[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
A target is the execution environment occupied by your program.
Often, GDB runs in the same host environment as your program;
in that case, the debugging target is specified as a side effect when
you use the file
or core
commands. When you need more
flexibility--for example, running GDB on a physically separate
host, or controlling a standalone system over a serial port or a
realtime system over a TCP/IP connection--you can use the target
command to specify one of the target types configured for GDB
(see section Commands for managing targets).
13.1 Active targets 13.2 Commands for managing targets 13.3 Choosing target byte order 13.4 Remote debugging 13.5 Kernel Object Display
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
There are three classes of targets: processes, core files, and executable files. GDB can work concurrently on up to three active targets, one in each class. This allows you to (for example) start a process and inspect its activity without abandoning your work on a core file.
For example, if you execute `gdb a.out', then the executable file
a.out
is the only active target. If you designate a core file as
well--presumably from a prior run that crashed and coredumped--then
GDB has two active targets and uses them in tandem, looking
first in the corefile target, then in the executable file, to satisfy
requests for memory addresses. (Typically, these two classes of target
are complementary, since core files contain only a program's
read-write memory--variables and so on--plus machine status, while
executable files contain only the program text and initialized data.)
When you type run
, your executable file becomes an active process
target as well. When a process target is active, all GDB
commands requesting memory addresses refer to that target; addresses in
an active core file or executable file target are obscured while the
process target is active.
Use the core-file
and exec-file
commands to select a new
core file or executable target (see section Commands to specify files). To specify as a target a process that is already running, use
the attach
command (see section Debugging an already-running process).
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
target type parameters
Further parameters are interpreted by the target protocol, but typically include things like device names or host names to connect with, process numbers, and baud rates.
The target
command does not repeat if you press RET again
after executing the command.
help target
info target
or info files
(see section Commands to specify files).
help target name
set gnutarget args
set gnutarget
command. Unlike most target
commands,
with gnutarget
the target
refers to a program, not a machine.
Warning: To specify a file format with set gnutarget
,
you must know the actual BFD name.
See section Commands to specify files.
show gnutarget
show gnutarget
command to display what file format
gnutarget
is set to read. If you have not set gnutarget
,
GDB will determine the file format for each file automatically,
and show gnutarget
displays `The current BDF target is "auto"'.
Here are some common targets (available, or not, depending on the GDB configuration):
target exec program
target core filename
target remote dev
target remote
supports the load
command. This is only useful if you have
some other way of getting the stub to the target system, and you can put
it somewhere in memory where it won't get clobbered by the download.
target sim
target sim load run |
Some configurations may include these targets as well:
target nrom dev
Different targets are available on different configurations of GDB; your configuration may have more or fewer targets.
Many remote targets require you to download the executable's code once you've successfully established a connection.
load filename
load
command may be available. Where it exists, it
is meant to make filename (an executable) available for debugging
on the remote system--by downloading, or dynamic linking, for example.
load
also records the filename symbol table in GDB, like
the add-symbol-file
command.
If your GDB does not have a load
command, attempting to
execute it gets the error message "You can't do that when your
target is ...
"
The file is loaded at whatever address is specified in the executable. For some object file formats, you can specify the load address when you link the program; for other formats, like a.out, the object file format specifies a fixed address.
load
does not repeat if you press RET again after using it.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Some types of processors, such as the MIPS, PowerPC, and Hitachi SH, offer the ability to run either big-endian or little-endian byte orders. Usually the executable or symbol will include a bit to designate the endian-ness, and you will not need to worry about which to use. However, you may still find it useful to adjust GDB's idea of processor endian-ness manually.
set endian big
set endian little
set endian auto
show endian
Note that these commands merely adjust interpretation of symbolic data on the host, and that they have absolutely no effect on the target system.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
If you are trying to debug a program running on a machine that cannot run GDB in the usual way, it is often useful to use remote debugging. For example, you might use remote debugging on an operating system kernel, or on a small system which does not have a general purpose operating system powerful enough to run a full-featured debugger.
Some configurations of GDB have special serial or TCP/IP interfaces to make this work with particular debugging targets. In addition, GDB comes with a generic serial protocol (specific to GDB, but not specific to any particular target system) which you can use if you write the remote stubs--the code that runs on the remote system to communicate with GDB.
