Page 1 of 1

ProcExp now does (more) symbolication - and 10.11/iOS9!

PostPosted: Fri Jul 10, 2015 4:39 am
by morpheus
Hello everyone,

I fixed a nasty bug that was preventing process explorer for displaying thread addresses correctly on iOS - and at the same time finally added symbolication for threads in user mode . E.g


Code: Select all
bash-3.2# procexp 77 threads
7 threads:
TID             USER                                                                      KERNEL
Processing 64 - @TODO
0x1da           0x7fff984314de mach_msg_trap                      _ipc_mqueue_receive_continue
                  0x7fff8bf0beb4 __CFRunLoopServiceMachPort     
                  0x7fff8bf0b37b __CFRunLoopRun                 
                  0x7fff8bf0abd8 CFRunLoopRunSpecific           
                  0x7fff8bfc2671 CFRunLoopRun                   
                  0x104baf4b3
                  0x104baf974
                  0x104bd3747
                  0x7fff94ffb5c9 start                           
                  0x1
0x59b           0x7fff98437232 kevent64                           _fill_kqueueinfo + 0xd70
                  0x7fff8a669a6a _dispatch_mgr_init             
                                                    
0x5a9           0x7fff984314de mach_msg_trap                      _ipc_mqueue_receive_continue
0x5b3           0x7fff984363fa __select                           _compute_averunnable + 0x430
0x5b4           0x7fff98436136 __psynch_cvwait                    0xffffff7f80eaa91c
0x5b5           0x7fff9843721a kevent                             _fill_kqueueinfo + 0xd70
0x1e03b5        0x7fff9843694a __workq_kernreturn                 0xffffff7f80ea86ce
                  0x7fff8d09740d start_wqthread                 



For now, it only gets symbols in the shared library cache (which is, like, 90% of the exported symbols anyway). And, yes - it works on OS X 10.11. And (sorta) on iOS as well.

Now, before you pop the champagne bottles - caveat - AAPL redacts lots of symbols on iOS in user mode, and I don't have kernel symbolication support either (though I'm working on a few clever hacks for the latter). That means you get something like:

Code: Select all
Phontifex:~ root# ps -ef | grep Spring
  501    59     1   0  6:59PM ??         0:17.15 /System/Library/CoreServices/SpringBoard.app/SpringBoard
    0   634   611   0 12:29AM ttys000    0:00.01 grep Spring
Phontifex:~ root# /tmp/pp 59 threads  | more
15 threads:
TID             USER                                                   KERNEL
0x32b                                                                   0xffffff80020144c4
                0x1967e8e0c mach_msg_trap                   
                0x1967e8c88 mach_msg                       
                0x18432b724 <redacted>                     
                0x184329678 <redacted>                     
                0x1842552d4 CFRunLoopRunSpecific           
                0x18dcab6fc
                0x188e52f40
                0x1000b15e0 (null)                         
                0x1966eaa08 <redacted>                     
0x38f                                                                   0xffffff80022fd874
                0x1967e8c24 kevent64                       
                0x1966cde70 <redacted>                     
                0x1966bf99c <redacted>                     
0x6ec                                                                   0xffffff80020144c4
                0x1967e8e0c mach_msg_trap                   
                0x1967e8c88 mach_msg                       
                0x18432b724 <redacted>                     
                0x184329678 <redacted>                     
                0x1842552d4 CFRunLoopRunSpecific           


But, hey - it's better than nothing, right? At least you can clearly see which threads are message handlers,dispatch queues, etc.

If something doesn't work for you, please run procexp with JDEBUG=1 (no curses) and send me a bug report. If you don't report it, I can't fix it.

**edit** first fix already added. My bad for not considering extra heavy stacks. Keep reporting, and I'll keep fixing :-)