17_常用LLDB指令
2020-08-19 本文已影响0人
伶俐ll
lldb指令的格式:
<command> [<subcommand> [<subcommand>...]] <action> [-options [option�value]] [argument [argument...]]
- <command>: 命令
- [<subcommand> [<subcommand>...]]:子命令
- <action>:命令操作
- [-options [option�value]] :命令选项
- [argument [argument...]]:命令参数
- []:表示命令是可选的,可以有也可以没有
例如:给test函数设置断点
(lldb) breakpoint set -n test
- breakpoint:命令
- set:子命令
- -n:命令选项
- test:命令参数
常用指令
一、help
查看指令的用法,比如help breakpoin、help breakpoint set
二、Enter
敲Enter,会自动执行上次的指令
三、执行表达式
expression
执行一个表达式,并将表达式返回的结果输出,expression的完整语法是这样的:expression <cmd-options> -- <expr>
- <cmd-options>:命令选项
- --:命令结束符,表示所有的命令选项已经设置完毕,如果没有命令选项,--可以省略
- <expr>:需要执行的表达式
假如我们在运行过程中,想把view的颜色改成红色看看效果,我们不必写下代码,重新run,只需断点调试,用expression改变颜色,再刷新一下界面,就能看到效果
(lldb) expression self.view.layer.backgroundColor = UIColor.redColor.CGColor
(CGColorRef) $0 = 0x0000600000b63540
(lldb) expression (void)[CATransaction flush]
打印对象地址
(lldb) expression self.view
(UIView *) $1 = 0x00007f7f18c085a0
打印对象
(lldb) expression -O -- self.view
<UIView: 0x7f7f18c085a0; frame = (0 0; 375 667); autoresize = W+H; layer = <CALayer: 0x600002f266e0>>
p & print & call
expression的别名,p是print的缩写
(lldb) p self.view.layer.backgroundColor = UIColor.greenColor.CGColor
(CGColorRef) $1 = 0x0000600000b64fc0
(lldb) p (void)[CATransaction flush]
(lldb) call self.view
(UIView *) $2 = 0x00007f7f18c085a0
(lldb) p self.view
(UIView *) $3 = 0x00007f7f18c085a0
(lldb) expression self.view
(UIView *) $4 = 0x00007f7f18c085a0
(lldb) call self.view
(UIView *) $5 = 0x00007f7f18c085a0
(lldb) print self.view
(UIView *) $6 = 0x00007f7f18c085a0
po
expression -O --的别名
(lldb) expression -O -- self.view
<UIView: 0x7f7f18c085a0; frame = (0 0; 375 667); autoresize = W+H; layer = <CALayer: 0x600002f266e0>>
(lldb) po self.view
<UIView: 0x7f7f18c085a0; frame = (0 0; 375 667); autoresize = W+H; layer = <CALayer: 0x600002f266e0>>
四、打印信息
thread backtrace
打印线程堆栈信息
(lldb) thread backtrace
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 3.1
* frame #0: 0x00000001020b3e6d daf`-[ViewController touchesBegan:withEvent:](self=0x00007f7f18f07170, _cmd="touchesBegan:withEvent:", touches=1 element, event=0x0000600001a60d80) at ViewController.m:34:5
frame #1: 0x00007fff48cb94e2 UIKitCore`forwardTouchMethod + 323
frame #2: 0x00007fff48cb938e UIKitCore`-[UIResponder touchesBegan:withEvent:] + 49
frame #3: 0x00007fff48cc82ab UIKitCore`-[UIWindow _sendTouchesForEvent:] + 622
frame #4: 0x00007fff48cca311 UIKitCore`-[UIWindow sendEvent:] + 4501
frame #5: 0x00007fff48ca4755 UIKitCore`-[UIApplication sendEvent:] + 356
frame #6: 0x00007fff48d2f552 UIKitCore`__dispatchPreprocessedEventFromEventQueue + 7628
frame #7: 0x00007fff48d32716 UIKitCore`__handleEventQueueInternal + 6584
frame #8: 0x00007fff48d28fb9 UIKitCore`__handleHIDEventFetcherDrain + 88
frame #9: 0x00007fff23da0d31 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
frame #10: 0x00007fff23da0c5c CoreFoundation`__CFRunLoopDoSource0 + 76
