Debugging with gdb

The gnu Source-Level Debugger

Tenth Edition, for gdb version 7.9.50.20150308-cvs

(GDB)

Richard Stallman, Roland Pesch, Stan Shebs, et al.

 (Send bugs and comments on gdb to http://www.gnu.org/software/gdb/bugs/.)
Debugging with gdb
TEXinfo 2011-02-14.11

Published by the Free Software Foundation

51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
ISBN 978-0-9831592-3-0

Copyright c 1988-2015 Free Software Foundation, Inc.

Permission is granted to copy, distribute and/or modify this document under the terms
of the GNU Free Documentation License, Version 1.3 or any later version published by
the Free Software Foundation; with the Invariant Sections being “Free Software” and “Free
Software Needs Free Documentation”, with the Front-Cover Texts being “A GNU Manual,”
and with the Back-Cover Texts as in (a) below.
(a) The FSF’s Back-Cover Text is: “You are free to copy and modify this GNU Man-
ual. Buying copies from GNU Press supports the FSF in developing GNU and promoting
software freedom.”
 i

Table of Contents

Summary of gdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Free Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Free Software Needs Free Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Contributors to gdb. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1 A Sample gdb Session . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2 Getting In and Out of gdb . . . . . . . . . . . . . . . . . . . 11

2.1 Invoking gdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.1.1 Choosing Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.1.2 Choosing Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.1.3 What gdb Does During Startup . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.2 Quitting gdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.3 Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.4 Logging Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3 gdb Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.1 Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.2 Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.3 Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4 Running Programs Under gdb . . . . . . . . . . . . . . . 25

4.1 Compiling for Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.2 Starting your Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
4.3 Your Program’s Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.4 Your Program’s Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.5 Your Program’s Working Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.6 Your Program’s Input and Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.7 Debugging an Already-running Process . . . . . . . . . . . . . . . . . . . . . . . . 32
4.8 Killing the Child Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.9 Debugging Multiple Inferiors and Programs. . . . . . . . . . . . . . . . . . . . 33
4.10 Debugging Programs with Multiple Threads . . . . . . . . . . . . . . . . . . 36
4.11 Debugging Forks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.12 Setting a Bookmark to Return to Later. . . . . . . . . . . . . . . . . . . . . . . 42
4.12.1 A Non-obvious Benefit of Using Checkpoints . . . . . . . . . . . . . 43
ii Debugging with gdb

5 Stopping and Continuing . . . . . . . . . . . . . . . . . . . . . 45

5.1 Breakpoints, Watchpoints, and Catchpoints . . . . . . . . . . . . . . . . . . . 45
5.1.1 Setting Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
5.1.2 Setting Watchpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
5.1.3 Setting Catchpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
5.1.4 Deleting Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
5.1.5 Disabling Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
5.1.6 Break Conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
5.1.7 Breakpoint Command Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
5.1.8 Dynamic Printf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
5.1.9 How to save breakpoints to a file . . . . . . . . . . . . . . . . . . . . . . . . . 65
5.1.10 Static Probe Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
5.1.11 “Cannot insert breakpoints” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
5.1.12 “Breakpoint address adjusted...” . . . . . . . . . . . . . . . . . . . . . . . . 67
5.2 Continuing and Stepping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
5.3 Skipping Over Functions and Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
5.4 Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
5.5 Stopping and Starting Multi-thread Programs . . . . . . . . . . . . . . . . . 75
5.5.1 All-Stop Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
5.5.2 Non-Stop Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
5.5.3 Background Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
5.5.4 Thread-Specific Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
5.5.5 Interrupted System Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
5.5.6 Observer Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

6 Running programs backward . . . . . . . . . . . . . . . . . 83

7 Recording Inferior’s Execution and Replaying

It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

8 Examining the Stack . . . . . . . . . . . . . . . . . . . . . . . . . . 91

8.1 Stack Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
8.2 Backtraces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
8.3 Management of Frame Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
8.4 Selecting a Frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
8.5 Information About a Frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

9 Examining Source Files . . . . . . . . . . . . . . . . . . . . . . . 99

9.1 Printing Source Lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
9.2 Specifying a Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
9.3 Editing Source Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
9.3.1 Choosing your Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
9.4 Searching Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
9.5 Specifying Source Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
9.6 Source and Machine Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
 iii

10 Examining Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

10.1 Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
10.2 Ambiguous Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
10.3 Program Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
10.4 Artificial Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
10.5 Output Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
10.6 Examining Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
10.7 Automatic Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
10.8 Print Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
10.9 Pretty Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
10.9.1 Pretty-Printer Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
10.9.2 Pretty-Printer Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
10.9.3 Pretty-Printer Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
10.10 Value History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
10.11 Convenience Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
10.12 Convenience Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
10.13 Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
10.14 Floating Point Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
10.15 Vector Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
10.16 Operating System Auxiliary Information . . . . . . . . . . . . . . . . . . . 139
10.17 Memory Region Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
10.17.1 Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
10.17.1.1 Memory Access Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
10.17.1.2 Memory Access Size. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
10.17.1.3 Data Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
10.17.2 Memory Access Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
10.18 Copy Between Memory and a File . . . . . . . . . . . . . . . . . . . . . . . . . 143
10.19 How to Produce a Core File from Your Program . . . . . . . . . . . 144
10.20 Character Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
10.21 Caching Data of Targets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
10.22 Search Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

11 Debugging Optimized Code . . . . . . . . . . . . . . . . 151

11.1 Inline Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
11.2 Tail Call Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

12 C Preprocessor Macros . . . . . . . . . . . . . . . . . . . . . 155

iv Debugging with gdb

13 Tracepoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
13.1 Commands to Set Tracepoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
13.1.1 Create and Delete Tracepoints . . . . . . . . . . . . . . . . . . . . . . . . . 160
13.1.2 Enable and Disable Tracepoints . . . . . . . . . . . . . . . . . . . . . . . . 162
13.1.3 Tracepoint Passcounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
13.1.4 Tracepoint Conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
13.1.5 Trace State Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
13.1.6 Tracepoint Action Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
13.1.7 Listing Tracepoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
13.1.8 Listing Static Tracepoint Markers . . . . . . . . . . . . . . . . . . . . . . 167
13.1.9 Starting and Stopping Trace Experiments . . . . . . . . . . . . . . 168
13.1.10 Tracepoint Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
13.2 Using the Collected Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
13.2.1 tfind n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
13.2.2 tdump. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
13.2.3 save tracepoints filename . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
13.3 Convenience Variables for Tracepoints . . . . . . . . . . . . . . . . . . . . . . . 174
13.4 Using Trace Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

14 Debugging Programs That Use Overlays

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
14.1 How Overlays Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
14.2 Overlay Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
14.3 Automatic Overlay Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
14.4 Overlay Sample Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

15 Using gdb with Different Languages . . . . . . 183

15.1 Switching Between Source Languages . . . . . . . . . . . . . . . . . . . . . . . 183
15.1.1 List of Filename Extensions and Languages . . . . . . . . . . . . . 183
15.1.2 Setting the Working Language . . . . . . . . . . . . . . . . . . . . . . . . . 184
15.1.3 Having gdb Infer the Source Language . . . . . . . . . . . . . . . . . 184
15.2 Displaying the Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
15.3 Type and Range Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
15.3.1 An Overview of Type Checking . . . . . . . . . . . . . . . . . . . . . . . . 185
15.3.2 An Overview of Range Checking . . . . . . . . . . . . . . . . . . . . . . . 186
15.4 Supported Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
15.4.1 C and C++ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
15.4.1.1 C and C++ Operators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
15.4.1.2 C and C++ Constants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
15.4.1.3 C++ Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
15.4.1.4 C and C++ Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
15.4.1.5 C and C++ Type and Range Checks . . . . . . . . . . . . . . . 191
15.4.1.6 gdb and C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
15.4.1.7 gdb Features for C++ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
15.4.1.8 Decimal Floating Point format . . . . . . . . . . . . . . . . . . . . 193
15.4.2 D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
15.4.3 Go. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
 v

15.4.4 Objective-C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

15.4.4.1 Method Names in Commands . . . . . . . . . . . . . . . . . . . . . 194
15.4.4.2 The Print Command With Objective-C . . . . . . . . . . . . 194
15.4.5 OpenCL C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
15.4.5.1 OpenCL C Datatypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
15.4.5.2 OpenCL C Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
15.4.5.3 OpenCL C Operators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
15.4.6 Fortran . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
15.4.6.1 Fortran Operators and Expressions . . . . . . . . . . . . . . . . 195
15.4.6.2 Fortran Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
15.4.6.3 Special Fortran Commands . . . . . . . . . . . . . . . . . . . . . . . . 196
15.4.7 Pascal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
15.4.8 Modula-2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
15.4.8.1 Operators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
15.4.8.2 Built-in Functions and Procedures . . . . . . . . . . . . . . . . . 197
15.4.8.3 Constants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
15.4.8.4 Modula-2 Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
15.4.8.5 Modula-2 Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
15.4.8.6 Deviations from Standard Modula-2 . . . . . . . . . . . . . . . 201
15.4.8.7 Modula-2 Type and Range Checks. . . . . . . . . . . . . . . . . 201
15.4.8.8 The Scope Operators :: and . . . . . . . . . . . . . . . . . . . . . 201
15.4.8.9 gdb and Modula-2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
15.4.9 Ada . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
15.4.9.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
15.4.9.2 Omissions from Ada . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
15.4.9.3 Additions to Ada . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
15.4.9.4 Stopping at the Very Beginning . . . . . . . . . . . . . . . . . . . 205
15.4.9.5 Ada Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
15.4.9.6 Extensions for Ada Tasks . . . . . . . . . . . . . . . . . . . . . . . . . 206
15.4.9.7 Tasking Support when Debugging Core Files . . . . . . 209
15.4.9.8 Tasking Support when using the Ravenscar Profile
........................................................ 209
15.4.9.9 Known Peculiarities of Ada Mode . . . . . . . . . . . . . . . . . 210
15.5 Unsupported Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

16 Examining the Symbol Table . . . . . . . . . . . . . . 213

17 Altering Execution. . . . . . . . . . . . . . . . . . . . . . . . . . 221

17.1 Assignment to Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
17.2 Continuing at a Different Address . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
17.3 Giving your Program a Signal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
17.4 Returning from a Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
17.5 Calling Program Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
17.6 Patching Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
17.7 Compiling and injecting code in gdb . . . . . . . . . . . . . . . . . . . . . . . . 226
17.7.1 Caveats when using the compile command . . . . . . . . . . . . . 227
vi Debugging with gdb

18 gdb Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

18.1 Commands to Specify Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
18.2 Debugging Information in Separate Files . . . . . . . . . . . . . . . . . . . . 239
18.3 Debugging information in a special section . . . . . . . . . . . . . . . . . . 243
18.4 Index Files Speed Up gdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
18.5 Errors Reading Symbol Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
18.6 GDB Data Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

19 Specifying a Debugging Target . . . . . . . . . . . . 247

19.1 Active Targets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
19.2 Commands for Managing Targets . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
19.3 Choosing Target Byte Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

20 Debugging Remote Programs . . . . . . . . . . . . . . 251

20.1 Connecting to a Remote Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
20.2 Sending files to a remote system . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
20.3 Using the gdbserver Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
20.3.1 Running gdbserver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
20.3.1.1 Attaching to a Running Program . . . . . . . . . . . . . . . . . . 254
20.3.1.2 Multi-Process Mode for gdbserver . . . . . . . . . . . . . . . . 254
20.3.1.3 TCP port allocation lifecycle of gdbserver . . . . . . . . 255
20.3.1.4 Other Command-Line Arguments for gdbserver . . . 255
20.3.2 Connecting to gdbserver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
20.3.3 Monitor Commands for gdbserver . . . . . . . . . . . . . . . . . . . . . 256
20.3.4 Tracepoints support in gdbserver . . . . . . . . . . . . . . . . . . . . . . 257
20.4 Remote Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
20.5 Implementing a Remote Stub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
20.5.1 What the Stub Can Do for You . . . . . . . . . . . . . . . . . . . . . . . . 264
20.5.2 What You Must Do for the Stub . . . . . . . . . . . . . . . . . . . . . . . 265
20.5.3 Putting it All Together. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

21 Configuration-Specific Information . . . . . . . . 269

21.1 Native . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
21.1.1 HP-UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
21.1.2 BSD libkvm Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
21.1.3 SVR4 Process Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
21.1.4 Features for Debugging djgpp Programs . . . . . . . . . . . . . . . 271
21.1.5 Features for Debugging MS Windows PE Executables . . 273
21.1.5.1 Support for DLLs without Debugging Symbols. . . . . 275
21.1.5.2 DLL Name Prefixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
21.1.5.3 Working with Minimal Symbols . . . . . . . . . . . . . . . . . . . 275
21.1.6 Commands Specific to gnu Hurd Systems . . . . . . . . . . . . . . 276
21.1.7 Darwin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
21.2 Embedded Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
21.3 Embedded Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
21.3.1 ARM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
21.3.2 Renesas M32R/D and M32R/SDI . . . . . . . . . . . . . . . . . . . . . . 282
 vii

21.3.3 M68k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

21.3.4 MicroBlaze . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
21.3.5 MIPS Embedded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
21.3.6 PowerPC Embedded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
21.3.7 HP PA Embedded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
21.3.8 Tsqware Sparclet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
21.3.8.1 Setting File to Debug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
21.3.8.2 Connecting to Sparclet . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
21.3.8.3 Sparclet Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
21.3.8.4 Running and Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
21.3.9 Fujitsu Sparclite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
21.3.10 Zilog Z8000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
21.3.11 Atmel AVR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
21.3.12 CRIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
21.3.13 Renesas Super-H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
21.4 Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
21.4.1 AArch64 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
21.4.2 x86 Architecture-specific Issues . . . . . . . . . . . . . . . . . . . . . . . . . 290
21.4.2.1 Intel(R) Memory Protection Extensions (MPX). . . . 291
21.4.3 Alpha. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
21.4.4 MIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
21.4.5 HPPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
21.4.6 Cell Broadband Engine SPU architecture . . . . . . . . . . . . . . . 293
21.4.7 PowerPC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
21.4.8 Nios II . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

22 Controlling gdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

22.1 Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
22.2 Command Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
22.3 Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
22.4 Screen Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
22.5 Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
22.6 Configuring the Current ABI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
22.7 Automatically loading associated files . . . . . . . . . . . . . . . . . . . . . . . 300
22.7.1 Automatically loading init file in the current directory . . 302
22.7.2 Automatically loading thread debugging library . . . . . . . . 302
22.7.3 Security restriction for auto-loading . . . . . . . . . . . . . . . . . . . . 302
22.7.4 Displaying files tried for auto-load . . . . . . . . . . . . . . . . . . . . . . 304
22.8 Optional Warnings and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
22.9 Optional Messages about Internal Happenings . . . . . . . . . . . . . . . 306
22.10 Other Miscellaneous Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
viii Debugging with gdb

23 Extending gdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

23.1 Canned Sequences of Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
23.1.1 User-defined Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
23.1.2 User-defined Command Hooks. . . . . . . . . . . . . . . . . . . . . . . . . . 313
23.1.3 Command Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
23.1.4 Commands for Controlled Output . . . . . . . . . . . . . . . . . . . . . . 315
23.1.5 Controlling auto-loading native gdb scripts . . . . . . . . . . . . . 317
23.2 Extending gdb using Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
23.2.1 Python Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
23.2.2 Python API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
23.2.2.1 Basic Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
23.2.2.2 Exception Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
23.2.2.3 Values From Inferior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
23.2.2.4 Types In Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
23.2.2.5 Pretty Printing API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
23.2.2.6 Selecting Pretty-Printers . . . . . . . . . . . . . . . . . . . . . . . . . . 333
23.2.2.7 Writing a Pretty-Printer . . . . . . . . . . . . . . . . . . . . . . . . . . 334
23.2.2.8 Type Printing API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
23.2.2.9 Filtering Frames. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
23.2.2.10 Decorating Frames. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
23.2.2.11 Writing a Frame Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
23.2.2.12 Xmethods In Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
23.2.2.13 Xmethod API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
23.2.2.14 Writing an Xmethod . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
23.2.2.15 Inferiors In Python. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
23.2.2.16 Events In Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
23.2.2.17 Threads In Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
23.2.2.18 Commands In Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
23.2.2.19 Parameters In Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
23.2.2.20 Writing new convenience functions . . . . . . . . . . . . . . . 361
23.2.2.21 Program Spaces In Python . . . . . . . . . . . . . . . . . . . . . . . 362
23.2.2.22 Objfiles In Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
23.2.2.23 Accessing inferior stack frames from Python. . . . . . 365
23.2.2.24 Accessing blocks from Python. . . . . . . . . . . . . . . . . . . . 368
23.2.2.25 Python representation of Symbols. . . . . . . . . . . . . . . . 370
23.2.2.26 Symbol table representation in Python. . . . . . . . . . . . 373
23.2.2.27 Manipulating line tables using Python . . . . . . . . . . . . 375
23.2.2.28 Manipulating breakpoints using Python . . . . . . . . . . 376
23.2.2.29 Finish Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
23.2.2.30 Python representation of lazy strings. . . . . . . . . . . . . 379
23.2.2.31 Python representation of architectures . . . . . . . . . . . . 380
23.2.3 Python Auto-loading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
23.2.4 Python modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
23.2.4.1 gdb.printing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
23.2.4.2 gdb.types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
23.2.4.3 gdb.prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
23.3 Extending gdb using Guile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
23.3.1 Guile Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
 ix

23.3.2 Guile Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

23.3.3 Guile API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
23.3.3.1 Basic Guile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
23.3.3.2 Guile Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
23.3.3.3 GDB Scheme Data Types . . . . . . . . . . . . . . . . . . . . . . . . . 388
23.3.3.4 Guile Exception Handling . . . . . . . . . . . . . . . . . . . . . . . . . 389
23.3.3.5 Values From Inferior In Guile . . . . . . . . . . . . . . . . . . . . . 391
23.3.3.6 Arithmetic In Guile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
23.3.3.7 Types In Guile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
23.3.3.8 Guile Pretty Printing API . . . . . . . . . . . . . . . . . . . . . . . . . 401
23.3.3.9 Selecting Guile Pretty-Printers . . . . . . . . . . . . . . . . . . . . 403
23.3.3.10 Writing a Guile Pretty-Printer . . . . . . . . . . . . . . . . . . . 404
23.3.3.11 Commands In Guile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
23.3.3.12 Parameters In Guile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
23.3.3.13 Program Spaces In Guile . . . . . . . . . . . . . . . . . . . . . . . . . 412
23.3.3.14 Objfiles In Guile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
23.3.3.15 Accessing inferior stack frames from Guile. . . . . . . . 414
23.3.3.16 Accessing blocks from Guile. . . . . . . . . . . . . . . . . . . . . . 417
23.3.3.17 Guile representation of Symbols. . . . . . . . . . . . . . . . . . 418
23.3.3.18 Symbol table representation in Guile. . . . . . . . . . . . . . 422
23.3.3.19 Manipulating breakpoints using Guile . . . . . . . . . . . . 423
23.3.3.20 Guile representation of lazy strings. . . . . . . . . . . . . . . 426
23.3.3.21 Guile representation of architectures . . . . . . . . . . . . . . 427
23.3.3.22 Disassembly In Guile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
23.3.3.23 I/O Ports in Guile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
23.3.3.24 Memory Ports in Guile . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
23.3.3.25 Iterators In Guile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
23.3.4 Guile Auto-loading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
23.3.5 Guile Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
23.3.5.1 Guile Printing Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
23.3.5.2 Guile Types Module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
23.4 Auto-loading extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
23.4.1 The ‘objfile-gdb.ext’ file . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
23.4.2 The .debug_gdb_scripts section . . . . . . . . . . . . . . . . . . . . . . 436
23.4.2.1 Script File Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
23.4.2.2 Script Text Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
23.4.3 Which flavor to choose? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
23.5 Multiple Extension Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
23.5.1 Python comes first . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
23.6 Creating new spellings of existing commands . . . . . . . . . . . . . . . . 438

24 Command Interpreters . . . . . . . . . . . . . . . . . . . . . 441

x Debugging with gdb

25 gdb Text User Interface . . . . . . . . . . . . . . . . . . . . 443

25.1 TUI Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
25.2 TUI Key Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
25.3 TUI Single Key Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
25.4 TUI-specific Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
25.5 TUI Configuration Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

26 Using gdb under gnu Emacs . . . . . . . . . . . . . . . 449

27 The gdb/mi Interface . . . . . . . . . . . . . . . . . . . . . . . 451

Function and Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
Notation and Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
27.3 gdb/mi General Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
27.3.1 Context management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
27.3.1.1 Threads and Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
27.3.1.2 Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
27.3.2 Asynchronous command execution and non-stop mode . . 453
27.3.3 Thread groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
27.4 gdb/mi Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
27.4.1 gdb/mi Input Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
27.4.2 gdb/mi Output Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
27.5 gdb/mi Compatibility with CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
27.6 gdb/mi Development and Front Ends . . . . . . . . . . . . . . . . . . . . . . . 457
27.7 gdb/mi Output Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
27.7.1 gdb/mi Result Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
27.7.2 gdb/mi Stream Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
27.7.3 gdb/mi Async Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
27.7.4 gdb/mi Breakpoint Information . . . . . . . . . . . . . . . . . . . . . . . . 462
27.7.5 gdb/mi Frame Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
27.7.6 gdb/mi Thread Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
27.7.7 gdb/mi Ada Exception Information . . . . . . . . . . . . . . . . . . . . 465
27.8 Simple Examples of gdb/mi Interaction . . . . . . . . . . . . . . . . . . . . . 465
27.9 gdb/mi Command Description Format . . . . . . . . . . . . . . . . . . . . . . 466
27.10 gdb/mi Breakpoint Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
27.11 gdb/mi Catchpoint Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
27.11.1 Shared Library gdb/mi Catchpoints . . . . . . . . . . . . . . . . . . 476
27.11.2 Ada Exception gdb/mi Catchpoints . . . . . . . . . . . . . . . . . . . 477
27.12 gdb/mi Program Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
27.13 gdb/mi Thread Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
27.14 gdb/mi Ada Tasking Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 483
27.15 gdb/mi Program Execution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
27.16 gdb/mi Stack Manipulation Commands . . . . . . . . . . . . . . . . . . . . 490
27.17 gdb/mi Variable Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
27.18 gdb/mi Data Manipulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
27.19 gdb/mi Tracepoint Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
27.20 gdb/mi Symbol Query Commands . . . . . . . . . . . . . . . . . . . . . . . . . 520
27.21 gdb/mi File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
 xi

27.22 gdb/mi Target Manipulation Commands. . . . . . . . . . . . . . . . . . . 522

27.23 gdb/mi File Transfer Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 526
27.24 Ada Exceptions gdb/mi Commands . . . . . . . . . . . . . . . . . . . . . . . 527
27.25 gdb/mi Support Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
27.26 Miscellaneous gdb/mi Commands . . . . . . . . . . . . . . . . . . . . . . . . . 529

28 gdb Annotations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537

28.1 What is an Annotation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
28.2 The Server Prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538
28.3 Annotation for gdb Input. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538
28.4 Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539
28.5 Invalidation Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539
28.6 Running the Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539
28.7 Displaying Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540

29 JIT Compilation Interface . . . . . . . . . . . . . . . . . 541

29.1 JIT Declarations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
29.2 Registering Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
29.3 Unregistering Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
29.4 Custom Debug Info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
29.4.1 Using JIT Debug Info Readers . . . . . . . . . . . . . . . . . . . . . . . . . 543
29.4.2 Writing JIT Debug Info Readers . . . . . . . . . . . . . . . . . . . . . . . 543

30 In-Process Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . 545

30.1 In-Process Agent Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
30.1.1 IPA Protocol Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
30.1.2 IPA Protocol Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547

31 Reporting Bugs in gdb . . . . . . . . . . . . . . . . . . . . . 549

31.1 Have You Found a Bug? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549
31.2 How to Report Bugs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549

32 Command Line Editing. . . . . . . . . . . . . . . . . . . . . 553

32.1 Introduction to Line Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
32.2 Readline Interaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
32.2.1 Readline Bare Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
32.2.2 Readline Movement Commands . . . . . . . . . . . . . . . . . . . . . . . . 554
32.2.3 Readline Killing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554
32.2.4 Readline Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
32.2.5 Searching for Commands in the History . . . . . . . . . . . . . . . . 555
32.3 Readline Init File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
32.3.1 Readline Init File Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
32.3.2 Conditional Init Constructs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
32.3.3 Sample Init File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
32.4 Bindable Readline Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566
32.4.1 Commands For Moving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566
xii Debugging with gdb

32.4.2 Commands For Manipulating The History . . . . . . . . . . . . . . 566

32.4.3 Commands For Changing Text . . . . . . . . . . . . . . . . . . . . . . . . . 568
32.4.4 Killing And Yanking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
32.4.5 Specifying Numeric Arguments . . . . . . . . . . . . . . . . . . . . . . . . . 570
32.4.6 Letting Readline Type For You. . . . . . . . . . . . . . . . . . . . . . . . . 570
32.4.7 Keyboard Macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
32.4.8 Some Miscellaneous Commands . . . . . . . . . . . . . . . . . . . . . . . . 571
32.5 Readline vi Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573

33 Using History Interactively . . . . . . . . . . . . . . . . 575

33.1 History Expansion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575
33.1.1 Event Designators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575
33.1.2 Word Designators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
33.1.3 Modifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576

Appendix A In Memoriam . . . . . . . . . . . . . . . . . . . . 579

Appendix B Formatting Documentation . . . . . 581

Appendix C Installing gdb . . . . . . . . . . . . . . . . . . . . 583

C.1 Requirements for Building gdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
C.2 Invoking the gdb ‘configure’ Script . . . . . . . . . . . . . . . . . . . . . . . . 584
C.3 Compiling gdb in Another Directory . . . . . . . . . . . . . . . . . . . . . . . . 585
C.4 Specifying Names for Hosts and Targets . . . . . . . . . . . . . . . . . . . . . 586
C.5 ‘configure’ Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587
C.6 System-wide configuration and settings . . . . . . . . . . . . . . . . . . . . . . 588
C.6.1 Installed System-wide Configuration Scripts . . . . . . . . . . . . . 588

Appendix D Maintenance Commands. . . . . . . . 589

Appendix E gdb Remote Serial Protocol . . . . 597

E.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597
E.2 Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
E.3 Stop Reply Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608
E.4 General Query Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611
E.5 Architecture-Specific Protocol Details . . . . . . . . . . . . . . . . . . . . . . . . 631
E.5.1 ARM-specific Protocol Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
E.5.1.1 ARM Breakpoint Kinds . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
E.5.2 MIPS-specific Protocol Details . . . . . . . . . . . . . . . . . . . . . . . . . . 631
E.5.2.1 MIPS Register Packet Format . . . . . . . . . . . . . . . . . . . . . . 631
E.5.2.2 MIPS Breakpoint Kinds . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
E.6 Tracepoint Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
E.6.1 Relocate instruction reply packet. . . . . . . . . . . . . . . . . . . . . . . . 638
E.7 Host I/O Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638
E.8 Interrupts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640
E.9 Notification Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
 xiii

E.10 Remote Protocol Support for Non-Stop Mode . . . . . . . . . . . . . . . 642

E.11 Packet Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643
E.12 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
E.13 File-I/O Remote Protocol Extension . . . . . . . . . . . . . . . . . . . . . . . . 644
E.13.1 File-I/O Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
E.13.2 Protocol Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
E.13.3 The F Request Packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646
E.13.4 The F Reply Packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646
E.13.5 The ‘Ctrl-C’ Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646
E.13.6 Console I/O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
E.13.7 List of Supported Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
open . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
close . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
read . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649
write . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649
lseek . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649
rename . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 650
unlink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 650
stat/fstat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651
gettimeofday . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651
isatty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652
system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652
E.13.8 Protocol-specific Representation of Datatypes . . . . . . . . . . 653
Integral Datatypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 653
Pointer Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 653
Memory Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 653
struct stat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 653
struct timeval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654
E.13.9 Constants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654
Open Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654
mode t Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654
Errno Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 655
Lseek Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 655
Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 655
E.13.10 File-I/O Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 655
E.14 Library List Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 656
E.15 Library List Format for SVR4 Targets . . . . . . . . . . . . . . . . . . . . . . 657
E.16 Memory Map Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 658
E.17 Thread List Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
E.18 Traceframe Info Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
E.19 Branch Trace Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
E.20 Branch Trace Configuration Format . . . . . . . . . . . . . . . . . . . . . . . . 660
xiv Debugging with gdb

Appendix F The GDB Agent Expression

Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663
F.1 General Bytecode Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663
F.2 Bytecode Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665
F.3 Using Agent Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 670
F.4 Varying Target Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671
F.5 Rationale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671

Appendix G Target Descriptions . . . . . . . . . . . . . 675

G.1 Retrieving Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675
G.2 Target Description Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675
G.2.1 Inclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676
G.2.2 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676
G.2.3 OS ABI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
G.2.4 Compatible Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
G.2.5 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
G.2.6 Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
G.2.7 Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678
G.3 Predefined Target Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679
G.4 Standard Target Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680
G.4.1 AArch64 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680
G.4.2 ARM Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680
G.4.3 i386 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681
G.4.4 MicroBlaze Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 682
G.4.5 MIPS Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 682
G.4.6 M68K Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 682
G.4.7 Nios II Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 682
G.4.8 PowerPC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 682
G.4.9 S/390 and System z Features . . . . . . . . . . . . . . . . . . . . . . . . . . . 683
G.4.10 TMS320C6x Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683

Appendix H Operating System Information

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685
H.1 Process list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685

Appendix I Trace File Format . . . . . . . . . . . . . . . 687

Appendix J .gdb_index section format. . . . . . . 689

Appendix K Manual pages . . . . . . . . . . . . . . . . . . . . 693

Appendix L GNU GENERAL PUBLIC

LICENSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699
 xv

Appendix M GNU Free Documentation License

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711

Concept Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719

Command, Variable, and Function Index . . . . . . 733

Summary of gdb 1

Summary of gdb
The purpose of a debugger such as gdb is to allow you to see what is going on “inside”
another program while it executes—or what another program was doing at the moment it
crashed.
gdb can do four main kinds of things (plus other things in support of these) to help you
catch bugs in the act:
• Start your program, specifying anything that might affect its behavior.
• Make your program stop on specified conditions.
• Examine what has happened, when your program has stopped.
• Change things in your program, so you can experiment with correcting the effects of
one bug and go on to learn about another.
You can use gdb to debug programs written in C and C++. For more information, see
Section 15.4 [Supported Languages], page 187. For more information, see Section 15.4.1 [C
and C++], page 187.
Support for D is partial. For information on D, see Section 15.4.2 [D], page 193.
Support for Modula-2 is partial. For information on Modula-2, see Section 15.4.8
[Modula-2], page 196.
Support for OpenCL C is partial. For information on OpenCL C, see Section 15.4.5
[OpenCL C], page 195.
Debugging Pascal programs which use sets, subranges, file variables, or nested functions
does not currently work. gdb does not support entering expressions, printing values, or
similar features using Pascal syntax.
gdb can be used to debug programs written in Fortran, although it may be necessary
to refer to some variables with a trailing underscore.
gdb can be used to debug programs written in Objective-C, using either the Ap-
ple/NeXT or the GNU Objective-C runtime.

Free Software
gdb is free software, protected by the gnu General Public License (GPL). The GPL gives
you the freedom to copy or adapt a licensed program—but every person getting a copy also
gets with it the freedom to modify that copy (which means that they must get access to the
source code), and the freedom to distribute further copies. Typical software companies use
copyrights to limit your freedoms; the Free Software Foundation uses the GPL to preserve
these freedoms.
Fundamentally, the General Public License is a license which says that you have these
freedoms and that you cannot take these freedoms away from anyone else.

Free Software Needs Free Documentation

The biggest deficiency in the free software community today is not in the software—it is the
lack of good free documentation that we can include with the free software. Many of our
most important programs do not come with free reference manuals and free introductory
2 Debugging with gdb

texts. Documentation is an essential part of any software package; when an important free
software package does not come with a free manual and a free tutorial, that is a major gap.
We have many such gaps today.
Consider Perl, for instance. The tutorial manuals that people normally use are non-free.
How did this come about? Because the authors of those manuals published them with
restrictive terms—no copying, no modification, source files not available—which exclude
them from the free software world.
That wasn’t the first time this sort of thing happened, and it was far from the last.
Many times we have heard a GNU user eagerly describe a manual that he is writing, his
intended contribution to the community, only to learn that he had ruined everything by
signing a publication contract to make it non-free.
Free documentation, like free software, is a matter of freedom, not price. The problem
with the non-free manual is not that publishers charge a price for printed copies—that in
itself is fine. (The Free Software Foundation sells printed copies of manuals, too.) The
problem is the restrictions on the use of the manual. Free manuals are available in source
code form, and give you permission to copy and modify. Non-free manuals do not allow
this.
The criteria of freedom for a free manual are roughly the same as for free software.
Redistribution (including the normal kinds of commercial redistribution) must be permitted,
so that the manual can accompany every copy of the program, both on-line and on paper.
Permission for modification of the technical content is crucial too. When people mod-
ify the software, adding or changing features, if they are conscientious they will change
the manual too—so they can provide accurate and clear documentation for the modified
program. A manual that leaves you no choice but to write a new manual to document a
changed version of the program is not really available to our community.
Some kinds of limits on the way modification is handled are acceptable. For example,
requirements to preserve the original author’s copyright notice, the distribution terms, or
the list of authors, are ok. It is also no problem to require modified versions to include
notice that they were modified. Even entire sections that may not be deleted or changed
are acceptable, as long as they deal with nontechnical topics (like this one). These kinds of
restrictions are acceptable because they don’t obstruct the community’s normal use of the
manual.
However, it must be possible to modify all the technical content of the manual, and then
distribute the result in all the usual media, through all the usual channels. Otherwise, the
restrictions obstruct the use of the manual, it is not free, and we need another manual to
replace it.
Please spread the word about this issue. Our community continues to lose manuals
to proprietary publishing. If we spread the word that free software needs free reference
manuals and free tutorials, perhaps the next person who wants to contribute by writing
documentation will realize, before it is too late, that only free manuals contribute to the
free software community.
If you are writing documentation, please insist on publishing it under the GNU Free
Documentation License or another free documentation license. Remember that this deci-
sion requires your approval—you don’t have to let the publisher decide. Some commercial
publishers will use a free license if you insist, but they will not propose the option; it is up
Summary of gdb 3

to you to raise the issue and say firmly that this is what you want. If the publisher you
are dealing with refuses, please try other publishers. If you’re not sure whether a proposed
license is free, write to [email protected].
You can encourage commercial publishers to sell more free, copylefted manuals and
tutorials by buying them, and particularly by buying copies from the publishers that paid
for their writing or for major improvements. Meanwhile, try to avoid buying non-free
documentation at all. Check the distribution terms of a manual before you buy it, and
insist that whoever seeks your business must respect your freedom. Check the history of
the book, and try to reward the publishers that have paid or pay the authors to work on it.
The Free Software Foundation maintains a list of free documentation published by other
publishers, at http://www.fsf.org/doc/other-free-books.html.

Contributors to gdb
Richard Stallman was the original author of gdb, and of many other gnu programs. Many
others have contributed to its development. This section attempts to credit major contrib-
utors. One of the virtues of free software is that everyone is free to contribute to it; with
regret, we cannot actually acknowledge everyone here. The file ‘ChangeLog’ in the gdb
distribution approximates a blow-by-blow account.
Changes much prior to version 2.0 are lost in the mists of time.
Plea: Additions to this section are particularly welcome. If you or your friends
(or enemies, to be evenhanded) have been unfairly omitted from this list, we
would like to add your names!
So that they may not regard their many labors as thankless, we particularly thank those
who shepherded gdb through major releases: Andrew Cagney (releases 6.3, 6.2, 6.1, 6.0,
5.3, 5.2, 5.1 and 5.0); Jim Blandy (release 4.18); Jason Molenda (release 4.17); Stan Shebs
(release 4.14); Fred Fish (releases 4.16, 4.15, 4.13, 4.12, 4.11, 4.10, and 4.9); Stu Grossman
and John Gilmore (releases 4.8, 4.7, 4.6, 4.5, and 4.4); John Gilmore (releases 4.3, 4.2, 4.1,
4.0, and 3.9); Jim Kingdon (releases 3.5, 3.4, and 3.3); and Randy Smith (releases 3.2, 3.1,
and 3.0).
Richard Stallman, assisted at various times by Peter TerMaat, Chris Hanson, and
Richard Mlynarik, handled releases through 2.8.
Michael Tiemann is the author of most of the gnu C++ support in gdb, with significant
additional contributions from Per Bothner and Daniel Berlin. James Clark wrote the gnu
C++ demangler. Early work on C++ was by Peter TerMaat (who also did much general
update work leading to release 3.0).
gdb uses the BFD subroutine library to examine multiple object-file formats; BFD was
a joint project of David V. Henkel-Wallace, Rich Pixley, Steve Chamberlain, and John
Gilmore.
David Johnson wrote the original COFF support; Pace Willison did the original support
for encapsulated COFF.
Brent Benson of Harris Computer Systems contributed DWARF 2 support.
Adam de Boor and Bradley Davis contributed the ISI Optimum V support. Per Bothner,
Noboyuki Hikichi, and Alessandro Forin contributed MIPS support. Jean-Daniel Fekete
contributed Sun 386i support. Chris Hanson improved the HP9000 support. Noboyuki
4 Debugging with gdb

Hikichi and Tomoyuki Hasei contributed Sony/News OS 3 support. David Johnson con-
tributed Encore Umax support. Jyrki Kuoppala contributed Altos 3068 support. Jeff
Law contributed HP PA and SOM support. Keith Packard contributed NS32K support.
Doug Rabson contributed Acorn Risc Machine support. Bob Rusk contributed Harris
Nighthawk CX-UX support. Chris Smith contributed Convex support (and Fortran de-
bugging). Jonathan Stone contributed Pyramid support. Michael Tiemann contributed
SPARC support. Tim Tucker contributed support for the Gould NP1 and Gould Powern-
ode. Pace Willison contributed Intel 386 support. Jay Vosburgh contributed Symmetry
support. Marko Mlinar contributed OpenRISC 1000 support.
Andreas Schwab contributed M68K gnu/Linux support.
Rich Schaefer and Peter Schauer helped with support of SunOS shared libraries.
Jay Fenlason and Roland McGrath ensured that gdb and GAS agree about several
machine instruction sets.
Patrick Duval, Ted Goldstein, Vikram Koka and Glenn Engel helped develop remote
debugging. Intel Corporation, Wind River Systems, AMD, and ARM contributed remote
debugging modules for the i960, VxWorks, A29K UDI, and RDI targets, respectively.
Brian Fox is the author of the readline libraries providing command-line editing and
command history.
Andrew Beers of SUNY Buffalo wrote the language-switching code, the Modula-2 sup-
port, and contributed the Languages chapter of this manual.
Fred Fish wrote most of the support for Unix System Vr4. He also enhanced the
command-completion support to cover C++ overloaded symbols.
Hitachi America (now Renesas America), Ltd. sponsored the support for H8/300,
H8/500, and Super-H processors.
NEC sponsored the support for the v850, Vr4xxx, and Vr5xxx processors.
Mitsubishi (now Renesas) sponsored the support for D10V, D30V, and M32R/D proces-
sors.
Toshiba sponsored the support for the TX39 Mips processor.
Matsushita sponsored the support for the MN10200 and MN10300 processors.
Fujitsu sponsored the support for SPARClite and FR30 processors.
Kung Hsu, Jeff Law, and Rick Sladkey added support for hardware watchpoints.
Michael Snyder added support for tracepoints.
Stu Grossman wrote gdbserver.
Jim Kingdon, Peter Schauer, Ian Taylor, and Stu Grossman made nearly innumerable
bug fixes and cleanups throughout gdb.
The following people at the Hewlett-Packard Company contributed support for the PA-
RISC 2.0 architecture, HP-UX 10.20, 10.30, and 11.0 (narrow mode), HP’s implementation
of kernel threads, HP’s aC++ compiler, and the Text User Interface (nee Terminal User
Interface): Ben Krepp, Richard Title, John Bishop, Susan Macchia, Kathy Mann, Satish
Pai, India Paul, Steve Rehrauer, and Elena Zannoni. Kim Haase provided HP-specific
information in this manual.
DJ Delorie ported gdb to MS-DOS, for the DJGPP project. Robert Hoehne made
significant contributions to the DJGPP port.
Summary of gdb 5

Cygnus Solutions has sponsored gdb maintenance and much of its development since
1991. Cygnus engineers who have worked on gdb fulltime include Mark Alexander, Jim
Blandy, Per Bothner, Kevin Buettner, Edith Epstein, Chris Faylor, Fred Fish, Martin
Hunt, Jim Ingham, John Gilmore, Stu Grossman, Kung Hsu, Jim Kingdon, John Metzler,
Fernando Nasser, Geoffrey Noer, Dawn Perchik, Rich Pixley, Zdenek Radouch, Keith Seitz,
Stan Shebs, David Taylor, and Elena Zannoni. In addition, Dave Brolley, Ian Carmichael,
Steve Chamberlain, Nick Clifton, JT Conklin, Stan Cox, DJ Delorie, Ulrich Drepper, Frank
Eigler, Doug Evans, Sean Fagan, David Henkel-Wallace, Richard Henderson, Jeff Holcomb,
Jeff Law, Jim Lemke, Tom Lord, Bob Manson, Michael Meissner, Jason Merrill, Catherine
Moore, Drew Moseley, Ken Raeburn, Gavin Romig-Koch, Rob Savoye, Jamie Smith, Mike
Stump, Ian Taylor, Angela Thomas, Michael Tiemann, Tom Tromey, Ron Unrau, Jim
Wilson, and David Zuhn have made contributions both large and small.
Andrew Cagney, Fernando Nasser, and Elena Zannoni, while working for Cygnus Solu-
tions, implemented the original gdb/mi interface.
Jim Blandy added support for preprocessor macros, while working for Red Hat.
Andrew Cagney designed gdb’s architecture vector. Many people including Andrew
Cagney, Stephane Carrez, Randolph Chung, Nick Duffek, Richard Henderson, Mark Ket-
tenis, Grace Sainsbury, Kei Sakamoto, Yoshinori Sato, Michael Snyder, Andreas Schwab,
Jason Thorpe, Corinna Vinschen, Ulrich Weigand, and Elena Zannoni, helped with the
migration of old architectures to this new framework.
Andrew Cagney completely re-designed and re-implemented gdb’s unwinder framework,
this consisting of a fresh new design featuring frame IDs, independent frame sniffers, and
the sentinel frame. Mark Kettenis implemented the dwarf 2 unwinder, Jeff Johnston the
libunwind unwinder, and Andrew Cagney the dummy, sentinel, tramp, and trad unwinders.
The architecture-specific changes, each involving a complete rewrite of the architecture’s
frame code, were carried out by Jim Blandy, Joel Brobecker, Kevin Buettner, Andrew
Cagney, Stephane Carrez, Randolph Chung, Orjan Friberg, Richard Henderson, Daniel
Jacobowitz, Jeff Johnston, Mark Kettenis, Theodore A. Roth, Kei Sakamoto, Yoshinori
Sato, Michael Snyder, Corinna Vinschen, and Ulrich Weigand.
Christian Zankel, Ross Morley, Bob Wilson, and Maxim Grigoriev from Tensilica, Inc.
contributed support for Xtensa processors. Others who have worked on the Xtensa port of
gdb in the past include Steve Tjiang, John Newlin, and Scott Foehner.
Michael Eager and staff of Xilinx, Inc., contributed support for the Xilinx MicroBlaze
architecture.
Chapter 1: A Sample gdb Session 7

1 A Sample gdb Session

You can use this manual at your leisure to read all about gdb. However, a handful of
commands are enough to get started using the debugger. This chapter illustrates those
commands.
In this sample session, we emphasize user input like this: input, to make it easier to pick
out from the surrounding output.
One of the preliminary versions of gnu m4 (a generic macro processor) exhibits the
following bug: sometimes, when we change its quote strings from the default, the commands
used to capture one macro definition within another stop working. In the following short m4
session, we define a macro foo which expands to 0000; we then use the m4 built-in defn to
define bar as the same thing. However, when we change the open quote string to <QUOTE>
and the close quote string to <UNQUOTE>, the same procedure fails to define a new synonym
baz:
$ cd gnu/m4
$ ./m4
define(foo,0000)

foo
0000
define(bar,defn(‘foo’))

bar
0000
changequote(<QUOTE>,<UNQUOTE>)

define(baz,defn(<QUOTE>foo<UNQUOTE>))
baz
Ctrl-d
m4: End of input: 0: fatal error: EOF in string
Let us use gdb to try to see what is going on.
$ gdb m4
gdb is free software and you are welcome to distribute copies
of it under certain conditions; type "show copying" to see
the conditions.
There is absolutely no warranty for gdb; type "show warranty"
for details.

gdb 7.9.50.20150308-cvs, Copyright 1999 Free Software Foundation, Inc...

