<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Aarch64 machine outliner results in imprecise stacktraces for outlined function calls"

   href="https://bugs.llvm.org/show_bug.cgi?id=43914">43914</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Aarch64 machine outliner results in imprecise stacktraces for outlined function calls

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>tools

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>8.0

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>llc

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>shuralnik@snapchat.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=22774" name="attach_22774" title="Sample program">attachment 22774</a> <a href="attachment.cgi?id=22774&action=edit" title="Sample program">[details]</a></span>

Sample program

In some cases symbolication of stacktraces that contain locations of `bl

<OUTLINED_FUNCTION_xyz>` may incorrectly represent execution state.

Sample code is attached. I was using llvm toolchain from Android NDK r21 Beta

1.

Build command:

$

$ANDROID_NDK_R21/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android21-clang++

-shared -std=c++1z -flto -O2 -fuse-ld=lld -Wl,-mllvm

-Wl,-enable-machine-outliner=always -g outline.cc

Here is a piece of disassembled code for just built shared library:

 ...

000000000000128c <_Z3fooiii>:

    128c:       d10143ff        sub     sp, sp, #0x50

 ...

    12dc:       f9400ff3        ldr     x19, [sp,#24]

    12e0:       b24002c8        orr     x8, x22, #0x1

    12e4:       9400002a        bl      138c <OUTLINED_FUNCTION_0>

    12e8:       36000054        tbz     w20, #0, 12f0 <_Z3fooiii+0x64>

 ...

000000000000138c <OUTLINED_FUNCTION_0>:

    138c:       7200029f        tst     w20, #0x1

    1390:       9a930100        csel    x0, x8, x19, eq

    1394:       1400001f        b       1410 <puts@plt>

The OUTLINED_FUNCTION_0 basically performs some piece of std::string::c_str()

work and call to puts(). As result symbolicated address for a call to this

outlined function is next:

$ llvm-symbolizer-8 -e a.out 

0x12e4

std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>,

std::__ndk1::allocator<char> >::__get_pointer() const

/home/serhiihuralnik/tools/android-ndk-r21/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include/c++/v1/string:1514:17

std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>,

std::__ndk1::allocator<char> >::data() const

/home/serhiihuralnik/tools/android-ndk-r21/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include/c++/v1/string:1242:0

std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>,

std::__ndk1::allocator<char> >::c_str() const

/home/serhiihuralnik/tools/android-ndk-r21/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include/c++/v1/string:1240:0

foo(int, int, int)

/home/serhiihuralnik/outline.cc:39:0

so far everything looks ok, but if we consider a complete stacktrace, with a

puts() frame above our code it becomes next:

#0 puts()

#1 __get_pointer()

#2 data()

and so on, which is read exactly like "__get_pointer() calls puts()

immediately". It is a nonsense of course. And also note that there is no frame

that corresponds to outlined function because is does a tail call.

Final result is that presence of a call to outlined function obscures an actual

location of where puts() is called from in terms of source code. 

This situation hurts debugging experience. Though in this particular example it

is easy to reconstruct proper stacktrace but in more complex scenarios (perhaps

with more complex outlined functions) this may be troublesome to manage

stacktraces that involve outlined code, making it harder to say to analyse

crashes where developer has no chances to reproduce issue by tracing it with

debugger.

As I understand a problem has two components:

 - the fact that outlined function may be used from different contexts where

the same instructions would map to different source code locations with no

clear way to encode all mappings and "mapping selectors" via DWARF

 - usage of tail calls in outlined functions, which hides this code from

unwinders

Is there any ways to improve such stacktraces except of turning outliner off?</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>