Initial bulk commit for "Git on MSys"

[msysgit/historical-msysgit.git] / mingw / info / gdbint / Algorithms.html

<html lang="en">
<head>
<title>GDB Internals</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="GDB Internals">
<meta name="generator" content="makeinfo 4.3">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home">
</head>
<body>
<div class="node">
<p>
Node:<a name="Algorithms">Algorithms</a>,
Next:<a rel="next" accesskey="n" href="User-Interface.html#User%20Interface">User Interface</a>,
Previous:<a rel="previous" accesskey="p" href="Overall-Structure.html#Overall%20Structure">Overall Structure</a>,
Up:<a rel="up" accesskey="u" href="index.html#Top">Top</a>
<hr><br>
</div>

<h2 class="chapter">Algorithms</h2>

   GDB uses a number of debugging-specific algorithms.  They are
often not very complicated, but get lost in the thicket of special
cases and real-world issues.  This chapter describes the basic
algorithms and mentions some of the specific target definitions that
they use.

<h3 class="section">Frames</h3>

   <p>A frame is a construct that GDB uses to keep track of calling
and called functions.

   <p><code>FRAME_FP</code> in the machine description has no meaning to the
machine-independent part of GDB, except that it is used when
setting up a new frame from scratch, as follows:

<pre class="example">           create_new_frame (read_register (FP_REGNUM), read_pc ()));
     </pre>

   <p>Other than that, all the meaning imparted to <code>FP_REGNUM</code> is
imparted by the machine-dependent code.  So, <code>FP_REGNUM</code> can have
any value that is convenient for the code that creates new frames. 
(<code>create_new_frame</code> calls <code>INIT_EXTRA_FRAME_INFO</code> if it is
defined; that is where you should use the <code>FP_REGNUM</code> value, if
your frames are nonstandard.)

   <p>Given a GDB frame, define <code>FRAME_CHAIN</code> to determine the
address of the calling function's frame.  This will be used to create
a new GDB frame struct, and then <code>INIT_EXTRA_FRAME_INFO</code>
and <code>INIT_FRAME_PC</code> will be called for the new frame.

<h3 class="section">Breakpoint Handling</h3>

   <p>In general, a breakpoint is a user-designated location in the program
where the user wants to regain control if program execution ever reaches
that location.

   <p>There are two main ways to implement breakpoints; either as "hardware"
breakpoints or as "software" breakpoints.

   <p>Hardware breakpoints are sometimes available as a builtin debugging
features with some chips.  Typically these work by having dedicated
register into which the breakpoint address may be stored.  If the PC
(shorthand for <dfn>program counter</dfn>)
ever matches a value in a breakpoint registers, the CPU raises an
exception and reports it to GDB.

   <p>Another possibility is when an emulator is in use; many emulators
include circuitry that watches the address lines coming out from the
processor, and force it to stop if the address matches a breakpoint's
address.

   <p>A third possibility is that the target already has the ability to do
breakpoints somehow; for instance, a ROM monitor may do its own
software breakpoints.  So although these are not literally "hardware
breakpoints", from GDB's point of view they work the same;
GDB need not do nothing more than set the breakpoint and wait
for something to happen.

   <p>Since they depend on hardware resources, hardware breakpoints may be
limited in number; when the user asks for more, GDB will
start trying to set software breakpoints.  (On some architectures,
notably the 32-bit x86 platforms, GDB cannot alsways know
whether there's enough hardware resources to insert all the hardware
breakpoints and watchpoints.  On those platforms, GDB prints
an error message only when the program being debugged is continued.)

   <p>Software breakpoints require GDB to do somewhat more work. 
The basic theory is that GDB will replace a program
instruction with a trap, illegal divide, or some other instruction
that will cause an exception, and then when it's encountered,
GDB will take the exception and stop the program.  When the
user says to continue, GDB will restore the original
instruction, single-step, re-insert the trap, and continue on.

   <p>Since it literally overwrites the program being tested, the program area
must be writable, so this technique won't work on programs in ROM.  It
can also distort the behavior of programs that examine themselves,
although such a situation would be highly unusual.

