Debugging With GDB: The Gnu Source-Level Debugger Ninth Edition, For GDB Version 7.2.50.20110211 Package (GDB)
Debugging With GDB: The Gnu Source-Level Debugger Ninth Edition, For GDB Version 7.2.50.20110211 Package (GDB)
(GDB)
Copyright
c 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
Permission is granted to copy, distribute and/or modify this document under the terms
of the GNU Free Documentation License, Version 1.3 or any later version published by
the Free Software Foundation; with the Invariant Sections being “Free Software” and “Free
Software Needs Free Documentation”, with the Front-Cover Texts being “A GNU Manual,”
and with the Back-Cover Texts as in (a) below.
(a) The FSF’s Back-Cover Text is: “You are free to copy and modify this GNU Man-
ual. Buying copies from GNU Press supports the FSF in developing GNU and promoting
software freedom.”
This edition of the GDB manual is dedicated to the memory of Fred Fish. Fred was a
long-standing contributor to GDB and to Free software in general. We will miss him.
i
Table of Contents
ii Debugging with gdb
Summary of gdb 1
Summary of gdb
The purpose of a debugger such as gdb is to allow you to see what is going on “inside”
another program while it executes—or what another program was doing at the moment it
crashed.
gdb can do four main kinds of things (plus other things in support of these) to help you
catch bugs in the act:
• Start your program, specifying anything that might affect its behavior.
• Make your program stop on specified conditions.
• Examine what has happened, when your program has stopped.
• Change things in your program, so you can experiment with correcting the effects of
one bug and go on to learn about another.
You can use gdb to debug programs written in C and C++. For more information, see
hundefinedi [Supported Languages], page hundefinedi. For more information, see hunde-
finedi [C and C++], page hundefinedi.
Support for D is partial. For information on D, see hundefinedi [D], page hundefinedi.
Support for Modula-2 is partial. For information on Modula-2, see hundefinedi [Modula-
2], page hundefinedi.
Support for OpenCL C is partial. For information on OpenCL C, see hundefinedi
[OpenCL C], page hundefinedi.
Debugging Pascal programs which use sets, subranges, file variables, or nested functions
does not currently work. gdb does not support entering expressions, printing values, or
similar features using Pascal syntax.
gdb can be used to debug programs written in Fortran, although it may be necessary
to refer to some variables with a trailing underscore.
gdb can be used to debug programs written in Objective-C, using either the Ap-
ple/NeXT or the GNU Objective-C runtime.
Free Software
gdb is free software, protected by the gnu General Public License (GPL). The GPL
gives you the freedom to copy or adapt a licensed program—but every person getting a
copy also gets with it the freedom to modify that copy (which means that they must get
access to the source code), and the freedom to distribute further copies. Typical software
companies use copyrights to limit your freedoms; the Free Software Foundation uses the
GPL to preserve these freedoms.
Fundamentally, the General Public License is a license which says that you have these
freedoms and that you cannot take these freedoms away from anyone else.
2 Debugging with gdb
The biggest deficiency in the free software community today is not in the software—it is
the lack of good free documentation that we can include with the free software. Many of our
most important programs do not come with free reference manuals and free introductory
texts. Documentation is an essential part of any software package; when an important free
software package does not come with a free manual and a free tutorial, that is a major gap.
We have many such gaps today.
Consider Perl, for instance. The tutorial manuals that people normally use are non-free.
How did this come about? Because the authors of those manuals published them with
restrictive terms—no copying, no modification, source files not available—which exclude
them from the free software world.
That wasn’t the first time this sort of thing happened, and it was far from the last.
Many times we have heard a GNU user eagerly describe a manual that he is writing, his
intended contribution to the community, only to learn that he had ruined everything by
signing a publication contract to make it non-free.
Free documentation, like free software, is a matter of freedom, not price. The problem
with the non-free manual is not that publishers charge a price for printed copies—that in
itself is fine. (The Free Software Foundation sells printed copies of manuals, too.) The
problem is the restrictions on the use of the manual. Free manuals are available in source
code form, and give you permission to copy and modify. Non-free manuals do not allow
this.
The criteria of freedom for a free manual are roughly the same as for free software.
Redistribution (including the normal kinds of commercial redistribution) must be permitted,
so that the manual can accompany every copy of the program, both on-line and on paper.
Permission for modification of the technical content is crucial too. When people mod-
ify the software, adding or changing features, if they are conscientious they will change
the manual too—so they can provide accurate and clear documentation for the modified
program. A manual that leaves you no choice but to write a new manual to document a
changed version of the program is not really available to our community.
Some kinds of limits on the way modification is handled are acceptable. For example,
requirements to preserve the original author’s copyright notice, the distribution terms, or
the list of authors, are ok. It is also no problem to require modified versions to include
notice that they were modified. Even entire sections that may not be deleted or changed
are acceptable, as long as they deal with nontechnical topics (like this one). These kinds of
restrictions are acceptable because they don’t obstruct the community’s normal use of the
manual.
However, it must be possible to modify all the technical content of the manual, and then
distribute the result in all the usual media, through all the usual channels. Otherwise, the
restrictions obstruct the use of the manual, it is not free, and we need another manual to
replace it.
Please spread the word about this issue. Our community continues to lose manuals
to proprietary publishing. If we spread the word that free software needs free reference
manuals and free tutorials, perhaps the next person who wants to contribute by writing
Summary of gdb 3
documentation will realize, before it is too late, that only free manuals contribute to the
free software community.
If you are writing documentation, please insist on publishing it under the GNU Free
Documentation License or another free documentation license. Remember that this deci-
sion requires your approval—you don’t have to let the publisher decide. Some commercial
publishers will use a free license if you insist, but they will not propose the option; it is up
to you to raise the issue and say firmly that this is what you want. If the publisher you
are dealing with refuses, please try other publishers. If you’re not sure whether a proposed
license is free, write to licensing@gnu.org.
You can encourage commercial publishers to sell more free, copylefted manuals and
tutorials by buying them, and particularly by buying copies from the publishers that paid
for their writing or for major improvements. Meanwhile, try to avoid buying non-free
documentation at all. Check the distribution terms of a manual before you buy it, and
insist that whoever seeks your business must respect your freedom. Check the history of
the book, and try to reward the publishers that have paid or pay the authors to work on it.
The Free Software Foundation maintains a list of free documentation published by other
publishers, at http://www.fsf.org/doc/other-free-books.html.
Contributors to gdb
Richard Stallman was the original author of gdb, and of many other gnu programs.
Many others have contributed to its development. This section attempts to credit major
contributors. One of the virtues of free software is that everyone is free to contribute to
it; with regret, we cannot actually acknowledge everyone here. The file ‘ChangeLog’ in the
gdb distribution approximates a blow-by-blow account.
Changes much prior to version 2.0 are lost in the mists of time.
Plea: Additions to this section are particularly welcome. If you or your friends
(or enemies, to be evenhanded) have been unfairly omitted from this list, we
would like to add your names!
So that they may not regard their many labors as thankless, we particularly thank those
who shepherded gdb through major releases: Andrew Cagney (releases 6.3, 6.2, 6.1, 6.0,
5.3, 5.2, 5.1 and 5.0); Jim Blandy (release 4.18); Jason Molenda (release 4.17); Stan Shebs
(release 4.14); Fred Fish (releases 4.16, 4.15, 4.13, 4.12, 4.11, 4.10, and 4.9); Stu Grossman
and John Gilmore (releases 4.8, 4.7, 4.6, 4.5, and 4.4); John Gilmore (releases 4.3, 4.2, 4.1,
4.0, and 3.9); Jim Kingdon (releases 3.5, 3.4, and 3.3); and Randy Smith (releases 3.2, 3.1,
and 3.0).
Richard Stallman, assisted at various times by Peter TerMaat, Chris Hanson, and
Richard Mlynarik, handled releases through 2.8.
Michael Tiemann is the author of most of the gnu C++ support in gdb, with significant
additional contributions from Per Bothner and Daniel Berlin. James Clark wrote the gnu
C++ demangler. Early work on C++ was by Peter TerMaat (who also did much general
update work leading to release 3.0).
gdb uses the BFD subroutine library to examine multiple object-file formats; BFD was
a joint project of David V. Henkel-Wallace, Rich Pixley, Steve Chamberlain, and John
Gilmore.
4 Debugging with gdb
David Johnson wrote the original COFF support; Pace Willison did the original support
for encapsulated COFF.
Brent Benson of Harris Computer Systems contributed DWARF 2 support.
Adam de Boor and Bradley Davis contributed the ISI Optimum V support. Per Bothner,
Noboyuki Hikichi, and Alessandro Forin contributed MIPS support. Jean-Daniel Fekete
contributed Sun 386i support. Chris Hanson improved the HP9000 support. Noboyuki
Hikichi and Tomoyuki Hasei contributed Sony/News OS 3 support. David Johnson con-
tributed Encore Umax support. Jyrki Kuoppala contributed Altos 3068 support. Jeff
Law contributed HP PA and SOM support. Keith Packard contributed NS32K support.
Doug Rabson contributed Acorn Risc Machine support. Bob Rusk contributed Harris
Nighthawk CX-UX support. Chris Smith contributed Convex support (and Fortran de-
bugging). Jonathan Stone contributed Pyramid support. Michael Tiemann contributed
SPARC support. Tim Tucker contributed support for the Gould NP1 and Gould Powern-
ode. Pace Willison contributed Intel 386 support. Jay Vosburgh contributed Symmetry
support. Marko Mlinar contributed OpenRISC 1000 support.
Andreas Schwab contributed M68K gnu/Linux support.
Rich Schaefer and Peter Schauer helped with support of SunOS shared libraries.
Jay Fenlason and Roland McGrath ensured that gdb and GAS agree about several
machine instruction sets.
Patrick Duval, Ted Goldstein, Vikram Koka and Glenn Engel helped develop remote
debugging. Intel Corporation, Wind River Systems, AMD, and ARM contributed remote
debugging modules for the i960, VxWorks, A29K UDI, and RDI targets, respectively.
Brian Fox is the author of the readline libraries providing command-line editing and
command history.
Andrew Beers of SUNY Buffalo wrote the language-switching code, the Modula-2 sup-
port, and contributed the Languages chapter of this manual.
Fred Fish wrote most of the support for Unix System Vr4. He also enhanced the
command-completion support to cover C++ overloaded symbols.
Hitachi America (now Renesas America), Ltd. sponsored the support for H8/300,
H8/500, and Super-H processors.
NEC sponsored the support for the v850, Vr4xxx, and Vr5xxx processors.
Mitsubishi (now Renesas) sponsored the support for D10V, D30V, and M32R/D proces-
sors.
Toshiba sponsored the support for the TX39 Mips processor.
Matsushita sponsored the support for the MN10200 and MN10300 processors.
Fujitsu sponsored the support for SPARClite and FR30 processors.
Kung Hsu, Jeff Law, and Rick Sladkey added support for hardware watchpoints.
Michael Snyder added support for tracepoints.
Stu Grossman wrote gdbserver.
Jim Kingdon, Peter Schauer, Ian Taylor, and Stu Grossman made nearly innumerable
bug fixes and cleanups throughout gdb.
The following people at the Hewlett-Packard Company contributed support for the PA-
RISC 2.0 architecture, HP-UX 10.20, 10.30, and 11.0 (narrow mode), HP’s implementation
Summary of gdb 5
of kernel threads, HP’s aC++ compiler, and the Text User Interface (nee Terminal User
Interface): Ben Krepp, Richard Title, John Bishop, Susan Macchia, Kathy Mann, Satish
Pai, India Paul, Steve Rehrauer, and Elena Zannoni. Kim Haase provided HP-specific
information in this manual.
DJ Delorie ported gdb to MS-DOS, for the DJGPP project. Robert Hoehne made
significant contributions to the DJGPP port.
Cygnus Solutions has sponsored gdb maintenance and much of its development since
1991. Cygnus engineers who have worked on gdb fulltime include Mark Alexander, Jim
Blandy, Per Bothner, Kevin Buettner, Edith Epstein, Chris Faylor, Fred Fish, Martin
Hunt, Jim Ingham, John Gilmore, Stu Grossman, Kung Hsu, Jim Kingdon, John Metzler,
Fernando Nasser, Geoffrey Noer, Dawn Perchik, Rich Pixley, Zdenek Radouch, Keith Seitz,
Stan Shebs, David Taylor, and Elena Zannoni. In addition, Dave Brolley, Ian Carmichael,
Steve Chamberlain, Nick Clifton, JT Conklin, Stan Cox, DJ Delorie, Ulrich Drepper, Frank
Eigler, Doug Evans, Sean Fagan, David Henkel-Wallace, Richard Henderson, Jeff Holcomb,
Jeff Law, Jim Lemke, Tom Lord, Bob Manson, Michael Meissner, Jason Merrill, Catherine
Moore, Drew Moseley, Ken Raeburn, Gavin Romig-Koch, Rob Savoye, Jamie Smith, Mike
Stump, Ian Taylor, Angela Thomas, Michael Tiemann, Tom Tromey, Ron Unrau, Jim
Wilson, and David Zuhn have made contributions both large and small.
Andrew Cagney, Fernando Nasser, and Elena Zannoni, while working for Cygnus Solu-
tions, implemented the original gdb/mi interface.
Jim Blandy added support for preprocessor macros, while working for Red Hat.
Andrew Cagney designed gdb’s architecture vector. Many people including Andrew
Cagney, Stephane Carrez, Randolph Chung, Nick Duffek, Richard Henderson, Mark Ket-
tenis, Grace Sainsbury, Kei Sakamoto, Yoshinori Sato, Michael Snyder, Andreas Schwab,
Jason Thorpe, Corinna Vinschen, Ulrich Weigand, and Elena Zannoni, helped with the
migration of old architectures to this new framework.
Andrew Cagney completely re-designed and re-implemented gdb’s unwinder framework,
this consisting of a fresh new design featuring frame IDs, independent frame sniffers, and
the sentinel frame. Mark Kettenis implemented the dwarf 2 unwinder, Jeff Johnston the
libunwind unwinder, and Andrew Cagney the dummy, sentinel, tramp, and trad unwinders.
The architecture-specific changes, each involving a complete rewrite of the architecture’s
frame code, were carried out by Jim Blandy, Joel Brobecker, Kevin Buettner, Andrew
Cagney, Stephane Carrez, Randolph Chung, Orjan Friberg, Richard Henderson, Daniel
Jacobowitz, Jeff Johnston, Mark Kettenis, Theodore A. Roth, Kei Sakamoto, Yoshinori
Sato, Michael Snyder, Corinna Vinschen, and Ulrich Weigand.
Christian Zankel, Ross Morley, Bob Wilson, and Maxim Grigoriev from Tensilica, Inc.
contributed support for Xtensa processors. Others who have worked on the Xtensa port of
gdb in the past include Steve Tjiang, John Newlin, and Scott Foehner.
Michael Eager and staff of Xilinx, Inc., contributed support for the Xilinx MicroBlaze
architecture.
6 Debugging with gdb
Chapter 1: A Sample gdb Session 7
foo
0000
define(bar,defn(‘foo’))
bar
0000
changequote(<QUOTE>,<UNQUOTE>)
define(baz,defn(<QUOTE>foo<UNQUOTE>))
baz
Ctrl-d
m4: End of input: 0: fatal error: EOF in string
Let us use gdb to try to see what is going on.
$ gdb m4
gdb is free software and you are welcome to distribute copies
of it under certain conditions; type "show copying" to see
the conditions.
There is absolutely no warranty for gdb; type "show warranty"
for details.
(gdb) run
Starting program: /work/Editorial/gdb/gnu/m4/m4
define(foo,0000)
foo
0000
To trigger the breakpoint, we call changequote. gdb suspends execution of m4, displaying
information about the context where it stops.
changequote(<QUOTE>,<UNQUOTE>)
The last line displayed looks a little odd; we can examine the variables lquote and rquote
to see if they are in fact the new left and right quotes we specified. We use the command
p (print) to see their values.
(gdb) p lquote
$1 = 0x35d40 "<QUOTE>"
(gdb) p rquote
$2 = 0x35d50 "<UNQUOTE>"
lquote and rquote are indeed the new left and right quotes. To look at some context, we
can display ten lines of source surrounding the current line with the l (list) command.
(gdb) l
533 xfree(rquote);
534
535 lquote = (lq == nil || *lq == ’\0’) ? def_lquote\
: xstrdup (lq);
536 rquote = (rq == nil || *rq == ’\0’) ? def_rquote\
: xstrdup (rq);
537
538 len_lquote = strlen(rquote);
539 len_rquote = strlen(lquote);
540 }
541
542 void
Let us step past the two lines that set len_lquote and len_rquote, and then examine the
values of those variables.
(gdb) n
539 len_rquote = strlen(lquote);
(gdb) n
540 }
(gdb) p len lquote
$3 = 9
(gdb) p len rquote
$4 = 7
That certainly looks wrong, assuming len_lquote and len_rquote are meant to be the
lengths of lquote and rquote respectively. We can set them to better values using the p
command, since it can print the value of any expression—and that expression can include
subroutine calls and assignments.
(gdb) p len lquote=strlen(lquote)
$5 = 7
(gdb) p len rquote=strlen(rquote)
$6 = 9
Is that enough to fix the problem of using the new quotes with the m4 built-in defn? We can
allow m4 to continue executing with the c (continue) command, and then try the example
that caused trouble initially:
(gdb) c
Continuing.
define(baz,defn(<QUOTE>foo<UNQUOTE>))
baz
0000
10 Debugging with gdb
Success! The new quotes now work just as well as the default ones. The problem seems to
have been just the two typos defining the wrong lengths. We allow m4 exit by giving it an
EOF as input:
Ctrl-d
Program exited normally.
The message ‘Program exited normally.’ is from gdb; it indicates m4 has finished execut-
ing. We can end our gdb session with the gdb quit command.
(gdb) quit
Chapter 2: Getting In and Out of gdb 11
Invoke gdb by running the program gdb. Once started, gdb reads commands from the
terminal until you tell it to exit.
You can also run gdb with a variety of arguments and options, to specify more of your
debugging environment at the outset.
The command-line options described here are designed to cover a variety of situations;
in some environments, some of these options may effectively be unavailable.
The most usual way to start gdb is with one argument, specifying an executable program:
gdb program
You can also start with both an executable program and a core file specified:
gdb program core
You can, instead, specify a process ID as a second argument, if you want to debug a
running process:
gdb program 1234
would attach gdb to process 1234 (unless you also have a file named ‘1234’; gdb does check
for a core file first).
Taking advantage of the second command-line argument requires a fairly complete op-
erating system; when you use gdb as a remote debugger attached to a bare board, there
may not be any notion of “process”, and there is often no way to get a core dump. gdb
will warn you if it is unable to attach or to read core dumps.
You can optionally have gdb pass any arguments after the executable file to the inferior
using --args. This option stops option processing.
gdb --args gcc -O2 -c foo.c
This will cause gdb to debug gcc, and to set gcc’s command-line arguments (see hunde-
finedi [Arguments], page hundefinedi) to ‘-O2 -c foo.c’.
You can run gdb without printing the front material, which describes gdb’s
non-warranty, by specifying -silent:
gdb -silent
You can further control how gdb starts up by using command-line options. gdb itself can
remind you of the options available.
Type
gdb -help
to display all available options and briefly describe their use (‘gdb -h’ is a shorter equiva-
lent).
All options and command line arguments you give are processed in sequential order. The
order makes a difference when the ‘-x’ option is used.
12 Debugging with gdb
When gdb starts, it reads any arguments other than options as specifying an executable
file and core file (or process ID). This is the same as if the arguments were specified by the
‘-se’ and ‘-c’ (or ‘-p’) options respectively. (gdb reads the first argument that does not
have an associated option flag as equivalent to the ‘-se’ option followed by that argument;
and the second argument that does not have an associated option flag, if any, as equivalent
to the ‘-c’/‘-p’ option followed by that argument.) If the second argument begins with a
decimal digit, gdb will first attempt to attach to it as a process, and if that fails, attempt
to open it as a corefile. If you have a corefile whose name begins with a digit, you can
prevent gdb from treating it as a pid by prefixing it with ‘./’, e.g. ‘./12345’.
If gdb has not been configured to included core file support, such as for most embedded
targets, then it will complain about a second argument and ignore it.
Many options have both long and short forms; both are shown in the following list. gdb
also recognizes the long forms if you truncate them, so long as enough of the option is
present to be unambiguous. (If you prefer, you can flag option arguments with ‘--’ rather
than ‘-’, though we illustrate the more usual convention.)
-symbols file
-s file Read symbol table from file file.
-exec file
-e file Use file file as the executable file to execute when appropriate, and for examining
pure data in conjunction with a core dump.
-se file Read symbol table from file file and use it as the executable file.
-core file
-c file Use file file as a core dump to examine.
-pid number
-p number
Connect to process ID number, as with the attach command.
-command file
-x file Execute commands from file file. The contents of this file is evaluated exactly
as the source command would. See hundefinedi [Command files], page hunde-
finedi.
-eval-command command
-ex command
Execute a single gdb command.
This option may be used multiple times to call multiple commands. It may also
be interleaved with ‘-command’ as required.
gdb -ex ’target sim’ -ex ’load’ \
-x setbreakpoints -ex ’run’ a.out
-directory directory
-d directory
Add directory to the path to search for source and script files.
Chapter 2: Getting In and Out of gdb 13
-r
-readnow Read each symbol file’s entire symbol table immediately, rather than the default,
which is to read it incrementally as it is needed. This makes startup slower,
but makes future operations faster.
You can run gdb in various alternative modes—for example, in batch mode or quiet
mode.
-nx
-n Do not execute commands found in any initialization files. Normally, gdb exe-
cutes the commands in these files after all the command options and arguments
have been processed. See hundefinedi [Command Files], page hundefinedi.
-quiet
-silent
-q “Quiet”. Do not print the introductory and copyright messages. These mes-
sages are also suppressed in batch mode.
-batch Run in batch mode. Exit with status 0 after processing all the command files
specified with ‘-x’ (and all commands from initialization files, if not inhibited
with ‘-n’). Exit with nonzero status if an error occurs in executing the gdb
commands in the command files. Batch mode also disables pagination, sets
unlimited terminal width and height see hundefinedi [Screen Size], page hun-
definedi, and acts as if set confirm off were in effect (see hundefinedi [Mes-
sages/Warnings], page hundefinedi).
Batch mode may be useful for running gdb as a filter, for example to download
and run a program on another computer; in order to make this more useful, the
message
Program exited normally.
(which is ordinarily issued whenever a program running under gdb control
terminates) is not issued when running in batch mode.
-batch-silent
Run in batch mode exactly like ‘-batch’, but totally silently. All gdb output to
stdout is prevented (stderr is unaffected). This is much quieter than ‘-silent’
and would be useless for an interactive session.
This is particularly useful when using targets that give ‘Loading section’ mes-
sages, for example.
Note that targets that give their output via gdb, as opposed to writing directly
to stdout, will also be made silent.
-return-child-result
The return code from gdb will be the return code from the child process (the
process being debugged), with the following exceptions:
• gdb exits abnormally. E.g., due to an incorrect argument or an internal
error. In this case the exit code is the same as it would have been without
‘-return-child-result’.
14 Debugging with gdb
-baud bps
-b bps Set the line speed (baud rate or bits per second) of any serial interface used by
gdb for remote debugging.
-l timeout
Set the timeout (in seconds) of any communication used by gdb for remote
debugging.
-tty device
-t device
Run using device for your program’s standard input and output.
-tui Activate the Text User Interface when starting. The Text User Interface man-
ages several text windows on the terminal, showing source, assembly, regis-
ters and gdb command outputs (see hundefinedi [gdb Text User Interface],
page hundefinedi). Alternatively, the Text User Interface can be enabled by
invoking the program ‘gdbtui’. Do not use this option if you run gdb from
Emacs (see hundefinedi [Using gdb under gnu Emacs], page hundefinedi).
-interpreter interp
Use the interpreter interp for interface with the controlling program or device.
This option is meant to be set by programs which communicate with gdb using
it as a back end. See hundefinedi [Command Interpreters], page hundefinedi.
‘--interpreter=mi’ (or ‘--interpreter=mi2’) causes gdb to use the gdb/mi
interface (see hundefinedi [The gdb/mi Interface], page hundefinedi) included
since gdb version 6.0. The previous gdb/mi interface, included in gdb version
5.3 and selected with ‘--interpreter=mi1’, is deprecated. Earlier gdb/mi
interfaces are no longer supported.
-write Open the executable and core files for both reading and writing. This is equiv-
alent to the ‘set write on’ command inside gdb (see hundefinedi [Patching],
page hundefinedi).
-statistics
This option causes gdb to print statistics about time and memory usage after
it completes each command and returns to the prompt.
-version This option causes gdb to print its version number and no-warranty blurb, and
exit.
3. Reads the init file (if any) in your home directory1 and executes all the commands in
that file.
4. Processes command line options and operands.
5. Reads and executes the commands from init file (if any) in the current working direc-
tory. This is only done if the current directory is different from your home directory.
Thus, you can have more than one init file, one generic in your home directory, and
another, specific to the program you are debugging, in the directory where you invoke
gdb.
6. If the command line specified a program to debug, or a process to attach to, or a core
file, gdb loads any auto-loaded scripts provided for the program or for its loaded shared
libraries. See hundefinedi [Auto-loading], page hundefinedi.
If you wish to disable the auto-loading during startup, you must do something like the
following:
$ gdb -ex "set auto-load-scripts off" -ex "file myprogram"
The following does not work because the auto-loading is turned off too late:
$ gdb -ex "set auto-load-scripts off" myprogram
7. Reads command files specified by the ‘-x’ option. See hundefinedi [Command Files],
page hundefinedi, for more details about gdb command files.
8. Reads the command history recorded in the history file. See hundefinedi [Command
History], page hundefinedi, for more details about the command history and the files
where gdb records it.
Init files use the same syntax as command files (see hundefinedi [Command Files],
page hundefinedi) and are processed by gdb in the same way. The init file in your home
directory can set options (such as ‘set complaints’) that affect subsequent processing of
command line options and operands. Init files are not executed if you use the ‘-nx’ option
(see hundefinedi [Choosing Modes], page hundefinedi).
To display the list of init files loaded by gdb at startup, you can use gdb --help.
The gdb init files are normally called ‘.gdbinit’. The DJGPP port of gdb uses the
name ‘gdb.ini’, due to the limitations of file names imposed by DOS filesystems. The
Windows ports of gdb use the standard name, but if they find a ‘gdb.ini’ file, they warn
you about that and suggest to rename the file to the standard name.
quit [expression ]
q To exit gdb, use the quit command (abbreviated q), or type an end-of-file
character (usually Ctrl-d). If you do not supply expression, gdb will terminate
normally; otherwise it will terminate using the result of expression as the error
code.
An interrupt (often Ctrl-c) does not exit from gdb, but rather terminates the action
of any gdb command that is in progress and returns to gdb command level. It is safe to
1
On DOS/Windows systems, the home directory is the one pointed to by the HOME environment variable.
Chapter 2: Getting In and Out of gdb 17
type the interrupt character at any time because gdb does not allow it to take effect until
a time when it is safe.
If you have been using gdb to control an attached process or device, you can release
it with the detach command (see hundefinedi [Debugging an Already-running Process],
page hundefinedi).
If you need to execute occasional shell commands during your debugging session, there
is no need to leave or suspend gdb; you can just use the shell command.
make make-args
Execute the make program with the specified arguments. This is equivalent to
‘shell make make-args ’.
You may want to save the output of gdb commands to a file. There are several commands
to control gdb’s logging.
set logging on
Enable logging.
set logging off
Disable logging.
set logging file file
Change the name of the current logfile. The default logfile is ‘gdb.txt’.
set logging overwrite [on|off]
By default, gdb will append to the logfile. Set overwrite if you want set
logging on to overwrite the logfile instead.
set logging redirect [on|off]
By default, gdb output will go to both the terminal and the logfile. Set
redirect if you want output to go only to the log file.
show logging
Show the current values of the logging settings.
18 Debugging with gdb
Chapter 3: gdb Commands 19
3 gdb Commands
You can abbreviate a gdb command to the first few letters of the command name, if
that abbreviation is unambiguous; and you can repeat certain gdb commands by typing
just hRETi. You can also use the hTABi key to get gdb to fill out the rest of a word in a
command (or to show you the alternatives available, if there is more than one possibility).
A gdb command is a single line of input. There is no limit on how long it can be.
It starts with a command name, which is followed by arguments whose meaning depends
on the command name. For example, the command step accepts an argument which is
the number of times to step, as in ‘step 5’. You can also use the step command with no
arguments. Some commands do not allow any arguments.
gdb command names may always be truncated if that abbreviation is unambiguous.
Other possible command abbreviations are listed in the documentation for individual com-
mands. In some cases, even ambiguous abbreviations are allowed; for example, s is specially
defined as equivalent to step even though there are other commands whose names start
with s. You can test abbreviations by using them as arguments to the help command.
A blank line as input to gdb (typing just hRETi) means to repeat the previous command.
Certain commands (for example, run) will not repeat this way; these are commands whose
unintentional repetition might cause trouble and which you are unlikely to want to repeat.
User-defined commands can disable this feature; see hundefinedi [Define], page hundefinedi.
The list and x commands, when you repeat them with hRETi, construct new arguments
rather than repeating exactly as typed. This permits easy scanning of source or memory.
gdb can also use hRETi in another way: to partition lengthy output, in a way similar to
the common utility more (see hundefinedi [Screen Size], page hundefinedi). Since it is easy
to press one hRETi too many in this situation, gdb disables command repetition after any
command that generates this sort of display.
Any text from a # to the end of the line is a comment; it does nothing. This is useful
mainly in command files (see hundefinedi [Command Files], page hundefinedi).
The Ctrl-o binding is useful for repeating a complex sequence of commands. This
command accepts the current line, like hRETi, and then fetches the next line relative to the
current line from the history for editing.
gdb can fill in the rest of a word in a command for you, if there is only one possibility;
it can also show you what the valid possibilities are for the next word in a command, at
any time. This works for gdb commands, gdb subcommands, and the names of symbols
in your program.
Press the hTABi key whenever you want gdb to fill out the rest of a word. If there is only
one possibility, gdb fills in the word, and waits for you to finish the command (or press
hRETi to enter it). For example, if you type
20 Debugging with gdb
You can always ask gdb itself for information on its commands, using the command
help.
help
h You can use help (abbreviated h) with no arguments to display a short list of
named classes of commands:
(gdb) help
List of classes of commands:
1
The completer can be confused by certain kinds of invalid expressions. Also, it only examines the static
type of the expression, not the dynamic type.
22 Debugging with gdb
help class
Using one of the general help classes as an argument, you can get a list of the
individual commands in that class. For example, here is the help display for
the class status:
(gdb) help status
Status inquiries.
List of commands:
help command
With a command name as help argument, gdb displays a short paragraph on
how to use that command.
apropos args
The apropos command searches through all of the gdb commands, and their
documentation, for the regular expression specified in args. It prints out all
matches found. For example:
apropos reload
results in:
set symbol-reloading -- Set dynamic symbol table reloading
multiple times in one run
show symbol-reloading -- Show dynamic symbol table reloading
multiple times in one run
complete args
The complete args command lists all the possible completions for the begin-
ning of a command. Use args to specify the beginning of the command you
want completed. For example:
complete i
results in:
Chapter 3: gdb Commands 23
if
ignore
info
inspect
This is intended for use by gnu Emacs.
In addition to help, you can use the gdb commands info and show to inquire about
the state of your program, or the state of gdb itself. Each command supports many topics
of inquiry; this manual introduces each of them in the appropriate context. The listings
under info and under show in the Index point to all the sub-commands. See hundefinedi
[Index], page hundefinedi.
info This command (abbreviated i) is for describing the state of your program. For
example, you can show the arguments passed to a function with info args,
list the registers currently in use with info registers, or list the breakpoints
you have set with info breakpoints. You can get a complete list of the info
sub-commands with help info.
set You can assign the result of an expression to an environment variable with set.
For example, you can set the gdb prompt to a $-sign with set prompt $.
show In contrast to info, show is for describing the state of gdb itself. You can
change most of the things you can show, by using the related command set;
for example, you can control what number system is used for displays with set
radix, or simply inquire which is currently in use with show radix.
To display all the settable parameters and their current values, you can use
show with no arguments; you may also use info set. Both commands produce
the same display.
Here are three miscellaneous show subcommands, all of which are exceptional in lacking
corresponding set commands:
show version
Show what version of gdb is running. You should include this information in
gdb bug-reports. If multiple versions of gdb are in use at your site, you may
need to determine which version of gdb you are running; as gdb evolves, new
commands are introduced, and old ones may wither away. Also, many system
vendors ship variant versions of gdb, and there are variant versions of gdb in
gnu/Linux distributions as well. The version number is the same as the one
announced when you start gdb.
show copying
info copying
Display information about permission for copying gdb.
show warranty
info warranty
Display the gnu “NO WARRANTY” statement, or a warranty, if your version
of gdb comes with one.
24 Debugging with gdb
Chapter 4: Running Programs Under gdb 25
run
r Use the run command to start your program under gdb. You must first specify
the program name (except on VxWorks) with an argument to gdb (see hunde-
finedi [Getting In and Out of gdb], page hundefinedi), or by using the file or
exec-file command (see hundefinedi [Commands to Specify Files], page hun-
definedi).
26 Debugging with gdb
If you are running your program in an execution environment that supports processes,
run creates an inferior process and makes that process run your program. In some envi-
ronments without processes, run jumps to the start of your program. Other targets, like
‘remote’, are always running. If you get an error message like this one:
The "remote" target does not support "run".
Try "help target" or "continue".
then use continue to run your program. You may need load first (see hundefinedi [load],
page hundefinedi).
The execution of a program is affected by certain information it receives from its superior.
gdb provides ways to specify this information, which you must do before starting your
program. (You can change it after starting your program, but such changes only affect your
program the next time you start it.) This information may be divided into four categories:
The arguments.
Specify the arguments to give your program as the arguments of the run com-
mand. If a shell is available on your target, the shell is used to pass the argu-
ments, so that you may use normal conventions (such as wildcard expansion or
variable substitution) in describing the arguments. In Unix systems, you can
control which shell is used with the SHELL environment variable. See hunde-
finedi [Your Program’s Arguments], page hundefinedi.
The environment.
Your program normally inherits its environment from gdb, but you can use the
gdb commands set environment and unset environment to change parts of
the environment that affect your program. See hundefinedi [Your Program’s
Environment], page hundefinedi.
The working directory.
Your program inherits its working directory from gdb. You can set the gdb
working directory with the cd command in gdb. See hundefinedi [Your Pro-
gram’s Working Directory], page hundefinedi.
The standard input and output.
Your program normally uses the same device for standard input and standard
output as gdb is using. You can redirect input and output in the run command
line, or you can use the tty command to set a different device for your program.
See hundefinedi [Your Program’s Input and Output], page hundefinedi.
Warning: While input and output redirection work, you cannot use pipes to
pass the output of the program you are debugging to another program; if you
attempt this, gdb is likely to wind up debugging the wrong program.
When you issue the run command, your program begins to execute immediately. See
hundefinedi [Stopping and Continuing], page hundefinedi, for discussion of how to arrange
for your program to stop. Once your program has stopped, you may call functions in
your program, using the print or call commands. See hundefinedi [Examining Data],
page hundefinedi.
If the modification time of your symbol file has changed since the last time gdb read its
symbols, gdb discards its symbol table, and reads it again. When it does this, gdb tries to
retain your current breakpoints.
Chapter 4: Running Programs Under gdb 27
start The name of the main procedure can vary from language to language. With
C or C++, the main procedure name is always main, but other languages such
as Ada do not require a specific name for their main procedure. The debugger
provides a convenient way to start the execution of the program and to stop at
the beginning of the main procedure, depending on the language used.
The ‘start’ command does the equivalent of setting a temporary breakpoint
at the beginning of the main procedure and then invoking the ‘run’ command.
Some programs contain an elaboration phase where some startup code is exe-
cuted before the main procedure is called. This depends on the languages used
to write your program. In C++, for instance, constructors for static and global
objects are executed before main is called. It is therefore possible that the
debugger stops before reaching the main procedure. However, the temporary
breakpoint will remain to halt execution.
Specify the arguments to give to your program as arguments to the ‘start’
command. These arguments will be given verbatim to the underlying ‘run’
command. Note that the same arguments will be reused if no argument is
provided during subsequent calls to ‘start’ or ‘run’.
It is sometimes necessary to debug the program during elaboration. In these
cases, using the start command would stop the execution of your program
too late, as the program would have already completed the elaboration phase.
Under these circumstances, insert breakpoints in your elaboration code before
running your program.
set exec-wrapper wrapper
show exec-wrapper
unset exec-wrapper
When ‘exec-wrapper’ is set, the specified wrapper is used to launch programs
for debugging. gdb starts your program with a shell command of the form exec
wrapper program . Quoting is added to program and its arguments, but not to
wrapper, so you should add quotes if appropriate for your shell. The wrapper
runs until it executes your program, and then gdb takes control.
You can use any program that eventually calls execve with its arguments as
a wrapper. Several standard Unix utilities do this, e.g. env and nohup. Any
Unix shell script ending with exec "$@" will also work.
For example, you can use env to pass an environment variable to the debugged
program, without setting the variable in your shell’s environment:
(gdb) set exec-wrapper env ’LD_PRELOAD=libtest.so’
(gdb) run
This command is available when debugging locally on most targets, excluding
djgpp, Cygwin, MS Windows, and QNX Neutrino.
set disable-randomization
set disable-randomization on
This option (enabled by default in gdb) will turn off the native randomiza-
tion of the virtual address space of the started program. This option is useful
for multiple debugging sessions to make the execution better reproducible and
memory addresses reusable across debugging sessions.
28 Debugging with gdb
This feature is implemented only on gnu/Linux. You can get the same behavior
using
(gdb) set exec-wrapper setarch ‘uname -m‘ -R
set disable-randomization off
Leave the behavior of the started executable unchanged. Some bugs rear their
ugly heads only when the program is loaded at certain addresses. If your bug
disappears when you run the program under gdb, that might be because gdb
by default disables the address randomization on platforms, such as gnu/Linux,
which do that for stand-alone programs. Use set disable-randomization off
to try to reproduce such elusive bugs.
The virtual address space randomization is implemented only on gnu/Linux.
It protects the programs against some kinds of security attacks. In these cases
the attacker needs to know the exact location of a concrete executable code.
Randomizing its location makes it impossible to inject jumps misusing a code
at its expected addresses.
Prelinking shared libraries provides a startup performance advantage but it
makes addresses in these libraries predictable for privileged processes by having
just unprivileged access at the target system. Reading the shared library binary
gives enough information for assembling the malicious code misusing it. Still
even a prelinked shared library can get loaded at a new random address just
requiring the regular relocation process during the startup. Shared libraries not
already prelinked are always loaded at a randomly chosen address.
Position independent executables (PIE) contain position independent code sim-
ilar to the shared libraries and therefore such executables get loaded at a ran-
domly chosen address upon startup. PIE executables always load even already
prelinked shared libraries at a random address. You can build such executable
using gcc -fPIE -pie.
Heap (malloc storage), stack and custom mmap areas are always placed ran-
domly (as long as the randomization is enabled).
show disable-randomization
Show the current setting of the explicit disable of the native randomization of
the virtual address space of the started program.
set args Specify the arguments to be used the next time your program is run. If set
args has no arguments, run executes your program with no arguments. Once
you have run your program with arguments, using set args before the next
run is the only way to run it again without arguments.
show args Show the arguments to give your program when it is started.
The environment consists of a set of environment variables and their values. Environment
variables conventionally record such things as your user name, your home directory, your
terminal type, and your search path for programs to run. Usually you set up environment
variables with the shell and they are inherited by all the other programs you run. When
debugging, it can be useful to try running your program with a modified environment
without having to start gdb over again.
path directory
Add directory to the front of the PATH environment variable (the search path
for executables) that will be passed to your program. The value of PATH used
by gdb does not change. You may specify several directory names, separated
by whitespace or by a system-dependent separator character (‘:’ on Unix, ‘;’
on MS-DOS and MS-Windows). If directory is already in the path, it is moved
to the front, so it is searched sooner.
You can use the string ‘$cwd’ to refer to whatever is the current working direc-
tory at the time gdb searches the path. If you use ‘.’ instead, it refers to the
directory where you executed the path command. gdb replaces ‘.’ in the di-
rectory argument (with the current path) before adding directory to the search
path.
show paths
Display the list of search paths for executables (the PATH environment variable).
show environment [varname ]
Print the value of environment variable varname to be given to your program
when it starts. If you do not supply varname, print the names and values of
all environment variables to be given to your program. You can abbreviate
environment as env.
set environment varname [=value ]
Set environment variable varname to value. The value changes for your program
only, not for gdb itself. value may be any string; the values of environment
variables are just strings, and any interpretation is supplied by your program
itself. The value parameter is optional; if it is eliminated, the variable is set to
a null value.
For example, this command:
set env USER = foo
tells the debugged program, when subsequently run, that its user is named
‘foo’. (The spaces around ‘=’ are used for clarity here; they are not actually
required.)
30 Debugging with gdb
Each time you start your program with run, it inherits its working directory from the
current working directory of gdb. The gdb working directory is initially whatever it in-
herited from its parent process (typically the shell), but you can specify a new working
directory in gdb with the cd command.
The gdb working directory also serves as a default for the commands that specify files
for gdb to operate on. See hundefinedi [Commands to Specify Files], page hundefinedi.
cd directory
Set the gdb working directory to directory.
pwd Print the gdb working directory.
It is generally impossible to find the current working directory of the process being
debugged (since a program can change its directory during its run). If you work on a system
where gdb is configured with the ‘/proc’ support, you can use the info proc command (see
hundefinedi [SVR4 Process Information], page hundefinedi) to find out the current working
directory of the debuggee.
By default, the program you run under gdb does input and output to the same terminal
that gdb uses. gdb switches the terminal to its own terminal modes to interact with you,
but it records the terminal modes your program was using and switches back to them when
you continue running your program.
info terminal
Displays information recorded by gdb about the terminal modes your program
is using.
You can redirect your program’s input and/or output using shell redirection with the
run command. For example,
run > outfile
starts your program, diverting its output to the file ‘outfile’.
Chapter 4: Running Programs Under gdb 31
Another way to specify where your program should do input and output is with the
tty command. This command accepts a file name as argument, and causes this file to be
the default for future run commands. It also resets the controlling terminal for the child
process, for future run commands. For example,
tty /dev/ttyb
directs that processes started with subsequent run commands default to do input and output
on the terminal ‘/dev/ttyb’ and have that as their controlling terminal.
An explicit redirection in run overrides the tty command’s effect on the input/output
device, but not its effect on the controlling terminal.
When you use the tty command or redirect input in the run command, only the input
for your program is affected. The input for gdb still comes from your terminal. tty is an
alias for set inferior-tty.
You can use the show inferior-tty command to tell gdb to display the name of the
terminal that will be used for future runs of your program.
set inferior-tty /dev/ttyb
Set the tty for the program being debugged to /dev/ttyb.
show inferior-tty
Show the current tty for the program being debugged.
attach process-id
This command attaches to a running process—one that was started outside
gdb. (info files shows your active targets.) The command takes as argument
a process ID. The usual way to find out the process-id of a Unix process is with
the ps utility, or with the ‘jobs -l’ shell command.
attach does not repeat if you press hRETi a second time after executing the
command.
To use attach, your program must be running in an environment which supports pro-
cesses; for example, attach does not work for programs on bare-board targets that lack an
operating system. You must also have permission to send the process a signal.
When you use attach, the debugger finds the program running in the process first by
looking in the current working directory, then (if the program is not found) by using the
source file search path (see hundefinedi [Specifying Source Directories], page hundefinedi).
You can also use the file command to load the program. See hundefinedi [Commands to
Specify Files], page hundefinedi.
The first thing gdb does after arranging to debug the specified process is to stop it. You
can examine and modify an attached process with all the gdb commands that are ordinarily
available when you start processes with run. You can insert breakpoints; you can step and
continue; you can modify storage. If you would rather the process continue running, you
may use the continue command after attaching gdb to the process.
detach When you have finished debugging the attached process, you can use the detach
command to release it from gdb control. Detaching the process continues its
32 Debugging with gdb
execution. After the detach command, that process and gdb become com-
pletely independent once more, and you are ready to attach another process
or start one with run. detach does not repeat if you press hRETi again after
executing the command.
If you exit gdb while you have an attached process, you detach that process. If you
use the run command, you kill that process. By default, gdb asks for confirmation if
you try to do either of these things; you can control whether or not you need to confirm
by using the set confirm command (see hundefinedi [Optional Warnings and Messages],
page hundefinedi).
kill Kill the child process in which your program is running under gdb.
This command is useful if you wish to debug a core dump instead of a running process.
gdb ignores any core dump file while your program is running.
On some operating systems, a program cannot be executed outside gdb while you have
breakpoints set on it inside gdb. You can use the kill command in this situation to permit
running your program outside the debugger.
The kill command is also useful if you wish to recompile and relink your program,
since on many systems it is impossible to modify an executable file while it is running in a
process. In this case, when you next type run, gdb notices that the file has changed, and
reads the symbol table again (while trying to preserve your current breakpoint settings).
gdb lets you run and debug multiple programs in a single session. In addition, gdb on
some systems may let you run several programs simultaneously (otherwise you have to exit
from one before starting another). In the most general case, you can have multiple threads
of execution in each of multiple processes, launched from multiple executables.
gdb represents the state of each program execution with an object called an inferior.
An inferior typically corresponds to a process, but is more general and applies also to
targets that do not have processes. Inferiors may be created before a process runs, and may
be retained after a process exits. Inferiors have unique identifiers that are different from
process ids. Usually each inferior will also have its own distinct address space, although
some embedded targets may have several inferiors running in different parts of a single
address space. Each inferior may in turn have multiple threads running in it.
To find out what inferiors exist at any moment, use info inferiors:
info inferiors
Print a list of all inferiors currently being managed by gdb.
gdb displays for each inferior (in this order):
1. the inferior number assigned by gdb
2. the target system’s inferior identifier
Chapter 4: Running Programs Under gdb 33
inferior infno
Make inferior number infno the current inferior. The argument infno is the infe-
rior number assigned by gdb, as shown in the first field of the ‘info inferiors’
display.
You can get multiple executables into a debugging session via the add-inferior and
clone-inferior commands. On some systems gdb can add inferiors to the debug session
automatically by following calls to fork and exec. To remove inferiors from the debugging
session use the remove-inferior command.
* 1 hello
Here we can see that no inferior is running the program hello, while process
21561 is running the program goodbye. On some targets, it is possible that
multiple inferiors are bound to the same program space. The most common
example is that of debugging both the parent and child processes of a vfork
call. For example,
(gdb) maint info program-spaces
Id Executable
* 1 vfork-test
Bound inferiors: ID 2 (process 18050), ID 1 (process 18045)
Here, both inferior 2 and inferior 1 are running in the same program space as
a result of inferior 1 having executed a vfork call.
In some operating systems, such as HP-UX and Solaris, a single program may have more
than one thread of execution. The precise semantics of threads differ from one operating
system to another, but in general the threads of a single program are akin to multiple
processes—except that they share one address space (that is, they can all examine and
modify the same variables). On the other hand, each thread has its own registers and
execution stack, and perhaps private memory.
gdb provides these facilities for debugging multi-thread programs:
• automatic notification of new threads
• ‘thread threadno ’, a command to switch among threads
• ‘info threads’, a command to inquire about existing threads
• ‘thread apply [threadno ] [all ] args ’, a command to apply a command to a list of
threads
• thread-specific breakpoints
• ‘set print thread-events’, which controls printing of messages on thread start and
exit.
• ‘set libthread-db-search-path path ’, which lets the user specify which libthread_
db to use if the default choice isn’t compatible with the program.
Warning: These facilities are not yet available on every gdb configuration
where the operating system supports threads. If your gdb does not support
threads, these commands have no effect. For example, a system without thread
support shows no output from ‘info threads’, and always rejects the thread
command, like this:
(gdb) info threads
(gdb) thread 1
Thread ID 1 not known. Use the "info threads" command to
see the IDs of currently known threads.
The gdb thread debugging facility allows you to observe all threads while your program
runs—but whenever gdb takes control, one thread in particular is always the focus of
debugging. This thread is called the current thread. Debugging commands show program
information from the perspective of the current thread.
36 Debugging with gdb
Whenever gdb detects a new thread in your program, it displays the target system’s iden-
tification for the thread with a message in the form ‘[New systag ]’. systag is a thread iden-
tifier whose form varies depending on the particular system. For example, on gnu/Linux,
you might see
[New Thread 46912507313328 (LWP 25582)]
when gdb notices a new thread. In contrast, on an SGI system, the systag is simply
something like ‘process 368’, with no further qualifier.
For debugging purposes, gdb associates its own thread number—always a single
integer—with each thread in your program.
info threads
Display a summary of all threads currently in your program. gdb displays for
each thread (in this order):
1. the thread number assigned by gdb
2. the target system’s thread identifier (systag)
3. the thread’s name, if one is known. A thread can either be named by the
user (see thread name, below), or, in some cases, by the program itself.
4. the current stack frame summary for that thread
An asterisk ‘*’ to the left of the gdb thread number indicates the current thread.
For example,
(gdb) info threads
Id Target Id Frame
3 process 35 thread 27 0x34e5 in sigpause ()
2 process 35 thread 23 0x34e5 in sigpause ()
* 1 process 35 thread 13 main (argc=1, argv=0x7ffffff8)
at threadtest.c:68
On Solaris, you can display more information about user threads with a Solaris-specific
command:
maint info sol-threads
Display info on Solaris user threads.
thread threadno
Make thread number threadno the current thread. The command argument
threadno is the internal gdb thread number, as shown in the first field of the
‘info threads’ display. gdb responds by displaying the system identifier of the
thread you selected, and its current stack frame summary:
(gdb) thread 2
[Switching to thread 2 (Thread 0xb7fdab70 (LWP 12747))]
#0 some_function (ignore=0x0) at example.c:8
8 printf ("hello\n");
As with the ‘[New ...]’ message, the form of the text after ‘Switching to’
depends on your system’s conventions for identifying threads.
The debugger convenience variable ‘$_thread’ contains the number of the cur-
rent thread. You may find this useful in writing breakpoint conditional ex-
pressions, command scripts, and so forth. See See hundefinedi [Convenience
Variables], page hundefinedi, for general information on convenience variables.
Chapter 4: Running Programs Under gdb 37
On most systems, gdb has no special support for debugging programs which create
additional processes using the fork function. When a program forks, gdb will continue
to debug the parent process and the child process will run unimpeded. If you have set a
breakpoint in any code which the child then executes, the child will get a SIGTRAP signal
which (unless it catches the signal) will cause it to terminate.
However, if you want to debug the child process there is a workaround which isn’t too
painful. Put a call to sleep in the code which the child process executes after the fork. It
may be useful to sleep only if a certain environment variable is set, or a certain file exists,
so that the delay need not occur when you don’t want to run gdb on the child. While the
child is sleeping, use the ps program to get its process ID. Then tell gdb (a new invocation
of gdb if you are also debugging the parent process) to attach to the child process (see hun-
definedi [Attach], page hundefinedi). From that point on you can debug the child process
just like any other process which you attached to.
On some systems, gdb provides support for debugging programs that create additional
processes using the fork or vfork functions. Currently, the only platforms with this feature
are HP-UX (11.x and later only?) and gnu/Linux (kernel version 2.5.60 and later).
By default, when a program forks, gdb will continue to debug the parent process and
the child process will run unimpeded.
If you want to follow the child process instead of the parent process, use the command
set follow-fork-mode.
show follow-fork-mode
Display the current debugger response to a fork or vfork call.
Chapter 4: Running Programs Under gdb 39
On Linux, if you want to debug both the parent and child processes, use the command
set detach-on-fork.
show detach-on-fork
Show whether detach-on-fork mode is on/off.
If you choose to set ‘detach-on-fork’ mode off, then gdb will retain control of all forked
processes (including nested forks). You can list the forked processes under the control
of gdb by using the info inferiors command, and switch from one fork to another by
using the inferior command (see hundefinedi [Debugging Multiple Inferiors and Programs],
page hundefinedi).
To quit debugging one of the forked processes, you can either detach from it by using
the detach inferior command (allowing it to run independently), or kill it using the
kill inferior command. See hundefinedi [Debugging Multiple Inferiors and Programs],
page hundefinedi.
If you ask to debug a child process and a vfork is followed by an exec, gdb executes
the new target up to the first breakpoint in the new target. If you have a breakpoint set on
main in your original program, the breakpoint will also be set on the child process’s main.
On some systems, when a child process is spawned by vfork, you cannot debug the child
or parent until an exec call completes.
If you issue a run command to gdb after an exec call executes, the new target restarts.
To restart the parent process, use the file command with the parent executable name
as its argument. By default, after an exec call executes, gdb discards the symbols of the
previous executable image. You can change this behaviour with the set follow-exec-mode
command.
same gdb keeps the process bound to the same inferior. The new exe-
cutable image replaces the previous executable loaded in the infe-
rior. Restarting the inferior after the exec call, with e.g., the run
command, restarts the executable the process was running after the
exec call. This is the default mode.
For example:
(gdb) info inferiors
Id Description Executable
* 1 <null> prog1
(gdb) run
process 12020 is executing new program: prog2
Program exited normally.
(gdb) info inferiors
Id Description Executable
* 1 <null> prog2
You can use the catch command to make gdb stop whenever a fork, vfork, or exec
call is made. See hundefinedi [Setting Catchpoints], page hundefinedi.
1
Currently, only gnu/Linux.
Chapter 4: Running Programs Under gdb 41
checkpoint
Save a snapshot of the debugged program’s current execution state. The
checkpoint command takes no arguments, but each checkpoint is assigned
a small integer id, similar to a breakpoint id.
info checkpoints
List the checkpoints that have been saved in the current debugging session. For
each checkpoint, the following information will be listed:
Checkpoint ID
Process ID
Code Address
Source line, or label
restart checkpoint-id
Restore the program state that was saved as checkpoint number checkpoint-id.
All program variables, registers, stack frames etc. will be returned to the values
that they had when the checkpoint was saved. In essence, gdb will “wind back
the clock” to the point in time when the checkpoint was saved.
Note that breakpoints, gdb variables, command history etc. are not affected
by restoring a checkpoint. In general, a checkpoint only restores things that
reside in the program being debugged, not in the debugger.
delete checkpoint checkpoint-id
Delete the previously-saved checkpoint identified by checkpoint-id.
Returning to a previously saved checkpoint will restore the user state of the program
being debugged, plus a significant subset of the system (OS) state, including file pointers. It
won’t “un-write” data from a file, but it will rewind the file pointer to the previous location,
so that the previously written data can be overwritten. For files opened in read mode, the
pointer will also be restored so that the previously read data can be read again.
Of course, characters that have been sent to a printer (or other external device) cannot
be “snatched back”, and characters received from eg. a serial device can be removed from
internal program buffers, but they cannot be “pushed back” into the serial pipeline, ready
to be received again. Similarly, the actual contents of files that have been changed cannot
be restored (at this time).
However, within those constraints, you actually can “rewind” your program to a previ-
ously saved point in time, and begin debugging it again — and you can change the course
of events so as to debug a different execution path this time.
Finally, there is one bit of internal program state that will be different when you return
to a checkpoint — the program’s process id. Each checkpoint will have a unique process id
(or pid), and each will be different from the program’s original pid. If your program has
saved a local copy of its process id, this could potentially pose a problem.
watchpoint, on an absolute address if you have to restart the program, since the absolute
location of a symbol will change from one execution to the next.
A checkpoint, however, is an identical copy of a process. Therefore if you create a
checkpoint at (eg.) the start of main, and simply return to that checkpoint instead of
restarting the process, you can avoid the effects of address randomization and your symbols
will all stay in the same place.
Chapter 5: Stopping and Continuing 43
A breakpoint makes your program stop whenever a certain point in the program is
reached. For each breakpoint, you can add conditions to control in finer detail whether
your program stops. You can set breakpoints with the break command and its variants
(see hundefinedi [Setting Breakpoints], page hundefinedi), to specify the place where your
program should stop by line number, function name or exact address in the program.
On some systems, you can set breakpoints in shared libraries before the executable is
run. There is a minor limitation on HP-UX systems: you must wait until the executable
is run in order to set breakpoints in shared library routines that are not called directly by
the program (for example, routines that are arguments in a pthread_create call).
A watchpoint is a special breakpoint that stops your program when the value of an
expression changes. The expression may be a value of a variable, or it could involve values
of one or more variables combined by operators, such as ‘a + b’. This is sometimes called
data breakpoints. You must use a different command to set watchpoints (see hundefinedi
[Setting Watchpoints], page hundefinedi), but aside from that, you can manage a watchpoint
like any other breakpoint: you enable, disable, and delete both breakpoints and watchpoints
using the same commands.
You can arrange to have values from your program displayed automatically whenever
gdb stops at a breakpoint. See hundefinedi [Automatic Display], page hundefinedi.
A catchpoint is another special breakpoint that stops your program when a certain kind
of event occurs, such as the throwing of a C++ exception or the loading of a library. As
with watchpoints, you use a different command to set a catchpoint (see hundefinedi [Setting
Catchpoints], page hundefinedi), but aside from that, you can manage a catchpoint like any
other breakpoint. (To stop when your program receives a signal, use the handle command;
see hundefinedi [Signals], page hundefinedi.)
gdb assigns a number to each breakpoint, watchpoint, or catchpoint when you create
it; these numbers are successive integers starting with one. In many of the commands for
controlling various features of breakpoints you use the breakpoint number to say which
breakpoint you want to change. Each breakpoint may be enabled or disabled; if disabled,
it has no effect on your program until you enable it again.
44 Debugging with gdb
Breakpoints are set with the break command (abbreviated b). The debugger convenience
variable ‘$bpnum’ records the number of the breakpoint you’ve set most recently; see hunde-
finedi [Convenience Variables], page hundefinedi, for a discussion of what you can do with
convenience variables.
break location
Set a breakpoint at the given location, which can specify a function name, a line
number, or an address of an instruction. (See hundefinedi [Specify Location],
page hundefinedi, for a list of all the possible ways to specify a location.) The
breakpoint will stop your program just before it executes any of the code in the
specified location.
When using source languages that permit overloading of symbols, such as C++,
a function name may refer to more than one possible place to break. See hun-
definedi [Ambiguous Expressions], page hundefinedi, for a discussion of that
situation.
It is also possible to insert a breakpoint that will stop the program only if
a specific thread (see hundefinedi [Thread-Specific Breakpoints], page hunde-
finedi) or a specific task (see hundefinedi [Ada Tasks], page hundefinedi) hits
that breakpoint.
break When called without any arguments, break sets a breakpoint at the next in-
struction to be executed in the selected stack frame (see hundefinedi [Examining
the Stack], page hundefinedi). In any selected frame but the innermost, this
makes your program stop as soon as control returns to that frame. This is
similar to the effect of a finish command in the frame inside the selected
frame—except that finish does not leave an active breakpoint. If you use
break without an argument in the innermost frame, gdb stops the next time
it reaches the current location; this may be useful inside loops.
gdb normally ignores breakpoints when it resumes execution, until at least one
instruction has been executed. If it did not do this, you would be unable to pro-
ceed past a breakpoint without first disabling the breakpoint. This rule applies
whether or not the breakpoint already existed when your program stopped.
tbreak args
Set a breakpoint enabled only for one stop. args are the same as for the break
command, and the breakpoint is set in the same way, but the breakpoint is
automatically deleted after the first time your program stops there. See hunde-
finedi [Disabling Breakpoints], page hundefinedi.
hbreak args
Set a hardware-assisted breakpoint. args are the same as for the break com-
mand and the breakpoint is set in the same way, but the breakpoint requires
hardware support and some target hardware may not have this support. The
main purpose of this is EPROM/ROM code debugging, so you can set a break-
point at an instruction without changing the instruction. This can be used with
the new trap-generation provided by SPARClite DSU and most x86-based tar-
gets. These targets will generate traps when a program accesses some data or in-
struction address that is assigned to the debug registers. However the hardware
breakpoint registers can take a limited number of breakpoints. For example, on
the DSU, only two data breakpoints can be set at a time, and gdb will reject
this command if more than two are used. Delete or disable unused hardware
breakpoints before setting new ones (see hundefinedi [Disabling Breakpoints],
page hundefinedi). See hundefinedi [Break Conditions], page hundefinedi. For
remote targets, you can restrict the number of hardware breakpoints gdb will
use, see hundefinedi [set remote hardware-breakpoint-limit], page hundefinedi.
thbreak args
Set a hardware-assisted breakpoint enabled only for one stop. args are the
same as for the hbreak command and the breakpoint is set in the same way.
However, like the tbreak command, the breakpoint is automatically deleted
after the first time your program stops there. Also, like the hbreak command,
the breakpoint requires hardware support and some target hardware may not
have this support. See hundefinedi [Disabling Breakpoints], page hundefinedi.
See also hundefinedi [Break Conditions], page hundefinedi.
rbreak regex
Set breakpoints on all functions matching the regular expression regex. This
command sets an unconditional breakpoint on all matches, printing a list of all
breakpoints it set. Once these breakpoints are set, they are treated just like the
breakpoints set with the break command. You can delete them, disable them,
or make them conditional the same way as any other breakpoint.
The syntax of the regular expression is the standard one used with tools like
‘grep’. Note that this is different from the syntax used by shells, so for instance
foo* matches all functions that include an fo followed by zero or more os. There
is an implicit .* leading and trailing the regular expression you supply, so to
match only functions that begin with foo, use ^foo.
When debugging C++ programs, rbreak is useful for setting breakpoints on
overloaded functions that are not members of any special classes.
The rbreak command can be used to set breakpoints in all the functions in a
program, like this:
(gdb) rbreak .
46 Debugging with gdb
how many times the breakpoint was hit, and then run again, ignoring one less
than that number. This will get you quickly to the last hit of that breakpoint.
gdb allows you to set any number of breakpoints at the same place in your program.
There is nothing silly or meaningless about this. When the breakpoints are conditional,
this is even useful (see hundefinedi [Break Conditions], page hundefinedi).
It is possible that a breakpoint corresponds to several locations in your program. Ex-
amples of this situation are:
• For a C++ constructor, the gcc compiler generates several instances of the function
body, used in different cases.
• For a C++ template function, a given line in the function can correspond to any number
of instantiations.
• For an inlined function, a given source line can correspond to several places where that
function is inlined.
In all those cases, gdb will insert a breakpoint at all the relevant locations1 .
A breakpoint with multiple locations is displayed in the breakpoint table using several
rows—one header row, followed by one row for each breakpoint location. The header row
has ‘<MULTIPLE>’ in the address column. The rows for individual locations contain the
actual addresses for locations, and show the functions to which those locations belong. The
number column for a location is of the form breakpoint-number.location-number.
For example:
Num Type Disp Enb Address What
1 breakpoint keep y <MULTIPLE>
stop only if i==1
breakpoint already hit 1 time
1.1 y 0x080486a2 in void foo<int>() at t.cc:8
1.2 y 0x080486ca in void foo<double>() at t.cc:8
Each location can be individually enabled or disabled by passing breakpoint-
number.location-number as argument to the enable and disable commands. Note that
you cannot delete the individual locations from the list, you can only delete the entire
list of locations that belong to their parent breakpoint (with the delete num command,
where num is the number of the parent breakpoint, 1 in the above example). Disabling or
enabling the parent breakpoint (see hundefinedi [Disabling], page hundefinedi) affects all
of the locations that belong to that breakpoint.
It’s quite common to have a breakpoint inside a shared library. Shared libraries can
be loaded and unloaded explicitly, and possibly repeatedly, as the program is executed.
To support this use case, gdb updates breakpoint locations whenever any shared library
is loaded or unloaded. Typically, you would set a breakpoint in a shared library at the
beginning of your debugging session, when the library is not loaded, and when the symbols
from the library are not available. When you try to set breakpoint, gdb will ask you if you
want to set a so called pending breakpoint—breakpoint whose address is not yet resolved.
After the program is run, whenever a new shared library is loaded, gdb reevaluates all the
breakpoints. When a newly loaded shared library contains the symbol or line referred to by
1
As of this writing, multiple-location breakpoints work only if there’s line number information for all the
locations. This means that they will generally not work in system libraries, unless you have debug info
with line numbers for them.
48 Debugging with gdb
some pending breakpoint, that breakpoint is resolved and becomes an ordinary breakpoint.
When a library is unloaded, all breakpoints that refer to its symbols or source lines become
pending again.
This logic works for breakpoints with multiple locations, too. For example, if you have
a breakpoint in a C++ template function, and a newly loaded shared library has an instan-
tiation of that template, a new location is added to the list of locations for the breakpoint.
Except for having unresolved address, pending breakpoints do not differ from regular
breakpoints. You can set conditions or commands, enable and disable them and perform
other breakpoint operations.
gdb provides some additional commands for controlling what happens when the ‘break’
command cannot resolve breakpoint address specification to an address:
set breakpoint pending auto
This is the default behavior. When gdb cannot find the breakpoint location,
it queries you whether a pending breakpoint should be created.
set breakpoint pending on
This indicates that an unrecognized breakpoint location should automatically
result in a pending breakpoint being created.
set breakpoint pending off
This indicates that pending breakpoints are not to be created. Any unrecog-
nized breakpoint location results in an error. This setting does not affect any
pending breakpoints previously created.
show breakpoint pending
Show the current behavior setting for creating pending breakpoints.
The settings above only affect the break command and its variants. Once breakpoint is
set, it will be automatically updated as shared libraries are loaded and unloaded.
For some targets, gdb can automatically decide if hardware or software breakpoints
should be used, depending on whether the breakpoint address is read-only or read-write.
This applies to breakpoints set with the break command as well as to internal breakpoints
set by commands like next and finish. For breakpoints set with hbreak, gdb will always
use hardware breakpoints.
You can control this automatic behaviour with the following commands::
set breakpoint auto-hw on
This is the default behavior. When gdb sets a breakpoint, it will try to use the
target memory map to decide if software or hardware breakpoint must be used.
set breakpoint auto-hw off
This indicates gdb should not automatically select breakpoint type. If the
target provides a memory map, gdb will warn when trying to set software
breakpoint at a read-only address.
gdb normally implements breakpoints by replacing the program code at the breakpoint
address with a special instruction, which, when executed, given control to the debugger.
By default, the program code is so modified only when the program is resumed. As soon as
the program stops, gdb restores the original instructions. This behaviour guards against
Chapter 5: Stopping and Continuing 49
leaving breakpoints inserted in the target should gdb abrubptly disconnect. However, with
slow remote targets, inserting and removing breakpoint can reduce the performance. This
behavior can be controlled with the following commands::
set breakpoint always-inserted off
All breakpoints, including newly added by the user, are inserted in the target
only when the target is resumed. All breakpoints are removed from the target
when it stops.
set breakpoint always-inserted on
Causes all breakpoints to be inserted in the target at all times. If the user adds
a new breakpoint, or changes an existing breakpoint, the breakpoints in the
target are updated immediately. A breakpoint is removed from the target only
when breakpoint itself is removed.
set breakpoint always-inserted auto
This is the default mode. If gdb is controlling the inferior in non-stop mode (see
hundefinedi [Non-Stop Mode], page hundefinedi), gdb behaves as if breakpoint
always-inserted mode is on. If gdb is controlling the inferior in all-stop mode,
gdb behaves as if breakpoint always-inserted mode is off.
gdb itself sometimes sets breakpoints in your program for special purposes, such as
proper handling of longjmp (in C programs). These internal breakpoints are assigned
negative numbers, starting with -1; ‘info breakpoints’ does not display them. You can
see these breakpoints with the gdb maintenance command ‘maint info breakpoints’ (see
hundefinedi [maint info breakpoints], page hundefinedi).
You can use a watchpoint to stop execution whenever the value of an expression changes,
without having to predict a particular place where this may happen. (This is sometimes
called a data breakpoint.) The expression may be as simple as the value of a single variable,
or as complex as many variables combined by operators. Examples include:
• A reference to the value of a single variable.
• An address cast to an appropriate data type. For example, ‘*(int *)0x12345678’ will
watch a 4-byte region at the specified address (assuming an int occupies 4 bytes).
• An arbitrarily complex expression, such as ‘a*b + c/d’. The expression can use any op-
erators valid in the program’s native language (see hundefinedi [Languages], page hun-
definedi).
You can set a watchpoint on an expression even if the expression can not be evaluated yet.
For instance, you can set a watchpoint on ‘*global_ptr’ before ‘global_ptr’ is initialized.
gdb will stop when your program sets ‘global_ptr’ and the expression produces a valid
value. If the expression becomes valid in some other way than changing a variable (e.g. if
the memory pointed to by ‘*global_ptr’ becomes readable as the result of a malloc call),
gdb may not stop until the next time the expression changes.
Depending on your system, watchpoints may be implemented in software or hardware.
gdb does software watchpointing by single-stepping your program and testing the variable’s
50 Debugging with gdb
value each time, which is hundreds of times slower than normal execution. (But this may
still be worth it, to catch errors where you have no clue what part of your program is the
culprit.)
On some systems, such as HP-UX, PowerPC, gnu/Linux and most other x86-based tar-
gets, gdb includes support for hardware watchpoints, which do not slow down the running
of your program.
You can use catchpoints to cause the debugger to stop for certain kinds of program
events, such as C++ exceptions or the loading of a shared library. Use the catch command
to set a catchpoint.
catch event
Stop when event occurs. event can be any of the following:
throw The throwing of a C++ exception.
catch The catching of a C++ exception.
exception
An Ada exception being raised. If an exception name is specified
at the end of the command (eg catch exception Program_Error),
the debugger will stop only when this specific exception is raised.
Otherwise, the debugger stops execution when any Ada exception
is raised.
When inserting an exception catchpoint on a user-defined exception
whose name is identical to one of the exceptions defined by the lan-
guage, the fully qualified name must be used as the exception name.
Otherwise, gdb will assume that it should stop on the pre-defined
exception rather than the user-defined one. For instance, assum-
ing an exception called Constraint_Error is defined in package
Pck, then the command to use to catch such exceptions is catch
exception Pck.Constraint_Error.
exception unhandled
An exception that was raised but is not handled by the program.
assert A failed Ada assertion.
exec A call to exec. This is currently only available for HP-UX and
gnu/Linux.
Chapter 5: Stopping and Continuing 53
syscall
syscall [name | number ] ...
A call to or return from a system call, a.k.a. syscall. A syscall is a
mechanism for application programs to request a service from the
operating system (OS) or one of the OS system services. gdb can
catch some or all of the syscalls issued by the debuggee, and show
the related information for each syscall. If no argument is specified,
calls to and returns from all system calls will be caught.
name can be any system call name that is valid for the underlying
OS. Just what syscalls are valid depends on the OS. On GNU and
Unix systems, you can find the full list of valid syscall names on
‘/usr/include/asm/unistd.h’.
Normally, gdb knows in advance which syscalls are valid for each
OS, so you can use the gdb command-line completion facilities
(see hundefinedi [command completion], page hundefinedi) to list
the available choices.
You may also specify the system call numerically. A syscall’s num-
ber is the value passed to the OS’s syscall dispatcher to identify
the requested service. When you specify the syscall by its name,
gdb uses its database of syscalls to convert the name into the cor-
responding numeric code, but using the number directly may be
useful if gdb’s database does not have the complete list of syscalls
on your system (e.g., because gdb lags behind the OS upgrades).
The example below illustrates how this command works if you don’t
provide arguments to it:
(gdb) catch syscall
Catchpoint 1 (syscall)
(gdb) r
Starting program: /tmp/catch-syscall
0xffffe424 in __kernel_vsyscall ()
(gdb)
An example of specifying a system call numerically. In the case
below, the syscall number has a corresponding entry in the XML
file, so gdb finds its name and prints it:
(gdb) catch syscall 252
Catchpoint 1 (syscall(s) ’exit_group’)
(gdb) r
Starting program: /tmp/catch-syscall
tcatch event
Set a catchpoint that is enabled only for one stop. The catchpoint is automat-
ically deleted after the first time the event is caught.
Use the info break command to list the current catchpoints.
There are currently some limitations to C++ exception handling (catch throw and catch
catch) in gdb:
• If you call a function interactively, gdb normally returns control to you when the
function has finished executing. If the call raises an exception, however, the call may
bypass the mechanism that returns control to you and cause your program either to
abort or to simply continue running until it hits a breakpoint, catches a signal that gdb
is listening for, or exits. This is the case even if you set a catchpoint for the exception;
catchpoints on exceptions are disabled within interactive calls.
• You cannot raise an exception interactively.
• You cannot install an exception handler interactively.
Sometimes catch is not the best way to debug exception handling: if you need to know
exactly where an exception is raised, it is better to stop before the exception handler is
called, since that way you can see the stack before any unwinding takes place. If you set
a breakpoint in an exception handler instead, it may not be easy to find out where the
exception was raised.
To stop just before an exception handler is called, you need some knowledge of the
implementation. In the case of gnu C++, exceptions are raised by calling a library function
named __raise_exception which has the following ANSI C interface:
/* addr is where the exception identifier is stored.
id is the exception identifier. */
void __raise_exception (void **addr, void *id);
To make the debugger catch all exceptions before any stack unwinding takes place, set a
breakpoint on __raise_exception (see hundefinedi [Breakpoints; Watchpoints; and Ex-
ceptions], page hundefinedi).
With a conditional breakpoint (see hundefinedi [Break Conditions], page hundefinedi)
that depends on the value of id, you can stop your program when a specific exception is
raised. You can use multiple conditional breakpoints to stop your program when any of a
number of exceptions are raised.
clear Delete any breakpoints at the next instruction to be executed in the selected
stack frame (see hundefinedi [Selecting a Frame], page hundefinedi). When the
innermost frame is selected, this is a good way to delete a breakpoint where
your program just stopped.
clear location
Delete any breakpoints set at the specified location. See hundefinedi [Specify
Location], page hundefinedi, for the various forms of location; the most useful
ones are listed below:
clear function
clear filename :function
Delete any breakpoints set at entry to the named function.
clear linenum
clear filename :linenum
Delete any breakpoints set at or within the code of the specified
linenum of the specified filename.
Rather than deleting a breakpoint, watchpoint, or catchpoint, you might prefer to disable
it. This makes the breakpoint inoperative as if it had been deleted, but remembers the
information on the breakpoint so that you can enable it again later.
You disable and enable breakpoints, watchpoints, and catchpoints with the enable and
disable commands, optionally specifying one or more breakpoint numbers as arguments.
Use info break to print a list of all breakpoints, watchpoints, and catchpoints if you do
not know which numbers to use.
Disabling and enabling a breakpoint that has multiple locations affects all of its locations.
A breakpoint, watchpoint, or catchpoint can have any of four different states of enable-
ment:
• Enabled. The breakpoint stops your program. A breakpoint set with the break com-
mand starts out in this state.
• Disabled. The breakpoint has no effect on your program.
• Enabled once. The breakpoint stops your program, but then becomes disabled.
• Enabled for deletion. The breakpoint stops your program, but immediately after it
does so it is deleted permanently. A breakpoint set with the tbreak command starts
out in this state.
You can use the following commands to enable or disable breakpoints, watchpoints, and
catchpoints:
Chapter 5: Stopping and Continuing 57
The simplest sort of breakpoint breaks every time your program reaches a specified
place. You can also specify a condition for a breakpoint. A condition is just a Boolean
expression in your programming language (see hundefinedi [Expressions], page hundefinedi).
A breakpoint with a condition evaluates the expression each time your program reaches it,
and your program stops only if the condition is true.
This is the converse of using assertions for program validation; in that situation, you
want to stop when the assertion is violated—that is, when the condition is false. In C, if
you want to test an assertion expressed by the condition assert, you should set the condition
‘! assert ’ on the appropriate breakpoint.
Conditions are also accepted for watchpoints; you may not need them, since a watchpoint
is inspecting the value of an expression anyhow—but it might be simpler, say, to just set a
watchpoint on a variable name, and specify a condition that tests whether the new value is
an interesting one.
Break conditions can have side effects, and may even call functions in your program. This
can be useful, for example, to activate functions that log program progress, or to use your
own print functions to format special data structures. The effects are completely predictable
unless there is another enabled breakpoint at the same address. (In that case, gdb might
see the other breakpoint first and stop your program without checking the condition of
this one.) Note that breakpoint commands are usually more convenient and flexible than
break conditions for the purpose of performing side effects when a breakpoint is reached
(see hundefinedi [Breakpoint Command Lists], page hundefinedi).
58 Debugging with gdb
Break conditions can be specified when a breakpoint is set, by using ‘if’ in the arguments
to the break command. See hundefinedi [Setting Breakpoints], page hundefinedi. They can
also be changed at any time with the condition command.
You can also use the if keyword with the watch command. The catch command does
not recognize the if keyword; condition is the only way to impose a further condition on
a catchpoint.
condition bnum expression
Specify expression as the break condition for breakpoint, watchpoint, or catch-
point number bnum. After you set a condition, breakpoint bnum stops your
program only if the value of expression is true (nonzero, in C). When you
use condition, gdb checks expression immediately for syntactic correctness,
and to determine whether symbols in it have referents in the context of your
breakpoint. If expression uses symbols not referenced in the context of the
breakpoint, gdb prints an error message:
No symbol "foo" in current context.
gdb does not actually evaluate expression at the time the condition command
(or a command that sets a breakpoint with a condition, like break if ...) is
given, however. See hundefinedi [Expressions], page hundefinedi.
condition bnum
Remove the condition from breakpoint number bnum. It becomes an ordinary
unconditional breakpoint.
