unicorn
unicorn copied to clipboard
Published
20 hours ago •
unicorn-engine
unicorn-engine
Crashes on Apple Silicon
I use Unicorn to emulate iOS executable file. It works normally on Windows, Linux, and macOS x86, but crashes on Apple Silicon (Not all scenes will crash, but they can be stably reproduced).
The environment I am using is macOS 14.2 with M3 pro.
The error message is:
Process finished with exit code 138 (interrupted by signal 10:SIGBUS)
The crash log is:
-------------------------------------
Translated Report (Full Report Below)
-------------------------------------
Process: Python [94418]
Path: /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
Identifier: org.python.python
Version: 3.10.11 (3.10.11)
Code Type: ARM-64 (Native)
Parent Process: pycharm [704]
Responsible: pycharm [704]
User ID: 502
Date/Time: 2024-10-11 10:52:49.8220 +0800
OS Version: macOS 14.2 (23C64)
Report Version: 12
Anonymous UUID: 3C136E55-0B58-2F1D-FB15-5C5259FAED20
Sleep/Wake UUID: 224F1CAF-BC1B-4AA2-A424-7F3ACB9489AD
Time Awake Since Boot: 160000 seconds
Time Since Wake: 2470 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x000000028021e208
Exception Codes: 0x0000000000000002, 0x000000028021e208
Termination Reason: Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process: exc handler [94418]
VM Region Info: 0x28021e208 is in 0x280000000-0x2c0000000; bytes after start: 2220552 bytes before end: 1071521271
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
unused __TEXT 27c1e0000-27c1e4000 [ 16K] r--/r-- SM=COW ...ed lib __TEXT
GAP OF 0x3e1c000 BYTES
---> VM_ALLOCATE 280000000-2c0000000 [ 1.0G] rwx/rwx SM=PRV
VM_ALLOCATE (reserved) 2c0000000-2c8000000 [128.0M] rw-/rwx SM=NUL ...(unallocated)
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libunicorn.2.dylib 0x1086e0ddc tb_add_jump + 160 (cpu-exec.c:228)
1 libunicorn.2.dylib 0x1086e0400 tb_find + 828 (cpu-exec.c:291)
2 libunicorn.2.dylib 0x1086df8b8 cpu_exec_aarch64 + 296 (cpu-exec.c:602)
3 libunicorn.2.dylib 0x10867fa34 tcg_cpu_exec + 96 (cpus.c:96)
4 libunicorn.2.dylib 0x10867f94c resume_all_vcpus_aarch64 + 100 (cpus.c:215)
5 libunicorn.2.dylib 0x10867fc28 vm_start_aarch64 + 24 (cpus.c:234)
6 libunicorn.2.dylib 0x10841c5c4 uc_emu_start + 1176 (uc.c:1101)
7 libffi.dylib 0x19b082050 ffi_call_SYSV + 80
8 libffi.dylib 0x19b08aadc ffi_call_int + 1208
9 _ctypes.cpython-310-darwin.so 0x104c682a8 _ctypes_callproc + 1396
10 _ctypes.cpython-310-darwin.so 0x104c62338 PyCFuncPtr_call + 208
11 Python 0x105434cf8 _PyObject_MakeTpCall + 136
12 Python 0x10556b238 call_function + 380
13 Python 0x105563470 _PyEval_EvalFrameDefault + 23772
14 Python 0x10555bf28 _PyEval_Vector + 360
15 Python 0x10556b140 call_function + 132
16 Python 0x10556247c _PyEval_EvalFrameDefault + 19688
17 Python 0x10555bf28 _PyEval_Vector + 360
18 Python 0x105438c64 method_vectorcall + 288
19 Python 0x10555dd54 _PyEval_EvalFrameDefault + 1472
20 Python 0x10555bf28 _PyEval_Vector + 360
21 Python 0x10556b140 call_function + 132
22 Python 0x10556247c _PyEval_EvalFrameDefault + 19688
23 Python 0x10555bf28 _PyEval_Vector + 360
24 Python 0x10556b140 call_function + 132
25 Python 0x10556247c _PyEval_EvalFrameDefault + 19688
26 Python 0x10555bf28 _PyEval_Vector + 360
27 Python 0x10556b140 call_function + 132
28 Python 0x10556247c _PyEval_EvalFrameDefault + 19688
29 Python 0x10555bf28 _PyEval_Vector + 360
30 Python 0x10556b140 call_function + 132
31 Python 0x105561b5c _PyEval_EvalFrameDefault + 17352
32 Python 0x10555bf28 _PyEval_Vector + 360
33 Python 0x10556b140 call_function + 132
34 Python 0x105561b5c _PyEval_EvalFrameDefault + 17352
35 Python 0x10555bf28 _PyEval_Vector + 360
36 Python 0x10556b140 call_function + 132
37 Python 0x105561b5c _PyEval_EvalFrameDefault + 17352
38 Python 0x10555bf28 _PyEval_Vector + 360
39 Python 0x10555dd54 _PyEval_EvalFrameDefault + 1472
40 Python 0x10555bf28 _PyEval_Vector + 360
41 _ctypes.cpython-310-darwin.so 0x104c6680c _CallPythonObject + 564
42 libffi.dylib 0x19b08af28 ffi_closure_SYSV_inner + 816
43 libffi.dylib 0x19b0821e8 ffi_closure_SYSV + 56
44 libunicorn.2.dylib 0x10841eb60 helper_uc_tracecode + 752 (uc.c:2014)
45 ??? 0x28021d72c ???
46 libunicorn.2.dylib 0x1086e0ef4 cpu_tb_exec + 92 (cpu-exec.c:60)
47 libunicorn.2.dylib 0x1086e043c cpu_loop_exec_tb + 40 (cpu-exec.c:504)
48 libunicorn.2.dylib 0x1086df8fc cpu_exec_aarch64 + 364 (cpu-exec.c:606)
49 libunicorn.2.dylib 0x10867fa34 tcg_cpu_exec + 96 (cpus.c:96)
50 libunicorn.2.dylib 0x10867f94c resume_all_vcpus_aarch64 + 100 (cpus.c:215)
51 libunicorn.2.dylib 0x10867fc28 vm_start_aarch64 + 24 (cpus.c:234)
52 libunicorn.2.dylib 0x10841c5c4 uc_emu_start + 1176 (uc.c:1101)
53 libffi.dylib 0x19b082050 ffi_call_SYSV + 80
54 libffi.dylib 0x19b08aadc ffi_call_int + 1208
55 _ctypes.cpython-310-darwin.so 0x104c682a8 _ctypes_callproc + 1396
56 _ctypes.cpython-310-darwin.so 0x104c62338 PyCFuncPtr_call + 208
57 Python 0x105434cf8 _PyObject_MakeTpCall + 136
58 Python 0x10556b238 call_function + 380
59 Python 0x105563470 _PyEval_EvalFrameDefault + 23772
60 Python 0x10555bf28 _PyEval_Vector + 360
61 Python 0x10556b140 call_function + 132
62 Python 0x10556247c _PyEval_EvalFrameDefault + 19688
63 Python 0x10555bf28 _PyEval_Vector + 360
64 Python 0x105438c64 method_vectorcall + 288
65 Python 0x10555dd54 _PyEval_EvalFrameDefault + 1472
66 Python 0x10555bf28 _PyEval_Vector + 360
67 Python 0x10556b140 call_function + 132
68 Python 0x10556247c _PyEval_EvalFrameDefault + 19688
69 Python 0x10555bf28 _PyEval_Vector + 360
70 Python 0x10556b140 call_function + 132
71 Python 0x10556247c _PyEval_EvalFrameDefault + 19688
72 Python 0x10555bf28 _PyEval_Vector + 360
73 Python 0x105438bc0 method_vectorcall + 124
74 Python 0x10556b140 call_function + 132
75 Python 0x105561be0 _PyEval_EvalFrameDefault + 17484
76 Python 0x10555bf28 _PyEval_Vector + 360
77 Python 0x10556b140 call_function + 132
78 Python 0x105561b5c _PyEval_EvalFrameDefault + 17352
79 Python 0x10555bf28 _PyEval_Vector + 360
80 Python 0x1055c6c54 pyrun_file + 308
81 Python 0x1055c6398 _PyRun_SimpleFileObject + 336
82 Python 0x1055c59e4 _PyRun_AnyFileObject + 216
83 Python 0x1055f1dd0 pymain_run_file_obj + 180
84 Python 0x1055f1470 pymain_run_file + 72
85 Python 0x1055f0a58 pymain_run_python + 300
86 Python 0x1055f08ec Py_RunMain + 24
87 Python 0x1055f1f78 pymain_main + 56
88 Python 0x1055f223c Py_BytesMain + 40
89 dyld 0x18a18d0e0 start + 2360
Thread 0 crashed with ARM Thread State (64-bit):
x0: 0x000000028021e180 x1: 0x0000000000000000 x2: 0x0000000280041800 x3: 0x000000016b7e6008
x4: 0x000000008cb07ee3 x5: 0x0000000067800000 x6: 0x000000016b7e5f8f x7: 0x0000000000000001
x8: 0x0000000000000000 x9: 0x0000000000000000 x10: 0x0000000280041800 x11: 0x000000028021e208
x12: 0x0000000000000001 x13: 0x00000000ffffffa0 x14: 0x00000000000007fb x15: 0x00000000e762fffb
x16: 0x000000018a50edb4 x17: 0x00000001e9d5fd38 x18: 0x0000000000000000 x19: 0x000000000000001e
x20: 0x000000016b7e6440 x21: 0x0000000000000008 x22: 0x000000016b7e6438 x23: 0x000000016b7e6510
x24: 0x0000000000000000 x25: 0x0000000000000000 x26: 0x0000000000000005 x27: 0x0000000000000005
x28: 0x000000016b7e64c0 fp: 0x000000016b7e60d0 lr: 0x00000001086e0400
sp: 0x000000016b7e6070 pc: 0x00000001086e0ddc cpsr: 0x40001000
far: 0x000000028021e208 esr: 0x9200004f (Data Abort) byte write Permission fault
