In gdb, when debugging inside a function, we can use “finish” command to run to the end of a function.
My question is: how does gdb know the ending position of a function, especially when there’s no debugging symbol to match source code “{}”?
I guess gdb looks for either “leave” or “mov %rbp, %rsp,pop %rbp” under x86 in order to judge whether it has reached the end of a function.
But the problem is,
(1) There’re still some extra registers that needs to push/pop at the begin/end of a function call, depending on source code and ABI structure.
(2)The number of registers needs to be push/pop is decided during compilation phase, and I’m afraid this “number” information is not available throw binary executable file.
So, how does gdb determine, where is the end of a function call, so that “finish” command can jump to it?
Thanks!
Advertisement
Answer
gdb doesn’t try to analyze the machine code. Instead, it unwinds the stack, finds the caller’s PC, and sets a temporary breakpoint there. Then it lets the inferior run until the breakpoint is hit.
Due to the way gdb’s unwinder is designed, this automatically handles finish from an inlined function as well (though there are still a few special cases in the code due to this).