A special case of a breakpoint condition is to stop only when the breakpoint has been
reached a certain number of times. This is so useful that there is a special way to do it,
using the ignore count of the breakpoint. Every breakpoint has an ignore count, which is
an integer. Most of the time, the ignore count is zero, and therefore has no effect. But if
your program reaches a breakpoint whose ignore count is positive, then instead of stopping,
it just decrements the ignore count by one and continues. As a result, if the ignore count
value is n, the breakpoint does not stop the next n times your program reaches it.
ignore bnum count
Set the ignore count of breakpoint number bnum to count. The next count
times the breakpoint is reached, your program’s execution does not stop; other
than to decrement the ignore count, gdb takes no action.
To make the breakpoint stop the next time it is reached, specify a count of zero.
When you use continue to resume execution of your program from a break-
point, you can specify an ignore count directly as an argument to continue,
rather than using ignore. See hundefinedi [Continuing and Stepping], page hun-
definedi.
If a breakpoint has a positive ignore count and a condition, the condition is
not checked. Once the ignore count reaches zero, gdb resumes checking the
condition.
You could achieve the effect of the ignore count with a condition such as
‘$foo-- <= 0’ using a debugger convenience variable that is decremented each
time. See hundefinedi [Convenience Variables], page hundefinedi.
Ignore counts apply to breakpoints, watchpoints, and catchpoints.
Chapter 5: Stopping and Continuing 59
You can give any breakpoint (or watchpoint or catchpoint) a series of commands to
execute when your program stops due to that breakpoint. For example, you might want to
print the values of certain expressions, or enable other breakpoints.
commands [range ...]
... command-list ...
end Specify a list of commands for the given breakpoints. The commands themselves
appear on the following lines. Type a line containing just end to terminate the
commands.
To remove all commands from a breakpoint, type commands and follow it im-
mediately with end; that is, give no commands.
With no argument, commands refers to the last breakpoint, watchpoint, or catch-
point set (not to the breakpoint most recently encountered). If the most recent
breakpoints were set with a single command, then the commands will apply
to all the breakpoints set by that command. This applies to breakpoints set
by rbreak, and also applies when a single break command creates multiple
breakpoints (see hundefinedi [Ambiguous Expressions], page hundefinedi).
Pressing hRETi as a means of repeating the last gdb command is disabled within a
command-list.
You can use breakpoint commands to start your program up again. Simply use the
continue command, or step, or any other command that resumes execution.
Any other commands in the command list, after a command that resumes execution, are
ignored. This is because any time you resume execution (even with a simple next or step),
you may encounter another breakpoint—which could have its own command list, leading
to ambiguities about which list to execute.
If the first command you specify in a command list is silent, the usual message about
stopping at a breakpoint is not printed. This may be desirable for breakpoints that are
to print a specific message and then continue. If none of the remaining commands print
anything, you see no sign that the breakpoint was reached. silent is meaningful only at
the beginning of a breakpoint command list.
The commands echo, output, and printf allow you to print precisely controlled out-
put, and are often useful in silent breakpoints. See hundefinedi [Commands for Controlled
Output], page hundefinedi.
For example, here is how you could use breakpoint commands to print the value of x at
entry to foo whenever x is positive.
break foo if x>0
commands
silent
printf "x is %d\n",x
cont
end
One application for breakpoint commands is to compensate for one bug so you can test
for another. Put a breakpoint just after the erroneous line of code, give it a condition
to detect the case in which something erroneous has been done, and give it commands to
60 Debugging with gdb
assign correct values to any variables that need them. End with the continue command so
that your program does not stop, and start with the silent command so that no output
is produced. Here is an example:
break 403
commands
silent
set x = y + 4
cont
end
If you request too many active hardware-assisted breakpoints and watchpoints, you will
see this error message:
Stopped; cannot insert breakpoints.
You may have requested too many hardware breakpoints and watchpoints.
This message is printed when you attempt to resume the program, since only then gdb
knows exactly how many hardware breakpoints and watchpoints it needs to insert.
When this message is printed, you need to disable or remove some of the hardware-
assisted breakpoints and watchpoints, and then continue.
such a bundle to the instruction with the lowest address. gdb honors this constraint by
adjusting a breakpoint’s address to the first in the bundle.
It is not uncommon for optimized code to have bundles which contain instructions from
different source statements, thus it may happen that a breakpoint’s address will be adjusted
from one source statement to another. Since this adjustment may significantly alter gdb’s
breakpoint related behavior from what the user expects, a warning is printed when the
breakpoint is first set and also when the breakpoint is hit.
A warning like the one below is printed when setting a breakpoint that’s been subject
to address adjustment:
warning: Breakpoint address adjusted from 0x00010414 to 0x00010410.
Such warnings are printed both for user settable and gdb’s internal breakpoints. If you
see one of these warnings, you should verify that a breakpoint set at the adjusted address
will have the desired affect. If not, the breakpoint in question may be removed and other
breakpoints may be set which will have the desired behavior. E.g., it may be sufficient to
place the breakpoint at a later instruction. A conditional breakpoint may also be useful in
some cases to prevent the breakpoint from triggering too often.
gdb will also issue a warning when stopping at one of these adjusted breakpoints:
warning: Breakpoint 1 address previously adjusted from 0x00010414
to 0x00010410.
When this warning is encountered, it may be too late to take remedial action except in
cases where the breakpoint is hit earlier or more frequently than expected.
Continuing means resuming program execution until your program completes normally.
In contrast, stepping means executing just one more “step” of your program, where “step”
may mean either one line of source code, or one machine instruction (depending on what
particular command you use). Either when continuing or when stepping, your program
may stop even sooner, due to a breakpoint or a signal. (If it stops due to a signal, you
may want to use handle, or use ‘signal 0’ to resume execution. See hundefinedi [Signals],
page hundefinedi.)
continue [ignore-count ]
c [ignore-count ]
fg [ignore-count ]
Resume program execution, at the address where your program last stopped;
any breakpoints set at that address are bypassed. The optional argument
ignore-count allows you to specify a further number of times to ignore a break-
point at this location; its effect is like that of ignore (see hundefinedi [Break
Conditions], page hundefinedi).
The argument ignore-count is meaningful only when your program stopped due
to a breakpoint. At other times, the argument to continue is ignored.
The synonyms c and fg (for foreground, as the debugged program is deemed
to be the foreground program) are provided purely for convenience, and have
exactly the same behavior as continue.
62 Debugging with gdb
To resume execution at a different place, you can use return (see hundefinedi [Returning
from a Function], page hundefinedi) to go back to the calling function; or jump (see hunde-
finedi [Continuing at a Different Address], page hundefinedi) to go to an arbitrary location
in your program.
A typical technique for using stepping is to set a breakpoint (see hundefinedi [Break-
points; Watchpoints; and Catchpoints], page hundefinedi) at the beginning of the function
or the section of your program where a problem is believed to lie, run your program until it
stops at that breakpoint, and then step through the suspect area, examining the variables
that are interesting, until you see the problem happen.
step Continue running your program until control reaches a different source line,
then stop it and return control to gdb. This command is abbreviated s.
Warning: If you use the step command while control is within
a function that was compiled without debugging information, ex-
ecution proceeds until control reaches a function that does have
debugging information. Likewise, it will not step into a function
which is compiled without debugging information. To step through
functions without debugging information, use the stepi command,
described below.
The step command only stops at the first instruction of a source line. This pre-
vents the multiple stops that could otherwise occur in switch statements, for
loops, etc. step continues to stop if a function that has debugging information
is called within the line. In other words, step steps inside any functions called
within the line.
Also, the step command only enters a function if there is line number infor-
mation for the function. Otherwise it acts like the next command. This avoids
problems when using cc -gl on MIPS machines. Previously, step entered sub-
routines if there was any debugging information about the routine.
step count
Continue running as in step, but do so count times. If a breakpoint is reached,
or a signal not related to stepping occurs before count steps, stepping stops
right away.
next [count ]
Continue to the next source line in the current (innermost) stack frame. This
is similar to step, but function calls that appear within the line of code are
executed without stopping. Execution stops when control reaches a different
line of code at the original stack level that was executing when you gave the
next command. This command is abbreviated n.
An argument count is a repeat count, as for step.
The next command only stops at the first instruction of a source line. This
prevents multiple stops that could otherwise occur in switch statements, for
loops, etc.
Chapter 5: Stopping and Continuing 63
set step-mode
set step-mode on
The set step-mode on command causes the step command to stop at the first
instruction of a function which contains no debug line information rather than
stepping over it.
This is useful in cases where you may be interested in inspecting the machine
instructions of a function which has no symbolic info and do not want gdb to
automatically skip over this function.
set step-mode off
Causes the step command to step over any functions which contains no debug
information. This is the default.
show step-mode
Show whether gdb will stop in or step over functions without source line debug
information.
finish Continue running until just after function in the selected stack frame returns.
Print the returned value (if any). This command can be abbreviated as fin.
Contrast this with the return command (see hundefinedi [Returning from a
Function], page hundefinedi).
until
u Continue running until a source line past the current line, in the current stack
frame, is reached. This command is used to avoid single stepping through a loop
more than once. It is like the next command, except that when until encoun-
ters a jump, it automatically continues execution until the program counter is
greater than the address of the jump.
This means that when you reach the end of a loop after single stepping though
it, until makes your program continue execution until it exits the loop. In con-
trast, a next command at the end of a loop simply steps back to the beginning
of the loop, which forces you to step through the next iteration.
until always stops your program if it attempts to exit the current stack frame.
until may produce somewhat counterintuitive results if the order of machine
code does not match the order of the source lines. For example, in the following
excerpt from a debugging session, the f (frame) command shows that execution
is stopped at line 206; yet when we use until, we get to line 195:
(gdb) f
#0 main (argc=4, argv=0xf7fffae8) at m4.c:206
206 expand_input();
(gdb) until
195 for ( ; argc > 0; NEXTARG) {
This happened because, for execution efficiency, the compiler had generated
code for the loop closure test at the end, rather than the start, of the loop—
even though the test in a C for-loop is written before the body of the loop.
The until command appeared to step back to the beginning of the loop when
it advanced to this expression; however, it has not really gone to an earlier
statement—not in terms of the actual machine code.
64 Debugging with gdb
5.3 Signals
A signal is an asynchronous event that can happen in a program. The operating system
defines the possible kinds of signals, and gives each kind a name and a number. For example,
in Unix SIGINT is the signal a program gets when you type an interrupt character (often
Chapter 5: Stopping and Continuing 65
Ctrl-c); SIGSEGV is the signal a program gets from referencing a place in memory far
away from all the areas in use; SIGALRM occurs when the alarm clock timer goes off (which
happens only if your program has requested an alarm).
Some signals, including SIGALRM, are a normal part of the functioning of your program.
Others, such as SIGSEGV, indicate errors; these signals are fatal (they kill your program
immediately) if the program has not specified in advance some other way to handle the
signal. SIGINT does not indicate an error in your program, but it is normally fatal so it can
carry out the purpose of the interrupt: to kill the program.
gdb has the ability to detect any occurrence of a signal in your program. You can tell
gdb in advance what to do for each kind of signal.
Normally, gdb is set up to let the non-erroneous signals like SIGALRM be silently passed
to your program (so as not to interfere with their role in the program’s functioning) but to
stop your program immediately whenever an error signal happens. You can change these
settings with the handle command.
info signals
info handle
Print a table of all the kinds of signals and how gdb has been told to handle
each one. You can use this to see the signal numbers of all the defined types of
signals.
info signals sig
Similar, but print information only about the specified signal number.
info handle is an alias for info signals.
handle signal [keywords ...]
Change the way gdb handles signal signal. signal can be the number of a
signal or its name (with or without the ‘SIG’ at the beginning); a list of signal
numbers of the form ‘low-high ’; or the word ‘all’, meaning all the known
signals. Optional arguments keywords, described below, say what change to
make.
The keywords allowed by the handle command can be abbreviated. Their full names
are:
nostop gdb should not stop your program when this signal happens. It may still print
a message telling you that the signal has come in.
stop gdb should stop your program when this signal happens. This implies the
print keyword as well.
print gdb should print a message when this signal happens.
noprint gdb should not mention the occurrence of the signal at all. This implies the
nostop keyword as well.
pass
noignore gdb should allow your program to see this signal; your program can handle the
signal, or else it may terminate if the signal is fatal and not handled. pass and
noignore are synonyms.
66 Debugging with gdb
nopass
ignore gdb should not allow your program to see this signal. nopass and ignore are
synonyms.
When a signal stops your program, the signal is not visible to the program until you
continue. Your program sees the signal then, if pass is in effect for the signal in question
at that time. In other words, after gdb reports a signal, you can use the handle command
with pass or nopass to control whether your program sees that signal when you continue.
The default is set to nostop, noprint, pass for non-erroneous signals such as SIGALRM,
SIGWINCH and SIGCHLD, and to stop, print, pass for the erroneous signals.
You can also use the signal command to prevent your program from seeing a signal, or
cause it to see a signal it normally would not see, or to give it any signal at any time. For
example, if your program stopped due to some sort of memory reference error, you might
store correct values into the erroneous variables and continue, hoping to see more execution;
but your program would probably terminate immediately as a result of the fatal signal once
it saw the signal. To prevent this, you can continue with ‘signal 0’. See hundefinedi
[Giving your Program a Signal], page hundefinedi.
On some targets, gdb can inspect extra signal information associated with the inter-
cepted signal, before it is actually delivered to the program being debugged. This informa-
tion is exported by the convenience variable $_siginfo, and consists of data that is passed
by the kernel to the signal handler at the time of the receipt of a signal. The data type of
the information itself is target dependent. You can see the data type using the ptype $_
siginfo command. On Unix systems, it typically corresponds to the standard siginfo_t
type, as defined in the ‘signal.h’ system header.
Here’s an example, on a gnu/Linux system, printing the stray referenced address that
raised a segmentation fault.
(gdb) continue
Program received signal SIGSEGV, Segmentation fault.
0x0000000000400766 in main ()
69 *(int *)p = 0;
(gdb) ptype $_siginfo
type = struct {
int si_signo;
int si_errno;
int si_code;
union {
int _pad[28];
struct {...} _kill;
struct {...} _timer;
struct {...} _rt;
struct {...} _sigchld;
struct {...} _sigfault;
struct {...} _sigpoll;
} _sifields;
}
(gdb) ptype $_siginfo._sifields._sigfault
type = struct {
void *si_addr;
}
(gdb) p $_siginfo._sifields._sigfault.si_addr
$1 = (void *) 0x7ffff7ff7000
Depending on target support, $_siginfo may also be writable.
Chapter 5: Stopping and Continuing 67
gdb supports debugging programs with multiple threads (see hundefinedi [Debugging
Programs with Multiple Threads], page hundefinedi). There are two modes of controlling
execution of your program within the debugger. In the default mode, referred to as all-stop
mode, when any thread in your program stops (for example, at a breakpoint or while being
stepped), all other threads in the program are also stopped by gdb. On some targets, gdb
also supports non-stop mode, in which other threads can continue to run freely while you
examine the stopped thread in the debugger.
In all-stop mode, whenever your program stops under gdb for any reason, all threads
of execution stop, not just the current thread. This allows you to examine the overall state
of the program, including switching between threads, without worrying that things may
change underfoot.
Conversely, whenever you restart the program, all threads start executing. This is true
even when single-stepping with commands like step or next.
In particular, gdb cannot single-step all threads in lockstep. Since thread scheduling
is up to your debugging target’s operating system (not controlled by gdb), other threads
may execute more than one statement while the current thread completes a single step.
Moreover, in general other threads stop in the middle of a statement, rather than at a clean
statement boundary, when the program stops.
You might even find your program stopped in another thread after continuing or even
single-stepping. This happens whenever some other thread runs into a breakpoint, a signal,
or an exception before the first thread completes whatever you requested.
Whenever gdb stops your program, due to a breakpoint or a signal, it automatically
selects the thread where that breakpoint or signal happened. gdb alerts you to the context
switch with a message such as ‘[Switching to Thread n ]’ to identify the thread.
On some OSes, you can modify gdb’s default behavior by locking the OS scheduler to
allow only a single thread to run.
set scheduler-locking mode
Set the scheduler locking mode. If it is off, then there is no locking and any
thread may run at any time. If on, then only the current thread may run when
the inferior is resumed. The step mode optimizes for single-stepping; it prevents
other threads from preempting the current thread while you are stepping, so
that the focus of debugging does not change unexpectedly. Other threads only
rarely (or never) get a chance to run when you step. They are more likely to
run when you ‘next’ over a function call, and they are completely free to run
when you use commands like ‘continue’, ‘until’, or ‘finish’. However, unless
another thread hits a breakpoint during its timeslice, gdb does not change the
current thread away from the thread that you are debugging.
show scheduler-locking
Display the current scheduler locking mode.
68 Debugging with gdb
By default, when you issue one of the execution commands such as continue, next
or step, gdb allows only threads of the current inferior to run. For example, if gdb is
attached to two inferiors, each with two threads, the continue command resumes only the
two threads of the current inferior. This is useful, for example, when you debug a program
that forks and you want to hold the parent stopped (so that, for instance, it doesn’t run to
exit), while you debug the child. In other situations, you may not be interested in inspecting
the current state of any of the processes gdb is attached to, and you may want to resume
them all until some breakpoint is hit. In the latter case, you can instruct gdb to allow all
threads of all the inferiors to run with the set schedule-multiple command.
set schedule-multiple
Set the mode for allowing threads of multiple processes to be resumed when an
execution command is issued. When on, all threads of all processes are allowed
to run. When off, only the threads of the current process are resumed. The
default is off. The scheduler-locking mode takes precedence when set to
on, or while you are stepping and set to step.
show schedule-multiple
Display the current mode for resuming the execution of threads of multiple
processes.
For some multi-threaded targets, gdb supports an optional mode of operation in which
you can examine stopped program threads in the debugger while other threads continue to
execute freely. This minimizes intrusion when debugging live systems, such as programs
where some threads have real-time constraints or must continue to respond to external
events. This is referred to as non-stop mode.
In non-stop mode, when a thread stops to report a debugging event, only that thread is
stopped; gdb does not stop other threads as well, in contrast to the all-stop mode behavior.
Additionally, execution commands such as continue and step apply by default only to
the current thread in non-stop mode, rather than all threads as in all-stop mode. This
allows you to control threads explicitly in ways that are not possible in all-stop mode — for
example, stepping one thread while allowing others to run freely, stepping one thread while
holding all others stopped, or stepping several threads independently and simultaneously.
To enter non-stop mode, use this sequence of commands before you run or attach to
your program:
# Enable the async interface.
set target-async 1
gdb’s execution commands have two variants: the normal foreground (synchronous)
behavior, and a background (asynchronous) behavior. In foreground execution, gdb waits
for the program to report that some thread has stopped before prompting for another
command. In background execution, gdb immediately gives a command prompt so that
you can issue other commands while your program runs.
You need to explicitly enable asynchronous mode before you can use background ex-
ecution commands. You can use these commands to manipulate the asynchronous mode
setting:
set target-async on
Enable asynchronous mode.
set target-async off
Disable asynchronous mode.
70 Debugging with gdb
show target-async
Show the current target-async setting.
If the target doesn’t support async mode, gdb issues an error message if you attempt
to use the background execution commands.
To specify background execution, add a & to the command. For example, the background
form of the continue command is continue&, or just c&. The execution commands that
accept background execution are:
run See hundefinedi [Starting your Program], page hundefinedi.
attach See hundefinedi [Debugging an Already-running Process], page hundefinedi.
step See hundefinedi [Continuing and Stepping], page hundefinedi.
stepi See hundefinedi [Continuing and Stepping], page hundefinedi.
next See hundefinedi [Continuing and Stepping], page hundefinedi.
nexti See hundefinedi [Continuing and Stepping], page hundefinedi.
continue See hundefinedi [Continuing and Stepping], page hundefinedi.
finish See hundefinedi [Continuing and Stepping], page hundefinedi.
until See hundefinedi [Continuing and Stepping], page hundefinedi.
Background execution is especially useful in conjunction with non-stop mode for debug-
ging programs with multiple threads; see hundefinedi [Non-Stop Mode], page hundefinedi.
However, you can also use these commands in the normal all-stop mode with the restriction
that you cannot issue another execution command until the previous one finishes. Examples
of commands that are valid in all-stop mode while the program is running include help and
info break.
You can interrupt your program while it is running in the background by using the
interrupt command.
interrupt
interrupt -a
Suspend execution of the running program. In all-stop mode, interrupt stops
the whole process, but in non-stop mode, it stops only the current thread. To
stop the whole program in non-stop mode, use interrupt -a.
When your program has multiple threads (see hundefinedi [Debugging Programs with
Multiple Threads], page hundefinedi), you can choose whether to set breakpoints on all
threads, or on a particular thread.
break linespec thread threadno
break linespec thread threadno if ...
linespec specifies source lines; there are several ways of writing them (see hunde-
finedi [Specify Location], page hundefinedi), but the effect is always to specify
some source line.
Chapter 5: Stopping and Continuing 71
There is an unfortunate side effect when using gdb to debug multi-threaded programs. If
one thread stops for a breakpoint, or for some other reason, and another thread is blocked
in a system call, then the system call may return prematurely. This is a consequence
of the interaction between multiple threads and the signals that gdb uses to implement
breakpoints and other events that stop execution.
To handle this problem, your program should check the return value of each system call
and react appropriately. This is good programming style anyways.
For example, do not write code like this:
sleep (10);
The call to sleep will return early if a different thread stops at a breakpoint or for some
other reason.
Instead, write this:
int unslept = 10;
while (unslept > 0)
unslept = sleep (unslept);
A system call is allowed to return early, so the system is still conforming to its specifica-
tion. But gdb does cause your multi-threaded program to behave differently than it would
without gdb.
Also, gdb uses internal breakpoints in the thread library to monitor certain events such
as thread creation and thread destruction. When such an event happens, a system call
in another thread may return prematurely, even though your program does not appear to
stop.
If you want to build on non-stop mode and observe program behavior without any
chance of disruption by gdb, you can set variables to disable all of the debugger’s attempts
to modify state, whether by writing memory, inserting breakpoints, etc. These operate at
a low level, intercepting operations from all commands.
When all of these are set to off, then gdb is said to be observer mode. As a convenience,
the variable observer can be set to disable these, plus enable non-stop mode.
72 Debugging with gdb
Note that gdb will not prevent you from making nonsensical combinations of these
settings. For instance, if you have enabled may-insert-breakpoints but disabled may-
write-memory, then breakpoints that work by writing trap instructions into the code stream
will still not be able to be placed.
set observer on
set observer off
When set to on, this disables all the permission variables below (except for
insert-fast-tracepoints), plus enables non-stop debugging. Setting this to
off switches back to normal debugging, though remaining in non-stop mode.
show observer
Show whether observer mode is on or off.
set may-write-registers on
set may-write-registers off
This controls whether gdb will attempt to alter the values of registers, such as
with assignment expressions in print, or the jump command. It defaults to on.
show may-write-registers
Show the current permission to write registers.
set may-write-memory on
set may-write-memory off
This controls whether gdb will attempt to alter the contents of memory, such
as with assignment expressions in print. It defaults to on.
show may-write-memory
Show the current permission to write memory.
set may-insert-breakpoints on
set may-insert-breakpoints off
This controls whether gdb will attempt to insert breakpoints. This affects all
breakpoints, including internal breakpoints defined by gdb. It defaults to on.
show may-insert-breakpoints
Show the current permission to insert breakpoints.
set may-insert-tracepoints on
set may-insert-tracepoints off
This controls whether gdb will attempt to insert (regular) tracepoints at the
beginning of a tracing experiment. It affects only non-fast tracepoints, fast tra-
cepoints being under the control of may-insert-fast-tracepoints. It defaults
to on.
show may-insert-tracepoints
Show the current permission to insert tracepoints.
set may-insert-fast-tracepoints on
set may-insert-fast-tracepoints off
This controls whether gdb will attempt to insert fast tracepoints at the begin-
ning of a tracing experiment. It affects only fast tracepoints, regular (non-fast)
tracepoints being under the control of may-insert-tracepoints. It defaults
to on.
Chapter 5: Stopping and Continuing 73
show may-insert-fast-tracepoints
Show the current permission to insert fast tracepoints.
set may-interrupt on
set may-interrupt off
This controls whether gdb will attempt to interrupt or stop program execution.
When this variable is off, the interrupt command will have no effect, nor will
Ctrl-c. It defaults to on.
show may-interrupt
Show the current permission to interrupt or stop the program.
74 Debugging with gdb
Chapter 6: Running programs backward 75
reverse-continue [ignore-count ]
rc [ignore-count ]
Beginning at the point where your program last stopped, start executing in
reverse. Reverse execution will stop for breakpoints and synchronous exceptions
(signals), just like normal execution. Behavior of asynchronous signals depends
on the target environment.
reverse-step [count ]
Run the program backward until control reaches the start of a different source
line; then stop it, and return control to gdb.
Like the step command, reverse-step will only stop at the beginning of a
source line. It “un-executes” the previously executed source line. If the pre-
vious source line included calls to debuggable functions, reverse-step will
step (backward) into the called function, stopping at the beginning of the last
statement in the called function (typically a return statement).
Also, as with the step command, if non-debuggable functions are called,
reverse-step will run thru them backward without stopping.
reverse-stepi [count ]
Reverse-execute one machine instruction. Note that the instruction to be
reverse-executed is not the one pointed to by the program counter, but the
1
Note that some side effects are easier to undo than others. For instance, memory and registers are
relatively easy, but device I/O is hard. Some targets may be able undo things like device I/O, and some
may not.
The contract between gdb and the reverse executing target requires only that the target do something
reasonable when gdb tells it to execute backwards, and then report the results back to gdb. Whatever
the target reports back to gdb, gdb will report back to the user. gdb assumes that the memory and
registers that the target reports are in a consistant state, but gdb accepts whatever it is given.
76 Debugging with gdb
instruction executed prior to that one. For instance, if the last instruction was
a jump, reverse-stepi will take you back from the destination of the jump to
the jump instruction itself.
reverse-next [count ]
Run backward to the beginning of the previous line executed in the current
(innermost) stack frame. If the line contains function calls, they will be “un-
executed” without stopping. Starting from the first line of a function, reverse-
next will take you back to the caller of that function, before the function was
called, just as the normal next command would take you from the last line of
a function back to its return to its caller2 .
reverse-nexti [count ]
Like nexti, reverse-nexti executes a single instruction in reverse, except
that called functions are “un-executed” atomically. That is, if the previously
executed instruction was a return from another function, reverse-nexti will
continue to execute in reverse until the call to that function (from the current
stack frame) is reached.
reverse-finish
Just as the finish command takes you to the point where the current function
returns, reverse-finish takes you to the point where it was called. Instead
of ending up at the end of the current function invocation, you end up at the
beginning.
set exec-direction
Set the direction of target execution.
set exec-direction reverse
gdb will perform all execution commands in reverse, until the exec-direction
mode is changed to “forward”. Affected commands include step, stepi,
next, nexti, continue, and finish. The return command cannot be used
in reverse mode.
set exec-direction forward
gdb will perform all execution commands in the normal fashion. This is the
default.
2
Unless the code is too heavily optimized.
Chapter 7: Recording Inferior’s Execution and Replaying It 77
that would have been recorded. In other words, if you record for a while and
then stop recording, the inferior process will be left in the same state as if the
recording never happened.
On the other hand, if the process record and replay target is stopped while in
replay mode (that is, not at the end of the execution log, but at some earlier
point), the inferior process will become “live” at that earlier state, and it will
then be possible to continue the usual “live” debugging of the process from that
state.
When the inferior process exits, or gdb detaches from it, process record and
replay target will automatically stop itself.
record save filename
Save the execution log to a file ‘filename ’. Default filename is
‘gdb_record.process_id ’, where process id is the process ID of the inferior.
record restore filename
Restore the execution log from a file ‘filename ’. File must have been created
with record save.
set record insn-number-max limit
Set the limit of instructions to be recorded. Default value is 200000.
If limit is a positive number, then gdb will start deleting instructions from the
log once the number of the record instructions becomes greater than limit. For
every new recorded instruction, gdb will delete the earliest recorded instruc-
tion to keep the number of recorded instructions at the limit. (Since deleting
recorded instructions loses information, gdb lets you control what happens
when the limit is reached, by means of the stop-at-limit option, described
below.)
If limit is zero, gdb will never delete recorded instructions from the execution
log. The number of recorded instructions is unlimited in this case.
show record insn-number-max
Show the limit of instructions to be recorded.
set record stop-at-limit
Control the behavior when the number of recorded instructions reaches the
limit. If ON (the default), gdb will stop when the limit is reached for the first
time and ask you whether you want to stop the inferior or continue running it
and recording the execution log. If you decide to continue recording, each new
recorded instruction will cause the oldest one to be deleted.
If this option is OFF, gdb will automatically delete the oldest record to make
room for each new one, without asking.
show record stop-at-limit
Show the current setting of stop-at-limit.
set record memory-query
Control the behavior when gdb is unable to record memory changes caused by
an instruction. If ON, gdb will query whether to stop the inferior in that case.
Chapter 7: Recording Inferior’s Execution and Replaying It 79
If this option is OFF (the default), gdb will automatically ignore the effect of
such instructions on memory. Later, when gdb replays this execution log, it
will mark the log of this instruction as not accessible, and it will not affect the
replay results.
show record memory-query
Show the current setting of memory-query.
info record
Show various statistics about the state of process record and its in-memory
execution log buffer, including:
• Whether in record mode or replay mode.
• Lowest recorded instruction number (counting from when the current exe-
cution log started recording instructions).
• Highest recorded instruction number.
• Current instruction about to be replayed (if in replay mode).
• Number of instructions contained in the execution log.
• Maximum number of instructions that may be contained in the execution
log.
record delete
When record target runs in replay mode (“in the past”), delete the subsequent
execution log and begin to record a new execution log starting from the current
address. This means you will abandon the previously recorded “future” and
begin recording a new “future”.
80 Debugging with gdb
Chapter 8: Examining the Stack 81
The call stack is divided up into contiguous pieces called stack frames, or frames for
short; each frame is the data associated with one call to one function. The frame contains
the arguments given to the function, the function’s local variables, and the address at which
the function is executing.
When your program is started, the stack has only one frame, that of the function main.
This is called the initial frame or the outermost frame. Each time a function is called, a
new frame is made. Each time a function returns, the frame for that function invocation
is eliminated. If a function is recursive, there can be many frames for the same function.
The frame for the function in which execution is actually occurring is called the innermost
frame. This is the most recently created of all the stack frames that still exist.
Inside your program, stack frames are identified by their addresses. A stack frame
consists of many bytes, each of which has its own address; each kind of computer has a
convention for choosing one byte whose address serves as the address of the frame. Usually
this address is kept in a register called the frame pointer register (see hundefinedi [Registers],
page hundefinedi) while execution is going on in that frame.
gdb assigns numbers to all existing stack frames, starting with zero for the innermost
frame, one for the frame that called it, and so on upward. These numbers do not really
exist in your program; they are assigned by gdb to give you a way of designating stack
frames in gdb commands.
Some compilers provide a way to compile functions so that they operate without stack
frames. (For example, the gcc option
‘-fomit-frame-pointer’
82 Debugging with gdb
generates functions without a frame.) This is occasionally done with heavily used li-
brary functions to save the frame setup time. gdb has limited facilities for dealing with
these function invocations. If the innermost function invocation has no stack frame, gdb
nevertheless regards it as though it had a separate frame, which is numbered zero as usual,
allowing correct tracing of the function call chain. However, gdb has no provision for
frameless functions elsewhere in the stack.
frame args
The frame command allows you to move from one stack frame to another, and
to print the stack frame you select. args may be either the address of the frame
or the stack frame number. Without an argument, frame prints the current
stack frame.
select-frame
The select-frame command allows you to move from one stack frame to an-
other without printing the frame. This is the silent version of frame.
8.2 Backtraces
A backtrace is a summary of how your program got where it is. It shows one line per
frame, for many frames, starting with the currently executing frame (frame zero), followed
by its caller (frame one), and on up the stack.
backtrace
bt Print a backtrace of the entire stack: one line per frame for all frames in the
stack.
You can stop the backtrace at any time by typing the system interrupt charac-
ter, normally Ctrl-c.
backtrace n
bt n Similar, but print only the innermost n frames.
backtrace -n
bt -n Similar, but print only the outermost n frames.
backtrace full
bt full
bt full n
bt full -n
Print the values of the local variables also. n specifies the number of frames to
print, as described above.
The names where and info stack (abbreviated info s) are additional aliases for
backtrace.
In a multi-threaded program, gdb by default shows the backtrace only for the current
thread. To display the backtrace for several or all of the threads, use the command thread
apply (see hundefinedi [Threads], page hundefinedi). For example, if you type thread
apply all backtrace, gdb will display the backtrace for all the threads; this is handy
when you debug a core dump of a multi-threaded program.
Chapter 8: Examining the Stack 83
Each line in the backtrace shows the frame number and the function name. The program
counter value is also shown—unless you use set print address off. The backtrace also
shows the source file name and line number, as well as the arguments to the function. The
program counter value is omitted if it is at the beginning of the code for that line number.
Here is an example of a backtrace. It was made with the command ‘bt 3’, so it shows
the innermost three frames.
#0 m4_traceon (obs=0x24eb0, argc=1, argv=0x2b8c8)
at builtin.c:993
#1 0x6e38 in expand_macro (sym=0x2b600, data=...) at macro.c:242
#2 0x6840 in expand_token (obs=0x0, t=177664, td=0xf7fffb08)
at macro.c:71
(More stack frames follow...)
The display for frame zero does not begin with a program counter value, indicating that
your program has stopped at the beginning of the code for line 993 of builtin.c.
The value of parameter data in frame 1 has been replaced by .... By default, gdb prints
the value of a parameter only if it is a scalar (integer, pointer, enumeration, etc). See
command set print frame-arguments in hundefinedi [Print Settings], page hundefinedi
for more details on how to configure the way function parameter values are printed.
If your program was compiled with optimizations, some compilers will optimize away
arguments passed to functions if those arguments are never used after the call. Such opti-
mizations generate code that passes arguments through registers, but doesn’t store those
arguments in the stack frame. gdb has no way of displaying such arguments in stack frames
other than the innermost one. Here’s what such a backtrace might look like:
#0 m4_traceon (obs=0x24eb0, argc=1, argv=0x2b8c8)
at builtin.c:993
#1 0x6e38 in expand_macro (sym=<optimized out>) at macro.c:242
#2 0x6840 in expand_token (obs=0x0, t=<optimized out>, td=0xf7fffb08)
at macro.c:71
(More stack frames follow...)
The values of arguments that were not saved in their stack frames are shown as ‘<optimized
out>’.
If you need to display the values of such optimized-out arguments, either deduce that
from other variables whose values depend on the one you are interested in, or recompile
without optimizations.
Most programs have a standard user entry point—a place where system libraries and
startup code transition into user code. For C this is main1 . When gdb finds the entry
function in a backtrace it will terminate the backtrace, to avoid tracing into highly system-
specific (and generally uninteresting) code.
If you need to examine the startup code, or limit the number of levels in a backtrace,
you can change this behavior:
set backtrace past-main
set backtrace past-main on
Backtraces will continue past the user entry point.
1
Note that embedded programs (the so-called “free-standing” environment) are not required to have a
main function as the entry point. They could even have multiple entry points.
84 Debugging with gdb
Most commands for examining the stack and other data in your program work on
whichever stack frame is selected at the moment. Here are the commands for selecting
a stack frame; all of them finish by printing a brief description of the stack frame just
selected.
frame n
fn Select frame number n. Recall that frame zero is the innermost (currently
executing) frame, frame one is the frame that called the innermost one, and so
on. The highest-numbered frame is the one for main.
frame addr
f addr Select the frame at address addr. This is useful mainly if the chaining of stack
frames has been damaged by a bug, making it impossible for gdb to assign
numbers properly to all frames. In addition, this can be useful when your
program has multiple stacks and switches between them.
On the SPARC architecture, frame needs two addresses to select an arbitrary
frame: a frame pointer and a stack pointer.
On the MIPS and Alpha architecture, it needs two addresses: a stack pointer
and a program counter.
On the 29k architecture, it needs three addresses: a register stack pointer, a
program counter, and a memory stack pointer.
Chapter 8: Examining the Stack 85
up n Move n frames up the stack. For positive numbers n, this advances toward the
outermost frame, to higher frame numbers, to frames that have existed longer.
n defaults to one.
down n Move n frames down the stack. For positive numbers n, this advances toward
the innermost frame, to lower frame numbers, to frames that were created more
recently. n defaults to one. You may abbreviate down as do.
All of these commands end by printing two lines of output describing the frame. The
first line shows the frame number, the function name, the arguments, and the source file
and line number of execution in that frame. The second line shows the text of that source
line.
For example:
(gdb) up
#1 0x22f0 in main (argc=1, argv=0xf7fffbf4, env=0xf7fffbfc)
at env.c:10
10 read_input_file (argv[i]);
After such a printout, the list command with no arguments prints ten lines centered on
the point of execution in the frame. You can also edit the program at the point of execution
with your favorite editing program by typing edit. See hundefinedi [Printing Source Lines],
page hundefinedi, for details.
up-silently n
down-silently n
These two commands are variants of up and down, respectively; they differ in
that they do their work silently, without causing display of the new frame. They
are intended primarily for use in gdb command scripts, where the output might
be unnecessary and distracting.
There are several other commands to print information about the selected stack frame.
frame
f When used without any argument, this command does not change which frame
is selected, but prints a brief description of the currently selected stack frame.
It can be abbreviated f. With an argument, this command is used to select a
stack frame. See hundefinedi [Selecting a Frame], page hundefinedi.
info frame
info f This command prints a verbose description of the selected stack frame, includ-
ing:
• the address of the frame
• the address of the next frame down (called by this frame)
• the address of the next frame up (caller of this frame)
• the language in which the source code corresponding to this frame is written
• the address of the frame’s arguments
• the address of the frame’s local variables
86 Debugging with gdb
To print lines from a source file, use the list command (abbreviated l). By default,
ten lines are printed. There are several ways to specify what part of the file you want to
print; see hundefinedi [Specify Location], page hundefinedi, for the full list.
Here are the forms of the list command most commonly used:
list linenum
Print lines centered around line number linenum in the current source file.
list function
Print lines centered around the beginning of function function.
list Print more lines. If the last lines printed were printed with a list command,
this prints lines following the last lines printed; however, if the last line printed
was a solitary line printed as part of displaying a stack frame (see hundefinedi
[Examining the Stack], page hundefinedi), this prints lines centered around that
line.
list - Print lines just before the lines last printed.
By default, gdb prints ten source lines with any of these forms of the list command.
You can change this using set listsize:
set listsize count
Make the list command display count source lines (unless the list argument
explicitly specifies some other number).
show listsize
Display the number of lines that list prints.
Repeating a list command with hRETi discards the argument, so it is equivalent to
typing just list. This is more useful than listing the same lines again. An exception is
made for an argument of ‘-’; that argument is preserved in repetition so that each repetition
moves up in the source file.
In general, the list command expects you to supply zero, one or two linespecs. Line-
specs specify source lines; there are several ways of writing them (see hundefinedi [Specify
Location], page hundefinedi), but the effect is always to specify some source line.
Here is a complete description of the possible arguments for list:
88 Debugging with gdb
list linespec
Print lines centered around the line specified by linespec.
list first,last
Print lines from first to last. Both arguments are linespecs. When a list
command has two linespecs, and the source file of the second linespec is omitted,
this refers to the same source file as the first linespec.
list ,last
Print lines ending with last.
list first,
Print lines starting with first.
list + Print lines just after the lines last printed.
list - Print lines just before the lines last printed.
list As described in the preceding table.
Several gdb commands accept arguments that specify a location of your program’s code.
Since gdb is a source-level debugger, a location usually specifies some line in the source
code; for that reason, locations are also known as linespecs.
Here are all the different ways of specifying a code location that gdb understands:
linenum Specifies the line number linenum of the current source file.
-offset
+offset Specifies the line offset lines before or after the current line. For the list
command, the current line is the last one printed; for the breakpoint commands,
this is the line at which execution stopped in the currently selected stack frame
(see hundefinedi [Frames], page hundefinedi, for a description of stack frames.)
When used as the second of the two linespecs in a list command, this specifies
the line offset lines up or down from the first linespec.
filename :linenum
Specifies the line linenum in the source file filename.
function Specifies the line that begins the body of the function function. For example,
in C, this is the line with the open brace.
filename :function
Specifies the line that begins the body of the function function in the file file-
name. You only need the file name with a function name to avoid ambiguity
when there are identically named functions in different source files.
label Specifies the line at which the label named label appears. gdb searches for
the label in the function corresponding to the currently selected stack frame.
If there is no current selected stack frame (for instance, if the inferior is not
running), then gdb will not search for a label.
Chapter 9: Examining Source Files 89
*address Specifies the program address address. For line-oriented commands, such as
list and edit, this specifies a source line that contains address. For break
and other breakpoint oriented commands, this can be used to set breakpoints
in parts of your program which do not have debugging information or source
files.
Here address may be any expression valid in the current working language (see
hundefinedi [Languages], page hundefinedi) that specifies a code address. In
addition, as a convenience, gdb extends the semantics of expressions used in
locations to cover the situations that frequently happen during debugging. Here
are the various forms of address:
expression
Any expression valid in the current working language.
funcaddr An address of a function or procedure derived from its name. In
C, C++, Java, Objective-C, Fortran, minimal, and assembly, this
is simply the function’s name function (and actually a special case
of a valid expression). In Pascal and Modula-2, this is &function .
In Ada, this is function ’Address (although the Pascal form also
works).
This form specifies the address of the function’s first instruction,
before the stack frame and arguments have been set up.
’filename ’::funcaddr
Like funcaddr above, but also specifies the name of the source file
explicitly. This is useful if the name of the function does not specify
the function unambiguously, e.g., if there are several functions with
identical names in different source files.
To edit the lines in a source file, use the edit command. The editing program of your
choice is invoked with the current line set to the active line in the program. Alternatively,
there are several ways to specify what part of the file you want to print if you want to see
other parts of the program:
edit location
Edit the source file specified by location. Editing starts at that location,
e.g., at the specified source line of the specified file. See hundefinedi [Specify
Location], page hundefinedi, for all the possible forms of the location argument;
here are the forms of the edit command most commonly used:
edit number
Edit the current source file with number as the active line number.
edit function
Edit the file containing function at the beginning of its definition.
90 Debugging with gdb
You can customize gdb to use any editor you want1 . By default, it is ‘/bin/ex’, but you
can change this by setting the environment variable EDITOR before using gdb. For example,
to configure gdb to use the vi editor, you could use these commands with the sh shell:
EDITOR=/usr/bin/vi
export EDITOR
gdb ...
or in the csh shell,
setenv EDITOR /usr/bin/vi
gdb ...
There are two commands for searching through the current source file for a regular
expression.
forward-search regexp
search regexp
The command ‘forward-search regexp ’ checks each line, starting with the
one following the last line listed, for a match for regexp. It lists the line that is
found. You can use the synonym ‘search regexp ’ or abbreviate the command
name as fo.
reverse-search regexp
The command ‘reverse-search regexp ’ checks each line, starting with the
one before the last line listed and going backward, for a match for regexp. It
lists the line that is found. You can abbreviate this command as rev.
Executable programs sometimes do not record the directories of the source files from
which they were compiled, just the names. Even when they do, the directories could be
moved between the compilation and your debugging session. gdb has a list of directories
to search for source files; this is called the source path. Each time gdb wants a source file,
it tries all the directories in the list, in the order they are present in the list, until it finds
a file with the desired name.
For example, suppose an executable references the file ‘/usr/src/foo-1.0/lib/foo.c’,
and our source path is ‘/mnt/cross’. The file is first looked up literally; if this fails,
‘/mnt/cross/usr/src/foo-1.0/lib/foo.c’ is tried; if this fails, ‘/mnt/cross/foo.c’ is
opened; if this fails, an error message is printed. gdb does not look up the parts of the source
file name, such as ‘/mnt/cross/src/foo-1.0/lib/foo.c’. Likewise, the subdirectories of
the source path are not searched: if the source path is ‘/mnt/cross’, and the binary refers
to ‘foo.c’, gdb would not find it under ‘/mnt/cross/usr/src/foo-1.0/lib’.
1
The only restriction is that your editor (say ex), recognizes the following command-line syntax:
ex +number file
The optional numeric value +number specifies the number of the line in the file where to start editing.
Chapter 9: Examining Source Files 91
Plain file names, relative file names with leading directories, file names containing dots,
etc. are all treated as described above; for instance, if the source path is ‘/mnt/cross’, and
the source file is recorded as ‘../lib/foo.c’, gdb would first try ‘../lib/foo.c’, then
‘/mnt/cross/../lib/foo.c’, and after that—‘/mnt/cross/foo.c’.
Note that the executable search path is not used to locate the source files.
Whenever you reset or rearrange the source path, gdb clears out any information it has
cached about where source files are found and where each line is in the file.
When you start gdb, its source path includes only ‘cdir’ and ‘cwd’, in that order. To
add other directories, use the directory command.
The search path is used to find both program source files and gdb script files (read using
the ‘-command’ option and ‘source’ command).
In addition to the source path, gdb provides a set of commands that manage a list of
source path substitution rules. A substitution rule specifies how to rewrite source directories
stored in the program’s debug information in case the sources were moved to a different
directory between compilation and debugging. A rule is made of two strings, the first
specifying what needs to be rewritten in the path, and the second specifying how it should
be rewritten. In hundefinedi [set substitute-path], page hundefinedi, we name these two
parts from and to respectively. gdb does a simple string replacement of from with to at
the start of the directory part of the source file name, and uses that result instead of the
original file name to look up the sources.
Using the previous example, suppose the ‘foo-1.0’ tree has been moved from ‘/usr/src’
to ‘/mnt/cross’, then you can tell gdb to replace ‘/usr/src’ in all source path names
with ‘/mnt/cross’. The first lookup will then be ‘/mnt/cross/foo-1.0/lib/foo.c’ in
place of the original location of ‘/usr/src/foo-1.0/lib/foo.c’. To define a source path
substitution rule, use the set substitute-path command (see hundefinedi [set substitute-
path], page hundefinedi).
To avoid unexpected substitution results, a rule is applied only if the from part
of the directory name ends at a directory separator. For instance, a rule substituting
‘/usr/source’ into ‘/mnt/cross’ will be applied to ‘/usr/source/foo-1.0’ but not
to ‘/usr/sourceware/foo-2.0’. And because the substitution is applied only at the
beginning of the directory name, this rule will not be applied to ‘/root/usr/source/baz.c’
either.
In many cases, you can achieve the same result using the directory command. However,
set substitute-path can be more efficient in the case where the sources are organized in
a complex tree with multiple subdirectories. With the directory command, you need to
add each subdirectory of your project. If you moved the entire tree while preserving its
internal organization, then set substitute-path allows you to direct the debugger to all
the sources with one single command.
set substitute-path is also more than just a shortcut command. The source path
is only used if the file at the original location no longer exists. On the other hand, set
substitute-path modifies the debugger behavior to look at the rewritten location instead.
So, if for any reason a source file that is not relevant to your executable is located at the
original location, a substitution rule is the only method available to point gdb at the new
location.
92 Debugging with gdb
You can configure a default source path substitution rule by configuring gdb with the
‘--with-relocated-sources=dir ’ option. The dir should be the name of a directory under
gdb’s configured prefix (set with ‘--prefix’ or ‘--exec-prefix’), and directory names in
debug information under dir will be adjusted automatically if the installed gdb is moved
to a new location. This is useful if gdb, libraries or executables with debug information
and corresponding source code are being moved together.
directory dirname ...
dir dirname ...
Add directory dirname to the front of the source path. Several directory names
may be given to this command, separated by ‘:’ (‘;’ on MS-DOS and MS-
Windows, where ‘:’ usually appears as part of absolute file names) or white-
space. You may specify a directory that is already in the source path; this
moves it forward, so gdb searches it sooner.
You can use the string ‘$cdir’ to refer to the compilation directory (if one is
recorded), and ‘$cwd’ to refer to the current working directory. ‘$cwd’ is not
the same as ‘.’—the former tracks the current working directory as it changes
during your gdb session, while the latter is immediately expanded to the current
directory at the time you add an entry to the source path.
directory
Reset the source path to its default value (‘$cdir:$cwd’ on Unix systems). This
requires confirmation.
set directories path-list
Set the source path to path-list. ‘$cdir:$cwd’ are added if missing.
show directories
Print the source path: show which directories it contains.
set substitute-path from to
Define a source path substitution rule, and add it at the end of the current list
of existing substitution rules. If a rule with the same from was already defined,
then the old rule is also deleted.
For example, if the file ‘/foo/bar/baz.c’ was moved to ‘/mnt/cross/baz.c’,
then the command
(gdb) set substitute-path /usr/src /mnt/cross
will tell gdb to replace ‘/usr/src’ with ‘/mnt/cross’, which will allow gdb to
find the file ‘baz.c’ even though it was moved.
In the case when more than one substitution rule have been defined, the rules
are evaluated one by one in the order where they have been defined. The first
one matching, if any, is selected to perform the substitution.
For instance, if we had entered the following commands:
(gdb) set substitute-path /usr/src/include /mnt/include
(gdb) set substitute-path /usr/src /mnt/src
gdb would then rewrite ‘/usr/src/include/defs.h’ into ‘/mnt/include/defs.h’
by using the first rule. However, it would use the second rule to rewrite
‘/usr/src/lib/foo.c’ into ‘/mnt/src/lib/foo.c’.
Chapter 9: Examining Source Files 93
If your source path is cluttered with directories that are no longer of interest, gdb may
sometimes cause confusion by finding the wrong versions of source. You can correct the
situation as follows:
1. Use directory with no argument to reset the source path to its default value.
2. Use directory with suitable arguments to reinstall the directories you want in the
source path. You can add all the directories in one command.
You can use the command info line to map source lines to program addresses (and
vice versa), and the command disassemble to display a range of addresses as machine
instructions. You can use the command set disassemble-next-line to set whether to
disassemble next source line when execution stops. When run under gnu Emacs mode, the
info line command causes the arrow to point to the line specified. Also, info line prints
addresses in symbolic form as well as hex.
For example, we can use info line to discover the location of the object code for the
first line of function m4_changequote:
(gdb) info line m4_changequote
Line 895 of "builtin.c" starts at pc 0x634c and ends at 0x6350.
We can also inquire (using *addr as the form for linespec) what source line covers a par-
ticular address:
(gdb) info line *0x63ff
Line 926 of "builtin.c" starts at pc 0x63e4 and ends at 0x6404.
After info line, the default address for the x command is changed to the starting
address of the line, so that ‘x/i’ is sufficient to begin examining the machine code (see hun-
definedi [Examining Memory], page hundefinedi). Also, this address is saved as the value
of the convenience variable $_ (see hundefinedi [Convenience Variables], page hundefinedi).
94 Debugging with gdb
disassemble
disassemble /m
disassemble /r
This specialized command dumps a range of memory as machine instructions. It
can also print mixed source+disassembly by specifying the /m modifier and print
the raw instructions in hex as well as in symbolic form by specifying the /r. The
default memory range is the function surrounding the program counter of the
selected frame. A single argument to this command is a program counter value;
gdb dumps the function surrounding this value. When two arguments are given,
they should be separated by a comma, possibly surrounded by whitespace. The
arguments specify a range of addresses to dump, in one of two forms:
start,end
the addresses from start (inclusive) to end (exclusive)
start,+length
the addresses from start (inclusive) to start +length (exclusive).
When 2 arguments are specified, the name of the function is also printed (since
there could be several functions in the given range).
The argument(s) can be any expression yielding a numeric value, such as
‘0x32c4’, ‘&main+10’ or ‘$pc - 8’.
If the range of memory being disassembled contains current program counter,
the instruction at that location is shown with a => marker.
The following example shows the disassembly of a range of addresses of HP PA-RISC
2.0 code:
(gdb) disas 0x32c4, 0x32e4
Dump of assembler code from 0x32c4 to 0x32e4:
0x32c4 <main+204>: addil 0,dp
0x32c8 <main+208>: ldw 0x22c(sr0,r1),r26
0x32cc <main+212>: ldil 0x3000,r31
0x32d0 <main+216>: ble 0x3f8(sr4,r31)
0x32d4 <main+220>: ldo 0(r31),rp
0x32d8 <main+224>: addil -0x800,dp
0x32dc <main+228>: ldo 0x588(r1),r26
0x32e0 <main+232>: ldil 0x3000,r31
End of assembler dump.
Here is an example showing mixed source+assembly for Intel x86, when the program is
stopped just after function prologue:
(gdb) disas /m main
Dump of assembler code for function main:
5 {
0x08048330 <+0>: push %ebp
0x08048331 <+1>: mov %esp,%ebp
0x08048333 <+3>: sub $0x8,%esp
0x08048336 <+6>: and $0xfffffff0,%esp
0x08048339 <+9>: sub $0x10,%esp
6 printf ("Hello.\n");
=> 0x0804833c <+12>: movl $0x8048440,(%esp)
0x08048343 <+19>: call 0x8048284 <puts@plt>
Chapter 9: Examining Source Files 95
7 return 0;
8 }
0x08048348 <+24>: mov $0x0,%eax
0x0804834d <+29>: leave
0x0804834e <+30>: ret
set disassemble-next-line
show disassemble-next-line
Control whether or not gdb will disassemble the next source line or instruction
when execution stops. If ON, gdb will display disassembly of the next source
line when execution of the program being debugged stops. This is in addition
to displaying the source line itself, which gdb always does if possible. If the
next source line cannot be displayed for some reason (e.g., if gdb cannot find
the source file, or there’s no line info in the debug info), gdb will display
disassembly of the next instruction instead of showing the next source line. If
AUTO, gdb will display disassembly of next instruction only if the source line
cannot be displayed. This setting causes gdb to display some feedback when
you step through a function with no line info or whose source file is unavailable.
The default is OFF, which means never display the disassembly of the next line
or instruction.
96 Debugging with gdb
Chapter 10: Examining Data 97
10 Examining Data
The usual way to examine data in your program is with the print command (abbreviated
p), or its synonym inspect. It evaluates and prints the value of an expression of the
language your program is written in (see hundefinedi [Using gdb with Different Languages],
page hundefinedi). It may also print the expression using a Python-based pretty-printer (see
hundefinedi [Pretty Printing], page hundefinedi).
print expr
print /f expr
expr is an expression (in the source language). By default the value of expr
is printed in a format appropriate to its data type; you can choose a different
format by specifying ‘/f ’, where f is a letter specifying the format; see hunde-
finedi [Output Formats], page hundefinedi.
print
print /f If you omit expr, gdb displays the last value again (from the value history; see
hundefinedi [Value History], page hundefinedi). This allows you to conveniently
inspect the same value in an alternative format.
A more low-level way of examining data is with the x command. It examines data
in memory at a specified address and prints it in a specified format. See hundefinedi
[Examining Memory], page hundefinedi.
If you are interested in information about types, or about how the fields of a struct
or a class are declared, use the ptype exp command rather than print. See hundefinedi
[Examining the Symbol Table], page hundefinedi.
10.1 Expressions
print and many other gdb commands accept an expression and compute its value. Any
kind of constant, variable or operator defined by the programming language you are using
is valid in an expression in gdb. This includes conditional expressions, function calls, casts,
and string constants. It also includes preprocessor macros, if you compiled your program
to include this information; see hundefinedi [Compilation], page hundefinedi.
gdb supports array constants in expressions input by the user. The syntax is {element,
element. . . }. For example, you can use the command print {1, 2, 3} to create an array
of three integers. If you pass an array to a function or assign it to a program variable, gdb
copies the array to memory that is malloced in the target program.
Because C is so widespread, most of the expressions shown in examples in this manual
are in C. See hundefinedi [Using gdb with Different Languages], page hundefinedi, for
information on how to use expressions in other languages.
In this section, we discuss operators that you can use in gdb expressions regardless of
your programming language.
Casts are supported in all languages, not just in C, because it is so useful to cast a
number into a pointer in order to examine a structure at that address in memory.
gdb supports these operators, in addition to those common to programming languages:
98 Debugging with gdb
@ ‘@’ is a binary operator for treating parts of memory as arrays. See hundefinedi
[Artificial Arrays], page hundefinedi, for more information.
:: ‘::’ allows you to specify a variable in terms of the file or function where it is
defined. See hundefinedi [Program Variables], page hundefinedi.
{type } addr
Refers to an object of type type stored at address addr in memory. addr may
be any expression whose value is an integer or pointer (but parentheses are
required around binary operators, just as in a cast). This construct is allowed
regardless of what kind of data is normally supposed to reside at addr.
Expressions can sometimes contain some ambiguous elements. For instance, some pro-
gramming languages (notably Ada, C++ and Objective-C) permit a single function name
to be defined several times, for application in different contexts. This is called overloading.
Another example involving Ada is generics. A generic package is similar to C++ templates
and is typically instantiated several times, resulting in the same function name being defined
in different contexts.
In some cases and depending on the language, it is possible to adjust the expression to
remove the ambiguity. For instance in C++, you can specify the signature of the function
you want to break on, as in break function (types ). In Ada, using the fully qualified
name of your function often makes the expression unambiguous as well.
When an ambiguity that needs to be resolved is detected, the debugger has the capability
to display a menu of numbered choices for each possibility, and then waits for the selection
with the prompt ‘>’. The first option is always ‘[0] cancel’, and typing 0 hRETi aborts the
current command. If the command in which the expression was used allows more than one
choice to be selected, the next option in the menu is ‘[1] all’, and typing 1 hRETi selects
all possible choices.
For example, the following session excerpt shows an attempt to set a breakpoint at the
overloaded symbol String::after. We choose three particular definitions of that function
name:
(gdb) b String::after
[0] cancel
[1] all
[2] file:String.cc; line number:867
[3] file:String.cc; line number:860
[4] file:String.cc; line number:875
[5] file:String.cc; line number:853
[6] file:String.cc; line number:846
[7] file:String.cc; line number:735
> 2 4 6
Breakpoint 1 at 0xb26c: file String.cc, line 867.
Breakpoint 2 at 0xb344: file String.cc, line 875.
Breakpoint 3 at 0xafcc: file String.cc, line 846.
Multiple breakpoints were set.
Use the "delete" command to delete unwanted
breakpoints.
(gdb)
Chapter 10: Examining Data 99
The most common kind of expression to use is the name of a variable in your program.
Variables in expressions are understood in the selected stack frame (see hundefinedi
[Selecting a Frame], page hundefinedi); they must be either:
• global (or file-static)
or
• visible according to the scope rules of the programming language from the point of
execution in that frame
This means that in the function
foo (a)
int a;
{
bar (a);
{
int b = test ();
bar (b);
}
}
you can examine and use the variable a whenever your program is executing within the
function foo, but you can only use or examine the variable b while your program is executing
inside the block where b is declared.
There is an exception: you can refer to a variable or function whose scope is a single
source file even if the current execution point is not in this file. But it is possible to have
more than one such variable or function with the same name (in different source files). If
that happens, referring to that name has unpredictable effects. If you wish, you can specify
a static variable in a particular function or file, using the colon-colon (::) notation:
100 Debugging with gdb
file ::variable
function ::variable
Here file or function is the name of the context for the static variable. In the case of file
names, you can use quotes to make sure gdb parses the file name as a single word—for
example, to print a global value of x defined in ‘f2.c’:
(gdb) p ’f2.c’::x
This use of ‘::’ is very rarely in conflict with the very similar use of the same notation
in C++. gdb also supports use of the C++ scope resolution operator in gdb expressions.
Warning: Occasionally, a local variable may appear to have the wrong value
at certain points in a function—just after entry to a new scope, and just before
exit.
You may see this problem when you are stepping by machine instructions. This is
because, on most machines, it takes more than one instruction to set up a stack frame
(including local variable definitions); if you are stepping by machine instructions, variables
may appear to have the wrong values until the stack frame is completely built. On exit, it
usually also takes more than one machine instruction to destroy a stack frame; after you
begin stepping through that group of instructions, local variable definitions may be gone.
This may also happen when the compiler does significant optimizations. To be sure of
always seeing accurate values, turn off all optimization when compiling.
Another possible effect of compiler optimizations is to optimize unused variables out of
existence, or assign variables to registers (as opposed to memory addresses). Depending
on the support for such cases offered by the debug info format used by the compiler, gdb
might not be able to display values for such local variables. If that happens, gdb will print
a message like this:
No symbol "foo" in current context.
To solve such problems, either recompile without optimizations, or use a different debug
info format, if the compiler supports several such formats. For example, gcc, the gnu
C/C++ compiler, usually supports the ‘-gstabs+’ option. ‘-gstabs+’ produces debug info
in a format that is superior to formats such as COFF. You may be able to use DWARF
2 (‘-gdwarf-2’), which is also an effective form for debug info. See section “Options for
Debugging Your Program or GCC” in Using the gnu Compiler Collection (GCC). See hun-
definedi [C and C++], page hundefinedi, for more information about debug info formats that
are best suited to C++ programs.
If you ask to print an object whose contents are unknown to gdb, e.g., because its
data type is not completely specified by the debug information, gdb will say ‘<incomplete
type>’. See hundefinedi [Symbols], page hundefinedi, for more about this.
Strings are identified as arrays of char values without specified signedness. Arrays of
either signed char or unsigned char get printed as arrays of 1 byte sized integers. -
fsigned-char or -funsigned-char gcc options have no effect as gdb defines literal string
type "char" as char without a sign. For program code
char var0[] = "A";
signed char var1[] = "A";
You get during debugging
(gdb) print var0
$1 = "A"
Chapter 10: Examining Data 101
It is often useful to print out several successive objects of the same type in memory; a
section of an array, or an array of dynamically determined size for which only a pointer
exists in the program.
You can do this by referring to a contiguous span of memory as an artificial array, using
the binary operator ‘@’. The left operand of ‘@’ should be the first element of the desired
array and be an individual object. The right operand should be the desired length of the
array. The result is an array value whose elements are all of the type of the left argument.
The first element is actually the left argument; the second element comes from bytes of
memory immediately following those that hold the first element, and so on. Here is an
example. If a program says
int *array = (int *) malloc (len * sizeof (int));
The left operand of ‘@’ must reside in memory. Array values made with ‘@’ in this way
behave just like other arrays in terms of subscripting, and are coerced to pointers when
used in expressions. Artificial arrays most often appear in expressions via the value history
(see hundefinedi [Value History], page hundefinedi), after printing one out.
Another way to create an artificial array is to use a cast. This re-interprets a value as if
it were an array. The value need not be in memory:
(gdb) p/x (short[2])0x12345678
$1 = {0x1234, 0x5678}
As a convenience, if you leave the array length out (as in ‘(type [])value ’) gdb calcu-
lates the size to fill the value (as ‘sizeof(value )/sizeof(type )’:
(gdb) p/x (short[])0x12345678
$2 = {0x1234, 0x5678}
Sometimes the artificial array mechanism is not quite enough; in moderately complex
data structures, the elements of interest may not actually be adjacent—for example, if you
are interested in the values of pointers in an array. One useful work-around in this situation
is to use a convenience variable (see hundefinedi [Convenience Variables], page hundefinedi)
as a counter in an expression that prints the first interesting value, and then repeat that
expression via hRETi. For instance, suppose you have an array dtab of pointers to structures,
and you are interested in the values of a field fv in each structure. Here is an example of
what you might type:
set $i = 0
p dtab[$i++]->fv
hRETi
hRETi
...
102 Debugging with gdb
By default, gdb prints a value according to its data type. Sometimes this is not what
you want. For example, you might want to print a number in hex, or a pointer in decimal.
Or you might want to view data in memory at a certain address as a character string or as
an instruction. To do these things, specify an output format when you print a value.
The simplest use of output formats is to say how to print a value already computed.
This is done by starting the arguments of the print command with a slash and a format
letter. The format letters supported are:
x Regard the bits of the value as an integer, and print the integer in hexadecimal.
d Print as integer in signed decimal.
u Print as integer in unsigned decimal.
o Print as integer in octal.
t Print as integer in binary. The letter ‘t’ stands for “two”.1
a Print as an address, both absolute in hexadecimal and as an offset from the
nearest preceding symbol. You can use this format used to discover where (in
what function) an unknown address is located:
(gdb) p/a 0x54320
$3 = 0x54320 <_initialize_vx+396>
The command info symbol 0x54320 yields similar results. See hundefinedi
[Symbols], page hundefinedi.
c Regard as an integer and print it as a character constant. This prints both the
numerical value and its character representation. The character representation
is replaced with the octal escape ‘\nnn’ for characters outside the 7-bit ascii
range.
Without this format, gdb displays char, unsigned char, and signed char
data as character constants. Single-byte members of vectors are displayed as
integer data.
f Regard the bits of the value as a floating point number and print using typical
floating point syntax.
s Regard as a string, if possible. With this format, pointers to single-byte data are
displayed as null-terminated strings and arrays of single-byte data are displayed
as fixed-length strings. Other values are displayed in their natural types.
Without this format, gdb displays pointers to and arrays of char,
unsigned char, and signed char as strings. Single-byte members of a vector
are displayed as an integer array.
r Print using the ‘raw’ formatting. By default, gdb will use a Python-based
pretty-printer, if one is available (see hundefinedi [Pretty Printing], page hun-
definedi). This typically results in a higher-level display of the value’s contents.
The ‘r’ format bypasses any Python pretty-printer which might exist.
1
‘b’ cannot be used because these format letters are also used with the x command, where ‘b’ stands for
“byte”; see hundefinedi [Examining Memory], page hundefinedi.
Chapter 10: Examining Data 103
For example, to print the program counter in hex (see hundefinedi [Registers], page hun-
definedi), type
p/x $pc
Note that no space is required before the slash; this is because command names in gdb
cannot contain a slash.
To reprint the last value in the value history with a different format, you can use the
print command with just a format and no expression. For example, ‘p/x’ reprints the last
value in hex.
You can use the command x (for “examine”) to examine memory in any of several
formats, independently of your program’s data types.
x/nfu addr
x addr
x Use the x command to examine memory.
n, f, and u are all optional parameters that specify how much memory to display and how
to format it; addr is an expression giving the address where you want to start displaying
memory. If you use defaults for nfu, you need not type the slash ‘/’. Several commands set
convenient defaults for addr.
n, the repeat count
The repeat count is a decimal integer; the default is 1. It specifies how much
memory (counting by units u) to display.
f, the display format
The display format is one of the formats used by print (‘x’, ‘d’, ‘u’, ‘o’, ‘t’,
‘a’, ‘c’, ‘f’, ‘s’), and in addition ‘i’ (for machine instructions). The default is
‘x’ (hexadecimal) initially. The default changes each time you use either x or
print.
u, the unit size
The unit size is any of
b Bytes.
h Halfwords (two bytes).
w Words (four bytes). This is the initial default.
g Giant words (eight bytes).
Each time you specify a unit size with x, that size becomes the default unit
the next time you use x. For the ‘i’ format, the unit size is ignored and is
normally not written. For the ‘s’ format, the unit size defaults to ‘b’, unless it
is explicitly given. Use x /hs to display 16-bit char strings and x /ws to display
32-bit strings. The next use of x /s will again display 8-bit strings. Note that
the results depend on the programming language of the current compilation
unit. If the language is C, the ‘s’ modifier will use the UTF-16 encoding while
104 Debugging with gdb
‘w’ will use UTF-32. The encoding is set by the programming language and
cannot be altered.
addr, starting display address
addr is the address where you want gdb to begin displaying memory. The
expression need not have a pointer value (though it may); it is always inter-
preted as an integer address of a byte of memory. See hundefinedi [Expressions],
page hundefinedi, for more information on expressions. The default for addr is
usually just after the last address examined—but several other commands also
set the default address: info breakpoints (to the address of the last break-
point listed), info line (to the starting address of a line), and print (if you
use it to display a value from memory).
For example, ‘x/3uh 0x54320’ is a request to display three halfwords (h) of memory,
formatted as unsigned decimal integers (‘u’), starting at address 0x54320. ‘x/4xw $sp’
prints the four words (‘w’) of memory above the stack pointer (here, ‘$sp’; see hundefinedi
[Registers], page hundefinedi) in hexadecimal (‘x’).
Since the letters indicating unit sizes are all distinct from the letters specifying output
formats, you do not have to remember whether unit size or format comes first; either order
works. The output specifications ‘4xw’ and ‘4wx’ mean exactly the same thing. (However,
the count n must come first; ‘wx4’ does not work.)
Even though the unit size u is ignored for the formats ‘s’ and ‘i’, you might still want to
use a count n; for example, ‘3i’ specifies that you want to see three machine instructions,
including any operands. For convenience, especially when used with the display command,
the ‘i’ format also prints branch delay slot instructions, if any, beyond the count specified,
which immediately follow the last instruction that is within the count. The command
disassemble gives an alternative way of inspecting machine instructions; see hundefinedi
[Source and Machine Code], page hundefinedi.
All the defaults for the arguments to x are designed to make it easy to continue scanning
memory with minimal specifications each time you use x. For example, after you have
inspected three machine instructions with ‘x/3i addr ’, you can inspect the next seven with
just ‘x/7’. If you use hRETi to repeat the x command, the repeat count n is used again; the
other arguments default as for successive uses of x.
When examining machine instructions, the instruction at current program counter is
shown with a => marker. For example:
(gdb) x/5i $pc-6
0x804837f <main+11>: mov %esp,%ebp
0x8048381 <main+13>: push %ecx
0x8048382 <main+14>: sub $0x4,%esp
=> 0x8048385 <main+17>: movl $0x8048460,(%esp)
0x804838c <main+24>: call 0x80482d4 <puts@plt>
The addresses and contents printed by the x command are not saved in the value history
because there is often too much of them and they would get in the way. Instead, gdb
makes these values available for subsequent use in expressions as values of the convenience
variables $_ and $__. After an x command, the last address examined is available for use
in expressions in the convenience variable $_. The contents of that address, as examined,
are available in the convenience variable $__.
Chapter 10: Examining Data 105
If the x command has a repeat count, the address and contents saved are from the last
memory unit printed; this is not the same as the last address printed if several units were
printed on the last line of output.
When you are debugging a program running on a remote target machine (see hundefinedi
[Remote Debugging], page hundefinedi), you may wish to verify the program’s image in the
remote machine’s memory against the executable file you downloaded to the target. The
compare-sections command is provided for such situations.
compare-sections [section-name ]
Compare the data of a loadable section section-name in the executable file
of the program being debugged with the same section in the remote machine’s
memory, and report any mismatches. With no arguments, compares all loadable
sections. This command’s availability depends on the target’s support for the
"qCRC" remote request.
If you find that you want to print the value of an expression frequently (to see how it
changes), you might want to add it to the automatic display list so that gdb prints its
value each time your program stops. Each expression added to the list is given a number to
identify it; to remove an expression from the list, you specify that number. The automatic
display looks like this:
2: foo = 38
3: bar[5] = (struct hack *) 0x3804
This display shows item numbers, expressions and their current values. As with displays
you request manually using x or print, you can specify the output format you prefer; in
fact, display decides whether to use print or x depending your format specification—it
uses x if you specify either the ‘i’ or ‘s’ format, or a unit size; otherwise it uses print.
display expr
Add the expression expr to the list of expressions to display each time your
program stops. See hundefinedi [Expressions], page hundefinedi.
display does not repeat if you press hRETi again after using it.
display/fmt expr
For fmt specifying only a display format and not a size or count, add the
expression expr to the auto-display list but arrange to display it each time in
the specified format fmt. See hundefinedi [Output Formats], page hundefinedi.
display/fmt addr
For fmt ‘i’ or ‘s’, or including a unit-size or a number of units, add the expres-
sion addr as a memory address to be examined each time your program stops.
Examining means in effect doing ‘x/fmt addr ’. See hundefinedi [Examining
Memory], page hundefinedi.
For example, ‘display/i $pc’ can be helpful, to see the machine instruction about to
be executed each time execution stops (‘$pc’ is a common name for the program counter;
see hundefinedi [Registers], page hundefinedi).
106 Debugging with gdb
gdb provides the following ways to control how arrays, structures, and symbols are
printed.
These settings are useful for debugging programs in any language:
struct thing {
Species it;
union {
Tree_forms tree;
Bug_forms bug;
} form;
};
When gdb prints a value, it first sees if there is a pretty-printer registered for the value.
If there is then gdb invokes the pretty-printer to print the value. Otherwise the value is
printed normally.
Pretty-printers are normally named. This makes them easy to manage. The ‘info
pretty-printer’ command will list all the installed pretty-printers with their names. If a
pretty-printer can handle multiple data types, then its subprinters are the printers for the
individual data types. Each such subprinter has its own name. The format of the name is
printer-name;subprinter-name.
Pretty-printers are installed by registering them with gdb. Typically they are auto-
matically loaded and registered when the corresponding debug information is loaded, thus
making them available without having to do anything special.
Chapter 10: Examining Data 113
Values printed by the print command are saved in the gdb value history. This allows
you to refer to them in other expressions. Values are kept until the symbol table is re-read
Chapter 10: Examining Data 115
or discarded (for example with the file or symbol-file commands). When the symbol
table changes, the value history is discarded, since the values may contain pointers back to
the types defined in the symbol table.
The values printed are given history numbers by which you can refer to them. These
are successive integers starting with one. print shows you the history number assigned to
a value by printing ‘$num = ’ before the value; here num is the history number.
To refer to any previous value, use ‘$’ followed by the value’s history number. The way
print labels its output is designed to remind you of this. Just $ refers to the most recent
value in the history, and $$ refers to the value before that. $$n refers to the nth value from
the end; $$2 is the value just prior to $$, $$1 is equivalent to $$, and $$0 is equivalent to
$.
For example, suppose you have just printed a pointer to a structure and want to see the
contents of the structure. It suffices to type
p *$
If you have a chain of structures where the component next points to the next one, you
can print the contents of the next one with this:
p *$.next
You can print successive links in the chain by repeating this command—which you can do
by just typing hRETi.
Note that the history records values, not expressions. If the value of x is 4 and you type
these commands:
print x
set x=5
then the value recorded in the value history by the print command remains 4 even though
the value of x has changed.
show values
Print the last ten values in the value history, with their item numbers. This is
like ‘p $$9’ repeated ten times, except that show values does not change the
history.
show values n
Print ten history values centered on history item number n.
show values +
Print ten history values just after the values last printed. If no more values are
available, show values + produces no display.
Pressing hRETi to repeat show values n has exactly the same effect as ‘show values +’.
gdb provides convenience variables that you can use within gdb to hold on to a value
and refer to it later. These variables exist entirely within gdb; they are not part of your
program, and setting a convenience variable has no direct effect on further execution of your
program. That is why you can use them freely.
116 Debugging with gdb
Convenience variables are prefixed with ‘$’. Any name preceded by ‘$’ can be used for
a convenience variable, unless it is one of the predefined machine-specific register names
(see hundefinedi [Registers], page hundefinedi). (Value history references, in contrast, are
numbers preceded by ‘$’. See hundefinedi [Value History], page hundefinedi.)
You can save a value in a convenience variable with an assignment expression, just as
you would set a variable in your program. For example:
set $foo = *object_ptr
would save in $foo the value contained in the object pointed to by object_ptr.
Using a convenience variable for the first time creates it, but its value is void until you
assign a new value. You can alter the value with another assignment at any time.
Convenience variables have no fixed types. You can assign a convenience variable any
type of value, including structures and arrays, even if that variable already has a value of
a different type. The convenience variable, when used as an expression, has the type of its
current value.
show convenience
Print a list of convenience variables used so far, and their values. Abbreviated
show conv.
init-if-undefined $variable = expression
Set a convenience variable if it has not already been set. This is useful for
user-defined commands that keep some state. It is similar, in concept, to using
local static variables with initializers in C (except that convenience variables
are global). It can also be used to allow users to override default values used in
a command script.
If the variable is already defined then the expression is not evaluated so any
side-effects do not occur.
One of the ways to use a convenience variable is as a counter to be incremented or a
pointer to be advanced. For example, to print a field from successive elements of an array
of structures:
set $i = 0
print bar[$i++]->contents
Repeat that command by typing hRETi.
Some convenience variables are created automatically by gdb and given values likely to
be useful.
$_ The variable $_ is automatically set by the x command to the last address ex-
amined (see hundefinedi [Examining Memory], page hundefinedi). Other com-
mands which provide a default address for x to examine also set $_ to that
address; these commands include info line and info breakpoint. The type
of $_ is void * except when set by the x command, in which case it is a pointer
to the type of $__.
$__ The variable $__ is automatically set by the x command to the value found in
the last address examined. Its type is chosen to match the format in which the
data was printed.
Chapter 10: Examining Data 117
$_exitcode
The variable $_exitcode is automatically set to the exit code when the program
being debugged terminates.
$_sdata The variable $_sdata contains extra collected static tracepoint data. See hun-
definedi [Tracepoint Action Lists], page hundefinedi. Note that $_sdata could
be empty, if not inspecting a trace buffer, or if extra static tracepoint data has
not been collected.
