](const DWARFSection &S) {
352 NumErrors += verifyUnitSection(S, DW_SECT_INFO);
353 });
354
355 OS << "Verifying .debug_types Unit Header Chain...\n";
356 DObj.forEachTypesSections([&](const DWARFSection &S) {
357 NumErrors += verifyUnitSection(S, DW_SECT_TYPES);
358 });
359 return NumErrors == 0;
360 }
361
verifyDieRanges(const DWARFDie & Die,DieRangeInfo & ParentRI)362 unsigned DWARFVerifier::verifyDieRanges(const DWARFDie &Die,
363 DieRangeInfo &ParentRI) {
364 unsigned NumErrors = 0;
365
366 if (!Die.isValid())
367 return NumErrors;
368
369 auto RangesOrError = Die.getAddressRanges();
370 if (!RangesOrError) {
371 // FIXME: Report the error.
372 ++NumErrors;
373 llvm::consumeError(RangesOrError.takeError());
374 return NumErrors;
375 }
376
377 DWARFAddressRangesVector Ranges = RangesOrError.get();
378 // Build RI for this DIE and check that ranges within this DIE do not
379 // overlap.
380 DieRangeInfo RI(Die);
381
382 // TODO support object files better
383 //
384 // Some object file formats (i.e. non-MachO) support COMDAT. ELF in
385 // particular does so by placing each function into a section. The DWARF data
386 // for the function at that point uses a section relative DW_FORM_addrp for
387 // the DW_AT_low_pc and a DW_FORM_data4 for the offset as the DW_AT_high_pc.
388 // In such a case, when the Die is the CU, the ranges will overlap, and we
389 // will flag valid conflicting ranges as invalid.
390 //
391 // For such targets, we should read the ranges from the CU and partition them
392 // by the section id. The ranges within a particular section should be
393 // disjoint, although the ranges across sections may overlap. We would map
394 // the child die to the entity that it references and the section with which
395 // it is associated. The child would then be checked against the range
396 // information for the associated section.
397 //
398 // For now, simply elide the range verification for the CU DIEs if we are
399 // processing an object file.
400
401 if (!IsObjectFile || IsMachOObject || Die.getTag() != DW_TAG_compile_unit) {
402 for (auto Range : Ranges) {
403 if (!Range.valid()) {
404 ++NumErrors;
405 error() << "Invalid address range " << Range << "\n";
406 continue;
407 }
408
409 // Verify that ranges don't intersect.
410 const auto IntersectingRange = RI.insert(Range);
411 if (IntersectingRange != RI.Ranges.end()) {
412 ++NumErrors;
413 error() << "DIE has overlapping address ranges: " << Range << " and "
414 << *IntersectingRange << "\n";
415 break;
416 }
417 }
418 }
419
420 // Verify that children don't intersect.
421 const auto IntersectingChild = ParentRI.insert(RI);
422 if (IntersectingChild != ParentRI.Children.end()) {
423 ++NumErrors;
424 error() << "DIEs have overlapping address ranges:";
425 dump(Die);
426 dump(IntersectingChild->Die) << '\n';
427 }
428
429 // Verify that ranges are contained within their parent.
430 bool ShouldBeContained = !Ranges.empty() && !ParentRI.Ranges.empty() &&
431 !(Die.getTag() == DW_TAG_subprogram &&
432 ParentRI.Die.getTag() == DW_TAG_subprogram);
433 if (ShouldBeContained && !ParentRI.contains(RI)) {
434 ++NumErrors;
435 error() << "DIE address ranges are not contained in its parent's ranges:";
436 dump(ParentRI.Die);
437 dump(Die, 2) << '\n';
438 }
439
440 // Recursively check children.
441 for (DWARFDie Child : Die)
442 NumErrors += verifyDieRanges(Child, RI);
443
444 return NumErrors;
445 }
446
verifyDebugInfoAttribute(const DWARFDie & Die,DWARFAttribute & AttrValue)447 unsigned DWARFVerifier::verifyDebugInfoAttribute(const DWARFDie &Die,
448 DWARFAttribute &AttrValue) {
449 unsigned NumErrors = 0;
450 auto ReportError = [&](const Twine &TitleMsg) {
451 ++NumErrors;
452 error() << TitleMsg << '\n';
453 dump(Die) << '\n';
454 };
455
456 const DWARFObject &DObj = DCtx.getDWARFObj();
457 const auto Attr = AttrValue.Attr;
458 switch (Attr) {
459 case DW_AT_ranges:
460 // Make sure the offset in the DW_AT_ranges attribute is valid.
461 if (auto SectionOffset = AttrValue.Value.getAsSectionOffset()) {
462 if (*SectionOffset >= DObj.getRangesSection().Data.size())
463 ReportError("DW_AT_ranges offset is beyond .debug_ranges bounds:");
464 break;
465 }
466 ReportError("DIE has invalid DW_AT_ranges encoding:");
467 break;
468 case DW_AT_stmt_list:
469 // Make sure the offset in the DW_AT_stmt_list attribute is valid.
470 if (auto SectionOffset = AttrValue.Value.getAsSectionOffset()) {
471 if (*SectionOffset >= DObj.getLineSection().Data.size())
472 ReportError("DW_AT_stmt_list offset is beyond .debug_line bounds: " +
473 llvm::formatv("{0:x8}", *SectionOffset));
474 break;
475 }
476 ReportError("DIE has invalid DW_AT_stmt_list encoding:");
477 break;
478 case DW_AT_location: {
479 if (Expected<std::vector<DWARFLocationExpression>> Loc =
480 Die.getLocations(DW_AT_location)) {
481 DWARFUnit *U = Die.getDwarfUnit();
482 for (const auto &Entry : *Loc) {
483 DataExtractor Data(toStringRef(Entry.Expr), DCtx.isLittleEndian(), 0);
484 DWARFExpression Expression(Data, U->getVersion(),
485 U->getAddressByteSize());
486 bool Error = any_of(Expression, [](DWARFExpression::Operation &Op) {
487 return Op.isError();
488 });
489 if (Error || !Expression.verify(U))
490 ReportError("DIE contains invalid DWARF expression:");
491 }
492 } else
493 ReportError(toString(Loc.takeError()));
494 break;
495 }
496 case DW_AT_specification:
497 case DW_AT_abstract_origin: {
498 if (auto ReferencedDie = Die.getAttributeValueAsReferencedDie(Attr)) {
499 auto DieTag = Die.getTag();
500 auto RefTag = ReferencedDie.getTag();
501 if (DieTag == RefTag)
502 break;
503 if (DieTag == DW_TAG_inlined_subroutine && RefTag == DW_TAG_subprogram)
504 break;
505 if (DieTag == DW_TAG_variable && RefTag == DW_TAG_member)
506 break;
507 // This might be reference to a function declaration.
