CN103559123A - Function call stack analyzing method and device based on VxWorks operation system - Google Patents

Abstract

The invention discloses a function call stack analyzing method and device based on a VxWorks operation system and relates to the field of function call stack analyzing. The method includes the following steps that a main machine requests for TCB information of a task t1 from a target machine, and the target machine returns the TCB information of the task t1; the main machine obtains stack point (SP) value, program counter (PC) value and return address (RA) value from the returned TCB information, the main machine requests for information of stack space from the target machine according to the SP value and stack bottom information, and the target machine returns corresponding stack information; the main machine conducts function call stack analyzing according to the TCB information of the target machine, information of the stack space and disassembling files. A function name of a local function can be analyzed, a first command of a function of the PC value is found conveniently, function call stack analyzing can be conducted under the situation of no feature command, and meanwhile, the method and device is not subjected to limit of resources of the target machine, provides complete function call stack and is favorable for locating faults and abnormity.

Description

Function call stack analytical approach and device based on vxworks operating system

Technical field

The present invention relates to function call stack analysis field, particularly relate to a kind of function call stack analytical approach and device based on vxworks operating system.

Background technology

In computer science, stack is defined as a special container, and its rule of observing is to pop after first stacked data.User can be pressed into data in stack, stacked, also the data that are pressed in stack can be ejected, and pops.Stack has a very important status program is in service, most important, stack has been preserved a needed maintenance information of function call, and this is usually called as stack frame, the stack frame of a function takies a continuous region, and each stack frame is corresponding to a function that does not complete operation.When function starts, corresponding stack frame has intactly been set up; When function exits, this function stack frame will be destroyed.Because function call is normally nested, therefore at synchronization, in stack, have the stack frame information of a plurality of functions, call stack is exactly that the stack frame being used by a plurality of nesting allocation functions forms.

Call stack has embodied function calling relationship, is also a function call chain.For example, function f ₁call function f ₂, function f ₂call function f ₃, f ₁→ f ₂→ f ₃it is exactly a call stack.Wherein for function f ₁call function f ₂, f ₁for caller, f ₂for callee.In actual running software, to the call relation between another function, may there is the multiple situation of calling in a function, this call stack can not pre-determine, therefore when program occurs extremely, mistake detected or interrupted by breakpoint, need to check the call stack of current function, to determine the abnormal scene occurring.This is also a common method of software debugging.

Below with the MIPS(Microprocessor without interlocked piped stages of 32, microprocessor without inner interlocked pipelining-stage) system is example, the ultimate principle that prior art function call stack is analyzed is described, the function call stack analytical approach of other system is also similar.MIPS has 32 general-purpose registers, SP(Stack Pointer wherein, stack pointer) register, RA(Return Address, return address) register and PC(Program Counter, programmable counter) register playing the part of important role.In order to narrate conveniently, the content in SP register, RA register, PC register is called SP value, RA value, PC value in the present invention.Because the moment that MIPS conventionally only enters and exits at function is just adjusted SP value, therefore the ultimate principle of MIPS minor function call stack analysis is: the code command on evaluating objects machine, obtain SP value, PC value and the RA value of current task, the instruction address starting from PC value is scan instruction forward, until search the feature instruction of function entrance, determine the stack frame sign of function, calculate thus the stack pointer of caller.Search for RA value and the RA access instruction on stack simultaneously, analyze the return address of callee, thus the address that obtains caller.Obtain by that analogy the function call chain that current task is complete.For each function address, search the symbol table in kernel, thereby obtain the title of function.

General debugger can provide the instrument of checking function call stack.For example, under VxWorks system, can pass through an order: display a stack trace of a task(shows the stack trace of a task), hereinafter referred tt order, check the function call stack of task, this order can run directly on target machine, and other system also has similar debug command.

But may there is following problem in these debug commands:

(1) symbol table of VxWorks is dynamically to exist in system, and what VxWorks image file loaded conventionally is globak symbol, and local symbol does not load.When call stack is analyzed, the function name parsing is overall situation function name, can not parse local function name, its local function name adds that by overall situation function name address offset identifies, therefore, while utilizing the program of tt order operation function call stack analysis on VxWorks target machine, cannot provide accurately the function name of local function.

(2), in prior art, on target machine, by PC value, search the method for article one instruction of function under PC more loaded down with trivial details, simultaneously or insecure, because its supposed premise is to also have function before this function.

(3) call stack analysis depends on feature instruction, for example: under MIPS system, embedded assembly subroutine may not have the explicit stack instruction that enters, cannot carry out the analysis of call stack or the content of analysis is incorrect.

(4) order of call stack analysis mostly operates on target machine, in embedded system, resource-constrained due to target machine, the function call degree of depth big or small and that can follow the tracks of to the single function that can follow the tracks of is all restricted, therefore when function size has surpassed the instruction length of following the tracks of of systemic presupposition, or when the degree of depth of function call has surpassed the degree of depth of systemic presupposition, the function call stack information of obtaining is imperfect.