$_siginfo
The variable $_siginfo contains extra signal information (see hundefinedi [ex-
tra signal information], page hundefinedi). Note that $_siginfo could be
empty, if the application has not yet received any signals. For example, it
will be empty before you execute the run command.
$_tlb The variable $_tlb is automatically set when debugging applications running
on MS-Windows in native mode or connected to gdbserver that supports the
qGetTIBAddr request. See hundefinedi [General Query Packets], page hunde-
finedi. This variable contains the address of the thread information block.
On HP-UX systems, if you refer to a function or variable name that begins with a dollar
sign, gdb searches for a user or system name first, before it searches for a convenience
variable.
gdb also supplies some convenience functions. These have a syntax similar to conve-
nience variables. A convenience function can be used in an expression just like an ordinary
function; however, a convenience function is implemented internally to gdb.
help function
Print a list of all convenience functions.
10.12 Registers
You can refer to machine register contents, in expressions, as variables with names
starting with ‘$’. The names of registers are different for each machine; use info registers
to see the names used on your machine.
info registers
Print the names and values of all registers except floating-point and vector
registers (in the selected stack frame).
info all-registers
Print the names and values of all registers, including floating-point and vector
registers (in the selected stack frame).
info registers regname ...
Print the relativized value of each specified register regname. As discussed in
detail below, register values are normally relative to the selected stack frame.
regname may be any register name valid on the machine you are using, with or
without the initial ‘$’.
118 Debugging with gdb
gdb has four “standard” register names that are available (in expressions) on most
machines—whenever they do not conflict with an architecture’s canonical mnemonics for
registers. The register names $pc and $sp are used for the program counter register and
the stack pointer. $fp is used for a register that contains a pointer to the current stack
frame, and $ps is used for a register that contains the processor status. For example, you
could print the program counter in hex with
p/x $pc
or print the instruction to be executed next with
x/i $pc
or add four to the stack pointer2 with
set $sp += 4
Whenever possible, these four standard register names are available on your machine
even though the machine has different canonical mnemonics, so long as there is no conflict.
The info registers command shows the canonical names. For example, on the SPARC,
info registers displays the processor status register as $psr but you can also refer to it
as $ps; and on x86-based machines $ps is an alias for the eflags register.
gdb always considers the contents of an ordinary register as an integer when the register
is examined in this way. Some machines have special registers which can hold nothing but
floating point; these registers are considered to have floating point values. There is no way
to refer to the contents of an ordinary register as floating point value (although you can
print it as a floating point value with ‘print/f $regname ’).
Some registers have distinct “raw” and “virtual” data formats. This means that the data
format in which the register contents are saved by the operating system is not the same
one that your program normally sees. For example, the registers of the 68881 floating point
coprocessor are always saved in “extended” (raw) format, but all C programs expect to work
with “double” (virtual) format. In such cases, gdb normally works with the virtual format
only (the format that makes sense for your program), but the info registers command
prints the data in both formats.
Some machines have special registers whose contents can be interpreted in several differ-
ent ways. For example, modern x86-based machines have SSE and MMX registers that can
hold several values packed together in several different formats. gdb refers to such registers
in struct notation:
(gdb) print $xmm1
$1 = {
v4_float = {0, 3.43859137e-038, 1.54142831e-044, 1.821688e-044},
v2_double = {9.92129282474342e-303, 2.7585945287983262e-313},
v16_int8 = "\000\000\000\000\3706;\001\v\000\000\000\r\000\000",
v8_int16 = {0, 0, 14072, 315, 11, 0, 13, 0},
v4_int32 = {0, 20657912, 11, 13},
v2_int64 = {88725056443645952, 55834574859},
uint128 = 0x0000000d0000000b013b36f800000000
}
2
This is a way of removing one word from the stack, on machines where stacks grow downward in memory
(most machines, nowadays). This assumes that the innermost stack frame is selected; setting $sp is not
allowed when other stack frames are selected. To pop entire frames off the stack, regardless of machine
architecture, use return; see hundefinedi [Returning from a Function], page hundefinedi.
Chapter 10: Examining Data 119
To set values of such registers, you need to tell gdb which view of the register you wish to
change, as if you were assigning value to a struct member:
(gdb) set $xmm1.uint128 = 0x000000000000000000000000FFFFFFFF
Normally, register values are relative to the selected stack frame (see hundefinedi [Se-
lecting a Frame], page hundefinedi). This means that you get the value that the register
would contain if all stack frames farther in were exited and their saved registers restored.
In order to see the true contents of hardware registers, you must select the innermost frame
(with ‘frame 0’).
However, gdb must deduce where registers are saved, from the machine code generated
by your compiler. If some registers are not saved, or if gdb is unable to locate the saved
registers, the selected stack frame makes no difference.
Depending on the configuration, gdb may be able to give you more information about
the status of the floating point hardware.
info float
Display hardware-dependent information about the floating point unit. The
exact contents and layout vary depending on the floating point chip. Currently,
‘info float’ is supported on the ARM and x86 machines.
Depending on the configuration, gdb may be able to give you more information about
the status of the vector unit.
info vector
Display information about the vector unit. The exact contents and layout vary
depending on the hardware.
gdb provides interfaces to useful OS facilities that can help you debug your program.
When gdb runs on a Posix system (such as GNU or Unix machines), it interfaces with the
inferior via the ptrace system call. The operating system creates a special sata structure,
called struct user, for this interface. You can use the command info udot to display the
contents of this data structure.
info udot Display the contents of the struct user maintained by the OS kernel for the
program being debugged. gdb displays the contents of struct user as a list
of hex numbers, similar to the examine command.
Some operating systems supply an auxiliary vector to programs at startup. This is akin
to the arguments and environment that you specify for a program, but contains a system-
dependent variety of binary values that tell system libraries important details about the
120 Debugging with gdb
hardware, operating system, and process. Each value’s purpose is identified by an inte-
ger tag; the meanings are well-known but system-specific. Depending on the configuration
and operating system facilities, gdb may be able to show you this information. For re-
mote targets, this functionality may further depend on the remote stub’s support of the
‘qXfer:auxv:read’ packet, see hundefinedi [qXfer auxiliary vector read], page hundefinedi.
info auxv Display the auxiliary vector of the inferior, which can be either a live process
or a core dump file. gdb prints each tag value numerically, and also shows
names and text descriptions for recognized tags. Some values in the vector are
numbers, some bit masks, and some pointers to strings or other data. gdb
displays each value in the most appropriate form for a recognized tag, and in
hexadecimal for an unrecognized tag.
On some targets, gdb can access operating-system-specific information and display it to
user, without interpretation. For remote targets, this functionality depends on the remote
stub’s support of the ‘qXfer:osdata:read’ packet, see hundefinedi [qXfer osdata read],
page hundefinedi.
info os List the types of OS information available for the target. If the target does not
return a list of possible types, this command will report an error.
info os processes
Display the list of processes on the target. For each process, gdb prints the
process identifier, the name of the user, and the command corresponding to the
process.
Memory region attributes allow you to describe special handling required by regions of
your target’s memory. gdb uses attributes to determine whether to allow certain types
of memory accesses; whether to use specific width accesses; and whether to cache target
memory. By default the description of memory regions is fetched from the target (if the
current target supports this), but the user can override the fetched regions.
Defined memory regions can be individually enabled and disabled. When a memory
region is disabled, gdb uses the default attributes when accessing memory in that region.
Similarly, if no memory regions have been defined, gdb uses the default attributes when
accessing all memory.
When a memory region is defined, it is given a number to identify it; to enable, disable,
or remove a memory region, you specify that number.
10.16.1 Attributes
The access mode attributes set whether gdb may make read or write accesses to a
memory region.
While these attributes prevent gdb from performing invalid memory accesses, they do
nothing to prevent the target system, I/O DMA, etc. from accessing memory.
ro Memory is read only.
wo Memory is write only.
rw Memory is read/write. This is the default.
The access size attribute tells gdb to use specific sized accesses in the memory region.
Often memory mapped device registers require specific sized accesses. If no access size
attribute is specified, gdb may use accesses of any size.
8 Use 8 bit memory accesses.
16 Use 16 bit memory accesses.
122 Debugging with gdb
The data cache attributes set whether gdb will cache target memory. While this gen-
erally improves performance by reducing debug protocol overhead, it can lead to incorrect
results because gdb does not know about volatile variables or memory mapped device
registers.
cache Enable gdb to cache target memory.
nocache Disable gdb from caching target memory. This is the default.
gdb can be instructed to refuse accesses to memory that is not explicitly described.
This can be useful if accessing such regions has undesired effects for a specific target, or to
provide better error checking. The following commands control this behaviour.
You can use the commands dump, append, and restore to copy data between target
memory and a file. The dump and append commands write data to a file, and the restore
command reads data from a file back into the inferior’s memory. Files may be in binary,
Motorola S-record, Intel hex, or Tektronix Hex format; however, gdb can only append to
binary files.
A core file or core dump is a file that records the memory image of a running process
and its process status (register values etc.). Its primary use is post-mortem debugging of a
program that crashed while it ran outside a debugger. A program that crashes automatically
produces a core file, unless this feature is disabled by the user. See hundefinedi [Files],
page hundefinedi, for information on invoking gdb in the post-mortem debugging mode.
Occasionally, you may wish to produce a core file of the program you are debugging in
order to preserve a snapshot of its state. gdb has a special command for that.
generate-core-file [file ]
gcore [file ]
Produce a core dump of the inferior process. The optional argument file specifies
the file name where to put the core dump. If not specified, the file name defaults
to ‘core.pid ’, where pid is the inferior process ID.
Note that this command is implemented only for some systems (as of this
writing, gnu/Linux, FreeBSD, Solaris, Unixware, and S390).
If the program you are debugging uses a different character set to represent characters
and strings than the one gdb uses itself, gdb can automatically translate between the
124 Debugging with gdb
character sets for you. The character set gdb uses we call the host character set; the one
the inferior program uses we call the target character set.
For example, if you are running gdb on a gnu/Linux system, which uses the ISO Latin
1 character set, but you are using gdb’s remote protocol (see hundefinedi [Remote Debug-
ging], page hundefinedi) to debug a program running on an IBM mainframe, which uses the
ebcdic character set, then the host character set is Latin-1, and the target character set is
ebcdic. If you give gdb the command set target-charset EBCDIC-US, then gdb trans-
lates between ebcdic and Latin 1 as you print character or string values, or use character
and string literals in expressions.
gdb has no way to automatically recognize which character set the inferior program
uses; you must tell it, using the set target-charset command, described below.
Here are the commands for controlling gdb’s character set support:
set target-charset charset
Set the current target character set to charset. To display the list of supported
target character sets, type set target-charset hTABihTABi.
set host-charset charset
Set the current host character set to charset.
By default, gdb uses a host character set appropriate to the system it is run-
ning on; you can override that default using the set host-charset command.
On some systems, gdb cannot automatically determine the appropriate host
character set. In this case, gdb uses ‘UTF-8’.
gdb can only use certain character sets as its host character set. If you type
set host-charset hTABihTABi, gdb will list the host character sets it supports.
set charset charset
Set the current host and target character sets to charset. As above, if you type
set charset hTABihTABi, gdb will list the names of the character sets that can
be used for both host and target.
show charset
Show the names of the current host and target character sets.
show host-charset
Show the name of the current host character set.
show target-charset
Show the name of the current target character set.
set target-wide-charset charset
Set the current target’s wide character set to charset. This is the character
set used by the target’s wchar_t type. To display the list of supported wide
character sets, type set target-wide-charset hTABihTABi.
show target-wide-charset
Show the name of the current target’s wide character set.
Here is an example of gdb’s character set support in action. Assume that the following
source code has been placed in the file ‘charset-test.c’:
Chapter 10: Examining Data 125
#include <stdio.h>
char ascii_hello[]
= {72, 101, 108, 108, 111, 44, 32, 119,
111, 114, 108, 100, 33, 10, 0};
char ibm1047_hello[]
= {200, 133, 147, 147, 150, 107, 64, 166,
150, 153, 147, 132, 90, 37, 0};
main ()
{
printf ("Hello, world!\n");
}
In this program, ascii_hello and ibm1047_hello are arrays containing the string
‘Hello, world!’ followed by a newline, encoded in the ascii and ibm1047 character sets.
We compile the program, and invoke the debugger on it:
$ gcc -g charset-test.c -o charset-test
$ gdb -nw charset-test
GNU gdb 2001-12-19-cvs
Copyright 2001 Free Software Foundation, Inc.
...
(gdb)
We can use the show charset command to see what character sets gdb is currently
using to interpret and display characters and strings:
(gdb) show charset
The current host and target character set is ‘ISO-8859-1’.
(gdb)
For the sake of printing this manual, let’s use ascii as our initial character set:
(gdb) set charset ASCII
(gdb) show charset
The current host and target character set is ‘ASCII’.
(gdb)
Let’s assume that ascii is indeed the correct character set for our host system — in
other words, let’s assume that if gdb prints characters using the ascii character set, our
terminal will display them properly. Since our current target character set is also ascii, the
contents of ascii_hello print legibly:
(gdb) print ascii_hello
$1 = 0x401698 "Hello, world!\n"
(gdb) print ascii_hello[0]
$2 = 72 ’H’
(gdb)
gdb uses the target character set for character and string literals you use in expressions:
(gdb) print ’+’
$3 = 43 ’+’
(gdb)
The ascii character set uses the number 43 to encode the ‘+’ character.
gdb relies on the user to tell it which character set the target program uses. If we print
ibm1047_hello while our target character set is still ascii, we get jibberish:
(gdb) print ibm1047_hello
$4 = 0x4016a8 "\310\205\223\223\226k@\246\226\231\223\204Z%"
(gdb) print ibm1047_hello[0]
126 Debugging with gdb
$5 = 200 ’\310’
(gdb)
If we invoke the set target-charset followed by hTABihTABi, gdb tells us the character
sets it supports:
(gdb) set target-charset
ASCII EBCDIC-US IBM1047 ISO-8859-1
(gdb) set target-charset
We can select ibm1047 as our target character set, and examine the program’s strings
again. Now the ascii string is wrong, but gdb translates the contents of ibm1047_hello
from the target character set, ibm1047, to the host character set, ascii, and they display
correctly:
(gdb) set target-charset IBM1047
(gdb) show charset
The current host character set is ‘ASCII’.
The current target character set is ‘IBM1047’.
(gdb) print ascii_hello
$6 = 0x401698 "\110\145%%?\054\040\167?\162%\144\041\012"
(gdb) print ascii_hello[0]
$7 = 72 ’\110’
(gdb) print ibm1047_hello
$8 = 0x4016a8 "Hello, world!\n"
(gdb) print ibm1047_hello[0]
$9 = 200 ’H’
(gdb)
As above, gdb uses the target character set for character and string literals you use in
expressions:
(gdb) print ’+’
$10 = 78 ’+’
(gdb)
The ibm1047 character set uses the number 78 to encode the ‘+’ character.
gdb caches data exchanged between the debugger and a remote target (see hundefinedi
[Remote Debugging], page hundefinedi). Such caching generally improves performance,
because it reduces the overhead of the remote protocol by bundling memory reads and writes
into large chunks. Unfortunately, simply caching everything would lead to incorrect results,
since gdb does not necessarily know anything about volatile values, memory-mapped I/O
addresses, etc. Furthermore, in non-stop mode (see hundefinedi [Non-Stop Mode], page hun-
definedi) memory can be changed while a gdb command is executing. Therefore, by default,
gdb only caches data known to be on the stack3 . Other regions of memory can be explicitly
marked as cacheable; see see hundefinedi [Memory Region Attributes], page hundefinedi.
set remotecache on
set remotecache off
This option no longer does anything; it exists for compatibility with old scripts.
3
In non-stop mode, it is moderately rare for a running thread to modify the stack of a stopped thread in
a way that would interfere with a backtrace, and caching of stack reads provides a significant speed up
of remote backtraces.
Chapter 10: Examining Data 127
show remotecache
Show the current state of the obsolete remotecache flag.
set stack-cache on
set stack-cache off
Enable or disable caching of stack accesses. When ON, use caching. By default,
this option is ON.
show stack-cache
Show the current state of data caching for memory accesses.
info dcache [line]
Print the information about the data cache performance. The information
displayed includes the dcache width and depth, and for each cache line, its
number, address, and how many times it was referenced. This command is
useful for debugging the data cache operation.
If a line number is specified, the contents of that line will be printed in hex.
Memory can be searched for a particular sequence of bytes with the find command.
You can use strings as search values. Quote them with double-quotes ("). The string
value is copied into the search pattern byte by byte, regardless of the endianness of the
target and the size specification.
The address of each match found is printed as well as a count of the number of matches
found.
The address of the last value found is stored in convenience variable ‘$_’. A count of the
number of matches is stored in ‘$numfound’.
For example, if stopped at the printf in this function:
void
hello ()
{
static char hello[] = "hello-hello";
static struct { char c; short s; int i; }
__attribute__ ((packed)) mixed
= { ’c’, 0x1234, 0x87654321 };
printf ("%s\n", hello);
}
you get during debugging:
(gdb) find &hello[0], +sizeof(hello), "hello"
0x804956d <hello.1620+6>
1 pattern found
(gdb) find &hello[0], +sizeof(hello), ’h’, ’e’, ’l’, ’l’, ’o’
0x8049567 <hello.1620>
0x804956d <hello.1620+6>
2 patterns found
(gdb) find /b1 &hello[0], +sizeof(hello), ’h’, 0x65, ’l’
0x8049567 <hello.1620>
1 pattern found
(gdb) find &mixed, +sizeof(mixed), (char) ’c’, (short) 0x1234, (int) 0x87654321
0x8049560 <mixed.1625>
1 pattern found
(gdb) print $numfound
$1 = 1
(gdb) print $_
$2 = (void *) 0x8049560
Chapter 11: Debugging Optimized Code 129
Inlining is an optimization that inserts a copy of the function body directly at each
call site, instead of jumping to a shared routine. gdb displays inlined functions just like
non-inlined functions. They appear in backtraces. You can view their arguments and local
variables, step into them with step, skip them with next, and escape from them with
finish. You can check whether a function was inlined by using the info frame command.
For gdb to support inlined functions, the compiler must record information about in-
lining in the debug information — gcc using the dwarf 2 format does this, and sev-
eral other compilers do also. gdb only supports inlined functions when using dwarf 2.
Versions of gcc before 4.1 do not emit two required attributes (‘DW_AT_call_file’ and
‘DW_AT_call_line’); gdb does not display inlined function calls with earlier versions of
gcc. It instead displays the arguments and local variables of inlined functions as local
variables in the caller.
The body of an inlined function is directly included at its call site; unlike a non-inlined
function, there are no instructions devoted to the call. gdb still pretends that the call site
and the start of the inlined function are different instructions. Stepping to the call site
shows the call site, and then stepping again shows the first line of the inlined function, even
though no additional instructions are executed.
This makes source-level debugging much clearer; you can see both the context of the call
and then the effect of the call. Only stepping by a single instruction using stepi or nexti
does not do this; single instruction steps always show the inlined body.
There are some ways that gdb does not pretend that inlined function calls are the same
as normal calls:
130 Debugging with gdb
• You cannot set breakpoints on inlined functions. gdb either reports that there is no
symbol with that name, or else sets the breakpoint only on non-inlined copies of the
function. This limitation will be removed in a future version of gdb; until then, set a
breakpoint by line number on the first line of the inlined function instead.
• Setting breakpoints at the call site of an inlined function may not work, because the
call site does not contain any code. gdb may incorrectly move the breakpoint to the
next line of the enclosing function, after the call. This limitation will be removed in
a future version of gdb; until then, set a breakpoint on an earlier line or inside the
inlined function instead.
• gdb cannot locate the return value of inlined calls after using the finish command.
This is a limitation of compiler-generated debugging information; after finish, you
can step to the next line and print a variable where your program stored the return
value.
Chapter 12: C Preprocessor Macros 131
12 C Preprocessor Macros
Some languages, such as C and C++, provide a way to define and invoke “preprocessor
macros” which expand into strings of tokens. gdb can evaluate expressions containing
macro invocations, show the result of macro expansion, and show a macro’s definition,
including where it was defined.
You may need to compile your program specially to provide gdb with information about
preprocessor macros. Most compilers do not include macros in their debugging information,
even when you compile with the ‘-g’ flag. See hundefinedi [Compilation], page hundefinedi.
A program may define a macro at one point, remove that definition later, and then
provide a different definition after that. Thus, at different points in the program, a macro
may have different definitions, or have no definition at all. If there is a current stack frame,
gdb uses the macros in scope at that frame’s source code line. Otherwise, gdb uses the
macros in scope at the current listing location; see hundefinedi [List], page hundefinedi.
Whenever gdb evaluates an expression, it always expands any macro invocations present
in the expression. gdb also provides the following commands for working with macros
explicitly.
macro expand expression
macro exp expression
Show the results of expanding all preprocessor macro invocations in expression.
Since gdb simply expands macros, but does not parse the result, expression
need not be a valid expression; it can be any string of tokens.
macro expand-once expression
macro exp1 expression
(This command is not yet implemented.) Show the results of expanding those
preprocessor macro invocations that appear explicitly in expression. Macro
invocations appearing in that expansion are left unchanged. This command
allows you to see the effect of a particular macro more clearly, without being
confused by further expansions. Since gdb simply expands macros, but does
not parse the result, expression need not be a valid expression; it can be any
string of tokens.
info macro macro
Show the definition of the macro named macro, and describe the source location
or compiler command-line where that definition was established.
macro define macro replacement-list
macro define macro (arglist ) replacement-list
Introduce a definition for a preprocessor macro named macro, invocations of
which are replaced by the tokens given in replacement-list. The first form of
this command defines an “object-like” macro, which takes no arguments; the
second form defines a “function-like” macro, which takes the arguments given
in arglist.
A definition introduced by this command is in scope in every expression eval-
uated in gdb, until it is removed with the macro undef command, described
below. The definition overrides all definitions for macro present in the program
being debugged, as well as any previous user-supplied definition.
132 Debugging with gdb
#define M 42
#define ADD(x) (M + x)
main ()
{
#define N 28
printf ("Hello, world!\n");
#undef N
printf ("We’re so creative.\n");
#define N 1729
printf ("Goodbye, world!\n");
}
$ cat sample.h
#define Q <
$
Now, we compile the program using the gnu C compiler, gcc. We pass the ‘-gdwarf-2’
and ‘-g3’ flags to ensure the compiler includes information about preprocessor macros in
the debugging information.
$ gcc -gdwarf-2 -g3 sample.c -o sample
$
Now, we start gdb on our sample program:
$ gdb -nw sample
GNU gdb 2002-05-06-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, ...
(gdb)
We can expand macros and examine their definitions, even when the program is not
running. gdb uses the current listing position to decide which macro definitions are in
scope:
(gdb) list main
3
4 #define M 42
5 #define ADD(x) (M + x)
6
7 main ()
8 {
9 #define N 28
10 printf ("Hello, world!\n");
11 #undef N
Chapter 12: C Preprocessor Macros 133
In addition to source files, macros can be defined on the compilation command line using
the ‘-Dname =value ’ syntax. For macros defined in such a way, gdb displays the location
of their definition as line zero of the source file submitted to the compiler.
(gdb) info macro __STDC__
Defined at /home/jimb/gdb/macros/play/sample.c:0
-D__STDC__=1
(gdb)
Chapter 13: Tracepoints 135
13 Tracepoints
In some applications, it is not feasible for the debugger to interrupt the program’s ex-
ecution long enough for the developer to learn anything helpful about its behavior. If the
program’s correctness depends on its real-time behavior, delays introduced by a debugger
might cause the program to change its behavior drastically, or perhaps fail, even when the
code itself is correct. It is useful to be able to observe the program’s behavior without
interrupting it.
Using gdb’s trace and collect commands, you can specify locations in the program,
called tracepoints, and arbitrary expressions to evaluate when those tracepoints are reached.
Later, using the tfind command, you can examine the values those expressions had when
the program hit the tracepoints. The expressions may also denote objects in memory—
structures or arrays, for example—whose values gdb should record; while visiting a partic-
ular tracepoint, you may inspect those objects as if they were in memory at that moment.
However, because gdb records these values without interacting with you, it can do so quickly
and unobtrusively, hopefully not disturbing the program’s behavior.
The tracepoint facility is currently available only for remote targets. See hundefinedi
[Targets], page hundefinedi. In addition, your remote target must know how to collect trace
data. This functionality is implemented in the remote stub; however, none of the stubs
distributed with gdb support tracepoints as of this writing. The format of the remote
packets used to implement tracepoints are described in hundefinedi [Tracepoint Packets],
page hundefinedi.
It is also possible to get trace data from a file, in a manner reminiscent of corefiles; you
specify the filename, and use tfind to search through the file. See hundefinedi [Trace Files],
page hundefinedi, for more details.
This chapter describes the tracepoint commands and features.
Before running such a trace experiment, an arbitrary number of tracepoints can be set.
A tracepoint is actually a special type of breakpoint (see hundefinedi [Set Breaks], page hun-
definedi), so you can manipulate it using standard breakpoint commands. For instance, as
with breakpoints, tracepoint numbers are successive integers starting from one, and many
of the commands associated with tracepoints take the tracepoint number as their argument,
to identify which tracepoint to work on.
For each tracepoint, you can specify, in advance, some arbitrary set of data that you
want the target to collect in the trace buffer when it hits that tracepoint. The collected data
can include registers, local variables, or global data. Later, you can use gdb commands to
examine the values these data had at the time the tracepoint was hit.
Tracepoints do not support every breakpoint feature. Ignore counts on tracepoints have
no effect, and tracepoints cannot run gdb commands when they are hit. Tracepoints may
not be thread-specific either.
Some targets may support fast tracepoints, which are inserted in a different way (such
as with a jump instead of a trap), that is faster but possibly restricted in where they may
be installed.
136 Debugging with gdb
Regular and fast tracepoints are dynamic tracing facilities, meaning that they can be
used to insert tracepoints at (almost) any location in the target. Some targets may also sup-
port controlling static tracepoints from gdb. With static tracing, a set of instrumentation
points, also known as markers, are embedded in the target program, and can be activated
or deactivated by name or address. These are usually placed at locations which facilitate
investigating what the target is actually doing. gdb’s support for static tracing includes
being able to list instrumentation points, and attach them with gdb defined high level tra-
cepoints that expose the whole range of convenience of gdb’s tracepoints support. Namelly,
support for collecting registers values and values of global or local (to the instrumentation
point) variables; tracepoint conditions and trace state variables. The act of installing a gdb
static tracepoint on an instrumentation point, or marker, is referred to as probing a static
tracepoint marker.
gdbserver supports tracepoints on some target systems. See hundefinedi [Tracepoints
support in gdbserver], page hundefinedi.
This section describes commands to set tracepoints and associated conditions and ac-
tions.
trace location
The trace command is very similar to the break command. Its argument
location can be a source line, a function name, or an address in the target
program. See hundefinedi [Specify Location], page hundefinedi. The trace
command defines a tracepoint, which is a point in the target program where
the debugger will briefly stop, collect some data, and then allow the program to
continue. Setting a tracepoint or changing its actions doesn’t take effect until
the next tstart command, and once a trace experiment is running, further
changes will not have any effect until the next trace experiment starts.
Here are some examples of using the trace command:
(gdb) trace foo.c:121 // a source file and line number
the marker id is composed of joining the first two arguments to the trace_mark
call with a slash, which translates to:
(gdb) info static-tracepoint-markers
Cnt Enb ID Address What
1 n ust/bar33 0x0000000000400ddc in main at stexample.c:22
Data: "str %s"
[etc...]
These commands are deprecated; they are equivalent to plain disable and enable.
passcount [n [num ]]
Set the passcount of a tracepoint. The passcount is a way to automatically
stop a trace experiment. If a tracepoint’s passcount is n, then the trace exper-
iment will be automatically stopped on the n’th time that tracepoint is hit. If
the tracepoint number num is not specified, the passcount command sets the
passcount of the most recently defined tracepoint. If no passcount is given, the
trace experiment will run until stopped explicitly by the user.
Examples:
(gdb) passcount 5 2 // Stop on the 5th execution of
// tracepoint 2
The simplest sort of tracepoint collects data every time your program reaches a specified
place. You can also specify a condition for a tracepoint. A condition is just a Boolean
expression in your programming language (see hundefinedi [Expressions], page hundefinedi).
A tracepoint with a condition evaluates the expression each time your program reaches it,
and data collection happens only if the condition is true.
Tracepoint conditions can be specified when a tracepoint is set, by using ‘if’ in the
arguments to the trace command. See hundefinedi [Setting Tracepoints], page hunde-
finedi. They can also be set or changed at any time with the condition command, just as
with breakpoints.
Unlike breakpoint conditions, gdb does not actually evaluate the conditional expression
itself. Instead, gdb encodes the expression into an agent expression (see hundefinedi [Agent
Expressions], page hundefinedi suitable for execution on the target, independently of gdb.
Global variables become raw memory locations, locals become stack accesses, and so forth.
For instance, suppose you have a function that is usually called frequently, but should
not be called after an error has occurred. You could use the following tracepoint command
to collect data about calls of that function that happen while the error code is propagating
through the program; an unconditional tracepoint could end up collecting thousands of
useless trace frames that you would have to search through.
(gdb) trace normal_operation if errcode > 0
A trace state variable is a special type of variable that is created and managed by
target-side code. The syntax is the same as that for GDB’s convenience variables (a string
prefixed with “$”), but they are stored on the target. They must be created explicitly, using
a tvariable command. They are always 64-bit signed integers.
Trace state variables are remembered by gdb, and downloaded to the target along with
tracepoint information when the trace experiment starts. There are no intrinsic limits on
the number of trace state variables, beyond memory limitations of the target.
Although trace state variables are managed by the target, you can use them in print
commands and expressions as if they were convenience variables; gdb will get the current
value from the target while the trace experiment is running. Trace state variables share the
same namespace as other “$” variables, which means that you cannot have trace state vari-
ables with names like $23 or $pc, nor can you have a trace state variable and a convenience
variable with the same name.
tvariable $name [ = expression ]
The tvariable command creates a new trace state variable named $name ,
and optionally gives it an initial value of expression. expression is evaluated
when this command is entered; the result will be converted to an integer if
possible, otherwise gdb will report an error. A subsequent tvariable command
specifying the same name does not create a variable, but instead assigns the
supplied initial value to the existing variable of that name, overwriting any
previous initial value. The default initial value is 0.
140 Debugging with gdb
info tvariables
List all the trace state variables along with their initial values. Their current
values may also be displayed, if the trace experiment is currently running.
delete tvariable [ $name ... ]
Delete the given trace state variables, or all of them if no arguments are speci-
fied.
actions [num ]
This command will prompt for a list of actions to be taken when the tracepoint
is hit. If the tracepoint number num is not specified, this command sets the
actions for the one that was most recently defined (so that you can define a
tracepoint and then say actions without bothering about its number). You
specify the actions themselves on the following lines, one action at a time, and
terminate the actions list with a line containing just end. So far, the only
defined actions are collect, teval, and while-stepping.
actions is actually equivalent to commands (see hundefinedi [Breakpoint Com-
mand Lists], page hundefinedi), except that only the defined actions are allowed;
any other gdb command is rejected.
To remove all actions from a tracepoint, type ‘actions num ’ and follow it im-
mediately with ‘end’.
(gdb) collect data // collect some data
show default-collect
Show the list of expressions that are collected by default at each tracepoint hit.
info static-tracepoint-markers
Display information about all static tracepoint markers defined in the program.
For each marker, the following columns are printed:
Count An incrementing counter, output to help readability. This is not a
stable identifier.
ID The marker ID, as reported by the target.
Enabled or Disabled
Probed markers are tagged with ‘y’. ‘n’ identifies marks that are
not enabled.
Address Where the marker is in your program, as a memory address.
What Where the marker is in the source for your program, as a file and
line number. If the debug information included in the program does
not allow gdb to locate the source of the marker, this column will
be left blank.
In addition, the following information may be printed for each marker:
Data User data passed to the tracing library by the marker call. In the
UST backend, this is the format string passed as argument to the
marker call.
Chapter 13: Tracepoints 143
tstart This command takes no arguments. It starts the trace experiment, and begins
collecting data. This has the side effect of discarding all the data collected in
the trace buffer during the previous trace experiment.
tstop This command takes no arguments. It ends the trace experiment, and stops
collecting data.
Note: a trace experiment and data collection may stop automatically if any
tracepoint’s passcount is reached (see hundefinedi [Tracepoint Passcounts],
page hundefinedi), or if the trace buffer becomes full.
tstatus This command displays the status of the current trace data collection.
Here is an example of the commands we described so far:
(gdb) trace gdb c test
(gdb) actions
Enter actions for tracepoint #1, one per line.
> collect $regs,$locals,$args
> while-stepping 11
> collect $regs
> end
> end
(gdb) tstart
[time passes ...]
(gdb) tstop
You can choose to continue running the trace experiment even if gdb disconnects from
the target, voluntarily or involuntarily. For commands such as detach, the debugger will
ask what you want to do with the trace. But for unexpected terminations (gdb crash,
network outage), it would be unfortunate to lose hard-won trace data, so the variable
disconnected-tracing lets you decide whether the trace should continue running without
gdb.
set disconnected-tracing on
set disconnected-tracing off
Choose whether a tracing run should continue to run if gdb has disconnected
from the target. Note that detach or quit will ask you directly what to do
about a running trace no matter what this variable’s setting, so the variable is
mainly useful for handling unexpected situations, such as loss of the network.
show disconnected-tracing
Show the current choice for disconnected tracing.
144 Debugging with gdb
When you reconnect to the target, the trace experiment may or may not still be running;
it might have filled the trace buffer in the meantime, or stopped for one of the other reasons.
If it is running, it will continue after reconnection.
Upon reconnection, the target will upload information about the tracepoints in effect.
gdb will then compare that information to the set of tracepoints currently defined, and
attempt to match them up, allowing for the possibility that the numbers may have changed
due to creation and deletion in the meantime. If one of the target’s tracepoints does not
match any in gdb, the debugger will create a new tracepoint, so that you have a number
with which to specify that tracepoint. This matching-up process is necessarily heuristic,
and it may result in useless tracepoints being created; you may simply delete them if they
are of no use.
If your target agent supports a circular trace buffer, then you can run a trace experiment
indefinitely without filling the trace buffer; when space runs out, the agent deletes already-
collected trace frames, oldest first, until there is enough room to continue collecting. This
is especially useful if your tracepoints are being hit too often, and your trace gets termi-
nated prematurely because the buffer is full. To ask for a circular trace buffer, simply set
‘circular_trace_buffer’ to on. You can set this at any time, including during tracing;
if the agent can do it, it will change buffer handling on the fly, otherwise it will not take
effect until the next run.
set circular-trace-buffer on
set circular-trace-buffer off
Choose whether a tracing run should use a linear or circular buffer for trace
data. A linear buffer will not lose any trace data, but may fill up prematurely,
while a circular buffer will discard old trace data, but it will have always room
for the latest tracepoint hits.
show circular-trace-buffer
Show the current choice for the trace buffer. Note that this may not match the
agent’s current buffer handling, nor is it guaranteed to match the setting that
might have been in effect during a past run, for instance if you are looking at
frames from a trace file.
There are a number of restrictions on the use of tracepoints. As described above, tra-
cepoint data gathering occurs on the target without interaction from gdb. Thus the full
capabilities of the debugger are not available during data gathering, and then at data ex-
amination time, you will be limited by only having what was collected. The following items
describe some common problems, but it is not exhaustive, and you may run into additional
difficulties not mentioned here.
• Tracepoint expressions are intended to gather objects (lvalues). Thus the full flexibility
of GDB’s expression evaluator is not available. You cannot call functions, cast objects
to aggregate types, access convenience variables or modify values (except by assignment
to trace state variables). Some language features may implicitly call functions (for
instance Objective-C fields with accessors), and therefore cannot be collected either.
Chapter 13: Tracepoints 145
After the tracepoint experiment ends, you use gdb commands for examining the trace
data. The basic idea is that each tracepoint collects a trace snapshot every time it is hit and
another snapshot every time it single-steps. All these snapshots are consecutively numbered
from zero and go into a buffer, and you can examine them later. The way you examine
them is to focus on a specific trace snapshot. When the remote stub is focused on a trace
snapshot, it will respond to all gdb requests for memory and registers by reading from the
buffer which belongs to that snapshot, rather than from real memory or registers of the
program being debugged. This means that all gdb commands (print, info registers,
backtrace, etc.) will behave as if we were currently debugging the program state as it was
when the tracepoint occurred. Any requests for data that are not in the buffer will fail.
146 Debugging with gdb
13.2.1 tfind n
The basic command for selecting a trace snapshot from the buffer is tfind n , which
finds trace snapshot number n, counting from zero. If no argument n is given, the next
snapshot is selected.
Here are the various forms of using the tfind command.
tfind start
Find the first snapshot in the buffer. This is a synonym for tfind 0 (since 0 is
the number of the first snapshot).
tfind none
Stop debugging trace snapshots, resume live debugging.
tfind end Same as ‘tfind none’.
tfind No argument means find the next trace snapshot.
tfind - Find the previous trace snapshot before the current one. This permits retracing
earlier steps.
tfind tracepoint num
Find the next snapshot associated with tracepoint num. Search proceeds for-
ward from the last examined trace snapshot. If no argument num is given, it
means find the next snapshot collected for the same tracepoint as the current
snapshot.
tfind pc addr
Find the next snapshot associated with the value addr of the program counter.
Search proceeds forward from the last examined trace snapshot. If no argument
addr is given, it means find the next snapshot with the same value of PC as
the current snapshot.
tfind outside addr1, addr2
Find the next snapshot whose PC is outside the given range of addresses (ex-
clusive).
tfind range addr1, addr2
Find the next snapshot whose PC is between addr1 and addr2 (inclusive).
tfind line [file :]n
Find the next snapshot associated with the source line n. If the optional argu-
ment file is given, refer to line n in that source file. Search proceeds forward
from the last examined trace snapshot. If no argument n is given, it means find
the next line other than the one currently being examined; thus saying tfind
line repeatedly can appear to have the same effect as stepping from line to
line in a live debugging session.
The default arguments for the tfind commands are specifically designed to make it easy
to scan through the trace buffer. For instance, tfind with no argument selects the next
trace snapshot, and tfind - with no argument selects the previous trace snapshot. So, by
giving one tfind command, and then simply hitting hRETi repeatedly you can examine all
the trace snapshots in order. Or, by saying tfind - and then hitting hRETi repeatedly you
Chapter 13: Tracepoints 147
can examine the snapshots in reverse order. The tfind line command with no argument
selects the snapshot for the next source line executed. The tfind pc command with no
argument selects the next snapshot with the same program counter (PC) as the current
frame. The tfind tracepoint command with no argument selects the next trace snapshot
collected by the same tracepoint as the current one.
In addition to letting you scan through the trace buffer manually, these commands make
it easy to construct gdb scripts that scan through the trace buffer and print out whatever
collected data you are interested in. Thus, if we want to examine the PC, FP, and SP
registers from each trace frame in the buffer, we can say this:
(gdb) tfind start
(gdb) while ($trace frame != -1)
> printf "Frame %d, PC = %08X, SP = %08X, FP = %08X\n", \
$trace_frame, $pc, $sp, $fp
> tfind
> end
Frame 0, X = 1
Frame 7, X = 2
Frame 13, X = 255
13.2.2 tdump
This command takes no arguments. It prints all the data collected at the current trace
snapshot.
(gdb) trace 444
(gdb) actions
Enter actions for tracepoint #2, one per line:
> collect $regs, $locals, $args, gdb_long_test
> end
(gdb) tstart
444 printp( "%s: arguments = 0x%X 0x%X 0x%X 0x%X 0x%X 0x%X\n", )
(gdb) tdump
Data collected at tracepoint 2, trace frame 1:
d0 0xc4aa0085 -995491707
d1 0x18 24
d2 0x80 128
d3 0x33 51
d4 0x71aea3d 119204413
d5 0x22 34
d6 0xe0 224
d7 0x380035 3670069
a0 0x19e24a 1696330
a1 0x3000668 50333288
a2 0x100 256
a3 0x322000 3284992
a4 0x3000698 50333336
a5 0x1ad3cc 1758156
fp 0x30bf3c 0x30bf3c
sp 0x30bf34 0x30bf34
ps 0x0 0
pc 0x20b2c8 0x20b2c8
fpcontrol 0x0 0
fpstatus 0x0 0
fpiaddr 0x0 0
p = 0x20e5b4 "gdb-test"
p1 = (void *) 0x11
p2 = (void *) 0x22
p3 = (void *) 0x33
p4 = (void *) 0x44
p5 = (void *) 0x55
p6 = (void *) 0x66
gdb_long_test = 17 ’\021’
(gdb)
tdump works by scanning the tracepoint’s current collection actions and printing the
value of each expression listed. So tdump can fail, if after a run, you change the tracepoint’s
actions to mention variables that were not collected during the run.
Also, for tracepoints with while-stepping loops, tdump uses the collected value of $pc
to distinguish between trace frames that were collected at the tracepoint hit, and frames
that were collected while stepping. This allows it to correctly choose whether to display
the basic list of collections, or the collections from the body of the while-stepping loop.
However, if $pc was not collected, then tdump will always attempt to dump using the basic
collection list, and may fail if a while-stepping frame does not include all the same data
that is collected at the tracepoint hit.
This command saves all current tracepoint definitions together with their actions and
passcounts, into a file ‘filename ’ suitable for use in a later debugging session. To read
the saved tracepoint definitions, use the source command (see hundefinedi [Command
Files], page hundefinedi). The save-tracepoints command is a deprecated alias for
save tracepoints
Chapter 13: Tracepoints 149
Suppose you have a computer whose instruction address space is only 64 kilobytes long,
but which has much more memory which can be accessed by other means: special instruc-
tions, segment registers, or memory management hardware, for example. Suppose further
that you want to adapt a program which is larger than 64 kilobytes to run on this system.
One solution is to identify modules of your program which are relatively independent,
and need not call each other directly; call these modules overlays. Separate the overlays
from the main program, and place their machine code in the larger memory. Place your
main program in instruction memory, but leave at least enough space there to hold the
largest overlay as well.
Now, to call a function located in an overlay, you must first copy that overlay’s machine
code from the large memory into the space set aside for it in the instruction memory, and
then jump to its entry point there.
Data Instruction Larger
Address Space Address Space Address Space
+-----------+ +-----------+ +-----------+
| | | | | |
+-----------+ +-----------+ +-----------+<-- overlay 1
| program | | main | .----| overlay 1 | load address
| variables | | program | | +-----------+
| and heap | | | | | |
+-----------+ | | | +-----------+<-- overlay 2
| | +-----------+ | | | load address
+-----------+ | | | .-| overlay 2 |
| | | | | |
mapped --->+-----------+ | | +-----------+
address | | | | | |
| overlay | <-’ | | |
| area | <---’ +-----------+<-- overlay 3
| | <---. | | load address
+-----------+ ‘--| overlay 3 |
| | | |
+-----------+ | |
+-----------+
| |
+-----------+
A code overlay
The diagram (see hundefinedi [A code overlay], page hundefinedi) shows a system with
separate data and instruction address spaces. To map an overlay, the program copies its
code from the larger address space to the instruction address space. Since the overlays
shown here all use the same mapped address, only one may be mapped at a time. For a
system with a single address space for data and instructions, the diagram would be similar,
152 Debugging with gdb
except that the program variables and heap would share an address space with the main
program and the overlay area.
An overlay loaded into instruction memory and ready for use is called a mapped overlay;
its mapped address is its address in the instruction memory. An overlay not present (or only
partially present) in instruction memory is called unmapped; its load address is its address
in the larger memory. The mapped address is also called the virtual memory address, or
VMA; the load address is also called the load memory address, or LMA.
Unfortunately, overlays are not a completely transparent way to adapt a program to
limited instruction memory. They introduce a new set of global constraints you must keep
in mind as you design your program:
• Before calling or returning to a function in an overlay, your program must make sure
that overlay is actually mapped. Otherwise, the call or return will transfer control to
the right address, but in the wrong overlay, and your program will probably crash.
• If the process of mapping an overlay is expensive on your system, you will need to
choose your overlays carefully to minimize their effect on your program’s performance.
• The executable file you load onto your system must contain each overlay’s instruc-
tions, appearing at the overlay’s load address, not its mapped address. However, each
overlay’s instructions must be relocated and its symbols defined as if the overlay were
at its mapped address. You can use GNU linker scripts to specify different load and
relocation addresses for pieces of your program; see section “Overlay Description” in
Using ld: the GNU linker.
• The procedure for loading executable files onto your system must be able to load their
contents into the larger address space as well as the instruction and data spaces.
The overlay system described above is rather simple, and could be improved in many
ways:
• If your system has suitable bank switch registers or memory management hardware,
you could use those facilities to make an overlay’s load area contents simply appear at
their mapped address in instruction space. This would probably be faster than copying
the overlay to its mapped area in the usual way.
• If your overlays are small enough, you could set aside more than one overlay area, and
have more than one overlay mapped at a time.
• You can use overlays to manage data, as well as instructions. In general, data overlays
are even less transparent to your design than code overlays: whereas code overlays only
require care when you call or return to functions, data overlays require care every time
you access the data. Also, if you change the contents of a data overlay, you must copy
its contents back out to its load address before you can copy a different data overlay
into the same mapped area.
To use gdb’s overlay support, each overlay in your program must correspond to a sepa-
rate section of the executable file. The section’s virtual memory address and load memory
address must be the overlay’s mapped and load addresses. Identifying overlays with sections
Chapter 14: Debugging Programs That Use Overlays 153
When overlay debugging is enabled, gdb recognizes code in unmapped overlays, and prints
the names of unmapped functions with asterisks around them. For example, if foo is a
function in an unmapped overlay, gdb prints it this way:
(gdb) overlay list
No sections are mapped.
(gdb) print foo
$5 = {int (int)} 0x100000 <*foo*>
When foo’s overlay is mapped, gdb prints the function’s name normally:
(gdb) overlay list
Section .ov.foo.text, loaded at 0x100000 - 0x100034,
mapped at 0x1016 - 0x104a
(gdb) print foo
$6 = {int (int)} 0x1016 <foo>
When overlay debugging is enabled, gdb can find the correct address for functions and
variables in an overlay, whether or not the overlay is mapped. This allows most gdb com-
mands, like break and disassemble, to work normally, even on unmapped code. However,
gdb’s breakpoint support has some limitations:
• You can set breakpoints in functions in unmapped overlays, as long as gdb can write
to the overlay at its load address.
• gdb can not set hardware or simulator-based breakpoints in unmapped overlays. How-
ever, if you set a breakpoint at the end of your overlay manager (and tell gdb which
overlays are now mapped, if you are using manual overlay management), gdb will re-set
its breakpoints properly.
gdb can automatically track which overlays are mapped and which are not, given some
simple co-operation from the overlay manager in the inferior. If you enable automatic
overlay debugging with the overlay auto command (see hundefinedi [Overlay Commands],
page hundefinedi), gdb looks in the inferior’s memory for certain variables describing the
current state of the overlays.
Here are the variables your overlay manager must define to support gdb’s automatic
overlay debugging:
_ovly_table:
This variable must be an array of the following structures:
struct
{
/* The overlay’s mapped address. */
unsigned long vma;
_novlys: This variable must be a four-byte signed integer, holding the total number of
elements in _ovly_table.
To decide whether a particular overlay is mapped or not, gdb looks for an entry in
_ovly_table whose vma and lma members equal the VMA and LMA of the overlay’s section
in the executable file. When gdb finds a matching entry, it consults the entry’s mapped
member to determine whether the overlay is currently mapped.
In addition, your overlay manager may define a function called _ovly_debug_event. If
this function is defined, gdb will silently set a breakpoint there. If the overlay manager
then calls this function whenever it has changed the overlay table, this will enable gdb to
accurately keep track of which overlays are in program memory, and update any breakpoints
that may be set in overlays. This will allow breakpoints to work even if the overlays are
kept in ROM or other non-writable memory while they are not being executed.
When linking a program which uses overlays, you must place the overlays at their load
addresses, while relocating them to run at their mapped addresses. To do this, you must
write a linker script (see section “Overlay Description” in Using ld: the GNU linker). Un-
fortunately, since linker scripts are specific to a particular host system, target architecture,
and target memory layout, this manual cannot provide portable sample code demonstrating
gdb’s overlay support.
However, the gdb source distribution does contain an overlaid program, with linker
scripts for a few systems, as part of its test suite. The program consists of the following
files from ‘gdb/testsuite/gdb.base’:
‘overlays.c’
The main program file.
‘ovlymgr.c’
A simple overlay manager, used by ‘overlays.c’.
‘foo.c’
‘bar.c’
‘baz.c’
‘grbx.c’ Overlay modules, loaded and used by ‘overlays.c’.
‘d10v.ld’
‘m32r.ld’ Linker scripts for linking the test program on the d10v-elf and m32r-elf
targets.
You can build the test program using the d10v-elf GCC cross-compiler like this:
$ d10v-elf-gcc -g -c overlays.c
$ d10v-elf-gcc -g -c ovlymgr.c
$ d10v-elf-gcc -g -c foo.c
$ d10v-elf-gcc -g -c bar.c
$ d10v-elf-gcc -g -c baz.c
$ d10v-elf-gcc -g -c grbx.c
$ d10v-elf-gcc -g overlays.o ovlymgr.o foo.o bar.o \
156 Debugging with gdb
Although programming languages generally have common aspects, they are rarely ex-
pressed in the same manner. For instance, in ANSI C, dereferencing a pointer p is accom-
plished by *p, but in Modula-2, it is accomplished by p^. Values can also be represented
(and displayed) differently. Hex numbers in C appear as ‘0x1ae’, while in Modula-2 they
appear as ‘1AEH’.
Language-specific information is built into gdb for some languages, allowing you to
express operations like the above in your program’s native language, and allowing gdb to
output values in a manner consistent with the syntax of your program’s native language.
The language you use to build expressions is called the working language.
There are two ways to control the working language—either have gdb set it automat-
ically, or select it manually yourself. You can use the set language command for either
purpose. On startup, gdb defaults to setting the language automatically. The working
language is used to determine how expressions you type are interpreted, how values are
printed, etc.
In addition to the working language, every source file that gdb knows about has its
own working language. For some object file formats, the compiler might indicate which
language a particular source file is in. However, most of the time gdb infers the language
from the name of the file. The language of a source file controls whether C++ names are
demangled—this way backtrace can show each frame appropriately for its own language.
There is no way to set the language of a source file from within gdb, but you can set the
language associated with a filename extension. See hundefinedi [Displaying the Language],
page hundefinedi.
This is most commonly a problem when you use a program, such as cfront or f2c, that
generates C but is written in another language. In that case, make the program use #line
directives in its C output; that way gdb will know the correct language of the source code
of the original program, and will display that source code, not the generated C code.
If a source file name ends in one of the following extensions, then gdb infers that its
language is the one indicated.
‘.ada’
‘.ads’
‘.adb’
‘.a’ Ada source file.
‘.C’
‘.cc’
‘.cp’
‘.cpp’
‘.cxx’
‘.c++’ C++ source file
‘.d’ D source file
‘.m’ Objective-C source file
‘.f’
‘.F’ Fortran source file
‘.mod’ Modula-2 source file
‘.s’
‘.S’ Assembler source file. This actually behaves almost like C, but gdb does not
skip over function prologues when stepping.
In addition, you may set the language associated with a filename extension. See hunde-
finedi [Displaying the Language], page hundefinedi.
If you allow gdb to set the language automatically, expressions are interpreted the same
way in your debugging session and your program.
If you wish, you may set the language manually. To do this, issue the command ‘set
language lang ’, where lang is the name of a language, such as c or modula-2. For a list
of the supported languages, type ‘set language’.
Setting the language manually prevents gdb from updating the working language au-
tomatically. This can lead to confusion if you try to debug a program when the working
language is not the same as the source language, when an expression is acceptable to both
languages—but means different things. For instance, if the current source file were written
in C, and gdb was parsing Modula-2, a command such as:
print a = b + c
might not have the effect you intended. In C, this means to add b and c and place the
result in a. The result printed would be the value of a. In Modula-2, this means to compare
a to the result of b+c, yielding a BOOLEAN value.
To have gdb set the working language automatically, use ‘set language local’ or ‘set
language auto’. gdb then infers the working language. That is, when your program stops
in a frame (usually by encountering a breakpoint), gdb sets the working language to the
language recorded for the function in that frame. If the language for a frame is unknown
(that is, if the function or block corresponding to the frame was defined in a source file that
does not have a recognized extension), the current working language is not changed, and
gdb issues a warning.
Chapter 15: Using gdb with Different Languages 159
This may not seem necessary for most programs, which are written entirely in one source
language. However, program modules and libraries written in one source language can be
used by a main program written in a different source language. Using ‘set language auto’
in this case frees you from having to set the working language manually.
The following commands help you find out which language is the working language, and
also what language source files were written in.
show language
Display the current working language. This is the language you can use with
commands such as print to build and compute expressions that may involve
variables in your program.
info frame
Display the source language for this frame. This language becomes the working
language if you use an identifier from this frame. See hundefinedi [Information
about a Frame], page hundefinedi, to identify the other information listed here.
info source
Display the source language of this source file. See hundefinedi [Examining the
Symbol Table], page hundefinedi, to identify the other information listed here.
In unusual circumstances, you may have source files with extensions not in the standard
list. You can then set the extension associated with a language explicitly:
set extension-language ext language
Tell gdb that source files with extension ext are to be assumed as written in
the source language language.
info extensions
List all the filename extensions and the associated languages.
Warning: In this release, the gdb commands for type and range checking are
included, but they do not yet have any effect. This section documents the
intended facilities.
Some languages are designed to guard you against making seemingly common errors
through a series of compile- and run-time checks. These include checking the type of
arguments to functions and operators, and making sure mathematical overflows are caught
at run time. Checks such as these help to ensure a program’s correctness once it has been
compiled by eliminating type mismatches, and providing active checks for range errors when
your program is running.
gdb can check for conditions like the above if you wish. Although gdb does not check the
statements in your program, it can check expressions entered directly into gdb for evaluation
via the print command, for example. As with the working language, gdb can also decide
160 Debugging with gdb
whether or not to check automatically based on your program’s source language. See hun-
definedi [Supported Languages], page hundefinedi, for the default settings of supported
languages.
Some languages, such as Modula-2, are strongly typed, meaning that the arguments to
operators and functions have to be of the correct type, otherwise an error occurs. These
checks prevent type mismatch errors from ever causing any run-time problems. For example,
1 + 2 ⇒ 3
but
error 1 + 2.3
The second example fails because the CARDINAL 1 is not type-compatible with the REAL
2.3.
For the expressions you use in gdb commands, you can tell the gdb type checker to
skip checking; to treat any mismatches as errors and abandon the expression; or to only
issue warnings when type mismatches occur, but evaluate the expression anyway. When
you choose the last of these, gdb evaluates expressions like the second example above, but
also issues a warning.
Even if you turn type checking off, there may be other reasons related to type that
prevent gdb from evaluating an expression. For instance, gdb does not know how to add
an int and a struct foo. These particular type errors have nothing to do with the language
in use, and usually arise from expressions, such as the one described above, which make
little sense to evaluate anyway.
Each language defines to what degree it is strict about type. For instance, both Modula-
2 and C require the arguments to arithmetical operators to be numbers. In C, enumerated
types and pointers can be represented as numbers, so that they are valid arguments to
mathematical operators. See hundefinedi [Supported Languages], page hundefinedi, for
further details on specific languages.
gdb provides some additional commands for controlling the type checker:
set check type auto
Set type checking on or off based on the current working language. See hun-
definedi [Supported Languages], page hundefinedi, for the default settings for
each language.
set check type on
set check type off
Set type checking on or off, overriding the default setting for the current working
language. Issue a warning if the setting does not match the language default.
If any type mismatches occur in evaluating an expression while type checking
is on, gdb prints a message and aborts evaluation of the expression.
set check type warn
Cause the type checker to issue warnings, but to always attempt to evaluate the
expression. Evaluating the expression may still be impossible for other reasons.
For example, gdb cannot add numbers and structures.
Chapter 15: Using gdb with Different Languages 161
show type Show the current setting of the type checker, and whether or not gdb is setting
it automatically.
This, too, is specific to individual languages, and in some cases specific to individual com-
pilers or machines. See hundefinedi [Supported Languages], page hundefinedi, for further
details on specific languages.
gdb provides some additional commands for controlling the range checker:
show range
Show the current setting of the range checker, and whether or not it is being
set automatically by gdb.
162 Debugging with gdb
Since C and C++ are so closely related, many features of gdb apply to both languages.
Whenever this is the case, we discuss those languages together.
The C++ debugging facilities are jointly implemented by the C++ compiler and gdb.
Therefore, to debug your C++ code effectively, you must compile your C++ programs with
a supported C++ compiler, such as gnu g++, or the HP ANSI C++ compiler (aCC).
For best results when using gnu C++, use the DWARF 2 debugging format; if it doesn’t
work on your system, try the stabs+ debugging format. You can select those formats
explicitly with the g++ command-line options ‘-gdwarf-2’ and ‘-gstabs+’. See section
“Options for Debugging Your Program or GCC” in Using the gnu Compiler Collection
(GCC).
gdb allows you to express the constants of C and C++ in the following ways:
• Integer constants are a sequence of digits. Octal constants are specified by a leading
‘0’ (i.e. zero), and hexadecimal constants by a leading ‘0x’ or ‘0X’. Constants may also
end with a letter ‘l’, specifying that the constant should be treated as a long value.
• Floating point constants are a sequence of digits, followed by a decimal point, followed
by a sequence of digits, and optionally followed by an exponent. An exponent is of
the form: ‘e[[+]|-]nnn ’, where nnn is another sequence of digits. The ‘+’ is optional
for positive exponents. A floating-point constant may also end with a letter ‘f’ or ‘F’,
specifying that the constant should be treated as being of the float (as opposed to the
default double) type; or with a letter ‘l’ or ‘L’, which specifies a long double constant.
• Enumerated constants consist of enumerated identifiers, or their integral equivalents.
• Character constants are a single character surrounded by single quotes (’), or a
number—the ordinal value of the corresponding character (usually its ascii value).
Within quotes, the single character may be represented by a letter or by escape
sequences, which are of the form ‘\nnn ’, where nnn is the octal representation of
the character’s ordinal value; or of the form ‘\x ’, where ‘x ’ is a predefined special
character—for example, ‘\n’ for newline.
• String constants are a sequence of character constants surrounded by double quotes (").
Any valid character constant (as described above) may appear. Double quotes within
the string must be preceded by a backslash, so for instance ‘"a\"b’c"’ is a string of
five characters.
• Pointer constants are an integral value. You can also write pointers to constants using
the C operator ‘&’.
• Array constants are comma-separated lists surrounded by braces ‘{’ and ‘}’; for ex-
ample, ‘{1,2,3}’ is a three-element array of integers, ‘{{1,2}, {3,4}, {5,6}}’ is a
three-by-two array, and ‘{&"hi", &"there", &"fred"}’ is a three-element array of
pointers.
code that is compiled with gcc 2.95.3 or with gcc 3.1 or newer, using the
options ‘-gdwarf-2’ or ‘-gstabs+’. DWARF 2 is preferred over stabs+. Most
configurations of gcc emit either DWARF 2 or stabs+ as their default debug
format, so you usually don’t need to specify a debug format explicitly. Other
compilers and/or debug formats are likely to work badly or not at all when
using gdb to debug C++ code.
1. Member function calls are allowed; you can use expressions like
count = aml->GetOriginal(x, y)
2. While a member function is active (in the selected stack frame), your expressions have
the same namespace available as the member function; that is, gdb allows implicit
references to the class instance pointer this following the same rules as C++.
3. You can call overloaded functions; gdb resolves the function call to the right definition,
with some restrictions. gdb does not perform overload resolution involving user-defined
type conversions, calls to constructors, or instantiations of templates that do not exist
in the program. It also cannot handle ellipsis argument lists or default arguments.
It does perform integral conversions and promotions, floating-point promotions, arith-
metic conversions, pointer conversions, conversions of class objects to base classes, and
standard conversions such as those of functions or arrays to pointers; it requires an
exact match on the number of function arguments.
Overload resolution is always performed, unless you have specified set overload-
resolution off. See hundefinedi [gdb Features for C++], page hundefinedi.
You must specify set overload-resolution off in order to use an explicit function
signature to call an overloaded function, as in
p ’foo(char,int)’(’x’, 13)
The gdb command-completion facility can simplify this; see hundefinedi [Command
Completion], page hundefinedi.
4. gdb understands variables declared as C++ references; you can use them in expressions
just as you do in C++ source—they are automatically dereferenced.
In the parameter list shown when gdb displays a frame, the values of reference variables
are not displayed (unlike other variables); this avoids clutter, since references are often
used for large structures. The address of a reference variable is always shown, unless
you have specified ‘set print address off’.
5. gdb supports the C++ name resolution operator ::—your expressions can use it just as
expressions in your program do. Since one scope may be defined in another, you can use
:: repeatedly if necessary, for example in an expression like ‘scope1 ::scope2 ::name ’.
gdb also allows resolving name scope by reference to source files, in both C and C++
debugging (see hundefinedi [Program Variables], page hundefinedi).
In addition, when used with HP’s C++ compiler, gdb supports calling virtual functions
correctly, printing out virtual bases of objects, calling functions in a base subobject, casting
objects, and invoking user-defined operators.
166 Debugging with gdb
If you allow gdb to set type and range checking automatically, they both default to off
whenever the working language changes to C or C++. This happens regardless of whether
you or gdb selects the working language.
If you allow gdb to set the language automatically, it recognizes source files whose names
end with ‘.c’, ‘.C’, or ‘.cc’, etc, and when gdb enters code compiled from one of these files,
it sets the working language to C or C++. See hundefinedi [Having gdb Infer the Source
Language], page hundefinedi, for further details.
By default, when gdb parses C or C++ expressions, type checking is not used. However,
if you turn type checking on, gdb considers two variables type equivalent if:
• The two variables are structured and have the same structure, union, or enumerated
tag.
• The two variables have the same type name, or types that have been declared equivalent
through typedef.
Range checking, if turned on, is done on mathematical operations. Array indices are not
checked, since they are often used to index a pointer that is not itself an array.
The set print union and show print union commands apply to the union type. When
set to ‘on’, any union that is inside a struct or class is also printed. Otherwise, it appears
as ‘{...}’.
The @ operator aids in the debugging of dynamic arrays, formed with pointers and a
memory allocation function. See hundefinedi [Expressions], page hundefinedi.
Some gdb commands are particularly useful with C++, and some are designed specifically
for use with C++. Here is a summary:
breakpoint menus
When you want a breakpoint in a function whose name is overloaded, gdb
has the capability to display a menu of possible breakpoint locations to help
you specify which function definition you want. See hundefinedi [Ambiguous
Expressions], page hundefinedi.
rbreak regex
Setting breakpoints using regular expressions is helpful for setting breakpoints
on overloaded functions that are not members of any special classes. See hun-
definedi [Setting Breakpoints], page hundefinedi.
Chapter 15: Using gdb with Different Languages 167
catch throw
catch catch
Debug C++ exception handling using these commands. See hundefinedi [Setting
Catchpoints], page hundefinedi.
ptype typename
Print inheritance relationships as well as other information for type typename.
See hundefinedi [Examining the Symbol Table], page hundefinedi.
set print demangle
show print demangle
set print asm-demangle
show print asm-demangle
Control whether C++ symbols display in their source form, both when displaying
code as C++ source and when displaying disassemblies. See hundefinedi [Print
Settings], page hundefinedi.
set print object
show print object
Choose whether to print derived (actual) or declared types of objects. See
hundefinedi [Print Settings], page hundefinedi.
set print vtbl
show print vtbl
Control the format for printing virtual function tables. See hundefinedi [Print
Settings], page hundefinedi. (The vtbl commands do not work on programs
compiled with the HP ANSI C++ compiler (aCC).)
set overload-resolution on
Enable overload resolution for C++ expression evaluation. The default is on. For
overloaded functions, gdb evaluates the arguments and searches for a function
whose signature matches the argument types, using the standard C++ conver-
sion rules (see hundefinedi [C++ Expressions], page hundefinedi, for details). If
it cannot find a match, it emits a message.
set overload-resolution off
Disable overload resolution for C++ expression evaluation. For overloaded func-
tions that are not class member functions, gdb chooses the first function of
the specified name that it finds in the symbol table, whether or not its argu-
ments are of the correct type. For overloaded functions that are class member
functions, gdb searches for a function whose signature exactly matches the
argument types.
show overload-resolution
Show the current setting of overload resolution.
Overloaded symbol names
You can specify a particular definition of an overloaded symbol, using the same
notation that is used to declare such symbols in C++: type symbol (types )
rather than just symbol. You can also use the gdb command-line word com-
pletion facilities to list the available choices, or to finish the type list for you.
168 Debugging with gdb
gdb can examine, set and perform computations with numbers in decimal floating
point format, which in the C language correspond to the _Decimal32, _Decimal64 and
_Decimal128 types as specified by the extension to support decimal floating-point arith-
metic.
There are two encodings in use, depending on the architecture: BID (Binary Integer
Decimal) for x86 and x86-64, and DPD (Densely Packed Decimal) for PowerPC. gdb will
use the appropriate encoding for the configured target.
Because of a limitation in ‘libdecnumber’, the library used by gdb to manipulate decimal
floating point numbers, it is not possible to convert (using a cast, for example) integers wider
than 32-bit to decimal float.
In addition, in order to imitate gdb’s behaviour with binary floating point computations,
error checking in decimal float operations ignores underflow, overflow and divide by zero
exceptions.
In the PowerPC architecture, gdb provides a set of pseudo-registers to inspect
_Decimal128 values stored in floating point registers. See hundefinedi [PowerPC],
page hundefinedi for more details.
15.4.2 D
gdb can be used to debug programs written in D and compiled with GDC, LDC or
DMD compilers. Currently gdb supports only one D specific feature — dynamic arrays.
15.4.3 Objective-C
This section provides information about some commands and command options that
are useful for debugging Objective-C code. See also hundefinedi [Symbols], page hunde-
finedi, and hundefinedi [Symbols], page hundefinedi, for a few more commands specific to
Objective-C support.
The following commands have been extended to accept Objective-C method names as
line specifications:
clear
break
info line
jump
list
A fully qualified Objective-C method name is specified as
Chapter 15: Using gdb with Different Languages 169
-[Class methodName ]
where the minus sign is used to indicate an instance method and a plus sign (not shown)
is used to indicate a class method. The class name Class and method name methodName
are enclosed in brackets, similar to the way messages are specified in Objective-C source
code. For example, to set a breakpoint at the create instance method of class Fruit in
the program currently being debugged, enter:
break -[Fruit create]
To list ten program lines around the initialize class method, enter:
list +[NSText initialize]
In the current version of gdb, the plus or minus sign is required. In future versions of
gdb, the plus or minus sign will be optional, but you can use it to narrow the search. It is
also possible to specify just a method name:
break create
You must specify the complete method name, including any colons. If your program’s
source files contain more than one create method, you’ll be presented with a numbered
list of classes that implement that method. Indicate your choice by number, or type ‘0’ to
exit if none apply.
As another example, to clear a breakpoint established at the makeKeyAndOrderFront:
method of the NSWindow class, enter:
clear -[NSWindow makeKeyAndOrderFront:]
The print command has also been extended to accept methods. For example:
print -[object hash]
will tell gdb to send the hash message to object and print the result. Also, an additional
command has been added, print-object or po for short, which is meant to print the
description of an object. However, this command may only work with certain Objective-C
libraries that have a particular hook function, _NSPrintForDebugger, defined.
15.4.4 OpenCL C
gdb supports the builtin scalar and vector datatypes specified by OpenCL 1.1. In
addition the half- and double-precision floating point data types of the cl_khr_fp16 and
cl_khr_fp64 OpenCL extensions are also known to gdb.
gdb supports accesses to vector components including the access as lvalue where possible.
Since OpenCL C is based on C99 most C expressions supported by gdb can be used as
well.
170 Debugging with gdb
gdb supports the operators specified by OpenCL 1.1 for scalar and vector data types.
15.4.5 Fortran
gdb can be used to debug programs written in Fortran, but it currently supports only
the features of Fortran 77 language.
Some Fortran compilers (gnu Fortran 77 and Fortran 95 compilers among them) append
an underscore to the names of variables and functions. When you debug programs com-
piled by those compilers, you will need to refer to variables and functions with a trailing
underscore.
gdb has some commands to support Fortran-specific features, such as displaying common
blocks.
15.4.6 Pascal
Debugging Pascal programs which use sets, subranges, file variables, or nested functions
does not currently work. gdb does not support entering expressions, printing values, or
similar features using Pascal syntax.
The Pascal-specific command set print pascal_static-members controls whether
static members of Pascal objects are displayed. See hundefinedi [Print Settings],
page hundefinedi.
15.4.7 Modula-2
The extensions made to gdb to support Modula-2 only support output from the gnu
Modula-2 compiler (which is currently being developed). Other Modula-2 compilers are not
currently supported, and attempting to debug executables produced by them is most likely
to give an error as gdb reads in the executable’s symbol table.
15.4.7.1 Operators
Modula-2 also makes available several built-in procedures and functions. In describing
these, the following metavariables are used:
a represents an ARRAY variable.
c represents a CHAR constant or variable.
i represents a variable or constant of integral type.
m represents an identifier that belongs to a set. Generally used in the same func-
tion with the metavariable s. The type of s should be SET OF mtype (where
mtype is the type of m).
n represents a variable or constant of integral or floating-point type.
r represents a variable or constant of floating-point type.
t represents a type.
v represents a variable.
Chapter 15: Using gdb with Different Languages 173
15.4.7.3 Constants
gdb allows you to express the constants of Modula-2 in the following ways:
• Integer constants are simply a sequence of digits. When used in an expression, a con-
stant is interpreted to be type-compatible with the rest of the expression. Hexadecimal
integers are specified by a trailing ‘H’, and octal integers by a trailing ‘B’.
174 Debugging with gdb
Currently gdb can print the following data types in Modula-2 syntax: array types,
record types, set types, pointer types, procedure types, enumerated types, subrange types
and base types. You can also print the contents of variables declared using these type. This
section gives a number of simple source code examples together with sample gdb sessions.
The first example contains the following section of code:
VAR
s: SET OF CHAR ;
r: [20..40] ;
and you can request gdb to interrogate the type and value of r and s.
(gdb) print s
{’A’..’C’, ’Z’}
(gdb) ptype s
SET OF CHAR
(gdb) print r
21
(gdb) ptype r
[20..40]
Likewise if your source code declares s as:
VAR
s: SET [’A’..’Z’] ;
then you may query the type of s by:
(gdb) ptype s
type = SET [’A’..’Z’]
Note that at present you cannot interactively manipulate set expressions using the debugger.
The following example shows how you might declare an array in Modula-2 and how you
can interact with gdb to print its type and contents:
VAR
s: ARRAY [-10..10] OF CHAR ;
Chapter 15: Using gdb with Different Languages 175
(gdb) ptype s
ARRAY [-10..10] OF CHAR
Note that the array handling is not yet complete and although the type is printed
correctly, expression handling still assumes that all arrays have a lower bound of zero and
not -10 as in the example above.
Here are some more type related Modula-2 examples:
TYPE
colour = (blue, red, yellow, green) ;
t = [blue..yellow] ;
VAR
s: t ;
BEGIN
s := blue ;
The gdb interaction shows how you can query the data type and value of a variable.
(gdb) print s
$1 = blue
(gdb) ptype t
type = [blue..yellow]
In this example a Modula-2 array is declared and its contents displayed. Observe that the
contents are written in the same way as their C counterparts.
VAR
s: ARRAY [1..5] OF CARDINAL ;
BEGIN
s[1] := 1 ;
(gdb) print s
$1 = {1, 0, 0, 0, 0}
(gdb) ptype s
type = ARRAY [1..5] OF CARDINAL
The Modula-2 language interface to gdb also understands pointer types as shown in this
example:
VAR
s: POINTER TO ARRAY [1..5] OF CARDINAL ;
BEGIN
NEW(s) ;
s^[1] := 1 ;
and you can request that gdb describes the type of s.
(gdb) ptype s
type = POINTER TO ARRAY [1..5] OF CARDINAL
gdb handles compound types as we can see in this example. Here we combine array
types, record types, pointer types and subrange types:
TYPE
foo = RECORD
f1: CARDINAL ;
f2: CHAR ;
f3: myarray ;
END ;
(gdb) ptype s
type = POINTER TO ARRAY [-2..2] OF foo = RECORD
f1 : CARDINAL;
f2 : CHAR;
f3 : ARRAY [-2..2] OF CARDINAL;
END
If type and range checking are set automatically by gdb, they both default to on when-
ever the working language changes to Modula-2. This happens regardless of whether you
or gdb selected the working language.
If you allow gdb to set the language automatically, then entering code compiled from a
file whose name ends with ‘.mod’ sets the working language to Modula-2. See hundefinedi
[Having gdb Infer the Source Language], page hundefinedi, for further details.
A few changes have been made to make Modula-2 programs easier to debug. This is
done primarily via loosening its type strictness:
• Unlike in standard Modula-2, pointer constants can be formed by integers. This allows
you to modify pointer variables during debugging. (In standard Modula-2, the actual
address contained in a pointer variable is hidden from you; it can only be modified
through direct assignment to another pointer variable or expression that returned a
pointer.)
• C escape sequences can be used in strings and characters to represent non-printable
characters. gdb prints out strings with these escape sequences embedded. Single non-
printable characters are printed using the ‘CHR(nnn )’ format.
• The assignment operator (:=) returns the value of its right-hand argument.
• All built-in procedures both modify and return their argument.
Warning: in this release, gdb does not yet perform type or range checking.
gdb considers two Modula-2 variables type equivalent if:
• They are of types that have been declared equivalent via a TYPE t1 = t2 statement
• They have been declared on the same line. (Note: This is true of the gnu Modula-2
compiler, but it may not be true of other compilers.)
As long as type checking is enabled, any attempt to combine variables whose types are
not equivalent is an error.
Range checking is done on all mathematical operations, assignment, array index bounds,
and all built-in functions and procedures.
Chapter 15: Using gdb with Different Languages 177
There are a few subtle differences between the Modula-2 scope operator (.) and the gdb
scope operator (::). The two have similar syntax:
module . id
scope :: id
where scope is the name of a module or a procedure, module the name of a module, and id
is any declared identifier within your program, except another module.
Using the :: operator makes gdb search the scope specified by scope for the identifier
id. If it is not found in the specified scope, then gdb searches all scopes enclosing the one
specified by scope.
Using the . operator makes gdb search the current scope for the identifier specified by
id that was imported from the definition module specified by module. With this operator,
it is an error if the identifier id was not imported from definition module module, or if id is
not an identifier in module.
Some gdb commands have little use when debugging Modula-2 programs. Five subcom-
mands of set print and show print apply specifically to C and C++: ‘vtbl’, ‘demangle’,
‘asm-demangle’, ‘object’, and ‘union’. The first four apply to C++, and the last to the C
union type, which has no direct analogue in Modula-2.
The @ operator (see hundefinedi [Expressions], page hundefinedi), while available with
any language, is not useful with Modula-2. Its intent is to aid the debugging of dynamic
arrays, which cannot be created in Modula-2 as they can in C or C++. However, because
an address can be specified by an integral constant, the construct ‘{type }adrexp ’ is still
useful.
In gdb scripts, the Modula-2 inequality operator # is interpreted as the beginning of a
comment. Use <> instead.
15.4.8 Ada
The extensions made to gdb for Ada only support output from the gnu Ada (GNAT)
compiler. Other Ada compilers are not currently supported, and attempting to debug
executables produced by them is most likely to be difficult.
15.4.8.1 Introduction
The Ada mode of gdb supports a fairly large subset of Ada expression syntax, with
some extensions. The philosophy behind the design of this subset is
• That gdb should provide basic literals and access to operations for arithmetic, deref-
erencing, field selection, indexing, and subprogram calls, leaving more sophisticated
computations to subprograms written into the program (which therefore may be called
from gdb).
178 Debugging with gdb
• That type safety and strict adherence to Ada language restrictions are not particularly
important to the gdb user.
• That brevity is important to the gdb user.
Thus, for brevity, the debugger acts as if all names declared in user-written packages
are directly visible, even if they are not visible according to Ada rules, thus making it
unnecessary to fully qualify most names with their packages, regardless of context. Where
this causes ambiguity, gdb asks the user’s intent.
The debugger will start in Ada mode if it detects an Ada main program. As for other
languages, it will enter Ada mode when stopped in a program that was translated from an
Ada source file.
While in Ada mode, you may use ‘--’ for comments. This is useful mostly for docu-
menting command files. The standard gdb comment (‘#’) still works at the beginning of a
line in Ada mode, but not in the middle (to allow based literals).
The debugger supports limited overloading. Given a subprogram call in which the func-
tion symbol has multiple definitions, it will use the number of actual parameters and some
information about their types to attempt to narrow the set of definitions. It also makes
very limited use of context, preferring procedures to functions in the context of the call
command, and functions to procedures elsewhere.
As it does for other languages, gdb makes certain generic extensions to Ada (see hun-
definedi [Expressions], page hundefinedi):
• If the expression E is a variable residing in memory (typically a local variable or array
element) and N is a positive integer, then E @N displays the values of E and the N-1
180 Debugging with gdb
tag). Likewise, component selection on such a value will operate on the specific type
of the object.