508 if (DieTag == DW_TAG_GNU_call_site && RefTag == DW_TAG_subprogram)
509 break;
510 ReportError("DIE with tag " + TagString(DieTag) + " has " +
511 AttributeString(Attr) +
512 " that points to DIE with "
513 "incompatible tag " +
514 TagString(RefTag));
515 }
516 break;
517 }
518 case DW_AT_type: {
519 DWARFDie TypeDie = Die.getAttributeValueAsReferencedDie(DW_AT_type);
520 if (TypeDie && !isType(TypeDie.getTag())) {
521 ReportError("DIE has " + AttributeString(Attr) +
522 " with incompatible tag " + TagString(TypeDie.getTag()));
523 }
524 break;
525 }
526 default:
527 break;
528 }
529 return NumErrors;
530 }
531
verifyDebugInfoForm(const DWARFDie & Die,DWARFAttribute & AttrValue)532 unsigned DWARFVerifier::verifyDebugInfoForm(const DWARFDie &Die,
533 DWARFAttribute &AttrValue) {
534 const DWARFObject &DObj = DCtx.getDWARFObj();
535 auto DieCU = Die.getDwarfUnit();
536 unsigned NumErrors = 0;
537 const auto Form = AttrValue.Value.getForm();
538 switch (Form) {
539 case DW_FORM_ref1:
540 case DW_FORM_ref2:
541 case DW_FORM_ref4:
542 case DW_FORM_ref8:
543 case DW_FORM_ref_udata: {
544 // Verify all CU relative references are valid CU offsets.
545 Optional<uint64_t> RefVal = AttrValue.Value.getAsReference();
546 assert(RefVal);
547 if (RefVal) {
548 auto CUSize = DieCU->getNextUnitOffset() - DieCU->getOffset();
549 auto CUOffset = AttrValue.Value.getRawUValue();
550 if (CUOffset >= CUSize) {
551 ++NumErrors;
552 error() << FormEncodingString(Form) << " CU offset "
553 << format("0x%08" PRIx64, CUOffset)
554 << " is invalid (must be less than CU size of "
555 << format("0x%08" PRIx64, CUSize) << "):\n";
556 Die.dump(OS, 0, DumpOpts);
557 dump(Die) << '\n';
558 } else {
559 // Valid reference, but we will verify it points to an actual
560 // DIE later.
561 ReferenceToDIEOffsets[*RefVal].insert(Die.getOffset());
562 }
563 }
564 break;
565 }
566 case DW_FORM_ref_addr: {
567 // Verify all absolute DIE references have valid offsets in the
568 // .debug_info section.
569 Optional<uint64_t> RefVal = AttrValue.Value.getAsReference();
570 assert(RefVal);
571 if (RefVal) {
572 if (*RefVal >= DieCU->getInfoSection().Data.size()) {
573 ++NumErrors;
574 error() << "DW_FORM_ref_addr offset beyond .debug_info "
575 "bounds:\n";
576 dump(Die) << '\n';
577 } else {
578 // Valid reference, but we will verify it points to an actual
579 // DIE later.
580 ReferenceToDIEOffsets[*RefVal].insert(Die.getOffset());
581 }
582 }
583 break;
584 }
585 case DW_FORM_strp: {
586 auto SecOffset = AttrValue.Value.getAsSectionOffset();
587 assert(SecOffset); // DW_FORM_strp is a section offset.
588 if (SecOffset && *SecOffset >= DObj.getStrSection().size()) {
589 ++NumErrors;
590 error() << "DW_FORM_strp offset beyond .debug_str bounds:\n";
591 dump(Die) << '\n';
592 }
593 break;
594 }
595 case DW_FORM_strx:
596 case DW_FORM_strx1:
597 case DW_FORM_strx2:
598 case DW_FORM_strx3:
599 case DW_FORM_strx4: {
600 auto Index = AttrValue.Value.getRawUValue();
601 auto DieCU = Die.getDwarfUnit();
602 // Check that we have a valid DWARF v5 string offsets table.
603 if (!DieCU->getStringOffsetsTableContribution()) {
604 ++NumErrors;
605 error() << FormEncodingString(Form)
606 << " used without a valid string offsets table:\n";
607 dump(Die) << '\n';
608 break;
609 }
610 // Check that the index is within the bounds of the section.
611 unsigned ItemSize = DieCU->getDwarfStringOffsetsByteSize();
612 // Use a 64-bit type to calculate the offset to guard against overflow.
613 uint64_t Offset =
614 (uint64_t)DieCU->getStringOffsetsBase() + Index * ItemSize;
615 if (DObj.getStrOffsetsSection().Data.size() < Offset + ItemSize) {
616 ++NumErrors;
617 error() << FormEncodingString(Form) << " uses index "
618 << format("%" PRIu64, Index) << ", which is too large:\n";
619 dump(Die) << '\n';
620 break;
621 }
622 // Check that the string offset is valid.
623 uint64_t StringOffset = *DieCU->getStringOffsetSectionItem(Index);
624 if (StringOffset >= DObj.getStrSection().size()) {
625 ++NumErrors;
626 error() << FormEncodingString(Form) << " uses index "
627 << format("%" PRIu64, Index)
628 << ", but the referenced string"
629 " offset is beyond .debug_str bounds:\n";
630 dump(Die) << '\n';
631 }
632 break;
633 }
634 default:
635 break;
636 }
637 return NumErrors;
638 }
639
verifyDebugInfoReferences()640 unsigned DWARFVerifier::verifyDebugInfoReferences() {
641 // Take all references and make sure they point to an actual DIE by
642 // getting the DIE by offset and emitting an error
643 OS << "Verifying .debug_info references...\n";
644 unsigned NumErrors = 0;
645 for (const std::pair<const uint64_t, std::set<uint64_t>> &Pair :
646 ReferenceToDIEOffsets) {
647 if (DCtx.getDIEForOffset(Pair.first))
648 continue;
649 ++NumErrors;
650 error() << "invalid DIE reference " << format("0x%08" PRIx64, Pair.first)
651 << ". Offset is in between DIEs:\n";
652 for (auto Offset : Pair.second)
653 dump(DCtx.getDIEForOffset(Offset)) << '\n';
654 OS << "\n";
655 }
656 return NumErrors;
657 }
658
verifyDebugLineStmtOffsets()659 void DWARFVerifier::verifyDebugLineStmtOffsets() {
660 std::map<uint64_t, DWARFDie> StmtListToDie;
661 for (const auto &CU : DCtx.compile_units()) {
662 auto Die = CU->getUnitDIE();
663 // Get the attribute value as a section offset. No need to produce an
664 // error here if the encoding isn't correct because we validate this in
665 // the .debug_info verifier.
