StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Automated rollback of commit a850aa44d2.

Browse Source 
PiperOrigin-RevId: 380897565
Change-Id: Iacc50697a5ff25b79272a1549291bbf32152d3f6
This commit is contained in:
Sandboxed API Team 2021-06-22 14:49:54 -07:00 committed by Copybara-Service
parent 0ec4f07f96
commit 4a38f59728
7 changed files with 167 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
sandboxed_api/sandbox2/monitor.cc
View File

@ -68,7 +68,6 @@
#include "sandboxed_api/sandbox2/util.h"
#include "sandboxed_api/util/file_helpers.h"
#include "sandboxed_api/util/raw_logging.h"
#include "sandboxed_api/util/status_macros.h"
#include "sandboxed_api/util/temp_file.h"
using std::string;
@ -374,15 +373,8 @@ void Monitor::SetAdditionalResultInfo(std::unique_ptr<Regs> regs) {
}
auto* ns = policy_->GetNamespace();
const Mounts empty_mounts;
absl::StatusOr<std::vector<std::string>> stack_trace =
GetStackTrace(result_.GetRegs(), ns ? ns->mounts() : empty_mounts);
if (!stack_trace.ok()) {
LOG(ERROR) << "Could not obtain stack trace: " << stack_trace.status();
return;
}
result_.set_stack_trace(*stack_trace);
result_.set_stack_trace(
GetStackTrace(result_.GetRegs(), ns ? ns->mounts() : empty_mounts));
LOG(INFO) << "Stack trace: [";
for (const auto& frame : CompactStackTrace(result_.stack_trace())) {
@ -944,18 +936,13 @@ void Monitor::StateProcessStopped(pid_t pid, int status) {
if (ABSL_PREDICT_FALSE(pid == pid_ && should_dump_stack_ &&
executor_->libunwind_sbox_for_pid_ == 0 &&
policy_->GetNamespace())) {
auto stack_trace = [this,
pid]() -> absl::StatusOr<std::vector<std::string>> {
Regs regs(pid);
SAPI_RETURN_IF_ERROR(regs.Fetch());
return GetStackTrace(&regs, policy_->GetNamespace()->mounts());
}();
if (!stack_trace.ok()) {
LOG(WARNING) << "FAILED TO GET SANDBOX STACK : " << stack_trace.status();
Regs regs(pid);
if (auto status = regs.Fetch(); !status.ok()) {
LOG(WARNING) << "FAILED TO GET SANDBOX STACK : " << status;
} else if (SAPI_VLOG_IS_ON(0)) {
VLOG(0) << "SANDBOX STACK: PID: " << pid << ", [";
for (const auto& frame : *stack_trace) {
for (const auto& frame :
GetStackTrace(&regs, policy_->GetNamespace()->mounts())) {
VLOG(0) << " " << frame;
}
VLOG(0) << "]";

135
sandboxed_api/sandbox2/stack_trace.cc
View File

@ -24,10 +24,8 @@
#include <vector>
#include <glog/logging.h>
#include "absl/cleanup/cleanup.h"
#include "sandboxed_api/util/flag.h"
#include "absl/memory/memory.h"
#include "absl/status/status.h"
#include "absl/strings/numbers.h"
#include "absl/strings/str_cat.h"
#include "absl/strings/strip.h"
@ -47,7 +45,6 @@
#include "sandboxed_api/sandbox2/util/bpf_helper.h"
#include "sandboxed_api/util/fileops.h"
#include "sandboxed_api/util/path.h"
#include "sandboxed_api/util/status_macros.h"
ABSL_FLAG(bool, sandbox_disable_all_stack_traces, false,
"Completely disable stack trace collection for sandboxees");
@ -56,34 +53,27 @@ ABSL_FLAG(bool, sandbox_libunwind_crash_handler, true,
"Sandbox libunwind when handling violations (preferred)");
namespace sandbox2 {
namespace {
namespace file = ::sapi::file;
namespace file_util = ::sapi::file_util;
// Similar to GetStackTrace() but without using the sandbox to isolate
// libunwind.
absl::StatusOr<std::vector<std::string>> UnsafeGetStackTrace(pid_t pid) {
LOG(WARNING) << "Using non-sandboxed libunwind";
return RunLibUnwindAndSymbolizer(pid, kDefaultMaxFrames);
}
} // namespace
class StackTracePeer {
public:
static absl::StatusOr<std::unique_ptr<Policy>> GetPolicy(
pid_t target_pid, const std::string& maps_file,
const std::string& app_path, const std::string& exe_path,
const Mounts& mounts);
static std::unique_ptr<Policy> GetPolicy(pid_t target_pid,
const std::string& maps_file,
const std::string& app_path,
const std::string& exe_path,
const Mounts& mounts);
static absl::StatusOr<UnwindResult> LaunchLibunwindSandbox(
const Regs* regs, const Mounts& mounts);
static bool LaunchLibunwindSandbox(const Regs* regs, const Mounts& mounts,
UnwindResult* result);
};
absl::StatusOr<std::unique_ptr<Policy>> StackTracePeer::GetPolicy(
pid_t target_pid, const std::string& maps_file, const std::string& app_path,
const std::string& exe_path, const Mounts& mounts) {
std::unique_ptr<Policy> StackTracePeer::GetPolicy(pid_t target_pid,
const std::string& maps_file,
const std::string& app_path,
const std::string& exe_path,
const Mounts& mounts) {
PolicyBuilder builder;
builder
// Use the mounttree of the original executable as starting point.
@ -157,18 +147,23 @@ absl::StatusOr<std::unique_ptr<Policy>> StackTracePeer::GetPolicy(
}
}
SAPI_ASSIGN_OR_RETURN(std::unique_ptr<Policy> policy, builder.TryBuild());
auto policy = builder.TryBuild();
if (!policy.ok()) {
LOG(ERROR) << "Creating stack unwinder sandbox policy failed";
return nullptr;
}
auto keep_capabilities = absl::make_unique<std::vector<int>>();
keep_capabilities->push_back(CAP_SYS_PTRACE);
policy->AllowUnsafeKeepCapabilities(std::move(keep_capabilities));
(*policy)->AllowUnsafeKeepCapabilities(std::move(keep_capabilities));
// Use no special namespace flags when cloning. We will join an existing
// user namespace and will unshare() afterwards (See forkserver.cc).
policy->GetNamespace()->clone_flags_ = 0;
return std::move(policy);
(*policy)->GetNamespace()->clone_flags_ = 0;
return std::move(*policy);
}
absl::StatusOr<UnwindResult> StackTracePeer::LaunchLibunwindSandbox(
const Regs* regs, const Mounts& mounts) {
bool StackTracePeer::LaunchLibunwindSandbox(const Regs* regs,
const Mounts& mounts,
sandbox2::UnwindResult* result) {
const pid_t pid = regs->pid();
// Tell executor to use this special internal mode.
@ -188,8 +183,8 @@ absl::StatusOr<UnwindResult> StackTracePeer::LaunchLibunwindSandbox(
char unwind_temp_directory_template[] = "/tmp/.sandbox2_unwind_XXXXXX";
char* unwind_temp_directory = mkdtemp(unwind_temp_directory_template);
if (!unwind_temp_directory) {
return absl::InternalError(
"Could not create temporary directory for unwinding");
LOG(WARNING) << "Could not create temporary directory for unwinding";
return false;
}
struct UnwindTempDirectoryCleanup {
~UnwindTempDirectoryCleanup() {
@ -205,7 +200,8 @@ absl::StatusOr<UnwindResult> StackTracePeer::LaunchLibunwindSandbox(
if (!file_util::fileops::CopyFile(
file::JoinPath("/proc", absl::StrCat(pid), "maps"),
unwind_temp_maps_path, 0400)) {
return absl::InternalError("Could not copy maps file");
LOG(WARNING) << "Could not copy maps file";
return false;
}
// Get path to the binary.
@ -215,7 +211,8 @@ absl::StatusOr<UnwindResult> StackTracePeer::LaunchLibunwindSandbox(
std::string app_path;
std::string proc_pid_exe = file::JoinPath("/proc", absl::StrCat(pid), "exe");
if (!file_util::fileops::ReadLinkAbsolute(proc_pid_exe, &app_path)) {
return absl::InternalError("Could not obtain absolute path to the binary");
LOG(WARNING) << "Could not obtain absolute path to the binary";
return false;
}
// The exe_path will have a mountable path of the application, even if it was
@ -230,7 +227,8 @@ absl::StatusOr<UnwindResult> StackTracePeer::LaunchLibunwindSandbox(
// Create a copy of /proc/pid/exe, mount that one.
exe_path = file::JoinPath(unwind_temp_directory, "exe");
if (!file_util::fileops::CopyFile(proc_pid_exe, exe_path, 0700)) {
return absl::InternalError("Could not copy /proc/pid/exe");
LOG(WARNING) << "Could not copy /proc/pid/exe";
return false;
}
}
@ -238,9 +236,11 @@ absl::StatusOr<UnwindResult> StackTracePeer::LaunchLibunwindSandbox(
// Add mappings for the binary (as they might not have been added due to the
// forkserver).
SAPI_ASSIGN_OR_RETURN(std::unique_ptr<Policy> policy,
StackTracePeer::GetPolicy(pid, unwind_temp_maps_path,
app_path, exe_path, mounts));
auto policy = StackTracePeer::GetPolicy(pid, unwind_temp_maps_path, app_path,
exe_path, mounts);
if (!policy) {
return false;
}
Sandbox2 sandbox(std::move(executor), std::move(policy));
VLOG(1) << "Running libunwind sandbox";
@ -253,53 +253,37 @@ absl::StatusOr<UnwindResult> StackTracePeer::LaunchLibunwindSandbox(
sizeof(regs->user_regs_));
msg.set_default_max_frames(kDefaultMaxFrames);
absl::Cleanup kill_sandbox = [&sandbox]() {
sandbox.Kill();
sandbox.AwaitResult().IgnoreResult();
};
bool success = true;
if (!comms->SendProtoBuf(msg)) {
return absl::InternalError("Sending libunwind setup message failed");
}
absl::Status status;
if (!comms->RecvStatus(&status)) {
return absl::InternalError(
"Receiving status from libunwind sandbox failed");
}
if (!status.ok()) {
return status;
}
UnwindResult result;
if (!comms->RecvProtoBuf(&result)) {
return absl::InternalError("Receiving libunwind result failed");
LOG(ERROR) << "Sending libunwind setup message failed";
success = false;
}
std::move(kill_sandbox).Cancel();
if (success && !comms->RecvProtoBuf(result)) {
LOG(ERROR) << "Receiving libunwind result failed";
success = false;
}
if (!success) {
sandbox.Kill();
}
auto sandbox_result = sandbox.AwaitResult();
LOG(INFO) << "Libunwind execution status: " << sandbox_result.ToString();
if (sandbox_result.final_status() != Result::OK) {
return absl::InternalError(
absl::StrCat("libunwind sandbox did not finish properly: ",
sandbox_result.ToString()));
}
return result;
return success && sandbox_result.final_status() == Result::OK;
}
absl::StatusOr<std::vector<std::string>> GetStackTrace(const Regs* regs,
const Mounts& mounts) {
std::vector<std::string> GetStackTrace(const Regs* regs, const Mounts& mounts) {
if constexpr (sapi::host_cpu::IsArm64()) {
return absl::UnavailableError("Stack traces unavailable on Aarch64");
return {"[Stack traces unavailable]"};
}
if (absl::GetFlag(FLAGS_sandbox_disable_all_stack_traces)) {
return absl::UnavailableError("Stacktraces disabled");
return {"[Stacktraces disabled]"};
}
if (!regs) {
return absl::InvalidArgumentError(
"Could not obtain stacktrace, regs == nullptr");
LOG(WARNING) << "Could not obtain stacktrace, regs == nullptr";
return {"[ERROR (noregs)]"};
}
// Show a warning if sandboxed libunwind is requested but we're running in
@ -319,10 +303,17 @@ absl::StatusOr<std::vector<std::string>> GetStackTrace(const Regs* regs,
return UnsafeGetStackTrace(regs->pid());
}
SAPI_ASSIGN_OR_RETURN(UnwindResult res,
StackTracePeer::LaunchLibunwindSandbox(regs, mounts));
return std::vector<std::string>(res.stacktrace().begin(),
res.stacktrace().end());
UnwindResult res;
if (!StackTracePeer::LaunchLibunwindSandbox(regs, mounts, &res)) {
return {};
}
return {res.stacktrace().begin(), res.stacktrace().end()};
}
std::vector<std::string> UnsafeGetStackTrace(pid_t pid) {
LOG(WARNING) << "Using non-sandboxed libunwind";
std::vector<uintptr_t> ips;
return RunLibUnwindAndSymbolizer(pid, &ips, kDefaultMaxFrames);
}
std::vector<std::string> CompactStackTrace(

13
sandboxed_api/sandbox2/stack_trace.h
View File

@ -19,11 +19,15 @@
#ifndef SANDBOXED_API_SANDBOX2_STACK_TRACE_H_
#define SANDBOXED_API_SANDBOX2_STACK_TRACE_H_
#include <sys/types.h>
#include <cstddef>
#include <memory>
#include <string>
#include <vector>
#include "absl/status/statusor.h"
#include "sandboxed_api/sandbox2/mounts.h"
#include "sandboxed_api/sandbox2/policy.h"
#include "sandboxed_api/sandbox2/regs.h"
namespace sandbox2 {
@ -32,8 +36,11 @@ namespace sandbox2 {
constexpr size_t kDefaultMaxFrames = 200;
// Returns the stack-trace of the PID=pid, one line per frame.
absl::StatusOr<std::vector<std::string>> GetStackTrace(const Regs* regs,
const Mounts& mounts);
std::vector<std::string> GetStackTrace(const Regs* regs, const Mounts& mounts);
// Similar to GetStackTrace() but without using the sandbox to isolate
// libunwind.
std::vector<std::string> UnsafeGetStackTrace(pid_t pid);
// Returns a stack trace that collapses duplicate stack frames and annotates
// them with a repetition count.

2
sandboxed_api/sandbox2/unwind/BUILD.bazel
View File

@ -59,9 +59,7 @@ cc_library(
"//sandboxed_api/sandbox2/util:minielf",
"//sandboxed_api/util:file_helpers",
"//sandboxed_api/util:raw_logging",
"//sandboxed_api/util:status",
"//sandboxed_api/util:strerror",
"@com_google_absl//absl/status:statusor",
"@com_google_absl//absl/strings",
"@org_gnu_libunwind//:unwind-ptrace-wrapped",
],

2
sandboxed_api/sandbox2/unwind/CMakeLists.txt
View File

@ -30,7 +30,6 @@ add_library(sandbox2_unwind STATIC
)
add_library(sandbox2::unwind ALIAS sandbox2_unwind)
target_link_libraries(sandbox2_unwind PRIVATE
absl::statusor
absl::strings
sandbox2::comms
sandbox2::maps_parser
@ -41,7 +40,6 @@ target_link_libraries(sandbox2_unwind PRIVATE
sapi::base
sapi::file_helpers
sapi::raw_logging
sapi::status
unwind::unwind_ptrace_wrapped
)

181
sandboxed_api/sandbox2/unwind/unwind.cc
View File

@ -24,7 +24,6 @@
#include <string>
#include <vector>
#include "absl/status/statusor.h"
#include "absl/strings/match.h"
#include "absl/strings/str_cat.h"
#include "libunwind-ptrace.h"
@ -35,7 +34,6 @@
#include "sandboxed_api/sandbox2/util/minielf.h"
#include "sandboxed_api/util/file_helpers.h"
#include "sandboxed_api/util/raw_logging.h"
#include "sandboxed_api/util/status_macros.h"
#include "sandboxed_api/util/strerror.h"
namespace sandbox2 {
@ -75,77 +73,29 @@ std::string GetSymbolAt(const std::map<uint64_t, std::string>& addr_to_symbol,
return "";
}
absl::StatusOr<std::map<uint64_t, std::string>> LoadSymbolsMap(pid_t pid) {
const std::string maps_filename = absl::StrCat("/proc/", pid, "/maps");
std::string maps_content;
SAPI_RETURN_IF_ERROR(sapi::file::GetContents(maps_filename, &maps_content,
sapi::file::Defaults()));
} // namespace
SAPI_ASSIGN_OR_RETURN(std::vector<MapsEntry> maps,
ParseProcMaps(maps_content));
// Get symbols for each file entry in the maps entry.
// This is not a very efficient way, so we might want to optimize it.
std::map<uint64_t, std::string> addr_to_symbol;
for (const MapsEntry& entry : maps) {
if (!entry.is_executable ||
entry.inode == 0 || // Only parse file-backed entries
entry.path.empty() ||
absl::EndsWith(entry.path, " (deleted)") // Skip deleted files
) {
continue;
}
// Store details about start + end of this map.
// The maps entries are ordered and thus sorted with increasing adresses.
// This means if there is a symbol @ entry.end, it will be overwritten in
// the next iteration.
addr_to_symbol[entry.start] = absl::StrCat("map:", entry.path);
addr_to_symbol[entry.end] = "";
absl::StatusOr<ElfFile> elf =
ElfFile::ParseFromFile(entry.path, ElfFile::kLoadSymbols);
if (!elf.ok()) {
SAPI_RAW_LOG(WARNING, "Could not load symbols for %s: %s",
entry.path.c_str(),
std::string(elf.status().message()).c_str());
continue;
}
for (const ElfFile::Symbol& symbol : elf->symbols()) {
if (elf->position_independent()) {
if (symbol.address < entry.end - entry.start) {
addr_to_symbol[symbol.address + entry.start] = symbol.name;
}
} else {
if (symbol.address >= entry.start && symbol.address < entry.end) {
addr_to_symbol[symbol.address] = symbol.name;
}
}
}
}
return addr_to_symbol;
}
absl::StatusOr<std::vector<uintptr_t>> RunLibUnwind(pid_t pid, int max_frames) {
std::vector<uintptr_t> GetIPList(pid_t pid, int max_frames) {
unw_cursor_t cursor;
static unw_addr_space_t as =
unw_create_addr_space(&_UPT_accessors, 0 /* byte order */);
if (as == nullptr) {
return absl::InternalError("unw_create_addr_space() failed");
SAPI_RAW_LOG(WARNING, "unw_create_addr_space() failed");
return {};
}
std::unique_ptr<struct UPT_info, void (*)(void*)> ui(
reinterpret_cast<struct UPT_info*>(_UPT_create(pid)), _UPT_destroy);
if (ui == nullptr) {
return absl::InternalError("_UPT_create() failed");
SAPI_RAW_LOG(WARNING, "_UPT_create() failed");
return {};
}
int rc = unw_init_remote(&cursor, as, ui.get());
if (rc < 0) {
// Could be UNW_EINVAL (8), UNW_EUNSPEC (1) or UNW_EBADREG (3).
return absl::InternalError(
absl::StrCat("unw_init_remote() failed with error ", rc));
SAPI_RAW_LOG(WARNING, "unw_init_remote() failed with error %d", rc);
return {};
}
std::vector<uintptr_t> ips;
@ -170,22 +120,6 @@ absl::StatusOr<std::vector<uintptr_t>> RunLibUnwind(pid_t pid, int max_frames) {
return ips;
}
absl::StatusOr<std::vector<std::string>> SymbolizeStacktrace(
pid_t pid, const std::vector<uintptr_t>& ips) {
SAPI_ASSIGN_OR_RETURN(auto addr_to_symbol, LoadSymbolsMap(pid));
std::vector<std::string> stack_trace;
stack_trace.reserve(ips.size());
// Symbolize stacktrace
for (uintptr_t ip : ips) {
const std::string symbol =
GetSymbolAt(addr_to_symbol, static_cast<uint64_t>(ip));
stack_trace.push_back(absl::StrCat(symbol, "(0x", absl::Hex(ip), ")"));
}
return stack_trace;
}
} // namespace
bool RunLibUnwindAndSymbolizer(Comms* comms) {
UnwindSetup setup;
