Debugging C with Cosmopolitan Libc (opens in new tab)

(ahgamut.github.io)

191 pointsahgamut3y ago50 comments

50 comments

28 comments · 8 top-level

abainbridge3y ago· 5 in thread

> Cosmopolitan Libc allows you to log every function call over the program’s execution – just pass --ftrace at the end of your program, like this:

> ./hex16.com ./missing.txt --ftrace

That seems like magic. It seems you have to build with a special flag that tells GCC to put a nop at the start of each function. Then, before main runs, Cosmopolitan sees the --ftrace on the command line, and modifies the code in memory to replace those nops with calls to something that does the logging. See https://justine.lol/ftrace/.

wyldfire3y ago

> It seems you have to build with a special flag that tells GCC to put a nop at the start of each function.

BTW - llvm+clang support a similar feature called "X-ray" [1]. It's intended to allow for patching (and unpatching!) these entry/exit points at runtime, with calls to specific tracing / black box facilities or whatever your favorite logging mechanism might be. And it's not limited to x86_64.

[1] https://llvm.org/docs/XRay.html

Graziano_M3y ago

I am not sure how it's done with cosmopolitan libc, but on MSVC++, when compiled with a hotpatching, every function had a `mov edi, edi` instruction at the start, so that there were a few useless bytes that could be safely removed. Avoid the need for a trampoline.

tines3y ago

You don't in principle have to put any nop's at the start of each function for this kind of function "hooking" to work. The Microsoft Detours library does the same thing with no special compilation needed.

abainbridge3y ago

From https://www.microsoft.com/en-us/research/project/detours/

"Detours is a library for instrumenting arbitrary Win32 functions Windows-compatible processors. Detours intercepts Win32 functions by re-writing the in-memory code for target functions."

Doesn't that just re-write the DLL import table? ie it only allows interception of a Win32 API calls, not interception of my function A calling my function B?

1 more reply

actionfromafar3y ago

So much innovation in a tiny libc.

mgaunard3y ago· 4 in thread

What's the advantage over calling gdb yourself?

ahgamutOP3y ago

You run the executable as usual, and if it crashes, Cosmopolitan Libc's crash handler starts gdb for you with a nice TUI and all the information you need to work with. Probably you could set up a bunch of macros in your editor that do the same thing (and I do have something like that for godbolt compiler explorer), but for gdb at least it's pretty convenient to have it performed by the executable when running it across systems. You can start gdb by yourself too if you have a workflow setup like that :)

ljosifov3y ago

+1. I have had my ASSERT defined to 1) signal the program to pause it, 2) start gdb (or ddd), 3) attach to the pid, 4) tell gdb what the binary is, 5) wait on me most of my programming life. No idea why this is not the default.

2 more replies

mgaunard3y ago

I can launch gdb and attach it to the current process in 5 lines, hardly worth pulling a library dependency for.

2 more replies

tekknolagi3y ago

Sometimes the binary I am trying to debug is nested within several layers of crap. I have written shims before to attach gdb to the running process so that I don't need to try and wrangle gdb through shell scripts.

andrewmcwatters3y ago· 3 in thread

I'm fascinated specifically with how Justine must have collected the knowledge to write Cosmopolitan. I know some guys who play around with PEs and virtual memory manually, but I always wonder what sort of interests lead you to discovering this sort of thing.

I suspect the combination of interests is a little out there. For instance, with game cheat developers, you tend to first at least have some interest in C++, then understanding memory scanning, then signature scanning, trampolining, and all of a sudden you have the skillset ingredients for authoring some rudimentary cheats. Advanced skills come with driver development, which you then pick up to figure out how to evade anti-cheat technology, etc.

But very few developers I know say, oh yeah, I was just interested directly in this sort of thing from the get-go and decided to pick up all of the specific skills to go straight to cheat development.

Usually, it's the guys who already have game development experience.

What in the world did Justine see before Cosmopolitan? Maybe debugging tech? An interest in creating her own libc and understanding syscalls? Just fascinating.

jart3y ago

Justine here. I worked on TensorFlow before working on this.

ynx3y ago

My true introduction to low level system internals was heavily influenced by Saleem (compnerd), who last time I caught up with them, was on Tensorflow at Google.

He's a force of nature, but god damn if I didn't learn a lot from him and his peers. Cheers to you and to him!

asveikau3y ago

I'm not Justine, but I have done some things involving object and program file formats. Before I was a professional dev, in teenage years, I was interested in OS internals and was hacking on a small kernel for fun and learning. Some of my early professional tasks involved kernel mode. I think some people just get bit with a low level bug.

a-dub3y ago· 3 in thread

so where does the machine code for the TUI live? does it get compiled into your binary? how big is it?

TheYumasi3y ago

The TUI is from gdb.[1] Nothing from GDB is compiled in your binary. My guess (might be wrong!) is that the ShowCrashReports() call added in your program's main function sets up some signal handlers, so that in case of segfaults it starts GDB in a separate process and attaches it to your crashing process.

