The runtime dwarf unwinder doesn't handle DW_CFA_def_cfa_expression, DW_CFA_expression and DW_CFA_val_expression which handle values defined as dwarf operations. The unwinder fails in such cases and we need to fall back to raw stack walking. It would be nice to reuse some of the loc2c code for this so we are able to kind of precompile the operations. That would also benefit from the (stack depth) limits already in place in loc2c (but note that not all dwarf expressions are allowed in the call frame information). It isn't clear how to do this simply.
Have such expressions been seen in the wild?
If "in the wild" means do they actually appear in real binaries, the answer is yes. If you mean "has it hampered some unwinding some systemtap user tried", then who knows. pmachata recently did some scripted CFI analysis on a large raft of OS binaries, which cited the subset of these cases where a recently-fixed gcc bug was involved. It would be simpler to script grepping for all DW_CFA_expression, DW_CFA_def_cfa_expression, and DW_CFA_val_expression uses. GCC can emit DW_CFA_expression and DW_CFA_def_cfa_expression for x86 and perhaps other machines. Without doing the aforementioned grepping, off hand we have only noticed it being used in x86-32 code generation so far. glibc uses those in the signal frame on x86_64, and uses DW_CFA_val_expression in its locking code (used both inside glibc and for libpthread) for x86_64 and i386.
*** Bug 11898 has been marked as a duplicate of this bug. ***
See test case in bug #11898.
commit d3ddec6 improves that test case. It still needs more thorough testing, and cases in the testsuite.
committed, and included security bug was later fixed.