This is the Ninth Edition, of Debugging with gdb: the gnu Source-Level Debugger for gdb (GDB) Version 7.0.0.20091121.
Copyright © 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being “Free Software” and “Free Software Needs Free Documentation”, with the Front-Cover Texts being “A GNU Manual,” and with the Back-Cover Texts as in (a) below.
(a) The FSF's Back-Cover Text is: “You are free to copy and modify this GNU Manual. Buying copies from GNU Press supports the FSF in developing GNU and promoting software freedom.”
This file describes gdb, the gnu symbolic debugger.
This is the Ninth Edition, for gdb (GDB) Version 7.0.0.20091121.
Copyright (C) 1988-2009 Free Software Foundation, Inc.
This edition of the GDB manual is dedicated to the memory of Fred Fish. Fred was a long-standing contributor to GDB and to Free software in general. We will miss him.
The purpose of a debugger such as gdb is to allow you to see what is going on “inside” another program while it executes—or what another program was doing at the moment it crashed.
gdb can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:
You can use gdb to debug programs written in C and C++. For more information, see Supported Languages. For more information, see C and C++.
Support for Modula-2 is partial. For information on Modula-2, see Modula-2.
Debugging Pascal programs which use sets, subranges, file variables, or nested functions does not currently work. gdb does not support entering expressions, printing values, or similar features using Pascal syntax.
gdb can be used to debug programs written in Fortran, although it may be necessary to refer to some variables with a trailing underscore.
gdb can be used to debug programs written in Objective-C, using either the Apple/NeXT or the GNU Objective-C runtime.
gdb is free software, protected by the gnu General Public License (GPL). The GPL gives you the freedom to copy or adapt a licensed program—but every person getting a copy also gets with it the freedom to modify that copy (which means that they must get access to the source code), and the freedom to distribute further copies. Typical software companies use copyrights to limit your freedoms; the Free Software Foundation uses the GPL to preserve these freedoms.
Fundamentally, the General Public License is a license which says that you have these freedoms and that you cannot take these freedoms away from anyone else.
The biggest deficiency in the free software community today is not in the software—it is the lack of good free documentation that we can include with the free software. Many of our most important programs do not come with free reference manuals and free introductory texts. Documentation is an essential part of any software package; when an important free software package does not come with a free manual and a free tutorial, that is a major gap. We have many such gaps today.
Consider Perl, for instance. The tutorial manuals that people normally use are non-free. How did this come about? Because the authors of those manuals published them with restrictive terms—no copying, no modification, source files not available—which exclude them from the free software world.
That wasn't the first time this sort of thing happened, and it was far from the last. Many times we have heard a GNU user eagerly describe a manual that he is writing, his intended contribution to the community, only to learn that he had ruined everything by signing a publication contract to make it non-free.
Free documentation, like free software, is a matter of freedom, not price. The problem with the non-free manual is not that publishers charge a price for printed copies—that in itself is fine. (The Free Software Foundation sells printed copies of manuals, too.) The problem is the restrictions on the use of the manual. Free manuals are available in source code form, and give you permission to copy and modify. Non-free manuals do not allow this.
The criteria of freedom for a free manual are roughly the same as for free software. Redistribution (including the normal kinds of commercial redistribution) must be permitted, so that the manual can accompany every copy of the program, both on-line and on paper.
Permission for modification of the technical content is crucial too. When people modify the software, adding or changing features, if they are conscientious they will change the manual too—so they can provide accurate and clear documentation for the modified program. A manual that leaves you no choice but to write a new manual to document a changed version of the program is not really available to our community.
Some kinds of limits on the way modification is handled are acceptable. For example, requirements to preserve the original author's copyright notice, the distribution terms, or the list of authors, are ok. It is also no problem to require modified versions to include notice that they were modified. Even entire sections that may not be deleted or changed are acceptable, as long as they deal with nontechnical topics (like this one). These kinds of restrictions are acceptable because they don't obstruct the community's normal use of the manual.
However, it must be possible to modify all the technical content of the manual, and then distribute the result in all the usual media, through all the usual channels. Otherwise, the restrictions obstruct the use of the manual, it is not free, and we need another manual to replace it.
Please spread the word about this issue. Our community continues to lose manuals to proprietary publishing. If we spread the word that free software needs free reference manuals and free tutorials, perhaps the next person who wants to contribute by writing documentation will realize, before it is too late, that only free manuals contribute to the free software community.
If you are writing documentation, please insist on publishing it under the GNU Free Documentation License or another free documentation license. Remember that this decision requires your approval—you don't have to let the publisher decide. Some commercial publishers will use a free license if you insist, but they will not propose the option; it is up to you to raise the issue and say firmly that this is what you want. If the publisher you are dealing with refuses, please try other publishers. If you're not sure whether a proposed license is free, write to licensing@gnu.org.
You can encourage commercial publishers to sell more free, copylefted manuals and tutorials by buying them, and particularly by buying copies from the publishers that paid for their writing or for major improvements. Meanwhile, try to avoid buying non-free documentation at all. Check the distribution terms of a manual before you buy it, and insist that whoever seeks your business must respect your freedom. Check the history of the book, and try to reward the publishers that have paid or pay the authors to work on it.
The Free Software Foundation maintains a list of free documentation published by other publishers, at http://www.fsf.org/doc/other-free-books.html.
Richard Stallman was the original author of gdb, and of many other gnu programs. Many others have contributed to its development. This section attempts to credit major contributors. One of the virtues of free software is that everyone is free to contribute to it; with regret, we cannot actually acknowledge everyone here. The file ChangeLog in the gdb distribution approximates a blow-by-blow account.
Changes much prior to version 2.0 are lost in the mists of time.
Plea: Additions to this section are particularly welcome. If you or your friends (or enemies, to be evenhanded) have been unfairly omitted from this list, we would like to add your names!
So that they may not regard their many labors as thankless, we particularly thank those who shepherded gdb through major releases: Andrew Cagney (releases 6.3, 6.2, 6.1, 6.0, 5.3, 5.2, 5.1 and 5.0); Jim Blandy (release 4.18); Jason Molenda (release 4.17); Stan Shebs (release 4.14); Fred Fish (releases 4.16, 4.15, 4.13, 4.12, 4.11, 4.10, and 4.9); Stu Grossman and John Gilmore (releases 4.8, 4.7, 4.6, 4.5, and 4.4); John Gilmore (releases 4.3, 4.2, 4.1, 4.0, and 3.9); Jim Kingdon (releases 3.5, 3.4, and 3.3); and Randy Smith (releases 3.2, 3.1, and 3.0).
Richard Stallman, assisted at various times by Peter TerMaat, Chris Hanson, and Richard Mlynarik, handled releases through 2.8.
Michael Tiemann is the author of most of the gnu C++ support in gdb, with significant additional contributions from Per Bothner and Daniel Berlin. James Clark wrote the gnu C++ demangler. Early work on C++ was by Peter TerMaat (who also did much general update work leading to release 3.0).
gdb uses the BFD subroutine library to examine multiple object-file formats; BFD was a joint project of David V. Henkel-Wallace, Rich Pixley, Steve Chamberlain, and John Gilmore.
David Johnson wrote the original COFF support; Pace Willison did the original support for encapsulated COFF.
Brent Benson of Harris Computer Systems contributed DWARF 2 support.
Adam de Boor and Bradley Davis contributed the ISI Optimum V support. Per Bothner, Noboyuki Hikichi, and Alessandro Forin contributed MIPS support. Jean-Daniel Fekete contributed Sun 386i support. Chris Hanson improved the HP9000 support. Noboyuki Hikichi and Tomoyuki Hasei contributed Sony/News OS 3 support. David Johnson contributed Encore Umax support. Jyrki Kuoppala contributed Altos 3068 support. Jeff Law contributed HP PA and SOM support. Keith Packard contributed NS32K support. Doug Rabson contributed Acorn Risc Machine support. Bob Rusk contributed Harris Nighthawk CX-UX support. Chris Smith contributed Convex support (and Fortran debugging). Jonathan Stone contributed Pyramid support. Michael Tiemann contributed SPARC support. Tim Tucker contributed support for the Gould NP1 and Gould Powernode. Pace Willison contributed Intel 386 support. Jay Vosburgh contributed Symmetry support. Marko Mlinar contributed OpenRISC 1000 support.
Andreas Schwab contributed M68K gnu/Linux support.
Rich Schaefer and Peter Schauer helped with support of SunOS shared libraries.
Jay Fenlason and Roland McGrath ensured that gdb and GAS agree about several machine instruction sets.
Patrick Duval, Ted Goldstein, Vikram Koka and Glenn Engel helped develop remote debugging. Intel Corporation, Wind River Systems, AMD, and ARM contributed remote debugging modules for the i960, VxWorks, A29K UDI, and RDI targets, respectively.
Brian Fox is the author of the readline libraries providing command-line editing and command history.
Andrew Beers of SUNY Buffalo wrote the language-switching code, the Modula-2 support, and contributed the Languages chapter of this manual.
Fred Fish wrote most of the support for Unix System Vr4. He also enhanced the command-completion support to cover C++ overloaded symbols.
Hitachi America (now Renesas America), Ltd. sponsored the support for H8/300, H8/500, and Super-H processors.
NEC sponsored the support for the v850, Vr4xxx, and Vr5xxx processors.
Mitsubishi (now Renesas) sponsored the support for D10V, D30V, and M32R/D processors.
Toshiba sponsored the support for the TX39 Mips processor.
Matsushita sponsored the support for the MN10200 and MN10300 processors.
Fujitsu sponsored the support for SPARClite and FR30 processors.
Kung Hsu, Jeff Law, and Rick Sladkey added support for hardware watchpoints.
Michael Snyder added support for tracepoints.
Stu Grossman wrote gdbserver.
Jim Kingdon, Peter Schauer, Ian Taylor, and Stu Grossman made nearly innumerable bug fixes and cleanups throughout gdb.
The following people at the Hewlett-Packard Company contributed support for the PA-RISC 2.0 architecture, HP-UX 10.20, 10.30, and 11.0 (narrow mode), HP's implementation of kernel threads, HP's aC++ compiler, and the Text User Interface (nee Terminal User Interface): Ben Krepp, Richard Title, John Bishop, Susan Macchia, Kathy Mann, Satish Pai, India Paul, Steve Rehrauer, and Elena Zannoni. Kim Haase provided HP-specific information in this manual.
DJ Delorie ported gdb to MS-DOS, for the DJGPP project. Robert Hoehne made significant contributions to the DJGPP port.
Cygnus Solutions has sponsored gdb maintenance and much of its development since 1991. Cygnus engineers who have worked on gdb fulltime include Mark Alexander, Jim Blandy, Per Bothner, Kevin Buettner, Edith Epstein, Chris Faylor, Fred Fish, Martin Hunt, Jim Ingham, John Gilmore, Stu Grossman, Kung Hsu, Jim Kingdon, John Metzler, Fernando Nasser, Geoffrey Noer, Dawn Perchik, Rich Pixley, Zdenek Radouch, Keith Seitz, Stan Shebs, David Taylor, and Elena Zannoni. In addition, Dave Brolley, Ian Carmichael, Steve Chamberlain, Nick Clifton, JT Conklin, Stan Cox, DJ Delorie, Ulrich Drepper, Frank Eigler, Doug Evans, Sean Fagan, David Henkel-Wallace, Richard Henderson, Jeff Holcomb, Jeff Law, Jim Lemke, Tom Lord, Bob Manson, Michael Meissner, Jason Merrill, Catherine Moore, Drew Moseley, Ken Raeburn, Gavin Romig-Koch, Rob Savoye, Jamie Smith, Mike Stump, Ian Taylor, Angela Thomas, Michael Tiemann, Tom Tromey, Ron Unrau, Jim Wilson, and David Zuhn have made contributions both large and small.
Andrew Cagney, Fernando Nasser, and Elena Zannoni, while working for Cygnus Solutions, implemented the original gdb/mi interface.
Jim Blandy added support for preprocessor macros, while working for Red Hat.
Andrew Cagney designed gdb's architecture vector. Many people including Andrew Cagney, Stephane Carrez, Randolph Chung, Nick Duffek, Richard Henderson, Mark Kettenis, Grace Sainsbury, Kei Sakamoto, Yoshinori Sato, Michael Snyder, Andreas Schwab, Jason Thorpe, Corinna Vinschen, Ulrich Weigand, and Elena Zannoni, helped with the migration of old architectures to this new framework.
Andrew Cagney completely re-designed and re-implemented gdb's unwinder framework, this consisting of a fresh new design featuring frame IDs, independent frame sniffers, and the sentinel frame. Mark Kettenis implemented the dwarf 2 unwinder, Jeff Johnston the libunwind unwinder, and Andrew Cagney the dummy, sentinel, tramp, and trad unwinders. The architecture-specific changes, each involving a complete rewrite of the architecture's frame code, were carried out by Jim Blandy, Joel Brobecker, Kevin Buettner, Andrew Cagney, Stephane Carrez, Randolph Chung, Orjan Friberg, Richard Henderson, Daniel Jacobowitz, Jeff Johnston, Mark Kettenis, Theodore A. Roth, Kei Sakamoto, Yoshinori Sato, Michael Snyder, Corinna Vinschen, and Ulrich Weigand.
Christian Zankel, Ross Morley, Bob Wilson, and Maxim Grigoriev from Tensilica, Inc. contributed support for Xtensa processors. Others who have worked on the Xtensa port of gdb in the past include Steve Tjiang, John Newlin, and Scott Foehner.
You can use this manual at your leisure to read all about gdb. However, a handful of commands are enough to get started using the debugger. This chapter illustrates those commands.
One of the preliminary versions of gnu m4 (a generic macro
processor) exhibits the following bug: sometimes, when we change its
quote strings from the default, the commands used to capture one macro
definition within another stop working. In the following short m4
session, we define a macro foo which expands to 0000; we
then use the m4 built-in defn to define bar as the
same thing. However, when we change the open quote string to
<QUOTE> and the close quote string to <UNQUOTE>, the same
procedure fails to define a new synonym baz:
$ cd gnu/m4
$ ./m4
define(foo,0000)
foo
0000
define(bar,defn(`foo'))
bar
0000
changequote(<QUOTE>,<UNQUOTE>)
define(baz,defn(<QUOTE>foo<UNQUOTE>))
baz
Ctrl-d
m4: End of input: 0: fatal error: EOF in string
Let us use gdb to try to see what is going on.
$ gdb m4
gdb is free software and you are welcome to distribute copies
of it under certain conditions; type "show copying" to see
the conditions.
There is absolutely no warranty for gdb; type "show warranty"
for details.
gdb 7.0.0.20091121, Copyright 1999 Free Software Foundation, Inc...
(gdb)
gdb reads only enough symbol data to know where to find the rest when needed; as a result, the first prompt comes up very quickly. We now tell gdb to use a narrower display width than usual, so that examples fit in this manual.
(gdb) set width 70
We need to see how the m4 built-in changequote works.
Having looked at the source, we know the relevant subroutine is
m4_changequote, so we set a breakpoint there with the gdb
break command.
(gdb) break m4_changequote
Breakpoint 1 at 0x62f4: file builtin.c, line 879.
Using the run command, we start m4 running under gdb
control; as long as control does not reach the m4_changequote
subroutine, the program runs as usual:
(gdb) run
Starting program: /work/Editorial/gdb/gnu/m4/m4
define(foo,0000)
foo
0000
To trigger the breakpoint, we call changequote. gdb
suspends execution of m4, displaying information about the
context where it stops.
changequote(<QUOTE>,<UNQUOTE>)
Breakpoint 1, m4_changequote (argc=3, argv=0x33c70)
at builtin.c:879
879 if (bad_argc(TOKEN_DATA_TEXT(argv[0]),argc,1,3))
Now we use the command n (next) to advance execution to
the next line of the current function.
(gdb) n
882 set_quotes((argc >= 2) ? TOKEN_DATA_TEXT(argv[1])\
: nil,
set_quotes looks like a promising subroutine. We can go into it
by using the command s (step) instead of next.
step goes to the next line to be executed in any
subroutine, so it steps into set_quotes.
(gdb) s
set_quotes (lq=0x34c78 "<QUOTE>", rq=0x34c88 "<UNQUOTE>")
at input.c:530
530 if (lquote != def_lquote)
The display that shows the subroutine where m4 is now
suspended (and its arguments) is called a stack frame display. It
shows a summary of the stack. We can use the backtrace
command (which can also be spelled bt), to see where we are
in the stack as a whole: the backtrace command displays a
stack frame for each active subroutine.
(gdb) bt
#0 set_quotes (lq=0x34c78 "<QUOTE>", rq=0x34c88 "<UNQUOTE>")
at input.c:530
#1 0x6344 in m4_changequote (argc=3, argv=0x33c70)
at builtin.c:882
#2 0x8174 in expand_macro (sym=0x33320) at macro.c:242
#3 0x7a88 in expand_token (obs=0x0, t=209696, td=0xf7fffa30)
at macro.c:71
#4 0x79dc in expand_input () at macro.c:40
#5 0x2930 in main (argc=0, argv=0xf7fffb20) at m4.c:195
We step through a few more lines to see what happens. The first two
times, we can use `s'; the next two times we use n to avoid
falling into the xstrdup subroutine.
(gdb) s
0x3b5c 532 if (rquote != def_rquote)
(gdb) s
0x3b80 535 lquote = (lq == nil || *lq == '\0') ? \
def_lquote : xstrdup(lq);
(gdb) n
536 rquote = (rq == nil || *rq == '\0') ? def_rquote\
: xstrdup(rq);
(gdb) n
538 len_lquote = strlen(rquote);
The last line displayed looks a little odd; we can examine the variables
lquote and rquote to see if they are in fact the new left
and right quotes we specified. We use the command p
(print) to see their values.
(gdb) p lquote
$1 = 0x35d40 "<QUOTE>"
(gdb) p rquote
$2 = 0x35d50 "<UNQUOTE>"
lquote and rquote are indeed the new left and right quotes.
To look at some context, we can display ten lines of source
surrounding the current line with the l (list) command.
(gdb) l
533 xfree(rquote);
534
535 lquote = (lq == nil || *lq == '\0') ? def_lquote\
: xstrdup (lq);
536 rquote = (rq == nil || *rq == '\0') ? def_rquote\
: xstrdup (rq);
537
538 len_lquote = strlen(rquote);
539 len_rquote = strlen(lquote);
540 }
541
542 void
Let us step past the two lines that set len_lquote and
len_rquote, and then examine the values of those variables.
(gdb) n
539 len_rquote = strlen(lquote);
(gdb) n
540 }
(gdb) p len_lquote
$3 = 9
(gdb) p len_rquote
$4 = 7
That certainly looks wrong, assuming len_lquote and
len_rquote are meant to be the lengths of lquote and
rquote respectively. We can set them to better values using
the p command, since it can print the value of
any expression—and that expression can include subroutine calls and
assignments.
(gdb) p len_lquote=strlen(lquote)
$5 = 7
(gdb) p len_rquote=strlen(rquote)
$6 = 9
Is that enough to fix the problem of using the new quotes with the
m4 built-in defn? We can allow m4 to continue
executing with the c (continue) command, and then try the
example that caused trouble initially:
(gdb) c
Continuing.
define(baz,defn(<QUOTE>foo<UNQUOTE>))
baz
0000
Success! The new quotes now work just as well as the default ones. The
problem seems to have been just the two typos defining the wrong
lengths. We allow m4 exit by giving it an EOF as input:
Ctrl-d
Program exited normally.
The message `Program exited normally.' is from gdb; it
indicates m4 has finished executing. We can end our gdb
session with the gdb quit command.
(gdb) quit
This chapter discusses how to start gdb, and how to get out of it. The essentials are:
Invoke gdb by running the program gdb. Once started,
gdb reads commands from the terminal until you tell it to exit.
You can also run gdb with a variety of arguments and options,
to specify more of your debugging environment at the outset.
The command-line options described here are designed to cover a variety of situations; in some environments, some of these options may effectively be unavailable.
The most usual way to start gdb is with one argument, specifying an executable program:
gdb program
You can also start with both an executable program and a core file specified:
gdb program core
You can, instead, specify a process ID as a second argument, if you want to debug a running process:
gdb program 1234
would attach gdb to process 1234 (unless you also have a file
named 1234; gdb does check for a core file first).
Taking advantage of the second command-line argument requires a fairly complete operating system; when you use gdb as a remote debugger attached to a bare board, there may not be any notion of “process”, and there is often no way to get a core dump. gdb will warn you if it is unable to attach or to read core dumps.
You can optionally have gdb pass any arguments after the
executable file to the inferior using --args. This option stops
option processing.
gdb --args gcc -O2 -c foo.c
This will cause gdb to debug gcc, and to set
gcc's command-line arguments (see Arguments) to `-O2 -c foo.c'.
You can run gdb without printing the front material, which describes
gdb's non-warranty, by specifying -silent:
gdb -silent
You can further control how gdb starts up by using command-line options. gdb itself can remind you of the options available.
Type
gdb -help
to display all available options and briefly describe their use (`gdb -h' is a shorter equivalent).
All options and command line arguments you give are processed in sequential order. The order makes a difference when the `-x' option is used.
When gdb starts, it reads any arguments other than options as specifying an executable file and core file (or process ID). This is the same as if the arguments were specified by the `-se' and `-c' (or `-p') options respectively. (gdb reads the first argument that does not have an associated option flag as equivalent to the `-se' option followed by that argument; and the second argument that does not have an associated option flag, if any, as equivalent to the `-c'/`-p' option followed by that argument.) If the second argument begins with a decimal digit, gdb will first attempt to attach to it as a process, and if that fails, attempt to open it as a corefile. If you have a corefile whose name begins with a digit, you can prevent gdb from treating it as a pid by prefixing it with ./, e.g. ./12345.
If gdb has not been configured to included core file support, such as for most embedded targets, then it will complain about a second argument and ignore it.
Many options have both long and short forms; both are shown in the following list. gdb also recognizes the long forms if you truncate them, so long as enough of the option is present to be unambiguous. (If you prefer, you can flag option arguments with `--' rather than `-', though we illustrate the more usual convention.)
-symbols file-s file-exec file-e file-se file-core file-c file-pid number-p numberattach command.
-command file-x file-eval-command command-ex commandThis option may be used multiple times to call multiple commands. It may also be interleaved with `-command' as required.
gdb -ex 'target sim' -ex 'load' \
-x setbreakpoints -ex 'run' a.out
-directory directory-d directory-r-readnowYou can run gdb in various alternative modes—for example, in batch mode or quiet mode.
-nx-n-quiet-silent-q-batch0 after processing all the
command files specified with `-x' (and all commands from
initialization files, if not inhibited with `-n'). Exit with
nonzero status if an error occurs in executing the gdb commands
in the command files.
Batch mode may be useful for running gdb as a filter, for example to download and run a program on another computer; in order to make this more useful, the message
Program exited normally.
(which is ordinarily issued whenever a program running under
gdb control terminates) is not issued when running in batch
mode.
-batch-silentstdout is prevented (stderr is
unaffected). This is much quieter than `-silent' and would be useless
for an interactive session.
This is particularly useful when using targets that give `Loading section' messages, for example.
Note that targets that give their output via gdb, as opposed to
writing directly to stdout, will also be made silent.
-return-child-resultThis option is useful in conjunction with `-batch' or `-batch-silent',
when gdb is being used as a remote program loader or simulator
interface.
-nowindows-nw-windows-w-cd directory-fullname-f-epoch-annotate levelThe annotation mechanism has largely been superseded by gdb/mi
(see GDB/MI).
--args-baud bps-b bps-l timeout-tty device-t device-tui-interpreter interp`--interpreter=mi' (or `--interpreter=mi2') causes
gdb to use the gdb/mi interface (see The gdb/mi Interface) included since gdb version 6.0. The
previous gdb/mi interface, included in gdb version 5.3 and
selected with `--interpreter=mi1', is deprecated. Earlier
gdb/mi interfaces are no longer supported.
-write-statistics-versionHere's the description of what gdb does during session startup:
Init files use the same syntax as command files (see Command Files) and are processed by gdb in the same way. The init file in your home directory can set options (such as `set complaints') that affect subsequent processing of command line options and operands. Init files are not executed if you use the `-nx' option (see Choosing Modes).
To display the list of init files loaded by gdb at startup, you can use gdb --help.
The gdb init files are normally called .gdbinit. The DJGPP port of gdb uses the name gdb.ini, due to the limitations of file names imposed by DOS filesystems. The Windows ports of gdb use the standard name, but if they find a gdb.ini file, they warn you about that and suggest to rename the file to the standard name.
quit [expression]qquit command (abbreviated
q), or type an end-of-file character (usually Ctrl-d). If you
do not supply expression, gdb will terminate normally;
otherwise it will terminate using the result of expression as the
error code.
An interrupt (often Ctrl-c) does not exit from gdb, but rather terminates the action of any gdb command that is in progress and returns to gdb command level. It is safe to type the interrupt character at any time because gdb does not allow it to take effect until a time when it is safe.
If you have been using gdb to control an attached process or
device, you can release it with the detach command
(see Debugging an Already-running Process).
If you need to execute occasional shell commands during your
debugging session, there is no need to leave or suspend gdb; you can
just use the shell command.
shell command stringSHELL determines which
shell to run. Otherwise gdb uses the default shell
(/bin/sh on Unix systems, COMMAND.COM on MS-DOS, etc.).
The utility make is often needed in development environments.
You do not have to use the shell command for this purpose in
gdb:
make make-argsmake program with the specified
arguments. This is equivalent to `shell make make-args'.
You may want to save the output of gdb commands to a file. There are several commands to control gdb's logging.
set logging onset logging offset logging file fileset logging overwrite [on|off]overwrite if
you want set logging on to overwrite the logfile instead.
set logging redirect [on|off]redirect if you want output to go only to the log file.
show loggingYou can abbreviate a gdb command to the first few letters of the command name, if that abbreviation is unambiguous; and you can repeat certain gdb commands by typing just <RET>. You can also use the <TAB> key to get gdb to fill out the rest of a word in a command (or to show you the alternatives available, if there is more than one possibility).
A gdb command is a single line of input. There is no limit on
how long it can be. It starts with a command name, which is followed by
arguments whose meaning depends on the command name. For example, the
command step accepts an argument which is the number of times to
step, as in `step 5'. You can also use the step command
with no arguments. Some commands do not allow any arguments.
gdb command names may always be truncated if that abbreviation is
unambiguous. Other possible command abbreviations are listed in the
documentation for individual commands. In some cases, even ambiguous
abbreviations are allowed; for example, s is specially defined as
equivalent to step even though there are other commands whose
names start with s. You can test abbreviations by using them as
arguments to the help command.
A blank line as input to gdb (typing just <RET>) means to
repeat the previous command. Certain commands (for example, run)
will not repeat this way; these are commands whose unintentional
repetition might cause trouble and which you are unlikely to want to
repeat. User-defined commands can disable this feature; see
dont-repeat.
The list and x commands, when you repeat them with
<RET>, construct new arguments rather than repeating
exactly as typed. This permits easy scanning of source or memory.
gdb can also use <RET> in another way: to partition lengthy
output, in a way similar to the common utility more
(see Screen Size). Since it is easy to press one
<RET> too many in this situation, gdb disables command
repetition after any command that generates this sort of display.
Any text from a # to the end of the line is a comment; it does nothing. This is useful mainly in command files (see Command Files).
The Ctrl-o binding is useful for repeating a complex sequence of commands. This command accepts the current line, like <RET>, and then fetches the next line relative to the current line from the history for editing.
gdb can fill in the rest of a word in a command for you, if there is only one possibility; it can also show you what the valid possibilities are for the next word in a command, at any time. This works for gdb commands, gdb subcommands, and the names of symbols in your program.
Press the <TAB> key whenever you want gdb to fill out the rest of a word. If there is only one possibility, gdb fills in the word, and waits for you to finish the command (or press <RET> to enter it). For example, if you type
(gdb) info bre <TAB>
gdb fills in the rest of the word `breakpoints', since that is
the only info subcommand beginning with `bre':
(gdb) info breakpoints
You can either press <RET> at this point, to run the info
breakpoints command, or backspace and enter something else, if
`breakpoints' does not look like the command you expected. (If you
were sure you wanted info breakpoints in the first place, you
might as well just type <RET> immediately after `info bre',
to exploit command abbreviations rather than command completion).
If there is more than one possibility for the next word when you press <TAB>, gdb sounds a bell. You can either supply more characters and try again, or just press <TAB> a second time; gdb displays all the possible completions for that word. For example, you might want to set a breakpoint on a subroutine whose name begins with `make_', but when you type b make_<TAB> gdb just sounds the bell. Typing <TAB> again displays all the function names in your program that begin with those characters, for example:
(gdb) b make_ <TAB>
gdb sounds bell; press <TAB> again, to see:
make_a_section_from_file make_environ make_abs_section make_function_type make_blockvector make_pointer_type make_cleanup make_reference_type make_command make_symbol_completion_list (gdb) b make_
After displaying the available possibilities, gdb copies your partial input (`b make_' in the example) so you can finish the command.
If you just want to see the list of alternatives in the first place, you can press M-? rather than pressing <TAB> twice. M-? means <META> ?. You can type this either by holding down a key designated as the <META> shift on your keyboard (if there is one) while typing ?, or as <ESC> followed by ?.
Sometimes the string you need, while logically a “word”, may contain
parentheses or other characters that gdb normally excludes from
its notion of a word. To permit word completion to work in this
situation, you may enclose words in ' (single quote marks) in
gdb commands.
The most likely situation where you might need this is in typing the
name of a C++ function. This is because C++ allows function
overloading (multiple definitions of the same function, distinguished
by argument type). For example, when you want to set a breakpoint you
may need to distinguish whether you mean the version of name
that takes an int parameter, name(int), or the version
that takes a float parameter, name(float). To use the
word-completion facilities in this situation, type a single quote
' at the beginning of the function name. This alerts
gdb that it may need to consider more information than usual
when you press <TAB> or M-? to request word completion:
(gdb) b 'bubble( M-?
bubble(double,double) bubble(int,int)
(gdb) b 'bubble(
In some cases, gdb can tell that completing a name requires using quotes. When this happens, gdb inserts the quote for you (while completing as much as it can) if you do not type the quote in the first place:
(gdb) b bub <TAB>
gdb alters your input line to the following, and rings a bell:
(gdb) b 'bubble(
In general, gdb can tell that a quote is needed (and inserts it) if you have not yet started typing the argument list when you ask for completion on an overloaded symbol.
For more information about overloaded functions, see C++ Expressions. You can use the command set
overload-resolution off to disable overload resolution;
see gdb Features for C++.
When completing in an expression which looks up a field in a structure, gdb also tries2 to limit completions to the field names available in the type of the left-hand-side:
(gdb) p gdb_stdout.M-?
magic to_delete to_fputs to_put to_rewind
to_data to_flush to_isatty to_read to_write
This is because the gdb_stdout is a variable of the type
struct ui_file that is defined in gdb sources as
follows:
struct ui_file
{
int *magic;
ui_file_flush_ftype *to_flush;
ui_file_write_ftype *to_write;
ui_file_fputs_ftype *to_fputs;
ui_file_read_ftype *to_read;
ui_file_delete_ftype *to_delete;
ui_file_isatty_ftype *to_isatty;
ui_file_rewind_ftype *to_rewind;
ui_file_put_ftype *to_put;
void *to_data;
}
You can always ask gdb itself for information on its commands,
using the command help.
helphhelp (abbreviated h) with no arguments to
display a short list of named classes of commands:
(gdb) help
List of classes of commands:
aliases -- Aliases of other commands
breakpoints -- Making program stop at certain points
data -- Examining data
files -- Specifying and examining files
internals -- Maintenance commands
obscure -- Obscure features
running -- Running the program
stack -- Examining the stack
status -- Status inquiries
support -- Support facilities
tracepoints -- Tracing of program execution without
stopping the program
user-defined -- User-defined commands
Type "help" followed by a class name for a list of
commands in that class.
Type "help" followed by command name for full
documentation.
Command name abbreviations are allowed if unambiguous.
(gdb)
help classstatus:
(gdb) help status
Status inquiries.
List of commands:
info -- Generic command for showing things
about the program being debugged
show -- Generic command for showing things
about the debugger
Type "help" followed by command name for full
documentation.
Command name abbreviations are allowed if unambiguous.
(gdb)
help commandhelp argument, gdb displays a
short paragraph on how to use that command.
apropos argsapropos command searches through all of the gdb
commands, and their documentation, for the regular expression specified in
args. It prints out all matches found. For example:
apropos reload
results in:
set symbol-reloading -- Set dynamic symbol table reloading
multiple times in one run
show symbol-reloading -- Show dynamic symbol table reloading
multiple times in one run
complete argscomplete args command lists all the possible completions
for the beginning of a command. Use args to specify the beginning of the
command you want completed. For example:
complete i
results in:
if
ignore
info
inspect
This is intended for use by gnu Emacs.
In addition to help, you can use the gdb commands info
and show to inquire about the state of your program, or the state
of gdb itself. Each command supports many topics of inquiry; this
manual introduces each of them in the appropriate context. The listings
under info and under show in the Index point to
all the sub-commands. See Index.
infoi) is for describing the state of your
program. For example, you can show the arguments passed to a function
with info args, list the registers currently in use with info
registers, or list the breakpoints you have set with info breakpoints.
You can get a complete list of the info sub-commands with
help info.
setset. For example, you can set the gdb prompt to a $-sign with
set prompt $.
showinfo, show is for describing the state of
gdb itself.
You can change most of the things you can show, by using the
related command set; for example, you can control what number
system is used for displays with set radix, or simply inquire
which is currently in use with show radix.
To display all the settable parameters and their current
values, you can use show with no arguments; you may also use
info set. Both commands produce the same display.
Here are three miscellaneous show subcommands, all of which are
exceptional in lacking corresponding set commands:
show versionshow copyinginfo copyingshow warrantyinfo warrantyWhen you run a program under gdb, you must first generate debugging information when you compile it.
You may start gdb with its arguments, if any, in an environment of your choice. If you are doing native debugging, you may redirect your program's input and output, debug an already running process, or kill a child process.
In order to debug a program effectively, you need to generate debugging information when you compile it. This debugging information is stored in the object file; it describes the data type of each variable or function and the correspondence between source line numbers and addresses in the executable code.
To request debugging information, specify the `-g' option when you run the compiler.
Programs that are to be shipped to your customers are compiled with optimizations, using the `-O' compiler option. However, some compilers are unable to handle the `-g' and `-O' options together. Using those compilers, you cannot generate optimized executables containing debugging information.
gcc, the gnu C/C++ compiler, supports `-g' with or without `-O', making it possible to debug optimized code. We recommend that you always use `-g' whenever you compile a program. You may think your program is correct, but there is no sense in pushing your luck. For more information, see Optimized Code.
Older versions of the gnu C compiler permitted a variant option `-gg' for debugging information. gdb no longer supports this format; if your gnu C compiler has this option, do not use it.
gdb knows about preprocessor macros and can show you their expansion (see Macros). Most compilers do not include information about preprocessor macros in the debugging information if you specify the -g flag alone, because this information is rather large. Version 3.1 and later of gcc, the gnu C compiler, provides macro information if you specify the options -gdwarf-2 and -g3; the former option requests debugging information in the Dwarf 2 format, and the latter requests “extra information”. In the future, we hope to find more compact ways to represent macro information, so that it can be included with -g alone.
runrrun command to start your program under gdb.
You must first specify the program name (except on VxWorks) with an
argument to gdb (see Getting In and Out of gdb), or by using the file or exec-file command
(see Commands to Specify Files).
If you are running your program in an execution environment that
supports processes, run creates an inferior process and makes
that process run your program. In some environments without processes,
run jumps to the start of your program. Other targets,
like `remote', are always running. If you get an error
message like this one:
The "remote" target does not support "run".
Try "help target" or "continue".
then use continue to run your program. You may need load
first (see load).
The execution of a program is affected by certain information it receives from its superior. gdb provides ways to specify this information, which you must do before starting your program. (You can change it after starting your program, but such changes only affect your program the next time you start it.) This information may be divided into four categories:
run command. If a shell is available on your target, the shell
is used to pass the arguments, so that you may use normal conventions
(such as wildcard expansion or variable substitution) in describing
the arguments.
In Unix systems, you can control which shell is used with the
SHELL environment variable.
See Your Program's Arguments.
set environment and unset
environment to change parts of the environment that affect
your program. See Your Program's Environment.
cd command in gdb.
See Your Program's Working Directory.
run command line, or you can use the tty command to
set a different device for your program.
See Your Program's Input and Output.
Warning: While input and output redirection work, you cannot use pipes to pass the output of the program you are debugging to another program; if you attempt this, gdb is likely to wind up debugging the wrong program.
When you issue the run command, your program begins to execute
immediately. See Stopping and Continuing, for discussion
of how to arrange for your program to stop. Once your program has
stopped, you may call functions in your program, using the print
or call commands. See Examining Data.
If the modification time of your symbol file has changed since the last time gdb read its symbols, gdb discards its symbol table, and reads it again. When it does this, gdb tries to retain your current breakpoints.
startmain, but
other languages such as Ada do not require a specific name for their
main procedure. The debugger provides a convenient way to start the
execution of the program and to stop at the beginning of the main
procedure, depending on the language used.
The `start' command does the equivalent of setting a temporary breakpoint at the beginning of the main procedure and then invoking the `run' command.
Some programs contain an elaboration phase where some startup code is
executed before the main procedure is called. This depends on the
languages used to write your program. In C++, for instance,
constructors for static and global objects are executed before
main is called. It is therefore possible that the debugger stops
before reaching the main procedure. However, the temporary breakpoint
will remain to halt execution.
Specify the arguments to give to your program as arguments to the `start' command. These arguments will be given verbatim to the underlying `run' command. Note that the same arguments will be reused if no argument is provided during subsequent calls to `start' or `run'.
It is sometimes necessary to debug the program during elaboration. In
these cases, using the start command would stop the execution of
your program too late, as the program would have already completed the
elaboration phase. Under these circumstances, insert breakpoints in your
elaboration code before running your program.
set exec-wrapper wrappershow exec-wrapperunset exec-wrapperYou can use any program that eventually calls execve with
its arguments as a wrapper. Several standard Unix utilities do
this, e.g. env and nohup. Any Unix shell script ending
with exec "$@" will also work.
For example, you can use env to pass an environment variable to
the debugged program, without setting the variable in your shell's
environment:
(gdb) set exec-wrapper env 'LD_PRELOAD=libtest.so'
(gdb) run
This command is available when debugging locally on most targets, excluding djgpp, Cygwin, MS Windows, and QNX Neutrino.
set disable-randomizationset disable-randomization onThis feature is implemented only on gnu/Linux. You can get the same behavior using
(gdb) set exec-wrapper setarch `uname -m` -R
set disable-randomization offThe virtual address space randomization is implemented only on gnu/Linux. It protects the programs against some kinds of security attacks. In these cases the attacker needs to know the exact location of a concrete executable code. Randomizing its location makes it impossible to inject jumps misusing a code at its expected addresses.
Prelinking shared libraries provides a startup performance advantage but it makes addresses in these libraries predictable for privileged processes by having just unprivileged access at the target system. Reading the shared library binary gives enough information for assembling the malicious code misusing it. Still even a prelinked shared library can get loaded at a new random address just requiring the regular relocation process during the startup. Shared libraries not already prelinked are always loaded at a randomly chosen address.
Position independent executables (PIE) contain position independent code similar to the shared libraries and therefore such executables get loaded at a randomly chosen address upon startup. PIE executables always load even already prelinked shared libraries at a random address. You can build such executable using gcc -fPIE -pie.
Heap (malloc storage), stack and custom mmap areas are always placed randomly
(as long as the randomization is enabled).
show disable-randomizationThe arguments to your program can be specified by the arguments of the
run command.
They are passed to a shell, which expands wildcard characters and
performs redirection of I/O, and thence to your program. Your
SHELL environment variable (if it exists) specifies what shell
gdb uses. If you do not define SHELL, gdb uses
the default shell (/bin/sh on Unix).
On non-Unix systems, the program is usually invoked directly by gdb, which emulates I/O redirection via the appropriate system calls, and the wildcard characters are expanded by the startup code of the program, not by the shell.
run with no arguments uses the same arguments used by the previous
run, or those set by the set args command.
set argsset args has no arguments, run executes your program
with no arguments. Once you have run your program with arguments,
using set args before the next run is the only way to run
it again without arguments.
show argsThe environment consists of a set of environment variables and their values. Environment variables conventionally record such things as your user name, your home directory, your terminal type, and your search path for programs to run. Usually you set up environment variables with the shell and they are inherited by all the other programs you run. When debugging, it can be useful to try running your program with a modified environment without having to start gdb over again.
path directoryPATH environment variable
(the search path for executables) that will be passed to your program.
The value of PATH used by gdb does not change.
You may specify several directory names, separated by whitespace or by a
system-dependent separator character (`:' on Unix, `;' on
MS-DOS and MS-Windows). If directory is already in the path, it
is moved to the front, so it is searched sooner.
You can use the string `$cwd' to refer to whatever is the current
working directory at the time gdb searches the path. If you
use `.' instead, it refers to the directory where you executed the
path command. gdb replaces `.' in the
directory argument (with the current path) before adding
directory to the search path.
show pathsPATH
environment variable).
show environment [varname]environment as env.
set environment varname [=value]For example, this command:
set env USER = foo
tells the debugged program, when subsequently run, that its user is named `foo'. (The spaces around `=' are used for clarity here; they are not actually required.)
unset environment varnameunset environment removes the variable from the environment,
rather than assigning it an empty value.
Warning: On Unix systems, gdb runs your program using
the shell indicated
by your SHELL environment variable if it exists (or
/bin/sh if not). If your SHELL variable names a shell
that runs an initialization file—such as .cshrc for C-shell, or
.bashrc for BASH—any variables you set in that file affect
your program. You may wish to move setting of environment variables to
files that are only run when you sign on, such as .login or
.profile.
Each time you start your program with run, it inherits its
working directory from the current working directory of gdb.
The gdb working directory is initially whatever it inherited
from its parent process (typically the shell), but you can specify a new
working directory in gdb with the cd command.
The gdb working directory also serves as a default for the commands that specify files for gdb to operate on. See Commands to Specify Files.
It is generally impossible to find the current working directory of
the process being debugged (since a program can change its directory
during its run). If you work on a system where gdb is
configured with the /proc support, you can use the info
proc command (see SVR4 Process Information) to find out the
current working directory of the debuggee.
By default, the program you run under gdb does input and output to the same terminal that gdb uses. gdb switches the terminal to its own terminal modes to interact with you, but it records the terminal modes your program was using and switches back to them when you continue running your program.
info terminalYou can redirect your program's input and/or output using shell
redirection with the run command. For example,
run > outfile
starts your program, diverting its output to the file outfile.
