Conveniently, fork will also return the pid of the tracee, which is required for using ptrace later. How do we continue? As one would expect, ptrace has a number of requests that can be used for telling the tracee it's fine to continue:.
We can stop the process with a variety of requests, but how do we get the state of the tracee? The state of a process is mostly captured by its registers, so of course ptrace has a request to get or modify! Modifying the registers isn't always sufficient in a debugger.
A debugger will sometimes need to read some parts of the memory or even modify it. Real-world debuggers also have features like breakpoints and watchpoints. In the next section, I'll dive into the architectural details of debugging support. For the purposes of clarity and conciseness, this article will consider x86 only.
In the previous section, we've seen that ptrace has quite a bit to do with signals: SIGTRAP can be delivered during single-stepping, before execve and before or after system calls. Signals can be generated a number of ways, but we will look at two specific examples that can be used by debuggers to stop a program effectively creating a breakpoint! Undefined instructions: When a process tries to execute an undefined instruction, an exception is raised by the CPU.
What does the command delete without argument do? It deletes all breakpoints It deletes the source code It lists all breakpoints It stops execution. In the Python debugger interface, we can only observe, but not alter the control flow. To make sure we can always exit out of our debugging session, we introduce a quit command that deletes all breakpoints and resumes execution until the observed function finishes.
With this, our command palette is pretty complete, and we can use our debugger to happily inspect Python executions. In the next chapter, we will see how assertions check correctness at runtime.
The command-line interface in this chapter is modeled after GDB, the GNU debugger , whose interface in turn goes back to earlier command-line debuggers such as dbx. All modern debuggers build on the functionality and concepts realized in these debuggers, be it breakpoints, stepping through programs, or inspecting program state. The concept of time travel debugging see the Exercises, below has been invented and reinvented many times.
One of the most impactful tools comes from King et al. Some Python implementations allow to alter the state, by assigning values to frame. Note: As detailed in this blog post , frame. Use the notebook to work on the exercises and see solutions. Extending the Debugger class with extra features and commands is a breeze.
When stopped at a function call, the next command should execute the entire call, stopping when the function returns. In contrast, step stops at the first line of the function called. After entering the up command, explore the source and variables of the calling function rather than the current function. Use up repeatedly to move further up the stack.
If LINE is not given, resume execution until a line greater than the current is reached. This is useful to avoid stepping through multiple loop iterations. Use the code from our EventTracer class in the chapter on Tracing. Keep in mind that some variable names may not exist at all times. Rather than inspecting a function at the moment it executes, you can also record the entire state call stack, local variables, etc.
Your time travel debugger would be invoked as. Start with a subclass of Tracer from the chapter on tracing say, TimeTravelTracer to execute a program while recording all values. Keep in mind that recording even only local variables at each step quickly consumes large amounts of memory. Admittedly, this part didn't cover much - we're still far from having a real debugger in our hands.
However, I hope it has already made the process of debugging at least a little less mysterious. Single-stepping through the code is useful, but only to a certain degree. Take the C "Hello, world! To get to main it would probably take a couple of thousands of instructions of C runtime initialization code to step through. This isn't very convenient. What we'd ideally want to have is the ability to place a breakpoint at the entry to main and step from there.
Fair enough, and in the next part of the series I intend to show how breakpoints are implemented. For comments, please send me an email.
Toggle navigation Eli Bendersky's website. About Archives. In this part I'm going to present the main building block of a debugger's implementation on Linux - the ptrace system call. Motivation To understand where we're going, try to imagine what it takes for a debugger to do its work. Linux debugging - ptrace The Swiss army knife of Linux debuggers is the ptrace system call [2]. Let's dive right in. Stepping through the code of a process I'm now going to develop an example of running a process in "traced" mode in which we're going to single-step through its code - the machine code assembly instructions that's executed by the CPU.
Deep into the instruction stream The assembly-written program allows me to introduce you to another powerful use of ptrace - closely examining the state of the traced process.
Don't read too much into it. Don't use it for anything other than GDB unless know what you are doing. Attaching to a running process As you know, debuggers can also attach to an already-running process. The code The complete C source-code of the simple tracer presented in this article the more advanced, instruction-printing version is available here.
Conclusion and next steps Admittedly, this part didn't cover much - we're still far from having a real debugger in our hands. References I've found the following resources and articles useful in the preparation of this article: Playing with ptrace, Part I How debugger works [1] I didn't check but I'm sure the LOC count of gdb is at least in the six-figures range. On the interactive front, one might use a debugger to set a breakpoint, which stops execution of an application before it reaches a certain point.
At that point, the debugger will stop execution and transfer control back to the user, who can then inspect state using the aforementioned introspection features. We will also ignore many edge cases. You execute a debugging tool on it and receive output describing, among other things, callstacks for every thread and local variable data for each function.
Our second data source, the executable for a process, is also retrieved from procfs. We call open on the executable file itself and parse it to retrieve its debug information.
This changes slightly when a process is linked to shared libraries; each shared object will also have its own debug information. It provides descriptions for each region of memory mapped into the process, such as the address range, permission bits read-write-execute-shared for that range, and, most importantly for a debugger, the file backing the memory region.
This file can be the aforementioned executable file or a shared library object file. The debug information stored in the executable file tells us how to translate raw memory locations into recognizable program objects such as functions, variables, and types. This is what debuggers like gdb use. Debug information includes:. There are other sources of data we use to provide more complete snapshots of a system, but the above two are the most relevant. Before we can extract any data from the process, we need to pause its execution.
There are strategies for minimizing stop duration, but those will be the subject of a future post. It is primarily used to implement breakpoint debugging and system call tracing.
The most important registers in such a set are rip , or instruction pointer , and rsp , or stack pointer. The former is the memory location of the instruction about to be executed on the thread; the latter is the current memory location of the top bottom, really, since the stack typically grows downwards of the stack. We need their register sets to begin determining what the threads are doing.
As mentioned previously, with respect to debugging flow, we really just need the rip and rsp registers from these sets.
0コメント