在C中调用堆栈回溯

Question

I am trying to get call stack backtrace at my assert/exception handler. Can't include "execinfo.h" therefore can't use int backtrace(void **buffer, int size); . Also, tried to use __builtin_return_address() but acording to : http://codingrelic.geekhold.com/2009/05/pre-mortem-backtracing.html

... on some architectures, including my beloved MIPS, only __builtin_return_address(0) works.MIPS has no frame pointer, making it difficult to walk back up the stack. Frame 0 can use the return address register directly.

How can I reproduce full call stack backtrace?

Answer 1

I have successfully used the method described here , to get a call trace from stack on MIPS32.

You can then print out the call stack:

void *retaddrs[16];
int n, i;

n = get_call_stack_no_fp (retaddrs, 16);

printf ("CALL STACK: ");
for (i = 0; i < n; i++) {
    printf ("0x%08X ", (uintptr_t)retaddrs[i]);
}
printf ("\r\n");

... and if you have the ELF file, then use the addr2line to convert the return addresses to function names:

addr2line -a -f -p -e xxxxxxx.elf addr addr ...

There are of course many gotchas, when using a method like this, including interrupts and exception handlers or results of code optimization. But nevertheless, it might be helpful sometimes.

Answer 2

I have successfully used the method suggested by @Erki A and described here . Here is a short summary of the method:

The problem:
get a call stack without a frame pointer. Solution main idea: conclude from the assembly code what the debugger understood from debug info. The information we need: 1. Where the return address is kept. 2. What amount the stack pointer is decremented.

To reproduce the whole stack trace one need to:

 1. Get the current $sp and $ra 
 2. Scan towards the beginning of the function and look for "addui 
    sp,sp,spofft" command (spofft<0) 
 3. Reprodece prev. $sp (sp- spofft) 
 4. Scan forward and look for "sw r31,raofft(sp)" 
 5. Prev. return address stored at [sp+ raofft] 

Above I described one iteration. You stop when the $ra is 0. How to get the first $ra?

 __builtin_return_address(0) 

How to get the first $sp?

 register unsigned sp asm("29");
 asm("" : "=r" (sp));

***Since most of my files compiled with micro-mips optimisation I had to deal with micro-mips-ISA. A lot of issues arose when I tried to analyze code that compiled with microMips optimization(remember that the goal at each step is to reproduce prev. ra and prev. sp): It makes things a bit more complicated:

 1. ra ($31) register contain unaligned return address.
    You may find more information at Linked questions.
    The unaligned ra helps you understand that you run over different 
    ISA(micro-mips-isa) 
 2. There are functions that do not move the sp. You can find more           
    information [here][3].
    (If a "leaf" function only modifies the temporary registers and returns 
    to a return statement in its caller's code, then there is no need for 
    $ra to be changed, and there is no need for a stack frame for that 
    function.)
 3. Functions that do not store the ra 
 4. MicroMips instructions can be both - 16bit and 32bit: run over the 
    commnds using unsinged short*.
 5. There are functions that perform "addiu sp, sp, spofft" more than once
 6. micro-mips-isa has couple variations for the same command
    for example: addiu,addiusp.

I have decided to ignore part of the issues and that is why it works for 95% of the cases.