1<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 2<html> 3<!-- Copyright (C) 1988-2021 Free Software Foundation, Inc. 4 5Permission is granted to copy, distribute and/or modify this document 6under the terms of the GNU Free Documentation License, Version 1.3 or 7any later version published by the Free Software Foundation; with the 8Invariant Sections being "Free Software" and "Free Software Needs 9Free Documentation", with the Front-Cover Texts being "A GNU Manual," 10and with the Back-Cover Texts as in (a) below. 11 12(a) The FSF's Back-Cover Text is: "You are free to copy and modify 13this GNU Manual. Buying copies from GNU Press supports the FSF in 14developing GNU and promoting software freedom." --> 15<!-- Created by GNU Texinfo 5.1, http://www.gnu.org/software/texinfo/ --> 16<head> 17<title>Debugging with GDB: i386</title> 18 19<meta name="description" content="Debugging with GDB: i386"> 20<meta name="keywords" content="Debugging with GDB: i386"> 21<meta name="resource-type" content="document"> 22<meta name="distribution" content="global"> 23<meta name="Generator" content="makeinfo"> 24<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 25<link href="index.html#Top" rel="start" title="Top"> 26<link href="Concept-Index.html#Concept-Index" rel="index" title="Concept Index"> 27<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents"> 28<link href="Architectures.html#Architectures" rel="up" title="Architectures"> 29<link href="Alpha.html#Alpha" rel="next" title="Alpha"> 30<link href="AArch64.html#AArch64" rel="previous" title="AArch64"> 31<style type="text/css"> 32<!-- 33a.summary-letter {text-decoration: none} 34blockquote.smallquotation {font-size: smaller} 35div.display {margin-left: 3.2em} 36div.example {margin-left: 3.2em} 37div.indentedblock {margin-left: 3.2em} 38div.lisp {margin-left: 3.2em} 39div.smalldisplay {margin-left: 3.2em} 40div.smallexample {margin-left: 3.2em} 41div.smallindentedblock {margin-left: 3.2em; font-size: smaller} 42div.smalllisp {margin-left: 3.2em} 43kbd {font-style:oblique} 44pre.display {font-family: inherit} 45pre.format {font-family: inherit} 46pre.menu-comment {font-family: serif} 47pre.menu-preformatted {font-family: serif} 48pre.smalldisplay {font-family: inherit; font-size: smaller} 49pre.smallexample {font-size: smaller} 50pre.smallformat {font-family: inherit; font-size: smaller} 51pre.smalllisp {font-size: smaller} 52span.nocodebreak {white-space:nowrap} 53span.nolinebreak {white-space:nowrap} 54span.roman {font-family:serif; font-weight:normal} 55span.sansserif {font-family:sans-serif; font-weight:normal} 56ul.no-bullet {list-style: none} 57--> 58</style> 59 60 61</head> 62 63<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000"> 64<a name="i386"></a> 65<div class="header"> 66<p> 67Next: <a href="Alpha.html#Alpha" accesskey="n" rel="next">Alpha</a>, Previous: <a href="AArch64.html#AArch64" accesskey="p" rel="previous">AArch64</a>, Up: <a href="Architectures.html#Architectures" accesskey="u" rel="up">Architectures</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Concept-Index.html#Concept-Index" title="Index" rel="index">Index</a>]</p> 68</div> 69<hr> 70<a name="x86-Architecture_002dSpecific-Issues"></a> 71<h4 class="subsection">21.4.2 x86 Architecture-Specific Issues</h4> 72 73<dl compact="compact"> 74<dt><code>set struct-convention <var>mode</var></code></dt> 75<dd><a name="index-set-struct_002dconvention"></a> 76<a name="index-struct-return-convention"></a> 77<a name="index-struct_002funion-returned-in-registers"></a> 78<p>Set the convention used by the inferior to return <code>struct</code>s and 79<code>union</code>s from functions to <var>mode</var>. Possible values of 80<var>mode</var> are <code>"pcc"</code>, <code>"reg"</code>, and <code>"default"</code> (the 81default). <code>"default"</code> or <code>"pcc"</code> means that <code>struct</code>s 82are returned on the stack, while <code>"reg"</code> means that a 83<code>struct</code> or a <code>union</code> whose size is 1, 2, 4, or 8 bytes will 84be returned in a register. 85</p> 86</dd> 87<dt><code>show struct-convention</code></dt> 88<dd><a name="index-show-struct_002dconvention"></a> 89<p>Show the current setting of the convention to return <code>struct</code>s 90from functions. 91</p></dd> 92</dl> 93 94 95<a name="Intel-Memory-Protection-Extensions-_0028MPX_0029_002e"></a> 96<h4 class="subsubsection">21.4.2.1 Intel <em>Memory Protection Extensions</em> (MPX).