[lldb-dev] Listing memory regions in lldb

Howard Hellyer via lldb-dev lldb-dev at lists.llvm.org
Fri May 13 03:35:26 PDT 2016

I have experimented with the GetMemoryRegionInfo approach on the internal 
APIs already, it has some positives and negatives.

- GetMemoryRegionInfo is unimplemented for Linux and Mac core dumps. 
That's not necessarily a bad thing as it could be implemented the "right" 
way. (As Jim said GetMemoryRegionInfo would have to return the right thing 
for an unmapped region.) Interestingly when I've worked on Windows core 
dumps before I've seen that MiniDump, with the right flags, will 
deliberately insert a region in the middle of the memory ranges to 
represent the unmapped space, on 64 bit it's quite a large section.

- Using GetMemoryRegionInfo to iterate might be quite expensive if there 
are many small memory regions.

- One reason I hadn't looked at just exposing an SBGetMemoryRegionInfo is 
that it wouldn't match a lot of the SB API's at the moment (for example 
for Threads and Sections) which tend work by having GetNumXs() and 
GetXAtIndex() calls. Iterating with SBGetMemoryRegionInfo would be 
non-obvious to the user of the API since it doesn't match the convention. 
It would need to be documented in the SBGetMemoryRegionInfo API.

- I've found the only way to reliably filter out inaccessible memory is to 
do a test read and check the error return code. I'm pretty sure I've seen 
some that are readable via a memory read but marked read=false, 
write=false, execute=false. (I can't remember the exact case now off the 
top of my head, but I think it might have been allocated but uncommitted 
memory or similar.)

- Using GetMemoryRegionInfo over a remote connection on Linux and Mac 
worked well but seemed to coalesce some of the memory regions together. It 
also only allows for read/write/exec attributes to be passed. That's a 
shame as a live process can often tell you more about what the region is 
for. The remote command memory map looks like it sends back XML so it 
might be possible to insert custom properties in there to give more 
information but I'm not sure how safe it is to do that, I don't know the 
project quite well enough to understand all the use cases for the 

- Extended infomation /proc/pid/maps marking a region as [stack] would be 
lost. All you would get is read/write/exec info. (That said supporting 
everything every platform can provide might be a bit much.)

- LLDB's ReadMemory implementations seem to return 0's for missing memory 
that should be accessible. It might be nice to include whether the memory 
is backed by real data or not in the API. (For example Linux core files 
can be missing huge pages depending on the setting of 
/proc/PID/coredump_filter or files can simply be truncated.)

I could implement the GetMemoryRegionInfo iteration mechanism pretty 
quickly and it would actually fit my purposes as far as providing all the 
addresses you can sensibly access. 

I'm quite keen to provide a patch but don't want to provide one that is at 
odds with how the rest of lldb works or provides data that's only useful 
to me so I'm quite keen to get a bit of feedback on what the preferred 
approach would be. It could be that providing both SBGetMemoryRegionInfo 
and the SBGetNumMemoryRegions/SBGetMemoryRegionAtIndex pair is the right 

Would a patch also need to provide a command to dump this information as 
it can be awkward to have data that's only accessible via the API?

Howard Hellyer
IBM Runtime Technologies, IBM Systems

Greg Clayton <gclayton at apple.com> wrote on 12/05/2016 19:09:49:

> From: Greg Clayton <gclayton at apple.com>
> To: Howard Hellyer/UK/IBM at IBMGB
> Cc: lldb-dev at lists.llvm.org
> Date: 12/05/2016 19:10
> Subject: Re: [lldb-dev] Listing memory regions in lldb
> We have a way internally with:
>     virtual Error
>     lldb_private::Process::GetMemoryRegionInfo (lldb::addr_t 
> load_addr, MemoryRegionInfo &range_info);
> This isn't expose via the public API in lldb::SBProcess. If you 
> want, you can expose this. We would need to expose a 
> SBMemoryRegionInfo and the call could be:
> namespace lldb
> {
>     class SBProcess
>     {
>         SBError GetMemoryRegionInfo (lldb::addr_t load_addr, 
> SBMemoryRegionInfo &range_info);
>     };
> }
> then you would call this API with address zero and it would return a
> SBMemoryRegionInfo with an address range and if that memory is read/
> write/execute. On MacOSX we always have a page zero at address 0 for
> 64 bit apps so it would respond with:
> [0x0 - 0x100000000) read=false, write=false, execute=false
> Then you call the function again with the end address of the previous 
> I would love to see this functionality exported through our public 
> API. Let me know if you are up for making a patch. If you are, you 
> might want to quickly read the following web page to see the rules 
> that we apply to anything going into our public API:
> http://lldb.llvm.org/SB-api-coding-rules.html
> Greg
> > On May 12, 2016, at 6:20 AM, Howard Hellyer via lldb-dev <lldb-
> dev at lists.llvm.org> wrote:
> > 
> > I'm working on a plugin for lldb and need to scan the memory of a 
> crashed process. Using the API to read chunks of memory and scan 
> (via SBProcess::Read*) for what I'm looking for is easy but I 
> haven't been able to find a way to find which address ranges are 
> accessible. The SBProcess::Read* calls will return an error on an 
> invalid address but it's not an efficient way to scan a 64 bit address 
> > 
> > This seems like it blocks simple tasks like scanning memory for 
> blocks allocated with a header and footer to track down memory 
> leaks, which is crude but traditional, and ought to be pretty quick 
> to script via the Python API. 
> > 
> > At the moment I've resorted to running a python script prior to 
> launching my plugin that takes the output of "readelf --segments", /
> proc/<pid>/maps or "otool -l" but this isn't ideal. On the 
> assumption that I'm not missing something huge I've looked at 
> whether it is possible to extend LLDB to provide this functionality 
> and it seems possible, there are checks protecting calls to read 
> memory that use the data that would need to be exposed. I'm working 
> on a prototype implementation which I'd like to deliver back at some
> stage but before I go too far does this sound like a good idea? 
> > Howard Hellyer
> > IBM Runtime Technologies, IBM Systems 
> > 
> > 
> > _______________________________________________
> > lldb-dev mailing list
> > lldb-dev at lists.llvm.org
> > http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20160513/c74d13cf/attachment.html>

More information about the lldb-dev mailing list