2 /*--------------------------------------------------------------------*/
3 /*--- Launching Valgrind on AIX5. launcher-aix5.c ---*/
4 /*--------------------------------------------------------------------*/
7 This file is part of Valgrind, a dynamic binary instrumentation
10 Copyright (C) 2006-2010 OpenWorks LLP
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
28 The GNU General Public License is contained in the file COPYING.
30 Neither the names of the U.S. Department of Energy nor the
31 University of California nor the names of its contributors may be
32 used to endorse or promote products derived from this software
33 without prior written permission.
36 /* Cut-down version of the normal launcher, except it is completely
37 different on AIX5. Does not handle shell scripts, only real
38 machine code XCOFF executables.
40 Note: this is a "normal" program and not part of Valgrind proper,
41 and so it doesn't have to conform to Valgrind's arcane rules on
50 #include <sys/types.h>
53 #include <sys/ptrace.h>
56 /* Get both struct __ld_info32 and struct __ld_info64. */
57 #define __LDINFO_PTRACE32__ 1
58 #define __LDINFO_PTRACE64__ 1
61 #include <sys/reg.h> /* GPR0 .. GPR31 */
62 #include <sys/procfs.h> /* prsysent_t */
64 #include "pub_core_debuglog.h"
65 #include "pub_core_vki.h"
66 #include "pub_core_vkiscnums.h"
67 #include "pub_core_libcproc.h" // For VALGRIND_LIB, VALGRIND_LAUNCHER
69 /* Get the definition for the AIX5Bootblock structure. This is what
70 we will generate and patch into the child's address space. */
71 #include "launcher-aix5-bootblock.h"
73 /* Simple routines for Huffman compression/decompression */
74 #include "m_initimg/simple_huffman.c"
77 /* -------------------------------------------------------------- */
79 /* --- A uniform interface to the ptrace facilities we need. --- */
81 /* -------------------------------------------------------------- */
91 /* Read len bytes from target's rsrc to local ldst. Returns True if
94 Bool ptrace_READ_BLOCK ( Child* ch, Int len, void* ldst, Addr64 rsrc )
97 assert(len >= 0 && len <= 1024);
98 r = ptrace64( PT_READ_BLOCK, (ULong)ch->pid, rsrc, len, ldst );
100 return False; /* success */
101 return True; /* error */
105 /* Write len bytes to target's rdst from local lsrc. Returns True if
108 Bool ptrace_WRITE_BLOCK ( Child* child, Int len, Addr64 rdst, void* lsrc )
111 assert(len >= 0 && len <= 1024);
112 r = ptrace64( PT_WRITE_BLOCK, (ULong)child->pid, rdst, len, lsrc );
114 return False; /* success */
115 return True; /* error */
119 /* Read a GPR from the target. Returns True if error. */
121 Bool ptrace_READ_GPR ( Child* child, Int reg, ULong* ldst )
127 (void)ptrace64( PT_READ_GPR,
128 (ULong)child->pid, (ULong)reg, 8, (Int*)(&w64) );
129 if (errno != 0) return True; /* error */
131 w32 = ptrace64( PT_READ_GPR,
132 (ULong)child->pid, (ULong)reg, 0, 0 );
133 if (errno != 0) return True; /* error */
137 return False; /* success */
141 /* Write a GPR to the target. Returns True if error. */
143 Bool ptrace_WRITE_GPR ( Child* child, Int reg, ULong val )
150 (void)ptrace64( PT_WRITE_GPR,
151 (ULong)child->pid, (ULong)reg, 8, (Int*)&w64 );
152 if (errno != 0) return True; /* error */
155 (void)ptrace64( PT_WRITE_GPR,
156 (ULong)child->pid, (ULong)reg, w32, 0 );
157 if (errno != 0) return True; /* error */
159 return False; /* success */
163 /* -------------------------------------------------------------- */
165 /* --- Helper functions --- */
167 /* -------------------------------------------------------------- */
169 /* Search the path for the client program */
170 static const char* find_client ( const char* clientname )
172 static char fullname[PATH_MAX];
173 const char *path = getenv("PATH");
178 if ((colon = strchr(path, ':')) == NULL)
180 strcpy(fullname, path);
185 memcpy(fullname, path, colon - path);
186 fullname[colon - path] = '\0';
189 strcat(fullname, "/");
190 strcat(fullname, clientname);
192 if (access(fullname, R_OK|X_OK) == 0)
199 /* Examine the given file. If it looks like valid XCOFF32 return 32,
200 if valid XCOFF64 return 64, else return 0. */
201 static Int examine_client ( const char* clientname )
205 FILE* f = fopen( clientname, "r" );
208 n = fread( buf, 1, 16, f );
212 if (buf[0] == 0x01 && buf[1] == 0xDF)
213 return 32; /* XCOFF32 */
214 if (buf[0] == 0x01 && buf[1] == 0xF7)
215 return 64; /* XCOFF64 */
219 static Bool file_exists ( char* fname )
222 int r = stat(fname, &buf);
226 static Addr64 ROUNDDN_PAGE ( Addr64 v )
234 static Bool IS_PAGE_ALIGNED ( Addr64 v )
244 static Bool IS_8_ALIGNED ( Addr64 v )
255 /* Read a 4096-byte page from CHILD's address space at location SRC,
256 into local address space at DST. Returns True if error, False
259 static Bool ptrace_read_page ( Child* child, UChar* ldst, Addr64 rsrc )
264 assert(IS_PAGE_ALIGNED(rsrc));
267 err = ptrace_READ_BLOCK(child, 1024, ldst + off, rsrc + off);
271 err = ptrace_READ_BLOCK(child, 1024, ldst + off, rsrc + off);
275 err = ptrace_READ_BLOCK(child, 1024, ldst + off, rsrc + off);
279 err = ptrace_READ_BLOCK(child, 1024, ldst + off, rsrc + off);
283 assert(off == PAGE_SIZE);
289 /* Write a 4096-byte page from local address space at SRC to CHILD's
290 address space at location DST. Returns True if error, False
293 static Bool ptrace_write_page ( Child* child, Addr64 rdst, UChar* lsrc )
298 assert(IS_PAGE_ALIGNED(rdst));
301 err = ptrace_WRITE_BLOCK(child, 1024, rdst + off, lsrc + off);
305 err = ptrace_WRITE_BLOCK(child, 1024, rdst + off, lsrc + off);
309 err = ptrace_WRITE_BLOCK(child, 1024, rdst + off, lsrc + off);
313 err = ptrace_WRITE_BLOCK(child, 1024, rdst + off, lsrc + off);
317 assert(off == PAGE_SIZE);
323 /* Get 37 integer registers (GPR0 .. GPR31, PC, CR, LR, CTR, XER) from
324 CHILD into the given array. Returns True if there is any kind of
327 Bool ptrace_get_iregs_pc_cr_lr_ctr_xer (
329 /*OUT*/ULong* iregs_pc_cr_lr_ctr_xer
335 for (i = GPR0; i <= GPR31; i++) {
337 assert(j >= 0 && j < 32);
338 err = ptrace_READ_GPR( child, i, &iregs_pc_cr_lr_ctr_xer[j] );
343 err = ptrace_READ_GPR( child, IAR, &iregs_pc_cr_lr_ctr_xer[32+0] );
347 err = ptrace_READ_GPR( child, CR, &iregs_pc_cr_lr_ctr_xer[32+1] );
351 err = ptrace_READ_GPR( child, LR, &iregs_pc_cr_lr_ctr_xer[32+2] );
355 err = ptrace_READ_GPR( child, CTR, &iregs_pc_cr_lr_ctr_xer[32+3] );
359 err = ptrace_READ_GPR( child, XER, &iregs_pc_cr_lr_ctr_xer[32+4] );
366 /* Set CHILD's program counter to the given value. Returns True if
367 there is any kind of error. */
369 Bool ptrace_put_pc ( Child* child, ULong newpc )
371 return ptrace_WRITE_GPR( child, IAR, newpc );
375 /* Set CHILD's R31 to the given value. Returns True if there is any
378 Bool ptrace_put_r31 ( Child* child, ULong newr31 )
380 return ptrace_WRITE_GPR( child, GPR31, newr31 );
384 /* ------ Instruction generators ------ */
386 static UInt mkFormD ( UInt opc1, UInt r1, UInt r2, UInt imm )
393 theInstr = ((opc1<<26) | (r1<<21) | (r2<<16) | (imm));
396 static UInt mkFormX ( UInt opc1,
397 UInt r1, UInt r2, UInt r3, UInt opc2, UInt b0 )
404 assert(opc2 < 0x400);
406 theInstr = ((opc1<<26) | (r1<<21) | (r2<<16) |
407 (r3<<11) | (opc2<<1) | (b0));
410 static UInt mkFormXFX ( UInt r1, UInt f2, UInt opc2 )
415 assert(opc2 < 0x400);
425 // re-arrange split field
426 f2 = ((f2>>5) & 0x1F) | ((f2 & 0x1F)<<5);
430 theInstr = ((31<<26) | (r1<<21) | (f2<<11) | (opc2<<1));
433 static UInt mkFormMD ( UInt opc1, UInt r1, UInt r2,
434 UInt imm1, UInt imm2, UInt opc2 )
443 imm2 = ((imm2 & 0x1F) << 1) | (imm2 >> 5);
444 theInstr = ((opc1<<26) | (r1<<21) | (r2<<16) |
445 ((imm1 & 0x1F)<<11) | (imm2<<5) |
446 (opc2<<2) | ((imm1 >> 5)<<1));
449 static UInt mkFormXO ( UInt opc1, UInt r1, UInt r2,
450 UInt r3, UInt b10, UInt opc2, UInt b0 )
458 assert(opc2 < 0x200);
460 theInstr = ((opc1<<26) | (r1<<21) | (r2<<16) |
461 (r3<<11) | (b10 << 10) | (opc2<<1) | (b0));
465 static UInt gen_lis_r_N ( UInt r, UInt N ) {
466 return mkFormD(15, r, 0, N & 0xFFFF); /* lis r,r,N */
468 static UInt gen_ori_r_r_N ( UInt r, UInt N ) {
469 return mkFormD(24, r, r, N & 0xFFFF); /* ori r,r,N */
471 static UInt gen_addi_rd_rs_N ( UInt rd, UInt rs, UInt N ) {
473 return mkFormD(14, rd, rs, N & 0xFFFF); /* addi rd,rs,N */
475 static UInt gen_addis_rd_rs_N ( UInt rd, UInt rs, UInt N ) {
477 return mkFormD(15, rd, rs, N & 0xFFFF); /* addis rd,rs,N */
479 static UInt gen_crorc_6_6_6 ( void ) {
480 return 0x4CC63342; /* crorc 6,6,6 */
482 static UInt gen_mr_rd_rs ( UInt rd, UInt rs ) {
483 return mkFormX(31, rs, rd, rs, 444, 0); /* or rd,rs,ts */
485 static UInt gen_bl_next ( void ) {
486 return 0x48000005; /* bl .+4 */
488 static UInt gen_mflr_r ( UInt r ) {
489 return mkFormXFX(r, 8, 339); /* mflr r */
491 static UInt gen_mtlr_r ( UInt r ) {
492 return mkFormXFX(r, 8, 467); /* mtlr r */
494 static UInt gen_blr ( void ) {
495 return 0x4E800020; /* blr */
497 __attribute__((unused))
498 static UInt gen_blrl ( void ) {
499 return 0x4E800021; /* blrl */
501 static UInt gen_add_r_N ( UInt r, UInt N ) {
502 return mkFormD(14, r, r, N & 0xFFFF); /* addi r,r,N */
504 static UInt gen_cmpli_cr7_r_N ( UInt r, UInt N ) {
505 return mkFormD(10, 7<<2, r, N & 0xFFFF); /* cmpli cr7,r,N */
507 static UInt gen_bne_cr7_delta ( UInt delta ) {
508 return 0x409E0000 | (delta & 0x0000FFFC); /* bne- cr7,delta */
510 __attribute__((unused))
511 static UInt gen_beq_cr7_delta ( UInt delta ) {
512 return 0x419E0000 | (delta & 0x0000FFFC); /* beq- cr7,delta */
514 static UInt gen_sc ( void ) {
515 return 0x44000002; /* sc */
517 static UInt gen_lwz_rd_off_ra ( UInt rd, UInt off, UInt ra ) {
518 return mkFormD(32, rd, ra, off); /* lwz rd, off(ra) */
520 static UInt gen_add_rd_rL_rR (UInt rd, UInt rsrcL, UInt rsrcR ) {
521 return mkFormXO(31, rd, rsrcL, rsrcR, 0, 266, 0);
523 static UInt gen_subf_rd_rL_rR (UInt rd, UInt rsrcL, UInt rsrcR ) {
524 return mkFormXO(31, rd, rsrcL, rsrcR, 0, 40, 0);
527 static Int emit_insn ( UInt* code, Int ix, UInt insn ) {
531 static Int emit_li32 ( UInt* code, Int ix, UInt rd, UInt imm32 ) {
532 code[ix++] = gen_lis_r_N(rd, imm32 >> 16);
534 code[ix++] = gen_ori_r_r_N(rd, imm32 & 0xFFFF);
537 static Int emit_dosc ( UInt* code, Int ix ) {
538 /* Generate code to do a syscall and continue at the next insn.
539 Note: trashes r29. */
540 code[ix++] = gen_crorc_6_6_6();
541 code[ix++] = gen_bl_next();
542 code[ix++] = gen_mflr_r(29);
543 code[ix++] = gen_add_r_N(29,16);
544 code[ix++] = gen_mtlr_r(29);
545 code[ix++] = gen_sc();
549 /* Generate 64-bit insns */
550 static Int emit_li64 ( UInt* code, Int ix, UInt rd, ULong imm64 ) {
551 if (imm64 >= 0xFFFFFFFF80000000ULL || imm64 < 0x80000000ULL) {
552 // sign-extendable from 32 bits
553 // addis rd,r0,(imm64>>16) => lis rd, (imm64>>16)
554 code[ix++] = mkFormD(15, rd, 0, (imm64>>16) & 0xFFFF);
555 // ori rd, rd, (imm64 & 0xFFFF)
556 code[ix++] = mkFormD(24, rd, rd, imm64 & 0xFFFF);
559 // lis rd, (imm64>>48) & 0xFFFF
560 code[ix++] = mkFormD(15, rd, 0, (imm64>>48) & 0xFFFF);
561 // ori rd, rd, (imm64>>32) & 0xFFFF
562 code[ix++] = mkFormD(24, rd, rd, (imm64>>32) & 0xFFFF);
563 // shift rd low word to high word => rldicr
564 code[ix++] = mkFormMD(30, rd, rd, 32, 31, 1);
566 // oris rd, rd, (imm64>>16) & 0xFFFF
567 code[ix++] = mkFormD(25, rd, rd, (imm64>>16) & 0xFFFF);
568 // ori rd, rd, (imm64) & 0xFFFF
569 code[ix++] = mkFormD(24, rd, rd, imm64 & 0xFFFF);
573 static UInt gen_ld_rd_off_ra ( UInt rd, UInt off, UInt ra ) {
574 assert((off & 3) == 0);
575 return mkFormD(58, rd, ra, off); /* ld rd, off(ra) */
578 static UInt compute_adler32 ( void* addr, UWord len )
582 UChar* buf = (UChar*)addr;
591 return (s2 << 16) + s1;
595 /* -------------------------------------------------------------- */
597 /* --- BEGIN write bootstrap loader into child process --- */
599 /* -------------------------------------------------------------- */
601 /* From using truss, __loadx is used to load a module into a running
602 process in 32-bit mode, and kload in 64-bit mode. __loadx is
603 simple: it returns a pointer to a standard function descriptor to
606 kload isn't: it returns a pointer which, from examination of
607 /proc/<pid>/maps, doesn't point into the loaded object image. It
608 does appear to point to some kind of struct, words [4] and [6] of
609 which do point into the loaded object image. From comparison with
610 /proc/<pid>/maps, they are respectively the actual VMAs of the text
611 and data sections of the loaded module.
613 Knowing this it is possible to find the entry point descriptor:
614 - figure out where the auxiliary header is. We have a pointer to
615 the start of the mapped text section, so just add the size of
616 the XCOFF file header to that.
617 - figure out the data bias. We know the avma of the data section;
618 and the svma of it is in the auxiliary header in field
619 o_data_start. The data bias is therefore the difference between
621 - The auxiliary header also gives the svma of the entry point
622 descriptor; (o_entry); therefore its avma is o_entry + the data
625 ULong* kr = (result of kload)
628 AOUTHDR* aux = kr[4] (text_avma) + 24 (size of XCOFF file header);
633 ULong data_avma = kr[6];
638 ULong data_svma = aux->o_data_start;
639 // ld 0,16(9) aux->o_data_start
644 ULong data_bias = data_avma - data_svma;
650 ULong ent_svma = (ULong)aux->o_entry;
651 // ld 9,80(9) aux->o_entry
656 ULong ent_avma = ent_svma + data_bias;
664 #define LAUNCHER_SYSENT_SIZE 100000
665 static char sysent_buf[LAUNCHER_SYSENT_SIZE];
667 /* The executable loaded must have no more than N_LDINFOs direct
668 shared-object dependencies. Just increase this value and rebuild,
669 if you ever run out. We have two arrays, one for each kind of
671 #define N_LDINFOs 1000
672 static struct __ld_info32 ld_info32_array[N_LDINFOs];
673 static struct __ld_info64 ld_info64_array[N_LDINFOs];
677 UChar* bootstrap_errmsg
678 = "\nvalgrind: bootstrap loader failed. Cannot continue.\n\n";
681 /* Write the bootstrap loader and associated data (iow, an
682 AIX5Bootblock structure) into CHILD, so that when
683 ptrace-detached, it will continue by loading TOOLNAME and
684 continuing with that. Returns NULL on success or an error string
687 static char* write_bootstrap_loader_into_child
688 ( Child* child, char* toolfile )
690 /* ------ STEP 1: Fill in most parts of the bootblock. ------ */
692 /* All parts except code[], off_zdata and len_zdata. */
696 VG_(debugLog)(1, "launcher", "parent: size of bootblock is %ld\n",
697 sizeof(AIX5Bootblock));
699 assert(IS_8_ALIGNED( sizeof(AIX5Bootblock) ));
701 memset(&block, 0, sizeof(block));
705 /* off_zdata not known yet */
706 /* len_zdata not known yet */
708 /* --- SYSCALL NUMBERS --- */
710 /* Read some system call entries from the child's
711 /proc/<pid>/sysent file. */
712 char sysent_name[50];
715 prsysent_t* sysent_hdr;
718 VG_(debugLog)(1, "launcher",
719 "parent: reading child's /proc/../sysent\n");
721 sprintf(sysent_name, "/proc/%d/sysent", child->pid);
722 sysent_file = fopen(sysent_name, "r");
723 if (sysent_file == NULL)
724 return "Can't open child's /proc/<pid>/sysent file";
726 sysent_used = fread(sysent_buf, 1, LAUNCHER_SYSENT_SIZE, sysent_file);
727 if (sysent_used == 0)
728 return "Error reading child's /proc/<pid>/sysent file";
729 if (sysent_used == LAUNCHER_SYSENT_SIZE)
730 return "LAUNCHER_SYSENT_SIZE is too low; increase and recompile";
731 assert(sysent_used > 0 && sysent_used < LAUNCHER_SYSENT_SIZE);
735 sysent_hdr = (prsysent_t*)&sysent_buf[0];
737 /* Find some syscall numbers for the child. */
738 Int __nr__getpid = -1;
739 Int __nr_kwrite = -1;
740 Int __nr___loadx = -1; /* 32-bit child only */
741 Int __nr_kload = -1; /* 64-bit child only */
747 for (i = 0; i < sysent_hdr->pr_nsyscalls; i++) {
748 char* name = &sysent_buf[ sysent_hdr->pr_syscall[i].pr_nameoff ];
749 int nmbr = sysent_hdr->pr_syscall[i].pr_number;
750 if (0 == strcmp(name, "_getpid"))
752 if (0 == strcmp(name, "kwrite"))
754 if (0 == strcmp(name, "__loadx"))
756 if (0 == strcmp(name, "kload"))
758 if (0 == strcmp(name, "_exit"))
760 if (0 == strcmp(name, "open"))
762 if (0 == strcmp(name, "kread"))
764 if (0 == strcmp(name, "close"))
768 if (__nr__getpid == -1
770 || ((!child->is64) && __nr___loadx == -1)
771 || ((child->is64) && __nr_kload == -1)
776 return "can't establish syscall #s needed for bootstrap";
778 block.__NR_getpid = __nr__getpid;
779 block.__NR_write = __nr_kwrite;
780 block.__NR_exit = __nr__exit;
781 block.__NR_open = __nr_open;
782 block.__NR_read = __nr_kread;
783 block.__NR_close = __nr_close;
787 /* Continue by copying out the child's current integer register
789 VG_(debugLog)(1, "launcher",
790 "parent: reading child's int registers\n");
792 Bool err = ptrace_get_iregs_pc_cr_lr_ctr_xer
793 ( child, &block.iregs_pc_cr_lr_ctr_xer[0] );
795 return "read of child's int registers failed";
799 /* We'll leave that till last (is difficult). */
803 if (1 + strlen(bootstrap_errmsg) > N_BOOTBLOCK_ERRMSG)
804 return "bootstrap error message won't fit in bootblock";
806 for (i = 0; bootstrap_errmsg[i]; i++)
807 block.errmsg[i] = bootstrap_errmsg[i];
808 assert(i <= N_BOOTBLOCK_ERRMSG);
810 /* --- TOOLFILE --- */
812 if (1 + strlen(toolfile) > N_BOOTBLOCK_TOOLFILE)
813 return "tool file path is too long, won't fit in bootblock";
815 for (i = 0; toolfile[i]; i++)
816 block.toolfile[i] = toolfile[i];
817 assert(i <= N_BOOTBLOCK_TOOLFILE);
820 /* ------ STEP 2: Generate the bootblock code. ------ */
822 VG_(debugLog)(1, "launcher",
823 "parent: creating bootblock code ..\n");
825 /* This is the tricky bit. The resulting code has to be position
826 independent since we don't yet know where it's going to be
827 placed. The code is entered with r31 pointing at the bootblock.
828 r29-31 are callee-saved, so presumably they don't get trashed
829 across syscalls. r30 is used as scratch, and r29 is also used
830 as scratch by 'emit_dosc'. */
832 /* Preliminaries: to do a syscall, we have to do 'crorc 6,6,6' and
833 put the continuation address in LR, which is a bit of a drag.
834 Hence the following macro:
836 SYSCALL_SEQUENCE = crorc 6,6,6
843 Also: 'imm' is an imaginary instruction to get a 32-bit literal into
844 a register. It's really li followed by oris.
847 /* So, the code. First, prepare for and do a _loadx syscall, to
854 addi 6, 31, offset_of_toolfile
862 If the syscall failed, r4 will be nonzero. Branch elsewhere if so.
871 ix=emit_insn( &block.code[0],ix, 0x7fe00008 ); } \
876 ix=emit_li64( &block.code[0],ix, 28,0); \
877 ix=emit_insn( &block.code[0],ix, \
878 gen_ld_rd_off_ra(27,0xfffc,28)); \
880 ix=emit_li32( &block.code[0],ix, 28,0); \
881 ix=emit_insn( &block.code[0],ix, \
882 gen_lwz_rd_off_ra(27,0xffff,28)); \
887 ix=emit_insn( &block.code[0],ix, 0 ); } \
893 /* 64-bit sequence */
894 /* Set up for 'sys_kload(toolfile, 0, 0)'
896 addi 3, 31, offset_toolfile
906 // if kload failed, r3 will hold zero
910 // from result of kload, figure out entry point address
911 // as described above
918 add 10,9,11 // r10 is entry descriptor avma
920 void(*fn)(void*) = (void(*)(void*))ent_avma;
926 mr 3,31 // arg to pass
929 ix = emit_li64( &block.code[0],ix, 2, __nr_kload );
930 ix = emit_insn( &block.code[0],ix,
931 gen_addi_rd_rs_N(3,31,offsetof(AIX5Bootblock,toolfile)));
932 ix = emit_li64( &block.code[0],ix, 4, 0 );
933 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(5,4) );
934 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(6,4) );
935 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(7,4) );
936 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(8,4) );
937 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(9,4) );
938 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(10,4) );
939 ix = emit_dosc( &block.code[0],ix );
941 ix = emit_insn( &block.code[0],ix, gen_cmpli_cr7_r_N(3,0) );
942 Int ix_beq = ix; /* Patch this later */
943 ix = emit_insn( &block.code[0],ix, 0 );
945 ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 9, 32, 3 ) );
946 ix = emit_insn( &block.code[0],ix, gen_addi_rd_rs_N( 9, 9, 24 ) );
947 ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 11, 48, 3 ) );
948 ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 0, 16, 9 ) );
949 ix = emit_insn( &block.code[0],ix, gen_subf_rd_rL_rR( 11, 0, 11 ) );
950 ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 9, 80, 9 ) );
951 ix = emit_insn( &block.code[0],ix, gen_add_rd_rL_rR( 10, 9, 11 ) );
953 ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 9, 0, 10 ) );
954 ix = emit_insn( &block.code[0],ix, gen_mtlr_r( 9 ) );
955 ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 2, 8, 10 ) );
956 ix = emit_insn( &block.code[0],ix, gen_ld_rd_off_ra( 11, 16, 10 ) );
957 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(3, 31) );
958 ix = emit_insn( &block.code[0],ix, gen_blr() );
960 assert(ix <= N_BOOTBLOCK_INSNS);
963 We get here if the kload syscall fails. Write a terse message
964 to stderr saying so, then exit, carrying the error code of the
965 kload call. The latter is saved in r30 across the write() call.
966 mr 30,4 (4 contains the error result from kload)
969 addi 4, 31, offset_of_errormsg
970 imm 5, length(errormsg)
976 Well, we shouldn't be alive here. But just in case we do, put
977 a zero word, which will generate SIGILL and definitely stop the
981 /* fill in the conditional jump */
982 (void)emit_insn( &block.code[0],ix_beq,
983 gen_beq_cr7_delta(4*(ix-ix_beq)));
984 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(30,4) );
985 ix = emit_li64( &block.code[0],ix, 2, __nr_kwrite);
986 ix = emit_li64( &block.code[0],ix, 3, 2);
987 ix = emit_insn( &block.code[0],ix,
988 gen_addi_rd_rs_N(4,31,offsetof(AIX5Bootblock,errmsg)));
989 ix = emit_li64( &block.code[0],ix, 5, strlen(bootstrap_errmsg));
990 ix = emit_dosc( &block.code[0],ix );
991 ix = emit_li64( &block.code[0],ix, 2, __nr__exit);
992 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(3,30) );
993 ix = emit_dosc( &block.code[0],ix );
994 ix = emit_insn( &block.code[0],ix, 0 );
995 assert(ix <= N_BOOTBLOCK_INSNS);
999 /* 32-bit sequence */
1000 ix = emit_insn( &block.code[0],ix,
1001 gen_addis_rd_rs_N(1,1,-4) );
1002 ix = emit_li32( &block.code[0],ix, 2, __nr___loadx );
1003 ix = emit_li32( &block.code[0],ix, 3, VKI_DL_LOAD );
1004 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(4,1) );
1005 ix = emit_li32( &block.code[0],ix, 5, 3<<16 );
1006 ix = emit_insn( &block.code[0],ix,
1007 gen_addi_rd_rs_N(6,31,offsetof(AIX5Bootblock,toolfile)));
1008 ix = emit_li32( &block.code[0],ix, 7, 0);
1009 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(8,7) );
1010 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(9,7) );
1011 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(10,7) );
1012 ix = emit_dosc( &block.code[0],ix );
1013 ix = emit_insn( &block.code[0],ix,
1014 gen_addis_rd_rs_N(1,1,4) );
1015 ix = emit_insn( &block.code[0],ix, gen_cmpli_cr7_r_N(4,0) );
1016 Int ix_bne = ix; /* Patch this later */
1017 ix = emit_insn( &block.code[0],ix, 0 );
1018 assert(ix <= N_BOOTBLOCK_INSNS);
1020 /* Looks like we're good. r3 now points at a standard function
1021 descriptor for the entry point of the module we just loaded.
1022 Load r2/r11 from the descriptor, then put the address of the
1023 bootstrap area in r3, and jump to the code address. Not a
1024 call -- we don't intend to return here. Note, must use r30
1025 as scratch here since r31 is live.
1033 ix = emit_insn( &block.code[0],ix, gen_lwz_rd_off_ra(30, 0, 3));
1034 ix = emit_insn( &block.code[0],ix, gen_mtlr_r(30) );
1035 ix = emit_insn( &block.code[0],ix, gen_lwz_rd_off_ra( 2, 4, 3));
1036 ix = emit_insn( &block.code[0],ix, gen_lwz_rd_off_ra(11, 8, 3));
1037 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(3,31));
1038 ix = emit_insn( &block.code[0],ix, gen_blr() );
1039 assert(ix <= N_BOOTBLOCK_INSNS);
1042 We get here if the _loadx syscall fails. Write a terse message
1043 to stderr saying so, then exit, carrying the error code of the
1044 _loadx call. The latter is saved in r30 across the write() call.
1045 mr 30,4 (4 contains the error result from __loadx)
1048 addi 4, 31, offset_of_errormsg
1049 imm 5, length(errormsg)
1055 Well, we shouldn't be alive here. But just in case we do, put
1056 a zero word, which will generate SIGILL and definitely stop the
1060 /* fill in the conditional jump */
1061 (void)emit_insn( &block.code[0],ix_bne,
1062 gen_bne_cr7_delta(4*(ix-ix_bne)));
1063 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(30,4) );
1064 ix = emit_li32( &block.code[0],ix, 2, __nr_kwrite);
1065 ix = emit_li32( &block.code[0],ix, 3, 2);
1066 ix = emit_insn( &block.code[0],ix,
1067 gen_addi_rd_rs_N(4,31,offsetof(AIX5Bootblock,errmsg)));
1068 ix = emit_li32( &block.code[0],ix, 5, strlen(bootstrap_errmsg));
1069 ix = emit_dosc( &block.code[0],ix );
1070 ix = emit_li32( &block.code[0],ix, 2, __nr__exit);
1071 ix = emit_insn( &block.code[0],ix, gen_mr_rd_rs(3,30) );
1072 ix = emit_dosc( &block.code[0],ix );
1073 ix = emit_insn( &block.code[0],ix, 0 );
1074 assert(ix <= N_BOOTBLOCK_INSNS);
1078 VG_(debugLog)(1, "launcher",
1079 "parent: .. %d instructions emitted\n", ix);
1082 for (i = 0; i < ix; i++) {
1083 if (0) printf("code[%d] = 0x%08x\n", i, block.code[i]);
1085 sprintf(buff, "echo 0x%x | ./ascii2u32", block.code[i]);
1090 /* ------ STEP 3: Find out where to place stuff in the child. ------ */
1092 /* We'll have to hijack some space in the data section of the main
1093 executable. First off, find the first and last pages of said
1094 data section. We can't use the text section, because the child
1095 is unable to write to its own text section, to undo the
1096 compression of the hijacked page. We can't use the stack
1097 because it appears, although stacks in AIX 5.3 appear to be
1098 executable, the child gets SIGKILL'd after the ptrace detach if
1099 its program counter is pointing into its stack. The data
1100 section of the main executable appears to be executable, though,
1103 This requires wading though the list of loaded modules in the
1104 child, to find the main executable. */
1108 lr = ptrace64(PT_LDINFO, (ULong)child->pid,
1109 (ULong)(UWord)&ld_info64_array,
1110 sizeof(ld_info64_array), 0/*ignored*/);
1112 lr = ptrace64(PT_LDINFO, (ULong)child->pid,
1113 (ULong)(UWord)&ld_info32_array,
1114 sizeof(ld_info32_array), 0/*ignored*/);
1116 VG_(debugLog)(1, "launcher", "parent: ptrace PT_LDINFO got %ld\n", lr);
1118 return "ptrace(PT_LDINFO, ...) failed";
1122 /* We have to iterate through the entire array to close the object
1123 files that this has opened. Duh. */
1125 char* p = (char*)&ld_info64_array;
1127 struct __ld_info64* info = (struct __ld_info64*)p;
1130 "launcher", "parent: text 0x%llx-0x%llx data 0x%llx-0x%llx\n",
1131 (Addr64)info->ldinfo_textorg,
1132 (Addr64)info->ldinfo_textorg + (Addr64)info->ldinfo_textsize,
1133 (Addr64)info->ldinfo_dataorg,
1134 (Addr64)info->ldinfo_dataorg + (Addr64)info->ldinfo_datasize
1137 Int ir = close(info->_file._ldinfo_fd);
1139 /* The last entry in the array is marked by having a zero
1140 offset-link field. */
1141 if (info->ldinfo_next == 0)
1143 p += info->ldinfo_next;
1146 char* p = (char*)&ld_info32_array;
1148 struct __ld_info32* info = (struct __ld_info32*)p;
1151 "launcher", "parent: text 0x%llx-0x%llx data 0x%llx-0x%llx\n",
1152 (Addr64)(UWord)info->ldinfo_textorg,
1153 (Addr64)(UWord)info->ldinfo_textorg + info->ldinfo_textsize,
1154 (Addr64)(UWord)info->ldinfo_dataorg,
1155 (Addr64)(UWord)info->ldinfo_dataorg + info->ldinfo_datasize
1158 Int ir = close(info->_file._ldinfo_fd);
1160 /* The last entry in the array is marked by having a zero
1161 offset-link field. */
1162 if (info->ldinfo_next == 0)
1164 p += info->ldinfo_next;
1168 /* The first entry in that array -- and it is guaranteed to to have
1169 at least one entry -- is that of the the main executable. We
1170 need to put our bootblock in one of the pages the main
1171 executable's data segment. The abovementioned AIX 'ptrace'
1174 To allow a debugger to generate code more easily (in order to
1175 handle fast trap instructions, for example), memory from the
1176 end of the main program up to the next segment boundary can be
1177 modified. That memory is read-only to the process but can be
1178 modified by the debugger.
1180 which would be great if it actually worked reliably; but not so.
1181 On AIX 5.2 this is true, but on 5.3 it appears to be impossible
1182 to read or write (via ptrace) anything beyond the last page of
1183 the executable's text section.
1185 Addr64 c_cand_text_first, c_cand_text_last;
1189 = (Addr64)ld_info64_array[0].ldinfo_dataorg;
1192 + ld_info64_array[0].ldinfo_datasize - 1;
1195 = (Addr64)(UWord)ld_info32_array[0].ldinfo_dataorg;
1198 + ld_info32_array[0].ldinfo_datasize - 1;
1201 VG_(debugLog)(1, "launcher",
1202 "parent: candidate first 0x%llx last 0x%llx\n",
1203 c_cand_text_first, c_cand_text_last);
1205 /* Page align the text section limits. */
1206 Addr64 c_first_page = ROUNDDN_PAGE( c_cand_text_first );
1207 Addr64 c_last_page = ROUNDDN_PAGE( c_cand_text_last );
1209 /* It's safe to try out any page p satisfying
1210 c_first_page <= p && p <= c_last_page
1213 /* CHOOSE A PAGE. Do a test compression of available pages until
1214 we find one for which compression yields enough free space to
1215 put the bootblock in. */
1217 Addr64 c_chosen_page = 0;
1219 UChar p_page_unzbuf[PAGE_SIZE];
1220 UChar p_page_unzbuf2[PAGE_SIZE];
1221 UChar p_page_zbuf[PAGE_SIZE + 384 + 8/*paranoia*/];
1223 for (c_page = c_first_page; c_page <= c_last_page; c_page += PAGE_SIZE) {
1224 assert(IS_PAGE_ALIGNED(c_page));
1225 err = ptrace_read_page( child, p_page_unzbuf, c_page );
1227 return "read of page from child failed(1)";
1228 zsize = Huffman_Compress(p_page_unzbuf, p_page_zbuf, PAGE_SIZE);
1229 assert(zsize >= 0 && zsize <= PAGE_SIZE + 384);
1231 /* Do a test decompression, to check the compress/decompress
1232 cycle works properly */
1233 Huffman_Uncompress( p_page_zbuf, p_page_unzbuf2,
1234 PAGE_SIZE + 384, PAGE_SIZE);
1235 assert(0 == memcmp(p_page_unzbuf, p_page_unzbuf2, PAGE_SIZE));
1237 VG_(debugLog)(1, "launcher",
1238 "parent: page 0x%llx has %d usable bytes\n",
1239 c_page, PAGE_SIZE - zsize);
1241 if ( (Int)(PAGE_SIZE - zsize)
1242 >= (Int)sizeof(AIX5Bootblock)+8/*paranoia*/) {
1243 c_chosen_page = c_page;
1248 if (c_chosen_page == NULL)
1249 return "can't find a page with enough free space for bootblock";
1251 /* Compress the chosen page, leaving the compressed data at the
1252 start of the page, and put the bootblock at the end of the
1255 VG_(debugLog)(1, "launcher",
1256 "parent: reading page at 0x%llx\n", c_chosen_page);
1258 err = ptrace_read_page( child, p_page_unzbuf, c_chosen_page );
1260 return "read of page from child failed(2)";
1262 block.adler32 = compute_adler32( p_page_unzbuf, PAGE_SIZE );
1263 VG_(debugLog)(1, "launcher",
1264 "parent: adler32 of unz page is 0x%x\n", block.adler32);
1266 memset(p_page_zbuf, 0, sizeof(p_page_zbuf));
1267 zsize = Huffman_Compress(p_page_unzbuf, p_page_zbuf, PAGE_SIZE);
1268 assert(zsize >= 0 && zsize <= PAGE_SIZE + 384);
1270 assert(PAGE_SIZE - zsize >= sizeof(AIX5Bootblock)+8/*paranoia*/);
1272 UChar* p_dst = p_page_zbuf + PAGE_SIZE - sizeof(AIX5Bootblock);
1273 Addr64 c_dst = c_chosen_page + PAGE_SIZE - sizeof(AIX5Bootblock);
1274 assert(IS_8_ALIGNED(c_dst));
1276 VG_(debugLog)(1, "launcher",
1277 "parent: free space starts at 0x%llx in child\n",
1278 c_chosen_page + zsize);
1279 VG_(debugLog)(1, "launcher",
1280 "parent: bootblock will be at 0x%llx in child\n",
1283 *(AIX5Bootblock*)p_dst = block;
1285 VG_(debugLog)(1, "launcher",
1286 "parent: writing page at 0x%llx\n", c_chosen_page);
1288 err = ptrace_write_page( child, c_chosen_page, p_page_zbuf );
1290 return "write of page to child failed";
1292 /* Do a test read back to ensure ptrace didn't screw up. */
1294 err = ptrace_read_page( child, p_page_unzbuf2, c_chosen_page );
1296 return "test read back of boot page failed (1)";
1297 if (0 != memcmp(p_page_zbuf, p_page_unzbuf2, PAGE_SIZE))
1298 return "test read back of boot page failed (2)";
1300 /* Finally .. set the program counter so that when we detach, our
1301 magic stub is run, not the original program. */
1303 VG_(debugLog)(1, "launcher",
1304 "parent: set child's pc to 0x%llx\n",
1305 c_dst + offsetof(AIX5Bootblock,code) );
1306 err = ptrace_put_pc ( child, c_dst + offsetof(AIX5Bootblock,code) );
1308 return "write of new initial pc into child failed";
1310 VG_(debugLog)(1, "launcher",
1311 "parent: set child's r31 to 0x%llx\n", c_dst);
1312 err = ptrace_put_r31 ( child, c_dst );
1314 return "write of new r31 into child failed";
1316 return NULL; /* success */
1320 /* -------------------------------------------------------------- */
1322 /* --- END write bootstrap loader into child process --- */
1324 /* -------------------------------------------------------------- */
1326 static void barf ( int exitcode, char* argv0, char* msg )
1328 fprintf(stderr, "%s: %s\n", argv0, msg);
1332 int main ( int argc, char** argv, char** envp )
1336 const char *toolname = NULL;
1337 char *clientname = NULL;
1339 /* First, look in our own /proc/<pid>/sysent file to find
1340 the syscall numbers for kwrite and _getpid. These are needed
1341 to make the VG_(debugLog) usable. We'll temporarily use
1342 the sysent_buf used by write_bootstrap_loader_into_child for this
1345 char sysent_name[50];
1347 int sysent_used = 0;
1348 prsysent_t* sysent_hdr;
1353 sprintf(sysent_name, "/proc/%d/sysent", getpid());
1354 sysent_file = fopen(sysent_name, "r");
1355 if (sysent_file == NULL)
1356 barf(1, argv[0], "Can't open my own /proc/<pid>/sysent file");
1358 sysent_used = fread(sysent_buf, 1, LAUNCHER_SYSENT_SIZE, sysent_file);
1359 if (sysent_used == 0)
1360 barf(1, argv[0], "Error reading my own /proc/<pid>/sysent file");
1361 if (sysent_used == LAUNCHER_SYSENT_SIZE)
1362 barf(1, argv[0], "LAUNCHER_SYSENT_SIZE is too low; increase and recompile");
1363 assert(sysent_used > 0 && sysent_used < LAUNCHER_SYSENT_SIZE);
1365 fclose(sysent_file);
1367 sysent_hdr = (prsysent_t*)&sysent_buf[0];
1369 /* Find some syscall numbers for the child. Note, we copy them
1370 from our own /proc/../sysent file, which isn't really right. */
1371 Word __nr__getpid = -1;
1372 Word __nr_kwrite = -1;
1373 for (i = 0; i < sysent_hdr->pr_nsyscalls; i++) {
1374 char* name = &sysent_buf[ sysent_hdr->pr_syscall[i].pr_nameoff ];
1375 int nmbr = sysent_hdr->pr_syscall[i].pr_number;
1376 if (0 == strcmp(name, "_getpid"))
1377 __nr__getpid = nmbr;
1378 if (0 == strcmp(name, "kwrite"))
1381 if (__nr__getpid == -1 || __nr_kwrite == -1)
1382 barf(1, argv[0], "can't establish syscall #s needed for startup");
1384 /* "Tell" m_vkiscnums about them */
1385 __NR_getpid = __nr__getpid;
1386 __NR_write = __nr_kwrite;
1388 /* Right, now we're safe to start the debug logging system. */
1389 /* Start the debugging-log system ASAP. First find out how many
1390 "-d"s were specified. This is a pre-scan of the command line.
1391 At the same time, look for the tool name. */
1393 for (i = 1; i < argc; i++) {
1394 if (argv[i][0] != '-') {
1395 clientname = argv[i];
1398 if (0 == strcmp(argv[i], "--")) {
1400 clientname = argv[i+1];
1403 if (0 == strcmp(argv[i], "-d"))
1405 if (0 == strncmp(argv[i], "--tool=", 7))
1406 toolname = argv[i] + 7;
1409 /* ... and start the debug logger. Now we can safely emit logging
1410 messages all through startup. */
1411 VG_(debugLog_startup)(loglevel, "Stage 1");
1413 /* Make sure we know which tool we're using */
1415 VG_(debugLog)(1, "launcher", "tool '%s' requested\n", toolname);
1417 VG_(debugLog)(1, "launcher",
1418 "no tool requested, defaulting to 'memcheck'\n");
1419 toolname = "memcheck";
1422 /* Do some preliminary sanity checks */
1423 long pagesize = sysconf(_SC_PAGESIZE);
1424 if (pagesize != 4096)
1425 barf(1, argv[0], "config error: sysconf(_SC_PAGESIZE) is not 4096");
1427 assert(PAGE_SIZE == 4096); /* stay sane */
1429 const char* valgrind_lib = VG_LIBDIR;
1431 /* If there is no program to run, which will be the case if the
1432 user just does "valgrind --help", etc, run a dummy do-nothing
1433 program so at least the tool can get started and handle the
1434 --help/--version etc. It spots the fact that this is a dummy
1435 program and acts like it was started with no program, hence
1436 behaving the same as the Linux ports would have. */
1437 if (clientname == NULL) {
1440 const char* noop_exe_name = "no_op_client_for_valgrind";
1441 const char* up_n_bindir = "/../../bin";
1442 clientname = malloc(strlen(valgrind_lib) + strlen(up_n_bindir)
1443 + 2 + strlen(noop_exe_name));
1444 if (clientname == NULL) {
1445 fprintf(stderr,"%s: malloc of clientname failed\n", argv[0]);
1448 sprintf(clientname, "%s%s/%s", valgrind_lib, up_n_bindir, noop_exe_name);
1449 /* now we have to add it to the end of argv, which means making
1450 that one word longer. How tedious. */
1451 for (j = 0; argv[j]; j++)
1454 new_argv = calloc(j, sizeof(char*));
1455 if (new_argv == NULL) {
1456 fprintf(stderr,"%s: malloc of new_argv failed\n", argv[0]);
1459 for (i = 0; i < j-2; i++)
1460 new_argv[i] = argv[i];
1461 new_argv[j-2] = clientname;
1462 assert(new_argv[j-1] == NULL);
1467 if (argc < 2 || toolname == NULL || clientname == NULL)
1468 barf(1, argv[0], "usage: valgrind [args-for-valgrind] prog args");
1470 /* Find the client, and figure out if it's a 32- or 64-bit
1472 VG_(debugLog)(1, "launcher", "searching for client in $PATH\n");
1473 if (strchr(clientname, '/') == NULL)
1474 clientname = (char*)find_client(clientname);
1475 VG_(debugLog)(1, "launcher", "found %s\n", clientname);
1477 Int client_exekind = examine_client ( clientname );
1478 switch (client_exekind) {
1486 fprintf(stderr, "%s: requested executable %s\n",
1487 argv[0], clientname);
1488 fprintf(stderr, "%s: not found, or is not a valid XCOFF32 "
1489 "or XCOFF64 executable.\n", argv[0]);
1493 VG_(debugLog)(1, "launcher", "client is an XCOFF%d executable\n",
1496 const char* platform = child.is64 ? "ppc64-aix5" : "ppc32-aix5";
1498 VG_(debugLog)(1, "launcher", "looking for the tool file\n");
1500 char* toolfile = malloc(strlen(valgrind_lib)
1501 + strlen(toolname) + strlen(platform) + 3);
1502 if (toolfile == NULL) {
1503 fprintf(stderr,"%s: malloc of toolfile failed\n", argv[0]);
1506 sprintf(toolfile, "%s/%s-%s", valgrind_lib, toolname, platform);
1508 if (!file_exists(toolfile)) {
1509 fprintf(stderr,"%s: can't stat %s\n", argv[0], toolfile);
1513 /* Force the client to use a 1:1 threading model - this works
1514 because the client inherits our environment. */
1515 VG_(debugLog)(1, "launcher", "doing putenv(\"AIXTHREAD_SCOPE=S\")\n");
1516 Int putenv_err = putenv("AIXTHREAD_SCOPE=S");
1518 fprintf(stderr,"%s: putenv(\"AIXTHREAD_SCOPE=S\") failed\n", argv[0]);
1522 VG_(debugLog)(1, "launcher", "doing putenv(\"MP_SHARED_MEMORY=no\")\n");
1523 putenv_err = putenv("MP_SHARED_MEMORY=no");
1525 fprintf(stderr,"%s: putenv(\"MP_SHARED_MEMORY=no\") failed\n", argv[0]);
1529 /* Find out what the current working directory is, and stuff it into the
1530 environment so that the child can find it. */
1532 memset(wd_buf, 0, sizeof(wd_buf));
1533 if (getcwd(wd_buf, sizeof(wd_buf)-1) == NULL) {
1534 fprintf(stderr,"%s: getcwd(..) failed\n", argv[0]);
1537 assert(wd_buf[ sizeof(wd_buf)-1 ] == 0);
1538 char* set_cwd = calloc(1, 100+sizeof(wd_buf));
1539 if (set_cwd == NULL) {
1540 fprintf(stderr,"%s: calloc of set_cwd failed\n", argv[0]);
1543 sprintf(set_cwd, "VALGRIND_STARTUP_PWD_%d_XYZZY=%s", getpid(), wd_buf);
1544 VG_(debugLog)(1, "launcher", "doing putenv(\"%s\")\n", set_cwd);
1545 putenv_err = putenv(set_cwd);
1547 fprintf(stderr,"%s: putenv(\"VALGRIND_STARTUP_PWD_...\") failed\n",
1552 /* Also, cook up the fully qualified name of this executable. The
1553 following is a kludge, but I don't see how to really get the
1554 fully qualified name on AIX. */
1555 char* up_n_down = "/../../bin/valgrind";
1556 char* launcher = malloc(strlen(valgrind_lib)
1557 + strlen(up_n_down) + 2);
1558 if (launcher == NULL) {
1559 fprintf(stderr,"%s: malloc of launcher failed\n", argv[0]);
1562 sprintf(launcher, "%s%s", valgrind_lib, up_n_down);
1564 if (!file_exists(launcher)) {
1565 fprintf(stderr,"%s: can't stat %s\n", argv[0], launcher);
1571 In the child, ask for a ptrace, then exec argv[2 ..]. This
1572 causes the kernel to complete the exec, hence loading the
1573 child, but does not start it; instead the child remains frozen
1574 so that the parent can mess with it via ptrace().
1576 VG_(debugLog)(1, "launcher", "doing fork()\n");
1578 if (child.pid == -1) {
1579 fprintf(stderr,"%s: fork() failed\n", argv[0]);
1583 if (child.pid == 0) {
1585 VG_(debugLog)(1, "launcher", "child: before ptrace\n");
1586 long rl = ptrace64(PT_TRACE_ME, 0,0,0,0);
1588 fprintf(stderr,"%s: child: ptrace(PT_TRACE_ME, ...) failed\n", argv[0]);
1589 fprintf(stderr,"%s: ", argv[0]);
1594 VG_(debugLog)(1, "launcher", "child: before execve\n");
1596 /* make VALGRIND_LAUNCHER point at something plausible. */
1597 VG_(debugLog)(1, "launcher", "child: launcher = %s\n", launcher);
1598 int r = setenv("VALGRIND_LAUNCHER", launcher, 1/*overwrite*/);
1600 /* setenv failed. */
1601 fprintf(stderr,"%s: child: setenv failed\n", argv[0]);
1602 fprintf(stderr,"%s: ", argv[0]);
1609 /* This is kind-of strange. We're execvp-ing the client but
1610 argv[0] is the toolname, which is irrelevant - m_main ignores
1611 it. However, setting it like this at least makes m_main's
1612 view of the world (as far as the argv goes) look the same as
1613 it does in Linux-land:
1614 tool-exe-name [args for V] client-name [args for client]
1617 int ri = execvp(clientname, &argv[0]);
1618 /* WE ONLY GET HERE IF execve FAILED */
1620 fprintf(stderr,"%s: exec failed: %s: ", argv[0], clientname);
1626 /* --- PARENT --- */
1627 VG_(debugLog)(1, "launcher", "parent: waitpid-ing for child\n");
1629 /* Wait to hear back from the child. */
1630 pid_t p2 = waitpid(child.pid, &status, 0);
1631 /* We could hear back for two reasons. (1) the exec was
1632 successful, and because the child is being ptraced, it is now
1633 waiting for the parent. (2) the exec failed, and so the child
1635 VG_(debugLog)(1, "launcher", "parent: waitpid got pid %d\n", (int)p2);
1636 VG_(debugLog)(1, "launcher", "parent: waitpid got status 0x%x\n", status);
1637 assert(p2 == child.pid); /* Huh?! We only have one child. */
1639 if (WIFEXITED(status)) {
1640 /* Case (2) - exec failed. */
1641 fprintf(stderr, "parent: child's exec failed.\n");
1645 /* else case (1) must apply */
1646 assert(WIFSTOPPED(status));
1648 /* ------ BEGIN write bootstrap pages into child ------ */
1650 /* In this section, if for any reason we can't continue to the
1651 child-detach and so have to give up, we have to kill the child,
1652 else it'll become a zombie. That's what the code at
1653 latched_error: does. */
1655 = write_bootstrap_loader_into_child ( &child, toolfile );
1656 /* Returns NULL if no error, else points to a string of at least
1657 some descriptiveness. */
1661 /* ------ END write bootstrap pages into child ------ */
1663 VG_(debugLog)(1, "launcher", "parent: detaching child\n");
1664 long lr = ptrace64(PT_DETACH, (ULong)child.pid, 0, SIGCONT, 0);
1665 VG_(debugLog)(1, "launcher", "parent: detach got %ld\n", lr);
1667 VG_(debugLog)(1, "launcher", "parent: waiting for child to finish\n");
1669 p2 = waitpid(child.pid, &status, 0);
1670 assert(p2 == child.pid);
1672 fprintf(stderr,"parent: child finished, status 0x%x 0x%x\n",
1673 status, WEXITSTATUS(status));
1675 if (WIFEXITED(status)) {
1676 VG_(debugLog)(1, "launcher",
1677 "parent: child finished normally, exit code %d\n",
1678 WEXITSTATUS(status));
1679 return WEXITSTATUS(status);
1681 else if (WIFSIGNALED(status)) {
1682 VG_(debugLog)(1, "launcher",
1683 "parent: child exited on signal %d\n",
1684 (int)WTERMSIG(status));
1685 /* Since the child exited with a signal, we'd better
1686 whack ourselves on the head with the same signal. */
1687 kill( getpid(), (int)WTERMSIG(status) );
1688 /* presumably NOTREACHED? */
1689 return 0; /* This is completely bogus */
1692 /* erm. Can we ever get here? */
1698 /* We get here if there was some kind of problem messing with the
1699 child whilst we still had it latched by ptrace. In this case we
1700 need to kill it before exiting, since otherwise it will become a
1703 fprintf(stderr, "%s: error while doing ptracery on '%s'\n",
1704 argv[0], clientname);
1705 fprintf(stderr, "%s: error is: %s\n",
1710 /*--------------------------------------------------------------------*/
1711 /*--- end launcher-aix5.c ---*/
1712 /*--------------------------------------------------------------------*/