This is the Tenth Edition, of Debugging with gdb: the gnu Source-Level Debugger for gdb Version 8.3.1 for GNAT Pro 21.0w.
Copyright © 1988-2019 Free Software Foundation, Inc.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being “Free Software” and “Free Software Needs Free Documentation”, with the Front-Cover Texts being “A GNU Manual,” and with the Back-Cover Texts as in (a) below.
(a) The FSF's Back-Cover Text is: “You are free to copy and modify this GNU Manual. Buying copies from GNU Press supports the FSF in developing GNU and promoting software freedom.”
This file describes gdb, the gnu symbolic debugger.
This is the Tenth Edition, for gdb Version 8.3.1 for GNAT Pro 21.0w.
Copyright (C) 1988-2019 Free Software Foundation, Inc.
This edition of the GDB manual is dedicated to the memory of Fred Fish. Fred was a long-standing contributor to GDB and to Free software in general. We will miss him.
.gdb_index
section format
The purpose of a debugger such as gdb is to allow you to see what is going on “inside” another program while it executes—or what another program was doing at the moment it crashed.
gdb can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:
You can use gdb to debug programs written in C and C++. For more information, see Supported Languages. For more information, see C and C++.
Support for D is partial. For information on D, see D.
Support for Modula-2 is partial. For information on Modula-2, see Modula-2.
Support for OpenCL C is partial. For information on OpenCL C, see OpenCL C.
Debugging Pascal programs which use sets, subranges, file variables, or nested functions does not currently work. gdb does not support entering expressions, printing values, or similar features using Pascal syntax.
gdb can be used to debug programs written in Fortran, although it may be necessary to refer to some variables with a trailing underscore.
gdb can be used to debug programs written in Objective-C, using either the Apple/NeXT or the GNU Objective-C runtime.
gdb is free software, protected by the gnu General Public License (GPL). The GPL gives you the freedom to copy or adapt a licensed program—but every person getting a copy also gets with it the freedom to modify that copy (which means that they must get access to the source code), and the freedom to distribute further copies. Typical software companies use copyrights to limit your freedoms; the Free Software Foundation uses the GPL to preserve these freedoms.
Fundamentally, the General Public License is a license which says that you have these freedoms and that you cannot take these freedoms away from anyone else.
The biggest deficiency in the free software community today is not in the software—it is the lack of good free documentation that we can include with the free software. Many of our most important programs do not come with free reference manuals and free introductory texts. Documentation is an essential part of any software package; when an important free software package does not come with a free manual and a free tutorial, that is a major gap. We have many such gaps today.
Consider Perl, for instance. The tutorial manuals that people normally use are non-free. How did this come about? Because the authors of those manuals published them with restrictive terms—no copying, no modification, source files not available—which exclude them from the free software world.
That wasn't the first time this sort of thing happened, and it was far from the last. Many times we have heard a GNU user eagerly describe a manual that he is writing, his intended contribution to the community, only to learn that he had ruined everything by signing a publication contract to make it non-free.
Free documentation, like free software, is a matter of freedom, not price. The problem with the non-free manual is not that publishers charge a price for printed copies—that in itself is fine. (The Free Software Foundation sells printed copies of manuals, too.) The problem is the restrictions on the use of the manual. Free manuals are available in source code form, and give you permission to copy and modify. Non-free manuals do not allow this.
The criteria of freedom for a free manual are roughly the same as for free software. Redistribution (including the normal kinds of commercial redistribution) must be permitted, so that the manual can accompany every copy of the program, both on-line and on paper.
Permission for modification of the technical content is crucial too. When people modify the software, adding or changing features, if they are conscientious they will change the manual too—so they can provide accurate and clear documentation for the modified program. A manual that leaves you no choice but to write a new manual to document a changed version of the program is not really available to our community.
Some kinds of limits on the way modification is handled are acceptable. For example, requirements to preserve the original author's copyright notice, the distribution terms, or the list of authors, are ok. It is also no problem to require modified versions to include notice that they were modified. Even entire sections that may not be deleted or changed are acceptable, as long as they deal with nontechnical topics (like this one). These kinds of restrictions are acceptable because they don't obstruct the community's normal use of the manual.
However, it must be possible to modify all the technical content of the manual, and then distribute the result in all the usual media, through all the usual channels. Otherwise, the restrictions obstruct the use of the manual, it is not free, and we need another manual to replace it.
Please spread the word about this issue. Our community continues to lose manuals to proprietary publishing. If we spread the word that free software needs free reference manuals and free tutorials, perhaps the next person who wants to contribute by writing documentation will realize, before it is too late, that only free manuals contribute to the free software community.
If you are writing documentation, please insist on publishing it under the GNU Free Documentation License or another free documentation license. Remember that this decision requires your approval—you don't have to let the publisher decide. Some commercial publishers will use a free license if you insist, but they will not propose the option; it is up to you to raise the issue and say firmly that this is what you want. If the publisher you are dealing with refuses, please try other publishers. If you're not sure whether a proposed license is free, write to licensing@gnu.org.
You can encourage commercial publishers to sell more free, copylefted manuals and tutorials by buying them, and particularly by buying copies from the publishers that paid for their writing or for major improvements. Meanwhile, try to avoid buying non-free documentation at all. Check the distribution terms of a manual before you buy it, and insist that whoever seeks your business must respect your freedom. Check the history of the book, and try to reward the publishers that have paid or pay the authors to work on it.
The Free Software Foundation maintains a list of free documentation published by other publishers, at http://www.fsf.org/doc/other-free-books.html.
Richard Stallman was the original author of gdb, and of many other gnu programs. Many others have contributed to its development. This section attempts to credit major contributors. One of the virtues of free software is that everyone is free to contribute to it; with regret, we cannot actually acknowledge everyone here. The file ChangeLog in the gdb distribution approximates a blow-by-blow account.
Changes much prior to version 2.0 are lost in the mists of time.
Plea: Additions to this section are particularly welcome. If you or your friends (or enemies, to be evenhanded) have been unfairly omitted from this list, we would like to add your names!
So that they may not regard their many labors as thankless, we particularly thank those who shepherded gdb through major releases: Andrew Cagney (releases 6.3, 6.2, 6.1, 6.0, 5.3, 5.2, 5.1 and 5.0); Jim Blandy (release 4.18); Jason Molenda (release 4.17); Stan Shebs (release 4.14); Fred Fish (releases 4.16, 4.15, 4.13, 4.12, 4.11, 4.10, and 4.9); Stu Grossman and John Gilmore (releases 4.8, 4.7, 4.6, 4.5, and 4.4); John Gilmore (releases 4.3, 4.2, 4.1, 4.0, and 3.9); Jim Kingdon (releases 3.5, 3.4, and 3.3); and Randy Smith (releases 3.2, 3.1, and 3.0).
Richard Stallman, assisted at various times by Peter TerMaat, Chris Hanson, and Richard Mlynarik, handled releases through 2.8.
Michael Tiemann is the author of most of the gnu C++ support in gdb, with significant additional contributions from Per Bothner and Daniel Berlin. James Clark wrote the gnu C++ demangler. Early work on C++ was by Peter TerMaat (who also did much general update work leading to release 3.0).
gdb uses the BFD subroutine library to examine multiple object-file formats; BFD was a joint project of David V. Henkel-Wallace, Rich Pixley, Steve Chamberlain, and John Gilmore.
David Johnson wrote the original COFF support; Pace Willison did the original support for encapsulated COFF.
Brent Benson of Harris Computer Systems contributed DWARF 2 support.
Adam de Boor and Bradley Davis contributed the ISI Optimum V support. Per Bothner, Noboyuki Hikichi, and Alessandro Forin contributed MIPS support. Jean-Daniel Fekete contributed Sun 386i support. Chris Hanson improved the HP9000 support. Noboyuki Hikichi and Tomoyuki Hasei contributed Sony/News OS 3 support. David Johnson contributed Encore Umax support. Jyrki Kuoppala contributed Altos 3068 support. Jeff Law contributed HP PA and SOM support. Keith Packard contributed NS32K support. Doug Rabson contributed Acorn Risc Machine support. Bob Rusk contributed Harris Nighthawk CX-UX support. Chris Smith contributed Convex support (and Fortran debugging). Jonathan Stone contributed Pyramid support. Michael Tiemann contributed SPARC support. Tim Tucker contributed support for the Gould NP1 and Gould Powernode. Pace Willison contributed Intel 386 support. Jay Vosburgh contributed Symmetry support. Marko Mlinar contributed OpenRISC 1000 support.
Andreas Schwab contributed M68K gnu/Linux support.
Rich Schaefer and Peter Schauer helped with support of SunOS shared libraries.
Jay Fenlason and Roland McGrath ensured that gdb and GAS agree about several machine instruction sets.
Patrick Duval, Ted Goldstein, Vikram Koka and Glenn Engel helped develop remote debugging. Intel Corporation, Wind River Systems, AMD, and ARM contributed remote debugging modules for the i960, VxWorks, A29K UDI, and RDI targets, respectively.
Brian Fox is the author of the readline libraries providing command-line editing and command history.
Andrew Beers of SUNY Buffalo wrote the language-switching code, the Modula-2 support, and contributed the Languages chapter of this manual.
Fred Fish wrote most of the support for Unix System Vr4. He also enhanced the command-completion support to cover C++ overloaded symbols.
Hitachi America (now Renesas America), Ltd. sponsored the support for H8/300, H8/500, and Super-H processors.
NEC sponsored the support for the v850, Vr4xxx, and Vr5xxx processors.
Mitsubishi (now Renesas) sponsored the support for D10V, D30V, and M32R/D processors.
Toshiba sponsored the support for the TX39 Mips processor.
Matsushita sponsored the support for the MN10200 and MN10300 processors.
Fujitsu sponsored the support for SPARClite and FR30 processors.
Kung Hsu, Jeff Law, and Rick Sladkey added support for hardware watchpoints.
Michael Snyder added support for tracepoints.
Stu Grossman wrote gdbserver.
Jim Kingdon, Peter Schauer, Ian Taylor, and Stu Grossman made nearly innumerable bug fixes and cleanups throughout gdb.
The following people at the Hewlett-Packard Company contributed support for the PA-RISC 2.0 architecture, HP-UX 10.20, 10.30, and 11.0 (narrow mode), HP's implementation of kernel threads, HP's aC++ compiler, and the Text User Interface (nee Terminal User Interface): Ben Krepp, Richard Title, John Bishop, Susan Macchia, Kathy Mann, Satish Pai, India Paul, Steve Rehrauer, and Elena Zannoni. Kim Haase provided HP-specific information in this manual.
DJ Delorie ported gdb to MS-DOS, for the DJGPP project. Robert Hoehne made significant contributions to the DJGPP port.
Cygnus Solutions has sponsored gdb maintenance and much of its development since 1991. Cygnus engineers who have worked on gdb fulltime include Mark Alexander, Jim Blandy, Per Bothner, Kevin Buettner, Edith Epstein, Chris Faylor, Fred Fish, Martin Hunt, Jim Ingham, John Gilmore, Stu Grossman, Kung Hsu, Jim Kingdon, John Metzler, Fernando Nasser, Geoffrey Noer, Dawn Perchik, Rich Pixley, Zdenek Radouch, Keith Seitz, Stan Shebs, David Taylor, and Elena Zannoni. In addition, Dave Brolley, Ian Carmichael, Steve Chamberlain, Nick Clifton, JT Conklin, Stan Cox, DJ Delorie, Ulrich Drepper, Frank Eigler, Doug Evans, Sean Fagan, David Henkel-Wallace, Richard Henderson, Jeff Holcomb, Jeff Law, Jim Lemke, Tom Lord, Bob Manson, Michael Meissner, Jason Merrill, Catherine Moore, Drew Moseley, Ken Raeburn, Gavin Romig-Koch, Rob Savoye, Jamie Smith, Mike Stump, Ian Taylor, Angela Thomas, Michael Tiemann, Tom Tromey, Ron Unrau, Jim Wilson, and David Zuhn have made contributions both large and small.
Andrew Cagney, Fernando Nasser, and Elena Zannoni, while working for Cygnus Solutions, implemented the original gdb/mi interface.
Jim Blandy added support for preprocessor macros, while working for Red Hat.
Andrew Cagney designed gdb's architecture vector. Many people including Andrew Cagney, Stephane Carrez, Randolph Chung, Nick Duffek, Richard Henderson, Mark Kettenis, Grace Sainsbury, Kei Sakamoto, Yoshinori Sato, Michael Snyder, Andreas Schwab, Jason Thorpe, Corinna Vinschen, Ulrich Weigand, and Elena Zannoni, helped with the migration of old architectures to this new framework.
Andrew Cagney completely re-designed and re-implemented gdb's unwinder framework, this consisting of a fresh new design featuring frame IDs, independent frame sniffers, and the sentinel frame. Mark Kettenis implemented the dwarf 2 unwinder, Jeff Johnston the libunwind unwinder, and Andrew Cagney the dummy, sentinel, tramp, and trad unwinders. The architecture-specific changes, each involving a complete rewrite of the architecture's frame code, were carried out by Jim Blandy, Joel Brobecker, Kevin Buettner, Andrew Cagney, Stephane Carrez, Randolph Chung, Orjan Friberg, Richard Henderson, Daniel Jacobowitz, Jeff Johnston, Mark Kettenis, Theodore A. Roth, Kei Sakamoto, Yoshinori Sato, Michael Snyder, Corinna Vinschen, and Ulrich Weigand.
Christian Zankel, Ross Morley, Bob Wilson, and Maxim Grigoriev from Tensilica, Inc. contributed support for Xtensa processors. Others who have worked on the Xtensa port of gdb in the past include Steve Tjiang, John Newlin, and Scott Foehner.
Michael Eager and staff of Xilinx, Inc., contributed support for the Xilinx MicroBlaze architecture.
Initial support for the FreeBSD/mips target and native configuration was developed by SRI International and the University of Cambridge Computer Laboratory under DARPA/AFRL contract FA8750-10-C-0237 ("CTSRD"), as part of the DARPA CRASH research programme.
Initial support for the FreeBSD/riscv target and native configuration was developed by SRI International and the University of Cambridge Computer Laboratory (Department of Computer Science and Technology) under DARPA contract HR0011-18-C-0016 ("ECATS"), as part of the DARPA SSITH research programme.
The original port to the OpenRISC 1000 is believed to be due to Alessandro Forin and Per Bothner. More recent ports have been the work of Jeremy Bennett, Franck Jullien, Stefan Wallentowitz and Stafford Horne.
You can use this manual at your leisure to read all about gdb. However, a handful of commands are enough to get started using the debugger. This chapter illustrates those commands.
One of the preliminary versions of gnu m4
(a generic macro
processor) exhibits the following bug: sometimes, when we change its
quote strings from the default, the commands used to capture one macro
definition within another stop working. In the following short m4
session, we define a macro foo
which expands to 0000
; we
then use the m4
built-in defn
to define bar
as the
same thing. However, when we change the open quote string to
<QUOTE>
and the close quote string to <UNQUOTE>
, the same
procedure fails to define a new synonym baz
:
$ cd gnu/m4 $ ./m4 define(foo,0000) foo 0000 define(bar,defn(`foo')) bar 0000 changequote(<QUOTE>,<UNQUOTE>) define(baz,defn(<QUOTE>foo<UNQUOTE>)) baz Ctrl-d m4: End of input: 0: fatal error: EOF in string
Let us use gdb to try to see what is going on.
$ gdb m4 gdb is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for gdb; type "show warranty" for details. gdb 8.3.1 for GNAT Pro 21.0w, Copyright 1999 Free Software Foundation, Inc... (gdb)
gdb reads only enough symbol data to know where to find the rest when needed; as a result, the first prompt comes up very quickly. We now tell gdb to use a narrower display width than usual, so that examples fit in this manual.
(gdb) set width 70
We need to see how the m4
built-in changequote
works.
Having looked at the source, we know the relevant subroutine is
m4_changequote
, so we set a breakpoint there with the gdb
break
command.
(gdb) break m4_changequote Breakpoint 1 at 0x62f4: file builtin.c, line 879.
Using the run
command, we start m4
running under gdb
control; as long as control does not reach the m4_changequote
subroutine, the program runs as usual:
(gdb) run Starting program: /work/Editorial/gdb/gnu/m4/m4 define(foo,0000) foo 0000
To trigger the breakpoint, we call changequote
. gdb
suspends execution of m4
, displaying information about the
context where it stops.
changequote(<QUOTE>,<UNQUOTE>) Breakpoint 1, m4_changequote (argc=3, argv=0x33c70) at builtin.c:879 879 if (bad_argc(TOKEN_DATA_TEXT(argv[0]),argc,1,3))
Now we use the command n
(next
) to advance execution to
the next line of the current function.
(gdb) n 882 set_quotes((argc >= 2) ? TOKEN_DATA_TEXT(argv[1])\ : nil,
set_quotes
looks like a promising subroutine. We can go into it
by using the command s
(step
) instead of next
.
step
goes to the next line to be executed in any
subroutine, so it steps into set_quotes
.
(gdb) s set_quotes (lq=0x34c78 "<QUOTE>", rq=0x34c88 "<UNQUOTE>") at input.c:530 530 if (lquote != def_lquote)
The display that shows the subroutine where m4
is now
suspended (and its arguments) is called a stack frame display. It
shows a summary of the stack. We can use the backtrace
command (which can also be spelled bt
), to see where we are
in the stack as a whole: the backtrace
command displays a
stack frame for each active subroutine.
(gdb) bt #0 set_quotes (lq=0x34c78 "<QUOTE>", rq=0x34c88 "<UNQUOTE>") at input.c:530 #1 0x6344 in m4_changequote (argc=3, argv=0x33c70) at builtin.c:882 #2 0x8174 in expand_macro (sym=0x33320) at macro.c:242 #3 0x7a88 in expand_token (obs=0x0, t=209696, td=0xf7fffa30) at macro.c:71 #4 0x79dc in expand_input () at macro.c:40 #5 0x2930 in main (argc=0, argv=0xf7fffb20) at m4.c:195
We step through a few more lines to see what happens. The first two
times, we can use ‘s’; the next two times we use n
to avoid
falling into the xstrdup
subroutine.
(gdb) s 0x3b5c 532 if (rquote != def_rquote) (gdb) s 0x3b80 535 lquote = (lq == nil || *lq == '\0') ? \ def_lquote : xstrdup(lq); (gdb) n 536 rquote = (rq == nil || *rq == '\0') ? def_rquote\ : xstrdup(rq); (gdb) n 538 len_lquote = strlen(rquote);
The last line displayed looks a little odd; we can examine the variables
lquote
and rquote
to see if they are in fact the new left
and right quotes we specified. We use the command p
(print
) to see their values.
(gdb) p lquote $1 = 0x35d40 "<QUOTE>" (gdb) p rquote $2 = 0x35d50 "<UNQUOTE>"
lquote
and rquote
are indeed the new left and right quotes.
To look at some context, we can display ten lines of source
surrounding the current line with the l
(list
) command.
(gdb) l 533 xfree(rquote); 534 535 lquote = (lq == nil || *lq == '\0') ? def_lquote\ : xstrdup (lq); 536 rquote = (rq == nil || *rq == '\0') ? def_rquote\ : xstrdup (rq); 537 538 len_lquote = strlen(rquote); 539 len_rquote = strlen(lquote); 540 } 541 542 void
Let us step past the two lines that set len_lquote
and
len_rquote
, and then examine the values of those variables.
(gdb) n 539 len_rquote = strlen(lquote); (gdb) n 540 } (gdb) p len_lquote $3 = 9 (gdb) p len_rquote $4 = 7
That certainly looks wrong, assuming len_lquote
and
len_rquote
are meant to be the lengths of lquote
and
rquote
respectively. We can set them to better values using
the p
command, since it can print the value of
any expression—and that expression can include subroutine calls and
assignments.
(gdb) p len_lquote=strlen(lquote) $5 = 7 (gdb) p len_rquote=strlen(rquote) $6 = 9
Is that enough to fix the problem of using the new quotes with the
m4
built-in defn
? We can allow m4
to continue
executing with the c
(continue
) command, and then try the
example that caused trouble initially:
(gdb) c Continuing. define(baz,defn(<QUOTE>foo<UNQUOTE>)) baz 0000
Success! The new quotes now work just as well as the default ones. The
problem seems to have been just the two typos defining the wrong
lengths. We allow m4
exit by giving it an EOF as input:
Ctrl-d Program exited normally.
The message ‘Program exited normally.’ is from gdb; it
indicates m4
has finished executing. We can end our gdb
session with the gdb quit
command.
(gdb) quit
This chapter discusses how to start gdb, and how to get out of it. The essentials are:
Invoke gdb by running the program gdb
. Once started,
gdb reads commands from the terminal until you tell it to exit.
You can also run gdb
with a variety of arguments and options,
to specify more of your debugging environment at the outset.
The command-line options described here are designed to cover a variety of situations; in some environments, some of these options may effectively be unavailable.
The most usual way to start gdb is with one argument, specifying an executable program:
gdb program
You can also start with both an executable program and a core file specified:
gdb program core
You can, instead, specify a process ID as a second argument, if you want to debug a running process:
gdb program 1234
would attach gdb to process 1234
(unless you also have a file
named 1234; gdb does check for a core file first).
Taking advantage of the second command-line argument requires a fairly complete operating system; when you use gdb as a remote debugger attached to a bare board, there may not be any notion of “process”, and there is often no way to get a core dump. gdb will warn you if it is unable to attach or to read core dumps.
You can optionally have gdb
pass any arguments after the
executable file to the inferior using --args
. This option stops
option processing.
gdb --args gcc -O2 -c foo.c
This will cause gdb
to debug gcc
, and to set
gcc
's command-line arguments (see Arguments) to ‘-O2 -c foo.c’.
You can run gdb
without printing the front material, which describes
gdb's non-warranty, by specifying --silent
(or -q
/--quiet
):
gdb --silent
You can further control how gdb starts up by using command-line options. gdb itself can remind you of the options available.
Type
gdb -help
to display all available options and briefly describe their use (‘gdb -h’ is a shorter equivalent).
All options and command line arguments you give are processed in sequential order. The order makes a difference when the ‘-x’ option is used.
When gdb starts, it reads any arguments other than options as specifying an executable file and core file (or process ID). This is the same as if the arguments were specified by the ‘-se’ and ‘-c’ (or ‘-p’) options respectively. (gdb reads the first argument that does not have an associated option flag as equivalent to the ‘-se’ option followed by that argument; and the second argument that does not have an associated option flag, if any, as equivalent to the ‘-c’/‘-p’ option followed by that argument.) If the second argument begins with a decimal digit, gdb will first attempt to attach to it as a process, and if that fails, attempt to open it as a corefile. If you have a corefile whose name begins with a digit, you can prevent gdb from treating it as a pid by prefixing it with ./, e.g. ./12345.
If gdb has not been configured to included core file support, such as for most embedded targets, then it will complain about a second argument and ignore it.
Many options have both long and short forms; both are shown in the following list. gdb also recognizes the long forms if you truncate them, so long as enough of the option is present to be unambiguous. (If you prefer, you can flag option arguments with ‘--’ rather than ‘-’, though we illustrate the more usual convention.)
-symbols
file-s
file-exec
file-e
file-se
file-core
file-c
file-pid
number-p
numberattach
command.
-command
file-x
filesource
command would.
See Command files.
-eval-command
command-ex
commandThis option may be used multiple times to call multiple commands. It may also be interleaved with ‘-command’ as required.
gdb -ex 'target sim' -ex 'load' \ -x setbreakpoints -ex 'run' a.out
-init-command
file-ix
file-init-eval-command
command-iex
command-directory
directory-d
directory-r
-readnow
--readnever
You can run gdb in various alternative modes—for example, in batch mode or quiet mode.
-nx
-n
--with-system-gdbinit
configure option (see System-wide configuration).
It is loaded first when gdb starts, before command line options
have been processed.
-x
and
-ex
have been processed. Command line options -x
and
-ex
are processed last, after ./.gdbinit has been loaded.
For further documentation on startup processing, See Startup. For documentation on how to write command files, See Command Files.
-nh
-quiet
-silent
-q
-batch
0
after processing all the
command files specified with ‘-x’ (and all commands from
initialization files, if not inhibited with ‘-n’). Exit with
nonzero status if an error occurs in executing the gdb commands
in the command files. Batch mode also disables pagination, sets unlimited
terminal width and height see Screen Size, and acts as if set confirm
off were in effect (see Messages/Warnings).
Batch mode may be useful for running gdb as a filter, for example to download and run a program on another computer; in order to make this more useful, the message
Program exited normally.
(which is ordinarily issued whenever a program running under
gdb control terminates) is not issued when running in batch
mode.
-batch-silent
stdout
is prevented (stderr
is
unaffected). This is much quieter than ‘-silent’ and would be useless
for an interactive session.
This is particularly useful when using targets that give ‘Loading section’ messages, for example.
Note that targets that give their output via gdb, as opposed to
writing directly to stdout
, will also be made silent.
-return-child-result
This option is useful in conjunction with ‘-batch’ or ‘-batch-silent’,
when gdb is being used as a remote program loader or simulator
interface.
-nowindows
-nw
-windows
-w
-cd
directory-data-directory
directory-D
directory-fullname
-f
-annotate
levelThe annotation mechanism has largely been superseded by gdb/mi
(see GDB/MI).
--args
-baud
bps-b
bps-l
timeout-tty
device-t
device-tui
-interpreter
interp‘--interpreter=mi’ (or ‘--interpreter=mi2’) causes
gdb to use the gdb/mi interface (see The gdb/mi Interface) included since gdb version 6.0. The
previous gdb/mi interface, included in gdb version 5.3 and
selected with ‘--interpreter=mi1’, is deprecated. Earlier
gdb/mi interfaces are no longer supported.
-write
-statistics
-version
-configuration
Here's the description of what gdb does during session startup:
If you wish to disable the auto-loading during startup, you must do something like the following:
$ gdb -iex "set auto-load python-scripts off" myprogram
Option ‘-ex’ does not work because the auto-loading is then turned off too late.
Init files use the same syntax as command files (see Command Files) and are processed by gdb in the same way. The init file in your home directory can set options (such as ‘set complaints’) that affect subsequent processing of command line options and operands. Init files are not executed if you use the ‘-nx’ option (see Choosing Modes).
To display the list of init files loaded by gdb at startup, you can use gdb --help.
The gdb init files are normally called .gdbinit. The DJGPP port of gdb uses the name gdb.ini, due to the limitations of file names imposed by DOS filesystems. The Windows port of gdb uses the standard name, but if it finds a gdb.ini file in your home directory, it warns you about that and suggests to rename the file to the standard name.
quit
[expression]q
quit
command (abbreviated
q
), or type an end-of-file character (usually Ctrl-d). If you
do not supply expression, gdb will terminate normally;
otherwise it will terminate using the result of expression as the
error code.
An interrupt (often Ctrl-c) does not exit from gdb, but rather terminates the action of any gdb command that is in progress and returns to gdb command level. It is safe to type the interrupt character at any time because gdb does not allow it to take effect until a time when it is safe.
If you have been using gdb to control an attached process or
device, you can release it with the detach
command
(see Debugging an Already-running Process).
If you need to execute occasional shell commands during your
debugging session, there is no need to leave or suspend gdb; you can
just use the shell
command.
shell
command-string!
command-string!
and command-string.
If it exists, the environment variable SHELL
determines which
shell to run. Otherwise gdb uses the default shell
(/bin/sh on Unix systems, COMMAND.COM on MS-DOS, etc.).
The utility make
is often needed in development environments.
You do not have to use the shell
command for this purpose in
gdb:
make
make-argsmake
program with the specified
arguments. This is equivalent to ‘shell make make-args’.
You may want to save the output of gdb commands to a file. There are several commands to control gdb's logging.
set logging on
set logging off
set logging file
fileset logging overwrite [on|off]
overwrite
if
you want set logging on
to overwrite the logfile instead.
set logging redirect [on|off]
redirect
if you want output to go only to the log file.
show logging
You can abbreviate a gdb command to the first few letters of the command name, if that abbreviation is unambiguous; and you can repeat certain gdb commands by typing just <RET>. You can also use the <TAB> key to get gdb to fill out the rest of a word in a command (or to show you the alternatives available, if there is more than one possibility).
A gdb command is a single line of input. There is no limit on
how long it can be. It starts with a command name, which is followed by
arguments whose meaning depends on the command name. For example, the
command step
accepts an argument which is the number of times to
step, as in ‘step 5’. You can also use the step
command
with no arguments. Some commands do not allow any arguments.
gdb command names may always be truncated if that abbreviation is
unambiguous. Other possible command abbreviations are listed in the
documentation for individual commands. In some cases, even ambiguous
abbreviations are allowed; for example, s
is specially defined as
equivalent to step
even though there are other commands whose
names start with s
. You can test abbreviations by using them as
arguments to the help
command.
A blank line as input to gdb (typing just <RET>) means to
repeat the previous command. Certain commands (for example, run
)
will not repeat this way; these are commands whose unintentional
repetition might cause trouble and which you are unlikely to want to
repeat. User-defined commands can disable this feature; see
dont-repeat.
The list
and x
commands, when you repeat them with
<RET>, construct new arguments rather than repeating
exactly as typed. This permits easy scanning of source or memory.
gdb can also use <RET> in another way: to partition lengthy
output, in a way similar to the common utility more
(see Screen Size). Since it is easy to press one
<RET> too many in this situation, gdb disables command
repetition after any command that generates this sort of display.
Any text from a # to the end of the line is a comment; it does nothing. This is useful mainly in command files (see Command Files).
The Ctrl-o binding is useful for repeating a complex sequence of commands. This command accepts the current line, like <RET>, and then fetches the next line relative to the current line from the history for editing.
gdb can fill in the rest of a word in a command for you, if there is only one possibility; it can also show you what the valid possibilities are for the next word in a command, at any time. This works for gdb commands, gdb subcommands, and the names of symbols in your program.
Press the <TAB> key whenever you want gdb to fill out the rest of a word. If there is only one possibility, gdb fills in the word, and waits for you to finish the command (or press <RET> to enter it). For example, if you type
(gdb) info bre <TAB>
gdb fills in the rest of the word ‘breakpoints’, since that is
the only info
subcommand beginning with ‘bre’:
(gdb) info breakpoints
You can either press <RET> at this point, to run the info
breakpoints
command, or backspace and enter something else, if
‘breakpoints’ does not look like the command you expected. (If you
were sure you wanted info breakpoints
in the first place, you
might as well just type <RET> immediately after ‘info bre’,
to exploit command abbreviations rather than command completion).
If there is more than one possibility for the next word when you press <TAB>, gdb sounds a bell. You can either supply more characters and try again, or just press <TAB> a second time; gdb displays all the possible completions for that word. For example, you might want to set a breakpoint on a subroutine whose name begins with ‘make_’, but when you type b make_<TAB> gdb just sounds the bell. Typing <TAB> again displays all the function names in your program that begin with those characters, for example:
(gdb) b make_ <TAB>
gdb sounds bell; press <TAB> again, to see:
make_a_section_from_file make_environ make_abs_section make_function_type make_blockvector make_pointer_type make_cleanup make_reference_type make_command make_symbol_completion_list (gdb) b make_
After displaying the available possibilities, gdb copies your partial input (‘b make_’ in the example) so you can finish the command.
If you just want to see the list of alternatives in the first place, you can press M-? rather than pressing <TAB> twice. M-? means <META> ?. You can type this either by holding down a key designated as the <META> shift on your keyboard (if there is one) while typing ?, or as <ESC> followed by ?.
If the number of possible completions is large, gdb will print as much of the list as it has collected, as well as a message indicating that the list may be truncated.
(gdb) b m<TAB><TAB> main <... the rest of the possible completions ...> *** List may be truncated, max-completions reached. *** (gdb) b m
This behavior can be controlled with the following commands:
set max-completions
limitset max-completions unlimited
show max-completions
Sometimes the string you need, while logically a “word”, may contain
parentheses or other characters that gdb normally excludes from
its notion of a word. To permit word completion to work in this
situation, you may enclose words in '
(single quote marks) in
gdb commands.
A likely situation where you might need this is in typing an expression that involves a C++ symbol name with template parameters. This is because when completing expressions, GDB treats the ‘<’ character as word delimiter, assuming that it's the less-than comparison operator (see C and C++ Operators).
For example, when you want to call a C++ template function
interactively using the print
or call
commands, you may
need to distinguish whether you mean the version of name
that
was specialized for int
, name<int>()
, or the version
that was specialized for float
, name<float>()
. To use
the word-completion facilities in this situation, type a single quote
'
at the beginning of the function name. This alerts
gdb that it may need to consider more information than usual
when you press <TAB> or M-? to request word completion:
(gdb) p 'func< M-? func<int>() func<float>() (gdb) p 'func<
When setting breakpoints however (see Specify Location), you don't usually need to type a quote before the function name, because gdb understands that you want to set a breakpoint on a function:
(gdb) b func< M-? func<int>() func<float>() (gdb) b func<
This is true even in the case of typing the name of C++ overloaded
functions (multiple definitions of the same function, distinguished by
argument type). For example, when you want to set a breakpoint you
don't need to distinguish whether you mean the version of name
that takes an int
parameter, name(int)
, or the version
that takes a float
parameter, name(float)
.
(gdb) b bubble( M-? bubble(int) bubble(double) (gdb) b bubble(dou M-? bubble(double)
See quoting names for a description of other scenarios that require quoting.
For more information about overloaded functions, see C++ Expressions. You can use the command set
overload-resolution off
to disable overload resolution;
see gdb Features for C++.
When completing in an expression which looks up a field in a structure, gdb also tries2 to limit completions to the field names available in the type of the left-hand-side:
(gdb) p gdb_stdout.M-? magic to_fputs to_rewind to_data to_isatty to_write to_delete to_put to_write_async_safe to_flush to_read
This is because the gdb_stdout
is a variable of the type
struct ui_file
that is defined in gdb sources as
follows:
struct ui_file { int *magic; ui_file_flush_ftype *to_flush; ui_file_write_ftype *to_write; ui_file_write_async_safe_ftype *to_write_async_safe; ui_file_fputs_ftype *to_fputs; ui_file_read_ftype *to_read; ui_file_delete_ftype *to_delete; ui_file_isatty_ftype *to_isatty; ui_file_rewind_ftype *to_rewind; ui_file_put_ftype *to_put; void *to_data; }
You can always ask gdb itself for information on its commands,
using the command help
.
help
h
help
(abbreviated h
) with no arguments to
display a short list of named classes of commands:
(gdb) help List of classes of commands: aliases -- Aliases of other commands breakpoints -- Making program stop at certain points data -- Examining data files -- Specifying and examining files internals -- Maintenance commands obscure -- Obscure features running -- Running the program stack -- Examining the stack status -- Status inquiries support -- Support facilities tracepoints -- Tracing of program execution without stopping the program user-defined -- User-defined commands Type "help" followed by a class name for a list of commands in that class. Type "help" followed by command name for full documentation. Command name abbreviations are allowed if unambiguous. (gdb)
help
classstatus
:
(gdb) help status Status inquiries. List of commands: info -- Generic command for showing things about the program being debugged show -- Generic command for showing things about the debugger Type "help" followed by command name for full documentation. Command name abbreviations are allowed if unambiguous. (gdb)
help
commandhelp
argument, gdb displays a
short paragraph on how to use that command.
apropos
argsapropos
command searches through all of the gdb
commands, and their documentation, for the regular expression specified in
args. It prints out all matches found. For example:
apropos alias
results in:
alias -- Define a new command that is an alias of an existing command aliases -- Aliases of other commands d -- Delete some breakpoints or auto-display expressions del -- Delete some breakpoints or auto-display expressions delete -- Delete some breakpoints or auto-display expressions
complete
argscomplete
args command lists all the possible completions
for the beginning of a command. Use args to specify the beginning of the
command you want completed. For example:
complete i
results in:
if ignore info inspect
This is intended for use by gnu Emacs.
In addition to help
, you can use the gdb commands info
and show
to inquire about the state of your program, or the state
of gdb itself. Each command supports many topics of inquiry; this
manual introduces each of them in the appropriate context. The listings
under info
and under show
in the Command, Variable, and
Function Index point to all the sub-commands. See Command and Variable Index.
info
i
) is for describing the state of your
program. For example, you can show the arguments passed to a function
with info args
, list the registers currently in use with info
registers
, or list the breakpoints you have set with info breakpoints
.
You can get a complete list of the info
sub-commands with
help info
.
set
set
. For example, you can set the gdb prompt to a $-sign with
set prompt $
.
show
info
, show
is for describing the state of
gdb itself.
You can change most of the things you can show
, by using the
related command set
; for example, you can control what number
system is used for displays with set radix
, or simply inquire
which is currently in use with show radix
.
To display all the settable parameters and their current
values, you can use show
with no arguments; you may also use
info set
. Both commands produce the same display.
Here are several miscellaneous show
subcommands, all of which are
exceptional in lacking corresponding set
commands:
show version
show copying
info copying
show warranty
info warranty
show configuration
When you run a program under gdb, you must first generate debugging information when you compile it.
You may start gdb with its arguments, if any, in an environment of your choice. If you are doing native debugging, you may redirect your program's input and output, debug an already running process, or kill a child process.
In order to debug a program effectively, you need to generate debugging information when you compile it. This debugging information is stored in the object file; it describes the data type of each variable or function and the correspondence between source line numbers and addresses in the executable code.
To request debugging information, specify the ‘-g’ option when you run the compiler.
Programs that are to be shipped to your customers are compiled with optimizations, using the ‘-O’ compiler option. However, some compilers are unable to handle the ‘-g’ and ‘-O’ options together. Using those compilers, you cannot generate optimized executables containing debugging information.
gcc, the gnu C/C++ compiler, supports ‘-g’ with or without ‘-O’, making it possible to debug optimized code. We recommend that you always use ‘-g’ whenever you compile a program. You may think your program is correct, but there is no sense in pushing your luck. For more information, see Optimized Code.
Older versions of the gnu C compiler permitted a variant option ‘-gg’ for debugging information. gdb no longer supports this format; if your gnu C compiler has this option, do not use it.
gdb knows about preprocessor macros and can show you their expansion (see Macros). Most compilers do not include information about preprocessor macros in the debugging information if you specify the -g flag alone. Version 3.1 and later of gcc, the gnu C compiler, provides macro information if you are using the DWARF debugging format, and specify the option -g3.
See Options for Debugging Your Program or GCC, for more information on gcc options affecting debug information.
You will have the best debugging experience if you use the latest version of the DWARF debugging format that your compiler supports. DWARF is currently the most expressive and best supported debugging format in gdb.
run
r
run
command to start your program under gdb.
You must first specify the program name with an argument to
gdb (see Getting In and Out of gdb), or by using the file
or exec-file
command (see Commands to Specify Files).
If you are running your program in an execution environment that
supports processes, run
creates an inferior process and makes
that process run your program. In some environments without processes,
run
jumps to the start of your program. Other targets,
like ‘remote’, are always running. If you get an error
message like this one:
The "remote" target does not support "run". Try "help target" or "continue".
then use continue
to run your program. You may need load
first (see load).
The execution of a program is affected by certain information it receives from its superior. gdb provides ways to specify this information, which you must do before starting your program. (You can change it after starting your program, but such changes only affect your program the next time you start it.) This information may be divided into four categories:
run
command. If a shell is available on your target, the shell
is used to pass the arguments, so that you may use normal conventions
(such as wildcard expansion or variable substitution) in describing
the arguments.
In Unix systems, you can control which shell is used with the
SHELL
environment variable. If you do not define SHELL
,
gdb uses the default shell (/bin/sh). You can disable
use of any shell with the set startup-with-shell
command (see
below for details).
set environment
and unset
environment
to change parts of the environment that affect
your program. See Your Program's Environment.
run
command line, or you can use the tty
command to
set a different device for your program.
See Your Program's Input and Output.
Warning: While input and output redirection work, you cannot use pipes to pass the output of the program you are debugging to another program; if you attempt this, gdb is likely to wind up debugging the wrong program.
When you issue the run
command, your program begins to execute
immediately. See Stopping and Continuing, for discussion
of how to arrange for your program to stop. Once your program has
stopped, you may call functions in your program, using the print
or call
commands. See Examining Data.
If the modification time of your symbol file has changed since the last time gdb read its symbols, gdb discards its symbol table, and reads it again. When it does this, gdb tries to retain your current breakpoints.
start
main
, but
other languages such as Ada do not require a specific name for their
main procedure. The debugger provides a convenient way to start the
execution of the program and to stop at the beginning of the main
procedure, depending on the language used.
The ‘start’ command does the equivalent of setting a temporary breakpoint at the beginning of the main procedure and then invoking the ‘run’ command.
Some programs contain an elaboration phase where some startup code is
executed before the main procedure is called. This depends on the
languages used to write your program. In C++, for instance,
constructors for static and global objects are executed before
main
is called. It is therefore possible that the debugger stops
before reaching the main procedure. However, the temporary breakpoint
will remain to halt execution.
Specify the arguments to give to your program as arguments to the ‘start’ command. These arguments will be given verbatim to the underlying ‘run’ command. Note that the same arguments will be reused if no argument is provided during subsequent calls to ‘start’ or ‘run’.
It is sometimes necessary to debug the program during elaboration. In
these cases, using the start
command would stop the execution
of your program too late, as the program would have already completed
the elaboration phase. Under these circumstances, either insert
breakpoints in your elaboration code before running your program or
use the starti
command.
starti
starti
command will stop execution at
the start of the elaboration phase.
set exec-wrapper
wrappershow exec-wrapper
unset exec-wrapper
You can use any program that eventually calls execve
with
its arguments as a wrapper. Several standard Unix utilities do
this, e.g. env
and nohup
. Any Unix shell script ending
with exec "$@"
will also work.
For example, you can use env
to pass an environment variable to
the debugged program, without setting the variable in your shell's
environment:
(gdb) set exec-wrapper env 'LD_PRELOAD=libtest.so' (gdb) run
This command is available when debugging locally on most targets, excluding djgpp, Cygwin, MS Windows, and QNX Neutrino.
set startup-with-shell
set startup-with-shell on
set startup-with-shell off
show startup-with-shell
run
command are passed to the shell, which does variable
substitution, expands wildcard characters and performs redirection of
I/O. In some circumstances, it may be useful to disable such use of a
shell, for example, when debugging the shell itself or diagnosing
startup failures such as:
(gdb) run Starting program: ./a.out During startup program terminated with signal SIGSEGV, Segmentation fault.
which indicates the shell or the wrapper specified with ‘exec-wrapper’ crashed, not your program. Most often, this is caused by something odd in your shell's non-interactive mode initialization file—such as .cshrc for C-shell, $.zshenv for the Z shell, or the file specified in the ‘BASH_ENV’ environment variable for BASH.
set auto-connect-native-target
set auto-connect-native-target on
set auto-connect-native-target off
show auto-connect-native-target
target remote
), the run
command starts your program as a
native process under gdb, on your local machine. If you're
sure you don't want to debug programs on your local machine, you can
tell gdb to not connect to the native target automatically
with the set auto-connect-native-target off
command.
If on
, which is the default, and if gdb is not
connected to a target already, the run
command automaticaly
connects to the native target, if one is available.
If off
, and if gdb is not connected to a target
already, the run
command fails with an error:
(gdb) run Don't know how to run. Try "help target".
If gdb is already connected to a target, gdb always
uses it with the run
command.
In any case, you can explicitly connect to the native target with the
target native
command. For example,
(gdb) set auto-connect-native-target off (gdb) run Don't know how to run. Try "help target". (gdb) target native (gdb) run Starting program: ./a.out [Inferior 1 (process 10421) exited normally]
In case you connected explicitly to the native
target,
gdb remains connected even if all inferiors exit, ready for
the next run
command. Use the disconnect
command to
disconnect.
Examples of other commands that likewise respect the
auto-connect-native-target
setting: attach
, info
proc
, info os
.
set disable-randomization
set disable-randomization on
This feature is implemented only on certain targets, including gnu/Linux. On gnu/Linux you can get the same behavior using
(gdb) set exec-wrapper setarch `uname -m` -R
set disable-randomization off
On targets where it is available, virtual address space randomization protects the programs against certain kinds of security attacks. In these cases the attacker needs to know the exact location of a concrete executable code. Randomizing its location makes it impossible to inject jumps misusing a code at its expected addresses.
Prelinking shared libraries provides a startup performance advantage but it makes addresses in these libraries predictable for privileged processes by having just unprivileged access at the target system. Reading the shared library binary gives enough information for assembling the malicious code misusing it. Still even a prelinked shared library can get loaded at a new random address just requiring the regular relocation process during the startup. Shared libraries not already prelinked are always loaded at a randomly chosen address.
Position independent executables (PIE) contain position independent code similar to the shared libraries and therefore such executables get loaded at a randomly chosen address upon startup. PIE executables always load even already prelinked shared libraries at a random address. You can build such executable using gcc -fPIE -pie.
Heap (malloc storage), stack and custom mmap areas are always placed randomly
(as long as the randomization is enabled).
show disable-randomization
The arguments to your program can be specified by the arguments of the
run
command.
They are passed to a shell, which expands wildcard characters and
performs redirection of I/O, and thence to your program. Your
SHELL
environment variable (if it exists) specifies what shell
gdb uses. If you do not define SHELL
, gdb uses
the default shell (/bin/sh on Unix).
On non-Unix systems, the program is usually invoked directly by gdb, which emulates I/O redirection via the appropriate system calls, and the wildcard characters are expanded by the startup code of the program, not by the shell.
run
with no arguments uses the same arguments used by the previous
run
, or those set by the set args
command.
set args
set args
has no arguments, run
executes your program
with no arguments. Once you have run your program with arguments,
using set args
before the next run
is the only way to run
it again without arguments.
show args
The environment consists of a set of environment variables and their values. Environment variables conventionally record such things as your user name, your home directory, your terminal type, and your search path for programs to run. Usually you set up environment variables with the shell and they are inherited by all the other programs you run. When debugging, it can be useful to try running your program with a modified environment without having to start gdb over again.
path
directoryPATH
environment variable
(the search path for executables) that will be passed to your program.
The value of PATH
used by gdb does not change.
You may specify several directory names, separated by whitespace or by a
system-dependent separator character (‘:’ on Unix, ‘;’ on
MS-DOS and MS-Windows). If directory is already in the path, it
is moved to the front, so it is searched sooner.
You can use the string ‘$cwd’ to refer to whatever is the current
working directory at the time gdb searches the path. If you
use ‘.’ instead, it refers to the directory where you executed the
path
command. gdb replaces ‘.’ in the
directory argument (with the current path) before adding
directory to the search path.
show paths
PATH
environment variable).
show environment
[varname]environment
as env
.
set environment
varname [=
value]For example, this command:
set env USER = foo
tells the debugged program, when subsequently run, that its user is named ‘foo’. (The spaces around ‘=’ are used for clarity here; they are not actually required.)
Note that on Unix systems, gdb runs your program via a shell,
which also inherits the environment set with set environment
.
If necessary, you can avoid that by using the ‘env’ program as a
wrapper instead of using set environment
. See set exec-wrapper, for an example doing just that.
