Request for enhanced gdb functionality

Igor · March 22, 2019, 11:55am

I had an offline discussion with @jdstrand and @mvo earlier.

I would like to request enhanced debug capability with gdb for snaps.

In the current form, it is very difficult to analyze application runtime, for several reasons:

There is no automatic core dump when one is created.
If one manually sets a core_pattern under /proc/sys (even inside $SNAP writable area), there will be an apparmor denial.
Gdb runs as root, so the reproduction of errors inside the debugger is not identical to what the user may experience when running the snap.

I would request:

Ability to dump cores into an area that is accessible by the snap (but possibly not other snaps) in the context of the current user. Perhaps this would not be a default, but enabled with a separate flag, e.g.: --core-dump.
Ability to run gdb as the user.
Ability to load previously dumped cores in the context of the snap and the user.

@jdstrand @mvo @niemeyer Any comments?

mvo · March 22, 2019, 3:47pm

Thanks for these suggestions!

I created a PR to run gdb as user in https://github.com/snapcore/snapd/pull/6641

We will look at the other ideas too.

mcphail · March 22, 2019, 8:07pm

The loss of core dumps has bitten me a couple of times. Great idea! Difficult to know how best to manage symbol files for snaps, though. Any ideas?

Igor · March 25, 2019, 8:56am

Typically, for stripped binaries, you can do this:

objcopy --add-gnu-debuglink=foo.dbg foo

If the developer has symbols available, then could then link them during debug time, perhaps a combination of --gdb and --symbols option, which would then specify the location of symbols, and the actual linking would be done in the background (objcopy could be part of a symbols interface or similar).

jdstrand · March 25, 2019, 8:05pm

This needs some design since we don’t want snaps modifying core_pattern, etc. I suspect we would want a crash handler ala apport/whoopsie that could process dumps from snaps and put them in the proper location. This should probably be accompanied with a ‘snap set’ command for turning off/on, defaulting to off. If that is in place, it shouldn’t be too difficult to add a companion command to ‘snap run --gdb’ to read the core file from the snap. I’m not sure that the core file should be in an existing SNAP_* location or in /var/cache/snapd/snap.<name>.* or similar.

jamesh · March 27, 2019, 6:01am

A while back, I was working on a PR to get Snapcraft to do this:

github.com/canonical/snapcraft

WIP: pluginhandler: after building a part, separate debug info from executables and strip them

canonical:master ← jhenstridge:separate-debug-info

opened 01:02AM - 01 Sep 18 UTC

jhenstridge

+227 -44

- [x] Have you followed the [guidelines for contributing](https://github.com/sna…pcore/snapcraft/blob/master/CONTRIBUTING.md)? - [x] Have you signed the [CLA](http://www.ubuntu.com/legal/contributors/)? - [ ] If this is a bugfix. Have you checked that there is a bug report open for the issue you are trying to fix on [bug reports](https://bugs.launchpad.net/snapcraft)? - [x] If this is a new feature. Have you discussed the design on the [forum](https://forum.snapcraft.io)? - [x] Have you successfully run `./runtests.sh static`? - [x] Have you successfully run `./runtests.sh tests/unit`? ----- This builds on top of PR #2229, extending the pluginhandler to strip binaries after build, placing the debug symbols in a hierarchy under `./parts/$partname/debug`. For my test project, I was able to run the debugger on one of these stripped executables in my project tree like so (for a part called `open`): $ gdb ... (gdb) set debug-file-directory ./parts/open/debug:/usr/lib/debug (gdb) file ./parts/open/install/bin/open Reading symbols from ./parts/open/install/bin/open...Reading symbols from /home/james/src/ubuntu/open-experiment/parts/open/debug/.build-id/00/01ccfaac25c7fa189899f4051524b486f0d165.debug...done. done. (gdb) I needed to modify the part to actually build with debug information enabled. I also need to work out some way to collect symbols from `.ddeb` packages related to files from `stage-packages`, and finally to select the debug symbols for files eventually primed into the package.

This detached the debug symbols for binaries built by snapcraft itself (i.e. it didn’t handle stuff pulled in by stage-packages), and arranged them in a /usr/lib/debug style hierarchy indexed by build ID. Pointing GDB at these symbols via its debug-file-directory setting was enough to have it find symbols for the snapped binaries.

It’s obviously not a complete solution: collecting the symbols is just the first step towards being able to analyse crashes generated out in the field. It’s a necessary first step though.