We Keep Coding

How to debug custom kernel with GDB and QEMU [duplicate]

I'm new to kernel development and I would like to know how to run/debug the linux kernel using QEMU and gdb. I'm actually reading Robert Love's book but unfortunately it doesn't help the reader on how to install proper tools to run or debug the kernel... So what I did was to follow this tutorial http://opensourceforu.efytimes.com/2011/02/kernel-development-debugging-using-eclipse/. I'm using eclipse as an IDE to develop on the kernel but I wanted first to get it work under QEMU/gdb. So what I did so far was:
1) To compile the kernel with:
make defconfig (then setting the CONFIG_DEBUG_INFO=y in the .config)
make -j4
2) Once the compilation is over I run Qemu using:
qemu-system-x86_64 -s -S /dev/zero -kernel /arch/x86/boot/bzImage
which launch the kernel in "stopped" state
3) Thus I have to use gdb, I try the following command:
gdb ./vmlinux
which run it correctly but... Now I don't know what to do... I know that I have to use remote debugging on the port 1234 (default port used by Qemu), using the vmlinux as the symbol table file for debugging.
So my question is: What should I do to run the kernel on Qemu, attach my debugger to it and thus, get them work together to make my life easier with kernel development.

I'd try:
(gdb) target remote localhost:1234
(gdb) continue
Using the '-s' option makes qemu listen on port tcp::1234, which you can connect to as localhost:1234 if you are on the same machine. Qemu's '-S' option makes Qemu stop execution until you give the continue command.
Best thing would probably be to have a look at a decent GDB tutorial to get along with what you are doing. This one looks quite nice.

Step-by-step procedure tested on Ubuntu 16.10 host
To get started from scratch quickly I've made a minimal fully automated QEMU + Buildroot example at: https://github.com/cirosantilli/linux-kernel-module-cheat/blob/c7bbc6029af7f4fab0a23a380d1607df0b2a3701/gdb-step-debugging.md Major steps are covered below.
First get a root filesystem rootfs.cpio.gz. If you need one, consider:
a minimal init-only executable image: https://unix.stackexchange.com/questions/122717/custom-linux-distro-that-runs-just-one-program-nothing-else/238579#238579
a Busybox interactive system: https://unix.stackexchange.com/questions/2692/what-is-the-smallest-possible-linux-implementation/203902#203902
Then on the Linux kernel:
git checkout v4.15
make mrproper
make x86_64_defconfig
cat <<EOF >.config-fragment
CONFIG_DEBUG_INFO=y
CONFIG_DEBUG_KERNEL=y
CONFIG_GDB_SCRIPTS=y
EOF
./scripts/kconfig/merge_config.sh .config .config-fragment
make -j"$(nproc)"
qemu-system-x86_64 -kernel arch/x86/boot/bzImage \
-initrd rootfs.cpio.gz -S -s \
-append nokaslr
On another terminal, from inside the Linux kernel tree, supposing you want to start debugging from start_kernel:
gdb \
-ex "add-auto-load-safe-path $(pwd)" \
-ex "file vmlinux" \
-ex 'set arch i386:x86-64:intel' \
-ex 'target remote localhost:1234' \
-ex 'break start_kernel' \
-ex 'continue' \
-ex 'disconnect' \
-ex 'set arch i386:x86-64' \
-ex 'target remote localhost:1234'
and we are done!!
For kernel modules see: How to debug Linux kernel modules with QEMU?
For Ubuntu 14.04, GDB 7.7.1, hbreak was needed, break software breakpoints were ignored. Not the case anymore in 16.10. See also: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/901944
The messy disconnect and what come after it are to work around the error:
Remote 'g' packet reply is too long: 000000000000000017d11000008ef4810120008000000000fdfb8b07000000000d352828000000004040010000000000903fe081ffffffff883fe081ffffffff00000000000e0000ffffffffffe0ffffffffffff07ffffffffffffffff9fffff17d11000008ef4810000000000800000fffffffff8ffffffffff0000ffffffff2ddbf481ffffffff4600000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f0300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000801f0000
Related threads:
https://sourceware.org/bugzilla/show_bug.cgi?id=13984 might be a GDB bug
Remote 'g' packet reply is too long
http://wiki.osdev.org/QEMU_and_GDB_in_long_mode osdev.org is as usual an awesome source for these problems
https://lists.nongnu.org/archive/html/qemu-discuss/2014-10/msg00069.html
nokaslr: https://unix.stackexchange.com/questions/397939/turning-off-kaslr-to-debug-linux-kernel-using-qemu-and-gdb/421287#421287
Known limitations:
the Linux kernel does not support (and does not even compile without patches) with -O0: How to de-optimize the Linux kernel to and compile it with -O0?
GDB 7.11 will blow your memory on some types of tab completion, even after the max-completions fix: Tab completion interrupt for large binaries Likely some corner case which was not covered in that patch. So an ulimit -Sv 500000 is a wise action before debugging. Blew up specifically when I tab completed file<tab> for the filename argument of sys_execve as in: https://stackoverflow.com/a/42290593/895245
See also:
https://github.com/torvalds/linux/blob/v4.9/Documentation/dev-tools/gdb-kernel-debugging.rst official Linux kernel "documentation"
Linux kernel live debugging, how it's done and what tools are used?

