1 //===-- StopInfoMachException.cpp -----------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 9 #include "StopInfoMachException.h" 10 11 #include "lldb/lldb-forward.h" 12 13 #if defined(__APPLE__) 14 // Needed for the EXC_RESOURCE interpretation macros 15 #include <kern/exc_resource.h> 16 #endif 17 18 #include "lldb/Breakpoint/Watchpoint.h" 19 #include "lldb/Symbol/Symbol.h" 20 #include "lldb/Target/ABI.h" 21 #include "lldb/Target/DynamicLoader.h" 22 #include "lldb/Target/ExecutionContext.h" 23 #include "lldb/Target/Process.h" 24 #include "lldb/Target/RegisterContext.h" 25 #include "lldb/Target/Target.h" 26 #include "lldb/Target/Thread.h" 27 #include "lldb/Target/ThreadPlan.h" 28 #include "lldb/Target/UnixSignals.h" 29 #include "lldb/Utility/StreamString.h" 30 #include <optional> 31 32 using namespace lldb; 33 using namespace lldb_private; 34 35 /// Information about a pointer-authentication related instruction. 36 struct PtrauthInstructionInfo { 37 bool IsAuthenticated; 38 bool IsLoad; 39 bool DoesBranch; 40 }; 41 42 /// Get any pointer-authentication related information about the instruction 43 /// at address \p at_addr. 44 static std::optional<PtrauthInstructionInfo> 45 GetPtrauthInstructionInfo(Target &target, const ArchSpec &arch, 46 const Address &at_addr) { 47 const char *plugin_name = nullptr; 48 const char *flavor = nullptr; 49 AddressRange range_bounds(at_addr, 4); 50 const bool prefer_file_cache = true; 51 DisassemblerSP disassembler_sp = Disassembler::DisassembleRange( 52 arch, plugin_name, flavor, target, range_bounds, prefer_file_cache); 53 if (!disassembler_sp) 54 return std::nullopt; 55 56 InstructionList &insn_list = disassembler_sp->GetInstructionList(); 57 InstructionSP insn = insn_list.GetInstructionAtIndex(0); 58 if (!insn) 59 return std::nullopt; 60 61 return PtrauthInstructionInfo{insn->IsAuthenticated(), insn->IsLoad(), 62 insn->DoesBranch()}; 63 } 64 65 /// Describe the load address of \p addr using the format filename:line:col. 66 static void DescribeAddressBriefly(Stream &strm, const Address &addr, 67 Target &target) { 68 strm.Printf("at address=0x%" PRIx64, addr.GetLoadAddress(&target)); 69 StreamString s; 70 if (addr.GetDescription(s, target, eDescriptionLevelBrief)) 71 strm.Printf(" %s", s.GetString().data()); 72 strm.Printf(".\n"); 73 } 74 75 bool StopInfoMachException::DeterminePtrauthFailure(ExecutionContext &exe_ctx) { 76 bool IsBreakpoint = m_value == 6; // EXC_BREAKPOINT 77 bool IsBadAccess = m_value == 1; // EXC_BAD_ACCESS 78 if (!IsBreakpoint && !IsBadAccess) 79 return false; 80 81 // Check that we have a live process. 82 if (!exe_ctx.HasProcessScope() || !exe_ctx.HasThreadScope() || 83 !exe_ctx.HasTargetScope()) 84 return false; 85 86 Thread &thread = *exe_ctx.GetThreadPtr(); 87 StackFrameSP current_frame = thread.GetStackFrameAtIndex(0); 88 if (!current_frame) 89 return false; 90 91 Target &target = *exe_ctx.GetTargetPtr(); 92 Process &process = *exe_ctx.GetProcessPtr(); 93 ABISP abi_sp = process.GetABI(); 94 const ArchSpec &arch = target.GetArchitecture(); 95 assert(abi_sp && "Missing ABI info"); 96 97 // Check for a ptrauth-enabled target. 