It is sometimes necessary to debug the program during elaboration, and before reaching
the main procedure. As defined in the Ada Reference Manual, the elaboration code is
invoked from a procedure called adainit. To run your program up to the beginning of
elaboration, simply use the following two commands: tbreak adainit and run.
Support for Ada tasks is analogous to that for threads (see hundefinedi [Threads],
page hundefinedi). gdb provides the following task-related commands:
info tasks
This command shows a list of current Ada tasks, as in the following example:
In this listing, the asterisk before the last task indicates it to be the task cur-
rently being inspected.
ID Represents gdb’s internal task number.
TID The Ada task ID.
P-ID The parent’s task ID (gdb’s internal task number).
Pri The base priority of the task.
State Current state of the task.
Unactivated
The task has been created but has not been activated.
It cannot be executing.
Runnable The task is not blocked for any reason known to Ada.
(It may be waiting for a mutex, though.) It is concep-
tually "executing" in normal mode.
Terminated
The task is terminated, in the sense of ARM 9.3 (5).
Any dependents that were waiting on terminate alter-
natives have been awakened and have terminated them-
selves.
182 Debugging with gdb
task taskno
This command is like the thread threadno command (see hundefinedi
[Threads], page hundefinedi). It switches the context of debugging from the
current task to the given task.
task # 1 running
task # 2 running
When inspecting a core file, as opposed to debugging a live program, tasking support
may be limited or even unavailable, depending on the platform being used. For instance,
on x86-linux, the list of tasks is available, but task switching is not supported. On Tru64,
however, task switching will work as usual.
On certain platforms, including Tru64, the debugger needs to perform some memory
writes in order to provide Ada tasking support. When inspecting a core file, this means
that the core file must be opened with read-write privileges, using the command ‘"set
write on"’ (see hundefinedi [Patching], page hundefinedi). Under these circumstances, you
should make a backup copy of the core file before inspecting it with gdb.
The Ravenscar Profile is a subset of the Ada tasking features, specifically designed for
systems with safety-critical real-time requirements.
Besides the omissions listed previously (see hundefinedi [Omissions from Ada], page hun-
definedi), we know of several problems with and limitations of Ada mode in gdb, some of
which will be fixed with planned future releases of the debugger and the GNU Ada compiler.
Chapter 15: Using gdb with Different Languages 185
• Static constants that the compiler chooses not to materialize as objects in storage are
invisible to the debugger.
• Named parameter associations in function argument lists are ignored (the argument
lists are treated as positional).
• Many useful library packages are currently invisible to the debugger.
• Fixed-point arithmetic, conversions, input, and output is carried out using floating-
point arithmetic, and may give results that only approximate those on the host machine.
• The GNAT compiler never generates the prefix Standard for any of the standard
symbols defined by the Ada language. gdb knows about this: it will strip the prefix
from names when you use it, and will never look for a name you have so qualified
among local symbols, nor match against symbols in other packages or subprograms. If
you have defined entities anywhere in your program other than parameters and local
variables whose simple names match names in Standard, GNAT’s lack of qualification
here can cause confusion. When this happens, you can usually resolve the confusion
by qualifying the problematic names with package Standard explicitly.
Older versions of the compiler sometimes generate erroneous debugging information,
resulting in the debugger incorrectly printing the value of affected entities. In some cases,
the debugger is able to work around an issue automatically. In other cases, the debugger is
able to work around the issue, but the work-around has to be specifically enabled.
set ada trust-PAD-over-XVS on
Configure GDB to strictly follow the GNAT encoding when computing the
value of Ada entities, particularly when PAD and PAD___XVS types are involved
(see ada/exp_dbug.ads in the GCC sources for a complete description of the
encoding used by the GNAT compiler). This is the default.
set ada trust-PAD-over-XVS off
This is related to the encoding using by the GNAT compiler. If gdb sometimes
prints the wrong value for certain entities, changing ada trust-PAD-over-XVS
to off activates a work-around which may fix the issue. It is always safe to set
ada trust-PAD-over-XVS to off, but this incurs a slight performance penalty,
so it is recommended to leave this setting to on unless necessary.
set case-sensitive on
set case-sensitive off
set case-sensitive auto
Normally, when gdb looks up symbols, it matches their names with case sensi-
tivity determined by the current source language. Occasionally, you may wish
to control that. The command set case-sensitive lets you do that by specify-
ing on for case-sensitive matches or off for case-insensitive ones. If you specify
auto, case sensitivity is reset to the default suitable for the source language.
The default is case-sensitive matches for all languages except for Fortran, for
which the default is case-insensitive matches.
show case-sensitive
This command shows the current setting of case sensitivity for symbols lookups.
info address symbol
Describe where the data for symbol is stored. For a register variable, this says
which register it is kept in. For a non-register local variable, this prints the
stack-frame offset at which the variable is always stored.
Note the contrast with ‘print &symbol ’, which does not work at all for a regis-
ter variable, and for a stack local variable prints the exact address of the current
instantiation of the variable.
info symbol addr
Print the name of a symbol which is stored at the address addr. If no symbol
is stored exactly at addr, gdb prints the nearest symbol and an offset from it:
(gdb) info symbol 0x54320
_initialize_vx + 396 in section .text
This is the opposite of the info address command. You can use it to find out
the name of a variable or a function given its address.
For dynamically linked executables, the name of executable or shared library
containing the symbol is also printed:
188 Debugging with gdb
whatis [arg ]
Print the data type of arg, which can be either an expression or a data type.
With no argument, print the data type of $, the last value in the value history.
If arg is an expression, it is not actually evaluated, and any side-effecting oper-
ations (such as assignments or function calls) inside it do not take place. If arg
is a type name, it may be the name of a type or typedef, or for C code it may
have the form ‘class class-name ’, ‘struct struct-tag ’, ‘union union-tag ’
or ‘enum enum-tag ’. See hundefinedi [Expressions], page hundefinedi.
ptype [arg ]
ptype accepts the same arguments as whatis, but prints a detailed description
of the type, instead of just the name of the type. See hundefinedi [Expressions],
page hundefinedi.
For example, for this variable declaration:
struct complex {double real; double imag;} v;
the two commands give this output:
(gdb) whatis v
type = struct complex
(gdb) ptype v
type = struct complex {
double real;
double imag;
}
As with whatis, using ptype without an argument refers to the type of $, the
last value in the value history.
Sometimes, programs use opaque data types or incomplete specifications of
complex data structure. If the debug information included in the program
does not allow gdb to display a full declaration of the data type, it will say
‘<incomplete type>’. For example, given these declarations:
struct foo;
struct foo *fooptr;
but no definition for struct foo itself, gdb will say:
(gdb) ptype foo
$1 = <incomplete type>
“Incomplete type” is C terminology for data types that are not completely
specified.
info types regexp
info types
Print a brief description of all types whose names match the regular expression
regexp (or all types in your program, if you supply no argument). Each complete
typename is matched as though it were a complete line; thus, ‘i type value’
gives information on all types in your program whose names include the string
value, but ‘i type ^value$’ gives information only on types whose complete
name is value.
Chapter 16: Examining the Symbol Table 189
This command differs from ptype in two ways: first, like whatis, it does not
print a detailed description; second, it lists all source files where a type is
defined.
info scope location
List all the variables local to a particular scope. This command accepts a
location argument—a function name, a source line, or an address preceded by a
‘*’, and prints all the variables local to the scope defined by that location. (See
hundefinedi [Specify Location], page hundefinedi, for details about supported
forms of location.) For example:
(gdb) info scope command line handler
Scope for command_line_handler:
Symbol rl is an argument at stack/frame offset 8, length 4.
Symbol linebuffer is in static storage at address 0x150a18, length 4.
Symbol linelength is in static storage at address 0x150a1c, length 4.
Symbol p is a local variable in register $esi, length 4.
Symbol p1 is a local variable in register $ebx, length 4.
Symbol nline is a local variable in register $edx, length 4.
Symbol repeat is a local variable at frame offset -8, length 4.
This command is especially useful for determining what data to collect during
a trace experiment, see hundefinedi [Tracepoint Actions], page hundefinedi.
info source
Show information about the current source file—that is, the source file for the
function containing the current point of execution:
• the name of the source file, and the directory containing it,
• the directory it was compiled in,
• its length, in lines,
• which programming language it is written in,
• whether the executable includes debugging information for that file, and if
so, what format the information is in (e.g., STABS, Dwarf 2, etc.), and
• whether the debugging information includes information about preproces-
sor macros.
info sources
Print the names of all source files in your program for which there is debugging
information, organized into two lists: files whose symbols have already been
read, and files whose symbols will be read when needed.
info functions
Print the names and data types of all defined functions.
info functions regexp
Print the names and data types of all defined functions whose names contain a
match for regular expression regexp. Thus, ‘info fun step’ finds all functions
whose names include step; ‘info fun ^step’ finds those whose names start
with step. If a function name contains characters that conflict with the regular
expression language (e.g. ‘operator*()’), they may be quoted with a backslash.
190 Debugging with gdb
info variables
Print the names and data types of all variables that are defined outside of
functions (i.e. excluding local variables).
info variables regexp
Print the names and data types of all variables (except for local variables) whose
names contain a match for regular expression regexp.
info classes
info classes regexp
Display all Objective-C classes in your program, or (with the regexp argument)
all those matching a particular regular expression.
info selectors
info selectors regexp
Display all Objective-C selectors in your program, or (with the regexp argu-
ment) all those matching a particular regular expression.
Some systems allow individual object files that make up your program to be
replaced without stopping and restarting your program. For example, in Vx-
Works you can simply recompile a defective object file and keep on running.
If you are running on one of these systems, you can allow gdb to reload the
symbols for automatically relinked modules:
set symbol-reloading on
Replace symbol definitions for the corresponding source file when
an object file with a particular name is seen again.
set symbol-reloading off
Do not replace symbol definitions when encountering object files of
the same name more than once. This is the default state; if you
are not running on a system that permits automatic relinking of
modules, you should leave symbol-reloading off, since otherwise
gdb may discard symbols when linking large programs, that may
contain several modules (from different directories or libraries) with
the same name.
show symbol-reloading
Show the current on or off setting.
set opaque-type-resolution on
Tell gdb to resolve opaque types. An opaque type is a type declared as a
pointer to a struct, class, or union—for example, struct MyType *—that
is used in one source file although the full declaration of struct MyType is in
another source file. The default is on.
A change in the setting of this subcommand will not take effect until the next
time symbols for a file are loaded.
set opaque-type-resolution off
Tell gdb not to resolve opaque types. In this case, the type is printed as follows:
{<no data fields>}
Chapter 16: Examining the Symbol Table 191
show opaque-type-resolution
Show whether opaque types are resolved or not.
maint print symbols filename
maint print psymbols filename
maint print msymbols filename
Write a dump of debugging symbol data into the file filename. These commands
are used to debug the gdb symbol-reading code. Only symbols with debugging
data are included. If you use ‘maint print symbols’, gdb includes all the
symbols for which it has already collected full details: that is, filename reflects
symbols for only those files whose symbols gdb has read. You can use the
command info sources to find out which files these are. If you use ‘maint
print psymbols’ instead, the dump shows information about symbols that gdb
only knows partially—that is, symbols defined in files that gdb has skimmed,
but not yet read completely. Finally, ‘maint print msymbols’ dumps just the
minimal symbol information required for each object file from which gdb has
read some symbols. See hundefinedi [Commands to Specify Files], page hunde-
finedi, for a discussion of how gdb reads symbols (in the description of symbol-
file).
maint info symtabs [ regexp ]
maint info psymtabs [ regexp ]
List the struct symtab or struct partial_symtab structures whose names
match regexp. If regexp is not given, list them all. The output includes expres-
sions which you can copy into a gdb debugging this one to examine a particular
structure in more detail. For example:
(gdb) maint info psymtabs dwarf2read
{ objfile /home/gnu/build/gdb/gdb
((struct objfile *) 0x82e69d0)
{ psymtab /home/gnu/src/gdb/dwarf2read.c
((struct partial_symtab *) 0x8474b10)
readin no
fullname (null)
text addresses 0x814d3c8 -- 0x8158074
globals (* (struct partial_symbol **) 0x8507a08 @ 9)
statics (* (struct partial_symbol **) 0x40e95b78 @ 2882)
dependencies (none)
}
}
(gdb) maint info symtabs
(gdb)
We see that there is one partial symbol table whose filename contains the string
‘dwarf2read’, belonging to the ‘gdb’ executable; and we see that gdb has not
read in any symtabs yet at all. If we set a breakpoint on a function, that will
cause gdb to read the symtab for the compilation unit containing that function:
(gdb) break dwarf2_psymtab_to_symtab
Breakpoint 1 at 0x814e5da: file /home/gnu/src/gdb/dwarf2read.c,
line 1574.
(gdb) maint info symtabs
{ objfile /home/gnu/build/gdb/gdb
((struct objfile *) 0x82e69d0)
{ symtab /home/gnu/src/gdb/dwarf2read.c
192 Debugging with gdb
17 Altering Execution
Once you think you have found an error in your program, you might want to find out for
certain whether correcting the apparent error would lead to correct results in the rest of the
run. You can find the answer by experiment, using the gdb features for altering execution
of the program.
For example, you can store new values into variables or memory locations, give your pro-
gram a signal, restart it at a different address, or even return prematurely from a function.
stores the value 4 into the variable x, and then prints the value of the assignment expression
(which is 4). See hundefinedi [Using gdb with Different Languages], page hundefinedi, for
more information on operators in supported languages.
If you are not interested in seeing the value of the assignment, use the set command
instead of the print command. set is really the same as print except that the expression’s
value is not printed and is not put in the value history (see hundefinedi [Value History],
page hundefinedi). The expression is evaluated only for its effects.
If the beginning of the argument string of the set command appears identical to a
set subcommand, use the set variable command instead of just set. This command is
identical to set except for its lack of subcommands. For example, if your program has a
variable width, you get an error if you try to set a new value with just ‘set width=13’,
because gdb has the command set width:
(gdb) whatis width
type = double
(gdb) p width
$4 = 13
(gdb) set width=47
Invalid syntax in expression.
The invalid expression, of course, is ‘=47’. In order to actually set the program’s variable
width, use
(gdb) set var width=47
Because the set command has many subcommands that can conflict with the names of
program variables, it is a good idea to use the set variable command instead of just set.
For example, if your program has a variable g, you run into problems if you try to set a
new value with just ‘set g=4’, because gdb has the command set gnutarget, abbreviated
set g:
194 Debugging with gdb
(gdb) whatis g
type = double
(gdb) p g
$1 = 1
(gdb) set g=4
(gdb) p g
$2 = 1
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/smith/cc_progs/a.out
"/home/smith/cc_progs/a.out": can’t open to read symbols:
Invalid bfd target.
(gdb) show g
The current BFD target is "=4".
The program variable g did not change, and you silently set the gnutarget to an invalid
value. In order to set the variable g, use
(gdb) set var g=4
gdb allows more implicit conversions in assignments than C; you can freely store an
integer value into a pointer variable or vice versa, and you can convert any structure to any
other structure that is the same length or shorter.
To store values into arbitrary places in memory, use the ‘{...}’ construct to generate
a value of specified type at a specified address (see hundefinedi [Expressions], page hun-
definedi). For example, {int}0x83040 refers to memory location 0x83040 as an integer
(which implies a certain size and representation in memory), and
set {int}0x83040 = 4
stores the value 4 into that memory location.
Ordinarily, when you continue your program, you do so at the place where it stopped,
with the continue command. You can instead continue at an address of your own choosing,
with the following commands:
jump linespec
jump location
Resume execution at line linespec or at address given by location. Execution
stops again immediately if there is a breakpoint there. See hundefinedi [Specify
Location], page hundefinedi, for a description of the different forms of linespec
and location. It is common practice to use the tbreak command in conjunction
with jump. See hundefinedi [Setting Breakpoints], page hundefinedi.
The jump command does not change the current stack frame, or the stack
pointer, or the contents of any memory location or any register other than the
program counter. If line linespec is in a different function from the one cur-
rently executing, the results may be bizarre if the two functions expect different
patterns of arguments or of local variables. For this reason, the jump command
requests confirmation if the specified line is not in the function currently exe-
cuting. However, even bizarre results are predictable if you are well acquainted
with the machine-language code of your program.
Chapter 17: Altering Execution 195
On many systems, you can get much the same effect as the jump command by storing
a new value into the register $pc. The difference is that this does not start your program
running; it only changes the address of where it will run when you continue. For example,
set $pc = 0x485
makes the next continue command or stepping command execute at address 0x485, rather
than at the address where your program stopped. See hundefinedi [Continuing and Step-
ping], page hundefinedi.
The most common occasion to use the jump command is to back up—perhaps with more
breakpoints set—over a portion of a program that has already executed, in order to examine
its execution in more detail.
signal signal
Resume execution where your program stopped, but immediately give it the
signal signal. signal can be the name or the number of a signal. For example,
on many systems signal 2 and signal SIGINT are both ways of sending an
interrupt signal.
Alternatively, if signal is zero, continue execution without giving a signal. This
is useful when your program stopped on account of a signal and would ordinary
see the signal when resumed with the continue command; ‘signal 0’ causes it
to resume without a signal.
signal does not repeat when you press hRETi a second time after executing the
command.
Invoking the signal command is not the same as invoking the kill utility from the shell.
Sending a signal with kill causes gdb to decide what to do with the signal depending on the
signal handling tables (see hundefinedi [Signals], page hundefinedi). The signal command
passes the signal directly to your program.
return
return expression
You can cancel execution of a function call with the return command. If you
give an expression argument, its value is used as the function’s return value.
When you use return, gdb discards the selected stack frame (and all frames within it).
You can think of this as making the discarded frame return prematurely. If you wish to
specify a value to be returned, give that value as the argument to return.
This pops the selected stack frame (see hundefinedi [Selecting a Frame], page hunde-
finedi), and any other frames inside of it, leaving its caller as the innermost remaining
frame. That frame becomes selected. The specified value is stored in the registers used for
returning values of functions.
The return command does not resume execution; it leaves the program stopped in the
state that would exist if the function had just returned. In contrast, the finish command
196 Debugging with gdb
(see hundefinedi [Continuing and Stepping], page hundefinedi) resumes execution until the
selected stack frame returns naturally.
gdb needs to know how the expression argument should be set for the inferior. The
concrete registers assignment depends on the OS ABI and the type being returned by the
selected stack frame. For example it is common for OS ABI to return floating point values
in FPU registers while integer values in CPU registers. Still some ABIs return even floating
point values in CPU registers. Larger integer widths (such as long long int) also have
specific placement rules. gdb already knows the OS ABI from its current target so it needs
to find out also the type being returned to make the assignment into the right register(s).
Normally, the selected stack frame has debug info. gdb will always use the debug info
instead of the implicit type of expression when the debug info is available. For example,
if you type return -1, and the function in the current stack frame is declared to return a
long long int, gdb transparently converts the implicit int value of -1 into a long long
int:
Breakpoint 1, func () at gdb.base/return-nodebug.c:29
29 return 31;
(gdb) return -1
Make func return now? (y or n) y
#0 0x004004f6 in main () at gdb.base/return-nodebug.c:43
43 printf ("result=%lld\n", func ());
(gdb)
However, if the selected stack frame does not have a debug info, e.g., if the function was
compiled without debug info, gdb has to find out the type to return from user. Specifying
a different type by mistake may set the value in different inferior registers than the caller
code expects. For example, typing return -1 with its implicit type int would set only
a part of a long long int result for a debug info less function (on 32-bit architectures).
Therefore the user is required to specify the return type by an appropriate cast explicitly:
Breakpoint 2, 0x0040050b in func ()
(gdb) return -1
Return value type not available for selected stack frame.
Please use an explicit cast of the value to return.
(gdb) return (long long int) -1
Make selected stack frame return now? (y or n) y
#0 0x00400526 in main ()
(gdb)
print expr
Evaluate the expression expr and display the resulting value. expr may include
calls to functions in the program being debugged.
call expr
Evaluate the expression expr without displaying void returned values.
You can use this variant of the print command if you want to execute a function
from your program that does not return anything (a.k.a. a void function), but
without cluttering the output with void returned values that gdb will otherwise
print. If the result is not void, it is printed and saved in the value history.
Chapter 17: Altering Execution 197
It is possible for the function you call via the print or call command to generate a
signal (e.g., if there’s a bug in the function, or if you passed it incorrect arguments). What
happens in that case is controlled by the set unwindonsignal command.
Similarly, with a C++ program it is possible for the function you call via the print or
call command to generate an exception that is not handled due to the constraints of the
dummy frame. In this case, any exception that is raised in the frame, but has an out-of-frame
exception handler will not be found. GDB builds a dummy-frame for the inferior function
call, and the unwinder cannot seek for exception handlers outside of this dummy-frame.
What happens in that case is controlled by the set unwind-on-terminating-exception
command.
set unwindonsignal
Set unwinding of the stack if a signal is received while in a function that gdb
called in the program being debugged. If set to on, gdb unwinds the stack it
created for the call and restores the context to what it was before the call. If
set to off (the default), gdb stops in the frame where the signal was received.
show unwindonsignal
Show the current setting of stack unwinding in the functions called by gdb.
set unwind-on-terminating-exception
Set unwinding of the stack if a C++ exception is raised, but left unhandled while
in a function that gdb called in the program being debugged. If set to on (the
default), gdb unwinds the stack it created for the call and restores the context
to what it was before the call. If set to off, gdb the exception is delivered to
the default C++ exception handler and the inferior terminated.
show unwind-on-terminating-exception
Show the current setting of stack unwinding in the functions called by gdb.
Sometimes, a function you wish to call is actually a weak alias for another function. In
such case, gdb might not pick up the type information, including the types of the function
arguments, which causes gdb to call the inferior function incorrectly. As a result, the called
function will function erroneously and may even crash. A solution to that is to use the
name of the aliased function instead.
If you have already loaded a file, you must load it again (using the exec-file
or core-file command) after changing set write, for your new setting to take
effect.
show write
Display whether executable files and core files are opened for writing as well as
reading.
Chapter 18: gdb Files 199
18 gdb Files
gdb needs to know the file name of the program to be debugged, both in order to read
its symbol table and in order to start your program. To debug a core dump of a previous
run, you must also tell gdb the name of the core dump file.
You may want to specify executable and core dump file names. The usual way to do
this is at start-up time, using the arguments to gdb’s start-up commands (see hundefinedi
[Getting In and Out of gdb], page hundefinedi).
Occasionally it is necessary to change to a different file during a gdb session. Or you
may run gdb and forget to specify a file you want to use. Or you are debugging a remote
target via gdbserver (see hundefinedi [Using the gdbserver Program], page hundefinedi).
In these situations the gdb commands to specify new files are useful.
file filename
Use filename as the program to be debugged. It is read for its symbols and for
the contents of pure memory. It is also the program executed when you use
the run command. If you do not specify a directory and the file is not found
in the gdb working directory, gdb uses the environment variable PATH as a list
of directories to search, just as the shell does when looking for a program to
run. You can change the value of this variable, for both gdb and your program,
using the path command.
You can load unlinked object ‘.o’ files into gdb using the file command. You
will not be able to “run” an object file, but you can disassemble functions and
inspect variables. Also, if the underlying BFD functionality supports it, you
could use gdb -write to patch object files using this technique. Note that gdb
can neither interpret nor modify relocations in this case, so branches and some
initialized variables will appear to go to the wrong place. But this feature is
still handy from time to time.
file file with no argument makes gdb discard any information it has on both
executable file and the symbol table.
exec-file [ filename ]
Specify that the program to be run (but not the symbol table) is found in file-
name. gdb searches the environment variable PATH if necessary to locate your
program. Omitting filename means to discard information on the executable
file.
symbol-file [ filename ]
Read symbol table information from file filename. PATH is searched when nec-
essary. Use the file command to get both symbol table and program to run
from the same file.
symbol-file with no argument clears out gdb information on your program’s
symbol table.
200 Debugging with gdb
The symbol-file command causes gdb to forget the contents of some break-
points and auto-display expressions. This is because they may contain pointers
to the internal data recording symbols and data types, which are part of the
old symbol table data being discarded inside gdb.
symbol-file does not repeat if you press hRETi again after executing it once.
When gdb is configured for a particular environment, it understands debugging
information in whatever format is the standard generated for that environment;
you may use either a gnu compiler, or other compilers that adhere to the local
conventions. Best results are usually obtained from gnu compilers; for example,
using gcc you can generate debugging information for optimized code.
For most kinds of object files, with the exception of old SVR3 systems using
COFF, the symbol-file command does not normally read the symbol table in
full right away. Instead, it scans the symbol table quickly to find which source
files and which symbols are present. The details are read later, one source file
at a time, as they are needed.
The purpose of this two-stage reading strategy is to make gdb start up faster.
For the most part, it is invisible except for occasional pauses while the symbol
table details for a particular source file are being read. (The set verbose com-
mand can turn these pauses into messages if desired. See hundefinedi [Optional
Warnings and Messages], page hundefinedi.)
We have not implemented the two-stage strategy for COFF yet. When the
symbol table is stored in COFF format, symbol-file reads the symbol table
data in full right away. Note that “stabs-in-COFF” still does the two-stage
strategy, since the debug info is actually in stabs format.
symbol-file [ -readnow ] filename
file [ -readnow ] filename
You can override the gdb two-stage strategy for reading symbol tables by us-
ing the ‘-readnow’ option with any of the commands that load symbol table
information, if you want to be sure gdb has the entire symbol table available.
core-file [filename ]
core Specify the whereabouts of a core dump file to be used as the “contents of
memory”. Traditionally, core files contain only some parts of the address space
of the process that generated them; gdb can access the executable file itself for
other parts.
core-file with no argument specifies that no core file is to be used.
Note that the core file is ignored when your program is actually running under
gdb. So, if you have been running your program and you wish to debug a core
file instead, you must kill the subprocess in which the program is running. To
do this, use the kill command (see hundefinedi [Killing the Child Process],
page hundefinedi).
add-symbol-file filename address
add-symbol-file filename address [ -readnow ]
add-symbol-file filename -ssection address ...
The add-symbol-file command reads additional symbol table information
from the file filename. You would use this command when filename has been
Chapter 18: gdb Files 201
dynamically loaded (by some other means) into the program that is running.
address should be the memory address at which the file has been loaded; gdb
cannot figure this out for itself. You can additionally specify an arbitrary
number of ‘-ssection address ’ pairs, to give an explicit section name and
base address for that section. You can specify any address as an expression.
The symbol table of the file filename is added to the symbol table originally read
with the symbol-file command. You can use the add-symbol-file command
any number of times; the new symbol data thus read keeps adding to the old.
To discard all old symbol data instead, use the symbol-file command without
any arguments.
Although filename is typically a shared library file, an executable file, or some
other object file which has been fully relocated for loading into a process, you
can also load symbolic information from relocatable ‘.o’ files, as long as:
• the file’s symbolic information refers only to linker symbols defined in that
file, not to symbols defined by other object files,
• every section the file’s symbolic information refers to has actually been
loaded into the inferior, as it appears in the file, and
• you can determine the address at which every section was loaded, and
provide these to the add-symbol-file command.
Some embedded operating systems, like Sun Chorus and VxWorks, can load
relocatable files into an already running program; such systems typically make
the requirements above easy to meet. However, it’s important to recognize that
many native systems use complex link procedures (.linkonce section factoring
and C++ constructor table assembly, for example) that make the requirements
difficult to meet. In general, one cannot assume that using add-symbol-file
to read a relocatable object file’s symbolic information will have the same effect
as linking the relocatable object file into the program in the normal way.
add-symbol-file does not repeat if you press hRETi after using it.
add-symbol-file-from-memory address
Load symbols from the given address in a dynamically loaded object file whose
image is mapped directly into the inferior’s memory. For example, the Linux
kernel maps a syscall DSO into each process’s address space; this DSO provides
kernel-specific code for some system calls. The argument can be any expres-
sion whose evaluation yields the address of the file’s shared object file header.
For this command to work, you must have used symbol-file or exec-file
commands in advance.
add-shared-symbol-files library-file
assf library-file
The add-shared-symbol-files command can currently be used only in the
Cygwin build of gdb on MS-Windows OS, where it is an alias for the dll-
symbols command (see hundefinedi [Cygwin Native], page hundefinedi). gdb
automatically looks for shared libraries, however if gdb does not find yours,
you can invoke add-shared-symbol-files. It takes one argument: the shared
library’s file name. assf is a shorthand alias for add-shared-symbol-files.
202 Debugging with gdb
NEVER_LOAD
An instruction to the linker to not output the section.
COFF_SHARED_LIBRARY
A notification to the linker that the section contains
COFF shared library information.
IS_COMMON
Section contains common symbols.
set trust-readonly-sections on
Tell gdb that readonly sections in your object file really are read-only (i.e.
that their contents will not change). In that case, gdb can fetch values from
these sections out of the object file, rather than from the target program. For
some targets (notably embedded ones), this can be a significant enhancement
to debugging performance.
The default is off.
set trust-readonly-sections off
Tell gdb not to trust readonly sections. This means that the contents of the
section might change while the program is running, and must therefore be
fetched from the target when needed.
show trust-readonly-sections
Show the current setting of trusting readonly sections.
All file-specifying commands allow both absolute and relative file names as arguments.
gdb always converts the file name to an absolute file name and remembers it that way.
gdb supports gnu/Linux, MS-Windows, HP-UX, SunOS, SVr4, Irix, and IBM RS/6000
AIX shared libraries.
On MS-Windows gdb must be linked with the Expat library to support shared libraries.
See hundefinedi [Expat], page hundefinedi.
gdb automatically loads symbol definitions from shared libraries when you use the run
command, or when you examine a core file. (Before you issue the run command, gdb
does not understand references to a function in a shared library, however—unless you are
debugging a core file).
On HP-UX, if the program loads a library explicitly, gdb automatically loads the symbols
at the time of the shl_load call.
There are times, however, when you may wish to not automatically load symbol defini-
tions from shared libraries, such as when they are particularly large or there are many of
them.
To control the automatic loading of shared library symbols, use the commands:
set auto-solib-add mode
If mode is on, symbols from all shared object libraries will be loaded auto-
matically when the inferior begins execution, you attach to an independently
started inferior, or when the dynamic linker informs gdb that a new library
has been loaded. If mode is off, symbols must be loaded manually, using the
sharedlibrary command. The default value is on.
204 Debugging with gdb
If your program uses lots of shared libraries with debug info that takes large
amounts of memory, you can decrease the gdb memory footprint by prevent-
ing it from automatically loading the symbols from shared libraries. To that
end, type set auto-solib-add off before running the inferior, then load each
library whose debug symbols you do need with sharedlibrary regexp , where
regexp is a regular expression that matches the libraries whose symbols you
want to be loaded.
show auto-solib-add
Display the current autoloading mode.
To explicitly load shared library symbols, use the sharedlibrary command:
show sysroot
Display the current shared library prefix.
set solib-search-path path
If this variable is set, path is a colon-separated list of directories to search for
shared libraries. ‘solib-search-path’ is used after ‘sysroot’ fails to locate the
library, or if the path to the library is relative instead of absolute. If you want
to use ‘solib-search-path’ instead of ‘sysroot’, be sure to set ‘sysroot’
to a nonexistent directory to prevent gdb from finding your host’s libraries.
‘sysroot’ is preferred; setting it to a nonexistent directory may interfere with
automatic loading of shared library symbols.
show solib-search-path
Display the current shared library search path.
set target-file-system-kind kind
Set assumed file system kind for target reported file names.
Shared library file names as reported by the target system may not make sense
as is on the system gdb is running on. For example, when remote debugging
a target that has MS-DOS based file system semantics, from a Unix host, the
target may be reporting to gdb a list of loaded shared libraries with file names
such as ‘c:\Windows\kernel32.dll’. On Unix hosts, there’s no concept of
drive letters, so the ‘c:\’ prefix is not normally understood as indicating an
absolute file name, and neither is the backslash normally considered a direc-
tory separator character. In that case, the native file system would interpret
this whole absolute file name as a relative file name with no directory compo-
nents. This would make it impossible to point gdb at a copy of the remote
target’s shared libraries on the host using set sysroot, and impractical with
set solib-search-path. Setting target-file-system-kind to dos-based
tells gdb to interpret such file names similarly to how the target would, and to
map them to file names valid on gdb’s native file system semantics. The value
of kind can be "auto", in addition to one of the supported file system kinds. In
that case, gdb tries to determine the appropriate file system variant based on
the current target’s operating system (see hundefinedi [Configuring the Current
ABI], page hundefinedi). The supported file system settings are:
unix Instruct gdb to assume the target file system is of Unix kind. Only
file names starting the forward slash (‘/’) character are considered
absolute, and the directory separator character is also the forward
slash.
dos-based
Instruct gdb to assume the target file system is DOS based. File
names starting with either a forward slash, or a drive letter followed
by a colon (e.g., ‘c:’), are considered absolute, and both the slash
(‘/’) and the backslash (‘\\’) characters are considered directory
separators.
auto Instruct gdb to use the file system kind associated with the target
operating system (see hundefinedi [Configuring the Current ABI],
page hundefinedi). This is the default.
Chapter 18: gdb Files 207
gdb allows you to put a program’s debugging information in a file separate from the
executable itself, in a way that allows gdb to find and load the debugging information
automatically. Since debugging information can be very large—sometimes larger than the
executable code itself—some systems distribute debugging information for their executables
in separate files, which users can install only when they need to debug a problem.
gdb supports two ways of specifying the separate debug info file:
• The executable contains a debug link that specifies the name of the separate debug
info file. The separate debug file’s name is usually ‘executable.debug’, where exe-
cutable is the name of the corresponding executable file without leading directories
(e.g., ‘ls.debug’ for ‘/usr/bin/ls’). In addition, the debug link specifies a 32-bit
Cyclic Redundancy Check (CRC) checksum for the debug file, which gdb uses to val-
idate that the executable and the debug file came from the same build.
• The executable contains a build ID, a unique bit string that is also present in the
corresponding debug info file. (This is supported only on some operating systems,
notably those which use the ELF format for binary files and the gnu Binutils.) For
more details about this feature, see the description of the ‘--build-id’ command-line
option in section “Command Line Options” in The GNU Linker. The debug info file’s
name is not specified explicitly by the build ID, but can be computed from the build
ID, see below.
Depending on the way the debug info file is specified, gdb uses two different methods of
looking for the debug file:
• For the “debug link” method, gdb looks up the named file in the directory of the
executable file, then in a subdirectory of that directory named ‘.debug’, and finally
under the global debug directory, in a subdirectory whose name is identical to the
leading directories of the executable’s absolute file name.
• For the “build ID” method, gdb looks in the ‘.build-id’ subdirectory of the global
debug directory for a file named ‘nn /nnnnnnnn.debug’, where nn are the first 2 hex
characters of the build ID bit string, and nnnnnnnn are the rest of the bit string. (Real
build ID strings are 32 or more hex characters, not 10.)
So, for example, suppose you ask gdb to debug ‘/usr/bin/ls’, which has a debug link
that specifies the file ‘ls.debug’, and a build ID whose value in hex is abcdef1234. If
the global debug directory is ‘/usr/lib/debug’, then gdb will look for the following debug
information files, in the indicated order:
− ‘/usr/lib/debug/.build-id/ab/cdef1234.debug’
− ‘/usr/bin/ls.debug’
− ‘/usr/bin/.debug/ls.debug’
− ‘/usr/lib/debug/usr/bin/ls.debug’.
You can set the global debugging info directory’s name, and view the name gdb is
currently using.
208 Debugging with gdb
The CRC used in .gnu_debuglink is the CRC-32 defined in IEEE 802.3 using the
polynomial:
x32 + x26 + x23 + x22 + x16 + x12 + x11
+ x10 + x8 + x7 + x5 + x4 + x2 + x + 1
The function is computed byte at a time, taking the least significant bit of each byte
first. The initial pattern 0xffffffff is used, to ensure leading zeros affect the CRC and
the final result is inverted to ensure trailing zeros also affect the CRC.
Note: This is the same CRC polynomial as used in handling the Remote Serial Protocol
qCRC packet (see hundefinedi [gdb Remote Serial Protocol], page hundefinedi). However in
the case of the Remote Serial Protocol, the CRC is computed most significant bit first, and
the result is not inverted, so trailing zeros have no effect on the CRC value.
To complete the description, we show below the code of the function which produces the
CRC used in .gnu_debuglink. Inverting the initially supplied crc argument means that an
initial call to this function passing in zero will start computing the CRC using 0xffffffff.
unsigned long
gnu_debuglink_crc32 (unsigned long crc,
unsigned char *buf, size_t len)
{
static const unsigned long crc32_table[256] =
{
0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
210 Debugging with gdb
When gdb finds a symbol file, it scans the symbols in the file in order to construct an
internal symbol table. This lets most gdb operations work quickly—at the cost of a delay
early on. For large programs, this delay can be quite lengthy, so gdb provides a way to
build an index, which speeds up startup.
The index is stored as a section in the symbol file. gdb can write the index to a file,
then you can put it into the symbol file using objcopy.
To create an index file, use the save gdb-index command:
Once you have created an index file you can merge it into your symbol file, here named
‘symfile’, using objcopy:
$ objcopy --add-section .gdb_index=symfile.gdb-index \
--set-section-flags .gdb_index=readonly symfile symfile
There are currently some limitation on indices. They only work when for DWARF
debugging information, not stabs. And, they do not currently work for programs using
Ada.
Chapter 18: gdb Files 211
While reading a symbol file, gdb occasionally encounters problems, such as symbol
types it does not recognize, or known bugs in compiler output. By default, gdb does not
notify you of such problems, since they are relatively common and primarily of interest to
people debugging compilers. If you are interested in seeing information about ill-constructed
symbol tables, you can either ask gdb to print only one message about each such type of
problem, no matter how many times the problem occurs; or you can ask gdb to print more
messages, to see how many times the problems occur, with the set complaints command
(see hundefinedi [Optional Warnings and Messages], page hundefinedi).
The messages currently printed, and their meanings, include:
inner block not inside outer block in symbol
The symbol information shows where symbol scopes begin and end (such as at
the start of a function or a block of statements). This error indicates that an
inner scope block is not fully contained in its outer scope blocks.
gdb circumvents the problem by treating the inner block as if it had the same
scope as the outer block. In the error message, symbol may be shown as “(don’t
know)” if the outer block is not a function.
block at address out of order
The symbol information for symbol scope blocks should occur in order of in-
creasing addresses. This error indicates that it does not do so.
gdb does not circumvent this problem, and has trouble locating symbols in
the source file whose symbols it is reading. (You can often determine what
source file is affected by specifying set verbose on. See hundefinedi [Optional
Warnings and Messages], page hundefinedi.)
bad block start address patched
The symbol information for a symbol scope block has a start address smaller
than the address of the preceding source line. This is known to occur in the
SunOS 4.1.1 (and earlier) C compiler.
gdb circumvents the problem by treating the symbol scope block as starting
on the previous source line.
bad string table offset in symbol n
Symbol number n contains a pointer into the string table which is larger than
the size of the string table.
gdb circumvents the problem by considering the symbol to have the name foo,
which may cause other problems if many symbols end up with this name.
unknown symbol type 0xnn
The symbol information contains new data types that gdb does not yet know
how to read. 0xnn is the symbol type of the uncomprehended information, in
hexadecimal.
gdb circumvents the error by ignoring this symbol information. This usually
allows you to debug your program, though certain symbols are not accessible. If
you encounter such a problem and feel like debugging it, you can debug gdb with
212 Debugging with gdb
gdb will sometimes read an auxiliary data file. These files are kept in a directory known
as the data directory.
You can set the data directory’s name, and view the name gdb is currently using.
There are multiple classes of targets such as: processes, executable files or recording
sessions. Core files belong to the process class, making core file and process mutually
exclusive. Otherwise, gdb can work concurrently on multiple active targets, one in each
class. This allows you to (for example) start a process and inspect its activity, while
still having access to the executable file after the process finishes. Or if you start process
recording (see hundefinedi [Reverse Execution], page hundefinedi) and reverse-step there,
you are presented a virtual layer of the recording target, while the process target remains
stopped at the chronologically last point of the process execution.
Use the core-file and exec-file commands to select a new core file or executable tar-
get (see hundefinedi [Commands to Specify Files], page hundefinedi). To specify as a target
a process that is already running, use the attach command (see hundefinedi [Debugging an
Already-running Process], page hundefinedi).
Further parameters are interpreted by the target protocol, but typically include
things like device names or host names to connect with, process numbers, and
baud rates.
The target command does not repeat if you press hRETi again after executing
the command.
help target
Displays the names of all targets available. To display targets currently selected,
use either info target or info files (see hundefinedi [Commands to Specify
Files], page hundefinedi).
help target name
Describe a particular target, including any parameters necessary to select it.
set gnutarget args
gdb uses its own library BFD to read your files. gdb knows whether it is
reading an executable, a core, or a .o file; however, you can specify the file
format with the set gnutarget command. Unlike most target commands,
with gnutarget the target refers to a program, not a machine.
Warning: To specify a file format with set gnutarget, you must
know the actual BFD name.
See hundefinedi [Commands to Specify Files], page hundefinedi.
show gnutarget
Use the show gnutarget command to display what file format gnutarget is set
to read. If you have not set gnutarget, gdb will determine the file format for
each file automatically, and show gnutarget displays ‘The current BDF target
is "auto"’.
Here are some common targets (available, or not, depending on the GDB configuration):
load filename
Depending on what remote debugging facilities are configured into gdb, the
load command may be available. Where it exists, it is meant to make filename
(an executable) available for debugging on the remote system—by downloading,
or dynamic linking, for example. load also records the filename symbol table
in gdb, like the add-symbol-file command.
If your gdb does not have a load command, attempting to execute it gets the
error message “You can’t do that when your target is ...”
The file is loaded at whatever address is specified in the executable. For some
object file formats, you can specify the load address when you link the program;
for other formats, like a.out, the object file format specifies a fixed address.
Depending on the remote side capabilities, gdb may be able to load programs
into flash memory.
load does not repeat if you press hRETi again after using it.
216 Debugging with gdb
Some types of processors, such as the MIPS, PowerPC, and Renesas SH, offer the ability
to run either big-endian or little-endian byte orders. Usually the executable or symbol will
include a bit to designate the endian-ness, and you will not need to worry about which to
use. However, you may still find it useful to adjust gdb’s idea of processor endian-ness
manually.
On the gdb host machine, you will need an unstripped copy of your program, since gdb
needs symbol and debugging information. Start up gdb as usual, using the name of the
local copy of your program as the first argument.
gdb can communicate with the target over a serial line, or over an ip network using tcp
or udp. In each case, gdb uses the same protocol for debugging your program; only the
medium carrying the debugging packets varies. The target remote command establishes
a connection to the target. Its arguments indicate which medium to use:
target remote serial-device
Use serial-device to communicate with the target. For example, to use a serial
line connected to the device named ‘/dev/ttyb’:
target remote /dev/ttyb
If you’re using a serial line, you may want to give gdb the ‘--baud’ option,
or use the set remotebaud command (see hundefinedi [Remote Configuration],
page hundefinedi) before the target command.
target remote host :port
target remote tcp:host :port
Debug using a tcp connection to port on host. The host may be either a host
name or a numeric ip address; port must be a decimal number. The host could
be the target machine itself, if it is directly connected to the net, or it might
be a terminal server which in turn has a serial line to the target.
For example, to connect to port 2828 on a terminal server named manyfarms:
target remote manyfarms:2828
If your remote target is actually running on the same machine as your debugger
session (e.g. a simulator for your target running on the same host), you can omit
the hostname. For example, to connect to port 1234 on your local machine:
target remote :1234
detach When you have finished debugging the remote program, you can use the detach
command to release it from gdb control. Detaching from the target normally
resumes its execution, but the results will depend on your particular remote
stub. After the detach command, gdb is free to connect to another target.
disconnect
The disconnect command behaves like detach, except that the target is gener-
ally not resumed. It will wait for gdb (this instance or another one) to connect
and continue debugging. After the disconnect command, gdb is again free to
connect to another target.
monitor cmd
This command allows you to send arbitrary commands directly to the remote
monitor. Since gdb doesn’t care about the commands it sends like this, this
command is the way to extend gdb—you can add new commands that only
the external monitor will understand and implement.
Chapter 20: Debugging Remote Programs 219
Some remote targets offer the ability to transfer files over the same connection used to
communicate with gdb. This is convenient for targets accessible through other means, e.g.
gnu/Linux systems running gdbserver over a network interface. For other targets, e.g.
embedded devices with only a single serial port, this may be the only way to upload or
download files.
Not all remote targets support these commands.
gdbserver is a control program for Unix-like systems, which allows you to connect your
program with a remote gdb via target remote—but without linking in the usual debugging
stub.
gdbserver is not a complete replacement for the debugging stubs, because it requires
essentially the same operating-system facilities that gdb itself does. In fact, a system that
can run gdbserver to connect to a remote gdb could also run gdb locally! gdbserver is
sometimes useful nevertheless, because it is a much smaller program than gdb itself. It is
also easier to port than all of gdb, so you may be able to get started more quickly on a
new system by using gdbserver. Finally, if you develop code for real-time systems, you
may find that the tradeoffs involved in real-time operation make it more convenient to do
as much development work as possible on another system, for example by cross-compiling.
You can use gdbserver to make a similar choice for debugging.
gdb and gdbserver communicate via either a serial line or a TCP connection, using the
standard gdb remote serial protocol.
Warning: gdbserver does not have any built-in security. Do not run
gdbserver connected to any public network; a gdb connection to gdbserver
provides access to the target system with the same privileges as the user
running gdbserver.
Run gdbserver on the target system. You need a copy of the program you want to
debug, including any libraries it requires. gdbserver does not need your program’s symbol
table, so you can strip the program if necessary to save space. gdb on the host system does
all the symbol handling.
220 Debugging with gdb
To use the server, you must tell it how to communicate with gdb; the name of your
program; and the arguments for your program. The usual syntax is:
target> gdbserver comm program [ args ... ]
comm is either a device name (to use a serial line) or a TCP hostname and portnumber.
For example, to debug Emacs with the argument ‘foo.txt’ and communicate with gdb
over the serial port ‘/dev/com1’:
target> gdbserver /dev/com1 emacs foo.txt
gdbserver waits passively for the host gdb to communicate with it.
To use a TCP connection instead of a serial line:
target> gdbserver host:2345 emacs foo.txt
The only difference from the previous example is the first argument, specifying that you
are communicating with the host gdb via TCP. The ‘host:2345’ argument means that
gdbserver is to expect a TCP connection from machine ‘host’ to local TCP port 2345.
(Currently, the ‘host’ part is ignored.) You can choose any number you want for the port
number as long as it does not conflict with any TCP ports already in use on the target
system (for example, 23 is reserved for telnet).1 You must use the same port number with
the host gdb target remote command.
On some targets, gdbserver can also attach to running programs. This is accomplished
via the --attach argument. The syntax is:
target> gdbserver --attach comm pid
pid is the process ID of a currently running process. It isn’t necessary to point gdbserver
at a binary for the running process.
You can debug processes by name instead of process ID if your target has the pidof
utility:
target> gdbserver --attach comm ‘pidof program ‘
In case more than one copy of program is running, or program has multiple threads,
most versions of pidof support the -s option to only return the first process ID.
When you connect to gdbserver using target remote, gdbserver debugs the speci-
fied program only once. When the program exits, or you detach from it, gdb closes the
connection and gdbserver exits.
If you connect using target extended-remote, gdbserver enters multi-process mode.
When the debugged program exits, or you detach from it, gdb stays connected to gdbserver
even though no program is running. The run and attach commands instruct gdbserver to
run or attach to a new program. The run command uses set remote exec-file (see hun-
definedi [set remote exec-file], page hundefinedi) to select the program to run. Command
1
If you choose a port number that conflicts with another service, gdbserver prints an error message and
exits.
Chapter 20: Debugging Remote Programs 221
line arguments are supported, except for wildcard expansion and I/O redirection (see hun-
definedi [Arguments], page hundefinedi).
To start gdbserver without supplying an initial command to run or process ID to attach,
use the ‘--multi’ command line option. Then you can connect using target extended-
remote and start the program you want to debug.
gdbserver does not automatically exit in multi-process mode. You can terminate it by
using monitor exit (see hundefinedi [Monitor Commands for gdbserver], page hundefinedi).
The ‘--debug’ option tells gdbserver to display extra status information about the de-
bugging process. The ‘--remote-debug’ option tells gdbserver to display remote protocol
debug output. These options are intended for gdbserver development and for bug reports
to the developers.
The ‘--wrapper’ option specifies a wrapper to launch programs for debugging. The
option should be followed by the name of the wrapper, then any command-line arguments
to pass to the wrapper, then -- indicating the end of the wrapper arguments.
gdbserver runs the specified wrapper program with a combined command line including
the wrapper arguments, then the name of the program to debug, then any arguments to the
program. The wrapper runs until it executes your program, and then gdb gains control.
You can use any program that eventually calls execve with its arguments as a wrapper.
Several standard Unix utilities do this, e.g. env and nohup. Any Unix shell script ending
with exec "$@" will also work.
For example, you can use env to pass an environment variable to the debugged program,
without setting the variable in gdbserver’s environment:
$ gdbserver --wrapper env LD_PRELOAD=libtest.so -- :2222 ./testprog
During a gdb session using gdbserver, you can use the monitor command to send
special requests to gdbserver. Here are the available commands.
monitor help
List the available monitor commands.
monitor set debug 0
monitor set debug 1
Disable or enable general debugging messages.
monitor set remote-debug 0
monitor set remote-debug 1
Disable or enable specific debugging messages associated with the remote pro-
tocol (see hundefinedi [Remote Protocol], page hundefinedi).
monitor set libthread-db-search-path [PATH]
When this command is issued, path is a colon-separated list of directories
to search for libthread_db (see hundefinedi [set libthread-db-search-path],
page hundefinedi). If you omit path, ‘libthread-db-search-path’ will be
reset to an empty list.
monitor exit
Tell gdbserver to exit immediately. This command should be followed by
disconnect to close the debugging session. gdbserver will detach from any
attached processes and kill any processes it created. Use monitor exit to ter-
minate gdbserver at the end of a multi-process mode debug session.
On some targets, gdbserver supports tracepoints, fast tracepoints and static tracepoints.
For fast or static tracepoints to work, a special library called the in-process agent (IPA),
must be loaded in the inferior process. This library is built and distributed as an inte-
gral part of gdbserver. In addition, support for static tracepoints requires building the
in-process agent library with static tracepoints support. At present, the UST (LTTng
Userspace Tracer, http://lttng.org/ust) tracing engine is supported. This support is
automatically available if UST development headers are found in the standard include path
when gdbserver is built, or if gdbserver was explicitly configured using ‘--with-ust’ to
point at such headers. You can explicitly disable the support using ‘--with-ust=no’.
There are several ways to load the in-process agent in your program:
Specifying it as dependency at link time
You can link your program dynamically with the in-process agent library. On
most systems, this is accomplished by adding -linproctrace to the link com-
mand.
Using the system’s preloading mechanisms
You can force loading the in-process agent at startup time by using your sys-
tem’s support for preloading shared libraries. Many Unixes support the concept
Chapter 20: Debugging Remote Programs 223
This section documents the configuration options available when debugging remote pro-
grams. For the options related to the File I/O extensions of the remote protocol, see
hundefinedi [system], page hundefinedi.
set remoteaddresssize bits
Set the maximum size of address in a memory packet to the specified number
of bits. gdb will mask off the address bits above that number, when it passes
addresses to the remote target. The default value is the number of bits in the
target’s address.
show remoteaddresssize
Show the current value of remote address size in bits.
set remotebaud n
Set the baud rate for the remote serial I/O to n baud. The value is used to set
the speed of the serial port used for debugging remote targets.
224 Debugging with gdb
show remotebaud
Show the current speed of the remote connection.
set remotebreak
If set to on, gdb sends a BREAK signal to the remote when you type Ctrl-c
to interrupt the program running on the remote. If set to off, gdb sends the
‘Ctrl-C’ character instead. The default is off, since most remote systems expect
to see ‘Ctrl-C’ as the interrupt signal.
show remotebreak
Show whether gdb sends BREAK or ‘Ctrl-C’ to interrupt the remote program.
set remoteflow on
set remoteflow off
Enable or disable hardware flow control (RTS/CTS) on the serial port used to
communicate to the remote target.
show remoteflow
Show the current setting of hardware flow control.
set remotelogbase base
Set the base (a.k.a. radix) of logging serial protocol communications to base.
Supported values of base are: ascii, octal, and hex. The default is ascii.
show remotelogbase
Show the current setting of the radix for logging remote serial protocol.
set remotelogfile file
Record remote serial communications on the named file. The default is not to
record at all.
show remotelogfile.
Show the current setting of the file name on which to record the serial commu-
nications.
set remotetimeout num
Set the timeout limit to wait for the remote target to respond to num seconds.
The default is 2 seconds.
show remotetimeout
Show the current number of seconds to wait for the remote target responses.
set remote hardware-watchpoint-limit limit
set remote hardware-breakpoint-limit limit
Restrict gdb to using limit remote hardware breakpoint or watchpoints. A
limit of -1, the default, is treated as unlimited.
set remote exec-file filename
show remote exec-file
Select the file used for run with target extended-remote. This should be set
to a filename valid on the target system. If it is not set, the target will use a
default filename (e.g. the last program run).
Chapter 20: Debugging Remote Programs 225
For each packet name, the command to enable or disable the packet is set remote
name -packet. The available settings are:
Command Name Remote Packet Related Features
set-register P set
software-breakpoint Z0 break
hardware-breakpoint Z1 hbreak
write-watchpoint Z2 watch
read-watchpoint Z3 rwatch
access-watchpoint Z4 awatch
The stub files provided with gdb implement the target side of the communication pro-
tocol, and the gdb side is implemented in the gdb source file ‘remote.c’. Normally, you
228 Debugging with gdb
can simply allow these subroutines to communicate, and ignore the details. (If you’re im-
plementing your own stub file, you can still ignore the details: start with one of the existing
stub files. ‘sparc-stub.c’ is the best organized, and therefore the easiest to read.)
To debug a program running on another machine (the debugging target machine), you
must first arrange for all the usual prerequisites for the program to run by itself. For
example, for a C program, you need:
1. A startup routine to set up the C runtime environment; these usually have a name like
‘crt0’. The startup routine may be supplied by your hardware supplier, or you may
have to write your own.
2. A C subroutine library to support your program’s subroutine calls, notably managing
input and output.
3. A way of getting your program to the other machine—for example, a download pro-
gram. These are often supplied by the hardware manufacturer, but you may have to
write your own from hardware documentation.
The next step is to arrange for your program to use a serial port to communicate with
the machine where gdb is running (the host machine). In general terms, the scheme looks
like this:
On the host,
gdb already understands how to use this protocol; when everything else is
set up, you can simply use the ‘target remote’ command (see hundefinedi
[Specifying a Debugging Target], page hundefinedi).
On the target,
you must link with your program a few special-purpose subroutines that imple-
ment the gdb remote serial protocol. The file containing these subroutines is
called a debugging stub.
On certain remote targets, you can use an auxiliary program gdbserver instead
of linking a stub into your program. See hundefinedi [Using the gdbserver
Program], page hundefinedi, for details.
The debugging stub is specific to the architecture of the remote machine; for example,
use ‘sparc-stub.c’ to debug programs on sparc boards.
These working remote stubs are distributed with gdb:
i386-stub.c
For Intel 386 and compatible architectures.
m68k-stub.c
For Motorola 680x0 architectures.
sh-stub.c
For Renesas SH architectures.
sparc-stub.c
For sparc architectures.
sparcl-stub.c
For Fujitsu sparclite architectures.
The ‘README’ file in the gdb distribution may list other recently added stubs.
Chapter 20: Debugging Remote Programs 229
The debugging stub for your architecture supplies these three subroutines:
set_debug_traps
This routine arranges for handle_exception to run when your program stops.
You must call this subroutine explicitly near the beginning of your program.
handle_exception
This is the central workhorse, but your program never calls it explicitly—the
setup code arranges for handle_exception to run when a trap is triggered.
handle_exception takes control when your program stops during execution
(for example, on a breakpoint), and mediates communications with gdb on
the host machine. This is where the communications protocol is implemented;
handle_exception acts as the gdb representative on the target machine. It
begins by sending summary information on the state of your program, then con-
tinues to execute, retrieving and transmitting any information gdb needs, until
you execute a gdb command that makes your program resume; at that point,
handle_exception returns control to your own code on the target machine.
breakpoint
Use this auxiliary subroutine to make your program contain a breakpoint. De-
pending on the particular situation, this may be the only way for gdb to get
control. For instance, if your target machine has some sort of interrupt button,
you won’t need to call this; pressing the interrupt button transfers control to
handle_exception—in effect, to gdb. On some machines, simply receiving
characters on the serial port may also trigger a trap; again, in that situation,
you don’t need to call breakpoint from your own program—simply running
‘target remote’ from the host gdb session gets control.
Call breakpoint if none of these is true, or if you simply want to make certain
your program stops at a predetermined point for the start of your debugging
session.
The debugging stubs that come with gdb are set up for a particular chip architecture,
but they have no information about the rest of your debugging target machine.
First of all you need to tell the stub how to communicate with the serial port.
int getDebugChar()
Write this subroutine to read a single character from the serial port. It may be
identical to getchar for your target system; a different name is used to allow
you to distinguish the two if you wish.
void putDebugChar(int)
Write this subroutine to write a single character to the serial port. It may be
identical to putchar for your target system; a different name is used to allow
you to distinguish the two if you wish.
230 Debugging with gdb
If you want gdb to be able to stop your program while it is running, you need to use
an interrupt-driven serial driver, and arrange for it to stop when it receives a ^C (‘\003’,
the control-C character). That is the character which gdb uses to tell the remote system
to stop.
Getting the debugging target to return the proper status to gdb probably requires
changes to the standard stub; one quick and dirty way is to just execute a breakpoint
instruction (the “dirty” part is that gdb reports a SIGTRAP instead of a SIGINT).
Other routines you need to supply are:
void exceptionHandler (int exception_number, void *exception_address )
Write this function to install exception address in the exception handling ta-
bles. You need to do this because the stub does not have any way of knowing
what the exception handling tables on your target system are like (for example,
the processor’s table might be in rom, containing entries which point to a table
in ram). exception number is the exception number which should be changed;
its meaning is architecture-dependent (for example, different numbers might
represent divide by zero, misaligned access, etc). When this exception occurs,
control should be transferred directly to exception address, and the processor
state (stack, registers, and so on) should be just as it is when a processor excep-
tion occurs. So if you want to use a jump instruction to reach exception address,
it should be a simple jump, not a jump to subroutine.
For the 386, exception address should be installed as an interrupt gate so that
interrupts are masked while the handler runs. The gate should be at privilege
level 0 (the most privileged level). The sparc and 68k stubs are able to mask
interrupts themselves without help from exceptionHandler.
void flush_i_cache()
On sparc and sparclite only, write this subroutine to flush the instruction
cache, if any, on your target machine. If there is no instruction cache, this
subroutine may be a no-op.
On target machines that have instruction caches, gdb requires this function to
make certain that the state of your program is stable.
You must also make sure this library routine is available:
void *memset(void *, int, int)
This is the standard library function memset that sets an area of memory to a
known value. If you have one of the free versions of libc.a, memset can be found
there; otherwise, you must either obtain it from your hardware manufacturer,
or write your own.
If you do not use the GNU C compiler, you may need other standard library subroutines
as well; this varies from one stub to another, but in general the stubs are likely to use any
of the common library subroutines which gcc generates as inline code.
In summary, when your program is ready to debug, you must follow these steps.
Chapter 20: Debugging Remote Programs 231
1. Make sure you have defined the supporting low-level routines (see hundefinedi [What
You Must Do for the Stub], page hundefinedi):
getDebugChar, putDebugChar,
flush_i_cache, memset, exceptionHandler.
2. Insert these lines near the top of your program:
set_debug_traps();
breakpoint();
3. For the 680x0 stub only, you need to provide a variable called exceptionHook. Nor-
mally you just use:
void (*exceptionHook)() = 0;
but if before calling set_debug_traps, you set it to point to a function in your program,
that function is called when gdb continues after stopping on a trap (for example, bus
error). The function indicated by exceptionHook is called with one parameter: an int
which is the exception number.
4. Compile and link together: your program, the gdb debugging stub for your target
architecture, and the supporting subroutines.
5. Make sure you have a serial connection between your target machine and the gdb host,
and identify the serial port on the host.
6. Download your program to your target machine (or get it there by whatever means the
manufacturer provides), and start it.
7. Start gdb on the host, and connect to the target (see hundefinedi [Connecting to a
Remote Target], page hundefinedi).
232 Debugging with gdb
Chapter 21: Configuration-Specific Information 233
21 Configuration-Specific Information
While nearly all gdb commands are available for all native and cross versions of the
debugger, there are some exceptions. This chapter describes things that are only available
in certain configurations.
There are three major categories of configurations: native configurations, where the host
and target are the same, embedded operating system configurations, which are usually the
same for several different processor architectures, and bare embedded processors, which are
quite different from each other.
21.1 Native
21.1.1 HP-UX
On HP-UX systems, if you refer to a function or variable name that begins with a dollar
sign, gdb searches for a user or system name first, before it searches for a convenience
variable.
Many versions of SVR4 and compatible systems provide a facility called ‘/proc’ that can
be used to examine the image of a running process using file-system subroutines. If gdb is
configured for an operating system with this facility, the command info proc is available to
report information about the process running your program, or about any process running
on your system. info proc works only on SVR4 systems that include the procfs code. This
includes, as of this writing, gnu/Linux, OSF/1 (Digital Unix), Solaris, Irix, and Unixware,
but not HP-UX, for example.
234 Debugging with gdb
info proc
info proc process-id
Summarize available information about any running process. If a process ID
is specified by process-id, display information about that process; otherwise
display information about the program being debugged. The summary includes
the debugged process ID, the command line used to invoke it, its current working
directory, and its executable file’s absolute file name.
On some systems, process-id can be of the form ‘[pid ]/tid ’ which specifies
a certain thread ID within a process. If the optional pid part is missing, it
means a thread from the process being debugged (the leading ‘/’ still needs to
be present, or else gdb will interpret the number as a process ID rather than a
thread ID).
set procfs-trace
This command enables and disables tracing of procfs API calls.
show procfs-trace
Show the current state of procfs API call tracing.
show procfs-file
Show the file to which procfs API trace is written.
Chapter 21: Configuration-Specific Information 235
proc-trace-entry
proc-trace-exit
proc-untrace-entry
proc-untrace-exit
These commands enable and disable tracing of entries into and exits from the
syscall interface.
info pidlist
For QNX Neutrino only, this command displays the list of all the processes and
all the threads within each process.
info meminfo
For QNX Neutrino only, this command displays the list of all mapinfos.
djgpp is a port of the gnu development tools to MS-DOS and MS-Windows. djgpp
programs are 32-bit protected-mode programs that use the DPMI (DOS Protected-Mode
Interface) API to run on top of real-mode DOS systems and their emulations.
gdb supports native debugging of djgpp programs, and defines a few commands specific
to the djgpp port. This subsection describes those commands.
info dos This is a prefix of djgpp-specific commands which print information about the
target system and important OS structures.
info dos sysinfo
This command displays assorted information about the underlying platform:
the CPU type and features, the OS version and flavor, the DPMI version, and
the available conventional and DPMI memory.
info dos gdt
info dos ldt
info dos idt
These 3 commands display entries from, respectively, Global, Local, and Inter-
rupt Descriptor Tables (GDT, LDT, and IDT). The descriptor tables are data
structures which store a descriptor for each segment that is currently in use.
The segment’s selector is an index into a descriptor table; the table entry for
that index holds the descriptor’s base address and limit, and its attributes and
access rights.
A typical djgpp program uses 3 segments: a code segment, a data segment
(used for both data and the stack), and a DOS segment (which allows access to
DOS/BIOS data structures and absolute addresses in conventional memory).
However, the DPMI host will usually define additional segments in order to
support the DPMI environment.
These commands allow to display entries from the descriptor tables. Without
an argument, all entries from the specified table are displayed. An argument,
which should be an integer expression, means display a single entry whose index
is given by the argument. For example, here’s a convenient way to display
information about the debugged program’s data segment:
236 Debugging with gdb
gdb supports native debugging of MS Windows programs, including DLLs with and
without symbolic debugging information.
MS-Windows programs that call SetConsoleMode to switch off the special meaning of
the ‘Ctrl-C’ keystroke cannot be interrupted by typing C-c. For this reason, gdb on MS-
Windows supports C-hBREAKi as an alternative interrupt key sequence, which can be used
to interrupt the debuggee even if it ignores C-c.
There are various additional Cygwin-specific commands, described in this section. Work-
ing with DLLs that have no debugging symbols is described in hundefinedi [Non-debug DLL
Symbols], page hundefinedi.
Very often on windows, some of the DLLs that your program relies on do not include sym-
bolic debugging information (for example, ‘kernel32.dll’). When gdb doesn’t recognize
any debugging symbols in a DLL, it relies on the minimal amount of symbolic information
contained in the DLL’s export table. This section describes working with such symbols,
known internally to gdb as “minimal symbols”.
Note that before the debugged program has started execution, no DLLs will have been
loaded. The easiest way around this problem is simply to start the program — either by
setting a breakpoint or letting the program run once to completion. It is also possible to
force gdb to load a particular DLL before starting the executable — see the shared library
information in hundefinedi [Files], page hundefinedi, or the dll-symbols command in hun-
definedi [Cygwin Native], page hundefinedi. Currently, explicitly loading symbols from a
DLL with no debugging information will cause the symbol names to be duplicated in gdb’s
lookup table, which may adversely affect symbol lookup performance.
In keeping with the naming conventions used by the Microsoft debugging tools, DLL
export symbols are made available with a prefix based on the DLL name, for instance
KERNEL32!CreateFileA. The plain name is also entered into the symbol table, so
CreateFileA is often sufficient. In some cases there will be name clashes within a program
(particularly if the executable itself includes full debugging symbols) necessitating the use
of the fully qualified name when referring to the contents of the DLL. Use single-quotes
around the name to avoid the exclamation mark (“!”) being interpreted as a language
operator.
Note that the internal name of the DLL may be all upper-case, even though the file
name of the DLL is lower-case, or vice-versa. Since symbols within gdb are case-sensitive
this may cause some confusion. If in doubt, try the info functions and info variables
commands or even maint print msymbols (see hundefinedi [Symbols], page hundefinedi).
Here’s an example:
(gdb) info function CreateFileA
All functions matching regular expression "CreateFileA":
Non-debugging symbols:
0x77e885f4 CreateFileA
0x77e885f4 KERNEL32!CreateFileA
Non-debugging symbols:
0x6100114c cygwin1!__assert
0x61004034 cygwin1!_dll_crt0@0
0x61004240 cygwin1!dll_crt0(per_process *)
[etc...]
240 Debugging with gdb
Symbols extracted from a DLL’s export table do not contain very much type information.
All that gdb can do is guess whether a symbol refers to a function or variable depending
on the linker section that contains the symbol. Also note that the actual contents of the
memory contained in a DLL are not available unless the program is running. This means
that you cannot examine the contents of a variable or disassemble a function within a DLL
without a running program.
Variables are generally treated as pointers and dereferenced automatically. For this
reason, it is often necessary to prefix a variable name with the address-of operator (“&”)
and provide explicit type information in the command. Here’s an example of the type of
problem:
(gdb) print ’cygwin1!__argv’
$1 = 268572168
(gdb) x ’cygwin1!__argv’
0x10021610: "\230y\""
Setting a break point within a DLL is possible even before the program starts execu-
tion. However, under these circumstances, gdb can’t examine the initial instructions of the
function in order to skip the function’s frame set-up code. You can work around this by
using “*&” to set the breakpoint at a raw memory address:
(gdb) break *&’python22!PyOS_Readline’
Breakpoint 1 at 0x1e04eff0
The author of these extensions is not entirely convinced that setting a break point within
a shared DLL like ‘kernel32.dll’ is completely safe.
This subsection describes gdb commands specific to the gnu Hurd native debugging.
set signals
set sigs This command toggles the state of inferior signal interception by gdb. Mach
exceptions, such as breakpoint traps, are not affected by this command. sigs
is a shorthand alias for signals.
show signals
show sigs Show the current state of intercepting inferior’s signals.
Chapter 21: Configuration-Specific Information 241
set signal-thread
set sigthread
This command tells gdb which thread is the libc signal thread. That thread
is run when a signal is delivered to a running process. set sigthread is the
shorthand alias of set signal-thread.
show signal-thread
show sigthread
These two commands show which thread will run when the inferior is delivered
a signal.
set stopped
This commands tells gdb that the inferior process is stopped, as with the
SIGSTOP signal. The stopped process can be continued by delivering a signal
to it.
show stopped
This command shows whether gdb thinks the debuggee is stopped.
set exceptions
Use this command to turn off trapping of exceptions in the inferior. When
exception trapping is off, neither breakpoints nor single-stepping will work. To
restore the default, set exception trapping on.
show exceptions
Show the current state of trapping exceptions in the inferior.
set task pause
This command toggles task suspension when gdb has control. Setting it to on
takes effect immediately, and the task is suspended whenever gdb gets control.
Setting it to off will take effect the next time the inferior is continued. If this
option is set to off, you can use set thread default pause on or set thread
pause on (see below) to pause individual threads.
show task pause
Show the current state of task suspension.
set task detach-suspend-count
This command sets the suspend count the task will be left with when gdb
detaches from it.
show task detach-suspend-count
Show the suspend count the task will be left with when detaching.
set task exception-port
set task excp
This command sets the task exception port to which gdb will forward excep-
tions. The argument should be the value of the send rights of the task. set
task excp is a shorthand alias.
set noninvasive
This command switches gdb to a mode that is the least invasive as far as
interfering with the inferior is concerned. This is the same as using set task
pause, set exceptions, and set signals to values opposite to the defaults.
242 Debugging with gdb
info send-rights
info receive-rights
info port-rights
info port-sets
info dead-names
info ports
info psets
These commands display information about, respectively, send rights, receive
rights, port rights, port sets, and dead names of a task. There are also shorthand
aliases: info ports for info port-rights and info psets for info port-
sets.
set thread pause
This command toggles current thread suspension when gdb has control. Setting
it to on takes effect immediately, and the current thread is suspended whenever
gdb gets control. Setting it to off will take effect the next time the inferior is
continued. Normally, this command has no effect, since when gdb has control,
the whole task is suspended. However, if you used set task pause off (see
above), this command comes in handy to suspend only the current thread.
show thread pause
This command shows the state of current thread suspension.
set thread run
This command sets whether the current thread is allowed to run.
show thread run
Show whether the current thread is allowed to run.
set thread detach-suspend-count
This command sets the suspend count gdb will leave on a thread when de-
taching. This number is relative to the suspend count found by gdb when it
notices the thread; use set thread takeover-suspend-count to force it to an
absolute value.
show thread detach-suspend-count
Show the suspend count gdb will leave on the thread when detaching.
set thread exception-port
set thread excp
Set the thread exception port to which to forward exceptions. This overrides
the port set by set task exception-port (see above). set thread excp is the
shorthand alias.
set thread takeover-suspend-count
Normally, gdb’s thread suspend counts are relative to the value gdb finds
when it notices each thread. This command changes the suspend counts to be
absolute instead.
set thread default
show thread default
Each of the above set thread commands has a set thread default counter-
part (e.g., set thread default pause, set thread default exception-port,
Chapter 21: Configuration-Specific Information 243
etc.). The thread default variety of commands sets the default thread prop-
erties for all threads; you can then change the properties of individual threads
with the non-default commands.
gdb provides the following commands specific to the QNX Neutrino target:
set debug nto-debug
When set to on, enables debugging messages specific to the QNX Neutrino
support.
show debug nto-debug
Show the current state of QNX Neutrino messages.
21.1.8 Darwin
The gdb command target lets you connect to a VxWorks target on the network. To
connect to a target whose host name is “tt”, type:
(vxgdb) target vxworks tt
gdb displays messages like these:
Attaching remote machine across net...
Connected to tt.
gdb then attempts to read the symbol tables of any object modules loaded into the
VxWorks target since it was last booted. gdb locates these files by searching the direc-
tories listed in the command search path (see hundefinedi [Your Program’s Environment],
page hundefinedi); if it fails to find an object file, it displays a message such as:
Chapter 21: Configuration-Specific Information 245
If you have connected to the VxWorks target and you want to debug an object that has
not yet been loaded, you can use the gdb load command to download a file from Unix
to VxWorks incrementally. The object file given as an argument to the load command
is actually opened twice: first by the VxWorks target in order to download the code,
then by gdb in order to read the symbol table. This can lead to problems if the current
working directories on the two systems differ. If both systems have NFS mounted the
same filesystems, you can avoid these problems by using absolute paths. Otherwise, it is
simplest to set the working directory on both systems to the directory in which the object file
resides, and then to reference the file by its name, without any path. For instance, a program
‘prog.o’ may reside in ‘vxpath /vw/demo/rdb’ in VxWorks and in ‘hostpath /vw/demo/rdb’
on the host. To load this program, type this on VxWorks:
-> cd "vxpath /vw/demo/rdb"
Then, in gdb, type:
(vxgdb) cd hostpath /vw/demo/rdb
(vxgdb) load prog.o
gdb displays a response similar to this:
Reading symbol data from wherever/vw/demo/rdb/prog.o... done.
You can also use the load command to reload an object module after editing and recom-
piling the corresponding source file. Note that this makes gdb delete all currently-defined
breakpoints, auto-displays, and convenience variables, and to clear the value history. (This
is necessary in order to preserve the integrity of debugger’s data structures that reference
the target system’s symbol table.)
You can also attach to an existing task using the attach command as follows:
(vxgdb) attach task
where task is the VxWorks hexadecimal task ID. The task can be running or suspended
when you attach to it. Running tasks are suspended at the time of attachment.
21.3.1 ARM
none
demon
angel
redboot
all
use_mon_code
Instructs the remote to use the MON CODE method of accessing memory.
use_ib_break
Instructs the remote to set breakpoints by IB break.
use_dbt_break
Instructs the remote to set breakpoints by DBT.
21.3.3 M68k
The Motorola m68k configuration includes ColdFire support, and a target command for
the following ROM monitor.
21.3.4 MicroBlaze
gdb can use the MIPS remote debugging protocol to talk to a MIPS board attached to
a serial line. This is available when you configure gdb with ‘--target=mips-idt-ecoff’.
250 Debugging with gdb
Use these gdb commands to specify the connection to your target board:
target mips port
To run a program on the board, start up gdb with the name of your program
as the argument. To connect to the board, use the command ‘target mips
port ’, where port is the name of the serial port connected to the board. If the
program has not already been downloaded to the board, you may use the load
command to download it. You can then use all the usual gdb commands.
For example, this sequence connects to the target board through a serial port,
and loads and runs a program called prog through the debugger:
host$ gdb prog
gdb is free software and ...
(gdb) target mips /dev/ttyb
(gdb) load prog
(gdb) run
In previous versions the only choices were double precision or no floating point,
so ‘set mipsfpu on’ will select double precision and ‘set mipsfpu off’ will se-
lect no floating point.
As usual, you can inquire about the mipsfpu variable with ‘show mipsfpu’.
set timeout seconds
set retransmit-timeout seconds
show timeout
show retransmit-timeout
You can control the timeout used while waiting for a packet, in the MIPS remote
protocol, with the set timeout seconds command. The default is 5 seconds.
Similarly, you can control the timeout used while waiting for an acknowledg-
ment of a packet with the set retransmit-timeout seconds command. The
default is 3 seconds. You can inspect both values with show timeout and show
retransmit-timeout. (These commands are only available when gdb is con-
figured for ‘--target=mips-idt-ecoff’.)
The timeout set by set timeout does not apply when gdb is waiting for your
program to stop. In that case, gdb waits forever because it has no way of
knowing how long the program is going to run before stopping.
set syn-garbage-limit num
Limit the maximum number of characters gdb should ignore when it tries to
synchronize with the remote target. The default is 10 characters. Setting the
limit to -1 means there’s no limit.
show syn-garbage-limit
Show the current limit on the number of characters to ignore when trying to
synchronize with the remote system.
set monitor-prompt prompt
Tell gdb to expect the specified prompt string from the remote monitor. The
default depends on the target:
pmon target
‘PMON’
ddb target ‘NEC010’
lsi target ‘PMON>’
show monitor-prompt
Show the current strings gdb expects as the prompt from the remote monitor.
set monitor-warnings
Enable or disable monitor warnings about hardware breakpoints. This has effect
only for the lsi target. When on, gdb will display warning messages whose
codes are returned by the lsi PMON monitor for breakpoint commands.
show monitor-warnings
Show the current setting of printing monitor warnings.
pmon command
This command allows sending an arbitrary command string to the monitor.
The monitor must be in debug mode for this to work.