(gdb)
gdb reads only enough symbol data to know where to find the rest when needed; as a result,
the first prompt comes up very quickly. We now tell gdb to use a narrower display width
than usual, so that examples fit in this manual.
(gdb) set width 70
We need to see how the m4 built-in changequote works. Having looked at the source, we
know the relevant subroutine is m4_changequote, so we set a breakpoint there with the
gdb break command.
(gdb) break m4 changequote
Breakpoint 1 at 0x62f4: file builtin.c, line 879.
Using the run command, we start m4 running under gdb control; as long as control does
not reach the m4_changequote subroutine, the program runs as usual:
8 Debugging with gdb

(gdb) run
Starting program: /work/Editorial/gdb/gnu/m4/m4
define(foo,0000)

foo
0000
To trigger the breakpoint, we call changequote. gdb suspends execution of m4, displaying
information about the context where it stops.
changequote(<QUOTE>,<UNQUOTE>)

Breakpoint 1, m4_changequote (argc=3, argv=0x33c70)

at builtin.c:879
879 if (bad_argc(TOKEN_DATA_TEXT(argv[0]),argc,1,3))
Now we use the command n (next) to advance execution to the next line of the current
function.
(gdb) n
882 set_quotes((argc >= 2) ? TOKEN_DATA_TEXT(argv[1])\
: nil,
set_quotes looks like a promising subroutine. We can go into it by using the command s
(step) instead of next. step goes to the next line to be executed in any subroutine, so it
steps into set_quotes.
(gdb) s
set_quotes (lq=0x34c78 "<QUOTE>", rq=0x34c88 "<UNQUOTE>")
at input.c:530
530 if (lquote != def_lquote)
The display that shows the subroutine where m4 is now suspended (and its arguments) is
called a stack frame display. It shows a summary of the stack. We can use the backtrace
command (which can also be spelled bt), to see where we are in the stack as a whole: the
backtrace command displays a stack frame for each active subroutine.
(gdb) bt
#0 set_quotes (lq=0x34c78 "<QUOTE>", rq=0x34c88 "<UNQUOTE>")
at input.c:530
#1 0x6344 in m4_changequote (argc=3, argv=0x33c70)
at builtin.c:882
#2 0x8174 in expand_macro (sym=0x33320) at macro.c:242
#3 0x7a88 in expand_token (obs=0x0, t=209696, td=0xf7fffa30)
at macro.c:71
#4 0x79dc in expand_input () at macro.c:40
#5 0x2930 in main (argc=0, argv=0xf7fffb20) at m4.c:195
We step through a few more lines to see what happens. The first two times, we can use ‘s’;
the next two times we use n to avoid falling into the xstrdup subroutine.
(gdb) s
0x3b5c 532 if (rquote != def_rquote)
(gdb) s
0x3b80 535 lquote = (lq == nil || *lq == ’\0’) ? \
def_lquote : xstrdup(lq);
(gdb) n
536 rquote = (rq == nil || *rq == ’\0’) ? def_rquote\
: xstrdup(rq);
(gdb) n
538 len_lquote = strlen(rquote);
Chapter 1: A Sample gdb Session 9

The last line displayed looks a little odd; we can examine the variables lquote and rquote
to see if they are in fact the new left and right quotes we specified. We use the command
p (print) to see their values.
(gdb) p lquote
$1 = 0x35d40 "<QUOTE>"
(gdb) p rquote
$2 = 0x35d50 "<UNQUOTE>"

lquote and rquote are indeed the new left and right quotes. To look at some context, we
can display ten lines of source surrounding the current line with the l (list) command.
(gdb) l
533 xfree(rquote);
534
535 lquote = (lq == nil || *lq == ’\0’) ? def_lquote\
: xstrdup (lq);
536 rquote = (rq == nil || *rq == ’\0’) ? def_rquote\
: xstrdup (rq);
537
538 len_lquote = strlen(rquote);
539 len_rquote = strlen(lquote);
540 }
541
542 void

Let us step past the two lines that set len_lquote and len_rquote, and then examine the
values of those variables.
(gdb) n
539 len_rquote = strlen(lquote);
(gdb) n
540 }
(gdb) p len lquote
$3 = 9
(gdb) p len rquote
$4 = 7

That certainly looks wrong, assuming len_lquote and len_rquote are meant to be the
lengths of lquote and rquote respectively. We can set them to better values using the p
command, since it can print the value of any expression—and that expression can include
subroutine calls and assignments.
(gdb) p len lquote=strlen(lquote)
$5 = 7
(gdb) p len rquote=strlen(rquote)
$6 = 9

Is that enough to fix the problem of using the new quotes with the m4 built-in defn? We can
allow m4 to continue executing with the c (continue) command, and then try the example
that caused trouble initially:
(gdb) c
Continuing.

define(baz,defn(<QUOTE>foo<UNQUOTE>))

baz
0000
10 Debugging with gdb

Success! The new quotes now work just as well as the default ones. The problem seems to
have been just the two typos defining the wrong lengths. We allow m4 exit by giving it an
EOF as input:
Ctrl-d
Program exited normally.
The message ‘Program exited normally.’ is from gdb; it indicates m4 has finished execut-
ing. We can end our gdb session with the gdb quit command.
(gdb) quit
Chapter 2: Getting In and Out of gdb 11

2 Getting In and Out of gdb

This chapter discusses how to start gdb, and how to get out of it. The essentials are:
• type ‘gdb’ to start gdb.
• type quit or Ctrl-d to exit.

2.1 Invoking gdb

Invoke gdb by running the program gdb. Once started, gdb reads commands from the
terminal until you tell it to exit.
You can also run gdb with a variety of arguments and options, to specify more of your
debugging environment at the outset.
The command-line options described here are designed to cover a variety of situations;
in some environments, some of these options may effectively be unavailable.
The most usual way to start gdb is with one argument, specifying an executable program:
gdb program
You can also start with both an executable program and a core file specified:
gdb program core
You can, instead, specify a process ID as a second argument, if you want to debug a
running process:
gdb program 1234
would attach gdb to process 1234 (unless you also have a file named ‘1234’; gdb does check
for a core file first).
Taking advantage of the second command-line argument requires a fairly complete op-
erating system; when you use gdb as a remote debugger attached to a bare board, there
may not be any notion of “process”, and there is often no way to get a core dump. gdb
will warn you if it is unable to attach or to read core dumps.
You can optionally have gdb pass any arguments after the executable file to the inferior
using --args. This option stops option processing.
gdb --args gcc -O2 -c foo.c
This will cause gdb to debug gcc, and to set gcc’s command-line arguments (see
Section 4.3 [Arguments], page 30) to ‘-O2 -c foo.c’.
You can run gdb without printing the front material, which describes gdb’s
non-warranty, by specifying --silent (or -q/--quiet):
gdb --silent
You can further control how gdb starts up by using command-line options. gdb itself can
remind you of the options available.
Type
gdb -help
to display all available options and briefly describe their use (‘gdb -h’ is a shorter equiva-
lent).
All options and command line arguments you give are processed in sequential order. The
order makes a difference when the ‘-x’ option is used.
12 Debugging with gdb

2.1.1 Choosing Files

When gdb starts, it reads any arguments other than options as specifying an executable
file and core file (or process ID). This is the same as if the arguments were specified by the
‘-se’ and ‘-c’ (or ‘-p’) options respectively. (gdb reads the first argument that does not
have an associated option flag as equivalent to the ‘-se’ option followed by that argument;
and the second argument that does not have an associated option flag, if any, as equivalent
to the ‘-c’/‘-p’ option followed by that argument.) If the second argument begins with a
decimal digit, gdb will first attempt to attach to it as a process, and if that fails, attempt
to open it as a corefile. If you have a corefile whose name begins with a digit, you can
prevent gdb from treating it as a pid by prefixing it with ‘./’, e.g. ‘./12345’.
If gdb has not been configured to included core file support, such as for most embedded
targets, then it will complain about a second argument and ignore it.
Many options have both long and short forms; both are shown in the following list. gdb
also recognizes the long forms if you truncate them, so long as enough of the option is
present to be unambiguous. (If you prefer, you can flag option arguments with ‘--’ rather
than ‘-’, though we illustrate the more usual convention.)
-symbols file
-s file Read symbol table from file file.
-exec file
-e file Use file file as the executable file to execute when appropriate, and for examining
pure data in conjunction with a core dump.
-se file Read symbol table from file file and use it as the executable file.
-core file
-c file Use file file as a core dump to examine.
-pid number
-p number Connect to process ID number, as with the attach command.
-command file
-x file Execute commands from file file. The contents of this file is evaluated exactly
as the source command would. See Section 23.1.3 [Command files], page 314.
-eval-command command
-ex command
Execute a single gdb command.
This option may be used multiple times to call multiple commands. It may also
be interleaved with ‘-command’ as required.
gdb -ex ’target sim’ -ex ’load’ \
-x setbreakpoints -ex ’run’ a.out

-init-command file
-ix file Execute commands from file file before loading the inferior (but after loading
gdbinit files). See Section 2.1.3 [Startup], page 16.
-init-eval-command command
-iex command
Execute a single gdb command before loading the inferior (but after loading
gdbinit files). See Section 2.1.3 [Startup], page 16.
Chapter 2: Getting In and Out of gdb 13

-directory directory
-d directory
Add directory to the path to search for source and script files.
-r
-readnow Read each symbol file’s entire symbol table immediately, rather than the default,
which is to read it incrementally as it is needed. This makes startup slower,
but makes future operations faster.

2.1.2 Choosing Modes

You can run gdb in various alternative modes—for example, in batch mode or quiet mode.
-nx
-n Do not execute commands found in any initialization file. There are three init
files, loaded in the following order:
‘system.gdbinit’
This is the system-wide init file. Its location is specified with the -
-with-system-gdbinit configure option (see Section C.6 [System-
wide configuration], page 588). It is loaded first when gdb starts,
before command line options have been processed.
‘~/.gdbinit’
This is the init file in your home directory. It is loaded next, after
‘system.gdbinit’, and before command options have been pro-
cessed.
‘./.gdbinit’
This is the init file in the current directory. It is loaded last, af-
ter command line options other than -x and -ex have been pro-
cessed. Command line options -x and -ex are processed last, after
‘./.gdbinit’ has been loaded.
For further documentation on startup processing, See Section 2.1.3 [Startup],
page 16. For documentation on how to write command files, See Section 23.1.3
[Command Files], page 314.
-nh Do not execute commands found in ‘~/.gdbinit’, the init file in your home
directory. See Section 2.1.3 [Startup], page 16.
-quiet
-silent
-q “Quiet”. Do not print the introductory and copyright messages. These mes-
sages are also suppressed in batch mode.
-batch Run in batch mode. Exit with status 0 after processing all the command files
specified with ‘-x’ (and all commands from initialization files, if not inhibited
with ‘-n’). Exit with nonzero status if an error occurs in executing the gdb
commands in the command files. Batch mode also disables pagination, sets un-
limited terminal width and height see Section 22.4 [Screen Size], page 297, and
acts as if set confirm off were in effect (see Section 22.8 [Messages/Warnings],
page 305).
14 Debugging with gdb

Batch mode may be useful for running gdb as a filter, for example to download
and run a program on another computer; in order to make this more useful, the
message
Program exited normally.
(which is ordinarily issued whenever a program running under gdb control
terminates) is not issued when running in batch mode.
-batch-silent
Run in batch mode exactly like ‘-batch’, but totally silently. All gdb output to
stdout is prevented (stderr is unaffected). This is much quieter than ‘-silent’
and would be useless for an interactive session.
This is particularly useful when using targets that give ‘Loading section’ mes-
sages, for example.
Note that targets that give their output via gdb, as opposed to writing directly
to stdout, will also be made silent.
-return-child-result
The return code from gdb will be the return code from the child process (the
process being debugged), with the following exceptions:
• gdb exits abnormally. E.g., due to an incorrect argument or an internal
error. In this case the exit code is the same as it would have been without
‘-return-child-result’.
• The user quits with an explicit value. E.g., ‘quit 1’.
• The child process never runs, or is not allowed to terminate, in which case
the exit code will be -1.
This option is useful in conjunction with ‘-batch’ or ‘-batch-silent’, when
gdb is being used as a remote program loader or simulator interface.
-nowindows
-nw “No windows”. If gdb comes with a graphical user interface (GUI) built in,
then this option tells gdb to only use the command-line interface. If no GUI is
available, this option has no effect.
-windows
-w If gdb includes a GUI, then this option requires it to be used if possible.
-cd directory
Run gdb using directory as its working directory, instead of the current direc-
tory.
-data-directory directory
-D directory
Run gdb using directory as its data directory. The data directory is where gdb
searches for its auxiliary files. See Section 18.6 [Data Files], page 245.
-fullname
-f gnu Emacs sets this option when it runs gdb as a subprocess. It tells gdb to
output the full file name and line number in a standard, recognizable fashion
each time a stack frame is displayed (which includes each time your program
Chapter 2: Getting In and Out of gdb 15

stops). This recognizable format looks like two ‘\032’ characters, followed by
the file name, line number and character position separated by colons, and a
newline. The Emacs-to-gdb interface program uses the two ‘\032’ characters
as a signal to display the source code for the frame.
-annotate level
This option sets the annotation level inside gdb. Its effect is identical to using
‘set annotate level’ (see Chapter 28 [Annotations], page 537). The annota-
tion level controls how much information gdb prints together with its prompt,
values of expressions, source lines, and other types of output. Level 0 is the
normal, level 1 is for use when gdb is run as a subprocess of gnu Emacs, level
3 is the maximum annotation suitable for programs that control gdb, and level
2 has been deprecated.
The annotation mechanism has largely been superseded by gdb/mi (see
Chapter 27 [GDB/MI], page 451).
--args Change interpretation of command line so that arguments following the exe-
cutable file are passed as command line arguments to the inferior. This option
stops option processing.
-baud bps
-b bps Set the line speed (baud rate or bits per second) of any serial interface used by
gdb for remote debugging.
-l timeout
Set the timeout (in seconds) of any communication used by gdb for remote
debugging.
-tty device
-t device Run using device for your program’s standard input and output.
-tui Activate the Text User Interface when starting. The Text User Interface man-
ages several text windows on the terminal, showing source, assembly, regis-
ters and gdb command outputs (see Chapter 25 [gdb Text User Interface],
page 443). Do not use this option if you run gdb from Emacs (see Chapter 26
[Using gdb under gnu Emacs], page 449).
-interpreter interp
Use the interpreter interp for interface with the controlling program or device.
This option is meant to be set by programs which communicate with gdb using
it as a back end. See Chapter 24 [Command Interpreters], page 441.
‘--interpreter=mi’ (or ‘--interpreter=mi2’) causes gdb to use the gdb/mi
interface (see Chapter 27 [The gdb/mi Interface], page 451) included since gdb
version 6.0. The previous gdb/mi interface, included in gdb version 5.3 and
selected with ‘--interpreter=mi1’, is deprecated. Earlier gdb/mi interfaces
are no longer supported.
-write Open the executable and core files for both reading and writing. This is equiv-
alent to the ‘set write on’ command inside gdb (see Section 17.6 [Patching],
page 226).
16 Debugging with gdb

-statistics
This option causes gdb to print statistics about time and memory usage after
it completes each command and returns to the prompt.
-version This option causes gdb to print its version number and no-warranty blurb, and
exit.
-configuration
This option causes gdb to print details about its build-time configuration pa-
rameters, and then exit. These details can be important when reporting gdb
bugs (see Chapter 31 [GDB Bugs], page 549).

2.1.3 What gdb Does During Startup

Here’s the description of what gdb does during session startup:
1. Sets up the command interpreter as specified by the command line (see Section 2.1.2
[Mode Options], page 13).
2. Reads the system-wide init file (if ‘--with-system-gdbinit’ was used when building
gdb; see Section C.6 [System-wide configuration and settings], page 588) and executes
all the commands in that file.
3. Reads the init file (if any) in your home directory1 and executes all the commands in
that file.
4. Executes commands and command files specified by the ‘-iex’ and ‘-ix’ options in
their specified order. Usually you should use the ‘-ex’ and ‘-x’ options instead, but
this way you can apply settings before gdb init files get executed and before inferior
gets loaded.
5. Processes command line options and operands.
6. Reads and executes the commands from init file (if any) in the current working directory
as long as ‘set auto-load local-gdbinit’ is set to ‘on’ (see Section 22.7.1 [Init File in
the Current Directory], page 302). This is only done if the current directory is different
from your home directory. Thus, you can have more than one init file, one generic in
your home directory, and another, specific to the program you are debugging, in the
directory where you invoke gdb.
7. If the command line specified a program to debug, or a process to attach to, or a core
file, gdb loads any auto-loaded scripts provided for the program or for its loaded shared
libraries. See Section 22.7 [Auto-loading], page 300.
If you wish to disable the auto-loading during startup, you must do something like the
following:
$ gdb -iex "set auto-load python-scripts off" myprogram
Option ‘-ex’ does not work because the auto-loading is then turned off too late.
8. Executes commands and command files specified by the ‘-ex’ and ‘-x’ options in their
specified order. See Section 23.1.3 [Command Files], page 314, for more details about
gdb command files.
9. Reads the command history recorded in the history file. See Section 22.3 [Command
History], page 296, for more details about the command history and the files where
gdb records it.
1
On DOS/Windows systems, the home directory is the one pointed to by the HOME environment variable.
Chapter 2: Getting In and Out of gdb 17

Init files use the same syntax as command files (see Section 23.1.3 [Command Files],
page 314) and are processed by gdb in the same way. The init file in your home directory
can set options (such as ‘set complaints’) that affect subsequent processing of command
line options and operands. Init files are not executed if you use the ‘-nx’ option (see
Section 2.1.2 [Choosing Modes], page 13).
To display the list of init files loaded by gdb at startup, you can use gdb --help.
The gdb init files are normally called ‘.gdbinit’. The DJGPP port of gdb uses the
name ‘gdb.ini’, due to the limitations of file names imposed by DOS filesystems. The
Windows port of gdb uses the standard name, but if it finds a ‘gdb.ini’ file in your home
directory, it warns you about that and suggests to rename the file to the standard name.

2.2 Quitting gdb

quit [expression]
q To exit gdb, use the quit command (abbreviated q), or type an end-of-file
character (usually Ctrl-d). If you do not supply expression, gdb will terminate
normally; otherwise it will terminate using the result of expression as the error
code.

An interrupt (often Ctrl-c) does not exit from gdb, but rather terminates the action
of any gdb command that is in progress and returns to gdb command level. It is safe to
type the interrupt character at any time because gdb does not allow it to take effect until
a time when it is safe.
If you have been using gdb to control an attached process or device, you can release
it with the detach command (see Section 4.7 [Debugging an Already-running Process],
page 32).

2.3 Shell Commands

If you need to execute occasional shell commands during your debugging session, there is
no need to leave or suspend gdb; you can just use the shell command.

shell command-string
!command-string
Invoke a standard shell to execute command-string. Note that no space is
needed between ! and command-string. If it exists, the environment variable
SHELL determines which shell to run. Otherwise gdb uses the default shell
(‘/bin/sh’ on Unix systems, ‘COMMAND.COM’ on MS-DOS, etc.).

The utility make is often needed in development environments. You do not have to use
the shell command for this purpose in gdb:

make make-args
Execute the make program with the specified arguments. This is equivalent to
‘shell make make-args’.
18 Debugging with gdb

2.4 Logging Output

You may want to save the output of gdb commands to a file. There are several commands
to control gdb’s logging.
set logging on
Enable logging.
set logging off
Disable logging.
set logging file file
Change the name of the current logfile. The default logfile is ‘gdb.txt’.
set logging overwrite [on|off]
By default, gdb will append to the logfile. Set overwrite if you want set
logging on to overwrite the logfile instead.
set logging redirect [on|off]
By default, gdb output will go to both the terminal and the logfile. Set
redirect if you want output to go only to the log file.
show logging
Show the current values of the logging settings.
Chapter 3: gdb Commands 19

3 gdb Commands
You can abbreviate a gdb command to the first few letters of the command name, if that
abbreviation is unambiguous; and you can repeat certain gdb commands by typing just
RET. You can also use the TAB key to get gdb to fill out the rest of a word in a command
(or to show you the alternatives available, if there is more than one possibility).

3.1 Command Syntax

A gdb command is a single line of input. There is no limit on how long it can be. It
starts with a command name, which is followed by arguments whose meaning depends on
the command name. For example, the command step accepts an argument which is the
number of times to step, as in ‘step 5’. You can also use the step command with no
arguments. Some commands do not allow any arguments.
gdb command names may always be truncated if that abbreviation is unambiguous.
Other possible command abbreviations are listed in the documentation for individual com-
mands. In some cases, even ambiguous abbreviations are allowed; for example, s is specially
defined as equivalent to step even though there are other commands whose names start
with s. You can test abbreviations by using them as arguments to the help command.
A blank line as input to gdb (typing just RET) means to repeat the previous command.
Certain commands (for example, run) will not repeat this way; these are commands whose
unintentional repetition might cause trouble and which you are unlikely to want to repeat.
User-defined commands can disable this feature; see Section 23.1.1 [Define], page 311.
The list and x commands, when you repeat them with RET, construct new arguments
rather than repeating exactly as typed. This permits easy scanning of source or memory.
gdb can also use RET in another way: to partition lengthy output, in a way similar to
the common utility more (see Section 22.4 [Screen Size], page 297). Since it is easy to press
one RET too many in this situation, gdb disables command repetition after any command
that generates this sort of display.
Any text from a # to the end of the line is a comment; it does nothing. This is useful
mainly in command files (see Section 23.1.3 [Command Files], page 314).
The Ctrl-o binding is useful for repeating a complex sequence of commands. This
command accepts the current line, like RET, and then fetches the next line relative to the
current line from the history for editing.

3.2 Command Completion

gdb can fill in the rest of a word in a command for you, if there is only one possibility;
it can also show you what the valid possibilities are for the next word in a command, at
any time. This works for gdb commands, gdb subcommands, and the names of symbols
in your program.
Press the TAB key whenever you want gdb to fill out the rest of a word. If there is only
one possibility, gdb fills in the word, and waits for you to finish the command (or press RET
to enter it). For example, if you type
(gdb) info bre TAB
gdb fills in the rest of the word ‘breakpoints’, since that is the only info subcommand
beginning with ‘bre’:
20 Debugging with gdb

(gdb) info breakpoints

You can either press RET at this point, to run the info breakpoints command, or backspace
and enter something else, if ‘breakpoints’ does not look like the command you expected. (If
you were sure you wanted info breakpoints in the first place, you might as well just type
RET immediately after ‘info bre’, to exploit command abbreviations rather than command
completion).
If there is more than one possibility for the next word when you press TAB, gdb sounds a
bell. You can either supply more characters and try again, or just press TAB a second time;
gdb displays all the possible completions for that word. For example, you might want to
set a breakpoint on a subroutine whose name begins with ‘make_’, but when you type b
make_TAB gdb just sounds the bell. Typing TAB again displays all the function names in
your program that begin with those characters, for example:
(gdb) b make_ TAB
gdb sounds bell; press TAB again, to see:
make_a_section_from_file make_environ
make_abs_section make_function_type
make_blockvector make_pointer_type
make_cleanup make_reference_type
make_command make_symbol_completion_list
(gdb) b make_
After displaying the available possibilities, gdb copies your partial input (‘b make_’ in the
example) so you can finish the command.
If you just want to see the list of alternatives in the first place, you can press M-? rather
than pressing TAB twice. M-? means META ?. You can type this either by holding down a
key designated as the META shift on your keyboard (if there is one) while typing ?, or as ESC
followed by ?.
If the number of possible completions is large, gdb will print as much of the list as it
has collected, as well as a message indicating that the list may be truncated.
(gdb) b mTABTAB
main
<... the rest of the possible completions ...>
*** List may be truncated, max-completions reached. ***
(gdb) b m
This behavior can be controlled with the following commands:
set max-completions limit
set max-completions unlimited
Set the maximum number of completion candidates. gdb will stop looking for
more completions once it collects this many candidates. This is useful when
completing on things like function names as collecting all the possible candidates
can be time consuming. The default value is 200. A value of zero disables tab-
completion. Note that setting either no limit or a very large limit can make
completion slow.
show max-completions
Show the maximum number of candidates that gdb will collect and show during
completion.
Sometimes the string you need, while logically a “word”, may contain parentheses or
other characters that gdb normally excludes from its notion of a word. To permit word
Chapter 3: gdb Commands 21

completion to work in this situation, you may enclose words in ’ (single quote marks) in
gdb commands.
The most likely situation where you might need this is in typing the name of a C++
function. This is because C++ allows function overloading (multiple definitions of the same
function, distinguished by argument type). For example, when you want to set a breakpoint
you may need to distinguish whether you mean the version of name that takes an int
parameter, name(int), or the version that takes a float parameter, name(float). To use
the word-completion facilities in this situation, type a single quote ’ at the beginning of the
function name. This alerts gdb that it may need to consider more information than usual
when you press TAB or M-? to request word completion:
(gdb) b ’bubble( M-?
bubble(double,double) bubble(int,int)
(gdb) b ’bubble(
In some cases, gdb can tell that completing a name requires using quotes. When this
happens, gdb inserts the quote for you (while completing as much as it can) if you do not
type the quote in the first place:
(gdb) b bub TAB
gdb alters your input line to the following, and rings a bell:
(gdb) b ’bubble(
In general, gdb can tell that a quote is needed (and inserts it) if you have not yet started
typing the argument list when you ask for completion on an overloaded symbol.
For more information about overloaded functions, see Section 15.4.1.3 [C++ Expressions],
page 190. You can use the command set overload-resolution off to disable overload
resolution; see Section 15.4.1.7 [gdb Features for C++], page 191.
When completing in an expression which looks up a field in a structure, gdb also tries1
to limit completions to the field names available in the type of the left-hand-side:
(gdb) p gdb_stdout.M-?
magic to_fputs to_rewind
to_data to_isatty to_write
to_delete to_put to_write_async_safe
to_flush to_read
This is because the gdb_stdout is a variable of the type struct ui_file that is defined in
gdb sources as follows:
struct ui_file
{
int *magic;
ui_file_flush_ftype *to_flush;
ui_file_write_ftype *to_write;
ui_file_write_async_safe_ftype *to_write_async_safe;
ui_file_fputs_ftype *to_fputs;
ui_file_read_ftype *to_read;
ui_file_delete_ftype *to_delete;
ui_file_isatty_ftype *to_isatty;
ui_file_rewind_ftype *to_rewind;
ui_file_put_ftype *to_put;
void *to_data;
}

1
The completer can be confused by certain kinds of invalid expressions. Also, it only examines the static
type of the expression, not the dynamic type.
22 Debugging with gdb

3.3 Getting Help

You can always ask gdb itself for information on its commands, using the command help.

help
h You can use help (abbreviated h) with no arguments to display a short list of
named classes of commands:
(gdb) help
List of classes of commands:

aliases -- Aliases of other commands

breakpoints -- Making program stop at certain points
data -- Examining data
files -- Specifying and examining files
internals -- Maintenance commands
obscure -- Obscure features
running -- Running the program
stack -- Examining the stack
status -- Status inquiries
support -- Support facilities
tracepoints -- Tracing of program execution without
stopping the program
user-defined -- User-defined commands

Type "help" followed by a class name for a list of

commands in that class.
Type "help" followed by command name for full
documentation.
Command name abbreviations are allowed if unambiguous.
(gdb)

help class
Using one of the general help classes as an argument, you can get a list of the
individual commands in that class. For example, here is the help display for
the class status:
(gdb) help status
Status inquiries.

List of commands:

info -- Generic command for showing things

about the program being debugged
show -- Generic command for showing things
about the debugger

Type "help" followed by command name for full

documentation.
Command name abbreviations are allowed if unambiguous.
(gdb)

help command
With a command name as help argument, gdb displays a short paragraph on
how to use that command.
Chapter 3: gdb Commands 23

apropos args
The apropos command searches through all of the gdb commands, and their
documentation, for the regular expression specified in args. It prints out all
matches found. For example:
apropos alias
results in:
alias -- Define a new command that is an alias of an existing command
aliases -- Aliases of other commands
d -- Delete some breakpoints or auto-display expressions
del -- Delete some breakpoints or auto-display expressions
delete -- Delete some breakpoints or auto-display expressions

complete args
The complete args command lists all the possible completions for the begin-
ning of a command. Use args to specify the beginning of the command you
want completed. For example:
complete i
results in:
if
ignore
info
inspect
This is intended for use by gnu Emacs.

In addition to help, you can use the gdb commands info and show to inquire about
the state of your program, or the state of gdb itself. Each command supports many topics
of inquiry; this manual introduces each of them in the appropriate context. The listings
under info and under show in the Command, Variable, and Function Index point to all the
sub-commands. See [Command and Variable Index], page 733.

info This command (abbreviated i) is for describing the state of your program. For
example, you can show the arguments passed to a function with info args,
list the registers currently in use with info registers, or list the breakpoints
you have set with info breakpoints. You can get a complete list of the info
sub-commands with help info.
set You can assign the result of an expression to an environment variable with set.
For example, you can set the gdb prompt to a $-sign with set prompt $.
show In contrast to info, show is for describing the state of gdb itself. You can
change most of the things you can show, by using the related command set;
for example, you can control what number system is used for displays with set
radix, or simply inquire which is currently in use with show radix.
To display all the settable parameters and their current values, you can use
show with no arguments; you may also use info set. Both commands produce
the same display.

Here are several miscellaneous show subcommands, all of which are exceptional in lacking
corresponding set commands:
24 Debugging with gdb

show version
Show what version of gdb is running. You should include this information in
gdb bug-reports. If multiple versions of gdb are in use at your site, you may
need to determine which version of gdb you are running; as gdb evolves, new
commands are introduced, and old ones may wither away. Also, many system
vendors ship variant versions of gdb, and there are variant versions of gdb in
gnu/Linux distributions as well. The version number is the same as the one
announced when you start gdb.
show copying
info copying
Display information about permission for copying gdb.
show warranty
info warranty
Display the gnu “NO WARRANTY” statement, or a warranty, if your version
of gdb comes with one.
show configuration
Display detailed information about the way gdb was configured when it was
built. This displays the optional arguments passed to the ‘configure’ script
and also configuration parameters detected automatically by configure. When
reporting a gdb bug (see Chapter 31 [GDB Bugs], page 549), it is important
to include this information in your report.
Chapter 4: Running Programs Under gdb 25

4 Running Programs Under gdb

When you run a program under gdb, you must first generate debugging information when
you compile it.

You may start gdb with its arguments, if any, in an environment of your choice. If you
are doing native debugging, you may redirect your program’s input and output, debug an
already running process, or kill a child process.

4.1 Compiling for Debugging

In order to debug a program effectively, you need to generate debugging information when
you compile it. This debugging information is stored in the object file; it describes the data
type of each variable or function and the correspondence between source line numbers and
addresses in the executable code.

To request debugging information, specify the ‘-g’ option when you run the compiler.

Programs that are to be shipped to your customers are compiled with optimizations,
using the ‘-O’ compiler option. However, some compilers are unable to handle the ‘-g’ and
‘-O’ options together. Using those compilers, you cannot generate optimized executables
containing debugging information.

gcc, the gnu C/C++ compiler, supports ‘-g’ with or without ‘-O’, making it possible
to debug optimized code. We recommend that you always use ‘-g’ whenever you compile
a program. You may think your program is correct, but there is no sense in pushing your
luck. For more information, see Chapter 11 [Optimized Code], page 151.

Older versions of the gnu C compiler permitted a variant option ‘-gg’ for debugging
information. gdb no longer supports this format; if your gnu C compiler has this option,
do not use it.

gdb knows about preprocessor macros and can show you their expansion (see Chapter 12
[Macros], page 155). Most compilers do not include information about preprocessor macros
in the debugging information if you specify the ‘-g’ flag alone. Version 3.1 and later of gcc,
the gnu C compiler, provides macro information if you are using the DWARF debugging
format, and specify the option ‘-g3’.

See Section “Options for Debugging Your Program or GCC” in Using the gnu Compiler
Collection (GCC), for more information on gcc options affecting debug information.

You will have the best debugging experience if you use the latest version of the DWARF
debugging format that your compiler supports. DWARF is currently the most expressive
and best supported debugging format in gdb.
26 Debugging with gdb

4.2 Starting your Program

run
r Use the run command to start your program under gdb. You must first specify
the program name with an argument to gdb (see Chapter 2 [Getting In and
Out of gdb], page 11), or by using the file or exec-file command (see
Section 18.1 [Commands to Specify Files], page 231).
If you are running your program in an execution environment that supports processes,
run creates an inferior process and makes that process run your program. In some envi-
ronments without processes, run jumps to the start of your program. Other targets, like
‘remote’, are always running. If you get an error message like this one:
The "remote" target does not support "run".
Try "help target" or "continue".
then use continue to run your program. You may need load first (see [load], page 249).
The execution of a program is affected by certain information it receives from its superior.
gdb provides ways to specify this information, which you must do before starting your
program. (You can change it after starting your program, but such changes only affect your
program the next time you start it.) This information may be divided into four categories:
The arguments.
Specify the arguments to give your program as the arguments of the run com-
mand. If a shell is available on your target, the shell is used to pass the argu-
ments, so that you may use normal conventions (such as wildcard expansion or
variable substitution) in describing the arguments. In Unix systems, you can
control which shell is used with the SHELL environment variable. If you do not
define SHELL, gdb uses the default shell (‘/bin/sh’). You can disable use of
any shell with the set startup-with-shell command (see below for details).
The environment.
Your program normally inherits its environment from gdb, but you can use
the gdb commands set environment and unset environment to change parts
of the environment that affect your program. See Section 4.4 [Your Program’s
Environment], page 30.
The working directory.
Your program inherits its working directory from gdb. You can set the gdb
working directory with the cd command in gdb. See Section 4.5 [Your Pro-
gram’s Working Directory], page 31.
The standard input and output.
Your program normally uses the same device for standard input and standard
output as gdb is using. You can redirect input and output in the run command
line, or you can use the tty command to set a different device for your program.
See Section 4.6 [Your Program’s Input and Output], page 32.
Warning: While input and output redirection work, you cannot use pipes to
pass the output of the program you are debugging to another program; if you
attempt this, gdb is likely to wind up debugging the wrong program.
Chapter 4: Running Programs Under gdb 27

When you issue the run command, your program begins to execute immediately. See
Chapter 5 [Stopping and Continuing], page 45, for discussion of how to arrange for your
program to stop. Once your program has stopped, you may call functions in your program,
using the print or call commands. See Chapter 10 [Examining Data], page 109.
If the modification time of your symbol file has changed since the last time gdb read its
symbols, gdb discards its symbol table, and reads it again. When it does this, gdb tries to
retain your current breakpoints.
start The name of the main procedure can vary from language to language. With
C or C++, the main procedure name is always main, but other languages such
as Ada do not require a specific name for their main procedure. The debugger
provides a convenient way to start the execution of the program and to stop at
the beginning of the main procedure, depending on the language used.
The ‘start’ command does the equivalent of setting a temporary breakpoint
at the beginning of the main procedure and then invoking the ‘run’ command.
Some programs contain an elaboration phase where some startup code is exe-
cuted before the main procedure is called. This depends on the languages used
to write your program. In C++, for instance, constructors for static and global
objects are executed before main is called. It is therefore possible that the
debugger stops before reaching the main procedure. However, the temporary
breakpoint will remain to halt execution.
Specify the arguments to give to your program as arguments to the ‘start’
command. These arguments will be given verbatim to the underlying ‘run’
command. Note that the same arguments will be reused if no argument is
provided during subsequent calls to ‘start’ or ‘run’.
It is sometimes necessary to debug the program during elaboration. In these
cases, using the start command would stop the execution of your program
too late, as the program would have already completed the elaboration phase.
Under these circumstances, insert breakpoints in your elaboration code before
running your program.
set exec-wrapper wrapper
show exec-wrapper
unset exec-wrapper
When ‘exec-wrapper’ is set, the specified wrapper is used to launch programs
for debugging. gdb starts your program with a shell command of the form exec
wrapper program. Quoting is added to program and its arguments, but not to
wrapper, so you should add quotes if appropriate for your shell. The wrapper
runs until it executes your program, and then gdb takes control.
You can use any program that eventually calls execve with its arguments as
a wrapper. Several standard Unix utilities do this, e.g. env and nohup. Any
Unix shell script ending with exec "$@" will also work.
For example, you can use env to pass an environment variable to the debugged
program, without setting the variable in your shell’s environment:
(gdb) set exec-wrapper env ’LD_PRELOAD=libtest.so’
(gdb) run
28 Debugging with gdb

This command is available when debugging locally on most targets, excluding

djgpp, Cygwin, MS Windows, and QNX Neutrino.
set startup-with-shell
set startup-with-shell on
set startup-with-shell off
show set startup-with-shell
On Unix systems, by default, if a shell is available on your target, gdb) uses it
to start your program. Arguments of the run command are passed to the shell,
which does variable substitution, expands wildcard characters and performs
redirection of I/O. In some circumstances, it may be useful to disable such use
of a shell, for example, when debugging the shell itself or diagnosing startup
failures such as:
(gdb) run
Starting program: ./a.out
During startup program terminated with signal SIGSEGV, Segmentation fault.
which indicates the shell or the wrapper specified with ‘exec-wrapper’ crashed,
not your program. Most often, this is caused by something odd in your shell’s
non-interactive mode initialization file—such as ‘.cshrc’ for C-shell, $‘.zshenv’
for the Z shell, or the file specified in the ‘BASH_ENV’ environment variable for
BASH.
set auto-connect-native-target
set auto-connect-native-target on
set auto-connect-native-target off
show auto-connect-native-target
By default, if not connected to any target yet (e.g., with target remote), the
run command starts your program as a native process under gdb, on your
local machine. If you’re sure you don’t want to debug programs on your local
machine, you can tell gdb to not connect to the native target automatically
with the set auto-connect-native-target off command.
If on, which is the default, and if gdb is not connected to a target already, the
run command automaticaly connects to the native target, if one is available.
If off, and if gdb is not connected to a target already, the run command fails
with an error:
(gdb) run
Don’t know how to run. Try "help target".
If gdb is already connected to a target, gdb always uses it with the run com-
mand.
In any case, you can explicitly connect to the native target with the target
native command. For example,
(gdb) set auto-connect-native-target off
(gdb) run
Don’t know how to run. Try "help target".
(gdb) target native
(gdb) run
Starting program: ./a.out
[Inferior 1 (process 10421) exited normally]
Chapter 4: Running Programs Under gdb 29

In case you connected explicitly to the native target, gdb remains connected
even if all inferiors exit, ready for the next run command. Use the disconnect
command to disconnect.
Examples of other commands that likewise respect the auto-connect-native-
target setting: attach, info proc, info os.
set disable-randomization
set disable-randomization on
This option (enabled by default in gdb) will turn off the native randomiza-
tion of the virtual address space of the started program. This option is useful
for multiple debugging sessions to make the execution better reproducible and
memory addresses reusable across debugging sessions.
This feature is implemented only on certain targets, including gnu/Linux. On
gnu/Linux you can get the same behavior using
(gdb) set exec-wrapper setarch ‘uname -m‘ -R

set disable-randomization off

Leave the behavior of the started executable unchanged. Some bugs rear their
ugly heads only when the program is loaded at certain addresses. If your bug
disappears when you run the program under gdb, that might be because gdb
by default disables the address randomization on platforms, such as gnu/Linux,
which do that for stand-alone programs. Use set disable-randomization off
to try to reproduce such elusive bugs.
On targets where it is available, virtual address space randomization protects
the programs against certain kinds of security attacks. In these cases the at-
tacker needs to know the exact location of a concrete executable code. Ran-
domizing its location makes it impossible to inject jumps misusing a code at its
expected addresses.
Prelinking shared libraries provides a startup performance advantage but it
makes addresses in these libraries predictable for privileged processes by having
just unprivileged access at the target system. Reading the shared library binary
gives enough information for assembling the malicious code misusing it. Still
even a prelinked shared library can get loaded at a new random address just
requiring the regular relocation process during the startup. Shared libraries not
already prelinked are always loaded at a randomly chosen address.
Position independent executables (PIE) contain position independent code sim-
ilar to the shared libraries and therefore such executables get loaded at a ran-
domly chosen address upon startup. PIE executables always load even already
prelinked shared libraries at a random address. You can build such executable
using gcc -fPIE -pie.
Heap (malloc storage), stack and custom mmap areas are always placed ran-
domly (as long as the randomization is enabled).
show disable-randomization
Show the current setting of the explicit disable of the native randomization of
the virtual address space of the started program.
30 Debugging with gdb

4.3 Your Program’s Arguments

The arguments to your program can be specified by the arguments of the run command.
They are passed to a shell, which expands wildcard characters and performs redirection of
I/O, and thence to your program. Your SHELL environment variable (if it exists) specifies
what shell gdb uses. If you do not define SHELL, gdb uses the default shell (‘/bin/sh’ on
Unix).
On non-Unix systems, the program is usually invoked directly by gdb, which emulates
I/O redirection via the appropriate system calls, and the wildcard characters are expanded
by the startup code of the program, not by the shell.
run with no arguments uses the same arguments used by the previous run, or those set
by the set args command.
set args Specify the arguments to be used the next time your program is run. If set
args has no arguments, run executes your program with no arguments. Once
you have run your program with arguments, using set args before the next
run is the only way to run it again without arguments.
show args Show the arguments to give your program when it is started.

4.4 Your Program’s Environment

The environment consists of a set of environment variables and their values. Environment
variables conventionally record such things as your user name, your home directory, your
terminal type, and your search path for programs to run. Usually you set up environment
variables with the shell and they are inherited by all the other programs you run. When
debugging, it can be useful to try running your program with a modified environment
without having to start gdb over again.
path directory
Add directory to the front of the PATH environment variable (the search path
for executables) that will be passed to your program. The value of PATH used
by gdb does not change. You may specify several directory names, separated
by whitespace or by a system-dependent separator character (‘:’ on Unix, ‘;’
on MS-DOS and MS-Windows). If directory is already in the path, it is moved
to the front, so it is searched sooner.
You can use the string ‘$cwd’ to refer to whatever is the current working direc-
tory at the time gdb searches the path. If you use ‘.’ instead, it refers to the
directory where you executed the path command. gdb replaces ‘.’ in the di-
rectory argument (with the current path) before adding directory to the search
path.
show paths
Display the list of search paths for executables (the PATH environment variable).
show environment [varname]
Print the value of environment variable varname to be given to your program
when it starts. If you do not supply varname, print the names and values of
all environment variables to be given to your program. You can abbreviate
environment as env.
Chapter 4: Running Programs Under gdb 31

set environment varname [=value]

Set environment variable varname to value. The value changes for your pro-
gram (and the shell gdb uses to launch it), not for gdb itself. The value may be
any string; the values of environment variables are just strings, and any inter-
pretation is supplied by your program itself. The value parameter is optional;
if it is eliminated, the variable is set to a null value.
For example, this command:
set env USER = foo
tells the debugged program, when subsequently run, that its user is named
‘foo’. (The spaces around ‘=’ are used for clarity here; they are not actually
required.)
Note that on Unix systems, gdb runs your program via a shell, which also
inherits the environment set with set environment. If necessary, you can avoid
that by using the ‘env’ program as a wrapper instead of using set environment.
See [set exec-wrapper], page 27, for an example doing just that.
unset environment varname
Remove variable varname from the environment to be passed to your program.
This is different from ‘set env varname =’; unset environment removes the
variable from the environment, rather than assigning it an empty value.
Warning: On Unix systems, gdb runs your program using the shell indicated by your
SHELL environment variable if it exists (or /bin/sh if not). If your SHELL variable names a
shell that runs an initialization file when started non-interactively—such as ‘.cshrc’ for C-
shell, $‘.zshenv’ for the Z shell, or the file specified in the ‘BASH_ENV’ environment variable
for BASH—any variables you set in that file affect your program. You may wish to move
setting of environment variables to files that are only run when you sign on, such as ‘.login’
or ‘.profile’.