666 auto StmtSectionOffset = toSectionOffset(Die.find(DW_AT_stmt_list));
667 if (!StmtSectionOffset)
668 continue;
669 const uint64_t LineTableOffset = *StmtSectionOffset;
670 auto LineTable = DCtx.getLineTableForUnit(CU.get());
671 if (LineTableOffset < DCtx.getDWARFObj().getLineSection().Data.size()) {
672 if (!LineTable) {
673 ++NumDebugLineErrors;
674 error() << ".debug_line[" << format("0x%08" PRIx64, LineTableOffset)
675 << "] was not able to be parsed for CU:\n";
676 dump(Die) << '\n';
677 continue;
678 }
679 } else {
680 // Make sure we don't get a valid line table back if the offset is wrong.
681 assert(LineTable == nullptr);
682 // Skip this line table as it isn't valid. No need to create an error
683 // here because we validate this in the .debug_info verifier.
684 continue;
685 }
686 auto Iter = StmtListToDie.find(LineTableOffset);
687 if (Iter != StmtListToDie.end()) {
688 ++NumDebugLineErrors;
689 error() << "two compile unit DIEs, "
690 << format("0x%08" PRIx64, Iter->second.getOffset()) << " and "
691 << format("0x%08" PRIx64, Die.getOffset())
692 << ", have the same DW_AT_stmt_list section offset:\n";
693 dump(Iter->second);
694 dump(Die) << '\n';
695 // Already verified this line table before, no need to do it again.
696 continue;
697 }
698 StmtListToDie[LineTableOffset] = Die;
699 }
700 }
701
verifyDebugLineRows()702 void DWARFVerifier::verifyDebugLineRows() {
703 for (const auto &CU : DCtx.compile_units()) {
704 auto Die = CU->getUnitDIE();
705 auto LineTable = DCtx.getLineTableForUnit(CU.get());
706 // If there is no line table we will have created an error in the
707 // .debug_info verifier or in verifyDebugLineStmtOffsets().
708 if (!LineTable)
709 continue;
710
711 // Verify prologue.
712 uint32_t MaxDirIndex = LineTable->Prologue.IncludeDirectories.size();
713 uint32_t FileIndex = 1;
714 StringMap<uint16_t> FullPathMap;
715 for (const auto &FileName : LineTable->Prologue.FileNames) {
716 // Verify directory index.
717 if (FileName.DirIdx > MaxDirIndex) {
718 ++NumDebugLineErrors;
719 error() << ".debug_line["
720 << format("0x%08" PRIx64,
721 *toSectionOffset(Die.find(DW_AT_stmt_list)))
722 << "].prologue.file_names[" << FileIndex
723 << "].dir_idx contains an invalid index: " << FileName.DirIdx
724 << "\n";
725 }
726
727 // Check file paths for duplicates.
728 std::string FullPath;
729 const bool HasFullPath = LineTable->getFileNameByIndex(
730 FileIndex, CU->getCompilationDir(),
731 DILineInfoSpecifier::FileLineInfoKind::AbsoluteFilePath, FullPath);
732 assert(HasFullPath && "Invalid index?");
733 (void)HasFullPath;
734 auto It = FullPathMap.find(FullPath);
735 if (It == FullPathMap.end())
736 FullPathMap[FullPath] = FileIndex;
737 else if (It->second != FileIndex) {
738 warn() << ".debug_line["
739 << format("0x%08" PRIx64,
740 *toSectionOffset(Die.find(DW_AT_stmt_list)))
741 << "].prologue.file_names[" << FileIndex
742 << "] is a duplicate of file_names[" << It->second << "]\n";
743 }
744
745 FileIndex++;
746 }
747
748 // Verify rows.
749 uint64_t PrevAddress = 0;
750 uint32_t RowIndex = 0;
751 for (const auto &Row : LineTable->Rows) {
752 // Verify row address.
753 if (Row.Address.Address < PrevAddress) {
754 ++NumDebugLineErrors;
755 error() << ".debug_line["
756 << format("0x%08" PRIx64,
757 *toSectionOffset(Die.find(DW_AT_stmt_list)))
758 << "] row[" << RowIndex
759 << "] decreases in address from previous row:\n";
760
761 DWARFDebugLine::Row::dumpTableHeader(OS);
762 if (RowIndex > 0)
763 LineTable->Rows[RowIndex - 1].dump(OS);
764 Row.dump(OS);
765 OS << '\n';
766 }
767
768 // Verify file index.
769 if (!LineTable->hasFileAtIndex(Row.File)) {
770 ++NumDebugLineErrors;
771 bool isDWARF5 = LineTable->Prologue.getVersion() >= 5;
772 error() << ".debug_line["
773 << format("0x%08" PRIx64,
774 *toSectionOffset(Die.find(DW_AT_stmt_list)))
775 << "][" << RowIndex << "] has invalid file index " << Row.File
776 << " (valid values are [" << (isDWARF5 ? "0," : "1,")
777 << LineTable->Prologue.FileNames.size()
778 << (isDWARF5 ? ")" : "]") << "):\n";
779 DWARFDebugLine::Row::dumpTableHeader(OS);
780 Row.dump(OS);
781 OS << '\n';
782 }
783 if (Row.EndSequence)
784 PrevAddress = 0;
785 else
786 PrevAddress = Row.Address.Address;
787 ++RowIndex;
788 }
789 }
790 }
791
DWARFVerifier(raw_ostream & S,DWARFContext & D,DIDumpOptions DumpOpts)792 DWARFVerifier::DWARFVerifier(raw_ostream &S, DWARFContext &D,
793 DIDumpOptions DumpOpts)
794 : OS(S), DCtx(D), DumpOpts(std::move(DumpOpts)), IsObjectFile(false),
795 IsMachOObject(false) {
796 if (const auto *F = DCtx.getDWARFObj().getFile()) {
797 IsObjectFile = F->isRelocatableObject();
798 IsMachOObject = F->isMachO();
799 }
800 }
801
handleDebugLine()802 bool DWARFVerifier::handleDebugLine() {
803 NumDebugLineErrors = 0;
804 OS << "Verifying .debug_line...\n";
805 verifyDebugLineStmtOffsets();
806 verifyDebugLineRows();
807 return NumDebugLineErrors == 0;
808 }
809
verifyAppleAccelTable(const DWARFSection * AccelSection,DataExtractor * StrData,const char * SectionName)810 unsigned DWARFVerifier::verifyAppleAccelTable(const DWARFSection *AccelSection,
811 DataExtractor *StrData,
812 const char *SectionName) {
813 unsigned NumErrors = 0;
814 DWARFDataExtractor AccelSectionData(DCtx.getDWARFObj(), *AccelSection,
815 DCtx.isLittleEndian(), 0);
816 AppleAcceleratorTable AccelTable(AccelSectionData, *StrData);
817
818 OS << "Verifying " << SectionName << "...\n";
819
820 // Verify that the fixed part of the header is not too short.
