This is the Tenth Edition, of Debugging with gdb: the gnu Source-Level Debugger for gdb Version 7.10 for GNAT Pro 19.0w.
Copyright © 1988-2015 Free Software Foundation, Inc.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being “Free Software” and “Free Software Needs Free Documentation”, with the Front-Cover Texts being “A GNU Manual,” and with the Back-Cover Texts as in (a) below.
(a) The FSF's Back-Cover Text is: “You are free to copy and modify this GNU Manual. Buying copies from GNU Press supports the FSF in developing GNU and promoting software freedom.”
This file describes gdb, the gnu symbolic debugger.
This is the Tenth Edition, for gdb Version 7.10 for GNAT Pro 19.0w.
Copyright (C) 1988-2015 Free Software Foundation, Inc.
This edition of the GDB manual is dedicated to the memory of Fred Fish. Fred was a long-standing contributor to GDB and to Free software in general. We will miss him.
.gdb_index section format
The purpose of a debugger such as gdb is to allow you to see what is going on “inside” another program while it executes—or what another program was doing at the moment it crashed.
gdb can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:
You can use gdb to debug programs written in C and C++. For more information, see Supported Languages. For more information, see C and C++.
Support for D is partial. For information on D, see D.
Support for Modula-2 is partial. For information on Modula-2, see Modula-2.
Support for OpenCL C is partial. For information on OpenCL C, see OpenCL C.
Debugging Pascal programs which use sets, subranges, file variables, or nested functions does not currently work. gdb does not support entering expressions, printing values, or similar features using Pascal syntax.
gdb can be used to debug programs written in Fortran, although it may be necessary to refer to some variables with a trailing underscore.
gdb can be used to debug programs written in Objective-C, using either the Apple/NeXT or the GNU Objective-C runtime.
gdb is free software, protected by the gnu General Public License (GPL). The GPL gives you the freedom to copy or adapt a licensed program—but every person getting a copy also gets with it the freedom to modify that copy (which means that they must get access to the source code), and the freedom to distribute further copies. Typical software companies use copyrights to limit your freedoms; the Free Software Foundation uses the GPL to preserve these freedoms.
Fundamentally, the General Public License is a license which says that you have these freedoms and that you cannot take these freedoms away from anyone else.
The biggest deficiency in the free software community today is not in the software—it is the lack of good free documentation that we can include with the free software. Many of our most important programs do not come with free reference manuals and free introductory texts. Documentation is an essential part of any software package; when an important free software package does not come with a free manual and a free tutorial, that is a major gap. We have many such gaps today.
Consider Perl, for instance. The tutorial manuals that people normally use are non-free. How did this come about? Because the authors of those manuals published them with restrictive terms—no copying, no modification, source files not available—which exclude them from the free software world.
That wasn't the first time this sort of thing happened, and it was far from the last. Many times we have heard a GNU user eagerly describe a manual that he is writing, his intended contribution to the community, only to learn that he had ruined everything by signing a publication contract to make it non-free.
Free documentation, like free software, is a matter of freedom, not price. The problem with the non-free manual is not that publishers charge a price for printed copies—that in itself is fine. (The Free Software Foundation sells printed copies of manuals, too.) The problem is the restrictions on the use of the manual. Free manuals are available in source code form, and give you permission to copy and modify. Non-free manuals do not allow this.
The criteria of freedom for a free manual are roughly the same as for free software. Redistribution (including the normal kinds of commercial redistribution) must be permitted, so that the manual can accompany every copy of the program, both on-line and on paper.
Permission for modification of the technical content is crucial too. When people modify the software, adding or changing features, if they are conscientious they will change the manual too—so they can provide accurate and clear documentation for the modified program. A manual that leaves you no choice but to write a new manual to document a changed version of the program is not really available to our community.
Some kinds of limits on the way modification is handled are acceptable. For example, requirements to preserve the original author's copyright notice, the distribution terms, or the list of authors, are ok. It is also no problem to require modified versions to include notice that they were modified. Even entire sections that may not be deleted or changed are acceptable, as long as they deal with nontechnical topics (like this one). These kinds of restrictions are acceptable because they don't obstruct the community's normal use of the manual.
However, it must be possible to modify all the technical content of the manual, and then distribute the result in all the usual media, through all the usual channels. Otherwise, the restrictions obstruct the use of the manual, it is not free, and we need another manual to replace it.
Please spread the word about this issue. Our community continues to lose manuals to proprietary publishing. If we spread the word that free software needs free reference manuals and free tutorials, perhaps the next person who wants to contribute by writing documentation will realize, before it is too late, that only free manuals contribute to the free software community.
If you are writing documentation, please insist on publishing it under the GNU Free Documentation License or another free documentation license. Remember that this decision requires your approval—you don't have to let the publisher decide. Some commercial publishers will use a free license if you insist, but they will not propose the option; it is up to you to raise the issue and say firmly that this is what you want. If the publisher you are dealing with refuses, please try other publishers. If you're not sure whether a proposed license is free, write to licensing@gnu.org.
You can encourage commercial publishers to sell more free, copylefted manuals and tutorials by buying them, and particularly by buying copies from the publishers that paid for their writing or for major improvements. Meanwhile, try to avoid buying non-free documentation at all. Check the distribution terms of a manual before you buy it, and insist that whoever seeks your business must respect your freedom. Check the history of the book, and try to reward the publishers that have paid or pay the authors to work on it.
The Free Software Foundation maintains a list of free documentation published by other publishers, at http://www.fsf.org/doc/other-free-books.html.
Richard Stallman was the original author of gdb, and of many other gnu programs. Many others have contributed to its development. This section attempts to credit major contributors. One of the virtues of free software is that everyone is free to contribute to it; with regret, we cannot actually acknowledge everyone here. The file ChangeLog in the gdb distribution approximates a blow-by-blow account.
Changes much prior to version 2.0 are lost in the mists of time.
Plea: Additions to this section are particularly welcome. If you or your friends (or enemies, to be evenhanded) have been unfairly omitted from this list, we would like to add your names!
So that they may not regard their many labors as thankless, we particularly thank those who shepherded gdb through major releases: Andrew Cagney (releases 6.3, 6.2, 6.1, 6.0, 5.3, 5.2, 5.1 and 5.0); Jim Blandy (release 4.18); Jason Molenda (release 4.17); Stan Shebs (release 4.14); Fred Fish (releases 4.16, 4.15, 4.13, 4.12, 4.11, 4.10, and 4.9); Stu Grossman and John Gilmore (releases 4.8, 4.7, 4.6, 4.5, and 4.4); John Gilmore (releases 4.3, 4.2, 4.1, 4.0, and 3.9); Jim Kingdon (releases 3.5, 3.4, and 3.3); and Randy Smith (releases 3.2, 3.1, and 3.0).
Richard Stallman, assisted at various times by Peter TerMaat, Chris Hanson, and Richard Mlynarik, handled releases through 2.8.
Michael Tiemann is the author of most of the gnu C++ support in gdb, with significant additional contributions from Per Bothner and Daniel Berlin. James Clark wrote the gnu C++ demangler. Early work on C++ was by Peter TerMaat (who also did much general update work leading to release 3.0).
gdb uses the BFD subroutine library to examine multiple object-file formats; BFD was a joint project of David V. Henkel-Wallace, Rich Pixley, Steve Chamberlain, and John Gilmore.
David Johnson wrote the original COFF support; Pace Willison did the original support for encapsulated COFF.
Brent Benson of Harris Computer Systems contributed DWARF 2 support.
Adam de Boor and Bradley Davis contributed the ISI Optimum V support. Per Bothner, Noboyuki Hikichi, and Alessandro Forin contributed MIPS support. Jean-Daniel Fekete contributed Sun 386i support. Chris Hanson improved the HP9000 support. Noboyuki Hikichi and Tomoyuki Hasei contributed Sony/News OS 3 support. David Johnson contributed Encore Umax support. Jyrki Kuoppala contributed Altos 3068 support. Jeff Law contributed HP PA and SOM support. Keith Packard contributed NS32K support. Doug Rabson contributed Acorn Risc Machine support. Bob Rusk contributed Harris Nighthawk CX-UX support. Chris Smith contributed Convex support (and Fortran debugging). Jonathan Stone contributed Pyramid support. Michael Tiemann contributed SPARC support. Tim Tucker contributed support for the Gould NP1 and Gould Powernode. Pace Willison contributed Intel 386 support. Jay Vosburgh contributed Symmetry support. Marko Mlinar contributed OpenRISC 1000 support.
Andreas Schwab contributed M68K gnu/Linux support.
Rich Schaefer and Peter Schauer helped with support of SunOS shared libraries.
Jay Fenlason and Roland McGrath ensured that gdb and GAS agree about several machine instruction sets.
Patrick Duval, Ted Goldstein, Vikram Koka and Glenn Engel helped develop remote debugging. Intel Corporation, Wind River Systems, AMD, and ARM contributed remote debugging modules for the i960, VxWorks, A29K UDI, and RDI targets, respectively.
Brian Fox is the author of the readline libraries providing command-line editing and command history.
Andrew Beers of SUNY Buffalo wrote the language-switching code, the Modula-2 support, and contributed the Languages chapter of this manual.
Fred Fish wrote most of the support for Unix System Vr4. He also enhanced the command-completion support to cover C++ overloaded symbols.
Hitachi America (now Renesas America), Ltd. sponsored the support for H8/300, H8/500, and Super-H processors.
NEC sponsored the support for the v850, Vr4xxx, and Vr5xxx processors.
Mitsubishi (now Renesas) sponsored the support for D10V, D30V, and M32R/D processors.
Toshiba sponsored the support for the TX39 Mips processor.
Matsushita sponsored the support for the MN10200 and MN10300 processors.
Fujitsu sponsored the support for SPARClite and FR30 processors.
Kung Hsu, Jeff Law, and Rick Sladkey added support for hardware watchpoints.
Michael Snyder added support for tracepoints.
Stu Grossman wrote gdbserver.
Jim Kingdon, Peter Schauer, Ian Taylor, and Stu Grossman made nearly innumerable bug fixes and cleanups throughout gdb.
The following people at the Hewlett-Packard Company contributed support for the PA-RISC 2.0 architecture, HP-UX 10.20, 10.30, and 11.0 (narrow mode), HP's implementation of kernel threads, HP's aC++ compiler, and the Text User Interface (nee Terminal User Interface): Ben Krepp, Richard Title, John Bishop, Susan Macchia, Kathy Mann, Satish Pai, India Paul, Steve Rehrauer, and Elena Zannoni. Kim Haase provided HP-specific information in this manual.
DJ Delorie ported gdb to MS-DOS, for the DJGPP project. Robert Hoehne made significant contributions to the DJGPP port.
Cygnus Solutions has sponsored gdb maintenance and much of its development since 1991. Cygnus engineers who have worked on gdb fulltime include Mark Alexander, Jim Blandy, Per Bothner, Kevin Buettner, Edith Epstein, Chris Faylor, Fred Fish, Martin Hunt, Jim Ingham, John Gilmore, Stu Grossman, Kung Hsu, Jim Kingdon, John Metzler, Fernando Nasser, Geoffrey Noer, Dawn Perchik, Rich Pixley, Zdenek Radouch, Keith Seitz, Stan Shebs, David Taylor, and Elena Zannoni. In addition, Dave Brolley, Ian Carmichael, Steve Chamberlain, Nick Clifton, JT Conklin, Stan Cox, DJ Delorie, Ulrich Drepper, Frank Eigler, Doug Evans, Sean Fagan, David Henkel-Wallace, Richard Henderson, Jeff Holcomb, Jeff Law, Jim Lemke, Tom Lord, Bob Manson, Michael Meissner, Jason Merrill, Catherine Moore, Drew Moseley, Ken Raeburn, Gavin Romig-Koch, Rob Savoye, Jamie Smith, Mike Stump, Ian Taylor, Angela Thomas, Michael Tiemann, Tom Tromey, Ron Unrau, Jim Wilson, and David Zuhn have made contributions both large and small.
Andrew Cagney, Fernando Nasser, and Elena Zannoni, while working for Cygnus Solutions, implemented the original gdb/mi interface.
Jim Blandy added support for preprocessor macros, while working for Red Hat.
Andrew Cagney designed gdb's architecture vector. Many people including Andrew Cagney, Stephane Carrez, Randolph Chung, Nick Duffek, Richard Henderson, Mark Kettenis, Grace Sainsbury, Kei Sakamoto, Yoshinori Sato, Michael Snyder, Andreas Schwab, Jason Thorpe, Corinna Vinschen, Ulrich Weigand, and Elena Zannoni, helped with the migration of old architectures to this new framework.
Andrew Cagney completely re-designed and re-implemented gdb's unwinder framework, this consisting of a fresh new design featuring frame IDs, independent frame sniffers, and the sentinel frame. Mark Kettenis implemented the dwarf 2 unwinder, Jeff Johnston the libunwind unwinder, and Andrew Cagney the dummy, sentinel, tramp, and trad unwinders. The architecture-specific changes, each involving a complete rewrite of the architecture's frame code, were carried out by Jim Blandy, Joel Brobecker, Kevin Buettner, Andrew Cagney, Stephane Carrez, Randolph Chung, Orjan Friberg, Richard Henderson, Daniel Jacobowitz, Jeff Johnston, Mark Kettenis, Theodore A. Roth, Kei Sakamoto, Yoshinori Sato, Michael Snyder, Corinna Vinschen, and Ulrich Weigand.
Christian Zankel, Ross Morley, Bob Wilson, and Maxim Grigoriev from Tensilica, Inc. contributed support for Xtensa processors. Others who have worked on the Xtensa port of gdb in the past include Steve Tjiang, John Newlin, and Scott Foehner.
Michael Eager and staff of Xilinx, Inc., contributed support for the Xilinx MicroBlaze architecture.
You can use this manual at your leisure to read all about gdb. However, a handful of commands are enough to get started using the debugger. This chapter illustrates those commands.
One of the preliminary versions of gnu m4 (a generic macro
processor) exhibits the following bug: sometimes, when we change its
quote strings from the default, the commands used to capture one macro
definition within another stop working. In the following short m4
session, we define a macro foo which expands to 0000; we
then use the m4 built-in defn to define bar as the
same thing. However, when we change the open quote string to
<QUOTE> and the close quote string to <UNQUOTE>, the same
procedure fails to define a new synonym baz:
$ cd gnu/m4
$ ./m4
define(foo,0000)
foo
0000
define(bar,defn(`foo'))
bar
0000
changequote(<QUOTE>,<UNQUOTE>)
define(baz,defn(<QUOTE>foo<UNQUOTE>))
baz
Ctrl-d
m4: End of input: 0: fatal error: EOF in string
Let us use gdb to try to see what is going on.
$ gdb m4
gdb is free software and you are welcome to distribute copies
of it under certain conditions; type "show copying" to see
the conditions.
There is absolutely no warranty for gdb; type "show warranty"
for details.
gdb 7.10 for GNAT Pro 19.0w, Copyright 1999 Free Software Foundation, Inc...
(gdb)
gdb reads only enough symbol data to know where to find the rest when needed; as a result, the first prompt comes up very quickly. We now tell gdb to use a narrower display width than usual, so that examples fit in this manual.
(gdb) set width 70
We need to see how the m4 built-in changequote works.
Having looked at the source, we know the relevant subroutine is
m4_changequote, so we set a breakpoint there with the gdb
break command.
(gdb) break m4_changequote
Breakpoint 1 at 0x62f4: file builtin.c, line 879.
Using the run command, we start m4 running under gdb
control; as long as control does not reach the m4_changequote
subroutine, the program runs as usual:
(gdb) run
Starting program: /work/Editorial/gdb/gnu/m4/m4
define(foo,0000)
foo
0000
To trigger the breakpoint, we call changequote. gdb
suspends execution of m4, displaying information about the
context where it stops.
changequote(<QUOTE>,<UNQUOTE>)
Breakpoint 1, m4_changequote (argc=3, argv=0x33c70)
at builtin.c:879
879 if (bad_argc(TOKEN_DATA_TEXT(argv[0]),argc,1,3))
Now we use the command n (next) to advance execution to
the next line of the current function.
(gdb) n
882 set_quotes((argc >= 2) ? TOKEN_DATA_TEXT(argv[1])\
: nil,
set_quotes looks like a promising subroutine. We can go into it
by using the command s (step) instead of next.
step goes to the next line to be executed in any
subroutine, so it steps into set_quotes.
(gdb) s
set_quotes (lq=0x34c78 "<QUOTE>", rq=0x34c88 "<UNQUOTE>")
at input.c:530
530 if (lquote != def_lquote)
The display that shows the subroutine where m4 is now
suspended (and its arguments) is called a stack frame display. It
shows a summary of the stack. We can use the backtrace
command (which can also be spelled bt), to see where we are
in the stack as a whole: the backtrace command displays a
stack frame for each active subroutine.
(gdb) bt
#0 set_quotes (lq=0x34c78 "<QUOTE>", rq=0x34c88 "<UNQUOTE>")
at input.c:530
#1 0x6344 in m4_changequote (argc=3, argv=0x33c70)
at builtin.c:882
#2 0x8174 in expand_macro (sym=0x33320) at macro.c:242
#3 0x7a88 in expand_token (obs=0x0, t=209696, td=0xf7fffa30)
at macro.c:71
#4 0x79dc in expand_input () at macro.c:40
#5 0x2930 in main (argc=0, argv=0xf7fffb20) at m4.c:195
We step through a few more lines to see what happens. The first two
times, we can use ‘s’; the next two times we use n to avoid
falling into the xstrdup subroutine.
(gdb) s
0x3b5c 532 if (rquote != def_rquote)
(gdb) s
0x3b80 535 lquote = (lq == nil || *lq == '\0') ? \
def_lquote : xstrdup(lq);
(gdb) n
536 rquote = (rq == nil || *rq == '\0') ? def_rquote\
: xstrdup(rq);
(gdb) n
538 len_lquote = strlen(rquote);
The last line displayed looks a little odd; we can examine the variables
lquote and rquote to see if they are in fact the new left
and right quotes we specified. We use the command p
(print) to see their values.
(gdb) p lquote
$1 = 0x35d40 "<QUOTE>"
(gdb) p rquote
$2 = 0x35d50 "<UNQUOTE>"
lquote and rquote are indeed the new left and right quotes.
To look at some context, we can display ten lines of source
surrounding the current line with the l (list) command.
(gdb) l
533 xfree(rquote);
534
535 lquote = (lq == nil || *lq == '\0') ? def_lquote\
: xstrdup (lq);
536 rquote = (rq == nil || *rq == '\0') ? def_rquote\
: xstrdup (rq);
537
538 len_lquote = strlen(rquote);
539 len_rquote = strlen(lquote);
540 }
541
542 void
Let us step past the two lines that set len_lquote and
len_rquote, and then examine the values of those variables.
(gdb) n
539 len_rquote = strlen(lquote);
(gdb) n
540 }
(gdb) p len_lquote
$3 = 9
(gdb) p len_rquote
$4 = 7
That certainly looks wrong, assuming len_lquote and
len_rquote are meant to be the lengths of lquote and
rquote respectively. We can set them to better values using
the p command, since it can print the value of
any expression—and that expression can include subroutine calls and
assignments.
(gdb) p len_lquote=strlen(lquote)
$5 = 7
(gdb) p len_rquote=strlen(rquote)
$6 = 9
Is that enough to fix the problem of using the new quotes with the
m4 built-in defn? We can allow m4 to continue
executing with the c (continue) command, and then try the
example that caused trouble initially:
(gdb) c
Continuing.
define(baz,defn(<QUOTE>foo<UNQUOTE>))
baz
0000
Success! The new quotes now work just as well as the default ones. The
problem seems to have been just the two typos defining the wrong
lengths. We allow m4 exit by giving it an EOF as input:
Ctrl-d
Program exited normally.
The message ‘Program exited normally.’ is from gdb; it
indicates m4 has finished executing. We can end our gdb
session with the gdb quit command.
(gdb) quit
This chapter discusses how to start gdb, and how to get out of it. The essentials are:
Invoke gdb by running the program gdb. Once started,
gdb reads commands from the terminal until you tell it to exit.
You can also run gdb with a variety of arguments and options,
to specify more of your debugging environment at the outset.
The command-line options described here are designed to cover a variety of situations; in some environments, some of these options may effectively be unavailable.
The most usual way to start gdb is with one argument, specifying an executable program:
gdb program
You can also start with both an executable program and a core file specified:
gdb program core
You can, instead, specify a process ID as a second argument, if you want to debug a running process:
gdb program 1234
would attach gdb to process 1234 (unless you also have a file
named 1234; gdb does check for a core file first).
Taking advantage of the second command-line argument requires a fairly complete operating system; when you use gdb as a remote debugger attached to a bare board, there may not be any notion of “process”, and there is often no way to get a core dump. gdb will warn you if it is unable to attach or to read core dumps.
You can optionally have gdb pass any arguments after the
executable file to the inferior using --args. This option stops
option processing.
gdb --args gcc -O2 -c foo.c
This will cause gdb to debug gcc, and to set
gcc's command-line arguments (see Arguments) to ‘-O2 -c foo.c’.
You can run gdb without printing the front material, which describes
gdb's non-warranty, by specifying --silent
(or -q/--quiet):
gdb --silent
You can further control how gdb starts up by using command-line options. gdb itself can remind you of the options available.
Type
gdb -help
to display all available options and briefly describe their use (‘gdb -h’ is a shorter equivalent).
All options and command line arguments you give are processed in sequential order. The order makes a difference when the ‘-x’ option is used.
When gdb starts, it reads any arguments other than options as specifying an executable file and core file (or process ID). This is the same as if the arguments were specified by the ‘-se’ and ‘-c’ (or ‘-p’) options respectively. (gdb reads the first argument that does not have an associated option flag as equivalent to the ‘-se’ option followed by that argument; and the second argument that does not have an associated option flag, if any, as equivalent to the ‘-c’/‘-p’ option followed by that argument.) If the second argument begins with a decimal digit, gdb will first attempt to attach to it as a process, and if that fails, attempt to open it as a corefile. If you have a corefile whose name begins with a digit, you can prevent gdb from treating it as a pid by prefixing it with ./, e.g. ./12345.
If gdb has not been configured to included core file support, such as for most embedded targets, then it will complain about a second argument and ignore it.
Many options have both long and short forms; both are shown in the following list. gdb also recognizes the long forms if you truncate them, so long as enough of the option is present to be unambiguous. (If you prefer, you can flag option arguments with ‘--’ rather than ‘-’, though we illustrate the more usual convention.)
-symbols file-s file-exec file-e file-se file-core file-c file-pid number-p numberattach command.
-command file-x filesource command would.
See Command files.
-eval-command command-ex commandThis option may be used multiple times to call multiple commands. It may also be interleaved with ‘-command’ as required.
gdb -ex 'target sim' -ex 'load' \
-x setbreakpoints -ex 'run' a.out
-init-command file-ix file-init-eval-command command-iex command-directory directory-d directory-r-readnow--readneverThis option is currently limited to debug information in DWARF format. For all other format, this option has no effect.
You can run gdb in various alternative modes—for example, in batch mode or quiet mode.
-nx-n--with-system-gdbinit
configure option (see System-wide configuration).
It is loaded first when gdb starts, before command line options
have been processed.
-x and
-ex have been processed. Command line options -x and
-ex are processed last, after ./.gdbinit has been loaded.
For further documentation on startup processing, See Startup. For documentation on how to write command files, See Command Files.
-nh-quiet-silent-q-batch0 after processing all the
command files specified with ‘-x’ (and all commands from
initialization files, if not inhibited with ‘-n’). Exit with
nonzero status if an error occurs in executing the gdb commands
in the command files. Batch mode also disables pagination, sets unlimited
terminal width and height see Screen Size, and acts as if set confirm
off were in effect (see Messages/Warnings).
Batch mode may be useful for running gdb as a filter, for example to download and run a program on another computer; in order to make this more useful, the message
Program exited normally.
(which is ordinarily issued whenever a program running under
gdb control terminates) is not issued when running in batch
mode.
-batch-silentstdout is prevented (stderr is
unaffected). This is much quieter than ‘-silent’ and would be useless
for an interactive session.
This is particularly useful when using targets that give ‘Loading section’ messages, for example.
Note that targets that give their output via gdb, as opposed to
writing directly to stdout, will also be made silent.
-return-child-resultThis option is useful in conjunction with ‘-batch’ or ‘-batch-silent’,
when gdb is being used as a remote program loader or simulator
interface.
-nowindows-nw-windows-w-cd directory-data-directory directory-D directory-fullname-f-annotate levelThe annotation mechanism has largely been superseded by gdb/mi
(see GDB/MI).
--args-baud bps-b bps-l timeout-tty device-t device-tui-interpreter interp‘--interpreter=mi’ (or ‘--interpreter=mi2’) causes
gdb to use the gdb/mi interface (see The gdb/mi Interface) included since gdb version 6.0. The
previous gdb/mi interface, included in gdb version 5.3 and
selected with ‘--interpreter=mi1’, is deprecated. Earlier
gdb/mi interfaces are no longer supported.
-write-statistics-version-configurationHere's the description of what gdb does during session startup:
If you wish to disable the auto-loading during startup, you must do something like the following:
$ gdb -iex "set auto-load python-scripts off" myprogram
Option ‘-ex’ does not work because the auto-loading is then turned off too late.
Init files use the same syntax as command files (see Command Files) and are processed by gdb in the same way. The init file in your home directory can set options (such as ‘set complaints’) that affect subsequent processing of command line options and operands. Init files are not executed if you use the ‘-nx’ option (see Choosing Modes).
To display the list of init files loaded by gdb at startup, you can use gdb --help.
The gdb init files are normally called .gdbinit. The DJGPP port of gdb uses the name gdb.ini, due to the limitations of file names imposed by DOS filesystems. The Windows port of gdb uses the standard name, but if it finds a gdb.ini file in your home directory, it warns you about that and suggests to rename the file to the standard name.
quit [expression]qquit command (abbreviated
q), or type an end-of-file character (usually Ctrl-d). If you
do not supply expression, gdb will terminate normally;
otherwise it will terminate using the result of expression as the
error code.
An interrupt (often Ctrl-c) does not exit from gdb, but rather terminates the action of any gdb command that is in progress and returns to gdb command level. It is safe to type the interrupt character at any time because gdb does not allow it to take effect until a time when it is safe.
If you have been using gdb to control an attached process or
device, you can release it with the detach command
(see Debugging an Already-running Process).
If you need to execute occasional shell commands during your
debugging session, there is no need to leave or suspend gdb; you can
just use the shell command.
shell command-string!command-string! and command-string.
If it exists, the environment variable SHELL determines which
shell to run. Otherwise gdb uses the default shell
(/bin/sh on Unix systems, COMMAND.COM on MS-DOS, etc.).
The utility make is often needed in development environments.
You do not have to use the shell command for this purpose in
gdb:
make make-argsmake program with the specified
arguments. This is equivalent to ‘shell make make-args’.
You may want to save the output of gdb commands to a file. There are several commands to control gdb's logging.
set logging onset logging offset logging file fileset logging overwrite [on|off]overwrite if
you want set logging on to overwrite the logfile instead.
set logging redirect [on|off]redirect if you want output to go only to the log file.
show loggingYou can abbreviate a gdb command to the first few letters of the command name, if that abbreviation is unambiguous; and you can repeat certain gdb commands by typing just <RET>. You can also use the <TAB> key to get gdb to fill out the rest of a word in a command (or to show you the alternatives available, if there is more than one possibility).
A gdb command is a single line of input. There is no limit on
how long it can be. It starts with a command name, which is followed by
arguments whose meaning depends on the command name. For example, the
command step accepts an argument which is the number of times to
step, as in ‘step 5’. You can also use the step command
with no arguments. Some commands do not allow any arguments.
gdb command names may always be truncated if that abbreviation is
unambiguous. Other possible command abbreviations are listed in the
documentation for individual commands. In some cases, even ambiguous
abbreviations are allowed; for example, s is specially defined as
equivalent to step even though there are other commands whose
names start with s. You can test abbreviations by using them as
arguments to the help command.
A blank line as input to gdb (typing just <RET>) means to
repeat the previous command. Certain commands (for example, run)
will not repeat this way; these are commands whose unintentional
repetition might cause trouble and which you are unlikely to want to
repeat. User-defined commands can disable this feature; see
dont-repeat.
The list and x commands, when you repeat them with
<RET>, construct new arguments rather than repeating
exactly as typed. This permits easy scanning of source or memory.
gdb can also use <RET> in another way: to partition lengthy
output, in a way similar to the common utility more
(see Screen Size). Since it is easy to press one
<RET> too many in this situation, gdb disables command
repetition after any command that generates this sort of display.
Any text from a # to the end of the line is a comment; it does nothing. This is useful mainly in command files (see Command Files).
The Ctrl-o binding is useful for repeating a complex sequence of commands. This command accepts the current line, like <RET>, and then fetches the next line relative to the current line from the history for editing.
gdb can fill in the rest of a word in a command for you, if there is only one possibility; it can also show you what the valid possibilities are for the next word in a command, at any time. This works for gdb commands, gdb subcommands, and the names of symbols in your program.
Press the <TAB> key whenever you want gdb to fill out the rest of a word. If there is only one possibility, gdb fills in the word, and waits for you to finish the command (or press <RET> to enter it). For example, if you type
(gdb) info bre <TAB>
gdb fills in the rest of the word ‘breakpoints’, since that is
the only info subcommand beginning with ‘bre’:
(gdb) info breakpoints
You can either press <RET> at this point, to run the info
breakpoints command, or backspace and enter something else, if
‘breakpoints’ does not look like the command you expected. (If you
were sure you wanted info breakpoints in the first place, you
might as well just type <RET> immediately after ‘info bre’,
to exploit command abbreviations rather than command completion).
If there is more than one possibility for the next word when you press <TAB>, gdb sounds a bell. You can either supply more characters and try again, or just press <TAB> a second time; gdb displays all the possible completions for that word. For example, you might want to set a breakpoint on a subroutine whose name begins with ‘make_’, but when you type b make_<TAB> gdb just sounds the bell. Typing <TAB> again displays all the function names in your program that begin with those characters, for example:
(gdb) b make_ <TAB>
gdb sounds bell; press <TAB> again, to see:
make_a_section_from_file make_environ make_abs_section make_function_type make_blockvector make_pointer_type make_cleanup make_reference_type make_command make_symbol_completion_list (gdb) b make_
After displaying the available possibilities, gdb copies your partial input (‘b make_’ in the example) so you can finish the command.
If you just want to see the list of alternatives in the first place, you can press M-? rather than pressing <TAB> twice. M-? means <META> ?. You can type this either by holding down a key designated as the <META> shift on your keyboard (if there is one) while typing ?, or as <ESC> followed by ?.
If the number of possible completions is large, gdb will print as much of the list as it has collected, as well as a message indicating that the list may be truncated.
(gdb) b m<TAB><TAB>
main
<... the rest of the possible completions ...>
*** List may be truncated, max-completions reached. ***
(gdb) b m
This behavior can be controlled with the following commands:
set max-completions limitset max-completions unlimitedshow max-completionsSometimes the string you need, while logically a “word”, may contain
parentheses or other characters that gdb normally excludes from
its notion of a word. To permit word completion to work in this
situation, you may enclose words in ' (single quote marks) in
gdb commands.
The most likely situation where you might need this is in typing the
name of a C++ function. This is because C++ allows function
overloading (multiple definitions of the same function, distinguished
by argument type). For example, when you want to set a breakpoint you
may need to distinguish whether you mean the version of name
that takes an int parameter, name(int), or the version
that takes a float parameter, name(float). To use the
word-completion facilities in this situation, type a single quote
' at the beginning of the function name. This alerts
gdb that it may need to consider more information than usual
when you press <TAB> or M-? to request word completion:
(gdb) b 'bubble( M-?
bubble(double,double) bubble(int,int)
(gdb) b 'bubble(
In some cases, gdb can tell that completing a name requires using quotes. When this happens, gdb inserts the quote for you (while completing as much as it can) if you do not type the quote in the first place:
(gdb) b bub <TAB>
gdb alters your input line to the following, and rings a bell:
(gdb) b 'bubble(
In general, gdb can tell that a quote is needed (and inserts it) if you have not yet started typing the argument list when you ask for completion on an overloaded symbol.
For more information about overloaded functions, see C++ Expressions. You can use the command set
overload-resolution off to disable overload resolution;
see gdb Features for C++.
When completing in an expression which looks up a field in a structure, gdb also tries2 to limit completions to the field names available in the type of the left-hand-side:
(gdb) p gdb_stdout.M-?
magic to_fputs to_rewind
to_data to_isatty to_write
to_delete to_put to_write_async_safe
to_flush to_read
This is because the gdb_stdout is a variable of the type
struct ui_file that is defined in gdb sources as
follows:
struct ui_file
{
int *magic;
ui_file_flush_ftype *to_flush;
ui_file_write_ftype *to_write;
ui_file_write_async_safe_ftype *to_write_async_safe;
ui_file_fputs_ftype *to_fputs;
ui_file_read_ftype *to_read;
ui_file_delete_ftype *to_delete;
ui_file_isatty_ftype *to_isatty;
ui_file_rewind_ftype *to_rewind;
ui_file_put_ftype *to_put;
void *to_data;
}
You can always ask gdb itself for information on its commands,
using the command help.
helphhelp (abbreviated h) with no arguments to
display a short list of named classes of commands:
(gdb) help
List of classes of commands:
aliases -- Aliases of other commands
breakpoints -- Making program stop at certain points
data -- Examining data
files -- Specifying and examining files
internals -- Maintenance commands
obscure -- Obscure features
running -- Running the program
stack -- Examining the stack
status -- Status inquiries
support -- Support facilities
tracepoints -- Tracing of program execution without
stopping the program
user-defined -- User-defined commands
Type "help" followed by a class name for a list of
commands in that class.
Type "help" followed by command name for full
documentation.
Command name abbreviations are allowed if unambiguous.
(gdb)
help classstatus:
(gdb) help status
Status inquiries.
List of commands:
info -- Generic command for showing things
about the program being debugged
show -- Generic command for showing things
about the debugger
Type "help" followed by command name for full
documentation.
Command name abbreviations are allowed if unambiguous.
(gdb)
help commandhelp argument, gdb displays a
short paragraph on how to use that command.
apropos argsapropos command searches through all of the gdb
commands, and their documentation, for the regular expression specified in
args. It prints out all matches found. For example:
apropos alias
results in:
alias -- Define a new command that is an alias of an existing command
aliases -- Aliases of other commands
d -- Delete some breakpoints or auto-display expressions
del -- Delete some breakpoints or auto-display expressions
delete -- Delete some breakpoints or auto-display expressions
complete argscomplete args command lists all the possible completions
for the beginning of a command. Use args to specify the beginning of the
command you want completed. For example:
complete i
results in:
if
ignore
info
inspect
This is intended for use by gnu Emacs.
In addition to help, you can use the gdb commands info
and show to inquire about the state of your program, or the state
of gdb itself. Each command supports many topics of inquiry; this
manual introduces each of them in the appropriate context. The listings
under info and under show in the Command, Variable, and
Function Index point to all the sub-commands. See Command and Variable Index.
infoi) is for describing the state of your
program. For example, you can show the arguments passed to a function
with info args, list the registers currently in use with info
registers, or list the breakpoints you have set with info breakpoints.
You can get a complete list of the info sub-commands with
help info.
setset. For example, you can set the gdb prompt to a $-sign with
set prompt $.
showinfo, show is for describing the state of
gdb itself.
You can change most of the things you can show, by using the
related command set; for example, you can control what number
system is used for displays with set radix, or simply inquire
which is currently in use with show radix.
To display all the settable parameters and their current
values, you can use show with no arguments; you may also use
info set. Both commands produce the same display.
Here are several miscellaneous show subcommands, all of which are
exceptional in lacking corresponding set commands:
show versionshow copyinginfo copyingshow warrantyinfo warrantyshow configurationWhen you run a program under gdb, you must first generate debugging information when you compile it.
You may start gdb with its arguments, if any, in an environment of your choice. If you are doing native debugging, you may redirect your program's input and output, debug an already running process, or kill a child process.
In order to debug a program effectively, you need to generate debugging information when you compile it. This debugging information is stored in the object file; it describes the data type of each variable or function and the correspondence between source line numbers and addresses in the executable code.
To request debugging information, specify the ‘-g’ option when you run the compiler.
Programs that are to be shipped to your customers are compiled with optimizations, using the ‘-O’ compiler option. However, some compilers are unable to handle the ‘-g’ and ‘-O’ options together. Using those compilers, you cannot generate optimized executables containing debugging information.
gcc, the gnu C/C++ compiler, supports ‘-g’ with or without ‘-O’, making it possible to debug optimized code. We recommend that you always use ‘-g’ whenever you compile a program. You may think your program is correct, but there is no sense in pushing your luck. For more information, see Optimized Code.
Older versions of the gnu C compiler permitted a variant option ‘-gg’ for debugging information. gdb no longer supports this format; if your gnu C compiler has this option, do not use it.
gdb knows about preprocessor macros and can show you their expansion (see Macros). Most compilers do not include information about preprocessor macros in the debugging information if you specify the -g flag alone. Version 3.1 and later of gcc, the gnu C compiler, provides macro information if you are using the DWARF debugging format, and specify the option -g3.
See Options for Debugging Your Program or GCC, for more information on gcc options affecting debug information.
You will have the best debugging experience if you use the latest version of the DWARF debugging format that your compiler supports. DWARF is currently the most expressive and best supported debugging format in gdb.
runrrun command to start your program under gdb.
You must first specify the program name with an argument to
gdb (see Getting In and Out of gdb), or by using the file or exec-file
command (see Commands to Specify Files).
If you are running your program in an execution environment that
supports processes, run creates an inferior process and makes
that process run your program. In some environments without processes,
run jumps to the start of your program. Other targets,
like ‘remote’, are always running. If you get an error
message like this one:
The "remote" target does not support "run".
Try "help target" or "continue".
then use continue to run your program. You may need load
first (see load).
The execution of a program is affected by certain information it receives from its superior. gdb provides ways to specify this information, which you must do before starting your program. (You can change it after starting your program, but such changes only affect your program the next time you start it.) This information may be divided into four categories:
run command. If a shell is available on your target, the shell
is used to pass the arguments, so that you may use normal conventions
(such as wildcard expansion or variable substitution) in describing
the arguments.
In Unix systems, you can control which shell is used with the
SHELL environment variable. If you do not define SHELL,
gdb uses the default shell (/bin/sh). You can disable
use of any shell with the set startup-with-shell command (see
below for details).
set environment and unset
environment to change parts of the environment that affect
your program. See Your Program's Environment.
cd command in gdb.
See Your Program's Working Directory.
run command line, or you can use the tty command to
set a different device for your program.
See Your Program's Input and Output.
Warning: While input and output redirection work, you cannot use pipes to pass the output of the program you are debugging to another program; if you attempt this, gdb is likely to wind up debugging the wrong program.
When you issue the run command, your program begins to execute
immediately. See Stopping and Continuing, for discussion
of how to arrange for your program to stop. Once your program has
stopped, you may call functions in your program, using the print
or call commands. See Examining Data.
If the modification time of your symbol file has changed since the last time gdb read its symbols, gdb discards its symbol table, and reads it again. When it does this, gdb tries to retain your current breakpoints.
startmain, but
other languages such as Ada do not require a specific name for their
main procedure. The debugger provides a convenient way to start the
execution of the program and to stop at the beginning of the main
procedure, depending on the language used.
The ‘start’ command does the equivalent of setting a temporary breakpoint at the beginning of the main procedure and then invoking the ‘run’ command.
Some programs contain an elaboration phase where some startup code is
executed before the main procedure is called. This depends on the
languages used to write your program. In C++, for instance,
constructors for static and global objects are executed before
main is called. It is therefore possible that the debugger stops
before reaching the main procedure. However, the temporary breakpoint
will remain to halt execution.
Specify the arguments to give to your program as arguments to the ‘start’ command. These arguments will be given verbatim to the underlying ‘run’ command. Note that the same arguments will be reused if no argument is provided during subsequent calls to ‘start’ or ‘run’.
It is sometimes necessary to debug the program during elaboration. In
these cases, using the start command would stop the execution of
your program too late, as the program would have already completed the
elaboration phase. Under these circumstances, insert breakpoints in your
elaboration code before running your program.
set exec-wrapper wrappershow exec-wrapperunset exec-wrapperYou can use any program that eventually calls execve with
its arguments as a wrapper. Several standard Unix utilities do
this, e.g. env and nohup. Any Unix shell script ending
with exec "$@" will also work.
For example, you can use env to pass an environment variable to
the debugged program, without setting the variable in your shell's
environment:
(gdb) set exec-wrapper env 'LD_PRELOAD=libtest.so'
(gdb) run
This command is available when debugging locally on most targets, excluding djgpp, Cygwin, MS Windows, and QNX Neutrino.
set startup-with-shellset startup-with-shell onset startup-with-shell offshow set startup-with-shellrun command are passed to the shell, which does variable
substitution, expands wildcard characters and performs redirection of
I/O. In some circumstances, it may be useful to disable such use of a
shell, for example, when debugging the shell itself or diagnosing
startup failures such as:
(gdb) run
Starting program: ./a.out
During startup program terminated with signal SIGSEGV, Segmentation fault.
which indicates the shell or the wrapper specified with ‘exec-wrapper’ crashed, not your program. Most often, this is caused by something odd in your shell's non-interactive mode initialization file—such as .cshrc for C-shell, $.zshenv for the Z shell, or the file specified in the ‘BASH_ENV’ environment variable for BASH.
set auto-connect-native-targetset auto-connect-native-target onset auto-connect-native-target offshow auto-connect-native-targettarget remote), the run command starts your program as a
native process under gdb, on your local machine. If you're
sure you don't want to debug programs on your local machine, you can
tell gdb to not connect to the native target automatically
with the set auto-connect-native-target off command.
If on, which is the default, and if gdb is not
connected to a target already, the run command automaticaly
connects to the native target, if one is available.
If off, and if gdb is not connected to a target
already, the run command fails with an error:
(gdb) run
Don't know how to run. Try "help target".
If gdb is already connected to a target, gdb always
uses it with the run command.
In any case, you can explicitly connect to the native target with the
target native command. For example,
(gdb) set auto-connect-native-target off
(gdb) run
Don't know how to run. Try "help target".
(gdb) target native
(gdb) run
Starting program: ./a.out
[Inferior 1 (process 10421) exited normally]
In case you connected explicitly to the native target,
gdb remains connected even if all inferiors exit, ready for
the next run command. Use the disconnect command to
disconnect.
Examples of other commands that likewise respect the
auto-connect-native-target setting: attach, info
proc, info os.
set disable-randomizationset disable-randomization onThis feature is implemented only on certain targets, including gnu/Linux. On gnu/Linux you can get the same behavior using
(gdb) set exec-wrapper setarch `uname -m` -R
set disable-randomization offOn targets where it is available, virtual address space randomization protects the programs against certain kinds of security attacks. In these cases the attacker needs to know the exact location of a concrete executable code. Randomizing its location makes it impossible to inject jumps misusing a code at its expected addresses.
Prelinking shared libraries provides a startup performance advantage but it makes addresses in these libraries predictable for privileged processes by having just unprivileged access at the target system. Reading the shared library binary gives enough information for assembling the malicious code misusing it. Still even a prelinked shared library can get loaded at a new random address just requiring the regular relocation process during the startup. Shared libraries not already prelinked are always loaded at a randomly chosen address.
Position independent executables (PIE) contain position independent code similar to the shared libraries and therefore such executables get loaded at a randomly chosen address upon startup. PIE executables always load even already prelinked shared libraries at a random address. You can build such executable using gcc -fPIE -pie.
Heap (malloc storage), stack and custom mmap areas are always placed randomly
(as long as the randomization is enabled).
show disable-randomizationThe arguments to your program can be specified by the arguments of the
run command.
They are passed to a shell, which expands wildcard characters and
performs redirection of I/O, and thence to your program. Your
SHELL environment variable (if it exists) specifies what shell
gdb uses. If you do not define SHELL, gdb uses
the default shell (/bin/sh on Unix).
On non-Unix systems, the program is usually invoked directly by gdb, which emulates I/O redirection via the appropriate system calls, and the wildcard characters are expanded by the startup code of the program, not by the shell.
run with no arguments uses the same arguments used by the previous
run, or those set by the set args command.
set argsset args has no arguments, run executes your program
with no arguments. Once you have run your program with arguments,
using set args before the next run is the only way to run
it again without arguments.
show argsThe environment consists of a set of environment variables and their values. Environment variables conventionally record such things as your user name, your home directory, your terminal type, and your search path for programs to run. Usually you set up environment variables with the shell and they are inherited by all the other programs you run. When debugging, it can be useful to try running your program with a modified environment without having to start gdb over again.
path directoryPATH environment variable
(the search path for executables) that will be passed to your program.
The value of PATH used by gdb does not change.
You may specify several directory names, separated by whitespace or by a
system-dependent separator character (‘:’ on Unix, ‘;’ on
MS-DOS and MS-Windows). If directory is already in the path, it
is moved to the front, so it is searched sooner.
You can use the string ‘$cwd’ to refer to whatever is the current
working directory at the time gdb searches the path. If you
use ‘.’ instead, it refers to the directory where you executed the
path command. gdb replaces ‘.’ in the
directory argument (with the current path) before adding
directory to the search path.
show pathsPATH
environment variable).
show environment [varname]environment as env.
set environment varname [=value]For example, this command:
set env USER = foo
tells the debugged program, when subsequently run, that its user is named ‘foo’. (The spaces around ‘=’ are used for clarity here; they are not actually required.)
Note that on Unix systems, gdb runs your program via a shell,
which also inherits the environment set with set environment.
