| blob | 3bee8bc89900fc578e7ea69b0e4e1ffea5a12120 |
1 /* Memory breakpoint operations for the remote server for GDB.
2 Copyright (C) 2002-2023 Free Software Foundation, Inc.
4 Contributed by MontaVista Software.
6 This file is part of GDB.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>. */
25 #define MAX_BREAKPOINT_LEN 8
27 /* Helper macro used in loops that append multiple items to a singly-linked
28 list instead of inserting items at the head of the list, as, say, in the
29 breakpoint lists. LISTPP is a pointer to the pointer that is the head of
30 the new list. ITEMP is a pointer to the item to be added to the list.
31 TAILP must be defined to be the same type as ITEMP, and initialized to
32 NULL. */
34 #define APPEND_TO_LIST(listpp, itemp, tailp) \
35 do \
36 { \
37 if ((tailp) == NULL) \
38 *(listpp) = (itemp); \
39 else \
40 (tailp)->next = (itemp); \
41 (tailp) = (itemp); \
42 } \
43 while (0)
45 /* GDB will never try to install multiple breakpoints at the same
46 address. However, we can see GDB requesting to insert a breakpoint
47 at an address is had already inserted one previously in a few
48 situations.
50 - The RSP documentation on Z packets says that to avoid potential
51 problems with duplicate packets, the operations should be
52 implemented in an idempotent way.
54 - A breakpoint is set at ADDR, an address in a shared library.
55 Then the shared library is unloaded. And then another, unrelated,
56 breakpoint at ADDR is set. There is not breakpoint removal request
57 between the first and the second breakpoint.
59 - When GDB wants to update the target-side breakpoint conditions or
60 commands, it re-inserts the breakpoint, with updated
61 conditions/commands associated.
63 Also, we need to keep track of internal breakpoints too, so we do
64 need to be able to install multiple breakpoints at the same address
65 transparently.
67 We keep track of two different, and closely related structures. A
68 raw breakpoint, which manages the low level, close to the metal
69 aspect of a breakpoint. It holds the breakpoint address, and for
70 software breakpoints, a buffer holding a copy of the instructions
71 that would be in memory had not been a breakpoint there (we call
72 that the shadow memory of the breakpoint). We occasionally need to
73 temporarily uninsert a breakpoint without the client knowing about
74 it (e.g., to step over an internal breakpoint), so we keep an
75 `inserted' state associated with this low level breakpoint
76 structure. There can only be one such object for a given address.
77 Then, we have (a bit higher level) breakpoints. This structure
78 holds a callback to be called whenever a breakpoint is hit, a
79 high-level type, and a link to a low level raw breakpoint. There
80 can be many high-level breakpoints at the same address, and all of
81 them will point to the same raw breakpoint, which is reference
82 counted. */
84 /* The low level, physical, raw breakpoint. */
85 struct raw_breakpoint
86 {
89 /* The low level type of the breakpoint (software breakpoint,
90 watchpoint, etc.) */
93 /* A reference count. Each high level breakpoint referencing this
94 raw breakpoint accounts for one reference. */
97 /* The breakpoint's insertion address. There can only be one raw
98 breakpoint for a given PC. */
99 CORE_ADDR pc;
101 /* The breakpoint's kind. This is target specific. Most
102 architectures only use one specific instruction for breakpoints, while
103 others may use more than one. E.g., on ARM, we need to use different
104 breakpoint instructions on Thumb, Thumb-2, and ARM code. Likewise for
105 hardware breakpoints -- some architectures (including ARM) need to
106 setup debug registers differently depending on mode. */
109 /* The breakpoint's shadow memory. */
112 /* Positive if this breakpoint is currently inserted in the
113 inferior. Negative if it was, but we've detected that it's now
114 gone. Zero if not inserted. */
116 };
118 /* The type of a breakpoint. */
119 enum bkpt_type
120 {
121 /* A GDB breakpoint, requested with a Z0 packet. */
122 gdb_breakpoint_Z0,
124 /* A GDB hardware breakpoint, requested with a Z1 packet. */
125 gdb_breakpoint_Z1,