Summary of the invention

The object of the invention is in order to overcome the deficiency of above-mentioned background technology, a kind of function call stack analytical approach and device based on vxworks operating system is provided, can parse the function name of local function, find easily article one instruction of the affiliated function of PC value, there is no feature instruction for example under the explicit scene that enters stack instruction, also can carry out the analysis of function call stack, can also not be subject to the restriction of target machine resource simultaneously, complete function call stack is provided, is conducive to locate fault and abnormal.

The invention provides a kind of function call stack analytical approach based on vxworks operating system, comprise the following steps:

S1, on main frame, input the carried out link form ELF file of the VxWorks reflection of the current operation of target machine, the while generates the symbol table file of image file on main frame;

The task that S2, supposition need to be carried out the analysis of function call stack is t1, and main frame issues request command to target machine: suspended task t1, and target machine is carried out this order;

S3, main frame are to the task control block (TCB) TCB information of target machine request task t1, and target machine returns to the TCB information of task t1, at the bottom of comprising general-purpose register information, stack and stack size;

S4, main frame get stack pointer SP value, PC value of program counter, return address RA value from the TCB information of returning, what without the microprocessor MIPS stack space of inner interlocked pipelining-stage, adopt is the mode increasing downwards, at the bottom of stack at high address, during operation, SP value is exactly the stack pointer of current function, what its pointed to is the position of stack top, stored content and deposit order and defined by the calling convention of complex framework in each stack frame; Current SP value is the SP value that program runs to current state, and the SP value of function entrance point is the SP value when entering this function and also not carrying out the instruction of function article one;

S5, main frame according to SP value and stack at the bottom of information to the information of target machine request stack space, the stack information of asking is SP value stack top pointed to the memory headroom information between at the bottom of stack, target machine returns to corresponding stack information;

S6, main frame are according to the TCB information of target machine, and the information of stack space and dis-assembling file, carry out the analysis of function call stack;

S7, main frame issue request command to target machine: recovery need to be carried out the task t1 of function call stack analysis, and target machine is carried out this order.

On the basis of technique scheme, function call stack analysis in step S6 is the process of a recurrence, while carrying out the analysis of top-level function call stack, PC value and SP value are respectively PC value and the SP value in the TCB information that target machine returns, in follow-up recursive procedure, the analysis of every one deck depends on new PC value and the SP value that last layer generates, until at the bottom of SP value arrival stack.

On the basis of technique scheme, the function call stack analytic process in step S6 is as follows:

Step 601, judge whether SP value arrives stack at the bottom of, if so, forward step 602 to; If not, forward step 603 to;

Step 602, be connected in series the function f unc formation function call chain under every one deck PC value, finish;

Step 603, function address and function name according to PC value under searching, concrete search procedure is: in symbol table file, search address and be no more than and approach most PC value function address and function name, this function is designated as to func; Forward step 604 to;

Step 604, utilize existing instrument to obtain the assembly instruction of function f unc, forward step 605 to;

Step 605, obtain the SP value of function f unc entrance and the return address of function f unc, and calculate new PC value and SP value, wherein new PC value is that the return address RA value of function f unc is through the value after calculating, the return address of function f unc is the caller address of function f unc, and new SP value is the SP value of function f unc entrance; Return to step 601.

On the basis of technique scheme, step 605 specifically comprises the following steps:

Step 6051, from article one instruction of function, scan one by one every instruction;

Whether the present instruction that step 6052, judgement scan meets one of four kinds of situations below:

(a) the stacked adjustment instruction of SP;

(b) RA holding instruction on stack;

(c) recovery instruction or the register jump instruction of RA on stack;

(d) the SP adjustment instruction of popping;

If meet, forward step 6053 to; If do not met, be other instruction, forward step 6055 to;

Step 6053, according to above-mentioned four kinds of situations and current the scanned address of present instruction and the magnitude relationship of PC value, the SP value of computing function entrance or obtain function RA value respectively:

(a) the stacked adjustment instruction of SP:

The size of computing function stack frame, address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value: the size of the SP value of function entrance point=current SP value+function stack frame; Otherwise, the SP value of function entrance point=current SP value;

(b) RA holding instruction on stack:

Address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value,: the RA value on function RA value=stack, is about to current SP value and adds that the offset address of relative SP value in instruction is as the preservation address of RA, thereby obtain RA value; Otherwise, the RA value in function RA value=current TCB information;

(c) recovery instruction or the register jump instruction of RA on stack:

Address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value: the RA value in function RA value=current TCB information; Otherwise the RA value on function RA value=stack, is about to current SP value and adds that the offset address of relative SP value in instruction is as the preservation address of RA, thereby obtain RA value;

(d) the SP adjustment instruction of popping:

The size of computing function stack frame compares address and the PC value of scanned present instruction simultaneously, if the address of the present instruction scanning is less than PC value: the SP value of function entrance point=current SP value; Otherwise, the size of the SP value of function entrance point=current SP value+function stack frame;

Step 6054, judge whether to get SP value and the function RA value of function entrance point, if meet, forward step 6056 to, otherwise, go to step 6055;

Step 6055, continuation scan until the instruction scan of function f unc finishes next instruction.

