Tip#57: Stack trace

Stack trace

When a program fails because of an assertion violation, segmentation fault or some other cause, the amount of information provided on most systems is fairly minimal.

One piece of information that I would like to see would be the stack trace (or call history) for the program. For instance, I'd like to see a message of the form:


	pc=0x4f1c09 int_stack.c: 53
	pc=0x40300e eval_expr.c: 1140
	pc=0x530ef7 parse_file.c: 5131
	pc=052d94de main.c: 1926
	assertion "len_int_stack(stack) > 0" failed: file int_stack.c, line 53

This immediately gives me some insight into what could be going wrong, and where to focus debugging.

Clearly, one could get the same information by rerunning the program under the debugger, and then asking for a stack-trace when the program fails. However:

Running the program under the debugger may perturb program behavior, and cause the bug to go away.
For large programs, just one extra run could take hours.
If there are multiple failures (say, we are running an overnight test-suite), this gives us some insight into whether they are likely to be caused by the same bug, or different ones.

When working on a large project, we build a module to dump the stack-trace for us. This is extremely system dependent, so I won't be able to give you an implementation. Instead, I shall describe the steps involved, and you will have to figure out how to do it in your environment.

Before we get into how to implement stack tracing, lets go over the stack organization of most systems.

A stack is a collection of stack-frames.
The top-most stack frame is pointed to by a register known as the stack-pointer
The top-most location in a stack-frame points to the top of the previous stack-frame. This is known as the back-chain.
The program-counter from which a function was called is stored in a location adjacent to top of the previous stack-frame, either just above it or just below it.
Actually, the value is usually the program counter value that the function is supposed to return to, but that is close enough.


			---------
	stack-pointer-->|   X   |
			|	|
			|	|
			|	|
			---------
		X    -->|   Y   |
			|  pc0  |
			|	|
			|	|
			---------
		Y    -->|   Z   |
			|  pc1  |
			|	|
			|	|
			---------
		Z    -->|   0   |
			|  pc2  |
			|	|
			|	|
			---------

The piece of ASCII art above indicates a possible stack. In this stack, there are 4 frames. The back-chain consists of X, Y, and Z. The function currently executing will return to pc0, which in turn returns to pc1, which in turn returns to pc2. pc2 is probably the system function that called main().

The steps involved in writing a stack trace module are:

First, you have to figure out the top-of-stack location. There are two cases: inside a signal handler, and inside a normal routine.
- If you are in a normal routine, then (on most systems) the value of the top-of-stack is contained in a the stack-pointer register. You can read it directly by writing some assembly code. If you call a function to dump the stack trace, you don't have to do anything special to find the pc of the failing routine; it will be in a lower stack-frame and be shown automatically.
- If you are in a signal handler, then your system may pass the handler a struct sigcontext argument. One of the fields of the structure will contain the actual top-of-stack. The structure will also contain the pc for the top-most routine.
Then you have to follow the back-chain, and find the program counters of each call point. As mentioned it is usually the value of top of frame +/- 4.
Finally, you have to map the program counter values to source file/line numbers. This is extremely system dependent. Generally, if there is a gdb port to the system I am working on, I look to see how gdb does it. Of course, if the environment you are working in is based on the GNU binutils, then you can use functions provided by libbfd.a. Look at:
- bfd_init(): to enable use of bfd.
- bfd_set_default_target(): to setup the target type.
- bfd_openr(): to open the executable.
- bfd_get_section_by_name(): to extract the ".text" section.
- bfd_find_nearest_line(): to map pc onto source name/line number.

Next Prev Main Top Feedback