llvm-project.git/lldb/source/Host/common/NativeProcessProtocol.cpp, branch main

[lldb] Fix a crash in lldb-server during RemoveSoftwareBreakpoint() (#148738)

2025-07-16T14:57:13+00:00

# Lldb-server crash

We have seen stacks like the following in lldb-server core dumps:
```
[
"__GI___pthread_kill at pthread_kill.c:46",
"__GI_raise at raise.c:26",
"__GI_abort at abort.c:100",
"__assert_fail_base at assert.c:92",
"__GI___assert_fail at assert.c:101",
"lldb_private::NativeProcessProtocol::RemoveSoftwareBreakpoint(unsigned long) at /redacted/lldb-server:0"
]
```

# Hypothesis of root cause

In `NativeProcessProtocol::RemoveSoftwareBreakpoint()`
([code](https://github.com/llvm/llvm-project/blob/19b2dd9d798c124406b0124a1b8debb711675281/lldb/source/Host/common/NativeProcessProtocol.cpp#L359-L423)),
a `ref_count` is asserted and reduced. If it becomes zero, the code
first go through a series of memory reads and writes to remove the
breakpoint trap opcode and to restore the original process code, then,
if everything goes fine, removes the entry from the map
`m_software_breakpoints` at the end of the function.

However, if any of the validations for the above reads and writes goes
wrong, the code returns an error early, skipping the removal of the
entry. This leaves the entry behind with a `ref_count` of zero.

The next call to `NativeProcessProtocol::RemoveSoftwareBreakpoint()` for
the same breakpoint[*] would violate the assertion about `ref_count > 0`
([here](https://github.com/llvm/llvm-project/blob/19b2dd9d798c124406b0124a1b8debb711675281/lldb/source/Host/common/NativeProcessProtocol.cpp#L365)),
which would cause a crash.

[*] We haven't found a *regular* way to repro such a next call in lldb
or lldb-dap. This is because both of them remove the breakpoint from
their internal list when they get any response from the lldb-server (OK
or error). Asking the client to delete the breakpoint a second time
doesn't trigger the client to send the `$z` gdb packet to lldb-server.
We are able to trigger the crash by sending the `$z` packet directly,
see "Manual test" below.

# Fix

Lift the removal of the map entry to be immediately after the decrement
of `ref_count`, before the early returns. This ensures that the asserted
case will never happen. The validation errors can still happen, and
whether they happen or not, the breakpoint has been removed from the
perspective of the lldb-server (same as that of lldb and lldb-dap).

# Manual test & unit test

See PR.

[lldb] Use *Set::insert_range and a range constructor (NFC) (#133548)

2025-03-29T02:54:30+00:00

This patch uses *Set::insert_range and a range constructor of DenseSet
to clean up the code to populate sets.

[lldb] Make deep copies of Status explicit (NFC) (#107170)

2024-09-05T19:44:13+00:00

[lldb] Make conversions from llvm::Error explicit with Status::FromEr… (#107163)

2024-09-05T19:19:31+00:00

…ror() [NFC]

[lldb] Turn lldb_private::Status into a value type. (#106163)

2024-08-27T17:59:31+00:00

This patch removes all of the Set.* methods from Status.

This cleanup is part of a series of patches that make it harder use the
anti-pattern of keeping a long-lives Status object around and updating
it while dropping any errors it contains on the floor.

This patch is largely NFC, the more interesting next steps this enables
is to:
1. remove Status.Clear()
2. assert that Status::operator=() never overwrites an error
3. remove Status::operator=()

Note that step (2) will bring 90% of the benefits for users, and step
(3) will dramatically clean up the error handling code in various
places. In the end my goal is to convert all APIs that are of the form

`    ResultTy DoFoo(Status& error)
`
to

`    llvm::Expected DoFoo()
`
How to read this patch?

The interesting changes are in Status.h and Status.cpp, all other
changes are mostly

` perl -pi -e 's/\.SetErrorString/ = Status::FromErrorString/g' $(git
grep -l SetErrorString lldb/source)
`
plus the occasional manual cleanup.

[lldb] Add support for MSP430 in LLDB.

2023-04-17T23:03:35+00:00

Add MSP430 to the list of available targets, implement MSP430 ABI, add support for debugging targets with 16-bit address size.

The update is intended for use with MSPDebug, a GDB server implementation for MSP430.

Reviewed By: bulbazord, DavidSpickett

Differential Revision: https://reviews.llvm.org/D146965

Revert "[lldb] Add support for MSP430 in LLDB."

2023-04-17T18:30:27+00:00

This reverts commit 82c02b733c7736507a41a26bebd37d3f8e88bd4e.

Apparently, the original patch was not rebased onto `main

[lldb] Add support for MSP430 in LLDB.

2023-04-17T18:05:09+00:00

Add MSP430 to the list of available targets, implement MSP430 ABI, add support for debugging targets with 16-bit address size.

The update is intended for use with MSPDebug, a GDB server implementation for MSP430.

Reviewed By: bulbazord, DavidSpickett

Differential Revision: https://reviews.llvm.org/D146965

[lldb-server/linux] Use waitpid(-1) to collect inferior events

2023-03-30T10:48:36+00:00

This is a follow-up to D116372, which had a rather unfortunate side
effect of making the processing of a single SIGCHLD quadratic in the
number of threads -- which does not matter for simple applications, but
can get really bad for applications with thousands of threads.

This patch fixes the problem by implementing the other possibility
mentioned in the first patch -- doing waitpid(-1) centrally and then
routing the events to the correct process instance. The "uncollected"
threads are held in the process factory class -- which I've renamed to
Manager for this purpose, as it now does more than creating processes.

Differential Revision: https://reviews.llvm.org/D146977

[llvm][ADT] Replace uses of `makeMutableArrayRef` with deduction guides

2023-01-16T21:49:37+00:00

Similar to how `makeArrayRef` is deprecated in favor of deduction guides, do the
same for `makeMutableArrayRef`.

Once all of the places in-tree are using the deduction guides for
`MutableArrayRef`, we can mark `makeMutableArrayRef` as deprecated.

Differential Revision: https://reviews.llvm.org/D141814