Environment variables that are set by the user are also transmitted to gdbserver to be used when starting the remote inferior. see QEnvironmentHexEncoded.
unset environment
varnameunset environment
removes the variable from the environment,
rather than assigning it an empty value.
Environment variables that are unset by the user are also unset on gdbserver when starting the remote inferior. see QEnvironmentUnset.
Warning: On Unix systems, gdb runs your program using
the shell indicated by your SHELL
environment variable if it
exists (or /bin/sh
if not). If your SHELL
variable
names a shell that runs an initialization file when started
non-interactively—such as .cshrc for C-shell, $.zshenv
for the Z shell, or the file specified in the ‘BASH_ENV’
environment variable for BASH—any variables you set in that file
affect your program. You may wish to move setting of environment
variables to files that are only run when you sign on, such as
.login or .profile.
Each time you start your program with run
, the inferior will be
initialized with the current working directory specified by the
set cwd command. If no directory has been specified by this
command, then the inferior will inherit gdb's current working
directory as its working directory if native debugging, or it will
inherit the remote server's current working directory if remote
debugging.
set cwd
[directory]glob
-expanded in order to resolve tildes (~). If no
argument has been specified, the command clears the setting and resets
it to an empty state. This setting has no effect on gdb's
working directory, and it only takes effect the next time you start
the inferior. The ~ in directory is a short for the
home directory, usually pointed to by the HOME environment
variable. On MS-Windows, if HOME is not defined, gdb
uses the concatenation of HOMEDRIVE and HOMEPATH as
fallback.
You can also change gdb's current working directory by using
the cd
command.
See cd command.
show cwd
cd
[directory]The gdb working directory serves as a default for the commands that specify files for gdb to operate on. See Commands to Specify Files. See set cwd command.
pwd
It is generally impossible to find the current working directory of
the process being debugged (since a program can change its directory
during its run). If you work on a system where gdb supports
the info proc
command (see Process Information), you can
use the info proc
command to find out the
current working directory of the debuggee.
By default, the program you run under gdb does input and output to the same terminal that gdb uses. gdb switches the terminal to its own terminal modes to interact with you, but it records the terminal modes your program was using and switches back to them when you continue running your program.
info terminal
You can redirect your program's input and/or output using shell
redirection with the run
command. For example,
run > outfile
starts your program, diverting its output to the file outfile.
Another way to specify where your program should do input and output is
with the tty
command. This command accepts a file name as
argument, and causes this file to be the default for future run
commands. It also resets the controlling terminal for the child
process, for future run
commands. For example,
tty /dev/ttyb
directs that processes started with subsequent run
commands
default to do input and output on the terminal /dev/ttyb and have
that as their controlling terminal.
An explicit redirection in run
overrides the tty
command's
effect on the input/output device, but not its effect on the controlling
terminal.
When you use the tty
command or redirect input in the run
command, only the input for your program is affected. The input
for gdb still comes from your terminal. tty
is an alias
for set inferior-tty
.
You can use the show inferior-tty
command to tell gdb to
display the name of the terminal that will be used for future runs of your
program.
set inferior-tty [
tty ]
show inferior-tty
attach
process-idinfo files
shows your active
targets.) The command takes as argument a process ID. The usual way to
find out the process-id of a Unix process is with the ps
utility,
or with the ‘jobs -l’ shell command.
attach
does not repeat if you press <RET> a second time after
executing the command.
To use attach
, your program must be running in an environment
which supports processes; for example, attach
does not work for
programs on bare-board targets that lack an operating system. You must
also have permission to send the process a signal.
When you use attach
, the debugger finds the program running in
the process first by looking in the current working directory, then (if
the program is not found) by using the source file search path
(see Specifying Source Directories). You can also use
the file
command to load the program. See Commands to Specify Files.
The first thing gdb does after arranging to debug the specified
process is to stop it. You can examine and modify an attached process
with all the gdb commands that are ordinarily available when
you start processes with run
. You can insert breakpoints; you
can step and continue; you can modify storage. If you would rather the
process continue running, you may use the continue
command after
attaching gdb to the process.
detach
detach
command to release it from gdb control. Detaching
the process continues its execution. After the detach
command,
that process and gdb become completely independent once more, and you
are ready to attach
another process or start one with run
.
detach
does not repeat if you press <RET> again after
executing the command.
If you exit gdb while you have an attached process, you detach
that process. If you use the run
command, you kill that process.
By default, gdb asks for confirmation if you try to do either of these
things; you can control whether or not you need to confirm by using the
set confirm
command (see Optional Warnings and Messages).
kill
This command is useful if you wish to debug a core dump instead of a running process. gdb ignores any core dump file while your program is running.
On some operating systems, a program cannot be executed outside gdb
while you have breakpoints set on it inside gdb. You can use the
kill
command in this situation to permit running your program
outside the debugger.
The kill
command is also useful if you wish to recompile and
relink your program, since on many systems it is impossible to modify an
executable file while it is running in a process. In this case, when you
next type run
, gdb notices that the file has changed, and
reads the symbol table again (while trying to preserve your current
breakpoint settings).
gdb lets you run and debug multiple programs in a single session. In addition, gdb on some systems may let you run several programs simultaneously (otherwise you have to exit from one before starting another). In the most general case, you can have multiple threads of execution in each of multiple processes, launched from multiple executables.
gdb represents the state of each program execution with an object called an inferior. An inferior typically corresponds to a process, but is more general and applies also to targets that do not have processes. Inferiors may be created before a process runs, and may be retained after a process exits. Inferiors have unique identifiers that are different from process ids. Usually each inferior will also have its own distinct address space, although some embedded targets may have several inferiors running in different parts of a single address space. Each inferior may in turn have multiple threads running in it.
To find out what inferiors exist at any moment, use info inferiors
:
info inferiors
gdb displays for each inferior (in this order):
An asterisk ‘*’ preceding the gdb inferior number indicates the current inferior.
For example,
(gdb) info inferiors Num Description Executable 2 process 2307 hello * 1 process 3401 goodbye
To switch focus between inferiors, use the inferior
command:
inferior
infnoThe debugger convenience variable ‘$_inferior’ contains the number of the current inferior. You may find this useful in writing breakpoint conditional expressions, command scripts, and so forth. See Convenience Variables, for general information on convenience variables.
You can get multiple executables into a debugging session via the
add-inferior
and clone-inferior
commands. On some
systems gdb can add inferiors to the debug session
automatically by following calls to fork
and exec
. To
remove inferiors from the debugging session use the
remove-inferiors
command.
add-inferior [ -copies
n ] [ -exec
executable ]
file
command with the executable name as its argument.
clone-inferior [ -copies
n ] [
infno ]
(gdb) info inferiors Num Description Executable * 1 process 29964 helloworld (gdb) clone-inferior Added inferior 2. 1 inferiors added. (gdb) info inferiors Num Description Executable 2 <null> helloworld * 1 process 29964 helloworld
You can now simply switch focus to inferior 2 and run it.
remove-inferiors
infno...
kill
or detach
command first.
To quit debugging one of the running inferiors that is not the current
inferior, you can either detach from it by using the detach inferior
command (allowing it to run independently), or kill it
using the kill inferiors
command:
detach inferior
infno...
info inferiors
,
but its Description will show ‘<null>’.
kill inferiors
infno...
info inferiors
, but its
Description will show ‘<null>’.
After the successful completion of a command such as detach
,
detach inferiors
, kill
or kill inferiors
, or after
a normal process exit, the inferior is still valid and listed with
info inferiors
, ready to be restarted.
To be notified when inferiors are started or exit under gdb's
control use set print inferior-events
:
set print inferior-events
set print inferior-events on
set print inferior-events off
set print inferior-events
command allows you to enable or
disable printing of messages when gdb notices that new
inferiors have started or that inferiors have exited or have been
detached. By default, these messages will not be printed.
show print inferior-events
Many commands will work the same with multiple programs as with a
single program: e.g., print myglobal
will simply display the
value of myglobal
in the current inferior.
Occasionaly, when debugging gdb itself, it may be useful to
get more info about the relationship of inferiors, programs, address
spaces in a debug session. You can do that with the maint info program-spaces
command.
maint info program-spaces
gdb displays for each program space (in this order):
file
command.
An asterisk ‘*’ preceding the gdb program space number indicates the current program space.
In addition, below each program space line, gdb prints extra information that isn't suitable to display in tabular form. For example, the list of inferiors bound to the program space.
(gdb) maint info program-spaces Id Executable * 1 hello 2 goodbye Bound inferiors: ID 1 (process 21561)
Here we can see that no inferior is running the program hello
,
while process 21561
is running the program goodbye
. On
some targets, it is possible that multiple inferiors are bound to the
same program space. The most common example is that of debugging both
the parent and child processes of a vfork
call. For example,
(gdb) maint info program-spaces Id Executable * 1 vfork-test Bound inferiors: ID 2 (process 18050), ID 1 (process 18045)
Here, both inferior 2 and inferior 1 are running in the same program
space as a result of inferior 1 having executed a vfork
call.
In some operating systems, such as GNU/Linux and Solaris, a single program may have more than one thread of execution. The precise semantics of threads differ from one operating system to another, but in general the threads of a single program are akin to multiple processes—except that they share one address space (that is, they can all examine and modify the same variables). On the other hand, each thread has its own registers and execution stack, and perhaps private memory.
gdb provides these facilities for debugging multi-thread programs:
libthread_db
to use if the default choice
isn't compatible with the program.
The gdb thread debugging facility allows you to observe all threads while your program runs—but whenever gdb takes control, one thread in particular is always the focus of debugging. This thread is called the current thread. Debugging commands show program information from the perspective of the current thread.
Whenever gdb detects a new thread in your program, it displays the target system's identification for the thread with a message in the form ‘[New systag]’, where systag is a thread identifier whose form varies depending on the particular system. For example, on gnu/Linux, you might see
[New Thread 0x41e02940 (LWP 25582)]
when gdb notices a new thread. In contrast, on other systems, the systag is simply something like ‘process 368’, with no further qualifier.
For debugging purposes, gdb associates its own thread number —always a single integer—with each thread of an inferior. This number is unique between all threads of an inferior, but not unique between threads of different inferiors.
You can refer to a given thread in an inferior using the qualified
inferior-num.thread-num syntax, also known as
qualified thread ID, with inferior-num being the inferior
number and thread-num being the thread number of the given
inferior. For example, thread 2.3
refers to thread number 3 of
inferior 2. If you omit inferior-num (e.g., thread 3
),
then gdb infers you're referring to a thread of the current
inferior.
Until you create a second inferior, gdb does not show the inferior-num part of thread IDs, even though you can always use the full inferior-num.thread-num form to refer to threads of inferior 1, the initial inferior.
Some commands accept a space-separated thread ID list as argument. A list element can be:
*
(e.g.,
‘1.*’) or *
. The former refers to all threads of the
given inferior, and the latter form without an inferior qualifier
refers to all threads of the current inferior.
For example, if the current inferior is 1, and inferior 7 has one thread with ID 7.1, the thread list ‘1 2-3 4.5 6.7-9 7.*’ includes threads 1 to 3 of inferior 1, thread 5 of inferior 4, threads 7 to 9 of inferior 6 and all threads of inferior 7. That is, in expanded qualified form, the same as ‘1.1 1.2 1.3 4.5 6.7 6.8 6.9 7.1’.
In addition to a per-inferior number, each thread is also assigned a unique global number, also known as global thread ID, a single integer. Unlike the thread number component of the thread ID, no two threads have the same global ID, even when you're debugging multiple inferiors.
From gdb's perspective, a process always has at least one thread. In other words, gdb assigns a thread number to the program's “main thread” even if the program is not multi-threaded.
The debugger convenience variables ‘$_thread’ and ‘$_gthread’ contain, respectively, the per-inferior thread number and the global thread number of the current thread. You may find this useful in writing breakpoint conditional expressions, command scripts, and so forth. See Convenience Variables, for general information on convenience variables.
If gdb detects the program is multi-threaded, it augments the usual message about stopping at a breakpoint with the ID and name of the thread that hit the breakpoint.
Thread 2 "client" hit Breakpoint 1, send_message () at client.c:68
Likewise when the program receives a signal:
Thread 1 "main" received signal SIGINT, Interrupt.
info threads
[thread-id-list]gdb displays for each thread (in this order):
thread name
, below), or, in some cases, by the
program itself.
An asterisk ‘*’ to the left of the gdb thread number indicates the current thread.
For example,
(gdb) info threads Id Target Id Frame * 1 process 35 thread 13 main (argc=1, argv=0x7ffffff8) 2 process 35 thread 23 0x34e5 in sigpause () 3 process 35 thread 27 0x34e5 in sigpause () at threadtest.c:68
If you're debugging multiple inferiors, gdb displays thread IDs using the qualified inferior-num.thread-num format. Otherwise, only thread-num is shown.
If you specify the ‘-gid’ option, gdb displays a column indicating each thread's global thread ID:
(gdb) info threads Id GId Target Id Frame 1.1 1 process 35 thread 13 main (argc=1, argv=0x7ffffff8) 1.2 3 process 35 thread 23 0x34e5 in sigpause () 1.3 4 process 35 thread 27 0x34e5 in sigpause () * 2.1 2 process 65 thread 1 main (argc=1, argv=0x7ffffff8)
On Solaris, you can display more information about user threads with a Solaris-specific command:
maint info sol-threads
thread
thread-idgdb responds by displaying the system identifier of the thread you selected, and its current stack frame summary:
(gdb) thread 2 [Switching to thread 2 (Thread 0xb7fdab70 (LWP 12747))] #0 some_function (ignore=0x0) at example.c:8 8 printf ("hello\n");
As with the ‘[New ...]’ message, the form of the text after ‘Switching to’ depends on your system's conventions for identifying threads.
thread apply [
thread-id-list | all [-ascending]] [
flag]...
commandthread apply
command allows you to apply the named
command to one or more threads. Specify the threads that you
want affected using the thread ID list syntax (see thread ID lists), or specify all
to apply to all threads. To apply a
command to all threads in descending order, type thread apply all
command. To apply a command to all threads in ascending order,
type thread apply all -ascending command.
The flag arguments control what output to produce and how to handle
errors raised when applying command to a thread. flag
must start with a -
directly followed by one letter in
qcs
. If several flags are provided, they must be given
individually, such as -c -q
.
By default, gdb displays some thread information before the
output produced by command, and an error raised during the
execution of a command will abort thread apply
. The
following flags can be used to fine-tune this behavior:
-c
-c
, which stands for ‘continue’, causes any
errors in command to be displayed, and the execution of
thread apply
then continues.
-s
-s
, which stands for ‘silent’, causes any errors
or empty output produced by a command to be silently ignored.
That is, the execution continues, but the thread information and errors
are not printed.
-q
-q
(‘quiet’) disables printing the thread
information.
Flags -c
and -s
cannot be used together.
taas
commandthread apply all -s
command.
Applies command on all threads, ignoring errors and empty output.
tfaas
commandthread apply all -s frame apply all -s
command.
Applies command on all frames of all threads, ignoring errors
and empty output. Note that the flag -s
is specified twice:
The first -s
ensures that thread apply
only shows the thread
information of the threads for which frame apply
produces
some output. The second -s
is needed to ensure that frame
apply
shows the frame information of a frame only if the
command successfully produced some output.
It can for example be used to print a local variable or a function argument without knowing the thread or frame where this variable or argument is, using:
(gdb) tfaas p some_local_var_i_do_not_remember_where_it_is
thread name [
name]
On some systems, such as gnu/Linux, gdb is able to determine the name of the thread as given by the OS. On these systems, a name specified with ‘thread name’ will override the system-give name, and removing the user-specified name will cause gdb to once again display the system-specified name.
thread find [
regexp]
As well as being the complement to the ‘thread name’ command, this command also allows you to identify a thread by its target systag. For instance, on gnu/Linux, the target systag is the LWP id.
(gdb) thread find 26688 Thread 4 has target id 'Thread 0x41e02940 (LWP 26688)' (gdb) info thread 4 Id Target Id Frame 4 Thread 0x41e02940 (LWP 26688) 0x00000031ca6cd372 in select ()
set print thread-events
set print thread-events on
set print thread-events off
set print thread-events
command allows you to enable or
disable printing of messages when gdb notices that new threads have
started or that threads have exited. By default, these messages will
be printed if detection of these events is supported by the target.
Note that these messages cannot be disabled on all targets.
show print thread-events
See Stopping and Starting Multi-thread Programs, for more information about how gdb behaves when you stop and start programs with multiple threads.
See Setting Watchpoints, for information about watchpoints in programs with multiple threads.
set libthread-db-search-path
[path]libthread_db
.
If you omit path, ‘libthread-db-search-path’ will be reset to
its default value ($sdir:$pdir
on gnu/Linux and Solaris systems).
Internally, the default value comes from the LIBTHREAD_DB_SEARCH_PATH
macro.
On gnu/Linux and Solaris systems, gdb uses a “helper”
libthread_db
library to obtain information about threads in the
inferior process. gdb will use ‘libthread-db-search-path’
to find libthread_db
. gdb also consults first if inferior
specific thread debugging library loading is enabled
by ‘set auto-load libthread-db’ (see libthread_db.so.1 file).
A special entry ‘$sdir’ for ‘libthread-db-search-path’ refers to the default system directories that are normally searched for loading shared libraries. The ‘$sdir’ entry is the only kind not needing to be enabled by ‘set auto-load libthread-db’ (see libthread_db.so.1 file).
A special entry ‘$pdir’ for ‘libthread-db-search-path’
refers to the directory from which libpthread
was loaded in the inferior process.
For any libthread_db
library gdb finds in above directories,
gdb attempts to initialize it with the current inferior process.
If this initialization fails (which could happen because of a version
mismatch between libthread_db
and libpthread
), gdb
will unload libthread_db
, and continue with the next directory.
If none of libthread_db
libraries initialize successfully,
gdb will issue a warning and thread debugging will be disabled.
Setting libthread-db-search-path
is currently implemented
only on some platforms.
show libthread-db-search-path
set debug libthread-db
show debug libthread-db
libthread_db
-related events.
Use 1
to enable, 0
to disable.
On most systems, gdb has no special support for debugging
programs which create additional processes using the fork
function. When a program forks, gdb will continue to debug the
parent process and the child process will run unimpeded. If you have
set a breakpoint in any code which the child then executes, the child
will get a SIGTRAP
signal which (unless it catches the signal)
will cause it to terminate.
However, if you want to debug the child process there is a workaround
which isn't too painful. Put a call to sleep
in the code which
the child process executes after the fork. It may be useful to sleep
only if a certain environment variable is set, or a certain file exists,
so that the delay need not occur when you don't want to run gdb
on the child. While the child is sleeping, use the ps
program to
get its process ID. Then tell gdb (a new invocation of
gdb if you are also debugging the parent process) to attach to
the child process (see Attach). From that point on you can debug
the child process just like any other process which you attached to.
On some systems, gdb provides support for debugging programs
that create additional processes using the fork
or vfork
functions. On gnu/Linux platforms, this feature is supported
with kernel version 2.5.46 and later.
The fork debugging commands are supported in native mode and when
connected to gdbserver
in either target remote
mode or
target extended-remote
mode.
By default, when a program forks, gdb will continue to debug the parent process and the child process will run unimpeded.
If you want to follow the child process instead of the parent process,
use the command set follow-fork-mode
.
set follow-fork-mode
modefork
or
vfork
. A call to fork
or vfork
creates a new
process. The mode argument can be:
parent
child
show follow-fork-mode
fork
or vfork
call.
On Linux, if you want to debug both the parent and child processes, use the
command set detach-on-fork
.
set detach-on-fork
modeon
follow-fork-mode
) will be detached and allowed to run
independently. This is the default.
off
follow-fork-mode
) is debugged as usual, while the other
is held suspended.
show detach-on-fork
If you choose to set ‘detach-on-fork’ mode off, then gdb
will retain control of all forked processes (including nested forks).
You can list the forked processes under the control of gdb by
using the info inferiors
command, and switch from one fork
to another by using the inferior
command (see Debugging Multiple Inferiors and Programs).
To quit debugging one of the forked processes, you can either detach
from it by using the detach inferiors
command (allowing it
to run independently), or kill it using the kill inferiors
command. See Debugging Multiple Inferiors and Programs.
If you ask to debug a child process and a vfork
is followed by an
exec
, gdb executes the new target up to the first
breakpoint in the new target. If you have a breakpoint set on
main
in your original program, the breakpoint will also be set on
the child process's main
.
On some systems, when a child process is spawned by vfork
, you
cannot debug the child or parent until an exec
call completes.
If you issue a run
command to gdb after an exec
call executes, the new target restarts. To restart the parent
process, use the file
command with the parent executable name
as its argument. By default, after an exec
call executes,
gdb discards the symbols of the previous executable image.
You can change this behaviour with the set follow-exec-mode
command.
set follow-exec-mode
modeexec
. An
exec
call replaces the program image of a process.
follow-exec-mode
can be:
new
exec
call can be restarted afterwards by restarting the
original inferior.
For example:
(gdb) info inferiors (gdb) info inferior Id Description Executable * 1 <null> prog1 (gdb) run process 12020 is executing new program: prog2 Program exited normally. (gdb) info inferiors Id Description Executable 1 <null> prog1 * 2 <null> prog2
same
exec
call, with
e.g., the run
command, restarts the executable the process was
running after the exec
call. This is the default mode.
For example:
(gdb) info inferiors Id Description Executable * 1 <null> prog1 (gdb) run process 12020 is executing new program: prog2 Program exited normally. (gdb) info inferiors Id Description Executable * 1 <null> prog2
follow-exec-mode
is supported in native mode and
target extended-remote
mode.
You can use the catch
command to make gdb stop whenever
a fork
, vfork
, or exec
call is made. See Setting Catchpoints.
On certain operating systems3, gdb is able to save a snapshot of a program's state, called a checkpoint, and come back to it later.
Returning to a checkpoint effectively undoes everything that has
happened in the program since the checkpoint
was saved. This
includes changes in memory, registers, and even (within some limits)
system state. Effectively, it is like going back in time to the
moment when the checkpoint was saved.
Thus, if you're stepping thru a program and you think you're getting close to the point where things go wrong, you can save a checkpoint. Then, if you accidentally go too far and miss the critical statement, instead of having to restart your program from the beginning, you can just go back to the checkpoint and start again from there.
This can be especially useful if it takes a lot of time or steps to reach the point where you think the bug occurs.
To use the checkpoint
/restart
method of debugging:
checkpoint
checkpoint
command takes no arguments, but each checkpoint
is assigned a small integer id, similar to a breakpoint id.
info checkpoints
Checkpoint ID
Process ID
Code Address
Source line, or label
restart
checkpoint-idNote that breakpoints, gdb variables, command history etc. are not affected by restoring a checkpoint. In general, a checkpoint only restores things that reside in the program being debugged, not in the debugger.
delete checkpoint
checkpoint-idReturning to a previously saved checkpoint will restore the user state of the program being debugged, plus a significant subset of the system (OS) state, including file pointers. It won't “un-write” data from a file, but it will rewind the file pointer to the previous location, so that the previously written data can be overwritten. For files opened in read mode, the pointer will also be restored so that the previously read data can be read again.
Of course, characters that have been sent to a printer (or other external device) cannot be “snatched back”, and characters received from eg. a serial device can be removed from internal program buffers, but they cannot be “pushed back” into the serial pipeline, ready to be received again. Similarly, the actual contents of files that have been changed cannot be restored (at this time).
However, within those constraints, you actually can “rewind” your program to a previously saved point in time, and begin debugging it again — and you can change the course of events so as to debug a different execution path this time.
Finally, there is one bit of internal program state that will be different when you return to a checkpoint — the program's process id. Each checkpoint will have a unique process id (or pid), and each will be different from the program's original pid. If your program has saved a local copy of its process id, this could potentially pose a problem.
On some systems such as gnu/Linux, address space randomization is performed on new processes for security reasons. This makes it difficult or impossible to set a breakpoint, or watchpoint, on an absolute address if you have to restart the program, since the absolute location of a symbol will change from one execution to the next.
A checkpoint, however, is an identical copy of a process. Therefore if you create a checkpoint at (eg.) the start of main, and simply return to that checkpoint instead of restarting the process, you can avoid the effects of address randomization and your symbols will all stay in the same place.
The principal purposes of using a debugger are so that you can stop your program before it terminates; or so that, if your program runs into trouble, you can investigate and find out why.
Inside gdb, your program may stop for any of several reasons,
such as a signal, a breakpoint, or reaching a new line after a
gdb command such as step
. You may then examine and
change variables, set new breakpoints or remove old ones, and then
continue execution. Usually, the messages shown by gdb provide
ample explanation of the status of your program—but you can also
explicitly request this information at any time.
info program
A breakpoint makes your program stop whenever a certain point in
the program is reached. For each breakpoint, you can add conditions to
control in finer detail whether your program stops. You can set
breakpoints with the break
command and its variants (see Setting Breakpoints), to specify the place where your program
should stop by line number, function name or exact address in the
program.
On some systems, you can set breakpoints in shared libraries before the executable is run.
A watchpoint is a special breakpoint that stops your program when the value of an expression changes. The expression may be a value of a variable, or it could involve values of one or more variables combined by operators, such as ‘a + b’. This is sometimes called data breakpoints. You must use a different command to set watchpoints (see Setting Watchpoints), but aside from that, you can manage a watchpoint like any other breakpoint: you enable, disable, and delete both breakpoints and watchpoints using the same commands.
You can arrange to have values from your program displayed automatically whenever gdb stops at a breakpoint. See Automatic Display.
A catchpoint is another special breakpoint that stops your program
when a certain kind of event occurs, such as the throwing of a C++
exception or the loading of a library. As with watchpoints, you use a
different command to set a catchpoint (see Setting Catchpoints), but aside from that, you can manage a catchpoint like any
other breakpoint. (To stop when your program receives a signal, use the
handle
command; see Signals.)
gdb assigns a number to each breakpoint, watchpoint, or catchpoint when you create it; these numbers are successive integers starting with one. In many of the commands for controlling various features of breakpoints you use the breakpoint number to say which breakpoint you want to change. Each breakpoint may be enabled or disabled; if disabled, it has no effect on your program until you enable it again.
Some gdb commands accept a space-separated list of breakpoints on which to operate. A list element can be either a single breakpoint number, like ‘5’, or a range of such numbers, like ‘5-7’. When a breakpoint list is given to a command, all breakpoints in that list are operated on.
Breakpoints are set with the break
command (abbreviated
b
). The debugger convenience variable ‘$bpnum’ records the
number of the breakpoint you've set most recently; see Convenience Variables, for a discussion of what you can do with
convenience variables.
break
locationWhen using source languages that permit overloading of symbols, such as C++, a function name may refer to more than one possible place to break. See Ambiguous Expressions, for a discussion of that situation.
It is also possible to insert a breakpoint that will stop the program
only if a specific thread (see Thread-Specific Breakpoints)
or a specific task (see Ada Tasks) hits that breakpoint.
break
break
sets a breakpoint at
the next instruction to be executed in the selected stack frame
(see Examining the Stack). In any selected frame but the
innermost, this makes your program stop as soon as control
returns to that frame. This is similar to the effect of a
finish
command in the frame inside the selected frame—except
that finish
does not leave an active breakpoint. If you use
break
without an argument in the innermost frame, gdb stops
the next time it reaches the current location; this may be useful
inside loops.
gdb normally ignores breakpoints when it resumes execution, until at
least one instruction has been executed. If it did not do this, you
would be unable to proceed past a breakpoint without first disabling the
breakpoint. This rule applies whether or not the breakpoint already
existed when your program stopped.
break ... if
condtbreak
argsbreak
command, and the breakpoint is set in the same
way, but the breakpoint is automatically deleted after the first time your
program stops there. See Disabling Breakpoints.
hbreak
argsbreak
command and the breakpoint is set in the same way, but the
breakpoint requires hardware support and some target hardware may not
have this support. The main purpose of this is EPROM/ROM code
debugging, so you can set a breakpoint at an instruction without
changing the instruction. This can be used with the new trap-generation
provided by SPARClite DSU and most x86-based targets. These targets
will generate traps when a program accesses some data or instruction
address that is assigned to the debug registers. However the hardware
breakpoint registers can take a limited number of breakpoints. For
example, on the DSU, only two data breakpoints can be set at a time, and
gdb will reject this command if more than two are used. Delete
or disable unused hardware breakpoints before setting new ones
(see Disabling Breakpoints).
See Break Conditions.
For remote targets, you can restrict the number of hardware
breakpoints gdb will use, see set remote hardware-breakpoint-limit.
thbreak
argshbreak
command and the breakpoint is set in
the same way. However, like the tbreak
command,
the breakpoint is automatically deleted after the
first time your program stops there. Also, like the hbreak
command, the breakpoint requires hardware support and some target hardware
may not have this support. See Disabling Breakpoints.
See also Break Conditions.
rbreak
regexbreak
command. You can delete them, disable them, or make
them conditional the same way as any other breakpoint.
In programs using different languages, gdb chooses the syntax to print the list of all breakpoints it sets according to the ‘set language’ value: using ‘set language auto’ (see Set Language Automatically) means to use the language of the breakpoint's function, other values mean to use the manually specified language (see Set Language Manually).
The syntax of the regular expression is the standard one used with tools
like grep. Note that this is different from the syntax used by
shells, so for instance foo*
matches all functions that include
an fo
followed by zero or more o
s. There is an implicit
.*
leading and trailing the regular expression you supply, so to
match only functions that begin with foo
, use ^foo
.
When debugging C++ programs, rbreak
is useful for setting
breakpoints on overloaded functions that are not members of any special
classes.
The rbreak
command can be used to set breakpoints in
all the functions in a program, like this:
(gdb) rbreak .
rbreak
file:
regexrbreak
is called with a filename qualification, it limits
the search for functions matching the given regular expression to the
specified file. This can be used, for example, to set breakpoints on
every function in a given file:
(gdb) rbreak file.c:.
The colon separating the filename qualifier from the regex may optionally be surrounded by spaces.
info breakpoints
[list...
]info break
[list...
]If a breakpoint is conditional, there are two evaluation modes: “host” and
“target”. If mode is “host”, breakpoint condition evaluation is done by
gdb on the host's side. If it is “target”, then the condition
is evaluated by the target. The info break
command shows
the condition on the line following the affected breakpoint, together with
its condition evaluation mode in between parentheses.
Breakpoint commands, if any, are listed after that. A pending breakpoint is allowed to have a condition specified for it. The condition is not parsed for validity until a shared library is loaded that allows the pending breakpoint to resolve to a valid location.
info break
with a breakpoint
number n as argument lists only that breakpoint. The
convenience variable $_
and the default examining-address for
the x
command are set to the address of the last breakpoint
listed (see Examining Memory).
info break
displays a count of the number of times the breakpoint
has been hit. This is especially useful in conjunction with the
ignore
command. You can ignore a large number of breakpoint
hits, look at the breakpoint info to see how many times the breakpoint
was hit, and then run again, ignoring one less than that number. This
will get you quickly to the last hit of that breakpoint.
For a breakpoints with an enable count (xref) greater than 1,
info break
also displays that count.
gdb allows you to set any number of breakpoints at the same place in your program. There is nothing silly or meaningless about this. When the breakpoints are conditional, this is even useful (see Break Conditions).
It is possible that a breakpoint corresponds to several locations in your program. Examples of this situation are:
In all those cases, gdb will insert a breakpoint at all the relevant locations.
A breakpoint with multiple locations is displayed in the breakpoint table using several rows—one header row, followed by one row for each breakpoint location. The header row has ‘<MULTIPLE>’ in the address column. The rows for individual locations contain the actual addresses for locations, and show the functions to which those locations belong. The number column for a location is of the form breakpoint-number.location-number.
For example:
Num Type Disp Enb Address What 1 breakpoint keep y <MULTIPLE> stop only if i==1 breakpoint already hit 1 time 1.1 y 0x080486a2 in void foo<int>() at t.cc:8 1.2 y 0x080486ca in void foo<double>() at t.cc:8
You cannot delete the individual locations from a breakpoint. However,
each location can be individually enabled or disabled by passing
breakpoint-number.location-number as argument to the
enable
and disable
commands. It's also possible to
enable
and disable
a range of location-number
locations using a breakpoint-number and two location-numbers,
in increasing order, separated by a hyphen, like
breakpoint-number.location-number1-location-number2,
in which case gdb acts on all the locations in the range (inclusive).
Disabling or enabling the parent breakpoint (see Disabling) affects
all of the locations that belong to that breakpoint.
It's quite common to have a breakpoint inside a shared library. Shared libraries can be loaded and unloaded explicitly, and possibly repeatedly, as the program is executed. To support this use case, gdb updates breakpoint locations whenever any shared library is loaded or unloaded. Typically, you would set a breakpoint in a shared library at the beginning of your debugging session, when the library is not loaded, and when the symbols from the library are not available. When you try to set breakpoint, gdb will ask you if you want to set a so called pending breakpoint—breakpoint whose address is not yet resolved.
After the program is run, whenever a new shared library is loaded, gdb reevaluates all the breakpoints. When a newly loaded shared library contains the symbol or line referred to by some pending breakpoint, that breakpoint is resolved and becomes an ordinary breakpoint. When a library is unloaded, all breakpoints that refer to its symbols or source lines become pending again.
This logic works for breakpoints with multiple locations, too. For example, if you have a breakpoint in a C++ template function, and a newly loaded shared library has an instantiation of that template, a new location is added to the list of locations for the breakpoint.
Except for having unresolved address, pending breakpoints do not differ from regular breakpoints. You can set conditions or commands, enable and disable them and perform other breakpoint operations.
gdb provides some additional commands for controlling what happens when the ‘break’ command cannot resolve breakpoint address specification to an address:
set breakpoint pending auto
set breakpoint pending on
set breakpoint pending off
show breakpoint pending
The settings above only affect the break
command and its
variants. Once breakpoint is set, it will be automatically updated
as shared libraries are loaded and unloaded.
For some targets, gdb can automatically decide if hardware or
software breakpoints should be used, depending on whether the
breakpoint address is read-only or read-write. This applies to
breakpoints set with the break
command as well as to internal
breakpoints set by commands like next
and finish
. For
breakpoints set with hbreak
, gdb will always use hardware
breakpoints.
You can control this automatic behaviour with the following commands:
set breakpoint auto-hw on
set breakpoint auto-hw off
gdb normally implements breakpoints by replacing the program code at the breakpoint address with a special instruction, which, when executed, given control to the debugger. By default, the program code is so modified only when the program is resumed. As soon as the program stops, gdb restores the original instructions. This behaviour guards against leaving breakpoints inserted in the target should gdb abrubptly disconnect. However, with slow remote targets, inserting and removing breakpoint can reduce the performance. This behavior can be controlled with the following commands::
set breakpoint always-inserted off
set breakpoint always-inserted on
gdb handles conditional breakpoints by evaluating these conditions when a breakpoint breaks. If the condition is true, then the process being debugged stops, otherwise the process is resumed.
If the target supports evaluating conditions on its end, gdb may download the breakpoint, together with its conditions, to it.
This feature can be controlled via the following commands:
set breakpoint condition-evaluation host
set breakpoint condition-evaluation target
set breakpoint condition-evaluation auto
gdb itself sometimes sets breakpoints in your program for
special purposes, such as proper handling of longjmp
(in C
programs). These internal breakpoints are assigned negative numbers,
starting with -1
; ‘info breakpoints’ does not display them.
You can see these breakpoints with the gdb maintenance command
‘maint info breakpoints’ (see maint info breakpoints).
You can use a watchpoint to stop execution whenever the value of an expression changes, without having to predict a particular place where this may happen. (This is sometimes called a data breakpoint.) The expression may be as simple as the value of a single variable, or as complex as many variables combined by operators. Examples include:
int
occupies 4 bytes).
You can set a watchpoint on an expression even if the expression can
not be evaluated yet. For instance, you can set a watchpoint on
‘*global_ptr’ before ‘global_ptr’ is initialized.
gdb will stop when your program sets ‘global_ptr’ and
the expression produces a valid value. If the expression becomes
valid in some other way than changing a variable (e.g. if the memory
pointed to by ‘*global_ptr’ becomes readable as the result of a
malloc
call), gdb may not stop until the next time
the expression changes.
Depending on your system, watchpoints may be implemented in software or hardware. gdb does software watchpointing by single-stepping your program and testing the variable's value each time, which is hundreds of times slower than normal execution. (But this may still be worth it, to catch errors where you have no clue what part of your program is the culprit.)
On some systems, such as most PowerPC or x86-based targets, gdb includes support for hardware watchpoints, which do not slow down the running of your program.
watch
[-l
|-location
] expr [thread
thread-id] [mask
maskvalue](gdb) watch foo
If the command includes a [thread
thread-id]
argument, gdb breaks only when the thread identified by
thread-id changes the value of expr. If any other threads
change the value of expr, gdb will not break. Note
that watchpoints restricted to a single thread in this way only work
with Hardware Watchpoints.
Ordinarily a watchpoint respects the scope of variables in expr
(see below). The -location
argument tells gdb to
instead watch the memory referred to by expr. In this case,
gdb will evaluate expr, take the address of the result,
and watch the memory at that address. The type of the result is used
to determine the size of the watched memory. If the expression's
result does not have an address, then gdb will print an
error.
The [mask
maskvalue] argument allows creation
of masked watchpoints, if the current architecture supports this
feature (e.g., PowerPC Embedded architecture, see PowerPC Embedded.) A masked watchpoint specifies a mask in addition
to an address to watch. The mask specifies that some bits of an address
(the bits which are reset in the mask) should be ignored when matching
the address accessed by the inferior against the watchpoint address.
Thus, a masked watchpoint watches many addresses simultaneously—those
addresses whose unmasked bits are identical to the unmasked bits in the
watchpoint address. The mask
argument implies -location
.
Examples:
(gdb) watch foo mask 0xffff00ff (gdb) watch *0xdeadbeef mask 0xffffff00
rwatch
[-l
|-location
] expr [thread
thread-id] [mask
maskvalue]awatch
[-l
|-location
] expr [thread
thread-id] [mask
maskvalue]info watchpoints
[list...
]info break
(see Set Breaks).
If you watch for a change in a numerically entered address you need to dereference it, as the address itself is just a constant number which will never change. gdb refuses to create a watchpoint that watches a never-changing value:
(gdb) watch 0x600850 Cannot watch constant value 0x600850. (gdb) watch *(int *) 0x600850 Watchpoint 1: *(int *) 6293584
gdb sets a hardware watchpoint if possible. Hardware watchpoints execute very quickly, and the debugger reports a change in value at the exact instruction where the change occurs. If gdb cannot set a hardware watchpoint, it sets a software watchpoint, which executes more slowly and reports the change in value at the next statement, not the instruction, after the change occurs.
You can force gdb to use only software watchpoints with the
set can-use-hw-watchpoints 0 command. With this variable set to
zero, gdb will never try to use hardware watchpoints, even if
the underlying system supports them. (Note that hardware-assisted
watchpoints that were set before setting
can-use-hw-watchpoints
to zero will still use the hardware
mechanism of watching expression values.)
set can-use-hw-watchpoints
show can-use-hw-watchpoints
For remote targets, you can restrict the number of hardware watchpoints gdb will use, see set remote hardware-breakpoint-limit.
When you issue the watch
command, gdb reports
Hardware watchpoint num: expr
if it was able to set a hardware watchpoint.
Currently, the awatch
and rwatch
commands can only set
hardware watchpoints, because accesses to data that don't change the
value of the watched expression cannot be detected without examining
every instruction as it is being executed, and gdb does not do
that currently. If gdb finds that it is unable to set a
hardware breakpoint with the awatch
or rwatch
command, it
will print a message like this:
Expression cannot be implemented with read/access watchpoint.
Sometimes, gdb cannot set a hardware watchpoint because the data type of the watched expression is wider than what a hardware watchpoint on the target machine can handle. For example, some systems can only watch regions that are up to 4 bytes wide; on such systems you cannot set hardware watchpoints for an expression that yields a double-precision floating-point number (which is typically 8 bytes wide). As a work-around, it might be possible to break the large region into a series of smaller ones and watch them with separate watchpoints.
If you set too many hardware watchpoints, gdb might be unable to insert all of them when you resume the execution of your program. Since the precise number of active watchpoints is unknown until such time as the program is about to be resumed, gdb might not be able to warn you about this when you set the watchpoints, and the warning will be printed only when the program is resumed:
Hardware watchpoint num: Could not insert watchpoint
If this happens, delete or disable some of the watchpoints.
Watching complex expressions that reference many variables can also exhaust the resources available for hardware-assisted watchpoints. That's because gdb needs to watch every variable in the expression with separately allocated resources.
If you call a function interactively using print
or call
,
any watchpoints you have set will be inactive until gdb reaches another
kind of breakpoint or the call completes.
gdb automatically deletes watchpoints that watch local
(automatic) variables, or expressions that involve such variables, when
they go out of scope, that is, when the execution leaves the block in
which these variables were defined. In particular, when the program
being debugged terminates, all local variables go out of scope,
and so only watchpoints that watch global variables remain set. If you
rerun the program, you will need to set all such watchpoints again. One
way of doing that would be to set a code breakpoint at the entry to the
main
function and when it breaks, set all the watchpoints.
In multi-threaded programs, watchpoints will detect changes to the watched expression from every thread.
Warning: In multi-threaded programs, software watchpoints have only limited usefulness. If gdb creates a software watchpoint, it can only watch the value of an expression in a single thread. If you are confident that the expression can only change due to the current thread's activity (and if you are also confident that no other thread can become current), then you can use software watchpoints as usual. However, gdb may not notice when a non-current thread's activity changes the expression. (Hardware watchpoints, in contrast, watch an expression in all threads.)
See set remote hardware-watchpoint-limit.
You can use catchpoints to cause the debugger to stop for certain
kinds of program events, such as C++ exceptions or the loading of a
shared library. Use the catch
command to set a catchpoint.
catch
eventthrow
[regexp]rethrow
[regexp]catch
[regexp]If regexp is given, then only exceptions whose type matches the regular expression will be caught.
The convenience variable $_exception
is available at an
exception-related catchpoint, on some systems. This holds the
exception being thrown.
There are currently some limitations to C++ exception handling in gdb:
$_exception
convenience
variable rely on the presence of some SDT probes in libstdc++
.
If these probes are not present, then these features cannot be used.
These probes were first available in the GCC 4.8 release, but whether
or not they are available in your GCC also depends on how it was
built.
$_exception
convenience variable is only valid at the
instruction at which an exception-related catchpoint is set.
libstdc++
. You can use up
(see Selection) to get to your code.
set unwind-on-terminating-exception
.
exception
catch exception Program_Error
),
the debugger will stop only when this specific exception is raised.
Otherwise, the debugger stops execution when any Ada exception is raised.
When inserting an exception catchpoint on a user-defined exception whose
name is identical to one of the exceptions defined by the language, the
fully qualified name must be used as the exception name. Otherwise,
gdb will assume that it should stop on the pre-defined exception
rather than the user-defined one. For instance, assuming an exception
called Constraint_Error
is defined in package Pck
, then
the command to use to catch such exceptions is catch exception
Pck.Constraint_Error.
The convenience variable $_ada_exception
holds the address of
the exception being thrown. This can be useful when setting a
condition for such a catchpoint.
exception unhandled
The convenience variable $_ada_exception
holds the address of
the exception being thrown. This can be useful when setting a
condition for such a catchpoint.
handlers
[name]When inserting a handlers catchpoint on a user-defined
exception whose name is identical to one of the exceptions
defined by the language, the fully qualified name must be used
as the exception name. Otherwise, gdb will assume that it
should stop on the pre-defined exception rather than the
user-defined one. For instance, assuming an exception called
Constraint_Error
is defined in package Pck
, then the
command to use to catch such exceptions handling is
catch handlers Pck.Constraint_Error.
The convenience variable $_ada_exception
holds the address of
the exception being thrown. This can be useful when setting a
condition for such a catchpoint.
assert
$_ada_exception
is not set by this catchpoint.
exec
exec
.
syscall
syscall
[name | number | group:groupname | g:groupname] ...
name can be any system call name that is valid for the underlying OS. Just what syscalls are valid depends on the OS. On GNU and Unix systems, you can find the full list of valid syscall names on /usr/include/asm/unistd.h.
Normally, gdb knows in advance which syscalls are valid for each OS, so you can use the gdb command-line completion facilities (see command completion) to list the available choices.
You may also specify the system call numerically. A syscall's number is the value passed to the OS's syscall dispatcher to identify the requested service. When you specify the syscall by its name, gdb uses its database of syscalls to convert the name into the corresponding numeric code, but using the number directly may be useful if gdb's database does not have the complete list of syscalls on your system (e.g., because gdb lags behind the OS upgrades).
You may specify a group of related syscalls to be caught at once using
the group:
syntax (g:
is a shorter equivalent). For
instance, on some platforms gdb allows you to catch all
network related syscalls, by passing the argument group:network
to catch syscall
. Note that not all syscall groups are
available in every system. You can use the command completion
facilities (see command completion) to list the
syscall groups available on your environment.
The example below illustrates how this command works if you don't provide arguments to it:
(gdb) catch syscall Catchpoint 1 (syscall) (gdb) r Starting program: /tmp/catch-syscall Catchpoint 1 (call to syscall 'close'), \ 0xffffe424 in __kernel_vsyscall () (gdb) c Continuing. Catchpoint 1 (returned from syscall 'close'), \ 0xffffe424 in __kernel_vsyscall () (gdb)
Here is an example of catching a system call by name:
(gdb) catch syscall chroot Catchpoint 1 (syscall 'chroot' [61]) (gdb) r Starting program: /tmp/catch-syscall Catchpoint 1 (call to syscall 'chroot'), \ 0xffffe424 in __kernel_vsyscall () (gdb) c Continuing. Catchpoint 1 (returned from syscall 'chroot'), \ 0xffffe424 in __kernel_vsyscall () (gdb)
An example of specifying a system call numerically. In the case below, the syscall number has a corresponding entry in the XML file, so gdb finds its name and prints it:
(gdb) catch syscall 252 Catchpoint 1 (syscall(s) 'exit_group') (gdb) r Starting program: /tmp/catch-syscall Catchpoint 1 (call to syscall 'exit_group'), \ 0xffffe424 in __kernel_vsyscall () (gdb) c Continuing. Program exited normally. (gdb)
Here is an example of catching a syscall group:
(gdb) catch syscall group:process Catchpoint 1 (syscalls 'exit' [1] 'fork' [2] 'waitpid' [7] 'execve' [11] 'wait4' [114] 'clone' [120] 'vfork' [190] 'exit_group' [252] 'waitid' [284] 'unshare' [310]) (gdb) r Starting program: /tmp/catch-syscall Catchpoint 1 (call to syscall fork), 0x00007ffff7df4e27 in open64 () from /lib64/ld-linux-x86-64.so.2 (gdb) c Continuing.