Another way to specify where your program should do input and output is
with the tty command. This command accepts a file name as
argument, and causes this file to be the default for future run
commands. It also resets the controlling terminal for the child
process, for future run commands. For example,
tty /dev/ttyb
directs that processes started with subsequent run commands
default to do input and output on the terminal /dev/ttyb and have
that as their controlling terminal.
An explicit redirection in run overrides the tty command's
effect on the input/output device, but not its effect on the controlling
terminal.
When you use the tty command or redirect input in the run
command, only the input for your program is affected. The input
for gdb still comes from your terminal. tty is an alias
for set inferior-tty.
You can use the show inferior-tty command to tell gdb to
display the name of the terminal that will be used for future runs of your
program.
set inferior-tty /dev/ttybshow inferior-ttyattach process-idinfo files shows your active
targets.) The command takes as argument a process ID. The usual way to
find out the process-id of a Unix process is with the ps utility,
or with the `jobs -l' shell command.
attach does not repeat if you press <RET> a second time after
executing the command.
To use attach, your program must be running in an environment
which supports processes; for example, attach does not work for
programs on bare-board targets that lack an operating system. You must
also have permission to send the process a signal.
When you use attach, the debugger finds the program running in
the process first by looking in the current working directory, then (if
the program is not found) by using the source file search path
(see Specifying Source Directories). You can also use
the file command to load the program. See Commands to Specify Files.
The first thing gdb does after arranging to debug the specified
process is to stop it. You can examine and modify an attached process
with all the gdb commands that are ordinarily available when
you start processes with run. You can insert breakpoints; you
can step and continue; you can modify storage. If you would rather the
process continue running, you may use the continue command after
attaching gdb to the process.
detachdetach command to release it from gdb control. Detaching
the process continues its execution. After the detach command,
that process and gdb become completely independent once more, and you
are ready to attach another process or start one with run.
detach does not repeat if you press <RET> again after
executing the command.
If you exit gdb while you have an attached process, you detach
that process. If you use the run command, you kill that process.
By default, gdb asks for confirmation if you try to do either of these
things; you can control whether or not you need to confirm by using the
set confirm command (see Optional Warnings and Messages).
killThis command is useful if you wish to debug a core dump instead of a running process. gdb ignores any core dump file while your program is running.
On some operating systems, a program cannot be executed outside gdb
while you have breakpoints set on it inside gdb. You can use the
kill command in this situation to permit running your program
outside the debugger.
The kill command is also useful if you wish to recompile and
relink your program, since on many systems it is impossible to modify an
executable file while it is running in a process. In this case, when you
next type run, gdb notices that the file has changed, and
reads the symbol table again (while trying to preserve your current
breakpoint settings).
Some gdb targets are able to run multiple processes created from a single executable. This can happen, for instance, with an embedded system reporting back several processes via the remote protocol.
gdb represents the state of each program execution with an object called an inferior. An inferior typically corresponds to a process, but is more general and applies also to targets that do not have processes. Inferiors may be created before a process runs, and may (in future) be retained after a process exits. Each run of an executable creates a new inferior, as does each attachment to an existing process. Inferiors have unique identifiers that are different from process ids, and may optionally be named as well. Usually each inferior will also have its own distinct address space, although some embedded targets may have several inferiors running in different parts of a single space.
Each inferior may in turn have multiple threads running in it.
To find out what inferiors exist at any moment, use info inferiors:
info inferiorsgdb displays for each inferior (in this order):
An asterisk `*' preceding the gdb inferior number indicates the current inferior.
For example,
(gdb) info inferiors
Num Description
* 1 process 2307
2 process 3401
To switch focus between inferiors, use the inferior command:
inferior infnoTo quit debugging one of the inferiors, you can either detach from it
by using the detach inferior command (allowing it to run
independently), or kill it using the kill inferior command:
detach inferior infnokill inferior infnoTo be notified when inferiors are started or exit under gdb's
control use set print inferior-events:
set print inferior-eventsset print inferior-events onset print inferior-events offset print inferior-events command allows you to enable or
disable printing of messages when gdb notices that new
inferiors have started or that inferiors have exited or have been
detached. By default, these messages will not be printed.
show print inferior-eventsIn some operating systems, such as HP-UX and Solaris, a single program may have more than one thread of execution. The precise semantics of threads differ from one operating system to another, but in general the threads of a single program are akin to multiple processes—except that they share one address space (that is, they can all examine and modify the same variables). On the other hand, each thread has its own registers and execution stack, and perhaps private memory.
gdb provides these facilities for debugging multi-thread programs:
libthread_db to use if the default choice
isn't compatible with the program.
Warning: These facilities are not yet available on every gdb configuration where the operating system supports threads. If your gdb does not support threads, these commands have no effect. For example, a system without thread support shows no output from `info threads', and always rejects thethreadcommand, like this:(gdb) info threads (gdb) thread 1 Thread ID 1 not known. Use the "info threads" command to see the IDs of currently known threads.
The gdb thread debugging facility allows you to observe all threads while your program runs—but whenever gdb takes control, one thread in particular is always the focus of debugging. This thread is called the current thread. Debugging commands show program information from the perspective of the current thread.
Whenever gdb detects a new thread in your program, it displays the target system's identification for the thread with a message in the form `[New systag]'. systag is a thread identifier whose form varies depending on the particular system. For example, on gnu/Linux, you might see
[New Thread 46912507313328 (LWP 25582)]
when gdb notices a new thread. In contrast, on an SGI system, the systag is simply something like `process 368', with no further qualifier.
For debugging purposes, gdb associates its own thread number—always a single integer—with each thread in your program.
info threadsAn asterisk `*' to the left of the gdb thread number indicates the current thread.
For example,
(gdb) info threads
3 process 35 thread 27 0x34e5 in sigpause ()
2 process 35 thread 23 0x34e5 in sigpause ()
* 1 process 35 thread 13 main (argc=1, argv=0x7ffffff8)
at threadtest.c:68
On HP-UX systems:
For debugging purposes, gdb associates its own thread number—a small integer assigned in thread-creation order—with each thread in your program.
Whenever gdb detects a new thread in your program, it displays both gdb's thread number and the target system's identification for the thread with a message in the form `[New systag]'. systag is a thread identifier whose form varies depending on the particular system. For example, on HP-UX, you see
[New thread 2 (system thread 26594)]
when gdb notices a new thread.
info threadsAn asterisk `*' to the left of the gdb thread number indicates the current thread.
For example,
(gdb) info threads
* 3 system thread 26607 worker (wptr=0x7b09c318 "@") \
at quicksort.c:137
2 system thread 26606 0x7b0030d8 in __ksleep () \
from /usr/lib/libc.2
1 system thread 27905 0x7b003498 in _brk () \
from /usr/lib/libc.2
On Solaris, you can display more information about user threads with a Solaris-specific command:
maint info sol-threadsthread threadno
(gdb) thread 2
[Switching to process 35 thread 23]
0x34e5 in sigpause ()
As with the `[New ...]' message, the form of the text after `Switching to' depends on your system's conventions for identifying threads.
thread apply [threadno] [all] commandthread apply command allows you to apply the named
command to one or more threads. Specify the numbers of the
threads that you want affected with the command argument
threadno. It can be a single thread number, one of the numbers
shown in the first field of the `info threads' display; or it
could be a range of thread numbers, as in 2-4. To apply a
command to all threads, type thread apply all command.
set print thread-eventsset print thread-events onset print thread-events offset print thread-events command allows you to enable or
disable printing of messages when gdb notices that new threads have
started or that threads have exited. By default, these messages will
be printed if detection of these events is supported by the target.
Note that these messages cannot be disabled on all targets.
show print thread-eventsSee Stopping and Starting Multi-thread Programs, for more information about how gdb behaves when you stop and start programs with multiple threads.
See Setting Watchpoints, for information about watchpoints in programs with multiple threads.
set libthread-db-search-path [path]libthread_db.
If you omit path, `libthread-db-search-path' will be reset to
an empty list.
On gnu/Linux and Solaris systems, gdb uses a “helper”
libthread_db library to obtain information about threads in the
inferior process. gdb will use `libthread-db-search-path'
to find libthread_db. If that fails, gdb will continue
with default system shared library directories, and finally the directory
from which libpthread was loaded in the inferior process.
For any libthread_db library gdb finds in above directories,
gdb attempts to initialize it with the current inferior process.
If this initialization fails (which could happen because of a version
mismatch between libthread_db and libpthread), gdb
will unload libthread_db, and continue with the next directory.
If none of libthread_db libraries initialize successfully,
gdb will issue a warning and thread debugging will be disabled.
Setting libthread-db-search-path is currently implemented
only on some platforms.
show libthread-db-search-pathOn most systems, gdb has no special support for debugging
programs which create additional processes using the fork
function. When a program forks, gdb will continue to debug the
parent process and the child process will run unimpeded. If you have
set a breakpoint in any code which the child then executes, the child
will get a SIGTRAP signal which (unless it catches the signal)
will cause it to terminate.
However, if you want to debug the child process there is a workaround
which isn't too painful. Put a call to sleep in the code which
the child process executes after the fork. It may be useful to sleep
only if a certain environment variable is set, or a certain file exists,
so that the delay need not occur when you don't want to run gdb
on the child. While the child is sleeping, use the ps program to
get its process ID. Then tell gdb (a new invocation of
gdb if you are also debugging the parent process) to attach to
the child process (see Attach). From that point on you can debug
the child process just like any other process which you attached to.
On some systems, gdb provides support for debugging programs that
create additional processes using the fork or vfork functions.
Currently, the only platforms with this feature are HP-UX (11.x and later
only?) and gnu/Linux (kernel version 2.5.60 and later).
By default, when a program forks, gdb will continue to debug the parent process and the child process will run unimpeded.
If you want to follow the child process instead of the parent process,
use the command set follow-fork-mode.
set follow-fork-mode modefork or
vfork. A call to fork or vfork creates a new
process. The mode argument can be:
parentchildshow follow-fork-modefork or vfork call.
On Linux, if you want to debug both the parent and child processes, use the
command set detach-on-fork.
set detach-on-fork modeonfollow-fork-mode) will be detached and allowed to run
independently. This is the default.
offfollow-fork-mode) is debugged as usual, while the other
is held suspended.
show detach-on-forkIf you choose to set `detach-on-fork' mode off, then gdb
will retain control of all forked processes (including nested forks).
You can list the forked processes under the control of gdb by
using the info inferiors command, and switch from one fork
to another by using the inferior command (see Debugging Multiple Inferiors).
To quit debugging one of the forked processes, you can either detach
from it by using the detach inferior command (allowing it
to run independently), or kill it using the kill inferior
command. See Debugging Multiple Inferiors.
If you ask to debug a child process and a vfork is followed by an
exec, gdb executes the new target up to the first
breakpoint in the new target. If you have a breakpoint set on
main in your original program, the breakpoint will also be set on
the child process's main.
On some systems, when a child process is spawned by vfork, you
cannot debug the child or parent until an exec call completes.
If you issue a run command to gdb after an exec
call executes, the new target restarts. To restart the parent process,
use the file command with the parent executable name as its
argument.
You can use the catch command to make gdb stop whenever
a fork, vfork, or exec call is made. See Setting Catchpoints.
On certain operating systems3, gdb is able to save a snapshot of a program's state, called a checkpoint, and come back to it later.
Returning to a checkpoint effectively undoes everything that has
happened in the program since the checkpoint was saved. This
includes changes in memory, registers, and even (within some limits)
system state. Effectively, it is like going back in time to the
moment when the checkpoint was saved.
Thus, if you're stepping thru a program and you think you're getting close to the point where things go wrong, you can save a checkpoint. Then, if you accidentally go too far and miss the critical statement, instead of having to restart your program from the beginning, you can just go back to the checkpoint and start again from there.
This can be especially useful if it takes a lot of time or steps to reach the point where you think the bug occurs.
To use the checkpoint/restart method of debugging:
checkpointcheckpoint command takes no arguments, but each checkpoint
is assigned a small integer id, similar to a breakpoint id.
info checkpointsCheckpoint IDProcess IDCode AddressSource line, or labelrestart checkpoint-idNote that breakpoints, gdb variables, command history etc. are not affected by restoring a checkpoint. In general, a checkpoint only restores things that reside in the program being debugged, not in the debugger.
delete checkpoint checkpoint-idReturning to a previously saved checkpoint will restore the user state of the program being debugged, plus a significant subset of the system (OS) state, including file pointers. It won't “un-write” data from a file, but it will rewind the file pointer to the previous location, so that the previously written data can be overwritten. For files opened in read mode, the pointer will also be restored so that the previously read data can be read again.
Of course, characters that have been sent to a printer (or other external device) cannot be “snatched back”, and characters received from eg. a serial device can be removed from internal program buffers, but they cannot be “pushed back” into the serial pipeline, ready to be received again. Similarly, the actual contents of files that have been changed cannot be restored (at this time).
However, within those constraints, you actually can “rewind” your program to a previously saved point in time, and begin debugging it again — and you can change the course of events so as to debug a different execution path this time.
Finally, there is one bit of internal program state that will be different when you return to a checkpoint — the program's process id. Each checkpoint will have a unique process id (or pid), and each will be different from the program's original pid. If your program has saved a local copy of its process id, this could potentially pose a problem.
On some systems such as gnu/Linux, address space randomization is performed on new processes for security reasons. This makes it difficult or impossible to set a breakpoint, or watchpoint, on an absolute address if you have to restart the program, since the absolute location of a symbol will change from one execution to the next.
A checkpoint, however, is an identical copy of a process. Therefore if you create a checkpoint at (eg.) the start of main, and simply return to that checkpoint instead of restarting the process, you can avoid the effects of address randomization and your symbols will all stay in the same place.
The principal purposes of using a debugger are so that you can stop your program before it terminates; or so that, if your program runs into trouble, you can investigate and find out why.
Inside gdb, your program may stop for any of several reasons,
such as a signal, a breakpoint, or reaching a new line after a
gdb command such as step. You may then examine and
change variables, set new breakpoints or remove old ones, and then
continue execution. Usually, the messages shown by gdb provide
ample explanation of the status of your program—but you can also
explicitly request this information at any time.
info programA breakpoint makes your program stop whenever a certain point in
the program is reached. For each breakpoint, you can add conditions to
control in finer detail whether your program stops. You can set
breakpoints with the break command and its variants (see Setting Breakpoints), to specify the place where your program
should stop by line number, function name or exact address in the
program.
On some systems, you can set breakpoints in shared libraries before
the executable is run. There is a minor limitation on HP-UX systems:
you must wait until the executable is run in order to set breakpoints
in shared library routines that are not called directly by the program
(for example, routines that are arguments in a pthread_create
call).
A watchpoint is a special breakpoint that stops your program when the value of an expression changes. The expression may be a value of a variable, or it could involve values of one or more variables combined by operators, such as `a + b'. This is sometimes called data breakpoints. You must use a different command to set watchpoints (see Setting Watchpoints), but aside from that, you can manage a watchpoint like any other breakpoint: you enable, disable, and delete both breakpoints and watchpoints using the same commands.
You can arrange to have values from your program displayed automatically whenever gdb stops at a breakpoint. See Automatic Display.
A catchpoint is another special breakpoint that stops your program
when a certain kind of event occurs, such as the throwing of a C++
exception or the loading of a library. As with watchpoints, you use a
different command to set a catchpoint (see Setting Catchpoints), but aside from that, you can manage a catchpoint like any
other breakpoint. (To stop when your program receives a signal, use the
handle command; see Signals.)
gdb assigns a number to each breakpoint, watchpoint, or catchpoint when you create it; these numbers are successive integers starting with one. In many of the commands for controlling various features of breakpoints you use the breakpoint number to say which breakpoint you want to change. Each breakpoint may be enabled or disabled; if disabled, it has no effect on your program until you enable it again.
Some gdb commands accept a range of breakpoints on which to operate. A breakpoint range is either a single breakpoint number, like `5', or two such numbers, in increasing order, separated by a hyphen, like `5-7'. When a breakpoint range is given to a command, all breakpoints in that range are operated on.
Breakpoints are set with the break command (abbreviated
b). The debugger convenience variable `$bpnum' records the
number of the breakpoint you've set most recently; see Convenience Variables, for a discussion of what you can do with
convenience variables.
break locationWhen using source languages that permit overloading of symbols, such as C++, a function name may refer to more than one possible place to break. See Ambiguous Expressions, for a discussion of that situation.
It is also possible to insert a breakpoint that will stop the program
only if a specific thread (see Thread-Specific Breakpoints)
or a specific task (see Ada Tasks) hits that breakpoint.
breakbreak sets a breakpoint at
the next instruction to be executed in the selected stack frame
(see Examining the Stack). In any selected frame but the
innermost, this makes your program stop as soon as control
returns to that frame. This is similar to the effect of a
finish command in the frame inside the selected frame—except
that finish does not leave an active breakpoint. If you use
break without an argument in the innermost frame, gdb stops
the next time it reaches the current location; this may be useful
inside loops.
gdb normally ignores breakpoints when it resumes execution, until at
least one instruction has been executed. If it did not do this, you
would be unable to proceed past a breakpoint without first disabling the
breakpoint. This rule applies whether or not the breakpoint already
existed when your program stopped.
break ... if condtbreak argsbreak command, and the breakpoint is set in the same
way, but the breakpoint is automatically deleted after the first time your
program stops there. See Disabling Breakpoints.
hbreak argsbreak command and the breakpoint is set in the same way, but the
breakpoint requires hardware support and some target hardware may not
have this support. The main purpose of this is EPROM/ROM code
debugging, so you can set a breakpoint at an instruction without
changing the instruction. This can be used with the new trap-generation
provided by SPARClite DSU and most x86-based targets. These targets
will generate traps when a program accesses some data or instruction
address that is assigned to the debug registers. However the hardware
breakpoint registers can take a limited number of breakpoints. For
example, on the DSU, only two data breakpoints can be set at a time, and
gdb will reject this command if more than two are used. Delete
or disable unused hardware breakpoints before setting new ones
(see Disabling Breakpoints).
See Break Conditions.
For remote targets, you can restrict the number of hardware
breakpoints gdb will use, see set remote hardware-breakpoint-limit.
thbreak argshbreak command and the breakpoint is set in
the same way. However, like the tbreak command,
the breakpoint is automatically deleted after the
first time your program stops there. Also, like the hbreak
command, the breakpoint requires hardware support and some target hardware
may not have this support. See Disabling Breakpoints.
See also Break Conditions.
rbreak regexbreak command. You can delete them, disable them, or make
them conditional the same way as any other breakpoint.
The syntax of the regular expression is the standard one used with tools
like grep. Note that this is different from the syntax used by
shells, so for instance foo* matches all functions that include
an fo followed by zero or more os. There is an implicit
.* leading and trailing the regular expression you supply, so to
match only functions that begin with foo, use ^foo.
When debugging C++ programs, rbreak is useful for setting
breakpoints on overloaded functions that are not members of any special
classes.
The rbreak command can be used to set breakpoints in
all the functions in a program, like this:
(gdb) rbreak .
info breakpoints [n]info break [n]info watchpoints [n]If a breakpoint is conditional, info break shows the condition on
the line following the affected breakpoint; breakpoint commands, if any,
are listed after that. A pending breakpoint is allowed to have a condition
specified for it. The condition is not parsed for validity until a shared
library is loaded that allows the pending breakpoint to resolve to a
valid location.
info break with a breakpoint
number n as argument lists only that breakpoint. The
convenience variable $_ and the default examining-address for
the x command are set to the address of the last breakpoint
listed (see Examining Memory).
info break displays a count of the number of times the breakpoint
has been hit. This is especially useful in conjunction with the
ignore command. You can ignore a large number of breakpoint
hits, look at the breakpoint info to see how many times the breakpoint
was hit, and then run again, ignoring one less than that number. This
will get you quickly to the last hit of that breakpoint.
gdb allows you to set any number of breakpoints at the same place in your program. There is nothing silly or meaningless about this. When the breakpoints are conditional, this is even useful (see Break Conditions).
It is possible that a breakpoint corresponds to several locations in your program. Examples of this situation are:
In all those cases, gdb will insert a breakpoint at all the relevant locations4.
A breakpoint with multiple locations is displayed in the breakpoint table using several rows—one header row, followed by one row for each breakpoint location. The header row has `<MULTIPLE>' in the address column. The rows for individual locations contain the actual addresses for locations, and show the functions to which those locations belong. The number column for a location is of the form breakpoint-number.location-number.
For example:
Num Type Disp Enb Address What
1 breakpoint keep y <MULTIPLE>
stop only if i==1
breakpoint already hit 1 time
1.1 y 0x080486a2 in void foo<int>() at t.cc:8
1.2 y 0x080486ca in void foo<double>() at t.cc:8
Each location can be individually enabled or disabled by passing
breakpoint-number.location-number as argument to the
enable and disable commands. Note that you cannot
delete the individual locations from the list, you can only delete the
entire list of locations that belong to their parent breakpoint (with
the delete num command, where num is the number of
the parent breakpoint, 1 in the above example). Disabling or enabling
the parent breakpoint (see Disabling) affects all of the locations
that belong to that breakpoint.
It's quite common to have a breakpoint inside a shared library. Shared libraries can be loaded and unloaded explicitly, and possibly repeatedly, as the program is executed. To support this use case, gdb updates breakpoint locations whenever any shared library is loaded or unloaded. Typically, you would set a breakpoint in a shared library at the beginning of your debugging session, when the library is not loaded, and when the symbols from the library are not available. When you try to set breakpoint, gdb will ask you if you want to set a so called pending breakpoint—breakpoint whose address is not yet resolved.
After the program is run, whenever a new shared library is loaded, gdb reevaluates all the breakpoints. When a newly loaded shared library contains the symbol or line referred to by some pending breakpoint, that breakpoint is resolved and becomes an ordinary breakpoint. When a library is unloaded, all breakpoints that refer to its symbols or source lines become pending again.
This logic works for breakpoints with multiple locations, too. For example, if you have a breakpoint in a C++ template function, and a newly loaded shared library has an instantiation of that template, a new location is added to the list of locations for the breakpoint.
Except for having unresolved address, pending breakpoints do not differ from regular breakpoints. You can set conditions or commands, enable and disable them and perform other breakpoint operations.
gdb provides some additional commands for controlling what happens when the `break' command cannot resolve breakpoint address specification to an address:
set breakpoint pending autoset breakpoint pending onset breakpoint pending offshow breakpoint pendingThe settings above only affect the break command and its
variants. Once breakpoint is set, it will be automatically updated
as shared libraries are loaded and unloaded.
For some targets, gdb can automatically decide if hardware or
software breakpoints should be used, depending on whether the
breakpoint address is read-only or read-write. This applies to
breakpoints set with the break command as well as to internal
breakpoints set by commands like next and finish. For
breakpoints set with hbreak, gdb will always use hardware
breakpoints.
You can control this automatic behaviour with the following commands::
set breakpoint auto-hw onset breakpoint auto-hw offgdb normally implements breakpoints by replacing the program code at the breakpoint address with a special instruction, which, when executed, given control to the debugger. By default, the program code is so modified only when the program is resumed. As soon as the program stops, gdb restores the original instructions. This behaviour guards against leaving breakpoints inserted in the target should gdb abrubptly disconnect. However, with slow remote targets, inserting and removing breakpoint can reduce the performance. This behavior can be controlled with the following commands::
set breakpoint always-inserted offset breakpoint always-inserted onset breakpoint always-inserted autobreakpoint always-inserted mode is on. If gdb is
controlling the inferior in all-stop mode, gdb behaves as if
breakpoint always-inserted mode is off.
gdb itself sometimes sets breakpoints in your program for
special purposes, such as proper handling of longjmp (in C
programs). These internal breakpoints are assigned negative numbers,
starting with -1; `info breakpoints' does not display them.
You can see these breakpoints with the gdb maintenance command
`maint info breakpoints' (see maint info breakpoints).
You can use a watchpoint to stop execution whenever the value of an expression changes, without having to predict a particular place where this may happen. (This is sometimes called a data breakpoint.) The expression may be as simple as the value of a single variable, or as complex as many variables combined by operators. Examples include:
int occupies 4 bytes).
You can set a watchpoint on an expression even if the expression can
not be evaluated yet. For instance, you can set a watchpoint on
`*global_ptr' before `global_ptr' is initialized.
gdb will stop when your program sets `global_ptr' and
the expression produces a valid value. If the expression becomes
valid in some other way than changing a variable (e.g. if the memory
pointed to by `*global_ptr' becomes readable as the result of a
malloc call), gdb may not stop until the next time
the expression changes.
Depending on your system, watchpoints may be implemented in software or hardware. gdb does software watchpointing by single-stepping your program and testing the variable's value each time, which is hundreds of times slower than normal execution. (But this may still be worth it, to catch errors where you have no clue what part of your program is the culprit.)
On some systems, such as HP-UX, PowerPC, gnu/Linux and most other x86-based targets, gdb includes support for hardware watchpoints, which do not slow down the running of your program.
watch expr [thread threadnum] (gdb) watch foo
If the command includes a [thread threadnum]
clause, gdb breaks only when the thread identified by
threadnum changes the value of expr. If any other threads
change the value of expr, gdb will not break. Note
that watchpoints restricted to a single thread in this way only work
with Hardware Watchpoints.
rwatch expr [thread threadnum]awatch expr [thread threadnum]info watchpointsinfo break (see Set Breaks).
gdb sets a hardware watchpoint if possible. Hardware watchpoints execute very quickly, and the debugger reports a change in value at the exact instruction where the change occurs. If gdb cannot set a hardware watchpoint, it sets a software watchpoint, which executes more slowly and reports the change in value at the next statement, not the instruction, after the change occurs.
You can force gdb to use only software watchpoints with the
set can-use-hw-watchpoints 0 command. With this variable set to
zero, gdb will never try to use hardware watchpoints, even if
the underlying system supports them. (Note that hardware-assisted
watchpoints that were set before setting
can-use-hw-watchpoints to zero will still use the hardware
mechanism of watching expression values.)
set can-use-hw-watchpointsshow can-use-hw-watchpointsFor remote targets, you can restrict the number of hardware watchpoints gdb will use, see set remote hardware-breakpoint-limit.
When you issue the watch command, gdb reports
Hardware watchpoint num: expr
if it was able to set a hardware watchpoint.
Currently, the awatch and rwatch commands can only set
hardware watchpoints, because accesses to data that don't change the
value of the watched expression cannot be detected without examining
every instruction as it is being executed, and gdb does not do
that currently. If gdb finds that it is unable to set a
hardware breakpoint with the awatch or rwatch command, it
will print a message like this:
Expression cannot be implemented with read/access watchpoint.
Sometimes, gdb cannot set a hardware watchpoint because the data type of the watched expression is wider than what a hardware watchpoint on the target machine can handle. For example, some systems can only watch regions that are up to 4 bytes wide; on such systems you cannot set hardware watchpoints for an expression that yields a double-precision floating-point number (which is typically 8 bytes wide). As a work-around, it might be possible to break the large region into a series of smaller ones and watch them with separate watchpoints.
If you set too many hardware watchpoints, gdb might be unable to insert all of them when you resume the execution of your program. Since the precise number of active watchpoints is unknown until such time as the program is about to be resumed, gdb might not be able to warn you about this when you set the watchpoints, and the warning will be printed only when the program is resumed:
Hardware watchpoint num: Could not insert watchpoint
If this happens, delete or disable some of the watchpoints.
Watching complex expressions that reference many variables can also exhaust the resources available for hardware-assisted watchpoints. That's because gdb needs to watch every variable in the expression with separately allocated resources.
If you call a function interactively using print or call,
any watchpoints you have set will be inactive until gdb reaches another
kind of breakpoint or the call completes.
gdb automatically deletes watchpoints that watch local
(automatic) variables, or expressions that involve such variables, when
they go out of scope, that is, when the execution leaves the block in
which these variables were defined. In particular, when the program
being debugged terminates, all local variables go out of scope,
and so only watchpoints that watch global variables remain set. If you
rerun the program, you will need to set all such watchpoints again. One
way of doing that would be to set a code breakpoint at the entry to the
main function and when it breaks, set all the watchpoints.
In multi-threaded programs, watchpoints will detect changes to the watched expression from every thread.
Warning: In multi-threaded programs, software watchpoints have only limited usefulness. If gdb creates a software watchpoint, it can only watch the value of an expression in a single thread. If you are confident that the expression can only change due to the current thread's activity (and if you are also confident that no other thread can become current), then you can use software watchpoints as usual. However, gdb may not notice when a non-current thread's activity changes the expression. (Hardware watchpoints, in contrast, watch an expression in all threads.)
See set remote hardware-watchpoint-limit.
You can use catchpoints to cause the debugger to stop for certain
kinds of program events, such as C++ exceptions or the loading of a
shared library. Use the catch command to set a catchpoint.
catch eventthrowcatchexceptioncatch exception Program_Error),
the debugger will stop only when this specific exception is raised.
Otherwise, the debugger stops execution when any Ada exception is raised.
When inserting an exception catchpoint on a user-defined exception whose
name is identical to one of the exceptions defined by the language, the
fully qualified name must be used as the exception name. Otherwise,
gdb will assume that it should stop on the pre-defined exception
rather than the user-defined one. For instance, assuming an exception
called Constraint_Error is defined in package Pck, then
the command to use to catch such exceptions is catch exception
Pck.Constraint_Error.
exception unhandledassertexecexec. This is currently only available for HP-UX
and gnu/Linux.
syscallsyscall [name | number] ...name can be any system call name that is valid for the underlying OS. Just what syscalls are valid depends on the OS. On GNU and Unix systems, you can find the full list of valid syscall names on /usr/include/asm/unistd.h.
Normally, gdb knows in advance which syscalls are valid for each OS, so you can use the gdb command-line completion facilities (see command completion) to list the available choices.
You may also specify the system call numerically. A syscall's number is the value passed to the OS's syscall dispatcher to identify the requested service. When you specify the syscall by its name, gdb uses its database of syscalls to convert the name into the corresponding numeric code, but using the number directly may be useful if gdb's database does not have the complete list of syscalls on your system (e.g., because gdb lags behind the OS upgrades).
The example below illustrates how this command works if you don't provide arguments to it:
(gdb) catch syscall
Catchpoint 1 (syscall)
(gdb) r
Starting program: /tmp/catch-syscall
Catchpoint 1 (call to syscall 'close'), \
0xffffe424 in __kernel_vsyscall ()
(gdb) c
Continuing.
Catchpoint 1 (returned from syscall 'close'), \
0xffffe424 in __kernel_vsyscall ()
(gdb)
Here is an example of catching a system call by name:
(gdb) catch syscall chroot
Catchpoint 1 (syscall 'chroot' [61])
(gdb) r
Starting program: /tmp/catch-syscall
Catchpoint 1 (call to syscall 'chroot'), \
0xffffe424 in __kernel_vsyscall ()
(gdb) c
Continuing.
Catchpoint 1 (returned from syscall 'chroot'), \
0xffffe424 in __kernel_vsyscall ()
(gdb)
An example of specifying a system call numerically. In the case below, the syscall number has a corresponding entry in the XML file, so gdb finds its name and prints it:
(gdb) catch syscall 252
Catchpoint 1 (syscall(s) 'exit_group')
(gdb) r
Starting program: /tmp/catch-syscall
Catchpoint 1 (call to syscall 'exit_group'), \
0xffffe424 in __kernel_vsyscall ()
(gdb) c
Continuing.
Program exited normally.
(gdb)
However, there can be situations when there is no corresponding name in XML file for that syscall number. In this case, gdb prints a warning message saying that it was not able to find the syscall name, but the catchpoint will be set anyway. See the example below:
(gdb) catch syscall 764
warning: The number '764' does not represent a known syscall.
Catchpoint 2 (syscall 764)
(gdb)
If you configure gdb using the `--without-expat' option, it will not be able to display syscall names. Also, if your architecture does not have an XML file describing its system calls, you will not be able to see the syscall names. It is important to notice that these two features are used for accessing the syscall name database. In either case, you will see a warning like this:
(gdb) catch syscall
warning: Could not open "syscalls/i386-linux.xml"
warning: Could not load the syscall XML file 'syscalls/i386-linux.xml'.
GDB will not be able to display syscall names.
Catchpoint 1 (syscall)
(gdb)
Of course, the file name will change depending on your architecture and system.
Still using the example above, you can also try to catch a syscall by its number. In this case, you would see something like:
(gdb) catch syscall 252
Catchpoint 1 (syscall(s) 252)
Again, in this case gdb would not be able to display syscall's names.
forkfork. This is currently only available for HP-UX
and gnu/Linux.
vforkvfork. This is currently only available for HP-UX
and gnu/Linux.
tcatch eventUse the info break command to list the current catchpoints.
There are currently some limitations to C++ exception handling
(catch throw and catch catch) in gdb:
Sometimes catch is not the best way to debug exception handling:
if you need to know exactly where an exception is raised, it is better to
stop before the exception handler is called, since that way you
can see the stack before any unwinding takes place. If you set a
breakpoint in an exception handler instead, it may not be easy to find
out where the exception was raised.
To stop just before an exception handler is called, you need some
knowledge of the implementation. In the case of gnu C++, exceptions are
raised by calling a library function named __raise_exception
which has the following ANSI C interface:
/* addr is where the exception identifier is stored.
id is the exception identifier. */
void __raise_exception (void **addr, void *id);
To make the debugger catch all exceptions before any stack
unwinding takes place, set a breakpoint on __raise_exception
(see Breakpoints; Watchpoints; and Exceptions).
With a conditional breakpoint (see Break Conditions) that depends on the value of id, you can stop your program when a specific exception is raised. You can use multiple conditional breakpoints to stop your program when any of a number of exceptions are raised.
It is often necessary to eliminate a breakpoint, watchpoint, or catchpoint once it has done its job and you no longer want your program to stop there. This is called deleting the breakpoint. A breakpoint that has been deleted no longer exists; it is forgotten.
With the clear command you can delete breakpoints according to
where they are in your program. With the delete command you can
delete individual breakpoints, watchpoints, or catchpoints by specifying
their breakpoint numbers.
It is not necessary to delete a breakpoint to proceed past it. gdb automatically ignores breakpoints on the first instruction to be executed when you continue execution without changing the execution address.
clearclear locationclear functionclear filename:functionclear linenumclear filename:linenumdelete [breakpoints] [range...]set
confirm off). You can abbreviate this command as d.
Rather than deleting a breakpoint, watchpoint, or catchpoint, you might prefer to disable it. This makes the breakpoint inoperative as if it had been deleted, but remembers the information on the breakpoint so that you can enable it again later.
You disable and enable breakpoints, watchpoints, and catchpoints with
the enable and disable commands, optionally specifying one
or more breakpoint numbers as arguments. Use info break or
info watch to print a list of breakpoints, watchpoints, and
catchpoints if you do not know which numbers to use.
Disabling and enabling a breakpoint that has multiple locations affects all of its locations.
A breakpoint, watchpoint, or catchpoint can have any of four different states of enablement:
break command starts out in this state.
tbreak command starts out in this state.
You can use the following commands to enable or disable breakpoints, watchpoints, and catchpoints:
disable [breakpoints] [range...]disable as dis.
enable [breakpoints] [range...]enable [breakpoints] once range...enable [breakpoints] delete range...tbreak command start out in this state.
Except for a breakpoint set with tbreak (see Setting Breakpoints), breakpoints that you set are initially enabled;
subsequently, they become disabled or enabled only when you use one of
the commands above. (The command until can set and delete a
breakpoint of its own, but it does not change the state of your other
breakpoints; see Continuing and Stepping.)
The simplest sort of breakpoint breaks every time your program reaches a specified place. You can also specify a condition for a breakpoint. A condition is just a Boolean expression in your programming language (see Expressions). A breakpoint with a condition evaluates the expression each time your program reaches it, and your program stops only if the condition is true.
This is the converse of using assertions for program validation; in that situation, you want to stop when the assertion is violated—that is, when the condition is false. In C, if you want to test an assertion expressed by the condition assert, you should set the condition `! assert' on the appropriate breakpoint.
Conditions are also accepted for watchpoints; you may not need them, since a watchpoint is inspecting the value of an expression anyhow—but it might be simpler, say, to just set a watchpoint on a variable name, and specify a condition that tests whether the new value is an interesting one.
Break conditions can have side effects, and may even call functions in your program. This can be useful, for example, to activate functions that log program progress, or to use your own print functions to format special data structures. The effects are completely predictable unless there is another enabled breakpoint at the same address. (In that case, gdb might see the other breakpoint first and stop your program without checking the condition of this one.) Note that breakpoint commands are usually more convenient and flexible than break conditions for the purpose of performing side effects when a breakpoint is reached (see Breakpoint Command Lists).
Break conditions can be specified when a breakpoint is set, by using
`if' in the arguments to the break command. See Setting Breakpoints. They can also be changed at any time
with the condition command.
You can also use the if keyword with the watch command.
The catch command does not recognize the if keyword;
condition is the only way to impose a further condition on a
catchpoint.
condition bnum expressioncondition, gdb checks expression immediately for
syntactic correctness, and to determine whether symbols in it have
referents in the context of your breakpoint. If expression uses
symbols not referenced in the context of the breakpoint, gdb
prints an error message:
No symbol "foo" in current context.
gdb does
not actually evaluate expression at the time the condition
command (or a command that sets a breakpoint with a condition, like
break if ...) is given, however. See Expressions.
condition bnumA special case of a breakpoint condition is to stop only when the breakpoint has been reached a certain number of times. This is so useful that there is a special way to do it, using the ignore count of the breakpoint. Every breakpoint has an ignore count, which is an integer. Most of the time, the ignore count is zero, and therefore has no effect. But if your program reaches a breakpoint whose ignore count is positive, then instead of stopping, it just decrements the ignore count by one and continues. As a result, if the ignore count value is n, the breakpoint does not stop the next n times your program reaches it.
ignore bnum countTo make the breakpoint stop the next time it is reached, specify a count of zero.
When you use continue to resume execution of your program from a
breakpoint, you can specify an ignore count directly as an argument to
continue, rather than using ignore. See Continuing and Stepping.
If a breakpoint has a positive ignore count and a condition, the condition is not checked. Once the ignore count reaches zero, gdb resumes checking the condition.
You could achieve the effect of the ignore count with a condition such as `$foo-- <= 0' using a debugger convenience variable that is decremented each time. See Convenience Variables.
Ignore counts apply to breakpoints, watchpoints, and catchpoints.
You can give any breakpoint (or watchpoint or catchpoint) a series of commands to execute when your program stops due to that breakpoint. For example, you might want to print the values of certain expressions, or enable other breakpoints.
commands [bnum]... command-list ...endend to terminate the commands.
To remove all commands from a breakpoint, type commands and
follow it immediately with end; that is, give no commands.
With no bnum argument, commands refers to the last
breakpoint, watchpoint, or catchpoint set (not to the breakpoint most
recently encountered).
Pressing <RET> as a means of repeating the last gdb command is disabled within a command-list.
You can use breakpoint commands to start your program up again. Simply
use the continue command, or step, or any other command
that resumes execution.
Any other commands in the command list, after a command that resumes
execution, are ignored. This is because any time you resume execution
(even with a simple next or step), you may encounter
another breakpoint—which could have its own command list, leading to
ambiguities about which list to execute.
If the first command you specify in a command list is silent, the
usual message about stopping at a breakpoint is not printed. This may
be desirable for breakpoints that are to print a specific message and
then continue. If none of the remaining commands print anything, you
see no sign that the breakpoint was reached. silent is
meaningful only at the beginning of a breakpoint command list.
The commands echo, output, and printf allow you to
print precisely controlled output, and are often useful in silent
breakpoints. See Commands for Controlled Output.
For example, here is how you could use breakpoint commands to print the
value of x at entry to foo whenever x is positive.
break foo if x>0
commands
silent
printf "x is %d\n",x
cont
end
One application for breakpoint commands is to compensate for one bug so
you can test for another. Put a breakpoint just after the erroneous line
of code, give it a condition to detect the case in which something
erroneous has been done, and give it commands to assign correct values
to any variables that need them. End with the continue command
so that your program does not stop, and start with the silent
command so that no output is produced. Here is an example:
break 403
commands
silent
set x = y + 4
cont
end
If you request too many active hardware-assisted breakpoints and watchpoints, you will see this error message:
Stopped; cannot insert breakpoints.
You may have requested too many hardware breakpoints and watchpoints.
This message is printed when you attempt to resume the program, since only then gdb knows exactly how many hardware breakpoints and watchpoints it needs to insert.
When this message is printed, you need to disable or remove some of the hardware-assisted breakpoints and watchpoints, and then continue.
Some processor architectures place constraints on the addresses at which breakpoints may be placed. For architectures thus constrained, gdb will attempt to adjust the breakpoint's address to comply with the constraints dictated by the architecture.
One example of such an architecture is the Fujitsu FR-V. The FR-V is a VLIW architecture in which a number of RISC-like instructions may be bundled together for parallel execution. The FR-V architecture constrains the location of a breakpoint instruction within such a bundle to the instruction with the lowest address. gdb honors this constraint by adjusting a breakpoint's address to the first in the bundle.
It is not uncommon for optimized code to have bundles which contain instructions from different source statements, thus it may happen that a breakpoint's address will be adjusted from one source statement to another. Since this adjustment may significantly alter gdb's breakpoint related behavior from what the user expects, a warning is printed when the breakpoint is first set and also when the breakpoint is hit.
A warning like the one below is printed when setting a breakpoint that's been subject to address adjustment:
warning: Breakpoint address adjusted from 0x00010414 to 0x00010410.
Such warnings are printed both for user settable and gdb's internal breakpoints. If you see one of these warnings, you should verify that a breakpoint set at the adjusted address will have the desired affect. If not, the breakpoint in question may be removed and other breakpoints may be set which will have the desired behavior. E.g., it may be sufficient to place the breakpoint at a later instruction. A conditional breakpoint may also be useful in some cases to prevent the breakpoint from triggering too often.
gdb will also issue a warning when stopping at one of these adjusted breakpoints:
warning: Breakpoint 1 address previously adjusted from 0x00010414
to 0x00010410.
When this warning is encountered, it may be too late to take remedial action except in cases where the breakpoint is hit earlier or more frequently than expected.
Continuing means resuming program execution until your program
completes normally. In contrast, stepping means executing just
one more “step” of your program, where “step” may mean either one
line of source code, or one machine instruction (depending on what
particular command you use). Either when continuing or when stepping,
your program may stop even sooner, due to a breakpoint or a signal. (If
it stops due to a signal, you may want to use handle, or use
`signal 0' to resume execution. See Signals.)
continue [ignore-count]c [ignore-count]fg [ignore-count]ignore (see Break Conditions).
The argument ignore-count is meaningful only when your program
stopped due to a breakpoint. At other times, the argument to
continue is ignored.
