<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/60068>60068</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
Stepping over (ni) on an return (ret) instruction skips two stack frames (instead of one) when debugging an arm binary with LLDB
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
xusheng6
</td>
</tr>
</table>
<pre>
When I debug an arm binary on macOS with LLDB, if I step over (ni) on an `ret` instruction, the target skips two stack frames instead of one. In other words, instead of returning to the caller, it returns to the caller of the caller. This can be reproduced with the following binary, https://github.com/Vector35/debugger/blob/dev/test/binaries/Darwin-arm64/helloworld_func.
The binary is roughly this:
```
_main:
100003f24 sub sp, sp, #0x30
100003f28 stp x29, x30, [sp, #0x20] {__saved_x29} {__saved_x30}
100003f2c add x29, sp, #0x20 {__saved_x29}
100003f30 mov x8, x0
100003f34 mov w0, #0
100003f38 str w0, [sp, #0xc {var_24}] {0x0}
100003f3c stur wzr, [x29, #-0x4 {var_14}] {0x0}
100003f40 stur w8, [x29, #-0x8 {var_18}]
100003f44 str x1, [sp, #0x10 {var_20}]
100003f48 bl _hello
100003f4c mov w0, #0x1
100003f50 bl _hello
100003f54 mov w0, #0x2
100003f58 bl _hello
100003f5c mov w0, #0x3
100003f60 bl _hello
100003f64 ldr w0, [sp, #0xc] {0x0}
100003f68 ldp x29, x30, [sp, #0x20] {__saved_x29} {__saved_x30}
100003f6c add sp, sp, #0x30
100003f70 ret
```
```
_hello:
100003ee8 sub sp, sp, #0x20
100003eec stp x29, x30, [sp, #0x10] {__saved_x29} {__saved_x30}
100003ef0 add x29, sp, #0x10 {__saved_x29}
100003ef4 stur w0, [x29, #-0x4 {var_14}]
100003ef8 ldur w9, [x29, #-0x4 {var_14}]
100003efc mov x8, x9
100003f00 adrp x0, 0x100003000
100003f04 add x0, x0, #0xfa4 {data_100003fa4, "Hello, world! %d\n"}
100003f08 mov x9, sp
100003f0c str x8, [x9 {var_20}]
100003f10 bl _printf
100003f14 ldur w0, [x29, #-0x4 {var_14}]
100003f18 ldp x29, x30, [sp, #0x10] {__saved_x29} {__saved_x30}
100003f1c add sp, sp, #0x20
100003f20 ret
```
If I first get to 0x100003f20 by stepping over and stepping into properly, then I run `ni`, the target will return to somewhere inside of dyld instead of 0x100003f4c
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJy0VsuO27gS_Rp6U2ijREqyvPAiHcO4DQS4iwQzS4OSKIsTmRRIyo_5-gFp2RbTHncmQBoNGSJPHdaDVTrcWrlTQqxI9kqy9YwPrtVmdRpsK9Qun5W6Pq_-bIWCN6hFOeyAK-BmD6VU3JxBK9jz6v9f4ShdC1--rF8J_QyygTewTvSgD8IAoYWShC49misgORrhSI4glXVmqJzUypu5VoDjZicc2O-yt-COGqzj1XdoDN8LGwwEr0E3oJWYw5sC7Vph4KhNbcPRd4QRbjBKqh04Hbgr3nXCBJQbd228583ub3P41koLFVdQCjCiN7oeKlFfgvW4RnedPvojLvnw3K1zvSXsE6EbQjc76dqhnFd6T-jmD1E5bVhG6CYkc-e92ZSdLsPKgdCNE9b5NU8nhSV0s-bmKNULN_s8JXTTCn-kNl29bQZVzQmuCX66PL-14loYacHoYdd2Z3CtDP5MgCTH8T-8bvdcqhskQURkDU0B7FCC_7O9j-zyJJThiWGMLQCs6wP2RJce5iEenb1OzCiSbA1k8brdWn4Q9daDF_EKQ7JYx-wVAK_rKXvE-Z4wMmcIe324WBfBtdh5lsINcMQrbwwJ8ZkpJIqr8i4cuNnS1J-ercEv4OldKKzyRENgOv5tRqYxKELZC57SK1dy5XpMleKEqnjEVNyYigtTbJ9eYjol7-NJ8BYQPjItAMouZAO24ULG29UlofdknpIIkOFT--xhQU40Bj33IasecrAIlOMzijwF6OonRX9S57zwtv1vaIZ8bIaPWnKB4GccPGz4x1PgkoJ4DAhRPBkDFGNs9XNjIPmVyEWDz8ZA8sEYEE16bxf8qcaLzUNFR_vlL9hPLuQ4hpZRwTCEZ0L2TsFBH5TfQoxLi-kkEThOtGseGp6GS1lzx7ejAU8v2_R_ocL0M4QPCKEJEJrVJPusCKU_3jQsJh5f0x0BqvtUPN0m0PLp6Eimrd8bqVwT76eTNP_3MjXJ2Hi_5Qo2yeRL9EEzNPTjBnzzOqmRxjrwosfpW8m9dXkOGqr38iLoKK7q-4pUTkNvdC9Mdx7Vk1dpZggKS0l_ViyqjrLrRt3jz7J6L46tMMKLJlkLL37qc1dPNdTNn7Sa1StWL9mSz8QqyResWCwwz2ftCrGhZd7ggrEFZ8uMJVhQxLqqMpogy2dyRZEyTJI8YVmC-ZwX2SIvy2WyZBXFIicpij2X3bzrDvu5NruZtHYQqxwxL2YdL0Vng0KlVIkjhE1_YbP1zKy8zUs57CxJsZPW2TuLk64Tq69REn8Qo2M6CC28JqXLqSb9NxVKaBELUW939Om_qDp_ViyTb-p4Nphu9UQhetfHn5fe6L9E5dVgCNhrwZCQfwIAAP__vIU5jQ">