However, there can be situations when there is no corresponding name in XML file for that syscall number. In this case, gdb prints a warning message saying that it was not able to find the syscall name, but the catchpoint will be set anyway. See the example below:
(gdb) catch syscall 764 warning: The number '764' does not represent a known syscall. Catchpoint 2 (syscall 764) (gdb)
If you configure gdb using the ‘--without-expat’ option, it will not be able to display syscall names. Also, if your architecture does not have an XML file describing its system calls, you will not be able to see the syscall names. It is important to notice that these two features are used for accessing the syscall name database. In either case, you will see a warning like this:
(gdb) catch syscall warning: Could not open "syscalls/i386-linux.xml" warning: Could not load the syscall XML file 'syscalls/i386-linux.xml'. GDB will not be able to display syscall names. Catchpoint 1 (syscall) (gdb)
Of course, the file name will change depending on your architecture and system.
Still using the example above, you can also try to catch a syscall by its number. In this case, you would see something like:
(gdb) catch syscall 252 Catchpoint 1 (syscall(s) 252)
Again, in this case gdb would not be able to display syscall's names.
fork
fork
.
vfork
vfork
.
load
[regexp
]unload
[regexp
]signal
[signal...
| ‘
all’
]With no arguments, this catchpoint will catch any signal that is not used internally by gdb, specifically, all signals except ‘SIGTRAP’ and ‘SIGINT’.
With the argument ‘all’, all signals, including those used by gdb, will be caught. This argument cannot be used with other signal names.
Otherwise, the arguments are a list of signal names as given to
handle
(see Signals). Only signals specified in this list
will be caught.
One reason that catch signal
can be more useful than
handle
is that you can attach commands and conditions to the
catchpoint.
When a signal is caught by a catchpoint, the signal's stop
and
print
settings, as specified by handle
, are ignored.
However, whether the signal is still delivered to the inferior depends
on the pass
setting; this can be changed in the catchpoint's
commands.
tcatch
eventUse the info break
command to list the current catchpoints.
It is often necessary to eliminate a breakpoint, watchpoint, or catchpoint once it has done its job and you no longer want your program to stop there. This is called deleting the breakpoint. A breakpoint that has been deleted no longer exists; it is forgotten.
With the clear
command you can delete breakpoints according to
where they are in your program. With the delete
command you can
delete individual breakpoints, watchpoints, or catchpoints by specifying
their breakpoint numbers.
It is not necessary to delete a breakpoint to proceed past it. gdb automatically ignores breakpoints on the first instruction to be executed when you continue execution without changing the execution address.
clear
clear
locationclear
functionclear
filename:
functionclear
linenumclear
filename:
linenumdelete
[breakpoints
] [list...
]set
confirm off
). You can abbreviate this command as d
.
Rather than deleting a breakpoint, watchpoint, or catchpoint, you might prefer to disable it. This makes the breakpoint inoperative as if it had been deleted, but remembers the information on the breakpoint so that you can enable it again later.
You disable and enable breakpoints, watchpoints, and catchpoints with
the enable
and disable
commands, optionally specifying
one or more breakpoint numbers as arguments. Use info break
to
print a list of all breakpoints, watchpoints, and catchpoints if you
do not know which numbers to use.
Disabling and enabling a breakpoint that has multiple locations affects all of its locations.
A breakpoint, watchpoint, or catchpoint can have any of several different states of enablement:
break
command starts out in this state.
tbreak
command starts out in this state.
You can use the following commands to enable or disable breakpoints, watchpoints, and catchpoints:
disable
[breakpoints
] [list...
]disable
as dis
.
enable
[breakpoints
] [list...
]enable
[breakpoints
] once
list...
enable
[breakpoints
] count
count list...
enable
[breakpoints
] delete
list...
tbreak
command start out in this state.
Except for a breakpoint set with tbreak
(see Setting Breakpoints), breakpoints that you set are initially enabled;
subsequently, they become disabled or enabled only when you use one of
the commands above. (The command until
can set and delete a
breakpoint of its own, but it does not change the state of your other
breakpoints; see Continuing and Stepping.)
The simplest sort of breakpoint breaks every time your program reaches a specified place. You can also specify a condition for a breakpoint. A condition is just a Boolean expression in your programming language (see Expressions). A breakpoint with a condition evaluates the expression each time your program reaches it, and your program stops only if the condition is true.
This is the converse of using assertions for program validation; in that situation, you want to stop when the assertion is violated—that is, when the condition is false. In C, if you want to test an assertion expressed by the condition assert, you should set the condition ‘! assert’ on the appropriate breakpoint.
Conditions are also accepted for watchpoints; you may not need them, since a watchpoint is inspecting the value of an expression anyhow—but it might be simpler, say, to just set a watchpoint on a variable name, and specify a condition that tests whether the new value is an interesting one.
Break conditions can have side effects, and may even call functions in your program. This can be useful, for example, to activate functions that log program progress, or to use your own print functions to format special data structures. The effects are completely predictable unless there is another enabled breakpoint at the same address. (In that case, gdb might see the other breakpoint first and stop your program without checking the condition of this one.) Note that breakpoint commands are usually more convenient and flexible than break conditions for the purpose of performing side effects when a breakpoint is reached (see Breakpoint Command Lists).
Breakpoint conditions can also be evaluated on the target's side if the target supports it. Instead of evaluating the conditions locally, gdb encodes the expression into an agent expression (see Agent Expressions) suitable for execution on the target, independently of gdb. Global variables become raw memory locations, locals become stack accesses, and so forth.
In this case, gdb will only be notified of a breakpoint trigger when its condition evaluates to true. This mechanism may provide faster response times depending on the performance characteristics of the target since it does not need to keep gdb informed about every breakpoint trigger, even those with false conditions.
Break conditions can be specified when a breakpoint is set, by using
‘if’ in the arguments to the break
command. See Setting Breakpoints. They can also be changed at any time
with the condition
command.
You can also use the if
keyword with the watch
command.
The catch
command does not recognize the if
keyword;
condition
is the only way to impose a further condition on a
catchpoint.
condition
bnum expressioncondition
, gdb checks expression immediately for
syntactic correctness, and to determine whether symbols in it have
referents in the context of your breakpoint. If expression uses
symbols not referenced in the context of the breakpoint, gdb
prints an error message:
No symbol "foo" in current context.
gdb does
not actually evaluate expression at the time the condition
command (or a command that sets a breakpoint with a condition, like
break if ...
) is given, however. See Expressions.
condition
bnumA special case of a breakpoint condition is to stop only when the breakpoint has been reached a certain number of times. This is so useful that there is a special way to do it, using the ignore count of the breakpoint. Every breakpoint has an ignore count, which is an integer. Most of the time, the ignore count is zero, and therefore has no effect. But if your program reaches a breakpoint whose ignore count is positive, then instead of stopping, it just decrements the ignore count by one and continues. As a result, if the ignore count value is n, the breakpoint does not stop the next n times your program reaches it.
ignore
bnum countTo make the breakpoint stop the next time it is reached, specify a count of zero.
When you use continue
to resume execution of your program from a
breakpoint, you can specify an ignore count directly as an argument to
continue
, rather than using ignore
. See Continuing and Stepping.
If a breakpoint has a positive ignore count and a condition, the condition is not checked. Once the ignore count reaches zero, gdb resumes checking the condition.
You could achieve the effect of the ignore count with a condition such as ‘$foo-- <= 0’ using a debugger convenience variable that is decremented each time. See Convenience Variables.
Ignore counts apply to breakpoints, watchpoints, and catchpoints.
You can give any breakpoint (or watchpoint or catchpoint) a series of commands to execute when your program stops due to that breakpoint. For example, you might want to print the values of certain expressions, or enable other breakpoints.
commands
[list...
]...
command-list ...
end
end
to terminate the commands.
To remove all commands from a breakpoint, type commands
and
follow it immediately with end
; that is, give no commands.
With no argument, commands
refers to the last breakpoint,
watchpoint, or catchpoint set (not to the breakpoint most recently
encountered). If the most recent breakpoints were set with a single
command, then the commands
will apply to all the breakpoints
set by that command. This applies to breakpoints set by
rbreak
, and also applies when a single break
command
creates multiple breakpoints (see Ambiguous Expressions).
Pressing <RET> as a means of repeating the last gdb command is disabled within a command-list.
You can use breakpoint commands to start your program up again. Simply
use the continue
command, or step
, or any other command
that resumes execution.
Any other commands in the command list, after a command that resumes
execution, are ignored. This is because any time you resume execution
(even with a simple next
or step
), you may encounter
another breakpoint—which could have its own command list, leading to
ambiguities about which list to execute.
If the first command you specify in a command list is silent
, the
usual message about stopping at a breakpoint is not printed. This may
be desirable for breakpoints that are to print a specific message and
then continue. If none of the remaining commands print anything, you
see no sign that the breakpoint was reached. silent
is
meaningful only at the beginning of a breakpoint command list.
The commands echo
, output
, and printf
allow you to
print precisely controlled output, and are often useful in silent
breakpoints. See Commands for Controlled Output.
For example, here is how you could use breakpoint commands to print the
value of x
at entry to foo
whenever x
is positive.
break foo if x>0 commands silent printf "x is %d\n",x cont end
One application for breakpoint commands is to compensate for one bug so
you can test for another. Put a breakpoint just after the erroneous line
of code, give it a condition to detect the case in which something
erroneous has been done, and give it commands to assign correct values
to any variables that need them. End with the continue
command
so that your program does not stop, and start with the silent
command so that no output is produced. Here is an example:
break 403 commands silent set x = y + 4 cont end
The dynamic printf command dprintf
combines a breakpoint with
formatted printing of your program's data to give you the effect of
inserting printf
calls into your program on-the-fly, without
having to recompile it.
In its most basic form, the output goes to the GDB console. However,
you can set the variable dprintf-style
for alternate handling.
For instance, you can ask to format the output by calling your
program's printf
function. This has the advantage that the
characters go to the program's output device, so they can recorded in
redirects to files and so forth.
If you are doing remote debugging with a stub or agent, you can also ask to have the printf handled by the remote agent. In addition to ensuring that the output goes to the remote program's device along with any other output the program might produce, you can also ask that the dprintf remain active even after disconnecting from the remote target. Using the stub/agent is also more efficient, as it can do everything without needing to communicate with gdb.
dprintf
location,
template,
expression[,
expression...]
set dprintf-style
stylegdb
printf
command.
call
printf
).
agent
gdbserver
) handle
the output itself. This style is only available for agents that
support running commands on the target.
set dprintf-function
functioncall
. By
default its value is printf
. You may set it to any expression.
that gdb can evaluate to a function, as per the call
command.
set dprintf-channel
channeldprintf-function
, in the manner of
fprintf
and similar functions. Otherwise, the dprintf format
string will be the first argument, in the manner of printf
.
As an example, if you wanted dprintf
output to go to a logfile
that is a standard I/O stream assigned to the variable mylog
,
you could do the following:
(gdb) set dprintf-style call (gdb) set dprintf-function fprintf (gdb) set dprintf-channel mylog (gdb) dprintf 25,"at line 25, glob=%d\n",glob Dprintf 1 at 0x123456: file main.c, line 25. (gdb) info break 1 dprintf keep y 0x00123456 in main at main.c:25 call (void) fprintf (mylog,"at line 25, glob=%d\n",glob) continue (gdb)
Note that the info break
displays the dynamic printf commands
as normal breakpoint commands; you can thus easily see the effect of
the variable settings.
set disconnected-dprintf on
set disconnected-dprintf off
dprintf
commands should continue to run if
gdb has disconnected from the target. This only applies
if the dprintf-style
is agent
.
show disconnected-dprintf off
dprintf
.
gdb does not check the validity of function and channel, relying on you to supply values that are meaningful for the contexts in which they are being used. For instance, the function and channel may be the values of local variables, but if that is the case, then all enabled dynamic prints must be at locations within the scope of those locals. If evaluation fails, gdb will report an error.
To save breakpoint definitions to a file use the save breakpoints
command.
save breakpoints [
filename]
source
command (see Command Files). Note that watchpoints
with expressions involving local variables may fail to be recreated
because it may not be possible to access the context where the
watchpoint is valid anymore. Because the saved breakpoint definitions
are simply a sequence of gdb commands that recreate the
breakpoints, you can edit the file in your favorite editing program,
and remove the breakpoint definitions you're not interested in, or
that can no longer be recreated.
gdb supports SDT probes in the code. SDT stands for Statically Defined Tracing, and the probes are designed to have a tiny runtime code and data footprint, and no dynamic relocations.
Currently, the following types of probes are supported on ELF-compatible systems:
SystemTap
(http://sourceware.org/systemtap/)
SDT probes4. SystemTap
probes are usable
from assembly, C and C++ languages5.
DTrace
(http://oss.oracle.com/projects/DTrace)
USDT probes. DTrace
probes are usable from C and
C++ languages.
Some SystemTap
probes have an associated semaphore variable;
for instance, this happens automatically if you defined your probe
using a DTrace-style .d file. If your probe has a semaphore,
gdb will automatically enable it when you specify a
breakpoint using the ‘-probe-stap’ notation. But, if you put a
breakpoint at a probe's location by some other method (e.g.,
break file:line
), then gdb will not automatically set
the semaphore. DTrace
probes do not support semaphores.
You can examine the available static static probes using info
probes
, with optional arguments:
info probes
[type] [provider [name [objfile]]]stap
for listing
SystemTap
probes or dtrace
for listing DTrace
probes. If omitted all probes are listed regardless of their types.
If given, provider is a regular expression used to match against provider names when selecting which probes to list. If omitted, probes by all probes from all providers are listed.
If given, name is a regular expression to match against probe names when selecting which probes to list. If omitted, probe names are not considered when deciding whether to display them.
If given, objfile is a regular expression used to select which
object files (executable or shared libraries) to examine. If not
given, all object files are considered.
info probes all
Some probe points can be enabled and/or disabled. The effect of
enabling or disabling a probe depends on the type of probe being
handled. Some DTrace
probes can be enabled or
disabled, but SystemTap
probes cannot be disabled.
You can enable (or disable) one or more probes using the following commands, with optional arguments:
enable probes
[provider [name [objfile]]]If given, name is a regular expression to match against probe names when selecting which probes to enable. If omitted, probe names are not considered when deciding whether to enable them.
If given, objfile is a regular expression used to select which object files (executable or shared libraries) to examine. If not given, all object files are considered.
disable probes
[provider [name [objfile]]]enable probes
command above for a description of the
optional arguments accepted by this command.
A probe may specify up to twelve arguments. These are available at the
point at which the probe is defined—that is, when the current PC is
at the probe's location. The arguments are available using the
convenience variables (see Convenience Vars)
$_probe_arg0
...$_probe_arg11
. In SystemTap
probes each probe argument is an integer of the appropriate size;
types are not preserved. In DTrace
probes types are preserved
provided that they are recognized as such by gdb; otherwise
the value of the probe argument will be a long integer. The
convenience variable $_probe_argc
holds the number of arguments
at the current probe point.
These variables are always available, but attempts to access them at any location other than a probe point will cause gdb to give an error message.
If you request too many active hardware-assisted breakpoints and watchpoints, you will see this error message:
Stopped; cannot insert breakpoints. You may have requested too many hardware breakpoints and watchpoints.
This message is printed when you attempt to resume the program, since only then gdb knows exactly how many hardware breakpoints and watchpoints it needs to insert.
When this message is printed, you need to disable or remove some of the hardware-assisted breakpoints and watchpoints, and then continue.
Some processor architectures place constraints on the addresses at which breakpoints may be placed. For architectures thus constrained, gdb will attempt to adjust the breakpoint's address to comply with the constraints dictated by the architecture.
One example of such an architecture is the Fujitsu FR-V. The FR-V is a VLIW architecture in which a number of RISC-like instructions may be bundled together for parallel execution. The FR-V architecture constrains the location of a breakpoint instruction within such a bundle to the instruction with the lowest address. gdb honors this constraint by adjusting a breakpoint's address to the first in the bundle.
It is not uncommon for optimized code to have bundles which contain instructions from different source statements, thus it may happen that a breakpoint's address will be adjusted from one source statement to another. Since this adjustment may significantly alter gdb's breakpoint related behavior from what the user expects, a warning is printed when the breakpoint is first set and also when the breakpoint is hit.
A warning like the one below is printed when setting a breakpoint that's been subject to address adjustment:
warning: Breakpoint address adjusted from 0x00010414 to 0x00010410.
Such warnings are printed both for user settable and gdb's internal breakpoints. If you see one of these warnings, you should verify that a breakpoint set at the adjusted address will have the desired affect. If not, the breakpoint in question may be removed and other breakpoints may be set which will have the desired behavior. E.g., it may be sufficient to place the breakpoint at a later instruction. A conditional breakpoint may also be useful in some cases to prevent the breakpoint from triggering too often.
gdb will also issue a warning when stopping at one of these adjusted breakpoints:
warning: Breakpoint 1 address previously adjusted from 0x00010414 to 0x00010410.
When this warning is encountered, it may be too late to take remedial action except in cases where the breakpoint is hit earlier or more frequently than expected.
Continuing means resuming program execution until your program
completes normally. In contrast, stepping means executing just
one more “step” of your program, where “step” may mean either one
line of source code, or one machine instruction (depending on what
particular command you use). Either when continuing or when stepping,
your program may stop even sooner, due to a breakpoint or a signal. (If
it stops due to a signal, you may want to use handle
, or use
‘signal 0’ to resume execution (see Signals),
or you may step into the signal's handler (see stepping and signal handlers).)
continue
[ignore-count]c
[ignore-count]fg
[ignore-count]ignore
(see Break Conditions).
The argument ignore-count is meaningful only when your program
stopped due to a breakpoint. At other times, the argument to
continue
is ignored.
The synonyms c
and fg
(for foreground, as the
debugged program is deemed to be the foreground program) are provided
purely for convenience, and have exactly the same behavior as
continue
.
To resume execution at a different place, you can use return
(see Returning from a Function) to go back to the
calling function; or jump
(see Continuing at a Different Address) to go to an arbitrary location in your program.
A typical technique for using stepping is to set a breakpoint (see Breakpoints; Watchpoints; and Catchpoints) at the beginning of the function or the section of your program where a problem is believed to lie, run your program until it stops at that breakpoint, and then step through the suspect area, examining the variables that are interesting, until you see the problem happen.
step
s
.
Warning: If you use thestep
command while control is within a function that was compiled without debugging information, execution proceeds until control reaches a function that does have debugging information. Likewise, it will not step into a function which is compiled without debugging information. To step through functions without debugging information, use thestepi
command, described below.
The step
command only stops at the first instruction of a source
line. This prevents the multiple stops that could otherwise occur in
switch
statements, for
loops, etc. step
continues
to stop if a function that has debugging information is called within
the line. In other words, step
steps inside any functions
called within the line.
Also, the step
command only enters a function if there is line
number information for the function. Otherwise it acts like the
next
command. This avoids problems when using cc -gl
on MIPS machines. Previously, step
entered subroutines if there
was any debugging information about the routine.
step
countstep
, but do so count times. If a
breakpoint is reached, or a signal not related to stepping occurs before
count steps, stepping stops right away.
next
[count]step
, but function calls that appear within
the line of code are executed without stopping. Execution stops when
control reaches a different line of code at the original stack level
that was executing when you gave the next
command. This command
is abbreviated n
.
An argument count is a repeat count, as for step
.
The next
command only stops at the first instruction of a
source line. This prevents multiple stops that could otherwise occur in
switch
statements, for
loops, etc.
set step-mode
set step-mode on
set step-mode on
command causes the step
command to
stop at the first instruction of a function which contains no debug line
information rather than stepping over it.
This is useful in cases where you may be interested in inspecting the
machine instructions of a function which has no symbolic info and do not
want gdb to automatically skip over this function.
set step-mode off
step
command to step over any functions which contains no
debug information. This is the default.
show step-mode
finish
fin
.
Contrast this with the return
command (see Returning from a Function).
set print finish
[on|off
]show print finish
finish
command will show the value that is
returned by the function. This can be disabled using set print
finish off
. When disabled, the value is still entered into the value
history (see Value History), but not displayed.
until
u
next
command, except that when until
encounters a jump, it
automatically continues execution until the program counter is greater
than the address of the jump.
This means that when you reach the end of a loop after single stepping
though it, until
makes your program continue execution until it
exits the loop. In contrast, a next
command at the end of a loop
simply steps back to the beginning of the loop, which forces you to step
through the next iteration.
until
always stops your program if it attempts to exit the current
stack frame.
until
may produce somewhat counterintuitive results if the order
of machine code does not match the order of the source lines. For
example, in the following excerpt from a debugging session, the f
(frame
) command shows that execution is stopped at line
206
; yet when we use until
, we get to line 195
:
(gdb) f #0 main (argc=4, argv=0xf7fffae8) at m4.c:206 206 expand_input(); (gdb) until 195 for ( ; argc > 0; NEXTARG) {
This happened because, for execution efficiency, the compiler had
generated code for the loop closure test at the end, rather than the
start, of the loop—even though the test in a C for
-loop is
written before the body of the loop. The until
command appeared
to step back to the beginning of the loop when it advanced to this
expression; however, it has not really gone to an earlier
statement—not in terms of the actual machine code.
until
with no argument works by means of single
instruction stepping, and hence is slower than until
with an
argument.
until
locationu
locationuntil
without an argument. The specified
location is actually reached only if it is in the current frame. This
implies that until
can be used to skip over recursive function
invocations. For instance in the code below, if the current location is
line 96
, issuing until 99
will execute the program up to
line 99
in the same invocation of factorial, i.e., after the inner
invocations have returned.
94 int factorial (int value) 95 { 96 if (value > 1) { 97 value *= factorial (value - 1); 98 } 99 return (value); 100 }
advance
locationuntil
, but advance
will
not skip over recursive function calls, and the target location doesn't
have to be in the same frame as the current one.
stepi
stepi
argsi
It is often useful to do ‘display/i $pc’ when stepping by machine instructions. This makes gdb automatically display the next instruction to be executed, each time your program stops. See Automatic Display.
An argument is a repeat count, as in step
.
nexti
nexti
argni
An argument is a repeat count, as in next
.
By default, and if available, gdb makes use of
target-assisted range stepping. In other words, whenever you
use a stepping command (e.g., step
, next
), gdb
tells the target to step the corresponding range of instruction
addresses instead of issuing multiple single-steps. This speeds up
line stepping, particularly for remote targets. Ideally, there should
be no reason you would want to turn range stepping off. However, it's
possible that a bug in the debug info, a bug in the remote stub (for
remote targets), or even a bug in gdb could make line
stepping behave incorrectly when target-assisted range stepping is
enabled. You can use the following command to turn off range stepping
if necessary:
set range-stepping
show range-stepping
If on
, and the target supports it, gdb tells the
target to step a range of addresses itself, instead of issuing
multiple single-steps. If off
, gdb always issues
single-steps, even if range stepping is supported by the target. The
default is on
.
The program you are debugging may contain some functions which are
uninteresting to debug. The skip
command lets you tell gdb to
skip a function, all functions in a file or a particular function in
a particular file when stepping.
For example, consider the following C function:
101 int func() 102 { 103 foo(boring()); 104 bar(boring()); 105 }
Suppose you wish to step into the functions foo
and bar
, but you
are not interested in stepping through boring
. If you run step
at line 103, you'll enter boring()
, but if you run next
, you'll
step over both foo
and boring
!
One solution is to step
into boring
and use the finish
command to immediately exit it. But this can become tedious if boring
is called from many places.
A more flexible solution is to execute skip boring. This instructs
gdb never to step into boring
. Now when you execute
step
at line 103, you'll step over boring
and directly into
foo
.
Functions may be skipped by providing either a function name, linespec
(see Specify Location), regular expression that matches the function's
name, file name or a glob
-style pattern that matches the file name.
On Posix systems the form of the regular expression is
“Extended Regular Expressions”. See for example ‘man 7 regex’
on gnu/Linux systems. On non-Posix systems the form of the regular
expression is whatever is provided by the regcomp
function of
the underlying system.
See for example ‘man 7 glob’ on gnu/Linux systems for a
description of glob
-style patterns.
skip
[options]skip
command takes zero or more options
that specify what to skip.
The options argument is any useful combination of the following:
-file
file-fi
file-gfile
file-glob-pattern-gfi
file-glob-pattern(gdb) skip -gfi utils/*.c
-function
linespec-fu
linespec-rfunction
regexp-rfu
regexpThis form is useful for complex function names.
For example, there is generally no need to step into C++ std::string
constructors or destructors. Plus with C++ templates it can be hard to
write out the full name of the function, and often it doesn't matter what
the template arguments are. Specifying the function to be skipped as a
regular expression makes this easier.
(gdb) skip -rfu ^std::(allocator|basic_string)<.*>::~?\1 *\(
If you want to skip every templated C++ constructor and destructor
in the std
namespace you can do:
(gdb) skip -rfu ^std::([a-zA-z0-9_]+)<.*>::~?\1 *\(
If no options are specified, the function you're currently debugging will be skipped.
skip function
[linespec]If you do not specify linespec, the function you're currently debugging will be skipped.
(If you have a function called file
that you want to skip, use
skip function file.)
skip file
[filename](gdb) skip file boring.c File boring.c will be skipped when stepping.
If you do not specify filename, functions whose source lives in the file you're currently debugging will be skipped.
Skips can be listed, deleted, disabled, and enabled, much like breakpoints. These are the commands for managing your list of skips:
info skip
[range]info skip
prints the following information about each skip:
skip delete
[range]skip enable
[range]skip disable
[range]set debug skip
[on|off
]show debug skip
A signal is an asynchronous event that can happen in a program. The
operating system defines the possible kinds of signals, and gives each
kind a name and a number. For example, in Unix SIGINT
is the
signal a program gets when you type an interrupt character (often Ctrl-c);
SIGSEGV
is the signal a program gets from referencing a place in
memory far away from all the areas in use; SIGALRM
occurs when
the alarm clock timer goes off (which happens only if your program has
requested an alarm).
Some signals, including SIGALRM
, are a normal part of the
functioning of your program. Others, such as SIGSEGV
, indicate
errors; these signals are fatal (they kill your program immediately) if the
program has not specified in advance some other way to handle the signal.
SIGINT
does not indicate an error in your program, but it is normally
fatal so it can carry out the purpose of the interrupt: to kill the program.
gdb has the ability to detect any occurrence of a signal in your program. You can tell gdb in advance what to do for each kind of signal.
Normally, gdb is set up to let the non-erroneous signals like
SIGALRM
be silently passed to your program
(so as not to interfere with their role in the program's functioning)
but to stop your program immediately whenever an error signal happens.
You can change these settings with the handle
command.
info signals
info handle
info signals
siginfo handle
is an alias for info signals
.
catch signal
[signal...
| ‘
all’
]handle
signal [keywords...
]The keywords allowed by the handle
command can be abbreviated.
Their full names are:
nostop
stop
print
keyword as well.
print
noprint
nostop
keyword as well.
pass
noignore
pass
and noignore
are synonyms.
nopass
ignore
nopass
and ignore
are synonyms.
When a signal stops your program, the signal is not visible to the
program until you
continue. Your program sees the signal then, if pass
is in
effect for the signal in question at that time. In other words,
after gdb reports a signal, you can use the handle
command with pass
or nopass
to control whether your
program sees that signal when you continue.
The default is set to nostop
, noprint
, pass
for
non-erroneous signals such as SIGALRM
, SIGWINCH
and
SIGCHLD
, and to stop
, print
, pass
for the
erroneous signals.
You can also use the signal
command to prevent your program from
seeing a signal, or cause it to see a signal it normally would not see,
or to give it any signal at any time. For example, if your program stopped
due to some sort of memory reference error, you might store correct
values into the erroneous variables and continue, hoping to see more
execution; but your program would probably terminate immediately as
a result of the fatal signal once it saw the signal. To prevent this,
you can continue with ‘signal 0’. See Giving your Program a Signal.
gdb optimizes for stepping the mainline code. If a signal
that has handle nostop
and handle pass
set arrives while
a stepping command (e.g., stepi
, step
, next
) is
in progress, gdb lets the signal handler run and then resumes
stepping the mainline code once the signal handler returns. In other
words, gdb steps over the signal handler. This prevents
signals that you've specified as not interesting (with handle
nostop
) from changing the focus of debugging unexpectedly. Note that
the signal handler itself may still hit a breakpoint, stop for another
signal that has handle stop
in effect, or for any other event
that normally results in stopping the stepping command sooner. Also
note that gdb still informs you that the program received a
signal if handle print
is set.
If you set handle pass
for a signal, and your program sets up a
handler for it, then issuing a stepping command, such as step
or stepi
, when your program is stopped due to the signal will
step into the signal handler (if the target supports that).
Likewise, if you use the queue-signal
command to queue a signal
to be delivered to the current thread when execution of the thread
resumes (see Giving your Program a Signal), then a
stepping command will step into the signal handler.
Here's an example, using stepi
to step to the first instruction
of SIGUSR1
's handler:
(gdb) handle SIGUSR1 Signal Stop Print Pass to program Description SIGUSR1 Yes Yes Yes User defined signal 1 (gdb) c Continuing. Program received signal SIGUSR1, User defined signal 1. main () sigusr1.c:28 28 p = 0; (gdb) si sigusr1_handler () at sigusr1.c:9 9 {
The same, but using queue-signal
instead of waiting for the
program to receive the signal first:
(gdb) n 28 p = 0; (gdb) queue-signal SIGUSR1 (gdb) si sigusr1_handler () at sigusr1.c:9 9 { (gdb)
On some targets, gdb can inspect extra signal information
associated with the intercepted signal, before it is actually
delivered to the program being debugged. This information is exported
by the convenience variable $_siginfo
, and consists of data
that is passed by the kernel to the signal handler at the time of the
receipt of a signal. The data type of the information itself is
target dependent. You can see the data type using the ptype
$_siginfo
command. On Unix systems, it typically corresponds to the
standard siginfo_t
type, as defined in the signal.h
system header.
Here's an example, on a gnu/Linux system, printing the stray referenced address that raised a segmentation fault.
(gdb) continue Program received signal SIGSEGV, Segmentation fault. 0x0000000000400766 in main () 69 *(int *)p = 0; (gdb) ptype $_siginfo type = struct { int si_signo; int si_errno; int si_code; union { int _pad[28]; struct {...} _kill; struct {...} _timer; struct {...} _rt; struct {...} _sigchld; struct {...} _sigfault; struct {...} _sigpoll; } _sifields; } (gdb) ptype $_siginfo._sifields._sigfault type = struct { void *si_addr; } (gdb) p $_siginfo._sifields._sigfault.si_addr $1 = (void *) 0x7ffff7ff7000
Depending on target support, $_siginfo
may also be writable.
On some targets, a SIGSEGV
can be caused by a boundary
violation, i.e., accessing an address outside of the allowed range.
In those cases gdb may displays additional information,
depending on how gdb has been told to handle the signal.
With handle stop SIGSEGV
, gdb displays the violation
kind: "Upper" or "Lower", the memory address accessed and the
bounds, while with handle nostop SIGSEGV
no additional
information is displayed.
The usual output of a segfault is:
Program received signal SIGSEGV, Segmentation fault 0x0000000000400d7c in upper () at i386-mpx-sigsegv.c:68 68 value = *(p + len);
While a bound violation is presented as:
Program received signal SIGSEGV, Segmentation fault Upper bound violation while accessing address 0x7fffffffc3b3 Bounds: [lower = 0x7fffffffc390, upper = 0x7fffffffc3a3] 0x0000000000400d7c in upper () at i386-mpx-sigsegv.c:68 68 value = *(p + len);
gdb supports debugging programs with multiple threads (see Debugging Programs with Multiple Threads). There are two modes of controlling execution of your program within the debugger. In the default mode, referred to as all-stop mode, when any thread in your program stops (for example, at a breakpoint or while being stepped), all other threads in the program are also stopped by gdb. On some targets, gdb also supports non-stop mode, in which other threads can continue to run freely while you examine the stopped thread in the debugger.
In all-stop mode, whenever your program stops under gdb for any reason, all threads of execution stop, not just the current thread. This allows you to examine the overall state of the program, including switching between threads, without worrying that things may change underfoot.
Conversely, whenever you restart the program, all threads start
executing. This is true even when single-stepping with commands
like step
or next
.
In particular, gdb cannot single-step all threads in lockstep. Since thread scheduling is up to your debugging target's operating system (not controlled by gdb), other threads may execute more than one statement while the current thread completes a single step. Moreover, in general other threads stop in the middle of a statement, rather than at a clean statement boundary, when the program stops.
You might even find your program stopped in another thread after continuing or even single-stepping. This happens whenever some other thread runs into a breakpoint, a signal, or an exception before the first thread completes whatever you requested.
Whenever gdb stops your program, due to a breakpoint or a signal, it automatically selects the thread where that breakpoint or signal happened. gdb alerts you to the context switch with a message such as ‘[Switching to Thread n]’ to identify the thread.
On some OSes, you can modify gdb's default behavior by locking the OS scheduler to allow only a single thread to run.
set scheduler-locking
modeoff
, then there is no
locking and any thread may run at any time. If on
, then only
the current thread may run when the inferior is resumed. The
step
mode optimizes for single-stepping; it prevents other
threads from preempting the current thread while you are stepping, so
that the focus of debugging does not change unexpectedly. Other
threads never get a chance to run when you step, and they are
completely free to run when you use commands like ‘continue’,
‘until’, or ‘finish’. However, unless another thread hits a
breakpoint during its timeslice, gdb does not change the
current thread away from the thread that you are debugging. The
replay
mode behaves like off
in record mode and like
on
in replay mode.
show scheduler-locking
By default, when you issue one of the execution commands such as
continue
, next
or step
, gdb allows only
threads of the current inferior to run. For example, if gdb
is attached to two inferiors, each with two threads, the
continue
command resumes only the two threads of the current
inferior. This is useful, for example, when you debug a program that
forks and you want to hold the parent stopped (so that, for instance,
it doesn't run to exit), while you debug the child. In other
situations, you may not be interested in inspecting the current state
of any of the processes gdb is attached to, and you may want
to resume them all until some breakpoint is hit. In the latter case,
you can instruct gdb to allow all threads of all the
inferiors to run with the set schedule-multiple
command.
set schedule-multiple
on
, all threads of
all processes are allowed to run. When off
, only the threads
of the current process are resumed. The default is off
. The
scheduler-locking
mode takes precedence when set to on
,
or while you are stepping and set to step
.
show schedule-multiple
For some multi-threaded targets, gdb supports an optional mode of operation in which you can examine stopped program threads in the debugger while other threads continue to execute freely. This minimizes intrusion when debugging live systems, such as programs where some threads have real-time constraints or must continue to respond to external events. This is referred to as non-stop mode.
In non-stop mode, when a thread stops to report a debugging event,
only that thread is stopped; gdb does not stop other
threads as well, in contrast to the all-stop mode behavior. Additionally,
execution commands such as continue
and step
apply by default
only to the current thread in non-stop mode, rather than all threads as
in all-stop mode. This allows you to control threads explicitly in
ways that are not possible in all-stop mode — for example, stepping
one thread while allowing others to run freely, stepping
one thread while holding all others stopped, or stepping several threads
independently and simultaneously.
To enter non-stop mode, use this sequence of commands before you run or attach to your program:
# If using the CLI, pagination breaks non-stop. set pagination off # Finally, turn it on! set non-stop on
You can use these commands to manipulate the non-stop mode setting:
set non-stop on
set non-stop off
show non-stop
Note these commands only reflect whether non-stop mode is enabled,
not whether the currently-executing program is being run in non-stop mode.
In particular, the set non-stop
preference is only consulted when
gdb starts or connects to the target program, and it is generally
not possible to switch modes once debugging has started. Furthermore,
since not all targets support non-stop mode, even when you have enabled
non-stop mode, gdb may still fall back to all-stop operation by
default.
In non-stop mode, all execution commands apply only to the current thread
by default. That is, continue
only continues one thread.
To continue all threads, issue continue -a
or c -a
.
You can use gdb's background execution commands (see Background Execution) to run some threads in the background while you continue to examine or step others from gdb. The MI execution commands (see GDB/MI Program Execution) are always executed asynchronously in non-stop mode.
Suspending execution is done with the interrupt
command when
running in the background, or Ctrl-c during foreground execution.
In all-stop mode, this stops the whole process;
but in non-stop mode the interrupt applies only to the current thread.
To stop the whole program, use interrupt -a
.
Other execution commands do not currently support the -a
option.
In non-stop mode, when a thread stops, gdb doesn't automatically make that thread current, as it does in all-stop mode. This is because the thread stop notifications are asynchronous with respect to gdb's command interpreter, and it would be confusing if gdb unexpectedly changed to a different thread just as you entered a command to operate on the previously current thread.
gdb's execution commands have two variants: the normal foreground (synchronous) behavior, and a background (asynchronous) behavior. In foreground execution, gdb waits for the program to report that some thread has stopped before prompting for another command. In background execution, gdb immediately gives a command prompt so that you can issue other commands while your program runs.
If the target doesn't support async mode, gdb issues an error message if you attempt to use the background execution commands.
To specify background execution, add a &
to the command. For example,
the background form of the continue
command is continue&
, or
just c&
. The execution commands that accept background execution
are:
run
attach
step
stepi
next
nexti
continue
finish
until
Background execution is especially useful in conjunction with non-stop
mode for debugging programs with multiple threads; see Non-Stop Mode.
However, you can also use these commands in the normal all-stop mode with
the restriction that you cannot issue another execution command until the
previous one finishes. Examples of commands that are valid in all-stop
mode while the program is running include help
and info break
.
You can interrupt your program while it is running in the background by
using the interrupt
command.
interrupt
interrupt -a
interrupt
stops the whole process, but in non-stop mode, it stops
only the current thread. To stop the whole program in non-stop mode,
use interrupt -a
.
When your program has multiple threads (see Debugging Programs with Multiple Threads), you can choose whether to set breakpoints on all threads, or on a particular thread.
break
location thread
thread-idbreak
location thread
thread-id if ...
Use the qualifier ‘thread thread-id’ with a breakpoint command to specify that you only want gdb to stop the program when a particular thread reaches this breakpoint. The thread-id specifier is one of the thread identifiers assigned by gdb, shown in the first column of the ‘info threads’ display.
If you do not specify ‘thread thread-id’ when you set a breakpoint, the breakpoint applies to all threads of your program.
You can use the thread
qualifier on conditional breakpoints as
well; in this case, place ‘thread thread-id’ before or
after the breakpoint condition, like this:
(gdb) break frik.c:13 thread 28 if bartab > lim
Thread-specific breakpoints are automatically deleted when gdb detects the corresponding thread is no longer in the thread list. For example:
(gdb) c Thread-specific breakpoint 3 deleted - thread 28 no longer in the thread list.
There are several ways for a thread to disappear, such as a regular
thread exit, but also when you detach from the process with the
detach
command (see Debugging an Already-running Process), or if gdb loses the remote connection
(see Remote Debugging), etc. Note that with some targets,
gdb is only able to detect a thread has exited when the user
explictly asks for the thread list with the info threads
command.
There is an unfortunate side effect when using gdb to debug multi-threaded programs. If one thread stops for a breakpoint, or for some other reason, and another thread is blocked in a system call, then the system call may return prematurely. This is a consequence of the interaction between multiple threads and the signals that gdb uses to implement breakpoints and other events that stop execution.
To handle this problem, your program should check the return value of each system call and react appropriately. This is good programming style anyways.
For example, do not write code like this:
sleep (10);
The call to sleep
will return early if a different thread stops
at a breakpoint or for some other reason.
Instead, write this:
int unslept = 10; while (unslept > 0) unslept = sleep (unslept);
A system call is allowed to return early, so the system is still conforming to its specification. But gdb does cause your multi-threaded program to behave differently than it would without gdb.
Also, gdb uses internal breakpoints in the thread library to monitor certain events such as thread creation and thread destruction. When such an event happens, a system call in another thread may return prematurely, even though your program does not appear to stop.
If you want to build on non-stop mode and observe program behavior without any chance of disruption by gdb, you can set variables to disable all of the debugger's attempts to modify state, whether by writing memory, inserting breakpoints, etc. These operate at a low level, intercepting operations from all commands.
When all of these are set to off
, then gdb is said to
be observer mode. As a convenience, the variable
observer
can be set to disable these, plus enable non-stop
mode.
Note that gdb will not prevent you from making nonsensical
combinations of these settings. For instance, if you have enabled
may-insert-breakpoints
but disabled may-write-memory
,
then breakpoints that work by writing trap instructions into the code
stream will still not be able to be placed.
set observer on
set observer off
on
, this disables all the permission variables
below (except for insert-fast-tracepoints
), plus enables
non-stop debugging. Setting this to off
switches back to
normal debugging, though remaining in non-stop mode.
show observer
set may-write-registers on
set may-write-registers off
print
, or the
jump
command. It defaults to on
.
show may-write-registers
set may-write-memory on
set may-write-memory off
print
. It
defaults to on
.
show may-write-memory
set may-insert-breakpoints on
set may-insert-breakpoints off
on
.
show may-insert-breakpoints
set may-insert-tracepoints on
set may-insert-tracepoints off
may-insert-fast-tracepoints
. It defaults to on
.
show may-insert-tracepoints
set may-insert-fast-tracepoints on
set may-insert-fast-tracepoints off
may-insert-tracepoints
. It defaults to on
.
show may-insert-fast-tracepoints
set may-interrupt on
set may-interrupt off
off
, the
interrupt
command will have no effect, nor will
Ctrl-c. It defaults to on
.
show may-interrupt
When you are debugging a program, it is not unusual to realize that you have gone too far, and some event of interest has already happened. If the target environment supports it, gdb can allow you to “rewind” the program by running it backward.
A target environment that supports reverse execution should be able to “undo” the changes in machine state that have taken place as the program was executing normally. Variables, registers etc. should revert to their previous values. Obviously this requires a great deal of sophistication on the part of the target environment; not all target environments can support reverse execution.
When a program is executed in reverse, the instructions that have most recently been executed are “un-executed”, in reverse order. The program counter runs backward, following the previous thread of execution in reverse. As each instruction is “un-executed”, the values of memory and/or registers that were changed by that instruction are reverted to their previous states. After executing a piece of source code in reverse, all side effects of that code should be “undone”, and all variables should be returned to their prior values6.
If you are debugging in a target environment that supports reverse execution, gdb provides the following commands.
reverse-continue
[ignore-count]rc
[ignore-count]reverse-step
[count]Like the step
command, reverse-step
will only stop
at the beginning of a source line. It “un-executes” the previously
executed source line. If the previous source line included calls to
debuggable functions, reverse-step
will step (backward) into
the called function, stopping at the beginning of the last
statement in the called function (typically a return statement).
Also, as with the step
command, if non-debuggable functions are
called, reverse-step
will run thru them backward without stopping.
reverse-stepi
[count]reverse-stepi
will take you
back from the destination of the jump to the jump instruction itself.
reverse-next
[count]reverse-next
will take you back
to the caller of that function, before the function was called,
just as the normal next
command would take you from the last
line of a function back to its return to its caller
7.
reverse-nexti
[count]nexti
, reverse-nexti
executes a single instruction
in reverse, except that called functions are “un-executed” atomically.
That is, if the previously executed instruction was a return from
another function, reverse-nexti
will continue to execute
in reverse until the call to that function (from the current stack
frame) is reached.
reverse-finish
finish
command takes you to the point where the
current function returns, reverse-finish
takes you to the point
where it was called. Instead of ending up at the end of the current
function invocation, you end up at the beginning.
set exec-direction
set exec-direction reverse
step, stepi, next, nexti, continue, and finish
. The return
command cannot be used in reverse mode.
set exec-direction forward
On some platforms, gdb provides a special process record and replay target that can record a log of the process execution, and replay it later with both forward and reverse execution commands.
When this target is in use, if the execution log includes the record for the next instruction, gdb will debug in replay mode. In the replay mode, the inferior does not really execute code instructions. Instead, all the events that normally happen during code execution are taken from the execution log. While code is not really executed in replay mode, the values of registers (including the program counter register) and the memory of the inferior are still changed as they normally would. Their contents are taken from the execution log.
If the record for the next instruction is not in the execution log, gdb will debug in record mode. In this mode, the inferior executes normally, and gdb records the execution log for future replay.
The process record and replay target supports reverse execution (see Reverse Execution), even if the platform on which the inferior runs does not. However, the reverse execution is limited in this case by the range of the instructions recorded in the execution log. In other words, reverse execution on platforms that don't support it directly can only be done in the replay mode.
When debugging in the reverse direction, gdb will work in replay mode as long as the execution log includes the record for the previous instruction; otherwise, it will work in record mode, if the platform supports reverse execution, or stop if not.
For architecture environments that support process record and replay, gdb provides the following commands:
record
methodfull
recording method. The following
recording methods are available:
full
btrace
formatrecord stop
.
The recording format can be specified as parameter. Without a parameter the command chooses the recording format. The following recording formats are available:
bts
pt
The trace can be recorded with very low overhead. The compressed trace format also allows small trace buffers to already contain a big number of instructions compared to BTS.
Decoding the recorded execution trace, on the other hand, is more expensive than decoding BTS trace. This is mostly due to the increased number of instructions to process. You should increase the buffer-size with care.
Not all recording formats may be available on all processors.
The process record and replay target can only debug a process that is already running. Therefore, you need first to start the process with the run or start commands, and then start the recording with the record method command.
Displaced stepping (see displaced stepping) will be automatically disabled when process record and replay target is started. That's because the process record and replay target doesn't support displaced stepping.
If the inferior is in the non-stop mode (see Non-Stop Mode) or in
the asynchronous execution mode (see Background Execution), not
all recording methods are available. The full
recording method
does not support these two modes.
record stop
When you stop the process record and replay target in record mode (at the end of the execution log), the inferior will be stopped at the next instruction that would have been recorded. In other words, if you record for a while and then stop recording, the inferior process will be left in the same state as if the recording never happened.
On the other hand, if the process record and replay target is stopped while in replay mode (that is, not at the end of the execution log, but at some earlier point), the inferior process will become “live” at that earlier state, and it will then be possible to continue the usual “live” debugging of the process from that state.
When the inferior process exits, or gdb detaches from it, process record and replay target will automatically stop itself.
record goto
record goto begin
record goto start
record goto end
record goto
nrecord save
filenameThis command may not be available for all recording methods.
record restore
filenamerecord save
.
set record full insn-number-max
limitset record full insn-number-max unlimited
full
recording method. Default value is 200000.
If limit is a positive number, then gdb will start
deleting instructions from the log once the number of the record
instructions becomes greater than limit. For every new recorded
instruction, gdb will delete the earliest recorded
instruction to keep the number of recorded instructions at the limit.
(Since deleting recorded instructions loses information, gdb
lets you control what happens when the limit is reached, by means of
the stop-at-limit
option, described below.)
If limit is unlimited
or zero, gdb will never
delete recorded instructions from the execution log. The number of
recorded instructions is limited only by the available memory.
show record full insn-number-max
full
recording method.
set record full stop-at-limit
full
recording method when the
number of recorded instructions reaches the limit. If ON (the
default), gdb will stop when the limit is reached for the
first time and ask you whether you want to stop the inferior or
continue running it and recording the execution log. If you decide
to continue recording, each new recorded instruction will cause the
oldest one to be deleted.
If this option is OFF, gdb will automatically delete the
oldest record to make room for each new one, without asking.
show record full stop-at-limit
stop-at-limit
.
set record full memory-query
full
recording method.