Step 6056, using the return address of function, be RA value after calculating as new PC value, in MIPS system, RA value is deducted 8 rear as new PC value, using the SP value of function f unc entrance as new SP value.

On the basis of technique scheme, in step 6052, the implication of Partial Feature instruction is as follows:

Shape is as addiu sp, sp, the instruction of x is that SP value is adjusted instruction, it is exactly the size of function stack frame that the value of x is carried out after sign extended, when x is negative value, this instruction represents the stacked adjustment instruction of SP, x be on the occasion of time, this instruction represents the SP adjustment instruction of popping;

Shape is as sw $ ra, and the instruction of x ($ sp) is RA holding instruction on stack, for the content of RA register is saved in to stack;

Shape is as lw $ ra, and the instruction of x ($ sp) is the recovery instruction of RA on stack, for by the content recovery of preserving on stack to RA register;

Shape as the instruction of jr $ ra be register jump instruction, function returns by this instruction and completes.

The present invention also provides a kind of function call stack analytical equipment based on vxworks operating system, comprises main frame and target machine, and main frame sends operational order to target machine, analyzes data and shows result data; Target machine is carried out the operational order of main frame and is returned to actual running status;

On main frame, input the link the carried out form ELF file of the VxWorks reflection of the current operation of target machine, on main frame, generate the symbol table file of image file simultaneously;

Suppose that the task of need to carry out the analysis of function call stack is t1, main frame issues request command to target machine: suspended task t1, and target machine is carried out this order;

Main frame is to the task control block (TCB) TCB information of target machine request task t1, and target machine returns to the TCB information of task t1, at the bottom of comprising general-purpose register information, stack and stack size;

Main frame gets stack pointer SP value, PC value of program counter, return address RA value from the TCB information of returning, what without the microprocessor MIPS stack space of inner interlocked pipelining-stage, adopt is the mode increasing downwards, at the bottom of stack at high address, during operation, SP value is exactly the stack pointer of current function, what its pointed to is the position of stack top, stored content and deposit order and defined by the calling convention of complex framework in each stack frame; Current SP value is the SP value that program runs to current state, and the SP value of function entrance point is the SP value when entering this function and also not carrying out the instruction of function article one;

Main frame according to SP value and stack at the bottom of information to the information of target machine request stack space, the stack information of asking is SP value stack top pointed to the memory headroom information between at the bottom of stack, target machine returns to corresponding stack information;

Main frame is according to the TCB information of target machine, and the information of stack space and dis-assembling file, carry out the analysis of function call stack;

Main frame issues request command to target machine: recovery need to be carried out the task t1 of function call stack analysis, and target machine is carried out this order.

On the basis of technique scheme, the analysis of described function call stack is the process of a recurrence, while carrying out the analysis of top-level function call stack, PC value and SP value are respectively PC value and the SP value in the TCB information that target machine returns, in follow-up recursive procedure, the analysis of every one deck depends on new PC value and the SP value that last layer generates, until at the bottom of SP value arrival stack.

On the basis of technique scheme, described function call stack analytic process is as follows:

Step 601, judge whether SP value arrives stack at the bottom of, if so, forward step 602 to; If not, forward step 603 to;

Step 602, be connected in series the function f unc formation function call chain under every one deck PC value, finish;

Step 603, function address and function name according to PC value under searching, concrete search procedure is: in symbol table file, search address and be no more than and approach most PC value function address and function name, this function is designated as to func; Forward step 604 to;

Step 604, utilize existing instrument to obtain the assembly instruction of function f unc, forward step 605 to;

Step 605, obtain the SP value of function f unc entrance and the return address of function f unc, and calculate new PC value and SP value, wherein new PC value is that the return address RA value of function f unc is through the value after calculating, the return address of function f unc is the caller address of function f unc, and new SP value is the SP value of function f unc entrance; Return to step 601.

On the basis of technique scheme, step 605 specifically comprises the following steps:

Step 6051, from article one instruction of function, scan one by one every instruction;

Whether the present instruction that step 6052, judgement scan meets one of four kinds of situations below:

(a) the stacked adjustment instruction of SP;

(b) RA holding instruction on stack;

(c) recovery instruction or the register jump instruction of RA on stack;

(d) the SP adjustment instruction of popping;

If meet, forward step 6053 to; If do not met, be other instruction, forward step 6055 to;

Step 6053, according to above-mentioned four kinds of situations and current the scanned address of present instruction and the magnitude relationship of PC value, the SP value of computing function entrance or obtain function RA value respectively:

(a) the stacked adjustment instruction of SP:

The size of computing function stack frame, address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value: the size of the SP value of function entrance point=current SP value+function stack frame; Otherwise, the SP value of function entrance point=current SP value;

(b) RA holding instruction on stack:

Address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value,: the RA value on function RA value=stack, is about to current SP value and adds that the offset address of relative SP value in instruction is as the preservation address of RA, thereby obtain RA value; Otherwise, the RA value in function RA value=current TCB information;

