ddb - kernel debugger DESCRIPTION The kernel debugger has most of the features of the old kdb, but with a more rational (gdb­like) syntax. The current location is called 'dot'. The 'dot' is displayed with a hexadecimal format at a prompt. Examine and write commands update 'dot' to the address of the last line examined or the last location modified, and set 'next' to the address of the next location to be examined or changed. Other commands don't change 'dot', and set 'next' to be the same as 'dot'. The general command syntax is: command[/modifier] address [,count] "!!" repeats the previous command, and a blank line repeats from the address 'next' with count 1 and no modifiers. Specifying 'address' sets 'dot' to the address. Omitting 'address' uses 'dot'. A missing 'count' is taken to be 1 for printing commands or infinity for stack traces. Current ddb is enhanced to support multi­thread debugging. A break point can be set only for a specific thread, and the address space or registers of non current thread can be examined or modified if supported by machine dependent routines. For example, break/t mach_msg_trap $task11.0 sets a break point at "mach_msg_trap" for the first thread of task 11 listed by a "show all threads" command. In the above example, "$task11.0" is translated to the corresponding thread structure's address by variable translation mechanism described later.If a default target thread is set in a variable "$thread", the "$task11.0" can be omitted. In general, if 't' is specified in a modifier of a command line, a specified thread or a default target thread is used as a target thread instead of the current one. The 't' modifier in a command line is not valid in evaluating expressions in a command line. If you want to get a value indirectly from a specific thread'saddress space or access to its registers within an expression, you have to specify a default target thread in advance, and to use ":t" modifier immediately after the indirect access or the register reference like as follows: set $thread $task11.0 print $eax:t *(0x100):tuh No sign extension and indirection size(long, half word, byte) can be specified with 'u', 'l', 'h' and 'b' respectively for the indirect access. Note: Support of non current space/register access and user space break point depend on the machines. If not supported, attempts of such operation may provide incorrect information or may cause strange behavior. Even if supported, the user space access is limited to the pages resident in the main memory at that time. If a target page is not in the main memory,an error will be reported. "ddb" has a feature like a command "more" for the output. If an output line exceeds the number set in the $lines variable, it displays "­­db_more­­"and waits for a response. The valid responses for it are: one more page one more line q abort the current command, and return to the command input mode. COMMANDS examine(x) [/] [,] [ ] Display the addressed locations according to the formats in the modifier. Multiple modifier formats display multiple locations. If no format is specified, the last formats specified for this command is used. Address space other than that of the current thread can be specified with 't' option in the modifier and 'thread' parameter. The format characters are b look at by bytes(8 bits) h look at by half words(16 bits) l look at by long words(32 bits) a print the location being displayed , skip one unit producing no output A print the location with a line number if possible x display in unsigned hex z display in signed hex o display in unsigned octal d display in signed decimal u display in unsigned decimal r display in current radix, signed c display low8bits as a character. Non­printing characters are displayed as an octal escape code (e.g. '\000'). s display the null­terminated string at the location. Non­printing characters are displayed as octal escapes. m display in unsigned hexwith character dump at the end of each line. The location is also displayed in hex at the beginning of each line. i display as an instruction I display as an instruction with possible alternate formats depending on the machine: vax don'tassume that each external label is a procedure entry mask i386 don'tround to the next long word boundary mips print register contents xf Examine forward. It executes an examine command with the last specified parameters to it except that the next address displayed by it is used as the start address. xb Examine backward. It executes an examine command with the last specified parameters to it except that the last start address subtracted by the size displayed by it is used as the start address. print[/axzodurc] [ ... ] Print 'addr's according to the modifier character.Valid formats are: a x z o d u r c. If no modifier is specified, the last one specified to it is used. 