127 /* A GDB write watchpoint, requested with a Z2 packet. */
128 gdb_breakpoint_Z2,
130 /* A GDB read watchpoint, requested with a Z3 packet. */
131 gdb_breakpoint_Z3,
133 /* A GDB access watchpoint, requested with a Z4 packet. */
134 gdb_breakpoint_Z4,
136 /* A software single-step breakpoint. */
137 single_step_breakpoint,
139 /* Any other breakpoint type that doesn't require specific
140 treatment goes here. E.g., an event breakpoint. */
141 other_breakpoint,
142 };
144 struct point_cond_list
145 {
146 /* Pointer to the agent expression that is the breakpoint's
147 conditional. */
150 /* Pointer to the next condition. */
152 };
154 struct point_command_list
155 {
156 /* Pointer to the agent expression that is the breakpoint's
157 commands. */
160 /* Flag that is true if this command should run even while GDB is
161 disconnected. */
164 /* Pointer to the next command. */
166 };
168 /* A high level (in gdbserver's perspective) breakpoint. */
169 struct breakpoint
170 {
173 /* The breakpoint's type. */
176 /* Link to this breakpoint's raw breakpoint. This is always
177 non-NULL. */
179 };
181 /* Breakpoint requested by GDB. */
183 struct gdb_breakpoint
184 {
187 /* Pointer to the condition list that should be evaluated on
188 the target or NULL if the breakpoint is unconditional or
189 if GDB doesn't want us to evaluate the conditionals on the
190 target's side. */
193 /* Point to the list of commands to run when this is hit. */
195 };
197 /* Breakpoint used by GDBserver. */
199 struct other_breakpoint
200 {
203 /* Function to call when we hit this breakpoint. If it returns 1,
204 the breakpoint shall be deleted; 0 or if this callback is NULL,
205 it will be left inserted. */
207 };
209 /* Breakpoint for single step. */
211 struct single_step_breakpoint
212 {
215 /* Thread the reinsert breakpoint belongs to. */
216 ptid_t ptid;
217 };
219 /* Return the breakpoint size from its kind. */
221 static int
223 {
228 }
230 /* Return the breakpoint opcode from its kind. */
234 {
238 }
240 /* See mem-break.h. */
242 enum target_hw_bp_type
244 {
246 {
257 }
258 }
260 /* See mem-break.h. */
262 static enum bkpt_type
264 {
268 }
270 /* See mem-break.h. */
272 enum raw_bkpt_type
274 {
276 {
289 }
290 }
292 /* Return true if breakpoint TYPE is a GDB breakpoint. */
294 static int
296 {
302 }
304 bool
306 {
311 {
313 {
319 }
320 }
323 }
325 /* Find low-level breakpoint of type TYPE at address ADDR that is not
326 insert-disabled. Returns NULL if not found. */
330 {
341 }
343 /* Find low-level breakpoint of type TYPE at address ADDR. Returns
344 NULL if not found. */
348 {
357 }
359 /* See mem-break.h. */
361 int
363 {
367 /* Note that there can be fast tracepoint jumps installed in the
368 same memory range, so to get at the original memory, we need to
369 use read_inferior_memory, which masks those out. */
372 {
376 }
377 else
378 {
386 }
388 }
390 /* See mem-break.h */
392 int
394 {
398 /* Since there can be trap breakpoints inserted in the same address
399 range, we use `target_write_memory', which takes care of
400 layering breakpoints on top of fast tracepoints, and on top of
401 the buffer we pass it. This works because the caller has already
402 either unlinked the breakpoint or marked it uninserted. Also
403 note that we need to pass the current shadow contents, because
404 target_write_memory updates any shadow memory with what we pass
405 here, and we want that to be a nop. */
414 }
416 /* Set a RAW breakpoint of type TYPE and kind KIND at WHERE. On
417 success, a pointer to the new breakpoint is returned. On failure,
418 returns NULL and writes the error code to *ERR. */
423 {
428 {
431 {
432 /* A different kind than previously seen. The previous
433 breakpoint must be gone then. */
434 threads_debug_printf
439 }
440 }
441 else
446 {
452 }
455 {
458 {
463 }
466 }
468 /* If the breakpoint was allocated above, we know we want to keep it
469 now. */
472 /* Link the breakpoint in, if this is the first reference. */
474 {
477 }
479 }
481 /* Notice that breakpoint traps are always installed on top of fast
482 tracepoint jumps. This is even if the fast tracepoint is installed
483 at a later time compared to when the breakpoint was installed.
