如何使用GDB调试PHP程序

一般来说，GDB主要完成下面四个方面的功能：

(1)启动你的程序，可以按照你的自定义的要求随心所欲的运行程序。
(2)可让被调试的程序在你所指定的调置的断点处停住。（断点可以是条件表达式）
(3)当程序被停住时，可以检查此时你的程序中所发生的事。
(4)动态的改变你程序的执行环境。

1、简介

GDB是GNU开源组织发布的一个强大的UNIX下的程序调试工具。如果你是在 UNIX平台下做软件，你会发现GDB这个调试工具有比VC、BCB的图形化调试器更强大的功能。同时GDB也具有例如ddd这样的图形化的调试端。

2、调试C/C++程序

直接上代码了

#include<iostream>using namespace std;long factorial(int n); int main(){int n(0);cin>>n;long val=factorial(n);cout<<val<<endl;cin.get();return 0;}long factorial(int n){long result(1);while(n--){ result*=n;} return result;}

编译

g++ k.cpp -g -Wall -Werror -o main

开始调试

[root@localhost code]# gdb ./mainGNU gdb (GDB) Red Hat Enterprise Linux (7.2-83.el6)Copyright (C) 2010 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law. Type "show copying"and "show warranty" for details.This GDB was configured as "i686-redhat-linux-gnu".For bug reporting instructions, please see:<http://www.gnu.org/software/gdb/bugs/>...Reading symbols from /code/main...done.(gdb) l warning: Source file is more recent than executable.1 #include<iostream>2 using namespace std;3 long factorial(int n);45 int main()6 {7 int n(0);8 cin>>n;9 long val=factorial(n);10 cout<<val<<endl;(gdb)

设置断点 break linenumber

(gdb) b 9Breakpoint 1 at 0x80486f9: file k.cpp, line 9.(gdb) rStarting program: /code/main 4Breakpoint 1, main () at k.cpp:99 long val=factorial(n);

设置观察点 watch var

(gdb) sfactorial (n=4) at k.cpp:1717 long result(1);(gdb) l12 return 0;13 }1415 long factorial(int n)16 {17 long result(1);18 while(n--)19 {20 result*=n;21 }(gdb) watch nHardware watchpoint 2: n(gdb) watch resultHardware watchpoint 3: result(gdb) cContinuing.Hardware watchpoint 3: resultOld value = 0New value = 1factorial (n=4) at k.cpp:1818 while(n--)(gdb) Continuing.Hardware watchpoint 2: nOld value = 4New value = 30x08048764 in factorial (n=3) at k.cpp:1818 while(n--)(gdb) Continuing.Hardware watchpoint 3: resultOld value = 1New value = 3factorial (n=3) at k.cpp:1818 while(n--)(gdb) Continuing.Hardware watchpoint 2: nOld value = 3New value = 20x08048764 in factorial (n=2) at k.cpp:1818 while(n--)(gdb) Continuing.Hardware watchpoint 3: resultOld value = 3New value = 6factorial (n=2) at k.cpp:1818 while(n--)(gdb) Continuing.Hardware watchpoint 2: nOld value = 2New value = 10x08048764 in factorial (n=1) at k.cpp:1818 while(n--)(gdb) Continuing.Hardware watchpoint 2: nOld value = 1New value = 00x08048764 in factorial (n=0) at k.cpp:1818 while(n--)(gdb) Continuing.Watchpoint 2 deleted because the program has left the block inwhich its expression is valid.Watchpoint 3 deleted because the program has left the block inwhich its expression is valid.0x08048705 in main () at k.cpp:99 long val=factorial(n);(gdb) p val$1 = 11476980(gdb)

可以看到是while那里，导致n越界了，fix

while(n>0) //doesn't let n reach 0{result*=n;n--; //decrements only after the evaluation}

一些快捷命令

l – list
p – print print {variable}
c – continue
s – step
b - break break line_number/break [file_name]:line_number/break [file_name]:func_name
r - run
set <var> = <value>
watch <var>