4.5 Your Program’s Working Directory

Each time you start your program with run, it inherits its working directory from the current
working directory of gdb. The gdb working directory is initially whatever it inherited from
its parent process (typically the shell), but you can specify a new working directory in gdb
with the cd command.
The gdb working directory also serves as a default for the commands that specify files
for gdb to operate on. See Section 18.1 [Commands to Specify Files], page 231.
cd [directory]
Set the gdb working directory to directory. If not given, directory uses ‘’~’’.
pwd Print the gdb working directory.
It is generally impossible to find the current working directory of the process being
debugged (since a program can change its directory during its run). If you work on a system
where gdb is configured with the ‘/proc’ support, you can use the info proc command
(see Section 21.1.3 [SVR4 Process Information], page 269) to find out the current working
directory of the debuggee.
32 Debugging with gdb

4.6 Your Program’s Input and Output

By default, the program you run under gdb does input and output to the same terminal
that gdb uses. gdb switches the terminal to its own terminal modes to interact with you,
but it records the terminal modes your program was using and switches back to them when
you continue running your program.
info terminal
Displays information recorded by gdb about the terminal modes your program
is using.
You can redirect your program’s input and/or output using shell redirection with the
run command. For example,
run > outfile
starts your program, diverting its output to the file ‘outfile’.
Another way to specify where your program should do input and output is with the
tty command. This command accepts a file name as argument, and causes this file to be
the default for future run commands. It also resets the controlling terminal for the child
process, for future run commands. For example,
tty /dev/ttyb
directs that processes started with subsequent run commands default to do input and output
on the terminal ‘/dev/ttyb’ and have that as their controlling terminal.
An explicit redirection in run overrides the tty command’s effect on the input/output
device, but not its effect on the controlling terminal.
When you use the tty command or redirect input in the run command, only the input
for your program is affected. The input for gdb still comes from your terminal. tty is an
alias for set inferior-tty.
You can use the show inferior-tty command to tell gdb to display the name of the
terminal that will be used for future runs of your program.
set inferior-tty /dev/ttyb
Set the tty for the program being debugged to /dev/ttyb.
show inferior-tty
Show the current tty for the program being debugged.

4.7 Debugging an Already-running Process

attach process-id
This command attaches to a running process—one that was started outside
gdb. (info files shows your active targets.) The command takes as argument
a process ID. The usual way to find out the process-id of a Unix process is with
the ps utility, or with the ‘jobs -l’ shell command.
attach does not repeat if you press RET a second time after executing the
command.
To use attach, your program must be running in an environment which supports pro-
cesses; for example, attach does not work for programs on bare-board targets that lack an
operating system. You must also have permission to send the process a signal.
Chapter 4: Running Programs Under gdb 33

When you use attach, the debugger finds the program running in the process first by
looking in the current working directory, then (if the program is not found) by using the
source file search path (see Section 9.5 [Specifying Source Directories], page 102). You can
also use the file command to load the program. See Section 18.1 [Commands to Specify
Files], page 231.
The first thing gdb does after arranging to debug the specified process is to stop it. You
can examine and modify an attached process with all the gdb commands that are ordinarily
available when you start processes with run. You can insert breakpoints; you can step and
continue; you can modify storage. If you would rather the process continue running, you
may use the continue command after attaching gdb to the process.
detach When you have finished debugging the attached process, you can use the detach
command to release it from gdb control. Detaching the process continues its
execution. After the detach command, that process and gdb become com-
pletely independent once more, and you are ready to attach another process
or start one with run. detach does not repeat if you press RET again after
executing the command.
If you exit gdb while you have an attached process, you detach that process. If you use
the run command, you kill that process. By default, gdb asks for confirmation if you try
to do either of these things; you can control whether or not you need to confirm by using
the set confirm command (see Section 22.8 [Optional Warnings and Messages], page 305).

4.8 Killing the Child Process

kill Kill the child process in which your program is running under gdb.
This command is useful if you wish to debug a core dump instead of a running process.
gdb ignores any core dump file while your program is running.
On some operating systems, a program cannot be executed outside gdb while you have
breakpoints set on it inside gdb. You can use the kill command in this situation to permit
running your program outside the debugger.
The kill command is also useful if you wish to recompile and relink your program,
since on many systems it is impossible to modify an executable file while it is running in a
process. In this case, when you next type run, gdb notices that the file has changed, and
reads the symbol table again (while trying to preserve your current breakpoint settings).

4.9 Debugging Multiple Inferiors and Programs

gdb lets you run and debug multiple programs in a single session. In addition, gdb on
some systems may let you run several programs simultaneously (otherwise you have to exit
from one before starting another). In the most general case, you can have multiple threads
of execution in each of multiple processes, launched from multiple executables.
gdb represents the state of each program execution with an object called an inferior.
An inferior typically corresponds to a process, but is more general and applies also to
targets that do not have processes. Inferiors may be created before a process runs, and may
be retained after a process exits. Inferiors have unique identifiers that are different from
process ids. Usually each inferior will also have its own distinct address space, although
34 Debugging with gdb

some embedded targets may have several inferiors running in different parts of a single
address space. Each inferior may in turn have multiple threads running in it.
To find out what inferiors exist at any moment, use info inferiors:
info inferiors
Print a list of all inferiors currently being managed by gdb.
gdb displays for each inferior (in this order):
1. the inferior number assigned by gdb
2. the target system’s inferior identifier
3. the name of the executable the inferior is running.
An asterisk ‘*’ preceding the gdb inferior number indicates the current inferior.
For example,
(gdb) info inferiors
Num Description Executable
2 process 2307 hello
* 1 process 3401 goodbye
To switch focus between inferiors, use the inferior command:
inferior infno
Make inferior number infno the current inferior. The argument infno is the infe-
rior number assigned by gdb, as shown in the first field of the ‘info inferiors’
display.
You can get multiple executables into a debugging session via the add-inferior and
clone-inferior commands. On some systems gdb can add inferiors to the debug session
automatically by following calls to fork and exec. To remove inferiors from the debugging
session use the remove-inferiors command.
add-inferior [ -copies n ] [ -exec executable ]
Adds n inferiors to be run using executable as the executable; n defaults to 1.
If no executable is specified, the inferiors begins empty, with no program. You
can still assign or change the program assigned to the inferior at any time by
using the file command with the executable name as its argument.
clone-inferior [ -copies n ] [ infno ]
Adds n inferiors ready to execute the same program as inferior infno; n defaults
to 1, and infno defaults to the number of the current inferior. This is a conve-
nient command when you want to run another instance of the inferior you are
debugging.
(gdb) info inferiors
Num Description Executable
* 1 process 29964 helloworld
(gdb) clone-inferior
Added inferior 2.
1 inferiors added.
(gdb) info inferiors
Num Description Executable
2 <null> helloworld
* 1 process 29964 helloworld
You can now simply switch focus to inferior 2 and run it.
Chapter 4: Running Programs Under gdb 35

remove-inferiors infno...
Removes the inferior or inferiors infno . . . . It is not possible to remove an
inferior that is running with this command. For those, use the kill or detach
command first.
To quit debugging one of the running inferiors that is not the current inferior, you
can either detach from it by using the detach inferior command (allowing it to run
independently), or kill it using the kill inferiors command:
detach inferior infno...
Detach from the inferior or inferiors identified by gdb inferior number(s)
infno . . . . Note that the inferior’s entry still stays on the list of inferiors shown
by info inferiors, but its Description will show ‘<null>’.
kill inferiors infno...
Kill the inferior or inferiors identified by gdb inferior number(s) infno . . . .
Note that the inferior’s entry still stays on the list of inferiors shown by info
inferiors, but its Description will show ‘<null>’.
After the successful completion of a command such as detach, detach inferiors, kill
or kill inferiors, or after a normal process exit, the inferior is still valid and listed with
info inferiors, ready to be restarted.
To be notified when inferiors are started or exit under gdb’s control use
set print inferior-events:
set print inferior-events
set print inferior-events on
set print inferior-events off
The set print inferior-events command allows you to enable or disable
printing of messages when gdb notices that new inferiors have started or that
inferiors have exited or have been detached. By default, these messages will
not be printed.
show print inferior-events
Show whether messages will be printed when gdb detects that inferiors have
started, exited or have been detached.
Many commands will work the same with multiple programs as with a single program:
e.g., print myglobal will simply display the value of myglobal in the current inferior.
Occasionaly, when debugging gdb itself, it may be useful to get more info about the
relationship of inferiors, programs, address spaces in a debug session. You can do that with
the maint info program-spaces command.
maint info program-spaces
Print a list of all program spaces currently being managed by gdb.
gdb displays for each program space (in this order):
1. the program space number assigned by gdb
2. the name of the executable loaded into the program space, with e.g., the
file command.
36 Debugging with gdb

An asterisk ‘*’ preceding the gdb program space number indicates the current
program space.
In addition, below each program space line, gdb prints extra information that
isn’t suitable to display in tabular form. For example, the list of inferiors bound
to the program space.
(gdb) maint info program-spaces
Id Executable
2 goodbye
Bound inferiors: ID 1 (process 21561)
* 1 hello
Here we can see that no inferior is running the program hello, while process
21561 is running the program goodbye. On some targets, it is possible that
multiple inferiors are bound to the same program space. The most common
example is that of debugging both the parent and child processes of a vfork
call. For example,
(gdb) maint info program-spaces
Id Executable
* 1 vfork-test
Bound inferiors: ID 2 (process 18050), ID 1 (process 18045)
Here, both inferior 2 and inferior 1 are running in the same program space as
a result of inferior 1 having executed a vfork call.

4.10 Debugging Programs with Multiple Threads

In some operating systems, such as HP-UX and Solaris, a single program may have more
than one thread of execution. The precise semantics of threads differ from one operating
system to another, but in general the threads of a single program are akin to multiple
processes—except that they share one address space (that is, they can all examine and
modify the same variables). On the other hand, each thread has its own registers and
execution stack, and perhaps private memory.
gdb provides these facilities for debugging multi-thread programs:
• automatic notification of new threads
• ‘thread threadno’, a command to switch among threads
• ‘info threads’, a command to inquire about existing threads
• ‘thread apply [threadno] [all] args’, a command to apply a command to a list of
threads
• thread-specific breakpoints
• ‘set print thread-events’, which controls printing of messages on thread start and
exit.
• ‘set libthread-db-search-path path’, which lets the user specify which libthread_
db to use if the default choice isn’t compatible with the program.
Warning: These facilities are not yet available on every gdb configuration
where the operating system supports threads. If your gdb does not support
threads, these commands have no effect. For example, a system without thread
support shows no output from ‘info threads’, and always rejects the thread
command, like this:
Chapter 4: Running Programs Under gdb 37

(gdb) info threads

(gdb) thread 1
Thread ID 1 not known. Use the "info threads" command to
see the IDs of currently known threads.
The gdb thread debugging facility allows you to observe all threads while your program
runs—but whenever gdb takes control, one thread in particular is always the focus of
debugging. This thread is called the current thread. Debugging commands show program
information from the perspective of the current thread.
Whenever gdb detects a new thread in your program, it displays the target system’s
identification for the thread with a message in the form ‘[New systag]’, where systag is a
thread identifier whose form varies depending on the particular system. For example, on
gnu/Linux, you might see
[New Thread 0x41e02940 (LWP 25582)]
when gdb notices a new thread. In contrast, on an SGI system, the systag is simply
something like ‘process 368’, with no further qualifier.
For debugging purposes, gdb associates its own thread number—always a single
integer—with each thread in your program.
info threads [id...]
Display a summary of all threads currently in your program. Optional argu-
ment id. . . is one or more thread ids separated by spaces, and means to print
information only about the specified thread or threads. gdb displays for each
thread (in this order):
1. the thread number assigned by gdb
2. the target system’s thread identifier (systag)
3. the thread’s name, if one is known. A thread can either be named by the
user (see thread name, below), or, in some cases, by the program itself.
4. the current stack frame summary for that thread
An asterisk ‘*’ to the left of the gdb thread number indicates the current thread.
For example,
(gdb) info threads
Id Target Id Frame
3 process 35 thread 27 0x34e5 in sigpause ()
2 process 35 thread 23 0x34e5 in sigpause ()
* 1 process 35 thread 13 main (argc=1, argv=0x7ffffff8)
at threadtest.c:68
On Solaris, you can display more information about user threads with a Solaris-specific
command:
maint info sol-threads
Display info on Solaris user threads.
thread threadno
Make thread number threadno the current thread. The command argument
threadno is the internal gdb thread number, as shown in the first field of the
‘info threads’ display. gdb responds by displaying the system identifier of the
thread you selected, and its current stack frame summary:
38 Debugging with gdb

(gdb) thread 2
[Switching to thread 2 (Thread 0xb7fdab70 (LWP 12747))]
#0 some_function (ignore=0x0) at example.c:8
8 printf ("hello\n");
As with the ‘[New ...]’ message, the form of the text after ‘Switching to’
depends on your system’s conventions for identifying threads.
The debugger convenience variable ‘$_thread’ contains the number of the cur-
rent thread. You may find this useful in writing breakpoint conditional ex-
pressions, command scripts, and so forth. See See Section 10.11 [Convenience
Variables], page 132, for general information on convenience variables.
thread apply [threadno | all [-ascending]] command
The thread apply command allows you to apply the named command to one
or more threads. Specify the numbers of the threads that you want affected
with the command argument threadno. It can be a single thread number, one
of the numbers shown in the first field of the ‘info threads’ display; or it could
be a range of thread numbers, as in 2-4. To apply a command to all threads
in descending order, type thread apply all command. To apply a command to
all threads in ascending order, type thread apply all -ascending command.
thread name [name]
This command assigns a name to the current thread. If no argument is given,
any existing user-specified name is removed. The thread name appears in the
‘info threads’ display.
On some systems, such as gnu/Linux, gdb is able to determine the name of
the thread as given by the OS. On these systems, a name specified with ‘thread
name’ will override the system-give name, and removing the user-specified name
will cause gdb to once again display the system-specified name.
thread find [regexp]
Search for and display thread ids whose name or systag matches the supplied
regular expression.
As well as being the complement to the ‘thread name’ command, this command
also allows you to identify a thread by its target systag. For instance, on
gnu/Linux, the target systag is the LWP id.
(gdb) thread find 26688
Thread 4 has target id ’Thread 0x41e02940 (LWP 26688)’
(gdb) info thread 4
Id Target Id Frame
4 Thread 0x41e02940 (LWP 26688) 0x00000031ca6cd372 in select ()

set print thread-events

set print thread-events on
set print thread-events off
The set print thread-events command allows you to enable or disable print-
ing of messages when gdb notices that new threads have started or that threads
have exited. By default, these messages will be printed if detection of these
events is supported by the target. Note that these messages cannot be disabled
on all targets.
Chapter 4: Running Programs Under gdb 39

show print thread-events

Show whether messages will be printed when gdb detects that threads have
started and exited.
See Section 5.5 [Stopping and Starting Multi-thread Programs], page 75, for more infor-
mation about how gdb behaves when you stop and start programs with multiple threads.
See Section 5.1.2 [Setting Watchpoints], page 52, for information about watchpoints in
programs with multiple threads.
set libthread-db-search-path [path]
If this variable is set, path is a colon-separated list of directories gdb will use
to search for libthread_db. If you omit path, ‘libthread-db-search-path’
will be reset to its default value ($sdir:$pdir on gnu/Linux and Solaris sys-
tems). Internally, the default value comes from the LIBTHREAD_DB_SEARCH_
PATH macro.
On gnu/Linux and Solaris systems, gdb uses a “helper” libthread_db li-
brary to obtain information about threads in the inferior process. gdb will use
‘libthread-db-search-path’ to find libthread_db. gdb also consults first if
inferior specific thread debugging library loading is enabled by ‘set auto-load
libthread-db’ (see Section 22.7.2 [libthread db.so.1 file], page 302).
A special entry ‘$sdir’ for ‘libthread-db-search-path’ refers to the default
system directories that are normally searched for loading shared libraries. The
‘$sdir’ entry is the only kind not needing to be enabled by ‘set auto-load
libthread-db’ (see Section 22.7.2 [libthread db.so.1 file], page 302).
A special entry ‘$pdir’ for ‘libthread-db-search-path’ refers to the directory
from which libpthread was loaded in the inferior process.
For any libthread_db library gdb finds in above directories, gdb attempts
to initialize it with the current inferior process. If this initialization fails
(which could happen because of a version mismatch between libthread_db
and libpthread), gdb will unload libthread_db, and continue with the next
directory. If none of libthread_db libraries initialize successfully, gdb will
issue a warning and thread debugging will be disabled.
Setting libthread-db-search-path is currently implemented only on some
platforms.
show libthread-db-search-path
Display current libthread db search path.
set debug libthread-db
show debug libthread-db
Turns on or off display of libthread_db-related events. Use 1 to enable, 0 to
disable.

4.11 Debugging Forks

On most systems, gdb has no special support for debugging programs which create addi-
tional processes using the fork function. When a program forks, gdb will continue to debug
the parent process and the child process will run unimpeded. If you have set a breakpoint
40 Debugging with gdb

in any code which the child then executes, the child will get a SIGTRAP signal which (unless
it catches the signal) will cause it to terminate.
However, if you want to debug the child process there is a workaround which isn’t too
painful. Put a call to sleep in the code which the child process executes after the fork. It
may be useful to sleep only if a certain environment variable is set, or a certain file exists,
so that the delay need not occur when you don’t want to run gdb on the child. While the
child is sleeping, use the ps program to get its process ID. Then tell gdb (a new invocation
of gdb if you are also debugging the parent process) to attach to the child process (see
Section 4.7 [Attach], page 32). From that point on you can debug the child process just like
any other process which you attached to.
On some systems, gdb provides support for debugging programs that create additional
processes using the fork or vfork functions. Currently, the only platforms with this feature
are HP-UX (11.x and later only?) and gnu/Linux (kernel version 2.5.60 and later).
By default, when a program forks, gdb will continue to debug the parent process and
the child process will run unimpeded.
If you want to follow the child process instead of the parent process, use the command
set follow-fork-mode.
set follow-fork-mode mode
Set the debugger response to a program call of fork or vfork. A call to fork
or vfork creates a new process. The mode argument can be:
parent The original process is debugged after a fork. The child process
runs unimpeded. This is the default.
child The new process is debugged after a fork. The parent process runs
unimpeded.
show follow-fork-mode
Display the current debugger response to a fork or vfork call.
On Linux, if you want to debug both the parent and child processes, use the command
set detach-on-fork.
set detach-on-fork mode
Tells gdb whether to detach one of the processes after a fork, or retain debugger
control over them both.
on The child process (or parent process, depending on the value of
follow-fork-mode) will be detached and allowed to run indepen-
dently. This is the default.
off Both processes will be held under the control of gdb. One process
(child or parent, depending on the value of follow-fork-mode) is
debugged as usual, while the other is held suspended.
show detach-on-fork
Show whether detach-on-fork mode is on/off.
If you choose to set ‘detach-on-fork’ mode off, then gdb will retain control of all forked
processes (including nested forks). You can list the forked processes under the control of gdb
Chapter 4: Running Programs Under gdb 41

by using the info inferiors command, and switch from one fork to another by using the
inferior command (see Section 4.9 [Debugging Multiple Inferiors and Programs], page 33).
To quit debugging one of the forked processes, you can either detach from it by using
the detach inferiors command (allowing it to run independently), or kill it using the
kill inferiors command. See Section 4.9 [Debugging Multiple Inferiors and Programs],
page 33.
If you ask to debug a child process and a vfork is followed by an exec, gdb executes
the new target up to the first breakpoint in the new target. If you have a breakpoint set on
main in your original program, the breakpoint will also be set on the child process’s main.
On some systems, when a child process is spawned by vfork, you cannot debug the child
or parent until an exec call completes.
If you issue a run command to gdb after an exec call executes, the new target restarts.
To restart the parent process, use the file command with the parent executable name
as its argument. By default, after an exec call executes, gdb discards the symbols of the
previous executable image. You can change this behaviour with the set follow-exec-mode
command.
set follow-exec-mode mode
Set debugger response to a program call of exec. An exec call replaces the
program image of a process.
follow-exec-mode can be:
new gdb creates a new inferior and rebinds the process to this new
inferior. The program the process was running before the exec call
can be restarted afterwards by restarting the original inferior.
For example:
(gdb) info inferiors
(gdb) info inferior
Id Description Executable
* 1 <null> prog1
(gdb) run
process 12020 is executing new program: prog2
Program exited normally.
(gdb) info inferiors
Id Description Executable
* 2 <null> prog2
1 <null> prog1

same gdb keeps the process bound to the same inferior. The new exe-
cutable image replaces the previous executable loaded in the infe-
rior. Restarting the inferior after the exec call, with e.g., the run
command, restarts the executable the process was running after the
exec call. This is the default mode.
For example:
(gdb) info inferiors
Id Description Executable
* 1 <null> prog1
(gdb) run
process 12020 is executing new program: prog2
Program exited normally.
42 Debugging with gdb

(gdb) info inferiors

Id Description Executable
* 1 <null> prog2

You can use the catch command to make gdb stop whenever a fork, vfork, or exec
call is made. See Section 5.1.3 [Setting Catchpoints], page 55.

4.12 Setting a Bookmark to Return to Later

On certain operating systems1 , gdb is able to save a snapshot of a program’s state, called
a checkpoint, and come back to it later.
Returning to a checkpoint effectively undoes everything that has happened in the pro-
gram since the checkpoint was saved. This includes changes in memory, registers, and even
(within some limits) system state. Effectively, it is like going back in time to the moment
when the checkpoint was saved.
Thus, if you’re stepping thru a program and you think you’re getting close to the point
where things go wrong, you can save a checkpoint. Then, if you accidentally go too far and
miss the critical statement, instead of having to restart your program from the beginning,
you can just go back to the checkpoint and start again from there.
This can be especially useful if it takes a lot of time or steps to reach the point where
you think the bug occurs.
To use the checkpoint/restart method of debugging:
checkpoint
Save a snapshot of the debugged program’s current execution state. The
checkpoint command takes no arguments, but each checkpoint is assigned
a small integer id, similar to a breakpoint id.
info checkpoints
List the checkpoints that have been saved in the current debugging session. For
each checkpoint, the following information will be listed:
Checkpoint ID
Process ID
Code Address
Source line, or label
restart checkpoint-id
Restore the program state that was saved as checkpoint number checkpoint-id.
All program variables, registers, stack frames etc. will be returned to the values
that they had when the checkpoint was saved. In essence, gdb will “wind back
the clock” to the point in time when the checkpoint was saved.
Note that breakpoints, gdb variables, command history etc. are not affected
by restoring a checkpoint. In general, a checkpoint only restores things that
reside in the program being debugged, not in the debugger.
delete checkpoint checkpoint-id
Delete the previously-saved checkpoint identified by checkpoint-id.
1
Currently, only gnu/Linux.
Chapter 4: Running Programs Under gdb 43

Returning to a previously saved checkpoint will restore the user state of the program
being debugged, plus a significant subset of the system (OS) state, including file pointers. It
won’t “un-write” data from a file, but it will rewind the file pointer to the previous location,
so that the previously written data can be overwritten. For files opened in read mode, the
pointer will also be restored so that the previously read data can be read again.
Of course, characters that have been sent to a printer (or other external device) cannot
be “snatched back”, and characters received from eg. a serial device can be removed from
internal program buffers, but they cannot be “pushed back” into the serial pipeline, ready
to be received again. Similarly, the actual contents of files that have been changed cannot
be restored (at this time).
However, within those constraints, you actually can “rewind” your program to a previ-
ously saved point in time, and begin debugging it again — and you can change the course
of events so as to debug a different execution path this time.
Finally, there is one bit of internal program state that will be different when you return
to a checkpoint — the program’s process id. Each checkpoint will have a unique process id
(or pid), and each will be different from the program’s original pid. If your program has
saved a local copy of its process id, this could potentially pose a problem.

4.12.1 A Non-obvious Benefit of Using Checkpoints

On some systems such as gnu/Linux, address space randomization is performed on new
processes for security reasons. This makes it difficult or impossible to set a breakpoint, or
watchpoint, on an absolute address if you have to restart the program, since the absolute
location of a symbol will change from one execution to the next.
A checkpoint, however, is an identical copy of a process. Therefore if you create a
checkpoint at (eg.) the start of main, and simply return to that checkpoint instead of
restarting the process, you can avoid the effects of address randomization and your symbols
will all stay in the same place.
Chapter 5: Stopping and Continuing 45

5 Stopping and Continuing

The principal purposes of using a debugger are so that you can stop your program before it
terminates; or so that, if your program runs into trouble, you can investigate and find out
why.
Inside gdb, your program may stop for any of several reasons, such as a signal, a break-
point, or reaching a new line after a gdb command such as step. You may then examine
and change variables, set new breakpoints or remove old ones, and then continue execu-
tion. Usually, the messages shown by gdb provide ample explanation of the status of your
program—but you can also explicitly request this information at any time.
info program
Display information about the status of your program: whether it is running
or not, what process it is, and why it stopped.

5.1 Breakpoints, Watchpoints, and Catchpoints

A breakpoint makes your program stop whenever a certain point in the program is reached.
For each breakpoint, you can add conditions to control in finer detail whether your program
stops. You can set breakpoints with the break command and its variants (see Section 5.1.1
[Setting Breakpoints], page 46), to specify the place where your program should stop by
line number, function name or exact address in the program.
On some systems, you can set breakpoints in shared libraries before the executable is
run. There is a minor limitation on HP-UX systems: you must wait until the executable
is run in order to set breakpoints in shared library routines that are not called directly by
the program (for example, routines that are arguments in a pthread_create call).
A watchpoint is a special breakpoint that stops your program when the value of an
expression changes. The expression may be a value of a variable, or it could involve values
of one or more variables combined by operators, such as ‘a + b’. This is sometimes called
data breakpoints. You must use a different command to set watchpoints (see Section 5.1.2
[Setting Watchpoints], page 52), but aside from that, you can manage a watchpoint like any
other breakpoint: you enable, disable, and delete both breakpoints and watchpoints using
the same commands.
You can arrange to have values from your program displayed automatically whenever
gdb stops at a breakpoint. See Section 10.7 [Automatic Display], page 120.
A catchpoint is another special breakpoint that stops your program when a certain kind
of event occurs, such as the throwing of a C++ exception or the loading of a library. As with
watchpoints, you use a different command to set a catchpoint (see Section 5.1.3 [Setting
Catchpoints], page 55), but aside from that, you can manage a catchpoint like any other
breakpoint. (To stop when your program receives a signal, use the handle command; see
Section 5.4 [Signals], page 73.)
gdb assigns a number to each breakpoint, watchpoint, or catchpoint when you create
it; these numbers are successive integers starting with one. In many of the commands for
controlling various features of breakpoints you use the breakpoint number to say which
breakpoint you want to change. Each breakpoint may be enabled or disabled; if disabled,
it has no effect on your program until you enable it again.
46 Debugging with gdb

Some gdb commands accept a range of breakpoints on which to operate. A breakpoint

range is either a single breakpoint number, like ‘5’, or two such numbers, in increasing
order, separated by a hyphen, like ‘5-7’. When a breakpoint range is given to a command,
all breakpoints in that range are operated on.

5.1.1 Setting Breakpoints

Breakpoints are set with the break command (abbreviated b). The debugger conve-
nience variable ‘$bpnum’ records the number of the breakpoint you’ve set most recently;
see Section 10.11 [Convenience Variables], page 132, for a discussion of what you can do
with convenience variables.
break location
Set a breakpoint at the given location, which can specify a function name, a line
number, or an address of an instruction. (See Section 9.2 [Specify Location],
page 100, for a list of all the possible ways to specify a location.) The breakpoint
will stop your program just before it executes any of the code in the specified
location.
When using source languages that permit overloading of symbols, such as C++,
a function name may refer to more than one possible place to break. See
Section 10.2 [Ambiguous Expressions], page 112, for a discussion of that situa-
tion.
It is also possible to insert a breakpoint that will stop the program only if a
specific thread (see Section 5.5.4 [Thread-Specific Breakpoints], page 79) or a
specific task (see Section 15.4.9.6 [Ada Tasks], page 206) hits that breakpoint.
break When called without any arguments, break sets a breakpoint at the next in-
struction to be executed in the selected stack frame (see Chapter 8 [Examining
the Stack], page 91). In any selected frame but the innermost, this makes your
program stop as soon as control returns to that frame. This is similar to the
effect of a finish command in the frame inside the selected frame—except that
finish does not leave an active breakpoint. If you use break without an ar-
gument in the innermost frame, gdb stops the next time it reaches the current
location; this may be useful inside loops.
gdb normally ignores breakpoints when it resumes execution, until at least one
instruction has been executed. If it did not do this, you would be unable to pro-
ceed past a breakpoint without first disabling the breakpoint. This rule applies
whether or not the breakpoint already existed when your program stopped.
break ... if cond
Set a breakpoint with condition cond; evaluate the expression cond each time
the breakpoint is reached, and stop only if the value is nonzero—that is, if cond
evaluates as true. ‘...’ stands for one of the possible arguments described
above (or no argument) specifying where to break. See Section 5.1.6 [Break
Conditions], page 60, for more information on breakpoint conditions.
tbreak args
Set a breakpoint enabled only for one stop. The args are the same as for the
break command, and the breakpoint is set in the same way, but the breakpoint
Chapter 5: Stopping and Continuing 47

is automatically deleted after the first time your program stops there. See
Section 5.1.5 [Disabling Breakpoints], page 59.

hbreak args
Set a hardware-assisted breakpoint. The args are the same as for the break
command and the breakpoint is set in the same way, but the breakpoint re-
quires hardware support and some target hardware may not have this support.
The main purpose of this is EPROM/ROM code debugging, so you can set
a breakpoint at an instruction without changing the instruction. This can be
used with the new trap-generation provided by SPARClite DSU and most x86-
based targets. These targets will generate traps when a program accesses some
data or instruction address that is assigned to the debug registers. However
the hardware breakpoint registers can take a limited number of breakpoints.
For example, on the DSU, only two data breakpoints can be set at a time, and
gdb will reject this command if more than two are used. Delete or disable
unused hardware breakpoints before setting new ones (see Section 5.1.5 [Dis-
abling Breakpoints], page 59). See Section 5.1.6 [Break Conditions], page 60.
For remote targets, you can restrict the number of hardware breakpoints gdb
will use, see [set remote hardware-breakpoint-limit], page 259.

thbreak args
Set a hardware-assisted breakpoint enabled only for one stop. The args are the
same as for the hbreak command and the breakpoint is set in the same way.
However, like the tbreak command, the breakpoint is automatically deleted
after the first time your program stops there. Also, like the hbreak command,
the breakpoint requires hardware support and some target hardware may not
have this support. See Section 5.1.5 [Disabling Breakpoints], page 59. See also
Section 5.1.6 [Break Conditions], page 60.

rbreak regex
Set breakpoints on all functions matching the regular expression regex. This
command sets an unconditional breakpoint on all matches, printing a list of all
breakpoints it set. Once these breakpoints are set, they are treated just like the
breakpoints set with the break command. You can delete them, disable them,
or make them conditional the same way as any other breakpoint.
The syntax of the regular expression is the standard one used with tools like
‘grep’. Note that this is different from the syntax used by shells, so for instance
foo* matches all functions that include an fo followed by zero or more os. There
is an implicit .* leading and trailing the regular expression you supply, so to
match only functions that begin with foo, use ^foo.
When debugging C++ programs, rbreak is useful for setting breakpoints on
overloaded functions that are not members of any special classes.
The rbreak command can be used to set breakpoints in all the functions in a
program, like this:
(gdb) rbreak .
48 Debugging with gdb

rbreak file:regex
If rbreak is called with a filename qualification, it limits the search for functions
matching the given regular expression to the specified file. This can be used,
for example, to set breakpoints on every function in a given file:
(gdb) rbreak file.c:.
The colon separating the filename qualifier from the regex may optionally be
surrounded by spaces.
info breakpoints [n...]
info break [n...]
Print a table of all breakpoints, watchpoints, and catchpoints set and not
deleted. Optional argument n means print information only about the spec-
ified breakpoint(s) (or watchpoint(s) or catchpoint(s)). For each breakpoint,
following columns are printed:
Breakpoint Numbers
Type Breakpoint, watchpoint, or catchpoint.
Disposition
Whether the breakpoint is marked to be disabled or deleted when
hit.
Enabled or Disabled
Enabled breakpoints are marked with ‘y’. ‘n’ marks breakpoints
that are not enabled.
Address Where the breakpoint is in your program, as a memory address.
For a pending breakpoint whose address is not yet known, this
field will contain ‘<PENDING>’. Such breakpoint won’t fire until a
shared library that has the symbol or line referred by breakpoint is
loaded. See below for details. A breakpoint with several locations
will have ‘<MULTIPLE>’ in this field—see below for details.
What Where the breakpoint is in the source for your program, as a file and
line number. For a pending breakpoint, the original string passed
to the breakpoint command will be listed as it cannot be resolved
until the appropriate shared library is loaded in the future.
If a breakpoint is conditional, there are two evaluation modes: “host” and
“target”. If mode is “host”, breakpoint condition evaluation is done by gdb on
the host’s side. If it is “target”, then the condition is evaluated by the target.
The info break command shows the condition on the line following the affected
breakpoint, together with its condition evaluation mode in between parentheses.
Breakpoint commands, if any, are listed after that. A pending breakpoint is
allowed to have a condition specified for it. The condition is not parsed for
validity until a shared library is loaded that allows the pending breakpoint to
resolve to a valid location.
info break with a breakpoint number n as argument lists only that break-
point. The convenience variable $_ and the default examining-address for the
x command are set to the address of the last breakpoint listed (see Section 10.6
[Examining Memory], page 117).
Chapter 5: Stopping and Continuing 49

info break displays a count of the number of times the breakpoint has been
hit. This is especially useful in conjunction with the ignore command. You
can ignore a large number of breakpoint hits, look at the breakpoint info to see
how many times the breakpoint was hit, and then run again, ignoring one less
than that number. This will get you quickly to the last hit of that breakpoint.
For a breakpoints with an enable count (xref) greater than 1, info break also
displays that count.
gdb allows you to set any number of breakpoints at the same place in your program.
There is nothing silly or meaningless about this. When the breakpoints are conditional,
this is even useful (see Section 5.1.6 [Break Conditions], page 60).
It is possible that a breakpoint corresponds to several locations in your program. Ex-
amples of this situation are:
• Multiple functions in the program may have the same name.
• For a C++ constructor, the gcc compiler generates several instances of the function
body, used in different cases.
• For a C++ template function, a given line in the function can correspond to any number
of instantiations.
• For an inlined function, a given source line can correspond to several places where that
function is inlined.
In all those cases, gdb will insert a breakpoint at all the relevant locations.
A breakpoint with multiple locations is displayed in the breakpoint table using several
rows—one header row, followed by one row for each breakpoint location. The header row
has ‘<MULTIPLE>’ in the address column. The rows for individual locations contain the
actual addresses for locations, and show the functions to which those locations belong. The
number column for a location is of the form breakpoint-number.location-number.
For example:
Num Type Disp Enb Address What
1 breakpoint keep y <MULTIPLE>
stop only if i==1
breakpoint already hit 1 time
1.1 y 0x080486a2 in void foo<int>() at t.cc:8
1.2 y 0x080486ca in void foo<double>() at t.cc:8
Each location can be individually enabled or disabled by passing breakpoint-
number.location-number as argument to the enable and disable commands. Note that
you cannot delete the individual locations from the list, you can only delete the entire
list of locations that belong to their parent breakpoint (with the delete num command,
where num is the number of the parent breakpoint, 1 in the above example). Disabling
or enabling the parent breakpoint (see Section 5.1.5 [Disabling], page 59) affects all of the
locations that belong to that breakpoint.
It’s quite common to have a breakpoint inside a shared library. Shared libraries can
be loaded and unloaded explicitly, and possibly repeatedly, as the program is executed.
To support this use case, gdb updates breakpoint locations whenever any shared library
is loaded or unloaded. Typically, you would set a breakpoint in a shared library at the
beginning of your debugging session, when the library is not loaded, and when the symbols
50 Debugging with gdb

from the library are not available. When you try to set breakpoint, gdb will ask you if you
want to set a so called pending breakpoint—breakpoint whose address is not yet resolved.
After the program is run, whenever a new shared library is loaded, gdb reevaluates all the
breakpoints. When a newly loaded shared library contains the symbol or line referred to by
some pending breakpoint, that breakpoint is resolved and becomes an ordinary breakpoint.
When a library is unloaded, all breakpoints that refer to its symbols or source lines become
pending again.
This logic works for breakpoints with multiple locations, too. For example, if you have
a breakpoint in a C++ template function, and a newly loaded shared library has an instan-
tiation of that template, a new location is added to the list of locations for the breakpoint.
Except for having unresolved address, pending breakpoints do not differ from regular
breakpoints. You can set conditions or commands, enable and disable them and perform
other breakpoint operations.
gdb provides some additional commands for controlling what happens when the ‘break’
command cannot resolve breakpoint address specification to an address:
set breakpoint pending auto
This is the default behavior. When gdb cannot find the breakpoint location,
it queries you whether a pending breakpoint should be created.
set breakpoint pending on
This indicates that an unrecognized breakpoint location should automatically
result in a pending breakpoint being created.
set breakpoint pending off
This indicates that pending breakpoints are not to be created. Any unrecog-
nized breakpoint location results in an error. This setting does not affect any
pending breakpoints previously created.
show breakpoint pending
Show the current behavior setting for creating pending breakpoints.
The settings above only affect the break command and its variants. Once breakpoint is
set, it will be automatically updated as shared libraries are loaded and unloaded.
For some targets, gdb can automatically decide if hardware or software breakpoints
should be used, depending on whether the breakpoint address is read-only or read-write.
This applies to breakpoints set with the break command as well as to internal breakpoints
set by commands like next and finish. For breakpoints set with hbreak, gdb will always
use hardware breakpoints.
You can control this automatic behaviour with the following commands::
set breakpoint auto-hw on
This is the default behavior. When gdb sets a breakpoint, it will try to use the
target memory map to decide if software or hardware breakpoint must be used.
set breakpoint auto-hw off
This indicates gdb should not automatically select breakpoint type. If the
target provides a memory map, gdb will warn when trying to set software
breakpoint at a read-only address.
Chapter 5: Stopping and Continuing 51

gdb normally implements breakpoints by replacing the program code at the breakpoint
address with a special instruction, which, when executed, given control to the debugger.
By default, the program code is so modified only when the program is resumed. As soon as
the program stops, gdb restores the original instructions. This behaviour guards against
leaving breakpoints inserted in the target should gdb abrubptly disconnect. However, with
slow remote targets, inserting and removing breakpoint can reduce the performance. This
behavior can be controlled with the following commands::
set breakpoint always-inserted off
All breakpoints, including newly added by the user, are inserted in the target
only when the target is resumed. All breakpoints are removed from the target
when it stops. This is the default mode.
set breakpoint always-inserted on
Causes all breakpoints to be inserted in the target at all times. If the user adds
a new breakpoint, or changes an existing breakpoint, the breakpoints in the
target are updated immediately. A breakpoint is removed from the target only
when breakpoint itself is deleted.
gdb handles conditional breakpoints by evaluating these conditions when a breakpoint
breaks. If the condition is true, then the process being debugged stops, otherwise the process
is resumed.
If the target supports evaluating conditions on its end, gdb may download the break-
point, together with its conditions, to it.
This feature can be controlled via the following commands:
set breakpoint condition-evaluation host
This option commands gdb to evaluate the breakpoint conditions on the host’s
side. Unconditional breakpoints are sent to the target which in turn receives
the triggers and reports them back to GDB for condition evaluation. This is
the standard evaluation mode.
set breakpoint condition-evaluation target
This option commands gdb to download breakpoint conditions to the target at
the moment of their insertion. The target is responsible for evaluating the con-
ditional expression and reporting breakpoint stop events back to gdb whenever
the condition is true. Due to limitations of target-side evaluation, some condi-
tions cannot be evaluated there, e.g., conditions that depend on local data that
is only known to the host. Examples include conditional expressions involving
convenience variables, complex types that cannot be handled by the agent ex-
pression parser and expressions that are too long to be sent over to the target,
specially when the target is a remote system. In these cases, the conditions will
be evaluated by gdb.
set breakpoint condition-evaluation auto
This is the default mode. If the target supports evaluating breakpoint condi-
tions on its end, gdb will download breakpoint conditions to the target (limi-
tations mentioned previously apply). If the target does not support breakpoint
condition evaluation, then gdb will fallback to evaluating all these conditions
on the host’s side.
52 Debugging with gdb

gdb itself sometimes sets breakpoints in your program for special purposes, such as
proper handling of longjmp (in C programs). These internal breakpoints are assigned
negative numbers, starting with -1; ‘info breakpoints’ does not display them. You can
see these breakpoints with the gdb maintenance command ‘maint info breakpoints’ (see
[maint info breakpoints], page 589).