frame #11: 0x00007fff23da0434 CoreFoundation`__CFRunLoopDoSources0 + 180
frame #12: 0x00007fff23d9b02e CoreFoundation`__CFRunLoopRun + 974
frame #13: 0x00007fff23d9a944 CoreFoundation`CFRunLoopRunSpecific + 404
frame #14: 0x00007fff38ba6c1a GraphicsServices`GSEventRunModal + 139
frame #15: 0x00007fff48c8b9ec UIKitCore`UIApplicationMain + 1605
frame #16: 0x00000001020b41a2 daf`main(argc=1, argv=0x00007ffeedb4acd0) at main.m:18:12
frame #17: 0x00007fff51a231fd libdyld.dylib`start + 1
bt
bt是thread backtrace的别名
thread return []
让函数直接返回某个值,不会执行断点后面的代码,thread return可以接受一个表达式,调用命令之后直接从当前的frame返回表达式的值。
frame variable []
打印当前栈帧的变量,也就是当前函数的局部变量
//打印所有变量
(lldb) frame variable
(ViewController *) self = 0x00007f8ac2c088e0
(SEL) _cmd = "touchesBegan:withEvent:"
(__NSSetM *) touches = 0x0000600000429f00 1 element
(UITouchesEvent *) event = 0x0000600003144b40
//打印指定变量
(lldb) frame variable self
(ViewController *) self = 0x00007f8ac2c088e0
五、流程控制
thread continue、continue、c
表示程序继续运行
Snip20200813_16.png
thread step-over、next、n
源码级别单步运行,把子函数当做整体一步执行
Snip20200813_17.png
thread step-in、step、s
源码级别单步运行,遇到子函数会进入子函数
Snip20200813_18.png
thread step-out、finish
直接执行完当前函数的所有代码,返回到上一个函数
Snip20200813_19.png
threadstep-inst-over、nexti、ni
ni和n类似:n源码级别、ni汇编指令级别
threadstep-inst、stepi、si
si和s类似:s源码级别、si汇编指令级别
五、代码断点
breakpoint set -n 函数名
(lldb) breakpoint set -n test
Breakpoint 3: 4 locations.
(lldb) breakpoint set -n touchesBegan:withEvent:
Breakpoint 2: 90 locations.
(lldb) breakpoint set -n "-[ViewController touchesBegan:withEvent:]"
Breakpoint 3: where = daf`-[ViewController touchesBegan:withEvent:] + 70 at ViewController.m:30:6, address = 0x0000000106d1ff06
breakpoint set -a 函数地址-
breakpointset-r 正则表达式
模糊搜索
(lldb) breakpoint set -n test
breakpoint set -s 动态库 -n 函数名-
breakpoint list
列出所有的断点(每个断点都有自己的编号) -
breakpoint disable 断点编号
禁用断点 -
breakpoint enable 断点编号
启用断点 -
breakpoint delete 断点编号
删除断点 -
breakpoint command add 断点编号
给断点预先设置需要执行的命令,到触发断点时,就会按顺序执行
(lldb) breakpoint set -n "-[ViewController touchesBegan:withEvent:]"
Breakpoint 2: where = daf`-[ViewController touchesBegan:withEvent:] + 70 at ViewController.m:30:6, address = 0x000000010a6dcf06
(lldb) breakpoint command add 2
Enter your debugger command(s). Type 'DONE' to end.
> po self
> p self
> p self.view.layer.backgroundColor = [UIColor redColor].CGColor
> DONE
(lldb) c
Process 25531 resuming
po self
<ViewController: 0x7f87ea40a680>
p self
(ViewController *) $1 = 0x00007f87ea40a680
p self.view.layer.backgroundColor = [UIColor redColor].CGColor
(CGColorRef) $2 = 0x00006000007b1f20
-
breakpoint command list 断点编号
查看某个断点设置的命令
(lldb) breakpoint command list 2
Breakpoint 2:
Breakpoint commands:
po self
p self
p self.view.layer.backgroundColor = [UIColor redColor].CGColor
-
breakpoint command delete 断点编号
删除某个断点设置的命令
(lldb) breakpoint command delete 2
(lldb) breakpoint command list 2
Breakpoint 2 does not have an associated command.