98 const bool ptrauth_enabled_target = 99 arch.GetCore() == ArchSpec::eCore_arm_arm64e; 100 if (!ptrauth_enabled_target) 101 return false; 102 103 // Set up a stream we can write a diagnostic into. 104 StreamString strm; 105 auto emit_ptrauth_prologue = [&](uint64_t at_address) { 106 strm.Printf("EXC_BAD_ACCESS (code=%" PRIu64 ", address=0x%" PRIx64 ")\n", 107 m_exc_code, at_address); 108 strm.Printf("Note: Possible pointer authentication failure detected.\n"); 109 }; 110 111 // Check if we have a "brk 0xc47x" trap, where the value that failed to 112 // authenticate is in x16. 113 Address current_address = current_frame->GetFrameCodeAddress(); 114 if (IsBreakpoint) { 115 RegisterContext *reg_ctx = exe_ctx.GetRegisterContext(); 116 if (!reg_ctx) 117 return false; 118 119 const RegisterInfo *X16Info = reg_ctx->GetRegisterInfoByName("x16"); 120 RegisterValue X16Val; 121 if (!reg_ctx->ReadRegister(X16Info, X16Val)) 122 return false; 123 uint64_t bad_address = X16Val.GetAsUInt64(); 124 125 uint64_t fixed_bad_address = abi_sp->FixCodeAddress(bad_address); 126 Address brk_address; 127 if (!target.ResolveLoadAddress(fixed_bad_address, brk_address)) 128 return false; 129 130 auto brk_ptrauth_info = 131 GetPtrauthInstructionInfo(target, arch, current_address); 132 if (brk_ptrauth_info && brk_ptrauth_info->IsAuthenticated) { 133 emit_ptrauth_prologue(bad_address); 134 strm.Printf("Found value that failed to authenticate "); 135 DescribeAddressBriefly(strm, brk_address, target); 136 m_description = std::string(strm.GetString()); 137 return true; 138 } 139 return false; 140 } 141 142 assert(IsBadAccess && "Handle EXC_BAD_ACCESS only after this point"); 143 144 // Check that we have the "bad address" from an EXC_BAD_ACCESS. 145 if (m_exc_data_count < 2) 146 return false; 147 148 // Ok, we know the Target is valid and that it describes a ptrauth-enabled 149 // device. Now, we need to determine whether this exception was caused by a 150 // ptrauth failure. 151 152 uint64_t bad_address = m_exc_subcode; 153 uint64_t fixed_bad_address = abi_sp->FixCodeAddress(bad_address); 154 uint64_t current_pc = current_address.GetLoadAddress(&target); 155 156 // Detect: LDRAA, LDRAB (Load Register, with pointer authentication). 157 // 158 // If an authenticated load results in an exception, the instruction at the 159 // current PC should be one of LDRAx. 160 if (bad_address != current_pc && fixed_bad_address != current_pc) { 161 auto ptrauth_info = 162 GetPtrauthInstructionInfo(target, arch, current_address); 163 if (ptrauth_info && ptrauth_info->IsAuthenticated && ptrauth_info->IsLoad) { 164 emit_ptrauth_prologue(bad_address); 165 strm.Printf("Found authenticated load instruction "); 166 DescribeAddressBriefly(strm, current_address, target); 167 m_description = std::string(strm.GetString()); 168 return true; 169 } 170 } 171 172 // Detect: BLRAA, BLRAAZ, BLRAB, BLRABZ (Branch with Link to Register, with 173 // pointer authentication). 174 // 175 // TODO: Detect: BRAA, BRAAZ, BRAB, BRABZ (Branch to Register, with pointer 176 // authentication). At a minimum, this requires call site info support for 177 // indirect calls. 