The synonyms c and fg (for foreground, as the
debugged program is deemed to be the foreground program) are provided
purely for convenience, and have exactly the same behavior as
continue.
To resume execution at a different place, you can use return
(see Returning from a Function) to go back to the
calling function; or jump (see Continuing at a Different Address) to go to an arbitrary location in your program.
A typical technique for using stepping is to set a breakpoint (see Breakpoints; Watchpoints; and Catchpoints) at the beginning of the function or the section of your program where a problem is believed to lie, run your program until it stops at that breakpoint, and then step through the suspect area, examining the variables that are interesting, until you see the problem happen.
steps.
Warning: If you use thestepcommand while control is within a function that was compiled without debugging information, execution proceeds until control reaches a function that does have debugging information. Likewise, it will not step into a function which is compiled without debugging information. To step through functions without debugging information, use thestepicommand, described below.
The step command only stops at the first instruction of a source
line. This prevents the multiple stops that could otherwise occur in
switch statements, for loops, etc. step continues
to stop if a function that has debugging information is called within
the line. In other words, step steps inside any functions
called within the line.
Also, the step command only enters a function if there is line
number information for the function. Otherwise it acts like the
next command. This avoids problems when using cc -gl
on MIPS machines. Previously, step entered subroutines if there
was any debugging information about the routine.
step countstep, but do so count times. If a
breakpoint is reached, or a signal not related to stepping occurs before
count steps, stepping stops right away.
next [count]step, but function calls that appear within
the line of code are executed without stopping. Execution stops when
control reaches a different line of code at the original stack level
that was executing when you gave the next command. This command
is abbreviated n.
An argument count is a repeat count, as for step.
The next command only stops at the first instruction of a
source line. This prevents multiple stops that could otherwise occur in
switch statements, for loops, etc.
set step-modeset step-mode onset step-mode on command causes the step command to
stop at the first instruction of a function which contains no debug line
information rather than stepping over it.
This is useful in cases where you may be interested in inspecting the
machine instructions of a function which has no symbolic info and do not
want gdb to automatically skip over this function.
set step-mode offstep command to step over any functions which contains no
debug information. This is the default.
show step-modefinishfin.
Contrast this with the return command (see Returning from a Function).
untilunext
command, except that when until encounters a jump, it
automatically continues execution until the program counter is greater
than the address of the jump.
This means that when you reach the end of a loop after single stepping
though it, until makes your program continue execution until it
exits the loop. In contrast, a next command at the end of a loop
simply steps back to the beginning of the loop, which forces you to step
through the next iteration.
until always stops your program if it attempts to exit the current
stack frame.
until may produce somewhat counterintuitive results if the order
of machine code does not match the order of the source lines. For
example, in the following excerpt from a debugging session, the f
(frame) command shows that execution is stopped at line
206; yet when we use until, we get to line 195:
(gdb) f
#0 main (argc=4, argv=0xf7fffae8) at m4.c:206
206 expand_input();
(gdb) until
195 for ( ; argc > 0; NEXTARG) {
This happened because, for execution efficiency, the compiler had
generated code for the loop closure test at the end, rather than the
start, of the loop—even though the test in a C for-loop is
written before the body of the loop. The until command appeared
to step back to the beginning of the loop when it advanced to this
expression; however, it has not really gone to an earlier
statement—not in terms of the actual machine code.
until with no argument works by means of single
instruction stepping, and hence is slower than until with an
argument.
until locationu locationuntil without an argument. The specified
location is actually reached only if it is in the current frame. This
implies that until can be used to skip over recursive function
invocations. For instance in the code below, if the current location is
line 96, issuing until 99 will execute the program up to
line 99 in the same invocation of factorial, i.e., after the inner
invocations have returned.
94 int factorial (int value)
95 {
96 if (value > 1) {
97 value *= factorial (value - 1);
98 }
99 return (value);
100 }
advance locationuntil, but advance will
not skip over recursive function calls, and the target location doesn't
have to be in the same frame as the current one.
stepistepi argsiIt is often useful to do `display/i $pc' when stepping by machine instructions. This makes gdb automatically display the next instruction to be executed, each time your program stops. See Automatic Display.
An argument is a repeat count, as in step.
nextinexti argniAn argument is a repeat count, as in next.
A signal is an asynchronous event that can happen in a program. The
operating system defines the possible kinds of signals, and gives each
kind a name and a number. For example, in Unix SIGINT is the
signal a program gets when you type an interrupt character (often Ctrl-c);
SIGSEGV is the signal a program gets from referencing a place in
memory far away from all the areas in use; SIGALRM occurs when
the alarm clock timer goes off (which happens only if your program has
requested an alarm).
Some signals, including SIGALRM, are a normal part of the
functioning of your program. Others, such as SIGSEGV, indicate
errors; these signals are fatal (they kill your program immediately) if the
program has not specified in advance some other way to handle the signal.
SIGINT does not indicate an error in your program, but it is normally
fatal so it can carry out the purpose of the interrupt: to kill the program.
gdb has the ability to detect any occurrence of a signal in your program. You can tell gdb in advance what to do for each kind of signal.
Normally, gdb is set up to let the non-erroneous signals like
SIGALRM be silently passed to your program
(so as not to interfere with their role in the program's functioning)
but to stop your program immediately whenever an error signal happens.
You can change these settings with the handle command.
info signalsinfo handleinfo signals siginfo handle is an alias for info signals.
handle signal [keywords...]The keywords allowed by the handle command can be abbreviated.
Their full names are:
nostopstopprint keyword as well.
printnoprintnostop keyword as well.
passnoignorepass and noignore are synonyms.
nopassignorenopass and ignore are synonyms.
When a signal stops your program, the signal is not visible to the
program until you
continue. Your program sees the signal then, if pass is in
effect for the signal in question at that time. In other words,
after gdb reports a signal, you can use the handle
command with pass or nopass to control whether your
program sees that signal when you continue.
The default is set to nostop, noprint, pass for
non-erroneous signals such as SIGALRM, SIGWINCH and
SIGCHLD, and to stop, print, pass for the
erroneous signals.
You can also use the signal command to prevent your program from
seeing a signal, or cause it to see a signal it normally would not see,
or to give it any signal at any time. For example, if your program stopped
due to some sort of memory reference error, you might store correct
values into the erroneous variables and continue, hoping to see more
execution; but your program would probably terminate immediately as
a result of the fatal signal once it saw the signal. To prevent this,
you can continue with `signal 0'. See Giving your Program a Signal.
On some targets, gdb can inspect extra signal information
associated with the intercepted signal, before it is actually
delivered to the program being debugged. This information is exported
by the convenience variable $_siginfo, and consists of data
that is passed by the kernel to the signal handler at the time of the
receipt of a signal. The data type of the information itself is
target dependent. You can see the data type using the ptype
$_siginfo command. On Unix systems, it typically corresponds to the
standard siginfo_t type, as defined in the signal.h
system header.
Here's an example, on a gnu/Linux system, printing the stray referenced address that raised a segmentation fault.
(gdb) continue
Program received signal SIGSEGV, Segmentation fault.
0x0000000000400766 in main ()
69 *(int *)p = 0;
(gdb) ptype $_siginfo
type = struct {
int si_signo;
int si_errno;
int si_code;
union {
int _pad[28];
struct {...} _kill;
struct {...} _timer;
struct {...} _rt;
struct {...} _sigchld;
struct {...} _sigfault;
struct {...} _sigpoll;
} _sifields;
}
(gdb) ptype $_siginfo._sifields._sigfault
type = struct {
void *si_addr;
}
(gdb) p $_siginfo._sifields._sigfault.si_addr
$1 = (void *) 0x7ffff7ff7000
Depending on target support, $_siginfo may also be writable.
gdb supports debugging programs with multiple threads (see Debugging Programs with Multiple Threads). There are two modes of controlling execution of your program within the debugger. In the default mode, referred to as all-stop mode, when any thread in your program stops (for example, at a breakpoint or while being stepped), all other threads in the program are also stopped by gdb. On some targets, gdb also supports non-stop mode, in which other threads can continue to run freely while you examine the stopped thread in the debugger.
In all-stop mode, whenever your program stops under gdb for any reason, all threads of execution stop, not just the current thread. This allows you to examine the overall state of the program, including switching between threads, without worrying that things may change underfoot.
Conversely, whenever you restart the program, all threads start
executing. This is true even when single-stepping with commands
like step or next.
In particular, gdb cannot single-step all threads in lockstep. Since thread scheduling is up to your debugging target's operating system (not controlled by gdb), other threads may execute more than one statement while the current thread completes a single step. Moreover, in general other threads stop in the middle of a statement, rather than at a clean statement boundary, when the program stops.
You might even find your program stopped in another thread after continuing or even single-stepping. This happens whenever some other thread runs into a breakpoint, a signal, or an exception before the first thread completes whatever you requested.
Whenever gdb stops your program, due to a breakpoint or a signal, it automatically selects the thread where that breakpoint or signal happened. gdb alerts you to the context switch with a message such as `[Switching to Thread n]' to identify the thread.
On some OSes, you can modify gdb's default behavior by locking the OS scheduler to allow only a single thread to run.
set scheduler-locking modeoff, then there is no
locking and any thread may run at any time. If on, then only the
current thread may run when the inferior is resumed. The step
mode optimizes for single-stepping; it prevents other threads
from preempting the current thread while you are stepping, so that
the focus of debugging does not change unexpectedly.
Other threads only rarely (or never) get a chance to run
when you step. They are more likely to run when you `next' over a
function call, and they are completely free to run when you use commands
like `continue', `until', or `finish'. However, unless another
thread hits a breakpoint during its timeslice, gdb does not change
the current thread away from the thread that you are debugging.
show scheduler-lockingBy default, when you issue one of the execution commands such as
continue, next or step, gdb allows only
threads of the current inferior to run. For example, if gdb
is attached to two inferiors, each with two threads, the
continue command resumes only the two threads of the current
inferior. This is useful, for example, when you debug a program that
forks and you want to hold the parent stopped (so that, for instance,
it doesn't run to exit), while you debug the child. In other
situations, you may not be interested in inspecting the current state
of any of the processes gdb is attached to, and you may want
to resume them all until some breakpoint is hit. In the latter case,
you can instruct gdb to allow all threads of all the
inferiors to run with the set schedule-multiple command.
set schedule-multipleon, all threads of
all processes are allowed to run. When off, only the threads
of the current process are resumed. The default is off. The
scheduler-locking mode takes precedence when set to on,
or while you are stepping and set to step.
show schedule-multipleFor some multi-threaded targets, gdb supports an optional mode of operation in which you can examine stopped program threads in the debugger while other threads continue to execute freely. This minimizes intrusion when debugging live systems, such as programs where some threads have real-time constraints or must continue to respond to external events. This is referred to as non-stop mode.
In non-stop mode, when a thread stops to report a debugging event,
only that thread is stopped; gdb does not stop other
threads as well, in contrast to the all-stop mode behavior. Additionally,
execution commands such as continue and step apply by default
only to the current thread in non-stop mode, rather than all threads as
in all-stop mode. This allows you to control threads explicitly in
ways that are not possible in all-stop mode — for example, stepping
one thread while allowing others to run freely, stepping
one thread while holding all others stopped, or stepping several threads
independently and simultaneously.
To enter non-stop mode, use this sequence of commands before you run or attach to your program:
# Enable the async interface.
set target-async 1
# If using the CLI, pagination breaks non-stop.
set pagination off
# Finally, turn it on!
set non-stop on
You can use these commands to manipulate the non-stop mode setting:
set non-stop onset non-stop offshow non-stopNote these commands only reflect whether non-stop mode is enabled,
not whether the currently-executing program is being run in non-stop mode.
In particular, the set non-stop preference is only consulted when
gdb starts or connects to the target program, and it is generally
not possible to switch modes once debugging has started. Furthermore,
since not all targets support non-stop mode, even when you have enabled
non-stop mode, gdb may still fall back to all-stop operation by
default.
In non-stop mode, all execution commands apply only to the current thread
by default. That is, continue only continues one thread.
To continue all threads, issue continue -a or c -a.
You can use gdb's background execution commands (see Background Execution) to run some threads in the background while you continue to examine or step others from gdb. The MI execution commands (see GDB/MI Program Execution) are always executed asynchronously in non-stop mode.
Suspending execution is done with the interrupt command when
running in the background, or Ctrl-c during foreground execution.
In all-stop mode, this stops the whole process;
but in non-stop mode the interrupt applies only to the current thread.
To stop the whole program, use interrupt -a.
Other execution commands do not currently support the -a option.
In non-stop mode, when a thread stops, gdb doesn't automatically make that thread current, as it does in all-stop mode. This is because the thread stop notifications are asynchronous with respect to gdb's command interpreter, and it would be confusing if gdb unexpectedly changed to a different thread just as you entered a command to operate on the previously current thread.
gdb's execution commands have two variants: the normal foreground (synchronous) behavior, and a background (asynchronous) behavior. In foreground execution, gdb waits for the program to report that some thread has stopped before prompting for another command. In background execution, gdb immediately gives a command prompt so that you can issue other commands while your program runs.
You need to explicitly enable asynchronous mode before you can use background execution commands. You can use these commands to manipulate the asynchronous mode setting:
set target-async onset target-async offshow target-asyncIf the target doesn't support async mode, gdb issues an error message if you attempt to use the background execution commands.
To specify background execution, add a & to the command. For example,
the background form of the continue command is continue&, or
just c&. The execution commands that accept background execution
are:
runattachstepstepinextnexticontinuefinishuntilBackground execution is especially useful in conjunction with non-stop
mode for debugging programs with multiple threads; see Non-Stop Mode.
However, you can also use these commands in the normal all-stop mode with
the restriction that you cannot issue another execution command until the
previous one finishes. Examples of commands that are valid in all-stop
mode while the program is running include help and info break.
You can interrupt your program while it is running in the background by
using the interrupt command.
interruptinterrupt -ainterrupt stops the whole process, but in non-stop mode, it stops
only the current thread. To stop the whole program in non-stop mode,
use interrupt -a.
When your program has multiple threads (see Debugging Programs with Multiple Threads), you can choose whether to set breakpoints on all threads, or on a particular thread.
break linespec thread threadnobreak linespec thread threadno if ...Use the qualifier `thread threadno' with a breakpoint command to specify that you only want gdb to stop the program when a particular thread reaches this breakpoint. threadno is one of the numeric thread identifiers assigned by gdb, shown in the first column of the `info threads' display.
If you do not specify `thread threadno' when you set a breakpoint, the breakpoint applies to all threads of your program.
You can use the thread qualifier on conditional breakpoints as
well; in this case, place `thread threadno' before the
breakpoint condition, like this:
(gdb) break frik.c:13 thread 28 if bartab > lim
There is an unfortunate side effect when using gdb to debug multi-threaded programs. If one thread stops for a breakpoint, or for some other reason, and another thread is blocked in a system call, then the system call may return prematurely. This is a consequence of the interaction between multiple threads and the signals that gdb uses to implement breakpoints and other events that stop execution.
To handle this problem, your program should check the return value of each system call and react appropriately. This is good programming style anyways.
For example, do not write code like this:
sleep (10);
The call to sleep will return early if a different thread stops
at a breakpoint or for some other reason.
Instead, write this:
int unslept = 10;
while (unslept > 0)
unslept = sleep (unslept);
A system call is allowed to return early, so the system is still conforming to its specification. But gdb does cause your multi-threaded program to behave differently than it would without gdb.
Also, gdb uses internal breakpoints in the thread library to monitor certain events such as thread creation and thread destruction. When such an event happens, a system call in another thread may return prematurely, even though your program does not appear to stop.
When you are debugging a program, it is not unusual to realize that you have gone too far, and some event of interest has already happened. If the target environment supports it, gdb can allow you to “rewind” the program by running it backward.
A target environment that supports reverse execution should be able to “undo” the changes in machine state that have taken place as the program was executing normally. Variables, registers etc. should revert to their previous values. Obviously this requires a great deal of sophistication on the part of the target environment; not all target environments can support reverse execution.
When a program is executed in reverse, the instructions that have most recently been executed are “un-executed”, in reverse order. The program counter runs backward, following the previous thread of execution in reverse. As each instruction is “un-executed”, the values of memory and/or registers that were changed by that instruction are reverted to their previous states. After executing a piece of source code in reverse, all side effects of that code should be “undone”, and all variables should be returned to their prior values5.
If you are debugging in a target environment that supports reverse execution, gdb provides the following commands.
reverse-continue [ignore-count]rc [ignore-count]reverse-step [count]Like the step command, reverse-step will only stop
at the beginning of a source line. It “un-executes” the previously
executed source line. If the previous source line included calls to
debuggable functions, reverse-step will step (backward) into
the called function, stopping at the beginning of the last
statement in the called function (typically a return statement).
Also, as with the step command, if non-debuggable functions are
called, reverse-step will run thru them backward without stopping.
reverse-stepi [count]reverse-stepi will take you
back from the destination of the jump to the jump instruction itself.
reverse-next [count]reverse-next will take you back
to the caller of that function, before the function was called,
just as the normal next command would take you from the last
line of a function back to its return to its caller
6.
reverse-nexti [count]nexti, reverse-nexti executes a single instruction
in reverse, except that called functions are “un-executed” atomically.
That is, if the previously executed instruction was a return from
another instruction, reverse-nexti will continue to execute
in reverse until the call to that function (from the current stack
frame) is reached.
reverse-finishfinish command takes you to the point where the
current function returns, reverse-finish takes you to the point
where it was called. Instead of ending up at the end of the current
function invocation, you end up at the beginning.
set exec-directionset exec-direction reversestep, stepi, next, nexti, continue, and finish. The return
command cannot be used in reverse mode.
set exec-direction forwardOn some platforms, gdb provides a special process record and replay target that can record a log of the process execution, and replay it later with both forward and reverse execution commands.
When this target is in use, if the execution log includes the record for the next instruction, gdb will debug in replay mode. In the replay mode, the inferior does not really execute code instructions. Instead, all the events that normally happen during code execution are taken from the execution log. While code is not really executed in replay mode, the values of registers (including the program counter register) and the memory of the inferior are still changed as they normally would. Their contents are taken from the execution log.
If the record for the next instruction is not in the execution log, gdb will debug in record mode. In this mode, the inferior executes normally, and gdb records the execution log for future replay.
The process record and replay target supports reverse execution (see Reverse Execution), even if the platform on which the inferior runs does not. However, the reverse execution is limited in this case by the range of the instructions recorded in the execution log. In other words, reverse execution on platforms that don't support it directly can only be done in the replay mode.
When debugging in the reverse direction, gdb will work in replay mode as long as the execution log includes the record for the previous instruction; otherwise, it will work in record mode, if the platform supports reverse execution, or stop if not.
For architecture environments that support process record and replay, gdb provides the following commands:
target recordBoth record and rec are aliases of target record.
Displaced stepping (see displaced stepping) will be automatically disabled when process record and replay target is started. That's because the process record and replay target doesn't support displaced stepping.
If the inferior is in the non-stop mode (see Non-Stop Mode) or in the asynchronous execution mode (see Background Execution), the process record and replay target cannot be started because it doesn't support these two modes.
record stopWhen you stop the process record and replay target in record mode (at the end of the execution log), the inferior will be stopped at the next instruction that would have been recorded. In other words, if you record for a while and then stop recording, the inferior process will be left in the same state as if the recording never happened.
On the other hand, if the process record and replay target is stopped while in replay mode (that is, not at the end of the execution log, but at some earlier point), the inferior process will become “live” at that earlier state, and it will then be possible to continue the usual “live” debugging of the process from that state.
When the inferior process exits, or gdb detaches from it, process record and replay target will automatically stop itself.
set record insn-number-max limitIf limit is a positive number, then gdb will start
deleting instructions from the log once the number of the record
instructions becomes greater than limit. For every new recorded
instruction, gdb will delete the earliest recorded
instruction to keep the number of recorded instructions at the limit.
(Since deleting recorded instructions loses information, gdb
lets you control what happens when the limit is reached, by means of
the stop-at-limit option, described below.)
If limit is zero, gdb will never delete recorded instructions from the execution log. The number of recorded instructions is unlimited in this case.
show record insn-number-maxset record stop-at-limitIf this option is OFF, gdb will automatically delete the oldest record to make room for each new one, without asking.
show record stop-at-limitstop-at-limit.
info record insn-numberrecord deleteWhen your program has stopped, the first thing you need to know is where it stopped and how it got there.
Each time your program performs a function call, information about the call is generated. That information includes the location of the call in your program, the arguments of the call, and the local variables of the function being called. The information is saved in a block of data called a stack frame. The stack frames are allocated in a region of memory called the call stack.
When your program stops, the gdb commands for examining the stack allow you to see all of this information.
One of the stack frames is selected by gdb and many gdb commands refer implicitly to the selected frame. In particular, whenever you ask gdb for the value of a variable in your program, the value is found in the selected frame. There are special gdb commands to select whichever frame you are interested in. See Selecting a Frame.
When your program stops, gdb automatically selects the
currently executing frame and describes it briefly, similar to the
frame command (see Information about a Frame).
The call stack is divided up into contiguous pieces called stack frames, or frames for short; each frame is the data associated with one call to one function. The frame contains the arguments given to the function, the function's local variables, and the address at which the function is executing.
When your program is started, the stack has only one frame, that of the
function main. This is called the initial frame or the
outermost frame. Each time a function is called, a new frame is
made. Each time a function returns, the frame for that function invocation
is eliminated. If a function is recursive, there can be many frames for
the same function. The frame for the function in which execution is
actually occurring is called the innermost frame. This is the most
recently created of all the stack frames that still exist.
Inside your program, stack frames are identified by their addresses. A stack frame consists of many bytes, each of which has its own address; each kind of computer has a convention for choosing one byte whose address serves as the address of the frame. Usually this address is kept in a register called the frame pointer register (see $fp) while execution is going on in that frame.
gdb assigns numbers to all existing stack frames, starting with zero for the innermost frame, one for the frame that called it, and so on upward. These numbers do not really exist in your program; they are assigned by gdb to give you a way of designating stack frames in gdb commands.
Some compilers provide a way to compile functions so that they operate without stack frames. (For example, the gcc option
`-fomit-frame-pointer'
generates functions without a frame.) This is occasionally done with heavily used library functions to save the frame setup time. gdb has limited facilities for dealing with these function invocations. If the innermost function invocation has no stack frame, gdb nevertheless regards it as though it had a separate frame, which is numbered zero as usual, allowing correct tracing of the function call chain. However, gdb has no provision for frameless functions elsewhere in the stack.
frame argsframe command allows you to move from one stack frame to another,
and to print the stack frame you select. args may be either the
address of the frame or the stack frame number. Without an argument,
frame prints the current stack frame.
select-frameselect-frame command allows you to move from one stack frame
to another without printing the frame. This is the silent version of
frame.
A backtrace is a summary of how your program got where it is. It shows one line per frame, for many frames, starting with the currently executing frame (frame zero), followed by its caller (frame one), and on up the stack.
backtracebtYou can stop the backtrace at any time by typing the system interrupt
character, normally Ctrl-c.
backtrace nbt nbacktrace -nbt -nbacktrace fullbt fullbt full nbt full -nThe names where and info stack (abbreviated info s)
are additional aliases for backtrace.
In a multi-threaded program, gdb by default shows the
backtrace only for the current thread. To display the backtrace for
several or all of the threads, use the command thread apply
(see thread apply). For example, if you type thread
apply all backtrace, gdb will display the backtrace for all
the threads; this is handy when you debug a core dump of a
multi-threaded program.
Each line in the backtrace shows the frame number and the function name.
The program counter value is also shown—unless you use set
print address off. The backtrace also shows the source file name and
line number, as well as the arguments to the function. The program
counter value is omitted if it is at the beginning of the code for that
line number.
Here is an example of a backtrace. It was made with the command `bt 3', so it shows the innermost three frames.
#0 m4_traceon (obs=0x24eb0, argc=1, argv=0x2b8c8)
at builtin.c:993
#1 0x6e38 in expand_macro (sym=0x2b600, data=...) at macro.c:242
#2 0x6840 in expand_token (obs=0x0, t=177664, td=0xf7fffb08)
at macro.c:71
(More stack frames follow...)
The display for frame zero does not begin with a program counter
value, indicating that your program has stopped at the beginning of the
code for line 993 of builtin.c.
The value of parameter data in frame 1 has been replaced by
.... By default, gdb prints the value of a parameter
only if it is a scalar (integer, pointer, enumeration, etc). See command
set print frame-arguments in Print Settings for more details
on how to configure the way function parameter values are printed.
If your program was compiled with optimizations, some compilers will optimize away arguments passed to functions if those arguments are never used after the call. Such optimizations generate code that passes arguments through registers, but doesn't store those arguments in the stack frame. gdb has no way of displaying such arguments in stack frames other than the innermost one. Here's what such a backtrace might look like:
#0 m4_traceon (obs=0x24eb0, argc=1, argv=0x2b8c8)
at builtin.c:993
#1 0x6e38 in expand_macro (sym=<value optimized out>) at macro.c:242
#2 0x6840 in expand_token (obs=0x0, t=<value optimized out>, td=0xf7fffb08)
at macro.c:71
(More stack frames follow...)
The values of arguments that were not saved in their stack frames are shown as `<value optimized out>'.
If you need to display the values of such optimized-out arguments, either deduce that from other variables whose values depend on the one you are interested in, or recompile without optimizations.
Most programs have a standard user entry point—a place where system
libraries and startup code transition into user code. For C this is
main7.
When gdb finds the entry function in a backtrace
it will terminate the backtrace, to avoid tracing into highly
system-specific (and generally uninteresting) code.
If you need to examine the startup code, or limit the number of levels in a backtrace, you can change this behavior:
set backtrace past-mainset backtrace past-main onset backtrace past-main offshow backtrace past-mainset backtrace past-entryset backtrace past-entry onmain (or equivalent) is called.
set backtrace past-entry offshow backtrace past-entryset backtrace limit nset backtrace limit 0show backtrace limitMost commands for examining the stack and other data in your program work on whichever stack frame is selected at the moment. Here are the commands for selecting a stack frame; all of them finish by printing a brief description of the stack frame just selected.
frame nf nmain.
frame addrf addrOn the SPARC architecture, frame needs two addresses to
select an arbitrary frame: a frame pointer and a stack pointer.
On the MIPS and Alpha architecture, it needs two addresses: a stack pointer and a program counter.
On the 29k architecture, it needs three addresses: a register stack pointer, a program counter, and a memory stack pointer.
up ndown ndown as do.
All of these commands end by printing two lines of output describing the frame. The first line shows the frame number, the function name, the arguments, and the source file and line number of execution in that frame. The second line shows the text of that source line.
For example:
(gdb) up
#1 0x22f0 in main (argc=1, argv=0xf7fffbf4, env=0xf7fffbfc)
at env.c:10
10 read_input_file (argv[i]);
After such a printout, the list command with no arguments
prints ten lines centered on the point of execution in the frame.
You can also edit the program at the point of execution with your favorite
editing program by typing edit.
See Printing Source Lines,
for details.
up-silently ndown-silently nup and down,
respectively; they differ in that they do their work silently, without
causing display of the new frame. They are intended primarily for use
in gdb command scripts, where the output might be unnecessary and
distracting.
There are several other commands to print information about the selected stack frame.
frameff. With an
argument, this command is used to select a stack frame.
See Selecting a Frame.
info frameinfo fThe verbose description is useful when
something has gone wrong that has made the stack format fail to fit
the usual conventions.
info frame addrinfo f addrframe command.
See Selecting a Frame.
info argsinfo localsinfo catchup,
down, or frame commands); then type info catch.
See Setting Catchpoints.
gdb can print parts of your program's source, since the debugging information recorded in the program tells gdb what source files were used to build it. When your program stops, gdb spontaneously prints the line where it stopped. Likewise, when you select a stack frame (see Selecting a Frame), gdb prints the line where execution in that frame has stopped. You can print other portions of source files by explicit command.
If you use gdb through its gnu Emacs interface, you may prefer to use Emacs facilities to view source; see Using gdb under gnu Emacs.
To print lines from a source file, use the list command
(abbreviated l). By default, ten lines are printed.
There are several ways to specify what part of the file you want to
print; see Specify Location, for the full list.
Here are the forms of the list command most commonly used:
list linenumlist functionlistlist command, this prints lines following the last lines
printed; however, if the last line printed was a solitary line printed
as part of displaying a stack frame (see Examining the Stack), this prints lines centered around that line.
list -By default, gdb prints ten source lines with any of these forms of
the list command. You can change this using set listsize:
set listsize countlist command display count source lines (unless
the list argument explicitly specifies some other number).
show listsizelist prints.
Repeating a list command with <RET> discards the argument,
so it is equivalent to typing just list. This is more useful
than listing the same lines again. An exception is made for an
argument of `-'; that argument is preserved in repetition so that
each repetition moves up in the source file.
In general, the list command expects you to supply zero, one or two
linespecs. Linespecs specify source lines; there are several ways
of writing them (see Specify Location), but the effect is always
to specify some source line.
Here is a complete description of the possible arguments for list:
list linespeclist first,lastlist command has two linespecs, and the
source file of the second linespec is omitted, this refers to
the same source file as the first linespec.
list ,lastlist first,list +list -listSeveral gdb commands accept arguments that specify a location of your program's code. Since gdb is a source-level debugger, a location usually specifies some line in the source code; for that reason, locations are also known as linespecs.
Here are all the different ways of specifying a code location that gdb understands:
-offset+offsetlist command, the current line is the last one
printed; for the breakpoint commands, this is the line at which
execution stopped in the currently selected stack frame
(see Frames, for a description of stack frames.) When
used as the second of the two linespecs in a list command,
this specifies the line offset lines up or down from the first
linespec.
:linenum:function*addresslist and edit, this specifies a source
line that contains address. For break and other
breakpoint oriented commands, this can be used to set breakpoints in
parts of your program which do not have debugging information or
source files.
Here address may be any expression valid in the current working language (see working language) that specifies a code address. In addition, as a convenience, gdb extends the semantics of expressions used in locations to cover the situations that frequently happen during debugging. Here are the various forms of address:
&function. In Ada, this is function'Address
(although the Pascal form also works).
This form specifies the address of the function's first instruction,
before the stack frame and arguments have been set up.
'filename'::funcaddr
To edit the lines in a source file, use the edit command.
The editing program of your choice
is invoked with the current line set to
the active line in the program.
Alternatively, there are several ways to specify what part of the file you
want to print if you want to see other parts of the program:
edit locationlocation. Editing starts at
that location, e.g., at the specified source line of the
specified file. See Specify Location, for all the possible forms
of the location argument; here are the forms of the edit
command most commonly used:
edit numberedit functionYou can customize gdb to use any editor you want
8.
By default, it is /bin/ex, but you can change this
by setting the environment variable EDITOR before using
gdb. For example, to configure gdb to use the
vi editor, you could use these commands with the sh shell:
EDITOR=/usr/bin/vi
export EDITOR
gdb ...
or in the csh shell,
setenv EDITOR /usr/bin/vi
gdb ...
There are two commands for searching through the current source file for a regular expression.
forward-search regexpsearch regexpfo.
reverse-search regexprev.
Executable programs sometimes do not record the directories of the source files from which they were compiled, just the names. Even when they do, the directories could be moved between the compilation and your debugging session. gdb has a list of directories to search for source files; this is called the source path. Each time gdb wants a source file, it tries all the directories in the list, in the order they are present in the list, until it finds a file with the desired name.
For example, suppose an executable references the file /usr/src/foo-1.0/lib/foo.c, and our source path is /mnt/cross. The file is first looked up literally; if this fails, /mnt/cross/usr/src/foo-1.0/lib/foo.c is tried; if this fails, /mnt/cross/foo.c is opened; if this fails, an error message is printed. gdb does not look up the parts of the source file name, such as /mnt/cross/src/foo-1.0/lib/foo.c. Likewise, the subdirectories of the source path are not searched: if the source path is /mnt/cross, and the binary refers to foo.c, gdb would not find it under /mnt/cross/usr/src/foo-1.0/lib.
Plain file names, relative file names with leading directories, file names containing dots, etc. are all treated as described above; for instance, if the source path is /mnt/cross, and the source file is recorded as ../lib/foo.c, gdb would first try ../lib/foo.c, then /mnt/cross/../lib/foo.c, and after that—/mnt/cross/foo.c.
Note that the executable search path is not used to locate the source files.
Whenever you reset or rearrange the source path, gdb clears out any information it has cached about where source files are found and where each line is in the file.
When you start gdb, its source path includes only `cdir'
and `cwd', in that order.
To add other directories, use the directory command.
The search path is used to find both program source files and gdb script files (read using the `-command' option and `source' command).
In addition to the source path, gdb provides a set of commands that manage a list of source path substitution rules. A substitution rule specifies how to rewrite source directories stored in the program's debug information in case the sources were moved to a different directory between compilation and debugging. A rule is made of two strings, the first specifying what needs to be rewritten in the path, and the second specifying how it should be rewritten. In set substitute-path, we name these two parts from and to respectively. gdb does a simple string replacement of from with to at the start of the directory part of the source file name, and uses that result instead of the original file name to look up the sources.
Using the previous example, suppose the foo-1.0 tree has been
moved from /usr/src to /mnt/cross, then you can tell
gdb to replace /usr/src in all source path names with
/mnt/cross. The first lookup will then be
/mnt/cross/foo-1.0/lib/foo.c in place of the original location
of /usr/src/foo-1.0/lib/foo.c. To define a source path
substitution rule, use the set substitute-path command
(see set substitute-path).
To avoid unexpected substitution results, a rule is applied only if the from part of the directory name ends at a directory separator. For instance, a rule substituting /usr/source into /mnt/cross will be applied to /usr/source/foo-1.0 but not to /usr/sourceware/foo-2.0. And because the substitution is applied only at the beginning of the directory name, this rule will not be applied to /root/usr/source/baz.c either.
In many cases, you can achieve the same result using the directory
command. However, set substitute-path can be more efficient in
the case where the sources are organized in a complex tree with multiple
subdirectories. With the directory command, you need to add each
subdirectory of your project. If you moved the entire tree while
preserving its internal organization, then set substitute-path
allows you to direct the debugger to all the sources with one single
command.
set substitute-path is also more than just a shortcut command.
The source path is only used if the file at the original location no
longer exists. On the other hand, set substitute-path modifies
the debugger behavior to look at the rewritten location instead. So, if
for any reason a source file that is not relevant to your executable is
located at the original location, a substitution rule is the only
method available to point gdb at the new location.
You can configure a default source path substitution rule by configuring gdb with the `--with-relocated-sources=dir' option. The dir should be the name of a directory under gdb's configured prefix (set with `--prefix' or `--exec-prefix'), and directory names in debug information under dir will be adjusted automatically if the installed gdb is moved to a new location. This is useful if gdb, libraries or executables with debug information and corresponding source code are being moved together.
directory dirname ...dir dirname ...You can use the string `$cdir' to refer to the compilation
directory (if one is recorded), and `$cwd' to refer to the current
working directory. `$cwd' is not the same as `.'—the former
tracks the current working directory as it changes during your gdb
session, while the latter is immediately expanded to the current
directory at the time you add an entry to the source path.
directoryshow directoriesset substitute-path from toFor example, if the file /foo/bar/baz.c was moved to /mnt/cross/baz.c, then the command
(gdb) set substitute-path /usr/src /mnt/cross
will tell gdb to replace `/usr/src' with `/mnt/cross', which will allow gdb to find the file baz.c even though it was moved.
In the case when more than one substitution rule have been defined, the rules are evaluated one by one in the order where they have been defined. The first one matching, if any, is selected to perform the substitution.
For instance, if we had entered the following commands:
(gdb) set substitute-path /usr/src/include /mnt/include
(gdb) set substitute-path /usr/src /mnt/src
gdb would then rewrite /usr/src/include/defs.h into
/mnt/include/defs.h by using the first rule. However, it would
use the second rule to rewrite /usr/src/lib/foo.c into
/mnt/src/lib/foo.c.
unset substitute-path [path]If no path is specified, then all substitution rules are deleted.
show substitute-path [path]If no path is specified, then print all existing source path substitution rules.
If your source path is cluttered with directories that are no longer of interest, gdb may sometimes cause confusion by finding the wrong versions of source. You can correct the situation as follows:
directory with no argument to reset the source path to its default value.
directory with suitable arguments to reinstall the
directories you want in the source path. You can add all the
directories in one command.
You can use the command info line to map source lines to program
addresses (and vice versa), and the command disassemble to display
a range of addresses as machine instructions. You can use the command
set disassemble-next-line to set whether to disassemble next
source line when execution stops. When run under gnu Emacs
mode, the info line command causes the arrow to point to the
line specified. Also, info line prints addresses in symbolic form as
well as hex.
info line linespecFor example, we can use info line to discover the location of
the object code for the first line of function
m4_changequote:
(gdb) info line m4_changequote
Line 895 of "builtin.c" starts at pc 0x634c and ends at 0x6350.
We can also inquire (using *addr as the form for
linespec) what source line covers a particular address:
(gdb) info line *0x63ff
Line 926 of "builtin.c" starts at pc 0x63e4 and ends at 0x6404.
After info line, the default address for the x command
is changed to the starting address of the line, so that `x/i' is
sufficient to begin examining the machine code (see Examining Memory). Also, this address is saved as the value of the
convenience variable $_ (see Convenience Variables).
disassembledisassemble /mdisassemble /r/m modifier and print the raw instructions in hex as well as
in symbolic form by specifying the /r.
The default memory range is the function surrounding the
program counter of the selected frame. A single argument to this
command is a program counter value; gdb dumps the function
surrounding this value. Two arguments specify a range of addresses
(first inclusive, second exclusive) to dump.
The following example shows the disassembly of a range of addresses of HP PA-RISC 2.0 code:
(gdb) disas 0x32c4 0x32e4
Dump of assembler code from 0x32c4 to 0x32e4:
0x32c4 <main+204>: addil 0,dp
0x32c8 <main+208>: ldw 0x22c(sr0,r1),r26
0x32cc <main+212>: ldil 0x3000,r31
0x32d0 <main+216>: ble 0x3f8(sr4,r31)
0x32d4 <main+220>: ldo 0(r31),rp
0x32d8 <main+224>: addil -0x800,dp
0x32dc <main+228>: ldo 0x588(r1),r26
0x32e0 <main+232>: ldil 0x3000,r31
End of assembler dump.
Here is an example showing mixed source+assembly for Intel x86:
(gdb) disas /m main
Dump of assembler code for function main:
5 {
0x08048330 <main+0>: push %ebp
0x08048331 <main+1>: mov %esp,%ebp
0x08048333 <main+3>: sub $0x8,%esp
0x08048336 <main+6>: and $0xfffffff0,%esp
0x08048339 <main+9>: sub $0x10,%esp
6 printf ("Hello.\n");
0x0804833c <main+12>: movl $0x8048440,(%esp)
0x08048343 <main+19>: call 0x8048284 <puts@plt>
7 return 0;
8 }
0x08048348 <main+24>: mov $0x0,%eax
0x0804834d <main+29>: leave
0x0804834e <main+30>: ret
End of assembler dump.
Some architectures have more than one commonly-used set of instruction mnemonics or other syntax.
For programs that were dynamically linked and use shared libraries, instructions that call functions or branch to locations in the shared libraries might show a seemingly bogus location—it's actually a location of the relocation table. On some architectures, gdb might be able to resolve these to actual function names.
set disassembly-flavor instruction-setdisassemble or x/i commands.
Currently this command is only defined for the Intel x86 family. You
can set instruction-set to either intel or att.
The default is att, the AT&T flavor used by default by Unix
assemblers for x86-based targets.
show disassembly-flavorset disassemble-next-lineshow disassemble-next-line
The usual way to examine data in your program is with the print
command (abbreviated p), or its synonym inspect. It
evaluates and prints the value of an expression of the language your
program is written in (see Using gdb with Different Languages).
print exprprint /f exprprintprint /fA more low-level way of examining data is with the x command.
It examines data in memory at a specified address and prints it in a
specified format. See Examining Memory.
If you are interested in information about types, or about how the
fields of a struct or a class are declared, use the ptype exp
command rather than print. See Examining the Symbol Table.
print and many other gdb commands accept an expression and
compute its value. Any kind of constant, variable or operator defined
by the programming language you are using is valid in an expression in
gdb. This includes conditional expressions, function calls,
casts, and string constants. It also includes preprocessor macros, if
you compiled your program to include this information; see
Compilation.
gdb supports array constants in expressions input by
the user. The syntax is {element, element...}. For example,
you can use the command print {1, 2, 3} to create an array
of three integers. If you pass an array to a function or assign it
to a program variable, gdb copies the array to memory that
is malloced in the target program.
Because C is so widespread, most of the expressions shown in examples in this manual are in C. See Using gdb with Different Languages, for information on how to use expressions in other languages.
In this section, we discuss operators that you can use in gdb expressions regardless of your programming language.
Casts are supported in all languages, not just in C, because it is so useful to cast a number into a pointer in order to examine a structure at that address in memory.
gdb supports these operators, in addition to those common to programming languages:
@::{type} addrExpressions can sometimes contain some ambiguous elements. For instance, some programming languages (notably Ada, C++ and Objective-C) permit a single function name to be defined several times, for application in different contexts. This is called overloading. Another example involving Ada is generics. A generic package is similar to C++ templates and is typically instantiated several times, resulting in the same function name being defined in different contexts.
In some cases and depending on the language, it is possible to adjust the expression to remove the ambiguity. For instance in C++, you can specify the signature of the function you want to break on, as in break function(types). In Ada, using the fully qualified name of your function often makes the expression unambiguous as well.
When an ambiguity that needs to be resolved is detected, the debugger has the capability to display a menu of numbered choices for each possibility, and then waits for the selection with the prompt `>'. The first option is always `[0] cancel', and typing 0 <RET> aborts the current command. If the command in which the expression was used allows more than one choice to be selected, the next option in the menu is `[1] all', and typing 1 <RET> selects all possible choices.
For example, the following session excerpt shows an attempt to set a
breakpoint at the overloaded symbol String::after.
We choose three particular definitions of that function name:
(gdb) b String::after
[0] cancel
[1] all
[2] file:String.cc; line number:867
[3] file:String.cc; line number:860
[4] file:String.cc; line number:875
[5] file:String.cc; line number:853
[6] file:String.cc; line number:846
[7] file:String.cc; line number:735
> 2 4 6
Breakpoint 1 at 0xb26c: file String.cc, line 867.
Breakpoint 2 at 0xb344: file String.cc, line 875.
Breakpoint 3 at 0xafcc: file String.cc, line 846.
Multiple breakpoints were set.
Use the "delete" command to delete unwanted
breakpoints.
(gdb)
set multiple-symbols modeBy default, mode is set to all. If the command with which
the expression is used allows more than one choice, then gdb
automatically selects all possible choices. For instance, inserting
a breakpoint on a function using an ambiguous name results in a breakpoint
inserted on each possible match. However, if a unique choice must be made,
then gdb uses the menu to help you disambiguate the expression.