(c) recovery instruction or the register jump instruction of RA on stack:

Address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value: the RA value in function RA value=current TCB information; Otherwise the RA value on function RA value=stack, is about to current SP value and adds that the offset address of relative SP value in instruction is as the preservation address of RA, thereby obtain RA value;

(d) the SP adjustment instruction of popping:

The size of computing function stack frame compares address and the PC value of scanned present instruction simultaneously, if the address of the present instruction scanning is less than PC value: the SP value of function entrance point=current SP value; Otherwise, the size of the SP value of function entrance point=current SP value+function stack frame;

Step 6054, judge whether to get SP value and the function RA value of function entrance point, if meet, forward step 6056 to, otherwise, go to step 6055;

Step 6055, continuation scan until the instruction scan of function f unc finishes next instruction.

Step 6056, using the return address of function, be RA value after calculating as new PC value, in MIPS system, RA value is deducted 8 rear as new PC value, using the SP value of function f unc entrance as new SP value.

On the basis of technique scheme, in step 6052, the implication of Partial Feature instruction is as follows:

Shape is as addiu sp, sp, the instruction of x is that SP value is adjusted instruction, it is exactly the size of function stack frame that the value of x is carried out after sign extended, when x is negative value, this instruction represents the stacked adjustment instruction of SP, x be on the occasion of time, this instruction represents the SP adjustment instruction of popping;

Shape is as sw $ ra, and the instruction of x ($ sp) is RA holding instruction on stack, for the content of RA register is saved in to stack;

Shape is as lw $ ra, and the instruction of x ($ sp) is the recovery instruction of RA on stack, for by the content recovery of preserving on stack to RA register;

Shape as the instruction of jr $ ra be register jump instruction, function returns by this instruction and completes.

Compared with prior art, advantage of the present invention is as follows:

(1) the present invention utilizes the image file of compiling to parse the function name of local function, accurately searches globak symbol and local symbol, i.e. overall situation function name and local function name.

(2) PC value corresponding to the present invention searched the function address that address was no more than and approached most PC value in symbol table file, gets article one instruction address of the affiliated function of PC register.Because main frame can be checked ELF(Executable and Linkable Format by instrument, can carry out link form) symbol table of file, therefore can obtain function address more accurately.

(3) the present invention is when carrying out the instruction scan of function call stack while analyzing, no matter more whether this instruction and PC value are performed all scanning searches downwards to characteristic of correspondence instruction, thereby obtain the stack frame sign of function, the SP value of computing function entrance thus, there is no feature instruction for example under the explicit scene that enters stack instruction, also can carry out the analysis of function call stack.

(4) the present invention is in the analysis of the enterprising line function call stack of main frame, compare target machine, its resource is unconfined, comprise the size of the single function that can follow the tracks of and the function call degree of depth that can follow the tracks of, therefore can not be subject to the restriction of target machine resource, complete function call stack is provided, is conducive to locate fault and abnormal.

Accompanying drawing explanation

Fig. 1 is the mutual schematic diagram between main frame and target machine in the embodiment of the present invention.

Fig. 2 is the structural representation of the stack frame of MIPS system minor function.

Fig. 3 is the recursive procedure process flow diagram that in the embodiment of the present invention, function call stack is analyzed.

Fig. 4 is the process flow diagram that in the recursive procedure of function call stack analysis in the embodiment of the present invention, each level calculates new PC value and SP value.

Embodiment

Below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.

The embodiment of the present invention provides a kind of function call stack analytical equipment based on vxworks operating system, comprises main frame and target machine, and main frame is generally PC, is mainly used to send operational order to target machine, analyzes data and shows result data; Target machine is mainly used to carry out the operational order of main frame and returns to actual running status.

Shown in Figure 1, the embodiment of the present invention provides a kind of function call stack analytical approach based on vxworks operating system, comprises the following steps:

S1, on main frame, input the ELF file of the VxWorks reflection of the current operation of target machine, utilize existing instrument on main frame, to generate the symbol table file of image file simultaneously.

The task that S2, supposition need to be carried out the analysis of function call stack is t1, and main frame issues request command to target machine: suspended task t1, target machine is carried out this order.

S3, main frame are to the TCB(Task Control Block of target machine request task t1, task control block (TCB)) information, target machine returns to the TCB information of task t1, at the bottom of comprising general-purpose register information, stack and the information such as stack size.

S4, main frame get the value of the general-purpose registers such as SP value, PC value, RA value from the TCB information of returning.Fig. 2 shows typical MIPS stack frame organizational form, and what MIPS stack space adopted is the mode increasing downwards, and at the bottom of stack, at high address, during operation, SP value is exactly the stack pointer of current function (callee), and what it pointed to is the position of stack top.Stored content and deposit order and defined by the calling convention of complex framework in each stack frame.In Fig. 2, the stack frame of current function represents this function self stack space used, and the region of its top belongs to caller.Region in stack frame is all optional.General-purpose register is generally preserved RA, GP(Global Pointer, global pointer as required), FP(Frame Pointer, frame pointer) etc. the register information of caller.Generally, the moment that MIPS system only enters and exits at function is just adjusted SP value.Current SP value is the SP value that program runs to current state, and the SP value of function entrance point is the SP value when entering this function and also not carrying out the instruction of function article one.

