EuroBSDcon 2017

Author: Kamil Rytarowski

E-mail: kamil@netbsd.org

Date: September 24th 2017

Place: Paris, France

Kamil Rytarowski (born 1987)

Krakow, Poland

NetBSD user since 6.1.

The NetBSD Foundation member since 2015.

Work areas: kernel, userland, pkgsrc.

Interest: NetBSD on desktop and in particular NetBSD as a workstation.

The current activity in 3rd party software:

• LLVM committer.
• GDB & binutils committer.
• NetBSD maintainer in qemu.

• Elementary terminology
• Goals and benefits of porting the LLDB Debugger to NetBSD.
• What to expect when using the new debugger on NetBSD.
• Impact of this port on the base distribution.
• The process tracing interface.
• New kernel features to host the new debugger.
• Regression tests for the ptrace(2) system call.
• Tracking LLDB's trunk.
• Sanitizers.
• Pending tasks, known bugs and missing features.

Toolchain - A set of programming development tools for creating a software product.

A basic UNIX toolchain consists of: a compiler, a linker, libraries, and a debugger.

A more complex toolchain may consist of additional elements like disassemblers, profilers, sanitizers etc. An advanced toolchain may ship with 3D-graphics modelers, audio synthetizers etc.

A computer program that can test and trace a computer program in order to assist detection of computer program bugs.

In this presentation we will focus on the system-level debuggers (referring to it as a plain "debugger") designed for general-purpose Operating Systems like UNIX, executing native code with an optional involvement of a simulator.

Debugging is the process of using a tracer and searching for a solution to issues.

A usual workflow using a debugger:

• Attempt to reproduce the issue.
• Isolation of the issue.
• Detection of the source of the issue.
• Removal of the programming error.
• Verification that the problem is gone.

A debugger reuses Operating System and hardware specific features exported in Machine-Dependent style to userspace programs through kernel API.

Unsupported hardware features by a certain (or all) hardware can be reimplemented with a simulator, while the rest executes underlying hardware capabilities.

LLDB is a next generation, high-performance debugger. It is built as a set of reusable components which highly leverage existing libraries in the larger LLVM Project, such as the Clang expression parser and LLVM disassembler.

LLDB is the default debugger in Xcode on Mac OS X and supports debugging C, Objective-C and C++ on the desktop and iOS devices and simulator.

All of the code in the LLDB project is available under the standard LLVM License, an open source "BSD-style" license.

-- Source: http://lldb.llvm.org/

Goals and benefits of porting the LLDB Debugger to NetBSD:

• LLDB is the natural choice for language runtimes based on LLVM. Some of them, like Swift or .NET, don't work on the GCC+GDB tandem.
• Relatively low cost to gain support for language frontends and hardware backends thanks to shared code with LLVM and Clang. This includes the newest C++ standards.
• Tradeoff of requiring advanced operating system facilities shipping legacy-free advanced solutions (C++11 and beyond, kernel introspection facilities etc).

The last point enforced the NetBSD kernel to ship reliable and functional features comparable to Windows, Darwin, Linux (&Android) and FreeBSD. NetBSD 8(beta) is now there in terms of the generic Machine-Independent kernel capabilities, and still not there in terms of reliability and availability of Machine-Dependent parts.

Goals and benefits of porting the LLDB Debugger to NetBSD:

• Modernization and verification of the process tracing interfaces - ptrace(2).
• Indirect improvement of the GDB correctness and room for future upgrading to newer API capabilities.
• LLVM clean basesystem distribution without the GNU toolchain parts (LLD porters wanted).
• Positive impact on catching up with other debugging software like DTrace (libproc), strace etc and debugging capabilities like kernel debugging (restoring kgdb).

The GNU and LLVM toolchain tools can be treated as two legs on which a modern Operating System like NetBSD should stand. There is competition, but no obsolescence of one because of the other. One set of 3rd party tools will require the former, another set will require the latter.

Goals and benefits of porting the LLDB Debugger to NetBSD:

• Reusing shared components with other systems, this involves: ELF+DWARF parsers, core(5) framework, networking and filesystem capabilities.
• Restricting (this is ongoing effort) of the NetBSD specific bits to NetBSD specific files.
• Native support for cross-platform (cross-hardware, cross-OS etc) debugging of NetBSD programs.
• Another tool of verification of correctness of LLVM and Clang on NetBSD.
• Visibility in the LLVM project (and beyond it).
• Making NetBSD the better generic purpose Operating System as a professional workstation (daily desktop driver for a developer).

What to expect when using the new debugger on NetBSD.

Today in the mainline code and the 5.0.0 release:

• Only NetBSD/amd64 support.
• Support for tracing single-threaded applications.
• Support for investigating core(5) files of applications with a single thread.
• Client-Server model - modern process plugin framework shared with Linux (&Android).
• Discovering external debuginfo data in NetBSD specific paths (/usr/libdata/debug).
• Unfortunately, breakage of runtime stability in the late process of 5.0.0 development.

What to expect when using the new debugger on NetBSD.

