1LLDB has added new GDB server packets to better support multi-threaded and 2remote debugging. Why? Normally you need to start the correct GDB and the 3correct GDB server when debugging. If you have mismatch, then things go wrong 4very quickly. LLDB makes extensive use of the GDB remote protocol and we 5wanted to make sure that the experience was a bit more dynamic where we can 6discover information about a remote target without having to know anything up 7front. We also ran into performance issues with the existing GDB remote 8protocol that can be overcome when using a reliable communications layer. 9Some packets improve performance, others allow for remote process launching 10(if you have an OS), and others allow us to dynamically figure out what 11registers a thread might have. Again with GDB, both sides pre-agree on how the 12registers will look (how many, their register number,name and offsets). We 13prefer to be able to dynamically determine what kind of architecture, OS and 14vendor we are debugging, as well as how things are laid out when it comes to 15the thread register contexts. Below are the details on the new packets we have 16added above and beyond the standard GDB remote protocol packets. 17 18//---------------------------------------------------------------------- 19// "QStartNoAckMode" 20// 21// BRIEF 22// Try to enable no ACK mode to skip sending ACKs and NACKs. 23// 24// PRIORITY TO IMPLEMENT 25// High. Any GDB remote server that can implement this should if the 26// connection is reliable. This improves packet throughput and increases 27// the performance of the connection. 28//---------------------------------------------------------------------- 29Having to send an ACK/NACK after every packet slows things down a bit, so we 30have a way to disable ACK packets to minimize the traffic for reliable 31communication interfaces (like sockets). Below GDB or LLDB will send this 32packet to try and disable ACKs. All lines that start with "send packet: " are 33from GDB/LLDB, and all lines that start with "read packet: " are from the GDB 34remote server: 35 36send packet: $QStartNoAckMode#b0 37read packet: + 38read packet: $OK#9a 39send packet: + 40 41 42 43//---------------------------------------------------------------------- 44// "A" - launch args packet 45// 46// BRIEF 47// Launch a program using the supplied arguments 48// 49// PRIORITY TO IMPLEMENT 50// Low. Only needed if the remote target wants to launch a target after 51// making a connection to a GDB server that isn't already connected to 52// an inferior process. 53//---------------------------------------------------------------------- 54 55We have added support for the "set program arguments" packet where we can 56start a connection to a remote server and then later supply the path to the 57executable and the arguments to use when executing: 58 59GDB remote docs for this: 60 61set program arguments(reserved) Aarglen,argnum,arg,... 62 63Where A is followed by the length in bytes of the hex encoded argument, 64followed by an argument integer, and followed by the ASCII characters 65converted into hex bytes foreach arg 66 67send packet: $A98,0,2f566f6c756d65732f776f726b2f67636c6179746f6e2f446f63756d656e74732f7372632f6174746163682f612e6f7574#00 68read packet: $OK#00 69 70The above packet helps when you have remote debugging abilities where you 71could launch a process on a remote host, this isn't needed for bare board 72debugging. 73 74//---------------------------------------------------------------------- 75// "QEnvironment:NAME=VALUE" 76// 77// BRIEF 78// Setup the environment up for a new child process that will soon be 79// launched using the "A" packet. 80// 81// NB: key/value pairs are sent as-is so gdb-remote protocol meta characters 82// (e.g. '#' or '$') are not acceptable. If any non-printable or 83// metacharacters are present in the strings, QEnvironmentHexEncoded 84// should be used instead if it is available. If you don't want to 85// scan the environment strings before sending, prefer 86// the QEnvironmentHexEncoded packet over QEnvironment, if it is 87// available. 88// 89// PRIORITY TO IMPLEMENT 90// Low. Only needed if the remote target wants to launch a target after 91// making a connection to a GDB server that isn't already connected to 92// an inferior process. 93//---------------------------------------------------------------------- 94 95Both GDB and LLDB support passing down environment variables. Is it ok to 96respond with a "$#00" (unimplemented): 97 98send packet: $QEnvironment:ACK_COLOR_FILENAME=bold yellow#00 99read packet: $OK#00 100 101This packet can be sent one or more times _prior_ to sending a "A" packet. 102 103//---------------------------------------------------------------------- 104// "QEnvironmentHexEncoded:HEX-ENCODING(NAME=VALUE)" 105// 106// BRIEF 107// Setup the environment up for a new child process that will soon be 108// launched using the "A" packet. 109// 110// The only difference between this packet and QEnvironment is that the 111// environment key-value pair is ascii hex encoded for transmission. 112// This allows values with gdb-remote metacharacters like '#' to be sent. 113// 114// PRIORITY TO IMPLEMENT 115// Low. Only needed if the remote target wants to launch a target after 116// making a connection to a GDB server that isn't already connected to 117// an inferior process. 118//---------------------------------------------------------------------- 119 120Both GDB and LLDB support passing down environment variables. Is it ok to 121respond with a "$#00" (unimplemented): 122 123send packet: $QEnvironment:41434b5f434f4c4f525f46494c454e414d453d626f6c642379656c6c6f77#00 124read packet: $OK#00 125 126This packet can be sent one or more times _prior_ to sending a "A" packet. 127 128//---------------------------------------------------------------------- 129// "QEnableErrorStrings" 130// 131// BRIEF 132// This packet enables reporting of Error strings in remote packet 133// replies from the server to client. If the server supports this 134// feature, it should send an OK response. The client can expect the 135// following error replies if this feature is enabled in the server -> 136// 137// EXX;AAAAAAAAA 138// 139// where AAAAAAAAA will be a hex encoded ASCII string. 140// XX is hex encoded byte number. 141// 142// It must be noted that even if the client has enabled reporting 143// strings in error replies, it must not expect error strings to all 144// error replies. 145// 146// PRIORITY TO IMPLEMENT 147// Low. Only needed if the remote target wants to provide strings that 148// are human readable along with an error code. 149//---------------------------------------------------------------------- 150 151send packet: $QEnableErrorStrings 152read packet: $OK#00 153 154//---------------------------------------------------------------------- 155// "QSetSTDIN:<ascii-hex-path>" 156// "QSetSTDOUT:<ascii-hex-path>" 157// "QSetSTDERR:<ascii-hex-path>" 158// 159// BRIEF 160// Setup where STDIN, STDOUT, and STDERR go prior to sending an "A" 161// packet. 162// 163// PRIORITY TO IMPLEMENT 164// Low. Only needed if the remote target wants to launch a target after 165// making a connection to a GDB server that isn't already connected to 166// an inferior process. 167//---------------------------------------------------------------------- 168 169When launching a program through the GDB remote protocol with the "A" packet, 170you might also want to specify where stdin/out/err go: 171 172QSetSTDIN:<ascii-hex-path> 173QSetSTDOUT:<ascii-hex-path> 174QSetSTDERR:<ascii-hex-path> 175 176These packets must be sent _prior_ to sending a "A" packet. 177 178//---------------------------------------------------------------------- 179// "QSetWorkingDir:<ascii-hex-path>" 180// 181// BRIEF 182// Set the working directory prior to sending an "A" packet. 183// 184// PRIORITY TO IMPLEMENT 185// Low. Only needed if the remote target wants to launch a target after 186// making a connection to a GDB server that isn't already connected to 187// an inferior process. 188//---------------------------------------------------------------------- 189 190Or specify the working directory: 191 192QSetWorkingDir:<ascii-hex-path> 193 194This packet must be sent _prior_ to sending a "A" packet. 195 196//---------------------------------------------------------------------- 197// "QSetDisableASLR:<bool>" 198// 199// BRIEF 200// Enable or disable ASLR on the next "A" packet. 201// 202// PRIORITY TO IMPLEMENT 203// Low. Only needed if the remote target wants to launch a target after 204// making a connection to a GDB server that isn't already connected to 205// an inferior process and if the target supports disabling ASLR 206// (Address space layout randomization). 207//---------------------------------------------------------------------- 208 209Or control if ASLR is enabled/disabled: 210 211send packet: QSetDisableASLR:1 212read packet: OK 213 214send packet: QSetDisableASLR:0 215read packet: OK 216 217This packet must be sent _prior_ to sending a "A" packet. 218 219//---------------------------------------------------------------------- 220// QListThreadsInStopReply 221// 222// BRIEF 223// Enable the threads: and thread-pcs: data in the question-mark packet 224// ("T packet") responses when the stub reports that a program has 225// stopped executing. 226// 227// PRIORITY TO IMPLEMENT 228// Performance. This is a performance benefit to lldb if the thread id's 229// and thread pc values are provided to lldb in the T stop packet -- if 230// they are not provided to lldb, lldb will likely need to send one to 231// two packets per thread to fetch the data at every private stop. 232//---------------------------------------------------------------------- 233 234send packet: QListThreadsInStopReply 235read packet: OK 236 237//---------------------------------------------------------------------- 238// jLLDBTraceSupported 239// 240// BRIEF 241// Get the processor tracing type supported by the gdb-server for the current 242// inferior. Responses might be different depending on the architecture and 243// capabilities of the underlying OS. 244// 245// OUTPUT SCHEMA 246// { 247// "name": <string>, 248// Tracing technology name, e.g. intel-pt, arm-etm. 249// "description": <string>, 250// Description for this technology. 251// } 252// 253// If no tracing technology is supported for the inferior, or no process is 254// running, then an error message is returned. 255// 256// NOTE 257// This packet is used by Trace plug-ins (see lldb_private::Trace.h) to 258// do live tracing. Specifically, the name of the plug-in should match the name 259// of the tracing technology returned by this packet. 260//---------------------------------------------------------------------- 261 262send packet: jLLDBTraceSupported 263read packet: {"name":<name>, "description":<description>}/E<error code>;AAAAAAAAA 264 265//---------------------------------------------------------------------- 266// jLLDBTraceStart 267// 268// BRIEF 269// Start tracing a process or its threads using a provided tracing technology. 270// The input and output are specified as JSON objects. In case of success, an OK 271// response is returned, or an error otherwise. 272// 273// PROCESS TRACING 274// This traces existing and future threads of the current process. An error is 275// returned if the process is already being traced. 276// 277// THREAD TRACING 278// This traces specific threads. 279// 280// INPUT SCHEMA 281// { 282// "type": <string>, 283// Tracing technology name, e.g. intel-pt, arm-etm. 284// 285// /* thread tracing only */ 286// "tids"?: [<decimal integer>], 287// Individual threads to trace. 288// 289// ... other parameters specific to the provided tracing type 290// } 291// 292// NOTES 293// - If "tids" is not provided, then the operation is "process tracing", 294// otherwise it's "thread tracing". 295// - Each tracing technology can have different levels of support for "thread 296// tracing" and "process tracing". 297// 298// INTEL-PT 299// intel-pt supports both "thread tracing" and "process tracing". 300// 301// "Process tracing" is implemented in two different ways. If the 302// "perCpuTracing" option is false, then each thread is traced individually 303// but managed by the same "process trace" instance. This means that the 304// amount of trace buffers used is proportional to the number of running 305// threads. This is the recommended option unless the number of threads is 306// huge. If "perCpuTracing" is true, then each cpu core is traced invidually 307// instead of each thread, which uses a fixed number of trace buffers, but 308// might result in less data available for less frequent threads. See 309// "perCpuTracing" below for more information. 