LLDB
LLDB是 Xcode 默认的调试工具, 支持调试 c, c++, Objective-C.支持的调试平台:
- Mac OS X desktop user space debugging for
i386 and x86-64
- iOS simulator debugging on
i386
- iOS device debugging on
ARM
- Linux local user-space debugging for
i386 and x86-64
- FreeBSD local user-space debugging for
i386 and x86-64
- Windows local user-space debugging for
i386 (*)
LLDB 常用指令
- 语法
<noun> <verb> [-options [option-value]] [argument [argument...]]
- 添加breakpoint
// 给文件中某一行添加断点
(lldb) breakpoint set --file foo.c --line 12
(lldb) breakpoint set -f foo.c -l 12
// 给某个方法添加断点
(lldb) breakpoint set --name foo
(lldb) breakpoint set -n foo
// 一次给多个方法添加断点
(lldb) breakpoint set --name foo --name bar
// c++中给方法添加断点
(lldb) breakpoint set --method foo
(lldb) breakpoint set -M foo
// Objective-C 中给方法添加断点
(lldb) breakpoint set --selector alignLeftEdges:
(lldb) breakpoint set -S alignLeftEdges:
// 给文件中方法添加断点
(lldb) breakpoint set -n "-[SKTGraphicView alignLeftEdges:]"
(lldb) br s -n "-[SKTGraphicView alignLeftEdges:]"
// 查看断点
(lldb) breakpoint list
// 为断点设置打印信息
breakpoint command add 1.1
Enter your debugger command(s). Type 'DONE' to end.
> bt
> DONE
用--script 设置脚本
// 查询帮助信息
(lldb) help break command add
Add a set of commands to a breakpoint, to be executed whenever the breakpoint is hit.
Syntax: breakpoint command add <cmd-options> <breakpt-id>
etc...
// 添加条件断点
(lldb) breakpoint modify -c "self == nil" -C bt --auto-continue 1 2 3
// 条件设置优化
(lldb) breakpoint set -N SelfNil
(lldb) breakpoint modify -c "self == nil" -C bt --auto-continue SelfNil
(lldb) breakpoint name configure -c "self == nil" -C bt --auto-continue SelfNil
// 设置别名
(lldb) command alias bfl breakpoint set -f %1 -l %2
(lldb) bfl foo.c 12
在~/.lldbinit
文件中, 设置别名(没有此文件, 自己新建一个)
// 给动态库中方法添加断点
(lldb) breakpoint set --shlib foo.dylib --name foo
(lldb) breakpoint set -s foo.dylib -n foo
- 添加watchpoint
// 添加
(lldb) watch set var global
Watchpoint created: Watchpoint 1: addr = 0x100001018 size = 4 state = enabled type = w declare @ '/Volumes/data/lldb/svn/ToT/test/functionalities/watchpoint/watchpoint_commands/condition/main.cpp:12'
// 修改
(lldb) watch modify -c '(global==5)'
(lldb) watch list
// 查看
Current watchpoints: Watchpoint 1: addr = 0x100001018 size = 4 state = enabled type = w declare @ '/Volumes/data/lldb/svn/ToT/test/functionalities/watchpoint/watchpoint_commands/condition/main.cpp:12' condition = '(global==5)'
// 继续下一步
(lldb) c
Process 15562 resuming
(lldb) about to write to 'global'...
Process 15562 stopped and was programmatically restarted. Process 15562 stopped and was programmatically restarted. Process 15562 stopped and was programmatically restarted. Process 15562 stopped and was programmatically restarted. Process 15562 stopped
* thread #1: tid = 0x1c03, 0x0000000100000ef5 a.out modify + 21 at main.cpp:16, stop reason = watchpoint 1 frame #0: 0x0000000100000ef5 a.out modify + 21 at main.cpp:16 13 14 static void modify(int32_t &var) { 15 ++var; -> 16 } 17 18 int main(int argc, char** argv) { 19 int local = 0;
// 查看调用栈
(lldb) bt
* thread #1: tid = 0x1c03, 0x0000000100000ef5 a.out modify + 21 at main.cpp:16, stop reason = watchpoint 1 frame #0: 0x0000000100000ef5 a.out modify + 21 at main.cpp:16 frame #1: 0x0000000100000eac a.out main + 108 at main.cpp:25 frame #2: 0x00007fff8ac9c7e1 libdyld.dylib start + 1
// 设置监听
(lldb) frame var global
(int32_t) global = 5
// 查看 watchpoint
(lldb) watch list -v
Current watchpoints: Watchpoint 1: addr = 0x100001018 size = 4 state = enabled type = w declare @ '/Volumes/data/lldb/svn/ToT/test/functionalities/watchpoint/watchpoint_commands/condition/main.cpp:12' condition = '(global==5)' hw_index = 0 hit_count = 5 ignore_count = 0
- 操作 process
(lldb) process launch
(lldb) run
(lldb) r
(lldb) process attach --pid 123
(lldb) process attach --name Sketch
(lldb) process attach --name Sketch --waitfor
(lldb) process attach -p 12345
Process 46915 Attaching Process 46915 Stopped 1 of 3 threads stopped with reasons: * thread #1: tid = 0x2c03, 0x00007fff85cac76a, where = libSystem.B.dylib __getdirentries64 + 10, stop reason = signal = SIGSTOP, queue = com.apple.main-thread
- 线程
(lldb) thread continue
Resuming thread 0x2c03 in process 46915
Resuming process 46915
(lldb) c
(lldb) thread step-in // The same as gdb's "step" or "s"
(lldb) thread step-over // The same as gdb's "next" or "n"
(lldb) thread step-out // The same as gdb's "finish" or "f"
(lldb) thread step-inst // The same as gdb's "stepi" / "si"
(lldb) thread step-over-inst // The same as gdb's "nexti" / "ni"
(lldb) thread until 100
(lldb) process continue
(lldb) breakpoint set --name stop_here
(lldb) settings set target.process.disable-stdio true
- 监听变量
(lldb) frame variable self = (SKTGraphicView *) 0x0000000100208b40 _cmd = (struct objc_selector *) 0x000000010001bae1 sender = (id) 0x00000001001264e0 selection = (NSArray *) 0x00000001001264e0 i = (NSUInteger) 0x00000001001264e0 c = (NSUInteger) 0x00000001001253b0
(lldb) frame variable self (SKTGraphicView *) self = 0x0000000100208b40
(lldb) frame variable self.isa (struct objc_class *) self.isa = 0x0000000100023730
(lldb) frame variable *self (SKTGraphicView *) self = 0x0000000100208b40 (NSView) NSView = { (NSResponder) NSResponder = { ...
