1.單步調(diào)試

單步調(diào)試通常分為兩大類墩瞳，一類為源碼級別（source level），一類為指令級別（instrution level）。一行源代碼一般需要多行匯編才可以實(shí)現(xiàn)，所以當(dāng)我們越獄開發(fā)調(diào)試匯編指令單步調(diào)試需要用到（instrution level）指令級別瘾杭。而每一大類又分為step-in和step-over，step-in會進(jìn)入函數(shù)調(diào)用哪亿，而step-over會跳過函數(shù)調(diào)用灰羽。

單步調(diào)試

1.1源碼級別（source level）

1.1.1 step-in

(lldb) thread step-in
(lldb) step
(lldb) s

以上三條命令是等同的呵燕。假如我們在ViewController的第20行下了斷點(diǎn)，每執(zhí)行一次上述命令斷點(diǎn)會跳轉(zhuǎn)到下一行源代碼位置，如果下一行是一個函數(shù)調(diào)用屹堰，會進(jìn)入函數(shù)調(diào)用內(nèi)部蛤铜。比如當(dāng)執(zhí)行到23行時(shí)瞬内，輸入s命令藻治，會進(jìn)入testMethod函數(shù)內(nèi)部，跳轉(zhuǎn)到39行板辽。

1.1.2 step-over

(lldb) thread step-over
(lldb) next
(lldb) n

以上三條命令是等同的奇瘦。假如我們在ViewController的第20行下了斷點(diǎn)，每執(zhí)行一次上述命令斷點(diǎn)會跳轉(zhuǎn)到下一行源代碼位置劲弦，如果下一行是一個函數(shù)調(diào)用耳标，則不會進(jìn)入函數(shù)調(diào)用內(nèi)部。比如當(dāng)執(zhí)行到23行時(shí)邑跪，輸入n命令次坡，卻不會跳轉(zhuǎn)到39行，而是45行（之所以會跳轉(zhuǎn)到45行画畅，因?yàn)樵?5行設(shè)置了斷點(diǎn)）砸琅。

• s和n都是跳轉(zhuǎn)到斷點(diǎn)的下一行源代碼位置，區(qū)別為轴踱，如果下一行源代碼有函數(shù)調(diào)用症脂，s會進(jìn)入函數(shù)內(nèi)部，n則會跳過函數(shù)執(zhí)行寇僧。如果沒有函數(shù)調(diào)用則兩組命令沒有任何區(qū)別摊腋。

1.2指令級別（instrution level）

理解了s和n命令的區(qū)別沸版。si和ni同理嘁傀。假如匯編指令有一個bl跳轉(zhuǎn)指令，si會單步進(jìn)入bl指令的子函數(shù)內(nèi)部视粮，而ni就不會细办。

1.2.1 step-in

(lldb) thread step-inst
(lldb) si

1.1.2 step-over

(lldb) thread step-inst-over
(lldb) ni

1.3 step-out

(lldb) thread step-out
(lldb) finish

• setp out 從一個函數(shù)跳出。
• 如果沒有執(zhí)行s或者si，卻執(zhí)行了finish笑撞，其實(shí)會跳轉(zhuǎn)到匯編指令bl的下一條位置（step out默認(rèn)是從一個函數(shù)跳出岛啸，對系統(tǒng)函數(shù)調(diào)用一定是通過bl執(zhí)行了函數(shù)調(diào)用，下一個位置必定為bl的下一個位置）
• 要從嵌套的step out中退出茴肥，執(zhí)行c命令即可跳轉(zhuǎn)到下一個斷點(diǎn)坚踩。

對于單步調(diào)試總結(jié)下：對于逆向開發(fā)si和ni命令會使用較多，正向App開發(fā)瓤狐，s和n命令較多

1.4 s（si）瞬铸、n（ni）和xcode調(diào)試工具對應(yīng)關(guān)系

xcode調(diào)試工具

1.3.1xcode第二個圖標(biāo)