Binary Images:
0x104c34000 - 0x104c3bfff libffi-trampolines.dylib (*) <8adf6d3b-1308-39d8-912c-bd55ed01fa49> /usr/lib/libffi-trampolines.dylib
0x105f8c000 - 0x105f8ffff _uuid.cpython-310-darwin.so (*) <5406893a-16a9-3917-a57c-a18c30673b38> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_uuid.cpython-310-darwin.so
0x10539c000 - 0x10539ffff _queue.cpython-310-darwin.so (*) <421c1fa3-f6da-33d4-a43e-3e744dbe86d8> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_queue.cpython-310-darwin.so
0x104f0c000 - 0x104f0ffff _heapq.cpython-310-darwin.so (*) <46bf4b96-5b44-3371-92d8-bdaf78687925> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_heapq.cpython-310-darwin.so
0x10536c000 - 0x105383fff _pickle.cpython-310-darwin.so (*) <a9a32f5b-90ee-322a-95ef-0e49ca3071bc> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_pickle.cpython-310-darwin.so
0x104ef8000 - 0x104efbfff resource.cpython-310-darwin.so (*) <db02e1a1-4927-3447-aad4-fa49616d354d> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/resource.cpython-310-darwin.so
0x10686c000 - 0x106ceffff _lief.so (*) <4c4c4441-5555-3144-a1f8-7f67f50e3728> /Users/USER/*/_lief.so
0x108418000 - 0x1095ebfff libunicorn.2.dylib (*) <3f664aa8-7f38-339a-bdd2-4faae3533d84> /Users/USER/*/libunicorn.2.dylib
0x10617c000 - 0x1066effff libcapstone.dylib (*) <21a25ccd-589f-36eb-b38c-b159f4a70161> /Users/USER/*/libcapstone.dylib
0x104ee4000 - 0x104ee7fff _opcode.cpython-310-darwin.so (*) <6aabe736-53ef-3a3d-9492-e0edaf02007b> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_opcode.cpython-310-darwin.so
0x104c5c000 - 0x104c6ffff _ctypes.cpython-310-darwin.so (*) <8710ee5e-53a1-3c8e-a6be-35fba5383f42> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_ctypes.cpython-310-darwin.so
0x104ea8000 - 0x104eabfff _posixsubprocess.cpython-310-darwin.so (*) <d28f8d29-7210-37d1-964f-a77a83f76c3f> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_posixsubprocess.cpython-310-darwin.so
0x104e94000 - 0x104e97fff fcntl.cpython-310-darwin.so (*) <f8cce0d7-6b5e-3da9-a207-fb714939b81c> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/fcntl.cpython-310-darwin.so
0x104cb0000 - 0x104cb3fff _scproxy.cpython-310-darwin.so (*) <90df22dd-8cfb-365d-a85b-8d0d6745c42f> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_scproxy.cpython-310-darwin.so
0x104f24000 - 0x104f53fff _lzma.cpython-310-darwin.so (*) <13cfe756-b593-353d-bfcf-a74de53f6135> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_lzma.cpython-310-darwin.so
0x1049d4000 - 0x1049d7fff _bz2.cpython-310-darwin.so (*) <3d88ed77-d0ef-329d-9f57-4c94ae0b28e4> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bz2.cpython-310-darwin.so
0x104c94000 - 0x104c9bfff zlib.cpython-310-darwin.so (*) <2ef52731-249d-3f3d-ade2-f68b45332f10> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/zlib.cpython-310-darwin.so
0x104ccc000 - 0x104ce3fff _ssl.cpython-310-darwin.so (*) <759becaa-d660-3255-a17a-87b137de5bb1> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_ssl.cpython-310-darwin.so
0x104c14000 - 0x104c1ffff array.cpython-310-darwin.so (*) <502fda2b-73c2-3caa-a980-e4f282becc61> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/array.cpython-310-darwin.so
0x104c44000 - 0x104c4bfff select.cpython-310-darwin.so (*) <06443efd-a639-3015-833c-f473f172608c> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/select.cpython-310-darwin.so
0x1049b0000 - 0x1049bffff _socket.cpython-310-darwin.so (*) <7422f970-d83c-3060-8807-dd28ffe7fb58> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_socket.cpython-310-darwin.so
0x104c00000 - 0x104c03fff _sha512.cpython-310-darwin.so (*) <b8911246-bb80-3ad9-8ecb-d17357ac6122> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_sha512.cpython-310-darwin.so
0x104bec000 - 0x104beffff _random.cpython-310-darwin.so (*) <b0e2bf49-f1db-3ea8-b7b9-99823e9c84ec> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_random.cpython-310-darwin.so
0x104a04000 - 0x104a0bfff _blake2.cpython-310-darwin.so (*) <c041ce87-55d9-38fa-93ef-5ab054d494c8> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_blake2.cpython-310-darwin.so
0x1049e8000 - 0x1049effff _hashlib.cpython-310-darwin.so (*) <466a8544-4477-363e-aedd-9743d1c608d0> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_hashlib.cpython-310-darwin.so
0x104d0c000 - 0x104d5ffff libssl.1.1.dylib (*) <c76ba228-631b-3dd6-9bbc-434903544d36> /Library/Frameworks/Python.framework/Versions/3.10/lib/libssl.1.1.dylib
0x105854000 - 0x1059effff libcrypto.1.1.dylib (*) <469ec5bb-4083-363a-abee-47602ddc717f> /Library/Frameworks/Python.framework/Versions/3.10/lib/libcrypto.1.1.dylib
0x10494c000 - 0x10494ffff _bisect.cpython-310-darwin.so (*) <a37eb635-fe7a-3d44-b1ba-3bb7dc7b0e14> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bisect.cpython-310-darwin.so
0x104ac0000 - 0x104ad3fff _datetime.cpython-310-darwin.so (*) <2f82bafe-ae6c-3ba1-b5eb-6e28f8c0dd9a> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_datetime.cpython-310-darwin.so
0x10492c000 - 0x104937fff math.cpython-310-darwin.so (*) <44e05e35-d5f1-37c1-bd86-cc43e0de1bbf> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/math.cpython-310-darwin.so
0x104998000 - 0x10499ffff _json.cpython-310-darwin.so (*) <14a6b043-a013-37b0-80b0-80710318d95b> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_json.cpython-310-darwin.so
0x104980000 - 0x104987fff binascii.cpython-310-darwin.so (*) <f619bcc2-4d06-34f7-ae65-8001170d28a7> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/binascii.cpython-310-darwin.so
0x104964000 - 0x10496bfff _struct.cpython-310-darwin.so (*) <133bfe87-3bd9-3bd6-9afe-c0b504af5b78> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_struct.cpython-310-darwin.so
0x1053b8000 - 0x105717fff org.python.python (3.10.11, (c) 2001-2023 Python Software Foundation.) <3fe90b0d-d091-3b4e-ac7c-15d5cf743818> /Library/Frameworks/Python.framework/Versions/3.10/Python
0x104614000 - 0x104617fff org.python.python (3.10.11) <ef677878-e7fb-329d-bb8b-0f651210d52b> /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
0x19b07a000 - 0x19b08b64f libffi.dylib (*) <3d2c1bb7-e1c9-3831-976a-c1acd53e7ab7> /usr/lib/libffi.dylib
0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
0x18a187000 - 0x18a21b347 dyld (*) <324e4ad9-e01f-3183-b09f-3e20b326643a> /usr/lib/dyld
0x18a507000 - 0x18a513ff3 libsystem_pthread.dylib (*) <a7d94c96-7b1f-3229-9bea-048d037c3292> /usr/lib/system/libsystem_pthread.dylib
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
VM Region Summary:
ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)
Writable regions: Total=6.8G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=6.8G(100%)
VIRTUAL REGION
REGION TYPE SIZE COUNT (non-coalesced)
=========== ======= =======
Kernel Alloc Once 32K 1
MALLOC 1.4G 31
MALLOC guard page 96K 6
STACK GUARD 16K 1
Stack 16.0M 1
VM_ALLOCATE 1.4G 533
VM_ALLOCATE (reserved) 4.0G 3 reserved VM address space (unallocated)
__AUTH 339K 65
__AUTH_CONST 4056K 147
__DATA 3503K 176
__DATA_CONST 7201K 182
__DATA_DIRTY 365K 59
__LINKEDIT 902.9M 36
__OBJC_RO 71.1M 1
__OBJC_RW 2168K 1
__TEXT 154.1M 190
dyld private memory 272K 2
mapped file 32K 1
shared memory 32K 2
=========== ======= =======
TOTAL 7.9G 1438
TOTAL, minus reserved VM space 3.9G 1438
I noticed this crash log is similar to stackoverflow, so I guess it may also be due to the same reason.
