What does ovly_debug_event do in chrome?

Question

I was looking at chrome's thread stacks when I noticed that a lot of threads have a trace similar to this:

0, wow64cpu.dll!TurboDispatchJumpAddressEnd+0x6c0
1, wow64cpu.dll!TurboDispatchJumpAddressEnd+0x4a8
2, wow64.dll!Wow64SystemServiceEx+0x1ce
3, wow64.dll!Wow64LdrpInitialize+0x429
4, ntdll.dll!RtlIsDosDeviceName_U+0x24c87
5, ntdll.dll!LdrInitializeThunk+0xe
6, ntdll.dll!ZwWaitForSingleObject+0x15
7, kernel32.dll!WaitForSingleObjectEx+0x43
8, kernel32.dll!WaitForSingleObject+0x12
9, chrome.dll!ovly_debug_event+0x16574
10, chrome.dll!ovly_debug_event+0x14904
11, chrome.dll!ovly_debug_event+0x14826
12, chrome.dll!ovly_debug_event+0x16d19
13, chrome.dll!ovly_debug_event+0x1bea1b
14, chrome.dll!ovly_debug_event+0xe8ff4
15, chrome.dll!ovly_debug_event+0x16b50
16, chrome.dll!ovly_debug_event+0x16ab2
17, kernel32.dll!BaseThreadInitThunk+0x12
18, ntdll.dll!RtlInitializeExceptionChain+0x63
19, ntdll.dll!RtlInitializeExceptionChain+0x36

The chromium source has the following code in sel_ldr.c which seems to declare ovly_debug_event as an almost empty function:

void _ovly_debug_event (void) {
#ifdef __GNUC__
  /*
   * The asm volatile is here as instructed by the GCC docs.
   * It's not enough to declare a function noinline.
   * GCC will still look inside the function to see if it's worth calling.
   */
  __asm__ volatile ("");
#elif NACL_WINDOWS
  /*
   * Visual Studio inlines empty functions even with noinline attribute,
   * so we need a compile memory barrier to make this function not to be
   * inlined. Also, it guarantees that nacl_global_xlate_base initialization
   * is not reordered. This is important for gdb since it sets breakpoint on
   * this function and reads nacl_global_xlate_base value.
   */
  _ReadWriteBarrier();
#endif
}

static void StopForDebuggerInit (uintptr_t mem_start) {
  /* Put xlate_base in a place where gdb can find it.  */
  nacl_global_xlate_base = mem_start;

  NaClSandboxMemoryStartForValgrind(mem_start);

  _ovly_debug_event();
}

This raises the question: Why does chrome seem to spend so much time in a function that is only for debugging and is almost empty in chromium?

Answer 1

Note the massive offsets, such as 0x16574 into this function. It appears you don't have private symbols for chrome.dll, so the debugger is finding the closest (well, closest previous) publically exported symbol.

In other words, you aren't in _ovly_debug_event. You're in a function that was laid out after it in the executable, but that isn't publically exported.

To try to resolve this, if you want to see what's actually happening, you can add http://chromium-browser-symsrv.commondatastorage.googleapis.com to your symbol path. In windbg, the command would be

.sympath+ SRV*C:\tmp*http://chromium-browser-symsrv.commondatastorage.googleapis.com

Answer 2

Additionally, that function is actually a helper function for GDB to aid debugging overlays. See https://sourceware.org/gdb/onlinedocs/gdb/Automatic-Overlay-Debugging.html.