If necessary, you can avoid that by using the ‘env’ program as a
wrapper instead of using set environment. See set exec-wrapper, for an example doing just that.
unset environment varnameunset environment removes the variable from the environment,
rather than assigning it an empty value.
Warning: On Unix systems, gdb runs your program using
the shell indicated by your SHELL environment variable if it
exists (or /bin/sh if not). If your SHELL variable
names a shell that runs an initialization file when started
non-interactively—such as .cshrc for C-shell, $.zshenv
for the Z shell, or the file specified in the ‘BASH_ENV’
environment variable for BASH—any variables you set in that file
affect your program. You may wish to move setting of environment
variables to files that are only run when you sign on, such as
.login or .profile.
Each time you start your program with run, it inherits its
working directory from the current working directory of gdb.
The gdb working directory is initially whatever it inherited
from its parent process (typically the shell), but you can specify a new
working directory in gdb with the cd command.
The gdb working directory also serves as a default for the commands that specify files for gdb to operate on. See Commands to Specify Files.
cd [directory]pwdIt is generally impossible to find the current working directory of
the process being debugged (since a program can change its directory
during its run). If you work on a system where gdb is
configured with the /proc support, you can use the info
proc command (see SVR4 Process Information) to find out the
current working directory of the debuggee.
By default, the program you run under gdb does input and output to the same terminal that gdb uses. gdb switches the terminal to its own terminal modes to interact with you, but it records the terminal modes your program was using and switches back to them when you continue running your program.
info terminalYou can redirect your program's input and/or output using shell
redirection with the run command. For example,
run > outfile
starts your program, diverting its output to the file outfile.
Another way to specify where your program should do input and output is
with the tty command. This command accepts a file name as
argument, and causes this file to be the default for future run
commands. It also resets the controlling terminal for the child
process, for future run commands. For example,
tty /dev/ttyb
directs that processes started with subsequent run commands
default to do input and output on the terminal /dev/ttyb and have
that as their controlling terminal.
An explicit redirection in run overrides the tty command's
effect on the input/output device, but not its effect on the controlling
terminal.
When you use the tty command or redirect input in the run
command, only the input for your program is affected. The input
for gdb still comes from your terminal. tty is an alias
for set inferior-tty.
You can use the show inferior-tty command to tell gdb to
display the name of the terminal that will be used for future runs of your
program.
set inferior-tty /dev/ttybshow inferior-ttyattach process-idinfo files shows your active
targets.) The command takes as argument a process ID. The usual way to
find out the process-id of a Unix process is with the ps utility,
or with the ‘jobs -l’ shell command.
attach does not repeat if you press <RET> a second time after
executing the command.
To use attach, your program must be running in an environment
which supports processes; for example, attach does not work for
programs on bare-board targets that lack an operating system. You must
also have permission to send the process a signal.
When you use attach, the debugger finds the program running in
the process first by looking in the current working directory, then (if
the program is not found) by using the source file search path
(see Specifying Source Directories). You can also use
the file command to load the program. See Commands to Specify Files.
The first thing gdb does after arranging to debug the specified
process is to stop it. You can examine and modify an attached process
with all the gdb commands that are ordinarily available when
you start processes with run. You can insert breakpoints; you
can step and continue; you can modify storage. If you would rather the
process continue running, you may use the continue command after
attaching gdb to the process.
detachdetach command to release it from gdb control. Detaching
the process continues its execution. After the detach command,
that process and gdb become completely independent once more, and you
are ready to attach another process or start one with run.
detach does not repeat if you press <RET> again after
executing the command.
If you exit gdb while you have an attached process, you detach
that process. If you use the run command, you kill that process.
By default, gdb asks for confirmation if you try to do either of these
things; you can control whether or not you need to confirm by using the
set confirm command (see Optional Warnings and Messages).
killThis command is useful if you wish to debug a core dump instead of a running process. gdb ignores any core dump file while your program is running.
On some operating systems, a program cannot be executed outside gdb
while you have breakpoints set on it inside gdb. You can use the
kill command in this situation to permit running your program
outside the debugger.
The kill command is also useful if you wish to recompile and
relink your program, since on many systems it is impossible to modify an
executable file while it is running in a process. In this case, when you
next type run, gdb notices that the file has changed, and
reads the symbol table again (while trying to preserve your current
breakpoint settings).
gdb lets you run and debug multiple programs in a single session. In addition, gdb on some systems may let you run several programs simultaneously (otherwise you have to exit from one before starting another). In the most general case, you can have multiple threads of execution in each of multiple processes, launched from multiple executables.
gdb represents the state of each program execution with an object called an inferior. An inferior typically corresponds to a process, but is more general and applies also to targets that do not have processes. Inferiors may be created before a process runs, and may be retained after a process exits. Inferiors have unique identifiers that are different from process ids. Usually each inferior will also have its own distinct address space, although some embedded targets may have several inferiors running in different parts of a single address space. Each inferior may in turn have multiple threads running in it.
To find out what inferiors exist at any moment, use info inferiors:
info inferiorsgdb displays for each inferior (in this order):
An asterisk ‘*’ preceding the gdb inferior number indicates the current inferior.
For example,
(gdb) info inferiors
Num Description Executable
2 process 2307 hello
* 1 process 3401 goodbye
To switch focus between inferiors, use the inferior command:
inferior infnoYou can get multiple executables into a debugging session via the
add-inferior and clone-inferior commands. On some
systems gdb can add inferiors to the debug session
automatically by following calls to fork and exec. To
remove inferiors from the debugging session use the
remove-inferiors command.
add-inferior [ -copies n ] [ -exec executable ]file command with the executable name as its argument.
clone-inferior [ -copies n ] [ infno ] (gdb) info inferiors
Num Description Executable
* 1 process 29964 helloworld
(gdb) clone-inferior
Added inferior 2.
1 inferiors added.
(gdb) info inferiors
Num Description Executable
2 <null> helloworld
* 1 process 29964 helloworld
You can now simply switch focus to inferior 2 and run it.
remove-inferiors infno...kill or detach command first.
To quit debugging one of the running inferiors that is not the current
inferior, you can either detach from it by using the detach inferior command (allowing it to run independently), or kill it
using the kill inferiors command:
detach inferior infno...info inferiors,
but its Description will show ‘<null>’.
kill inferiors infno...info inferiors, but its
Description will show ‘<null>’.
After the successful completion of a command such as detach,
detach inferiors, kill or kill inferiors, or after
a normal process exit, the inferior is still valid and listed with
info inferiors, ready to be restarted.
To be notified when inferiors are started or exit under gdb's
control use set print inferior-events:
set print inferior-eventsset print inferior-events onset print inferior-events offset print inferior-events command allows you to enable or
disable printing of messages when gdb notices that new
inferiors have started or that inferiors have exited or have been
detached. By default, these messages will not be printed.
show print inferior-eventsMany commands will work the same with multiple programs as with a
single program: e.g., print myglobal will simply display the
value of myglobal in the current inferior.
Occasionaly, when debugging gdb itself, it may be useful to
get more info about the relationship of inferiors, programs, address
spaces in a debug session. You can do that with the maint info program-spaces command.
maint info program-spacesgdb displays for each program space (in this order):
file command.
An asterisk ‘*’ preceding the gdb program space number indicates the current program space.
In addition, below each program space line, gdb prints extra information that isn't suitable to display in tabular form. For example, the list of inferiors bound to the program space.
(gdb) maint info program-spaces
Id Executable
2 goodbye
Bound inferiors: ID 1 (process 21561)
* 1 hello
Here we can see that no inferior is running the program hello,
while process 21561 is running the program goodbye. On
some targets, it is possible that multiple inferiors are bound to the
same program space. The most common example is that of debugging both
the parent and child processes of a vfork call. For example,
(gdb) maint info program-spaces
Id Executable
* 1 vfork-test
Bound inferiors: ID 2 (process 18050), ID 1 (process 18045)
Here, both inferior 2 and inferior 1 are running in the same program
space as a result of inferior 1 having executed a vfork call.
In some operating systems, such as HP-UX and Solaris, a single program may have more than one thread of execution. The precise semantics of threads differ from one operating system to another, but in general the threads of a single program are akin to multiple processes—except that they share one address space (that is, they can all examine and modify the same variables). On the other hand, each thread has its own registers and execution stack, and perhaps private memory.
gdb provides these facilities for debugging multi-thread programs:
libthread_db to use if the default choice
isn't compatible with the program.
Warning: These facilities are not yet available on every gdb configuration where the operating system supports threads. If your gdb does not support threads, these commands have no effect. For example, a system without thread support shows no output from ‘info threads’, and always rejects thethreadcommand, like this:(gdb) info threads (gdb) thread 1 Thread ID 1 not known. Use the "info threads" command to see the IDs of currently known threads.
The gdb thread debugging facility allows you to observe all threads while your program runs—but whenever gdb takes control, one thread in particular is always the focus of debugging. This thread is called the current thread. Debugging commands show program information from the perspective of the current thread.
Whenever gdb detects a new thread in your program, it displays the target system's identification for the thread with a message in the form ‘[New systag]’, where systag is a thread identifier whose form varies depending on the particular system. For example, on gnu/Linux, you might see
[New Thread 0x41e02940 (LWP 25582)]
when gdb notices a new thread. In contrast, on an SGI system, the systag is simply something like ‘process 368’, with no further qualifier.
For debugging purposes, gdb associates its own thread number—always a single integer—with each thread in your program.
info threads [id...]thread name, below), or, in some cases, by the
program itself.
An asterisk ‘*’ to the left of the gdb thread number indicates the current thread.
For example,
(gdb) info threads
Id Target Id Frame
3 process 35 thread 27 0x34e5 in sigpause ()
2 process 35 thread 23 0x34e5 in sigpause ()
* 1 process 35 thread 13 main (argc=1, argv=0x7ffffff8)
at threadtest.c:68
On Solaris, you can display more information about user threads with a Solaris-specific command:
maint info sol-threadsthread threadno (gdb) thread 2
[Switching to thread 2 (Thread 0xb7fdab70 (LWP 12747))]
#0 some_function (ignore=0x0) at example.c:8
8 printf ("hello\n");
As with the ‘[New ...]’ message, the form of the text after ‘Switching to’ depends on your system's conventions for identifying threads.
The debugger convenience variable ‘$_thread’ contains the number of the current thread. You may find this useful in writing breakpoint conditional expressions, command scripts, and so forth. See See Convenience Variables, for general information on convenience variables.
thread apply [threadno | all [-ascending]] commandthread apply command allows you to apply the named
command to one or more threads. Specify the numbers of the
threads that you want affected with the command argument
threadno. It can be a single thread number, one of the numbers
shown in the first field of the ‘info threads’ display; or it
could be a range of thread numbers, as in 2-4. To apply
a command to all threads in descending order, type thread apply all
command. To apply a command to all threads in ascending order,
type thread apply all -ascending command.
thread name [name]On some systems, such as gnu/Linux, gdb is able to determine the name of the thread as given by the OS. On these systems, a name specified with ‘thread name’ will override the system-give name, and removing the user-specified name will cause gdb to once again display the system-specified name.
thread find [regexp]As well as being the complement to the ‘thread name’ command, this command also allows you to identify a thread by its target systag. For instance, on gnu/Linux, the target systag is the LWP id.
(gdb) thread find 26688 Thread 4 has target id 'Thread 0x41e02940 (LWP 26688)' (gdb) info thread 4 Id Target Id Frame 4 Thread 0x41e02940 (LWP 26688) 0x00000031ca6cd372 in select ()
set print thread-eventsset print thread-events onset print thread-events offset print thread-events command allows you to enable or
disable printing of messages when gdb notices that new threads have
started or that threads have exited. By default, these messages will
be printed if detection of these events is supported by the target.
Note that these messages cannot be disabled on all targets.
show print thread-eventsSee Stopping and Starting Multi-thread Programs, for more information about how gdb behaves when you stop and start programs with multiple threads.
See Setting Watchpoints, for information about watchpoints in programs with multiple threads.
set libthread-db-search-path [path]libthread_db.
If you omit path, ‘libthread-db-search-path’ will be reset to
its default value ($sdir:$pdir on gnu/Linux and Solaris systems).
Internally, the default value comes from the LIBTHREAD_DB_SEARCH_PATH
macro.
On gnu/Linux and Solaris systems, gdb uses a “helper”
libthread_db library to obtain information about threads in the
inferior process. gdb will use ‘libthread-db-search-path’
to find libthread_db. gdb also consults first if inferior
specific thread debugging library loading is enabled
by ‘set auto-load libthread-db’ (see libthread_db.so.1 file).
A special entry ‘$sdir’ for ‘libthread-db-search-path’ refers to the default system directories that are normally searched for loading shared libraries. The ‘$sdir’ entry is the only kind not needing to be enabled by ‘set auto-load libthread-db’ (see libthread_db.so.1 file).
A special entry ‘$pdir’ for ‘libthread-db-search-path’
refers to the directory from which libpthread
was loaded in the inferior process.
For any libthread_db library gdb finds in above directories,
gdb attempts to initialize it with the current inferior process.
If this initialization fails (which could happen because of a version
mismatch between libthread_db and libpthread), gdb
will unload libthread_db, and continue with the next directory.
If none of libthread_db libraries initialize successfully,
gdb will issue a warning and thread debugging will be disabled.
Setting libthread-db-search-path is currently implemented
only on some platforms.
show libthread-db-search-pathset debug libthread-dbshow debug libthread-dblibthread_db-related events.
Use 1 to enable, 0 to disable.
On most systems, gdb has no special support for debugging
programs which create additional processes using the fork
function. When a program forks, gdb will continue to debug the
parent process and the child process will run unimpeded. If you have
set a breakpoint in any code which the child then executes, the child
will get a SIGTRAP signal which (unless it catches the signal)
will cause it to terminate.
However, if you want to debug the child process there is a workaround
which isn't too painful. Put a call to sleep in the code which
the child process executes after the fork. It may be useful to sleep
only if a certain environment variable is set, or a certain file exists,
so that the delay need not occur when you don't want to run gdb
on the child. While the child is sleeping, use the ps program to
get its process ID. Then tell gdb (a new invocation of
gdb if you are also debugging the parent process) to attach to
the child process (see Attach). From that point on you can debug
the child process just like any other process which you attached to.
On some systems, gdb provides support for debugging programs that
create additional processes using the fork or vfork functions.
Currently, the only platforms with this feature are HP-UX (11.x and later
only?) and gnu/Linux (kernel version 2.5.60 and later).
The fork debugging commands are supported in both native mode and when
connected to gdbserver using target extended-remote.
By default, when a program forks, gdb will continue to debug the parent process and the child process will run unimpeded.
If you want to follow the child process instead of the parent process,
use the command set follow-fork-mode.
set follow-fork-mode modefork or
vfork. A call to fork or vfork creates a new
process. The mode argument can be:
parentchildshow follow-fork-modefork or vfork call.
On Linux, if you want to debug both the parent and child processes, use the
command set detach-on-fork.
set detach-on-fork modeonfollow-fork-mode) will be detached and allowed to run
independently. This is the default.
offfollow-fork-mode) is debugged as usual, while the other
is held suspended.
show detach-on-forkIf you choose to set ‘detach-on-fork’ mode off, then gdb
will retain control of all forked processes (including nested forks).
You can list the forked processes under the control of gdb by
using the info inferiors command, and switch from one fork
to another by using the inferior command (see Debugging Multiple Inferiors and Programs).
To quit debugging one of the forked processes, you can either detach
from it by using the detach inferiors command (allowing it
to run independently), or kill it using the kill inferiors
command. See Debugging Multiple Inferiors and Programs.
If you ask to debug a child process and a vfork is followed by an
exec, gdb executes the new target up to the first
breakpoint in the new target. If you have a breakpoint set on
main in your original program, the breakpoint will also be set on
the child process's main.
On some systems, when a child process is spawned by vfork, you
cannot debug the child or parent until an exec call completes.
If you issue a run command to gdb after an exec
call executes, the new target restarts. To restart the parent
process, use the file command with the parent executable name
as its argument. By default, after an exec call executes,
gdb discards the symbols of the previous executable image.
You can change this behaviour with the set follow-exec-mode
command.
set follow-exec-mode modeexec. An
exec call replaces the program image of a process.
follow-exec-mode can be:
newexec call can be restarted afterwards by restarting the
original inferior.
For example:
(gdb) info inferiors
(gdb) info inferior
Id Description Executable
* 1 <null> prog1
(gdb) run
process 12020 is executing new program: prog2
Program exited normally.
(gdb) info inferiors
Id Description Executable
* 2 <null> prog2
1 <null> prog1
sameexec call, with
e.g., the run command, restarts the executable the process was
running after the exec call. This is the default mode.
For example:
(gdb) info inferiors
Id Description Executable
* 1 <null> prog1
(gdb) run
process 12020 is executing new program: prog2
Program exited normally.
(gdb) info inferiors
Id Description Executable
* 1 <null> prog2
You can use the catch command to make gdb stop whenever
a fork, vfork, or exec call is made. See Setting Catchpoints.
On certain operating systems3, gdb is able to save a snapshot of a program's state, called a checkpoint, and come back to it later.
Returning to a checkpoint effectively undoes everything that has
happened in the program since the checkpoint was saved. This
includes changes in memory, registers, and even (within some limits)
system state. Effectively, it is like going back in time to the
moment when the checkpoint was saved.
Thus, if you're stepping thru a program and you think you're getting close to the point where things go wrong, you can save a checkpoint. Then, if you accidentally go too far and miss the critical statement, instead of having to restart your program from the beginning, you can just go back to the checkpoint and start again from there.
This can be especially useful if it takes a lot of time or steps to reach the point where you think the bug occurs.
To use the checkpoint/restart method of debugging:
checkpointcheckpoint command takes no arguments, but each checkpoint
is assigned a small integer id, similar to a breakpoint id.
info checkpointsCheckpoint IDProcess IDCode AddressSource line, or labelrestart checkpoint-idNote that breakpoints, gdb variables, command history etc. are not affected by restoring a checkpoint. In general, a checkpoint only restores things that reside in the program being debugged, not in the debugger.
delete checkpoint checkpoint-idReturning to a previously saved checkpoint will restore the user state of the program being debugged, plus a significant subset of the system (OS) state, including file pointers. It won't “un-write” data from a file, but it will rewind the file pointer to the previous location, so that the previously written data can be overwritten. For files opened in read mode, the pointer will also be restored so that the previously read data can be read again.
Of course, characters that have been sent to a printer (or other external device) cannot be “snatched back”, and characters received from eg. a serial device can be removed from internal program buffers, but they cannot be “pushed back” into the serial pipeline, ready to be received again. Similarly, the actual contents of files that have been changed cannot be restored (at this time).
However, within those constraints, you actually can “rewind” your program to a previously saved point in time, and begin debugging it again — and you can change the course of events so as to debug a different execution path this time.
Finally, there is one bit of internal program state that will be different when you return to a checkpoint — the program's process id. Each checkpoint will have a unique process id (or pid), and each will be different from the program's original pid. If your program has saved a local copy of its process id, this could potentially pose a problem.
On some systems such as gnu/Linux, address space randomization is performed on new processes for security reasons. This makes it difficult or impossible to set a breakpoint, or watchpoint, on an absolute address if you have to restart the program, since the absolute location of a symbol will change from one execution to the next.
A checkpoint, however, is an identical copy of a process. Therefore if you create a checkpoint at (eg.) the start of main, and simply return to that checkpoint instead of restarting the process, you can avoid the effects of address randomization and your symbols will all stay in the same place.
The principal purposes of using a debugger are so that you can stop your program before it terminates; or so that, if your program runs into trouble, you can investigate and find out why.
Inside gdb, your program may stop for any of several reasons,
such as a signal, a breakpoint, or reaching a new line after a
gdb command such as step. You may then examine and
change variables, set new breakpoints or remove old ones, and then
continue execution. Usually, the messages shown by gdb provide
ample explanation of the status of your program—but you can also
explicitly request this information at any time.
info programA breakpoint makes your program stop whenever a certain point in
the program is reached. For each breakpoint, you can add conditions to
control in finer detail whether your program stops. You can set
breakpoints with the break command and its variants (see Setting Breakpoints), to specify the place where your program
should stop by line number, function name or exact address in the
program.
On some systems, you can set breakpoints in shared libraries before
the executable is run. There is a minor limitation on HP-UX systems:
you must wait until the executable is run in order to set breakpoints
in shared library routines that are not called directly by the program
(for example, routines that are arguments in a pthread_create
call).
A watchpoint is a special breakpoint that stops your program when the value of an expression changes. The expression may be a value of a variable, or it could involve values of one or more variables combined by operators, such as ‘a + b’. This is sometimes called data breakpoints. You must use a different command to set watchpoints (see Setting Watchpoints), but aside from that, you can manage a watchpoint like any other breakpoint: you enable, disable, and delete both breakpoints and watchpoints using the same commands.
You can arrange to have values from your program displayed automatically whenever gdb stops at a breakpoint. See Automatic Display.
A catchpoint is another special breakpoint that stops your program
when a certain kind of event occurs, such as the throwing of a C++
exception or the loading of a library. As with watchpoints, you use a
different command to set a catchpoint (see Setting Catchpoints), but aside from that, you can manage a catchpoint like any
other breakpoint. (To stop when your program receives a signal, use the
handle command; see Signals.)
gdb assigns a number to each breakpoint, watchpoint, or catchpoint when you create it; these numbers are successive integers starting with one. In many of the commands for controlling various features of breakpoints you use the breakpoint number to say which breakpoint you want to change. Each breakpoint may be enabled or disabled; if disabled, it has no effect on your program until you enable it again.
Some gdb commands accept a range of breakpoints on which to operate. A breakpoint range is either a single breakpoint number, like ‘5’, or two such numbers, in increasing order, separated by a hyphen, like ‘5-7’. When a breakpoint range is given to a command, all breakpoints in that range are operated on.
Breakpoints are set with the break command (abbreviated
b). The debugger convenience variable ‘$bpnum’ records the
number of the breakpoint you've set most recently; see Convenience Variables, for a discussion of what you can do with
convenience variables.
break locationWhen using source languages that permit overloading of symbols, such as C++, a function name may refer to more than one possible place to break. See Ambiguous Expressions, for a discussion of that situation.
It is also possible to insert a breakpoint that will stop the program
only if a specific thread (see Thread-Specific Breakpoints)
or a specific task (see Ada Tasks) hits that breakpoint.
breakbreak sets a breakpoint at
the next instruction to be executed in the selected stack frame
(see Examining the Stack). In any selected frame but the
innermost, this makes your program stop as soon as control
returns to that frame. This is similar to the effect of a
finish command in the frame inside the selected frame—except
that finish does not leave an active breakpoint. If you use
break without an argument in the innermost frame, gdb stops
the next time it reaches the current location; this may be useful
inside loops.
gdb normally ignores breakpoints when it resumes execution, until at
least one instruction has been executed. If it did not do this, you
would be unable to proceed past a breakpoint without first disabling the
breakpoint. This rule applies whether or not the breakpoint already
existed when your program stopped.
break ... if condtbreak argsbreak command, and the breakpoint is set in the same
way, but the breakpoint is automatically deleted after the first time your
program stops there. See Disabling Breakpoints.
hbreak argsbreak command and the breakpoint is set in the same way, but the
breakpoint requires hardware support and some target hardware may not
have this support. The main purpose of this is EPROM/ROM code
debugging, so you can set a breakpoint at an instruction without
changing the instruction. This can be used with the new trap-generation
provided by SPARClite DSU and most x86-based targets. These targets
will generate traps when a program accesses some data or instruction
address that is assigned to the debug registers. However the hardware
breakpoint registers can take a limited number of breakpoints. For
example, on the DSU, only two data breakpoints can be set at a time, and
gdb will reject this command if more than two are used. Delete
or disable unused hardware breakpoints before setting new ones
(see Disabling Breakpoints).
See Break Conditions.
For remote targets, you can restrict the number of hardware
breakpoints gdb will use, see set remote hardware-breakpoint-limit.
thbreak argshbreak command and the breakpoint is set in
the same way. However, like the tbreak command,
the breakpoint is automatically deleted after the
first time your program stops there. Also, like the hbreak
command, the breakpoint requires hardware support and some target hardware
may not have this support. See Disabling Breakpoints.
See also Break Conditions.
rbreak regexbreak command. You can delete them, disable them, or make
them conditional the same way as any other breakpoint.
The syntax of the regular expression is the standard one used with tools
like grep. Note that this is different from the syntax used by
shells, so for instance foo* matches all functions that include
an fo followed by zero or more os. There is an implicit
.* leading and trailing the regular expression you supply, so to
match only functions that begin with foo, use ^foo.
When debugging C++ programs, rbreak is useful for setting
breakpoints on overloaded functions that are not members of any special
classes.
The rbreak command can be used to set breakpoints in
all the functions in a program, like this:
(gdb) rbreak .
rbreak file:regexrbreak is called with a filename qualification, it limits
the search for functions matching the given regular expression to the
specified file. This can be used, for example, to set breakpoints on
every function in a given file:
(gdb) rbreak file.c:.
The colon separating the filename qualifier from the regex may optionally be surrounded by spaces.
info breakpoints [n...]info break [n...]If a breakpoint is conditional, there are two evaluation modes: “host” and
“target”. If mode is “host”, breakpoint condition evaluation is done by
gdb on the host's side. If it is “target”, then the condition
is evaluated by the target. The info break command shows
the condition on the line following the affected breakpoint, together with
its condition evaluation mode in between parentheses.
Breakpoint commands, if any, are listed after that. A pending breakpoint is allowed to have a condition specified for it. The condition is not parsed for validity until a shared library is loaded that allows the pending breakpoint to resolve to a valid location.
info break with a breakpoint
number n as argument lists only that breakpoint. The
convenience variable $_ and the default examining-address for
the x command are set to the address of the last breakpoint
listed (see Examining Memory).
info break displays a count of the number of times the breakpoint
has been hit. This is especially useful in conjunction with the
ignore command. You can ignore a large number of breakpoint
hits, look at the breakpoint info to see how many times the breakpoint
was hit, and then run again, ignoring one less than that number. This
will get you quickly to the last hit of that breakpoint.
For a breakpoints with an enable count (xref) greater than 1,
info break also displays that count.
gdb allows you to set any number of breakpoints at the same place in your program. There is nothing silly or meaningless about this. When the breakpoints are conditional, this is even useful (see Break Conditions).
It is possible that a breakpoint corresponds to several locations in your program. Examples of this situation are:
In all those cases, gdb will insert a breakpoint at all the relevant locations.
A breakpoint with multiple locations is displayed in the breakpoint table using several rows—one header row, followed by one row for each breakpoint location. The header row has ‘<MULTIPLE>’ in the address column. The rows for individual locations contain the actual addresses for locations, and show the functions to which those locations belong. The number column for a location is of the form breakpoint-number.location-number.
For example:
Num Type Disp Enb Address What
1 breakpoint keep y <MULTIPLE>
stop only if i==1
breakpoint already hit 1 time
1.1 y 0x080486a2 in void foo<int>() at t.cc:8
1.2 y 0x080486ca in void foo<double>() at t.cc:8
Each location can be individually enabled or disabled by passing
breakpoint-number.location-number as argument to the
enable and disable commands. It's also possible to
enable and disable range of location-number
breakpoints using a breakpoint-number and two location-number,
in increasing order, separated by a hyphen, like
‘breakpoint-number.5-7’.
In this case, when a location-number range is given to this
command, all breakpoints belonging to this breakpoint-number
and inside that range are operated on.
Note that you cannot delete the individual locations from the list,
you can only delete the entire list of locations that belong to their
parent breakpoint (with the delete num command, where
num is the number of the parent breakpoint, 1 in the above example).
Disabling or enabling the parent breakpoint (see Disabling) affects
all of the locations that belong to that breakpoint.
It's quite common to have a breakpoint inside a shared library. Shared libraries can be loaded and unloaded explicitly, and possibly repeatedly, as the program is executed. To support this use case, gdb updates breakpoint locations whenever any shared library is loaded or unloaded. Typically, you would set a breakpoint in a shared library at the beginning of your debugging session, when the library is not loaded, and when the symbols from the library are not available. When you try to set breakpoint, gdb will ask you if you want to set a so called pending breakpoint—breakpoint whose address is not yet resolved.
After the program is run, whenever a new shared library is loaded, gdb reevaluates all the breakpoints. When a newly loaded shared library contains the symbol or line referred to by some pending breakpoint, that breakpoint is resolved and becomes an ordinary breakpoint. When a library is unloaded, all breakpoints that refer to its symbols or source lines become pending again.
This logic works for breakpoints with multiple locations, too. For example, if you have a breakpoint in a C++ template function, and a newly loaded shared library has an instantiation of that template, a new location is added to the list of locations for the breakpoint.
Except for having unresolved address, pending breakpoints do not differ from regular breakpoints. You can set conditions or commands, enable and disable them and perform other breakpoint operations.
gdb provides some additional commands for controlling what happens when the ‘break’ command cannot resolve breakpoint address specification to an address:
set breakpoint pending autoset breakpoint pending onset breakpoint pending offshow breakpoint pendingThe settings above only affect the break command and its
variants. Once breakpoint is set, it will be automatically updated
as shared libraries are loaded and unloaded.
For some targets, gdb can automatically decide if hardware or
software breakpoints should be used, depending on whether the
breakpoint address is read-only or read-write. This applies to
breakpoints set with the break command as well as to internal
breakpoints set by commands like next and finish. For
breakpoints set with hbreak, gdb will always use hardware
breakpoints.
You can control this automatic behaviour with the following commands::
set breakpoint auto-hw onset breakpoint auto-hw offgdb normally implements breakpoints by replacing the program code at the breakpoint address with a special instruction, which, when executed, given control to the debugger. By default, the program code is so modified only when the program is resumed. As soon as the program stops, gdb restores the original instructions. This behaviour guards against leaving breakpoints inserted in the target should gdb abrubptly disconnect. However, with slow remote targets, inserting and removing breakpoint can reduce the performance. This behavior can be controlled with the following commands::
set breakpoint always-inserted offset breakpoint always-inserted ongdb handles conditional breakpoints by evaluating these conditions when a breakpoint breaks. If the condition is true, then the process being debugged stops, otherwise the process is resumed.
If the target supports evaluating conditions on its end, gdb may download the breakpoint, together with its conditions, to it.
This feature can be controlled via the following commands:
set breakpoint condition-evaluation hostset breakpoint condition-evaluation targetset breakpoint condition-evaluation autogdb itself sometimes sets breakpoints in your program for
special purposes, such as proper handling of longjmp (in C
programs). These internal breakpoints are assigned negative numbers,
starting with -1; ‘info breakpoints’ does not display them.
You can see these breakpoints with the gdb maintenance command
‘maint info breakpoints’ (see maint info breakpoints).
You can use a watchpoint to stop execution whenever the value of an expression changes, without having to predict a particular place where this may happen. (This is sometimes called a data breakpoint.) The expression may be as simple as the value of a single variable, or as complex as many variables combined by operators. Examples include:
int occupies 4 bytes).
You can set a watchpoint on an expression even if the expression can
not be evaluated yet. For instance, you can set a watchpoint on
‘*global_ptr’ before ‘global_ptr’ is initialized.
gdb will stop when your program sets ‘global_ptr’ and
the expression produces a valid value. If the expression becomes
valid in some other way than changing a variable (e.g. if the memory
pointed to by ‘*global_ptr’ becomes readable as the result of a
malloc call), gdb may not stop until the next time
the expression changes.
Depending on your system, watchpoints may be implemented in software or hardware. gdb does software watchpointing by single-stepping your program and testing the variable's value each time, which is hundreds of times slower than normal execution. (But this may still be worth it, to catch errors where you have no clue what part of your program is the culprit.)
On some systems, such as HP-UX, PowerPC, gnu/Linux and most other x86-based targets, gdb includes support for hardware watchpoints, which do not slow down the running of your program.
watch [-l|-location] expr [thread threadnum] [mask maskvalue](gdb) watch foo
If the command includes a [thread threadnum]
argument, gdb breaks only when the thread identified by
threadnum changes the value of expr. If any other threads
change the value of expr, gdb will not break. Note
that watchpoints restricted to a single thread in this way only work
with Hardware Watchpoints.
Ordinarily a watchpoint respects the scope of variables in expr
(see below). The -location argument tells gdb to
instead watch the memory referred to by expr. In this case,
gdb will evaluate expr, take the address of the result,
and watch the memory at that address. The type of the result is used
to determine the size of the watched memory. If the expression's
result does not have an address, then gdb will print an
error.
The [mask maskvalue] argument allows creation
of masked watchpoints, if the current architecture supports this
feature (e.g., PowerPC Embedded architecture, see PowerPC Embedded.) A masked watchpoint specifies a mask in addition
to an address to watch. The mask specifies that some bits of an address
(the bits which are reset in the mask) should be ignored when matching
the address accessed by the inferior against the watchpoint address.
Thus, a masked watchpoint watches many addresses simultaneously—those
addresses whose unmasked bits are identical to the unmasked bits in the
watchpoint address. The mask argument implies -location.
Examples:
(gdb) watch foo mask 0xffff00ff
(gdb) watch *0xdeadbeef mask 0xffffff00
rwatch [-l|-location] expr [thread threadnum] [mask maskvalue]awatch [-l|-location] expr [thread threadnum] [mask maskvalue]info watchpoints [n...]info break (see Set Breaks).
If you watch for a change in a numerically entered address you need to dereference it, as the address itself is just a constant number which will never change. gdb refuses to create a watchpoint that watches a never-changing value:
(gdb) watch 0x600850
Cannot watch constant value 0x600850.
(gdb) watch *(int *) 0x600850
Watchpoint 1: *(int *) 6293584
gdb sets a hardware watchpoint if possible. Hardware watchpoints execute very quickly, and the debugger reports a change in value at the exact instruction where the change occurs. If gdb cannot set a hardware watchpoint, it sets a software watchpoint, which executes more slowly and reports the change in value at the next statement, not the instruction, after the change occurs.
You can force gdb to use only software watchpoints with the
set can-use-hw-watchpoints 0 command. With this variable set to
zero, gdb will never try to use hardware watchpoints, even if
the underlying system supports them. (Note that hardware-assisted
watchpoints that were set before setting
can-use-hw-watchpoints to zero will still use the hardware
mechanism of watching expression values.)
set can-use-hw-watchpointsshow can-use-hw-watchpointsFor remote targets, you can restrict the number of hardware watchpoints gdb will use, see set remote hardware-breakpoint-limit.
When you issue the watch command, gdb reports
Hardware watchpoint num: expr
if it was able to set a hardware watchpoint.
Currently, the awatch and rwatch commands can only set
hardware watchpoints, because accesses to data that don't change the
value of the watched expression cannot be detected without examining
every instruction as it is being executed, and gdb does not do
that currently. If gdb finds that it is unable to set a
hardware breakpoint with the awatch or rwatch command, it
will print a message like this:
Expression cannot be implemented with read/access watchpoint.
Sometimes, gdb cannot set a hardware watchpoint because the data type of the watched expression is wider than what a hardware watchpoint on the target machine can handle. For example, some systems can only watch regions that are up to 4 bytes wide; on such systems you cannot set hardware watchpoints for an expression that yields a double-precision floating-point number (which is typically 8 bytes wide). As a work-around, it might be possible to break the large region into a series of smaller ones and watch them with separate watchpoints.
If you set too many hardware watchpoints, gdb might be unable to insert all of them when you resume the execution of your program. Since the precise number of active watchpoints is unknown until such time as the program is about to be resumed, gdb might not be able to warn you about this when you set the watchpoints, and the warning will be printed only when the program is resumed:
Hardware watchpoint num: Could not insert watchpoint
If this happens, delete or disable some of the watchpoints.
Watching complex expressions that reference many variables can also exhaust the resources available for hardware-assisted watchpoints. That's because gdb needs to watch every variable in the expression with separately allocated resources.
If you call a function interactively using print or call,
any watchpoints you have set will be inactive until gdb reaches another
kind of breakpoint or the call completes.
gdb automatically deletes watchpoints that watch local
(automatic) variables, or expressions that involve such variables, when
they go out of scope, that is, when the execution leaves the block in
which these variables were defined. In particular, when the program
being debugged terminates, all local variables go out of scope,
and so only watchpoints that watch global variables remain set. If you
rerun the program, you will need to set all such watchpoints again. One
way of doing that would be to set a code breakpoint at the entry to the
main function and when it breaks, set all the watchpoints.
In multi-threaded programs, watchpoints will detect changes to the watched expression from every thread.
Warning: In multi-threaded programs, software watchpoints have only limited usefulness. If gdb creates a software watchpoint, it can only watch the value of an expression in a single thread. If you are confident that the expression can only change due to the current thread's activity (and if you are also confident that no other thread can become current), then you can use software watchpoints as usual. However, gdb may not notice when a non-current thread's activity changes the expression. (Hardware watchpoints, in contrast, watch an expression in all threads.)
See set remote hardware-watchpoint-limit.
You can use catchpoints to cause the debugger to stop for certain
kinds of program events, such as C++ exceptions or the loading of a
shared library. Use the catch command to set a catchpoint.
catch eventthrow [regexp]rethrow [regexp]catch [regexp]If regexp is given, then only exceptions whose type matches the regular expression will be caught.
The convenience variable $_exception is available at an
exception-related catchpoint, on some systems. This holds the
exception being thrown.
There are currently some limitations to C++ exception handling in gdb:
$_exception convenience
variable rely on the presence of some SDT probes in libstdc++.
If these probes are not present, then these features cannot be used.
These probes were first available in the GCC 4.8 release, but whether
or not they are available in your GCC also depends on how it was
built.
$_exception convenience variable is only valid at the
instruction at which an exception-related catchpoint is set.
libstdc++. You can use up
(see Selection) to get to your code.
set unwind-on-terminating-exception.
exceptioncatch exception Program_Error),
the debugger will stop only when this specific exception is raised.
Otherwise, the debugger stops execution when any Ada exception is raised.
When inserting an exception catchpoint on a user-defined exception whose
name is identical to one of the exceptions defined by the language, the
fully qualified name must be used as the exception name. Otherwise,
gdb will assume that it should stop on the pre-defined exception
rather than the user-defined one. For instance, assuming an exception
called Constraint_Error is defined in package Pck, then
the command to use to catch such exceptions is catch exception
Pck.Constraint_Error.
handlersWhen inserting a handlers catchpoint on a user-defined
exception whose name is identical to one of the exceptions
defined by the language, the fully qualified name must be used
as the exception name. Otherwise, gdb will assume that it
should stop on the pre-defined exception rather than the
user-defined one. For instance, assuming an exception called
Constraint_Error is defined in package Pck, then the
command to use to catch such exceptions handling is
catch handlers Pck.Constraint_Error.
exception unhandledassertexecexec. This is currently only available for HP-UX
and gnu/Linux.
syscallsyscall [name | number] ...name can be any system call name that is valid for the underlying OS. Just what syscalls are valid depends on the OS. On GNU and Unix systems, you can find the full list of valid syscall names on /usr/include/asm/unistd.h.
Normally, gdb knows in advance which syscalls are valid for each OS, so you can use the gdb command-line completion facilities (see command completion) to list the available choices.
You may also specify the system call numerically. A syscall's number is the value passed to the OS's syscall dispatcher to identify the requested service. When you specify the syscall by its name, gdb uses its database of syscalls to convert the name into the corresponding numeric code, but using the number directly may be useful if gdb's database does not have the complete list of syscalls on your system (e.g., because gdb lags behind the OS upgrades).
The example below illustrates how this command works if you don't provide arguments to it:
(gdb) catch syscall
Catchpoint 1 (syscall)
(gdb) r
Starting program: /tmp/catch-syscall
Catchpoint 1 (call to syscall 'close'), \
0xffffe424 in __kernel_vsyscall ()
(gdb) c
Continuing.
Catchpoint 1 (returned from syscall 'close'), \
0xffffe424 in __kernel_vsyscall ()
(gdb)
Here is an example of catching a system call by name:
(gdb) catch syscall chroot
Catchpoint 1 (syscall 'chroot' [61])
(gdb) r
Starting program: /tmp/catch-syscall
Catchpoint 1 (call to syscall 'chroot'), \
0xffffe424 in __kernel_vsyscall ()
(gdb) c
Continuing.
Catchpoint 1 (returned from syscall 'chroot'), \
0xffffe424 in __kernel_vsyscall ()
(gdb)
An example of specifying a system call numerically. In the case below, the syscall number has a corresponding entry in the XML file, so gdb finds its name and prints it:
(gdb) catch syscall 252
Catchpoint 1 (syscall(s) 'exit_group')
(gdb) r
Starting program: /tmp/catch-syscall
Catchpoint 1 (call to syscall 'exit_group'), \
0xffffe424 in __kernel_vsyscall ()
(gdb) c
Continuing.
Program exited normally.
(gdb)
However, there can be situations when there is no corresponding name in XML file for that syscall number. In this case, gdb prints a warning message saying that it was not able to find the syscall name, but the catchpoint will be set anyway. See the example below:
(gdb) catch syscall 764
warning: The number '764' does not represent a known syscall.
Catchpoint 2 (syscall 764)
(gdb)
If you configure gdb using the ‘--without-expat’ option, it will not be able to display syscall names. Also, if your architecture does not have an XML file describing its system calls, you will not be able to see the syscall names. It is important to notice that these two features are used for accessing the syscall name database. In either case, you will see a warning like this:
(gdb) catch syscall
warning: Could not open "syscalls/i386-linux.xml"
warning: Could not load the syscall XML file 'syscalls/i386-linux.xml'.
GDB will not be able to display syscall names.
Catchpoint 1 (syscall)
(gdb)
Of course, the file name will change depending on your architecture and system.
Still using the example above, you can also try to catch a syscall by its number. In this case, you would see something like:
(gdb) catch syscall 252
Catchpoint 1 (syscall(s) 252)
Again, in this case gdb would not be able to display syscall's names.
forkfork. This is currently only available for HP-UX
and gnu/Linux.
vforkvfork. This is currently only available for HP-UX
and gnu/Linux.
load [regexp]unload [regexp]signal [signal... | ‘all’]With no arguments, this catchpoint will catch any signal that is not used internally by gdb, specifically, all signals except ‘SIGTRAP’ and ‘SIGINT’.
With the argument ‘all’, all signals, including those used by gdb, will be caught. This argument cannot be used with other signal names.
Otherwise, the arguments are a list of signal names as given to
handle (see Signals). Only signals specified in this list
will be caught.
One reason that catch signal can be more useful than
handle is that you can attach commands and conditions to the
catchpoint.
When a signal is caught by a catchpoint, the signal's stop and
print settings, as specified by handle, are ignored.
However, whether the signal is still delivered to the inferior depends
on the pass setting; this can be changed in the catchpoint's
commands.
tcatch eventUse the info break command to list the current catchpoints.
It is often necessary to eliminate a breakpoint, watchpoint, or catchpoint once it has done its job and you no longer want your program to stop there. This is called deleting the breakpoint. A breakpoint that has been deleted no longer exists; it is forgotten.
With the clear command you can delete breakpoints according to
where they are in your program. With the delete command you can
delete individual breakpoints, watchpoints, or catchpoints by specifying
their breakpoint numbers.
It is not necessary to delete a breakpoint to proceed past it. gdb automatically ignores breakpoints on the first instruction to be executed when you continue execution without changing the execution address.
clearclear locationclear functionclear filename:functionclear linenumclear filename:linenumdelete [breakpoints] [range...]set
confirm off). You can abbreviate this command as d.
Rather than deleting a breakpoint, watchpoint, or catchpoint, you might prefer to disable it. This makes the breakpoint inoperative as if it had been deleted, but remembers the information on the breakpoint so that you can enable it again later.
You disable and enable breakpoints, watchpoints, and catchpoints with
the enable and disable commands, optionally specifying
one or more breakpoint numbers as arguments. Use info break to
print a list of all breakpoints, watchpoints, and catchpoints if you
do not know which numbers to use.
Disabling and enabling a breakpoint that has multiple locations affects all of its locations.
A breakpoint, watchpoint, or catchpoint can have any of several different states of enablement:
break command starts out in this state.
tbreak command starts out in this state.
You can use the following commands to enable or disable breakpoints, watchpoints, and catchpoints:
disable [breakpoints] [range...]disable as dis.
enable [breakpoints] [range...]enable [breakpoints] once range...enable [breakpoints] count count range...enable [breakpoints] delete range...tbreak command start out in this state.
Except for a breakpoint set with tbreak (see Setting Breakpoints), breakpoints that you set are initially enabled;
subsequently, they become disabled or enabled only when you use one of
the commands above. (The command until can set and delete a
breakpoint of its own, but it does not change the state of your other
breakpoints; see Continuing and Stepping.)
The simplest sort of breakpoint breaks every time your program reaches a specified place. You can also specify a condition for a breakpoint. A condition is just a Boolean expression in your programming language (see Expressions). A breakpoint with a condition evaluates the expression each time your program reaches it, and your program stops only if the condition is true.
This is the converse of using assertions for program validation; in that situation, you want to stop when the assertion is violated—that is, when the condition is false. In C, if you want to test an assertion expressed by the condition assert, you should set the condition ‘! assert’ on the appropriate breakpoint.
Conditions are also accepted for watchpoints; you may not need them, since a watchpoint is inspecting the value of an expression anyhow—but it might be simpler, say, to just set a watchpoint on a variable name, and specify a condition that tests whether the new value is an interesting one.
Break conditions can have side effects, and may even call functions in your program. This can be useful, for example, to activate functions that log program progress, or to use your own print functions to format special data structures. The effects are completely predictable unless there is another enabled breakpoint at the same address. (In that case, gdb might see the other breakpoint first and stop your program without checking the condition of this one.) Note that breakpoint commands are usually more convenient and flexible than break conditions for the purpose of performing side effects when a breakpoint is reached (see Breakpoint Command Lists).