178 // 179 // If an authenticated call or tail call results in an exception, stripping 180 // the bad address should give the current PC, which points to the address 181 // we tried to branch to. 182 if (bad_address != current_pc && fixed_bad_address == current_pc) { 183 if (StackFrameSP parent_frame = thread.GetStackFrameAtIndex(1)) { 184 addr_t return_pc = 185 parent_frame->GetFrameCodeAddress().GetLoadAddress(&target); 186 Address blr_address; 187 if (!target.ResolveLoadAddress(return_pc - 4, blr_address)) 188 return false; 189 190 auto blr_ptrauth_info = 191 GetPtrauthInstructionInfo(target, arch, blr_address); 192 if (blr_ptrauth_info && blr_ptrauth_info->IsAuthenticated && 193 blr_ptrauth_info->DoesBranch) { 194 emit_ptrauth_prologue(bad_address); 195 strm.Printf("Found authenticated indirect branch "); 196 DescribeAddressBriefly(strm, blr_address, target); 197 m_description = std::string(strm.GetString()); 198 return true; 199 } 200 } 201 } 202 203 // TODO: Detect: RETAA, RETAB (Return from subroutine, with pointer 204 // authentication). 205 // 206 // Is there a motivating, non-malicious code snippet that corrupts LR? 207 208 return false; 209 } 210 211 const char *StopInfoMachException::GetDescription() { 212 if (!m_description.empty()) 213 return m_description.c_str(); 214 if (GetValue() == eStopReasonInvalid) 215 return "invalid stop reason!"; 216 217 ExecutionContext exe_ctx(m_thread_wp.lock()); 218 Target *target = exe_ctx.GetTargetPtr(); 219 const llvm::Triple::ArchType cpu = 220 target ? target->GetArchitecture().GetMachine() 221 : llvm::Triple::UnknownArch; 222 223 const char *exc_desc = nullptr; 224 const char *code_label = "code"; 225 const char *code_desc = nullptr; 226 const char *subcode_label = "subcode"; 227 const char *subcode_desc = nullptr; 228 229 #if defined(__APPLE__) 230 char code_desc_buf[32]; 231 char subcode_desc_buf[32]; 232 #endif 233 234 switch (m_value) { 235 case 1: // EXC_BAD_ACCESS 236 exc_desc = "EXC_BAD_ACCESS"; 237 subcode_label = "address"; 238 switch (cpu) { 239 case llvm::Triple::x86: 240 case llvm::Triple::x86_64: 241 switch (m_exc_code) { 242 case 0xd: 243 code_desc = "EXC_I386_GPFLT"; 244 m_exc_data_count = 1; 245 break; 246 } 247 break; 248 case llvm::Triple::arm: 249 case llvm::Triple::thumb: 250 switch (m_exc_code) { 251 case 0x101: 252 code_desc = "EXC_ARM_DA_ALIGN"; 253 break; 254 case 0x102: 255 code_desc = "EXC_ARM_DA_DEBUG"; 256 break; 257 } 258 break; 259 260 case llvm::Triple::aarch64: 261 if (DeterminePtrauthFailure(exe_ctx)) 262 return m_description.c_str(); 263 break; 264 265 default: 266 break; 267 } 268 break; 269 270 case 2: // EXC_BAD_INSTRUCTION 271 exc_desc = "EXC_BAD_INSTRUCTION"; 272 switch (cpu) { 273 case llvm::Triple::x86: 274 case llvm::Triple::x86_64: 275 if (m_exc_code == 1) 276 code_desc = "EXC_I386_INVOP"; 277 break; 278 279 case llvm::Triple::arm: 280 case llvm::Triple::thumb: 281 if (m_exc_code == 1) 282 code_desc = "EXC_ARM_UNDEFINED"; 283 break; 284 285 default: 286 break; 287 } 288 break; 289 290 case 3: // EXC_ARITHMETIC 291 exc_desc = "EXC_ARITHMETIC"; 292 switch (cpu) { 293 case llvm::Triple::x86: 294 case llvm::Triple::x86_64: 295 switch (m_exc_code) { 296 case 1: 297 code_desc = "EXC_I386_DIV"; 298 break; 299 case 2: 300 code_desc = "EXC_I386_INTO"; 301 break; 302 case 3: 303 code_desc = "EXC_I386_NOEXT"; 304 break; 305 case 4: 306 code_desc = "EXC_I386_EXTOVR"; 307 break; 308 case 5: 309 code_desc = "EXC_I386_EXTERR"; 310 break; 311 case 6: 312 code_desc = "EXC_I386_EMERR"; 313 break; 314 case 7: 315 code_desc = "EXC_I386_BOUND"; 