4

Usually when I set lldb watchpoints, when they're hit, lldb says watchpoint hit old value: new value. However, I set a watchpoint on an address that seems to be getting written to inside a 3rd party library (libjpeg-turbo) and instead of the usual watchpoint hit, I'm seeing EXC_BREAKPOINT code=258, subcode=0xADDRESS.

In all cases, I can see that the subcode must be the address, as it's always equal to the address or close to the one I set the watchpoint to. Can anyone confirm this?

If I delete the watchpoint and keep going, lldb won't pause with EXC_BREAKPOINT. But what does the code mean and where can I find some offical documentation on this?

The exc_types.h doesn't give any detailed information on it.

Joey Carson
  • 2,973
  • 7
  • 36
  • 60

2 Answers2

2

For anyone who is interested in this question there is a nice article about the topic:

Understanding iOS Exception Types

In all cases, I can see that the subcode must be the address, as it's always equal to the address or close to the one I set the watchpoint to. Can anyone confirm this?

There is not much information in exception_types.h headers:

open -t /Applications/Xcode.app//Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/include/mach/exception_types.h

I can confirm that I always see EXC_BREAKPOINT to have address in subcode.

However other types in the header say that subcode can have different kinds of information:

#define EXC_EMULATION       4   /* Emulation instruction */
  /* Emulation support instruction encountered */
  /* Details in code and subcode fields */

We had to investigate on one Swift crash that produced: EXC_BREAKPOINT. In our case it boiled down to Swift type coercions. Both of the following cause EXC_BREAKPOINT on ARM devices:

func test_crash() {
  let num = Int(DBL_MAX)
}

func test_crash_2() {
  let num = Int(Double(0) / Double(0))
}

In both of these cases EXC_BREAKPOINT has a subcode with an address which is the address of sbrk instruction if you look at the assembly.

Stanislav Pankevich
  • 11,044
  • 8
  • 69
  • 129
1

exc_types.h only has the architecture independent parts of the exception definitions. You need to look in the i386/arm subdirectories to find the architecture specific parts. If you are on Yosemite, the arm directory won't be in /usr/include/mach, you'll have to look for it in the iPhoneOS SDK inside of Xcode.app. Anyway, mach/arm/exception.h says:

#define EXC_ARM_DA_DEBUG        0x102   /* Debug (watch/break) Fault */

And as you suspect the subcode is the address of the access.

But lldb doesn't report bare exceptions if it recognizes the exception as implementing some higher level task. In this case, it should be reporting the stop reason as a watchpoint hit. For some reason it doesn't recognize this as your watchpoint. Is the subcode address exactly the same as the one reported by watch list?

Jim Ingham
  • 25,260
  • 2
  • 55
  • 63
  • I use watchpoint set expression -x 8 -- ADDRESS. In some cases the address that is reported in EXC_BREAKPOINT is exactly the watched address, in others it's 8 bytes away, so I assume the -x 8 watches a range of 8 bytes. – Joey Carson Jan 16 '15 at 18:56
  • That sounds like a bug in lldb's watchpoint detection. Please file a bug with bugreport.apple.com and we'll take a look. – Jim Ingham Jan 16 '15 at 19:04