C代码中经常会有大量的指针在很多不同函数中传来传去,甚至还有强制类型转换,让阅读代码和调试BUG的人苦不堪言。更有甚者将全局变量指针赋值给局部变量,然后再作为参数传出并修改。
这是官网的说明:http://sourceware.org/gdb/current/onlinedocs/gdb/Set-Watchpoints.html#Set-Watchpoints
watch是gdb众多命令中的一个,用来检测变量,当被监测的变量被修改时,会自动中断程序,此时用户就可以看到变量在哪里被修改了。
我们都知道,C中的变量是有生命周期的,很显然,watch只能在变量的生命周期内进行监测,这一点一定要注意。很容易想通,变量存储在内存或者寄存器中,既然还没创建或者已经释放了,还怎么监测呢?
由上可以得出:
1.全局区:全局变量生命周期和整个程序一样,可以在初始化后进行watch;
2.堆区:在被创建和释放前都可以watch;
3.栈区:只能在函数内部watch
理解了上面的3点,就可以开心的使用watch了。
注意事项:watch的断点分为硬断点和软断点,硬断点需要机器硬件支持,不仅速度快,而且断点可以精确到汇编指令级别。
不同于break断点,生命周期结束后,watch断点会自动删除。
开启硬断点的方法:set can-use-hw-watchpoints 1
下面是用来演示的代码,功能很简单,只是一些赋值。
#include
#include
#include
typedef struct INFO
{
int age;
char *name;
}ST_INFO;
//全局区
ST_INFO gInfo;
void set_name()
{
char *name = (char*)malloc(20 * sizeof(char));
strcpy(name, "hey suse");
gInfo.name = name;
}
void set_age()
{
gInfo.age = 22;
}
void motify(ST_INFO *pInfo)
{
pInfo->name = "motify";
pInfo->age = 66;
}
int main()
{
//malloc后存储在堆区
ST_INFO *pInfo = NULL;
//存储在栈区
ST_INFO info;
info.name = "hello";
info.age = 35;
pInfo = (ST_INFO*)malloc(sizeof(ST_INFO));
pInfo->name = "malloc";
pInfo->age = 108;
motify(pInfo);
free(pInfo);
set_age();
set_name();
pInfo = &gInfo;
motify(pInfo);
return 0;
}
设置观测点
(gdb) watch gInfo.name
Hardware watchpoint 1: gInfo.name
可以看到提示是硬断点了
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/luogf/20210815/a.out
Hardware watchpoint 1: gInfo.name
Old value = 0x0
New value = 0x601010 "hey suse"
set_name () at watch.c:17
17 }
(gdb) bt
#0 set_name () at watch.c:17
#1 0x000000000040062f in main () at watch.c:46
运行后程序在修改点停了下来,可以看到修改前的值Old value = 0x0,以及修改后的值New value = 0x601010 "hey suse";在set_name函数里修改了全局的name。
(gdb) c
Continuing.
Hardware watchpoint 1: gInfo.name
Old value = 0x601010 "hey suse"
New value = 0x400751 "motify"
motify (pInfo=0x600aa0) at watch.c:26
26 pInfo->age = 66;
这里将全局的地址赋值给了一个局部变量,然后在motify中修改,试想再多传几次,想要通过看代码去分析,大工程的代码能累死人。。。
(gdb) watch pInfo
No symbol "pInfo" in current context.
直接watch发现不行,因为此时pInfo还没创建呢,你需要先在pInfo创建后再watch才能成功。
(gdb) b 37
Breakpoint 8 at 0x4005df: file watch.c, line 37.
(gdb) r
Starting program: /home/luogf/20210815/a.out
Breakpoint 8, main () at watch.c:37
37 pInfo = (ST_INFO*)malloc(sizeof(ST_INFO));
(gdb) watch pInfo.name
Hardware watchpoint 9: pInfo.name
pInfo没有开辟空间依然可以watch,下面在malloc时停了下来,初始值时0。
(gdb) c
Continuing.
Hardware watchpoint 9: pInfo.name
Old value =
New value = 0x0
main () at watch.c:38
38 pInfo->name = "malloc";
(gdb) i b
Num Type Disp Enb Address What
8 breakpoint keep y 0x00000000004005df in main at watch.c:37
breakpoint already hit 1 time
9 hw watchpoint keep y pInfo.name
breakpoint already hit 1 time
继续运行,修改了两次值,最后通过free释放,值变成了随机。
(gdb) c
Continuing.
Hardware watchpoint 9: pInfo.name
Old value = 0x0
New value = 0x40075e "malloc"
main () at watch.c:39
39 pInfo->age = 108;
(gdb) c
Continuing.
Hardware watchpoint 9: pInfo.name
Old value = 0x40075e "malloc"
New value = 0x400751 "motify"
motify (pInfo=0x601010) at watch.c:26
26 pInfo->age = 66;
(gdb) c
Continuing.
Hardware watchpoint 9: pInfo.name
Old value = 0x400751 "motify"
New value = 0x400700 "H\203\370\377t\031\273\210\b`"
由于将pInfo指向了全局gInfo,这两个已经是一个值了,后面gInfo变化也会触发断点。
(gdb) c
Continuing.
Hardware watchpoint 9: pInfo.name
Old value = 0x400700 "H\203\370\377t\031\273\210\b`"
New value = 0x601010 "hey suse"
main () at watch.c:50
(gdb) p pInfo
$1 = (ST_INFO *) 0x600aa0
(gdb) p &gInfo
$2 = (ST_INFO *) 0x600aa0
(gdb) c
Continuing.
Hardware watchpoint 9: pInfo.name
Old value = 0x601010 "hey suse"
New value = 0x400751 "motify"
motify (pInfo=0x600aa0) at watch.c:26
26 pInfo->age = 66;
(gdb) c
Continuing.
Hardware watchpoint 9: pInfo.name
Old value = 0x601010 "hey suse"
New value = 0x400751 "motify"
motify (pInfo=0x600aa0) at watch.c:26
26 pInfo->age = 66;
(gdb) c
Continuing.
Watchpoint 9 deleted because the program has left the block in
which its expression is valid.
0x00007ffff7a66d20 in __libc_start_main () from /lib64/libc.so.6
(gdb) i b
Num Type Disp Enb Address What
8 breakpoint keep y 0x00000000004005df in main at watch.c:37
breakpoint already hit 1 time
(gdb)
生命周期结束后,watch断点会自动删除
和堆区差不多,不过只能在函数内部查看。
Breakpoint 6, main () at watch.c:31
31 ST_INFO *pInfo = NULL;
(gdb) watch info.name
Hardware watchpoint 9: info.name
(gdb) c
Continuing.
Hardware watchpoint 9: info.name
Old value = 0x400470 "1\355I\211\321^H\211\342H\203\344\360PTI\307\300P\006@"
New value = 0x400758 "hello"