When you try to start vmlinux exe using gdb, then first thing on gdb is to issue cmds:
(gdb) target remote localhost:1234
(gdb) break start_kernel
(continue)
This will break the kernel at start_kernel.

BjoernID's answer did not really work for me. After the first continuation, no breakpoint is reached and on interrupt, I would see lines such as:
0x0000000000000000 in ?? ()
(gdb) break rapl_pmu_init
Breakpoint 1 at 0xffffffff816631e7
(gdb) c
Continuing.
^CRemote 'g' packet reply is too long: 08793000000000002988d582000000002019[..]
I guess this has something to do with different CPU modes (real mode in BIOS vs. long mode when Linux has booted). Anyway, the solution is to run QEMU first without waiting (i.e. without -S):
qemu-system-x86_64 -enable-kvm -kernel arch/x86/boot/bzImage -cpu SandyBridge -s
In my case, I needed to break at something during boot, so after some deciseconds, I ran the gdb command. If you have more time (e.g. you need to debug a module that is loaded manually), then the timing doesn't really matter.
gdb allows you to specify commands that should be run when started. This makes automation a bit easier. To connect to QEMU (which should now already be started), break on a function and continue execution, use:
gdb -ex 'target remote localhost:1234' -ex 'break rapl_pmu_init' -ex c ./vmlinux

As for me the best solution for debugging the kernel - is to use gdb from Eclipse environment. You should just set appropriate port for gdb (must be the same with one you specified in qemu launch string) in remote debugging section. Here is the manual:
http://www.sw-at.com/blog/2011/02/11/linux-kernel-development-and-debugging-using-eclipse-cdt/

