![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to kdebug.ms CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / share / doc / smm / 03.kdebug|
Return to kdebug.ms CVS log | Up to [CSRG BSD Unix] / 43BSDReno / share / doc / smm / 03.kdebug |
1.1 ! root 1: .\" Copyright (c) 1983 Regents of the University of California. ! 2: .\" All rights reserved. The Berkeley software License Agreement ! 3: .\" specifies the terms and conditions for redistribution. ! 4: .\" ! 5: .\" @(#)kdebug.ms 6.5 (Berkeley) 3/8/89 ! 6: .\" ! 7: .bd S B 3 ! 8: .de UX ! 9: .ie \\n(GA>0 \\$2UNIX\\$1 ! 10: .el \{\ ! 11: .if n \\$2UNIX\\$1* ! 12: .if t \\$2UNIX\\$1\\f1\(dg\\fP ! 13: .FS ! 14: .if n *UNIX ! 15: .if t \(dgUNIX ! 16: .ie \\$3=1 is a Footnote of Bell Laboratories. ! 17: .el is a Trademark of Bell Laboratories. ! 18: .FE ! 19: .nr GA 1\} ! 20: .. ! 21: .de cw ! 22: .nr >G \\n(.f \" save current font ! 23: .ft CW ! 24: .. ! 25: .de pw ! 26: .ft \\n(>G ! 27: .. ! 28: .TL ! 29: Using ADB to Debug the ! 30: .UX ! 31: Kernel ! 32: .AU ! 33: Samuel J. Leffler and William N. Joy ! 34: .AI ! 35: Computer Systems Research Group ! 36: Department of Electrical Engineering and Computer Science ! 37: University of California, Berkeley ! 38: Berkeley, California 94720 ! 39: .de IR ! 40: \fI\\$1\fP\\$2 ! 41: .. ! 42: .de DT ! 43: .TA 8 16 24 32 40 48 56 64 72 80 ! 44: .. ! 45: .AB ! 46: .PP ! 47: .FS ! 48: *DEC and VAX are trademarks of ! 49: Digital Equipment Corporation. ! 50: .FE ! 51: This document describes the facilities found in ! 52: the 4.3BSD version of the VAX* ! 53: .UX ! 54: debugger ! 55: .I adb ! 56: which may be used to debug the ! 57: .UX ! 58: kernel. ! 59: It discusses how standard ! 60: .I adb ! 61: commands may be used in examining the kernel and ! 62: introduces the basics necessary for users ! 63: to write ! 64: .I adb ! 65: command scripts which can augment the standard ! 66: .I adb ! 67: command set. The examination techniques described here ! 68: may be applied both to running systems and ! 69: the post-mortem dumps automatically created ! 70: by the ! 71: .IR savecore (8) ! 72: program after a system crash. ! 73: The reader is expected to have at least a ! 74: passing familiarity with the debugger command ! 75: language. ! 76: .sp ! 77: .LP ! 78: Revised March 8, 1989 ! 79: .AE ! 80: .LP ! 81: .OH 'Using ADB to Debug the Kernel''SMM:3-%' ! 82: .EH 'SMM:3-%''Using ADB to Debug the Kernel' ! 83: .ds RH Introduction ! 84: .LP ! 85: .ne 2i ! 86: .NH ! 87: Introduction ! 88: .PP ! 89: Modifications have been made to the ! 90: standard VAX ! 91: .UX ! 92: debugger ! 93: .I adb ! 94: to simplify ! 95: examination of post-mortem ! 96: dumps automatically generated following a system crash. ! 97: These changes may also be used when examining ! 98: .UX ! 99: in its normal operation. ! 100: This document serves as ! 101: an introduction to the ! 102: .B use ! 103: of these facilities, and ! 104: should not be construed as a description ! 105: of \fIhow to debug the kernel\fP. ! 106: .NH 2 ! 107: Invocation ! 108: .PP ! 109: When examining post-mortem dumps of the ! 110: .UX ! 111: kernel the ! 112: \fB\-k\fP option should be used, e.g. ! 113: .DS ! 114: .cw ! 115: % adb \-k vmunix.? vmcore.? ! 116: .pw ! 117: .DE ! 