Tutorial: Reverse debugging with GDB 7 (转载)
Tutorial: Reverse debugging with GDB 7
Tutorial: Reverse debugging with GDB 7
by Jay Conrod
posted on 2009-12-01
GDB 7 came out a few weeks ago, and one of the major new features is reverse debugging. This allows you to record the execution of a process, then play it backward and forward. This is incredibly useful for fixing those mysterious bugs that are so common in C/C++ programs.
In this post, I'll give a motivating example of why reverse debugging is so useful, then I'll give a summary of the commands you need to know about. You might also want to look at the official tutorial on the GDB wiki, which is a good reference.
Here's a typical program we might have in C. It's very simple, but it contains a subtle bug that causes it to crash when we run it.
#include <stdio.h>
#include <stdlib.h> void initialize(int *array, int size) {
for (int i = 0; i <= size; ++i)
array[i] = 0;
} int main(void) {
int *p = malloc(sizeof(int));
int values[10]; *p = 37;
initialize(values, 10);
printf("*p = %d\n", *p);
free(p); return 0;
}
This program is compiled with the following command:
gcc -ggdb -std=c99 -O0 test.c -o test
When we run this program from the command line, we get a segmentation fault. What happened? We load it into gdb and enable recording:
(gdb) break main
Breakpoint 1 at 0x8048449: file test.c, line 11.
(gdb) run
Starting program: /home/jay/Code/test/test Breakpoint 1, main () at test.c:11
(gdb) record
(gdb)
The record
command turns on recording. It must be issued after the program has started running, so the beginning of main
is a good place to use it. If you are debugging code that runs before main
(such as C++ global constructors), you may want to set a breakpoint in _start
, the actual entry point of the program.
Once recording is enabled, we run the program until the segmentation fault occurs:
(gdb) continue
Continuing.
warning: Process record ignores the memory change of instruction at
address 0xdd45e1 because it can't get the value of the segment
register. Program received signal SIGSEGV, Segmentation fault.
0x0804847b in main () at test.c:15
(gdb)
After getting a weird warning (which appears to occur inside malloc
), we find that the segmentation fault occurs at the call to printf
. The only memory operation here is dereferencing p
, so we print its value:
(gdb) print p
$1 = (int *) 0x0
(gdb)
p
should not be null! We set it at the beginning with malloc
and never changed its value. We can find out where it was changed by setting a watchpoint and using the reverse-continue
command. This works just like you would hope: the program runs backwards until the point at which p
was changed. Note that we explicitly set a software watchpoint rather than a hardware watchpoint; GDB 7 seems to silently ignore hardware watchpoints when replaying the program.
(gdb) set can-use-hw-watchpoints 0
(gdb) watch p
Watchpoint 2: p
(gdb) reverse-continue
Continuing.
Watchpoint 2: p Old value = (int *) 0x0
New value = (int *) 0x804b008
0x0804842c in initialize (array=0xbffff5c0, size=10) at test.c:6
(gdb)
GDB stops on line 6 in the initialize
function. Upon closer examination of the loop, we notice the off-by-one error in the condition. Since the array we passed to initialize
is adjacent to p
on the stack, we overwrite p
when we write off the end of the array.
This kind of error is an example of a buffer overflow, a common bug in C. More severe versions of this bug can create security vulnerabilities. Overflows are usually quite difficult to track down because a variable like p
could change many times before taking on a "bad" value like it did here. If we had set a watchpoint at the beginning of a more complex program, the debugger might stop hundreds of times before we found something interesting. More generally, we frequently debug by sneaking up on a fault from the front; if we accidentally pass the fault, we usually have to start over. Reverse debugging allows us to approach a fault much more quickly from behind. We just let the program run normally until we reach a point shortly after a fault has occurred (for instance, when the SIGSEGV
signal is received). We then run the program backward until we find what went wrong. The debugger can do pretty much the same things running backward as forward, including setting new watchpoints and breakpoints.
Before we wrap up, here's a quick summary of useful commands for reverse debugging:
record
- enable recording mode. This command must be issued while the program is running, and you can only run the program back to the point where this command was issued. There is a performance penalty.reverse-step, reverse-next, reverse-finish, reverse-continue
- just like the normal versions of the commands, but in the opposite direction.set exec-direction reverse
- switches the program execution direction to reverse. The step, next, finish, continue commands will work in the currect execution direction.set can-use-hw-watchpoints 0
- disables hardware watch points. This is necessary if you want to use watchpoints while running the program in reverse.
Once again, you need GDB 7 in order to use reverse debugging. It is supplied as part of Ubuntu 9.10 (Karmic) and other newer Linux distributions. Since reverse debugging a fairly new feature, it's not as complete as one would hope, so there's an official wish list which contains bugs and feature requests.
Finally, I'd like to reference Sebastien Duquette's tutorial on reverse debugging, which is where I found out that you need to disable hardware watchpoints. If you're interested in how reverse debugging actually works, Michael Snyder (one of the GDB developers responsible for it) has a short post on StackOverflow about it.