484 This means that a stopping breakpoint or tracepoint has higher
485 "priority". In turn, this allows having fast and slow tracepoints
486 (and breakpoints) at the same address behave correctly. */
489 /* A fast tracepoint jump. */
491 struct fast_tracepoint_jump
492 {
495 /* A reference count. GDB can install more than one fast tracepoint
496 at the same address (each with its own action list, for
497 example). */
500 /* The fast tracepoint's insertion address. There can only be one
501 of these for a given PC. */
502 CORE_ADDR pc;
504 /* Non-zero if this fast tracepoint jump is currently inserted in
505 the inferior. */
508 /* The length of the jump instruction. */
511 /* A poor-man's flexible array member, holding both the jump
512 instruction to insert, and a copy of the instruction that would
513 be in memory had not been a jump there (the shadow memory of the
514 tracepoint jump). */
516 };
518 /* Fast tracepoint FP's jump instruction to insert. */
519 #define fast_tracepoint_jump_insn(fp) \
520 ((fp)->insn_and_shadow + 0)
522 /* The shadow memory of fast tracepoint jump FP. */
523 #define fast_tracepoint_jump_shadow(fp) \
524 ((fp)->insn_and_shadow + (fp)->length)
527 /* Return the fast tracepoint jump set at WHERE. */
531 {
540 }
542 int
544 {
548 }
550 int
552 {
561 {
563 {
565 {
569 /* Unlink it. */
572 /* Since there can be breakpoints inserted in the same
573 address range, we use `target_write_memory', which
574 takes care of layering breakpoints on top of fast
575 tracepoints, and on top of the buffer we pass it.
576 This works because we've already unlinked the fast
577 tracepoint jump above. Also note that we need to
578 pass the current shadow contents, because
579 target_write_memory updates any shadow memory with
580 what we pass here, and we want that to be a nop. */
585 {
586 /* Something went wrong, relink the jump. */
589 threads_debug_printf
594 }
597 }
600 }
601 else
602 {
605 }
606 }
610 }
612 void
614 {
616 }
621 {
627 /* We refcount fast tracepoint jumps. Check if we already know
628 about a jump at this address. */
631 {
634 }
636 /* We don't, so create a new object. Double the length, because the
637 flexible array member holds both the jump insn, and the
638 shadow. */
646 /* Note that there can be trap breakpoints inserted in the same
647 address range. To access the original memory contents, we use
648 `read_inferior_memory', which masks out breakpoints. */
651 {
657 }
660 /* Link the jump in. */
665 /* Since there can be trap breakpoints inserted in the same address
666 range, we use use `target_write_memory', which takes care of
667 layering breakpoints on top of fast tracepoints, on top of the
668 buffer we pass it. This works because we've already linked in
669 the fast tracepoint jump above. Also note that we need to pass
670 the current shadow contents, because target_write_memory
671 updates any shadow memory with what we pass here, and we want
672 that to be a nop. */
675 {
676 threads_debug_printf
680 /* Unlink it. */
685 }
688 }
690 void
692 {
698 {
699 /* This can happen when we remove all breakpoints while handling
700 a step-over. */
705 }
708 {
713 /* Since there can be trap breakpoints inserted in the same
714 address range, we use use `target_write_memory', which
715 takes care of layering breakpoints on top of fast
716 tracepoints, and on top of the buffer we pass it. This works
717 because we've already marked the fast tracepoint fast
718 tracepoint jump uninserted above. Also note that we need to
719 pass the current shadow contents, because
720 target_write_memory updates any shadow memory with what we
721 pass here, and we want that to be a nop. */
726 {
732 }
733 }
734 }
736 void
738 {
745 {
746 /* This can happen when we remove breakpoints when a tracepoint
747 hit causes a tracing stop, while handling a step-over. */
752 }
759 /* Since there can be trap breakpoints inserted in the same address
760 range, we use `target_write_memory', which takes care of
761 layering breakpoints on top of fast tracepoints, and on top of
762 the buffer we pass it. This works because we've already marked
763 the fast tracepoint jump inserted above. Also note that we need
764 to pass the current shadow contents, because
765 target_write_memory updates any shadow memory with what we pass
766 here, and we want that to be a nop. */
771 {
777 }
778 }
780 /* Set a high-level breakpoint of type TYPE, with low level type
781 RAW_TYPE and kind KIND, at WHERE. On success, a pointer to the new
782 breakpoint is returned. On failure, returns NULL and writes the
783 error code to *ERR. HANDLER is called when the breakpoint is hit.
784 HANDLER should return 1 if the breakpoint should be deleted, 0
785 otherwise. */
791 {
799 {
800 /* warn? */
802 }
805 {
810 }
812 {
817 }
819 {
824 }
825 else
835 }
837 /* Set breakpoint of TYPE on address WHERE with handler HANDLER. */
842 {
850 }
852 /* See mem-break.h */
856 {
858 }
861 static int
863 {
871 {
873 {
875 {
883 {
884 /* Something went wrong, relink the breakpoint. */
891 }
892 }
893 else
898 }
899 else
900 {
903 }
904 }
908 }
910 static int
912 {
918 {
922 }
923 else
929 }
931 static int
933 {
941 {
943 {
952 }
953 else
954 {
957 }
958 }
962 }
964 int
966 {
969 }
971 /* Locate a GDB breakpoint of type Z_TYPE and kind KIND placed at
972 address ADDR and return a pointer to its structure. If KIND is -1,
973 the breakpoint's kind is ignored. */
977 {
980 /* In some situations the current process exits, we inform GDB, but
981 before GDB can acknowledge that the process has exited GDB tries to
982 detach from the inferior. As part of the detach process GDB will
983 remove all breakpoints, which means we can end up here when the
984 current process has already exited and so PROC is nullptr. In this
985 case just claim we can't find (and so delete) the breakpoint, GDB
986 will ignore this error during detach. */
999 }
1001 static int
1003 {
1006 }
1008 /* Create a new GDB breakpoint of type Z_TYPE at ADDR with kind KIND.
1009 Returns a pointer to the newly created breakpoint on success. On
1010 failure returns NULL and sets *ERR to either -1 for error, or 1 if
1011 Z_TYPE breakpoints are not supported on this target. */
1015 {
1021 {
1024 }
1026 /* If we see GDB inserting a second code breakpoint at the same
1027 address, then either: GDB is updating the breakpoint's conditions
1028 or commands; or, the first breakpoint must have disappeared due
1029 to a shared library unload. On targets where the shared
1030 libraries are handled by userspace, like SVR4, for example,
1031 GDBserver can't tell if a library was loaded or unloaded. Since
1032 we refcount raw breakpoints, we must be careful to make sure GDB
1033 breakpoints never contribute more than one reference. if we
1034 didn't do this, in case the previous breakpoint is gone due to a
1035 shared library unload, we'd just increase the refcount of the
1036 previous breakpoint at this address, but the trap was not planted
1037 in the inferior anymore, thus the breakpoint would never be hit.
