• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Debugging with LLDB
2
3Debugger support for Trusty is currently provided on a best effort basis; see caveats section.
4
5## Prerequisites
6
7* A modern build of LLDB (tested from Google trunk as of August 9th, 2022).
8
9* A 64-bit build of Trusty
10
11## How to Debug Trusty in the Emulator
12
13After building a 64-bit debug build of Trusty, launch it in QEMU with the
14`--debug` flag:
15
16```shell
17./build-root/build-qemu-generic-arm64-test-debug/run --debug
18```
19
20Then launch LLDB with the `lldbinit` file in the build directory:
21
22```shell
23lldb --source ./build-root/build-qemu-generic-arm64-test-debug/lldbinit
24```
25
26You should now be connected to QEMU and stopped just before the bootloader has
27started. Add breakpoints now. You can add breakpoints to the kernel and to TAs
28that were included in the build process.
29
30### Caveats
31
32The LLDB scripting that exists is *not* process-aware. It works purely off of
33the emulated CPU's program counter. The odds of program counter collision are
34low thanks to ASLR. But LLDB will lose track of processes when syscalls are
35made. You'll need to add breakpoints after each syscall if you want to step
36through running TAs.
37
38Example:
39
40```c
41int main(void) {
42    struct ipc_port_context ctx = {
43            .ops = {.on_connect = proxy_connect},
44    };
45
46    crypt_init();
47    block_cache_init(); // BREAKPOINT
48
49    int rc = ipc_port_create(
50            &ctx, STORAGE_DISK_PROXY_PORT, 1, STORAGE_MAX_BUFFER_SIZE,
51            IPC_PORT_ALLOW_TA_CONNECT | IPC_PORT_ALLOW_NS_CONNECT);
52
53    if (rc < 0) { // BREAKPOINT
54        SS_ERR("fatal: unable to initialize proxy endpoint (%d)\n", rc);
55        return rc;
56    }
57
58    ipc_loop();
59
60    ipc_port_destroy(&ctx);
61    return 0;
62}
63```
64
65In the above snippet, if you have a breakpoint on the call to
66`block_cache_init()` and step forward over `ipc_port_create()` the debugger will
67lose track of the process. You'll need to add another breakpoint on the line
68below, `if (rc < 0) {` to catch the process again.
69
70Our debugger support depends entirely on ASLR to work. This means builds without
71ASLR can not be debugged with LLDB. You may get kernel breakpoints to work. But
72TAs are going to overlap in virtual address space, so our pure program counter
73breakpointing is going to get messy. We only have ASLR in 64-bit builds, so
7432-bit builds support LLDB even less so than 64-bit builds.
75
76TAs loaded dynamically are not currently supported.
77
78## How to Debug Trusty on a Phone
79
80TODO: This should be possible with JTAG capabilities.
81