For instance, printing the address of an overloaded function will result
in the use of the menu.
When mode is set to ask, the debugger always uses the menu
when an ambiguity is detected.
Finally, when mode is set to cancel, the debugger reports
an error due to the ambiguity and the command is aborted.
show multiple-symbolsmultiple-symbols setting.
The most common kind of expression to use is the name of a variable in your program.
Variables in expressions are understood in the selected stack frame (see Selecting a Frame); they must be either:
or
This means that in the function
foo (a)
int a;
{
bar (a);
{
int b = test ();
bar (b);
}
}
you can examine and use the variable a whenever your program is
executing within the function foo, but you can only use or
examine the variable b while your program is executing inside
the block where b is declared.
There is an exception: you can refer to a variable or function whose
scope is a single source file even if the current execution point is not
in this file. But it is possible to have more than one such variable or
function with the same name (in different source files). If that
happens, referring to that name has unpredictable effects. If you wish,
you can specify a static variable in a particular function or file,
using the colon-colon (::) notation:
file::variable
function::variable
Here file or function is the name of the context for the
static variable. In the case of file names, you can use quotes to
make sure gdb parses the file name as a single word—for example,
to print a global value of x defined in f2.c:
(gdb) p 'f2.c'::x
This use of `::' is very rarely in conflict with the very similar use of the same notation in C++. gdb also supports use of the C++ scope resolution operator in gdb expressions.
Warning: Occasionally, a local variable may appear to have the wrong value at certain points in a function—just after entry to a new scope, and just before exit.You may see this problem when you are stepping by machine instructions. This is because, on most machines, it takes more than one instruction to set up a stack frame (including local variable definitions); if you are stepping by machine instructions, variables may appear to have the wrong values until the stack frame is completely built. On exit, it usually also takes more than one machine instruction to destroy a stack frame; after you begin stepping through that group of instructions, local variable definitions may be gone.
This may also happen when the compiler does significant optimizations. To be sure of always seeing accurate values, turn off all optimization when compiling.
Another possible effect of compiler optimizations is to optimize unused variables out of existence, or assign variables to registers (as opposed to memory addresses). Depending on the support for such cases offered by the debug info format used by the compiler, gdb might not be able to display values for such local variables. If that happens, gdb will print a message like this:
No symbol "foo" in current context.
To solve such problems, either recompile without optimizations, or use a different debug info format, if the compiler supports several such formats. For example, gcc, the gnu C/C++ compiler, usually supports the -gstabs+ option. -gstabs+ produces debug info in a format that is superior to formats such as COFF. You may be able to use DWARF 2 (-gdwarf-2), which is also an effective form for debug info. See Options for Debugging Your Program or GCC. See C and C++, for more information about debug info formats that are best suited to C++ programs.
If you ask to print an object whose contents are unknown to gdb, e.g., because its data type is not completely specified by the debug information, gdb will say `<incomplete type>'. See incomplete type, for more about this.
Strings are identified as arrays of char values without specified
signedness. Arrays of either signed char or unsigned char get
printed as arrays of 1 byte sized integers. -fsigned-char or
-funsigned-char gcc options have no effect as gdb
defines literal string type "char" as char without a sign.
For program code
char var0[] = "A";
signed char var1[] = "A";
You get during debugging
(gdb) print var0
$1 = "A"
(gdb) print var1
$2 = {65 'A', 0 '\0'}
It is often useful to print out several successive objects of the same type in memory; a section of an array, or an array of dynamically determined size for which only a pointer exists in the program.
You can do this by referring to a contiguous span of memory as an artificial array, using the binary operator `@'. The left operand of `@' should be the first element of the desired array and be an individual object. The right operand should be the desired length of the array. The result is an array value whose elements are all of the type of the left argument. The first element is actually the left argument; the second element comes from bytes of memory immediately following those that hold the first element, and so on. Here is an example. If a program says
int *array = (int *) malloc (len * sizeof (int));
you can print the contents of array with
p *array@len
The left operand of `@' must reside in memory. Array values made with `@' in this way behave just like other arrays in terms of subscripting, and are coerced to pointers when used in expressions. Artificial arrays most often appear in expressions via the value history (see Value History), after printing one out.
Another way to create an artificial array is to use a cast. This re-interprets a value as if it were an array. The value need not be in memory:
(gdb) p/x (short[2])0x12345678
$1 = {0x1234, 0x5678}
As a convenience, if you leave the array length out (as in `(type[])value') gdb calculates the size to fill the value (as `sizeof(value)/sizeof(type)':
(gdb) p/x (short[])0x12345678
$2 = {0x1234, 0x5678}
Sometimes the artificial array mechanism is not quite enough; in
moderately complex data structures, the elements of interest may not
actually be adjacent—for example, if you are interested in the values
of pointers in an array. One useful work-around in this situation is
to use a convenience variable (see Convenience Variables) as a counter in an expression that prints the first
interesting value, and then repeat that expression via <RET>. For
instance, suppose you have an array dtab of pointers to
structures, and you are interested in the values of a field fv
in each structure. Here is an example of what you might type:
set $i = 0
p dtab[$i++]->fv
<RET>
<RET>
...
By default, gdb prints a value according to its data type. Sometimes this is not what you want. For example, you might want to print a number in hex, or a pointer in decimal. Or you might want to view data in memory at a certain address as a character string or as an instruction. To do these things, specify an output format when you print a value.
The simplest use of output formats is to say how to print a value
already computed. This is done by starting the arguments of the
print command with a slash and a format letter. The format
letters supported are:
xduota (gdb) p/a 0x54320
$3 = 0x54320 <_initialize_vx+396>
The command info symbol 0x54320 yields similar results.
See info symbol.
cWithout this format, gdb displays char,
unsigned char, and signed char data as character
constants. Single-byte members of vectors are displayed as integer
data.
fsWithout this format, gdb displays pointers to and arrays of
char, unsigned char, and signed char as
strings. Single-byte members of a vector are displayed as an integer
array.
rFor example, to print the program counter in hex (see Registers), type
p/x $pc
Note that no space is required before the slash; this is because command names in gdb cannot contain a slash.
To reprint the last value in the value history with a different format,
you can use the print command with just a format and no
expression. For example, `p/x' reprints the last value in hex.
You can use the command x (for “examine”) to examine memory in
any of several formats, independently of your program's data types.
x/nfu addrx addrxx command to examine memory.
n, f, and u are all optional parameters that specify how much memory to display and how to format it; addr is an expression giving the address where you want to start displaying memory. If you use defaults for nfu, you need not type the slash `/'. Several commands set convenient defaults for addr.
print
(`x', `d', `u', `o', `t', `a', `c',
`f', `s'), and in addition `i' (for machine instructions).
The default is `x' (hexadecimal) initially. The default changes
each time you use either x or print.
bhwgEach time you specify a unit size with x, that size becomes the
default unit the next time you use x. (For the `s' and
`i' formats, the unit size is ignored and is normally not written.)
info breakpoints (to
the address of the last breakpoint listed), info line (to the
starting address of a line), and print (if you use it to display
a value from memory).
For example, `x/3uh 0x54320' is a request to display three halfwords
(h) of memory, formatted as unsigned decimal integers (`u'),
starting at address 0x54320. `x/4xw $sp' prints the four
words (`w') of memory above the stack pointer (here, `$sp';
see Registers) in hexadecimal (`x').
Since the letters indicating unit sizes are all distinct from the letters specifying output formats, you do not have to remember whether unit size or format comes first; either order works. The output specifications `4xw' and `4wx' mean exactly the same thing. (However, the count n must come first; `wx4' does not work.)
Even though the unit size u is ignored for the formats `s'
and `i', you might still want to use a count n; for example,
`3i' specifies that you want to see three machine instructions,
including any operands. For convenience, especially when used with
the display command, the `i' format also prints branch delay
slot instructions, if any, beyond the count specified, which immediately
follow the last instruction that is within the count. The command
disassemble gives an alternative way of inspecting machine
instructions; see Source and Machine Code.
All the defaults for the arguments to x are designed to make it
easy to continue scanning memory with minimal specifications each time
you use x. For example, after you have inspected three machine
instructions with `x/3i addr', you can inspect the next seven
with just `x/7'. If you use <RET> to repeat the x command,
the repeat count n is used again; the other arguments default as
for successive uses of x.
The addresses and contents printed by the x command are not saved
in the value history because there is often too much of them and they
would get in the way. Instead, gdb makes these values available for
subsequent use in expressions as values of the convenience variables
$_ and $__. After an x command, the last address
examined is available for use in expressions in the convenience variable
$_. The contents of that address, as examined, are available in
the convenience variable $__.
If the x command has a repeat count, the address and contents saved
are from the last memory unit printed; this is not the same as the last
address printed if several units were printed on the last line of output.
When you are debugging a program running on a remote target machine
(see Remote Debugging), you may wish to verify the program's image in the
remote machine's memory against the executable file you downloaded to
the target. The compare-sections command is provided for such
situations.
compare-sections [section-name]"qCRC"
remote request.
If you find that you want to print the value of an expression frequently (to see how it changes), you might want to add it to the automatic display list so that gdb prints its value each time your program stops. Each expression added to the list is given a number to identify it; to remove an expression from the list, you specify that number. The automatic display looks like this:
2: foo = 38
3: bar[5] = (struct hack *) 0x3804
This display shows item numbers, expressions and their current values. As with
displays you request manually using x or print, you can
specify the output format you prefer; in fact, display decides
whether to use print or x depending your format
specification—it uses x if you specify either the `i'
or `s' format, or a unit size; otherwise it uses print.
display exprdisplay does not repeat if you press <RET> again after using it.
display/fmt exprdisplay/fmt addrFor example, `display/i $pc' can be helpful, to see the machine instruction about to be executed each time execution stops (`$pc' is a common name for the program counter; see Registers).
undisplay dnums...delete display dnums...undisplay does not repeat if you press <RET> after using it.
(Otherwise you would just get the error `No display number ...'.)
disable display dnums...enable display dnums...displayinfo displayIf a display expression refers to local variables, then it does not make
sense outside the lexical context for which it was set up. Such an
expression is disabled when execution enters a context where one of its
variables is not defined. For example, if you give the command
display last_char while inside a function with an argument
last_char, gdb displays this argument while your program
continues to stop inside that function. When it stops elsewhere—where
there is no variable last_char—the display is disabled
automatically. The next time your program stops where last_char
is meaningful, you can enable the display expression once again.
gdb provides the following ways to control how arrays, structures, and symbols are printed.
These settings are useful for debugging programs in any language:
set print addressset print address onon. For example, this is what a stack frame display looks like with
set print address on:
(gdb) f
#0 set_quotes (lq=0x34c78 "<<", rq=0x34c88 ">>")
at input.c:530
530 if (lquote != def_lquote)
set print address offset print address off:
(gdb) set print addr off
(gdb) f
#0 set_quotes (lq="<<", rq=">>") at input.c:530
530 if (lquote != def_lquote)
You can use `set print address off' to eliminate all machine
dependent displays from the gdb interface. For example, with
print address off, you should get the same text for backtraces on
all machines—whether or not they involve pointer arguments.
show print addressWhen gdb prints a symbolic address, it normally prints the
closest earlier symbol plus an offset. If that symbol does not uniquely
identify the address (for example, it is a name whose scope is a single
source file), you may need to clarify. One way to do this is with
info line, for example `info line *0x4537'. Alternately,
you can set gdb to print the source file and line number when
it prints a symbolic address:
set print symbol-filename onset print symbol-filename offshow print symbol-filenameAnother situation where it is helpful to show symbol filenames and line numbers is when disassembling code; gdb shows you the line number and source file that corresponds to each instruction.
Also, you may wish to see the symbolic form only if the address being printed is reasonably close to the closest earlier symbol:
set print max-symbolic-offset max-offsetshow print max-symbolic-offsetIf you have a pointer and you are not sure where it points, try
`set print symbol-filename on'. Then you can determine the name
and source file location of the variable where it points, using
`p/a pointer'. This interprets the address in symbolic form.
For example, here gdb shows that a variable ptt points
at another variable t, defined in hi2.c:
(gdb) set print symbol-filename on
(gdb) p/a ptt
$4 = 0xe008 <t in hi2.c>
Warning: For pointers that point to a local variable, `p/a'
does not show the symbol name and filename of the referent, even with
the appropriate set print options turned on.
Other settings control how different kinds of objects are printed:
set print arrayset print array onset print array offshow print arrayset print array-indexesset print array-indexes onset print array-indexes offshow print array-indexesset print elements number-of-elementsset print elements command.
This limit also applies to the display of strings.
When gdb starts, this limit is set to 200.
Setting number-of-elements to zero means that the printing is unlimited.
show print elementsset print frame-arguments valueallscalars.... This is the default. Here is an example where
only scalar arguments are shown:
#1 0x08048361 in call_me (i=3, s=..., ss=0xbf8d508c, u=..., e=green)
at frame-args.c:23
none.... In this case, the example above now becomes:
#1 0x08048361 in call_me (i=..., s=..., ss=..., u=..., e=...)
at frame-args.c:23
By default, only scalar arguments are printed. This command can be used
to configure the debugger to print the value of all arguments, regardless
of their type. However, it is often advantageous to not print the value
of more complex parameters. For instance, it reduces the amount of
information printed in each frame, making the backtrace more readable.
Also, it improves performance when displaying Ada frames, because
the computation of large arguments can sometimes be CPU-intensive,
especially in large applications. Setting print frame-arguments
to scalars (the default) or none avoids this computation,
thus speeding up the display of each Ada frame.
show print frame-argumentsset print repeats"<repeats n times>", where n is the number of
identical repetitions, instead of displaying the identical elements
themselves. Setting the threshold to zero will cause all elements to
be individually printed. The default threshold is 10.
show print repeatsset print null-stopshow print null-stopset print pretty on $1 = {
next = 0x0,
flags = {
sweet = 1,
sour = 1
},
meat = 0x54 "Pork"
}
set print pretty off $1 = {next = 0x0, flags = {sweet = 1, sour = 1}, \
meat = 0x54 "Pork"}
This is the default format.
show print prettyset print sevenbit-strings on\nnn. This setting is
best if you are working in English (ascii) and you use the
high-order bit of characters as a marker or “meta” bit.
set print sevenbit-strings offshow print sevenbit-stringsset print union onset print union off"{...}"
instead.
show print unionFor example, given the declarations
typedef enum {Tree, Bug} Species;
typedef enum {Big_tree, Acorn, Seedling} Tree_forms;
typedef enum {Caterpillar, Cocoon, Butterfly}
Bug_forms;
struct thing {
Species it;
union {
Tree_forms tree;
Bug_forms bug;
} form;
};
struct thing foo = {Tree, {Acorn}};
with set print union on in effect `p foo' would print
$1 = {it = Tree, form = {tree = Acorn, bug = Cocoon}}
and with set print union off in effect it would print
$1 = {it = Tree, form = {...}}
set print union affects programs written in C-like languages
and in Pascal.
These settings are of interest when debugging C++ programs:
set print demangleset print demangle onshow print demangleset print asm-demangleset print asm-demangle onshow print asm-demangleset demangle-style styleautognug++) encoding algorithm.
This is the default.
hpaCC) encoding algorithm.
lucidlcc) encoding algorithm.
armcfront-generated executables. gdb would
require further enhancement to permit that.
show demangle-styleset print objectset print object onset print object offshow print objectset print static-membersset print static-members onset print static-members offshow print static-membersset print pascal_static-membersset print pascal_static-members onset print pascal_static-members offshow print pascal_static-membersset print vtblset print vtbl onvtbl commands do not work on programs compiled with the HP
ANSI C++ compiler (aCC).)
set print vtbl offshow print vtblValues printed by the print command are saved in the gdb
value history. This allows you to refer to them in other expressions.
Values are kept until the symbol table is re-read or discarded
(for example with the file or symbol-file commands).
When the symbol table changes, the value history is discarded,
since the values may contain pointers back to the types defined in the
symbol table.
The values printed are given history numbers by which you can
refer to them. These are successive integers starting with one.
print shows you the history number assigned to a value by
printing `$num = ' before the value; here num is the
history number.
To refer to any previous value, use `$' followed by the value's
history number. The way print labels its output is designed to
remind you of this. Just $ refers to the most recent value in
the history, and $$ refers to the value before that.
$$n refers to the nth value from the end; $$2
is the value just prior to $$, $$1 is equivalent to
$$, and $$0 is equivalent to $.
For example, suppose you have just printed a pointer to a structure and want to see the contents of the structure. It suffices to type
p *$
If you have a chain of structures where the component next points
to the next one, you can print the contents of the next one with this:
p *$.next
You can print successive links in the chain by repeating this command—which you can do by just typing <RET>.
Note that the history records values, not expressions. If the value of
x is 4 and you type these commands:
print x
set x=5
then the value recorded in the value history by the print command
remains 4 even though the value of x has changed.
show valuesshow
values does not change the history.
show values nshow values +show values + produces no display.
Pressing <RET> to repeat show values n has exactly the
same effect as `show values +'.
gdb provides convenience variables that you can use within gdb to hold on to a value and refer to it later. These variables exist entirely within gdb; they are not part of your program, and setting a convenience variable has no direct effect on further execution of your program. That is why you can use them freely.
Convenience variables are prefixed with `$'. Any name preceded by `$' can be used for a convenience variable, unless it is one of the predefined machine-specific register names (see Registers). (Value history references, in contrast, are numbers preceded by `$'. See Value History.)
You can save a value in a convenience variable with an assignment expression, just as you would set a variable in your program. For example:
set $foo = *object_ptr
would save in $foo the value contained in the object pointed to by
object_ptr.
Using a convenience variable for the first time creates it, but its
value is void until you assign a new value. You can alter the
value with another assignment at any time.
Convenience variables have no fixed types. You can assign a convenience variable any type of value, including structures and arrays, even if that variable already has a value of a different type. The convenience variable, when used as an expression, has the type of its current value.
show convenienceshow conv.
init-if-undefined $variable = expressionIf the variable is already defined then the expression is not evaluated so any side-effects do not occur.
One of the ways to use a convenience variable is as a counter to be incremented or a pointer to be advanced. For example, to print a field from successive elements of an array of structures:
set $i = 0
print bar[$i++]->contents
Repeat that command by typing <RET>.
Some convenience variables are created automatically by gdb and given values likely to be useful.
$_$_ is automatically set by the x command to
the last address examined (see Examining Memory). Other
commands which provide a default address for x to examine also
set $_ to that address; these commands include info line
and info breakpoint. The type of $_ is void *
except when set by the x command, in which case it is a pointer
to the type of $__.
$__$__ is automatically set by the x command
to the value found in the last address examined. Its type is chosen
to match the format in which the data was printed.
$_exitcode$_exitcode is automatically set to the exit code when
the program being debugged terminates.
$_siginfo$_siginfo is bound to extra signal information
inspection (see extra signal information).
On HP-UX systems, if you refer to a function or variable name that begins with a dollar sign, gdb searches for a user or system name first, before it searches for a convenience variable.
gdb also supplies some convenience functions. These have a syntax similar to convenience variables. A convenience function can be used in an expression just like an ordinary function; however, a convenience function is implemented internally to gdb.
help functionYou can refer to machine register contents, in expressions, as variables
with names starting with `$'. The names of registers are different
for each machine; use info registers to see the names used on
your machine.
info registersinfo all-registersinfo registers regname ...gdb has four “standard” register names that are available (in
expressions) on most machines—whenever they do not conflict with an
architecture's canonical mnemonics for registers. The register names
$pc and $sp are used for the program counter register and
the stack pointer. $fp is used for a register that contains a
pointer to the current stack frame, and $ps is used for a
register that contains the processor status. For example,
you could print the program counter in hex with
p/x $pc
or print the instruction to be executed next with
x/i $pc
or add four to the stack pointer10 with
set $sp += 4
Whenever possible, these four standard register names are available on
your machine even though the machine has different canonical mnemonics,
so long as there is no conflict. The info registers command
shows the canonical names. For example, on the SPARC, info
registers displays the processor status register as $psr but you
can also refer to it as $ps; and on x86-based machines $ps
is an alias for the eflags register.
gdb always considers the contents of an ordinary register as an integer when the register is examined in this way. Some machines have special registers which can hold nothing but floating point; these registers are considered to have floating point values. There is no way to refer to the contents of an ordinary register as floating point value (although you can print it as a floating point value with `print/f $regname').
Some registers have distinct “raw” and “virtual” data formats. This
means that the data format in which the register contents are saved by
the operating system is not the same one that your program normally
sees. For example, the registers of the 68881 floating point
coprocessor are always saved in “extended” (raw) format, but all C
programs expect to work with “double” (virtual) format. In such
cases, gdb normally works with the virtual format only (the format
that makes sense for your program), but the info registers command
prints the data in both formats.
Some machines have special registers whose contents can be interpreted
in several different ways. For example, modern x86-based machines
have SSE and MMX registers that can hold several values packed
together in several different formats. gdb refers to such
registers in struct notation:
(gdb) print $xmm1
$1 = {
v4_float = {0, 3.43859137e-038, 1.54142831e-044, 1.821688e-044},
v2_double = {9.92129282474342e-303, 2.7585945287983262e-313},
v16_int8 = "\000\000\000\000\3706;\001\v\000\000\000\r\000\000",
v8_int16 = {0, 0, 14072, 315, 11, 0, 13, 0},
v4_int32 = {0, 20657912, 11, 13},
v2_int64 = {88725056443645952, 55834574859},
uint128 = 0x0000000d0000000b013b36f800000000
}
To set values of such registers, you need to tell gdb which
view of the register you wish to change, as if you were assigning
value to a struct member:
(gdb) set $xmm1.uint128 = 0x000000000000000000000000FFFFFFFF
Normally, register values are relative to the selected stack frame (see Selecting a Frame). This means that you get the value that the register would contain if all stack frames farther in were exited and their saved registers restored. In order to see the true contents of hardware registers, you must select the innermost frame (with `frame 0').
However, gdb must deduce where registers are saved, from the machine code generated by your compiler. If some registers are not saved, or if gdb is unable to locate the saved registers, the selected stack frame makes no difference.
Depending on the configuration, gdb may be able to give you more information about the status of the floating point hardware.
info floatDepending on the configuration, gdb may be able to give you more information about the status of the vector unit.
info vectorgdb provides interfaces to useful OS facilities that can help you debug your program.
When gdb runs on a Posix system (such as GNU or Unix
machines), it interfaces with the inferior via the ptrace
system call. The operating system creates a special sata structure,
called struct user, for this interface. You can use the
command info udot to display the contents of this data
structure.
info udotstruct user maintained by the OS
kernel for the program being debugged. gdb displays the
contents of struct user as a list of hex numbers, similar to
the examine command.
Some operating systems supply an auxiliary vector to programs at startup. This is akin to the arguments and environment that you specify for a program, but contains a system-dependent variety of binary values that tell system libraries important details about the hardware, operating system, and process. Each value's purpose is identified by an integer tag; the meanings are well-known but system-specific. Depending on the configuration and operating system facilities, gdb may be able to show you this information. For remote targets, this functionality may further depend on the remote stub's support of the `qXfer:auxv:read' packet, see qXfer auxiliary vector read.
info auxvOn some targets, gdb can access operating-system-specific information and display it to user, without interpretation. For remote targets, this functionality depends on the remote stub's support of the `qXfer:osdata:read' packet, see qXfer osdata read.
info os processesMemory region attributes allow you to describe special handling required by regions of your target's memory. gdb uses attributes to determine whether to allow certain types of memory accesses; whether to use specific width accesses; and whether to cache target memory. By default the description of memory regions is fetched from the target (if the current target supports this), but the user can override the fetched regions.
Defined memory regions can be individually enabled and disabled. When a memory region is disabled, gdb uses the default attributes when accessing memory in that region. Similarly, if no memory regions have been defined, gdb uses the default attributes when accessing all memory.
When a memory region is defined, it is given a number to identify it; to enable, disable, or remove a memory region, you specify that number.
mem lower upper attributes...mem autodelete mem nums...disable mem nums...enable mem nums...info memThe access mode attributes set whether gdb may make read or write accesses to a memory region.
While these attributes prevent gdb from performing invalid memory accesses, they do nothing to prevent the target system, I/O DMA, etc. from accessing memory.
roworwThe access size attribute tells gdb to use specific sized accesses in the memory region. Often memory mapped device registers require specific sized accesses. If no access size attribute is specified, gdb may use accesses of any size.
8163264The data cache attributes set whether gdb will cache target memory. While this generally improves performance by reducing debug protocol overhead, it can lead to incorrect results because gdb does not know about volatile variables or memory mapped device registers.
cachenocachegdb can be instructed to refuse accesses to memory that is not explicitly described. This can be useful if accessing such regions has undesired effects for a specific target, or to provide better error checking. The following commands control this behaviour.
set mem inaccessible-by-default [on|off]on is specified, make gdb treat memory not
explicitly described by the memory ranges as non-existent and refuse accesses
to such memory. The checks are only performed if there's at least one
memory range defined. If off is specified, make gdb
treat the memory not explicitly described by the memory ranges as RAM.
The default value is on.
show mem inaccessible-by-default
You can use the commands dump, append, and
restore to copy data between target memory and a file. The
dump and append commands write data to a file, and the
restore command reads data from a file back into the inferior's
memory. Files may be in binary, Motorola S-record, Intel hex, or
Tektronix Hex format; however, gdb can only append to binary
files.
dump [format] memory filename start_addr end_addrdump [format] value filename exprThe format parameter may be any one of:
binaryihexsrectekhexgdb uses the same definitions of these formats as the gnu binary utilities, like `objdump' and `objcopy'. If format is omitted, gdb dumps the data in raw binary form.
append [binary] memory filename start_addr end_addrappend [binary] value filename exprrestore filename [binary] bias start endrestore command can automatically recognize any known bfd
file format, except for raw binary. To restore a raw binary file you
must specify the optional keyword binary after the filename.
If bias is non-zero, its value will be added to the addresses contained in the file. Binary files always start at address zero, so they will be restored at address bias. Other bfd files have a built-in location; they will be restored at offset bias from that location.
If start and/or end are non-zero, then only data between file offset start and file offset end will be restored. These offsets are relative to the addresses in the file, before the bias argument is applied.
A core file or core dump is a file that records the memory image of a running process and its process status (register values etc.). Its primary use is post-mortem debugging of a program that crashed while it ran outside a debugger. A program that crashes automatically produces a core file, unless this feature is disabled by the user. See Files, for information on invoking gdb in the post-mortem debugging mode.
Occasionally, you may wish to produce a core file of the program you are debugging in order to preserve a snapshot of its state. gdb has a special command for that.
generate-core-file [file]gcore [file]Note that this command is implemented only for some systems (as of this writing, gnu/Linux, FreeBSD, Solaris, Unixware, and S390).
If the program you are debugging uses a different character set to represent characters and strings than the one gdb uses itself, gdb can automatically translate between the character sets for you. The character set gdb uses we call the host character set; the one the inferior program uses we call the target character set.
For example, if you are running gdb on a gnu/Linux system, which
uses the ISO Latin 1 character set, but you are using gdb's
remote protocol (see Remote Debugging) to debug a program
running on an IBM mainframe, which uses the ebcdic character set,
then the host character set is Latin-1, and the target character set is
ebcdic. If you give gdb the command set
target-charset EBCDIC-US, then gdb translates between
ebcdic and Latin 1 as you print character or string values, or use
character and string literals in expressions.
gdb has no way to automatically recognize which character set
the inferior program uses; you must tell it, using the set
target-charset command, described below.
Here are the commands for controlling gdb's character set support:
set target-charset charsetset host-charset charsetBy default, gdb uses a host character set appropriate to the
system it is running on; you can override that default using the
set host-charset command. On some systems, gdb cannot
automatically determine the appropriate host character set. In this
case, gdb uses `UTF-8'.
gdb can only use certain character sets as its host character
set. If you type set target-charset <TAB><TAB>,
gdb will list the host character sets it supports.
set charset charsetshow charsetshow host-charsetshow target-charsetset target-wide-charset charsetwchar_t type. To
display the list of supported wide character sets, type
set target-wide-charset <TAB><TAB>.
show target-wide-charsetHere is an example of gdb's character set support in action. Assume that the following source code has been placed in the file charset-test.c:
#include <stdio.h>
char ascii_hello[]
= {72, 101, 108, 108, 111, 44, 32, 119,
111, 114, 108, 100, 33, 10, 0};
char ibm1047_hello[]
= {200, 133, 147, 147, 150, 107, 64, 166,
150, 153, 147, 132, 90, 37, 0};
main ()
{
printf ("Hello, world!\n");
}
In this program, ascii_hello and ibm1047_hello are arrays
containing the string `Hello, world!' followed by a newline,
encoded in the ascii and ibm1047 character sets.
We compile the program, and invoke the debugger on it:
$ gcc -g charset-test.c -o charset-test
$ gdb -nw charset-test
GNU gdb 2001-12-19-cvs
Copyright 2001 Free Software Foundation, Inc.
...
(gdb)
We can use the show charset command to see what character sets
gdb is currently using to interpret and display characters and
strings:
(gdb) show charset
The current host and target character set is `ISO-8859-1'.
(gdb)
For the sake of printing this manual, let's use ascii as our initial character set:
(gdb) set charset ASCII
(gdb) show charset
The current host and target character set is `ASCII'.
(gdb)
Let's assume that ascii is indeed the correct character set for our
host system — in other words, let's assume that if gdb prints
characters using the ascii character set, our terminal will display
them properly. Since our current target character set is also
ascii, the contents of ascii_hello print legibly:
(gdb) print ascii_hello
$1 = 0x401698 "Hello, world!\n"
(gdb) print ascii_hello[0]
$2 = 72 'H'
(gdb)
gdb uses the target character set for character and string literals you use in expressions:
(gdb) print '+'
$3 = 43 '+'
(gdb)
The ascii character set uses the number 43 to encode the `+' character.
gdb relies on the user to tell it which character set the
target program uses. If we print ibm1047_hello while our target
character set is still ascii, we get jibberish:
(gdb) print ibm1047_hello
$4 = 0x4016a8 "\310\205\223\223\226k@\246\226\231\223\204Z%"
(gdb) print ibm1047_hello[0]
$5 = 200 '\310'
(gdb)
If we invoke the set target-charset followed by <TAB><TAB>,
gdb tells us the character sets it supports:
(gdb) set target-charset
ASCII EBCDIC-US IBM1047 ISO-8859-1
(gdb) set target-charset
We can select ibm1047 as our target character set, and examine the
program's strings again. Now the ascii string is wrong, but
gdb translates the contents of ibm1047_hello from the
target character set, ibm1047, to the host character set,
ascii, and they display correctly:
(gdb) set target-charset IBM1047
(gdb) show charset
The current host character set is `ASCII'.
The current target character set is `IBM1047'.
(gdb) print ascii_hello
$6 = 0x401698 "\110\145%%?\054\040\167?\162%\144\041\012"
(gdb) print ascii_hello[0]
$7 = 72 '\110'
(gdb) print ibm1047_hello
$8 = 0x4016a8 "Hello, world!\n"
(gdb) print ibm1047_hello[0]
$9 = 200 'H'
(gdb)
As above, gdb uses the target character set for character and string literals you use in expressions:
(gdb) print '+'
$10 = 78 '+'
(gdb)
The ibm1047 character set uses the number 78 to encode the `+' character.
gdb caches data exchanged between the debugger and a remote target (see Remote Debugging). Such caching generally improves performance, because it reduces the overhead of the remote protocol by bundling memory reads and writes into large chunks. Unfortunately, simply caching everything would lead to incorrect results, since gdb does not necessarily know anything about volatile values, memory-mapped I/O addresses, etc. Furthermore, in non-stop mode (see Non-Stop Mode) memory can be changed while a gdb command is executing. Therefore, by default, gdb only caches data known to be on the stack11. Other regions of memory can be explicitly marked as cacheable; see see Memory Region Attributes.
set remotecache onset remotecache offshow remotecacheset stack-cache onset stack-cache offON, use
caching. By default, this option is ON.
show stack-cacheinfo dcache [line]If a line number is specified, the contents of that line will be printed in hex.
Memory can be searched for a particular sequence of bytes with the
find command.
find [/sn] start_addr, +len, val1 [, val2, ...]find [/sn] start_addr, end_addr, val1 [, val2, ...]s and n are optional parameters. They may be specified in either order, apart or together.
bhwgAll values are interpreted in the current language. This means, for example, that if the current source language is C/C++ then searching for the string “hello” includes the trailing '\0'.
If the value size is not specified, it is taken from the
value's type in the current language.
This is useful when one wants to specify the search
pattern as a mixture of types.
Note that this means, for example, that in the case of C-like languages
a search for an untyped 0x42 will search for `(int) 0x42'
which is typically four bytes.
You can use strings as search values. Quote them with double-quotes
(").
The string value is copied into the search pattern byte by byte,
regardless of the endianness of the target and the size specification.
The address of each match found is printed as well as a count of the number of matches found.
The address of the last value found is stored in convenience variable `$_'. A count of the number of matches is stored in `$numfound'.
For example, if stopped at the printf in this function:
void
hello ()
{
static char hello[] = "hello-hello";
static struct { char c; short s; int i; }
__attribute__ ((packed)) mixed
= { 'c', 0x1234, 0x87654321 };
printf ("%s\n", hello);
}
you get during debugging:
(gdb) find &hello[0], +sizeof(hello), "hello"
0x804956d <hello.1620+6>
1 pattern found
(gdb) find &hello[0], +sizeof(hello), 'h', 'e', 'l', 'l', 'o'
0x8049567 <hello.1620>
0x804956d <hello.1620+6>
2 patterns found
(gdb) find /b1 &hello[0], +sizeof(hello), 'h', 0x65, 'l'
0x8049567 <hello.1620>
1 pattern found
(gdb) find &mixed, +sizeof(mixed), (char) 'c', (short) 0x1234, (int) 0x87654321
0x8049560 <mixed.1625>
1 pattern found
(gdb) print $numfound
$1 = 1
(gdb) print $_
$2 = (void *) 0x8049560
Almost all compilers support optimization. With optimization disabled, the compiler generates assembly code that corresponds directly to your source code, in a simplistic way. As the compiler applies more powerful optimizations, the generated assembly code diverges from your original source code. With help from debugging information generated by the compiler, gdb can map from the running program back to constructs from your original source.
gdb is more accurate with optimization disabled. If you can recompile without optimization, it is easier to follow the progress of your program during debugging. But, there are many cases where you may need to debug an optimized version.
When you debug a program compiled with `-g -O', remember that the optimizer has rearranged your code; the debugger shows you what is really there. Do not be too surprised when the execution path does not exactly match your source file! An extreme example: if you define a variable, but never use it, gdb never sees that variable—because the compiler optimizes it out of existence.
Some things do not work as well with `-g -O' as with just `-g', particularly on machines with instruction scheduling. If in doubt, recompile with `-g' alone, and if this fixes the problem, please report it to us as a bug (including a test case!). See Variables, for more information about debugging optimized code.
Inlining is an optimization that inserts a copy of the function
body directly at each call site, instead of jumping to a shared
routine. gdb displays inlined functions just like
non-inlined functions. They appear in backtraces. You can view their
arguments and local variables, step into them with step, skip
them with next, and escape from them with finish.
You can check whether a function was inlined by using the
info frame command.
For gdb to support inlined functions, the compiler must record information about inlining in the debug information — gcc using the dwarf 2 format does this, and several other compilers do also. gdb only supports inlined functions when using dwarf 2. Versions of gcc before 4.1 do not emit two required attributes (`DW_AT_call_file' and `DW_AT_call_line'); gdb does not display inlined function calls with earlier versions of gcc. It instead displays the arguments and local variables of inlined functions as local variables in the caller.
The body of an inlined function is directly included at its call site; unlike a non-inlined function, there are no instructions devoted to the call. gdb still pretends that the call site and the start of the inlined function are different instructions. Stepping to the call site shows the call site, and then stepping again shows the first line of the inlined function, even though no additional instructions are executed.
This makes source-level debugging much clearer; you can see both the
context of the call and then the effect of the call. Only stepping by
a single instruction using stepi or nexti does not do
this; single instruction steps always show the inlined body.
There are some ways that gdb does not pretend that inlined function calls are the same as normal calls:
finish command. This is a limitation of compiler-generated
debugging information; after finish, you can step to the next line
and print a variable where your program stored the return value.
Some languages, such as C and C++, provide a way to define and invoke “preprocessor macros” which expand into strings of tokens. gdb can evaluate expressions containing macro invocations, show the result of macro expansion, and show a macro's definition, including where it was defined.
You may need to compile your program specially to provide gdb with information about preprocessor macros. Most compilers do not include macros in their debugging information, even when you compile with the -g flag. See Compilation.
A program may define a macro at one point, remove that definition later, and then provide a different definition after that. Thus, at different points in the program, a macro may have different definitions, or have no definition at all. If there is a current stack frame, gdb uses the macros in scope at that frame's source code line. Otherwise, gdb uses the macros in scope at the current listing location; see List.
Whenever gdb evaluates an expression, it always expands any macro invocations present in the expression. gdb also provides the following commands for working with macros explicitly.
macro expand expressionmacro exp expressionmacro expand-once expressionmacro exp1 expressioninfo macro macromacro define macro replacement-listmacro define macro(arglist) replacement-listA definition introduced by this command is in scope in every
expression evaluated in gdb, until it is removed with the
macro undef command, described below. The definition overrides
all definitions for macro present in the program being debugged,
as well as any previous user-supplied definition.
macro undef macromacro
define command, described above; it cannot remove definitions present
in the program being debugged.
macro listmacro define command.
Here is a transcript showing the above commands in action. First, we show our source files:
$ cat sample.c
#include <stdio.h>
#include "sample.h"
#define M 42
#define ADD(x) (M + x)
main ()
{
#define N 28
printf ("Hello, world!\n");
#undef N
printf ("We're so creative.\n");
#define N 1729
printf ("Goodbye, world!\n");
}
$ cat sample.h
#define Q <
$
Now, we compile the program using the gnu C compiler, gcc. We pass the -gdwarf-2 and -g3 flags to ensure the compiler includes information about preprocessor macros in the debugging information.
$ gcc -gdwarf-2 -g3 sample.c -o sample
$
Now, we start gdb on our sample program:
$ gdb -nw sample
GNU gdb 2002-05-06-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, ...
(gdb)
We can expand macros and examine their definitions, even when the program is not running. gdb uses the current listing position to decide which macro definitions are in scope:
(gdb) list main
3
4 #define M 42
5 #define ADD(x) (M + x)
6
7 main ()
8 {
9 #define N 28
10 printf ("Hello, world!\n");
11 #undef N
12 printf ("We're so creative.\n");
(gdb) info macro ADD
Defined at /home/jimb/gdb/macros/play/sample.c:5
#define ADD(x) (M + x)
(gdb) info macro Q
Defined at /home/jimb/gdb/macros/play/sample.h:1
included at /home/jimb/gdb/macros/play/sample.c:2
#define Q <
(gdb) macro expand ADD(1)
expands to: (42 + 1)
(gdb) macro expand-once ADD(1)
expands to: once (M + 1)
(gdb)
In the example above, note that macro expand-once expands only
the macro invocation explicit in the original text — the invocation of
ADD — but does not expand the invocation of the macro M,
which was introduced by ADD.
Once the program is running, gdb uses the macro definitions in force at the source line of the current stack frame:
(gdb) break main
Breakpoint 1 at 0x8048370: file sample.c, line 10.
(gdb) run
Starting program: /home/jimb/gdb/macros/play/sample
Breakpoint 1, main () at sample.c:10
10 printf ("Hello, world!\n");
(gdb)
At line 10, the definition of the macro N at line 9 is in force:
(gdb) info macro N
Defined at /home/jimb/gdb/macros/play/sample.c:9
#define N 28
(gdb) macro expand N Q M
expands to: 28 < 42
(gdb) print N Q M
$1 = 1
(gdb)
As we step over directives that remove N's definition, and then
give it a new definition, gdb finds the definition (or lack
thereof) in force at each point:
(gdb) next
Hello, world!
12 printf ("We're so creative.\n");
(gdb) info macro N
The symbol `N' has no definition as a C/C++ preprocessor macro
at /home/jimb/gdb/macros/play/sample.c:12
(gdb) next
We're so creative.
14 printf ("Goodbye, world!\n");
(gdb) info macro N
Defined at /home/jimb/gdb/macros/play/sample.c:13
#define N 1729
(gdb) macro expand N Q M
expands to: 1729 < 42
(gdb) print N Q M
$2 = 0
(gdb)
In addition to source files, macros can be defined on the compilation command line using the -Dname=value syntax. For macros defined in such a way, gdb displays the location of their definition as line zero of the source file submitted to the compiler.
(gdb) info macro __STDC__
Defined at /home/jimb/gdb/macros/play/sample.c:0
-D__STDC__=1
(gdb)
In some applications, it is not feasible for the debugger to interrupt the program's execution long enough for the developer to learn anything helpful about its behavior. If the program's correctness depends on its real-time behavior, delays introduced by a debugger might cause the program to change its behavior drastically, or perhaps fail, even when the code itself is correct. It is useful to be able to observe the program's behavior without interrupting it.
Using gdb's trace and collect commands, you can
specify locations in the program, called tracepoints, and
arbitrary expressions to evaluate when those tracepoints are reached.
Later, using the tfind command, you can examine the values
those expressions had when the program hit the tracepoints. The
expressions may also denote objects in memory—structures or arrays,
for example—whose values gdb should record; while visiting
a particular tracepoint, you may inspect those objects as if they were
in memory at that moment. However, because gdb records these
values without interacting with you, it can do so quickly and
unobtrusively, hopefully not disturbing the program's behavior.
The tracepoint facility is currently available only for remote targets. See Targets. In addition, your remote target must know how to collect trace data. This functionality is implemented in the remote stub; however, none of the stubs distributed with gdb support tracepoints as of this writing. The format of the remote packets used to implement tracepoints are described in Tracepoint Packets.
This chapter describes the tracepoint commands and features.
Before running such a trace experiment, an arbitrary number of tracepoints can be set. A tracepoint is actually a special type of breakpoint (see Set Breaks), so you can manipulate it using standard breakpoint commands. For instance, as with breakpoints, tracepoint numbers are successive integers starting from one, and many of the commands associated with tracepoints take the tracepoint number as their argument, to identify which tracepoint to work on.
For each tracepoint, you can specify, in advance, some arbitrary set of data that you want the target to collect in the trace buffer when it hits that tracepoint. The collected data can include registers, local variables, or global data. Later, you can use gdb commands to examine the values these data had at the time the tracepoint was hit.
Tracepoints do not support every breakpoint feature. Conditional expressions and ignore counts on tracepoints have no effect, and tracepoints cannot run gdb commands when they are hit. Tracepoints may not be thread-specific either.