1038 Note this must be careful to not create a window where
1039 breakpoints are removed from the target, for non-stop, in case
1040 the target can poke at memory while the program is running. */
1043 {
1047 {
1049 {
1050 /* A different kind than previously seen. The previous
1051 breakpoint must be gone then. */
1055 }
1057 {
1058 /* Check if the breakpoint is actually gone from the
1059 target, due to an solib unload, for example. Might
1060 as well validate _all_ breakpoints. */
1063 /* Breakpoints that don't pass validation are
1064 deleted. */
1066 }
1067 }
1068 }
1069 else
1070 {
1071 /* Data breakpoints for the same address but different kind are
1072 expected. GDB doesn't merge these. The backend gets to do
1073 that if it wants/can. */
1075 }
1078 {
1079 /* We already know about this breakpoint, there's nothing else
1080 to do - GDB's reference is already accounted for. Note that
1081 whether the breakpoint inserted is left as is - we may be
1082 stepping over it, for example, in which case we don't want to
1083 force-reinsert it. */
1085 }
1091 }
1093 /* Delete a GDB breakpoint of type Z_TYPE and kind KIND previously
1094 inserted at ADDR with set_gdb_breakpoint_at. Returns 0 on success,
1095 -1 on error, and 1 if Z_TYPE breakpoints are not supported on this
1096 target. */
1098 int
1100 {
1108 /* Before deleting the breakpoint, make sure to free its condition
1109 and command lists. */
1116 }
1118 /* Clear all conditions associated with a breakpoint. */
1120 static void
1122 {
1131 {
1138 }
1141 }
1143 /* Clear all commands associated with a breakpoint. */
1145 static void
1147 {
1156 {
1163 }
1166 }
1168 void
1170 {
1173 }
1175 /* Add condition CONDITION to GDBserver's breakpoint BP. */
1177 static void
1180 {
1183 /* Create new condition. */
1187 /* Add condition to the list. */
1190 }
1192 /* Add a target-side condition CONDITION to a breakpoint. */
1194 int
1196 {
1209 {
1212 }
1219 }
1221 /* Evaluate condition (if any) at breakpoint BP. Return 1 if
1222 true and 0 otherwise. */
1224 static int
1226 {
1227 /* Fetch registers for the current inferior. */
1237 /* Check if the breakpoint is unconditional. If it is,
1238 the condition always evaluates to TRUE. */
1246 /* Evaluate each condition in the breakpoint's list of conditions.
1247 Return true if any of the conditions evaluates to TRUE.
1249 If we failed to evaluate the expression, TRUE is returned. This
1250 forces GDB to reevaluate the conditions. */
1253 {
1254 /* Evaluate the condition. */
1256 }
1262 }
1264 int
1266 {
1267 /* Only check code (software or hardware) breakpoints. */
1270 }
1272 /* Add commands COMMANDS to GDBserver's breakpoint BP. */
1274 static void
1277 {
1280 /* Create new command. */
1285 /* Add commands to the list. */
1288 }
1290 /* Add a target-side command COMMAND to the breakpoint at ADDR. */
1292 int
1295 {
1308 {
1311 }
1318 }
1320 /* Return true if there are no commands to run at this location,
1321 which likely means we want to report back to GDB. */
1323 static int
1325 {
1335 }
1337 /* Return true if there are no commands to run at this location,
1338 which likely means we want to report back to GDB. */
1340 int
1342 {
1343 /* Only check code (software or hardware) breakpoints. */
1346 }
1348 /* Run a breakpoint's commands. Returns 0 if there was a problem
1349 running any command, 1 otherwise. */
1351 static int
1353 {
1354 /* Fetch registers for the current inferior. */
1370 {
1371 /* Run the command. */
1374 /* If one command has a problem, stop digging the hole deeper. */
