Christopher Hallinan - Embedded Linux Primer - A Practical, Real-World Approach

query=0x321d8 "") at led.c:61

#3 0x000126cc in websUrlHandlerRequest (wp=0x325c8) at handler.c:273

#4 0x0001f518 in websGetInput (wp=0x325c8, ptext=0xbefffc40,

pnbytes=0xbefffc38) at webs.c:664

#5 0x0001ede0 in websReadEvent (wp=0x325c8) at webs.c:362

#6 0x0001ed34 in websSocketEvent (sid=1, mask=2, iwp=206280) at webs.c:319

#7 0x00019740 in socketDoEvent (sp=0x34fc8) at sockGen.c:903

#8 0x00019598 in socketProcess (sid=1) at sockGen.c:845

#9 0x00012be8 in main (argc=1, argv=0xbefffe14) at main.c:99

(gdb)

The backtrace displays the call chain all the way back to main(), the start of the user's program. A stack frame number precedes each line of the backtrace. You can switch to any given stack frame using the gdb frame command. Listing 13-3 is an example of this. Here we switch to stack frame 2 and display the source code in that frame. As in the previous examples, the lines preceded with (gdb) are the commands we issue to GDB, and the other lines are the GDB output.

Listing 13-3. Moving Around Stack Frames in GDB

(gdb) frame 2

#2 0x00012b50 in ErrorInHandler (wp=0x325c8, urlPrefix=0x2f648 "/Error",

webDir=0x2f660 "", arg=0, url=0x34f30 "/Error", path=0x34d68 "/Error",

query=0x321d8 "") at led.c:61

61 return InitBlock(p, siz);

(gdb) l

56

57 siz = 10000 * sizeof(BigBlock);

58

59 p = malloc(siz);

60 /* if (p) */

61 return InitBlock(p, siz);

62 /* else return (0); */

63 }

64

65

(gdb)

As you can see, with a little help from the source code available using the list command, it would not be difficult to trace the code back to the source of the errant null pointer. In fact, the astute reader will notice the source of the segmentation fault we have produced for this example. From Listing 13-3, we see that the check of the return value in the call to malloc() has been commented out. In this example, the malloc() call failed, leading to the operation on a null pointer two frames later in the call chain. Although this example is both contrived and trivial, many crashes of this type are remarkably easy to track down using a similar method with GDB and core dumps. You can also see the null pointer by looking at the parameter values in the function call. This often leads you directly to the frame where the null pointer originated.

We conclude this introduction to GDB by showing a typical debug session. In the previous demonstration of a program crash, we could have elected to step through the code to narrow down the cause of the failure. Of course, if you get a core dump, you should always start there. However, in other situations, you might want to set breakpoints and step through running code. Listing 13-4 details how we start GDB in preparation for a debug session. Note that the program must have been compiled with the debug flag enabled in the gcc command line for GDB to be useful in this context. Refer back to Figure 12-1 in Chapter 12, "Embedded Development Environment"; this is a cross-debug session with GDB running on your development host, debugging a program running on your target. We cover complete details of remote application debugging in Chapter 15, "Debugging Embedded Linux Applications."

Listing 13-4. Initiating a GDB Debug Session

$ xscale_be-gdb -silent webs

(gdb) target remote 192.168.1.21:2001

0x40000790 in ?? ()

(gdb) b main

Breakpoint 1 at 0x12b74: file main.c, line 78.

(gdb) c

Continuing.

Breakpoint 1, main (argc=1, argv=0xbefffe04) at main.c:78

78 bopen(NULL, (60 * 1024), B_USE_MALLOC);

(gdb) b ErrorInHandler

Breakpoint 2 at 0x12b30: file led.c, line 57.

(gdb) c

Continuing.

Breakpoint 2, ErrorInHandler (wp=0x311a0, urlPrefix=0x2f648 "/Error",

webDir=0x2f660 "", arg=0, url=0x31e88 "/Error", path=0x31918 "/Error",

query=0x318e8 "") at led.c:57

57 siz = 10000 * sizeof(BigBlock);

(gdb) next

59 p = malloc(siz);

(gdb) next

61 return InitBlock(p, siz);

(gdb) p p

$1 =(unsigned char *) 0x0

(gdb) p siz

$2 = 100000000

(gdb)

Following through this simple debug session, first we connect to our target board using the gdb target command. We cover remote debugging in more detail in Chapter 15. When we are connected to our target hardware, we set a breakpoint at main() using the gdb break (abbreviated b) command. Then we issue the gdb continue (abbreviated c) command to resume execution of the program. If we had any program arguments, we could have issued them on the command line when we invoked GDB.

We hit the breakpoint set at main(), and set another one at ErrorInHandler(), followed by the continue command, again abbreviated. When this new breakpoint is hit, we begin to step through the code using the next command. There we encounter the call to malloc(). Following the malloc() call, we examine the return value and discover the failure as indicated by the null return value. Finally, we print the value of the parameter in the malloc() call and see that a very large memory region (100 million bytes) is being requested, which fails.

Although trivial, the GDB examples in this section should enable the newcomer to become immediately productive with GDB. Few of us have really mastered GDBit is very complex and has many capabilities. Later in Section 13.2, "Data Display Debugger," we introduce a graphical front end to GDB that can ease the transition for those unfamiliar with GDB.

One final note about GDB: No doubt you have noticed the many banner lines GDB displays on the console when it is first invoked, as in Listing 13-1. In these examples, as stated earlier, we used a cross-gdb from the Monta Vista embedded Linux distribution. The banner lines contain a vital piece of information that the embedded developer must be aware of: GDB's host and target specifications. From Listing 13-1, we saw the following output when GDB was invoked:

This GDB was configured as "--host=i686-pc-linux-gnu -- target=armv5teb-montavista-linuxeabi"

In this instance, we were invoking a version of GDB that was compiled to execute from a Linux PCspecifically, an i686 running the GNU/Linux operating system. Equally critical, this instance of GDB was compiled to debug ARM binary code generated from the armv5teb big endian toolchain.

One of the most common mistakes made by newcomers to embedded development is to use the wrong GDB while trying to debug target executables. If something isn't working right, you should immediately check your GDB configuration to make sure that it makes sense for your environment. You cannot use your native GDB to debug target code!

The Data Display Debugger (DDD) is a graphical front end to GDB and other command line debuggers. DDD has many advanced features beyond simply viewing source code and stepping through a debug session. Figure 13-1 is a screen shot of the DDD's main screen.