On Linux systems, vmlinux is a statically linked executable file that contains
the Linux kernel in one of the object file formats supported by Linux, which
includes ELF, COFF and a.out. The vmlinux file might be required for kernel
debugging, symbol table generation or other operations, but must be made
bootable before being used as an operating system kernel by adding a multiboot
header, bootsector and setup routines.
An image of this initial root file system must be stored somewhere accessible
by the Linux bootloader to the boot firmware of the computer. This can be the
root file system itself, a boot image on an optical disc, a small partition on
a local disk (a boot paratition, usually using ext4 or FAT file systems), or a
TFTP server (on systems that can boot from Ethernet).
Compile linux kernel
Build the kernel with this series applied, enabling CONFIG_DEBUG_INFO (but leave CONFIG_DEBUG_INFO_REDUCED off)
https://www.kernel.org/doc/html/latest/admin-guide/README.html
https://wiki.archlinux.org/index.php/Kernel/Traditional_compilation
https://lwn.net/Articles/533552/
Install GDB and Qemu
sudo pacman -S gdb qemu
Create initramfs
#!/bin/bash
# Os : Arch Linux
# Kernel : 5.0.3
INIT_DIR=$(pwd)
BBOX_URL="https://busybox.net/downloads/busybox-1.30.1.tar.bz2"
BBOX_FILENAME=$(basename ${BBOX_URL})
BBOX_DIRNAME=$(basename ${BBOX_FILENAME} ".tar.bz2")
RAM_FILENAME="${INIT_DIR}/initramfs.cpio.gz"
function download_busybox {
wget -c ${BBOX_URL} 2>/dev/null
}
function compile_busybox {
tar xvf ${BBOX_FILENAME} && cd "${INIT_DIR}/${BBOX_DIRNAME}/"
echo "[*] Settings > Build options > Build static binary (no shared libs)"
echo "[!] Please enter to continue"
read tmpvar
make menuconfig && make -j2 && make install
}
function config_busybox {
cd "${INIT_DIR}/${BBOX_DIRNAME}/"
rm -rf initramfs/ && cp -rf _install/ initramfs/
rm -f initramfs/linuxrc
mkdir -p initramfs/{dev,proc,sys}
sudo cp -a /dev/{null,console,tty,tty1,tty2,tty3,tty4} initramfs/dev/
cat > "${INIT_DIR}/${BBOX_DIRNAME}/initramfs/init" << EOF
#!/bin/busybox sh
mount -t proc none /proc
mount -t sysfs none /sys
exec /sbin/init
EOF
chmod a+x initramfs/init
cd "${INIT_DIR}/${BBOX_DIRNAME}/initramfs/"
find . -print0 | cpio --null -ov --format=newc | gzip -9 > "${RAM_FILENAME}"
echo "[*] output: ${RAM_FILENAME}"
}
download_busybox
compile_busybox
config_busybox
Boot Linux Kernel With Qemu
#!/bin/bash
KER_FILENAME="/home/debug/Projects/kernelbuild/linux-5.0.3/arch/x86/boot/bzImage"
RAM_FILENAME="/home/debug/Projects/kerneldebug/initramfs.cpio.gz"
qemu-system-x86_64 -s -kernel "${KER_FILENAME}" -initrd "${RAM_FILENAME}" -nographic -append "console=ttyS0"
$ ./qemuboot_vmlinux.sh
SeaBIOS (version 1.12.0-20181126_142135-anatol)
iPXE (http://ipxe.org) 00:03.0 C980 PCI2.10 PnP PMM+07F92120+07EF2120 C980
Booting from ROM...
Probing EDD (edd=off to disable)... o
[ 0.019814] Spectre V2 : Spectre mitigation: LFENCE not serializing, switching to generic retpoline
can't run '/etc/init.d/rcS': No such file or directory
Please press Enter to activate this console.
/ # uname -a
Linux archlinux 5.0.3 #2 SMP PREEMPT Mon Mar 25 10:27:13 CST 2019 x86_64 GNU/Linux
/ #
Debug Linux Kernel With GDB
~/Projects/kernelbuild/linux-5.0.3 ➭ gdb vmlinux
...
(gdb) target remote localhost:1234
Remote debugging using localhost:1234
0xffffffff89a4b852 in ?? ()
(gdb) break start_kernel
Breakpoint 1 at 0xffffffff826ccc08
(gdb)
Display all 190 possibilities? (y or n)
(gdb) info functions
All defined functions:
Non-debugging symbols:
0xffffffff81000000 _stext
0xffffffff81000000 _text
0xffffffff81000000 startup_64
0xffffffff81000030 secondary_startup_64
0xffffffff810000e0 verify_cpu
0xffffffff810001e0 start_cpu0
0xffffffff810001f0 __startup_64
0xffffffff81000410 pvh_start_xen
0xffffffff81001000 hypercall_page
0xffffffff81001000 xen_hypercall_set_trap_table
0xffffffff81001020 xen_hypercall_mmu_update
0xffffffff81001040 xen_hypercall_set_gdt
0xffffffff81001060 xen_hypercall_stack_switch
0xffffffff81001080 xen_hypercall_set_callbacks
0xffffffff810010a0 xen_hypercall_fpu_taskswitch
0xffffffff810010c0 xen_hypercall_sched_op_compat
0xffffffff810010e0 xen_hypercall_platform_op