S5, main frame according to SP value and stack at the bottom of information to the information of target machine request stack space, the stack information of asking is SP value stack top pointed to the memory headroom information between at the bottom of stack, target machine returns to corresponding stack information.

S6, main frame are according to the TCB information of target machine, and the information of stack space and dis-assembling file, carry out the analysis of function call stack according to the method shown in Fig. 3.

S7, main frame issue request command to target machine: recovery need to be carried out the task t1 of function call stack analysis, and target machine is carried out this order.

Function call stack analysis in step S6 is the process of a recurrence, while carrying out the analysis of top-level function call stack, PC value and SP value are respectively PC value and the SP value in the TCB information that target machine returns, in follow-up recursive procedure, the analysis of every one deck depends on new PC value and the SP value that last layer generates, until at the bottom of SP value arrival stack.

Shown in Figure 3, the function call stack analytic process in step S6 is as follows:

Step 601, judge whether SP value arrives stack at the bottom of, if so, forward step 602 to; If not, forward step 603 to;

Step 602, be connected in series the function f unc formation function call chain under every one deck PC value, finish;

Step 603, function address and function name according to PC value under searching, concrete search procedure is: in symbol table file, search address and be no more than and approach most PC value function address and function name, this function is designated as to func; Forward step 604 to;

Step 604, utilize existing instrument to obtain the assembly instruction of function f unc, forward step 605 to;

Step 605, obtain the SP value of function f unc entrance and the return address of function f unc, and calculate new PC value and SP value, the value of the return address (being RA value) that wherein new PC value is function f unc after calculating, the return address of function f unc is the caller address of function f unc, and new SP value is the SP value of function f unc entrance; Return to step 601;

Shown in Figure 4, step 605 specifically comprises the following steps:

Step 6051, from article one instruction of function, scan one by one every instruction;

Whether the present instruction that step 6052, judgement scan meets one of four kinds of situations below:

(a) the stacked adjustment instruction of SP;

(b) RA holding instruction on stack;

(c) recovery instruction or the register jump instruction of RA on stack;

(d) the SP adjustment instruction of popping;

If meet, forward step 6053 to; If do not met, be other instruction, forward step 6055 to;

Step 6053, according to above-mentioned four kinds of situations and current the scanned address of present instruction and the magnitude relationship of PC value, the SP value of computing function entrance or obtain function RA value respectively:

(a) the stacked adjustment instruction of SP:

The size of computing function stack frame, address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value: the size of the SP value of function entrance point=current SP value+function stack frame; Otherwise, the SP value of function entrance point=current SP value;

(b) RA holding instruction on stack:

Address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value,: the RA value on function RA value=stack, is about to current SP value and adds that the offset address of relative SP value in instruction is as the preservation address of RA, thereby obtain RA value; Otherwise, the RA value in function RA value=current TCB information;

(c) recovery instruction or the register jump instruction of RA on stack:

Address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value: the RA value in function RA value=current TCB information; Otherwise the RA value on function RA value=stack, is about to current SP value and adds that the offset address of relative SP value in instruction is as the preservation address of RA, thereby obtain RA value;

(d) the SP adjustment instruction of popping:

The size of computing function stack frame compares address and the PC value of scanned present instruction simultaneously, if the address of the present instruction scanning is less than PC value: the SP value of function entrance point=current SP value; Otherwise, the size of the SP value of function entrance point=current SP value+function stack frame;

Step 6054, judge whether to get SP value and the function RA value of function entrance point, if meet, forward step 6056 to, otherwise, go to step 6055;

Step 6055, continuation scan until the instruction scan of function f unc finishes next instruction.

Step 6056, using the return address of function, be RA value after calculating as new PC value, in MIPS system, RA value need to be deducted 8 rear as new PC value, using the SP value of function f unc entrance as new SP value;

For description of step 6052 in further detail, the implication of supplementary notes Partial Feature instruction:

Shape is as addiu $ sp, $ sp, and the instruction of x is that SP value is adjusted instruction, it is exactly the size of function stack frame that the value of common x is carried out after sign extended, when x is negative value, and the stacked adjustment instruction of this instruction ordinary representation SP, x be on the occasion of time, this instruction ordinary representation SP adjustment instruction of popping;

Shape is as sw $ ra, and the instruction of x ($ sp) is RA holding instruction on stack, for the content of RA register is saved in to stack;

Shape is as lw $ ra, and the such instruction of x ($ sp) is the recovery instruction of RA on stack, for by the content recovery of preserving on stack to RA register;

Shape as the instruction of jr $ ra be register jump instruction, general function returns by this instruction and completes.

The embodiment of the present invention is divided into four kinds of scenes below by the assembly instruction of function and describes, and in each scene, every assembly instruction is arranged from left to right and is followed successively by instruction address, instruction binary code, pseudoinstruction.

