Tutorial: Reverse debugging with GDB 7 (转载)
Tutorial: Reverse debugging with GDB 7
Tutorial: Reverse debugging with GDB 7
by Jay Conrod
posted on 2009-12-01
GDB 7 came out a few weeks ago, and one of the major new features is reverse debugging. This allows you to record the execution of a process, then play it backward and forward. This is incredibly useful for fixing those mysterious bugs that are so common in C/C++ programs.
In this post, I'll give a motivating example of why reverse debugging is so useful, then I'll give a summary of the commands you need to know about. You might also want to look at the official tutorial on the GDB wiki, which is a good reference.
Here's a typical program we might have in C. It's very simple, but it contains a subtle bug that causes it to crash when we run it.
#include <stdio.h>
#include <stdlib.h>
void initialize(int *array, int size) {
for (int i = 0; i <= size; ++i)
array[i] = 0;
}
int main(void) {
int *p = malloc(sizeof(int));
int values[10];
*p = 37;
initialize(values, 10);
printf("*p = %d\n", *p);
free(p);
return 0;
}
This program is compiled with the following command:
gcc -ggdb -std=c99 -O0 test.c -o test
When we run this program from the command line, we get a segmentation fault. What happened? We load it into gdb and enable recording:
(gdb) break main
Breakpoint 1 at 0x8048449: file test.c, line 11.
(gdb) run
Starting program: /home/jay/Code/test/test
Breakpoint 1, main () at test.c:11
(gdb) record
(gdb)
The record command turns on recording. It must be issued after the program has started running, so the beginning of main is a good place to use it. If you are debugging code that runs before main (such as C++ global constructors), you may want to set a breakpoint in _start, the actual entry point of the program.
Once recording is enabled, we run the program until the segmentation fault occurs:
(gdb) continue
Continuing.
warning: Process record ignores the memory change of instruction at
address 0xdd45e1 because it can't get the value of the segment
register.
Program received signal SIGSEGV, Segmentation fault.
0x0804847b in main () at test.c:15
(gdb)
After getting a weird warning (which appears to occur inside malloc), we find that the segmentation fault occurs at the call to printf. The only memory operation here is dereferencing p, so we print its value:
(gdb) print p
$1 = (int *) 0x0
(gdb)
p should not be null! We set it at the beginning with malloc and never changed its value. We can find out where it was changed by setting a watchpoint and using the reverse-continue command. This works just like you would hope: the program runs backwards until the point at which p was changed. Note that we explicitly set a software watchpoint rather than a hardware watchpoint; GDB 7 seems to silently ignore hardware watchpoints when replaying the program.
(gdb) set can-use-hw-watchpoints 0
(gdb) watch p
Watchpoint 2: p
(gdb) reverse-continue
Continuing.
Watchpoint 2: p
Old value = (int *) 0x0
New value = (int *) 0x804b008
0x0804842c in initialize (array=0xbffff5c0, size=10) at test.c:6
(gdb)
GDB stops on line 6 in the initialize function. Upon closer examination of the loop, we notice the off-by-one error in the condition. Since the array we passed to initialize is adjacent to p on the stack, we overwrite p when we write off the end of the array.
This kind of error is an example of a buffer overflow, a common bug in C. More severe versions of this bug can create security vulnerabilities. Overflows are usually quite difficult to track down because a variable like p could change many times before taking on a "bad" value like it did here. If we had set a watchpoint at the beginning of a more complex program, the debugger might stop hundreds of times before we found something interesting. More generally, we frequently debug by sneaking up on a fault from the front; if we accidentally pass the fault, we usually have to start over. Reverse debugging allows us to approach a fault much more quickly from behind. We just let the program run normally until we reach a point shortly after a fault has occurred (for instance, when the SIGSEGV signal is received). We then run the program backward until we find what went wrong. The debugger can do pretty much the same things running backward as forward, including setting new watchpoints and breakpoints.
Before we wrap up, here's a quick summary of useful commands for reverse debugging:
record- enable recording mode. This command must be issued while the program is running, and you can only run the program back to the point where this command was issued. There is a performance penalty.reverse-step, reverse-next, reverse-finish, reverse-continue- just like the normal versions of the commands, but in the opposite direction.set exec-direction reverse- switches the program execution direction to reverse. The step, next, finish, continue commands will work in the currect execution direction.set can-use-hw-watchpoints 0- disables hardware watch points. This is necessary if you want to use watchpoints while running the program in reverse.