   <p>Also, the software breakpoint instruction should be the smallest size of
instruction, so it doesn't overwrite an instruction that might be a jump
target, and cause disaster when the program jumps into the middle of the
breakpoint instruction.  (Strictly speaking, the breakpoint must be no
larger than the smallest interval between instructions that may be jump
targets; perhaps there is an architecture where only even-numbered
instructions may jumped to.)  Note that it's possible for an instruction
set not to have any instructions usable for a software breakpoint,
although in practice only the ARC has failed to define such an
instruction.

   <p>The basic definition of the software breakpoint is the macro
<code>BREAKPOINT</code>.

   <p>Basic breakpoint object handling is in <code>breakpoint.c</code>.  However,
much of the interesting breakpoint action is in <code>infrun.c</code>.

<h3 class="section">Single Stepping</h3>

<h3 class="section">Signal Handling</h3>

<h3 class="section">Thread Handling</h3>

<h3 class="section">Inferior Function Calls</h3>

<h3 class="section">Longjmp Support</h3>

   GDB has support for figuring out that the target is doing a
<code>longjmp</code> and for stopping at the target of the jump, if we are
stepping.  This is done with a few specialized internal breakpoints,
which are visible in the output of the <code>maint info breakpoint</code>
command.

   <p>To make this work, you need to define a macro called
<code>GET_LONGJMP_TARGET</code>, which will examine the <code>jmp_buf</code>
structure and extract the longjmp target address.  Since <code>jmp_buf</code>
is target specific, you will need to define it in the appropriate
<code>tm-</code><var>target</var><code>.h</code> file.  Look in <code>tm-sun4os4.h</code> and
<code>sparc-tdep.c</code> for examples of how to do this.

<h3 class="section">Watchpoints</h3>

   <p>Watchpoints are a special kind of breakpoints (see <a href="Algorithms.html#Algorithms">breakpoints</a>) which break when data is accessed rather than when some
instruction is executed.  When you have data which changes without
your knowing what code does that, watchpoints are the silver bullet to
hunt down and kill such bugs.

   <p>Watchpoints can be either hardware-assisted or not; the latter type is
known as "software watchpoints."  GDB always uses
hardware-assisted watchpoints if they are available, and falls back on
software watchpoints otherwise.  Typical situations where GDB
will use software watchpoints are:

     <ul>
<li>The watched memory region is too large for the underlying hardware
watchpoint support.  For example, each x86 debug register can watch up
to 4 bytes of memory, so trying to watch data structures whose size is
more than 16 bytes will cause GDB to use software
watchpoints.

     <li>The value of the expression to be watched depends on data held in
registers (as opposed to memory).

     <li>Too many different watchpoints requested.  (On some architectures,
this situation is impossible to detect until the debugged program is
resumed.)  Note that x86 debug registers are used both for hardware
breakpoints and for watchpoints, so setting too many hardware
breakpoints might cause watchpoint insertion to fail.

     <li>No hardware-assisted watchpoints provided by the target
implementation. 
</ul>

   <p>Software watchpoints are very slow, since GDB needs to
single-step the program being debugged and test the value of the
watched expression(s) after each instruction.  The rest of this
section is mostly irrelevant for software watchpoints.

   GDB uses several macros and primitives to support hardware
watchpoints:

     <dl>
<dt><code>TARGET_HAS_HARDWARE_WATCHPOINTS</code>
     <dd>If defined, the target supports hardware watchpoints.

     <br><dt><code>TARGET_CAN_USE_HARDWARE_WATCHPOINT (</code><var>type</var><code>, </code><var>count</var><code>, </code><var>other</var><code>)</code>
     <dd>Return the number of hardware watchpoints of type <var>type</var> that are
possible to be set.  The value is positive if <var>count</var> watchpoints
of this type can be set, zero if setting watchpoints of this type is
not supported, and negative if <var>count</var> is more than the maximum
number of watchpoints of type <var>type</var> that can be set.  <var>other</var>
is non-zero if other types of watchpoints are currently enabled (there
are architectures which cannot set watchpoints of different types at
the same time).

     <br><dt><code>TARGET_REGION_OK_FOR_HW_WATCHPOINT (</code><var>addr</var><code>, </code><var>len</var><code>)</code>
     <dd>Return non-zero if hardware watchpoints can be used to watch a region
whose address is <var>addr</var> and whose length in bytes is <var>len</var>.

