What is the difference between hardware and software breakpoints?

Question

What is the difference between hardware and software breakpoints?

Are hardware breakpoints are said to be faster than software breakpoints, if yes then how, and also

Answer 1

Hardware breakpoints are actually comparators, comparing the current PC with the address in the comparator (when enabled). Hardware breakpoints are the best solution when setting breakpoints. Typically set via the debug probe (using JTAG, SWD, ...). The downside of hardware breakpoints: They are limited. CPUs have only a limited number of hardware breakpoints (comparators). The number of available hardware breakpoints depends on the CPU. ARM 7/9 cores have 2, modern ARM devices (Cortex-M 0,3,4) between 2 and 6, x86 usually 4.

Software breakpoints are in fact set by replacing the instruction to be breakpointed with a breakpoint instruction. The breakpoint instruction is present in most CPUs, and usually as short as the shortest instruction, so only one byte on x86 (0xcc, INT 3). On Cortex-M CPUs, instructions are 2 or 4 bytes, so the breakpoint instruction is a 2 byte instruction.

Software breakpoints can easily be set if the program is located in RAM (such as on a PC). A lot of embedded systems have the program located in flash memory. Here it is not so easy to exchange the instruction, as the flash needs to be reprogrammed, so hardware breakpoints are used primarily. Most debug probes support only hardware breakpoints if the program is located in flash memory. However, some (such as SEGGER's J-Link) allow reprogramming the flash memory with breakpoint instruction and aso allow an unlimited number of (software) breakpoints even when debugging a program located in flash.

More info about software breakpoints in flash memory

Answer 2

You can go through GDB internals, its very well explains the HW and SW breakpoints.

HW breakpoints are something that require support from MCU. The ARM controllers have special registers where you can write some address space, whenever PC (program counter) == sp register CPU halts. Jtag is usually required to write into those special registers.

SW break points are implemented in GDB is by inserting a trap, or illegal divide, or some other instruction that will cause an exception, and then when it’s encountered, gdb will take the exception and stop the program. When the user says to continue, gdb will restore the original instruction, single-step, re-insert the trap, and continue on.

There are a lot of advantages in using HW debuggers over SW debuggers especially if you are dealing with interrupts and memory bus devices. AFAIK interrupts cannot be debugged with software debuggers.

Answer 3

Watchpoints

This is a case where hardware handling is much faster:

watch var
rwatch var
awatch var

When you enter those commands on GDB 7.7 x86-64 it says:

Hardware watchpoint 2: var

This hardware capability for x86 is mentioned at: http://en.wikipedia.org/wiki/X86_debug_register

It is likely possible because of the existing paging circuit, which manages every memory access.

The "software" alternative is to single step the program, which is very slow.

Compare that to regular breakpoints, where at least the software implementation inserts and int3 instruction and lets the program run, so you only pay overhead when a breakpoint is hit.

Answer 4

This article provides a good discussion of pros and cons: http://www.nynaeve.net/?p=80

To answer your question directly software breakpoints are more flexible because hardware breakpoints are limited in some functionality and highly architecture-dependant. One example given in the article is that x86 hardware has a limit of 4 hardware breakpoints.

Hardware breakpoints are faster because they have dedicated registers and less overhead than software breakpoints.

Answer 5

In brief, hardware breakpoints make use of dedicated registers and hence are limited in number. These can be set on both volatile and non volatile memory.

Software breakpoints are set by replacing the opcode of instruction in RAM memory with breakpoint instruction. These can be set only in RAM memory(Flash memory is not feasible to be written) and are not limited.

This article provides good explanation about breakpoints.

Thanks and regards, Shivakumar V W

Answer 6

In addition to the answers above, it is also important to note that while software breakpoints overwrite specific instructions in the program to know where to stop, the more limited number of hardware breakpoints are actually part of the processor.

Justin Seitz in his book Gray Hat Python points out that the important difference here is that by overwriting instructions, software breakpoints actually change the CRC of the file, and so any sort of program such as a piece of malware which calculates its CRC can change its behavior in response to breakpoints being set, whereas with hardware breakpoints it is less obvious that the debugger is stopping and stepping through certain chunks of code.