GDB使用记录 | 孙勇峰的部落格 http://sunyongfeng.com/201506/programmer/tools/gdb.html
GDB使用记录
发表于 2015-06-17 更新于 2019-04-17 分类于 programmer
记录GDB使用过的方法。
简介
GDB,GNU Debugger,特性如下:
- GDB具备各种调试功效,可对计算机程序的运行进行追踪、警告。使用者可以监控及修改程序内部变量的值,甚至可在程序的正常运行之外调用函数。
- GDB支持多数处理器架构
- 持续开发中
- 支持远程调试
- 支持内核调试,KGDB
从事嵌入式软件开发两年来,主要在以下几方面使用GDB:
- 查看、修改运行时变量;
- 多线程调试,查看当前线程运行状态(以确定当前线程是不是因为等锁等原因挂起);
- 查看coredump文件;
- 碰到难缠的内存非法改写问题,用GDB的断点、物理watch功能查看内存变化以定位改写者;
引用公司一个技术牛人的话:在大型的项目中,使用GDB的单步调试、软件watch是不现实的,因为会运行得实在太慢。
命令小记:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
|
linux提示符 1. GDB进入正在运行的进程 gdb 可执行文件 core文件 gdb -p pid GDB提示符 1. 查看调用栈信息 bt / backtrace / bt full frame n info locals info args
2. 查看、设置变量 p 变量 p 变量 = 新值 set 变量 = 新值 3. 查看内存 x/<n/f/u> <addr>
4. 线程调试 info thread thread n thread apply all bt full
|
启动GDB
GCC选项
想用GDB调试,则在GCC编译的时候要加上-g选项。
启动GDB
启动GDB的方法主要有以下几种:
gdb
gdb executable_file
gdb executable_file corefile
:查看coredump文件信息,定位coredump产生原因、触发源。
gdb attach pid
:调度运行时的进程或线程,同gdb -p pid
。
善用help
在GDB提示符下输入help
或help 命令
,能够查看命令的帮助说明。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
|
(gdb) help List of classes of commands:
aliases -- Aliases of other commands breakpoints -- Making program stop at certain points data -- Examining data files -- Specifying and examining files internals -- Maintenance commands obscure -- Obscure features running -- Running the program stack -- Examining the stack status -- Status inquiries support -- Support facilities tracepoints -- Tracing of program execution without stopping the program user-defined -- User-defined commands
Type "help" followed by a class name for a list of commands in that class. Type "help all" for the list of all commands. Type "help" followed by command name for full documentation. Type "apropos word" to search for commands related to "word". Command name abbreviations are allowed if unambiguous.
|
查看调用栈
写一个简单的例子(仅为样例,并不严谨):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
|
#include <stdbool.h> #include <stdio.h> #include <unistd.h> #include <pthread.h> #include <assert.h> #include <sys/prctl.h>
typedef struct { int member_a; int member_b; } test_t;
int g_int; bool g_bool; char *g_str[] = { "Hello, GDB!", "It's funny." };
void stay_here(int arg, test_t *test) { int local;
local = 100; while (true) { local++; if (local % 200 == 0) { local = 0; } sleep(1); }
return; }
void *thread_process(void *arg) { int in; char name[64];
in = (int)arg; (void)snprintf(name, 64, "test-%d", in + 1); prctl(PR_SET_NAME, (unsigned long)name);
|
编译并运行起来,注意gcc的-g选项,这里使用&让程序运行到后台,[1] 8043指刚刚这个程序运行时的进程号,也可用ps
命令查看。
1 2 3 4 5 6 7 8 9
|
sunnogo@a3e420:~/test/gdb$ gcc -o prt_mod_var prt_mod_var.c -g -Wall -lpthread sunnogo@a3e420:~/test/gdb$ sunnogo@a3e420:~/test/gdb$ ls prt_mod_var prt_mod_var.c sunnogo@a3e420:~/test/gdb$ ./prt_mod_var & [1] 8043 sunnogo@a3e420:~/test/gdb$ sunnogo@a3e420:~/test/gdb$ ps -e | grep prt_mod_var 8043 pts/1 00:00:00 prt_mod_var
|
接下来使用gdb -p 8043
连入正在运行的进程中。还不明白为什么我的计算机中要求使用root权限才能让GDB attach到对应进程。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
|
sunnogo@a3e420:~/test/gdb$ gdb -p 8043 GNU gdb (GDB) 7.5-ubuntu Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Attaching to process 8043 Could not attach to process. If your uid matches the uid of the target process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf ptrace: Operation not permitted. (gdb) quit
|
重新sudo gdb -p pid
进入进程。
- 使用
bt
查看当前调用栈信息(call stack,即函数调用层次信息),当前进程的是由main() -> sleep() -> nanosleep() -> __kernel_vsyscall()一层一层调入。注意“#数字”,在GDB中这叫stack frames,或直接称为frame,运行栈由一个或多个连续的frame组成,数字越小代表调用层次越深。
- 使用
bt full
查看详细调用栈信息,会把各个frame的入参和局部变量信息显示出来。这里bt是backtrace的缩写,GDB的全命令经常有其简短的写法。
注意:GDB中,按回车默认是执行上一次命令。
先MARK下面的“No symbol table info available.”