Reproduce this issue:
git clone https://github.com/sledgeh4w/chomper.git
cd chomper
pip3 install capstone lief pyelftools unicorn
pip3 install .
# Replace libunicorn.2.dylib with a locally compiled version, otherwise it will crash directly (This is another issue).
# example_ios_ali_vmp_sign.py and example_ios_bangbang.py will crash, but example_ios_ijm.py don't crash.
python3 examples/example_ios_ali_vmp_sign.py
# Now you can see some output logs, but after running for a while, it will finally crash.
Yes, exactly. You are nesting uc_emu_start, which could potentially leads to this crash. Temporary workaround is not calling uc_emu_start in any callbacks.
Thanks, I understand. Do you have any plans to solve this problem in the future?
Additionally, there may be problem with the dylib provided in the wheel, as it cannot even run the most basic samples in my environment.
-------------------------------------
Translated Report (Full Report Below)
-------------------------------------
Process: Python [34106]
Path: /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
Identifier: org.python.python
Version: 3.10.11 (3.10.11)
Code Type: ARM-64 (Native)
Parent Process: zsh [27245]
Responsible: Terminal [661]
User ID: 502
Date/Time: 2024-10-17 13:04:44.7661 +0800
OS Version: macOS 14.2 (23C64)
Report Version: 12
Anonymous UUID: 3C136E55-0B58-2F1D-FB15-5C5259FAED20
Sleep/Wake UUID: BCA95C49-7928-4E46-AB51-4FD28416BD82
Time Awake Since Boot: 84000 seconds
Time Since Wake: 495 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000280000000
Exception Codes: 0x0000000000000002, 0x0000000280000000
Termination Reason: Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process: exc handler [34106]
VM Region Info: 0x280000000 is in 0x280000000-0x2c0000000; bytes after start: 0 bytes before end: 1073741823
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
unused __TEXT 27b6a4000-27b6a8000 [ 16K] r--/r-- SM=COW ...ed lib __TEXT
GAP OF 0x4958000 BYTES
---> VM_ALLOCATE 280000000-2c0000000 [ 1.0G] rwx/rwx SM=PRV
GAP OF 0xd00000000 BYTES
commpage (reserved) fc0000000-1000000000 [ 1.0G] ---/--- SM=NUL ...(unallocated)
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libunicorn.2.dylib 0x105d9c654 tcg_prologue_init_aarch64 + 88
1 libunicorn.2.dylib 0x105dcc6a0 tcg_exec_init_aarch64 + 324
2 libunicorn.2.dylib 0x105c1d6ec machine_initialize + 88
3 libunicorn.2.dylib 0x105c19354 uc_init_engine + 164
4 libunicorn.2.dylib 0x105c1a95c uc_mem_map + 548
5 libffi.dylib 0x19a546050 ffi_call_SYSV + 80
6 libffi.dylib 0x19a54eadc ffi_call_int + 1208
7 _ctypes.cpython-310-darwin.so 0x1031bc2a8 _ctypes_callproc + 1396
8 _ctypes.cpython-310-darwin.so 0x1031b6338 PyCFuncPtr_call + 208
9 Python 0x103ad4cf8 _PyObject_MakeTpCall + 136
10 Python 0x103c0b238 call_function + 380
11 Python 0x103c03470 _PyEval_EvalFrameDefault + 23772
12 Python 0x103bfbf28 _PyEval_Vector + 360
13 Python 0x103c0b140 call_function + 132
14 Python 0x103c0247c _PyEval_EvalFrameDefault + 19688
15 Python 0x103bfbf28 _PyEval_Vector + 360
16 Python 0x103c0b140 call_function + 132
17 Python 0x103c0247c _PyEval_EvalFrameDefault + 19688
18 Python 0x103bfbf28 _PyEval_Vector + 360
19 Python 0x103c0b140 call_function + 132
20 Python 0x103c0247c _PyEval_EvalFrameDefault + 19688
21 Python 0x103bfbf28 _PyEval_Vector + 360
22 Python 0x103ad5020 _PyObject_FastCallDictTstate + 208
23 Python 0x103b696e0 slot_tp_init + 196
24 Python 0x103b604e0 type_call + 312
25 Python 0x103ad4cf8 _PyObject_MakeTpCall + 136
26 Python 0x103c0b238 call_function + 380
27 Python 0x103c01be0 _PyEval_EvalFrameDefault + 17484
28 Python 0x103bfbf28 _PyEval_Vector + 360
29 Python 0x103ad5020 _PyObject_FastCallDictTstate + 208
30 Python 0x103b696e0 slot_tp_init + 196
31 Python 0x103b604e0 type_call + 312
32 Python 0x103ad4cf8 _PyObject_MakeTpCall + 136
33 Python 0x103c0b238 call_function + 380
34 Python 0x103c01be0 _PyEval_EvalFrameDefault + 17484
35 Python 0x103bfbf28 _PyEval_Vector + 360
36 Python 0x103c0b140 call_function + 132
37 Python 0x103c01b5c _PyEval_EvalFrameDefault + 17352
38 Python 0x103bfbf28 _PyEval_Vector + 360
39 Python 0x103c66c54 pyrun_file + 308
40 Python 0x103c66398 _PyRun_SimpleFileObject + 336
41 Python 0x103c659e4 _PyRun_AnyFileObject + 216
42 Python 0x103c91dd0 pymain_run_file_obj + 180
43 Python 0x103c91470 pymain_run_file + 72
44 Python 0x103c90a58 pymain_run_python + 300
45 Python 0x103c908ec Py_RunMain + 24
46 Python 0x103c91f78 pymain_main + 56
47 Python 0x103c9223c Py_BytesMain + 40
48 dyld 0x1896510e0 start + 2360
Thread 0 crashed with ARM Thread State (64-bit):
x0: 0x00000001080c0000 x1: 0x0000000040000000 x2: 0x00000000ffffffff x3: 0x0000000000041802
x4: 0x00000000ffffffff x5: 0x0000000000000000 x6: 0x0000000000000021 x7: 0x0000000000000002
x8: 0x000000010670f000 x9: 0x00000002c0000000 x10: 0x0000000000002026 x11: 0x0000000005ffa000
x12: 0x000000000000d49d x13: 0x0000000000000009 x14: 0x00000000000007fb x15: 0x000000009dc88ffb
x16: 0x0000000189992254 x17: 0x000000000000d187 x18: 0x0000000000000000 x19: 0x00000001080c0000
x20: 0x0000000280000000 x21: 0x0000000280000000 x22: 0x0000000040000000 x23: 0x000000016d149050
x24: 0x0000000000000000 x25: 0x0000000000000000 x26: 0x0000000000000004 x27: 0x0000000000000004
x28: 0x000000016d149008 fp: 0x000000016d148da0 lr: 0x0000000105dcc6a0
sp: 0x000000016d148d80 pc: 0x0000000105d9c654 cpsr: 0x20001000
far: 0x0000000280000000 esr: 0x9200004f (Data Abort) byte write Permission fault
Binary Images:
0x1039f0000 - 0x1039f3fff _uuid.cpython-310-darwin.so (*) <5406893a-16a9-3917-a57c-a18c30673b38> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_uuid.cpython-310-darwin.so
0x103a1c000 - 0x103a2ffff _datetime.cpython-310-darwin.so (*) <2f82bafe-ae6c-3ba1-b5eb-6e28f8c0dd9a> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_datetime.cpython-310-darwin.so
0x103310000 - 0x103313fff _queue.cpython-310-darwin.so (*) <421c1fa3-f6da-33d4-a43e-3e744dbe86d8> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_queue.cpython-310-darwin.so
0x103234000 - 0x103237fff _heapq.cpython-310-darwin.so (*) <46bf4b96-5b44-3371-92d8-bdaf78687925> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_heapq.cpython-310-darwin.so
0x10396c000 - 0x103983fff _pickle.cpython-310-darwin.so (*) <a9a32f5b-90ee-322a-95ef-0e49ca3071bc> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_pickle.cpython-310-darwin.so
0x1039a8000 - 0x1039b3fff array.cpython-310-darwin.so (*) <502fda2b-73c2-3caa-a980-e4f282becc61> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/array.cpython-310-darwin.so
0x103210000 - 0x10321ffff _socket.cpython-310-darwin.so (*) <7422f970-d83c-3060-8807-dd28ffe7fb58> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_socket.cpython-310-darwin.so
0x1032fc000 - 0x1032fffff resource.cpython-310-darwin.so (*) <db02e1a1-4927-3447-aad4-fa49616d354d> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/resource.cpython-310-darwin.so
0x104cd4000 - 0x105157fff _lief.so (*) <4c4c4441-5555-3144-a1f8-7f67f50e3728> /Users/USER/*/_lief.so
0x105c14000 - 0x106773fff libunicorn.2.dylib (*) <3fa35811-2cad-303d-8488-f547f880d8bb> /Users/USER/*/libunicorn.2.dylib
0x1045e4000 - 0x104b57fff libcapstone.dylib (*) <21a25ccd-589f-36eb-b38c-b159f4a70161> /Users/USER/*/libcapstone.dylib
0x1032e4000 - 0x1032ebfff binascii.cpython-310-darwin.so (*) <f619bcc2-4d06-34f7-ae65-8001170d28a7> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/binascii.cpython-310-darwin.so