Breakpoint conditions can also be evaluated on the target's side if the target supports it. Instead of evaluating the conditions locally, gdb encodes the expression into an agent expression (see Agent Expressions) suitable for execution on the target, independently of gdb. Global variables become raw memory locations, locals become stack accesses, and so forth.
In this case, gdb will only be notified of a breakpoint trigger when its condition evaluates to true. This mechanism may provide faster response times depending on the performance characteristics of the target since it does not need to keep gdb informed about every breakpoint trigger, even those with false conditions.
Break conditions can be specified when a breakpoint is set, by using
‘if’ in the arguments to the break command. See Setting Breakpoints. They can also be changed at any time
with the condition command.
You can also use the if keyword with the watch command.
The catch command does not recognize the if keyword;
condition is the only way to impose a further condition on a
catchpoint.
condition bnum expressioncondition, gdb checks expression immediately for
syntactic correctness, and to determine whether symbols in it have
referents in the context of your breakpoint. If expression uses
symbols not referenced in the context of the breakpoint, gdb
prints an error message:
No symbol "foo" in current context.
gdb does
not actually evaluate expression at the time the condition
command (or a command that sets a breakpoint with a condition, like
break if ...) is given, however. See Expressions.
condition bnumA special case of a breakpoint condition is to stop only when the breakpoint has been reached a certain number of times. This is so useful that there is a special way to do it, using the ignore count of the breakpoint. Every breakpoint has an ignore count, which is an integer. Most of the time, the ignore count is zero, and therefore has no effect. But if your program reaches a breakpoint whose ignore count is positive, then instead of stopping, it just decrements the ignore count by one and continues. As a result, if the ignore count value is n, the breakpoint does not stop the next n times your program reaches it.
ignore bnum countTo make the breakpoint stop the next time it is reached, specify a count of zero.
When you use continue to resume execution of your program from a
breakpoint, you can specify an ignore count directly as an argument to
continue, rather than using ignore. See Continuing and Stepping.
If a breakpoint has a positive ignore count and a condition, the condition is not checked. Once the ignore count reaches zero, gdb resumes checking the condition.
You could achieve the effect of the ignore count with a condition such as ‘$foo-- <= 0’ using a debugger convenience variable that is decremented each time. See Convenience Variables.
Ignore counts apply to breakpoints, watchpoints, and catchpoints.
You can give any breakpoint (or watchpoint or catchpoint) a series of commands to execute when your program stops due to that breakpoint. For example, you might want to print the values of certain expressions, or enable other breakpoints.
commands [range...]... command-list ...endend to terminate the commands.
To remove all commands from a breakpoint, type commands and
follow it immediately with end; that is, give no commands.
With no argument, commands refers to the last breakpoint,
watchpoint, or catchpoint set (not to the breakpoint most recently
encountered). If the most recent breakpoints were set with a single
command, then the commands will apply to all the breakpoints
set by that command. This applies to breakpoints set by
rbreak, and also applies when a single break command
creates multiple breakpoints (see Ambiguous Expressions).
Pressing <RET> as a means of repeating the last gdb command is disabled within a command-list.
You can use breakpoint commands to start your program up again. Simply
use the continue command, or step, or any other command
that resumes execution.
Any other commands in the command list, after a command that resumes
execution, are ignored. This is because any time you resume execution
(even with a simple next or step), you may encounter
another breakpoint—which could have its own command list, leading to
ambiguities about which list to execute.
If the first command you specify in a command list is silent, the
usual message about stopping at a breakpoint is not printed. This may
be desirable for breakpoints that are to print a specific message and
then continue. If none of the remaining commands print anything, you
see no sign that the breakpoint was reached. silent is
meaningful only at the beginning of a breakpoint command list.
The commands echo, output, and printf allow you to
print precisely controlled output, and are often useful in silent
breakpoints. See Commands for Controlled Output.
For example, here is how you could use breakpoint commands to print the
value of x at entry to foo whenever x is positive.
break foo if x>0
commands
silent
printf "x is %d\n",x
cont
end
One application for breakpoint commands is to compensate for one bug so
you can test for another. Put a breakpoint just after the erroneous line
of code, give it a condition to detect the case in which something
erroneous has been done, and give it commands to assign correct values
to any variables that need them. End with the continue command
so that your program does not stop, and start with the silent
command so that no output is produced. Here is an example:
break 403
commands
silent
set x = y + 4
cont
end
The dynamic printf command dprintf combines a breakpoint with
formatted printing of your program's data to give you the effect of
inserting printf calls into your program on-the-fly, without
having to recompile it.
In its most basic form, the output goes to the GDB console. However,
you can set the variable dprintf-style for alternate handling.
For instance, you can ask to format the output by calling your
program's printf function. This has the advantage that the
characters go to the program's output device, so they can recorded in
redirects to files and so forth.
If you are doing remote debugging with a stub or agent, you can also ask to have the printf handled by the remote agent. In addition to ensuring that the output goes to the remote program's device along with any other output the program might produce, you can also ask that the dprintf remain active even after disconnecting from the remote target. Using the stub/agent is also more efficient, as it can do everything without needing to communicate with gdb.
dprintf location,template,expression[,expression...]set dprintf-style stylegdbprintf command.
callprintf).
agentgdbserver) handle
the output itself. This style is only available for agents that
support running commands on the target.
set dprintf-function functioncall. By
default its value is printf. You may set it to any expression.
that gdb can evaluate to a function, as per the call
command.
set dprintf-channel channeldprintf-function, in the manner of
fprintf and similar functions. Otherwise, the dprintf format
string will be the first argument, in the manner of printf.
As an example, if you wanted dprintf output to go to a logfile
that is a standard I/O stream assigned to the variable mylog,
you could do the following:
(gdb) set dprintf-style call
(gdb) set dprintf-function fprintf
(gdb) set dprintf-channel mylog
(gdb) dprintf 25,"at line 25, glob=%d\n",glob
Dprintf 1 at 0x123456: file main.c, line 25.
(gdb) info break
1 dprintf keep y 0x00123456 in main at main.c:25
call (void) fprintf (mylog,"at line 25, glob=%d\n",glob)
continue
(gdb)
Note that the info break displays the dynamic printf commands
as normal breakpoint commands; you can thus easily see the effect of
the variable settings.
set disconnected-dprintf onset disconnected-dprintf offdprintf commands should continue to run if
gdb has disconnected from the target. This only applies
if the dprintf-style is agent.
show disconnected-dprintf offdprintf.
gdb does not check the validity of function and channel, relying on you to supply values that are meaningful for the contexts in which they are being used. For instance, the function and channel may be the values of local variables, but if that is the case, then all enabled dynamic prints must be at locations within the scope of those locals. If evaluation fails, gdb will report an error.
To save breakpoint definitions to a file use the save breakpoints command.
save breakpoints [filename]source command (see Command Files). Note that watchpoints
with expressions involving local variables may fail to be recreated
because it may not be possible to access the context where the
watchpoint is valid anymore. Because the saved breakpoint definitions
are simply a sequence of gdb commands that recreate the
breakpoints, you can edit the file in your favorite editing program,
and remove the breakpoint definitions you're not interested in, or
that can no longer be recreated.
gdb supports SDT probes in the code. SDT stands for Statically Defined Tracing, and the probes are designed to have a tiny runtime code and data footprint, and no dynamic relocations.
Currently, the following types of probes are supported on ELF-compatible systems:
SystemTap (http://sourceware.org/systemtap/)
SDT probes4. SystemTap probes are usable
from assembly, C and C++ languages5.
DTrace (http://oss.oracle.com/projects/DTrace)
USDT probes. DTrace probes are usable from C and
C++ languages.
Some SystemTap probes have an associated semaphore variable;
for instance, this happens automatically if you defined your probe
using a DTrace-style .d file. If your probe has a semaphore,
gdb will automatically enable it when you specify a
breakpoint using the ‘-probe-stap’ notation. But, if you put a
breakpoint at a probe's location by some other method (e.g.,
break file:line), then gdb will not automatically set
the semaphore. DTrace probes do not support semaphores.
You can examine the available static static probes using info
probes, with optional arguments:
info probes [type] [provider [name [objfile]]]stap for listing
SystemTap probes or dtrace for listing DTrace
probes. If omitted all probes are listed regardless of their types.
If given, provider is a regular expression used to match against provider names when selecting which probes to list. If omitted, probes by all probes from all providers are listed.
If given, name is a regular expression to match against probe names when selecting which probes to list. If omitted, probe names are not considered when deciding whether to display them.
If given, objfile is a regular expression used to select which
object files (executable or shared libraries) to examine. If not
given, all object files are considered.
info probes allSome probe points can be enabled and/or disabled. The effect of
enabling or disabling a probe depends on the type of probe being
handled. Some DTrace probes can be enabled or
disabled, but SystemTap probes cannot be disabled.
You can enable (or disable) one or more probes using the following commands, with optional arguments:
enable probes [provider [name [objfile]]]If given, name is a regular expression to match against probe names when selecting which probes to enable. If omitted, probe names are not considered when deciding whether to enable them.
If given, objfile is a regular expression used to select which object files (executable or shared libraries) to examine. If not given, all object files are considered.
disable probes [provider [name [objfile]]]enable probes command above for a description of the
optional arguments accepted by this command.
A probe may specify up to twelve arguments. These are available at the
point at which the probe is defined—that is, when the current PC is
at the probe's location. The arguments are available using the
convenience variables (see Convenience Vars)
$_probe_arg0...$_probe_arg11. In SystemTap
probes each probe argument is an integer of the appropriate size;
types are not preserved. In DTrace probes types are preserved
provided that they are recognized as such by gdb; otherwise
the value of the probe argument will be a long integer. The
convenience variable $_probe_argc holds the number of arguments
at the current probe point.
These variables are always available, but attempts to access them at any location other than a probe point will cause gdb to give an error message.
If you request too many active hardware-assisted breakpoints and watchpoints, you will see this error message:
Stopped; cannot insert breakpoints.
You may have requested too many hardware breakpoints and watchpoints.
This message is printed when you attempt to resume the program, since only then gdb knows exactly how many hardware breakpoints and watchpoints it needs to insert.
When this message is printed, you need to disable or remove some of the hardware-assisted breakpoints and watchpoints, and then continue.
Some processor architectures place constraints on the addresses at which breakpoints may be placed. For architectures thus constrained, gdb will attempt to adjust the breakpoint's address to comply with the constraints dictated by the architecture.
One example of such an architecture is the Fujitsu FR-V. The FR-V is a VLIW architecture in which a number of RISC-like instructions may be bundled together for parallel execution. The FR-V architecture constrains the location of a breakpoint instruction within such a bundle to the instruction with the lowest address. gdb honors this constraint by adjusting a breakpoint's address to the first in the bundle.
It is not uncommon for optimized code to have bundles which contain instructions from different source statements, thus it may happen that a breakpoint's address will be adjusted from one source statement to another. Since this adjustment may significantly alter gdb's breakpoint related behavior from what the user expects, a warning is printed when the breakpoint is first set and also when the breakpoint is hit.
A warning like the one below is printed when setting a breakpoint that's been subject to address adjustment:
warning: Breakpoint address adjusted from 0x00010414 to 0x00010410.
Such warnings are printed both for user settable and gdb's internal breakpoints. If you see one of these warnings, you should verify that a breakpoint set at the adjusted address will have the desired affect. If not, the breakpoint in question may be removed and other breakpoints may be set which will have the desired behavior. E.g., it may be sufficient to place the breakpoint at a later instruction. A conditional breakpoint may also be useful in some cases to prevent the breakpoint from triggering too often.
gdb will also issue a warning when stopping at one of these adjusted breakpoints:
warning: Breakpoint 1 address previously adjusted from 0x00010414
to 0x00010410.
When this warning is encountered, it may be too late to take remedial action except in cases where the breakpoint is hit earlier or more frequently than expected.
Continuing means resuming program execution until your program
completes normally. In contrast, stepping means executing just
one more “step” of your program, where “step” may mean either one
line of source code, or one machine instruction (depending on what
particular command you use). Either when continuing or when stepping,
your program may stop even sooner, due to a breakpoint or a signal. (If
it stops due to a signal, you may want to use handle, or use
‘signal 0’ to resume execution (see Signals),
or you may step into the signal's handler (see stepping and signal handlers).)
continue [ignore-count]c [ignore-count]fg [ignore-count]ignore (see Break Conditions).
The argument ignore-count is meaningful only when your program
stopped due to a breakpoint. At other times, the argument to
continue is ignored.
The synonyms c and fg (for foreground, as the
debugged program is deemed to be the foreground program) are provided
purely for convenience, and have exactly the same behavior as
continue.
To resume execution at a different place, you can use return
(see Returning from a Function) to go back to the
calling function; or jump (see Continuing at a Different Address) to go to an arbitrary location in your program.
A typical technique for using stepping is to set a breakpoint (see Breakpoints; Watchpoints; and Catchpoints) at the beginning of the function or the section of your program where a problem is believed to lie, run your program until it stops at that breakpoint, and then step through the suspect area, examining the variables that are interesting, until you see the problem happen.
steps.
Warning: If you use thestepcommand while control is within a function that was compiled without debugging information, execution proceeds until control reaches a function that does have debugging information. Likewise, it will not step into a function which is compiled without debugging information. To step through functions without debugging information, use thestepicommand, described below.
The step command only stops at the first instruction of a source
line. This prevents the multiple stops that could otherwise occur in
switch statements, for loops, etc. step continues
to stop if a function that has debugging information is called within
the line. In other words, step steps inside any functions
called within the line.
Also, the step command only enters a function if there is line
number information for the function. Otherwise it acts like the
next command. This avoids problems when using cc -gl
on MIPS machines. Previously, step entered subroutines if there
was any debugging information about the routine.
step countstep, but do so count times. If a
breakpoint is reached, or a signal not related to stepping occurs before
count steps, stepping stops right away.
next [count]step, but function calls that appear within
the line of code are executed without stopping. Execution stops when
control reaches a different line of code at the original stack level
that was executing when you gave the next command. This command
is abbreviated n.
An argument count is a repeat count, as for step.
The next command only stops at the first instruction of a
source line. This prevents multiple stops that could otherwise occur in
switch statements, for loops, etc.
set step-modeset step-mode onset step-mode on command causes the step command to
stop at the first instruction of a function which contains no debug line
information rather than stepping over it.
This is useful in cases where you may be interested in inspecting the
machine instructions of a function which has no symbolic info and do not
want gdb to automatically skip over this function.
set step-mode offstep command to step over any functions which contains no
debug information. This is the default.
show step-modefinishfin.
Contrast this with the return command (see Returning from a Function).
untilunext
command, except that when until encounters a jump, it
automatically continues execution until the program counter is greater
than the address of the jump.
This means that when you reach the end of a loop after single stepping
though it, until makes your program continue execution until it
exits the loop. In contrast, a next command at the end of a loop
simply steps back to the beginning of the loop, which forces you to step
through the next iteration.
until always stops your program if it attempts to exit the current
stack frame.
until may produce somewhat counterintuitive results if the order
of machine code does not match the order of the source lines. For
example, in the following excerpt from a debugging session, the f
(frame) command shows that execution is stopped at line
206; yet when we use until, we get to line 195:
(gdb) f
#0 main (argc=4, argv=0xf7fffae8) at m4.c:206
206 expand_input();
(gdb) until
195 for ( ; argc > 0; NEXTARG) {
This happened because, for execution efficiency, the compiler had
generated code for the loop closure test at the end, rather than the
start, of the loop—even though the test in a C for-loop is
written before the body of the loop. The until command appeared
to step back to the beginning of the loop when it advanced to this
expression; however, it has not really gone to an earlier
statement—not in terms of the actual machine code.
until with no argument works by means of single
instruction stepping, and hence is slower than until with an
argument.
until locationu locationuntil without an argument. The specified
location is actually reached only if it is in the current frame. This
implies that until can be used to skip over recursive function
invocations. For instance in the code below, if the current location is
line 96, issuing until 99 will execute the program up to
line 99 in the same invocation of factorial, i.e., after the inner
invocations have returned.
94 int factorial (int value)
95 {
96 if (value > 1) {
97 value *= factorial (value - 1);
98 }
99 return (value);
100 }
advance locationuntil, but advance will
not skip over recursive function calls, and the target location doesn't
have to be in the same frame as the current one.
stepistepi argsiIt is often useful to do ‘display/i $pc’ when stepping by machine instructions. This makes gdb automatically display the next instruction to be executed, each time your program stops. See Automatic Display.
An argument is a repeat count, as in step.
nextinexti argniAn argument is a repeat count, as in next.
By default, and if available, gdb makes use of
target-assisted range stepping. In other words, whenever you
use a stepping command (e.g., step, next), gdb
tells the target to step the corresponding range of instruction
addresses instead of issuing multiple single-steps. This speeds up
line stepping, particularly for remote targets. Ideally, there should
be no reason you would want to turn range stepping off. However, it's
possible that a bug in the debug info, a bug in the remote stub (for
remote targets), or even a bug in gdb could make line
stepping behave incorrectly when target-assisted range stepping is
enabled. You can use the following command to turn off range stepping
if necessary:
set range-steppingshow range-steppingIf on, and the target supports it, gdb tells the
target to step a range of addresses itself, instead of issuing
multiple single-steps. If off, gdb always issues
single-steps, even if range stepping is supported by the target. The
default is on.
The program you are debugging may contain some functions which are
uninteresting to debug. The skip comand lets you tell gdb to
skip a function or all functions in a file when stepping.
For example, consider the following C function:
101 int func()
102 {
103 foo(boring());
104 bar(boring());
105 }
Suppose you wish to step into the functions foo and bar, but you
are not interested in stepping through boring. If you run step
at line 103, you'll enter boring(), but if you run next, you'll
step over both foo and boring!
One solution is to step into boring and use the finish
command to immediately exit it. But this can become tedious if boring
is called from many places.
A more flexible solution is to execute skip boring. This instructs
gdb never to step into boring. Now when you execute
step at line 103, you'll step over boring and directly into
foo.
You can also instruct gdb to skip all functions in a file, with, for
example, skip file boring.c.
skip [linespec]skip function [linespec]If you do not specify linespec, the function you're currently debugging will be skipped.
(If you have a function called file that you want to skip, use
skip function file.)
skip file [filename]If you do not specify filename, functions whose source lives in the file you're currently debugging will be skipped.
Skips can be listed, deleted, disabled, and enabled, much like breakpoints. These are the commands for managing your list of skips:
info skip [range]info skip prints the following information about each skip:
info skip will show the function's
address here.
skip delete [range]skip enable [range]skip disable [range]
A signal is an asynchronous event that can happen in a program. The
operating system defines the possible kinds of signals, and gives each
kind a name and a number. For example, in Unix SIGINT is the
signal a program gets when you type an interrupt character (often Ctrl-c);
SIGSEGV is the signal a program gets from referencing a place in
memory far away from all the areas in use; SIGALRM occurs when
the alarm clock timer goes off (which happens only if your program has
requested an alarm).
Some signals, including SIGALRM, are a normal part of the
functioning of your program. Others, such as SIGSEGV, indicate
errors; these signals are fatal (they kill your program immediately) if the
program has not specified in advance some other way to handle the signal.
SIGINT does not indicate an error in your program, but it is normally
fatal so it can carry out the purpose of the interrupt: to kill the program.
gdb has the ability to detect any occurrence of a signal in your program. You can tell gdb in advance what to do for each kind of signal.
Normally, gdb is set up to let the non-erroneous signals like
SIGALRM be silently passed to your program
(so as not to interfere with their role in the program's functioning)
but to stop your program immediately whenever an error signal happens.
You can change these settings with the handle command.
info signalsinfo handleinfo signals siginfo handle is an alias for info signals.
catch signal [signal... | ‘all’]handle signal [keywords...]The keywords allowed by the handle command can be abbreviated.
Their full names are:
nostopstopprint keyword as well.
printnoprintnostop keyword as well.
passnoignorepass and noignore are synonyms.
nopassignorenopass and ignore are synonyms.
When a signal stops your program, the signal is not visible to the
program until you
continue. Your program sees the signal then, if pass is in
effect for the signal in question at that time. In other words,
after gdb reports a signal, you can use the handle
command with pass or nopass to control whether your
program sees that signal when you continue.
The default is set to nostop, noprint, pass for
non-erroneous signals such as SIGALRM, SIGWINCH and
SIGCHLD, and to stop, print, pass for the
erroneous signals.
You can also use the signal command to prevent your program from
seeing a signal, or cause it to see a signal it normally would not see,
or to give it any signal at any time. For example, if your program stopped
due to some sort of memory reference error, you might store correct
values into the erroneous variables and continue, hoping to see more
execution; but your program would probably terminate immediately as
a result of the fatal signal once it saw the signal. To prevent this,
you can continue with ‘signal 0’. See Giving your Program a Signal.
gdb optimizes for stepping the mainline code. If a signal
that has handle nostop and handle pass set arrives while
a stepping command (e.g., stepi, step, next) is
in progress, gdb lets the signal handler run and then resumes
stepping the mainline code once the signal handler returns. In other
words, gdb steps over the signal handler. This prevents
signals that you've specified as not interesting (with handle
nostop) from changing the focus of debugging unexpectedly. Note that
the signal handler itself may still hit a breakpoint, stop for another
signal that has handle stop in effect, or for any other event
that normally results in stopping the stepping command sooner. Also
note that gdb still informs you that the program received a
signal if handle print is set.
If you set handle pass for a signal, and your program sets up a
handler for it, then issuing a stepping command, such as step
or stepi, when your program is stopped due to the signal will
step into the signal handler (if the target supports that).
Likewise, if you use the queue-signal command to queue a signal
to be delivered to the current thread when execution of the thread
resumes (see Giving your Program a Signal), then a
stepping command will step into the signal handler.
Here's an example, using stepi to step to the first instruction
of SIGUSR1's handler:
(gdb) handle SIGUSR1
Signal Stop Print Pass to program Description
SIGUSR1 Yes Yes Yes User defined signal 1
(gdb) c
Continuing.
Program received signal SIGUSR1, User defined signal 1.
main () sigusr1.c:28
28 p = 0;
(gdb) si
sigusr1_handler () at sigusr1.c:9
9 {
The same, but using queue-signal instead of waiting for the
program to receive the signal first:
(gdb) n
28 p = 0;
(gdb) queue-signal SIGUSR1
(gdb) si
sigusr1_handler () at sigusr1.c:9
9 {
(gdb)
On some targets, gdb can inspect extra signal information
associated with the intercepted signal, before it is actually
delivered to the program being debugged. This information is exported
by the convenience variable $_siginfo, and consists of data
that is passed by the kernel to the signal handler at the time of the
receipt of a signal. The data type of the information itself is
target dependent. You can see the data type using the ptype
$_siginfo command. On Unix systems, it typically corresponds to the
standard siginfo_t type, as defined in the signal.h
system header.
Here's an example, on a gnu/Linux system, printing the stray referenced address that raised a segmentation fault.
(gdb) continue
Program received signal SIGSEGV, Segmentation fault.
0x0000000000400766 in main ()
69 *(int *)p = 0;
(gdb) ptype $_siginfo
type = struct {
int si_signo;
int si_errno;
int si_code;
union {
int _pad[28];
struct {...} _kill;
struct {...} _timer;
struct {...} _rt;
struct {...} _sigchld;
struct {...} _sigfault;
struct {...} _sigpoll;
} _sifields;
}
(gdb) ptype $_siginfo._sifields._sigfault
type = struct {
void *si_addr;
}
(gdb) p $_siginfo._sifields._sigfault.si_addr
$1 = (void *) 0x7ffff7ff7000
Depending on target support, $_siginfo may also be writable.
gdb supports debugging programs with multiple threads (see Debugging Programs with Multiple Threads). There are two modes of controlling execution of your program within the debugger. In the default mode, referred to as all-stop mode, when any thread in your program stops (for example, at a breakpoint or while being stepped), all other threads in the program are also stopped by gdb. On some targets, gdb also supports non-stop mode, in which other threads can continue to run freely while you examine the stopped thread in the debugger.
In all-stop mode, whenever your program stops under gdb for any reason, all threads of execution stop, not just the current thread. This allows you to examine the overall state of the program, including switching between threads, without worrying that things may change underfoot.
Conversely, whenever you restart the program, all threads start
executing. This is true even when single-stepping with commands
like step or next.
In particular, gdb cannot single-step all threads in lockstep. Since thread scheduling is up to your debugging target's operating system (not controlled by gdb), other threads may execute more than one statement while the current thread completes a single step. Moreover, in general other threads stop in the middle of a statement, rather than at a clean statement boundary, when the program stops.
You might even find your program stopped in another thread after continuing or even single-stepping. This happens whenever some other thread runs into a breakpoint, a signal, or an exception before the first thread completes whatever you requested.
Whenever gdb stops your program, due to a breakpoint or a signal, it automatically selects the thread where that breakpoint or signal happened. gdb alerts you to the context switch with a message such as ‘[Switching to Thread n]’ to identify the thread.
On some OSes, you can modify gdb's default behavior by locking the OS scheduler to allow only a single thread to run.
set scheduler-locking modeoff, then there is no
locking and any thread may run at any time. If on, then only the
current thread may run when the inferior is resumed. The step
mode optimizes for single-stepping; it prevents other threads
from preempting the current thread while you are stepping, so that
the focus of debugging does not change unexpectedly.
Other threads never get a chance to run when you step, and they are
completely free to run when you use commands
like ‘continue’, ‘until’, or ‘finish’. However, unless another
thread hits a breakpoint during its timeslice, gdb does not change
the current thread away from the thread that you are debugging.
show scheduler-lockingBy default, when you issue one of the execution commands such as
continue, next or step, gdb allows only
threads of the current inferior to run. For example, if gdb
is attached to two inferiors, each with two threads, the
continue command resumes only the two threads of the current
inferior. This is useful, for example, when you debug a program that
forks and you want to hold the parent stopped (so that, for instance,
it doesn't run to exit), while you debug the child. In other
situations, you may not be interested in inspecting the current state
of any of the processes gdb is attached to, and you may want
to resume them all until some breakpoint is hit. In the latter case,
you can instruct gdb to allow all threads of all the
inferiors to run with the set schedule-multiple command.
set schedule-multipleon, all threads of
all processes are allowed to run. When off, only the threads
of the current process are resumed. The default is off. The
scheduler-locking mode takes precedence when set to on,
or while you are stepping and set to step.
show schedule-multipleFor some multi-threaded targets, gdb supports an optional mode of operation in which you can examine stopped program threads in the debugger while other threads continue to execute freely. This minimizes intrusion when debugging live systems, such as programs where some threads have real-time constraints or must continue to respond to external events. This is referred to as non-stop mode.
In non-stop mode, when a thread stops to report a debugging event,
only that thread is stopped; gdb does not stop other
threads as well, in contrast to the all-stop mode behavior. Additionally,
execution commands such as continue and step apply by default
only to the current thread in non-stop mode, rather than all threads as
in all-stop mode. This allows you to control threads explicitly in
ways that are not possible in all-stop mode — for example, stepping
one thread while allowing others to run freely, stepping
one thread while holding all others stopped, or stepping several threads
independently and simultaneously.
To enter non-stop mode, use this sequence of commands before you run or attach to your program:
# If using the CLI, pagination breaks non-stop.
set pagination off
# Finally, turn it on!
set non-stop on
You can use these commands to manipulate the non-stop mode setting:
set non-stop onset non-stop offshow non-stopNote these commands only reflect whether non-stop mode is enabled,
not whether the currently-executing program is being run in non-stop mode.
In particular, the set non-stop preference is only consulted when
gdb starts or connects to the target program, and it is generally
not possible to switch modes once debugging has started. Furthermore,
since not all targets support non-stop mode, even when you have enabled
non-stop mode, gdb may still fall back to all-stop operation by
default.
In non-stop mode, all execution commands apply only to the current thread
by default. That is, continue only continues one thread.
To continue all threads, issue continue -a or c -a.
You can use gdb's background execution commands (see Background Execution) to run some threads in the background while you continue to examine or step others from gdb. The MI execution commands (see GDB/MI Program Execution) are always executed asynchronously in non-stop mode.
Suspending execution is done with the interrupt command when
running in the background, or Ctrl-c during foreground execution.
In all-stop mode, this stops the whole process;
but in non-stop mode the interrupt applies only to the current thread.
To stop the whole program, use interrupt -a.
Other execution commands do not currently support the -a option.
In non-stop mode, when a thread stops, gdb doesn't automatically make that thread current, as it does in all-stop mode. This is because the thread stop notifications are asynchronous with respect to gdb's command interpreter, and it would be confusing if gdb unexpectedly changed to a different thread just as you entered a command to operate on the previously current thread.
gdb's execution commands have two variants: the normal foreground (synchronous) behavior, and a background (asynchronous) behavior. In foreground execution, gdb waits for the program to report that some thread has stopped before prompting for another command. In background execution, gdb immediately gives a command prompt so that you can issue other commands while your program runs.
If the target doesn't support async mode, gdb issues an error message if you attempt to use the background execution commands.
To specify background execution, add a & to the command. For example,
the background form of the continue command is continue&, or
just c&. The execution commands that accept background execution
are:
runattachstepstepinextnexticontinuefinishuntilBackground execution is especially useful in conjunction with non-stop
mode for debugging programs with multiple threads; see Non-Stop Mode.
However, you can also use these commands in the normal all-stop mode with
the restriction that you cannot issue another execution command until the
previous one finishes. Examples of commands that are valid in all-stop
mode while the program is running include help and info break.
You can interrupt your program while it is running in the background by
using the interrupt command.
interruptinterrupt -ainterrupt stops the whole process, but in non-stop mode, it stops
only the current thread. To stop the whole program in non-stop mode,
use interrupt -a.
When your program has multiple threads (see Debugging Programs with Multiple Threads), you can choose whether to set breakpoints on all threads, or on a particular thread.
break linespec thread threadnobreak linespec thread threadno if ...Use the qualifier ‘thread threadno’ with a breakpoint command to specify that you only want gdb to stop the program when a particular thread reaches this breakpoint. The threadno specifier is one of the numeric thread identifiers assigned by gdb, shown in the first column of the ‘info threads’ display.
If you do not specify ‘thread threadno’ when you set a breakpoint, the breakpoint applies to all threads of your program.
You can use the thread qualifier on conditional breakpoints as
well; in this case, place ‘thread threadno’ before or
after the breakpoint condition, like this:
(gdb) break frik.c:13 thread 28 if bartab > lim
Thread-specific breakpoints are automatically deleted when gdb detects the corresponding thread is no longer in the thread list. For example:
(gdb) c
Thread-specific breakpoint 3 deleted - thread 28 no longer in the thread list.
There are several ways for a thread to disappear, such as a regular
thread exit, but also when you detach from the process with the
detach command (see Debugging an Already-running Process), or if gdb loses the remote connection
(see Remote Debugging), etc. Note that with some targets,
gdb is only able to detect a thread has exited when the user
explictly asks for the thread list with the info threads
command.
There is an unfortunate side effect when using gdb to debug multi-threaded programs. If one thread stops for a breakpoint, or for some other reason, and another thread is blocked in a system call, then the system call may return prematurely. This is a consequence of the interaction between multiple threads and the signals that gdb uses to implement breakpoints and other events that stop execution.
To handle this problem, your program should check the return value of each system call and react appropriately. This is good programming style anyways.
For example, do not write code like this:
sleep (10);
The call to sleep will return early if a different thread stops
at a breakpoint or for some other reason.
Instead, write this:
int unslept = 10;
while (unslept > 0)
unslept = sleep (unslept);
A system call is allowed to return early, so the system is still conforming to its specification. But gdb does cause your multi-threaded program to behave differently than it would without gdb.
Also, gdb uses internal breakpoints in the thread library to monitor certain events such as thread creation and thread destruction. When such an event happens, a system call in another thread may return prematurely, even though your program does not appear to stop.
If you want to build on non-stop mode and observe program behavior without any chance of disruption by gdb, you can set variables to disable all of the debugger's attempts to modify state, whether by writing memory, inserting breakpoints, etc. These operate at a low level, intercepting operations from all commands.
When all of these are set to off, then gdb is said to
be observer mode. As a convenience, the variable
observer can be set to disable these, plus enable non-stop
mode.
Note that gdb will not prevent you from making nonsensical
combinations of these settings. For instance, if you have enabled
may-insert-breakpoints but disabled may-write-memory,
then breakpoints that work by writing trap instructions into the code
stream will still not be able to be placed.
set observer onset observer offon, this disables all the permission variables
below (except for insert-fast-tracepoints), plus enables
non-stop debugging. Setting this to off switches back to
normal debugging, though remaining in non-stop mode.
show observerset may-write-registers onset may-write-registers offprint, or the
jump command. It defaults to on.
show may-write-registersset may-write-memory onset may-write-memory offprint. It
defaults to on.
show may-write-memoryset may-insert-breakpoints onset may-insert-breakpoints offon.
show may-insert-breakpointsset may-insert-tracepoints onset may-insert-tracepoints offmay-insert-fast-tracepoints. It defaults to on.
show may-insert-tracepointsset may-insert-fast-tracepoints onset may-insert-fast-tracepoints offmay-insert-tracepoints. It defaults to on.
show may-insert-fast-tracepointsset may-interrupt onset may-interrupt offoff, the
interrupt command will have no effect, nor will
Ctrl-c. It defaults to on.
show may-interruptWhen you are debugging a program, it is not unusual to realize that you have gone too far, and some event of interest has already happened. If the target environment supports it, gdb can allow you to “rewind” the program by running it backward.
A target environment that supports reverse execution should be able to “undo” the changes in machine state that have taken place as the program was executing normally. Variables, registers etc. should revert to their previous values. Obviously this requires a great deal of sophistication on the part of the target environment; not all target environments can support reverse execution.
When a program is executed in reverse, the instructions that have most recently been executed are “un-executed”, in reverse order. The program counter runs backward, following the previous thread of execution in reverse. As each instruction is “un-executed”, the values of memory and/or registers that were changed by that instruction are reverted to their previous states. After executing a piece of source code in reverse, all side effects of that code should be “undone”, and all variables should be returned to their prior values6.
If you are debugging in a target environment that supports reverse execution, gdb provides the following commands.
reverse-continue [ignore-count]rc [ignore-count]reverse-step [count]Like the step command, reverse-step will only stop
at the beginning of a source line. It “un-executes” the previously
executed source line. If the previous source line included calls to
debuggable functions, reverse-step will step (backward) into
the called function, stopping at the beginning of the last
statement in the called function (typically a return statement).
Also, as with the step command, if non-debuggable functions are
called, reverse-step will run thru them backward without stopping.
reverse-stepi [count]reverse-stepi will take you
back from the destination of the jump to the jump instruction itself.
reverse-next [count]reverse-next will take you back
to the caller of that function, before the function was called,
just as the normal next command would take you from the last
line of a function back to its return to its caller
7.
reverse-nexti [count]nexti, reverse-nexti executes a single instruction
in reverse, except that called functions are “un-executed” atomically.
That is, if the previously executed instruction was a return from
another function, reverse-nexti will continue to execute
in reverse until the call to that function (from the current stack
frame) is reached.
reverse-finishfinish command takes you to the point where the
current function returns, reverse-finish takes you to the point
where it was called. Instead of ending up at the end of the current
function invocation, you end up at the beginning.
set exec-directionset exec-direction reversestep, stepi, next, nexti, continue, and finish. The return
command cannot be used in reverse mode.
set exec-direction forwardOn some platforms, gdb provides a special process record and replay target that can record a log of the process execution, and replay it later with both forward and reverse execution commands.
When this target is in use, if the execution log includes the record for the next instruction, gdb will debug in replay mode. In the replay mode, the inferior does not really execute code instructions. Instead, all the events that normally happen during code execution are taken from the execution log. While code is not really executed in replay mode, the values of registers (including the program counter register) and the memory of the inferior are still changed as they normally would. Their contents are taken from the execution log.
If the record for the next instruction is not in the execution log, gdb will debug in record mode. In this mode, the inferior executes normally, and gdb records the execution log for future replay.
The process record and replay target supports reverse execution (see Reverse Execution), even if the platform on which the inferior runs does not. However, the reverse execution is limited in this case by the range of the instructions recorded in the execution log. In other words, reverse execution on platforms that don't support it directly can only be done in the replay mode.
When debugging in the reverse direction, gdb will work in replay mode as long as the execution log includes the record for the previous instruction; otherwise, it will work in record mode, if the platform supports reverse execution, or stop if not.
For architecture environments that support process record and replay, gdb provides the following commands:
record methodfull recording method. The following
recording methods are available:
fullbtrace formatThe recording format can be specified as parameter. Without a parameter the command chooses the recording format. The following recording formats are available:
btsptThe trace can be recorded with very low overhead. The compressed trace format also allows small trace buffers to already contain a big number of instructions compared to BTS.
Decoding the recorded execution trace, on the other hand, is more expensive than decoding BTS trace. This is mostly due to the increased number of instructions to process. You should increase the buffer-size with care.
Not all recording formats may be available on all processors.
The process record and replay target can only debug a process that is already running. Therefore, you need first to start the process with the run or start commands, and then start the recording with the record method command.
Displaced stepping (see displaced stepping) will be automatically disabled when process record and replay target is started. That's because the process record and replay target doesn't support displaced stepping.
If the inferior is in the non-stop mode (see Non-Stop Mode) or in
the asynchronous execution mode (see Background Execution), not
all recording methods are available. The full recording method
does not support these two modes.
record stopWhen you stop the process record and replay target in record mode (at the end of the execution log), the inferior will be stopped at the next instruction that would have been recorded. In other words, if you record for a while and then stop recording, the inferior process will be left in the same state as if the recording never happened.
On the other hand, if the process record and replay target is stopped while in replay mode (that is, not at the end of the execution log, but at some earlier point), the inferior process will become “live” at that earlier state, and it will then be possible to continue the usual “live” debugging of the process from that state.
When the inferior process exits, or gdb detaches from it, process record and replay target will automatically stop itself.
record gotorecord goto beginrecord goto startrecord goto endrecord goto nrecord save filenameThis command may not be available for all recording methods.
record restore filenamerecord save.
set record full insn-number-max limitset record full insn-number-max unlimitedfull
recording method. Default value is 200000.
If limit is a positive number, then gdb will start
deleting instructions from the log once the number of the record
instructions becomes greater than limit. For every new recorded
instruction, gdb will delete the earliest recorded
instruction to keep the number of recorded instructions at the limit.
(Since deleting recorded instructions loses information, gdb
lets you control what happens when the limit is reached, by means of
the stop-at-limit option, described below.)
If limit is unlimited or zero, gdb will never
delete recorded instructions from the execution log. The number of
recorded instructions is limited only by the available memory.
show record full insn-number-maxfull
recording method.
set record full stop-at-limitfull recording method when the
number of recorded instructions reaches the limit. If ON (the
default), gdb will stop when the limit is reached for the
first time and ask you whether you want to stop the inferior or
continue running it and recording the execution log. If you decide
to continue recording, each new recorded instruction will cause the
oldest one to be deleted.
If this option is OFF, gdb will automatically delete the
oldest record to make room for each new one, without asking.
show record full stop-at-limitstop-at-limit.
set record full memory-queryfull recording method.
If ON, gdb will query whether to stop the inferior in that
case.
If this option is OFF (the default), gdb will automatically
ignore the effect of such instructions on memory. Later, when
gdb replays this execution log, it will mark the log of this
instruction as not accessible, and it will not affect the replay
results.
show record full memory-querymemory-query.
The btrace record target does not trace data. As a
convenience, when replaying, gdb reads read-only memory off
the live program directly, assuming that the addresses of the
read-only areas don't change. This for example makes it possible to
disassemble code while replaying, but not to print variables.
In some cases, being able to inspect variables might be useful.
You can use the following command for that:
set record btrace replay-memory-accessbtrace recording method when
accessing memory during replay. If read-only (the default),
gdb will only allow accesses to read-only memory.
If read-write, gdb will allow accesses to read-only
and to read-write memory. Beware that the accessed memory corresponds
to the live target and not necessarily to the current replay
position.
show record btrace replay-memory-accessreplay-memory-access.
set record btrace bts buffer-size sizeset record btrace bts buffer-size unlimitedIf size is a positive number, then gdb will try to
allocate a buffer of at least size bytes for each new thread
that uses the btrace recording method and the BTS format.
The actually obtained buffer size may differ from the requested
size. Use the info record command to see the actual
buffer size for each thread that uses the btrace recording method and
the BTS format.
If limit is unlimited or zero, gdb will try to
allocate a buffer of 4MB.
Bigger buffers mean longer traces. On the other hand, gdb will
also need longer to process the branch trace data before it can be used.
show record btrace bts buffer-size sizeset record btrace pt buffer-size sizeset record btrace pt buffer-size unlimitedIf size is a positive number, then gdb will try to
allocate a buffer of at least size bytes for each new thread
that uses the btrace recording method and the Intel(R) Processor Trace
format. The actually obtained buffer size may differ from the
requested size. Use the info record command to see the
actual buffer size for each thread.
If limit is unlimited or zero, gdb will try to
allocate a buffer of 4MB.
Bigger buffers mean longer traces. On the other hand, gdb will
also need longer to process the branch trace data before it can be used.
show record btrace pt buffer-size sizeinfo recordfullfull recording method, it shows the state of process
record and its in-memory execution log buffer, including:
btracebtrace recording method, it shows:
For the bts recording format, it also shows:
For the pt recording format, it also shows:
record deleterecord instruction-historyset record instruction-history-size command. Instructions
are printed in execution order. There are several ways to specify
what part of the execution log to disassemble:
record instruction-history insnrecord instruction-history insn, +/-n+, disassembles
n instructions after instruction number insn. If
n is preceded with -, disassembles n
instructions before instruction number insn.
record instruction-historyrecord instruction-history -record instruction-history begin endThis command may not be available for all recording methods.
set record instruction-history-size sizeset record instruction-history-size unlimitedrecord
instruction-history command. The default value is 10.
A size of unlimited means unlimited instructions.
show record instruction-history-sizerecord
instruction-history command.
record function-call-history/l modifier is
specified), and the instructions numbers that form the sequence (if
the /i modifier is specified). The function names are indented
to reflect the call stack depth if the /c modifier is
specified. The /l, /i, and /c modifiers can be
given together.
(gdb) list 1, 10
1 void foo (void)
2 {
3 }
4
5 void bar (void)
6 {
7 ...
8 foo ();
9 ...
10 }
(gdb) record function-call-history /ilc
1 bar inst 1,4 at foo.c:6,8
2 foo inst 5,10 at foo.c:2,3
3 bar inst 11,13 at foo.c:9,10
By default, ten lines are printed. This can be changed using the
set record function-call-history-size command. Functions are
printed in execution order. There are several ways to specify what
to print:
record function-call-history funcrecord function-call-history func, +/-n+, prints n functions after
function number func. If n is preceded with -,
prints n functions before function number func.
record function-call-historyrecord function-call-history -record function-call-history begin endThis command may not be available for all recording methods.
set record function-call-history-size sizeset record function-call-history-size unlimitedrecord function-call-history command. The default value is 10.
A size of unlimited means unlimited lines.
show record function-call-history-sizerecord function-call-history command.
When your program has stopped, the first thing you need to know is where it stopped and how it got there.
Each time your program performs a function call, information about the call is generated. That information includes the location of the call in your program, the arguments of the call, and the local variables of the function being called. The information is saved in a block of data called a stack frame. The stack frames are allocated in a region of memory called the call stack.
When your program stops, the gdb commands for examining the stack allow you to see all of this information.
One of the stack frames is selected by gdb and many gdb commands refer implicitly to the selected frame. In particular, whenever you ask gdb for the value of a variable in your program, the value is found in the selected frame. There are special gdb commands to select whichever frame you are interested in. See Selecting a Frame.
When your program stops, gdb automatically selects the
currently executing frame and describes it briefly, similar to the
frame command (see Information about a Frame).
The call stack is divided up into contiguous pieces called stack frames, or frames for short; each frame is the data associated with one call to one function. The frame contains the arguments given to the function, the function's local variables, and the address at which the function is executing.
When your program is started, the stack has only one frame, that of the
function main. This is called the initial frame or the
outermost frame. Each time a function is called, a new frame is
made. Each time a function returns, the frame for that function invocation
is eliminated. If a function is recursive, there can be many frames for
the same function. The frame for the function in which execution is
actually occurring is called the innermost frame. This is the most
recently created of all the stack frames that still exist.
Inside your program, stack frames are identified by their addresses. A stack frame consists of many bytes, each of which has its own address; each kind of computer has a convention for choosing one byte whose address serves as the address of the frame. Usually this address is kept in a register called the frame pointer register (see $fp) while execution is going on in that frame.
gdb assigns numbers to all existing stack frames, starting with zero for the innermost frame, one for the frame that called it, and so on upward. These numbers do not really exist in your program; they are assigned by gdb to give you a way of designating stack frames in gdb commands.
Some compilers provide a way to compile functions so that they operate without stack frames. (For example, the gcc option
‘-fomit-frame-pointer’
generates functions without a frame.) This is occasionally done with heavily used library functions to save the frame setup time. gdb has limited facilities for dealing with these function invocations. If the innermost function invocation has no stack frame, gdb nevertheless regards it as though it had a separate frame, which is numbered zero as usual, allowing correct tracing of the function call chain. However, gdb has no provision for frameless functions elsewhere in the stack.
frame [framespec]frame command allows you to move from one stack frame to another,
and to print the stack frame you select. The framespec may be either the
address of the frame or the stack frame number. Without an argument,
frame prints the current stack frame.
select-frameselect-frame command allows you to move from one stack frame
to another without printing the frame. This is the silent version of
frame.