How to debug binaries from a MIPS firmware

I'm trying to exploit the binaries from Damn vulnerable Router Firmware but I have issues with debuggging with gdb.
to run the program i use this command :
sudo chroot . ./qemu-mipsel-static ./pwnable/Intro/stack_bof_01
and it works but when i try to run gdb with :
sudo chroot . ./qemu-mipsel-static gdb ./pwnable/Intro/stack_bof_01
I have that :
(gdb) r
Starting program: /pwnable/Intro/stack_bof_01
qemu: Unsupported syscall: 4026
Cannot exec /bin/bash: No such file or directory.
qemu: Unsupported syscall: 4026
Could not open /proc/12532/status
I tried to copy the binary in a qemu VM but I don't have the whole system so it don't work.
So , please , what's is the best way to debug a program from a firmware on a different architecture than x86 ?

In qemu user mode, run the program using the command with the option -g:
sudo chroot . ./qemu-mipsel-static -g 1234 ./pwnable/Intro/stack_bof_01
then start the gdb-multiarch (or gdb that corresponds to that architecture), and attach to it like this:
target remote 127.0.0.1:1234
then you can debug it happily.

remote core file analysis with eclipse

I want to use eclipse IDE as front-end GUI to debug a core file of another OS that is docker'ed in my host. With 'gdbserver' in the docker i can only debug a running process. But i need post-mortem debugging of core files.
I tried some /home/me/bin/remote_gdb wrapper that uses
docker exec -it $DOCKER_CONTAINER bash -c "gdb /usr/bin/executable /opt/crash/executable.core
This works using in a shell. But it fails using in 'eclipse' because of
Could not determine GDB version using command: remote_gdb --version
even though 'remote_gdb --version' prints out exactly the same as the original 'gdb --version'.
I could make something work with 'ddd' as a front-end - let me exercise:
> cd $HOME/SRC
> ls -l
total 4
-rw-rw-r-- 1 frank frank 96 Aug 24 18:04 test.c
> cat test.c
#include <stdio.h>
int main(int argc, char** argv)
{
printf("hello, world!\n");
return 0;
}
> docker run -v $HOME/SRC:/SRC -t fedora /bin/bash
// IN DOCKER NOW:
>> yum install gcc
[...]
>> yum install gdb
[...]
>> cd /SRC
>> gcc -g3 -O0 -o test test.c
>> ls -l
total 40
-rwxr-xr-x 1 root root 34864 Aug 24 16:26 test
-rw-rw-r-- 1 1000 1000 96 Aug 24 16:04 test.c
Back in Host:
> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e501d8384060 fedora "/bin/bash" 4 minutes ago Up 4 minutes stupefied_murdock
> cat $HOME/bin/remote_gdb
#!/bin/bash
docker exec -it e501d8384060 gdb /SRC/test
> remote_gdb # $HOME/bin/ is in $PATH
GNU gdb (GDB) Fedora 8.0-20.fc26
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /SRC/test...done.
(gdb) list
1 #include <stdio.h>
2
3 int main(int argc, char** argv)
4 {
5 printf("hello, world!\n");
6 return 0;
7 }
8
(gdb)
Switching back to the shell, where i am in the docker - see 'gdb' is running:
>> yum install procps-ng
[...]
>> ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 16:22 ? 00:00:00 /bin/bash
root 16 0 0 16:23 ? 00:00:00 bash
root 116 0 0 16:28 ? 00:00:00 gdb /SRC/test
root 131 16 0 16:30 ? 00:00:00 ps -ef
Back again on the host shell (after quit gdb session in docker):
> ddd --debugger remote_gdb
The 'ddd' plays nicely with gdb started in docker.
And it also works with core-files (add a "sleep(100);" and kill the process).
But 'ddd' doesn't have a really good GUI.
So what's the way to make such work with 'eclipse'?
I also couldn't make it work with other options: 'qtcreator', 'kdevelop', 'nemiver', 'kdbg', etc
Addendum:
It also doesn't work with 'ssh' into container.
But when i execute the same 'remote_gdb' wrapper script as 'External Tool' it can be executed(?!)