821 if (!AccelSectionData.isValidOffset(AccelTable.getSizeHdr())) {
822 error() << "Section is too small to fit a section header.\n";
823 return 1;
824 }
825
826 // Verify that the section is not too short.
827 if (Error E = AccelTable.extract()) {
828 error() << toString(std::move(E)) << '\n';
829 return 1;
830 }
831
832 // Verify that all buckets have a valid hash index or are empty.
833 uint32_t NumBuckets = AccelTable.getNumBuckets();
834 uint32_t NumHashes = AccelTable.getNumHashes();
835
836 uint64_t BucketsOffset =
837 AccelTable.getSizeHdr() + AccelTable.getHeaderDataLength();
838 uint64_t HashesBase = BucketsOffset + NumBuckets * 4;
839 uint64_t OffsetsBase = HashesBase + NumHashes * 4;
840 for (uint32_t BucketIdx = 0; BucketIdx < NumBuckets; ++BucketIdx) {
841 uint32_t HashIdx = AccelSectionData.getU32(&BucketsOffset);
842 if (HashIdx >= NumHashes && HashIdx != UINT32_MAX) {
843 error() << format("Bucket[%d] has invalid hash index: %u.\n", BucketIdx,
844 HashIdx);
845 ++NumErrors;
846 }
847 }
848 uint32_t NumAtoms = AccelTable.getAtomsDesc().size();
849 if (NumAtoms == 0) {
850 error() << "No atoms: failed to read HashData.\n";
851 return 1;
852 }
853 if (!AccelTable.validateForms()) {
854 error() << "Unsupported form: failed to read HashData.\n";
855 return 1;
856 }
857
858 for (uint32_t HashIdx = 0; HashIdx < NumHashes; ++HashIdx) {
859 uint64_t HashOffset = HashesBase + 4 * HashIdx;
860 uint64_t DataOffset = OffsetsBase + 4 * HashIdx;
861 uint32_t Hash = AccelSectionData.getU32(&HashOffset);
862 uint64_t HashDataOffset = AccelSectionData.getU32(&DataOffset);
863 if (!AccelSectionData.isValidOffsetForDataOfSize(HashDataOffset,
864 sizeof(uint64_t))) {
865 error() << format("Hash[%d] has invalid HashData offset: "
866 "0x%08" PRIx64 ".\n",
867 HashIdx, HashDataOffset);
868 ++NumErrors;
869 }
870
871 uint64_t StrpOffset;
872 uint64_t StringOffset;
873 uint32_t StringCount = 0;
874 uint64_t Offset;
875 unsigned Tag;
876 while ((StrpOffset = AccelSectionData.getU32(&HashDataOffset)) != 0) {
877 const uint32_t NumHashDataObjects =
878 AccelSectionData.getU32(&HashDataOffset);
879 for (uint32_t HashDataIdx = 0; HashDataIdx < NumHashDataObjects;
880 ++HashDataIdx) {
881 std::tie(Offset, Tag) = AccelTable.readAtoms(&HashDataOffset);
882 auto Die = DCtx.getDIEForOffset(Offset);
883 if (!Die) {
884 const uint32_t BucketIdx =
885 NumBuckets ? (Hash % NumBuckets) : UINT32_MAX;
886 StringOffset = StrpOffset;
887 const char *Name = StrData->getCStr(&StringOffset);
888 if (!Name)
889 Name = "<NULL>";
890
891 error() << format(
892 "%s Bucket[%d] Hash[%d] = 0x%08x "
893 "Str[%u] = 0x%08" PRIx64 " DIE[%d] = 0x%08" PRIx64 " "
894 "is not a valid DIE offset for \"%s\".\n",
895 SectionName, BucketIdx, HashIdx, Hash, StringCount, StrpOffset,
896 HashDataIdx, Offset, Name);
897
898 ++NumErrors;
899 continue;
900 }
901 if ((Tag != dwarf::DW_TAG_null) && (Die.getTag() != Tag)) {
902 error() << "Tag " << dwarf::TagString(Tag)
903 << " in accelerator table does not match Tag "
904 << dwarf::TagString(Die.getTag()) << " of DIE[" << HashDataIdx
905 << "].\n";
906 ++NumErrors;
907 }
908 }
909 ++StringCount;
910 }
911 }
912 return NumErrors;
913 }
914
915 unsigned
verifyDebugNamesCULists(const DWARFDebugNames & AccelTable)916 DWARFVerifier::verifyDebugNamesCULists(const DWARFDebugNames &AccelTable) {
917 // A map from CU offset to the (first) Name Index offset which claims to index
918 // this CU.
919 DenseMap<uint64_t, uint64_t> CUMap;
920 const uint64_t NotIndexed = std::numeric_limits<uint64_t>::max();
921
922 CUMap.reserve(DCtx.getNumCompileUnits());
923 for (const auto &CU : DCtx.compile_units())
924 CUMap[CU->getOffset()] = NotIndexed;
925
926 unsigned NumErrors = 0;
927 for (const DWARFDebugNames::NameIndex &NI : AccelTable) {
928 if (NI.getCUCount() == 0) {
929 error() << formatv("Name Index @ {0:x} does not index any CU\n",
930 NI.getUnitOffset());
931 ++NumErrors;
932 continue;
933 }
934 for (uint32_t CU = 0, End = NI.getCUCount(); CU < End; ++CU) {
935 uint64_t Offset = NI.getCUOffset(CU);
936 auto Iter = CUMap.find(Offset);
937
938 if (Iter == CUMap.end()) {
939 error() << formatv(
940 "Name Index @ {0:x} references a non-existing CU @ {1:x}\n",
941 NI.getUnitOffset(), Offset);
942 ++NumErrors;
943 continue;
944 }
945
946 if (Iter->second != NotIndexed) {
947 error() << formatv("Name Index @ {0:x} references a CU @ {1:x}, but "
948 "this CU is already indexed by Name Index @ {2:x}\n",
949 NI.getUnitOffset(), Offset, Iter->second);
950 continue;
951 }
952 Iter->second = NI.getUnitOffset();
953 }
954 }
955
956 for (const auto &KV : CUMap) {
957 if (KV.second == NotIndexed)
958 warn() << formatv("CU @ {0:x} not covered by any Name Index\n", KV.first);
959 }
960
961 return NumErrors;
962 }
963
964 unsigned
verifyNameIndexBuckets(const DWARFDebugNames::NameIndex & NI,const DataExtractor & StrData)965 DWARFVerifier::verifyNameIndexBuckets(const DWARFDebugNames::NameIndex &NI,
966 const DataExtractor &StrData) {
967 struct BucketInfo {
968 uint32_t Bucket;
969 uint32_t Index;
970
971 constexpr BucketInfo(uint32_t Bucket, uint32_t Index)
972 : Bucket(Bucket), Index(Index) {}
973 bool operator<(const BucketInfo &RHS) const { return Index < RHS.Index; }
974 };
975
976 uint32_t NumErrors = 0;
977 if (NI.getBucketCount() == 0) {
978 warn() << formatv("Name Index @ {0:x} does not contain a hash table.\n",
979 NI.getUnitOffset());
980 return NumErrors;
981 }
982
983 // Build up a list of (Bucket, Index) pairs. We use this later to verify that
984 // each Name is reachable from the appropriate bucket.