ENTER: pressing enter key would execute the previously executed command again.

c/n/s的区别

•c or continue: Debugger will continue executing until the next break point.
•n or next: Debugger will execute the next line as single instruction.
•s or step: Same as next, but does not treats function as a single instruction, instead goes into the function and executes it line by line

3、调试PHP程序

PHP代码

<?php. for($i = 0; $i < 10; $i++){echo $i."/n";sleep(3);if(in_array($i,[1,9,20])){print_r($i*$i);var_dump($i*$i); print $i*$i;} }

开始调试，加上断点

[root@localhost code]# gdb php GNU gdb (GDB) Red Hat Enterprise Linux (7.2-83.el6)Copyright (C) 2010 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law. Type "show copying"and "show warranty" for details.This GDB was configured as "i686-redhat-linux-gnu".For bug reporting instructions, please see:<http://www.gnu.org/software/gdb/bugs/>...Reading symbols from /usr/bin/php...done.(gdb) b zif_sleepBreakpoint 1 at 0x8435180: file /usr/local/src/php-5.5.23/ext/standard/basic_functions.c, line 4449.(gdb) b zif_in_arrayBreakpoint 2 at 0x8426923: file /usr/local/src/php-5.5.23/ext/standard/array.c, line 1215.(gdb) b zif_print_rBreakpoint 3 at 0x8438273: file /usr/local/src/php-5.5.23/ext/standard/basic_functions.c, line 5553.(gdb) b zif_var_dumpBreakpoint 4 at 0x847d296: file /usr/local/src/php-5.5.23/ext/standard/var.c, line 178.(gdb) b zif_printfFunction "zif_printf" not defined.Make breakpoint pending on future shared library load? (y or [n]) n(gdb) b zif_sprintfFunction "zif_sprintf" not defined.Make breakpoint pending on future shared library load? (y or [n]) n(gdb) b printfBreakpoint 5 at 0x806a390(gdb) b memcpyBreakpoint 6 at 0x8069390(gdb) b zif_printFunction "zif_print" not defined.Make breakpoint pending on future shared library load? (y or [n]) n(gdb) b zif_echo Function "zif_echo" not defined.Make breakpoint pending on future shared library load? (y or [n]) n(gdb) info bNum Type Disp Enb Address What1 breakpoint keep y 0x08435180 in zif_sleep at /usr/local/src/php-5.5.23/ext/standard/basic_functions.c:44492 breakpoint keep y 0x08426923 in zif_in_array at /usr/local/src/php-5.5.23/ext/standard/array.c:12153 breakpoint keep y 0x08438273 in zif_print_r at /usr/local/src/php-5.5.23/ext/standard/basic_functions.c:55534 breakpoint keep y 0x0847d296 in zif_var_dump at /usr/local/src/php-5.5.23/ext/standard/var.c:1785 breakpoint keep y 0x0806a390 <printf@plt>6 breakpoint keep y 0x08069390 <memcpy@plt>(gdb)

加几个断点测试一下 syntax：break [file_name]:func_name，这里大致可以看一下 echo print等不是函数了

然后开始调试

(gdb) p *return_value$1 = {value = {lval = 1515870810, dval = 1.7838867517321418e+127, str = {val = 0x5a5a5a5a <Address 0x5a5a5a5a out of bounds>, len = 1515870810}, ht = 0x5a5a5a5a, obj = {handle = 1515870810, handlers = 0x5a5a5a5a}}, refcount__gc = 1, type = 0 '/000', is_ref__gc = 0 '/000'}(gdb) p return_value->value$2 = {lval = 1515870810, dval = 1.7838867517321418e+127, str = {val = 0x5a5a5a5a <Address 0x5a5a5a5a out of bounds>, len = 1515870810}, ht = 0x5a5a5a5a, obj = {handle = 1515870810, handlers = 0x5a5a5a5a}}(gdb) p return_value->value->lval$3 = 1515870810