I partially could solve the issue.
The main problem was: my docker command does not provide a tty to eclipse.
As a workaround i switched over to 'ssh' into the docker image.
Moreover i had to align the file locations (executable, core-file and source-files) between host and docker image. Because using a 'gdb' wrapper script, 'eclipse' is not aware that i am debugging remotely and verifies all files for local availability.
This works for post-mortem debugging (core file analysis) and attaching a running process in docker (in general on the remote system).
However, it does not work for starting up a process in gdb via eclipse.
So used 'strace' to check for the activities between 'eclipse' and 'gdb' and found out, that for starting up a new process in 'gdb', 'eclipse' tries to apply some '--interpreter mi2 -nx' command:
inferior-tty-set --thread-group i1 /dev/pts/27
Does it mean it tries to bind a local tty to gdb?
That of course does not work remotely.
What is the reason to use "inferior-tty-set" by 'eclipse'?
It doesn't use this command for doing post-mortem debugging or attaching a running process - while for both i even have a gdb console operable in 'eclipse'
?

"please check gdb is codesigned - see taskgated(8)" - How to get gdb installed with homebrew code signed?

I'm under osx 10.8.4 and have installed gdb 7.5.1 with homebrew (motivation get a new gdb with new features such as --with-python etc... )
Long story short when I run debug within a c++ Eclipse project I get :
Error in final launch sequence
Failed to execute MI command:
-exec-run
Error message from debugger back end:
Unable to find Mach task port for process-id 46234: (os/kern) failure (0x5).
(please check gdb is codesigned - see taskgated(8))
Unable to find Mach task port for process-id 46234: (os/kern) failure (0x5).
(please check gdb is codesigned - see taskgated(8))
I have followed various suggestions for code signing
https://sourceware.org/gdb/wiki/BuildingOnDarwin
partly http://www.noktec.be/archives/1251 with various adjusts
So I did:
Set up the certificate
Sign the gdb -> codesign -s gdb-cert /usr/local/bin/gdb
When I re-run debugging in Eclipse I get same error as above "(please check gdb is codesigned - see taskgated(8))".
If I set back the gdb to the older gdb (in the gdb preferences of Eclipse) /usr/libexec/gdb/gdb-i386-apple-darwin the debugging runs as expected.
Any solutions / hints out there ?
Thx
Pelle

This error occurs because OSX implements a pid access policy which requires a digital signature for binaries to access other processes pids. To enable gdb access to other processes, we must first code sign the binary. This signature depends on a particular certificate, which the user must create and register with the system.
To create a code signing certificate, open the Keychain Access application. Choose menu Keychain Access -> Certificate Assistant -> Create a Certificate…
Choose a name for the certificate (e.g., gdb-cert), set Identity Type to Self Signed Root, set Certificate Type to Code Signing and select the Let me override defaults. Click several times on Continue until you get to the Specify a Location For The Certificate screen, then set Keychain to System.
Double click on the certificate, open Trust section, and set Code Signing to Always Trust. Exit Keychain Access application.
Restart the taskgated service, and sign the binary.
$ sudo killall taskgated
$ codesign -fs gdb-cert "$(which gdb)"
source http://andresabino.com/2015/04/14/codesign-gdb-on-mac-os-x-yosemite-10-10-2/
On macOS 10.12 (Sierra) and later, you must also
Use gdb 7.12.1 or later
Additionally prevent gdb from using a shell to start the program to be debugged. You can use the following command for this inside gdb:
set startup-with-shell off
You can also put this last command in a file called .gdbinit in your home directory, in which case it will be applied automatically every time you start gdb
echo "set startup-with-shell off" >> ~/.gdbinit
SOURCE:
https://sourceware.org/gdb/wiki/BuildingOnDarwin