985 std::vector<BucketInfo> BucketStarts;
986 BucketStarts.reserve(NI.getBucketCount() + 1);
987 for (uint32_t Bucket = 0, End = NI.getBucketCount(); Bucket < End; ++Bucket) {
988 uint32_t Index = NI.getBucketArrayEntry(Bucket);
989 if (Index > NI.getNameCount()) {
990 error() << formatv("Bucket {0} of Name Index @ {1:x} contains invalid "
991 "value {2}. Valid range is [0, {3}].\n",
992 Bucket, NI.getUnitOffset(), Index, NI.getNameCount());
993 ++NumErrors;
994 continue;
995 }
996 if (Index > 0)
997 BucketStarts.emplace_back(Bucket, Index);
998 }
999
1000 // If there were any buckets with invalid values, skip further checks as they
1001 // will likely produce many errors which will only confuse the actual root
1002 // problem.
1003 if (NumErrors > 0)
1004 return NumErrors;
1005
1006 // Sort the list in the order of increasing "Index" entries.
1007 array_pod_sort(BucketStarts.begin(), BucketStarts.end());
1008
1009 // Insert a sentinel entry at the end, so we can check that the end of the
1010 // table is covered in the loop below.
1011 BucketStarts.emplace_back(NI.getBucketCount(), NI.getNameCount() + 1);
1012
1013 // Loop invariant: NextUncovered is the (1-based) index of the first Name
1014 // which is not reachable by any of the buckets we processed so far (and
1015 // hasn't been reported as uncovered).
1016 uint32_t NextUncovered = 1;
1017 for (const BucketInfo &B : BucketStarts) {
1018 // Under normal circumstances B.Index be equal to NextUncovered, but it can
1019 // be less if a bucket points to names which are already known to be in some
1020 // bucket we processed earlier. In that case, we won't trigger this error,
1021 // but report the mismatched hash value error instead. (We know the hash
1022 // will not match because we have already verified that the name's hash
1023 // puts it into the previous bucket.)
1024 if (B.Index > NextUncovered) {
1025 error() << formatv("Name Index @ {0:x}: Name table entries [{1}, {2}] "
1026 "are not covered by the hash table.\n",
1027 NI.getUnitOffset(), NextUncovered, B.Index - 1);
1028 ++NumErrors;
1029 }
1030 uint32_t Idx = B.Index;
1031
1032 // The rest of the checks apply only to non-sentinel entries.
1033 if (B.Bucket == NI.getBucketCount())
1034 break;
1035
1036 // This triggers if a non-empty bucket points to a name with a mismatched
1037 // hash. Clients are likely to interpret this as an empty bucket, because a
1038 // mismatched hash signals the end of a bucket, but if this is indeed an
1039 // empty bucket, the producer should have signalled this by marking the
1040 // bucket as empty.
1041 uint32_t FirstHash = NI.getHashArrayEntry(Idx);
1042 if (FirstHash % NI.getBucketCount() != B.Bucket) {
1043 error() << formatv(
1044 "Name Index @ {0:x}: Bucket {1} is not empty but points to a "
1045 "mismatched hash value {2:x} (belonging to bucket {3}).\n",
1046 NI.getUnitOffset(), B.Bucket, FirstHash,
1047 FirstHash % NI.getBucketCount());
1048 ++NumErrors;
1049 }
1050
1051 // This find the end of this bucket and also verifies that all the hashes in
1052 // this bucket are correct by comparing the stored hashes to the ones we
1053 // compute ourselves.
1054 while (Idx <= NI.getNameCount()) {
1055 uint32_t Hash = NI.getHashArrayEntry(Idx);
1056 if (Hash % NI.getBucketCount() != B.Bucket)
1057 break;
1058
1059 const char *Str = NI.getNameTableEntry(Idx).getString();
1060 if (caseFoldingDjbHash(Str) != Hash) {
1061 error() << formatv("Name Index @ {0:x}: String ({1}) at index {2} "
1062 "hashes to {3:x}, but "
1063 "the Name Index hash is {4:x}\n",
1064 NI.getUnitOffset(), Str, Idx,
1065 caseFoldingDjbHash(Str), Hash);
1066 ++NumErrors;
1067 }
1068
1069 ++Idx;
1070 }
1071 NextUncovered = std::max(NextUncovered, Idx);
1072 }
1073 return NumErrors;
1074 }
1075
verifyNameIndexAttribute(const DWARFDebugNames::NameIndex & NI,const DWARFDebugNames::Abbrev & Abbr,DWARFDebugNames::AttributeEncoding AttrEnc)1076 unsigned DWARFVerifier::verifyNameIndexAttribute(
1077 const DWARFDebugNames::NameIndex &NI, const DWARFDebugNames::Abbrev &Abbr,
1078 DWARFDebugNames::AttributeEncoding AttrEnc) {
1079 StringRef FormName = dwarf::FormEncodingString(AttrEnc.Form);
1080 if (FormName.empty()) {
1081 error() << formatv("NameIndex @ {0:x}: Abbreviation {1:x}: {2} uses an "
1082 "unknown form: {3}.\n",
1083 NI.getUnitOffset(), Abbr.Code, AttrEnc.Index,
1084 AttrEnc.Form);
1085 return 1;
1086 }
1087
1088 if (AttrEnc.Index == DW_IDX_type_hash) {
1089 if (AttrEnc.Form != dwarf::DW_FORM_data8) {
1090 error() << formatv(
1091 "NameIndex @ {0:x}: Abbreviation {1:x}: DW_IDX_type_hash "
1092 "uses an unexpected form {2} (should be {3}).\n",
1093 NI.getUnitOffset(), Abbr.Code, AttrEnc.Form, dwarf::DW_FORM_data8);
1094 return 1;
1095 }
1096 }
1097
1098 // A list of known index attributes and their expected form classes.