• 點(diǎn)擊第二個圖標(biāo)，同continue命令础锐，即c是等同的嗓节，跳轉(zhuǎn)到下一個斷點(diǎn)。

1.3.2xcode第三個圖標(biāo)

• 點(diǎn)擊第三個圖標(biāo)皆警，同thread step-over（next拦宣、n）。
• 按住Control鍵信姓，同時(shí)點(diǎn)擊第三個圖標(biāo)鸵隧，同thread step-inst-over（ni）命令。
• 同時(shí)按住Control鍵+Shift鍵意推，并同時(shí)點(diǎn)擊第三個圖標(biāo)掰派，同thread step-over（next、n）左痢。

1.3.3xcode第四個圖標(biāo)

• 點(diǎn)擊第四個圖標(biāo)靡羡，同thread step-in（step、s）俊性。
• 按住Control鍵略步，同時(shí)點(diǎn)擊第四個圖標(biāo)，同thread step-inst（si）命令定页。我們可以通過xcode調(diào)試時(shí)趟薄，按住Control鍵，會發(fā)現(xiàn)需要點(diǎn)擊多次斷點(diǎn)才會移動到下一行（原因是一行源代碼一般需要多行匯編才可以實(shí)現(xiàn)）
• 同時(shí)按住Control鍵+Shift鍵典徊，并同時(shí)點(diǎn)擊第四個圖標(biāo)杭煎，同同thread step-in（step、s）卒落。

1.3.4xcode第五個圖標(biāo)

• 點(diǎn)擊第五個圖標(biāo)羡铲，同finish（即f命令，thread step-out）

2.斷點(diǎn)命令

2.1設(shè)置斷點(diǎn)

• 通過函數(shù)名字設(shè)置斷點(diǎn)

(lldb) breakpoint set --name "-[NSString stringWithFormat:]"
(lldb) br s -n "-[NSString stringWithFormat:]"
(lldb) b -[NSString stringWithFormat:]

• 通過地址設(shè)置斷點(diǎn)

(lldb) breakpoint set --address 0x00000001c44441d0
(lldb) br s -a 0x00000001c44441d0

2.2列舉所有斷點(diǎn)

(lldb) breakpoint list
(lldb) br l

2.3刪除斷點(diǎn)

(lldb) breakpoint delete 1
(lldb) br del 1

3. expression命令

3.1打印變量

• print 簡寫p 是 expression -- 別名儡毕，打印基本數(shù)據(jù)類型也切。
• po 是 expr -o -- 的別名。

(lldb) expr -o -- [SomeClass returnAnObject]
or using the po alias:
(lldb) po [SomeClass returnAnObject]

以特定格式打印變量
下面分別以16進(jìn)制（x），字符（c）雷恃，二進(jìn)制（t）打印變量

(lldb) p/x 2
(int) $0 = 0x00000002

(lldb) p/c (char)97
(char) $2 = 'a'

(lldb) p/t 2
(int) $4 = 0b00000000000000000000000000000010

• 更多格式化參看 http://lldb.llvm.org/varformats.html

3.2申明變量

(lldb) e NSString* abc = @"abc"
(lldb) po abc
abc

3.3修改變量

在如下函數(shù)設(shè)置斷點(diǎn)

修改變量

如圖所示疆股，ii初始值為0，但是可以通過expression命令修改其初始化值為 10000

lldb) p ii
(int) $0 = 0
(lldb) e ii = 10000
(int) $1 = 10000
(lldb) p ii
(int) $2 = 10000

4.調(diào)試信息

• frame info 可以查看當(dāng)前調(diào)試的行數(shù)和源碼信息

(lldb) frame info
frame #0: 0x0000000104cc6d1c TestPAD`-[ViewController testParam:b:c:d:](self=0x0000000149d0aaa0, _cmd="testParam:b:c:d:", a=10, b=20, c=30, d=40) at ViewController.m:31