I upgraded to gdb 8.3 and was not able to make things working.
This helped me:
codesign --entitlements gdb.xml -fs gdb-cert /usr/local/bin/gdb
Where content of gdb.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
<key>com.apple.security.cs.debugger</key>
<true/>
<key>com.apple.security.get-task-allow</key>
<true/>
</dict>
</plist>
I found this solution here: https://timnash.co.uk/getting-gdb-to-semi-reliably-work-on-mojave-macos/
Note: Without the entitlement I was able to run gdb only with sudo.

I experienced the same issue with GDB.
I am running under Mac OS X 10.8.5 aka Mountain Lion.
I am using GDB version 7.7.1.
I compiled my test program with following command:
g++ -o gdb-sample.out -g gdb-sample.cpp
If I entered the command gdb sample.out, I get the same cryptic error message:
"Unable to find Mach task port for process-id 46234: (os/kern) failure (0x5). (please check gdb is codesigned - see taskgated(8))"
This error message however is a red herring.
The solution I found that worked for me was to simply invoke GDB using the superuser acct:
sudo gdb sample.out.
That works fine for me.
And that from that point I could run GDB example.out without using sudo.
Hope this helps and works for others.
RSVP if it doesn't.

I made gdb work on OSX 10.9 without codesigning this way (described here):
Install gdb with macports. (may be you can skip it)
sudo nano /System/Library/LaunchDaemons/com.apple.taskgated.plist
change option string from -s to -sp at line 22, col 27.
Reboot the computer.
Use gdb. If you installed it with mac ports then you must use ggdb command. Or made an alias in your config file:
alias gdb='ggdb'
and use 'gdb' command then.

None of this worked for me and I had to go with a long run.
Here is a full list of steps I've done to get it working.
Create a certificate to sign the gdb.
Unfortunately, system certificate gave me Unknown Error = -2,147,414,007 which is very helpful, so I had to go with a workaround.
Keychain Access -> Create certificate ->
Pick login, gdb-cert, Code Signing
Copy/move certificate to the System keychain (enter password)
Select certificate (gdb-cert) click Get info -> Trust Always
Disable startup-with-shell
Enter in console: set startup-with-shell off
Remember configuration:
echo "set startup-with-shell off" >>~/.gdbinit
Enable Root User
Go to System Preferences -> Users & Groups -> Unlock it -> Login Options -> Network Account Server -> Join -> Unlock it -> Edit (menu) -> Enable Root User
sudo killall taskgated
Finally sign gdb
codesign -fs gdb-cert "$(which gdb)"
Disable Root User (Step 4)
Reboot if still does not work. (if nothing else works, most likely it works already)
PS. I ended up using lldb because it just works (tutorial)

For anyone who using Sierra 10.12.6 (and above) and Homebrew, /usr/local/bin/gdb is a symbolic link to /usr/local/Cellar/gdb/8.0/bin/gdb (or whatever version, e.g. 8.0.1).
You need to codesign both link and target:
codesign -fs gdb-cert /usr/local/bin/gdb
codesign -fs gdb-cert "/usr/local/Cellar/gdb/8.0/bin/gdb"
Or, if you have greadlink (installed via brew install coreutils):
codesign -fs gdb-cert $(which gdb)
codesign -fs gdb-cert $(greadlink -f $(which gdb))

This may not be related. You can use lldb on macos instead of gdb. You don't need this hassle to install gdb.
lldb(http://lldb.llvm.org) is already installed by default in High Sierra