</h4> 97<a name="index-Intel-Memory-Protection-Extensions-_0028MPX_0029_002e"></a> 98 99<p>Memory Protection Extension (MPX) adds the bound registers ‘<samp>BND0</samp>’ 100<a name="DOCF17" href="#FOOT17"><sup>17</sup></a> through ‘<samp>BND3</samp>’. Bound registers store a pair of 64-bit values 101which are the lower bound and upper bound. Bounds are effective addresses or 102memory locations. The upper bounds are architecturally represented in 1’s 103complement form. A bound having lower bound = 0, and upper bound = 0 104(1’s complement of all bits set) will allow access to the entire address space. 105</p> 106<p>‘<samp>BND0</samp>’ through ‘<samp>BND3</samp>’ are represented in <small>GDB</small> as ‘<samp>bnd0raw</samp>’ 107through ‘<samp>bnd3raw</samp>’. Pseudo registers ‘<samp>bnd0</samp>’ through ‘<samp>bnd3</samp>’ 108display the upper bound performing the complement of one operation on the 109upper bound value, i.e. when upper bound in ‘<samp>bnd0raw</samp>’ is 0 in the 110<small>GDB</small> ‘<samp>bnd0</samp>’ it will be <code>0xfff…</code>. In this sense it 111can also be noted that the upper bounds are inclusive. 112</p> 113<p>As an example, assume that the register BND0 holds bounds for a pointer having 114access allowed for the range between 0x32 and 0x71. The values present on 115bnd0raw and bnd registers are presented as follows: 116</p> 117<div class="smallexample"> 118<pre class="smallexample"> bnd0raw = {0x32, 0xffffffff8e} 119 bnd0 = {lbound = 0x32, ubound = 0x71} : size 64 120</pre></div> 121 122<p>This way the raw value can be accessed via bnd0raw…bnd3raw. Any 123change on bnd0…bnd3 or bnd0raw…bnd3raw is reflect on its 124counterpart. When the bnd0…bnd3 registers are displayed via 125Python, the display includes the memory size, in bits, accessible to 126the pointer. 127</p> 128<p>Bounds can also be stored in bounds tables, which are stored in 129application memory. These tables store bounds for pointers by specifying 130the bounds pointer’s value along with its bounds. Evaluating and changing 131bounds located in bound tables is therefore interesting while investigating 132bugs on MPX context. <small>GDB</small> provides commands for this purpose: 133</p> 134<dl compact="compact"> 135<dt><code>show mpx bound <var>pointer</var></code></dt> 136<dd><a name="index-show-mpx-bound"></a> 137<p>Display bounds of the given <var>pointer</var>. 138</p> 139</dd> 140<dt><code>set mpx bound <var>pointer</var>, <var>lbound</var>, <var>ubound</var></code></dt> 141<dd><a name="index-set-mpx-bound"></a> 142<p>Set the bounds of a pointer in the bound table. 143This command takes three parameters: <var>pointer</var> is the pointers 144whose bounds are to be changed, <var>lbound</var> and <var>ubound</var> are new values 145for lower and upper bounds respectively. 146</p></dd> 147</dl> 148 149<p>When you call an inferior function on an Intel MPX enabled program, 150GDB sets the inferior’s bound registers to the init (disabled) state 151before calling the function. As a consequence, bounds checks for the 152pointer arguments passed to the function will always pass. 153</p> 154<p>This is necessary because when you call an inferior function, the 155program is usually in the middle of the execution of other function. 156Since at that point bound registers are in an arbitrary state, not 157clearing them would lead to random bound violations in the called 158function. 159</p> 160<p>You can still examine the influence of the bound registers on the 161execution of the called function by stopping the execution of the 162called function at its prologue, setting bound registers, and 163continuing the execution. For example: 164</p> 165<div class="smallexample"> 166<pre class="smallexample"> $ break *upper 167 Breakpoint 2 at 0x4009de: file i386-mpx-call.c, line 47. 168 $ print upper (a, b, c, d, 1) 169 Breakpoint 2, upper (a=0x0, b=0x6e0000005b, c=0x0, d=0x0, len=48).... 170 $ print $bnd0 171 {lbound = 0x0, ubound = ffffffff} : size -1 172</pre></div> 173 174<p>At this last step the value of bnd0 can be changed for investigation of bound 175violations caused along the execution of the call. In order to know how to 176set the bound registers or bound table for the call consult the ABI. 177</p> 178<div class="footnote"> 179<hr> 180<h4 class="footnotes-heading">Footnotes</h4> 181 182<h3><a name="FOOT17" href="#DOCF17">(17)</a></h3> 183<p>The register named with capital letters represent the architecture 184registers.</p> 185</div> 186<hr> 187<div class="header"> 188<p> 189Next: <a href="Alpha.html#Alpha" accesskey="n" rel="next">Alpha</a>, Previous: <a href="AArch64.html#AArch64" accesskey="p" rel="previous">AArch64</a>, Up: <a href="Architectures.html#Architectures" accesskey="u" rel="up">Architectures</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Concept-Index.html#Concept-Index" title="Index" rel="index">Index</a>]</p> 190</div> 191 192 193 194</body> 195</html> 196