310// 311// Each actual intel pt trace buffer, either from "process tracing" or "thread 312// tracing", is stored in an in-memory circular buffer, which keeps the most 313// recent data. 314// 315// Additional params in the input schema: 316// { 317// "iptTraceSize": <decimal integer>, 318// Size in bytes used by each individual per-thread or per-cpu trace 319// buffer. It must be a power of 2 greater than or equal to 4096 (2^12) 320// bytes. 321// 322// "enableTsc": <boolean>, 323// Whether to enable TSC timestamps or not. This is supported on 324// all devices that support intel-pt. A TSC timestamp is generated along 325// with PSB (synchronization) packets, whose frequency can be configured 326// with the "psbPeriod" parameter. 327// 328// "psbPeriod"?: <Optional decimal integer>, 329// This value defines the period in which PSB packets will be generated. 330// A PSB packet is a synchronization packet that contains a TSC 331// timestamp and the current absolute instruction pointer. 332// 333// This parameter can only be used if 334// 335// /sys/bus/event_source/devices/intel_pt/caps/psb_cyc 336// 337// is 1. Otherwise, the PSB period will be defined by the processor. 338// 339// If supported, valid values for this period can be found in 340/ 341// /sys/bus/event_source/devices/intel_pt/caps/psb_periods 342// 343// which contains a hexadecimal number, whose bits represent valid 344// values e.g. if bit 2 is set, then value 2 is valid. 345// 346// The psb_period value is converted to the approximate number of 347// raw trace bytes between PSB packets as: 348// 349// 2 ^ (value + 11) 350// 351// e.g. value 3 means 16KiB between PSB packets. Defaults to 352// 0 if supported. 353// 354// /* process tracing only */ 355// "perCpuTracing": <boolean> 356// Instead of having an individual trace buffer per thread, this option 357// triggers the collection on a per cpu core basis. This effectively 358// traces the entire activity on all cores. At decoding time, in order 359// to correctly associate a decoded instruction with a thread, the 360// context switch trace of each core is needed, as well as a record per 361// cpu indicating which thread was running on each core when tracing 362// started. These secondary traces are correlated with the intel-pt 363// trace by comparing TSC timestamps. 364// 365// This option forces the capture of TSC timestamps (see "enableTsc"). 366// 367// Note: This option can't be used simulatenously with any other trace 368// sessions because of its system-wide nature. 369// 370// /* process tracing only */ 371// "processBufferSizeLimit": <decimal integer>, 372// Maximum total buffer size per process in bytes. 373// This limit applies to the sum of the sizes of all thread or cpu core 374// buffers for the current process, excluding the ones started with 375// "thread tracing". 376// 377// If "perCpuTracing" is false, whenever a thread is attempted to be 378// traced due to "process tracing" and the limit would be reached, the 379// process is stopped with a "tracing" reason along with a meaningful 380// description, so that the user can retrace the process if needed. 381// 382// If "perCpuTracing" is true, then starting the system-wide trace 383// session fails if all the individual per-cpu trace buffers require 384// in total more memory that the limit impossed by this parameter. 385// } 386// 387// Notes: 388// - Modifying the parameters of an existing trace is not supported. The user 389// needs to stop the trace and start a new one. 390// - If "process tracing" is attempted and there are individual threads 391// already being traced with "thread tracing", these traces are left 392// unaffected and the threads not traced twice. 393// - If "thread tracing" is attempted on a thread already being traced with 394// either "thread tracing" or "process tracing", it fails. 395//---------------------------------------------------------------------- 396 397Process tracing: 398send packet: jLLDBTraceStart:{"type":<type>,...other params}] 399read packet: OK/E<error code>;AAAAAAAAA 400 401Thread tracing: 402send packet: jLLDBTraceStart:{"type":<type>,"tids":<tids>,...other params}] 403read packet: OK/E<error code>;AAAAAAAAA 404 405//---------------------------------------------------------------------- 406// jLLDBTraceStop 407// 408// BRIEF 409// Stop tracing a process or its threads using a provided tracing technology. 410// The input and output are specified as JSON objects. In case of success, an OK 411// response is returned, or an error otherwise. 412// 413// PROCESS TRACE STOPPING 414// Stopping a process trace stops the active traces initiated with 415// "thread tracing". 416// 417// THREAD TRACE STOPPING 418// This is a best effort request, which tries to stop as many traces as 419// possible. 420// 421// INPUT SCHEMA 422// The schema for the input is 423// 424// { 425// "type": <string> 426// Tracing technology name, e.g. intel-pt, arm-etm. 427// 428// /* thread trace stopping only */ 429// "tids": [<decimal integer>] 430// Individual thread traces to stop. 431// } 432// 433// NOTES 434// - If "tids" is not provided, then the operation is "process trace stopping". 435// 436// INTEL PT 437// Stopping a specific thread trace started with "process tracing" is allowed. 438//---------------------------------------------------------------------- 439 440Process trace stopping: 441send packet: jLLDBTraceStop:{"type":<type>}] 442read packet: OK/E<error code>;AAAAAAAAA 443 444Thread trace stopping: 445send packet: jLLDBTraceStop:{"type":<type>,"tids":<tids>}] 446read packet: OK/E<error code>;AAAAAAAAA 447 448//---------------------------------------------------------------------- 449// jLLDBTraceGetState 450// 451// BRIEF 452// Get the current state of the process and its threads being traced by 453// a given trace technology. The response is a JSON object with custom 454// information depending on the trace technology. In case of errors, an 455// error message is returned. 456// 457// INPUT SCHEMA 458// { 459// "type": <string> 460// Tracing technology name, e.g. intel-pt, arm-etm. 461// } 462// 463// OUTPUT SCHEMA 464// { 465// "tracedThreads": [{ 466// "tid": <decimal integer>, 467// "binaryData": [ 468// { 469// "kind": <string>, 470// Identifier for some binary data related to this thread to 471// fetch with the jLLDBTraceGetBinaryData packet. 472// "size": <decimal integer>, 473// Size in bytes of this thread data. 474// }, 475// ] 476// }], 477// "processBinaryData": [ 478// { 479// "kind": <string>, 480// Identifier for some binary data related to this process to 481// fetch with the jLLDBTraceGetBinaryData packet. 482// "size": <decimal integer>, 483// Size in bytes of this thread data. 484// }, 485// ], 486// "cpus"?: [ 487// "id": <decimal integer>, 488// Identifier for this CPU logical core. 489// "binaryData": [ 490// { 491// "kind": <string>, 492// Identifier for some binary data related to this thread to 493// fetch with the jLLDBTraceGetBinaryData packet. 494// "size": <decimal integer>, 495// Size in bytes of this cpu core data. 496// }, 497// ] 498// ], 499// "warnings"?: [<string>], 500// Non-fatal messages useful for troubleshooting. 501// 502// ... other attributes specific to the given tracing technology 503// } 504// 505// NOTES 506// - "traceThreads" includes all thread traced by both "process tracing" and 507// "thread tracing". 508// 509// INTEL PT 510// 511// If per-cpu process tracing is enabled, "tracedThreads" will contain all 512// the threads of the process without any trace buffers. Besides that, the 513// "cpus" field will also be returned with per cpu core trace buffers. 514// A side effect of per-cpu tracing is that all the threads of unrelated 515// processes will also be traced, thus polluting the tracing data. 516// 517// Binary data kinds: 518// - iptTrace: trace buffer for a thread or a cpu. 519// - perfContextSwitchTrace: context switch trace for a cpu generated by 520// perf_event_open. 521// - procfsCpuInfo: contents of the /proc/cpuinfo file. 522// 523// Additional attributes: 524// tscPerfZeroConversion: 525// 526// This field allows converting Intel processor's TSC values to nanoseconds. 527// It is available through the Linux perf_event API when cap_user_time and cap_user_time_zero 528// are set. 529// See the documentation of time_zero in 530// https://man7.org/linux/man-pages/man2/perf_event_open.2.html for more information about 531// the calculation and the meaning of the values in the schema below. 532/// 533// Schema for this field: 534// 535// "tscPerfZeroConversion": { 536// "timeMult": <decimal integer>, 537// "timeShift": <decimal integer>, 538// "timeZero": <decimal integer>, 539// } 540//---------------------------------------------------------------------- 541 542send packet: jLLDBTraceGetState:{"type":<type>}] 543read packet: {...object}/E<error code>;AAAAAAAAA 544 545//---------------------------------------------------------------------- 546// jLLDBTraceGetBinaryData 547// 548// BRIEF 549// Get binary data given a trace technology and a data identifier. 550// The input is specified as a JSON object and the response has the same format 551// as the "binary memory read" (aka "x") packet. In case of failures, an error 552// message is returned. 553// 554// SCHEMA 555// The schema for the input is 556// 557// { 558// "type": <string>, 559// Tracing technology name, e.g. intel-pt, arm-etm. 560// "kind": <string>, 561// Identifier for the data. 562// "cpuId": <Optional decimal>, 563// Core id in decimal if the data belongs to a CPU core. 564// "tid"?: <Optional decimal>, 565// Tid in decimal if the data belongs to a thread. 566// } 567//---------------------------------------------------------------------- 568 569send packet: jLLDBTraceGetBinaryData:{"type":<type>,"kind":<query>,"tid":<tid>,"offset":<offset>,"size":<size>}] 570read packet: <binary data>/E<error code>;AAAAAAAAA 571 572//---------------------------------------------------------------------- 573// "qRegisterInfo<hex-reg-id>" 574// 575// BRIEF 576// Discover register information from the remote GDB server. 577// 578// PRIORITY TO IMPLEMENT 579// High. Any target that can self describe its registers, should do so. 580// This means if new registers are ever added to a remote target, they 581// will get picked up automatically, and allows registers to change 582// depending on the actual CPU type that is used. 583// 584// NB: As of summer 2015, lldb can get register information from the 585// "qXfer:features:read:target.xml" FSF gdb standard register packet 586// where the stub provides register definitions in an XML file. 587// If qXfer:features:read:target.xml is supported, qRegisterInfo does 588// not need to be implemented. 589//---------------------------------------------------------------------- 590 591With LLDB, for register information, remote GDB servers can add 592support for the "qRegisterInfoN" packet where "N" is a zero based 593base16 register number that must start at zero and increase by one 594for each register that is supported. The response is done in typical 595GDB remote fashion where a series of "KEY:VALUE;" pairs are returned. 