5.1.2 Setting Watchpoints

You can use a watchpoint to stop execution whenever the value of an expression changes,
without having to predict a particular place where this may happen. (This is sometimes
called a data breakpoint.) The expression may be as simple as the value of a single variable,
or as complex as many variables combined by operators. Examples include:
• A reference to the value of a single variable.
• An address cast to an appropriate data type. For example, ‘*(int *)0x12345678’ will
watch a 4-byte region at the specified address (assuming an int occupies 4 bytes).
• An arbitrarily complex expression, such as ‘a*b + c/d’. The expression can use any op-
erators valid in the program’s native language (see Chapter 15 [Languages], page 183).
You can set a watchpoint on an expression even if the expression can not be evaluated yet.
For instance, you can set a watchpoint on ‘*global_ptr’ before ‘global_ptr’ is initialized.
gdb will stop when your program sets ‘global_ptr’ and the expression produces a valid
value. If the expression becomes valid in some other way than changing a variable (e.g. if
the memory pointed to by ‘*global_ptr’ becomes readable as the result of a malloc call),
gdb may not stop until the next time the expression changes.
Depending on your system, watchpoints may be implemented in software or hardware.
gdb does software watchpointing by single-stepping your program and testing the variable’s
value each time, which is hundreds of times slower than normal execution. (But this may
still be worth it, to catch errors where you have no clue what part of your program is the
culprit.)
On some systems, such as HP-UX, PowerPC, gnu/Linux and most other x86-based tar-
gets, gdb includes support for hardware watchpoints, which do not slow down the running
of your program.
watch [-l|-location] expr [thread threadnum] [mask maskvalue]
Set a watchpoint for an expression. gdb will break when the expression expr
is written into by the program and its value changes. The simplest (and the
most popular) use of this command is to watch the value of a single variable:
(gdb) watch foo
If the command includes a [thread threadnum] argument, gdb breaks only
when the thread identified by threadnum changes the value of expr. If any other
threads change the value of expr, gdb will not break. Note that watchpoints
restricted to a single thread in this way only work with Hardware Watchpoints.
Ordinarily a watchpoint respects the scope of variables in expr (see below).
The -location argument tells gdb to instead watch the memory referred to
by expr. In this case, gdb will evaluate expr, take the address of the result, and
watch the memory at that address. The type of the result is used to determine
the size of the watched memory. If the expression’s result does not have an
address, then gdb will print an error.
Chapter 5: Stopping and Continuing 53

The [mask maskvalue] argument allows creation of masked watchpoints, if the

current architecture supports this feature (e.g., PowerPC Embedded architec-
ture, see Section 21.3.6 [PowerPC Embedded], page 285.) A masked watchpoint
specifies a mask in addition to an address to watch. The mask specifies that
some bits of an address (the bits which are reset in the mask) should be ignored
when matching the address accessed by the inferior against the watchpoint ad-
dress. Thus, a masked watchpoint watches many addresses simultaneously—
those addresses whose unmasked bits are identical to the unmasked bits in the
watchpoint address. The mask argument implies -location. Examples:
(gdb) watch foo mask 0xffff00ff
(gdb) watch *0xdeadbeef mask 0xffffff00

rwatch [-l|-location] expr [thread threadnum] [mask maskvalue]

Set a watchpoint that will break when the value of expr is read by the program.
awatch [-l|-location] expr [thread threadnum] [mask maskvalue]
Set a watchpoint that will break when expr is either read from or written into
by the program.
info watchpoints [n...]
This command prints a list of watchpoints, using the same format as info
break (see Section 5.1.1 [Set Breaks], page 46).
If you watch for a change in a numerically entered address you need to dereference it, as
the address itself is just a constant number which will never change. gdb refuses to create
a watchpoint that watches a never-changing value:
(gdb) watch 0x600850
Cannot watch constant value 0x600850.
(gdb) watch *(int *) 0x600850
Watchpoint 1: *(int *) 6293584
gdb sets a hardware watchpoint if possible. Hardware watchpoints execute very quickly,
and the debugger reports a change in value at the exact instruction where the change occurs.
If gdb cannot set a hardware watchpoint, it sets a software watchpoint, which executes more
slowly and reports the change in value at the next statement, not the instruction, after the
change occurs.
You can force gdb to use only software watchpoints with the set can-use-hw-
watchpoints 0 command. With this variable set to zero, gdb will never try to use
hardware watchpoints, even if the underlying system supports them. (Note that
hardware-assisted watchpoints that were set before setting can-use-hw-watchpoints to
zero will still use the hardware mechanism of watching expression values.)
set can-use-hw-watchpoints
Set whether or not to use hardware watchpoints.
show can-use-hw-watchpoints
Show the current mode of using hardware watchpoints.
For remote targets, you can restrict the number of hardware watchpoints gdb will use,
see [set remote hardware-breakpoint-limit], page 259.
When you issue the watch command, gdb reports
54 Debugging with gdb

Hardware watchpoint num: expr

if it was able to set a hardware watchpoint.
Currently, the awatch and rwatch commands can only set hardware watchpoints, be-
cause accesses to data that don’t change the value of the watched expression cannot be
detected without examining every instruction as it is being executed, and gdb does not do
that currently. If gdb finds that it is unable to set a hardware breakpoint with the awatch
or rwatch command, it will print a message like this:
Expression cannot be implemented with read/access watchpoint.
Sometimes, gdb cannot set a hardware watchpoint because the data type of the watched
expression is wider than what a hardware watchpoint on the target machine can handle.
For example, some systems can only watch regions that are up to 4 bytes wide; on such sys-
tems you cannot set hardware watchpoints for an expression that yields a double-precision
floating-point number (which is typically 8 bytes wide). As a work-around, it might be pos-
sible to break the large region into a series of smaller ones and watch them with separate
watchpoints.
If you set too many hardware watchpoints, gdb might be unable to insert all of them
when you resume the execution of your program. Since the precise number of active watch-
points is unknown until such time as the program is about to be resumed, gdb might not be
able to warn you about this when you set the watchpoints, and the warning will be printed
only when the program is resumed:
Hardware watchpoint num: Could not insert watchpoint
If this happens, delete or disable some of the watchpoints.
Watching complex expressions that reference many variables can also exhaust the re-
sources available for hardware-assisted watchpoints. That’s because gdb needs to watch
every variable in the expression with separately allocated resources.
If you call a function interactively using print or call, any watchpoints you have set
will be inactive until gdb reaches another kind of breakpoint or the call completes.
gdb automatically deletes watchpoints that watch local (automatic) variables, or expres-
sions that involve such variables, when they go out of scope, that is, when the execution
leaves the block in which these variables were defined. In particular, when the program
being debugged terminates, all local variables go out of scope, and so only watchpoints
that watch global variables remain set. If you rerun the program, you will need to set all
such watchpoints again. One way of doing that would be to set a code breakpoint at the
entry to the main function and when it breaks, set all the watchpoints.
In multi-threaded programs, watchpoints will detect changes to the watched expression
from every thread.
Warning: In multi-threaded programs, software watchpoints have only limited
usefulness. If gdb creates a software watchpoint, it can only watch the value
of an expression in a single thread. If you are confident that the expression can
only change due to the current thread’s activity (and if you are also confident
that no other thread can become current), then you can use software watch-
points as usual. However, gdb may not notice when a non-current thread’s
activity changes the expression. (Hardware watchpoints, in contrast, watch an
expression in all threads.)
See [set remote hardware-watchpoint-limit], page 259.
Chapter 5: Stopping and Continuing 55

5.1.3 Setting Catchpoints

You can use catchpoints to cause the debugger to stop for certain kinds of program events,
such as C++ exceptions or the loading of a shared library. Use the catch command to set
a catchpoint.
catch event
Stop when event occurs. The event can be any of the following:
throw [regexp]
rethrow [regexp]
catch [regexp]
The throwing, re-throwing, or catching of a C++ exception.
If regexp is given, then only exceptions whose type matches the
regular expression will be caught.
The convenience variable $_exception is available at an exception-
related catchpoint, on some systems. This holds the exception be-
ing thrown.
There are currently some limitations to C++ exception handling in
gdb:
• The support for these commands is system-dependent.
Currently, only systems using the ‘gnu-v3’ C++ ABI (see
Section 22.6 [ABI], page 299) are supported.
• The regular expression feature and the $_exception conve-
nience variable rely on the presence of some SDT probes in
libstdc++. If these probes are not present, then these fea-
tures cannot be used. These probes were first available in the
GCC 4.8 release, but whether or not they are available in your
GCC also depends on how it was built.
• The $_exception convenience variable is only valid at the in-
struction at which an exception-related catchpoint is set.
• When an exception-related catchpoint is hit, gdb stops at a
location in the system library which implements runtime ex-
ception support for C++, usually libstdc++. You can use up
(see Section 8.4 [Selection], page 97) to get to your code.
• If you call a function interactively, gdb normally returns con-
trol to you when the function has finished executing. If the call
raises an exception, however, the call may bypass the mecha-
nism that returns control to you and cause your program either
to abort or to simply continue running until it hits a break-
point, catches a signal that gdb is listening for, or exits. This
is the case even if you set a catchpoint for the exception; catch-
points on exceptions are disabled within interactive calls. See
Section 17.5 [Calling], page 225, for information on controlling
this with set unwind-on-terminating-exception.
• You cannot raise an exception interactively.
• You cannot install an exception handler interactively.
56 Debugging with gdb

exception
An Ada exception being raised. If an exception name is specified
at the end of the command (eg catch exception Program_Error),
the debugger will stop only when this specific exception is raised.
Otherwise, the debugger stops execution when any Ada exception
is raised.
When inserting an exception catchpoint on a user-defined exception
whose name is identical to one of the exceptions defined by the lan-
guage, the fully qualified name must be used as the exception name.
Otherwise, gdb will assume that it should stop on the pre-defined
exception rather than the user-defined one. For instance, assum-
ing an exception called Constraint_Error is defined in package
Pck, then the command to use to catch such exceptions is catch
exception Pck.Constraint_Error.
exception unhandled
An exception that was raised but is not handled by the program.
assert A failed Ada assertion.
exec A call to exec. This is currently only available for HP-UX and
gnu/Linux.
syscall
syscall [name | number] ...
A call to or return from a system call, a.k.a. syscall. A syscall is a
mechanism for application programs to request a service from the
operating system (OS) or one of the OS system services. gdb can
catch some or all of the syscalls issued by the debuggee, and show
the related information for each syscall. If no argument is specified,
calls to and returns from all system calls will be caught.
name can be any system call name that is valid for the underlying
OS. Just what syscalls are valid depends on the OS. On GNU and
Unix systems, you can find the full list of valid syscall names on
‘/usr/include/asm/unistd.h’.
Normally, gdb knows in advance which syscalls are valid for each
OS, so you can use the gdb command-line completion facilities (see
Section 3.2 [command completion], page 19) to list the available
choices.
You may also specify the system call numerically. A syscall’s num-
ber is the value passed to the OS’s syscall dispatcher to identify
the requested service. When you specify the syscall by its name,
gdb uses its database of syscalls to convert the name into the cor-
responding numeric code, but using the number directly may be
useful if gdb’s database does not have the complete list of syscalls
on your system (e.g., because gdb lags behind the OS upgrades).
The example below illustrates how this command works if you don’t
provide arguments to it:
Chapter 5: Stopping and Continuing 57

(gdb) catch syscall

Catchpoint 1 (syscall)
(gdb) r
Starting program: /tmp/catch-syscall

Catchpoint 1 (call to syscall ’close’), \

0xffffe424 in __kernel_vsyscall ()
(gdb) c
Continuing.

Catchpoint 1 (returned from syscall ’close’), \

0xffffe424 in __kernel_vsyscall ()
(gdb)
Here is an example of catching a system call by name:
(gdb) catch syscall chroot
Catchpoint 1 (syscall ’chroot’ [61])
(gdb) r
Starting program: /tmp/catch-syscall

Catchpoint 1 (call to syscall ’chroot’), \

0xffffe424 in __kernel_vsyscall ()
(gdb) c
Continuing.

Catchpoint 1 (returned from syscall ’chroot’), \

0xffffe424 in __kernel_vsyscall ()
(gdb)
An example of specifying a system call numerically. In the case
below, the syscall number has a corresponding entry in the XML
file, so gdb finds its name and prints it:
(gdb) catch syscall 252
Catchpoint 1 (syscall(s) ’exit_group’)
(gdb) r
Starting program: /tmp/catch-syscall

Catchpoint 1 (call to syscall ’exit_group’), \

0xffffe424 in __kernel_vsyscall ()
(gdb) c
Continuing.

Program exited normally.

(gdb)
However, there can be situations when there is no corresponding
name in XML file for that syscall number. In this case, gdb prints
a warning message saying that it was not able to find the syscall
name, but the catchpoint will be set anyway. See the example
below:
(gdb) catch syscall 764
warning: The number ’764’ does not represent a known syscall.
Catchpoint 2 (syscall 764)
(gdb)
If you configure gdb using the ‘--without-expat’ option, it will
not be able to display syscall names. Also, if your architecture does
not have an XML file describing its system calls, you will not be
58 Debugging with gdb

able to see the syscall names. It is important to notice that these

two features are used for accessing the syscall name database. In
either case, you will see a warning like this:
(gdb) catch syscall
warning: Could not open "syscalls/i386-linux.xml"
warning: Could not load the syscall XML file ’syscalls/i386-linux.xml’.
GDB will not be able to display syscall names.
Catchpoint 1 (syscall)
(gdb)
Of course, the file name will change depending on your architecture
and system.
Still using the example above, you can also try to catch a syscall
by its number. In this case, you would see something like:
(gdb) catch syscall 252
Catchpoint 1 (syscall(s) 252)
Again, in this case gdb would not be able to display syscall’s names.
fork A call to fork. This is currently only available for HP-UX and
gnu/Linux.
vfork A call to vfork. This is currently only available for HP-UX and
gnu/Linux.
load [regexp]
unload [regexp]
The loading or unloading of a shared library. If regexp is given,
then the catchpoint will stop only if the regular expression matches
one of the affected libraries.
signal [signal... | ‘all’]
The delivery of a signal.
With no arguments, this catchpoint will catch any signal that is not
used internally by gdb, specifically, all signals except ‘SIGTRAP’ and
‘SIGINT’.
With the argument ‘all’, all signals, including those used by gdb,
will be caught. This argument cannot be used with other signal
names.
Otherwise, the arguments are a list of signal names as given to
handle (see Section 5.4 [Signals], page 73). Only signals specified
in this list will be caught.
One reason that catch signal can be more useful than handle is
that you can attach commands and conditions to the catchpoint.
When a signal is caught by a catchpoint, the signal’s stop and
print settings, as specified by handle, are ignored. However,
whether the signal is still delivered to the inferior depends on the
pass setting; this can be changed in the catchpoint’s commands.
tcatch event
Set a catchpoint that is enabled only for one stop. The catchpoint is automat-
ically deleted after the first time the event is caught.
Chapter 5: Stopping and Continuing 59

Use the info break command to list the current catchpoints.

5.1.4 Deleting Breakpoints

It is often necessary to eliminate a breakpoint, watchpoint, or catchpoint once it has done
its job and you no longer want your program to stop there. This is called deleting the
breakpoint. A breakpoint that has been deleted no longer exists; it is forgotten.
With the clear command you can delete breakpoints according to where they are in your
program. With the delete command you can delete individual breakpoints, watchpoints,
or catchpoints by specifying their breakpoint numbers.
It is not necessary to delete a breakpoint to proceed past it. gdb automatically ignores
breakpoints on the first instruction to be executed when you continue execution without
changing the execution address.
clear Delete any breakpoints at the next instruction to be executed in the selected
stack frame (see Section 8.4 [Selecting a Frame], page 97). When the innermost
frame is selected, this is a good way to delete a breakpoint where your program
just stopped.
clear location
Delete any breakpoints set at the specified location. See Section 9.2 [Specify
Location], page 100, for the various forms of location; the most useful ones are
listed below:
clear function
clear filename:function
Delete any breakpoints set at entry to the named function.
clear linenum
clear filename:linenum
Delete any breakpoints set at or within the code of the specified
linenum of the specified filename.
delete [breakpoints] [range...]
Delete the breakpoints, watchpoints, or catchpoints of the breakpoint ranges
specified as arguments. If no argument is specified, delete all breakpoints (gdb
asks confirmation, unless you have set confirm off). You can abbreviate this
command as d.

5.1.5 Disabling Breakpoints

Rather than deleting a breakpoint, watchpoint, or catchpoint, you might prefer to disable
it. This makes the breakpoint inoperative as if it had been deleted, but remembers the
information on the breakpoint so that you can enable it again later.
You disable and enable breakpoints, watchpoints, and catchpoints with the enable and
disable commands, optionally specifying one or more breakpoint numbers as arguments.
Use info break to print a list of all breakpoints, watchpoints, and catchpoints if you do
not know which numbers to use.
Disabling and enabling a breakpoint that has multiple locations affects all of its locations.
A breakpoint, watchpoint, or catchpoint can have any of several different states of en-
ablement:
60 Debugging with gdb

• Enabled. The breakpoint stops your program. A breakpoint set with the break com-
mand starts out in this state.
• Disabled. The breakpoint has no effect on your program.
• Enabled once. The breakpoint stops your program, but then becomes disabled.
• Enabled for a count. The breakpoint stops your program for the next N times, then
becomes disabled.
• Enabled for deletion. The breakpoint stops your program, but immediately after it
does so it is deleted permanently. A breakpoint set with the tbreak command starts
out in this state.
You can use the following commands to enable or disable breakpoints, watchpoints, and
catchpoints:
disable [breakpoints] [range...]
Disable the specified breakpoints—or all breakpoints, if none are listed. A
disabled breakpoint has no effect but is not forgotten. All options such as
ignore-counts, conditions and commands are remembered in case the breakpoint
is enabled again later. You may abbreviate disable as dis.
enable [breakpoints] [range...]
Enable the specified breakpoints (or all defined breakpoints). They become
effective once again in stopping your program.
enable [breakpoints] once range...
Enable the specified breakpoints temporarily. gdb disables any of these break-
points immediately after stopping your program.
enable [breakpoints] count count range...
Enable the specified breakpoints temporarily. gdb records count with each of
the specified breakpoints, and decrements a breakpoint’s count when it is hit.
When any count reaches 0, gdb disables that breakpoint. If a breakpoint has
an ignore count (see Section 5.1.6 [Break Conditions], page 60), that will be
decremented to 0 before count is affected.
enable [breakpoints] delete range...
Enable the specified breakpoints to work once, then die. gdb deletes any of
these breakpoints as soon as your program stops there. Breakpoints set by the
tbreak command start out in this state.
Except for a breakpoint set with tbreak (see Section 5.1.1 [Setting Breakpoints],
page 46), breakpoints that you set are initially enabled; subsequently, they become
disabled or enabled only when you use one of the commands above. (The command until
can set and delete a breakpoint of its own, but it does not change the state of your other
breakpoints; see Section 5.2 [Continuing and Stepping], page 68.)

5.1.6 Break Conditions

The simplest sort of breakpoint breaks every time your program reaches a specified place.
You can also specify a condition for a breakpoint. A condition is just a Boolean expression in
your programming language (see Section 10.1 [Expressions], page 111). A breakpoint with
Chapter 5: Stopping and Continuing 61

a condition evaluates the expression each time your program reaches it, and your program
stops only if the condition is true.
This is the converse of using assertions for program validation; in that situation, you
want to stop when the assertion is violated—that is, when the condition is false. In C, if
you want to test an assertion expressed by the condition assert, you should set the condition
‘! assert’ on the appropriate breakpoint.
Conditions are also accepted for watchpoints; you may not need them, since a watchpoint
is inspecting the value of an expression anyhow—but it might be simpler, say, to just set a
watchpoint on a variable name, and specify a condition that tests whether the new value is
an interesting one.
Break conditions can have side effects, and may even call functions in your program. This
can be useful, for example, to activate functions that log program progress, or to use your
own print functions to format special data structures. The effects are completely predictable
unless there is another enabled breakpoint at the same address. (In that case, gdb might
see the other breakpoint first and stop your program without checking the condition of
this one.) Note that breakpoint commands are usually more convenient and flexible than
break conditions for the purpose of performing side effects when a breakpoint is reached
(see Section 5.1.7 [Breakpoint Command Lists], page 62).
Breakpoint conditions can also be evaluated on the target’s side if the target supports
it. Instead of evaluating the conditions locally, gdb encodes the expression into an agent
expression (see Appendix F [Agent Expressions], page 663) suitable for execution on the
target, independently of gdb. Global variables become raw memory locations, locals become
stack accesses, and so forth.
In this case, gdb will only be notified of a breakpoint trigger when its condition evaluates
to true. This mechanism may provide faster response times depending on the performance
characteristics of the target since it does not need to keep gdb informed about every break-
point trigger, even those with false conditions.
Break conditions can be specified when a breakpoint is set, by using ‘if’ in the arguments
to the break command. See Section 5.1.1 [Setting Breakpoints], page 46. They can also be
changed at any time with the condition command.
You can also use the if keyword with the watch command. The catch command does
not recognize the if keyword; condition is the only way to impose a further condition on
a catchpoint.
condition bnum expression
Specify expression as the break condition for breakpoint, watchpoint, or catch-
point number bnum. After you set a condition, breakpoint bnum stops your
program only if the value of expression is true (nonzero, in C). When you
use condition, gdb checks expression immediately for syntactic correctness,
and to determine whether symbols in it have referents in the context of your
breakpoint. If expression uses symbols not referenced in the context of the
breakpoint, gdb prints an error message:
No symbol "foo" in current context.
gdb does not actually evaluate expression at the time the condition command
(or a command that sets a breakpoint with a condition, like break if ...) is
given, however. See Section 10.1 [Expressions], page 111.
62 Debugging with gdb

condition bnum
Remove the condition from breakpoint number bnum. It becomes an ordinary
unconditional breakpoint.
A special case of a breakpoint condition is to stop only when the breakpoint has been
reached a certain number of times. This is so useful that there is a special way to do it,
using the ignore count of the breakpoint. Every breakpoint has an ignore count, which is
an integer. Most of the time, the ignore count is zero, and therefore has no effect. But if
your program reaches a breakpoint whose ignore count is positive, then instead of stopping,
it just decrements the ignore count by one and continues. As a result, if the ignore count
value is n, the breakpoint does not stop the next n times your program reaches it.
ignore bnum count
Set the ignore count of breakpoint number bnum to count. The next count
times the breakpoint is reached, your program’s execution does not stop; other
than to decrement the ignore count, gdb takes no action.
To make the breakpoint stop the next time it is reached, specify a count of zero.
When you use continue to resume execution of your program from a break-
point, you can specify an ignore count directly as an argument to continue,
rather than using ignore. See Section 5.2 [Continuing and Stepping], page 68.
If a breakpoint has a positive ignore count and a condition, the condition is
not checked. Once the ignore count reaches zero, gdb resumes checking the
condition.
You could achieve the effect of the ignore count with a condition such as
‘$foo-- <= 0’ using a debugger convenience variable that is decremented each
time. See Section 10.11 [Convenience Variables], page 132.
Ignore counts apply to breakpoints, watchpoints, and catchpoints.

5.1.7 Breakpoint Command Lists

You can give any breakpoint (or watchpoint or catchpoint) a series of commands to execute
when your program stops due to that breakpoint. For example, you might want to print
the values of certain expressions, or enable other breakpoints.
commands [range...]
... command-list ...
end Specify a list of commands for the given breakpoints. The commands themselves
appear on the following lines. Type a line containing just end to terminate the
commands.
To remove all commands from a breakpoint, type commands and follow it im-
mediately with end; that is, give no commands.
With no argument, commands refers to the last breakpoint, watchpoint, or catch-
point set (not to the breakpoint most recently encountered). If the most recent
breakpoints were set with a single command, then the commands will apply
to all the breakpoints set by that command. This applies to breakpoints set
by rbreak, and also applies when a single break command creates multiple
breakpoints (see Section 10.2 [Ambiguous Expressions], page 112).
Chapter 5: Stopping and Continuing 63

Pressing RET as a means of repeating the last gdb command is disabled within a
command-list.
You can use breakpoint commands to start your program up again. Simply use the
continue command, or step, or any other command that resumes execution.
Any other commands in the command list, after a command that resumes execution, are
ignored. This is because any time you resume execution (even with a simple next or step),
you may encounter another breakpoint—which could have its own command list, leading
to ambiguities about which list to execute.
If the first command you specify in a command list is silent, the usual message about
stopping at a breakpoint is not printed. This may be desirable for breakpoints that are
to print a specific message and then continue. If none of the remaining commands print
anything, you see no sign that the breakpoint was reached. silent is meaningful only at
the beginning of a breakpoint command list.
The commands echo, output, and printf allow you to print precisely controlled output,
and are often useful in silent breakpoints. See Section 23.1.4 [Commands for Controlled
Output], page 315.
For example, here is how you could use breakpoint commands to print the value of x at
entry to foo whenever x is positive.
break foo if x>0
commands
silent
printf "x is %d\n",x
cont
end
One application for breakpoint commands is to compensate for one bug so you can test
for another. Put a breakpoint just after the erroneous line of code, give it a condition
to detect the case in which something erroneous has been done, and give it commands to
assign correct values to any variables that need them. End with the continue command so
that your program does not stop, and start with the silent command so that no output
is produced. Here is an example:
break 403
commands
silent
set x = y + 4
cont
end

5.1.8 Dynamic Printf

The dynamic printf command dprintf combines a breakpoint with formatted printing of
your program’s data to give you the effect of inserting printf calls into your program
on-the-fly, without having to recompile it.
In its most basic form, the output goes to the GDB console. However, you can set
the variable dprintf-style for alternate handling. For instance, you can ask to format
the output by calling your program’s printf function. This has the advantage that the
characters go to the program’s output device, so they can recorded in redirects to files and
so forth.
64 Debugging with gdb

If you are doing remote debugging with a stub or agent, you can also ask to have the
printf handled by the remote agent. In addition to ensuring that the output goes to the
remote program’s device along with any other output the program might produce, you can
also ask that the dprintf remain active even after disconnecting from the remote target.
Using the stub/agent is also more efficient, as it can do everything without needing to
communicate with gdb.
dprintf location,template,expression[,expression...]
Whenever execution reaches location, print the values of one or more expressions
under the control of the string template. To print several values, separate them
with commas.
set dprintf-style style
Set the dprintf output to be handled in one of several different styles enumerated
below. A change of style affects all existing dynamic printfs immediately. (If
you need individual control over the print commands, simply define normal
breakpoints with explicitly-supplied command lists.)
gdb Handle the output using the gdb printf command.
call Handle the output by calling a function in your program (normally printf).
agent Have the remote debugging agent (such as gdbserver) handle the output itself.
This style is only available for agents that support running commands on the
target.
set dprintf-function function
Set the function to call if the dprintf style is call. By default its value is
printf. You may set it to any expression. that gdb can evaluate to a function,
as per the call command.
set dprintf-channel channel
Set a “channel” for dprintf. If set to a non-empty value, gdb will evaluate it as
an expression and pass the result as a first argument to the dprintf-function,
in the manner of fprintf and similar functions. Otherwise, the dprintf format
string will be the first argument, in the manner of printf.
As an example, if you wanted dprintf output to go to a logfile that is a standard
I/O stream assigned to the variable mylog, you could do the following:
(gdb) set dprintf-style call
(gdb) set dprintf-function fprintf
(gdb) set dprintf-channel mylog
(gdb) dprintf 25,"at line 25, glob=%d\n",glob
Dprintf 1 at 0x123456: file main.c, line 25.
(gdb) info break
1 dprintf keep y 0x00123456 in main at main.c:25
call (void) fprintf (mylog,"at line 25, glob=%d\n",glob)
continue
(gdb)
Note that the info break displays the dynamic printf commands as normal
breakpoint commands; you can thus easily see the effect of the variable settings.
Chapter 5: Stopping and Continuing 65

set disconnected-dprintf on
set disconnected-dprintf off
Choose whether dprintf commands should continue to run if gdb has discon-
nected from the target. This only applies if the dprintf-style is agent.
show disconnected-dprintf off
Show the current choice for disconnected dprintf.
gdb does not check the validity of function and channel, relying on you to supply values
that are meaningful for the contexts in which they are being used. For instance, the function
and channel may be the values of local variables, but if that is the case, then all enabled
dynamic prints must be at locations within the scope of those locals. If evaluation fails,
gdb will report an error.

5.1.9 How to save breakpoints to a file

To save breakpoint definitions to a file use the save breakpoints command.
save breakpoints [filename]
This command saves all current breakpoint definitions together with their com-
mands and ignore counts, into a file ‘filename’ suitable for use in a later debug-
ging session. This includes all types of breakpoints (breakpoints, watchpoints,
catchpoints, tracepoints). To read the saved breakpoint definitions, use the
source command (see Section 23.1.3 [Command Files], page 314). Note that
watchpoints with expressions involving local variables may fail to be recreated
because it may not be possible to access the context where the watchpoint is
valid anymore. Because the saved breakpoint definitions are simply a sequence
of gdb commands that recreate the breakpoints, you can edit the file in your
favorite editing program, and remove the breakpoint definitions you’re not in-
terested in, or that can no longer be recreated.

5.1.10 Static Probe Points

gdb supports SDT probes in the code. SDT stands for Statically Defined Tracing, and
the probes are designed to have a tiny runtime code and data footprint, and no dynamic
relocations.
Currently, the following types of probes are supported on ELF-compatible systems:
• SystemTap (http://sourceware.org/systemtap/) SDT probes1 . SystemTap probes
are usable from assembly, C and C++ languages2 .
• DTrace (http://oss.oracle.com/projects/DTrace) USDT probes. DTrace probes
are usable from C and C++ languages.
Some SystemTap probes have an associated semaphore variable; for instance, this hap-
pens automatically if you defined your probe using a DTrace-style ‘.d’ file. If your probe
has a semaphore, gdb will automatically enable it when you specify a breakpoint using
the ‘-probe-stap’ notation. But, if you put a breakpoint at a probe’s location by some
1
See http://sourceware.org/systemtap/wiki/AddingUserSpaceProbingToApps for more information
on how to add SystemTap SDT probes in your applications.
2
See http://sourceware.org/systemtap/wiki/UserSpaceProbeImplementation for a good reference on
how the SDT probes are implemented.
66 Debugging with gdb

other method (e.g., break file:line), then gdb will not automatically set the semaphore.
DTrace probes do not support semaphores.
You can examine the available static static probes using info probes, with optional
arguments:
info probes [type] [provider [name [objfile]]]
If given, type is either stap for listing SystemTap probes or dtrace for listing
DTrace probes. If omitted all probes are listed regardless of their types.
If given, provider is a regular expression used to match against provider names
when selecting which probes to list. If omitted, probes by all probes from all
providers are listed.
If given, name is a regular expression to match against probe names when
selecting which probes to list. If omitted, probe names are not considered when
deciding whether to display them.
If given, objfile is a regular expression used to select which object files (exe-
cutable or shared libraries) to examine. If not given, all object files are consid-
ered.
info probes all
List the available static probes, from all types.
Some probe points can be enabled and/or disabled. The effect of enabling or disabling
a probe depends on the type of probe being handled. Some DTrace probes can be enabled
or disabled, but SystemTap probes cannot be disabled.
You can enable (or disable) one or more probes using the following commands, with
optional arguments:
enable probes [provider [name [objfile]]]
If given, provider is a regular expression used to match against provider names
when selecting which probes to enable. If omitted, all probes from all providers
are enabled.
If given, name is a regular expression to match against probe names when
selecting which probes to enable. If omitted, probe names are not considered
when deciding whether to enable them.
If given, objfile is a regular expression used to select which object files (exe-
cutable or shared libraries) to examine. If not given, all object files are consid-
ered.
disable probes [provider [name [objfile]]]
See the enable probes command above for a description of the optional argu-
ments accepted by this command.
A probe may specify up to twelve arguments. These are available at the point at which
the probe is defined—that is, when the current PC is at the probe’s location. The argu-
ments are available using the convenience variables (see Section 10.11 [Convenience Vars],
page 132) $_probe_arg0. . . $_probe_arg11. In SystemTap probes each probe argument is
an integer of the appropriate size; types are not preserved. In DTrace probes types are
preserved provided that they are recognized as such by gdb; otherwise the value of the
Chapter 5: Stopping and Continuing 67

probe argument will be a long integer. The convenience variable $_probe_argc holds the
number of arguments at the current probe point.
These variables are always available, but attempts to access them at any location other
than a probe point will cause gdb to give an error message.

5.1.11 “Cannot insert breakpoints”

If you request too many active hardware-assisted breakpoints and watchpoints, you will see
this error message:
Stopped; cannot insert breakpoints.
You may have requested too many hardware breakpoints and watchpoints.

This message is printed when you attempt to resume the program, since only then gdb
knows exactly how many hardware breakpoints and watchpoints it needs to insert.
When this message is printed, you need to disable or remove some of the hardware-
assisted breakpoints and watchpoints, and then continue.

5.1.12 “Breakpoint address adjusted...”

Some processor architectures place constraints on the addresses at which breakpoints may
be placed. For architectures thus constrained, gdb will attempt to adjust the breakpoint’s
address to comply with the constraints dictated by the architecture.
One example of such an architecture is the Fujitsu FR-V. The FR-V is a VLIW archi-
tecture in which a number of RISC-like instructions may be bundled together for parallel
execution. The FR-V architecture constrains the location of a breakpoint instruction within
such a bundle to the instruction with the lowest address. gdb honors this constraint by
adjusting a breakpoint’s address to the first in the bundle.
It is not uncommon for optimized code to have bundles which contain instructions from
different source statements, thus it may happen that a breakpoint’s address will be adjusted
from one source statement to another. Since this adjustment may significantly alter gdb’s
breakpoint related behavior from what the user expects, a warning is printed when the
breakpoint is first set and also when the breakpoint is hit.
A warning like the one below is printed when setting a breakpoint that’s been subject
to address adjustment:
warning: Breakpoint address adjusted from 0x00010414 to 0x00010410.

Such warnings are printed both for user settable and gdb’s internal breakpoints. If you
see one of these warnings, you should verify that a breakpoint set at the adjusted address
will have the desired affect. If not, the breakpoint in question may be removed and other
breakpoints may be set which will have the desired behavior. E.g., it may be sufficient to
place the breakpoint at a later instruction. A conditional breakpoint may also be useful in
some cases to prevent the breakpoint from triggering too often.
gdb will also issue a warning when stopping at one of these adjusted breakpoints:
warning: Breakpoint 1 address previously adjusted from 0x00010414
to 0x00010410.

When this warning is encountered, it may be too late to take remedial action except in
cases where the breakpoint is hit earlier or more frequently than expected.
68 Debugging with gdb

5.2 Continuing and Stepping

Continuing means resuming program execution until your program completes normally. In
contrast, stepping means executing just one more “step” of your program, where “step”
may mean either one line of source code, or one machine instruction (depending on what
particular command you use). Either when continuing or when stepping, your program may
stop even sooner, due to a breakpoint or a signal. (If it stops due to a signal, you may want
to use handle, or use ‘signal 0’ to resume execution (see Section 5.4 [Signals], page 73),
or you may step into the signal’s handler (see [stepping and signal handlers], page 74).)

continue [ignore-count]
c [ignore-count]
fg [ignore-count]
Resume program execution, at the address where your program last stopped;
any breakpoints set at that address are bypassed. The optional argument
ignore-count allows you to specify a further number of times to ignore a break-
point at this location; its effect is like that of ignore (see Section 5.1.6 [Break
Conditions], page 60).
The argument ignore-count is meaningful only when your program stopped due
to a breakpoint. At other times, the argument to continue is ignored.
The synonyms c and fg (for foreground, as the debugged program is deemed
to be the foreground program) are provided purely for convenience, and have
exactly the same behavior as continue.

To resume execution at a different place, you can use return (see Section 17.4 [Returning
from a Function], page 224) to go back to the calling function; or jump (see Section 17.2
[Continuing at a Different Address], page 222) to go to an arbitrary location in your program.
A typical technique for using stepping is to set a breakpoint (see Section 5.1 [Breakpoints;
Watchpoints; and Catchpoints], page 45) at the beginning of the function or the section
of your program where a problem is believed to lie, run your program until it stops at
that breakpoint, and then step through the suspect area, examining the variables that are
interesting, until you see the problem happen.

step Continue running your program until control reaches a different source line,
then stop it and return control to gdb. This command is abbreviated s.
Warning: If you use the step command while control is within
a function that was compiled without debugging information, ex-
ecution proceeds until control reaches a function that does have
debugging information. Likewise, it will not step into a function
which is compiled without debugging information. To step through
functions without debugging information, use the stepi command,
described below.
The step command only stops at the first instruction of a source line. This pre-
vents the multiple stops that could otherwise occur in switch statements, for
loops, etc. step continues to stop if a function that has debugging information
is called within the line. In other words, step steps inside any functions called
within the line.
Chapter 5: Stopping and Continuing 69

Also, the step command only enters a function if there is line number infor-
mation for the function. Otherwise it acts like the next command. This avoids
problems when using cc -gl on MIPS machines. Previously, step entered sub-
routines if there was any debugging information about the routine.
step count
Continue running as in step, but do so count times. If a breakpoint is reached,
or a signal not related to stepping occurs before count steps, stepping stops
right away.
next [count]
Continue to the next source line in the current (innermost) stack frame. This
is similar to step, but function calls that appear within the line of code are
executed without stopping. Execution stops when control reaches a different
line of code at the original stack level that was executing when you gave the
next command. This command is abbreviated n.
An argument count is a repeat count, as for step.
The next command only stops at the first instruction of a source line. This
prevents multiple stops that could otherwise occur in switch statements, for
loops, etc.
set step-mode
set step-mode on
The set step-mode on command causes the step command to stop at the first
instruction of a function which contains no debug line information rather than
stepping over it.
This is useful in cases where you may be interested in inspecting the machine
instructions of a function which has no symbolic info and do not want gdb to
automatically skip over this function.
set step-mode off
Causes the step command to step over any functions which contains no debug
information. This is the default.
show step-mode
Show whether gdb will stop in or step over functions without source line debug
information.
finish Continue running until just after function in the selected stack frame returns.
Print the returned value (if any). This command can be abbreviated as fin.
Contrast this with the return command (see Section 17.4 [Returning from a
Function], page 224).
until
u Continue running until a source line past the current line, in the current stack
frame, is reached. This command is used to avoid single stepping through a loop
more than once. It is like the next command, except that when until encoun-
ters a jump, it automatically continues execution until the program counter is
greater than the address of the jump.
70 Debugging with gdb

This means that when you reach the end of a loop after single stepping though
it, until makes your program continue execution until it exits the loop. In con-
trast, a next command at the end of a loop simply steps back to the beginning
of the loop, which forces you to step through the next iteration.
until always stops your program if it attempts to exit the current stack frame.
until may produce somewhat counterintuitive results if the order of machine
code does not match the order of the source lines. For example, in the following
excerpt from a debugging session, the f (frame) command shows that execution
is stopped at line 206; yet when we use until, we get to line 195:
(gdb) f
#0 main (argc=4, argv=0xf7fffae8) at m4.c:206
206 expand_input();
(gdb) until
195 for ( ; argc > 0; NEXTARG) {
This happened because, for execution efficiency, the compiler had generated
code for the loop closure test at the end, rather than the start, of the loop—
even though the test in a C for-loop is written before the body of the loop.
The until command appeared to step back to the beginning of the loop when
it advanced to this expression; however, it has not really gone to an earlier
statement—not in terms of the actual machine code.
until with no argument works by means of single instruction stepping, and
hence is slower than until with an argument.
until location
u location
Continue running your program until either the specified location is reached,
or the current stack frame returns. The location is any of the forms described
in Section 9.2 [Specify Location], page 100. This form of the command uses
temporary breakpoints, and hence is quicker than until without an argument.
The specified location is actually reached only if it is in the current frame. This
implies that until can be used to skip over recursive function invocations. For
instance in the code below, if the current location is line 96, issuing until 99
will execute the program up to line 99 in the same invocation of factorial, i.e.,
after the inner invocations have returned.
94 int factorial (int value)
95 {
96 if (value > 1) {
97 value *= factorial (value - 1);
98 }
99 return (value);
100 }

advance location
Continue running the program up to the given location. An argument is re-
quired, which should be of one of the forms described in Section 9.2 [Specify
Location], page 100. Execution will also stop upon exit from the current stack
frame. This command is similar to until, but advance will not skip over re-
cursive function calls, and the target location doesn’t have to be in the same
frame as the current one.
Chapter 5: Stopping and Continuing 71

stepi
stepi arg
si Execute one machine instruction, then stop and return to the debugger.
It is often useful to do ‘display/i $pc’ when stepping by machine instructions.
This makes gdb automatically display the next instruction to be executed, each
time your program stops. See Section 10.7 [Automatic Display], page 120.
An argument is a repeat count, as in step.
nexti
nexti arg
ni Execute one machine instruction, but if it is a function call, proceed until the
function returns.
An argument is a repeat count, as in next.
By default, and if available, gdb makes use of target-assisted range stepping. In other
words, whenever you use a stepping command (e.g., step, next), gdb tells the target to
step the corresponding range of instruction addresses instead of issuing multiple single-steps.
This speeds up line stepping, particularly for remote targets. Ideally, there should be no
reason you would want to turn range stepping off. However, it’s possible that a bug in the
debug info, a bug in the remote stub (for remote targets), or even a bug in gdb could make
line stepping behave incorrectly when target-assisted range stepping is enabled. You can
use the following command to turn off range stepping if necessary:
set range-stepping
show range-stepping
Control whether range stepping is enabled.
If on, and the target supports it, gdb tells the target to step a range of addresses
itself, instead of issuing multiple single-steps. If off, gdb always issues single-
steps, even if range stepping is supported by the target. The default is on.

5.3 Skipping Over Functions and Files

The program you are debugging may contain some functions which are uninteresting to
debug. The skip comand lets you tell gdb to skip a function or all functions in a file when
stepping.
For example, consider the following C function:
101 int func()
102 {
103 foo(boring());
104 bar(boring());
105 }
Suppose you wish to step into the functions foo and bar, but you are not interested in
stepping through boring. If you run step at line 103, you’ll enter boring(), but if you run
next, you’ll step over both foo and boring!
One solution is to step into boring and use the finish command to immediately exit
it. But this can become tedious if boring is called from many places.
A more flexible solution is to execute skip boring. This instructs gdb never to step
into boring. Now when you execute step at line 103, you’ll step over boring and directly
into foo.
72 Debugging with gdb

You can also instruct gdb to skip all functions in a file, with, for example, skip file
boring.c.
skip [linespec]
skip function [linespec]
After running this command, the function named by linespec or the function
containing the line named by linespec will be skipped over when stepping. See
Section 9.2 [Specify Location], page 100.
If you do not specify linespec, the function you’re currently debugging will be
skipped.
(If you have a function called file that you want to skip, use skip function
file.)
skip file [filename]
After running this command, any function whose source lives in filename will
be skipped over when stepping.
If you do not specify filename, functions whose source lives in the file you’re
currently debugging will be skipped.
Skips can be listed, deleted, disabled, and enabled, much like breakpoints. These are
the commands for managing your list of skips:
info skip [range]
Print details about the specified skip(s). If range is not specified, print a table
with details about all functions and files marked for skipping. info skip prints
the following information about each skip:
Identifier A number identifying this skip.
Type The type of this skip, either ‘function’ or ‘file’.
Enabled or Disabled
Enabled skips are marked with ‘y’. Disabled skips are marked with
‘n’.
Address For function skips, this column indicates the address in memory
of the function being skipped. If you’ve set a function skip on
a function which has not yet been loaded, this field will contain
‘<PENDING>’. Once a shared library which has the function is
loaded, info skip will show the function’s address here.
What For file skips, this field contains the filename being skipped. For
functions skips, this field contains the function name and its line
number in the file where it is defined.
skip delete [range]
Delete the specified skip(s). If range is not specified, delete all skips.
skip enable [range]
Enable the specified skip(s). If range is not specified, enable all skips.
skip disable [range]
Disable the specified skip(s). If range is not specified, disable all skips.
Chapter 5: Stopping and Continuing 73

5.4 Signals
A signal is an asynchronous event that can happen in a program. The operating system
defines the possible kinds of signals, and gives each kind a name and a number. For example,
in Unix SIGINT is the signal a program gets when you type an interrupt character (often
Ctrl-c); SIGSEGV is the signal a program gets from referencing a place in memory far
away from all the areas in use; SIGALRM occurs when the alarm clock timer goes off (which
happens only if your program has requested an alarm).
Some signals, including SIGALRM, are a normal part of the functioning of your program.
Others, such as SIGSEGV, indicate errors; these signals are fatal (they kill your program
immediately) if the program has not specified in advance some other way to handle the
signal. SIGINT does not indicate an error in your program, but it is normally fatal so it can
carry out the purpose of the interrupt: to kill the program.
gdb has the ability to detect any occurrence of a signal in your program. You can tell
gdb in advance what to do for each kind of signal.
Normally, gdb is set up to let the non-erroneous signals like SIGALRM be silently passed
to your program (so as not to interfere with their role in the program’s functioning) but to
stop your program immediately whenever an error signal happens. You can change these
settings with the handle command.
info signals
info handle
Print a table of all the kinds of signals and how gdb has been told to handle
each one. You can use this to see the signal numbers of all the defined types of
signals.
info signals sig
Similar, but print information only about the specified signal number.
info handle is an alias for info signals.
catch signal [signal... | ‘all’]
Set a catchpoint for the indicated signals. See Section 5.1.3 [Set Catchpoints],
page 55, for details about this command.
handle signal [keywords...]
Change the way gdb handles signal signal. The signal can be the number of a
signal or its name (with or without the ‘SIG’ at the beginning); a list of signal
numbers of the form ‘low-high’; or the word ‘all’, meaning all the known
signals. Optional arguments keywords, described below, say what change to
make.
The keywords allowed by the handle command can be abbreviated. Their full names
are:
nostop gdb should not stop your program when this signal happens. It may still print
a message telling you that the signal has come in.
stop gdb should stop your program when this signal happens. This implies the
print keyword as well.
print gdb should print a message when this signal happens.
74 Debugging with gdb

noprint gdb should not mention the occurrence of the signal at all. This implies the
nostop keyword as well.
pass
noignore gdb should allow your program to see this signal; your program can handle the
signal, or else it may terminate if the signal is fatal and not handled. pass and
noignore are synonyms.
nopass
ignore gdb should not allow your program to see this signal. nopass and ignore are
synonyms.
When a signal stops your program, the signal is not visible to the program until you
continue. Your program sees the signal then, if pass is in effect for the signal in question
at that time. In other words, after gdb reports a signal, you can use the handle command
with pass or nopass to control whether your program sees that signal when you continue.
The default is set to nostop, noprint, pass for non-erroneous signals such as SIGALRM,
SIGWINCH and SIGCHLD, and to stop, print, pass for the erroneous signals.
You can also use the signal command to prevent your program from seeing a signal, or
cause it to see a signal it normally would not see, or to give it any signal at any time. For
example, if your program stopped due to some sort of memory reference error, you might
store correct values into the erroneous variables and continue, hoping to see more execution;
but your program would probably terminate immediately as a result of the fatal signal once
it saw the signal. To prevent this, you can continue with ‘signal 0’. See Section 17.3
[Giving your Program a Signal], page 223.
gdb optimizes for stepping the mainline code. If a signal that has handle nostop and
handle pass set arrives while a stepping command (e.g., stepi, step, next) is in progress,
gdb lets the signal handler run and then resumes stepping the mainline code once the signal
handler returns. In other words, gdb steps over the signal handler. This prevents signals
that you’ve specified as not interesting (with handle nostop) from changing the focus of
debugging unexpectedly. Note that the signal handler itself may still hit a breakpoint, stop
for another signal that has handle stop in effect, or for any other event that normally
results in stopping the stepping command sooner. Also note that gdb still informs you that
the program received a signal if handle print is set.
If you set handle pass for a signal, and your program sets up a handler for it, then
issuing a stepping command, such as step or stepi, when your program is stopped due to
the signal will step into the signal handler (if the target supports that).
Likewise, if you use the queue-signal command to queue a signal to be delivered to
the current thread when execution of the thread resumes (see Section 17.3 [Giving your
Program a Signal], page 223), then a stepping command will step into the signal handler.
Here’s an example, using stepi to step to the first instruction of SIGUSR1’s handler:
(gdb) handle SIGUSR1
Signal Stop Print Pass to program Description
SIGUSR1 Yes Yes Yes User defined signal 1
(gdb) c
Continuing.