118: where the appropriate version of the saved operating system ! 119: image and core dump are supplied in place of ``?''. ! 120: This flag causes ! 121: .I adb ! 122: to partially simulate ! 123: the VAX virtual memory hardware when ! 124: accessing the ! 125: .I core ! 126: file. ! 127: In addition the internal state maintained ! 128: by the debugger is initialized from ! 129: data structures maintained by the ! 130: kernel explicitly for debugging\(dd. ! 131: A running kernel may be examined in a similar ! 132: fashion, ! 133: .DS ! 134: .cw ! 135: % adb \-k /vmunix /dev/mem ! 136: .pw ! 137: .DE ! 138: .FS ! 139: \(dd If the \-k flag is not used when invoking ! 140: .I adb ! 141: the user must explicitly calculate virtual ! 142: addresses. With the ! 143: .B \-k ! 144: option ! 145: .I adb ! 146: interprets page tables to automatically ! 147: perform virtual to physical address translation. ! 148: .FE ! 149: .NH 2 ! 150: Establishing Context ! 151: .PP ! 152: During initialization ! 153: .I adb ! 154: attempts to establish the ! 155: context of the ``currently active process'' by examining ! 156: the value of the kernel variable \fImasterpaddr\fP. ! 157: This variable contains the virtual address of the ! 158: process context block of the last process which ! 159: was set executing by the \fISwtch\fP routine. ! 160: \fIMasterpaddr\fP normally provides sufficient information ! 161: to locate the current stack frame (via the stack ! 162: pointers found in the context block). ! 163: By locating the process context block for the process ! 164: .I adb ! 165: may then perform virtual to ! 166: physical address translation using that process's ! 167: in-core page tables. ! 168: .PP ! 169: When examining post-mortem dumps locating the ! 170: most recent stack frame of the last ! 171: currently active process can be nontrivial. ! 172: This is due to the different ways in which ! 173: state may be saved after a nonrecoverable error. ! 174: Crashes may or may not be ``clean'' (i.e. ! 175: the top of the interrupt stack contains a pointer ! 176: to the process's ! 177: kernel mode stack pointer and program counter); ! 178: an ``unclean'' crash will occur, for instance, ! 179: if the interrupt stack overflows. When ! 180: .I adb ! 181: is invoked on a post-mortem crash dump it tries ! 182: to automatically establish the proper stack frame. ! 183: This is done by first checking the stack pointer ! 184: normally saved in the restart parameter ! 185: block at \fIrpb\fP+1fc (or \fIscb\fP\-4). If this ! 186: value does not point to a valid stack frame, ! 187: .I adb ! 188: searches the interrupt stack looking for a valid stack ! 189: frame. Should this also fail ! 190: .I adb ! 191: then searches the kernel ! 192: stack located in the user structure associated with ! 193: the last executing process. If ! 194: .I adb ! 195: is able to locate a valid stack frame using this procedure ! 196: the command ! 197: .DS ! 198: .cw ! 199: $c ! 200: .pw ! 201: .DE ! 202: will generate a stack trace from the last point at which ! 203: the kernel was executing on behalf of the user process ! 204: all the way ! 205: to the top of the user process's stack (e.g. to the ! 206: \fImain\fP routine in the user process). ! 207: Should ! 208: .I adb ! 