596An example for the x86_64 registers is included below: 597 598send packet: $qRegisterInfo0#00 599read packet: $name:rax;bitsize:64;offset:0;encoding:uint;format:hex;set:General Purpose Registers;gcc:0;dwarf:0;#00 600send packet: $qRegisterInfo1#00 601read packet: $name:rbx;bitsize:64;offset:8;encoding:uint;format:hex;set:General Purpose Registers;gcc:3;dwarf:3;#00 602send packet: $qRegisterInfo2#00 603read packet: $name:rcx;bitsize:64;offset:16;encoding:uint;format:hex;set:General Purpose Registers;gcc:2;dwarf:2;#00 604send packet: $qRegisterInfo3#00 605read packet: $name:rdx;bitsize:64;offset:24;encoding:uint;format:hex;set:General Purpose Registers;gcc:1;dwarf:1;#00 606send packet: $qRegisterInfo4#00 607read packet: $name:rdi;bitsize:64;offset:32;encoding:uint;format:hex;set:General Purpose Registers;gcc:5;dwarf:5;#00 608send packet: $qRegisterInfo5#00 609read packet: $name:rsi;bitsize:64;offset:40;encoding:uint;format:hex;set:General Purpose Registers;gcc:4;dwarf:4;#00 610send packet: $qRegisterInfo6#00 611read packet: $name:rbp;alt-name:fp;bitsize:64;offset:48;encoding:uint;format:hex;set:General Purpose Registers;gcc:6;dwarf:6;generic:fp;#00 612send packet: $qRegisterInfo7#00 613read packet: $name:rsp;alt-name:sp;bitsize:64;offset:56;encoding:uint;format:hex;set:General Purpose Registers;gcc:7;dwarf:7;generic:sp;#00 614send packet: $qRegisterInfo8#00 615read packet: $name:r8;bitsize:64;offset:64;encoding:uint;format:hex;set:General Purpose Registers;gcc:8;dwarf:8;#00 616send packet: $qRegisterInfo9#00 617read packet: $name:r9;bitsize:64;offset:72;encoding:uint;format:hex;set:General Purpose Registers;gcc:9;dwarf:9;#00 618send packet: $qRegisterInfoa#00 619read packet: $name:r10;bitsize:64;offset:80;encoding:uint;format:hex;set:General Purpose Registers;gcc:10;dwarf:10;#00 620send packet: $qRegisterInfob#00 621read packet: $name:r11;bitsize:64;offset:88;encoding:uint;format:hex;set:General Purpose Registers;gcc:11;dwarf:11;#00 622send packet: $qRegisterInfoc#00 623read packet: $name:r12;bitsize:64;offset:96;encoding:uint;format:hex;set:General Purpose Registers;gcc:12;dwarf:12;#00 624send packet: $qRegisterInfod#00 625read packet: $name:r13;bitsize:64;offset:104;encoding:uint;format:hex;set:General Purpose Registers;gcc:13;dwarf:13;#00 626send packet: $qRegisterInfoe#00 627read packet: $name:r14;bitsize:64;offset:112;encoding:uint;format:hex;set:General Purpose Registers;gcc:14;dwarf:14;#00 628send packet: $qRegisterInfof#00 629read packet: $name:r15;bitsize:64;offset:120;encoding:uint;format:hex;set:General Purpose Registers;gcc:15;dwarf:15;#00 630send packet: $qRegisterInfo10#00 631read packet: $name:rip;alt-name:pc;bitsize:64;offset:128;encoding:uint;format:hex;set:General Purpose Registers;gcc:16;dwarf:16;generic:pc;#00 632send packet: $qRegisterInfo11#00 633read packet: $name:rflags;alt-name:flags;bitsize:64;offset:136;encoding:uint;format:hex;set:General Purpose Registers;#00 634send packet: $qRegisterInfo12#00 635read packet: $name:cs;bitsize:64;offset:144;encoding:uint;format:hex;set:General Purpose Registers;#00 636send packet: $qRegisterInfo13#00 637read packet: $name:fs;bitsize:64;offset:152;encoding:uint;format:hex;set:General Purpose Registers;#00 638send packet: $qRegisterInfo14#00 639read packet: $name:gs;bitsize:64;offset:160;encoding:uint;format:hex;set:General Purpose Registers;#00 640send packet: $qRegisterInfo15#00 641read packet: $name:fctrl;bitsize:16;offset:176;encoding:uint;format:hex;set:Floating Point Registers;#00 642send packet: $qRegisterInfo16#00 643read packet: $name:fstat;bitsize:16;offset:178;encoding:uint;format:hex;set:Floating Point Registers;#00 644send packet: $qRegisterInfo17#00 645read packet: $name:ftag;bitsize:8;offset:180;encoding:uint;format:hex;set:Floating Point Registers;#00 646send packet: $qRegisterInfo18#00 647read packet: $name:fop;bitsize:16;offset:182;encoding:uint;format:hex;set:Floating Point Registers;#00 648send packet: $qRegisterInfo19#00 649read packet: $name:fioff;bitsize:32;offset:184;encoding:uint;format:hex;set:Floating Point Registers;#00 650send packet: $qRegisterInfo1a#00 651read packet: $name:fiseg;bitsize:16;offset:188;encoding:uint;format:hex;set:Floating Point Registers;#00 652send packet: $qRegisterInfo1b#00 653read packet: $name:fooff;bitsize:32;offset:192;encoding:uint;format:hex;set:Floating Point Registers;#00 654send packet: $qRegisterInfo1c#00 655read packet: $name:foseg;bitsize:16;offset:196;encoding:uint;format:hex;set:Floating Point Registers;#00 656send packet: $qRegisterInfo1d#00 657read packet: $name:mxcsr;bitsize:32;offset:200;encoding:uint;format:hex;set:Floating Point Registers;#00 658send packet: $qRegisterInfo1e#00 659read packet: $name:mxcsrmask;bitsize:32;offset:204;encoding:uint;format:hex;set:Floating Point Registers;#00 660send packet: $qRegisterInfo1f#00 661read packet: $name:stmm0;bitsize:80;offset:208;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:33;dwarf:33;#00 662send packet: $qRegisterInfo20#00 663read packet: $name:stmm1;bitsize:80;offset:224;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:34;dwarf:34;#00 664send packet: $qRegisterInfo21#00 665read packet: $name:stmm2;bitsize:80;offset:240;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:35;dwarf:35;#00 666send packet: $qRegisterInfo22#00 667read packet: $name:stmm3;bitsize:80;offset:256;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:36;dwarf:36;#00 668send packet: $qRegisterInfo23#00 669read packet: $name:stmm4;bitsize:80;offset:272;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:37;dwarf:37;#00 670send packet: $qRegisterInfo24#00 671read packet: $name:stmm5;bitsize:80;offset:288;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:38;dwarf:38;#00 672send packet: $qRegisterInfo25#00 673read packet: $name:stmm6;bitsize:80;offset:304;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:39;dwarf:39;#00 674send packet: $qRegisterInfo26#00 675read packet: $name:stmm7;bitsize:80;offset:320;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:40;dwarf:40;#00 676send packet: $qRegisterInfo27#00 677read packet: $name:xmm0;bitsize:128;offset:336;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:17;dwarf:17;#00 678send packet: $qRegisterInfo28#00 679read packet: $name:xmm1;bitsize:128;offset:352;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:18;dwarf:18;#00 680send packet: $qRegisterInfo29#00 681read packet: $name:xmm2;bitsize:128;offset:368;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:19;dwarf:19;#00 682send packet: $qRegisterInfo2a#00 683read packet: $name:xmm3;bitsize:128;offset:384;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:20;dwarf:20;#00 684send packet: $qRegisterInfo2b#00 685read packet: $name:xmm4;bitsize:128;offset:400;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:21;dwarf:21;#00 686send packet: $qRegisterInfo2c#00 687read packet: $name:xmm5;bitsize:128;offset:416;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:22;dwarf:22;#00 688send packet: $qRegisterInfo2d#00 689read packet: $name:xmm6;bitsize:128;offset:432;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:23;dwarf:23;#00 690send packet: $qRegisterInfo2e#00 691read packet: $name:xmm7;bitsize:128;offset:448;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:24;dwarf:24;#00 692send packet: $qRegisterInfo2f#00 693read packet: $name:xmm8;bitsize:128;offset:464;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:25;dwarf:25;#00 694send packet: $qRegisterInfo30#00 695read packet: $name:xmm9;bitsize:128;offset:480;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:26;dwarf:26;#00 696send packet: $qRegisterInfo31#00 697read packet: $name:xmm10;bitsize:128;offset:496;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:27;dwarf:27;#00 698send packet: $qRegisterInfo32#00 699read packet: $name:xmm11;bitsize:128;offset:512;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:28;dwarf:28;#00 700send packet: $qRegisterInfo33#00 701read packet: $name:xmm12;bitsize:128;offset:528;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:29;dwarf:29;#00 702send packet: $qRegisterInfo34#00 703read packet: $name:xmm13;bitsize:128;offset:544;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:30;dwarf:30;#00 704send packet: $qRegisterInfo35#00 705read packet: $name:xmm14;bitsize:128;offset:560;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:31;dwarf:31;#00 706send packet: $qRegisterInfo36#00 707read packet: $name:xmm15;bitsize:128;offset:576;encoding:vector;format:vector-uint8;set:Floating Point Registers;gcc:32;dwarf:32;#00 708send packet: $qRegisterInfo37#00 709read packet: $name:trapno;bitsize:32;offset:696;encoding:uint;format:hex;set:Exception State Registers;#00 710send packet: $qRegisterInfo38#00 711read packet: $name:err;bitsize:32;offset:700;encoding:uint;format:hex;set:Exception State Registers;#00 712send packet: $qRegisterInfo39#00 713read packet: $name:faultvaddr;bitsize:64;offset:704;encoding:uint;format:hex;set:Exception State Registers;#00 714send packet: $qRegisterInfo3a#00 715read packet: $E45#00 716 717As we see above we keep making subsequent calls to the remote server to 718discover all registers by increasing the number appended to qRegisterInfo and 719we get a response back that is a series of "key=value;" strings. 720 721The offset: fields should not leave a gap anywhere in the g/G packet -- the 722register values should be appended one after another. For instance, if the 723register context for a thread looks like 724 725struct rctx { 726 uint32_t gpr1; // offset 0 727 uint32_t gpr2; // offset 4 728 uint32_t gpr3; // offset 8 729 uint64_t fp1; // offset 16 730}; 731 732You may end up with a 4-byte gap between gpr3 and fp1 on architectures 733that align values like this. The correct offset: value for fp1 is 12 - 734in the g/G packet fp1 will immediately follow gpr3, even though the 735in-memory thread structure has an empty 4 bytes for alignment between 736these two registers. 737 738The keys and values are detailed below: 739 740Key Value 741========== ================================================================ 742name The primary register name as a string ("rbp" for example) 743 744alt-name An alternate name for a register as a string ("fp" for example for 745 the above "rbp") 746 747bitsize Size in bits of a register (32, 64, etc). Base 10. 748 749offset The offset within the "g" and "G" packet of the register data for 750 this register. This is the byte offset once the data has been 751 transformed into binary, not the character offset into the g/G 752 packet. Base 10. 753 754encoding The encoding type of the register which must be one of: 755 756 uint (unsigned integer) 757 sint (signed integer) 758 ieee754 (IEEE 754 float) 759 vector (vector register) 760 761format The preferred format for display of this register. The value must 762 be one of: 763 764 binary 765 decimal 766 hex 767 float 768 vector-sint8 769 vector-uint8 770 vector-sint16 771 vector-uint16 772 vector-sint32 773 vector-uint32 774 vector-float32 775 vector-uint128 776 777set The register set name as a string that this register belongs to. 778 779gcc The GCC compiler registers number for this register (used for 780 EH frame and other compiler information that is encoded in the 781 executable files). The supplied number will be decoded like a 782 string passed to strtoul() with a base of zero, so the number 783 can be decimal, or hex if it is prefixed with "0x". 784 785 NOTE: If the compiler doesn't have a register number for this 786 register, this key/value pair should be omitted. 787 788dwarf The DWARF register number for this register that is used for this 789 register in the debug information. The supplied number will be decoded 790 like a string passed to strtoul() with a base of zero, so the number 791 can be decimal, or hex if it is prefixed with "0x". 792 793 NOTE: If the compiler doesn't have a register number for this 794 register, this key/value pair should be omitted. 795 796generic If the register is a generic register that most CPUs have, classify 797 it correctly so the debugger knows. Valid values are one of: 798 pc (a program counter register. for example "name=eip;" (i386), 799 "name=rip;" (x86_64), "name=r15;" (32 bit arm) would 800 include a "generic=pc;" key value pair) 801 sp (a stack pointer register. for example "name=esp;" (i386), 802 "name=rsp;" (x86_64), "name=r13;" (32 bit arm) would 803 include a "generic=sp;" key value pair) 804 fp (a frame pointer register. for example "name=ebp;" (i386), 805 "name=rbp;" (x86_64), "name=r7;" (32 bit arm with macosx 806 ABI) would include a "generic=fp;" key value pair) 807 ra (a return address register. for example "name=lr;" (32 bit ARM) 808 would include a "generic=ra;" key value pair) 809 fp (a CPU flags register. for example "name=eflags;" (i386), 810 "name=rflags;" (x86_64), "name=cpsr;" (32 bit ARM) 811 would include a "generic=flags;" key value pair) 812 arg1 - arg8 (specified for registers that contain function 813 arguments when the argument fits into a register) 814 815container-regs 816 The value for this key is a comma separated list of raw hex (optional 817 leading "0x") register numbers. 