316 break; 317 case 8: 318 code_desc = "EXC_I386_SSEEXTERR"; 319 break; 320 } 321 break; 322 323 default: 324 break; 325 } 326 break; 327 328 case 4: // EXC_EMULATION 329 exc_desc = "EXC_EMULATION"; 330 break; 331 332 case 5: // EXC_SOFTWARE 333 exc_desc = "EXC_SOFTWARE"; 334 if (m_exc_code == 0x10003) { 335 subcode_desc = "EXC_SOFT_SIGNAL"; 336 subcode_label = "signo"; 337 } 338 break; 339 340 case 6: // EXC_BREAKPOINT 341 { 342 exc_desc = "EXC_BREAKPOINT"; 343 switch (cpu) { 344 case llvm::Triple::x86: 345 case llvm::Triple::x86_64: 346 switch (m_exc_code) { 347 case 1: 348 code_desc = "EXC_I386_SGL"; 349 break; 350 case 2: 351 code_desc = "EXC_I386_BPT"; 352 break; 353 } 354 break; 355 356 case llvm::Triple::arm: 357 case llvm::Triple::thumb: 358 switch (m_exc_code) { 359 case 0x101: 360 code_desc = "EXC_ARM_DA_ALIGN"; 361 break; 362 case 0x102: 363 code_desc = "EXC_ARM_DA_DEBUG"; 364 break; 365 case 1: 366 code_desc = "EXC_ARM_BREAKPOINT"; 367 break; 368 // FIXME temporary workaround, exc_code 0 does not really mean 369 // EXC_ARM_BREAKPOINT 370 case 0: 371 code_desc = "EXC_ARM_BREAKPOINT"; 372 break; 373 } 374 break; 375 376 case llvm::Triple::aarch64: 377 if (DeterminePtrauthFailure(exe_ctx)) 378 return m_description.c_str(); 379 break; 380 381 default: 382 break; 383 } 384 } break; 385 386 case 7: 387 exc_desc = "EXC_SYSCALL"; 388 break; 389 390 case 8: 391 exc_desc = "EXC_MACH_SYSCALL"; 392 break; 393 394 case 9: 395 exc_desc = "EXC_RPC_ALERT"; 396 break; 397 398 case 10: 399 exc_desc = "EXC_CRASH"; 400 break; 401 case 11: 402 exc_desc = "EXC_RESOURCE"; 403 #if defined(__APPLE__) 404 { 405 int resource_type = EXC_RESOURCE_DECODE_RESOURCE_TYPE(m_exc_code); 406 407 code_label = "limit"; 408 code_desc = code_desc_buf; 409 subcode_label = "observed"; 410 subcode_desc = subcode_desc_buf; 411 412 switch (resource_type) { 413 case RESOURCE_TYPE_CPU: 414 exc_desc = 415 "EXC_RESOURCE (RESOURCE_TYPE_CPU: CPU usage monitor tripped)"; 416 snprintf(code_desc_buf, sizeof(code_desc_buf), "%d%%", 417 (int)EXC_RESOURCE_CPUMONITOR_DECODE_PERCENTAGE(m_exc_code)); 418 snprintf(subcode_desc_buf, sizeof(subcode_desc_buf), "%d%%", 419 (int)EXC_RESOURCE_CPUMONITOR_DECODE_PERCENTAGE_OBSERVED( 420 m_exc_subcode)); 421 break; 422 case RESOURCE_TYPE_WAKEUPS: 423 exc_desc = "EXC_RESOURCE (RESOURCE_TYPE_WAKEUPS: idle wakeups monitor " 424 "tripped)"; 425 snprintf( 426 code_desc_buf, sizeof(code_desc_buf), "%d w/s", 427 (int)EXC_RESOURCE_CPUMONITOR_DECODE_WAKEUPS_PERMITTED(m_exc_code)); 428 snprintf(subcode_desc_buf, sizeof(subcode_desc_buf), "%d w/s", 429 (int)EXC_RESOURCE_CPUMONITOR_DECODE_WAKEUPS_OBSERVED( 430 m_exc_subcode)); 431 break; 432 case RESOURCE_TYPE_MEMORY: 433 exc_desc = "EXC_RESOURCE (RESOURCE_TYPE_MEMORY: high watermark memory " 434 "limit exceeded)"; 435 snprintf(code_desc_buf, sizeof(code_desc_buf), "%d MB", 436 (int)EXC_RESOURCE_HWM_DECODE_LIMIT(m_exc_code)); 437 subcode_desc = nullptr; 438 subcode_label = nullptr; 439 break; 440 #if defined(RESOURCE_TYPE_IO) 441 // RESOURCE_TYPE_IO is introduced in macOS SDK 10.12. 