This section describes commands to set tracepoints and associated conditions and actions.
trace locationtrace command is very similar to the break command.
Its argument location can be a source line, a function name, or
an address in the target program. See Specify Location. The
trace command defines a tracepoint, which is a point in the
target program where the debugger will briefly stop, collect some
data, and then allow the program to continue. Setting a tracepoint or
changing its actions doesn't take effect until the next tstart
command, and once a trace experiment is running, further changes will
not have any effect until the next trace experiment starts.
Here are some examples of using the trace command:
(gdb) trace foo.c:121 // a source file and line number
(gdb) trace +2 // 2 lines forward
(gdb) trace my_function // first source line of function
(gdb) trace *my_function // EXACT start address of function
(gdb) trace *0x2117c4 // an address
You can abbreviate trace as tr.
trace location if condThe convenience variable $tpnum records the tracepoint number
of the most recently set tracepoint.
delete tracepoint [num]delete command can remove tracepoints also.
Examples:
(gdb) delete trace 1 2 3 // remove three tracepoints
(gdb) delete trace // remove all tracepoints
You can abbreviate this command as del tr.
These commands are deprecated; they are equivalent to plain disable and enable.
disable tracepoint [num]enable tracepoint command.
enable tracepoint [num]passcount [n [num]]passcount command sets the
passcount of the most recently defined tracepoint. If no passcount is
given, the trace experiment will run until stopped explicitly by the
user.
Examples:
(gdb) passcount 5 2 // Stop on the 5th execution of
// tracepoint 2
(gdb) passcount 12 // Stop on the 12th execution of the
// most recently defined tracepoint.
(gdb) trace foo
(gdb) pass 3
(gdb) trace bar
(gdb) pass 2
(gdb) trace baz
(gdb) pass 1 // Stop tracing when foo has been
// executed 3 times OR when bar has
// been executed 2 times
// OR when baz has been executed 1 time.
The simplest sort of tracepoint collects data every time your program reaches a specified place. You can also specify a condition for a tracepoint. A condition is just a Boolean expression in your programming language (see Expressions). A tracepoint with a condition evaluates the expression each time your program reaches it, and data collection happens only if the condition is true.
Tracepoint conditions can be specified when a tracepoint is set, by
using `if' in the arguments to the trace command.
See Setting Tracepoints. They can
also be set or changed at any time with the condition command,
just as with breakpoints.
Unlike breakpoint conditions, gdb does not actually evaluate the conditional expression itself. Instead, gdb encodes the expression into an agent expression (see Agent Expressions suitable for execution on the target, independently of gdb. Global variables become raw memory locations, locals become stack accesses, and so forth.
For instance, suppose you have a function that is usually called frequently, but should not be called after an error has occurred. You could use the following tracepoint command to collect data about calls of that function that happen while the error code is propagating through the program; an unconditional tracepoint could end up collecting thousands of useless trace frames that you would have to search through.
(gdb) trace normal_operation if errcode > 0
actions [num]actions without bothering about its number). You specify the
actions themselves on the following lines, one action at a time, and
terminate the actions list with a line containing just end. So
far, the only defined actions are collect and
while-stepping.
To remove all actions from a tracepoint, type `actions num' and follow it immediately with `end'.
(gdb) collect data // collect some data
(gdb) while-stepping 5 // single-step 5 times, collect data
(gdb) end // signals the end of actions.
In the following example, the action list begins with collect
commands indicating the things to be collected when the tracepoint is
hit. Then, in order to single-step and collect additional data
following the tracepoint, a while-stepping command is used,
followed by the list of things to be collected while stepping. The
while-stepping command is terminated by its own separate
end command. Lastly, the action list is terminated by an
end command.
(gdb) trace foo
(gdb) actions
Enter actions for tracepoint 1, one per line:
> collect bar,baz
> collect $regs
> while-stepping 12
> collect $fp, $sp
> end
end
collect expr1, expr2, ...$regs$args$localsYou can give several consecutive collect commands, each one
with a single argument, or one collect command with several
arguments separated by commas: the effect is the same.
The command info scope (see info scope) is
particularly useful for figuring out what data to collect.
while-stepping nwhile-stepping command is
followed by the list of what to collect while stepping (followed by
its own end command):
> while-stepping 12
> collect $regs, myglobal
> end
>
You may abbreviate while-stepping as ws or
stepping.
info tracepoints [num]info breakpoints; in fact, info tracepoints is the same
command, simply restricting itself to tracepoints.
A tracepoint's listing may include additional information specific to tracing:
passcount n command
while-stepping n command
actions command. The actions
are prefixed with an `A' so as to distinguish them from commands.
(gdb) info trace
Num Type Disp Enb Address What
1 tracepoint keep y 0x0804ab57 in foo() at main.cxx:7
pass count 1200
step count 20
A while-stepping 20
A collect globfoo, $regs
A end
A collect globfoo2
A end
(gdb)
This command can be abbreviated info tp.
tstarttstopNote: a trace experiment and data collection may stop automatically if any tracepoint's passcount is reached (see Tracepoint Passcounts), or if the trace buffer becomes full.
tstatusHere is an example of the commands we described so far:
(gdb) trace gdb_c_test
(gdb) actions
Enter actions for tracepoint #1, one per line.
> collect $regs,$locals,$args
> while-stepping 11
> collect $regs
> end
> end
(gdb) tstart
[time passes ...]
(gdb) tstop
After the tracepoint experiment ends, you use gdb commands
for examining the trace data. The basic idea is that each tracepoint
collects a trace snapshot every time it is hit and another
snapshot every time it single-steps. All these snapshots are
consecutively numbered from zero and go into a buffer, and you can
examine them later. The way you examine them is to focus on a
specific trace snapshot. When the remote stub is focused on a trace
snapshot, it will respond to all gdb requests for memory and
registers by reading from the buffer which belongs to that snapshot,
rather than from real memory or registers of the program being
debugged. This means that all gdb commands
(print, info registers, backtrace, etc.) will
behave as if we were currently debugging the program state as it was
when the tracepoint occurred. Any requests for data that are not in
the buffer will fail.
tfind nThe basic command for selecting a trace snapshot from the buffer is
tfind n, which finds trace snapshot number n,
counting from zero. If no argument n is given, the next
snapshot is selected.
Here are the various forms of using the tfind command.
tfind starttfind 0 (since 0 is the number of the first snapshot).
tfind nonetfind endtfindtfind -tfind tracepoint numtfind pc addrtfind outside addr1, addr2tfind range addr1, addr2tfind line [file:]ntfind line repeatedly can appear to have the same effect as
stepping from line to line in a live debugging session.
The default arguments for the tfind commands are specifically
designed to make it easy to scan through the trace buffer. For
instance, tfind with no argument selects the next trace
snapshot, and tfind - with no argument selects the previous
trace snapshot. So, by giving one tfind command, and then
simply hitting <RET> repeatedly you can examine all the trace
snapshots in order. Or, by saying tfind - and then hitting
<RET> repeatedly you can examine the snapshots in reverse order.
The tfind line command with no argument selects the snapshot
for the next source line executed. The tfind pc command with
no argument selects the next snapshot with the same program counter
(PC) as the current frame. The tfind tracepoint command with
no argument selects the next trace snapshot collected by the same
tracepoint as the current one.
In addition to letting you scan through the trace buffer manually, these commands make it easy to construct gdb scripts that scan through the trace buffer and print out whatever collected data you are interested in. Thus, if we want to examine the PC, FP, and SP registers from each trace frame in the buffer, we can say this:
(gdb) tfind start
(gdb) while ($trace_frame != -1)
> printf "Frame %d, PC = %08X, SP = %08X, FP = %08X\n", \
$trace_frame, $pc, $sp, $fp
> tfind
> end
Frame 0, PC = 0020DC64, SP = 0030BF3C, FP = 0030BF44
Frame 1, PC = 0020DC6C, SP = 0030BF38, FP = 0030BF44
Frame 2, PC = 0020DC70, SP = 0030BF34, FP = 0030BF44
Frame 3, PC = 0020DC74, SP = 0030BF30, FP = 0030BF44
Frame 4, PC = 0020DC78, SP = 0030BF2C, FP = 0030BF44
Frame 5, PC = 0020DC7C, SP = 0030BF28, FP = 0030BF44
Frame 6, PC = 0020DC80, SP = 0030BF24, FP = 0030BF44
Frame 7, PC = 0020DC84, SP = 0030BF20, FP = 0030BF44
Frame 8, PC = 0020DC88, SP = 0030BF1C, FP = 0030BF44
Frame 9, PC = 0020DC8E, SP = 0030BF18, FP = 0030BF44
Frame 10, PC = 00203F6C, SP = 0030BE3C, FP = 0030BF14
Or, if we want to examine the variable X at each source line in
the buffer:
(gdb) tfind start
(gdb) while ($trace_frame != -1)
> printf "Frame %d, X == %d\n", $trace_frame, X
> tfind line
> end
Frame 0, X = 1
Frame 7, X = 2
Frame 13, X = 255
tdumpThis command takes no arguments. It prints all the data collected at the current trace snapshot.
(gdb) trace 444
(gdb) actions
Enter actions for tracepoint #2, one per line:
> collect $regs, $locals, $args, gdb_long_test
> end
(gdb) tstart
(gdb) tfind line 444
#0 gdb_test (p1=0x11, p2=0x22, p3=0x33, p4=0x44, p5=0x55, p6=0x66)
at gdb_test.c:444
444 printp( "%s: arguments = 0x%X 0x%X 0x%X 0x%X 0x%X 0x%X\n", )
(gdb) tdump
Data collected at tracepoint 2, trace frame 1:
d0 0xc4aa0085 -995491707
d1 0x18 24
d2 0x80 128
d3 0x33 51
d4 0x71aea3d 119204413
d5 0x22 34
d6 0xe0 224
d7 0x380035 3670069
a0 0x19e24a 1696330
a1 0x3000668 50333288
a2 0x100 256
a3 0x322000 3284992
a4 0x3000698 50333336
a5 0x1ad3cc 1758156
fp 0x30bf3c 0x30bf3c
sp 0x30bf34 0x30bf34
ps 0x0 0
pc 0x20b2c8 0x20b2c8
fpcontrol 0x0 0
fpstatus 0x0 0
fpiaddr 0x0 0
p = 0x20e5b4 "gdb-test"
p1 = (void *) 0x11
p2 = (void *) 0x22
p3 = (void *) 0x33
p4 = (void *) 0x44
p5 = (void *) 0x55
p6 = (void *) 0x66
gdb_long_test = 17 '\021'
(gdb)
save-tracepoints filename
This command saves all current tracepoint definitions together with
their actions and passcounts, into a file filename
suitable for use in a later debugging session. To read the saved
tracepoint definitions, use the source command (see Command Files).
(int) $trace_frame(int) $tracepoint(int) $trace_line(char []) $trace_file(char []) $trace_func$tracepoint.
Note: $trace_file is not suitable for use in printf,
use output instead.
Here's a simple example of using these convenience variables for stepping through all the trace snapshots and printing some of their data.
(gdb) tfind start
(gdb) while $trace_frame != -1
> output $trace_file
> printf ", line %d (tracepoint #%d)\n", $trace_line, $tracepoint
> tfind
> end
If your program is too large to fit completely in your target system's memory, you can sometimes use overlays to work around this problem. gdb provides some support for debugging programs that use overlays.
Suppose you have a computer whose instruction address space is only 64 kilobytes long, but which has much more memory which can be accessed by other means: special instructions, segment registers, or memory management hardware, for example. Suppose further that you want to adapt a program which is larger than 64 kilobytes to run on this system.
One solution is to identify modules of your program which are relatively independent, and need not call each other directly; call these modules overlays. Separate the overlays from the main program, and place their machine code in the larger memory. Place your main program in instruction memory, but leave at least enough space there to hold the largest overlay as well.
Now, to call a function located in an overlay, you must first copy that overlay's machine code from the large memory into the space set aside for it in the instruction memory, and then jump to its entry point there.
Data Instruction Larger
Address Space Address Space Address Space
+-----------+ +-----------+ +-----------+
| | | | | |
+-----------+ +-----------+ +-----------+<-- overlay 1
| program | | main | .----| overlay 1 | load address
| variables | | program | | +-----------+
| and heap | | | | | |
+-----------+ | | | +-----------+<-- overlay 2
| | +-----------+ | | | load address
+-----------+ | | | .-| overlay 2 |
| | | | | |
mapped --->+-----------+ | | +-----------+
address | | | | | |
| overlay | <-' | | |
| area | <---' +-----------+<-- overlay 3
| | <---. | | load address
+-----------+ `--| overlay 3 |
| | | |
+-----------+ | |
+-----------+
| |
+-----------+
A code overlay
The diagram (see A code overlay) shows a system with separate data and instruction address spaces. To map an overlay, the program copies its code from the larger address space to the instruction address space. Since the overlays shown here all use the same mapped address, only one may be mapped at a time. For a system with a single address space for data and instructions, the diagram would be similar, except that the program variables and heap would share an address space with the main program and the overlay area.
An overlay loaded into instruction memory and ready for use is called a mapped overlay; its mapped address is its address in the instruction memory. An overlay not present (or only partially present) in instruction memory is called unmapped; its load address is its address in the larger memory. The mapped address is also called the virtual memory address, or VMA; the load address is also called the load memory address, or LMA.
Unfortunately, overlays are not a completely transparent way to adapt a program to limited instruction memory. They introduce a new set of global constraints you must keep in mind as you design your program:
The overlay system described above is rather simple, and could be improved in many ways:
To use gdb's overlay support, each overlay in your program must correspond to a separate section of the executable file. The section's virtual memory address and load memory address must be the overlay's mapped and load addresses. Identifying overlays with sections allows gdb to determine the appropriate address of a function or variable, depending on whether the overlay is mapped or not.
gdb's overlay commands all start with the word overlay;
you can abbreviate this as ov or ovly. The commands are:
overlay offoverlay manualoverlay map-overlay and overlay unmap-overlay
commands described below.
overlay map-overlay overlayoverlay map overlayoverlay unmap-overlay overlayoverlay unmap overlayoverlay autooverlay load-targetoverlay loadoverlay list-overlaysoverlay listNormally, when gdb prints a code address, it includes the name of the function the address falls in:
(gdb) print main
$3 = {int ()} 0x11a0 <main>
When overlay debugging is enabled, gdb recognizes code in
unmapped overlays, and prints the names of unmapped functions with
asterisks around them. For example, if foo is a function in an
unmapped overlay, gdb prints it this way:
(gdb) overlay list
No sections are mapped.
(gdb) print foo
$5 = {int (int)} 0x100000 <*foo*>
When foo's overlay is mapped, gdb prints the function's
name normally:
(gdb) overlay list
Section .ov.foo.text, loaded at 0x100000 - 0x100034,
mapped at 0x1016 - 0x104a
(gdb) print foo
$6 = {int (int)} 0x1016 <foo>
When overlay debugging is enabled, gdb can find the correct
address for functions and variables in an overlay, whether or not the
overlay is mapped. This allows most gdb commands, like
break and disassemble, to work normally, even on unmapped
code. However, gdb's breakpoint support has some limitations:
gdb can automatically track which overlays are mapped and which
are not, given some simple co-operation from the overlay manager in the
inferior. If you enable automatic overlay debugging with the
overlay auto command (see Overlay Commands), gdb
looks in the inferior's memory for certain variables describing the
current state of the overlays.
Here are the variables your overlay manager must define to support gdb's automatic overlay debugging:
_ovly_table: struct
{
/* The overlay's mapped address. */
unsigned long vma;
/* The size of the overlay, in bytes. */
unsigned long size;
/* The overlay's load address. */
unsigned long lma;
/* Non-zero if the overlay is currently mapped;
zero otherwise. */
unsigned long mapped;
}
_novlys:_ovly_table.
To decide whether a particular overlay is mapped or not, gdb
looks for an entry in _ovly_table whose vma and
lma members equal the VMA and LMA of the overlay's section in the
executable file. When gdb finds a matching entry, it consults
the entry's mapped member to determine whether the overlay is
currently mapped.
In addition, your overlay manager may define a function called
_ovly_debug_event. If this function is defined, gdb
will silently set a breakpoint there. If the overlay manager then
calls this function whenever it has changed the overlay table, this
will enable gdb to accurately keep track of which overlays
are in program memory, and update any breakpoints that may be set
in overlays. This will allow breakpoints to work even if the
overlays are kept in ROM or other non-writable memory while they
are not being executed.
When linking a program which uses overlays, you must place the overlays at their load addresses, while relocating them to run at their mapped addresses. To do this, you must write a linker script (see Overlay Description). Unfortunately, since linker scripts are specific to a particular host system, target architecture, and target memory layout, this manual cannot provide portable sample code demonstrating gdb's overlay support.
However, the gdb source distribution does contain an overlaid program, with linker scripts for a few systems, as part of its test suite. The program consists of the following files from gdb/testsuite/gdb.base:
d10v-elf
and m32r-elf targets.
You can build the test program using the d10v-elf GCC
cross-compiler like this:
$ d10v-elf-gcc -g -c overlays.c
$ d10v-elf-gcc -g -c ovlymgr.c
$ d10v-elf-gcc -g -c foo.c
$ d10v-elf-gcc -g -c bar.c
$ d10v-elf-gcc -g -c baz.c
$ d10v-elf-gcc -g -c grbx.c
$ d10v-elf-gcc -g overlays.o ovlymgr.o foo.o bar.o \
baz.o grbx.o -Wl,-Td10v.ld -o overlays
The build process is identical for any other architecture, except that
you must substitute the appropriate compiler and linker script for the
target system for d10v-elf-gcc and d10v.ld.
Although programming languages generally have common aspects, they are
rarely expressed in the same manner. For instance, in ANSI C,
dereferencing a pointer p is accomplished by *p, but in
Modula-2, it is accomplished by p^. Values can also be
represented (and displayed) differently. Hex numbers in C appear as
`0x1ae', while in Modula-2 they appear as `1AEH'.
Language-specific information is built into gdb for some languages, allowing you to express operations like the above in your program's native language, and allowing gdb to output values in a manner consistent with the syntax of your program's native language. The language you use to build expressions is called the working language.
There are two ways to control the working language—either have gdb
set it automatically, or select it manually yourself. You can use the
set language command for either purpose. On startup, gdb
defaults to setting the language automatically. The working language is
used to determine how expressions you type are interpreted, how values
are printed, etc.
In addition to the working language, every source file that
gdb knows about has its own working language. For some object
file formats, the compiler might indicate which language a particular
source file is in. However, most of the time gdb infers the
language from the name of the file. The language of a source file
controls whether C++ names are demangled—this way backtrace can
show each frame appropriately for its own language. There is no way to
set the language of a source file from within gdb, but you can
set the language associated with a filename extension. See Displaying the Language.
This is most commonly a problem when you use a program, such
as cfront or f2c, that generates C but is written in
another language. In that case, make the
program use #line directives in its C output; that way
gdb will know the correct language of the source code of the original
program, and will display that source code, not the generated C code.
If a source file name ends in one of the following extensions, then gdb infers that its language is the one indicated.
In addition, you may set the language associated with a filename extension. See Displaying the Language.
If you allow gdb to set the language automatically, expressions are interpreted the same way in your debugging session and your program.
If you wish, you may set the language manually. To do this, issue the
command `set language lang', where lang is the name of
a language, such as
c or modula-2.
For a list of the supported languages, type `set language'.
Setting the language manually prevents gdb from updating the working language automatically. This can lead to confusion if you try to debug a program when the working language is not the same as the source language, when an expression is acceptable to both languages—but means different things. For instance, if the current source file were written in C, and gdb was parsing Modula-2, a command such as:
print a = b + c
might not have the effect you intended. In C, this means to add
b and c and place the result in a. The result
printed would be the value of a. In Modula-2, this means to compare
a to the result of b+c, yielding a BOOLEAN value.
To have gdb set the working language automatically, use `set language local' or `set language auto'. gdb then infers the working language. That is, when your program stops in a frame (usually by encountering a breakpoint), gdb sets the working language to the language recorded for the function in that frame. If the language for a frame is unknown (that is, if the function or block corresponding to the frame was defined in a source file that does not have a recognized extension), the current working language is not changed, and gdb issues a warning.
This may not seem necessary for most programs, which are written entirely in one source language. However, program modules and libraries written in one source language can be used by a main program written in a different source language. Using `set language auto' in this case frees you from having to set the working language manually.
The following commands help you find out which language is the working language, and also what language source files were written in.
show languageprint to
build and compute expressions that may involve variables in your program.
info frameinfo sourceIn unusual circumstances, you may have source files with extensions not in the standard list. You can then set the extension associated with a language explicitly:
set extension-language ext languageinfo extensionsWarning: In this release, the gdb commands for type and range checking are included, but they do not yet have any effect. This section documents the intended facilities.
Some languages are designed to guard you against making seemingly common errors through a series of compile- and run-time checks. These include checking the type of arguments to functions and operators, and making sure mathematical overflows are caught at run time. Checks such as these help to ensure a program's correctness once it has been compiled by eliminating type mismatches, and providing active checks for range errors when your program is running.
gdb can check for conditions like the above if you wish.
Although gdb does not check the statements in your program,
it can check expressions entered directly into gdb for
evaluation via the print command, for example. As with the
working language, gdb can also decide whether or not to check
automatically based on your program's source language.
See Supported Languages, for the default
settings of supported languages.
Some languages, such as Modula-2, are strongly typed, meaning that the arguments to operators and functions have to be of the correct type, otherwise an error occurs. These checks prevent type mismatch errors from ever causing any run-time problems. For example,
1 + 2 => 3
but
error--> 1 + 2.3
The second example fails because the CARDINAL 1 is not
type-compatible with the REAL 2.3.
For the expressions you use in gdb commands, you can tell the gdb type checker to skip checking; to treat any mismatches as errors and abandon the expression; or to only issue warnings when type mismatches occur, but evaluate the expression anyway. When you choose the last of these, gdb evaluates expressions like the second example above, but also issues a warning.
Even if you turn type checking off, there may be other reasons
related to type that prevent gdb from evaluating an expression.
For instance, gdb does not know how to add an int and
a struct foo. These particular type errors have nothing to do
with the language in use, and usually arise from expressions, such as
the one described above, which make little sense to evaluate anyway.
Each language defines to what degree it is strict about type. For instance, both Modula-2 and C require the arguments to arithmetical operators to be numbers. In C, enumerated types and pointers can be represented as numbers, so that they are valid arguments to mathematical operators. See Supported Languages, for further details on specific languages.
gdb provides some additional commands for controlling the type checker:
set check type autoset check type onset check type offset check type warnshow typeIn some languages (such as Modula-2), it is an error to exceed the bounds of a type; this is enforced with run-time checks. Such range checking is meant to ensure program correctness by making sure computations do not overflow, or indices on an array element access do not exceed the bounds of the array.
For expressions you use in gdb commands, you can tell gdb to treat range errors in one of three ways: ignore them, always treat them as errors and abandon the expression, or issue warnings but evaluate the expression anyway.
A range error can result from numerical overflow, from exceeding an array index bound, or when you type a constant that is not a member of any type. Some languages, however, do not treat overflows as an error. In many implementations of C, mathematical overflow causes the result to “wrap around” to lower values—for example, if m is the largest integer value, and s is the smallest, then
m + 1 => s
This, too, is specific to individual languages, and in some cases specific to individual compilers or machines. See Supported Languages, for further details on specific languages.
gdb provides some additional commands for controlling the range checker:
set check range autoset check range onset check range offset check range warnshow rangegdb supports C, C++, Objective-C, Fortran, Java, Pascal,
assembly, Modula-2, and Ada.
Some gdb features may be used in expressions regardless of the
language you use: the gdb @ and :: operators,
and the `{type}addr' construct (see Expressions) can be used with the constructs of any supported
language.
The following sections detail to what degree each source language is supported by gdb. These sections are not meant to be language tutorials or references, but serve only as a reference guide to what the gdb expression parser accepts, and what input and output formats should look like for different languages. There are many good books written on each of these languages; please look to these for a language reference or tutorial.
Since C and C++ are so closely related, many features of gdb apply to both languages. Whenever this is the case, we discuss those languages together.
The C++ debugging facilities are jointly implemented by the C++
compiler and gdb. Therefore, to debug your C++ code
effectively, you must compile your C++ programs with a supported
C++ compiler, such as gnu g++, or the HP ANSI C++
compiler (aCC).
For best results when using gnu C++, use the DWARF 2 debugging
format; if it doesn't work on your system, try the stabs+ debugging
format. You can select those formats explicitly with the g++
command-line options -gdwarf-2 and -gstabs+.
See Options for Debugging Your Program or GCC.
Operators must be defined on values of specific types. For instance,
+ is defined on numbers, but not on structures. Operators are
often defined on groups of types.
For the purposes of C and C++, the following definitions hold:
int with any of its storage-class
specifiers; char; enum; and, for C++, bool.
float, double, and
long double (if supported by the target platform).
(type *).
The following operators are supported. They are listed here in order of increasing precedence:
,== op= b,
and translated to a = a op b.
op= and = have the same precedence.
op is any one of the operators |, ^, &,
<<, >>, +, -, *, /, %.
?: ? b : c can be thought
of as: if a then b else c. a should be of an
integral type.
||&&|^&==, !=<, >, <=, >=<<, >>@+, -*, /, %++, --*++.
&++.
For debugging C++, gdb implements a use of `&' beyond what is
allowed in the C++ language itself: you can use `&(&ref)'
to examine the address
where a C++ reference variable (declared with `&ref') is
stored.
-++.
!++.
~++.
., ->struct and union data.
.*, ->*[][i] is defined as
*(a+i). Same precedence as ->.
()->.
::struct, union,
and class types.
::::,
above.
If an operator is redefined in the user code, gdb usually attempts to invoke the redefined version instead of using the operator's predefined meaning.
gdb allows you to express the constants of C and C++ in the following ways:
long value.
float (as opposed to the default double) type; or with
a letter `l' or `L', which specifies a long double
constant.
'), or a number—the ordinal value of the corresponding character
(usually its ascii value). Within quotes, the single character may
be represented by a letter or by escape sequences, which are of
the form `\nnn', where nnn is the octal representation
of the character's ordinal value; or of the form `\x', where
`x' is a predefined special character—for example,
`\n' for newline.
"). Any valid character constant (as described
above) may appear. Double quotes within the string must be preceded by
a backslash, so for instance `"a\"b'c"' is a string of five
characters.
gdb expression handling can interpret most C++ expressions.
Warning: gdb can only debug C++ code if you use the proper compiler and the proper debug format. Currently, gdb works best when debugging C++ code that is compiled with gcc 2.95.3 or with gcc 3.1 or newer, using the options -gdwarf-2 or -gstabs+. DWARF 2 is preferred over stabs+. Most configurations of gcc emit either DWARF 2 or stabs+ as their default debug format, so you usually don't need to specify a debug format explicitly. Other compilers and/or debug formats are likely to work badly or not at all when using gdb to debug C++ code.
count = aml->GetOriginal(x, y)
this following the same rules as C++.
It does perform integral conversions and promotions, floating-point promotions, arithmetic conversions, pointer conversions, conversions of class objects to base classes, and standard conversions such as those of functions or arrays to pointers; it requires an exact match on the number of function arguments.
Overload resolution is always performed, unless you have specified
set overload-resolution off. See gdb Features for C++.
You must specify set overload-resolution off in order to use an
explicit function signature to call an overloaded function, as in
p 'foo(char,int)'('x', 13)
The gdb command-completion facility can simplify this; see Command Completion.
In the parameter list shown when gdb displays a frame, the values of reference variables are not displayed (unlike other variables); this avoids clutter, since references are often used for large structures. The address of a reference variable is always shown, unless you have specified `set print address off'.
::—your
expressions can use it just as expressions in your program do. Since
one scope may be defined in another, you can use :: repeatedly if
necessary, for example in an expression like
`scope1::scope2::name'. gdb also allows
resolving name scope by reference to source files, in both C and C++
debugging (see Program Variables).
In addition, when used with HP's C++ compiler, gdb supports calling virtual functions correctly, printing out virtual bases of objects, calling functions in a base subobject, casting objects, and invoking user-defined operators.
If you allow gdb to set type and range checking automatically, they
both default to off whenever the working language changes to
C or C++. This happens regardless of whether you or gdb
selects the working language.
If you allow gdb to set the language automatically, it recognizes source files whose names end with .c, .C, or .cc, etc, and when gdb enters code compiled from one of these files, it sets the working language to C or C++. See Having gdb Infer the Source Language, for further details.
By default, when gdb parses C or C++ expressions, type checking is not used. However, if you turn type checking on, gdb considers two variables type equivalent if:
typedef.
Range checking, if turned on, is done on mathematical operations. Array indices are not checked, since they are often used to index a pointer that is not itself an array.
The set print union and show print union commands apply to
the union type. When set to `on', any union that is
inside a struct or class is also printed. Otherwise, it
appears as `{...}'.
The @ operator aids in the debugging of dynamic arrays, formed
with pointers and a memory allocation function. See Expressions.
Some gdb commands are particularly useful with C++, and some are designed specifically for use with C++. Here is a summary:
rbreak regexcatch throwcatch catchptype typenameset print demangleshow print demangleset print asm-demangleshow print asm-demangleset print objectshow print objectset print vtblshow print vtblvtbl commands do not work on programs compiled with the HP
ANSI C++ compiler (aCC).)
set overload-resolution onset overload-resolution offshow overload-resolution(types) rather than just symbol. You can
also use the gdb command-line word completion facilities to list the
available choices, or to finish the type list for you.
See Command Completion, for details on how to do this.
gdb can examine, set and perform computations with numbers in
decimal floating point format, which in the C language correspond to the
_Decimal32, _Decimal64 and _Decimal128 types as
specified by the extension to support decimal floating-point arithmetic.
There are two encodings in use, depending on the architecture: BID (Binary Integer Decimal) for x86 and x86-64, and DPD (Densely Packed Decimal) for PowerPC. gdb will use the appropriate encoding for the configured target.
Because of a limitation in libdecnumber, the library used by gdb to manipulate decimal floating point numbers, it is not possible to convert (using a cast, for example) integers wider than 32-bit to decimal float.
In addition, in order to imitate gdb's behaviour with binary floating point computations, error checking in decimal float operations ignores underflow, overflow and divide by zero exceptions.
In the PowerPC architecture, gdb provides a set of pseudo-registers
to inspect _Decimal128 values stored in floating point registers.
See PowerPC for more details.
This section provides information about some commands and command options that are useful for debugging Objective-C code. See also info classes, and info selectors, for a few more commands specific to Objective-C support.
The following commands have been extended to accept Objective-C method names as line specifications:
clear
break
info line
jump
list
A fully qualified Objective-C method name is specified as
-[Class methodName]
where the minus sign is used to indicate an instance method and a
plus sign (not shown) is used to indicate a class method. The class
name Class and method name methodName are enclosed in
brackets, similar to the way messages are specified in Objective-C
source code. For example, to set a breakpoint at the create
instance method of class Fruit in the program currently being
debugged, enter:
break -[Fruit create]
To list ten program lines around the initialize class method,
enter:
list +[NSText initialize]
In the current version of gdb, the plus or minus sign is required. In future versions of gdb, the plus or minus sign will be optional, but you can use it to narrow the search. It is also possible to specify just a method name:
break create
You must specify the complete method name, including any colons. If
your program's source files contain more than one create method,
you'll be presented with a numbered list of classes that implement that
method. Indicate your choice by number, or type `0' to exit if
none apply.
As another example, to clear a breakpoint established at the
makeKeyAndOrderFront: method of the NSWindow class, enter:
clear -[NSWindow makeKeyAndOrderFront:]
The print command has also been extended to accept methods. For example:
print -[object hash]
will tell gdb to send the hash message to object
and print the result. Also, an additional command has been added,
print-object or po for short, which is meant to print
the description of an object. However, this command may only work
with certain Objective-C libraries that have a particular hook
function, _NSPrintForDebugger, defined.
gdb can be used to debug programs written in Fortran, but it currently supports only the features of Fortran 77 language.
Some Fortran compilers (gnu Fortran 77 and Fortran 95 compilers among them) append an underscore to the names of variables and functions. When you debug programs compiled by those compilers, you will need to refer to variables and functions with a trailing underscore.
Operators must be defined on values of specific types. For instance,
+ is defined on numbers, but not on characters or other non-
arithmetic types. Operators are often defined on groups of types.
**:%Fortran symbols are usually case-insensitive, so gdb by default uses case-insensitive matches for Fortran symbols. You can change that with the `set case-insensitive' command, see Symbols, for the details.
gdb has some commands to support Fortran-specific features, such as displaying common blocks.
info common [common-name]COMMON
block whose name is common-name. With no argument, the names of
all COMMON blocks visible at the current program location are
printed.
Debugging Pascal programs which use sets, subranges, file variables, or nested functions does not currently work. gdb does not support entering expressions, printing values, or similar features using Pascal syntax.
The Pascal-specific command set print pascal_static-members
controls whether static members of Pascal objects are displayed.
See pascal_static-members.
The extensions made to gdb to support Modula-2 only support output from the gnu Modula-2 compiler (which is currently being developed). Other Modula-2 compilers are not currently supported, and attempting to debug executables produced by them is most likely to give an error as gdb reads in the executable's symbol table.
Operators must be defined on values of specific types. For instance,
+ is defined on numbers, but not on structures. Operators are
often defined on groups of types. For the purposes of Modula-2, the
following definitions hold:
INTEGER, CARDINAL, and
their subranges.
CHAR and its subranges.
REAL.
POINTER TO
type.
SET and BITSET types.
BOOLEAN.
The following operators are supported, and appear in order of increasing precedence:
,:=:= value is
value.
<, ><=, >=<.
=, <>, #<. In gdb scripts, only <> is
available for inequality, since # conflicts with the script
comment character.
IN<.
ORAND, &@+, -*/*.
DIV, MOD*.
-INTEGER and REAL data.
^NOT^.
.RECORD field selector. Defined on RECORD data. Same
precedence as ^.
[]ARRAY data. Same precedence as ^.
()PROCEDURE objects. Same precedence
as ^.
::, .Warning: Set expressions and their operations are not yet supported, so gdb treats the use of the operatorIN, or the use of operators+,-,*,/,=, ,<>,#,<=, and>=on sets as an error.
Modula-2 also makes available several built-in procedures and functions. In describing these, the following metavariables are used:
ARRAY variable.
CHAR constant or variable.
SET OF mtype (where mtype is the type of m).
All Modula-2 built-in procedures also return a result, described below.
ABS(n)CAP(c)CHR(i)DEC(v)DEC(v,i)EXCL(m,s)FLOAT(i)HIGH(a)INC(v)INC(v,i)INCL(m,s)MAX(t)MIN(t)ODD(i)ORD(x)SIZE(x)TRUNC(r)TSIZE(x)VAL(t,i)Warning: Sets and their operations are not yet supported, so gdb treats the use of proceduresINCLandEXCLas an error.
gdb allows you to express the constants of Modula-2 in the following ways:
') or double ("). They may
also be expressed by their ordinal value (their ascii value, usually)
followed by a `C'.
') or double (").
Escape sequences in the style of C are also allowed. See C and C++ Constants, for a brief explanation of escape
sequences.
TRUE and
FALSE.
Currently gdb can print the following data types in Modula-2 syntax: array types, record types, set types, pointer types, procedure types, enumerated types, subrange types and base types. You can also print the contents of variables declared using these type. This section gives a number of simple source code examples together with sample gdb sessions.
The first example contains the following section of code:
VAR
s: SET OF CHAR ;
r: [20..40] ;
and you can request gdb to interrogate the type and value of
r and s.
(gdb) print s
{'A'..'C', 'Z'}
(gdb) ptype s
SET OF CHAR
(gdb) print r
21
(gdb) ptype r
[20..40]
Likewise if your source code declares s as:
VAR
s: SET ['A'..'Z'] ;
then you may query the type of s by:
(gdb) ptype s
type = SET ['A'..'Z']
Note that at present you cannot interactively manipulate set expressions using the debugger.
The following example shows how you might declare an array in Modula-2 and how you can interact with gdb to print its type and contents:
VAR
s: ARRAY [-10..10] OF CHAR ;
(gdb) ptype s
ARRAY [-10..10] OF CHAR
Note that the array handling is not yet complete and although the type
is printed correctly, expression handling still assumes that all
arrays have a lower bound of zero and not -10 as in the example
above.
Here are some more type related Modula-2 examples:
TYPE
colour = (blue, red, yellow, green) ;
t = [blue..yellow] ;
VAR
s: t ;
BEGIN
s := blue ;
The gdb interaction shows how you can query the data type and value of a variable.
(gdb) print s
$1 = blue
(gdb) ptype t
type = [blue..yellow]
In this example a Modula-2 array is declared and its contents
displayed. Observe that the contents are written in the same way as
their C counterparts.
VAR
s: ARRAY [1..5] OF CARDINAL ;
BEGIN
s[1] := 1 ;
(gdb) print s
$1 = {1, 0, 0, 0, 0}
(gdb) ptype s
type = ARRAY [1..5] OF CARDINAL
The Modula-2 language interface to gdb also understands pointer types as shown in this example:
VAR
s: POINTER TO ARRAY [1..5] OF CARDINAL ;
BEGIN
NEW(s) ;
s^[1] := 1 ;
and you can request that gdb describes the type of s.
(gdb) ptype s
type = POINTER TO ARRAY [1..5] OF CARDINAL
gdb handles compound types as we can see in this example. Here we combine array types, record types, pointer types and subrange types:
TYPE
foo = RECORD
f1: CARDINAL ;
f2: CHAR ;
f3: myarray ;
END ;
myarray = ARRAY myrange OF CARDINAL ;
myrange = [-2..2] ;
VAR
s: POINTER TO ARRAY myrange OF foo ;
and you can ask gdb to describe the type of s as shown
below.
(gdb) ptype s
type = POINTER TO ARRAY [-2..2] OF foo = RECORD
f1 : CARDINAL;
f2 : CHAR;
f3 : ARRAY [-2..2] OF CARDINAL;
END
If type and range checking are set automatically by gdb, they
both default to on whenever the working language changes to
Modula-2. This happens regardless of whether you or gdb
selected the working language.
If you allow gdb to set the language automatically, then entering code compiled from a file whose name ends with .mod sets the working language to Modula-2. See Having gdb Infer the Source Language, for further details.
A few changes have been made to make Modula-2 programs easier to debug. This is done primarily via loosening its type strictness:
:=) returns the value of its right-hand
argument.
Warning: in this release, gdb does not yet perform type or range checking.
gdb considers two Modula-2 variables type equivalent if:
TYPE
t1 = t2 statement
As long as type checking is enabled, any attempt to combine variables whose types are not equivalent is an error.
Range checking is done on all mathematical operations, assignment, array index bounds, and all built-in functions and procedures.
:: and .
There are a few subtle differences between the Modula-2 scope operator
(.) and the gdb scope operator (::). The two have
similar syntax:
module . id
scope :: id
where scope is the name of a module or a procedure, module the name of a module, and id is any declared identifier within your program, except another module.
Using the :: operator makes gdb search the scope
specified by scope for the identifier id. If it is not
found in the specified scope, then gdb searches all scopes
enclosing the one specified by scope.
Using the . operator makes gdb search the current scope for
the identifier specified by id that was imported from the
definition module specified by module. With this operator, it is
an error if the identifier id was not imported from definition
module module, or if id is not an identifier in
module.
Some gdb commands have little use when debugging Modula-2 programs.
Five subcommands of set print and show print apply
specifically to C and C++: `vtbl', `demangle',
`asm-demangle', `object', and `union'. The first four
apply to C++, and the last to the C union type, which has no direct
analogue in Modula-2.
The @ operator (see Expressions), while available
with any language, is not useful with Modula-2. Its
intent is to aid the debugging of dynamic arrays, which cannot be
created in Modula-2 as they can in C or C++. However, because an
address can be specified by an integral constant, the construct
`{type}adrexp' is still useful.
In gdb scripts, the Modula-2 inequality operator # is
interpreted as the beginning of a comment. Use <> instead.
The extensions made to gdb for Ada only support output from the gnu Ada (GNAT) compiler. Other Ada compilers are not currently supported, and attempting to debug executables produced by them is most likely to be difficult.
The Ada mode of gdb supports a fairly large subset of Ada expression syntax, with some extensions. The philosophy behind the design of this subset is
Thus, for brevity, the debugger acts as if all names declared in user-written packages are directly visible, even if they are not visible according to Ada rules, thus making it unnecessary to fully qualify most names with their packages, regardless of context. Where this causes ambiguity, gdb asks the user's intent.
The debugger will start in Ada mode if it detects an Ada main program. As for other languages, it will enter Ada mode when stopped in a program that was translated from an Ada source file.
While in Ada mode, you may use `–' for comments. This is useful mostly for documenting command files. The standard gdb comment (`#') still works at the beginning of a line in Ada mode, but not in the middle (to allow based literals).
The debugger supports limited overloading. Given a subprogram call in which
the function symbol has multiple definitions, it will use the number of
actual parameters and some information about their types to attempt to narrow
the set of definitions. It also makes very limited use of context, preferring
procedures to functions in the context of the call command, and
functions to procedures elsewhere.
Here are the notable omissions from the subset:
in) operator.
Characters.Latin_1 are not available and
concatenation is not implemented. Thus, escape characters in strings are
not currently available.
and, or,
xor, not, and relational tests other than equality)
are not implemented.
(gdb) set An_Array := (1, 2, 3, 4, 5, 6)
(gdb) set An_Array := (1, others => 0)
(gdb) set An_Array := (0|4 => 1, 1..3 => 2, 5 => 6)
(gdb) set A_2D_Array := ((1, 2, 3), (4, 5, 6), (7, 8, 9))
(gdb) set A_Record := (1, "Peter", True);
(gdb) set A_Record := (Name => "Peter", Id => 1, Alive => True)
Changing a
discriminant's value by assigning an aggregate has an
undefined effect if that discriminant is used within the record.
However, you can first modify discriminants by directly assigning to
them (which normally would not be allowed in Ada), and then performing an
aggregate assignment. For example, given a variable A_Rec
declared to have a type such as:
type Rec (Len : Small_Integer := 0) is record
Id : Integer;
Vals : IntArray (1 .. Len);
end record;
you can assign a value with a different size of Vals with two
assignments:
(gdb) set A_Rec.Len := 4
(gdb) set A_Rec := (Id => 42, Vals => (1, 2, 3, 4))
As this example also illustrates, gdb is very loose about the usual
rules concerning aggregates. You may leave out some of the
components of an array or record aggregate (such as the Len
component in the assignment to A_Rec above); they will retain their
original values upon assignment. You may freely use dynamic values as
indices in component associations. You may even use overlapping or
redundant component associations, although which component values are
assigned in such cases is not defined.
new operator is not implemented.
