1 ================================
2 Source Level Debugging with LLVM
3 ================================
11 This document is the central repository for all information pertaining to debug
12 information in LLVM. It describes the :ref:`actual format that the LLVM debug
13 information takes <format>`, which is useful for those interested in creating
14 front-ends or dealing directly with the information. Further, this document
15 provides specific examples of what debug information for C/C++ looks like.
17 Philosophy behind LLVM debugging information
18 --------------------------------------------
20 The idea of the LLVM debugging information is to capture how the important
21 pieces of the source-language's Abstract Syntax Tree map onto LLVM code.
22 Several design aspects have shaped the solution that appears here. The
25 * Debugging information should have very little impact on the rest of the
26 compiler. No transformations, analyses, or code generators should need to
27 be modified because of debugging information.
29 * LLVM optimizations should interact in :ref:`well-defined and easily described
30 ways <intro_debugopt>` with the debugging information.
32 * Because LLVM is designed to support arbitrary programming languages,
33 LLVM-to-LLVM tools should not need to know anything about the semantics of
34 the source-level-language.
36 * Source-level languages are often **widely** different from one another.
37 LLVM should not put any restrictions of the flavor of the source-language,
38 and the debugging information should work with any language.
40 * With code generator support, it should be possible to use an LLVM compiler
41 to compile a program to native machine code and standard debugging
42 formats. This allows compatibility with traditional machine-code level
43 debuggers, like GDB or DBX.
45 The approach used by the LLVM implementation is to use a small set of
46 :ref:`intrinsic functions <format_common_intrinsics>` to define a mapping
47 between LLVM program objects and the source-level objects. The description of
48 the source-level program is maintained in LLVM metadata in an
49 :ref:`implementation-defined format <ccxx_frontend>` (the C/C++ front-end
50 currently uses working draft 7 of the `DWARF 3 standard
51 <http://www.eagercon.com/dwarf/dwarf3std.htm>`_).
53 When a program is being debugged, a debugger interacts with the user and turns
54 the stored debug information into source-language specific information. As
55 such, a debugger must be aware of the source-language, and is thus tied to a
56 specific language or family of languages.
58 Debug information consumers
59 ---------------------------
61 The role of debug information is to provide meta information normally stripped
62 away during the compilation process. This meta information provides an LLVM
63 user a relationship between generated code and the original program source
66 Currently, debug information is consumed by DwarfDebug to produce dwarf
67 information used by the gdb debugger. Other targets could use the same
68 information to produce stabs or other debug forms.
70 It would also be reasonable to use debug information to feed profiling tools
71 for analysis of generated code, or, tools for reconstructing the original
72 source from generated code.
74 TODO - expound a bit more.
78 Debugging optimized code
79 ------------------------
81 An extremely high priority of LLVM debugging information is to make it interact
82 well with optimizations and analysis. In particular, the LLVM debug
83 information provides the following guarantees:
85 * LLVM debug information **always provides information to accurately read
86 the source-level state of the program**, regardless of which LLVM
87 optimizations have been run, and without any modification to the
88 optimizations themselves. However, some optimizations may impact the
89 ability to modify the current state of the program with a debugger, such
90 as setting program variables, or calling functions that have been
93 * As desired, LLVM optimizations can be upgraded to be aware of the LLVM
94 debugging information, allowing them to update the debugging information
95 as they perform aggressive optimizations. This means that, with effort,
96 the LLVM optimizers could optimize debug code just as well as non-debug
99 * LLVM debug information does not prevent optimizations from
100 happening (for example inlining, basic block reordering/merging/cleanup,
101 tail duplication, etc).
103 * LLVM debug information is automatically optimized along with the rest of
104 the program, using existing facilities. For example, duplicate
105 information is automatically merged by the linker, and unused information
106 is automatically removed.
108 Basically, the debug information allows you to compile a program with
109 "``-O0 -g``" and get full debug information, allowing you to arbitrarily modify
110 the program as it executes from a debugger. Compiling a program with
111 "``-O3 -g``" gives you full debug information that is always available and
112 accurate for reading (e.g., you get accurate stack traces despite tail call
113 elimination and inlining), but you might lose the ability to modify the program
114 and call functions where were optimized out of the program, or inlined away
117 :ref:`LLVM test suite <test-suite-quickstart>` provides a framework to test
118 optimizer's handling of debugging information. It can be run like this:
122 % cd llvm/projects/test-suite/MultiSource/Benchmarks # or some other level
125 This will test impact of debugging information on optimization passes. If
126 debugging information influences optimization passes then it will be reported
127 as a failure. See :doc:`TestingGuide` for more information on LLVM test
128 infrastructure and how to run various tests.
132 Debugging information format
133 ============================
135 LLVM debugging information has been carefully designed to make it possible for
136 the optimizer to optimize the program and debugging information without
137 necessarily having to know anything about debugging information. In
138 particular, the use of metadata avoids duplicated debugging information from
139 the beginning, and the global dead code elimination pass automatically deletes
140 debugging information for a function if it decides to delete the function.
142 To do this, most of the debugging information (descriptors for types,
143 variables, functions, source files, etc) is inserted by the language front-end
144 in the form of LLVM metadata.
146 Debug information is designed to be agnostic about the target debugger and
147 debugging information representation (e.g. DWARF/Stabs/etc). It uses a generic
148 pass to decode the information that represents variables, types, functions,
149 namespaces, etc: this allows for arbitrary source-language semantics and
150 type-systems to be used, as long as there is a module written for the target
151 debugger to interpret the information.
153 To provide basic functionality, the LLVM debugger does have to make some
154 assumptions about the source-level language being debugged, though it keeps
155 these to a minimum. The only common features that the LLVM debugger assumes
156 exist are :ref:`source files <format_files>`, and :ref:`program objects
157 <format_global_variables>`. These abstract objects are used by a debugger to
158 form stack traces, show information about local variables, etc.
160 This section of the documentation first describes the representation aspects
161 common to any source-language. :ref:`ccxx_frontend` describes the data layout
162 conventions used by the C and C++ front-ends.
164 Debug information descriptors
165 -----------------------------
167 In consideration of the complexity and volume of debug information, LLVM
168 provides a specification for well formed debug descriptors.
170 Consumers of LLVM debug information expect the descriptors for program objects
171 to start in a canonical format, but the descriptors can include additional
172 information appended at the end that is source-language specific. All debugging
173 information objects start with a tag to indicate what type of object it is.
174 The source-language is allowed to define its own objects, by using unreserved
175 tag numbers. We recommend using with tags in the range 0x1000 through 0x2000
176 (there is a defined ``enum DW_TAG_user_base = 0x1000``.)
178 The fields of debug descriptors used internally by LLVM are restricted to only
179 the simple data types ``i32``, ``i1``, ``float``, ``double``, ``mdstring`` and
189 Most of the string and integer fields in descriptors are packed into a single,
190 null-separated ``mdstring``. The first field of the header is always an
191 ``i32`` containing the DWARF tag value identifying the content of the
194 For clarity of definition in this document, these header fields are described
195 below split inside an imaginary ``DIHeader`` construct. This is invalid
196 assembly syntax. In valid IR, these fields are stringified and concatenated,
197 separated by ``\00``.
199 The details of the various descriptors follow.
201 Compile unit descriptors
202 ^^^^^^^^^^^^^^^^^^^^^^^^
208 i32, ;; Tag = 17 (DW_TAG_compile_unit)
209 i32, ;; DWARF language identifier (ex. DW_LANG_C89)
210 mdstring, ;; Producer (ex. "4.0.1 LLVM (LLVM research group)")
211 i1, ;; True if this is optimized.
213 i32, ;; Runtime version
214 mdstring, ;; Split debug filename
215 i32 ;; Debug info emission kind (1 = Full Debug Info, 2 = Line Tables Only)
217 metadata, ;; Source directory (including trailing slash) & file pair
218 metadata, ;; List of enums types
219 metadata, ;; List of retained types
220 metadata, ;; List of subprograms
221 metadata, ;; List of global variables
222 metadata ;; List of imported entities
225 These descriptors contain a source language ID for the file (we use the DWARF
226 3.0 ID numbers, such as ``DW_LANG_C89``, ``DW_LANG_C_plus_plus``,
227 ``DW_LANG_Cobol74``, etc), a reference to a metadata node containing a pair of
228 strings for the source file name and the working directory, as well as an
229 identifier string for the compiler that produced it.