Program received signal SIGUSR1, User defined signal 1.

main () sigusr1.c:28
Chapter 5: Stopping and Continuing 75

28 p = 0;
(gdb) si
sigusr1_handler () at sigusr1.c:9
9 {
The same, but using queue-signal instead of waiting for the program to receive the
signal first:
(gdb) n
28 p = 0;
(gdb) queue-signal SIGUSR1
(gdb) si
sigusr1_handler () at sigusr1.c:9
9 {
(gdb)
On some targets, gdb can inspect extra signal information associated with the inter-
cepted signal, before it is actually delivered to the program being debugged. This informa-
tion is exported by the convenience variable $_siginfo, and consists of data that is passed
by the kernel to the signal handler at the time of the receipt of a signal. The data type of
the information itself is target dependent. You can see the data type using the ptype $_
siginfo command. On Unix systems, it typically corresponds to the standard siginfo_t
type, as defined in the ‘signal.h’ system header.
Here’s an example, on a gnu/Linux system, printing the stray referenced address that
raised a segmentation fault.
(gdb) continue
Program received signal SIGSEGV, Segmentation fault.
0x0000000000400766 in main ()
69 *(int *)p = 0;
(gdb) ptype $_siginfo
type = struct {
int si_signo;
int si_errno;
int si_code;
union {
int _pad[28];
struct {...} _kill;
struct {...} _timer;
struct {...} _rt;
struct {...} _sigchld;
struct {...} _sigfault;
struct {...} _sigpoll;
} _sifields;
}
(gdb) ptype $_siginfo._sifields._sigfault
type = struct {
void *si_addr;
}
(gdb) p $_siginfo._sifields._sigfault.si_addr
$1 = (void *) 0x7ffff7ff7000
Depending on target support, $_siginfo may also be writable.

5.5 Stopping and Starting Multi-thread Programs

gdb supports debugging programs with multiple threads (see Section 4.10 [Debugging Pro-
grams with Multiple Threads], page 36). There are two modes of controlling execution of
76 Debugging with gdb

your program within the debugger. In the default mode, referred to as all-stop mode, when
any thread in your program stops (for example, at a breakpoint or while being stepped), all
other threads in the program are also stopped by gdb. On some targets, gdb also supports
non-stop mode, in which other threads can continue to run freely while you examine the
stopped thread in the debugger.

5.5.1 All-Stop Mode

In all-stop mode, whenever your program stops under gdb for any reason, all threads of
execution stop, not just the current thread. This allows you to examine the overall state
of the program, including switching between threads, without worrying that things may
change underfoot.
Conversely, whenever you restart the program, all threads start executing. This is true
even when single-stepping with commands like step or next.
In particular, gdb cannot single-step all threads in lockstep. Since thread scheduling
is up to your debugging target’s operating system (not controlled by gdb), other threads
may execute more than one statement while the current thread completes a single step.
Moreover, in general other threads stop in the middle of a statement, rather than at a clean
statement boundary, when the program stops.
You might even find your program stopped in another thread after continuing or even
single-stepping. This happens whenever some other thread runs into a breakpoint, a signal,
or an exception before the first thread completes whatever you requested.
Whenever gdb stops your program, due to a breakpoint or a signal, it automatically
selects the thread where that breakpoint or signal happened. gdb alerts you to the context
switch with a message such as ‘[Switching to Thread n]’ to identify the thread.
On some OSes, you can modify gdb’s default behavior by locking the OS scheduler to
allow only a single thread to run.
set scheduler-locking mode
Set the scheduler locking mode. If it is off, then there is no locking and any
thread may run at any time. If on, then only the current thread may run when
the inferior is resumed. The step mode optimizes for single-stepping; it prevents
other threads from preempting the current thread while you are stepping, so
that the focus of debugging does not change unexpectedly. Other threads only
rarely (or never) get a chance to run when you step. They are more likely to
run when you ‘next’ over a function call, and they are completely free to run
when you use commands like ‘continue’, ‘until’, or ‘finish’. However, unless
another thread hits a breakpoint during its timeslice, gdb does not change the
current thread away from the thread that you are debugging.
show scheduler-locking
Display the current scheduler locking mode.
By default, when you issue one of the execution commands such as continue, next
or step, gdb allows only threads of the current inferior to run. For example, if gdb is
attached to two inferiors, each with two threads, the continue command resumes only the
two threads of the current inferior. This is useful, for example, when you debug a program
that forks and you want to hold the parent stopped (so that, for instance, it doesn’t run to
Chapter 5: Stopping and Continuing 77

exit), while you debug the child. In other situations, you may not be interested in inspecting
the current state of any of the processes gdb is attached to, and you may want to resume
them all until some breakpoint is hit. In the latter case, you can instruct gdb to allow all
threads of all the inferiors to run with the set schedule-multiple command.
set schedule-multiple
Set the mode for allowing threads of multiple processes to be resumed when an
execution command is issued. When on, all threads of all processes are allowed
to run. When off, only the threads of the current process are resumed. The
default is off. The scheduler-locking mode takes precedence when set to
on, or while you are stepping and set to step.
show schedule-multiple
Display the current mode for resuming the execution of threads of multiple
processes.

5.5.2 Non-Stop Mode

For some multi-threaded targets, gdb supports an optional mode of operation in which
you can examine stopped program threads in the debugger while other threads continue to
execute freely. This minimizes intrusion when debugging live systems, such as programs
where some threads have real-time constraints or must continue to respond to external
events. This is referred to as non-stop mode.
In non-stop mode, when a thread stops to report a debugging event, only that thread is
stopped; gdb does not stop other threads as well, in contrast to the all-stop mode behavior.
Additionally, execution commands such as continue and step apply by default only to
the current thread in non-stop mode, rather than all threads as in all-stop mode. This
allows you to control threads explicitly in ways that are not possible in all-stop mode — for
example, stepping one thread while allowing others to run freely, stepping one thread while
holding all others stopped, or stepping several threads independently and simultaneously.
To enter non-stop mode, use this sequence of commands before you run or attach to
your program:
# If using the CLI, pagination breaks non-stop.
set pagination off

# Finally, turn it on!

set non-stop on
You can use these commands to manipulate the non-stop mode setting:
set non-stop on
Enable selection of non-stop mode.
set non-stop off
Disable selection of non-stop mode.
show non-stop
Show the current non-stop enablement setting.
Note these commands only reflect whether non-stop mode is enabled, not whether the
currently-executing program is being run in non-stop mode. In particular, the set non-
stop preference is only consulted when gdb starts or connects to the target program, and
78 Debugging with gdb

it is generally not possible to switch modes once debugging has started. Furthermore, since
not all targets support non-stop mode, even when you have enabled non-stop mode, gdb
may still fall back to all-stop operation by default.
In non-stop mode, all execution commands apply only to the current thread by default.
That is, continue only continues one thread. To continue all threads, issue continue -a
or c -a.
You can use gdb’s background execution commands (see Section 5.5.3 [Background
Execution], page 78) to run some threads in the background while you continue to examine
or step others from gdb. The MI execution commands (see Section 27.15 [GDB/MI Program
Execution], page 484) are always executed asynchronously in non-stop mode.
Suspending execution is done with the interrupt command when running in the back-
ground, or Ctrl-c during foreground execution. In all-stop mode, this stops the whole
process; but in non-stop mode the interrupt applies only to the current thread. To stop the
whole program, use interrupt -a.
Other execution commands do not currently support the -a option.
In non-stop mode, when a thread stops, gdb doesn’t automatically make that thread
current, as it does in all-stop mode. This is because the thread stop notifications are
asynchronous with respect to gdb’s command interpreter, and it would be confusing if gdb
unexpectedly changed to a different thread just as you entered a command to operate on
the previously current thread.

5.5.3 Background Execution

gdb’s execution commands have two variants: the normal foreground (synchronous) behav-
ior, and a background (asynchronous) behavior. In foreground execution, gdb waits for the
program to report that some thread has stopped before prompting for another command.
In background execution, gdb immediately gives a command prompt so that you can issue
other commands while your program runs.
If the target doesn’t support async mode, gdb issues an error message if you attempt
to use the background execution commands.
To specify background execution, add a & to the command. For example, the background
form of the continue command is continue&, or just c&. The execution commands that
accept background execution are:
run See Section 4.2 [Starting your Program], page 26.
attach See Section 4.7 [Debugging an Already-running Process], page 32.
step See Section 5.2 [Continuing and Stepping], page 68.
stepi See Section 5.2 [Continuing and Stepping], page 68.
next See Section 5.2 [Continuing and Stepping], page 68.
nexti See Section 5.2 [Continuing and Stepping], page 68.
continue See Section 5.2 [Continuing and Stepping], page 68.
finish See Section 5.2 [Continuing and Stepping], page 68.
until See Section 5.2 [Continuing and Stepping], page 68.
Chapter 5: Stopping and Continuing 79

Background execution is especially useful in conjunction with non-stop mode for debug-
ging programs with multiple threads; see Section 5.5.2 [Non-Stop Mode], page 77. However,
you can also use these commands in the normal all-stop mode with the restriction that you
cannot issue another execution command until the previous one finishes. Examples of com-
mands that are valid in all-stop mode while the program is running include help and info
break.
You can interrupt your program while it is running in the background by using the
interrupt command.

interrupt
interrupt -a
Suspend execution of the running program. In all-stop mode, interrupt stops
the whole process, but in non-stop mode, it stops only the current thread. To
stop the whole program in non-stop mode, use interrupt -a.

5.5.4 Thread-Specific Breakpoints

When your program has multiple threads (see Section 4.10 [Debugging Programs with
Multiple Threads], page 36), you can choose whether to set breakpoints on all threads, or
on a particular thread.

break linespec thread threadno

break linespec thread threadno if ...
linespec specifies source lines; there are several ways of writing them (see
Section 9.2 [Specify Location], page 100), but the effect is always to specify
some source line.
Use the qualifier ‘thread threadno’ with a breakpoint command to specify
that you only want gdb to stop the program when a particular thread reaches
this breakpoint. The threadno specifier is one of the numeric thread identifiers
assigned by gdb, shown in the first column of the ‘info threads’ display.
If you do not specify ‘thread threadno’ when you set a breakpoint, the break-
point applies to all threads of your program.
You can use the thread qualifier on conditional breakpoints as well; in this case,
place ‘thread threadno’ before or after the breakpoint condition, like this:
(gdb) break frik.c:13 thread 28 if bartab > lim

Thread-specific breakpoints are automatically deleted when gdb detects the correspond-
ing thread is no longer in the thread list. For example:
(gdb) c
Thread-specific breakpoint 3 deleted - thread 28 no longer in the thread list.

There are several ways for a thread to disappear, such as a regular thread exit, but also
when you detach from the process with the detach command (see Section 4.7 [Debugging an
Already-running Process], page 32), or if gdb loses the remote connection (see Chapter 20
[Remote Debugging], page 251), etc. Note that with some targets, gdb is only able to
detect a thread has exited when the user explictly asks for the thread list with the info
threads command.
80 Debugging with gdb

5.5.5 Interrupted System Calls

There is an unfortunate side effect when using gdb to debug multi-threaded programs. If
one thread stops for a breakpoint, or for some other reason, and another thread is blocked
in a system call, then the system call may return prematurely. This is a consequence
of the interaction between multiple threads and the signals that gdb uses to implement
breakpoints and other events that stop execution.
To handle this problem, your program should check the return value of each system call
and react appropriately. This is good programming style anyways.
For example, do not write code like this:
sleep (10);

The call to sleep will return early if a different thread stops at a breakpoint or for some
other reason.
Instead, write this:
int unslept = 10;
while (unslept > 0)
unslept = sleep (unslept);

A system call is allowed to return early, so the system is still conforming to its specifica-
tion. But gdb does cause your multi-threaded program to behave differently than it would
without gdb.
Also, gdb uses internal breakpoints in the thread library to monitor certain events such
as thread creation and thread destruction. When such an event happens, a system call
in another thread may return prematurely, even though your program does not appear to
stop.

5.5.6 Observer Mode

If you want to build on non-stop mode and observe program behavior without any chance
of disruption by gdb, you can set variables to disable all of the debugger’s attempts to
modify state, whether by writing memory, inserting breakpoints, etc. These operate at a
low level, intercepting operations from all commands.
When all of these are set to off, then gdb is said to be observer mode. As a convenience,
the variable observer can be set to disable these, plus enable non-stop mode.
Note that gdb will not prevent you from making nonsensical combinations of these
settings. For instance, if you have enabled may-insert-breakpoints but disabled may-
write-memory, then breakpoints that work by writing trap instructions into the code stream
will still not be able to be placed.

set observer on
set observer off
When set to on, this disables all the permission variables below (except for
insert-fast-tracepoints), plus enables non-stop debugging. Setting this to
off switches back to normal debugging, though remaining in non-stop mode.
show observer
Show whether observer mode is on or off.
Chapter 5: Stopping and Continuing 81

set may-write-registers on
set may-write-registers off
This controls whether gdb will attempt to alter the values of registers, such as
with assignment expressions in print, or the jump command. It defaults to on.
show may-write-registers
Show the current permission to write registers.
set may-write-memory on
set may-write-memory off
This controls whether gdb will attempt to alter the contents of memory, such
as with assignment expressions in print. It defaults to on.
show may-write-memory
Show the current permission to write memory.
set may-insert-breakpoints on
set may-insert-breakpoints off
This controls whether gdb will attempt to insert breakpoints. This affects all
breakpoints, including internal breakpoints defined by gdb. It defaults to on.
show may-insert-breakpoints
Show the current permission to insert breakpoints.
set may-insert-tracepoints on
set may-insert-tracepoints off
This controls whether gdb will attempt to insert (regular) tracepoints at the
beginning of a tracing experiment. It affects only non-fast tracepoints, fast tra-
cepoints being under the control of may-insert-fast-tracepoints. It defaults
to on.
show may-insert-tracepoints
Show the current permission to insert tracepoints.
set may-insert-fast-tracepoints on
set may-insert-fast-tracepoints off
This controls whether gdb will attempt to insert fast tracepoints at the begin-
ning of a tracing experiment. It affects only fast tracepoints, regular (non-fast)
tracepoints being under the control of may-insert-tracepoints. It defaults
to on.
show may-insert-fast-tracepoints
Show the current permission to insert fast tracepoints.
set may-interrupt on
set may-interrupt off
This controls whether gdb will attempt to interrupt or stop program execution.
When this variable is off, the interrupt command will have no effect, nor will
Ctrl-c. It defaults to on.
show may-interrupt
Show the current permission to interrupt or stop the program.
Chapter 6: Running programs backward 83

6 Running programs backward

When you are debugging a program, it is not unusual to realize that you have gone too far,
and some event of interest has already happened. If the target environment supports it,
gdb can allow you to “rewind” the program by running it backward.
A target environment that supports reverse execution should be able to “undo” the
changes in machine state that have taken place as the program was executing normally.
Variables, registers etc. should revert to their previous values. Obviously this requires a
great deal of sophistication on the part of the target environment; not all target environ-
ments can support reverse execution.
When a program is executed in reverse, the instructions that have most recently been
executed are “un-executed”, in reverse order. The program counter runs backward, follow-
ing the previous thread of execution in reverse. As each instruction is “un-executed”, the
values of memory and/or registers that were changed by that instruction are reverted to
their previous states. After executing a piece of source code in reverse, all side effects of
that code should be “undone”, and all variables should be returned to their prior values1 .
If you are debugging in a target environment that supports reverse execution, gdb
provides the following commands.
reverse-continue [ignore-count]
rc [ignore-count]
Beginning at the point where your program last stopped, start executing in
reverse. Reverse execution will stop for breakpoints and synchronous exceptions
(signals), just like normal execution. Behavior of asynchronous signals depends
on the target environment.
reverse-step [count]
Run the program backward until control reaches the start of a different source
line; then stop it, and return control to gdb.
Like the step command, reverse-step will only stop at the beginning of a
source line. It “un-executes” the previously executed source line. If the pre-
vious source line included calls to debuggable functions, reverse-step will
step (backward) into the called function, stopping at the beginning of the last
statement in the called function (typically a return statement).
Also, as with the step command, if non-debuggable functions are called,
reverse-step will run thru them backward without stopping.
reverse-stepi [count]
Reverse-execute one machine instruction. Note that the instruction to be
reverse-executed is not the one pointed to by the program counter, but the
1
Note that some side effects are easier to undo than others. For instance, memory and registers are
relatively easy, but device I/O is hard. Some targets may be able undo things like device I/O, and some
may not.
The contract between gdb and the reverse executing target requires only that the target do something
reasonable when gdb tells it to execute backwards, and then report the results back to gdb. Whatever
the target reports back to gdb, gdb will report back to the user. gdb assumes that the memory and
registers that the target reports are in a consistant state, but gdb accepts whatever it is given.
84 Debugging with gdb

instruction executed prior to that one. For instance, if the last instruction was
a jump, reverse-stepi will take you back from the destination of the jump to
the jump instruction itself.
reverse-next [count]
Run backward to the beginning of the previous line executed in the current
(innermost) stack frame. If the line contains function calls, they will be “un-
executed” without stopping. Starting from the first line of a function, reverse-
next will take you back to the caller of that function, before the function was
called, just as the normal next command would take you from the last line of
a function back to its return to its caller2 .
reverse-nexti [count]
Like nexti, reverse-nexti executes a single instruction in reverse, except
that called functions are “un-executed” atomically. That is, if the previously
executed instruction was a return from another function, reverse-nexti will
continue to execute in reverse until the call to that function (from the current
stack frame) is reached.
reverse-finish
Just as the finish command takes you to the point where the current function
returns, reverse-finish takes you to the point where it was called. Instead
of ending up at the end of the current function invocation, you end up at the
beginning.
set exec-direction
Set the direction of target execution.
set exec-direction reverse
gdb will perform all execution commands in reverse, until the exec-direction
mode is changed to “forward”. Affected commands include step, stepi,
next, nexti, continue, and finish. The return command cannot be used
in reverse mode.
set exec-direction forward
gdb will perform all execution commands in the normal fashion. This is the
default.

2
Unless the code is too heavily optimized.
Chapter 7: Recording Inferior’s Execution and Replaying It 85

7 Recording Inferior’s Execution and Replaying It

On some platforms, gdb provides a special process record and replay target that can record
a log of the process execution, and replay it later with both forward and reverse execution
commands.
When this target is in use, if the execution log includes the record for the next instruction,
gdb will debug in replay mode. In the replay mode, the inferior does not really execute
code instructions. Instead, all the events that normally happen during code execution are
taken from the execution log. While code is not really executed in replay mode, the values
of registers (including the program counter register) and the memory of the inferior are still
changed as they normally would. Their contents are taken from the execution log.
If the record for the next instruction is not in the execution log, gdb will debug in record
mode. In this mode, the inferior executes normally, and gdb records the execution log for
future replay.
The process record and replay target supports reverse execution (see Chapter 6 [Reverse
Execution], page 83), even if the platform on which the inferior runs does not. However,
the reverse execution is limited in this case by the range of the instructions recorded in the
execution log. In other words, reverse execution on platforms that don’t support it directly
can only be done in the replay mode.
When debugging in the reverse direction, gdb will work in replay mode as long as the
execution log includes the record for the previous instruction; otherwise, it will work in
record mode, if the platform supports reverse execution, or stop if not.
For architecture environments that support process record and replay, gdb provides the
following commands:
record method
This command starts the process record and replay target. The recording
method can be specified as parameter. Without a parameter the command
uses the full recording method. The following recording methods are avail-
able:
full Full record/replay recording using gdb’s software record and re-
play implementation. This method allows replaying and reverse
execution.
btrace format
Hardware-supported instruction recording. This method does not
record data. Further, the data is collected in a ring buffer so old
data will be overwritten when the buffer is full. It allows limited
replay and reverse execution.
The recording format can be specified as parameter. Without a pa-
rameter the command chooses the recording format. The following
recording formats are available:
bts Use the Branch Trace Store (BTS) recording format.
In this format, the processor stores a from/to record
for each executed branch in the btrace ring buffer.
86 Debugging with gdb

Not all recording formats may be available on all processors.

The process record and replay target can only debug a process that is already
running. Therefore, you need first to start the process with the run or start
commands, and then start the recording with the record method command.
Both record method and rec method are aliases of target record-method.
Displaced stepping (see Appendix D [displaced stepping], page 589) will be
automatically disabled when process record and replay target is started. That’s
because the process record and replay target doesn’t support displaced stepping.
If the inferior is in the non-stop mode (see Section 5.5.2 [Non-Stop Mode],
page 77) or in the asynchronous execution mode (see Section 5.5.3 [Background
Execution], page 78), not all recording methods are available. The full record-
ing method does not support these two modes.
record stop
Stop the process record and replay target. When process record and replay
target stops, the entire execution log will be deleted and the inferior will either
be terminated, or will remain in its final state.
When you stop the process record and replay target in record mode (at the
end of the execution log), the inferior will be stopped at the next instruction
that would have been recorded. In other words, if you record for a while and
then stop recording, the inferior process will be left in the same state as if the
recording never happened.
On the other hand, if the process record and replay target is stopped while in
replay mode (that is, not at the end of the execution log, but at some earlier
point), the inferior process will become “live” at that earlier state, and it will
then be possible to continue the usual “live” debugging of the process from that
state.
When the inferior process exits, or gdb detaches from it, process record and
replay target will automatically stop itself.
record goto
Go to a specific location in the execution log. There are several ways to specify
the location to go to:
record goto begin
record goto start
Go to the beginning of the execution log.
record goto end
Go to the end of the execution log.
record goto n
Go to instruction number n in the execution log.
record save filename
Save the execution log to a file ‘filename’. Default filename is
‘gdb_record.process_id’, where process id is the process ID of the inferior.
This command may not be available for all recording methods.
Chapter 7: Recording Inferior’s Execution and Replaying It 87

record restore filename

Restore the execution log from a file ‘filename’. File must have been created
with record save.
set record full insn-number-max limit
set record full insn-number-max unlimited
Set the limit of instructions to be recorded for the full recording method.
Default value is 200000.
If limit is a positive number, then gdb will start deleting instructions from the
log once the number of the record instructions becomes greater than limit. For
every new recorded instruction, gdb will delete the earliest recorded instruc-
tion to keep the number of recorded instructions at the limit. (Since deleting
recorded instructions loses information, gdb lets you control what happens
when the limit is reached, by means of the stop-at-limit option, described
below.)
If limit is unlimited or zero, gdb will never delete recorded instructions from
the execution log. The number of recorded instructions is limited only by the
available memory.
show record full insn-number-max
Show the limit of instructions to be recorded with the full recording method.
set record full stop-at-limit
Control the behavior of the full recording method when the number of recorded
instructions reaches the limit. If ON (the default), gdb will stop when the limit
is reached for the first time and ask you whether you want to stop the inferior or
continue running it and recording the execution log. If you decide to continue
recording, each new recorded instruction will cause the oldest one to be deleted.
If this option is OFF, gdb will automatically delete the oldest record to make
room for each new one, without asking.
show record full stop-at-limit
Show the current setting of stop-at-limit.
set record full memory-query
Control the behavior when gdb is unable to record memory changes caused by
an instruction for the full recording method. If ON, gdb will query whether
to stop the inferior in that case.
If this option is OFF (the default), gdb will automatically ignore the effect of
such instructions on memory. Later, when gdb replays this execution log, it
will mark the log of this instruction as not accessible, and it will not affect the
replay results.
show record full memory-query
Show the current setting of memory-query.
The btrace record target does not trace data. As a convenience, when replay-
ing, gdb reads read-only memory off the live program directly, assuming that
the addresses of the read-only areas don’t change. This for example makes it
possible to disassemble code while replaying, but not to print variables. In some
88 Debugging with gdb

cases, being able to inspect variables might be useful. You can use the following
command for that:
set record btrace replay-memory-access
Control the behavior of the btrace recording method when accessing memory
during replay. If read-only (the default), gdb will only allow accesses to
read-only memory. If read-write, gdb will allow accesses to read-only and to
read-write memory. Beware that the accessed memory corresponds to the live
target and not necessarily to the current replay position.
show record btrace replay-memory-access
Show the current setting of replay-memory-access.
set record btrace bts buffer-size size
set record btrace bts buffer-size unlimited
Set the requested ring buffer size for branch tracing in BTS format. Default is
64KB.
If size is a positive number, then gdb will try to allocate a buffer of at least size
bytes for each new thread that uses the btrace recording method and the BTS
format. The actually obtained buffer size may differ from the requested size.
Use the info record command to see the actual buffer size for each thread that
uses the btrace recording method and the BTS format.
If limit is unlimited or zero, gdb will try to allocate a buffer of 4MB.
Bigger buffers mean longer traces. On the other hand, gdb will also need longer
to process the branch trace data before it can be used.
show record btrace bts buffer-size size
Show the current setting of the requested ring buffer size for branch tracing in
BTS format.
info record
Show various statistics about the recording depending on the recording method:
full For the full recording method, it shows the state of process record
and its in-memory execution log buffer, including:
• Whether in record mode or replay mode.
• Lowest recorded instruction number (counting from when the
current execution log started recording instructions).
• Highest recorded instruction number.
• Current instruction about to be replayed (if in replay mode).
• Number of instructions contained in the execution log.
• Maximum number of instructions that may be contained in the
execution log.
btrace For the btrace recording method, it shows:
• Recording format.
• Number of instructions that have been recorded.
• Number of blocks of sequential control-flow formed by the
recorded instructions.
Chapter 7: Recording Inferior’s Execution and Replaying It 89

• Whether in record mode or replay mode.

For the bts recording format, it also shows:
• Size of the perf ring buffer.
record delete
When record target runs in replay mode (“in the past”), delete the subsequent
execution log and begin to record a new execution log starting from the current
address. This means you will abandon the previously recorded “future” and
begin recording a new “future”.
record instruction-history
Disassembles instructions from the recorded execution log. By default, ten
instructions are disassembled. This can be changed using the set record
instruction-history-size command. Instructions are printed in execution
order. There are several ways to specify what part of the execution log to
disassemble:
record instruction-history insn
Disassembles ten instructions starting from instruction number
insn.
record instruction-history insn, +/-n
Disassembles n instructions around instruction number insn. If n
is preceded with +, disassembles n instructions after instruction
number insn. If n is preceded with -, disassembles n instructions
before instruction number insn.
record instruction-history
Disassembles ten more instructions after the last disassembly.
record instruction-history -
Disassembles ten more instructions before the last disassembly.
record instruction-history begin end
Disassembles instructions beginning with instruction number be-
gin until instruction number end. The instruction number end is
included.
This command may not be available for all recording methods.
set record instruction-history-size size
set record instruction-history-size unlimited
Define how many instructions to disassemble in the record instruction-
history command. The default value is 10. A size of unlimited means
unlimited instructions.
show record instruction-history-size
Show how many instructions to disassemble in the record instruction-
history command.
record function-call-history
Prints the execution history at function granularity. It prints one line for each
sequence of instructions that belong to the same function giving the name of
90 Debugging with gdb

that function, the source lines for this instruction sequence (if the /l modifier
is specified), and the instructions numbers that form the sequence (if the /i
modifier is specified). The function names are indented to reflect the call stack
depth if the /c modifier is specified. The /l, /i, and /c modifiers can be given
together.
(gdb) list 1, 10
1 void foo (void)
2 {
3 }
4
5 void bar (void)
6 {
7 ...
8 foo ();
9 ...
10 }
(gdb) record function-call-history /ilc
1 bar inst 1,4 at foo.c:6,8
2 foo inst 5,10 at foo.c:2,3
3 bar inst 11,13 at foo.c:9,10
By default, ten lines are printed. This can be changed using the set record
function-call-history-size command. Functions are printed in execution
order. There are several ways to specify what to print:
record function-call-history func
Prints ten functions starting from function number func.
record function-call-history func, +/-n
Prints n functions around function number func. If n is preceded
with +, prints n functions after function number func. If n is pre-
ceded with -, prints n functions before function number func.
record function-call-history
Prints ten more functions after the last ten-line print.
record function-call-history -
Prints ten more functions before the last ten-line print.
record function-call-history begin end
Prints functions beginning with function number begin until func-
tion number end. The function number end is included.
This command may not be available for all recording methods.
set record function-call-history-size size
set record function-call-history-size unlimited
Define how many lines to print in the record function-call-history com-
mand. The default value is 10. A size of unlimited means unlimited lines.
show record function-call-history-size
Show how many lines to print in the record function-call-history com-
mand.
Chapter 8: Examining the Stack 91

8 Examining the Stack

When your program has stopped, the first thing you need to know is where it stopped and
how it got there.
Each time your program performs a function call, information about the call is generated.
That information includes the location of the call in your program, the arguments of the
call, and the local variables of the function being called. The information is saved in a block
of data called a stack frame. The stack frames are allocated in a region of memory called
the call stack.
When your program stops, the gdb commands for examining the stack allow you to see
all of this information.
One of the stack frames is selected by gdb and many gdb commands refer implicitly
to the selected frame. In particular, whenever you ask gdb for the value of a variable in
your program, the value is found in the selected frame. There are special gdb commands to
select whichever frame you are interested in. See Section 8.4 [Selecting a Frame], page 97.
When your program stops, gdb automatically selects the currently executing frame and
describes it briefly, similar to the frame command (see Section 8.5 [Information about a
Frame], page 98).

8.1 Stack Frames

The call stack is divided up into contiguous pieces called stack frames, or frames for short;
each frame is the data associated with one call to one function. The frame contains the
arguments given to the function, the function’s local variables, and the address at which
the function is executing.
When your program is started, the stack has only one frame, that of the function main.
This is called the initial frame or the outermost frame. Each time a function is called, a
new frame is made. Each time a function returns, the frame for that function invocation
is eliminated. If a function is recursive, there can be many frames for the same function.
The frame for the function in which execution is actually occurring is called the innermost
frame. This is the most recently created of all the stack frames that still exist.
Inside your program, stack frames are identified by their addresses. A stack frame
consists of many bytes, each of which has its own address; each kind of computer has a con-
vention for choosing one byte whose address serves as the address of the frame. Usually this
address is kept in a register called the frame pointer register (see Section 10.13 [Registers],
page 137) while execution is going on in that frame.
gdb assigns numbers to all existing stack frames, starting with zero for the innermost
frame, one for the frame that called it, and so on upward. These numbers do not really
exist in your program; they are assigned by gdb to give you a way of designating stack
frames in gdb commands.
Some compilers provide a way to compile functions so that they operate without stack
frames. (For example, the gcc option
‘-fomit-frame-pointer’
generates functions without a frame.) This is occasionally done with heavily used li-
brary functions to save the frame setup time. gdb has limited facilities for dealing with
92 Debugging with gdb

these function invocations. If the innermost function invocation has no stack frame, gdb
nevertheless regards it as though it had a separate frame, which is numbered zero as usual,
allowing correct tracing of the function call chain. However, gdb has no provision for
frameless functions elsewhere in the stack.
frame [framespec]
The frame command allows you to move from one stack frame to another, and
to print the stack frame you select. The framespec may be either the address
of the frame or the stack frame number. Without an argument, frame prints
the current stack frame.
select-frame
The select-frame command allows you to move from one stack frame to an-
other without printing the frame. This is the silent version of frame.

8.2 Backtraces
A backtrace is a summary of how your program got where it is. It shows one line per frame,
for many frames, starting with the currently executing frame (frame zero), followed by its
caller (frame one), and on up the stack.
backtrace
bt Print a backtrace of the entire stack: one line per frame for all frames in the
stack.
You can stop the backtrace at any time by typing the system interrupt charac-
ter, normally Ctrl-c.
backtrace n
bt n Similar, but print only the innermost n frames.
backtrace -n
bt -n Similar, but print only the outermost n frames.
backtrace full
bt full
bt full n
bt full -n
Print the values of the local variables also. As described above, n specifies the
number of frames to print.
backtrace no-filters
bt no-filters
bt no-filters n
bt no-filters -n
bt no-filters full
bt no-filters full n
bt no-filters full -n
Do not run Python frame filters on this backtrace. See Section 23.2.2.9 [Frame
Filter API], page 337, for more information. Additionally use [disable frame-
filter all], page 95 to turn off all frame filters. This is only relevant when gdb
has been configured with Python support.
Chapter 8: Examining the Stack 93

The names where and info stack (abbreviated info s) are additional aliases for
backtrace.
In a multi-threaded program, gdb by default shows the backtrace only for the current
thread. To display the backtrace for several or all of the threads, use the command thread
apply (see Section 4.10 [Threads], page 36). For example, if you type thread apply all
backtrace, gdb will display the backtrace for all the threads; this is handy when you debug
a core dump of a multi-threaded program.
Each line in the backtrace shows the frame number and the function name. The program
counter value is also shown—unless you use set print address off. The backtrace also
shows the source file name and line number, as well as the arguments to the function. The
program counter value is omitted if it is at the beginning of the code for that line number.
Here is an example of a backtrace. It was made with the command ‘bt 3’, so it shows
the innermost three frames.
#0 m4_traceon (obs=0x24eb0, argc=1, argv=0x2b8c8)
at builtin.c:993
#1 0x6e38 in expand_macro (sym=0x2b600, data=...) at macro.c:242
#2 0x6840 in expand_token (obs=0x0, t=177664, td=0xf7fffb08)
at macro.c:71
(More stack frames follow...)
The display for frame zero does not begin with a program counter value, indicating that
your program has stopped at the beginning of the code for line 993 of builtin.c.
The value of parameter data in frame 1 has been replaced by .... By default, gdb prints
the value of a parameter only if it is a scalar (integer, pointer, enumeration, etc). See
command set print frame-arguments in Section 10.8 [Print Settings], page 121 for more
details on how to configure the way function parameter values are printed.
If your program was compiled with optimizations, some compilers will optimize away
arguments passed to functions if those arguments are never used after the call. Such opti-
mizations generate code that passes arguments through registers, but doesn’t store those
arguments in the stack frame. gdb has no way of displaying such arguments in stack frames
other than the innermost one. Here’s what such a backtrace might look like:
#0 m4_traceon (obs=0x24eb0, argc=1, argv=0x2b8c8)
at builtin.c:993
#1 0x6e38 in expand_macro (sym=<optimized out>) at macro.c:242
#2 0x6840 in expand_token (obs=0x0, t=<optimized out>, td=0xf7fffb08)
at macro.c:71
(More stack frames follow...)
The values of arguments that were not saved in their stack frames are shown as ‘<optimized
out>’.
If you need to display the values of such optimized-out arguments, either deduce that
from other variables whose values depend on the one you are interested in, or recompile
without optimizations.
Most programs have a standard user entry point—a place where system libraries and
startup code transition into user code. For C this is main1 . When gdb finds the entry
function in a backtrace it will terminate the backtrace, to avoid tracing into highly system-
specific (and generally uninteresting) code.
1
Note that embedded programs (the so-called “free-standing” environment) are not required to have a
main function as the entry point. They could even have multiple entry points.
94 Debugging with gdb

If you need to examine the startup code, or limit the number of levels in a backtrace,
you can change this behavior:

set backtrace past-main

set backtrace past-main on
Backtraces will continue past the user entry point.

set backtrace past-main off

Backtraces will stop when they encounter the user entry point. This is the
default.

show backtrace past-main

Display the current user entry point backtrace policy.

set backtrace past-entry

set backtrace past-entry on
Backtraces will continue past the internal entry point of an application. This
entry point is encoded by the linker when the application is built, and is likely
before the user entry point main (or equivalent) is called.

set backtrace past-entry off

Backtraces will stop when they encounter the internal entry point of an appli-
cation. This is the default.

show backtrace past-entry

Display the current internal entry point backtrace policy.

set backtrace limit n

set backtrace limit 0
set backtrace limit unlimited
Limit the backtrace to n levels. A value of unlimited or zero means unlimited
levels.

show backtrace limit

Display the current limit on backtrace levels.

You can control how file names are displayed.

set filename-display
set filename-display relative
Display file names relative to the compilation directory. This is the default.

set filename-display basename

Display only basename of a filename.

set filename-display absolute

Display an absolute filename.

show filename-display
Show the current way to display filenames.
Chapter 8: Examining the Stack 95

8.3 Management of Frame Filters.

Frame filters are Python based utilities to manage and decorate the output of frames. See
Section 23.2.2.9 [Frame Filter API], page 337, for further information.
Managing frame filters is performed by several commands available within gdb, detailed
here.
info frame-filter
Print a list of installed frame filters from all dictionaries, showing their name,
priority and enabled status.
disable frame-filter filter-dictionary filter-name
Disable a frame filter in the dictionary matching filter-dictionary and filter-
name. The filter-dictionary may be all, global, progspace, or the name of
the object file where the frame filter dictionary resides. When all is specified,
all frame filters across all dictionaries are disabled. The filter-name is the name
of the frame filter and is used when all is not the option for filter-dictionary.
A disabled frame-filter is not deleted, it may be enabled again later.
enable frame-filter filter-dictionary filter-name
Enable a frame filter in the dictionary matching filter-dictionary and filter-
name. The filter-dictionary may be all, global, progspace or the name of
the object file where the frame filter dictionary resides. When all is specified,
all frame filters across all dictionaries are enabled. The filter-name is the name
of the frame filter and is used when all is not the option for filter-dictionary.
Example:
(gdb) info frame-filter

global frame-filters:
Priority Enabled Name
1000 No PrimaryFunctionFilter
100 Yes Reverse

progspace /build/test frame-filters:

Priority Enabled Name
100 Yes ProgspaceFilter

objfile /build/test frame-filters:

Priority Enabled Name
999 Yes BuildProgra Filter

(gdb) disable frame-filter /build/test BuildProgramFilter

(gdb) info frame-filter

global frame-filters:
Priority Enabled Name
1000 No PrimaryFunctionFilter
100 Yes Reverse

progspace /build/test frame-filters:

Priority Enabled Name
100 Yes ProgspaceFilter

objfile /build/test frame-filters:

96 Debugging with gdb

Priority Enabled Name

999 No BuildProgramFilter

(gdb) enable frame-filter global PrimaryFunctionFilter

(gdb) info frame-filter

global frame-filters:
Priority Enabled Name
1000 Yes PrimaryFunctionFilter
100 Yes Reverse

progspace /build/test frame-filters:

Priority Enabled Name
100 Yes ProgspaceFilter

objfile /build/test frame-filters:

Priority Enabled Name
999 No BuildProgramFilter

set frame-filter priority filter-dictionary filter-name priority

Set the priority of a frame filter in the dictionary matching filter-dictionary,
and the frame filter name matching filter-name. The filter-dictionary may be
global, progspace or the name of the object file where the frame filter dictio-
nary resides. The priority is an integer.
show frame-filter priority filter-dictionary filter-name
Show the priority of a frame filter in the dictionary matching filter-dictionary,
and the frame filter name matching filter-name. The filter-dictionary may be
global, progspace or the name of the object file where the frame filter dictio-
nary resides.
Example:
(gdb) info frame-filter

global frame-filters:
Priority Enabled Name
1000 Yes PrimaryFunctionFilter
100 Yes Reverse

progspace /build/test frame-filters:

Priority Enabled Name
100 Yes ProgspaceFilter

objfile /build/test frame-filters:

Priority Enabled Name
999 No BuildProgramFilter

(gdb) set frame-filter priority global Reverse 50

(gdb) info frame-filter

global frame-filters:
Priority Enabled Name
1000 Yes PrimaryFunctionFilter
50 Yes Reverse

progspace /build/test frame-filters:

Priority Enabled Name
Chapter 8: Examining the Stack 97

100 Yes ProgspaceFilter

objfile /build/test frame-filters:

Priority Enabled Name
999 No BuildProgramFilter

8.4 Selecting a Frame

Most commands for examining the stack and other data in your program work on whichever
stack frame is selected at the moment. Here are the commands for selecting a stack frame;
all of them finish by printing a brief description of the stack frame just selected.
frame n
fn Select frame number n. Recall that frame zero is the innermost (currently
executing) frame, frame one is the frame that called the innermost one, and so
on. The highest-numbered frame is the one for main.
frame addr
f addr Select the frame at address addr. This is useful mainly if the chaining of stack
frames has been damaged by a bug, making it impossible for gdb to assign
numbers properly to all frames. In addition, this can be useful when your
program has multiple stacks and switches between them.
On the SPARC architecture, frame needs two addresses to select an arbitrary
frame: a frame pointer and a stack pointer.
On the MIPS and Alpha architecture, it needs two addresses: a stack pointer
and a program counter.
On the 29k architecture, it needs three addresses: a register stack pointer, a
program counter, and a memory stack pointer.
up n Move n frames up the stack; n defaults to 1. For positive numbers n, this
advances toward the outermost frame, to higher frame numbers, to frames that
have existed longer.
down n Move n frames down the stack; n defaults to 1. For positive numbers n, this
advances toward the innermost frame, to lower frame numbers, to frames that
were created more recently. You may abbreviate down as do.
All of these commands end by printing two lines of output describing the frame. The
first line shows the frame number, the function name, the arguments, and the source file
and line number of execution in that frame. The second line shows the text of that source
line.
For example:
(gdb) up
#1 0x22f0 in main (argc=1, argv=0xf7fffbf4, env=0xf7fffbfc)
at env.c:10
10 read_input_file (argv[i]);
After such a printout, the list command with no arguments prints ten lines centered on
the point of execution in the frame. You can also edit the program at the point of execution
with your favorite editing program by typing edit. See Section 9.1 [Printing Source Lines],
page 99, for details.
98 Debugging with gdb

up-silently n
down-silently n
These two commands are variants of up and down, respectively; they differ in
that they do their work silently, without causing display of the new frame. They
are intended primarily for use in gdb command scripts, where the output might
be unnecessary and distracting.

8.5 Information About a Frame

There are several other commands to print information about the selected stack frame.
frame
f When used without any argument, this command does not change which frame
is selected, but prints a brief description of the currently selected stack frame.
It can be abbreviated f. With an argument, this command is used to select a
stack frame. See Section 8.4 [Selecting a Frame], page 97.
info frame
info f This command prints a verbose description of the selected stack frame, includ-
ing:
• the address of the frame
• the address of the next frame down (called by this frame)
• the address of the next frame up (caller of this frame)
• the language in which the source code corresponding to this frame is written
• the address of the frame’s arguments
• the address of the frame’s local variables
• the program counter saved in it (the address of execution in the caller
frame)
• which registers were saved in the frame
The verbose description is useful when something has gone wrong that has made
the stack format fail to fit the usual conventions.
info frame addr
info f addr
Print a verbose description of the frame at address addr, without selecting that
frame. The selected frame remains unchanged by this command. This requires
the same kind of address (more than one for some architectures) that you specify
in the frame command. See Section 8.4 [Selecting a Frame], page 97.
info args Print the arguments of the selected frame, each on a separate line.
info locals
Print the local variables of the selected frame, each on a separate line. These
are all variables (declared either static or automatic) accessible at the point of
execution of the selected frame.
Chapter 9: Examining Source Files 99

9 Examining Source Files

gdb can print parts of your program’s source, since the debugging information recorded in
the program tells gdb what source files were used to build it. When your program stops,
gdb spontaneously prints the line where it stopped. Likewise, when you select a stack frame
(see Section 8.4 [Selecting a Frame], page 97), gdb prints the line where execution in that
frame has stopped. You can print other portions of source files by explicit command.
If you use gdb through its gnu Emacs interface, you may prefer to use Emacs facilities
to view source; see Chapter 26 [Using gdb under gnu Emacs], page 449.

9.1 Printing Source Lines

To print lines from a source file, use the list command (abbreviated l). By default, ten
lines are printed. There are several ways to specify what part of the file you want to print;
see Section 9.2 [Specify Location], page 100, for the full list.
Here are the forms of the list command most commonly used:
list linenum
Print lines centered around line number linenum in the current source file.
list function
Print lines centered around the beginning of function function.
list Print more lines. If the last lines printed were printed with a list command,
this prints lines following the last lines printed; however, if the last line printed
was a solitary line printed as part of displaying a stack frame (see Chapter 8
[Examining the Stack], page 91), this prints lines centered around that line.
list - Print lines just before the lines last printed.
By default, gdb prints ten source lines with any of these forms of the list command.
You can change this using set listsize:
set listsize count
set listsize unlimited
Make the list command display count source lines (unless the list argument
explicitly specifies some other number). Setting count to unlimited or 0 means
there’s no limit.
show listsize
Display the number of lines that list prints.
Repeating a list command with RET discards the argument, so it is equivalent to typing
just list. This is more useful than listing the same lines again. An exception is made for
an argument of ‘-’; that argument is preserved in repetition so that each repetition moves
up in the source file.
In general, the list command expects you to supply zero, one or two linespecs. Line-
specs specify source lines; there are several ways of writing them (see Section 9.2 [Specify
Location], page 100), but the effect is always to specify some source line.
Here is a complete description of the possible arguments for list:
100 Debugging with gdb

list linespec
Print lines centered around the line specified by linespec.
list first,last
Print lines from first to last. Both arguments are linespecs. When a list
command has two linespecs, and the source file of the second linespec is omitted,
this refers to the same source file as the first linespec.
list ,last
Print lines ending with last.
list first,
Print lines starting with first.
list + Print lines just after the lines last printed.
list - Print lines just before the lines last printed.
list As described in the preceding table.