If ON, gdb will query whether to stop the inferior in that
case.
If this option is OFF (the default), gdb will automatically
ignore the effect of such instructions on memory. Later, when
gdb replays this execution log, it will mark the log of this
instruction as not accessible, and it will not affect the replay
results.
show record full memory-query
memory-query
.
The btrace
record target does not trace data. As a
convenience, when replaying, gdb reads read-only memory off
the live program directly, assuming that the addresses of the
read-only areas don't change. This for example makes it possible to
disassemble code while replaying, but not to print variables.
In some cases, being able to inspect variables might be useful.
You can use the following command for that:
set record btrace replay-memory-access
btrace
recording method when
accessing memory during replay. If read-only
(the default),
gdb will only allow accesses to read-only memory.
If read-write
, gdb will allow accesses to read-only
and to read-write memory. Beware that the accessed memory corresponds
to the live target and not necessarily to the current replay
position.
set record btrace cpu
identifierProcessor errata are defects in processor operation, caused by its design or manufacture. They can cause a trace not to match the specification. This, in turn, may cause trace decode to fail. gdb can detect erroneous trace packets and correct them, thus avoiding the decoding failures. These corrections are known as errata workarounds, and are enabled based on the processor on which the trace was recorded.
By default, gdb attempts to detect the processor automatically, and apply the necessary workarounds for it. However, you may need to specify the processor if gdb does not yet support it. This command allows you to do that, and also allows to disable the workarounds.
The argument identifier identifies the cpu and is of the
form: vendor:
procesor identifier. In addition,
there are two special identifiers, none
and auto
(default).
The following vendor identifiers and corresponding processor identifiers are currently supported:
intel
| family/model[/stepping]
|
On GNU/Linux systems, the processor family, model, and
stepping can be obtained from /proc/cpuinfo
.
If identifier is auto
, enable errata workarounds for the
processor on which the trace was recorded. If identifier is
none
, errata workarounds are disabled.
For example, when using an old gdb on a new system, decode may fail because gdb does not support the new processor. It often suffices to specify an older processor that gdb supports.
(gdb) info record Active record target: record-btrace Recording format: Intel Processor Trace. Buffer size: 16kB. Failed to configure the Intel Processor Trace decoder: unknown cpu. (gdb) set record btrace cpu intel:6/158 (gdb) info record Active record target: record-btrace Recording format: Intel Processor Trace. Buffer size: 16kB. Recorded 84872 instructions in 3189 functions (0 gaps) for thread 1 (...).
show record btrace replay-memory-access
replay-memory-access
.
show record btrace cpu
set record btrace bts buffer-size
sizeset record btrace bts buffer-size unlimited
If size is a positive number, then gdb will try to
allocate a buffer of at least size bytes for each new thread
that uses the btrace recording method and the BTS format.
The actually obtained buffer size may differ from the requested
size. Use the info record
command to see the actual
buffer size for each thread that uses the btrace recording method and
the BTS format.
If limit is unlimited
or zero, gdb will try to
allocate a buffer of 4MB.
Bigger buffers mean longer traces. On the other hand, gdb will
also need longer to process the branch trace data before it can be used.
show record btrace bts buffer-size
sizeset record btrace pt buffer-size
sizeset record btrace pt buffer-size unlimited
If size is a positive number, then gdb will try to
allocate a buffer of at least size bytes for each new thread
that uses the btrace recording method and the Intel Processor Trace
format. The actually obtained buffer size may differ from the
requested size. Use the info record
command to see the
actual buffer size for each thread.
If limit is unlimited
or zero, gdb will try to
allocate a buffer of 4MB.
Bigger buffers mean longer traces. On the other hand, gdb will
also need longer to process the branch trace data before it can be used.
show record btrace pt buffer-size
sizeinfo record
full
full
recording method, it shows the state of process
record and its in-memory execution log buffer, including:
btrace
btrace
recording method, it shows:
For the bts
recording format, it also shows:
For the pt
recording format, it also shows:
record delete
record instruction-history
set record instruction-history-size
command. Instructions
are printed in execution order.
It can also print mixed source+disassembly if you specify the the
/m
or /s
modifier, and print the raw instructions in hex
as well as in symbolic form by specifying the /r
modifier.
The current position marker is printed for the instruction at the
current program counter value. This instruction can appear multiple
times in the trace and the current position marker will be printed
every time. To omit the current position marker, specify the
/p
modifier.
To better align the printed instructions when the trace contains
instructions from more than one function, the function name may be
omitted by specifying the /f
modifier.
Speculatively executed instructions are prefixed with ‘?’. This feature is not available for all recording formats.
There are several ways to specify what part of the execution log to disassemble:
record instruction-history
insnrecord instruction-history
insn, +/-
n+
, disassembles
n instructions after instruction number insn. If
n is preceded with -
, disassembles n
instructions before instruction number insn.
record instruction-history
record instruction-history -
record instruction-history
begin,
endThis command may not be available for all recording methods.
set record instruction-history-size
sizeset record instruction-history-size unlimited
record
instruction-history
command. The default value is 10.
A size of unlimited
means unlimited instructions.
show record instruction-history-size
record
instruction-history
command.
record function-call-history
/l
modifier is
specified), and the instructions numbers that form the sequence (if
the /i
modifier is specified). The function names are indented
to reflect the call stack depth if the /c
modifier is
specified. The /l
, /i
, and /c
modifiers can be
given together.
(gdb) list 1, 10 1 void foo (void) 2 { 3 } 4 5 void bar (void) 6 { 7 ... 8 foo (); 9 ... 10 } (gdb) record function-call-history /ilc 1 bar inst 1,4 at foo.c:6,8 2 foo inst 5,10 at foo.c:2,3 3 bar inst 11,13 at foo.c:9,10
By default, ten lines are printed. This can be changed using the
set record function-call-history-size
command. Functions are
printed in execution order. There are several ways to specify what
to print:
record function-call-history
funcrecord function-call-history
func, +/-
n+
, prints n functions after
function number func. If n is preceded with -
,
prints n functions before function number func.
record function-call-history
record function-call-history -
record function-call-history
begin,
endThis command may not be available for all recording methods.
set record function-call-history-size
sizeset record function-call-history-size unlimited
record function-call-history
command. The default value is 10.
A size of unlimited
means unlimited lines.
show record function-call-history-size
record function-call-history
command.
When your program has stopped, the first thing you need to know is where it stopped and how it got there.
Each time your program performs a function call, information about the call is generated. That information includes the location of the call in your program, the arguments of the call, and the local variables of the function being called. The information is saved in a block of data called a stack frame. The stack frames are allocated in a region of memory called the call stack.
When your program stops, the gdb commands for examining the stack allow you to see all of this information.
One of the stack frames is selected by gdb and many gdb commands refer implicitly to the selected frame. In particular, whenever you ask gdb for the value of a variable in your program, the value is found in the selected frame. There are special gdb commands to select whichever frame you are interested in. See Selecting a Frame.
When your program stops, gdb automatically selects the
currently executing frame and describes it briefly, similar to the
frame
command (see Information about a Frame).
The call stack is divided up into contiguous pieces called stack frames, or frames for short; each frame is the data associated with one call to one function. The frame contains the arguments given to the function, the function's local variables, and the address at which the function is executing.
When your program is started, the stack has only one frame, that of the
function main
. This is called the initial frame or the
outermost frame. Each time a function is called, a new frame is
made. Each time a function returns, the frame for that function invocation
is eliminated. If a function is recursive, there can be many frames for
the same function. The frame for the function in which execution is
actually occurring is called the innermost frame. This is the most
recently created of all the stack frames that still exist.
Inside your program, stack frames are identified by their addresses. A stack frame consists of many bytes, each of which has its own address; each kind of computer has a convention for choosing one byte whose address serves as the address of the frame. Usually this address is kept in a register called the frame pointer register (see $fp) while execution is going on in that frame.
gdb labels each existing stack frame with a level, a number that is zero for the innermost frame, one for the frame that called it, and so on upward. These level numbers give you a way of designating stack frames in gdb commands. The terms frame number and frame level can be used interchangeably to describe this number.
Some compilers provide a way to compile functions so that they operate without stack frames. (For example, the gcc option
‘-fomit-frame-pointer’
generates functions without a frame.) This is occasionally done with heavily used library functions to save the frame setup time. gdb has limited facilities for dealing with these function invocations. If the innermost function invocation has no stack frame, gdb nevertheless regards it as though it had a separate frame, which is numbered zero as usual, allowing correct tracing of the function call chain. However, gdb has no provision for frameless functions elsewhere in the stack.
A backtrace is a summary of how your program got where it is. It shows one line per frame, for many frames, starting with the currently executing frame (frame zero), followed by its caller (frame one), and on up the stack.
To print a backtrace of the entire stack, use the backtrace
command, or its alias bt
. This command will print one line per
frame for frames in the stack. By default, all stack frames are
printed. You can stop the backtrace at any time by typing the system
interrupt character, normally Ctrl-c.
backtrace [
args...]
bt [
args...]
-
n-
nfull
no-filters
Python
support.
hide
hide
option causes elided frames to not be printed at all.
The names where
and info stack
(abbreviated info s
)
are additional aliases for backtrace
.
In a multi-threaded program, gdb by default shows the
backtrace only for the current thread. To display the backtrace for
several or all of the threads, use the command thread apply
(see thread apply). For example, if you type thread
apply all backtrace, gdb will display the backtrace for all
the threads; this is handy when you debug a core dump of a
multi-threaded program.
Each line in the backtrace shows the frame number and the function name.
The program counter value is also shown—unless you use set
print address off
. The backtrace also shows the source file name and
line number, as well as the arguments to the function. The program
counter value is omitted if it is at the beginning of the code for that
line number.
Here is an example of a backtrace. It was made with the command ‘bt 3’, so it shows the innermost three frames.
#0 m4_traceon (obs=0x24eb0, argc=1, argv=0x2b8c8) at builtin.c:993 #1 0x6e38 in expand_macro (sym=0x2b600, data=...) at macro.c:242 #2 0x6840 in expand_token (obs=0x0, t=177664, td=0xf7fffb08) at macro.c:71 (More stack frames follow...)
The display for frame zero does not begin with a program counter
value, indicating that your program has stopped at the beginning of the
code for line 993
of builtin.c
.
The value of parameter data
in frame 1 has been replaced by
...
. By default, gdb prints the value of a parameter
only if it is a scalar (integer, pointer, enumeration, etc). See command
set print frame-arguments in Print Settings for more details
on how to configure the way function parameter values are printed.
If your program was compiled with optimizations, some compilers will optimize away arguments passed to functions if those arguments are never used after the call. Such optimizations generate code that passes arguments through registers, but doesn't store those arguments in the stack frame. gdb has no way of displaying such arguments in stack frames other than the innermost one. Here's what such a backtrace might look like:
#0 m4_traceon (obs=0x24eb0, argc=1, argv=0x2b8c8) at builtin.c:993 #1 0x6e38 in expand_macro (sym=<optimized out>) at macro.c:242 #2 0x6840 in expand_token (obs=0x0, t=<optimized out>, td=0xf7fffb08) at macro.c:71 (More stack frames follow...)
The values of arguments that were not saved in their stack frames are shown as ‘<optimized out>’.
If you need to display the values of such optimized-out arguments, either deduce that from other variables whose values depend on the one you are interested in, or recompile without optimizations.
Most programs have a standard user entry point—a place where system
libraries and startup code transition into user code. For C this is
main
8.
When gdb finds the entry function in a backtrace
it will terminate the backtrace, to avoid tracing into highly
system-specific (and generally uninteresting) code.
If you need to examine the startup code, or limit the number of levels in a backtrace, you can change this behavior:
set backtrace past-main
set backtrace past-main on
set backtrace past-main off
show backtrace past-main
set backtrace past-entry
set backtrace past-entry on
main
(or equivalent) is called.
set backtrace past-entry off
show backtrace past-entry
set backtrace limit
nset backtrace limit 0
set backtrace limit unlimited
unlimited
or zero means unlimited levels.
show backtrace limit
You can control how file names are displayed.
set filename-display
set filename-display relative
set filename-display basename
set filename-display absolute
show filename-display
Most commands for examining the stack and other data in your program work on whichever stack frame is selected at the moment. Here are the commands for selecting a stack frame; all of them finish by printing a brief description of the stack frame just selected.
frame
[ frame-selection-spec ]f
[ frame-selection-spec ]level
nummain
.
As this is the most common method of navigating the frame stack, the string level can be omitted. For example, the following two commands are equivalent:
(gdb) frame 3 (gdb) frame level 3
address
stack-address(gdb) info frame Stack level 1, frame at 0x7fffffffda30: rip = 0x40066d in b (amd64-entry-value.cc:59); saved rip 0x4004c5 tail call frame, caller of frame at 0x7fffffffda30 source language c++. Arglist at unknown address. Locals at unknown address, Previous frame's sp is 0x7fffffffda30
The stack-address for this frame is 0x7fffffffda30
as
indicated by the line:
Stack level 1, frame at 0x7fffffffda30:
function
function-nameview
stack-address [ pc-addr ]This is useful mainly if the chaining of stack frames has been damaged by a bug, making it impossible for gdb to assign numbers properly to all frames. In addition, this can be useful when your program has multiple stacks and switches between them.
When viewing a frame outside the current backtrace using frame view then you can always return to the original stack using one of the previous stack frame selection instructions, for example frame level 0.
up
ndown
ndown
as do
.
All of these commands end by printing two lines of output describing the frame. The first line shows the frame number, the function name, the arguments, and the source file and line number of execution in that frame. The second line shows the text of that source line.
For example:
(gdb) up #1 0x22f0 in main (argc=1, argv=0xf7fffbf4, env=0xf7fffbfc) at env.c:10 10 read_input_file (argv[i]);
After such a printout, the list
command with no arguments
prints ten lines centered on the point of execution in the frame.
You can also edit the program at the point of execution with your favorite
editing program by typing edit
.
See Printing Source Lines,
for details.
select-frame
[ frame-selection-spec ]select-frame
command is a variant of frame
that does
not display the new frame after selecting it. This command is
intended primarily for use in gdb command scripts, where the
output might be unnecessary and distracting. The
frame-selection-spec is as for the frame command
described in Selecting a Frame.
up-silently
ndown-silently
nup
and down
,
respectively; they differ in that they do their work silently, without
causing display of the new frame. They are intended primarily for use
in gdb command scripts, where the output might be unnecessary and
distracting.
There are several other commands to print information about the selected stack frame.
frame
f
f
. With an
argument, this command is used to select a stack frame.
See Selecting a Frame.
info frame
info f
The verbose description is useful when
something has gone wrong that has made the stack format fail to fit
the usual conventions.
info frame
[ frame-selection-spec ]info f
[ frame-selection-spec ]info args [-q]
The optional flag ‘-q’, which stands for ‘quiet’, disables
printing header information and messages explaining why no argument
have been printed.
info args [-q] [-t
type_regexp] [
regexp]
If regexp is provided, print only the arguments whose names match the regular expression regexp.
If type_regexp is provided, print only the arguments whose
types, as printed by the whatis
command, match
the regular expression type_regexp.
If type_regexp contains space(s), it should be enclosed in
quote characters. If needed, use backslash to escape the meaning
of special characters or quotes.
If both regexp and type_regexp are provided, an argument
is printed only if its name matches regexp and its type matches
type_regexp.
info locals [-q]
The optional flag ‘-q’, which stands for ‘quiet’, disables
printing header information and messages explaining why no local variables
have been printed.
info locals [-q] [-t
type_regexp] [
regexp]
If regexp is provided, print only the local variables whose names match the regular expression regexp.
If type_regexp is provided, print only the local variables whose
types, as printed by the whatis
command, match
the regular expression type_regexp.
If type_regexp contains space(s), it should be enclosed in
quote characters. If needed, use backslash to escape the meaning
of special characters or quotes.
If both regexp and type_regexp are provided, a local variable is printed only if its name matches regexp and its type matches type_regexp.
The command info locals -q -t type_regexp can usefully be
combined with the commands frame apply and thread apply.
For example, your program might use Resource Acquisition Is
Initialization types (RAII) such as lock_something_t
: each
local variable of type lock_something_t
automatically places a
lock that is destroyed when the variable goes out of scope. You can
then list all acquired locks in your program by doing
thread apply all -s frame apply all -s info locals -q -t lock_something_t
or the equivalent shorter form
tfaas i lo -q -t lock_something_t
frame apply [all |
count |
-count | level
level...] [
flag]...
commandframe apply
command allows you to apply the named
command to one or more frames.
all
all
to apply command to all frames.
level
level
to apply command to the set of frames identified
by the level list. level is a frame level or a range of frame
levels as level1-level2. The frame level is the number shown
in the first field of the ‘backtrace’ command output.
E.g., ‘2-4 6-8 3’ indicates to apply command for the frames
at levels 2, 3, 4, 6, 7, 8, and then again on frame at level 3.
Note that the frames on which frame apply
applies a command are
also influenced by the set backtrace
settings such as set
backtrace past-main
and set backtrace limit N
. See
See Backtraces.
The flag arguments control what output to produce and how to handle
errors raised when applying command to a frame. flag
must start with a -
directly followed by one letter in
qcs
. If several flags are provided, they must be given
individually, such as -c -q
.
By default, gdb displays some frame information before the
output produced by command, and an error raised during the
execution of a command will abort frame apply
. The
following flags can be used to fine-tune this behavior:
-c
-c
, which stands for ‘continue’, causes any
errors in command to be displayed, and the execution of
frame apply
then continues.
-s
-s
, which stands for ‘silent’, causes any errors
or empty output produced by a command to be silently ignored.
That is, the execution continues, but the frame information and errors
are not printed.
-q
-q
(‘quiet’) disables printing the frame
information.
The following example shows how the flags -c
and -s
are
working when applying the command p j
to all frames, where
variable j
can only be successfully printed in the outermost
#1 main
frame.
(gdb) frame apply all p j #0 some_function (i=5) at fun.c:4 No symbol "j" in current context. (gdb) frame apply all -c p j #0 some_function (i=5) at fun.c:4 No symbol "j" in current context. #1 0x565555fb in main (argc=1, argv=0xffffd2c4) at fun.c:11 $1 = 5 (gdb) frame apply all -s p j #1 0x565555fb in main (argc=1, argv=0xffffd2c4) at fun.c:11 $2 = 5 (gdb)
By default, ‘frame apply’, prints the frame location information before the command output:
(gdb) frame apply all p $sp #0 some_function (i=5) at fun.c:4 $4 = (void *) 0xffffd1e0 #1 0x565555fb in main (argc=1, argv=0xffffd2c4) at fun.c:11 $5 = (void *) 0xffffd1f0 (gdb)
If flag -q
is given, no frame information is printed:
(gdb) frame apply all -q p $sp $12 = (void *) 0xffffd1e0 $13 = (void *) 0xffffd1f0 (gdb)
faas
commandframe apply all -s
command.
Applies command on all frames, ignoring errors and empty output.
It can for example be used to print a local variable or a function argument without knowing the frame where this variable or argument is, using:
(gdb) faas p some_local_var_i_do_not_remember_where_it_is
Note that the command tfaas
command applies command
on all frames of all threads. See See Threads.
Frame filters are Python based utilities to manage and decorate the output of frames. See Frame Filter API, for further information.
Managing frame filters is performed by several commands available within gdb, detailed here.
info frame-filter
disable frame-filter
filter-dictionary filter-nameall
, global
,
progspace
, or the name of the object file where the frame filter
dictionary resides. When all
is specified, all frame filters
across all dictionaries are disabled. The filter-name is the name
of the frame filter and is used when all
is not the option for
filter-dictionary. A disabled frame-filter is not deleted, it
may be enabled again later.
enable frame-filter
filter-dictionary filter-nameall
, global
,
progspace
or the name of the object file where the frame filter
dictionary resides. When all
is specified, all frame filters across
all dictionaries are enabled. The filter-name is the name of the frame
filter and is used when all
is not the option for
filter-dictionary.
Example:
(gdb) info frame-filter global frame-filters: Priority Enabled Name 1000 No PrimaryFunctionFilter 100 Yes Reverse progspace /build/test frame-filters: Priority Enabled Name 100 Yes ProgspaceFilter objfile /build/test frame-filters: Priority Enabled Name 999 Yes BuildProgra Filter (gdb) disable frame-filter /build/test BuildProgramFilter (gdb) info frame-filter global frame-filters: Priority Enabled Name 1000 No PrimaryFunctionFilter 100 Yes Reverse progspace /build/test frame-filters: Priority Enabled Name 100 Yes ProgspaceFilter objfile /build/test frame-filters: Priority Enabled Name 999 No BuildProgramFilter (gdb) enable frame-filter global PrimaryFunctionFilter (gdb) info frame-filter global frame-filters: Priority Enabled Name 1000 Yes PrimaryFunctionFilter 100 Yes Reverse progspace /build/test frame-filters: Priority Enabled Name 100 Yes ProgspaceFilter objfile /build/test frame-filters: Priority Enabled Name 999 No BuildProgramFilter
set frame-filter priority
filter-dictionary filter-name priorityglobal
,
progspace
or the name of the object file where the frame filter
dictionary resides. The priority is an integer.
show frame-filter priority
filter-dictionary filter-nameglobal
,
progspace
or the name of the object file where the frame filter
dictionary resides.
Example:
(gdb) info frame-filter global frame-filters: Priority Enabled Name 1000 Yes PrimaryFunctionFilter 100 Yes Reverse progspace /build/test frame-filters: Priority Enabled Name 100 Yes ProgspaceFilter objfile /build/test frame-filters: Priority Enabled Name 999 No BuildProgramFilter (gdb) set frame-filter priority global Reverse 50 (gdb) info frame-filter global frame-filters: Priority Enabled Name 1000 Yes PrimaryFunctionFilter 50 Yes Reverse progspace /build/test frame-filters: Priority Enabled Name 100 Yes ProgspaceFilter objfile /build/test frame-filters: Priority Enabled Name 999 No BuildProgramFilter
gdb can print parts of your program's source, since the debugging information recorded in the program tells gdb what source files were used to build it. When your program stops, gdb spontaneously prints the line where it stopped. Likewise, when you select a stack frame (see Selecting a Frame), gdb prints the line where execution in that frame has stopped. You can print other portions of source files by explicit command.
If you use gdb through its gnu Emacs interface, you may prefer to use Emacs facilities to view source; see Using gdb under gnu Emacs.
To print lines from a source file, use the list
command
(abbreviated l
). By default, ten lines are printed.
There are several ways to specify what part of the file you want to
print; see Specify Location, for the full list.
Here are the forms of the list
command most commonly used:
list
linenumlist
functionlist
list
command, this prints lines following the last lines
printed; however, if the last line printed was a solitary line printed
as part of displaying a stack frame (see Examining the Stack), this prints lines centered around that line.
list -
By default, gdb prints ten source lines with any of these forms of
the list
command. You can change this using set listsize
:
set listsize
countset listsize unlimited
list
command display count source lines (unless
the list
argument explicitly specifies some other number).
Setting count to unlimited
or 0 means there's no limit.
show listsize
list
prints.
Repeating a list
command with <RET> discards the argument,
so it is equivalent to typing just list
. This is more useful
than listing the same lines again. An exception is made for an
argument of ‘-’; that argument is preserved in repetition so that
each repetition moves up in the source file.
In general, the list
command expects you to supply zero, one or two
locations. Locations specify source lines; there are several ways
of writing them (see Specify Location), but the effect is always
to specify some source line.
Here is a complete description of the possible arguments for list
:
list
locationlist
first,
lastlist
command has two locations, and the
source file of the second location is omitted, this refers to
the same source file as the first location.
list ,
lastlist
first,
list +
list -
list
Several gdb commands accept arguments that specify a location of your program's code. Since gdb is a source-level debugger, a location usually specifies some line in the source code. Locations may be specified using three different formats: linespec locations, explicit locations, or address locations.
A linespec is a colon-separated list of source location parameters such as file name, function name, etc. Here are all the different ways of specifying a linespec:
-
offset+
offsetlist
command, the current line is the last one
printed; for the breakpoint commands, this is the line at which
execution stopped in the currently selected stack frame
(see Frames, for a description of stack frames.) When
used as the second of the two linespecs in a list
command,
this specifies the line offset lines up or down from the first
linespec.
:
linenumBy default, in C++ and Ada, function is interpreted as specifying all functions named function in all scopes. For C++, this means in all namespaces and classes. For Ada, this means in all packages.
For example, assuming a program with C++ symbols named
A::B::func
and B::func
, both commands break func and break B::func set a breakpoint on both symbols.
Commands that accept a linespec let you override this with the
-qualified
option. For example, break -qualified func sets a breakpoint on a free-function named func
ignoring
any C++ class methods and namespace functions called func
.
See Explicit Locations.
:
label:
function-pstap|-probe-stap
[objfile:
[provider:
]]nameSystemTap
provides a way for
applications to embed static probes. See Static Probe Points, for more
information on finding and using static probes. This form of linespec
specifies the location of such a static probe.
If objfile is given, only probes coming from that shared library or executable matching objfile as a regular expression are considered. If provider is given, then only probes from that provider are considered. If several probes match the spec, gdb will insert a breakpoint at each one of those probes.
Explicit locations allow the user to directly specify the source location's parameters using option-value pairs.
Explicit locations are useful when several functions, labels, or file names have the same name (base name for files) in the program's sources. In these cases, explicit locations point to the source line you meant more accurately and unambiguously. Also, using explicit locations might be faster in large programs.
For example, the linespec ‘foo:bar’ may refer to a function bar
defined in the file named foo or the label bar
in a function
named foo
. gdb must search either the file system or
the symbol table to know.
The list of valid explicit location options is summarized in the following table:
-source
filename-function
or -line
.
-function
function-label
or -line
) refer to the line that begins the body of the function.
In C, for example, this is the line with the open brace.
By default, in C++ and Ada, function is interpreted as specifying all functions named function in all scopes. For C++, this means in all namespaces and classes. For Ada, this means in all packages.
For example, assuming a program with C++ symbols named
A::B::func
and B::func
, both commands break -function func and break -function B::func set a
breakpoint on both symbols.
You can use the -qualified flag to override this (see below).
-qualified
For example, assuming a C++ program with symbols named
A::B::func
and B::func
, the break -qualified -function B::func command sets a breakpoint on B::func
, only.
(Note: the -qualified option can precede a linespec as well
(see Linespec Locations), so the particular example above could be
simplified as break -qualified B::func.)
-label
label-line
number-line 3
) or relative (-line +3
), depending on
the command. When specified without any other options, the line offset is
relative to the current line.
Explicit location options may be abbreviated by omitting any non-unique trailing characters from the option name, e.g., break -s main.c -li 3.
Address locations indicate a specific program address. They have the generalized form *address.
For line-oriented commands, such as list
and edit
, this
specifies a source line that contains address. For break
and
other breakpoint-oriented commands, this can be used to set breakpoints in
parts of your program which do not have debugging information or
source files.
Here address may be any expression valid in the current working language (see working language) that specifies a code address. In addition, as a convenience, gdb extends the semantics of expressions used in locations to cover several situations that frequently occur during debugging. Here are the various forms of address:
&
function. In Ada, this is function'Address
(although the Pascal form also works).
This form specifies the address of the function's first instruction,
before the stack frame and arguments have been set up.
'
filename':
funcaddr
To edit the lines in a source file, use the edit
command.
The editing program of your choice
is invoked with the current line set to
the active line in the program.
Alternatively, there are several ways to specify what part of the file you
want to print if you want to see other parts of the program:
edit
locationlocation
. Editing starts at
that location, e.g., at the specified source line of the
specified file. See Specify Location, for all the possible forms
of the location argument; here are the forms of the edit
command most commonly used:
edit
numberedit
functionYou can customize gdb to use any editor you want
9.
By default, it is /bin/ex, but you can change this
by setting the environment variable EDITOR
before using
gdb. For example, to configure gdb to use the
vi
editor, you could use these commands with the sh
shell:
EDITOR=/usr/bin/vi export EDITOR gdb ...
or in the csh
shell,
setenv EDITOR /usr/bin/vi gdb ...
There are two commands for searching through the current source file for a regular expression.
forward-search
regexpsearch
regexpfo
.
reverse-search
regexprev
.
Executable programs sometimes do not record the directories of the source files from which they were compiled, just the names. Even when they do, the directories could be moved between the compilation and your debugging session. gdb has a list of directories to search for source files; this is called the source path. Each time gdb wants a source file, it tries all the directories in the list, in the order they are present in the list, until it finds a file with the desired name.
For example, suppose an executable references the file /usr/src/foo-1.0/lib/foo.c, and our source path is /mnt/cross. The file is first looked up literally; if this fails, /mnt/cross/usr/src/foo-1.0/lib/foo.c is tried; if this fails, /mnt/cross/foo.c is opened; if this fails, an error message is printed. gdb does not look up the parts of the source file name, such as /mnt/cross/src/foo-1.0/lib/foo.c. Likewise, the subdirectories of the source path are not searched: if the source path is /mnt/cross, and the binary refers to foo.c, gdb would not find it under /mnt/cross/usr/src/foo-1.0/lib.
Plain file names, relative file names with leading directories, file names containing dots, etc. are all treated as described above; for instance, if the source path is /mnt/cross, and the source file is recorded as ../lib/foo.c, gdb would first try ../lib/foo.c, then /mnt/cross/../lib/foo.c, and after that—/mnt/cross/foo.c.
Note that the executable search path is not used to locate the source files.
Whenever you reset or rearrange the source path, gdb clears out any information it has cached about where source files are found and where each line is in the file.
When you start gdb, its source path includes only ‘cdir’
and ‘cwd’, in that order.
To add other directories, use the directory
command.
The search path is used to find both program source files and gdb script files (read using the ‘-command’ option and ‘source’ command).
In addition to the source path, gdb provides a set of commands that manage a list of source path substitution rules. A substitution rule specifies how to rewrite source directories stored in the program's debug information in case the sources were moved to a different directory between compilation and debugging. A rule is made of two strings, the first specifying what needs to be rewritten in the path, and the second specifying how it should be rewritten. In set substitute-path, we name these two parts from and to respectively. gdb does a simple string replacement of from with to at the start of the directory part of the source file name, and uses that result instead of the original file name to look up the sources.
Using the previous example, suppose the foo-1.0 tree has been
moved from /usr/src to /mnt/cross, then you can tell
gdb to replace /usr/src in all source path names with
/mnt/cross. The first lookup will then be
/mnt/cross/foo-1.0/lib/foo.c in place of the original location
of /usr/src/foo-1.0/lib/foo.c. To define a source path
substitution rule, use the set substitute-path
command
(see set substitute-path).
To avoid unexpected substitution results, a rule is applied only if the from part of the directory name ends at a directory separator. For instance, a rule substituting /usr/source into /mnt/cross will be applied to /usr/source/foo-1.0 but not to /usr/sourceware/foo-2.0. And because the substitution is applied only at the beginning of the directory name, this rule will not be applied to /root/usr/source/baz.c either.
In many cases, you can achieve the same result using the directory
command. However, set substitute-path
can be more efficient in
the case where the sources are organized in a complex tree with multiple
subdirectories. With the directory
command, you need to add each
subdirectory of your project. If you moved the entire tree while
preserving its internal organization, then set substitute-path
allows you to direct the debugger to all the sources with one single
command.
set substitute-path
is also more than just a shortcut command.
The source path is only used if the file at the original location no
longer exists. On the other hand, set substitute-path
modifies
the debugger behavior to look at the rewritten location instead. So, if
for any reason a source file that is not relevant to your executable is
located at the original location, a substitution rule is the only
method available to point gdb at the new location.
You can configure a default source path substitution rule by configuring gdb with the ‘--with-relocated-sources=dir’ option. The dir should be the name of a directory under gdb's configured prefix (set with ‘--prefix’ or ‘--exec-prefix’), and directory names in debug information under dir will be adjusted automatically if the installed gdb is moved to a new location. This is useful if gdb, libraries or executables with debug information and corresponding source code are being moved together.
directory
dirname ...
dir
dirname ...
You can use the string ‘$cdir’ to refer to the compilation
directory (if one is recorded), and ‘$cwd’ to refer to the current
working directory. ‘$cwd’ is not the same as ‘.’—the former
tracks the current working directory as it changes during your gdb
session, while the latter is immediately expanded to the current
directory at the time you add an entry to the source path.
directory
set directories
path-listshow directories
set substitute-path
from toFor example, if the file /foo/bar/baz.c was moved to /mnt/cross/baz.c, then the command
(gdb) set substitute-path /foo/bar /mnt/cross
will tell gdb to replace ‘/foo/bar’ with ‘/mnt/cross’, which will allow gdb to find the file baz.c even though it was moved.
In the case when more than one substitution rule have been defined, the rules are evaluated one by one in the order where they have been defined. The first one matching, if any, is selected to perform the substitution.
For instance, if we had entered the following commands:
(gdb) set substitute-path /usr/src/include /mnt/include (gdb) set substitute-path /usr/src /mnt/src
gdb would then rewrite /usr/src/include/defs.h into
/mnt/include/defs.h by using the first rule. However, it would
use the second rule to rewrite /usr/src/lib/foo.c into
/mnt/src/lib/foo.c.
unset substitute-path [path]
If no path is specified, then all substitution rules are deleted.
show substitute-path [path]
If no path is specified, then print all existing source path substitution rules.
If your source path is cluttered with directories that are no longer of interest, gdb may sometimes cause confusion by finding the wrong versions of source. You can correct the situation as follows:
directory
with no argument to reset the source path to its default value.
directory
with suitable arguments to reinstall the
directories you want in the source path. You can add all the
directories in one command.
You can use the command info line
to map source lines to program
addresses (and vice versa), and the command disassemble
to display
a range of addresses as machine instructions. You can use the command
set disassemble-next-line
to set whether to disassemble next
source line when execution stops. When run under gnu Emacs
mode, the info line
command causes the arrow to point to the
line specified. Also, info line
prints addresses in symbolic form as
well as hex.
info line
info line
locationFor example, we can use info line
to discover the location of
the object code for the first line of function
m4_changequote
:
(gdb) info line m4_changequote Line 895 of "builtin.c" starts at pc 0x634c <m4_changequote> and \ ends at 0x6350 <m4_changequote+4>.
We can also inquire (using *
addr as the form for
location) what source line covers a particular address:
(gdb) info line *0x63ff Line 926 of "builtin.c" starts at pc 0x63e4 <m4_changequote+152> and \ ends at 0x6404 <m4_changequote+184>.
After info line
, the default address for the x
command
is changed to the starting address of the line, so that ‘x/i’ is
sufficient to begin examining the machine code (see Examining Memory). Also, this address is saved as the value of the
convenience variable $_
(see Convenience Variables).
After info line
, using info line
again without
specifying a location will display information about the next source
line.
disassemble
disassemble /m
disassemble /s
disassemble /r
/m
or /s
modifier and print the raw instructions in hex
as well as in symbolic form by specifying the /r
modifier.
The default memory range is the function surrounding the
program counter of the selected frame. A single argument to this
command is a program counter value; gdb dumps the function
surrounding this value. When two arguments are given, they should
be separated by a comma, possibly surrounded by whitespace. The
arguments specify a range of addresses to dump, in one of two forms:
,
end,+
length+
length (exclusive).
When 2 arguments are specified, the name of the function is also printed (since there could be several functions in the given range).
The argument(s) can be any expression yielding a numeric value, such as ‘0x32c4’, ‘&main+10’ or ‘$pc - 8’.
If the range of memory being disassembled contains current program counter,
the instruction at that location is shown with a =>
marker.
The following example shows the disassembly of a range of addresses of HP PA-RISC 2.0 code:
(gdb) disas 0x32c4, 0x32e4 Dump of assembler code from 0x32c4 to 0x32e4: 0x32c4 <main+204>: addil 0,dp 0x32c8 <main+208>: ldw 0x22c(sr0,r1),r26 0x32cc <main+212>: ldil 0x3000,r31 0x32d0 <main+216>: ble 0x3f8(sr4,r31) 0x32d4 <main+220>: ldo 0(r31),rp 0x32d8 <main+224>: addil -0x800,dp 0x32dc <main+228>: ldo 0x588(r1),r26 0x32e0 <main+232>: ldil 0x3000,r31 End of assembler dump.
Here is an example showing mixed source+assembly for Intel x86
with /m
or /s
, when the program is stopped just after
function prologue in a non-optimized function with no inline code.
(gdb) disas /m main Dump of assembler code for function main: 5 { 0x08048330 <+0>: push %ebp 0x08048331 <+1>: mov %esp,%ebp 0x08048333 <+3>: sub $0x8,%esp 0x08048336 <+6>: and $0xfffffff0,%esp 0x08048339 <+9>: sub $0x10,%esp 6 printf ("Hello.\n"); => 0x0804833c <+12>: movl $0x8048440,(%esp) 0x08048343 <+19>: call 0x8048284 <puts@plt> 7 return 0; 8 } 0x08048348 <+24>: mov $0x0,%eax 0x0804834d <+29>: leave 0x0804834e <+30>: ret End of assembler dump.
The /m
option is deprecated as its output is not useful when
there is either inlined code or re-ordered code.
The /s
option is the preferred choice.
Here is an example for AMD x86-64 showing the difference between
/m
output and /s
output.
This example has one inline function defined in a header file,
and the code is compiled with ‘-O2’ optimization.
Note how the /m
output is missing the disassembly of
several instructions that are present in the /s
output.
foo.h:
int foo (int a) { if (a < 0) return a * 2; if (a == 0) return 1; return a + 10; }
foo.c:
#include "foo.h" volatile int x, y; int main () { x = foo (y); return 0; }
(gdb) disas /m main Dump of assembler code for function main: 5 { 6 x = foo (y); 0x0000000000400400 <+0>: mov 0x200c2e(%rip),%eax # 0x601034 <y> 0x0000000000400417 <+23>: mov %eax,0x200c13(%rip) # 0x601030 <x> 7 return 0; 8 } 0x000000000040041d <+29>: xor %eax,%eax 0x000000000040041f <+31>: retq 0x0000000000400420 <+32>: add %eax,%eax 0x0000000000400422 <+34>: jmp 0x400417 <main+23> End of assembler dump. (gdb) disas /s main Dump of assembler code for function main: foo.c: 5 { 6 x = foo (y); 0x0000000000400400 <+0>: mov 0x200c2e(%rip),%eax # 0x601034 <y> foo.h: 4 if (a < 0) 0x0000000000400406 <+6>: test %eax,%eax 0x0000000000400408 <+8>: js 0x400420 <main+32> 6 if (a == 0) 7 return 1; 8 return a + 10; 0x000000000040040a <+10>: lea 0xa(%rax),%edx 0x000000000040040d <+13>: test %eax,%eax 0x000000000040040f <+15>: mov $0x1,%eax 0x0000000000400414 <+20>: cmovne %edx,%eax foo.c: 6 x = foo (y); 0x0000000000400417 <+23>: mov %eax,0x200c13(%rip) # 0x601030 <x> 7 return 0; 8 } 0x000000000040041d <+29>: xor %eax,%eax 0x000000000040041f <+31>: retq foo.h: 5 return a * 2; 0x0000000000400420 <+32>: add %eax,%eax 0x0000000000400422 <+34>: jmp 0x400417 <main+23> End of assembler dump.
Here is another example showing raw instructions in hex for AMD x86-64,
(gdb) disas /r 0x400281,+10 Dump of assembler code from 0x400281 to 0x40028b: 0x0000000000400281: 38 36 cmp %dh,(%rsi) 0x0000000000400283: 2d 36 34 2e 73 sub $0x732e3436,%eax 0x0000000000400288: 6f outsl %ds:(%rsi),(%dx) 0x0000000000400289: 2e 32 00 xor %cs:(%rax),%al End of assembler dump.
Addresses cannot be specified as a location (see Specify Location).
So, for example, if you want to disassemble function bar
in file foo.c, you must type ‘disassemble 'foo.c'::bar’
and not ‘disassemble foo.c:bar’.
Some architectures have more than one commonly-used set of instruction mnemonics or other syntax.
For programs that were dynamically linked and use shared libraries, instructions that call functions or branch to locations in the shared libraries might show a seemingly bogus location—it's actually a location of the relocation table. On some architectures, gdb might be able to resolve these to actual function names.
set disassembler-options
option1[,
option2...]
-M
/--disassembler-options
section of the ‘objdump’
manual and/or the output of objdump --help
(see objdump).
The default value is the empty string.
If it is necessary to specify more than one disassembler option, then multiple options can be placed together into a comma separated list. Currently this command is only supported on targets ARM, MIPS, PowerPC and S/390.
show disassembler-options
set disassembly-flavor
instruction-setdisassemble
or x/i
commands.
Currently this command is only defined for the Intel x86 family. You
can set instruction-set to either intel
or att
.
The default is att
, the AT&T flavor used by default by Unix
assemblers for x86-based targets.
show disassembly-flavor
set disassemble-next-line
show disassemble-next-line
The usual way to examine data in your program is with the print
command (abbreviated p
), or its synonym inspect
. It
evaluates and prints the value of an expression of the language your
program is written in (see Using gdb with Different Languages). It may also print the expression using a
Python-based pretty-printer (see Pretty Printing).
print
exprprint /
f exprprint
print /
fA more low-level way of examining data is with the x
command.
It examines data in memory at a specified address and prints it in a
specified format. See Examining Memory.
If you are interested in information about types, or about how the
fields of a struct or a class are declared, use the ptype
exp
command rather than print
. See Examining the Symbol Table.
Another way of examining values of expressions and type information is
through the Python extension command explore
(available only if
the gdb build is configured with --with-python
). It
offers an interactive way to start at the highest level (or, the most
abstract level) of the data type of an expression (or, the data type
itself) and explore all the way down to leaf scalar values/fields
embedded in the higher level data types.
explore
argThe working of the explore
command can be illustrated with an
example. If a data type struct ComplexStruct
is defined in your
C program as
struct SimpleStruct { int i; double d; }; struct ComplexStruct { struct SimpleStruct *ss_p; int arr[10]; };
followed by variable declarations as
struct SimpleStruct ss = { 10, 1.11 }; struct ComplexStruct cs = { &ss, { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 } };
then, the value of the variable cs
can be explored using the
explore
command as follows.
(gdb) explore cs The value of `cs' is a struct/class of type `struct ComplexStruct' with the following fields: ss_p = <Enter 0 to explore this field of type `struct SimpleStruct *'> arr = <Enter 1 to explore this field of type `int [10]'> Enter the field number of choice:
Since the fields of cs
are not scalar values, you are being
prompted to chose the field you want to explore. Let's say you choose
the field ss_p
by entering 0
. Then, since this field is a
pointer, you will be asked if it is pointing to a single value. From
the declaration of cs
above, it is indeed pointing to a single
value, hence you enter y
. If you enter n
, then you will
be asked if it were pointing to an array of values, in which case this
field will be explored as if it were an array.
`cs.ss_p' is a pointer to a value of type `struct SimpleStruct' Continue exploring it as a pointer to a single value [y/n]: y The value of `*(cs.ss_p)' is a struct/class of type `struct SimpleStruct' with the following fields: i = 10 .. (Value of type `int') d = 1.1100000000000001 .. (Value of type `double') Press enter to return to parent value:
If the field arr
of cs
was chosen for exploration by
entering 1
earlier, then since it is as array, you will be
prompted to enter the index of the element in the array that you want
to explore.
`cs.arr' is an array of `int'. Enter the index of the element you want to explore in `cs.arr': 5 `(cs.arr)[5]' is a scalar value of type `int'. (cs.arr)[5] = 4 Press enter to return to parent value:
In general, at any stage of exploration, you can go deeper towards the leaf values by responding to the prompts appropriately, or hit the return key to return to the enclosing data structure (the higher level data structure).
Similar to exploring values, you can use the explore
command to
explore types. Instead of specifying a value (which is typically a
variable name or an expression valid in the current context of the
program being debugged), you specify a type name. If you consider the
same example as above, your can explore the type
struct ComplexStruct
by passing the argument
struct ComplexStruct
to the explore
command.
(gdb) explore struct ComplexStruct
By responding to the prompts appropriately in the subsequent interactive
session, you can explore the type struct ComplexStruct
in a
manner similar to how the value cs
was explored in the above
example.
The explore
command also has two sub-commands,
explore value
and explore type
. The former sub-command is
a way to explicitly specify that value exploration of the argument is
being invoked, while the latter is a way to explicitly specify that type
exploration of the argument is being invoked.
explore value
exprexplore
explores the value of the
expression expr (if expr is an expression valid in the
current context of the program being debugged). The behavior of this
command is identical to that of the behavior of the explore
command being passed the argument expr.
explore type
argexplore
explores the type of arg (if
arg is a type visible in the current context of program being
debugged), or the type of the value/expression arg (if arg
is an expression valid in the current context of the program being
debugged). If arg is a type, then the behavior of this command is
identical to that of the explore
command being passed the
argument arg. If arg is an expression, then the behavior of
this command will be identical to that of the explore
command
being passed the type of arg as the argument.
print
and many other gdb commands accept an expression and
compute its value. Any kind of constant, variable or operator defined
by the programming language you are using is valid in an expression in
gdb. This includes conditional expressions, function calls,
casts, and string constants. It also includes preprocessor macros, if
you compiled your program to include this information; see
Compilation.
Beware that nested functions usually need a context to be set up before being called. Unfortunately, GDB currently has no knowledge of this setup, and hence generally cannot call nested functions correctly. Therefore, the result of such a call is likely to be erroneous, and may even crash the program being debugged.
gdb supports array constants in expressions input by
the user. The syntax is {element, element...}. For example,
you can use the command print {1, 2, 3}
to create an array
of three integers. If you pass an array to a function or assign it
to a program variable, gdb copies the array to memory that
is malloc
ed in the target program.
Because C is so widespread, most of the expressions shown in examples in this manual are in C. See Using gdb with Different Languages, for information on how to use expressions in other languages.
In this section, we discuss operators that you can use in gdb expressions regardless of your programming language.
Casts are supported in all languages, not just in C, because it is so useful to cast a number into a pointer in order to examine a structure at that address in memory.
gdb supports these operators, in addition to those common to programming languages:
@
::
{
type}
addrExpressions can sometimes contain some ambiguous elements. For instance, some programming languages (notably Ada, C++ and Objective-C) permit a single function name to be defined several times, for application in different contexts. This is called overloading. Another example involving Ada is generics. A generic package is similar to C++ templates and is typically instantiated several times, resulting in the same function name being defined in different contexts.
In some cases and depending on the language, it is possible to adjust the expression to remove the ambiguity. For instance in C++, you can specify the signature of the function you want to break on, as in break function(types). In Ada, using the fully qualified name of your function often makes the expression unambiguous as well.
When an ambiguity that needs to be resolved is detected, the debugger has the capability to display a menu of numbered choices for each possibility, and then waits for the selection with the prompt ‘>’. The first option is always ‘[0] cancel’, and typing 0 <RET> aborts the current command. If the command in which the expression was used allows more than one choice to be selected, the next option in the menu is ‘[1] all’, and typing 1 <RET> selects all possible choices.
For example, the following session excerpt shows an attempt to set a
breakpoint at the overloaded symbol String::after
.