0x1032d0000 - 0x1032d3fff _sha512.cpython-310-darwin.so (*) <b8911246-bb80-3ad9-8ecb-d17357ac6122> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_sha512.cpython-310-darwin.so
0x1032bc000 - 0x1032bffff _random.cpython-310-darwin.so (*) <b0e2bf49-f1db-3ea8-b7b9-99823e9c84ec> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_random.cpython-310-darwin.so
0x1032a8000 - 0x1032abfff _bisect.cpython-310-darwin.so (*) <a37eb635-fe7a-3d44-b1ba-3bb7dc7b0e14> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bisect.cpython-310-darwin.so
0x103294000 - 0x103297fff _opcode.cpython-310-darwin.so (*) <6aabe736-53ef-3a3d-9492-e0edaf02007b> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_opcode.cpython-310-darwin.so
0x103324000 - 0x103353fff _lzma.cpython-310-darwin.so (*) <13cfe756-b593-353d-bfcf-a74de53f6135> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_lzma.cpython-310-darwin.so
0x103280000 - 0x103283fff _bz2.cpython-310-darwin.so (*) <3d88ed77-d0ef-329d-9f57-4c94ae0b28e4> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bz2.cpython-310-darwin.so
0x103264000 - 0x10326bfff zlib.cpython-310-darwin.so (*) <2ef52731-249d-3f3d-ade2-f68b45332f10> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/zlib.cpython-310-darwin.so
0x103248000 - 0x10324ffff _struct.cpython-310-darwin.so (*) <133bfe87-3bd9-3bd6-9afe-c0b504af5b78> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_struct.cpython-310-darwin.so
0x1031b0000 - 0x1031c3fff _ctypes.cpython-310-darwin.so (*) <8710ee5e-53a1-3c8e-a6be-35fba5383f42> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_ctypes.cpython-310-darwin.so
0x1031f0000 - 0x1031fbfff math.cpython-310-darwin.so (*) <44e05e35-d5f1-37c1-bd86-cc43e0de1bbf> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/math.cpython-310-darwin.so
0x103160000 - 0x103167fff select.cpython-310-darwin.so (*) <06443efd-a639-3015-833c-f473f172608c> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/select.cpython-310-darwin.so
0x10319c000 - 0x10319ffff _posixsubprocess.cpython-310-darwin.so (*) <d28f8d29-7210-37d1-964f-a77a83f76c3f> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_posixsubprocess.cpython-310-darwin.so
0x103188000 - 0x10318bfff fcntl.cpython-310-darwin.so (*) <f8cce0d7-6b5e-3da9-a207-fb714939b81c> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/fcntl.cpython-310-darwin.so
0x103a58000 - 0x103db7fff org.python.python (3.10.11, (c) 2001-2023 Python Software Foundation.) <3fe90b0d-d091-3b4e-ac7c-15d5cf743818> /Library/Frameworks/Python.framework/Versions/3.10/Python
0x102cb4000 - 0x102cb7fff org.python.python (3.10.11) <ef677878-e7fb-329d-bb8b-0f651210d52b> /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
0x19a53e000 - 0x19a54f64f libffi.dylib (*) <3d2c1bb7-e1c9-3831-976a-c1acd53e7ab7> /usr/lib/libffi.dylib
0x18964b000 - 0x1896df347 dyld (*) <324e4ad9-e01f-3183-b09f-3e20b326643a> /usr/lib/dyld
0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
0x189990000 - 0x1899cafff libsystem_kernel.dylib (*) <ca94fc21-bc40-3b43-b65d-b87ece9e1d48> /usr/lib/system/libsystem_kernel.dylib
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
VM Region Summary:
ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)
Writable regions: Total=2.1G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=2.1G(100%)
VIRTUAL REGION
REGION TYPE SIZE COUNT (non-coalesced)
=========== ======= =======
Kernel Alloc Once 32K 1
MALLOC 1.1G 25
MALLOC guard page 96K 6
STACK GUARD 16K 1
Stack 16.0M 1
VM_ALLOCATE 1.0G 14
__AUTH 339K 65
__AUTH_CONST 4056K 147
__DATA 3343K 168
__DATA_CONST 6929K 175
__DATA_DIRTY 365K 59
__LINKEDIT 896.2M 28
__OBJC_RO 71.1M 1
__OBJC_RW 2168K 1
__TEXT 145.5M 182
dyld private memory 272K 2
shared memory 32K 2
=========== ======= =======
TOTAL 3.2G 878
Thanks, I understand. Do you have any plans to solve this problem in the future?
This is easy to solve if you could provide a smaller reproduction. Usually just we forget to save/restore JIT status before entering JIT regions.
Additionally, there may be problem with the dylib provided in the wheel, as it cannot even run the most basic samples in my environment.
I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue.
But we will soon test the shipped wheel before distribution in #2026
I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue.
The second issue will occur to mu.mem_map(ADDRESS, 2 * 1024 * 1024) in sample_arm64.
I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue.
The second issue will occur to
mu.mem_map(ADDRESS, 2 * 1024 * 1024)in sample_arm64.
Full script?
I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue.
The second issue will occur to
mu.mem_map(ADDRESS, 2 * 1024 * 1024)in sample_arm64.Full script?
I just installed unicorn using pip in a project that only has sample_arm64.
(.venv) yanglizhi@U-143GQMLJ-2215 pythonProject1 % pip install unicorn
Looking in indexes: https://mirrors.aliyun.com/pypi/simple
Collecting unicorn
Using cached https://mirrors.aliyun.com/pypi/packages/08/a7/c109d5d76ed42ea8c620e4de91e8f1003424d10fd3c908649d19af2b9a3f/unicorn-2.1.1-py2.py3-none-macosx_11_0_arm64.whl (12.0 MB)
Installing collected packages: unicorn
Successfully installed unicorn-2.1.1
[notice] A new release of pip is available: 23.2.1 -> 24.2
[notice] To update, run: pip install --upgrade pip
(.venv) yanglizhi@U-143GQMLJ-2215 pythonProject1 % python3 sample_arm64.py
Emulate ARM64 code
zsh: bus error python3 sample_arm64.py
(.venv) yanglizhi@U-143GQMLJ-2215 pythonProject1 %
The crash log is:
-------------------------------------
Translated Report (Full Report Below)
-------------------------------------
Process: Python [56382]
Path: /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
Identifier: org.python.python
Version: 3.10.11 (3.10.11)
Code Type: ARM-64 (Native)
Parent Process: zsh [55787]
Responsible: pycharm [678]
User ID: 502
Date/Time: 2024-10-17 17:02:36.2347 +0800
OS Version: macOS 14.2 (23C64)
Report Version: 12
Anonymous UUID: 3C136E55-0B58-2F1D-FB15-5C5259FAED20
Sleep/Wake UUID: 966CA212-6777-475D-B076-3B60FE5E45ED
Time Awake Since Boot: 97000 seconds
Time Since Wake: 8673 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000280000000
Exception Codes: 0x0000000000000002, 0x0000000280000000
Termination Reason: Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process: exc handler [56382]
VM Region Info: 0x280000000 is in 0x280000000-0x2c0000000; bytes after start: 0 bytes before end: 1073741823
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
unused __TEXT 27b6a4000-27b6a8000 [ 16K] r--/r-- SM=COW ...ed lib __TEXT
GAP OF 0x4958000 BYTES
---> VM_ALLOCATE 280000000-2c0000000 [ 1.0G] rwx/rwx SM=PRV
GAP OF 0xd00000000 BYTES
commpage (reserved) fc0000000-1000000000 [ 1.0G] ---/--- SM=NUL ...(unallocated)
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libunicorn.2.dylib 0x11a8c8654 tcg_prologue_init_aarch64 + 88
1 libunicorn.2.dylib 0x11a8f86a0 tcg_exec_init_aarch64 + 324
2 libunicorn.2.dylib 0x11a7496ec machine_initialize + 88
3 libunicorn.2.dylib 0x11a745354 uc_init_engine + 164
4 libunicorn.2.dylib 0x11a74695c uc_mem_map + 548
5 libffi.dylib 0x19a546050 ffi_call_SYSV + 80
6 libffi.dylib 0x19a54eadc ffi_call_int + 1208
7 _ctypes.cpython-310-darwin.so 0x104e002a8 _ctypes_callproc + 1396
8 _ctypes.cpython-310-darwin.so 0x104dfa338 PyCFuncPtr_call + 208
9 Python 0x105708cf8 _PyObject_MakeTpCall + 136
10 Python 0x10583f238 call_function + 380
11 Python 0x105837470 _PyEval_EvalFrameDefault + 23772
12 Python 0x10582ff28 _PyEval_Vector + 360
13 Python 0x10583f140 call_function + 132
14 Python 0x10583647c _PyEval_EvalFrameDefault + 19688