818 819 This specifies that this register is contained in other concrete 820 register values. For example "eax" is in the lower 32 bits of the 821 "rax" register value for x86_64, so "eax" could specify that it is 822 contained in "rax" by specifying the register number for "rax" (whose 823 register number is 0x00) 824 825 "container-regs:00;" 826 827 If a register is comprised of one or more registers, like "d0" is ARM 828 which is a 64 bit register, it might be made up of "s0" and "s1". If 829 the register number for "s0" is 0x20, and the register number of "s1" 830 is "0x21", the "container-regs" key/value pair would be: 831 832 "container-regs:20,21;" 833 834 This is handy for defining what GDB used to call "pseudo" registers. 835 These registers are never requested by LLDB via the register read 836 or write packets, the container registers will be requested on behalf 837 of this register. 838 839invalidate-regs 840 The value for this key is a comma separated list of raw hex (optional 841 leading "0x") register numbers. 842 843 This specifies which register values should be invalidated when this 844 register is modified. For example if modifying "eax" would cause "rax", 845 "eax", "ax", "ah", and "al" to be modified where rax is 0x0, eax is 0x15, 846 ax is 0x25, ah is 0x35, and al is 0x39, the "invalidate-regs" key/value 847 pair would be: 848 849 "invalidate-regs:0,15,25,35,39;" 850 851 If there is a single register that gets invalidated, then omit the comma 852 and just list a single register: 853 854 "invalidate-regs:0;" 855 856 This is handy when modifying a specific register can cause other 857 register values to change. For example, when debugging an ARM target, 858 modifying the CPSR register can cause the r8 - r14 and cpsr value to 859 change depending on if the mode has changed. 860 861//---------------------------------------------------------------------- 862// "qPlatform_shell" 863// 864// BRIEF 865// Run a command in a shell on the connected remote machine. 866// 867// PRIORITY TO IMPLEMENT 868// High. This command allows LLDB clients to run arbitrary shell 869// commands on a remote host. 870// 871/---------------------------------------------------------------------- 872 873The request consists of the command to be executed encoded in ASCII characters 874converted into hex bytes. 875 876The response to this packet consists of the letter F followed by the return code, 877followed by the signal number (or 0 if no signal was delivered), and escaped bytes 878of captured program output. 879 880Below is an example communication from a client sending an "ls -la" command: 881 882send packet: $qPlatform_shell:6c73202d6c61,00000002#ec 883read packet: $F,00000000,00000000,total 4736 884drwxrwxr-x 16 username groupname 4096 Aug 15 21:36 . 885drwxr-xr-x 17 username groupname 4096 Aug 10 16:39 .. 886-rw-rw-r-- 1 username groupname 73875 Aug 12 16:46 notes.txt 887drwxrwxr-x 5 username groupname 4096 Aug 15 21:36 source.cpp 888-rw-r--r-- 1 username groupname 2792 Aug 12 16:46 a.out 889-rw-r--r-- 1 username groupname 3190 Aug 12 16:46 Makefile 890 891//---------------------------------------------------------------------- 892// "qPlatform_mkdir" 893// 894// BRIEF 895// Creates a new directory on the connected remote machine. 896// 897// PRIORITY TO IMPLEMENT 898// Low. This command allows LLDB clients to create new directories on 899// a remote host. 900// 901/---------------------------------------------------------------------- 902 903Request: 904 qPlatform_mkdir:<hex-file-mode>,<ascii-hex-path> 905 906Reply: 907 F<mkdir-return-code> 908 mkdir called successfully and returned with the given return code 909 Exx 910 An error occurred 911 912//---------------------------------------------------------------------- 913// "qPlatform_chmod" 914// 915// BRIEF 916// Change the permissions of a file on the connected remote machine. 917// 918// PRIORITY TO IMPLEMENT 919// Low. This command allows LLDB clients to change the permissions of 920// a file on the remote host. 921// 922/---------------------------------------------------------------------- 923 924Request: 925 qPlatform_chmod:<hex-file-mode>,<ascii-hex-path> 926 927Reply: 928 F<chmod-return-code> 929 chmod called successfully and returned with the given return code 930 Exx 931 An error occurred 932 933//---------------------------------------------------------------------- 934// "qHostInfo" 935// 936// BRIEF 937// Get information about the host we are remotely connected to. 938// 939// PRIORITY TO IMPLEMENT 940// High. This packet is usually very easy to implement and can help 941// LLDB select the correct plug-ins for the job based on the target 942// triple information that is supplied. 943//---------------------------------------------------------------------- 944 945LLDB supports a host info call that gets all sorts of details of the system 946that is being debugged: 947 948send packet: $qHostInfo#00 949read packet: $cputype:16777223;cpusubtype:3;ostype:darwin;vendor:apple;endian:little;ptrsize:8;#00 950 951Key value pairs are one of: 952 953cputype: is a number that is the mach-o CPU type that is being debugged (base 10) 954cpusubtype: is a number that is the mach-o CPU subtype type that is being debugged (base 10) 955triple: a string for the target triple (x86_64-apple-macosx) that can be used to specify arch + vendor + os in one entry 956vendor: a string for the vendor (apple), not needed if "triple" is specified 957ostype: a string for the OS being debugged (macosx, linux, freebsd, ios, watchos), not needed if "triple" is specified 958endian: is one of "little", "big", or "pdp" 959ptrsize: an unsigned number that represents how big pointers are in bytes on the debug target 960hostname: the hostname of the host that is running the GDB server if available 961os_build: a string for the OS build for the remote host as a string value 962os_kernel: a string describing the kernel version 963os_version: a version string that represents the current OS version (10.8.2) 964watchpoint_exceptions_received: one of "before" or "after" to specify if a watchpoint is triggered before or after the pc when it stops 965default_packet_timeout: an unsigned number that specifies the default timeout in seconds 966distribution_id: optional. For linux, specifies distribution id (e.g. ubuntu, fedora, etc.) 967osmajor: optional, specifies the major version number of the OS (e.g. for macOS 10.12.2, it would be 10) 968osminor: optional, specifies the minor version number of the OS (e.g. for macOS 10.12.2, it would be 12) 969ospatch: optional, specifies the patch level number of the OS (e.g. for macOS 10.12.2, it would be 2) 970vm-page-size: optional, specifies the target system VM page size, base 10. 971 Needed for the "dirty-pages:" list in the qMemoryRegionInfo 972 packet, where a list of dirty pages is sent from the remote 973 stub. This page size tells lldb how large each dirty page is. 974addressing_bits: optional, specifies how many bits in addresses are 975 significant for addressing, base 10. If bits 38..0 976 in a 64-bit pointer are significant for addressing, 977 then the value is 39. This is needed on e.g. AArch64 978 v8.3 ABIs that use pointer authentication, so lldb 979 knows which bits to clear/set to get the actual 980 addresses. 981 982//---------------------------------------------------------------------- 983// "qGDBServerVersion" 984// 985// BRIEF 986// Get version information about this implementation of the gdb-remote 987// protocol. 988// 989// PRIORITY TO IMPLEMENT 990// High. This packet is usually very easy to implement and can help 991// LLDB to work around bugs in a server's implementation when they 992// are found. 993//---------------------------------------------------------------------- 994 995The goal of this packet is to provide enough information about an 996implementation of the gdb-remote-protocol server that lldb can 997work around implementation problems that are discovered after the 998version has been released/deployed. The name and version number 999should be sufficiently unique that lldb can unambiguously identify 1000the origin of the program (for instance, debugserver from lldb) and 1001the version/submission number/patch level of the program - whatever 1002is appropriate for your server implementation. 1003 1004The packet follows the key-value pair model, semicolon separated. 1005 1006send packet: $qGDBServerVersion#00 1007read packet: $name:debugserver;version:310.2;#00 1008 1009Other clients may find other key-value pairs to be useful for identifying 1010a gdb stub. Patch level, release name, build number may all be keys that 1011better describe your implementation's version. 1012Suggested key names: 1013 1014 name : the name of your remote server - "debugserver" is the lldb standard 1015 implementation 1016 1017 version : identifies the version number of this server 1018 1019 patch_level : the patch level of this server 1020 1021 release_name : the name of this release, if your project uses names 1022 1023 build_number : if you use a build system with increasing build numbers, 1024 this may be the right key name for your server 1025 1026 major_version : major version number 1027 minor_version : minor version number 1028 1029//---------------------------------------------------------------------- 1030// "qProcessInfo" 1031// 1032// BRIEF 1033// Get information about the process we are currently debugging. 1034// 1035// PRIORITY TO IMPLEMENT 1036// Medium. On systems which can launch multiple different architecture processes, 1037// the qHostInfo may not disambiguate sufficiently to know what kind of 1038// process is being debugged. 1039// e.g. on a 64-bit x86 Mac system both 32-bit and 64-bit user processes are possible, 1040// and with Mach-O universal files, the executable file may contain both 32- and 1041// 64-bit slices so it may be impossible to know until you're attached to a real 1042// process to know what you're working with. 1043// 1044// All numeric fields return base-16 numbers without any "0x" prefix. 1045//---------------------------------------------------------------------- 1046 1047An i386 process: 1048 1049send packet: $qProcessInfo#00 1050read packet: $pid:42a8;parent-pid:42bf;real-uid:ecf;real-gid:b;effective-uid:ecf;effective-gid:b;cputype:7;cpusubtype:3;ostype:macosx;vendor:apple;endian:little;ptrsize:4;#00 1051 1052An x86_64 process: 1053 1054send packet: $qProcessInfo#00 1055read packet: $pid:d22c;parent-pid:d34d;real-uid:ecf;real-gid:b;effective-uid:ecf;effective-gid:b;cputype:1000007;cpusubtype:3;ostype:macosx;vendor:apple;endian:little;ptrsize:8;#00 1056 1057Key value pairs include: 1058 1059pid: the process id 1060parent-pid: the process of the parent process (often debugserver will become the parent when attaching) 1061real-uid: the real user id of the process 1062real-gid: the real group id of the process 1063effective-uid: the effective user id of the process 1064effective-gid: the effective group id of the process 1065cputype: the Mach-O CPU type of the process (base 16) 1066cpusubtype: the Mach-O CPU subtype of the process (base 16) 1067ostype: is a string the represents the OS being debugged (darwin, linux, freebsd) 1068vendor: is a string that represents the vendor (apple) 1069endian: is one of "little", "big", or "pdp" 1070ptrsize: is a number that represents how big pointers are in bytes 1071 1072main-binary-uuid: is the UUID of a firmware type binary that the gdb stub knows about 1073main-binary-address: is the load address of the firmware type binary 1074main-binary-slide: is the slide of the firmware type binary, if address isn't known 1075 1076binary-addresses: A comma-separated list of binary load addresses base16. 1077 lldb will parse the binaries in memory to get UUIDs, then 1078 try to find the binaries & debug info by UUID. Intended for 1079 use with a small number of firmware type binaries where the 1080 search for binary/debug info may be expensive. 1081 1082//---------------------------------------------------------------------- 1083// "qShlibInfoAddr" 1084// 1085// BRIEF 1086// Get an address where the dynamic linker stores information about 1087// where shared libraries are loaded. 1088// 1089// PRIORITY TO IMPLEMENT 1090// High if you have a dynamic loader plug-in in LLDB for your target 1091// triple (see the "qHostInfo" packet) that can use this information. 1092// Many times address load randomization can make it hard to detect 1093// where the dynamic loader binary and data structures are located and 1094// some platforms know, or can find out where this information is. 1095// 1096// Low if you have a debug target where all object and symbol files 1097// contain static load addresses. 