(1) entrance and exit at function all has explicit SP adjustment instruction and the access instruction of RA on stack, and assembly instruction is as follows:

80a79a64: 27bdffb8 addiu $sp,$sp,-72

……

80a79a7c: afbf0030 sw $ra,48($sp)

……

80a79cd0: 8fbf0030 lw $ra,48($sp)

……

80a79ce8: 03e00008 jr $ra

80a79cec: 27bd0048 addiu $sp,$sp,72

(2) only in the outlet of function, there is explicit SP and adjust instruction, embedded assembly subroutine under MIPS system for example, assembly instruction is as follows:

8099c094: 40886000 mtc0 $t0,$12

8099c098: 000000c0 sll $zero,$zero,0x3

……

8099c0d0: 8fbf0018 lw $ra,24($sp)

8099c0d4: 03e00008 jr $ra

8099c0d8: 27bd0020 addiu $sp,$sp,32

(3) only at the entrance of function, there is explicit SP and adjust instruction.For example, when function body is infinite loop, assembly instruction is as follows:

8086c534: 27bdffc8 addiu $sp,$sp,-56

8086c538: afbf0034 sw $ra,52($sp)

……

8086c550: 27c20018 addiu $v0,$s8,24

……

8086c844: 0821b154 j 8086c550

8086c848: 00000000 nop

(4) entrance and exit at function does not all have explicit SP to adjust instruction.For example:

……

80101770: 03e00008 jr $ra

……

The principle of the embodiment of the present invention is elaborated as follows:

The embodiment of the present invention has been introduced the use of main frame, originally the call stack routine analyzer moving on target machine is moved on main frame and moved, the analysis that TCB information and the stack information of main frame by current operation on static analysis ELF file and Dynamic Acquisition target machine completes function call stack.The method is applicable to the executable file generating by static linkage mode under vxworks operating system, because executable file is actually mapped Virtual Space when loading, so in fact this executable ELF file is exactly VxWorks image file.In VxWorks system, virtual address and the physical address of the program of most of static linkage program when loading are identical.In the prior art, the call stack analysis of target machine is all with current PC value search instruction forward, until find article one instruction of this function, obviously for scene 2, is article one instruction that is difficult to determine function, thus the failure that causes call stack to analyze.And in the present invention, can obtain according to the instrument of main frame article one instruction of function, and start scanning from article one instruction of function, no matter more whether this instruction and PC value are performed all each instruction of scanning function downwards successively, until search characteristic of correspondence instruction, thereby obtain the stack frame sign of function, thus the SP value of computing function entrance, even if function does not have the explicit stack instruction that enters like this, also can carry out call stack analysis.The return address that function is obtained in instruction according to feature simultaneously, whether the return address of function may be stored in RA register, also may be stored on stack, according to different feature instruction and this instructions, be performed and determine.

Those skilled in the art can carry out various modifications and variations to the embodiment of the present invention, if these revise and modification within the scope of the claims in the present invention and equivalent technologies thereof, these modifications and modification are also within protection scope of the present invention.

The prior art that the content of not describing in detail in instructions is known to the skilled person.

Claims (10)

1. the function call stack analytical approach based on vxworks operating system, is characterized in that, comprises the following steps:

S1, on main frame, input the carried out link form ELF file of the VxWorks reflection of the current operation of target machine, the while generates the symbol table file of image file on main frame;

The task that S2, supposition need to be carried out the analysis of function call stack is t1, and main frame issues request command to target machine: suspended task t1, and target machine is carried out this order;

S3, main frame are to the task control block (TCB) TCB information of target machine request task t1, and target machine returns to the TCB information of task t1, at the bottom of comprising general-purpose register information, stack and stack size;

S4, main frame get stack pointer SP value, PC value of program counter, return address RA value from the TCB information of returning, what without the microprocessor MIPS stack space of inner interlocked pipelining-stage, adopt is the mode increasing downwards, at the bottom of stack at high address, during operation, SP value is exactly the stack pointer of current function, what its pointed to is the position of stack top, stored content and deposit order and defined by the calling convention of complex framework in each stack frame; Current SP value is the SP value that program runs to current state, and the SP value of function entrance point is the SP value when entering this function and also not carrying out the instruction of function article one;

S5, main frame according to SP value and stack at the bottom of information to the information of target machine request stack space, the stack information of asking is SP value stack top pointed to the memory headroom information between at the bottom of stack, target machine returns to corresponding stack information;

S6, main frame are according to the TCB information of target machine, and the information of stack space and dis-assembling file, carry out the analysis of function call stack;

S7, main frame issue request command to target machine: recovery need to be carried out the task t1 of function call stack analysis, and target machine is carried out this order.

2. the function call stack analytical approach based on vxworks operating system as claimed in claim 1, it is characterized in that: the function call stack analysis in step S6 is the process of a recurrence, while carrying out the analysis of top-level function call stack, PC value and SP value are respectively PC value and the SP value in the TCB information that target machine returns, in follow-up recursive procedure, the analysis of every one deck depends on new PC value and the SP value that last layer generates, until at the bottom of SP value arrival stack.