15 Python 0x10582ff28 _PyEval_Vector + 360
16 Python 0x10583f140 call_function + 132
17 Python 0x105835b5c _PyEval_EvalFrameDefault + 17352
18 Python 0x10582ff28 _PyEval_Vector + 360
19 Python 0x10589ac54 pyrun_file + 308
20 Python 0x10589a398 _PyRun_SimpleFileObject + 336
21 Python 0x1058999e4 _PyRun_AnyFileObject + 216
22 Python 0x1058c5dd0 pymain_run_file_obj + 180
23 Python 0x1058c5470 pymain_run_file + 72
24 Python 0x1058c4a58 pymain_run_python + 300
25 Python 0x1058c48ec Py_RunMain + 24
26 Python 0x1058c5f78 pymain_main + 56
27 Python 0x1058c623c Py_BytesMain + 40
28 dyld 0x1896510e0 start + 2360
Thread 0 crashed with ARM Thread State (64-bit):
x0: 0x0000000108018000 x1: 0x0000000040000000 x2: 0x00000000ffffffff x3: 0x0000000000041802
x4: 0x00000000ffffffff x5: 0x0000000000000000 x6: 0x000000000000000a x7: 0x0000000000000000
x8: 0x000000011b23b000 x9: 0x00000002c0000000 x10: 0x0000000000002026 x11: 0x0000000005ffa000
x12: 0x00000000000009fc x13: 0x0000000000000009 x14: 0x00000000000007fb x15: 0x0000000080eff7fb
x16: 0x0000000189992254 x17: 0x000000000000d187 x18: 0x0000000000000000 x19: 0x0000000108018000
x20: 0x0000000280000000 x21: 0x0000000280000000 x22: 0x0000000040000000 x23: 0x000000016b516340
x24: 0x0000000000000000 x25: 0x0000000000000000 x26: 0x0000000000000004 x27: 0x0000000000000004
x28: 0x000000016b5162f8 fp: 0x000000016b516090 lr: 0x000000011a8f86a0
sp: 0x000000016b516070 pc: 0x000000011a8c8654 cpsr: 0x20001000
far: 0x0000000280000000 esr: 0x9200004f (Data Abort) byte write Permission fault
Binary Images:
0x11a740000 - 0x11b29ffff libunicorn.2.dylib (*) <3fa35811-2cad-303d-8488-f547f880d8bb> /Users/USER/*/libunicorn.2.dylib
0x1050d4000 - 0x1050dbfff binascii.cpython-310-darwin.so (*) <f619bcc2-4d06-34f7-ae65-8001170d28a7> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/binascii.cpython-310-darwin.so
0x105068000 - 0x10506bfff _sha512.cpython-310-darwin.so (*) <b8911246-bb80-3ad9-8ecb-d17357ac6122> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_sha512.cpython-310-darwin.so
0x105090000 - 0x105093fff _random.cpython-310-darwin.so (*) <b0e2bf49-f1db-3ea8-b7b9-99823e9c84ec> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_random.cpython-310-darwin.so
0x104db4000 - 0x104db7fff _bisect.cpython-310-darwin.so (*) <a37eb635-fe7a-3d44-b1ba-3bb7dc7b0e14> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bisect.cpython-310-darwin.so
0x104d94000 - 0x104d9ffff math.cpython-310-darwin.so (*) <44e05e35-d5f1-37c1-bd86-cc43e0de1bbf> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/math.cpython-310-darwin.so
0x105200000 - 0x10522ffff _lzma.cpython-310-darwin.so (*) <13cfe756-b593-353d-bfcf-a74de53f6135> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_lzma.cpython-310-darwin.so
0x105054000 - 0x105057fff _bz2.cpython-310-darwin.so (*) <3d88ed77-d0ef-329d-9f57-4c94ae0b28e4> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_bz2.cpython-310-darwin.so
0x105038000 - 0x10503ffff zlib.cpython-310-darwin.so (*) <2ef52731-249d-3f3d-ade2-f68b45332f10> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/zlib.cpython-310-darwin.so
0x104f24000 - 0x104f27fff _opcode.cpython-310-darwin.so (*) <6aabe736-53ef-3a3d-9492-e0edaf02007b> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_opcode.cpython-310-darwin.so
0x104dcc000 - 0x104dd3fff _struct.cpython-310-darwin.so (*) <133bfe87-3bd9-3bd6-9afe-c0b504af5b78> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_struct.cpython-310-darwin.so
0x104df4000 - 0x104e07fff _ctypes.cpython-310-darwin.so (*) <8710ee5e-53a1-3c8e-a6be-35fba5383f42> /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/lib-dynload/_ctypes.cpython-310-darwin.so
0x10568c000 - 0x1059ebfff org.python.python (3.10.11, (c) 2001-2023 Python Software Foundation.) <3fe90b0d-d091-3b4e-ac7c-15d5cf743818> /Library/Frameworks/Python.framework/Versions/3.10/Python
0x1048e8000 - 0x1048ebfff org.python.python (3.10.11) <ef677878-e7fb-329d-bb8b-0f651210d52b> /Library/Frameworks/Python.framework/Versions/3.10/Resources/Python.app/Contents/MacOS/Python
0x19a53e000 - 0x19a54f64f libffi.dylib (*) <3d2c1bb7-e1c9-3831-976a-c1acd53e7ab7> /usr/lib/libffi.dylib
0x18964b000 - 0x1896df347 dyld (*) <324e4ad9-e01f-3183-b09f-3e20b326643a> /usr/lib/dyld
0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
0x189990000 - 0x1899cafff libsystem_kernel.dylib (*) <ca94fc21-bc40-3b43-b65d-b87ece9e1d48> /usr/lib/system/libsystem_kernel.dylib
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
VM Region Summary:
ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)
Writable regions: Total=2.1G written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=2.1G(100%)
VIRTUAL REGION
REGION TYPE SIZE COUNT (non-coalesced)
=========== ======= =======
Kernel Alloc Once 32K 1
MALLOC 1.1G 29
MALLOC guard page 96K 6
STACK GUARD 16K 1
Stack 16.0M 1
VM_ALLOCATE 1.0G 6
__AUTH 339K 65
__AUTH_CONST 4056K 147
__DATA 3135K 155
__DATA_CONST 5201K 162
__DATA_DIRTY 365K 59
__LINKEDIT 895.4M 15
__OBJC_RO 71.1M 1
__OBJC_RW 2168K 1
__TEXT 135.1M 169
dyld private memory 272K 2
shared memory 32K 2
=========== ======= =======
TOTAL 3.2G 822
If I use locally compiled dylib, this problem would not occur.
I have no idea why the built dynamic libraries by Github Action is failed but #2026 will surely address this by testing the wheels before uploading to pypi. This will be shipped along with 2.1.2, probably before the end of this month.
Locally testing shows that probably the JIT state is not switched but no idea why.
I have found a solution to the first problem, remove a judgment condition in cpu_tb_exec.
if (cpu->uc->nested_level == 1) {
// Only unlock (allow writing to JIT area) if we are the outmost uc_emu_start
tb_exec_unlock(cpu->uc);
}
=>
tb_exec_unlock(cpu->uc);
After this, my program can work normally.
Meanwhile, I noticed that this judgment condition was specifically added by you in the commit.
This would fail other cases. I remember I added corresponding cases and you can run ctest to check.
Generally, the root cause is that we allow users to re-entry the JIT area and the area is shared all together. It’s hard to determine the correct state given current design.
ctest all passed.
yanglizhi@U-143GQMLJ-2215 build % ctest
Test project /Users/yanglizhi/Projects/unicorn/build
Start 1: test_x86
1/12 Test #1: test_x86 ......................... Passed 1.95 sec
Start 2: test_arm
2/12 Test #2: test_arm ......................... Passed 0.32 sec
Start 3: test_arm64
3/12 Test #3: test_arm64 ....................... Passed 0.29 sec
Start 4: test_m68k
4/12 Test #4: test_m68k ........................ Passed 0.28 sec
Start 5: test_mips
5/12 Test #5: test_mips ........................ Passed 0.27 sec
Start 6: test_sparc
6/12 Test #6: test_sparc ....................... Passed 0.27 sec
Start 7: test_ppc
7/12 Test #7: test_ppc ......................... Passed 0.27 sec
Start 8: test_riscv
8/12 Test #8: test_riscv ....................... Passed 0.29 sec
Start 9: test_s390x
9/12 Test #9: test_s390x ....................... Passed 0.27 sec
Start 10: test_tricore
10/12 Test #10: test_tricore ..................... Passed 0.26 sec
Start 11: test_mem
11/12 Test #11: test_mem ......................... Passed 0.27 sec
Start 12: test_ctl
12/12 Test #12: test_ctl ......................... Passed 0.29 sec
100% tests passed, 0 tests failed out of 12
Total Test time (real) = 5.05 sec
There are two judgment conditions in your commit, removing the condition in cpu_exec_common.c will cause the test to fail, but removing the condition in cpu_exec.c will not.