This is what worked for me on Big Sur: https://dev.to/jasonelwood/setup-gdb-on-macos-in-2020-489k. The crucial missing step from other guides was the --entitlements gdb-entitlement.xml option for codesigning:
I am copying here the file gdb-entitlement.xml for reference in case the linked site disappears:
codesign --entitlements gdb-entitlement.xml -fs
where <gdb-cert> is the name of the certificate and is the path to the gdb executable
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.cs.allow-jit</key><true/><key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/><key>com.apple.security.cs.allow-dyld-environment-variables</key><true/><key>com.apple.security.cs.disable-library-validation</key><true/><key>com.apple.security.cs.disable-executable-page-protection</key><true/><key>com.apple.security.cs.debugger</key><true/><key>com.apple.security.get-task-allow</key><true/></dict></plist>

I wonder if the global change in the highest voted answer here has some unintended consequences.
Rather than enabling the old Tiger convention, taskgated does allow signed code to run. So it might be better to just get a signed cert for gdb, similar to the answer here.
After this I was able to sudo use gdb. If you need to use gdb w/o sudo then perhaps this link will help though, disclaimer, I haven't tried it yet because using sudo is an ok solution for now`.

I can recommend to follow this gist:
https://gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d#file-codesign_gdb-md
With trick to overcome: unknown error = -2,147,414,007 during Certificate Creation described here:
https://apple.stackexchange.com/a/309123
Notes:
Path for gdb installed as homebrew package should be something like: /usr/local/Cellar/gdb/9.2/bin/gdb
And csrutil enable --without debug will cause a message about requesting unsupported configuration, like here:
https://totalfinder.binaryage.com/system-integrity-protection
Test:
○ → sw_vers -productVersion
10.13.6
○ → gdb ./a.out
GNU gdb (GDB) 9.2
...
Thread 3 hit Breakpoint 1, main () at main.c:14
14 data_t d = {0};

gdb 8.3;
My problem is the same as the guy above,
solved by
codesign --entitlements gdb.xml -fs gdb-cert /usr/local/bin/gdb

How to debug a running C++ program in Linux?

I have a question about debugging a running C++ program in Linux. If a programming is already running and can't be interrupted, how to do that.
I can find three ways, but I don't know too much about details, I am grateful if any one can elaborate it deeper.
1) we can use GDB by specifying the process ID
gdb -p PID
In this case, what's the difference between this and attach PID?
2) We can use pstat, however, I am using Ubuntu, no pstat, but only mpstat
it seems that mpstat does not provide too much information, and not so many options.
3) check the details information under directory ./proc
In this case, just go to the directory with the PID. However, should this be done mannually?

I can't find -p option in gdb man or their documentation, but it does work! I've tried it many times with older versions on RedHat and 7.0.1 on Debian.
I'm not sure how exactly it finds the exe by PID (maybe /proc/<PID>/exe), but it does. Since it's not described in their documentation, perhaps it not the most recommended way, but I haven't had any problems with it.
There's no noticeable difference between gdb -p <PID> and running gdb and in the their shell typing attach <PID>.
I personally prefer ps xa| grep myprogram for getting the PID

In regards to technique 1, there is no -p flag and you still need the name of the program:
gdb prog PID
There is no difference between doing that vs running gdb prog and then telling gdb attach pid.

Use ps -ef | grep <your program> to get the PID. Then run gdb <your program> <PID>.
pstat is not a standard command. I've only used it with Solaris.
e.g.
gayan#gayan:~/FE/bin> ./fe&
[1] 5866
gayan#gayan:~/FE/bin> ps -ef | grep fe
gayan 5866 5836 2 10:19 pts/3 00:00:00 ./fe
gayan 5871 5836 0 10:19 pts/3 00:00:00 grep fe
gayan#gayan:~/FE/bin> gdb fe 5866
GNU gdb (GDB; openSUSE 11.1) 6.8.50.20081120-cvs
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i586-suse-linux".
For bug reporting instructions, please see:
<http://bugs.opensuse.org/>...
Attaching to program: /home/gayan/FE/bin/fe, process 5866
The above was run on openSuse but should work on Ubuntu.