• thread info 可以查看當(dāng)前調(diào)試線程倒槐、行數(shù)旬痹、和源碼信息

(lldb) thread info 
thread #1: tid = 0xfb0ab5, 0x0000000104cc6d1c TestPAD`-[ViewController testParam:b:c:d:](self=0x0000000149d0aaa0, _cmd="testParam:b:c:d:", a=10, b=20, c=30, d=40) at ViewController.m:31, queue = 'com.apple.main-thread', stop reason = breakpoint 9.1

• thread list 可以查看當(dāng)前所有線程的調(diào)試狀態(tài)

lldb) thread list
Process 29252 stopped
* thread #1: tid = 0xfb0ab5, 0x0000000104cc6d1c TestPAD`-[ViewController testParam:b:c:d:](self=0x0000000149d0aaa0, _cmd="testParam:b:c:d:", a=10, b=20, c=30, d=40) at ViewController.m:31, queue = 'com.apple.main-thread', stop reason = breakpoint 9.1
  thread #3: tid = 0xfb0ad8, 0x000000018608fdf4 libsystem_dnssd.dylib`ConvertHeaderBytes, queue = 'com.skyeye.analytics.network.queue'
  thread #4: tid = 0xfb0ad9, 0x00000001860f5dbc libsystem_kernel.dylib`__workq_kernreturn + 8
  thread #5: tid = 0xfb0ada, 0x0000000186206c1c libsystem_pthread.dylib`start_wqthread
  thread #6: tid = 0xfb0adb, 0x00000001860d4bc4 libsystem_kernel.dylib`mach_msg_trap + 8, queue = 'com.SkyEye.905541C85D654B539C85DEECF2689651.0x1c0462b00.network'
  thread #7: tid = 0xfb0adc, 0x00000001860d4bc4 libsystem_kernel.dylib`mach_msg_trap + 8, name = 'com.apple.uikit.eventfetch-thread'
  thread #8: tid = 0xfb0ade, 0x00000001860f5c1c libsystem_kernel.dylib`__ulock_wait + 8, queue = 'com.skyeye.analytics.interface.queue'
  thread #9: tid = 0xfb0ae0, 0x00000001860d4bc4 libsystem_kernel.dylib`mach_msg_trap + 8, name = 'com.apple.NSURLConnectionLoader'
  thread #10: tid = 0xfb0ae2, 0x0000000186206c1c libsystem_pthread.dylib`start_wqthread

• frame variable（簡寫 fr v）當(dāng)前調(diào)試堆棧的所有參數(shù)和臨時(shí)變量

(lldb) frame variable
(ViewController *) self = 0x0000000149d0aaa0
(SEL) _cmd = "testParam:b:c:d:"
(int) a = 10
(int) b = 20
(int) c = 30
(int) d = 40
(int) ii = 10000

• register read 返回當(dāng)前線程通用寄存器的值（對64為對應(yīng)x0-x31）

 lldb) register read
General Purpose Registers:
        x0 = 0x0000000149d0aaa0
        x1 = 0x0000000104d9dd46  "testParam:b:c:d:"
        x2 = 0x000000000000000a
        x3 = 0x0000000000000014
        x4 = 0x000000000000001e
        x5 = 0x0000000000000028
        x6 = 0x0000000000000000
        x7 = 0x000000016b156808
        x8 = 0x0000000104dd9330  "testParam:b:c:d:"
        x9 = 0x0000000000000000
       x10 = 0x0086860100868680
       x11 = 0x0000000000868601
       x12 = 0x0000000000868500
       x13 = 0x0000000000000001
       x14 = 0x0000000000000000
       x15 = 0x00868601008686c0
       x16 = 0x0000000000000000
       x17 = 0x0000000104cc6cf4  TestPAD`-[ViewController testParam:b:c:d:] at ViewController.m:29
       x18 = 0x0000000000000000
       x19 = 0x00000001b70ab8c0  UIKit`_UIApplicationLinkedOnVersion
       x20 = 0x0000000149d0aaa0
       x21 = 0x0000000000000018
       x22 = 0x0000000190799d6a  "count"
       x23 = 0x0000000000000000
       x24 = 0x0000000000000000
       x25 = 0x000000014a017c00
       x26 = 0x0000000000000408
       x27 = 0x00000001c0099410
       x28 = 0x0000000000000000
        fp = 0x000000016b157f60
        lr = 0x0000000104cc6bbc  TestPAD`-[ViewController viewDidLoad] + 164 at ViewController.m:24
        sp = 0x000000016b157f30
        pc = 0x0000000104cc6d1c  TestPAD`-[ViewController testParam:b:c:d:] + 40 at ViewController.m:31
      cpsr = 0x20000000

