llvm-project/lldb/examples/darwin/heap_find/heap.py

383 lines
18 KiB
Python

#!/usr/bin/python
#----------------------------------------------------------------------
# This module is designed to live inside the "lldb" python package
# in the "lldb.macosx" package. To use this in the embedded python
# interpreter using "lldb" just import it:
#
# (lldb) script import lldb.macosx.heap
#----------------------------------------------------------------------
import lldb
import commands
import optparse
import os
import os.path
import shlex
import string
import tempfile
import lldb.utils.symbolication
g_libheap_dylib_dir = None
g_libheap_dylib_dict = dict()
g_verbose = False
def load_dylib():
if lldb.target:
global g_libheap_dylib_dir
global g_libheap_dylib_dict
triple = lldb.target.triple
if triple in g_libheap_dylib_dict:
libheap_dylib_path = g_libheap_dylib_dict[triple]
else:
if not g_libheap_dylib_dir:
g_libheap_dylib_dir = tempfile.gettempdir() + '/lldb-dylibs'
triple_dir = g_libheap_dylib_dir + '/' + triple + '/' + __name__
if not os.path.exists(triple_dir):
os.makedirs(triple_dir)
libheap_dylib_path = triple_dir + '/libheap.dylib'
g_libheap_dylib_dict[triple] = libheap_dylib_path
heap_code_directory = os.path.dirname(__file__) + '/heap'
heap_source_file = heap_code_directory + '/heap_find.cpp'
# Check if the dylib doesn't exist, or if "heap_find.cpp" is newer than the dylib
if not os.path.exists(libheap_dylib_path) or os.stat(heap_source_file).st_mtime > os.stat(libheap_dylib_path).st_mtime:
# Remake the dylib
make_command = '(cd "%s" ; make EXE="%s" ARCH=%s)' % (heap_code_directory, libheap_dylib_path, string.split(triple, '-')[0])
# print make_command
(make_exit_status, make_output) = commands.getstatusoutput(make_command)
if make_exit_status != 0:
print make_output
if os.path.exists(libheap_dylib_path):
libheap_dylib_spec = lldb.SBFileSpec(libheap_dylib_path)
if lldb.target.FindModule(libheap_dylib_spec):
return None # success, 'libheap.dylib' already loaded
if lldb.process:
state = lldb.process.state
if state == lldb.eStateStopped:
(libheap_dylib_path)
error = lldb.SBError()
image_idx = lldb.process.LoadImage(libheap_dylib_spec, error)
if error.Success():
return None
else:
if error:
return 'error: %s' % error
else:
return 'error: "process load \'%s\'" failed' % libheap_dylib_spec
else:
return 'error: process is not stopped'
else:
return 'error: invalid process'
else:
return 'error: file does not exist "%s"' % libheap_dylib_path
else:
return 'error: invalid target'
debugger.HandleCommand('process load "%s"' % libheap_dylib_path)
if lldb.target.FindModule(libheap_dylib_spec):
return None # success, 'libheap.dylib' already loaded
return 'error: failed to load "%s"' % libheap_dylib_path
def get_member_types_for_offset(value_type, offset, member_list):
member = value_type.GetFieldAtIndex(0)
search_bases = False
if member:
if member.GetOffsetInBytes() <= offset:
for field_idx in range (value_type.GetNumberOfFields()):
member = value_type.GetFieldAtIndex(field_idx)
member_byte_offset = member.GetOffsetInBytes()
member_end_byte_offset = member_byte_offset + member.type.size
if member_byte_offset <= offset and offset < member_end_byte_offset:
member_list.append(member)
get_member_types_for_offset (member.type, offset - member_byte_offset, member_list)
return
else:
search_bases = True
else:
search_bases = True
if search_bases:
for field_idx in range (value_type.GetNumberOfDirectBaseClasses()):
member = value_type.GetDirectBaseClassAtIndex(field_idx)
member_byte_offset = member.GetOffsetInBytes()
member_end_byte_offset = member_byte_offset + member.type.size
if member_byte_offset <= offset and offset < member_end_byte_offset:
member_list.append(member)
get_member_types_for_offset (member.type, offset - member_byte_offset, member_list)
return
for field_idx in range (value_type.GetNumberOfVirtualBaseClasses()):
member = value_type.GetVirtualBaseClassAtIndex(field_idx)
member_byte_offset = member.GetOffsetInBytes()
member_end_byte_offset = member_byte_offset + member.type.size
if member_byte_offset <= offset and offset < member_end_byte_offset:
member_list.append(member)
get_member_types_for_offset (member.type, offset - member_byte_offset, member_list)
return
def add_common_options(parser):
parser.add_option('-v', '--verbose', action='store_true', dest='verbose', help='display verbose debug info', default=False)
parser.add_option('-o', '--po', action='store_true', dest='print_object_description', help='print the object descriptions for any matches', default=False)