A backtrace is a summary of how your program got where it is. It shows one line per frame, for many frames, starting with the currently executing frame (frame zero), followed by its caller (frame one), and on up the stack.
backtracebtYou can stop the backtrace at any time by typing the system interrupt
character, normally Ctrl-c.
backtrace nbt nbacktrace -nbt -nbacktrace fullbt fullbt full nbt full -nbacktrace no-filtersbt no-filtersbt no-filters nbt no-filters -nbt no-filters fullbt no-filters full nbt no-filters full -nPython
support.
The names where and info stack (abbreviated info s)
are additional aliases for backtrace.
In a multi-threaded program, gdb by default shows the
backtrace only for the current thread. To display the backtrace for
several or all of the threads, use the command thread apply
(see thread apply). For example, if you type thread
apply all backtrace, gdb will display the backtrace for all
the threads; this is handy when you debug a core dump of a
multi-threaded program.
Each line in the backtrace shows the frame number and the function name.
The program counter value is also shown—unless you use set
print address off. The backtrace also shows the source file name and
line number, as well as the arguments to the function. The program
counter value is omitted if it is at the beginning of the code for that
line number.
Here is an example of a backtrace. It was made with the command ‘bt 3’, so it shows the innermost three frames.
#0 m4_traceon (obs=0x24eb0, argc=1, argv=0x2b8c8)
at builtin.c:993
#1 0x6e38 in expand_macro (sym=0x2b600, data=...) at macro.c:242
#2 0x6840 in expand_token (obs=0x0, t=177664, td=0xf7fffb08)
at macro.c:71
(More stack frames follow...)
The display for frame zero does not begin with a program counter
value, indicating that your program has stopped at the beginning of the
code for line 993 of builtin.c.
The value of parameter data in frame 1 has been replaced by
.... By default, gdb prints the value of a parameter
only if it is a scalar (integer, pointer, enumeration, etc). See command
set print frame-arguments in Print Settings for more details
on how to configure the way function parameter values are printed.
If your program was compiled with optimizations, some compilers will optimize away arguments passed to functions if those arguments are never used after the call. Such optimizations generate code that passes arguments through registers, but doesn't store those arguments in the stack frame. gdb has no way of displaying such arguments in stack frames other than the innermost one. Here's what such a backtrace might look like:
#0 m4_traceon (obs=0x24eb0, argc=1, argv=0x2b8c8)
at builtin.c:993
#1 0x6e38 in expand_macro (sym=<optimized out>) at macro.c:242
#2 0x6840 in expand_token (obs=0x0, t=<optimized out>, td=0xf7fffb08)
at macro.c:71
(More stack frames follow...)
The values of arguments that were not saved in their stack frames are shown as ‘<optimized out>’.
If you need to display the values of such optimized-out arguments, either deduce that from other variables whose values depend on the one you are interested in, or recompile without optimizations.
Most programs have a standard user entry point—a place where system
libraries and startup code transition into user code. For C this is
main8.
When gdb finds the entry function in a backtrace
it will terminate the backtrace, to avoid tracing into highly
system-specific (and generally uninteresting) code.
If you need to examine the startup code, or limit the number of levels in a backtrace, you can change this behavior:
set backtrace past-mainset backtrace past-main onset backtrace past-main offshow backtrace past-mainset backtrace past-entryset backtrace past-entry onmain (or equivalent) is called.
set backtrace past-entry offshow backtrace past-entryset backtrace limit nset backtrace limit 0set backtrace limit unlimitedunlimited
or zero means unlimited levels.
show backtrace limitYou can control how file names are displayed.
set filename-displayset filename-display relativeset filename-display basenameset filename-display absoluteshow filename-displayFrame filters are Python based utilities to manage and decorate the output of frames. See Frame Filter API, for further information.
Managing frame filters is performed by several commands available within gdb, detailed here.
info frame-filterdisable frame-filter filter-dictionary filter-nameall, global,
progspace, or the name of the object file where the frame filter
dictionary resides. When all is specified, all frame filters
across all dictionaries are disabled. The filter-name is the name
of the frame filter and is used when all is not the option for
filter-dictionary. A disabled frame-filter is not deleted, it
may be enabled again later.
enable frame-filter filter-dictionary filter-nameall, global,
progspace or the name of the object file where the frame filter
dictionary resides. When all is specified, all frame filters across
all dictionaries are enabled. The filter-name is the name of the frame
filter and is used when all is not the option for
filter-dictionary.
Example:
(gdb) info frame-filter
global frame-filters:
Priority Enabled Name
1000 No PrimaryFunctionFilter
100 Yes Reverse
progspace /build/test frame-filters:
Priority Enabled Name
100 Yes ProgspaceFilter
objfile /build/test frame-filters:
Priority Enabled Name
999 Yes BuildProgra Filter
(gdb) disable frame-filter /build/test BuildProgramFilter
(gdb) info frame-filter
global frame-filters:
Priority Enabled Name
1000 No PrimaryFunctionFilter
100 Yes Reverse
progspace /build/test frame-filters:
Priority Enabled Name
100 Yes ProgspaceFilter
objfile /build/test frame-filters:
Priority Enabled Name
999 No BuildProgramFilter
(gdb) enable frame-filter global PrimaryFunctionFilter
(gdb) info frame-filter
global frame-filters:
Priority Enabled Name
1000 Yes PrimaryFunctionFilter
100 Yes Reverse
progspace /build/test frame-filters:
Priority Enabled Name
100 Yes ProgspaceFilter
objfile /build/test frame-filters:
Priority Enabled Name
999 No BuildProgramFilter
set frame-filter priority filter-dictionary filter-name priorityglobal,
progspace or the name of the object file where the frame filter
dictionary resides. The priority is an integer.
show frame-filter priority filter-dictionary filter-nameglobal,
progspace or the name of the object file where the frame filter
dictionary resides.
Example:
(gdb) info frame-filter
global frame-filters:
Priority Enabled Name
1000 Yes PrimaryFunctionFilter
100 Yes Reverse
progspace /build/test frame-filters:
Priority Enabled Name
100 Yes ProgspaceFilter
objfile /build/test frame-filters:
Priority Enabled Name
999 No BuildProgramFilter
(gdb) set frame-filter priority global Reverse 50
(gdb) info frame-filter
global frame-filters:
Priority Enabled Name
1000 Yes PrimaryFunctionFilter
50 Yes Reverse
progspace /build/test frame-filters:
Priority Enabled Name
100 Yes ProgspaceFilter
objfile /build/test frame-filters:
Priority Enabled Name
999 No BuildProgramFilter
Most commands for examining the stack and other data in your program work on whichever stack frame is selected at the moment. Here are the commands for selecting a stack frame; all of them finish by printing a brief description of the stack frame just selected.
frame nf nmain.
frame stack-addr [ pc-addr ]f stack-addr [ pc-addr ]up ndown ndown as do.
All of these commands end by printing two lines of output describing the frame. The first line shows the frame number, the function name, the arguments, and the source file and line number of execution in that frame. The second line shows the text of that source line.
For example:
(gdb) up
#1 0x22f0 in main (argc=1, argv=0xf7fffbf4, env=0xf7fffbfc)
at env.c:10
10 read_input_file (argv[i]);
After such a printout, the list command with no arguments
prints ten lines centered on the point of execution in the frame.
You can also edit the program at the point of execution with your favorite
editing program by typing edit.
See Printing Source Lines,
for details.
up-silently ndown-silently nup and down,
respectively; they differ in that they do their work silently, without
causing display of the new frame. They are intended primarily for use
in gdb command scripts, where the output might be unnecessary and
distracting.
There are several other commands to print information about the selected stack frame.
frameff. With an
argument, this command is used to select a stack frame.
See Selecting a Frame.
info frameinfo fThe verbose description is useful when
something has gone wrong that has made the stack format fail to fit
the usual conventions.
info frame addrinfo f addrframe command.
See Selecting a Frame.
info argsinfo localsgdb can print parts of your program's source, since the debugging information recorded in the program tells gdb what source files were used to build it. When your program stops, gdb spontaneously prints the line where it stopped. Likewise, when you select a stack frame (see Selecting a Frame), gdb prints the line where execution in that frame has stopped. You can print other portions of source files by explicit command.
If you use gdb through its gnu Emacs interface, you may prefer to use Emacs facilities to view source; see Using gdb under gnu Emacs.
To print lines from a source file, use the list command
(abbreviated l). By default, ten lines are printed.
There are several ways to specify what part of the file you want to
print; see Specify Location, for the full list.
Here are the forms of the list command most commonly used:
list linenumlist functionlistlist command, this prints lines following the last lines
printed; however, if the last line printed was a solitary line printed
as part of displaying a stack frame (see Examining the Stack), this prints lines centered around that line.
list -By default, gdb prints ten source lines with any of these forms of
the list command. You can change this using set listsize:
set listsize countset listsize unlimitedlist command display count source lines (unless
the list argument explicitly specifies some other number).
Setting count to unlimited or 0 means there's no limit.
show listsizelist prints.
Repeating a list command with <RET> discards the argument,
so it is equivalent to typing just list. This is more useful
than listing the same lines again. An exception is made for an
argument of ‘-’; that argument is preserved in repetition so that
each repetition moves up in the source file.
In general, the list command expects you to supply zero, one or two
linespecs. Linespecs specify source lines; there are several ways
of writing them (see Specify Location), but the effect is always
to specify some source line.
Here is a complete description of the possible arguments for list:
list linespeclist first,lastlist command has two linespecs, and the
source file of the second linespec is omitted, this refers to
the same source file as the first linespec.
list ,lastlist first,list +list -listSeveral gdb commands accept arguments that specify a location of your program's code. Since gdb is a source-level debugger, a location usually specifies some line in the source code; for that reason, locations are also known as linespecs.
Here are all the different ways of specifying a code location that gdb understands:
-offset+offsetlist command, the current line is the last one
printed; for the breakpoint commands, this is the line at which
execution stopped in the currently selected stack frame
(see Frames, for a description of stack frames.) When
used as the second of the two linespecs in a list command,
this specifies the line offset lines up or down from the first
linespec.
:linenum:label:function*addresslist and edit, this specifies a source
line that contains address. For break and other
breakpoint oriented commands, this can be used to set breakpoints in
parts of your program which do not have debugging information or
source files.
Here address may be any expression valid in the current working language (see working language) that specifies a code address. In addition, as a convenience, gdb extends the semantics of expressions used in locations to cover the situations that frequently happen during debugging. Here are the various forms of address:
&function. In Ada, this is function'Address
(although the Pascal form also works).
This form specifies the address of the function's first instruction,
before the stack frame and arguments have been set up.
'filename':funcaddr-pstap|-probe-stap [objfile:[provider:]]nameSystemTap provides a way for
applications to embed static probes. See Static Probe Points, for more
information on finding and using static probes. This form of linespec
specifies the location of such a static probe.
If objfile is given, only probes coming from that shared library or executable matching objfile as a regular expression are considered. If provider is given, then only probes from that provider are considered. If several probes match the spec, gdb will insert a breakpoint at each one of those probes.
To edit the lines in a source file, use the edit command.
The editing program of your choice
is invoked with the current line set to
the active line in the program.
Alternatively, there are several ways to specify what part of the file you
want to print if you want to see other parts of the program:
edit locationlocation. Editing starts at
that location, e.g., at the specified source line of the
specified file. See Specify Location, for all the possible forms
of the location argument; here are the forms of the edit
command most commonly used:
edit numberedit functionYou can customize gdb to use any editor you want
9.
By default, it is /bin/ex, but you can change this
by setting the environment variable EDITOR before using
gdb. For example, to configure gdb to use the
vi editor, you could use these commands with the sh shell:
EDITOR=/usr/bin/vi
export EDITOR
gdb ...
or in the csh shell,
setenv EDITOR /usr/bin/vi
gdb ...
There are two commands for searching through the current source file for a regular expression.
forward-search regexpsearch regexpfo.
reverse-search regexprev.
Executable programs sometimes do not record the directories of the source files from which they were compiled, just the names. Even when they do, the directories could be moved between the compilation and your debugging session. gdb has a list of directories to search for source files; this is called the source path. Each time gdb wants a source file, it tries all the directories in the list, in the order they are present in the list, until it finds a file with the desired name.
For example, suppose an executable references the file /usr/src/foo-1.0/lib/foo.c, and our source path is /mnt/cross. The file is first looked up literally; if this fails, /mnt/cross/usr/src/foo-1.0/lib/foo.c is tried; if this fails, /mnt/cross/foo.c is opened; if this fails, an error message is printed. gdb does not look up the parts of the source file name, such as /mnt/cross/src/foo-1.0/lib/foo.c. Likewise, the subdirectories of the source path are not searched: if the source path is /mnt/cross, and the binary refers to foo.c, gdb would not find it under /mnt/cross/usr/src/foo-1.0/lib.
Plain file names, relative file names with leading directories, file names containing dots, etc. are all treated as described above; for instance, if the source path is /mnt/cross, and the source file is recorded as ../lib/foo.c, gdb would first try ../lib/foo.c, then /mnt/cross/../lib/foo.c, and after that—/mnt/cross/foo.c.
Note that the executable search path is not used to locate the source files.
Whenever you reset or rearrange the source path, gdb clears out any information it has cached about where source files are found and where each line is in the file.
When you start gdb, its source path includes only ‘cdir’
and ‘cwd’, in that order.
To add other directories, use the directory command.
The search path is used to find both program source files and gdb script files (read using the ‘-command’ option and ‘source’ command).
In addition to the source path, gdb provides a set of commands that manage a list of source path substitution rules. A substitution rule specifies how to rewrite source directories stored in the program's debug information in case the sources were moved to a different directory between compilation and debugging. A rule is made of two strings, the first specifying what needs to be rewritten in the path, and the second specifying how it should be rewritten. In set substitute-path, we name these two parts from and to respectively. gdb does a simple string replacement of from with to at the start of the directory part of the source file name, and uses that result instead of the original file name to look up the sources.
Using the previous example, suppose the foo-1.0 tree has been
moved from /usr/src to /mnt/cross, then you can tell
gdb to replace /usr/src in all source path names with
/mnt/cross. The first lookup will then be
/mnt/cross/foo-1.0/lib/foo.c in place of the original location
of /usr/src/foo-1.0/lib/foo.c. To define a source path
substitution rule, use the set substitute-path command
(see set substitute-path).
To avoid unexpected substitution results, a rule is applied only if the from part of the directory name ends at a directory separator. For instance, a rule substituting /usr/source into /mnt/cross will be applied to /usr/source/foo-1.0 but not to /usr/sourceware/foo-2.0. And because the substitution is applied only at the beginning of the directory name, this rule will not be applied to /root/usr/source/baz.c either.
In many cases, you can achieve the same result using the directory
command. However, set substitute-path can be more efficient in
the case where the sources are organized in a complex tree with multiple
subdirectories. With the directory command, you need to add each
subdirectory of your project. If you moved the entire tree while
preserving its internal organization, then set substitute-path
allows you to direct the debugger to all the sources with one single
command.
set substitute-path is also more than just a shortcut command.
The source path is only used if the file at the original location no
longer exists. On the other hand, set substitute-path modifies
the debugger behavior to look at the rewritten location instead. So, if
for any reason a source file that is not relevant to your executable is
located at the original location, a substitution rule is the only
method available to point gdb at the new location.
You can configure a default source path substitution rule by configuring gdb with the ‘--with-relocated-sources=dir’ option. The dir should be the name of a directory under gdb's configured prefix (set with ‘--prefix’ or ‘--exec-prefix’), and directory names in debug information under dir will be adjusted automatically if the installed gdb is moved to a new location. This is useful if gdb, libraries or executables with debug information and corresponding source code are being moved together.
directory dirname ...dir dirname ...You can use the string ‘$cdir’ to refer to the compilation
directory (if one is recorded), and ‘$cwd’ to refer to the current
working directory. ‘$cwd’ is not the same as ‘.’—the former
tracks the current working directory as it changes during your gdb
session, while the latter is immediately expanded to the current
directory at the time you add an entry to the source path.
directoryset directories path-listshow directoriesset substitute-path from toFor example, if the file /foo/bar/baz.c was moved to /mnt/cross/baz.c, then the command
(gdb) set substitute-path /usr/src /mnt/cross
will tell gdb to replace ‘/usr/src’ with ‘/mnt/cross’, which will allow gdb to find the file baz.c even though it was moved.
In the case when more than one substitution rule have been defined, the rules are evaluated one by one in the order where they have been defined. The first one matching, if any, is selected to perform the substitution.
For instance, if we had entered the following commands:
(gdb) set substitute-path /usr/src/include /mnt/include
(gdb) set substitute-path /usr/src /mnt/src
gdb would then rewrite /usr/src/include/defs.h into
/mnt/include/defs.h by using the first rule. However, it would
use the second rule to rewrite /usr/src/lib/foo.c into
/mnt/src/lib/foo.c.
unset substitute-path [path]If no path is specified, then all substitution rules are deleted.
show substitute-path [path]If no path is specified, then print all existing source path substitution rules.
If your source path is cluttered with directories that are no longer of interest, gdb may sometimes cause confusion by finding the wrong versions of source. You can correct the situation as follows:
directory with no argument to reset the source path to its default value.
directory with suitable arguments to reinstall the
directories you want in the source path. You can add all the
directories in one command.
You can use the command info line to map source lines to program
addresses (and vice versa), and the command disassemble to display
a range of addresses as machine instructions. You can use the command
set disassemble-next-line to set whether to disassemble next
source line when execution stops. When run under gnu Emacs
mode, the info line command causes the arrow to point to the
line specified. Also, info line prints addresses in symbolic form as
well as hex.
info line linespecFor example, we can use info line to discover the location of
the object code for the first line of function
m4_changequote:
(gdb) info line m4_changequote
Line 895 of "builtin.c" starts at pc 0x634c and ends at 0x6350.
We can also inquire (using *addr as the form for
linespec) what source line covers a particular address:
(gdb) info line *0x63ff
Line 926 of "builtin.c" starts at pc 0x63e4 and ends at 0x6404.
After info line, the default address for the x command
is changed to the starting address of the line, so that ‘x/i’ is
sufficient to begin examining the machine code (see Examining Memory). Also, this address is saved as the value of the
convenience variable $_ (see Convenience Variables).
disassembledisassemble /mdisassemble /r/m modifier and print the raw instructions in hex as well as
in symbolic form by specifying the /r.
The default memory range is the function surrounding the
program counter of the selected frame. A single argument to this
command is a program counter value; gdb dumps the function
surrounding this value. When two arguments are given, they should
be separated by a comma, possibly surrounded by whitespace. The
arguments specify a range of addresses to dump, in one of two forms:
,end,+length+length (exclusive).
When 2 arguments are specified, the name of the function is also printed (since there could be several functions in the given range).
The argument(s) can be any expression yielding a numeric value, such as ‘0x32c4’, ‘&main+10’ or ‘$pc - 8’.
If the range of memory being disassembled contains current program counter,
the instruction at that location is shown with a => marker.
The following example shows the disassembly of a range of addresses of HP PA-RISC 2.0 code:
(gdb) disas 0x32c4, 0x32e4
Dump of assembler code from 0x32c4 to 0x32e4:
0x32c4 <main+204>: addil 0,dp
0x32c8 <main+208>: ldw 0x22c(sr0,r1),r26
0x32cc <main+212>: ldil 0x3000,r31
0x32d0 <main+216>: ble 0x3f8(sr4,r31)
0x32d4 <main+220>: ldo 0(r31),rp
0x32d8 <main+224>: addil -0x800,dp
0x32dc <main+228>: ldo 0x588(r1),r26
0x32e0 <main+232>: ldil 0x3000,r31
End of assembler dump.
Here is an example showing mixed source+assembly for Intel x86, when the program is stopped just after function prologue:
(gdb) disas /m main
Dump of assembler code for function main:
5 {
0x08048330 <+0>: push %ebp
0x08048331 <+1>: mov %esp,%ebp
0x08048333 <+3>: sub $0x8,%esp
0x08048336 <+6>: and $0xfffffff0,%esp
0x08048339 <+9>: sub $0x10,%esp
6 printf ("Hello.\n");
=> 0x0804833c <+12>: movl $0x8048440,(%esp)
0x08048343 <+19>: call 0x8048284 <puts@plt>
7 return 0;
8 }
0x08048348 <+24>: mov $0x0,%eax
0x0804834d <+29>: leave
0x0804834e <+30>: ret
End of assembler dump.
Here is another example showing raw instructions in hex for AMD x86-64,
(gdb) disas /r 0x400281,+10
Dump of assembler code from 0x400281 to 0x40028b:
0x0000000000400281: 38 36 cmp %dh,(%rsi)
0x0000000000400283: 2d 36 34 2e 73 sub $0x732e3436,%eax
0x0000000000400288: 6f outsl %ds:(%rsi),(%dx)
0x0000000000400289: 2e 32 00 xor %cs:(%rax),%al
End of assembler dump.
Addresses cannot be specified as a linespec (see Specify Location).
So, for example, if you want to disassemble function bar
in file foo.c, you must type ‘disassemble 'foo.c'::bar’
and not ‘disassemble foo.c:bar’.
Some architectures have more than one commonly-used set of instruction mnemonics or other syntax.
For programs that were dynamically linked and use shared libraries, instructions that call functions or branch to locations in the shared libraries might show a seemingly bogus location—it's actually a location of the relocation table. On some architectures, gdb might be able to resolve these to actual function names.
set disassembly-flavor instruction-setdisassemble or x/i commands.
Currently this command is only defined for the Intel x86 family. You
can set instruction-set to either intel or att.
The default is att, the AT&T flavor used by default by Unix
assemblers for x86-based targets.
show disassembly-flavorset disassemble-next-lineshow disassemble-next-lineThe usual way to examine data in your program is with the print
command (abbreviated p), or its synonym inspect. It
evaluates and prints the value of an expression of the language your
program is written in (see Using gdb with Different Languages). It may also print the expression using a
Python-based pretty-printer (see Pretty Printing).
print exprprint /f exprprintprint /fA more low-level way of examining data is with the x command.
It examines data in memory at a specified address and prints it in a
specified format. See Examining Memory.
If you are interested in information about types, or about how the
fields of a struct or a class are declared, use the ptype exp
command rather than print. See Examining the Symbol Table.
Another way of examining values of expressions and type information is
through the Python extension command explore (available only if
the gdb build is configured with --with-python). It
offers an interactive way to start at the highest level (or, the most
abstract level) of the data type of an expression (or, the data type
itself) and explore all the way down to leaf scalar values/fields
embedded in the higher level data types.
explore argThe working of the explore command can be illustrated with an
example. If a data type struct ComplexStruct is defined in your
C program as
struct SimpleStruct
{
int i;
double d;
};
struct ComplexStruct
{
struct SimpleStruct *ss_p;
int arr[10];
};
followed by variable declarations as
struct SimpleStruct ss = { 10, 1.11 };
struct ComplexStruct cs = { &ss, { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 } };
then, the value of the variable cs can be explored using the
explore command as follows.
(gdb) explore cs
The value of `cs' is a struct/class of type `struct ComplexStruct' with
the following fields:
ss_p = <Enter 0 to explore this field of type `struct SimpleStruct *'>
arr = <Enter 1 to explore this field of type `int [10]'>
Enter the field number of choice:
Since the fields of cs are not scalar values, you are being
prompted to chose the field you want to explore. Let's say you choose
the field ss_p by entering 0. Then, since this field is a
pointer, you will be asked if it is pointing to a single value. From
the declaration of cs above, it is indeed pointing to a single
value, hence you enter y. If you enter n, then you will
be asked if it were pointing to an array of values, in which case this
field will be explored as if it were an array.
`cs.ss_p' is a pointer to a value of type `struct SimpleStruct'
Continue exploring it as a pointer to a single value [y/n]: y
The value of `*(cs.ss_p)' is a struct/class of type `struct
SimpleStruct' with the following fields:
i = 10 .. (Value of type `int')
d = 1.1100000000000001 .. (Value of type `double')
Press enter to return to parent value:
If the field arr of cs was chosen for exploration by
entering 1 earlier, then since it is as array, you will be
prompted to enter the index of the element in the array that you want
to explore.
`cs.arr' is an array of `int'.
Enter the index of the element you want to explore in `cs.arr': 5
`(cs.arr)[5]' is a scalar value of type `int'.
(cs.arr)[5] = 4
Press enter to return to parent value:
In general, at any stage of exploration, you can go deeper towards the leaf values by responding to the prompts appropriately, or hit the return key to return to the enclosing data structure (the higher level data structure).
Similar to exploring values, you can use the explore command to
explore types. Instead of specifying a value (which is typically a
variable name or an expression valid in the current context of the
program being debugged), you specify a type name. If you consider the
same example as above, your can explore the type
struct ComplexStruct by passing the argument
struct ComplexStruct to the explore command.
(gdb) explore struct ComplexStruct
By responding to the prompts appropriately in the subsequent interactive
session, you can explore the type struct ComplexStruct in a
manner similar to how the value cs was explored in the above
example.
The explore command also has two sub-commands,
explore value and explore type. The former sub-command is
a way to explicitly specify that value exploration of the argument is
being invoked, while the latter is a way to explicitly specify that type
exploration of the argument is being invoked.
explore value exprexplore explores the value of the
expression expr (if expr is an expression valid in the
current context of the program being debugged). The behavior of this
command is identical to that of the behavior of the explore
command being passed the argument expr.
explore type argexplore explores the type of arg (if
arg is a type visible in the current context of program being
debugged), or the type of the value/expression arg (if arg
is an expression valid in the current context of the program being
debugged). If arg is a type, then the behavior of this command is
identical to that of the explore command being passed the
argument arg. If arg is an expression, then the behavior of
this command will be identical to that of the explore command
being passed the type of arg as the argument.
print and many other gdb commands accept an expression and
compute its value. Any kind of constant, variable or operator defined
by the programming language you are using is valid in an expression in
gdb. This includes conditional expressions, function calls,
casts, and string constants. It also includes preprocessor macros, if
you compiled your program to include this information; see
Compilation.
Beware that nested functions usually need a context to be set up before being called. Unfortunately, GDB currently has no knowledge of this setup, and hence generally cannot call nested functions correctly. Therefore, the result of such a call is likely to be erroneous, and may even crash the program being debugged.
gdb supports array constants in expressions input by
the user. The syntax is {element, element...}. For example,
you can use the command print {1, 2, 3} to create an array
of three integers. If you pass an array to a function or assign it
to a program variable, gdb copies the array to memory that
is malloced in the target program.
Because C is so widespread, most of the expressions shown in examples in this manual are in C. See Using gdb with Different Languages, for information on how to use expressions in other languages.
In this section, we discuss operators that you can use in gdb expressions regardless of your programming language.
Casts are supported in all languages, not just in C, because it is so useful to cast a number into a pointer in order to examine a structure at that address in memory.
gdb supports these operators, in addition to those common to programming languages:
@::{type} addrExpressions can sometimes contain some ambiguous elements. For instance, some programming languages (notably Ada, C++ and Objective-C) permit a single function name to be defined several times, for application in different contexts. This is called overloading. Another example involving Ada is generics. A generic package is similar to C++ templates and is typically instantiated several times, resulting in the same function name being defined in different contexts.
In some cases and depending on the language, it is possible to adjust the expression to remove the ambiguity. For instance in C++, you can specify the signature of the function you want to break on, as in break function(types). In Ada, using the fully qualified name of your function often makes the expression unambiguous as well.
When an ambiguity that needs to be resolved is detected, the debugger has the capability to display a menu of numbered choices for each possibility, and then waits for the selection with the prompt ‘>’. The first option is always ‘[0] cancel’, and typing 0 <RET> aborts the current command. If the command in which the expression was used allows more than one choice to be selected, the next option in the menu is ‘[1] all’, and typing 1 <RET> selects all possible choices.
For example, the following session excerpt shows an attempt to set a
breakpoint at the overloaded symbol String::after.
We choose three particular definitions of that function name:
(gdb) b String::after
[0] cancel
[1] all
[2] file:String.cc; line number:867
[3] file:String.cc; line number:860
[4] file:String.cc; line number:875
[5] file:String.cc; line number:853
[6] file:String.cc; line number:846
[7] file:String.cc; line number:735
> 2 4 6
Breakpoint 1 at 0xb26c: file String.cc, line 867.
Breakpoint 2 at 0xb344: file String.cc, line 875.
Breakpoint 3 at 0xafcc: file String.cc, line 846.
Multiple breakpoints were set.
Use the "delete" command to delete unwanted
breakpoints.
(gdb)
set multiple-symbols modeBy default, mode is set to all. If the command with which
the expression is used allows more than one choice, then gdb
automatically selects all possible choices. For instance, inserting
a breakpoint on a function using an ambiguous name results in a breakpoint
inserted on each possible match. However, if a unique choice must be made,
then gdb uses the menu to help you disambiguate the expression.
For instance, printing the address of an overloaded function will result
in the use of the menu.
When mode is set to ask, the debugger always uses the menu
when an ambiguity is detected.
Finally, when mode is set to cancel, the debugger reports
an error due to the ambiguity and the command is aborted.
show multiple-symbolsmultiple-symbols setting.
The most common kind of expression to use is the name of a variable in your program.
Variables in expressions are understood in the selected stack frame (see Selecting a Frame); they must be either:
or
This means that in the function
foo (a)
int a;
{
bar (a);
{
int b = test ();
bar (b);
}
}
you can examine and use the variable a whenever your program is
executing within the function foo, but you can only use or
examine the variable b while your program is executing inside
the block where b is declared.
There is an exception: you can refer to a variable or function whose
scope is a single source file even if the current execution point is not
in this file. But it is possible to have more than one such variable or
function with the same name (in different source files). If that
happens, referring to that name has unpredictable effects. If you wish,
you can specify a static variable in a particular function or file by
using the colon-colon (::) notation:
file::variable
function::variable
Here file or function is the name of the context for the
static variable. In the case of file names, you can use quotes to
make sure gdb parses the file name as a single word—for example,
to print a global value of x defined in f2.c:
(gdb) p 'f2.c'::x
The :: notation is normally used for referring to
static variables, since you typically disambiguate uses of local variables
in functions by selecting the appropriate frame and using the
simple name of the variable. However, you may also use this notation
to refer to local variables in frames enclosing the selected frame:
void
foo (int a)
{
if (a < 10)
bar (a);
else
process (a); /* Stop here */
}
int
bar (int a)
{
foo (a + 5);
}
For example, if there is a breakpoint at the commented line,
here is what you might see
when the program stops after executing the call bar(0):
(gdb) p a
$1 = 10
(gdb) p bar::a
$2 = 5
(gdb) up 2
#2 0x080483d0 in foo (a=5) at foobar.c:12
(gdb) p a
$3 = 5
(gdb) p bar::a
$4 = 0
These uses of ‘::’ are very rarely in conflict with the very similar use of the same notation in C++. When they are in conflict, the C++ meaning takes precedence; however, this can be overridden by quoting the file or function name with single quotes.
For example, suppose the program is stopped in a method of a class
that has a field named includefile, and there is also an
include file named includefile that defines a variable,
some_global.
(gdb) p includefile
$1 = 23
(gdb) p includefile::some_global
A syntax error in expression, near `'.
(gdb) p 'includefile'::some_global
$2 = 27
Warning: Occasionally, a local variable may appear to have the wrong value at certain points in a function—just after entry to a new scope, and just before exit.You may see this problem when you are stepping by machine instructions. This is because, on most machines, it takes more than one instruction to set up a stack frame (including local variable definitions); if you are stepping by machine instructions, variables may appear to have the wrong values until the stack frame is completely built. On exit, it usually also takes more than one machine instruction to destroy a stack frame; after you begin stepping through that group of instructions, local variable definitions may be gone.
This may also happen when the compiler does significant optimizations. To be sure of always seeing accurate values, turn off all optimization when compiling.
Another possible effect of compiler optimizations is to optimize unused variables out of existence, or assign variables to registers (as opposed to memory addresses). Depending on the support for such cases offered by the debug info format used by the compiler, gdb might not be able to display values for such local variables. If that happens, gdb will print a message like this:
No symbol "foo" in current context.
To solve such problems, either recompile without optimizations, or use a different debug info format, if the compiler supports several such formats. See Compilation, for more information on choosing compiler options. See C and C++, for more information about debug info formats that are best suited to C++ programs.
If you ask to print an object whose contents are unknown to gdb, e.g., because its data type is not completely specified by the debug information, gdb will say ‘<incomplete type>’. See incomplete type, for more about this.
If you append @entry string to a function parameter name you get its value at the time the function got called. If the value is not available an error message is printed. Entry values are available only with some compilers. Entry values are normally also printed at the function parameter list according to set print entry-values.
Breakpoint 1, d (i=30) at gdb.base/entry-value.c:29
29 i++;
(gdb) next
30 e (i);
(gdb) print i
$1 = 31
(gdb) print i@entry
$2 = 30
Strings are identified as arrays of char values without specified
signedness. Arrays of either signed char or unsigned char get
printed as arrays of 1 byte sized integers. -fsigned-char or
-funsigned-char gcc options have no effect as gdb
defines literal string type "char" as char without a sign.
For program code
char var0[] = "A";
signed char var1[] = "A";
You get during debugging
(gdb) print var0
$1 = "A"
(gdb) print var1
$2 = {65 'A', 0 '\0'}
It is often useful to print out several successive objects of the same type in memory; a section of an array, or an array of dynamically determined size for which only a pointer exists in the program.
You can do this by referring to a contiguous span of memory as an artificial array, using the binary operator ‘@’. The left operand of ‘@’ should be the first element of the desired array and be an individual object. The right operand should be the desired length of the array. The result is an array value whose elements are all of the type of the left argument. The first element is actually the left argument; the second element comes from bytes of memory immediately following those that hold the first element, and so on. Here is an example. If a program says
int *array = (int *) malloc (len * sizeof (int));
you can print the contents of array with
p *array@len
The left operand of ‘@’ must reside in memory. Array values made with ‘@’ in this way behave just like other arrays in terms of subscripting, and are coerced to pointers when used in expressions. Artificial arrays most often appear in expressions via the value history (see Value History), after printing one out.
Another way to create an artificial array is to use a cast. This re-interprets a value as if it were an array. The value need not be in memory:
(gdb) p/x (short[2])0x12345678
$1 = {0x1234, 0x5678}
As a convenience, if you leave the array length out (as in ‘(type[])value’) gdb calculates the size to fill the value (as ‘sizeof(value)/sizeof(type)’:
(gdb) p/x (short[])0x12345678
$2 = {0x1234, 0x5678}
Sometimes the artificial array mechanism is not quite enough; in
moderately complex data structures, the elements of interest may not
actually be adjacent—for example, if you are interested in the values
of pointers in an array. One useful work-around in this situation is
to use a convenience variable (see Convenience Variables) as a counter in an expression that prints the first
interesting value, and then repeat that expression via <RET>. For
instance, suppose you have an array dtab of pointers to
structures, and you are interested in the values of a field fv
in each structure. Here is an example of what you might type:
set $i = 0
p dtab[$i++]->fv
<RET>
<RET>
...
By default, gdb prints a value according to its data type. Sometimes this is not what you want. For example, you might want to print a number in hex, or a pointer in decimal. Or you might want to view data in memory at a certain address as a character string or as an instruction. To do these things, specify an output format when you print a value.
The simplest use of output formats is to say how to print a value
already computed. This is done by starting the arguments of the
print command with a slash and a format letter. The format
letters supported are:
xduota (gdb) p/a 0x54320
$3 = 0x54320 <_initialize_vx+396>
The command info symbol 0x54320 yields similar results.
See info symbol.
cWithout this format, gdb displays char,
unsigned char, and signed char data as character
constants. Single-byte members of vectors are displayed as integer
data.
fsWithout this format, gdb displays pointers to and arrays of
char, unsigned char, and signed char as
strings. Single-byte members of a vector are displayed as an integer
array.
zrFor example, to print the program counter in hex (see Registers), type
p/x $pc
Note that no space is required before the slash; this is because command names in gdb cannot contain a slash.
To reprint the last value in the value history with a different format,
you can use the print command with just a format and no
expression. For example, ‘p/x’ reprints the last value in hex.
You can use the command x (for “examine”) to examine memory in
any of several formats, independently of your program's data types.
x/nfu addrx addrxx command to examine memory.
n, f, and u are all optional parameters that specify how much memory to display and how to format it; addr is an expression giving the address where you want to start displaying memory. If you use defaults for nfu, you need not type the slash ‘/’. Several commands set convenient defaults for addr.
print
(‘x’, ‘d’, ‘u’, ‘o’, ‘t’, ‘a’, ‘c’,
‘f’, ‘s’), and in addition ‘i’ (for machine instructions).
The default is ‘x’ (hexadecimal) initially. The default changes
each time you use either x or print.
bhwgEach time you specify a unit size with x, that size becomes the
default unit the next time you use x. For the ‘i’ format,
the unit size is ignored and is normally not written. For the ‘s’ format,
the unit size defaults to ‘b’, unless it is explicitly given.
Use x /hs to display 16-bit char strings and x /ws to display
32-bit strings. The next use of x /s will again display 8-bit strings.
Note that the results depend on the programming language of the
current compilation unit. If the language is C, the ‘s’
modifier will use the UTF-16 encoding while ‘w’ will use
UTF-32. The encoding is set by the programming language and cannot
be altered.
info breakpoints (to
the address of the last breakpoint listed), info line (to the
starting address of a line), and print (if you use it to display
a value from memory).
For example, ‘x/3uh 0x54320’ is a request to display three halfwords
(h) of memory, formatted as unsigned decimal integers (‘u’),
starting at address 0x54320. ‘x/4xw $sp’ prints the four
words (‘w’) of memory above the stack pointer (here, ‘$sp’;
see Registers) in hexadecimal (‘x’).
Since the letters indicating unit sizes are all distinct from the letters specifying output formats, you do not have to remember whether unit size or format comes first; either order works. The output specifications ‘4xw’ and ‘4wx’ mean exactly the same thing. (However, the count n must come first; ‘wx4’ does not work.)
Even though the unit size u is ignored for the formats ‘s’
and ‘i’, you might still want to use a count n; for example,
‘3i’ specifies that you want to see three machine instructions,
including any operands. For convenience, especially when used with
the display command, the ‘i’ format also prints branch delay
slot instructions, if any, beyond the count specified, which immediately
follow the last instruction that is within the count. The command
disassemble gives an alternative way of inspecting machine
instructions; see Source and Machine Code.
All the defaults for the arguments to x are designed to make it
easy to continue scanning memory with minimal specifications each time
you use x. For example, after you have inspected three machine
instructions with ‘x/3i addr’, you can inspect the next seven
with just ‘x/7’. If you use <RET> to repeat the x command,
the repeat count n is used again; the other arguments default as
for successive uses of x.
When examining machine instructions, the instruction at current program
counter is shown with a => marker. For example:
(gdb) x/5i $pc-6
0x804837f <main+11>: mov %esp,%ebp
0x8048381 <main+13>: push %ecx
0x8048382 <main+14>: sub $0x4,%esp
=> 0x8048385 <main+17>: movl $0x8048460,(%esp)
0x804838c <main+24>: call 0x80482d4 <puts@plt>
The addresses and contents printed by the x command are not saved
in the value history because there is often too much of them and they
would get in the way. Instead, gdb makes these values available for
subsequent use in expressions as values of the convenience variables
$_ and $__. After an x command, the last address
examined is available for use in expressions in the convenience variable
$_. The contents of that address, as examined, are available in
the convenience variable $__.
If the x command has a repeat count, the address and contents saved
are from the last memory unit printed; this is not the same as the last
address printed if several units were printed on the last line of output.
Most targets have an addressable memory unit size of 8 bits. This means that to each memory address are associated 8 bits of data. Some targets, however, have other addressable memory unit sizes. Within gdb and this document, the term addressable memory unit (or memory unit for short) is used when explicitly referring to a chunk of data of that size. The word byte is used to refer to a chunk of data of 8 bits, regardless of the addressable memory unit size of the target. For most systems, addressable memory unit is a synonym of byte.
When you are debugging a program running on a remote target machine
(see Remote Debugging), you may wish to verify the program's image
in the remote machine's memory against the executable file you
downloaded to the target. Or, on any target, you may want to check
whether the program has corrupted its own read-only sections. The
compare-sections command is provided for such situations.
compare-sections [section-name|-r]-r, compares all loadable read-only sections.
Note: for remote targets, this command can be accelerated if the target supports computing the CRC checksum of a block of memory (see qCRC packet).
If you find that you want to print the value of an expression frequently (to see how it changes), you might want to add it to the automatic display list so that gdb prints its value each time your program stops. Each expression added to the list is given a number to identify it; to remove an expression from the list, you specify that number. The automatic display looks like this:
2: foo = 38
3: bar[5] = (struct hack *) 0x3804
This display shows item numbers, expressions and their current values. As with
displays you request manually using x or print, you can
specify the output format you prefer; in fact, display decides
whether to use print or x depending your format
specification—it uses x if you specify either the ‘i’
or ‘s’ format, or a unit size; otherwise it uses print.
display exprdisplay does not repeat if you press <RET> again after using it.
display/fmt exprdisplay/fmt addrFor example, ‘display/i $pc’ can be helpful, to see the machine instruction about to be executed each time execution stops (‘$pc’ is a common name for the program counter; see Registers).
undisplay dnums...delete display dnums...2-4.
undisplay does not repeat if you press <RET> after using it.
(Otherwise you would just get the error ‘No display number ...’.)
disable display dnums...2-4.
enable display dnums...2-4.
displayinfo displayIf a display expression refers to local variables, then it does not make
sense outside the lexical context for which it was set up. Such an
expression is disabled when execution enters a context where one of its
variables is not defined. For example, if you give the command
display last_char while inside a function with an argument
last_char, gdb displays this argument while your program
continues to stop inside that function. When it stops elsewhere—where
there is no variable last_char—the display is disabled
automatically. The next time your program stops where last_char
is meaningful, you can enable the display expression once again.
gdb provides the following ways to control how arrays, structures, and symbols are printed.
These settings are useful for debugging programs in any language:
set print addressset print address onon. For example, this is what a stack frame display looks like with
set print address on:
(gdb) f
#0 set_quotes (lq=0x34c78 "<<", rq=0x34c88 ">>")
at input.c:530
530 if (lquote != def_lquote)
set print address offset print address off:
(gdb) set print addr off
(gdb) f
#0 set_quotes (lq="<<", rq=">>") at input.c:530
530 if (lquote != def_lquote)
You can use ‘set print address off’ to eliminate all machine
dependent displays from the gdb interface. For example, with
print address off, you should get the same text for backtraces on
all machines—whether or not they involve pointer arguments.
show print addressWhen gdb prints a symbolic address, it normally prints the
closest earlier symbol plus an offset. If that symbol does not uniquely
identify the address (for example, it is a name whose scope is a single
source file), you may need to clarify. One way to do this is with
info line, for example ‘info line *0x4537’. Alternately,
you can set gdb to print the source file and line number when
it prints a symbolic address:
set print symbol-filename onset print symbol-filename offshow print symbol-filenameAnother situation where it is helpful to show symbol filenames and line numbers is when disassembling code; gdb shows you the line number and source file that corresponds to each instruction.
Also, you may wish to see the symbolic form only if the address being printed is reasonably close to the closest earlier symbol:
set print max-symbolic-offset max-offsetset print max-symbolic-offset unlimitedunlimited, which tells gdb
to always print the symbolic form of an address if any symbol precedes
it. Zero is equivalent to unlimited.
show print max-symbolic-offsetIf you have a pointer and you are not sure where it points, try
‘set print symbol-filename on’. Then you can determine the name
and source file location of the variable where it points, using
‘p/a pointer’. This interprets the address in symbolic form.
For example, here gdb shows that a variable ptt points
at another variable t, defined in hi2.c:
(gdb) set print symbol-filename on
(gdb) p/a ptt
$4 = 0xe008 <t in hi2.c>
Warning: For pointers that point to a local variable, ‘p/a’
does not show the symbol name and filename of the referent, even with
the appropriate set print options turned on.
You can also enable ‘/a’-like formatting all the time using ‘set print symbol on’:
set print symbol onset print symbol offshow print symbolOther settings control how different kinds of objects are printed:
set print arrayset print array onset print array offshow print arrayset print array-indexesset print array-indexes onset print array-indexes offshow print array-indexesset print elements number-of-elementsset print elements unlimitedset print elements command.
This limit also applies to the display of strings.
When gdb starts, this limit is set to 200.
Setting number-of-elements to unlimited or zero means
that the number of elements to print is unlimited.
show print elementsset print frame-arguments valueallscalars.... This is the default. Here is an example where
only scalar arguments are shown:
#1 0x08048361 in call_me (i=3, s=..., ss=0xbf8d508c, u=..., e=green)
at frame-args.c:23
none.... In this case, the example above now becomes:
#1 0x08048361 in call_me (i=..., s=..., ss=..., u=..., e=...)
at frame-args.c:23
By default, only scalar arguments are printed. This command can be used
to configure the debugger to print the value of all arguments, regardless
of their type. However, it is often advantageous to not print the value
of more complex parameters. For instance, it reduces the amount of
information printed in each frame, making the backtrace more readable.
Also, it improves performance when displaying Ada frames, because
the computation of large arguments can sometimes be CPU-intensive,
especially in large applications. Setting print frame-arguments
to scalars (the default) or none avoids this computation,
thus speeding up the display of each Ada frame.
show print frame-argumentsset print raw frame-arguments onset print raw frame-arguments offshow print raw frame-argumentsset print entry-values valueThe default value is default (see below for its description). Older
gdb behaved as with the setting no. Compilers not supporting
this feature will behave in the default setting the same way as with the
no setting.
This functionality is currently supported only by DWARF 2 debugging format and the compiler has to produce ‘DW_TAG_GNU_call_site’ tags. With gcc, you need to specify -O -g during compilation, to get this information.