209: be unable to locate a valid stack frame it prints a message ! 210: and the current state is left undefined. ! 211: When a stack trace of a particular process (other than that ! 212: which was currently executing) is desired, an ! 213: alternate method, described in \(sc2.4, should be used. ! 214: .PP ! 215: Additional information may be obtained from the kernel stack. ! 216: Discussion of that subject is postponed until command scripts ! 217: have been introduced; see \(sc2.2. ! 218: .ds RH "Command Scripts ! 219: .ne 2i ! 220: .NH ! 221: Command Scripts ! 222: .NH 2 ! 223: Extending the Formatting Facilities ! 224: .PP ! 225: Once the process context has been established, the ! 226: complete ! 227: .I adb ! 228: command set is available for interpreting ! 229: data structures. In addition, a number of ! 230: .I adb ! 231: scripts have ! 232: been created to simplify the structured printing of commonly ! 233: referenced kernel data structures. The scripts normally ! 234: reside in ! 235: the directory \fI/usr/lib/adb\fP, and are invoked ! 236: with the ``$<'' operator. ! 237: (A later table lists the standard scripts ! 238: distributed with the system.) ! 239: .PP ! 240: As an example, consider the following listing which ! 241: contains a dump of a faulty process's state ! 242: (our typing is shown emboldened). ! 243: .ID ! 244: .DT ! 245: .cw ! 246: % \fBadb \-k vmunix.175 vmcore.175\fP ! 247: sbr 5868 slr 2770 ! 248: p0br 5a00 p0lr 236 p1br 6600 p1lr fff0 ! 249: panic: dup biodone ! 250: \fB$c\fP ! 251: _boot() from _boot+f3 ! 252: _boot(0,0) from _panic+3a ! 253: _panic(800413d0) from _biodone+17 ! 254: _biodone(800791e8) from _rxpurge+23 ! 255: _rxpurge(80044754) from _rxstart+5a ! 256: _rxstart(80044754) from 80031df8 ! 257: _rxintr(0) from _Xrxintr0+11 ! 258: _Xrxintr0(45b01,3aaf4) from 457f ! 259: _Syssize(3aaf4) from 365a ! 260: _Syssize() from 19a8 ! 261: ?() from 2ff3 ! 262: _Syssize(4,7fffe834) from 9cf3 ! 263: _Syssize(4,7fffe834,7fffe848) from 37 ! 264: ?() ! 265: \fBu$<u\fP ! 266: _u: ! 267: _u: ksp usp ! 268: 7fffff94 7fffe24c ! 269: r0 r1 r2 r3 ! 270: 12e000 80044e60 800661bc 15fd1 ! 271: r4 r5 r6 r7 ! 272: 13 4 80065114 16544 ! 273: r8 r9 r10 r11 ! 274: a0 80066de8 15a08 80000000 ! 275: ap fp pc psl ! 276: 7fffffe8 7fffffa4 80029ed2 180000 ! 277: p0br p0lr p1br p1lr ! 278: 802f5a00 4000236 7faf6600 1ffff0 ! 279: szpt cmap2 sswap ! 280: 6 94000e59 0 ! 281: _u+80: procp ar0 comm ! 282: 80066de8 80000000 ccom^@^@^@^@^@^@^@^@^@^@^@^@ ! 283: _u+9c: arg0 arg1 arg2 ! 284: 46bfc 3aefc 0 ! 285: _u+bc: uap qsave ! 286: 7fffec9c 7fffffa4 8002a11a ! 287: _u+f8: rv1 rv2 error eosys ! 288: 0 3aafa 0 03 ! 289: 7fffed02: uid ruid gid rgid ! 290: 2025 2025 10 10 ! 291: 7fffed0a: groups ! 292: 10 0 2 3 11 79 -1 -1 ! 293: -1 -1 -1 -1 -1 -1 -1 -1 ! 294: ! 295: 7fffed2c: tsize dsize ssize ! 296: aa 18c 6 ! 297: 7fffeff0: odsize ossize outime ! 298: 52 40 0 ! 299: 7fffeffc: signal ! 300: 0 0 0 0 ! 301: 0 0 0 0 ! 302: 7a10 0 0 0 ! 303: 0 0 0 0 ! 304: 0 0 0 0 ! 305: 0 0 0 0 ! 306: 0 0 0 0 ! 307: 0 0 0 0 ! 308: sigmask ! 309: 0 4000 0 0 ! 310: 0 0 0 0 ! 311: 0 0 0 0 ! 312: 0 0 0 1 ! 313: 0 0 0 0 ! 314: 0 0 0 0 ! 315: 0 0 0 0 ! 316: 0 0 0 0 ! 317: 7ffff0fc: onstack sigintr oldmask ! 318: 0 0 80002 ! 319: 7ffff108: code sigstack onsigstack ! 