Hi,
I see from
rr-project.org that it enhances gdb by allowing reversing execution from a breakpoint/watchpoint. I'm not familiar with rr-debugger, or what debugging interface it provides, but I suppose you're interested in setting breakpoint/watchpoint for using that feature on a program run under DR.
As I mentioned, application symbols are not really usable with gdb while running under DR. There are some ideas that come to mind that you can try. They are not very convenient though.
- For a function that you want to set a breakpoint on, use drwrap_wrap_ex (
https://dynamorio.org/page_drwrap.html) in your client to wrap it and set pre- and post-function callbacks. You can then set gdb breakpoints on these callbacks.
- You can try setting breakpoints/watchpoints on the code cache PCs.
If you run DR with the following options, it'll print out all fragments and their code cache PCs as they are created:
$ gdb --args ./bin64/drrun -loglevel 4 -logmask 0x60 -log_to_stderr -- <app>
(gdb) break exit_interp_build_bb
(gdb) run
Look for something like the following printed before each exit_interp_build_bb:
```
Fragment 1, tag 0x0000000000401000, flags 0x1030, private, size 88:
0x0000000042735008 48 c7 c0 01 00 00 00 mov $0x0000000000000001 -> %rax
0x000000004273500f 48 c7 c7 01 00 00 00 mov $0x0000000000000001 -> %rdi
0x0000000042735016 48 c7 c6 00 20 40 00 mov $0x0000000000402000 -> %rsi
0x000000004273501d 48 c7 c2 06 00 00 00 mov $0x0000000000000006 -> %rdx
0x0000000042735024 eb 05 jmp $0x000000004273502b
0x0000000042735026 e9 07 00 00 00 jmp $0x0000000042735032 <exit stub 0>
0x000000004273502b 0f 05 syscall -> %rcx
0x000000004273502d e9 17 00 00 00 jmp $0x0000000042735049 <exit stub 1>
-------- exit stub 0: -------- <target: 0x000000000040101c> type: fall-through/speculated/IAT
0x0000000042735032 67 65 48 a3 00 00 00 addr32 mov %rax -> %gs:0x00[8byte]
00
0x000000004273503a 48 b8 a0 fd c2 f7 fd mov $0x00007ffdf7c2fda0 -> %rax
7f 00 00
0x0000000042735044 e9 f7 ce fc ff jmp $0x0000000042701f40 <fcache_return>
-------- exit stub 1: -------- <target: 0x000000000040101e> type: fall-through/speculated/IAT
0x0000000042735049 67 65 48 a3 00 00 00 addr32 mov %rax -> %gs:0x00[8byte]
00
0x0000000042735051 48 b8 c0 fd c2 f7 fd mov $0x00007ffdf7c2fdc0 -> %rax
7f 00 00
0x000000004273505b e9 e0 ce fc ff jmp $0x0000000042701f40 <fcache_return>
```
Then you can add a breakpoint on one of these PCs:
This may not be very helpful on large programs though.
+Derek in case you have more helpful ideas.
Abhinav