The value parameter can be one of the following:
no #0 equal (val=5)
#0 different (val=6)
#0 lost (val=<optimized out>)
#0 born (val=10)
#0 invalid (val=<optimized out>)
only #0 equal (val@entry=5)
#0 different (val@entry=5)
#0 lost (val@entry=5)
#0 born (val@entry=<optimized out>)
#0 invalid (val@entry=<optimized out>)
preferred #0 equal (val@entry=5)
#0 different (val@entry=5)
#0 lost (val@entry=5)
#0 born (val=10)
#0 invalid (val@entry=<optimized out>)
if-needed #0 equal (val=5)
#0 different (val=6)
#0 lost (val@entry=5)
#0 born (val=10)
#0 invalid (val=<optimized out>)
both #0 equal (val=5, val@entry=5)
#0 different (val=6, val@entry=5)
#0 lost (val=<optimized out>, val@entry=5)
#0 born (val=10, val@entry=<optimized out>)
#0 invalid (val=<optimized out>, val@entry=<optimized out>)
compact<optimized out>. If not in MI mode (see GDB/MI) and if both
values are known and identical, print the shortened
param=param@entry=VALUE notation.
#0 equal (val=val@entry=5)
#0 different (val=6, val@entry=5)
#0 lost (val@entry=5)
#0 born (val=10)
#0 invalid (val=<optimized out>)
defaultparam=param@entry=VALUE notation.
#0 equal (val=val@entry=5)
#0 different (val=6, val@entry=5)
#0 lost (val=<optimized out>, val@entry=5)
#0 born (val=10)
#0 invalid (val=<optimized out>)
For analysis messages on possible failures of frame argument values at function
entry resolution see set debug entry-values.
show print entry-valuesset print repeats number-of-repeatsset print repeats unlimited"<repeats n times>", where n is the number of
identical repetitions, instead of displaying the identical elements
themselves. Setting the threshold to unlimited or zero will
cause all elements to be individually printed. The default threshold
is 10.
show print repeatsset print null-stopshow print null-stopset print pretty on $1 = {
next = 0x0,
flags = {
sweet = 1,
sour = 1
},
meat = 0x54 "Pork"
}
set print pretty off $1 = {next = 0x0, flags = {sweet = 1, sour = 1}, \
meat = 0x54 "Pork"}
This is the default format.
show print prettyset print sevenbit-strings on\nnn. This setting is
best if you are working in English (ascii) and you use the
high-order bit of characters as a marker or “meta” bit.
set print sevenbit-strings offshow print sevenbit-stringsset print union onset print union off"{...}"
instead.
show print unionFor example, given the declarations
typedef enum {Tree, Bug} Species;
typedef enum {Big_tree, Acorn, Seedling} Tree_forms;
typedef enum {Caterpillar, Cocoon, Butterfly}
Bug_forms;
struct thing {
Species it;
union {
Tree_forms tree;
Bug_forms bug;
} form;
};
struct thing foo = {Tree, {Acorn}};
with set print union on in effect ‘p foo’ would print
$1 = {it = Tree, form = {tree = Acorn, bug = Cocoon}}
and with set print union off in effect it would print
$1 = {it = Tree, form = {...}}
set print union affects programs written in C-like languages
and in Pascal.
These settings are of interest when debugging C++ programs:
set print demangleset print demangle onshow print demangleset print asm-demangleset print asm-demangle onshow print asm-demangleset demangle-style styleautognug++) encoding algorithm.
hpaCC) encoding algorithm.
lucidlcc) encoding algorithm.
armcfront-generated executables. gdb would
require further enhancement to permit that.
show demangle-styleset print objectset print object onset print object offshow print objectset print static-membersset print static-members onset print static-members offshow print static-membersset print pascal_static-membersset print pascal_static-members onset print pascal_static-members offshow print pascal_static-membersset print vtblset print vtbl onvtbl commands do not work on programs compiled with the HP
ANSI C++ compiler (aCC).)
set print vtbl offshow print vtblgdb provides a mechanism to allow pretty-printing of values using Python code. It greatly simplifies the display of complex objects. This mechanism works for both MI and the CLI.
When gdb prints a value, it first sees if there is a pretty-printer registered for the value. If there is then gdb invokes the pretty-printer to print the value. Otherwise the value is printed normally.
Pretty-printers are normally named. This makes them easy to manage. The ‘info pretty-printer’ command will list all the installed pretty-printers with their names. If a pretty-printer can handle multiple data types, then its subprinters are the printers for the individual data types. Each such subprinter has its own name. The format of the name is printer-name;subprinter-name.
Pretty-printers are installed by registering them with gdb. Typically they are automatically loaded and registered when the corresponding debug information is loaded, thus making them available without having to do anything special.
There are three places where a pretty-printer can be registered.
See Selecting Pretty-Printers, for further information on how pretty-printers are selected,
See Writing a Pretty-Printer, for implementing pretty printers for new types.
Here is how a C++ std::string looks without a pretty-printer:
(gdb) print s
$1 = {
static npos = 4294967295,
_M_dataplus = {
<std::allocator<char>> = {
<__gnu_cxx::new_allocator<char>> = {
<No data fields>}, <No data fields>
},
members of std::basic_string<char, std::char_traits<char>,
std::allocator<char> >::_Alloc_hider:
_M_p = 0x804a014 "abcd"
}
}
With a pretty-printer for std::string only the contents are printed:
(gdb) print s
$2 = "abcd"
info pretty-printer [object-regexp [name-regexp]]object-regexp is a regular expression matching the objects
whose pretty-printers to list.
Objects can be global, the program space's file
(see Progspaces In Python),
and the object files within that program space (see Objfiles In Python).
See Selecting Pretty-Printers, for details on how gdb
looks up a printer from these three objects.
name-regexp is a regular expression matching the name of the printers to list.
disable pretty-printer [object-regexp [name-regexp]]enable pretty-printer [object-regexp [name-regexp]]Example:
Suppose we have three pretty-printers installed: one from library1.so
named foo that prints objects of type foo, and
another from library2.so named bar that prints two types of objects,
bar1 and bar2.
(gdb) info pretty-printer
library1.so:
foo
library2.so:
bar
bar1
bar2
(gdb) info pretty-printer library2
library2.so:
bar
bar1
bar2
(gdb) disable pretty-printer library1
1 printer disabled
2 of 3 printers enabled
(gdb) info pretty-printer
library1.so:
foo [disabled]
library2.so:
bar
bar1
bar2
(gdb) disable pretty-printer library2 bar:bar1
1 printer disabled
1 of 3 printers enabled
(gdb) info pretty-printer library2
library1.so:
foo [disabled]
library2.so:
bar
bar1 [disabled]
bar2
(gdb) disable pretty-printer library2 bar
1 printer disabled
0 of 3 printers enabled
(gdb) info pretty-printer library2
library1.so:
foo [disabled]
library2.so:
bar [disabled]
bar1 [disabled]
bar2
Note that for bar the entire printer can be disabled,
as can each individual subprinter.
Values printed by the print command are saved in the gdb
value history. This allows you to refer to them in other expressions.
Values are kept until the symbol table is re-read or discarded
(for example with the file or symbol-file commands).
When the symbol table changes, the value history is discarded,
since the values may contain pointers back to the types defined in the
symbol table.
The values printed are given history numbers by which you can
refer to them. These are successive integers starting with one.
print shows you the history number assigned to a value by
printing ‘$num = ’ before the value; here num is the
history number.
To refer to any previous value, use ‘$’ followed by the value's
history number. The way print labels its output is designed to
remind you of this. Just $ refers to the most recent value in
the history, and $$ refers to the value before that.
$$n refers to the nth value from the end; $$2
is the value just prior to $$, $$1 is equivalent to
$$, and $$0 is equivalent to $.
For example, suppose you have just printed a pointer to a structure and want to see the contents of the structure. It suffices to type
p *$
If you have a chain of structures where the component next points
to the next one, you can print the contents of the next one with this:
p *$.next
You can print successive links in the chain by repeating this command—which you can do by just typing <RET>.
Note that the history records values, not expressions. If the value of
x is 4 and you type these commands:
print x
set x=5
then the value recorded in the value history by the print command
remains 4 even though the value of x has changed.
show valuesshow
values does not change the history.
show values nshow values +show values + produces no display.
Pressing <RET> to repeat show values n has exactly the
same effect as ‘show values +’.
gdb provides convenience variables that you can use within gdb to hold on to a value and refer to it later. These variables exist entirely within gdb; they are not part of your program, and setting a convenience variable has no direct effect on further execution of your program. That is why you can use them freely.
Convenience variables are prefixed with ‘$’. Any name preceded by ‘$’ can be used for a convenience variable, unless it is one of the predefined machine-specific register names (see Registers). (Value history references, in contrast, are numbers preceded by ‘$’. See Value History.)
You can save a value in a convenience variable with an assignment expression, just as you would set a variable in your program. For example:
set $foo = *object_ptr
would save in $foo the value contained in the object pointed to by
object_ptr.
Using a convenience variable for the first time creates it, but its
value is void until you assign a new value. You can alter the
value with another assignment at any time.
Convenience variables have no fixed types. You can assign a convenience variable any type of value, including structures and arrays, even if that variable already has a value of a different type. The convenience variable, when used as an expression, has the type of its current value.
show convenienceshow conv.
init-if-undefined $variable = expressionIf the variable is already defined then the expression is not evaluated so any side-effects do not occur.
One of the ways to use a convenience variable is as a counter to be incremented or a pointer to be advanced. For example, to print a field from successive elements of an array of structures:
set $i = 0
print bar[$i++]->contents
Repeat that command by typing <RET>.
Some convenience variables are created automatically by gdb and given values likely to be useful.
$_$_ is automatically set by the x command to
the last address examined (see Examining Memory). Other
commands which provide a default address for x to examine also
set $_ to that address; these commands include info line
and info breakpoint. The type of $_ is void *
except when set by the x command, in which case it is a pointer
to the type of $__.
$__$__ is automatically set by the x command
to the value found in the last address examined. Its type is chosen
to match the format in which the data was printed.
$_exitcode$_exitsignal to void.
$_exitsignal$_exitcode to void.
To distinguish between whether the program being debugged has exited
(i.e., $_exitcode is not void) or signalled (i.e.,
$_exitsignal is not void), the convenience function
$_isvoid can be used (see Convenience Functions). For example, considering the following source code:
#include <signal.h>
int
main (int argc, char *argv[])
{
raise (SIGALRM);
return 0;
}
A valid way of telling whether the program being debugged has exited or signalled would be:
(gdb) define has_exited_or_signalled
Type commands for definition of ``has_exited_or_signalled''.
End with a line saying just ``end''.
>if $_isvoid ($_exitsignal)
>echo The program has exited\n
>else
>echo The program has signalled\n
>end
>end
(gdb) run
Starting program:
Program terminated with signal SIGALRM, Alarm clock.
The program no longer exists.
(gdb) has_exited_or_signalled
The program has signalled
As can be seen, gdb correctly informs that the program being
debugged has signalled, since it calls raise and raises a
SIGALRM signal. If the program being debugged had not called
raise, then gdb would report a normal exit:
(gdb) has_exited_or_signalled
The program has exited
$_exception$_exception is set to the exception object being
thrown at an exception-related catchpoint. See Set Catchpoints.
$_probe_argc$_probe_arg0...$_probe_arg11$_sdata$_sdata contains extra collected static tracepoint
data. See Tracepoint Action Lists. Note that
$_sdata could be empty, if not inspecting a trace buffer, or
if extra static tracepoint data has not been collected.
$_siginfo$_siginfo contains extra signal information
(see extra signal information). Note that $_siginfo
could be empty, if the application has not yet received any signals.
For example, it will be empty before you execute the run command.
$_tlb$_tlb is automatically set when debugging
applications running on MS-Windows in native mode or connected to
gdbserver that supports the qGetTIBAddr request.
See General Query Packets.
This variable contains the address of the thread information block.
On HP-UX systems, if you refer to a function or variable name that begins with a dollar sign, gdb searches for a user or system name first, before it searches for a convenience variable.
gdb also supplies some convenience functions. These have a syntax similar to convenience variables. A convenience function can be used in an expression just like an ordinary function; however, a convenience function is implemented internally to gdb.
These functions do not require gdb to be configured with
Python support, which means that they are always available.
$_isvoid (expr)void. Otherwise it
returns zero.
A void expression is an expression where the type of the result
is void. For example, you can examine a convenience variable
(see Convenience Variables) to check whether
it is void:
(gdb) print $_exitcode
$1 = void
(gdb) print $_isvoid ($_exitcode)
$2 = 1
(gdb) run
Starting program: ./a.out
[Inferior 1 (process 29572) exited normally]
(gdb) print $_exitcode
$3 = 0
(gdb) print $_isvoid ($_exitcode)
$4 = 0
In the example above, we used $_isvoid to check whether
$_exitcode is void before and after the execution of the
program being debugged. Before the execution there is no exit code to
be examined, therefore $_exitcode is void. After the
execution the program being debugged returned zero, therefore
$_exitcode is zero, which means that it is not void
anymore.
The void expression can also be a call of a function from the
program being debugged. For example, given the following function:
void
foo (void)
{
}
The result of calling it inside gdb is void:
(gdb) print foo ()
$1 = void
(gdb) print $_isvoid (foo ())
$2 = 1
(gdb) set $v = foo ()
(gdb) print $v
$3 = void
(gdb) print $_isvoid ($v)
$4 = 1
These functions require gdb to be configured with
Python support.
$_memeq(buf1, buf2, length)$_regex(str, regex)Python's
regular expression support.
$_streq(str1, str2)$_strlen(str)$_caller_is(name[, number_of_frames])If the optional argument number_of_frames is provided, it is the number of frames up in the stack to look. The default is 1.
Example:
(gdb) backtrace
#0 bottom_func ()
at testsuite/gdb.python/py-caller-is.c:21
#1 0x00000000004005a0 in middle_func ()
at testsuite/gdb.python/py-caller-is.c:27
#2 0x00000000004005ab in top_func ()
at testsuite/gdb.python/py-caller-is.c:33
#3 0x00000000004005b6 in main ()
at testsuite/gdb.python/py-caller-is.c:39
(gdb) print $_caller_is ("middle_func")
$1 = 1
(gdb) print $_caller_is ("top_func", 2)
$1 = 1
$_caller_matches(regexp[, number_of_frames])If the optional argument number_of_frames is provided,
it is the number of frames up in the stack to look.
The default is 1.
$_any_caller_is(name[, number_of_frames])If the optional argument number_of_frames is provided, it is the number of frames up in the stack to look. The default is 1.
This function differs from $_caller_is in that this function
checks all stack frames from the immediate caller to the frame specified
by number_of_frames, whereas $_caller_is only checks the
frame specified by number_of_frames.
$_any_caller_matches(regexp[, number_of_frames])If the optional argument number_of_frames is provided, it is the number of frames up in the stack to look. The default is 1.
This function differs from $_caller_matches in that this function
checks all stack frames from the immediate caller to the frame specified
by number_of_frames, whereas $_caller_matches only checks the
frame specified by number_of_frames.
gdb provides the ability to list and get help on convenience functions.
help functionYou can refer to machine register contents, in expressions, as variables
with names starting with ‘$’. The names of registers are different
for each machine; use info registers to see the names used on
your machine.
info registersinfo all-registersinfo registers regname ...gdb has four “standard” register names that are available (in
expressions) on most machines—whenever they do not conflict with an
architecture's canonical mnemonics for registers. The register names
$pc and $sp are used for the program counter register and
the stack pointer. $fp is used for a register that contains a
pointer to the current stack frame, and $ps is used for a
register that contains the processor status. For example,
you could print the program counter in hex with
p/x $pc
or print the instruction to be executed next with
x/i $pc
or add four to the stack pointer11 with
set $sp += 4
Whenever possible, these four standard register names are available on
your machine even though the machine has different canonical mnemonics,
so long as there is no conflict. The info registers command
shows the canonical names. For example, on the SPARC, info
registers displays the processor status register as $psr but you
can also refer to it as $ps; and on x86-based machines $ps
is an alias for the eflags register.
gdb always considers the contents of an ordinary register as an integer when the register is examined in this way. Some machines have special registers which can hold nothing but floating point; these registers are considered to have floating point values. There is no way to refer to the contents of an ordinary register as floating point value (although you can print it as a floating point value with ‘print/f $regname’).
Some registers have distinct “raw” and “virtual” data formats. This
means that the data format in which the register contents are saved by
the operating system is not the same one that your program normally
sees. For example, the registers of the 68881 floating point
coprocessor are always saved in “extended” (raw) format, but all C
programs expect to work with “double” (virtual) format. In such
cases, gdb normally works with the virtual format only (the format
that makes sense for your program), but the info registers command
prints the data in both formats.
Some machines have special registers whose contents can be interpreted
in several different ways. For example, modern x86-based machines
have SSE and MMX registers that can hold several values packed
together in several different formats. gdb refers to such
registers in struct notation:
(gdb) print $xmm1
$1 = {
v4_float = {0, 3.43859137e-038, 1.54142831e-044, 1.821688e-044},
v2_double = {9.92129282474342e-303, 2.7585945287983262e-313},
v16_int8 = "\000\000\000\000\3706;\001\v\000\000\000\r\000\000",
v8_int16 = {0, 0, 14072, 315, 11, 0, 13, 0},
v4_int32 = {0, 20657912, 11, 13},
v2_int64 = {88725056443645952, 55834574859},
uint128 = 0x0000000d0000000b013b36f800000000
}
To set values of such registers, you need to tell gdb which
view of the register you wish to change, as if you were assigning
value to a struct member:
(gdb) set $xmm1.uint128 = 0x000000000000000000000000FFFFFFFF
Normally, register values are relative to the selected stack frame (see Selecting a Frame). This means that you get the value that the register would contain if all stack frames farther in were exited and their saved registers restored. In order to see the true contents of hardware registers, you must select the innermost frame (with ‘frame 0’).
Usually ABIs reserve some registers as not needed to be saved by the callee (a.k.a.: “caller-saved”, “call-clobbered” or “volatile” registers). It may therefore not be possible for gdb to know the value a register had before the call (in other words, in the outer frame), if the register value has since been changed by the callee. gdb tries to deduce where the inner frame saved (“callee-saved”) registers, from the debug info, unwind info, or the machine code generated by your compiler. If some register is not saved, and gdb knows the register is “caller-saved” (via its own knowledge of the ABI, or because the debug/unwind info explicitly says the register's value is undefined), gdb displays ‘<not saved>’ as the register's value. With targets that gdb has no knowledge of the register saving convention, if a register was not saved by the callee, then its value and location in the outer frame are assumed to be the same of the inner frame. This is usually harmless, because if the register is call-clobbered, the caller either does not care what is in the register after the call, or has code to restore the value that it does care about. Note, however, that if you change such a register in the outer frame, you may also be affecting the inner frame. Also, the more “outer” the frame is you're looking at, the more likely a call-clobbered register's value is to be wrong, in the sense that it doesn't actually represent the value the register had just before the call.
Depending on the configuration, gdb may be able to give you more information about the status of the floating point hardware.
info floatDepending on the configuration, gdb may be able to give you more information about the status of the vector unit.
info vectorgdb provides interfaces to useful OS facilities that can help you debug your program.
Some operating systems supply an auxiliary vector to programs at startup. This is akin to the arguments and environment that you specify for a program, but contains a system-dependent variety of binary values that tell system libraries important details about the hardware, operating system, and process. Each value's purpose is identified by an integer tag; the meanings are well-known but system-specific. Depending on the configuration and operating system facilities, gdb may be able to show you this information. For remote targets, this functionality may further depend on the remote stub's support of the ‘qXfer:auxv:read’ packet, see qXfer auxiliary vector read.
info auxvOn some targets, gdb can access operating system-specific information and show it to you. The types of information available will differ depending on the type of operating system running on the target. The mechanism used to fetch the data is described in Operating System Information. For remote targets, this functionality depends on the remote stub's support of the ‘qXfer:osdata:read’ packet, see qXfer osdata read.
info os infotypeOn gnu/Linux, the following values of infotype are valid:
cpusfilesmodulesmsgprocessesprocgroupssemaphoresshmsocketsthreadsinfo osMemory region attributes allow you to describe special handling required by regions of your target's memory. gdb uses attributes to determine whether to allow certain types of memory accesses; whether to use specific width accesses; and whether to cache target memory. By default the description of memory regions is fetched from the target (if the current target supports this), but the user can override the fetched regions.
Defined memory regions can be individually enabled and disabled. When a memory region is disabled, gdb uses the default attributes when accessing memory in that region. Similarly, if no memory regions have been defined, gdb uses the default attributes when accessing all memory.
When a memory region is defined, it is given a number to identify it; to enable, disable, or remove a memory region, you specify that number.
mem lower upper attributes...mem autodelete mem nums...disable mem nums...enable mem nums...info memThe access mode attributes set whether gdb may make read or write accesses to a memory region.
While these attributes prevent gdb from performing invalid memory accesses, they do nothing to prevent the target system, I/O DMA, etc. from accessing memory.
roworwThe access size attribute tells gdb to use specific sized accesses in the memory region. Often memory mapped device registers require specific sized accesses. If no access size attribute is specified, gdb may use accesses of any size.
8163264The data cache attributes set whether gdb will cache target memory. While this generally improves performance by reducing debug protocol overhead, it can lead to incorrect results because gdb does not know about volatile variables or memory mapped device registers.
cachenocachegdb can be instructed to refuse accesses to memory that is not explicitly described. This can be useful if accessing such regions has undesired effects for a specific target, or to provide better error checking. The following commands control this behaviour.
set mem inaccessible-by-default [on|off]on is specified, make gdb treat memory not
explicitly described by the memory ranges as non-existent and refuse accesses
to such memory. The checks are only performed if there's at least one
memory range defined. If off is specified, make gdb
treat the memory not explicitly described by the memory ranges as RAM.
The default value is on.
show mem inaccessible-by-default
You can use the commands dump, append, and
restore to copy data between target memory and a file. The
dump and append commands write data to a file, and the
restore command reads data from a file back into the inferior's
memory. Files may be in binary, Motorola S-record, Intel hex,
Tektronix Hex, or Verilog Hex format; however, gdb can only
append to binary files, and cannot read from Verilog Hex files.
dump [format] memory filename start_addr end_addrdump [format] value filename exprThe format parameter may be any one of:
binaryihexsrectekhexveriloggdb uses the same definitions of these formats as the gnu binary utilities, like ‘objdump’ and ‘objcopy’. If format is omitted, gdb dumps the data in raw binary form.
append [binary] memory filename start_addr end_addrappend [binary] value filename exprrestore filename [binary] bias start endrestore command can automatically recognize any known bfd
file format, except for raw binary. To restore a raw binary file you
must specify the optional keyword binary after the filename.
If bias is non-zero, its value will be added to the addresses contained in the file. Binary files always start at address zero, so they will be restored at address bias. Other bfd files have a built-in location; they will be restored at offset bias from that location.
If start and/or end are non-zero, then only data between file offset start and file offset end will be restored. These offsets are relative to the addresses in the file, before the bias argument is applied.
A core file or core dump is a file that records the memory image of a running process and its process status (register values etc.). Its primary use is post-mortem debugging of a program that crashed while it ran outside a debugger. A program that crashes automatically produces a core file, unless this feature is disabled by the user. See Files, for information on invoking gdb in the post-mortem debugging mode.
Occasionally, you may wish to produce a core file of the program you are debugging in order to preserve a snapshot of its state. gdb has a special command for that.
generate-core-file [file]gcore [file]Note that this command is implemented only for some systems (as of this writing, gnu/Linux, FreeBSD, Solaris, and S390).
On gnu/Linux, this command can take into account the value of the file /proc/pid/coredump_filter when generating the core dump (see set use-coredump-filter).
set use-coredump-filter onset use-coredump-filter offTo make use of this feature, you have to write in the
/proc/pid/coredump_filter file a value, in hexadecimal,
which is a bit mask representing the memory mapping types. If a bit
is set in the bit mask, then the memory mappings of the corresponding
types will be dumped; otherwise, they will be ignored. This
configuration is inherited by child processes. For more information
about the bits that can be set in the
/proc/pid/coredump_filter file, please refer to the
manpage of core(5).
By default, this option is on. If this option is turned
off, gdb does not read the coredump_filter file
and instead uses the same default value as the Linux kernel in order
to decide which pages will be dumped in the core dump file. This
value is currently 0x33, which means that bits 0
(anonymous private mappings), 1 (anonymous shared mappings),
4 (ELF headers) and 5 (private huge pages) are active.
This will cause these memory mappings to be dumped automatically.
If the program you are debugging uses a different character set to represent characters and strings than the one gdb uses itself, gdb can automatically translate between the character sets for you. The character set gdb uses we call the host character set; the one the inferior program uses we call the target character set.
For example, if you are running gdb on a gnu/Linux system, which
uses the ISO Latin 1 character set, but you are using gdb's
remote protocol (see Remote Debugging) to debug a program
running on an IBM mainframe, which uses the ebcdic character set,
then the host character set is Latin-1, and the target character set is
ebcdic. If you give gdb the command set
target-charset EBCDIC-US, then gdb translates between
ebcdic and Latin 1 as you print character or string values, or use
character and string literals in expressions.
gdb has no way to automatically recognize which character set
the inferior program uses; you must tell it, using the set
target-charset command, described below.
Here are the commands for controlling gdb's character set support:
set target-charset charsetset host-charset charsetBy default, gdb uses a host character set appropriate to the
system it is running on; you can override that default using the
set host-charset command. On some systems, gdb cannot
automatically determine the appropriate host character set. In this
case, gdb uses ‘UTF-8’.
gdb can only use certain character sets as its host character
set. If you type set host-charset <TAB><TAB>,
gdb will list the host character sets it supports.
set charset charsetshow charsetshow host-charsetshow target-charsetset target-wide-charset charsetwchar_t type. To
display the list of supported wide character sets, type
set target-wide-charset <TAB><TAB>.
show target-wide-charsetHere is an example of gdb's character set support in action. Assume that the following source code has been placed in the file charset-test.c:
#include <stdio.h>
char ascii_hello[]
= {72, 101, 108, 108, 111, 44, 32, 119,
111, 114, 108, 100, 33, 10, 0};
char ibm1047_hello[]
= {200, 133, 147, 147, 150, 107, 64, 166,
150, 153, 147, 132, 90, 37, 0};
main ()
{
printf ("Hello, world!\n");
}
In this program, ascii_hello and ibm1047_hello are arrays
containing the string ‘Hello, world!’ followed by a newline,
encoded in the ascii and ibm1047 character sets.
We compile the program, and invoke the debugger on it:
$ gcc -g charset-test.c -o charset-test
$ gdb -nw charset-test
GNU gdb 2001-12-19-cvs
Copyright 2001 Free Software Foundation, Inc.
...
(gdb)
We can use the show charset command to see what character sets
gdb is currently using to interpret and display characters and
strings:
(gdb) show charset
The current host and target character set is `ISO-8859-1'.
(gdb)
For the sake of printing this manual, let's use ascii as our initial character set:
(gdb) set charset ASCII
(gdb) show charset
The current host and target character set is `ASCII'.
(gdb)
Let's assume that ascii is indeed the correct character set for our
host system — in other words, let's assume that if gdb prints
characters using the ascii character set, our terminal will display
them properly. Since our current target character set is also
ascii, the contents of ascii_hello print legibly:
(gdb) print ascii_hello
$1 = 0x401698 "Hello, world!\n"
(gdb) print ascii_hello[0]
$2 = 72 'H'
(gdb)
gdb uses the target character set for character and string literals you use in expressions:
(gdb) print '+'
$3 = 43 '+'
(gdb)
The ascii character set uses the number 43 to encode the ‘+’ character.
gdb relies on the user to tell it which character set the
target program uses. If we print ibm1047_hello while our target
character set is still ascii, we get jibberish:
(gdb) print ibm1047_hello
$4 = 0x4016a8 "\310\205\223\223\226k@\246\226\231\223\204Z%"
(gdb) print ibm1047_hello[0]
$5 = 200 '\310'
(gdb)
If we invoke the set target-charset followed by <TAB><TAB>,
gdb tells us the character sets it supports:
(gdb) set target-charset
ASCII EBCDIC-US IBM1047 ISO-8859-1
(gdb) set target-charset
We can select ibm1047 as our target character set, and examine the
program's strings again. Now the ascii string is wrong, but
gdb translates the contents of ibm1047_hello from the
target character set, ibm1047, to the host character set,
ascii, and they display correctly:
(gdb) set target-charset IBM1047
(gdb) show charset
The current host character set is `ASCII'.
The current target character set is `IBM1047'.
(gdb) print ascii_hello
$6 = 0x401698 "\110\145%%?\054\040\167?\162%\144\041\012"
(gdb) print ascii_hello[0]
$7 = 72 '\110'
(gdb) print ibm1047_hello
$8 = 0x4016a8 "Hello, world!\n"
(gdb) print ibm1047_hello[0]
$9 = 200 'H'
(gdb)
As above, gdb uses the target character set for character and string literals you use in expressions:
(gdb) print '+'
$10 = 78 '+'
(gdb)
The ibm1047 character set uses the number 78 to encode the ‘+’ character.
gdb caches data exchanged between the debugger and a target. Each cache is associated with the address space of the inferior. See Inferiors and Programs, about inferior and address space. Such caching generally improves performance in remote debugging (see Remote Debugging), because it reduces the overhead of the remote protocol by bundling memory reads and writes into large chunks. Unfortunately, simply caching everything would lead to incorrect results, since gdb does not necessarily know anything about volatile values, memory-mapped I/O addresses, etc. Furthermore, in non-stop mode (see Non-Stop Mode) memory can be changed while a gdb command is executing. Therefore, by default, gdb only caches data known to be on the stack12 or in the code segment. Other regions of memory can be explicitly marked as cacheable; see Memory Region Attributes.
set remotecache onset remotecache offshow remotecacheset stack-cache onset stack-cache offon, use
caching. By default, this option is on.
show stack-cacheset code-cache onset code-cache offon,
use caching. By default, this option is on. This improves
performance of disassembly in remote debugging.
show code-cacheinfo dcache [line]If a line number is specified, the contents of that line will be
printed in hex.
set dcache size sizeset dcache line-size line-sizeshow dcache sizeshow dcache line-size
Memory can be searched for a particular sequence of bytes with the
find command.
find [/sn] start_addr, +len, val1 [, val2, ...]find [/sn] start_addr, end_addr, val1 [, val2, ...]s and n are optional parameters. They may be specified in either order, apart or together.
bhwgAll values are interpreted in the current language. This means, for example, that if the current source language is C/C++ then searching for the string “hello” includes the trailing '\0'.
If the value size is not specified, it is taken from the
value's type in the current language.
This is useful when one wants to specify the search
pattern as a mixture of types.
Note that this means, for example, that in the case of C-like languages
a search for an untyped 0x42 will search for ‘(int) 0x42’
which is typically four bytes.
You can use strings as search values. Quote them with double-quotes
(").
The string value is copied into the search pattern byte by byte,
regardless of the endianness of the target and the size specification.
The address of each match found is printed as well as a count of the number of matches found.
The address of the last value found is stored in convenience variable ‘$_’. A count of the number of matches is stored in ‘$numfound’.
For example, if stopped at the printf in this function:
void
hello ()
{
static char hello[] = "hello-hello";
static struct { char c; short s; int i; }
__attribute__ ((packed)) mixed
= { 'c', 0x1234, 0x87654321 };
printf ("%s\n", hello);
}
you get during debugging:
(gdb) find &hello[0], +sizeof(hello), "hello"
0x804956d <hello.1620+6>
1 pattern found
(gdb) find &hello[0], +sizeof(hello), 'h', 'e', 'l', 'l', 'o'
0x8049567 <hello.1620>
0x804956d <hello.1620+6>
2 patterns found
(gdb) find /b1 &hello[0], +sizeof(hello), 'h', 0x65, 'l'
0x8049567 <hello.1620>
1 pattern found
(gdb) find &mixed, +sizeof(mixed), (char) 'c', (short) 0x1234, (int) 0x87654321
0x8049560 <mixed.1625>
1 pattern found
(gdb) print $numfound
$1 = 1
(gdb) print $_
$2 = (void *) 0x8049560
Almost all compilers support optimization. With optimization disabled, the compiler generates assembly code that corresponds directly to your source code, in a simplistic way. As the compiler applies more powerful optimizations, the generated assembly code diverges from your original source code. With help from debugging information generated by the compiler, gdb can map from the running program back to constructs from your original source.
gdb is more accurate with optimization disabled. If you can recompile without optimization, it is easier to follow the progress of your program during debugging. But, there are many cases where you may need to debug an optimized version.
When you debug a program compiled with ‘-g -O’, remember that the optimizer has rearranged your code; the debugger shows you what is really there. Do not be too surprised when the execution path does not exactly match your source file! An extreme example: if you define a variable, but never use it, gdb never sees that variable—because the compiler optimizes it out of existence.
Some things do not work as well with ‘-g -O’ as with just ‘-g’, particularly on machines with instruction scheduling. If in doubt, recompile with ‘-g’ alone, and if this fixes the problem, please report it to us as a bug (including a test case!). See Variables, for more information about debugging optimized code.
Inlining is an optimization that inserts a copy of the function
body directly at each call site, instead of jumping to a shared
routine. gdb displays inlined functions just like
non-inlined functions. They appear in backtraces. You can view their
arguments and local variables, step into them with step, skip
them with next, and escape from them with finish.
You can check whether a function was inlined by using the
info frame command.
For gdb to support inlined functions, the compiler must record information about inlining in the debug information — gcc using the dwarf 2 format does this, and several other compilers do also. gdb only supports inlined functions when using dwarf 2. Versions of gcc before 4.1 do not emit two required attributes (‘DW_AT_call_file’ and ‘DW_AT_call_line’); gdb does not display inlined function calls with earlier versions of gcc. It instead displays the arguments and local variables of inlined functions as local variables in the caller.
The body of an inlined function is directly included at its call site; unlike a non-inlined function, there are no instructions devoted to the call. gdb still pretends that the call site and the start of the inlined function are different instructions. Stepping to the call site shows the call site, and then stepping again shows the first line of the inlined function, even though no additional instructions are executed.
This makes source-level debugging much clearer; you can see both the
context of the call and then the effect of the call. Only stepping by
a single instruction using stepi or nexti does not do
this; single instruction steps always show the inlined body.
There are some ways that gdb does not pretend that inlined function calls are the same as normal calls:
finish command. This is a limitation of compiler-generated
debugging information; after finish, you can step to the next line
and print a variable where your program stored the return value.
Function B can call function C in its very last statement. In
unoptimized compilation the call of C is immediately followed by return
instruction at the end of B code. Optimizing compiler may replace the
call and return in function B into one jump to function C
instead. Such use of a jump instruction is called tail call.
During execution of function C, there will be no indication in the
function call stack frames that it was tail-called from B. If function
A regularly calls function B which tail-calls function C,
then gdb will see A as the caller of C. However, in
some cases gdb can determine that C was tail-called from
B, and it will then create fictitious call frame for that, with the
return address set up as if B called C normally.
This functionality is currently supported only by DWARF 2 debugging format and the compiler has to produce ‘DW_TAG_GNU_call_site’ tags. With gcc, you need to specify -O -g during compilation, to get this information.
info frame command (see Frame Info) will indicate the tail call frame
kind by text tail call frame such as in this sample gdb output:
(gdb) x/i $pc - 2
0x40066b <b(int, double)+11>: jmp 0x400640 <c(int, double)>
(gdb) info frame
Stack level 1, frame at 0x7fffffffda30:
rip = 0x40066d in b (amd64-entry-value.cc:59); saved rip 0x4004c5
tail call frame, caller of frame at 0x7fffffffda30
source language c++.
Arglist at unknown address.
Locals at unknown address, Previous frame's sp is 0x7fffffffda30
The detection of all the possible code path executions can find them ambiguous. There is no execution history stored (possible Reverse Execution is never used for this purpose) and the last known caller could have reached the known callee by multiple different jump sequences. In such case gdb still tries to show at least all the unambiguous top tail callers and all the unambiguous bottom tail calees, if any.
set debug entry-valuesshow debug entry-valuesThe analysis messages for tail calls can for example show why the virtual tail
call frame for function c has not been recognized (due to the indirect
reference by variable x):
static void __attribute__((noinline, noclone)) c (void);
void (*x) (void) = c;
static void __attribute__((noinline, noclone)) a (void) { x++; }
static void __attribute__((noinline, noclone)) c (void) { a (); }
int main (void) { x (); return 0; }
Breakpoint 1, DW_OP_GNU_entry_value resolving cannot find
DW_TAG_GNU_call_site 0x40039a in main
a () at t.c:3
3 static void __attribute__((noinline, noclone)) a (void) { x++; }
(gdb) bt
#0 a () at t.c:3
#1 0x000000000040039a in main () at t.c:5
Another possibility is an ambiguous virtual tail call frames resolution:
int i;
static void __attribute__((noinline, noclone)) f (void) { i++; }
static void __attribute__((noinline, noclone)) e (void) { f (); }
static void __attribute__((noinline, noclone)) d (void) { f (); }
static void __attribute__((noinline, noclone)) c (void) { d (); }
static void __attribute__((noinline, noclone)) b (void)
{ if (i) c (); else e (); }
static void __attribute__((noinline, noclone)) a (void) { b (); }
int main (void) { a (); return 0; }
tailcall: initial: 0x4004d2(a) 0x4004ce(b) 0x4004b2(c) 0x4004a2(d)
tailcall: compare: 0x4004d2(a) 0x4004cc(b) 0x400492(e)
tailcall: reduced: 0x4004d2(a) |
(gdb) bt
#0 f () at t.c:2
#1 0x00000000004004d2 in a () at t.c:8
#2 0x0000000000400395 in main () at t.c:9
Frames #0 and #2 are real, #1 is a virtual tail call frame.
The code can have possible execution paths main->a->b->c->d->f or
main->a->b->e->f, gdb cannot find which one from the inferior state.
initial: state shows some random possible calling sequence gdb
has found. It then finds another possible calling sequcen - that one is
prefixed by compare:. The non-ambiguous intersection of these two is
printed as the reduced: calling sequence. That one could have many
futher compare: and reduced: statements as long as there remain
any non-ambiguous sequence entries.
For the frame of function b in both cases there are different possible
$pc values (0x4004cc or 0x4004ce), therefore this frame is
also ambigous. The only non-ambiguous frame is the one for function a,
therefore this one is displayed to the user while the ambiguous frames are
omitted.
There can be also reasons why printing of frame argument values at function entry may fail:
int v;
static void __attribute__((noinline, noclone)) c (int i) { v++; }
static void __attribute__((noinline, noclone)) a (int i);
static void __attribute__((noinline, noclone)) b (int i) { a (i); }
static void __attribute__((noinline, noclone)) a (int i)
{ if (i) b (i - 1); else c (0); }
int main (void) { a (5); return 0; }
(gdb) bt
#0 c (i=i@entry=0) at t.c:2
#1 0x0000000000400428 in a (DW_OP_GNU_entry_value resolving has found
function "a" at 0x400420 can call itself via tail calls
i=<optimized out>) at t.c:6
#2 0x000000000040036e in main () at t.c:7
gdb cannot find out from the inferior state if and how many times did
function a call itself (via function b) as these calls would be
tail calls. Such tail calls would modify thue i variable, therefore
gdb cannot be sure the value it knows would be right - gdb
prints <optimized out> instead.
Some languages, such as C and C++, provide a way to define and invoke “preprocessor macros” which expand into strings of tokens. gdb can evaluate expressions containing macro invocations, show the result of macro expansion, and show a macro's definition, including where it was defined.
You may need to compile your program specially to provide gdb with information about preprocessor macros. Most compilers do not include macros in their debugging information, even when you compile with the -g flag. See Compilation.
A program may define a macro at one point, remove that definition later, and then provide a different definition after that. Thus, at different points in the program, a macro may have different definitions, or have no definition at all. If there is a current stack frame, gdb uses the macros in scope at that frame's source code line. Otherwise, gdb uses the macros in scope at the current listing location; see List.
Whenever gdb evaluates an expression, it always expands any macro invocations present in the expression. gdb also provides the following commands for working with macros explicitly.
macro expand expressionmacro exp expressionmacro expand-once expressionmacro exp1 expressioninfo macro [-a|-all] [--] macroinfo macros linespecmacro define macro replacement-listmacro define macro(arglist) replacement-listA definition introduced by this command is in scope in every
expression evaluated in gdb, until it is removed with the
macro undef command, described below. The definition overrides
all definitions for macro present in the program being debugged,
as well as any previous user-supplied definition.
macro undef macromacro
define command, described above; it cannot remove definitions present
in the program being debugged.
macro listmacro define command.
Here is a transcript showing the above commands in action. First, we show our source files:
$ cat sample.c
#include <stdio.h>
#include "sample.h"
#define M 42
#define ADD(x) (M + x)
main ()
{
#define N 28
printf ("Hello, world!\n");
#undef N
printf ("We're so creative.\n");
#define N 1729
printf ("Goodbye, world!\n");
}
$ cat sample.h
#define Q <
$
Now, we compile the program using the gnu C compiler, gcc. We pass the -gdwarf-213 and -g3 flags to ensure the compiler includes information about preprocessor macros in the debugging information.
$ gcc -gdwarf-2 -g3 sample.c -o sample
$
Now, we start gdb on our sample program:
$ gdb -nw sample
GNU gdb 2002-05-06-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, ...
(gdb)
We can expand macros and examine their definitions, even when the program is not running. gdb uses the current listing position to decide which macro definitions are in scope:
(gdb) list main
3
4 #define M 42
5 #define ADD(x) (M + x)
6
7 main ()
8 {
9 #define N 28
10 printf ("Hello, world!\n");
11 #undef N
12 printf ("We're so creative.\n");
(gdb) info macro ADD
Defined at /home/jimb/gdb/macros/play/sample.c:5
#define ADD(x) (M + x)
(gdb) info macro Q
Defined at /home/jimb/gdb/macros/play/sample.h:1
included at /home/jimb/gdb/macros/play/sample.c:2
#define Q <
(gdb) macro expand ADD(1)
expands to: (42 + 1)
(gdb) macro expand-once ADD(1)
expands to: once (M + 1)
(gdb)
In the example above, note that macro expand-once expands only
the macro invocation explicit in the original text — the invocation of
ADD — but does not expand the invocation of the macro M,
which was introduced by ADD.
Once the program is running, gdb uses the macro definitions in force at the source line of the current stack frame:
(gdb) break main
Breakpoint 1 at 0x8048370: file sample.c, line 10.
(gdb) run
Starting program: /home/jimb/gdb/macros/play/sample
Breakpoint 1, main () at sample.c:10
10 printf ("Hello, world!\n");
(gdb)
At line 10, the definition of the macro N at line 9 is in force:
(gdb) info macro N
Defined at /home/jimb/gdb/macros/play/sample.c:9
#define N 28
(gdb) macro expand N Q M
expands to: 28 < 42
(gdb) print N Q M
$1 = 1
(gdb)
As we step over directives that remove N's definition, and then
give it a new definition, gdb finds the definition (or lack
thereof) in force at each point:
(gdb) next
Hello, world!
12 printf ("We're so creative.\n");
(gdb) info macro N
The symbol `N' has no definition as a C/C++ preprocessor macro
at /home/jimb/gdb/macros/play/sample.c:12
(gdb) next
We're so creative.
14 printf ("Goodbye, world!\n");
(gdb) info macro N
Defined at /home/jimb/gdb/macros/play/sample.c:13
#define N 1729
(gdb) macro expand N Q M
expands to: 1729 < 42
(gdb) print N Q M
$2 = 0
(gdb)
In addition to source files, macros can be defined on the compilation command line using the -Dname=value syntax. For macros defined in such a way, gdb displays the location of their definition as line zero of the source file submitted to the compiler.
(gdb) info macro __STDC__
Defined at /home/jimb/gdb/macros/play/sample.c:0
-D__STDC__=1
(gdb)
In some applications, it is not feasible for the debugger to interrupt the program's execution long enough for the developer to learn anything helpful about its behavior. If the program's correctness depends on its real-time behavior, delays introduced by a debugger might cause the program to change its behavior drastically, or perhaps fail, even when the code itself is correct. It is useful to be able to observe the program's behavior without interrupting it.
Using gdb's trace and collect commands, you can
specify locations in the program, called tracepoints, and
arbitrary expressions to evaluate when those tracepoints are reached.
Later, using the tfind command, you can examine the values
those expressions had when the program hit the tracepoints. The
expressions may also denote objects in memory—structures or arrays,
for example—whose values gdb should record; while visiting
a particular tracepoint, you may inspect those objects as if they were
in memory at that moment. However, because gdb records these
values without interacting with you, it can do so quickly and
unobtrusively, hopefully not disturbing the program's behavior.
The tracepoint facility is currently available only for remote targets. See Targets. In addition, your remote target must know how to collect trace data. This functionality is implemented in the remote stub; however, none of the stubs distributed with gdb support tracepoints as of this writing. The format of the remote packets used to implement tracepoints are described in Tracepoint Packets.
It is also possible to get trace data from a file, in a manner reminiscent
of corefiles; you specify the filename, and use tfind to search
through the file. See Trace Files, for more details.
This chapter describes the tracepoint commands and features.
Before running such a trace experiment, an arbitrary number of tracepoints can be set. A tracepoint is actually a special type of breakpoint (see Set Breaks), so you can manipulate it using standard breakpoint commands. For instance, as with breakpoints, tracepoint numbers are successive integers starting from one, and many of the commands associated with tracepoints take the tracepoint number as their argument, to identify which tracepoint to work on.
For each tracepoint, you can specify, in advance, some arbitrary set of data that you want the target to collect in the trace buffer when it hits that tracepoint. The collected data can include registers, local variables, or global data. Later, you can use gdb commands to examine the values these data had at the time the tracepoint was hit.
