Inspecting Obj-C parameters in gdb
Since the addition of i386 and x86_64 to the Mac OS’s repertoire several years back, remembering which registers are used for what has become difficult, and this can complicate the debugging of code for which you have no symbols. So here is my cheat-sheet (posted here, mostly so that I can find it again without google-ing for old mailing list posts; but, I figure someone else may find it useful as well):
arm (before prolog)
$r0➡ arg0 (self)$r1➡ arg1 (_cmd)$r2➡ arg2$r3➡ arg3*($sp)➡ arg4*($sp+4)➡ arg5*($sp+8)➡ arg6
ppc/ppc64
$r3➡ arg0 (self)$r4➡ arg1 (_cmd)$r5➡ arg2$r6➡ arg3$r7➡ arg4$r8➡ arg5
i386 (before prolog)
*($esp+4n)➡ arg(n)*($esp)➡ arg0 (self)*($esp+4)➡ arg1 (_cmd)*($esp+8)➡ arg2*($esp+12)➡ arg3*($esp+16)➡ arg4*($esp+20)➡ arg5
i386 (after prolog)
*($ebp+8+4n)➡ arg(n)*($ebp+4)➡ Return addr*($ebp+8)➡ arg0 (self)*($ebp+12)➡ arg1 (_cmd)*($ebp+16)➡ arg2*($ebp+20)➡ arg3*($ebp+24)➡ arg4*($ebp+28)➡ arg5*($ebp)➡ Previous $ebp
x86_64
$rdi➡ arg0 (self)$rsi➡ arg1 (_cmd)$rdx➡ arg2$rcx➡ arg3$r8➡ arg4$r9➡ arg5
So, if you have a method defined as:
-(id)method:(id)foo bar:(id)bar baz:(id)baz
you can print each of the parameters with:
| arm | ppc/ppc64 | x86_64 | i386 (before prolog) | i386 (after prolog) | |
|---|---|---|---|---|---|
| self | po $r0 |
po $r3 |
po $rdi |
po *(id*)($esp) |
po *(id*)($ebp+8) |
| _cmd | p (SEL)$r1 |
p (SEL)$r4 |
p (SEL)$rsi |
p *(SEL*)($esp+4) |
p *(SEL*)($ebp+12) |
| foo | po $r2 |
po $r5 |
po $rdx |
po *(id*)($esp+8) |
po *(id*)($ebp+16) |
| bar | po $r3 |
po $r6 |
po $rcx |
po *(id*)($esp+12) |
po *(id*)($ebp+20) |
| baz | po *(id*)($sp) |
po $r7 |
po $r8 |
po *(id*)($esp+16) |
po *(id*)($ebp+24) |
As Blake mentioned in his comment, on i386, if you’re at the beginning of a function or method, before the prolog has executed (i.e. the bit of code responsible for saving registers, adjusting the stack pointer, etc.), then ebp won’t have been set up for you yet.
So, I’ve amended the above table.
That complexity is another reason I long for the simplicity of PowerPC asm, not to mention M68k asm; at least x86_64 has made the step towards using registers for parameters where possible.
Edited to add: In case it isn’t obvious, these particular stack offsets and registers assignments only make sense when dealing with pointer and integer parameters and return values. When structures and floating point values come into the mix, things can get more complicated.
Edited to add: I’ve added registers/stack offsets for arm. But note that these are for before the prolog has executed. Arm code seems much looser about what happens in its function prologs, so there really isn’t a standard layout post-prolog
Those stack offsets in i386 assume that the prolog has executed. It might be useful to have another list that references %esp, for when someone sets a breakpoint on the function or method symbol.
Indeed, by the time I care about inspecting values, I’m usually well into a function, so I can usually assume that the prolog has already executed.
Clark, great table. I rely on a bunch of really nifty PPC macros I’ve written to inspect parameters, etc. And one of the big hesitations I have to moving to i386 for full-time development/debugging is having to tackle the i386 ABI(s). I feel ya when you say that PPC was so much simpler ;)
Oh, G-d do I miss 68k assembler. Yes, I completely understand that the move to PowerPC was necessary, but the 68k was designed on purpose so that humans could understand it. If you had told me ten years ago that either 68k or x86 would survive into the indefinite future, I’d have thought you a lunatic if you’d insisted it would be x86. PowerPC’s certainly far better than x86, but I’d argue that not even it is nearly as nice for the developer as 68k was (at least at an ISA level).
For as long as I can for the same reason Daniel Jalkut does, I’ll continue using my G5 for development. Hopefully by the time I switch, the significantly less disgusting x86_64 ISA will be standard enough that I can bypass ever having to really learn about the 32-bit API.
thanks a lot for the list!! that’s really helpful!
even after so many years of Intel Macs, i still can’t get my head around to understand this annoying stack stuff…. ppc with its registers is so much easier to understand…
that’s why i still keep my old powerbook around, its really a lifesaver!
x86 assembly isn’t so bad. I wrote a blog post about it:
http://www.drissman.com/blog/archives/2009/05/16/reverseengineering_in_os_x_on_x86.html
thanks for this comparisons!! that’s exactly what I was looking for.
[...] about x86. Despite the present and future of the Mac being x86, it seems like people have lots of anxiety about having to work with it.I think the problem is not a lack of documentation on x86 assembly, [...]
It’s been a while since I’ve had to deal with PPC, but from what I remember, the arguments often got shoved into high-numbered registers so the argument registers can be reused to call other functions. This means that, if you’ve gone a little ways into the PPC function, you usually have to inspect the assembly to figure out what register you really need to inspect to find the original arguments. Because of that, I actually prefer x86 for debugging as I can just use gdb user-defined functions to inspect the stack.
[...] 这是一篇很好的文章,它讲解了在不同的体系结构下,参数是如何存储的。不过它并没有讲到ARM(= =)。所幸ARM的存储很简单,参数只是按顺序被存储在$r0, $r1, $r2, $r3寄存器里。记住,在所有通过寄存器传递参数的体系结构里(i386不是),只有在函数开头的一小段里,寄存器里存的才是参数。因为在程序进行的过程中,它们随时都可能被其他变量替换掉。 [...]
[...] compiler translates source code into corresponding assembly language instructions, and where the arguments are placed when calling [...]
[...] not yet familiar with how objective-c methods are called, well it’s pretty well described here, at this point we’ll take as fact that $esp contains address of an object whom message is [...]
[...] You might ask where I get the register names from. I found a good article on expaining the various registers of the different platforms: “Inspecting Obj-C parameters in gdb“. [...]
http://lldb.llvm.org/tutorial.html
has a nice trick for lldb:
(lldb) frame variable
self = (SKTGraphicView *) 0x0000000100208b40
_cmd = (struct objc_selector *) 0x000000010001bae1
sender = (id) 0x00000001001264e0
selection = (NSArray *) 0x00000001001264e0
i = (NSUInteger) 0x00000001001264e0
c = (NSUInteger) 0x00000001001253b0
the “frame variable” command without arguments will give you most of what you want.
One thing I wish your table had was how to see the method return value.
Thanks.
Thanks for this post. This might be also useful in the same context:
Print an exception while it is being thrown:
po $r0 (arm)
po $eax (intel)