DynamoRIO · edeiana · Feb 28, 2025 · Dec 27, 2024 · Dec 27, 2024 · Dec 27, 2024
diff --git a/api/docs/intro.dox b/api/docs/intro.dox
@@ -470,7 +470,9 @@ preferred client library base in the low 4GB.  The \ref op_reachable_client
 "-reachable_client runtime option" can be used to remove this guarantee.
 The option is automatically turned off when DynamoRIO and clients are
 statically linked with the application: for such static usage, 32-bit
-reachability to the code cache by clients is not guaranteed.
+reachability to the code cache by clients is not guaranteed. It is also
+disabled on macOS, where the lack of a private loader means we cannot
+control where the client library gets loaded.
 
 The net result is that any static data or code in a client library, or any
 data allocated using DynamoRIO's API routines (except dr_raw_mem_alloc() or

diff --git a/core/optionsx.h b/core/optionsx.h
@@ -1674,7 +1674,9 @@ OPTION_DEFAULT(bool, reachable_heap, false,
                "guarantee that all heap memory is 32-bit-displacement "
                "reachable from the code cache.")
 /* i#3570: For static DR we do not guarantee reachability. */
-OPTION_DEFAULT(bool, reachable_client, IF_STATIC_LIBRARY_ELSE(false, true),
+/* i#7296: On macOS we have no private loader and cannot realiably alloc near client */
+OPTION_DEFAULT(bool, reachable_client,
+               IF_STATIC_LIBRARY_ELSE(false, IF_MACOS_ELSE(false, true)),
                "guarantee that clients are reachable from the code cache.")
 #endif
 /* XXX i#3566: Support for W^X has some current limitations:

diff --git a/core/unix/signal.c b/core/unix/signal.c
@@ -7696,8 +7696,6 @@ os_forge_exception(app_pc target_pc, dr_exception_type_t type)
     sigframe_rt_t *frame = (sigframe_rt_t *)frame_no_xstate;
     int sig;
     dr_where_am_i_t cur_whereami = dcontext->whereami;
-    kernel_ucontext_t *uc = get_ucontext_from_rt_frame(frame);
-    sigcontext_t *sc = SIGCXT_FROM_UCXT(uc);
     switch (type) {
     case ILLEGAL_INSTRUCTION_EXCEPTION: sig = SIGILL; break;
     case UNREADABLE_MEMORY_EXECUTION_EXCEPTION: sig = SIGSEGV; break;
@@ -7715,6 +7713,18 @@ os_forge_exception(app_pc target_pc, dr_exception_type_t type)
      * to a plain frame on delivery.
      */
     memset(frame, 0, sizeof(*frame));
+
+    kernel_ucontext_t *uc = get_ucontext_from_rt_frame(frame);
+#if defined(MACOS)
+    /* Since SIGCXT_FROM_UCXT just accesses the uc->uc_mcontext ptr field on
+     * macOS, sc will be NULL below if we do not initialize uc_mcontext first.
+     * On macOS, the uc_mcontext pointer always just points to the mcontext
+     * elsewhere in the frame.
+     */
+    uc->IF_X64_ELSE(uc_mcontext64, uc_mcontext) = (void *)&frame->mc;
+#endif
+    sigcontext_t *sc = SIGCXT_FROM_UCXT(uc);
+
     frame->info.si_signo = sig;
     /* Set si_code to match what would happen natively.  We also need this to
      * avoid the !is_sys_kill() check in record_pending_signal() to avoid an

diff --git a/suite/tests/CMakeLists.txt b/suite/tests/CMakeLists.txt
@@ -6173,13 +6173,15 @@ if (NOT ARM) # FIXME i#1551: fix bugs on ARM
   endif ()
 endif (NOT ARM)
 
-if (X86 OR AARCH64) # FIXME i#1551: port asm to ARM
+# FIXME i#1551: port asm to ARM
+# FIXME i#5383: selfmod tests fail to build on macOS + ARM64
+if (X86 OR AARCH64 AND NOT (APPLE AND AARCH64))
   tobuild(security-common.selfmod2 security-common/selfmod2.c)
   tochcon(security-common.selfmod2 textrel_shlib_t)
 
   tobuild(security-common.selfmod security-common/selfmod.c)
   tochcon(security-common.selfmod textrel_shlib_t)
-endif (X86 OR AARCH64)
+endif (X86 OR AARCH64 AND NOT (APPLE AND AARCH64))
 
 if (X86) # FIXME i#1551, i#1569: port asm to ARM and AArch64
   if (NOT APPLE) # XXX i#58: port test to MacOS

diff --git a/suite/tests/client-interface/cbr-retarget.c b/suite/tests/client-interface/cbr-retarget.c
@@ -62,9 +62,13 @@ main(void)
     }
     ;
 #elif defined(AARCH64)
-    __asm("cbnz xzr, skip");
+    __asm("cbnz xzr, 1f");
+#    ifdef MACOS
+    __asm("bl _foo");
+#    else
     __asm("bl foo");
-    __asm("skip:");
+#    endif
+    __asm("1:");
 #else
     __asm("movl $0x0, %ecx");
     __asm("cmp $0x0, %ecx");

diff --git a/suite/tests/client-interface/strace.dll.c b/suite/tests/client-interface/strace.dll.c
@@ -349,7 +349,9 @@ event_post_syscall(void *drcontext, int sysnum)
 static int
 get_write_sysnum(void)
 {
-#ifdef UNIX
+#if defined(MACOS)
+    return SYS_write_nocancel;
+#elif defined(UNIX)
     return SYS_write;
 #else
     byte *entry;

diff --git a/suite/tests/linux/mangle_pauth.c b/suite/tests/linux/mangle_pauth.c
@@ -109,8 +109,10 @@ handle_signal(int signal, siginfo_t *siginfo, ucontext_t *ucxt)
          * We need to strip the PAC from from the fault address to canonicalize it and
          * compare it to the expected branch target address.
          */
-        const uintptr_t fault_pc = strip_pac(ucxt->uc_mcontext.pc);
-        LOG("    ucxt->uc_mcontext.pc = " PFX "\n", ucxt->uc_mcontext.pc);
+        const uintptr_t pc =
+            IF_MACOS_ELSE(ucxt->uc_mcontext->__ss.__pc, ucxt->uc_mcontext.pc);
+        const uintptr_t fault_pc = strip_pac(pc);
+        LOG("    ucxt->uc_mcontext.pc = " PFX "\n", pc);
         LOG("    fault_pc =             " PFX "\n", fault_pc);
         LOG("    branch_target_addr =   " PFX "\n", branch_target_addr);
         if (fault_pc == branch_target_addr)
@@ -123,7 +125,8 @@ handle_signal(int signal, siginfo_t *siginfo, ucontext_t *ucxt)
         /* CPU has FEAT_FPACCOMBINE so the branch instruction generated an authentication
          * failure exception and the fault PC should match the branch instruction address.
          */
-        const uintptr_t fault_pc = ucxt->uc_mcontext.pc;
+        const uintptr_t fault_pc =
+            IF_MACOS_ELSE(ucxt->uc_mcontext->__ss.__pc, ucxt->uc_mcontext.pc);
         LOG("    fault_pc =          " PFX "\n", fault_pc);
         LOG("    branch_instr_addr = " PFX "\n", branch_instr_addr);
         if (fault_pc == branch_instr_addr)

diff --git a/suite/tests/tools.c b/suite/tests/tools.c
@@ -526,6 +526,9 @@ set_check_signal_mask(sigset_t *mask, sigset_t *returned_mask)
 void
 dump_ucontext(ucontext_t *ucxt, bool is_sve, int vl_bytes)
 {
+#            ifdef MACOS
+    assert(false); /* NYI */
+#            else
     struct _aarch64_ctx *head = (struct _aarch64_ctx *)(ucxt->uc_mcontext.RESERVED);
     assert(head->magic == FPSIMD_MAGIC);
     assert(head->size == sizeof(struct fpsimd_context));
@@ -541,7 +544,7 @@ dump_ucontext(ucontext_t *ucxt, bool is_sve, int vl_bytes)
     }
     print("\n");
 
-#            ifndef DR_HOST_NOT_TARGET
+#                ifndef DR_HOST_NOT_TARGET
     if (is_sve) {
         size_t offset = sizeof(struct fpsimd_context);
         struct _aarch64_ctx *next_head =
@@ -621,6 +624,7 @@ dump_ucontext(ucontext_t *ucxt, bool is_sve, int vl_bytes)
             next_head = (struct _aarch64_ctx *)(ucxt->uc_mcontext.RESERVED + offset);
         }
     }
+#                endif
 #            endif
 }
 #        endif