1377 }
1380 }
1382 void
1384 {
1385 /* Only check code (software or hardware) breakpoints. If one
1386 command has a problem, stop digging the hole deeper. */
1389 }
1391 /* See mem-break.h. */
1393 int
1395 {
1396 /* Only check code (software or hardware) breakpoints. */
1399 }
1401 void
1403 {
1411 }
1413 void
1415 {
1423 {
1426 {
1427 scoped_restore_current_thread restore_thread;
1433 }
1434 else
1435 {
1438 }
1439 }
1440 }
1442 static void
1444 {
1446 {
1449 }
1451 {
1458 {
1463 }
1464 }
1465 }
1467 void
1469 {
1478 {
1483 }
1486 {
1487 /* This can happen when we remove all breakpoints while handling
1488 a step-over. */
1492 }
1493 }
1495 void
1497 {
1506 }
1508 void
1510 {
1515 {
1518 {
1521 /* Only uninsert the raw breakpoint if it only belongs to a
1522 reinsert breakpoint. */
1524 {
1525 scoped_restore_current_thread restore_thread;
1529 }
1530 }
1531 }
1532 }
1534 static void
1536 {
1545 else
1548 }
1550 void
1552 {
1561 {
1565 }
1568 {
1569 /* This can happen when we remove all breakpoints while handling
1570 a step-over. */
1574 }
1575 }
1577 int
1579 {
1587 {
1591 else
1592 {
1595 }
1596 }
1599 }
1601 void
1603 {
1612 }
1614 void
1616 {
1621 {
1624 {
1628 {
1629 scoped_restore_current_thread restore_thread;
1633 }
1634 }
1635 }
1636 }
1638 void
1640 {
1648 {
1654 {
1656 {
1659 }
1662 {
1667 {
1674 }
1675 }
1676 }
1680 }
1681 }
1683 int
1685 {
1696 }
1698 int
1700 {
1712 }
1714 /* See mem-break.h. */
1716 int
1718 {
1729 }
1731 /* See mem-break.h. */
1733 int
1735 {
1746 }
1748 /* See mem-break.h. */
1750 int
1752 {
1763 }
1765 static int
1767 {
1777 {
1778 /* Tag it as gone. */
1781 }
1784 }
1786 static void
1788 {
1793 {
1796 {
1797 /* If single_step_breakpoints become disabled, that means the
1798 manipulations (insertion and removal) of them are wrong. */
1801 }
1802 }
1803 }
1805 /* Check if breakpoints we inserted still appear to be inserted. They
1806 may disappear due to a shared library unload, and worse, a new
1807 shared library may be reloaded at the same address as the
1808 previously unloaded one. If that happens, we should make sure that
1809 the shadow memory of the old breakpoints isn't used when reading or
1810 writing memory. */
1812 void
1814 {
1819 {
1824 }
1827 }
1829 void
1831 {
1839 {
1867 copy_len);
1868 }
1871 {
1900 {
1903 else
1905 }
1906 }
1910 }
1912 void
1915 {
1922 /* First fast tracepoint jumps, then breakpoint traps on top. */
1925 {
1957 }
1960 {
1990 {
1993 else
1995 }
1996 }
2000 }
2002 /* Delete all breakpoints, and un-insert them from the inferior. */
2004 void
2006 {
2011 }
2013 /* Clear the "inserted" flag in all breakpoints. */
2015 void
2017 {
2022 }
2024 /* Release all breakpoints, but do not try to un-insert them from the
2025 inferior. */
2027 void
2029 {
2032 /* Note: use PROC explicitly instead of deferring to
2033 delete_all_breakpoints --- CURRENT_INFERIOR may already have been
2034 released when we get here. There should be no call to
2035 current_process from here on. */
2038 }
2040 /* Clone an agent expression. */
2044 {
2052 }
2054 /* Deep-copy the contents of one breakpoint to another. */
2058 {
2062 /* Clone the raw breakpoint. */
2071 /* Clone the high-level breakpoint. */
2073 {
2082 /* Clone the condition list. */
2086 {
2090 }
2092 /* Clone the command list. */
2096 {
2101 }
2104 }
2106 {
2111 }
2113 {
2118 /* Since single-step breakpoint is thread specific, don't copy
2119 thread id from SRC, use ID instead. */
2121 }
2122 else
2129 }
2131 /* See mem-break.h. */
2133 void
2136 {
2147 {
2151 }
2152 }