I can't remember the exact context of this commit and I will have a check.
By the way, could have a try with the wheel from here: https://github.com/unicorn-engine/unicorn/actions/runs/11385747394 (note artifacts below)
By the way, could have a try with the wheel from here: https://github.com/unicorn-engine/unicorn/actions/runs/11385747394 (note artifacts below)
Still crashing. Is my system version or CPU is too new (14.2 + M3 Pro) ?
By the way, could have a try with the wheel from here: https://github.com/unicorn-engine/unicorn/actions/runs/11385747394 (note artifacts below)
Still crashing. Is my system version or CPU is too new (14.2 + M3 Pro) ?
That's weird, these wheels pass all simple tests (including the sample you mentioned)
Thanks, I understand. Do you have any plans to solve this problem in the future?
This is easy to solve if you could provide a smaller reproduction. Usually just we forget to save/restore JIT status before entering JIT regions.
Additionally, there may be problem with the dylib provided in the wheel, as it cannot even run the most basic samples in my environment.
I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue.
But we will soon test the shipped wheel before distribution in #2026
Sorry, it's been a while. I extracted the reproduction code.
I have another similar issue (simulating x86 programs on m3pro)
terminal output:
[1] 15538 bus error sudo python3.13 ./fibonacci.py
report:
-------------------------------------
Translated Report (Full Report Below)
-------------------------------------
Process: Python [15356]
Path: /opt/homebrew/*/Python.framework/Versions/3.13/Resources/Python.app/Contents/MacOS/Python
Identifier: org.python.python
Version: 3.13.0 (3.13.0)
Code Type: ARM-64 (Native)
Parent Process: Exited process [15355]
Responsible: Electron [7991]
User ID: 0
Date/Time: 2024-11-19 01:03:24.4021 +0800
OS Version: macOS 15.1 (24B83)
Report Version: 12
Anonymous UUID: AD2ABAFE-AE0C-5363-06FB-0418F9FF654F
Sleep/Wake UUID: 7B864683-D5AD-418D-94A0-6876656ACBE2
Time Awake Since Boot: 7400 seconds
Time Since Wake: 4090 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000300000000
Exception Codes: 0x0000000000000002, 0x0000000300000000
Termination Reason: Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process: exc handler [15356]
VM Region Info: 0x300000000 is in 0x300000000-0x340000000; bytes after start: 0 bytes before end: 1073741823
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
unused __TEXT 2ae248000-2ae24c000 [ 16K] r--/r-- SM=COW unused unknown system shared lib __TEXT
GAP OF 0x51db4000 BYTES
---> VM_ALLOCATE 300000000-340000000 [ 1.0G] rwx/rwx SM=PRV
GAP OF 0xc80000000 BYTES
commpage (reserved) fc0000000-1000000000 [ 1.0G] ---/--- SM=NUL reserved VM address space (unallocated)
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libunicorn.2.dylib 0x1048fc02c tcg_prologue_init_x86_64 + 88
1 libunicorn.2.dylib 0x10492abd4 tcg_exec_init_x86_64 + 236
2 libunicorn.2.dylib 0x1048d16ec machine_initialize + 88
3 libunicorn.2.dylib 0x1048cd354 uc_init_engine + 164
4 libunicorn.2.dylib 0x1048ce95c uc_mem_map + 548
5 libffi.dylib 0x1a4da3050 ffi_call_SYSV + 80
6 libffi.dylib 0x1a4dabb04 ffi_call_int + 1208
7 _ctypes.cpython-313-darwin.so 0x10310f3a0 _ctypes_callproc + 780
8 _ctypes.cpython-313-darwin.so 0x10310ca1c PyCFuncPtr_call + 260
9 Python 0x1031abc60 _PyObject_MakeTpCall + 124
10 Python 0x1032d3714 _PyEval_EvalFrameDefault + 9020
11 Python 0x1032d1180 PyEval_EvalCode + 200
12 Python 0x1033411a4 run_eval_code_obj + 104
13 Python 0x103340be4 run_mod + 168
14 Python 0x10333f518 pyrun_file + 164
15 Python 0x10333e854 _PyRun_SimpleFileObject + 256
16 Python 0x10333e4e8 _PyRun_AnyFileObject + 80
17 Python 0x103366028 pymain_run_file_obj + 164
18 Python 0x103365ce4 pymain_run_file + 72
19 Python 0x103364f74 Py_RunMain + 988
20 Python 0x103365564 pymain_main + 304
21 Python 0x103365604 Py_BytesMain + 40
22 dyld 0x192d90274 start + 2840
Thread 0 crashed with ARM Thread State (64-bit):
x0: 0x00000001280e8000 x1: 0x0000000040000000 x2: 0x00000000ffffffff x3: 0x0000000000041802
x4: 0x00000000ffffffff x5: 0x0000000000000000 x6: 0x0000600001b7f660 x7: 0x0000000000000002
x8: 0x00000001053c3000 x9: 0x0000000340000000 x10: 0x0000000000002026 x11: 0x0000000005ffa000
x12: 0x0000000000002155 x13: 0x0000000102cbec28 x14: 0x0000000000000000 x15: 0x00000000000007fb
x16: 0x00000001930d27d0 x17: 0x000000000000d187 x18: 0x0000000000000000 x19: 0x00000001280e8000
x20: 0x0000000300000000 x21: 0x0000000300000000 x22: 0x0000000040000000 x23: 0x000000016d19aa18
x24: 0x0000000000000000 x25: 0x0000000000000000 x26: 0x0000000000000004 x27: 0x0000000000000004
x28: 0x000000016d19a9d8 fp: 0x000000016d19a770 lr: 0x000000010492abd4
sp: 0x000000016d19a750 pc: 0x00000001048fc02c cpsr: 0x20001000
far: 0x0000000300000000 esr: 0x9200004f (Data Abort) byte write Permission fault
Binary Images:
0x102c64000 - 0x102c67fff org.python.python (3.13.0) <d44e5971-f800-323d-b00a-66b9d5d8577a> /opt/homebrew/*/Python.framework/Versions/3.13/Resources/Python.app/Contents/MacOS/Python
0x10314c000 - 0x1034d3fff org.python.python (3.13.0, (c) 2001-2024 Python Software Foundation.) <64c2b76a-e1e2-3282-8114-2bcf48c271ec> /opt/homebrew/*/Python.framework/Versions/3.13/Python
0x103104000 - 0x103117fff _ctypes.cpython-313-darwin.so (*) <92eca15c-b83c-36c5-97ed-34c54eab141d> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_ctypes.cpython-313-darwin.so
0x10312c000 - 0x103133fff _struct.cpython-313-darwin.so (*) <ec98f0eb-a849-3423-b7fa-69372f65e4ef> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_struct.cpython-313-darwin.so
0x1030f0000 - 0x1030f3fff grp.cpython-313-darwin.so (*) <9137a95b-ba27-3a27-b8d8-d21fcb1733df> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/grp.cpython-313-darwin.so
0x103798000 - 0x10379bfff _opcode.cpython-313-darwin.so (*) <fd1345aa-8c2f-3eae-a1e6-fb9f6a689529> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_opcode.cpython-313-darwin.so
0x1037c4000 - 0x1037cbfff zlib.cpython-313-darwin.so (*) <1f25a98e-3fe1-31c9-9d2a-bc929dbba8dd> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/zlib.cpython-313-darwin.so
0x1037ac000 - 0x1037affff _bz2.cpython-313-darwin.so (*) <2c11af0f-a61d-3e45-8555-46bf89e5092a> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_bz2.cpython-313-darwin.so
0x1037f4000 - 0x1037fbfff _lzma.cpython-313-darwin.so (*) <2aee7417-4b2e-34ab-bdad-315b1e9b074c> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_lzma.cpython-313-darwin.so
0x10383c000 - 0x10385bfff liblzma.5.dylib (*) <dc958b6f-5b2e-39cb-ab02-bdad84357e36> /opt/homebrew/*/liblzma.5.dylib
0x10386c000 - 0x103877fff math.cpython-313-darwin.so (*) <ae1eb5a2-25e6-3780-ad4f-2ba5448cf462> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/math.cpython-313-darwin.so
0x1037dc000 - 0x1037dffff _bisect.cpython-313-darwin.so (*) <e8bf6f94-2ce8-34dd-a039-fc5236c28365> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_bisect.cpython-313-darwin.so
0x10380c000 - 0x10380ffff _random.cpython-313-darwin.so (*) <9669cd01-aa3d-36fc-a140-99db643d5a52> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_random.cpython-313-darwin.so
0x103820000 - 0x103823fff binascii.cpython-313-darwin.so (*) <f1ea4182-b110-3f43-8ae1-049bf07f2ee6> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/binascii.cpython-313-darwin.so
0x1048c8000 - 0x105427fff libunicorn.2.dylib (*) <3fa35811-2cad-303d-8488-f547f880d8bb> /opt/homebrew/*/libunicorn.2.dylib
0x1a4d9b000 - 0x1a4dac687 libffi.dylib (*) <64a07b10-8c91-3b60-8f03-a8803e112a85> /usr/lib/libffi.dylib
0x192d8a000 - 0x192e0c7b3 dyld (*) <6beafde4-b011-3e47-8aae-4d7b6e4bb7e8> /usr/lib/dyld
0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
0x1930d1000 - 0x19310bff7 libsystem_kernel.dylib (*) <9fea25a4-e8ca-3f3d-901c-a53ff2bc7217> /usr/lib/system/libsystem_kernel.dylib
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
VM Region Summary:
ReadOnly portion of Libraries: Total=818.2M resident=0K(0%) swapped_out_or_unallocated=818.2M(100%)
Writable regions: Total=1.7G written=289K(0%) resident=289K(0%) swapped_out=0K(0%) unallocated=1.7G(100%)
VIRTUAL REGION
