lldb下臭增，相信大家用的較多的是po，或者使用條件斷點(diǎn)竹习。但是面對復(fù)雜的問題時(shí)誊抛，比如.a靜態(tài)庫，就需要其他調(diào)試方法了整陌。

breakpoint

給某個(gè)文件的某一行下斷點(diǎn)拗窃。可以使用如下兩種方法泌辫，比如我想給Person.m文件的10行下一個(gè)斷點(diǎn)并炮。可以使用如下的方法甥郑。

(lldb) breakpoint set --file Person.m --line 10

如果出現(xiàn)如下提示則說明設(shè)置斷點(diǎn)成功

Breakpoint 2: where = BreakPointDemo`-[Person foo] + 23 at Foo.m:10, address = 0x000000010b22e687

也可以使用簡寫的形式如下逃魄。

(lldb) breakpoint set -f Foo.m -l 10

給一個(gè)函數(shù)下斷點(diǎn)

(lldb) breakpoint set --name foo
(lldb) breakpoint set -n foo

一次性給多個(gè)函數(shù)下斷點(diǎn)

(lldb) breakpoint set --name foo --name bar

OC的方法，可以使用以下兩種方式打斷點(diǎn)澜搅，第二種S需要大寫

(lldb) breakpoint set --selector foo

(lldb) breakpoint set -S foo

使用 正則匹配 你要打斷點(diǎn)的函數(shù)伍俘。這個(gè)不限語言

(lldb) breakpoint set -r cFoo
(lldb) breakpoint set -r foo

也可以指定加載的動(dòng)態(tài)庫

(lldb) breakpoint set --shlib foo.dylib --name foo 
(lldb) breakpoint set -s foo.dylib -n foo

我們同樣可以對命令進(jìn)行簡寫。下面兩個(gè)命令的效果是一樣的

(lldb) breakpoint set -n "-[Foo foo]"
(lldb) br s -n "-[Foo foo]"

查看有多少斷點(diǎn)可以使用

(lldb) breakpoint list

打印結(jié)果如下:

Current breakpoints:
1: file = '/Users/jianquan/Xcode/BreakPointDemo/BreakPointDemo/ViewController.m', line = 20, exact_match = 0, locations = 0 (pending)
2: file = '/Users/jianquan/Xcode/BreakPointDemo/BreakPointDemo/ViewController.mm', line = 33, exact_match = 0, locations = 1, resolved = 1, hit count = 0
  2.1: where = BreakPointDemo`::-[ViewController viewDidLoad]() + 186 at ViewController.mm:34, address = 0x0000000105f8362a, resolved, hit count = 0 
......

我們可以對斷點(diǎn)進(jìn)行相關(guān)的操作勉躺，比如在執(zhí)行到2.1斷點(diǎn)的時(shí)候打印追蹤軌跡癌瘾。bt是

(lldb) breakpoint command add 2.1
Enter your debugger command(s).  Type 'DONE' to end.
> bt
> DONE

刪除所有斷點(diǎn)

(lldb) breakpoint delete

watchpoint

觀察變量值的具體變化
比如我需要觀察某個(gè)變量a的值變化,我可以使用如下命令

(lldb) watchpoint set variable a

bt命令用來追蹤程序的運(yùn)行過程

(lldb) bt
* thread #1: tid = 0x5c52c2, 0x000000010ff465fe BreakPointDemo`::-[ViewController viewDidLoad](self=0x00007f932cc07c50, _cmd="viewDidLoad") + 158 at ViewController.mm:36, queue = 'com.apple.main-thread', stop reason = watchpoint 1
  * frame #0: 0x000000010ff465fe BreakPointDemo`::-[ViewController viewDidLoad](self=0x00007f932cc07c50, _cmd="viewDidLoad") + 158 at ViewController.mm:36
    frame #1: 0x000000011112ba3d UIKit`-[UIViewController loadViewIfRequired] + 1258
 ......

我們可以使用frame命令查看變量a的具體值。

(lldb) frame variable a
(int) a = 100

補(bǔ)充一點(diǎn)watchpoint list的東西饵溅。這個(gè)命令包括了三個(gè)可選參數(shù)妨退，我們可以使用help命令查看具體的值

(lldb) help watchpoint list

       -b ( --brief )
            Give a brief description of the watchpoint (no location info).

       -f ( --full )
            Give a full description of the watchpoint and its locations.

       -v ( --verbose )
            Explain everything we know about the watchpoint (for debugging
            debugger bugs).

-b是比較簡略的信息，-f是比較全面的信息，-v是完整的信息咬荷。經(jīng)過我的實(shí)驗(yàn)冠句，如果使用watchpoint list,默認(rèn)的是 watchpoint list -f。

process

使用process命令也可以做很多有趣的操作幸乒。具體能做什么懦底，我們也可使用help命令查看

(lldb) process help

      attach    -- Attach to a process.
      connect   -- Connect to a remote debug service.
      continue  -- Continue execution of all threads in the current process.
      detach    -- Detach from the current target process.
      handle    -- Manage LLDB handling of OS signals for the current target
    ......

查看更詳細(xì)的命令使用help <command> <subcommand>。比如

(lldb) help process attach

thread

其實(shí)這個(gè)功能主要就是斷點(diǎn)調(diào)試?yán)锩娴娜缦逻@個(gè)功能罕扎。

step-in.png

我們可以使用thread命令來做一些斷點(diǎn)的操作聚唐，具體有那些命令我們可以使用thread help進(jìn)行查看

(lldb) thread help

      ......

      select         -- Change the currently selected thread.
      step-in        -- Source level single step, stepping into calls. 
                        Defaults to current thread unless specified.
      step-inst      -- Instruction level single step, stepping into calls. 
                        Defaults to current thread unless specified.
      step-inst-over -- Instruction level single step, stepping over calls. 
                        Defaults to current thread unless specified.
      step-out       -- Finish executing the current stack frame and stop after
                        returning.  Defaults to current thread unless
                        specified.
      step-over      -- Source level single step, stepping over calls. 
                        Defaults to current thread unless specified.
      step-scripted  -- Step as instructed by the script class passed in the -C
                        option.
      until          -- Continue until a line number or address is reached by
                        the current or specified thread.  Stops when returning
                        from the current function as a safety measure.

用得比較多的應(yīng)該是 step-開頭的這幾個(gè)命令，使用起來很容易腔召。我個(gè)人感覺比用鼠標(biāo)點(diǎn)擊斷點(diǎn)好用多了~
檢查當(dāng)前進(jìn)程的狀態(tài)杆查，可以使用如下命令

lldb)  thread list
Process 22323 stopped
* thread #1: tid = 0x62d0d7, 0x00000001082185fe BreakPointDemo`::-[ViewController viewDidLoad](self=0x00007ff81b60ab20, _cmd="viewDidLoad") + 158 at ViewController.mm:36, queue = 'com.apple.main-thread', stop reason = step until
......```
*表明的就是當(dāng)前的線程，可以使用如下的命令得到線程的回溯臀蛛，這個(gè)詞我也不確定怎么表達(dá)好根灯，backtrace，也可以說是追蹤掺栅。

(lldb) thread backtrace

• thread #1: tid = 0x354e72, 0x0000000103ce94bc RunTimeUse`-[ViewController viewDidLoad](self=0x00007ffea04050e0, _cmd="viewDidLoad") + 140 at ViewController.m:24, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
  • frame #0: 0x0000000103ce94bc RunTimeUse-[ViewController viewDidLoad](self=0x00007ffea04050e0, _cmd="viewDidLoad") + 140 at ViewController.m:24 frame #1: 0x0000000104e21c99 UIKit-[UIViewController loadViewIfRequired] + 1258
    frame #2: 0x0000000104e220cc UIKit-[UIViewController view] + 27 frame #3: 0x0000000104cebc51 UIKit-[UIWindow addRootViewControllerViewIfPossible] + 71
    frame #4: 0x0000000104cec3a2 UIKit-[UIWindow _setHidden:forced:] + 293 frame #5: 0x0000000104cffcb5 UIKit-[UIWindow makeKeyAndVisible] + 42
    frame #6: 0x0000000104c78c89 UIKit-[UIApplication _callInitializationDelegatesForMainScene:transitionContext:] + 4818 frame #7: 0x0000000104c7ede9 UIKit-[UIApplication _runWithMainScene:transitionContext:completion:] + 1731
    frame #8: 0x0000000104c7bf69 UIKit-[UIApplication workspaceDidEndTransaction:] + 188 frame #9: 0x0000000107dd4723 FrontBoardServicesFBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK + 24
    frame #10: 0x0000000107dd459c FrontBoardServices-[FBSSerialQueue _performNext] + 189 frame #11: 0x0000000107dd4925 FrontBoardServices-[FBSSerialQueue _performNextFromRunLoopSource] + 45
    frame #12: 0x0000000104802311 CoreFoundation__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #13: 0x00000001047e759c CoreFoundation__CFRunLoopDoSources0 + 556
    frame #14: 0x00000001047e6a86 CoreFoundation__CFRunLoopRun + 918 frame #15: 0x00000001047e6494 CoreFoundationCFRunLoopRunSpecific + 420
    frame #16: 0x0000000104c7a7e6 UIKit-[UIApplication _run] + 434 frame #17: 0x0000000104c80964 UIKitUIApplicationMain + 159
    frame #18: 0x0000000103ce9b1f RunTimeUsemain(argc=1, argv=0x00007fff5bf165e8) + 111 at main.m:14 frame #19: 0x000000010763d68d libdyld.dylibstart + 1
    frame #20: 0x000000010763d68d libdyld.dylib`start + 1

當(dāng)然我們?nèi)绻肟此芯€程的backtrace，可以使用thread backtrace all命令纳猪。內(nèi)容太多氧卧，我這里就不演示log輸出了。

如果我們想單獨(dú)查看某個(gè)線程氏堤，我們可以先使用thread select 2跳到某個(gè)具體的線程沙绝，然后再進(jìn)行其他操作，比如thread backtrace

為了方便的觀測架構(gòu)參數(shù)和本地變量鼠锈，我們可以使用 frame variable 命令

如果我什么參數(shù)也不加闪檬，將會把所有的參數(shù)和本地變量到打印出來。

(lldb) frame variable
(ViewController *) self = 0x00007ffea04050e0
(SEL) _cmd = "viewDidLoad"
(Person *) p = 0x0000610000001940

要打印某個(gè)變量需要在參數(shù)里面指定购笆，這個(gè)命令我們在前面也使用過,比如要查看self

(lldb) frame variable self
(ViewController *) self = 0x00007ff81b60ab20

更進(jìn)一步粗悯，我們可以查看一些子元素

(lldb) frame variable self->isa
(Class) self->isa = ViewController

命令雖然不是完整的表達(dá)式解釋器，當(dāng)時(shí)可以識別一些基本的操作 比如 &, *, ->, []同欠，不是重載運(yùn)算符样傍，數(shù)組也可以使用，因?yàn)閿?shù)組本身也是指針铺遂。

(lldb) frame variable *self

(ViewController) *self = {
UIViewController = {
UIResponder = {
NSObject = {
isa = ViewController
}
......
}

和之前thread命令很類似衫哥，我可以使用frame select去選擇另外的一個(gè)frame

(lldb) frame select 9

如果想看更復(fù)雜的數(shù)據(jù)，我們可以使用expression命令

(lldb) expression self
(ViewController *) $0 = 0x00007fefa4705110

更復(fù)雜一些襟锐，我們可以用來輸出一個(gè)表達(dá)式

(lldb) expr (int) printf ("I have a pointer 0x%llx.\n", self)
I have a pointer 0x7fefa4705110.
(int) $1 = 33

#call
其實(shí)這個(gè)命令完全可以使用po進(jìn)行替代撤逢，call一般可以用來調(diào)用不需要返回值的調(diào)試命令，比如更改View的背景顏色，以下兩個(gè)命令都可以達(dá)到相似的作用蚊荣，更改當(dāng)前View的背景顏色值初狰。

(lldb) po [self.view setBackgroundColor:[UIColor redColor]]
(lldb) call [self.view setBackgroundColor:[UIColor redColor]]

#image
這個(gè)比較實(shí)用，可用于尋找棧地址對應(yīng)的代碼位置妇押。

//測試image命令使用
NSArray *a = @[@"1"];
NSLog(@"%@",a[1]);

很顯然跷究，數(shù)組越界了，以下顯示崩潰信息

RunTimeUse[46698:3510999] *** Terminating app due to uncaught exception 'NSRangeException', reason: '*** -[__NSSingleObjectArrayI objectAtIndex:]: index 1 beyond bounds [0 .. 0]'
*** First throw call stack:
(
0 CoreFoundation 0x000000010934d34b __exceptionPreprocess + 171
1 libobjc.A.dylib 0x0000000108dae21e objc_exception_throw + 48
2 CoreFoundation 0x00000001093a5bdf -[__NSSingleObjectArrayI objectAtIndex:] + 111
3 RunTimeUse 0x00000001087d9480 -[ViewController viewDidLoad] + 320
4 UIKit 0x0000000109911c99 -[UIViewController loadViewIfRequired] + 1258
5 UIKit 0x00000001099120cc -[UIViewController view] + 27
6 UIKit 0x00000001097dbc51 -[UIWindow addRootViewControllerViewIfPossible] + 71
7 UIKit 0x00000001097dc3a2 -[UIWindow _setHidden:forced:] + 293
8 UIKit 0x00000001097efcb5 -[UIWindow makeKeyAndVisible] + 42
9 UIKit 0x0000000109768c89 -[UIApplication _callInitializationDelegatesForMainScene:transitionContext:] + 4818
10 UIKit 0x000000010976ede9 -[UIApplication _runWithMainScene:transitionContext:completion:] + 1731
11 UIKit 0x000000010976bf69 -[UIApplication workspaceDidEndTransaction:] + 188
12 FrontBoardServices 0x000000010c8c4723 FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK + 24
13 FrontBoardServices 0x000000010c8c459c -[FBSSerialQueue _performNext] + 189
14 FrontBoardServices 0x000000010c8c4925 -[FBSSerialQueue _performNextFromRunLoopSource] + 45
15 CoreFoundation 0x00000001092f2311 CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 17
16 CoreFoundation 0x00000001092d759c __CFRunLoopDoSources0 + 556
17 CoreFoundation 0x00000001092d6a86 __CFRunLoopRun + 918
18 CoreFoundation 0x00000001092d6494 CFRunLoopRunSpecific + 420
19 UIKit 0x000000010976a7e6 -[UIApplication _run] + 434
20 UIKit 0x0000000109770964 UIApplicationMain + 159
21 RunTimeUse 0x00000001087d9acf main + 111
22 libdyld.dylib 0x000000010c12d68d start + 1
)
libc++abi.dylib: terminating with uncaught exception of type NSException
(lldb)

程序奔潰在3敲霍，地址為：0x00000001087d9480俊马，
因?yàn)槲业腄emo名字叫RunTimeUse。其他的名字很明顯是系統(tǒng)的庫肩杈。雖然log的21行也有RunTimeUse,但是經(jīng)過觀察應(yīng)該是main函數(shù)柴我，不在考慮范圍之內(nèi)。
我們使用`image `的 `lookup`命令扩然，可以很快的定位到具體的代碼行艘儒。

(lldb) image lookup --address 0x00000001087d9480
Address: RunTimeUse[0x0000000100001480] (RunTimeUse.__TEXT.__text + 320)
Summary: RunTimeUse`-[ViewController viewDidLoad] + 320 at ViewController.m:28

![image-lookup-address.png](http://upload-images.jianshu.io/upload_images/1654054-7dd117c55d5e5772.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
可以看出，奔潰在ViewController.m中的第28行夫偶。
當(dāng)然還有一些LLDB的具體命令界睁，我們可以在官網(wǎng)查看： [The LLDB Debugger](http://lldb.llvm.org/lldb-gdb.html)