Tracepoints do not support every breakpoint feature. Ignore counts on tracepoints have no effect, and tracepoints cannot run gdb commands when they are hit. Tracepoints may not be thread-specific either.
Some targets may support fast tracepoints, which are inserted in a different way (such as with a jump instead of a trap), that is faster but possibly restricted in where they may be installed.
Regular and fast tracepoints are dynamic tracing facilities, meaning that they can be used to insert tracepoints at (almost) any location in the target. Some targets may also support controlling static tracepoints from gdb. With static tracing, a set of instrumentation points, also known as markers, are embedded in the target program, and can be activated or deactivated by name or address. These are usually placed at locations which facilitate investigating what the target is actually doing. gdb's support for static tracing includes being able to list instrumentation points, and attach them with gdb defined high level tracepoints that expose the whole range of convenience of gdb's tracepoints support. Namely, support for collecting registers values and values of global or local (to the instrumentation point) variables; tracepoint conditions and trace state variables. The act of installing a gdb static tracepoint on an instrumentation point, or marker, is referred to as probing a static tracepoint marker.
gdbserver supports tracepoints on some target systems.
See Tracepoints support in gdbserver.
This section describes commands to set tracepoints and associated conditions and actions.
trace locationtrace command is very similar to the break command.
Its argument location can be a source line, a function name, or
an address in the target program. See Specify Location. The
trace command defines a tracepoint, which is a point in the
target program where the debugger will briefly stop, collect some
data, and then allow the program to continue. Setting a tracepoint or
changing its actions takes effect immediately if the remote stub
supports the ‘InstallInTrace’ feature (see install tracepoint in tracing).
If remote stub doesn't support the ‘InstallInTrace’ feature, all
these changes don't take effect until the next tstart
command, and once a trace experiment is running, further changes will
not have any effect until the next trace experiment starts. In addition,
gdb supports pending tracepoints—tracepoints whose
address is not yet resolved. (This is similar to pending breakpoints.)
Pending tracepoints are not downloaded to the target and not installed
until they are resolved. The resolution of pending tracepoints requires
gdb support—when debugging with the remote target, and
gdb disconnects from the remote stub (see disconnected tracing), pending tracepoints can not be resolved (and downloaded to
the remote stub) while gdb is disconnected.
Here are some examples of using the trace command:
(gdb) trace foo.c:121 // a source file and line number
(gdb) trace +2 // 2 lines forward
(gdb) trace my_function // first source line of function
(gdb) trace *my_function // EXACT start address of function
(gdb) trace *0x2117c4 // an address
You can abbreviate trace as tr.
trace location if condftrace location [ if cond ]ftrace command sets a fast tracepoint. For targets that
support them, fast tracepoints will use a more efficient but possibly
less general technique to trigger data collection, such as a jump
instruction instead of a trap, or some sort of hardware support. It
may not be possible to create a fast tracepoint at the desired
location, in which case the command will exit with an explanatory
message.
gdb handles arguments to ftrace exactly as for
trace.
On 32-bit x86-architecture systems, fast tracepoints normally need to
be placed at an instruction that is 5 bytes or longer, but can be
placed at 4-byte instructions if the low 64K of memory of the target
program is available to install trampolines. Some Unix-type systems,
such as gnu/Linux, exclude low addresses from the program's
address space; but for instance with the Linux kernel it is possible
to let gdb use this area by doing a sysctl command
to set the mmap_min_addr kernel parameter, as in
sudo sysctl -w vm.mmap_min_addr=32768
which sets the low address to 32K, which leaves plenty of room for
trampolines. The minimum address should be set to a page boundary.
strace location [ if cond ]strace command sets a static tracepoint. For targets that
support it, setting a static tracepoint probes a static
instrumentation point, or marker, found at location. It may not
be possible to set a static tracepoint at the desired location, in
which case the command will exit with an explanatory message.
gdb handles arguments to strace exactly as for
trace, with the addition that the user can also specify
-m marker as location. This probes the marker
identified by the marker string identifier. This identifier
depends on the static tracepoint backend library your program is
using. You can find all the marker identifiers in the ‘ID’ field
of the info static-tracepoint-markers command output.
See Listing Static Tracepoint Markers. For example, in the following small program using the UST
tracing engine:
main ()
{
trace_mark(ust, bar33, "str %s", "FOOBAZ");
}
the marker id is composed of joining the first two arguments to the
trace_mark call with a slash, which translates to:
(gdb) info static-tracepoint-markers
Cnt Enb ID Address What
1 n ust/bar33 0x0000000000400ddc in main at stexample.c:22
Data: "str %s"
[etc...]
so you may probe the marker above with:
(gdb) strace -m ust/bar33
Static tracepoints accept an extra collect action — collect
$_sdata. This collects arbitrary user data passed in the probe point
call to the tracing library. In the UST example above, you'll see
that the third argument to trace_mark is a printf-like format
string. The user data is then the result of running that formating
string against the following arguments. Note that info
static-tracepoint-markers command output lists that format string in
the ‘Data:’ field.
You can inspect this data when analyzing the trace buffer, by printing the $_sdata variable like any other variable available to gdb. See Tracepoint Action Lists.
The convenience variable $tpnum records the tracepoint number
of the most recently set tracepoint.
delete tracepoint [num]delete command can remove tracepoints also.
Examples:
(gdb) delete trace 1 2 3 // remove three tracepoints
(gdb) delete trace // remove all tracepoints
You can abbreviate this command as del tr.
These commands are deprecated; they are equivalent to plain disable and enable.
disable tracepoint [num]enable tracepoint command.
If the command is issued during a trace experiment and the debug target
has support for disabling tracepoints during a trace experiment, then the
change will be effective immediately. Otherwise, it will be applied to the
next trace experiment.
enable tracepoint [num]passcount [n [num]]passcount command sets the
passcount of the most recently defined tracepoint. If no passcount is
given, the trace experiment will run until stopped explicitly by the
user.
Examples:
(gdb) passcount 5 2 // Stop on the 5th execution of
// tracepoint 2
(gdb) passcount 12 // Stop on the 12th execution of the
// most recently defined tracepoint.
(gdb) trace foo
(gdb) pass 3
(gdb) trace bar
(gdb) pass 2
(gdb) trace baz
(gdb) pass 1 // Stop tracing when foo has been
// executed 3 times OR when bar has
// been executed 2 times
// OR when baz has been executed 1 time.
The simplest sort of tracepoint collects data every time your program reaches a specified place. You can also specify a condition for a tracepoint. A condition is just a Boolean expression in your programming language (see Expressions). A tracepoint with a condition evaluates the expression each time your program reaches it, and data collection happens only if the condition is true.
Tracepoint conditions can be specified when a tracepoint is set, by
using ‘if’ in the arguments to the trace command.
See Setting Tracepoints. They can
also be set or changed at any time with the condition command,
just as with breakpoints.
Unlike breakpoint conditions, gdb does not actually evaluate the conditional expression itself. Instead, gdb encodes the expression into an agent expression (see Agent Expressions) suitable for execution on the target, independently of gdb. Global variables become raw memory locations, locals become stack accesses, and so forth.
For instance, suppose you have a function that is usually called frequently, but should not be called after an error has occurred. You could use the following tracepoint command to collect data about calls of that function that happen while the error code is propagating through the program; an unconditional tracepoint could end up collecting thousands of useless trace frames that you would have to search through.
(gdb) trace normal_operation if errcode > 0
A trace state variable is a special type of variable that is
created and managed by target-side code. The syntax is the same as
that for GDB's convenience variables (a string prefixed with “$”),
but they are stored on the target. They must be created explicitly,
using a tvariable command. They are always 64-bit signed
integers.
Trace state variables are remembered by gdb, and downloaded to the target along with tracepoint information when the trace experiment starts. There are no intrinsic limits on the number of trace state variables, beyond memory limitations of the target.
Although trace state variables are managed by the target, you can use
them in print commands and expressions as if they were convenience
variables; gdb will get the current value from the target
while the trace experiment is running. Trace state variables share
the same namespace as other “$” variables, which means that you
cannot have trace state variables with names like $23 or
$pc, nor can you have a trace state variable and a convenience
variable with the same name.
tvariable $name [ = expression ]tvariable command creates a new trace state variable named
$name, and optionally gives it an initial value of
expression. The expression is evaluated when this command is
entered; the result will be converted to an integer if possible,
otherwise gdb will report an error. A subsequent
tvariable command specifying the same name does not create a
variable, but instead assigns the supplied initial value to the
existing variable of that name, overwriting any previous initial
value. The default initial value is 0.
info tvariablesdelete tvariable [ $name ... ]actions [num]actions without bothering about its number). You specify the
actions themselves on the following lines, one action at a time, and
terminate the actions list with a line containing just end. So
far, the only defined actions are collect, teval, and
while-stepping.
actions is actually equivalent to commands (see Breakpoint Command Lists), except that only the defined
actions are allowed; any other gdb command is rejected.
To remove all actions from a tracepoint, type ‘actions num’ and follow it immediately with ‘end’.
(gdb) collect data // collect some data
(gdb) while-stepping 5 // single-step 5 times, collect data
(gdb) end // signals the end of actions.
In the following example, the action list begins with collect
commands indicating the things to be collected when the tracepoint is
hit. Then, in order to single-step and collect additional data
following the tracepoint, a while-stepping command is used,
followed by the list of things to be collected after each step in a
sequence of single steps. The while-stepping command is
terminated by its own separate end command. Lastly, the action
list is terminated by an end command.
(gdb) trace foo
(gdb) actions
Enter actions for tracepoint 1, one per line:
> collect bar,baz
> collect $regs
> while-stepping 12
> collect $pc, arr[i]
> end
end
collect[/mods] expr1, expr2, ...$regs$args$locals$_ret$_probe_argc$_probe_argn$_sdataprintf function call. The
tracing library is able to collect user specified data formatted to a
character string using the format provided by the programmer that
instrumented the program. Other backends have similar mechanisms.
Here's an example of a UST marker call:
const char master_name[] = "$your_name";
trace_mark(channel1, marker1, "hello %s", master_name)
In this case, collecting $_sdata collects the string
‘hello $yourname’. When analyzing the trace buffer, you can
inspect ‘$_sdata’ like any other variable available to
gdb.
You can give several consecutive collect commands, each one
with a single argument, or one collect command with several
arguments separated by commas; the effect is the same.
The optional mods changes the usual handling of the arguments.
s requests that pointers to chars be handled as strings, in
particular collecting the contents of the memory being pointed at, up
to the first zero. The upper bound is by default the value of the
print elements variable; if s is followed by a decimal
number, that is the upper bound instead. So for instance
‘collect/s25 mystr’ collects as many as 25 characters at
‘mystr’.
The command info scope (see info scope) is
particularly useful for figuring out what data to collect.
teval expr1, expr2, ...collect
action were used.
while-stepping nwhile-stepping
command is followed by the list of what to collect while stepping
(followed by its own end command):
> while-stepping 12
> collect $regs, myglobal
> end
>
Note that $pc is not automatically collected by
while-stepping; you need to explicitly collect that register if
you need it. You may abbreviate while-stepping as ws or
stepping.
set default-collect expr1, expr2, ...collect action prepended
to every tracepoint action list. The expressions are parsed
individually for each tracepoint, so for instance a variable named
xyz may be interpreted as a global for one tracepoint, and a
local for another, as appropriate to the tracepoint's location.
show default-collectinfo tracepoints [num...]info breakpoints; in fact, info tracepoints is the same
command, simply restricting itself to tracepoints.
A tracepoint's listing may include additional information specific to tracing:
passcount n command
(gdb) info trace
Num Type Disp Enb Address What
1 tracepoint keep y 0x0804ab57 in foo() at main.cxx:7
while-stepping 20
collect globfoo, $regs
end
collect globfoo2
end
pass count 1200
2 tracepoint keep y <MULTIPLE>
collect $eip
2.1 y 0x0804859c in func4 at change-loc.h:35
installed on target
2.2 y 0xb7ffc480 in func4 at change-loc.h:35
installed on target
2.3 y <PENDING> set_tracepoint
3 tracepoint keep y 0x080485b1 in foo at change-loc.c:29
not installed on target
(gdb)
This command can be abbreviated info tp.
info static-tracepoint-markersFor each marker, the following columns are printed:
In addition, the following information may be printed for each marker:
(gdb) info static-tracepoint-markers
Cnt ID Enb Address What
1 ust/bar2 y 0x0000000000400e1a in main at stexample.c:25
Data: number1 %d number2 %d
Probed by static tracepoints: #2
2 ust/bar33 n 0x0000000000400c87 in main at stexample.c:24
Data: str %s
(gdb)
tstarttstopNote: a trace experiment and data collection may stop automatically if any tracepoint's passcount is reached (see Tracepoint Passcounts), or if the trace buffer becomes full.
tstatusHere is an example of the commands we described so far:
(gdb) trace gdb_c_test
(gdb) actions
Enter actions for tracepoint #1, one per line.
> collect $regs,$locals,$args
> while-stepping 11
> collect $regs
> end
> end
(gdb) tstart
[time passes ...]
(gdb) tstop
You can choose to continue running the trace experiment even if
gdb disconnects from the target, voluntarily or
involuntarily. For commands such as detach, the debugger will
ask what you want to do with the trace. But for unexpected
terminations (gdb crash, network outage), it would be
unfortunate to lose hard-won trace data, so the variable
disconnected-tracing lets you decide whether the trace should
continue running without gdb.
set disconnected-tracing onset disconnected-tracing offdetach or
quit will ask you directly what to do about a running trace no
matter what this variable's setting, so the variable is mainly useful
for handling unexpected situations, such as loss of the network.
show disconnected-tracingWhen you reconnect to the target, the trace experiment may or may not still be running; it might have filled the trace buffer in the meantime, or stopped for one of the other reasons. If it is running, it will continue after reconnection.
Upon reconnection, the target will upload information about the tracepoints in effect. gdb will then compare that information to the set of tracepoints currently defined, and attempt to match them up, allowing for the possibility that the numbers may have changed due to creation and deletion in the meantime. If one of the target's tracepoints does not match any in gdb, the debugger will create a new tracepoint, so that you have a number with which to specify that tracepoint. This matching-up process is necessarily heuristic, and it may result in useless tracepoints being created; you may simply delete them if they are of no use.
If your target agent supports a circular trace buffer, then you can run a trace experiment indefinitely without filling the trace buffer; when space runs out, the agent deletes already-collected trace frames, oldest first, until there is enough room to continue collecting. This is especially useful if your tracepoints are being hit too often, and your trace gets terminated prematurely because the buffer is full. To ask for a circular trace buffer, simply set ‘circular-trace-buffer’ to on. You can set this at any time, including during tracing; if the agent can do it, it will change buffer handling on the fly, otherwise it will not take effect until the next run.
set circular-trace-buffer onset circular-trace-buffer offshow circular-trace-bufferset trace-buffer-size nset trace-buffer-size unlimitedunlimited or -1 to let the target use whatever size it
likes. This is also the default.
show trace-buffer-sizetstatus
to get a report of the actual buffer size.
set trace-user textshow trace-userset trace-notes textshow trace-notesset trace-stop-notes texttstop arguments; the set command is convenient way to fix a
stop note that is mistaken or incomplete.
show trace-stop-notesThere are a number of restrictions on the use of tracepoints. As described above, tracepoint data gathering occurs on the target without interaction from gdb. Thus the full capabilities of the debugger are not available during data gathering, and then at data examination time, you will be limited by only having what was collected. The following items describe some common problems, but it is not exhaustive, and you may run into additional difficulties not mentioned here.
$locals or $args, during while-stepping may
behave erratically. The stepping action may enter a new scope (for
instance by stepping into a function), or the location of the variable
may change (for instance it is loaded into a register). The
tracepoint data recorded uses the location information for the
variables that is correct for the tracepoint location. When the
tracepoint is created, it is not possible, in general, to determine
where the steps of a while-stepping sequence will advance the
program—particularly if a conditional branch is stepped.
*ptr@50 can be used to collect the 50 element array pointed to
by ptr.
*(unsigned char *)$esp@300
(adjust to use the name of the actual stack pointer register on your
target architecture, and the amount of stack you wish to capture).
Then the backtrace command will show a partial backtrace when
using a trace frame. The number of stack frames that can be examined
depends on the sizes of the frames in the collected stack. Note that
if you ask for a block so large that it goes past the bottom of the
stack, the target agent may report an error trying to read from an
invalid address.
$pc must be the same as the address of
the tracepoint and use that when you are looking at a trace frame
for that tracepoint. However, this cannot work if the tracepoint has
multiple locations (for instance if it was set in a function that was
inlined), or if it has a while-stepping loop. In those cases
gdb will warn you that it can't infer $pc, and default
it to zero.
After the tracepoint experiment ends, you use gdb commands
for examining the trace data. The basic idea is that each tracepoint
collects a trace snapshot every time it is hit and another
snapshot every time it single-steps. All these snapshots are
consecutively numbered from zero and go into a buffer, and you can
examine them later. The way you examine them is to focus on a
specific trace snapshot. When the remote stub is focused on a trace
snapshot, it will respond to all gdb requests for memory and
registers by reading from the buffer which belongs to that snapshot,
rather than from real memory or registers of the program being
debugged. This means that all gdb commands
(print, info registers, backtrace, etc.) will
behave as if we were currently debugging the program state as it was
when the tracepoint occurred. Any requests for data that are not in
the buffer will fail.
tfind nThe basic command for selecting a trace snapshot from the buffer is
tfind n, which finds trace snapshot number n,
counting from zero. If no argument n is given, the next
snapshot is selected.
Here are the various forms of using the tfind command.
tfind starttfind 0 (since 0 is the number of the first snapshot).
tfind nonetfind endtfindtfind -tfind tracepoint numtfind pc addrtfind outside addr1, addr2tfind range addr1, addr2tfind line [file:]ntfind line repeatedly can appear to have the same effect as
stepping from line to line in a live debugging session.
The default arguments for the tfind commands are specifically
designed to make it easy to scan through the trace buffer. For
instance, tfind with no argument selects the next trace
snapshot, and tfind - with no argument selects the previous
trace snapshot. So, by giving one tfind command, and then
simply hitting <RET> repeatedly you can examine all the trace
snapshots in order. Or, by saying tfind - and then hitting
<RET> repeatedly you can examine the snapshots in reverse order.
The tfind line command with no argument selects the snapshot
for the next source line executed. The tfind pc command with
no argument selects the next snapshot with the same program counter
(PC) as the current frame. The tfind tracepoint command with
no argument selects the next trace snapshot collected by the same
tracepoint as the current one.
In addition to letting you scan through the trace buffer manually, these commands make it easy to construct gdb scripts that scan through the trace buffer and print out whatever collected data you are interested in. Thus, if we want to examine the PC, FP, and SP registers from each trace frame in the buffer, we can say this:
(gdb) tfind start
(gdb) while ($trace_frame != -1)
> printf "Frame %d, PC = %08X, SP = %08X, FP = %08X\n", \
$trace_frame, $pc, $sp, $fp
> tfind
> end
Frame 0, PC = 0020DC64, SP = 0030BF3C, FP = 0030BF44
Frame 1, PC = 0020DC6C, SP = 0030BF38, FP = 0030BF44
Frame 2, PC = 0020DC70, SP = 0030BF34, FP = 0030BF44
Frame 3, PC = 0020DC74, SP = 0030BF30, FP = 0030BF44
Frame 4, PC = 0020DC78, SP = 0030BF2C, FP = 0030BF44
Frame 5, PC = 0020DC7C, SP = 0030BF28, FP = 0030BF44
Frame 6, PC = 0020DC80, SP = 0030BF24, FP = 0030BF44
Frame 7, PC = 0020DC84, SP = 0030BF20, FP = 0030BF44
Frame 8, PC = 0020DC88, SP = 0030BF1C, FP = 0030BF44
Frame 9, PC = 0020DC8E, SP = 0030BF18, FP = 0030BF44
Frame 10, PC = 00203F6C, SP = 0030BE3C, FP = 0030BF14
Or, if we want to examine the variable X at each source line in
the buffer:
(gdb) tfind start
(gdb) while ($trace_frame != -1)
> printf "Frame %d, X == %d\n", $trace_frame, X
> tfind line
> end
Frame 0, X = 1
Frame 7, X = 2
Frame 13, X = 255
tdumpThis command takes no arguments. It prints all the data collected at the current trace snapshot.
(gdb) trace 444
(gdb) actions
Enter actions for tracepoint #2, one per line:
> collect $regs, $locals, $args, gdb_long_test
> end
(gdb) tstart
(gdb) tfind line 444
#0 gdb_test (p1=0x11, p2=0x22, p3=0x33, p4=0x44, p5=0x55, p6=0x66)
at gdb_test.c:444
444 printp( "%s: arguments = 0x%X 0x%X 0x%X 0x%X 0x%X 0x%X\n", )
(gdb) tdump
Data collected at tracepoint 2, trace frame 1:
d0 0xc4aa0085 -995491707
d1 0x18 24
d2 0x80 128
d3 0x33 51
d4 0x71aea3d 119204413
d5 0x22 34
d6 0xe0 224
d7 0x380035 3670069
a0 0x19e24a 1696330
a1 0x3000668 50333288
a2 0x100 256
a3 0x322000 3284992
a4 0x3000698 50333336
a5 0x1ad3cc 1758156
fp 0x30bf3c 0x30bf3c
sp 0x30bf34 0x30bf34
ps 0x0 0
pc 0x20b2c8 0x20b2c8
fpcontrol 0x0 0
fpstatus 0x0 0
fpiaddr 0x0 0
p = 0x20e5b4 "gdb-test"
p1 = (void *) 0x11
p2 = (void *) 0x22
p3 = (void *) 0x33
p4 = (void *) 0x44
p5 = (void *) 0x55
p6 = (void *) 0x66
gdb_long_test = 17 '\021'
(gdb)
tdump works by scanning the tracepoint's current collection
actions and printing the value of each expression listed. So
tdump can fail, if after a run, you change the tracepoint's
actions to mention variables that were not collected during the run.
Also, for tracepoints with while-stepping loops, tdump
uses the collected value of $pc to distinguish between trace
frames that were collected at the tracepoint hit, and frames that were
collected while stepping. This allows it to correctly choose whether
to display the basic list of collections, or the collections from the
body of the while-stepping loop. However, if $pc was not collected,
then tdump will always attempt to dump using the basic collection
list, and may fail if a while-stepping frame does not include all the
same data that is collected at the tracepoint hit.
save tracepoints filename
This command saves all current tracepoint definitions together with
their actions and passcounts, into a file filename
suitable for use in a later debugging session. To read the saved
tracepoint definitions, use the source command (see Command Files). The save-tracepoints command is a deprecated
alias for save tracepoints
(int) $trace_frame(int) $tracepoint(int) $trace_line(char []) $trace_file(char []) $trace_func$tracepoint.
Note: $trace_file is not suitable for use in printf,
use output instead.
Here's a simple example of using these convenience variables for stepping through all the trace snapshots and printing some of their data. Note that these are not the same as trace state variables, which are managed by the target.
(gdb) tfind start
(gdb) while $trace_frame != -1
> output $trace_file
> printf ", line %d (tracepoint #%d)\n", $trace_line, $tracepoint
> tfind
> end
In some situations, the target running a trace experiment may no
longer be available; perhaps it crashed, or the hardware was needed
for a different activity. To handle these cases, you can arrange to
dump the trace data into a file, and later use that file as a source
of trace data, via the target tfile command.
tsave [ -r ] filenametsave [-ctf] dirname-r (“remote”) to direct the target to save
the data directly into filename in its own filesystem, which may be
more efficient if the trace buffer is very large. (Note, however, that
target tfile can only read from files accessible to the host.)
By default, this command will save trace frame in tfile format.
You can supply the optional argument -ctf to save date in CTF
format. The Common Trace Format (CTF) is proposed as a trace format
that can be shared by multiple debugging and tracing tools. Please go to
<http://www.efficios.com/ctf> to get more information.
target tfile filenametarget ctf dirnametstatus will report the state of the trace run at the moment
the data was saved, as well as the current trace frame you are examining.
Both filename and dirname must be on a filesystem accessible to
the host.
(gdb) target ctf ctf.ctf
(gdb) tfind
Found trace frame 0, tracepoint 2
39 ++a; /* set tracepoint 1 here */
(gdb) tdump
Data collected at tracepoint 2, trace frame 0:
i = 0
a = 0
b = 1 '\001'
c = {"123", "456", "789", "123", "456", "789"}
d = {{{a = 1, b = 2}, {a = 3, b = 4}}, {{a = 5, b = 6}, {a = 7, b = 8}}}
(gdb) p b
$1 = 1
If your program is too large to fit completely in your target system's memory, you can sometimes use overlays to work around this problem. gdb provides some support for debugging programs that use overlays.
Suppose you have a computer whose instruction address space is only 64 kilobytes long, but which has much more memory which can be accessed by other means: special instructions, segment registers, or memory management hardware, for example. Suppose further that you want to adapt a program which is larger than 64 kilobytes to run on this system.
One solution is to identify modules of your program which are relatively independent, and need not call each other directly; call these modules overlays. Separate the overlays from the main program, and place their machine code in the larger memory. Place your main program in instruction memory, but leave at least enough space there to hold the largest overlay as well.
Now, to call a function located in an overlay, you must first copy that overlay's machine code from the large memory into the space set aside for it in the instruction memory, and then jump to its entry point there.
Data Instruction Larger
Address Space Address Space Address Space
+-----------+ +-----------+ +-----------+
| | | | | |
+-----------+ +-----------+ +-----------+<-- overlay 1
| program | | main | .----| overlay 1 | load address
| variables | | program | | +-----------+
| and heap | | | | | |
+-----------+ | | | +-----------+<-- overlay 2
| | +-----------+ | | | load address
+-----------+ | | | .-| overlay 2 |
| | | | | |
mapped --->+-----------+ | | +-----------+
address | | | | | |
| overlay | <-' | | |
| area | <---' +-----------+<-- overlay 3
| | <---. | | load address
+-----------+ `--| overlay 3 |
| | | |
+-----------+ | |
+-----------+
| |
+-----------+
A code overlay
The diagram (see A code overlay) shows a system with separate data and instruction address spaces. To map an overlay, the program copies its code from the larger address space to the instruction address space. Since the overlays shown here all use the same mapped address, only one may be mapped at a time. For a system with a single address space for data and instructions, the diagram would be similar, except that the program variables and heap would share an address space with the main program and the overlay area.
An overlay loaded into instruction memory and ready for use is called a mapped overlay; its mapped address is its address in the instruction memory. An overlay not present (or only partially present) in instruction memory is called unmapped; its load address is its address in the larger memory. The mapped address is also called the virtual memory address, or VMA; the load address is also called the load memory address, or LMA.
Unfortunately, overlays are not a completely transparent way to adapt a program to limited instruction memory. They introduce a new set of global constraints you must keep in mind as you design your program:
The overlay system described above is rather simple, and could be improved in many ways:
To use gdb's overlay support, each overlay in your program must correspond to a separate section of the executable file. The section's virtual memory address and load memory address must be the overlay's mapped and load addresses. Identifying overlays with sections allows gdb to determine the appropriate address of a function or variable, depending on whether the overlay is mapped or not.
gdb's overlay commands all start with the word overlay;
you can abbreviate this as ov or ovly. The commands are:
overlay offoverlay manualoverlay map-overlay and overlay unmap-overlay
commands described below.
overlay map-overlay overlayoverlay map overlayoverlay unmap-overlay overlayoverlay unmap overlayoverlay autooverlay load-targetoverlay loadoverlay list-overlaysoverlay listNormally, when gdb prints a code address, it includes the name of the function the address falls in:
(gdb) print main
$3 = {int ()} 0x11a0 <main>
When overlay debugging is enabled, gdb recognizes code in
unmapped overlays, and prints the names of unmapped functions with
asterisks around them. For example, if foo is a function in an
unmapped overlay, gdb prints it this way:
(gdb) overlay list
No sections are mapped.
(gdb) print foo
$5 = {int (int)} 0x100000 <*foo*>
When foo's overlay is mapped, gdb prints the function's
name normally:
(gdb) overlay list
Section .ov.foo.text, loaded at 0x100000 - 0x100034,
mapped at 0x1016 - 0x104a
(gdb) print foo
$6 = {int (int)} 0x1016 <foo>
When overlay debugging is enabled, gdb can find the correct
address for functions and variables in an overlay, whether or not the
overlay is mapped. This allows most gdb commands, like
break and disassemble, to work normally, even on unmapped
code. However, gdb's breakpoint support has some limitations:
gdb can automatically track which overlays are mapped and which
are not, given some simple co-operation from the overlay manager in the
inferior. If you enable automatic overlay debugging with the
overlay auto command (see Overlay Commands), gdb
looks in the inferior's memory for certain variables describing the
current state of the overlays.
Here are the variables your overlay manager must define to support gdb's automatic overlay debugging:
_ovly_table: struct
{
/* The overlay's mapped address. */
unsigned long vma;
/* The size of the overlay, in bytes. */
unsigned long size;
/* The overlay's load address. */
unsigned long lma;
/* Non-zero if the overlay is currently mapped;
zero otherwise. */
unsigned long mapped;
}
_novlys:_ovly_table.
To decide whether a particular overlay is mapped or not, gdb
looks for an entry in _ovly_table whose vma and
lma members equal the VMA and LMA of the overlay's section in the
executable file. When gdb finds a matching entry, it consults
the entry's mapped member to determine whether the overlay is
currently mapped.
In addition, your overlay manager may define a function called
_ovly_debug_event. If this function is defined, gdb
will silently set a breakpoint there. If the overlay manager then
calls this function whenever it has changed the overlay table, this
will enable gdb to accurately keep track of which overlays
are in program memory, and update any breakpoints that may be set
in overlays. This will allow breakpoints to work even if the
overlays are kept in ROM or other non-writable memory while they
are not being executed.
When linking a program which uses overlays, you must place the overlays at their load addresses, while relocating them to run at their mapped addresses. To do this, you must write a linker script (see Overlay Description). Unfortunately, since linker scripts are specific to a particular host system, target architecture, and target memory layout, this manual cannot provide portable sample code demonstrating gdb's overlay support.
However, the gdb source distribution does contain an overlaid program, with linker scripts for a few systems, as part of its test suite. The program consists of the following files from gdb/testsuite/gdb.base:
d10v-elf
and m32r-elf targets.
You can build the test program using the d10v-elf GCC
cross-compiler like this:
$ d10v-elf-gcc -g -c overlays.c
$ d10v-elf-gcc -g -c ovlymgr.c
$ d10v-elf-gcc -g -c foo.c
$ d10v-elf-gcc -g -c bar.c
$ d10v-elf-gcc -g -c baz.c
$ d10v-elf-gcc -g -c grbx.c
$ d10v-elf-gcc -g overlays.o ovlymgr.o foo.o bar.o \
baz.o grbx.o -Wl,-Td10v.ld -o overlays
The build process is identical for any other architecture, except that
you must substitute the appropriate compiler and linker script for the
target system for d10v-elf-gcc and d10v.ld.
Although programming languages generally have common aspects, they are
rarely expressed in the same manner. For instance, in ANSI C,
dereferencing a pointer p is accomplished by *p, but in
Modula-2, it is accomplished by p^. Values can also be
represented (and displayed) differently. Hex numbers in C appear as
‘0x1ae’, while in Modula-2 they appear as ‘1AEH’.
Language-specific information is built into gdb for some languages, allowing you to express operations like the above in your program's native language, and allowing gdb to output values in a manner consistent with the syntax of your program's native language. The language you use to build expressions is called the working language.
There are two ways to control the working language—either have gdb
set it automatically, or select it manually yourself. You can use the
set language command for either purpose. On startup, gdb
defaults to setting the language automatically. The working language is
used to determine how expressions you type are interpreted, how values
are printed, etc.
In addition to the working language, every source file that
gdb knows about has its own working language. For some object
file formats, the compiler might indicate which language a particular
source file is in. However, most of the time gdb infers the
language from the name of the file. The language of a source file
controls whether C++ names are demangled—this way backtrace can
show each frame appropriately for its own language. There is no way to
set the language of a source file from within gdb, but you can
set the language associated with a filename extension. See Displaying the Language.
This is most commonly a problem when you use a program, such
as cfront or f2c, that generates C but is written in
another language. In that case, make the
program use #line directives in its C output; that way
gdb will know the correct language of the source code of the original
program, and will display that source code, not the generated C code.
If a source file name ends in one of the following extensions, then gdb infers that its language is the one indicated.
In addition, you may set the language associated with a filename extension. See Displaying the Language.
If you allow gdb to set the language automatically, expressions are interpreted the same way in your debugging session and your program.
If you wish, you may set the language manually. To do this, issue the
command ‘set language lang’, where lang is the name of
a language, such as
c or modula-2.
For a list of the supported languages, type ‘set language’.
Setting the language manually prevents gdb from updating the working language automatically. This can lead to confusion if you try to debug a program when the working language is not the same as the source language, when an expression is acceptable to both languages—but means different things. For instance, if the current source file were written in C, and gdb was parsing Modula-2, a command such as:
print a = b + c
might not have the effect you intended. In C, this means to add
b and c and place the result in a. The result
printed would be the value of a. In Modula-2, this means to compare
a to the result of b+c, yielding a BOOLEAN value.
To have gdb set the working language automatically, use ‘set language local’ or ‘set language auto’. gdb then infers the working language. That is, when your program stops in a frame (usually by encountering a breakpoint), gdb sets the working language to the language recorded for the function in that frame. If the language for a frame is unknown (that is, if the function or block corresponding to the frame was defined in a source file that does not have a recognized extension), the current working language is not changed, and gdb issues a warning.
This may not seem necessary for most programs, which are written entirely in one source language. However, program modules and libraries written in one source language can be used by a main program written in a different source language. Using ‘set language auto’ in this case frees you from having to set the working language manually.
The following commands help you find out which language is the working language, and also what language source files were written in.
show languageprint to
build and compute expressions that may involve variables in your program.
info frameinfo sourceIn unusual circumstances, you may have source files with extensions not in the standard list. You can then set the extension associated with a language explicitly:
set extension-language ext languageinfo extensionsSome languages are designed to guard you against making seemingly common errors through a series of compile- and run-time checks. These include checking the type of arguments to functions and operators and making sure mathematical overflows are caught at run time. Checks such as these help to ensure a program's correctness once it has been compiled by eliminating type mismatches and providing active checks for range errors when your program is running.
By default gdb checks for these errors according to the
rules of the current source language. Although gdb does not check
the statements in your program, it can check expressions entered directly
into gdb for evaluation via the print command, for example.
Some languages, such as C and C++, are strongly typed, meaning that the arguments to operators and functions have to be of the correct type, otherwise an error occurs. These checks prevent type mismatch errors from ever causing any run-time problems. For example,
int klass::my_method(char *b) { return b ? 1 : 2; }
(gdb) print obj.my_method (0)
$1 = 2
but
(gdb) print obj.my_method (0x1234)
Cannot resolve method klass::my_method to any overloaded instance
The second example fails because in C++ the integer constant ‘0x1234’ is not type-compatible with the pointer parameter type.
For the expressions you use in gdb commands, you can tell gdb to not enforce strict type checking or to treat any mismatches as errors and abandon the expression; When type checking is disabled, gdb successfully evaluates expressions like the second example above.
Even if type checking is off, there may be other reasons
related to type that prevent gdb from evaluating an expression.
For instance, gdb does not know how to add an int and
a struct foo. These particular type errors have nothing to do
with the language in use and usually arise from expressions which make
little sense to evaluate anyway.
gdb provides some additional commands for controlling type checking:
set check type onset check type offshow check typeIn some languages (such as Modula-2), it is an error to exceed the bounds of a type; this is enforced with run-time checks. Such range checking is meant to ensure program correctness by making sure computations do not overflow, or indices on an array element access do not exceed the bounds of the array.
For expressions you use in gdb commands, you can tell gdb to treat range errors in one of three ways: ignore them, always treat them as errors and abandon the expression, or issue warnings but evaluate the expression anyway.
A range error can result from numerical overflow, from exceeding an array index bound, or when you type a constant that is not a member of any type. Some languages, however, do not treat overflows as an error. In many implementations of C, mathematical overflow causes the result to “wrap around” to lower values—for example, if m is the largest integer value, and s is the smallest, then
m + 1 ⇒ s
This, too, is specific to individual languages, and in some cases specific to individual compilers or machines. See Supported Languages, for further details on specific languages.
gdb provides some additional commands for controlling the range checker:
set check range autoset check range onset check range offset check range warnshow rangegdb supports C, C++, D, Go, Objective-C, Fortran, Java,
OpenCL C, Pascal, assembly, Modula-2, and Ada.
Some gdb features may be used in expressions regardless of the
language you use: the gdb @ and :: operators,
and the ‘{type}addr’ construct (see Expressions) can be used with the constructs of any supported
language.
The following sections detail to what degree each source language is supported by gdb. These sections are not meant to be language tutorials or references, but serve only as a reference guide to what the gdb expression parser accepts, and what input and output formats should look like for different languages. There are many good books written on each of these languages; please look to these for a language reference or tutorial.
Since C and C++ are so closely related, many features of gdb apply to both languages. Whenever this is the case, we discuss those languages together.
The C++ debugging facilities are jointly implemented by the C++
compiler and gdb. Therefore, to debug your C++ code
effectively, you must compile your C++ programs with a supported
C++ compiler, such as gnu g++, or the HP ANSI C++
compiler (aCC).
Operators must be defined on values of specific types. For instance,
+ is defined on numbers, but not on structures. Operators are
often defined on groups of types.
For the purposes of C and C++, the following definitions hold:
int with any of its storage-class
specifiers; char; enum; and, for C++, bool.
float, double, and
long double (if supported by the target platform).
(type *).
The following operators are supported. They are listed here in order of increasing precedence:
,== op= b,
and translated to a = a op b.
op= and = have the same precedence. The operator
op is any one of the operators |, ^, &,
<<, >>, +, -, *, /, %.
?: ? b : c can be thought
of as: if a then b else c. The argument a
should be of an integral type.
||&&|^&==, !=<, >, <=, >=<<, >>@+, -*, /, %++, --*++.
&++.
For debugging C++, gdb implements a use of ‘&’ beyond what is
allowed in the C++ language itself: you can use ‘&(&ref)’
to examine the address
where a C++ reference variable (declared with ‘&ref’) is
stored.
-++.
!++.
~++.
., ->struct and union data.
.*, ->*[][i] is defined as
*(a+i). Same precedence as ->.
()->.
::struct, union,
and class types.
::::,
above.
If an operator is redefined in the user code, gdb usually attempts to invoke the redefined version instead of using the operator's predefined meaning.
gdb allows you to express the constants of C and C++ in the following ways:
long value.
float (as opposed to the default double) type; or with
a letter ‘l’ or ‘L’, which specifies a long double
constant.
'), or a number—the ordinal value of the corresponding character
(usually its ascii value). Within quotes, the single character may
be represented by a letter or by escape sequences, which are of
the form ‘\nnn’, where nnn is the octal representation
of the character's ordinal value; or of the form ‘\x’, where
‘x’ is a predefined special character—for example,
‘\n’ for newline.
Wide character constants can be written by prefixing a character constant with ‘L’, as in C. For example, ‘L'x'’ is the wide form of ‘x’. The target wide character set is used when computing the value of this constant (see Character Sets).
"). Any valid character constant (as described
above) may appear. Double quotes within the string must be preceded by
a backslash, so for instance ‘"a\"b'c"’ is a string of five
characters.
Wide string constants can be written by prefixing a string constant with ‘L’, as in C. The target wide character set is used when computing the value of this constant (see Character Sets).
gdb expression handling can interpret most C++ expressions.
Warning: gdb can only debug C++ code if you use the proper compiler and the proper debug format. Currently, gdb works best when debugging C++ code that is compiled with the most recent version of gcc possible. The DWARF debugging format is preferred; gcc defaults to this on most popular platforms. Other compilers and/or debug formats are likely to work badly or not at all when using gdb to debug C++ code. See Compilation.
count = aml->GetOriginal(x, y)
this following the same rules as C++. using
declarations in the current scope are also respected by gdb.
It does perform integral conversions and promotions, floating-point promotions, arithmetic conversions, pointer conversions, conversions of class objects to base classes, and standard conversions such as those of functions or arrays to pointers; it requires an exact match on the number of function arguments.
Overload resolution is always performed, unless you have specified
set overload-resolution off. See gdb Features for C++.
You must specify set overload-resolution off in order to use an
explicit function signature to call an overloaded function, as in
p 'foo(char,int)'('x', 13)
The gdb command-completion facility can simplify this; see Command Completion.
In the parameter list shown when gdb displays a frame, the values of reference variables are not displayed (unlike other variables); this avoids clutter, since references are often used for large structures. The address of a reference variable is always shown, unless you have specified ‘set print address off’.
::—your
expressions can use it just as expressions in your program do. Since
one scope may be defined in another, you can use :: repeatedly if
necessary, for example in an expression like
‘scope1::scope2::name’. gdb also allows
resolving name scope by reference to source files, in both C and C++
debugging (see Program Variables).
If you allow gdb to set range checking automatically, it
defaults to off whenever the working language changes to
C or C++. This happens regardless of whether you or gdb
selects the working language.
If you allow gdb to set the language automatically, it recognizes source files whose names end with .c, .C, or .cc, etc, and when gdb enters code compiled from one of these files, it sets the working language to C or C++. See Having gdb Infer the Source Language, for further details.
By default, when gdb parses C or C++ expressions, strict type checking is used. However, if you turn type checking off, gdb will allow certain non-standard conversions, such as promoting integer constants to pointers.
Range checking, if turned on, is done on mathematical operations. Array indices are not checked, since they are often used to index a pointer that is not itself an array.
The set print union and show print union commands apply to
the union type. When set to ‘on’, any union that is
inside a struct or class is also printed. Otherwise, it
appears as ‘{...}’.
The @ operator aids in the debugging of dynamic arrays, formed
with pointers and a memory allocation function. See Expressions.
Some gdb commands are particularly useful with C++, and some are designed specifically for use with C++. Here is a summary:
rbreak regexcatch throwcatch rethrowcatch catchptype typenameinfo vtbl expression.info vtbl command can be used to display the virtual
method tables of the object computed by expression. This shows
one entry per virtual table; there may be multiple virtual tables when
multiple inheritance is in use.
demangle namedemangle command.
set print demangleshow print demangleset print asm-demangleshow print asm-demangleset print objectshow print objectset print vtblshow print vtblvtbl commands do not work on programs compiled with the HP
ANSI C++ compiler (aCC).)
set overload-resolution onset overload-resolution offshow overload-resolution(types) rather than just symbol. You can
also use the gdb command-line word completion facilities to list the
available choices, or to finish the type list for you.
See Command Completion, for details on how to do this.
gdb can examine, set and perform computations with numbers in
decimal floating point format, which in the C language correspond to the
_Decimal32, _Decimal64 and _Decimal128 types as
specified by the extension to support decimal floating-point arithmetic.
There are two encodings in use, depending on the architecture: BID (Binary Integer Decimal) for x86 and x86-64, and DPD (Densely Packed Decimal) for PowerPC and S/390. gdb will use the appropriate encoding for the configured target.
Because of a limitation in libdecnumber, the library used by gdb to manipulate decimal floating point numbers, it is not possible to convert (using a cast, for example) integers wider than 32-bit to decimal float.
In addition, in order to imitate gdb's behaviour with binary floating point computations, error checking in decimal float operations ignores underflow, overflow and divide by zero exceptions.
In the PowerPC architecture, gdb provides a set of pseudo-registers
to inspect _Decimal128 values stored in floating point registers.
See PowerPC for more details.
gdb can be used to debug programs written in D and compiled with GDC, LDC or DMD compilers. Currently gdb supports only one D specific feature — dynamic arrays.
gdb can be used to debug programs written in Go and compiled with gccgo or 6g compilers.
Here is a summary of the Go-specific features and restrictions:
The current Go packageFor example, given the program:
package main
var myglob = "Shall we?"
func main () {
// ...
}
When stopped inside main either of these work:
(gdb) p myglob
(gdb) p main.myglob
Builtin Go typesstring type is recognized by gdb and is printed
as a string.
Builtin Go functionsunsafe.Sizeof
function and handles it internally.
Restrictions on Go expressions&^.
The Go _ “blank identifier” is not supported.
Automatic dereferencing of pointers is not supported.
This section provides information about some commands and command options that are useful for debugging Objective-C code. See also info classes, and info selectors, for a few more commands specific to Objective-C support.
The following commands have been extended to accept Objective-C method names as line specifications:
clear
break
info line
jump
list
A fully qualified Objective-C method name is specified as
-[Class methodName]
where the minus sign is used to indicate an instance method and a
plus sign (not shown) is used to indicate a class method. The class
name Class and method name methodName are enclosed in
brackets, similar to the way messages are specified in Objective-C
source code. For example, to set a breakpoint at the create
instance method of class Fruit in the program currently being
debugged, enter:
break -[Fruit create]
To list ten program lines around the initialize class method,
enter:
list +[NSText initialize]
In the current version of gdb, the plus or minus sign is required. In future versions of gdb, the plus or minus sign will be optional, but you can use it to narrow the search. It is also possible to specify just a method name:
break create
You must specify the complete method name, including any colons. If
your program's source files contain more than one create method,
you'll be presented with a numbered list of classes that implement that
method. Indicate your choice by number, or type ‘0’ to exit if
none apply.
As another example, to clear a breakpoint established at the
makeKeyAndOrderFront: method of the NSWindow class, enter:
clear -[NSWindow makeKeyAndOrderFront:]
The print command has also been extended to accept methods. For example:
print -[object hash]
will tell gdb to send the hash message to object
and print the result. Also, an additional command has been added,
print-object or po for short, which is meant to print
the description of an object. However, this command may only work
with certain Objective-C libraries that have a particular hook
function, _NSPrintForDebugger, defined.
