6

How do GDB watchpoints work? Can similar functionality be implemented to harness byte level access at defined locations?

Paul R
  • 202,568
  • 34
  • 375
  • 539
Kapil
  • 766
  • 2
  • 6
  • 18

2 Answers2

13

On x86 there are CPU debug registers D0-D3 that track memory address.

This explains how hardware breakpoints are implemented in Linux and also gives details of what processor specific features are used.

Another article on hardware breakpoints.

Mark
  • 3,047
  • 4
  • 24
  • 37
takladev
  • 303
  • 4
  • 13
6

I believe gdb uses the MMU so that the memory pages containing watched address ranges are marked as protected - then when an exception occurs for a write to a protected pages gdb handles the exception, checks to see whether the address of the write corresponds to a particular watchpoint, and then either resumes or drops to the gdb command prompt accordingly.

You can implement something similar for your own debugging code or test harness using mprotect, although you'll need to implement an exception handler if you want to do anything more sophisticated than just fail on a bad write.

Paul R
  • 202,568
  • 34
  • 375
  • 539
  • thanks for the information. Is there any kind of support from the hardware available. I know thats just a shot in the dark. – Kapil Oct 18 '11 at 10:42
  • 1
    The MMU (Memory Management Unit) *is* hardware - by marking a page as protected you can get an exception on a write to that page - this is how hardware-assisted watchpoints work. Without the MMU you'd have to pause after every instruction and examine all watchpoint address ranges - this is how software watchpoints typically work on systems without MMUs (e.g. small embedded systems) and it's *very* slow. – Paul R Oct 18 '11 at 11:24