六、内存断点
在内存数据发生改变的时候触发
-
watchpoint set variable 变量
设置断点
(lldb) watchpoint set variable self->_age
Watchpoint created: Watchpoint 1: addr = 0x7fdf1bc07150 size = 4 state = enabled type = w
watchpoint spec = 'self->_age'
new value: 0
watchpoint set expression 地址
(lldb) p &(self->_age)
(int *) $0 = 0x00007f8011f06ff0
(lldb) watchpoint set expression 0x00007f8011f06ff0
Watchpoint created: Watchpoint 1: addr = 0x7f8011f06ff0 size = 8 state = enabled type = w
new value: 0
(lldb)
-
watchpoint list
查看断点 -
watchpoint disable 断点编号
禁用断点 -
watchpoint enable 断点编号
启用断点 -
watchpoint delete 断点编号
删除断点 -
watchpoint command add 断点编号
给断点预先设置需要执行的命令,到触发断点时,就会按顺序执行 -
watchpoint command list 断点编号
查看某个断点设置的命令 -
watchpoint command delete 断点编号
删除某个断点设置的命令
七、模块查找
-
image list
列出所加载的模块信息
(lldb) image list
[ 0] 4EE15C85-378E-38DE-8790-6047181E3944 0x0000000100c8b000 /Users/zhanglingli/Library/Developer/Xcode/DerivedData/daf-eqaqhhwbbadyvibyktibzhhnytym/Build/Products/Debug-iphonesimulator/daf.app/daf
[ 1] E4698FBD-806A-3396-B279-E685BA37430B 0x0000000105b24000 /usr/lib/dyld
[ 2] 548289A2-DC22-3BAA-A2F6-01EADE8D86D7 0x0000000100c99000 /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/usr/lib/dyld_sim
-
image lookup -t 类型
查找某个类型的信息
(lldb) image lookup -t ViewController
Best match found in /Users/zhanglingli/Library/Developer/Xcode/DerivedData/daf-eqaqhhwbbadyvibyktibzhhnytym/Build/Products/Debug-iphonesimulator/daf.app/daf:
id = {0x10000002b}, name = "ViewController", byte-size = 16, decl = ViewController.h:11, compiler_type = "@interface ViewController : UIViewController{
int _age;
}
@property(nonatomic, assign, readwrite, getter = age, setter = setAge:) int age;
@end"
(lldb) image lookup -t NSInteger
Best match found in /Users/zhanglingli/Library/Developer/Xcode/DerivedData/daf-eqaqhhwbbadyvibyktibzhhnytym/Build/Products/Debug-iphonesimulator/daf.app/daf:
id = {0x7fffffff000002e8}, name = "NSInteger", byte-size = 8, decl = NSObjCRuntime.h:12, compiler_type = "typedef NSInteger"
typedef 'NSInteger': id = {0x7fffffff000005b5}, name = "long int", qualified = "long", byte-size = 8, compiler_type = "long"
-
image lookup -a 地址
根据内存地址查找在模块中的位置
例如,当我们发生一个crash
2020-08-14 10:09:09.007340+0800 daf[29312:2133141] *** Terminating app due to uncaught exception 'NSRangeException', reason: '*** -[__NSArrayI objectAtIndexedSubscript:]: index 4 beyond bounds [0 .. 2]'
*** First throw call stack:
(
0 CoreFoundation 0x00007fff23e3cf0e __exceptionPreprocess + 350
1 libobjc.A.dylib 0x00007fff50ba89b2 objc_exception_throw + 48
2 CoreFoundation 0x00007fff23ecfa51 _CFThrowFormattedException + 194
3 CoreFoundation 0x00007fff23eae9bd -[__NSArrayI objectAtIndexedSubscript:] + 93
4 daf 0x000000010c4b8e16 -[ViewController touchesBegan:withEvent:] + 182
5 UIKitCore 0x00007fff48cb94e2 forwardTouchMethod + 323
6 UIKitCore 0x00007fff48cb938e -[UIResponder touchesBegan:withEvent:] + 49
我们可以看出,是由于数组越界导致的crash,并且是在ViewController的touchesBegan:withEvent:方法中调用的,那么具体在哪一行呢,我们就可以通过image lookup -a指令查看
(lldb) image lookup -a 0x000000010c4b8e16
Address: daf[0x0000000100000e16] (daf.__TEXT.__text + 246)
Summary: daf`-[ViewController touchesBegan:withEvent:] + 182 at ViewController.m:26:5
由此可知,crash发生在ViewController.m的第26行
-
image lookup -n 符号或者函数名
查找某个符号或者函数的位置
(lldb) image lookup -n touchesBegan:withEvent:
1 match found in /Users/zhanglingli/Library/Developer/Xcode/DerivedData/daf-eqaqhhwbbadyvibyktibzhhnytym/Build/Products/Debug-iphonesimulator/daf.app/daf:
Address: daf[0x0000000100000d60] (daf.__TEXT.__text + 64)
Summary: daf`-[ViewController touchesBegan:withEvent:] at ViewController.m:23
79 matches found in /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore:
Address: UIKitCore[0x000000000002590c] (UIKitCore.__TEXT.__text + 142380)
Summary: UIKitCore`-[UIInterfaceActionGroupView touchesBegan:withEvent:] Address: UIKitCore[0x000000000002c297] (UIKitCore.__TEXT.__text + 169399)
-
image list -o -f
打印模块的偏移地址、全路径