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
|
sunnogo@a3e420:~/test/gdb$ sudo gdb -p 8043 [sudo] password for sunnogo: GNU gdb (GDB) 7.5-ubuntu Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Attaching to process 8043 Reading symbols from /home/sunnogo/test/gdb/prt_mod_var...done. Reading symbols from /lib/i386-linux-gnu/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/i386-linux-gnu/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 0xb7751424 in __kernel_vsyscall () (gdb) bt
|
- 使用
frame n
进入“#n”的frame。默认显示当前函数名、函数入参、当前运行处所在源文件的代码行位置,并显示当前行代码。
- 使用
info
命令查看frame详细信息,info命令不是全命令,后面还有子命令。info有很多子命令,除本frame外,还可以查看本进程信息、系统信息,这里仅仅是冰山一角。
info frame
显示当前frame信息
info args
显示入参信息
info local
显示局部变量信息
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
|
(gdb) frame 3 #3 0x0804845b in stay_here (arg=999, test=0xbf8e5118) at prt_mod_var.c:26 26 sleep(1)
|
查看、修改变量
p var
查看变量信息,p是print的缩写。
p var
p *(指针类型)地址
p *结构体指针
p 数组名
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
|
# 打印变量 (gdb) p g_int $3 = 0 (gdb) p g_bool $4 = false
# 打印特定类型指针 (gdb) info local local = 113 (gdb) p &local $11 = (int *) 0xbf8e50ec (gdb) p *(int *) 0xbf8e50ec $12 = 113 (gdb)
# 打印结构体指针 (gdb) p test $1 = (test_t *) 0xbf8e5118 (gdb) p *test $2 = {member_a = 10, member_b = 11}
# 打印数组名 (gdb) p g_str $5 = {0x8048538 "Hello, GDB!", 0x8048544 "It's funny."} (gdb) p g_str[0] $6 = 0x8048538 "Hello, GDB!"
|
print
不仅可以用来查看变量,还可用于设置变量。print var=value
。
设置变量值的命令还有set
,set var=value
。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
|
|
查看内存
examine
查看内存,缩写是x
。命令格式:
n、f、u是可选参数,说明如下:
1 2 3 4 5 6 7 8 9 10 11 12 13
|
(gdb) help x Examine memory: x/FMT ADDRESS. ADDRESS is an expression for the memory address to examine. FMT is a repeat count followed by a format letter and a size letter. Format letters are o(octal), x(hex), d(decimal), u(unsigned decimal), t(binary), f(float), a(address), i(instruction), c(char) and s(string). Size letters are b(byte), h(halfword), w(word), g(giant, 8 bytes). The specified number of objects of the specified size are printed according to the format.
Defaults for format and size letters are those previously used. Default count is 1. Default address is following last thing printed with this command or "print".
