<div dir="ltr"><div>Hi,</div><div><br></div><div>I'm trying to create a better support for debugging ASan-enabled binaries in LLDB. I already started by proposing some API into the ASan runtime library (<a href="http://lists.cs.uiuc.edu/pipermail/llvmdev/2014-July/074656.html">http://lists.cs.uiuc.edu/pipermail/llvmdev/2014-July/074656.html</a>), which should enable the debugger to query various additional information the runtime can provide. Basically this means:</div>
<div><br></div><div>* malloc/free traces - given a memory address, the ASan runtime can return recorded stack trace(s) of how that chunk of memory was allocated and/or freed.</div><div><br></div><div>* shadow mapping information - these say how exactly is a memory address mapped into the shadow memory and back.</div>
<div><br></div><div>* locating a memory address - ASan tracks globals and stack variables, so it can provide a name (and size) given such a memory address; for heap addresses it can give out the starting address and size of that chunk.</div>
<div><br></div><div>* gathering report information - when ASan detects an error, the reporting mechanism can provide additional information, e.g. what kind of bug was found ("heap-use-after-free").</div><div><br>
</div><div>For the malloc/free stack traces, it seems the best way to add this feature would be to extend the ValueObject class with a generic API to retrieve a list of HistoryThread objects, with some additional enum/constant-string to tell the type of individual threads. Something like:</div>
<div><span class="" style="white-space:pre"> </span></div><div><span class="" style="white-space:pre"> </span>ThreadList &</div><div><span class="" style="white-space:pre"> </span>ValueObject::GetStackTraces() { ... }</div>
<div><br></div><div>The API for this should be reusable for other libraries/tools, for example malloc_history could provide a very similar information. Since I want this to be available in the SB API as well, Python scripting seems not to be the way to go.</div>
<div><br></div><div>The goal is to have ASan-aware LLDB commands, such as:</div><div><br></div><div><span class="" style="white-space:pre"> </span>(lldb) expr -x 0xf00f00</div><div><span class="" style="white-space:pre"> </span>// prints out the value of the expression, and if it's a pointer also</div>
<div><span class="" style="white-space:pre"> </span>// prints the malloc and free stack traces</div><div><span class="" style="white-space:pre"> </span>(lldb) memory read --shadow 0xf00f00</div><div><span class="" style="white-space:pre"> </span>// prints out the corresponding shadow memory instead</div>
<div><span class="" style="white-space:pre"> </span>(lldb) memory locate 0xf00f00</div><div><span class="" style="white-space:pre"> </span>// says it's a stack variable with name "foo", size, starting address</div>
<div><br></div><div>I'll send patch(es) shortly, but do you have any comments/hints on the idea in general?</div><div><br></div><div>Thanks,</div><div>Kuba</div><div><br></div></div>