Once again, you need GDB 7 in order to use reverse debugging. It is supplied as part of Ubuntu 9.10 (Karmic) and other newer Linux distributions. Since reverse debugging a fairly new feature, it's not as complete as one would hope, so there's an official wish list which contains bugs and feature requests.
Finally, I'd like to reference Sebastien Duquette's tutorial on reverse debugging, which is where I found out that you need to disable hardware watchpoints. If you're interested in how reverse debugging actually works, Michael Snyder (one of the GDB developers responsible for it) has a short post on StackOverflow about it.
Comment by Lakshmy m.a posted on Fri Mar 5 09:24:25 2010
sir, Am a student of model engineering college trikakkara of ernakulam district,kerala,India.we a group of 4 took this rgdb as our mini project.i would like to get some technical support from your side.can you please send me a mail as your respones, sir i couldnt get ur mail id...so that i can mail you we would like to get a tutorial of each reverse commands implementation + its logic we have downloaded the source code of the new version of gdb.7 but we couldnt understand the logic ,since its very lengthy, and we hav a short time to for our mini project section... It will be very helpful if we get the basic idea behind this.
http://www.jayconrod.com/posts/28/tutorial-reverse-debugging-with-gdb-7
2023年1月15日 21:58
Thanks for your type info.. I realy appreciate it.. keep it up. 룸알바
2023年1月20日 04:28
Youre so cool! I dont suppose Ive read anything this way before. So nice to locate somebody by original applying for grants this subject. realy thank you for beginning this up. this web site is one area that is needed over the internet, someone if we do originality. beneficial problem for bringing interesting things towards the internet! 스파사우나공유
======================
Appreciating the time and energy you put into your website and in depth information you provide. It’s awesome to come across a blog every once in a while that isn’t the same out of date rehashed information. Great read! I’ve bookmarked your site and I’m adding your RSS feeds to my Google account. Gold99
2023年1月24日 04:05
we would usually buy our bedroom sets from the local retailer which also offers free delivery. 성기확대수술
2023年1月30日 07:29
I really appreciate this particular blog and exactly how its laid out, thankyou I’ve saved. technology advisor
2023年2月09日 02:17
Very fine write-up. I actually really came across a person’s blog site plus needed so that you can point out this I’ve actually loved browsing a person’s site plus content. Anyhow I’ll often be checking a person’s feast plus I actually hope so that you can examine a person’s site again. Software Contract Lawyer
2023年2月14日 03:00
It’s a shame you don’t have a donate button! I’d without a doubt donate to this brilliant blog! I guess for now i’ll settle for book-marking and adding your RSS feed to my Google account. I look forward to new updates and will talk about this blog with my Facebook group. Talk soon! Room For Rent
=======================
what matters most is the good deeds that we do on our fellow men, it does not matter what religion you have as long as you do good stuffs` 市場推廣
2023年3月11日 04:35
I truly appreciate this post. I have been looking everywhere for this! Thank goodness I found it on Bing. You’ve made my day! Thx again! 메이저바카라
2023年3月16日 23:06
I understand that is truly dull and you’re missing to the next remark, however i simply desired to throw a large many thanks – a person solved some things personally! 온라인카지노
2023年4月07日 07:22
Heya this is a good submit. I’ll electronic mail this kind of in order to my own close friends. My partner and i stumbled on this while looking upon google I will be certain to come back. thanks for revealing. 바카라사이트
2023年4月12日 01:08
Youre so cool! I dont suppose Ive read anything similar to this before. So nice to discover somebody with original ideas on this subject. realy thank you for starting this up. this excellent website is one area that is needed on-line, an individual if we do originality. valuable project for bringing new things towards the internet! 여우알바
2023年4月24日 05:37
This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information. Keep it up. Keep blogging. Looking to reading your next post. Text To Speech Free
2023年4月26日 21:19 Great information, better still to find out your blog that has a great layout. Nicely done auto transport companies
2023年4月28日 04:08
I saw a lot of website but I think this one contains something special in it in it voyance gratuite par telephone