(lldb) frame variable &self (SKTGraphicView **) &self = 0x0000000100304ab
(lldb) frame variable argv[0] (char const *) argv[0] = 0x00007fff5fbffaf8 "/Projects/Sketch/build/Debug/Sketch.app/Contents/MacOS/Sketch"
(lldb) frame variable -o self (SKTGraphicView *) self = 0x0000000100208b40 <SKTGraphicView: 0x100208b40>
(lldb) frame select 9 frame #9: 0x0000000100015ae3, where = Sketchfunction1 + 33 at /Projects/Sketch/SKTFunctions.m:11
(lldb) expr self $0 = (SKTGraphicView *) 0x0000000100135430 (lldb) expr self = 0x00 $1 = (SKTGraphicView *) 0x0000000000000000 (lldb) frame var self (SKTGraphicView *) self = 0x0000000000000000
(lldb) expr (int) printf ("I have a pointer 0x%llx.\n", self) $2 = (int) 22 I have a pointer 0x0.
(lldb) expr self = $0 $4 = (SKTGraphicView *) 0x0000000100135430
- Image 指令
image list
// 根据地址检索
image lookup --address 0x1ec4
im loo -a 0x1ec4
image lookup -v --address 0x1ec4
image lookup --address 0x1ec4 a.out
im loo -a 0x1ec4 a.out
// 检索库文件中的方法
image lookup -r -n <FUNC_REGEX>
image lookup -r -s <FUNC_REGEX>
- thread 指令
(lldb) thread list
(lldb) thread select 1
(lldb) t 1
(lldb) thread backtrace
(lldb) bt
(lldb) thread backtrace all
(lldb) bt all
(lldb) thread backtrace -c 5
(lldb) bt 5 (lldb-169 and later)
(lldb) bt -c 5 (lldb-168 and earlier)
- frame 指令
(lldb) frame select 12
(lldb) fr s 12
(lldb) f 12
(lldb) frame info
(lldb) up
(lldb) frame select --relative=1
(lldb) down
(lldb) frame select --relative=-1
(lldb) fr s -r-1
(lldb) frame select --relative 2
(lldb) fr s -r2
(lldb) frame select --relative -3
(lldb) fr s -r-3
- register 指令
(lldb) register read
(lldb) register write rax 123
(lldb) register write pc "$pc+8"
(lldb) register read --format i
(lldb) re r -f i
(lldb) register read --all
(lldb) re r -a
(lldb) register read rax rsp rbp
(lldb) register read --format binary rax
(lldb) re r -f b rax
(lldb) register read/t rax
(lldb) p/t $rax
- memory 指令
(lldb) memory read --size 4 --format x --count 4 0xbffff3c0
(lldb) me r -s4 -fx -c4 0xbffff3c0
(lldb) x -s4 -fx -c4 0xbffff3c0
(lldb) memory read/4xw 0xbffff3c0
(lldb) x/4xw 0xbffff3c0
(lldb) memory read --gdb-format 4xw 0xbffff3c0
(lldb) memory read 'argv[0]'
(lldb) memory read --size 'sizeof(int)' 'argv[0]'
(lldb) memory read --outfile /tmp/mem.txt --count 512 0xbffff3c0
(lldb) me r -o/tmp/mem.txt -c512 0xbffff3c0
(lldb) x/512bx -o/tmp/mem.txt 0xbffff3c0
(lldb) memory read --outfile /tmp/mem.bin --binary 0x1000 0x2000
(lldb) me r -o /tmp/mem.bin -b 0x1000 0x2000
(lldb) command script import lldb.macosx.heap
(lldb) process launch --environment MallocStackLogging=1 -- [ARGS]
(lldb) malloc_info --stack-history 0x10010d680