We choose three particular definitions of that function name:
(gdb) b String::after [0] cancel [1] all [2] file:String.cc; line number:867 [3] file:String.cc; line number:860 [4] file:String.cc; line number:875 [5] file:String.cc; line number:853 [6] file:String.cc; line number:846 [7] file:String.cc; line number:735 > 2 4 6 Breakpoint 1 at 0xb26c: file String.cc, line 867. Breakpoint 2 at 0xb344: file String.cc, line 875. Breakpoint 3 at 0xafcc: file String.cc, line 846. Multiple breakpoints were set. Use the "delete" command to delete unwanted breakpoints. (gdb)
set multiple-symbols
modeBy default, mode is set to all
. If the command with which
the expression is used allows more than one choice, then gdb
automatically selects all possible choices. For instance, inserting
a breakpoint on a function using an ambiguous name results in a breakpoint
inserted on each possible match. However, if a unique choice must be made,
then gdb uses the menu to help you disambiguate the expression.
For instance, printing the address of an overloaded function will result
in the use of the menu.
When mode is set to ask
, the debugger always uses the menu
when an ambiguity is detected.
Finally, when mode is set to cancel
, the debugger reports
an error due to the ambiguity and the command is aborted.
show multiple-symbols
multiple-symbols
setting.
The most common kind of expression to use is the name of a variable in your program.
Variables in expressions are understood in the selected stack frame (see Selecting a Frame); they must be either:
or
This means that in the function
foo (a) int a; { bar (a); { int b = test (); bar (b); } }
you can examine and use the variable a
whenever your program is
executing within the function foo
, but you can only use or
examine the variable b
while your program is executing inside
the block where b
is declared.
There is an exception: you can refer to a variable or function whose
scope is a single source file even if the current execution point is not
in this file. But it is possible to have more than one such variable or
function with the same name (in different source files). If that
happens, referring to that name has unpredictable effects. If you wish,
you can specify a static variable in a particular function or file by
using the colon-colon (::
) notation:
file::variable function::variable
Here file or function is the name of the context for the
static variable. In the case of file names, you can use quotes to
make sure gdb parses the file name as a single word—for example,
to print a global value of x
defined in f2.c:
(gdb) p 'f2.c'::x
The ::
notation is normally used for referring to
static variables, since you typically disambiguate uses of local variables
in functions by selecting the appropriate frame and using the
simple name of the variable. However, you may also use this notation
to refer to local variables in frames enclosing the selected frame:
void foo (int a) { if (a < 10) bar (a); else process (a); /* Stop here */ } int bar (int a) { foo (a + 5); }
For example, if there is a breakpoint at the commented line,
here is what you might see
when the program stops after executing the call bar(0)
:
(gdb) p a $1 = 10 (gdb) p bar::a $2 = 5 (gdb) up 2 #2 0x080483d0 in foo (a=5) at foobar.c:12 (gdb) p a $3 = 5 (gdb) p bar::a $4 = 0
These uses of ‘::’ are very rarely in conflict with the very similar use of the same notation in C++. When they are in conflict, the C++ meaning takes precedence; however, this can be overridden by quoting the file or function name with single quotes.
For example, suppose the program is stopped in a method of a class
that has a field named includefile
, and there is also an
include file named includefile that defines a variable,
some_global
.
(gdb) p includefile $1 = 23 (gdb) p includefile::some_global A syntax error in expression, near `'. (gdb) p 'includefile'::some_global $2 = 27
Warning: Occasionally, a local variable may appear to have the wrong value at certain points in a function—just after entry to a new scope, and just before exit.You may see this problem when you are stepping by machine instructions. This is because, on most machines, it takes more than one instruction to set up a stack frame (including local variable definitions); if you are stepping by machine instructions, variables may appear to have the wrong values until the stack frame is completely built. On exit, it usually also takes more than one machine instruction to destroy a stack frame; after you begin stepping through that group of instructions, local variable definitions may be gone.
This may also happen when the compiler does significant optimizations. To be sure of always seeing accurate values, turn off all optimization when compiling.
Another possible effect of compiler optimizations is to optimize unused variables out of existence, or assign variables to registers (as opposed to memory addresses). Depending on the support for such cases offered by the debug info format used by the compiler, gdb might not be able to display values for such local variables. If that happens, gdb will print a message like this:
No symbol "foo" in current context.
To solve such problems, either recompile without optimizations, or use a different debug info format, if the compiler supports several such formats. See Compilation, for more information on choosing compiler options. See C and C++, for more information about debug info formats that are best suited to C++ programs.
If you ask to print an object whose contents are unknown to gdb, e.g., because its data type is not completely specified by the debug information, gdb will say ‘<incomplete type>’. See incomplete type, for more about this.
If you try to examine or use the value of a (global) variable for which gdb has no type information, e.g., because the program includes no debug information, gdb displays an error message. See unknown type, for more about unknown types. If you cast the variable to its declared type, gdb gets the variable's value using the cast-to type as the variable's type. For example, in a C program:
(gdb) p var 'var' has unknown type; cast it to its declared type (gdb) p (float) var $1 = 3.14
If you append @entry string to a function parameter name you get its value at the time the function got called. If the value is not available an error message is printed. Entry values are available only with some compilers. Entry values are normally also printed at the function parameter list according to set print entry-values.
Breakpoint 1, d (i=30) at gdb.base/entry-value.c:29 29 i++; (gdb) next 30 e (i); (gdb) print i $1 = 31 (gdb) print i@entry $2 = 30
Strings are identified as arrays of char
values without specified
signedness. Arrays of either signed char
or unsigned char
get
printed as arrays of 1 byte sized integers. -fsigned-char
or
-funsigned-char
gcc options have no effect as gdb
defines literal string type "char"
as char
without a sign.
For program code
char var0[] = "A"; signed char var1[] = "A";
You get during debugging
(gdb) print var0 $1 = "A" (gdb) print var1 $2 = {65 'A', 0 '\0'}
It is often useful to print out several successive objects of the same type in memory; a section of an array, or an array of dynamically determined size for which only a pointer exists in the program.
You can do this by referring to a contiguous span of memory as an artificial array, using the binary operator ‘@’. The left operand of ‘@’ should be the first element of the desired array and be an individual object. The right operand should be the desired length of the array. The result is an array value whose elements are all of the type of the left argument. The first element is actually the left argument; the second element comes from bytes of memory immediately following those that hold the first element, and so on. Here is an example. If a program says
int *array = (int *) malloc (len * sizeof (int));
you can print the contents of array
with
p *array@len
The left operand of ‘@’ must reside in memory. Array values made with ‘@’ in this way behave just like other arrays in terms of subscripting, and are coerced to pointers when used in expressions. Artificial arrays most often appear in expressions via the value history (see Value History), after printing one out.
Another way to create an artificial array is to use a cast. This re-interprets a value as if it were an array. The value need not be in memory:
(gdb) p/x (short[2])0x12345678 $1 = {0x1234, 0x5678}
As a convenience, if you leave the array length out (as in ‘(type[])value’) gdb calculates the size to fill the value (as ‘sizeof(value)/sizeof(type)’:
(gdb) p/x (short[])0x12345678 $2 = {0x1234, 0x5678}
Sometimes the artificial array mechanism is not quite enough; in
moderately complex data structures, the elements of interest may not
actually be adjacent—for example, if you are interested in the values
of pointers in an array. One useful work-around in this situation is
to use a convenience variable (see Convenience Variables) as a counter in an expression that prints the first
interesting value, and then repeat that expression via <RET>. For
instance, suppose you have an array dtab
of pointers to
structures, and you are interested in the values of a field fv
in each structure. Here is an example of what you might type:
set $i = 0 p dtab[$i++]->fv <RET> <RET> ...
By default, gdb prints a value according to its data type. Sometimes this is not what you want. For example, you might want to print a number in hex, or a pointer in decimal. Or you might want to view data in memory at a certain address as a character string or as an instruction. To do these things, specify an output format when you print a value.
The simplest use of output formats is to say how to print a value
already computed. This is done by starting the arguments of the
print
command with a slash and a format letter. The format
letters supported are:
x
d
u
o
t
a
(gdb) p/a 0x54320 $3 = 0x54320 <_initialize_vx+396>
The command info symbol 0x54320
yields similar results.
See info symbol.
c
Without this format, gdb displays char
,
unsigned char
, and signed char
data as character
constants. Single-byte members of vectors are displayed as integer
data.
f
s
Without this format, gdb displays pointers to and arrays of
char
, unsigned char
, and signed char
as
strings. Single-byte members of a vector are displayed as an integer
array.
z
r
For example, to print the program counter in hex (see Registers), type
p/x $pc
Note that no space is required before the slash; this is because command names in gdb cannot contain a slash.
To reprint the last value in the value history with a different format,
you can use the print
command with just a format and no
expression. For example, ‘p/x’ reprints the last value in hex.
You can use the command x
(for “examine”) to examine memory in
any of several formats, independently of your program's data types.
x/
nfu addrx
addrx
x
command to examine memory.
n, f, and u are all optional parameters that specify how much memory to display and how to format it; addr is an expression giving the address where you want to start displaying memory. If you use defaults for nfu, you need not type the slash ‘/’. Several commands set convenient defaults for addr.
print
(‘x’, ‘d’, ‘u’, ‘o’, ‘t’, ‘a’, ‘c’,
‘f’, ‘s’), and in addition ‘i’ (for machine instructions).
The default is ‘x’ (hexadecimal) initially. The default changes
each time you use either x
or print
.
b
h
w
g
Each time you specify a unit size with x
, that size becomes the
default unit the next time you use x
. For the ‘i’ format,
the unit size is ignored and is normally not written. For the ‘s’ format,
the unit size defaults to ‘b’, unless it is explicitly given.
Use x /hs to display 16-bit char strings and x /ws to display
32-bit strings. The next use of x /s will again display 8-bit strings.
Note that the results depend on the programming language of the
current compilation unit. If the language is C, the ‘s’
modifier will use the UTF-16 encoding while ‘w’ will use
UTF-32. The encoding is set by the programming language and cannot
be altered.
info breakpoints
(to
the address of the last breakpoint listed), info line
(to the
starting address of a line), and print
(if you use it to display
a value from memory).
For example, ‘x/3uh 0x54320’ is a request to display three halfwords
(h
) of memory, formatted as unsigned decimal integers (‘u’),
starting at address 0x54320
. ‘x/4xw $sp’ prints the four
words (‘w’) of memory above the stack pointer (here, ‘$sp’;
see Registers) in hexadecimal (‘x’).
You can also specify a negative repeat count to examine memory backward
from the given address. For example, ‘x/-3uh 0x54320’ prints three
halfwords (h
) at 0x54314
, 0x54328
, and 0x5431c
.
Since the letters indicating unit sizes are all distinct from the letters specifying output formats, you do not have to remember whether unit size or format comes first; either order works. The output specifications ‘4xw’ and ‘4wx’ mean exactly the same thing. (However, the count n must come first; ‘wx4’ does not work.)
Even though the unit size u is ignored for the formats ‘s’
and ‘i’, you might still want to use a count n; for example,
‘3i’ specifies that you want to see three machine instructions,
including any operands. For convenience, especially when used with
the display
command, the ‘i’ format also prints branch delay
slot instructions, if any, beyond the count specified, which immediately
follow the last instruction that is within the count. The command
disassemble
gives an alternative way of inspecting machine
instructions; see Source and Machine Code.
If a negative repeat count is specified for the formats ‘s’ or ‘i’, the command displays null-terminated strings or instructions before the given address as many as the absolute value of the given number. For the ‘i’ format, we use line number information in the debug info to accurately locate instruction boundaries while disassembling backward. If line info is not available, the command stops examining memory with an error message.
All the defaults for the arguments to x
are designed to make it
easy to continue scanning memory with minimal specifications each time
you use x
. For example, after you have inspected three machine
instructions with ‘x/3i addr’, you can inspect the next seven
with just ‘x/7’. If you use <RET> to repeat the x
command,
the repeat count n is used again; the other arguments default as
for successive uses of x
.
When examining machine instructions, the instruction at current program
counter is shown with a =>
marker. For example:
(gdb) x/5i $pc-6 0x804837f <main+11>: mov %esp,%ebp 0x8048381 <main+13>: push %ecx 0x8048382 <main+14>: sub $0x4,%esp => 0x8048385 <main+17>: movl $0x8048460,(%esp) 0x804838c <main+24>: call 0x80482d4 <puts@plt>
The addresses and contents printed by the x
command are not saved
in the value history because there is often too much of them and they
would get in the way. Instead, gdb makes these values available for
subsequent use in expressions as values of the convenience variables
$_
and $__
. After an x
command, the last address
examined is available for use in expressions in the convenience variable
$_
. The contents of that address, as examined, are available in
the convenience variable $__
.
If the x
command has a repeat count, the address and contents saved
are from the last memory unit printed; this is not the same as the last
address printed if several units were printed on the last line of output.
Most targets have an addressable memory unit size of 8 bits. This means that to each memory address are associated 8 bits of data. Some targets, however, have other addressable memory unit sizes. Within gdb and this document, the term addressable memory unit (or memory unit for short) is used when explicitly referring to a chunk of data of that size. The word byte is used to refer to a chunk of data of 8 bits, regardless of the addressable memory unit size of the target. For most systems, addressable memory unit is a synonym of byte.
When you are debugging a program running on a remote target machine
(see Remote Debugging), you may wish to verify the program's image
in the remote machine's memory against the executable file you
downloaded to the target. Or, on any target, you may want to check
whether the program has corrupted its own read-only sections. The
compare-sections
command is provided for such situations.
compare-sections
[section-name|-r
]-r
, compares all loadable read-only sections.
Note: for remote targets, this command can be accelerated if the target supports computing the CRC checksum of a block of memory (see qCRC packet).
If you find that you want to print the value of an expression frequently (to see how it changes), you might want to add it to the automatic display list so that gdb prints its value each time your program stops. Each expression added to the list is given a number to identify it; to remove an expression from the list, you specify that number. The automatic display looks like this:
2: foo = 38 3: bar[5] = (struct hack *) 0x3804
This display shows item numbers, expressions and their current values. As with
displays you request manually using x
or print
, you can
specify the output format you prefer; in fact, display
decides
whether to use print
or x
depending your format
specification—it uses x
if you specify either the ‘i’
or ‘s’ format, or a unit size; otherwise it uses print
.
display
exprdisplay
does not repeat if you press <RET> again after using it.
display/
fmt exprdisplay/
fmt addrFor example, ‘display/i $pc’ can be helpful, to see the machine instruction about to be executed each time execution stops (‘$pc’ is a common name for the program counter; see Registers).
undisplay
dnums...
delete display
dnums...
2-4
.
undisplay
does not repeat if you press <RET> after using it.
(Otherwise you would just get the error ‘No display number ...’.)
disable display
dnums...
2-4
.
enable display
dnums...
2-4
.
display
info display
If a display expression refers to local variables, then it does not make
sense outside the lexical context for which it was set up. Such an
expression is disabled when execution enters a context where one of its
variables is not defined. For example, if you give the command
display last_char
while inside a function with an argument
last_char
, gdb displays this argument while your program
continues to stop inside that function. When it stops elsewhere—where
there is no variable last_char
—the display is disabled
automatically. The next time your program stops where last_char
is meaningful, you can enable the display expression once again.
gdb provides the following ways to control how arrays, structures, and symbols are printed.
These settings are useful for debugging programs in any language:
set print address
set print address on
on
. For example, this is what a stack frame display looks like with
set print address on
:
(gdb) f #0 set_quotes (lq=0x34c78 "<<", rq=0x34c88 ">>") at input.c:530 530 if (lquote != def_lquote)
set print address off
set print address off
:
(gdb) set print addr off (gdb) f #0 set_quotes (lq="<<", rq=">>") at input.c:530 530 if (lquote != def_lquote)
You can use ‘set print address off’ to eliminate all machine
dependent displays from the gdb interface. For example, with
print address off
, you should get the same text for backtraces on
all machines—whether or not they involve pointer arguments.
show print address
When gdb prints a symbolic address, it normally prints the
closest earlier symbol plus an offset. If that symbol does not uniquely
identify the address (for example, it is a name whose scope is a single
source file), you may need to clarify. One way to do this is with
info line
, for example ‘info line *0x4537’. Alternately,
you can set gdb to print the source file and line number when
it prints a symbolic address:
set print symbol-filename on
set print symbol-filename off
show print symbol-filename
Another situation where it is helpful to show symbol filenames and line numbers is when disassembling code; gdb shows you the line number and source file that corresponds to each instruction.
Also, you may wish to see the symbolic form only if the address being printed is reasonably close to the closest earlier symbol:
set print max-symbolic-offset
max-offsetset print max-symbolic-offset unlimited
unlimited
, which tells gdb
to always print the symbolic form of an address if any symbol precedes
it. Zero is equivalent to unlimited
.
show print max-symbolic-offset
If you have a pointer and you are not sure where it points, try
‘set print symbol-filename on’. Then you can determine the name
and source file location of the variable where it points, using
‘p/a pointer’. This interprets the address in symbolic form.
For example, here gdb shows that a variable ptt
points
at another variable t
, defined in hi2.c:
(gdb) set print symbol-filename on (gdb) p/a ptt $4 = 0xe008 <t in hi2.c>
Warning: For pointers that point to a local variable, ‘p/a’
does not show the symbol name and filename of the referent, even with
the appropriate set print
options turned on.
You can also enable ‘/a’-like formatting all the time using ‘set print symbol on’:
set print symbol on
set print symbol off
show print symbol
Other settings control how different kinds of objects are printed:
set print array
set print array on
set print array off
show print array
set print array-indexes
set print array-indexes on
set print array-indexes off
show print array-indexes
set print elements
number-of-elementsset print elements unlimited
set print elements
command.
This limit also applies to the display of strings.
When gdb starts, this limit is set to 200.
Setting number-of-elements to unlimited
or zero means
that the number of elements to print is unlimited.
show print elements
set print frame-arguments
valueall
scalars
...
. This is the default. Here is an example where
only scalar arguments are shown:
#1 0x08048361 in call_me (i=3, s=..., ss=0xbf8d508c, u=..., e=green) at frame-args.c:23
none
...
. In this case, the example above now becomes:
#1 0x08048361 in call_me (i=..., s=..., ss=..., u=..., e=...) at frame-args.c:23
By default, only scalar arguments are printed. This command can be used
to configure the debugger to print the value of all arguments, regardless
of their type. However, it is often advantageous to not print the value
of more complex parameters. For instance, it reduces the amount of
information printed in each frame, making the backtrace more readable.
Also, it improves performance when displaying Ada frames, because
the computation of large arguments can sometimes be CPU-intensive,
especially in large applications. Setting print frame-arguments
to scalars
(the default) or none
avoids this computation,
thus speeding up the display of each Ada frame.
show print frame-arguments
set print raw frame-arguments on
set print raw frame-arguments off
show print raw frame-arguments
set print entry-values
valueThe default value is default
(see below for its description). Older
gdb behaved as with the setting no
. Compilers not supporting
this feature will behave in the default
setting the same way as with the
no
setting.
This functionality is currently supported only by DWARF 2 debugging format and the compiler has to produce ‘DW_TAG_call_site’ tags. With gcc, you need to specify -O -g during compilation, to get this information.
The value parameter can be one of the following:
no
#0 equal (val=5) #0 different (val=6) #0 lost (val=<optimized out>) #0 born (val=10) #0 invalid (val=<optimized out>)
only
#0 equal (val@entry=5) #0 different (val@entry=5) #0 lost (val@entry=5) #0 born (val@entry=<optimized out>) #0 invalid (val@entry=<optimized out>)
preferred
#0 equal (val@entry=5) #0 different (val@entry=5) #0 lost (val@entry=5) #0 born (val=10) #0 invalid (val@entry=<optimized out>)
if-needed
#0 equal (val=5) #0 different (val=6) #0 lost (val@entry=5) #0 born (val=10) #0 invalid (val=<optimized out>)
both
#0 equal (val=5, val@entry=5) #0 different (val=6, val@entry=5) #0 lost (val=<optimized out>, val@entry=5) #0 born (val=10, val@entry=<optimized out>) #0 invalid (val=<optimized out>, val@entry=<optimized out>)
compact
<optimized out>
. If not in MI mode (see GDB/MI) and if both
values are known and identical, print the shortened
param=param@entry=VALUE
notation.
#0 equal (val=val@entry=5) #0 different (val=6, val@entry=5) #0 lost (val@entry=5) #0 born (val=10) #0 invalid (val=<optimized out>)
default
param=param@entry=VALUE
notation.
#0 equal (val=val@entry=5) #0 different (val=6, val@entry=5) #0 lost (val=<optimized out>, val@entry=5) #0 born (val=10) #0 invalid (val=<optimized out>)
For analysis messages on possible failures of frame argument values at function
entry resolution see set debug entry-values.
show print entry-values
set print repeats
number-of-repeatsset print repeats unlimited
"<repeats
n times>"
, where n is the number of
identical repetitions, instead of displaying the identical elements
themselves. Setting the threshold to unlimited
or zero will
cause all elements to be individually printed. The default threshold
is 10.
show print repeats
set print null-stop
show print null-stop
set print pretty on
$1 = { next = 0x0, flags = { sweet = 1, sour = 1 }, meat = 0x54 "Pork" }
set print pretty off
$1 = {next = 0x0, flags = {sweet = 1, sour = 1}, \ meat = 0x54 "Pork"}
This is the default format.
show print pretty
set print sevenbit-strings on
\
nnn. This setting is
best if you are working in English (ascii) and you use the
high-order bit of characters as a marker or “meta” bit.
set print sevenbit-strings off
show print sevenbit-strings
set print union on
set print union off
"{...}"
instead.
show print union
For example, given the declarations
typedef enum {Tree, Bug} Species; typedef enum {Big_tree, Acorn, Seedling} Tree_forms; typedef enum {Caterpillar, Cocoon, Butterfly} Bug_forms; struct thing { Species it; union { Tree_forms tree; Bug_forms bug; } form; }; struct thing foo = {Tree, {Acorn}};
with set print union on
in effect ‘p foo’ would print
$1 = {it = Tree, form = {tree = Acorn, bug = Cocoon}}
and with set print union off
in effect it would print
$1 = {it = Tree, form = {...}}
set print union
affects programs written in C-like languages
and in Pascal.
These settings are of interest when debugging C++ programs:
set print demangle
set print demangle on
show print demangle
set print asm-demangle
set print asm-demangle on
show print asm-demangle
set demangle-style
styleshow demangle-style
set print object
set print object on
set print object off
show print object
set print static-members
set print static-members on
set print static-members off
show print static-members
set print pascal_static-members
set print pascal_static-members on
set print pascal_static-members off
show print pascal_static-members
set print vtbl
set print vtbl on
vtbl
commands do not work on programs compiled with the HP
ANSI C++ compiler (aCC
).)
set print vtbl off
show print vtbl
gdb provides a mechanism to allow pretty-printing of values using Python code. It greatly simplifies the display of complex objects. This mechanism works for both MI and the CLI.
When gdb prints a value, it first sees if there is a pretty-printer registered for the value. If there is then gdb invokes the pretty-printer to print the value. Otherwise the value is printed normally.
Pretty-printers are normally named. This makes them easy to manage. The ‘info pretty-printer’ command will list all the installed pretty-printers with their names. If a pretty-printer can handle multiple data types, then its subprinters are the printers for the individual data types. Each such subprinter has its own name. The format of the name is printer-name;subprinter-name.
Pretty-printers are installed by registering them with gdb. Typically they are automatically loaded and registered when the corresponding debug information is loaded, thus making them available without having to do anything special.
There are three places where a pretty-printer can be registered.
See Selecting Pretty-Printers, for further information on how pretty-printers are selected,
See Writing a Pretty-Printer, for implementing pretty printers for new types.
Here is how a C++ std::string
looks without a pretty-printer:
(gdb) print s $1 = { static npos = 4294967295, _M_dataplus = { <std::allocator<char>> = { <__gnu_cxx::new_allocator<char>> = { <No data fields>}, <No data fields> }, members of std::basic_string<char, std::char_traits<char>, std::allocator<char> >::_Alloc_hider: _M_p = 0x804a014 "abcd" } }
With a pretty-printer for std::string
only the contents are printed:
(gdb) print s $2 = "abcd"
info pretty-printer [
object-regexp [
name-regexp]]
object-regexp is a regular expression matching the objects
whose pretty-printers to list.
Objects can be global
, the program space's file
(see Progspaces In Python),
and the object files within that program space (see Objfiles In Python).
See Selecting Pretty-Printers, for details on how gdb
looks up a printer from these three objects.
name-regexp is a regular expression matching the name of the printers to list.
disable pretty-printer [
object-regexp [
name-regexp]]
enable pretty-printer [
object-regexp [
name-regexp]]
Example:
Suppose we have three pretty-printers installed: one from library1.so
named foo
that prints objects of type foo
, and
another from library2.so named bar
that prints two types of objects,
bar1
and bar2
.
(gdb) info pretty-printer library1.so: foo library2.so: bar bar1 bar2 (gdb) info pretty-printer library2 library2.so: bar bar1 bar2 (gdb) disable pretty-printer library1 1 printer disabled 2 of 3 printers enabled (gdb) info pretty-printer library1.so: foo [disabled] library2.so: bar bar1 bar2 (gdb) disable pretty-printer library2 bar;bar1 1 printer disabled 1 of 3 printers enabled (gdb) info pretty-printer library2 library1.so: foo [disabled] library2.so: bar bar1 [disabled] bar2 (gdb) disable pretty-printer library2 bar 1 printer disabled 0 of 3 printers enabled (gdb) info pretty-printer library2 library1.so: foo [disabled] library2.so: bar [disabled] bar1 [disabled] bar2
Note that for bar
the entire printer can be disabled,
as can each individual subprinter.
Values printed by the print
command are saved in the gdb
value history. This allows you to refer to them in other expressions.
Values are kept until the symbol table is re-read or discarded
(for example with the file
or symbol-file
commands).
When the symbol table changes, the value history is discarded,
since the values may contain pointers back to the types defined in the
symbol table.
The values printed are given history numbers by which you can
refer to them. These are successive integers starting with one.
print
shows you the history number assigned to a value by
printing ‘$num = ’ before the value; here num is the
history number.
To refer to any previous value, use ‘$’ followed by the value's
history number. The way print
labels its output is designed to
remind you of this. Just $
refers to the most recent value in
the history, and $$
refers to the value before that.
$$
n refers to the nth value from the end; $$2
is the value just prior to $$
, $$1
is equivalent to
$$
, and $$0
is equivalent to $
.
For example, suppose you have just printed a pointer to a structure and want to see the contents of the structure. It suffices to type
p *$
If you have a chain of structures where the component next
points
to the next one, you can print the contents of the next one with this:
p *$.next
You can print successive links in the chain by repeating this command—which you can do by just typing <RET>.
Note that the history records values, not expressions. If the value of
x
is 4 and you type these commands:
print x set x=5
then the value recorded in the value history by the print
command
remains 4 even though the value of x
has changed.
show values
show
values
does not change the history.
show values
nshow values +
show values +
produces no display.
Pressing <RET> to repeat show values
n has exactly the
same effect as ‘show values +’.
gdb provides convenience variables that you can use within gdb to hold on to a value and refer to it later. These variables exist entirely within gdb; they are not part of your program, and setting a convenience variable has no direct effect on further execution of your program. That is why you can use them freely.
Convenience variables are prefixed with ‘$’. Any name preceded by ‘$’ can be used for a convenience variable, unless it is one of the predefined machine-specific register names (see Registers). (Value history references, in contrast, are numbers preceded by ‘$’. See Value History.)
You can save a value in a convenience variable with an assignment expression, just as you would set a variable in your program. For example:
set $foo = *object_ptr
would save in $foo
the value contained in the object pointed to by
object_ptr
.
Using a convenience variable for the first time creates it, but its
value is void
until you assign a new value. You can alter the
value with another assignment at any time.
Convenience variables have no fixed types. You can assign a convenience variable any type of value, including structures and arrays, even if that variable already has a value of a different type. The convenience variable, when used as an expression, has the type of its current value.
show convenience
show conv
.
init-if-undefined $
variable =
expressionIf the variable is already defined then the expression is not evaluated so any side-effects do not occur.
One of the ways to use a convenience variable is as a counter to be incremented or a pointer to be advanced. For example, to print a field from successive elements of an array of structures:
set $i = 0 print bar[$i++]->contents
Repeat that command by typing <RET>.
Some convenience variables are created automatically by gdb and given values likely to be useful.
$_
$_
is automatically set by the x
command to
the last address examined (see Examining Memory). Other
commands which provide a default address for x
to examine also
set $_
to that address; these commands include info line
and info breakpoint
. The type of $_
is void *
except when set by the x
command, in which case it is a pointer
to the type of $__
.
$__
$__
is automatically set by the x
command
to the value found in the last address examined. Its type is chosen
to match the format in which the data was printed.
$_exitcode
$_exitsignal
to void
.
$_exitsignal
$_exitcode
to void
.
To distinguish between whether the program being debugged has exited
(i.e., $_exitcode
is not void
) or signalled (i.e.,
$_exitsignal
is not void
), the convenience function
$_isvoid
can be used (see Convenience Functions). For example, considering the following source code:
#include <signal.h> int main (int argc, char *argv[]) { raise (SIGALRM); return 0; }
A valid way of telling whether the program being debugged has exited or signalled would be:
(gdb) define has_exited_or_signalled Type commands for definition of ``has_exited_or_signalled''. End with a line saying just ``end''. >if $_isvoid ($_exitsignal) >echo The program has exited\n >else >echo The program has signalled\n >end >end (gdb) run Starting program: Program terminated with signal SIGALRM, Alarm clock. The program no longer exists. (gdb) has_exited_or_signalled The program has signalled
As can be seen, gdb correctly informs that the program being
debugged has signalled, since it calls raise
and raises a
SIGALRM
signal. If the program being debugged had not called
raise
, then gdb would report a normal exit:
(gdb) has_exited_or_signalled The program has exited
$_exception
$_exception
is set to the exception object being
thrown at an exception-related catchpoint. See Set Catchpoints.
$_ada_exception
$_ada_exception
is set to the address of the
exception being caught or thrown at an Ada exception-related
catchpoint. See Set Catchpoints.
$_probe_argc
$_probe_arg0...$_probe_arg11
$_sdata
$_sdata
contains extra collected static tracepoint
data. See Tracepoint Action Lists. Note that
$_sdata
could be empty, if not inspecting a trace buffer, or
if extra static tracepoint data has not been collected.
$_siginfo
$_siginfo
contains extra signal information
(see extra signal information). Note that $_siginfo
could be empty, if the application has not yet received any signals.
For example, it will be empty before you execute the run
command.
$_tlb
$_tlb
is automatically set when debugging
applications running on MS-Windows in native mode or connected to
gdbserver that supports the qGetTIBAddr
request.
See General Query Packets.
This variable contains the address of the thread information block.
$_inferior
$_thread
$_gthread
gdb also supplies some convenience functions. These have a syntax similar to convenience variables. A convenience function can be used in an expression just like an ordinary function; however, a convenience function is implemented internally to gdb.
These functions do not require gdb to be configured with
Python
support, which means that they are always available.
$_isvoid (
expr)
void
. Otherwise it
returns zero.
A void
expression is an expression where the type of the result
is void
. For example, you can examine a convenience variable
(see Convenience Variables) to check whether
it is void
:
(gdb) print $_exitcode $1 = void (gdb) print $_isvoid ($_exitcode) $2 = 1 (gdb) run Starting program: ./a.out [Inferior 1 (process 29572) exited normally] (gdb) print $_exitcode $3 = 0 (gdb) print $_isvoid ($_exitcode) $4 = 0
In the example above, we used $_isvoid
to check whether
$_exitcode
is void
before and after the execution of the
program being debugged. Before the execution there is no exit code to
be examined, therefore $_exitcode
is void
. After the
execution the program being debugged returned zero, therefore
$_exitcode
is zero, which means that it is not void
anymore.
The void
expression can also be a call of a function from the
program being debugged. For example, given the following function:
void foo (void) { }
The result of calling it inside gdb is void
:
(gdb) print foo () $1 = void (gdb) print $_isvoid (foo ()) $2 = 1 (gdb) set $v = foo () (gdb) print $v $3 = void (gdb) print $_isvoid ($v) $4 = 1
These functions require gdb to be configured with
Python
support.
$_memeq(
buf1,
buf2,
length)
$_regex(
str,
regex)
Python
's
regular expression support.
$_streq(
str1,
str2)
$_strlen(
str)
$_caller_is(
name[,
number_of_frames])
If the optional argument number_of_frames is provided, it is the number of frames up in the stack to look. The default is 1.
Example:
(gdb) backtrace #0 bottom_func () at testsuite/gdb.python/py-caller-is.c:21 #1 0x00000000004005a0 in middle_func () at testsuite/gdb.python/py-caller-is.c:27 #2 0x00000000004005ab in top_func () at testsuite/gdb.python/py-caller-is.c:33 #3 0x00000000004005b6 in main () at testsuite/gdb.python/py-caller-is.c:39 (gdb) print $_caller_is ("middle_func") $1 = 1 (gdb) print $_caller_is ("top_func", 2) $1 = 1
$_caller_matches(
regexp[,
number_of_frames])
If the optional argument number_of_frames is provided,
it is the number of frames up in the stack to look.
The default is 1.
$_any_caller_is(
name[,
number_of_frames])
If the optional argument number_of_frames is provided, it is the number of frames up in the stack to look. The default is 1.
This function differs from $_caller_is
in that this function
checks all stack frames from the immediate caller to the frame specified
by number_of_frames, whereas $_caller_is
only checks the
frame specified by number_of_frames.
$_any_caller_matches(
regexp[,
number_of_frames])
If the optional argument number_of_frames is provided, it is the number of frames up in the stack to look. The default is 1.
This function differs from $_caller_matches
in that this function
checks all stack frames from the immediate caller to the frame specified
by number_of_frames, whereas $_caller_matches
only checks the
frame specified by number_of_frames.
$_as_string(
value)
This function is useful to obtain the textual label (enumerator) of an enumeration value. For example, assuming the variable node is of an enumerated type:
(gdb) printf "Visiting node of type %s\n", $_as_string(node) Visiting node of type NODE_INTEGER
gdb provides the ability to list and get help on convenience functions.
help function
You can refer to machine register contents, in expressions, as variables
with names starting with ‘$’. The names of registers are different
for each machine; use info registers
to see the names used on
your machine.
info registers
info all-registers
info registers
reggroup ...
maint print reggroups
(see Maintenance Commands).
info registers
regname ...
gdb has four “standard” register names that are available (in
expressions) on most machines—whenever they do not conflict with an
architecture's canonical mnemonics for registers. The register names
$pc
and $sp
are used for the program counter register and
the stack pointer. $fp
is used for a register that contains a
pointer to the current stack frame, and $ps
is used for a
register that contains the processor status. For example,
you could print the program counter in hex with
p/x $pc
or print the instruction to be executed next with
x/i $pc
or add four to the stack pointer11 with
set $sp += 4
Whenever possible, these four standard register names are available on
your machine even though the machine has different canonical mnemonics,
so long as there is no conflict. The info registers
command
shows the canonical names. For example, on the SPARC, info
registers
displays the processor status register as $psr
but you
can also refer to it as $ps
; and on x86-based machines $ps
is an alias for the eflags register.
gdb always considers the contents of an ordinary register as an integer when the register is examined in this way. Some machines have special registers which can hold nothing but floating point; these registers are considered to have floating point values. There is no way to refer to the contents of an ordinary register as floating point value (although you can print it as a floating point value with ‘print/f $regname’).
Some registers have distinct “raw” and “virtual” data formats. This
means that the data format in which the register contents are saved by
the operating system is not the same one that your program normally
sees. For example, the registers of the 68881 floating point
coprocessor are always saved in “extended” (raw) format, but all C
programs expect to work with “double” (virtual) format. In such
cases, gdb normally works with the virtual format only (the format
that makes sense for your program), but the info registers
command
prints the data in both formats.
Some machines have special registers whose contents can be interpreted
in several different ways. For example, modern x86-based machines
have SSE and MMX registers that can hold several values packed
together in several different formats. gdb refers to such
registers in struct
notation:
(gdb) print $xmm1 $1 = { v4_float = {0, 3.43859137e-038, 1.54142831e-044, 1.821688e-044}, v2_double = {9.92129282474342e-303, 2.7585945287983262e-313}, v16_int8 = "\000\000\000\000\3706;\001\v\000\000\000\r\000\000", v8_int16 = {0, 0, 14072, 315, 11, 0, 13, 0}, v4_int32 = {0, 20657912, 11, 13}, v2_int64 = {88725056443645952, 55834574859}, uint128 = 0x0000000d0000000b013b36f800000000 }
To set values of such registers, you need to tell gdb which
view of the register you wish to change, as if you were assigning
value to a struct
member:
(gdb) set $xmm1.uint128 = 0x000000000000000000000000FFFFFFFF
Normally, register values are relative to the selected stack frame (see Selecting a Frame). This means that you get the value that the register would contain if all stack frames farther in were exited and their saved registers restored. In order to see the true contents of hardware registers, you must select the innermost frame (with ‘frame 0’).
Usually ABIs reserve some registers as not needed to be saved by the callee (a.k.a.: “caller-saved”, “call-clobbered” or “volatile” registers). It may therefore not be possible for gdb to know the value a register had before the call (in other words, in the outer frame), if the register value has since been changed by the callee. gdb tries to deduce where the inner frame saved (“callee-saved”) registers, from the debug info, unwind info, or the machine code generated by your compiler. If some register is not saved, and gdb knows the register is “caller-saved” (via its own knowledge of the ABI, or because the debug/unwind info explicitly says the register's value is undefined), gdb displays ‘<not saved>’ as the register's value. With targets that gdb has no knowledge of the register saving convention, if a register was not saved by the callee, then its value and location in the outer frame are assumed to be the same of the inner frame. This is usually harmless, because if the register is call-clobbered, the caller either does not care what is in the register after the call, or has code to restore the value that it does care about. Note, however, that if you change such a register in the outer frame, you may also be affecting the inner frame. Also, the more “outer” the frame is you're looking at, the more likely a call-clobbered register's value is to be wrong, in the sense that it doesn't actually represent the value the register had just before the call.
Depending on the configuration, gdb may be able to give you more information about the status of the floating point hardware.
info float
Depending on the configuration, gdb may be able to give you more information about the status of the vector unit.
info vector
gdb provides interfaces to useful OS facilities that can help you debug your program.
Some operating systems supply an auxiliary vector to programs at startup. This is akin to the arguments and environment that you specify for a program, but contains a system-dependent variety of binary values that tell system libraries important details about the hardware, operating system, and process. Each value's purpose is identified by an integer tag; the meanings are well-known but system-specific. Depending on the configuration and operating system facilities, gdb may be able to show you this information. For remote targets, this functionality may further depend on the remote stub's support of the ‘qXfer:auxv:read’ packet, see qXfer auxiliary vector read.
info auxv
On some targets, gdb can access operating system-specific information and show it to you. The types of information available will differ depending on the type of operating system running on the target. The mechanism used to fetch the data is described in Operating System Information. For remote targets, this functionality depends on the remote stub's support of the ‘qXfer:osdata:read’ packet, see qXfer osdata read.
info os
infotypeOn gnu/Linux, the following values of infotype are valid:
cpus
files
modules
msg
processes
procgroups
semaphores
shm
sockets
threads
info os
Memory region attributes allow you to describe special handling required by regions of your target's memory. gdb uses attributes to determine whether to allow certain types of memory accesses; whether to use specific width accesses; and whether to cache target memory. By default the description of memory regions is fetched from the target (if the current target supports this), but the user can override the fetched regions.
Defined memory regions can be individually enabled and disabled. When a memory region is disabled, gdb uses the default attributes when accessing memory in that region. Similarly, if no memory regions have been defined, gdb uses the default attributes when accessing all memory.
When a memory region is defined, it is given a number to identify it; to enable, disable, or remove a memory region, you specify that number.
mem
lower upper attributes...
mem auto
delete mem
nums...
disable mem
nums...
enable mem
nums...
info mem
The access mode attributes set whether gdb may make read or write accesses to a memory region.
While these attributes prevent gdb from performing invalid memory accesses, they do nothing to prevent the target system, I/O DMA, etc. from accessing memory.
ro
wo
rw
The access size attribute tells gdb to use specific sized accesses in the memory region. Often memory mapped device registers require specific sized accesses. If no access size attribute is specified, gdb may use accesses of any size.
8
16
32
64
The data cache attributes set whether gdb will cache target memory. While this generally improves performance by reducing debug protocol overhead, it can lead to incorrect results because gdb does not know about volatile variables or memory mapped device registers.
cache
nocache
gdb can be instructed to refuse accesses to memory that is not explicitly described. This can be useful if accessing such regions has undesired effects for a specific target, or to provide better error checking. The following commands control this behaviour.
set mem inaccessible-by-default [on|off]
on
is specified, make gdb treat memory not
explicitly described by the memory ranges as non-existent and refuse accesses
to such memory. The checks are only performed if there's at least one
memory range defined. If off
is specified, make gdb
treat the memory not explicitly described by the memory ranges as RAM.
The default value is on
.
show mem inaccessible-by-default
You can use the commands dump
, append
, and
restore
to copy data between target memory and a file. The
dump
and append
commands write data to a file, and the
restore
command reads data from a file back into the inferior's
memory. Files may be in binary, Motorola S-record, Intel hex,
Tektronix Hex, or Verilog Hex format; however, gdb can only
append to binary files, and cannot read from Verilog Hex files.
dump
[format] memory
filename start_addr end_addrdump
[format] value
filename exprThe format parameter may be any one of:
binary
ihex
srec
tekhex
verilog
gdb uses the same definitions of these formats as the gnu binary utilities, like ‘objdump’ and ‘objcopy’. If format is omitted, gdb dumps the data in raw binary form.
append
[binary
] memory
filename start_addr end_addrappend
[binary
] value
filename exprrestore
filename [binary
] bias start endrestore
command can automatically recognize any known bfd
file format, except for raw binary. To restore a raw binary file you
must specify the optional keyword binary
after the filename.
If bias is non-zero, its value will be added to the addresses contained in the file. Binary files always start at address zero, so they will be restored at address bias. Other bfd files have a built-in location; they will be restored at offset bias from that location.
If start and/or end are non-zero, then only data between file offset start and file offset end will be restored. These offsets are relative to the addresses in the file, before the bias argument is applied.
A core file or core dump is a file that records the memory image of a running process and its process status (register values etc.). Its primary use is post-mortem debugging of a program that crashed while it ran outside a debugger. A program that crashes automatically produces a core file, unless this feature is disabled by the user. See Files, for information on invoking gdb in the post-mortem debugging mode.
Occasionally, you may wish to produce a core file of the program you are debugging in order to preserve a snapshot of its state. gdb has a special command for that.
generate-core-file [
file]
gcore [
file]
Note that this command is implemented only for some systems (as of this writing, gnu/Linux, FreeBSD, Solaris, and S390).
On gnu/Linux, this command can take into account the value of the
file /proc/pid/coredump_filter when generating the core
dump (see set use-coredump-filter), and by default honors the
VM_DONTDUMP
flag for mappings where it is present in the file
/proc/pid/smaps (see set dump-excluded-mappings).
set use-coredump-filter on
set use-coredump-filter off
To make use of this feature, you have to write in the
/proc/pid/coredump_filter file a value, in hexadecimal,
which is a bit mask representing the memory mapping types. If a bit
is set in the bit mask, then the memory mappings of the corresponding
types will be dumped; otherwise, they will be ignored. This
configuration is inherited by child processes. For more information
about the bits that can be set in the
/proc/pid/coredump_filter file, please refer to the
manpage of core(5)
.
By default, this option is on
. If this option is turned
off
, gdb does not read the coredump_filter file
and instead uses the same default value as the Linux kernel in order
to decide which pages will be dumped in the core dump file. This
value is currently 0x33
, which means that bits 0
(anonymous private mappings), 1
(anonymous shared mappings),
4
(ELF headers) and 5
(private huge pages) are active.
This will cause these memory mappings to be dumped automatically.
set dump-excluded-mappings on
set dump-excluded-mappings off
on
is specified, gdb will dump memory mappings
marked with the VM_DONTDUMP
flag. This flag is represented in
the file /proc/pid/smaps with the acronym dd
.
The default value is off
.
If the program you are debugging uses a different character set to represent characters and strings than the one gdb uses itself, gdb can automatically translate between the character sets for you. The character set gdb uses we call the host character set; the one the inferior program uses we call the target character set.
For example, if you are running gdb on a gnu/Linux system, which
uses the ISO Latin 1 character set, but you are using gdb's
remote protocol (see Remote Debugging) to debug a program
running on an IBM mainframe, which uses the ebcdic character set,
then the host character set is Latin-1, and the target character set is
ebcdic. If you give gdb the command set
target-charset EBCDIC-US
, then gdb translates between
ebcdic and Latin 1 as you print character or string values, or use
character and string literals in expressions.
gdb has no way to automatically recognize which character set
the inferior program uses; you must tell it, using the set
target-charset
command, described below.
Here are the commands for controlling gdb's character set support:
set target-charset
charsetset host-charset
charsetBy default, gdb uses a host character set appropriate to the
system it is running on; you can override that default using the
set host-charset
command. On some systems, gdb cannot
automatically determine the appropriate host character set. In this
case, gdb uses ‘UTF-8’.
gdb can only use certain character sets as its host character
set. If you type set host-charset <TAB><TAB>,
gdb will list the host character sets it supports.
set charset
charsetshow charset
show host-charset
show target-charset
set target-wide-charset
charsetwchar_t
type. To
display the list of supported wide character sets, type
set target-wide-charset <TAB><TAB>.
show target-wide-charset
Here is an example of gdb's character set support in action. Assume that the following source code has been placed in the file charset-test.c:
#include <stdio.h> char ascii_hello[] = {72, 101, 108, 108, 111, 44, 32, 119, 111, 114, 108, 100, 33, 10, 0}; char ibm1047_hello[] = {200, 133, 147, 147, 150, 107, 64, 166, 150, 153, 147, 132, 90, 37, 0}; main () { printf ("Hello, world!\n"); }
In this program, ascii_hello
and ibm1047_hello
are arrays
containing the string ‘Hello, world!’ followed by a newline,
encoded in the ascii and ibm1047 character sets.