'addr' can be a string, and it is printed as it is. For example, print/x "eax = " $eax "\necx = " $ecx "\n" will print like eax = xxxxxx ecx = yyyyyy write[/bhlt] [ ] [ ... ] Write the expressions at succeeding locations. The write unit size can be specified in the modifier with a letter b (byte), h (half word) or l(long word) respectively. If omitted, long word is assumed. Target address space can also be specified with 't' option in the modifier and 'thread' parameter. Warning: since there is no delimiter between expressions, strange things may happen. It's best to enclose each expression in parentheses. set $ [=] Set the named variable or register with the value of 'expr'. Valid variable names are described below. break[/tuTU] [,] [ ...] Set a break point at 'addr'. If count is supplied, continues (count­1) times before stopping at the break point. If the break point is set, a break point number is printed with '#'. This number can be used in deleting the break point or adding conditions to it. t Set a break point only for a specific thread. The thread is specified by 'thread' parameter, or default one is used if the parameter is omitted. u Set a break point in user space address. It may be combined with 't' or 'T' option to specify the non­current target user space. Without 'u' option, the address is considered in the kernel space, and wrong space address is rejected with an error message. This option can be used only if it is supported by machine dependent routines. T Set a break point only for threads in a specific task. It is like 't' option except that the break point is valid for all threads which belong to the same task as the specified target thread. U Set a break point in shared user space address. It is like 'u' option, except that the break point is valid for all threads which share the same address space even if 't' option is specified. 't' option is used only to specify the target shared space. Without 't' option, 'u' and 'U' have the same meanings. 'U' is useful for setting a user space break point in non­current address space with 't' option such as in an emulation library space. This option can be used only if it is supported by machine dependent routines. Warning: if a user text is shadowed by a normal user space debugger, user space break points may not work correctly. Setting a break point at the low­level code paths may also cause strange behavior. delete[/tuTU] |# [ ...] Delete the break point. The target break point can be specified by a break point number with '#', or by 'addr' like specified in 'break' command. cond # [ ] Set or delete a condition for the break point specified by the 'number'. If the 'condition' and 'commands' are null, the condition is deleted. Otherwise the condition is set for it. When the break point is hit, the 'condition' is evaluated. The 'commands' will be executed if the condition is true and the break point count set by a break point command becomes zero. 'commands' is a list of commands separated by semicolons. Each command in the list is executed in that order,but if a "continue" command is executed, the command execution stops there, and the stopped thread resumes execution. If the command execution reaches the end of the list, and it enters into a command input mode. For example, set $work0 0 break/Tuxxx_start $task7.0 cond #1 (1) set $work0 1; set $work1 0; cont break/T vm_fault $task7.0 cond #2 ($work0) set $work1 ($work1+1); cont break/Tuxxx_end $task7.0 cond #3 ($work0) print $work1 " faults\n"; set $work0 0 cont will print page fault counts from 'xxx_start' to 'xxx_end' in task7. step[/p] [,] Single step 'count' times. If 'p' option is specified, print each instruction at each step. Otherwise, only print the last instruction. Warning: depending on machine type, it may not be possible to single­step through some low­level code paths or user space code. On machines with software­emulated single­stepping (e.g., pmax), stepping through code executed by interrupt handlers will probably do the wrong thing. continue[/c] Continue execution until a breakpoint or watchpoint. If /c, count instructions while executing. Some machines (e.g., pmax) also count loads and stores. Warning: when counting, the debugger is really silently single­stepping. This means that single­stepping on low­level code may cause strange behavior. until Stop at the next call or return instruction. next[/p] Stop at the matching return instruction. If 'p' option is specified, print the call nesting depth and the cumulative instruction count at each call or return. Otherwise, only print when the matching return is hit. match[/p] Asynonym for 'next'. trace[/tu] [| ][,] Stack trace. 'u' option traces user space; if omitted, only traces kernel space. If 't' option is specified, it shows the stack trace of the specified thread or a default target thread. Otherwise, it shows the stack trace of the current thread from the frame address specified by a parameter or from the current frame. 'count' is the number of frames to be traced. If the 'count' is omitted, all frames are printed. Warning: If the target thread's stack is not in the main memory at that time, the stack trace will fail. User space stack trace is valid only if the machine dependent code supports it. search[/bhl] [] [,] Search memory for a value. This command might fail in interesting ways if it doesn't find the searched­for value. This is because ddb doesn'talways recover from touching bad memory. The optional count argument limits the search. macro Define a debugger macro as 'name'. 'commands' is a list of commands to be associated with the macro. In the expressions of the command list, a variable $argxx can be used to get a parameter passed to the macro. When a macro is called, each argument is evaluated as an expression, and the value is assigned to each parameter, $arg1, $arg2, ... respectively. 10 $arg variables are reserved to each level of macros, and they can be used as local variables. The nesting of macro can be allowed up to 5 levels. For example, macro xinit set $work0 $arg1 macro xlist examine/m $work0,4; set $work0 *($work0) xinit *(xxx_list) xlist .... will print the contents of a list starting from 'xxx_list' by each "xlist" command. dmacro Delete the macro named 'name'. show all threads[/ul] Display all tasks and threads information. This version of "ddb" prints more information than previous one. It shows UNIX process information like "ps" for each task. The UNIX process information may not be shown if it is not supported in the machine, or the bottom of the stack of the target task is not in the main memory at that time. It also shows task and thread identification numbers. These numbers can be used to specify a task or a thread symbolically in various commands. The numbers are valid only in the same debugger session. If the execution is resumed again, the numbers may change. The current thread can be distinguished from others by a '#' after the thread id instead of ':'. Without 'l' option, it only shows thread id, thread structure address and the status for each thread. The status consists of 5 letters, R(run), W(wait), S(suspended), O(swapped out) and N(interruptible), and if corresponding status bit is off, '.' is printed instead. If 'l' option is specified, more detail information is printed for each thread. show task [ ] Display the information of a task specified by 'addr'. If 'addr' is omitted, current task information is displayed. show thread [ ] Display the information of a thread specified by 'addr'. If 'addr' is omitted, current thread information is displayed. show registers[/tu [ ]] Display the register set. Target thread can be specified with 't' option and 'thread' parameter. If 'u' option is specified, it displays user registers instead of kernel or currently saved one. Warning: The support of 't' and 'u' option depends on the machine. If not supported, incorrect information will be displayed. show map Prints the vm_map at 'addr'. show object Prints the vm_object at 'addr'. show page Prints the vm_page structure at 'addr'. show port Prints the ipc_port structure at 'addr'. show ipc_port[/t [ ]] Prints all ipc_port structure'saddresses the target thread has. The target thread is a current thread or that specified by a parameter. show macro [ ] Shows the definitions of macros. If 'name' is specified, only the definition of it is displayed. Otherwise, definitions of all macros are displayed. show watches Displays all watchpoints. watch[/T] , [ ] Set a watchpoint for a region. Execution stops when an attempt to modify the region occurs. The 'size' argument defaults to 4. Without 'T' option, 'addr' is assumed to be a kernel address. If you want to set a watch point in user space, specify 'T' and 'task' parameter where the address belongs to. If the 'task' parameter is omitted, a task of the default target thread or a current task is assumed. If you specify a wrong space address, the request is rejected with an error message. Warning: Attempts to watch wired kernel memory may cause unrecoverable error in some systems such as i386. Watchpoints on user addresses work best. VARIABLES The debugger accesses registers and variables as $. Register names are as in the "show registers" command. Some variables are suffixed with numbers, and may have some modifier following a colon immediately after the variable name. For example, register variables can have 'u' and 't' modifier to indicate user register and that of a default target thread instead of that of the current thread (e.g. $eax:tu). Built­in variables currently supported are: taskxx[.yy] Task or thread structure address. 'xx' and 'yy' are task and thread identification numbers printed by a "show all threads" command respectively.This variable is read only. thread The default target thread. The value is used when 't' option is specified without explicit thread structure address parameter in command lines or expression evaluation. radix Input and output radix maxoff Addresses are printed as 'symbol'+offset unless offset is greater than maxoff. maxwidth The width of the displayed line. lines The number of lines. It is used by "more" feature. tabstops Tab stop width. argxx Parameters passed to a macro. 'xx' can be 1 to 10. workxx Work variable. 'xx' can be 0 to 31. EXPRESSIONS Almost all expression operators in C are supported except '~', '^', and unary '&'. Special rules in "ddb" are: name of a symbol. It is translated to the address(or value) of it. '.'and ':' can be used in the identifier. If supported by an object format dependent routine, [:][:][:], and [:] can be accepted as a symbol. The symbol may be prefixed with '::' like'emulator::mach_msg_trap' to specify other than kernel symbols. radix is determined by the first twoletters: 0x: hex, 0o: octal, 0t: decimal, otherwise, follow current radix. . ’dot' + ’next' .. address of the start of the last line examined. Unlike'dot' or 'next', this is only changed by "examine" or "write" command. ’ last address explicitly specified. $ register name or variable. It is translated to the value of it. It may be followed by a ':' and modifiers as described above. a multiple of right hand side. * indirection. It may be followed by a ':' and modifiers as described above.