概览

基础

用户态会(x¨¬)è¯?/h2>

调试模式

• 转储文äšg调试
  
  瞬间静态分析，˜q›ç¨‹æ­ÈŠ¶æ€ã€?br/> gdb –core=file

• 交互调试

  1. 调试新进½E?br/> gdb exe
     gdb –args exe [args]

  2. 调试已经˜qè¡Œçš„è¿›½E?br/> gdb –pid= ˜q›ç¨‹å?/p>

  3. 内核调试

3¿Uè°ƒè¯•å·²æœ‰è¿›½E?/h3>

gdb exe

.

gdb –args exe [args]

.

gdb
file exe
run [args]

.

gdb –args gcc a.c -o a

命ä×o(h¨´)行参æ•?/h4>

show args

set args 多次˜qè¡Œè®„¡½®å‘½ä×o(h¨´)行参æ•?/p>

环境变量和执行èµ\å¾?/h2>

path directory

.

show paths

.

show environment [varname]

.

set environment varname[=value] 清除或者设¾|®çŽ¯å¢ƒå˜é‡?/p>

工作目录

¾l§æ‰¿˜q›å…¥gdb工作目录

改变工作目录

cd dirctory

昄¡¤ºè·¯å¾„

pwd

输入输出

info terminal
run > a.txt
tty /dev/ttyb

˜qœç¨‹è°ƒè¯•å¯ç”¨˜q™äº›è¾…助ã€?/p>

inferior 下层 多个˜q›ç¨‹è°ƒè¯•

inferior gdb¾l´æŠ¤çš„一¾pÕdˆ—对象åQŒæ¯ä¸ªinf对应一个调试目标进½E‹ã€?/p>

info inferior 昄¡¤ºä¸‹å±‚信息
NULL ½E‹åºæ²¡æœ‰è·‘或者已¾lç»ˆæ­?br/> clone-inferior -copies 2 复制当前下层2ä»?

(gdb) info inferiors
Num Description Executable
* 1 process 10087 /home/gao/code/a
(gdb) clone-inferior -copies 2
Added inferior 2.
Added inferior 3.
(gdb) info inferiors
Num Description Executable
3 ½E‹åºæ²¡æœ‰è·‘或者已¾lç»ˆæ­? /home/gao/code/a
2 /home/gao/code/a
* 1 process 10087 /home/gao/code/a
(gdb)

切换下程

inferior 2 切换2˜q™ä¸ªä¸‹ç¨‹ã€?br/> ˜q›ç¨‹åäh˜¯0åQŒæ²¡å¼€å§‹è¿è¡Œã€?br/> run ˜qè¡Œèµäh¥ã€?/p>

.

增加一个运行下�/p>

add-inferior -exec executeable 增加一个运行下å±?br/> 比如说调试一个服务端½E‹åºåQŒä¸€ä¸ªå®¢æˆïL(f¨¥ng)«¯½E‹åºã€?/p>

remove-inferior n 删掉一个下å±?br/> detach inferior ¾l§ç®‹˜qè¡Œ quit
kill inferior 调试˜q›ç¨‹é€€äº†ï¼Œä½†æ˜¯inferior¾Uªå½•˜q˜åœ¨ã€?/p>

Tab 帮助

(gdb) remove-
remove-inferiors remove-symbol-file
(gdb) remove-
remove-inferiors remove-symbol-file
(gdb) remove-

file 命ä×o(h¨´)

file a.exe 可自行文件和½W¦å·æ–‡äšg是一个文ä»?/p>

可自行文件和½W¦å·æ–‡äšg分开

exec-file 指定目标文äšg

.

symbol-file 指定½W¦å·æ–‡äšg

run 开始运�
可以支持 run > >> < 重定�

set args 清理命ä×o(h¨´)行参æ•?/p>

附加到进½E?/h2>

gdb –pid= pid

attach pid

¾lˆæ­¢è°ƒè¯•˜q›ç¨‹

detach pid 分离˜q›ç¨‹¾l§ç®‹˜qè¡Œ

.

quit ˜q›ç¨‹é€€å‡?/p>

.

q
ctrl + D

执行控制

断点

软äšg断点

break 普�
tbreak 一‹Æ¡æ€?
rbreak 正则表达式一æ‰ÒŽ(gu¨©)–­ç‚?

