[lldb-dev] Disassembling with no function bounds

jingham at apple.com jingham at apple.com
Wed Jan 21 14:35:29 PST 2015 

The way this is supposed to work in lldb is that the "repeat command" that disassemble registers when you run the disassemble command should do "disassemble from the last instruction disassembled".  So you should just hit return on the empty line to keep disassembling.  It is a general feature that any lldb command can tell the command interpreter what "do me again" - i.e. return on a blank line - should do.  Most commands repeat themselves, some commands like "run" don't auto-repeat because that's generally not what you want, and "source list" does the same trick disassemble was SUPPOSED to do.

But with TOT lldb, something seems to have broken that:

(lldb) dis -s 0x0000000100019b07
->  0x100019b07 <main+55>: movq   %rax, %rdi
    0x100019b0a <main+58>: movb   $0x0, %al
    0x100019b0c <main+60>: callq  0x10001e28a               ; symbol stub for: NSLog
    0x100019b11 <main+65>: leaq   0xa790(%rip), %rcx        ; @Sketch.__TEXT.__ustring + 0
    0x100019b18 <main+72>: movb   $0x0, -0x101(%rbp)
    0x100019b1f <main+79>: movq   %rcx, -0x110(%rbp)
(lldb) 
->  0x100019b07 <main+55>: movq   %rax, %rdi
    0x100019b0a <main+58>: movb   $0x0, %al
    0x100019b0c <main+60>: callq  0x10001e28a               ; symbol stub for: NSLog
    0x100019b11 <main+65>: leaq   0xa790(%rip), %rcx        ; @Sketch.__TEXT.__ustring + 0
    0x100019b18 <main+72>: movb   $0x0, -0x101(%rbp)
    0x100019b1f <main+79>: movq   %rcx, -0x110(%rbp)

Grrr....

Jim


> On Jan 21, 2015, at 2:20 PM, Zachary Turner <zturner at google.com> wrote:
> 
> I tried -c and that didn't work at all (may be a Windows bug which I have to look into).
> 
> I guess what I'm wondering is: Why do I have to care about function bounds at all?  Here's some output from my favorite Windows debugger.  "u main" means unassemble main, and "u" with no arguments means "keep unassembling from the address where the last unassemble stopped".
> 
> 0:000> u main
> expr_test_cl!main [d:\testexe\expr_test.cpp @ 23]:
> 002e1050 55              push    ebp
> 002e1051 8bec            mov     ebp,esp
> 002e1053 68883c3000      push    offset expr_test_cl!__xt_z+0x144 (00303c88)
> 002e1058 e8d0000000      call    expr_test_cl!printf (002e112d)
> 002e105d 83c404          add     esp,4
> 002e1060 68983c3000      push    offset expr_test_cl!__xt_z+0x154 (00303c98)
> 002e1065 e8c3000000      call    expr_test_cl!printf (002e112d)
> 002e106a 83c404          add     esp,4
> 0:000> u
> expr_test_cl!main+0x1d [d:\testexe\expr_test.cpp @ 26]:
> 002e106d 68a83c3000      push    offset expr_test_cl!__xt_z+0x164 (00303ca8)
> 002e1072 e8b6000000      call    expr_test_cl!printf (002e112d)
> 002e1077 83c404          add     esp,4
> 002e107a b801000000      mov     eax,1
> 002e107f 5d              pop     ebp
> 002e1080 c3              ret
> 002e1081 cc              int     3
> 002e1082 cc              int     3
> 0:000> u
> expr_test_cl!main+0x33:
> 002e1083 cc              int     3
> 002e1084 cc              int     3
> 002e1085 cc              int     3
> 002e1086 cc              int     3
> 002e1087 cc              int     3
> 002e1088 cc              int     3
> 002e1089 cc              int     3
> 002e108a cc              int     3
> 0:000> u
> expr_test_cl!main+0x3b:
> 002e108b cc              int     3
> 002e108c cc              int     3
> 002e108d cc              int     3
> 002e108e cc              int     3
> 002e108f cc              int     3
> 002e1090 cc              int     3
> 002e1091 cc              int     3
> 002e1092 cc              int     3
> 0:000> u
> expr_test_cl!main+0x43:
> 002e1093 cc              int     3
> 002e1094 cc              int     3
> expr_test_cl!_get_printf_count_output [f:\dd\vctools\crt\crtw32\stdio\printf.c @ 166]:
> 002e1095 8b0d00b43000    mov     ecx,dword ptr [expr_test_cl!__security_cookie (0030b400)]
> 002e109b 33c0            xor     eax,eax
> 002e109d 83c901          or      ecx,1
> 002e10a0 390d40c53000    cmp     dword ptr [expr_test_cl!__enable_percent_n (0030c540)],ecx
> 002e10a6 0f94c0          sete    al
> 002e10a9 c3              ret
> 0:000> u
> expr_test_cl!_printf_l [f:\dd\vctools\crt\crtw32\stdio\printf.c @ 79]:
> 002e10aa 55              push    ebp
> 002e10ab 8bec            mov     ebp,esp
> 002e10ad 8d4510          lea     eax,[ebp+10h]
> 002e10b0 50              push    eax
> 002e10b1 ff750c          push    dword ptr [ebp+0Ch]
> 002e10b4 ff7508          push    dword ptr [ebp+8]
> 002e10b7 e879060000      call    expr_test_cl!_vprintf_l (002e1735)
> 002e10bc 83c40c          add     esp,0Ch
> 
> Note that there's no knowledge of function bounds.  It just goes.  Is it possible to do something like this in LLDB?  Or if not, can I implement it?
> 
> 
> On Wed Jan 21 2015 at 2:11:03 PM Ed Maste <emaste at freebsd.org> wrote:
> On 21 January 2015 at 16:57, Zachary Turner <zturner at google.com> wrote:
> >
> > Is there any way to work around this restriction?  It seems like it
> > shouldn't matter what the bounds of the function are, or if there's even a
> > function at this address at all.  As long as there's code.
> 
> You should be able to use a combination of -s start address / -e end
> address / -c instruction count.
> 
> Perhaps we could disassemble a small number of instructions starting
> from the provided address if -a is given an address outside of a
> function.
> _______________________________________________
> lldb-dev mailing list
> lldb-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev

More information about the lldb-dev mailing list