This is an archive of the discontinued LLVM Phabricator instance.

Differential D137682

Change IRMemoryMap's last-resort magic address to an inaddressable address so it doesn't conflict
ClosedPublic

Authored by jasonmolenda on Nov 8 2022, 5:18 PM.

Details

Reviewers
JDevlieghere
jingham
Commits
rG53c45df5ed1b: Change last-ditch magic address in IRMemoryMap::FindSpace
Summary

When the IRInterpreter runs, and needs to store things in inferior memory, and it cannot allocate a memory region in the inferior, IRMemoryMap::FindSpace will create a buffer in lldb memory with a target address, and that will be used. If the target address overlaps with the address of an actual memory region in the inferior process, attempts to access the genuine memory there in IRInterpreted expressions will instead access lldb's local scratch memory. The Process may not support any way to query memory regions, so the solution Sean has picked in years past was to pick an especially unlikely address.

Obviously, we have a program that puts things at this address.

Given that 64-bit systems do not genuinely have 64 bits of address space, we can pick a better address. This patch changes the current unlikely address, 0xffffffff00000000, to 0xdead0fff00000000. Still in high memory, but because bit 62 is now 0 with this address, it cannot overlap with an actual virtual address unless there was a system alling for 62 bits of addressable address space. This is unlikely to happen soon.

I wrote a test which loads a binary into lldb, and slides the DATA segment around to different addresses, testing that the global variable in that DATA segment can still be read, as well as testing that if the DATA segment is slid to this impossible address, we get the incorrect value for the global.

This patch also fixes an incorrect way of getting the Target in DWARFExpression::Evaluate which gets a StackFrame from the ExecutionContext passed in, and uses that to get the Target, instead of simply using the Target, when calculating the load address of the address just read. This had the effect of always returning the original file address, even when I loaded the segment at different addresses, in this test where there's no running process. I looked through DWARFExpression briefly and didn't see any other code doing this.

Diff Detail

Event Timeline

jasonmolenda created this revision.Nov 8 2022, 5:18 PM
Herald added a project: Restricted Project. · View Herald TranscriptNov 8 2022, 5:18 PM
Herald added a subscriber: Michael137. · View Herald Transcript
jasonmolenda requested review of this revision.Nov 8 2022, 5:18 PM
Herald added a subscriber: lldb-commits. · View Herald TranscriptNov 8 2022, 5:18 PM
Harbormaster completed remote builds in B196798: Diff 474120.Nov 8 2022, 5:22 PM
jasonmolenda added a comment.Nov 8 2022, 5:53 PM

Probably the laziest bit is at the end of the test case where I want to test that the variable isn't '1', I didn't use a substring because it's uninitialized memory could come back as '10' or something.

jasonmolenda updated this revision to Diff 474297.Nov 9 2022, 9:25 AM

Update the test to check all three members of the struct can be read at the different memory addresses, and CAN'T be read when it overlaps with IRMemoryMap's special address. This final test, where we test that the values can't be accessed at this inaddressable location, is really only there to keep the test and IRMemoryMap in sync - if anyone changes how IRMemoryMap::FindSpace works with this setup, the test result changing will flag that this test needs to be revisited.

Harbormaster completed remote builds in B196924: Diff 474297.Nov 9 2022, 9:28 AM
jingham accepted this revision.Nov 11 2022, 3:18 PM

Except that you explicitly want to use the expression parser here so you shouldn't use p in the test, this seems fine to me. It would be better to have a less fragile strategy for getting an unused region, but short of doing exhaustive searches which have their own problems we haven't come up with anything. So making a better hack seems worthy. Fix the p usage and this is good to go.

lldb/test/API/lang/c/high-mem-global/TestHighMemGlobal.py
30

Unless you want to test the alias, it's better to use expr rather than p in tests. We might some day change what the p alias does, and for instance if we get clever about using more static data fetching for p then your test won't test what you think it does anymore.

63

If you are really worried about false positives here, you could just use funkier values for the three members. Not sure that's really necessary, however.

This revision is now accepted and ready to land.Nov 11 2022, 3:18 PM
jasonmolenda updated this revision to Diff 475184.Nov 14 2022, 9:50 AM

Update for Jim's feedback.

This revision was landed with ongoing or failed builds.Nov 14 2022, 9:54 AM
Closed by commit rG53c45df5ed1b: Change last-ditch magic address in IRMemoryMap::FindSpace (authored by jasonmolenda). · Explain Why
This revision was automatically updated to reflect the committed changes.
jasonmolenda added a commit: rG53c45df5ed1b: Change last-ditch magic address in IRMemoryMap::FindSpace.
Harbormaster completed remote builds in B197556: Diff 475184.Nov 14 2022, 9:54 AM
jasonmolenda mentioned this in D139226: Don't mark DW_OP_addr addresses as file addresses while converting them to load addresses sometimes.Dec 2 2022, 1:22 PM
jasonmolenda mentioned this in rG0c2b7fa8691e: Leave DW_OP_addr addresses as load addresses in DWARFExpression.Dec 2 2022, 2:45 PM

Revision Contents

PathSize
lldb/
source/
Expression/
5 lines
2 lines
test/
API/
lang/
c/
high-mem-global/
3 lines
59 lines
9 lines

Diff 475185

lldb/source/Expression/DWARFExpression.cpp

Show First 20 LinesShow All 911 Lines▼ Show 20 Lines case DW_OP_addr:
target->GetArchitecture().GetCore() == ArchSpec::eCore_wasm32) { target->GetArchitecture().GetCore() == ArchSpec::eCore_wasm32) {
// wasm file sections aren't mapped into memory, therefore addresses can // wasm file sections aren't mapped into memory, therefore addresses can
// never point into a file section and are always LoadAddresses. // never point into a file section and are always LoadAddresses.
stack.back().SetValueType(Value::ValueType::LoadAddress); stack.back().SetValueType(Value::ValueType::LoadAddress);
} else { } else {
stack.back().SetValueType(Value::ValueType::FileAddress); stack.back().SetValueType(Value::ValueType::FileAddress);
// Convert the file address to a load address, so subsequent // Convert the file address to a load address, so subsequent
// DWARF operators can operate on it. // DWARF operators can operate on it.
if (frame) if (target)
stack.back().ConvertToLoadAddress(module_sp.get(), stack.back().ConvertToLoadAddress(module_sp.get(), target);
frame->CalculateTarget().get());
} }
break; break;
// The DW_OP_addr_sect_offset4 is used for any location expressions in // The DW_OP_addr_sect_offset4 is used for any location expressions in
// shared libraries that have a location like: // shared libraries that have a location like:
// DW_OP_addr(0x1000) // DW_OP_addr(0x1000)
// If this address resides in a shared library, then this virtual address // If this address resides in a shared library, then this virtual address
// won't make sense when it is evaluated in the context of a running // won't make sense when it is evaluated in the context of a running
▲ Show 20 LinesShow All 1,781 LinesShow Last 20 Lines

lldb/source/Expression/IRMemoryMap.cpp

Show First 20 LinesShow All 137 Lines▼ Show 20 Lineslldb::addr_t IRMemoryMap::FindSpace(size_t size) {
// to the end of the allocations we've already reported, or use a 'sensible' // to the end of the allocations we've already reported, or use a 'sensible'
// default if this is our first allocation. // default if this is our first allocation.
if (m_allocations.empty()) { if (m_allocations.empty()) {
uint32_t address_byte_size = GetAddressByteSize(); uint32_t address_byte_size = GetAddressByteSize();
if (address_byte_size != UINT32_MAX) { if (address_byte_size != UINT32_MAX) {
switch (address_byte_size) { switch (address_byte_size) {
case 8: case 8:
ret = 0xffffffff00000000ull; ret = 0xdead0fff00000000ull;
break; break;
case 4: case 4:
ret = 0xee000000ull; ret = 0xee000000ull;
break; break;
default: default:
break; break;
} }
} }
▲ Show 20 LinesShow All 685 LinesShow Last 20 Lines

lldb/test/API/lang/c/high-mem-global/Makefile

  • This file was added.
C_SOURCES := main.c
include Makefile.rules

lldb/test/API/lang/c/high-mem-global/TestHighMemGlobal.py

  • This file was added.
"""Look that lldb can display a global loaded in high memory at an addressable address."""
import lldb
from lldbsuite.test.lldbtest import *
import lldbsuite.test.lldbutil as lldbutil
from lldbsuite.test.decorators import *
class TestHighMemGlobal(TestBase):
NO_DEBUG_INFO_TESTCASE = True
@skipUnlessDarwin # hardcoding of __DATA segment name
def test_command_line(self):
"""Test that we can display a global variable loaded in high memory."""
self.build()
exe = self.getBuildArtifact("a.out")
err = lldb.SBError()
target = self.dbg.CreateTarget(exe, '', '', False, err)
self.assertTrue(target.IsValid())
module = target.GetModuleAtIndex(0)
self.assertTrue(module.IsValid())
data_segment = module.FindSection("__DATA")
self.assertTrue(data_segment.IsValid())
err.Clear()
self.expect("expr -- global.c", substrs=[' = 1'])
self.expect("expr -- global.d", substrs=[' = 2'])
jinghamUnsubmitted
Not Done
ReplyInline Actions

Unless you want to test the alias, it's better to use expr rather than p in tests. We might some day change what the p alias does, and for instance if we get clever about using more static data fetching for p then your test won't test what you think it does anymore.

jingham: Unless you want to test the alias, it's better to use `expr` rather than `p` in tests. We…
self.expect("expr -- global.e", substrs=[' = 3'])
err = target.SetSectionLoadAddress(data_segment, 0xffffffff00000000)
self.assertTrue(err.Success())
self.expect("expr -- global.c", substrs=[' = 1'])
self.expect("expr -- global.d", substrs=[' = 2'])
self.expect("expr -- global.e", substrs=[' = 3'])
err = target.SetSectionLoadAddress(data_segment, 0x0000088100004000)
self.assertTrue(err.Success())
self.expect("expr -- global.c", substrs=[' = 1'])
self.expect("expr -- global.d", substrs=[' = 2'])
self.expect("expr -- global.e", substrs=[' = 3'])
# This is an address in IRMemoryMap::FindSpace where it has an
# lldb-side buffer of memory that's used in IR interpreters when
# memory cannot be allocated in the inferior / functions cannot
# be jitted.
err = target.SetSectionLoadAddress(data_segment, 0xdead0fff00000000)
self.assertTrue(err.Success())
# The global variable `global` is now overlayed by this
# IRMemoryMap special buffer, and now we cannot see the variable.
# Testing that we get the incorrect values at this address ensures
# that IRMemoryMap::FindSpace and this test stay in sync.
self.runCmd("expr -- int $global_c = global.c")
self.runCmd("expr -- int $global_d = global.d")
self.runCmd("expr -- int $global_e = global.e")
self.expect("expr -- $global_c != 1 || $global_d != 2 || $global_e != 3", substrs=[' = true'])
jinghamUnsubmitted
Not Done
ReplyInline Actions

If you are really worried about false positives here, you could just use funkier values for the three members. Not sure that's really necessary, however.

jingham: If you are really worried about false positives here, you could just use funkier values for the…

lldb/test/API/lang/c/high-mem-global/main.c

  • This file was added.
struct mystruct {
int c, d, e;
} global = {1, 2, 3};
int main ()
{
return global.c; // break here
}