     <br><dt><code>TARGET_REGION_SIZE_OK_FOR_HW_WATCHPOINT (</code><var>size</var><code>)</code>
     <dd>Return non-zero if hardware watchpoints can be used to watch a region
whose size is <var>size</var>.  GDB only uses this macro as a
fall-back, in case <code>TARGET_REGION_OK_FOR_HW_WATCHPOINT</code> is not
defined.

     <br><dt><code>TARGET_DISABLE_HW_WATCHPOINTS (</code><var>pid</var><code>)</code>
     <dd>Disables watchpoints in the process identified by <var>pid</var>.  This is
used, e.g., on HP-UX which provides operations to disable and enable
the page-level memory protection that implements hardware watchpoints
on that platform.

     <br><dt><code>TARGET_ENABLE_HW_WATCHPOINTS (</code><var>pid</var><code>)</code>
     <dd>Enables watchpoints in the process identified by <var>pid</var>.  This is
used, e.g., on HP-UX which provides operations to disable and enable
the page-level memory protection that implements hardware watchpoints
on that platform.

     <br><dt><code>target_insert_watchpoint (</code><var>addr</var><code>, </code><var>len</var><code>, </code><var>type</var><code>)</code>
     <dd><dt><code>target_remove_watchpoint (</code><var>addr</var><code>, </code><var>len</var><code>, </code><var>type</var><code>)</code>
     <dd>Insert or remove a hardware watchpoint starting at <var>addr</var>, for
<var>len</var> bytes.  <var>type</var> is the watchpoint type, one of the
possible values of the enumerated data type <code>target_hw_bp_type</code>,
defined by <code>breakpoint.h</code> as follows:

     <pre class="example">           enum target_hw_bp_type
             {
               hw_write   = 0, /* Common (write) HW watchpoint */
               hw_read    = 1, /* Read    HW watchpoint */
               hw_access  = 2, /* Access (read or write) HW watchpoint */
               hw_execute = 3  /* Execute HW breakpoint */
             };
          </pre>

     <p>These two macros should return 0 for success, non-zero for failure.

     <br><dt><code>target_remove_hw_breakpoint (</code><var>addr</var><code>, </code><var>shadow</var><code>)</code>
     <dd><dt><code>target_insert_hw_breakpoint (</code><var>addr</var><code>, </code><var>shadow</var><code>)</code>
     <dd>Insert or remove a hardware-assisted breakpoint at address <var>addr</var>. 
Returns zero for success, non-zero for failure.  <var>shadow</var> is the
real contents of the byte where the breakpoint has been inserted; it
is generally not valid when hardware breakpoints are used, but since
no other code touches these values, the implementations of the above
two macros can use them for their internal purposes.

     <br><dt><code>target_stopped_data_address ()</code>
     <dd>If the inferior has some watchpoint that triggered, return the address
associated with that watchpoint.  Otherwise, return zero.

     <br><dt><code>DECR_PC_AFTER_HW_BREAK</code>
     <dd>If defined, GDB decrements the program counter by the value
of <code>DECR_PC_AFTER_HW_BREAK</code> after a hardware break-point.  This
overrides the value of <code>DECR_PC_AFTER_BREAK</code> when a breakpoint
that breaks is a hardware-assisted breakpoint.

     <br><dt><code>HAVE_STEPPABLE_WATCHPOINT</code>
     <dd>If defined to a non-zero value, it is not necessary to disable a
watchpoint to step over it.

     <br><dt><code>HAVE_NONSTEPPABLE_WATCHPOINT</code>
     <dd>If defined to a non-zero value, GDB should disable a
watchpoint to step the inferior over it.

     <br><dt><code>HAVE_CONTINUABLE_WATCHPOINT</code>
     <dd>If defined to a non-zero value, it is possible to continue the
inferior after a watchpoint has been hit.

     <br><dt><code>CANNOT_STEP_HW_WATCHPOINTS</code>
     <dd>If this is defined to a non-zero value, GDB will remove all
watchpoints before stepping the inferior.