252 Debugging with gdb
hwatch conditional
Set hardware watchpoint on combination of Load/Store Effective Address(es)
or Data. For example:
hwatch ($LEA == my_var) && ($LDATA < 50) || ($SEA == my_var) &&
($SDATA >= 50)
hwatch ($LEA == my_var) && ($LDATA < 50) || ($SEA == my_var) &&
($SDATA >= 50)
htrace info
Display information about current HW trace configuration.
htrace trigger conditional
Set starting criteria for HW trace.
htrace qualifier conditional
Set acquisition qualifier for HW trace.
htrace stop conditional
Set HW trace stopping criteria.
htrace record [data ]*
Selects the data to be recorded, when qualifier is met and HW trace was trig-
gered.
htrace enable
htrace disable
Enables/disables the HW trace.
htrace rewind [filename ]
Clears currently recorded trace data.
If filename is specified, new trace file is made and any newly collected data will
be written there.
htrace print [start [len ]]
Prints trace buffer, using current record configuration.
htrace mode continuous
Set continuous trace mode.
htrace mode suspend
Set suspend trace mode.
gdb supports using the DVC (Data Value Compare) register to implement in hardware
simple hardware watchpoint conditions of the form:
(gdb) watch ADDRESS|VARIABLE \
if ADDRESS|VARIABLE == CONSTANT EXPRESSION
The DVC register will be automatically used when gdb detects such pattern in a con-
dition expression, and the created watchpoint uses one debug register (either the exact-
watchpoints option is on and the variable is scalar, or the variable has a length of one
254 Debugging with gdb
byte). This feature is available in native gdb running on a Linux kernel version 2.6.34 or
newer.
When running on PowerPC embedded processors, gdb automatically uses ranged hard-
ware watchpoints, unless the exact-watchpoints option is on, in which case watchpoints
using only one debug register are created when watching variables of scalar types.
You can create an artificial array to watch an arbitrary memory region using one of the
following commands (see hundefinedi [Expressions], page hundefinedi):
(gdb) watch *((char *) address )@length
(gdb) watch {char[length ]} address
gdb provides the following PowerPC-specific commands:
set powerpc soft-float
show powerpc soft-float
Force gdb to use (or not use) a software floating point calling convention. By
default, gdb selects the calling convention based on the selected architecture
and the provided executable file.
set powerpc vector-abi
show powerpc vector-abi
Force gdb to use the specified calling convention for vector arguments and
return values. The valid options are ‘auto’; ‘generic’, to avoid vector registers
even if they are present; ‘altivec’, to use AltiVec registers; and ‘spe’ to use
SPE registers. By default, gdb selects the calling convention based on the
selected architecture and the provided executable file.
set powerpc exact-watchpoints
show powerpc exact-watchpoints
Allow gdb to use only one debug register when watching a variable of scalar
type, thus assuming that the variable is accessed through the address of its first
byte.
target dink32 dev
DINK32 ROM monitor.
target ppcbug dev
target ppcbug1 dev
PPCBUG ROM monitor for PowerPC.
target sds dev
SDS monitor, running on a PowerPC board (such as Motorola’s ADS).
The following commands specific to the SDS protocol are supported by gdb:
set sdstimeout nsec
Set the timeout for SDS protocol reads to be nsec seconds. The default is 2
seconds.
show sdstimeout
Show the current value of the SDS timeout.
sds command
Send the specified command string to the SDS monitor.
Chapter 21: Configuration-Specific Information 255
21.3.8 HP PA Embedded
gdb enables developers to debug tasks running on Sparclet targets from a Unix host.
gdb uses code that runs on both the Unix host and on the Sparclet target. The program
gdb is installed and executed on the Unix host.
remotetimeout args
gdb supports the option remotetimeout. This option is set by the user, and
args represents the number of seconds gdb waits for responses.
When compiling for debugging, include the options ‘-g’ to get debug information and
‘-Ttext’ to relocate the program to where you wish to load it on the target. You may also
want to add the options ‘-n’ or ‘-N’ in order to reduce the size of the sections. Example:
sparclet-aout-gcc prog.c -Ttext 0x12010000 -g -o prog -N
You can use objdump to verify that the addresses are what you intended:
sparclet-aout-objdump --headers --syms prog
Once you have set your Unix execution search path to find gdb, you are ready to run gdb.
From your Unix host, run gdb (or sparclet-aout-gdb, depending on your installation).
gdb comes up showing the prompt:
(gdbslet)
The gdb command file lets you choose with program to debug.
(gdbslet) file prog
gdb then attempts to read the symbol table of ‘prog’. gdb locates the file by searching
the directories listed in the command search path. If the file was compiled with debug
information (option ‘-g’), source files will be searched as well. gdb locates the source
files by searching the directories listed in the directory search path (see hundefinedi [Your
Program’s Environment], page hundefinedi). If it fails to find a file, it displays a message
such as:
prog: No such file or directory.
When this happens, add the appropriate directories to the search paths with the gdb
commands path and dir, and execute the target command again.
256 Debugging with gdb
The gdb command target lets you connect to a Sparclet target. To connect to a target
on serial port “ttya”, type:
(gdbslet) target sparclet /dev/ttya
Remote target sparclet connected to /dev/ttya
main () at ../prog.c:3
gdb displays messages like these:
Connected to ttya.
Once connected to the Sparclet target, you can use the gdb load command to download
the file from the host to the target. The file name and load offset should be given as
arguments to the load command. Since the file format is aout, the program must be loaded
to the starting address. You can use objdump to find out what this value is. The load
offset is an offset which is added to the VMA (virtual memory address) of each of the file’s
sections. For instance, if the program ‘prog’ was linked to text address 0x1201000, with
data at 0x12010160 and bss at 0x12010170, in gdb, type:
(gdbslet) load prog 0x12010000
Loading section .text, size 0xdb0 vma 0x12010000
If the code is loaded at a different address then what the program was linked to, you
may need to use the section and add-symbol-file commands to tell gdb where to map
the symbol table.
You can now begin debugging the task using gdb’s execution control commands, b,
step, run, etc. See the gdb manual for the list of commands.
(gdbslet) b main
Breakpoint 1 at 0x12010000: file prog.c, line 3.
(gdbslet) run
Starting program: prog
Breakpoint 1, main (argc=1, argv=0xeffff21c) at prog.c:3
3 char *symarg = 0;
(gdbslet) step
4 char *execarg = "hello!";
(gdbslet)
When configured for debugging Zilog Z8000 targets, gdb includes a Z8000 simulator.
For the Z8000 family, ‘target sim’ simulates either the Z8002 (the unsegmented variant
of the Z8000 architecture) or the Z8001 (the segmented variant). The simulator recognizes
which architecture is appropriate by inspecting the object code.
target sim args
Debug programs on a simulated CPU. If the simulator supports setup options,
specify them via args.
After specifying this target, you can debug programs for the simulated CPU in the same
style as programs for your host computer; use the file command to load a new program
image, the run command to run your program, and so on.
As well as making available all the usual machine registers (see hundefinedi [Registers],
page hundefinedi), the Z8000 simulator provides three additional items of information as
specially named registers:
cycles Counts clock-ticks in the simulator.
insts Counts instructions run in the simulator.
time Execution time in 60ths of a second.
You can refer to these values in gdb expressions with the usual conventions; for example,
‘b fputc if $cycles>5000’ sets a conditional breakpoint that suspends only after at least
5000 simulated clock ticks.
When configured for debugging the Atmel AVR, gdb supports the following AVR-specific
commands:
info io_registers
This command displays information about the AVR I/O registers. For each
register, gdb prints its number and value.
21.3.13 CRIS
When configured for debugging CRIS, gdb provides the following CRIS-specific com-
mands:
set cris-version ver
Set the current CRIS version to ver, either ‘10’ or ‘32’. The CRIS version affects
register names and sizes. This command is useful in case autodetection of the
CRIS version fails.
show cris-version
Show the current CRIS version.
258 Debugging with gdb
set cris-dwarf2-cfi
Set the usage of DWARF-2 CFI for CRIS debugging. The default is ‘on’.
Change to ‘off’ when using gcc-cris whose version is below R59.
show cris-dwarf2-cfi
Show the current state of using DWARF-2 CFI.
set cris-mode mode
Set the current CRIS mode to mode. It should only be changed when debugging
in guru mode, in which case it should be set to ‘guru’ (the default is ‘normal’).
show cris-mode
Show the current CRIS mode.
21.4 Architectures
This section describes characteristics of architectures that affect all uses of gdb with the
architecture, both native and cross.
21.4.2 A29K
21.4.3 Alpha
21.4.4 MIPS
Alpha- and MIPS-based computers use an unusual stack frame, which sometimes requires
gdb to search backward in the object code to find the beginning of a function.
To improve response time (especially for embedded applications, where gdb may be
restricted to a slow serial line for this search) you may want to limit the size of this search,
using one of these commands:
set heuristic-fence-post limit
Restrict gdb to examining at most limit bytes in its search for the beginning
of a function. A value of 0 (the default) means there is no limit. However,
except for 0, the larger the limit the more bytes heuristic-fence-post must
search and therefore the longer it takes to run. You should only need to use
this command when debugging a stripped executable.
show heuristic-fence-post
Display the current limit.
These commands are available only when gdb is configured for debugging programs on
Alpha or MIPS processors.
Several MIPS-specific commands are available when debugging MIPS programs:
set mips abi arg
Tell gdb which MIPS ABI is used by the inferior. Possible values of arg are:
‘auto’ The default ABI associated with the current binary (this is the
default).
‘o32’
‘o64’
‘n32’
260 Debugging with gdb
‘n64’
‘eabi32’
‘eabi64’
‘auto’
show mips abi
Show the MIPS ABI used by gdb to debug the inferior.
set mipsfpu
show mipsfpu
See hundefinedi [MIPS Embedded], page hundefinedi.
set mips mask-address arg
This command determines whether the most-significant 32 bits of 64-bit MIPS
addresses are masked off. The argument arg can be ‘on’, ‘off’, or ‘auto’. The
latter is the default setting, which lets gdb determine the correct value.
show mips mask-address
Show whether the upper 32 bits of MIPS addresses are masked off or not.
set remote-mips64-transfers-32bit-regs
This command controls compatibility with 64-bit MIPS targets that transfer
data in 32-bit quantities. If you have an old MIPS 64 target that transfers 32
bits for some registers, like sr and fsr, and 64 bits for other registers, set this
option to ‘on’.
show remote-mips64-transfers-32bit-regs
Show the current setting of compatibility with older MIPS 64 targets.
set debug mips
This command turns on and off debugging messages for the MIPS-specific target
code in gdb.
show debug mips
Show the current setting of MIPS debugging messages.
21.4.5 HPPA
When gdb is debugging the HP PA architecture, it provides the following special com-
mands:
set debug hppa
This command determines whether HPPA architecture-specific debugging mes-
sages are to be displayed.
show debug hppa
Show whether HPPA debugging messages are displayed.
maint print unwind address
This command displays the contents of the unwind table entry at the given
address.
Chapter 21: Configuration-Specific Information 261
When gdb is debugging the Cell Broadband Engine SPU architecture, it provides the
following special commands:
info spu event
Display SPU event facility status. Shows current event mask and pending event
status.
info spu signal
Display SPU signal notification facility status. Shows pending signal-control
word and signal notification mode of both signal notification channels.
info spu mailbox
Display SPU mailbox facility status. Shows all pending entries, in order of pro-
cessing, in each of the SPU Write Outbound, SPU Write Outbound Interrupt,
and SPU Read Inbound mailboxes.
info spu dma
Display MFC DMA status. Shows all pending commands in the MFC DMA
queue. For each entry, opcode, tag, class IDs, effective and local store addresses
and transfer size are shown.
info spu proxydma
Display MFC Proxy-DMA status. Shows all pending commands in the MFC
Proxy-DMA queue. For each entry, opcode, tag, class IDs, effective and local
store addresses and transfer size are shown.
When gdb is debugging a combined PowerPC/SPU application on the Cell Broadband
Engine, it provides in addition the following special commands:
set spu stop-on-load arg
Set whether to stop for new SPE threads. When set to on, gdb will give control
to the user when a new SPE thread enters its main function. The default is
off.
show spu stop-on-load
Show whether to stop for new SPE threads.
set spu auto-flush-cache arg
Set whether to automatically flush the software-managed cache. When set to on,
gdb will automatically cause the SPE software-managed cache to be flushed
whenever SPE execution stops. This provides a consistent view of PowerPC
memory that is accessed via the cache. If an application does not use the
software-managed cache, this option has no effect.
show spu auto-flush-cache
Show whether to automatically flush the software-managed cache.
21.4.7 PowerPC
point registers. These values must be stored in two consecutive registers, always starting
at an even register like f0 or f2.
The pseudo-registers go from $dl0 through $dl15, and are formed by joining the
even/odd register pairs f0 and f1 for $dl0, f2 and f3 for $dl1 and so on.
For POWER7 processors, gdb provides a set of pseudo-registers, the 64-bit wide Ex-
tended Floating Point Registers (‘f32’ through ‘f63’).
Chapter 22: Controlling gdb 263
22 Controlling gdb
You can alter the way gdb interacts with you by using the set command. For commands
controlling how gdb displays data, see hundefinedi [Print Settings], page hundefinedi. Other
settings are described here.
22.1 Prompt
gdb indicates its readiness to read a command by printing a string called the prompt.
This string is normally ‘(gdb)’. You can change the prompt string with the set prompt
command. For instance, when debugging gdb with gdb, it is useful to change the prompt
in one of the gdb sessions so that you can always tell which one you are talking to.
Note: set prompt does not add a space for you after the prompt you set. This allows
you to set a prompt which ends in a space or a prompt that does not.
show prompt
Prints a line of the form: ‘Gdb’s prompt is: your-prompt ’
gdb reads its input commands via the Readline interface. This gnu library provides
consistent behavior for programs which provide a command line interface to the user. Ad-
vantages are gnu Emacs-style or vi-style inline editing of commands, csh-like history sub-
stitution, and a storage and recall of command history across debugging sessions.
You may control the behavior of command line editing in gdb with the command set.
set editing
set editing on
Enable command line editing (enabled by default).
show editing
Show whether command line editing is enabled.
gdb can keep track of the commands you type during your debugging sessions, so that
you can be certain of precisely what happened. Use these commands to manage the gdb
command history facility.
gdb uses the gnu History library, a part of the Readline package, to provide the history
facility. READLINESee section “Using History Interactively” in GNU History Library,
READLINEfor the detailed description of the History library.
To issue a command to gdb without affecting certain aspects of the state which is seen
by users, prefix it with ‘server ’ (see hundefinedi [Server Prefix], page hundefinedi). This
means that this command will not affect the command history, nor will it affect gdb’s
notion of which command to repeat if hRETi is pressed on a line by itself.
The server prefix does not affect the recording of values into the value history; to print
a value without recording it into the value history, use the output command instead of the
print command.
Here is the description of gdb commands related to command history.
show commands
Display the last ten commands in the command history.
show commands n
Print ten commands centered on command number n.
show commands +
Print ten commands just after the commands last printed.
Certain commands to gdb may produce large amounts of information output to the
screen. To help you read all of it, gdb pauses and asks you for input at the end of each
page of output. Type hRETi when you want to continue the output, or q to discard the
remaining output. Also, the screen width setting determines when to wrap lines of output.
Depending on what is being printed, gdb tries to break the line at a readable place, rather
than simply letting it overflow onto the following line.
Normally gdb knows the size of the screen from the terminal driver software. For
example, on Unix gdb uses the termcap data base together with the value of the TERM
environment variable and the stty rows and stty cols settings. If this is not correct, you
can override it with the set height and set width commands:
set pagination on
set pagination off
Turn the output pagination on or off; the default is on. Turning pagination off
is the alternative to set height 0. Note that running gdb with the ‘--batch’
option (see hundefinedi [Mode Options], page hundefinedi) also automatically
disables pagination.
show pagination
Show the current pagination mode.
22.5 Numbers
You can always enter numbers in octal, decimal, or hexadecimal in gdb by the usual
conventions: octal numbers begin with ‘0’, decimal numbers end with ‘.’, and hexadecimal
numbers begin with ‘0x’. Numbers that neither begin with ‘0’ or ‘0x’, nor end with a ‘.’
are, by default, entered in base 10; likewise, the default display for numbers—when no
particular format is specified—is base 10. You can change the default base for both input
and output with the commands described below.
gdb can determine the ABI (Application Binary Interface) of your application automat-
ically. However, sometimes you need to override its conclusions. Use these commands to
manage gdb’s view of the current ABI.
One gdb configuration can debug binaries for multiple operating system targets, either
via remote debugging or native emulation. gdb will autodetect the OS ABI (Operating
System ABI) in use, but you can override its conclusion using the set osabi command. One
example where this is useful is in debugging of binaries which use an alternate C library (e.g.
uClibc for gnu/Linux) which does not have the same identifying marks that the standard
C library for your platform provides.
show osabi
Show the OS ABI currently in use.
set osabi With no argument, show the list of registered available OS ABI’s.
set osabi abi
Set the current OS ABI to abi.
Generally, the way that an argument of type float is passed to a function depends on
whether the function is prototyped. For a prototyped (i.e. ANSI/ISO style) function, float
arguments are passed unchanged, according to the architecture’s convention for float. For
unprototyped (i.e. K&R style) functions, float arguments are first promoted to type double
and then passed.
Unfortunately, some forms of debug information do not reliably indicate whether a func-
tion is prototyped. If gdb calls a function that is not marked as prototyped, it consults
set coerce-float-to-double.
set coerce-float-to-double
set coerce-float-to-double on
Arguments of type float will be promoted to double when passed to an un-
prototyped function. This is the default setting.
set coerce-float-to-double off
Arguments of type float will be passed directly to unprototyped functions.
show coerce-float-to-double
Show the current setting of promoting float to double.
gdb needs to know the ABI used for your program’s C++ objects. The correct C++ ABI
depends on which C++ compiler was used to build your application. gdb only fully supports
programs with a single C++ ABI; if your program contains code using multiple C++ ABI’s
or if gdb can not identify your program’s ABI correctly, you can tell gdb which ABI to use.
Currently supported ABI’s include “gnu-v2”, for g++ versions before 3.0, “gnu-v3”, for g++
versions 3.0 and later, and “hpaCC” for the HP ANSI C++ compiler. Other C++ compilers
may use the “gnu-v2” or “gnu-v3” ABI’s as well. The default setting is “auto”.
show cp-abi
Show the C++ ABI currently in use.
268 Debugging with gdb
set cp-abi
With no argument, show the list of supported C++ ABI’s.
set cp-abi abi
set cp-abi auto
Set the current C++ ABI to abi, or return to automatic detection.
By default, gdb is silent about its inner workings. If you are running on a slow machine,
you may want to use the set verbose command. This makes gdb tell you when it does a
lengthy internal operation, so you will not think it has crashed.
Currently, the messages controlled by set verbose are those which announce that the
symbol table for a source file is being read; see symbol-file in hundefinedi [Commands to
Specify Files], page hundefinedi.
set verbose on
Enables gdb output of certain informational messages.
set verbose off
Disables gdb output of certain informational messages.
show verbose
Displays whether set verbose is on or off.
By default, if gdb encounters bugs in the symbol table of an object file, it is silent; but if
you are debugging a compiler, you may find this information useful (see hundefinedi [Errors
Reading Symbol Files], page hundefinedi).
set confirm on
Enables confirmation requests (the default).
show confirm
Displays state of confirmation requests.
If you need to debug user-defined commands or sourced files you may find it useful to
enable command tracing. In this mode each command will be printed as it is executed, pre-
fixed with one or more ‘+’ symbols, the quantity denoting the call depth of each command.
set trace-commands on
Enable command tracing.
set trace-commands off
Disable command tracing.
show trace-commands
Display the current state of command tracing.
gdb has commands that enable optional debugging messages from various gdb subsys-
tems; normally these commands are of interest to gdb maintainers, or when reporting a
bug. This section documents those commands.
set exec-done-display
Turns on or off the notification of asynchronous commands’ completion. When
on, gdb will print a message when an asynchronous command finishes its exe-
cution. The default is off.
show exec-done-display
Displays the current setting of asynchronous command completion notification.
set interactive-mode
If on, forces gdb to assume that GDB was started in a terminal. In practice,
this means that gdb should wait for the user to answer queries generated by
commands entered at the command prompt. If off, forces gdb to operate in
the opposite mode, and it uses the default answers to all queries. If auto (the
default), gdb tries to determine whether its standard input is a terminal, and
works in interactive-mode if it is, non-interactively otherwise.
In the vast majority of cases, the debugger should be able to guess correctly
which mode should be used. But this setting can be useful in certain specific
cases, such as running a MinGW gdb inside a cygwin window.
show interactive-mode
Displays whether the debugger is operating in interactive mode or not.
Chapter 23: Extending gdb 273
23 Extending gdb
gdb provides two mechanisms for extension. The first is based on composition of gdb
commands, and the second is based on the Python scripting language.
To facilitate the use of these extensions, gdb is capable of evaluating the contents of a
file. When doing so, gdb can recognize which scripting language is being used by looking
at the filename extension. Files with an unrecognized filename extension are always treated
as a gdb Command Files. See hundefinedi [Command files], page hundefinedi.
You can control how gdb evaluates these files with the following setting:
set script-extension off
All scripts are always evaluated as gdb Command Files.
set script-extension soft
The debugger determines the scripting language based on filename extension.
If this scripting language is supported, gdb evaluates the script using that
language. Otherwise, it evaluates the file as a gdb Command File.
set script-extension strict
The debugger determines the scripting language based on filename extension,
and evaluates the script using that language. If the language is not supported,
then the evaluation fails.
show script-extension
Display the current value of the script-extension option.
A user-defined command is a sequence of gdb commands to which you assign a new name
as a command. This is done with the define command. User commands may accept up to
10 arguments separated by whitespace. Arguments are accessed within the user command
via $arg0...$arg9. A trivial example:
define adder
print $arg0 + $arg1 + $arg2
end
To execute the command use:
adder 1 2 3
This defines the command adder, which prints the sum of its three arguments. Note the
arguments are text substitutions, so they may reference variables, use complex expressions,
or even perform inferior functions calls.
In addition, $argc may be used to find out how many arguments have been passed. This
expands to a number in the range 0. . . 10.
274 Debugging with gdb
define adder
if $argc == 2
print $arg0 + $arg1
end
if $argc == 3
print $arg0 + $arg1 + $arg2
end
end
define commandname
Define a command named commandname. If there is already a command by
that name, you are asked to confirm that you want to redefine it. command-
name may be a bare command name consisting of letters, numbers, dashes, and
underscores. It may also start with any predefined prefix command. For ex-
ample, ‘define target my-target’ creates a user-defined ‘target my-target’
command.
The definition of the command is made up of other gdb command lines, which
are given following the define command. The end of these commands is marked
by a line containing end.
document commandname
Document the user-defined command commandname, so that it can be ac-
cessed by help. The command commandname must already be defined. This
command reads lines of documentation just as define reads the lines of the
command definition, ending with end. After the document command is fin-
ished, help on command commandname displays the documentation you have
written.
You may use the document command again to change the documentation of a
command. Redefining the command with define does not change the docu-
mentation.
dont-repeat
Used inside a user-defined command, this tells gdb that this command should
not be repeated when the user hits hRETi (see hundefinedi [Command Syntax],
page hundefinedi).
help user-defined
List all user-defined commands, with the first line of the documentation (if any)
for each.
show user
show user commandname
Display the gdb commands used to define commandname (but not its documen-
tation). If no commandname is given, display the definitions for all user-defined
commands.
show max-user-call-depth
set max-user-call-depth
The value of max-user-call-depth controls how many recursion levels are
allowed in user-defined commands before gdb suspects an infinite recursion
and aborts the command.
Chapter 23: Extending gdb 275
In addition to the above commands, user-defined commands frequently use control flow
commands, described in hundefinedi [Command Files], page hundefinedi.
When user-defined commands are executed, the commands of the definition are not
printed. An error in any command stops execution of the user-defined command.
If used interactively, commands that would ask for confirmation proceed without asking
when used inside a user-defined command. Many gdb commands that normally print mes-
sages to say what they are doing omit the messages when used in a user-defined command.
You may define hooks, which are a special kind of user-defined command. Whenever
you run the command ‘foo’, if the user-defined command ‘hook-foo’ exists, it is executed
(with no arguments) before that command.
A hook may also be defined which is run after the command you executed. Whenever you
run the command ‘foo’, if the user-defined command ‘hookpost-foo’ exists, it is executed
(with no arguments) after that command. Post-execution hooks may exist simultaneously
with pre-execution hooks, for the same command.
It is valid for a hook to call the command which it hooks. If this occurs, the hook is not
re-executed, thereby avoiding infinite recursion.
In addition, a pseudo-command, ‘stop’ exists. Defining (‘hook-stop’) makes the asso-
ciated commands execute every time execution stops in your program: before breakpoint
commands are run, displays are printed, or the stack frame is printed.
For example, to ignore SIGALRM signals while single-stepping, but treat them normally
during normal execution, you could define:
define hook-stop
handle SIGALRM nopass
end
define hook-run
handle SIGALRM pass
end
define hook-continue
handle SIGALRM pass
end
As a further example, to hook at the beginning and end of the echo command, and to
add extra text to the beginning and end of the message, you could define:
define hook-echo
echo <<<---
end
define hookpost-echo
echo --->>>\n
end
You can define a hook for any single-word command in gdb, but not for command
aliases; you should define a hook for the basic command name, e.g. backtrace rather than
bt. You can hook a multi-word command by adding hook- or hookpost- to the last word
of the command, e.g. ‘define target hook-remote’ to add a hook to ‘target remote’.
If an error occurs during the execution of your hook, execution of gdb commands stops
and gdb issues a prompt (before the command that you actually typed had a chance to
run).
If you try to define a hook which does not match any known command, you get a warning
from the define command.
A command file for gdb is a text file made of lines that are gdb commands. Comments
(lines starting with #) may also be included. An empty line in a command file does nothing;
it does not mean to repeat the last command, as it would from the terminal.
You can request the execution of a command file with the source command. Note that
the source command is also used to evaluate scripts that are not Command Files. The
exact behavior can be configured using the script-extension setting. See hundefinedi
[Extending GDB], page hundefinedi.
gdb also accepts command input from standard input. In this mode, normal output
goes to standard output and error output goes to standard error. Errors in a command
file supplied on standard input do not terminate execution of the command file—execution
continues with the next command.
gdb < cmds > log 2>&1
(The syntax above will vary depending on the shell used.) This example will execute
commands from the file ‘cmds’. All output and errors would be directed to ‘log’.
Since commands stored on command files tend to be more general than commands typed
interactively, they frequently need to deal with complicated situations, such as different or
unexpected values of variables and symbols, changes in how the program being debugged
is built, etc. gdb provides a set of flow-control commands to deal with these complexities.
Using these commands, you can write complex scripts that loop over data structures, execute
commands conditionally, etc.
if
else This command allows to include in your script conditionally executed com-
mands. The if command takes a single argument, which is an expression to
evaluate. It is followed by a series of commands that are executed only if the
expression is true (its value is nonzero). There can then optionally be an else
line, followed by a series of commands that are only executed if the expression
was false. The end of the list is marked by a line containing end.
while This command allows to write loops. Its syntax is similar to if: the command
takes a single argument, which is an expression to evaluate, and must be fol-
lowed by the commands to execute, one per line, terminated by an end. These
commands are called the body of the loop. The commands in the body of while
are executed repeatedly as long as the expression evaluates to true.
loop_break
This command exits the while loop in whose body it is included. Execution of
the script continues after that whiles end line.
loop_continue
This command skips the execution of the rest of the body of commands in the
while loop in whose body it is included. Execution branches to the beginning
of the while loop, where it evaluates the controlling expression.
end Terminate the block of commands that are the body of if, else, or while
flow-control commands.
During the execution of a command file or a user-defined command, normal gdb output
is suppressed; the only output that appears is what is explicitly printed by the commands
in the definition. This section describes three commands useful for generating exactly the
output you want.
echo text
Print text. Nonprinting characters can be included in text using C escape se-
quences, such as ‘\n’ to print a newline. No newline is printed unless you specify
278 Debugging with gdb
output expression
Print the value of expression and nothing but that value: no newlines, no
‘$nn = ’. The value is not entered in the value history either. See hundefinedi
[Expressions], page hundefinedi, for more information on expressions.
output/fmt expression
Print the value of expression in format fmt. You can use the same formats
as for print. See hundefinedi [Output Formats], page hundefinedi, for more
information.
printf template, expressions ...
Print the values of one or more expressions under the control of the string
template. To print several values, make expressions be a comma-separated
list of individual expressions, which may be either numbers or pointers. Their
values are printed as specified by template, exactly as a C program would do
by executing the code below:
printf (template, expressions ...);
As in C printf, ordinary characters in template are printed verbatim, while
conversion specification introduced by the ‘%’ character cause subsequent ex-
pressions to be evaluated, their values converted and formatted according to
type and style information encoded in the conversion specifications, and then
printed.
For example, you can print two values in hex like this:
printf "foo, bar-foo = 0x%x, 0x%x\n", foo, bar-foo
printf supports all the standard C conversion specifications, including the flags
and modifiers between the ‘%’ character and the conversion letter, with the
following exceptions:
• The argument-ordering modifiers, such as ‘2$’, are not supported.
• The modifier ‘*’ is not supported for specifying precision or width.
• The ‘’’ flag (for separation of digits into groups according to LC_NUMERIC’)
is not supported.
• The type modifiers ‘hh’, ‘j’, ‘t’, and ‘z’ are not supported.
Chapter 23: Extending gdb 279
You can script gdb using the Python programming language. This feature is available
only if gdb was configured using ‘--with-python’.
Python scripts used by gdb should be installed in ‘data-directory /python’, where
data-directory is the data directory as determined at gdb startup (see hundefinedi [Data
Files], page hundefinedi). This directory, known as the python directory, is automatically
added to the Python Search Path in order to allow the Python interpreter to locate all
scripts installed at this location.
gdb provides one command for accessing the Python interpreter, and one related setting:
python [code ]
The python command can be used to evaluate Python code.
If given an argument, the python command will evaluate the argument as a
Python command. For example:
280 Debugging with gdb
At startup, gdb overrides Python’s sys.stdout and sys.stderr to print using gdb’s
output-paging streams. A Python program which outputs to one of these streams may have
its output interrupted by the user (see hundefinedi [Screen Size], page hundefinedi). In this
situation, a Python KeyboardInterrupt exception is thrown.
gdb introduces a new Python module, named gdb. All methods and classes added by
gdb are placed in this module. gdb automatically imports the gdb module for use in all
scripts evaluated by the python command.
PYTHONDIR [Variable]
A string containing the python directory (see hundefinedi [Python], page hundefinedi).
from tty specifies whether gdb ought to consider this command as having originated
from the user invoking it interactively. It must be a boolean value. If omitted, it
defaults to False.
By default, any output produced by command is sent to gdb’s standard output. If
the to string parameter is True, then output will be collected by gdb.execute and
returned as a string. The default is False, in which case the return value is None.
If to string is True, the gdb virtual terminal will be temporarily set to unlimited
width and height, and its pagination will be disabled; see hundefinedi [Screen Size],
page hundefinedi.
breakpoints [Function]
Return a sequence holding all of gdb’s breakpoints. See hundefinedi [Breakpoints In
Python], page hundefinedi, for more information.
however, there is no way to know when they will be processed relative to other events
inside gdb.
gdb is not thread-safe. If your Python program uses multiple threads, you must
be careful to only call gdb-specific functions in the main gdb thread. post_event
ensures this. For example:
(gdb) python
>import threading
>
>class Writer():
> def __init__(self, message):
> self.message = message;
> def __call__(self):
> gdb.write(self.message)
>
>class MyThread1 (threading.Thread):
> def run (self):
> gdb.post_event(Writer("Hello "))
>
>class MyThread2 (threading.Thread):
> def run (self):
> gdb.post_event(Writer("World\n"))
>
>MyThread1().start()
>MyThread2().start()
>end
(gdb) Hello World
flush [Function]
Flush gdb’s paginated standard output stream. Flushing sys.stdout or sys.stderr
will automatically call this function.
When executing the python command, Python exceptions uncaught within the Python
code are translated to calls to gdb error-reporting mechanism. If the command that called
python does not handle the error, gdb will terminate it and print an error message contain-
ing the Python exception name, the associated value, and the Python call stack backtrace
at the point where the exception was raised. Example:
(gdb) python print foo
Traceback (most recent call last):
File "<string>", line 1, in <module>
NameError: name ’foo’ is not defined
gdb errors that happen in gdb commands invoked by Python code are converted to
Python exceptions. The type of the Python exception depends on the error.
gdb.error
This is the base class for most exceptions generated by gdb. It is derived from
RuntimeError, for compatibility with earlier versions of gdb.
If an error occurring in gdb does not fit into some more specific category, then
the generated exception will have this type.
gdb.MemoryError
This is a subclass of gdb.error which is thrown when an operation tried to
access invalid memory in the inferior.
KeyboardInterrupt
User interrupt (via C-c or by typing q at a pagination prompt) is translated to
a Python KeyboardInterrupt exception.
In all cases, your exception handler will see the gdb error message as its value and the
Python call stack backtrace at the Python statement closest to where the gdb error occured
as the traceback.
When implementing gdb commands in Python via gdb.Command, it is useful to be able
to throw an exception that doesn’t cause a traceback to be printed. For example, the user
may have invoked the command incorrectly. Use the gdb.GdbError exception to handle
this case. Example:
(gdb) python
>class HelloWorld (gdb.Command):
> """Greet the whole world."""
> def __init__ (self):
284 Debugging with gdb
gdb provides values it obtains from the inferior program in an object of type gdb.Value.
gdb uses this object for its internal bookkeeping of the inferior’s values, and for fetching
values when necessary.
Inferior values that are simple scalars can be used directly in Python expressions that
are valid for the value’s data type. Here’s an example for an integer or floating-point value
some_val:
bar = some_val + 2
As result of this, bar will also be a gdb.Value object whose values are of the same type as
those of some_val.
Inferior values that are structures or instances of some class can be accessed using the
Python dictionary syntax. For example, if some_val is a gdb.Value instance holding a
structure, you can access its foo element with:
bar = some_val[’foo’]
Again, bar will also be a gdb.Value object.
A gdb.Value that represents a function can be executed via inferior function call. Any
arguments provided to the call must match the function’s prototype, and must be provided
in the order specified by that prototype.
For example, some_val is a gdb.Value instance representing a function that takes two
integers as arguments. To execute this function, call it like so:
result = some_val (10,20)
Any values returned from a function call will be stored as a gdb.Value.
The following attributes are provided:
gdb represents types from the inferior using the class gdb.Type.
The following type-related functions are available in the gdb module:
TYPE_CODE_FLAGS
A bit flags type, used for things such as status registers.
TYPE_CODE_FUNC
The type is a function.
TYPE_CODE_INT
The type is an integer type.
TYPE_CODE_FLT
A floating point type.
TYPE_CODE_VOID
The special type void.
TYPE_CODE_SET
A Pascal set type.
TYPE_CODE_RANGE
A range type, that is, an integer type with bounds.
TYPE_CODE_STRING
A string type. Note that this is only used for certain languages with language-
defined string types; C strings are not represented this way.
TYPE_CODE_BITSTRING
A string of bits.
TYPE_CODE_ERROR
An unknown or erroneous type.
TYPE_CODE_METHOD
A method type, as found in C++ or Java.
TYPE_CODE_METHODPTR
A pointer-to-member-function.
TYPE_CODE_MEMBERPTR
A pointer-to-member.
TYPE_CODE_REF
A reference type.
TYPE_CODE_CHAR
A character type.
TYPE_CODE_BOOL
A boolean type.
TYPE_CODE_COMPLEX
A complex float type.
TYPE_CODE_TYPEDEF
A typedef to some other type.
TYPE_CODE_NAMESPACE
A C++ namespace.
Chapter 23: Extending gdb 291
TYPE_CODE_DECFLOAT
A decimal floating point type.
TYPE_CODE_INTERNAL_FUNCTION
A function internal to gdb. This is the type used to represent convenience
functions.
Further support for types is provided in the gdb.types Python module (see hundefinedi
[gdb.types], page hundefinedi).
When printing from the CLI, if the to_string method exists, then gdb will prepend
its result to the values returned by children. Exactly how this formatting is done
is dependent on the display hint, and may change as more hints are added. Also,
depending on the print settings (see hundefinedi [Print Settings], page hundefinedi),
the CLI may print just the result of to_string in a stack trace, omitting the result
of children.
If this method returns a string, it is printed verbatim.
Otherwise, if this method returns an instance of gdb.Value, then gdb prints this
value. This may result in a call to another pretty-printer.
If instead the method returns a Python value which is convertible to a gdb.Value,
then gdb performs the conversion and prints the resulting value. Again, this may re-
sult in a call to another pretty-printer. Python scalars (integers, floats, and booleans)
and strings are convertible to gdb.Value; other types are not.
Finally, if this method returns None then no further operations are peformed in this
method and nothing is printed.
If the result is not one of these types, an exception is raised.
gdb provides a function which can be used to look up the default pretty-printer for a
gdb.Value:
default visualizer value [Function]
This function takes a gdb.Value object as an argument. If a pretty-printer for this
value exists, then it is returned. If no such printer exists, then this returns None.
The consequences of a broken pretty-printer are severe enough that gdb provides support
for enabling and disabling individual printers. For example, if print frame-arguments is
on, a backtrace can become highly illegible if any argument is printed with a broken printer.
Pretty-printers are enabled and disabled by attaching an enabled attribute to the reg-
istered function or callable object. If this attribute is present and its value is False, the
printer is disabled, otherwise the printer is enabled.
A pretty-printer consists of two parts: a lookup function to detect if the type is sup-
ported, and the printer itself.
Here is an example showing how a std::string printer might be written. See hun-
definedi [Pretty Printing API], page hundefinedi, for details on the API this class must
provide.
class StdStringPrinter(object):
"Print a std::string"
def to_string(self):
return self.val[’_M_dataplus’][’_M_p’]
def display_hint(self):
return ’string’
And here is an example showing how a lookup function for the printer example above
might be written.
def str_lookup_function(val):
lookup_tag = val.type.tag
if lookup_tag == None:
return None
regex = re.compile("^std::basic_string<char,.*>$")
if regex.match(lookup_tag):
return StdStringPrinter(val)
return None
The example lookup function extracts the value’s type, and attempts to match it to a
type that it can pretty-print. If it is a type the printer can pretty-print, it will return a
printer object. If not, it returns None.
We recommend that you put your core pretty-printers into a Python package. If your
pretty-printers are for use with a library, we further recommend embedding a version number
into the package name. This practice will enable gdb to load multiple versions of your
pretty-printers at the same time, because they will have different names.
You should write auto-loaded code (see hundefinedi [Auto-loading], page hundefinedi)
such that it can be evaluated multiple times without changing its meaning. An ideal auto-
load file will consist solely of imports of your printer modules, followed by a call to a register
pretty-printers with the current objfile.
Taken as a whole, this approach will scale nicely to multiple inferiors, each potentially
using a different library version. Embedding a version number in the Python package name
294 Debugging with gdb
will ensure that gdb is able to load both sets of printers simultaneously. Then, because the
search for pretty-printers is done by objfile, and because your auto-loaded code took care
to register your library’s printers with a specific objfile, gdb will find the correct printers
for the specific version of the library used by each inferior.
To continue the std::string example (see hundefinedi [Pretty Printing API], page hun-
definedi), this code might appear in gdb.libstdcxx.v6:
def register_printers(objfile):
objfile.pretty_printers.add(str_lookup_function)
And then the corresponding contents of the auto-load file would be:
import gdb.libstdcxx.v6
gdb.libstdcxx.v6.register_printers(gdb.current_objfile())
The previous example illustrates a basic pretty-printer. There are a few things that can
be improved on. The printer doesn’t have a name, making it hard to identify in a list of
installed printers. The lookup function has a name, but lookup functions can have arbitrary,
even identical, names.
Second, the printer only handles one type, whereas a library typically has several types.
One could install a lookup function for each desired type in the library, but one could also
have a single lookup function recognize several types. The latter is the conventional way
this is handled. If a pretty-printer can handle multiple data types, then its subprinters are
the printers for the individual data types.
The gdb.printing module provides a formal way of solving these problems (see hun-
definedi [gdb.printing], page hundefinedi). Here is another example that handles multiple
types.
These are the types we are going to pretty-print:
struct foo { int a, b; };
struct bar { struct foo x, y; };
Here are the printers:
class fooPrinter:
"""Print a foo object."""
def to_string(self):
return ("a=<" + str(self.val["a"]) +
"> b=<" + str(self.val["b"]) + ">")
class barPrinter:
"""Print a bar object."""
def to_string(self):
return ("x=<" + str(self.val["x"]) +
"> y=<" + str(self.val["y"]) + ">")
This example doesn’t need a lookup function, that is handled by the gdb.printing
module. Instead a function is provided to build up the object that handles the lookup.
Chapter 23: Extending gdb 295
import gdb.printing
def build_pretty_printer():
pp = gdb.printing.RegexpCollectionPrettyPrinter(
"my_library")
pp.add_printer(’foo’, ’^foo$’, fooPrinter)
pp.add_printer(’bar’, ’^bar$’, barPrinter)
return pp
And here is the autoload support:
import gdb.printing
import my_library
gdb.printing.register_pretty_printer(
gdb.current_objfile(),
my_library.build_pretty_printer())
Finally, when this printer is loaded into gdb, here is the corresponding output of ‘info
pretty-printer’:
(gdb) info pretty-printer
my_library.so:
my_library
foo
bar
Programs which are being run under gdb are called inferiors (see hundefinedi [Inferi-
ors and Programs], page hundefinedi). Python scripts can access information about and
manipulate inferiors controlled by gdb via objects of the gdb.Inferior class.
The following inferior-related functions are available in the gdb module:
inferiors [Function]
Return a tuple containing all inferior objects.
gdb provides a general event facility so that Python code can be notified of various state
changes, particularly changes that occur in the inferior.
An event is just an object that describes some state change. The type of the object and
its attributes will vary depending on the details of the change. All the existing events are
described below.
In order to be notified of an event, you must register an event handler with an event reg-
istry. An event registry is an object in the gdb.events module which dispatches particular
events. A registry provides methods to register and unregister event handlers:
Here is an example:
def exit_handler (event):
print "event type: exit"
print "exit code: %d" % (event.exit_code)
gdb.events.exited.connect (exit_handler)
In the above example we connect our handler exit_handler to the registry
events.exited. Once connected, exit_handler gets called when the inferior exits. The
argument event in this example is of type gdb.ExitedEvent. As you can see in the
Chapter 23: Extending gdb 297
example the ExitedEvent object has an attribute which indicates the exit code of the
inferior.
The following is a listing of the event registries that are available and details of the events
they emit:
events.cont
Emits gdb.ThreadEvent.
Some events can be thread specific when gdb is running in non-stop mode.
When represented in Python, these events all extend gdb.ThreadEvent. Note,
this event is not emitted directly; instead, events which are emitted by this
or other modules might extend this event. Examples of these events are
gdb.BreakpointEvent and gdb.ContinueEvent.
events.stop
Emits gdb.StopEvent which extends gdb.ThreadEvent.
Indicates that the inferior has stopped. All events emitted by this registry
extend StopEvent. As a child of gdb.ThreadEvent, gdb.StopEvent will in-
dicate the stopped thread when gdb is running in non-stop mode. Refer to
gdb.ThreadEvent above for more details.
Emits gdb.SignalEvent which extends gdb.StopEvent.
This event indicates that the inferior or one of its threads has received as signal.
gdb.SignalEvent has the following attributes:
Python scripts can access information about, and manipulate inferior threads controlled
by gdb, via objects of the gdb.InferiorThread class.
The following thread-related functions are available in the gdb module:
You can implement new gdb CLI commands in Python. A CLI command is implemented
using an instance of the gdb.Command class, most commonly using a subclass.
init name command class [completer class] [prefix] [Method on Command]
The object initializer for Command registers the new command with gdb. This initial-
izer is normally invoked from the subclass’ own __init__ method.
name is the name of the command. If name consists of multiple words, then the initial
words are looked for as prefix commands. In this case, if one of the prefix commands
does not exist, an exception is raised.
There is no support for multi-line commands.
command class should be one of the ‘COMMAND_’ constants defined below. This argu-
ment tells gdb how to categorize the new command in the help system.
completer class is an optional argument. If given, it should be one of the ‘COMPLETE_’
constants defined below. This argument tells gdb how to perform completion for this
command. If not given, gdb will attempt to complete using the object’s complete
method (see below); if no such method is found, an error will occur when completion
is attempted.
prefix is an optional argument. If True, then the new command is a prefix command;
sub-commands of this command may be registered.
The help text for the new command is taken from the Python documentation string
for the command’s class, if there is one. If no documentation string is provided, the
default value “This command is not documented.” is used.
COMMAND_NONE
The command does not belong to any particular class. A command in this
category will not be displayed in any of the help categories.
COMMAND_RUNNING
The command is related to running the inferior. For example, start, step,
and continue are in this category. Type help running at the gdb prompt to
see a list of commands in this category.
COMMAND_DATA
The command is related to data or variables. For example, call, find, and
print are in this category. Type help data at the gdb prompt to see a list of
commands in this category.
COMMAND_STACK
The command has to do with manipulation of the stack. For example,
backtrace, frame, and return are in this category. Type help stack at the
gdb prompt to see a list of commands in this category.
COMMAND_FILES
This class is used for file-related commands. For example, file, list and
section are in this category. Type help files at the gdb prompt to see a list
of commands in this category.
Chapter 23: Extending gdb 301
COMMAND_SUPPORT
This should be used for “support facilities”, generally meaning things that are
useful to the user when interacting with gdb, but not related to the state of
the inferior. For example, help, make, and shell are in this category. Type
help support at the gdb prompt to see a list of commands in this category.
COMMAND_STATUS
The command is an ‘info’-related command, that is, related to the state of
gdb itself. For example, info, macro, and show are in this category. Type
help status at the gdb prompt to see a list of commands in this category.
COMMAND_BREAKPOINTS
The command has to do with breakpoints. For example, break, clear, and
delete are in this category. Type help breakpoints at the gdb prompt to see
a list of commands in this category.
COMMAND_TRACEPOINTS
The command has to do with tracepoints. For example, trace, actions, and
tfind are in this category. Type help tracepoints at the gdb prompt to see
a list of commands in this category.
COMMAND_OBSCURE
The command is only used in unusual circumstances, or is not of general interest
to users. For example, checkpoint, fork, and stop are in this category. Type
help obscure at the gdb prompt to see a list of commands in this category.
COMMAND_MAINTENANCE
The command is only useful to gdb maintainers. The maintenance and
flushregs commands are in this category. Type help internals at the gdb
prompt to see a list of commands in this category.
A new command can use a predefined completion function, either by specifying it via an
argument at initialization, or by returning it from the complete method. These predefined
completion constants are all defined in the gdb module:
COMPLETE_NONE
This constant means that no completion should be done.
COMPLETE_FILENAME
This constant means that filename completion should be performed.
COMPLETE_LOCATION
This constant means that location completion should be done. See hundefinedi
[Specify Location], page hundefinedi.
COMPLETE_COMMAND
This constant means that completion should examine gdb command names.
COMPLETE_SYMBOL
This constant means that completion should be done using symbol names as
the source.
The following code snippet shows how a trivial CLI command can be implemented in
Python:
302 Debugging with gdb
HelloWorld ()
The last line instantiates the class, and is necessary to trigger the registration of the
command with gdb. Depending on how the Python code is read into gdb, you may need
to import the gdb module explicitly.
You can implement new gdb parameters using Python. A new parameter is implemented
as an instance of the gdb.Parameter class.
Parameters are exposed to the user via the set and show commands. See hundefinedi
[Help], page hundefinedi.
There are many parameters that already exist and can be set in gdb. Two examples are:
set follow fork and set charset. Setting these parameters influences certain behavior in
gdb. Similarly, you can define parameters that can be used to influence behavior in custom
Python scripts and commands.
The help text for the new parameter is taken from the Python documentation string
for the parameter’s class, if there is one. If there is no documentation string, a default
value is used.
set doc [Instance Variable of Parameter]
If this attribute exists, and is a string, then its value is used as the help text for
this parameter’s set command. The value is examined when Parameter.__init__
is invoked; subsequent changes have no effect.
show doc [Instance Variable of Parameter]
If this attribute exists, and is a string, then its value is used as the help text for this
parameter’s show command. The value is examined when Parameter.__init__ is
invoked; subsequent changes have no effect.
value [Instance Variable of Parameter]
The value attribute holds the underlying value of the parameter. It can be read and
assigned to just as any other attribute. gdb does validation when assignments are
made.
When a new parameter is defined, its type must be specified. The available types are
represented by constants defined in the gdb module:
PARAM_BOOLEAN
The value is a plain boolean. The Python boolean values, True and False are
the only valid values.
PARAM_AUTO_BOOLEAN
The value has three possible states: true, false, and ‘auto’. In Python, true and
false are represented using boolean constants, and ‘auto’ is represented using
None.
PARAM_UINTEGER
The value is an unsigned integer. The value of 0 should be interpreted to mean
“unlimited”.
PARAM_INTEGER
The value is a signed integer. The value of 0 should be interpreted to mean
“unlimited”.
PARAM_STRING
The value is a string. When the user modifies the string, any escape sequences,
such as ‘\t’, ‘\f’, and octal escapes, are translated into corresponding characters
and encoded into the current host charset.
PARAM_STRING_NOESCAPE
The value is a string. When the user modifies the string, escapes are passed
through untranslated.
PARAM_OPTIONAL_FILENAME
The value is a either a filename (a string), or None.
PARAM_FILENAME
The value is a filename. This is just like PARAM_STRING_NOESCAPE, but uses file
names for completion.
304 Debugging with gdb
PARAM_ZINTEGER
The value is an integer. This is like PARAM_INTEGER, except 0 is interpreted as
itself.
PARAM_ENUM
The value is a string, which must be one of a collection string constants provided
when the parameter is created.
You can implement new convenience functions (see hundefinedi [Convenience Vars],
page hundefinedi) in Python. A convenience function is an instance of a subclass of the
class gdb.Function.
The following code snippet shows how a trivial convenience function can be implemented
in Python:
class Greet (gdb.Function):
"""Return string to greet someone.
Takes a name as argument."""
Greet ()
The last line instantiates the class, and is necessary to trigger the registration of the
function with gdb. Depending on how the Python code is read into gdb, you may need to
import the gdb module explicitly.
Chapter 23: Extending gdb 305
progspaces [Function]
Return a sequence of all the progspaces currently known to gdb.
gdb loads symbols for an inferior from various symbol-containing files (see hundefinedi
[Files], page hundefinedi). These include the primary executable file, any shared libraries
used by the inferior, and any separate debug info files (see hundefinedi [Separate Debug
Files], page hundefinedi). gdb calls these symbol-containing files objfiles.
The following objfile-related functions are available in the gdb module:
objfiles [Function]
Return a sequence of all the objfiles current known to gdb. See hundefinedi [Objfiles
In Python], page hundefinedi.
When the debugged program stops, gdb is able to analyze its call stack (see hundefinedi
[Stack frames], page hundefinedi). The gdb.Frame class represents a frame in the stack. A
gdb.Frame object is only valid while its corresponding frame exists in the inferior’s stack.
If you try to use an invalid frame object, gdb will throw a gdb.error exception (see hun-
definedi [Exception Handling], page hundefinedi).
Two gdb.Frame objects can be compared for equality with the == operator, like:
(gdb) python print gdb.newest_frame() == gdb.selected_frame ()
True
The following frame-related functions are available in the gdb module:
gdb.DUMMY_FRAME
A fake stack frame that was created by gdb when performing
an inferior function call.
gdb.INLINE_FRAME
A frame representing an inlined function. The function was
inlined into a gdb.NORMAL_FRAME that is older than this one.
gdb.SIGTRAMP_FRAME
A signal trampoline frame. This is the frame created by the
OS when it calls into a signal handler.
gdb.ARCH_FRAME
A fake stack frame representing a cross-architecture call.
gdb.SENTINEL_FRAME
This is like gdb.NORMAL_FRAME, but it is only used for the
newest frame.
pc [Method on Frame]
Returns the frame’s resume address.
Within each frame, gdb maintains information on each block stored in that frame.
These blocks are organized hierarchically, and are represented individually in Python as a
gdb.Block. Please see hundefinedi [Frames In Python], page hundefinedi, for a more in-
depth discussion on frames. Furthermore, see hundefinedi [Examining the Stack], page hun-
definedi, for more detailed technical information on gdb’s book-keeping of the stack.
The following block-related functions are available in the gdb module:
gdb represents every variable, function and type as an entry in a symbol table. See
hundefinedi [Examining the Symbol Table], page hundefinedi. Similarly, Python represents
these symbols in gdb with the gdb.Symbol object.
The following symbol-related functions are available in the gdb module:
SYMBOL_VARIABLES_DOMAIN
This domain holds a subset of the SYMBOLS_VAR_DOMAIN; it contains everything
minus functions and types.
SYMBOL_FUNCTION_DOMAIN
This domain contains all functions.
SYMBOL_TYPES_DOMAIN
This domain contains all types.
The available address class categories in gdb.Symbol are represented as constants in the
gdb module:
SYMBOL_LOC_UNDEF
If this is returned by address class, it indicates an error either in the symbol
information or in gdb’s handling of symbols.
SYMBOL_LOC_CONST
Value is constant int.
SYMBOL_LOC_STATIC
Value is at a fixed address.
SYMBOL_LOC_REGISTER
Value is in a register.
SYMBOL_LOC_ARG
Value is an argument. This value is at the offset stored within the symbol inside
the frame’s argument list.
SYMBOL_LOC_REF_ARG
Value address is stored in the frame’s argument list. Just like LOC_ARG except
that the value’s address is stored at the offset, not the value itself.
SYMBOL_LOC_REGPARM_ADDR
Value is a specified register. Just like LOC_REGISTER except the register holds
the address of the argument instead of the argument itself.
SYMBOL_LOC_LOCAL
Value is a local variable.
SYMBOL_LOC_TYPEDEF
Value not used. Symbols in the domain SYMBOL_STRUCT_DOMAIN all have this
class.
SYMBOL_LOC_BLOCK
Value is a block.
SYMBOL_LOC_CONST_BYTES
Value is a byte-sequence.
SYMBOL_LOC_UNRESOLVED
Value is at a fixed address, but the address of the variable has to be determined
from the minimal symbol table whenever the variable is referenced.
Chapter 23: Extending gdb 311
SYMBOL_LOC_OPTIMIZED_OUT
The value does not actually exist in the program.
SYMBOL_LOC_COMPUTED
The value’s address is a computed location.
Access to symbol table data maintained by gdb on the inferior is exposed to Python
via two objects: gdb.Symtab_and_line and gdb.Symtab. Symbol table and line data for a
frame is returned from the find_sal method in gdb.Frame object. See hundefinedi [Frames
In Python], page hundefinedi.
For more information on gdb’s symbol table management, see hundefinedi [Examining
the Symbol Table], page hundefinedi, for more information.
A gdb.Symtab_and_line object has the following attributes:
The available watchpoint types represented by constants are defined in the gdb module:
The available types are represented by constants defined in the gdb module:
BP_BREAKPOINT
Normal code breakpoint.
BP_WATCHPOINT
Watchpoint breakpoint.
BP_HARDWARE_WATCHPOINT
Hardware assisted watchpoint.
BP_READ_WATCHPOINT
Hardware assisted read watchpoint.
BP_ACCESS_WATCHPOINT
Hardware assisted access watchpoint.
A lazy string is a string whose contents is not retrieved or encoded until it is needed.
A gdb.LazyString is represented in gdb as an address that points to a region of mem-
ory, an encoding that will be used to encode that region of memory, and a length to delimit
the region of memory that represents the string. The difference between a gdb.LazyString
and a string wrapped within a gdb.Value is that a gdb.LazyString will be treated differ-
ently by gdb when printing. A gdb.LazyString is retrieved and encoded during printing,
while a gdb.Value wrapping a string is immediately retrieved and encoded on creation.
A gdb.LazyString object has the following functions:
23.2.3 Auto-loading
When a new object file is read (for example, due to the file command, or because the
inferior has loaded a shared library), gdb will look for Python support scripts in several
ways: ‘objfile-gdb.py’ and .debug_gdb_scripts section.
Chapter 23: Extending gdb 315
When a new object file is read, gdb looks for a file named ‘objfile-gdb.py’, where
objfile is the object file’s real name, formed by ensuring that the file name is absolute,
following all symlinks, and resolving . and .. components. If this file exists and is readable,
gdb will evaluate it as a Python script.
If this file does not exist, and if the parameter debug-file-directory is set (see hun-
definedi [Separate Debug Files], page hundefinedi), then gdb will look for real-name in all
of the directories mentioned in the value of debug-file-directory.
Finally, if this file does not exist, then gdb will look for a file named ‘data-
directory /python/auto-load/real-name ’, where data-directory is gdb’s data directory
(available via show data-directory, see hundefinedi [Data Files], page hundefinedi), and
real-name is the object file’s real name, as described above.
gdb does not track which files it has already auto-loaded this way. gdb will load the
associated script every time the corresponding objfile is opened. So your ‘-gdb.py’ file
should be careful to avoid errors if it is evaluated more than once.
For systems using file formats like ELF and COFF, when gdb loads a new object file
it will look for a special section named ‘.debug_gdb_scripts’. If this section exists, its
contents is a list of names of scripts to load.
gdb will look for each specified script file first in the current directory and then along
the source search path (see hundefinedi [Specifying Source Directories], page hundefinedi),
except that ‘$cdir’ is not searched, since the compilation directory is not relevant to scripts.
Entries can be placed in section .debug_gdb_scripts with, for example, this GCC
macro:
/* Note: The "MS" section flags are to remove duplicates. */
#define DEFINE_GDB_SCRIPT(script_name) \
asm("\
.pushsection \".debug_gdb_scripts\", \"MS\",@progbits,1\n\
.byte 1\n\
316 Debugging with gdb
Given the multiple ways of auto-loading Python scripts, it might not always be clear
which one to choose. This section provides some guidance.
Benefits of the ‘-gdb.py’ way:
• Can be used with file formats that don’t support multiple sections.
• Ease of finding scripts for public libraries.
Scripts specified in the .debug_gdb_scripts section are searched for in the source
search path. For publicly installed libraries, e.g., ‘libstdc++’, there typically isn’t a
source directory in which to find the script.
• Doesn’t require source code additions.
23.2.4.1 gdb.printing
23.2.4.2 gdb.types
This module provides a collection of utilities for working with gdb.Types objects.
get_basic_type (type )
Return type with const and volatile qualifiers stripped, and with typedefs and
C++ references converted to the underlying type.
C++ example:
typedef const int const_int;
const_int foo (3);
const_int& foo_ref (foo);
int main () { return 0; }
Then in gdb:
(gdb) start
(gdb) python import gdb.types
(gdb) python foo_ref = gdb.parse_and_eval("foo_ref")
(gdb) python print gdb.types.get_basic_type(foo_ref.type)
int
24 Command Interpreters
gdb supports multiple command interpreters, and some command infrastructure to allow
users or user interface writers to switch between interpreters or run commands in other
interpreters.
gdb currently supports two command interpreters, the console interpreter (sometimes
called the command-line interpreter or cli) and the machine interface interpreter (or
gdb/mi). This manual describes both of these interfaces in great detail.
By default, gdb will start with the console interpreter. However, the user may choose
to start gdb with another interpreter by specifying the ‘-i’ or ‘--interpreter’ startup
options. Defined interpreters include:
console The traditional console or command-line interpreter. This is the most often
used interpreter with gdb. With no interpreter specified at runtime, gdb will
use this interpreter.
mi The newest gdb/mi interface (currently mi2). Used primarily by programs
wishing to use gdb as a backend for a debugger GUI or an IDE. For more
information, see hundefinedi [The gdb/mi Interface], page hundefinedi.
mi2 The current gdb/mi interface.
mi1 The gdb/mi interface included in gdb 5.1, 5.2, and 5.3.
The interpreter being used by gdb may not be dynamically switched at runtime. Al-
though possible, this could lead to a very precarious situation. Consider an IDE using
gdb/mi. If a user enters the command "interpreter-set console" in a console view, gdb
would switch to using the console interpreter, rendering the IDE inoperable!
Although you may only choose a single interpreter at startup, you may execute com-
mands in any interpreter from the current interpreter using the appropriate command. If
you are running the console interpreter, simply use the interpreter-exec command:
interpreter-exec mi "-data-list-register-names"
gdb/mi has a similar command, although it is only available in versions of gdb which
support gdb/mi version 2 (or greater).
320 Debugging with gdb
Chapter 25: gdb Text User Interface 321
The TUI installs several key bindings in the readline keymaps READLINE(see section
“Command Line Editing” in GNU Readline Library). READLINEThe following key bind-
ings are installed for both TUI mode and the gdb standard mode.
C-x C-a
C-x a
C-x A Enter or leave the TUI mode. When leaving the TUI mode, the curses window
management stops and gdb operates using its standard mode, writing on the
terminal directly. When reentering the TUI mode, control is given back to the
curses windows. The screen is then refreshed.
C-x 1 Use a TUI layout with only one window. The layout will either be ‘source’ or
‘assembly’. When the TUI mode is not active, it will switch to the TUI mode.
Think of this key binding as the Emacs C-x 1 binding.
C-x 2 Use a TUI layout with at least two windows. When the current layout already
has two windows, the next layout with two windows is used. When a new layout
is chosen, one window will always be common to the previous layout and the
new one.
Think of it as the Emacs C-x 2 binding.
C-x o Change the active window. The TUI associates several key bindings (like
scrolling and arrow keys) with the active window. This command gives the
focus to the next TUI window.
Think of it as the Emacs C-x o binding.
C-x s Switch in and out of the TUI SingleKey mode that binds single keys to gdb
commands (see hundefinedi [TUI Single Key Mode], page hundefinedi).
The following key bindings only work in the TUI mode:
Chapter 25: gdb Text User Interface 323
Because the arrow keys scroll the active window in the TUI mode, they are not available
for their normal use by readline unless the command window has the focus. When another
window is active, you must use other readline key bindings such as C-p, C-n, C-b and C-f
to control the command window.
The TUI also provides a SingleKey mode, which binds several frequently used gdb
commands to single keys. Type C-x s to switch into this mode, where the following key
bindings are used:
c continue
d down
f finish
n next
r run
s step
u up
v info locals
w where
Other keys temporarily switch to the gdb command prompt. The key that was pressed
is inserted in the editing buffer so that it is possible to type most gdb commands without
interaction with the TUI SingleKey mode. Once the command is entered the TUI SingleKey
mode is restored. The only way to permanently leave this mode is by typing q or C-x s.
324 Debugging with gdb
The TUI has specific commands to control the text windows. These commands are
always available, even when gdb is not in the TUI mode. When gdb is in the standard
mode, most of these commands will automatically switch to the TUI mode.
Note that if gdb’s stdout is not connected to a terminal, or gdb has been started
with the machine interface interpreter (see hundefinedi [The gdb/mi Interface], page hun-
definedi), most of these commands will fail with an error, because it would not be possible
or desirable to enable curses window management.
info win List and give the size of all displayed windows.
layout next
Display the next layout.
layout prev
Display the previous layout.
layout src
Display the source window only.
layout asm
Display the assembly window only.
layout split
Display the source and assembly window.
layout regs
Display the register window together with the source or assembly window.
focus next
Make the next window active for scrolling.
focus prev
Make the previous window active for scrolling.
focus src Make the source window active for scrolling.
focus asm Make the assembly window active for scrolling.
focus regs
Make the register window active for scrolling.
focus cmd Make the command window active for scrolling.
refresh Refresh the screen. This is similar to typing C-L.
tui reg float
Show the floating point registers in the register window.
tui reg general
Show the general registers in the register window.
tui reg next
Show the next register group. The list of register groups as well as their order
is target specific. The predefined register groups are the following: general,
float, system, vector, all, save, restore.
Chapter 25: gdb Text User Interface 325
C-c C-s Execute to another source line, like the gdb step command; also update the
display window to show the current file and location.
C-c C-n Execute to next source line in this function, skipping all function calls, like the
gdb next command. Then update the display window to show the current file
and location.
C-c C-i Execute one instruction, like the gdb stepi command; update display window
accordingly.
C-c C-f Execute until exit from the selected stack frame, like the gdb finish command.
C-c C-r Continue execution of your program, like the gdb continue command.
C-c < Go up the number of frames indicated by the numeric argument (see section
“Numeric Arguments” in The gnu Emacs Manual), like the gdb up command.
C-c > Go down the number of frames indicated by the numeric argument, like the
gdb down command.
In any source file, the Emacs command C-x hSPCi (gud-break) tells gdb to set a break-
point on the source line point is on.
In text command mode, if you type M-x speedbar, Emacs displays a separate frame
which shows a backtrace when the GUD buffer is current. Move point to any frame in the
stack and type hRETi to make it become the current frame and display the associated source
in the source buffer. Alternatively, click Mouse-2 to make the selected frame become the
current one. In graphical mode, the speedbar displays watch expressions.
If you accidentally delete the source-display buffer, an easy way to get it back is to type
the command f in the gdb buffer, to request a frame display; when you run under Emacs,
this recreates the source buffer if necessary to show you the context of the current frame.
The source files displayed in Emacs are in ordinary Emacs buffers which are visiting the
source files in the usual way. You can edit the files with these buffers if you wish; but keep
in mind that gdb communicates with Emacs in terms of line numbers. If you add or delete
lines from the text, the line numbers that gdb knows cease to correspond properly with the
code.
A more detailed description of Emacs’ interaction with gdb is given in the Emacs manual
(see section “Debuggers” in The gnu Emacs Manual).
Chapter 27: The gdb/mi Interface 329
gdb/mi is a line based machine oriented text interface to gdb and is activated by
specifying using the ‘--interpreter’ command line option (see hundefinedi [Mode Options],
page hundefinedi). It is specifically intended to support the development of systems which
use the debugger as just one small component of a larger system.
This chapter is a specification of the gdb/mi interface. It is written in the form of a
reference manual.
Note that gdb/mi is still under construction, so some of the features described below are
incomplete and subject to change (see hundefinedi [gdb/mi Development and Front Ends],
page hundefinedi).
• Console output, and status notifications. Console output notifications are used to
report output of CLI commands, as well as diagnostics for other commands. Status
notifications are used to report the progress of a long-running operation. Naturally,
including this information in command response would mean no output is produced
until the command is finished, which is undesirable.
• General notifications. Commands may have various side effects on the gdb or target
state beyond their official purpose. For example, a command may change the selected
thread. Although such changes can be included in command response, using notification
allows for more orthogonal frontend design.
There’s no guarantee that whenever an MI command reports an error, gdb or the target
are in any specific state, and especially, the state is not reverted to the state before the
MI command was processed. Therefore, whenever an MI command results in an error, we
recommend that the frontend refreshes all the information shown in the user interface.
In most cases when gdb accesses the target, this access is done in context of a specific
thread and frame (see hundefinedi [Frames], page hundefinedi). Often, even when accessing
global data, the target requires that a thread be specified. The CLI interface maintains the
selected thread and frame, and supplies them to target on each command. This is conve-
nient, because a command line user would not want to specify that information explicitly on
each command, and because user interacts with gdb via a single terminal, so no confusion
is possible as to what thread and frame are the current ones.
In the case of MI, the concept of selected thread and frame is less useful. First, a
frontend can easily remember this information itself. Second, a graphical frontend can have
more than one window, each one used for debugging a different thread, and the frontend
might want to access additional threads for internal purposes. This increases the risk that
by relying on implicitly selected thread, the frontend may be operating on a wrong one.
Therefore, each MI command should explicitly specify which thread and frame to operate
on. To make it possible, each MI command accepts the ‘--thread’ and ‘--frame’ options,
the value to each is gdb identifier for thread and frame to operate on.
Usually, each top-level window in a frontend allows the user to select a thread and a
frame, and remembers the user selection for further operations. However, in some cases
gdb may suggest that the current thread be changed. For example, when stopping on a
breakpoint it is reasonable to switch to the thread where breakpoint is hit. For another
example, if the user issues the CLI ‘thread’ command via the frontend, it is desirable to
change the frontend’s selected thread to the one specified by user. gdb communicates the
suggestion to change current thread using the ‘=thread-selected’ notification. No such
notification is available for the selected frame at the moment.
Note that historically, MI shares the selected thread with CLI, so frontends used the
-thread-select to execute commands in the right context. However, getting this to work
right is cumbersome. The simplest way is for frontend to emit -thread-select command
before every command. This doubles the number of commands that need to be sent. The
alternative approach is to suppress -thread-select if the selected thread in gdb is sup-
posed to be identical to the thread the frontend wants to operate on. However, getting this
Chapter 27: The gdb/mi Interface 331
optimization right can be tricky. In particular, if the frontend sends several commands to
gdb, and one of the commands changes the selected thread, then the behaviour of sub-
sequent commands will change. So, a frontend should either wait for response from such
problematic commands, or explicitly add -thread-select for all subsequent commands.
No frontend is known to do this exactly right, so it is suggested to just always pass the
‘--thread’ and ‘--frame’ options.
On some targets, gdb is capable of processing MI commands even while the target is
running. This is called asynchronous command execution (see hundefinedi [Background
Execution], page hundefinedi). The frontend may specify a preferrence for asynchronous
execution using the -gdb-set target-async 1 command, which should be emitted before
either running the executable or attaching to the target. After the frontend has started the
executable or attached to the target, it can find if asynchronous execution is enabled using
the -list-target-features command.
Even if gdb can accept a command while target is running, many commands that access
the target do not work when the target is running. Therefore, asynchronous command
execution is most useful when combined with non-stop mode (see hundefinedi [Non-Stop
Mode], page hundefinedi). Then, it is possible to examine the state of one thread, while
other threads are running.
When a given thread is running, MI commands that try to access the target in the
context of that thread may not work, or may work only on some targets. In particular,
commands that try to operate on thread’s stack will not work, on any target. Commands
that read memory, or modify breakpoints, may work or not work, depending on the target.
Note that even commands that operate on global state, such as print, set, and breakpoint
commands, still access the target in the context of a specific thread, so frontend should try
to find a stopped thread and perform the operation on that thread (using the ‘--thread’
option).
Which commands will work in the context of a running thread is highly target dependent.
However, the two commands -exec-interrupt, to stop a thread, and -thread-info, to
find the state of a thread, will always work.
gdb may be used to debug several processes at the same time. On some platfroms, gdb
may support debugging of several hardware systems, each one having several cores with
several different processes running on each core. This section describes the MI mechanism
to support such debugging scenarios.
The key observation is that regardless of the structure of the target, MI can have a global
list of threads, because most commands that accept the ‘--thread’ option do not need to
know what process that thread belongs to. Therefore, it is not necessary to introduce neither
additional ‘--process’ option, nor an notion of the current process in the MI interface. The
only strictly new feature that is required is the ability to find how the threads are grouped
into processes.
332 Debugging with gdb
To allow the user to discover such grouping, and to support arbitrary hierarchy of ma-
chines/cores/processes, MI introduces the concept of a thread group. Thread group is a
collection of threads and other thread groups. A thread group always has a string identifier,
a type, and may have additional attributes specific to the type. A new command, -list-
thread-groups, returns the list of top-level thread groups, which correspond to processes
that gdb is debugging at the moment. By passing an identifier of a thread group to the
-list-thread-groups command, it is possible to obtain the members of specific thread
group.
To allow the user to easily discover processes, and other objects, he wishes to de-
bug, a concept of available thread group is introduced. Available thread group is an
thread group that gdb is not debugging, but that can be attached to, using the -target-
attach command. The list of available top-level thread groups can be obtained using
‘-list-thread-groups --available’. In general, the content of a thread group may be
only retrieved only after attaching to that thread group.
Thread groups are related to inferiors (see hundefinedi [Inferiors and Programs],
page hundefinedi). Each inferior corresponds to a thread group of a special type ‘process’,
and some additional operations are permitted on such thread groups.
command 7→
cli-command | mi-command
cli-command 7→
[ token ] cli-command nl , where cli-command is any existing gdb CLI com-
mand.
mi-command →
7
[ token ] "-" operation ( " " option )* [ " --" ] ( " " parameter )* nl
token 7→ "any sequence of digits"
option 7→
"-" parameter [ " " parameter ]
parameter 7→
non-blank-sequence | c-string
operation 7→
any of the operations described in this chapter
non-blank-sequence 7→
anything, provided it doesn’t contain special characters such as "-", nl, """ and
of course " "
c-string 7→
""" seven-bit-iso-c-string-content """
Chapter 27: The gdb/mi Interface 333
nl 7→ CR | CR-LF
Notes:
• The CLI commands are still handled by the mi interpreter; their output is described
below.
• The token , when present, is passed back when the command finishes.
• Some mi commands accept optional arguments as part of the parameter list. Each
option is identified by a leading ‘-’ (dash) and may be followed by an optional argument
parameter. Options occur first in the parameter list and can be delimited from normal
parameters using ‘--’ (this is useful when some parameters begin with a dash).
Pragmatics:
• We want easy access to the existing CLI syntax (for debugging).
• We want it to be easy to spot a mi operation.
The output from gdb/mi consists of zero or more out-of-band records followed, option-
ally, by a single result record. This result record is for the most recent command. The
sequence of output records is terminated by ‘(gdb)’.
If an input command was prefixed with a token then the corresponding output for that
command will also be prefixed by that same token.
output 7→
( out-of-band-record )* [ result-record ] "(gdb)" nl
result-record 7→
[ token ] "^" result-class ( "," result )* nl
out-of-band-record 7→
async-record | stream-record
async-record 7→
exec-async-output | status-async-output | notify-async-output
exec-async-output 7→
[ token ] "*" async-output
status-async-output 7→
[ token ] "+" async-output
notify-async-output 7→
[ token ] "=" async-output
async-output 7→
async-class ( "," result )* nl
result-class 7→
"done" | "running" | "connected" | "error" | "exit"
async-class 7→
"stopped" | others (where others will be added depending on the needs—this
is still in development).
334 Debugging with gdb
result 7→
variable "=" value
variable 7→
string
value 7→ const | tuple | list
const 7→ c-string
tuple 7→ "{}" | "{" result ( "," result )* "}"
list 7→ "[]" | "[" value ( "," value )* "]" | "[" result ( "," result )* "]"
stream-record 7→
console-stream-output | target-stream-output | log-stream-output
console-stream-output 7→
"~" c-string
target-stream-output 7→
"@" c-string
log-stream-output 7→
"&" c-string
nl 7→ CR | CR-LF
token 7→ any sequence of digits.
Notes:
• All output sequences end in a single line containing a period.
• The token is from the corresponding request. Note that for all async output, while
the token is allowed by the grammar and may be output by future versions of gdb for
select async output messages, it is generally omitted. Frontends should treat all async
output as reporting general changes in the state of the target and there should be no
need to associate async output to any prior command.
• status-async-output contains on-going status information about the progress of a slow
operation. It can be discarded. All status output is prefixed by ‘+’.
• exec-async-output contains asynchronous state change on the target (stopped, started,
disappeared). All async output is prefixed by ‘*’.
• notify-async-output contains supplementary information that the client should handle
(e.g., a new breakpoint information). All notify output is prefixed by ‘=’.
• console-stream-output is output that should be displayed as is in the console. It is the
textual response to a CLI command. All the console output is prefixed by ‘~’.
• target-stream-output is the output produced by the target program. All the target
output is prefixed by ‘@’.
• log-stream-output is output text coming from gdb’s internals, for instance messages
that should be displayed as part of an error log. All the log output is prefixed by ‘&’.
• New gdb/mi commands should only output lists containing values.
See hundefinedi [gdb/mi Stream Records], page hundefinedi, for more details about the
various output records.
Chapter 27: The gdb/mi Interface 335
For the developers convenience CLI commands can be entered directly, but there may be
some unexpected behaviour. For example, commands that query the user will behave as if
the user replied yes, breakpoint command lists are not executed and some CLI commands,
such as if, when and define, prompt for further input with ‘>’, which is not valid MI
output.
This feature may be removed at some stage in the future and it is recommended that front
ends use the -interpreter-exec command (see hundefinedi [-interpreter-exec], page hun-
definedi).
The application which takes the MI output and presents the state of the program being
debugged to the user is called a front end.
Although gdb/mi is still incomplete, it is currently being used by a variety of front ends
to gdb. This makes it difficult to introduce new functionality without breaking existing
usage. This section tries to minimize the problems by describing how the protocol might
change.
Some changes in MI need not break a carefully designed front end, and for these the MI
version will remain unchanged. The following is a list of changes that may occur within one
level, so front ends should parse MI output in a way that can handle them:
• New MI commands may be added.
• New fields may be added to the output of any MI command.
• The range of values for fields with specified values, e.g., in_scope (see hundefinedi
[-var-update], page hundefinedi) may be extended.
If the changes are likely to break front ends, the MI version level will be increased by one.
This will allow the front end to parse the output according to the MI version. Apart from
mi0, new versions of gdb will not support old versions of MI and it will be the responsibility
of the front end to work with the new one.
The best way to avoid unexpected changes in MI that might break your front
end is to make your project known to gdb developers and follow development on
gdb@sourceware.org and gdb-patches@sourceware.org.
"^running"
This result record is equivalent to ‘^done’. Historically, it was output instead
of ‘^done’ if the command has resumed the target. This behaviour is main-
tained for backward compatibility, but all frontends should treat ‘^done’ and
‘^running’ identically and rely on the ‘*running’ output record to determine
which threads are resumed.
"^connected"
gdb has connected to a remote target.
"^error" "," c-string
The operation failed. The c-string contains the corresponding error message.