|
n
表示要打印的多少个单位的内存,默认是1,单位由u
定义;
f
表示打印的格式,格式有:
- o,octal,八进制;
- x,hex,十六进制;
- d,decimal,十进制;
- u,unsigned decimal,无符号十进制;
- t,binary,二进制;
- f,float;
- a,address;
- i,instruction,指令;
- c,char,字符;
- s,string,字符串。
u
定义单位,b表示1字节,h表示2字节,w表示4字节,g表示8字节。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
|
|
查看线程信息
有两种方法可以进入线程调试:
- 设置线程名,用ps查看母进程的线程信息,获取tid,再启动GDB进入;
- 直接启动GDB调试母进程,
info thread
查看所有线程信息,获取到想要的线程的GDB内部编号n,thread n
进入线程的调用栈。
直接获取、调试线程
上面样例中创建5条线程,并使用prctl函数为每条线程命名为”test-n”。
这样可以通过ps -eL | grep test(或者test进程的pid)
来查看刚创建的线程的tid。然后gdb -p tid
进入线程调度。这里进入编号为4的线程。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
|
sunnogo@a3e420:~/test/gdb$ gcc -o test test.c -g -Wall -lpthread sunnogo@a3e420:~/test/gdb$ ./test & [2] 16427 sunnogo@a3e420:~/test/gdb$ ps -eL | grep test 16427 16427 pts/1 00:00:00 test 16427 16428 pts/1 00:00:00 test-1 16427 16429 pts/1 00:00:00 test-2 16427 16430 pts/1 00:00:00 test-3 16427 16431 pts/1 00:00:00 test-4 16427 16432 pts/1 00:00:00 test-5 sunnogo@a3e420:~/test/gdb$ sudo gdb -p 16431 GNU gdb (GDB) 7.5-ubuntu Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Attaching to process 16431
warning: process 16431 is a cloned process Reading symbols from /home/sunnogo/test/gdb/test...done. Reading symbols from /lib/i386-linux-gnu/libpthread.so.0...(no debugging symbols found)...done. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". Loaded symbols for /lib/i386-linux-gnu/libpthread.so.0 Reading symbols from /lib/i386-linux-gnu/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/i386-linux-gnu/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 0xb774f424 in __kernel_vsyscall () (gdb) bt full
|
间接获取、调试线程
注意和上一种方法的对比,相比起来,第一种方法要方便得多。也从侧面看出为每个线程命名的重要性。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
|
sunnogo@a3e420:~/test/gdb$ nnogo@a3e420:~/test/gdb$ sudo gdb attach 16427 GNU gdb (GDB) 7.5-ubuntu Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... attach: No such file or directory. Attaching to process 16427 Reading symbols from /home/sunnogo/test/gdb/test...done. Reading symbols from /lib/i386-linux-gnu/libpthread.so.0...(no debugging symbols found)...done. [New LWP 16432] [New LWP 16431] [New LWP 16430] [New LWP 16429] [New LWP 16428] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". Loaded symbols for /lib/i386-linux-gnu/libpthread.so.0 Reading symbols from /lib/i386-linux-gnu/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/i386-linux-gnu/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 0xb774f424 in __kernel_vsyscall () (gdb) info thread Id Target Id Frame 6 Thread 0xb7568b40 (LWP 16428) "test-1" 0xb774f424 in __kernel_vsyscall () 5 Thread 0xb6d67b40 (LWP 16429) "test-2" 0xb774f424 in __kernel_vsyscall () 4 Thread 0xb6566b40 (LWP 16430) "test-3" 0xb774f424 in __kernel_vsyscall () 3 Thread 0xb5d65b40 (LWP 16431) "test-4" 0xb774f424 in __kernel_vsyscall () 2 Thread 0xb5564b40 (LWP 16432) "test-5" 0xb774f424 in __kernel_vsyscall () * 1 Thread 0xb75696c0 (LWP 16427) "test" 0xb774f424 in __kernel_vsyscall () (gdb) thread 3 [Switching to thread 3 (Thread 0xb5d65b40 (LWP 16431))]
|
查看所有线程堆栈
使用 thread apply all bt full
,查看所有线程的堆栈,如果线程多,可能会产生短暂刷屏。
gdb中调用调用函数
call func_name(param1, param2, ...)
,目前还没有明白如果参数是结构体要怎么整。注意,只能在进程上下文中才能使用,coredump中无法使用。
gdb中申请内存
p malloc(size)
,结果会返回一个指针,即可正常使用这个指针。注意,只能在进程上下文中才能使用,coredump中无法使用。如下例:
1 2 3 4
|
(gdb) p malloc(4) [New Thread 0x693ff460 (LWP 2033)] [Switching to Thread 0xb6101000 (LWP 1456)] $1 = (void *) 0xb58d01e0 <----使用这个返回的指针。
|
查看寄存器信息
to-do
GDB反汇编
to-do
断点设置
to-do
内存监控
to-do
GCC选项对GDB的影响
GCC -g选项的影响
注意上面的,如果gcc编译的时候不加-g
选项,那么frame 3也会显示“No symbol table info available.”,无符号表信息可用,全局变量g_str也打不出来。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
|
(gdb) bt full
|
GCC -fomit-frame-pointer选项的影响