We compile the program, and invoke the debugger on it:
$ gcc -g charset-test.c -o charset-test $ gdb -nw charset-test GNU gdb 2001-12-19-cvs Copyright 2001 Free Software Foundation, Inc. ... (gdb)
We can use the show charset
command to see what character sets
gdb is currently using to interpret and display characters and
strings:
(gdb) show charset The current host and target character set is `ISO-8859-1'. (gdb)
For the sake of printing this manual, let's use ascii as our initial character set:
(gdb) set charset ASCII (gdb) show charset The current host and target character set is `ASCII'. (gdb)
Let's assume that ascii is indeed the correct character set for our
host system — in other words, let's assume that if gdb prints
characters using the ascii character set, our terminal will display
them properly. Since our current target character set is also
ascii, the contents of ascii_hello
print legibly:
(gdb) print ascii_hello $1 = 0x401698 "Hello, world!\n" (gdb) print ascii_hello[0] $2 = 72 'H' (gdb)
gdb uses the target character set for character and string literals you use in expressions:
(gdb) print '+' $3 = 43 '+' (gdb)
The ascii character set uses the number 43 to encode the ‘+’ character.
gdb relies on the user to tell it which character set the
target program uses. If we print ibm1047_hello
while our target
character set is still ascii, we get jibberish:
(gdb) print ibm1047_hello $4 = 0x4016a8 "\310\205\223\223\226k@\246\226\231\223\204Z%" (gdb) print ibm1047_hello[0] $5 = 200 '\310' (gdb)
If we invoke the set target-charset
followed by <TAB><TAB>,
gdb tells us the character sets it supports:
(gdb) set target-charset ASCII EBCDIC-US IBM1047 ISO-8859-1 (gdb) set target-charset
We can select ibm1047 as our target character set, and examine the
program's strings again. Now the ascii string is wrong, but
gdb translates the contents of ibm1047_hello
from the
target character set, ibm1047, to the host character set,
ascii, and they display correctly:
(gdb) set target-charset IBM1047 (gdb) show charset The current host character set is `ASCII'. The current target character set is `IBM1047'. (gdb) print ascii_hello $6 = 0x401698 "\110\145%%?\054\040\167?\162%\144\041\012" (gdb) print ascii_hello[0] $7 = 72 '\110' (gdb) print ibm1047_hello $8 = 0x4016a8 "Hello, world!\n" (gdb) print ibm1047_hello[0] $9 = 200 'H' (gdb)
As above, gdb uses the target character set for character and string literals you use in expressions:
(gdb) print '+' $10 = 78 '+' (gdb)
The ibm1047 character set uses the number 78 to encode the ‘+’ character.
gdb caches data exchanged between the debugger and a target. Each cache is associated with the address space of the inferior. See Inferiors and Programs, about inferior and address space. Such caching generally improves performance in remote debugging (see Remote Debugging), because it reduces the overhead of the remote protocol by bundling memory reads and writes into large chunks. Unfortunately, simply caching everything would lead to incorrect results, since gdb does not necessarily know anything about volatile values, memory-mapped I/O addresses, etc. Furthermore, in non-stop mode (see Non-Stop Mode) memory can be changed while a gdb command is executing. Therefore, by default, gdb only caches data known to be on the stack12 or in the code segment. Other regions of memory can be explicitly marked as cacheable; see Memory Region Attributes.
set remotecache on
set remotecache off
show remotecache
set stack-cache on
set stack-cache off
on
, use
caching. By default, this option is on
.
show stack-cache
set code-cache on
set code-cache off
on
,
use caching. By default, this option is on
. This improves
performance of disassembly in remote debugging.
show code-cache
info dcache
[line
]If a line number is specified, the contents of that line will be
printed in hex.
set dcache size
sizeset dcache line-size
line-sizeshow dcache size
show dcache line-size
Memory can be searched for a particular sequence of bytes with the
find
command.
find
[/
sn] start_addr, +
len,
val1 [,
val2, ...
]find
[/
sn] start_addr,
end_addr,
val1 [,
val2, ...
]s and n are optional parameters. They may be specified in either order, apart or together.
b
h
w
g
All values are interpreted in the current language. This means, for example, that if the current source language is C/C++ then searching for the string “hello” includes the trailing '\0'. The null terminator can be removed from searching by using casts, e.g.: ‘{char[5]}"hello"’.
If the value size is not specified, it is taken from the
value's type in the current language.
This is useful when one wants to specify the search
pattern as a mixture of types.
Note that this means, for example, that in the case of C-like languages
a search for an untyped 0x42 will search for ‘(int) 0x42’
which is typically four bytes.
You can use strings as search values. Quote them with double-quotes
("
).
The string value is copied into the search pattern byte by byte,
regardless of the endianness of the target and the size specification.
The address of each match found is printed as well as a count of the number of matches found.
The address of the last value found is stored in convenience variable ‘$_’. A count of the number of matches is stored in ‘$numfound’.
For example, if stopped at the printf
in this function:
void hello () { static char hello[] = "hello-hello"; static struct { char c; short s; int i; } __attribute__ ((packed)) mixed = { 'c', 0x1234, 0x87654321 }; printf ("%s\n", hello); }
you get during debugging:
(gdb) find &hello[0], +sizeof(hello), "hello" 0x804956d <hello.1620+6> 1 pattern found (gdb) find &hello[0], +sizeof(hello), 'h', 'e', 'l', 'l', 'o' 0x8049567 <hello.1620> 0x804956d <hello.1620+6> 2 patterns found. (gdb) find &hello[0], +sizeof(hello), {char[5]}"hello" 0x8049567 <hello.1620> 0x804956d <hello.1620+6> 2 patterns found. (gdb) find /b1 &hello[0], +sizeof(hello), 'h', 0x65, 'l' 0x8049567 <hello.1620> 1 pattern found (gdb) find &mixed, +sizeof(mixed), (char) 'c', (short) 0x1234, (int) 0x87654321 0x8049560 <mixed.1625> 1 pattern found (gdb) print $numfound $1 = 1 (gdb) print $_ $2 = (void *) 0x8049560
Whenever gdb prints a value memory will be allocated within gdb to hold the contents of the value. It is possible in some languages with dynamic typing systems, that an invalid program may indicate a value that is incorrectly large, this in turn may cause gdb to try and allocate an overly large ammount of memory.
set max-value-size
bytesset max-value-size unlimited
Setting this variable does not effect values that have already been allocated within gdb, only future allocations.
There's a minimum size that max-value-size
can be set to in
order that gdb can still operate correctly, this minimum is
currently 16 bytes.
The limit applies to the results of some subexpressions as well as to
complete expressions. For example, an expression denoting a simple
integer component, such as x.y.z
, may fail if the size of
x.y is dynamic and exceeds bytes. On the other hand,
gdb is sometimes clever; the expression A[i]
, where
A is an array variable with non-constant size, will generally
succeed regardless of the bounds on A, as long as the component
size is less than bytes.
The default value of max-value-size
is currently 64k.
show max-value-size
Almost all compilers support optimization. With optimization disabled, the compiler generates assembly code that corresponds directly to your source code, in a simplistic way. As the compiler applies more powerful optimizations, the generated assembly code diverges from your original source code. With help from debugging information generated by the compiler, gdb can map from the running program back to constructs from your original source.
gdb is more accurate with optimization disabled. If you can recompile without optimization, it is easier to follow the progress of your program during debugging. But, there are many cases where you may need to debug an optimized version.
When you debug a program compiled with ‘-g -O’, remember that the optimizer has rearranged your code; the debugger shows you what is really there. Do not be too surprised when the execution path does not exactly match your source file! An extreme example: if you define a variable, but never use it, gdb never sees that variable—because the compiler optimizes it out of existence.
Some things do not work as well with ‘-g -O’ as with just ‘-g’, particularly on machines with instruction scheduling. If in doubt, recompile with ‘-g’ alone, and if this fixes the problem, please report it to us as a bug (including a test case!). See Variables, for more information about debugging optimized code.
Inlining is an optimization that inserts a copy of the function
body directly at each call site, instead of jumping to a shared
routine. gdb displays inlined functions just like
non-inlined functions. They appear in backtraces. You can view their
arguments and local variables, step into them with step
, skip
them with next
, and escape from them with finish
.
You can check whether a function was inlined by using the
info frame
command.
For gdb to support inlined functions, the compiler must record information about inlining in the debug information — gcc using the dwarf 2 format does this, and several other compilers do also. gdb only supports inlined functions when using dwarf 2. Versions of gcc before 4.1 do not emit two required attributes (‘DW_AT_call_file’ and ‘DW_AT_call_line’); gdb does not display inlined function calls with earlier versions of gcc. It instead displays the arguments and local variables of inlined functions as local variables in the caller.
The body of an inlined function is directly included at its call site; unlike a non-inlined function, there are no instructions devoted to the call. gdb still pretends that the call site and the start of the inlined function are different instructions. Stepping to the call site shows the call site, and then stepping again shows the first line of the inlined function, even though no additional instructions are executed.
This makes source-level debugging much clearer; you can see both the
context of the call and then the effect of the call. Only stepping by
a single instruction using stepi
or nexti
does not do
this; single instruction steps always show the inlined body.
There are some ways that gdb does not pretend that inlined function calls are the same as normal calls:
finish
command. This is a limitation of compiler-generated
debugging information; after finish
, you can step to the next line
and print a variable where your program stored the return value.
Function B
can call function C
in its very last statement. In
unoptimized compilation the call of C
is immediately followed by return
instruction at the end of B
code. Optimizing compiler may replace the
call and return in function B
into one jump to function C
instead. Such use of a jump instruction is called tail call.
During execution of function C
, there will be no indication in the
function call stack frames that it was tail-called from B
. If function
A
regularly calls function B
which tail-calls function C
,
then gdb will see A
as the caller of C
. However, in
some cases gdb can determine that C
was tail-called from
B
, and it will then create fictitious call frame for that, with the
return address set up as if B
called C
normally.
This functionality is currently supported only by DWARF 2 debugging format and the compiler has to produce ‘DW_TAG_call_site’ tags. With gcc, you need to specify -O -g during compilation, to get this information.
info frame command (see Frame Info) will indicate the tail call frame
kind by text tail call frame
such as in this sample gdb output:
(gdb) x/i $pc - 2 0x40066b <b(int, double)+11>: jmp 0x400640 <c(int, double)> (gdb) info frame Stack level 1, frame at 0x7fffffffda30: rip = 0x40066d in b (amd64-entry-value.cc:59); saved rip 0x4004c5 tail call frame, caller of frame at 0x7fffffffda30 source language c++. Arglist at unknown address. Locals at unknown address, Previous frame's sp is 0x7fffffffda30
The detection of all the possible code path executions can find them ambiguous. There is no execution history stored (possible Reverse Execution is never used for this purpose) and the last known caller could have reached the known callee by multiple different jump sequences. In such case gdb still tries to show at least all the unambiguous top tail callers and all the unambiguous bottom tail calees, if any.
set debug entry-values
show debug entry-values
The analysis messages for tail calls can for example show why the virtual tail
call frame for function c
has not been recognized (due to the indirect
reference by variable x
):
static void __attribute__((noinline, noclone)) c (void); void (*x) (void) = c; static void __attribute__((noinline, noclone)) a (void) { x++; } static void __attribute__((noinline, noclone)) c (void) { a (); } int main (void) { x (); return 0; } Breakpoint 1, DW_OP_entry_value resolving cannot find DW_TAG_call_site 0x40039a in main a () at t.c:3 3 static void __attribute__((noinline, noclone)) a (void) { x++; } (gdb) bt #0 a () at t.c:3 #1 0x000000000040039a in main () at t.c:5
Another possibility is an ambiguous virtual tail call frames resolution:
int i; static void __attribute__((noinline, noclone)) f (void) { i++; } static void __attribute__((noinline, noclone)) e (void) { f (); } static void __attribute__((noinline, noclone)) d (void) { f (); } static void __attribute__((noinline, noclone)) c (void) { d (); } static void __attribute__((noinline, noclone)) b (void) { if (i) c (); else e (); } static void __attribute__((noinline, noclone)) a (void) { b (); } int main (void) { a (); return 0; } tailcall: initial: 0x4004d2(a) 0x4004ce(b) 0x4004b2(c) 0x4004a2(d) tailcall: compare: 0x4004d2(a) 0x4004cc(b) 0x400492(e) tailcall: reduced: 0x4004d2(a) | (gdb) bt #0 f () at t.c:2 #1 0x00000000004004d2 in a () at t.c:8 #2 0x0000000000400395 in main () at t.c:9
Frames #0 and #2 are real, #1 is a virtual tail call frame.
The code can have possible execution paths main->a->b->c->d->f
or
main->a->b->e->f
, gdb cannot find which one from the inferior state.
initial:
state shows some random possible calling sequence gdb
has found. It then finds another possible calling sequcen - that one is
prefixed by compare:
. The non-ambiguous intersection of these two is
printed as the reduced:
calling sequence. That one could have many
futher compare:
and reduced:
statements as long as there remain
any non-ambiguous sequence entries.
For the frame of function b
in both cases there are different possible
$pc
values (0x4004cc
or 0x4004ce
), therefore this frame is
also ambigous. The only non-ambiguous frame is the one for function a
,
therefore this one is displayed to the user while the ambiguous frames are
omitted.
There can be also reasons why printing of frame argument values at function entry may fail:
int v; static void __attribute__((noinline, noclone)) c (int i) { v++; } static void __attribute__((noinline, noclone)) a (int i); static void __attribute__((noinline, noclone)) b (int i) { a (i); } static void __attribute__((noinline, noclone)) a (int i) { if (i) b (i - 1); else c (0); } int main (void) { a (5); return 0; } (gdb) bt #0 c (i=i@entry=0) at t.c:2 #1 0x0000000000400428 in a (DW_OP_entry_value resolving has found function "a" at 0x400420 can call itself via tail calls i=<optimized out>) at t.c:6 #2 0x000000000040036e in main () at t.c:7
gdb cannot find out from the inferior state if and how many times did
function a
call itself (via function b
) as these calls would be
tail calls. Such tail calls would modify thue i
variable, therefore
gdb cannot be sure the value it knows would be right - gdb
prints <optimized out>
instead.
Some languages, such as C and C++, provide a way to define and invoke “preprocessor macros” which expand into strings of tokens. gdb can evaluate expressions containing macro invocations, show the result of macro expansion, and show a macro's definition, including where it was defined.
You may need to compile your program specially to provide gdb with information about preprocessor macros. Most compilers do not include macros in their debugging information, even when you compile with the -g flag. See Compilation.
A program may define a macro at one point, remove that definition later, and then provide a different definition after that. Thus, at different points in the program, a macro may have different definitions, or have no definition at all. If there is a current stack frame, gdb uses the macros in scope at that frame's source code line. Otherwise, gdb uses the macros in scope at the current listing location; see List.
Whenever gdb evaluates an expression, it always expands any macro invocations present in the expression. gdb also provides the following commands for working with macros explicitly.
macro expand
expressionmacro exp
expressionmacro expand-once
expressionmacro exp1
expressioninfo macro [-a|-all] [--]
macroinfo macros
locationmacro define
macro replacement-listmacro define
macro(
arglist)
replacement-listA definition introduced by this command is in scope in every
expression evaluated in gdb, until it is removed with the
macro undef
command, described below. The definition overrides
all definitions for macro present in the program being debugged,
as well as any previous user-supplied definition.
macro undef
macromacro
define
command, described above; it cannot remove definitions present
in the program being debugged.
macro list
macro define
command.
Here is a transcript showing the above commands in action. First, we show our source files:
$ cat sample.c #include <stdio.h> #include "sample.h" #define M 42 #define ADD(x) (M + x) main () { #define N 28 printf ("Hello, world!\n"); #undef N printf ("We're so creative.\n"); #define N 1729 printf ("Goodbye, world!\n"); } $ cat sample.h #define Q < $
Now, we compile the program using the gnu C compiler, gcc. We pass the -gdwarf-213 and -g3 flags to ensure the compiler includes information about preprocessor macros in the debugging information.
$ gcc -gdwarf-2 -g3 sample.c -o sample $
Now, we start gdb on our sample program:
$ gdb -nw sample GNU gdb 2002-05-06-cvs Copyright 2002 Free Software Foundation, Inc. GDB is free software, ... (gdb)
We can expand macros and examine their definitions, even when the program is not running. gdb uses the current listing position to decide which macro definitions are in scope:
(gdb) list main 3 4 #define M 42 5 #define ADD(x) (M + x) 6 7 main () 8 { 9 #define N 28 10 printf ("Hello, world!\n"); 11 #undef N 12 printf ("We're so creative.\n"); (gdb) info macro ADD Defined at /home/jimb/gdb/macros/play/sample.c:5 #define ADD(x) (M + x) (gdb) info macro Q Defined at /home/jimb/gdb/macros/play/sample.h:1 included at /home/jimb/gdb/macros/play/sample.c:2 #define Q < (gdb) macro expand ADD(1) expands to: (42 + 1) (gdb) macro expand-once ADD(1) expands to: once (M + 1) (gdb)
In the example above, note that macro expand-once
expands only
the macro invocation explicit in the original text — the invocation of
ADD
— but does not expand the invocation of the macro M
,
which was introduced by ADD
.
Once the program is running, gdb uses the macro definitions in force at the source line of the current stack frame:
(gdb) break main Breakpoint 1 at 0x8048370: file sample.c, line 10. (gdb) run Starting program: /home/jimb/gdb/macros/play/sample Breakpoint 1, main () at sample.c:10 10 printf ("Hello, world!\n"); (gdb)
At line 10, the definition of the macro N
at line 9 is in force:
(gdb) info macro N Defined at /home/jimb/gdb/macros/play/sample.c:9 #define N 28 (gdb) macro expand N Q M expands to: 28 < 42 (gdb) print N Q M $1 = 1 (gdb)
As we step over directives that remove N
's definition, and then
give it a new definition, gdb finds the definition (or lack
thereof) in force at each point:
(gdb) next Hello, world! 12 printf ("We're so creative.\n"); (gdb) info macro N The symbol `N' has no definition as a C/C++ preprocessor macro at /home/jimb/gdb/macros/play/sample.c:12 (gdb) next We're so creative. 14 printf ("Goodbye, world!\n"); (gdb) info macro N Defined at /home/jimb/gdb/macros/play/sample.c:13 #define N 1729 (gdb) macro expand N Q M expands to: 1729 < 42 (gdb) print N Q M $2 = 0 (gdb)
In addition to source files, macros can be defined on the compilation command line using the -Dname=value syntax. For macros defined in such a way, gdb displays the location of their definition as line zero of the source file submitted to the compiler.
(gdb) info macro __STDC__ Defined at /home/jimb/gdb/macros/play/sample.c:0 -D__STDC__=1 (gdb)
In some applications, it is not feasible for the debugger to interrupt the program's execution long enough for the developer to learn anything helpful about its behavior. If the program's correctness depends on its real-time behavior, delays introduced by a debugger might cause the program to change its behavior drastically, or perhaps fail, even when the code itself is correct. It is useful to be able to observe the program's behavior without interrupting it.
Using gdb's trace
and collect
commands, you can
specify locations in the program, called tracepoints, and
arbitrary expressions to evaluate when those tracepoints are reached.
Later, using the tfind
command, you can examine the values
those expressions had when the program hit the tracepoints. The
expressions may also denote objects in memory—structures or arrays,
for example—whose values gdb should record; while visiting
a particular tracepoint, you may inspect those objects as if they were
in memory at that moment. However, because gdb records these
values without interacting with you, it can do so quickly and
unobtrusively, hopefully not disturbing the program's behavior.
The tracepoint facility is currently available only for remote targets. See Targets. In addition, your remote target must know how to collect trace data. This functionality is implemented in the remote stub; however, none of the stubs distributed with gdb support tracepoints as of this writing. The format of the remote packets used to implement tracepoints are described in Tracepoint Packets.
It is also possible to get trace data from a file, in a manner reminiscent
of corefiles; you specify the filename, and use tfind
to search
through the file. See Trace Files, for more details.
This chapter describes the tracepoint commands and features.
Before running such a trace experiment, an arbitrary number of tracepoints can be set. A tracepoint is actually a special type of breakpoint (see Set Breaks), so you can manipulate it using standard breakpoint commands. For instance, as with breakpoints, tracepoint numbers are successive integers starting from one, and many of the commands associated with tracepoints take the tracepoint number as their argument, to identify which tracepoint to work on.
For each tracepoint, you can specify, in advance, some arbitrary set of data that you want the target to collect in the trace buffer when it hits that tracepoint. The collected data can include registers, local variables, or global data. Later, you can use gdb commands to examine the values these data had at the time the tracepoint was hit.
Tracepoints do not support every breakpoint feature. Ignore counts on tracepoints have no effect, and tracepoints cannot run gdb commands when they are hit. Tracepoints may not be thread-specific either.
Some targets may support fast tracepoints, which are inserted in a different way (such as with a jump instead of a trap), that is faster but possibly restricted in where they may be installed.
Regular and fast tracepoints are dynamic tracing facilities, meaning that they can be used to insert tracepoints at (almost) any location in the target. Some targets may also support controlling static tracepoints from gdb. With static tracing, a set of instrumentation points, also known as markers, are embedded in the target program, and can be activated or deactivated by name or address. These are usually placed at locations which facilitate investigating what the target is actually doing. gdb's support for static tracing includes being able to list instrumentation points, and attach them with gdb defined high level tracepoints that expose the whole range of convenience of gdb's tracepoints support. Namely, support for collecting registers values and values of global or local (to the instrumentation point) variables; tracepoint conditions and trace state variables. The act of installing a gdb static tracepoint on an instrumentation point, or marker, is referred to as probing a static tracepoint marker.
gdbserver
supports tracepoints on some target systems.
See Tracepoints support in gdbserver
.
This section describes commands to set tracepoints and associated conditions and actions.
trace
locationtrace
command is very similar to the break
command.
Its argument location can be any valid location.
See Specify Location. The trace
command defines a tracepoint,
which is a point in the target program where the debugger will briefly stop,
collect some data, and then allow the program to continue. Setting a tracepoint
or changing its actions takes effect immediately if the remote stub
supports the ‘InstallInTrace’ feature (see install tracepoint in tracing).
If remote stub doesn't support the ‘InstallInTrace’ feature, all
these changes don't take effect until the next tstart
command, and once a trace experiment is running, further changes will
not have any effect until the next trace experiment starts. In addition,
gdb supports pending tracepoints—tracepoints whose
address is not yet resolved. (This is similar to pending breakpoints.)
Pending tracepoints are not downloaded to the target and not installed
until they are resolved. The resolution of pending tracepoints requires
gdb support—when debugging with the remote target, and
gdb disconnects from the remote stub (see disconnected tracing), pending tracepoints can not be resolved (and downloaded to
the remote stub) while gdb is disconnected.
Here are some examples of using the trace
command:
(gdb) trace foo.c:121 // a source file and line number (gdb) trace +2 // 2 lines forward (gdb) trace my_function // first source line of function (gdb) trace *my_function // EXACT start address of function (gdb) trace *0x2117c4 // an address
You can abbreviate trace
as tr
.
trace
location if
condftrace
location [ if
cond ]
ftrace
command sets a fast tracepoint. For targets that
support them, fast tracepoints will use a more efficient but possibly
less general technique to trigger data collection, such as a jump
instruction instead of a trap, or some sort of hardware support. It
may not be possible to create a fast tracepoint at the desired
location, in which case the command will exit with an explanatory
message.
gdb handles arguments to ftrace
exactly as for
trace
.
On 32-bit x86-architecture systems, fast tracepoints normally need to
be placed at an instruction that is 5 bytes or longer, but can be
placed at 4-byte instructions if the low 64K of memory of the target
program is available to install trampolines. Some Unix-type systems,
such as gnu/Linux, exclude low addresses from the program's
address space; but for instance with the Linux kernel it is possible
to let gdb use this area by doing a sysctl command
to set the mmap_min_addr
kernel parameter, as in
sudo sysctl -w vm.mmap_min_addr=32768
which sets the low address to 32K, which leaves plenty of room for
trampolines. The minimum address should be set to a page boundary.
strace
location [ if
cond ]
strace
command sets a static tracepoint. For targets that
support it, setting a static tracepoint probes a static
instrumentation point, or marker, found at location. It may not
be possible to set a static tracepoint at the desired location, in
which case the command will exit with an explanatory message.
gdb handles arguments to strace
exactly as for
trace
, with the addition that the user can also specify
-m
marker as location. This probes the marker
identified by the marker string identifier. This identifier
depends on the static tracepoint backend library your program is
using. You can find all the marker identifiers in the ‘ID’ field
of the info static-tracepoint-markers
command output.
See Listing Static Tracepoint Markers. For example, in the following small program using the UST
tracing engine:
main () { trace_mark(ust, bar33, "str %s", "FOOBAZ"); }
the marker id is composed of joining the first two arguments to the
trace_mark
call with a slash, which translates to:
(gdb) info static-tracepoint-markers Cnt Enb ID Address What 1 n ust/bar33 0x0000000000400ddc in main at stexample.c:22 Data: "str %s" [etc...]
so you may probe the marker above with:
(gdb) strace -m ust/bar33
Static tracepoints accept an extra collect action — collect
$_sdata
. This collects arbitrary user data passed in the probe point
call to the tracing library. In the UST example above, you'll see
that the third argument to trace_mark
is a printf-like format
string. The user data is then the result of running that formating
string against the following arguments. Note that info
static-tracepoint-markers
command output lists that format string in
the ‘Data:’ field.
You can inspect this data when analyzing the trace buffer, by printing the $_sdata variable like any other variable available to gdb. See Tracepoint Action Lists.
The convenience variable $tpnum
records the tracepoint number
of the most recently set tracepoint.
delete tracepoint
[num]delete
command can remove tracepoints also.
Examples:
(gdb) delete trace 1 2 3 // remove three tracepoints (gdb) delete trace // remove all tracepoints
You can abbreviate this command as del tr
.
These commands are deprecated; they are equivalent to plain disable
and enable
.
disable tracepoint
[num]enable tracepoint
command.
If the command is issued during a trace experiment and the debug target
has support for disabling tracepoints during a trace experiment, then the
change will be effective immediately. Otherwise, it will be applied to the
next trace experiment.
enable tracepoint
[num]passcount
[n [num]]passcount
command sets the
passcount of the most recently defined tracepoint. If no passcount is
given, the trace experiment will run until stopped explicitly by the
user.
Examples:
(gdb) passcount 5 2 // Stop on the 5th execution of
// tracepoint 2
(gdb) passcount 12 // Stop on the 12th execution of the
// most recently defined tracepoint.
(gdb) trace foo (gdb) pass 3 (gdb) trace bar (gdb) pass 2 (gdb) trace baz (gdb) pass 1 // Stop tracing when foo has been
// executed 3 times OR when bar has
// been executed 2 times
// OR when baz has been executed 1 time.
The simplest sort of tracepoint collects data every time your program reaches a specified place. You can also specify a condition for a tracepoint. A condition is just a Boolean expression in your programming language (see Expressions). A tracepoint with a condition evaluates the expression each time your program reaches it, and data collection happens only if the condition is true.
Tracepoint conditions can be specified when a tracepoint is set, by
using ‘if’ in the arguments to the trace
command.
See Setting Tracepoints. They can
also be set or changed at any time with the condition
command,
just as with breakpoints.
Unlike breakpoint conditions, gdb does not actually evaluate the conditional expression itself. Instead, gdb encodes the expression into an agent expression (see Agent Expressions) suitable for execution on the target, independently of gdb. Global variables become raw memory locations, locals become stack accesses, and so forth.
For instance, suppose you have a function that is usually called frequently, but should not be called after an error has occurred. You could use the following tracepoint command to collect data about calls of that function that happen while the error code is propagating through the program; an unconditional tracepoint could end up collecting thousands of useless trace frames that you would have to search through.
(gdb) trace normal_operation if errcode > 0
A trace state variable is a special type of variable that is
created and managed by target-side code. The syntax is the same as
that for GDB's convenience variables (a string prefixed with “$”),
but they are stored on the target. They must be created explicitly,
using a tvariable
command. They are always 64-bit signed
integers.
Trace state variables are remembered by gdb, and downloaded to the target along with tracepoint information when the trace experiment starts. There are no intrinsic limits on the number of trace state variables, beyond memory limitations of the target.
Although trace state variables are managed by the target, you can use
them in print commands and expressions as if they were convenience
variables; gdb will get the current value from the target
while the trace experiment is running. Trace state variables share
the same namespace as other “$” variables, which means that you
cannot have trace state variables with names like $23
or
$pc
, nor can you have a trace state variable and a convenience
variable with the same name.
tvariable $
name [ =
expression ]
tvariable
command creates a new trace state variable named
$
name, and optionally gives it an initial value of
expression. The expression is evaluated when this command is
entered; the result will be converted to an integer if possible,
otherwise gdb will report an error. A subsequent
tvariable
command specifying the same name does not create a
variable, but instead assigns the supplied initial value to the
existing variable of that name, overwriting any previous initial
value. The default initial value is 0.
info tvariables
delete tvariable
[ $
name ...
]actions
[num]actions
without bothering about its number). You specify the
actions themselves on the following lines, one action at a time, and
terminate the actions list with a line containing just end
. So
far, the only defined actions are collect
, teval
, and
while-stepping
.
actions
is actually equivalent to commands
(see Breakpoint Command Lists), except that only the defined
actions are allowed; any other gdb command is rejected.
To remove all actions from a tracepoint, type ‘actions num’ and follow it immediately with ‘end’.
(gdb) collect data // collect some data (gdb) while-stepping 5 // single-step 5 times, collect data (gdb) end // signals the end of actions.
In the following example, the action list begins with collect
commands indicating the things to be collected when the tracepoint is
hit. Then, in order to single-step and collect additional data
following the tracepoint, a while-stepping
command is used,
followed by the list of things to be collected after each step in a
sequence of single steps. The while-stepping
command is
terminated by its own separate end
command. Lastly, the action
list is terminated by an end
command.
(gdb) trace foo (gdb) actions Enter actions for tracepoint 1, one per line: > collect bar,baz > collect $regs > while-stepping 12 > collect $pc, arr[i] > end end
collect
[/
mods] expr1,
expr2, ...
$regs
$args
$locals
$_ret
Note: The return address location can not always be reliably
determined up front, and the wrong address / registers may end up
collected instead. On some architectures the reliability is higher
for tracepoints at function entry, while on others it's the opposite.
When this happens, backtracing will stop because the return address is
found unavailable (unless another collect rule happened to match it).
$_probe_argc
$_probe_arg
n$_sdata
printf
function call. The
tracing library is able to collect user specified data formatted to a
character string using the format provided by the programmer that
instrumented the program. Other backends have similar mechanisms.
Here's an example of a UST marker call:
const char master_name[] = "$your_name"; trace_mark(channel1, marker1, "hello %s", master_name)
In this case, collecting $_sdata
collects the string
‘hello $yourname’. When analyzing the trace buffer, you can
inspect ‘$_sdata’ like any other variable available to
gdb.
You can give several consecutive collect
commands, each one
with a single argument, or one collect
command with several
arguments separated by commas; the effect is the same.
The optional mods changes the usual handling of the arguments.
s
requests that pointers to chars be handled as strings, in
particular collecting the contents of the memory being pointed at, up
to the first zero. The upper bound is by default the value of the
print elements
variable; if s
is followed by a decimal
number, that is the upper bound instead. So for instance
‘collect/s25 mystr’ collects as many as 25 characters at
‘mystr’.
The command info scope
(see info scope) is
particularly useful for figuring out what data to collect.
teval
expr1,
expr2, ...
collect
action were used.
while-stepping
nwhile-stepping
command is followed by the list of what to collect while stepping
(followed by its own end
command):
> while-stepping 12 > collect $regs, myglobal > end >
Note that $pc
is not automatically collected by
while-stepping
; you need to explicitly collect that register if
you need it. You may abbreviate while-stepping
as ws
or
stepping
.
set default-collect
expr1,
expr2, ...
collect
action prepended
to every tracepoint action list. The expressions are parsed
individually for each tracepoint, so for instance a variable named
xyz
may be interpreted as a global for one tracepoint, and a
local for another, as appropriate to the tracepoint's location.
show default-collect
info tracepoints
[num...
]info breakpoints
; in fact, info tracepoints
is the same
command, simply restricting itself to tracepoints.
A tracepoint's listing may include additional information specific to tracing:
passcount
n command
(gdb) info trace Num Type Disp Enb Address What 1 tracepoint keep y 0x0804ab57 in foo() at main.cxx:7 while-stepping 20 collect globfoo, $regs end collect globfoo2 end pass count 1200 2 tracepoint keep y <MULTIPLE> collect $eip 2.1 y 0x0804859c in func4 at change-loc.h:35 installed on target 2.2 y 0xb7ffc480 in func4 at change-loc.h:35 installed on target 2.3 y <PENDING> set_tracepoint 3 tracepoint keep y 0x080485b1 in foo at change-loc.c:29 not installed on target (gdb)
This command can be abbreviated info tp
.
info static-tracepoint-markers
For each marker, the following columns are printed:
In addition, the following information may be printed for each marker:
(gdb) info static-tracepoint-markers Cnt ID Enb Address What 1 ust/bar2 y 0x0000000000400e1a in main at stexample.c:25 Data: number1 %d number2 %d Probed by static tracepoints: #2 2 ust/bar33 n 0x0000000000400c87 in main at stexample.c:24 Data: str %s (gdb)
tstart
tstop
Note: a trace experiment and data collection may stop automatically if any tracepoint's passcount is reached (see Tracepoint Passcounts), or if the trace buffer becomes full.
tstatus
Here is an example of the commands we described so far:
(gdb) trace gdb_c_test (gdb) actions Enter actions for tracepoint #1, one per line. > collect $regs,$locals,$args > while-stepping 11 > collect $regs > end > end (gdb) tstart [time passes ...] (gdb) tstop
You can choose to continue running the trace experiment even if
gdb disconnects from the target, voluntarily or
involuntarily. For commands such as detach
, the debugger will
ask what you want to do with the trace. But for unexpected
terminations (gdb crash, network outage), it would be
unfortunate to lose hard-won trace data, so the variable
disconnected-tracing
lets you decide whether the trace should
continue running without gdb.
set disconnected-tracing on
set disconnected-tracing off
detach
or
quit
will ask you directly what to do about a running trace no
matter what this variable's setting, so the variable is mainly useful
for handling unexpected situations, such as loss of the network.
show disconnected-tracing
When you reconnect to the target, the trace experiment may or may not still be running; it might have filled the trace buffer in the meantime, or stopped for one of the other reasons. If it is running, it will continue after reconnection.
Upon reconnection, the target will upload information about the tracepoints in effect. gdb will then compare that information to the set of tracepoints currently defined, and attempt to match them up, allowing for the possibility that the numbers may have changed due to creation and deletion in the meantime. If one of the target's tracepoints does not match any in gdb, the debugger will create a new tracepoint, so that you have a number with which to specify that tracepoint. This matching-up process is necessarily heuristic, and it may result in useless tracepoints being created; you may simply delete them if they are of no use.
If your target agent supports a circular trace buffer, then you can run a trace experiment indefinitely without filling the trace buffer; when space runs out, the agent deletes already-collected trace frames, oldest first, until there is enough room to continue collecting. This is especially useful if your tracepoints are being hit too often, and your trace gets terminated prematurely because the buffer is full. To ask for a circular trace buffer, simply set ‘circular-trace-buffer’ to on. You can set this at any time, including during tracing; if the agent can do it, it will change buffer handling on the fly, otherwise it will not take effect until the next run.
set circular-trace-buffer on
set circular-trace-buffer off
show circular-trace-buffer
set trace-buffer-size
nset trace-buffer-size unlimited
unlimited
or -1
to let the target use whatever size it
likes. This is also the default.
show trace-buffer-size
tstatus
to get a report of the actual buffer size.
set trace-user
textshow trace-user
set trace-notes
textshow trace-notes
set trace-stop-notes
texttstop
arguments; the set command is convenient way to fix a
stop note that is mistaken or incomplete.
show trace-stop-notes
There are a number of restrictions on the use of tracepoints. As described above, tracepoint data gathering occurs on the target without interaction from gdb. Thus the full capabilities of the debugger are not available during data gathering, and then at data examination time, you will be limited by only having what was collected. The following items describe some common problems, but it is not exhaustive, and you may run into additional difficulties not mentioned here.
$locals
or $args
, during while-stepping
may
behave erratically. The stepping action may enter a new scope (for
instance by stepping into a function), or the location of the variable
may change (for instance it is loaded into a register). The
tracepoint data recorded uses the location information for the
variables that is correct for the tracepoint location. When the
tracepoint is created, it is not possible, in general, to determine
where the steps of a while-stepping
sequence will advance the
program—particularly if a conditional branch is stepped.
*ptr@50
can be used to collect the 50 element array pointed to
by ptr
.
*(unsigned char *)$esp@300
(adjust to use the name of the actual stack pointer register on your
target architecture, and the amount of stack you wish to capture).
Then the backtrace
command will show a partial backtrace when
using a trace frame. The number of stack frames that can be examined
depends on the sizes of the frames in the collected stack. Note that
if you ask for a block so large that it goes past the bottom of the
stack, the target agent may report an error trying to read from an
invalid address.
$pc
must be the same as the address of
the tracepoint and use that when you are looking at a trace frame
for that tracepoint. However, this cannot work if the tracepoint has
multiple locations (for instance if it was set in a function that was
inlined), or if it has a while-stepping
loop. In those cases
gdb will warn you that it can't infer $pc
, and default
it to zero.
After the tracepoint experiment ends, you use gdb commands
for examining the trace data. The basic idea is that each tracepoint
collects a trace snapshot every time it is hit and another
snapshot every time it single-steps. All these snapshots are
consecutively numbered from zero and go into a buffer, and you can
examine them later. The way you examine them is to focus on a
specific trace snapshot. When the remote stub is focused on a trace
snapshot, it will respond to all gdb requests for memory and
registers by reading from the buffer which belongs to that snapshot,
rather than from real memory or registers of the program being
debugged. This means that all gdb commands
(print
, info registers
, backtrace
, etc.) will
behave as if we were currently debugging the program state as it was
when the tracepoint occurred. Any requests for data that are not in
the buffer will fail.
tfind
nThe basic command for selecting a trace snapshot from the buffer is
tfind
n, which finds trace snapshot number n,
counting from zero. If no argument n is given, the next
snapshot is selected.
Here are the various forms of using the tfind
command.
tfind start
tfind 0
(since 0 is the number of the first snapshot).
tfind none
tfind end
tfind
tfind -
tfind tracepoint
numtfind pc
addrtfind outside
addr1,
addr2tfind range
addr1,
addr2tfind line
[file:
]ntfind line
repeatedly can appear to have the same effect as
stepping from line to line in a live debugging session.
The default arguments for the tfind
commands are specifically
designed to make it easy to scan through the trace buffer. For
instance, tfind
with no argument selects the next trace
snapshot, and tfind -
with no argument selects the previous
trace snapshot. So, by giving one tfind
command, and then
simply hitting <RET> repeatedly you can examine all the trace
snapshots in order. Or, by saying tfind -
and then hitting
<RET> repeatedly you can examine the snapshots in reverse order.
The tfind line
command with no argument selects the snapshot
for the next source line executed. The tfind pc
command with
no argument selects the next snapshot with the same program counter
(PC) as the current frame. The tfind tracepoint
command with
no argument selects the next trace snapshot collected by the same
tracepoint as the current one.
In addition to letting you scan through the trace buffer manually, these commands make it easy to construct gdb scripts that scan through the trace buffer and print out whatever collected data you are interested in. Thus, if we want to examine the PC, FP, and SP registers from each trace frame in the buffer, we can say this:
(gdb) tfind start (gdb) while ($trace_frame != -1) > printf "Frame %d, PC = %08X, SP = %08X, FP = %08X\n", \ $trace_frame, $pc, $sp, $fp > tfind > end Frame 0, PC = 0020DC64, SP = 0030BF3C, FP = 0030BF44 Frame 1, PC = 0020DC6C, SP = 0030BF38, FP = 0030BF44 Frame 2, PC = 0020DC70, SP = 0030BF34, FP = 0030BF44 Frame 3, PC = 0020DC74, SP = 0030BF30, FP = 0030BF44 Frame 4, PC = 0020DC78, SP = 0030BF2C, FP = 0030BF44 Frame 5, PC = 0020DC7C, SP = 0030BF28, FP = 0030BF44 Frame 6, PC = 0020DC80, SP = 0030BF24, FP = 0030BF44 Frame 7, PC = 0020DC84, SP = 0030BF20, FP = 0030BF44 Frame 8, PC = 0020DC88, SP = 0030BF1C, FP = 0030BF44 Frame 9, PC = 0020DC8E, SP = 0030BF18, FP = 0030BF44 Frame 10, PC = 00203F6C, SP = 0030BE3C, FP = 0030BF14
Or, if we want to examine the variable X
at each source line in
the buffer:
(gdb) tfind start (gdb) while ($trace_frame != -1) > printf "Frame %d, X == %d\n", $trace_frame, X > tfind line > end Frame 0, X = 1 Frame 7, X = 2 Frame 13, X = 255
tdump
This command takes no arguments. It prints all the data collected at the current trace snapshot.
(gdb) trace 444 (gdb) actions Enter actions for tracepoint #2, one per line: > collect $regs, $locals, $args, gdb_long_test > end (gdb) tstart (gdb) tfind line 444 #0 gdb_test (p1=0x11, p2=0x22, p3=0x33, p4=0x44, p5=0x55, p6=0x66) at gdb_test.c:444 444 printp( "%s: arguments = 0x%X 0x%X 0x%X 0x%X 0x%X 0x%X\n", ) (gdb) tdump Data collected at tracepoint 2, trace frame 1: d0 0xc4aa0085 -995491707 d1 0x18 24 d2 0x80 128 d3 0x33 51 d4 0x71aea3d 119204413 d5 0x22 34 d6 0xe0 224 d7 0x380035 3670069 a0 0x19e24a 1696330 a1 0x3000668 50333288 a2 0x100 256 a3 0x322000 3284992 a4 0x3000698 50333336 a5 0x1ad3cc 1758156 fp 0x30bf3c 0x30bf3c sp 0x30bf34 0x30bf34 ps 0x0 0 pc 0x20b2c8 0x20b2c8 fpcontrol 0x0 0 fpstatus 0x0 0 fpiaddr 0x0 0 p = 0x20e5b4 "gdb-test" p1 = (void *) 0x11 p2 = (void *) 0x22 p3 = (void *) 0x33 p4 = (void *) 0x44 p5 = (void *) 0x55 p6 = (void *) 0x66 gdb_long_test = 17 '\021' (gdb)
tdump
works by scanning the tracepoint's current collection
actions and printing the value of each expression listed. So
tdump
can fail, if after a run, you change the tracepoint's
actions to mention variables that were not collected during the run.
Also, for tracepoints with while-stepping
loops, tdump
uses the collected value of $pc
to distinguish between trace
frames that were collected at the tracepoint hit, and frames that were
collected while stepping. This allows it to correctly choose whether
to display the basic list of collections, or the collections from the
body of the while-stepping loop. However, if $pc
was not collected,
then tdump
will always attempt to dump using the basic collection
list, and may fail if a while-stepping frame does not include all the
same data that is collected at the tracepoint hit.
save tracepoints
filename
This command saves all current tracepoint definitions together with
their actions and passcounts, into a file filename
suitable for use in a later debugging session. To read the saved
tracepoint definitions, use the source
command (see Command Files). The save-tracepoints
command is a deprecated
alias for save tracepoints
(int) $trace_frame
(int) $tracepoint
(int) $trace_line
(char []) $trace_file
(char []) $trace_func
$tracepoint
.
Note: $trace_file
is not suitable for use in printf
,
use output
instead.
Here's a simple example of using these convenience variables for stepping through all the trace snapshots and printing some of their data. Note that these are not the same as trace state variables, which are managed by the target.
(gdb) tfind start (gdb) while $trace_frame != -1 > output $trace_file > printf ", line %d (tracepoint #%d)\n", $trace_line, $tracepoint > tfind > end
In some situations, the target running a trace experiment may no
longer be available; perhaps it crashed, or the hardware was needed
for a different activity. To handle these cases, you can arrange to
dump the trace data into a file, and later use that file as a source
of trace data, via the target tfile
command.
tsave [ -r ]
filenametsave [-ctf]
dirname-r
(“remote”) to direct the target to save
the data directly into filename in its own filesystem, which may be
more efficient if the trace buffer is very large. (Note, however, that
target tfile
can only read from files accessible to the host.)
By default, this command will save trace frame in tfile format.
You can supply the optional argument -ctf
to save data in CTF
format. The Common Trace Format (CTF) is proposed as a trace format
that can be shared by multiple debugging and tracing tools. Please go to
<http://www.efficios.com/ctf
> to get more information.
target tfile
filenametarget ctf
dirnametstatus
will report the state of the trace run at the moment
the data was saved, as well as the current trace frame you are examining.
Both filename and dirname must be on a filesystem accessible to
the host.
(gdb) target ctf ctf.ctf (gdb) tfind Found trace frame 0, tracepoint 2 39 ++a; /* set tracepoint 1 here */ (gdb) tdump Data collected at tracepoint 2, trace frame 0: i = 0 a = 0 b = 1 '\001' c = {"123", "456", "789", "123", "456", "789"} d = {{{a = 1, b = 2}, {a = 3, b = 4}}, {{a = 5, b = 6}, {a = 7, b = 8}}} (gdb) p b $1 = 1
If your program is too large to fit completely in your target system's memory, you can sometimes use overlays to work around this problem. gdb provides some support for debugging programs that use overlays.
Suppose you have a computer whose instruction address space is only 64 kilobytes long, but which has much more memory which can be accessed by other means: special instructions, segment registers, or memory management hardware, for example. Suppose further that you want to adapt a program which is larger than 64 kilobytes to run on this system.
One solution is to identify modules of your program which are relatively independent, and need not call each other directly; call these modules overlays. Separate the overlays from the main program, and place their machine code in the larger memory. Place your main program in instruction memory, but leave at least enough space there to hold the largest overlay as well.
Now, to call a function located in an overlay, you must first copy that overlay's machine code from the large memory into the space set aside for it in the instruction memory, and then jump to its entry point there.
Data Instruction Larger Address Space Address Space Address Space +-----------+ +-----------+ +-----------+ | | | | | | +-----------+ +-----------+ +-----------+<-- overlay 1 | program | | main | .----| overlay 1 | load address | variables | | program | | +-----------+ | and heap | | | | | | +-----------+ | | | +-----------+<-- overlay 2 | | +-----------+ | | | load address +-----------+ | | | .-| overlay 2 | | | | | | | mapped --->+-----------+ | | +-----------+ address | | | | | | | overlay | <-' | | | | area | <---' +-----------+<-- overlay 3 | | <---. | | load address +-----------+ `--| overlay 3 | | | | | +-----------+ | | +-----------+ | | +-----------+ A code overlay
The diagram (see A code overlay) shows a system with separate data and instruction address spaces. To map an overlay, the program copies its code from the larger address space to the instruction address space. Since the overlays shown here all use the same mapped address, only one may be mapped at a time. For a system with a single address space for data and instructions, the diagram would be similar, except that the program variables and heap would share an address space with the main program and the overlay area.
An overlay loaded into instruction memory and ready for use is called a mapped overlay; its mapped address is its address in the instruction memory. An overlay not present (or only partially present) in instruction memory is called unmapped; its load address is its address in the larger memory. The mapped address is also called the virtual memory address, or VMA; the load address is also called the load memory address, or LMA.