我们还可以使用内置的gdbinit来调试

(gdb) source /usr/local/src/php-5.5.23/.gdbinit(gdb) zbacktrace[0xb7fa1144] sleep(3) /code/kk.php:4

查看当前堆栈，PHP内核的执行过程

(gdb) bt#0 zif_sleep (ht=1, return_value=0xb7fbd6f0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)at /usr/local/src/php-5.5.23/ext/standard/basic_functions.c:4449#1 0x085f6870 in execute_internal (execute_data_ptr=0xb7fa1144, fci=0x0, return_value_used=0)at /usr/local/src/php-5.5.23/Zend/zend_execute.c:1484#2 0x085aea5f in dtrace_execute_internal (execute_data_ptr=0xb7fa1144, fci=0x0, return_value_used=0)at /usr/local/src/php-5.5.23/Zend/zend_dtrace.c:97#3 0x00935c33 in pt_execute_core (internal=1, execute_data=0xb7fa1144, fci=0x0, rvu=0)at /usr/local/src/trace-0.3.0/extension/trace.c:941#4 0x00935e49 in pt_execute_internal (execute_data=0xb7fa1144, fci=0x0, return_value_used=0)at /usr/local/src/trace-0.3.0/extension/trace.c:1005#5 0x085f7523 in zend_do_fcall_common_helper_SPEC (execute_data=0xb7fa1144) at /usr/local/src/php-5.5.23/Zend/zend_vm_execute.h:552#6 0x085fb2a9 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xb7fa1144) at /usr/local/src/php-5.5.23/Zend/zend_vm_execute.h:2332#7 0x085f6deb in execute_ex (execute_data=0xb7fa1144) at /usr/local/src/php-5.5.23/Zend/zend_vm_execute.h:363#8 0x085ae9dc in dtrace_execute_ex (execute_data=0xb7fa1144) at /usr/local/src/php-5.5.23/Zend/zend_dtrace.c:73#9 0x00935c5e in pt_execute_core (internal=0, execute_data=0xb7fa1144, fci=0x0, rvu=0)at /usr/local/src/trace-0.3.0/extension/trace.c:946#10 0x00935e10 in pt_execute_ex (execute_data=0xb7fa1144) at /usr/local/src/trace-0.3.0/extension/trace.c:1000#11 0x085f6e4a in zend_execute (op_array=0xb7fbc7b4) at /usr/local/src/php-5.5.23/Zend/zend_vm_execute.h:388#12 0x085c1cf2 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-5.5.23/Zend/zend.c:1327#13 0x085470f9 in php_execute_script (primary_file=0xbffff4a4) at /usr/local/src/php-5.5.23/main/main.c:2525#14 0x0865af46 in do_cli (argc=2, argv=0x8b9b908) at /usr/local/src/php-5.5.23/sapi/cli/php_cli.c:994#15 0x0865bff3 in main (argc=2, argv=0x8b9b908) at /usr/local/src/php-5.5.23/sapi/cli/php_cli.c:1378

查看代码段

(gdb) l4444 Delay for a given number of seconds */4445 PHP_FUNCTION(sleep)4446 {4447 long num;44484449 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &num) == FAILURE) {4450 RETURN_FALSE;4451 }4452 if (num < 0) {4453 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number of seconds must be greater than or equal to 0");(gdb) l 44504445 PHP_FUNCTION(sleep)4446 {4447 long num;44484449 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &num) == FAILURE) {4450 RETURN_FALSE;4451 }4452 if (num < 0) {4453 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number of seconds must be greater than or equal to 0");4454 RETURN_FALSE;(gdb) l zif_usleep4463 /* }}} */44644465 /* {{{ proto void usleep(int micro_seconds)4466 Delay for a given number of micro seconds */4467 PHP_FUNCTION(usleep)4468 {4469 #if HAVE_USLEEP4470 long num;44714472 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &num) == FAILURE) {