3. the function call stack analytical approach based on vxworks operating system as claimed in claim 2, is characterized in that: the function call stack analytic process in step S6 is as follows:

Step 601, judge whether SP value arrives stack at the bottom of, if so, forward step 602 to; If not, forward step 603 to;

Step 602, be connected in series the function f unc formation function call chain under every one deck PC value, finish;

Step 603, function address and function name according to PC value under searching, concrete search procedure is: in symbol table file, search address and be no more than and approach most PC value function address and function name, this function is designated as to func; Forward step 604 to;

Step 604, utilize existing instrument to obtain the assembly instruction of function f unc, forward step 605 to;

Step 605, obtain the SP value of function f unc entrance and the return address of function f unc, and calculate new PC value and SP value, wherein new PC value is that the return address RA value of function f unc is through the value after calculating, the return address of function f unc is the caller address of function f unc, and new SP value is the SP value of function f unc entrance; Return to step 601.

4. the function call stack analytical approach based on vxworks operating system as claimed in claim 3, is characterized in that: step 605 specifically comprises the following steps:

Step 6051, from article one instruction of function, scan one by one every instruction;

Whether the present instruction that step 6052, judgement scan meets one of four kinds of situations below:

(a) the stacked adjustment instruction of SP;

(b) RA holding instruction on stack;

(c) recovery instruction or the register jump instruction of RA on stack;

(d) the SP adjustment instruction of popping;

If meet, forward step 6053 to; If do not met, be other instruction, forward step 6055 to;

Step 6053, according to above-mentioned four kinds of situations and current the scanned address of present instruction and the magnitude relationship of PC value, the SP value of computing function entrance or obtain function RA value respectively:

(a) the stacked adjustment instruction of SP:

The size of computing function stack frame, address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value: the size of the SP value of function entrance point=current SP value+function stack frame; Otherwise, the SP value of function entrance point=current SP value;

(b) RA holding instruction on stack:

Address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value,: the RA value on function RA value=stack, is about to current SP value and adds that the offset address of relative SP value in instruction is as the preservation address of RA, thereby obtain RA value; Otherwise, the RA value in function RA value=current TCB information;

(c) recovery instruction or the register jump instruction of RA on stack:

Address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value: the RA value in function RA value=current TCB information; Otherwise the RA value on function RA value=stack, is about to current SP value and adds that the offset address of relative SP value in instruction is as the preservation address of RA, thereby obtain RA value;

(d) the SP adjustment instruction of popping:

The size of computing function stack frame compares address and the PC value of scanned present instruction simultaneously, if the address of the present instruction scanning is less than PC value: the SP value of function entrance point=current SP value; Otherwise, the size of the SP value of function entrance point=current SP value+function stack frame;

Step 6054, judge whether to get SP value and the function RA value of function entrance point, if meet, forward step 6056 to, otherwise, go to step 6055;

Step 6055, continuation scan until the instruction scan of function f unc finishes next instruction.

Step 6056, using the return address of function, be RA value after calculating as new PC value, in MIPS system, RA value is deducted 8 rear as new PC value, using the SP value of function f unc entrance as new SP value.

5. the function call stack analytical approach based on vxworks operating system as claimed in claim 4, is characterized in that: in step 6052, the implication of Partial Feature instruction is as follows:

Shape is as addiu sp, sp, the instruction of x is that SP value is adjusted instruction, it is exactly the size of function stack frame that the value of x is carried out after sign extended, when x is negative value, this instruction represents the stacked adjustment instruction of SP, x be on the occasion of time, this instruction represents the SP adjustment instruction of popping;

Shape is as sw $ ra, and the instruction of x ($ sp) is RA holding instruction on stack, for the content of RA register is saved in to stack;

Shape is as lw $ ra, and the instruction of x ($ sp) is the recovery instruction of RA on stack, for by the content recovery of preserving on stack to RA register;

Shape as the instruction of jr $ ra be register jump instruction, function returns by this instruction and completes.

6. the function call stack analytical equipment based on vxworks operating system, comprises main frame and target machine, and main frame sends operational order to target machine, analyzes data and shows result data; Target machine is carried out the operational order of main frame and is returned to actual running status, it is characterized in that:

On main frame, input the link the carried out form ELF file of the VxWorks reflection of the current operation of target machine, on main frame, generate the symbol table file of image file simultaneously;

Suppose that the task of need to carry out the analysis of function call stack is t1, main frame issues request command to target machine: suspended task t1, and target machine is carried out this order;

Main frame is to the task control block (TCB) TCB information of target machine request task t1, and target machine returns to the TCB information of task t1, at the bottom of comprising general-purpose register information, stack and stack size;

Main frame gets stack pointer SP value, PC value of program counter, return address RA value from the TCB information of returning, what without the microprocessor MIPS stack space of inner interlocked pipelining-stage, adopt is the mode increasing downwards, at the bottom of stack at high address, during operation, SP value is exactly the stack pointer of current function, what its pointed to is the position of stack top, stored content and deposit order and defined by the calling convention of complex framework in each stack frame; Current SP value is the SP value that program runs to current state, and the SP value of function entrance point is the SP value when entering this function and also not carrying out the instruction of function article one;

Main frame according to SP value and stack at the bottom of information to the information of target machine request stack space, the stack information of asking is SP value stack top pointed to the memory headroom information between at the bottom of stack, target machine returns to corresponding stack information;

Main frame is according to the TCB information of target machine, and the information of stack space and dis-assembling file, carry out the analysis of function call stack;

Main frame issues request command to target machine: recovery need to be carried out the task t1 of function call stack analysis, and target machine is carried out this order.

