coredump分析

关于coredump的产生及原因本文就不做分析，主要介绍一下对一个coredump文件怎么分析。

首先通过命令

gdb freeswitch core.60954

进入gdb。

这里freeswitch 是产生coredump的可执行应用，core.60954是应用产生的coredump文件。

然后执行命令

bt

可以看到运行出错的堆栈信息

(gdb) bt#0  0x00007fd372e3344d in lua_remove () from /lib64/liblua-5.1.so#1  0x00007fd3730635ef in docall (L=0x7fd39802dcc0, narg=<optimized out>, nresults=1, perror=1, fatal=0) at mod_lua.cpp:94#2  0x00007fd373065d94 in LUA::Session::run_dtmf_callback (this=0x7fd3980569d0, input=0x7fd39001f9f0, itype=<optimized out>) at freeswitch_lua.cpp:332#3  0x00007fd3be601241 in audio_bridge_thread (obj=obj@entry=0x7fd398181d20, thread=0x0) at src/switch_ivr_bridge.c:599#4  0x00007fd3be6023c2 in audio_bridge_on_exchange_media (session=0x7fd398077058) at src/switch_ivr_bridge.c:856#5  0x00007fd3be5925ca in switch_core_session_run (session=0x7fd398077058) at src/switch_core_state_machine.c:653#6  0x00007fd3be58be5e in switch_core_session_thread (thread=<optimized out>, obj=0x7fd398077058) at src/switch_core_session.c:1648#7  0x00007fd3be587b53 in switch_core_session_thread_pool_worker (thread=0x7fd398096310, obj=<optimized out>) at src/switch_core_session.c:1711#8  0x00007fd3be842210 in dummy_worker (opaque=0x7fd398096310) at threadproc/unix/thread.c:151#9  0x00007fd3bc653dc5 in start_thread () from /lib64/libpthread.so.0#10 0x00007fd3bbd2bd0d in clone () from /lib64/libc.so.6

到这里还可以打印此时的各个变量信息，用法为

 p file::variable p function::variable

其中file和function分别是文件名及文件的全局变量。函数名及函数里面的变量。

比如打印下面函数：

static void *audio_bridge_thread(switch_thread_t *thread, void *obj){switch_ivr_bridge_data_t *data = obj;int stream_id = 0, pre_b = 0, ans_a = 0, ans_b = 0, originator = 0;switch_input_callback_function_t input_callback;switch_core_session_message_t msg = { 0 };void *user_data;switch_channel_t *chan_a, *chan_b;switch_frame_t *read_frame;switch_core_session_t *session_a, *session_b;

里面的

session_a

的值：

p *audio_bridge_thread::session_a

*号表示指针的值，如果是普通结构体可以去掉。

为了输出结果更好看点，可以执行

 set print pretty on

然后执行结果如下：

(gdb) p *audio_bridge_thread::session_a$5 = {  pool = 0x7fd398075048,   thread = 0x7fd398096310,   thread_id = 140546079377152,   endpoint_interface = 0xac6860,   id = 64,   flags = (SSF_WARN_TRANSCODE | SSF_THREAD_STARTED | SSF_THREAD_RUNNING | SSF_READ_TRANSCODE),   channel = 0x7fd398075130,   event_hooks = {    outgoing_channel = 0x0,     receive_message = 0x0,     receive_event = 0x0,     read_frame = 0x0,     video_read_frame = 0x0,     write_frame = 0x0,     video_write_frame = 0x0,     kill_channel = 0x0,     send_dtmf = 0x0,     recv_dtmf = 0x7fd398181778,     state_change = 0x0,     state_run = 0x0  },   read_codec = 0x7fd398088778,   real_read_codec = 0x7fd398088778,   write_codec = 0x7fd3980887d8,   real_write_codec = 0x0,   video_read_codec = 0x7fd39808d918,   video_write_codec = 0x7fd39808d978, ........

附着到一个pid为39657对应的进程

gdb attach 39657

设置某个文件里面你的断点

break filename:linenumbreak filename:func例如: break switch_ivr_async.c:4530

常用gdb命令

gcc -g  main.c                      //在目标文件加入源代码的信息gdb a.out       (gdb) start                         //开始调试(gdb) n                             //一条一条执行(gdb) step/s                        //执行下一条，如果函数进入函数(gdb) backtrace/bt                  //查看函数调用栈帧(gdb) info/i locals                 //查看当前栈帧局部变量(gdb) frame/f                       //选择栈帧，再查看局部变量(gdb) print/p                       //打印变量的值(gdb) finish                        //运行到当前函数返回(gdb) set var sum=0                 //修改变量值(gdb) list/l 行号或函数名             //列出源码(gdb) display/undisplay sum         //每次停下显示变量的值/取消跟踪(gdb) break/b  行号或函数名           //设置断点(gdb) continue/c                    //连续运行(gdb) info/i breakpoints            //查看已经设置的断点(gdb) delete breakpoints 2          //删除某个断点(gdb) disable/enable breakpoints 3  //禁用/启用某个断点(gdb) break 9 if sum != 0           //满足条件才激活断点(gdb) run/r                         //重新从程序开头连续执行(gdb) watch input[4]                //设置观察点(gdb) info/i watchpoints            //查看设置的观察点(gdb) x/7b input                    //打印存储器内容，b--每个字节一组，7--7组(gdb) disassemble                   //反汇编当前函数或指定函数(gdb) si                            // 一条指令一条指令调试 而 s 是一行一行代码(gdb) info registers                // 显示所有寄存器的当前值(gdb) x/20 $esp                    //查看内存中开始的20个数