[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13. Specifying a Debugging Target

A target is the execution environment occupied by your program.

Often, GDB runs in the same host environment as your program; in that case, the debugging target is specified as a side effect when you use the file or core commands. When you need more flexibility--for example, running GDB on a physically separate host, or controlling a standalone system over a serial port or a realtime system over a TCP/IP connection--you can use the target command to specify one of the target types configured for GDB (see section Commands for managing targets).

13.1 Active targets  
13.2 Commands for managing targets  
13.3 Choosing target byte order  
13.4 Remote debugging  
13.5 Kernel Object Display  


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.1 Active targets

There are three classes of targets: processes, core files, and executable files. GDB can work concurrently on up to three active targets, one in each class. This allows you to (for example) start a process and inspect its activity without abandoning your work on a core file.

For example, if you execute `gdb a.out', then the executable file a.out is the only active target. If you designate a core file as well--presumably from a prior run that crashed and coredumped--then GDB has two active targets and uses them in tandem, looking first in the corefile target, then in the executable file, to satisfy requests for memory addresses. (Typically, these two classes of target are complementary, since core files contain only a program's read-write memory--variables and so on--plus machine status, while executable files contain only the program text and initialized data.)

When you type run, your executable file becomes an active process target as well. When a process target is active, all GDB commands requesting memory addresses refer to that target; addresses in an active core file or executable file target are obscured while the process target is active.

Use the core-file and exec-file commands to select a new core file or executable target (see section Commands to specify files). To specify as a target a process that is already running, use the attach command (see section Debugging an already-running process).


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.2 Commands for managing targets

target type parameters
Connects the GDB host environment to a target machine or process. A target is typically a protocol for talking to debugging facilities. You use the argument type to specify the type or protocol of the target machine.

Further parameters are interpreted by the target protocol, but typically include things like device names or host names to connect with, process numbers, and baud rates.

The target command does not repeat if you press RET again after executing the command.

help target
Displays the names of all targets available. To display targets currently selected, use either info target or info files (see section Commands to specify files).

help target name
Describe a particular target, including any parameters necessary to select it.

set gnutarget args
GDB uses its own library BFD to read your files. GDB knows whether it is reading an executable, a core, or a .o file; however, you can specify the file format with the set gnutarget command. Unlike most target commands, with gnutarget the target refers to a program, not a machine.

Warning: To specify a file format with set gnutarget, you must know the actual BFD name.

See section Commands to specify files.

show gnutarget
Use the show gnutarget command to display what file format gnutarget is set to read. If you have not set gnutarget, GDB will determine the file format for each file automatically, and show gnutarget displays `The current BDF target is "auto"'.

Here are some common targets (available, or not, depending on the GDB configuration):

target exec program
An executable file. `target exec program' is the same as `exec-file program'.

target core filename
A core dump file. `target core filename' is the same as `core-file filename'.

target remote dev
Remote serial target in GDB-specific protocol. The argument dev specifies what serial device to use for the connection (e.g. `/dev/ttya'). See section Remote debugging. target remote supports the load command. This is only useful if you have some other way of getting the stub to the target system, and you can put it somewhere in memory where it won't get clobbered by the download.

target sim
Builtin CPU simulator. GDB includes simulators for most architectures. In general,
 
        target sim
        load
        run
works; however, you cannot assume that a specific memory map, device drivers, or even basic I/O is available, although some simulators do provide these. For info about any processor-specific simulator details, see the appropriate section in Embedded Processors.

Some configurations may include these targets as well:

target nrom dev
NetROM ROM emulator. This target only supports downloading.

Different targets are available on different configurations of GDB; your configuration may have more or fewer targets.

Many remote targets require you to download the executable's code once you've successfully established a connection.

load filename
Depending on what remote debugging facilities are configured into GDB, the load command may be available. Where it exists, it is meant to make filename (an executable) available for debugging on the remote system--by downloading, or dynamic linking, for example. load also records the filename symbol table in GDB, like the add-symbol-file command.

If your GDB does not have a load command, attempting to execute it gets the error message "You can't do that when your target is ..."

The file is loaded at whatever address is specified in the executable. For some object file formats, you can specify the load address when you link the program; for other formats, like a.out, the object file format specifies a fixed address.

load does not repeat if you press RET again after using it.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.3 Choosing target byte order

Some types of processors, such as the MIPS, PowerPC, and Hitachi SH, offer the ability to run either big-endian or little-endian byte orders. Usually the executable or symbol will include a bit to designate the endian-ness, and you will not need to worry about which to use. However, you may still find it useful to adjust GDB's idea of processor endian-ness manually.

set endian big
Instruct GDB to assume the target is big-endian.

set endian little
Instruct GDB to assume the target is little-endian.

set endian auto
Instruct GDB to use the byte order associated with the executable.

show endian
Display GDB's current idea of the target byte order.

Note that these commands merely adjust interpretation of symbolic data on the host, and that they have absolutely no effect on the target system.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.4 Remote debugging

If you are trying to debug a program running on a machine that cannot run GDB in the usual way, it is often useful to use remote debugging. For example, you might use remote debugging on an operating system kernel, or on a small system which does not have a general purpose operating system powerful enough to run a full-featured debugger.

Some configurations of GDB have special serial or TCP/IP interfaces to make this work with particular debugging targets. In addition, GDB comes with a generic serial protocol (specific to GDB, but not specific to any particular target system) which you can use if you write the remote stubs--the code that runs on the remote system to communicate with GDB.

Other remote targets may be available in your configuration of GDB; use help target to list them.

13.4.1 The GDB remote serial protocol  GDB remote serial protocol


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.4.1 The GDB remote serial protocol

To debug a program running on another machine (the debugging target machine), you must first arrange for all the usual prerequisites for the program to run by itself. For example, for a C program, you need:

  1. A startup routine to set up the C runtime environment; these usually have a name like `crt0'. The startup routine may be supplied by your hardware supplier, or you may have to write your own.

  2. A C subroutine library to support your program's subroutine calls, notably managing input and output.

  3. A way of getting your program to the other machine--for example, a download program. These are often supplied by the hardware manufacturer, but you may have to write your own from hardware documentation.

The next step is to arrange for your program to use a serial port to communicate with the machine where GDB is running (the host machine). In general terms, the scheme looks like this:

On the host,
GDB already understands how to use this protocol; when everything else is set up, you can simply use the `target remote' command (see section Specifying a Debugging Target).

On the target,
you must link with your program a few special-purpose subroutines that implement the GDB remote serial protocol. The file containing these subroutines is called a debugging stub.

On certain remote targets, you can use an auxiliary program gdbserver instead of linking a stub into your program. See section Using the gdbserver program, for details.

The debugging stub is specific to the architecture of the remote machine; for example, use `sparc-stub.c' to debug programs on SPARC boards.

These working remote stubs are distributed with GDB:

i386-stub.c
For Intel 386 and compatible architectures.

m68k-stub.c
For Motorola 680x0 architectures.

sh-stub.c
For Hitachi SH architectures.

sparc-stub.c
For SPARC architectures.

sparcl-stub.c
For Fujitsu SPARCLITE architectures.

The `README' file in the GDB distribution may list other recently added stubs.

13.4.1.1 What the stub can do for you  
13.4.1.2 What you must do for the stub  
13.4.1.3 Putting it all together  
13.4.1.4 Communication protocol  Definition of the communication protocol
13.4.1.5 Using the gdbserver program  Using the `gdbserver' program
13.4.1.6 Using the gdbserve.nlm program  Using the `gdbserve.nlm' program


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.4.1.1 What the stub can do for you

The debugging stub for your architecture supplies these three subroutines:

set_debug_traps
This routine arranges for handle_exception to run when your program stops. You must call this subroutine explicitly near the beginning of your program.

handle_exception
This is the central workhorse, but your program never calls it explicitly--the setup code arranges for handle_exception to run when a trap is triggered.

handle_exception takes control when your program stops during execution (for example, on a breakpoint), and mediates communications with GDB on the host machine. This is where the communications protocol is implemented; handle_exception acts as the GDB representative on the target machine. It begins by sending summary information on the state of your program, then continues to execute, retrieving and transmitting any information GDB needs, until you execute a GDB command that makes your program resume; at that point, handle_exception returns control to your own code on the target machine.

breakpoint
Use this auxiliary subroutine to make your program contain a breakpoint. Depending on the particular situation, this may be the only way for GDB to get control. For instance, if your target machine has some sort of interrupt button, you won't need to call this; pressing the interrupt button transfers control to handle_exception---in effect, to GDB. On some machines, simply receiving characters on the serial port may also trigger a trap; again, in that situation, you don't need to call breakpoint from your own program--simply running `target remote' from the host GDB session gets control.

Call breakpoint if none of these is true, or if you simply want to make certain your program stops at a predetermined point for the start of your debugging session.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.4.1.2 What you must do for the stub

The debugging stubs that come with GDB are set up for a particular chip architecture, but they have no information about the rest of your debugging target machine.

First of all you need to tell the stub how to communicate with the serial port.

int getDebugChar()
Write this subroutine to read a single character from the serial port. It may be identical to getchar for your target system; a different name is used to allow you to distinguish the two if you wish.

void putDebugChar(int)
Write this subroutine to write a single character to the serial port. It may be identical to putchar for your target system; a different name is used to allow you to distinguish the two if you wish.

If you want GDB to be able to stop your program while it is running, you need to use an interrupt-driven serial driver, and arrange for it to stop when it receives a ^C (`\003', the control-C character). That is the character which GDB uses to tell the remote system to stop.

Getting the debugging target to return the proper status to GDB probably requires changes to the standard stub; one quick and dirty way is to just execute a breakpoint instruction (the "dirty" part is that GDB reports a SIGTRAP instead of a SIGINT).

Other routines you need to supply are:

void exceptionHandler (int exception_number, void *exception_address)
Write this function to install exception_address in the exception handling tables. You need to do this because the stub does not have any way of knowing what the exception handling tables on your target system are like (for example, the processor's table might be in ROM, containing entries which point to a table in RAM). exception_number is the exception number which should be changed; its meaning is architecture-dependent (for example, different numbers might represent divide by zero, misaligned access, etc). When this exception occurs, control should be transferred directly to exception_address, and the processor state (stack, registers, and so on) should be just as it is when a processor exception occurs. So if you want to use a jump instruction to reach exception_address, it should be a simple jump, not a jump to subroutine.

For the 386, exception_address should be installed as an interrupt gate so that interrupts are masked while the handler runs. The gate should be at privilege level 0 (the most privileged level). The SPARC and 68k stubs are able to mask interrupts themselves without help from exceptionHandler.

void flush_i_cache()
On SPARC and SPARCLITE only, write this subroutine to flush the instruction cache, if any, on your target machine. If there is no instruction cache, this subroutine may be a no-op.

On target machines that have instruction caches, GDB requires this function to make certain that the state of your program is stable.

You must also make sure this library routine is available:

void *memset(void *, int, int)
This is the standard library function memset that sets an area of memory to a known value. If you have one of the free versions of libc.a, memset can be found there; otherwise, you must either obtain it from your hardware manufacturer, or write your own.

If you do not use the GNU C compiler, you may need other standard library subroutines as well; this varies from one stub to another, but in general the stubs are likely to use any of the common library subroutines which gcc generates as inline code.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.4.1.3 Putting it all together

In summary, when your program is ready to debug, you must follow these steps.

  1. Make sure you have defined the supporting low-level routines (see section What you must do for the stub):
     
    getDebugChar, putDebugChar,
    flush_i_cache, memset, exceptionHandler.
    

  2. Insert these lines near the top of your program:

     
    set_debug_traps();
    breakpoint();
    

  3. For the 680x0 stub only, you need to provide a variable called exceptionHook. Normally you just use:

     
    void (*exceptionHook)() = 0;
    

    but if before calling set_debug_traps, you set it to point to a function in your program, that function is called when GDB continues after stopping on a trap (for example, bus error). The function indicated by exceptionHook is called with one parameter: an int which is the exception number.

  4. Compile and link together: your program, the GDB debugging stub for your target architecture, and the supporting subroutines.

  5. Make sure you have a serial connection between your target machine and the GDB host, and identify the serial port on the host.

  6. Download your program to your target machine (or get it there by whatever means the manufacturer provides), and start it.

  7. To start remote debugging, run GDB on the host machine, and specify as an executable file the program that is running in the remote machine. This tells GDB how to find your program's symbols and the contents of its pure text.

  8. Establish communication using the target remote command. Its argument specifies how to communicate with the target machine--either via a devicename attached to a direct serial line, or a TCP port (usually to a terminal server which in turn has a serial line to the target). For example, to use a serial line connected to the device named `/dev/ttyb':

     
    target remote /dev/ttyb
    

    To use a TCP connection, use an argument of the form host:port. For example, to connect to port 2828 on a terminal server named manyfarms:

     
    target remote manyfarms:2828
    

Now you can use all the usual commands to examine and change data and to step and continue the remote program.

To resume the remote program and stop debugging it, use the detach command.

Whenever GDB is waiting for the remote program, if you type the interrupt character (often C-C), GDB attempts to stop the program. This may or may not succeed, depending in part on the hardware and the serial drivers the remote system uses. If you type the interrupt character once again, GDB displays this prompt:

 
Interrupted while waiting for the program.
Give up (and stop debugging it)?  (y or n)

If you type y, GDB abandons the remote debugging session. (If you decide you want to try again later, you can use `target remote' again to connect once more.) If you type n, GDB goes back to waiting.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.4.1.4 Communication protocol

The stub files provided with GDB implement the target side of the communication protocol, and the GDB side is implemented in the GDB source file `remote.c'. Normally, you can simply allow these subroutines to communicate, and ignore the details. (If you're implementing your own stub file, you can still ignore the details: start with one of the existing stub files. `sparc-stub.c' is the best organized, and therefore the easiest to read.)

However, there may be occasions when you need to know something about the protocol--for example, if there is only one serial port to your target machine, you might want your program to do something special if it recognizes a packet meant for GDB.

In the examples below, `<-' and `->' are used to indicate transmitted and received data respectfully.

All GDB commands and responses (other than acknowledgments) are sent as a packet. A packet is introduced with the character `$', the actual packet-data, and the terminating character `#' followed by a two-digit checksum:

 
$packet-data#checksum

The two-digit checksum is computed as the modulo 256 sum of all characters between the leading `$' and the trailing `#' (an eight bit unsigned checksum).

Implementors should note that prior to GDB 5.0 the protocol specification also included an optional two-digit sequence-id:

 
$sequence-id:packet-data#checksum

That sequence-id was appended to the acknowledgment. GDB has never output sequence-ids. Stubs that handle packets added since GDB 5.0 must not accept sequence-id.

When either the host or the target machine receives a packet, the first response expected is an acknowledgment: either `+' (to indicate the package was received correctly) or `-' (to request retransmission):

 
<- $packet-data#checksum
-> +

The host (GDB) sends commands, and the target (the debugging stub incorporated in your program) sends a response. In the case of step and continue commands, the response is only sent when the operation has completed (the target has again stopped).

packet-data consists of a sequence of characters with the exception of `#' and `$' (see `X' packet for additional exceptions).

Fields within the packet should be separated using `,' `;' or `:'. Except where otherwise noted all numbers are represented in HEX with leading zeros suppressed.

Implementors should note that prior to GDB 5.0, the character `:' could not appear as the third character in a packet (as it would potentially conflict with the sequence-id).

Response data can be run-length encoded to save space. A `*' means that the next character is an ASCII encoding giving a repeat count which stands for that many repetitions of the character preceding the `*'. The encoding is n+29, yielding a printable character where n >=3 (which is where rle starts to win). The printable characters `$', `#', `+' and `-' or with a numeric value greater than 126 should not be used.

Some remote systems have used a different run-length encoding mechanism loosely refered to as the cisco encoding. Following the `*' character are two hex digits that indicate the size of the packet.

So:
 
"0* "
means the same as "0000".

The error response returned for some packets includes a two character error number. That number is not well defined.

For any command not supported by the stub, an empty response (`$#00') should be returned. That way it is possible to extend the protocol. A newer GDB can tell if a packet is supported based on that response.

A stub is required to support the `g', `G', `m', `M', `c', and `s' commands. All other commands are optional.

Below is a complete list of all currently defined commands and their corresponding response data:
Packet Request Description
extended ops ! Use the extended remote protocol. Sticky--only needs to be set once. The extended remote protocol supports the `R' packet.
reply `' Stubs that support the extended remote protocol return `' which, unfortunately, is identical to the response returned by stubs that do not support protocol extensions.
last signal ? Indicate the reason the target halted. The reply is the same as for step and continue.
reply see below
reserved a Reserved for future use
set program arguments (reserved) Aarglen,argnum,arg,...
Initialized `argv[]' array passed into program. arglen specifies the number of bytes in the hex encoded byte stream arg. See `gdbserver' for more details.
reply OK
reply ENN
set baud (deprecated) bbaud Change the serial line speed to baud. JTC: When does the transport layer state change? When it's received, or after the ACK is transmitted. In either case, there are problems if the command or the acknowledgment packet is dropped. Stan: If people really wanted to add something like this, and get it working for the first time, they ought to modify ser-unix.c to send some kind of out-of-band message to a specially-setup stub and have the switch happen "in between" packets, so that from remote protocol's point of view, nothing actually happened.
set breakpoint (deprecated) Baddr,mode Set (mode is `S') or clear (mode is `C') a breakpoint at addr. This has been replaced by the `Z' and `z' packets.
continue caddr addr is address to resume. If addr is omitted, resume at current address.
reply see below
continue with signal Csig;addr Continue with signal sig (hex signal number). If ;addr is omitted, resume at same address.
reply see below
toggle debug (deprecated) d toggle debug flag.
detach D Detach GDB from the remote system. Sent to the remote target before GDB disconnects.
reply no response GDB does not check for any response after sending this packet.
reserved e Reserved for future use
reserved E Reserved for future use
reserved f Reserved for future use
reserved F Reserved for future use
read registers g Read general registers.
reply XX... Each byte of register data is described by two hex digits. The bytes with the register are transmitted in target byte order. The size of each register and their position within the `g' packet are determined by the GDB internal macros REGISTER_RAW_SIZE and REGISTER_NAME macros. The specification of several standard g packets is specified below.
ENN for an error.
write regs GXX... See `g' for a description of the XX... data.
reply OK for success
reply ENN for an error
reserved h Reserved for future use
set thread Hct... Set thread for subsequent operations (`m', `M', `g', `G', et.al.). c = `c' for thread used in step and continue; t... can be -1 for all threads. c = `g' for thread used in other operations. If zero, pick a thread, any thread.
reply OK for success
reply ENN for an error
cycle step (draft) iaddr,nnn Step the remote target by a single clock cycle. If ,nnn is present, cycle step nnn cycles. If addr is present, cycle step starting at that address.
signal then cycle step (reserved) I See `i' and `S' for likely syntax and semantics.
reserved j Reserved for future use
reserved J Reserved for future use
kill request k FIXME: There is no description of how operate when a specific thread context has been selected (ie. does 'k' kill only that thread?).
reserved l Reserved for future use
reserved L Reserved for future use
read memory maddr,length Read length bytes of memory starting at address addr. Neither GDB nor the stub assume that sized memory transfers are assumed using word alligned accesses. FIXME: A word aligned memory transfer mechanism is needed.
reply XX... XX... is mem contents. Can be fewer bytes than requested if able to read only part of the data. Neither GDB nor the stub assume that sized memory transfers are assumed using word alligned accesses. FIXME: A word aligned memory transfer mechanism is needed.
reply ENN NN is errno
write mem Maddr,length:XX... Write length bytes of memory starting at address addr. XX... is the data.
reply OK for success
reply ENN for an error (this includes the case where only part of the data was written).
reserved n Reserved for future use
reserved N Reserved for future use
reserved o Reserved for future use
reserved O Reserved for future use
read reg (reserved) pn... See write register.
return r.... The hex encoded value of the register in target byte order.
write reg Pn...=r... Write register n... with value r..., which contains two hex digits for each byte in the register (target byte order).
reply OK for success
reply ENN for an error
general query qquery Request info about query. In general GDB queries have a leading upper case letter. Custom vendor queries should use a company prefix (in lower case) ex: `qfsf.var'. query may optionally be followed by a `,' or `;' separated list. Stubs must ensure that they match the full query name.
reply XX... Hex encoded data from query. The reply can not be empty.
reply ENN error reply
reply `' Indicating an unrecognized query.
general set Qvar=val Set value of var to val. See `q' for a discussing of naming conventions.
reset (deprecated) r Reset the entire system.
remote restart RXX Restart the remote server. XX while needed has no clear definition. FIXME: An example interaction explaining how this packet is used in extended-remote mode is needed.
step saddr addr is address to resume. If addr is omitted, resume at same address.
reply see below
step with signal Ssig;addr Like `C' but step not continue.
reply see below
search taddr:PP,MM Search backwards starting at address addr for a match with pattern PP and mask MM. PP and MM are 4 bytes. addr must be at least 3 digits.
thread alive TXX Find out if the thread XX is alive.
reply OK thread is still alive
reply ENN thread is dead
reserved u Reserved for future use
reserved U Reserved for future use
reserved v Reserved for future use
reserved V Reserved for future use
reserved w Reserved for future use
reserved W Reserved for future use
reserved x Reserved for future use
write mem (binary) Xaddr,length:XX... addr is address, length is number of bytes, XX... is binary data. The characters $, #, and 0x7d are escaped using 0x7d.
reply OK for success
reply ENN for an error
reserved y Reserved for future use
reserved Y Reserved for future use
remove break or watchpoint (draft) zt,addr,length See `Z'.
insert break or watchpoint (draft) Zt,addr,length t is type: `0' - software breakpoint, `1' - hardware breakpoint, `2' - write watchpoint, `3' - read watchpoint, `4' - access watchpoint; addr is address; length is in bytes. For a software breakpoint, length specifies the size of the instruction to be patched. For hardware breakpoints and watchpoints length specifies the memory region to be monitored. To avoid potential problems with duplicate packets, the operations should be implemented in an idempotent way.
reply ENN for an error
reply OK for success
`' If not supported.
reserved <other> Reserved for future use

The `C', `c', `S', `s' and `?' packets can receive any of the below as a reply. In the case of the `C', `c', `S' and `s' packets, that reply is only returned when the target halts. In the below the exact meaning of `signal number' is poorly defined. In general one of the UNIX signal numbering conventions is used.

SAA AA is the signal number
TAAn...:r...;n...:r...;n...:r...; AA = two hex digit signal number; n... = register number (hex), r... = target byte ordered register contents, size defined by REGISTER_RAW_SIZE; n... = `thread', r... = thread process ID, this is a hex integer; n... = other string not starting with valid hex digit. GDB should ignore this n..., r... pair and go on to the next. This way we can extend the protocol.
WAA The process exited, and AA is the exit status. This is only applicable for certains sorts of targets.
XAA The process terminated with signal AA.
NAA;t...;d...;b... (obsolete) AA = signal number; t... = address of symbol "_start"; d... = base of data section; b... = base of bss section. Note: only used by Cisco Systems targets. The difference between this reply and the "qOffsets" query is that the 'N' packet may arrive spontaneously whereas the 'qOffsets' is a query initiated by the host debugger.
OXX... XX... is hex encoding of ASCII data. This can happen at any time while the program is running and the debugger should continue to wait for 'W', 'T', etc.

The following set and query packets have already been defined.

current thread qC Return the current thread id.
reply QCpid Where pid is a HEX encoded 16 bit process id.
reply * Any other reply implies the old pid.
all thread ids qfThreadInfo
qsThreadInfo Obtain a list of active thread ids from the target (OS). Since there may be too many active threads to fit into one reply packet, this query works iteratively: it may require more than one query/reply sequence to obtain the entire list of threads. The first query of the sequence will be the qfThreadInfo query; subsequent queries in the sequence will be the qsThreadInfo query.
NOTE: replaces the qL query (see below).
reply m<id> A single thread id
reply m<id>,<id>... a comma-separated list of thread ids
reply l (lower case 'el') denotes end of list.
In response to each query, the target will reply with a list of one or more thread ids, in big-endian hex, separated by commas. GDB will respond to each reply with a request for more thread ids (using the qs form of the query), until the target responds with l (lower-case el, for 'last').
extra thread info qThreadExtraInfo,id
Where <id> is a thread-id in big-endian hex. Obtain a printable string description of a thread's attributes from the target OS. This string may contain anything that the target OS thinks is interesting for GDB to tell the user about the thread. The string is displayed in GDB's `info threads' display. Some examples of possible thread extra info strings are "Runnable", or "Blocked on Mutex".
reply XX... Where XX... is a hex encoding of ASCII data, comprising the printable string containing the extra information about the thread's attributes.
query LIST or threadLIST (deprecated) qLstartflagthreadcountnextthread
Obtain thread information from RTOS. Where: startflag (one hex digit) is one to indicate the first query and zero to indicate a subsequent query; threadcount (two hex digits) is the maximum number of threads the response packet can contain; and nextthread (eight hex digits), for subsequent queries (startflag is zero), is returned in the response as argthread.
NOTE: this query is replaced by the qfThreadInfo query (see above).
reply qMcountdoneargthreadthread...
Where: count (two hex digits) is the number of threads being returned; done (one hex digit) is zero to indicate more threads and one indicates no further threads; argthreadid (eight hex digits) is nextthread from the request packet; thread... is a sequence of thread IDs from the target. threadid (eight hex digits). See remote.c:parse_threadlist_response().
compute CRC of memory block qCRC:addr,length
reply ENN An error (such as memory fault)
reply CCRC32 A 32 bit cyclic redundancy check of the specified memory region.
query sect offs qOffsets Get section offsets that the target used when re-locating the downloaded image. Note: while a Bss offset is included in the response, GDB ignores this and instead applies the Data offset to the Bss section.
reply Text=xxx;Data=yyy;Bss=zzz
thread info request qPmodethreadid
Returns information on threadid. Where: mode is a hex encoded 32 bit mode; threadid is a hex encoded 64 bit thread ID.
reply * See remote.c:remote_unpack_thread_info_response().
remote command qRcmd,COMMAND
COMMAND (hex encoded) is passed to the local interpreter for execution. Invalid commands should be reported using the output string. Before the final result packet, the target may also respond with a number of intermediate OOUTPUT console output packets. Implementors should note that providing access to a stubs's interpreter may have security implications.
reply OK A command response with no output.
reply OUTPUT A command response with the hex encoded output string OUTPUT.
reply ENN Indicate a badly formed request.
reply `' When `q'`Rcmd' is not recognized.

The following `g'/`G' packets have previously been defined. In the below, some thirty-two bit registers are transferred as sixty-four bits. Those registers should be zero/sign extended (which?) to fill the space allocated. Register bytes are transfered in target byte order. The two nibbles within a register byte are transfered most-significant - least-significant.

MIPS32 All registers are transfered as thirty-two bit quantities in the order: 32 general-purpose; sr; lo; hi; bad; cause; pc; 32 floating-point registers; fsr; fir; fp.
MIPS64 All registers are transfered as sixty-four bit quantities (including thirty-two bit registers such as sr). The ordering is the same as MIPS32.

Example sequence of a target being re-started. Notice how the restart does not get any direct output:

 
<- R00
-> +
target restarts
<- ?
-> +
-> T001:1234123412341234
<- +

Example sequence of a target being stepped by a single instruction:

 
<- G1445...
-> +
<- s
-> +
time passes
-> T001:1234123412341234
<- +
<- g
-> +
-> 1455...
<- +


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.4.1.5 Using the gdbserver program

gdbserver is a control program for Unix-like systems, which allows you to connect your program with a remote GDB via target remote---but without linking in the usual debugging stub.

gdbserver is not a complete replacement for the debugging stubs, because it requires essentially the same operating-system facilities that GDB itself does. In fact, a system that can run gdbserver to connect to a remote GDB could also run GDB locally! gdbserver is sometimes useful nevertheless, because it is a much smaller program than GDB itself. It is also easier to port than all of GDB, so you may be able to get started more quickly on a new system by using gdbserver. Finally, if you develop code for real-time systems, you may find that the tradeoffs involved in real-time operation make it more convenient to do as much development work as possible on another system, for example by cross-compiling. You can use gdbserver to make a similar choice for debugging.

GDB and gdbserver communicate via either a serial line or a TCP connection, using the standard GDB remote serial protocol.

On the target machine,
you need to have a copy of the program you want to debug. gdbserver does not need your program's symbol table, so you can strip the program if necessary to save space. GDB on the host system does all the symbol handling.

To use the server, you must tell it how to communicate with GDB; the name of your program; and the arguments for your program. The syntax is:

 
target> gdbserver comm program [ args ... ]

comm is either a device name (to use a serial line) or a TCP hostname and portnumber. For example, to debug Emacs with the argument `foo.txt' and communicate with GDB over the serial port `/dev/com1':

 
target> gdbserver /dev/com1 emacs foo.txt

gdbserver waits passively for the host GDB to communicate with it.

To use a TCP connection instead of a serial line:

 
target> gdbserver host:2345 emacs foo.txt

The only difference from the previous example is the first argument, specifying that you are communicating with the host GDB via TCP. The `host:2345' argument means that gdbserver is to expect a TCP connection from machine `host' to local TCP port 2345. (Currently, the `host' part is ignored.) You can choose any number you want for the port number as long as it does not conflict with any TCP ports already in use on the target system (for example, 23 is reserved for telnet).(5) You must use the same port number with the host GDB target remote command.

On the GDB host machine,
you need an unstripped copy of your program, since GDB needs symbols and debugging information. Start up GDB as usual, using the name of the local copy of your program as the first argument. (You may also need the `--baud' option if the serial line is running at anything other than 9600bps.) After that, use target remote to establish communications with gdbserver. Its argument is either a device name (usually a serial device, like `/dev/ttyb'), or a TCP port descriptor in the form host:PORT. For example:

 
(gdb) target remote /dev/ttyb

communicates with the server via serial line `/dev/ttyb', and

 
(gdb) target remote the-target:2345

communicates via a TCP connection to port 2345 on host `the-target'. For TCP connections, you must start up gdbserver prior to using the target remote command. Otherwise you may get an error whose text depends on the host system, but which usually looks something like `Connection refused'.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.4.1.6 Using the gdbserve.nlm program

gdbserve.nlm is a control program for NetWare systems, which allows you to connect your program with a remote GDB via target remote.

GDB and gdbserve.nlm communicate via a serial line, using the standard GDB remote serial protocol.

On the target machine,
you need to have a copy of the program you want to debug. gdbserve.nlm does not need your program's symbol table, so you can strip the program if necessary to save space. GDB on the host system does all the symbol handling.

To use the server, you must tell it how to communicate with GDB; the name of your program; and the arguments for your program. The syntax is:

 
load gdbserve [ BOARD=board ] [ PORT=port ]
              [ BAUD=baud ] program [ args ... ]

board and port specify the serial line; baud specifies the baud rate used by the connection. port and node default to 0, baud defaults to 9600bps.

For example, to debug Emacs with the argument `foo.txt'and communicate with GDB over serial port number 2 or board 1 using a 19200bps connection:

 
load gdbserve BOARD=1 PORT=2 BAUD=19200 emacs foo.txt

On the GDB host machine,
you need an unstripped copy of your program, since GDB needs symbols and debugging information. Start up GDB as usual, using the name of the local copy of your program as the first argument. (You may also need the `--baud' option if the serial line is running at anything other than 9600bps. After that, use target remote to establish communications with gdbserve.nlm. Its argument is a device name (usually a serial device, like `/dev/ttyb'). For example:

 
(gdb) target remote /dev/ttyb

communications with the server via serial line `/dev/ttyb'.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.5 Kernel Object Display

Some targets support kernel object display. Using this facility, GDB communicates specially with the underlying operating system and can display information about operating system-level objects such as mutexes and other synchronization objects. Exactly which objects can be displayed is determined on a per-OS basis.

Use the set os command to set the operating system. This tells GDB which kernel object display module to initialize:

 
(gdb) set os cisco

If set os succeeds, GDB will display some information about the operating system, and will create a new info command which can be used to query the target. The info command is named after the operating system:

 
(gdb) info cisco
List of Cisco Kernel Objects
Object     Description
any        Any and all objects

Further subcommands can be used to query about particular objects known by the kernel.

There is currently no way to determine whether a given operating system is supported other than to try it.


[ << ] [ >> ]           [Top] [Contents] [Index] [ ? ]

This document was generated by Samuel James Holden on June, 1 2000 using texi2html