7. the function call stack analytical equipment based on vxworks operating system as claimed in claim 6, it is characterized in that: the analysis of described function call stack is the process of a recurrence, while carrying out the analysis of top-level function call stack, PC value and SP value are respectively PC value and the SP value in the TCB information that target machine returns, in follow-up recursive procedure, the analysis of every one deck depends on new PC value and the SP value that last layer generates, until at the bottom of SP value arrival stack.

8. the function call stack analytical equipment based on vxworks operating system as claimed in claim 7, is characterized in that: described function call stack analytic process is as follows:

Step 601, judge whether SP value arrives stack at the bottom of, if so, forward step 602 to; If not, forward step 603 to;

Step 602, be connected in series the function f unc formation function call chain under every one deck PC value, finish;

Step 603, function address and function name according to PC value under searching, concrete search procedure is: in symbol table file, search address and be no more than and approach most PC value function address and function name, this function is designated as to func; Forward step 604 to;

Step 604, utilize existing instrument to obtain the assembly instruction of function f unc, forward step 605 to;

Step 605, obtain the SP value of function f unc entrance and the return address of function f unc, and calculate new PC value and SP value, wherein new PC value is that the return address RA value of function f unc is through the value after calculating, the return address of function f unc is the caller address of function f unc, and new SP value is the SP value of function f unc entrance; Return to step 601.

9. the function call stack analytical equipment based on vxworks operating system as claimed in claim 8, is characterized in that: step 605 specifically comprises the following steps:

Step 6051, from article one instruction of function, scan one by one every instruction;

Whether the present instruction that step 6052, judgement scan meets one of four kinds of situations below:

(a) the stacked adjustment instruction of SP;

(b) RA holding instruction on stack;

(c) recovery instruction or the register jump instruction of RA on stack;

(d) the SP adjustment instruction of popping;

If meet, forward step 6053 to; If do not met, be other instruction, forward step 6055 to;

Step 6053, according to above-mentioned four kinds of situations and current the scanned address of present instruction and the magnitude relationship of PC value, the SP value of computing function entrance or obtain function RA value respectively:

(a) the stacked adjustment instruction of SP:

The size of computing function stack frame, address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value: the size of the SP value of function entrance point=current SP value+function stack frame; Otherwise, the SP value of function entrance point=current SP value;

(b) RA holding instruction on stack:

Address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value,: the RA value on function RA value=stack, is about to current SP value and adds that the offset address of relative SP value in instruction is as the preservation address of RA, thereby obtain RA value; Otherwise, the RA value in function RA value=current TCB information;

(c) recovery instruction or the register jump instruction of RA on stack:

Address and the PC value of the present instruction relatively scanning, if the address of the present instruction scanning is less than PC value: the RA value in function RA value=current TCB information; Otherwise the RA value on function RA value=stack, is about to current SP value and adds that the offset address of relative SP value in instruction is as the preservation address of RA, thereby obtain RA value;

(d) the SP adjustment instruction of popping:

The size of computing function stack frame compares address and the PC value of scanned present instruction simultaneously, if the address of the present instruction scanning is less than PC value: the SP value of function entrance point=current SP value; Otherwise, the size of the SP value of function entrance point=current SP value+function stack frame;

Step 6054, judge whether to get SP value and the function RA value of function entrance point, if meet, forward step 6056 to, otherwise, go to step 6055;

Step 6055, continuation scan until the instruction scan of function f unc finishes next instruction.

Step 6056, using the return address of function, be RA value after calculating as new PC value, in MIPS system, RA value is deducted 8 rear as new PC value, using the SP value of function f unc entrance as new SP value.

10. the function call stack analytical equipment based on vxworks operating system as claimed in claim 9, is characterized in that: in step 6052, the implication of Partial Feature instruction is as follows:

Shape is as addiu sp, sp, the instruction of x is that SP value is adjusted instruction, it is exactly the size of function stack frame that the value of x is carried out after sign extended, when x is negative value, this instruction represents the stacked adjustment instruction of SP, x be on the occasion of time, this instruction represents the SP adjustment instruction of popping;

Shape is as sw $ ra, and the instruction of x ($ sp) is RA holding instruction on stack, for the content of RA register is saved in to stack;

Shape is as lw $ ra, and the instruction of x ($ sp) is the recovery instruction of RA on stack, for by the content recovery of preserving on stack to RA register;

Shape as the instruction of jr $ ra be register jump instruction, function returns by this instruction and completes.

Images