1098//---------------------------------------------------------------------- 1099 1100LLDB and GDB both support the "qShlibInfoAddr" packet which is a hint to each 1101debugger as to where to find the dynamic loader information. For darwin 1102binaries that run in user land this is the address of the "all_image_infos" 1103structure in the "/usr/lib/dyld" executable, or the result of a TASK_DYLD_INFO 1104call. The result is returned as big endian hex bytes that are the address 1105value: 1106 1107send packet: $qShlibInfoAddr#00 1108read packet: $7fff5fc40040#00 1109 1110 1111 1112//---------------------------------------------------------------------- 1113// "qThreadStopInfo<tid>" 1114// 1115// BRIEF 1116// Get information about why a thread, whose ID is "<tid>", is stopped. 1117// 1118// PRIORITY TO IMPLEMENT 1119// High if you need to support multi-threaded or multi-core debugging. 1120// Many times one thread will hit a breakpoint and while the debugger 1121// is in the process of suspending the other threads, other threads 1122// will also hit a breakpoint. This packet allows LLDB to know why all 1123// threads (live system debug) / cores (JTAG) in your program have 1124// stopped and allows LLDB to display and control your program 1125// correctly. 1126//---------------------------------------------------------------------- 1127 1128LLDB tries to use the "qThreadStopInfo" packet which is formatted as 1129"qThreadStopInfo%x" where %x is the hex thread ID. This requests information 1130about why a thread is stopped. The response is the same as the stop reply 1131packets and tells us what happened to the other threads. The standard GDB 1132remote packets love to think that there is only _one_ reason that _one_ thread 1133stops at a time. This allows us to see why all threads stopped and allows us 1134to implement better multi-threaded debugging support. 1135 1136//---------------------------------------------------------------------- 1137// "QThreadSuffixSupported" 1138// 1139// BRIEF 1140// Try to enable thread suffix support for the 'g', 'G', 'p', and 'P' 1141// packets. 1142// 1143// PRIORITY TO IMPLEMENT 1144// High. Adding a thread suffix allows us to read and write registers 1145// more efficiently and stops us from having to select a thread with 1146// one packet and then read registers with a second packet. It also 1147// makes sure that no errors can occur where the debugger thinks it 1148// already has a thread selected (see the "Hg" packet from the standard 1149// GDB remote protocol documentation) yet the remote GDB server actually 1150// has another thread selected. 1151//---------------------------------------------------------------------- 1152 1153When reading thread registers, you currently need to set the current 1154thread, then read the registers. This is kind of cumbersome, so we added the 1155ability to query if the remote GDB server supports adding a "thread:<tid>;" 1156suffix to all packets that request information for a thread. To test if the 1157remote GDB server supports this feature: 1158 1159send packet: $QThreadSuffixSupported#00 1160read packet: OK 1161 1162If "OK" is returned, then the 'g', 'G', 'p' and 'P' packets can accept a 1163thread suffix. So to send a 'g' packet (read all register values): 1164 1165send packet: $g;thread:<tid>;#00 1166read packet: .... 1167 1168send packet: $G;thread:<tid>;#00 1169read packet: .... 1170 1171send packet: $p1a;thread:<tid>;#00 1172read packet: .... 1173 1174send packet: $P1a=1234abcd;thread:<tid>;#00 1175read packet: .... 1176 1177 1178otherwise, without this you would need to always send two packets: 1179 1180send packet: $Hg<tid>#00 1181read packet: .... 1182send packet: $g#00 1183read packet: .... 1184 1185We also added support for allocating and deallocating memory. We use this to 1186allocate memory so we can run JITed code. 1187 1188//---------------------------------------------------------------------- 1189// "_M<size>,<permissions>" 1190// 1191// BRIEF 1192// Allocate memory on the remote target with the specified size and 1193// permissions. 1194// 1195// PRIORITY TO IMPLEMENT 1196// High if you want LLDB to be able to JIT code and run that code. JIT 1197// code also needs data which is also allocated and tracked. 1198// 1199// Low if you don't support running JIT'ed code. 1200//---------------------------------------------------------------------- 1201 1202The allocate memory packet starts with "_M<size>,<permissions>". It returns a 1203raw big endian address value, or "" for unimplemented, or "EXX" for an error 1204code. The packet is formatted as: 1205 1206char packet[256]; 1207int packet_len; 1208packet_len = ::snprintf ( 1209 packet, 1210 sizeof(packet), 1211 "_M%zx,%s%s%s", 1212 (size_t)size, 1213 permissions & lldb::ePermissionsReadable ? "r" : "", 1214 permissions & lldb::ePermissionsWritable ? "w" : "", 1215 permissions & lldb::ePermissionsExecutable ? "x" : ""); 1216 1217You request a size and give the permissions. This packet does NOT need to be 1218implemented if you don't want to support running JITed code. The return value 1219is just the address of the newly allocated memory as raw big endian hex bytes. 1220 1221//---------------------------------------------------------------------- 1222// "_m<addr>" 1223// 1224// BRIEF 1225// Deallocate memory that was previously allocated using an allocate 1226// memory pack. 1227// 1228// PRIORITY TO IMPLEMENT 1229// High if you want LLDB to be able to JIT code and run that code. JIT 1230// code also needs data which is also allocated and tracked. 1231// 1232// Low if you don't support running JIT'ed code. 1233//---------------------------------------------------------------------- 1234 1235The deallocate memory packet is "_m<addr>" where you pass in the address you 1236got back from a previous call to the allocate memory packet. It returns "OK" 1237if the memory was successfully deallocated, or "EXX" for an error, or "" if 1238not supported. 1239 1240//---------------------------------------------------------------------- 1241// "qMemoryRegionInfo:<addr>" 1242// 1243// BRIEF 1244// Get information about the address range that contains "<addr>" 1245// 1246// PRIORITY TO IMPLEMENT 1247// Medium. This is nice to have, but it isn't necessary. It helps LLDB 1248// do stack unwinding when we branch into memory that isn't executable. 1249// If we can detect that the code we are stopped in isn't executable, 1250// then we can recover registers for stack frames above the current 1251// frame. Otherwise we must assume we are in some JIT'ed code (not JIT 1252// code that LLDB has made) and assume that no registers are available 1253// in higher stack frames. 1254//---------------------------------------------------------------------- 1255 1256We added a way to get information for a memory region. The packet is: 1257 1258 qMemoryRegionInfo:<addr> 1259 1260Where <addr> is a big endian hex address. The response is returned in a series 1261of tuples like the data returned in a stop reply packet. The currently valid 1262tuples to return are: 1263 1264 start:<start-addr>; // <start-addr> is a big endian hex address that is 1265 // the start address of the range that contains <addr> 1266 1267 size:<size>; // <size> is a big endian hex byte size of the address 1268 // of the range that contains <addr> 1269 1270 permissions:<permissions>; // <permissions> is a string that contains one 1271 // or more of the characters from "rwx" 1272 1273 name:<name>; // <name> is a hex encoded string that contains the name of 1274 // the memory region mapped at the given address. In case of 1275 // regions backed by a file it have to be the absolute path of 1276 // the file while for anonymous regions it have to be the name 1277 // associated to the region if that is available. 1278 1279 flags:<flags-string>; // where <flags-string> is a space separated string 1280 // of flag names. Currently the only supported flag 1281 // is "mt" for AArch64 memory tagging. lldb will 1282 // ignore any other flags in this field. 1283 1284 type:[<type>][,<type>]; // memory types that apply to this region, e.g. 1285 // "stack" for stack memory. 1286 1287 error:<ascii-byte-error-string>; // where <ascii-byte-error-string> is 1288 // a hex encoded string value that 1289 // contains an error string 1290 1291 dirty-pages:[<hexaddr>][,<hexaddr]; // A list of memory pages within this 1292 // region that are "dirty" -- they have been modified. 1293 // Page addresses are in base16. The size of a page can 1294 // be found from the qHostInfo's page-size key-value. 1295 // 1296 // If the stub supports identifying dirty pages within a 1297 // memory region, this key should always be present for all 1298 // qMemoryRegionInfo replies. This key with no pages 1299 // listed ("dirty-pages:;") indicates no dirty pages in 1300 // this memory region. The *absence* of this key means 1301 // that this stub cannot determine dirty pages. 1302 1303If the address requested is not in a mapped region (e.g. we've jumped through 1304a NULL pointer and are at 0x0) currently lldb expects to get back the size 1305of the unmapped region -- that is, the distance to the next valid region. 1306For instance, with a macOS process which has nothing mapped in the first 13074GB of its address space, if we're asking about address 0x2, 1308 1309 qMemoryRegionInfo:2 1310 start:2;size:fffffffe; 1311 1312The lack of 'permissions:' indicates that none of read/write/execute are valid 1313for this region. 1314 1315//---------------------------------------------------------------------- 1316// "x" - Binary memory read 1317// 1318// Like the 'm' (read) and 'M' (write) packets, this is a partner to the 1319// 'X' (write binary data) packet, 'x'. 1320// 1321// It is called like 1322// 1323// xADDRESS,LENGTH 1324// 1325// where both ADDRESS and LENGTH are big-endian base 16 values. 1326// 1327// To test if this packet is available, send a addr/len of 0: 1328// 1329// x0,0 1330// 1331// and you will get an "OK" response. 1332// 1333// The reply will be the data requested in 8-bit binary data format. 1334// The standard quoting is applied to the payload -- characters 1335// } # $ * 1336// will all be escaped with '}' (0x7d) character and then XOR'ed with 0x20. 1337// 1338// A typical use to read 512 bytes at 0x1000 would look like 1339// 1340// x0x1000,0x200 1341// 1342// The "0x" prefixes are optional - like most of the gdb-remote packets, 1343// omitting them will work fine; these numbers are always base 16. 1344// 1345// The length of the payload is not provided. A reliable, 8-bit clean, 1346// transport layer is assumed. 1347//---------------------------------------------------------------------- 1348 1349//---------------------------------------------------------------------- 1350// Detach and stay stopped: 1351// 1352// We extended the "D" packet to specify that the monitor should keep the 1353// target suspended on detach. The normal behavior is to resume execution 1354// on detach. We will send: 1355// 1356// qSupportsDetachAndStayStopped: 1357// 1358// to query whether the monitor supports the extended detach, and if it does, 1359// when we want the monitor to detach but not resume the target, we will 1360// send: 1361// 1362// D1 1363// 1364// In any case, if we want the normal detach behavior we will just send: 1365// 1366// D 1367//---------------------------------------------------------------------- 1368 1369//---------------------------------------------------------------------- 1370// QSaveRegisterState 1371// QSaveRegisterState;thread:XXXX; 1372// 1373// BRIEF 1374// The QSaveRegisterState packet tells the remote debugserver to save 1375// all registers and return a non-zero unique integer ID that 1376// represents these save registers. If thread suffixes are enabled the 1377// second form of this packet is used, otherwise the first form is 1378// used. This packet is called prior to executing an expression, so 1379// the remote GDB server should do anything it needs to in order to 1380// ensure the registers that are saved are correct. On macOS this 1381// involves calling "thread_abort_safely(mach_port_t thread)" to 1382// ensure we get the correct registers for a thread in case it is 1383// currently having code run on its behalf in the kernel. 