Fatal编程技术网
  • c/
  • C “我如何追踪”;“命运”;有特殊价值吗?

C “我如何追踪”;“命运”;有特殊价值吗?

c gdb

C “我如何追踪”;“命运”;有特殊价值吗?,c,gdb,valgrind,trace,C,Gdb,Valgrind,Trace,我在某些地方看到了一些价值,但不确定它起源于我的程序。我如何确定该值最初来自何处 我希望记录以下事件类型: 源自常量、算术表达式或系统调用(初始事件)的值 该值被分配给(或从中检索)某个变量 该值作为参数传递或从某个函数返回 该值被存储到(或从)某个结构中检索 通过用特定的东西注释源代码,我触发了该值的历史转储 例如,对于此示例代码: #include <stdlib.h> struct SomeStruct { int a; int b; }; struct

我在某些地方看到了一些价值,但不确定它起源于我的程序。我如何确定该值最初来自何处

我希望记录以下事件类型:

  • 源自常量、算术表达式或系统调用(初始事件)的值
  • 该值被分配给(或从中检索)某个变量
  • 该值作为参数传递或从某个函数返回
  • 该值被存储到(或从)某个结构中检索
  • 通过用特定的东西注释源代码,我触发了该值的历史转储
例如,对于此示例代码:

#include <stdlib.h>

struct SomeStruct {
    int a;
    int b;
};

struct SomeStruct *globalvar;

int f1(struct SomeStruct* par) {
    return par->a;
}

int f2(struct SomeStruct* par, int q) {
    par->a = q;
    return par->b;
}

void trace_value(int g) {} /* dummy */

int main(void) {
    int f = 31337;

    globalvar = malloc(sizeof(*globalvar));
    f2(globalvar, f);
    struct SomeStruct q = *globalvar;
    int g = f1(&q);

    trace_value(g);

    return 0;
}
我该怎么做?我希望Valgrind或GDB或某些组合能够做到这一点。

我相信它可以通过称为“反向调试”的技术在运行时手动完成(即在
GDB
会话上运行)。我还没有尝试过它,但GDB 7.0版文档表明它在某些平台上是受支持的

该方法类似于:

  • 将变量用在最后一个位置(即“起点”)的单个步骤本地化
  • 分析堆栈帧的源代码(因此您需要调试符号和代码段可用)(例如,通过
    列表
    ),从而了解如何通过输入(例如,从传递给函数的参数)获取(或可能修改)该值
  • 返回到上一个堆栈帧并从上一个步骤重复,除非找到其原点
下面是一些示例代码的概念验证会话。我对它进行了一些编辑,因为
trace\u value
函数未定义。请注意,
record
命令可能会严重降低程序的执行速度

$ gdb -q a.out 
Reading symbols from /home/grzegorz/workspace/a.out...done.
(gdb) b main
Breakpoint 1 at 0x400502: file fate.c, line 22.
(gdb) run
Starting program: /home/grzegorz/workspace/a.out 

Breakpoint 1, main () at fate.c:22
22      int f = 31337;
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.149.el6_6.5.x86_64
(gdb) record
(gdb) b trace_value
Breakpoint 2 at 0x4004f8: file fate.c, line 19.
(gdb) c
Continuing.

Breakpoint 2, trace_value (g=31337) at fate.c:19
19  void trace_value(int g){}
(gdb) info args
g = 31337
(gdb) reverse-finish
Run back to call of #0  trace_value (g=31337) at fate.c:19
0x0000000000400550 in main () at fate.c:29
29      trace_value(g);
(gdb) bt
#0  0x0000000000400550 in main () at fate.c:29
(gdb) list 29
24      globalvar = malloc(sizeof(*globalvar));
25      f2(globalvar, f);
26      struct SomeStruct q = *globalvar;
27      int g = f1(&q);
28  
29      trace_value(g);
30  
31      return 0;
32  }
很少有事情需要解释。首先需要为
main
设置断点,因为这是程序开始执行时,然后通过
record
命令启用会话录制。然后在
trace_value
函数处设置第二个断点,并使用
continue
命令(
c
)。这允许您记录到输入
trace\u值时的整个执行过程。您可以将其视为上述“起点”

这当然不是全部。如前所述,您需要分析当前堆栈帧的源代码,然后决定下一步要做什么。您可以根据当前情况使用
反向步骤
反向完成
命令。
结合使用反向gdb和MarkPlotnick关于使用gdb观察点的评论中的idea2。这是演示课程,比原始答案更完整:


$ gcc -ggdb -Dtrace_value=exit fate.c -o fate
$ gdb -quiet -args ./fate 
Reading symbols from /home/vi/code/_/fate...done.
(gdb) break main
Breakpoint 1 at 0x8048482: file fate.c, line 18.
(gdb) r
Starting program: /home/vi/code/_/fate 
warning: Could not load shared library symbols for linux-gate.so.1.
Do you need "set solib-search-path" or "set sysroot"?