Other remote targets may be available in your
configuration of GDB; use help target
to list them.
13.4.1 The GDB remote serial protocol GDB remote serial protocol
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
To debug a program running on another machine (the debugging target machine), you must first arrange for all the usual prerequisites for the program to run by itself. For example, for a C program, you need:
The next step is to arrange for your program to use a serial port to communicate with the machine where GDB is running (the host machine). In general terms, the scheme looks like this:
On certain remote targets, you can use an auxiliary program
gdbserver
instead of linking a stub into your program.
See section Using the gdbserver
program, for details.
The debugging stub is specific to the architecture of the remote machine; for example, use `sparc-stub.c' to debug programs on SPARC boards.
These working remote stubs are distributed with GDB:
i386-stub.c
m68k-stub.c
sh-stub.c
sparc-stub.c
sparcl-stub.c
The `README' file in the GDB distribution may list other recently added stubs.
13.4.1.1 What the stub can do for you 13.4.1.2 What you must do for the stub 13.4.1.3 Putting it all together 13.4.1.4 Communication protocol Definition of the communication protocol 13.4.1.5 Using the gdbserver
programUsing the `gdbserver' program 13.4.1.6 Using the gdbserve.nlm
programUsing the `gdbserve.nlm' program
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
The debugging stub for your architecture supplies these three subroutines:
set_debug_traps
handle_exception
to run when your
program stops. You must call this subroutine explicitly near the
beginning of your program.
handle_exception
handle_exception
to
run when a trap is triggered.
handle_exception
takes control when your program stops during
execution (for example, on a breakpoint), and mediates communications
with GDB on the host machine. This is where the communications
protocol is implemented; handle_exception
acts as the GDB
representative on the target machine. It begins by sending summary
information on the state of your program, then continues to execute,
retrieving and transmitting any information GDB needs, until you
execute a GDB command that makes your program resume; at that point,
handle_exception
returns control to your own code on the target
machine.
breakpoint
handle_exception
---in effect, to GDB. On some machines,
simply receiving characters on the serial port may also trigger a trap;
again, in that situation, you don't need to call breakpoint
from
your own program--simply running `target remote' from the host
GDB session gets control.
Call breakpoint
if none of these is true, or if you simply want
to make certain your program stops at a predetermined point for the
start of your debugging session.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
The debugging stubs that come with GDB are set up for a particular chip architecture, but they have no information about the rest of your debugging target machine.
First of all you need to tell the stub how to communicate with the serial port.
int getDebugChar()
getchar
for your target system; a
different name is used to allow you to distinguish the two if you wish.
void putDebugChar(int)
putchar
for your target system; a
different name is used to allow you to distinguish the two if you wish.
If you want GDB to be able to stop your program while it is
running, you need to use an interrupt-driven serial driver, and arrange
for it to stop when it receives a ^C
(`\003', the control-C
character). That is the character which GDB uses to tell the
remote system to stop.
Getting the debugging target to return the proper status to GDB
probably requires changes to the standard stub; one quick and dirty way
is to just execute a breakpoint instruction (the "dirty" part is that
GDB reports a SIGTRAP
instead of a SIGINT
).
Other routines you need to supply are:
void exceptionHandler (int exception_number, void *exception_address)
For the 386, exception_address should be installed as an interrupt
gate so that interrupts are masked while the handler runs. The gate
should be at privilege level 0 (the most privileged level). The
SPARC and 68k stubs are able to mask interrupts themselves without
help from exceptionHandler
.
void flush_i_cache()
On target machines that have instruction caches, GDB requires this function to make certain that the state of your program is stable.
You must also make sure this library routine is available:
void *memset(void *, int, int)
memset
that sets an area of
memory to a known value. If you have one of the free versions of
libc.a
, memset
can be found there; otherwise, you must
either obtain it from your hardware manufacturer, or write your own.
If you do not use the GNU C compiler, you may need other standard
library subroutines as well; this varies from one stub to another,
but in general the stubs are likely to use any of the common library
subroutines which gcc
generates as inline code.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
In summary, when your program is ready to debug, you must follow these steps.
|
set_debug_traps(); breakpoint(); |
exceptionHook
. Normally you just use:
void (*exceptionHook)() = 0; |
but if before calling set_debug_traps
, you set it to point to a
function in your program, that function is called when
GDB
continues after stopping on a trap (for example, bus
error). The function indicated by exceptionHook
is called with
one parameter: an int
which is the exception number.
target remote
command.