231 Compile unit descriptors provide the root context for objects declared in a
232 specific compilation unit. File descriptors are defined using this context.
233 These descriptors are collected by a named metadata ``!llvm.dbg.cu``. They
234 keep track of subprograms, global variables, type information, and imported
235 entities (declarations and namespaces).
246 i32 ;; Tag = 41 (DW_TAG_file_type)
248 metadata ;; Source directory (including trailing slash) & file pair
251 These descriptors contain information for a file. Global variables and top
252 level functions would be defined using this context. File descriptors also
253 provide context for source line correspondence.
255 Each input file is encoded as a separate file descriptor in LLVM debugging
258 .. _format_global_variables:
260 Global variable descriptors
261 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
267 i32, ;; Tag = 52 (DW_TAG_variable)
269 mdstring, ;; Display name (fully qualified C++ name)
270 mdstring, ;; MIPS linkage name (for C++)
271 i32, ;; Line number where defined
272 i1, ;; True if the global is local to compile unit (static)
273 i1 ;; True if the global is defined in the compile unit (not extern)
275 metadata, ;; Reference to context descriptor
276 metadata, ;; Reference to file where defined
277 metadata, ;; Reference to type descriptor
278 {}*, ;; Reference to the global variable
279 metadata, ;; The static member declaration, if any
282 These descriptors provide debug information about global variables. They
283 provide details such as name, type and where the variable is defined. All
284 global variables are collected inside the named metadata ``!llvm.dbg.cu``.
286 .. _format_subprograms:
288 Subprogram descriptors
289 ^^^^^^^^^^^^^^^^^^^^^^
295 i32, ;; Tag = 46 (DW_TAG_subprogram)
297 mdstring, ;; Display name (fully qualified C++ name)
298 mdstring, ;; MIPS linkage name (for C++)
299 i32, ;; Line number where defined
300 i1, ;; True if the global is local to compile unit (static)
301 i1, ;; True if the global is defined in the compile unit (not extern)
302 i32, ;; Virtuality, e.g. dwarf::DW_VIRTUALITY__virtual
303 i32, ;; Index into a virtual function
304 i32, ;; Flags - Artificial, Private, Protected, Explicit, Prototyped.
306 i32 ;; Line number where the scope of the subprogram begins
308 metadata, ;; Source directory (including trailing slash) & file pair
309 metadata, ;; Reference to context descriptor
310 metadata, ;; Reference to type descriptor
311 metadata, ;; indicates which base type contains the vtable pointer for the
313 {}*, ;; Reference to the LLVM function
314 metadata, ;; Lists function template parameters
315 metadata, ;; Function declaration descriptor
316 metadata ;; List of function variables
319 These descriptors provide debug information about functions, methods and
320 subprograms. They provide details such as name, return types and the source
321 location where the subprogram is defined.
330 i32, ;; Tag = 11 (DW_TAG_lexical_block)
332 i32, ;; Column number
333 i32 ;; Unique ID to identify blocks from a template function
335 metadata, ;; Source directory (including trailing slash) & file pair
336 metadata ;; Reference to context descriptor
339 This descriptor provides debug information about nested blocks within a
340 subprogram. The line number and column numbers are used to dinstinguish two
341 lexical blocks at same depth.
347 i32, ;; Tag = 11 (DW_TAG_lexical_block)
348 i32 ;; DWARF path discriminator value
350 metadata, ;; Source directory (including trailing slash) & file pair
351 metadata ;; Reference to the scope we're annotating with a file change
354 This descriptor provides a wrapper around a lexical scope to handle file
355 changes in the middle of a lexical block.
357 .. _format_basic_type:
359 Basic type descriptors
360 ^^^^^^^^^^^^^^^^^^^^^^
366 i32, ;; Tag = 36 (DW_TAG_base_type)
367 mdstring, ;; Name (may be "" for anonymous types)
368 i32, ;; Line number where defined (may be 0)
370 i64, ;; Alignment in bits
371 i64, ;; Offset in bits
373 i32 ;; DWARF type encoding
375 metadata, ;; Source directory (including trailing slash) & file pair (may be null)
376 metadata ;; Reference to context
379 These descriptors define primitive types used in the code. Example ``int``,
380 ``bool`` and ``float``. The context provides the scope of the type, which is
381 usually the top level. Since basic types are not usually user defined the
382 context and line number can be left as NULL and 0. The size, alignment and
383 offset are expressed in bits and can be 64 bit values. The alignment is used
384 to round the offset when embedded in a :ref:`composite type
385 <format_composite_type>` (example to keep float doubles on 64 bit boundaries).
386 The offset is the bit offset if embedded in a :ref:`composite type
387 <format_composite_type>`.
389 The type encoding provides the details of the type. The values are typically
390 one of the following:
398 DW_ATE_signed_char = 6
400 DW_ATE_unsigned_char = 8
402 .. _format_derived_type:
404 Derived type descriptors
405 ^^^^^^^^^^^^^^^^^^^^^^^^
411 i32, ;; Tag (see below)
412 mdstring, ;; Name (may be "" for anonymous types)
413 i32, ;; Line number where defined (may be 0)
415 i64, ;; Alignment in bits
416 i64, ;; Offset in bits
417 i32 ;; Flags to encode attributes, e.g. private
419 metadata, ;; Source directory (including trailing slash) & file pair (may be null)
420 metadata, ;; Reference to context
421 metadata, ;; Reference to type derived from
422 metadata ;; (optional) Objective C property node
425 These descriptors are used to define types derived from other types. The value
426 of the tag varies depending on the meaning. The following are possible tag
431 DW_TAG_formal_parameter = 5
433 DW_TAG_pointer_type = 15
434 DW_TAG_reference_type = 16
436 DW_TAG_ptr_to_member_type = 31
437 DW_TAG_const_type = 38
438 DW_TAG_volatile_type = 53
439 DW_TAG_restrict_type = 55
441 ``DW_TAG_member`` is used to define a member of a :ref:`composite type
442 <format_composite_type>` or :ref:`subprogram <format_subprograms>`. The type
443 of the member is the :ref:`derived type <format_derived_type>`.
444 ``DW_TAG_formal_parameter`` is used to define a member which is a formal
445 argument of a subprogram.
447 ``DW_TAG_typedef`` is used to provide a name for the derived type.
449 ``DW_TAG_pointer_type``, ``DW_TAG_reference_type``, ``DW_TAG_const_type``,
450 ``DW_TAG_volatile_type`` and ``DW_TAG_restrict_type`` are used to qualify the
451 :ref:`derived type <format_derived_type>`.
453 :ref:`Derived type <format_derived_type>` location can be determined from the
454 context and line number. The size, alignment and offset are expressed in bits
455 and can be 64 bit values. The alignment is used to round the offset when
456 embedded in a :ref:`composite type <format_composite_type>` (example to keep
457 float doubles on 64 bit boundaries.) The offset is the bit offset if embedded
458 in a :ref:`composite type <format_composite_type>`.
460 Note that the ``void *`` type is expressed as a type derived from NULL.
462 .. _format_composite_type:
464 Composite type descriptors
465 ^^^^^^^^^^^^^^^^^^^^^^^^^^
471 i32, ;; Tag (see below)
472 mdstring, ;; Name (may be "" for anonymous types)
473 i32, ;; Line number where defined (may be 0)
475 i64, ;; Alignment in bits
476 i64, ;; Offset in bits
478 i32 ;; Runtime languages
480 metadata, ;; Source directory (including trailing slash) & file pair (may be null)
481 metadata, ;; Reference to context
482 metadata, ;; Reference to type derived from
483 metadata, ;; Reference to array of member descriptors
484 metadata, ;; Base type containing the vtable pointer for this type
485 metadata, ;; Template parameters
486 mdstring ;; A unique identifier for type uniquing purpose (may be null)
489 These descriptors are used to define types that are composed of 0 or more
490 elements. The value of the tag varies depending on the meaning. The following
491 are possible tag values:
495 DW_TAG_array_type = 1
496 DW_TAG_enumeration_type = 4
497 DW_TAG_structure_type = 19
498 DW_TAG_union_type = 23
499 DW_TAG_subroutine_type = 21
500 DW_TAG_inheritance = 28
502 The vector flag indicates that an array type is a native packed vector.
504 The members of array types (tag = ``DW_TAG_array_type``) are
505 :ref:`subrange descriptors <format_subrange>`, each
506 representing the range of subscripts at that level of indexing.
508 The members of enumeration types (tag = ``DW_TAG_enumeration_type``) are
509 :ref:`enumerator descriptors <format_enumerator>`, each representing the
510 definition of enumeration value for the set. All enumeration type descriptors
511 are collected inside the named metadata ``!llvm.dbg.cu``.
513 The members of structure (tag = ``DW_TAG_structure_type``) or union (tag =
514 ``DW_TAG_union_type``) types are any one of the :ref:`basic
515 <format_basic_type>`, :ref:`derived <format_derived_type>` or :ref:`composite
516 <format_composite_type>` type descriptors, each representing a field member of
517 the structure or union.
519 For C++ classes (tag = ``DW_TAG_structure_type``), member descriptors provide
520 information about base classes, static members and member functions. If a
521 member is a :ref:`derived type descriptor <format_derived_type>` and has a tag
522 of ``DW_TAG_inheritance``, then the type represents a base class. If the member
523 of is a :ref:`global variable descriptor <format_global_variables>` then it
524 represents a static member. And, if the member is a :ref:`subprogram
525 descriptor <format_subprograms>` then it represents a member function. For
526 static members and member functions, ``getName()`` returns the members link or
527 the C++ mangled name. ``getDisplayName()`` the simplied version of the name.
529 The first member of subroutine (tag = ``DW_TAG_subroutine_type``) type elements
530 is the return type for the subroutine. The remaining elements are the formal
531 arguments to the subroutine.
533 :ref:`Composite type <format_composite_type>` location can be determined from
534 the context and line number. The size, alignment and offset are expressed in
535 bits and can be 64 bit values. The alignment is used to round the offset when
536 embedded in a :ref:`composite type <format_composite_type>` (as an example, to
537 keep float doubles on 64 bit boundaries). The offset is the bit offset if
538 embedded in a :ref:`composite type <format_composite_type>`.
549 i32, ;; Tag = 33 (DW_TAG_subrange_type)
555 These descriptors are used to define ranges of array subscripts for an array
556 :ref:`composite type <format_composite_type>`. The low value defines the lower
557 bounds typically zero for C/C++. The high value is the upper bounds. Values
558 are 64 bit. ``High - Low + 1`` is the size of the array. If ``Low > High``
559 the array bounds are not included in generated debugging information.
561 .. _format_enumerator:
563 Enumerator descriptors
564 ^^^^^^^^^^^^^^^^^^^^^^
570 i32, ;; Tag = 40 (DW_TAG_enumerator)
576 These descriptors are used to define members of an enumeration :ref:`composite
577 type <format_composite_type>`, it associates the name to the value.
586 i32, ;; Tag (see below)
588 i32, ;; 24 bit - Line number where defined
589 ;; 8 bit - Argument number. 1 indicates 1st argument.
593 metadata, ;; Reference to file where defined
594 metadata, ;; Reference to the type descriptor
595 metadata ;; (optional) Reference to inline location
598 These descriptors are used to define variables local to a sub program. The
599 value of the tag depends on the usage of the variable:
603 DW_TAG_auto_variable = 256
604 DW_TAG_arg_variable = 257
606 An auto variable is any variable declared in the body of the function. An
607 argument variable is any variable that appears as a formal argument to the
610 The context is either the subprogram or block where the variable is defined.
611 Name the source variable name. Context and line indicate where the variable
612 was defined. Type descriptor defines the declared type of the variable.
619 i32, ;; DW_TAG_expression
623 Complex expressions describe variable storage locations in terms of
624 prefix-notated DWARF expressions. Currently the only supported
625 operators are ``DW_OP_plus``, ``DW_OP_deref``, and ``DW_OP_piece``.
627 The ``DW_OP_piece`` operator is used for (typically larger aggregate)
628 variables that are fragmented across several locations. It takes two
629 i32 arguments, an offset and a size in bytes to describe which piece
630 of the variable is at this location.
633 .. _format_common_intrinsics:
635 Debugger intrinsic functions
636 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
638 LLVM uses several intrinsic functions (name prefixed with "``llvm.dbg``") to
639 provide debug information at various points in generated code.
646 void %llvm.dbg.declare(metadata, metadata)
648 This intrinsic provides information about a local element (e.g., variable).
649 The first argument is metadata holding the alloca for the variable. The second
650 argument is metadata containing a description of the variable.
657 void %llvm.dbg.value(metadata, i64, metadata)
659 This intrinsic provides information when a user source variable is set to a new
660 value. The first argument is the new value (wrapped as metadata). The second
661 argument is the offset in the user source variable where the new value is
662 written. The third argument is metadata containing a description of the user
665 Object lifetimes and scoping
666 ============================
668 In many languages, the local variables in functions can have their lifetimes or
669 scopes limited to a subset of a function. In the C family of languages, for
670 example, variables are only live (readable and writable) within the source
671 block that they are defined in. In functional languages, values are only
672 readable after they have been defined. Though this is a very obvious concept,
673 it is non-trivial to model in LLVM, because it has no notion of scoping in this
674 sense, and does not want to be tied to a language's scoping rules.
676 In order to handle this, the LLVM debug format uses the metadata attached to
677 llvm instructions to encode line number and scoping information. Consider the
678 following C fragment, for example:
692 Compiled to LLVM, this function would be represented like this:
696 define void @foo() #0 {
698 %X = alloca i32, align 4
699 %Y = alloca i32, align 4
700 %Z = alloca i32, align 4
701 call void @llvm.dbg.declare(metadata !{i32* %X}, metadata !10), !dbg !12
702 ; [debug line = 2:7] [debug variable = X]
703 store i32 21, i32* %X, align 4, !dbg !12
704 call void @llvm.dbg.declare(metadata !{i32* %Y}, metadata !13), !dbg !14
705 ; [debug line = 3:7] [debug variable = Y]
706 store i32 22, i32* %Y, align 4, !dbg !14
707 call void @llvm.dbg.declare(metadata !{i32* %Z}, metadata !15), !dbg !17
708 ; [debug line = 5:9] [debug variable = Z]
709 store i32 23, i32* %Z, align 4, !dbg !17
710 %0 = load i32* %X, align 4, !dbg !18
712 store i32 %0, i32* %Z, align 4, !dbg !18
713 %1 = load i32* %Y, align 4, !dbg !19
715 store i32 %1, i32* %X, align 4, !dbg !19
719 ; Function Attrs: nounwind readnone
720 declare void @llvm.dbg.declare(metadata, metadata) #1
722 attributes #0 = { nounwind ssp uwtable "less-precise-fpmad"="false"
723 "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf"
724 "no-infs-fp-math"="false" "no-nans-fp-math"="false"
725 "stack-protector-buffer-size"="8" "unsafe-fp-math"="false"
726 "use-soft-float"="false" }
727 attributes #1 = { nounwind readnone }
730 !llvm.module.flags = !{!8}
733 !0 = metadata !{i32 786449, metadata !1, i32 12,
734 metadata !"clang version 3.4 (trunk 193128) (llvm/trunk 193139)",
735 i1 false, metadata !"", i32 0, metadata !2, metadata !2, metadata !3,
736 metadata !2, metadata !2, metadata !""} ; [ DW_TAG_compile_unit ] \
737 [/private/tmp/foo.c] \
739 !1 = metadata !{metadata !"t.c", metadata !"/private/tmp"}
740 !2 = metadata !{i32 0}
741 !3 = metadata !{metadata !4}
742 !4 = metadata !{i32 786478, metadata !1, metadata !5, metadata !"foo",
743 metadata !"foo", metadata !"", i32 1, metadata !6,
744 i1 false, i1 true, i32 0, i32 0, null, i32 0, i1 false,
745 void ()* @foo, null, null, metadata !2, i32 1}
746 ; [ DW_TAG_subprogram ] [line 1] [def] [foo]
747 !5 = metadata !{i32 786473, metadata !1} ; [ DW_TAG_file_type ] \
749 !6 = metadata !{i32 786453, i32 0, null, metadata !"", i32 0, i64 0, i64 0,
750 i64 0, i32 0, null, metadata !7, i32 0, null, null, null}
751 ; [ DW_TAG_subroutine_type ] \
752 [line 0, size 0, align 0, offset 0] [from ]
753 !7 = metadata !{null}
754 !8 = metadata !{i32 2, metadata !"Dwarf Version", i32 2}
755 !9 = metadata !{metadata !"clang version 3.4 (trunk 193128) (llvm/trunk 193139)"}
756 !10 = metadata !{i32 786688, metadata !4, metadata !"X", metadata !5, i32 2,
757 metadata !11, i32 0, i32 0} ; [ DW_TAG_auto_variable ] [X] \
759 !11 = metadata !{i32 786468, null, null, metadata !"int", i32 0, i64 32,
760 i64 32, i64 0, i32 0, i32 5} ; [ DW_TAG_base_type ] [int] \
761 [line 0, size 32, align 32, offset 0, enc DW_ATE_signed]
762 !12 = metadata !{i32 2, i32 0, metadata !4, null}
763 !13 = metadata !{i32 786688, metadata !4, metadata !"Y", metadata !5, i32 3,
764 metadata !11, i32 0, i32 0} ; [ DW_TAG_auto_variable ] [Y] \
766 !14 = metadata !{i32 3, i32 0, metadata !4, null}
767 !15 = metadata !{i32 786688, metadata !16, metadata !"Z", metadata !5, i32 5,
768 metadata !11, i32 0, i32 0} ; [ DW_TAG_auto_variable ] [Z] \
770 !16 = metadata !{i32 786443, metadata !1, metadata !4, i32 4, i32 0, i32 0} \
771 ; [ DW_TAG_lexical_block ] [/private/tmp/t.c]
772 !17 = metadata !{i32 5, i32 0, metadata !16, null}
773 !18 = metadata !{i32 6, i32 0, metadata !16, null}
774 !19 = metadata !{i32 8, i32 0, metadata !4, null} ; [ DW_TAG_imported_declaration ]
775 !20 = metadata !{i32 9, i32 0, metadata !4, null}
777 This example illustrates a few important details about LLVM debugging
778 information. In particular, it shows how the ``llvm.dbg.declare`` intrinsic and
779 location information, which are attached to an instruction, are applied
780 together to allow a debugger to analyze the relationship between statements,
781 variable definitions, and the code used to implement the function.
785 call void @llvm.dbg.declare(metadata !{i32* %X}, metadata !10), !dbg !12
786 ; [debug line = 2:7] [debug variable = X]
788 The first intrinsic ``%llvm.dbg.declare`` encodes debugging information for the
789 variable ``X``. The metadata ``!dbg !12`` attached to the intrinsic provides
790 scope information for the variable ``X``.
794 !12 = metadata !{i32 2, i32 0, metadata !4, null}
795 !4 = metadata !{i32 786478, metadata !1, metadata !5, metadata !"foo",
796 metadata !"foo", metadata !"", i32 1, metadata !6,
797 i1 false, i1 true, i32 0, i32 0, null, i32 0, i1 false,
798 void ()* @foo, null, null, metadata !2, i32 1}
799 ; [ DW_TAG_subprogram ] [line 1] [def] [foo]
801 Here ``!12`` is metadata providing location information. It has four fields:
802 line number, column number, scope, and original scope. The original scope
803 represents inline location if this instruction is inlined inside a caller, and
804 is null otherwise. In this example, scope is encoded by ``!4``, a
805 :ref:`subprogram descriptor <format_subprograms>`. This way the location
806 information attached to the intrinsics indicates that the variable ``X`` is
807 declared at line number 2 at a function level scope in function ``foo``.
809 Now lets take another example.
813 call void @llvm.dbg.declare(metadata !{i32* %Z}, metadata !15), !dbg !17
814 ; [debug line = 5:9] [debug variable = Z]
816 The third intrinsic ``%llvm.dbg.declare`` encodes debugging information for
817 variable ``Z``. The metadata ``!dbg !17`` attached to the intrinsic provides
818 scope information for the variable ``Z``.
822 !16 = metadata !{i32 786443, metadata !1, metadata !4, i32 4, i32 0, i32 0} \
823 ; [ DW_TAG_lexical_block ] [/private/tmp/t.c]
824 !17 = metadata !{i32 5, i32 0, metadata !16, null}
826 Here ``!15`` indicates that ``Z`` is declared at line number 5 and
827 column number 0 inside of lexical scope ``!16``. The lexical scope itself
828 resides inside of subprogram ``!4`` described above.
830 The scope information attached with each instruction provides a straightforward
831 way to find instructions covered by a scope.
835 C/C++ front-end specific debug information
836 ==========================================
838 The C and C++ front-ends represent information about the program in a format
839 that is effectively identical to `DWARF 3.0
840 <http://www.eagercon.com/dwarf/dwarf3std.htm>`_ in terms of information
841 content. This allows code generators to trivially support native debuggers by
842 generating standard dwarf information, and contains enough information for
843 non-dwarf targets to translate it as needed.
845 This section describes the forms used to represent C and C++ programs. Other
846 languages could pattern themselves after this (which itself is tuned to
847 representing programs in the same way that DWARF 3 does), or they could choose
848 to provide completely different forms if they don't fit into the DWARF model.
849 As support for debugging information gets added to the various LLVM
850 source-language front-ends, the information used should be documented here.
852 The following sections provide examples of a few C/C++ constructs and the debug
853 information that would best describe those constructs. The canonical
854 references are the ``DIDescriptor`` classes defined in
855 ``include/llvm/IR/DebugInfo.h`` and the implementations of the helper functions
856 in ``lib/IR/DIBuilder.cpp``.
858 C/C++ source file information
859 -----------------------------
861 ``llvm::Instruction`` provides easy access to metadata attached with an
862 instruction. One can extract line number information encoded in LLVM IR using
863 ``Instruction::getMetadata()`` and ``DILocation::getLineNumber()``.
867 if (MDNode *N = I->getMetadata("dbg")) { // Here I is an LLVM instruction
868 DILocation Loc(N); // DILocation is in DebugInfo.h
869 unsigned Line = Loc.getLineNumber();
870 StringRef File = Loc.getFilename();
871 StringRef Dir = Loc.getDirectory();
874 C/C++ global variable information
875 ---------------------------------
877 Given an integer global variable declared as follows:
883 a C/C++ front-end would generate the following descriptors:
888 ;; Define the global itself.
890 @MyGlobal = global i32 100, align 4
893 ;; List of debug info of globals
897 ;; Define the compile unit.
903 ; metadata !"clang version 3.6.0 ", ;; Producer
904 ; i1 false, ;; "isOptimized"?
905 ; metadata !"", ;; Flags
906 ; i32 0, ;; Runtime Version
907 ; "", ;; Split debug filename
908 ; 1 ;; Full debug info
910 metadata !"0x11\0012\00clang version 3.6.0 \000\00\000\00\001",
912 metadata !2, ;; Enum Types
913 metadata !2, ;; Retained Types
914 metadata !2, ;; Subprograms
915 metadata !3, ;; Global Variables
916 metadata !2 ;; Imported entities
917 } ; [ DW_TAG_compile_unit ]
919 ;; The file/directory pair.
921 metadata !"foo.c", ;; Filename
922 metadata !"/Users/dexonsmith/data/llvm/debug-info" ;; Directory
928 ;; The Array of Global Variables
934 ;; Define the global variable itself.
939 ; metadata !"MyGlobal", ;; Name
940 ; metadata !"MyGlobal", ;; Display Name
941 ; metadata !"", ;; Linkage Name
943 ; i32 0, ;; IsLocalToUnit
944 ; i32 1 ;; IsDefinition
946 metadata !"0x34\00MyGlobal\00MyGlobal\00\001\000\001",
950 i32* @MyGlobal, ;; LLVM-IR Value
951 null ;; Static member declaration
952 } ; [ DW_TAG_variable ]
962 metadata !1 ;; File/directory pair
963 } ; [ DW_TAG_file_type ]
971 ; metadata !"int", ;; Name
973 ; i64 32, ;; Size in Bits
974 ; i64 32, ;; Align in Bits
979 metadata !"0x24\00int\000\0032\0032\000\000\005",
982 } ; [ DW_TAG_base_type ]
984 C/C++ function information
985 --------------------------
987 Given a function declared as follows:
991 int main(int argc, char *argv[]) {
995 a C/C++ front-end would generate the following descriptors:
1000 ;; Define the anchor for subprograms.
1005 ; metadata !"main", ;; Name
1006 ; metadata !"main", ;; Display name
1007 ; metadata !"", ;; Linkage name
1008 ; i32 1, ;; Line number
1009 ; i1 false, ;; Is local
1010 ; i1 true, ;; Is definition
1011 ; i32 0, ;; Virtuality attribute, e.g. pure virtual function
1012 ; i32 0, ;; Index into virtual table for C++ methods
1014 ; i1 0, ;; True if this function is optimized
1015 ; 1 ;; Line number of the opening '{' of the function
1017 metadata !"0x2e\00main\00main\00\001\000\001\000\000\00256\000\001",
1018 metadata !1, ;; File
1019 metadata !5, ;; Context
1020 metadata !6, ;; Type
1021 null, ;; Containing type
1022 i32 (i32, i8**)* @main, ;; Pointer to llvm::Function
1023 null, ;; Function template parameters
1024 null, ;; Function declaration
1025 metadata !2 ;; List of function variables (emitted when optimizing)
1029 ;; Define the subprogram itself.
1031 define i32 @main(i32 %argc, i8** %argv) {
1035 Debugging information format
1036 ============================
1038 Debugging Information Extension for Objective C Properties
1039 ----------------------------------------------------------
1044 Objective C provides a simpler way to declare and define accessor methods using
1045 declared properties. The language provides features to declare a property and
1046 to let compiler synthesize accessor methods.
1048 The debugger lets developer inspect Objective C interfaces and their instance
1049 variables and class variables. However, the debugger does not know anything
1050 about the properties defined in Objective C interfaces. The debugger consumes
1051 information generated by compiler in DWARF format. The format does not support
1052 encoding of Objective C properties. This proposal describes DWARF extensions to
1053 encode Objective C properties, which the debugger can use to let developers
1054 inspect Objective C properties.
1059 Objective C properties exist separately from class members. A property can be
1060 defined only by "setter" and "getter" selectors, and be calculated anew on each
1061 access. Or a property can just be a direct access to some declared ivar.
1062 Finally it can have an ivar "automatically synthesized" for it by the compiler,
1063 in which case the property can be referred to in user code directly using the
1064 standard C dereference syntax as well as through the property "dot" syntax, but
1065 there is no entry in the ``@interface`` declaration corresponding to this ivar.
1067 To facilitate debugging, these properties we will add a new DWARF TAG into the
1068 ``DW_TAG_structure_type`` definition for the class to hold the description of a
1069 given property, and a set of DWARF attributes that provide said description.
1070 The property tag will also contain the name and declared type of the property.
1072 If there is a related ivar, there will also be a DWARF property attribute placed
1073 in the ``DW_TAG_member`` DIE for that ivar referring back to the property TAG
1074 for that property. And in the case where the compiler synthesizes the ivar
1075 directly, the compiler is expected to generate a ``DW_TAG_member`` for that
1076 ivar (with the ``DW_AT_artificial`` set to 1), whose name will be the name used
1077 to access this ivar directly in code, and with the property attribute pointing
1078 back to the property it is backing.
1080 The following examples will serve as illustration for our discussion:
1082 .. code-block:: objc
1094 @synthesize p2 = n2;
1097 This produces the following DWARF (this is a "pseudo dwarfdump" output):
1099 .. code-block:: none
1101 0x00000100: TAG_structure_type [7] *
1102 AT_APPLE_runtime_class( 0x10 )
1104 AT_decl_file( "Objc_Property.m" )
1107 0x00000110 TAG_APPLE_property
1109 AT_type ( {0x00000150} ( int ) )
1111 0x00000120: TAG_APPLE_property
1113 AT_type ( {0x00000150} ( int ) )
1115 0x00000130: TAG_member [8]
1117 AT_APPLE_property ( {0x00000110} "p1" )
1118 AT_type( {0x00000150} ( int ) )
1119 AT_artificial ( 0x1 )
1121 0x00000140: TAG_member [8]
1123 AT_APPLE_property ( {0x00000120} "p2" )
1124 AT_type( {0x00000150} ( int ) )
1126 0x00000150: AT_type( ( int ) )
1128 Note, the current convention is that the name of the ivar for an
1129 auto-synthesized property is the name of the property from which it derives
1130 with an underscore prepended, as is shown in the example. But we actually
1131 don't need to know this convention, since we are given the name of the ivar
1134 Also, it is common practice in ObjC to have different property declarations in
1135 the @interface and @implementation - e.g. to provide a read-only property in
1136 the interface,and a read-write interface in the implementation. In that case,
1137 the compiler should emit whichever property declaration will be in force in the
1138 current translation unit.
1140 Developers can decorate a property with attributes which are encoded using
1141 ``DW_AT_APPLE_property_attribute``.
1143 .. code-block:: objc
1145 @property (readonly, nonatomic) int pr;
1147 .. code-block:: none
1149 TAG_APPLE_property [8]
1151 AT_type ( {0x00000147} (int) )
1152 AT_APPLE_property_attribute (DW_APPLE_PROPERTY_readonly, DW_APPLE_PROPERTY_nonatomic)
1154 The setter and getter method names are attached to the property using
1155 ``DW_AT_APPLE_property_setter`` and ``DW_AT_APPLE_property_getter`` attributes.
1157 .. code-block:: objc
1160 @property (setter=myOwnP3Setter:) int p3;
1161 -(void)myOwnP3Setter:(int)a;
1166 -(void)myOwnP3Setter:(int)a{ }
1169 The DWARF for this would be:
1171 .. code-block:: none
1173 0x000003bd: TAG_structure_type [7] *
1174 AT_APPLE_runtime_class( 0x10 )
1176 AT_decl_file( "Objc_Property.m" )
1179 0x000003cd TAG_APPLE_property
1181 AT_APPLE_property_setter ( "myOwnP3Setter:" )
1182 AT_type( {0x00000147} ( int ) )
1184 0x000003f3: TAG_member [8]
1186 AT_type ( {0x00000147} ( int ) )
1187 AT_APPLE_property ( {0x000003cd} )
1188 AT_artificial ( 0x1 )
1193 +-----------------------+--------+
1195 +=======================+========+
1196 | DW_TAG_APPLE_property | 0x4200 |
1197 +-----------------------+--------+
1199 New DWARF Attributes
1200 ^^^^^^^^^^^^^^^^^^^^
1202 +--------------------------------+--------+-----------+
1203 | Attribute | Value | Classes |
1204 +================================+========+===========+
1205 | DW_AT_APPLE_property | 0x3fed | Reference |
1206 +--------------------------------+--------+-----------+
1207 | DW_AT_APPLE_property_getter | 0x3fe9 | String |
1208 +--------------------------------+--------+-----------+
1209 | DW_AT_APPLE_property_setter | 0x3fea | String |
1210 +--------------------------------+--------+-----------+
1211 | DW_AT_APPLE_property_attribute | 0x3feb | Constant |
1212 +--------------------------------+--------+-----------+
1217 +--------------------------------------+-------+
1219 +======================================+=======+
1220 | DW_APPLE_PROPERTY_readonly | 0x01 |
1221 +--------------------------------------+-------+
1222 | DW_APPLE_PROPERTY_getter | 0x02 |
1223 +--------------------------------------+-------+
1224 | DW_APPLE_PROPERTY_assign | 0x04 |
1225 +--------------------------------------+-------+
1226 | DW_APPLE_PROPERTY_readwrite | 0x08 |
1227 +--------------------------------------+-------+
1228 | DW_APPLE_PROPERTY_retain | 0x10 |
1229 +--------------------------------------+-------+
1230 | DW_APPLE_PROPERTY_copy | 0x20 |
1231 +--------------------------------------+-------+
1232 | DW_APPLE_PROPERTY_nonatomic | 0x40 |
1233 +--------------------------------------+-------+
1234 | DW_APPLE_PROPERTY_setter | 0x80 |
1235 +--------------------------------------+-------+
1236 | DW_APPLE_PROPERTY_atomic | 0x100 |
1237 +--------------------------------------+-------+
1238 | DW_APPLE_PROPERTY_weak | 0x200 |
1239 +--------------------------------------+-------+
1240 | DW_APPLE_PROPERTY_strong | 0x400 |
1241 +--------------------------------------+-------+
1242 | DW_APPLE_PROPERTY_unsafe_unretained | 0x800 |
1243 +--------------------------------+-----+-------+
1245 Name Accelerator Tables
1246 -----------------------
1251 The "``.debug_pubnames``" and "``.debug_pubtypes``" formats are not what a
1252 debugger needs. The "``pub``" in the section name indicates that the entries
1253 in the table are publicly visible names only. This means no static or hidden
1254 functions show up in the "``.debug_pubnames``". No static variables or private
1255 class variables are in the "``.debug_pubtypes``". Many compilers add different
1256 things to these tables, so we can't rely upon the contents between gcc, icc, or
1259 The typical query given by users tends not to match up with the contents of
1260 these tables. For example, the DWARF spec states that "In the case of the name
1261 of a function member or static data member of a C++ structure, class or union,
1262 the name presented in the "``.debug_pubnames``" section is not the simple name
1263 given by the ``DW_AT_name attribute`` of the referenced debugging information
1264 entry, but rather the fully qualified name of the data or function member."
1265 So the only names in these tables for complex C++ entries is a fully
1266 qualified name. Debugger users tend not to enter their search strings as
1267 "``a::b::c(int,const Foo&) const``", but rather as "``c``", "``b::c``" , or
1268 "``a::b::c``". So the name entered in the name table must be demangled in
1269 order to chop it up appropriately and additional names must be manually entered
1270 into the table to make it effective as a name lookup table for debuggers to
1273 All debuggers currently ignore the "``.debug_pubnames``" table as a result of
1274 its inconsistent and useless public-only name content making it a waste of
1275 space in the object file. These tables, when they are written to disk, are not
1276 sorted in any way, leaving every debugger to do its own parsing and sorting.
1277 These tables also include an inlined copy of the string values in the table
1278 itself making the tables much larger than they need to be on disk, especially
1279 for large C++ programs.
1281 Can't we just fix the sections by adding all of the names we need to this
1282 table? No, because that is not what the tables are defined to contain and we
1283 won't know the difference between the old bad tables and the new good tables.
1284 At best we could make our own renamed sections that contain all of the data we
1287 These tables are also insufficient for what a debugger like LLDB needs. LLDB
1288 uses clang for its expression parsing where LLDB acts as a PCH. LLDB is then
1289 often asked to look for type "``foo``" or namespace "``bar``", or list items in
1290 namespace "``baz``". Namespaces are not included in the pubnames or pubtypes
1291 tables. Since clang asks a lot of questions when it is parsing an expression,
1292 we need to be very fast when looking up names, as it happens a lot. Having new
1293 accelerator tables that are optimized for very quick lookups will benefit this
1294 type of debugging experience greatly.
1296 We would like to generate name lookup tables that can be mapped into memory
1297 from disk, and used as is, with little or no up-front parsing. We would also
1298 be able to control the exact content of these different tables so they contain
1299 exactly what we need. The Name Accelerator Tables were designed to fix these
1300 issues. In order to solve these issues we need to:
1302 * Have a format that can be mapped into memory from disk and used as is
1303 * Lookups should be very fast
1304 * Extensible table format so these tables can be made by many producers
1305 * Contain all of the names needed for typical lookups out of the box
1306 * Strict rules for the contents of tables
1308 Table size is important and the accelerator table format should allow the reuse
1309 of strings from common string tables so the strings for the names are not
1310 duplicated. We also want to make sure the table is ready to be used as-is by
1311 simply mapping the table into memory with minimal header parsing.
1313 The name lookups need to be fast and optimized for the kinds of lookups that
1314 debuggers tend to do. Optimally we would like to touch as few parts of the
1315 mapped table as possible when doing a name lookup and be able to quickly find
1316 the name entry we are looking for, or discover there are no matches. In the
1317 case of debuggers we optimized for lookups that fail most of the time.
1319 Each table that is defined should have strict rules on exactly what is in the
1320 accelerator tables and documented so clients can rely on the content.
1325 Standard Hash Tables
1326 """"""""""""""""""""
1328 Typical hash tables have a header, buckets, and each bucket points to the
1331 .. code-block:: none
1341 The BUCKETS are an array of offsets to DATA for each hash:
1343 .. code-block:: none
1346 | 0x00001000 | BUCKETS[0]
1347 | 0x00002000 | BUCKETS[1]
1348 | 0x00002200 | BUCKETS[2]
1349 | 0x000034f0 | BUCKETS[3]
1351 | 0xXXXXXXXX | BUCKETS[n_buckets]
1354 So for ``bucket[3]`` in the example above, we have an offset into the table
1355 0x000034f0 which points to a chain of entries for the bucket. Each bucket must
1356 contain a next pointer, full 32 bit hash value, the string itself, and the data
1357 for the current string value.
1359 .. code-block:: none
1362 0x000034f0: | 0x00003500 | next pointer
1363 | 0x12345678 | 32 bit hash
1364 | "erase" | string value
1365 | data[n] | HashData for this bucket
1367 0x00003500: | 0x00003550 | next pointer
1368 | 0x29273623 | 32 bit hash
1369 | "dump" | string value
1370 | data[n] | HashData for this bucket
1372 0x00003550: | 0x00000000 | next pointer
1373 | 0x82638293 | 32 bit hash
1374 | "main" | string value
1375 | data[n] | HashData for this bucket
1378 The problem with this layout for debuggers is that we need to optimize for the
1379 negative lookup case where the symbol we're searching for is not present. So
1380 if we were to lookup "``printf``" in the table above, we would make a 32 hash
1381 for "``printf``", it might match ``bucket[3]``. We would need to go to the
1382 offset 0x000034f0 and start looking to see if our 32 bit hash matches. To do
1383 so, we need to read the next pointer, then read the hash, compare it, and skip
1384 to the next bucket. Each time we are skipping many bytes in memory and
1385 touching new cache pages just to do the compare on the full 32 bit hash. All
1386 of these accesses then tell us that we didn't have a match.
1391 To solve the issues mentioned above we have structured the hash tables a bit
1392 differently: a header, buckets, an array of all unique 32 bit hash values,
1393 followed by an array of hash value data offsets, one for each hash value, then
1394 the data for all hash values:
1396 .. code-block:: none
1410 The ``BUCKETS`` in the name tables are an index into the ``HASHES`` array. By
1411 making all of the full 32 bit hash values contiguous in memory, we allow
1412 ourselves to efficiently check for a match while touching as little memory as
1413 possible. Most often checking the 32 bit hash values is as far as the lookup
1414 goes. If it does match, it usually is a match with no collisions. So for a
1415 table with "``n_buckets``" buckets, and "``n_hashes``" unique 32 bit hash
1416 values, we can clarify the contents of the ``BUCKETS``, ``HASHES`` and
1419 .. code-block:: none
1421 .-------------------------.
1422 | HEADER.magic | uint32_t
1423 | HEADER.version | uint16_t
1424 | HEADER.hash_function | uint16_t
1425 | HEADER.bucket_count | uint32_t
1426 | HEADER.hashes_count | uint32_t
1427 | HEADER.header_data_len | uint32_t
1428 | HEADER_DATA | HeaderData
1429 |-------------------------|
1430 | BUCKETS | uint32_t[n_buckets] // 32 bit hash indexes
1431 |-------------------------|
1432 | HASHES | uint32_t[n_hashes] // 32 bit hash values
1433 |-------------------------|
1434 | OFFSETS | uint32_t[n_hashes] // 32 bit offsets to hash value data
1435 |-------------------------|
1437 `-------------------------'
1439 So taking the exact same data from the standard hash example above we end up
1442 .. code-block:: none
1452 | ... | BUCKETS[n_buckets]
1454 | 0x........ | HASHES[0]
1455 | 0x........ | HASHES[1]
1456 | 0x........ | HASHES[2]
1457 | 0x........ | HASHES[3]
1458 | 0x........ | HASHES[4]
1459 | 0x........ | HASHES[5]
1460 | 0x12345678 | HASHES[6] hash for BUCKETS[3]
1461 | 0x29273623 | HASHES[7] hash for BUCKETS[3]
1462 | 0x82638293 | HASHES[8] hash for BUCKETS[3]
1463 | 0x........ | HASHES[9]
1464 | 0x........ | HASHES[10]
1465 | 0x........ | HASHES[11]
1466 | 0x........ | HASHES[12]
1467 | 0x........ | HASHES[13]
1468 | 0x........ | HASHES[n_hashes]
1470 | 0x........ | OFFSETS[0]
1471 | 0x........ | OFFSETS[1]
1472 | 0x........ | OFFSETS[2]
1473 | 0x........ | OFFSETS[3]
1474 | 0x........ | OFFSETS[4]
1475 | 0x........ | OFFSETS[5]
1476 | 0x000034f0 | OFFSETS[6] offset for BUCKETS[3]
1477 | 0x00003500 | OFFSETS[7] offset for BUCKETS[3]
1478 | 0x00003550 | OFFSETS[8] offset for BUCKETS[3]
1479 | 0x........ | OFFSETS[9]
1480 | 0x........ | OFFSETS[10]
1481 | 0x........ | OFFSETS[11]
1482 | 0x........ | OFFSETS[12]
1483 | 0x........ | OFFSETS[13]
1484 | 0x........ | OFFSETS[n_hashes]
1492 0x000034f0: | 0x00001203 | .debug_str ("erase")
1493 | 0x00000004 | A 32 bit array count - number of HashData with name "erase"
1494 | 0x........ | HashData[0]
1495 | 0x........ | HashData[1]
1496 | 0x........ | HashData[2]
1497 | 0x........ | HashData[3]
1498 | 0x00000000 | String offset into .debug_str (terminate data for hash)
1500 0x00003500: | 0x00001203 | String offset into .debug_str ("collision")
1501 | 0x00000002 | A 32 bit array count - number of HashData with name "collision"
1502 | 0x........ | HashData[0]
1503 | 0x........ | HashData[1]
1504 | 0x00001203 | String offset into .debug_str ("dump")
1505 | 0x00000003 | A 32 bit array count - number of HashData with name "dump"
1506 | 0x........ | HashData[0]
1507 | 0x........ | HashData[1]
1508 | 0x........ | HashData[2]
1509 | 0x00000000 | String offset into .debug_str (terminate data for hash)
1511 0x00003550: | 0x00001203 | String offset into .debug_str ("main")
1512 | 0x00000009 | A 32 bit array count - number of HashData with name "main"
1513 | 0x........ | HashData[0]
1514 | 0x........ | HashData[1]
1515 | 0x........ | HashData[2]
1516 | 0x........ | HashData[3]
1517 | 0x........ | HashData[4]
1518 | 0x........ | HashData[5]
1519 | 0x........ | HashData[6]
1520 | 0x........ | HashData[7]
1521 | 0x........ | HashData[8]
1522 | 0x00000000 | String offset into .debug_str (terminate data for hash)
1525 So we still have all of the same data, we just organize it more efficiently for
1526 debugger lookup. If we repeat the same "``printf``" lookup from above, we
1527 would hash "``printf``" and find it matches ``BUCKETS[3]`` by taking the 32 bit
1528 hash value and modulo it by ``n_buckets``. ``BUCKETS[3]`` contains "6" which
1529 is the index into the ``HASHES`` table. We would then compare any consecutive
1530 32 bit hashes values in the ``HASHES`` array as long as the hashes would be in
1531 ``BUCKETS[3]``. We do this by verifying that each subsequent hash value modulo
1532 ``n_buckets`` is still 3. In the case of a failed lookup we would access the
1533 memory for ``BUCKETS[3]``, and then compare a few consecutive 32 bit hashes
1534 before we know that we have no match. We don't end up marching through
1535 multiple words of memory and we really keep the number of processor data cache
1536 lines being accessed as small as possible.
1538 The string hash that is used for these lookup tables is the Daniel J.
1539 Bernstein hash which is also used in the ELF ``GNU_HASH`` sections. It is a
1540 very good hash for all kinds of names in programs with very few hash
1543 Empty buckets are designated by using an invalid hash index of ``UINT32_MAX``.
1548 These name hash tables are designed to be generic where specializations of the
1549 table get to define additional data that goes into the header ("``HeaderData``"),
1550 how the string value is stored ("``KeyType``") and the content of the data for each
1556 The header has a fixed part, and the specialized part. The exact format of the
1563 uint32_t magic; // 'HASH' magic value to allow endian detection
1564 uint16_t version; // Version number
1565 uint16_t hash_function; // The hash function enumeration that was used
1566 uint32_t bucket_count; // The number of buckets in this hash table
1567 uint32_t hashes_count; // The total number of unique hash values and hash data offsets in this table
1568 uint32_t header_data_len; // The bytes to skip to get to the hash indexes (buckets) for correct alignment
1569 // Specifically the length of the following HeaderData field - this does not
1570 // include the size of the preceding fields
1571 HeaderData header_data; // Implementation specific header data
1574 The header starts with a 32 bit "``magic``" value which must be ``'HASH'``
1575 encoded as an ASCII integer. This allows the detection of the start of the
1576 hash table and also allows the table's byte order to be determined so the table
1577 can be correctly extracted. The "``magic``" value is followed by a 16 bit
1578 ``version`` number which allows the table to be revised and modified in the
1579 future. The current version number is 1. ``hash_function`` is a ``uint16_t``
1580 enumeration that specifies which hash function was used to produce this table.
1581 The current values for the hash function enumerations include:
1585 enum HashFunctionType
1587 eHashFunctionDJB = 0u, // Daniel J Bernstein hash function
1590 ``bucket_count`` is a 32 bit unsigned integer that represents how many buckets
1591 are in the ``BUCKETS`` array. ``hashes_count`` is the number of unique 32 bit
1592 hash values that are in the ``HASHES`` array, and is the same number of offsets
1593 are contained in the ``OFFSETS`` array. ``header_data_len`` specifies the size
1594 in bytes of the ``HeaderData`` that is filled in by specialized versions of
1600 The header is followed by the buckets, hashes, offsets, and hash value data.
1606 uint32_t buckets[Header.bucket_count]; // An array of hash indexes into the "hashes[]" array below
1607 uint32_t hashes [Header.hashes_count]; // Every unique 32 bit hash for the entire table is in this table
1608 uint32_t offsets[Header.hashes_count]; // An offset that corresponds to each item in the "hashes[]" array above
1611 ``buckets`` is an array of 32 bit indexes into the ``hashes`` array. The
1612 ``hashes`` array contains all of the 32 bit hash values for all names in the
1613 hash table. Each hash in the ``hashes`` table has an offset in the ``offsets``
1614 array that points to the data for the hash value.
1616 This table setup makes it very easy to repurpose these tables to contain
1617 different data, while keeping the lookup mechanism the same for all tables.
1618 This layout also makes it possible to save the table to disk and map it in
1619 later and do very efficient name lookups with little or no parsing.
1621 DWARF lookup tables can be implemented in a variety of ways and can store a lot
1622 of information for each name. We want to make the DWARF tables extensible and
1623 able to store the data efficiently so we have used some of the DWARF features
1624 that enable efficient data storage to define exactly what kind of data we store
1627 The ``HeaderData`` contains a definition of the contents of each HashData chunk.
1628 We might want to store an offset to all of the debug information entries (DIEs)
1629 for each name. To keep things extensible, we create a list of items, or
1630 Atoms, that are contained in the data for each name. First comes the type of
1631 the data in each atom:
1638 eAtomTypeDIEOffset = 1u, // DIE offset, check form for encoding
1639 eAtomTypeCUOffset = 2u, // DIE offset of the compiler unit header that contains the item in question
1640 eAtomTypeTag = 3u, // DW_TAG_xxx value, should be encoded as DW_FORM_data1 (if no tags exceed 255) or DW_FORM_data2
1641 eAtomTypeNameFlags = 4u, // Flags from enum NameFlags
1642 eAtomTypeTypeFlags = 5u, // Flags from enum TypeFlags
1645 The enumeration values and their meanings are:
1647 .. code-block:: none
1649 eAtomTypeNULL - a termination atom that specifies the end of the atom list
1650 eAtomTypeDIEOffset - an offset into the .debug_info section for the DWARF DIE for this name
1651 eAtomTypeCUOffset - an offset into the .debug_info section for the CU that contains the DIE
1652 eAtomTypeDIETag - The DW_TAG_XXX enumeration value so you don't have to parse the DWARF to see what it is
1653 eAtomTypeNameFlags - Flags for functions and global variables (isFunction, isInlined, isExternal...)
1654 eAtomTypeTypeFlags - Flags for types (isCXXClass, isObjCClass, ...)
1656 Then we allow each atom type to define the atom type and how the data for each
1657 atom type data is encoded:
1663 uint16_t type; // AtomType enum value
1664 uint16_t form; // DWARF DW_FORM_XXX defines
1667 The ``form`` type above is from the DWARF specification and defines the exact
1668 encoding of the data for the Atom type. See the DWARF specification for the
1669 ``DW_FORM_`` definitions.
1675 uint32_t die_offset_base;
1676 uint32_t atom_count;
1677 Atoms atoms[atom_count0];
1680 ``HeaderData`` defines the base DIE offset that should be added to any atoms
1681 that are encoded using the ``DW_FORM_ref1``, ``DW_FORM_ref2``,
1682 ``DW_FORM_ref4``, ``DW_FORM_ref8`` or ``DW_FORM_ref_udata``. It also defines
1683 what is contained in each ``HashData`` object -- ``Atom.form`` tells us how large
1684 each field will be in the ``HashData`` and the ``Atom.type`` tells us how this data
1685 should be interpreted.