320: 0 0 0 ! 321: 7ffff114: ofile ! 322: 80063e40 80063e58 80064ce0 0 ! 323: 0 0 0 0 ! 324: 0 0 0 0 ! 325: 0 0 0 0 ! 326: 0 0 0 0 ! 327: 0 0 0 0 ! 328: 0 0 0 0 ! 329: 0 0 0 0 ! 330: 0 0 0 0 ! 331: 0 0 0 0 ! 332: 0 0 0 0 ! 333: 0 0 0 0 ! 334: 0 0 0 0 ! 335: 0 0 0 0 ! 336: 0 0 0 0 ! 337: 0 0 0 0 ! 338: ! 339: pofile ! 340: 0 0 0 0 0 0 0 0 ! 341: 0 0 0 0 0 0 0 0 ! 342: 0 0 0 0 0 0 0 0 ! 343: 0 0 0 0 0 0 0 0 ! 344: 0 0 0 0 0 0 0 0 ! 345: 0 0 0 0 0 0 0 0 ! 346: 0 0 0 0 0 0 0 0 ! 347: 0 0 0 0 0 0 0 0 ! 348: 7ffff254: lastfile ! 349: 2 ! 350: 7ffff258: cdir rdir ttyp ttyd cmask ! 351: 80060f80 0 80056be8 106 02 ! 352: ! 353: ru ! 354: 7ffff268: utime stime ! 355: 1 15f90 1 cf850 ! 356: 7ffff278: maxrss ixrss idrss isrss ! 357: 432 28250 79590 0 ! 358: 7ffff288: minflt majflt nswap ! 359: 64 7 0 ! 360: 7ffff294: inblock oublock msgsnd msgrcv ! 361: 12 19 0 0 ! 362: 7ffff2a4: nsignals nvcsw nivcsw ! 363: 0 12 22 ! 364: 7ffff2b0: cru ! 365: 7ffff2b0: utime stime ! 366: 0 0 0 0 ! 367: 7ffff2c0: maxrss ixrss idrss isrss ! 368: 0 0 0 0 ! 369: 7ffff2d0: minflt majflt nswap ! 370: 0 0 0 ! 371: 7ffff2dc: inblock oublock msgsnd msgrcv ! 372: 0 0 0 0 ! 373: 7ffff2ec: nsignals nvcsw nivcsw ! 374: 0 0 0 ! 375: 7ffff2f8: itimers ! 376: 0 0 0 0 ! 377: 0 0 0 0 ! 378: 0 0 0 0 ! 379: 7ffff328: XXX ! 380: 0 0 0 ! 381: 7ffff334: start acflag ! 382: 1985 Nov 1 21:27:18 0 ! 383: 7ffff340: pr_base pr_size pr_off scale ! 384: 0 0 0 0 ! 385: 7ffff350: limits ! 386: 7fffffff 7fffffff 7fffffff 7fffffff ! 387: 600000 1000000 80000 1000000 ! 388: 7fffffff 7fffffff 123000 123000 ! 389: 7ffff380: quota qflags ! 390: 80074a18 0 ! 391: 7ffff388: nc_off nc_inum nc_dev nc_time ! 392: 284 2 8 1985 Nov 1 21:27:19 ! 393: 7ffff398: ni_dirp nameiop ni_err ni_pdir ni_bp ! 394: 7fffe8a8 41 0 200 800606c4 ! 395: 7ffff3a8: ni_base ni_count ni_iovec ni_iovcnt ! 396: 0 92 7ffff3a8 1 ! 397: 7ffff3b8: ni_offset ni_segflg ni_resid ! 398: 284 0 0 ! 399: 7ffff3c4: ni_dent.d_inum reclen namlen name ! 400: 19 72 9 ctm110435^@c^@^@^@ ! 401: \fB80066de8$<proc\fP ! 402: 80066de8: link rlink next prev ! 403: 80044e50 0 80067dec 8004e198 ! 404: ! 405: 80066df8: addr upri pri cpu stat time ! 406: 802f65d8 0150 0150 0330 03 04 ! 407: 80066e01: nice slp cursig sig ! 408: 0 0 0 0 ! 409: 80066e08: mask ignore catch ! 410: 0 0 80 ! 411: 80066e14: flag uid pgrp pid ppid ! 412: 1008001 2025 11019 11045 11043 ! 413: 80066e20: xstat ru poip szpt tsize ! 414: 0 0 0 6 aa ! 415: 80066e30: dsize ssize rssize maxrss ! 416: 18c 6 13c 918 ! 417: 80066e40: swrss swaddr wchan textp ! 418: 0 6d8 0 8006b400 ! 419: 80066e50: p0br xlink ticks ! 420: 802f5a00 0 0 ! 421: 80066e5c: %cpu ndx idhash pptr ! 422: +0.0000000000000000e+00 3ea4 106a 2e ! 423: 80066e68: cptr osptr ysptr ! 424: 80067dec 0 0 ! 425: 80066e74: real itimer ! 426: 0 0 0 0 ! 427: 80066e84: quota 0 ! 428: \fB8006b400$<text\fP ! 429: 8006b400: forw back ! 430: 1f30 0 ! 431: daddr ! 432: 0 0 0 0 ! 433: 0 0 0 0 ! 434: 0 0 2c2 aa ! 435: ! 436: ptdaddr size caddr iptr ! 437: 80066de8 8005f4a0 74 10001 ! 438: ! 439: rssize swrss count ccount flag slptim poip ! 440: 22 0 0100 031 0 0 0 ! 441: .pw ! 442: .DE ! 443: The cause of the crash was a ``panic'' ! 444: (see the stack trace) due to an inconsistency recognized ! 445: inside the \fIbiodone\fP routine. The majority ! 