9.2 Specifying a Location

Several gdb commands accept arguments that specify a location of your program’s code.
Since gdb is a source-level debugger, a location usually specifies some line in the source
code; for that reason, locations are also known as linespecs.
Here are all the different ways of specifying a code location that gdb understands:
linenum Specifies the line number linenum of the current source file.
-offset
+offset Specifies the line offset lines before or after the current line. For the list
command, the current line is the last one printed; for the breakpoint commands,
this is the line at which execution stopped in the currently selected stack frame
(see Section 8.1 [Frames], page 91, for a description of stack frames.) When
used as the second of the two linespecs in a list command, this specifies the
line offset lines up or down from the first linespec.
filename:linenum
Specifies the line linenum in the source file filename. If filename is a
relative file name, then it will match any source file name with the same
trailing components. For example, if filename is ‘gcc/expr.c’, then
it will match source file name of ‘/build/trunk/gcc/expr.c’, but not
‘/build/trunk/libcpp/expr.c’ or ‘/build/trunk/gcc/x-expr.c’.
function Specifies the line that begins the body of the function function. For example,
in C, this is the line with the open brace.
function:label
Specifies the line where label appears in function.
filename:function
Specifies the line that begins the body of the function function in the file file-
name. You only need the file name with a function name to avoid ambiguity
when there are identically named functions in different source files.
Chapter 9: Examining Source Files 101

label Specifies the line at which the label named label appears. gdb searches for
the label in the function corresponding to the currently selected stack frame.
If there is no current selected stack frame (for instance, if the inferior is not
running), then gdb will not search for a label.
*address Specifies the program address address. For line-oriented commands, such as
list and edit, this specifies a source line that contains address. For break
and other breakpoint oriented commands, this can be used to set breakpoints
in parts of your program which do not have debugging information or source
files.
Here address may be any expression valid in the current working language (see
Chapter 15 [Languages], page 183) that specifies a code address. In addition,
as a convenience, gdb extends the semantics of expressions used in locations
to cover the situations that frequently happen during debugging. Here are the
various forms of address:
expression
Any expression valid in the current working language.
funcaddr An address of a function or procedure derived from its name. In
C, C++, Java, Objective-C, Fortran, minimal, and assembly, this
is simply the function’s name function (and actually a special case
of a valid expression). In Pascal and Modula-2, this is &function.
In Ada, this is function’Address (although the Pascal form also
works).
This form specifies the address of the function’s first instruction,
before the stack frame and arguments have been set up.
’filename’:funcaddr
Like funcaddr above, but also specifies the name of the source file
explicitly. This is useful if the name of the function does not specify
the function unambiguously, e.g., if there are several functions with
identical names in different source files.
-pstap|-probe-stap [objfile:[provider:]]name
The gnu/Linux tool SystemTap provides a way for applications to embed static
probes. See Section 5.1.10 [Static Probe Points], page 65, for more information
on finding and using static probes. This form of linespec specifies the location
of such a static probe.
If objfile is given, only probes coming from that shared library or executable
matching objfile as a regular expression are considered. If provider is given,
then only probes from that provider are considered. If several probes match
the spec, gdb will insert a breakpoint at each one of those probes.

9.3 Editing Source Files

To edit the lines in a source file, use the edit command. The editing program of your
choice is invoked with the current line set to the active line in the program. Alternatively,
there are several ways to specify what part of the file you want to print if you want to see
other parts of the program:
102 Debugging with gdb

edit location
Edit the source file specified by location. Editing starts at that location,
e.g., at the specified source line of the specified file. See Section 9.2 [Specify
Location], page 100, for all the possible forms of the location argument; here
are the forms of the edit command most commonly used:
edit number
Edit the current source file with number as the active line number.
edit function
Edit the file containing function at the beginning of its definition.

9.3.1 Choosing your Editor

You can customize gdb to use any editor you want1 . By default, it is ‘/bin/ex’, but you
can change this by setting the environment variable EDITOR before using gdb. For example,
to configure gdb to use the vi editor, you could use these commands with the sh shell:
EDITOR=/usr/bin/vi
export EDITOR
gdb ...
or in the csh shell,
setenv EDITOR /usr/bin/vi
gdb ...

9.4 Searching Source Files

There are two commands for searching through the current source file for a regular expres-
sion.
forward-search regexp
search regexp
The command ‘forward-search regexp’ checks each line, starting with the
one following the last line listed, for a match for regexp. It lists the line that is
found. You can use the synonym ‘search regexp’ or abbreviate the command
name as fo.
reverse-search regexp
The command ‘reverse-search regexp’ checks each line, starting with the one
before the last line listed and going backward, for a match for regexp. It lists
the line that is found. You can abbreviate this command as rev.

9.5 Specifying Source Directories

Executable programs sometimes do not record the directories of the source files from which
they were compiled, just the names. Even when they do, the directories could be moved
between the compilation and your debugging session. gdb has a list of directories to search
for source files; this is called the source path. Each time gdb wants a source file, it tries all
1
The only restriction is that your editor (say ex), recognizes the following command-line syntax:
ex +number file
The optional numeric value +number specifies the number of the line in the file where to start editing.
Chapter 9: Examining Source Files 103

the directories in the list, in the order they are present in the list, until it finds a file with
the desired name.
For example, suppose an executable references the file ‘/usr/src/foo-1.0/lib/foo.c’,
and our source path is ‘/mnt/cross’. The file is first looked up literally; if this fails,
‘/mnt/cross/usr/src/foo-1.0/lib/foo.c’ is tried; if this fails, ‘/mnt/cross/foo.c’ is
opened; if this fails, an error message is printed. gdb does not look up the parts of the source
file name, such as ‘/mnt/cross/src/foo-1.0/lib/foo.c’. Likewise, the subdirectories of
the source path are not searched: if the source path is ‘/mnt/cross’, and the binary refers
to ‘foo.c’, gdb would not find it under ‘/mnt/cross/usr/src/foo-1.0/lib’.
Plain file names, relative file names with leading directories, file names containing dots,
etc. are all treated as described above; for instance, if the source path is ‘/mnt/cross’, and
the source file is recorded as ‘../lib/foo.c’, gdb would first try ‘../lib/foo.c’, then
‘/mnt/cross/../lib/foo.c’, and after that—‘/mnt/cross/foo.c’.
Note that the executable search path is not used to locate the source files.
Whenever you reset or rearrange the source path, gdb clears out any information it has
cached about where source files are found and where each line is in the file.
When you start gdb, its source path includes only ‘cdir’ and ‘cwd’, in that order. To
add other directories, use the directory command.
The search path is used to find both program source files and gdb script files (read using
the ‘-command’ option and ‘source’ command).
In addition to the source path, gdb provides a set of commands that manage a list of
source path substitution rules. A substitution rule specifies how to rewrite source directories
stored in the program’s debug information in case the sources were moved to a different
directory between compilation and debugging. A rule is made of two strings, the first
specifying what needs to be rewritten in the path, and the second specifying how it should
be rewritten. In [set substitute-path], page 104, we name these two parts from and to
respectively. gdb does a simple string replacement of from with to at the start of the
directory part of the source file name, and uses that result instead of the original file name
to look up the sources.
Using the previous example, suppose the ‘foo-1.0’ tree has been moved from ‘/usr/src’
to ‘/mnt/cross’, then you can tell gdb to replace ‘/usr/src’ in all source path names with
‘/mnt/cross’. The first lookup will then be ‘/mnt/cross/foo-1.0/lib/foo.c’ in place of
the original location of ‘/usr/src/foo-1.0/lib/foo.c’. To define a source path substitu-
tion rule, use the set substitute-path command (see [set substitute-path], page 104).
To avoid unexpected substitution results, a rule is applied only if the from part
of the directory name ends at a directory separator. For instance, a rule substituting
‘/usr/source’ into ‘/mnt/cross’ will be applied to ‘/usr/source/foo-1.0’ but not
to ‘/usr/sourceware/foo-2.0’. And because the substitution is applied only at the
beginning of the directory name, this rule will not be applied to ‘/root/usr/source/baz.c’
either.
In many cases, you can achieve the same result using the directory command. However,
set substitute-path can be more efficient in the case where the sources are organized in
a complex tree with multiple subdirectories. With the directory command, you need to
add each subdirectory of your project. If you moved the entire tree while preserving its
104 Debugging with gdb

internal organization, then set substitute-path allows you to direct the debugger to all
the sources with one single command.
set substitute-path is also more than just a shortcut command. The source path
is only used if the file at the original location no longer exists. On the other hand, set
substitute-path modifies the debugger behavior to look at the rewritten location instead.
So, if for any reason a source file that is not relevant to your executable is located at the
original location, a substitution rule is the only method available to point gdb at the new
location.
You can configure a default source path substitution rule by configuring gdb with the
‘--with-relocated-sources=dir’ option. The dir should be the name of a directory under
gdb’s configured prefix (set with ‘--prefix’ or ‘--exec-prefix’), and directory names in
debug information under dir will be adjusted automatically if the installed gdb is moved
to a new location. This is useful if gdb, libraries or executables with debug information
and corresponding source code are being moved together.

directory dirname ...

dir dirname ...
Add directory dirname to the front of the source path. Several directory names
may be given to this command, separated by ‘:’ (‘;’ on MS-DOS and MS-
Windows, where ‘:’ usually appears as part of absolute file names) or white-
space. You may specify a directory that is already in the source path; this
moves it forward, so gdb searches it sooner.
You can use the string ‘$cdir’ to refer to the compilation directory (if one is
recorded), and ‘$cwd’ to refer to the current working directory. ‘$cwd’ is not
the same as ‘.’—the former tracks the current working directory as it changes
during your gdb session, while the latter is immediately expanded to the current
directory at the time you add an entry to the source path.
directory
Reset the source path to its default value (‘$cdir:$cwd’ on Unix systems). This
requires confirmation.
set directories path-list
Set the source path to path-list. ‘$cdir:$cwd’ are added if missing.
show directories
Print the source path: show which directories it contains.
set substitute-path from to
Define a source path substitution rule, and add it at the end of the current list
of existing substitution rules. If a rule with the same from was already defined,
then the old rule is also deleted.
For example, if the file ‘/foo/bar/baz.c’ was moved to ‘/mnt/cross/baz.c’,
then the command
(gdb) set substitute-path /usr/src /mnt/cross
will tell gdb to replace ‘/usr/src’ with ‘/mnt/cross’, which will allow gdb to
find the file ‘baz.c’ even though it was moved.
Chapter 9: Examining Source Files 105

In the case when more than one substitution rule have been defined, the rules
are evaluated one by one in the order where they have been defined. The first
one matching, if any, is selected to perform the substitution.
For instance, if we had entered the following commands:
(gdb) set substitute-path /usr/src/include /mnt/include
(gdb) set substitute-path /usr/src /mnt/src
gdb would then rewrite ‘/usr/src/include/defs.h’ into ‘/mnt/include/defs.h’
by using the first rule. However, it would use the second rule to rewrite
‘/usr/src/lib/foo.c’ into ‘/mnt/src/lib/foo.c’.
unset substitute-path [path]
If a path is specified, search the current list of substitution rules for a rule that
would rewrite that path. Delete that rule if found. A warning is emitted by
the debugger if no rule could be found.
If no path is specified, then all substitution rules are deleted.
show substitute-path [path]
If a path is specified, then print the source path substitution rule which would
rewrite that path, if any.
If no path is specified, then print all existing source path substitution rules.
If your source path is cluttered with directories that are no longer of interest, gdb may
sometimes cause confusion by finding the wrong versions of source. You can correct the
situation as follows:
1. Use directory with no argument to reset the source path to its default value.
2. Use directory with suitable arguments to reinstall the directories you want in the
source path. You can add all the directories in one command.

9.6 Source and Machine Code

You can use the command info line to map source lines to program addresses (and vice
versa), and the command disassemble to display a range of addresses as machine instruc-
tions. You can use the command set disassemble-next-line to set whether to disas-
semble next source line when execution stops. When run under gnu Emacs mode, the
info line command causes the arrow to point to the line specified. Also, info line prints
addresses in symbolic form as well as hex.
info line linespec
Print the starting and ending addresses of the compiled code for source line line-
spec. You can specify source lines in any of the ways documented in Section 9.2
[Specify Location], page 100.
For example, we can use info line to discover the location of the object code for the
first line of function m4_changequote:
(gdb) info line m4_changequote
Line 895 of "builtin.c" starts at pc 0x634c and ends at 0x6350.
We can also inquire (using *addr as the form for linespec) what source line covers a par-
ticular address:
106 Debugging with gdb

(gdb) info line *0x63ff

Line 926 of "builtin.c" starts at pc 0x63e4 and ends at 0x6404.
After info line, the default address for the x command is changed to the starting
address of the line, so that ‘x/i’ is sufficient to begin examining the machine code (see
Section 10.6 [Examining Memory], page 117). Also, this address is saved as the value of the
convenience variable $_ (see Section 10.11 [Convenience Variables], page 132).
disassemble
disassemble /m
disassemble /r
This specialized command dumps a range of memory as machine instructions. It
can also print mixed source+disassembly by specifying the /m modifier and print
the raw instructions in hex as well as in symbolic form by specifying the /r. The
default memory range is the function surrounding the program counter of the
selected frame. A single argument to this command is a program counter value;
gdb dumps the function surrounding this value. When two arguments are given,
they should be separated by a comma, possibly surrounded by whitespace. The
arguments specify a range of addresses to dump, in one of two forms:
start,end
the addresses from start (inclusive) to end (exclusive)
start,+length
the addresses from start (inclusive) to start+length (exclusive).
When 2 arguments are specified, the name of the function is also printed (since
there could be several functions in the given range).
The argument(s) can be any expression yielding a numeric value, such as
‘0x32c4’, ‘&main+10’ or ‘$pc - 8’.
If the range of memory being disassembled contains current program counter,
the instruction at that location is shown with a => marker.
The following example shows the disassembly of a range of addresses of HP PA-RISC
2.0 code:
(gdb) disas 0x32c4, 0x32e4
Dump of assembler code from 0x32c4 to 0x32e4:
0x32c4 <main+204>: addil 0,dp
0x32c8 <main+208>: ldw 0x22c(sr0,r1),r26
0x32cc <main+212>: ldil 0x3000,r31
0x32d0 <main+216>: ble 0x3f8(sr4,r31)
0x32d4 <main+220>: ldo 0(r31),rp
0x32d8 <main+224>: addil -0x800,dp
0x32dc <main+228>: ldo 0x588(r1),r26
0x32e0 <main+232>: ldil 0x3000,r31
End of assembler dump.
Here is an example showing mixed source+assembly for Intel x86, when the program is
stopped just after function prologue:
(gdb) disas /m main
Dump of assembler code for function main:
5 {
0x08048330 <+0>: push %ebp
0x08048331 <+1>: mov %esp,%ebp
Chapter 9: Examining Source Files 107

0x08048333 <+3>: sub $0x8,%esp

0x08048336 <+6>: and $0xfffffff0,%esp
0x08048339 <+9>: sub $0x10,%esp

6 printf ("Hello.\n");
=> 0x0804833c <+12>: movl $0x8048440,(%esp)
0x08048343 <+19>: call 0x8048284 <puts@plt>

7 return 0;
8 }
0x08048348 <+24>: mov $0x0,%eax
0x0804834d <+29>: leave
0x0804834e <+30>: ret

End of assembler dump.

Here is another example showing raw instructions in hex for AMD x86-64,
(gdb) disas /r 0x400281,+10
Dump of assembler code from 0x400281 to 0x40028b:
0x0000000000400281: 38 36 cmp %dh,(%rsi)
0x0000000000400283: 2d 36 34 2e 73 sub $0x732e3436,%eax
0x0000000000400288: 6f outsl %ds:(%rsi),(%dx)
0x0000000000400289: 2e 32 00 xor %cs:(%rax),%al
End of assembler dump.
Addresses cannot be specified as a linespec (see Section 9.2 [Specify Location], page 100).
So, for example, if you want to disassemble function bar in file ‘foo.c’, you must type
‘disassemble ’foo.c’::bar’ and not ‘disassemble foo.c:bar’.
Some architectures have more than one commonly-used set of instruction mnemonics or
other syntax.
For programs that were dynamically linked and use shared libraries, instructions that
call functions or branch to locations in the shared libraries might show a seemingly bogus
location—it’s actually a location of the relocation table. On some architectures, gdb might
be able to resolve these to actual function names.
set disassembly-flavor instruction-set
Select the instruction set to use when disassembling the program via the
disassemble or x/i commands.
Currently this command is only defined for the Intel x86 family. You can set
instruction-set to either intel or att. The default is att, the AT&T flavor
used by default by Unix assemblers for x86-based targets.
show disassembly-flavor
Show the current setting of the disassembly flavor.
set disassemble-next-line
show disassemble-next-line
Control whether or not gdb will disassemble the next source line or instruction
when execution stops. If ON, gdb will display disassembly of the next source
line when execution of the program being debugged stops. This is in addition
to displaying the source line itself, which gdb always does if possible. If the
next source line cannot be displayed for some reason (e.g., if gdb cannot find
the source file, or there’s no line info in the debug info), gdb will display
108 Debugging with gdb

disassembly of the next instruction instead of showing the next source line. If
AUTO, gdb will display disassembly of next instruction only if the source line
cannot be displayed. This setting causes gdb to display some feedback when
you step through a function with no line info or whose source file is unavailable.
The default is OFF, which means never display the disassembly of the next line
or instruction.
Chapter 10: Examining Data 109

10 Examining Data
The usual way to examine data in your program is with the print command (abbreviated p),
or its synonym inspect. It evaluates and prints the value of an expression of the language
your program is written in (see Chapter 15 [Using gdb with Different Languages], page 183).
It may also print the expression using a Python-based pretty-printer (see Section 10.9
[Pretty Printing], page 129).
print expr
print /f expr
expr is an expression (in the source language). By default the value of expr is
printed in a format appropriate to its data type; you can choose a different for-
mat by specifying ‘/f’, where f is a letter specifying the format; see Section 10.5
[Output Formats], page 116.
print
print /f If you omit expr, gdb displays the last value again (from the value history;
see Section 10.10 [Value History], page 131). This allows you to conveniently
inspect the same value in an alternative format.
A more low-level way of examining data is with the x command. It examines data
in memory at a specified address and prints it in a specified format. See Section 10.6
[Examining Memory], page 117.
If you are interested in information about types, or about how the fields of a struct
or a class are declared, use the ptype exp command rather than print. See Chapter 16
[Examining the Symbol Table], page 213.
Another way of examining values of expressions and type information is through the
Python extension command explore (available only if the gdb build is configured with
--with-python). It offers an interactive way to start at the highest level (or, the most
abstract level) of the data type of an expression (or, the data type itself) and explore all
the way down to leaf scalar values/fields embedded in the higher level data types.
explore arg
arg is either an expression (in the source language), or a type visible in the
current context of the program being debugged.
The working of the explore command can be illustrated with an example. If a data
type struct ComplexStruct is defined in your C program as
struct SimpleStruct
{
int i;
double d;
};

struct ComplexStruct
{
struct SimpleStruct *ss_p;
int arr[10];
};
followed by variable declarations as
110 Debugging with gdb

struct SimpleStruct ss = { 10, 1.11 };

struct ComplexStruct cs = { &ss, { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 } };
then, the value of the variable cs can be explored using the explore command as follows.
(gdb) explore cs
The value of ‘cs’ is a struct/class of type ‘struct ComplexStruct’ with
the following fields:

ss_p = <Enter 0 to explore this field of type ‘struct SimpleStruct *’>

arr = <Enter 1 to explore this field of type ‘int [10]’>

Enter the field number of choice:

Since the fields of cs are not scalar values, you are being prompted to chose the field you
want to explore. Let’s say you choose the field ss_p by entering 0. Then, since this field
is a pointer, you will be asked if it is pointing to a single value. From the declaration of
cs above, it is indeed pointing to a single value, hence you enter y. If you enter n, then
you will be asked if it were pointing to an array of values, in which case this field will be
explored as if it were an array.
‘cs.ss_p’ is a pointer to a value of type ‘struct SimpleStruct’
Continue exploring it as a pointer to a single value [y/n]: y
The value of ‘*(cs.ss_p)’ is a struct/class of type ‘struct
SimpleStruct’ with the following fields:

i = 10 .. (Value of type ‘int’)

d = 1.1100000000000001 .. (Value of type ‘double’)

Press enter to return to parent value:

If the field arr of cs was chosen for exploration by entering 1 earlier, then since it is as
array, you will be prompted to enter the index of the element in the array that you want
to explore.
‘cs.arr’ is an array of ‘int’.
Enter the index of the element you want to explore in ‘cs.arr’: 5

‘(cs.arr)[5]’ is a scalar value of type ‘int’.

(cs.arr)[5] = 4

Press enter to return to parent value:

In general, at any stage of exploration, you can go deeper towards the leaf values by
responding to the prompts appropriately, or hit the return key to return to the enclosing
data structure (the higher level data structure).
Similar to exploring values, you can use the explore command to explore types. Instead
of specifying a value (which is typically a variable name or an expression valid in the current
context of the program being debugged), you specify a type name. If you consider the
same example as above, your can explore the type struct ComplexStruct by passing the
argument struct ComplexStruct to the explore command.
(gdb) explore struct ComplexStruct
By responding to the prompts appropriately in the subsequent interactive session, you can
explore the type struct ComplexStruct in a manner similar to how the value cs was
explored in the above example.
Chapter 10: Examining Data 111

The explore command also has two sub-commands, explore value and explore type.
The former sub-command is a way to explicitly specify that value exploration of the argu-
ment is being invoked, while the latter is a way to explicitly specify that type exploration
of the argument is being invoked.
explore value expr
This sub-command of explore explores the value of the expression expr (if expr
is an expression valid in the current context of the program being debugged).
The behavior of this command is identical to that of the behavior of the explore
command being passed the argument expr.
explore type arg
This sub-command of explore explores the type of arg (if arg is a type vis-
ible in the current context of program being debugged), or the type of the
value/expression arg (if arg is an expression valid in the current context of the
program being debugged). If arg is a type, then the behavior of this command
is identical to that of the explore command being passed the argument arg.
If arg is an expression, then the behavior of this command will be identical to
that of the explore command being passed the type of arg as the argument.

10.1 Expressions
print and many other gdb commands accept an expression and compute its value. Any
kind of constant, variable or operator defined by the programming language you are using
is valid in an expression in gdb. This includes conditional expressions, function calls, casts,
and string constants. It also includes preprocessor macros, if you compiled your program
to include this information; see Section 4.1 [Compilation], page 25.
gdb supports array constants in expressions input by the user. The syntax is {element,
element. . . }. For example, you can use the command print {1, 2, 3} to create an array
of three integers. If you pass an array to a function or assign it to a program variable, gdb
copies the array to memory that is malloced in the target program.
Because C is so widespread, most of the expressions shown in examples in this manual
are in C. See Chapter 15 [Using gdb with Different Languages], page 183, for information
on how to use expressions in other languages.
In this section, we discuss operators that you can use in gdb expressions regardless of
your programming language.
Casts are supported in all languages, not just in C, because it is so useful to cast a
number into a pointer in order to examine a structure at that address in memory.
gdb supports these operators, in addition to those common to programming languages:
@ ‘@’ is a binary operator for treating parts of memory as arrays. See Section 10.4
[Artificial Arrays], page 115, for more information.
:: ‘::’ allows you to specify a variable in terms of the file or function where it is
defined. See Section 10.3 [Program Variables], page 113.
{type} addr
Refers to an object of type type stored at address addr in memory. The address
addr may be any expression whose value is an integer or pointer (but parenthe-
112 Debugging with gdb

ses are required around binary operators, just as in a cast). This construct is
allowed regardless of what kind of data is normally supposed to reside at addr.

10.2 Ambiguous Expressions

Expressions can sometimes contain some ambiguous elements. For instance, some program-
ming languages (notably Ada, C++ and Objective-C) permit a single function name to be
defined several times, for application in different contexts. This is called overloading. An-
other example involving Ada is generics. A generic package is similar to C++ templates and
is typically instantiated several times, resulting in the same function name being defined in
different contexts.
In some cases and depending on the language, it is possible to adjust the expression to
remove the ambiguity. For instance in C++, you can specify the signature of the function
you want to break on, as in break function(types). In Ada, using the fully qualified
name of your function often makes the expression unambiguous as well.
When an ambiguity that needs to be resolved is detected, the debugger has the capability
to display a menu of numbered choices for each possibility, and then waits for the selection
with the prompt ‘>’. The first option is always ‘[0] cancel’, and typing 0 RET aborts the
current command. If the command in which the expression was used allows more than one
choice to be selected, the next option in the menu is ‘[1] all’, and typing 1 RET selects all
possible choices.
For example, the following session excerpt shows an attempt to set a breakpoint at the
overloaded symbol String::after. We choose three particular definitions of that function
name:
(gdb) b String::after
[0] cancel
[1] all
[2] file:String.cc; line number:867
[3] file:String.cc; line number:860
[4] file:String.cc; line number:875
[5] file:String.cc; line number:853
[6] file:String.cc; line number:846
[7] file:String.cc; line number:735
> 2 4 6
Breakpoint 1 at 0xb26c: file String.cc, line 867.
Breakpoint 2 at 0xb344: file String.cc, line 875.
Breakpoint 3 at 0xafcc: file String.cc, line 846.
Multiple breakpoints were set.
Use the "delete" command to delete unwanted
breakpoints.
(gdb)

set multiple-symbols mode

This option allows you to adjust the debugger behavior when an expression is
ambiguous.
By default, mode is set to all. If the command with which the expression is
used allows more than one choice, then gdb automatically selects all possible
choices. For instance, inserting a breakpoint on a function using an ambiguous
name results in a breakpoint inserted on each possible match. However, if a
unique choice must be made, then gdb uses the menu to help you disambiguate
Chapter 10: Examining Data 113

the expression. For instance, printing the address of an overloaded function will
result in the use of the menu.
When mode is set to ask, the debugger always uses the menu when an ambiguity
is detected.
Finally, when mode is set to cancel, the debugger reports an error due to the
ambiguity and the command is aborted.
show multiple-symbols
Show the current value of the multiple-symbols setting.

10.3 Program Variables

The most common kind of expression to use is the name of a variable in your program.
Variables in expressions are understood in the selected stack frame (see Section 8.4
[Selecting a Frame], page 97); they must be either:
• global (or file-static)
or
• visible according to the scope rules of the programming language from the point of
execution in that frame
This means that in the function
foo (a)
int a;
{
bar (a);
{
int b = test ();
bar (b);
}
}
you can examine and use the variable a whenever your program is executing within the
function foo, but you can only use or examine the variable b while your program is executing
inside the block where b is declared.
There is an exception: you can refer to a variable or function whose scope is a single
source file even if the current execution point is not in this file. But it is possible to have
more than one such variable or function with the same name (in different source files). If
that happens, referring to that name has unpredictable effects. If you wish, you can specify
a static variable in a particular function or file by using the colon-colon (::) notation:
file::variable
function::variable
Here file or function is the name of the context for the static variable. In the case of file
names, you can use quotes to make sure gdb parses the file name as a single word—for
example, to print a global value of x defined in ‘f2.c’:
(gdb) p ’f2.c’::x
The :: notation is normally used for referring to static variables, since you typically
disambiguate uses of local variables in functions by selecting the appropriate frame and
using the simple name of the variable. However, you may also use this notation to refer to
local variables in frames enclosing the selected frame:
114 Debugging with gdb

void
foo (int a)
{
if (a < 10)
bar (a);
else
process (a); /* Stop here */
}

int
bar (int a)
{
foo (a + 5);
}
For example, if there is a breakpoint at the commented line, here is what you might see
when the program stops after executing the call bar(0):
(gdb) p a
$1 = 10
(gdb) p bar::a
$2 = 5
(gdb) up 2
#2 0x080483d0 in foo (a=5) at foobar.c:12
(gdb) p a
$3 = 5
(gdb) p bar::a
$4 = 0
These uses of ‘::’ are very rarely in conflict with the very similar use of the same notation
in C++. When they are in conflict, the C++ meaning takes precedence; however, this can be
overridden by quoting the file or function name with single quotes.
For example, suppose the program is stopped in a method of a class that has a field
named includefile, and there is also an include file named ‘includefile’ that defines a
variable, some_global.
(gdb) p includefile
$1 = 23
(gdb) p includefile::some_global
A syntax error in expression, near ‘’.
(gdb) p ’includefile’::some_global
$2 = 27
Warning: Occasionally, a local variable may appear to have the wrong value
at certain points in a function—just after entry to a new scope, and just before
exit.
You may see this problem when you are stepping by machine instructions. This is
because, on most machines, it takes more than one instruction to set up a stack frame
(including local variable definitions); if you are stepping by machine instructions, variables
may appear to have the wrong values until the stack frame is completely built. On exit, it
usually also takes more than one machine instruction to destroy a stack frame; after you
begin stepping through that group of instructions, local variable definitions may be gone.
This may also happen when the compiler does significant optimizations. To be sure of
always seeing accurate values, turn off all optimization when compiling.
Another possible effect of compiler optimizations is to optimize unused variables out of
existence, or assign variables to registers (as opposed to memory addresses). Depending
Chapter 10: Examining Data 115

on the support for such cases offered by the debug info format used by the compiler, gdb
might not be able to display values for such local variables. If that happens, gdb will print
a message like this:
No symbol "foo" in current context.
To solve such problems, either recompile without optimizations, or use a different debug
info format, if the compiler supports several such formats. See Section 4.1 [Compilation],
page 25, for more information on choosing compiler options. See Section 15.4.1 [C and
C++], page 187, for more information about debug info formats that are best suited to C++
programs.
If you ask to print an object whose contents are unknown to gdb, e.g., because its
data type is not completely specified by the debug information, gdb will say ‘<incomplete
type>’. See Chapter 16 [Symbols], page 213, for more about this.
If you append @entry string to a function parameter name you get its value at the time
the function got called. If the value is not available an error message is printed. Entry
values are available only with some compilers. Entry values are normally also printed at
the function parameter list according to [set print entry-values], page 124.
Breakpoint 1, d (i=30) at gdb.base/entry-value.c:29
29 i++;
(gdb) next
30 e (i);
(gdb) print i
$1 = 31
(gdb) print i@entry
$2 = 30
Strings are identified as arrays of char values without specified signedness. Arrays of
either signed char or unsigned char get printed as arrays of 1 byte sized integers. -
fsigned-char or -funsigned-char gcc options have no effect as gdb defines literal string
type "char" as char without a sign. For program code
char var0[] = "A";
signed char var1[] = "A";
You get during debugging
(gdb) print var0
$1 = "A"
(gdb) print var1
$2 = {65 ’A’, 0 ’\0’}

10.4 Artificial Arrays

It is often useful to print out several successive objects of the same type in memory; a
section of an array, or an array of dynamically determined size for which only a pointer
exists in the program.
You can do this by referring to a contiguous span of memory as an artificial array, using
the binary operator ‘@’. The left operand of ‘@’ should be the first element of the desired
array and be an individual object. The right operand should be the desired length of the
array. The result is an array value whose elements are all of the type of the left argument.
The first element is actually the left argument; the second element comes from bytes of
memory immediately following those that hold the first element, and so on. Here is an
example. If a program says
116 Debugging with gdb

int *array = (int *) malloc (len * sizeof (int));

you can print the contents of array with
p *array@len
The left operand of ‘@’ must reside in memory. Array values made with ‘@’ in this way
behave just like other arrays in terms of subscripting, and are coerced to pointers when
used in expressions. Artificial arrays most often appear in expressions via the value history
(see Section 10.10 [Value History], page 131), after printing one out.
Another way to create an artificial array is to use a cast. This re-interprets a value as if
it were an array. The value need not be in memory:
(gdb) p/x (short[2])0x12345678
$1 = {0x1234, 0x5678}
As a convenience, if you leave the array length out (as in ‘(type[])value’) gdb calcu-
lates the size to fill the value (as ‘sizeof(value)/sizeof(type)’:
(gdb) p/x (short[])0x12345678
$2 = {0x1234, 0x5678}
Sometimes the artificial array mechanism is not quite enough; in moderately complex
data structures, the elements of interest may not actually be adjacent—for example, if you
are interested in the values of pointers in an array. One useful work-around in this situation
is to use a convenience variable (see Section 10.11 [Convenience Variables], page 132) as
a counter in an expression that prints the first interesting value, and then repeat that
expression via RET. For instance, suppose you have an array dtab of pointers to structures,
and you are interested in the values of a field fv in each structure. Here is an example of
what you might type:
set $i = 0
p dtab[$i++]->fv
RET
RET
...

10.5 Output Formats

By default, gdb prints a value according to its data type. Sometimes this is not what you
want. For example, you might want to print a number in hex, or a pointer in decimal. Or
you might want to view data in memory at a certain address as a character string or as an
instruction. To do these things, specify an output format when you print a value.
The simplest use of output formats is to say how to print a value already computed.
This is done by starting the arguments of the print command with a slash and a format
letter. The format letters supported are:
x Regard the bits of the value as an integer, and print the integer in hexadecimal.
d Print as integer in signed decimal.
u Print as integer in unsigned decimal.
o Print as integer in octal.
t Print as integer in binary. The letter ‘t’ stands for “two”.1
1
‘b’ cannot be used because these format letters are also used with the x command, where ‘b’ stands for
“byte”; see Section 10.6 [Examining Memory], page 117.
Chapter 10: Examining Data 117

a Print as an address, both absolute in hexadecimal and as an offset from the

nearest preceding symbol. You can use this format used to discover where (in
what function) an unknown address is located:
(gdb) p/a 0x54320
$3 = 0x54320 <_initialize_vx+396>
The command info symbol 0x54320 yields similar results. See Chapter 16
[Symbols], page 213.
c Regard as an integer and print it as a character constant. This prints both the
numerical value and its character representation. The character representation
is replaced with the octal escape ‘\nnn’ for characters outside the 7-bit ascii
range.
Without this format, gdb displays char, unsigned char, and signed char
data as character constants. Single-byte members of vectors are displayed as
integer data.
f Regard the bits of the value as a floating point number and print using typical
floating point syntax.
s Regard as a string, if possible. With this format, pointers to single-byte data are
displayed as null-terminated strings and arrays of single-byte data are displayed
as fixed-length strings. Other values are displayed in their natural types.
Without this format, gdb displays pointers to and arrays of char,
unsigned char, and signed char as strings. Single-byte members of a vector
are displayed as an integer array.
z Like ‘x’ formatting, the value is treated as an integer and printed as hexadec-
imal, but leading zeros are printed to pad the value to the size of the integer
type.
r Print using the ‘raw’ formatting. By default, gdb will use a Python-based
pretty-printer, if one is available (see Section 10.9 [Pretty Printing], page 129).
This typically results in a higher-level display of the value’s contents. The ‘r’
format bypasses any Python pretty-printer which might exist.
For example, to print the program counter in hex (see Section 10.13 [Registers],
page 137), type
p/x $pc
Note that no space is required before the slash; this is because command names in gdb
cannot contain a slash.
To reprint the last value in the value history with a different format, you can use the
print command with just a format and no expression. For example, ‘p/x’ reprints the last
value in hex.

10.6 Examining Memory

You can use the command x (for “examine”) to examine memory in any of several formats,
independently of your program’s data types.
118 Debugging with gdb

x/nfu addr
x addr
x Use the x command to examine memory.
n, f, and u are all optional parameters that specify how much memory to display and how
to format it; addr is an expression giving the address where you want to start displaying
memory. If you use defaults for nfu, you need not type the slash ‘/’. Several commands set
convenient defaults for addr.
n, the repeat count
The repeat count is a decimal integer; the default is 1. It specifies how much
memory (counting by units u) to display.
f, the display format
The display format is one of the formats used by print (‘x’, ‘d’, ‘u’, ‘o’, ‘t’,
‘a’, ‘c’, ‘f’, ‘s’), and in addition ‘i’ (for machine instructions). The default is
‘x’ (hexadecimal) initially. The default changes each time you use either x or
print.
u, the unit size
The unit size is any of
b Bytes.
h Halfwords (two bytes).
w Words (four bytes). This is the initial default.
g Giant words (eight bytes).
Each time you specify a unit size with x, that size becomes the default unit
the next time you use x. For the ‘i’ format, the unit size is ignored and is
normally not written. For the ‘s’ format, the unit size defaults to ‘b’, unless it
is explicitly given. Use x /hs to display 16-bit char strings and x /ws to display
32-bit strings. The next use of x /s will again display 8-bit strings. Note that
the results depend on the programming language of the current compilation
unit. If the language is C, the ‘s’ modifier will use the UTF-16 encoding while
‘w’ will use UTF-32. The encoding is set by the programming language and
cannot be altered.
addr, starting display address
addr is the address where you want gdb to begin displaying memory. The ex-
pression need not have a pointer value (though it may); it is always interpreted
as an integer address of a byte of memory. See Section 10.1 [Expressions],
page 111, for more information on expressions. The default for addr is usu-
ally just after the last address examined—but several other commands also set
the default address: info breakpoints (to the address of the last breakpoint
listed), info line (to the starting address of a line), and print (if you use it
to display a value from memory).
For example, ‘x/3uh 0x54320’ is a request to display three halfwords (h) of memory,
formatted as unsigned decimal integers (‘u’), starting at address 0x54320. ‘x/4xw $sp’
Chapter 10: Examining Data 119

prints the four words (‘w’) of memory above the stack pointer (here, ‘$sp’; see Section 10.13
[Registers], page 137) in hexadecimal (‘x’).
Since the letters indicating unit sizes are all distinct from the letters specifying output
formats, you do not have to remember whether unit size or format comes first; either order
works. The output specifications ‘4xw’ and ‘4wx’ mean exactly the same thing. (However,
the count n must come first; ‘wx4’ does not work.)
Even though the unit size u is ignored for the formats ‘s’ and ‘i’, you might still want to
use a count n; for example, ‘3i’ specifies that you want to see three machine instructions,
including any operands. For convenience, especially when used with the display command,
the ‘i’ format also prints branch delay slot instructions, if any, beyond the count specified,
which immediately follow the last instruction that is within the count. The command
disassemble gives an alternative way of inspecting machine instructions; see Section 9.6
[Source and Machine Code], page 105.
All the defaults for the arguments to x are designed to make it easy to continue scanning
memory with minimal specifications each time you use x. For example, after you have
inspected three machine instructions with ‘x/3i addr’, you can inspect the next seven with
just ‘x/7’. If you use RET to repeat the x command, the repeat count n is used again; the
other arguments default as for successive uses of x.
When examining machine instructions, the instruction at current program counter is
shown with a => marker. For example:
(gdb) x/5i $pc-6
0x804837f <main+11>: mov %esp,%ebp
0x8048381 <main+13>: push %ecx
0x8048382 <main+14>: sub $0x4,%esp
=> 0x8048385 <main+17>: movl $0x8048460,(%esp)
0x804838c <main+24>: call 0x80482d4 <puts@plt>
The addresses and contents printed by the x command are not saved in the value history
because there is often too much of them and they would get in the way. Instead, gdb
makes these values available for subsequent use in expressions as values of the convenience
variables $_ and $__. After an x command, the last address examined is available for use
in expressions in the convenience variable $_. The contents of that address, as examined,
are available in the convenience variable $__.
If the x command has a repeat count, the address and contents saved are from the last
memory unit printed; this is not the same as the last address printed if several units were
printed on the last line of output.
When you are debugging a program running on a remote target machine (see Chapter 20
[Remote Debugging], page 251), you may wish to verify the program’s image in the remote
machine’s memory against the executable file you downloaded to the target. Or, on any
target, you may want to check whether the program has corrupted its own read-only sections.
The compare-sections command is provided for such situations.
compare-sections [section-name|-r]
Compare the data of a loadable section section-name in the executable file of the
program being debugged with the same section in the target machine’s memory,
and report any mismatches. With no arguments, compares all loadable sections.
With an argument of -r, compares all loadable read-only sections.
120 Debugging with gdb

Note: for remote targets, this command can be accelerated if the target sup-
ports computing the CRC checksum of a block of memory (see [qCRC packet],
page 612).

10.7 Automatic Display

If you find that you want to print the value of an expression frequently (to see how it
changes), you might want to add it to the automatic display list so that gdb prints its
value each time your program stops. Each expression added to the list is given a number to
identify it; to remove an expression from the list, you specify that number. The automatic
display looks like this:
2: foo = 38
3: bar[5] = (struct hack *) 0x3804
This display shows item numbers, expressions and their current values. As with displays
you request manually using x or print, you can specify the output format you prefer; in
fact, display decides whether to use print or x depending your format specification—it
uses x if you specify either the ‘i’ or ‘s’ format, or a unit size; otherwise it uses print.
display expr
Add the expression expr to the list of expressions to display each time your
program stops. See Section 10.1 [Expressions], page 111.
display does not repeat if you press RET again after using it.
display/fmt expr
For fmt specifying only a display format and not a size or count, add the
expression expr to the auto-display list but arrange to display it each time in
the specified format fmt. See Section 10.5 [Output Formats], page 116.
display/fmt addr
For fmt ‘i’ or ‘s’, or including a unit-size or a number of units, add the expres-
sion addr as a memory address to be examined each time your program stops.
Examining means in effect doing ‘x/fmt addr’. See Section 10.6 [Examining
Memory], page 117.
For example, ‘display/i $pc’ can be helpful, to see the machine instruction about to
be executed each time execution stops (‘$pc’ is a common name for the program counter;
see Section 10.13 [Registers], page 137).
undisplay dnums...
delete display dnums...
Remove items from the list of expressions to display. Specify the numbers of
the displays that you want affected with the command argument dnums. It can
be a single display number, one of the numbers shown in the first field of the
‘info display’ display; or it could be a range of display numbers, as in 2-4.
undisplay does not repeat if you press RET after using it. (Otherwise you would
just get the error ‘No display number ...’.)
disable display dnums...
Disable the display of item numbers dnums. A disabled display item is not
printed automatically, but is not forgotten. It may be enabled again later.
Chapter 10: Examining Data 121

Specify the numbers of the displays that you want affected with the command
argument dnums. It can be a single display number, one of the numbers shown
in the first field of the ‘info display’ display; or it could be a range of display
numbers, as in 2-4.
enable display dnums...
Enable display of item numbers dnums. It becomes effective once again in auto
display of its expression, until you specify otherwise. Specify the numbers of
the displays that you want affected with the command argument dnums. It can
be a single display number, one of the numbers shown in the first field of the
‘info display’ display; or it could be a range of display numbers, as in 2-4.
display Display the current values of the expressions on the list, just as is done when
your program stops.
info display
Print the list of expressions previously set up to display automatically, each
one with its item number, but without showing the values. This includes dis-
abled expressions, which are marked as such. It also includes expressions which
would not be displayed right now because they refer to automatic variables not
currently available.
If a display expression refers to local variables, then it does not make sense outside the
lexical context for which it was set up. Such an expression is disabled when execution enters
a context where one of its variables is not defined. For example, if you give the command
display last_char while inside a function with an argument last_char, gdb displays
this argument while your program continues to stop inside that function. When it stops
elsewhere—where there is no variable last_char—the display is disabled automatically.
The next time your program stops where last_char is meaningful, you can enable the
display expression once again.