1384// 1385// RESPONSE 1386// unsigned - The save_id result is a non-zero unsigned integer value 1387// that can be passed back to the GDB server using a 1388// QRestoreRegisterState packet to restore the registers 1389// one time. 1390// "EXX" - or an error code in the form of EXX where XX is a 1391// hex error code. 1392// 1393// PRIORITY TO IMPLEMENT 1394// Low, this is mostly a convenience packet to avoid having to send all 1395// registers via a g packet. It should only be implemented if support 1396// for the QRestoreRegisterState is added. 1397//---------------------------------------------------------------------- 1398 1399//---------------------------------------------------------------------- 1400// QRestoreRegisterState:<save_id> 1401// QRestoreRegisterState:<save_id>;thread:XXXX; 1402// 1403// BRIEF 1404// The QRestoreRegisterState packet tells the remote debugserver to 1405// restore all registers using the "save_id" which is an unsigned 1406// integer that was returned from a previous call to 1407// QSaveRegisterState. The restoration process can only be done once 1408// as the data backing the register state will be freed upon the 1409// completion of the QRestoreRegisterState command. 1410// 1411// If thread suffixes are enabled the second form of this packet is 1412// used, otherwise the first form is used. 1413// 1414// RESPONSE 1415// "OK" - if all registers were successfully restored 1416// "EXX" - for any errors 1417// 1418// PRIORITY TO IMPLEMENT 1419// Low, this is mostly a convenience packet to avoid having to send all 1420// registers via a g packet. It should only be implemented if support 1421// for the QSaveRegisterState is added. 1422//---------------------------------------------------------------------- 1423 1424//---------------------------------------------------------------------- 1425// qFileLoadAddress:<file_path> 1426// 1427// BRIEF 1428// Get the load address of a memory mapped file. 1429// The load address is defined as the address of the first memory 1430// region what contains data mapped from the specified file. 1431// 1432// RESPONSE 1433// <unsigned-hex64> - Load address of the file in big endian encoding 1434// "E01" - the requested file isn't loaded 1435// "EXX" - for any other errors 1436// 1437// PRIORITY TO IMPLEMENT 1438// Low, required if dynamic linker don't fill in the load address of 1439// some object file in the rendezvous data structure. 1440//---------------------------------------------------------------------- 1441 1442//---------------------------------------------------------------------- 1443// qModuleInfo:<module_path>;<arch triple> 1444// 1445// BRIEF 1446// Get information for a module by given module path and architecture. 1447// 1448// RESPONSE 1449// "(uuid|md5):...;triple:...;file_offset:...;file_size...;" 1450// "EXX" - for any errors 1451// 1452// PRIORITY TO IMPLEMENT 1453// Optional, required if dynamic loader cannot fetch module's information like 1454// UUID directly from inferior's memory. 1455//---------------------------------------------------------------------- 1456 1457//---------------------------------------------------------------------- 1458// jModulesInfo:[{"file":"...",triple:"..."}, ...] 1459// 1460// BRIEF 1461// Get information for a list of modules by given module path and 1462// architecture. 1463// 1464// RESPONSE 1465// A JSON array of dictionaries containing the following keys: uuid, 1466// triple, file_path, file_offset, file_size. The meaning of the fields 1467// is the same as in the qModuleInfo packet. The server signals the 1468// failure to retrieve the module info for a file by ommiting the 1469// corresponding array entry from the response. The server may also 1470// include entries the client did not ask for, if it has reason to 1471// the modules will be interesting to the client. 1472// 1473// PRIORITY TO IMPLEMENT 1474// Optional. If not implemented, qModuleInfo packet will be used, which 1475// may be slower if the target contains a large number of modules and 1476// the communication link has a non-negligible latency. 1477//---------------------------------------------------------------------- 1478 1479//---------------------------------------------------------------------- 1480// Stop reply packet extensions 1481// 1482// BRIEF 1483// This section describes some of the additional information you can 1484// specify in stop reply packets that help LLDB to know more detailed 1485// information about your threads. 1486// 1487// DESCRIPTION 1488// Standard GDB remote stop reply packets are reply packets sent in 1489// response to a packet that made the program run. They come in the 1490// following forms: 1491// 1492// "SAA" 1493// "S" means signal and "AA" is a hex signal number that describes why 1494// the thread or stopped. It doesn't specify which thread, so the "T" 1495// packet is recommended to use instead of the "S" packet. 1496// 1497// "TAAkey1:value1;key2:value2;..." 1498// "T" means a thread stopped due to a unix signal where "AA" is a hex 1499// signal number that describes why the program stopped. This is 1500// followed by a series of key/value pairs: 1501// - If key is a hex number, it is a register number and value is 1502// the hex value of the register in debuggee endian byte order. 1503// - If key == "thread", then the value is the big endian hex 1504// thread-id of the stopped thread. 1505// - If key == "core", then value is a hex number of the core on 1506// which the stop was detected. 1507// - If key == "watch" or key == "rwatch" or key == "awatch", then 1508// value is the data address in big endian hex 1509// - If key == "library", then value is ignore and "qXfer:libraries:read" 1510// packets should be used to detect any newly loaded shared libraries 1511// 1512// "WAA" 1513// "W" means the process exited and "AA" is the exit status. 1514// 1515// "XAA" 1516// "X" means the process exited and "AA" is signal that caused the program 1517// to exit. 1518// 1519// "O<ascii-hex-string>" 1520// "O" means STDOUT has data that was written to its console and is 1521// being delivered to the debugger. This packet happens asynchronously 1522// and the debugger is expected to continue to wait for another stop reply 1523// packet. 1524// 1525// LLDB EXTENSIONS 1526// 1527// We have extended the "T" packet to be able to also understand the 1528// following keys and values: 1529// 1530// KEY VALUE DESCRIPTION 1531// =========== ======== ================================================ 1532// "metype" unsigned mach exception type (the value of the EXC_XXX enumerations) 1533// as an unsigned integer. For targets with mach 1534// kernels only. 1535// 1536// "mecount" unsigned mach exception data count as an unsigned integer 1537// For targets with mach kernels only. 1538// 1539// "medata" unsigned There should be "mecount" of these and it is the data 1540// that goes along with a mach exception (as an unsigned 1541// integer). For targets with mach kernels only. 1542// 1543// "name" string The name of the thread as a plain string. The string 1544// must not contain an special packet characters or 1545// contain a ':' or a ';'. Use "hexname" if the thread 1546// name has special characters. 1547// 1548// "hexname" ascii-hex An ASCII hex string that contains the name of the thread 1549// 1550// "qaddr" hex Big endian hex value that contains the libdispatch 1551// queue address for the queue of the thread. 1552// 1553// "reason" enum The enumeration must be one of: 1554// "trace" the program stopped after a single instruction 1555// was executed on a core. Usually done when single 1556// stepping past a breakpoint 1557// "breakpoint" a breakpoint set using a 'z' packet was hit. 1558// "trap" stopped due to user interruption 1559// "signal" stopped due to an actual unix signal, not 1560// just the debugger using a unix signal to keep 1561// the GDB remote client happy. 1562// "watchpoint". Should be used in conjunction with 1563// the "watch"/"rwatch"/"awatch" key value pairs. 1564// "exception" an exception stop reason. Use with 1565// the "description" key/value pair to describe the 1566// exceptional event the user should see as the stop 1567// reason. 1568// "description" ascii-hex An ASCII hex string that contains a more descriptive 1569// reason that the thread stopped. This is only needed 1570// if none of the key/value pairs are enough to 1571// describe why something stopped. 1572// 1573// "threads" comma-sep-base16 A list of thread ids for all threads (including 1574// the thread that we're reporting as stopped) that 1575// are live in the process right now. lldb may 1576// request that this be included in the T packet via 1577// the QListThreadsInStopReply packet earlier in 1578// the debug session. 1579// 1580// Example: 1581// threads:63387,633b2,63424,63462,63486; 1582// 1583// "thread-pcs" comma-sep-base16 A list of pc values for all threads that currently 1584// exist in the process, including the thread that 1585// this T packet is reporting as stopped. 1586// This key-value pair will only be emitted when the 1587// "threads" key is already included in the T packet. 1588// The pc values correspond to the threads reported 1589// in the "threads" list. The number of pcs in the 1590// "thread-pcs" list will be the same as the number of 1591// threads in the "threads" list. 1592// lldb may request that this be included in the T 1593// packet via the QListThreadsInStopReply packet 1594// earlier in the debug session. 1595// 1596// Example: 1597// thread-pcs:dec14,2cf872b0,2cf8681c,2d02d68c,2cf716a8; 1598// 1599// BEST PRACTICES: 1600// Since register values can be supplied with this packet, it is often useful 1601// to return the PC, SP, FP, LR (if any), and FLAGS registers so that separate 1602// packets don't need to be sent to read each of these registers from each 1603// thread. 1604// 1605// If a thread is stopped for no reason (like just because another thread 1606// stopped, or because when one core stops all cores should stop), use a 1607// "T" packet with "00" as the signal number and fill in as many key values 1608// and registers as possible. 1609// 1610// LLDB likes to know why a thread stopped since many thread control 1611// operations like stepping over a source line, actually are implemented 1612// by running the process multiple times. If a breakpoint is hit while 1613// trying to step over a source line and LLDB finds out that a breakpoint 1614// is hit in the "reason", we will know to stop trying to do the step 1615// over because something happened that should stop us from trying to 1616// do the step. If we are at a breakpoint and we disable the breakpoint 1617// at the current PC and do an instruction single step, knowing that 1618// we stopped due to a "trace" helps us know that we can continue 1619// running versus stopping due to a "breakpoint" (if we have two 1620// breakpoint instruction on consecutive instructions). So the more info 1621// we can get about the reason a thread stops, the better job LLDB can 1622// do when controlling your process. A typical GDB server behavior is 1623// to send a SIGTRAP for breakpoints _and_ also when instruction single 1624// stepping, in this case the debugger doesn't really know why we 1625// stopped and it can make it hard for the debugger to control your 1626// program correctly. What if a real SIGTRAP was delivered to a thread 1627// while we were trying to single step? We wouldn't know the difference 1628// with a standard GDB remote server and we could do the wrong thing. 1629// 1630// PRIORITY TO IMPLEMENT 1631// High. Having the extra information in your stop reply packets makes 1632// your debug session more reliable and informative. 1633//---------------------------------------------------------------------- 1634 1635 1636//---------------------------------------------------------------------- 1637// PLATFORM EXTENSION - for use as a GDB remote platform 1638//---------------------------------------------------------------------- 1639// "qfProcessInfo" 1640// "qsProcessInfo" 1641// 1642// BRIEF 1643// Get the first process info (qfProcessInfo) or subsequent process 1644// info (qsProcessInfo) for one or more processes on the remote 1645// platform. The first call gets the first match and subsequent calls 1646// to qsProcessInfo gets the subsequent matches. Return an error EXX, 1647// where XX are two hex digits, when no more matches are available. 1648// 1649// PRIORITY TO IMPLEMENT 1650// Required. The qfProcessInfo packet can be followed by a ':' and 1651// some key value pairs. The key value pairs in the command are: 1652// 1653// KEY VALUE DESCRIPTION 1654// =========== ======== ================================================ 1655// "name" ascii-hex An ASCII hex string that contains the name of 1656// the process that will be matched. 