Local patches:

• Support for core(5) files with multiple threads.

LLDB depends on correct and modern support in: Clang, LLVM, userland libraries and kernel.

Everything is supported in the context of certain hardware - that cannot be programically fixed or improved - it must be supported as it is.

While it might be unrelated to LLDB porting effort, I attempt to follow the approach of zero-problems on NetBSD/amd64

LLVM and Clang are important in the process of LLDB/NetBSD porting because:

• Build problems propagade to other projects.
• Bugs in LLVM and Clang can propagate to other projects.
• Code-flow exchange between the LLVM projects family.

ptrace(2) - process tracing and debugging facility

By using process trace one process can take over another, inspect and manipulate its register context, address space and control flow.

Underneath this interface is using the reparenting mechanism. The tracer is a new parent, the tracee is a child and userland processes mostly don't notice it.

This interface is used in BSD operating systems and GNU/Linux (kernel) and they are relatively closely related.

The difference between ptrace(2), sysctl(2) and kvm(3):

• ptrace(2) - tracer-oriented introspection; privileged; with taking over the process and reparenting
• sysctl(2) - generic purpose introspection including self-introspection; unprivileged; no reparenting
• kvm(3) - kernel virtual memory interface; privileged for live-kernel reads, unprivileged for basic introspection (wraps internally sysctl(2)) and crash dump examination

Resources:

• the ptrace(2) man-page
• ATF tests src/tests/lib/libc/sys/t_ptrace*
• "Porting ptrace(2) software to NetBSD", Kamil Rytarowski, February 26th 2017

Development policies:

• Do not break any known programs.
• Clean design.
• Holistic look at the existing API.
• Feature-parity with Linux and FreeBSD.
• Organic evolution of existing interface, reuse of them.
• Reuse FreeBSD ideas when applicable.
• Reuse Linux ideas when applicable.
• Easy to use in a tracer.
• Lack of ambiguity of the tracee's state.

Future-ready policies:

• Efficient tracing of processes with a massive number of threads.
• Efficient tracing of multiprocess applications.
• Overloading the existing API for in-process tracing of other threads?

Major changes in the Machine-Independent part:

• Event monitor through PT_GET_SIGINFO.
• vfork(2) events.
• Thread birth and termination trap.
• Thread control (suspend/resume).
• Per-thread stepping.
• Syscall entry/exit trap.
• exec(3) trap (unless syscall tracing).

Major changes in the Machine-Independent part:

• Debug Registers (amd64 and i386).

Local development through pkgsrc-wip:

• llvm-git, clang-git, lldb-git - track continuously upstream's HEAD
• llvm-netbsd, clang-netbsd, lldb-netbsd - develop LLDB and surroundings against specified SVN revision

NetBSD buildbot

LLVM ships with sanitizers:

• asan - address sanitizer - detects use-after-free, buffer overflow (C,C++)
• ubsan - UB sanitizer - detects undefined behavior (C,C++)
• msan - memory sanitizer - detects uninitialized memory read (C,C++)
• tsan - thread sanitizer - detects data races (C,C++, Go)

asan and ubsan are already functional on NetBSD and fully upstreamed

msan and tsan are work-in-progress

libFuzzer and SafeStack have been ported to NetBSD and upstreamed.

SafeStack is a software security hardening technique that creates two stacks: one for data that needs to be kept safe, such as return addresses and function pointers; and an unsafe stack for everything else.

LLVM libFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine. As of now libFuzzer requires for more sanitizers to get aboard to NetBSD, especially lsan (Leak Sanitizer).

1. Make tsan+msan functional.
2. Sort out lldb user-space bugs, desynced threads in user-space program LLDB. Restore the state before the breakage. Reuse sanitizers in this task.
3. Sort out ptrace(2) bugs with debugees with more than 1 thread.
4. Resume LLDB porting......
5. ... sorting out bugs on the way of LLDB porting the elementary functionality in LLDB/NetBSD...
6. Enable LLVM+Clang+LLDB tests on the buildbot.
7. Productize sanitizers for NetBSD. Support GCC as a possible compiler?
8. Enable compiler-rt tests on the NetBSD buildbot.

• GDB restoration on NetBSD and catch up after Linux
• kgdb in LLDB
• revisit ipkdb - in-kernel IP-based remote kernel debugging (currently only supported NIC: NE2000)
• kernel-asan porting to NetBSD
• Machine-Dependent interfaces in ptrace(2) like XSAVE and XSAVEOPT accessors on amd64
• new ptrace(2) interface to handle StopTheProcess() in lsan to self-introspect the process?
• !amd64 dimension in LLDB/NetBSD

The NetBSD Foundation - for sponsoring the project.

The NetBSD developers and in particular Christos Zoulas, Martin Husemann, Thomas Klausner, K.Robert Elz, Nicolas Joly, Paul Goyette for help with code fixes, feedback and bug reports.

Navigare necesse est, vivere non est necesse

"to sail is necessary; to live is not necessary"

-- Gnaeus Pompeius Magnus minor