442 case RESOURCE_TYPE_IO: 443 exc_desc = "EXC_RESOURCE RESOURCE_TYPE_IO"; 444 snprintf(code_desc_buf, sizeof(code_desc_buf), "%d MB", 445 (int)EXC_RESOURCE_IO_DECODE_LIMIT(m_exc_code)); 446 snprintf(subcode_desc_buf, sizeof(subcode_desc_buf), "%d MB", 447 (int)EXC_RESOURCE_IO_OBSERVED(m_exc_subcode)); 448 ; 449 break; 450 #endif 451 } 452 } 453 #endif 454 break; 455 case 12: 456 exc_desc = "EXC_GUARD"; 457 break; 458 } 459 460 StreamString strm; 461 462 if (exc_desc) 463 strm.PutCString(exc_desc); 464 else 465 strm.Printf("EXC_??? (%" PRIu64 ")", m_value); 466 467 if (m_exc_data_count >= 1) { 468 if (code_desc) 469 strm.Printf(" (%s=%s", code_label, code_desc); 470 else 471 strm.Printf(" (%s=%" PRIu64, code_label, m_exc_code); 472 } 473 474 if (m_exc_data_count >= 2) { 475 if (subcode_label && subcode_desc) 476 strm.Printf(", %s=%s", subcode_label, subcode_desc); 477 else if (subcode_label) 478 strm.Printf(", %s=0x%" PRIx64, subcode_label, m_exc_subcode); 479 } 480 481 if (m_exc_data_count > 0) 482 strm.PutChar(')'); 483 484 m_description = std::string(strm.GetString()); 485 return m_description.c_str(); 486 } 487 488 static StopInfoSP GetStopInfoForHardwareBP(Thread &thread, Target *target, 489 uint32_t exc_data_count, 490 uint64_t exc_sub_code, 491 uint64_t exc_sub_sub_code) { 492 // Try hardware watchpoint. 493 if (target) { 494 // The exc_sub_code indicates the data break address. 495 lldb::WatchpointSP wp_sp = 496 target->GetWatchpointList().FindByAddress((lldb::addr_t)exc_sub_code); 497 if (wp_sp && wp_sp->IsEnabled()) { 498 // Debugserver may piggyback the hardware index of the fired watchpoint 499 // in the exception data. Set the hardware index if that's the case. 500 if (exc_data_count >= 3) 501 wp_sp->SetHardwareIndex((uint32_t)exc_sub_sub_code); 502 return StopInfo::CreateStopReasonWithWatchpointID(thread, wp_sp->GetID()); 503 } 504 } 505 506 // Try hardware breakpoint. 507 ProcessSP process_sp(thread.GetProcess()); 508 if (process_sp) { 509 // The exc_sub_code indicates the data break address. 510 lldb::BreakpointSiteSP bp_sp = 511 process_sp->GetBreakpointSiteList().FindByAddress( 512 (lldb::addr_t)exc_sub_code); 513 if (bp_sp && bp_sp->IsEnabled()) { 514 // Debugserver may piggyback the hardware index of the fired breakpoint 515 // in the exception data. Set the hardware index if that's the case. 516 if (exc_data_count >= 3) 517 bp_sp->SetHardwareIndex((uint32_t)exc_sub_sub_code); 518 return StopInfo::CreateStopReasonWithBreakpointSiteID(thread, 519 bp_sp->GetID()); 520 } 521 } 522 523 return nullptr; 524 } 525 526 #if defined(__APPLE__) 527 const char * 528 StopInfoMachException::MachException::Name(exception_type_t exc_type) { 529 switch (exc_type) { 530 case EXC_BAD_ACCESS: 531 return "EXC_BAD_ACCESS"; 532 case EXC_BAD_INSTRUCTION: 533 return "EXC_BAD_INSTRUCTION"; 534 case EXC_ARITHMETIC: 535 return "EXC_ARITHMETIC"; 536 case EXC_EMULATION: 537 return "EXC_EMULATION"; 538 case EXC_SOFTWARE: 539 return "EXC_SOFTWARE"; 540 case EXC_BREAKPOINT: 541 return "EXC_BREAKPOINT"; 542 case EXC_SYSCALL: 543 return "EXC_SYSCALL"; 544 case EXC_MACH_SYSCALL: 545 return "EXC_MACH_SYSCALL"; 546 case EXC_RPC_ALERT: 547 return "EXC_RPC_ALERT"; 548 #ifdef EXC_CRASH 549 case EXC_CRASH: 550 return "EXC_CRASH"; 551 #endif 552 case EXC_RESOURCE: 553 return "EXC_RESOURCE"; 554 #ifdef EXC_GUARD 555 case EXC_GUARD: 556 return "EXC_GUARD"; 557 #endif 558 #ifdef EXC_CORPSE_NOTIFY 559 case EXC_CORPSE_NOTIFY: 560 return "EXC_CORPSE_NOTIFY"; 561 #endif 