Nice, I really like that it describes the DWARF format instead of just handwaving around it. I've been considering adding DWARF support to my compiler so that I can use mainstream debuggers with it and this article has just destroyed my last excuse to procrastinate.
I must admit, the title got me very excited (it's still a cool article regardless) - something I've always wanted is a system-wide debugger for Linux. Something that can put breakpoints in arbitrary executables or shell scripts (via custom /bin/sh wrapper?) system wide, not just within a debugging session. I'd love to be able to put conditional breakpoints on, say, any process that opens a named pipe matching some regex. I find that when dealing with complex systems involving systemd services, cron jobs, udev and 30 different daemons running in background, gdb and strace simply aren't enough.
I had heard of SystemTap, but had no idea it was that powerful. In particular, the user space marker feature sounds like what I need. Although it sounds like it may require manual instrumentation.
Not sure about Linux specifically, but it sounds like you’re looking for a kernel debugger that can communicate with a user mode debugger (or debuggers).
Edit: actually SystemTap mentioned in a sibling comment sounds simpler if you just need instrumentation.
As someone who does debugger development as part of their day job, I can attest that this is a very good introduction to the details of basic debugger operation and implementation. If you are unfamiliar with the topic, I recommend you give it a try as it immediately starts giving useful nuggets of knowledge that are applicable in other circumstances if you are ever interested in doing low level or embedded development.
However, note that the libelfin library that the author uses is pretty much unmaintained.
I am not sure what would be the right way to parse ELF and DWARF? libelf/libdwarf, libdw, or something else?
Also, since you are probably in the know, is liblldb "extensible", in the sense that can liblldb can be used as a foundation of a new debugger with experimental features added on top of it?
libdwarf is the most complete C library, Rust options are also quite good. We already support both DWARF and PDB in Rizin[1] but working hard on improving that support[2]
gimli works well enough for actually parsing the DWARF format, but it abstracts over somewhat less than what you would hope (in particular, you get to do all the fun stuff of figuring out where debugging information is yourself--which gets tedious when you want to support things like split-dwarf or debug index).
I must admit, the title got me very excited (it's still a cool article regardless) - something I've always wanted is a system-wide debugger for Linux. Something that can put breakpoints in arbitrary executables or shell scripts (via custom /bin/sh wrapper?) system wide, not just within a debugging session. I'd love to be able to put conditional breakpoints on, say, any process that opens a named pipe matching some regex. I find that when dealing with complex systems involving systemd services, cron jobs, udev and 30 different daemons running in background, gdb and strace simply aren't enough.