Unfortunately, overlays are not a completely transparent way to adapt a program to limited instruction memory. They introduce a new set of global constraints you must keep in mind as you design your program:
The overlay system described above is rather simple, and could be improved in many ways:
To use gdb's overlay support, each overlay in your program must correspond to a separate section of the executable file. The section's virtual memory address and load memory address must be the overlay's mapped and load addresses. Identifying overlays with sections allows gdb to determine the appropriate address of a function or variable, depending on whether the overlay is mapped or not.
gdb's overlay commands all start with the word overlay
;
you can abbreviate this as ov
or ovly
. The commands are:
overlay off
overlay manual
overlay map-overlay
and overlay unmap-overlay
commands described below.
overlay map-overlay
overlayoverlay map
overlayoverlay unmap-overlay
overlayoverlay unmap
overlayoverlay auto
overlay load-target
overlay load
overlay list-overlays
overlay list
Normally, when gdb prints a code address, it includes the name of the function the address falls in:
(gdb) print main $3 = {int ()} 0x11a0 <main>
When overlay debugging is enabled, gdb recognizes code in
unmapped overlays, and prints the names of unmapped functions with
asterisks around them. For example, if foo
is a function in an
unmapped overlay, gdb prints it this way:
(gdb) overlay list No sections are mapped. (gdb) print foo $5 = {int (int)} 0x100000 <*foo*>
When foo
's overlay is mapped, gdb prints the function's
name normally:
(gdb) overlay list Section .ov.foo.text, loaded at 0x100000 - 0x100034, mapped at 0x1016 - 0x104a (gdb) print foo $6 = {int (int)} 0x1016 <foo>
When overlay debugging is enabled, gdb can find the correct
address for functions and variables in an overlay, whether or not the
overlay is mapped. This allows most gdb commands, like
break
and disassemble
, to work normally, even on unmapped
code. However, gdb's breakpoint support has some limitations:
gdb can automatically track which overlays are mapped and which
are not, given some simple co-operation from the overlay manager in the
inferior. If you enable automatic overlay debugging with the
overlay auto
command (see Overlay Commands), gdb
looks in the inferior's memory for certain variables describing the
current state of the overlays.
Here are the variables your overlay manager must define to support gdb's automatic overlay debugging:
_ovly_table
:struct { /* The overlay's mapped address. */ unsigned long vma; /* The size of the overlay, in bytes. */ unsigned long size; /* The overlay's load address. */ unsigned long lma; /* Non-zero if the overlay is currently mapped; zero otherwise. */ unsigned long mapped; }
_novlys
:_ovly_table
.
To decide whether a particular overlay is mapped or not, gdb
looks for an entry in _ovly_table
whose vma
and
lma
members equal the VMA and LMA of the overlay's section in the
executable file. When gdb finds a matching entry, it consults
the entry's mapped
member to determine whether the overlay is
currently mapped.
In addition, your overlay manager may define a function called
_ovly_debug_event
. If this function is defined, gdb
will silently set a breakpoint there. If the overlay manager then
calls this function whenever it has changed the overlay table, this
will enable gdb to accurately keep track of which overlays
are in program memory, and update any breakpoints that may be set
in overlays. This will allow breakpoints to work even if the
overlays are kept in ROM or other non-writable memory while they
are not being executed.
When linking a program which uses overlays, you must place the overlays at their load addresses, while relocating them to run at their mapped addresses. To do this, you must write a linker script (see Overlay Description). Unfortunately, since linker scripts are specific to a particular host system, target architecture, and target memory layout, this manual cannot provide portable sample code demonstrating gdb's overlay support.
However, the gdb source distribution does contain an overlaid program, with linker scripts for a few systems, as part of its test suite. The program consists of the following files from gdb/testsuite/gdb.base:
d10v-elf
and m32r-elf
targets.
You can build the test program using the d10v-elf
GCC
cross-compiler like this:
$ d10v-elf-gcc -g -c overlays.c $ d10v-elf-gcc -g -c ovlymgr.c $ d10v-elf-gcc -g -c foo.c $ d10v-elf-gcc -g -c bar.c $ d10v-elf-gcc -g -c baz.c $ d10v-elf-gcc -g -c grbx.c $ d10v-elf-gcc -g overlays.o ovlymgr.o foo.o bar.o \ baz.o grbx.o -Wl,-Td10v.ld -o overlays
The build process is identical for any other architecture, except that
you must substitute the appropriate compiler and linker script for the
target system for d10v-elf-gcc
and d10v.ld
.
Although programming languages generally have common aspects, they are
rarely expressed in the same manner. For instance, in ANSI C,
dereferencing a pointer p
is accomplished by *p
, but in
Modula-2, it is accomplished by p^
. Values can also be
represented (and displayed) differently. Hex numbers in C appear as
‘0x1ae’, while in Modula-2 they appear as ‘1AEH’.
Language-specific information is built into gdb for some languages, allowing you to express operations like the above in your program's native language, and allowing gdb to output values in a manner consistent with the syntax of your program's native language. The language you use to build expressions is called the working language.
There are two ways to control the working language—either have gdb
set it automatically, or select it manually yourself. You can use the
set language
command for either purpose. On startup, gdb
defaults to setting the language automatically. The working language is
used to determine how expressions you type are interpreted, how values
are printed, etc.
In addition to the working language, every source file that
gdb knows about has its own working language. For some object
file formats, the compiler might indicate which language a particular
source file is in. However, most of the time gdb infers the
language from the name of the file. The language of a source file
controls whether C++ names are demangled—this way backtrace
can
show each frame appropriately for its own language. There is no way to
set the language of a source file from within gdb, but you can
set the language associated with a filename extension. See Displaying the Language.
This is most commonly a problem when you use a program, such
as cfront
or f2c
, that generates C but is written in
another language. In that case, make the
program use #line
directives in its C output; that way
gdb will know the correct language of the source code of the original
program, and will display that source code, not the generated C code.
If a source file name ends in one of the following extensions, then gdb infers that its language is the one indicated.
In addition, you may set the language associated with a filename extension. See Displaying the Language.
If you allow gdb to set the language automatically, expressions are interpreted the same way in your debugging session and your program.
If you wish, you may set the language manually. To do this, issue the
command ‘set language lang’, where lang is the name of
a language, such as
c
or modula-2
.
For a list of the supported languages, type ‘set language’.
Setting the language manually prevents gdb from updating the working language automatically. This can lead to confusion if you try to debug a program when the working language is not the same as the source language, when an expression is acceptable to both languages—but means different things. For instance, if the current source file were written in C, and gdb was parsing Modula-2, a command such as:
print a = b + c
might not have the effect you intended. In C, this means to add
b
and c
and place the result in a
. The result
printed would be the value of a
. In Modula-2, this means to compare
a
to the result of b+c
, yielding a BOOLEAN
value.
To have gdb set the working language automatically, use ‘set language local’ or ‘set language auto’. gdb then infers the working language. That is, when your program stops in a frame (usually by encountering a breakpoint), gdb sets the working language to the language recorded for the function in that frame. If the language for a frame is unknown (that is, if the function or block corresponding to the frame was defined in a source file that does not have a recognized extension), the current working language is not changed, and gdb issues a warning.
This may not seem necessary for most programs, which are written entirely in one source language. However, program modules and libraries written in one source language can be used by a main program written in a different source language. Using ‘set language auto’ in this case frees you from having to set the working language manually.
The following commands help you find out which language is the working language, and also what language source files were written in.
show language
print
to
build and compute expressions that may involve variables in your program.
info frame
info source
In unusual circumstances, you may have source files with extensions not in the standard list. You can then set the extension associated with a language explicitly:
set extension-language
ext languageinfo extensions
Some languages are designed to guard you against making seemingly common errors through a series of compile- and run-time checks. These include checking the type of arguments to functions and operators and making sure mathematical overflows are caught at run time. Checks such as these help to ensure a program's correctness once it has been compiled by eliminating type mismatches and providing active checks for range errors when your program is running.
By default gdb checks for these errors according to the
rules of the current source language. Although gdb does not check
the statements in your program, it can check expressions entered directly
into gdb for evaluation via the print
command, for example.
Some languages, such as C and C++, are strongly typed, meaning that the arguments to operators and functions have to be of the correct type, otherwise an error occurs. These checks prevent type mismatch errors from ever causing any run-time problems. For example,
int klass::my_method(char *b) { return b ? 1 : 2; } (gdb) print obj.my_method (0) $1 = 2
but
(gdb) print obj.my_method (0x1234) Cannot resolve method klass::my_method to any overloaded instance
The second example fails because in C++ the integer constant ‘0x1234’ is not type-compatible with the pointer parameter type.
For the expressions you use in gdb commands, you can tell gdb to not enforce strict type checking or to treat any mismatches as errors and abandon the expression; When type checking is disabled, gdb successfully evaluates expressions like the second example above.
Even if type checking is off, there may be other reasons
related to type that prevent gdb from evaluating an expression.
For instance, gdb does not know how to add an int
and
a struct foo
. These particular type errors have nothing to do
with the language in use and usually arise from expressions which make
little sense to evaluate anyway.
gdb provides some additional commands for controlling type checking:
set check type on
set check type off
show check type
In some languages (such as Modula-2), it is an error to exceed the bounds of a type; this is enforced with run-time checks. Such range checking is meant to ensure program correctness by making sure computations do not overflow, or indices on an array element access do not exceed the bounds of the array.
For expressions you use in gdb commands, you can tell gdb to treat range errors in one of three ways: ignore them, always treat them as errors and abandon the expression, or issue warnings but evaluate the expression anyway.
A range error can result from numerical overflow, from exceeding an array index bound, or when you type a constant that is not a member of any type. Some languages, however, do not treat overflows as an error. In many implementations of C, mathematical overflow causes the result to “wrap around” to lower values—for example, if m is the largest integer value, and s is the smallest, then
m + 1 ⇒ s
This, too, is specific to individual languages, and in some cases specific to individual compilers or machines. See Supported Languages, for further details on specific languages.
gdb provides some additional commands for controlling the range checker:
set check range auto
set check range on
set check range off
set check range warn
show range
gdb supports C, C++, D, Go, Objective-C, Fortran,
OpenCL C, Pascal, Rust, assembly, Modula-2, and Ada.
Some gdb features may be used in expressions regardless of the
language you use: the gdb @
and ::
operators,
and the ‘{type}addr’ construct (see Expressions) can be used with the constructs of any supported
language.
The following sections detail to what degree each source language is supported by gdb. These sections are not meant to be language tutorials or references, but serve only as a reference guide to what the gdb expression parser accepts, and what input and output formats should look like for different languages. There are many good books written on each of these languages; please look to these for a language reference or tutorial.
Since C and C++ are so closely related, many features of gdb apply to both languages. Whenever this is the case, we discuss those languages together.
The C++ debugging facilities are jointly implemented by the C++
compiler and gdb. Therefore, to debug your C++ code
effectively, you must compile your C++ programs with a supported
C++ compiler, such as gnu g++
, or the HP ANSI C++
compiler (aCC
).
Operators must be defined on values of specific types. For instance,
+
is defined on numbers, but not on structures. Operators are
often defined on groups of types.
For the purposes of C and C++, the following definitions hold:
int
with any of its storage-class
specifiers; char
; enum
; and, for C++, bool
.
float
, double
, and
long double
(if supported by the target platform).
(
type *)
.
The following operators are supported. They are listed here in order of increasing precedence:
,
=
=
op=
b,
and translated to a =
a op b.
op=
and =
have the same precedence. The operator
op is any one of the operators |
, ^
, &
,
<<
, >>
, +
, -
, *
, /
, %
.
?:
?
b :
c can be thought
of as: if a then b else c. The argument a
should be of an integral type.
||
&&
|
^
&
==
, !=
<
, >
, <=
, >=
<<
, >>
@
+
, -
*
, /
, %
++
, --
*
++
.
&
++
.
For debugging C++, gdb implements a use of ‘&’ beyond what is
allowed in the C++ language itself: you can use ‘&(&ref)’
to examine the address
where a C++ reference variable (declared with ‘&ref’) is
stored.
-
++
.
!
++
.
~
++
.
.
, ->
struct
and union
data.
.*
, ->*
[]
[
i]
is defined as
*(
a+
i)
. Same precedence as ->
.
()
->
.
::
struct
, union
,
and class
types.
::
::
,
above.
If an operator is redefined in the user code, gdb usually attempts to invoke the redefined version instead of using the operator's predefined meaning.
gdb allows you to express the constants of C and C++ in the following ways:
long
value.
float
(as opposed to the default double
) type; or with
a letter ‘l’ or ‘L’, which specifies a long double
constant.
'
), or a number—the ordinal value of the corresponding character
(usually its ascii value). Within quotes, the single character may
be represented by a letter or by escape sequences, which are of
the form ‘\nnn’, where nnn is the octal representation
of the character's ordinal value; or of the form ‘\x’, where
‘x’ is a predefined special character—for example,
‘\n’ for newline.
Wide character constants can be written by prefixing a character constant with ‘L’, as in C. For example, ‘L'x'’ is the wide form of ‘x’. The target wide character set is used when computing the value of this constant (see Character Sets).
"
). Any valid character constant (as described
above) may appear. Double quotes within the string must be preceded by
a backslash, so for instance ‘"a\"b'c"’ is a string of five
characters.
Wide string constants can be written by prefixing a string constant with ‘L’, as in C. The target wide character set is used when computing the value of this constant (see Character Sets).
gdb expression handling can interpret most C++ expressions.
Warning: gdb can only debug C++ code if you use the proper compiler and the proper debug format. Currently, gdb works best when debugging C++ code that is compiled with the most recent version of gcc possible. The DWARF debugging format is preferred; gcc defaults to this on most popular platforms. Other compilers and/or debug formats are likely to work badly or not at all when using gdb to debug C++ code. See Compilation.
count = aml->GetOriginal(x, y)
this
following the same rules as C++. using
declarations in the current scope are also respected by gdb.
It does perform integral conversions and promotions, floating-point promotions, arithmetic conversions, pointer conversions, conversions of class objects to base classes, and standard conversions such as those of functions or arrays to pointers; it requires an exact match on the number of function arguments.
Overload resolution is always performed, unless you have specified
set overload-resolution off
. See gdb Features for C++.
You must specify set overload-resolution off
in order to use an
explicit function signature to call an overloaded function, as in
p 'foo(char,int)'('x', 13)
The gdb command-completion facility can simplify this; see Command Completion.
In the parameter list shown when gdb displays a frame, the values of reference variables are not displayed (unlike other variables); this avoids clutter, since references are often used for large structures. The address of a reference variable is always shown, unless you have specified ‘set print address off’.
::
—your
expressions can use it just as expressions in your program do. Since
one scope may be defined in another, you can use ::
repeatedly if
necessary, for example in an expression like
‘scope1::scope2::name’. gdb also allows
resolving name scope by reference to source files, in both C and C++
debugging (see Program Variables).
If you allow gdb to set range checking automatically, it
defaults to off
whenever the working language changes to
C or C++. This happens regardless of whether you or gdb
selects the working language.
If you allow gdb to set the language automatically, it recognizes source files whose names end with .c, .C, or .cc, etc, and when gdb enters code compiled from one of these files, it sets the working language to C or C++. See Having gdb Infer the Source Language, for further details.
By default, when gdb parses C or C++ expressions, strict type checking is used. However, if you turn type checking off, gdb will allow certain non-standard conversions, such as promoting integer constants to pointers.
Range checking, if turned on, is done on mathematical operations. Array indices are not checked, since they are often used to index a pointer that is not itself an array.
The set print union
and show print union
commands apply to
the union
type. When set to ‘on’, any union
that is
inside a struct
or class
is also printed. Otherwise, it
appears as ‘{...}’.
The @
operator aids in the debugging of dynamic arrays, formed
with pointers and a memory allocation function. See Expressions.
Some gdb commands are particularly useful with C++, and some are designed specifically for use with C++. Here is a summary:
rbreak
regexcatch throw
catch rethrow
catch catch
ptype
typenameinfo vtbl
expression.
info vtbl
command can be used to display the virtual
method tables of the object computed by expression. This shows
one entry per virtual table; there may be multiple virtual tables when
multiple inheritance is in use.
demangle
namedemangle
command.
set print demangle
show print demangle
set print asm-demangle
show print asm-demangle
set print object
show print object
set print vtbl
show print vtbl
vtbl
commands do not work on programs compiled with the HP
ANSI C++ compiler (aCC
).)
set overload-resolution on
set overload-resolution off
show overload-resolution
(
types)
rather than just symbol. You can
also use the gdb command-line word completion facilities to list the
available choices, or to finish the type list for you.
See Command Completion, for details on how to do this.
The ABI tags are visible in C++ demangled names. For example, a function that returns a std::string:
std::string function(int);
when compiled for the C++11 ABI is marked with the cxx11
ABI
tag, and gdb displays the symbol like this:
function[abi:cxx11](int)
You can set a breakpoint on such functions simply as if they had no tag. For example:
(gdb) b function(int) Breakpoint 2 at 0x40060d: file main.cc, line 10. (gdb) info breakpoints Num Type Disp Enb Address What 1 breakpoint keep y 0x0040060d in function[abi:cxx11](int) at main.cc:10
On the rare occasion you need to disambiguate between different ABI tags, you can do so by simply including the ABI tag in the function name, like:
(gdb) b ambiguous[abi:other_tag](int)
gdb can examine, set and perform computations with numbers in
decimal floating point format, which in the C language correspond to the
_Decimal32
, _Decimal64
and _Decimal128
types as
specified by the extension to support decimal floating-point arithmetic.
There are two encodings in use, depending on the architecture: BID (Binary Integer Decimal) for x86 and x86-64, and DPD (Densely Packed Decimal) for PowerPC and S/390. gdb will use the appropriate encoding for the configured target.
Because of a limitation in libdecnumber, the library used by gdb to manipulate decimal floating point numbers, it is not possible to convert (using a cast, for example) integers wider than 32-bit to decimal float.
In addition, in order to imitate gdb's behaviour with binary floating point computations, error checking in decimal float operations ignores underflow, overflow and divide by zero exceptions.
In the PowerPC architecture, gdb provides a set of pseudo-registers
to inspect _Decimal128
values stored in floating point registers.
See PowerPC for more details.
gdb can be used to debug programs written in D and compiled with GDC, LDC or DMD compilers. Currently gdb supports only one D specific feature — dynamic arrays.
gdb can be used to debug programs written in Go and compiled with gccgo or 6g compilers.
Here is a summary of the Go-specific features and restrictions:
The current Go package
For example, given the program:
package main var myglob = "Shall we?" func main () { // ... }
When stopped inside main
either of these work:
(gdb) p myglob (gdb) p main.myglob
Builtin Go types
string
type is recognized by gdb and is printed
as a string.
Builtin Go functions
unsafe.Sizeof
function and handles it internally.
Restrictions on Go expressions
&^
.
The Go _
“blank identifier” is not supported.
Automatic dereferencing of pointers is not supported.
This section provides information about some commands and command options that are useful for debugging Objective-C code. See also info classes, and info selectors, for a few more commands specific to Objective-C support.
The following commands have been extended to accept Objective-C method names as line specifications:
clear
break
info line
jump
list
A fully qualified Objective-C method name is specified as
-[Class methodName]
where the minus sign is used to indicate an instance method and a
plus sign (not shown) is used to indicate a class method. The class
name Class and method name methodName are enclosed in
brackets, similar to the way messages are specified in Objective-C
source code. For example, to set a breakpoint at the create
instance method of class Fruit
in the program currently being
debugged, enter:
break -[Fruit create]
To list ten program lines around the initialize
class method,
enter:
list +[NSText initialize]
In the current version of gdb, the plus or minus sign is required. In future versions of gdb, the plus or minus sign will be optional, but you can use it to narrow the search. It is also possible to specify just a method name:
break create
You must specify the complete method name, including any colons. If
your program's source files contain more than one create
method,
you'll be presented with a numbered list of classes that implement that
method. Indicate your choice by number, or type ‘0’ to exit if
none apply.
As another example, to clear a breakpoint established at the
makeKeyAndOrderFront:
method of the NSWindow
class, enter:
clear -[NSWindow makeKeyAndOrderFront:]
The print command has also been extended to accept methods. For example:
print -[object hash]
will tell gdb to send the hash
message to object
and print the result. Also, an additional command has been added,
print-object
or po
for short, which is meant to print
the description of an object. However, this command may only work
with certain Objective-C libraries that have a particular hook
function, _NSPrintForDebugger
, defined.
This section provides information about gdbs OpenCL C support.
gdb supports the builtin scalar and vector datatypes specified
by OpenCL 1.1. In addition the half- and double-precision floating point
data types of the cl_khr_fp16
and cl_khr_fp64
OpenCL
extensions are also known to gdb.
gdb supports accesses to vector components including the access as lvalue where possible. Since OpenCL C is based on C99 most C expressions supported by gdb can be used as well.
gdb supports the operators specified by OpenCL 1.1 for scalar and vector data types.
gdb can be used to debug programs written in Fortran, but it currently supports only the features of Fortran 77 language.
Some Fortran compilers (gnu Fortran 77 and Fortran 95 compilers among them) append an underscore to the names of variables and functions. When you debug programs compiled by those compilers, you will need to refer to variables and functions with a trailing underscore.
Operators must be defined on values of specific types. For instance,
+
is defined on numbers, but not on characters or other non-
arithmetic types. Operators are often defined on groups of types.
**
:
%
Fortran symbols are usually case-insensitive, so gdb by default uses case-insensitive matches for Fortran symbols. You can change that with the ‘set case-insensitive’ command, see Symbols, for the details.
gdb has some commands to support Fortran-specific features, such as displaying common blocks.
info common
[common-name]COMMON
block whose name is common-name. With no argument, the names of
all COMMON
blocks visible at the current program location are
printed.
Debugging Pascal programs which use sets, subranges, file variables, or nested functions does not currently work. gdb does not support entering expressions, printing values, or similar features using Pascal syntax.
The Pascal-specific command set print pascal_static-members
controls whether static members of Pascal objects are displayed.
See pascal_static-members.
gdb supports the Rust Programming Language. Type- and value-printing, and expression parsing, are reasonably complete. However, there are a few peculiarities and holes to be aware of.
extern crate
behaves.
That is, if gdb is stopped at a breakpoint in a function in
crate ‘A’, module ‘B’, then break B::f
will attempt
to set a breakpoint in a function named ‘f’ in a crate named
‘B’.
As a consequence of this approach, linespecs also cannot refer to items using ‘self::’ or ‘super::’.
print ::x::y
will try to find the symbol
‘K::x::y’.
However, since it is useful to be able to refer to other crates when
debugging, gdb provides the extern
extension to
circumvent this. To use the extension, just put extern
before
a path expression to refer to the otherwise unavailable “global”
scope.
In the above example, if you wanted to refer to the symbol ‘y’ in
the crate ‘x’, you would use print extern x::y
.
if
or match
, or lambda expressions.
Drop
trait. Objects that may be created by the evaluator will
never be destroyed.
crate::f<u32>
, where the parser would require
crate::f::<u32>
.
Self
is not available.
use
statements are not available, so some names may not be
available in the crate.
The extensions made to gdb to support Modula-2 only support output from the gnu Modula-2 compiler (which is currently being developed). Other Modula-2 compilers are not currently supported, and attempting to debug executables produced by them is most likely to give an error as gdb reads in the executable's symbol table.
Operators must be defined on values of specific types. For instance,
+
is defined on numbers, but not on structures. Operators are
often defined on groups of types. For the purposes of Modula-2, the
following definitions hold:
INTEGER
, CARDINAL
, and
their subranges.
CHAR
and its subranges.
REAL
.
POINTER TO
type.
SET
and BITSET
types.
BOOLEAN
.
The following operators are supported, and appear in order of increasing precedence:
,
:=
:=
value is
value.
<
, >
<=
, >=
<
.
=
, <>
, #
<
. In gdb scripts, only <>
is
available for inequality, since #
conflicts with the script
comment character.
IN
<
.
OR
AND
, &
@
+
, -
*
/
*
.
DIV
, MOD
*
.
-
INTEGER
and REAL
data.
^
NOT
^
.
.
RECORD
field selector. Defined on RECORD
data. Same
precedence as ^
.
[]
ARRAY
data. Same precedence as ^
.
()
PROCEDURE
objects. Same precedence
as ^
.
::
, .
Warning: Set expressions and their operations are not yet supported, so gdb treats the use of the operatorIN
, or the use of operators+
,-
,*
,/
,=
, ,<>
,#
,<=
, and>=
on sets as an error.
Modula-2 also makes available several built-in procedures and functions. In describing these, the following metavariables are used:
ARRAY
variable.
CHAR
constant or variable.
SET OF
mtype (where mtype is the type of m).
All Modula-2 built-in procedures also return a result, described below.
ABS(
n)
CAP(
c)
CHR(
i)
DEC(
v)
DEC(
v,
i)
EXCL(
m,
s)
FLOAT(
i)
HIGH(
a)
INC(
v)
INC(
v,
i)
INCL(
m,
s)
MAX(
t)
MIN(
t)
ODD(
i)
ORD(
x)
SIZE(
x)
TRUNC(
r)
TSIZE(
x)
VAL(
t,
i)
Warning: Sets and their operations are not yet supported, so gdb treats the use of proceduresINCL
andEXCL
as an error.
gdb allows you to express the constants of Modula-2 in the following ways:
'
) or double ("
). They may
also be expressed by their ordinal value (their ascii value, usually)
followed by a ‘C’.
'
) or double ("
).
Escape sequences in the style of C are also allowed. See C and C++ Constants, for a brief explanation of escape
sequences.
TRUE
and
FALSE
.
Currently gdb can print the following data types in Modula-2 syntax: array types, record types, set types, pointer types, procedure types, enumerated types, subrange types and base types. You can also print the contents of variables declared using these type. This section gives a number of simple source code examples together with sample gdb sessions.
The first example contains the following section of code:
VAR s: SET OF CHAR ; r: [20..40] ;
and you can request gdb to interrogate the type and value of
r
and s
.
(gdb) print s {'A'..'C', 'Z'} (gdb) ptype s SET OF CHAR (gdb) print r 21 (gdb) ptype r [20..40]
Likewise if your source code declares s
as:
VAR s: SET ['A'..'Z'] ;
then you may query the type of s
by:
(gdb) ptype s type = SET ['A'..'Z']
Note that at present you cannot interactively manipulate set expressions using the debugger.
The following example shows how you might declare an array in Modula-2 and how you can interact with gdb to print its type and contents:
VAR s: ARRAY [-10..10] OF CHAR ;
(gdb) ptype s ARRAY [-10..10] OF CHAR
Note that the array handling is not yet complete and although the type
is printed correctly, expression handling still assumes that all
arrays have a lower bound of zero and not -10
as in the example
above.
Here are some more type related Modula-2 examples:
TYPE colour = (blue, red, yellow, green) ; t = [blue..yellow] ; VAR s: t ; BEGIN s := blue ;
The gdb interaction shows how you can query the data type and value of a variable.
(gdb) print s $1 = blue (gdb) ptype t type = [blue..yellow]
In this example a Modula-2 array is declared and its contents
displayed. Observe that the contents are written in the same way as
their C
counterparts.
VAR s: ARRAY [1..5] OF CARDINAL ; BEGIN s[1] := 1 ;
(gdb) print s $1 = {1, 0, 0, 0, 0} (gdb) ptype s type = ARRAY [1..5] OF CARDINAL
The Modula-2 language interface to gdb also understands pointer types as shown in this example:
VAR s: POINTER TO ARRAY [1..5] OF CARDINAL ; BEGIN NEW(s) ; s^[1] := 1 ;
and you can request that gdb describes the type of s
.
(gdb) ptype s type = POINTER TO ARRAY [1..5] OF CARDINAL
gdb handles compound types as we can see in this example. Here we combine array types, record types, pointer types and subrange types:
TYPE foo = RECORD f1: CARDINAL ; f2: CHAR ; f3: myarray ; END ; myarray = ARRAY myrange OF CARDINAL ; myrange = [-2..2] ; VAR s: POINTER TO ARRAY myrange OF foo ;
and you can ask gdb to describe the type of s
as shown
below.
(gdb) ptype s type = POINTER TO ARRAY [-2..2] OF foo = RECORD f1 : CARDINAL; f2 : CHAR; f3 : ARRAY [-2..2] OF CARDINAL; END
If type and range checking are set automatically by gdb, they
both default to on
whenever the working language changes to
Modula-2. This happens regardless of whether you or gdb
selected the working language.
If you allow gdb to set the language automatically, then entering code compiled from a file whose name ends with .mod sets the working language to Modula-2. See Having gdb Infer the Source Language, for further details.
A few changes have been made to make Modula-2 programs easier to debug. This is done primarily via loosening its type strictness:
:=
) returns the value of its right-hand
argument.
Warning: in this release, gdb does not yet perform type or range checking.
gdb considers two Modula-2 variables type equivalent if:
TYPE
t1 =
t2 statement
As long as type checking is enabled, any attempt to combine variables whose types are not equivalent is an error.
Range checking is done on all mathematical operations, assignment, array index bounds, and all built-in functions and procedures.
::
and .
There are a few subtle differences between the Modula-2 scope operator
(.
) and the gdb scope operator (::
). The two have
similar syntax:
module . id scope :: id
where scope is the name of a module or a procedure, module the name of a module, and id is any declared identifier within your program, except another module.
Using the ::
operator makes gdb search the scope
specified by scope for the identifier id. If it is not
found in the specified scope, then gdb searches all scopes
enclosing the one specified by scope.
Using the .
operator makes gdb search the current scope for
the identifier specified by id that was imported from the
definition module specified by module. With this operator, it is
an error if the identifier id was not imported from definition
module module, or if id is not an identifier in
module.
Some gdb commands have little use when debugging Modula-2 programs.
Five subcommands of set print
and show print
apply
specifically to C and C++: ‘vtbl’, ‘demangle’,
‘asm-demangle’, ‘object’, and ‘union’. The first four
apply to C++, and the last to the C union
type, which has no direct
analogue in Modula-2.
The @
operator (see Expressions), while available
with any language, is not useful with Modula-2. Its
intent is to aid the debugging of dynamic arrays, which cannot be
created in Modula-2 as they can in C or C++. However, because an
address can be specified by an integral constant, the construct
‘{type}adrexp’ is still useful.
In gdb scripts, the Modula-2 inequality operator #
is
interpreted as the beginning of a comment. Use <>
instead.
The extensions made to gdb for Ada only support output from the gnu Ada (GNAT) compiler. Other Ada compilers are not currently supported, and attempting to debug executables produced by them is most likely to be difficult.
The Ada mode of gdb supports a fairly large subset of Ada expression syntax, with some extensions. The philosophy behind the design of this subset is
Thus, for brevity, the debugger acts as if all names declared in user-written packages are directly visible, even if they are not visible according to Ada rules, thus making it unnecessary to fully qualify most names with their packages, regardless of context. Where this causes ambiguity, gdb asks the user's intent.
The debugger will start in Ada mode if it detects an Ada main program. As for other languages, it will enter Ada mode when stopped in a program that was translated from an Ada source file.
While in Ada mode, you may use `–' for comments. This is useful mostly for documenting command files. The standard gdb comment (‘#’) still works at the beginning of a line in Ada mode, but not in the middle (to allow based literals).
Here are the notable omissions from the subset:
in
) operator.
Characters.Latin_1
are not available and
concatenation is not implemented. Thus, escape characters in strings are
not currently available.
and
, or
,
xor
, not
, and relational tests other than equality)
are not implemented.
(gdb) set An_Array := (1, 2, 3, 4, 5, 6) (gdb) set An_Array := (1, others => 0) (gdb) set An_Array := (0|4 => 1, 1..3 => 2, 5 => 6) (gdb) set A_2D_Array := ((1, 2, 3), (4, 5, 6), (7, 8, 9)) (gdb) set A_Record := (1, "Peter", True); (gdb) set A_Record := (Name => "Peter", Id => 1, Alive => True)
Changing a
discriminant's value by assigning an aggregate has an
undefined effect if that discriminant is used within the record.
However, you can first modify discriminants by directly assigning to
them (which normally would not be allowed in Ada), and then performing an
aggregate assignment. For example, given a variable A_Rec
declared to have a type such as:
type Rec (Len : Small_Integer := 0) is record Id : Integer; Vals : IntArray (1 .. Len); end record;
you can assign a value with a different size of Vals
with two
assignments:
(gdb) set A_Rec.Len := 4 (gdb) set A_Rec := (Id => 42, Vals => (1, 2, 3, 4))
As this example also illustrates, gdb is very loose about the usual
rules concerning aggregates. You may leave out some of the
components of an array or record aggregate (such as the Len
component in the assignment to A_Rec
above); they will retain their
original values upon assignment. You may freely use dynamic values as
indices in component associations. You may even use overlapping or
redundant component associations, although which component values are
assigned in such cases is not defined.
new
operator is not implemented.
True
and False
, when not part of a qualified name,
are interpreted as if implicitly prefixed by Standard
, regardless of
context.
Should your program
redefine these names in a package or procedure (at best a dubious practice),
you will have to use fully qualified names to access their new definitions.
As it does for other languages, gdb makes certain generic extensions to Ada (see Expressions):
@
N displays the values of E and the
N-1 adjacent variables following it in memory as an array. In
Ada, this operator is generally not necessary, since its prime use is
in displaying parts of an array, and slicing will usually do this in
Ada. However, there are occasional uses when debugging programs in
which certain debugging information has been optimized away.
::
var means “the variable named var that
appears in function or file B.” When B is a file name,
you must typically surround it in single quotes.
{
type}
addr means “the variable of type
type that appears at address addr.”
In addition, gdb provides a few other shortcuts and outright additions specific to Ada:
(gdb) set x := y + 3 (gdb) print A(tmp := y + 1)
(gdb) break f (gdb) condition 1 (report(i); k += 1; A(k) > 100)
"One line.["0a"]Next line.["0a"]"
contains an ASCII newline character (Ada.Characters.Latin_1.LF
)
after each period.
(gdb) print 'max(x, y)
(3 => 10, 17, 1)
That is, in contrast to valid Ada, only the first component has a =>
clause.
(gdb) print <JMPBUF_SAVE>[0]
The debugger supports limited overloading. Given a subprogram call in which
the function symbol has multiple definitions, it will use the number of
actual parameters and some information about their types to attempt to narrow
the set of definitions. It also makes very limited use of context, preferring
procedures to functions in the context of the call
command, and
functions to procedures elsewhere.
If, after narrowing, the set of matching definitions still contains more than one definition, gdb will display a menu to query which one it should use, for instance:
(gdb) print f(1) Multiple matches for f [0] cancel [1] foo.f (integer) return boolean at foo.adb:23 [2] foo.f (foo.new_integer) return boolean at foo.adb:28 >
In this case, just select one menu entry either to cancel expression evaluation (type 0 and press <RET>) or to continue evaluation with a specific instance (type the corresponding number and press <RET>).
Here are a couple of commands to customize gdb's behavior in this case:
set ada print-signatures
on
by default.
See Overloading support for Ada.
show ada print-signatures
It is sometimes necessary to debug the program during elaboration, and
before reaching the main procedure.
As defined in the Ada Reference
Manual, the elaboration code is invoked from a procedure called
adainit
. To run your program up to the beginning of
elaboration, simply use the following two commands:
tbreak adainit
and run
.
A command is provided to list all Ada exceptions:
info exceptions
info exceptions
regexpinfo exceptions
command allows you to list all Ada exceptions
defined within the program being debugged, as well as their addresses.
With a regular expression, regexp, as argument, only those exceptions
whose names match regexp are listed.
Below is a small example, showing how the command can be used, first without argument, and next with a regular expression passed as an argument.
(gdb) info exceptions All defined Ada exceptions: constraint_error: 0x613da0 program_error: 0x613d20 storage_error: 0x613ce0 tasking_error: 0x613ca0 const.aint_global_e: 0x613b00 (gdb) info exceptions const.aint All Ada exceptions matching regular expression "const.aint": constraint_error: 0x613da0 const.aint_global_e: 0x613b00
It is also possible to ask gdb to stop your program's execution when an exception is raised. For more details, see Set Catchpoints.
Support for Ada tasks is analogous to that for threads (see Threads). gdb provides the following task-related commands:
info tasks
(gdb) info tasks ID TID P-ID Pri State Name 1 8088000 0 15 Child Activation Wait main_task 2 80a4000 1 15 Accept Statement b 3 809a800 1 15 Child Activation Wait a * 4 80ae800 3 15 Runnable c
In this listing, the asterisk before the last task indicates it to be the task currently being inspected.
Unactivated
Runnable
Terminated
Child Activation Wait
Accept Statement
Waiting on entry call
Async Select Wait
Delay Sleep
Child Termination Wait
Wait Child in Term Alt
Accepting RV with
tasknoinfo task
taskno(gdb) info tasks ID TID P-ID Pri State Name 1 8077880 0 15 Child Activation Wait main_task * 2 807c468 1 15 Runnable task_1 (gdb) info task 2 Ada Task: 0x807c468 Name: task_1 Thread: 0 LWP: 0x1fac Parent: 1 (main_task) Base Priority: 15 State: Runnable
task
(gdb) info tasks ID TID P-ID Pri State Name 1 8077870 0 15 Child Activation Wait main_task * 2 807c458 1 15 Runnable t (gdb) task [Current task is 2]
task
tasknothread
thread-id
command (see Threads). It switches the context of debugging
from the current task to the given task.
(gdb) info tasks ID TID P-ID Pri State Name 1 8077870 0 15 Child Activation Wait main_task * 2 807c458 1 15 Runnable t (gdb) task 1 [Switching to task 1] #0 0x8067726 in pthread_cond_wait () (gdb) bt #0 0x8067726 in pthread_cond_wait () #1 0x8056714 in system.os_interface.pthread_cond_wait () #2 0x805cb63 in system.task_primitives.operations.sleep () #3 0x806153e in system.tasking.stages.activate_tasks () #4 0x804aacc in un () at un.adb:5
break
location task
tasknobreak
location task
taskno if ...
break ... thread ...
command (see Thread Stops). The
location argument specifies source lines, as described
in Specify Location.
Use the qualifier ‘task taskno’ with a breakpoint command to specify that you only want gdb to stop the program when a particular Ada task reaches this breakpoint. The taskno is one of the numeric task identifiers assigned by gdb, shown in the first column of the ‘info tasks’ display.
If you do not specify ‘task taskno’ when you set a breakpoint, the breakpoint applies to all tasks of your program.
You can use the task
qualifier on conditional breakpoints as
well; in this case, place ‘task taskno’ before the
breakpoint condition (before the if
).
For example,
(gdb) info tasks ID TID P-ID Pri State Name 1 140022020 0 15 Child Activation Wait main_task 2 140045060 1 15 Accept/Select Wait t2 3 140044840 1 15 Runnable t1 * 4 140056040 1 15 Runnable t3 (gdb) b 15 task 2 Breakpoint 5 at 0x120044cb0: file test_task_debug.adb, line 15. (gdb) cont Continuing. task # 1 running task # 2 running Breakpoint 5, test_task_debug () at test_task_debug.adb:15 15 flush; (gdb) info tasks ID TID P-ID Pri State Name 1 140022020 0 15 Child Activation Wait main_task * 2 140045060 1 15 Runnable t2 3 140044840 1 15 Runnable t1 4 140056040 1 15 Delay Sleep t3
When inspecting a core file, as opposed to debugging a live program, tasking support may be limited or even unavailable, depending on the platform being used. For instance, on x86-linux, the list of tasks is available, but task switching is not supported.
On certain platforms, the debugger needs to perform some memory writes in order to provide Ada tasking support. When inspecting a core file, this means that the core file must be opened with read-write privileges, using the command ‘"set write on"’ (see Patching). Under these circumstances, you should make a backup copy of the core file before inspecting it with gdb.
The Ravenscar Profile is a subset of the Ada tasking features, specifically designed for systems with safety-critical real-time requirements.
set ravenscar task-switching on
set ravenscar task-switching off
show ravenscar task-switching
When Ravenscar task-switching is enabled, Ravenscar tasks are announced by gdb as if they were threads:
(gdb) continue [New Ravenscar Thread 0x2b8f0]
Both Ravenscar tasks and the underlying CPU threads will show up in
the output of info threads
:
(gdb) info threads Id Target Id Frame 1 Thread 1 (CPU#0 [running]) simple () at simple.adb:10 2 Thread 2 (CPU#1 [running]) 0x0000000000003d34 in __gnat_initialize_cpu_devices () 3 Thread 3 (CPU#2 [running]) 0x0000000000003d28 in __gnat_initialize_cpu_devices () 4 Thread 4 (CPU#3 [halted ]) 0x000000000000c6ec in system.task_primitives.operations.idle () * 5 Ravenscar Thread 0x2b8f0 simple () at simple.adb:10 6 Ravenscar Thread 0x2f150 0x000000000000c6ec in system.task_primitives.operations.idle ()
One known limitation of the Ravenscar support in gdb is that
it isn't currently possible to single-step through the runtime
initialization sequence. If you need to debug this code, you should
use set ravenscar task-switching off
.
GNAT always uses code expansion for generic instantiation. This means that each time an instantiation occurs, a complete copy of the original code is made with appropriate substitutions.
It is not possible to refer to the original generic entities themselves
in gdb (there is no code to refer to), but it
is certainly possible to debug a particular instance of a generic, simply by
using the appropriate expanded names. For example, suppose that
Gen
is a generic package:
-- In file gen.ads: generic package Gen is function F (v1 : Integer) return Integer; end Gen; -- In file gen.adb: package body Gen is function F (v1 : Integer) return Integer is begin return v1+1; -- Line 5 end F; end Gen;
and we have the following expansions
with Gen; procedure G is package Gen1 is new Gen; package Gen2 is new Gen; I : Integer := 0; begin I := Gen1.F (I); I := Gen2.F (I); I := Gen1.F (I); I := Gen2.F (I); end;
Then to break on a call to procedure F
in the Gen2
instance, simply
use the command:
(gdb) break G.Gen2.F
To break at a particular line in a particular generic instance, say the return
statement in G.Gen2
, append the line specification to the file and
function name:
(gdb) break gen.adb:G.Gen2.F:5
To break on this line line in all instances of Gen
, use ‘*’
as the function name:
(gdb) break gen.adb:*:5
This will set individual breakpoints at all instances; they are independent of each other and you may remove, conditionalize, or otherwise modify them individually.
When a breakpoint occurs, you can step through the code of the generic instance in the normal manner. You can also examine values of data in the normal manner, providing the appropriate generic package qualification to refer to non-local entities.
set varsize-limit
sizeunlimited
removes the size limitation. By default, the limit is about 65KB.
The purpose of having such a limit is to prevent gdb from
trying to grab enormous chunks of virtual memory when asked to evaluate
a quantity whose bounds have been corrupted or have not yet been fully
initialized. The limit applies to the results of some subexpressions
as well as to complete expressions. For example, an expression denoting
a simple integer component, such as x.y.z
, may fail if the size of
x.y
is variable and exceeds size
. On the other hand,
gdb is sometimes clever; the expression A(i)
, where
A
is an array variable with non-constant size, will generally
succeed regardless of the bounds on A
, as long as the component
size is less than size.
show varsize-limit
Besides the omissions listed previously (see Omissions from Ada), we know of several problems with and limitations of Ada mode in gdb, some of which will be fixed with planned future releases of the debugger and the GNU Ada compiler.
up
commands to get to
frame containing the variable you wish to see.
Access to non-local variables does not, at the moment, work in
the test expressions for conditional breakpoints
(see Break conditions) unless you happen to specify these
while stopped in the subprogram in which they are to be applied.
Standard
for any of
the standard symbols defined by the Ada language. gdb knows about
this: it will strip the prefix from names when you use it, and will never
look for a name you have so qualified among local symbols, nor match against
symbols in other packages or subprograms. If you have
defined entities anywhere in your program other than parameters and
local variables whose simple names match names in Standard
,
GNAT's lack of qualification here can cause confusion. When this happens,
you can usually resolve the confusion
by qualifying the problematic names with package
Standard
explicitly.
Older versions of the compiler sometimes generate erroneous debugging information, resulting in the debugger incorrectly printing the value of affected entities. In some cases, the debugger is able to work around an issue automatically. In other cases, the debugger is able to work around the issue, but the work-around has to be specifically enabled.
set ada trust-PAD-over-XVS on
PAD
and PAD___XVS
types are involved (see ada/exp_dbug.ads
in the GCC sources for
a complete description of the encoding used by the GNAT compiler).
This is the default.
set ada trust-PAD-over-XVS off
ada
trust-PAD-over-XVS
to off
activates a work-around which may fix
the issue. It is always safe to set ada trust-PAD-over-XVS
to
off
, but this incurs a slight performance penalty, so it is
recommended to leave this setting to on
unless necessary.
Internally, the debugger also relies on the compiler following a number of conventions known as the ‘GNAT Encoding’, all documented in gcc/ada/exp_dbug.ads in the GCC sources. This encoding describes how the debugging information should be generated for certain types. In particular, this convention makes use of descriptive types, which are artificial types generated purely to help the debugger.
These encodings were defined at a time when the debugging information format used was not powerful enough to describe some of the more complex types available in Ada. Since DWARF allows us to express nearly all Ada features, the long-term goal is to slowly replace these descriptive types by their pure DWARF equivalent. To facilitate that transition, a new maintenance option is available to force the debugger to ignore those descriptive types. It allows the user to quickly evaluate how well gdb works without them.
maintenance ada set ignore-descriptive-types [on|off]
off
).
maintenance ada show ignore-descriptive-types
In addition to the other fully-supported programming languages,
gdb also provides a pseudo-language, called minimal
.
It does not represent a real programming language, but provides a set
of capabilities close to what the C or assembly languages provide.
This should allow most simple operations to be performed while debugging
an application that uses a language currently not supported by gdb.
If the language is set to auto
, gdb will automatically
select this language if the current frame corresponds to an unsupported
language.
The commands described in this chapter allow you to inquire about the symbols (names of variables, functions and types) defined in your program. This information is inherent in the text of your program and does not change as your program executes. gdb finds it in your program's symbol table, in the file indicated when you started gdb (see Choosing Files), or by one of the file-management commands (see Commands to Specify Files).
Occasionally, you may need to refer to symbols that contain unusual characters, which gdb ordinarily treats as word delimiters. The most frequent case is in referring to static variables in other source files (see Program Variables). File names are recorded in object files as debugging symbols, but gdb would ordinarily parse a typical file name, like foo.c, as the three words ‘foo’ ‘.’ ‘c’. To allow gdb to recognize ‘foo.c’ as a single symbol, enclose it in single quotes; for example,
p 'foo.c'::x
looks up the value of x
in the scope of the file foo.c.
set case-sensitive on
set case-sensitive off
set case-sensitive auto
set
case-sensitive
lets you do that by specifying on
for
case-sensitive matches or off
for case-insensitive ones. If
you specify auto
, case sensitivity is reset to the default
suitable for the source language. The default is case-sensitive
matches for all languages except for Fortran, for which the default is
case-insensitive matches.
show case-sensitive
set print type methods
set print type methods on
set print type methods off
ptype
, or using set
print type methods. Specifying on
will cause gdb to
display the methods; this is the default. Specifying off
will
cause gdb to omit the methods.
show print type methods
set print type nested-type-limit
limitset print type nested-type-limit unlimited
unlimited
or -1
will show all
nested definitions. By default, the type printer will not show any nested
types defined in classes.
show print type nested-type-limit
set print type typedefs
set print type typedefs on
set print type typedefs off
ptype
, or using set
print type typedefs. Specifying on
will cause gdb to
display the typedef definitions; this is the default. Specifying
off
will cause gdb to omit the typedef definitions.