1099 // DW_IDX_type_hash is handled specially in the check above, as it has a
1100 // specific form (not just a form class) we should expect.
1101 struct FormClassTable {
1102 dwarf::Index Index;
1103 DWARFFormValue::FormClass Class;
1104 StringLiteral ClassName;
1105 };
1106 static constexpr FormClassTable Table[] = {
1107 {dwarf::DW_IDX_compile_unit, DWARFFormValue::FC_Constant, {"constant"}},
1108 {dwarf::DW_IDX_type_unit, DWARFFormValue::FC_Constant, {"constant"}},
1109 {dwarf::DW_IDX_die_offset, DWARFFormValue::FC_Reference, {"reference"}},
1110 {dwarf::DW_IDX_parent, DWARFFormValue::FC_Constant, {"constant"}},
1111 };
1112
1113 ArrayRef<FormClassTable> TableRef(Table);
1114 auto Iter = find_if(TableRef, [AttrEnc](const FormClassTable &T) {
1115 return T.Index == AttrEnc.Index;
1116 });
1117 if (Iter == TableRef.end()) {
1118 warn() << formatv("NameIndex @ {0:x}: Abbreviation {1:x} contains an "
1119 "unknown index attribute: {2}.\n",
1120 NI.getUnitOffset(), Abbr.Code, AttrEnc.Index);
1121 return 0;
1122 }
1123
1124 if (!DWARFFormValue(AttrEnc.Form).isFormClass(Iter->Class)) {
1125 error() << formatv("NameIndex @ {0:x}: Abbreviation {1:x}: {2} uses an "
1126 "unexpected form {3} (expected form class {4}).\n",
1127 NI.getUnitOffset(), Abbr.Code, AttrEnc.Index,
1128 AttrEnc.Form, Iter->ClassName);
1129 return 1;
1130 }
1131 return 0;
1132 }
1133
1134 unsigned
verifyNameIndexAbbrevs(const DWARFDebugNames::NameIndex & NI)1135 DWARFVerifier::verifyNameIndexAbbrevs(const DWARFDebugNames::NameIndex &NI) {
1136 if (NI.getLocalTUCount() + NI.getForeignTUCount() > 0) {
1137 warn() << formatv("Name Index @ {0:x}: Verifying indexes of type units is "
1138 "not currently supported.\n",
1139 NI.getUnitOffset());
1140 return 0;
1141 }
1142
1143 unsigned NumErrors = 0;
1144 for (const auto &Abbrev : NI.getAbbrevs()) {
1145 StringRef TagName = dwarf::TagString(Abbrev.Tag);
1146 if (TagName.empty()) {
1147 warn() << formatv("NameIndex @ {0:x}: Abbreviation {1:x} references an "
1148 "unknown tag: {2}.\n",
1149 NI.getUnitOffset(), Abbrev.Code, Abbrev.Tag);
1150 }
1151 SmallSet<unsigned, 5> Attributes;
1152 for (const auto &AttrEnc : Abbrev.Attributes) {
1153 if (!Attributes.insert(AttrEnc.Index).second) {
1154 error() << formatv("NameIndex @ {0:x}: Abbreviation {1:x} contains "
1155 "multiple {2} attributes.\n",
1156 NI.getUnitOffset(), Abbrev.Code, AttrEnc.Index);
1157 ++NumErrors;
1158 continue;
1159 }
1160 NumErrors += verifyNameIndexAttribute(NI, Abbrev, AttrEnc);
1161 }
1162
1163 if (NI.getCUCount() > 1 && !Attributes.count(dwarf::DW_IDX_compile_unit)) {
1164 error() << formatv("NameIndex @ {0:x}: Indexing multiple compile units "
1165 "and abbreviation {1:x} has no {2} attribute.\n",
1166 NI.getUnitOffset(), Abbrev.Code,
1167 dwarf::DW_IDX_compile_unit);
1168 ++NumErrors;
1169 }
1170 if (!Attributes.count(dwarf::DW_IDX_die_offset)) {
1171 error() << formatv(
1172 "NameIndex @ {0:x}: Abbreviation {1:x} has no {2} attribute.\n",
1173 NI.getUnitOffset(), Abbrev.Code, dwarf::DW_IDX_die_offset);
1174 ++NumErrors;
1175 }
1176 }
1177 return NumErrors;
1178 }
1179
getNames(const DWARFDie & DIE,bool IncludeLinkageName=true)1180 static SmallVector<StringRef, 2> getNames(const DWARFDie &DIE,
1181 bool IncludeLinkageName = true) {
1182 SmallVector<StringRef, 2> Result;
1183 if (const char *Str = DIE.getName(DINameKind::ShortName))
1184 Result.emplace_back(Str);
1185 else if (DIE.getTag() == dwarf::DW_TAG_namespace)
1186 Result.emplace_back("(anonymous namespace)");
1187
1188 if (IncludeLinkageName) {
1189 if (const char *Str = DIE.getName(DINameKind::LinkageName)) {
1190 if (Result.empty() || Result[0] != Str)
1191 Result.emplace_back(Str);
1192 }
1193 }
1194
1195 return Result;
1196 }
1197
verifyNameIndexEntries(const DWARFDebugNames::NameIndex & NI,const DWARFDebugNames::NameTableEntry & NTE)1198 unsigned DWARFVerifier::verifyNameIndexEntries(
1199 const DWARFDebugNames::NameIndex &NI,
1200 const DWARFDebugNames::NameTableEntry &NTE) {
1201 // Verifying type unit indexes not supported.
