Unable to debug when using QBDI preload on macOS #268
Description
Bug description
I would like to debug my instruction callback when using QBDI preload on macOS, but attempting to attach a debugger (LLDB) appears to trigger various exceptions and eventually prevents stepping forward in the program.
Steps to reproduce
- Setup a new preload project using the template
- Fix the
symbolNamebug - Build the preload tracer in debug mode
cd build
cmake -D CMAKE_BUILD_TYPE=Debug ..
make
- Try to use the preload tracer library with debugger attached
Example log
$ lldb -- git log -n 10
NAME PASS STOP NOTIFY
=========== ======= ======= =======
SIGPIPE not set false not set
(lldb) target create "git"
Current executable set to '/usr/local/bin/git' (x86_64).
(lldb) settings set -- target.run-args "log" "-n" "10"
(lldb) env DYLD_INSERT_LIBRARIES=./libqbdi_tracer.dylib
(lldb) b onInstruction
Breakpoint 1: no locations (pending).
WARNING: Unable to resolve breakpoint to any actual locations.
(lldb) r
Process 81791 launched: '/usr/local/bin/git' (x86_64)
1 location added to breakpoint 1
Exception handler not found!
Failed to deallocate self exception port right
Process 81791 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGTRAP
frame #0: 0x00000001017f0929 libqbdi_tracer.dylib`onInstruction(vm=0x00006000023000a0, gprState=0x0000000100af9300, fprState=0x0000000100af9000, data=0x0000000000000000) at qbdi_preload_template.c:9:7
6 static VMAction onInstruction(VMInstanceRef vm, GPRState *gprState,
7 FPRState *fprState, void *data) {
8 const InstAnalysis *instAnalysis = qbdi_getInstAnalysis(
-> 9 vm, QBDI_ANALYSIS_INSTRUCTION | QBDI_ANALYSIS_DISASSEMBLY |
10 QBDI_ANALYSIS_SYMBOL);
11 if (instAnalysis->symbolName != NULL) {
12 printf("%20s+%05u\t", instAnalysis->symbolName, instAnalysis->symbolOffset);
Target 0: (git) stopped.
(lldb) n
Process 81791 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGTRAP
frame #0: 0x00000001017f092c libqbdi_tracer.dylib`onInstruction(vm=0x00006000023000a0, gprState=0x0000000100af9300, fprState=0x0000000100af9000, data=0x0000000000000000) at qbdi_preload_template.c:8:38
5
6 static VMAction onInstruction(VMInstanceRef vm, GPRState *gprState,
7 FPRState *fprState, void *data) {
-> 8 const InstAnalysis *instAnalysis = qbdi_getInstAnalysis(
9 vm, QBDI_ANALYSIS_INSTRUCTION | QBDI_ANALYSIS_DISASSEMBLY |
10 QBDI_ANALYSIS_SYMBOL);
11 if (instAnalysis->symbolName != NULL) {
Target 0: (git) stopped.
(lldb) n
Process 81791 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x23000a0)
frame #0: 0x00000001019c0a58 libqbdi_tracer.dylib`QBDI::VM::getInstAnalysis(QBDI::AnalysisType) const + 8
libqbdi_tracer.dylib`QBDI::VM::getInstAnalysis:
-> 0x1019c0a58 <+8>: mov rax, qword ptr [rdi]
0x1019c0a5b <+11>: mov rdi, qword ptr [rax + 0x88]
0x1019c0a62 <+18>: test rdi, rdi
0x1019c0a65 <+21>: je 0x1019c0a7a ; <+42>
Target 0: (git) stopped.
The preload tracer runs correctly outside of a debugger as expected.
The lines...
Exception handler not found!
Failed to deallocate self exception port right
...come from preload's Mach exception handling, and I know that LLDB also makes use of Mach exception handlers when debugging on macOS, so perhaps there's a clash happening there...? I wasn't sure whether something in LLDB or QBDI would need to be changed though, or if it's simply not possible to do at all.
Version
- OS: macOS 14.6.1
- Architecture: x86_64
- QBDI version: 0.11.0
Thanks for all of your work on QBDI! It has been very useful in my own research. 😄