parser.add_option('-m', '--memory', action='store_true', dest='memory', help='dump the memory for each matching block', default=False)
parser.add_option('-f', '--format', type='string', dest='format', help='the format to use when dumping memory if --memory is specified', default=None)
parser.add_option('-s', '--stack', action='store_true', dest='stack', help='gets the stack that allocated each malloc block if MallocStackLogging is enabled', default=False)
parser.add_option('-S', '--stack-history', action='store_true', dest='stack_history', help='gets the stack history for all allocations whose start address matches each malloc block if MallocStackLogging is enabled', default=False)
def dump_stack_history_entry(stack_history_entry, idx):
address = int(stack_history_entry.address)
if address:
type_flags = int(stack_history_entry.type_flags)
symbolicator = lldb.utils.symbolication.Symbolicator()
symbolicator.target = lldb.target
type_str = ''
if type_flags == 0:
type_str = 'free'
else:
if type_flags & 2:
type_str = 'alloc'
elif type_flags & 4:
type_str = 'free'
elif type_flags & 1:
type_str = 'generic'
else:
type_str = hex(type_flags)
print 'stack[%u]: addr = 0x%x, type=%s, frames:' % (idx, address, type_str)
frame_idx = 0
idx = 0
pc = int(stack_history_entry.frames[idx])
while pc != 0:
if pc >= 0x1000:
frames = symbolicator.symbolicate(pc)
if frames:
for frame in frames:
print ' [%u] %s' % (frame_idx, frame)
frame_idx += 1
else:
print ' [%u] 0x%x' % (frame_idx, pc)
frame_idx += 1
idx = idx + 1
pc = int(stack_history_entry.frames[idx])
else:
pc = 0
print
def dump_stack_history_entries(addr, history):
# malloc_stack_entry *get_stack_history_for_address (const void * addr)
expr = 'get_stack_history_for_address((void *)0x%x, %u)' % (addr, history)
expr_sbvalue = lldb.frame.EvaluateExpression (expr)
if expr_sbvalue.error.Success():
if expr_sbvalue.unsigned:
expr_value = lldb.value(expr_sbvalue)
idx = 0;
stack_history_entry = expr_value[idx]
while int(stack_history_entry.address) != 0:
dump_stack_history_entry(stack_history_entry, idx)
idx = idx + 1
stack_history_entry = expr_value[idx]
else:
print 'error: expression returned => %s' % (expr_sbvalue)
else:
print 'error: expression failed "%s" => %s' % (expr, expr_sbvalue.error)
def heap_search(options, arg_str):
dylid_load_err = load_dylib()
if dylid_load_err:
print dylid_load_err
return
expr = None
arg_str_description = arg_str
default_memory_format = "Y" # 'Y' is "bytes with ASCII" format
#memory_chunk_size = 1
if options.type == 'pointer':
expr = 'find_pointer_in_heap((void *)%s)' % (arg_str)
arg_str_description = 'malloc block containing pointer %s' % arg_str
default_memory_format = "A" # 'A' is "address" format
#memory_chunk_size = lldb.process.GetAddressByteSize()
elif options.type == 'cstr':
expr = 'find_cstring_in_heap("%s")' % arg_str
arg_str_description = 'malloc block containing "%s"' % arg_str
elif options.type == 'addr':
expr = 'find_block_for_address((void *)%s)' % arg_str
arg_str_description = 'malloc block for %s' % arg_str
else:
print 'error: invalid type "%s"\nvalid values are "pointer", "cstr"' % options.type
return
expr_sbvalue = lldb.frame.EvaluateExpression (expr)
if expr_sbvalue.error.Success():
if expr_sbvalue.unsigned:
match_value = lldb.value(expr_sbvalue)
i = 0
while 1:
match_entry = match_value[i]; i += 1
malloc_addr = match_entry.addr.sbvalue.unsigned
if malloc_addr == 0:
break
malloc_size = int(match_entry.size)
offset = int(match_entry.offset)
match_addr = malloc_addr + offset
dynamic_value = match_entry.addr.sbvalue.GetDynamicValue(lldb.eDynamicCanRunTarget)
description = '[%u] %s: addr = 0x%x' % (i, arg_str_description, malloc_addr)
if offset != 0:
description += ' + %u' % (offset)
description += ', size = %u' % (malloc_size)
if dynamic_value.type.name == 'void *':
if options.type == 'pointer' and malloc_size == 4096:
error = lldb.SBError()
data = bytearray(lldb.process.ReadMemory(malloc_addr, 16, error))
if data == '\xa1\xa1\xa1\xa1AUTORELEASE!':
description += ', type = (AUTORELEASE!)'
print description
else:
derefed_dynamic_value = dynamic_value.deref
if derefed_dynamic_value:
derefed_dynamic_type = derefed_dynamic_value.type
derefed_dynamic_type_size = derefed_dynamic_type.size
derefed_dynamic_type_name = derefed_dynamic_type.name
description += ', type = %s <%u>' % (derefed_dynamic_type_name, derefed_dynamic_type_size)
if offset < derefed_dynamic_type_size:
member_list = list();
get_member_types_for_offset (derefed_dynamic_type, offset, member_list)
if member_list:
member_path = ''
for member in member_list:
member_name = member.name
if member_name:
if member_path:
member_path += '.'