True and False, when not part of a qualified name,
are interpreted as if implicitly prefixed by Standard, regardless of
context.
Should your program
redefine these names in a package or procedure (at best a dubious practice),
you will have to use fully qualified names to access their new definitions.
As it does for other languages, gdb makes certain generic extensions to Ada (see Expressions):
@N displays the values of E and the
N-1 adjacent variables following it in memory as an array. In
Ada, this operator is generally not necessary, since its prime use is
in displaying parts of an array, and slicing will usually do this in
Ada. However, there are occasional uses when debugging programs in
which certain debugging information has been optimized away.
::var means “the variable named var that
appears in function or file B.” When B is a file name,
you must typically surround it in single quotes.
{type} addr means “the variable of type
type that appears at address addr.”
In addition, gdb provides a few other shortcuts and outright additions specific to Ada:
(gdb) set x := y + 3
(gdb) print A(tmp := y + 1)
(gdb) break f
(gdb) condition 1 (report(i); k += 1; A(k) > 100)
"One line.["0a"]Next line.["0a"]"
contains an ASCII newline character (Ada.Characters.Latin_1.LF)
after each period.
(gdb) print 'max(x, y)
(3 => 10, 17, 1)
That is, in contrast to valid Ada, only the first component has a =>
clause.
(gdb) print <JMPBUF_SAVE>[0]
It is sometimes necessary to debug the program during elaboration, and
before reaching the main procedure.
As defined in the Ada Reference
Manual, the elaboration code is invoked from a procedure called
adainit. To run your program up to the beginning of
elaboration, simply use the following two commands:
tbreak adainit and run.
Support for Ada tasks is analogous to that for threads (see Threads). gdb provides the following task-related commands:
info tasks (gdb) info tasks
ID TID P-ID Pri State Name
1 8088000 0 15 Child Activation Wait main_task
2 80a4000 1 15 Accept Statement b
3 809a800 1 15 Child Activation Wait a
* 4 80ae800 3 15 Runnable c
In this listing, the asterisk before the last task indicates it to be the task currently being inspected.
UnactivatedRunnableTerminatedChild Activation WaitAccept StatementWaiting on entry callAsync Select WaitDelay SleepChild Termination WaitWait Child in Term AltAccepting RV with tasknoinfo task taskno (gdb) info tasks
ID TID P-ID Pri State Name
1 8077880 0 15 Child Activation Wait main_task
* 2 807c468 1 15 Runnable task_1
(gdb) info task 2
Ada Task: 0x807c468
Name: task_1
Thread: 0x807f378
Parent: 1 (main_task)
Base Priority: 15
State: Runnable
task (gdb) info tasks
ID TID P-ID Pri State Name
1 8077870 0 15 Child Activation Wait main_task
* 2 807c458 1 15 Runnable t
(gdb) task
[Current task is 2]
task tasknothread threadno
command (see Threads). It switches the context of debugging
from the current task to the given task.
(gdb) info tasks
ID TID P-ID Pri State Name
1 8077870 0 15 Child Activation Wait main_task
* 2 807c458 1 15 Runnable t
(gdb) task 1
[Switching to task 1]
#0 0x8067726 in pthread_cond_wait ()
(gdb) bt
#0 0x8067726 in pthread_cond_wait ()
#1 0x8056714 in system.os_interface.pthread_cond_wait ()
#2 0x805cb63 in system.task_primitives.operations.sleep ()
#3 0x806153e in system.tasking.stages.activate_tasks ()
#4 0x804aacc in un () at un.adb:5
break linespec task tasknobreak linespec task taskno if ...break ... thread ...
command (see Thread Stops).
linespec specifies source lines, as described
in Specify Location.
Use the qualifier `task taskno' with a breakpoint command to specify that you only want gdb to stop the program when a particular Ada task reaches this breakpoint. taskno is one of the numeric task identifiers assigned by gdb, shown in the first column of the `info tasks' display.
If you do not specify `task taskno' when you set a breakpoint, the breakpoint applies to all tasks of your program.
You can use the task qualifier on conditional breakpoints as
well; in this case, place `task taskno' before the
breakpoint condition (before the if).
For example,
(gdb) info tasks
ID TID P-ID Pri State Name
1 140022020 0 15 Child Activation Wait main_task
2 140045060 1 15 Accept/Select Wait t2
3 140044840 1 15 Runnable t1
* 4 140056040 1 15 Runnable t3
(gdb) b 15 task 2
Breakpoint 5 at 0x120044cb0: file test_task_debug.adb, line 15.
(gdb) cont
Continuing.
task # 1 running
task # 2 running
Breakpoint 5, test_task_debug () at test_task_debug.adb:15
15 flush;
(gdb) info tasks
ID TID P-ID Pri State Name
1 140022020 0 15 Child Activation Wait main_task
* 2 140045060 1 15 Runnable t2
3 140044840 1 15 Runnable t1
4 140056040 1 15 Delay Sleep t3
When inspecting a core file, as opposed to debugging a live program, tasking support may be limited or even unavailable, depending on the platform being used. For instance, on x86-linux, the list of tasks is available, but task switching is not supported. On Tru64, however, task switching will work as usual.
On certain platforms, including Tru64, the debugger needs to perform some memory writes in order to provide Ada tasking support. When inspecting a core file, this means that the core file must be opened with read-write privileges, using the command `"set write on"' (see Patching). Under these circumstances, you should make a backup copy of the core file before inspecting it with gdb.
Besides the omissions listed previously (see Omissions from Ada), we know of several problems with and limitations of Ada mode in gdb, some of which will be fixed with planned future releases of the debugger and the GNU Ada compiler.
.all after an expression
to get it printed properly.
Standard for any of
the standard symbols defined by the Ada language. gdb knows about
this: it will strip the prefix from names when you use it, and will never
look for a name you have so qualified among local symbols, nor match against
symbols in other packages or subprograms. If you have
defined entities anywhere in your program other than parameters and
local variables whose simple names match names in Standard,
GNAT's lack of qualification here can cause confusion. When this happens,
you can usually resolve the confusion
by qualifying the problematic names with package
Standard explicitly.
In addition to the other fully-supported programming languages,
gdb also provides a pseudo-language, called minimal.
It does not represent a real programming language, but provides a set
of capabilities close to what the C or assembly languages provide.
This should allow most simple operations to be performed while debugging
an application that uses a language currently not supported by gdb.
If the language is set to auto, gdb will automatically
select this language if the current frame corresponds to an unsupported
language.
The commands described in this chapter allow you to inquire about the symbols (names of variables, functions and types) defined in your program. This information is inherent in the text of your program and does not change as your program executes. gdb finds it in your program's symbol table, in the file indicated when you started gdb (see Choosing Files), or by one of the file-management commands (see Commands to Specify Files).
Occasionally, you may need to refer to symbols that contain unusual characters, which gdb ordinarily treats as word delimiters. The most frequent case is in referring to static variables in other source files (see Program Variables). File names are recorded in object files as debugging symbols, but gdb would ordinarily parse a typical file name, like foo.c, as the three words `foo' `.' `c'. To allow gdb to recognize `foo.c' as a single symbol, enclose it in single quotes; for example,
p 'foo.c'::x
looks up the value of x in the scope of the file foo.c.
set case-sensitive onset case-sensitive offset case-sensitive autoset
case-sensitive lets you do that by specifying on for
case-sensitive matches or off for case-insensitive ones. If
you specify auto, case sensitivity is reset to the default
suitable for the source language. The default is case-sensitive
matches for all languages except for Fortran, for which the default is
case-insensitive matches.
show case-sensitiveinfo address symbolNote the contrast with `print &symbol', which does not work at all for a register variable, and for a stack local variable prints the exact address of the current instantiation of the variable.
info symbol addr (gdb) info symbol 0x54320
_initialize_vx + 396 in section .text
This is the opposite of the info address command. You can use
it to find out the name of a variable or a function given its address.
For dynamically linked executables, the name of executable or shared library containing the symbol is also printed:
(gdb) info symbol 0x400225
_start + 5 in section .text of /tmp/a.out
(gdb) info symbol 0x2aaaac2811cf
__read_nocancel + 6 in section .text of /usr/lib64/libc.so.6
whatis [arg]$, the
last value in the value history. If arg is an expression, it is
not actually evaluated, and any side-effecting operations (such as
assignments or function calls) inside it do not take place. If
arg is a type name, it may be the name of a type or typedef, or
for C code it may have the form `class class-name',
`struct struct-tag', `union union-tag' or
`enum enum-tag'.
See Expressions.
ptype [arg]ptype accepts the same arguments as whatis, but prints a
detailed description of the type, instead of just the name of the type.
See Expressions.
For example, for this variable declaration:
struct complex {double real; double imag;} v;
the two commands give this output:
(gdb) whatis v
type = struct complex
(gdb) ptype v
type = struct complex {
double real;
double imag;
}
As with whatis, using ptype without an argument refers to
the type of $, the last value in the value history.
Sometimes, programs use opaque data types or incomplete specifications of complex data structure. If the debug information included in the program does not allow gdb to display a full declaration of the data type, it will say `<incomplete type>'. For example, given these declarations:
struct foo;
struct foo *fooptr;
but no definition for struct foo itself, gdb will say:
(gdb) ptype foo
$1 = <incomplete type>
“Incomplete type” is C terminology for data types that are not completely specified.
info types regexpinfo typesvalue, but
`i type ^value$' gives information only on types whose complete
name is value.
This command differs from ptype in two ways: first, like
whatis, it does not print a detailed description; second, it
lists all source files where a type is defined.
info scope location (gdb) info scope command_line_handler
Scope for command_line_handler:
Symbol rl is an argument at stack/frame offset 8, length 4.
Symbol linebuffer is in static storage at address 0x150a18, length 4.
Symbol linelength is in static storage at address 0x150a1c, length 4.
Symbol p is a local variable in register $esi, length 4.
Symbol p1 is a local variable in register $ebx, length 4.
Symbol nline is a local variable in register $edx, length 4.
Symbol repeat is a local variable at frame offset -8, length 4.
This command is especially useful for determining what data to collect during a trace experiment, see collect.
info sourceinfo sourcesinfo functionsinfo functions regexpstep; `info fun ^step' finds those whose names
start with step. If a function name contains characters
that conflict with the regular expression language (e.g.
`operator*()'), they may be quoted with a backslash.
info variablesinfo variables regexpinfo classesinfo classes regexpinfo selectorsinfo selectors regexpSome systems allow individual object files that make up your program to be replaced without stopping and restarting your program. For example, in VxWorks you can simply recompile a defective object file and keep on running. If you are running on one of these systems, you can allow gdb to reload the symbols for automatically relinked modules:
set symbol-reloading onset symbol-reloading offsymbol-reloading off, since otherwise gdb
may discard symbols when linking large programs, that may contain
several modules (from different directories or libraries) with the same
name.
show symbol-reloadingon or off setting.
set opaque-type-resolution onstruct, class, or
union—for example, struct MyType *—that is used in one
source file although the full declaration of struct MyType is in
another source file. The default is on.
A change in the setting of this subcommand will not take effect until
the next time symbols for a file are loaded.
set opaque-type-resolution off {<no data fields>}
show opaque-type-resolutionmaint print symbols filenamemaint print psymbols filenamemaint print msymbols filenameinfo sources to find out which files these are. If you
use `maint print psymbols' instead, the dump shows information about
symbols that gdb only knows partially—that is, symbols defined in
files that gdb has skimmed, but not yet read completely. Finally,
`maint print msymbols' dumps just the minimal symbol information
required for each object file from which gdb has read some symbols.
See Commands to Specify Files, for a discussion of how
gdb reads symbols (in the description of symbol-file).
maint info symtabs [ regexp ]maint info psymtabs [ regexp ]struct symtab or struct partial_symtab
structures whose names match regexp. If regexp is not
given, list them all. The output includes expressions which you can
copy into a gdb debugging this one to examine a particular
structure in more detail. For example:
(gdb) maint info psymtabs dwarf2read
{ objfile /home/gnu/build/gdb/gdb
((struct objfile *) 0x82e69d0)
{ psymtab /home/gnu/src/gdb/dwarf2read.c
((struct partial_symtab *) 0x8474b10)
readin no
fullname (null)
text addresses 0x814d3c8 -- 0x8158074
globals (* (struct partial_symbol **) 0x8507a08 @ 9)
statics (* (struct partial_symbol **) 0x40e95b78 @ 2882)
dependencies (none)
}
}
(gdb) maint info symtabs
(gdb)
We see that there is one partial symbol table whose filename contains the string `dwarf2read', belonging to the `gdb' executable; and we see that gdb has not read in any symtabs yet at all. If we set a breakpoint on a function, that will cause gdb to read the symtab for the compilation unit containing that function:
(gdb) break dwarf2_psymtab_to_symtab
Breakpoint 1 at 0x814e5da: file /home/gnu/src/gdb/dwarf2read.c,
line 1574.
(gdb) maint info symtabs
{ objfile /home/gnu/build/gdb/gdb
((struct objfile *) 0x82e69d0)
{ symtab /home/gnu/src/gdb/dwarf2read.c
((struct symtab *) 0x86c1f38)
dirname (null)
fullname (null)
blockvector ((struct blockvector *) 0x86c1bd0) (primary)
linetable ((struct linetable *) 0x8370fa0)
debugformat DWARF 2
}
}
(gdb)
Once you think you have found an error in your program, you might want to find out for certain whether correcting the apparent error would lead to correct results in the rest of the run. You can find the answer by experiment, using the gdb features for altering execution of the program.
For example, you can store new values into variables or memory locations, give your program a signal, restart it at a different address, or even return prematurely from a function.
To alter the value of a variable, evaluate an assignment expression. See Expressions. For example,
print x=4
stores the value 4 into the variable x, and then prints the
value of the assignment expression (which is 4).
See Using gdb with Different Languages, for more
information on operators in supported languages.
If you are not interested in seeing the value of the assignment, use the
set command instead of the print command. set is
really the same as print except that the expression's value is
not printed and is not put in the value history (see Value History). The expression is evaluated only for its effects.
If the beginning of the argument string of the set command
appears identical to a set subcommand, use the set
variable command instead of just set. This command is identical
to set except for its lack of subcommands. For example, if your
program has a variable width, you get an error if you try to set
a new value with just `set width=13', because gdb has the
command set width:
(gdb) whatis width
type = double
(gdb) p width
$4 = 13
(gdb) set width=47
Invalid syntax in expression.
The invalid expression, of course, is `=47'. In
order to actually set the program's variable width, use
(gdb) set var width=47
Because the set command has many subcommands that can conflict
with the names of program variables, it is a good idea to use the
set variable command instead of just set. For example, if
your program has a variable g, you run into problems if you try
to set a new value with just `set g=4', because gdb has
the command set gnutarget, abbreviated set g:
(gdb) whatis g
type = double
(gdb) p g
$1 = 1
(gdb) set g=4
(gdb) p g
$2 = 1
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/smith/cc_progs/a.out
"/home/smith/cc_progs/a.out": can't open to read symbols:
Invalid bfd target.
(gdb) show g
The current BFD target is "=4".
The program variable g did not change, and you silently set the
gnutarget to an invalid value. In order to set the variable
g, use
(gdb) set var g=4
gdb allows more implicit conversions in assignments than C; you can freely store an integer value into a pointer variable or vice versa, and you can convert any structure to any other structure that is the same length or shorter.
To store values into arbitrary places in memory, use the `{...}'
construct to generate a value of specified type at a specified address
(see Expressions). For example, {int}0x83040 refers
to memory location 0x83040 as an integer (which implies a certain size
and representation in memory), and
set {int}0x83040 = 4
stores the value 4 into that memory location.
Ordinarily, when you continue your program, you do so at the place where
it stopped, with the continue command. You can instead continue at
an address of your own choosing, with the following commands:
jump linespecjump locationtbreak command in conjunction with
jump. See Setting Breakpoints.
The jump command does not change the current stack frame, or
the stack pointer, or the contents of any memory location or any
register other than the program counter. If line linespec is in
a different function from the one currently executing, the results may
be bizarre if the two functions expect different patterns of arguments or
of local variables. For this reason, the jump command requests
confirmation if the specified line is not in the function currently
executing. However, even bizarre results are predictable if you are
well acquainted with the machine-language code of your program.
On many systems, you can get much the same effect as the jump
command by storing a new value into the register $pc. The
difference is that this does not start your program running; it only
changes the address of where it will run when you continue. For
example,
set $pc = 0x485
makes the next continue command or stepping command execute at
address 0x485, rather than at the address where your program stopped.
See Continuing and Stepping.
The most common occasion to use the jump command is to back
up—perhaps with more breakpoints set—over a portion of a program
that has already executed, in order to examine its execution in more
detail.
signal signalsignal 2 and signal
SIGINT are both ways of sending an interrupt signal.
Alternatively, if signal is zero, continue execution without
giving a signal. This is useful when your program stopped on account of
a signal and would ordinary see the signal when resumed with the
continue command; `signal 0' causes it to resume without a
signal.
signal does not repeat when you press <RET> a second time
after executing the command.
Invoking the signal command is not the same as invoking the
kill utility from the shell. Sending a signal with kill
causes gdb to decide what to do with the signal depending on
the signal handling tables (see Signals). The signal command
passes the signal directly to your program.
returnreturn expressionreturn
command. If you give an
expression argument, its value is used as the function's return
value.
When you use return, gdb discards the selected stack frame
(and all frames within it). You can think of this as making the
discarded frame return prematurely. If you wish to specify a value to
be returned, give that value as the argument to return.
This pops the selected stack frame (see Selecting a Frame), and any other frames inside of it, leaving its caller as the innermost remaining frame. That frame becomes selected. The specified value is stored in the registers used for returning values of functions.
The return command does not resume execution; it leaves the
program stopped in the state that would exist if the function had just
returned. In contrast, the finish command (see Continuing and Stepping) resumes execution until the
selected stack frame returns naturally.
gdb needs to know how the expression argument should be set for
the inferior. The concrete registers assignment depends on the OS ABI and the
type being returned by the selected stack frame. For example it is common for
OS ABI to return floating point values in FPU registers while integer values in
CPU registers. Still some ABIs return even floating point values in CPU
registers. Larger integer widths (such as long long int) also have
specific placement rules. gdb already knows the OS ABI from its
current target so it needs to find out also the type being returned to make the
assignment into the right register(s).
Normally, the selected stack frame has debug info. gdb will always
use the debug info instead of the implicit type of expression when the
debug info is available. For example, if you type return -1, and the
function in the current stack frame is declared to return a long long
int, gdb transparently converts the implicit int value of -1
into a long long int:
Breakpoint 1, func () at gdb.base/return-nodebug.c:29
29 return 31;
(gdb) return -1
Make func return now? (y or n) y
#0 0x004004f6 in main () at gdb.base/return-nodebug.c:43
43 printf ("result=%lld\n", func ());
(gdb)
However, if the selected stack frame does not have a debug info, e.g., if the
function was compiled without debug info, gdb has to find out the type
to return from user. Specifying a different type by mistake may set the value
in different inferior registers than the caller code expects. For example,
typing return -1 with its implicit type int would set only a part
of a long long int result for a debug info less function (on 32-bit
architectures). Therefore the user is required to specify the return type by
an appropriate cast explicitly:
Breakpoint 2, 0x0040050b in func ()
(gdb) return -1
Return value type not available for selected stack frame.
Please use an explicit cast of the value to return.
(gdb) return (long long int) -1
Make selected stack frame return now? (y or n) y
#0 0x00400526 in main ()
(gdb)
print exprcall exprvoid
returned values.
You can use this variant of the print command if you want to
execute a function from your program that does not return anything
(a.k.a. a void function), but without cluttering the output
with void returned values that gdb will otherwise
print. If the result is not void, it is printed and saved in the
value history.
It is possible for the function you call via the print or
call command to generate a signal (e.g., if there's a bug in
the function, or if you passed it incorrect arguments). What happens
in that case is controlled by the set unwindonsignal command.
Similarly, with a C++ program it is possible for the function you
call via the print or call command to generate an
exception that is not handled due to the constraints of the dummy
frame. In this case, any exception that is raised in the frame, but has
an out-of-frame exception handler will not be found. GDB builds a
dummy-frame for the inferior function call, and the unwinder cannot
seek for exception handlers outside of this dummy-frame. What happens
in that case is controlled by the
set unwind-on-terminating-exception command.
set unwindonsignalshow unwindonsignalset unwind-on-terminating-exceptionshow unwind-on-terminating-exceptionSometimes, a function you wish to call is actually a weak alias for another function. In such case, gdb might not pick up the type information, including the types of the function arguments, which causes gdb to call the inferior function incorrectly. As a result, the called function will function erroneously and may even crash. A solution to that is to use the name of the aliased function instead.
By default, gdb opens the file containing your program's executable code (or the corefile) read-only. This prevents accidental alterations to machine code; but it also prevents you from intentionally patching your program's binary.
If you'd like to be able to patch the binary, you can specify that
explicitly with the set write command. For example, you might
want to turn on internal debugging flags, or even to make emergency
repairs.
set write onset write offIf you have already loaded a file, you must load it again (using the
exec-file or core-file command) after changing set
write, for your new setting to take effect.
show writegdb needs to know the file name of the program to be debugged, both in order to read its symbol table and in order to start your program. To debug a core dump of a previous run, you must also tell gdb the name of the core dump file.
You may want to specify executable and core dump file names. The usual way to do this is at start-up time, using the arguments to gdb's start-up commands (see Getting In and Out of gdb).
Occasionally it is necessary to change to a different file during a
gdb session. Or you may run gdb and forget to
specify a file you want to use. Or you are debugging a remote target
via gdbserver (see file). In these situations the gdb commands to specify
new files are useful.
file filenamerun command. If you do not specify a
directory and the file is not found in the gdb working directory,
gdb uses the environment variable PATH as a list of
directories to search, just as the shell does when looking for a program
to run. You can change the value of this variable, for both gdb
and your program, using the path command.
You can load unlinked object .o files into gdb using
the file command. You will not be able to “run” an object
file, but you can disassemble functions and inspect variables. Also,
if the underlying BFD functionality supports it, you could use
gdb -write to patch object files using this technique. Note
that gdb can neither interpret nor modify relocations in this
case, so branches and some initialized variables will appear to go to
the wrong place. But this feature is still handy from time to time.
filefile with no argument makes gdb discard any information it
has on both executable file and the symbol table.
exec-file [ filename ]PATH
if necessary to locate your program. Omitting filename means to
discard information on the executable file.
symbol-file [ filename ]PATH is
searched when necessary. Use the file command to get both symbol
table and program to run from the same file.
symbol-file with no argument clears out gdb information on your
program's symbol table.
The symbol-file command causes gdb to forget the contents of
some breakpoints and auto-display expressions. This is because they may
contain pointers to the internal data recording symbols and data types,
which are part of the old symbol table data being discarded inside
gdb.
symbol-file does not repeat if you press <RET> again after
executing it once.
When gdb is configured for a particular environment, it understands debugging information in whatever format is the standard generated for that environment; you may use either a gnu compiler, or other compilers that adhere to the local conventions. Best results are usually obtained from gnu compilers; for example, using gcc you can generate debugging information for optimized code.
For most kinds of object files, with the exception of old SVR3 systems
using COFF, the symbol-file command does not normally read the
symbol table in full right away. Instead, it scans the symbol table
quickly to find which source files and which symbols are present. The
details are read later, one source file at a time, as they are needed.
The purpose of this two-stage reading strategy is to make gdb
start up faster. For the most part, it is invisible except for
occasional pauses while the symbol table details for a particular source
file are being read. (The set verbose command can turn these
pauses into messages if desired. See Optional Warnings and Messages.)
We have not implemented the two-stage strategy for COFF yet. When the
symbol table is stored in COFF format, symbol-file reads the
symbol table data in full right away. Note that “stabs-in-COFF”
still does the two-stage strategy, since the debug info is actually
in stabs format.
symbol-file filename [ -readnow ]file filename [ -readnow ]core-file [filename]corecore-file with no argument specifies that no core file is
to be used.
Note that the core file is ignored when your program is actually running
under gdb. So, if you have been running your program and you
wish to debug a core file instead, you must kill the subprocess in which
the program is running. To do this, use the kill command
(see Killing the Child Process).
add-symbol-file filename addressadd-symbol-file filename address [ -readnow ]add-symbol-file filename -ssection address ...add-symbol-file command reads additional symbol table
information from the file filename. You would use this command
when filename has been dynamically loaded (by some other means)
into the program that is running. address should be the memory
address at which the file has been loaded; gdb cannot figure
this out for itself. You can additionally specify an arbitrary number
of `-ssection address' pairs, to give an explicit
section name and base address for that section. You can specify any
address as an expression.
The symbol table of the file filename is added to the symbol table
originally read with the symbol-file command. You can use the
add-symbol-file command any number of times; the new symbol data
thus read keeps adding to the old. To discard all old symbol data
instead, use the symbol-file command without any arguments.
Although filename is typically a shared library file, an executable file, or some other object file which has been fully relocated for loading into a process, you can also load symbolic information from relocatable .o files, as long as:
add-symbol-file command.
Some embedded operating systems, like Sun Chorus and VxWorks, can load
relocatable files into an already running program; such systems
typically make the requirements above easy to meet. However, it's
important to recognize that many native systems use complex link
procedures (.linkonce section factoring and C++ constructor table
assembly, for example) that make the requirements difficult to meet. In
general, one cannot assume that using add-symbol-file to read a
relocatable object file's symbolic information will have the same effect
as linking the relocatable object file into the program in the normal
way.
add-symbol-file does not repeat if you press <RET> after using it.
add-symbol-file-from-memory addresssyscall DSO into each
process's address space; this DSO provides kernel-specific code for
some system calls. The argument can be any expression whose
evaluation yields the address of the file's shared object file header.
For this command to work, you must have used symbol-file or
exec-file commands in advance.
add-shared-symbol-files library-fileassf library-fileadd-shared-symbol-files command can currently be used only
in the Cygwin build of gdb on MS-Windows OS, where it is an
alias for the dll-symbols command (see Cygwin Native).
gdb automatically looks for shared libraries, however if
gdb does not find yours, you can invoke
add-shared-symbol-files. It takes one argument: the shared
library's file name. assf is a shorthand alias for
add-shared-symbol-files.
section section addrsection command changes the base address of the named
section of the exec file to addr. This can be used if the
exec file does not contain section addresses, (such as in the
a.out format), or when the addresses specified in the file
itself are wrong. Each section must be changed separately. The
info files command, described below, lists all the sections and
their addresses.
info filesinfo targetinfo files and info target are synonymous; both print the
current target (see Specifying a Debugging Target),
including the names of the executable and core dump files currently in
use by gdb, and the files from which symbols were loaded. The
command help target lists all possible targets rather than
current ones.
maint info sectionsmaint info sections. In addition to the section information
displayed by info files, this command displays the flags and file
offset of each section in the executable and core dump files. In addition,
maint info sections provides the following command options (which
may be arbitrarily combined):
ALLOBJALLOCLOAD.bss sections.
RELOCREADONLYCODEDATAROMCONSTRUCTORHAS_CONTENTSNEVER_LOADCOFF_SHARED_LIBRARYIS_COMMONset trust-readonly-sections onThe default is off.
set trust-readonly-sections offshow trust-readonly-sectionsAll file-specifying commands allow both absolute and relative file names as arguments. gdb always converts the file name to an absolute file name and remembers it that way.
gdb supports gnu/Linux, MS-Windows, HP-UX, SunOS, SVr4, Irix, and IBM RS/6000 AIX shared libraries.
On MS-Windows gdb must be linked with the Expat library to support shared libraries. See Expat.
gdb automatically loads symbol definitions from shared libraries
when you use the run command, or when you examine a core file.
(Before you issue the run command, gdb does not understand
references to a function in a shared library, however—unless you are
debugging a core file).
On HP-UX, if the program loads a library explicitly, gdb
automatically loads the symbols at the time of the shl_load call.
There are times, however, when you may wish to not automatically load symbol definitions from shared libraries, such as when they are particularly large or there are many of them.
To control the automatic loading of shared library symbols, use the commands:
set auto-solib-add modeon, symbols from all shared object libraries
will be loaded automatically when the inferior begins execution, you
attach to an independently started inferior, or when the dynamic linker
informs gdb that a new library has been loaded. If mode
is off, symbols must be loaded manually, using the
sharedlibrary command. The default value is on.
If your program uses lots of shared libraries with debug info that takes large amounts of memory, you can decrease the gdb memory footprint by preventing it from automatically loading the symbols from shared libraries. To that end, type set auto-solib-add off before running the inferior, then load each library whose debug symbols you do need with sharedlibrary regexp, where regexp is a regular expression that matches the libraries whose symbols you want to be loaded.
show auto-solib-addTo explicitly load shared library symbols, use the sharedlibrary
command:
info share regexinfo sharedlibrary regexsharedlibrary regexshare regexrun. If
regex is omitted all shared libraries required by your program are
loaded.
nosharedlibrarySometimes you may wish that gdb stops and gives you control
when any of shared library events happen. Use the set
stop-on-solib-events command for this:
set stop-on-solib-eventsshow stop-on-solib-eventsShared libraries are also supported in many cross or remote debugging configurations. gdb needs to have access to the target's libraries; this can be accomplished either by providing copies of the libraries on the host system, or by asking gdb to automatically retrieve the libraries from the target. If copies of the target libraries are provided, they need to be the same as the target libraries, although the copies on the target can be stripped as long as the copies on the host are not.
For remote debugging, you need to tell gdb where the target libraries are, so that it can load the correct copies—otherwise, it may try to load the host's libraries. gdb has two variables to specify the search directories for target libraries.
set sysroot pathset sysroot to find shared
libraries, they need to be laid out in the same way that they are on
the target, with e.g. a /lib and /usr/lib hierarchy
under path.
If path starts with the sequence remote:, gdb will
retrieve the target libraries from the remote system. This is only
supported when using a remote target that supports the remote get
command (see Sending files to a remote system).
The part of path following the initial remote:
(if present) is used as system root prefix on the remote file system.
12
The set solib-absolute-prefix command is an alias for set
sysroot.
You can set the default system root by using the configure-time `--with-sysroot' option. If the system root is inside gdb's configured binary prefix (set with `--prefix' or `--exec-prefix'), then the default system root will be updated automatically if the installed gdb is moved to a new location.
show sysrootset solib-search-path pathshow solib-search-pathgdb allows you to put a program's debugging information in a file separate from the executable itself, in a way that allows gdb to find and load the debugging information automatically. Since debugging information can be very large—sometimes larger than the executable code itself—some systems distribute debugging information for their executables in separate files, which users can install only when they need to debug a problem.
gdb supports two ways of specifying the separate debug info file:
Depending on the way the debug info file is specified, gdb uses two different methods of looking for the debug file:
So, for example, suppose you ask gdb to debug
/usr/bin/ls, which has a debug link that specifies the
file ls.debug, and a build ID whose value in hex is
abcdef1234. If the global debug directory is
/usr/lib/debug, then gdb will look for the following
debug information files, in the indicated order:
You can set the global debugging info directory's name, and view the name gdb is currently using.
set debug-file-directory directoryshow debug-file-directoryA debug link is a special section of the executable file named
.gnu_debuglink. The section must contain:
Any executable file format can carry a debug link, as long as it can
contain a section named .gnu_debuglink with the contents
described above.
The build ID is a special section in the executable file (and in other
ELF binary files that gdb may consider). This section is
often named .note.gnu.build-id, but that name is not mandatory.
It contains unique identification for the built files—the ID remains
the same across multiple builds of the same build tree. The default
algorithm SHA1 produces 160 bits (40 hexadecimal characters) of the
content for the build ID string. The same section with an identical
value is present in the original built binary with symbols, in its
stripped variant, and in the separate debugging information file.
The debugging information file itself should be an ordinary
executable, containing a full set of linker symbols, sections, and
debugging information. The sections of the debugging information file
should have the same names, addresses, and sizes as the original file,
but they need not contain any data—much like a .bss section
in an ordinary executable.
The gnu binary utilities (Binutils) package includes the `objcopy' utility that can produce the separated executable / debugging information file pairs using the following commands:
objcopy --only-keep-debug foo foo.debug
strip -g foo
These commands remove the debugging information from the executable file foo and place it in the file foo.debug. You can use the first, second or both methods to link the two files:
objcopy --add-gnu-debuglink=foo.debug foo
Ulrich Drepper's elfutils package, starting with version 0.53, contains
a version of the strip command such that the command strip foo -f
foo.debug has the same functionality as the two objcopy commands and
the ln -s command above, together.
ld --build-id or
the gcc counterpart gcc -Wl,--build-id. Build ID support plus
compatibility fixes for debug files separation are present in gnu binary
utilities (Binutils) package since version 2.18.
The CRC used in .gnu_debuglink is the CRC-32 defined in
IEEE 802.3 using the polynomial:
x32 + x26 + x23 + x22 + x16 + x12 + x11
+ x10 + x8 + x7 + x5 + x4 + x2 + x + 1
The function is computed byte at a time, taking the least
significant bit of each byte first. The initial pattern
0xffffffff is used, to ensure leading zeros affect the CRC and
the final result is inverted to ensure trailing zeros also affect the
CRC.
Note: This is the same CRC polynomial as used in handling the
Remote Serial Protocol qCRC packet (see gdb Remote Serial Protocol). However in the
case of the Remote Serial Protocol, the CRC is computed most
significant bit first, and the result is not inverted, so trailing
zeros have no effect on the CRC value.
To complete the description, we show below the code of the function
which produces the CRC used in .gnu_debuglink. Inverting the
initially supplied crc argument means that an initial call to
this function passing in zero will start computing the CRC using
0xffffffff.
unsigned long
gnu_debuglink_crc32 (unsigned long crc,
unsigned char *buf, size_t len)
{
static const unsigned long crc32_table[256] =
{
0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef,
0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31,
0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c,
0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b,
0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1,
0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278,
0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7,
0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66,
0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605,
0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8,
0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b,
0x2d02ef8d
};
unsigned char *end;
crc = ~crc & 0xffffffff;
for (end = buf + len; buf < end; ++buf)
crc = crc32_table[(crc ^ *buf) & 0xff] ^ (crc >> 8);
return ~crc & 0xffffffff;
}
This computation does not apply to the “build ID” method.
While reading a symbol file, gdb occasionally encounters problems,
such as symbol types it does not recognize, or known bugs in compiler
output. By default, gdb does not notify you of such problems, since
they are relatively common and primarily of interest to people
debugging compilers. If you are interested in seeing information
about ill-constructed symbol tables, you can either ask gdb to print
only one message about each such type of problem, no matter how many
times the problem occurs; or you can ask gdb to print more messages,
to see how many times the problems occur, with the set
complaints command (see Optional Warnings and Messages).
The messages currently printed, and their meanings, include:
inner block not inside outer block in symbolgdb circumvents the problem by treating the inner block as if it had
the same scope as the outer block. In the error message, symbol
may be shown as “(don't know)” if the outer block is not a
function.
block at address out of ordergdb does not circumvent this problem, and has trouble
locating symbols in the source file whose symbols it is reading. (You
can often determine what source file is affected by specifying
set verbose on. See Optional Warnings and Messages.)
bad block start address patchedgdb circumvents the problem by treating the symbol scope block as
starting on the previous source line.
bad string table offset in symbol ngdb circumvents the problem by considering the symbol to have the
name foo, which may cause other problems if many symbols end up
with this name.
unknown symbol type 0xnn0xnn is the symbol type of the
uncomprehended information, in hexadecimal.
gdb circumvents the error by ignoring this symbol information.
This usually allows you to debug your program, though certain symbols
are not accessible. If you encounter such a problem and feel like
debugging it, you can debug gdb with itself, breakpoint
on complain, then go up to the function read_dbx_symtab
and examine *bufp to see the symbol.
stub type has NULL nameconst/volatile indicator missing (ok if using g++ v1.x), got...info mismatch between compiler and debuggergdb will sometimes read an auxiliary data file. These files are kept in a directory known as the data directory.
You can set the data directory's name, and view the name gdb is currently using.
set data-directory directoryshow data-directoryYou can set the default data directory by using the configure-time `--with-gdb-datadir' option. If the data directory is inside gdb's configured binary prefix (set with `--prefix' or `--exec-prefix'), then the default data directory will be updated automatically if the installed gdb is moved to a new location.
A target is the execution environment occupied by your program.
Often, gdb runs in the same host environment as your program;
in that case, the debugging target is specified as a side effect when
you use the file or core commands. When you need more
flexibility—for example, running gdb on a physically separate
host, or controlling a standalone system over a serial port or a
realtime system over a TCP/IP connection—you can use the target
command to specify one of the target types configured for gdb
(see Commands for Managing Targets).
It is possible to build gdb for several different target architectures. When gdb is built like that, you can choose one of the available architectures with the set architecture command.
set architecture arch"auto", in addition to one of the
supported architectures.
show architectureset processorprocessorset architecture
and show architecture.
There are three classes of targets: processes, core files, and executable files. gdb can work concurrently on up to three active targets, one in each class. This allows you to (for example) start a process and inspect its activity without abandoning your work on a core file.
For example, if you execute `gdb a.out', then the executable file
a.out is the only active target. If you designate a core file as
well—presumably from a prior run that crashed and coredumped—then
gdb has two active targets and uses them in tandem, looking
first in the corefile target, then in the executable file, to satisfy
requests for memory addresses. (Typically, these two classes of target
are complementary, since core files contain only a program's
read-write memory—variables and so on—plus machine status, while
executable files contain only the program text and initialized data.)
When you type run, your executable file becomes an active process
target as well. When a process target is active, all gdb
commands requesting memory addresses refer to that target; addresses in
an active core file or executable file target are obscured while the
process target is active.
Use the core-file and exec-file commands to select a new
core file or executable target (see Commands to Specify Files). To specify as a target a process that is already running, use
the attach command (see Debugging an Already-running Process).
target type parametersFurther parameters are interpreted by the target protocol, but typically include things like device names or host names to connect with, process numbers, and baud rates.
The target command does not repeat if you press <RET> again
after executing the command.
help targetinfo target or info files
(see Commands to Specify Files).
help target nameset gnutarget argsset gnutarget command. Unlike most target commands,
with gnutarget the target refers to a program, not a machine.
Warning: To specify a file format with set gnutarget,
you must know the actual BFD name.
show gnutargetshow gnutarget command to display what file format
gnutarget is set to read. If you have not set gnutarget,
gdb will determine the file format for each file automatically,
and show gnutarget displays `The current BDF target is "auto"'.
Here are some common targets (available, or not, depending on the GDB configuration):
target exec programtarget core filenametarget remote mediumFor example, if you have a board connected to /dev/ttya on the machine running gdb, you could say:
target remote /dev/ttya
target remote supports the load command. This is only
useful if you have some other way of getting the stub to the target
system, and you can put it somewhere in memory where it won't get
clobbered by the download.
target sim target sim
load
run
works; however, you cannot assume that a specific memory map, device drivers, or even basic I/O is available, although some simulators do provide these. For info about any processor-specific simulator details, see the appropriate section in Embedded Processors.
Some configurations may include these targets as well:
target nrom devDifferent targets are available on different configurations of gdb; your configuration may have more or fewer targets.
Many remote targets require you to download the executable's code once you've successfully established a connection. You may wish to control various aspects of this process.
set hashshow hashset debug monitorshow debug monitorload filenameload command may be available. Where it exists, it
is meant to make filename (an executable) available for debugging
on the remote system—by downloading, or dynamic linking, for example.
load also records the filename symbol table in gdb, like
the add-symbol-file command.
If your gdb does not have a load command, attempting to
execute it gets the error message “You can't do that when your
target is ...”
The file is loaded at whatever address is specified in the executable. For some object file formats, you can specify the load address when you link the program; for other formats, like a.out, the object file format specifies a fixed address.
Depending on the remote side capabilities, gdb may be able to load programs into flash memory.
load does not repeat if you press <RET> again after using it.
Some types of processors, such as the MIPS, PowerPC, and Renesas SH, offer the ability to run either big-endian or little-endian byte orders. Usually the executable or symbol will include a bit to designate the endian-ness, and you will not need to worry about which to use. However, you may still find it useful to adjust gdb's idea of processor endian-ness manually.
set endian bigset endian littleset endian autoshow endianNote that these commands merely adjust interpretation of symbolic data on the host, and that they have absolutely no effect on the target system.
If you are trying to debug a program running on a machine that cannot run gdb in the usual way, it is often useful to use remote debugging. For example, you might use remote debugging on an operating system kernel, or on a small system which does not have a general purpose operating system powerful enough to run a full-featured debugger.
Some configurations of gdb have special serial or TCP/IP interfaces to make this work with particular debugging targets. In addition, gdb comes with a generic serial protocol (specific to gdb, but not specific to any particular target system) which you can use if you write the remote stubs—the code that runs on the remote system to communicate with gdb.
Other remote targets may be available in your
configuration of gdb; use help target to list them.
On the gdb host machine, you will need an unstripped copy of your program, since gdb needs symbol and debugging information. Start up gdb as usual, using the name of the local copy of your program as the first argument.
gdb can communicate with the target over a serial line, or
over an IP network using TCP or UDP. In
each case, gdb uses the same protocol for debugging your
program; only the medium carrying the debugging packets varies. The
target remote command establishes a connection to the target.
Its arguments indicate which medium to use:
target remote serial-device target remote /dev/ttyb
If you're using a serial line, you may want to give gdb the
`--baud' option, or use the set remotebaud command
(see set remotebaud) before the
target command.
target remote host:porttarget remote tcp:host:portFor example, to connect to port 2828 on a terminal server named
manyfarms:
target remote manyfarms:2828
If your remote target is actually running on the same machine as your debugger session (e.g. a simulator for your target running on the same host), you can omit the hostname. For example, to connect to port 1234 on your local machine:
target remote :1234
Note that the colon is still required here.
target remote udp:host:portmanyfarms:
target remote udp:manyfarms:2828
When using a UDP connection for remote debugging, you should
keep in mind that the `U' stands for “Unreliable”. UDP
can silently drop packets on busy or unreliable networks, which will
cause havoc with your debugging session.
target remote | command/bin/sh; it should expect remote
protocol packets on its standard input, and send replies on its
standard output. You could use this to run a stand-alone simulator
that speaks the remote debugging protocol, to make net connections
using programs like ssh, or for other similar tricks.
If command closes its standard output (perhaps by exiting),
gdb will try to send it a SIGTERM signal. (If the
program has already exited, this will have no effect.)
Once the connection has been established, you can use all the usual commands to examine and change data. The remote program is already running; you can use step and continue, and you do not need to use run.
Whenever gdb is waiting for the remote program, if you type the interrupt character (often Ctrl-c), gdb attempts to stop the program. This may or may not succeed, depending in part on the hardware and the serial drivers the remote system uses. If you type the interrupt character once again, gdb displays this prompt:
Interrupted while waiting for the program.