[1]: https://sourceware.org/gdb/onlinedocs/gdb/TUI.html

cassepipe3y ago

Which you have to admit is quite simple but brilliant.

a-dub3y ago

when did they add this?!?

saagarjha3y ago· 3 in thread

Perhaps I am missing something but what does this have to with Cosmopolitan?

bscphil3y ago

> With Cosmopolitan Libc, you can have gdb integration and detailed backtraces for your C program in just one line: add ShowCrashReports(); at the start of the main function

> Now if you have gdb available on $PATH, you would get a TUI (terminal user interace) showing the register contents and the backtrace of the crash

detaro3y ago

doesn't the first paragraph clearly establish that?

saagarjha3y ago

I mean it says these are part of Cosmopolitan but these just seem like standard tools that I don't need to use Cosmopolitan for…

3 more replies

gavinray3y ago· 2 in thread

I've read that you can use Cosmopolitan to write C++ as well.

Can you use similar features with C++ development?

jart3y ago

Oh yes. A good place to start would be our c++ toolchain. https://github.com/jart/cosmopolitan/blob/master/tool/script...

gavinray3y ago

Awesome, I will definitely be checking this out!

myuzio3y ago

If anyone's interested in how this actually works, take a look at this (originally linked) article: https://justine.lol/ape.html

This reminds me a little bit about how "Wine" works, but because the support doesn't involve "everything an OS has to provide" the footprint is smaller.

renox3y ago

I wonder if it would be possible to have a kind of logging function which would work similarly as the --ftrace? That would reduce significantly the no-trace cpu cost.

j / k navigate · click thread line to collapse

50 comments

28 comments · 8 top-level

abainbridge3y ago· 5 in thread

> Cosmopolitan Libc allows you to log every function call over the program’s execution – just pass --ftrace at the end of your program, like this:

> ./hex16.com ./missing.txt --ftrace

wyldfire3y ago

> It seems you have to build with a special flag that tells GCC to put a nop at the start of each function.

[1] https://llvm.org/docs/XRay.html

Graziano_M3y ago

tines3y ago

abainbridge3y ago

From https://www.microsoft.com/en-us/research/project/detours/

"Detours is a library for instrumenting arbitrary Win32 functions Windows-compatible processors. Detours intercepts Win32 functions by re-writing the in-memory code for target functions."

Doesn't that just re-write the DLL import table? ie it only allows interception of a Win32 API calls, not interception of my function A calling my function B?

1 more reply

actionfromafar3y ago

So much innovation in a tiny libc.

mgaunard3y ago· 4 in thread

What's the advantage over calling gdb yourself?

ahgamutOP3y ago

ljosifov3y ago

2 more replies

mgaunard3y ago

I can launch gdb and attach it to the current process in 5 lines, hardly worth pulling a library dependency for.

2 more replies

tekknolagi3y ago

andrewmcwatters3y ago· 3 in thread

Usually, it's the guys who already have game development experience.

What in the world did Justine see before Cosmopolitan? Maybe debugging tech? An interest in creating her own libc and understanding syscalls? Just fascinating.

jart3y ago

Justine here. I worked on TensorFlow before working on this.

ynx3y ago

My true introduction to low level system internals was heavily influenced by Saleem (compnerd), who last time I caught up with them, was on Tensorflow at Google.

He's a force of nature, but god damn if I didn't learn a lot from him and his peers. Cheers to you and to him!

asveikau3y ago

a-dub3y ago· 3 in thread

so where does the machine code for the TUI live? does it get compiled into your binary? how big is it?

TheYumasi3y ago

[1]: https://sourceware.org/gdb/onlinedocs/gdb/TUI.html

cassepipe3y ago

Which you have to admit is quite simple but brilliant.

a-dub3y ago

when did they add this?!?

saagarjha3y ago· 3 in thread

Perhaps I am missing something but what does this have to with Cosmopolitan?

bscphil3y ago

> With Cosmopolitan Libc, you can have gdb integration and detailed backtraces for your C program in just one line: add ShowCrashReports(); at the start of the main function

> Now if you have gdb available on $PATH, you would get a TUI (terminal user interace) showing the register contents and the backtrace of the crash

detaro3y ago

doesn't the first paragraph clearly establish that?

saagarjha3y ago

I mean it says these are part of Cosmopolitan but these just seem like standard tools that I don't need to use Cosmopolitan for…

3 more replies

gavinray3y ago· 2 in thread

I've read that you can use Cosmopolitan to write C++ as well.

Can you use similar features with C++ development?

jart3y ago

Oh yes. A good place to start would be our c++ toolchain. https://github.com/jart/cosmopolitan/blob/master/tool/script...

gavinray3y ago

Awesome, I will definitely be checking this out!

myuzio3y ago

If anyone's interested in how this actually works, take a look at this (originally linked) article: https://justine.lol/ape.html

This reminds me a little bit about how "Wine" works, but because the support doesn't involve "everything an OS has to provide" the footprint is smaller.

renox3y ago

I wonder if it would be possible to have a kind of logging function which would work similarly as the --ftrace? That would reduce significantly the no-trace cpu cost.

j / k navigate · click thread line to collapse