1657// "name_match" enum One of: "equals", "starts_with", "ends_with", 1658// "contains" or "regex" 1659// "pid" integer A string value containing the decimal process ID 1660// "parent_pid" integer A string value containing the decimal parent 1661// process ID 1662// "uid" integer A string value containing the decimal user ID 1663// "gid" integer A string value containing the decimal group ID 1664// "euid" integer A string value containing the decimal effective user ID 1665// "egid" integer A string value containing the decimal effective group ID 1666// "all_users" bool A boolean value that specifies if processes should 1667// be listed for all users, not just the user that the 1668// platform is running as 1669// "triple" string An ASCII triple string ("x86_64", 1670// "x86_64-apple-macosx", "armv7-apple-ios") 1671// "args" string A string value containing the process arguments 1672// separated by the character '-', where each argument is 1673// hex-encoded. It includes argv[0]. 1674// 1675// The response consists of key/value pairs where the key is separated from the 1676// values with colons and each pair is terminated with a semi colon. For a list 1677// of the key/value pairs in the response see the "qProcessInfoPID" packet 1678// documentation. 1679// 1680// Sample packet/response: 1681// send packet: $qfProcessInfo#00 1682// read packet: $pid:60001;ppid:59948;uid:7746;gid:11;euid:7746;egid:11;name:6c6c6462;triple:x86_64-apple-macosx;#00 1683// send packet: $qsProcessInfo#00 1684// read packet: $pid:59992;ppid:192;uid:7746;gid:11;euid:7746;egid:11;name:6d64776f726b6572;triple:x86_64-apple-macosx;#00 1685// send packet: $qsProcessInfo#00 1686// read packet: $E04#00 1687//---------------------------------------------------------------------- 1688 1689 1690//---------------------------------------------------------------------- 1691// PLATFORM EXTENSION - for use as a GDB remote platform 1692//---------------------------------------------------------------------- 1693// "qLaunchGDBServer" 1694// 1695// BRIEF 1696// Have the remote platform launch a GDB server. 1697// 1698// PRIORITY TO IMPLEMENT 1699// Required. The qLaunchGDBServer packet must be followed by a ':' and 1700// some key value pairs. The key value pairs in the command are: 1701// 1702// KEY VALUE DESCRIPTION 1703// =========== ======== ================================================ 1704// "port" integer A string value containing the decimal port ID or 1705// zero if the port should be bound and returned 1706// 1707// "host" integer The host that connections should be limited to 1708// when the GDB server is connected to. 1709// 1710// The response consists of key/value pairs where the key is separated from the 1711// values with colons and each pair is terminated with a semi colon. 1712// 1713// Sample packet/response: 1714// send packet: $qLaunchGDBServer:port:0;host:lldb.apple.com;#00 1715// read packet: $pid:60025;port:50776;#00 1716// 1717// The "pid" key/value pair is only specified if the remote platform launched 1718// a separate process for the GDB remote server and can be omitted if no 1719// process was separately launched. 1720// 1721// The "port" key/value pair in the response lets clients know what port number 1722// to attach to in case zero was specified as the "port" in the sent command. 1723//---------------------------------------------------------------------- 1724 1725 1726//---------------------------------------------------------------------- 1727// PLATFORM EXTENSION - for use as a GDB remote platform 1728//---------------------------------------------------------------------- 1729// "qProcessInfoPID:PID" 1730// 1731// BRIEF 1732// Have the remote platform get detailed information on a process by 1733// ID. PID is specified as a decimal integer. 1734// 1735// PRIORITY TO IMPLEMENT 1736// Optional. 1737// 1738// The response consists of key/value pairs where the key is separated from the 1739// values with colons and each pair is terminated with a semi colon. 1740// 1741// The key value pairs in the response are: 1742// 1743// KEY VALUE DESCRIPTION 1744// =========== ======== ================================================ 1745// "pid" integer Process ID as a decimal integer string 1746// "ppid" integer Parent process ID as a decimal integer string 1747// "uid" integer A string value containing the decimal user ID 1748// "gid" integer A string value containing the decimal group ID 1749// "euid" integer A string value containing the decimal effective user ID 1750// "egid" integer A string value containing the decimal effective group ID 1751// "name" ascii-hex An ASCII hex string that contains the name of the process 1752// "triple" string A target triple ("x86_64-apple-macosx", "armv7-apple-ios") 1753// 1754// Sample packet/response: 1755// send packet: $qProcessInfoPID:60050#00 1756// read packet: $pid:60050;ppid:59948;uid:7746;gid:11;euid:7746;egid:11;name:6c6c6462;triple:x86_64-apple-macosx;#00 1757//---------------------------------------------------------------------- 1758 1759//---------------------------------------------------------------------- 1760// "vAttachName" 1761// 1762// BRIEF 1763// Same as vAttach, except instead of a "pid" you send a process name. 1764// 1765// PRIORITY TO IMPLEMENT 1766// Low. Only needed for "process attach -n". If the packet isn't supported 1767// then "process attach -n" will fail gracefully. So you need only to support 1768// it if attaching to a process by name makes sense for your environment. 1769//---------------------------------------------------------------------- 1770 1771//---------------------------------------------------------------------- 1772// "vAttachWait" 1773// 1774// BRIEF 1775// Same as vAttachName, except that the stub should wait for the next instance 1776// of a process by that name to be launched and attach to that. 1777// 1778// PRIORITY TO IMPLEMENT 1779// Low. Only needed to support "process attach -w -n" which will fail 1780// gracefully if the packet is not supported. 1781//---------------------------------------------------------------------- 1782 1783//---------------------------------------------------------------------- 1784// "qAttachOrWaitSupported" 1785// 1786// BRIEF 1787// This is a binary "is it supported" query. Return OK if you support 1788// vAttachOrWait 1789// 1790// PRIORITY TO IMPLEMENT 1791// Low. This is required if you support vAttachOrWait, otherwise no support 1792// is needed since the standard "I don't recognize this packet" response 1793// will do the right thing. 1794//---------------------------------------------------------------------- 1795 1796//---------------------------------------------------------------------- 1797// "vAttachOrWait" 1798// 1799// BRIEF 1800// Same as vAttachWait, except that the stub will attach to a process 1801// by name if it exists, and if it does not, it will wait for a process 1802// of that name to appear and attach to it. 1803// 1804// PRIORITY TO IMPLEMENT 1805// Low. Only needed to implement "process attach -w -i false -n". If 1806// you don't implement it but do implement -n AND lldb can somehow get 1807// a process list from your device, it will fall back on scanning the 1808// process list, and sending vAttach or vAttachWait depending on 1809// whether the requested process exists already. This is racy, 1810// however, so if you want to support this behavior it is better to 1811// support this packet. 1812//---------------------------------------------------------------------- 1813 1814//---------------------------------------------------------------------- 1815// "jThreadExtendedInfo" 1816// 1817// BRIEF 1818// This packet, which takes its arguments as JSON and sends its reply as 1819// JSON, allows the gdb remote stub to provide additional information 1820// about a given thread. 1821// 1822// PRIORITY TO IMPLEMENT 1823// Low. This packet is only needed if the gdb remote stub wants to 1824// provide interesting additional information about a thread for the 1825// user. 1826// 1827// This packet takes its arguments in JSON form ( http://www.json.org ). 1828// At a minimum, a thread must be specified, for example: 1829// 1830// jThreadExtendedInfo:{"thread":612910} 1831// 1832// Because this is a JSON string, the thread number is provided in base10. 1833// Additional key-value pairs may be provided by lldb to the gdb remote 1834// stub. For instance, on some versions of macOS, lldb can read offset 1835// information out of the system libraries. Using those offsets, debugserver 1836// is able to find the Thread Specific Address (TSD) for a thread and include 1837// that in the return information. So lldb will send these additional fields 1838// like so: 1839// 1840// jThreadExtendedInfo:{"plo_pthread_tsd_base_address_offset":0,"plo_pthread_tsd_base_offset":224,"plo_pthread_tsd_entry_size":8,"thread":612910} 1841// 1842// There are no requirements for what is included in the response. A simple 1843// reply on a OS X Yosemite / iOS 8 may include the pthread_t value, the 1844// Thread Specific Data (TSD) address, the dispatch_queue_t value if the thread 1845// is associated with a GCD queue, and the requested Quality of Service (QoS) 1846// information about that thread. For instance, a reply may look like: 1847// 1848// {"tsd_address":4371349728,"requested_qos":{"enum_value":33,"constant_name":"QOS_CLASS_USER_INTERACTIVE","printable_name":"User Interactive"},"pthread_t":4371349504,"dispatch_queue_t":140735087127872} 1849// 1850// tsd_address, pthread_t, and dispatch_queue_t are all simple key-value pairs. 1851// The JSON standard requires that numbers be expressed in base 10 - so all of 1852// these are. requested_qos is a dictionary with three key-value pairs in it - 1853// so the UI layer may choose the form most appropriate for displaying to the user. 1854// 1855// Sending JSON over gdb-remote protocol introduces some problems. We may be 1856// sending strings with arbitrary contents in them, including the '#', '$', and '*' 1857// characters that have special meaning in gdb-remote protocol and cannot occur 1858// in the middle of the string. The standard solution for this would be to require 1859// ascii-hex encoding of all strings, or ascii-hex encode the entire JSON payload. 1860// 1861// Instead, the binary escaping convention is used for JSON data. This convention 1862// (e.g. used for the X packet) says that if '#', '$', '*', or '}' are to occur in 1863// the payload, the character '}' (0x7d) is emitted, then the metacharacter is emitted 1864// xor'ed by 0x20. The '}' character occurs in every JSON payload at least once, and 1865// '}' ^ 0x20 happens to be ']' so the raw packet characters for a request will look 1866// like 1867// 1868// jThreadExtendedInfo:{"thread":612910}] 1869// 1870// on the wire. 1871//---------------------------------------------------------------------- 1872 1873//---------------------------------------------------------------------- 1874// "QEnableCompression" 1875// 1876// BRIEF 1877// This packet enables compression of the packets that the debug stub sends to lldb. 1878// If the debug stub can support compression, it indictes this in the reply of the 1879// "qSupported" packet. e.g. 1880// LLDB SENDS: qSupported:xmlRegisters=i386,arm,mips 1881// STUB REPLIES: qXfer:features:read+;SupportedCompressions=lzfse,zlib-deflate,lz4,lzma;DefaultCompressionMinSize=384 1882// 1883// If lldb knows how to use any of these compression algorithms, it can ask that this 1884// compression mode be enabled. It may optionally change the minimum packet size 1885// where compression is used. Typically small packets do not benefit from compression, 1886// as well as compression headers -- compression is most beneficial with larger packets. 1887// 1888// QEnableCompression:type:zlib-deflate; 1889// or 1890// QEnableCompression:type:zlib-deflate;minsize:512; 1891// 1892// The debug stub should reply with an uncompressed "OK" packet to indicate that the 1893// request was accepted. All further packets the stub sends will use this compression. 