Give up (and stop debugging it)? (y or n)
If you type y, gdb abandons the remote debugging session. (If you decide you want to try again later, you can use `target remote' again to connect once more.) If you type n, gdb goes back to waiting.
detachdetach command to release it from gdb control.
Detaching from the target normally resumes its execution, but the results
will depend on your particular remote stub. After the detach
command, gdb is free to connect to another target.
disconnectdisconnect command behaves like detach, except that
the target is generally not resumed. It will wait for gdb
(this instance or another one) to connect and continue debugging. After
the disconnect command, gdb is again free to connect to
another target.
monitor cmd
Some remote targets offer the ability to transfer files over the same
connection used to communicate with gdb. This is convenient
for targets accessible through other means, e.g. gnu/Linux systems
running gdbserver over a network interface. For other targets,
e.g. embedded devices with only a single serial port, this may be
the only way to upload or download files.
Not all remote targets support these commands.
remote put hostfile targetfileremote get targetfile hostfileremote delete targetfilegdbserver Programgdbserver is a control program for Unix-like systems, which
allows you to connect your program with a remote gdb via
target remote—but without linking in the usual debugging stub.
gdbserver is not a complete replacement for the debugging stubs,
because it requires essentially the same operating-system facilities
that gdb itself does. In fact, a system that can run
gdbserver to connect to a remote gdb could also run
gdb locally! gdbserver is sometimes useful nevertheless,
because it is a much smaller program than gdb itself. It is
also easier to port than all of gdb, so you may be able to get
started more quickly on a new system by using gdbserver.
Finally, if you develop code for real-time systems, you may find that
the tradeoffs involved in real-time operation make it more convenient to
do as much development work as possible on another system, for example
by cross-compiling. You can use gdbserver to make a similar
choice for debugging.
gdb and gdbserver communicate via either a serial line
or a TCP connection, using the standard gdb remote serial
protocol.
Warning:gdbserverdoes not have any built-in security. Do not rungdbserverconnected to any public network; a gdb connection togdbserverprovides access to the target system with the same privileges as the user runninggdbserver.
gdbserver
Run gdbserver on the target system. You need a copy of the
program you want to debug, including any libraries it requires.
gdbserver does not need your program's symbol table, so you can
strip the program if necessary to save space. gdb on the host
system does all the symbol handling.
To use the server, you must tell it how to communicate with gdb; the name of your program; and the arguments for your program. The usual syntax is:
target> gdbserver comm program [ args ... ]
comm is either a device name (to use a serial line) or a TCP hostname and portnumber. For example, to debug Emacs with the argument `foo.txt' and communicate with gdb over the serial port /dev/com1:
target> gdbserver /dev/com1 emacs foo.txt
gdbserver waits passively for the host gdb to communicate
with it.
To use a TCP connection instead of a serial line:
target> gdbserver host:2345 emacs foo.txt
The only difference from the previous example is the first argument,
specifying that you are communicating with the host gdb via
TCP. The `host:2345' argument means that gdbserver is to
expect a TCP connection from machine `host' to local TCP port 2345.
(Currently, the `host' part is ignored.) You can choose any number
you want for the port number as long as it does not conflict with any
TCP ports already in use on the target system (for example, 23 is
reserved for telnet).13 You must use the same port number with the host gdb
target remote command.
On some targets, gdbserver can also attach to running programs.
This is accomplished via the --attach argument. The syntax is:
target> gdbserver --attach comm pid
pid is the process ID of a currently running process. It isn't necessary
to point gdbserver at a binary for the running process.
You can debug processes by name instead of process ID if your target has the
pidof utility:
target> gdbserver --attach comm `pidof program`
In case more than one copy of program is running, or program
has multiple threads, most versions of pidof support the
-s option to only return the first process ID.
gdbserver
When you connect to gdbserver using target remote,
gdbserver debugs the specified program only once. When the
program exits, or you detach from it, gdb closes the connection
and gdbserver exits.
If you connect using target extended-remote, gdbserver
enters multi-process mode. When the debugged program exits, or you
detach from it, gdb stays connected to gdbserver even
though no program is running. The run and attach
commands instruct gdbserver to run or attach to a new program.
The run command uses set remote exec-file (see set remote exec-file) to select the program to run. Command line
arguments are supported, except for wildcard expansion and I/O
redirection (see Arguments).
To start gdbserver without supplying an initial command to run
or process ID to attach, use the --multi command line option.
Then you can connect using target extended-remote and start
the program you want to debug.
gdbserver does not automatically exit in multi-process mode.
You can terminate it by using monitor exit
(see Monitor Commands for gdbserver).
gdbserverThe --debug option tells gdbserver to display extra
status information about the debugging process. The
--remote-debug option tells gdbserver to display
remote protocol debug output. These options are intended for
gdbserver development and for bug reports to the developers.
The --wrapper option specifies a wrapper to launch programs for debugging. The option should be followed by the name of the wrapper, then any command-line arguments to pass to the wrapper, then -- indicating the end of the wrapper arguments.
gdbserver runs the specified wrapper program with a combined
command line including the wrapper arguments, then the name of the
program to debug, then any arguments to the program. The wrapper
runs until it executes your program, and then gdb gains control.
You can use any program that eventually calls execve with
its arguments as a wrapper. Several standard Unix utilities do
this, e.g. env and nohup. Any Unix shell script ending
with exec "$@" will also work.
For example, you can use env to pass an environment variable to
the debugged program, without setting the variable in gdbserver's
environment:
$ gdbserver --wrapper env LD_PRELOAD=libtest.so -- :2222 ./testprog
gdbserverRun gdb on the host system.
First make sure you have the necessary symbol files. Load symbols for
your application using the file command before you connect. Use
set sysroot to locate target libraries (unless your gdb
was compiled with the correct sysroot using --with-sysroot).
The symbol file and target libraries must exactly match the executable
and libraries on the target, with one exception: the files on the host
system should not be stripped, even if the files on the target system
are. Mismatched or missing files will lead to confusing results
during debugging. On gnu/Linux targets, mismatched or missing
files may also prevent gdbserver from debugging multi-threaded
programs.
Connect to your target (see Connecting to a Remote Target).
For TCP connections, you must start up gdbserver prior to using
the target remote command. Otherwise you may get an error whose
text depends on the host system, but which usually looks something like
`Connection refused'. Don't use the load
command in gdb when using gdbserver, since the program is
already on the target.
gdbserverDuring a gdb session using gdbserver, you can use the
monitor command to send special requests to gdbserver.
Here are the available commands.
monitor helpmonitor set debug 0monitor set debug 1monitor set remote-debug 0monitor set remote-debug 1monitor exitdisconnect to close the debugging session. gdbserver will
detach from any attached processes and kill any processes it created.
Use monitor exit to terminate gdbserver at the end
of a multi-process mode debug session.
This section documents the configuration options available when debugging remote programs. For the options related to the File I/O extensions of the remote protocol, see system-call-allowed.
set remoteaddresssize bitsshow remoteaddresssizeset remotebaud nshow remotebaudset remotebreakBREAK signal to the remote
when you type Ctrl-c to interrupt the program running
on the remote. If set to off, gdb sends the `Ctrl-C'
character instead. The default is off, since most remote systems
expect to see `Ctrl-C' as the interrupt signal.
show remotebreakBREAK or `Ctrl-C' to
interrupt the remote program.
set remoteflow onset remoteflow offRTS/CTS)
on the serial port used to communicate to the remote target.
show remoteflowset remotelogbase baseascii, octal, and hex. The default is
ascii.
show remotelogbaseset remotelogfile fileshow remotelogfile.set remotetimeout numshow remotetimeoutset remote hardware-watchpoint-limit limitset remote hardware-breakpoint-limit limitset remote exec-file filenameshow remote exec-filerun with target
extended-remote. This should be set to a filename valid on the
target system. If it is not set, the target will use a default
filename (e.g. the last program run).
set tcp auto-retry onset tcp connect-timeout.
set tcp auto-retry offshow tcp auto-retryset tcp connect-timeout secondsset tcp auto-retry on) and waiting for connections
that are merely slow to complete, and represents an approximate cumulative
value.
show tcp connect-timeoutThe gdb remote protocol autodetects the packets supported by your debugging stub. If you need to override the autodetection, you can use these commands to enable or disable individual packets. Each packet can be set to `on' (the remote target supports this packet), `off' (the remote target does not support this packet), or `auto' (detect remote target support for this packet). They all default to `auto'. For more information about each packet, see Remote Protocol.
During normal use, you should not have to use any of these commands. If you do, that may be a bug in your remote debugging stub, or a bug in gdb. You may want to report the problem to the gdb developers.
For each packet name, the command to enable or disable the
packet is set remote name-packet. The available settings
are:
| Command Name | Remote Packet | Related Features
|
fetch-register
| p
| info registers
|
set-register
| P
| set
|
binary-download
| X
| load, set
|
read-aux-vector
| qXfer:auxv:read
| info auxv
|
symbol-lookup
| qSymbol
| Detecting multiple threads
|
attach
| vAttach
| attach
|
verbose-resume
| vCont
| Stepping or resuming multiple threads
|
run
| vRun
| run
|
software-breakpoint
| Z0
| break
|
hardware-breakpoint
| Z1
| hbreak
|
write-watchpoint
| Z2
| watch
|
read-watchpoint
| Z3
| rwatch
|
access-watchpoint
| Z4
| awatch
|
target-features
| qXfer:features:read
| set architecture
|
library-info
| qXfer:libraries:read
| info sharedlibrary
|
memory-map
| qXfer:memory-map:read
| info mem
|
read-spu-object
| qXfer:spu:read
| info spu
|
write-spu-object
| qXfer:spu:write
| info spu
|
read-siginfo-object
| qXfer:siginfo:read
| print $_siginfo
|
write-siginfo-object
| qXfer:siginfo:write
| set $_siginfo
|
get-thread-local-
| qGetTLSAddr
| Displaying __thread variables
|
search-memory
| qSearch:memory
| find
|
supported-packets
| qSupported
| Remote communications parameters
|
pass-signals
| QPassSignals
| handle signal
|
hostio-close-packet
| vFile:close
| remote get, remote put
|
hostio-open-packet
| vFile:open
| remote get, remote put
|
hostio-pread-packet
| vFile:pread
| remote get, remote put
|
hostio-pwrite-packet
| vFile:pwrite
| remote get, remote put
|
hostio-unlink-packet
| vFile:unlink
| remote delete
|
noack-packet
| QStartNoAckMode
| Packet acknowledgment
|
osdata
| qXfer:osdata:read
| info os
|
query-attached
| qAttached
| Querying remote process attach state.
|
The stub files provided with gdb implement the target side of the communication protocol, and the gdb side is implemented in the gdb source file remote.c. Normally, you can simply allow these subroutines to communicate, and ignore the details. (If you're implementing your own stub file, you can still ignore the details: start with one of the existing stub files. sparc-stub.c is the best organized, and therefore the easiest to read.)
To debug a program running on another machine (the debugging target machine), you must first arrange for all the usual prerequisites for the program to run by itself. For example, for a C program, you need:
The next step is to arrange for your program to use a serial port to communicate with the machine where gdb is running (the host machine). In general terms, the scheme looks like this:
On certain remote targets, you can use an auxiliary program
gdbserver instead of linking a stub into your program.
See Using the gdbserver Program, for details.
The debugging stub is specific to the architecture of the remote machine; for example, use sparc-stub.c to debug programs on sparc boards.
These working remote stubs are distributed with gdb:
i386-stub.cm68k-stub.csh-stub.csparc-stub.csparcl-stub.cThe README file in the gdb distribution may list other recently added stubs.
The debugging stub for your architecture supplies these three subroutines:
set_debug_trapshandle_exception to run when your
program stops. You must call this subroutine explicitly near the
beginning of your program.
handle_exceptionhandle_exception to
run when a trap is triggered.
handle_exception takes control when your program stops during
execution (for example, on a breakpoint), and mediates communications
with gdb on the host machine. This is where the communications
protocol is implemented; handle_exception acts as the gdb
representative on the target machine. It begins by sending summary
information on the state of your program, then continues to execute,
retrieving and transmitting any information gdb needs, until you
execute a gdb command that makes your program resume; at that point,
handle_exception returns control to your own code on the target
machine.
breakpointhandle_exception—in effect, to gdb. On some machines,
simply receiving characters on the serial port may also trigger a trap;
again, in that situation, you don't need to call breakpoint from
your own program—simply running `target remote' from the host
gdb session gets control.
Call breakpoint if none of these is true, or if you simply want
to make certain your program stops at a predetermined point for the
start of your debugging session.
The debugging stubs that come with gdb are set up for a particular chip architecture, but they have no information about the rest of your debugging target machine.
First of all you need to tell the stub how to communicate with the serial port.
int getDebugChar()getchar for your target system; a
different name is used to allow you to distinguish the two if you wish.
void putDebugChar(int)putchar for your target system; a
different name is used to allow you to distinguish the two if you wish.
If you want gdb to be able to stop your program while it is
running, you need to use an interrupt-driven serial driver, and arrange
for it to stop when it receives a ^C (`\003', the control-C
character). That is the character which gdb uses to tell the
remote system to stop.
Getting the debugging target to return the proper status to gdb
probably requires changes to the standard stub; one quick and dirty way
is to just execute a breakpoint instruction (the “dirty” part is that
gdb reports a SIGTRAP instead of a SIGINT).
Other routines you need to supply are:
void exceptionHandler (int exception_number, void *exception_address)For the 386, exception_address should be installed as an interrupt
gate so that interrupts are masked while the handler runs. The gate
should be at privilege level 0 (the most privileged level). The
sparc and 68k stubs are able to mask interrupts themselves without
help from exceptionHandler.
void flush_i_cache()On target machines that have instruction caches, gdb requires this function to make certain that the state of your program is stable.
You must also make sure this library routine is available:
void *memset(void *, int, int)memset that sets an area of
memory to a known value. If you have one of the free versions of
libc.a, memset can be found there; otherwise, you must
either obtain it from your hardware manufacturer, or write your own.
If you do not use the GNU C compiler, you may need other standard library subroutines as well; this varies from one stub to another, but in general the stubs are likely to use any of the common library subroutines which gcc generates as inline code.
In summary, when your program is ready to debug, you must follow these steps.
getDebugChar,putDebugChar,flush_i_cache,memset,exceptionHandler.
set_debug_traps();
breakpoint();
exceptionHook. Normally you just use:
void (*exceptionHook)() = 0;
but if before calling set_debug_traps, you set it to point to a
function in your program, that function is called when
gdb continues after stopping on a trap (for example, bus
error). The function indicated by exceptionHook is called with
one parameter: an int which is the exception number.
While nearly all gdb commands are available for all native and cross versions of the debugger, there are some exceptions. This chapter describes things that are only available in certain configurations.
There are three major categories of configurations: native configurations, where the host and target are the same, embedded operating system configurations, which are usually the same for several different processor architectures, and bare embedded processors, which are quite different from each other.
This section describes details specific to particular native configurations.
On HP-UX systems, if you refer to a function or variable name that begins with a dollar sign, gdb searches for a user or system name first, before it searches for a convenience variable.
BSD-derived systems (FreeBSD/NetBSD/OpenBSD) have a kernel memory
interface that provides a uniform interface for accessing kernel virtual
memory images, including live systems and crash dumps. gdb
uses this interface to allow you to debug live kernels and kernel crash
dumps on many native BSD configurations. This is implemented as a
special kvm debugging target. For debugging a live system, load
the currently running kernel into gdb and connect to the
kvm target:
(gdb) target kvm
For debugging crash dumps, provide the file name of the crash dump as an argument:
(gdb) target kvm /var/crash/bsd.0
Once connected to the kvm target, the following commands are
available:
kvm pcbkvm proc
Many versions of SVR4 and compatible systems provide a facility called
`/proc' that can be used to examine the image of a running
process using file-system subroutines. If gdb is configured
for an operating system with this facility, the command info
proc is available to report information about the process running
your program, or about any process running on your system. info
proc works only on SVR4 systems that include the procfs code.
This includes, as of this writing, gnu/Linux, OSF/1 (Digital
Unix), Solaris, Irix, and Unixware, but not HP-UX, for example.
info procinfo proc process-idOn some systems, process-id can be of the form
`[pid]/tid' which specifies a certain thread ID
within a process. If the optional pid part is missing, it means
a thread from the process being debugged (the leading `/' still
needs to be present, or else gdb will interpret the number as
a process ID rather than a thread ID).
info proc mappingsinfo proc statinfo proc statusinfo proc allinfo proc subcommands.
set procfs-traceprocfs API calls.
show procfs-traceprocfs API call tracing.
set procfs-file fileprocfs API trace to the named
file. gdb appends the trace info to the previous
contents of the file. The default is to display the trace on the
standard output.
show procfs-fileprocfs API trace is written.
proc-trace-entryproc-trace-exitproc-untrace-entryproc-untrace-exitsyscall interface.
info pidlistinfo meminfodjgpp is a port of the gnu development tools to MS-DOS and MS-Windows. djgpp programs are 32-bit protected-mode programs that use the DPMI (DOS Protected-Mode Interface) API to run on top of real-mode DOS systems and their emulations.
gdb supports native debugging of djgpp programs, and defines a few commands specific to the djgpp port. This subsection describes those commands.
info dosinfo dos sysinfoinfo dos gdtinfo dos ldtinfo dos idtA typical djgpp program uses 3 segments: a code segment, a data segment (used for both data and the stack), and a DOS segment (which allows access to DOS/BIOS data structures and absolute addresses in conventional memory). However, the DPMI host will usually define additional segments in order to support the DPMI environment.
These commands allow to display entries from the descriptor tables. Without an argument, all entries from the specified table are displayed. An argument, which should be an integer expression, means display a single entry whose index is given by the argument. For example, here's a convenient way to display information about the debugged program's data segment:
(gdb) info dos ldt $ds
0x13f: base=0x11970000 limit=0x0009ffff 32-Bit Data (Read/Write, Exp-up)
This comes in handy when you want to see whether a pointer is outside the data segment's limit (i.e. garbled).
info dos pdeinfo dos pteWithout an argument, info dos pde displays the entire Page Directory, and info dos pte displays all the entries in all of the Page Tables. An argument, an integer expression, given to the info dos pde command means display only that entry from the Page Directory table. An argument given to the info dos pte command means display entries from a single Page Table, the one pointed to by the specified entry in the Page Directory.
These commands are useful when your program uses DMA (Direct Memory Access), which needs physical addresses to program the DMA controller.
These commands are supported only with some DPMI servers.
info dos address-pte addri is stored:
(gdb) info dos address-pte __djgpp_base_address + (char *)&i
Page Table entry for address 0x11a00d30:
Base=0x02698000 Dirty Acc. Not-Cached Write-Back Usr Read-Write +0xd30
This says that i is stored at offset 0xd30 from the page
whose physical base address is 0x02698000, and shows all the
attributes of that page.
Note that you must cast the addresses of variables to a char *,
since otherwise the value of __djgpp_base_address, the base
address of all variables and functions in a djgpp program, will
be added using the rules of C pointer arithmetics: if i is
declared an int, gdb will add 4 times the value of
__djgpp_base_address to the address of i.
Here's another example, it displays the Page Table entry for the transfer buffer:
(gdb) info dos address-pte *((unsigned *)&_go32_info_block + 3)
Page Table entry for address 0x29110:
Base=0x00029000 Dirty Acc. Not-Cached Write-Back Usr Read-Write +0x110
(The + 3 offset is because the transfer buffer's address is the
3rd member of the _go32_info_block structure.) The output
clearly shows that this DPMI server maps the addresses in conventional
memory 1:1, i.e. the physical (0x00029000 + 0x110) and
linear (0x29110) addresses are identical.
This command is supported only with some DPMI servers.
In addition to native debugging, the DJGPP port supports remote debugging via a serial data link. The following commands are specific to remote serial debugging in the DJGPP port of gdb.
set com1base addrset com1irq irqIRQ) line to use
for the COM1 serial port.
There are similar commands `set com2base', `set com3irq',
etc. for setting the port address and the IRQ lines for the
other 3 COM ports.
The related commands `show com1base', `show com1irq' etc.
display the current settings of the base address and the IRQ
lines used by the COM ports.
info serialgdb supports native debugging of MS Windows programs, including DLLs with and without symbolic debugging information.
MS-Windows programs that call SetConsoleMode to switch off the
special meaning of the `Ctrl-C' keystroke cannot be interrupted
by typing C-c. For this reason, gdb on MS-Windows
supports C-<BREAK> as an alternative interrupt key
sequence, which can be used to interrupt the debuggee even if it
ignores C-c.
There are various additional Cygwin-specific commands, described in this section. Working with DLLs that have no debugging symbols is described in Non-debug DLL Symbols.
info w32info w32 selectorGetThreadSelectorEntry function.
It takes an optional argument that is evaluated to
a long value to give the information about this given selector.
Without argument, this command displays information
about the six segment registers.
info dllinfo shared.
dll-symbolsset cygwin-exceptions modeon, gdb will break on exceptions that
happen inside the Cygwin DLL. If mode is off,
gdb will delay recognition of exceptions, and may ignore some
exceptions which seem to be caused by internal Cygwin DLL
“bookkeeping”. This option is meant primarily for debugging the
Cygwin DLL itself; the default value is off to avoid annoying
gdb users with false SIGSEGV signals.
show cygwin-exceptionsset new-console modeon the debuggee will
be started in a new console on next start.
If mode is offi, the debuggee will
be started in the same console as the debugger.
show new-consoleset new-group modeshow new-groupset debugeventsOutputDebugString API call.
set debugexecset debugexceptionsset debugmemoryset shellshow shellVery often on windows, some of the DLLs that your program relies on do not include symbolic debugging information (for example, kernel32.dll). When gdb doesn't recognize any debugging symbols in a DLL, it relies on the minimal amount of symbolic information contained in the DLL's export table. This section describes working with such symbols, known internally to gdb as “minimal symbols”.
Note that before the debugged program has started execution, no DLLs
will have been loaded. The easiest way around this problem is simply to
start the program — either by setting a breakpoint or letting the
program run once to completion. It is also possible to force
gdb to load a particular DLL before starting the executable —
see the shared library information in Files, or the
dll-symbols command in Cygwin Native. Currently,
explicitly loading symbols from a DLL with no debugging information will
cause the symbol names to be duplicated in gdb's lookup table,
which may adversely affect symbol lookup performance.
In keeping with the naming conventions used by the Microsoft debugging
tools, DLL export symbols are made available with a prefix based on the
DLL name, for instance KERNEL32!CreateFileA. The plain name is
also entered into the symbol table, so CreateFileA is often
sufficient. In some cases there will be name clashes within a program
(particularly if the executable itself includes full debugging symbols)
necessitating the use of the fully qualified name when referring to the
contents of the DLL. Use single-quotes around the name to avoid the
exclamation mark (“!”) being interpreted as a language operator.
Note that the internal name of the DLL may be all upper-case, even
though the file name of the DLL is lower-case, or vice-versa. Since
symbols within gdb are case-sensitive this may cause
some confusion. If in doubt, try the info functions and
info variables commands or even maint print msymbols
(see Symbols). Here's an example:
(gdb) info function CreateFileA
All functions matching regular expression "CreateFileA":
Non-debugging symbols:
0x77e885f4 CreateFileA
0x77e885f4 KERNEL32!CreateFileA
(gdb) info function !
All functions matching regular expression "!":
Non-debugging symbols:
0x6100114c cygwin1!__assert
0x61004034 cygwin1!_dll_crt0@0
0x61004240 cygwin1!dll_crt0(per_process *)
[etc...]
Symbols extracted from a DLL's export table do not contain very much type information. All that gdb can do is guess whether a symbol refers to a function or variable depending on the linker section that contains the symbol. Also note that the actual contents of the memory contained in a DLL are not available unless the program is running. This means that you cannot examine the contents of a variable or disassemble a function within a DLL without a running program.
Variables are generally treated as pointers and dereferenced automatically. For this reason, it is often necessary to prefix a variable name with the address-of operator (“&”) and provide explicit type information in the command. Here's an example of the type of problem:
(gdb) print 'cygwin1!__argv'
$1 = 268572168
(gdb) x 'cygwin1!__argv'
0x10021610: "\230y\""
And two possible solutions:
(gdb) print ((char **)'cygwin1!__argv')[0]
$2 = 0x22fd98 "/cygdrive/c/mydirectory/myprogram"
(gdb) x/2x &'cygwin1!__argv'
0x610c0aa8 <cygwin1!__argv>: 0x10021608 0x00000000
(gdb) x/x 0x10021608
0x10021608: 0x0022fd98
(gdb) x/s 0x0022fd98
0x22fd98: "/cygdrive/c/mydirectory/myprogram"
Setting a break point within a DLL is possible even before the program starts execution. However, under these circumstances, gdb can't examine the initial instructions of the function in order to skip the function's frame set-up code. You can work around this by using “*&” to set the breakpoint at a raw memory address:
(gdb) break *&'python22!PyOS_Readline'
Breakpoint 1 at 0x1e04eff0
The author of these extensions is not entirely convinced that setting a break point within a shared DLL like kernel32.dll is completely safe.
This subsection describes gdb commands specific to the gnu Hurd native debugging.
set signalsset sigssigs is a shorthand alias for
signals.
show signalsshow sigsset signal-threadset sigthreadlibc signal
thread. That thread is run when a signal is delivered to a running
process. set sigthread is the shorthand alias of set
signal-thread.
show signal-threadshow sigthreadset stoppedSIGSTOP signal. The stopped process can be
continued by delivering a signal to it.
show stoppedset exceptionsshow exceptionsset task pauseset thread default pause on or set
thread pause on (see below) to pause individual threads.
show task pauseset task detach-suspend-countshow task detach-suspend-countset task exception-portset task excpset task excp is a shorthand alias.
set noninvasiveset task pause, set exceptions, and
set signals to values opposite to the defaults.
info send-rightsinfo receive-rightsinfo port-rightsinfo port-setsinfo dead-namesinfo portsinfo psetsinfo ports for info
port-rights and info psets for info port-sets.
set thread pauseset
task pause off (see above), this command comes in handy to suspend
only the current thread.
show thread pauseset thread runshow thread runset thread detach-suspend-countset thread
takeover-suspend-count to force it to an absolute value.
show thread detach-suspend-countset thread exception-portset thread excpset task exception-port (see above).
set thread excp is the shorthand alias.
set thread takeover-suspend-countset thread defaultshow thread defaultset thread commands has a set thread
default counterpart (e.g., set thread default pause, set
thread default exception-port, etc.). The thread default
variety of commands sets the default thread properties for all
threads; you can then change the properties of individual threads with
the non-default commands.
gdb provides the following commands specific to the QNX Neutrino target:
set debug nto-debugshow debug nto-debuggdb provides the following commands specific to the Darwin target:
set debug darwin numshow debug darwinset debug mach-o numshow debug mach-oset mach-exceptions onset mach-exceptions offshow mach-exceptionsThis section describes configurations involving the debugging of embedded operating systems that are available for several different architectures.
gdb includes the ability to debug programs running on various real-time operating systems.
target vxworks machinenameOn VxWorks, load links filename dynamically on the
current target system as well as adding its symbols in gdb.
gdb enables developers to spawn and debug tasks running on networked
VxWorks targets from a Unix host. Already-running tasks spawned from
the VxWorks shell can also be debugged. gdb uses code that runs on
both the Unix host and on the VxWorks target. The program
gdb is installed and executed on the Unix host. (It may be
installed with the name vxgdb, to distinguish it from a
gdb for debugging programs on the host itself.)
VxWorks-timeout argsvxworks-timeout.
This option is set by the user, and args represents the number of
seconds gdb waits for responses to rpc's. You might use this if
your VxWorks target is a slow software simulator or is on the far side
of a thin network line.
The following information on connecting to VxWorks was current when this manual was produced; newer releases of VxWorks may use revised procedures.
To use gdb with VxWorks, you must rebuild your VxWorks kernel
to include the remote debugging interface routines in the VxWorks
library rdb.a. To do this, define INCLUDE_RDB in the
VxWorks configuration file configAll.h and rebuild your VxWorks
kernel. The resulting kernel contains rdb.a, and spawns the
source debugging task tRdbTask when VxWorks is booted. For more
information on configuring and remaking VxWorks, see the manufacturer's
manual.
Once you have included rdb.a in your VxWorks system image and set
your Unix execution search path to find gdb, you are ready to
run gdb. From your Unix host, run gdb (or
vxgdb, depending on your installation).
gdb comes up showing the prompt:
(vxgdb)
The gdb command target lets you connect to a VxWorks target on the
network. To connect to a target whose host name is “tt”, type:
(vxgdb) target vxworks tt
gdb displays messages like these:
Attaching remote machine across net...
Connected to tt.
gdb then attempts to read the symbol tables of any object modules loaded into the VxWorks target since it was last booted. gdb locates these files by searching the directories listed in the command search path (see Your Program's Environment); if it fails to find an object file, it displays a message such as:
prog.o: No such file or directory.
When this happens, add the appropriate directory to the search path with
the gdb command path, and execute the target
command again.
If you have connected to the VxWorks target and you want to debug an
object that has not yet been loaded, you can use the gdb
load command to download a file from Unix to VxWorks
incrementally. The object file given as an argument to the load
command is actually opened twice: first by the VxWorks target in order
to download the code, then by gdb in order to read the symbol
table. This can lead to problems if the current working directories on
the two systems differ. If both systems have NFS mounted the same
filesystems, you can avoid these problems by using absolute paths.
Otherwise, it is simplest to set the working directory on both systems
to the directory in which the object file resides, and then to reference
the file by its name, without any path. For instance, a program
prog.o may reside in vxpath/vw/demo/rdb in VxWorks
and in hostpath/vw/demo/rdb on the host. To load this
program, type this on VxWorks:
-> cd "vxpath/vw/demo/rdb"
Then, in gdb, type:
(vxgdb) cd hostpath/vw/demo/rdb
(vxgdb) load prog.o
gdb displays a response similar to this:
Reading symbol data from wherever/vw/demo/rdb/prog.o... done.
You can also use the load command to reload an object module
after editing and recompiling the corresponding source file. Note that
this makes gdb delete all currently-defined breakpoints,
auto-displays, and convenience variables, and to clear the value
history. (This is necessary in order to preserve the integrity of
debugger's data structures that reference the target system's symbol
table.)
You can also attach to an existing task using the attach command as
follows:
(vxgdb) attach task
where task is the VxWorks hexadecimal task ID. The task can be running or suspended when you attach to it. Running tasks are suspended at the time of attachment.
This section goes into details specific to particular embedded configurations.
Whenever a specific embedded processor has a simulator, gdb allows to send an arbitrary command to the simulator.
sim commandtarget rdi devtarget rdp devgdb provides the following ARM-specific commands:
set arm disassembler"std" style is the standard style.
show arm disassemblerset arm apcs32show arm apcs32set arm fpu fputypeautosoftfpafpasoftvfpvfpshow arm fpuset arm abishow arm abiset arm fallback-mode (arm|thumb|auto)T bit in the CPSR
register).
show arm fallback-modeset arm force-mode (arm|thumb|auto)show arm force-modeset debug armshow debug armThe following commands are available when an ARM target is debugged using the RDI interface:
rdilogfile [file]rdilogenable [arg]"yes"
enables logging, with an argument 0 or "no" disables it. With
no arguments displays the current setting. When logging is enabled,
ADP packets exchanged between gdb and the RDI target device
are logged to a file.
set rdiromatzerotarget rdi command.
show rdiromatzeroset rdiheartbeatshow rdiheartbeattarget m32r devtarget m32rsdi devThe following gdb commands are specific to the M32R monitor:
set download-path pathshow download-pathset board-address addrshow board-addressset server-address addrshow server-addressupload [file]tload [file]upload command.
The following commands are available for M32R/SDI:
sdiresetsdistatusdebug_chaosuse_debug_dmause_mon_codeuse_ib_breakuse_dbt_breakThe Motorola m68k configuration includes ColdFire support, and a target command for the following ROM monitor.
target dbug devgdb can use the MIPS remote debugging protocol to talk to a MIPS board attached to a serial line. This is available when you configure gdb with `--target=mips-idt-ecoff'.
Use these gdb commands to specify the connection to your target board:
target mips portgdb with the
name of your program as the argument. To connect to the board, use the
command `target mips port', where port is the name of
the serial port connected to the board. If the program has not already
been downloaded to the board, you may use the load command to
download it. You can then use all the usual gdb commands.
For example, this sequence connects to the target board through a serial port, and loads and runs a program called prog through the debugger:
host$ gdb prog
gdb is free software and ...
(gdb) target mips /dev/ttyb
(gdb) load prog
(gdb) run
target mips hostname:portnumbertarget pmon porttarget ddb porttarget lsi porttarget r3900 devtarget array devgdb also supports these special commands for MIPS targets:
set mipsfpu doubleset mipsfpu singleset mipsfpu noneset mipsfpu autoshow mipsfpuIn previous versions the only choices were double precision or no floating point, so `set mipsfpu on' will select double precision and `set mipsfpu off' will select no floating point.
As usual, you can inquire about the mipsfpu variable with
`show mipsfpu'.
set timeout secondsset retransmit-timeout secondsshow timeoutshow retransmit-timeoutset timeout seconds command. The
default is 5 seconds. Similarly, you can control the timeout used while
waiting for an acknowledgment of a packet with the set
retransmit-timeout seconds command. The default is 3 seconds.
You can inspect both values with show timeout and show
retransmit-timeout. (These commands are only available when
gdb is configured for `--target=mips-idt-ecoff'.)
The timeout set by set timeout does not apply when gdb
is waiting for your program to stop. In that case, gdb waits
forever because it has no way of knowing how long the program is going
to run before stopping.
set syn-garbage-limit numshow syn-garbage-limitset monitor-prompt promptshow monitor-promptset monitor-warningslsi target. When on, gdb will
display warning messages whose codes are returned by the lsi
PMON monitor for breakpoint commands.
show monitor-warningspmon commandSee OR1k Architecture document (www.opencores.org) for more information about platform and commands.
target jtag jtag://host:portExample: target jtag jtag://localhost:9999
or1ksim commandor1ksim OpenRISC 1000 Architectural
Simulator, proprietary commands can be executed.
info or1k sprinfo or1k spr groupinfo or1k spr groupnoinfo or1k spr group registerinfo or1k spr registerinfo or1k spr groupno registernoinfo or1k spr registernospr group register valuespr register valuespr groupno registerno valuespr registerno valueSome implementations of OpenRISC 1000 Architecture also have hardware trace. It is very similar to gdb trace, except it does not interfere with normal program execution and is thus much faster. Hardware breakpoints/watchpoint triggers can be set using:
$LEA/$LDATA$SEA/$SDATA$AEA/$ADATA$FETCHWhen triggered, it can capture low level data, like: PC, LSEA,
LDATA, SDATA, READSPR, WRITESPR, INSTR.
hwatch conditionalhwatch ($LEA == my_var) && ($LDATA < 50) || ($SEA == my_var) && ($SDATA >= 50)
hwatch ($LEA == my_var) && ($LDATA < 50) || ($SEA == my_var) && ($SDATA >= 50)
htrace infohtrace trigger conditionalhtrace qualifier conditionalhtrace stop conditionalhtrace record [data]*htrace enablehtrace disablehtrace rewind [filename]If filename is specified, new trace file is made and any newly collected data
will be written there.
htrace print [start [len]]htrace mode continuoushtrace mode suspendgdb provides the following PowerPC-specific commands:
set powerpc soft-floatshow powerpc soft-floatset powerpc vector-abishow powerpc vector-abitarget dink32 devtarget ppcbug devtarget ppcbug1 devtarget sds devThe following commands specific to the SDS protocol are supported by gdb:
set sdstimeout nsecshow sdstimeoutsds commandtarget op50n devtarget w89k dev
gdb enables developers to debug tasks running on
Sparclet targets from a Unix host.
gdb uses code that runs on
both the Unix host and on the Sparclet target. The program
gdb is installed and executed on the Unix host.
remotetimeout argsremotetimeout.
This option is set by the user, and args represents the number of
seconds gdb waits for responses.
When compiling for debugging, include the options `-g' to get debug information and `-Ttext' to relocate the program to where you wish to load it on the target. You may also want to add the options `-n' or `-N' in order to reduce the size of the sections. Example:
sparclet-aout-gcc prog.c -Ttext 0x12010000 -g -o prog -N
You can use objdump to verify that the addresses are what you intended:
sparclet-aout-objdump --headers --syms prog
Once you have set
your Unix execution search path to find gdb, you are ready to
run gdb. From your Unix host, run gdb
(or sparclet-aout-gdb, depending on your installation).
gdb comes up showing the prompt:
(gdbslet)
The gdb command file lets you choose with program to debug.
(gdbslet) file prog
gdb then attempts to read the symbol table of prog. gdb locates the file by searching the directories listed in the command search path. If the file was compiled with debug information (option `-g'), source files will be searched as well. gdb locates the source files by searching the directories listed in the directory search path (see Your Program's Environment). If it fails to find a file, it displays a message such as:
prog: No such file or directory.
When this happens, add the appropriate directories to the search paths with
the gdb commands path and dir, and execute the
target command again.
The gdb command target lets you connect to a Sparclet target.
To connect to a target on serial port “ttya”, type:
(gdbslet) target sparclet /dev/ttya
Remote target sparclet connected to /dev/ttya
main () at ../prog.c:3
gdb displays messages like these:
Connected to ttya.
Once connected to the Sparclet target,
you can use the gdb
load command to download the file from the host to the target.
The file name and load offset should be given as arguments to the load
command.
Since the file format is aout, the program must be loaded to the starting
address. You can use objdump to find out what this value is. The load
offset is an offset which is added to the VMA (virtual memory address)
of each of the file's sections.
For instance, if the program
prog was linked to text address 0x1201000, with data at 0x12010160
and bss at 0x12010170, in gdb, type:
(gdbslet) load prog 0x12010000
Loading section .text, size 0xdb0 vma 0x12010000
If the code is loaded at a different address then what the program was linked
to, you may need to use the section and add-symbol-file commands
to tell gdb where to map the symbol table.
You can now begin debugging the task using gdb's execution control
commands, b, step, run, etc. See the gdb
manual for the list of commands.
(gdbslet) b main
Breakpoint 1 at 0x12010000: file prog.c, line 3.
(gdbslet) run
Starting program: prog
Breakpoint 1, main (argc=1, argv=0xeffff21c) at prog.c:3
3 char *symarg = 0;
(gdbslet) step
4 char *execarg = "hello!";
(gdbslet)
target sparclite devWhen configured for debugging Zilog Z8000 targets, gdb includes a Z8000 simulator.
For the Z8000 family, `target sim' simulates either the Z8002 (the unsegmented variant of the Z8000 architecture) or the Z8001 (the segmented variant). The simulator recognizes which architecture is appropriate by inspecting the object code.
target sim argsAfter specifying this target, you can debug programs for the simulated
CPU in the same style as programs for your host computer; use the
file command to load a new program image, the run command
to run your program, and so on.
As well as making available all the usual machine registers (see Registers), the Z8000 simulator provides three additional items of information as specially named registers:
cyclesinststimeYou can refer to these values in gdb expressions with the usual conventions; for example, `b fputc if $cycles>5000' sets a conditional breakpoint that suspends only after at least 5000 simulated clock ticks.
When configured for debugging the Atmel AVR, gdb supports the following AVR-specific commands:
info io_registersWhen configured for debugging CRIS, gdb provides the following CRIS-specific commands:
set cris-version vershow cris-versionset cris-dwarf2-cfigcc-cris whose version is below
R59.
show cris-dwarf2-cfiset cris-mode modeshow cris-modeFor the Renesas Super-H processor, gdb provides these commands:
regsset sh calling-convention conventionshow sh calling-conventionThis section describes characteristics of architectures that affect all uses of gdb with the architecture, both native and cross.
set struct-convention modestructs and
unions from functions to mode. Possible values of
mode are "pcc", "reg", and "default" (the
default). "default" or "pcc" means that structs
are returned on the stack, while "reg" means that a
struct or a union whose size is 1, 2, 4, or 8 bytes will
be returned in a register.
show struct-conventionstructs
from functions.
set rstack_high_address addressset rstack_high_address command. The argument should be an
address, which you probably want to precede with `0x' to specify in
hexadecimal.
show rstack_high_addressSee the following section.
Alpha- and MIPS-based computers use an unusual stack frame, which sometimes requires gdb to search backward in the object code to find the beginning of a function.
To improve response time (especially for embedded applications, where gdb may be restricted to a slow serial line for this search) you may want to limit the size of this search, using one of these commands:
set heuristic-fence-post limitheuristic-fence-post must search
and therefore the longer it takes to run. You should only need to use
this command when debugging a stripped executable.
show heuristic-fence-postThese commands are available only when gdb is configured for debugging programs on Alpha or MIPS processors.
Several MIPS-specific commands are available when debugging MIPS programs:
set mips abi argshow mips abiset mipsfpushow mipsfpuset mips mask-address argshow mips mask-addressset remote-mips64-transfers-32bit-regsshow remote-mips64-transfers-32bit-regsset debug mipsshow debug mipsWhen gdb is debugging the HP PA architecture, it provides the following special commands:
set debug hppashow debug hppamaint print unwind addressWhen gdb is debugging the Cell Broadband Engine SPU architecture, it provides the following special commands:
info spu eventinfo spu signalinfo spu mailboxinfo spu dmainfo spu proxydmaWhen gdb is debugging a combined PowerPC/SPU application on the Cell Broadband Engine, it provides in addition the following special commands:
set spu stop-on-load argon, gdb
will give control to the user when a new SPE thread enters its main
function. The default is off.
show spu stop-on-loadset spu auto-flush-cache argon, gdb will automatically cause the SPE software-managed
cache to be flushed whenever SPE execution stops. This provides a consistent
view of PowerPC memory that is accessed via the cache. If an application
does not use the software-managed cache, this option has no effect.
show spu auto-flush-cache
When gdb is debugging the PowerPC architecture, it provides a set of
pseudo-registers to enable inspection of 128-bit wide Decimal Floating Point
numbers stored in the floating point registers. These values must be stored
in two consecutive registers, always starting at an even register like
f0 or f2.
The pseudo-registers go from $dl0 through $dl15, and are formed
by joining the even/odd register pairs f0 and f1 for $dl0,
f2 and f3 for $dl1 and so on.
For POWER7 processors, gdb provides a set of pseudo-registers, the 64-bit wide Extended Floating Point Registers (`f32' through `f63').
You can alter the way gdb interacts with you by using the
set command. For commands controlling how gdb displays
data, see Print Settings. Other settings are
described here.
gdb indicates its readiness to read a command by printing a string
called the prompt. This string is normally `(gdb)'. You
can change the prompt string with the set prompt command. For
instance, when debugging gdb with gdb, it is useful to change
the prompt in one of the gdb sessions so that you can always tell
which one you are talking to.