     <br><dt><code>STOPPED_BY_WATCHPOINT (</code><var>wait_status</var><code>)</code>
     <dd>Return non-zero if stopped by a watchpoint.  <var>wait_status</var> is of
the type <code>struct target_waitstatus</code>, defined by <code>target.h</code>. 
</dl>

<h4 class="subsection">x86 Watchpoints</h4>

   <p>The 32-bit Intel x86 (a.k.a. ia32) processors feature special debug
registers designed to facilitate debugging.  GDB provides a
generic library of functions that x86-based ports can use to implement
support for watchpoints and hardware-assisted breakpoints.  This
subsection documents the x86 watchpoint facilities in GDB.

   <p>To use the generic x86 watchpoint support, a port should do the
following:

     <ul>
<li>Define the macro <code>I386_USE_GENERIC_WATCHPOINTS</code> somewhere in the
target-dependent headers.

     <li>Include the <code>config/i386/nm-i386.h</code> header file <em>after</em>
defining <code>I386_USE_GENERIC_WATCHPOINTS</code>.

     <li>Add <code>i386-nat.o</code> to the value of the Make variable
<code>NATDEPFILES</code> (see <a href="Native-Debugging.html#Native%20Debugging">NATDEPFILES</a>) or
<code>TDEPFILES</code> (see <a href="Target-Architecture-Definition.html#Target%20Architecture%20Definition">TDEPFILES</a>).

     <li>Provide implementations for the <code>I386_DR_LOW_*</code> macros described
below.  Typically, each macro should call a target-specific function
which does the real work. 
</ul>

   <p>The x86 watchpoint support works by maintaining mirror images of the
debug registers.  Values are copied between the mirror images and the
real debug registers via a set of macros which each target needs to
provide:

     <dl>
<dt><code>I386_DR_LOW_SET_CONTROL (</code><var>val</var><code>)</code>
     <dd>Set the Debug Control (DR7) register to the value <var>val</var>.

     <br><dt><code>I386_DR_LOW_SET_ADDR (</code><var>idx</var><code>, </code><var>addr</var><code>)</code>
     <dd>Put the address <var>addr</var> into the debug register number <var>idx</var>.

     <br><dt><code>I386_DR_LOW_RESET_ADDR (</code><var>idx</var><code>)</code>
     <dd>Reset (i.e. zero out) the address stored in the debug register
number <var>idx</var>.

     <br><dt><code>I386_DR_LOW_GET_STATUS</code>
     <dd>Return the value of the Debug Status (DR6) register.  This value is
used immediately after it is returned by
<code>I386_DR_LOW_GET_STATUS</code>, so as to support per-thread status
register values. 
</dl>

   <p>For each one of the 4 debug registers (whose indices are from 0 to 3)
that store addresses, a reference count is maintained by GDB,
to allow sharing of debug registers by several watchpoints.  This
allows users to define several watchpoints that watch the same
expression, but with different conditions and/or commands, without
wasting debug registers which are in short supply.  GDB
maintains the reference counts internally, targets don't have to do
anything to use this feature.

   <p>The x86 debug registers can each watch a region that is 1, 2, or 4
bytes long.  The ia32 architecture requires that each watched region
be appropriately aligned: 2-byte region on 2-byte boundary, 4-byte
region on 4-byte boundary.  However, the x86 watchpoint support in
GDB can watch unaligned regions and regions larger than 4
bytes (up to 16 bytes) by allocating several debug registers to watch
a single region.  This allocation of several registers per a watched
region is also done automatically without target code intervention.

   <p>The generic x86 watchpoint support provides the following API for the
GDB's application code:

     <dl>
<dt><code>i386_region_ok_for_watchpoint (</code><var>addr</var><code>, </code><var>len</var><code>)</code>
     <dd>The macro <code>TARGET_REGION_OK_FOR_HW_WATCHPOINT</code> is set to call
this function.  It counts the number of debug registers required to
watch a given region, and returns a non-zero value if that number is
less than 4, the number of debug registers available to x86
processors.

