[lldb-dev] ASan LLDB debugging extensions

jingham at apple.com jingham at apple.com
Mon Jul 14 19:18:12 PDT 2014 

These would be API's on SBValue, not necessarily ValueObject.  The problem is that you have to hang them off something that the SB API's expose.  We aren't exposing the SystemRuntime to the SB API's.  For instance in the stuff Jason did for Queues, this just got hung off of threads.  I think in general the APIs will be clearer if we, like Jason did, we hang information off the objects they naturally belong to rather than expose to the SB layer "how we got them..."

So we could either do something like:

size_t
SBProcess::GetNumHistoryFramesForAddress(SBAddress, const char *type);

size_t
SBProcess::GetHistoryFrameAtIndexForAddress(SBAddress, const char *type, size_t idx);


etc.  Then you would get the history list passing in the address each time.  That's kind of gross.  We could make this a little better by returning an SBThreadList (what we ain't got yet).

Or we could hang it off of an address directly.  But we want this to be convenient for Xcode to use as well, and it deals mostly with SBValues, so making it grab out an address seems awkward.

So since the SBValue is the thing that will have an allocation history, it seems reasonable to ask it directly.  If it was made up to point to a random address, and that address has ASAN history, I'm not sure why it would be wrong to return that.  And if the address had no history it would be fine to say so.

Jim


> On Jul 14, 2014, at 6:41 PM, Enrico Granata <egranata at apple.com> wrote:
> 
> Hi,
> I have to say I am not so sure this API makes entirely sense on a ValueObject. I do see the rationale: use the ValueObject containing the pointer as the source of the pointer value to then look up.
> However, it's entirely possible to craft VOs from scratch, so there is no additional guarantee that you will get a valid result back just because a VO claims to be a Foo* at 0x123! Given that it doesn't buy us anything, a VO is a pretty heavyweight tool and it seems you wouldn't use anything but an address out of it. So why not just use an address as input?
> 
> I think Jason has been working on a SystemRuntime component for this kind of "underlying execution environment, tell me things" behavior.
> It might be a good design here to sync up with him and see if it makes sense to add these ASanInfo calls to the SR, possibly taking an lldb::addr_t (or an lldb_private::Address, if you feel you might need that kind of detailed info) instead of a ValueObject (since an address is what you really care about anyway, it makes everyone's life easier not having to trade in a complicated creature like a VO)
> 
> Sent from my iPhone
> 
> On Jul 14, 2014, at 6:24 PM, Kuba Břečka <kuba.brecka at gmail.com> wrote:
> 
>> Hi, 
>> 
>> I'm trying to create a better support for debugging ASan-enabled binaries in LLDB. I already started by proposing some API into the ASan runtime library (http://lists.cs.uiuc.edu/pipermail/llvmdev/2014-July/074656.html), which should enable the debugger to query various additional information the runtime can provide. Basically this means:
>> 
>> * malloc/free traces - given a memory address, the ASan runtime can return recorded stack trace(s) of how that chunk of memory was allocated and/or freed.
>> 
>> * shadow mapping information - these say how exactly is a memory address mapped into the shadow memory and back.
>> 
>> * locating a memory address - ASan tracks globals and stack variables, so it can provide a name (and size) given such a memory address; for heap addresses it can give out the starting address and size of that chunk.
>> 
>> * gathering report information - when ASan detects an error, the reporting mechanism can provide additional information, e.g. what kind of bug was found ("heap-use-after-free").
>> 
>> For the malloc/free stack traces, it seems the best way to add this feature would be to extend the ValueObject class with a generic API to retrieve a list of HistoryThread objects, with some additional enum/constant-string to tell the type of individual threads. Something like:
>> 	
>> 	ThreadList &
>> 	ValueObject::GetStackTraces() { ... }
>> 
>> The API for this should be reusable for other libraries/tools, for example malloc_history could provide a very similar information. Since I want this to be available in the SB API as well, Python scripting seems not to be the way to go.
>> 
>> The goal is to have ASan-aware LLDB commands, such as:
>> 
>> 	(lldb) expr -x 0xf00f00
>> 	// prints out the value of the expression, and if it's a pointer also
>> 	// prints the malloc and free stack traces
>> 	(lldb) memory read --shadow 0xf00f00
>> 	// prints out the corresponding shadow memory instead
>> 	(lldb) memory locate 0xf00f00
>> 	// says it's a stack variable with name "foo", size, starting address
>> 
>> I'll send patch(es) shortly, but do you have any comments/hints on the idea in general?
>> 
>> Thanks,
>> Kuba
>> 
>> _______________________________________________
>> lldb-dev mailing list
>> lldb-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev
> _______________________________________________
> lldb-dev mailing list
> lldb-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev

More information about the lldb-dev mailing list