• register read --all（簡寫 re r -a） 返回當(dāng)前線程所有寄存器的值（對64位架構(gòu)，包含x0-x31讨越、s0-s31 d0-d31 v0-v31 w0-w31)
• thread backtrace（簡寫 bt）當(dāng)前線程堆棾回溯信息

(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 9.1
  * frame #0: 0x0000000104cc6d1c TestPAD`-[ViewController testParam:b:c:d:](self=0x0000000149d0aaa0, _cmd="testParam:b:c:d:", a=10, b=20, c=30, d=40) at ViewController.m:31
    frame #1: 0x0000000104cc6bbc TestPAD`-[ViewController viewDidLoad](self=0x0000000149d0aaa0, _cmd="viewDidLoad") at ViewController.m:24
    frame #2: 0x000000018fa14efc UIKit`-[UIViewController loadViewIfRequired] + 1040
    frame #3: 0x000000018fabc5ec UIKit`-[UINavigationController _updateScrollViewFromViewController:toViewController:] + 76
    frame #4: 0x000000018fabba8c UIKit`-[UINavigationController _startTransition:fromViewController:toViewController:] + 196
    frame #5: 0x000000018fabb490 UIKit`-[UINavigationController _startDeferredTransitionIfNeeded:] + 1168
    frame #6: 0x000000018fabaf0c UIKit`-[UINavigationController __viewWillLayoutSubviews] + 164
    frame #7: 0x000000018fabae0c UIKit`-[UILayoutContainerView layoutSubviews] + 188
    frame #8: 0x000000018fa122f8 UIKit`-[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 1276
    frame #9: 0x000000018a5cbec8 QuartzCore`-[CALayer layoutSublayers] + 184
    frame #10: 0x000000018a5cffa8 QuartzCore`CA::Layer::layout_if_needed(CA::Transaction*) + 332
    frame #11: 0x000000018a53ea98 QuartzCore`CA::Context::commit_transaction(CA::Transaction*) + 336
    frame #12: 0x000000018a564eb4 QuartzCore`CA::Transaction::commit() + 540
    frame #13: 0x000000018fc90174 UIKit`__34-[UIApplication _firstCommitBlock]_block_invoke_2 + 140
    frame #14: 0x00000001865860fc CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 20
    frame #15: 0x00000001865859cc CoreFoundation`__CFRunLoopDoBlocks + 288
    frame #16: 0x00000001865836dc CoreFoundation`__CFRunLoopRun + 1068
    frame #17: 0x00000001864a3fb8 CoreFoundation`CFRunLoopRunSpecific + 436
    frame #18: 0x000000018833bf84 GraphicsServices`GSEventRunModal + 100
    frame #19: 0x000000018fa782e8 UIKit`UIApplicationMain + 208
    frame #20: 0x0000000104cd5d14 TestPAD`main(argc=1, argv=0x000000016b15b9c8) at main.m:14
    frame #21: 0x0000000185fc656c libdyld.dylib`start + 4

• thread backtrace all（簡寫bt all）所有線程堆棧回溯信息
• memory read （簡寫x）以給定格式讀取給定內(nèi)存地址數(shù)據(jù)
  （1）比如以字符串讀取x1寄存器的值

(lldb) memory read -f s $x1
或者
(lldb) x -f s $x1
或者
(lldb) x/s $x1
輸出為：
0x104d9dd46: "testParam:b:c:d:"

（2）讀取棧中所有值谎痢，即sp和fp連續(xù)內(nèi)存區(qū)域值磕昼。

(lldb) x -f A $sp $fp

(3) 讀取目標(biāo)內(nèi)存指令，比如x/10xg sp 节猿。10后面的x代表用16進(jìn)制來顯示結(jié)果票从，g代表giant word（8字節(jié)）大小。所以x/10xgsp就是用16進(jìn)制顯示棧區(qū)10個64位元素內(nèi)容滨嘱。常見的大小格式為"b-byte"(1字節(jié)) "h-half word"(2字節(jié)) "w-word"(4字節(jié)) "g-giant word"(8字節(jié))

• disassemble --frame（簡寫di -f）將當(dāng)前frame的當(dāng)前函數(shù)轉(zhuǎn)為匯編代碼
• disassemble --name "函數(shù)名字"（簡寫di -n ）將當(dāng)前frame的指定的函數(shù)轉(zhuǎn)為匯編代碼

(lldb)  di -n "-[ViewController testParam:b:c:d:]"

TestPAD`-[ViewController testParam:b:c:d:]:
    0x104cc6cf4 <+0>:   sub    sp, sp, #0x40             ; =0x40 
    0x104cc6cf8 <+4>:   stp    x29, x30, [sp, #0x30]
    0x104cc6cfc <+8>:   add    x29, sp, #0x30            ; =0x30 
    0x104cc6d00 <+12>:  stur   x0, [x29, #-0x8]
    0x104cc6d04 <+16>:  stur   x1, [x29, #-0x10]
    0x104cc6d08 <+20>:  stur   w2, [x29, #-0x14]
    0x104cc6d0c <+24>:  str    w3, [sp, #0x18]
    0x104cc6d10 <+28>:  str    w4, [sp, #0x14]
    0x104cc6d14 <+32>:  str    w5, [sp, #0x10]
    0x104cc6d18 <+36>:  str    wzr, [sp, #0xc]
->  0x104cc6d1c <+40>:  ldur   w2, [x29, #-0x14]
    0x104cc6d20 <+44>:  ldr    w3, [sp, #0xc]
    0x104cc6d24 <+48>:  add    w2, w3, w2
    0x104cc6d28 <+52>:  str    w2, [sp, #0xc]
    0x104cc6d2c <+56>:  ldr    w2, [sp, #0x18]
    0x104cc6d30 <+60>:  ldr    w3, [sp, #0xc]
    0x104cc6d34 <+64>:  add    w2, w3, w2
    0x104cc6d38 <+68>:  str    w2, [sp, #0xc]
    0x104cc6d3c <+72>:  ldr    w2, [sp, #0x14]
    0x104cc6d40 <+76>:  ldr    w3, [sp, #0xc]
    0x104cc6d44 <+80>:  add    w2, w3, w2
    0x104cc6d48 <+84>:  str    w2, [sp, #0xc]
    0x104cc6d4c <+88>:  ldr    w2, [sp, #0x10]
    0x104cc6d50 <+92>:  ldr    w3, [sp, #0xc]
    0x104cc6d54 <+96>:  add    w2, w3, w2
    0x104cc6d58 <+100>: str    w2, [sp, #0xc]
    0x104cc6d5c <+104>: ldr    w2, [sp, #0xc]
    0x104cc6d60 <+108>: mov    x0, x2
    0x104cc6d64 <+112>: mov    x1, sp
    0x104cc6d68 <+116>: str    x0, [x1]
    0x104cc6d6c <+120>: adrp   x0, 249
    0x104cc6d70 <+124>: add    x0, x0, #0xc68            ; =0xc68 
    0x104cc6d74 <+128>: bl     0x104d9a9b4               ; symbol stub for: NSLog
    0x104cc6d78 <+132>: ldp    x29, x30, [sp, #0x30]
    0x104cc6d7c <+136>: add    sp, sp, #0x40             ; =0x40 
    0x104cc6d80 <+140>: ret    

4.Match-O可執(zhí)行文件及Shared庫查詢命令

• image list（簡寫im li） 列舉所有可執(zhí)行文件和系統(tǒng)庫信息

(lldb) image list -o -f "TestPAD"
[  0] 0x0000000004ca4000 /Users/shiguiling063/Library/Developer/Xcode/DerivedData/TestPAD-bpwpvzedhypusjgfujyksktehppj/Build/Products/Debug-iphoneos/TestPAD.app/TestPAD

• image lookup -r -n <FUNC_REGEX> 從debug符號標(biāo)中正則匹配函數(shù)

(lldb) image  lookup -r -n "testParam"
或者
(lldb) im  loo -r -n "testParam"
2 matches found in /Users/shiguiling063/Library/Developer/Xcode/DerivedData/TestPAD-bpwpvzedhypusjgfujyksktehppj/Build/Products/Debug-iphoneos/TestPAD.app/TestPAD:
        Address: TestPAD[0x0000000100022cf4] (TestPAD.__TEXT.__text + 118184)
        Summary: TestPAD`-[ViewController testParam:b:c:d:] at ViewController.m:29        Address: TestPAD[0x0000000100022cf4] (TestPAD.__TEXT.__text + 118184)
        Summary: TestPAD`-[ViewController testParam:b:c:d:] at ViewController.m:29

• image lookup --type "定義名稱" 查找定義

(lldb)  image lookup --type ViewController
或者
(lldb) im loo -t ViewController
Best match found in /Users/shiguiling063/Library/Developer/Xcode/DerivedData/TestPAD-bpwpvzedhypusjgfujyksktehppj/Build/Products/Debug-iphoneos/TestPAD.app/TestPAD:
id = {0xb00000042}, name = "ViewController", byte-size = 16, decl = ViewController.h:11, compiler_type = "@interface ViewController : UITableViewController{
    NSArray * _dataArr;
}
@property ( getter = dataArr,setter = setDataArr:,readwrite,copy,nonatomic ) NSArray * dataArr;
@end"

• image dump symtab -m "模塊名" Dump出給定模塊的所有符號
  比如需要Dump出測試工程TestPAD所有的符號（如果不指定模塊名峰鄙，會Dump出所有符號，包擴(kuò)系統(tǒng)庫的太雨，會比較耗時(shí)）

(lldb)  image dump symtab -m TestPAD
Symtab, file = /Users/shiguiling063/Library/Developer/Xcode/DerivedData/TestPAD-bpwpvzedhypusjgfujyksktehppj/Build/Products/Debug-iphoneos/TestPAD.app/TestPAD, num_symbols = 4121:
               Debug symbol
               |Synthetic symbol
               ||Externally Visible
               |||
Index   UserID DSX Type            File Address/Value Load Address       Size               Flags      Name
------- ------ --- --------------- ------------------ ------------------ ------------------ ---------- ----------------------------------
[    0]      0 D   SourceFile      0x0000000000000000                    Sibling -> [   19] 0x00640000 /Users/shiguiling063/Downloads/越獄開發(fā)相關(guān)/TestPADSource/TestPAD/PAD/PADSource/TalkingData/SkyEyeData/Codeless/SEObjectSerializer.m
[    1]      2 D   ObjectFile      0x000000005b55a875                    0x0000000000000000 0x00660001 /Users/shiguiling063/Library/Developer/Xcode/DerivedData/TestPAD-bpwpvzedhypusjgfujyksktehppj/Build/Intermediates.noindex/TestPAD.build/Debug-iphoneos/TestPAD.build/Objects-normal/arm64/SEObjectSerializer.o
[    2]      4 D   Code            0x0000000100006028                    0x0000000000000140 0x000e0000 -[SEObjectSerializer initWithConfiguration:objectIdentityProvider:]
[    3]      8 D   Code            0x0000000100006168                    0x000000000000035c 0x000e0000 -[SEObjectSerializer serializedObjectsWithRootObject:]
[    4]     12 D   Code            0x00000001000064c4                    0x0000000000000c00 0x000e0000 -[SEObjectSerializer visitObject:withContext:]
[    5]     16 D   Code            0x00000001000070c4                    0x0000000000000120 0x000e0000 -[SEObjectSerializer classHierarchyArrayForObject:]
[    6]     20 D   Code            0x00000001000071e4                    0x000000000000027c 0x000e0000 -[SEObjectSerializer allValuesForType:]
[    7]     24 D   Code            0x0000000100007460                    0x000000000000053c 0x000e0000 -[SEObjectSerializer parameterVariationsForPropertySelector:]
[    8]     28 D   Code            0x000000010000799c                    0x0000000000000968 0x000e0000 -[SEObjectSerializer instanceVariableValueForObject:propertyDescription:]
[    9]     32 D   Code            0x0000000100008304                    0x000000000000040c 0x000e0000 -[SEObjectSerializer invocationForObject:withSelectorDescription:]
[   10]     36 D   Code            0x0000000100008710                    0x0000000000000578 0x000e0000 -[SEObjectSerializer propertyValue:propertyDescription:context:]
[   11]     40 D   Code            0x0000000100008c88                    0x000000000000099c 0x000e0000 -[SEObjectSerializer propertyValueForObject:withPropertyDescription:context:]
[   12]     44 D   Code            0x0000000100009624                    0x000000000000009c 0x000e0000 -[SEObjectSerializer isNestedObjectType:]
[   13]     48 D   Code            0x00000001000096c0                    0x0000000000000264 0x000e0000 -[SEObjectSerializer classDescriptionForObject:]
[   14]     52 D   Code            0x0000000100009924                    0x0000000000000070 0x000e0000 -[SEObjectSerializer .cxx_destruct]
[   15]     55 D X ObjCIVar        0x00000001001372f0                    0x0000000000000004 0x001e0000 

5.Script & Chisel

LLDB 有內(nèi)建的吟榴，完整的 Python支持。在LLDB中輸入 script囊扳，會打開一個 Python REPL吩翻。你也可以輸入一行 python 語句作為 script 命令的參數(shù)，這可以運(yùn)行 python 語句而不進(jìn)入REPL

(lldb) script print 'Hello World'
Hello World

Facebook開源的Chisel就是基于此實(shí)現(xiàn)
Facebook通過python腳本擴(kuò)展和豐富了lldb命令锥咸，具體以Chisel文檔為準(zhǔn)

Chisel 擴(kuò)展LLDB命令

6. watchpoint命令

• Set a watchpoint on a variable when it is written to

(lldb) watchpoint set variable global_var
或者
(lldb) wa s v global_var

• 根據(jù)內(nèi)存地址設(shè)置watchpoint

(lldb) watchpoint set expression -- my_ptr
或者
(lldb) wa s e -- my_ptr

• 滿足條件觸發(fā)watchpoint

(lldb) watch set var global
(lldb) watchpoint modify -c '(global==5)'
(lldb) c

• 列舉所有watchpoint

(lldb) watchpoint list
或者
(lldb) watch l

• 刪除watchpoint

(lldb) watchpoint delete 1
或者
(lldb) watch del 1

7.其他命令補(bǔ)充

• register write 將值寫回寄存器
  將當(dāng)前pc寄存器后移8字節(jié)

(lldb) register write pc `$pc+8`

• target stop-hook 僅在觸發(fā)watchpoint和斷點(diǎn)的情況下才會觸發(fā)stop-hook
  以下命令添加一個stop-hook命令狭瞎，觸發(fā)了watchpoint或者斷點(diǎn)后，通過frame variable命令輸出當(dāng)前frame所有變量和臨時(shí)變量

(lldb)  target stop-hook add --one-liner "frame variable"

8.更多

更多LLDB命令請參照LLDB官網(wǎng)公布資料：http://lldb.llvm.org/lldb-gdb.html