"^exit" gdb has terminated.
gdb internally maintains a number of output streams: the console, the target, and the
log. The output intended for each of these streams is funneled through the gdb/mi interface
using stream records.
Each stream record begins with a unique prefix character which identifies its stream (see
hundefinedi [gdb/mi Output Syntax], page hundefinedi). In addition to the prefix, each
stream record contains a string-output . This is either raw text (with an implicit new
line) or a quoted C string (which does not contain an implicit newline).
"~" string-output
The console output stream contains text that should be displayed in the CLI
console window. It contains the textual responses to CLI commands.
"@" string-output
The target output stream contains any textual output from the running target.
This is only present when GDB’s event loop is truly asynchronous, which is
currently only the case for remote targets.
"&" string-output
The log stream contains debugging messages being produced by gdb’s internals.
Async records are used to notify the gdb/mi client of additional changes that have oc-
curred. Those changes can either be a consequence of gdb/mi commands (e.g., a breakpoint
modified) or a result of target activity (e.g., target stopped).
The following is the list of possible async records:
*running,thread-id="thread "
The target is now running. The thread field tells which specific thread is now
running, and can be ‘all’ if all threads are running. The frontend should assume
that no interaction with a running thread is possible after this notification is
produced. The frontend should not assume that this notification is output only
once for any command. gdb may emit this notification several times, either for
Chapter 27: The gdb/mi Interface 337
different threads, because it cannot resume all threads together, or even for a
single thread, if the thread must be stepped though some code before letting it
run freely.
*stopped,reason="reason ",thread-id="id ",stopped-threads="stopped ",core="core "
The target has stopped. The reason field can have one of the following values:
breakpoint-hit
A breakpoint was reached.
watchpoint-trigger
A watchpoint was triggered.
read-watchpoint-trigger
A read watchpoint was triggered.
access-watchpoint-trigger
An access watchpoint was triggered.
function-finished
An -exec-finish or similar CLI command was accomplished.
location-reached
An -exec-until or similar CLI command was accomplished.
watchpoint-scope
A watchpoint has gone out of scope.
end-stepping-range
An -exec-next, -exec-next-instruction, -exec-step, -exec-step-
instruction or similar CLI command was accomplished.
exited-signalled
The inferior exited because of a signal.
exited The inferior exited.
exited-normally
The inferior exited normally.
signal-received
A signal was received by the inferior.
The id field identifies the thread that directly caused the stop – for example by
hitting a breakpoint. Depending on whether all-stop mode is in effect (see hun-
definedi [All-Stop Mode], page hundefinedi), gdb may either stop all threads,
or only the thread that directly triggered the stop. If all threads are stopped,
the stopped field will have the value of "all". Otherwise, the value of the
stopped field will be a list of thread identifiers. Presently, this list will always
include a single thread, but frontend should be prepared to see several threads
in the list. The core field reports the processor core on which the stop event
has happened. This field may be absent if such information is not available.
=thread-group-added,id="id "
=thread-group-removed,id="id "
A thread group was either added or removed. The id field contains the gdb
identifier of the thread group. When a thread group is added, it generally might
338 Debugging with gdb
not be associated with a running process. When a thread group is removed, its
id becomes invalid and cannot be used in any way.
=thread-group-started,id="id ",pid="pid "
A thread group became associated with a running program, either because the
program was just started or the thread group was attached to a program. The
id field contains the gdb identifier of the thread group. The pid field contains
process identifier, specific to the operating system.
=thread-group-exited,id="id "
A thread group is no longer associated with a running program, either because
the program has exited, or because it was detached from. The id field contains
the gdb identifier of the thread group.
=thread-created,id="id ",group-id="gid "
=thread-exited,id="id ",group-id="gid "
A thread either was created, or has exited. The id field contains the gdb
identifier of the thread. The gid field identifies the thread group this thread
belongs to.
=thread-selected,id="id "
Informs that the selected thread was changed as result of the last command.
This notification is not emitted as result of -thread-select command but is
emitted whenever an MI command that is not documented to change the se-
lected thread actually changes it. In particular, invoking, directly or indirectly
(via user-defined command), the CLI thread command, will generate this no-
tification.
We suggest that in response to this notification, front ends highlight the selected
thread and cause subsequent commands to apply to that thread.
=library-loaded,...
Reports that a new library file was loaded by the program. This notification
has 4 fields—id, target-name, host-name, and symbols-loaded. The id field is
an opaque identifier of the library. For remote debugging case, target-name
and host-name fields give the name of the library file on the target, and on the
host respectively. For native debugging, both those fields have the same value.
The symbols-loaded field is emitted only for backward compatibility and should
not be relied on to convey any useful information. The thread-group field, if
present, specifies the id of the thread group in whose context the library was
loaded. If the field is absent, it means the library was loaded in the context of
all present thread groups.
=library-unloaded,...
Reports that a library was unloaded by the program. This notification has
3 fields—id, target-name and host-name with the same meaning as for the
=library-loaded notification. The thread-group field, if present, specifies the
id of the thread group in whose context the library was unloaded. If the field is
absent, it means the library was unloaded in the context of all present thread
groups.
Chapter 27: The gdb/mi Interface 339
Response from many MI commands includes an information about stack frame. This
information is a tuple that may have the following fields:
level The level of the stack frame. The innermost frame has the level of zero. This
field is always present.
func The name of the function corresponding to the frame. This field may be absent
if gdb is unable to determine the function name.
addr The code address for the frame. This field is always present.
file The name of the source files that correspond to the frame’s code address. This
field may be absent.
line The source line corresponding to the frames’ code address. This field may be
absent.
from The name of the binary file (either executable or shared library) the corresponds
to the frame’s code address. This field may be absent.
Whenever gdb has to report an information about a thread, it uses a tuple with the
following fields:
id The numeric id assigned to the thread by gdb. This field is always present.
target-id
Target-specific string identifying the thread. This field is always present.
details Additional information about the thread provided by the target. It is supposed
to be human-readable and not interpreted by the frontend. This field is optional.
state Either ‘stopped’ or ‘running’, depending on whether the thread is presently
running. This field is always present.
core The value of this field is an integer number of the processor core the thread was
last seen on. This field is optional.
This subsection presents several simple examples of interaction using the gdb/mi inter-
face. In these examples, ‘->’ means that the following line is passed to gdb/mi as input,
while ‘<-’ means the output received from gdb/mi.
Note the line breaks shown in the examples are here only for readability, they don’t
appear in the real output.
340 Debugging with gdb
Setting a Breakpoint
Program Execution
Program execution generates asynchronous records and MI gives the reason that execu-
tion stopped.
-> -exec-run
<- ^running
<- (gdb)
<- *stopped,reason="breakpoint-hit",disp="keep",bkptno="1",thread-id="0",
frame={addr="0x08048564",func="main",
args=[{name="argc",value="1"},{name="argv",value="0xbfc4d4d4"}],
file="myprog.c",fullname="/home/nickrob/myprog.c",line="68"}
<- (gdb)
-> -exec-continue
<- ^running
<- (gdb)
<- *stopped,reason="exited-normally"
<- (gdb)
Quitting gdb
A Bad Command
The remaining sections describe blocks of commands. Each block of commands is laid
out in a fashion similar to this section.
Chapter 27: The gdb/mi Interface 341
Motivation
Introduction
Commands
Synopsis
-command args ...
Result
gdb Command
Example
Example(s) formatted for readability. Some of the described commands have not been
implemented yet and these are labeled N.A. (not available).
Synopsis
-break-after number count
The breakpoint number number is not in effect until it has been hit count times. To see
how this is reflected in the output of the ‘-break-list’ command, see the description of
the ‘-break-list’ command below.
gdb Command
Example
(gdb)
-break-insert main
^done,bkpt={number="1",type="breakpoint",disp="keep",
enabled="y",addr="0x000100d0",func="main",file="hello.c",
fullname="/home/foo/hello.c",line="5",times="0"}
(gdb)
-break-after 1 3
~
^done
(gdb)
-break-list
^done,BreakpointTable={nr_rows="1",nr_cols="6",
hdr=[{width="3",alignment="-1",col_name="number",colhdr="Num"},
{width="14",alignment="-1",col_name="type",colhdr="Type"},
{width="4",alignment="-1",col_name="disp",colhdr="Disp"},
{width="3",alignment="-1",col_name="enabled",colhdr="Enb"},
{width="10",alignment="-1",col_name="addr",colhdr="Address"},
{width="40",alignment="2",col_name="what",colhdr="What"}],
body=[bkpt={number="1",type="breakpoint",disp="keep",enabled="y",
addr="0x000100d0",func="main",file="hello.c",fullname="/home/foo/hello.c",
line="5",times="0",ignore="3"}]}
(gdb)
Synopsis
-break-commands number [ command1 ... commandN ]
Specifies the CLI commands that should be executed when breakpoint number is hit.
The parameters command1 to commandN are the commands. If no command is specified,
any previously-set commands are cleared. See hundefinedi [Break Commands], page hunde-
finedi. Typical use of this functionality is tracing a program, that is, printing of values of
some variables whenever breakpoint is hit and then continuing.
gdb Command
Example
(gdb)
-break-insert main
^done,bkpt={number="1",type="breakpoint",disp="keep",
enabled="y",addr="0x000100d0",func="main",file="hello.c",
fullname="/home/foo/hello.c",line="5",times="0"}
(gdb)
-break-commands 1 "print v" "continue"
^done
(gdb)
Chapter 27: The gdb/mi Interface 343
Synopsis
-break-condition number expr
Breakpoint number will stop the program only if the condition in expr is true. The con-
dition becomes part of the ‘-break-list’ output (see the description of the ‘-break-list’
command below).
gdb Command
Example
(gdb)
-break-condition 1 1
^done
(gdb)
-break-list
^done,BreakpointTable={nr_rows="1",nr_cols="6",
hdr=[{width="3",alignment="-1",col_name="number",colhdr="Num"},
{width="14",alignment="-1",col_name="type",colhdr="Type"},
{width="4",alignment="-1",col_name="disp",colhdr="Disp"},
{width="3",alignment="-1",col_name="enabled",colhdr="Enb"},
{width="10",alignment="-1",col_name="addr",colhdr="Address"},
{width="40",alignment="2",col_name="what",colhdr="What"}],
body=[bkpt={number="1",type="breakpoint",disp="keep",enabled="y",
addr="0x000100d0",func="main",file="hello.c",fullname="/home/foo/hello.c",
line="5",cond="1",times="0",ignore="3"}]}
(gdb)
Synopsis
-break-delete ( breakpoint )+
Delete the breakpoint(s) whose number(s) are specified in the argument list. This is
obviously reflected in the breakpoint list.
gdb Command
Example
(gdb)
-break-delete 1
344 Debugging with gdb
^done
(gdb)
-break-list
^done,BreakpointTable={nr_rows="0",nr_cols="6",
hdr=[{width="3",alignment="-1",col_name="number",colhdr="Num"},
{width="14",alignment="-1",col_name="type",colhdr="Type"},
{width="4",alignment="-1",col_name="disp",colhdr="Disp"},
{width="3",alignment="-1",col_name="enabled",colhdr="Enb"},
{width="10",alignment="-1",col_name="addr",colhdr="Address"},
{width="40",alignment="2",col_name="what",colhdr="What"}],
body=[]}
(gdb)
Synopsis
-break-disable ( breakpoint )+
Disable the named breakpoint(s). The field ‘enabled’ in the break list is now set to ‘n’
for the named breakpoint(s).
gdb Command
Example
(gdb)
-break-disable 2
^done
(gdb)
-break-list
^done,BreakpointTable={nr_rows="1",nr_cols="6",
hdr=[{width="3",alignment="-1",col_name="number",colhdr="Num"},
{width="14",alignment="-1",col_name="type",colhdr="Type"},
{width="4",alignment="-1",col_name="disp",colhdr="Disp"},
{width="3",alignment="-1",col_name="enabled",colhdr="Enb"},
{width="10",alignment="-1",col_name="addr",colhdr="Address"},
{width="40",alignment="2",col_name="what",colhdr="What"}],
body=[bkpt={number="2",type="breakpoint",disp="keep",enabled="n",
addr="0x000100d0",func="main",file="hello.c",fullname="/home/foo/hello.c",
line="5",times="0"}]}
(gdb)
Synopsis
-break-enable ( breakpoint )+
Enable (previously disabled) breakpoint(s).
Chapter 27: The gdb/mi Interface 345
gdb Command
Example
(gdb)
-break-enable 2
^done
(gdb)
-break-list
^done,BreakpointTable={nr_rows="1",nr_cols="6",
hdr=[{width="3",alignment="-1",col_name="number",colhdr="Num"},
{width="14",alignment="-1",col_name="type",colhdr="Type"},
{width="4",alignment="-1",col_name="disp",colhdr="Disp"},
{width="3",alignment="-1",col_name="enabled",colhdr="Enb"},
{width="10",alignment="-1",col_name="addr",colhdr="Address"},
{width="40",alignment="2",col_name="what",colhdr="What"}],
body=[bkpt={number="2",type="breakpoint",disp="keep",enabled="y",
addr="0x000100d0",func="main",file="hello.c",fullname="/home/foo/hello.c",
line="5",times="0"}]}
(gdb)
Synopsis
-break-info breakpoint
Get information about a single breakpoint.
gdb Command
Example
N.A.
Synopsis
-break-insert [ -t ] [ -h ] [ -f ] [ -d ] [ -a ]
[ -c condition ] [ -i ignore-count ]
[ -p thread ] [ location ]
If specified, location, can be one of:
• function
346 Debugging with gdb
• filename:linenum
• filename:function
• *address
The possible optional parameters of this command are:
‘-t’ Insert a temporary breakpoint.
‘-h’ Insert a hardware breakpoint.
‘-c condition ’
Make the breakpoint conditional on condition.
‘-i ignore-count ’
Initialize the ignore-count.
‘-f’ If location cannot be parsed (for example if it refers to unknown files or func-
tions), create a pending breakpoint. Without this flag, gdb will report an error,
and won’t create a breakpoint, if location cannot be parsed.
‘-d’ Create a disabled breakpoint.
‘-a’ Create a tracepoint. See hundefinedi [Tracepoints], page hundefinedi. When
this parameter is used together with ‘-h’, a fast tracepoint is created.
Result
gdb Command
The corresponding gdb commands are ‘break’, ‘tbreak’, ‘hbreak’, ‘thbreak’, and
‘rbreak’.
Example
(gdb)
-break-insert main
^done,bkpt={number="1",addr="0x0001072c",file="recursive2.c",
fullname="/home/foo/recursive2.c,line="4",times="0"}
(gdb)
-break-insert -t foo
Chapter 27: The gdb/mi Interface 347
^done,bkpt={number="2",addr="0x00010774",file="recursive2.c",
fullname="/home/foo/recursive2.c,line="11",times="0"}
(gdb)
-break-list
^done,BreakpointTable={nr_rows="2",nr_cols="6",
hdr=[{width="3",alignment="-1",col_name="number",colhdr="Num"},
{width="14",alignment="-1",col_name="type",colhdr="Type"},
{width="4",alignment="-1",col_name="disp",colhdr="Disp"},
{width="3",alignment="-1",col_name="enabled",colhdr="Enb"},
{width="10",alignment="-1",col_name="addr",colhdr="Address"},
{width="40",alignment="2",col_name="what",colhdr="What"}],
body=[bkpt={number="1",type="breakpoint",disp="keep",enabled="y",
addr="0x0001072c", func="main",file="recursive2.c",
fullname="/home/foo/recursive2.c,"line="4",times="0"},
bkpt={number="2",type="breakpoint",disp="del",enabled="y",
addr="0x00010774",func="foo",file="recursive2.c",
fullname="/home/foo/recursive2.c",line="11",times="0"}]}
(gdb)
-break-insert -r foo.*
~int foo(int, int);
^done,bkpt={number="3",addr="0x00010774",file="recursive2.c,
"fullname="/home/foo/recursive2.c",line="11",times="0"}
(gdb)
Synopsis
-break-list
Displays the list of inserted breakpoints, showing the following fields:
‘Number’ number of the breakpoint
‘Type’ type of the breakpoint: ‘breakpoint’ or ‘watchpoint’
‘Disposition’
should the breakpoint be deleted or disabled when it is hit: ‘keep’ or ‘nokeep’
‘Enabled’ is the breakpoint enabled or no: ‘y’ or ‘n’
‘Address’ memory location at which the breakpoint is set
‘What’ logical location of the breakpoint, expressed by function name, file name, line
number
‘Times’ number of times the breakpoint has been hit
If there are no breakpoints or watchpoints, the BreakpointTable body field is an empty
list.
gdb Command
Example
(gdb)
-break-list
^done,BreakpointTable={nr_rows="2",nr_cols="6",
hdr=[{width="3",alignment="-1",col_name="number",colhdr="Num"},
{width="14",alignment="-1",col_name="type",colhdr="Type"},
{width="4",alignment="-1",col_name="disp",colhdr="Disp"},
{width="3",alignment="-1",col_name="enabled",colhdr="Enb"},
{width="10",alignment="-1",col_name="addr",colhdr="Address"},
{width="40",alignment="2",col_name="what",colhdr="What"}],
body=[bkpt={number="1",type="breakpoint",disp="keep",enabled="y",
addr="0x000100d0",func="main",file="hello.c",line="5",times="0"},
bkpt={number="2",type="breakpoint",disp="keep",enabled="y",
addr="0x00010114",func="foo",file="hello.c",fullname="/home/foo/hello.c",
line="13",times="0"}]}
(gdb)
Here’s an example of the result when there are no breakpoints:
(gdb)
-break-list
^done,BreakpointTable={nr_rows="0",nr_cols="6",
hdr=[{width="3",alignment="-1",col_name="number",colhdr="Num"},
{width="14",alignment="-1",col_name="type",colhdr="Type"},
{width="4",alignment="-1",col_name="disp",colhdr="Disp"},
{width="3",alignment="-1",col_name="enabled",colhdr="Enb"},
{width="10",alignment="-1",col_name="addr",colhdr="Address"},
{width="40",alignment="2",col_name="what",colhdr="What"}],
body=[]}
(gdb)
Synopsis
-break-passcount tracepoint-number passcount
Set the passcount for tracepoint tracepoint-number to passcount. If the breakpoint
referred to by tracepoint-number is not a tracepoint, error is emitted. This corresponds to
CLI command ‘passcount’.
Synopsis
-break-watch [ -a | -r ]
Create a watchpoint. With the ‘-a’ option it will create an access watchpoint, i.e., a
watchpoint that triggers either on a read from or on a write to the memory location. With
the ‘-r’ option, the watchpoint created is a read watchpoint, i.e., it will trigger only when
the memory location is accessed for reading. Without either of the options, the watchpoint
created is a regular watchpoint, i.e., it will trigger when the memory location is accessed
for writing. See hundefinedi [Setting Watchpoints], page hundefinedi.
Chapter 27: The gdb/mi Interface 349
Note that ‘-break-list’ will report a single list of watchpoints and breakpoints inserted.
gdb Command
Example
^done,BreakpointTable={nr_rows="2",nr_cols="6",
hdr=[{width="3",alignment="-1",col_name="number",colhdr="Num"},
{width="14",alignment="-1",col_name="type",colhdr="Type"},
{width="4",alignment="-1",col_name="disp",colhdr="Disp"},
{width="3",alignment="-1",col_name="enabled",colhdr="Enb"},
{width="10",alignment="-1",col_name="addr",colhdr="Address"},
{width="40",alignment="2",col_name="what",colhdr="What"}],
body=[bkpt={number="1",type="breakpoint",disp="keep",enabled="y",
addr="0x00010734",func="callee4",
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/devo/gdb/testsuite/gdb.mi/basics.c"line="8",times="1"},
bkpt={number="2",type="watchpoint",disp="keep",
enabled="y",addr="",what="C",times="0"}]}
(gdb)
-exec-continue
^running
(gdb)
*stopped,reason="watchpoint-trigger",wpt={number="2",exp="C"},
value={old="-276895068",new="3"},
frame={func="callee4",args=[],
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/bar/devo/gdb/testsuite/gdb.mi/basics.c",line="13"}
(gdb)
-break-list
^done,BreakpointTable={nr_rows="2",nr_cols="6",
hdr=[{width="3",alignment="-1",col_name="number",colhdr="Num"},
{width="14",alignment="-1",col_name="type",colhdr="Type"},
{width="4",alignment="-1",col_name="disp",colhdr="Disp"},
{width="3",alignment="-1",col_name="enabled",colhdr="Enb"},
{width="10",alignment="-1",col_name="addr",colhdr="Address"},
{width="40",alignment="2",col_name="what",colhdr="What"}],
body=[bkpt={number="1",type="breakpoint",disp="keep",enabled="y",
addr="0x00010734",func="callee4",
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/devo/gdb/testsuite/gdb.mi/basics.c",line="8",times="1"},
bkpt={number="2",type="watchpoint",disp="keep",
enabled="y",addr="",what="C",times="-5"}]}
(gdb)
-exec-continue
^running
^done,reason="watchpoint-scope",wpnum="2",
frame={func="callee3",args=[{name="strarg",
value="0x11940 \"A string argument.\""}],
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/bar/devo/gdb/testsuite/gdb.mi/basics.c",line="18"}
(gdb)
-break-list
^done,BreakpointTable={nr_rows="1",nr_cols="6",
hdr=[{width="3",alignment="-1",col_name="number",colhdr="Num"},
{width="14",alignment="-1",col_name="type",colhdr="Type"},
{width="4",alignment="-1",col_name="disp",colhdr="Disp"},
{width="3",alignment="-1",col_name="enabled",colhdr="Enb"},
{width="10",alignment="-1",col_name="addr",colhdr="Address"},
{width="40",alignment="2",col_name="what",colhdr="What"}],
body=[bkpt={number="1",type="breakpoint",disp="keep",enabled="y",
addr="0x00010734",func="callee4",
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/devo/gdb/testsuite/gdb.mi/basics.c",line="8",
Chapter 27: The gdb/mi Interface 351
times="1"}]}
(gdb)
Synopsis
-exec-arguments args
Set the inferior program arguments, to be used in the next ‘-exec-run’.
gdb Command
Example
(gdb)
-exec-arguments -v word
^done
(gdb)
Synopsis
-environment-cd pathdir
Set gdb’s working directory.
gdb Command
Example
(gdb)
-environment-cd /kwikemart/marge/ezannoni/flathead-dev/devo/gdb
^done
(gdb)
Synopsis
-environment-directory [ -r ] [ pathdir ]+
Add directories pathdir to beginning of search path for source files. If the ‘-r’ option is
used, the search path is reset to the default search path. If directories pathdir are supplied
in addition to the ‘-r’ option, the search path is first reset and then addition occurs as
normal. Multiple directories may be specified, separated by blanks. Specifying multiple
directories in a single command results in the directories added to the beginning of the
search path in the same order they were presented in the command. If blanks are needed as
part of a directory name, double-quotes should be used around the name. In the command
output, the path will show up separated by the system directory-separator character. The
directory-separator character must not be used in any directory name. If no directories are
specified, the current search path is displayed.
gdb Command
Example
(gdb)
-environment-directory /kwikemart/marge/ezannoni/flathead-dev/devo/gdb
^done,source-path="/kwikemart/marge/ezannoni/flathead-dev/devo/gdb:$cdir:$cwd"
(gdb)
-environment-directory ""
^done,source-path="/kwikemart/marge/ezannoni/flathead-dev/devo/gdb:$cdir:$cwd"
(gdb)
-environment-directory -r /home/jjohnstn/src/gdb /usr/src
^done,source-path="/home/jjohnstn/src/gdb:/usr/src:$cdir:$cwd"
(gdb)
-environment-directory -r
^done,source-path="$cdir:$cwd"
(gdb)
Synopsis
-environment-path [ -r ] [ pathdir ]+
Add directories pathdir to beginning of search path for object files. If the ‘-r’ option
is used, the search path is reset to the original search path that existed at gdb start-up.
If directories pathdir are supplied in addition to the ‘-r’ option, the search path is first
reset and then addition occurs as normal. Multiple directories may be specified, separated
by blanks. Specifying multiple directories in a single command results in the directories
added to the beginning of the search path in the same order they were presented in the
command. If blanks are needed as part of a directory name, double-quotes should be used
around the name. In the command output, the path will show up separated by the system
directory-separator character. The directory-separator character must not be used in any
directory name. If no directories are specified, the current path is displayed.
Chapter 27: The gdb/mi Interface 353
gdb Command
Example
(gdb)
-environment-path
^done,path="/usr/bin"
(gdb)
-environment-path /kwikemart/marge/ezannoni/flathead-dev/ppc-eabi/gdb /bin
^done,path="/kwikemart/marge/ezannoni/flathead-dev/ppc-eabi/gdb:/bin:/usr/bin"
(gdb)
-environment-path -r /usr/local/bin
^done,path="/usr/local/bin:/usr/bin"
(gdb)
Synopsis
-environment-pwd
Show the current working directory.
gdb Command
Example
(gdb)
-environment-pwd
^done,cwd="/kwikemart/marge/ezannoni/flathead-dev/devo/gdb"
(gdb)
Synopsis
-thread-info [ thread-id ]
Reports information about either a specific thread, if the thread-id parameter is present,
or about all threads. When printing information about all threads, also reports the current
thread.
354 Debugging with gdb
gdb Command
The ‘info thread’ command prints the same information about all threads.
Result
The result is a list of threads. The following attributes are defined for a given thread:
‘current’ This field exists only for the current thread. It has the value ‘*’.
‘id’ The identifier that gdb uses to refer to the thread.
‘target-id’
The identifier that the target uses to refer to the thread.
‘details’ Extra information about the thread, in a target-specific format. This field is
optional.
‘name’ The name of the thread. If the user specified a name using the thread name
command, then this name is given. Otherwise, if gdb can extract the thread
name from the target, then that name is given. If gdb cannot find the thread
name, then this field is omitted.
‘frame’ The stack frame currently executing in the thread.
‘state’ The thread’s state. The ‘state’ field may have the following values:
stopped The thread is stopped. Frame information is available for stopped
threads.
running The thread is running. There’s no frame information for running
threads.
‘core’ If gdb can find the CPU core on which this thread is running, then this field
is the core identifier. This field is optional.
Example
-thread-info
^done,threads=[
{id="2",target-id="Thread 0xb7e14b90 (LWP 21257)",
frame={level="0",addr="0xffffe410",func="__kernel_vsyscall",
args=[]},state="running"},
{id="1",target-id="Thread 0xb7e156b0 (LWP 21254)",
frame={level="0",addr="0x0804891f",func="foo",
args=[{name="i",value="10"}],
file="/tmp/a.c",fullname="/tmp/a.c",line="158"},
state="running"}],
current-thread-id="1"
(gdb)
Synopsis
-thread-list-ids
Produces a list of the currently known gdb thread ids. At the end of the list it also
prints the total number of such threads.
This command is retained for historical reasons, the -thread-info command should be
used instead.
gdb Command
Example
(gdb)
-thread-list-ids
^done,thread-ids={thread-id="3",thread-id="2",thread-id="1"},
current-thread-id="1",number-of-threads="3"
(gdb)
Synopsis
-thread-select threadnum
Make threadnum the current thread. It prints the number of the new current thread,
and the topmost frame for that thread.
This command is deprecated in favor of explicitly using the ‘--thread’ option to each
command.
gdb Command
Example
(gdb)
-exec-next
^running
(gdb)
*stopped,reason="end-stepping-range",thread-id="2",line="187",
file="../../../devo/gdb/testsuite/gdb.threads/linux-dp.c"
(gdb)
-thread-list-ids
^done,
thread-ids={thread-id="3",thread-id="2",thread-id="1"},
number-of-threads="3"
(gdb)
356 Debugging with gdb
-thread-select 3
^done,new-thread-id="3",
frame={level="0",func="vprintf",
args=[{name="format",value="0x8048e9c \"%*s%c %d %c\\n\""},
{name="arg",value="0x2"}],file="vprintf.c",line="31"}
(gdb)
These are the asynchronous commands which generate the out-of-band record
‘*stopped’. Currently gdb only really executes asynchronously with remote targets and
this interaction is mimicked in other cases.
Synopsis
-exec-continue [--reverse] [--all|--thread-group N]
Resumes the execution of the inferior program, which will continue to execute until it
reaches a debugger stop event. If the ‘--reverse’ option is specified, execution resumes in
reverse until it reaches a stop event. Stop events may include
• breakpoints or watchpoints
• signals or exceptions
• the end of the process (or its beginning under ‘--reverse’)
• the end or beginning of a replay log if one is being used.
In all-stop mode (see hundefinedi [All-Stop Mode], page hundefinedi), may resume only
one thread, or all threads, depending on the value of the ‘scheduler-locking’ variable.
If ‘--all’ is specified, all threads (in all inferiors) will be resumed. The ‘--all’ option is
ignored in all-stop mode. If the ‘--thread-group’ options is specified, then all threads in
that thread group are resumed.
gdb Command
Example
-exec-continue
^running
(gdb)
@Hello world
*stopped,reason="breakpoint-hit",disp="keep",bkptno="2",frame={
func="foo",args=[],file="hello.c",fullname="/home/foo/bar/hello.c",
line="13"}
(gdb)
Chapter 27: The gdb/mi Interface 357
Synopsis
-exec-finish [--reverse]
Resumes the execution of the inferior program until the current function is exited. Dis-
plays the results returned by the function. If the ‘--reverse’ option is specified, resumes
the reverse execution of the inferior program until the point where current function was
called.
gdb Command
Example
Synopsis
-exec-interrupt [--all|--thread-group N]
Interrupts the background execution of the target. Note how the token associated with
the stop message is the one for the execution command that has been interrupted. The
token for the interrupt itself only appears in the ‘^done’ output. If the user is trying to
interrupt a non-running program, an error message will be printed.
Note that when asynchronous execution is enabled, this command is asynchronous just
like other execution commands. That is, first the ‘^done’ response will be printed, and the
target stop will be reported after that using the ‘*stopped’ notification.
358 Debugging with gdb
In non-stop mode, only the context thread is interrupted by default. All threads (in
all inferiors) will be interrupted if the ‘--all’ option is specified. If the ‘--thread-group’
option is specified, all threads in that group will be interrupted.
gdb Command
Example
(gdb)
111-exec-continue
111^running
(gdb)
222-exec-interrupt
222^done
(gdb)
111*stopped,signal-name="SIGINT",signal-meaning="Interrupt",
frame={addr="0x00010140",func="foo",args=[],file="try.c",
fullname="/home/foo/bar/try.c",line="13"}
(gdb)
(gdb)
-exec-interrupt
^error,msg="mi_cmd_exec_interrupt: Inferior not executing."
(gdb)
Synopsis
-exec-jump location
Resumes execution of the inferior program at the location specified by parameter. See
hundefinedi [Specify Location], page hundefinedi, for a description of the different forms of
location.
gdb Command
Example
-exec-jump foo.c:10
*running,thread-id="all"
^running
Synopsis
-exec-next [--reverse]
Resumes execution of the inferior program, stopping when the beginning of the next
source line is reached.
If the ‘--reverse’ option is specified, resumes reverse execution of the inferior program,
stopping at the beginning of the previous source line. If you issue this command on the
first line of a function, it will take you back to the caller of that function, to the source line
where the function was called.
gdb Command
Example
-exec-next
^running
(gdb)
*stopped,reason="end-stepping-range",line="8",file="hello.c"
(gdb)
Synopsis
-exec-next-instruction [--reverse]
Executes one machine instruction. If the instruction is a function call, continues until
the function returns. If the program stops at an instruction in the middle of a source line,
the address will be printed as well.
If the ‘--reverse’ option is specified, resumes reverse execution of the inferior program,
stopping at the previous instruction. If the previously executed instruction was a return
from another function, it will continue to execute in reverse until the call to that function
(from the current stack frame) is reached.
gdb Command
Example
(gdb)
-exec-next-instruction
^running
(gdb)
*stopped,reason="end-stepping-range",
addr="0x000100d4",line="5",file="hello.c"
(gdb)
360 Debugging with gdb
Synopsis
-exec-return
Makes current function return immediately. Doesn’t execute the inferior. Displays the
new current frame.
gdb Command
Example
(gdb)
200-break-insert callee4
200^done,bkpt={number="1",addr="0x00010734",
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",line="8"}
(gdb)
000-exec-run
000^running
(gdb)
000*stopped,reason="breakpoint-hit",disp="keep",bkptno="1",
frame={func="callee4",args=[],
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/bar/devo/gdb/testsuite/gdb.mi/basics.c",line="8"}
(gdb)
205-break-delete
205^done
(gdb)
111-exec-return
111^done,frame={level="0",func="callee3",
args=[{name="strarg",
value="0x11940 \"A string argument.\""}],
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/bar/devo/gdb/testsuite/gdb.mi/basics.c",line="18"}
(gdb)
Synopsis
-exec-run [--all | --thread-group N]
Starts execution of the inferior from the beginning. The inferior executes until either a
breakpoint is encountered or the program exits. In the latter case the output will include
an exit code, if the program has exited exceptionally.
When no option is specified, the current inferior is started. If the ‘--thread-group’
option is specified, it should refer to a thread group of type ‘process’, and that thread
group will be started. If the ‘--all’ option is specified, then all inferiors will be started.
Chapter 27: The gdb/mi Interface 361
gdb Command
Examples
(gdb)
-break-insert main
^done,bkpt={number="1",addr="0x0001072c",file="recursive2.c",line="4"}
(gdb)
-exec-run
^running
(gdb)
*stopped,reason="breakpoint-hit",disp="keep",bkptno="1",
frame={func="main",args=[],file="recursive2.c",
fullname="/home/foo/bar/recursive2.c",line="4"}
(gdb)
Program exited normally:
(gdb)
-exec-run
^running
(gdb)
x = 55
*stopped,reason="exited-normally"
(gdb)
Program exited exceptionally:
(gdb)
-exec-run
^running
(gdb)
x = 55
*stopped,reason="exited",exit-code="01"
(gdb)
Another way the program can terminate is if it receives a signal such as SIGINT. In this
case, gdb/mi displays this:
(gdb)
*stopped,reason="exited-signalled",signal-name="SIGINT",
signal-meaning="Interrupt"
Synopsis
-exec-step [--reverse]
Resumes execution of the inferior program, stopping when the beginning of the next
source line is reached, if the next source line is not a function call. If it is, stop at the first
instruction of the called function. If the ‘--reverse’ option is specified, resumes reverse
execution of the inferior program, stopping at the beginning of the previously executed
source line.
362 Debugging with gdb
gdb Command
Example
Synopsis
-exec-step-instruction [--reverse]
Resumes the inferior which executes one machine instruction. If the ‘--reverse’ option
is specified, resumes reverse execution of the inferior program, stopping at the previously
executed instruction. The output, once gdb has stopped, will vary depending on whether
we have stopped in the middle of a source line or not. In the former case, the address at
which the program stopped will be printed as well.
gdb Command
Example
(gdb)
-exec-step-instruction
^running
(gdb)
*stopped,reason="end-stepping-range",
frame={func="foo",args=[],file="try.c",
fullname="/home/foo/bar/try.c",line="10"}
(gdb)
-exec-step-instruction
Chapter 27: The gdb/mi Interface 363
^running
(gdb)
*stopped,reason="end-stepping-range",
frame={addr="0x000100f4",func="foo",args=[],file="try.c",
fullname="/home/foo/bar/try.c",line="10"}
(gdb)
Synopsis
-exec-until [ location ]
Executes the inferior until the location specified in the argument is reached. If there
is no argument, the inferior executes until a source line greater than the current one is
reached. The reason for stopping in this case will be ‘location-reached’.
gdb Command
Example
(gdb)
-exec-until recursive2.c:6
^running
(gdb)
x = 55
*stopped,reason="location-reached",frame={func="main",args=[],
file="recursive2.c",fullname="/home/foo/bar/recursive2.c",line="6"}
(gdb)
Synopsis
-stack-info-frame
Get info on the selected frame.
gdb Command
Example
(gdb)
-stack-info-frame
^done,frame={level="1",addr="0x0001076c",func="callee3",
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/bar/devo/gdb/testsuite/gdb.mi/basics.c",line="17"}
(gdb)
Synopsis
-stack-info-depth [ max-depth ]
Return the depth of the stack. If the integer argument max-depth is specified, do not
count beyond max-depth frames.
gdb Command
Example
Synopsis
-stack-list-arguments print-values
[ low-frame high-frame ]
Display a list of the arguments for the frames between low-frame and high-frame (inclu-
sive). If low-frame and high-frame are not provided, list the arguments for the whole call
Chapter 27: The gdb/mi Interface 365
stack. If the two arguments are equal, show the single frame at the corresponding level.
It is an error if low-frame is larger than the actual number of frames. On the other hand,
high-frame may be larger than the actual number of frames, in which case only existing
frames will be returned.
If print-values is 0 or --no-values, print only the names of the variables; if it is 1 or
--all-values, print also their values; and if it is 2 or --simple-values, print the name,
type and value for simple data types, and the name and type for arrays, structures and
unions.
Use of this command to obtain arguments in a single frame is deprecated in favor of the
‘-stack-list-variables’ command.
gdb Command
gdb does not have an equivalent command. gdbtk has a ‘gdb_get_args’ command
which partially overlaps with the functionality of ‘-stack-list-arguments’.
Example
(gdb)
-stack-list-frames
^done,
stack=[
frame={level="0",addr="0x00010734",func="callee4",
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/bar/devo/gdb/testsuite/gdb.mi/basics.c",line="8"},
frame={level="1",addr="0x0001076c",func="callee3",
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/bar/devo/gdb/testsuite/gdb.mi/basics.c",line="17"},
frame={level="2",addr="0x0001078c",func="callee2",
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/bar/devo/gdb/testsuite/gdb.mi/basics.c",line="22"},
frame={level="3",addr="0x000107b4",func="callee1",
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/bar/devo/gdb/testsuite/gdb.mi/basics.c",line="27"},
frame={level="4",addr="0x000107e0",func="main",
file="../../../devo/gdb/testsuite/gdb.mi/basics.c",
fullname="/home/foo/bar/devo/gdb/testsuite/gdb.mi/basics.c",line="32"}]
(gdb)
-stack-list-arguments 0
^done,
stack-args=[
frame={level="0",args=[]},
frame={level="1",args=[name="strarg"]},
frame={level="2",args=[name="intarg",name="strarg"]},
frame={level="3",args=[name="intarg",name="strarg",name="fltarg"]},
frame={level="4",args=[]}]
(gdb)
-stack-list-arguments 1
^done,
stack-args=[
frame={level="0",args=[]},
frame={level="1",
args=[{name="strarg",value="0x11940 \"A string argument.\""}]},
366 Debugging with gdb
frame={level="2",args=[
{name="intarg",value="2"},
{name="strarg",value="0x11940 \"A string argument.\""}]},
{frame={level="3",args=[
{name="intarg",value="2"},
{name="strarg",value="0x11940 \"A string argument.\""},
{name="fltarg",value="3.5"}]},
frame={level="4",args=[]}]
(gdb)
-stack-list-arguments 0 2 2
^done,stack-args=[frame={level="2",args=[name="intarg",name="strarg"]}]
(gdb)
-stack-list-arguments 1 2 2
^done,stack-args=[frame={level="2",
args=[{name="intarg",value="2"},
{name="strarg",value="0x11940 \"A string argument.\""}]}]
(gdb)
Synopsis
-stack-list-frames [ low-frame high-frame ]
List the frames currently on the stack. For each frame it displays the following info:
‘level ’ The frame number, 0 being the topmost frame, i.e., the innermost function.
‘addr ’ The $pc value for that frame.
‘func ’ Function name.
‘file ’ File name of the source file where the function lives.
‘fullname ’
The full file name of the source file where the function lives.
‘line ’ Line number corresponding to the $pc.
‘from ’ The shared library where this function is defined. This is only given if the
frame’s function is not known.
If invoked without arguments, this command prints a backtrace for the whole stack. If
given two integer arguments, it shows the frames whose levels are between the two arguments
(inclusive). If the two arguments are equal, it shows the single frame at the corresponding
level. It is an error if low-frame is larger than the actual number of frames. On the other
hand, high-frame may be larger than the actual number of frames, in which case only
existing frames will be returned.
gdb Command
Example
Synopsis
-stack-list-locals print-values
Display the local variable names for the selected frame. If print-values is 0 or --no-
values, print only the names of the variables; if it is 1 or --all-values, print also their
values; and if it is 2 or --simple-values, print the name, type and value for simple data
types, and the name and type for arrays, structures and unions. In this last case, a frontend
can immediately display the value of simple data types and create variable objects for other
data types when the user wishes to explore their values in more detail.
This command is deprecated in favor of the ‘-stack-list-variables’ command.
gdb Command
Example
(gdb)
-stack-list-locals 0
^done,locals=[name="A",name="B",name="C"]
(gdb)
-stack-list-locals --all-values
^done,locals=[{name="A",value="1"},{name="B",value="2"},
{name="C",value="{1, 2, 3}"}]
-stack-list-locals --simple-values
^done,locals=[{name="A",type="int",value="1"},
{name="B",type="int",value="2"},{name="C",type="int [3]"}]
(gdb)
Synopsis
-stack-list-variables print-values
Display the names of local variables and function arguments for the selected frame. If
print-values is 0 or --no-values, print only the names of the variables; if it is 1 or --all-
values, print also their values; and if it is 2 or --simple-values, print the name, type and
value for simple data types, and the name and type for arrays, structures and unions.
Example
(gdb)
-stack-list-variables --thread 1 --frame 0 --all-values
^done,variables=[{name="x",value="11"},{name="s",value="{a = 1, b = 2}"}]
(gdb)
Synopsis
-stack-select-frame framenum
Change the selected frame. Select a different frame framenum on the stack.
This command in deprecated in favor of passing the ‘--frame’ option to every command.
gdb Command
Example
(gdb)
-stack-select-frame 2
^done
(gdb)
Variable objects are "object-oriented" MI interface for examining and changing values of
expressions. Unlike some other MI interfaces that work with expressions, variable objects
are specifically designed for simple and efficient presentation in the frontend. A variable
object is identified by string name. When a variable object is created, the frontend specifies
the expression for that variable object. The expression can be a simple variable, or it can
be an arbitrary complex expression, and can even involve CPU registers. After creating a
variable object, the frontend can invoke other variable object operations—for example to
obtain or change the value of a variable object, or to change display format.
Variable objects have hierarchical tree structure. Any variable object that corresponds to
a composite type, such as structure in C, has a number of child variable objects, for example
corresponding to each element of a structure. A child variable object can itself have children,
recursively. Recursion ends when we reach leaf variable objects, which always have built-in
types. Child variable objects are created only by explicit request, so if a frontend is not
interested in the children of a particular variable object, no child will be created.
For a leaf variable object it is possible to obtain its value as a string, or set the value
from a string. String value can be also obtained for a non-leaf variable object, but it’s
generally a string that only indicates the type of the object, and does not list its contents.
Assignment to a non-leaf variable object is not allowed.
A frontend does not need to read the values of all variable objects each time the program
stops. Instead, MI provides an update command that lists all variable objects whose values
has changed since the last update operation. This considerably reduces the amount of data
that must be transferred to the frontend. As noted above, children variable objects are
370 Debugging with gdb
created on demand, and only leaf variable objects have a real value. As result, gdb will
read target memory only for leaf variables that frontend has created.
The automatic update is not always desirable. For example, a frontend might want
to keep a value of some expression for future reference, and never update it. For another
example, fetching memory is relatively slow for embedded targets, so a frontend might want
to disable automatic update for the variables that are either not visible on the screen, or
“closed”. This is possible using so called “frozen variable objects”. Such variable objects
are never implicitly updated.
Variable objects can be either fixed or floating. For the fixed variable object, the ex-
pression is parsed when the variable object is created, including associating identifiers to
specific variables. The meaning of expression never changes. For a floating variable object
the values of variables whose names appear in the expressions are re-evaluated every time
in the context of the current frame. Consider this example:
void do_work(...)
{
struct work_state state;
if (...)
do_work(...);
}
If a fixed variable object for the state variable is created in this function, and we enter
the recursive call, the the variable object will report the value of state in the top-level
do_work invocation. On the other hand, a floating variable object will report the value of
state in the current frame.
If an expression specified when creating a fixed variable object refers to a local variable,
the variable object becomes bound to the thread and frame in which the variable object
is created. When such variable object is updated, gdb makes sure that the thread/frame
combination the variable object is bound to still exists, and re-evaluates the variable object
in context of that thread/frame.
The following is the complete set of gdb/mi operations defined to access this function-
ality:
Operation Description
-enable-pretty-printing enable Python-based pretty-printing
-var-create create a variable object
-var-delete delete the variable object and/or its children
-var-set-format set the display format of this variable
-var-show-format show the display format of this variable
-var-info-num-children tells how many children this object has
-var-list-children return a list of the object’s children
-var-info-type show the type of this variable object
-var-info-expression print parent-relative expression that this variable ob-
ject represents
-var-info-path-expression print full expression that this variable object
represents
-var-show-attributes is this variable editable? does it exist here?
-var-evaluate-expression get the value of this variable
Chapter 27: The gdb/mi Interface 371
Synopsis
-var-create {name | "-"}
{frame-addr | "*" | "@"} expression
This operation creates a variable object, which allows the monitoring of a variable, the
result of an expression, a memory cell or a CPU register.
The name parameter is the string by which the object can be referenced. It must
be unique. If ‘-’ is specified, the varobj system will generate a string “varNNNNNN”
automatically. It will be unique provided that one does not specify name of that format.
The command fails if a duplicate name is found.
The frame under which the expression should be evaluated can be specified by frame-
addr. A ‘*’ indicates that the current frame should be used. A ‘@’ indicates that a floating
variable object must be created.
expression is any expression valid on the current language set (must not begin with a
‘*’), or one of the following:
• ‘*addr ’, where addr is the address of a memory cell
• ‘*addr-addr ’ — a memory address range (TBD)
• ‘$regname ’ — a CPU register name
372 Debugging with gdb
Result
Synopsis
-var-delete [ -c ] name
Deletes a previously created variable object and all of its children. With the ‘-c’ option,
just deletes the children.
Returns an error if the object name is not found.
Chapter 27: The gdb/mi Interface 373
Synopsis
-var-set-format name format-spec
Sets the output format for the value of the object name to be format-spec.
The syntax for the format-spec is as follows:
format-spec 7→
{binary | decimal | hexadecimal | octal | natural}
The natural format is the default format choosen automatically based on the variable
type (like decimal for an int, hex for pointers, etc.).
For a variable with children, the format is set only on the variable itself, and the children
are not affected.
Synopsis
-var-show-format name
Returns the format used to display the value of the object name.
format 7→
format-spec
Synopsis
-var-info-num-children name
Returns the number of children of a variable object name:
numchild=n
Note that this number is not completely reliable for a dynamic varobj. It will return the
current number of children, but more children may be available.
Synopsis
-var-list-children [print-values ] name [from to ]
Return a list of the children of the specified variable object and create variable objects
for them, if they do not already exist. With a single argument or if print-values has a
value of 0 or --no-values, print only the names of the variables; if print-values is 1 or
374 Debugging with gdb
--all-values, also print their values; and if it is 2 or --simple-values print the name
and value for simple data types and just the name for arrays, structures and unions.
from and to, if specified, indicate the range of children to report. If from or to is less
than zero, the range is reset and all children will be reported. Otherwise, children starting
at from (zero-based) and up to and excluding to will be reported.
If a child range is requested, it will only affect the current call to -var-list-children,
but not future calls to -var-update. For this, you must instead use -var-set-update-
range. The intent of this approach is to enable a front end to implement any update
approach it likes; for example, scrolling a view may cause the front end to request more
children with -var-list-children, and then the front end could call -var-set-update-
range with a different range to ensure that future updates are restricted to just the visible
items.
For each child the following results are returned:
‘displayhint’
A dynamic varobj can supply a display hint to the front end. The value comes
directly from the Python pretty-printer object’s display_hint method. See
hundefinedi [Pretty Printing API], page hundefinedi.
‘has_more’
This is an integer attribute which is nonzero if there are children remaining
after the end of the selected range.
Chapter 27: The gdb/mi Interface 375
Example
(gdb)
-var-list-children n
^done,numchild=n,children=[child={name=name,exp=exp,
numchild=n,type=type },(repeats N times)]
(gdb)
-var-list-children --all-values n
^done,numchild=n,children=[child={name=name,exp=exp,
numchild=n,value=value,type=type },(repeats N times)]
Synopsis
-var-info-type name
Returns the type of the specified variable name. The type is returned as a string in the
same format as it is output by the gdb CLI:
type=typename
Synopsis
-var-info-expression name
Returns a string that is suitable for presenting this variable object in user interface. The
string is generally not valid expression in the current language, and cannot be evaluated.
For example, if a is an array, and variable object A was created for a, then we’ll get this
output:
(gdb) -var-info-expression A.1
^done,lang="C",exp="1"
Here, the values of lang can be {"C" | "C++" | "Java"}.
Note that the output of the -var-list-children command also includes those expres-
sions, so the -var-info-expression command is of limited use.
Synopsis
-var-info-path-expression name
Returns an expression that can be evaluated in the current context and will yield the
same value that a variable object has. Compare this with the -var-info-expression
command, which result can be used only for UI presentation. Typical use of the -var-
info-path-expression command is creating a watchpoint from a variable object.
376 Debugging with gdb
This command is currently not valid for children of a dynamic varobj, and will give an
error when invoked on one.
For example, suppose C is a C++ class, derived from class Base, and that the Base class
has a member called m_size. Assume a variable c is has the type of C and a variable object
C was created for variable c. Then, we’ll get this output:
(gdb) -var-info-path-expression C.Base.public.m_size
^done,path_expr=((Base)c).m_size)
Synopsis
-var-show-attributes name
Synopsis
-var-evaluate-expression [-f format-spec ] name
Evaluates the expression that is represented by the specified variable object and returns
its value as a string. The format of the string can be specified with the ‘-f’ option. The
possible values of this option are the same as for -var-set-format (see hundefinedi [-
var-set-format], page hundefinedi). If the ‘-f’ option is not specified, the current display
format will be used. The current display format can be changed using the -var-set-format
command.
value=value
Note that one must invoke -var-list-children for a variable before the value of a child
variable can be evaluated.
Synopsis
-var-assign name expression
Assigns the value of expression to the variable object specified by name. The object
must be ‘editable’. If the variable’s value is altered by the assign, the variable will show
up in any subsequent -var-update list.
Chapter 27: The gdb/mi Interface 377
Example
(gdb)
-var-assign var1 3
^done,value="3"
(gdb)
-var-update *
^done,changelist=[{name="var1",in_scope="true",type_changed="false"}]
(gdb)
Synopsis
-var-update [print-values ] {name | "*"}
Reevaluate the expressions corresponding to the variable object name and all its direct
and indirect children, and return the list of variable objects whose values have changed;
name must be a root variable object. Here, “changed” means that the result of -var-
evaluate-expression before and after the -var-update is different. If ‘*’ is used as the
variable object names, all existing variable objects are updated, except for frozen ones
(see hundefinedi [-var-set-frozen], page hundefinedi). The option print-values determines
whether both names and values, or just names are printed. The possible values of this option
are the same as for -var-list-children (see hundefinedi [-var-list-children], page hunde-
finedi). It is recommended to use the ‘--all-values’ option, to reduce the number of MI
commands needed on each program stop.
With the ‘*’ parameter, if a variable object is bound to a currently running thread, it
will not be updated, without any diagnostic.
If -var-set-update-range was previously used on a varobj, then only the selected range
of children will be reported.
-var-update reports all the changed varobjs in a tuple named ‘changelist’.
Each item in the change list is itself a tuple holding:
‘name’ The name of the varobj.
‘value’ If values were requested for this update, then this field will be present and will
hold the value of the varobj.
‘in_scope’
This field is a string which may take one of three values:
"true" The variable object’s current value is valid.
"false" The variable object does not currently hold a valid value but it may
hold one in the future if its associated expression comes back into
scope.
"invalid"
The variable object no longer holds a valid value. This can oc-
cur when the executable file being debugged has changed, either
through recompilation or by using the gdb file command. The
front end should normally choose to delete these variable objects.
378 Debugging with gdb
In the future new values may be added to this list so the front should be prepared
for this possibility. See hundefinedi [GDB/MI Development and Front Ends],
page hundefinedi.
‘type_changed’
This is only present if the varobj is still valid. If the type changed, then this
will be the string ‘true’; otherwise it will be ‘false’.
‘new_type’
If the varobj’s type changed, then this field will be present and will hold the
new type.
‘new_num_children’
For a dynamic varobj, if the number of children changed, or if the type changed,
this will be the new number of children.
The ‘numchild’ field in other varobj responses is generally not valid for a dy-
namic varobj – it will show the number of children that gdb knows about, but
because dynamic varobjs lazily instantiate their children, this will not reflect
the number of children which may be available.
The ‘new_num_children’ attribute only reports changes to the number of chil-
dren known by gdb. This is the only way to detect whether an update has
removed children (which necessarily can only happen at the end of the update
range).
‘displayhint’
The display hint, if any.
‘has_more’
This is an integer value, which will be 1 if there are more children available
outside the varobj’s update range.
‘dynamic’ This attribute will be present and have the value ‘1’ if the varobj is a dynamic
varobj. If the varobj is not a dynamic varobj, then this attribute will not be
present.
‘new_children’
If new children were added to a dynamic varobj within the selected update range
(as set by -var-set-update-range), then they will be listed in this attribute.
Example
(gdb)
-var-assign var1 3
^done,value="3"
(gdb)
-var-update --all-values var1
^done,changelist=[{name="var1",value="3",in_scope="true",
type_changed="false"}]
(gdb)
Synopsis
-var-set-frozen name flag
Set the frozenness flag on the variable object name. The flag parameter should be either
‘1’ to make the variable frozen or ‘0’ to make it unfrozen. If a variable object is frozen, then
neither itself, nor any of its children, are implicitly updated by -var-update of a parent
variable or by -var-update *. Only -var-update of the variable itself will update its value
and values of its children. After a variable object is unfrozen, it is implicitly updated by
all subsequent -var-update operations. Unfreezing a variable does not update it, only
subsequent -var-update does.
Example
(gdb)
-var-set-frozen V 1
^done
(gdb)
Synopsis
-var-set-update-range name from to
Set the range of children to be returned by future invocations of -var-update.
from and to indicate the range of children to report. If from or to is less than zero,
the range is reset and all children will be reported. Otherwise, children starting at from
(zero-based) and up to and excluding to will be reported.
Example
(gdb)
-var-set-update-range V 1 2
^done
Synopsis
-var-set-visualizer name visualizer
Set a visualizer for the variable object name.
visualizer is the visualizer to use. The special value ‘None’ means to disable any visualizer
in use.
If not ‘None’, visualizer must be a Python expression. This expression must evaluate
to a callable object which accepts a single argument. gdb will call this object with the
value of the varobj name as an argument (this is done so that the same Python pretty-
printing code can be used for both the CLI and MI). When called, this object must return
380 Debugging with gdb
an object which conforms to the pretty-printing interface (see hundefinedi [Pretty Printing
API], page hundefinedi).
The pre-defined function gdb.default_visualizer may be used to select a visualizer by
following the built-in process (see hundefinedi [Selecting Pretty-Printers], page hundefinedi).
This is done automatically when a varobj is created, and so ordinarily is not needed.
This feature is only available if Python support is enabled. The MI command -list-
features (see hundefinedi [GDB/MI Miscellaneous Commands], page hundefinedi) can be
used to check this.
Example
This section describes the gdb/mi commands that manipulate data: examine memory
and registers, evaluate expressions, etc.
Synopsis
-data-disassemble
[ -s start-addr -e end-addr ]
| [ -f filename -l linenum [ -n lines ] ]
-- mode
Where:
‘start-addr ’
is the beginning address (or $pc)
‘end-addr ’
is the end address
‘filename ’
is the name of the file to disassemble
Chapter 27: The gdb/mi Interface 381
Result
gdb Command
Example
Synopsis
-data-evaluate-expression expr
Evaluate expr as an expression. The expression could contain an inferior function call.
The function call will execute synchronously. If the expression contains spaces, it must be
enclosed in double quotes.
gdb Command
The corresponding gdb commands are ‘print’, ‘output’, and ‘call’. In gdbtk only,
there’s a corresponding ‘gdb_eval’ command.
Chapter 27: The gdb/mi Interface 383
Example
In the following example, the numbers that precede the commands are the tokens de-
scribed in hundefinedi [gdb/mi Command Syntax], page hundefinedi. Notice how gdb/mi
returns the same tokens in its output.
211-data-evaluate-expression A
211^done,value="1"
(gdb)
311-data-evaluate-expression &A
311^done,value="0xefffeb7c"
(gdb)
411-data-evaluate-expression A+3
411^done,value="4"
(gdb)
511-data-evaluate-expression "A + 3"
511^done,value="4"
(gdb)
Synopsis
-data-list-changed-registers
Display a list of the registers that have changed.
gdb Command
gdb doesn’t have a direct analog for this command; gdbtk has the corresponding com-
mand ‘gdb_changed_register_list’.
Example
(gdb)
*stopped,reason="breakpoint-hit",disp="keep",bkptno="1",frame={
func="main",args=[],file="try.c",fullname="/home/foo/bar/try.c",
line="5"}
(gdb)
-data-list-changed-registers
^done,changed-registers=["0","1","2","4","5","6","7","8","9",
"10","11","13","14","15","16","17","18","19","20","21","22","23",
"24","25","26","27","28","30","31","64","65","66","67","69"]
(gdb)
Synopsis
-data-list-register-names [ ( regno )+ ]
Show a list of register names for the current target. If no arguments are given, it shows a
list of the names of all the registers. If integer numbers are given as arguments, it will print
a list of the names of the registers corresponding to the arguments. To ensure consistency
between a register name and its number, the output list may include empty register names.
gdb Command
Example
For the PPC MBX board:
(gdb)
-data-list-register-names
^done,register-names=["r0","r1","r2","r3","r4","r5","r6","r7",
"r8","r9","r10","r11","r12","r13","r14","r15","r16","r17","r18",
"r19","r20","r21","r22","r23","r24","r25","r26","r27","r28","r29",
"r30","r31","f0","f1","f2","f3","f4","f5","f6","f7","f8","f9",
"f10","f11","f12","f13","f14","f15","f16","f17","f18","f19","f20",
"f21","f22","f23","f24","f25","f26","f27","f28","f29","f30","f31",
"", "pc","ps","cr","lr","ctr","xer"]
(gdb)
-data-list-register-names 1 2 3
^done,register-names=["r1","r2","r3"]
(gdb)
Synopsis
-data-list-register-values fmt [ ( regno )*]
Display the registers’ contents. fmt is the format according to which the registers’
contents are to be returned, followed by an optional list of numbers specifying the registers
to display. A missing list of numbers indicates that the contents of all the registers must
be returned.
Allowed formats for fmt are:
x Hexadecimal
o Octal
t Binary
d Decimal
r Raw
N Natural
Chapter 27: The gdb/mi Interface 385
gdb Command
The corresponding gdb commands are ‘info reg’, ‘info all-reg’, and (in gdbtk)
‘gdb_fetch_registers’.
Example
For a PPC MBX board (note: line breaks are for readability only, they don’t appear in
the actual output):
(gdb)
-data-list-register-values r 64 65
^done,register-values=[{number="64",value="0xfe00a300"},
{number="65",value="0x00029002"}]
(gdb)
-data-list-register-values x
^done,register-values=[{number="0",value="0xfe0043c8"},
{number="1",value="0x3fff88"},{number="2",value="0xfffffffe"},
{number="3",value="0x0"},{number="4",value="0xa"},
{number="5",value="0x3fff68"},{number="6",value="0x3fff58"},
{number="7",value="0xfe011e98"},{number="8",value="0x2"},
{number="9",value="0xfa202820"},{number="10",value="0xfa202808"},
{number="11",value="0x1"},{number="12",value="0x0"},
{number="13",value="0x4544"},{number="14",value="0xffdfffff"},
{number="15",value="0xffffffff"},{number="16",value="0xfffffeff"},
{number="17",value="0xefffffed"},{number="18",value="0xfffffffe"},
{number="19",value="0xffffffff"},{number="20",value="0xffffffff"},
{number="21",value="0xffffffff"},{number="22",value="0xfffffff7"},
{number="23",value="0xffffffff"},{number="24",value="0xffffffff"},
{number="25",value="0xffffffff"},{number="26",value="0xfffffffb"},
{number="27",value="0xffffffff"},{number="28",value="0xf7bfffff"},
{number="29",value="0x0"},{number="30",value="0xfe010000"},
{number="31",value="0x0"},{number="32",value="0x0"},
{number="33",value="0x0"},{number="34",value="0x0"},
{number="35",value="0x0"},{number="36",value="0x0"},
{number="37",value="0x0"},{number="38",value="0x0"},
{number="39",value="0x0"},{number="40",value="0x0"},
{number="41",value="0x0"},{number="42",value="0x0"},
{number="43",value="0x0"},{number="44",value="0x0"},
{number="45",value="0x0"},{number="46",value="0x0"},
{number="47",value="0x0"},{number="48",value="0x0"},
{number="49",value="0x0"},{number="50",value="0x0"},
{number="51",value="0x0"},{number="52",value="0x0"},
{number="53",value="0x0"},{number="54",value="0x0"},
{number="55",value="0x0"},{number="56",value="0x0"},
{number="57",value="0x0"},{number="58",value="0x0"},
{number="59",value="0x0"},{number="60",value="0x0"},
{number="61",value="0x0"},{number="62",value="0x0"},
{number="63",value="0x0"},{number="64",value="0xfe00a300"},
{number="65",value="0x29002"},{number="66",value="0x202f04b5"},
{number="67",value="0xfe0043b0"},{number="68",value="0xfe00b3e4"},
{number="69",value="0x20002b03"}]
(gdb)
386 Debugging with gdb
Synopsis
-data-read-memory [ -o byte-offset ]
address word-format word-size
nr-rows nr-cols [ aschar ]
where:
‘address ’ An expression specifying the address of the first memory word to be read.
Complex expressions containing embedded white space should be quoted using
the C convention.
‘word-format ’
The format to be used to print the memory words. The notation is the same
as for gdb’s print command (see hundefinedi [Output Formats], page hunde-
finedi).
‘word-size ’
The size of each memory word in bytes.
‘aschar ’ If present, indicates that each row should include an ascii dump. The value
of aschar is used as a padding character when a byte is not a member of the
printable ascii character set (printable ascii characters are those whose code
is between 32 and 126, inclusively).
‘byte-offset ’
An offset to add to the address before fetching memory.
This command displays memory contents as a table of nr-rows by nr-cols words, each
word being word-size bytes. In total, nr-rows * nr-cols * word-size bytes are read
(returned as ‘total-bytes’). Should less than the requested number of bytes be returned
by the target, the missing words are identified using ‘N/A’. The number of bytes read from
the target is returned in ‘nr-bytes’ and the starting address used to read memory in ‘addr’.
The address of the next/previous row or page is available in ‘next-row’ and ‘prev-row’,
‘next-page’ and ‘prev-page’.
gdb Command
The corresponding gdb command is ‘x’. gdbtk has ‘gdb_get_mem’ memory read com-
mand.
Chapter 27: The gdb/mi Interface 387
Example
Read six bytes of memory starting at bytes+6 but then offset by -6 bytes. Format as
three rows of two columns. One byte per word. Display each word in hex.
(gdb)
9-data-read-memory -o -6 -- bytes+6 x 1 3 2
9^done,addr="0x00001390",nr-bytes="6",total-bytes="6",
next-row="0x00001396",prev-row="0x0000138e",next-page="0x00001396",
prev-page="0x0000138a",memory=[
{addr="0x00001390",data=["0x00","0x01"]},
{addr="0x00001392",data=["0x02","0x03"]},
{addr="0x00001394",data=["0x04","0x05"]}]
(gdb)
Read two bytes of memory starting at address shorts + 64 and display as a single word
formatted in decimal.
(gdb)
5-data-read-memory shorts+64 d 2 1 1
5^done,addr="0x00001510",nr-bytes="2",total-bytes="2",
next-row="0x00001512",prev-row="0x0000150e",
next-page="0x00001512",prev-page="0x0000150e",memory=[
{addr="0x00001510",data=["128"]}]
(gdb)
Read thirty two bytes of memory starting at bytes+16 and format as eight rows of four
columns. Include a string encoding with ‘x’ used as the non-printable character.
(gdb)
4-data-read-memory bytes+16 x 1 8 4 x
4^done,addr="0x000013a0",nr-bytes="32",total-bytes="32",
next-row="0x000013c0",prev-row="0x0000139c",
next-page="0x000013c0",prev-page="0x00001380",memory=[
{addr="0x000013a0",data=["0x10","0x11","0x12","0x13"],ascii="xxxx"},
{addr="0x000013a4",data=["0x14","0x15","0x16","0x17"],ascii="xxxx"},
{addr="0x000013a8",data=["0x18","0x19","0x1a","0x1b"],ascii="xxxx"},
{addr="0x000013ac",data=["0x1c","0x1d","0x1e","0x1f"],ascii="xxxx"},
{addr="0x000013b0",data=["0x20","0x21","0x22","0x23"],ascii=" !\"#"},
{addr="0x000013b4",data=["0x24","0x25","0x26","0x27"],ascii="$%&’"},
{addr="0x000013b8",data=["0x28","0x29","0x2a","0x2b"],ascii="()*+"},
{addr="0x000013bc",data=["0x2c","0x2d","0x2e","0x2f"],ascii=",-./"}]
(gdb)
Synopsis
-data-read-memory-bytes [ -o byte-offset ]
address count
where:
‘address ’ An expression specifying the address of the first memory word to be read.
Complex expressions containing embedded white space should be quoted using
the C convention.
‘count ’ The number of bytes to read. This should be an integer literal.
388 Debugging with gdb
‘byte-offset ’
The offsets in bytes relative to address at which to start reading. This should
be an integer literal. This option is provided so that a frontend is not required
to first evaluate address and then perform address arithmetics itself.
This command attempts to read all accessible memory regions in the specified range.
First, all regions marked as unreadable in the memory map (if one is defined) will be skipped.
See hundefinedi [Memory Region Attributes], page hundefinedi. Second, gdb will attempt
to read the remaining regions. For each one, if reading full region results in an errors, gdb
will try to read a subset of the region.
In general, every single byte in the region may be readable or not, and the only way to
read every readable byte is to try a read at every address, which is not practical. Therefore,
gdb will attempt to read all accessible bytes at either beginning or the end of the region,
using a binary division scheme. This heuristic works well for reading accross a memory map
boundary. Note that if a region has a readable range that is neither at the beginning or the
end, gdb will not read it.
The result record (see hundefinedi [GDB/MI Result Records], page hundefinedi) that is
output of the command includes a field named ‘memory’ whose content is a list of tuples.
Each tuple represent a successfully read memory block and has the following fields:
begin The start address of the memory block, as hexadecimal literal.
end The end address of the memory block, as hexadecimal literal.
offset The offset of the memory block, as hexadecimal literal, relative to the start
address passed to -data-read-memory-bytes.
contents The contents of the memory block, in hex.
gdb Command
Example
(gdb)
-data-read-memory-bytes &a 10
^done,memory=[{begin="0xbffff154",offset="0x00000000",
end="0xbffff15e",
contents="01000000020000000300"}]
(gdb)
Synopsis
-data-write-memory-bytes address contents
where:
Chapter 27: The gdb/mi Interface 389
‘address ’ An expression specifying the address of the first memory word to be read.
Complex expressions containing embedded white space should be quoted using
the C convention.
‘contents ’
The hex-encoded bytes to write.
gdb Command
Example
(gdb)
-data-write-memory-bytes &a "aabbccdd"
^done
(gdb)
The commands defined in this section implement MI support for tracepoints. For detailed
introduction, see hundefinedi [Tracepoints], page hundefinedi.
Synopsis
-trace-find mode [parameters ...]
Find a trace frame using criteria defined by mode and parameters. The following table
lists permissible modes and their parameters. For details of operation, see hundefinedi
[tfind], page hundefinedi.
‘none’ No parameters are required. Stops examining trace frames.
‘frame-number’
An integer is required as parameter. Selects tracepoint frame with that index.
‘tracepoint-number’
An integer is required as parameter. Finds next trace frame that corresponds
to tracepoint with the specified number.
‘pc’ An address is required as parameter. Finds next trace frame that corresponds
to any tracepoint at the specified address.
‘pc-inside-range’
Two addresses are required as parameters. Finds next trace frame that corre-
sponds to a tracepoint at an address inside the specified range. Both bounds
are considered to be inside the range.
390 Debugging with gdb
‘pc-outside-range’
Two addresses are required as parameters. Finds next trace frame that corre-
sponds to a tracepoint at an address outside the specified range. Both bounds
are considered to be inside the range.
‘line’ Line specification is required as parameter. See hundefinedi [Specify Location],
page hundefinedi. Finds next trace frame that corresponds to a tracepoint at
the specified location.
If ‘none’ was passed as mode, the response does not have fields. Otherwise, the response
may have the following fields:
‘found’ This field has either ‘0’ or ‘1’ as the value, depending on whether a matching
tracepoint was found.
‘traceframe’
The index of the found traceframe. This field is present iff the ‘found’ field has
value of ‘1’.
‘tracepoint’
The index of the found tracepoint. This field is present iff the ‘found’ field has
value of ‘1’.
‘frame’ The information about the frame corresponding to the found trace frame. This
field is present only if a trace frame was found. See hundefinedi [GDB/MI
Frame Information], page hundefinedi, for description of this field.
gdb Command
-trace-define-variable
Synopsis
-trace-define-variable name [ value ]
Create trace variable name if it does not exist. If value is specified, sets the initial value
of the specified trace variable to that value. Note that the name should start with the ‘$’
character.
gdb Command
-trace-list-variables
Chapter 27: The gdb/mi Interface 391
Synopsis
-trace-list-variables
Return a table of all defined trace variables. Each element of the table has the following
fields:
‘name’ The name of the trace variable. This field is always present.
‘initial’ The initial value. This is a 64-bit signed integer. This field is always present.
‘current’ The value the trace variable has at the moment. This is a 64-bit signed integer.
This field is absent iff current value is not defined, for example if the trace was
never run, or is presently running.
gdb Command
Example
(gdb)
-trace-list-variables
^done,trace-variables={nr_rows="1",nr_cols="3",
hdr=[{width="15",alignment="-1",col_name="name",colhdr="Name"},
{width="11",alignment="-1",col_name="initial",colhdr="Initial"},
{width="11",alignment="-1",col_name="current",colhdr="Current"}],
body=[variable={name="$trace_timestamp",initial="0"}
variable={name="$foo",initial="10",current="15"}]}
(gdb)
-trace-save
Synopsis
-trace-save [-r ] filename
Saves the collected trace data to filename. Without the ‘-r’ option, the data is down-
loaded from the target and saved in a local file. With the ‘-r’ option the target is asked to
perform the save.
gdb Command
-trace-start
Synopsis
-trace-start
Starts a tracing experiments. The result of this command does not have any fields.
392 Debugging with gdb
gdb Command
-trace-status
Synopsis
-trace-status
Obtains the status of a tracing experiment. The result may include the following fields:
‘supported’
May have a value of either ‘0’, when no tracing operations are supported, ‘1’,
when all tracing operations are supported, or ‘file’ when examining trace
file. In the latter case, examining of trace frame is possible but new tracing
experiement cannot be started. This field is always present.
‘running’ May have a value of either ‘0’ or ‘1’ depending on whether tracing experiement
is in progress on target. This field is present if ‘supported’ field is not ‘0’.
‘stop-reason’
Report the reason why the tracing was stopped last time. This field may be
absent iff tracing was never stopped on target yet. The value of ‘request’ means
the tracing was stopped as result of the -trace-stop command. The value of
‘overflow’ means the tracing buffer is full. The value of ‘disconnection’
means tracing was automatically stopped when gdb has disconnected. The
value of ‘passcount’ means tracing was stopped when a tracepoint was passed a
maximal number of times for that tracepoint. This field is present if ‘supported’
field is not ‘0’.
‘stopping-tracepoint’
The number of tracepoint whose passcount as exceeded. This field is present
iff the ‘stop-reason’ field has the value of ‘passcount’.
‘frames’
‘frames-created’
The ‘frames’ field is a count of the total number of trace frames in the trace
buffer, while ‘frames-created’ is the total created during the run, including
ones that were discarded, such as when a circular trace buffer filled up. Both
fields are optional.
‘buffer-size’
‘buffer-free’
These fields tell the current size of the tracing buffer and the remaining space.
These fields are optional.
‘circular’
The value of the circular trace buffer flag. 1 means that the trace buffer is
circular and old trace frames will be discarded if necessary to make room, 0
means that the trace buffer is linear and may fill up.
Chapter 27: The gdb/mi Interface 393
‘disconnected’
The value of the disconnected tracing flag. 1 means that tracing will continue
after gdb disconnects, 0 means that the trace run will stop.
gdb Command
-trace-stop
Synopsis
-trace-stop
Stops a tracing experiment. The result of this command has the same fields as -trace-
status, except that the ‘supported’ and ‘running’ fields are not output.
gdb Command
Synopsis
-symbol-list-lines filename
Print the list of lines that contain code and their associated program addresses for the
given source filename. The entries are sorted in ascending PC order.
gdb Command
Example
(gdb)
-symbol-list-lines basics.c
^done,lines=[{pc="0x08048554",line="7"},{pc="0x0804855a",line="8"}]
(gdb)
394 Debugging with gdb
This section describes the GDB/MI commands to specify executable file names and to
read in and obtain symbol table information.
Synopsis
-file-exec-and-symbols file
Specify the executable file to be debugged. This file is the one from which the symbol
table is also read. If no file is specified, the command clears the executable and symbol
information. If breakpoints are set when using this command with no arguments, gdb will
produce error messages. Otherwise, no output is produced, except a completion notification.
gdb Command
Example
(gdb)
-file-exec-and-symbols /kwikemart/marge/ezannoni/TRUNK/mbx/hello.mbx
^done
(gdb)
Synopsis
-file-exec-file file
Specify the executable file to be debugged. Unlike ‘-file-exec-and-symbols’, the
symbol table is not read from this file. If used without argument, gdb clears the information
about the executable file. No output is produced, except a completion notification.
gdb Command
Example
(gdb)
-file-exec-file /kwikemart/marge/ezannoni/TRUNK/mbx/hello.mbx
^done
(gdb)
Chapter 27: The gdb/mi Interface 395
Synopsis
-file-list-exec-source-file
List the line number, the current source file, and the absolute path to the current source
file for the current executable. The macro information field has a value of ‘1’ or ‘0’ depending
on whether or not the file includes preprocessor macro information.
gdb Command
Example
(gdb)
123-file-list-exec-source-file
123^done,line="1",file="foo.c",fullname="/home/bar/foo.c,macro-info="1"
(gdb)
Synopsis
-file-list-exec-source-files
List the source files for the current executable.
It will always output the filename, but only when gdb can find the absolute file name
of a source file, will it output the fullname.
gdb Command
Example
(gdb)
-file-list-exec-source-files
^done,files=[
{file=foo.c,fullname=/home/foo.c},
{file=/home/bar.c,fullname=/home/bar.c},
{file=gdb_could_not_find_fullpath.c}]
(gdb)
Synopsis
-file-symbol-file file
Read symbol table info from the specified file argument. When used without arguments,
clears gdb’s symbol table info. No output is produced, except for a completion notification.
gdb Command
Example
(gdb)
-file-symbol-file /kwikemart/marge/ezannoni/TRUNK/mbx/hello.mbx
^done
(gdb)
Synopsis
-target-attach pid | gid | file
Attach to a process pid or a file file outside of gdb, or a thread group gid. If attaching to
a thread group, the id previously returned by ‘-list-thread-groups --available’ must
be used.
gdb Command
Example
(gdb)
-target-attach 34
=thread-created,id="1"
*stopped,thread-id="1",frame={addr="0xb7f7e410",func="bar",args=[]}
^done
(gdb)
Synopsis
-target-detach [ pid | gid ]
Detach from the remote target which normally resumes its execution. If either pid or gid
is specified, detaches from either the specified process, or specified thread group. There’s
no output.
gdb Command
Example
(gdb)
-target-detach
^done
(gdb)
Synopsis
-target-disconnect
Disconnect from the remote target. There’s no output and the target is generally not
resumed.
gdb Command
Example
(gdb)
-target-disconnect
^done
(gdb)
Synopsis
-target-download
Loads the executable onto the remote target. It prints out an update message every half
second, which includes the fields:
‘section’ The name of the section.
398 Debugging with gdb
‘section-sent’
The size of what has been sent so far for that section.
‘section-size’
The size of the section.
‘total-sent’
The total size of what was sent so far (the current and the previous sections).
‘total-size’
The size of the overall executable to download.
Each message is sent as status record (see hundefinedi [gdb/mi Output Syntax], page hun-
definedi).
In addition, it prints the name and size of the sections, as they are downloaded. These
messages include the following fields:
‘section’ The name of the section.
‘section-size’
The size of the section.
‘total-size’
The size of the overall executable to download.
At the end, a summary is printed.
gdb Command
Example
Note: each status message appears on a single line. Here the messages have been broken
down so that they can fit onto a page.