Breakpoint 1, main () at fate.c:18
18      int f = 31337;
(gdb) record
(gdb) break 25
(gdb) # traced at fate.c:25
Breakpoint 2 at 0x80484d2: file fate.c, line 25.
(gdb) c
Continuing.

Breakpoint 2, main () at fate.c:25
25      trace_value(g);
(gdb) # retrieved from variable at fate.c:25
(gdb) watch g
Hardware watchpoint 3: g
(gdb) reverse-continue 
Continuing.
Hardware watchpoint 3: g

Old value = 31337
New value = 134513899
0x080484ce in main () at fate.c:23
23      int g = f1(&q);
(gdb) # assigned to variable at fate.c:23
(gdb) # returned from function at fate.c:10
(gdb) reverse-step
f1 (par=0xffffd670) at fate.c:10
10  }
(gdb) list
5   
6   struct SomeStruct *globalvar;
7   
8   int f1(struct SomeStruct* par) {
9       return par->a;
10  }
11  
12  int f2(struct SomeStruct* par, int q) {
13      par->a = q;
14      return par->b;
(gdb) # retrieved from struct field at fate.c:9
(gdb) print par
$3 = (struct SomeStruct *) 0xffffd670
(gdb) print ((struct SomeStruct *) 0xffffd670)->a
$4 = 31337
(gdb) watch ((struct SomeStruct *) 0xffffd670)->a
Hardware watchpoint 4: ((struct SomeStruct *) 0xffffd670)->a
(gdb) reverse-continue 
Continuing.
Hardware watchpoint 4: ((struct SomeStruct *) 0xffffd670)->a

Old value = 31337
New value = -134716508
0x080484ba in main () at fate.c:22
22      struct SomeStruct q = *globalvar;
(gdb) # copied as a part of struct at fate.c:22
(gdb) print globalvar->a
$5 = 31337
(gdb) watch globalvar->a
Hardware watchpoint 5: globalvar->a
(gdb) reverse-continue 
Continuing.
Hardware watchpoint 5: globalvar->a

Old value = 31337
New value = 0
0x0804846f in f2 (par=0x804a008, q=31337) at fate.c:13
13      par->a = q;
(gdb) # assigned to struct field at fate.c:13
(gdb) # received as arument to a function at fate.c:12
(gdb) list
8   int f1(struct SomeStruct* par) {
9       return par->a;
10  }
11  
12  int f2(struct SomeStruct* par, int q) {
13      par->a = q;
14      return par->b;
15  }
16  
17  int main() {
(gdb) bt
#0  0x0804846f in f2 (par=0x804a008, q=31337) at fate.c:13
#1  0x080484b0 in main () at fate.c:21
(gdb) reverse-finish 
Run back to call of #0  0x0804846f in f2 (par=0x804a008, q=31337) at fate.c:13
0x080484ab in main () at fate.c:21
21      f2(globalvar, f);
(gdb) # passed as argument to function at fate.c:21
(gdb) # retrieved from variable at fate.c:21
(gdb) watch f
Hardware watchpoint 6: f
(gdb) reverse-finish 
"finish" not meaningful in the outermost frame.
(gdb) reverse-continue 
Continuing.
Warning:
Could not insert hardware watchpoint 6.
Could not insert hardware breakpoints:
You may have requested too many hardware breakpoints/watchpoints.

(gdb) delete
Delete all breakpoints? (y or n) y
(gdb) watch f
Hardware watchpoint 7: f
(gdb) reverse-continue 
Continuing.

No more reverse-execution history.
main () at fate.c:18
18      int f = 31337;
(gdb) # assigned to variable at fate.c:18
(gdb) # value 31337 originated from constant at fate.c:18



问题语句中的所有预期消息都对应于您在gdb输出中看到的一些信息(如注释中所示)。
像gdb这样的“普通”调试器在这方面不是更有用吗?我如何在没有O(N)人工的情况下使用gdb做到这一点,其中N是此类事件的数量?如果可以确保变量仅通过访问器函数更改,则可以在其上设置断点。如果变量不是从程序中的很多地方设置的,那么在这样一个函数中包装访问权限应该不会有太多工作。我不想跟踪变量。我想跟踪从一个变量传递到另一个变量的值。要做到这一点,一些东西(如valgrind)应该对所有变量进行簿记,据我所知,这也是helgrind所需要的。应该可以在反向执行的基础上实现这一点。您(以及您,我指的是脚本)在值的最新位置上放置一个写观察点,反向执行,直到命中为止,然后在移动源上放置一个观察点,然后重复。您能在附加的示例代码上运行演示会话并生成类似附加的预期输出吗?录制了另一个gdb会话,现在使用
watch
gdb命令。如果被
停止,当记录/回放缓冲区变满时,是否要自动删除以前的执行日志项
然后更新gdb+使用
设置记录满insn number max unlimited;记录完整
。但要准备好拥有千兆字节的虚拟内存。