继续执行

(gdb) n4452 if (num < 0) {(gdb) p num$6 = 3(gdb) n4457 RETURN_LONG(php_sleep(num));(gdb) n4462 }(gdb) nexecute_internal (execute_data_ptr=0xb7fa1144, fci=0x0, return_value_used=0) at /usr/local/src/php-5.5.23/Zend/zend_execute.c:14881488 }

到了execute_internal ，可以查看一下当前函数的一个状态

(gdb) p execute_data_ptr$7 = (zend_execute_data *) 0xb7fa1144(gdb) p *execute_data_ptr$8 = {opline = 0xb7fbcacc, function_state = {function = 0x8bcf3e8, arguments = 0xb7fa119c}, op_array = 0xb7fbc7b4, object = 0x0, symbol_table = 0x8b99cdc, prev_execute_data = 0x0, old_error_reporting = 0x0, nested = 0 '/000', original_return_value = 0x38b4ac9, current_scope = 0x49, current_called_scope = 0x45, current_this = 0x0, fast_ret = 0x0, call_slots = 0xb7fa1188, call = 0xb7fa1188}(gdb) p *execute_data_ptr->function_state.function->common->function_name$9 = 115 's'(gdb) p execute_data_ptr->function_state.function->common->function_name $10 = 0x8af03c9 "sleep"(gdb) p execute_data_ptr->op_array->filename$11 = 0xb7fbc8e8 "/code/kk.php"

查看当前hashtable

(gdb) p *execute_data_ptr->symbol_table$ = {nTableSize = , nTableMask = , nNumOfElements = , nNextFreeElement = , pInternalPointer = xbfbc, pListHead = xbfbc, pListTail = xbfbd, arBuckets = xbfb, pDestructor = xbff <_zval_ptr_dtor_wrapper>, persistent = '/', nApplyCount = '/', bApplyProtection = '/', inconsistent = }

继续执行输出c之后，回车即可，同样可以看到in_array的执行信息

(gdb) p *execute_data_ptr->function_state.function$24 = {type = 1 '/001', common = {type = 1 '/001', function_name = 0x8af1841 "in_array", scope = 0x0, fn_flags = 256, prototype = 0x0, num_args = 3, required_num_args = 2, arg_info = 0x8ae7554}, op_array = {type = 1 '/001', function_name = 0x8af1841 "in_array", scope = 0x0, fn_flags = 256, prototype = 0x0, num_args = 3, required_num_args = 2, arg_info = 0x8ae7554, refcount = 0x842691d, opcodes = 0x8bcf120, last = 0, vars = 0x0, last_var = 0, T = 1, nested_calls = 3086618796, used_stack = 0, brk_cont_array = 0x0, last_brk_cont = 1, try_catch_array = 0xb7fa10dd, last_try_catch = 96, has_finally_block = 160 '/240', static_variables = 0x0, this_var = 11482064, filename = 0xaf1ff4 "|/035/257", line_start = 11482016, line_end = 146381272, doc_comment = 0xbffff238 "x/362/377/277/244/aY/b/021", doc_comment_len = 10305959, early_binding = 11085989, literals = 0x8b7a0a0, last_literal = 140062666, run_time_cache = 0xb7fa10d4, last_cache_slot = 90, reserved = {0x9, 0x8b5f7ac, 0x796, 0x0}}, internal_function = {type = 1 '/001', function_name = 0x8af1841 "in_array", scope = 0x0, fn_flags = 256, prototype = 0x0, num_args = 3, required_num_args = 2, arg_info = 0x8ae7554, handler = 0x842691d <zif_in_array>, module = 0x8bcf120}}(gdb) p execute_data_ptr->function_state.function->common->function_name $26 = 0x8af1841 "in_array"(gdb) p execute_data_ptr->op_array->filename $27 = 0xb7fbc8e8 "/code/kk.php"

还可以加一下监控watch、设置一些调试变量set 等等

其他的调试工具还有 strace 查看系统调用、ltrace 查看类库的调用、vld查看opcode。

以上内容是小编给大家分享的关于如何使用GDB调试PHP程序的全部内容，希望大家喜欢。