• åŸÞZºŽcpu断点指ä×o(h¨´)åQŒx86 int3机器ç ?xccã€?/li>
• 替换断点位置的指ä»?/li>
• CPU自执行这里触发断点异常ã€?/li>
• 没有断点数量限制ã€?/li>

¼‹¬äšg断点

• åŸÞZºŽcpu调试寄存器，dr0～dr7åQŒæ•°é‡é™åˆ¶ã€‚x86可以讑֮š4个断炏V€‚数量限制ã€?/li>
• 不修改代码，在只è¯Õd†…存上讄¡½®æ–­ç‚¹ã€‚EEPROM上的代码讄¡½®ã€?/li>
• 有数量限制ã€?/li>

location

• linespec

1. 行号
2. åQï¼åQ?偏移
3. æ–‡äšgå?åQšè¡Œå?/li>
4. 函数�/li>
5. 函数:标号
6. æ–‡äšg名：(x¨¬)函数

7. 标号

• explicit

1. -source linename
2. -function function
3. -label label

4. -line number

• address location break * address

实践

file banner
b main 中断在main函数
info funciton useage 昄¡¤ºuseage函数地址
info *0x88888e4 直接写地址讑֮šæ–­ç‚¹
info b 昄¡¤ºæ‰€æœ‰æ–­ç‚?
list usage 昄¡¤ºuseage函数
b line.c:11
b +2 当前昄¡¤ºåˆ?4行＋2行所以设定在17è¡?/p>

虚拟æœø™®¾å®šç¡¬ä»¶æ–­ç‚¹ä¼š(x¨¬)å¤ÞpÓ|.
(gdb)hbreak hd_ioctl
(gdb) info b
物理机可以设�

(gdb) hbreak v
Hardware assisted breakpoint 2 at 0x40053a: v. (2 locations)
(gdb) info b
Num Type Disp Enb Address What
1 breakpoint keep y
breakpoint already hit 1 time
1.1 y 0x000000000040054f in main at a.c:10 inf 1
1.2 y 0x000000000040054f in main at a.c:10 inf 2
2 hw breakpoint keep y
2.1 y 0x000000000040053a in v at a.c:4 inf 1
2.2 y 0x000000000040053a in v at a.c:4 inf 2
(gdb)

½Ž¡ç†æ–­ç‚¹

info b 昄¡¤ºæ–­ç‚¹
delete 1 删除
disable 1
enable 1
delete 删除所有的断点
clear sum 删除sum函数入口的所有断�/p>

扩展断点

watchpoint 监视一个表辑ּåQŒå€¼å˜åŒ–中断ã€?/p>

watch aåQŠbåQ‹cåQd
watch *( int * )

watch fd 监控局部变量fd
c ¾l§ç®‹˜qè¡Œ
info b //
注意åQŒx86¼‹¬äšg调试åQŒå†™æ“ä½œåQŒæ‰§è¡Œè¿‡˜q™ä¸€è¡Œï¼Œgdb昄¡¤ºä¸‹ä¸€è¡Œï¼Œè¦çœ‹ä¸Šä¸€è¡Œã€‚hw watchpointåQŒåœ¨x86òq›_°wachtpointåŸÞZºŽ¼‹¬äšg实现åQŒå…¶ä»–åã^台可能是åŸÞZºŽè½¯äšg实现ã€?vc6¾U¯èÊY件执行，执行目标速度低ã€?br/> 执行位置­‘…过当前区域åQŒæ— æ•ˆç›‘视点ä¼?x¨¬)被删除ã€?/p>

讉K—®ç›‘视ç‚?br/> rwatch è¯Õdœä¸‹æ¥ã€?
awatch è¯ÀLˆ–写停下来ã€?awatch fd
watch -l

b hd_ioctl thread 1

info threads 带＊ 当前¾U¿ç¨‹

¾Jå¿™å‡½æ•°è§£å†³æ–ÒŽ(gu¨©)¡ˆ

b hd_ioctl thread 1 if fd > 0

当断点，断了后执行命�br/> ()command 12
()silent
()print “fd is %d\n”,fd
()continue
()end

动态ping不修改代码�/p>

tracepoint ˜qœç¨‹ä¸ÀLœºé€šè®¯è°ƒè¯•åQŒå‰ç«¯stub立刻恢复执行åQŒä½†ä¼?x¨¬)记录下来ã€?/p>

catchpoint

执行控制

˜q›å…¥å­å‡½æ•°å†…部。单æ­?step

汇编 stepi

stepi 4
¾cÖM¼¼nexti

不要˜q›å…¥å­å‡½æ•?

next

¾l§ç®‹æ‰§è¡Œ

continue

è·‘è“v来直åˆ?åäh–­ç‚¹å‘½ä¸?/p>

until 3
è·‘è“v来直åˆ?åäh–­ç‚¹å‘½ä¸­ï¼Œå¿«æ·¼›æ­¢å…¶ä»–断点ã€?/p>

恢复执行直到函数˜q”回ã€?/p>

finish

调用函数åQ?/h3>

gdb 杜撰代码调用函数ã€?br/> call sumåQ?åQ?åQ?…

强制˜q”回

强制main函数 return�br/> return 1

触发中断

异常或断点进入调试器ã€?br/> 调试器发起中断，让程序中断下来。ctrlåQ‹CåQŒapp收到中断信号åQŒè¿›å…¥è°ƒè¯•å™¨ã€?/p>

½W¦å·

调试器读åŒ?调试½W¦å·ã€?/p>

二进åˆÓž¼è°ƒè¯•½W¦å·åQæºç ?/p>

linux dwarf 存储调试½W¦å·ä¿¡æ¯ã€‚gcc

readelf -h filename
里面如果有line location debug标示

readelf -w 导出调试文äšg

gcc -g 才能输出½W¦å·

ubuntu ½W¦å·æœåŠ¡å™?
< ddebs.ubuntu.com/pool/main/>
分离操作
strip

安装ubunteçš„linux 内核½W¦å·
https://askubuntu.com/questions/197016/how-to-install-a-package-that-contains-ubuntu-kernel-debug-symbols

安装libc½W¦å·

dpkg -s /lib/x86_64-linux-gun/libc-2.15.so
dpkg -s libc.so.6
sudo apt-get -c aptproxy.conf install libc6-dbg

libc 调试½W¦å·

sudo apt-get install libc6-dbg

½W¦å·è·¯å¾„

gdb 使用file æˆ?symbolåQfile 加蝲½W¦å·æ–‡äšg
自动搜烦 path 路径

åQˆgdbåQ‰i share
* å…׃ín库没调试信息

搜烦½W¦å·
info vaiables regex ¾cÕdåQå‡½æ•°ååQå˜é‡å

内存地址与符号互�/h3>

info addriess 函数�/p>

info symbol 地址

(gdb) info address main
Symbol “main” is a function at address 0x400547.
(gdb) info symbol 0x400547
main in section .text of /home/gao/code/a

.

info os

查看加蝲的文件内存位¾|?/p>

info files

列出全局变量

info variable
info va

昄¡¤ºæºç 

list
list -
dir 源码路径
show dir

常用命ä×o(h¨´)源码

安装¾pȝ»Ÿå·¥å…·æºç å’Œè°ƒè¯?/p>

apt-get source coreutils
sudo apt-get install coreutils-dbgsym
gdb /bin/ls
list main
dir ~/src/coreutils-7.4/src
list main

libc

sudo apt-get source libc6-dev
/home/ge/eglibc-2.15

dir 搜烦路径 åQšåˆ†å‰?br/> $cdir ¾~–译路径
cwd 当前工作路径

查看调试目标

观察寄存�br/> info reg

�br/> 子函数返回地址
函数参数
局部变�/p>

bt n 观察函数˜q”回地址
frame n 切换栈å“á
up n
down n
info frame åQ»addressåQ?br/> info args
info locals

注意åQŒåˆ‡æ¢æ ˆå¸§ä¹‹åŽå¯èƒ½ä¼š(x¨¬)发生åQŒæœ¬åœ°å˜é‡å€ég¸å‡†ç¡®åQŒå› ä¸ºå€¼å­˜åœ¨å¯„存器中需要小心ã€?/p>

观察内存
print

p /f 表达� 表达式要打印位置
xduotcf

x

x /Nuf
N 打印几个单元
u 每个单元大小 b-1byte w-2byte h-4byte g-8byte

f s字符串i指ä×o(h¨´)格式

x/s 0xfffff81946000 打印字符�/p>

x /32bx arg bit 16¼›åˆ¶

(gdb) x /32bx &i
0x7fffffffc76c: 0x01 0x00 0x00 0x00 0x70 0x05 0x40 0x00
0x7fffffffc774: 0x00 0x00 0x00 0x00 0x40 0xfa 0xa2 0xf7
0x7fffffffc77c: 0xff 0x7f 0x00 0x00 0x58 0xc8 0xff 0xff
0x7fffffffc784: 0xff 0x7f 0x00 0x00 0x58 0xc8 0xff 0xff
(gdb)

p arg[0]
p arg[i]

p *&a[0]@10 a0数组开始的10个元�/p>

反汇¾~?/p>

disas main main反汇¾~–代ç ?br/> x/5i schedule ˜q™ä¸ªåœ°å€å¼€å§‹çš„5条汇¾~–指令ã€?/p>

gdb mov 从左往双™µ‹å€¼at&t汇编ã€?/p>

高çñ”技å·?/h2>

信号

• info signals 异常åQåŒæ­¥ï¼ä¸­æ–­

stop 要不要中断下来看
printf 打印信息
pass 要不要传递给应用½E‹åºã€?/p>

• handle 修改规则 handle signal act print noprint stop nostop pass nopass

handle SIGPIPE 不要中断下来åQŒæ‰“åîC¸€ä¸ªä¿¡æ¯ï¼Œ¾|‘络½E‹åºå¸¸ç”¨

(gdb) handle SIGPIPE nostop
Signal Stop Print Pass to program Description
SIGPIPE No Yes Yes Broken pipe