10.8 Print Settings

gdb provides the following ways to control how arrays, structures, and symbols are printed.
These settings are useful for debugging programs in any language:
set print address
set print address on
gdb prints memory addresses showing the location of stack traces, structure
values, pointer values, breakpoints, and so forth, even when it also displays the
contents of those addresses. The default is on. For example, this is what a
stack frame display looks like with set print address on:
(gdb) f
#0 set_quotes (lq=0x34c78 "<<", rq=0x34c88 ">>")
at input.c:530
530 if (lquote != def_lquote)

set print address off

Do not print addresses when displaying their contents. For example, this is the
same stack frame displayed with set print address off:
122 Debugging with gdb

(gdb) set print addr off

(gdb) f
#0 set_quotes (lq="<<", rq=">>") at input.c:530
530 if (lquote != def_lquote)
You can use ‘set print address off’ to eliminate all machine dependent dis-
plays from the gdb interface. For example, with print address off, you
should get the same text for backtraces on all machines—whether or not they
involve pointer arguments.
show print address
Show whether or not addresses are to be printed.
When gdb prints a symbolic address, it normally prints the closest earlier symbol plus
an offset. If that symbol does not uniquely identify the address (for example, it is a name
whose scope is a single source file), you may need to clarify. One way to do this is with info
line, for example ‘info line *0x4537’. Alternately, you can set gdb to print the source
file and line number when it prints a symbolic address:
set print symbol-filename on
Tell gdb to print the source file name and line number of a symbol in the
symbolic form of an address.
set print symbol-filename off
Do not print source file name and line number of a symbol. This is the default.
show print symbol-filename
Show whether or not gdb will print the source file name and line number of a
symbol in the symbolic form of an address.
Another situation where it is helpful to show symbol filenames and line numbers is when
disassembling code; gdb shows you the line number and source file that corresponds to each
instruction.
Also, you may wish to see the symbolic form only if the address being printed is reason-
ably close to the closest earlier symbol:
set print max-symbolic-offset max-offset
set print max-symbolic-offset unlimited
Tell gdb to only display the symbolic form of an address if the offset between
the closest earlier symbol and the address is less than max-offset. The default
is unlimited, which tells gdb to always print the symbolic form of an address
if any symbol precedes it. Zero is equivalent to unlimited.
show print max-symbolic-offset
Ask how large the maximum offset is that gdb prints in a symbolic address.
If you have a pointer and you are not sure where it points, try ‘set print
symbol-filename on’. Then you can determine the name and source file location of the
variable where it points, using ‘p/a pointer’. This interprets the address in symbolic
form. For example, here gdb shows that a variable ptt points at another variable t,
defined in ‘hi2.c’:
(gdb) set print symbol-filename on
(gdb) p/a ptt
Chapter 10: Examining Data 123

$4 = 0xe008 <t in hi2.c>

Warning: For pointers that point to a local variable, ‘p/a’ does not show the
symbol name and filename of the referent, even with the appropriate set print
options turned on.
You can also enable ‘/a’-like formatting all the time using ‘set print symbol on’:
set print symbol on
Tell gdb to print the symbol corresponding to an address, if one exists.
set print symbol off
Tell gdb not to print the symbol corresponding to an address. In this mode,
gdb will still print the symbol corresponding to pointers to functions. This is
the default.
show print symbol
Show whether gdb will display the symbol corresponding to an address.
Other settings control how different kinds of objects are printed:
set print array
set print array on
Pretty print arrays. This format is more convenient to read, but uses more
space. The default is off.
set print array off
Return to compressed format for arrays.
show print array
Show whether compressed or pretty format is selected for displaying arrays.
set print array-indexes
set print array-indexes on
Print the index of each element when displaying arrays. May be more convenient
to locate a given element in the array or quickly find the index of a given element
in that printed array. The default is off.
set print array-indexes off
Stop printing element indexes when displaying arrays.
show print array-indexes
Show whether the index of each element is printed when displaying arrays.
set print elements number-of-elements
set print elements unlimited
Set a limit on how many elements of an array gdb will print. If gdb is printing
a large array, it stops printing after it has printed the number of elements set
by the set print elements command. This limit also applies to the display of
strings. When gdb starts, this limit is set to 200. Setting number-of-elements
to unlimited or zero means that the number of elements to print is unlimited.
show print elements
Display the number of elements of a large array that gdb will print. If the
number is 0, then the printing is unlimited.
124 Debugging with gdb

set print frame-arguments value

This command allows to control how the values of arguments are printed when
the debugger prints a frame (see Section 8.1 [Frames], page 91). The possible
values are:
all The values of all arguments are printed.
scalars Print the value of an argument only if it is a scalar. The value of
more complex arguments such as arrays, structures, unions, etc, is
replaced by .... This is the default. Here is an example where
only scalar arguments are shown:
#1 0x08048361 in call_me (i=3, s=..., ss=0xbf8d508c, u=..., e=green)
at frame-args.c:23
none None of the argument values are printed. Instead, the value of each
argument is replaced by .... In this case, the example above now
becomes:
#1 0x08048361 in call_me (i=..., s=..., ss=..., u=..., e=...)
at frame-args.c:23

By default, only scalar arguments are printed. This command can be used to
configure the debugger to print the value of all arguments, regardless of their
type. However, it is often advantageous to not print the value of more complex
parameters. For instance, it reduces the amount of information printed in each
frame, making the backtrace more readable. Also, it improves performance
when displaying Ada frames, because the computation of large arguments can
sometimes be CPU-intensive, especially in large applications. Setting print
frame-arguments to scalars (the default) or none avoids this computation,
thus speeding up the display of each Ada frame.
show print frame-arguments
Show how the value of arguments should be displayed when printing a frame.
set print raw frame-arguments on
Print frame arguments in raw, non pretty-printed, form.
set print raw frame-arguments off
Print frame arguments in pretty-printed form, if there is a pretty-printer for the
value (see Section 10.9 [Pretty Printing], page 129), otherwise print the value
in raw form. This is the default.
show print raw frame-arguments
Show whether to print frame arguments in raw form.
set print entry-values value
Set printing of frame argument values at function entry. In some cases gdb can
determine the value of function argument which was passed by the function
caller, even if the value was modified inside the called function and therefore is
different. With optimized code, the current value could be unavailable, but the
entry value may still be known.
The default value is default (see below for its description). Older gdb behaved
as with the setting no. Compilers not supporting this feature will behave in the
default setting the same way as with the no setting.
Chapter 10: Examining Data 125

This functionality is currently supported only by DWARF 2 debugging format

and the compiler has to produce ‘DW_TAG_GNU_call_site’ tags. With gcc,
you need to specify ‘-O -g’ during compilation, to get this information.
The value parameter can be one of the following:
no Print only actual parameter values, never print values from function
entry point.
#0 equal (val=5)
#0 different (val=6)
#0 lost (val=<optimized out>)
#0 born (val=10)
#0 invalid (val=<optimized out>)
only Print only parameter values from function entry point. The actual
parameter values are never printed.
#0 equal (val@entry=5)
#0 different (val@entry=5)
#0 lost (val@entry=5)
#0 born (val@entry=<optimized out>)
#0 invalid (val@entry=<optimized out>)
preferred
Print only parameter values from function entry point. If value
from function entry point is not known while the actual value is
known, print the actual value for such parameter.
#0 equal (val@entry=5)
#0 different (val@entry=5)
#0 lost (val@entry=5)
#0 born (val=10)
#0 invalid (val@entry=<optimized out>)
if-needed
Print actual parameter values. If actual parameter value is not
known while value from function entry point is known, print the
entry point value for such parameter.
#0 equal (val=5)
#0 different (val=6)
#0 lost (val@entry=5)
#0 born (val=10)
#0 invalid (val=<optimized out>)
both Always print both the actual parameter value and its value from
function entry point, even if values of one or both are not available
due to compiler optimizations.
#0 equal (val=5, val@entry=5)
#0 different (val=6, val@entry=5)
#0 lost (val=<optimized out>, val@entry=5)
#0 born (val=10, val@entry=<optimized out>)
#0 invalid (val=<optimized out>, val@entry=<optimized out>)
compact Print the actual parameter value if it is known and also its value
from function entry point if it is known. If neither is known, print
for the actual value <optimized out>. If not in MI mode (see
Chapter 27 [GDB/MI], page 451) and if both values are known and
identical, print the shortened param=param@entry=VALUE notation.
126 Debugging with gdb

#0 equal (val=val@entry=5)
#0 different (val=6, val@entry=5)
#0 lost (val@entry=5)
#0 born (val=10)
#0 invalid (val=<optimized out>)

default Always print the actual parameter value. Print also its value from
function entry point, but only if it is known. If not in MI mode (see
Chapter 27 [GDB/MI], page 451) and if both values are known and
identical, print the shortened param=param@entry=VALUE notation.
#0 equal (val=val@entry=5)
#0 different (val=6, val@entry=5)
#0 lost (val=<optimized out>, val@entry=5)
#0 born (val=10)
#0 invalid (val=<optimized out>)

For analysis messages on possible failures of frame argument values at function

entry resolution see [set debug entry-values], page 152.
show print entry-values
Show the method being used for printing of frame argument values at function
entry.
set print repeats number-of-repeats
set print repeats unlimited
Set the threshold for suppressing display of repeated array elements. When
the number of consecutive identical elements of an array exceeds the threshold,
gdb prints the string "<repeats n times>", where n is the number of identical
repetitions, instead of displaying the identical elements themselves. Setting
the threshold to unlimited or zero will cause all elements to be individually
printed. The default threshold is 10.
show print repeats
Display the current threshold for printing repeated identical elements.
set print null-stop
Cause gdb to stop printing the characters of an array when the first null
is encountered. This is useful when large arrays actually contain only short
strings. The default is off.
show print null-stop
Show whether gdb stops printing an array on the first null character.
set print pretty on
Cause gdb to print structures in an indented format with one member per line,
like this:
$1 = {
next = 0x0,
flags = {
sweet = 1,
sour = 1
},
meat = 0x54 "Pork"
}
Chapter 10: Examining Data 127

set print pretty off

Cause gdb to print structures in a compact format, like this:
$1 = {next = 0x0, flags = {sweet = 1, sour = 1}, \
meat = 0x54 "Pork"}
This is the default format.
show print pretty
Show which format gdb is using to print structures.
set print sevenbit-strings on
Print using only seven-bit characters; if this option is set, gdb displays any
eight-bit characters (in strings or character values) using the notation \nnn.
This setting is best if you are working in English (ascii) and you use the high-
order bit of characters as a marker or “meta” bit.
set print sevenbit-strings off
Print full eight-bit characters. This allows the use of more international char-
acter sets, and is the default.
show print sevenbit-strings
Show whether or not gdb is printing only seven-bit characters.
set print union on
Tell gdb to print unions which are contained in structures and other unions.
This is the default setting.
set print union off
Tell gdb not to print unions which are contained in structures and other unions.
gdb will print "{...}" instead.
show print union
Ask gdb whether or not it will print unions which are contained in structures
and other unions.
For example, given the declarations
typedef enum {Tree, Bug} Species;
typedef enum {Big_tree, Acorn, Seedling} Tree_forms;
typedef enum {Caterpillar, Cocoon, Butterfly}
Bug_forms;

struct thing {
Species it;
union {
Tree_forms tree;
Bug_forms bug;
} form;
};

struct thing foo = {Tree, {Acorn}};

with set print union on in effect ‘p foo’ would print
$1 = {it = Tree, form = {tree = Acorn, bug = Cocoon}}
and with set print union off in effect it would print
$1 = {it = Tree, form = {...}}
set print union affects programs written in C-like languages and in Pascal.
128 Debugging with gdb

These settings are of interest when debugging C++ programs:

set print demangle
set print demangle on
Print C++ names in their source form rather than in the encoded (“mangled”)
form passed to the assembler and linker for type-safe linkage. The default is
on.
show print demangle
Show whether C++ names are printed in mangled or demangled form.
set print asm-demangle
set print asm-demangle on
Print C++ names in their source form rather than their mangled form, even in
assembler code printouts such as instruction disassemblies. The default is off.
show print asm-demangle
Show whether C++ names in assembly listings are printed in mangled or de-
mangled form.
set demangle-style style
Choose among several encoding schemes used by different compilers to represent
C++ names. The choices for style are currently:
auto Allow gdb to choose a decoding style by inspecting your program.
This is the default.
gnu Decode based on the gnu C++ compiler (g++) encoding algorithm.
hp Decode based on the HP ANSI C++ (aCC) encoding algorithm.
lucid Decode based on the Lucid C++ compiler (lcc) encoding algorithm.
arm Decode using the algorithm in the C++ Annotated Reference Man-
ual. Warning: this setting alone is not sufficient to allow debugging
cfront-generated executables. gdb would require further enhance-
ment to permit that.
If you omit style, you will see a list of possible formats.
show demangle-style
Display the encoding style currently in use for decoding C++ symbols.
set print object
set print object on
When displaying a pointer to an object, identify the actual (derived) type of
the object rather than the declared type, using the virtual function table. Note
that the virtual function table is required—this feature can only work for objects
that have run-time type identification; a single virtual method in the object’s
declared type is sufficient. Note that this setting is also taken into account when
working with variable objects via MI (see Chapter 27 [GDB/MI], page 451).
set print object off
Display only the declared type of objects, without reference to the virtual func-
tion table. This is the default setting.
Chapter 10: Examining Data 129

show print object

Show whether actual, or declared, object types are displayed.
set print static-members
set print static-members on
Print static members when displaying a C++ object. The default is on.
set print static-members off
Do not print static members when displaying a C++ object.
show print static-members
Show whether C++ static members are printed or not.
set print pascal_static-members
set print pascal_static-members on
Print static members when displaying a Pascal object. The default is on.
set print pascal_static-members off
Do not print static members when displaying a Pascal object.
show print pascal_static-members
Show whether Pascal static members are printed or not.
set print vtbl
set print vtbl on
Pretty print C++ virtual function tables. The default is off. (The vtbl com-
mands do not work on programs compiled with the HP ANSI C++ compiler
(aCC).)
set print vtbl off
Do not pretty print C++ virtual function tables.
show print vtbl
Show whether C++ virtual function tables are pretty printed, or not.

10.9 Pretty Printing

gdb provides a mechanism to allow pretty-printing of values using Python code. It greatly
simplifies the display of complex objects. This mechanism works for both MI and the CLI.

10.9.1 Pretty-Printer Introduction

When gdb prints a value, it first sees if there is a pretty-printer registered for the value.
If there is then gdb invokes the pretty-printer to print the value. Otherwise the value is
printed normally.
Pretty-printers are normally named. This makes them easy to manage. The ‘info
pretty-printer’ command will list all the installed pretty-printers with their names. If a
pretty-printer can handle multiple data types, then its subprinters are the printers for the
individual data types. Each such subprinter has its own name. The format of the name is
printer-name;subprinter-name.
Pretty-printers are installed by registering them with gdb. Typically they are auto-
matically loaded and registered when the corresponding debug information is loaded, thus
making them available without having to do anything special.
There are three places where a pretty-printer can be registered.
130 Debugging with gdb

• Pretty-printers registered globally are available when debugging all inferiors.

• Pretty-printers registered with a program space are available only when debugging that
program. See Section 23.2.2.21 [Progspaces In Python], page 362, for more details on
program spaces in Python.
• Pretty-printers registered with an objfile are loaded and unloaded with the correspond-
ing objfile (e.g., shared library). See Section 23.2.2.22 [Objfiles In Python], page 363,
for more details on objfiles in Python.
See Section 23.2.2.6 [Selecting Pretty-Printers], page 333, for further information on how
pretty-printers are selected,
See Section 23.2.2.7 [Writing a Pretty-Printer], page 334, for implementing pretty print-
ers for new types.

10.9.2 Pretty-Printer Example

Here is how a C++ std::string looks without a pretty-printer:
(gdb) print s
$1 = {
static npos = 4294967295,
_M_dataplus = {
<std::allocator<char>> = {
<__gnu_cxx::new_allocator<char>> = {
<No data fields>}, <No data fields>
},
members of std::basic_string<char, std::char_traits<char>,
std::allocator<char> >::_Alloc_hider:
_M_p = 0x804a014 "abcd"
}
}
With a pretty-printer for std::string only the contents are printed:
(gdb) print s
$2 = "abcd"

10.9.3 Pretty-Printer Commands

info pretty-printer [object-regexp [name-regexp]]
Print the list of installed pretty-printers. This includes disabled pretty-printers,
which are marked as such.
object-regexp is a regular expression matching the objects whose pretty-printers
to list. Objects can be global, the program space’s file (see Section 23.2.2.21
[Progspaces In Python], page 362), and the object files within that program
space (see Section 23.2.2.22 [Objfiles In Python], page 363). See Section 23.2.2.6
[Selecting Pretty-Printers], page 333, for details on how gdb looks up a printer
from these three objects.
name-regexp is a regular expression matching the name of the printers to list.
disable pretty-printer [object-regexp [name-regexp]]
Disable pretty-printers matching object-regexp and name-regexp. A disabled
pretty-printer is not forgotten, it may be enabled again later.
enable pretty-printer [object-regexp [name-regexp]]
Enable pretty-printers matching object-regexp and name-regexp.
Chapter 10: Examining Data 131

Example:
Suppose we have three pretty-printers installed: one from library1.so named foo that
prints objects of type foo, and another from library2.so named bar that prints two types
of objects, bar1 and bar2.
(gdb) info pretty-printer
library1.so:
foo
library2.so:
bar
bar1
bar2
(gdb) info pretty-printer library2
library2.so:
bar
bar1
bar2
(gdb) disable pretty-printer library1
1 printer disabled
2 of 3 printers enabled
(gdb) info pretty-printer
library1.so:
foo [disabled]
library2.so:
bar
bar1
bar2
(gdb) disable pretty-printer library2 bar:bar1
1 printer disabled
1 of 3 printers enabled
(gdb) info pretty-printer library2
library1.so:
foo [disabled]
library2.so:
bar
bar1 [disabled]
bar2
(gdb) disable pretty-printer library2 bar
1 printer disabled
0 of 3 printers enabled
(gdb) info pretty-printer library2
library1.so:
foo [disabled]
library2.so:
bar [disabled]
bar1 [disabled]
bar2
Note that for bar the entire printer can be disabled, as can each individual subprinter.

10.10 Value History

Values printed by the print command are saved in the gdb value history. This allows you
to refer to them in other expressions. Values are kept until the symbol table is re-read or
discarded (for example with the file or symbol-file commands). When the symbol table
changes, the value history is discarded, since the values may contain pointers back to the
types defined in the symbol table.
132 Debugging with gdb

The values printed are given history numbers by which you can refer to them. These
are successive integers starting with one. print shows you the history number assigned to
a value by printing ‘$num = ’ before the value; here num is the history number.
To refer to any previous value, use ‘$’ followed by the value’s history number. The way
print labels its output is designed to remind you of this. Just $ refers to the most recent
value in the history, and $$ refers to the value before that. $$n refers to the nth value from
the end; $$2 is the value just prior to $$, $$1 is equivalent to $$, and $$0 is equivalent to
$.
For example, suppose you have just printed a pointer to a structure and want to see the
contents of the structure. It suffices to type
p *$
If you have a chain of structures where the component next points to the next one, you
can print the contents of the next one with this:
p *$.next
You can print successive links in the chain by repeating this command—which you can do
by just typing RET.
Note that the history records values, not expressions. If the value of x is 4 and you type
these commands:
print x
set x=5
then the value recorded in the value history by the print command remains 4 even though
the value of x has changed.
show values
Print the last ten values in the value history, with their item numbers. This is
like ‘p $$9’ repeated ten times, except that show values does not change the
history.
show values n
Print ten history values centered on history item number n.
show values +
Print ten history values just after the values last printed. If no more values are
available, show values + produces no display.
Pressing RET to repeat show values n has exactly the same effect as ‘show values +’.

10.11 Convenience Variables

gdb provides convenience variables that you can use within gdb to hold on to a value
and refer to it later. These variables exist entirely within gdb; they are not part of your
program, and setting a convenience variable has no direct effect on further execution of your
program. That is why you can use them freely.
Convenience variables are prefixed with ‘$’. Any name preceded by ‘$’ can be used for a
convenience variable, unless it is one of the predefined machine-specific register names (see
Section 10.13 [Registers], page 137). (Value history references, in contrast, are numbers
preceded by ‘$’. See Section 10.10 [Value History], page 131.)
You can save a value in a convenience variable with an assignment expression, just as
you would set a variable in your program. For example:
Chapter 10: Examining Data 133

set $foo = *object_ptr

would save in $foo the value contained in the object pointed to by object_ptr.
Using a convenience variable for the first time creates it, but its value is void until you
assign a new value. You can alter the value with another assignment at any time.
Convenience variables have no fixed types. You can assign a convenience variable any
type of value, including structures and arrays, even if that variable already has a value of
a different type. The convenience variable, when used as an expression, has the type of its
current value.
show convenience
Print a list of convenience variables used so far, and their values, as well as a
list of the convenience functions. Abbreviated show conv.
init-if-undefined $variable = expression
Set a convenience variable if it has not already been set. This is useful for
user-defined commands that keep some state. It is similar, in concept, to using
local static variables with initializers in C (except that convenience variables
are global). It can also be used to allow users to override default values used in
a command script.
If the variable is already defined then the expression is not evaluated so any
side-effects do not occur.
One of the ways to use a convenience variable is as a counter to be incremented or a
pointer to be advanced. For example, to print a field from successive elements of an array
of structures:
set $i = 0
print bar[$i++]->contents
Repeat that command by typing RET.
Some convenience variables are created automatically by gdb and given values likely to
be useful.
$_ The variable $_ is automatically set by the x command to the last address
examined (see Section 10.6 [Examining Memory], page 117). Other commands
which provide a default address for x to examine also set $_ to that address;
these commands include info line and info breakpoint. The type of $_ is
void * except when set by the x command, in which case it is a pointer to the
type of $__.
$__ The variable $__ is automatically set by the x command to the value found in
the last address examined. Its type is chosen to match the format in which the
data was printed.
$_exitcode
When the program being debugged terminates normally, gdb automatically
sets this variable to the exit code of the program, and resets $_exitsignal to
void.
$_exitsignal
When the program being debugged dies due to an uncaught signal, gdb auto-
matically sets this variable to that signal’s number, and resets $_exitcode to
void.
134 Debugging with gdb

To distinguish between whether the program being debugged has exited (i.e.,
$_exitcode is not void) or signalled (i.e., $_exitsignal is not void), the
convenience function $_isvoid can be used (see Section 10.12 [Convenience
Functions], page 135). For example, considering the following source code:
#include <signal.h>

int
main (int argc, char *argv[])
{
raise (SIGALRM);
return 0;
}
A valid way of telling whether the program being debugged has exited or sig-
nalled would be:
(gdb) define has_exited_or_signalled
Type commands for definition of ‘‘has_exited_or_signalled’’.
End with a line saying just ‘‘end’’.
>if $_isvoid ($_exitsignal)
>echo The program has exited\n
>else
>echo The program has signalled\n
>end
>end
(gdb) run
Starting program:

Program terminated with signal SIGALRM, Alarm clock.

The program no longer exists.
(gdb) has_exited_or_signalled
The program has signalled
As can be seen, gdb correctly informs that the program being debugged has
signalled, since it calls raise and raises a SIGALRM signal. If the program being
debugged had not called raise, then gdb would report a normal exit:
(gdb) has_exited_or_signalled
The program has exited
$_exception
The variable $_exception is set to the exception object being thrown at an
exception-related catchpoint. See Section 5.1.3 [Set Catchpoints], page 55.
$_probe_argc
$_probe_arg0...$_probe_arg11
Arguments to a static probe. See Section 5.1.10 [Static Probe Points], page 65.
$_sdata The variable $_sdata contains extra collected static tracepoint data. See
Section 13.1.6 [Tracepoint Action Lists], page 164. Note that $_sdata could
be empty, if not inspecting a trace buffer, or if extra static tracepoint data has
not been collected.
$_siginfo
The variable $_siginfo contains extra signal information (see [extra signal
information], page 75). Note that $_siginfo could be empty, if the application
has not yet received any signals. For example, it will be empty before you
execute the run command.
Chapter 10: Examining Data 135

$_tlb The variable $_tlb is automatically set when debugging applications running
on MS-Windows in native mode or connected to gdbserver that supports the
qGetTIBAddr request. See Section E.4 [General Query Packets], page 611. This
variable contains the address of the thread information block.
On HP-UX systems, if you refer to a function or variable name that begins with a dollar
sign, gdb searches for a user or system name first, before it searches for a convenience
variable.

10.12 Convenience Functions

gdb also supplies some convenience functions. These have a syntax similar to convenience
variables. A convenience function can be used in an expression just like an ordinary function;
however, a convenience function is implemented internally to gdb.
These functions do not require gdb to be configured with Python support, which means
that they are always available.
$_isvoid (expr)
Return one if the expression expr is void. Otherwise it returns zero.
A void expression is an expression where the type of the result is void. For ex-
ample, you can examine a convenience variable (see Section 10.11 [Convenience
Variables], page 132) to check whether it is void:
(gdb) print $_exitcode
$1 = void
(gdb) print $_isvoid ($_exitcode)
$2 = 1
(gdb) run
Starting program: ./a.out
[Inferior 1 (process 29572) exited normally]
(gdb) print $_exitcode
$3 = 0
(gdb) print $_isvoid ($_exitcode)
$4 = 0
In the example above, we used $_isvoid to check whether $_exitcode is void
before and after the execution of the program being debugged. Before the
execution there is no exit code to be examined, therefore $_exitcode is void.
After the execution the program being debugged returned zero, therefore $_
exitcode is zero, which means that it is not void anymore.
The void expression can also be a call of a function from the program being
debugged. For example, given the following function:
void
foo (void)
{
}
The result of calling it inside gdb is void:
(gdb) print foo ()
$1 = void
(gdb) print $_isvoid (foo ())
$2 = 1
(gdb) set $v = foo ()
(gdb) print $v
136 Debugging with gdb

$3 = void
(gdb) print $_isvoid ($v)
$4 = 1

These functions require gdb to be configured with Python support.

$_memeq(buf1, buf2, length)
Returns one if the length bytes at the addresses given by buf1 and buf2 are
equal. Otherwise it returns zero.
$_regex(str, regex)
Returns one if the string str matches the regular expression regex. Otherwise it
returns zero. The syntax of the regular expression is that specified by Python’s
regular expression support.
$_streq(str1, str2)
Returns one if the strings str1 and str2 are equal. Otherwise it returns zero.
$_strlen(str)
Returns the length of string str.
$_caller_is(name[, number_of_frames])
Returns one if the calling function’s name is equal to name. Otherwise it returns
zero.
If the optional argument number of frames is provided, it is the number of
frames up in the stack to look. The default is 1.
Example:
(gdb) backtrace
#0 bottom_func ()
at testsuite/gdb.python/py-caller-is.c:21
#1 0x00000000004005a0 in middle_func ()
at testsuite/gdb.python/py-caller-is.c:27
#2 0x00000000004005ab in top_func ()
at testsuite/gdb.python/py-caller-is.c:33
#3 0x00000000004005b6 in main ()
at testsuite/gdb.python/py-caller-is.c:39
(gdb) print $_caller_is ("middle_func")
$1 = 1
(gdb) print $_caller_is ("top_func", 2)
$1 = 1

$_caller_matches(regexp[, number_of_frames])
Returns one if the calling function’s name matches the regular expression reg-
exp. Otherwise it returns zero.
If the optional argument number of frames is provided, it is the number of
frames up in the stack to look. The default is 1.
$_any_caller_is(name[, number_of_frames])
Returns one if any calling function’s name is equal to name. Otherwise it
returns zero.
If the optional argument number of frames is provided, it is the number of
frames up in the stack to look. The default is 1.
Chapter 10: Examining Data 137

This function differs from $_caller_is in that this function checks all stack
frames from the immediate caller to the frame specified by number of frames,
whereas $_caller_is only checks the frame specified by number of frames.
$_any_caller_matches(regexp[, number_of_frames])
Returns one if any calling function’s name matches the regular expression reg-
exp. Otherwise it returns zero.
If the optional argument number of frames is provided, it is the number of
frames up in the stack to look. The default is 1.
This function differs from $_caller_matches in that this function checks
all stack frames from the immediate caller to the frame specified by
number of frames, whereas $_caller_matches only checks the frame specified
by number of frames.
gdb provides the ability to list and get help on convenience functions.
help function
Print a list of all convenience functions.

10.13 Registers
You can refer to machine register contents, in expressions, as variables with names starting
with ‘$’. The names of registers are different for each machine; use info registers to see
the names used on your machine.
info registers
Print the names and values of all registers except floating-point and vector
registers (in the selected stack frame).
info all-registers
Print the names and values of all registers, including floating-point and vector
registers (in the selected stack frame).
info registers regname ...
Print the relativized value of each specified register regname. As discussed in
detail below, register values are normally relative to the selected stack frame.
The regname may be any register name valid on the machine you are using,
with or without the initial ‘$’.
gdb has four “standard” register names that are available (in expressions) on most
machines—whenever they do not conflict with an architecture’s canonical mnemonics for
registers. The register names $pc and $sp are used for the program counter register and
the stack pointer. $fp is used for a register that contains a pointer to the current stack
frame, and $ps is used for a register that contains the processor status. For example, you
could print the program counter in hex with
p/x $pc
or print the instruction to be executed next with
x/i $pc
or add four to the stack pointer2 with
2
This is a way of removing one word from the stack, on machines where stacks grow downward in memory
(most machines, nowadays). This assumes that the innermost stack frame is selected; setting $sp is not
138 Debugging with gdb

set $sp += 4
Whenever possible, these four standard register names are available on your machine
even though the machine has different canonical mnemonics, so long as there is no conflict.
The info registers command shows the canonical names. For example, on the SPARC,
info registers displays the processor status register as $psr but you can also refer to it
as $ps; and on x86-based machines $ps is an alias for the eflags register.
gdb always considers the contents of an ordinary register as an integer when the register
is examined in this way. Some machines have special registers which can hold nothing but
floating point; these registers are considered to have floating point values. There is no way
to refer to the contents of an ordinary register as floating point value (although you can
print it as a floating point value with ‘print/f $regname’).
Some registers have distinct “raw” and “virtual” data formats. This means that the data
format in which the register contents are saved by the operating system is not the same
one that your program normally sees. For example, the registers of the 68881 floating point
coprocessor are always saved in “extended” (raw) format, but all C programs expect to work
with “double” (virtual) format. In such cases, gdb normally works with the virtual format
only (the format that makes sense for your program), but the info registers command
prints the data in both formats.
Some machines have special registers whose contents can be interpreted in several differ-
ent ways. For example, modern x86-based machines have SSE and MMX registers that can
hold several values packed together in several different formats. gdb refers to such registers
in struct notation:
(gdb) print $xmm1
$1 = {
v4_float = {0, 3.43859137e-038, 1.54142831e-044, 1.821688e-044},
v2_double = {9.92129282474342e-303, 2.7585945287983262e-313},
v16_int8 = "\000\000\000\000\3706;\001\v\000\000\000\r\000\000",
v8_int16 = {0, 0, 14072, 315, 11, 0, 13, 0},
v4_int32 = {0, 20657912, 11, 13},
v2_int64 = {88725056443645952, 55834574859},
uint128 = 0x0000000d0000000b013b36f800000000
}
To set values of such registers, you need to tell gdb which view of the register you wish to
change, as if you were assigning value to a struct member:
(gdb) set $xmm1.uint128 = 0x000000000000000000000000FFFFFFFF
Normally, register values are relative to the selected stack frame (see Section 8.4 [Select-
ing a Frame], page 97). This means that you get the value that the register would contain
if all stack frames farther in were exited and their saved registers restored. In order to see
the true contents of hardware registers, you must select the innermost frame (with ‘frame
0’).
Usually ABIs reserve some registers as not needed to be saved by the callee (a.k.a.:
“caller-saved”, “call-clobbered” or “volatile” registers). It may therefore not be possible for
gdb to know the value a register had before the call (in other words, in the outer frame),
if the register value has since been changed by the callee. gdb tries to deduce where

allowed when other stack frames are selected. To pop entire frames off the stack, regardless of machine
architecture, use return; see Section 17.4 [Returning from a Function], page 224.
Chapter 10: Examining Data 139

the inner frame saved (“callee-saved”) registers, from the debug info, unwind info, or the
machine code generated by your compiler. If some register is not saved, and gdb knows the
register is “caller-saved” (via its own knowledge of the ABI, or because the debug/unwind
info explicitly says the register’s value is undefined), gdb displays ‘<not saved>’ as the
register’s value. With targets that gdb has no knowledge of the register saving convention,
if a register was not saved by the callee, then its value and location in the outer frame are
assumed to be the same of the inner frame. This is usually harmless, because if the register
is call-clobbered, the caller either does not care what is in the register after the call, or has
code to restore the value that it does care about. Note, however, that if you change such
a register in the outer frame, you may also be affecting the inner frame. Also, the more
“outer” the frame is you’re looking at, the more likely a call-clobbered register’s value is
to be wrong, in the sense that it doesn’t actually represent the value the register had just
before the call.

10.14 Floating Point Hardware

Depending on the configuration, gdb may be able to give you more information about the
status of the floating point hardware.
info float
Display hardware-dependent information about the floating point unit. The
exact contents and layout vary depending on the floating point chip. Currently,
‘info float’ is supported on the ARM and x86 machines.

10.15 Vector Unit

Depending on the configuration, gdb may be able to give you more information about the
status of the vector unit.
info vector
Display information about the vector unit. The exact contents and layout vary
depending on the hardware.

10.16 Operating System Auxiliary Information

gdb provides interfaces to useful OS facilities that can help you debug your program.
Some operating systems supply an auxiliary vector to programs at startup. This is akin
to the arguments and environment that you specify for a program, but contains a system-
dependent variety of binary values that tell system libraries important details about the
hardware, operating system, and process. Each value’s purpose is identified by an inte-
ger tag; the meanings are well-known but system-specific. Depending on the configuration
and operating system facilities, gdb may be able to show you this information. For re-
mote targets, this functionality may further depend on the remote stub’s support of the
‘qXfer:auxv:read’ packet, see [qXfer auxiliary vector read], page 625.
info auxv Display the auxiliary vector of the inferior, which can be either a live process
or a core dump file. gdb prints each tag value numerically, and also shows
names and text descriptions for recognized tags. Some values in the vector are
numbers, some bit masks, and some pointers to strings or other data. gdb
140 Debugging with gdb

displays each value in the most appropriate form for a recognized tag, and in
hexadecimal for an unrecognized tag.
On some targets, gdb can access operating system-specific information and show it to
you. The types of information available will differ depending on the type of operating system
running on the target. The mechanism used to fetch the data is described in Appendix H
[Operating System Information], page 685. For remote targets, this functionality depends
on the remote stub’s support of the ‘qXfer:osdata:read’ packet, see [qXfer osdata read],
page 628.
info os infotype
Display OS information of the requested type.
On gnu/Linux, the following values of infotype are valid:
processes
Display the list of processes on the target. For each process, gdb
prints the process identifier, the name of the user, the command
corresponding to the process, and the list of processor cores that
the process is currently running on. (To understand what these
properties mean, for this and the following info types, please consult
the general gnu/Linux documentation.)
procgroups
Display the list of process groups on the target. For each process,
gdb prints the identifier of the process group that it belongs to, the
command corresponding to the process group leader, the process
identifier, and the command line of the process. The list is sorted
first by the process group identifier, then by the process identifier,
so that processes belonging to the same process group are grouped
together and the process group leader is listed first.
threads Display the list of threads running on the target. For each thread,
gdb prints the identifier of the process that the thread belongs to,
the command of the process, the thread identifier, and the processor
core that it is currently running on. The main thread of a process
is not listed.
files Display the list of open file descriptors on the target. For each
file descriptor, gdb prints the identifier of the process owning the
descriptor, the command of the owning process, the value of the
descriptor, and the target of the descriptor.
sockets Display the list of Internet-domain sockets on the target. For each
socket, gdb prints the address and port of the local and remote
endpoints, the current state of the connection, the creator of the
socket, the IP address family of the socket, and the type of the
connection.
shm Display the list of all System V shared-memory regions on the tar-
get. For each shared-memory region, gdb prints the region key,
the shared-memory identifier, the access permissions, the size of
Chapter 10: Examining Data 141

the region, the process that created the region, the process that
last attached to or detached from the region, the current number of
live attaches to the region, and the times at which the region was
last attached to, detach from, and changed.
semaphores
Display the list of all System V semaphore sets on the target.
For each semaphore set, gdb prints the semaphore set key, the
semaphore set identifier, the access permissions, the number of
semaphores in the set, the user and group of the owner and creator
of the semaphore set, and the times at which the semaphore set
was operated upon and changed.
msg Display the list of all System V message queues on the target. For
each message queue, gdb prints the message queue key, the message
queue identifier, the access permissions, the current number of bytes
on the queue, the current number of messages on the queue, the
processes that last sent and received a message on the queue, the
user and group of the owner and creator of the message queue, the
times at which a message was last sent and received on the queue,
and the time at which the message queue was last changed.
modules Display the list of all loaded kernel modules on the target. For
each module, gdb prints the module name, the size of the module
in bytes, the number of times the module is used, the dependencies
of the module, the status of the module, and the address of the
loaded module in memory.
info os If infotype is omitted, then list the possible values for infotype and the kind of
OS information available for each infotype. If the target does not return a list
of possible types, this command will report an error.

10.17 Memory Region Attributes

Memory region attributes allow you to describe special handling required by regions of
your target’s memory. gdb uses attributes to determine whether to allow certain types
of memory accesses; whether to use specific width accesses; and whether to cache target
memory. By default the description of memory regions is fetched from the target (if the
current target supports this), but the user can override the fetched regions.
Defined memory regions can be individually enabled and disabled. When a memory
region is disabled, gdb uses the default attributes when accessing memory in that region.
Similarly, if no memory regions have been defined, gdb uses the default attributes when
accessing all memory.
When a memory region is defined, it is given a number to identify it; to enable, disable,
or remove a memory region, you specify that number.
mem lower upper attributes...
Define a memory region bounded by lower and upper with attributes
attributes . . . , and add it to the list of regions monitored by gdb. Note that
142 Debugging with gdb

upper == 0 is a special case: it is treated as the target’s maximum memory

address. (0xffff on 16 bit targets, 0xffffffff on 32 bit targets, etc.)
mem auto Discard any user changes to the memory regions and use target-supplied regions,
if available, or no regions if the target does not support.
delete mem nums...
Remove memory regions nums . . . from the list of regions monitored by gdb.
disable mem nums...
Disable monitoring of memory regions nums . . . . A disabled memory region is
not forgotten. It may be enabled again later.
enable mem nums...
Enable monitoring of memory regions nums . . . .
info mem Print a table of all defined memory regions, with the following columns for each
region:
Memory Region Number
Enabled or Disabled.
Enabled memory regions are marked with ‘y’. Disabled memory
regions are marked with ‘n’.
Lo Address
The address defining the inclusive lower bound of the memory re-
gion.
Hi Address
The address defining the exclusive upper bound of the memory
region.
Attributes The list of attributes set for this memory region.

10.17.1 Attributes
10.17.1.1 Memory Access Mode
The access mode attributes set whether gdb may make read or write accesses to a memory
region.
While these attributes prevent gdb from performing invalid memory accesses, they do
nothing to prevent the target system, I/O DMA, etc. from accessing memory.
ro Memory is read only.
wo Memory is write only.
rw Memory is read/write. This is the default.

10.17.1.2 Memory Access Size

The access size attribute tells gdb to use specific sized accesses in the memory region. Often
memory mapped device registers require specific sized accesses. If no access size attribute
is specified, gdb may use accesses of any size.
8 Use 8 bit memory accesses.
Chapter 10: Examining Data 143

16 Use 16 bit memory accesses.

32 Use 32 bit memory accesses.
64 Use 64 bit memory accesses.

10.17.1.3 Data Cache

The data cache attributes set whether gdb will cache target memory. While this generally
improves performance by reducing debug protocol overhead, it can lead to incorrect results
because gdb does not know about volatile variables or memory mapped device registers.
cache Enable gdb to cache target memory.
nocache Disable gdb from caching target memory. This is the default.

10.17.2 Memory Access Checking

gdb can be instructed to refuse accesses to memory that is not explicitly described. This
can be useful if accessing such regions has undesired effects for a specific target, or to provide
better error checking. The following commands control this behaviour.
set mem inaccessible-by-default [on|off]
If on is specified, make gdb treat memory not explicitly described by the mem-
ory ranges as non-existent and refuse accesses to such memory. The checks are
only performed if there’s at least one memory range defined. If off is specified,
make gdb treat the memory not explicitly described by the memory ranges as
RAM. The default value is on.
show mem inaccessible-by-default
Show the current handling of accesses to unknown memory.

10.18 Copy Between Memory and a File

You can use the commands dump, append, and restore to copy data between target memory
and a file. The dump and append commands write data to a file, and the restore command
reads data from a file back into the inferior’s memory. Files may be in binary, Motorola
S-record, Intel hex, or Tektronix Hex format; however, gdb can only append to binary files.
dump [format] memory filename start_addr end_addr
dump [format] value filename expr
Dump the contents of memory from start addr to end addr, or the value of
expr, to filename in the given format.
The format parameter may be any one of:
binary Raw binary form.
ihex Intel hex format.
srec Motorola S-record format.
tekhex Tektronix Hex format.
gdb uses the same definitions of these formats as the gnu binary utilities, like
‘objdump’ and ‘objcopy’. If format is omitted, gdb dumps the data in raw
binary form.
144 Debugging with gdb

append [binary] memory filename start_addr end_addr

append [binary] value filename expr
Append the contents of memory from start addr to end addr, or the value of
expr, to the file filename, in raw binary form. (gdb can only append data to
files in raw binary form.)
restore filename [binary] bias start end
Restore the contents of file filename into memory. The restore command can
automatically recognize any known bfd file format, except for raw binary. To
restore a raw binary file you must specify the optional keyword binary after
the filename.
If bias is non-zero, its value will be added to the addresses contained in the file.
Binary files always start at address zero, so they will be restored at address
bias. Other bfd files have a built-in location; they will be restored at offset bias
from that location.
If start and/or end are non-zero, then only data between file offset start and
file offset end will be restored. These offsets are relative to the addresses in the
file, before the bias argument is applied.

10.19 How to Produce a Core File from Your Program

A core file or core dump is a file that records the memory image of a running process
and its process status (register values etc.). Its primary use is post-mortem debugging of a
program that crashed while it ran outside a debugger. A program that crashes automatically
produces a core file, unless this feature is disabled by the user. See Section 18.1 [Files],
page 231, for information on invoking gdb in the post-mortem debugging mode.
Occasionally, you may wish to produce a core file of the program you are debugging in
order to preserve a snapshot of its state. gdb has a special command for that.
generate-core-file [file]
gcore [file]
Produce a core dump of the inferior process. The optional argument file specifies
the file name where to put the core dump. If not specified, the file name defaults
to ‘core.pid’, where pid is the inferior process ID.
Note that this command is implemented only for some systems (as of this
writing, gnu/Linux, FreeBSD, Solaris, and S390).