Its argument specifies how to communicate with the target
machine--either via a devicename attached to a direct serial line, or a
TCP port (usually to a terminal server which in turn has a serial line
to the target). For example, to use a serial line connected to the
device named `/dev/ttyb':
target remote /dev/ttyb |
To use a TCP connection, use an argument of the form
host:port
. For example, to connect to port 2828 on a
terminal server named manyfarms
:
target remote manyfarms:2828 |
Now you can use all the usual commands to examine and change data and to step and continue the remote program.
To resume the remote program and stop debugging it, use the detach
command.
Whenever GDB is waiting for the remote program, if you type the interrupt character (often C-C), GDB attempts to stop the program. This may or may not succeed, depending in part on the hardware and the serial drivers the remote system uses. If you type the interrupt character once again, GDB displays this prompt:
Interrupted while waiting for the program. Give up (and stop debugging it)? (y or n) |
If you type y, GDB abandons the remote debugging session. (If you decide you want to try again later, you can use `target remote' again to connect once more.) If you type n, GDB goes back to waiting.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
The stub files provided with GDB implement the target side of the communication protocol, and the GDB side is implemented in the GDB source file `remote.c'. Normally, you can simply allow these subroutines to communicate, and ignore the details. (If you're implementing your own stub file, you can still ignore the details: start with one of the existing stub files. `sparc-stub.c' is the best organized, and therefore the easiest to read.)
However, there may be occasions when you need to know something about the protocol--for example, if there is only one serial port to your target machine, you might want your program to do something special if it recognizes a packet meant for GDB.
In the examples below, `<-' and `->' are used to indicate transmitted and received data respectfully.
All GDB commands and responses (other than acknowledgments) are sent as a packet. A packet is introduced with the character `$', the actual packet-data, and the terminating character `#' followed by a two-digit checksum:
|
The two-digit checksum is computed as the modulo 256 sum of all characters between the leading `$' and the trailing `#' (an eight bit unsigned checksum).
Implementors should note that prior to GDB 5.0 the protocol specification also included an optional two-digit sequence-id:
|
That sequence-id was appended to the acknowledgment. GDB has never output sequence-ids. Stubs that handle packets added since GDB 5.0 must not accept sequence-id.
When either the host or the target machine receives a packet, the first response expected is an acknowledgment: either `+' (to indicate the package was received correctly) or `-' (to request retransmission):
<- |
The host (GDB) sends commands, and the target (the debugging stub incorporated in your program) sends a response. In the case of step and continue commands, the response is only sent when the operation has completed (the target has again stopped).
packet-data consists of a sequence of characters with the exception of `#' and `$' (see `X' packet for additional exceptions).
Fields within the packet should be separated using `,' `;' or `:'. Except where otherwise noted all numbers are represented in HEX with leading zeros suppressed.
Implementors should note that prior to GDB 5.0, the character `:' could not appear as the third character in a packet (as it would potentially conflict with the sequence-id).
Response data can be run-length encoded to save space. A `*'
means that the next character is an ASCII encoding giving a repeat count
which stands for that many repetitions of the character preceding the
`*'. The encoding is n+29
, yielding a printable character
where n >=3
(which is where rle starts to win). The printable
characters `$', `#', `+' and `-' or with a numeric
value greater than 126 should not be used.
Some remote systems have used a different run-length encoding mechanism loosely refered to as the cisco encoding. Following the `*' character are two hex digits that indicate the size of the packet.
So:
" |
The error response returned for some packets includes a two character error number. That number is not well defined.
For any command not supported by the stub, an empty response (`$#00') should be returned. That way it is possible to extend the protocol. A newer GDB can tell if a packet is supported based on that response.
A stub is required to support the `g', `G', `m', `M', `c', and `s' commands. All other commands are optional.