(gdb)
-target-download
+download,{section=".text",section-size="6668",total-size="9880"}
+download,{section=".text",section-sent="512",section-size="6668",
total-sent="512",total-size="9880"}
+download,{section=".text",section-sent="1024",section-size="6668",
total-sent="1024",total-size="9880"}
+download,{section=".text",section-sent="1536",section-size="6668",
total-sent="1536",total-size="9880"}
+download,{section=".text",section-sent="2048",section-size="6668",
total-sent="2048",total-size="9880"}
+download,{section=".text",section-sent="2560",section-size="6668",
total-sent="2560",total-size="9880"}
+download,{section=".text",section-sent="3072",section-size="6668",
total-sent="3072",total-size="9880"}
+download,{section=".text",section-sent="3584",section-size="6668",
total-sent="3584",total-size="9880"}
+download,{section=".text",section-sent="4096",section-size="6668",
total-sent="4096",total-size="9880"}
Chapter 27: The gdb/mi Interface 399
+download,{section=".text",section-sent="4608",section-size="6668",
total-sent="4608",total-size="9880"}
+download,{section=".text",section-sent="5120",section-size="6668",
total-sent="5120",total-size="9880"}
+download,{section=".text",section-sent="5632",section-size="6668",
total-sent="5632",total-size="9880"}
+download,{section=".text",section-sent="6144",section-size="6668",
total-sent="6144",total-size="9880"}
+download,{section=".text",section-sent="6656",section-size="6668",
total-sent="6656",total-size="9880"}
+download,{section=".init",section-size="28",total-size="9880"}
+download,{section=".fini",section-size="28",total-size="9880"}
+download,{section=".data",section-size="3156",total-size="9880"}
+download,{section=".data",section-sent="512",section-size="3156",
total-sent="7236",total-size="9880"}
+download,{section=".data",section-sent="1024",section-size="3156",
total-sent="7748",total-size="9880"}
+download,{section=".data",section-sent="1536",section-size="3156",
total-sent="8260",total-size="9880"}
+download,{section=".data",section-sent="2048",section-size="3156",
total-sent="8772",total-size="9880"}
+download,{section=".data",section-sent="2560",section-size="3156",
total-sent="9284",total-size="9880"}
+download,{section=".data",section-sent="3072",section-size="3156",
total-sent="9796",total-size="9880"}
^done,address="0x10004",load-size="9880",transfer-rate="6586",
write-rate="429"
(gdb)
gdb Command
No equivalent.
Example
N.A.
Synopsis
-target-select type parameters ...
Connect gdb to the remote target. This command takes two args:
‘type ’ The type of target, for instance ‘remote’, etc.
‘parameters ’
Device names, host names and the like. See hundefinedi [Commands for Man-
aging Targets], page hundefinedi, for more details.
The output is a connection notification, followed by the address at which the target
program is, in the following form:
^connected,addr="address ",func="function name ",
args=[arg list ]
400 Debugging with gdb
gdb Command
Example
(gdb)
-target-select remote /dev/ttya
^connected,addr="0xfe00a300",func="??",args=[]
(gdb)
Synopsis
-target-file-put hostfile targetfile
Copy file hostfile from the host system (the machine running gdb) to targetfile on the
target system.
gdb Command
Example
(gdb)
-target-file-put localfile remotefile
^done
(gdb)
Synopsis
-target-file-get targetfile hostfile
Copy file targetfile from the target system to hostfile on the host system.
gdb Command
Example
(gdb)
-target-file-get remotefile localfile
^done
(gdb)
Synopsis
-target-file-delete targetfile
Delete targetfile from the target system.
gdb Command
Example
(gdb)
-target-file-delete remotefile
^done
(gdb)
Synopsis
-gdb-exit
Exit gdb immediately.
gdb Command
Example
(gdb)
-gdb-exit
^exit
Synopsis
-gdb-set
Set an internal gdb variable.
gdb Command
Example
(gdb)
-gdb-set $foo=3
^done
(gdb)
Synopsis
-gdb-show
Show the current value of a gdb variable.
gdb Command
Example
(gdb)
-gdb-show annotate
^done,value="0"
(gdb)
Synopsis
-gdb-version
Show version information for gdb. Used mostly in testing.
gdb Command
The gdb equivalent is ‘show version’. gdb by default shows this information when you
start an interactive session.
Chapter 27: The gdb/mi Interface 403
Example
(gdb)
-gdb-version
~GNU gdb 5.2.1
~Copyright 2000 Free Software Foundation, Inc.
~GDB is free software, covered by the GNU General Public License, and
~you are welcome to change it and/or distribute copies of it under
~ certain conditions.
~Type "show copying" to see the conditions.
~There is absolutely no warranty for GDB. Type "show warranty" for
~ details.
~This GDB was configured as
"--host=sparc-sun-solaris2.5.1 --target=ppc-eabi".
^done
(gdb)
Returns a list of particular features of the MI protocol that this version of gdb imple-
ments. A feature can be a command, or a new field in an output of some command, or
even an important bugfix. While a frontend can sometimes detect presence of a feature at
runtime, it is easier to perform detection at debugger startup.
The command returns a list of strings, with each string naming an available feature.
Each returned string is just a name, it does not have any internal structure. The list of
possible feature names is given below.
Example output:
(gdb) -list-features
^done,result=["feature1","feature2"]
The current list of features is:
‘frozen-varobjs’
Indicates presence of the -var-set-frozen command, as well as possible pre-
sense of the frozen field in the output of -varobj-create.
‘pending-breakpoints’
Indicates presence of the ‘-f’ option to the -break-insert command.
‘python’ Indicates presence of Python scripting support, Python-based pretty-printing
commands, and possible presence of the ‘display_hint’ field in the output of
-var-list-children
‘thread-info’
Indicates presence of the -thread-info command.
‘data-read-memory-bytes’
Indicates presense of the -data-read-memory-bytes and the -data-write-
memory-bytes commands.
Returns a list of particular features that are supported by the target. Those features
affect the permitted MI commands, but unlike the features reported by the -list-features
404 Debugging with gdb
command, the features depend on which target GDB is using at the moment. Whenever
a target can change, due to commands such as -target-select, -target-attach or -
exec-run, the list of target features may change, and the frontend should obtain it again.
Example output:
(gdb) -list-features
^done,result=["async"]
The current list of features is:
‘async’ Indicates that the target is capable of asynchronous command execution, which
means that gdb will accept further commands while the target is running.
‘reverse’ Indicates that the target is capable of reverse execution. See hundefinedi [Re-
verse Execution], page hundefinedi, for more information.
Synopsis
-list-thread-groups [ --available ] [ --recurse 1 ] [ group ... ]
Lists thread groups (see hundefinedi [Thread groups], page hundefinedi). When a single
thread group is passed as the argument, lists the children of that group. When several thread
group are passed, lists information about those thread groups. Without any parameters,
lists information about all top-level thread groups.
Normally, thread groups that are being debugged are reported. With the ‘--available’
option, gdb reports thread groups available on the target.
The output of this command may have either a ‘threads’ result or a ‘groups’ result.
The ‘thread’ result has a list of tuples as value, with each tuple describing a thread (see
hundefinedi [GDB/MI Thread Information], page hundefinedi). The ‘groups’ result has a
list of tuples as value, each tuple describing a thread group. If top-level groups are requested
(that is, no parameter is passed), or when several groups are passed, the output always has
a ‘groups’ result. The format of the ‘group’ result is described below.
To reduce the number of roundtrips it’s possible to list thread groups together with
their children, by passing the ‘--recurse’ option and the recursion depth. Presently, only
recursion depth of 1 is permitted. If this option is present, then every reported thread group
will also include its children, either as ‘group’ or ‘threads’ field.
In general, any combination of option and parameters is permitted, with the following
caveats:
• When a single thread group is passed, the output will typically be the ‘threads’ result.
Because threads may not contain anything, the ‘recurse’ option will be ignored.
• When the ‘--available’ option is passed, limited information may be available. In
particular, the list of threads of a process might be inaccessible. Further, specifying
specific thread groups might not give any performance advantage over listing all thread
groups. The frontend should assume that ‘-list-thread-groups --available’ is
always an expensive operation and cache the results.
The ‘groups’ result is a list of tuples, where each tuple may have the following fields:
Chapter 27: The gdb/mi Interface 405
id Identifier of the thread group. This field is always present. The identifier is an
opaque string; frontends should not try to convert it to an integer, even though
it might look like one.
type The type of the thread group. At present, only ‘process’ is a valid type.
pid The target-specific process identifier. This field is only present for thread groups
of type ‘process’ and only if the process exists.
num_children
The number of children this thread group has. This field may be absent for an
available thread group.
threads This field has a list of tuples as value, each tuple describing a thread. It may
be present if the ‘--recurse’ option is specified, and it’s actually possible to
obtain the threads.
cores This field is a list of integers, each identifying a core that one thread of the group
is running on. This field may be absent if such information is not available.
executable
The name of the executable file that corresponds to this thread group. The
field is only present for thread groups of type ‘process’, and only if there is a
corresponding executable file.
Example
gdb
-list-thread-groups
^done,groups=[{id="17",type="process",pid="yyy",num_children="2"}]
-list-thread-groups 17
^done,threads=[{id="2",target-id="Thread 0xb7e14b90 (LWP 21257)",
frame={level="0",addr="0xffffe410",func="__kernel_vsyscall",args=[]},state="running"},
{id="1",target-id="Thread 0xb7e156b0 (LWP 21254)",
frame={level="0",addr="0x0804891f",func="foo",args=[{name="i",value="10"}],
file="/tmp/a.c",fullname="/tmp/a.c",line="158"},state="running"}]]
-list-thread-groups --available
^done,groups=[{id="17",type="process",pid="yyy",num_children="2",cores=[1,2]}]
-list-thread-groups --available --recurse 1
^done,groups=[{id="17", types="process",pid="yyy",num_children="2",cores=[1,2],
threads=[{id="1",target-id="Thread 0xb7e14b90",cores=[1]},
{id="2",target-id="Thread 0xb7e14b90",cores=[2]}]},..]
-list-thread-groups --available --recurse 1 17 18
^done,groups=[{id="17", types="process",pid="yyy",num_children="2",cores=[1,2],
threads=[{id="1",target-id="Thread 0xb7e14b90",cores=[1]},
{id="2",target-id="Thread 0xb7e14b90",cores=[2]}]},...]
Synopsis
-add-inferior
Creates a new inferior (see hundefinedi [Inferiors and Programs], page hundefinedi). The
created inferior is not associated with any executable. Such association may be established
406 Debugging with gdb
Example
gdb
-add-inferior
^done,thread-group="i3"
Synopsis
-interpreter-exec interpreter command
Execute the specified command in the given interpreter.
gdb Command
Example
(gdb)
-interpreter-exec console "break main"
&"During symbol reading, couldn’t parse type; debugger out of date?.\n"
&"During symbol reading, bad structure-type format.\n"
~"Breakpoint 1 at 0x8074fc6: file ../../src/gdb/main.c, line 743.\n"
^done
(gdb)
Synopsis
-inferior-tty-set /dev/pts/1
Set terminal for future runs of the program being debugged.
gdb Command
Example
(gdb)
-inferior-tty-set /dev/pts/1
^done
(gdb)
Chapter 27: The gdb/mi Interface 407
Synopsis
-inferior-tty-show
Show terminal for future runs of program being debugged.
gdb Command
Example
(gdb)
-inferior-tty-set /dev/pts/1
^done
(gdb)
-inferior-tty-show
^done,inferior_tty_terminal="/dev/pts/1"
(gdb)
Synopsis
-enable-timings [yes | no]
Toggle the printing of the wallclock, user and system times for an MI command as a
field in its output. This command is to help frontend developers optimize the performance
of their code. No argument is equivalent to ‘yes’.
gdb Command
No equivalent.
Example
(gdb)
-enable-timings
^done
(gdb)
-break-insert main
^done,bkpt={number="1",type="breakpoint",disp="keep",enabled="y",
addr="0x080484ed",func="main",file="myprog.c",
fullname="/home/nickrob/myprog.c",line="73",times="0"},
time={wallclock="0.05185",user="0.00800",system="0.00000"}
(gdb)
-enable-timings no
^done
408 Debugging with gdb
(gdb)
-exec-run
^running
(gdb)
*stopped,reason="breakpoint-hit",disp="keep",bkptno="1",thread-id="0",
frame={addr="0x080484ed",func="main",args=[{name="argc",value="1"},
{name="argv",value="0xbfb60364"}],file="myprog.c",
fullname="/home/nickrob/myprog.c",line="73"}
(gdb)
Chapter 28: gdb Annotations 409
28 gdb Annotations
This chapter describes annotations in gdb. Annotations were designed to interface gdb
to graphical user interfaces or other similar programs which want to interact with gdb at
a relatively high level.
The annotation mechanism has largely been superseded by gdb/mi (see hundefinedi
[GDB/MI], page hundefinedi).
Annotations start with a newline character, two ‘control-z’ characters, and the name
of the annotation. If there is no additional information associated with this annotation,
the name of the annotation is followed immediately by a newline. If there is additional
information, the name of the annotation is followed by a space, the additional information,
and a newline. The additional information cannot contain newline characters.
Any output not beginning with a newline and two ‘control-z’ characters denotes literal
output from gdb. Currently there is no need for gdb to output a newline followed by two
‘control-z’ characters, but if there was such a need, the annotations could be extended
with an ‘escape’ annotation which means those three characters as output.
The annotation level, which is specified using the ‘--annotate’ command line option (see
hundefinedi [Mode Options], page hundefinedi), controls how much information gdb prints
together with its prompt, values of expressions, source lines, and other types of output.
Level 0 is for no annotations, level 1 is for use when gdb is run as a subprocess of gnu
Emacs, level 3 is the maximum annotation suitable for programs that control gdb, and
level 2 annotations have been made obsolete (see section “Limitations of the Annotation
Interface” in GDB’s Obsolete Annotations).
^Z^Zpre-prompt
(gdb)
410 Debugging with gdb
^Z^Zprompt
quit
^Z^Zpost-prompt
$
Here ‘quit’ is input to gdb; the rest is output from gdb. The three lines beginning
‘^Z^Z’ (where ‘^Z’ denotes a ‘control-z’ character) are annotations; the rest is output
from gdb.
If you prefix a command with ‘server ’ then it will not affect the command history, nor
will it affect gdb’s notion of which command to repeat if hRETi is pressed on a line by itself.
This means that commands can be run behind a user’s back by a front-end in a transparent
manner.
The server prefix does not affect the recording of values into the value history; to print
a value without recording it into the value history, use the output command instead of the
print command.
Using this prefix also disables confirmation requests (see hundefinedi [confirmation re-
quests], page hundefinedi).
When gdb prompts for input, it annotates this fact so it is possible to know when to
send output, when the output from a given command is over, etc.
Different kinds of input each have a different input type. Each input type has three
annotations: a pre- annotation, which denotes the beginning of any prompt which is being
output, a plain annotation, which denotes the end of the prompt, and then a post- anno-
tation which denotes the end of any echo which may (or may not) be associated with the
input. For example, the prompt input type features the following annotations:
^Z^Zpre-prompt
^Z^Zprompt
^Z^Zpost-prompt
The input types are
prompt When gdb is prompting for a command (the main gdb prompt).
commands When gdb prompts for a set of commands, like in the commands command.
The annotations are repeated for each command which is input.
overload-choice
When gdb wants the user to select between various overloaded functions.
query When gdb wants the user to confirm a potentially dangerous operation.
prompt-for-continue
When gdb is asking the user to press return to continue. Note: Don’t expect
this to work well; instead use set height 0 to disable prompting. This is
because the counting of lines is buggy in the presence of annotations.
Chapter 28: gdb Annotations 411
28.4 Errors
^Z^Zquit
This annotation occurs right before gdb responds to an interrupt.
^Z^Zerror
This annotation occurs right before gdb responds to an error.
Quit and error annotations indicate that any annotations which gdb was in the middle
of may end abruptly. For example, if a value-history-begin annotation is followed by a
error, one cannot expect to receive the matching value-history-end. One cannot expect
not to receive it either, however; an error annotation does not necessarily mean that gdb
is immediately returning all the way to the top level.
A quit or error annotation may be preceded by
^Z^Zerror-begin
Any output between that and the quit or error annotation is the error message.
Warning messages are not yet annotated.
The following annotations say that certain pieces of state may have changed.
^Z^Zframes-invalid
The frames (for example, output from the backtrace command) may have
changed.
^Z^Zbreakpoints-invalid
The breakpoints may have changed. For example, the user just added or deleted
a breakpoint.
When the program starts executing due to a gdb command such as step or continue,
^Z^Zstarting
is output. When the program stops,
^Z^Zstopped
is output. Before the stopped annotation, a variety of annotations describe how the
program stopped.
^Z^Zexited exit-status
The program exited, and exit-status is the exit status (zero for successful exit,
otherwise nonzero).
^Z^Zsignalled
The program exited with a signal. After the ^Z^Zsignalled, the annotation
continues:
412 Debugging with gdb
intro-text
^Z^Zsignal-name
name
^Z^Zsignal-name-end
middle-text
^Z^Zsignal-string
string
^Z^Zsignal-string-end
end-text
where name is the name of the signal, such as SIGILL or SIGSEGV, and string is
the explanation of the signal, such as Illegal Instruction or Segmentation
fault. intro-text, middle-text, and end-text are for the user’s benefit and have
no particular format.
^Z^Zsignal
The syntax of this annotation is just like signalled, but gdb is just saying
that the program received the signal, not that it was terminated with it.
^Z^Zbreakpoint number
The program hit breakpoint number number.
^Z^Zwatchpoint number
The program hit watchpoint number number.
These are the relevant struct declarations that a C program should include to implement
the interface:
typedef enum
{
JIT_NOACTION = 0,
JIT_REGISTER_FN,
JIT_UNREGISTER_FN
} jit_actions_t;
struct jit_code_entry
{
struct jit_code_entry *next_entry;
struct jit_code_entry *prev_entry;
const char *symfile_addr;
uint64_t symfile_size;
};
struct jit_descriptor
{
uint32_t version;
/* This type should be jit_actions_t, but we use uint32_t
to be explicit about the bitwidth. */
uint32_t action_flag;
struct jit_code_entry *relevant_entry;
struct jit_code_entry *first_entry;
};
To register code with gdb, the JIT should follow this protocol:
• Generate an object file in memory with symbols and other desired debug information.
The file must include the virtual addresses of the sections.
• Create a code entry for the file, which gives the start and size of the symbol file.
• Add it to the linked list in the JIT descriptor.
• Point the relevant entry field of the descriptor at the entry.
• Set action_flag to JIT_REGISTER and call __jit_debug_register_code.
When gdb is attached and the breakpoint fires, gdb uses the relevant_entry pointer
so it doesn’t have to walk the list looking for new code. However, the linked list must still
be maintained in order to allow gdb to attach to a running process and still find the symbol
files.
If code is freed, then the JIT should use the following protocol:
• Remove the code entry corresponding to the code from the linked list.
• Point the relevant_entry field of the descriptor at the code entry.
• Set action_flag to JIT_UNREGISTER and call __jit_debug_register_code.
If the JIT frees or recompiles code without unregistering it, then gdb and the JIT will
leak the memory used for the associated symbol files.
Chapter 30: Reporting Bugs in gdb 415
If you are not sure whether you have found a bug, here are some guidelines:
• If the debugger gets a fatal signal, for any input whatever, that is a gdb bug. Reliable
debuggers never crash.
• If gdb produces an error message for valid input, that is a bug. (Note that if you’re
cross debugging, the problem may also be somewhere in the connection to the target.)
• If gdb does not produce an error message for invalid input, that is a bug. However,
you should note that your idea of “invalid input” might be our idea of “an extension”
or “support for traditional practice”.
• If you are an experienced user of debugging tools, your suggestions for improvement of
gdb are welcome in any case.
A number of companies and individuals offer support for gnu products. If you obtained
gdb from a support organization, we recommend you contact that organization first.
You can find contact information for many support companies and individuals in the file
‘etc/SERVICE’ in the gnu Emacs distribution.
DEFAULTIn any event, we also recommend that you submit bug reports for gdb. The
preferred method is to submit them directly using gdb’s Bugs web page. Alternatively, the
e-mail gateway can be used.
Do not send bug reports to ‘info-gdb’, or to ‘help-gdb’, or to any newsgroups. Most
users of gdb do not want to receive bug reports. Those that do have arranged to receive
‘bug-gdb’.
The mailing list ‘bug-gdb’ has a newsgroup ‘gnu.gdb.bug’ which serves as a repeater.
The mailing list and the newsgroup carry exactly the same messages. Often people think of
posting bug reports to the newsgroup instead of mailing them. This appears to work, but
it has one problem which can be crucial: a newsgroup posting often lacks a mail path back
to the sender. Thus, if we need to ask for more information, we may be unable to reach
you. For this reason, it is better to send bug reports to the mailing list. DEFAULT
The fundamental principle of reporting bugs usefully is this: report all the facts. If you
are not sure whether to state a fact or leave it out, state it!
416 Debugging with gdb
Often people omit facts because they think they know what causes the problem and
assume that some details do not matter. Thus, you might assume that the name of the
variable you use in an example does not matter. Well, probably it does not, but one cannot
be sure. Perhaps the bug is a stray memory reference which happens to fetch from the
location where that name is stored in memory; perhaps, if the name were different, the
contents of that location would fool the debugger into doing the right thing despite the bug.
Play it safe and give a specific, complete example. That is the easiest thing for you to do,
and the most helpful.
Keep in mind that the purpose of a bug report is to enable us to fix the bug. It may
be that the bug has been reported previously, but neither you nor we can know that unless
your bug report is complete and self-contained.
Sometimes people give a few sketchy facts and ask, “Does this ring a bell?” Those bug
reports are useless, and we urge everyone to refuse to respond to them except to chide the
sender to report bugs properly.
To enable us to fix the bug, you should include all these things:
• The version of gdb. gdb announces it if you start with no arguments; you can also
print it at any time using show version.
Without this, we will not know whether there is any point in looking for the bug in the
current version of gdb.
• The type of machine you are using, and the operating system name and version number.
• What compiler (and its version) was used to compile gdb—e.g. “gcc–2.8.1”.
• What compiler (and its version) was used to compile the program you are debugging—
e.g. “gcc–2.8.1”, or “HP92453-01 A.10.32.03 HP C Compiler”. For gcc, you can say
gcc --version to get this information; for other compilers, see the documentation for
those compilers.
• The command arguments you gave the compiler to compile your example and observe
the bug. For example, did you use ‘-O’? To guarantee you will not omit something
important, list them all. A copy of the Makefile (or the output from make) is sufficient.
If we were to try to guess the arguments, we would probably guess wrong and then we
might not encounter the bug.
• A complete input script, and all necessary source files, that will reproduce the bug.
• A description of what behavior you observe that you believe is incorrect. For example,
“It gets a fatal signal.”
Of course, if the bug is that gdb gets a fatal signal, then we will certainly notice it.
But if the bug is incorrect output, we might not notice unless it is glaringly wrong.
You might as well not give us a chance to make a mistake.
Even if the problem you experience is a fatal signal, you should still say so explicitly.
Suppose something strange is going on, such as, your copy of gdb is out of synch, or
you have encountered a bug in the C library on your system. (This has happened!)
Your copy might crash and ours would not. If you told us to expect a crash, then when
ours fails to crash, we would know that the bug was not happening for us. If you had
not told us to expect a crash, then we would not be able to draw any conclusion from
our observations.
Chapter 30: Reporting Bugs in gdb 417
To collect all this information, you can use a session recording program such as script,
which is available on many Unix systems. Just run your gdb session inside script and
then include the ‘typescript’ file with your bug report.
Another way to record a gdb session is to run gdb inside Emacs and then save the
entire buffer to a file.
• If you wish to suggest changes to the gdb source, send us context diffs. If you even
discuss something in the gdb source, refer to it by context, not by line number.
The line numbers in our development sources will not match those in your sources.
Your line numbers would convey no useful information to us.
Here are some things that are not necessary:
• A description of the envelope of the bug.
Often people who encounter a bug spend a lot of time investigating which changes to
the input file will make the bug go away and which changes will not affect it.
This is often time consuming and not very useful, because the way we will find the
bug is by running a single example under the debugger with breakpoints, not by pure
deduction from a series of examples. We recommend that you save your time for
something else.
Of course, if you can find a simpler example to report instead of the original one, that
is a convenience for us. Errors in the output will be easier to spot, running under the
debugger will take less time, and so on.
However, simplification is not vital; if you do not want to do this, report the bug
anyway and send us the entire test case you used.
• A patch for the bug.
A patch for the bug does help us if it is a good one. But do not omit the necessary
information, such as the test case, on the assumption that a patch is all we need. We
might see problems with your patch and decide to fix the problem another way, or we
might not understand it at all.
Sometimes with a program as complicated as gdb it is very hard to construct an
example that will make the program follow a certain path through the code. If you do
not send us the example, we will not be able to construct one, so we will not be able
to verify that the bug is fixed.
And if we cannot understand what bug you are trying to fix, or why your patch should
be an improvement, we will not install it. A test case will help us to understand.
• A guess about what the bug is or what it depends on.
Such guesses are usually wrong. Even we cannot guess right about such things without
first using the debugger to find the facts.
READLINE
418 Debugging with gdb
Appendix A: Formatting Documentation 419
make gdb.dvi
Then give ‘gdb.dvi’ to your dvi printing program.
Appendix B: Installing gdb 421
Building gdb requires various tools and packages to be available. Other packages will
be used only if they are found.
Expat gdb can use the Expat XML parsing library. This library may be included with
your operating system distribution; if it is not, you can get the latest version
from http://expat.sourceforge.net. The ‘configure’ script will search for
this library in several standard locations; if it is installed in an unusual path,
you can use the ‘--with-libexpat-prefix’ option to specify its location.
Expat is used for:
• Remote protocol memory maps (see hundefinedi [Memory Map Format],
page hundefinedi)
• Target descriptions (see hundefinedi [Target Descriptions], page hunde-
finedi)
• Remote shared library lists (see hundefinedi [Library List Format],
page hundefinedi)
• MS-Windows shared libraries (see hundefinedi [Shared Libraries], page hun-
definedi)
zlib gdb will use the ‘zlib’ library, if available, to read compressed debug sections.
Some linkers, such as GNU gold, are capable of producing binaries with com-
pressed debug sections. If gdb is compiled with ‘zlib’, it will be able to read
the debug information in such binaries.
The ‘zlib’ library is likely included with your operating system distribution; if
it is not, you can get the latest version from http://zlib.net.
iconv gdb’s features related to character sets (see hundefinedi [Character Sets],
page hundefinedi) require a functioning iconv implementation. If you are on
a GNU system, then this is provided by the GNU C Library. Some other
systems also provide a working iconv.
On systems with iconv, you can install GNU Libiconv. If you have previ-
ously installed Libiconv, you can use the ‘--with-libiconv-prefix’ option to
configure.
422 Debugging with gdb
cd gdb-7.2.50.20110211
./configure host
make
where host is an identifier such as ‘sun4’ or ‘decstation’, that identifies the platform where
gdb will run. (You can often leave off host; ‘configure’ tries to guess the correct value by
examining your system.)
Running ‘configure host ’ and then running make builds the ‘bfd’, ‘readline’,
‘mmalloc’, and ‘libiberty’ libraries, then gdb itself. The configured source files, and the
binaries, are left in the corresponding source directories.
‘configure’ is a Bourne-shell (/bin/sh) script; if your system does not recognize this
automatically when you run a different shell, you may need to run sh on it explicitly:
sh configure host
If you run ‘configure’ from a directory that contains source directories for multiple
libraries or programs, such as the ‘gdb-7.2.50.20110211’ source directory for version
7.2.50.20110211, ‘configure’ creates configuration files for every directory level underneath
(unless you tell it not to, with the ‘--norecursion’ option).
You should run the ‘configure’ script from the top directory in the source tree, the
‘gdb-version-number ’ directory. If you run ‘configure’ from one of the subdirectories,
you will configure only that subdirectory. That is usually not what you want. In particular,
if you run the first ‘configure’ from the ‘gdb’ subdirectory of the ‘gdb-version-number ’
directory, you will omit the configuration of ‘bfd’, ‘readline’, and other sibling directories
of the ‘gdb’ subdirectory. This leads to build errors about missing include files such as
‘bfd/bfd.h’.
You can install gdb anywhere; it has no hardwired paths. However, you should make
sure that the shell on your path (named by the ‘SHELL’ environment variable) is publicly
readable. Remember that gdb uses the shell to start your program—some systems refuse
to let gdb debug child processes whose programs are not readable.
If you want to run gdb versions for several host or target machines, you need a different
gdb compiled for each combination of host and target. ‘configure’ is designed to make
this easy by allowing you to generate each configuration in a separate subdirectory, rather
than in the source directory. If your make program handles the ‘VPATH’ feature (gnu make
does), running make in each of these directories builds the gdb program specified there.
To build gdb in a separate directory, run ‘configure’ with the ‘--srcdir’ option to
specify where to find the source. (You also need to specify a path to find ‘configure’ itself
from your working directory. If the path to ‘configure’ would be the same as the argument
to ‘--srcdir’, you can leave out the ‘--srcdir’ option; it is assumed.)
For example, with version 7.2.50.20110211, you can build gdb in a separate directory
for a Sun 4 like this:
cd gdb-7.2.50.20110211
mkdir ../gdb-sun4
cd ../gdb-sun4
../gdb-7.2.50.20110211/configure sun4
make
424 Debugging with gdb
The specifications used for hosts and targets in the ‘configure’ script are based on a
three-part naming scheme, but some short predefined aliases are also supported. The full
naming scheme encodes three pieces of information in the following pattern:
architecture-vendor-os
For example, you can use the alias sun4 as a host argument, or as the value for target
in a --target=target option. The equivalent full name is ‘sparc-sun-sunos4’.
The ‘configure’ script accompanying gdb does not provide any query facility to list
all supported host and target names or aliases. ‘configure’ calls the Bourne shell script
config.sub to map abbreviations to full names; you can read the script, if you wish, or
you can use it to test your guesses on abbreviations—for example:
% sh config.sub i386-linux
i386-pc-linux-gnu
% sh config.sub alpha-linux
alpha-unknown-linux-gnu
% sh config.sub hp9k700
hppa1.1-hp-hpux
% sh config.sub sun4
sparc-sun-sunos4.1.1
% sh config.sub sun3
m68k-sun-sunos4.1.1
% sh config.sub i986v
Invalid configuration ‘i986v’: machine ‘i986v’ not recognized
Appendix B: Installing gdb 425
Here is a summary of the ‘configure’ options and arguments that are most often useful
for building gdb. ‘configure’ also has several other options not listed here. See Info file
‘configure.info’, node ‘What Configure Does’, for a full explanation of ‘configure’.
configure [--help]
[--prefix=dir ]
[--exec-prefix=dir ]
[--srcdir=dirname ]
[--norecursion] [--rm]
[--target=target ]
host
You may introduce options with a single ‘-’ rather than ‘--’ if you prefer; but you may
abbreviate option names if you use ‘--’.
--help Display a quick summary of how to invoke ‘configure’.
--prefix=dir
Configure the source to install programs and files under directory ‘dir ’.
--exec-prefix=dir
Configure the source to install programs under directory ‘dir ’.
--srcdir=dirname
Warning: using this option requires gnu make, or another make that imple-
ments the VPATH feature.
Use this option to make configurations in directories separate from the gdb
source directories. Among other things, you can use this to build (or main-
tain) several configurations simultaneously, in separate directories. ‘configure’
writes configuration-specific files in the current directory, but arranges for them
to use the source in the directory dirname. ‘configure’ creates directories un-
der the working directory in parallel to the source directories below dirname.
--norecursion
Configure only the directory level where ‘configure’ is executed; do not prop-
agate configuration to subdirectories.
--target=target
Configure gdb for cross-debugging programs running on the specified target.
Without this option, gdb is configured to debug programs that run on the same
machine (host) as gdb itself.
There is no convenient way to generate a list of all available targets.
host ... Configure gdb to run on the specified host.
There is no convenient way to generate a list of all available hosts.
There are many other options available as well, but they are generally needed for special
purposes only.
426 Debugging with gdb
gdb can be configured to have a system-wide init file; this file will be read and executed
at startup (see hundefinedi [What gdb does during startup], page hundefinedi).
Here is the corresponding configure option:
--with-system-gdbinit=file
Specify that the default location of the system-wide init file is file.
If gdb has been configured with the option ‘--prefix=$prefix’, it may be subject to
relocation. Two possible cases:
• If the default location of this init file contains ‘$prefix’, it will be subject
to relocation. Suppose that the configure options are ‘--prefix=$prefix
--with-system-gdbinit=$prefix/etc/gdbinit’; if gdb is moved from ‘$prefix’ to
‘$install’, the system init file is looked for as ‘$install/etc/gdbinit’ instead of
‘$prefix/etc/gdbinit’.
• By contrast, if the default location does not contain the prefix, it will not
be relocated. E.g. if gdb has been configured with ‘--prefix=/usr/local
--with-system-gdbinit=/usr/share/gdb/gdbinit’, then gdb will always look for
‘/usr/share/gdb/gdbinit’, wherever gdb is installed.
Appendix C: Maintenance Commands 427
set displaced-stepping
show displaced-stepping
Control whether or not gdb will do displaced stepping if the target supports it.
Displaced stepping is a way to single-step over breakpoints without removing
them from the inferior, by executing an out-of-line copy of the instruction that
was originally at the breakpoint location. It is also known as out-of-line single-
stepping.
428 Debugging with gdb
set displaced-stepping on
If the target architecture supports it, gdb will use displaced step-
ping to step over breakpoints.
set displaced-stepping off
gdb will not use displaced stepping to step over breakpoints, even
if such is supported by the target architecture.
set displaced-stepping auto
This is the default mode. gdb will use displaced stepping only
if non-stop mode is active (see hundefinedi [Non-Stop Mode],
page hundefinedi) and the target architecture supports displaced
stepping.
maint check-symtabs
Check the consistency of psymtabs and symtabs.
maint cplus first_component name
Print the first C++ class/namespace component of name.
maint cplus namespace
Print the list of possible C++ namespaces.
maint demangle name
Demangle a C++ or Objective-C mangled name.
maint deprecate command [replacement ]
maint undeprecate command
Deprecate or undeprecate the named command. Deprecated commands cause
gdb to issue a warning when you use them. The optional argument replacement
says which newer command should be used in favor of the deprecated one; if it
is given, gdb will mention the replacement as part of the warning.
maint dump-me
Cause a fatal signal in the debugger and force it to dump its core. This is
supported only on systems which support aborting a program with the SIGQUIT
signal.
maint internal-error [message-text ]
maint internal-warning [message-text ]
Cause gdb to call the internal function internal_error or internal_warning
and hence behave as though an internal error or internal warning has been
detected. In addition to reporting the internal problem, these functions give
the user the opportunity to either quit gdb or create a core file of the current
gdb session.
These commands take an optional parameter message-text that is used as the
text of the error or warning message.
Here’s an example of using internal-error:
(gdb) maint internal-error testing, 1, 2
.../maint.c:121: internal-error: testing, 1, 2
A problem internal to GDB has been detected. Further
debugging may prove unreliable.
Appendix C: Maintenance Commands 429
‘quit’ You can specify that gdb should always (yes) or never (no) quit.
The default is to ask the user what to do.
‘corefile’
You can specify that gdb should always (yes) or never (no) create
a core file. The default is to ask the user what to do.
flushregs
This command forces gdb to flush its internal register cache.
maint print objfiles
Print a dump of all known object files. For each object file, this command
prints its name, address in memory, and all of its psymtabs and symtabs.
maint print section-scripts [regexp ]
Print a dump of scripts specified in the .debug_gdb_section section. If regexp
is specified, only print scripts loaded by object files matching regexp. For each
script, this command prints its name as specified in the objfile, and the full
path if known. See hundefinedi [.debug gdb scripts section], page hundefinedi.
maint print statistics
This command prints, for each object file in the program, various data about
that object file followed by the byte cache (bcache) statistics for the object
file. The objfile data includes the number of minimal, partial, full, and stabs
symbols, the number of types defined by the objfile, the number of as yet
unexpanded psym tables, the number of line tables and string tables, and the
amount of memory used by the various tables. The bcache statistics include the
counts, sizes, and counts of duplicates of all and unique objects, max, average,
and median entry size, total memory used and its overhead and savings, and
various measures of the hash table size and chain lengths.
Appendix C: Maintenance Commands 431
overwrite the profiling log file (often called ‘gmon.out’). If you have a record
of important profiling data in a ‘gmon.out’ file, be sure to move it to a safe
location.
Configuring with ‘--enable-profiling’ arranges for gdb to be compiled with
the ‘-pg’ compiler option.
maint set show-debug-regs
maint show show-debug-regs
Control whether to show variables that mirror the hardware debug registers.
Use ON to enable, OFF to disable. If enabled, the debug registers values are
shown when gdb inserts or removes a hardware breakpoint or watchpoint, and
when the inferior triggers a hardware-assisted breakpoint or watchpoint.
maint set show-all-tib
maint show show-all-tib
Control whether to show all non zero areas within a 1k block starting at thread
local base, when using the ‘info w32 thread-information-block’ command.
maint space
Control whether to display memory usage for each command. If set to a
nonzero value, gdb will display how much memory each command took, follow-
ing the command’s own output. This can also be requested by invoking gdb
with the ‘--statistics’ command-line switch (see hundefinedi [Mode Options],
page hundefinedi).
maint time
Control whether to display the execution time for each command. If set to a
nonzero value, gdb will display how much time it took to execute each com-
mand, following the command’s own output. The time is not printed for the
commands that run the target, since there’s no mechanism currently to compute
how much time was spend by gdb and how much time was spend by the pro-
gram been debugged. it’s not possibly currently This can also be requested by
invoking gdb with the ‘--statistics’ command-line switch (see hundefinedi
[Mode Options], page hundefinedi).
maint translate-address [section ] addr
Find the symbol stored at the location specified by the address addr and an
optional section name section. If found, gdb prints the name of the closest
symbol and an offset from the symbol’s location to the specified address. This is
similar to the info address command (see hundefinedi [Symbols], page hunde-
finedi), except that this command also allows to find symbols in other sections.
If section was not specified, the section in which the symbol was found is also
printed. For dynamically linked executables, the name of executable or shared
library containing the symbol is printed as well.
The following command is useful for non-interactive invocations of gdb, such as in the
test suite.
set watchdog nsec
Set the maximum number of seconds gdb will wait for the target operation to
finish. If this time expires, gdb reports and error and the command is aborted.
Appendix C: Maintenance Commands 433
show watchdog
Show the current setting of the target wait timeout.
434 Debugging with gdb
Appendix D: gdb Remote Serial Protocol 435
D.1 Overview
There may be occasions when you need to know something about the protocol—for
example, if there is only one serial port to your target machine, you might want your
program to do something special if it recognizes a packet meant for gdb.
In the examples below, ‘->’ and ‘<-’ are used to indicate transmitted and received data,
respectively.
All gdb commands and responses (other than acknowledgments and notifications, see
hundefinedi [Notification Packets], page hundefinedi) are sent as a packet. A packet is
introduced with the character ‘$’, the actual packet-data, and the terminating character ‘#’
followed by a two-digit checksum:
$packet-data #checksum
The two-digit checksum is computed as the modulo 256 sum of all characters between the
leading ‘$’ and the trailing ‘#’ (an eight bit unsigned checksum).
Implementors should note that prior to gdb 5.0 the protocol specification also included
an optional two-digit sequence-id:
$sequence-id :packet-data #checksum
That sequence-id was appended to the acknowledgment. gdb has never output sequence-
ids. Stubs that handle packets added since gdb 5.0 must not accept sequence-id.
When either the host or the target machine receives a packet, the first response expected
is an acknowledgment: either ‘+’ (to indicate the package was received correctly) or ‘-’ (to
request retransmission):
-> $packet-data #checksum
<- +
The ‘+’/‘-’ acknowledgments can be disabled once a connection is established. See hun-
definedi [Packet Acknowledgment], page hundefinedi, for details.
The host (gdb) sends commands, and the target (the debugging stub incorporated in
your program) sends a response. In the case of step and continue commands, the response is
only sent when the operation has completed, and the target has again stopped all threads in
all attached processes. This is the default all-stop mode behavior, but the remote protocol
also supports gdb’s non-stop execution mode; see hundefinedi [Remote Non-Stop], page hun-
definedi, for details.
packet-data consists of a sequence of characters with the exception of ‘#’ and ‘$’ (see ‘X’
packet for additional exceptions).
Fields within the packet should be separated using ‘,’ ‘;’ or ‘:’. Except where otherwise
noted all numbers are represented in hex with leading zeros suppressed.
Implementors should note that prior to gdb 5.0, the character ‘:’ could not appear as
the third character in a packet (as it would potentially conflict with the sequence-id).
Binary data in most packets is encoded either as two hexadecimal digits per byte of
binary data. This allowed the traditional remote protocol to work over connections which
436 Debugging with gdb
were only seven-bit clean. Some packets designed more recently assume an eight-bit clean
connection, and use a more efficient encoding to send and receive binary data.
The binary data representation uses 7d (ascii ‘}’) as an escape character. Any escaped
byte is transmitted as the escape character followed by the original character XORed with
0x20. For example, the byte 0x7d would be transmitted as the two bytes 0x7d 0x5d. The
bytes 0x23 (ascii ‘#’), 0x24 (ascii ‘$’), and 0x7d (ascii ‘}’) must always be escaped.
Responses sent by the stub must also escape 0x2a (ascii ‘*’), so that it is not interpreted
as the start of a run-length encoded sequence (described next).
Response data can be run-length encoded to save space. Run-length encoding replaces
runs of identical characters with one instance of the repeated character, followed by a ‘*’
and a repeat count. The repeat count is itself sent encoded, to avoid binary characters in
data: a value of n is sent as n +29. For a repeat count greater or equal to 3, this produces
a printable ascii character, e.g. a space (ascii code 32) for a repeat count of 3. (This is
because run-length encoding starts to win for counts 3 or more.) Thus, for example, ‘0* ’
is a run-length encoding of “0000”: the space character after ‘*’ means repeat the leading
0 32 - 29 = 3 more times.
The printable characters ‘#’ and ‘$’ or with a numeric value greater than 126 must not
be used. Runs of six repeats (‘#’) or seven repeats (‘$’) can be expanded using a repeat
count of only five (‘"’). For example, ‘00000000’ can be encoded as ‘0*"00’.
The error response returned for some packets includes a two character error number.
That number is not well defined.
For any command not supported by the stub, an empty response (‘$#00’) should be
returned. That way it is possible to extend the protocol. A newer gdb can tell if a packet
is supported based on that response.
A stub is required to support the ‘g’, ‘G’, ‘m’, ‘M’, ‘c’, and ‘s’ commands. All other
commands are optional.
D.2 Packets
The following table provides a complete list of all currently defined commands and
their corresponding response data. See hundefinedi [File-I/O Remote Protocol Extension],
page hundefinedi, for details about the File I/O extension of the remote protocol.
Each packet’s description has a template showing the packet’s overall syntax, followed
by an explanation of the packet’s meaning. We include spaces in some of the templates for
clarity; these are not part of the packet’s syntax. No gdb packet uses spaces to separate
its components. For example, a template like ‘foo bar baz ’ describes a packet beginning
with the three ASCII bytes ‘foo’, followed by a bar, followed directly by a baz. gdb does
not transmit a space character between the ‘foo’ and the bar, or between the bar and the
baz.
Several packets and replies include a thread-id field to identify a thread. Normally
these are positive numbers with a target-specific interpretation, formatted as big-endian
hex strings. A thread-id can also be a literal ‘-1’ to indicate all threads, or ‘0’ to pick any
thread.
In addition, the remote protocol supports a multiprocess feature in which the thread-id
syntax is extended to optionally include both process and thread ID fields, as ‘ppid.tid ’.
Appendix D: gdb Remote Serial Protocol 437
The pid (process) and tid (thread) components each have the format described above: a
positive number with target-specific interpretation formatted as a big-endian hex string,
literal ‘-1’ to indicate all processes or threads (respectively), or ‘0’ to indicate an arbitrary
process or thread. Specifying just a process, as ‘ppid ’, is equivalent to ‘ppid.-1’. It is an
error to specify all processes but a specific thread, such as ‘p-1.tid ’. Note that the ‘p’
prefix is not used for those packets and replies explicitly documented to include a process
ID, rather than a thread-id.
The multiprocess thread-id syntax extensions are only used if both gdb and the stub
report support for the ‘multiprocess’ feature using ‘qSupported’. See hundefinedi [multi-
process extensions], page hundefinedi, for more information.
Note that all packet forms beginning with an upper- or lower-case letter, other than
those described here, are reserved for future use.
Here are the packet descriptions.
‘!’ Enable extended mode. In extended mode, the remote server is made persistent.
The ‘R’ packet is used to restart the program being debugged.
Reply:
‘OK’ The remote target both supports and has enabled extended mode.
‘?’ Indicate the reason the target halted. The reply is the same as for step and
continue. This packet has a special interpretation when the target is in non-stop
mode; see hundefinedi [Remote Non-Stop], page hundefinedi.
Reply: See hundefinedi [Stop Reply Packets], page hundefinedi, for the reply
specifications.
‘A arglen,argnum,arg,...’
Initialized argv[] array passed into program. arglen specifies the number of
bytes in the hex encoded byte stream arg. See gdbserver for more details.
Reply:
‘OK’ The arguments were set.
‘E NN ’ An error occurred.
‘b baud ’ (Don’t use this packet; its behavior is not well-defined.) Change the serial line
speed to baud.
JTC: When does the transport layer state change? When it’s received, or after
the ACK is transmitted. In either case, there are problems if the command or
the acknowledgment packet is dropped.
Stan: If people really wanted to add something like this, and get it working
for the first time, they ought to modify ser-unix.c to send some kind of out-of-
band message to a specially-setup stub and have the switch happen "in between"
packets, so that from remote protocol’s point of view, nothing actually happened.
‘B addr,mode ’
Set (mode is ‘S’) or clear (mode is ‘C’) a breakpoint at addr.
Don’t use this packet. Use the ‘Z’ and ‘z’ packets instead (see hundefinedi
[insert breakpoint or watchpoint packet], page hundefinedi).
438 Debugging with gdb
‘bc’ Backward continue. Execute the target system in reverse. No parameter. See
hundefinedi [Reverse Execution], page hundefinedi, for more information.
Reply: See hundefinedi [Stop Reply Packets], page hundefinedi, for the reply
specifications.
‘bs’ Backward single step. Execute one instruction in reverse. No parameter. See
hundefinedi [Reverse Execution], page hundefinedi, for more information.
Reply: See hundefinedi [Stop Reply Packets], page hundefinedi, for the reply
specifications.
‘c [addr ]’ Continue. addr is address to resume. If addr is omitted, resume at current
address.
Reply: See hundefinedi [Stop Reply Packets], page hundefinedi, for the reply
specifications.
‘C sig [;addr ]’
Continue with signal sig (hex signal number). If ‘;addr ’ is omitted, resume at
same address.
Reply: See hundefinedi [Stop Reply Packets], page hundefinedi, for the reply
specifications.
‘d’ Toggle debug flag.
Don’t use this packet; instead, define a general set packet (see hundefinedi
[General Query Packets], page hundefinedi).
‘D’
‘D;pid ’ The first form of the packet is used to detach gdb from the remote system. It
is sent to the remote target before gdb disconnects via the detach command.
The second form, including a process ID, is used when multiprocess protocol
extensions are enabled (see hundefinedi [multiprocess extensions], page hunde-
finedi), to detach only a specific process. The pid is specified as a big-endian
hex string.
Reply:
‘OK’ for success
‘E NN ’ for an error
‘F RC,EE,CF ;XX ’
A reply from gdb to an ‘F’ packet sent by the target. This is part of the File-
I/O protocol extension. See hundefinedi [File-I/O Remote Protocol Extension],
page hundefinedi, for the specification.
‘g’ Read general registers.
Reply:
‘XX...’ Each byte of register data is described by two hex digits. The bytes
with the register are transmitted in target byte order. The size of
each register and their position within the ‘g’ packet are determined
by the gdb internal gdbarch functions DEPRECATED_REGISTER_RAW_
SIZE and gdbarch_register_name. The specification of several
standard ‘g’ packets is specified below.
Appendix D: gdb Remote Serial Protocol 439
‘E NN ’ for an error.
‘G XX...’ Write general registers. See hundefinedi [read registers packet], page hunde-
finedi, for a description of the XX. . . data.
Reply:
‘OK’ for success
‘E NN ’ for an error
‘H c thread-id ’
Set thread for subsequent operations (‘m’, ‘M’, ‘g’, ‘G’, et.al.). c depends on the
operation to be performed: it should be ‘c’ for step and continue operations,
‘g’ for other operations. The thread designator thread-id has the format and
interpretation described in hundefinedi [thread-id syntax], page hundefinedi.
Reply:
‘OK’ for success
‘E NN ’ for an error
‘i [addr [,nnn ]]’
Step the remote target by a single clock cycle. If ‘,nnn ’ is present, cycle step
nnn cycles. If addr is present, cycle step starting at that address.
‘I’ Signal, then cycle step. See hundefinedi [step with signal packet], page hunde-
finedi. See hundefinedi [cycle step packet], page hundefinedi.
‘k’ Kill request.
FIXME: There is no description of how to operate when a specific thread context
has been selected (i.e. does ’k’ kill only that thread?).
‘m addr,length ’
Read length bytes of memory starting at address addr. Note that addr may
not be aligned to any particular boundary.
The stub need not use any particular size or alignment when gathering data
from memory for the response; even if addr is word-aligned and length is a
multiple of the word size, the stub is free to use byte accesses, or not. For
this reason, this packet may not be suitable for accessing memory-mapped I/O
devices.
Reply:
440 Debugging with gdb
‘S sig [;addr ]’
Step with signal. This is analogous to the ‘C’ packet, but requests a single-step,
rather than a normal resumption of execution.
Reply: See hundefinedi [Stop Reply Packets], page hundefinedi, for the reply
specifications.
‘t addr :PP,MM ’
Search backwards starting at address addr for a match with pattern PP and
mask MM. PP and MM are 4 bytes. addr must be at least 3 digits.
‘T thread-id ’
Find out if the thread thread-id is alive. See hundefinedi [thread-id syntax],
page hundefinedi.
Reply:
‘OK’ thread is still alive
‘E NN ’ thread is dead
‘v’ Packets starting with ‘v’ are identified by a multi-letter name, up to the first
‘;’ or ‘?’ (or the end of the packet).
‘vAttach;pid ’
Attach to a new process with the specified process ID pid. The process ID is a
hexadecimal integer identifying the process. In all-stop mode, all threads in the
attached process are stopped; in non-stop mode, it may be attached without
being stopped if that is supported by the target.
This packet is only available in extended mode (see hundefinedi [extended
mode], page hundefinedi).
Reply:
‘E nn ’ for an error
‘Any stop packet’
for success in all-stop mode (see hundefinedi [Stop Reply Packets],
page hundefinedi)
‘OK’ for success in non-stop mode (see hundefinedi [Remote Non-Stop],
page hundefinedi)
‘vCont[;action [:thread-id ]]...’
Resume the inferior, specifying different actions for each thread. If an action
is specified with no thread-id, then it is applied to any threads that don’t have
a specific action specified; if no default action is specified then other threads
should remain stopped in all-stop mode and in their current state in non-stop
mode. Specifying multiple default actions is an error; specifying no actions is
also an error. Thread IDs are specified using the syntax described in hundefinedi
[thread-id syntax], page hundefinedi.
Currently supported actions are:
‘c’ Continue.
‘C sig ’ Continue with signal sig. The signal sig should be two hex digits.
442 Debugging with gdb
‘s’ Step.
‘S sig ’ Step with signal sig. The signal sig should be two hex digits.
‘t’ Stop.
The optional argument addr normally associated with the ‘c’, ‘C’, ‘s’, and ‘S’
packets is not supported in ‘vCont’.
The ‘t’ action is only relevant in non-stop mode (see hundefinedi [Remote Non-
Stop], page hundefinedi) and may be ignored by the stub otherwise. A stop
reply should be generated for any affected thread not already stopped. When a
thread is stopped by means of a ‘t’ action, the corresponding stop reply should
indicate that the thread has stopped with signal ‘0’, regardless of whether the
target uses some other signal as an implementation detail.
Reply: See hundefinedi [Stop Reply Packets], page hundefinedi, for the reply
specifications.
‘vCont?’ Request a list of actions supported by the ‘vCont’ packet.
Reply:
‘vCont[;action ...]’
The ‘vCont’ packet is supported. Each action is a supported com-
mand in the ‘vCont’ packet.
‘’ The ‘vCont’ packet is not supported.
‘vFile:operation :parameter ...’
Perform a file operation on the target system. For details, see hundefinedi [Host
I/O Packets], page hundefinedi.
‘vFlashErase:addr,length ’
Direct the stub to erase length bytes of flash starting at addr. The region
may enclose any number of flash blocks, but its start and end must fall on
block boundaries, as indicated by the flash block size appearing in the memory
map (see hundefinedi [Memory Map Format], page hundefinedi). gdb groups
flash memory programming operations together, and sends a ‘vFlashDone’ re-
quest after each group; the stub is allowed to delay erase operation until the
‘vFlashDone’ packet is received.
The stub must support ‘vCont’ if it reports support for multiprocess extensions
(see hundefinedi [multiprocess extensions], page hundefinedi). Note that in this
case ‘vCont’ actions can be specified to apply to all threads in a process by
using the ‘ppid.-1’ form of the thread-id.
Reply:
‘OK’ for success
‘E NN ’ for an error
‘vFlashWrite:addr :XX...’
Direct the stub to write data to flash address addr. The data is passed in
binary form using the same encoding as for the ‘X’ packet (see hundefinedi [Bi-
nary Data], page hundefinedi). The memory ranges specified by ‘vFlashWrite’
Appendix D: gdb Remote Serial Protocol 443
packets preceding a ‘vFlashDone’ packet must not overlap, and must appear
in order of increasing addresses (although ‘vFlashErase’ packets for higher
addresses may already have been received; the ordering is guaranteed only be-
tween ‘vFlashWrite’ packets). If a packet writes to an address that was neither
erased by a preceding ‘vFlashErase’ packet nor by some other target-specific
method, the results are unpredictable.
Reply:
‘OK’ for success
‘E.memtype’
for vFlashWrite addressing non-flash memory
‘E NN ’ for an error
‘vFlashDone’
Indicate to the stub that flash programming operation is finished. The stub
is permitted to delay or batch the effects of a group of ‘vFlashErase’ and
‘vFlashWrite’ packets until a ‘vFlashDone’ packet is received. The contents of
the affected regions of flash memory are unpredictable until the ‘vFlashDone’
request is completed.
‘vKill;pid ’
Kill the process with the specified process ID. pid is a hexadecimal integer iden-
tifying the process. This packet is used in preference to ‘k’ when multiprocess
protocol extensions are supported; see hundefinedi [multiprocess extensions],
page hundefinedi.
Reply:
‘E nn ’ for an error
‘OK’ for success
‘vRun;filename [;argument ]...’
Run the program filename, passing it each argument on its command line. The
file and arguments are hex-encoded strings. If filename is an empty string, the
stub may use a default program (e.g. the last program run). The program is
created in the stopped state.
This packet is only available in extended mode (see hundefinedi [extended
mode], page hundefinedi).
Reply:
‘E nn ’ for an error
‘Any stop packet’
for success (see hundefinedi [Stop Reply Packets], page hundefinedi)
‘vStopped’
In non-stop mode (see hundefinedi [Remote Non-Stop], page hundefinedi), ac-
knowledge a previous stop reply and prompt for the stub to report another
one.
Reply:
444 Debugging with gdb
The ‘C’, ‘c’, ‘S’, ‘s’, ‘vCont’, ‘vAttach’, ‘vRun’, ‘vStopped’, and ‘?’ packets can receive
any of the below as a reply. Except for ‘?’ and ‘vStopped’, that reply is only returned when
the target halts. In the below the exact meaning of signal number is defined by the header
‘include/gdb/signals.h’ in the gdb source code.
446 Debugging with gdb
As in the description of request packets, we include spaces in the reply templates for
clarity; these are not part of the reply packet’s syntax. No gdb stop reply packet uses
spaces to separate its components.
‘S AA ’ The program received signal number AA (a two-digit hexadecimal number).
This is equivalent to a ‘T’ response with no n:r pairs.
‘T AA n1 :r1 ;n2 :r2 ;...’
The program received signal number AA (a two-digit hexadecimal number).
This is equivalent to an ‘S’ response, except that the ‘n :r ’ pairs can carry values
of important registers and other information directly in the stop reply packet,
reducing round-trip latency. Single-step and breakpoint traps are reported this
way. Each ‘n :r ’ pair is interpreted as follows:
• If n is a hexadecimal number, it is a register number, and the corresponding
r gives that register’s value. r is a series of bytes in target byte order, with
each byte given by a two-digit hex number.
• If n is ‘thread’, then r is the thread-id of the stopped thread, as specified
in hundefinedi [thread-id syntax], page hundefinedi.
• If n is ‘core’, then r is the hexadecimal number of the core on which the
stop event was detected.
• If n is a recognized stop reason, it describes a more specific event that
stopped the target. The currently defined stop reasons are listed below. aa
should be ‘05’, the trap signal. At most one stop reason should be present.
• Otherwise, gdb should ignore this ‘n :r ’ pair and go on to the next; this
allows us to extend the protocol in the future.
The currently defined stop reasons are:
‘watch’
‘rwatch’
‘awatch’ The packet indicates a watchpoint hit, and r is the data address,
in hex.
‘library’ The packet indicates that the loaded libraries have changed. gdb
should use ‘qXfer:libraries:read’ to fetch a new list of loaded
libraries. r is ignored.
‘replaylog’
The packet indicates that the target cannot continue replaying
logged execution events, because it has reached the end (or the
beginning when executing backward) of the log. The value of r will
be either ‘begin’ or ‘end’. See hundefinedi [Reverse Execution],
page hundefinedi, for more information.
‘W AA ’
‘W AA ; process:pid ’
The process exited, and AA is the exit status. This is only applicable to certain
targets.
The second form of the response, including the process ID of the exited process,
can be used only when gdb has reported support for multiprocess protocol
Appendix D: gdb Remote Serial Protocol 447
Like the descriptions of the other packets, each description here has a template showing
the packet’s overall syntax, followed by an explanation of the packet’s meaning. We include
spaces in some of the templates for clarity; these are not part of the packet’s syntax. No
gdb packet uses spaces to separate its components.
Here are the currently defined query and set packets:
‘QAllow:op :val ...’
Specify which operations gdb expects to request of the target, as a semicolon-
separated list of operation name and value pairs. Possible values for op include
‘WriteReg’, ‘WriteMem’, ‘InsertBreak’, ‘InsertTrace’, ‘InsertFastTrace’,
and ‘Stop’. val is either 0, indicating that gdb will not request the opera-
tion, or 1, indicating that it may. (The target can then use this to set up its
own internals optimally, for instance if the debugger never expects to insert
breakpoints, it may not need to install its own trap handler.)
‘qC’ Return the current thread ID.
Reply:
‘QC thread-id ’
Where thread-id is a thread ID as documented in hundefinedi
[thread-id syntax], page hundefinedi.
‘(anything else)’
Any other reply implies the old thread ID.
‘qCRC:addr,length ’
Compute the CRC checksum of a block of memory using CRC-32 defined in
IEEE 802.3. The CRC is computed byte at a time, taking the most significant
bit of each byte first. The initial pattern code 0xffffffff is used to ensure
leading zeros affect the CRC.
Note: This is the same CRC used in validating separate debug files (see hunde-
finedi [Debugging Information in Separate Files], page hundefinedi). However
the algorithm is slightly different. When validating separate debug files, the
CRC is computed taking the least significant bit of each byte first, and the final
result is inverted to detect trailing zeros.
Reply:
‘E NN ’ An error (such as memory fault)
‘C crc32 ’ The specified memory region’s checksum is crc32.
‘qfThreadInfo’
‘qsThreadInfo’
Obtain a list of all active thread IDs from the target (OS). Since there may be
too many active threads to fit into one reply packet, this query works iteratively:
it may require more than one query/reply sequence to obtain the entire list of
threads. The first query of the sequence will be the ‘qfThreadInfo’ query;
subsequent queries in the sequence will be the ‘qsThreadInfo’ query.
packet has no arguments, but some existing stubs (e.g. RedBoot) are known to not check for the end of
the packet.
Appendix D: gdb Remote Serial Protocol 449
Similarly, gdb will silently ignore unrecognized stub feature responses, as long
as each response uses one of the standard forms.
Some features are flags. A stub which supports a flag feature should respond
with a ‘+’ form response. Other features require values, and the stub should
respond with an ‘=’ form response.
Each feature has a default value, which gdb will use if ‘qSupported’ is not
available or if the feature is not mentioned in the ‘qSupported’ response. The
default values are fixed; a stub is free to omit any feature responses that match
the defaults.
Not all features can be probed, but for those which can, the probing mechanism
is useful: in some cases, a stub’s internal architecture may not allow the protocol
layer to know some information about the underlying target in advance. This
is especially common in stubs which may be configured for multiple targets.
These are the currently defined stub features and their properties:
‘TracepointSource’ No ‘-’ No
‘QAllow’ No ‘-’ No
‘QNonStop’
The remote stub understands the ‘QNonStop’ packet (see hunde-
finedi [QNonStop], page hundefinedi).
‘QPassSignals’
The remote stub understands the ‘QPassSignals’ packet (see hun-
definedi [QPassSignals], page hundefinedi).
‘QStartNoAckMode’
The remote stub understands the ‘QStartNoAckMode’ packet and
prefers to operate in no-acknowledgment mode. See hundefinedi
[Packet Acknowledgment], page hundefinedi.
‘multiprocess’
The remote stub understands the multiprocess extensions to the
remote protocol syntax. The multiprocess extensions affect the
syntax of thread IDs in both packets and replies (see hundefinedi
[thread-id syntax], page hundefinedi), and add process IDs to the
‘D’ packet and ‘W’ and ‘X’ replies. Note that reporting this feature
indicates support for the syntactic extensions only, not that the stub
necessarily supports debugging of more than one process at a time.
The stub must not use multiprocess extensions in packet replies
unless gdb has also indicated it supports them in its ‘qSupported’
request.
‘qXfer:osdata:read’
The remote stub understands the ‘qXfer:osdata:read’ packet
((see hundefinedi [qXfer osdata read], page hundefinedi).
‘ConditionalTracepoints’
The remote stub accepts and implements conditional expressions
defined for tracepoints (see hundefinedi [Tracepoint Conditions],
page hundefinedi).
‘ReverseContinue’
The remote stub accepts and implements the reverse continue
packet (see hundefinedi [bc], page hundefinedi).
‘ReverseStep’
The remote stub accepts and implements the reverse step packet
(see hundefinedi [bs], page hundefinedi).
‘TracepointSource’
The remote stub understands the ‘QTDPsrc’ packet that supplies
the source form of tracepoint definitions.
‘QAllow’ The remote stub understands the ‘QAllow’ packet.
‘StaticTracepoint’
The remote stub supports static tracepoints.
‘qSymbol::’
Notify the target that gdb is prepared to serve symbol lookup requests. Accept
requests from the target for the values of symbols.
Appendix D: gdb Remote Serial Protocol 457
Reply:
‘OK’ The target does not need to look up any (more) symbols.
‘qSymbol:sym_name ’
The target requests the value of symbol sym name (hex
encoded). gdb may provide the value by using the
‘qSymbol:sym_value :sym_name ’ message, described below.
‘qSymbol:sym_value :sym_name ’
Set the value of sym name to sym value.
sym name (hex encoded) is the name of a symbol whose value the target has
previously requested.
sym value (hex) is the value for symbol sym name. If gdb cannot supply a
value for sym name, then this field will be empty.
Reply:
‘OK’ The target does not need to look up any (more) symbols.
‘qSymbol:sym_name ’
The target requests the value of a new symbol sym name (hex
encoded). gdb will continue to supply the values of symbols (if
available), until the target ceases to request them.
‘qTBuffer’
‘QTBuffer’
‘QTDisconnected’
‘QTDP’
‘QTDPsrc’
‘QTDV’
‘qTfP’
‘qTfV’
‘QTFrame’ See hundefinedi [Tracepoint Packets], page hundefinedi.
‘qThreadExtraInfo,thread-id ’
Obtain a printable string description of a thread’s attributes from the target
OS. thread-id is a thread ID; see hundefinedi [thread-id syntax], page hunde-
finedi. This string may contain anything that the target OS thinks is interesting
for gdb to tell the user about the thread. The string is displayed in gdb’s
info threads display. Some examples of possible thread extra info strings are
‘Runnable’, or ‘Blocked on Mutex’.
Reply:
‘XX ...’ Where ‘XX ...’ is a hex encoding of ascii data, comprising the
printable string containing the extra information about the thread’s
attributes.
(Note that the qThreadExtraInfo packet’s name is separated from the com-
mand by a ‘,’, not a ‘:’, contrary to the naming conventions above. Please
don’t use this packet as a model for new packets.)
‘QTSave’
458 Debugging with gdb
‘qTsP’
‘qTsV’
‘QTStart’
‘QTStop’
‘QTinit’
‘QTro’
‘qTStatus’
‘qTV’
‘qTfSTM’
‘qTsSTM’
‘qTSTMat’ See hundefinedi [Tracepoint Packets], page hundefinedi.
‘qXfer:object :read:annex :offset,length ’
Read uninterpreted bytes from the target’s special data area identified by the
keyword object. Request length bytes starting at offset bytes into the data.
The content and encoding of annex is specific to object; it can supply additional
details about what data to access.
Here are the specific requests of this form defined so far. All
‘qXfer:object :read:...’ requests use the same reply formats, listed below.
‘qXfer:auxv:read::offset,length ’
Access the target’s auxiliary vector. See hundefinedi [OS Informa-
tion], page hundefinedi. Note annex must be empty.
This packet is not probed by default; the remote stub must request
it, by supplying an appropriate ‘qSupported’ response (see hunde-
finedi [qSupported], page hundefinedi).
‘qXfer:features:read:annex :offset,length ’
Access the target description. See hundefinedi [Target Descrip-
tions], page hundefinedi. The annex specifies which XML docu-
ment to access. The main description is always loaded from the
‘target.xml’ annex.
This packet is not probed by default; the remote stub must request
it, by supplying an appropriate ‘qSupported’ response (see hunde-
finedi [qSupported], page hundefinedi).
‘qXfer:libraries:read:annex :offset,length ’
Access the target’s list of loaded libraries. See hundefinedi [Library
List Format], page hundefinedi. The annex part of the generic
‘qXfer’ packet must be empty (see hundefinedi [qXfer read],
page hundefinedi).
Targets which maintain a list of libraries in the program’s memory
do not need to implement this packet; it is designed for platforms
where the operating system manages the list of loaded libraries.
This packet is not probed by default; the remote stub must request
it, by supplying an appropriate ‘qSupported’ response (see hunde-
finedi [qSupported], page hundefinedi).
Appendix D: gdb Remote Serial Protocol 459
‘qXfer:memory-map:read::offset,length ’
Access the target’s memory-map. See hundefinedi [Memory Map
Format], page hundefinedi. The annex part of the generic ‘qXfer’
packet must be empty (see hundefinedi [qXfer read], page hunde-
finedi).
This packet is not probed by default; the remote stub must request
it, by supplying an appropriate ‘qSupported’ response (see hunde-
finedi [qSupported], page hundefinedi).
‘qXfer:sdata:read::offset,length ’
Read contents of the extra collected static tracepoint marker in-
formation. The annex part of the generic ‘qXfer’ packet must be
empty (see hundefinedi [qXfer read], page hundefinedi). See hunde-
finedi [Tracepoint Action Lists], page hundefinedi.
This packet is not probed by default; the remote stub must request
it, by supplying an appropriate ‘qSupported’ response (see hunde-
finedi [qSupported], page hundefinedi).
‘qXfer:siginfo:read::offset,length ’
Read contents of the extra signal information on the target system.
The annex part of the generic ‘qXfer’ packet must be empty (see
hundefinedi [qXfer read], page hundefinedi).
This packet is not probed by default; the remote stub must request
it, by supplying an appropriate ‘qSupported’ response (see hunde-
finedi [qSupported], page hundefinedi).
‘qXfer:spu:read:annex :offset,length ’
Read contents of an spufs file on the target system. The annex
specifies which file to read; it must be of the form ‘id /name ’, where
id specifies an SPU context ID in the target process, and name
identifes the spufs file in that context to be accessed.
This packet is not probed by default; the remote stub must request
it, by supplying an appropriate ‘qSupported’ response (see hunde-
finedi [qSupported], page hundefinedi).
‘qXfer:threads:read::offset,length ’
Access the list of threads on target. See hundefinedi [Thread List
Format], page hundefinedi. The annex part of the generic ‘qXfer’
packet must be empty (see hundefinedi [qXfer read], page hunde-
finedi).
This packet is not probed by default; the remote stub must request
it, by supplying an appropriate ‘qSupported’ response (see hunde-
finedi [qSupported], page hundefinedi).
‘qXfer:osdata:read::offset,length ’
Access the target’s operating system information. See hundefinedi
[Operating System Information], page hundefinedi.
Reply:
460 Debugging with gdb
‘m data ’ Data data (see hundefinedi [Binary Data], page hundefinedi) has
been read from the target. There may be more data at a higher
address (although it is permitted to return ‘m’ even for the last valid
block of data, as long as at least one byte of data was read). data
may have fewer bytes than the length in the request.
‘l data ’ Data data (see hundefinedi [Binary Data], page hundefinedi) has
been read from the target. There is no more data to be read. data
may have fewer bytes than the length in the request.
‘l’ The offset in the request is at the end of the data. There is no more
data to be read.
‘E00’ The request was malformed, or annex was invalid.
‘E nn ’ The offset was invalid, or there was an error encountered reading
the data. nn is a hex-encoded errno value.
‘’ An empty reply indicates the object string was not recognized by
the stub, or that the object does not support reading.
‘qXfer:object :write:annex :offset :data ...’
Write uninterpreted bytes into the target’s special data area identified by the
keyword object, starting at offset bytes into the data. data. . . is the binary-
encoded data (see hundefinedi [Binary Data], page hundefinedi) to be written.
The content and encoding of annex is specific to object; it can supply additional
details about what data to access.
Here are the specific requests of this form defined so far. All
‘qXfer:object :write:...’ requests use the same reply formats, listed below.
‘qXfer:siginfo:write::offset :data ...’
Write data to the extra signal information on the target system.
The annex part of the generic ‘qXfer’ packet must be empty (see
hundefinedi [qXfer write], page hundefinedi).
This packet is not probed by default; the remote stub must request
it, by supplying an appropriate ‘qSupported’ response (see hunde-
finedi [qSupported], page hundefinedi).
‘qXfer:spu:write:annex :offset :data ...’
Write data to an spufs file on the target system. The annex spec-
ifies which file to write; it must be of the form ‘id /name ’, where
id specifies an SPU context ID in the target process, and name
identifes the spufs file in that context to be accessed.
This packet is not probed by default; the remote stub must request
it, by supplying an appropriate ‘qSupported’ response (see hunde-
finedi [qSupported], page hundefinedi).
Reply:
‘nn ’ nn (hex encoded) is the number of bytes written. This may be
fewer bytes than supplied in the request.
‘E00’ The request was malformed, or annex was invalid.
Appendix D: gdb Remote Serial Protocol 461
This section describes how the remote protocol is applied to specific target architectures.
Also see hundefinedi [Standard Target Features], page hundefinedi, for details of XML target
descriptions for each architecture.
D.5.1 ARM
These breakpoint kinds are defined for the ‘Z0’ and ‘Z1’ packets.
2 16-bit Thumb mode breakpoint.
3 32-bit Thumb mode (Thumb-2) breakpoint.
4 32-bit ARM mode breakpoint.
D.5.2 MIPS
462 Debugging with gdb
The following g/G packets have previously been defined. In the below, some thirty-two
bit registers are transferred as sixty-four bits. Those registers should be zero/sign extended
(which?) to fill the space allocated. Register bytes are transferred in target byte order. The
two nibbles within a register byte are transferred most-significant - least-significant.
MIPS32
All registers are transferred as thirty-two bit quantities in the order: 32 general-
purpose; sr; lo; hi; bad; cause; pc; 32 floating-point registers; fsr; fir; fp.
MIPS64
All registers are transferred as sixty-four bit quantities (including thirty-two bit
registers such as sr). The ordering is the same as MIPS32.
Here we describe the packets gdb uses to implement tracepoints (see hundefinedi [Tra-
cepoints], page hundefinedi).
‘QTDP:n :addr :ena :step :pass [:Fflen ][:Xlen,bytes ][-]’
Create a new tracepoint, number n, at addr. If ena is ‘E’, then the tracepoint is
enabled; if it is ‘D’, then the tracepoint is disabled. step is the tracepoint’s step
count, and pass is its pass count. If an ‘F’ is present, then the tracepoint is to be
a fast tracepoint, and the flen is the number of bytes that the target should copy
elsewhere to make room for the tracepoint. If an ‘X’ is present, it introduces
a tracepoint condition, which consists of a hexadecimal length, followed by
a comma and hex-encoded bytes, in a manner similar to action encodings as
described below. If the trailing ‘-’ is present, further ‘QTDP’ packets will follow
to specify this tracepoint’s actions.
Replies:
‘OK’ The packet was understood and carried out.
‘qRelocInsn’
See hundefinedi [Relocate instruction reply packet], page hunde-
finedi.
‘’ The packet was not recognized.
‘QTDP:-n :addr :[S]action ...[-]’
Define actions to be taken when a tracepoint is hit. n and addr must be the
same as in the initial ‘QTDP’ packet for this tracepoint. This packet may only
be sent immediately after another ‘QTDP’ packet that ended with a ‘-’. If the
trailing ‘-’ is present, further ‘QTDP’ packets will follow, specifying more actions
for this tracepoint.
In the series of action packets for a given tracepoint, at most one can have an
‘S’ before its first action. If such a packet is sent, it and the following packets
define “while-stepping” actions. Any prior packets define ordinary actions —
Appendix D: gdb Remote Serial Protocol 463
that is, those taken when the tracepoint is first hit. If no action packet has an
‘S’, then all the packets in the series specify ordinary tracepoint actions.
The ‘action ...’ portion of the packet is a series of actions, concatenated with-
out separators. Each action has one of the following forms:
‘R mask ’ Collect the registers whose bits are set in mask. mask is a hexadec-
imal number whose i’th bit is set if register number i should be
collected. (The least significant bit is numbered zero.) Note that
mask may be any number of digits long; it may not fit in a 32-bit
word.
‘M basereg,offset,len ’
Collect len bytes of memory starting at the address in register num-
ber basereg, plus offset. If basereg is ‘-1’, then the range has a fixed
address: offset is the address of the lowest byte to collect. The
basereg, offset, and len parameters are all unsigned hexadecimal
values (the ‘-1’ value for basereg is a special case).
‘X len,expr ’
Evaluate expr, whose length is len, and collect memory as it directs.
expr is an agent expression, as described in hundefinedi [Agent Ex-
pressions], page hundefinedi. Each byte of the expression is encoded
as a two-digit hex number in the packet; len is the number of bytes
in the expression (and thus one-half the number of hex digits in the
packet).
Any number of actions may be packed together in a single ‘QTDP’ packet, as long
as the packet does not exceed the maximum packet length (400 bytes, for many
stubs). There may be only one ‘R’ action per tracepoint, and it must precede
any ‘M’ or ‘X’ actions. Any registers referred to by ‘M’ and ‘X’ actions must be
collected by a preceding ‘R’ action. (The “while-stepping” actions are treated
as if they were attached to a separate tracepoint, as far as these restrictions are
concerned.)
Replies:
‘OK’ The packet was understood and carried out.
‘qRelocInsn’
See hundefinedi [Relocate instruction reply packet], page hunde-
finedi.
‘’ The packet was not recognized.
‘QTDPsrc:n :addr :type :start :slen :bytes ’
Specify a source string of tracepoint n at address addr. This is useful to get
accurate reproduction of the tracepoints originally downloaded at the beginning
of the trace run. type is the name of the tracepoint part, such as ‘cond’ for the
tracepoint’s conditional expression (see below for a list of types), while bytes is
the string, encoded in hexadecimal.
start is the offset of the bytes within the overall source string, while slen is the
total length of the source string. This is intended for handling source strings
that are longer than will fit in a single packet.
464 Debugging with gdb
The available string types are ‘at’ for the location, ‘cond’ for the conditional,
and ‘cmd’ for an action command. gdb sends a separate packet for each com-
mand in the action list, in the same order in which the commands are stored
in the list.
The target does not need to do anything with source strings except report them
back as part of the replies to the ‘qTfP’/‘qTsP’ query packets.
Although this packet is optional, and gdb will only send it if the target replies
with ‘TracepointSource’ See hundefinedi [General Query Packets], page hun-
definedi, it makes both disconnected tracing and trace files much easier to use.
Otherwise the user must be careful that the tracepoints in effect while looking
at trace frames are identical to the ones in effect during the trace run; even a
small discrepancy could cause ‘tdump’ not to work, or a particular trace frame
not be found.
‘QTDV:n :value ’
Create a new trace state variable, number n, with an initial value of value,
which is a 64-bit signed integer. Both n and value are encoded as hexadecimal
values. gdb has the option of not using this packet for initial values of zero;
the target should simply create the trace state variables as they are mentioned
in expressions.
