GDB and watchpoint

Reprinted from: http://www.kgdb.info/gdb/gdb_watchpoint/

1: What is watchpoint?

Watchpoint, as its name implies, is generally used to observe the status of a variable/memory address (or expression). For example, it can monitor whether the variable/memory value is read/written by the program.

You can set watchpoint in GDB using the following methods:

(GDB) Watch

Set a watchpoint in the specified variable/memory address (expression) expr.
Once the expr value changes, the program stops.
(GDB) rwatch
When expr is read, stop the program.
(GDB) awatch
When expr is read or written, stop the program.
(GDB) info watchpoints

Lists all the observed points currently set. (You can also view info break)

GDB watchpoint practices:

Take the gdb-sample.c of the gdb ten minute quick start tutorial as an example, in the gdb-sample.c, variable N is changed three times in total, if our next watchpoint is at the N variable, because the N variable changes three times and the watchpoint is responded three times, the program will be paused and run three times by the debugger:

Compile the gdb-sample.c and load GDB-sample using GDB:

$ GCC gdb-sample.c-o gdb-Sample-G

$ GDB./GDB-Sample

Gnu gdb (GDB) 7.0.50.20090928-CVS

Copyright (c) 2009 Free Software Foundation, Inc.
License gplv3 +: gnu gpl Version 3 or later
This is free software: You are free to change and redistribute it.
There is no warranty, to the extent permitted by law. Type "show copying"
And "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu ".
For bug reporting instructions, please see:
...
Reading symbols from/home/DDD/GDB-sample... Done.

(GDB)

Watchpoint can only be set after the program is started. The next breakpoint is placed on the main, so that the program is paused at the main function after being started.:

(GDB) B Main

Breakpoint 1 at 0 x 80483ad: file gdb-sample.c, line 19.
(GDB) r
Starting program:/home/DDD/GDB-Sample

Breakpoint 1, main () at gdb-sample.c: 19
19 n = 1;
(GDB)

Give the next watchpoint of the N variable:

(GDB) Watch n
Hardware watchpoint 2: N
(GDB)

Run the "c" command to restart the program. At this time, the program stops at the first n variable change.

20 N ++;

The following prompt is displayed:

23 n --;

(GDB) c
Continuing.
Hardware watchpoint 2: N

Old value =-1208017424
New value = 2
Main () at gdb-sample.c: 23
23 n --;
(GDB)

Repeat the preceding operation to stop the program twice. All GDB outputs are as follows:

(GDB) c
Continuing.
Hardware watchpoint 2: N

Old value = 2
New value = 1
Main () at gdb-sample.c: 25
25. nglobalvar + = 100;
(GDB) --> This stop is caused by "23 n-;" changing the value of Variable N.

(GDB) c
Continuing.
N = 1, nglobalvar = 88
Tempfunction is called, a = 1, B = 2
Hardware watchpoint 2: N

Old value = 1
New value = 3
Main () at gdb-sample.c: 31
31 printf ("n = % d", N );
(GDB) --> This stop is caused by "30 N = tempfunction (1, 2);" changing the value of Variable N.

(GDB) c

Continuing.

Watchpoint 2 deleted because the program has left the block in

Which its expression is valid.
0xb7e91450 in _ libc_start_main () from/lib/tls/i686/cmov/libc. so.6

(GDB)

2: How watchpoint works in GDB

Watchpoint can be regarded as a special "breakpoint". Generally, the CPU must support hardware breakpoint. If the pure software implements watchpoint, it seems to consume a lot of CPU. (I didn't look at the implementation of GDB's soft 0watchpoint. I have time to study it. But if I want to implement this function (discussed with my colleagues ), it should be set that the page table where watchpoint is located to be unreadable/accessible, and then check whether the current page and address are soft-set pages where watchpoint is located and the address of watchpoint. If yes, it indicates that the watchpoint has occurred)

Currently, arch that supports watchpoint hardware breakpoints includes x86, PPC, and MIPS.

If the hardware breakpoint is supported, you can hand over the monitoring operation to the hardware, while GDB only needs to do a simple logical processing.

Or the above gdb-sample.c as an example:

After GDB runs the watch n command, GDB writes a breakpoint to the memory address where the N variable is located.

(GDB) Watch n

Hardware watchpoint 2: N

(For the rwatch n command, GDB will set a hardware read breakpoint at the memory address where the N variable is located)

(TIPS: GDB uses the system to call ptrace () to modify the debug register value, so as to achieve hardware breakpoint)

In this way, as long as the system operates on the N variable (memory address), a hardware breakpoint interruption will be triggered.

After GDB captures the breakpoint interruption, it compares the new N variable value with the previous value,
1) if the value of N variable changes, the program will be stopped.

2) If the value of N variable does not change, the program continues to run.

For more information about hardware breakpoints, see the x86 debugging register.

3: watchpoint Implementation of Remote GDB Server

If you debug a local application, GDB can directly obtain the watchpoint information through the signal sent by ptrace.

If you remotely debug the program, how does GDB obtain the watchpoint information from the remote GDB server?

Speaking of this, I have to move out of the gdb Remote Serial protocol again ..

All communication rules between the gdb server and GDB are defined in the gdb Remote Serial protocol. Therefore, we need to tell GDB that the watchpoint on the remote GDB server must be transmitted through that protocol.

The stop-reply-packets in the gdb Remote Serial Protocol defines how to convey the watchpoint information:
? View code text

'T AA N1: R1; N2: R2 ;...'
The program specified ed signal number AA (a two-digit hexadecimal number ).
This is equivalent to an's 'response, response t that the 'N': R' pairs can
Carry values of important registers and other information directly in
The stop reply packet, cing round-trip latency. Single-step and
Breakpoint traps are reported this way. Each 'N': r'pair is interpreted
As follows:
* If n is a recognized stop reason, it describes a more specific
Event that stopped the target. The currently defined stop reasons are
Listed below. AA shoshould be '05 ', the trap signal. at most one stop
Reason shoshould be present.

The currently defined stop reasons are:
'Watch'
'Rwatch'
'Awatch'
The packet indicates a watchpoint hit, and r is the data address, in hex.

So as long as you add the watch + breakpoint address format data in stop-reply-packets, GDB will know that watchpoint is being stepped on.