REGION TYPE SIZE COUNT (non-coalesced)
=========== ======= =======
Kernel Alloc Once 32K 1
MALLOC 650.2M 13
MALLOC guard page 96K 6
STACK GUARD 16K 1
Stack 16.0M 1
VM_ALLOCATE 1.0G 8
__AUTH 747K 155
__AUTH_CONST 12.4M 290
__DATA 5203K 284
__DATA_CONST 11.0M 305
__DATA_DIRTY 456K 93
__FONT_DATA 2352 1
__LINKEDIT 587.8M 16
__OBJC_RW 2354K 1
__TEXT 230.4M 314
__TPRO_CONST 272K 2
page table in kernel 289K 1
shared memory 48K 2
=========== ======= =======
TOTAL 2.5G 1494
I have another similar issue (simulating x86 programs on m3pro)
terminal output:
[1] 15538 bus error sudo python3.13 ./fibonacci.pyreport:
------------------------------------- Translated Report (Full Report Below) ------------------------------------- Process: Python [15356] Path: /opt/homebrew/*/Python.framework/Versions/3.13/Resources/Python.app/Contents/MacOS/Python Identifier: org.python.python Version: 3.13.0 (3.13.0) Code Type: ARM-64 (Native) Parent Process: Exited process [15355] Responsible: Electron [7991] User ID: 0 Date/Time: 2024-11-19 01:03:24.4021 +0800 OS Version: macOS 15.1 (24B83) Report Version: 12 Anonymous UUID: AD2ABAFE-AE0C-5363-06FB-0418F9FF654F Sleep/Wake UUID: 7B864683-D5AD-418D-94A0-6876656ACBE2 Time Awake Since Boot: 7400 seconds Time Since Wake: 4090 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000300000000 Exception Codes: 0x0000000000000002, 0x0000000300000000 Termination Reason: Namespace SIGNAL, Code 10 Bus error: 10 Terminating Process: exc handler [15356] VM Region Info: 0x300000000 is in 0x300000000-0x340000000; bytes after start: 0 bytes before end: 1073741823 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL unused __TEXT 2ae248000-2ae24c000 [ 16K] r--/r-- SM=COW unused unknown system shared lib __TEXT GAP OF 0x51db4000 BYTES ---> VM_ALLOCATE 300000000-340000000 [ 1.0G] rwx/rwx SM=PRV GAP OF 0xc80000000 BYTES commpage (reserved) fc0000000-1000000000 [ 1.0G] ---/--- SM=NUL reserved VM address space (unallocated) Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libunicorn.2.dylib 0x1048fc02c tcg_prologue_init_x86_64 + 88 1 libunicorn.2.dylib 0x10492abd4 tcg_exec_init_x86_64 + 236 2 libunicorn.2.dylib 0x1048d16ec machine_initialize + 88 3 libunicorn.2.dylib 0x1048cd354 uc_init_engine + 164 4 libunicorn.2.dylib 0x1048ce95c uc_mem_map + 548 5 libffi.dylib 0x1a4da3050 ffi_call_SYSV + 80 6 libffi.dylib 0x1a4dabb04 ffi_call_int + 1208 7 _ctypes.cpython-313-darwin.so 0x10310f3a0 _ctypes_callproc + 780 8 _ctypes.cpython-313-darwin.so 0x10310ca1c PyCFuncPtr_call + 260 9 Python 0x1031abc60 _PyObject_MakeTpCall + 124 10 Python 0x1032d3714 _PyEval_EvalFrameDefault + 9020 11 Python 0x1032d1180 PyEval_EvalCode + 200 12 Python 0x1033411a4 run_eval_code_obj + 104 13 Python 0x103340be4 run_mod + 168 14 Python 0x10333f518 pyrun_file + 164 15 Python 0x10333e854 _PyRun_SimpleFileObject + 256 16 Python 0x10333e4e8 _PyRun_AnyFileObject + 80 17 Python 0x103366028 pymain_run_file_obj + 164 18 Python 0x103365ce4 pymain_run_file + 72 19 Python 0x103364f74 Py_RunMain + 988 20 Python 0x103365564 pymain_main + 304 21 Python 0x103365604 Py_BytesMain + 40 22 dyld 0x192d90274 start + 2840 Thread 0 crashed with ARM Thread State (64-bit): x0: 0x00000001280e8000 x1: 0x0000000040000000 x2: 0x00000000ffffffff x3: 0x0000000000041802 x4: 0x00000000ffffffff x5: 0x0000000000000000 x6: 0x0000600001b7f660 x7: 0x0000000000000002 x8: 0x00000001053c3000 x9: 0x0000000340000000 x10: 0x0000000000002026 x11: 0x0000000005ffa000 x12: 0x0000000000002155 x13: 0x0000000102cbec28 x14: 0x0000000000000000 x15: 0x00000000000007fb x16: 0x00000001930d27d0 x17: 0x000000000000d187 x18: 0x0000000000000000 x19: 0x00000001280e8000 x20: 0x0000000300000000 x21: 0x0000000300000000 x22: 0x0000000040000000 x23: 0x000000016d19aa18 x24: 0x0000000000000000 x25: 0x0000000000000000 x26: 0x0000000000000004 x27: 0x0000000000000004 x28: 0x000000016d19a9d8 fp: 0x000000016d19a770 lr: 0x000000010492abd4 sp: 0x000000016d19a750 pc: 0x00000001048fc02c cpsr: 0x20001000 far: 0x0000000300000000 esr: 0x9200004f (Data Abort) byte write Permission fault Binary Images: 0x102c64000 - 0x102c67fff org.python.python (3.13.0) <d44e5971-f800-323d-b00a-66b9d5d8577a> /opt/homebrew/*/Python.framework/Versions/3.13/Resources/Python.app/Contents/MacOS/Python 0x10314c000 - 0x1034d3fff org.python.python (3.13.0, (c) 2001-2024 Python Software Foundation.) <64c2b76a-e1e2-3282-8114-2bcf48c271ec> /opt/homebrew/*/Python.framework/Versions/3.13/Python 0x103104000 - 0x103117fff _ctypes.cpython-313-darwin.so (*) <92eca15c-b83c-36c5-97ed-34c54eab141d> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_ctypes.cpython-313-darwin.so 0x10312c000 - 0x103133fff _struct.cpython-313-darwin.so (*) <ec98f0eb-a849-3423-b7fa-69372f65e4ef> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_struct.cpython-313-darwin.so 0x1030f0000 - 0x1030f3fff grp.cpython-313-darwin.so (*) <9137a95b-ba27-3a27-b8d8-d21fcb1733df> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/grp.cpython-313-darwin.so 0x103798000 - 0x10379bfff _opcode.cpython-313-darwin.so (*) <fd1345aa-8c2f-3eae-a1e6-fb9f6a689529> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_opcode.cpython-313-darwin.so 0x1037c4000 - 0x1037cbfff zlib.cpython-313-darwin.so (*) <1f25a98e-3fe1-31c9-9d2a-bc929dbba8dd> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/zlib.cpython-313-darwin.so 0x1037ac000 - 0x1037affff _bz2.cpython-313-darwin.so (*) <2c11af0f-a61d-3e45-8555-46bf89e5092a> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_bz2.cpython-313-darwin.so 0x1037f4000 - 0x1037fbfff _lzma.cpython-313-darwin.so (*) <2aee7417-4b2e-34ab-bdad-315b1e9b074c> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_lzma.cpython-313-darwin.so 0x10383c000 - 0x10385bfff liblzma.5.dylib (*) <dc958b6f-5b2e-39cb-ab02-bdad84357e36> /opt/homebrew/*/liblzma.5.dylib 0x10386c000 - 0x103877fff math.cpython-313-darwin.so (*) <ae1eb5a2-25e6-3780-ad4f-2ba5448cf462> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/math.cpython-313-darwin.so 0x1037dc000 - 0x1037dffff _bisect.cpython-313-darwin.so (*) <e8bf6f94-2ce8-34dd-a039-fc5236c28365> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_bisect.cpython-313-darwin.so 0x10380c000 - 0x10380ffff _random.cpython-313-darwin.so (*) <9669cd01-aa3d-36fc-a140-99db643d5a52> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/_random.cpython-313-darwin.so 0x103820000 - 0x103823fff binascii.cpython-313-darwin.so (*) <f1ea4182-b110-3f43-8ae1-049bf07f2ee6> /opt/homebrew/*/Python.framework/Versions/3.13/lib/python3.13/lib-dynload/binascii.cpython-313-darwin.so 0x1048c8000 - 0x105427fff libunicorn.2.dylib (*) <3fa35811-2cad-303d-8488-f547f880d8bb> /opt/homebrew/*/libunicorn.2.dylib 0x1a4d9b000 - 0x1a4dac687 libffi.dylib (*) <64a07b10-8c91-3b60-8f03-a8803e112a85> /usr/lib/libffi.dylib 0x192d8a000 - 0x192e0c7b3 dyld (*) <6beafde4-b011-3e47-8aae-4d7b6e4bb7e8> /usr/lib/dyld 0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ??? 0x1930d1000 - 0x19310bff7 libsystem_kernel.dylib (*) <9fea25a4-e8ca-3f3d-901c-a53ff2bc7217> /usr/lib/system/libsystem_kernel.dylib External Modification Summary: Calls made by other processes targeting this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by all processes on this machine: task_for_pid: 0 thread_create: 0 thread_set_state: 0 VM Region Summary: ReadOnly portion of Libraries: Total=818.2M resident=0K(0%) swapped_out_or_unallocated=818.2M(100%) Writable regions: Total=1.7G written=289K(0%) resident=289K(0%) swapped_out=0K(0%) unallocated=1.7G(100%) VIRTUAL REGION REGION TYPE SIZE COUNT (non-coalesced) =========== ======= ======= Kernel Alloc Once 32K 1 MALLOC 650.2M 13 MALLOC guard page 96K 6 STACK GUARD 16K 1 Stack 16.0M 1 VM_ALLOCATE 1.0G 8 __AUTH 747K 155 __AUTH_CONST 12.4M 290 __DATA 5203K 284 __DATA_CONST 11.0M 305 __DATA_DIRTY 456K 93 __FONT_DATA 2352 1 __LINKEDIT 587.8M 16 __OBJC_RW 2354K 1 __TEXT 230.4M 314 __TPRO_CONST 272K 2 page table in kernel 289K 1 shared memory 48K 2 =========== ======= ======= TOTAL 2.5G 1494
Your case might be the same as the second problem I mentioned above. The wheel on PyPI is not available, and building the wheel locally should resolve this problem.