     <br><dt><code>i386_stopped_data_address (void)</code>
     <dd>The macros <code>STOPPED_BY_WATCHPOINT</code> and
<code>target_stopped_data_address</code> are set to call this function.  The
argument passed to <code>STOPPED_BY_WATCHPOINT</code> is ignored.  This
function examines the breakpoint condition bits in the DR6 Debug
Status register, as returned by the <code>I386_DR_LOW_GET_STATUS</code>
macro, and returns the address associated with the first bit that is
set in DR6.

     <br><dt><code>i386_insert_watchpoint (</code><var>addr</var><code>, </code><var>len</var><code>, </code><var>type</var><code>)</code>
     <dd><dt><code>i386_remove_watchpoint (</code><var>addr</var><code>, </code><var>len</var><code>, </code><var>type</var><code>)</code>
     <dd>Insert or remove a watchpoint.  The macros
<code>target_insert_watchpoint</code> and <code>target_remove_watchpoint</code>
are set to call these functions.  <code>i386_insert_watchpoint</code> first
looks for a debug register which is already set to watch the same
region for the same access types; if found, it just increments the
reference count of that debug register, thus implementing debug
register sharing between watchpoints.  If no such register is found,
the function looks for a vacant debug register, sets its mirrorred
value to <var>addr</var>, sets the mirrorred value of DR7 Debug Control
register as appropriate for the <var>len</var> and <var>type</var> parameters,
and then passes the new values of the debug register and DR7 to the
inferior by calling <code>I386_DR_LOW_SET_ADDR</code> and
<code>I386_DR_LOW_SET_CONTROL</code>.  If more than one debug register is
required to cover the given region, the above process is repeated for
each debug register.

     <p><code>i386_remove_watchpoint</code> does the opposite: it resets the address
in the mirrorred value of the debug register and its read/write and
length bits in the mirrorred value of DR7, then passes these new
values to the inferior via <code>I386_DR_LOW_RESET_ADDR</code> and
<code>I386_DR_LOW_SET_CONTROL</code>.  If a register is shared by several
watchpoints, each time a <code>i386_remove_watchpoint</code> is called, it
decrements the reference count, and only calls
<code>I386_DR_LOW_RESET_ADDR</code> and <code>I386_DR_LOW_SET_CONTROL</code> when
the count goes to zero.

     <br><dt><code>i386_insert_hw_breakpoint (</code><var>addr</var><code>, </code><var>shadow</var><code></code>
     <dd><dt><code>i386_remove_hw_breakpoint (</code><var>addr</var><code>, </code><var>shadow</var><code>)</code>
     <dd>These functions insert and remove hardware-assisted breakpoints.  The
macros <code>target_insert_hw_breakpoint</code> and
<code>target_remove_hw_breakpoint</code> are set to call these functions. 
These functions work like <code>i386_insert_watchpoint</code> and
<code>i386_remove_watchpoint</code>, respectively, except that they set up
the debug registers to watch instruction execution, and each
hardware-assisted breakpoint always requires exactly one debug
register.

     <br><dt><code>i386_stopped_by_hwbp (void)</code>
     <dd>This function returns non-zero if the inferior has some watchpoint or
hardware breakpoint that triggered.  It works like
<code>i386_stopped_data_address</code>, except that it doesn't return the
address whose watchpoint triggered.

     <br><dt><code>i386_cleanup_dregs (void)</code>
     <dd>This function clears all the reference counts, addresses, and control
bits in the mirror images of the debug registers.  It doesn't affect
the actual debug registers in the inferior process. 
</dl>

<p><strong>Notes:</strong>
     <ol type=1 start=1>
<li>x86 processors support setting watchpoints on I/O reads or writes. 
However, since no target supports this (as of March 2001), and since
<code>enum target_hw_bp_type</code> doesn't even have an enumeration for I/O
watchpoints, this feature is not yet available to GDB running
on x86.

     <li>x86 processors can enable watchpoints locally, for the current task
only, or globally, for all the tasks.  For each debug register,
there's a bit in the DR7 Debug Control register that determines
whether the associated address is watched locally or globally.  The
current implementation of x86 watchpoint support in GDB
always sets watchpoints to be locally enabled, since global
watchpoints might interfere with the underlying OS and are probably
unavailable in many platforms.
        </ol>

   </body></html>