1202 if (NI.getLocalTUCount() + NI.getForeignTUCount() > 0)
1203 return 0;
1204
1205 const char *CStr = NTE.getString();
1206 if (!CStr) {
1207 error() << formatv(
1208 "Name Index @ {0:x}: Unable to get string associated with name {1}.\n",
1209 NI.getUnitOffset(), NTE.getIndex());
1210 return 1;
1211 }
1212 StringRef Str(CStr);
1213
1214 unsigned NumErrors = 0;
1215 unsigned NumEntries = 0;
1216 uint64_t EntryID = NTE.getEntryOffset();
1217 uint64_t NextEntryID = EntryID;
1218 Expected<DWARFDebugNames::Entry> EntryOr = NI.getEntry(&NextEntryID);
1219 for (; EntryOr; ++NumEntries, EntryID = NextEntryID,
1220 EntryOr = NI.getEntry(&NextEntryID)) {
1221 uint32_t CUIndex = *EntryOr->getCUIndex();
1222 if (CUIndex > NI.getCUCount()) {
1223 error() << formatv("Name Index @ {0:x}: Entry @ {1:x} contains an "
1224 "invalid CU index ({2}).\n",
1225 NI.getUnitOffset(), EntryID, CUIndex);
1226 ++NumErrors;
1227 continue;
1228 }
1229 uint64_t CUOffset = NI.getCUOffset(CUIndex);
1230 uint64_t DIEOffset = CUOffset + *EntryOr->getDIEUnitOffset();
1231 DWARFDie DIE = DCtx.getDIEForOffset(DIEOffset);
1232 if (!DIE) {
1233 error() << formatv("Name Index @ {0:x}: Entry @ {1:x} references a "
1234 "non-existing DIE @ {2:x}.\n",
1235 NI.getUnitOffset(), EntryID, DIEOffset);
1236 ++NumErrors;
1237 continue;
1238 }
1239 if (DIE.getDwarfUnit()->getOffset() != CUOffset) {
1240 error() << formatv("Name Index @ {0:x}: Entry @ {1:x}: mismatched CU of "
1241 "DIE @ {2:x}: index - {3:x}; debug_info - {4:x}.\n",
1242 NI.getUnitOffset(), EntryID, DIEOffset, CUOffset,
1243 DIE.getDwarfUnit()->getOffset());
1244 ++NumErrors;
1245 }
1246 if (DIE.getTag() != EntryOr->tag()) {
1247 error() << formatv("Name Index @ {0:x}: Entry @ {1:x}: mismatched Tag of "
1248 "DIE @ {2:x}: index - {3}; debug_info - {4}.\n",
1249 NI.getUnitOffset(), EntryID, DIEOffset, EntryOr->tag(),
1250 DIE.getTag());
1251 ++NumErrors;
1252 }
1253
1254 auto EntryNames = getNames(DIE);
1255 if (!is_contained(EntryNames, Str)) {
1256 error() << formatv("Name Index @ {0:x}: Entry @ {1:x}: mismatched Name "
1257 "of DIE @ {2:x}: index - {3}; debug_info - {4}.\n",
1258 NI.getUnitOffset(), EntryID, DIEOffset, Str,
1259 make_range(EntryNames.begin(), EntryNames.end()));
1260 ++NumErrors;
1261 }
1262 }
1263 handleAllErrors(EntryOr.takeError(),
1264 [&](const DWARFDebugNames::SentinelError &) {
1265 if (NumEntries > 0)
1266 return;
1267 error() << formatv("Name Index @ {0:x}: Name {1} ({2}) is "
1268 "not associated with any entries.\n",
1269 NI.getUnitOffset(), NTE.getIndex(), Str);
1270 ++NumErrors;
1271 },
1272 [&](const ErrorInfoBase &Info) {
1273 error()
1274 << formatv("Name Index @ {0:x}: Name {1} ({2}): {3}\n",
1275 NI.getUnitOffset(), NTE.getIndex(), Str,
1276 Info.message());
1277 ++NumErrors;
1278 });
1279 return NumErrors;
1280 }
1281
isVariableIndexable(const DWARFDie & Die,DWARFContext & DCtx)1282 static bool isVariableIndexable(const DWARFDie &Die, DWARFContext &DCtx) {
1283 Expected<std::vector<DWARFLocationExpression>> Loc =
1284 Die.getLocations(DW_AT_location);
1285 if (!Loc) {
1286 consumeError(Loc.takeError());
1287 return false;
1288 }
1289 DWARFUnit *U = Die.getDwarfUnit();
1290 for (const auto &Entry : *Loc) {
1291 DataExtractor Data(toStringRef(Entry.Expr), DCtx.isLittleEndian(),
1292 U->getAddressByteSize());
1293 DWARFExpression Expression(Data, U->getVersion(), U->getAddressByteSize());
1294 bool IsInteresting = any_of(Expression, [](DWARFExpression::Operation &Op) {
1295 return !Op.isError() && (Op.getCode() == DW_OP_addr ||
1296 Op.getCode() == DW_OP_form_tls_address ||
1297 Op.getCode() == DW_OP_GNU_push_tls_address);
1298 });
1299 if (IsInteresting)
1300 return true;
1301 }
1302 return false;
1303 }
1304
verifyNameIndexCompleteness(const DWARFDie & Die,const DWARFDebugNames::NameIndex & NI)1305 unsigned DWARFVerifier::verifyNameIndexCompleteness(
1306 const DWARFDie &Die, const DWARFDebugNames::NameIndex &NI) {
1307
1308 // First check, if the Die should be indexed. The code follows the DWARF v5
1309 // wording as closely as possible.
1310
1311 // "All non-defining declarations (that is, debugging information entries
1312 // with a DW_AT_declaration attribute) are excluded."
1313 if (Die.find(DW_AT_declaration))
1314 return 0;
1315
1316 // "DW_TAG_namespace debugging information entries without a DW_AT_name
1317 // attribute are included with the name “(anonymous namespace)”.
1318 // All other debugging information entries without a DW_AT_name attribute
1319 // are excluded."
1320 // "If a subprogram or inlined subroutine is included, and has a
1321 // DW_AT_linkage_name attribute, there will be an additional index entry for
1322 // the linkage name."
1323 auto IncludeLinkageName = Die.getTag() == DW_TAG_subprogram ||
1324 Die.getTag() == DW_TAG_inlined_subroutine;
1325 auto EntryNames = getNames(Die, IncludeLinkageName);
1326 if (EntryNames.empty())
1327 return 0;
1328
1329 // We deviate from the specification here, which says:
1330 // "The name index must contain an entry for each debugging information entry
1331 // that defines a named subprogram, label, variable, type, or namespace,
1332 // subject to ..."
1333 // Instead whitelisting all TAGs representing a "type" or a "subprogram", to
1334 // make sure we catch any missing items, we instead blacklist all TAGs that we
1335 // know shouldn't be indexed.
1336 switch (Die.getTag()) {
1337 // Compile units and modules have names but shouldn't be indexed.
1338 case DW_TAG_compile_unit:
1339 case DW_TAG_module:
1340 return 0;
1341
1342 // Function and template parameters are not globally visible, so we shouldn't
1343 // index them.