$ gcc -ggdb -Dtrace_value=exit fate.c -o fate
$ gdb -quiet -args ./fate 
Reading symbols from /home/vi/code/_/fate...done.
(gdb) break main
Breakpoint 1 at 0x8048482: file fate.c, line 18.
(gdb) r
Starting program: /home/vi/code/_/fate 
warning: Could not load shared library symbols for linux-gate.so.1.
Do you need "set solib-search-path" or "set sysroot"?

Breakpoint 1, main () at fate.c:18
18      int f = 31337;
(gdb) record
(gdb) break 25
(gdb) # traced at fate.c:25
Breakpoint 2 at 0x80484d2: file fate.c, line 25.
(gdb) c
Continuing.

Breakpoint 2, main () at fate.c:25
25      trace_value(g);
(gdb) # retrieved from variable at fate.c:25
(gdb) watch g
Hardware watchpoint 3: g
(gdb) reverse-continue 
Continuing.
Hardware watchpoint 3: g

Old value = 31337
New value = 134513899
0x080484ce in main () at fate.c:23
23      int g = f1(&q);
(gdb) # assigned to variable at fate.c:23
(gdb) # returned from function at fate.c:10
(gdb) reverse-step
f1 (par=0xffffd670) at fate.c:10
10  }
(gdb) list
5   
6   struct SomeStruct *globalvar;
7   
8   int f1(struct SomeStruct* par) {
9       return par->a;
10  }
11  
12  int f2(struct SomeStruct* par, int q) {
13      par->a = q;
14      return par->b;
(gdb) # retrieved from struct field at fate.c:9
(gdb) print par
$3 = (struct SomeStruct *) 0xffffd670
(gdb) print ((struct SomeStruct *) 0xffffd670)->a
$4 = 31337
(gdb) watch ((struct SomeStruct *) 0xffffd670)->a
Hardware watchpoint 4: ((struct SomeStruct *) 0xffffd670)->a
(gdb) reverse-continue 
Continuing.
Hardware watchpoint 4: ((struct SomeStruct *) 0xffffd670)->a

Old value = 31337
New value = -134716508
0x080484ba in main () at fate.c:22
22      struct SomeStruct q = *globalvar;
(gdb) # copied as a part of struct at fate.c:22
(gdb) print globalvar->a
$5 = 31337
(gdb) watch globalvar->a
Hardware watchpoint 5: globalvar->a
(gdb) reverse-continue 
Continuing.
Hardware watchpoint 5: globalvar->a

Old value = 31337
New value = 0
0x0804846f in f2 (par=0x804a008, q=31337) at fate.c:13
13      par->a = q;
(gdb) # assigned to struct field at fate.c:13
(gdb) # received as arument to a function at fate.c:12
(gdb) list
8   int f1(struct SomeStruct* par) {
9       return par->a;
10  }
11  
12  int f2(struct SomeStruct* par, int q) {
13      par->a = q;
14      return par->b;
15  }
16  
17  int main() {
(gdb) bt
#0  0x0804846f in f2 (par=0x804a008, q=31337) at fate.c:13
#1  0x080484b0 in main () at fate.c:21
(gdb) reverse-finish 
Run back to call of #0  0x0804846f in f2 (par=0x804a008, q=31337) at fate.c:13
0x080484ab in main () at fate.c:21
21      f2(globalvar, f);
(gdb) # passed as argument to function at fate.c:21
(gdb) # retrieved from variable at fate.c:21
(gdb) watch f
Hardware watchpoint 6: f
(gdb) reverse-finish 
"finish" not meaningful in the outermost frame.
(gdb) reverse-continue 
Continuing.
Warning:
Could not insert hardware watchpoint 6.
Could not insert hardware breakpoints:
You may have requested too many hardware breakpoints/watchpoints.

(gdb) delete
Delete all breakpoints? (y or n) y
(gdb) watch f
Hardware watchpoint 7: f
(gdb) reverse-continue 
Continuing.

No more reverse-execution history.
main () at fate.c:18
18      int f = 31337;
(gdb) # assigned to variable at fate.c:18
(gdb) # value 31337 originated from constant at fate.c:18