Nightly Toolchain has broken LLDB support on macOS

fan · October 29, 2021, 1:07am

It seems that the official toolchains on swift.org don't have the proper entitlements to debug processes.

This breaks the REPL as well:

lldb ls
(lldb) target create "ls"
Current executable set to 'ls' (x86_64).
(lldb) r
error: process exited with status -1 (attach failed (Not allowed to attach to process.  Look in the console messages (Console.app), near the debugserver entries, when the attach failed.  The subsystem that denied the attach permission will likely have logged an informative message about why it was denied.))
(lldb) q

------------

Apple Swift version 5.6-dev (LLVM 7aef0efea99e2c6, Swift e4f71c8e118fc09)
Target: x86_64-apple-macosx11.0

Welcome to Swift!

Subcommands:

  swift build      Build Swift packages
  swift package    Create and work on packages
  swift run        Run a program from a package
  swift test       Run package tests
  swift repl       Experiment with Swift code interactively (default)

  Use `swift --help` for descriptions of available options and flags.

  Use `swift help <subcommand>` for more information about a subcommand.

error: failed to launch REPL process: process exited with status -1 (attach failed (Not allowed to attach to process.  Look in the console messages (Console.app), near the debugserver entries, when the attach failed.  The subsystem that denied the attach permission will likely have logged an informative message about why it was denied.))

EDIT

Console:

macOSTaskPolicy: (com.apple.debugserver) may not get the task control port of (repl_swift) (pid: 86426):
(repl_swift) is hardened, (repl_swift) doesn't have get-task-allow, (com.apple.debugserver) is a declared debugger
(com.apple.debugserver) is not a declared read-only debugger

fan · October 29, 2021, 2:06am

# codesign --display --entitlements :- /Library/Developer/Toolchains/swift-DEVELOPMENT-SNAPSHOT-2021-10-27-a.xctoolchain/System/Library/PrivateFrameworks/LLDB.framework/Versions/A/Resources/repl_swift
Executable=/Library/Developer/Toolchains/swift-DEVELOPMENT-SNAPSHOT-2021-10-27-a.xctoolchain/System/Library/PrivateFrameworks/LLDB.framework/Versions/A/Resources/repl_swift
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.cs.allow-jit</key>
	<true/>
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
        <key>com.apple.security.cs.disable-library-validation</key>
        <true/>
</dict>
</plist>

# codesign --display --entitlements :- /Library/Developer/CommandLineTools/Library/PrivateFrameworks/LLDB.framework/Versions/A/Resources/repl_swift
Executable=/Library/Developer/CommandLineTools/Library/PrivateFrameworks/LLDB.framework/Versions/A/Resources/repl_swift
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.get-task-allow</key>
    <true/>
</dict>
</plist>

fan · October 29, 2021, 3:03am

Solution in case anyone is interested:

Install the nightly toolchain
create a entitlements.xml with

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
	<true/>
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
        <key>com.apple.security.cs.disable-library-validation</key>
        <true/>
    <key>com.apple.security.get-task-allow</key>
    <true/>
</dict>
</plist>

cp /Library/Developer/Toolchains/swift-DEVELOPMENT-SNAPSHOT-2021-10-27-a.xctoolchain/System/Library/PrivateFrameworks/LLDB.framework/Versions/A/Resources/repl_swift .
Create a code sign certificate following Install Gdb Mac: Setup gdb on macOS in 2020 - DEV Community 👩‍💻👨‍💻
codesign --entitlements entitlements.xml -fs <cert name> repl_swift
sudo cp repl_swift /Library/Developer/Toolchains/swift-DEVELOPMENT-SNAPSHOT-2021-10-27-a.xctoolchain/System/Library/PrivateFrameworks/LLDB.framework/Versions/A/Resources/repl_swift

Now the REPL should work.

fan · October 29, 2021, 2:28pm

github.com/apple/llvm-project

[SR-13512] Swift REPL Fails to Launch

opened 06:40AM - 05 Sep 20 UTC

swift-ci

bug LLDB for Swift

| | | |------------------|-----------------|… |Previous ID | SR-13512 | |Radar | rdar://problem/85180676 | |Original Reporter | reuschj (JIRA User) | |Type | Bug | <details> <summary>Environment</summary> Mac OS 10.15.6 XCode 11.7 </details> <details> <summary>Additional Detail from JIRA</summary> | | | |------------------|-----------------| |Votes | 1 | |Component/s | LLDB for Swift | |Labels | Bug | |Assignee | @adrian-prantl | |Priority | Medium | md5: c3ea58a73839d6965692266c238b9e6a </details> **Issue Description:** On Swift 5.2.5 Release, 5.3 Development Snapshot, and latest 5.2 Development Snapshot, when I launch the REPL by running: swift I get the following error: \*\* error: failed to launch REPL process: process exited with status -1 (Error 1) I tried another system, which currently had an older 5.2 development snapshot installed (01-23) and the REPL launched without issue. However, when I installed the 5.2.5 Release toolchain to that system and launched the REPL, I got the same error as above. If I switch my toolchain back to the January snapshot, the REPL works as expected. I also tried downloading the oldest 5.2 snapshot off Swift.org (4/28), and the REPL also failed. This would indicate the REPL issue was introduced somewhere between 1/23 and 4/28. Also, the REPL works in the current Swift for TensorFlow toolchain.

Hope someone in Apple could fix this soon.

fan · November 9, 2021, 1:03am

@Joe_Groff @compnerd Could you help me relay this to the packaging team?

fan · July 23, 2022, 10:56pm

It's 2022 and this issue still persists...

NKan · August 19, 2022, 10:16pm

It is frustrating that important issues take so long to get resolved!

rayxia · August 22, 2022, 2:01pm

Agree, I got many problems when building the swift toolchain, and ask questions on this forum, but no one can help me to solve these problems, disappointing.

Karl · November 19, 2022, 9:04pm

Still happens, but I was able to fix it without creating a new code-signing certificate. If you sign with the identity name "-", it uses ad-hoc signing, which apparently is sufficient:

codesign --entitlements entitlements.xml -fs - repl_swift

It's still weird that you need to sign this part of the nightly toolchains yourself.