Below is a complete list of all currently defined commands and their corresponding response data:
Packet | Request | Description |
extended ops | !
| Use the extended remote protocol. Sticky--only needs to be set once. The extended remote protocol supports the `R' packet. |
reply `' | Stubs that support the extended remote protocol return `' which, unfortunately, is identical to the response returned by stubs that do not support protocol extensions. | |
last signal | ?
| Indicate the reason the target halted. The reply is the same as for step and continue. |
reply | see below | |
reserved | a
| Reserved for future use |
set program arguments (reserved) | A arglen, argnum, arg,...
| |
Initialized `argv[]' array passed into program. arglen specifies the number of bytes in the hex encoded byte stream arg. See `gdbserver' for more details. | ||
reply OK
| ||
reply E NN
| ||
set baud (deprecated) | b baud
| Change the serial line speed to baud. JTC: When does the transport layer state change? When it's received, or after the ACK is transmitted. In either case, there are problems if the command or the acknowledgment packet is dropped. Stan: If people really wanted to add something like this, and get it working for the first time, they ought to modify ser-unix.c to send some kind of out-of-band message to a specially-setup stub and have the switch happen "in between" packets, so that from remote protocol's point of view, nothing actually happened. |
set breakpoint (deprecated) | B addr,mode
| Set (mode is `S') or clear (mode is `C') a breakpoint at addr. This has been replaced by the `Z' and `z' packets. |
continue | c addr
| addr is address to resume. If addr is omitted, resume at current address. |
reply | see below | |
continue with signal | C sig; addr
|
Continue with signal sig (hex signal number). If
; addr is omitted, resume at same address.
|
reply | see below | |
toggle debug (deprecated) | d
| toggle debug flag. |
detach | D
| Detach GDB from the remote system. Sent to the remote target before GDB disconnects. |
reply no response | GDB does not check for any response after sending this packet. | |
reserved | e
| Reserved for future use |
reserved | E
| Reserved for future use |
reserved | f
| Reserved for future use |
reserved | F
| Reserved for future use |
read registers | g
| Read general registers. |
reply XX... |
Each byte of register data is described by two hex digits. The bytes
with the register are transmitted in target byte order. The size of
each register and their position within the `g' packet are
determined by the GDB internal macros REGISTER_RAW_SIZE and
REGISTER_NAME macros. The specification of several standard
g packets is specified below.
| |
E NN
| for an error. | |
write regs | G XX...
| See `g' for a description of the XX... data. |
reply OK
| for success | |
reply E NN
| for an error | |
reserved | h
| Reserved for future use |
set thread | H ct...
| Set thread for subsequent operations (`m', `M', `g', `G', et.al.). c = `c' for thread used in step and continue; t... can be -1 for all threads. c = `g' for thread used in other operations. If zero, pick a thread, any thread. |
reply OK
| for success | |
reply E NN
| for an error | |
cycle step (draft) | i addr, nnn
|
Step the remote target by a single clock cycle. If , nnn is
present, cycle step nnn cycles. If addr is present, cycle
step starting at that address.
|
signal then cycle step (reserved) | I
| See `i' and `S' for likely syntax and semantics. |
reserved | j
| Reserved for future use |
reserved | J
| Reserved for future use |
kill request | k
| FIXME: There is no description of how operate when a specific thread context has been selected (ie. does 'k' kill only that thread?). |
reserved | l
| Reserved for future use |
reserved | L
| Reserved for future use |
read memory | m addr, length
| Read length bytes of memory starting at address addr. Neither GDB nor the stub assume that sized memory transfers are assumed using word alligned accesses. FIXME: A word aligned memory transfer mechanism is needed. |
reply XX... | XX... is mem contents. Can be fewer bytes than requested if able to read only part of the data. Neither GDB nor the stub assume that sized memory transfers are assumed using word alligned accesses. FIXME: A word aligned memory transfer mechanism is needed. | |
reply E NN
| NN is errno | |
write mem | M addr,length: XX...
| Write length bytes of memory starting at address addr. XX... is the data. |
reply OK
| for success | |
reply E NN
| for an error (this includes the case where only part of the data was written). | |
reserved | n
| Reserved for future use |
reserved | N
| Reserved for future use |
reserved | o
| Reserved for future use |
reserved | O
| Reserved for future use |
read reg (reserved) | p n...
| See write register. |
return r.... | The hex encoded value of the register in target byte order. | |
write reg | P n...= r...
| Write register n... with value r..., which contains two hex digits for each byte in the register (target byte order). |
reply OK
| for success | |
reply E NN
| for an error | |
general query | q query
| Request info about query. In general GDB queries have a leading upper case letter. Custom vendor queries should use a company prefix (in lower case) ex: `qfsf.var'. query may optionally be followed by a `,' or `;' separated list. Stubs must ensure that they match the full query name. |
reply XX...
| Hex encoded data from query. The reply can not be empty. | |
reply E NN
| error reply | |
reply `' | Indicating an unrecognized query. | |
general set | Q var= val
| Set value of var to val. See `q' for a discussing of naming conventions. |
reset (deprecated) | r
| Reset the entire system. |
remote restart | R XX
| Restart the remote server. XX while needed has no clear definition. FIXME: An example interaction explaining how this packet is used in extended-remote mode is needed. |
step | s addr
| addr is address to resume. If addr is omitted, resume at same address. |
reply | see below | |
step with signal | S sig; addr
| Like `C' but step not continue. |
reply | see below | |
search | t addr: PP, MM
| Search backwards starting at address addr for a match with pattern PP and mask MM. PP and MM are 4 bytes. addr must be at least 3 digits. |
thread alive | T XX
| Find out if the thread XX is alive. |
reply OK
| thread is still alive | |
reply E NN
| thread is dead | |
reserved | u
| Reserved for future use |
reserved | U
| Reserved for future use |
reserved | v
| Reserved for future use |
reserved | V
| Reserved for future use |
reserved | w
| Reserved for future use |
reserved | W
| Reserved for future use |
reserved | x
| Reserved for future use |
write mem (binary) | X addr, length:XX...
|
addr is address, length is number of bytes, XX... is
binary data. The characters $ , # , and 0x7d are
escaped using 0x7d .
|
reply OK
| for success | |
reply E NN
| for an error | |
reserved | y
| Reserved for future use |
reserved | Y
| Reserved for future use |
remove break or watchpoint (draft) | z t, addr, length
| See `Z'. |
insert break or watchpoint (draft) | Z t, addr, length
| t is type: `0' - software breakpoint, `1' - hardware breakpoint, `2' - write watchpoint, `3' - read watchpoint, `4' - access watchpoint; addr is address; length is in bytes. For a software breakpoint, length specifies the size of the instruction to be patched. For hardware breakpoints and watchpoints length specifies the memory region to be monitored. To avoid potential problems with duplicate packets, the operations should be implemented in an idempotent way. |
reply E NN
| for an error | |
reply OK
| for success | |
`' | If not supported. | |
reserved | <other> | Reserved for future use |
The `C', `c', `S', `s' and `?' packets can receive any of the below as a reply. In the case of the `C', `c', `S' and `s' packets, that reply is only returned when the target halts. In the below the exact meaning of `signal number' is poorly defined. In general one of the UNIX signal numbering conventions is used.
S AA |
AA is the signal number |
T AAn...: r...; n...: r...; n...: r...; |
AA = two hex digit signal number; n... = register number
(hex), r... = target byte ordered register contents, size defined
by REGISTER_RAW_SIZE ; n... = `thread', r... =
thread process ID, this is a hex integer; n... = other string not
starting with valid hex digit. GDB should ignore this
n..., r... pair and go on to the next. This way we can
extend the protocol.
|
W AA |
The process exited, and AA is the exit status. This is only applicable for certains sorts of targets. |
X AA |
The process terminated with signal AA. |
N AA; t...; d...; b... (obsolete) |
AA = signal number; t... = address of symbol "_start"; d... = base of data section; b... = base of bss section. Note: only used by Cisco Systems targets. The difference between this reply and the "qOffsets" query is that the 'N' packet may arrive spontaneously whereas the 'qOffsets' is a query initiated by the host debugger. |
O XX... |
XX... is hex encoding of ASCII data. This can happen at any time while the program is running and the debugger should continue to wait for 'W', 'T', etc. |
The following set and query packets have already been defined.
current thread | q C
| Return the current thread id. |
reply QC pid
| Where pid is a HEX encoded 16 bit process id. | |
reply * | Any other reply implies the old pid. | |
all thread ids | q fThreadInfo
| |
q sThreadInfo
|
Obtain a list of active thread ids from the target (OS). Since there
may be too many active threads to fit into one reply packet, this query
works iteratively: it may require more than one query/reply sequence to
obtain the entire list of threads. The first query of the sequence will
be the qf ThreadInfo query; subsequent queries in the
sequence will be the qs ThreadInfo query.
| |
NOTE: replaces the qL query (see below).
| ||
reply m <id>
| A single thread id | |
reply m <id>,<id>...
| a comma-separated list of thread ids | |
reply l
| (lower case 'el') denotes end of list. | |
In response to each query, the target will reply with a list of one
or more thread ids, in big-endian hex, separated by commas. GDB will
respond to each reply with a request for more thread ids (using the
qs form of the query), until the target responds with l
(lower-case el, for 'last' ).
| ||
extra thread info | q ThreadExtraInfo , id
| |
Where <id> is a thread-id in big-endian hex. Obtain a printable string description of a thread's attributes from the target OS. This string may contain anything that the target OS thinks is interesting for GDB to tell the user about the thread. The string is displayed in GDB's `info threads' display. Some examples of possible thread extra info strings are "Runnable", or "Blocked on Mutex". | ||
reply XX... | Where XX... is a hex encoding of ASCII data, comprising the printable string containing the extra information about the thread's attributes. | |
query LIST or threadLIST (deprecated) | q L startflagthreadcountnextthread
| |
Obtain thread information from RTOS. Where: startflag (one hex digit) is one to indicate the first query and zero to indicate a subsequent query; threadcount (two hex digits) is the maximum number of threads the response packet can contain; and nextthread (eight hex digits), for subsequent queries (startflag is zero), is returned in the response as argthread. | ||
NOTE: this query is replaced by the q fThreadInfo
query (see above).
| ||
reply q M countdoneargthreadthread...
| ||
Where: count (two hex digits) is the number of threads being
returned; done (one hex digit) is zero to indicate more threads
and one indicates no further threads; argthreadid (eight hex
digits) is nextthread from the request packet; thread... is
a sequence of thread IDs from the target. threadid (eight hex
digits). See remote.c:parse_threadlist_response() .
| ||
compute CRC of memory block | q CRC: addr, length
| |
reply E NN
| An error (such as memory fault) | |
reply C CRC32
| A 32 bit cyclic redundancy check of the specified memory region. | |
query sect offs | q Offsets
|
Get section offsets that the target used when re-locating the downloaded
image. Note: while a Bss offset is included in the
response, GDB ignores this and instead applies the Data
offset to the Bss section.
|
reply Text= xxx;Data= yyy;Bss= zzz
| ||
thread info request | q P modethreadid
| |
Returns information on threadid. Where: mode is a hex encoded 32 bit mode; threadid is a hex encoded 64 bit thread ID. | ||
reply * |
See remote.c:remote_unpack_thread_info_response() .
| |
remote command | q Rcmd, COMMAND
| |
COMMAND (hex encoded) is passed to the local interpreter for
execution. Invalid commands should be reported using the output string.
Before the final result packet, the target may also respond with a
number of intermediate O OUTPUT console output
packets. Implementors should note that providing access to a
stubs's interpreter may have security implications.
| ||
reply OK
| A command response with no output. | |
reply OUTPUT | A command response with the hex encoded output string OUTPUT. | |
reply E NN
| Indicate a badly formed request. | |
reply `' | When `q'`Rcmd' is not recognized. |
The following `g'/`G' packets have previously been defined. In the below, some thirty-two bit registers are transferred as sixty-four bits. Those registers should be zero/sign extended (which?) to fill the space allocated. Register bytes are transfered in target byte order. The two nibbles within a register byte are transfered most-significant - least-significant.
MIPS32 | All registers are transfered as thirty-two bit quantities in the order: 32 general-purpose; sr; lo; hi; bad; cause; pc; 32 floating-point registers; fsr; fir; fp. |
MIPS64 |
All registers are transfered as sixty-four bit quantities (including
thirty-two bit registers such as sr ). The ordering is the same
as MIPS32 .
|
Example sequence of a target being re-started. Notice how the restart does not get any direct output:
<- |
Example sequence of a target being stepped by a single instruction:
<- |
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
gdbserver
program
gdbserver
is a control program for Unix-like systems, which
allows you to connect your program with a remote GDB via
target remote
---but without linking in the usual debugging stub.
gdbserver
is not a complete replacement for the debugging stubs,
because it requires essentially the same operating-system facilities
that GDB itself does. In fact, a system that can run
gdbserver
to connect to a remote GDB could also run
GDB locally! gdbserver
is sometimes useful nevertheless,
because it is a much smaller program than GDB itself. It is
also easier to port than all of GDB, so you may be able to get
started more quickly on a new system by using gdbserver
.
Finally, if you develop code for real-time systems, you may find that
the tradeoffs involved in real-time operation make it more convenient to
do as much development work as possible on another system, for example
by cross-compiling. You can use gdbserver
to make a similar
choice for debugging.
GDB and gdbserver
communicate via either a serial line
or a TCP connection, using the standard GDB remote serial
protocol.
gdbserver
does not need your program's symbol table, so you can
strip the program if necessary to save space. GDB on the host
system does all the symbol handling.
To use the server, you must tell it how to communicate with GDB; the name of your program; and the arguments for your program. The syntax is:
target> gdbserver comm program [ args ... ] |
comm is either a device name (to use a serial line) or a TCP hostname and portnumber. For example, to debug Emacs with the argument `foo.txt' and communicate with GDB over the serial port `/dev/com1':
target> gdbserver /dev/com1 emacs foo.txt |
gdbserver
waits passively for the host GDB to communicate
with it.
To use a TCP connection instead of a serial line:
target> gdbserver host:2345 emacs foo.txt |
The only difference from the previous example is the first argument,
specifying that you are communicating with the host GDB via
TCP. The `host:2345' argument means that gdbserver
is to
expect a TCP connection from machine `host' to local TCP port 2345.
(Currently, the `host' part is ignored.) You can choose any number
you want for the port number as long as it does not conflict with any
TCP ports already in use on the target system (for example, 23
is
reserved for telnet
).(5) You must use the same port number with the host GDB
target remote
command.
target
remote
to establish communications with gdbserver
. Its argument
is either a device name (usually a serial device, like
`/dev/ttyb'), or a TCP port descriptor in the form
host:PORT
. For example:
(gdb) target remote /dev/ttyb |
communicates with the server via serial line `/dev/ttyb', and
(gdb) target remote the-target:2345 |
communicates via a TCP connection to port 2345 on host `the-target'.
For TCP connections, you must start up gdbserver
prior to using
the target remote
command. Otherwise you may get an error whose
text depends on the host system, but which usually looks something like
`Connection refused'.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
gdbserve.nlm
program
gdbserve.nlm
is a control program for NetWare systems, which
allows you to connect your program with a remote GDB via
target remote
.
GDB and gdbserve.nlm
communicate via a serial line,
using the standard GDB remote serial protocol.
gdbserve.nlm
does not need your program's symbol table, so you
can strip the program if necessary to save space. GDB on the
host system does all the symbol handling.
To use the server, you must tell it how to communicate with GDB; the name of your program; and the arguments for your program. The syntax is:
load gdbserve [ BOARD=board ] [ PORT=port ] [ BAUD=baud ] program [ args ... ] |
board and port specify the serial line; baud specifies the baud rate used by the connection. port and node default to 0, baud defaults to 9600bps.
For example, to debug Emacs with the argument `foo.txt'and communicate with GDB over serial port number 2 or board 1 using a 19200bps connection:
load gdbserve BOARD=1 PORT=2 BAUD=19200 emacs foo.txt |
target
remote
to establish communications with gdbserve.nlm
. Its
argument is a device name (usually a serial device, like
`/dev/ttyb'). For example:
(gdb) target remote /dev/ttyb |
communications with the server via serial line `/dev/ttyb'.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Some targets support kernel object display. Using this facility, GDB communicates specially with the underlying operating system and can display information about operating system-level objects such as mutexes and other synchronization objects. Exactly which objects can be displayed is determined on a per-OS basis.
Use the set os
command to set the operating system. This tells
GDB which kernel object display module to initialize:
(gdb) set os cisco |
If set os
succeeds, GDB will display some information
about the operating system, and will create a new info
command
which can be used to query the target. The info
command is named
after the operating system:
(gdb) info cisco List of Cisco Kernel Objects Object Description any Any and all objects |
Further subcommands can be used to query about particular objects known by the kernel.
There is currently no way to determine whether a given operating system is supported other than to try it.
[ << ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |