[iOS]LLDB调试

官方API文档：https://lldb.llvm.org/python_reference/index.html

LLDB是一个有着REPL（read-eval-print-loop 交互式）的特性和C++、Phtyon插件的开源调试器，是Xcode工程中默认的调试器。

一、LLDB语法

[ [...]] [-options [option-value]] [argument [argument...]]

命令和子命令按层级结构来排列。一个命令对象为跟随其的子命令对象创建一个上下文，子命令又为其子命令创建一个上下文，循序往下。

注意：
元素之间通过空格来分割，如果某一元素自身含有空格，则可以使用双引用。如果双引号包含的元素中又包含双引号，则里面的双引号可以改成单引号，也可以在里面的双引号前加反斜杠转义。

例：给方法fetchData设置断点

(lldb) breakpoint set -n fetchData

 例：给方法fetchData设置一个只生效一次的断点

(lldb) breakpoint set -o true -n fetchData

二、LLDB命令的格式

LLDB命令可以用多种格式书写

三、LLDB常用调试命令

1. help

// 查看LLDB所有调试器命令
(lldb) help
 
// 查看有关任何命令的
// 例：(lldb) help breakpoint
(lldb) help 
 
// 查看有关任何特定子命令的更多帮助
// 例：(lldb) help breakpoint set
(lldb) help  

2. breakpoint

breakpoint简写为br

// 给函数设置断点，
// breakpoint可简写为br
// 例：(lldb) breakpoint set -n fetchData
(lldb) br set -n 函数名
 
// 调试指定动态库里的函数
// 例：(lldb) br set -s libafc.tbd -r est
(lldb) br set -s 动态库名 匹配参数
 
// 查看断点列表和序号
(lldb) br list
 
// 删除断点
// 例：(lldb) br delete 12
(lldb) br delete 断点序号
 
// 断点失效
// 例：(lldb) br disable 12
(lldb) br disable 断点序号
 
// 断点生效
// 例：(lldb) br enable 12
(lldb) br enable 断点序号
 
// 给断点添加命令
// 输入指令，直到输入大写的DONE结束。执行到这个断点的时候自动执行下面命令。
// 例：
// Enter your debugger command(s).  Type 'DONE' to end.
// > frame variable value1
// > DONE
// (lldb)
(lldb) breakpoint command add 序号
 
// 查看断点命令列表
// 例：
// (lldb) breakpoint command list 7
// Breakpoint 7:
//    Breakpoint commands:
//      frame variable value1
// (lldb) 
(lldb) breakpoint command list 序号

3. frame

frame简写为fr

// 查看当前堆栈帧的所有变量
(lldb) frame variable
 
// 打印指定变量
// 例：(lldb) frame variable params
(lldb) frame variable 变量名 
 
// 打印出堆栈地址
// 例：(lldb) frame variable -L params
(lldb) frame variable -L 变量名 

4. expression

expression简写为ex

// 表达式，对当前线程上的表达式求值。使用LLDB的默认格式显示任何返回值。
// expression可简写为ex或expr
// 例：(lldb) expression value1 + value2
// 例：(lldb) ex 100 * 1234
(lldb) expression 表达式 

5. thread

thread简写为th

// 显示线程调用堆栈
// 默认为当前线程 all：查看所有线程 unique：查看按unique调用堆栈分组的线程 
// 例：(lldb) thread backtrace all
(lldb) thread backtrace
 
// 过早地从堆栈帧返回，缩短新帧的执行，并可选地产生指定的值。默认为退出当前堆栈帧。
// thread return [-x] -- [] 
// thread return []
// -x(——from-expression) 从最里面的表达式求值返回。
// 例：(lldb) 
(lldb) thread return
 
// 继续执行当前目标流程。可以指定一个或多个线程，默认情况下继续所有线程。 
// 语法:thread continue  [[…]] 
(lldb) thread continue
// 缩写成continue或c
(lldb) c
 
// 单步入，如果有函数进入函数
(lldb) thread step-in
// 缩写成step或者s
(lldb) s
 
// 单步过，如果有函数不进入函数
(lldb) thread step-over
// 缩写成next或者n
(lldb) n
 
// 单步，直接返回到函数结束
(lldb) thread step-out
// 缩写成finish
(lldb) finish
 
// 汇编代码，单步入
(lldb) thread step-inst
 
// 汇编代码，单步过
(lldb) thread step-inst-over

6. watchpoint

watchpoint简写为wa

// 通过变量名添加内存断点
(lldb) watchpoint set variable 变量名
 
// 通过内存地址添加内存断点
(lldb) watchpoint set expression 内存地址
 
// 启用指定的禁用内存断点，如果没有指定则启用所有内存断点。 
// 语法：watchpoint enable [] 
(lldb) watchpoint enable 
 
// 禁用指定的内存断点，而不删除它们，如果没有指定则禁用所有内存断点。 
// 语法：watchpoint disable []
(lldb) watchpoint disable
 
// 删除指定的内存断点，如果没有指定则将它们全部删除。 
// 语法：watchpoint delete  []
(lldb) watchpoint delete 

7. image

// 列出所有模块
(lldb) image list
 
// 在一个或多个目标模块的调试符号中按名称查找类型
// 例：(lldb) image lookup -t SearchVC
(lldb) image lookup -t 类型名称
 
// 在一个或多个目标模块中查找地址和所在行数
// 例：(lldb) image lookup -a testAction
// 例：(lldb) image lookup -a 0x000000015acec504
(lldb) image lookup -a 函数名或函数地址
 
// 查找函数名所在位置
// 例：(lldb) image lookup -n testAction
(lldb) image lookup -n 函数名

8. register

// 读取寄存器，如果不写寄存器名字就列出全部寄存器。
// 例：(lldb) register read x30
// lr = 0x000000010514877c  hdjlm`hdjlm.HDSearchVC.testAction() -> Swift.Float + 260 [inlined] generic specialization  of Swift._allocateUninitializedArray<τ_0_0>(Builtin.Word) -> (Swift.Array<τ_0_0>, Builtin.RawPointer) + 12 at 
(lldb) register read 寄存器名字
// 缩写成 re re 寄存器名字
(lldb) re re 寄存器名字
 
 
// 写入寄存器
// 例：(lldb) register write x29 0x10
(lldb) register write 寄存器名字 数值
// 缩写成re wr
(lldb) re wr 寄存器名字 数值

9. memory

// 查看地址内存值
// 例：(lldb) memory read 0x18819f81c
// 0x18819f81c: fd 7b 01 a9 fd 43 00 91 f3 03 00 aa c8 53 2e b0  .{...C.......S..
// 0x18819f82c: 03 a5 42 f9 08 00 00 f0 08 11 1b 91 7f 00 08 eb  ..B.............
(lldb) memory read 地址值
// 缩写成x
(lldb) x 地址值

四、LLDB所有调试器命令

(lldb) help

Debugger commands:
  apropos           -- List debugger commands related to a word or subject.
  breakpoint        -- Commands for operating on breakpoints (see 'help b' for
                       shorthand.)
  command           -- Commands for managing custom LLDB commands.
  disassemble       -- Disassemble specified instructions in the current
                       target.  Defaults to the current function for the
                       current thread and stack frame.
  expression        -- Evaluate an expression on the current thread.  Displays
                       any returned value with LLDB's default formatting.
  frame             -- Commands for selecting and examing the current thread's
                       stack frames.
  gdb-remote        -- Connect to a process via remote GDB server.
                       If no host is specifed, localhost is assumed.
                       gdb-remote is an abbreviation for 'process connect
                       --plugin gdb-remote connect://:'
  gui               -- Switch into the curses based GUI mode.
  help              -- Show a list of all debugger commands, or give details
                       about a specific command.
  kdp-remote        -- Connect to a process via remote KDP server.
                       If no UDP port is specified, port 41139 is
                       assumed.
                       kdp-remote is an abbreviation for 'process connect
                       --plugin kdp-remote udp://:'
  language          -- Commands specific to a source language.
  log               -- Commands controlling LLDB internal logging.
  memory            -- Commands for operating on memory in the current target
                       process.
  platform          -- Commands to manage and create platforms.
  plugin            -- Commands for managing LLDB plugins.
  process           -- Commands for interacting with processes on the current
                       platform.
  quit              -- Quit the LLDB debugger.
  register          -- Commands to access registers for the current thread and
                       stack frame.
  reproducer        -- Commands for manipulating reproducers. Reproducers make
                       it possible to capture full debug sessions with all its
                       dependencies. The resulting reproducer is used to replay
                       the debug session while debugging the debugger.
                       Because reproducers need the whole the debug session
                       from beginning to end, you need to launch the debugger
                       in capture or replay mode, commonly though the command
                       line driver.
                       Reproducers are unrelated record-replay debugging, as
                       you cannot interact with the debugger during replay.
  script            -- Invoke the script interpreter with provided code and
                       display any results.  Start the interactive interpreter
                       if no code is supplied.
  session           -- Commands controlling LLDB session.
  settings          -- Commands for managing LLDB settings.
  source            -- Commands for examining source code described by debug
                       information for the current target process.
  statistics        -- Print statistics about a debugging session
  swift-healthcheck -- Provides logging related to the Swift expression
                       evaluator, including Swift compiler diagnostics. This
                       makes it easier to identify project misconfigurations
                       that result in module import failures in the debugger.
                       The command is meant to be run after a expression
                       evaluator failure has occurred.
  target            -- Commands for operating on debugger targets.
  thread            -- Commands for operating on one or more threads in the
                       current process.
  trace             -- Commands for loading and using processor trace
                       information.
  type              -- Commands for operating on the type system.
  version           -- Show the LLDB debugger version.
  watchpoint        -- Commands for operating on watchpoints.
Current command abbreviations (type 'help command alias' for more info):
  add-dsym  -- Add a debug symbol file to one of the target's current modules
               by specifying a path to a debug symbols file or by using the
               options to specify a module.
  attach    -- Attach to process by ID or name.
  b         -- Set a breakpoint using one of several shorthand formats.
  bt        -- Show the current thread's call stack.  Any numeric argument
               displays at most that many frames.  The argument 'all' displays
               all threads.
  c         -- Continue execution of all threads in the current process.
  call      -- Evaluate an expression on the current thread.  Displays any
               returned value with LLDB's default formatting.
  continue  -- Continue execution of all threads in the current process.
  detach    -- Detach from the current target process.
  di        -- Disassemble specified instructions in the current target. 
               Defaults to the current function for the current thread and
               stack frame.
  dis       -- Disassemble specified instructions in the current target. 
               Defaults to the current function for the current thread and
               stack frame.
  display   -- Evaluate an expression at every stop (see 'help target
               stop-hook'.)
  down      -- Select a newer stack frame.  Defaults to moving one frame, a
               numeric argument can specify an arbitrary number.
  env       -- Shorthand for viewing and setting environment variables.
  exit      -- Quit the LLDB debugger.
  f         -- Select the current stack frame by index from within the current
               thread (see 'thread backtrace'.)
  file      -- Create a target using the argument as the main executable.
  finish    -- Finish executing the current stack frame and stop after
               returning.  Defaults to current thread unless specified.
  history   -- Dump the history of commands in this session.
               Commands in the history list can be run again using "!". 
               "!-" will re-run the command that is  commands
               from the end of the list (counting the current command).
  image     -- Commands for accessing information for one or more target
               modules.
  j         -- Set the program counter to a new address.
  jump      -- Set the program counter to a new address.
  kill      -- Terminate the current target process.
  l         -- List relevant source code using one of several shorthand formats.
  list      -- List relevant source code using one of several shorthand formats.
  n         -- Source level single step, stepping over calls.  Defaults to
               current thread unless specified.
  next      -- Source level single step, stepping over calls.  Defaults to
               current thread unless specified.
  nexti     -- Instruction level single step, stepping over calls.  Defaults to
               current thread unless specified.
  ni        -- Instruction level single step, stepping over calls.  Defaults to
               current thread unless specified.
  p         -- Evaluate an expression on the current thread.  Displays any
               returned value with LLDB's default formatting.
  parray    -- parray   -- lldb will evaluate EXPRESSION to
               get a typed-pointer-to-an-array in memory, and will display
               COUNT elements of that type from the array.
  po        -- Evaluate an expression on the current thread.  Displays any
               returned value with formatting controlled by the type's author.
  poarray   -- poarray   -- lldb will evaluate EXPRESSION to
               get the address of an array of COUNT objects in memory, and will
               call po on them.
  print     -- Evaluate an expression on the current thread.  Displays any
               returned value with LLDB's default formatting.
  q         -- Quit the LLDB debugger.
  r         -- Launch the executable in the debugger.
  rbreak    -- Sets a breakpoint or set of breakpoints in the executable.
  re        -- Commands to access registers for the current thread and stack
               frame.
  repl      -- Evaluate an expression on the current thread.  Displays any
               returned value with LLDB's default formatting.
  run       -- Launch the executable in the debugger.
  s         -- Source level single step, stepping into calls.  Defaults to
               current thread unless specified.
  shell     -- Run a shell command on the host.
  si        -- Instruction level single step, stepping into calls.  Defaults to
               current thread unless specified.
  sif       -- Step through the current block, stopping if you step directly
               into a function whose name matches the TargetFunctionName.
  step      -- Source level single step, stepping into calls.  Defaults to
               current thread unless specified.
  stepi     -- Instruction level single step, stepping into calls.  Defaults to
               current thread unless specified.
  t         -- Change the currently selected thread.
  tbreak    -- Set a one-shot breakpoint using one of several shorthand formats.
  undisplay -- Stop displaying expression at every stop (specified by stop-hook
               index.)
  up        -- Select an older stack frame.  Defaults to moving one frame, a
               numeric argument can specify an arbitrary number.
  v         -- Show variables for the current stack frame. Defaults to all
               arguments and local variables in scope. Names of argument,
               local, file static and file global variables can be specified.
               Children of aggregate variables can be specified such as
               'var->child.x'.  The -> and [] operators in 'frame variable' do
               not invoke operator overloads if they exist, but directly access
               the specified element.  If you want to trigger operator
               overloads use the expression command to print the variable
               instead.
               It is worth noting that except for overloaded operators, when
               printing local variables 'expr local_var' and 'frame var
               local_var' produce the same results.  However, 'frame variable'
               is more efficient, since it uses debug information and memory
               reads directly, rather than parsing and evaluating an
               expression, which may even involve JITing and running code in
               the target program.
  var       -- Show variables for the current stack frame. Defaults to all
               arguments and local variables in scope. Names of argument,
               local, file static and file global variables can be specified.
               Children of aggregate variables can be specified such as
               'var->child.x'.  The -> and [] operators in 'frame variable' do
               not invoke operator overloads if they exist, but directly access
               the specified element.  If you want to trigger operator
               overloads use the expression command to print the variable
               instead.
               It is worth noting that except for overloaded operators, when
               printing local variables 'expr local_var' and 'frame var
               local_var' produce the same results.  However, 'frame variable'
               is more efficient, since it uses debug information and memory
               reads directly, rather than parsing and evaluating an
               expression, which may even involve JITing and running code in
               the target program.
  vo        -- Show variables for the current stack frame. Defaults to all
               arguments and local variables in scope. Names of argument,
               local, file static and file global variables can be specified.
               Children of aggregate variables can be specified such as
               'var->child.x'.  The -> and [] operators in 'frame variable' do
               not invoke operator overloads if they exist, but directly access
               the specified element.  If you want to trigger operator
               overloads use the expression command to print the variable
               instead.
               It is worth noting that except for overloaded operators, when
               printing local variables 'expr local_var' and 'frame var
               local_var' produce the same results.  However, 'frame variable'
               is more efficient, since it uses debug information and memory
               reads directly, rather than parsing and evaluating an
               expression, which may even involve JITing and running code in
               the target program.
  x         -- Read from the memory of the current target process.
For more information on any command, type 'help '.

五、查询有关任何命令的更多信息

有关任何命令的更多信息，请键入'help '。

例：查看breakpoint命令的更多信息

(lldb) help breakpoint

Commands for operating on breakpoints (see 'help b' for shorthand.)
 
Syntax: breakpoint  []
 
The following subcommands are supported:
 
      clear   -- Delete or disable breakpoints matching the specified source
                 file and line.
      command -- Commands for adding, removing and listing LLDB commands
                 executed when a breakpoint is hit.
      delete  -- Delete the specified breakpoint(s).  If no breakpoints are
                 specified, delete them all.
      disable -- Disable the specified breakpoint(s) without deleting them.  If
                 none are specified, disable all breakpoints.
      enable  -- Enable the specified disabled breakpoint(s). If no breakpoints
                 are specified, enable all of them.
      list    -- List some or all breakpoints at configurable levels of detail.
      modify  -- Modify the options on a breakpoint or set of breakpoints in
                 the executable.  If no breakpoint is specified, acts on the
                 last created breakpoint.  With the exception of -e, -d and -i,
                 passing an empty argument clears the modification.
      name    -- Commands to manage name tags for breakpoints
      read    -- Read and set the breakpoints previously saved to a file with
                 "breakpoint write".  
      set     -- Sets a breakpoint or set of breakpoints in the executable.
      write   -- Write the breakpoints listed to a file that can be read in
                 with "breakpoint read".  If given no arguments, writes all
                 breakpoints.
 
For more help on any particular subcommand, type 'help  '.

六、查询有关任何特定子命令的更多信息

有关任何特定子命令的更多信息，请键入'help '。

例：查看breakpoint命令下delete子命令的更多帮助

(lldb) help breakpoint delete

Delete the specified breakpoint(s).  If no breakpoints are specified, delete
them all.
 
Syntax: breakpoint delete  [id | breakpt-id-list>]
 
Command Options Usage:
  breakpoint delete [-Ddf] [id | breakpt-id-list>]
 
       -D ( --dummy-breakpoints )
            Delete Dummy breakpoints - i.e. breakpoints set before a file is
            provided, which prime new targets.
 
       -d ( --disabled )
            Delete all breakpoints which are currently disabled.  When using
            the disabled option any breakpoints listed on the command line are
            EXCLUDED from deletion.
 
       -f ( --force )
            Delete all breakpoints without querying for confirmation.
     
     This command takes options and free-form arguments.  If your arguments
     resemble option specifiers (i.e., they start with a - or --), you must use
     ' -- ' between the end of the command options and the beginning of the
     arguments.

参考

LLDB之理解LLDB基本命令语法

iOS开发调试 - LLDB使用概览

ios lldb调试指令汇总(持续更新)