‘QTFrame:n ’
Select the n’th tracepoint frame from the buffer, and use the register and mem-
ory contents recorded there to answer subsequent request packets from gdb.
A successful reply from the stub indicates that the stub has found the requested
frame. The response is a series of parts, concatenated without separators,
describing the frame we selected. Each part has one of the following forms:
‘F f ’ The selected frame is number n in the trace frame buffer; f is a
hexadecimal number. If f is ‘-1’, then there was no frame matching
the criteria in the request packet.
‘T t ’ The selected trace frame records a hit of tracepoint number t; t is
a hexadecimal number.
‘QTFrame:pc:addr ’
Like ‘QTFrame:n ’, but select the first tracepoint frame after the currently se-
lected frame whose PC is addr; addr is a hexadecimal number.
‘QTFrame:tdp:t ’
Like ‘QTFrame:n ’, but select the first tracepoint frame after the currently se-
lected frame that is a hit of tracepoint t; t is a hexadecimal number.
‘QTFrame:range:start :end ’
Like ‘QTFrame:n ’, but select the first tracepoint frame after the currently se-
lected frame whose PC is between start (inclusive) and end (inclusive); start
and end are hexadecimal numbers.
‘QTFrame:outside:start :end ’
Like ‘QTFrame:range:start :end ’, but select the first frame outside the given
range of addresses (exclusive).
Appendix D: gdb Remote Serial Protocol 465
‘QTStart’ Begin the tracepoint experiment. Begin collecting data from tracepoint hits
in the trace frame buffer. This packet supports the ‘qRelocInsn’ reply (see
hundefinedi [Relocate instruction reply packet], page hundefinedi).
‘QTStop’ End the tracepoint experiment. Stop collecting trace frames.
‘QTinit’ Clear the table of tracepoints, and empty the trace frame buffer.
‘QTro:start1,end1 :start2,end2 :...’
Establish the given ranges of memory as “transparent”. The stub will answer
requests for these ranges from memory’s current contents, if they were not
collected as part of the tracepoint hit.
gdb uses this to mark read-only regions of memory, like those containing pro-
gram code. Since these areas never change, they should still have the same
contents they did when the tracepoint was hit, so there’s no reason for the stub
to refuse to provide their contents.
‘QTDisconnected:value ’
Set the choice to what to do with the tracing run when gdb disconnects from
the target. A value of 1 directs the target to continue the tracing run, while 0
tells the target to stop tracing if gdb is no longer in the picture.
‘qTStatus’
Ask the stub if there is a trace experiment running right now.
The reply has the form:
‘Trunning [;field ]...’
running is a single digit 1 if the trace is presently running, or 0 if
not. It is followed by semicolon-separated optional fields that an
agent may use to report additional status.
If the trace is not running, the agent may report any of several explanations as
one of the optional fields:
‘tnotrun:0’
No trace has been run yet.
‘tstop:0’ The trace was stopped by a user-originated stop command.
‘tfull:0’ The trace stopped because the trace buffer filled up.
‘tdisconnected:0’
The trace stopped because gdb disconnected from the target.
‘tpasscount:tpnum ’
The trace stopped because tracepoint tpnum exceeded its pass
count.
‘terror:text :tpnum ’
The trace stopped because tracepoint tpnum had an error. The
string text is available to describe the nature of the error (for in-
stance, a divide by zero in the condition expression). text is hex
encoded.
466 Debugging with gdb
‘tunknown:0’
The trace stopped for some other reason.
Additional optional fields supply statistical and other information. Although
not required, they are extremely useful for users monitoring the progress of a
trace run. If a trace has stopped, and these numbers are reported, they must
reflect the state of the just-stopped trace.
‘tframes:n ’
The number of trace frames in the buffer.
‘tcreated:n ’
The total number of trace frames created during the run. This may
be larger than the trace frame count, if the buffer is circular.
‘tsize:n ’ The total size of the trace buffer, in bytes.
‘tfree:n ’ The number of bytes still unused in the buffer.
‘circular:n ’
The value of the circular trace buffer flag. 1 means that the trace
buffer is circular and old trace frames will be discarded if necessary
to make room, 0 means that the trace buffer is linear and may fill
up.
‘disconn:n ’
The value of the disconnected tracing flag. 1 means that tracing
will continue after gdb disconnects, 0 means that the trace run will
stop.
‘qTV:var ’ Ask the stub for the value of the trace state variable number var.
Replies:
‘Vvalue ’ The value of the variable is value. This will be the current value
of the variable if the user is examining a running target, or a saved
value if the variable was collected in the trace frame that the user
is looking at. Note that multiple requests may result in different
reply values, such as when requesting values while the program is
running.
‘U’ The value of the variable is unknown. This would occur, for exam-
ple, if the user is examining a trace frame in which the requested
variable was not collected.
‘qTfP’
‘qTsP’ These packets request data about tracepoints that are being used by the target.
gdb sends qTfP to get the first piece of data, and multiple qTsP to get additional
pieces. Replies to these packets generally take the form of the QTDP packets that
define tracepoints. (FIXME add detailed syntax)
‘qTfV’
‘qTsV’ These packets request data about trace state variables that are on the target.
gdb sends qTfV to get the first vari of data, and multiple qTsV to get additional
Appendix D: gdb Remote Serial Protocol 467
variables. Replies to these packets follow the syntax of the QTDV packets that
define trace state variables.
‘qTfSTM’
‘qTsSTM’ These packets request data about static tracepoint markers that exist in the
target program. gdb sends qTfSTM to get the first piece of data, and multiple
qTsSTM to get additional pieces. Replies to these packets take the following
form:
Reply:
‘m address :id :extra ’
A single marker
‘m address :id :extra,address :id :extra ...’
a comma-separated list of markers
‘l’ (lower case letter ‘L’) denotes end of list.
‘E nn ’ An error occurred. nn are hex digits.
‘’ An empty reply indicates that the request is not supported by the
stub.
address is encoded in hex. id and extra are strings encoded in hex.
In response to each query, the target will reply with a list of one or more
markers, separated by commas. gdb will respond to each reply with a request
for more markers (using the ‘qs’ form of the query), until the target responds
with ‘l’ (lower-case ell, for last).
‘qTSTMat:address ’
This packets requests data about static tracepoint markers in the target pro-
gram at address. Replies to this packet follow the syntax of the ‘qTfSTM’ and
qTsSTM packets that list static tracepoint markers.
‘QTSave:filename ’
This packet directs the target to save trace data to the file name filename in
the target’s filesystem. filename is encoded as a hex string; the interpretation
of the file name (relative vs absolute, wild cards, etc) is up to the target.
‘qTBuffer:offset,len ’
Return up to len bytes of the current contents of trace buffer, starting at offset.
The trace buffer is treated as if it were a contiguous collection of traceframes,
as per the trace file format. The reply consists as many hex-encoded bytes as
the target can deliver in a packet; it is not an error to return fewer than were
asked for. A reply consisting of just l indicates that no bytes are available.
‘QTBuffer:circular:value ’
This packet directs the target to use a circular trace buffer if value is 1, or a
linear buffer if the value is 0.
When installing fast tracepoints in memory, the target may need to relocate the in-
struction currently at the tracepoint address to a different address in memory. For most
468 Debugging with gdb
instructions, a simple copy is enough, but, for example, call instructions that implicitly
push the return address on the stack, and relative branches or other PC-relative instruc-
tions require offset adjustment, so that the effect of executing the instruction at a different
address is the same as if it had executed in the original location.
In response to several of the tracepoint packets, the target may also respond with a num-
ber of intermediate ‘qRelocInsn’ request packets before the final result packet, to have gdb
handle this relocation operation. If a packet supports this mechanism, its documentation
will explicitly say so. See for example the above descriptions for the ‘QTStart’ and ‘QTDP’
packets. The format of the request is:
‘qRelocInsn:from ;to ’
This requests gdb to copy instruction at address from to address to, possibly
adjusted so that executing the instruction at to has the same effect as executing
it at from. gdb writes the adjusted instruction to target memory starting at
to.
Replies:
‘qRelocInsn:adjusted_size ’
Informs the stub the relocation is complete. adjusted size is the length in bytes
of resulting relocated instruction sequence.
‘E NN ’ A badly formed request was detected, or an error was encountered while relo-
cating the instruction.
The Host I/O packets allow gdb to perform I/O operations on the far side of a remote
link. For example, Host I/O is used to upload and download files to a remote target with
its own filesystem. Host I/O uses the same constant values and data structure layout
as the target-initiated File-I/O protocol. However, the Host I/O packets are structured
differently. The target-initiated protocol relies on target memory to store parameters and
buffers. Host I/O requests are initiated by gdb, and the target’s memory is not involved.
See hundefinedi [File-I/O Remote Protocol Extension], page hundefinedi, for more details
on the target-initiated protocol.
The Host I/O request packets all encode a single operation along with its arguments.
They have this format:
‘vFile:operation : parameter ...’
operation is the name of the particular request; the target should compare
the entire packet name up to the second colon when checking for a supported
operation. The format of parameter depends on the operation. Numbers are
always passed in hexadecimal. Negative numbers have an explicit minus sign
(i.e. two’s complement is not used). Strings (e.g. filenames) are encoded as a
series of hexadecimal bytes. The last argument to a system call may be a buffer
of escaped binary data (see hundefinedi [Binary Data], page hundefinedi).
The valid responses to Host I/O packets are:
Appendix D: gdb Remote Serial Protocol 469
‘vFile:close: fd ’
Close the open file corresponding to fd and return 0, or -1 if an error occurs.
‘vFile:unlink: pathname ’
Delete the file at pathname on the target. Return 0, or -1 if an error occurs.
pathname is a string.
470 Debugging with gdb
D.8 Interrupts
When a program on the remote target is running, gdb may attempt to interrupt it by
sending a ‘Ctrl-C’, BREAK or a BREAK followed by g, control of which is specified via gdb’s
‘interrupt-sequence’.
The precise meaning of BREAK is defined by the transport mechanism and may, in fact,
be undefined. gdb does not currently define a BREAK mechanism for any of the network
interfaces except for TCP, in which case gdb sends the telnet BREAK sequence.
‘Ctrl-C’, on the other hand, is defined and implemented for all transport mechanisms.
It is represented by sending the single byte 0x03 without any of the usual packet overhead
described in the Overview section (see hundefinedi [Overview], page hundefinedi). When a
0x03 byte is transmitted as part of a packet, it is considered to be packet data and does not
represent an interrupt. E.g., an ‘X’ packet (see hundefinedi [X packet], page hundefinedi),
used for binary downloads, may include an unescaped 0x03 as part of its packet.
BREAK followed by g is also known as Magic SysRq g. When Linux kernel receives this
sequence from serial port, it stops execution and connects to gdb.
Stubs are not required to recognize these interrupt mechanisms and the precise meaning
associated with receipt of the interrupt is implementation defined. If the target supports
debugging of multiple threads and/or processes, it should attempt to interrupt all currently-
executing threads and processes. If the stub is successful at interrupting the running pro-
gram, it should send one of the stop reply packets (see hundefinedi [Stop Reply Packets],
page hundefinedi) to gdb as a result of successfully stopping the program in all-stop mode,
and a stop reply for each stopped thread in non-stop mode. Interrupts received while the
program is stopped are discarded.
The gdb remote serial protocol includes notifications, packets that require no acknowl-
edgment. Both the GDB and the stub may send notifications (although the only notifi-
cations defined at present are sent by the stub). Notifications carry information without
incurring the round-trip latency of an acknowledgment, and so are useful for low-impact
communications where occasional packet loss is not a problem.
A notification packet has the form ‘% data # checksum ’, where data is the content of the
notification, and checksum is a checksum of data, computed and formatted as for ordinary
gdb packets. A notification’s data never contains ‘$’, ‘%’ or ‘#’ characters. Upon receiving
a notification, the recipient sends no ‘+’ or ‘-’ to acknowledge the notification’s receipt or
to report its corruption.
Every notification’s data begins with a name, which contains no colon characters, fol-
lowed by a colon character.
Recipients should silently ignore corrupted notifications and notifications they do not un-
derstand. Recipients should restart timeout periods on receipt of a well-formed notification,
whether or not they understand it.
Senders should only send the notifications described here when this protocol description
specifies that they are permitted. In the future, we may extend the protocol to permit
Appendix D: gdb Remote Serial Protocol 471
existing notifications in new contexts; this rule helps older senders avoid confusing newer
recipients.
(Older versions of gdb ignore bytes received until they see the ‘$’ byte that begins an
ordinary packet, so new stubs may transmit notifications without fear of confusing older
clients. There are no notifications defined for gdb to send at the moment, but we assume
that most older stubs would ignore them, as well.)
The following notification packets from the stub to gdb are defined:
‘Stop: reply ’
Report an asynchronous stop event in non-stop mode. The reply has the form of
a stop reply, as described in hundefinedi [Stop Reply Packets], page hundefinedi.
Refer to hundefinedi [Remote Non-Stop], page hundefinedi, for information on
how these notifications are acknowledged by gdb.
By default, when either the host or the target machine receives a packet, the first response
expected is an acknowledgment: either ‘+’ (to indicate the package was received correctly) or
‘-’ (to request retransmission). This mechanism allows the gdb remote protocol to operate
over unreliable transport mechanisms, such as a serial line.
In cases where the transport mechanism is itself reliable (such as a pipe or TCP con-
nection), the ‘+’/‘-’ acknowledgments are redundant. It may be desirable to disable them
in that case to reduce communication overhead, or for other reasons. This can be accom-
plished by means of the ‘QStartNoAckMode’ packet; see hundefinedi [QStartNoAckMode],
page hundefinedi.
When in no-acknowledgment mode, neither the stub nor gdb shall send or expect ‘+’/‘-’
protocol acknowledgments. The packet and response format still includes the normal check-
sum, as described in hundefinedi [Overview], page hundefinedi, but the checksum may be
ignored by the receiver.
If the stub supports ‘QStartNoAckMode’ and prefers to operate in no-acknowledgment
mode, it should report that to gdb by including ‘QStartNoAckMode+’ in its response
to ‘qSupported’; see hundefinedi [qSupported], page hundefinedi. If gdb also supports
‘QStartNoAckMode’ and it has not been disabled via the set remote noack-packet off
command (see hundefinedi [Remote Configuration], page hundefinedi), gdb may then send
a ‘QStartNoAckMode’ packet to the stub. Only then may the stub actually turn off packet
acknowledgments. gdb sends a final ‘+’ acknowledgment of the stub’s ‘OK’ response, which
can be safely ignored by the stub.
Appendix D: gdb Remote Serial Protocol 473
Note that set remote noack-packet command only affects negotiation between gdb
and the stub when subsequent connections are made; it does not affect the protocol ac-
knowledgment state for any current connection. Since ‘+’/‘-’ acknowledgments are enabled
by default when a new connection is established, there is also no protocol request to re-
enable the acknowledgments for the current connection, once disabled.
D.12 Examples
Example sequence of a target being re-started. Notice how the restart does not get any
direct output:
-> R00
<- +
target restarts
-> ?
<- +
<- T001:1234123412341234
-> +
Example sequence of a target being stepped by a single instruction:
-> G1445...
<- +
-> s
<- +
time passes
<- T001:1234123412341234
-> +
-> g
<- +
<- 1455...
-> +
The File I/O remote protocol extension (short: File-I/O) allows the target to use the
host’s file system and console I/O to perform various system calls. System calls on the
target system are translated into a remote protocol packet to the host system, which then
performs the needed actions and returns a response packet to the target system. This
simulates file system operations even on targets that lack file systems.
The protocol is defined to be independent of both the host and target systems. It uses its
own internal representation of datatypes and values. Both gdb and the target’s gdb stub
are responsible for translating the system-dependent value representations into the internal
protocol representations when data is transmitted.
The communication is synchronous. A system call is possible only when gdb is waiting
for a response from the ‘C’, ‘c’, ‘S’ or ‘s’ packets. While gdb handles the request for a
system call, the target is stopped to allow deterministic access to the target’s memory.
Therefore File-I/O is not interruptible by target signals. On the other hand, it is possible
to interrupt File-I/O by a user interrupt (‘Ctrl-C’) within gdb.
474 Debugging with gdb
The target’s request to perform a host system call does not finish the latest ‘C’, ‘c’, ‘S’
or ‘s’ action. That means, after finishing the system call, the target returns to continuing
the previous activity (continue, step). No additional continue or step request from gdb is
required.
(gdb) continue
<- target requests ’system call X’
target is stopped, gdb executes system call
-> gdb returns result
... target continues, gdb returns to wait for the target
<- target hits breakpoint and sends a Txx packet
The protocol only supports I/O on the console and to regular files on the host file system.
Character or block special devices, pipes, named pipes, sockets or any other communication
method on the host system are not supported by this protocol.
File I/O is not supported in non-stop mode.
The File-I/O protocol uses the F packet as the request as well as reply packet. Since a
File-I/O system call can only occur when gdb is waiting for a response from the continuing
or stepping target, the File-I/O request is a reply that gdb has to expect as a result of a
previous ‘C’, ‘c’, ‘S’ or ‘s’ packet. This F packet contains all information needed to allow
gdb to call the appropriate host system call:
• A unique identifier for the requested system call.
• All parameters to the system call. Pointers are given as addresses in the target memory
address space. Pointers to strings are given as pointer/length pair. Numerical values are
given as they are. Numerical control flags are given in a protocol-specific representation.
At this point, gdb has to perform the following actions.
• If the parameters include pointer values to data needed as input to a system call, gdb
requests this data from the target with a standard m packet request. This additional
communication has to be expected by the target implementation and is handled as any
other m packet.
• gdb translates all value from protocol representation to host representation as needed.
Datatypes are coerced into the host types.
• gdb calls the system call.
• It then coerces datatypes back to protocol representation.
• If the system call is expected to return data in buffer space specified by pointer pa-
rameters to the call, the data is transmitted to the target using a M or X packet. This
packet has to be expected by the target implementation and is handled as any other M
or X packet.
Eventually gdb replies with another F packet which contains all necessary information
for the target to continue. This at least contains
• Return value.
• errno, if has been changed by the system call.
• “Ctrl-C” flag.
Appendix D: gdb Remote Serial Protocol 475
After having done the needed type and value coercion, the target continues the latest
continue or step action.
If the ‘Ctrl-C’ flag is set in the gdb reply packet (see hundefinedi [The F Reply Packet],
page hundefinedi), the target should behave as if it had gotten a break message. The
meaning for the target is “system call interrupted by SIGINT”. Consequentially, the target
should actually stop (as with a break message) and return to gdb with a T02 packet.
It’s important for the target to know in which state the system call was interrupted.
There are two possible cases:
• The system call hasn’t been performed on the host yet.
• The system call on the host has been finished.
These two states can be distinguished by the target by the value of the returned errno.
If it’s the protocol representation of EINTR, the system call hasn’t been performed. This
476 Debugging with gdb
is equivalent to the EINTR handling on POSIX systems. In any other case, the target may
presume that the system call has been finished — successfully or not — and should behave
as if the break message arrived right after the system call.
gdb must behave reliably. If the system call has not been called yet, gdb may send the
F reply immediately, setting EINTR as errno in the packet. If the system call on the host
has been finished before the user requests a break, the full action must be finished by gdb.
This requires sending M or X packets as necessary. The F packet may only be sent when
either nothing has happened or the full action has been completed.
By default and if not explicitly closed by the target system, the file descriptors 0, 1 and
2 are connected to the gdb console. Output on the gdb console is handled as any other file
output operation (write(1, ...) or write(2, ...)). Console input is handled by gdb so
that after the target read request from file descriptor 0 all following typing is buffered until
either one of the following conditions is met:
• The user types Ctrl-c. The behaviour is as explained above, and the read system call
is treated as finished.
• The user presses hRETi. This is treated as end of input with a trailing newline.
• The user types Ctrl-d. This is treated as end of input. No trailing character (neither
newline nor ‘Ctrl-D’) is appended to the input.
If the user has typed more characters than fit in the buffer given to the read call, the
trailing characters are buffered in gdb until either another read(0, ...) is requested by
the target, or debugging is stopped at the user’s request.
open
Synopsis:
int open(const char *pathname, int flags);
int open(const char *pathname, int flags, mode_t mode);
close
Synopsis:
int close(int fd);
Request: ‘Fclose,fd ’
478 Debugging with gdb
Return value:
close returns zero on success, or -1 if an error occurred.
Errors:
read
Synopsis:
int read(int fd, void *buf, unsigned int count);
Request: ‘Fread,fd,bufptr,count ’
Return value:
On success, the number of bytes read is returned. Zero indicates end of file. If
count is zero, read returns zero as well. On error, -1 is returned.
Errors:
write
Synopsis:
int write(int fd, const void *buf, unsigned int count);
Request: ‘Fwrite,fd,bufptr,count ’
Return value:
On success, the number of bytes written are returned. Zero indicates nothing
was written. On error, -1 is returned.
Errors:
EFBIG An attempt was made to write a file that exceeds the host-specific
maximum file size allowed.
lseek
Synopsis:
long lseek (int fd, long offset, int flag);
Request: ‘Flseek,fd,offset,flag ’
flag is one of:
SEEK_SET The offset is set to offset bytes.
SEEK_CUR The offset is set to its current location plus offset bytes.
SEEK_END The offset is set to the size of the file plus offset bytes.
Return value:
On success, the resulting unsigned offset in bytes from the beginning of the file
is returned. Otherwise, a value of -1 is returned.
Errors:
EBADF fd is not a valid open file descriptor.
ESPIPE fd is associated with the gdb console.
EINVAL flag is not a proper value.
EINTR The call was interrupted by the user.
rename
Synopsis:
int rename(const char *oldpath, const char *newpath);
unlink
Synopsis:
int unlink(const char *pathname);
stat/fstat
Synopsis:
int stat(const char *pathname, struct stat *buf);
int fstat(int fd, struct stat *buf);
gettimeofday
Synopsis:
int gettimeofday(struct timeval *tv, void *tz);
Request: ‘Fgettimeofday,tvptr,tzptr ’
Return value:
On success, 0 is returned, -1 otherwise.
Errors:
EINVAL tz is a non-NULL pointer.
EFAULT tvptr and/or tzptr is an invalid pointer value.
isatty
Synopsis:
int isatty(int fd);
Request: ‘Fisatty,fd ’
Return value:
Returns 1 if fd refers to the gdb console, 0 otherwise.
Errors:
EINTR The call was interrupted by the user.
Note that the isatty call is treated as a special case: it returns 1 to the target if the
file descriptor is attached to the gdb console, 0 otherwise. Implementing through system
calls would require implementing ioctl and would be more complex than needed.
system
Synopsis:
int system(const char *command);
the exit status of the command is returned, which is extracted from the host’s
system return value by calling WEXITSTATUS(retval). In case ‘/bin/sh’ could
not be executed, 127 is returned.
Errors:
EINTR The call was interrupted by the user.
gdb takes over the full task of calling the necessary host calls to perform the system
call. The return value of system on the host is simplified before it’s returned to the target.
Any termination signal information from the child process is discarded, and the return value
consists entirely of the exit status of the called command.
Due to security concerns, the system call is by default refused by gdb. The user has to
allow this call explicitly with the set remote system-call-allowed 1 command.
set remote system-call-allowed
Control whether to allow the system calls in the File I/O protocol for the
remote target. The default is zero (disabled).
show remote system-call-allowed
Show whether the system calls are allowed in the File I/O protocol.
Integral Datatypes
The integral datatypes used in the system calls are int, unsigned int, long, unsigned
long, mode_t, and time_t.
int, unsigned int, mode_t and time_t are implemented as 32 bit values in this protocol.
long and unsigned long are implemented as 64 bit types.
See hundefinedi [Limits], page hundefinedi, for corresponding MIN and MAX values
(similar to those in ‘limits.h’) to allow range checking on host and target.
time_t datatypes are defined as seconds since the Epoch.
All integral datatypes transferred as part of a memory read or write of a structured
datatype e.g. a struct stat have to be given in big endian byte order.
Pointer Values
Pointers to target data are transmitted as they are. An exception is made for pointers
to buffers for which the length isn’t transmitted as part of the function call, namely strings.
Strings are transmitted as a pointer/length pair, both as hex values, e.g.
1aaf/12
which is a pointer to data of length 18 bytes at position 0x1aaf. The length is defined as the
full string length in bytes, including the trailing null byte. For example, the string "hello
world" at address 0x123456 is transmitted as
123456/d
Appendix D: gdb Remote Serial Protocol 483
Memory Transfer
Structured data which is transferred using a memory read or write (for example, a struct
stat) is expected to be in a protocol-specific format with all scalar multibyte datatypes
being big endian. Translation to this representation needs to be done both by the target
before the F packet is sent, and by gdb before it transfers memory to the target. Transferred
pointers to structured data should point to the already-coerced data at any time.
struct stat
The buffer of type struct stat used by the target and gdb is defined as follows:
struct stat {
unsigned int st_dev; /* device */
unsigned int st_ino; /* inode */
mode_t st_mode; /* protection */
unsigned int st_nlink; /* number of hard links */
unsigned int st_uid; /* user ID of owner */
unsigned int st_gid; /* group ID of owner */
unsigned int st_rdev; /* device type (if inode device) */
unsigned long st_size; /* total size, in bytes */
unsigned long st_blksize; /* blocksize for filesystem I/O */
unsigned long st_blocks; /* number of blocks allocated */
time_t st_atime; /* time of last access */
time_t st_mtime; /* time of last modification */
time_t st_ctime; /* time of last change */
};
The integral datatypes conform to the definitions given in the appropriate section (see
hundefinedi [Integral Datatypes], page hundefinedi, for details) so this structure is of size
64 bytes.
The values of several fields have a restricted meaning and/or range of values.
st_dev A value of 0 represents a file, 1 the console.
st_ino No valid meaning for the target. Transmitted unchanged.
st_mode Valid mode bits are described in hundefinedi [Constants], page hundefinedi.
Any other bits have currently no meaning for the target.
st_uid
st_gid
st_rdev No valid meaning for the target. Transmitted unchanged.
st_atime
st_mtime
st_ctime These values have a host and file system dependent accuracy. Especially on
Windows hosts, the file system may not support exact timing values.
The target gets a struct stat of the above representation and is responsible for coercing
it to the target representation before continuing.
Note that due to size differences between the host, target, and protocol representations
of struct stat members, these members could eventually get truncated on the target.
484 Debugging with gdb
struct timeval
The buffer of type struct timeval used by the File-I/O protocol is defined as follows:
struct timeval {
time_t tv_sec; /* second */
long tv_usec; /* microsecond */
};
The integral datatypes conform to the definitions given in the appropriate section (see
hundefinedi [Integral Datatypes], page hundefinedi, for details) so this structure is of size 8
bytes.
D.13.9 Constants
The following values are used for the constants inside of the protocol. gdb and target
are responsible for translating these values before and after the call as needed.
Open Flags
mode t Values
Errno Values
EFAULT 14
EBUSY 16
EEXIST 17
ENODEV 19
ENOTDIR 20
EISDIR 21
EINVAL 22
ENFILE 23
EMFILE 24
EFBIG 27
ENOSPC 28
ESPIPE 29
EROFS 30
ENAMETOOLONG 91
EUNKNOWN 9999
EUNKNOWN is used as a fallback error value if a host system returns any error value not
in the list of supported error numbers.
Lseek Flags
SEEK_SET 0
SEEK_CUR 1
SEEK_END 2
Limits
Example sequence of a write call, file descriptor 3, buffer is at target address 0x1234, 6
bytes should be written:
<- Fwrite,3,1234,6
request memory read from target
-> m1234,6
<- XXXXXX
return "6 bytes written"
-> F6
Example sequence of a read call, file descriptor 3, buffer is at target address 0x1234, 6
bytes should be read:
<- Fread,3,1234,6
request memory write to target
-> X1234,6:XXXXXX
return "6 bytes read"
-> F6
Example sequence of a read call, call fails on the host due to invalid file descriptor
(EBADF):
486 Debugging with gdb
<- Fread,3,1234,6
-> F-1,9
Example sequence of a read call, user presses Ctrl-c before syscall on host is called:
<- Fread,3,1234,6
-> F-1,4,C
<- T02
Example sequence of a read call, user presses Ctrl-c after syscall on host is called:
<- Fread,3,1234,6
-> X1234,6:XXXXXX
<- T02
On some platforms, a dynamic loader (e.g. ‘ld.so’) runs in the same process as your
application to manage libraries. In this case, gdb can use the loader’s symbol table and
normal memory operations to maintain a list of shared libraries. On other platforms, the
operating system manages loaded libraries. gdb can not retrieve the list of currently loaded
libraries through memory operations, so it uses the ‘qXfer:libraries:read’ packet (see
hundefinedi [qXfer library list read], page hundefinedi) instead. The remote stub queries
the target’s operating system and reports which libraries are loaded.
The ‘qXfer:libraries:read’ packet returns an XML document which lists loaded li-
braries and their offsets. Each library has an associated name and one or more segment or
section base addresses, which report where the library was loaded in memory.
For the common case of libraries that are fully linked binaries, the library should have
a list of segments. If the target supports dynamic linking of a relocatable object file, its
library XML element should instead include a list of allocated sections. The segment or
section bases are start addresses, not relocation offsets; they do not depend on the library’s
link-time base addresses.
gdb must be linked with the Expat library to support XML library lists. See hundefinedi
[Expat], page hundefinedi.
A simple memory map, with one loaded library relocated by a single offset, looks like
this:
<library-list>
<library name="/lib/libc.so.6">
<segment address="0x10000000"/>
</library>
</library-list>
Another simple memory map, with one loaded library with three allocated sections (.text,
.data, .bss), looks like this:
<library-list>
<library name="sharedlib.o">
<section address="0x10000000"/>
<section address="0x20000000"/>
<section address="0x30000000"/>
</library>
</library-list>
The format of a library list is described by this DTD:
Appendix D: gdb Remote Serial Protocol 487
To be able to write into flash memory, gdb needs to obtain a memory map from the
target. This section describes the format of the memory map.
The memory map is obtained using the ‘qXfer:memory-map:read’ (see hundefinedi
[qXfer memory map read], page hundefinedi) packet and is an XML document that lists
memory regions.
gdb must be linked with the Expat library to support XML memory maps. See hunde-
finedi [Expat], page hundefinedi.
The top-level structure of the document is shown below:
<?xml version="1.0"?>
<!DOCTYPE memory-map
PUBLIC "+//IDN gnu.org//DTD GDB Memory Map V1.0//EN"
"http://sourceware.org/gdb/gdb-memory-map.dtd">
<memory-map>
region...
</memory-map>
Each region can be either:
A region of RAM starting at addr and extending for length bytes from there:
<memory type="ram" start="addr " length="length "/>
A region of read-only memory:
<memory type="rom" start="addr " length="length "/>
A region of flash memory, with erasure blocks blocksize bytes in length:
<memory type="flash" start="addr " length="length ">
<property name="blocksize">blocksize </property>
</memory>
Regions must not overlap. gdb assumes that areas of memory not covered by the memory
map are RAM, and uses the ordinary ‘M’ and ‘X’ packets to write to addresses in such ranges.
The formal DTD for memory map format is given below:
<!-- ................................................... -->
<!-- Memory Map XML DTD ................................ -->
<!-- File: memory-map.dtd .............................. -->
<!-- .................................... .............. -->
<!-- memory-map.dtd -->
<!-- memory-map: Root element with versioning -->
<!ELEMENT memory-map (memory | property)>
488 Debugging with gdb
To efficiently update the list of threads and their attributes, gdb issues the
‘qXfer:threads:read’ packet (see hundefinedi [qXfer threads read], page hundefinedi)
and obtains the XML document with the following structure:
<?xml version="1.0"?>
<threads>
<thread id="id" core="0">
... description ...
</thread>
</threads>
Each ‘thread’ element must have the ‘id’ attribute that identifies the thread (see hunde-
finedi [thread-id syntax], page hundefinedi). The ‘core’ attribute, if present, specifies which
processor core the thread was last executing on. The content of the of ‘thread’ element is
interpreted as human-readable auxilliary information.
Appendix E: The GDB Agent Expression Mechanism 489
The agent represents bytecode expressions as an array of bytes. Each instruction is one
byte long (thus the term bytecode). Some instructions are followed by operand bytes; for
example, the goto instruction is followed by a destination for the jump.
The bytecode interpreter is a stack-based machine; most instructions pop their operands
off the stack, perform some operation, and push the result back on the stack for the next
instruction to consume. Each element of the stack may contain either a integer or a floating
point value; these values are as many bits wide as the largest integer that can be directly
manipulated in the source language. Stack elements carry no record of their type; bytecode
could push a value as an integer, then pop it as a floating point value. However, GDB will
not generate code which does this. In C, one might define the type of a stack element as
follows:
union agent_val {
LONGEST l;
490 Debugging with gdb
DOUBLEST d;
};
where LONGEST and DOUBLEST are typedef names for the largest integer and floating point
types on the machine.
By the time the bytecode interpreter reaches the end of the expression, the value of
the expression should be the only value left on the stack. For tracing applications, trace
bytecodes in the expression will have recorded the necessary data, and the value on the
stack may be discarded. For other applications, like conditional breakpoints, the value may
be useful.
Separate from the stack, the interpreter has two registers:
pc The address of the next bytecode to execute.
start The address of the start of the bytecode expression, necessary for interpreting
the goto and if_goto instructions.
Neither of these registers is directly visible to the bytecode language itself, but they are
useful for defining the meanings of the bytecode operations.
There are no instructions to perform side effects on the running program, or call the pro-
gram’s functions; we assume that these expressions are only used for unobtrusive debugging,
not for patching the running code.
Most bytecode instructions do not distinguish between the various sizes of values, and
operate on full-width values; the upper bits of the values are simply ignored, since they do
not usually make a difference to the value computed. The exceptions to this rule are:
memory reference instructions (refn)
There are distinct instructions to fetch different word sizes from memory. Once
on the stack, however, the values are treated as full-size integers. They may
need to be sign-extended; the ext instruction exists for this purpose.
the sign-extension instruction (ext n)
These clearly need to know which portion of their operand is to be extended to
occupy the full length of the word.
If the interpreter is unable to evaluate an expression completely for some reason (a mem-
ory location is inaccessible, or a divisor is zero, for example), we say that interpretation
“terminates with an error”. This means that the problem is reported back to the inter-
preter’s caller in some helpful way. In general, code using agent expressions should assume
that they may attempt to divide by zero, fetch arbitrary memory locations, and misbehave
in other ways.
Even complicated C expressions compile to a few bytecode instructions; for example, the
expression x + y * z would typically produce code like the following, assuming that x and
y live in registers, and z is a global variable holding a 32-bit int:
reg 1
reg 2
const32 address of z
ref32
ext 32
mul
Appendix E: The GDB Agent Expression Mechanism 491
add
end
In detail, these mean:
reg 1 Push the value of register 1 (presumably holding x) onto the stack.
reg 2 Push the value of register 2 (holding y).
const32 address of z
Push the address of z onto the stack.
ref32 Fetch a 32-bit word from the address at the top of the stack; replace the address
on the stack with the value. Thus, we replace the address of z with z’s value.
ext 32 Sign-extend the value on the top of the stack from 32 bits to full length. This
is necessary because z is a signed integer.
mul Pop the top two numbers on the stack, multiply them, and push their product.
Now the top of the stack contains the value of the expression y * z.
add Pop the top two numbers, add them, and push the sum. Now the top of the
stack contains the value of x + y * z.
end Stop executing; the value left on the stack top is the value to be recorded.
We do not fully describe the floating point operations here; although this design can be
extended in a clean way to handle floating point values, they are not of immediate interest
to the customer, so we avoid describing them, to save time.
float (0x01): ⇒
Prefix for floating-point bytecodes. Not implemented yet.
add (0x02): a b ⇒ a+b
Pop two integers from the stack, and push their sum, as an integer.
sub (0x03): a b ⇒ a-b
Pop two integers from the stack, subtract the top value from the next-to-top
value, and push the difference.
mul (0x04): a b ⇒ a*b
Pop two integers from the stack, multiply them, and push the product on the
stack. Note that, when one multiplies two n-bit numbers yielding another n-bit
number, it is irrelevant whether the numbers are signed or not; the results are
the same.
div_signed (0x05): a b ⇒ a/b
Pop two signed integers from the stack; divide the next-to-top value by the top
value, and push the quotient. If the divisor is zero, terminate with an error.
div_unsigned (0x06): a b ⇒ a/b
Pop two unsigned integers from the stack; divide the next-to-top value by the
top value, and push the quotient. If the divisor is zero, terminate with an error.
rem_signed (0x07): a b ⇒ a modulo b
Pop two signed integers from the stack; divide the next-to-top value by the top
value, and push the remainder. If the divisor is zero, terminate with an error.
rem_unsigned (0x08): a b ⇒ a modulo b
Pop two unsigned integers from the stack; divide the next-to-top value by the
top value, and push the remainder. If the divisor is zero, terminate with an
error.
lsh (0x09): a b ⇒ a<<b
Pop two integers from the stack; let a be the next-to-top value, and b be the
top value. Shift a left by b bits, and push the result.
rsh_signed (0x0a): a b ⇒ (signed)a>>b
Pop two integers from the stack; let a be the next-to-top value, and b be the
top value. Shift a right by b bits, inserting copies of the top bit at the high
end, and push the result.
rsh_unsigned (0x0b): a b ⇒ a>>b
Pop two integers from the stack; let a be the next-to-top value, and b be the
top value. Shift a right by b bits, inserting zero bits at the high end, and push
the result.
log_not (0x0e): a ⇒ !a
Pop an integer from the stack; if it is zero, push the value one; otherwise, push
the value zero.
Appendix E: The GDB Agent Expression Mechanism 493
Agent expressions can be used in several different ways by gdb, and the debugger can
generate different bytecode sequences as appropriate.
496 Debugging with gdb
One possibility is to do expression evaluation on the target rather than the host, such
as for the conditional of a conditional tracepoint. In such a case, gdb compiles the source
expression into a bytecode sequence that simply gets values from registers or memory, does
arithmetic, and returns a result.
Another way to use agent expressions is for tracepoint data collection. gdb generates a
different bytecode sequence for collection; in addition to bytecodes that do the calculation,
gdb adds trace bytecodes to save the pieces of memory that were used.
• The user selects trace points in the program’s code at which GDB should collect data.
• The user specifies expressions to evaluate at each trace point. These expressions may
denote objects in memory, in which case those objects’ contents are recorded as the
program runs, or computed values, in which case the values themselves are recorded.
• GDB transmits the tracepoints and their associated expressions to the GDB agent,
running on the debugging target.
• The agent arranges to be notified when a trace point is hit.
• When execution on the target reaches a trace point, the agent evaluates the expressions
associated with that trace point, and records the resulting values and memory ranges.
• Later, when the user selects a given trace event and inspects the objects and expression
values recorded, GDB talks to the agent to retrieve recorded data as necessary to meet
the user’s requests. If the user asks to see an object whose contents have not been
recorded, GDB reports an error.
Some targets don’t support floating-point, and some would rather not have to deal with
long long operations. Also, different targets will have different stack sizes, and different
bytecode buffer lengths.
Thus, GDB needs a way to ask the target about itself. We haven’t worked out the details
yet, but in general, GDB should be able to send the target a packet asking it to describe
itself. The reply should be a packet whose length is explicit, so we can add new information
to the packet in future revisions of the agent, without confusing old versions of GDB, and
it should contain a version number. It should contain at least the following information:
• whether floating point is supported
• whether long long is supported
• maximum acceptable size of bytecode stack
• maximum acceptable length of bytecode expressions
• which registers are actually available for collection
• whether the target supports disabled tracepoints
E.5 Rationale
To address these problems, the gdb remote protocol allows a target system to not
only identify itself to gdb, but to actually describe its own features. This lets gdb support
processor variants it has never seen before — to the extent that the descriptions are accurate,
and that gdb understands them.
gdb must be linked with the Expat library to support XML target descriptions. See
hundefinedi [Expat], page hundefinedi.
Target descriptions can be read from the target automatically, or specified by the user
manually. The default behavior is to read the description from the target. gdb retrieves
it via the remote protocol using ‘qXfer’ requests (see hundefinedi [General Query Packets],
page hundefinedi). The annex in the ‘qXfer’ packet will be ‘target.xml’. The contents
of the ‘target.xml’ annex are an XML document, of the form described in hundefinedi
[Target Description Format], page hundefinedi.
Alternatively, you can specify a file to read for the target description. If a file is set, the
target will not be queried. The commands to specify a file are:
A target description annex is an XML document which complies with the Document
Type Definition provided in the gdb sources in ‘gdb/features/gdb-target.dtd’. This
means you can use generally available tools like xmllint to check that your feature de-
scriptions are well-formed and valid. However, to help people unfamiliar with XML write
descriptions for their targets, we also describe the grammar here.
Target descriptions can identify the architecture of the remote target and (for some
architectures) provide information about custom register sets. They can also identify the
OS ABI of the remote target. gdb can use this information to autoconfigure for your target,
or to warn you if you connect to an unsupported target.
Here is a simple target description:
<target version="1.0">
<architecture>i386:x86-64</architecture>
</target>
This minimal description only says that the target uses the x86-64 architecture.
A target description has the following overall form, with [ ] marking optional elements
and . . . marking repeatable elements. The elements are explained further below.
<?xml version="1.0"?>
<!DOCTYPE target SYSTEM "gdb-target.dtd">
<target version="1.0">
[architecture ]
[osabi ]
[compatible ]
[feature ...]
</target>
The description is generally insensitive to whitespace and line breaks, under the usual
common-sense rules. The XML version declaration and document type declaration can
generally be omitted (gdb does not require them), but specifying them may be useful
for XML validation tools. The ‘version’ attribute for ‘<target>’ may also be omitted,
but we recommend including it; if future versions of gdb use an incompatible revision of
‘gdb-target.dtd’, they will detect and report the version mismatch.
G.2.1 Inclusion
It can sometimes be valuable to split a target description up into several different an-
nexes, either for organizational purposes, or to share files between different possible target
descriptions. You can divide a description into multiple files by replacing any element of
the target description with an inclusion directive of the form:
<xi:include href="document "/>
When gdb encounters an element of this form, it will retrieve the named XML document,
and replace the inclusion directive with the contents of that document. If the current
description was read using ‘qXfer’, then so will be the included document; document will
be interpreted as the name of an annex. If the current description was read from a file, gdb
will look for document as a file in the same directory where it found the original description.
Appendix G: Target Descriptions 505
G.2.2 Architecture
G.2.3 OS ABI
This optional field was introduced in gdb version 7.0. Previous versions of gdb ignore
it.
An ‘<osabi>’ element has this form:
<osabi>abi-name </osabi>
abi-name is an OS ABI name from the same selection accepted by set osabi (see hun-
definedi [Configuring the Current ABI], page hundefinedi).
This optional field was introduced in gdb version 7.0. Previous versions of gdb ignore
it.
A ‘<compatible>’ element has this form:
<compatible>arch </compatible>
arch is one of the architectures from the set accepted by set architecture (see hunde-
finedi [Specifying a Debugging Target], page hundefinedi).
A ‘<compatible>’ element is used to specify that the target is able to run binaries
in some other than the main target architecture given by the ‘<architecture>’ element.
For example, on the Cell Broadband Engine, the main architecture is powerpc:common or
powerpc:common64, but the system is able to run binaries in the spu architecture as well.
The way to describe this capability with ‘<compatible>’ is as follows:
<architecture>powerpc:common</architecture>
<compatible>spu</compatible>
G.2.5 Features
Each ‘<feature>’ describes some logical portion of the target system. Features are
currently used to describe available CPU registers and the types of their contents. A
‘<feature>’ element has this form:
<feature name="name ">
[type ...]
reg ...
</feature>
Each feature’s name should be unique within the description. The name of a feature does
not matter unless gdb has some special knowledge of the contents of that feature; if it does,
the feature should have its standard name. See hundefinedi [Standard Target Features],
page hundefinedi.
506 Debugging with gdb
G.2.6 Types
Any register’s value is a collection of bits which gdb must interpret. The default inter-
pretation is a two’s complement integer, but other types can be requested by name in the
register description. Some predefined types are provided by gdb (see hundefinedi [Prede-
fined Target Types], page hundefinedi), and the description can define additional composite
types.
Each type element must have an ‘id’ attribute, which gives a unique (within the con-
taining ‘<feature>’) name to the type. Types must be defined before they are used.
Some targets offer vector registers, which can be treated as arrays of scalar elements.
These types are written as ‘<vector>’ elements, specifying the array element type, type,
and the number of elements, count:
<vector id="id " type="type " count="count "/>
If a register’s value is usefully viewed in multiple ways, define it with a union type con-
taining the useful representations. The ‘<union>’ element contains one or more ‘<field>’
elements, each of which has a name and a type:
<union id="id ">
<field name="name " type="type "/>
...
</union>
If a register’s value is composed from several separate values, define it with a structure
type. There are two forms of the ‘<struct>’ element; a ‘<struct>’ element must either
contain only bitfields or contain no bitfields. If the structure contains only bitfields, its
total size in bytes must be specified, each bitfield must have an explicit start and end, and
bitfields are automatically assigned an integer type. The field’s start should be less than or
equal to its end, and zero represents the least significant bit.
<struct id="id " size="size ">
<field name="name " start="start " end="end "/>
...
</struct>
If the structure contains no bitfields, then each field has an explicit type, and no implicit
padding is added.
<struct id="id ">
<field name="name " type="type "/>
...
</struct>
If a register’s value is a series of single-bit flags, define it with a flags type. The ‘<flags>’
element has an explicit size and contains one or more ‘<field>’ elements. Each field has a
name, a start, and an end. Only single-bit flags are supported.
<flags id="id " size="size ">
<field name="name " start="start " end="end "/>
...
</flags>
G.2.7 Registers
Type definitions in the self-description can build up composite types from basic building
blocks, but can not define fundamental types. Instead, standard identifiers are provided by
gdb for the fundamental types. The currently supported types are:
int8
int16
int32
int64
int128 Signed integer types holding the specified number of bits.
uint8
uint16
uint32
uint64
uint128 Unsigned integer types holding the specified number of bits.
508 Debugging with gdb
code_ptr
data_ptr Pointers to unspecified code and data. The program counter and any dedicated
return address register may be marked as code pointers; printing a code pointer
converts it into a symbolic address. The stack pointer and any dedicated address
registers may be marked as data pointers.
ieee_single
Single precision IEEE floating point.
ieee_double
Double precision IEEE floating point.
arm_fpa_ext
The 12-byte extended precision format used by ARM FPA registers.
i387_ext The 10-byte extended precision format used by x87 registers.
i386_eflags
32bit eflags register used by x86.
i386_mxcsr
32bit mxcsr register used by x86.
A target description must contain either no registers or all the target’s registers. If the
description contains no registers, then gdb will assume a default register layout, selected
based on the architecture. If the description contains any registers, the default layout will
not be used; the standard registers must be described in the target description, in such a
way that gdb can recognize them.
This is accomplished by giving specific names to feature elements which contain standard
registers. gdb will look for features with those names and verify that they contain the
expected registers; if any known feature is missing required registers, or if any required
feature is missing, gdb will reject the target description. You can add additional registers
to any of the standard features — gdb will display them just as if they were added to an
unrecognized feature.
This section lists the known features and their expected contents. Sample XML docu-
ments for these features are included in the gdb source tree, in the directory ‘gdb/features’.
Names recognized by gdb should include the name of the company or organization
which selected the name, and the overall architecture to which the feature applies; so e.g.
the feature containing ARM core registers is named ‘org.gnu.gdb.arm.core’.
The names of registers are not case sensitive for the purpose of recognizing standard
features, but gdb will only display registers using the capitalization used in the description.
‘org.gnu.gdb.m68k.core’
‘org.gnu.gdb.coldfire.core’
‘org.gnu.gdb.fido.core’
One of those features must be always present. The feature that is present
determines which flavor of m68k is used. The feature that is present should
contain registers ‘d0’ through ‘d7’, ‘a0’ through ‘a5’, ‘fp’, ‘sp’, ‘ps’ and ‘pc’.
‘org.gnu.gdb.coldfire.fp’
This feature is optional. If present, it should contain registers ‘fp0’ through
‘fp7’, ‘fpcontrol’, ‘fpstatus’ and ‘fpiaddr’.
When requesting the process list, the annex field in the ‘qXfer’ request should be
‘processes’. The returned data is an XML document. The formal syntax of this doc-
ument is defined in ‘gdb/features/osdata.dtd’.
An example document is:
<?xml version="1.0"?>
<!DOCTYPE target SYSTEM "osdata.dtd">
<osdata type="processes">
<item>
<column name="pid">1</column>
<column name="user">root</column>
<column name="command">/sbin/init</column>
<column name="cores">1,2,3</column>
</item>
</osdata>
Each item should include a column whose name is ‘pid’. The value of that column should
identify the process on the target. The ‘user’ and ‘command’ columns are optional, and will
be displayed by gdb. The ‘cores’ column, if present, should contain a comma-separated
list of cores that this process is running on. Target may provide additional columns, which
gdb currently ignores.
512 Debugging with gdb
Appendix I: GNU GENERAL PUBLIC LICENSE 513
Preamble
The GNU General Public License is a free, copyleft license for software and other kinds
of works.
The licenses for most software and other practical works are designed to take away your
freedom to share and change the works. By contrast, the GNU General Public License is
intended to guarantee your freedom to share and change all versions of a program—to make
sure it remains free software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to any other work
released this way by its authors. You can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General
Public Licenses are designed to make sure that you have the freedom to distribute copies
of free software (and charge for them if you wish), that you receive source code or can get
it if you want it, that you can change the software or use pieces of it in new free programs,
and that you know you can do these things.
To protect your rights, we need to prevent others from denying you these rights or asking
you to surrender the rights. Therefore, you have certain responsibilities if you distribute
copies of the software, or if you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether gratis or for a fee, you
must pass on to the recipients the same freedoms that you received. You must make sure
that they, too, receive or can get the source code. And you must show them these terms so
they know their rights.
Developers that use the GNU GPL protect your rights with two steps: (1) assert copy-
right on the software, and (2) offer you this License giving you legal permission to copy,
distribute and/or modify it.
For the developers’ and authors’ protection, the GPL clearly explains that there is no
warranty for this free software. For both users’ and authors’ sake, the GPL requires that
modified versions be marked as changed, so that their problems will not be attributed
erroneously to authors of previous versions.
Some devices are designed to deny users access to install or run modified versions of the
software inside them, although the manufacturer can do so. This is fundamentally incom-
patible with the aim of protecting users’ freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to use, which is pre-
cisely where it is most unacceptable. Therefore, we have designed this version of the GPL
to prohibit the practice for those products. If such problems arise substantially in other
domains, we stand ready to extend this provision to those domains in future versions of the
GPL, as needed to protect the freedom of users.
514 Debugging with gdb
Finally, every program is threatened constantly by software patents. States should not
allow patents to restrict development and use of software on general-purpose computers, but
in those that do, we wish to avoid the special danger that patents applied to a free program
could make it effectively proprietary. To prevent this, the GPL assures that patents cannot
be used to render the program non-free.
The precise terms and conditions for copying, distribution and modification follow.
The “System Libraries” of an executable work include anything, other than the work as
a whole, that (a) is included in the normal form of packaging a Major Component, but
which is not part of that Major Component, and (b) serves only to enable use of the
work with that Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A “Major Component”,
in this context, means a major essential component (kernel, window system, and so
on) of the specific operating system (if any) on which the executable work runs, or a
compiler used to produce the work, or an object code interpreter used to run it.
The “Corresponding Source” for a work in object code form means all the source code
needed to generate, install, and (for an executable work) run the object code and to
modify the work, including scripts to control those activities. However, it does not
include the work’s System Libraries, or general-purpose tools or generally available
free programs which are used unmodified in performing those activities but which are
not part of the work. For example, Corresponding Source includes interface definition
files associated with source files for the work, and the source code for shared libraries
and dynamically linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those subprograms
and other parts of the work.
The Corresponding Source need not include anything that users can regenerate auto-
matically from other parts of the Corresponding Source.
The Corresponding Source for a work in source code form is that same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of copyright on the
Program, and are irrevocable provided the stated conditions are met. This License ex-
plicitly affirms your unlimited permission to run the unmodified Program. The output
from running a covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your rights of fair use
or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not convey, without
conditions so long as your license otherwise remains in force. You may convey covered
works to others for the sole purpose of having them make modifications exclusively
for you, or provide you with facilities for running those works, provided that you
comply with the terms of this License in conveying all material for which you do not
control copyright. Those thus making or running the covered works for you must do
so exclusively on your behalf, under your direction and control, on terms that prohibit
them from making any copies of your copyrighted material outside their relationship
with you.
Conveying under any other circumstances is permitted solely under the conditions
stated below. Sublicensing is not allowed; section 10 makes it unnecessary.
3. Protecting Users’ Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological measure under
any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty
adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention
of such measures.
516 Debugging with gdb
When you convey a covered work, you waive any legal power to forbid circumvention of
technological measures to the extent such circumvention is effected by exercising rights
under this License with respect to the covered work, and you disclaim any intention
to limit operation or modification of the work as a means of enforcing, against the
work’s users, your or third parties’ legal rights to forbid circumvention of technological
measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program’s source code as you receive it, in any
medium, provided that you conspicuously and appropriately publish on each copy an
appropriate copyright notice; keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code; keep intact all
notices of the absence of any warranty; and give all recipients a copy of this License
along with the Program.
You may charge any price or no price for each copy that you convey, and you may offer
support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to produce it from
the Program, in the form of source code under the terms of section 4, provided that
you also meet all of these conditions:
a. The work must carry prominent notices stating that you modified it, and giving a
relevant date.
b. The work must carry prominent notices stating that it is released under this Li-
cense and any conditions added under section 7. This requirement modifies the
requirement in section 4 to “keep intact all notices”.
c. You must license the entire work, as a whole, under this License to anyone who
comes into possession of a copy. This License will therefore apply, along with any
applicable section 7 additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no permission to license
the work in any other way, but it does not invalidate such permission if you have
separately received it.
d. If the work has interactive user interfaces, each must display Appropriate Legal
Notices; however, if the Program has interactive interfaces that do not display
Appropriate Legal Notices, your work need not make them do so.
A compilation of a covered work with other separate and independent works, which
are not by their nature extensions of the covered work, and which are not combined
with it such as to form a larger program, in or on a volume of a storage or distribution
medium, is called an “aggregate” if the compilation and its resulting copyright are
not used to limit the access or legal rights of the compilation’s users beyond what the
individual works permit. Inclusion of a covered work in an aggregate does not cause
this License to apply to the other parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms of sections 4 and
5, provided that you also convey the machine-readable Corresponding Source under
the terms of this License, in one of these ways:
Appendix I: GNU GENERAL PUBLIC LICENSE 517
a. Convey the object code in, or embodied in, a physical product (including a phys-
ical distribution medium), accompanied by the Corresponding Source fixed on a
durable physical medium customarily used for software interchange.
b. Convey the object code in, or embodied in, a physical product (including a physi-
cal distribution medium), accompanied by a written offer, valid for at least three
years and valid for as long as you offer spare parts or customer support for that
product model, to give anyone who possesses the object code either (1) a copy of
the Corresponding Source for all the software in the product that is covered by this
License, on a durable physical medium customarily used for software interchange,
for a price no more than your reasonable cost of physically performing this con-
veying of source, or (2) access to copy the Corresponding Source from a network
server at no charge.
c. Convey individual copies of the object code with a copy of the written offer to
provide the Corresponding Source. This alternative is allowed only occasionally
and noncommercially, and only if you received the object code with such an offer,
in accord with subsection 6b.
d. Convey the object code by offering access from a designated place (gratis or for
a charge), and offer equivalent access to the Corresponding Source in the same
way through the same place at no further charge. You need not require recipients
to copy the Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source may be on
a different server (operated by you or a third party) that supports equivalent
copying facilities, provided you maintain clear directions next to the object code
saying where to find the Corresponding Source. Regardless of what server hosts
the Corresponding Source, you remain obligated to ensure that it is available for
as long as needed to satisfy these requirements.
e. Convey the object code using peer-to-peer transmission, provided you inform other
peers where the object code and Corresponding Source of the work are being offered
to the general public at no charge under subsection 6d.
A separable portion of the object code, whose source code is excluded from the Cor-
responding Source as a System Library, need not be included in conveying the object
code work.
A “User Product” is either (1) a “consumer product”, which means any tangible per-
sonal property which is normally used for personal, family, or household purposes, or
(2) anything designed or sold for incorporation into a dwelling. In determining whether
a product is a consumer product, doubtful cases shall be resolved in favor of coverage.
For a particular product received by a particular user, “normally used” refers to a
typical or common use of that class of product, regardless of the status of the par-
ticular user or of the way in which the particular user actually uses, or expects or is
expected to use, the product. A product is a consumer product regardless of whether
the product has substantial commercial, industrial or non-consumer uses, unless such
uses represent the only significant mode of use of the product.
“Installation Information” for a User Product means any methods, procedures, autho-
rization keys, or other information required to install and execute modified versions of a
covered work in that User Product from a modified version of its Corresponding Source.
518 Debugging with gdb
The information must suffice to ensure that the continued functioning of the modified
object code is in no case prevented or interfered with solely because modification has
been made.
If you convey an object code work under this section in, or with, or specifically for
use in, a User Product, and the conveying occurs as part of a transaction in which
the right of possession and use of the User Product is transferred to the recipient in
perpetuity or for a fixed term (regardless of how the transaction is characterized),
the Corresponding Source conveyed under this section must be accompanied by the
Installation Information. But this requirement does not apply if neither you nor any
third party retains the ability to install modified object code on the User Product (for
example, the work has been installed in ROM).
The requirement to provide Installation Information does not include a requirement
to continue to provide support service, warranty, or updates for a work that has been
modified or installed by the recipient, or for the User Product in which it has been
modified or installed. Access to a network may be denied when the modification itself
materially and adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided, in accord with
this section must be in a format that is publicly documented (and with an implementa-
tion available to the public in source code form), and must require no special password
or key for unpacking, reading or copying.
7. Additional Terms.
“Additional permissions” are terms that supplement the terms of this License by mak-
ing exceptions from one or more of its conditions. Additional permissions that are
applicable to the entire Program shall be treated as though they were included in this
License, to the extent that they are valid under applicable law. If additional permis-
sions apply only to part of the Program, that part may be used separately under those
permissions, but the entire Program remains governed by this License without regard
to the additional permissions.
When you convey a copy of a covered work, you may at your option remove any
additional permissions from that copy, or from any part of it. (Additional permissions
may be written to require their own removal in certain cases when you modify the
work.) You may place additional permissions on material, added by you to a covered
work, for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you add to a covered
work, you may (if authorized by the copyright holders of that material) supplement
the terms of this License with terms:
a. Disclaiming warranty or limiting liability differently from the terms of sections 15
and 16 of this License; or
b. Requiring preservation of specified reasonable legal notices or author attributions
in that material or in the Appropriate Legal Notices displayed by works containing
it; or
c. Prohibiting misrepresentation of the origin of that material, or requiring that mod-
ified versions of such material be marked in reasonable ways as different from the
original version; or
Appendix I: GNU GENERAL PUBLIC LICENSE 519
d. Limiting the use for publicity purposes of names of licensors or authors of the
material; or
e. Declining to grant rights under trademark law for use of some trade names, trade-
marks, or service marks; or
f. Requiring indemnification of licensors and authors of that material by anyone who
conveys the material (or modified versions of it) with contractual assumptions
of liability to the recipient, for any liability that these contractual assumptions
directly impose on those licensors and authors.
All other non-permissive additional terms are considered “further restrictions” within
the meaning of section 10. If the Program as you received it, or any part of it, con-
tains a notice stating that it is governed by this License along with a term that is a
further restriction, you may remove that term. If a license document contains a further
restriction but permits relicensing or conveying under this License, you may add to a
covered work material governed by the terms of that license document, provided that
the further restriction does not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you must place, in the
relevant source files, a statement of the additional terms that apply to those files, or a
notice indicating where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the form of a sep-
arately written license, or stated as exceptions; the above requirements apply either
way.
8. Termination.
You may not propagate or modify a covered work except as expressly provided un-
der this License. Any attempt otherwise to propagate or modify it is void, and will
automatically terminate your rights under this License (including any patent licenses
granted under the third paragraph of section 11).
However, if you cease all violation of this License, then your license from a particular
copyright holder is reinstated (a) provisionally, unless and until the copyright holder
explicitly and finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means prior to 60 days
after the cessation.
Moreover, your license from a particular copyright holder is reinstated permanently if
the copyright holder notifies you of the violation by some reasonable means, this is the
first time you have received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after your receipt of the
notice.
Termination of your rights under this section does not terminate the licenses of parties
who have received copies or rights from you under this License. If your rights have
been terminated and not permanently reinstated, you do not qualify to receive new
licenses for the same material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or run a copy of the
Program. Ancillary propagation of a covered work occurring solely as a consequence of
using peer-to-peer transmission to receive a copy likewise does not require acceptance.
520 Debugging with gdb
However, nothing other than this License grants you permission to propagate or modify
any covered work. These actions infringe copyright if you do not accept this License.
Therefore, by modifying or propagating a covered work, you indicate your acceptance
of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically receives a license
from the original licensors, to run, modify and propagate that work, subject to this
License. You are not responsible for enforcing compliance by third parties with this
License.
An “entity transaction” is a transaction transferring control of an organization, or
substantially all assets of one, or subdividing an organization, or merging organizations.
If propagation of a covered work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever licenses to the work
the party’s predecessor in interest had or could give under the previous paragraph, plus
a right to possession of the Corresponding Source of the work from the predecessor in
interest, if the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the rights granted or
affirmed under this License. For example, you may not impose a license fee, royalty, or
other charge for exercise of rights granted under this License, and you may not initiate
litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent
claim is infringed by making, using, selling, offering for sale, or importing the Program
or any portion of it.
11. Patents.
A “contributor” is a copyright holder who authorizes use under this License of the
Program or a work on which the Program is based. The work thus licensed is called
the contributor’s “contributor version”.
A contributor’s “essential patent claims” are all patent claims owned or controlled by
the contributor, whether already acquired or hereafter acquired, that would be infringed
by some manner, permitted by this License, of making, using, or selling its contributor
version, but do not include claims that would be infringed only as a consequence of
further modification of the contributor version. For purposes of this definition, “con-
trol” includes the right to grant patent sublicenses in a manner consistent with the
requirements of this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free patent license
under the contributor’s essential patent claims, to make, use, sell, offer for sale, import
and otherwise run, modify and propagate the contents of its contributor version.
In the following three paragraphs, a “patent license” is any express agreement or com-
mitment, however denominated, not to enforce a patent (such as an express permission
to practice a patent or covenant not to sue for patent infringement). To “grant” such
a patent license to a party means to make such an agreement or commitment not to
enforce a patent against the party.
If you convey a covered work, knowingly relying on a patent license, and the Corre-
sponding Source of the work is not available for anyone to copy, free of charge and under
the terms of this License, through a publicly available network server or other readily
accessible means, then you must either (1) cause the Corresponding Source to be so
Appendix I: GNU GENERAL PUBLIC LICENSE 521
available, or (2) arrange to deprive yourself of the benefit of the patent license for this
particular work, or (3) arrange, in a manner consistent with the requirements of this
License, to extend the patent license to downstream recipients. “Knowingly relying”
means you have actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient’s use of the covered work in a country,
would infringe one or more identifiable patents in that country that you have reason
to believe are valid.
If, pursuant to or in connection with a single transaction or arrangement, you convey,
or propagate by procuring conveyance of, a covered work, and grant a patent license
to some of the parties receiving the covered work authorizing them to use, propagate,
modify or convey a specific copy of the covered work, then the patent license you grant
is automatically extended to all recipients of the covered work and works based on it.
A patent license is “discriminatory” if it does not include within the scope of its cover-
age, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the
rights that are specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is in the business of
distributing software, under which you make payment to the third party based on the
extent of your activity of conveying the work, and under which the third party grants,
to any of the parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work conveyed by you (or
copies made from those copies), or (b) primarily for and in connection with specific
products or compilations that contain the covered work, unless you entered into that
arrangement, or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting any implied license or
other defenses to infringement that may otherwise be available to you under applicable
patent law.
12. No Surrender of Others’ Freedom.
If conditions are imposed on you (whether by court order, agreement or otherwise) that
contradict the conditions of this License, they do not excuse you from the conditions
of this License. If you cannot convey a covered work so as to satisfy simultaneously
your obligations under this License and any other pertinent obligations, then as a
consequence you may not convey it at all. For example, if you agree to terms that
obligate you to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this License would
be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have permission to link or
combine any covered work with a work licensed under version 3 of the GNU Affero
General Public License into a single combined work, and to convey the resulting work.
The terms of this License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License, section 13,
concerning interaction through a network will apply to the combination as such.
14. Revised Versions of this License.
522 Debugging with gdb
The Free Software Foundation may publish revised and/or new versions of the GNU
General Public License from time to time. Such new versions will be similar in spirit
to the present version, but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies that
a certain numbered version of the GNU General Public License “or any later version”
applies to it, you have the option of following the terms and conditions either of that
numbered version or of any later version published by the Free Software Foundation.
If the Program does not specify a version number of the GNU General Public License,
you may choose any version ever published by the Free Software Foundation.
If the Program specifies that a proxy can decide which future versions of the GNU
General Public License can be used, that proxy’s public statement of acceptance of a
version permanently authorizes you to choose that version for the Program.
Later license versions may give you additional or different permissions. However, no
additional obligations are imposed on any author or copyright holder as a result of your
choosing to follow a later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PER-
MITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN
WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE
THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EX-
PRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE
OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFEC-
TIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO
MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE
LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, IN-
CIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO
LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUS-
TAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR
OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAM-
AGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided above cannot be given
local legal effect according to their terms, reviewing courts shall apply local law that
most closely approximates an absolute waiver of all civil liability in connection with
the Program, unless a warranty or assumption of liability accompanies a copy of the
Program in return for a fee.
Appendix I: GNU GENERAL PUBLIC LICENSE 523
If you develop a new program, and you want it to be of the greatest possible use to
the public, the best way to achieve this is to make it free software which everyone can
redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest to attach them to the
start of each source file to most effectively state the exclusion of warranty; and each file
should have at least the “copyright” line and a pointer to where the full notice is found.
one line to give the program’s name and a brief idea of what it does.
Copyright (C) year name of author
You should have received a copy of the GNU General Public License
along with this program. If not, see http://www.gnu.org/licenses/.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short notice like this when it
starts in an interactive mode:
program Copyright (C) year name of author
This program comes with ABSOLUTELY NO WARRANTY; for details type ‘show w’.
This is free software, and you are welcome to redistribute it
under certain conditions; type ‘show c’ for details.
The hypothetical commands ‘show w’ and ‘show c’ should show the appropriate parts of
the General Public License. Of course, your program’s commands might be different; for a
GUI interface, you would use an “about box”.
You should also get your employer (if you work as a programmer) or school, if any, to
sign a “copyright disclaimer” for the program, if necessary. For more information on this,
and how to apply and follow the GNU GPL, see http://www.gnu.org/licenses/.
The GNU General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may consider it more
useful to permit linking proprietary applications with the library. If this is what you want
to do, use the GNU Lesser General Public License instead of this License. But first, please
read http://www.gnu.org/philosophy/why-not-lgpl.html.
524 Debugging with gdb
Appendix J: GNU Free Documentation License 525
under this License. If a section does not fit the above definition of Secondary then it is
not allowed to be designated as Invariant. The Document may contain zero Invariant
Sections. If the Document does not identify any Invariant Sections then there are none.
The “Cover Texts” are certain short passages of text that are listed, as Front-Cover
Texts or Back-Cover Texts, in the notice that says that the Document is released under
this License. A Front-Cover Text may be at most 5 words, and a Back-Cover Text may
be at most 25 words.
A “Transparent” copy of the Document means a machine-readable copy, represented
in a format whose specification is available to the general public, that is suitable for
revising the document straightforwardly with generic text editors or (for images com-
posed of pixels) generic paint programs or (for drawings) some widely available drawing
editor, and that is suitable for input to text formatters or for automatic translation to
a variety of formats suitable for input to text formatters. A copy made in an otherwise
Transparent file format whose markup, or absence of markup, has been arranged to
thwart or discourage subsequent modification by readers is not Transparent. An image
format is not Transparent if used for any substantial amount of text. A copy that is
not “Transparent” is called “Opaque”.
Examples of suitable formats for Transparent copies include plain ascii without
markup, Texinfo input format, LaTEX input format, sgml or xml using a publicly
available dtd, and standard-conforming simple html, PostScript or pdf designed for
human modification. Examples of transparent image formats include png, xcf and
jpg. Opaque formats include proprietary formats that can be read and edited only
by proprietary word processors, sgml or xml for which the dtd and/or processing
tools are not generally available, and the machine-generated html, PostScript or pdf
produced by some word processors for output purposes only.
The “Title Page” means, for a printed book, the title page itself, plus such following
pages as are needed to hold, legibly, the material this License requires to appear in the
title page. For works in formats which do not have any title page as such, “Title Page”
means the text near the most prominent appearance of the work’s title, preceding the
beginning of the body of the text.
The “publisher” means any person or entity that distributes copies of the Document
to the public.
A section “Entitled XYZ” means a named subunit of the Document whose title either
is precisely XYZ or contains XYZ in parentheses following text that translates XYZ in
another language. (Here XYZ stands for a specific section name mentioned below, such
as “Acknowledgements”, “Dedications”, “Endorsements”, or “History”.) To “Preserve
the Title” of such a section when you modify the Document means that it remains a
section “Entitled XYZ” according to this definition.
The Document may include Warranty Disclaimers next to the notice which states that
this License applies to the Document. These Warranty Disclaimers are considered to
be included by reference in this License, but only as regards disclaiming warranties:
any other implication that these Warranty Disclaimers may have is void and has no
effect on the meaning of this License.
2. VERBATIM COPYING
Appendix J: GNU Free Documentation License 527
You may copy and distribute the Document in any medium, either commercially or
noncommercially, provided that this License, the copyright notices, and the license
notice saying this License applies to the Document are reproduced in all copies, and
that you add no other conditions whatsoever to those of this License. You may not use
technical measures to obstruct or control the reading or further copying of the copies
you make or distribute. However, you may accept compensation in exchange for copies.
If you distribute a large enough number of copies you must also follow the conditions
in section 3.
You may also lend copies, under the same conditions stated above, and you may publicly
display copies.
3. COPYING IN QUANTITY
If you publish printed copies (or copies in media that commonly have printed covers) of
the Document, numbering more than 100, and the Document’s license notice requires
Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all
these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on
the back cover. Both covers must also clearly and legibly identify you as the publisher
of these copies. The front cover must present the full title with all words of the title
equally prominent and visible. You may add other material on the covers in addition.
Copying with changes limited to the covers, as long as they preserve the title of the
Document and satisfy these conditions, can be treated as verbatim copying in other
respects.
If the required texts for either cover are too voluminous to fit legibly, you should put
the first ones listed (as many as fit reasonably) on the actual cover, and continue the
rest onto adjacent pages.
If you publish or distribute Opaque copies of the Document numbering more than 100,
you must either include a machine-readable Transparent copy along with each Opaque
copy, or state in or with each Opaque copy a computer-network location from which
the general network-using public has access to download using public-standard network
protocols a complete Transparent copy of the Document, free of added material. If
you use the latter option, you must take reasonably prudent steps, when you begin
distribution of Opaque copies in quantity, to ensure that this Transparent copy will
remain thus accessible at the stated location until at least one year after the last time
you distribute an Opaque copy (directly or through your agents or retailers) of that
edition to the public.
It is requested, but not required, that you contact the authors of the Document well
before redistributing any large number of copies, to give them a chance to provide you
with an updated version of the Document.
4. MODIFICATIONS
You may copy and distribute a Modified Version of the Document under the conditions
of sections 2 and 3 above, provided that you release the Modified Version under precisely
this License, with the Modified Version filling the role of the Document, thus licensing
distribution and modification of the Modified Version to whoever possesses a copy of
it. In addition, you must do these things in the Modified Version:
A. Use in the Title Page (and on the covers, if any) a title distinct from that of the
Document, and from those of previous versions (which should, if there were any,
528 Debugging with gdb
be listed in the History section of the Document). You may use the same title as
a previous version if the original publisher of that version gives permission.
B. List on the Title Page, as authors, one or more persons or entities responsible for
authorship of the modifications in the Modified Version, together with at least five
of the principal authors of the Document (all of its principal authors, if it has fewer
than five), unless they release you from this requirement.
C. State on the Title page the name of the publisher of the Modified Version, as the
publisher.
D. Preserve all the copyright notices of the Document.
E. Add an appropriate copyright notice for your modifications adjacent to the other
copyright notices.
F. Include, immediately after the copyright notices, a license notice giving the public
permission to use the Modified Version under the terms of this License, in the form
shown in the Addendum below.
G. Preserve in that license notice the full lists of Invariant Sections and required Cover
Texts given in the Document’s license notice.
H. Include an unaltered copy of this License.
I. Preserve the section Entitled “History”, Preserve its Title, and add to it an item
stating at least the title, year, new authors, and publisher of the Modified Version
as given on the Title Page. If there is no section Entitled “History” in the Docu-
ment, create one stating the title, year, authors, and publisher of the Document
as given on its Title Page, then add an item describing the Modified Version as
stated in the previous sentence.
J. Preserve the network location, if any, given in the Document for public access to
a Transparent copy of the Document, and likewise the network locations given in
the Document for previous versions it was based on. These may be placed in the
“History” section. You may omit a network location for a work that was published
at least four years before the Document itself, or if the original publisher of the
version it refers to gives permission.
K. For any section Entitled “Acknowledgements” or “Dedications”, Preserve the Title
of the section, and preserve in the section all the substance and tone of each of the
contributor acknowledgements and/or dedications given therein.
L. Preserve all the Invariant Sections of the Document, unaltered in their text and
in their titles. Section numbers or the equivalent are not considered part of the
section titles.
M. Delete any section Entitled “Endorsements”. Such a section may not be included
in the Modified Version.
N. Do not retitle any existing section to be Entitled “Endorsements” or to conflict in
title with any Invariant Section.
O. Preserve any Warranty Disclaimers.
If the Modified Version includes new front-matter sections or appendices that qualify
as Secondary Sections and contain no material copied from the Document, you may at
your option designate some or all of these sections as invariant. To do this, add their
Appendix J: GNU Free Documentation License 529
titles to the list of Invariant Sections in the Modified Version’s license notice. These
titles must be distinct from any other section titles.
You may add a section Entitled “Endorsements”, provided it contains nothing but
endorsements of your Modified Version by various parties—for example, statements of
peer review or that the text has been approved by an organization as the authoritative
definition of a standard.
You may add a passage of up to five words as a Front-Cover Text, and a passage of up
to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified
Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be
added by (or through arrangements made by) any one entity. If the Document already
includes a cover text for the same cover, previously added by you or by arrangement
made by the same entity you are acting on behalf of, you may not add another; but
you may replace the old one, on explicit permission from the previous publisher that
added the old one.
The author(s) and publisher(s) of the Document do not by this License give permission
to use their names for publicity for or to assert or imply endorsement of any Modified
Version.
5. COMBINING DOCUMENTS
You may combine the Document with other documents released under this License,
under the terms defined in section 4 above for modified versions, provided that you
include in the combination all of the Invariant Sections of all of the original documents,
unmodified, and list them all as Invariant Sections of your combined work in its license
notice, and that you preserve all their Warranty Disclaimers.
The combined work need only contain one copy of this License, and multiple identical
Invariant Sections may be replaced with a single copy. If there are multiple Invariant
Sections with the same name but different contents, make the title of each such section
unique by adding at the end of it, in parentheses, the name of the original author or
publisher of that section if known, or else a unique number. Make the same adjustment
to the section titles in the list of Invariant Sections in the license notice of the combined
work.
In the combination, you must combine any sections Entitled “History” in the vari-
ous original documents, forming one section Entitled “History”; likewise combine any
sections Entitled “Acknowledgements”, and any sections Entitled “Dedications”. You
must delete all sections Entitled “Endorsements.”
6. COLLECTIONS OF DOCUMENTS
You may make a collection consisting of the Document and other documents released
under this License, and replace the individual copies of this License in the various
documents with a single copy that is included in the collection, provided that you
follow the rules of this License for verbatim copying of each of the documents in all
other respects.
You may extract a single document from such a collection, and distribute it individu-
ally under this License, provided you insert a copy of this License into the extracted
document, and follow this License in all other respects regarding verbatim copying of
that document.
530 Debugging with gdb
To use this License in a document you have written, include a copy of the License in the
document and put the following copyright and license notices just after the title page:
Copyright (C) year your name.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
Texts. A copy of the license is included in the section entitled ‘‘GNU
Free Documentation License’’.
If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace the
“with. . . Texts.” line with this:
with the Invariant Sections being list their titles, with
the Front-Cover Texts being list, and with the Back-Cover Texts
being list.
If you have Invariant Sections without Cover Texts, or some other combination of the
three, merge those two alternatives to suit the situation.
If your document contains nontrivial examples of program code, we recommend releasing
these examples in parallel under your choice of free software license, such as the GNU
General Public License, to permit their use in free software.
Index 533
Index
(Index is nonexistent)
534 Debugging with gdb