[lldb-dev] [Bug 51927] New: lldb misses AArch64 stp watchpoint on certain hardware (Neoverse N1)

via lldb-dev lldb-dev at lists.llvm.org
Tue Sep 21 06:25:36 PDT 2021


https://bugs.llvm.org/show_bug.cgi?id=51927

            Bug ID: 51927
           Summary: lldb misses AArch64 stp watchpoint on certain hardware
                    (Neoverse N1)
           Product: lldb
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: All Bugs
          Assignee: lldb-dev at lists.llvm.org
          Reporter: david.spickett at linaro.org
                CC: jdevlieghere at apple.com, llvm-bugs at lists.llvm.org

Created attachment 25277
  --> https://bugs.llvm.org/attachment.cgi?id=25277&action=edit
Test file

lldb misses AArch64 stp watchpoint on certain hardware (Neoverse N1)

The architecture allows a core to report an address different from the specific
address that
triggers a watchpoint. See "D2.10.5 Determining the memory location that caused
a Watchpoint exception" in the ARMARM.

This means that an stp which stores 16 bytes can report an address from the
start of the 16 bytes,
up to the specific address that caused the watchpoint trigger.

For stp, Qemu reports an address in the upper 8 bytes and a Neoverse N1 in the
lower 8 bytes.
lldb only looks for watched addresses, so if you watch the upper half on an N1
we see the trap
but can't tell you why it happened or continue from that point.

Example attached, compile with:
$ gcc /tmp/test.c -o /tmp/test.o -O0 -g

On an N1, if you watch f.b we'll not be able to find the watchpoint.

$ ./bin/lldb /tmp/test.o
(lldb) target create "/tmp/test.o"
Current executable set to '/tmp/test.o' (aarch64).
(lldb) b main
Breakpoint 1: where = test.o`main + 8 at test.c:11, address =
0x000000000000077c
(lldb) run
Process 1166052 launched: '/tmp/test.o' (aarch64)
Process 1166052 stopped
* thread #1, name = 'test.o', stop reason = breakpoint 1.1
    frame #0: 0x0000aaaaaaaaa77c test.o`main at test.c:11
   8    Foo f __attribute__((aligned (64))) = { .a=1, .b=2};
   9
   10   int main() {
-> 11     printf("---------------------------\n");
   12     printf("  f.a: %p    f.b: %p\n", &f.a, &f.b);
   13     printf("---------------------------\n");
   14
(lldb) watchpoint set variable f.b
Watchpoint created: Watchpoint 1: addr = 0xaaaaaaabb048 size = 8 state =
enabled type = w
    declare @ '/tmp/test.c:8'
    watchpoint spec = 'f.b'
    new value: 2
(lldb) c
Process 1166052 resuming
---------------------------
  f.a: 0xaaaaaaabb040    f.b: 0xaaaaaaabb048
---------------------------
Process 1166052 stopped
* thread #1, name = 'test.o', stop reason = trace
    frame #0: 0x0000aaaaaaaaa7c0 test.o`main at test.c:15
   12     printf("  f.a: %p    f.b: %p\n", &f.a, &f.b);
   13     printf("---------------------------\n");
   14
-> 15     asm volatile (
   16       "mov x0, #3\n\t"
   17       "mov x1, #4\n\t"
   18       "stp x0, x1, [%0]\n\t"
(lldb) c
<... you get stopped "trace" again over and over ...>

I believe we can implement the full architecture rules to solve most of these
situations,
but will probably need to disassemble the current instruction to do so. As this
is the only
way to know "the memory access or set of contiguous memory accesses" that is
active.

Going to be tricky for SVE scatter stores where we would have to inspect
registers,
but we can still look for instructions where just the mnemonic is enough.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20210921/dc40e5de/attachment-0001.html>


More information about the lldb-dev mailing list