if (!comms->RecvProtoBuf(&setup)) {
@ -194,34 +128,87 @@ bool RunLibUnwindAndSymbolizer(Comms* comms) {
EnablePtraceEmulationWithUserRegs(setup.regs());
absl::StatusOr<std::vector<uintptr_t>> ips =
RunLibUnwind(setup.pid(), setup.default_max_frames());
absl::StatusOr<std::vector<std::string>> stack_trace;
if (ips.ok()) {
stack_trace = SymbolizeStacktrace(setup.pid(), *ips);
} else {
stack_trace = ips.status();
}
if (!comms->SendStatus(stack_trace.status())) {
return false;
}
if (!stack_trace.ok()) {
return true;
}
std::vector<uintptr_t> ips;
std::vector<std::string> stack_trace =
RunLibUnwindAndSymbolizer(setup.pid(), &ips, setup.default_max_frames());
UnwindResult msg;
*msg.mutable_stacktrace() = {stack_trace->begin(), stack_trace->end()};
*msg.mutable_ip() = {ips->begin(), ips->end()};
*msg.mutable_stacktrace() = {stack_trace.begin(), stack_trace.end()};
*msg.mutable_ip() = {ips.begin(), ips.end()};
return comms->SendProtoBuf(msg);
}
absl::StatusOr<std::vector<std::string>> RunLibUnwindAndSymbolizer(
pid_t pid, int max_frames) {
SAPI_ASSIGN_OR_RETURN(std::vector<uintptr_t> ips,
RunLibUnwind(pid, max_frames));
return SymbolizeStacktrace(pid, ips);
std::vector<std::string> RunLibUnwindAndSymbolizer(pid_t pid,
std::vector<uintptr_t>* ips,
int max_frames) {
*ips = GetIPList(pid, max_frames); // Uses libunwind
const std::string maps_filename = absl::StrCat("/proc/", pid, "/maps");
std::string maps_content;
if (auto status = sapi::file::GetContents(maps_filename, &maps_content,
sapi::file::Defaults());
!status.ok()) {
SAPI_RAW_LOG(ERROR, "%s", status.ToString().c_str());
return {};
}
auto maps = ParseProcMaps(maps_content);
if (!maps.ok()) {
SAPI_RAW_LOG(ERROR, "Could not parse file: %s", maps_filename.c_str());
return {};
}
// Get symbols for each file entry in the maps entry.
// This is not a very efficient way, so we might want to optimize it.
std::map<uint64_t, std::string> addr_to_symbol;
for (const auto& entry : *maps) {
if (!entry.path.empty()) {
// Store details about start + end of this map.
// The maps entries are ordered and thus sorted with increasing adresses.
// This means if there is a symbol @ entry.end, it will be overwritten in
// the next iteration.
addr_to_symbol[entry.start] = absl::StrCat("map:", entry.path);
addr_to_symbol[entry.end] = "";
}
if (!entry.is_executable ||
entry.inode == 0 || // Only parse file-backed entries
entry.path.empty() ||
absl::EndsWith(entry.path, " (deleted)") // Skip deleted files
) {
continue;
}
auto elf = ElfFile::ParseFromFile(entry.path, ElfFile::kLoadSymbols);
if (!elf.ok()) {
SAPI_RAW_LOG(WARNING, "Could not load symbols for %s: %s",
entry.path.c_str(),
std::string(elf.status().message()).c_str());
continue;
}
for (const auto& symbol : elf->symbols()) {
if (elf->position_independent()) {
if (symbol.address < entry.end - entry.start) {
addr_to_symbol[symbol.address + entry.start] = symbol.name;
}
} else {
if (symbol.address >= entry.start && symbol.address < entry.end) {
addr_to_symbol[symbol.address] = symbol.name;
}
}
}
}
std::vector<std::string> stack_trace;
stack_trace.reserve(ips->size());
// Symbolize stacktrace
for (const auto& ip : *ips) {
const std::string symbol =
GetSymbolAt(addr_to_symbol, static_cast<uint64_t>(ip));
stack_trace.push_back(absl::StrCat(symbol, "(0x", absl::Hex(ip), ")"));
}
return stack_trace;
}
} // namespace sandbox2

6
sandboxed_api/sandbox2/unwind/unwind.h
View File

@ -21,7 +21,6 @@
#include <string>
#include <vector>
#include "absl/status/statusor.h"
#include "sandboxed_api/sandbox2/comms.h"
namespace sandbox2 {
@ -29,8 +28,9 @@ namespace sandbox2 {
// Runs libunwind and the symbolizer and sends the results via comms.
bool RunLibUnwindAndSymbolizer(Comms* comms);
absl::StatusOr<std::vector<std::string>> RunLibUnwindAndSymbolizer(
pid_t pid, int max_frames);
std::vector<std::string> RunLibUnwindAndSymbolizer(pid_t pid,
std::vector<uintptr_t>* ips,
int max_frames);
} // namespace sandbox2