562 #ifdef EXC_CORPSE_VARIANT_BIT 563 case EXC_CORPSE_VARIANT_BIT: 564 return "EXC_CORPSE_VARIANT_BIT"; 565 #endif 566 default: 567 break; 568 } 569 return NULL; 570 } 571 572 std::optional<exception_type_t> 573 StopInfoMachException::MachException::ExceptionCode(const char *name) { 574 return llvm::StringSwitch<std::optional<exception_type_t>>(name) 575 .Case("EXC_BAD_ACCESS", EXC_BAD_ACCESS) 576 .Case("EXC_BAD_INSTRUCTION", EXC_BAD_INSTRUCTION) 577 .Case("EXC_ARITHMETIC", EXC_ARITHMETIC) 578 .Case("EXC_EMULATION", EXC_EMULATION) 579 .Case("EXC_SOFTWARE", EXC_SOFTWARE) 580 .Case("EXC_BREAKPOINT", EXC_BREAKPOINT) 581 .Case("EXC_SYSCALL", EXC_SYSCALL) 582 .Case("EXC_MACH_SYSCALL", EXC_MACH_SYSCALL) 583 .Case("EXC_RPC_ALERT", EXC_RPC_ALERT) 584 #ifdef EXC_CRASH 585 .Case("EXC_CRASH", EXC_CRASH) 586 #endif 587 .Case("EXC_RESOURCE", EXC_RESOURCE) 588 #ifdef EXC_GUARD 589 .Case("EXC_GUARD", EXC_GUARD) 590 #endif 591 #ifdef EXC_CORPSE_NOTIFY 592 .Case("EXC_CORPSE_NOTIFY", EXC_CORPSE_NOTIFY) 593 #endif 594 .Default(std::nullopt); 595 } 596 #endif 597 598 StopInfoSP StopInfoMachException::CreateStopReasonWithMachException( 599 Thread &thread, uint32_t exc_type, uint32_t exc_data_count, 600 uint64_t exc_code, uint64_t exc_sub_code, uint64_t exc_sub_sub_code, 601 bool pc_already_adjusted, bool adjust_pc_if_needed) { 602 if (exc_type == 0) 603 return StopInfoSP(); 604 605 uint32_t pc_decrement = 0; 606 ExecutionContext exe_ctx(thread.shared_from_this()); 607 Target *target = exe_ctx.GetTargetPtr(); 608 const llvm::Triple::ArchType cpu = 609 target ? target->GetArchitecture().GetMachine() 610 : llvm::Triple::UnknownArch; 611 612 switch (exc_type) { 613 case 1: // EXC_BAD_ACCESS 614 case 2: // EXC_BAD_INSTRUCTION 615 case 3: // EXC_ARITHMETIC 616 case 4: // EXC_EMULATION 617 break; 618 619 case 5: // EXC_SOFTWARE 620 if (exc_code == 0x10003) // EXC_SOFT_SIGNAL 621 { 622 if (exc_sub_code == 5) { 623 // On MacOSX, a SIGTRAP can signify that a process has called exec, 624 // so we should check with our dynamic loader to verify. 625 ProcessSP process_sp(thread.GetProcess()); 626 if (process_sp) { 627 DynamicLoader *dynamic_loader = process_sp->GetDynamicLoader(); 628 if (dynamic_loader && dynamic_loader->ProcessDidExec()) { 629 // The program was re-exec'ed 630 return StopInfo::CreateStopReasonWithExec(thread); 631 } 632 } 633 } 634 return StopInfo::CreateStopReasonWithSignal(thread, exc_sub_code); 635 } 636 break; 637 638 case 6: // EXC_BREAKPOINT 639 { 640 bool is_actual_breakpoint = false; 641 bool is_trace_if_actual_breakpoint_missing = false; 642 switch (cpu) { 643 case llvm::Triple::x86: 644 case llvm::Triple::x86_64: 645 if (exc_code == 1) // EXC_I386_SGL 646 { 647 if (!exc_sub_code) { 648 // This looks like a plain trap. 649 // Have to check if there is a breakpoint here as well. When you 650 // single-step onto a trap, the single step stops you not to trap. 651 // Since we also do that check below, let's just use that logic. 652 is_actual_breakpoint = true; 653 is_trace_if_actual_breakpoint_missing = true; 654 } else { 655 if (StopInfoSP stop_info = 656 GetStopInfoForHardwareBP(thread, target, exc_data_count, 657 exc_sub_code, exc_sub_sub_code)) 658 return stop_info; 659 } 660 } else if (exc_code == 2 || // EXC_I386_BPT 661 exc_code == 3) // EXC_I386_BPTFLT 662 { 663 // KDP returns EXC_I386_BPTFLT for trace breakpoints 664 if (exc_code == 3) 665 is_trace_if_actual_breakpoint_missing = true; 666 667 is_actual_breakpoint = true; 668 if (!pc_already_adjusted) 669 pc_decrement = 1; 670 } 671 break; 672 673 case llvm::Triple::arm: 674 case llvm::Triple::thumb: 675 if (exc_code == 0x102) // EXC_ARM_DA_DEBUG 676 { 677 // It's a watchpoint, then, if the exc_sub_code indicates a 678 // known/enabled data break address from our watchpoint list. 679 lldb::WatchpointSP wp_sp; 680 if (target) 681 wp_sp = target->GetWatchpointList().FindByAddress( 682 (lldb::addr_t)exc_sub_code); 683 if (wp_sp && wp_sp->IsEnabled()) { 684 // Debugserver may piggyback the hardware index of the fired 685 // watchpoint in the exception data. Set the hardware index if 686 // that's the case. 687 if (exc_data_count >= 3) 688 wp_sp->SetHardwareIndex((uint32_t)exc_sub_sub_code); 689 return StopInfo::CreateStopReasonWithWatchpointID(thread, 690 wp_sp->GetID()); 691 } else { 692 is_actual_breakpoint = true; 693 is_trace_if_actual_breakpoint_missing = true; 694 } 695 } else if (exc_code == 1) // EXC_ARM_BREAKPOINT 696 { 697 is_actual_breakpoint = true; 698 is_trace_if_actual_breakpoint_missing = true; 699 } else if (exc_code == 0) // FIXME not EXC_ARM_BREAKPOINT but a kernel 700 // is currently returning this so accept it 701 // as indicating a breakpoint until the 702 // kernel is fixed 703 { 704 is_actual_breakpoint = true; 705 is_trace_if_actual_breakpoint_missing = true; 706 } 707 break; 708 709 case llvm::Triple::aarch64_32: 710 case llvm::Triple::aarch64: { 711 // xnu describes three things with type EXC_BREAKPOINT: 712 // 713 // exc_code 0x102 [EXC_ARM_DA_DEBUG], exc_sub_code addr-of-insn 714 // Watchpoint access. exc_sub_code is the address of the 715 // instruction which trigged the watchpoint trap. 716 // debugserver may add the watchpoint number that was triggered 717 // in exc_sub_sub_code. 718 // 719 // exc_code 1 [EXC_ARM_BREAKPOINT], exc_sub_code 0 720 // Instruction step has completed. 721 // 722 // exc_code 1 [EXC_ARM_BREAKPOINT], exc_sub_code address-of-instruction 723 // Software breakpoint instruction executed. 724 725 if (exc_code == 1 && exc_sub_code == 0) // EXC_ARM_BREAKPOINT 726 { 727 // This is hit when we single instruction step aka MDSCR_EL1 SS bit 0 728 // is set 729 is_actual_breakpoint = true; 730 is_trace_if_actual_breakpoint_missing = true; 731 #ifndef NDEBUG 732 if (thread.GetTemporaryResumeState() != eStateStepping) { 733 StreamString s; 734 s.Printf("CreateStopReasonWithMachException got EXC_BREAKPOINT [1,0] " 735 "indicating trace event, but thread is not tracing, it has " 736 "ResumeState %d", 737 thread.GetTemporaryResumeState()); 738 if (RegisterContextSP regctx = thread.GetRegisterContext()) { 739 if (const RegisterInfo *ri = regctx->GetRegisterInfoByName("esr")) { 740 uint32_t esr = 741 (uint32_t)regctx->ReadRegisterAsUnsigned(ri, UINT32_MAX); 742 if (esr != UINT32_MAX) { 743 s.Printf(" esr value: 0x%" PRIx32, esr); 744 } 745 } 746 } 747 thread.GetProcess()->DumpPluginHistory(s); 748 llvm::report_fatal_error(s.GetData()); 749 lldbassert( 750 false && 751 "CreateStopReasonWithMachException got EXC_BREAKPOINT [1,0] " 752 "indicating trace event, but thread was not doing a step."); 753 } 754 #endif 755 } 756 if (exc_code == 0x102) // EXC_ARM_DA_DEBUG 757 { 758 // It's a watchpoint, then, if the exc_sub_code indicates a 759 // known/enabled data break address from our watchpoint list. 760 lldb::WatchpointSP wp_sp; 761 if (target) 762 wp_sp = target->GetWatchpointList().FindByAddress( 763 (lldb::addr_t)exc_sub_code); 764 if (wp_sp && wp_sp->IsEnabled()) { 765 // Debugserver may piggyback the hardware index of the fired 766 // watchpoint in the exception data. Set the hardware index if 767 // that's the case. 768 if (exc_data_count >= 3) 769 wp_sp->SetHardwareIndex((uint32_t)exc_sub_sub_code); 770 return StopInfo::CreateStopReasonWithWatchpointID(thread, 771 wp_sp->GetID()); 772 } 773 // EXC_ARM_DA_DEBUG seems to be reused for EXC_BREAKPOINT as well as 774 // EXC_BAD_ACCESS 775 if (thread.GetTemporaryResumeState() == eStateStepping) 776 return StopInfo::CreateStopReasonToTrace(thread); 777 } 778 // It looks like exc_sub_code has the 4 bytes of the instruction that 779 // triggered the exception, i.e. our breakpoint opcode 780 is_actual_breakpoint = exc_code == 1; 781 break; 782 } 783 784 default: 785 break; 786 } 787 788 if (is_actual_breakpoint) { 789 RegisterContextSP reg_ctx_sp(thread.GetRegisterContext()); 790 addr_t pc = reg_ctx_sp->GetPC() - pc_decrement; 791 792 ProcessSP process_sp(thread.CalculateProcess()); 793 794 lldb::BreakpointSiteSP bp_site_sp; 795 if (process_sp) 796 bp_site_sp = process_sp->GetBreakpointSiteList().FindByAddress(pc); 797 if (bp_site_sp && bp_site_sp->IsEnabled()) { 798 // Update the PC if we were asked to do so, but only do so if we find 799 // a breakpoint that we know about cause this could be a trap 800 // instruction in the code 801 if (pc_decrement > 0 && adjust_pc_if_needed) 802 reg_ctx_sp->SetPC(pc); 803 804 // If the breakpoint is for this thread, then we'll report the hit, 805 // but if it is for another thread, we can just report no reason. We 806 // don't need to worry about stepping over the breakpoint here, that 807 // will be taken care of when the thread resumes and notices that 808 // there's a breakpoint under the pc. If we have an operating system 809 // plug-in, we might have set a thread specific breakpoint using the 810 // operating system thread ID, so we can't make any assumptions about 811 // the thread ID so we must always report the breakpoint regardless 812 // of the thread. 813 if (bp_site_sp->ValidForThisThread(thread) || 814 thread.GetProcess()->GetOperatingSystem() != nullptr) 815 return StopInfo::CreateStopReasonWithBreakpointSiteID( 816 thread, bp_site_sp->GetID()); 817 else if (is_trace_if_actual_breakpoint_missing) 818 return StopInfo::CreateStopReasonToTrace(thread); 819 else 820 return StopInfoSP(); 821 } 822 823 // Don't call this a trace if we weren't single stepping this thread. 824 if (is_trace_if_actual_breakpoint_missing && 825 thread.GetTemporaryResumeState() == eStateStepping) { 826 return StopInfo::CreateStopReasonToTrace(thread); 827 } 828 } 829 } break; 830 831 case 7: // EXC_SYSCALL 832 case 8: // EXC_MACH_SYSCALL 833 case 9: // EXC_RPC_ALERT 834 case 10: // EXC_CRASH 835 break; 836 } 837 838 return StopInfoSP(new StopInfoMachException(thread, exc_type, exc_data_count, 839 exc_code, exc_sub_code)); 840 } 841