10.20 Character Sets

If the program you are debugging uses a different character set to represent characters and
strings than the one gdb uses itself, gdb can automatically translate between the character
sets for you. The character set gdb uses we call the host character set; the one the inferior
program uses we call the target character set.
For example, if you are running gdb on a gnu/Linux system, which uses the ISO Latin
1 character set, but you are using gdb’s remote protocol (see Chapter 20 [Remote Debug-
ging], page 251) to debug a program running on an IBM mainframe, which uses the ebcdic
character set, then the host character set is Latin-1, and the target character set is ebcdic.
Chapter 10: Examining Data 145

If you give gdb the command set target-charset EBCDIC-US, then gdb translates be-
tween ebcdic and Latin 1 as you print character or string values, or use character and
string literals in expressions.
gdb has no way to automatically recognize which character set the inferior program
uses; you must tell it, using the set target-charset command, described below.
Here are the commands for controlling gdb’s character set support:
set target-charset charset
Set the current target character set to charset. To display the list of supported
target character sets, type set target-charset TABTAB.
set host-charset charset
Set the current host character set to charset.
By default, gdb uses a host character set appropriate to the system it is run-
ning on; you can override that default using the set host-charset command.
On some systems, gdb cannot automatically determine the appropriate host
character set. In this case, gdb uses ‘UTF-8’.
gdb can only use certain character sets as its host character set. If you type
set host-charset TABTAB, gdb will list the host character sets it supports.
set charset charset
Set the current host and target character sets to charset. As above, if you type
set charset TABTAB, gdb will list the names of the character sets that can be
used for both host and target.
show charset
Show the names of the current host and target character sets.
show host-charset
Show the name of the current host character set.
show target-charset
Show the name of the current target character set.
set target-wide-charset charset
Set the current target’s wide character set to charset. This is the character
set used by the target’s wchar_t type. To display the list of supported wide
character sets, type set target-wide-charset TABTAB.
show target-wide-charset
Show the name of the current target’s wide character set.
Here is an example of gdb’s character set support in action. Assume that the following
source code has been placed in the file ‘charset-test.c’:
#include <stdio.h>

char ascii_hello[]
= {72, 101, 108, 108, 111, 44, 32, 119,
111, 114, 108, 100, 33, 10, 0};
char ibm1047_hello[]
= {200, 133, 147, 147, 150, 107, 64, 166,
150, 153, 147, 132, 90, 37, 0};
146 Debugging with gdb

main ()
{
printf ("Hello, world!\n");
}
In this program, ascii_hello and ibm1047_hello are arrays containing the string
‘Hello, world!’ followed by a newline, encoded in the ascii and ibm1047 character sets.
We compile the program, and invoke the debugger on it:
$ gcc -g charset-test.c -o charset-test
$ gdb -nw charset-test
GNU gdb 2001-12-19-cvs
Copyright 2001 Free Software Foundation, Inc.
...
(gdb)
We can use the show charset command to see what character sets gdb is currently
using to interpret and display characters and strings:
(gdb) show charset
The current host and target character set is ‘ISO-8859-1’.
(gdb)
For the sake of printing this manual, let’s use ascii as our initial character set:
(gdb) set charset ASCII
(gdb) show charset
The current host and target character set is ‘ASCII’.
(gdb)
Let’s assume that ascii is indeed the correct character set for our host system — in
other words, let’s assume that if gdb prints characters using the ascii character set, our
terminal will display them properly. Since our current target character set is also ascii, the
contents of ascii_hello print legibly:
(gdb) print ascii_hello
$1 = 0x401698 "Hello, world!\n"
(gdb) print ascii_hello[0]
$2 = 72 ’H’
(gdb)
gdb uses the target character set for character and string literals you use in expressions:
(gdb) print ’+’
$3 = 43 ’+’
(gdb)
The ascii character set uses the number 43 to encode the ‘+’ character.
gdb relies on the user to tell it which character set the target program uses. If we print
ibm1047_hello while our target character set is still ascii, we get jibberish:
(gdb) print ibm1047_hello
$4 = 0x4016a8 "\310\205\223\223\226k@\246\226\231\223\204Z%"
(gdb) print ibm1047_hello[0]
$5 = 200 ’\310’
(gdb)
If we invoke the set target-charset followed by TABTAB, gdb tells us the character
sets it supports:
(gdb) set target-charset
ASCII EBCDIC-US IBM1047 ISO-8859-1
(gdb) set target-charset
Chapter 10: Examining Data 147

We can select ibm1047 as our target character set, and examine the program’s strings
again. Now the ascii string is wrong, but gdb translates the contents of ibm1047_hello
from the target character set, ibm1047, to the host character set, ascii, and they display
correctly:
(gdb) set target-charset IBM1047
(gdb) show charset
The current host character set is ‘ASCII’.
The current target character set is ‘IBM1047’.
(gdb) print ascii_hello
$6 = 0x401698 "\110\145%%?\054\040\167?\162%\144\041\012"
(gdb) print ascii_hello[0]
$7 = 72 ’\110’
(gdb) print ibm1047_hello
$8 = 0x4016a8 "Hello, world!\n"
(gdb) print ibm1047_hello[0]
$9 = 200 ’H’
(gdb)
As above, gdb uses the target character set for character and string literals you use in
expressions:
(gdb) print ’+’
$10 = 78 ’+’
(gdb)
The ibm1047 character set uses the number 78 to encode the ‘+’ character.

10.21 Caching Data of Targets

gdb caches data exchanged between the debugger and a target. Each cache is associated
with the address space of the inferior. See Section 4.9 [Inferiors and Programs], page 33,
about inferior and address space. Such caching generally improves performance in remote
debugging (see Chapter 20 [Remote Debugging], page 251), because it reduces the overhead
of the remote protocol by bundling memory reads and writes into large chunks. Unfor-
tunately, simply caching everything would lead to incorrect results, since gdb does not
necessarily know anything about volatile values, memory-mapped I/O addresses, etc. Fur-
thermore, in non-stop mode (see Section 5.5.2 [Non-Stop Mode], page 77) memory can be
changed while a gdb command is executing. Therefore, by default, gdb only caches data
known to be on the stack3 or in the code segment. Other regions of memory can be explicitly
marked as cacheable; see Section 10.17 [Memory Region Attributes], page 141.
set remotecache on
set remotecache off
This option no longer does anything; it exists for compatibility with old scripts.
show remotecache
Show the current state of the obsolete remotecache flag.
set stack-cache on
set stack-cache off
Enable or disable caching of stack accesses. When on, use caching. By default,
this option is on.
3
In non-stop mode, it is moderately rare for a running thread to modify the stack of a stopped thread in
a way that would interfere with a backtrace, and caching of stack reads provides a significant speed up
of remote backtraces.
148 Debugging with gdb

show stack-cache
Show the current state of data caching for memory accesses.
set code-cache on
set code-cache off
Enable or disable caching of code segment accesses. When on, use caching. By
default, this option is on. This improves performance of disassembly in remote
debugging.
show code-cache
Show the current state of target memory cache for code segment accesses.
info dcache [line]
Print the information about the performance of data cache of the current infe-
rior’s address space. The information displayed includes the dcache width and
depth, and for each cache line, its number, address, and how many times it was
referenced. This command is useful for debugging the data cache operation.
If a line number is specified, the contents of that line will be printed in hex.
set dcache size size
Set maximum number of entries in dcache (dcache depth above).
set dcache line-size line-size
Set number of bytes each dcache entry caches (dcache width above). Must be
a power of 2.
show dcache size
Show maximum number of dcache entries. See Section 10.21 [Caching Target
Data], page 147.
show dcache line-size
Show default size of dcache lines.

10.22 Search Memory

Memory can be searched for a particular sequence of bytes with the find command.
find [/sn] start_addr, +len, val1 [, val2, ...]
find [/sn] start_addr, end_addr, val1 [, val2, ...]
Search memory for the sequence of bytes specified by val1, val2, etc. The search
begins at address start addr and continues for either len bytes or through to
end addr inclusive.
s and n are optional parameters. They may be specified in either order, apart or together.
s, search query size
The size of each search query value.
b bytes
h halfwords (two bytes)
w words (four bytes)
g giant words (eight bytes)
Chapter 10: Examining Data 149

All values are interpreted in the current language. This means, for example,
that if the current source language is C/C++ then searching for the string “hello”
includes the trailing ’\0’.
If the value size is not specified, it is taken from the value’s type in the current
language. This is useful when one wants to specify the search pattern as a
mixture of types. Note that this means, for example, that in the case of C-like
languages a search for an untyped 0x42 will search for ‘(int) 0x42’ which is
typically four bytes.
n, maximum number of finds
The maximum number of matches to print. The default is to print all finds.
You can use strings as search values. Quote them with double-quotes ("). The string
value is copied into the search pattern byte by byte, regardless of the endianness of the
target and the size specification.
The address of each match found is printed as well as a count of the number of matches
found.
The address of the last value found is stored in convenience variable ‘$_’. A count of the
number of matches is stored in ‘$numfound’.
For example, if stopped at the printf in this function:
void
hello ()
{
static char hello[] = "hello-hello";
static struct { char c; short s; int i; }
__attribute__ ((packed)) mixed
= { ’c’, 0x1234, 0x87654321 };
printf ("%s\n", hello);
}
you get during debugging:
(gdb) find &hello[0], +sizeof(hello), "hello"
0x804956d <hello.1620+6>
1 pattern found
(gdb) find &hello[0], +sizeof(hello), ’h’, ’e’, ’l’, ’l’, ’o’
0x8049567 <hello.1620>
0x804956d <hello.1620+6>
2 patterns found
(gdb) find /b1 &hello[0], +sizeof(hello), ’h’, 0x65, ’l’
0x8049567 <hello.1620>
1 pattern found
(gdb) find &mixed, +sizeof(mixed), (char) ’c’, (short) 0x1234, (int) 0x87654321
0x8049560 <mixed.1625>
1 pattern found
(gdb) print $numfound
$1 = 1
(gdb) print $_
$2 = (void *) 0x8049560
Chapter 11: Debugging Optimized Code 151

11 Debugging Optimized Code

Almost all compilers support optimization. With optimization disabled, the compiler gen-
erates assembly code that corresponds directly to your source code, in a simplistic way.
As the compiler applies more powerful optimizations, the generated assembly code diverges
from your original source code. With help from debugging information generated by the
compiler, gdb can map from the running program back to constructs from your original
source.
gdb is more accurate with optimization disabled. If you can recompile without opti-
mization, it is easier to follow the progress of your program during debugging. But, there
are many cases where you may need to debug an optimized version.
When you debug a program compiled with ‘-g -O’, remember that the optimizer has
rearranged your code; the debugger shows you what is really there. Do not be too surprised
when the execution path does not exactly match your source file! An extreme example: if
you define a variable, but never use it, gdb never sees that variable—because the compiler
optimizes it out of existence.
Some things do not work as well with ‘-g -O’ as with just ‘-g’, particularly on machines
with instruction scheduling. If in doubt, recompile with ‘-g’ alone, and if this fixes the
problem, please report it to us as a bug (including a test case!). See Section 10.3 [Variables],
page 113, for more information about debugging optimized code.

11.1 Inline Functions

Inlining is an optimization that inserts a copy of the function body directly at each call site,
instead of jumping to a shared routine. gdb displays inlined functions just like non-inlined
functions. They appear in backtraces. You can view their arguments and local variables,
step into them with step, skip them with next, and escape from them with finish. You
can check whether a function was inlined by using the info frame command.
For gdb to support inlined functions, the compiler must record information about in-
lining in the debug information — gcc using the dwarf 2 format does this, and sev-
eral other compilers do also. gdb only supports inlined functions when using dwarf 2.
Versions of gcc before 4.1 do not emit two required attributes (‘DW_AT_call_file’ and
‘DW_AT_call_line’); gdb does not display inlined function calls with earlier versions of
gcc. It instead displays the arguments and local variables of inlined functions as local
variables in the caller.
The body of an inlined function is directly included at its call site; unlike a non-inlined
function, there are no instructions devoted to the call. gdb still pretends that the call site
and the start of the inlined function are different instructions. Stepping to the call site
shows the call site, and then stepping again shows the first line of the inlined function, even
though no additional instructions are executed.
This makes source-level debugging much clearer; you can see both the context of the call
and then the effect of the call. Only stepping by a single instruction using stepi or nexti
does not do this; single instruction steps always show the inlined body.
There are some ways that gdb does not pretend that inlined function calls are the same
as normal calls:
152 Debugging with gdb

• Setting breakpoints at the call site of an inlined function may not work, because the
call site does not contain any code. gdb may incorrectly move the breakpoint to the
next line of the enclosing function, after the call. This limitation will be removed in
a future version of gdb; until then, set a breakpoint on an earlier line or inside the
inlined function instead.
• gdb cannot locate the return value of inlined calls after using the finish command.
This is a limitation of compiler-generated debugging information; after finish, you
can step to the next line and print a variable where your program stored the return
value.

11.2 Tail Call Frames

Function B can call function C in its very last statement. In unoptimized compilation the
call of C is immediately followed by return instruction at the end of B code. Optimizing
compiler may replace the call and return in function B into one jump to function C instead.
Such use of a jump instruction is called tail call.
During execution of function C, there will be no indication in the function call stack
frames that it was tail-called from B. If function A regularly calls function B which tail-calls
function C, then gdb will see A as the caller of C. However, in some cases gdb can determine
that C was tail-called from B, and it will then create fictitious call frame for that, with the
return address set up as if B called C normally.
This functionality is currently supported only by DWARF 2 debugging format and the
compiler has to produce ‘DW_TAG_GNU_call_site’ tags. With gcc, you need to specify ‘-O
-g’ during compilation, to get this information.
info frame command (see Section 8.5 [Frame Info], page 98) will indicate the tail call
frame kind by text tail call frame such as in this sample gdb output:
(gdb) x/i $pc - 2
0x40066b <b(int, double)+11>: jmp 0x400640 <c(int, double)>
(gdb) info frame
Stack level 1, frame at 0x7fffffffda30:
rip = 0x40066d in b (amd64-entry-value.cc:59); saved rip 0x4004c5
tail call frame, caller of frame at 0x7fffffffda30
source language c++.
Arglist at unknown address.
Locals at unknown address, Previous frame’s sp is 0x7fffffffda30

The detection of all the possible code path executions can find them ambiguous. There is
no execution history stored (possible Chapter 6 [Reverse Execution], page 83 is never used
for this purpose) and the last known caller could have reached the known callee by multiple
different jump sequences. In such case gdb still tries to show at least all the unambiguous
top tail callers and all the unambiguous bottom tail calees, if any.

set debug entry-values

When set to on, enables printing of analysis messages for both frame argument
values at function entry and tail calls. It will show all the possible valid tail
calls code paths it has considered. It will also print the intersection of them
with the final unambiguous (possibly partial or even empty) code path result.
Chapter 11: Debugging Optimized Code 153

show debug entry-values

Show the current state of analysis messages printing for both frame argument
values at function entry and tail calls.
The analysis messages for tail calls can for example show why the virtual tail call frame
for function c has not been recognized (due to the indirect reference by variable x):
static void __attribute__((noinline, noclone)) c (void);
void (*x) (void) = c;
static void __attribute__((noinline, noclone)) a (void) { x++; }
static void __attribute__((noinline, noclone)) c (void) { a (); }
int main (void) { x (); return 0; }

Breakpoint 1, DW_OP_GNU_entry_value resolving cannot find

DW_TAG_GNU_call_site 0x40039a in main
a () at t.c:3
3 static void __attribute__((noinline, noclone)) a (void) { x++; }
(gdb) bt
#0 a () at t.c:3
#1 0x000000000040039a in main () at t.c:5
Another possibility is an ambiguous virtual tail call frames resolution:
int i;
static void __attribute__((noinline, noclone)) f (void) { i++; }
static void __attribute__((noinline, noclone)) e (void) { f (); }
static void __attribute__((noinline, noclone)) d (void) { f (); }
static void __attribute__((noinline, noclone)) c (void) { d (); }
static void __attribute__((noinline, noclone)) b (void)
{ if (i) c (); else e (); }
static void __attribute__((noinline, noclone)) a (void) { b (); }
int main (void) { a (); return 0; }

tailcall: initial: 0x4004d2(a) 0x4004ce(b) 0x4004b2(c) 0x4004a2(d)

tailcall: compare: 0x4004d2(a) 0x4004cc(b) 0x400492(e)
tailcall: reduced: 0x4004d2(a) |
(gdb) bt
#0 f () at t.c:2
#1 0x00000000004004d2 in a () at t.c:8
#2 0x0000000000400395 in main () at t.c:9
Frames #0 and #2 are real, #1 is a virtual tail call frame. The code can have possible
execution paths main->a->b->c->d->f or main->a->b->e->f, gdb cannot find which one
from the inferior state.
initial: state shows some random possible calling sequence gdb has found. It then
finds another possible calling sequcen - that one is prefixed by compare:. The non-
ambiguous intersection of these two is printed as the reduced: calling sequence. That
one could have many futher compare: and reduced: statements as long as there remain
any non-ambiguous sequence entries.
For the frame of function b in both cases there are different possible $pc values (0x4004cc
or 0x4004ce), therefore this frame is also ambigous. The only non-ambiguous frame is the
one for function a, therefore this one is displayed to the user while the ambiguous frames
are omitted.
There can be also reasons why printing of frame argument values at function entry may
fail:
int v;
154 Debugging with gdb

static void __attribute__((noinline, noclone)) c (int i) { v++; }

static void __attribute__((noinline, noclone)) a (int i);
static void __attribute__((noinline, noclone)) b (int i) { a (i); }
static void __attribute__((noinline, noclone)) a (int i)
{ if (i) b (i - 1); else c (0); }
int main (void) { a (5); return 0; }

(gdb) bt
#0 c (i=i@entry=0) at t.c:2
#1 0x0000000000400428 in a (DW_OP_GNU_entry_value resolving has found
function "a" at 0x400420 can call itself via tail calls
i=<optimized out>) at t.c:6
#2 0x000000000040036e in main () at t.c:7
gdb cannot find out from the inferior state if and how many times did function a call
itself (via function b) as these calls would be tail calls. Such tail calls would modify thue
i variable, therefore gdb cannot be sure the value it knows would be right - gdb prints
<optimized out> instead.
Chapter 12: C Preprocessor Macros 155

12 C Preprocessor Macros
Some languages, such as C and C++, provide a way to define and invoke “preprocessor
macros” which expand into strings of tokens. gdb can evaluate expressions containing
macro invocations, show the result of macro expansion, and show a macro’s definition,
including where it was defined.
You may need to compile your program specially to provide gdb with information about
preprocessor macros. Most compilers do not include macros in their debugging information,
even when you compile with the ‘-g’ flag. See Section 4.1 [Compilation], page 25.
A program may define a macro at one point, remove that definition later, and then
provide a different definition after that. Thus, at different points in the program, a macro
may have different definitions, or have no definition at all. If there is a current stack frame,
gdb uses the macros in scope at that frame’s source code line. Otherwise, gdb uses the
macros in scope at the current listing location; see Section 9.1 [List], page 99.
Whenever gdb evaluates an expression, it always expands any macro invocations present
in the expression. gdb also provides the following commands for working with macros
explicitly.
macro expand expression
macro exp expression
Show the results of expanding all preprocessor macro invocations in expression.
Since gdb simply expands macros, but does not parse the result, expression
need not be a valid expression; it can be any string of tokens.
macro expand-once expression
macro exp1 expression
(This command is not yet implemented.) Show the results of expanding those
preprocessor macro invocations that appear explicitly in expression. Macro
invocations appearing in that expansion are left unchanged. This command
allows you to see the effect of a particular macro more clearly, without being
confused by further expansions. Since gdb simply expands macros, but does
not parse the result, expression need not be a valid expression; it can be any
string of tokens.
info macro [-a|-all] [--] macro
Show the current definition or all definitions of the named macro, and describe
the source location or compiler command-line where that definition was estab-
lished. The optional double dash is to signify the end of argument processing
and the beginning of macro for non C-like macros where the macro may begin
with a hyphen.
info macros linespec
Show all macro definitions that are in effect at the location specified by line-
spec, and describe the source location or compiler command-line where those
definitions were established.
macro define macro replacement-list
macro define macro(arglist) replacement-list
Introduce a definition for a preprocessor macro named macro, invocations of
which are replaced by the tokens given in replacement-list. The first form of
156 Debugging with gdb

this command defines an “object-like” macro, which takes no arguments; the

second form defines a “function-like” macro, which takes the arguments given
in arglist.
A definition introduced by this command is in scope in every expression eval-
uated in gdb, until it is removed with the macro undef command, described
below. The definition overrides all definitions for macro present in the program
being debugged, as well as any previous user-supplied definition.
macro undef macro
Remove any user-supplied definition for the macro named macro. This com-
mand only affects definitions provided with the macro define command, de-
scribed above; it cannot remove definitions present in the program being de-
bugged.
macro list
List all the macros defined using the macro define command.
Here is a transcript showing the above commands in action. First, we show our source
files:
$ cat sample.c
#include <stdio.h>
#include "sample.h"

#define M 42
#define ADD(x) (M + x)

main ()
{
#define N 28
printf ("Hello, world!\n");
#undef N
printf ("We’re so creative.\n");
#define N 1729
printf ("Goodbye, world!\n");
}
$ cat sample.h
#define Q <
$
Now, we compile the program using the gnu C compiler, gcc. We pass the ‘-gdwarf-2’1
and ‘-g3’ flags to ensure the compiler includes information about preprocessor macros in
the debugging information.
$ gcc -gdwarf-2 -g3 sample.c -o sample
$
Now, we start gdb on our sample program:
$ gdb -nw sample
GNU gdb 2002-05-06-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, ...
(gdb)

1
This is the minimum. Recent versions of gcc support ‘-gdwarf-3’ and ‘-gdwarf-4’; we recommend
always choosing the most recent version of DWARF.
Chapter 12: C Preprocessor Macros 157

We can expand macros and examine their definitions, even when the program is not
running. gdb uses the current listing position to decide which macro definitions are in
scope:
(gdb) list main
3
4 #define M 42
5 #define ADD(x) (M + x)
6
7 main ()
8 {
9 #define N 28
10 printf ("Hello, world!\n");
11 #undef N
12 printf ("We’re so creative.\n");
(gdb) info macro ADD
Defined at /home/jimb/gdb/macros/play/sample.c:5
#define ADD(x) (M + x)
(gdb) info macro Q
Defined at /home/jimb/gdb/macros/play/sample.h:1
included at /home/jimb/gdb/macros/play/sample.c:2
#define Q <
(gdb) macro expand ADD(1)
expands to: (42 + 1)
(gdb) macro expand-once ADD(1)
expands to: once (M + 1)
(gdb)
In the example above, note that macro expand-once expands only the macro invocation
explicit in the original text — the invocation of ADD — but does not expand the invocation
of the macro M, which was introduced by ADD.
Once the program is running, gdb uses the macro definitions in force at the source line
of the current stack frame:
(gdb) break main
Breakpoint 1 at 0x8048370: file sample.c, line 10.
(gdb) run
Starting program: /home/jimb/gdb/macros/play/sample

Breakpoint 1, main () at sample.c:10

10 printf ("Hello, world!\n");
(gdb)
At line 10, the definition of the macro N at line 9 is in force:
(gdb) info macro N
Defined at /home/jimb/gdb/macros/play/sample.c:9
#define N 28
(gdb) macro expand N Q M
expands to: 28 < 42
(gdb) print N Q M
$1 = 1
(gdb)
As we step over directives that remove N’s definition, and then give it a new definition,
gdb finds the definition (or lack thereof) in force at each point:
(gdb) next
Hello, world!
12 printf ("We’re so creative.\n");
(gdb) info macro N
158 Debugging with gdb

The symbol ‘N’ has no definition as a C/C++ preprocessor macro

at /home/jimb/gdb/macros/play/sample.c:12
(gdb) next
We’re so creative.
14 printf ("Goodbye, world!\n");
(gdb) info macro N
Defined at /home/jimb/gdb/macros/play/sample.c:13
#define N 1729
(gdb) macro expand N Q M
expands to: 1729 < 42
(gdb) print N Q M
$2 = 0
(gdb)
In addition to source files, macros can be defined on the compilation command line using
the ‘-Dname=value’ syntax. For macros defined in such a way, gdb displays the location of
their definition as line zero of the source file submitted to the compiler.
(gdb) info macro __STDC__
Defined at /home/jimb/gdb/macros/play/sample.c:0
-D__STDC__=1
(gdb)
Chapter 13: Tracepoints 159

13 Tracepoints
In some applications, it is not feasible for the debugger to interrupt the program’s execution
long enough for the developer to learn anything helpful about its behavior. If the program’s
correctness depends on its real-time behavior, delays introduced by a debugger might cause
the program to change its behavior drastically, or perhaps fail, even when the code itself is
correct. It is useful to be able to observe the program’s behavior without interrupting it.
Using gdb’s trace and collect commands, you can specify locations in the program,
called tracepoints, and arbitrary expressions to evaluate when those tracepoints are reached.
Later, using the tfind command, you can examine the values those expressions had when
the program hit the tracepoints. The expressions may also denote objects in memory—
structures or arrays, for example—whose values gdb should record; while visiting a partic-
ular tracepoint, you may inspect those objects as if they were in memory at that moment.
However, because gdb records these values without interacting with you, it can do so quickly
and unobtrusively, hopefully not disturbing the program’s behavior.
The tracepoint facility is currently available only for remote targets. See Chapter 19
[Targets], page 247. In addition, your remote target must know how to collect trace data.
This functionality is implemented in the remote stub; however, none of the stubs distributed
with gdb support tracepoints as of this writing. The format of the remote packets used to
implement tracepoints are described in Section E.6 [Tracepoint Packets], page 631.
It is also possible to get trace data from a file, in a manner reminiscent of corefiles;
you specify the filename, and use tfind to search through the file. See Section 13.4 [Trace
Files], page 175, for more details.
This chapter describes the tracepoint commands and features.

13.1 Commands to Set Tracepoints

Before running such a trace experiment, an arbitrary number of tracepoints can be set. A
tracepoint is actually a special type of breakpoint (see Section 5.1.1 [Set Breaks], page 46),
so you can manipulate it using standard breakpoint commands. For instance, as with
breakpoints, tracepoint numbers are successive integers starting from one, and many of the
commands associated with tracepoints take the tracepoint number as their argument, to
identify which tracepoint to work on.
For each tracepoint, you can specify, in advance, some arbitrary set of data that you
want the target to collect in the trace buffer when it hits that tracepoint. The collected data
can include registers, local variables, or global data. Later, you can use gdb commands to
examine the values these data had at the time the tracepoint was hit.
Tracepoints do not support every breakpoint feature. Ignore counts on tracepoints have
no effect, and tracepoints cannot run gdb commands when they are hit. Tracepoints may
not be thread-specific either.
Some targets may support fast tracepoints, which are inserted in a different way (such
as with a jump instead of a trap), that is faster but possibly restricted in where they may
be installed.
Regular and fast tracepoints are dynamic tracing facilities, meaning that they can be
used to insert tracepoints at (almost) any location in the target. Some targets may also sup-
port controlling static tracepoints from gdb. With static tracing, a set of instrumentation
160 Debugging with gdb

points, also known as markers, are embedded in the target program, and can be activated
or deactivated by name or address. These are usually placed at locations which facilitate
investigating what the target is actually doing. gdb’s support for static tracing includes
being able to list instrumentation points, and attach them with gdb defined high level tra-
cepoints that expose the whole range of convenience of gdb’s tracepoints support. Namely,
support for collecting registers values and values of global or local (to the instrumentation
point) variables; tracepoint conditions and trace state variables. The act of installing a gdb
static tracepoint on an instrumentation point, or marker, is referred to as probing a static
tracepoint marker.

gdbserver supports tracepoints on some target systems. See Section 20.3 [Tracepoints
support in gdbserver], page 253.

This section describes commands to set tracepoints and associated conditions and ac-
tions.

13.1.1 Create and Delete Tracepoints

trace location
The trace command is very similar to the break command. Its argument
location can be a source line, a function name, or an address in the target
program. See Section 9.2 [Specify Location], page 100. The trace command
defines a tracepoint, which is a point in the target program where the debugger
will briefly stop, collect some data, and then allow the program to continue.
Setting a tracepoint or changing its actions takes effect immediately if the re-
mote stub supports the ‘InstallInTrace’ feature (see [install tracepoint in
tracing], page 623). If remote stub doesn’t support the ‘InstallInTrace’ fea-
ture, all these changes don’t take effect until the next tstart command, and
once a trace experiment is running, further changes will not have any effect
until the next trace experiment starts. In addition, gdb supports pending
tracepoints—tracepoints whose address is not yet resolved. (This is similar to
pending breakpoints.) Pending tracepoints are not downloaded to the target
and not installed until they are resolved. The resolution of pending tracepoints
requires gdb support—when debugging with the remote target, and gdb dis-
connects from the remote stub (see [disconnected tracing], page 168), pending
tracepoints can not be resolved (and downloaded to the remote stub) while gdb
is disconnected.
Here are some examples of using the trace command:
(gdb) trace foo.c:121 // a source file and line number

(gdb) trace +2 // 2 lines forward

(gdb) trace my function // first source line of function

(gdb) trace *my function // EXACT start address of function

(gdb) trace *0x2117c4 // an address

You can abbreviate trace as tr.

Chapter 13: Tracepoints 161

trace location if cond

Set a tracepoint with condition cond; evaluate the expression cond each time
the tracepoint is reached, and collect data only if the value is nonzero—that is,
if cond evaluates as true. See Section 13.1.4 [Tracepoint Conditions], page 163,
for more information on tracepoint conditions.
ftrace location [ if cond ]
The ftrace command sets a fast tracepoint. For targets that support them,
fast tracepoints will use a more efficient but possibly less general technique to
trigger data collection, such as a jump instruction instead of a trap, or some
sort of hardware support. It may not be possible to create a fast tracepoint at
the desired location, in which case the command will exit with an explanatory
message.
gdb handles arguments to ftrace exactly as for trace.
On 32-bit x86-architecture systems, fast tracepoints normally need to be placed
at an instruction that is 5 bytes or longer, but can be placed at 4-byte instruc-
tions if the low 64K of memory of the target program is available to install
trampolines. Some Unix-type systems, such as gnu/Linux, exclude low ad-
dresses from the program’s address space; but for instance with the Linux
kernel it is possible to let gdb use this area by doing a sysctl command to set
the mmap_min_addr kernel parameter, as in
sudo sysctl -w vm.mmap_min_addr=32768
which sets the low address to 32K, which leaves plenty of room for trampolines.
The minimum address should be set to a page boundary.
strace location [ if cond ]
The strace command sets a static tracepoint. For targets that support it,
setting a static tracepoint probes a static instrumentation point, or marker,
found at location. It may not be possible to set a static tracepoint at the
desired location, in which case the command will exit with an explanatory
message.
gdb handles arguments to strace exactly as for trace, with the addition that
the user can also specify -m marker as location. This probes the marker iden-
tified by the marker string identifier. This identifier depends on the static
tracepoint backend library your program is using. You can find all the marker
identifiers in the ‘ID’ field of the info static-tracepoint-markers command
output. See Section 13.1.8 [Listing Static Tracepoint Markers], page 167. For
example, in the following small program using the UST tracing engine:
main ()
{
trace_mark(ust, bar33, "str %s", "FOOBAZ");
}
the marker id is composed of joining the first two arguments to the trace_mark
call with a slash, which translates to:
(gdb) info static-tracepoint-markers
Cnt Enb ID Address What
1 n ust/bar33 0x0000000000400ddc in main at stexample.c:22
Data: "str %s"
162 Debugging with gdb

[etc...]

so you may probe the marker above with:

(gdb) strace -m ust/bar33

Static tracepoints accept an extra collect action — collect $_sdata. This

collects arbitrary user data passed in the probe point call to the tracing library.
In the UST example above, you’ll see that the third argument to trace_mark
is a printf-like format string. The user data is then the result of running that
formating string against the following arguments. Note that info static-
tracepoint-markers command output lists that format string in the ‘Data:’
field.
You can inspect this data when analyzing the trace buffer, by printing the
$ sdata variable like any other variable available to gdb. See Section 13.1.6
[Tracepoint Action Lists], page 164.
The convenience variable $tpnum records the tracepoint number of the most
recently set tracepoint.

delete tracepoint [num]

Permanently delete one or more tracepoints. With no argument, the default is
to delete all tracepoints. Note that the regular delete command can remove
tracepoints also.
Examples:
(gdb) delete trace 1 2 3 // remove three tracepoints

(gdb) delete trace // remove all tracepoints

You can abbreviate this command as del tr.

13.1.2 Enable and Disable Tracepoints

These commands are deprecated; they are equivalent to plain disable and enable.

disable tracepoint [num]

Disable tracepoint num, or all tracepoints if no argument num is given. A dis-
abled tracepoint will have no effect during a trace experiment, but it is not for-
gotten. You can re-enable a disabled tracepoint using the enable tracepoint
command. If the command is issued during a trace experiment and the debug
target has support for disabling tracepoints during a trace experiment, then the
change will be effective immediately. Otherwise, it will be applied to the next
trace experiment.

enable tracepoint [num]

Enable tracepoint num, or all tracepoints. If this command is issued during a
trace experiment and the debug target supports enabling tracepoints during a
trace experiment, then the enabled tracepoints will become effective immedi-
ately. Otherwise, they will become effective the next time a trace experiment
is run.
Chapter 13: Tracepoints 163

13.1.3 Tracepoint Passcounts

passcount [n [num]]
Set the passcount of a tracepoint. The passcount is a way to automatically
stop a trace experiment. If a tracepoint’s passcount is n, then the trace exper-
iment will be automatically stopped on the n’th time that tracepoint is hit. If
the tracepoint number num is not specified, the passcount command sets the
passcount of the most recently defined tracepoint. If no passcount is given, the
trace experiment will run until stopped explicitly by the user.
Examples:
(gdb) passcount 5 2 // Stop on the 5th execution of
// tracepoint 2

(gdb) passcount 12 // Stop on the 12th execution of the

// most recently defined tracepoint.
(gdb) trace foo
(gdb) pass 3
(gdb) trace bar
(gdb) pass 2
(gdb) trace baz
(gdb) pass 1 // Stop tracing when foo has been
// executed 3 times OR when bar has
// been executed 2 times
// OR when baz has been executed 1 time.

13.1.4 Tracepoint Conditions

The simplest sort of tracepoint collects data every time your program reaches a specified
place. You can also specify a condition for a tracepoint. A condition is just a Boolean
expression in your programming language (see Section 10.1 [Expressions], page 111). A
tracepoint with a condition evaluates the expression each time your program reaches it,
and data collection happens only if the condition is true.
Tracepoint conditions can be specified when a tracepoint is set, by using ‘if’ in the
arguments to the trace command. See Section 13.1.1 [Setting Tracepoints], page 160.
They can also be set or changed at any time with the condition command, just as with
breakpoints.
Unlike breakpoint conditions, gdb does not actually evaluate the conditional expression
itself. Instead, gdb encodes the expression into an agent expression (see Appendix F [Agent
Expressions], page 663) suitable for execution on the target, independently of gdb. Global
variables become raw memory locations, locals become stack accesses, and so forth.
For instance, suppose you have a function that is usually called frequently, but should
not be called after an error has occurred. You could use the following tracepoint command
to collect data about calls of that function that happen while the error code is propagating
through the program; an unconditional tracepoint could end up collecting thousands of
useless trace frames that you would have to search through.
(gdb) trace normal_operation if errcode > 0

13.1.5 Trace State Variables

A trace state variable is a special type of variable that is created and managed by target-side
code. The syntax is the same as that for GDB’s convenience variables (a string prefixed
164 Debugging with gdb

with “$”), but they are stored on the target. They must be created explicitly, using a
tvariable command. They are always 64-bit signed integers.
Trace state variables are remembered by gdb, and downloaded to the target along with
tracepoint information when the trace experiment starts. There are no intrinsic limits on
the number of trace state variables, beyond memory limitations of the target.
Although trace state variables are managed by the target, you can use them in print
commands and expressions as if they were convenience variables; gdb will get the current
value from the target while the trace experiment is running. Trace state variables share the
same namespace as other “$” variables, which means that you cannot have trace state vari-
ables with names like $23 or $pc, nor can you have a trace state variable and a convenience
variable with the same name.
tvariable $name [ = expression ]
The tvariable command creates a new trace state variable named $name, and
optionally gives it an initial value of expression. The expression is evaluated
when this command is entered; the result will be converted to an integer if
possible, otherwise gdb will report an error. A subsequent tvariable command
specifying the same name does not create a variable, but instead assigns the
supplied initial value to the existing variable of that name, overwriting any
previous initial value. The default initial value is 0.
info tvariables
List all the trace state variables along with their initial values. Their current
values may also be displayed, if the trace experiment is currently running.
delete tvariable [ $name ... ]
Delete the given trace state variables, or all of them if no arguments are speci-
fied.

13.1.6 Tracepoint Action Lists

actions [num]
This command will prompt for a list of actions to be taken when the tracepoint
is hit. If the tracepoint number num is not specified, this command sets the
actions for the one that was most recently defined (so that you can define a
tracepoint and then say actions without bothering about its number). You
specify the actions themselves on the following lines, one action at a time, and
terminate the actions list with a line containing just end. So far, the only
defined actions are collect, teval, and while-stepping.
actions is actually equivalent to commands (see Section 5.1.7 [Breakpoint Com-
mand Lists], page 62), except that only the defined actions are allowed; any
other gdb command is rejected.
To remove all actions from a tracepoint, type ‘actions num’ and follow it im-
mediately with ‘end’.
(gdb) collect data // collect some data

(gdb) while-stepping 5 // single-step 5 times, collect data

(gdb) end // signals the end of actions.

Chapter 13: Tracepoints 165

In the following example, the action list begins with collect commands in-
dicating the things to be collected when the tracepoint is hit. Then, in order
to single-step and collect additional data following the tracepoint, a while-
stepping command is used, followed by the list of things to be collected after
each step in a sequence of single steps. The while-stepping command is ter-
minated by its own separate end command. Lastly, the action list is terminated
by an end command.
(gdb) trace foo
(gdb) actions
Enter actions for tracepoint 1, one per line:
> collect bar,baz
> collect $regs
> while-stepping 12
> collect $pc, arr[i]
> end
end
collect[/mods] expr1, expr2, ...
Collect values of the given expressions when the tracepoint is hit. This com-
mand accepts a comma-separated list of any valid expressions. In addition to
global, static, or local variables, the following special arguments are supported:
$regs Collect all registers.
$args Collect all function arguments.
$locals Collect all local variables.
$_ret Collect the return address. This is helpful if you want to see more
of a backtrace.
$_probe_argc
Collects the number of arguments from the static probe at which
the tracepoint is located. See Section 5.1.10 [Static Probe Points],
page 65.
$_probe_argn
n is an integer between 0 and 11. Collects the nth argument
from the static probe at which the tracepoint is located. See
Section 5.1.10 [Static Probe Points], page 65.
$_sdata Collect static tracepoint marker specific data. Only available for
static tracepoints. See Section 13.1.6 [Tracepoint Action Lists],
page 164. On the UST static tracepoints library backend, an in-
strumentation point resembles a printf function call. The tracing
library is able to collect user specified data formatted to a character
string using the format provided by the programmer that instru-
mented the program. Other backends have similar mechanisms.
Here’s an example of a UST marker call:
const char master_name[] = "$your_name";
trace_mark(channel1, marker1, "hello %s", master_name)
In this case, collecting $_sdata collects the string ‘hello
$yourname’. When analyzing the trace buffer, you can inspect
‘$_sdata’ like any other variable available to gdb.
166 Debugging with gdb

You can give several consecutive collect commands, each one with a single
argument, or one collect command with several arguments separated by com-
mas; the effect is the same.
The optional mods changes the usual handling of the arguments. s requests
that pointers to chars be handled as strings, in particular collecting the contents
of the memory being pointed at, up to the first zero. The upper bound is by
default the value of the print elements variable; if s is followed by a decimal
number, that is the upper bound instead. So for instance ‘collect/s25 mystr’
collects as many as 25 characters at ‘mystr’.
The command info scope (see Chapter 16 [Symbols], page 213) is particularly
useful for figuring out what data to collect.
teval expr1, expr2, ...
Evaluate the given expressions when the tracepoint is hit. This command ac-
cepts a comma-separated list of expressions. The results are discarded, so this
is mainly useful for assigning values to trace state variables (see Section 13.1.5
[Trace State Variables], page 163) without adding those values to the trace
buffer, as would be the case if the collect action were used.
while-stepping n
Perform n single-step instruction traces after the tracepoint, collecting new data
after each step. The while-stepping command is followed by the list of what
to collect while stepping (followed by its own end command):
> while-stepping 12
> collect $regs, myglobal
> end
>
Note that $pc is not automatically collected by while-stepping; you need
to explicitly collect that register if you need it. You may abbreviate while-
stepping as ws or stepping.
set default-collect expr1, expr2, ...
This variable is a list of expressions to collect at each tracepoint hit. It is
effectively an additional collect action prepended to every tracepoint action
list. The expressions are parsed individually for each tracepoint, so for instance
a variable named xyz may be interpreted as a global for one tracepoint, and a
local for another, as appropriate to the tracepoint’s location.
show default-collect
Show the list of expressions that are collected by default at each tracepoint hit.

13.1.7 Listing Tracepoints

info tracepoints [num...]
Display information about the tracepoint num. If you don’t specify a tracepoint
number, displays information about all the tracepoints defined so far. The
format is similar to that used for info breakpoints; in fact, info tracepoints
is the same command, simply restricting itself to tracepoints.
A tracepoint’s listing may include additional information specific to tracing:
Chapter 13: Tracepoints 167

• its passcount as given by the passcount n command

• the state about installed on target of each location
(gdb) info trace
Num Type Disp Enb Address What
1 tracepoint keep y 0x0804ab57 in foo() at main.cxx:7
while-stepping 20
collect globfoo, $regs
end
collect globfoo2
end
pass count 1200
2 tracepoint keep y <MULTIPLE>
collect $eip
2.1 y 0x0804859c in func4 at change-loc.h:35
installed on target
2.2 y 0xb7ffc480 in func4 at change-loc.h:35
installed on target
2.3 y <PENDING> set_tracepoint
3 tracepoint keep y 0x080485b1 in foo at change-loc.c:29
not installed on target
(gdb)
This command can be abbreviated info tp.

13.1.8 Listing Static Tracepoint Markers

info static-tracepoint-markers
Display information about all static tracepoint markers defined in the program.
For each marker, the following columns are printed:
Count An incrementing counter, output to help readability. This is not a
stable identifier.
ID The marker ID, as reported by the target.
Enabled or Disabled
Probed markers are tagged with ‘y’. ‘n’ identifies marks that are
not enabled.
Address Where the marker is in your program, as a memory address.
What Where the marker is in the source for your program, as a file and
line number. If the debug information included in the program does
not allow gdb to locate the source of the marker, this column will
be left blank.
In addition, the following information may be printed for each marker:
Data User data passed to the tracing library by the marker call. In the
UST backend, this is the format string passed as argument to the
marker call.
Static tracepoints probing the marker
The list of static tracepoints attached to the marker.
(gdb) info static-tracepoint-markers
Cnt ID Enb Address What
168 Debugging with gdb

1 ust/bar2 y 0x0000000000400e1a in main at stexample.c:25

Data: number1 %d number2 %d
Probed by static tracepoints: #2
2 ust/bar33 n 0x0000000000400c87 in main at stexample.c:24
Data: str %s
(gdb)

13.1.9 Starting and Stopping Trace Experiments

tstart This command starts the trace experiment, and begins collecting data. It has
the side effect of discarding all the data collected in the trace buffer during the
previous trace experiment. If any arguments are supplied, they are taken as a
note and stored with the trace experiment’s state. The notes may be arbitrary
text, and are especially useful with disconnected tracing in a multi-user context;
the notes can explain what the trace is doing, supply user contact information,
and so forth.
tstop This command stops the trace experiment. If any arguments are supplied, they
are recorded with the experiment as a note. This is useful if you are stopping
a trace started by someone else, for instance if the trace is interfering with the
system’s behavior and needs to be stopped quickly.
Note: a trace experiment and data collection may stop automatically if any
tracepoint’s passcount is reached (see Section 13.1.3 [Tracepoint Passcounts],
page 163), or if the trace buffer becomes full.
tstatus This command displays the status of the current trace data collection.
Here is an example of the commands we described so far:
(gdb) trace gdb c test
(gdb) actions
Enter actions for tracepoint #1, one per line.
> collect $regs,$locals,$args
> while-stepping 11
> collect $regs
> end
> end
(gdb) tstart
[time passes ...]
(gdb) tstop
You can choose to continue running the trace experiment even if gdb disconnects from
the target, voluntarily or involuntarily. For commands such as detach, the debugger will
ask what you want to do with the trace. But for unexpected terminations (gdb crash,
network outage), it would be unfortunate to lose hard-won trace data, so the variable
disconnected-tracing lets you decide whether the trace should continue running without
gdb.
set disconnected-tracing on
set disconnected-tracing off
Choose whether a tracing run should continue to run if gdb has disconnected
from the target. Note that detach or quit will ask you directly what to do
about a running trace no matter what this variable’s setting, so the variable is
mainly useful for handling unexpected situations, such as loss of the network.
Chapter 13: Tracepoints 169

show disconnected-tracing
Show the current choice for disconnected tracing.
When you reconnect to the target, the trace experiment may or may not still be running;
it might have filled the trace buffer in the meantime, or stopped for one of the other reasons.
If it is running, it will continue after reconnection.
Upon reconnection, the target will upload information about the tracepoints in effect.
gdb will then compare that information to the set of tracepoints currently defined, and
attempt to match them up, allowing for the possibility that the numbers may have changed
due to creation and deletion in the meantime. If one of the target’s tracepoints does not
match any in gdb, the debugger will create a new tracepoint, so that you have a number
with which to specify that tracepoint. This matching-up process is necessarily heuristic,
and it may result in useless tracepoints being created; you may simply delete them if they
are of no use.
If your target agent supports a circular trace buffer, then you can run a trace experiment
indefinitely without filling the trace buffer; when space runs out, the agent deletes already-
collected trace frames, oldest first, until there is enough room to continue collecting. This
is especially useful if your tracepoints are being hit too often, and your trace gets termi-
nated prematurely because the buffer is full. To ask for a circular trace buffer, simply set
‘circular-trace-buffer’ to on. You can set this at any time, including during tracing;
if the agent can do it, it will change buffer handling on the fly, otherwise it will not take
eff