Note: set prompt does not add a space for you after the
prompt you set. This allows you to set a prompt which ends in a space
or a prompt that does not.
set prompt newpromptshow prompt
gdb reads its input commands via the Readline interface. This
gnu library provides consistent behavior for programs which provide a
command line interface to the user. Advantages are gnu Emacs-style
or vi-style inline editing of commands, csh-like history
substitution, and a storage and recall of command history across
debugging sessions.
You may control the behavior of command line editing in gdb with the
command set.
set editingset editing onset editing offshow editingSee Command Line Editing, for more details about the Readline
interface. Users unfamiliar with gnu Emacs or vi are
encouraged to read that chapter.
gdb can keep track of the commands you type during your debugging sessions, so that you can be certain of precisely what happened. Use these commands to manage the gdb command history facility.
gdb uses the gnu History library, a part of the Readline package, to provide the history facility. See Using History Interactively, for the detailed description of the History library.
To issue a command to gdb without affecting certain aspects of the state which is seen by users, prefix it with `server ' (see Server Prefix). This means that this command will not affect the command history, nor will it affect gdb's notion of which command to repeat if <RET> is pressed on a line by itself.
The server prefix does not affect the recording of values into the value
history; to print a value without recording it into the value history,
use the output command instead of the print command.
Here is the description of gdb commands related to command history.
set history filename fnameGDBHISTFILE, or to
./.gdb_history (./_gdb_history on MS-DOS) if this variable
is not set.
set history saveset history save onset history filename command. By default, this option is disabled.
set history save offset history size sizeHISTSIZE, or to 256 if this variable is not set.
History expansion assigns special meaning to the character !. See Event Designators, for more details.
Since ! is also the logical not operator in C, history expansion
is off by default. If you decide to enable history expansion with the
set history expansion on command, you may sometimes need to
follow ! (when it is used as logical not, in an expression) with
a space or a tab to prevent it from being expanded. The readline
history facilities do not attempt substitution on the strings
!= and !(, even when history expansion is enabled.
The commands to control history expansion are:
set history expansion onset history expansionset history expansion offshow historyshow history filenameshow history saveshow history sizeshow history expansionshow history by itself displays all four states.
show commandsshow commands nshow commands +Certain commands to gdb may produce large amounts of information output to the screen. To help you read all of it, gdb pauses and asks you for input at the end of each page of output. Type <RET> when you want to continue the output, or q to discard the remaining output. Also, the screen width setting determines when to wrap lines of output. Depending on what is being printed, gdb tries to break the line at a readable place, rather than simply letting it overflow onto the following line.
Normally gdb knows the size of the screen from the terminal
driver software. For example, on Unix gdb uses the termcap data base
together with the value of the TERM environment variable and the
stty rows and stty cols settings. If this is not correct,
you can override it with the set height and set
width commands:
set height lppshow heightset width cplshow widthset commands specify a screen height of lpp lines and
a screen width of cpl characters. The associated show
commands display the current settings.
If you specify a height of zero lines, gdb does not pause during output no matter how long the output is. This is useful if output is to a file or to an editor buffer.
Likewise, you can specify `set width 0' to prevent gdb
from wrapping its output.
set pagination onset pagination offset height 0.
show paginationYou can always enter numbers in octal, decimal, or hexadecimal in gdb by the usual conventions: octal numbers begin with `0', decimal numbers end with `.', and hexadecimal numbers begin with `0x'. Numbers that neither begin with `0' or `0x', nor end with a `.' are, by default, entered in base 10; likewise, the default display for numbers—when no particular format is specified—is base 10. You can change the default base for both input and output with the commands described below.
set input-radix base set input-radix 012
set input-radix 10.
set input-radix 0xa
sets the input base to decimal. On the other hand, `set input-radix 10' leaves the input radix unchanged, no matter what it was, since `10', being without any leading or trailing signs of its base, is interpreted in the current radix. Thus, if the current radix is 16, `10' is interpreted in hex, i.e. as 16 decimal, which doesn't change the radix.
set output-radix baseshow input-radixshow output-radixset radix [base]show radixset radix sets the radix of input and output to
the same base; without an argument, it resets the radix back to its
default value of 10.
gdb can determine the ABI (Application Binary Interface) of your application automatically. However, sometimes you need to override its conclusions. Use these commands to manage gdb's view of the current ABI.
One gdb configuration can debug binaries for multiple operating
system targets, either via remote debugging or native emulation.
gdb will autodetect the OS ABI (Operating System ABI) in use,
but you can override its conclusion using the set osabi command.
One example where this is useful is in debugging of binaries which use
an alternate C library (e.g. uClibc for gnu/Linux) which does
not have the same identifying marks that the standard C library for your
platform provides.
show osabiset osabiset osabi abi
Generally, the way that an argument of type float is passed to a
function depends on whether the function is prototyped. For a prototyped
(i.e. ANSI/ISO style) function, float arguments are passed unchanged,
according to the architecture's convention for float. For unprototyped
(i.e. K&R style) functions, float arguments are first promoted to type
double and then passed.
Unfortunately, some forms of debug information do not reliably indicate whether a function is prototyped. If gdb calls a function that is not marked as prototyped, it consults set coerce-float-to-double.
set coerce-float-to-doubleset coerce-float-to-double onfloat will be promoted to double when passed
to an unprototyped function. This is the default setting.
set coerce-float-to-double offfloat will be passed directly to unprototyped
functions.
show coerce-float-to-doublefloat to double.
gdb needs to know the ABI used for your program's C++
objects. The correct C++ ABI depends on which C++ compiler was
used to build your application. gdb only fully supports
programs with a single C++ ABI; if your program contains code using
multiple C++ ABI's or if gdb can not identify your
program's ABI correctly, you can tell gdb which ABI to use.
Currently supported ABI's include “gnu-v2”, for g++ versions
before 3.0, “gnu-v3”, for g++ versions 3.0 and later, and
“hpaCC” for the HP ANSI C++ compiler. Other C++ compilers may
use the “gnu-v2” or “gnu-v3” ABI's as well. The default setting is
“auto”.
show cp-abiset cp-abiset cp-abi abiset cp-abi autoBy default, gdb is silent about its inner workings. If you are
running on a slow machine, you may want to use the set verbose
command. This makes gdb tell you when it does a lengthy
internal operation, so you will not think it has crashed.
Currently, the messages controlled by set verbose are those
which announce that the symbol table for a source file is being read;
see symbol-file in Commands to Specify Files.
set verbose onset verbose offshow verboseset verbose is on or off.
By default, if gdb encounters bugs in the symbol table of an object file, it is silent; but if you are debugging a compiler, you may find this information useful (see Errors Reading Symbol Files).
set complaints limitshow complaintsBy default, gdb is cautious, and asks what sometimes seems to be a lot of stupid questions to confirm certain commands. For example, if you try to run a program which is already running:
(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n)
If you are willing to unflinchingly face the consequences of your own commands, you can disable this “feature”:
set confirm offset confirm onshow confirmIf you need to debug user-defined commands or sourced files you may find it useful to enable command tracing. In this mode each command will be printed as it is executed, prefixed with one or more `+' symbols, the quantity denoting the call depth of each command.
set trace-commands onset trace-commands offshow trace-commandsgdb has commands that enable optional debugging messages from various gdb subsystems; normally these commands are of interest to gdb maintainers, or when reporting a bug. This section documents those commands.
set exec-done-displayshow exec-done-displayset debug archshow debug archset debug aix-threadshow debug aix-threadset debug dwarf2-dieshow debug dwarf2-dieset debug displacedshow debug displacedset debug eventshow debug eventset debug expressionshow debug expressionset debug frameshow debug frameset debug gnu-natshow debug gnu-natset debug infrunshow debug infrunset debug lin-lwpshow debug lin-lwpset debug lin-lwp-asyncshow debug lin-lwp-asyncset debug observershow debug observerset debug overloadshow debug overloadset debug remoteshow debug remoteset debug serialshow debug serialset debug solib-frvshow debug solib-frvset debug targetrun command.
show debug targetset debug timestampshow debug timestampset debugvarobjshow debugvarobjset debug xmlshow debug xmlset interactive-modeon, forces gdb to operate interactively.
If off, forces gdb to operate non-interactively,
If auto (the default), gdb guesses which mode to use,
based on whether the debugger was started in a terminal or not.
In the vast majority of cases, the debugger should be able to guess correctly which mode should be used. But this setting can be useful in certain specific cases, such as running a MinGW gdb inside a cygwin window.
show interactive-modegdb provides two mechanisms for extension. The first is based on composition of gdb commands, and the second is based on the Python scripting language.
Aside from breakpoint commands (see Breakpoint Command Lists), gdb provides two ways to store sequences of commands for execution as a unit: user-defined commands and command files.
A user-defined command is a sequence of gdb commands to
which you assign a new name as a command. This is done with the
define command. User commands may accept up to 10 arguments
separated by whitespace. Arguments are accessed within the user command
via $arg0...$arg9. A trivial example:
define adder
print $arg0 + $arg1 + $arg2
end
To execute the command use:
adder 1 2 3
This defines the command adder, which prints the sum of
its three arguments. Note the arguments are text substitutions, so they may
reference variables, use complex expressions, or even perform inferior
functions calls.
In addition, $argc may be used to find out how many arguments have
been passed. This expands to a number in the range 0...10.
define adder
if $argc == 2
print $arg0 + $arg1
end
if $argc == 3
print $arg0 + $arg1 + $arg2
end
end
define commandnameThe definition of the command is made up of other gdb command lines,
which are given following the define command. The end of these
commands is marked by a line containing end.
document commandnamehelp. The command commandname must already be
defined. This command reads lines of documentation just as define
reads the lines of the command definition, ending with end.
After the document command is finished, help on command
commandname displays the documentation you have written.
You may use the document command again to change the
documentation of a command. Redefining the command with define
does not change the documentation.
dont-repeathelp user-definedshow usershow user commandnameshow max-user-call-depthset max-user-call-depthmax-user-call-depth controls how many recursion
levels are allowed in user-defined commands before gdb suspects an
infinite recursion and aborts the command.
In addition to the above commands, user-defined commands frequently use control flow commands, described in Command Files.
When user-defined commands are executed, the commands of the definition are not printed. An error in any command stops execution of the user-defined command.
If used interactively, commands that would ask for confirmation proceed without asking when used inside a user-defined command. Many gdb commands that normally print messages to say what they are doing omit the messages when used in a user-defined command.
You may define hooks, which are a special kind of user-defined command. Whenever you run the command `foo', if the user-defined command `hook-foo' exists, it is executed (with no arguments) before that command.
A hook may also be defined which is run after the command you executed. Whenever you run the command `foo', if the user-defined command `hookpost-foo' exists, it is executed (with no arguments) after that command. Post-execution hooks may exist simultaneously with pre-execution hooks, for the same command.
It is valid for a hook to call the command which it hooks. If this occurs, the hook is not re-executed, thereby avoiding infinite recursion.
In addition, a pseudo-command, `stop' exists. Defining (`hook-stop') makes the associated commands execute every time execution stops in your program: before breakpoint commands are run, displays are printed, or the stack frame is printed.
For example, to ignore SIGALRM signals while
single-stepping, but treat them normally during normal execution,
you could define:
define hook-stop
handle SIGALRM nopass
end
define hook-run
handle SIGALRM pass
end
define hook-continue
handle SIGALRM pass
end
As a further example, to hook at the beginning and end of the echo
command, and to add extra text to the beginning and end of the message,
you could define:
define hook-echo
echo <<<---
end
define hookpost-echo
echo --->>>\n
end
(gdb) echo Hello World
<<<---Hello World--->>>
(gdb)
You can define a hook for any single-word command in gdb, but
not for command aliases; you should define a hook for the basic command
name, e.g. backtrace rather than bt.
You can hook a multi-word command by adding hook- or
hookpost- to the last word of the command, e.g.
`define target hook-remote' to add a hook to `target remote'.
If an error occurs during the execution of your hook, execution of gdb commands stops and gdb issues a prompt (before the command that you actually typed had a chance to run).
If you try to define a hook which does not match any known command, you
get a warning from the define command.
A command file for gdb is a text file made of lines that are gdb commands. Comments (lines starting with #) may also be included. An empty line in a command file does nothing; it does not mean to repeat the last command, as it would from the terminal.
You can request the execution of a command file with the source
command:
source [-v] filenameThe lines in a command file are generally executed sequentially, unless the order of execution is changed by one of the flow-control commands described below. The commands are not printed as they are executed. An error in any command terminates execution of the command file and control is returned to the console.
gdb searches for filename in the current directory and then on the search path (specified with the `directory' command).
If -v, for verbose mode, is given then gdb displays
each command as it is executed. The option must be given before
filename, and is interpreted as part of the filename anywhere else.
Commands that would ask for confirmation if used interactively proceed without asking when used in a command file. Many gdb commands that normally print messages to say what they are doing omit the messages when called from command files.
gdb also accepts command input from standard input. In this mode, normal output goes to standard output and error output goes to standard error. Errors in a command file supplied on standard input do not terminate execution of the command file—execution continues with the next command.
gdb < cmds > log 2>&1
(The syntax above will vary depending on the shell used.) This example will execute commands from the file cmds. All output and errors would be directed to log.
Since commands stored on command files tend to be more general than commands typed interactively, they frequently need to deal with complicated situations, such as different or unexpected values of variables and symbols, changes in how the program being debugged is built, etc. gdb provides a set of flow-control commands to deal with these complexities. Using these commands, you can write complex scripts that loop over data structures, execute commands conditionally, etc.
ifelseif command takes a single argument, which is an
expression to evaluate. It is followed by a series of commands that
are executed only if the expression is true (its value is nonzero).
There can then optionally be an else line, followed by a series
of commands that are only executed if the expression was false. The
end of the list is marked by a line containing end.
whileif: the command takes a single argument, which is an expression
to evaluate, and must be followed by the commands to execute, one per
line, terminated by an end. These commands are called the
body of the loop. The commands in the body of while are
executed repeatedly as long as the expression evaluates to true.
loop_breakwhile loop in whose body it is included.
Execution of the script continues after that whiles end
line.
loop_continuewhile loop in whose body it is included. Execution
branches to the beginning of the while loop, where it evaluates
the controlling expression.
endif,
else, or while flow-control commands.
During the execution of a command file or a user-defined command, normal gdb output is suppressed; the only output that appears is what is explicitly printed by the commands in the definition. This section describes three commands useful for generating exactly the output you want.
echo textA backslash at the end of text can be used, as in C, to continue the command onto subsequent lines. For example,
echo This is some text\n\
which is continued\n\
onto several lines.\n
produces the same output as
echo This is some text\n
echo which is continued\n
echo onto several lines.\n
output expressionoutput/fmt expressionprint. See Output Formats, for more information.
printf template, expressions... printf (template, expressions...);
As in C printf, ordinary characters in template
are printed verbatim, while conversion specification introduced
by the `%' character cause subsequent expressions to be
evaluated, their values converted and formatted according to type and
style information encoded in the conversion specifications, and then
printed.
For example, you can print two values in hex like this:
printf "foo, bar-foo = 0x%x, 0x%x\n", foo, bar-foo
printf supports all the standard C conversion
specifications, including the flags and modifiers between the `%'
character and the conversion letter, with the following exceptions:
LC_NUMERIC') is not supported.
Note that the `ll' type modifier is supported only if the
underlying C implementation used to build gdb supports
the long long int type, and the `L' type modifier is
supported only if long double type is available.
As in C, printf supports simple backslash-escape
sequences, such as \n, `\t', `\\', `\"',
`\a', and `\f', that consist of backslash followed by a
single character. Octal and hexadecimal escape sequences are not
supported.
Additionally, printf supports conversion specifications for DFP
(Decimal Floating Point) types using the following length modifiers
together with a floating point specifier.
letters:
Decimal32 types.
Decimal64 types.
Decimal128 types.
If the underlying C implementation used to build gdb has
support for the three length modifiers for DFP types, other modifiers
such as width and precision will also be available for gdb to use.
In case there is no such C support, no additional modifiers will be
available and the value will be printed in the standard way.
Here's an example of printing DFP types using the above conversion letters:
printf "D32: %Hf - D64: %Df - D128: %DDf\n",1.2345df,1.2E10dd,1.2E1dl
You can script gdb using the Python programming language. This feature is available only if gdb was configured using --with-python.
gdb provides one command for accessing the Python interpreter, and one related setting:
python [code]python command can be used to evaluate Python code.
If given an argument, the python command will evaluate the
argument as a Python command. For example:
(gdb) python print 23
23
If you do not provide an argument to python, it will act as a
multi-line command, like define. In this case, the Python
script is made up of subsequent command lines, given after the
python command. This command list is terminated using a line
containing end. For example:
(gdb) python
Type python script
End with a line saying just "end".
>print 23
>end
23
maint set python print-stackmaint set
python print-stack: if on, the default, then Python stack
printing is enabled; if off, then Python stack printing is
disabled.
At startup, gdb overrides Python's sys.stdout and
sys.stderr to print using gdb's output-paging streams.
A Python program which outputs to one of these streams may have its
output interrupted by the user (see Screen Size). In this
situation, a Python KeyboardInterrupt exception is thrown.
gdb introduces a new Python module, named gdb. All
methods and classes added by gdb are placed in this module.
gdb automatically imports the gdb module for
use in all scripts evaluated by the python command.
Evaluate command, a string, as a gdb CLI command. If a GDB exception happens while command runs, it is translated as described in Exception Handling. If no exceptions occur, this function returns
None.from_tty specifies whether gdb ought to consider this command as having originated from the user invoking it interactively. It must be a boolean value. If omitted, it defaults to
False.
Return the value of a gdb parameter. parameter is a string naming the parameter to look up; parameter may contain spaces if the parameter has a multi-part name. For example, `print object' is a valid parameter name.
If the named parameter does not exist, this function throws a
RuntimeError. Otherwise, the parameter's value is converted to a Python value of the appropriate type, and returned.
Return a value from gdb's value history (see Value History). number indicates which history element to return. If number is negative, then gdb will take its absolute value and count backward from the last element (i.e., the most recent element) to find the value to return. If number is zero, then gdb will return the most recent element. If the element specified by number doesn't exist in the value history, a
RuntimeErrorexception will be raised.If no exception is raised, the return value is always an instance of
gdb.Value(see Values From Inferior).
Print a string to gdb's paginated standard output stream. Writing to
sys.stdoutorsys.stderrwill automatically call this function.
Flush gdb's paginated standard output stream. Flushing
sys.stdoutorsys.stderrwill automatically call this function.
When executing the python command, Python exceptions
uncaught within the Python code are translated to calls to
gdb error-reporting mechanism. If the command that called
python does not handle the error, gdb will
terminate it and print an error message containing the Python
exception name, the associated value, and the Python call stack
backtrace at the point where the exception was raised. Example:
(gdb) python print foo
Traceback (most recent call last):
File "<string>", line 1, in <module>
NameError: name 'foo' is not defined
gdb errors that happen in gdb commands invoked by Python
code are converted to Python RuntimeError exceptions. User
interrupt (via C-c or by typing q at a pagination
prompt) is translated to a Python KeyboardInterrupt
exception. If you catch these exceptions in your Python code, your
exception handler will see RuntimeError or
KeyboardInterrupt as the exception type, the gdb error
message as its value, and the Python call stack backtrace at the
Python statement closest to where the gdb error occured as the
traceback.
When a new object file is read (for example, due to the file
command, or because the inferior has loaded a shared library),
gdb will look for a file named objfile-gdb.py,
where objfile is the object file's real name, formed by ensuring
that the file name is absolute, following all symlinks, and resolving
. and .. components. If this file exists and is
readable, gdb will evaluate it as a Python script.
If this file does not exist, and if the parameter
debug-file-directory is set (see Separate Debug Files),
then gdb will use the file named
debug-file-directory/real-name, where
real-name is the object file's real name, as described above.
Finally, if this file does not exist, then gdb will look for
a file named data-directory/python/auto-load/real-name, where
data-directory is gdb's data directory (available via
show data-directory, see Data Files), and real-name
is the object file's real name, as described above.
When reading an auto-loaded file, gdb sets the “current
objfile”. This is available via the gdb.current_objfile
function (see Objfiles In Python). This can be useful for
registering objfile-specific pretty-printers.
The auto-loading feature is useful for supplying application-specific debugging commands and scripts. You can enable or disable this feature, and view its current state.
maint set python auto-load [yes|no]show python auto-loadgdb does not track which files it has already auto-loaded. So, your `-gdb.py' file should take care to ensure that it may be evaluated multiple times without error.
gdb provides values it obtains from the inferior program in
an object of type gdb.Value. gdb uses this object
for its internal bookkeeping of the inferior's values, and for
fetching values when necessary.
Inferior values that are simple scalars can be used directly in
Python expressions that are valid for the value's data type. Here's
an example for an integer or floating-point value some_val:
bar = some_val + 2
As result of this, bar will also be a gdb.Value object
whose values are of the same type as those of some_val.
Inferior values that are structures or instances of some class can
be accessed using the Python dictionary syntax. For example, if
some_val is a gdb.Value instance holding a structure, you
can access its foo element with:
bar = some_val['foo']
Again, bar will also be a gdb.Value object.
The following attributes are provided:
If this object is addressable, this read-only attribute holds a
gdb.Valueobject representing the address. Otherwise, this attribute holdsNone.
The following methods are provided:
For pointer data types, this method returns a new
gdb.Valueobject whose contents is the object pointed to by the pointer. For example, iffoois a C pointer to anint, declared in your C program asint *foo;then you can use the corresponding
gdb.Valueto access whatfoopoints to like this:bar = foo.dereference ()The result
barwill be agdb.Valueobject holding the value pointed to byfoo.
If this
gdb.Valuerepresents a string, then this method converts the contents to a Python string. Otherwise, this method will throw an exception.Strings are recognized in a language-specific way; whether a given
gdb.Valuerepresents a string is determined by the current language.For C-like languages, a value is a string if it is a pointer to or an array of characters or ints. The string is assumed to be terminated by a zero of the appropriate width. However if the optional length argument is given, the string will be converted to that given length, ignoring any embedded zeros that the string may contain.
If the optional encoding argument is given, it must be a string naming the encoding of the string in the
gdb.Value, such as"ascii","iso-8859-6"or"utf-8". It accepts the same encodings as the corresponding argument to Python'sstring.decodemethod, and the Python codec machinery will be used to convert the string. If encoding is not given, or if encoding is the empty string, then either thetarget-charset(see Character Sets) will be used, or a language-specific encoding will be used, if the current language is able to supply one.The optional errors argument is the same as the corresponding argument to Python's
string.decodemethod.If the optional length argument is given, the string will be fetched and converted to the given length.
gdb represents types from the inferior using the class
gdb.Type.
The following type-related functions are available in the gdb
module:
This function looks up a type by name. name is the name of the type to look up. It must be a string.
Ordinarily, this function will return an instance of
gdb.Type. If the named type cannot be found, it will throw an exception.
An instance of Type has the following attributes:
The type code for this type. The type code will be one of the
TYPE_CODE_constants defined below.
The following methods are provided:
For structure and union types, this method returns the fields. Range types have two fields, the minimum and maximum values. Enum types have one field per enum constant. Function and method types have one field per parameter. The base types of C++ classes are also represented as fields. If the type has no fields, or does not fit into one of these categories, an empty sequence will be returned.
Each field is an object, with some pre-defined attributes:
bitpos- This attribute is not available for
staticfields (as in C++ or Java). For non-staticfields, the value is the bit position of the field.name- The name of the field, or
Nonefor anonymous fields.artificial- This is
Trueif the field is artificial, usually meaning that it was provided by the compiler and not the user. This attribute is always provided, and isFalseif the field is not artificial.bitsize- If the field is packed, or is a bitfield, then this will have a non-zero value, which is the size of the field in bits. Otherwise, this will be zero; in this case the field's size is given by its type.
type- The type of the field. This is usually an instance of
Type, but it can beNonein some situations.
Return a new
gdb.Typeobject which represents aconst-qualified variant of this type.
Return a new
gdb.Typeobject which represents avolatile-qualified variant of this type.
Return a new
gdb.Typeobject which represents an unqualified variant of this type. That is, the result is neitherconstnorvolatile.
Return a new
gdb.Typethat represents the real type, after removing all layers of typedefs.
Return a new
gdb.Typeobject which represents the target type of this type.For a pointer type, the target type is the type of the pointed-to object. For an array type (meaning C-like arrays), the target type is the type of the elements of the array. For a function or method type, the target type is the type of the return value. For a complex type, the target type is the type of the elements. For a typedef, the target type is the aliased type.
If the type does not have a target, this method will throw an exception.
If this
gdb.Typeis an instantiation of a template, this will return a newgdb.Typewhich represents the type of the nth template argument.If this
gdb.Typeis not a template type, this will throw an exception. Ordinarily, only C++ code will have template types.name is searched for globally.
Each type has a code, which indicates what category this type falls
into. The available type categories are represented by constants
defined in the gdb module:
TYPE_CODE_PTRTYPE_CODE_ARRAYTYPE_CODE_STRUCTTYPE_CODE_UNIONTYPE_CODE_ENUMTYPE_CODE_FLAGSTYPE_CODE_FUNCTYPE_CODE_INTTYPE_CODE_FLTTYPE_CODE_VOIDvoid.
TYPE_CODE_SETTYPE_CODE_RANGETYPE_CODE_STRINGTYPE_CODE_BITSTRINGTYPE_CODE_ERRORTYPE_CODE_METHODTYPE_CODE_METHODPTRTYPE_CODE_MEMBERPTRTYPE_CODE_REFTYPE_CODE_CHARTYPE_CODE_BOOLTYPE_CODE_COMPLEXTYPE_CODE_TYPEDEFTYPE_CODE_NAMESPACETYPE_CODE_DECFLOATTYPE_CODE_INTERNAL_FUNCTIONgdb provides a mechanism to allow pretty-printing of values using Python code. The pretty-printer API allows application-specific code to greatly simplify the display of complex objects. This mechanism works for both MI and the CLI.
For example, here is how a C++ std::string looks without a
pretty-printer:
(gdb) print s
$1 = {
static npos = 4294967295,
_M_dataplus = {
<std::allocator<char>> = {
<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>},
members of std::basic_string<char, std::char_traits<char>, std::allocator<char> >::_Alloc_hider:
_M_p = 0x804a014 "abcd"
}
}
After a pretty-printer for std::string has been installed, only
the contents are printed:
(gdb) print s
$2 = "abcd"
A pretty-printer is just an object that holds a value and implements a specific interface, defined here.
gdb will call this method on a pretty-printer to compute the children of the pretty-printer's value.
This method must return an object conforming to the Python iterator protocol. Each item returned by the iterator must be a tuple holding two elements. The first element is the “name” of the child; the second element is the child's value. The value can be any Python object which is convertible to a gdb value.
This method is optional. If it does not exist, gdb will act as though the value has no children.
The CLI may call this method and use its result to change the formatting of a value. The result will also be supplied to an MI consumer as a `displayhint' attribute of the variable being printed.
This method is optional. If it does exist, this method must return a string.
Some display hints are predefined by gdb:
- `array'
- Indicate that the object being printed is “array-like”. The CLI uses this to respect parameters such as
set print elementsandset print array.- `map'
- Indicate that the object being printed is “map-like”, and that the children of this value can be assumed to alternate between keys and values.
- `string'
- Indicate that the object being printed is “string-like”. If the printer's
to_stringmethod returns a Python string of some kind, then gdb will call its internal language-specific string-printing function to format the string. For the CLI this means adding quotation marks, possibly escaping some characters, respectingset print elements, and the like.
gdb will call this method to display the string representation of the value passed to the object's constructor.
When printing from the CLI, if the
to_stringmethod exists, then gdb will prepend its result to the values returned bychildren. Exactly how this formatting is done is dependent on the display hint, and may change as more hints are added. Also, depending on the print settings (see Print Settings), the CLI may print just the result ofto_stringin a stack trace, omitting the result ofchildren.If this method returns a string, it is printed verbatim.
Otherwise, if this method returns an instance of
gdb.Value, then gdb prints this value. This may result in a call to another pretty-printer.If instead the method returns a Python value which is convertible to a
gdb.Value, then gdb performs the conversion and prints the resulting value. Again, this may result in a call to another pretty-printer. Python scalars (integers, floats, and booleans) and strings are convertible togdb.Value; other types are not.If the result is not one of these types, an exception is raised.
The Python list gdb.pretty_printers contains an array of
functions that have been registered via addition as a pretty-printer.
Each gdb.Objfile also contains a pretty_printers
attribute.
A function on one of these lists is passed a single gdb.Value
argument and should return a pretty-printer object conforming to the
interface definition above (see Pretty Printing). If a function
cannot create a pretty-printer for the value, it should return
None.
gdb first checks the pretty_printers attribute of each
gdb.Objfile and iteratively calls each function in the list for
that gdb.Objfile until it receives a pretty-printer object.
After these lists have been exhausted, it tries the global
gdb.pretty-printers list, again calling each function until an
object is returned.
The order in which the objfiles are searched is not specified. For a given list, functions are always invoked from the head of the list, and iterated over sequentially until the end of the list, or a printer object is returned.
Here is an example showing how a std::string printer might be
written:
class StdStringPrinter:
"Print a std::string"
def __init__ (self, val):
self.val = val
def to_string (self):
return self.val['_M_dataplus']['_M_p']
def display_hint (self):
return 'string'
And here is an example showing how a lookup function for the printer example above might be written.
def str_lookup_function (val):
lookup_tag = val.type.tag
regex = re.compile ("^std::basic_string<char,.*>$")
if lookup_tag == None:
return None
if regex.match (lookup_tag):
return StdStringPrinter (val)
return None
The example lookup function extracts the value's type, and attempts to
match it to a type that it can pretty-print. If it is a type the
printer can pretty-print, it will return a printer object. If not, it
returns None.
We recommend that you put your core pretty-printers into a Python package. If your pretty-printers are for use with a library, we further recommend embedding a version number into the package name. This practice will enable gdb to load multiple versions of your pretty-printers at the same time, because they will have different names.
You should write auto-loaded code (see Auto-loading) such that it
can be evaluated multiple times without changing its meaning. An
ideal auto-load file will consist solely of imports of your
printer modules, followed by a call to a register pretty-printers with
the current objfile.
Taken as a whole, this approach will scale nicely to multiple inferiors, each potentially using a different library version. Embedding a version number in the Python package name will ensure that gdb is able to load both sets of printers simultaneously. Then, because the search for pretty-printers is done by objfile, and because your auto-loaded code took care to register your library's printers with a specific objfile, gdb will find the correct printers for the specific version of the library used by each inferior.
To continue the std::string example (see Pretty Printing),
this code might appear in gdb.libstdcxx.v6:
def register_printers (objfile):
objfile.pretty_printers.add (str_lookup_function)
And then the corresponding contents of the auto-load file would be:
import gdb.libstdcxx.v6
gdb.libstdcxx.v6.register_printers (gdb.current_objfile ())
You can implement new gdb CLI commands in Python. A CLI
command is implemented using an instance of the gdb.Command
class, most commonly using a subclass.
The object initializer for
Commandregisters the new command with gdb. This initializer is normally invoked from the subclass' own__init__method.name is the name of the command. If name consists of multiple words, then the initial words are looked for as prefix commands. In this case, if one of the prefix commands does not exist, an exception is raised.
There is no support for multi-line commands.
command_class should be one of the `COMMAND_' constants defined below. This argument tells gdb how to categorize the new command in the help system.
completer_class is an optional argument. If given, it should be one of the `COMPLETE_' constants defined below. This argument tells gdb how to perform completion for this command. If not given, gdb will attempt to complete using the object's
completemethod (see below); if no such method is found, an error will occur when completion is attempted.prefix is an optional argument. If
True, then the new command is a prefix command; sub-commands of this command may be registered.The help text for the new command is taken from the Python documentation string for the command's class, if there is one. If no documentation string is provided, the default value “This command is not documented.” is used.
By default, a gdb command is repeated when the user enters a blank line at the command prompt. A command can suppress this behavior by invoking the
dont_repeatmethod. This is similar to the user commanddont-repeat, see dont-repeat.
This method is called by gdb when this command is invoked.
argument is a string. It is the argument to the command, after leading and trailing whitespace has been stripped.
from_tty is a boolean argument. When true, this means that the command was entered by the user at the terminal; when false it means that the command came from elsewhere.
If this method throws an exception, it is turned into a gdb
errorcall. Otherwise, the return value is ignored.
This method is called by gdb when the user attempts completion on this command. All forms of completion are handled by this method, that is, the <TAB> and <M-?> key bindings (see Completion), and the
completecommand (see complete).The arguments text and word are both strings. text holds the complete command line up to the cursor's location. word holds the last word of the command line; this is computed using a word-breaking heuristic.
The
completemethod can return several values:
- If the return value is a sequence, the contents of the sequence are used as the completions. It is up to
completeto ensure that the contents actually do complete the word. A zero-length sequence is allowed, it means that there were no completions available. Only string elements of the sequence are used; other elements in the sequence are ignored.- If the return value is one of the `COMPLETE_' constants defined below, then the corresponding gdb-internal completion function is invoked, and its result is used.
- All other results are treated as though there were no available completions.
When a new command is registered, it must be declared as a member of
some general class of commands. This is used to classify top-level
commands in the on-line help system; note that prefix commands are not
listed under their own category but rather that of their top-level
command. The available classifications are represented by constants
defined in the gdb module:
COMMAND_NONECOMMAND_RUNNINGstart, step, and continue are in this category.
Type help running at the gdb prompt to see a list of
commands in this category.
COMMAND_DATAcall, find, and print are in this category. Type
help data at the gdb prompt to see a list of commands
in this category.
COMMAND_STACKbacktrace, frame, and return are in this
category. Type help stack at the gdb prompt to see a
list of commands in this category.
COMMAND_FILESfile, list and section are in this category.
Type help files at the gdb prompt to see a list of
commands in this category.
COMMAND_SUPPORThelp, make, and shell are in this category. Type
help support at the gdb prompt to see a list of
commands in this category.
COMMAND_STATUSinfo, macro,
and show are in this category. Type help status at the
gdb prompt to see a list of commands in this category.
COMMAND_BREAKPOINTSbreak,
clear, and delete are in this category. Type help
breakpoints at the gdb prompt to see a list of commands in
this category.
COMMAND_TRACEPOINTStrace,
actions, and tfind are in this category. Type
help tracepoints at the gdb prompt to see a list of
commands in this category.
COMMAND_OBSCUREcheckpoint,
fork, and stop are in this category. Type help
obscure at the gdb prompt to see a list of commands in this
category.
COMMAND_MAINTENANCEmaintenance and flushregs commands are in this category.
Type help internals at the gdb prompt to see a list of
commands in this category.
A new command can use a predefined completion function, either by
specifying it via an argument at initialization, or by returning it
from the complete method. These predefined completion
constants are all defined in the gdb module:
COMPLETE_NONECOMPLETE_FILENAMECOMPLETE_LOCATIONCOMPLETE_COMMANDCOMPLETE_SYMBOLThe following code snippet shows how a trivial CLI command can be implemented in Python:
class HelloWorld (gdb.Command):
"""Greet the whole world."""
def __init__ (self):
super (HelloWorld, self).__init__ ("hello-world", gdb.COMMAND_OBSCURE)
def invoke (self, arg, from_tty):
print "Hello, World!"
HelloWorld ()
The last line instantiates the class, and is necessary to trigger the
registration of the command with gdb. Depending on how the
Python code is read into gdb, you may need to import the
gdb module explicitly.
You can implement new convenience functions (see Convenience Vars)
in Python. A convenience function is an instance of a subclass of the
class gdb.Function.
The initializer for
Functionregisters the new function with gdb. The argument name is the name of the function, a string. The function will be visible to the user as a convenience variable of typeinternal function, whose name is the same as the given name.The documentation for the new function is taken from the documentation string for the new class.
When a convenience function is evaluated, its arguments are converted to instances of
gdb.Value, and then the function'sinvokemethod is called. Note that gdb does not predetermine the arity of convenience functions. Instead, all available arguments are passed toinvoke, following the standard Python calling convention. In particular, a convenience function can have default values for parameters without ill effect.The return value of this method is used as its value in the enclosing expression. If an ordinary Python value is returned, it is converted to a
gdb.Valuefollowing the usual rules.
The following code snippet shows how a trivial convenience function can be implemented in Python:
class Greet (gdb.Function):
"""Return string to greet someone.
Takes a name as argument."""
def __init__ (self):
super (Greet, self).__init__ ("greet")
def invoke (self, name):
return "Hello, %s!" % name.string ()
Greet ()
The last line instantiates the class, and is necessary to trigger the
registration of the function with gdb. Depending on how the
Python code is read into gdb, you may need to import the
gdb module explicitly.
gdb loads symbols for an inferior from various symbol-containing files (see Files). These include the primary executable file, any shared libraries used by the inferior, and any separate debug info files (see Separate Debug Files). gdb calls these symbol-containing files objfiles.
The following objfile-related functions are available in the
gdb module:
When auto-loading a Python script (see Auto-loading), gdb sets the “current objfile” to the corresponding objfile. This function returns the current objfile. If there is no current objfile, this function returns
None.
Return a sequence of all the objfiles current known to gdb. See Objfiles In Python.
Each objfile is represented by an instance of the gdb.Objfile
class.
The
pretty_printersattribute is a list of functions. It is used to look up pretty-printers. AValueis passed to each function in order; if the function returnsNone, then the search continues. Otherwise, the return value should be an object which is used to format the value. See Pretty Printing, for more information.
When the debugged program stops, gdb is able to analyze its call
stack (see Stack frames). The gdb.Frame class
represents a frame in the stack. A gdb.Frame object is only valid
while its corresponding frame exists in the inferior's stack. If you try
to use an invalid frame object, gdb will throw a RuntimeError
exception.
Two gdb.Frame objects can be compared for equality with the ==
operator, like:
(gdb) python print gdb.newest_frame() == gdb.selected_frame ()
True
The following frame-related functions are available in the gdb module:
Return a string explaining the reason why gdb stopped unwinding frames, as expressed by the given reason code (an integer, see the
unwind_stop_reasonmethod further down in this section).
A gdb.Frame object has the following methods:
Returns true if the
gdb.Frameobject is valid, false if not. A frame object can become invalid if the frame it refers to doesn't exist anymore in the inferior. Allgdb.Framemethods will throw an exception if it is invalid at the time the method is called.
Returns the type of the frame. The value can be one of
gdb.NORMAL_FRAME,gdb.DUMMY_FRAME,gdb.SIGTRAMP_FRAMEorgdb.SENTINEL_FRAME.
gdb supports multiple command interpreters, and some command infrastructure to allow users or user interface writers to switch between interpreters or run commands in other interpreters.
gdb currently supports two command interpreters, the console interpreter (sometimes called the command-line interpreter or cli) and the machine interface interpreter (or gdb/mi). This manual describes both of these interfaces in great detail.
By default, gdb will start with the console interpreter. However, the user may choose to start gdb with another interpreter by specifying the -i or --interpreter startup options. Defined interpreters include:
consolemimi2). Used primarily
by programs wishing to use gdb as a backend for a debugger GUI
or an IDE. For more information, see The gdb/mi Interface.
mi2mi1The interpreter being used by gdb may not be dynamically switched at runtime. Although possible, this could lead to a very precarious situation. Consider an IDE using gdb/mi. If a user enters the command "interpreter-set console" in a console view, gdb would switch to using the console interpreter, rendering the IDE inoperable!
Although you may only choose a single interpreter at startup, you may execute
commands in any interpreter from the current interpreter using the appropriate
command. If you are running the console interpreter, simply use the
interpreter-exec command:
interpreter-exec mi "-data-list-register-names"
gdb/mi has a similar command, although it is only available in versions of gdb which support gdb/mi version 2 (or greater).
The gdb Text User Interface (TUI) is a terminal
interface which uses the curses library to show the source
file, the assembly output, the program registers and gdb
commands in separate text windows. The TUI mode is supported only
on platforms where a suitable version of the curses library
is available.
The TUI mode is enabled by default when you invoke gdb as either `gdbtui' or `gdb -tui'. You can also switch in and out of TUI mode while gdb runs by using various TUI commands and key bindings, such as C-x C-a. See TUI Key Bindings.
In TUI mode, gdb can display several text windows:
The source and assembly windows show the current program position by highlighting the current line and marking it with a `>' marker. Breakpoints are indicated with two markers. The first marker indicates the breakpoint type:
BbHhThe second marker indicates whether the breakpoint is enabled or not:
+-The source, assembly and register windows are updated when the current thread changes, when the frame changes, or when the program counter changes.
These windows are not all visible at the same time. The command window is always visible. The others can be arranged in several layouts:
A status line above the command window shows the following information:
No process.
?? is displayed.
?? is displayed.
The TUI installs several key bindings in the readline keymaps (see Command Line Editing). The following key bindings are installed for both TUI mode and the gdb standard mode.
Think of this key binding as the Emacs C-x 1 binding.
Think of it as the Emacs C-x 2 binding.
Think of it as the Emacs C-x o binding.
The following key bindings only work in the TUI mode:
Because the arrow keys scroll the active window in the TUI mode, they are not available for their normal use by readline unless the command window has the focus. When another window is active, you must use other readline key bindings such as C-p, C-n, C-b and C-f to control the command window.
The TUI also provides a SingleKey mode, which binds several frequently used gdb commands to single keys. Type C-x s to switch into this mode, where the following key bindings are used:
Other keys temporarily switch to the gdb command prompt. The key that was pressed is inserted in the editing buffer so that it is possible to type most gdb commands without interaction with the TUI SingleKey mode. Once the command is entered the TUI SingleKey mode is restored. The only way to permanently leave this mode is by typing q or C-x s.
The TUI has specific commands to control the text windows. These commands are always available, even when gdb is not in the TUI mode. When gdb is in the standard mode, most of these commands will automatically switch to the TUI mode.
info winlayout nextlayout prevlayout srclayout asmlayout splitlayout regsfocus nextfocus prevfocus srcfocus asmfocus regsfocus cmdrefreshtui reg floattui reg generaltui reg nextgeneral, float, system, vector,
all, save, restore.
tui reg systemupdatewinheight name +countwinheight name -counttabset ncharsSeveral configuration variables control the appearance of TUI windows.
set tui border-kind kindspaceasciiacsset tui border-mode modeset tui active-border-mode modenormalstandoutreversehalfhalf-standoutboldbold-standoutA special interface allows you to use gnu Emacs to view (and edit) the source files for the program you are debugging with gdb.
To use this interface, use the command M-x gdb in Emacs. Give the executable file you want to debug as an argument. This command starts gdb as a subprocess of Emacs, with input and output through a newly created Emacs buffer.
Running gdb under Emacs can be just like running gdb normally except for two things: