macho-unwind-info
A zero-copy parser for the contents of the __unwind_info section of a mach-O binary.
Quickly look up the unwinding opcode for an address. Then parse the opcode to find out how to recover the return address and the caller frame's register values.
This crate is intended to be fast enough to be used in a sampling profiler. Re-parsing from scratch is cheap and can be done on every sample.
For the full unwinding experience, both __unwind_info and __eh_frame may need to be consulted. The two sections are complementary: __unwind_info handles the easy cases, and refers to an __eh_frame FDE for the hard cases. Conversely, __eh_frame only includes FDEs for functions whose unwinding info cannot be represented in __unwind_info.
On x86 and x86_64, __unwind_info can represent most functions regardless of whether they were compiled with framepointers or without.
On arm64, compiling without framepointers is strongly discouraged, and __unwind_info can only represent functions which have framepointers or which don't need to restore any registers. As a result, if you have an arm64 binary without framepointers (rare!), then the __unwind_info basically just acts as an index for __eh_frame, similarly to .eh_frame_hdr for ELF.
In clang's default configuration for arm64, non-leaf functions have framepointers and leaf functions without stored registers on the stack don't have framepointers. For leaf functions, the return address is kept in the lr register for the entire duration of the function. And the unwind info lets you discern between these two types of functions ("frame-based" and "frameless").
Example
use macho_unwind_info::UnwindInfo;
use macho_unwind_info::opcodes::OpcodeX86_64;
let unwind_info = UnwindInfo::parse(data)?;
if let Some(function) = unwind_info.lookup(0x1234)? {
println!("Found function entry covering the address 0x1234:");
let opcode = OpcodeX86_64::parse(function.opcode);
println!("0x{:08x}..0x{:08x}: {}", function.start_address, function.end_address, opcode);
}
Command-line usage
This repository also contains two CLI executables. You can install them like so:
% cargo install --examples macho-unwind-info
Acknowledgements
Thanks a ton to @Gankra for documenting this format at https://gankra.github.io/blah/compact-unwinding/.
License
Licensed under either of
- Apache License, Version 2.0 (
LICENSE-APACHEor http://www.apache.org/licenses/LICENSE-2.0) - MIT license (
LICENSE-MITor http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
294 Dec 23, 2022
2 Oct 17, 2022
5 Dec 20, 2022
3 Dec 18, 2022
7 Nov 21, 2022
53 Jul 3, 2023
155 Dec 29, 2022
43 Jan 4, 2023
70 Dec 13, 2022
1.6k Jan 5, 2023
34 Dec 18, 2022
4 Dec 1, 2022
11 May 9, 2023
97 Jun 26, 2023
51 Oct 4, 2023
12 Nov 27, 2023
3 Dec 19, 2022
5 Aug 6, 2022
3 Dec 19, 2022
10 Jun 18, 2023
2 Mar 19, 2022
23 Dec 29, 2022
4 Nov 28, 2022
3 Aug 21, 2023
24 Aug 28, 2022
5 Oct 26, 2022
12 Jun 4, 2023
8 Sep 16, 2022