member_path += member_name
if member_path:
description += ', ivar = %s' % (member_path)
print description
if derefed_dynamic_value:
print derefed_dynamic_value
if options.print_object_description:
desc = dynamic_value.GetObjectDescription()
if desc:
print ' (%s) 0x%x %s\n' % (type_name, malloc_addr, desc)
if options.memory:
memory_format = options.format
if not memory_format:
memory_format = default_memory_format
cmd_result = lldb.SBCommandReturnObject()
#count = malloc_size / memory_chunk_size
memory_command = "memory read -f %s 0x%x 0x%x" % (memory_format, malloc_addr, malloc_addr + malloc_size)
lldb.debugger.GetCommandInterpreter().HandleCommand(memory_command, cmd_result)
print cmd_result.GetOutput()
if options.stack_history:
dump_stack_history_entries(malloc_addr, 1)
elif options.stack:
dump_stack_history_entries(malloc_addr, 0)
else:
print '%s %s was not found in any malloc blocks' % (options.type, arg_str)
else:
print expr_sbvalue.error
print
def ptr_refs(debugger, command, result, dict):
command_args = shlex.split(command)
usage = "usage: %prog [options] <EXPR> [EXPR ...]"
description='''Searches the heap for pointer references on darwin user space programs.
Any matches that were found will dump the malloc blocks that contain the pointers
and might be able to print what kind of objects the pointers are contained in using
dynamic type information in the program.'''
parser = optparse.OptionParser(description=description, prog='ptr_refs',usage=usage)
add_common_options(parser)
try:
(options, args) = parser.parse_args(command_args)
except:
return
options.type = 'pointer'
if args:
for data in args:
heap_search (options, data)
else:
print 'error: no pointer arguments were given'
def cstr_refs(debugger, command, result, dict):
command_args = shlex.split(command)
usage = "usage: %prog [options] <CSTR> [CSTR ...]"
description='''Searches the heap for C string references on darwin user space programs.
Any matches that were found will dump the malloc blocks that contain the C strings
and might be able to print what kind of objects the pointers are contained in using
dynamic type information in the program.'''
parser = optparse.OptionParser(description=description, prog='cstr_refs',usage=usage)
add_common_options(parser)
try:
(options, args) = parser.parse_args(command_args)
except:
return
options.type = 'cstr'
if args:
for data in args:
heap_search (options, data)
else:
print 'error: no c string arguments were given to search for'
def malloc_info(debugger, command, result, dict):
command_args = shlex.split(command)
usage = "usage: %prog [options] <EXPR> [EXPR ...]"
description='''Searches the heap a malloc block that contains the addresses specified as arguments.
Any matches that were found will dump the malloc blocks that match or contain
the specified address. The matching blocks might be able to show what kind
of objects they are using dynamic type information in the program.'''
parser = optparse.OptionParser(description=description, prog='cstr_refs',usage=usage)
add_common_options(parser)
try:
(options, args) = parser.parse_args(command_args)
except:
return
options.type = 'addr'
if args:
for data in args:
heap_search (options, data)
else:
print 'error: no c string arguments were given to search for'
def malloc_history(debugger, command, result, dict):
command_args = shlex.split(command)
usage = "usage: %prog [options] <EXPR> [EXPR ...]"
description='''Gets the allocation history for an expression whose result is an address.
Programs should set the MallocStackLoggingNoCompact=1 in the environment to enable stack history. This can be done
with "process launch -v MallocStackLoggingNoCompact=1 -- [arg1 ...]"'''
dylid_load_err = load_dylib()
if dylid_load_err:
print dylid_load_err
else:
if command_args:
for addr_expr_str in command_args:
expr_sbvalue = lldb.frame.EvaluateExpression (addr_expr_str)
if expr_sbvalue.error.Success():
addr = expr_sbvalue.unsigned
if addr != 0:
dump_stack_history_entries (addr, 1)
else:
print 'error: expression error for "%s": %s' % (addr_expr_str, expr_sbvalue.error)
else:
print 'error: no address expressions were specified'
if __name__ == '__main__':
lldb.debugger = lldb.SBDebugger.Create()
# This initializer is being run from LLDB in the embedded command interpreter
# Add any commands contained in this module to LLDB
lldb.debugger.HandleCommand('command script add -f lldb.macosx.heap.ptr_refs ptr_refs')
lldb.debugger.HandleCommand('command script add -f lldb.macosx.heap.cstr_refs cstr_refs')
lldb.debugger.HandleCommand('command script add -f lldb.macosx.heap.malloc_info malloc_info')
lldb.debugger.HandleCommand('command script add -f lldb.macosx.heap.malloc_history malloc_history')
print '"ptr_refs", "cstr_refs", "malloc_info", and "malloc_history" commands have been installed, use the "--help" options on these commands for detailed help.'