This is an archive of the discontinued LLVM Phabricator instance.

Differential D8975

Fix breakpoint trap opcode detection for arm linux
ClosedPublic

Authored by tberghammer on Apr 10 2015, 9:08 AM.

Details

Reviewers
ovyalov
clayborg
omjavaid
Summary

Fix breakpoint trap opcode detection for arm linux

Diff Detail

Event Timeline

tberghammer updated this revision to Diff 23605.Apr 10 2015, 9:08 AM
tberghammer retitled this revision from to Fix breakpoint trap opcode detection for arm linux.
tberghammer updated this object.
tberghammer edited the test plan for this revision. (Show Details)
tberghammer added reviewers: clayborg, omjavaid, ovyalov.
tberghammer added a subscriber: Unknown Object (MLST).
Herald added subscribers: aemerson, rengolin. · View Herald TranscriptApr 10 2015, 9:08 AM
tberghammer added a parent revision: D8719: LLDB ARM Register context support .Apr 10 2015, 9:09 AM
clayborg edited edge metadata.Apr 10 2015, 10:18 AM

Looks good.

One thing to comment on: If you accidentally set an ARM breakpoint in thumb code you will hose your program by executing opcode 0x01f0:

ASR (immediate) (isa = T32, encoding = T2)
Arithmetic Shift Right (immediate)
  15  14  13  12  11  10  9   8   7   6   5   4   3   2   1   0  
,---------------------------------------------------------------.
| 0   0   0 | 0   0 | 0   0   1   1   1 | 1   1   0 | 0   0   0 |
|           | op    | imm5              | Rn        | Rd        |
`---------------------------------------------------------------'
[12:11] op       = 0      (0x0)
[10: 6] imm5     = 7      (0x7)
[ 5: 3] Rn       = 6      (0x6)
[ 2: 0] Rd       = 0      (0x0)

Followed by a branch for 0xE7F0:

B (isa = T32, encoding = T2)
Branch
  15  14  13  12  11  10  9   8   7   6   5   4   3   2   1   0  
,---------------------------------------------------------------.
| 1   1   1   0   0 | 1   1   1   1   1   1   1   0   0   0   0 |
|                   | imm11                                     |
`---------------------------------------------------------------'
[10: 0] imm11    = 2032   (0x7f0)

What we do is always try to use a 32 bit ARM instructions whose lower 16 bits would also trigger a Thumb breakpoint. If you look at the ARM opcode you are using:

UDF (isa = A32, encoding = A1)
Permanently Undefined
  31  30  29  28  27  26  25  24  23  22  21  20  19  18  17  16  15  14  13  12  11  10  9   8   7   6   5   4   3   2   1   0  
,-------------------------------------------------------------------------------------------------------------------------------.
| 1   1   1   0   0   1   1   1   1   1   1   1 | 0   0   0   0   0   0   0   0   0   0   0   1 | 1   1   1   1 | 0   0   0   0 |
|                                               | imm12                                         |               | imm4          |
`-------------------------------------------------------------------------------------------------------------------------------'
[19: 8] imm12    = 1      (0x1)
[ 3: 0] imm4     = 0      (0x0)

And the thumb breakpoint opcode you are using:

B (isa = T32, encoding = T1)
Permanently Undefined
  15  14  13  12  11  10  9   8   7   6   5   4   3   2   1   0  
,---------------------------------------------------------------.
| 1   1   0   1 | 1   1   1   0 | 0   0   0   0   0   0   0   1 |
|               | cond          | imm8                          |
`---------------------------------------------------------------'
[11: 8] cond     = 14     (0xe)
[ 7: 0] imm8     = 1      (0x1)

You can then play with the ARM instruction and modify the imm12 and imm4 so you can change to use 0xE7f0def1:

UDF (isa = A32, encoding = A1)
Permanently Undefined
  31  30  29  28  27  26  25  24  23  22  21  20  19  18  17  16  15  14  13  12  11  10  9   8   7   6   5   4   3   2   1   0  
,-------------------------------------------------------------------------------------------------------------------------------.
| 1   1   1   0   0   1   1   1   1   1   1   1 | 0   0   0   0   1   1   0   1   1   1   1   0 | 1   1   1   1 | 0   0   0   1 |
|                                               | imm12                                         |               | imm4          |
`-------------------------------------------------------------------------------------------------------------------------------'
[19: 8] imm12    = 222    (0xde)
[ 3: 0] imm4     = 1      (0x1)

And for Thumb use 0xdef1:

B (isa = T32, encoding = T1)
Branch
  15  14  13  12  11  10  9   8   7   6   5   4   3   2   1   0  
,---------------------------------------------------------------.
| 1   1   0   1 | 1   1   1   0 | 1   1   1   1   0   0   0   1 |
|               | cond          | imm8                          |
`---------------------------------------------------------------'
[11: 8] cond     = 14     (0xe)
[ 7: 0] imm8     = 241    (0xf1)

Now you have an ARM opcode that will mostly trigger a thumb breakpoint correctly even if you set it wrong. I say mostly because if you accidentally set the ARM breakpoint in the middle of a 32 bit Thumb instruction things could still go wrong.

clayborg accepted this revision.Apr 10 2015, 10:22 AM
clayborg edited edge metadata.

On MacOSX we use the actual BKPT instructions for ARM and Thumb that have the immediate values set correctly so the ARM BKPT works for Thumb as well:

static const uint8_t g_arm_breakpoint_opcode[] = { 0x70, 0xBE, 0x20, 0xE1 };
static const uint8_t g_thumb_breakpoint_opcode[] = { 0x70, 0xBE };

But, If these opcodes are what your kernel recognizes, you will want to use what the kernel expects.

This revision is now accepted and ready to land.Apr 10 2015, 10:22 AM
clayborg added a comment.Apr 10 2015, 10:51 AM

I almost forgot the main reason that you really want to be using the BKPT instructions: the Thumb IT (if/then/else) instruction...

If you have thumb code that has a IF THEN THEN:

0x1000: <opcode>  ITE<condition>
0x1002: 0xXXXXYYYY # THEN conditional
0x1006: 0xZZZZ # ELSE conditional

Where 0xXXXXYYYY is a 32 bit thumb instruction at address 0x1002 and 0xZZZZ is any 16 bit thumb instruction at address 0x1006. Now set a thumb breakpoint at 0x1002. This is what you code looks like now:

0x1000: <opcode>  ITE<condition>
0x1002: 0xde01 # THEN conditional
0x1004: 0xYYYY # ELSE conditional if a completely incorrect 16 bit opcode that is half of the original 32 bit thumb instruction
0x1006: 0x1616 # NOT CONDITIONAL ANYMORE!!!

So you really don't want to be using anything but the BKPT instruction. Why? Because BKPT is special and it will ALWAYS stop even in a condition IT block when the condition doesn't match. So it stops you from hosing your code up like the second example shows. This also means that LLDB will stop when it shouldn't, but fear not LLDB already has support for figuring out that is stopped at a condition that doesn't match and it will auto continue and "do the right thing".

tberghammer added a comment.Apr 11 2015, 1:56 PM

Thanks for the detailed explanation about the trap opcodes. I just copied over these opcodes from PlatformLinux but I plan to merge the two function to avoid the code duplication. I will investigate what type of opcode we can use for beakpoints on Linux (and Android) and update the code accordingly (most likely with an other CL).

tberghammer closed this revision.Apr 15 2015, 2:42 AM

Committed in as r234986

Revision Contents

PathSize
source/
Plugins/
Platform/
Linux/
3 lines
Process/
Linux/
2 lines
36 lines

Diff 23605

source/Plugins/Platform/Linux/PlatformLinux.cpp

Show First 20 LinesShow All 577 Lines▼ Show 20 Lines case llvm::Triple::arm:
lldb::BreakpointLocationSP bp_loc_sp (bp_site->GetOwnerAtIndex (0)); lldb::BreakpointLocationSP bp_loc_sp (bp_site->GetOwnerAtIndex (0));
AddressClass addr_class = eAddressClassUnknown; AddressClass addr_class = eAddressClassUnknown;
if (bp_loc_sp) if (bp_loc_sp)
addr_class = bp_loc_sp->GetAddress ().GetAddressClass (); addr_class = bp_loc_sp->GetAddress ().GetAddressClass ();
if (addr_class == eAddressClassCodeAlternateISA if (addr_class == eAddressClassCodeAlternateISA
|| (addr_class == eAddressClassUnknown || (addr_class == eAddressClassUnknown && (bp_site->GetLoadAddress() & 1)))
&& bp_loc_sp->GetAddress().GetOffset() & 1))
{ {
trap_opcode = g_thumb_breakpoint_opcode; trap_opcode = g_thumb_breakpoint_opcode;
trap_opcode_size = sizeof(g_thumb_breakpoint_opcode); trap_opcode_size = sizeof(g_thumb_breakpoint_opcode);
} }
else else
{ {
trap_opcode = g_arm_breakpoint_opcode; trap_opcode = g_arm_breakpoint_opcode;
trap_opcode_size = sizeof(g_arm_breakpoint_opcode); trap_opcode_size = sizeof(g_arm_breakpoint_opcode);
▲ Show 20 LinesShow All 319 LinesShow Last 20 Lines