This section provides information about gdbs OpenCL C support.
gdb supports the builtin scalar and vector datatypes specified
by OpenCL 1.1. In addition the half- and double-precision floating point
data types of the cl_khr_fp16 and cl_khr_fp64 OpenCL
extensions are also known to gdb.
gdb supports accesses to vector components including the access as lvalue where possible. Since OpenCL C is based on C99 most C expressions supported by gdb can be used as well.
gdb supports the operators specified by OpenCL 1.1 for scalar and vector data types.
gdb can be used to debug programs written in Fortran, but it currently supports only the features of Fortran 77 language.
Some Fortran compilers (gnu Fortran 77 and Fortran 95 compilers among them) append an underscore to the names of variables and functions. When you debug programs compiled by those compilers, you will need to refer to variables and functions with a trailing underscore.
Operators must be defined on values of specific types. For instance,
+ is defined on numbers, but not on characters or other non-
arithmetic types. Operators are often defined on groups of types.
**:%Fortran symbols are usually case-insensitive, so gdb by default uses case-insensitive matches for Fortran symbols. You can change that with the ‘set case-insensitive’ command, see Symbols, for the details.
gdb has some commands to support Fortran-specific features, such as displaying common blocks.
info common [common-name]COMMON
block whose name is common-name. With no argument, the names of
all COMMON blocks visible at the current program location are
printed.
Debugging Pascal programs which use sets, subranges, file variables, or nested functions does not currently work. gdb does not support entering expressions, printing values, or similar features using Pascal syntax.
The Pascal-specific command set print pascal_static-members
controls whether static members of Pascal objects are displayed.
See pascal_static-members.
The extensions made to gdb to support Modula-2 only support output from the gnu Modula-2 compiler (which is currently being developed). Other Modula-2 compilers are not currently supported, and attempting to debug executables produced by them is most likely to give an error as gdb reads in the executable's symbol table.
Operators must be defined on values of specific types. For instance,
+ is defined on numbers, but not on structures. Operators are
often defined on groups of types. For the purposes of Modula-2, the
following definitions hold:
INTEGER, CARDINAL, and
their subranges.
CHAR and its subranges.
REAL.
POINTER TO
type.
SET and BITSET types.
BOOLEAN.
The following operators are supported, and appear in order of increasing precedence:
,:=:= value is
value.
<, ><=, >=<.
=, <>, #<. In gdb scripts, only <> is
available for inequality, since # conflicts with the script
comment character.
IN<.
ORAND, &@+, -*/*.
DIV, MOD*.
-INTEGER and REAL data.
^NOT^.
.RECORD field selector. Defined on RECORD data. Same
precedence as ^.
[]ARRAY data. Same precedence as ^.
()PROCEDURE objects. Same precedence
as ^.
::, .Warning: Set expressions and their operations are not yet supported, so gdb treats the use of the operatorIN, or the use of operators+,-,*,/,=, ,<>,#,<=, and>=on sets as an error.
Modula-2 also makes available several built-in procedures and functions. In describing these, the following metavariables are used:
ARRAY variable.
CHAR constant or variable.
SET OF mtype (where mtype is the type of m).
All Modula-2 built-in procedures also return a result, described below.
ABS(n)CAP(c)CHR(i)DEC(v)DEC(v,i)EXCL(m,s)FLOAT(i)HIGH(a)INC(v)INC(v,i)INCL(m,s)MAX(t)MIN(t)ODD(i)ORD(x)SIZE(x)TRUNC(r)TSIZE(x)VAL(t,i)Warning: Sets and their operations are not yet supported, so gdb treats the use of proceduresINCLandEXCLas an error.
gdb allows you to express the constants of Modula-2 in the following ways:
') or double ("). They may
also be expressed by their ordinal value (their ascii value, usually)
followed by a ‘C’.
') or double (").
Escape sequences in the style of C are also allowed. See C and C++ Constants, for a brief explanation of escape
sequences.
TRUE and
FALSE.
Currently gdb can print the following data types in Modula-2 syntax: array types, record types, set types, pointer types, procedure types, enumerated types, subrange types and base types. You can also print the contents of variables declared using these type. This section gives a number of simple source code examples together with sample gdb sessions.
The first example contains the following section of code:
VAR
s: SET OF CHAR ;
r: [20..40] ;
and you can request gdb to interrogate the type and value of
r and s.
(gdb) print s
{'A'..'C', 'Z'}
(gdb) ptype s
SET OF CHAR
(gdb) print r
21
(gdb) ptype r
[20..40]
Likewise if your source code declares s as:
VAR
s: SET ['A'..'Z'] ;
then you may query the type of s by:
(gdb) ptype s
type = SET ['A'..'Z']
Note that at present you cannot interactively manipulate set expressions using the debugger.
The following example shows how you might declare an array in Modula-2 and how you can interact with gdb to print its type and contents:
VAR
s: ARRAY [-10..10] OF CHAR ;
(gdb) ptype s
ARRAY [-10..10] OF CHAR
Note that the array handling is not yet complete and although the type
is printed correctly, expression handling still assumes that all
arrays have a lower bound of zero and not -10 as in the example
above.
Here are some more type related Modula-2 examples:
TYPE
colour = (blue, red, yellow, green) ;
t = [blue..yellow] ;
VAR
s: t ;
BEGIN
s := blue ;
The gdb interaction shows how you can query the data type and value of a variable.
(gdb) print s
$1 = blue
(gdb) ptype t
type = [blue..yellow]
In this example a Modula-2 array is declared and its contents
displayed. Observe that the contents are written in the same way as
their C counterparts.
VAR
s: ARRAY [1..5] OF CARDINAL ;
BEGIN
s[1] := 1 ;
(gdb) print s
$1 = {1, 0, 0, 0, 0}
(gdb) ptype s
type = ARRAY [1..5] OF CARDINAL
The Modula-2 language interface to gdb also understands pointer types as shown in this example:
VAR
s: POINTER TO ARRAY [1..5] OF CARDINAL ;
BEGIN
NEW(s) ;
s^[1] := 1 ;
and you can request that gdb describes the type of s.
(gdb) ptype s
type = POINTER TO ARRAY [1..5] OF CARDINAL
gdb handles compound types as we can see in this example. Here we combine array types, record types, pointer types and subrange types:
TYPE
foo = RECORD
f1: CARDINAL ;
f2: CHAR ;
f3: myarray ;
END ;
myarray = ARRAY myrange OF CARDINAL ;
myrange = [-2..2] ;
VAR
s: POINTER TO ARRAY myrange OF foo ;
and you can ask gdb to describe the type of s as shown
below.
(gdb) ptype s
type = POINTER TO ARRAY [-2..2] OF foo = RECORD
f1 : CARDINAL;
f2 : CHAR;
f3 : ARRAY [-2..2] OF CARDINAL;
END
If type and range checking are set automatically by gdb, they
both default to on whenever the working language changes to
Modula-2. This happens regardless of whether you or gdb
selected the working language.
If you allow gdb to set the language automatically, then entering code compiled from a file whose name ends with .mod sets the working language to Modula-2. See Having gdb Infer the Source Language, for further details.
A few changes have been made to make Modula-2 programs easier to debug. This is done primarily via loosening its type strictness:
:=) returns the value of its right-hand
argument.
Warning: in this release, gdb does not yet perform type or range checking.
gdb considers two Modula-2 variables type equivalent if:
TYPE
t1 = t2 statement
As long as type checking is enabled, any attempt to combine variables whose types are not equivalent is an error.
Range checking is done on all mathematical operations, assignment, array index bounds, and all built-in functions and procedures.
:: and .
There are a few subtle differences between the Modula-2 scope operator
(.) and the gdb scope operator (::). The two have
similar syntax:
module . id
scope :: id
where scope is the name of a module or a procedure, module the name of a module, and id is any declared identifier within your program, except another module.
Using the :: operator makes gdb search the scope
specified by scope for the identifier id. If it is not
found in the specified scope, then gdb searches all scopes
enclosing the one specified by scope.
Using the . operator makes gdb search the current scope for
the identifier specified by id that was imported from the
definition module specified by module. With this operator, it is
an error if the identifier id was not imported from definition
module module, or if id is not an identifier in
module.
Some gdb commands have little use when debugging Modula-2 programs.
Five subcommands of set print and show print apply
specifically to C and C++: ‘vtbl’, ‘demangle’,
‘asm-demangle’, ‘object’, and ‘union’. The first four
apply to C++, and the last to the C union type, which has no direct
analogue in Modula-2.
The @ operator (see Expressions), while available
with any language, is not useful with Modula-2. Its
intent is to aid the debugging of dynamic arrays, which cannot be
created in Modula-2 as they can in C or C++. However, because an
address can be specified by an integral constant, the construct
‘{type}adrexp’ is still useful.
In gdb scripts, the Modula-2 inequality operator # is
interpreted as the beginning of a comment. Use <> instead.
The extensions made to gdb for Ada only support output from the gnu Ada (GNAT) compiler. Other Ada compilers are not currently supported, and attempting to debug executables produced by them is most likely to be difficult.
The Ada mode of gdb supports a fairly large subset of Ada expression syntax, with some extensions. The philosophy behind the design of this subset is
Thus, for brevity, the debugger acts as if all names declared in user-written packages are directly visible, even if they are not visible according to Ada rules, thus making it unnecessary to fully qualify most names with their packages, regardless of context. Where this causes ambiguity, gdb asks the user's intent.
The debugger will start in Ada mode if it detects an Ada main program. As for other languages, it will enter Ada mode when stopped in a program that was translated from an Ada source file.
While in Ada mode, you may use `–' for comments. This is useful mostly for documenting command files. The standard gdb comment (‘#’) still works at the beginning of a line in Ada mode, but not in the middle (to allow based literals).
The debugger supports limited overloading. Given a subprogram call in which
the function symbol has multiple definitions, it will use the number of
actual parameters and some information about their types to attempt to narrow
the set of definitions. It also makes very limited use of context, preferring
procedures to functions in the context of the call command, and
functions to procedures elsewhere.
Here are the notable omissions from the subset:
in) operator.
Characters.Latin_1 are not available and
concatenation is not implemented. Thus, escape characters in strings are
not currently available.
and, or,
xor, not, and relational tests other than equality)
are not implemented.
(gdb) set An_Array := (1, 2, 3, 4, 5, 6)
(gdb) set An_Array := (1, others => 0)
(gdb) set An_Array := (0|4 => 1, 1..3 => 2, 5 => 6)
(gdb) set A_2D_Array := ((1, 2, 3), (4, 5, 6), (7, 8, 9))
(gdb) set A_Record := (1, "Peter", True);
(gdb) set A_Record := (Name => "Peter", Id => 1, Alive => True)
Changing a
discriminant's value by assigning an aggregate has an
undefined effect if that discriminant is used within the record.
However, you can first modify discriminants by directly assigning to
them (which normally would not be allowed in Ada), and then performing an
aggregate assignment. For example, given a variable A_Rec
declared to have a type such as:
type Rec (Len : Small_Integer := 0) is record
Id : Integer;
Vals : IntArray (1 .. Len);
end record;
you can assign a value with a different size of Vals with two
assignments:
(gdb) set A_Rec.Len := 4
(gdb) set A_Rec := (Id => 42, Vals => (1, 2, 3, 4))
As this example also illustrates, gdb is very loose about the usual
rules concerning aggregates. You may leave out some of the
components of an array or record aggregate (such as the Len
component in the assignment to A_Rec above); they will retain their
original values upon assignment. You may freely use dynamic values as
indices in component associations. You may even use overlapping or
redundant component associations, although which component values are
assigned in such cases is not defined.
new operator is not implemented.
True and False, when not part of a qualified name,
are interpreted as if implicitly prefixed by Standard, regardless of
context.
Should your program
redefine these names in a package or procedure (at best a dubious practice),
you will have to use fully qualified names to access their new definitions.
As it does for other languages, gdb makes certain generic extensions to Ada (see Expressions):
@N displays the values of E and the
N-1 adjacent variables following it in memory as an array. In
Ada, this operator is generally not necessary, since its prime use is
in displaying parts of an array, and slicing will usually do this in
Ada. However, there are occasional uses when debugging programs in
which certain debugging information has been optimized away.
::var means “the variable named var that
appears in function or file B.” When B is a file name,
you must typically surround it in single quotes.
{type} addr means “the variable of type
type that appears at address addr.”
In addition, gdb provides a few other shortcuts and outright additions specific to Ada:
(gdb) set x := y + 3
(gdb) print A(tmp := y + 1)
(gdb) break f
(gdb) condition 1 (report(i); k += 1; A(k) > 100)
"One line.["0a"]Next line.["0a"]"
contains an ASCII newline character (Ada.Characters.Latin_1.LF)
after each period.
(gdb) print 'max(x, y)
(3 => 10, 17, 1)
That is, in contrast to valid Ada, only the first component has a =>
clause.
(gdb) print <JMPBUF_SAVE>[0]
It is sometimes necessary to debug the program during elaboration, and
before reaching the main procedure.
As defined in the Ada Reference
Manual, the elaboration code is invoked from a procedure called
adainit. To run your program up to the beginning of
elaboration, simply use the following two commands:
tbreak adainit and run.
A command is provided to list all Ada exceptions:
info exceptionsinfo exceptions regexpinfo exceptions command allows you to list all Ada exceptions
defined within the program being debugged, as well as their addresses.
With a regular expression, regexp, as argument, only those exceptions
whose names match regexp are listed.
Below is a small example, showing how the command can be used, first without argument, and next with a regular expression passed as an argument.
(gdb) info exceptions
All defined Ada exceptions:
constraint_error: 0x613da0
program_error: 0x613d20
storage_error: 0x613ce0
tasking_error: 0x613ca0
const.aint_global_e: 0x613b00
(gdb) info exceptions const.aint
All Ada exceptions matching regular expression "const.aint":
constraint_error: 0x613da0
const.aint_global_e: 0x613b00
It is also possible to ask gdb to stop your program's execution when an exception is raised. For more details, see Set Catchpoints.
Support for Ada tasks is analogous to that for threads (see Threads). gdb provides the following task-related commands:
info tasks (gdb) info tasks
ID TID P-ID Pri State Name
1 8088000 0 15 Child Activation Wait main_task
2 80a4000 1 15 Accept Statement b
3 809a800 1 15 Child Activation Wait a
* 4 80ae800 3 15 Runnable c
In this listing, the asterisk before the last task indicates it to be the task currently being inspected.
UnactivatedRunnableTerminatedChild Activation WaitAccept StatementWaiting on entry callAsync Select WaitDelay SleepChild Termination WaitWait Child in Term AltAccepting RV with tasknoinfo task taskno (gdb) info tasks
ID TID P-ID Pri State Name
1 8077880 0 15 Child Activation Wait main_task
* 2 807c468 1 15 Runnable task_1
(gdb) info task 2
Ada Task: 0x807c468
Name: task_1
Thread: 0x807f378
Parent: 1 (main_task)
Base Priority: 15
State: Runnable
task (gdb) info tasks
ID TID P-ID Pri State Name
1 8077870 0 15 Child Activation Wait main_task
* 2 807c458 1 15 Runnable t
(gdb) task
[Current task is 2]
task tasknothread threadno
command (see Threads). It switches the context of debugging
from the current task to the given task.
(gdb) info tasks
ID TID P-ID Pri State Name
1 8077870 0 15 Child Activation Wait main_task
* 2 807c458 1 15 Runnable t
(gdb) task 1
[Switching to task 1]
#0 0x8067726 in pthread_cond_wait ()
(gdb) bt
#0 0x8067726 in pthread_cond_wait ()
#1 0x8056714 in system.os_interface.pthread_cond_wait ()
#2 0x805cb63 in system.task_primitives.operations.sleep ()
#3 0x806153e in system.tasking.stages.activate_tasks ()
#4 0x804aacc in un () at un.adb:5
break linespec task tasknobreak linespec task taskno if ...break ... thread ...
command (see Thread Stops). The
linespec argument specifies source lines, as described
in Specify Location.
Use the qualifier ‘task taskno’ with a breakpoint command to specify that you only want gdb to stop the program when a particular Ada task reaches this breakpoint. The taskno is one of the numeric task identifiers assigned by gdb, shown in the first column of the ‘info tasks’ display.
If you do not specify ‘task taskno’ when you set a breakpoint, the breakpoint applies to all tasks of your program.
You can use the task qualifier on conditional breakpoints as
well; in this case, place ‘task taskno’ before the
breakpoint condition (before the if).
For example,
(gdb) info tasks
ID TID P-ID Pri State Name
1 140022020 0 15 Child Activation Wait main_task
2 140045060 1 15 Accept/Select Wait t2
3 140044840 1 15 Runnable t1
* 4 140056040 1 15 Runnable t3
(gdb) b 15 task 2
Breakpoint 5 at 0x120044cb0: file test_task_debug.adb, line 15.
(gdb) cont
Continuing.
task # 1 running
task # 2 running
Breakpoint 5, test_task_debug () at test_task_debug.adb:15
15 flush;
(gdb) info tasks
ID TID P-ID Pri State Name
1 140022020 0 15 Child Activation Wait main_task
* 2 140045060 1 15 Runnable t2
3 140044840 1 15 Runnable t1
4 140056040 1 15 Delay Sleep t3
When inspecting a core file, as opposed to debugging a live program, tasking support may be limited or even unavailable, depending on the platform being used. For instance, on x86-linux, the list of tasks is available, but task switching is not supported.
On certain platforms, the debugger needs to perform some memory writes in order to provide Ada tasking support. When inspecting a core file, this means that the core file must be opened with read-write privileges, using the command ‘"set write on"’ (see Patching). Under these circumstances, you should make a backup copy of the core file before inspecting it with gdb.
The Ravenscar Profile is a subset of the Ada tasking features, specifically designed for systems with safety-critical real-time requirements.
set ravenscar task-switching onset ravenscar task-switching offshow ravenscar task-switchingGNAT always uses code expansion for generic instantiation. This means that each time an instantiation occurs, a complete copy of the original code is made with appropriate substitutions.
It is not possible to refer to the original generic entities themselves
in gdb (there is no code to refer to), but it
is certainly possible to debug a particular instance of a generic, simply by
using the appropriate expanded names. For example, suppose that
Gen is a generic package:
-- In file gen.ads:
generic package Gen is
function F (v1 : Integer) return Integer;
end Gen;
-- In file gen.adb:
package body Gen is
function F (v1 : Integer) return Integer is
begin
return v1+1; -- Line 5
end F;
end Gen;
and we have the following expansions
with Gen;
procedure G is
package Gen1 is new Gen;
package Gen2 is new Gen;
I : Integer := 0;
begin
I := Gen1.F (I);
I := Gen2.F (I);
I := Gen1.F (I);
I := Gen2.F (I);
end;
Then to break on a call to procedure F in the Gen2 instance, simply
use the command:
(gdb) break G.Gen2.F
To break at a particular line in a particular generic instance, say the return
statement in G.Gen2, append the line specification to the file and
function name:
(gdb) break gen.adb:G.Gen2.F:5
To break on this line line in all instances of Gen, use ‘*’
as the function name:
(gdb) break gen.adb:*:5
This will set individual breakpoints at all instances; they are independent of each other and you may remove, conditionalize, or otherwise modify them individually.
When a breakpoint occurs, you can step through the code of the generic instance in the normal manner. You can also examine values of data in the normal manner, providing the appropriate generic package qualification to refer to non-local entities.
Ada introduces new set commands.
set varsize-limit sizex.y.z, may
fail if the size of x.y is dynamic and exceeds size.
On the other hand, gdb is sometimes clever;
the expression A(i), where A is an
array variable with non-constant size, will generally succeed regardless of the
bounds on A, as long as the component size is less than size.
show varsize-limitBesides the omissions listed previously (see Omissions from Ada), we know of several problems with and limitations of Ada mode in gdb, some of which will be fixed with planned future releases of the debugger and the GNU Ada compiler.
up commands to get to
frame containing the variable you wish to see.
Access to non-local variables does not, at the moment, work in
the test expressions for conditional breakpoints
(see Break conditions) unless you happen to specify these
while stopped in the subprogram in which they are to be applied.
Standard for any of
the standard symbols defined by the Ada language. gdb knows about
this: it will strip the prefix from names when you use it, and will never
look for a name you have so qualified among local symbols, nor match against
symbols in other packages or subprograms. If you have
defined entities anywhere in your program other than parameters and
local variables whose simple names match names in Standard,
GNAT's lack of qualification here can cause confusion. When this happens,
you can usually resolve the confusion
by qualifying the problematic names with package
Standard explicitly.
Older versions of the compiler sometimes generate erroneous debugging information, resulting in the debugger incorrectly printing the value of affected entities. In some cases, the debugger is able to work around an issue automatically. In other cases, the debugger is able to work around the issue, but the work-around has to be specifically enabled.
set ada trust-PAD-over-XVS onPAD and PAD___XVS
types are involved (see ada/exp_dbug.ads in the GCC sources for
a complete description of the encoding used by the GNAT compiler).
This is the default.
set ada trust-PAD-over-XVS offada
trust-PAD-over-XVS to off activates a work-around which may fix
the issue. It is always safe to set ada trust-PAD-over-XVS to
off, but this incurs a slight performance penalty, so it is
recommended to leave this setting to on unless necessary.
Internally, the debugger also relies on the compiler following a number of conventions known as the ‘GNAT Encoding’, all documented in gcc/ada/exp_dbug.ads in the GCC sources. This encoding describes how the debugging information should be generated for certain types. In particular, this convention makes use of descriptive types, which are artificial types generated purely to help the debugger.
These encodings were defined at a time when the debugging information format used was not powerful enough to describe some of the more complex types available in Ada. Since DWARF allows us to express nearly all Ada features, the long-term goal is to slowly replace these descriptive types by their pure DWARF equivalent. To facilitate that transition, a new maintenance option is available to force the debugger to ignore those descriptive types. It allows the user to quickly evaluate how well gdb works without them.
maintenance ada set ignore-descriptive-types [on|off]off).
maintenance ada show ignore-descriptive-typesIn addition to the other fully-supported programming languages,
gdb also provides a pseudo-language, called minimal.
It does not represent a real programming language, but provides a set
of capabilities close to what the C or assembly languages provide.
This should allow most simple operations to be performed while debugging
an application that uses a language currently not supported by gdb.
If the language is set to auto, gdb will automatically
select this language if the current frame corresponds to an unsupported
language.
The commands described in this chapter allow you to inquire about the symbols (names of variables, functions and types) defined in your program. This information is inherent in the text of your program and does not change as your program executes. gdb finds it in your program's symbol table, in the file indicated when you started gdb (see Choosing Files), or by one of the file-management commands (see Commands to Specify Files).
Occasionally, you may need to refer to symbols that contain unusual characters, which gdb ordinarily treats as word delimiters. The most frequent case is in referring to static variables in other source files (see Program Variables). File names are recorded in object files as debugging symbols, but gdb would ordinarily parse a typical file name, like foo.c, as the three words ‘foo’ ‘.’ ‘c’. To allow gdb to recognize ‘foo.c’ as a single symbol, enclose it in single quotes; for example,
p 'foo.c'::x
looks up the value of x in the scope of the file foo.c.
set case-sensitive onset case-sensitive offset case-sensitive autoset
case-sensitive lets you do that by specifying on for
case-sensitive matches or off for case-insensitive ones. If
you specify auto, case sensitivity is reset to the default
suitable for the source language. The default is case-sensitive
matches for all languages except for Fortran, for which the default is
case-insensitive matches.
show case-sensitiveset print type methodsset print type methods onset print type methods offptype, or using set
print type methods. Specifying on will cause gdb to
display the methods; this is the default. Specifying off will
cause gdb to omit the methods.
show print type methodsset print type typedefsset print type typedefs onset print type typedefs offptype, or using set
print type typedefs. Specifying on will cause gdb to
display the typedef definitions; this is the default. Specifying
off will cause gdb to omit the typedef definitions.
Note that this controls whether the typedef definition itself is
printed, not whether typedef names are substituted when printing other
types.
show print type typedefsinfo address symbolNote the contrast with ‘print &symbol’, which does not work at all for a register variable, and for a stack local variable prints the exact address of the current instantiation of the variable.
info symbol addr (gdb) info symbol 0x54320
_initialize_vx + 396 in section .text
This is the opposite of the info address command. You can use
it to find out the name of a variable or a function given its address.
For dynamically linked executables, the name of executable or shared library containing the symbol is also printed:
(gdb) info symbol 0x400225
_start + 5 in section .text of /tmp/a.out
(gdb) info symbol 0x2aaaac2811cf
__read_nocancel + 6 in section .text of /usr/lib64/libc.so.6
demangle [-l language] [–] nameThe ‘--’ option specifies the end of options, and is useful when name begins with a dash.
The parameter demangle-style specifies how to interpret the kind
of mangling used. See Print Settings.
whatis[/flags] [arg]$, the last value in the value history.
If arg is an expression (see Expressions), it is not actually evaluated, and any side-effecting operations (such as assignments or function calls) inside it do not take place.
If arg is a variable or an expression, whatis prints its
literal type as it is used in the source code. If the type was
defined using a typedef, whatis will not print
the data type underlying the typedef. If the type of the
variable or the expression is a compound data type, such as
struct or class, whatis never prints their
fields or methods. It just prints the struct/class
name (a.k.a. its tag). If you want to see the members of
such a compound data type, use ptype.
If arg is a type name that was defined using typedef,
whatis unrolls only one level of that typedef.
Unrolling means that whatis will show the underlying type used
in the typedef declaration of arg. However, if that
underlying type is also a typedef, whatis will not
unroll it.
For C code, the type names may also have the form ‘class class-name’, ‘struct struct-tag’, ‘union union-tag’ or ‘enum enum-tag’.
flags can be used to modify how the type is displayed. Available flags are:
r/r flag disables this.
mMtTptype[/flags] [arg]ptype accepts the same arguments as whatis, but prints a
detailed description of the type, instead of just the name of the type.
See Expressions.
Contrary to whatis, ptype always unrolls any
typedefs in its argument declaration, whether the argument is
a variable, expression, or a data type. This means that ptype
of a variable or an expression will not print literally its type as
present in the source code—use whatis for that. typedefs at
the pointer or reference targets are also unrolled. Only typedefs of
fields, methods and inner class typedefs of structs,
classes and unions are not unrolled even with ptype.
For example, for this variable declaration:
typedef double real_t;
struct complex { real_t real; double imag; };
typedef struct complex complex_t;
complex_t var;
real_t *real_pointer_var;
the two commands give this output:
(gdb) whatis var
type = complex_t
(gdb) ptype var
type = struct complex {
real_t real;
double imag;
}
(gdb) whatis complex_t
type = struct complex
(gdb) whatis struct complex
type = struct complex
(gdb) ptype struct complex
type = struct complex {
real_t real;
double imag;
}
(gdb) whatis real_pointer_var
type = real_t *
(gdb) ptype real_pointer_var
type = double *
As with whatis, using ptype without an argument refers to
the type of $, the last value in the value history.
Sometimes, programs use opaque data types or incomplete specifications of complex data structure. If the debug information included in the program does not allow gdb to display a full declaration of the data type, it will say ‘<incomplete type>’. For example, given these declarations:
struct foo;
struct foo *fooptr;
but no definition for struct foo itself, gdb will say:
(gdb) ptype foo
$1 = <incomplete type>
“Incomplete type” is C terminology for data types that are not completely specified.
info types regexpinfo typesvalue, but
‘i type ^value$’ gives information only on types whose complete
name is value.
This command differs from ptype in two ways: first, like
whatis, it does not print a detailed description; second, it
lists all source files where a type is defined.
info type-printersinfo type-printers displays all the available type printers.
enable type-printer name...disable type-printer name...info scope location (gdb) info scope command_line_handler
Scope for command_line_handler:
Symbol rl is an argument at stack/frame offset 8, length 4.
Symbol linebuffer is in static storage at address 0x150a18, length 4.
Symbol linelength is in static storage at address 0x150a1c, length 4.
Symbol p is a local variable in register $esi, length 4.
Symbol p1 is a local variable in register $ebx, length 4.
Symbol nline is a local variable in register $edx, length 4.
Symbol repeat is a local variable at frame offset -8, length 4.
This command is especially useful for determining what data to collect during a trace experiment, see collect.
info sourceinfo sourcesinfo functionsinfo functions regexpstep; ‘info fun ^step’ finds those whose names
start with step. If a function name contains characters
that conflict with the regular expression language (e.g.
‘operator*()’), they may be quoted with a backslash.
info variablesinfo variables regexpinfo classesinfo classes regexpinfo selectorsinfo selectors regexpset opaque-type-resolution onstruct, class, or
union—for example, struct MyType *—that is used in one
source file although the full declaration of struct MyType is in
another source file. The default is on.
A change in the setting of this subcommand will not take effect until
the next time symbols for a file are loaded.
set opaque-type-resolution off {<no data fields>}
show opaque-type-resolutionset print symbol-loadingset print symbol-loading fullset print symbol-loading briefset print symbol-loading offset print symbol-loading command allows you to control the
printing of messages when gdb loads symbol information.
By default a message is printed for the executable and one for each
shared library, and normally this is what you want. However, when
debugging apps with large numbers of shared libraries these messages
can be annoying.
When set to brief a message is printed for each executable,
and when gdb loads a collection of shared libraries at once
it will only print one message regardless of the number of shared
libraries. When set to off no messages are printed.
show print symbol-loadingmaint print symbols filenamemaint print psymbols filenamemaint print msymbols filenameinfo sources to find out which files these are. If you
use ‘maint print psymbols’ instead, the dump shows information about
symbols that gdb only knows partially—that is, symbols defined in
files that gdb has skimmed, but not yet read completely. Finally,
‘maint print msymbols’ dumps just the minimal symbol information
required for each object file from which gdb has read some symbols.
See Commands to Specify Files, for a discussion of how
gdb reads symbols (in the description of symbol-file).
maint info symtabs [ regexp ]maint info psymtabs [ regexp ]struct symtab or struct partial_symtab
structures whose names match regexp. If regexp is not
given, list them all. The output includes expressions which you can
copy into a gdb debugging this one to examine a particular
structure in more detail. For example:
(gdb) maint info psymtabs dwarf2read
{ objfile /home/gnu/build/gdb/gdb
((struct objfile *) 0x82e69d0)
{ psymtab /home/gnu/src/gdb/dwarf2read.c
((struct partial_symtab *) 0x8474b10)
readin no
fullname (null)
text addresses 0x814d3c8 -- 0x8158074
globals (* (struct partial_symbol **) 0x8507a08 @ 9)
statics (* (struct partial_symbol **) 0x40e95b78 @ 2882)
dependencies (none)
}
}
(gdb) maint info symtabs
(gdb)
We see that there is one partial symbol table whose filename contains the string ‘dwarf2read’, belonging to the ‘gdb’ executable; and we see that gdb has not read in any symtabs yet at all. If we set a breakpoint on a function, that will cause gdb to read the symtab for the compilation unit containing that function:
(gdb) break dwarf2_psymtab_to_symtab
Breakpoint 1 at 0x814e5da: file /home/gnu/src/gdb/dwarf2read.c,
line 1574.
(gdb) maint info symtabs
{ objfile /home/gnu/build/gdb/gdb
((struct objfile *) 0x82e69d0)
{ symtab /home/gnu/src/gdb/dwarf2read.c
((struct symtab *) 0x86c1f38)
dirname (null)
fullname (null)
blockvector ((struct blockvector *) 0x86c1bd0) (primary)
linetable ((struct linetable *) 0x8370fa0)
debugformat DWARF 2
}
}
(gdb)
maint set symbol-cache-size sizemaint show symbol-cache-sizemaint print symbol-cachemaint print symbol-cache-statisticsmaint flush-symbol-cacheOnce you think you have found an error in your program, you might want to find out for certain whether correcting the apparent error would lead to correct results in the rest of the run. You can find the answer by experiment, using the gdb features for altering execution of the program.
For example, you can store new values into variables or memory locations, give your program a signal, restart it at a different address, or even return prematurely from a function.
To alter the value of a variable, evaluate an assignment expression. See Expressions. For example,
print x=4
stores the value 4 into the variable x, and then prints the
value of the assignment expression (which is 4).
See Using gdb with Different Languages, for more
information on operators in supported languages.
If you are not interested in seeing the value of the assignment, use the
set command instead of the print command. set is
really the same as print except that the expression's value is
not printed and is not put in the value history (see Value History). The expression is evaluated only for its effects.
If the beginning of the argument string of the set command
appears identical to a set subcommand, use the set
variable command instead of just set. This command is identical
to set except for its lack of subcommands. For example, if your
program has a variable width, you get an error if you try to set
a new value with just ‘set width=13’, because gdb has the
command set width:
(gdb) whatis width
type = double
(gdb) p width
$4 = 13
(gdb) set width=47
Invalid syntax in expression.
The invalid expression, of course, is ‘=47’. In
order to actually set the program's variable width, use
(gdb) set var width=47
Because the set command has many subcommands that can conflict
with the names of program variables, it is a good idea to use the
set variable command instead of just set. For example, if
your program has a variable g, you run into problems if you try
to set a new value with just ‘set g=4’, because gdb has
the command set gnutarget, abbreviated set g:
(gdb) whatis g
type = double
(gdb) p g
$1 = 1
(gdb) set g=4
(gdb) p g
$2 = 1
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/smith/cc_progs/a.out
"/home/smith/cc_progs/a.out": can't open to read symbols:
Invalid bfd target.
(gdb) show g
The current BFD target is "=4".
The program variable g did not change, and you silently set the
gnutarget to an invalid value. In order to set the variable
g, use
(gdb) set var g=4
gdb allows more implicit conversions in assignments than C; you can freely store an integer value into a pointer variable or vice versa, and you can convert any structure to any other structure that is the same length or shorter.
To store values into arbitrary places in memory, use the ‘{...}’
construct to generate a value of specified type at a specified address
(see Expressions). For example, {int}0x83040 refers
to memory location 0x83040 as an integer (which implies a certain size
and representation in memory), and
set {int}0x83040 = 4
stores the value 4 into that memory location.
Ordinarily, when you continue your program, you do so at the place where
it stopped, with the continue command. You can instead continue at
an address of your own choosing, with the following commands:
jump linespecj linespecjump locationj locationtbreak command in conjunction with
jump. See Setting Breakpoints.
The jump command does not change the current stack frame, or
the stack pointer, or the contents of any memory location or any
register other than the program counter. If line linespec is in
a different function from the one currently executing, the results may
be bizarre if the two functions expect different patterns of arguments or
of local variables. For this reason, the jump command requests
confirmation if the specified line is not in the function currently
executing. However, even bizarre results are predictable if you are
well acquainted with the machine-language code of your program.
On many systems, you can get much the same effect as the jump
command by storing a new value into the register $pc. The
difference is that this does not start your program running; it only
changes the address of where it will run when you continue. For
example,
set $pc = 0x485
makes the next continue command or stepping command execute at
address 0x485, rather than at the address where your program stopped.
See Continuing and Stepping.
The most common occasion to use the jump command is to back
up—perhaps with more breakpoints set—over a portion of a program
that has already executed, in order to examine its execution in more
detail.
signal signalsignal 2 and signal
SIGINT are both ways of sending an interrupt signal.
Alternatively, if signal is zero, continue execution without
giving a signal. This is useful when your program stopped on account of
a signal and would ordinarily see the signal when resumed with the
continue command; ‘signal 0’ causes it to resume without a
signal.
Note: When resuming a multi-threaded program, signal is delivered to the currently selected thread, not the thread that last reported a stop. This includes the situation where a thread was stopped due to a signal. So if you want to continue execution suppressing the signal that stopped a thread, you should select that same thread before issuing the ‘signal 0’ command. If you issue the ‘signal 0’ command with another thread as the selected one, gdb detects that and asks for confirmation.
Invoking the signal command is not the same as invoking the
kill utility from the shell. Sending a signal with kill
causes gdb to decide what to do with the signal depending on
the signal handling tables (see Signals). The signal command
passes the signal directly to your program.
signal does not repeat when you press <RET> a second time
after executing the command.
queue-signal signalsignal 2 and
signal SIGINT are both ways of sending an interrupt signal.
The handling of the signal must be set to pass the signal to the program,
otherwise gdb will report an error.
You can control the handling of signals from gdb with the
handle command (see Signals).
Alternatively, if signal is zero, any currently queued signal
for the current thread is discarded and when execution resumes no signal
will be delivered. This is useful when your program stopped on account
of a signal and would ordinarily see the signal when resumed with the
continue command.
This command differs from the signal command in that the signal
is just queued, execution is not resumed. And queue-signal cannot
be used to pass a signal whose handling state has been set to nopass
(see Signals).
See stepping into signal handlers, for information on how stepping commands behave when the thread has a signal queued.
returnreturn expressionreturn
command. If you give an
expression argument, its value is used as the function's return
value.
When you use return, gdb discards the selected stack frame
(and all frames within it). You can think of this as making the
discarded frame return prematurely. If you wish to specify a value to
be returned, give that value as the argument to return.
This pops the selected stack frame (see Selecting a Frame), and any other frames inside of it, leaving its caller as the innermost remaining frame. That frame becomes selected. The specified value is stored in the registers used for returning values of functions.
The return command does not resume execution; it leaves the
program stopped in the state that would exist if the function had just
returned. In contrast, the finish command (see Continuing and Stepping) resumes execution until the
selected stack frame returns naturally.
gdb needs to know how the expression argument should be set for
the inferior. The concrete registers assignment depends on the OS ABI and the
type being returned by the selected stack frame. For example it is common for
OS ABI to return floating point values in FPU registers while integer values in
CPU registers. Still some ABIs return even floating point values in CPU
registers. Larger integer widths (such as long long int) also have
specific placement rules. gdb already knows the OS ABI from its
current target so it needs to find out also the type being returned to make the
assignment into the right register(s).
Normally, the selected stack frame has debug info. gdb will always
use the debug info instead of the implicit type of expression when the
debug info is available. For example, if you type return -1, and the
function in the current stack frame is declared to return a long long
int, gdb transparently converts the implicit int value of -1
into a long long int:
Breakpoint 1, func () at gdb.base/return-nodebug.c:29
29 return 31;
(gdb) return -1
Make func return now? (y or n) y
#0 0x004004f6 in main () at gdb.base/return-nodebug.c:43
43 printf ("result=%lld\n", func ());
(gdb)
However, if the selected stack frame does not have a debug info, e.g., if the
function was compiled without debug info, gdb has to find out the type
to return from user. Specifying a different type by mistake may set the value
in different inferior registers than the caller code expects. For example,
typing return -1 with its implicit type int would set only a part
of a long long int result for a debug info less function (on 32-bit
architectures). Therefore the user is required to specify the return type by
an appropriate cast explicitly:
Breakpoint 2, 0x0040050b in func ()
(gdb) return -1
Return value type not available for selected stack frame.
Please use an explicit cast of the value to return.
(gdb) return (long long int) -1
Make selected stack frame return now? (y or n) y
#0 0x00400526 in main ()
(gdb)
print exprcall exprvoid
returned values.
You can use this variant of the print command if you want to
execute a function from your program that does not return anything
(a.k.a. a void function), but without cluttering the output
with void returned values that gdb will otherwise
print. If the result is not void, it is printed and saved in the
value history.
It is possible for the function you call via the print or
call command to generate a signal (e.g., if there's a bug in
the function, or if you passed it incorrect arguments). What happens
in that case is controlled by the set unwindonsignal command.
Similarly, with a C++ program it is possible for the function you
call via the print or call command to generate an
exception that is not handled due to the constraints of the dummy
frame. In this case, any exception that is raised in the frame, but has
an out-of-frame exception handler will not be found. GDB builds a
dummy-frame for the inferior function call, and the unwinder cannot
seek for exception handlers outside of this dummy-frame. What happens
in that case is controlled by the
set unwind-on-terminating-exception command.
set unwindonsignalshow unwindonsignalset unwind-on-terminating-exceptionshow unwind-on-terminating-exceptionSometimes, a function you wish to call is actually a weak alias for another function. In such case, gdb might not pick up the type information, including the types of the function arguments, which causes gdb to call the inferior function incorrectly. As a result, the called function will function erroneously and may even crash. A solution to that is to use the name of the aliased function instead.
By default, gdb opens the file containing your program's executable code (or the corefile) read-only. This prevents accidental alterations to machine code; but it also prevents you from intentionally patching your program's binary.
If you'd like to be able to patch the binary, you can specify that
explicitly with the set write command. For example, you might
want to turn on internal debugging flags, or even to make emergency
repairs.
set write onset write offIf you have already loaded a file, you must load it again (using the
exec-file or core-file command) after changing set
write, for your new setting to take effect.
show writegdb supports on-demand compilation and code injection into programs running under gdb. GCC 5.0 or higher built with libcc1.so must be installed for this functionality to be enabled. This functionality is implemented with the following commands.
compile code source-codecompile code -raw – source-codeThe command allows you to specify source-code in two ways. The simplest method is to provide a single line of code to the command. E.g.:
compile code printf ("hello world\n");
If you specify options on the command line as well as source code, they may conflict. The ‘--’ delimiter can be used to separate options from actual source code. E.g.:
compile code -r -- printf ("hello world\n");
Alternatively you can enter source code as multiple lines of text. To enter this mode, invoke the ‘compile code’ command without any text following the command. This will start the multiple-line editor and allow you to type as many lines of source code as required. When you have completed typing, enter ‘end’ on its own line to exit the editor.
compile code
>printf ("hello\n");
>printf ("world\n");
>end
Specifying ‘-raw’, prohibits gdb from wrapping the
provided source-code in a callable scope. In this case, you must
specify the entry point of the code by defining a function named
_gdb_expr_. The ‘-raw’ code cannot access variables of the
inferior. Using ‘-raw’ option may be needed for example when
source-code requires ‘#include’ lines which may conflict with
inferior symbols otherwise.
compile file filenamecompile file -raw filenamecompile code, but take the source code from filename.
compile file /home/user/example.c
compile print exprcompile print /f exprcompile printcompile print /fThe process of compiling and injecting the code can be inspected using:
set debug compileshow debug compilecompile commandgdb needs to specify the right compilation options for the code to be injected, in part to make its ABI compatible with the inferior and in part to make the injected code compatible with gdb's injecting process.
The options used, in increasing precedence:
gdbarch)-m32) or 64-bit
(-m64) compilation option.
DW_AT_producer part of DWARF debugging information according
to the gcc option -grecord-gcc-switches. One has to
explicitly specify -g during inferior compilation otherwise
gcc produces no DWARF. This feature is only relevant for
platforms where -g produces DWARF by default, otherwise one may
try to enforce DWARF by using -gdwarf-4.
set compile-argsYou can override compilation options using the following command:
set compile-argscompile commands. These options override any conflicting ones
from the target architecture and/or options stored during inferior
compilation.
show compile-argscompile commandThere are a few caveats to keep in mind when using the compile
command. As the caveats are different per language, the table below
highlights specific issues on a per language basis.
compile command will have much the same
access to variables and types as it normally would if it were part of
the program currently being debugged in gdb.
Below is a sample program that forms the basis of the examples that follow. This program has been compiled and loaded into gdb, much like any other normal debugging session.
void function1 (void)
{
int i = 42;
printf ("function 1\n");
}
void function2 (void)
{
int j = 12;
function1 ();
}
int main(void)
{
int k = 6;
int *p;
function2 ();
return 0;
}
For the purposes of the examples in this section, the program above has
been compiled, loaded into gdb, stopped at the function
main, and gdb is awaiting input from the user.
To access variables and types for any program in gdb, the
program must be compiled and packaged with debug information. The
compile command is not an exception to this rule. Without debug
information, you can still use the compile command, but you will
be very limited in what variables and types you can access.
So with that in mind, the example above has been compiled with debug
information enabled. The compile command will have access to
all variables and types (except those that may have been optimized
out). Currently, as gdb has stopped the program in the
main function, the compile command would have access to
the variable k. You could invoke the compile command
and type some source code to set the value of k. You can also
read it, or do anything with that variable you would normally do in
C. Be aware that changes to inferior variables in the
compile command are persistent. In the following example:
compile code k = 3;
the variable k is now 3. It will retain that value until
something else in the example program changes it, or another
compile command changes it.
Normal scope and access rules apply to source code compiled and
injected by the compile command. In the example, the variables
j and k are not accessible yet, because the program is
currently stopped in the main function, where these variables
are not in scope. Therefore, the following command
compile code j = 3;
will result in a compilation error message.
Once the program is continued, execution will bring these variables in
scope, and they will become accessible; then the code you specify via
the compile command will be able to access them.
You can create variables and types with the compile command as
part of your source code. Variables and types that are created as part
of the compile command are not visible to the rest of the program for
the duration of its run. This example is valid:
compile code int ff = 5; printf ("ff is %d\n", ff);
However, if you were to type the following into gdb after that command has completed:
compile code printf ("ff is %d\n'', ff);
a compiler error would be raised as the variable ff no longer
exists. Object code generated and injected by the compile
command is removed when its execution ends. Caution is advised
when assigning to program variables values of variables created by the
code submitted to the compile command. This example is valid:
compile code int ff = 5; k = ff;
The value of the variable ff is assigned to k. The variable
k does not require the existence of ff to maintain the value
it has been assigned. However, pointers require particular care in
assignment. If the source code compiled with the compile command
changed the address of a pointer in the example program, perhaps to a
variable created in the compile command, that pointer would point
to an invalid location when the command exits. The following example
would likely cause issues with your debugged program:
compile code int ff = 5; p = &ff;
In this example, p would point to ff when the
compile command is executing the source code provided to it.