446: of the dump was done to illustrate the use of two command ! 447: scripts used to format kernel data structures. The ``u'' ! 448: script, invoked with the command ``u$<u'', is a lengthy series ! 449: of commands which pretty-prints the user structure. Likewise, ! 450: ``proc'' and ``text'' are scripts used to format the obvious ! 451: data structures. Let's quickly examine the ``text'' script (the ! 452: script has been broken into a number of lines for convenience ! 453: here; in actuality it is a single line of text). ! 454: .DS ! 455: .cw ! 456: \&./"forw"16t"back"n2Xn\e ! 457: "daddr"n12Xn\e ! 458: "ptdaddr"16t"size"16t"caddr"16t"iptr"n4Xn\e ! 459: "rssize"8t"swrss"8t"count"8t"ccount"8t"flag"8t"slptim"8t"poip"n2x4bx++n ! 460: .pw ! 461: .DE ! 462: The first line displays the pointers associated with the doubly ! 463: linked list used in managing text segments. ! 464: The second line produces the list of disk block addresses associated ! 465: with a swapped out text segment. The ``n'' format forces a new-line ! 466: character, with 12 hexadecimal integers printed immediately after. ! 467: Likewise, the remaining two lines of the command format the remainder ! 468: of the text structure. The expression ``16t'' causes ! 469: .I adb ! 470: to tab ! 471: to the next column which is a multiple of 16. ! 472: The last two plus operators are present ! 473: to round ``.'' to the end of the text structure. This allows the ! 474: user to reinvoke the format on consecutive text structures without ! 475: having to be concerned about proper alignment of ``.''. ! 476: .PP ! 477: The majority of the scripts provided are of this nature. ! 478: When possible, the formatting scripts print a data structure ! 479: with a single format to allow subsequent reuse when interrogating ! 480: arrays of structures. That is, the previous script could have ! 481: been written ! 482: .DS ! 483: .cw ! 484: \&./"forw"16t"back"n2Xn ! 485: +/"daddr"n12Xn ! 486: +/"ptdaddr"16t"size"16t"caddr"16t"iptr"n4Xn ! 487: +/"rssize"8t"swrss"8t"count"8t"ccount"8t"flag"8t"slptim"8t"poip"n2x4bx++n ! 488: .pw ! 489: .DE ! 490: but then reuse of the format would have invoked only the last ! 491: line of the format. ! 492: .NH 2 ! 493: Locating stack frames ! 494: .PP ! 495: It is frequently desirable to locate stack frames ! 496: in order to examine local and register variables. ! 497: In particular, frames created by a trap include saved values ! 498: of all registers and the trap context, and all registers are saved ! 499: upon a panic as well. ! 500: Two scripts are provided for tracing stack frames. ! 501: The first is capable of tracing through multiple frames, ! 502: printing the information common to each. ! 503: The second prints all of the information available ! 504: in the stack frame after a trap. ! 505: The following example illustrates their use. ! 506: .ID ! 507: .DT ! 508: .cw ! 509: % \fBadb -k vmunix.188 vmcore.188\fP ! 510: sbr 7068 slr 2770 ! 511: p0br 5a00 p0lr 74 p1br 5e00 p1lr fff0 ! 512: panic: Segmentation fault ! 513: \fB$c\fP ! 514: _boot() from 80029ddb ! 515: _boot(0,0) from _panic+3a ! 516: _panic(800447a8) from _trap+ac ! 517: _trap() from _Xtransflt+1d ! 518: _Xtransflt() from _Xsyscall+c ! 519: _Xsyscall(7fffe7ac,1b6) from 514 ! 