Hardware watchpoints - how do they work?

Question

How do GDB watchpoints work? Can similar functionality be implemented to harness byte level access at defined locations?

Answer 1

I believe gdb uses the MMU so that the memory pages containing watched address ranges are marked as protected - then when an exception occurs for a write to a protected pages gdb handles the exception, checks to see whether the address of the write corresponds to a particular watchpoint, and then either resumes or drops to the gdb command prompt accordingly.

You can implement something similar for your own debugging code or test harness using mprotect, although you'll need to implement an exception handler if you want to do anything more sophisticated than just fail on a bad write.

Answer 2

On x86 there are CPU debug registers D0-D3 that track memory address.

This explains how hardware breakpoints are implemented in Linux and also gives details of what processor specific features are used.

Another article on hardware breakpoints.