1344 case DW_TAG_formal_parameter:
1345 case DW_TAG_template_value_parameter:
1346 case DW_TAG_template_type_parameter:
1347 case DW_TAG_GNU_template_parameter_pack:
1348 case DW_TAG_GNU_template_template_param:
1349 return 0;
1350
1351 // Object members aren't globally visible.
1352 case DW_TAG_member:
1353 return 0;
1354
1355 // According to a strict reading of the specification, enumerators should not
1356 // be indexed (and LLVM currently does not do that). However, this causes
1357 // problems for the debuggers, so we may need to reconsider this.
1358 case DW_TAG_enumerator:
1359 return 0;
1360
1361 // Imported declarations should not be indexed according to the specification
1362 // and LLVM currently does not do that.
1363 case DW_TAG_imported_declaration:
1364 return 0;
1365
1366 // "DW_TAG_subprogram, DW_TAG_inlined_subroutine, and DW_TAG_label debugging
1367 // information entries without an address attribute (DW_AT_low_pc,
1368 // DW_AT_high_pc, DW_AT_ranges, or DW_AT_entry_pc) are excluded."
1369 case DW_TAG_subprogram:
1370 case DW_TAG_inlined_subroutine:
1371 case DW_TAG_label:
1372 if (Die.findRecursively(
1373 {DW_AT_low_pc, DW_AT_high_pc, DW_AT_ranges, DW_AT_entry_pc}))
1374 break;
1375 return 0;
1376
1377 // "DW_TAG_variable debugging information entries with a DW_AT_location
1378 // attribute that includes a DW_OP_addr or DW_OP_form_tls_address operator are
1379 // included; otherwise, they are excluded."
1380 //
1381 // LLVM extension: We also add DW_OP_GNU_push_tls_address to this list.
1382 case DW_TAG_variable:
1383 if (isVariableIndexable(Die, DCtx))
1384 break;
1385 return 0;
1386
1387 default:
1388 break;
1389 }
1390
1391 // Now we know that our Die should be present in the Index. Let's check if
1392 // that's the case.
1393 unsigned NumErrors = 0;
1394 uint64_t DieUnitOffset = Die.getOffset() - Die.getDwarfUnit()->getOffset();
1395 for (StringRef Name : EntryNames) {
1396 if (none_of(NI.equal_range(Name), [&](const DWARFDebugNames::Entry &E) {
1397 return E.getDIEUnitOffset() == DieUnitOffset;
1398 })) {
1399 error() << formatv("Name Index @ {0:x}: Entry for DIE @ {1:x} ({2}) with "
1400 "name {3} missing.\n",
1401 NI.getUnitOffset(), Die.getOffset(), Die.getTag(),
1402 Name);
1403 ++NumErrors;
1404 }
1405 }
1406 return NumErrors;
1407 }
1408
verifyDebugNames(const DWARFSection & AccelSection,const DataExtractor & StrData)1409 unsigned DWARFVerifier::verifyDebugNames(const DWARFSection &AccelSection,
1410 const DataExtractor &StrData) {
1411 unsigned NumErrors = 0;
1412 DWARFDataExtractor AccelSectionData(DCtx.getDWARFObj(), AccelSection,
1413 DCtx.isLittleEndian(), 0);
1414 DWARFDebugNames AccelTable(AccelSectionData, StrData);
1415
1416 OS << "Verifying .debug_names...\n";
1417
1418 // This verifies that we can read individual name indices and their
1419 // abbreviation tables.
1420 if (Error E = AccelTable.extract()) {
1421 error() << toString(std::move(E)) << '\n';
1422 return 1;
1423 }
1424
1425 NumErrors += verifyDebugNamesCULists(AccelTable);
1426 for (const auto &NI : AccelTable)
1427 NumErrors += verifyNameIndexBuckets(NI, StrData);
1428 for (const auto &NI : AccelTable)
1429 NumErrors += verifyNameIndexAbbrevs(NI);
1430
1431 // Don't attempt Entry validation if any of the previous checks found errors
1432 if (NumErrors > 0)
1433 return NumErrors;
1434 for (const auto &NI : AccelTable)
1435 for (DWARFDebugNames::NameTableEntry NTE : NI)
1436 NumErrors += verifyNameIndexEntries(NI, NTE);
1437
1438 if (NumErrors > 0)
1439 return NumErrors;
1440
1441 for (const std::unique_ptr<DWARFUnit> &U : DCtx.compile_units()) {
1442 if (const DWARFDebugNames::NameIndex *NI =
1443 AccelTable.getCUNameIndex(U->getOffset())) {
1444 auto *CU = cast<DWARFCompileUnit>(U.get());
1445 for (const DWARFDebugInfoEntry &Die : CU->dies())
1446 NumErrors += verifyNameIndexCompleteness(DWARFDie(CU, &Die), *NI);
1447 }
1448 }
1449 return NumErrors;
1450 }
1451
handleAccelTables()1452 bool DWARFVerifier::handleAccelTables() {
1453 const DWARFObject &D = DCtx.getDWARFObj();
1454 DataExtractor StrData(D.getStrSection(), DCtx.isLittleEndian(), 0);
1455 unsigned NumErrors = 0;
1456 if (!D.getAppleNamesSection().Data.empty())
1457 NumErrors += verifyAppleAccelTable(&D.getAppleNamesSection(), &StrData,
1458 ".apple_names");
1459 if (!D.getAppleTypesSection().Data.empty())
1460 NumErrors += verifyAppleAccelTable(&D.getAppleTypesSection(), &StrData,
1461 ".apple_types");
1462 if (!D.getAppleNamespacesSection().Data.empty())
1463 NumErrors += verifyAppleAccelTable(&D.getAppleNamespacesSection(), &StrData,
1464 ".apple_namespaces");
1465 if (!D.getAppleObjCSection().Data.empty())
1466 NumErrors += verifyAppleAccelTable(&D.getAppleObjCSection(), &StrData,
1467 ".apple_objc");
1468
1469 if (!D.getNamesSection().Data.empty())
1470 NumErrors += verifyDebugNames(D.getNamesSection(), StrData);
1471 return NumErrors == 0;
1472 }
1473
error() const1474 raw_ostream &DWARFVerifier::error() const { return WithColor::error(OS); }
1475
warn() const1476 raw_ostream &DWARFVerifier::warn() const { return WithColor::warning(OS); }
1477
note() const1478 raw_ostream &DWARFVerifier::note() const { return WithColor::note(OS); }
1479
dump(const DWARFDie & Die,unsigned indent) const1480 raw_ostream &DWARFVerifier::dump(const DWARFDie &Die, unsigned indent) const {
1481 Die.dump(OS, indent, DumpOpts);
1482 return OS;
1483 }
1484