Delete a watchpoint by address to automate segfault tracking

Delete a watchpoint by address to automate segfault tracking

[Laurent G.]

Hi,

I'm debugging a segfault in a pretty large real-time program (the kind
of which we can't figure out what's wrong just by looking at the
code).

In short, I know where the program crash (non-valid pointer) but I
don't known who and when my pointer gets corrupted, as the program
alloc & destroy 2/3 similar buffers by second.

I find out a nice technique is this article
(http://www.outflux.net/blog/archives/2007/09/15/catching-stack-overflows-in-gdb-as-they-happen/)
which automate the creation of watchpoint on malloced buffer:
(gdb) commands 1
>silent
>set variable $m = p_mypointer
>watch *$m
>cont
>end

In the article, the author says "I couldn’t find an easy way to track
the memory watch number that was created during the first breakpoint,
I just built a gdb counter, and deleted the memory watch when leaving,
since I could predict gdb’s numbering" and implements watchpoints
destruction this way:
(gdb) set variable $count = 3
(gdb) commands 2
>silent
>delete $count
>set variable $count = $count + 1
>cont
>end

This technique works well when the buffers get destroyed in the same
order than there are created. But in my program this is not the case.

From the value passed to free() I can get the memory address of the
to-be-destroyed buffer, but I couldn't find a way to tell GDB to
delete that specific watchpoint:

(gdb) delete *0x080483c6
-> OK but can't be automated

(gdb) set variable $d = p_mypointer
(gdb) p $d
0x080483c6
(gdb) d $d
-> Can't do. "Convenience variables used in line specs must have
integer values."

How can I do a "delete *`print $d`" in GDB?
Thanks!

Regards,
Laurent

Re: Delete a watchpoint by address to automate segfault tracking

[Tom Tromey]

>>>>> "Laurent" == Laurent G <vrygoud@gmail.com> writes:

Laurent> In the article, the author says "I couldn’t find an easy way to track
Laurent> the memory watch number that was created during the first breakpoint,
Laurent> I just built a gdb counter, and deleted the memory watch when leaving,
Laurent> since I could predict gdb’s numbering" and implements watchpoints
Laurent> destruction this way:

I think $bpnum may hold this.
See the 'Set Breaks' node of the manual.
Or it can perhaps be done from Python.

Laurent> How can I do a "delete *`print $d`" in GDB?

A few ways.

Simplest is to use "eval".

Otherwise, Python.

Otherwise, if you have an old gdb and can't upgrade, use set logging to
write out a file with the command you want (using printf), then 'source'
the file.

Tom

Re: Delete a watchpoint by address to automate segfault tracking

[Laurent G.]

On Thu, Sep 27, 2012 at 3:39 PM, Tom Tromey <tromey@redhat.com> wrote:
>>>>>> "Laurent" == Laurent G <vrygoud@gmail.com> writes:
>
> Laurent> In the article, the author says "I couldn’t find an easy way to track
> Laurent> the memory watch number that was created during the first breakpoint,
> Laurent> I just built a gdb counter, and deleted the memory watch when leaving,
> Laurent> since I could predict gdb’s numbering" and implements watchpoints
> Laurent> destruction this way:
>
> I think $bpnum may hold this.
> See the 'Set Breaks' node of the manual.
> Or it can perhaps be done from Python.
>
> Laurent> How can I do a "delete *`print $d`" in GDB?
>
> A few ways.
>
> Simplest is to use "eval".
>
> Otherwise, Python.
>
> Otherwise, if you have an old gdb and can't upgrade, use set logging to
> write out a file with the command you want (using printf), then 'source'
> the file.
>
> Tom

Thanks for your reply that helped me a lot. In fact the true issue is that you
can clear a breakpoint by its address:
(gdb) clear *0x80a5f90
But for no reason (from a user point of view) you can't do the same thing for
a watchpoint. If it was possible I could have used:
(gdb) eval "delete  *0x%x", my_pointer

Even if the Python support is great I forgot to tell that the target
is an embedded
system so I didn't want to compile a Python environment. Anyway, that's maybe
not the cleanest way to do so but I did the write-out-a-file things to match the
address of the buffer with the number of the watchpoint associated with it.

I'm positing my script bellow in the case anyone encounter the same issue:
(gdb) set pagination off
(gdb) b open_filter.c:30
(gdb) b close_filter.c:100

(gdb) commands 1
(gdb) silent
(gdb) watch -l *(int*)*p_data
(gdb) set logging file watchpoints.gdb
(gdb) set logging on
(gdb) eval "echo %d 0x%x\n", $bpnum, p_data
(gdb) set logging off
(gdb) cont
(gdb) end

(gdb) commands 2
(gdb) silent
(gdb) set logging file match.gdb
(gdb) set logging overwrite on
(gdb) set logging on
(gdb) eval "echo 0x%x\n", p_data
(gdb) set logging off
(gdb) set logging overwrite off
(gdb) shell cat watchpoints.gdb | grep `cat match.gdb` | awk -F" "
'{print "delete "$1}' > delete_wp.gdb
(gdb) shell line=`cat match.gdb`; sed -i "/$line/d" watchpoints.gdb
(gdb) source delete_wp.gdb
(gdb) cont
(gdb) end

Regards,
Laurent