Thread

info threads

LWPåQlight weight process ¾U¿ç¨‹¾~–号ã€?br/> * gdb当前¾U¿ç¨‹

切换当前¾U¿ç¨‹

thread 2

打印所有线½E?/p>

thread apply all bt 针对一¾Ÿ¤çº¿½E‹çš„命ä×o(h¨´)避免切换来看ã€?/p>

¾U¿ç¨‹æ”¹åå­?/p>

thread name åQ»nameåQ?/p>

我自å·Þq»éª?LWP 可以很好的观察线½E‹è´Ÿè½½æƒ…å†üc(di¨£n)€?/p>

参考资料：(x¨¬)
Object-oriented Programming with ANSI-C
1993òqß_(d¨¢)¼Œ½W¬ä¸€ä»½c如何¾~–写OO的资æ–?free.
OOC.PDF
https://www.cs.rit.edu/~ats/books/ooc.pdf

中文¾˜»è¯‘åQ?br/> https://code.google.com/p/ooc/downloads/detail?name=ooc-translate-preview-r26.pdf&can=2&q=

轻量¾U§çš„C语言面向对象¾~–程框架
http://sinojelly.blog.51cto.com/479153/281184

UML—OOPC嵌入式C语言开发精�br/> 里面有一套框架可�c写OO.
http://pan.baidu.com/share/link?shareid=3402978666&uk=3188261067&adapt=pc&fr=ftw#path=%252FC%25E8%25AF%25AD%25E8%25A8%2580

你试˜q‡è¿™æ ·å†™C(j¨©)½E‹åºå?åQï¼å‡½æ•°å¼ç¼–½E?br/> < >

我所偏爱çš?C 语言面向对象¾~–程范式åQï¼äº‘风
http://blog.codingnow.com/2010/03/object_oriented_programming_in_c.html

C语言面向对象¾~–程 -- 6½‹‡ä¸“æ ?br/> http://blog.csdn.net/column/details/object-orient-c.html

** valgrind --tool=cachegrind ./test2**

code1:

#include <stdio.h>
#define MAXROW 8000
#define MAXCOL 8000
int main () {
int i,j;
 static int x[MAXROW][MAXCOL];
 printf ("Starting!\n");
       for (i=0;i<MAXROW;i++)
       for (j=0;j<MAXCOL;j++)
              x[i][j] = i*j;
             printf("Completed!\n");
return 0;                                                    
 }

code2:

#include <stdio.h>                                                         
 #define MAXROW 8000
 #define MAXCOL 8000
 int main () {
 int i,j;
 static int x[MAXROW][MAXCOL];
 printf ("Starting!\n");
          for (j=0;j<MAXCOL;j++)
                         for (i=0;i<MAXROW;i++)
                 x[i][j] = i*j;
 printf("Completed!\n");
 return 0;
 }
 ```

##¾l“æžœ

Command: ./test1
Starting!
Completed!

I refs: 905,721,688
I1 misses: 4,177
LLi misses: 2,808
I1 miss rate: 0.00%
LLi miss rate: 0.00%

D refs: 514,830,867 (386,118,735 rd + 128,712,132 wr)
D1 misses: 4,025,828 ( 23,565 rd + 4,002,263 wr)
LLd misses: 4,008,456 ( 6,997 rd + 4,001,459 wr)

D1 miss rate: 0.8% ( 0.0% + 3.1% )
LLd miss rate: 0.8% ( 0.0% + 3.1% )

LL refs: 4,030,005 ( 27,742 rd + 4,002,263 wr)
LL misses: 4,011,264 ( 9,805 rd + 4,001,459 wr)
LL miss rate: 0.3% ( 0.0% + 3.1% )

gcc -o test2 test2.c
** valgrind --tool=cachegrind ./test2**

I refs: 905,720,801
I1 misses: 4,113
LLi misses: 2,811
I1 miss rate: 0.00%
LLi miss rate: 0.00%

D refs: 514,830,348 (386,118,427 rd + 128,711,921 wr)
D1 misses: 64,025,705 ( 23,462 rd + 64,002,243 wr)
LLd misses: 4,016,427 ( 6,977 rd + 4,009,450 wr)
D1 miss rate: 12.4% ( 0.0% + 49.7% )
LLd miss rate: 0.8% ( 0.0% + 3.1% )

LL refs: 64,029,818 ( 27,575 rd + 64,002,243 wr)
LL misses: 4,019,238 ( 9,788 rd + 4,009,450 wr)
LL miss rate: 0.3% ( 0.0% + 3.1% )

Starting!
Completed!
```

参考：(x¨¬)

valgrind调试CPU¾~“存命中率和内存泄漏
http://laoxu.blog.51cto.com/4120547/1395236