However, as variables in the (example) program persist with their
assigned values, the variable p would point to an invalid
location when the command exists. A general rule should be followed
in that you should either assign NULL to any assigned pointers,
or restore a valid location to the pointer before the command exits.
Similar caution must be exercised with any structs, unions, and typedefs
defined in compile command. Types defined in the compile
command will no longer be available in the next compile command.
Therefore, if you cast a variable to a type defined in the
compile command, care must be taken to ensure that any future
need to resolve the type can be achieved.
(gdb) compile code static struct a { int a; } v = { 42 }; argv = &v;
(gdb) compile code printf ("%d\n", ((struct a *) argv)->a);
gdb command line:1:36: error: dereferencing pointer to incomplete type ‘struct a’
Compilation failed.
(gdb) compile code struct a { int a; }; printf ("%d\n", ((struct a *) argv)->a);
42
Variables that have been optimized away by the compiler are not
accessible to the code submitted to the compile command.
Access to those variables will generate a compiler error which gdb
will print to the console.
compile commandgdb needs to find gcc for the inferior being debugged which
may not be obvious for remote targets of different architecture than where
gdb is running. Environment variable PATH (PATH from
shell that executed gdb, not the one set by gdb
command set environment). See Environment. PATH on
gdb host is searched for gcc binary matching the
target architecture and operating system.
Specifically PATH is searched for binaries matching regular expression
arch(-[^-]*)?-os-gcc according to the inferior target being
debugged. arch is processor name — multiarch is supported, so for
example both i386 and x86_64 targets look for pattern
(x86_64|i.86) and both s390 and s390x targets look
for pattern s390x?. os is currently supported only for
pattern linux(-gnu)?.
gdb needs to know the file name of the program to be debugged, both in order to read its symbol table and in order to start your program. To debug a core dump of a previous run, you must also tell gdb the name of the core dump file.
You may want to specify executable and core dump file names. The usual way to do this is at start-up time, using the arguments to gdb's start-up commands (see Getting In and Out of gdb).
Occasionally it is necessary to change to a different file during a
gdb session. Or you may run gdb and forget to
specify a file you want to use. Or you are debugging a remote target
via gdbserver (see file). In these situations the gdb commands to specify
new files are useful.
file filenamerun command. If you do not specify a
directory and the file is not found in the gdb working directory,
gdb uses the environment variable PATH as a list of
directories to search, just as the shell does when looking for a program
to run. You can change the value of this variable, for both gdb
and your program, using the path command.
You can load unlinked object .o files into gdb using
the file command. You will not be able to “run” an object
file, but you can disassemble functions and inspect variables. Also,
if the underlying BFD functionality supports it, you could use
gdb -write to patch object files using this technique. Note
that gdb can neither interpret nor modify relocations in this
case, so branches and some initialized variables will appear to go to
the wrong place. But this feature is still handy from time to time.
filefile with no argument makes gdb discard any information it
has on both executable file and the symbol table.
exec-file [ filename ]PATH
if necessary to locate your program. Omitting filename means to
discard information on the executable file.
symbol-file [ filename ]PATH is
searched when necessary. Use the file command to get both symbol
table and program to run from the same file.
symbol-file with no argument clears out gdb information on your
program's symbol table.
The symbol-file command causes gdb to forget the contents of
some breakpoints and auto-display expressions. This is because they may
contain pointers to the internal data recording symbols and data types,
which are part of the old symbol table data being discarded inside
gdb.
symbol-file does not repeat if you press <RET> again after
executing it once.
When gdb is configured for a particular environment, it understands debugging information in whatever format is the standard generated for that environment; you may use either a gnu compiler, or other compilers that adhere to the local conventions. Best results are usually obtained from gnu compilers; for example, using gcc you can generate debugging information for optimized code.
For most kinds of object files, with the exception of old SVR3 systems
using COFF, the symbol-file command does not normally read the
symbol table in full right away. Instead, it scans the symbol table
quickly to find which source files and which symbols are present. The
details are read later, one source file at a time, as they are needed.
The purpose of this two-stage reading strategy is to make gdb
start up faster. For the most part, it is invisible except for
occasional pauses while the symbol table details for a particular source
file are being read. (The set verbose command can turn these
pauses into messages if desired. See Optional Warnings and Messages.)
We have not implemented the two-stage strategy for COFF yet. When the
symbol table is stored in COFF format, symbol-file reads the
symbol table data in full right away. Note that “stabs-in-COFF”
still does the two-stage strategy, since the debug info is actually
in stabs format.
symbol-file [ -readnow ] filenamefile [ -readnow ] filenamecore-file [filename]corecore-file with no argument specifies that no core file is
to be used.
Note that the core file is ignored when your program is actually running
under gdb. So, if you have been running your program and you
wish to debug a core file instead, you must kill the subprocess in which
the program is running. To do this, use the kill command
(see Killing the Child Process).
add-symbol-file filename addressadd-symbol-file filename address [ -readnow ]add-symbol-file filename address -s section address ...add-symbol-file command reads additional symbol table
information from the file filename. You would use this command
when filename has been dynamically loaded (by some other means)
into the program that is running. The address should give the memory
address at which the file has been loaded; gdb cannot figure
this out for itself. You can additionally specify an arbitrary number
of ‘-s section address’ pairs, to give an explicit
section name and base address for that section. You can specify any
address as an expression.
The symbol table of the file filename is added to the symbol table
originally read with the symbol-file command. You can use the
add-symbol-file command any number of times; the new symbol data
thus read is kept in addition to the old.
Changes can be reverted using the command remove-symbol-file.
Although filename is typically a shared library file, an executable file, or some other object file which has been fully relocated for loading into a process, you can also load symbolic information from relocatable .o files, as long as:
add-symbol-file command.
Some embedded operating systems, like Sun Chorus and VxWorks, can load
relocatable files into an already running program; such systems
typically make the requirements above easy to meet. However, it's
important to recognize that many native systems use complex link
procedures (.linkonce section factoring and C++ constructor table
assembly, for example) that make the requirements difficult to meet. In
general, one cannot assume that using add-symbol-file to read a
relocatable object file's symbolic information will have the same effect
as linking the relocatable object file into the program in the normal
way.
add-symbol-file does not repeat if you press <RET> after using it.
remove-symbol-file filenameremove-symbol-file -a addressadd-symbol-file command. The
file to remove can be identified by its filename or by an address
that lies within the boundaries of this symbol file in memory. Example:
(gdb) add-symbol-file /home/user/gdb/mylib.so 0x7ffff7ff9480
add symbol table from file "/home/user/gdb/mylib.so" at
.text_addr = 0x7ffff7ff9480
(y or n) y
Reading symbols from /home/user/gdb/mylib.so...done.
(gdb) remove-symbol-file -a 0x7ffff7ff9480
Remove symbol table from file "/home/user/gdb/mylib.so"? (y or n) y
(gdb)
remove-symbol-file does not repeat if you press <RET> after using it.
add-symbol-file-from-memory addresssyscall DSO into each
process's address space; this DSO provides kernel-specific code for
some system calls. The argument can be any expression whose
evaluation yields the address of the file's shared object file header.
For this command to work, you must have used symbol-file or
exec-file commands in advance.
section section addrsection command changes the base address of the named
section of the exec file to addr. This can be used if the
exec file does not contain section addresses, (such as in the
a.out format), or when the addresses specified in the file
itself are wrong. Each section must be changed separately. The
info files command, described below, lists all the sections and
their addresses.
info filesinfo targetinfo files and info target are synonymous; both print the
current target (see Specifying a Debugging Target),
including the names of the executable and core dump files currently in
use by gdb, and the files from which symbols were loaded. The
command help target lists all possible targets rather than
current ones.
maint info sectionsmaint info sections. In addition to the section information
displayed by info files, this command displays the flags and file
offset of each section in the executable and core dump files. In addition,
maint info sections provides the following command options (which
may be arbitrarily combined):
ALLOBJALLOCLOAD.bss sections.
RELOCREADONLYCODEDATAROMCONSTRUCTORHAS_CONTENTSNEVER_LOADCOFF_SHARED_LIBRARYIS_COMMONset trust-readonly-sections onThe default is off.
set trust-readonly-sections offshow trust-readonly-sectionsAll file-specifying commands allow both absolute and relative file names as arguments. gdb always converts the file name to an absolute file name and remembers it that way.
gdb supports gnu/Linux, MS-Windows, HP-UX, SunOS, SVr4, Irix, and IBM RS/6000 AIX shared libraries.
On MS-Windows gdb must be linked with the Expat library to support shared libraries. See Expat.
gdb automatically loads symbol definitions from shared libraries
when you use the run command, or when you examine a core file.
(Before you issue the run command, gdb does not understand
references to a function in a shared library, however—unless you are
debugging a core file).
On HP-UX, if the program loads a library explicitly, gdb
automatically loads the symbols at the time of the shl_load call.
There are times, however, when you may wish to not automatically load symbol definitions from shared libraries, such as when they are particularly large or there are many of them.
To control the automatic loading of shared library symbols, use the commands:
set auto-solib-add modeon, symbols from all shared object libraries
will be loaded automatically when the inferior begins execution, you
attach to an independently started inferior, or when the dynamic linker
informs gdb that a new library has been loaded. If mode
is off, symbols must be loaded manually, using the
sharedlibrary command. The default value is on.
If your program uses lots of shared libraries with debug info that takes large amounts of memory, you can decrease the gdb memory footprint by preventing it from automatically loading the symbols from shared libraries. To that end, type set auto-solib-add off before running the inferior, then load each library whose debug symbols you do need with sharedlibrary regexp, where regexp is a regular expression that matches the libraries whose symbols you want to be loaded.
show auto-solib-addTo explicitly load shared library symbols, use the sharedlibrary
command:
info share regexinfo sharedlibrary regexinfo dll regexinfo sharedlibrary.
sharedlibrary regexshare regexrun. If
regex is omitted all shared libraries required by your program are
loaded.
nosharedlibrarySometimes you may wish that gdb stops and gives you control
when any of shared library events happen. The best way to do this is
to use catch load and catch unload (see Set Catchpoints).
gdb also supports the the set stop-on-solib-events
command for this. This command exists for historical reasons. It is
less useful than setting a catchpoint, because it does not allow for
conditions or commands as a catchpoint does.
set stop-on-solib-eventsshow stop-on-solib-eventsShared libraries are also supported in many cross or remote debugging configurations. gdb needs to have access to the target's libraries; this can be accomplished either by providing copies of the libraries on the host system, or by asking gdb to automatically retrieve the libraries from the target. If copies of the target libraries are provided, they need to be the same as the target libraries, although the copies on the target can be stripped as long as the copies on the host are not.
For remote debugging, you need to tell gdb where the target libraries are, so that it can load the correct copies—otherwise, it may try to load the host's libraries. gdb has two variables to specify the search directories for target libraries.
set sysroot pathset sysroot to find executables and shared libraries, they need
to be laid out in the same way that they are on the target, with
e.g. a /bin, /lib and /usr/lib hierarchy under
path.
If path starts with the sequence target: and the target
system is remote then gdb will retrieve the target binaries
from the remote system. This is only supported when using a remote
target that supports the remote get command (see Sending files to a remote system). The part of path
following the initial target: (if present) is used as system
root prefix on the remote file system. If path starts with the
sequence remote: this is converted to the sequence
target: by set sysroot14. If you want
to specify a local system root using a directory that happens to be
named target: or remote:, you need to use some
equivalent variant of the name like ./target:.
For targets with an MS-DOS based filesystem, such as MS-Windows and SymbianOS, gdb tries prefixing a few variants of the target absolute file name with path. But first, on Unix hosts, gdb converts all backslash directory separators into forward slashes, because the backslash is not a directory separator on Unix:
c:\foo\bar.dll ⇒ c:/foo/bar.dll
Then, gdb attempts prefixing the target file name with path, and looks for the resulting file name in the host file system:
c:/foo/bar.dll ⇒ /path/to/sysroot/c:/foo/bar.dll
If that does not find the binary, gdb tries removing the ‘:’ character from the drive spec, both for convenience, and, for the case of the host file system not supporting file names with colons:
c:/foo/bar.dll ⇒ /path/to/sysroot/c/foo/bar.dll
This makes it possible to have a system root that mirrors a target with more than one drive. E.g., you may want to setup your local copies of the target system shared libraries like so (note ‘c’ vs ‘z’):
/path/to/sysroot/c/sys/bin/foo.dll /path/to/sysroot/c/sys/bin/bar.dll /path/to/sysroot/z/sys/bin/bar.dll
and point the system root at /path/to/sysroot, so that gdb can find the correct copies of both c:\sys\bin\foo.dll, and z:\sys\bin\bar.dll.
If that still does not find the binary, gdb tries removing the whole drive spec from the target file name:
c:/foo/bar.dll ⇒ /path/to/sysroot/foo/bar.dll
This last lookup makes it possible to not care about the drive name, if you don't want or need to.
The set solib-absolute-prefix command is an alias for set
sysroot.
You can set the default system root by using the configure-time ‘--with-sysroot’ option. If the system root is inside gdb's configured binary prefix (set with ‘--prefix’ or ‘--exec-prefix’), then the default system root will be updated automatically if the installed gdb is moved to a new location.
show sysrootset solib-search-path pathshow solib-search-pathset target-file-system-kind kindShared library file names as reported by the target system may not
make sense as is on the system gdb is running on. For
example, when remote debugging a target that has MS-DOS based file
system semantics, from a Unix host, the target may be reporting to
gdb a list of loaded shared libraries with file names such as
c:\Windows\kernel32.dll. On Unix hosts, there's no concept of
drive letters, so the ‘c:\’ prefix is not normally understood as
indicating an absolute file name, and neither is the backslash
normally considered a directory separator character. In that case,
the native file system would interpret this whole absolute file name
as a relative file name with no directory components. This would make
it impossible to point gdb at a copy of the remote target's
shared libraries on the host using set sysroot, and impractical
with set solib-search-path. Setting
target-file-system-kind to dos-based tells gdb
to interpret such file names similarly to how the target would, and to
map them to file names valid on gdb's native file system
semantics. The value of kind can be "auto", in addition
to one of the supported file system kinds. In that case, gdb
tries to determine the appropriate file system variant based on the
current target's operating system (see Configuring the Current ABI). The supported file system settings are:
unixdos-basedautoWhen processing file names provided by the user, gdb
frequently needs to compare them to the file names recorded in the
program's debug info. Normally, gdb compares just the
base names of the files as strings, which is reasonably fast
even for very large programs. (The base name of a file is the last
portion of its name, after stripping all the leading directories.)
This shortcut in comparison is based upon the assumption that files
cannot have more than one base name. This is usually true, but
references to files that use symlinks or similar filesystem
facilities violate that assumption. If your program records files
using such facilities, or if you provide file names to gdb
using symlinks etc., you can set basenames-may-differ to
true to instruct gdb to completely canonicalize each
pair of file names it needs to compare. This will make file-name
comparisons accurate, but at a price of a significant slowdown.
set basenames-may-differshow basenames-may-differgdb allows you to put a program's debugging information in a file separate from the executable itself, in a way that allows gdb to find and load the debugging information automatically. Since debugging information can be very large—sometimes larger than the executable code itself—some systems distribute debugging information for their executables in separate files, which users can install only when they need to debug a problem.
gdb supports two ways of specifying the separate debug info file:
Depending on the way the debug info file is specified, gdb uses two different methods of looking for the debug file:
So, for example, suppose you ask gdb to debug
/usr/bin/ls, which has a debug link that specifies the
file ls.debug, and a build ID whose value in hex is
abcdef1234. If the list of the global debug directories includes
/usr/lib/debug, then gdb will look for the following
debug information files, in the indicated order:
Global debugging info directories default to what is set by gdb configure option --with-separate-debug-dir. During gdb run you can also set the global debugging info directories, and view the list gdb is currently using.
set debug-file-directory directoriesshow debug-file-directoryA debug link is a special section of the executable file named
.gnu_debuglink. The section must contain:
Any executable file format can carry a debug link, as long as it can
contain a section named .gnu_debuglink with the contents
described above.
The build ID is a special section in the executable file (and in other
ELF binary files that gdb may consider). This section is
often named .note.gnu.build-id, but that name is not mandatory.
It contains unique identification for the built files—the ID remains
the same across multiple builds of the same build tree. The default
algorithm SHA1 produces 160 bits (40 hexadecimal characters) of the
content for the build ID string. The same section with an identical
value is present in the original built binary with symbols, in its
stripped variant, and in the separate debugging information file.
The debugging information file itself should be an ordinary
executable, containing a full set of linker symbols, sections, and
debugging information. The sections of the debugging information file
should have the same names, addresses, and sizes as the original file,
but they need not contain any data—much like a .bss section
in an ordinary executable.
The gnu binary utilities (Binutils) package includes the ‘objcopy’ utility that can produce the separated executable / debugging information file pairs using the following commands:
objcopy --only-keep-debug foo foo.debug
strip -g foo
These commands remove the debugging information from the executable file foo and place it in the file foo.debug. You can use the first, second or both methods to link the two files:
objcopy --add-gnu-debuglink=foo.debug foo
Ulrich Drepper's elfutils package, starting with version 0.53, contains
a version of the strip command such that the command strip foo -f
foo.debug has the same functionality as the two objcopy commands and
the ln -s command above, together.
ld --build-id or
the gcc counterpart gcc -Wl,--build-id. Build ID support plus
compatibility fixes for debug files separation are present in gnu binary
utilities (Binutils) package since version 2.18.
The CRC used in .gnu_debuglink is the CRC-32 defined in
IEEE 802.3 using the polynomial:
x32 + x26 + x23 + x22 + x16 + x12 + x11
+ x10 + x8 + x7 + x5 + x4 + x2 + x + 1
The function is computed byte at a time, taking the least
significant bit of each byte first. The initial pattern
0xffffffff is used, to ensure leading zeros affect the CRC and
the final result is inverted to ensure trailing zeros also affect the
CRC.
Note: This is the same CRC polynomial as used in handling the
Remote Serial Protocol qCRC packet (see qCRC packet).
However in the case of the Remote Serial Protocol, the CRC is computed
most significant bit first, and the result is not inverted, so
trailing zeros have no effect on the CRC value.
To complete the description, we show below the code of the function
which produces the CRC used in .gnu_debuglink. Inverting the
initially supplied crc argument means that an initial call to
this function passing in zero will start computing the CRC using
0xffffffff.
unsigned long
gnu_debuglink_crc32 (unsigned long crc,
unsigned char *buf, size_t len)
{
static const unsigned long crc32_table[256] =
{
0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef,
0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31,
0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c,
0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b,
0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1,
0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278,
0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7,
0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66,
0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605,
0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8,
0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b,
0x2d02ef8d
};
unsigned char *end;
crc = ~crc & 0xffffffff;
for (end = buf + len; buf < end; ++buf)
crc = crc32_table[(crc ^ *buf) & 0xff] ^ (crc >> 8);
return ~crc & 0xffffffff;
}
This computation does not apply to the “build ID” method.
Some systems ship pre-built executables and libraries that have a special ‘.gnu_debugdata’ section. This feature is called MiniDebugInfo. This section holds an LZMA-compressed object and is used to supply extra symbols for backtraces.
The intent of this section is to provide extra minimal debugging information for use in simple backtraces. It is not intended to be a replacement for full separate debugging information (see Separate Debug Files). The example below shows the intended use; however, gdb does not currently put restrictions on what sort of debugging information might be included in the section.
gdb has support for this extension. If the section exists, then it is used provided that no other source of debugging information can be found, and that gdb was configured with LZMA support.
This section can be easily created using objcopy and other standard utilities:
# Extract the dynamic symbols from the main binary, there is no need
# to also have these in the normal symbol table.
nm -D binary --format=posix --defined-only \
| awk '{ print $1 }' | sort > dynsyms
# Extract all the text (i.e. function) symbols from the debuginfo.
# (Note that we actually also accept "D" symbols, for the benefit
# of platforms like PowerPC64 that use function descriptors.)
nm binary --format=posix --defined-only \
| awk '{ if ($2 == "T" || $2 == "t" || $2 == "D") print $1 }' \
| sort > funcsyms
# Keep all the function symbols not already in the dynamic symbol
# table.
comm -13 dynsyms funcsyms > keep_symbols
# Separate full debug info into debug binary.
objcopy --only-keep-debug binary debug
# Copy the full debuginfo, keeping only a minimal set of symbols and
# removing some unnecessary sections.
objcopy -S --remove-section .gdb_index --remove-section .comment \
--keep-symbols=keep_symbols debug mini_debuginfo
# Drop the full debug info from the original binary.
strip --strip-all -R .comment binary
# Inject the compressed data into the .gnu_debugdata section of the
# original binary.
xz mini_debuginfo
objcopy --add-section .gnu_debugdata=mini_debuginfo.xz binary
When gdb finds a symbol file, it scans the symbols in the file in order to construct an internal symbol table. This lets most gdb operations work quickly—at the cost of a delay early on. For large programs, this delay can be quite lengthy, so gdb provides a way to build an index, which speeds up startup.
The index is stored as a section in the symbol file. gdb can write the index to a file, then you can put it into the symbol file using objcopy.
To create an index file, use the save gdb-index command:
save gdb-index directoryOnce you have created an index file you can merge it into your symbol file, here named symfile, using objcopy:
$ objcopy --add-section .gdb_index=symfile.gdb-index \
--set-section-flags .gdb_index=readonly symfile symfile
gdb will normally ignore older versions of .gdb_index
sections that have been deprecated. Usually they are deprecated because
they are missing a new feature or have performance issues.
To tell gdb to use a deprecated index section anyway
specify set use-deprecated-index-sections on.
The default is off.
This can speed up startup, but may result in some functionality being lost.
See Index Section Format.
Warning: Setting use-deprecated-index-sections to on
must be done before gdb reads the file. The following will not work:
$ gdb -ex "set use-deprecated-index-sections on" <program>
Instead you must do, for example,
$ gdb -iex "set use-deprecated-index-sections on" <program>
There are currently some limitation on indices. They only work when for DWARF debugging information, not stabs. And, they do not currently work for programs using Ada.
While reading a symbol file, gdb occasionally encounters problems,
such as symbol types it does not recognize, or known bugs in compiler
output. By default, gdb does not notify you of such problems, since
they are relatively common and primarily of interest to people
debugging compilers. If you are interested in seeing information
about ill-constructed symbol tables, you can either ask gdb to print
only one message about each such type of problem, no matter how many
times the problem occurs; or you can ask gdb to print more messages,
to see how many times the problems occur, with the set
complaints command (see Optional Warnings and Messages).
The messages currently printed, and their meanings, include:
inner block not inside outer block in symbolgdb circumvents the problem by treating the inner block as if it had
the same scope as the outer block. In the error message, symbol
may be shown as “(don't know)” if the outer block is not a
function.
block at address out of ordergdb does not circumvent this problem, and has trouble
locating symbols in the source file whose symbols it is reading. (You
can often determine what source file is affected by specifying
set verbose on. See Optional Warnings and Messages.)
bad block start address patchedgdb circumvents the problem by treating the symbol scope block as
starting on the previous source line.
bad string table offset in symbol ngdb circumvents the problem by considering the symbol to have the
name foo, which may cause other problems if many symbols end up
with this name.
unknown symbol type 0xnn0xnn is the symbol type of the
uncomprehended information, in hexadecimal.
gdb circumvents the error by ignoring this symbol information.
This usually allows you to debug your program, though certain symbols
are not accessible. If you encounter such a problem and feel like
debugging it, you can debug gdb with itself, breakpoint
on complain, then go up to the function read_dbx_symtab
and examine *bufp to see the symbol.
stub type has NULL nameconst/volatile indicator missing (ok if using g++ v1.x), got...info mismatch between compiler and debuggergdb will sometimes read an auxiliary data file. These files are kept in a directory known as the data directory.
You can set the data directory's name, and view the name gdb is currently using.
set data-directory directoryshow data-directoryYou can set the default data directory by using the configure-time ‘--with-gdb-datadir’ option. If the data directory is inside gdb's configured binary prefix (set with ‘--prefix’ or ‘--exec-prefix’), then the default data directory will be updated automatically if the installed gdb is moved to a new location.
The data directory may also be specified with the
--data-directory command line option.
See Mode Options.
A target is the execution environment occupied by your program.
Often, gdb runs in the same host environment as your program;
in that case, the debugging target is specified as a side effect when
you use the file or core commands. When you need more
flexibility—for example, running gdb on a physically separate
host, or controlling a standalone system over a serial port or a
realtime system over a TCP/IP connection—you can use the target
command to specify one of the target types configured for gdb
(see Commands for Managing Targets).
It is possible to build gdb for several different target architectures. When gdb is built like that, you can choose one of the available architectures with the set architecture command.
set architecture arch"auto", in addition to one of the
supported architectures.
show architectureset processorprocessorset architecture
and show architecture.
There are multiple classes of targets such as: processes, executable files or
recording sessions. Core files belong to the process class, making core file
and process mutually exclusive. Otherwise, gdb can work concurrently
on multiple active targets, one in each class. This allows you to (for
example) start a process and inspect its activity, while still having access to
the executable file after the process finishes. Or if you start process
recording (see Reverse Execution) and reverse-step there, you are
presented a virtual layer of the recording target, while the process target
remains stopped at the chronologically last point of the process execution.
Use the core-file and exec-file commands to select a new core
file or executable target (see Commands to Specify Files). To
specify as a target a process that is already running, use the attach
command (see Debugging an Already-running Process).
target type parametersFurther parameters are interpreted by the target protocol, but typically include things like device names or host names to connect with, process numbers, and baud rates.
The target command does not repeat if you press <RET> again
after executing the command.
help targetinfo target or info files
(see Commands to Specify Files).
help target nameset gnutarget argsset gnutarget command. Unlike most target commands,
with gnutarget the target refers to a program, not a machine.
Warning: To specify a file format with set gnutarget,
you must know the actual BFD name.
show gnutargetshow gnutarget command to display what file format
gnutarget is set to read. If you have not set gnutarget,
gdb will determine the file format for each file automatically,
and show gnutarget displays ‘The current BFD target is "auto"’.
Here are some common targets (available, or not, depending on the GDB configuration):
target exec programtarget core filenametarget remote mediumFor example, if you have a board connected to /dev/ttya on the machine running gdb, you could say:
target remote /dev/ttya
target remote supports the load command. This is only
useful if you have some other way of getting the stub to the target
system, and you can put it somewhere in memory where it won't get
clobbered by the download.
target sim [simargs] ... target sim
load
run
works; however, you cannot assume that a specific memory map, device
drivers, or even basic I/O is available, although some simulators do
provide these. For info about any processor-specific simulator details,
see the appropriate section in Embedded Processors.
target nativerun command spawn native processes (likewise attach,
etc.) even when set auto-connect-native-target is off
(see set auto-connect-native-target).
Different targets are available on different configurations of gdb; your configuration may have more or fewer targets.
Many remote targets require you to download the executable's code once you've successfully established a connection. You may wish to control various aspects of this process.
set hashshow hashset debug monitorshow debug monitorload filenameload command may be available. Where it exists, it
is meant to make filename (an executable) available for debugging
on the remote system—by downloading, or dynamic linking, for example.
load also records the filename symbol table in gdb, like
the add-symbol-file command.
If your gdb does not have a load command, attempting to
execute it gets the error message “You can't do that when your
target is ...”
The file is loaded at whatever address is specified in the executable. For some object file formats, you can specify the load address when you link the program; for other formats, like a.out, the object file format specifies a fixed address.
Depending on the remote side capabilities, gdb may be able to load programs into flash memory.
load does not repeat if you press <RET> again after using it.
unload filenameunload command may be available. Where it exists,
it does the opposite of the load command.
If your gdb does not have an unload command, attempting
to execute it triggers the error message “You can't do that when
your target is ...”
unload does not repeat if you press <RET> again after using it.
Some types of processors, such as the MIPS, PowerPC, and Renesas SH, offer the ability to run either big-endian or little-endian byte orders. Usually the executable or symbol will include a bit to designate the endian-ness, and you will not need to worry about which to use. However, you may still find it useful to adjust gdb's idea of processor endian-ness manually.
set endian bigset endian littleset endian autoshow endianNote that these commands merely adjust interpretation of symbolic data on the host, and that they have absolutely no effect on the target system.
If you are trying to debug a program running on a machine that cannot run gdb in the usual way, it is often useful to use remote debugging. For example, you might use remote debugging on an operating system kernel, or on a small system which does not have a general purpose operating system powerful enough to run a full-featured debugger.
Some configurations of gdb have special serial or TCP/IP interfaces to make this work with particular debugging targets. In addition, gdb comes with a generic serial protocol (specific to gdb, but not specific to any particular target system) which you can use if you write the remote stubs—the code that runs on the remote system to communicate with gdb.
Other remote targets may be available in your
configuration of gdb; use help target to list them.
gdb needs an unstripped copy of your program to access symbol
and debugging information. Some remote targets (see qXfer executable filename read, and see Host I/O Packets) allow
gdb to access program files over the same connection used to
communicate with gdb. With such a target, if the remote
program is unstripped, the only command you need is target
remote. Otherwise, start up gdb using the name of the local
unstripped copy of your program as the first argument, or use the
file command.
gdb can communicate with the target over a serial line, or
over an IP network using TCP or UDP. In
each case, gdb uses the same protocol for debugging your
program; only the medium carrying the debugging packets varies. The
target remote command establishes a connection to the target.
Its arguments indicate which medium to use:
target remote serial-devicetarget remote /dev/ttyb
If you're using a serial line, you may want to give gdb the
‘--baud’ option, or use the set serial baud command
(see set serial baud) before the
target command.
target remote host:porttarget remote tcp:host:portFor example, to connect to port 2828 on a terminal server named
manyfarms:
target remote manyfarms:2828
If your remote target is actually running on the same machine as your debugger session (e.g. a simulator for your target running on the same host), you can omit the hostname. For example, to connect to port 1234 on your local machine:
target remote :1234
Note that the colon is still required here.
target remote udp:host:portmanyfarms:
target remote udp:manyfarms:2828
When using a UDP connection for remote debugging, you should
keep in mind that the `U' stands for “Unreliable”. UDP
can silently drop packets on busy or unreliable networks, which will
cause havoc with your debugging session.
target remote | command/bin/sh; it should expect remote
protocol packets on its standard input, and send replies on its
standard output. You could use this to run a stand-alone simulator
that speaks the remote debugging protocol, to make net connections
using programs like ssh, or for other similar tricks.
If command closes its standard output (perhaps by exiting),
gdb will try to send it a SIGTERM signal. (If the
program has already exited, this will have no effect.)
Once the connection has been established, you can use all the usual commands to examine and change data. The remote program is already running; you can use step and continue, and you do not need to use run.
Whenever gdb is waiting for the remote program, if you type the interrupt character (often Ctrl-c), gdb attempts to stop the program. This may or may not succeed, depending in part on the hardware and the serial drivers the remote system uses. If you type the interrupt character once again, gdb displays this prompt:
Interrupted while waiting for the program.
Give up (and stop debugging it)? (y or n)
If you type y, gdb abandons the remote debugging session. (If you decide you want to try again later, you can use ‘target remote’ again to connect once more.) If you type n, gdb goes back to waiting.
detachdetach command to release it from gdb control.
Detaching from the target normally resumes its execution, but the results
will depend on your particular remote stub. After the detach
command, gdb is free to connect to another target.
disconnectdisconnect command behaves like detach, except that
the target is generally not resumed. It will wait for gdb
(this instance or another one) to connect and continue debugging. After
the disconnect command, gdb is again free to connect to
another target.
monitor cmd
Some remote targets offer the ability to transfer files over the same
connection used to communicate with gdb. This is convenient
for targets accessible through other means, e.g. gnu/Linux systems
running gdbserver over a network interface. For other targets,
e.g. embedded devices with only a single serial port, this may be
the only way to upload or download files.
Not all remote targets support these commands.
remote put hostfile targetfileremote get targetfile hostfileremote delete targetfilegdbserver Programgdbserver is a control program for Unix-like systems, which
allows you to connect your program with a remote gdb via
target remote—but without linking in the usual debugging stub.
gdbserver is not a complete replacement for the debugging stubs,
because it requires essentially the same operating-system facilities
that gdb itself does. In fact, a system that can run
gdbserver to connect to a remote gdb could also run
gdb locally! gdbserver is sometimes useful nevertheless,
because it is a much smaller program than gdb itself. It is
also easier to port than all of gdb, so you may be able to get
started more quickly on a new system by using gdbserver.
Finally, if you develop code for real-time systems, you may find that
the tradeoffs involved in real-time operation make it more convenient to
do as much development work as possible on another system, for example
by cross-compiling. You can use gdbserver to make a similar
choice for debugging.
gdb and gdbserver communicate via either a serial line
or a TCP connection, using the standard gdb remote serial
protocol.
Warning:gdbserverdoes not have any built-in security. Do not rungdbserverconnected to any public network; a gdb connection togdbserverprovides access to the target system with the same privileges as the user runninggdbserver.
gdbserver
Run gdbserver on the target system. You need a copy of the
program you want to debug, including any libraries it requires.
gdbserver does not need your program's symbol table, so you can
strip the program if necessary to save space. gdb on the host
system does all the symbol handling.
To use the server, you must tell it how to communicate with gdb; the name of your program; and the arguments for your program. The usual syntax is:
target> gdbserver comm program [ args ... ]
comm is either a device name (to use a serial line), or a TCP
hostname and portnumber, or - or stdio to use
stdin/stdout of gdbserver.
For example, to debug Emacs with the argument
‘foo.txt’ and communicate with gdb over the serial port
/dev/com1:
target> gdbserver /dev/com1 emacs foo.txt
gdbserver waits passively for the host gdb to communicate
with it.
To use a TCP connection instead of a serial line:
target> gdbserver host:2345 emacs foo.txt
The only difference from the previous example is the first argument,
specifying that you are communicating with the host gdb via
TCP. The ‘host:2345’ argument means that gdbserver is to
expect a TCP connection from machine ‘host’ to local TCP port 2345.
(Currently, the ‘host’ part is ignored.) You can choose any number
you want for the port number as long as it does not conflict with any
TCP ports already in use on the target system (for example, 23 is
reserved for telnet).15 You must use the same port number with the host gdb
target remote command.
The stdio connection is useful when starting gdbserver
with ssh:
(gdb) target remote | ssh -T hostname gdbserver - hello
The ‘-T’ option to ssh is provided because we don't need a remote pty, and we don't want escape-character handling. Ssh does this by default when a command is provided, the flag is provided to make it explicit. You could elide it if you want to.
Programs started with stdio-connected gdbserver have /dev/null for
stdin, and stdout,stderr are sent back to gdb for
display through a pipe connected to gdbserver.
Both stdout and stderr use the same pipe.
On some targets, gdbserver can also attach to running programs.
This is accomplished via the --attach argument. The syntax is:
target> gdbserver --attach comm pid
pid is the process ID of a currently running process. It isn't necessary
to point gdbserver at a binary for the running process.
You can debug processes by name instead of process ID if your target has the
pidof utility:
target> gdbserver --attach comm `pidof program`
In case more than one copy of program is running, or program
has multiple threads, most versions of pidof support the
-s option to only return the first process ID.
gdbserver
When you connect to gdbserver using target remote,
gdbserver debugs the specified program only once. When the
program exits, or you detach from it, gdb closes the connection
and gdbserver exits.
If you connect using target extended-remote, gdbserver
enters multi-process mode. When the debugged program exits, or you
detach from it, gdb stays connected to gdbserver even
though no program is running. The run and attach
commands instruct gdbserver to run or attach to a new program.
The run command uses set remote exec-file (see set remote exec-file) to select the program to run. Command line
arguments are supported, except for wildcard expansion and I/O
redirection (see Arguments).
To start gdbserver without supplying an initial command to run
or process ID to attach, use the --multi command line option.
Then you can connect using target extended-remote and start
the program you want to debug.
In multi-process mode gdbserver does not automatically exit unless you
use the option --once. You can terminate it by using
monitor exit (see Monitor Commands for gdbserver). Note that the
conditions under which gdbserver terminates depend on how gdb
connects to it (target remote or target extended-remote). The
--multi option to gdbserver has no influence on that.
gdbserverThis section applies only when gdbserver is run to listen on a TCP port.
gdbserver normally terminates after all of its debugged processes have
terminated in target remote mode. On the other hand, for target
extended-remote, gdbserver stays running even with no processes left.
gdb normally terminates the spawned debugged process on its exit,
which normally also terminates gdbserver in the target remote
mode. Therefore, when the connection drops unexpectedly, and gdb
cannot ask gdbserver to kill its debugged processes, gdbserver
stays running even in the target remote mode.
When gdbserver stays running, gdb can connect to it again later.
Such reconnecting is useful for features like disconnected tracing. For
completeness, at most one gdb can be connected at a time.
By default, gdbserver keeps the listening TCP port open, so that
subsequent connections are possible. However, if you start gdbserver
with the --once option, it will stop listening for any further
connection attempts after connecting to the first gdb session. This
means no further connections to gdbserver will be possible after the
first one. It also means gdbserver will terminate after the first
connection with remote gdb has closed, even for unexpectedly closed
connections and even in the target extended-remote mode. The
--once option allows reusing the same port number for connecting to
multiple instances of gdbserver running on the same host, since each
instance closes its port after the first connection.
gdbserverThe --debug option tells gdbserver to display extra
status information about the debugging process.
The --remote-debug option tells gdbserver to display
remote protocol debug output. These options are intended for
gdbserver development and for bug reports to the developers.
The --debug-format=option1[,option2,...] option tells
gdbserver to include additional information in each output.
Possible options are:
nonealltimestampsOptions are processed in order. Thus, for example, if none appears last then no additional information is added to debugging output.
The --wrapper option specifies a wrapper to launch programs for debugging. The option should be followed by the name of the wrapper, then any command-line arguments to pass to the wrapper, then -- indicating the end of the wrapper arguments.
gdbserver runs the specified wrapper program with a combined
command line including the wrapper arguments, then the name of the
program to debug, then any arguments to the program. The wrapper
runs until it executes your program, and then gdb gains control.
You can use any program that eventually calls execve with
its arguments as a wrapper. Several standard Unix utilities do
this, e.g. env and nohup. Any Unix shell script ending
with exec "$@" will also work.
For example, you can use env to pass an environment variable to
the debugged program, without setting the variable in gdbserver's
environment:
$ gdbserver --wrapper env LD_PRELOAD=libtest.so -- :2222 ./testprog
gdbserverRun gdb on the host system.
First make sure you have the necessary symbol files. Load symbols for
your application using the file command before you connect. Use
set sysroot to locate target libraries (unless your gdb
was compiled with the correct sysroot using --with-sysroot).
The symbol file and target libraries must exactly match the executable
and libraries on the target, with one exception: the files on the host
system should not be stripped, even if the files on the target system
are. Mismatched or missing files will lead to confusing results
during debugging. On gnu/Linux targets, mismatched or missing
files may also prevent gdbserver from debugging multi-threaded
programs.
Connect to your target (see Connecting to a Remote Target).
For TCP connections, you must start up gdbserver prior to using
the target remote command. Otherwise you may get an error whose
text depends on the host system, but which usually looks something like
‘Connection refused’. Don't use the load
command in gdb when using gdbserver, since the program is
already on the target.
gdbserverDuring a gdb session using gdbserver, you can use the
monitor command to send special requests to gdbserver.
Here are the available commands.
monitor helpmonitor set debug 0monitor set debug 1monitor set remote-debug 0monitor set remote-debug 1monitor set debug-format option1[,option2,...]nonealltimestampsOptions are processed in order. Thus, for example, if none
appears last then no additional information is added to debugging output.
monitor set libthread-db-search-path [PATH]libthread_db (see set libthread-db-search-path). If you omit path,
‘libthread-db-search-path’ will be reset to its default value.
The special entry ‘$pdir’ for ‘libthread-db-search-path’ is
not supported in gdbserver.
monitor exitdisconnect to close the debugging session. gdbserver will
detach from any attached processes and kill any processes it created.
Use monitor exit to terminate gdbserver at the end
of a multi-process mode debug session.
gdbserver
On some targets, gdbserver supports tracepoints, fast
tracepoints and static tracepoints.
For fast or static tracepoints to work, a special library called the
in-process agent (IPA), must be loaded in the inferior process.
This library is built and distributed as an integral part of
gdbserver. In addition, support for static tracepoints
requires building the in-process agent library with static tracepoints
support. At present, the UST (LTTng Userspace Tracer,
http://lttng.org/ust) tracing engine is supported. This support
is automatically available if UST development headers are found in the
standard include path when gdbserver is built, or if
gdbserver was explicitly configured using --with-ust
to point at such headers. You can explicitly disable the support
using --with-ust=no.
There are several ways to load the in-process agent in your program:
Specifying it as dependency at link time-linproctrace to the link command.
Using the system's preloading mechanismsLD_PRELOAD=libinproctrace.so
in the environment. See also the description of gdbserver's
--wrapper command line option.
Using gdb to force loading the agent at run timedlopen. You'll use the call
command for that. For example:
(gdb) call dlopen ("libinproctrace.so", ...)
Note that on most Unix systems, for the dlopen function to be
available, the program needs to be linked with -ldl.
On systems that have a userspace dynamic loader, like most Unix
systems, when you connect to gdbserver using target
remote, you'll find that the program is stopped at the dynamic
loader's entry point, and no shared library has been loaded in the
program's address space yet, including the in-process agent. In that
case, before being able to use any of the fast or static tracepoints
features, you need to let the loader run and load the shared
libraries. The simplest way to do that is to run the program to the
main procedure. E.g., if debugging a C or C++ program, start
gdbserver like so:
$ gdbserver :9999 myprogram
Start GDB and connect to gdbserver like so, and run to main:
$ gdb myprogram
(gdb) target remote myhost:9999
0x00007f215893ba60 in ?? () from /lib64/ld-linux-x86-64.so.2
(gdb) b main
(gdb) continue
The in-process tracing agent library should now be loaded into the
process; you can confirm it with the info sharedlibrary
command, which will list libinproctrace.so as loaded in the
process. You are now ready to install fast tracepoints, list static
tracepoint markers, probe static tracepoints markers, and start
tracing.
This section documents the configuration options available when debugging remote programs. For the options related to the File I/O extensions of the remote protocol, see system-call-allowed.
set remoteaddresssize bitsshow remoteaddresssizeset serial baud nshow serial baudset serial parity parityeven, none, and odd. The default is none.
show serial parityset remotebreakBREAK signal to the remote
when you type Ctrl-c to interrupt the program running
on the remote. If set to off, gdb sends the ‘Ctrl-C’
character instead. The default is off, since most remote systems
expect to see ‘Ctrl-C’ as the interrupt signal.
show remotebreakBREAK or ‘Ctrl-C’ to
interrupt the remote program.
set remoteflow onset remoteflow offRTS/CTS)
on the serial port used to communicate to the remote target.
show remoteflowset remotelogbase baseascii, octal, and hex. The default is
ascii.
show remotelogbaseset remotelogfile fileshow remotelogfile.set remotetimeout numshow remotetimeoutset remote hardware-watchpoint-limit limitset remote hardware-breakpoint-limit limitset remote hardware-watchpoint-length-limit limitshow remote hardware-watchpoint-length-limitset remote exec-file filenameshow remote exec-filerun with target
extended-remote. This should be set to a filename valid on the
target system. If it is not set, the target will use a default
filename (e.g. the last program run).
set remote interrupt-sequenceBREAK or
‘BREAK-g’ as the
sequence to the remote target in order to interrupt the execution.
‘Ctrl-C’ is a default. Some system prefers BREAK which
is high level of serial line for some certain time.
Linux kernel prefers ‘BREAK-g’, a.k.a Magic SysRq g.
It is BREAK signal followed by character g.
show interrupt-sequenceBREAK or BREAK-g
is sent by gdb to interrupt the remote program.
BREAK-g is BREAK signal followed by g and
also known as Magic SysRq g.
set remote interrupt-on-connectBREAK followed by g
which is known as Magic SysRq g in order to connect gdb.
show interrupt-on-connectset tcp auto-retry onset tcp connect-timeout.
set tcp auto-retry offshow tcp auto-retryset tcp connect-timeout secondsset tcp connect-timeout unlimitedset tcp auto-retry on) and waiting for connections
that are merely slow to complete, and represents an approximate cumulative
value. If seconds is unlimited, there is no timeout and
gdb will keep attempting to establish a connection forever,
unless interrupted with Ctrl-c. The default is 15 seconds.
show tcp connect-timeoutThe gdb remote protocol autodetects the packets supported by your debugging stub. If you need to override the autodetection, you can use these commands to enable or disable individual packets. Each packet can be set to ‘on’ (the remote target supports this packet), ‘off’ (the remote target does not support this packet), or ‘auto’ (detect remote target support for this packet). They all default to ‘auto’. For more information about each packet, see Remote Protocol.
During normal use, you should not have to use any of these commands. If you do, that may be a bug in your remote debugging stub, or a bug in gdb. You may want to report the problem to the gdb developers.
For each packet name, the command to enable or disable the
packet is set remote name-packet. The available settings
are:
| Command Name | Remote Packet | Related Features
|
fetch-register
| p
| info registers
|
set-register
| P
| set
|
binary-download
| X
| load, set
|
read-aux-vector
| qXfer:auxv:read
| info auxv
|
symbol-lookup
| qSymbol
| Detecting multiple threads
|
attach
| vAttach
| attach
|
verbose-resume
| vCont
| Stepping or resuming multiple threads
|
run
| vRun
| run
|
software-breakpoint
| Z0
| break
|
hardware-breakpoint
| Z1
| hbreak
|
write-watchpoint
| Z2
| watch
|
read-watchpoint
| Z3
| rwatch
|
access-watchpoint
| Z4
| awatch
|
pid-to-exec-file
| qXfer:exec-file:read
| attach, run
|
target-features
| qXfer:features:read
|