Debugging LowerTypeTests in LLVM Using GDB

Hi,

I am looking into Control-Flow Integrity for indirect function calls, implemented with jump tables. I want to step through the code that produces these jump tables in GDB. I have built clang and opt from source with debugging symbols. I believe this code lives in llvm/lib/Transforms/LowerTypeTests.cpp, but when I try to debug opt by running the command “run -lowertypetests cfi-icall.bc > /dev/null”, I am never able to reach this file.

Also, I have tried to debug the command “clang -flto -fsanitize=cfi-icall indirect.c -o indirect” (where indirect.c is a C file containing an indirect call), and am able to see the CFI jump tables in the resulting assembly, but I cannot reach the code that produces these jump tables in GDB. Am I targeting the wrong code for these changes, or is there something more I need in order to run through this code in GDB? Thanks for your help!

Shishir Jessu

clang is the driver not the compiler.

Run this to get the compiler invocation: (“path/to/clang” “-cc1” ….), then debug that instead.

“clang -flto -fsanitize=cfi-icall indirect.c -o indirect -###”

-Yuanfang

Hi Yuanfang,

Do you have any guidance about how to proceed from here? The following is the output from the command you’ve given:

"Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/shishir_jessu/clang/build/bin/.
 "/home/shishir_jessu/clang/build/bin/clang-10" "-cc1" "-triple" "x86_64-unknown-linux-gnu" "-emit-llvm-bc" "-flto" "-flto-unit" "-disable-free" "-main-file-name" "indirect.c" "-mrelocation-model" "static" "-mthread-model" "posix" "-mframe-pointer=all" "-fmath-errno" "-masm-verbose" "-mconstructor-aliases" "-munwind-tables" "-fuse-init-array" "-target-cpu" "x86-64" "-dwarf-column-info" "-debugger-tuning=gdb" "-resource-dir" "/home/shishir_jessu/clang/build/lib/clang/10.0.0" "-internal-isystem" "/usr/local/include" "-internal-isystem" "/home/shishir_jessu/clang/build/lib/clang/10.0.0/include" "-internal-externc-isystem" "/usr/include/x86_64-linux-gnu" "-internal-externc-isystem" "/include" "-internal-externc-isystem" "/usr/include" "-fdebug-compilation-dir" "/home/shishir_jessu/clang/build/bin" "-ferror-limit" "19" "-fmessage-length" "0" "-fsanitize=cfi-icall" "-fsanitize-trap=cfi-icall" "-fsanitize-blacklist=/home/shishir_jessu/clang/build/lib/clang/10.0.0/share/cfi_blacklist.txt" "-fsanitize-cfi-canonical-jump-tables" "-fobjc-runtime=gcc" "-fdiagnostics-show-option" "-fcolor-diagnostics" "-fsplit-lto-unit" "-faddrsig" "-o" "/tmp/indirect-1aceda.o" "-x" "c" "indirect.c"
 "/usr/bin/ld" "-z" "relro" "--hash-style=gnu" "--eh-frame-hdr" "-m" "elf_x86_64" "-dynamic-linker" "/lib64/ld-linux-x86-64.so.2" "-o" "indirect" "/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu/crt1.o" "/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu/crti.o" "/usr/lib/gcc/x86_64-linux-gnu/7.4.0/crtbegin.o" "-L/usr/lib/gcc/x86_64-linux-gnu/7.4.0" "-L/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu" "-L/lib/x86_64-linux-gnu" "-L/lib/../lib64" "-L/usr/lib/x86_64-linux-gnu" "-L/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../.." "-L/home/shishir_jessu/clang/build/bin/../lib" "-L/lib" "-L/usr/lib" "-plugin" "/home/shishir_jessu/clang/build/bin/../lib/LLVMgold.so" "-plugin-opt=mcpu=x86-64" "/tmp/indirect-1aceda.o" "-lgcc" "--as-needed" "-lgcc_s" "--no-as-needed" "-lc" "-lgcc" "--as-needed" "-lgcc_s" "--no-as-needed" "/usr/lib/gcc/x86_64-linux-gnu/7.4.0/crtend.o" "/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu/crtn.o"

Of the flags given, I only need one of them. So I run clang -cc1 -fsanitize=cfi-icall indirect.c, but am still not able to hit the code I’m looking for. Is there anything else I should be doing? Thank you!

Shishir Jessu

寄件者: PenYiWang <s89162504@gmail.com>