Note that this controls whether the typedef definition itself is
printed, not whether typedef names are substituted when printing other
types.
show print type typedefs
info address
symbolNote the contrast with ‘print &symbol’, which does not work at all for a register variable, and for a stack local variable prints the exact address of the current instantiation of the variable.
info symbol
addr(gdb) info symbol 0x54320 _initialize_vx + 396 in section .text
This is the opposite of the info address
command. You can use
it to find out the name of a variable or a function given its address.
For dynamically linked executables, the name of executable or shared library containing the symbol is also printed:
(gdb) info symbol 0x400225 _start + 5 in section .text of /tmp/a.out (gdb) info symbol 0x2aaaac2811cf __read_nocancel + 6 in section .text of /usr/lib64/libc.so.6
demangle
[-l
language] [–] nameThe ‘--’ option specifies the end of options, and is useful when name begins with a dash.
The parameter demangle-style
specifies how to interpret the kind
of mangling used. See Print Settings.
whatis[/
flags] [
arg]
$
, the last value in the value history.
If arg is an expression (see Expressions), it is not actually evaluated, and any side-effecting operations (such as assignments or function calls) inside it do not take place.
If arg is a variable or an expression, whatis
prints its
literal type as it is used in the source code. If the type was
defined using a typedef
, whatis
will not print
the data type underlying the typedef
. If the type of the
variable or the expression is a compound data type, such as
struct
or class
, whatis
never prints their
fields or methods. It just prints the struct
/class
name (a.k.a. its tag). If you want to see the members of
such a compound data type, use ptype
.
If arg is a type name that was defined using typedef
,
whatis
unrolls only one level of that typedef
.
Unrolling means that whatis
will show the underlying type used
in the typedef
declaration of arg. However, if that
underlying type is also a typedef
, whatis
will not
unroll it.
For C code, the type names may also have the form ‘class class-name’, ‘struct struct-tag’, ‘union union-tag’ or ‘enum enum-tag’.
flags can be used to modify how the type is displayed. Available flags are:
r
/r
flag disables this.
m
M
t
T
o
/tm
flags.
For example, given the following declarations:
struct tuv { int a1; char *a2; int a3; }; struct xyz { int f1; char f2; void *f3; struct tuv f4; }; union qwe { struct tuv fff1; struct xyz fff2; }; struct tyu { int a1 : 1; int a2 : 3; int a3 : 23; char a4 : 2; int64_t a5; int a6 : 5; int64_t a7 : 3; };
Issuing a ptype /o struct tuv command would print:
(gdb) ptype /o struct tuv /* offset | size */ type = struct tuv { /* 0 | 4 */ int a1; /* XXX 4-byte hole */ /* 8 | 8 */ char *a2; /* 16 | 4 */ int a3; /* total size (bytes): 24 */ }
Notice the format of the first column of comments. There, you can find two parts separated by the ‘|’ character: the offset, which indicates where the field is located inside the struct, in bytes, and the size of the field. Another interesting line is the marker of a hole in the struct, indicating that it may be possible to pack the struct and make it use less space by reorganizing its fields.
It is also possible to print offsets inside an union:
(gdb) ptype /o union qwe /* offset | size */ type = union qwe { /* 24 */ struct tuv { /* 0 | 4 */ int a1; /* XXX 4-byte hole */ /* 8 | 8 */ char *a2; /* 16 | 4 */ int a3; /* total size (bytes): 24 */ } fff1; /* 40 */ struct xyz { /* 0 | 4 */ int f1; /* 4 | 1 */ char f2; /* XXX 3-byte hole */ /* 8 | 8 */ void *f3; /* 16 | 24 */ struct tuv { /* 16 | 4 */ int a1; /* XXX 4-byte hole */ /* 24 | 8 */ char *a2; /* 32 | 4 */ int a3; /* total size (bytes): 24 */ } f4; /* total size (bytes): 40 */ } fff2; /* total size (bytes): 40 */ }
In this case, since struct tuv
and struct xyz
occupy the
same space (because we are dealing with an union), the offset is not
printed for them. However, you can still examine the offset of each
of these structures' fields.
Another useful scenario is printing the offsets of a struct containing bitfields:
(gdb) ptype /o struct tyu /* offset | size */ type = struct tyu { /* 0:31 | 4 */ int a1 : 1; /* 0:28 | 4 */ int a2 : 3; /* 0: 5 | 4 */ int a3 : 23; /* 3: 3 | 1 */ signed char a4 : 2; /* XXX 3-bit hole */ /* XXX 4-byte hole */ /* 8 | 8 */ int64_t a5; /* 16:27 | 4 */ int a6 : 5; /* 16:56 | 8 */ int64_t a7 : 3; /* total size (bytes): 24 */ }
Note how the offset information is now extended to also include how many bits are left to be used in each bitfield.
ptype[/
flags] [
arg]
ptype
accepts the same arguments as whatis
, but prints a
detailed description of the type, instead of just the name of the type.
See Expressions.
Contrary to whatis
, ptype
always unrolls any
typedef
s in its argument declaration, whether the argument is
a variable, expression, or a data type. This means that ptype
of a variable or an expression will not print literally its type as
present in the source code—use whatis
for that. typedef
s at
the pointer or reference targets are also unrolled. Only typedef
s of
fields, methods and inner class typedef
s of struct
s,
class
es and union
s are not unrolled even with ptype
.
For example, for this variable declaration:
typedef double real_t; struct complex { real_t real; double imag; }; typedef struct complex complex_t; complex_t var; real_t *real_pointer_var;
the two commands give this output:
(gdb) whatis var type = complex_t (gdb) ptype var type = struct complex { real_t real; double imag; } (gdb) whatis complex_t type = struct complex (gdb) whatis struct complex type = struct complex (gdb) ptype struct complex type = struct complex { real_t real; double imag; } (gdb) whatis real_pointer_var type = real_t * (gdb) ptype real_pointer_var type = double *
As with whatis
, using ptype
without an argument refers to
the type of $
, the last value in the value history.
Sometimes, programs use opaque data types or incomplete specifications of complex data structure. If the debug information included in the program does not allow gdb to display a full declaration of the data type, it will say ‘<incomplete type>’. For example, given these declarations:
struct foo; struct foo *fooptr;
but no definition for struct foo
itself, gdb will say:
(gdb) ptype foo $1 = <incomplete type>
“Incomplete type” is C terminology for data types that are not completely specified.
Othertimes, information about a variable's type is completely absent from the debug information included in the program. This most often happens when the program or library where the variable is defined includes no debug information at all. gdb knows the variable exists from inspecting the linker/loader symbol table (e.g., the ELF dynamic symbol table), but such symbols do not contain type information. Inspecting the type of a (global) variable for which gdb has no type information shows:
(gdb) ptype var type = <data variable, no debug info>
See no debug info variables, for how to print the values of such variables.
info types
regexpinfo types
value
, but
‘i type ^value$’ gives information only on types whose complete
name is value
.
In programs using different languages, gdb chooses the syntax to print the type description according to the ‘set language’ value: using ‘set language auto’ (see Set Language Automatically) means to use the language of the type, other values mean to use the manually specified language (see Set Language Manually).
This command differs from ptype
in two ways: first, like
whatis
, it does not print a detailed description; second, it
lists all source files and line numbers where a type is defined.
info type-printers
info type-printers
displays all the available type printers.
enable type-printer
name...
disable type-printer
name...
info scope
location(gdb) info scope command_line_handler Scope for command_line_handler: Symbol rl is an argument at stack/frame offset 8, length 4. Symbol linebuffer is in static storage at address 0x150a18, length 4. Symbol linelength is in static storage at address 0x150a1c, length 4. Symbol p is a local variable in register $esi, length 4. Symbol p1 is a local variable in register $ebx, length 4. Symbol nline is a local variable in register $edx, length 4. Symbol repeat is a local variable at frame offset -8, length 4.
This command is especially useful for determining what data to collect during a trace experiment, see collect.
info source
info sources
info functions [-q]
In programs using different languages, gdb chooses the syntax to print the function name and type according to the ‘set language’ value: using ‘set language auto’ (see Set Language Automatically) means to use the language of the function, other values mean to use the manually specified language (see Set Language Manually).
The optional flag ‘-q’, which stands for ‘quiet’, disables
printing header information and messages explaining why no functions
have been printed.
info functions [-q] [-t
type_regexp] [
regexp]
If regexp is provided, print only the functions whose names
match the regular expression regexp.
Thus, ‘info fun step’ finds all functions whose
names include step
; ‘info fun ^step’ finds those whose names
start with step
. If a function name contains characters that
conflict with the regular expression language (e.g.
‘operator*()’), they may be quoted with a backslash.
If type_regexp is provided, print only the functions whose
types, as printed by the whatis
command, match
the regular expression type_regexp.
If type_regexp contains space(s), it should be enclosed in
quote characters. If needed, use backslash to escape the meaning
of special characters or quotes.
Thus, ‘info fun -t '^int ('’ finds the functions that return
an integer; ‘info fun -t '(.*int.*'’ finds the functions that
have an argument type containing int; ‘info fun -t '^int (' ^step’
finds the functions whose names start with step
and that return
int.
If both regexp and type_regexp are provided, a function is printed only if its name matches regexp and its type matches type_regexp.
info variables [-q]
In programs using different languages, gdb chooses the syntax to print the variable name and type according to the ‘set language’ value: using ‘set language auto’ (see Set Language Automatically) means to use the language of the variable, other values mean to use the manually specified language (see Set Language Manually).
The optional flag ‘-q’, which stands for ‘quiet’, disables
printing header information and messages explaining why no variables
have been printed.
info variables [-q] [-t
type_regexp] [
regexp]
If regexp is provided, print only the variables whose names match the regular expression regexp.
If type_regexp is provided, print only the variables whose
types, as printed by the whatis
command, match
the regular expression type_regexp.
If type_regexp contains space(s), it should be enclosed in
quote characters. If needed, use backslash to escape the meaning
of special characters or quotes.
If both regexp and type_regexp are provided, an argument is printed only if its name matches regexp and its type matches type_regexp.
info classes
info classes
regexpinfo selectors
info selectors
regexpset opaque-type-resolution on
struct
, class
, or
union
—for example, struct MyType *
—that is used in one
source file although the full declaration of struct MyType
is in
another source file. The default is on.
A change in the setting of this subcommand will not take effect until
the next time symbols for a file are loaded.
set opaque-type-resolution off
{<no data fields>}
show opaque-type-resolution
set print symbol-loading
set print symbol-loading full
set print symbol-loading brief
set print symbol-loading off
set print symbol-loading
command allows you to control the
printing of messages when gdb loads symbol information.
By default a message is printed for the executable and one for each
shared library, and normally this is what you want. However, when
debugging apps with large numbers of shared libraries these messages
can be annoying.
When set to brief
a message is printed for each executable,
and when gdb loads a collection of shared libraries at once
it will only print one message regardless of the number of shared
libraries. When set to off
no messages are printed.
show print symbol-loading
maint print symbols
[-pc
address] [filename]maint print symbols
[-objfile
objfile] [-source
source] [--
] [filename]maint print psymbols
[-objfile
objfile] [-pc
address] [--
] [filename]maint print psymbols
[-objfile
objfile] [-source
source] [--
] [filename]maint print msymbols
[-objfile
objfile] [--
] [filename]-objfile
objfile is specified, only dump symbols for
that objfile.
If -pc
address is specified, only dump symbols for the file
with code at that address. Note that address may be a symbol like
main
.
If -source
source is specified, only dump symbols for that
source file.
These commands are used to debug the gdb symbol-reading code.
These commands do not modify internal gdb state, therefore
‘maint print symbols’ will only print symbols for already expanded symbol
tables.
You can use the command info sources
to find out which files these are.
If you use ‘maint print psymbols’ instead, the dump shows information
about symbols that gdb only knows partially—that is, symbols
defined in files that gdb has skimmed, but not yet read completely.
Finally, ‘maint print msymbols’ just dumps “minimal symbols”, e.g.,
“ELF symbols”.
See Commands to Specify Files, for a discussion of how
gdb reads symbols (in the description of symbol-file
).
maint info symtabs
[ regexp ]maint info psymtabs
[ regexp ]struct symtab
or struct partial_symtab
structures whose names match regexp. If regexp is not
given, list them all. The output includes expressions which you can
copy into a gdb debugging this one to examine a particular
structure in more detail. For example:
(gdb) maint info psymtabs dwarf2read { objfile /home/gnu/build/gdb/gdb ((struct objfile *) 0x82e69d0) { psymtab /home/gnu/src/gdb/dwarf2read.c ((struct partial_symtab *) 0x8474b10) readin no fullname (null) text addresses 0x814d3c8 -- 0x8158074 globals (* (struct partial_symbol **) 0x8507a08 @ 9) statics (* (struct partial_symbol **) 0x40e95b78 @ 2882) dependencies (none) } } (gdb) maint info symtabs (gdb)
We see that there is one partial symbol table whose filename contains the string ‘dwarf2read’, belonging to the ‘gdb’ executable; and we see that gdb has not read in any symtabs yet at all. If we set a breakpoint on a function, that will cause gdb to read the symtab for the compilation unit containing that function:
(gdb) break dwarf2_psymtab_to_symtab Breakpoint 1 at 0x814e5da: file /home/gnu/src/gdb/dwarf2read.c, line 1574. (gdb) maint info symtabs { objfile /home/gnu/build/gdb/gdb ((struct objfile *) 0x82e69d0) { symtab /home/gnu/src/gdb/dwarf2read.c ((struct symtab *) 0x86c1f38) dirname (null) fullname (null) blockvector ((struct blockvector *) 0x86c1bd0) (primary) linetable ((struct linetable *) 0x8370fa0) debugformat DWARF 2 } } (gdb)
maint info line-table
[ regexp ]struct linetable
from all struct symtab
instances whose name matches regexp. If regexp is not
given, list the struct linetable
from all struct symtab
.
maint set symbol-cache-size
sizemaint show symbol-cache-size
maint print symbol-cache
maint print symbol-cache-statistics
maint flush-symbol-cache
Once you think you have found an error in your program, you might want to find out for certain whether correcting the apparent error would lead to correct results in the rest of the run. You can find the answer by experiment, using the gdb features for altering execution of the program.
For example, you can store new values into variables or memory locations, give your program a signal, restart it at a different address, or even return prematurely from a function.
To alter the value of a variable, evaluate an assignment expression. See Expressions. For example,
print x=4
stores the value 4 into the variable x
, and then prints the
value of the assignment expression (which is 4).
See Using gdb with Different Languages, for more
information on operators in supported languages.
If you are not interested in seeing the value of the assignment, use the
set
command instead of the print
command. set
is
really the same as print
except that the expression's value is
not printed and is not put in the value history (see Value History). The expression is evaluated only for its effects.
If the beginning of the argument string of the set
command
appears identical to a set
subcommand, use the set
variable
command instead of just set
. This command is identical
to set
except for its lack of subcommands. For example, if your
program has a variable width
, you get an error if you try to set
a new value with just ‘set width=13’, because gdb has the
command set width
:
(gdb) whatis width type = double (gdb) p width $4 = 13 (gdb) set width=47 Invalid syntax in expression.
The invalid expression, of course, is ‘=47’. In
order to actually set the program's variable width
, use
(gdb) set var width=47
Because the set
command has many subcommands that can conflict
with the names of program variables, it is a good idea to use the
set variable
command instead of just set
. For example, if
your program has a variable g
, you run into problems if you try
to set a new value with just ‘set g=4’, because gdb has
the command set gnutarget
, abbreviated set g
:
(gdb) whatis g type = double (gdb) p g $1 = 1 (gdb) set g=4 (gdb) p g $2 = 1 (gdb) r The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /home/smith/cc_progs/a.out "/home/smith/cc_progs/a.out": can't open to read symbols: Invalid bfd target. (gdb) show g The current BFD target is "=4".
The program variable g
did not change, and you silently set the
gnutarget
to an invalid value. In order to set the variable
g
, use
(gdb) set var g=4
gdb allows more implicit conversions in assignments than C; you can freely store an integer value into a pointer variable or vice versa, and you can convert any structure to any other structure that is the same length or shorter.
To store values into arbitrary places in memory, use the ‘{...}’
construct to generate a value of specified type at a specified address
(see Expressions). For example, {int}0x83040
refers
to memory location 0x83040
as an integer (which implies a certain size
and representation in memory), and
set {int}0x83040 = 4
stores the value 4 into that memory location.
Ordinarily, when you continue your program, you do so at the place where
it stopped, with the continue
command. You can instead continue at
an address of your own choosing, with the following commands:
jump
locationj
locationtbreak
command in conjunction with
jump
. See Setting Breakpoints.
The jump
command does not change the current stack frame, or
the stack pointer, or the contents of any memory location or any
register other than the program counter. If location is in
a different function from the one currently executing, the results may
be bizarre if the two functions expect different patterns of arguments or
of local variables. For this reason, the jump
command requests
confirmation if the specified line is not in the function currently
executing. However, even bizarre results are predictable if you are
well acquainted with the machine-language code of your program.
On many systems, you can get much the same effect as the jump
command by storing a new value into the register $pc
. The
difference is that this does not start your program running; it only
changes the address of where it will run when you continue. For
example,
set $pc = 0x485
makes the next continue
command or stepping command execute at
address 0x485
, rather than at the address where your program stopped.
See Continuing and Stepping.
The most common occasion to use the jump
command is to back
up—perhaps with more breakpoints set—over a portion of a program
that has already executed, in order to examine its execution in more
detail.
signal
signalsignal 2
and signal
SIGINT
are both ways of sending an interrupt signal.
Alternatively, if signal is zero, continue execution without
giving a signal. This is useful when your program stopped on account of
a signal and would ordinarily see the signal when resumed with the
continue
command; ‘signal 0’ causes it to resume without a
signal.
Note: When resuming a multi-threaded program, signal is delivered to the currently selected thread, not the thread that last reported a stop. This includes the situation where a thread was stopped due to a signal. So if you want to continue execution suppressing the signal that stopped a thread, you should select that same thread before issuing the ‘signal 0’ command. If you issue the ‘signal 0’ command with another thread as the selected one, gdb detects that and asks for confirmation.
Invoking the signal
command is not the same as invoking the
kill
utility from the shell. Sending a signal with kill
causes gdb to decide what to do with the signal depending on
the signal handling tables (see Signals). The signal
command
passes the signal directly to your program.
signal
does not repeat when you press <RET> a second time
after executing the command.
queue-signal
signalsignal 2
and
signal SIGINT
are both ways of sending an interrupt signal.
The handling of the signal must be set to pass the signal to the program,
otherwise gdb will report an error.
You can control the handling of signals from gdb with the
handle
command (see Signals).
Alternatively, if signal is zero, any currently queued signal
for the current thread is discarded and when execution resumes no signal
will be delivered. This is useful when your program stopped on account
of a signal and would ordinarily see the signal when resumed with the
continue
command.
This command differs from the signal
command in that the signal
is just queued, execution is not resumed. And queue-signal
cannot
be used to pass a signal whose handling state has been set to nopass
(see Signals).
See stepping into signal handlers, for information on how stepping commands behave when the thread has a signal queued.
return
return
expressionreturn
command. If you give an
expression argument, its value is used as the function's return
value.
When you use return
, gdb discards the selected stack frame
(and all frames within it). You can think of this as making the
discarded frame return prematurely. If you wish to specify a value to
be returned, give that value as the argument to return
.
This pops the selected stack frame (see Selecting a Frame), and any other frames inside of it, leaving its caller as the innermost remaining frame. That frame becomes selected. The specified value is stored in the registers used for returning values of functions.
The return
command does not resume execution; it leaves the
program stopped in the state that would exist if the function had just
returned. In contrast, the finish
command (see Continuing and Stepping) resumes execution until the
selected stack frame returns naturally.
gdb needs to know how the expression argument should be set for
the inferior. The concrete registers assignment depends on the OS ABI and the
type being returned by the selected stack frame. For example it is common for
OS ABI to return floating point values in FPU registers while integer values in
CPU registers. Still some ABIs return even floating point values in CPU
registers. Larger integer widths (such as long long int
) also have
specific placement rules. gdb already knows the OS ABI from its
current target so it needs to find out also the type being returned to make the
assignment into the right register(s).
Normally, the selected stack frame has debug info. gdb will always
use the debug info instead of the implicit type of expression when the
debug info is available. For example, if you type return -1, and the
function in the current stack frame is declared to return a long long
int
, gdb transparently converts the implicit int
value of -1
into a long long int
:
Breakpoint 1, func () at gdb.base/return-nodebug.c:29 29 return 31; (gdb) return -1 Make func return now? (y or n) y #0 0x004004f6 in main () at gdb.base/return-nodebug.c:43 43 printf ("result=%lld\n", func ()); (gdb)
However, if the selected stack frame does not have a debug info, e.g., if the
function was compiled without debug info, gdb has to find out the type
to return from user. Specifying a different type by mistake may set the value
in different inferior registers than the caller code expects. For example,
typing return -1 with its implicit type int
would set only a part
of a long long int
result for a debug info less function (on 32-bit
architectures). Therefore the user is required to specify the return type by
an appropriate cast explicitly:
Breakpoint 2, 0x0040050b in func () (gdb) return -1 Return value type not available for selected stack frame. Please use an explicit cast of the value to return. (gdb) return (long long int) -1 Make selected stack frame return now? (y or n) y #0 0x00400526 in main () (gdb)
print
exprcall
exprvoid
returned values.
You can use this variant of the print
command if you want to
execute a function from your program that does not return anything
(a.k.a. a void function), but without cluttering the output
with void
returned values that gdb will otherwise
print. If the result is not void, it is printed and saved in the
value history.
It is possible for the function you call via the print
or
call
command to generate a signal (e.g., if there's a bug in
the function, or if you passed it incorrect arguments). What happens
in that case is controlled by the set unwindonsignal
command.
Similarly, with a C++ program it is possible for the function you
call via the print
or call
command to generate an
exception that is not handled due to the constraints of the dummy
frame. In this case, any exception that is raised in the frame, but has
an out-of-frame exception handler will not be found. GDB builds a
dummy-frame for the inferior function call, and the unwinder cannot
seek for exception handlers outside of this dummy-frame. What happens
in that case is controlled by the
set unwind-on-terminating-exception
command.
set unwindonsignal
show unwindonsignal
set unwind-on-terminating-exception
show unwind-on-terminating-exception
Sometimes, a function you wish to call is missing debug information. In such case, gdb does not know the type of the function, including the types of the function's parameters. To avoid calling the inferior function incorrectly, which could result in the called function functioning erroneously and even crash, gdb refuses to call the function unless you tell it the type of the function.
For prototyped (i.e. ANSI/ISO style) functions, there are two ways to do that. The simplest is to cast the call to the function's declared return type. For example:
(gdb) p getenv ("PATH") 'getenv' has unknown return type; cast the call to its declared return type (gdb) p (char *) getenv ("PATH") $1 = 0x7fffffffe7ba "/usr/local/bin:/"...
Casting the return type of a no-debug function is equivalent to casting the function to a pointer to a prototyped function that has a prototype that matches the types of the passed-in arguments, and calling that. I.e., the call above is equivalent to:
(gdb) p ((char * (*) (const char *)) getenv) ("PATH")
and given this prototyped C or C++ function with float parameters:
float multiply (float v1, float v2) { return v1 * v2; }
these calls are equivalent:
(gdb) p (float) multiply (2.0f, 3.0f) (gdb) p ((float (*) (float, float)) multiply) (2.0f, 3.0f)
If the function you wish to call is declared as unprototyped (i.e. old K&R style), you must use the cast-to-function-pointer syntax, so that gdb knows that it needs to apply default argument promotions (promote float arguments to double). See float promotion. For example, given this unprototyped C function with float parameters, and no debug info:
float multiply_noproto (v1, v2) float v1, v2; { return v1 * v2; }
you call it like this:
(gdb) p ((float (*) ()) multiply_noproto) (2.0f, 3.0f)
By default, gdb opens the file containing your program's executable code (or the corefile) read-only. This prevents accidental alterations to machine code; but it also prevents you from intentionally patching your program's binary.
If you'd like to be able to patch the binary, you can specify that
explicitly with the set write
command. For example, you might
want to turn on internal debugging flags, or even to make emergency
repairs.
set write on
set write off
If you have already loaded a file, you must load it again (using the
exec-file
or core-file
command) after changing set
write
, for your new setting to take effect.
show write
gdb supports on-demand compilation and code injection into programs running under gdb. GCC 5.0 or higher built with libcc1.so must be installed for this functionality to be enabled. This functionality is implemented with the following commands.
compile code
source-codecompile code -raw
– source-codeThe command allows you to specify source-code in two ways. The simplest method is to provide a single line of code to the command. E.g.:
compile code printf ("hello world\n");
If you specify options on the command line as well as source code, they may conflict. The ‘--’ delimiter can be used to separate options from actual source code. E.g.:
compile code -r -- printf ("hello world\n");
Alternatively you can enter source code as multiple lines of text. To enter this mode, invoke the ‘compile code’ command without any text following the command. This will start the multiple-line editor and allow you to type as many lines of source code as required. When you have completed typing, enter ‘end’ on its own line to exit the editor.
compile code >printf ("hello\n"); >printf ("world\n"); >end
Specifying ‘-raw’, prohibits gdb from wrapping the
provided source-code in a callable scope. In this case, you must
specify the entry point of the code by defining a function named
_gdb_expr_
. The ‘-raw’ code cannot access variables of the
inferior. Using ‘-raw’ option may be needed for example when
source-code requires ‘#include’ lines which may conflict with
inferior symbols otherwise.
compile file
filenamecompile file -raw
filenamecompile code
, but take the source code from filename.
compile file /home/user/example.c
compile print
exprcompile print /
f exprcompile print
compile print /
fThe process of compiling and injecting the code can be inspected using:
set debug compile
show debug compile
set debug compile-cplus-types
show debug compile-cplus-types
compile
commandgdb needs to specify the right compilation options for the code to be injected, in part to make its ABI compatible with the inferior and in part to make the injected code compatible with gdb's injecting process.
The options used, in increasing precedence:
gdbarch
)-m32
) or 64-bit
(-m64
) compilation option.
DW_AT_producer
part of DWARF debugging information according
to the gcc option -grecord-gcc-switches
. One has to
explicitly specify -g
during inferior compilation otherwise
gcc produces no DWARF. This feature is only relevant for
platforms where -g
produces DWARF by default, otherwise one may
try to enforce DWARF by using -gdwarf-4
.
set compile-args
You can override compilation options using the following command:
set compile-args
compile
commands. These options override any conflicting ones
from the target architecture and/or options stored during inferior
compilation.
show compile-args
compile
commandThere are a few caveats to keep in mind when using the compile
command. As the caveats are different per language, the table below
highlights specific issues on a per language basis.
compile
command will have much the same
access to variables and types as it normally would if it were part of
the program currently being debugged in gdb.
Below is a sample program that forms the basis of the examples that follow. This program has been compiled and loaded into gdb, much like any other normal debugging session.
void function1 (void) { int i = 42; printf ("function 1\n"); } void function2 (void) { int j = 12; function1 (); } int main(void) { int k = 6; int *p; function2 (); return 0; }
For the purposes of the examples in this section, the program above has
been compiled, loaded into gdb, stopped at the function
main
, and gdb is awaiting input from the user.
To access variables and types for any program in gdb, the
program must be compiled and packaged with debug information. The
compile
command is not an exception to this rule. Without debug
information, you can still use the compile
command, but you will
be very limited in what variables and types you can access.
So with that in mind, the example above has been compiled with debug
information enabled. The compile
command will have access to
all variables and types (except those that may have been optimized
out). Currently, as gdb has stopped the program in the
main
function, the compile
command would have access to
the variable k
. You could invoke the compile
command
and type some source code to set the value of k
. You can also
read it, or do anything with that variable you would normally do in
C
. Be aware that changes to inferior variables in the
compile
command are persistent. In the following example:
compile code k = 3;
the variable k
is now 3. It will retain that value until
something else in the example program changes it, or another
compile
command changes it.
Normal scope and access rules apply to source code compiled and
injected by the compile
command. In the example, the variables
j
and k
are not accessible yet, because the program is
currently stopped in the main
function, where these variables
are not in scope. Therefore, the following command
compile code j = 3;
will result in a compilation error message.
Once the program is continued, execution will bring these variables in
scope, and they will become accessible; then the code you specify via
the compile
command will be able to access them.
You can create variables and types with the compile
command as
part of your source code. Variables and types that are created as part
of the compile
command are not visible to the rest of the program for
the duration of its run. This example is valid:
compile code int ff = 5; printf ("ff is %d\n", ff);
However, if you were to type the following into gdb after that command has completed:
compile code printf ("ff is %d\n'', ff);
a compiler error would be raised as the variable ff
no longer
exists. Object code generated and injected by the compile
command is removed when its execution ends. Caution is advised
when assigning to program variables values of variables created by the
code submitted to the compile
command. This example is valid:
compile code int ff = 5; k = ff;
The value of the variable ff
is assigned to k
. The variable
k
does not require the existence of ff
to maintain the value
it has been assigned. However, pointers require particular care in
assignment. If the source code compiled with the compile
command
changed the address of a pointer in the example program, perhaps to a
variable created in the compile
command, that pointer would point
to an invalid location when the command exits. The following example
would likely cause issues with your debugged program:
compile code int ff = 5; p = &ff;
In this example, p
would point to ff
when the
compile
command is executing the source code provided to it.
However, as variables in the (example) program persist with their
assigned values, the variable p
would point to an invalid
location when the command exists. A general rule should be followed
in that you should either assign NULL
to any assigned pointers,
or restore a valid location to the pointer before the command exits.
Similar caution must be exercised with any structs, unions, and typedefs
defined in compile
command. Types defined in the compile
command will no longer be available in the next compile
command.
Therefore, if you cast a variable to a type defined in the
compile
command, care must be taken to ensure that any future
need to resolve the type can be achieved.
(gdb) compile code static struct a { int a; } v = { 42 }; argv = &v; (gdb) compile code printf ("%d\n", ((struct a *) argv)->a); gdb command line:1:36: error: dereferencing pointer to incomplete type ‘struct a’ Compilation failed. (gdb) compile code struct a { int a; }; printf ("%d\n", ((struct a *) argv)->a); 42
Variables that have been optimized away by the compiler are not
accessible to the code submitted to the compile
command.
Access to those variables will generate a compiler error which gdb
will print to the console.
compile
commandgdb needs to find gcc for the inferior being debugged
which may not be obvious for remote targets of different architecture
than where gdb is running. Environment variable PATH
on
gdb host is searched for gcc binary matching the
target architecture and operating system. This search can be overriden
by set compile-gcc
gdb command below. PATH
is
taken from shell that executed gdb, it is not the value set by
gdb command set environment
). See Environment.
Specifically PATH
is searched for binaries matching regular expression
arch(-[^-]*)?-
os-gcc
according to the inferior target being
debugged. arch is processor name — multiarch is supported, so for
example both i386
and x86_64
targets look for pattern
(x86_64|i.86)
and both s390
and s390x
targets look
for pattern s390x?
. os is currently supported only for
pattern linux(-gnu)?
.
On Posix hosts the compiler driver gdb needs to find also
shared library libcc1.so from the compiler. It is searched in
default shared library search path (overridable with usual environment
variable LD_LIBRARY_PATH
), unrelated to PATH
or set
compile-gcc
settings. Contrary to it libcc1plugin.so is found
according to the installation of the found compiler — as possibly
specified by the set compile-gcc
command.
set compile-gcc
compile
commands. If this option is not set (it is set to
an empty string), the search described above will occur — that is the
default.
show compile-gcc
gdb needs to know the file name of the program to be debugged, both in order to read its symbol table and in order to start your program. To debug a core dump of a previous run, you must also tell gdb the name of the core dump file.
You may want to specify executable and core dump file names. The usual way to do this is at start-up time, using the arguments to gdb's start-up commands (see Getting In and Out of gdb).
Occasionally it is necessary to change to a different file during a
gdb session. Or you may run gdb and forget to
specify a file you want to use. Or you are debugging a remote target
via gdbserver
(see file). In these situations the gdb commands to specify
new files are useful.
file
filenamerun
command. If you do not specify a
directory and the file is not found in the gdb working directory,
gdb uses the environment variable PATH
as a list of
directories to search, just as the shell does when looking for a program
to run. You can change the value of this variable, for both gdb
and your program, using the path
command.
You can load unlinked object .o files into gdb using
the file
command. You will not be able to “run” an object
file, but you can disassemble functions and inspect variables. Also,
if the underlying BFD functionality supports it, you could use
gdb -write to patch object files using this technique. Note
that gdb can neither interpret nor modify relocations in this
case, so branches and some initialized variables will appear to go to
the wrong place. But this feature is still handy from time to time.
file
file
with no argument makes gdb discard any information it
has on both executable file and the symbol table.
exec-file
[ filename ]PATH
if necessary to locate your program. Omitting filename means to
discard information on the executable file.
symbol-file
[ filename [ -o
offset ]]PATH
is
searched when necessary. Use the file
command to get both symbol
table and program to run from the same file.
If an optional offset is specified, it is added to the start address of each section in the symbol file. This is useful if the program is relocated at runtime, such as the Linux kernel with kASLR enabled.
symbol-file
with no argument clears out gdb information on your
program's symbol table.
The symbol-file
command causes gdb to forget the contents of
some breakpoints and auto-display expressions. This is because they may
contain pointers to the internal data recording symbols and data types,
which are part of the old symbol table data being discarded inside
gdb.
symbol-file
does not repeat if you press <RET> again after
executing it once.
When gdb is configured for a particular environment, it understands debugging information in whatever format is the standard generated for that environment; you may use either a gnu compiler, or other compilers that adhere to the local conventions. Best results are usually obtained from gnu compilers; for example, using gcc you can generate debugging information for optimized code.
For most kinds of object files, with the exception of old SVR3 systems
using COFF, the symbol-file
command does not normally read the
symbol table in full right away. Instead, it scans the symbol table
quickly to find which source files and which symbols are present. The
details are read later, one source file at a time, as they are needed.
The purpose of this two-stage reading strategy is to make gdb
start up faster. For the most part, it is invisible except for
occasional pauses while the symbol table details for a particular source
file are being read. (The set verbose
command can turn these
pauses into messages if desired. See Optional Warnings and Messages.)
We have not implemented the two-stage strategy for COFF yet. When the
symbol table is stored in COFF format, symbol-file
reads the
symbol table data in full right away. Note that “stabs-in-COFF”
still does the two-stage strategy, since the debug info is actually
in stabs format.
symbol-file
[ -readnow
] filenamefile
[ -readnow
] filenamesymbol-file
[ -readnever
] filenamefile
[ -readnever
] filenamecore-file
[filename]core
core-file
with no argument specifies that no core file is
to be used.
Note that the core file is ignored when your program is actually running
under gdb. So, if you have been running your program and you
wish to debug a core file instead, you must kill the subprocess in which
the program is running. To do this, use the kill
command
(see Killing the Child Process).
add-symbol-file
filename [ -readnow
| -readnever
] [ -o
offset ] [ textaddress ] [ -s
section address ...
]add-symbol-file
command reads additional symbol table
information from the file filename. You would use this command
when filename has been dynamically loaded (by some other means)
into the program that is running. The textaddress parameter gives
the memory address at which the file's text section has been loaded.
You can additionally specify the base address of other sections using
an arbitrary number of ‘-s section address’ pairs.
If a section is omitted, gdb will use its default addresses
as found in filename. Any address or textaddress
can be given as an expression.
If an optional offset is specified, it is added to the start address of each section, except those for which the address was specified explicitly.
The symbol table of the file filename is added to the symbol table
originally read with the symbol-file
command. You can use the
add-symbol-file
command any number of times; the new symbol data
thus read is kept in addition to the old.
Changes can be reverted using the command remove-symbol-file
.
Although filename is typically a shared library file, an executable file, or some other object file which has been fully relocated for loading into a process, you can also load symbolic information from relocatable .o files, as long as:
add-symbol-file
command.
Some embedded operating systems, like Sun Chorus and VxWorks, can load
relocatable files into an already running program; such systems
typically make the requirements above easy to meet. However, it's
important to recognize that many native systems use complex link
procedures (.linkonce
section factoring and C++ constructor table
assembly, for example) that make the requirements difficult to meet. In
general, one cannot assume that using add-symbol-file
to read a
relocatable object file's symbolic information will have the same effect
as linking the relocatable object file into the program in the normal
way.
add-symbol-file
does not repeat if you press <RET> after using it.
remove-symbol-file
filenameremove-symbol-file -a
addressadd-symbol-file
command. The
file to remove can be identified by its filename or by an address
that lies within the boundaries of this symbol file in memory. Example:
(gdb) add-symbol-file /home/user/gdb/mylib.so 0x7ffff7ff9480 add symbol table from file "/home/user/gdb/mylib.so" at .text_addr = 0x7ffff7ff9480 (y or n) y Reading symbols from /home/user/gdb/mylib.so...done. (gdb) remove-symbol-file -a 0x7ffff7ff9480 Remove symbol table from file "/home/user/gdb/mylib.so"? (y or n) y (gdb)
remove-symbol-file
does not repeat if you press <RET> after using it.
add-symbol-file-from-memory
addresssyscall DSO
into each
process's address space; this DSO provides kernel-specific code for
some system calls. The argument can be any expression whose
evaluation yields the address of the file's shared object file header.
For this command to work, you must have used symbol-file
or
exec-file
commands in advance.
section
section addrsection
command changes the base address of the named
section of the exec file to addr. This can be used if the
exec file does not contain section addresses, (such as in the
a.out
format), or when the addresses specified in the file
itself are wrong. Each section must be changed separately. The
info files
command, described below, lists all the sections and
their addresses.
info files
info target
info files
and info target
are synonymous; both print the
current target (see Specifying a Debugging Target),
including the names of the executable and core dump files currently in
use by gdb, and the files from which symbols were loaded. The
command help target
lists all possible targets rather than
current ones.
maint info sections
maint info sections
. In addition to the section information
displayed by info files
, this command displays the flags and file
offset of each section in the executable and core dump files. In addition,
maint info sections
provides the following command options (which
may be arbitrarily combined):
ALLOBJ
ALLOC
LOAD
.bss
sections.
RELOC
READONLY
CODE
DATA
ROM
CONSTRUCTOR
HAS_CONTENTS
NEVER_LOAD
COFF_SHARED_LIBRARY
IS_COMMON
set trust-readonly-sections on
The default is off.
set trust-readonly-sections off
show trust-readonly-sections
All file-specifying commands allow both absolute and relative file names as arguments. gdb always converts the file name to an absolute file name and remembers it that way.
gdb supports gnu/Linux, MS-Windows, SunOS, Darwin/Mach-O, SVr4, IBM RS/6000 AIX, QNX Neutrino, FDPIC (FR-V), and DSBT (TIC6X) shared libraries.
On MS-Windows gdb must be linked with the Expat library to support shared libraries. See Expat.
gdb automatically loads symbol definitions from shared libraries
when you use the run
command, or when you examine a core file.
(Before you issue the run
command, gdb does not understand
references to a function in a shared library, however—unless you are
debugging a core file).
There are times, however, when you may wish to not automatically load symbol definitions from shared libraries, such as when they are particularly large or there are many of them.
To control the automatic loading of shared library symbols, use the commands:
set auto-solib-add
modeon
, symbols from all shared object libraries
will be loaded automatically when the inferior begins execution, you
attach to an independently started inferior, or when the dynamic linker
informs gdb that a new library has been loaded. If mode
is off
, symbols must be loaded manually, using the
sharedlibrary
command. The default value is on
.
If your program uses lots of shared libraries with debug info that takes large amounts of memory, you can decrease the gdb memory footprint by preventing it from automatically loading the symbols from shared libraries. To that end, type set auto-solib-add off before running the inferior, then load each library whose debug symbols you do need with sharedlibrary regexp, where regexp is a regular expression that matches the libraries whose symbols you want to be loaded.
show auto-solib-add
To explicitly load shared library symbols, use the sharedlibrary
command:
info share
regexinfo sharedlibrary
regexinfo dll
regexinfo sharedlibrary
.
sharedlibrary
regexshare
regexrun
. If
regex is omitted all shared libraries required by your program are
loaded.
nosharedlibrary
Sometimes you may wish that gdb stops and gives you control
when any of shared library events happen. The best way to do this is
to use catch load
and catch unload
(see Set Catchpoints).
gdb also supports the the set stop-on-solib-events
command for this. This command exists for historical reasons. It is
less useful than setting a catchpoint, because it does not allow for
conditions or commands as a catchpoint does.
set stop-on-solib-events
show stop-on-solib-events
Shared libraries are also supported in many cross or remote debugging configurations. gdb needs to have access to the target's libraries; this can be accomplished either by providing copies of the libraries on the host system, or by asking gdb to automatically retrieve the libraries from the target. If copies of the target libraries are provided, they need to be the same as the target libraries, although the copies on the target can be stripped as long as the copies on the host are not.
For remote debugging, you need to tell gdb where the target libraries are, so that it can load the correct copies—otherwise, it may try to load the host's libraries. gdb has two variables to specify the search directories for target libraries.
set sysroot
pathset sysroot
to find executables and shared libraries, they need
to be laid out in the same way that they are on the target, with
e.g. a /bin, /lib and /usr/lib hierarchy under
path.
If path starts with the sequence target: and the target
system is remote then gdb will retrieve the target binaries
from the remote system. This is only supported when using a remote
target that supports the remote get
command (see Sending files to a remote system). The part of path
following the initial target: (if present) is used as system
root prefix on the remote file system. If path starts with the
sequence remote: this is converted to the sequence
target: by set sysroot
14. If you want
to specify a local system root using a directory that happens to be
named target: or remote:, you need to use some
equivalent variant of the name like ./target:.
For targets with an MS-DOS based filesystem, such as MS-Windows and SymbianOS, gdb tries prefixing a few variants of the target absolute file name with path. But first, on Unix hosts, gdb converts all backslash directory separators into forward slashes, because the backslash is not a directory separator on Unix:
c:\foo\bar.dll ⇒ c:/foo/bar.dll
Then, gdb attempts prefixing the target file name with path, and looks for the resulting file name in the host file system:
c:/foo/bar.dll ⇒ /path/to/sysroot/c:/foo/bar.dll
If that does not find the binary, gdb tries removing the ‘:’ character from the drive spec, both for convenience, and, for the case of the host file system not supporting file names with colons:
c:/foo/bar.dll ⇒ /path/to/sysroot/c/foo/bar.dll
This makes it possible to have a system root that mirrors a target with more than one drive. E.g., you may want to setup your local copies of the target system shared libraries like so (note ‘c’ vs ‘z’):
/path/to/sysroot/c/sys/bin/foo.dll /path/to/sysroot/c/sys/bin/bar.dll /path/to/sysroot/z/sys/bin/bar.dll
and point the system root at /path/to/sysroot, so that gdb can find the correct copies of both c:\sys\bin\foo.dll, and z:\sys\bin\bar.dll.
If that still does not find the binary, gdb tries removing the whole drive spec from the target file name:
c:/foo/bar.dll ⇒ /path/to/sysroot/foo/bar.dll
This last lookup makes it possible to not care about the drive name, if you don't want or need to.
The set solib-absolute-prefix
command is an alias for set
sysroot
.
You can set the default system root by using the configure-time ‘--with-sysroot’ option. If the system root is inside gdb's configured binary prefix (set with ‘--prefix’ or ‘--exec-prefix’), then the default system root will be updated automatically if the installed gdb is moved to a new location.
show sysroot
set solib-search-path
pathshow solib-search-path
set target-file-system-kind
kindShared library file names as reported by the target system may not
make sense as is on the system gdb is running on. For
example, when remote debugging a target that has MS-DOS based file
system semantics, from a Unix host, the target may be reporting to
gdb a list of loaded shared libraries with file names such as
c:\Windows\kernel32.dll. On Unix hosts, there's no concept of
drive letters, so the ‘c:\’ prefix is not normally understood as
indicating an absolute file name, and neither is the backslash
normally considered a directory separator character. In that case,
the native file system would interpret this whole absolute file name
as a relative file name with no directory components. This would make
it impossible to point gdb at a copy of the remote target's
shared libraries on the host using set sysroot
, and impractical
with set solib-search-path
. Setting
target-file-system-kind
to dos-based
tells gdb
to interpret such file names similarly to how the target would, and to
map them to file names valid on gdb's native file system
semantics. The value of kind can be "auto"
, in addition
to one of the supported file system kinds. In that case, gdb
tries to determine the appropriate file system variant based on the
current target's operating system (see Configuring the Current ABI). The supported file system settings are:
unix
dos-based
auto
When processing file names provided by the user, gdb
frequently needs to compare them to the file names recorded in the
program's debug info. Normally, gdb compares just the
base names of the files as strings, which is reasonably fast
even for very large programs. (The base name of a file is the last
portion of its name, after stripping all the leading directories.)
This shortcut in comparison is based upon the assumption that files
cannot have more than one base name. This is usually true, but
references to files that use symlinks or similar filesystem
facilities violate that assumption. If your program records files
using such facilities, or if you provide file names to gdb
using symlinks etc., you can set basenames-may-differ
to
true
to instruct gdb to completely canonicalize each
pair of file names it needs to compare. This will make file-name
comparisons accurate, but at a price of a significant slowdown.
set basenames-may-differ
show basenames-may-differ
To speed up file loading, and reduce memory usage, gdb will
reuse the bfd
objects used to track open files. See BFD. The following commands
allow visibility and control of the caching behavior.
maint info bfds
bfd
object that is known to
gdb.
maint set bfd-sharing
maint show bfd-sharing
bfd
objects can be shared. When sharing is
enabled gdb reuses already open bfd
objects rather
than reopening the same file. Turning sharing off does not cause
already shared bfd
objects to be unshared, but all future files
that are opened will create a new bfd
object. Similarly,
re-enabling sharing does not cause multiple existing bfd
objects to be collapsed into a single shared bfd
object.
set debug bfd-cache
levelshow debug bfd-cache
gdb allows you to put a program's debugging information in a file separate from the executable itself, in a way that allows gdb to find and load the debugging information automatically. Since debugging information can be very large—sometimes larger than the executable code itself—some systems distribute debugging information for their executables in separate files, which users can install only when they need to debug a problem.
gdb supports two ways of specifying the separate debug info file:
Depending on the way the debug info file is specified, gdb uses two different methods of looking for the debug file:
So, for example, suppose you ask gdb to debug
/usr/bin/ls, which has a debug link that specifies the
file ls.debug, and a build ID whose value in hex is
abcdef1234
. If the list of the global debug directories includes
/usr/lib/debug, then gdb will look for the following
debug information files, in the indicated order:
Global debugging info directories default to what is set by gdb configure option --with-separate-debug-dir. During gdb run you can also set the global debugging info directories, and view the list gdb is currently using.
set debug-file-directory
directoriesshow debug-file-directory
A debug link is a special section of the executable file named
.gnu_debuglink
. The section must contain: