4.10 Process Debugging
FreeBSD provides a simplistic facility for controlling and debugging the execution of a process. This facility, accessed through the ptrace system call, permits a parent process to control a child process's execution by manipulating user- and kernel-mode execution state. In particular, with ptrace, a parent process can do the following operations on a child process:
-
Attach to an existing process to begin debugging it
-
Read and write address space and registers
-
Intercept signals posted to the process
-
Single step and continue the execution of the process
-
Terminate the execution of the process
The ptrace call is used almost exclusively by program debuggers, such as gdb.
When a process is being traced, any signals posted to that process cause it to enter the STOPPED state. The parent process is notified with a SIGCHLD signal and may interrogate the status of the child with the wait4 system call. On most machines, trace traps, generated when a process is single stepped, and breakpoint faults, caused by a process executing a breakpoint instruction, are translated by FreeBSD into SIGTRAP signals. Because signals posted to a traced process cause it to stop and result in the parent being notified, a program's execution can be controlled easily.
To start a program that is to be debugged, the debugger first creates a child process with a fork system call. After the fork, the child process uses a ptrace call that causes the process to be flagged as traced by setting the P_TRACED bit in the p_flag field of the process structure. The child process then sets the trace trap bit in the process's processor status word and calls execve to load the image of the program that is to be debugged. Setting this bit ensures that the first instruction executed by the child process after the new image is loaded will result in a hardware trace trap, which is translated by the system into a SIGTRAP signal. Because the parent process is notified about all signals to the child, it can intercept the signal and gain control over the program before it executes a single instruction.
Alternatively, the debugger may take over an existing process by attaching to it. A successful attach request causes the process to enter the STOPPED state and to have its P_TRACED bit set in the p_flag field of its process structure. The debugger can then begin operating on the process in the same way as it would with a process that it had explicitly started.
An alternative to the ptrace system call is the /proc filesystem. The functionality provided by the /proc filesystem is the same as that provided by ptrace; it differs only in its interface. The /proc filesystem implements a view of the system process table inside the filesystem and is so named because it is normally mounted on /proc. It provides a two-level view of process space. At the highest level, processes themselves are named, according to their process IDs. There is also a special node called curproc that always refers to the process making the lookup request.
Each node is a directory that contains the following entries:
ctl |
A write-only file that supports a variety of control operations. Control commands are written as strings to the ctl file. The control commands are: |
|
attach Stops the target process and arranges for the sending process to become the debug control process. |
||
detach Continue execution of the target process and remove it from control by the debug process (that need not be the sending process). |
||
Run Continue running the target process until a signal is delivered, a breakpoint is hit, or the target process exits. |
||
Step Single step the target process, with no signal delivery. |
||
wait Wait for the target process to come to a steady state ready for debugging. The target process must be in this state before any of the other commands are allowed. |
||
The string can also be the name of a signal, lowercase and without the SIG prefix, in which case that signal is delivered to the process. |
||
dbregs |
Set the debug registers as defined by the machine architecture. |
|
etype |
The type of the executable referenced by the file entry. |
|
file |
A reference to the vnode from which the process text was read. This entry can be used to gain access to the symbol table for the process or to start another copy of the process. |
|
fpregs |
The floating point registers as defined by the machine architecture. It is only implemented on machines that have distinct general purpose and floating point register sets. |
|
map |
A map of the process's virtual memory. |
|
mem |
The complete virtual memory image of the process. Only those addresses that exist in the process can be accessed. Reads and writes to this file modify the process. Writes to the text segment remain private to the process. Because the address space of another process can be accessed with read and write system calls, a debugger can access a process being debugged with much greater efficiency than it can with the ptrace system call. The pages of interest in the process being debugged are mapped into the kernel address space. The data requested by the debugger can then becopied directly from the kernel to the debugger's address space. |
|
regs |
Allows read and write access to the register set of the process. |
|
rlimit |
A read-only file containing the process current and maximum limits. |
|
status |
The process status. This file is read-only and returns a single line containing multiple space-separated fields that include the command name,the process id, the parent process id, the process group id, the session id, the controlling terminal (if any), a list of the process flags, the process start time, user and system times, the wait channel message, and the process credentials. |
Each node is owned by the process's user and belongs to that user's primary group, except for the mem node, which belongs to the kmem group.
In a normal debugging environment, where the target does a fork followed by an exec by the debugger, the debugger should fork and the child should stop itself (with a self-inflicted SIGSTOP, for example). The parent should issue a wait and then an attach command via the appropriate ctl file. The child process will receive a SIGTRAP immediately after the call to exec.