1894// 1895// Packets are compressed as the last step before they are sent from the stub, and 1896// decompressed as the first step after they are received. The packet format in compressed 1897// mode becomes one of two: 1898// 1899// $N<uncompressed payload>#00 1900// 1901// $C<size of uncompressed payload in base10>:<compressed payload>#00 1902// 1903// Where "#00" is the actual checksum value if noack mode is not enabled. The checksum 1904// value is for the "N<uncompressed payload>" or 1905// "C<size of uncompressed payload in base10>:<compressed payload>" bytes in the packet. 1906// 1907// The size of the uncompressed payload in base10 is provided because it will simplify 1908// decompression if the final buffer size needed is known ahead of time. 1909// 1910// Compression on low-latency connections is unlikely to be an improvement. Particularly 1911// when the debug stub and lldb are running on the same host. It should only be used 1912// for slow connections, and likely only for larger packets. 1913// 1914// Example compression algorithsm that may be used include 1915// 1916// zlib-deflate 1917// The raw DEFLATE format as described in IETF RFC 1951. With the ZLIB library, you 1918// can compress to this format with an initialization like 1919// deflateInit2 (&stream, 5, Z_DEFLATED, -15, 8, Z_DEFAULT_STRATEGY) 1920// and you can decompress with an initialization like 1921// inflateInit2 (&stream, -15) 1922// 1923// lz4 1924// https://en.wikipedia.org/wiki/LZ4_(compression_algorithm) 1925// https://github.com/Cyan4973/lz4 1926// The libcompression APIs on darwin systems call this COMPRESSION_LZ4_RAW. 1927// 1928// lzfse 1929// Compression algorithm added in macOS 10.11, with open source C reference 1930// implementation on github. 1931// https://en.wikipedia.org/wiki/LZFSE 1932// https://github.com/lzfse/lzfse 1933// 1934// lzma 1935// libcompression implements "LZMA level 6", the default compression for the 1936// open source LZMA implementation. 1937//---------------------------------------------------------------------- 1938 1939//---------------------------------------------------------------------- 1940// "jGetLoadedDynamicLibrariesInfos" 1941// 1942// BRIEF 1943// This packet asks the remote debug stub to send the details about libraries 1944// being added/removed from the process as a performance optimization. 1945// 1946// There are three ways this packet can be used. All three return a dictionary of 1947// binary images formatted the same way. 1948// 1949// On OS X 10.11, iOS 9, tvOS 9, watchOS 2 and earlier, the packet is used like 1950// jGetLoadedDynamicLibrariesInfos:{"image_count":1,"image_list_address":140734800075128} 1951// where the image_list_address is an array of {void* load_addr, void* mod_date, void* pathname} 1952// in the inferior process memory (and image_count is the number of elements in this array). 1953// lldb is using information from the dyld_all_image_infos structure to make these requests to 1954// debugserver. This use is not supported on macOS 10.12, iOS 10, tvOS 10, watchOS 3 or newer. 1955// 1956// On macOS 10.12, iOS 10, tvOS 10, watchOS 3 and newer, there are two calls. One requests information 1957// on all shared libraries: 1958// jGetLoadedDynamicLibrariesInfos:{"fetch_all_solibs":true} 1959// And the second requests information about a list of shared libraries, given their load addresses: 1960// jGetLoadedDynamicLibrariesInfos:{"solib_addresses":[8382824135,3258302053,830202858503]} 1961// 1962// The second call is both a performance optimization (instead of having lldb read the mach-o header/load commands 1963// out of memory with generic read packets) but also adds additional information in the form of the 1964// filename of the shared libraries (which is not available in the mach-o header/load commands.) 1965// 1966// An example using the OS X 10.11 style call: 1967// 1968// LLDB SENDS: jGetLoadedDynamicLibrariesInfos:{"image_count":1,"image_list_address":140734800075128} 1969// STUB REPLIES: ${"images":[{"load_address":4294967296,"mod_date":0,"pathname":"/tmp/a.out","uuid":"02CF262C-ED6F-3965-9E14-63538B465CFF","mach_header":{"magic":4277009103,"cputype":16777223,"cpusubtype":18446744071562067971,"filetype":2},"segments":{"name":"__PAGEZERO","vmaddr":0,"vmsize":4294967296,"fileoff":0,"filesize":0,"maxprot":0},{"name":"__TEXT","vmaddr":4294967296,"vmsize":4096,"fileoff":0,"filesize":4096,"maxprot":7},{"name":"__LINKEDIT","vmaddr":4294971392,"vmsize":4096,"fileoff":4096,"filesize":152,"maxprot":7}}]}#00 1970// 1971// Or pretty-printed, 1972// 1973// STUB REPLIES: ${"images": 1974// [ 1975// {"load_address":4294967296, 1976// "mod_date":0, 1977// "pathname":"/tmp/a.out", 1978// "uuid":"02CF262C-ED6F-3965-9E14-63538B465CFF", 1979// "mach_header": 1980// {"magic":4277009103, 1981// "cputype":16777223, 1982// "cpusubtype":18446744071562067971, 1983// "filetype":2 1984// }, 1985// "segments": 1986// [ 1987// {"name":"__PAGEZERO", 1988// "vmaddr":0, 1989// "vmsize":4294967296, 1990// "fileoff":0, 1991// "filesize":0, 1992// "maxprot":0 1993// }, 1994// {"name":"__TEXT", 1995// "vmaddr":4294967296, 1996// "vmsize":4096, 1997// "fileoff":0, 1998// "filesize":4096, 1999// "maxprot":7 2000// }, 2001// {"name":"__LINKEDIT", 2002// "vmaddr":4294971392, 2003// "vmsize":4096, 2004// "fileoff":4096, 2005// "filesize":152, 2006// "maxprot":7 2007// } 2008// ] 2009// } 2010// ] 2011// } 2012// 2013// 2014// This is similar to the qXfer:libraries:read packet, and it could 2015// be argued that it should be merged into that packet. A separate 2016// packet was created primarily because lldb needs to specify the 2017// number of images to be read and the address from which the initial 2018// information is read. Also the XML DTD would need to be extended 2019// quite a bit to provide all the information that the DynamicLoaderMacOSX 2020// would need to work correctly on this platform. 2021// 2022// PRIORITY TO IMPLEMENT 2023// On OS X 10.11, iOS 9, tvOS 9, watchOS 2 and older: Low. If this packet is absent, 2024// lldb will read the Mach-O headers/load commands out of memory. 2025// On macOS 10.12, iOS 10, tvOS 10, watchOS 3 and newer: High. If this packet is absent, 2026// lldb will not know anything about shared libraries in the inferior, or where the main 2027// executable loaded. 2028//---------------------------------------------------------------------- 2029 2030//---------------------------------------------------------------------- 2031// "jThreadsInfo" 2032// 2033// BRIEF 2034// Ask for the server for thread stop information of all threads. 2035// 2036// PRIORITY TO IMPLEMENT 2037// Low. This is a performance optimization, which speeds up debugging by avoiding 2038// multiple round-trips for retrieving thread information. The information from this 2039// packet can be retrieved using a combination of qThreadStopInfo and m packets. 2040//---------------------------------------------------------------------- 2041 2042The data in this packet is very similar to the stop reply packets, but is packaged in 2043JSON and uses JSON arrays where applicable. The JSON output looks like: 2044 [ 2045 { "tid":1580681, 2046 "metype":6, 2047 "medata":[2,0], 2048 "reason":"exception", 2049 "qaddr":140735118423168, 2050 "registers": { 2051 "0":"8000000000000000", 2052 "1":"0000000000000000", 2053 "2":"20fabf5fff7f0000", 2054 "3":"e8f8bf5fff7f0000", 2055 "4":"0100000000000000", 2056 "5":"d8f8bf5fff7f0000", 2057 "6":"b0f8bf5fff7f0000", 2058 "7":"20f4bf5fff7f0000", 2059 "8":"8000000000000000", 2060 "9":"61a8db78a61500db", 2061 "10":"3200000000000000", 2062 "11":"4602000000000000", 2063 "12":"0000000000000000", 2064 "13":"0000000000000000", 2065 "14":"0000000000000000", 2066 "15":"0000000000000000", 2067 "16":"960b000001000000", 2068 "17":"0202000000000000", 2069 "18":"2b00000000000000", 2070 "19":"0000000000000000", 2071 "20":"0000000000000000" 2072 }, 2073 "memory":[ 2074 {"address":140734799804592,"bytes":"c8f8bf5fff7f0000c9a59e8cff7f0000"}, 2075 {"address":140734799804616,"bytes":"00000000000000000100000000000000"} 2076 ] 2077 } 2078 ] 2079 2080It contains an array of dictionaries with all of the key value pairs that are 2081normally in the stop reply packet, including the expedited registers. The registers are 2082passed as hex-encoded JSON string in debuggee-endian byte order. Note that the register 2083numbers are decimal numbers, unlike the stop-reply packet, where they are written in 2084hex. The packet also contains expedited memory in the "memory" key. This allows the 2085server to expedite memory that the client is likely to use (e.g., areas around the 2086stack pointer, which are needed for computing backtraces) and it reduces the packet 2087count. 2088 2089On macOS with debugserver, we expedite the frame pointer backchain for a thread 2090(up to 256 entries) by reading 2 pointers worth of bytes at the frame pointer (for 2091the previous FP and PC), and follow the backchain. Most backtraces on macOS and 2092iOS now don't require us to read any memory! 2093 2094//---------------------------------------------------------------------- 2095// "jGetSharedCacheInfo" 2096// 2097// BRIEF 2098// This packet asks the remote debug stub to send the details about the inferior's 2099// shared cache. The shared cache is a collection of common libraries/frameworks that 2100// are mapped into every process at the same address on Darwin systems, and can be 2101// identified by a load address and UUID. 2102// 2103// 2104// LLDB SENDS: jGetSharedCacheInfo:{} 2105// STUB REPLIES: ${"shared_cache_base_address":140735683125248,"shared_cache_uuid":"DDB8D70C-C9A2-3561-B2C8-BE48A4F33F96","no_shared_cache":false,"shared_cache_private_cache":false]}#00 2106// 2107// PRIORITY TO IMPLEMENT 2108// Low. When both lldb and the inferior process are running on the same computer, and lldb 2109// and the inferior process have the same shared cache, lldb may (as an optimization) read 2110// the shared cache out of its own memory instead of using gdb-remote read packets to read 2111// them from the inferior process. 2112//---------------------------------------------------------------------- 2113 2114//---------------------------------------------------------------------- 2115// "qQueryGDBServer" 2116// 2117// BRIEF 2118// Ask the platform for the list of gdbservers we have to connect 2119// 2120// PRIORITY TO IMPLEMENT 2121// Low. The packet is required to support connecting to gdbserver started 2122// by the platform instance automatically. 2123//---------------------------------------------------------------------- 2124 2125If the remote platform automatically started one or more gdbserver instance (without 2126lldb asking it) then it have to return the list of port number or socket name for 2127each of them what can be used by lldb to connect to those instances. 2128 2129The data in this packet is a JSON array of JSON objects with the following keys: 2130"port": <the port number to connect> (optional) 2131"socket_name": <the name of the socket to connect> (optional) 2132 2133Example packet: 2134[ 2135 { "port": 1234 }, 2136 { "port": 5432 }, 2137 { "socket_name": "foo" } 2138] 2139 2140//---------------------------------------------------------------------- 2141// "QSetDetachOnError" 2142// 2143// BRIEF 2144// Sets what the server should do when the communication channel with LLDB 2145// goes down. Either kill the inferior process (0) or remove breakpoints and 2146// detach (1). 2147// 2148// PRIORITY TO IMPLEMENT 2149// Low. Only required if the target wants to keep the inferior process alive 2150// when the communication channel goes down. 2151//---------------------------------------------------------------------- 2152 2153The data in this packet is a single a character, which should be '0' if the 2154inferior process should be killed, or '1' if the server should remove all 2155breakpoints and detach from the inferior. 2156 2157//---------------------------------------------------------------------- 2158// "jGetDyldProcessState" 2159// 2160// BRIEF 2161// This packet fetches the process launch state, as reported by libdyld on 2162// Darwin systems, most importantly to indicate when the system libraries 2163// have initialized sufficiently to safely call utility functions. 2164// 2165// 2166// LLDB SENDS: jGetDyldProcessState 2167// STUB REPLIES: {"process_state_value":48,"process_state string":"dyld_process_state_libSystem_initialized"} 2168// 2169// PRIORITY TO IMPLEMENT 2170// Low. This packet is needed to prevent lldb's utility functions for 2171// scanning the Objective-C class list from running very early in 2172// process startup. 2173//---------------------------------------------------------------------- 2174