trace - How to run record instruction-history and function-call-history in GDB?

Question

(EDIT: per the first answer below the current "trick" seems to be using an Atom processor. But I hope some gdb guru can answer if this is a fundamental limitation, or whether there adding support for other processors is on the roadmap?)

Reverse execution seems to be working in my environment: I can reverse-continue, see a plausible record log, and move around within it:

(gdb) start
...Temporary breakpoint 5 at 0x8048460: file bang.cpp, line 13.
Starting program: /home/thomasg/temp/./bang 

Temporary breakpoint 5, main () at bang.cpp:13
13    f(1000);
(gdb) record 
(gdb) continue 
Continuing.

Breakpoint 3, f (d=900) at bang.cpp:5
5     if(d) {
(gdb) info record 
Active record target: record-full
Record mode:
Lowest recorded instruction number is 1.
Highest recorded instruction number is 1005.
Log contains 1005 instructions.
Max logged instructions is 200000.
(gdb) reverse-continue 
Continuing.

Breakpoint 3, f (d=901) at bang.cpp:5
5     if(d) {
(gdb) record goto end
Go forward to insn number 1005
#0  f (d=900) at bang.cpp:5
5     if(d) {

However the instruction and function histories aren't available:

(gdb) record instruction-history 
You can't do that when your target is `record-full'
(gdb) record function-call-history 
You can't do that when your target is `record-full'

And the only target type available is full, the other documented type "btrace" fails with "Target does not support branch tracing."

So quite possibly it just isn't supported for this target, but as it's a mainstream modern one (gdb 7.6.1-ubuntu, on amd64 Linux Mint "Petra" running an "Intel(R) Core(TM) i5-3570") I'm hoping that I've overlooked a crucial step or config?

Answer 1

It seems that there is no other solution except a CPU that supports it.

More precisely, your kernel has to support Intel Processor Tracing (Intel PT). This can be checked in Linux with:

grep intel_pt /proc/cpuinfo

See also: https://unix.stackexchange.com/questions/43539/what-do-the-flags-in-proc-cpuinfo-mean

The commands only works in record btrace mode.

In the GDB source commit beab5d9, it is nat/linux-btrace.c:kernel_supports_pt that checks if we can enter btrace. The following checks are carried out:

• check if /sys/bus/event_source/devices/intel_pt/type exists and read the type
• do a syscall (SYS_perf_event_open, &attr, child, -1, -1, 0); with the read type, and see if it returns >=0. TODO: why not use the C wrapper?

The first check fails for me: the file does not exist.

Kernel side

cd into the kernel 4.1 source and:

git grep '"intel_pt"'

we find arch/x86/kernel/cpu/perf_event_intel_pt.c which sets up that file. In particular, it does:

if (!test_cpu_cap(&boot_cpu_data, X86_FEATURE_INTEL_PT))
    goto fail;

so intel_pt is a pre-requisite.

How I've found kernel_supports_pt

First grep for:

git grep 'Target does not support branch tracing.'

which leads us to btrace.c:btrace_enable. After a quick debug with:

gdb -q -ex start -ex 'b btrace_enable' -ex c --args /home/ciro/git/binutils-gdb/install/bin/gdb --batch -ex start -ex 'record btrace' ./hello_world.out

Virtual box does not support it either: Extract execution log from gdb record in a VirtualBox VM

Intel SDE

Intel SDE 7.21 already has this CPU feature, checked with:

./sde64 -- cpuid | grep 'Intel processor trace'

But I'm not sure if the Linux kernel can be run on it: https://superuser.com/questions/950992/how-to-run-the-linux-kernel-on-intel-software-development-emulator-sde

Other GDB methods

More generic questions, with less efficient software solutions:

• call graph: List of all function calls made in an application
• instruction trace: Displaying each assembly instruction executed in gdb