source/Plugins/Process/Linux/NativeProcessLinux.h

Show First 20 LinesShow All 359 Lines▼ Show 20 Lines#endif
NativeThreadProtocolSP NativeThreadProtocolSP
AddThread (lldb::tid_t thread_id); AddThread (lldb::tid_t thread_id);
NativeThreadProtocolSP NativeThreadProtocolSP
GetOrCreateThread (lldb::tid_t thread_id, bool &created); GetOrCreateThread (lldb::tid_t thread_id, bool &created);
Error Error
GetSoftwareBreakpointSize (NativeRegisterContextSP context_sp, uint32_t &actual_opcode_size); GetSoftwareBreakpointPCOffset (NativeRegisterContextSP context_sp, uint32_t &actual_opcode_size);
Error Error
FixupBreakpointPCAsNeeded (NativeThreadProtocolSP &thread_sp); FixupBreakpointPCAsNeeded (NativeThreadProtocolSP &thread_sp);
/// Writes a siginfo_t structure corresponding to the given thread ID to the /// Writes a siginfo_t structure corresponding to the given thread ID to the
/// memory region pointed to by @p siginfo. /// memory region pointed to by @p siginfo.
Error Error
GetSignalInfo(lldb::tid_t tid, void *siginfo); GetSignalInfo(lldb::tid_t tid, void *siginfo);
▲ Show 20 LinesShow All 50 LinesShow Last 20 Lines

source/Plugins/Process/Linux/NativeProcessLinux.cpp

Show First 20 LinesShow All 3,183 Lines▼ Show 20 Lines
bool bool
NativeProcessLinux::GetArchitecture (ArchSpec &arch) const NativeProcessLinux::GetArchitecture (ArchSpec &arch) const
{ {
arch = m_arch; arch = m_arch;
return true; return true;
} }
Error Error
NativeProcessLinux::GetSoftwareBreakpointSize (NativeRegisterContextSP context_sp, uint32_t &actual_opcode_size) NativeProcessLinux::GetSoftwareBreakpointPCOffset (NativeRegisterContextSP context_sp, uint32_t &actual_opcode_size)
{ {
// FIXME put this behind a breakpoint protocol class that can be // FIXME put this behind a breakpoint protocol class that can be
// set per architecture. Need ARM, MIPS support here. // set per architecture. Need ARM, MIPS support here.
static const uint8_t g_aarch64_opcode[] = { 0x00, 0x00, 0x20, 0xd4 }; static const uint8_t g_aarch64_opcode[] = { 0x00, 0x00, 0x20, 0xd4 };
static const uint8_t g_i386_opcode [] = { 0xCC }; static const uint8_t g_i386_opcode [] = { 0xCC };
switch (m_arch.GetMachine ()) switch (m_arch.GetMachine ())
{ {
case llvm::Triple::aarch64: case llvm::Triple::aarch64:
actual_opcode_size = static_cast<uint32_t> (sizeof(g_aarch64_opcode)); actual_opcode_size = static_cast<uint32_t> (sizeof(g_aarch64_opcode));
return Error (); return Error ();
case llvm::Triple::arm:
actual_opcode_size = 0; // On arm the PC don't get updated for breakpoint hits
return Error ();
case llvm::Triple::x86: case llvm::Triple::x86:
case llvm::Triple::x86_64: case llvm::Triple::x86_64:
actual_opcode_size = static_cast<uint32_t> (sizeof(g_i386_opcode)); actual_opcode_size = static_cast<uint32_t> (sizeof(g_i386_opcode));
return Error (); return Error ();
default: default:
assert(false && "CPU type not supported!"); assert(false && "CPU type not supported!");
return Error ("CPU type not supported"); return Error ("CPU type not supported");
} }
} }
Error Error
NativeProcessLinux::SetBreakpoint (lldb::addr_t addr, uint32_t size, bool hardware) NativeProcessLinux::SetBreakpoint (lldb::addr_t addr, uint32_t size, bool hardware)
{ {
if (hardware) if (hardware)
return Error ("NativeProcessLinux does not support hardware breakpoints"); return Error ("NativeProcessLinux does not support hardware breakpoints");
else else
return SetSoftwareBreakpoint (addr, size); return SetSoftwareBreakpoint (addr, size);
} }
Error Error
NativeProcessLinux::GetSoftwareBreakpointTrapOpcode (size_t trap_opcode_size_hint, size_t &actual_opcode_size, const uint8_t *&trap_opcode_bytes) NativeProcessLinux::GetSoftwareBreakpointTrapOpcode (size_t trap_opcode_size_hint,
size_t &actual_opcode_size,
const uint8_t *&trap_opcode_bytes)
{ {
// FIXME put this behind a breakpoint protocol class that can be // FIXME put this behind a breakpoint protocol class that can be set per
// set per architecture. Need ARM, MIPS support here. // architecture. Need MIPS support here.
static const uint8_t g_aarch64_opcode[] = { 0x00, 0x00, 0x20, 0xd4 }; static const uint8_t g_aarch64_opcode[] = { 0x00, 0x00, 0x20, 0xd4 };
// The ARM reference recommends the use of 0xe7fddefe and 0xdefe but the
// linux kernel does otherwise.
static const uint8_t g_arm_breakpoint_opcode[] = { 0xf0, 0x01, 0xf0, 0xe7 };
static const uint8_t g_i386_opcode [] = { 0xCC }; static const uint8_t g_i386_opcode [] = { 0xCC };
static const uint8_t g_mips64_opcode[] = { 0x00, 0x00, 0x00, 0x0d }; static const uint8_t g_mips64_opcode[] = { 0x00, 0x00, 0x00, 0x0d };
static const uint8_t g_mips64el_opcode[] = { 0x0d, 0x00, 0x00, 0x00 }; static const uint8_t g_mips64el_opcode[] = { 0x0d, 0x00, 0x00, 0x00 };
static const uint8_t g_thumb_breakpoint_opcode[] = { 0x01, 0xde };
switch (m_arch.GetMachine ()) switch (m_arch.GetMachine ())
{ {
case llvm::Triple::aarch64: case llvm::Triple::aarch64:
trap_opcode_bytes = g_aarch64_opcode; trap_opcode_bytes = g_aarch64_opcode;
actual_opcode_size = sizeof(g_aarch64_opcode); actual_opcode_size = sizeof(g_aarch64_opcode);
return Error (); return Error ();
case llvm::Triple::arm:
switch (trap_opcode_size_hint)
{
case 2:
trap_opcode_bytes = g_thumb_breakpoint_opcode;
actual_opcode_size = sizeof(g_thumb_breakpoint_opcode);
return Error ();
case 4:
trap_opcode_bytes = g_arm_breakpoint_opcode;
actual_opcode_size = sizeof(g_arm_breakpoint_opcode);
return Error ();
default:
assert(false && "Unrecognised trap opcode size hint!");
return Error ("Unrecognised trap opcode size hint!");
}
case llvm::Triple::x86: case llvm::Triple::x86:
case llvm::Triple::x86_64: case llvm::Triple::x86_64:
trap_opcode_bytes = g_i386_opcode; trap_opcode_bytes = g_i386_opcode;
actual_opcode_size = sizeof(g_i386_opcode); actual_opcode_size = sizeof(g_i386_opcode);
return Error (); return Error ();
case llvm::Triple::mips64: case llvm::Triple::mips64:
trap_opcode_bytes = g_mips64_opcode; trap_opcode_bytes = g_mips64_opcode;
▲ Show 20 LinesShow All 603 Lines▼ Show 20 LinesNativeProcessLinux::FixupBreakpointPCAsNeeded (NativeThreadProtocolSP &thread_sp)
{ {
error.SetErrorString ("cannot get a NativeRegisterContext for the thread"); error.SetErrorString ("cannot get a NativeRegisterContext for the thread");
if (log) if (log)
log->Printf ("NativeProcessLinux::%s failed: %s", __FUNCTION__, error.AsCString ()); log->Printf ("NativeProcessLinux::%s failed: %s", __FUNCTION__, error.AsCString ());
return error; return error;
} }
uint32_t breakpoint_size = 0; uint32_t breakpoint_size = 0;
error = GetSoftwareBreakpointSize (context_sp, breakpoint_size); error = GetSoftwareBreakpointPCOffset (context_sp, breakpoint_size);
if (error.Fail ()) if (error.Fail ())
{ {
if (log) if (log)
log->Printf ("NativeProcessLinux::%s GetBreakpointSize() failed: %s", __FUNCTION__, error.AsCString ()); log->Printf ("NativeProcessLinux::%s GetBreakpointSize() failed: %s", __FUNCTION__, error.AsCString ());
return error; return error;
} }
else else
{ {
▲ Show 20 LinesShow All 175 LinesShow Last 20 Lines