Comment by Lakshmy m.a posted on Fri Mar 5 09:24:25 2010
sir, Am a student of model engineering college trikakkara of ernakulam district,kerala,India.we a group of 4 took this rgdb as our mini project.i would like to get some technical support from your side.can you please send me a mail as your respones, sir i couldnt get ur mail id...so that i can mail you we would like to get a tutorial of each reverse commands implementation + its logic we have downloaded the source code of the new version of gdb.7 but we couldnt understand the logic ,since its very lengthy, and we hav a short time to for our mini project section... It will be very helpful if we get the basic idea behind this.
http://www.jayconrod.com/posts/28/tutorial-reverse-debugging-with-gdb-7
Tutorial: Reverse debugging with GDB 7 (转载)的更多相关文章
- GDB 反向调试(Reverse Debugging)
这个挺有意思 http://blog.csdn.net/CherylNatsu/article/details/6436570 使用调试器时最常用的功能就是step, next, continue,这 ...
- Debugging with GDB 用GDB调试多线程程序
Debugging with GDB http://www.delorie.com/gnu/docs/gdb/gdb_25.html GDB调试多线程程序总结 一直对GDB多线程调试接触不多,最近因为 ...
- 【转载】GDB反向调试(Reverse Debugging)
记得刚开始学C语言的时候,用vc的F10来调试程序,经常就是一阵狂按,然后一不小心按过了.结果又得从头再来,那时候我就问我的老师,能不能倒退回去几步.我的老师很遗憾地和我说,不行,开弓没有回头箭.这句 ...
- gdb调试4--回退
加入你正在使用GDB7.0以上版本的调试器并且运行在支持反向调试的平台,你就可以用以下几条命令来调试程序: reverse-continue 反向运行程序知道遇到一个能使程序中断的事件(比如断点,观察 ...
- Debugging Under Unix: gdb Tutorial (https://www.cs.cmu.edu/~gilpin/tutorial/)
//注释掉 #include <iostream.h> //替换为 #include <iostream> using namespace std; Contents Intr ...
- 27 Debugging Go Code with GDB 使用GDB调试go代码
Debugging Go Code with GDB 使用GDB调试go代码 Introduction Common Operations Go Extensions Known Issues Tu ...
- [转]Debugging the Mac OS X kernel with VMware and GDB
Source: http://ho.ax/posts/2012/02/debugging-the-mac-os-x-kernel-with-vmware-and-gdb/ Source: http:/ ...
- 使用gdb调试Python进程
使用gdb调试Python进程 有时我们会想调试一个正在运行的Python进程,或者一个Python进程的coredump.例如现在遇到一个mod_wsgi的进程僵死了,不接受请求,想看看究竟是运行到 ...
- GDB的non-stop模式
线程调试必杀技 - GDB的non-stop模式 作者:破砂锅 开源的GDB被广泛使用在Linux.OSX.Unix和各种嵌入式系统(例如手机),这次它又带给我们一个惊喜. 多线程调试之痛 调试器 ...
随机推荐
- bzoj2621: [Usaco2012 Mar]Cows in a Skyscraper(状压DP)
第一眼是3^n*n的做法...然而并不可行T T 后来发现对于奶牛的一个状态i,最优情况下剩下那个可以装奶牛的电梯剩下的可用重量是一定的,于是我们设f[i]表示奶牛状态为i的最小电梯数,g[i]为奶牛 ...
- c++11变长参数函数模板
By francis_hao Mar 25,2018 一个最简单的实例大概是这个样子: #include <iostream>using namespace std; /*变长参 ...
- 给深度学习入门者的Python快速教程 - 基础篇(转)
原文:https://zhuanlan.zhihu.com/p/24162430 5.1 Python简介 本章将介绍Python的最基本语法,以及一些和深度学习还有计算机视觉最相关的基本使用. 5. ...
- 阿里云对象存储OSS使用 HTTPS
一.前言 阿里云对象存储oss本身也是可以用HTTPS直接访问的,但是它本身的地址是http://***.oss-cn-hangzhou.aliyuncs.com这样的,那么如果我们想使用自己的域名, ...
- [DeeplearningAI笔记]序列模型1.5-1.6不同类型的循环神经网络/语言模型与序列生成
5.1循环序列模型 觉得有用的话,欢迎一起讨论相互学习~Follow Me 1.5不同类型的循环神经网络 上节中介绍的是 具有相同长度输入序列和输出序列的循环神经网络,但是对于很多应用\(T_{x}和 ...
- python---基础知识回顾(四)(模块sys,os,random,hashlib,re,序列化json和pickle,xml,shutil,configparser,logging,datetime和time,其他)
前提:dir,__all__,help,__doc__,__file__ dir:可以用来查看模块中的所有特性(函数,类,变量等) >>> import copy >>& ...
- 根据wsdl的url,使用axis1.4生成客户端,并且对webservice进行调用(转)
根据wsdl的url,使用axis1.4生成客户端,并且对webservice进行调用 axis1.4下载地址 1.到www.apache.org上去下载axis-bin-1_4.zip,如要关联源代 ...
- oracle分析函数 (转)
一.总体介绍 12.1 分析函数如何工作 语法 FUNCTION_NAME(<参数>,…) OVER (<PARTITION BY 表达式,…> <ORDER BY 表达 ...
- VS Code 配置 C/C++ 环境
写作原因 微软的 VSCode 一直以来为人诟病的一个问题就是对于 C/C++ 工程的编译以及调试支持度有限,配置起来比较复杂,但是 vscode-cpptools 团队经过一段时间的 bug 修复之 ...
- SQL Server 2008过期导致MSSQLSERVER服务无法启动现象
SQL Server 2008过期导致MSSQLSERVER服务无法启动现象:安装的是SQL Server 2008评估版,180天的试用期后,MSSQLSERVER服务就无法启动,手动启动就报告17 ...