One thing this topic never touched on was why there was a raw BRK instruction in the program. For what it’s worth in 2020 I added support in debugserver that if it sees a brk #0xf000 on aarch64, it silently advances the PC past this. This pattern, at least on darwin, is emitted by __builtin_debugtrap() and if we don’t advance past it silently, the user will just hit the BRK over and over. I did this in
commit 92b036dea24b6e7ebfd950facdbf5543135eda05
Author: Jason Molenda <jason@molenda.com>
Date: Thu Nov 12 23:28:24 2020 -0800
debugserver should advance pc past builtin_debugtrap insn
https://reviews.llvm.org/D91238
The original description shows a brk #0x1 so that’s not going to match the imm value I check here, but I bet they were inserting a breakpoint to gain control in the debugger manually instead of using the builtin.