1687 For the current implementations of the "``.apple_names``" (all functions +
1688 globals), the "``.apple_types``" (names of all types that are defined), and
1689 the "``.apple_namespaces``" (all namespaces), we currently set the ``Atom``
1694 HeaderData.atom_count = 1;
1695 HeaderData.atoms[0].type = eAtomTypeDIEOffset;
1696 HeaderData.atoms[0].form = DW_FORM_data4;
1698 This defines the contents to be the DIE offset (eAtomTypeDIEOffset) that is
1699 encoded as a 32 bit value (DW_FORM_data4). This allows a single name to have
1700 multiple matching DIEs in a single file, which could come up with an inlined
1701 function for instance. Future tables could include more information about the
1702 DIE such as flags indicating if the DIE is a function, method, block,
1705 The KeyType for the DWARF table is a 32 bit string table offset into the
1706 ".debug_str" table. The ".debug_str" is the string table for the DWARF which
1707 may already contain copies of all of the strings. This helps make sure, with
1708 help from the compiler, that we reuse the strings between all of the DWARF
1709 sections and keeps the hash table size down. Another benefit to having the
1710 compiler generate all strings as DW_FORM_strp in the debug info, is that
1711 DWARF parsing can be made much faster.
1713 After a lookup is made, we get an offset into the hash data. The hash data
1714 needs to be able to deal with 32 bit hash collisions, so the chunk of data
1715 at the offset in the hash data consists of a triple:
1720 uint32_t hash_data_count
1721 HashData[hash_data_count]
1723 If "str_offset" is zero, then the bucket contents are done. 99.9% of the
1724 hash data chunks contain a single item (no 32 bit hash collision):
1726 .. code-block:: none
1729 | 0x00001023 | uint32_t KeyType (.debug_str[0x0001023] => "main")
1730 | 0x00000004 | uint32_t HashData count
1731 | 0x........ | uint32_t HashData[0] DIE offset
1732 | 0x........ | uint32_t HashData[1] DIE offset
1733 | 0x........ | uint32_t HashData[2] DIE offset
1734 | 0x........ | uint32_t HashData[3] DIE offset
1735 | 0x00000000 | uint32_t KeyType (end of hash chain)
1738 If there are collisions, you will have multiple valid string offsets:
1740 .. code-block:: none
1743 | 0x00001023 | uint32_t KeyType (.debug_str[0x0001023] => "main")
1744 | 0x00000004 | uint32_t HashData count
1745 | 0x........ | uint32_t HashData[0] DIE offset
1746 | 0x........ | uint32_t HashData[1] DIE offset
1747 | 0x........ | uint32_t HashData[2] DIE offset
1748 | 0x........ | uint32_t HashData[3] DIE offset
1749 | 0x00002023 | uint32_t KeyType (.debug_str[0x0002023] => "print")
1750 | 0x00000002 | uint32_t HashData count
1751 | 0x........ | uint32_t HashData[0] DIE offset
1752 | 0x........ | uint32_t HashData[1] DIE offset
1753 | 0x00000000 | uint32_t KeyType (end of hash chain)
1756 Current testing with real world C++ binaries has shown that there is around 1
1757 32 bit hash collision per 100,000 name entries.
1762 As we said, we want to strictly define exactly what is included in the
1763 different tables. For DWARF, we have 3 tables: "``.apple_names``",
1764 "``.apple_types``", and "``.apple_namespaces``".
1766 "``.apple_names``" sections should contain an entry for each DWARF DIE whose
1767 ``DW_TAG`` is a ``DW_TAG_label``, ``DW_TAG_inlined_subroutine``, or
1768 ``DW_TAG_subprogram`` that has address attributes: ``DW_AT_low_pc``,
1769 ``DW_AT_high_pc``, ``DW_AT_ranges`` or ``DW_AT_entry_pc``. It also contains
1770 ``DW_TAG_variable`` DIEs that have a ``DW_OP_addr`` in the location (global and
1771 static variables). All global and static variables should be included,
1772 including those scoped within functions and classes. For example using the
1784 Both of the static ``var`` variables would be included in the table. All
1785 functions should emit both their full names and their basenames. For C or C++,
1786 the full name is the mangled name (if available) which is usually in the
1787 ``DW_AT_MIPS_linkage_name`` attribute, and the ``DW_AT_name`` contains the
1788 function basename. If global or static variables have a mangled name in a
1789 ``DW_AT_MIPS_linkage_name`` attribute, this should be emitted along with the
1790 simple name found in the ``DW_AT_name`` attribute.
1792 "``.apple_types``" sections should contain an entry for each DWARF DIE whose
1797 * DW_TAG_enumeration_type
1798 * DW_TAG_pointer_type
1799 * DW_TAG_reference_type
1800 * DW_TAG_string_type
1801 * DW_TAG_structure_type
1802 * DW_TAG_subroutine_type
1805 * DW_TAG_ptr_to_member_type
1807 * DW_TAG_subrange_type
1813 * DW_TAG_packed_type
1814 * DW_TAG_volatile_type
1815 * DW_TAG_restrict_type
1816 * DW_TAG_interface_type
1817 * DW_TAG_unspecified_type
1818 * DW_TAG_shared_type
1820 Only entries with a ``DW_AT_name`` attribute are included, and the entry must
1821 not be a forward declaration (``DW_AT_declaration`` attribute with a non-zero
1822 value). For example, using the following code:
1832 We get a few type DIEs:
1834 .. code-block:: none
1836 0x00000067: TAG_base_type [5]
1837 AT_encoding( DW_ATE_signed )
1839 AT_byte_size( 0x04 )
1841 0x0000006e: TAG_pointer_type [6]
1842 AT_type( {0x00000067} ( int ) )
1843 AT_byte_size( 0x08 )
1845 The DW_TAG_pointer_type is not included because it does not have a ``DW_AT_name``.
1847 "``.apple_namespaces``" section should contain all ``DW_TAG_namespace`` DIEs.
1848 If we run into a namespace that has no name this is an anonymous namespace, and
1849 the name should be output as "``(anonymous namespace)``" (without the quotes).
1850 Why? This matches the output of the ``abi::cxa_demangle()`` that is in the
1851 standard C++ library that demangles mangled names.
1854 Language Extensions and File Format Changes
1855 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1857 Objective-C Extensions
1858 """"""""""""""""""""""
1860 "``.apple_objc``" section should contain all ``DW_TAG_subprogram`` DIEs for an
1861 Objective-C class. The name used in the hash table is the name of the
1862 Objective-C class itself. If the Objective-C class has a category, then an
1863 entry is made for both the class name without the category, and for the class
1864 name with the category. So if we have a DIE at offset 0x1234 with a name of
1865 method "``-[NSString(my_additions) stringWithSpecialString:]``", we would add
1866 an entry for "``NSString``" that points to DIE 0x1234, and an entry for
1867 "``NSString(my_additions)``" that points to 0x1234. This allows us to quickly
1868 track down all Objective-C methods for an Objective-C class when doing
1869 expressions. It is needed because of the dynamic nature of Objective-C where
1870 anyone can add methods to a class. The DWARF for Objective-C methods is also
1871 emitted differently from C++ classes where the methods are not usually
1872 contained in the class definition, they are scattered about across one or more
1873 compile units. Categories can also be defined in different shared libraries.
1874 So we need to be able to quickly find all of the methods and class functions
1875 given the Objective-C class name, or quickly find all methods and class
1876 functions for a class + category name. This table does not contain any
1877 selector names, it just maps Objective-C class names (or class names +
1878 category) to all of the methods and class functions. The selectors are added
1879 as function basenames in the "``.debug_names``" section.
1881 In the "``.apple_names``" section for Objective-C functions, the full name is
1882 the entire function name with the brackets ("``-[NSString
1883 stringWithCString:]``") and the basename is the selector only
1884 ("``stringWithCString:``").
1889 The sections names for the apple hash tables are for non-mach-o files. For
1890 mach-o files, the sections should be contained in the ``__DWARF`` segment with
1893 * "``.apple_names``" -> "``__apple_names``"
1894 * "``.apple_types``" -> "``__apple_types``"
1895 * "``.apple_namespaces``" -> "``__apple_namespac``" (16 character limit)
1896 * "``.apple_objc``" -> "``__apple_objc``"