Thanks, I understand. Do you have any plans to solve this problem in the future?
This is easy to solve if you could provide a smaller reproduction. Usually just we forget to save/restore JIT status before entering JIT regions.
Additionally, there may be problem with the dylib provided in the wheel, as it cannot even run the most basic samples in my environment.
I have no idea about this. The building environment should be the same or there might be Github Action bugs. Again, we need a reproduction to locate this issue. But we will soon test the shipped wheel before distribution in #2026
Sorry, it's been a while. I extracted the reproduction code.
Could you possibly take a look at this? @wtdcode
I found a way to reproduce this. It crashes pretty early when initializing the Unicorn instance. Unfortunately, there is no debug symbols for the released binary so I need a bit more time to investigate.
@sledgeh4w Could you test the artifact from a more recent building: https://github.com/unicorn-engine/unicorn/actions/runs/12211818265 ?
I tested the cibw-wheels-macos-latest-7-py38 downloaded from this run. It works well while the artifact from older runs doesn't work indeed. I believe that we should blame Github Action for the crash or @Antelox work fixes this. Either way, please have a try!
By further inspecting the artifact that doesn't work, the JIT state is not properly saved and restored. The relevant functions are compiled as no-ops as x64 macOS.
@sledgeh4w Could you test the artifact from a more recent building: https://github.com/unicorn-engine/unicorn/actions/runs/12211818265 ?
I tested the cibw-wheels-macos-latest-7-py38 downloaded from this run. It works well while the artifact from older runs doesn't work indeed. I believe that we should blame Github Action for the crash or @Antelox work fixes this. Either way, please have a try!
By further inspecting the artifact that doesn't work, the JIT state is not properly saved and restored. The relevant functions are compiled as no-ops as x64 macOS.
Unfortunately, it has not been resolved.
I found a way to reproduce this. It crashes pretty early when initializing the Unicorn instance. Unfortunately, there is no debug symbols for the released binary so I need a bit more time to investigate.
This code is used to reproduce crashes during nesting call uc_emu_start, perhaps you could test it again.
The root cause is the Github Action not allowing access to SPRR registers. I submitted an issue: https://github.com/actions/runner-images/issues/11127
I will disable the distribution of pre-built wheels for arm64 in the next release.
At this moment, users need to build unicorn locally.
Actually, I'm still getting this issue after building locally. Is there anything special I need to do in the build?
Seems the uc_mem_write function is still culprit.
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000300000000
Exception Codes: 0x0000000000000002, 0x0000000300000000
Termination Reason: Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process: exc handler [82948]
VM Region Info: 0x300000000 is in 0x300000000-0x340000000; bytes after start: 0 bytes before end: 1073741823
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
unused __TEXT 284c34000-284c38000 [ 16K] r--/r-- SM=COW unused unknown system shared lib __TEXT
GAP OF 0x7b3c8000 BYTES
---> VM_ALLOCATE 300000000-340000000 [ 1.0G] rwx/rwx SM=PRV
GAP OF 0xc80000000 BYTES
commpage (reserved) fc0000000-1000000000 [ 1.0G] ---/--- SM=NUL reserved VM address space (unallocated)
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libunicorn.2.dylib 0x103777dec tcg_prologue_init_x86_64 + 88
1 libunicorn.2.dylib 0x1037a6994 tcg_exec_init_x86_64 + 236
2 libunicorn.2.dylib 0x10374d4ac machine_initialize + 88
3 libunicorn.2.dylib 0x103749114 uc_init_engine + 164
4 libunicorn.2.dylib 0x103749ad4 uc_mem_write + 512
5 libffi.dylib 0x19ad30050 ffi_call_SYSV + 80
6 libffi.dylib 0x19ad38ae0 ffi_call_int + 1212
Ah, I fixed it. My cmake was x86_64, but my Python was arm64. So the compiled library would refuse to load and it would instead load the older one.
I get the same issue when installing unicorn using pip install unicorn (2.1.1) and same issue when downloading directly the release package macos-arm64-cmake-shared-x64.7z.
$ DYLD_LIBRARY_PATH=./lib ./test_arm
Test test_arm_nop... Test interrupted by signal 10.
Test test_arm_thumb_sub... Test interrupted by signal 10.
Test test_armeb_sub... Test interrupted by signal 10.
Test test_armeb_be8_sub... Test interrupted by signal 10.
Test test_arm_thumbeb_sub... Test interrupted by signal 10.
Test test_arm_thumb_ite... Test interrupted by signal 10.
Test test_arm_m_thumb_mrs... Test interrupted by signal 10.
Test test_arm_m_control... Test interrupted by signal 10.
Test test_arm_m_exc_return... Test interrupted by signal 10.
Test test_arm_und32_to_svc32... Test interrupted by signal 10.
Test test_arm_usr32_to_svc32... Test interrupted by signal 10.
Test test_arm_v8... Test interrupted by signal 10.
Test test_arm_thumb_smlabb... Test interrupted by signal 10.
Test test_arm_not_allow_privilege_escalation... Test interrupted by signal 10.
Test test_arm_mrc... Test interrupted by signal 10.
Test test_arm_hflags_rebuilt... Test interrupted by signal 10.
Test test_arm_mem_access_abort... Test interrupted by signal 10.
Test test_arm_read_sctlr... Test interrupted by signal 10.
Test test_arm_be_cpsr_sctlr... Test interrupted by signal 10.
Test test_arm_switch_endian... Test interrupted by signal 10.
Test test_armeb_ldrb... Test interrupted by signal 10.
Test test_arm_context_save... Test interrupted by signal 10.
Test test_arm_thumb2... Test interrupted by signal 10.
Test test_armeb_be32_thumb2... Test interrupted by signal 10.
FAILED: 24 of 24 unit tests have failed.
The backtrace:
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x300000000)
* frame #0: 0x00000001017c262c libunicorn.2.dylib`___lldb_unnamed_symbol32599 + 32
frame #1: 0x00000001017c1e10 libunicorn.2.dylib`___lldb_unnamed_symbol32593 + 272
frame #2: 0x00000001017bae4c libunicorn.2.dylib`___lldb_unnamed_symbol32549 + 80
frame #3: 0x00000001017bad28 libunicorn.2.dylib`tcg_prologue_init_arm + 148
frame #4: 0x0000000101804a24 libunicorn.2.dylib`tcg_exec_init_arm + 120
frame #5: 0x000000010167497c libunicorn.2.dylib`machine_initialize + 108
frame #6: 0x000000010166ddd4 libunicorn.2.dylib`___lldb_unnamed_symbol29156 + 188
frame #7: 0x000000010166fd0c libunicorn.2.dylib`uc_mem_map + 88
frame #8: 0x000000010000e5d8 test_arm`uc_common_setup + 348
frame #9: 0x0000000100005c1c test_arm`test_arm_nop + 80
frame #10: 0x000000010000e08c test_arm`acutest_do_run_ + 244
frame #11: 0x0000000100005aac test_arm`acutest_run_ + 844
frame #12: 0x00000001000043cc test_arm`main + 784
frame #13: 0x0000000184cc0274 dyld`start + 2840
My host is: MacOS 15.1 (Apple Silicon M1)