520: ?(7fffe7ac) from 4ac ! 521: ?() from 196 ! 522: ?(2,7fffe810,7fffe81c) from 3d ! 523: ?() ! 524: \fB1000$s\fP ! 525: \fB*(rpb+1fc),4$<frame\fP ! 526: 7ffffe74: handler psr mask ! 527: 0 0 2101 ! 528: ap fp pc ! 529: 7ffffec0 7ffffe9c 80029ddb _boot+103 ! 530: ! 531: 7ffffe9c: handler psr mask ! 532: 0 0 2f00 ! 533: ap fp pc ! 534: 7fffff14 7ffffed0 80012de2 _panic+3a ! 535: ! 536: 7ffffed0: handler psr mask ! 537: 0 0 2fff ! 538: ap fp pc ! 539: 7fffff70 7fffff2c 8002a408 _trap+ac ! 540: ! 541: 7fffff2c: handler psr mask ! 542: 0 0 2fff ! 543: ap fp pc ! 544: 7fffffe8 7fffffa4 80001031 _Xtransflt+1d ! 545: ! 546: \fB<1$<trapframe\fP ! 547: 7fffff2c: handler psr mask ! 548: 0 0 2fff ! 549: ap fp pc ! 550: 7fffffe8 7fffffa4 80001031 _Xtransflt+1d ! 551: r0 r1 r2 r3 ! 552: 0 80046988 80046a00 800728db ! 553: r4 r5 r6 r7 ! 554: 800728b0 80054158 80063a60 80066ee0 ! 555: r8 r9 r10 r11 ! 556: 80041b80 8 7fffe578 80000000 ! 557: 7fffff70: nargs sp type code ! 558: 0 7fffe560 8 2a50b6ca ! 559: pc (pc) ps ! 560: 80001651 _Swtch+2b d80008 ! 561: \fB80001651?i\fP ! 562: _Swtch+2b: remque *0(r1),r2 ! 563: \fB80046988/X\fP ! 564: _qs: ! 565: _qs: 2a50b6ca ! 566: .pw ! 567: .DE ! 568: .PP ! 569: The example shows a panic due to a segmentation fault. ! 570: The command ``1000$s'' expands the range over which addresses will be ! 571: displayed symbolically. ! 572: The back trace indicates that the trap occurred four frames ! 573: from the end; ! 574: as the frame pointer is stored at \fIrpb\fP+1fc, the command ! 575: ``*(rpb+1fc),4$<frame'' prints the last four stack frames; ! 576: ``*(rpb+1fc)'' is the initial frame pointer, and the count determines the number ! 577: of frames to print. ! 578: Having located the stack frame after the trap (the frame with a return PC ! 579: of Xtransflt+1d), that frame may be displayed again using the script ! 580: for a trap frame. ! 581: The previous frame pointer was left in register 1 by the previous script, ! 582: and thus ``<1$<trapframe'' displays the state at the time of the trap. ! 583: The PC at the time of the fault is shown on the last line from the script, ! 584: with the faulting address listed as the code in the previous line. ! 585: The instruction that caused the fault can then be examined. ! 586: In this example, the instruction was a remque that used a displacement ! 587: addressing mode indirecting through R1. ! 588: The location to which the register points is the first of the process ! 589: run queues, and its first element can be seen to be corrupted; ! 590: its forward pointer, 2a50b6ca, is invalid and is the address that caused ! 591: the fault. ! 592: .NH 2 ! 593: Traversing Data Structures ! 594: .PP ! 595: The ! 596: .I adb ! 597: command language can be used to traverse complex data ! 598: structures. One data structure, a linked list, occurs ! 599: quite often in the kernel. By using ! 600: .I adb ! 601: variables and the ! 602: normal expression operators it is a simple matter to construct ! 603: a script which chains down a list printing each element ! 604: along the way. ! 605: .PP ! 606: For instance, the queue of processes awaiting timer events, ! 607: the callout queue, is printed with the following two scripts: ! 608: .ID ! 609: .cw ! 610: .in +5 ! 611: .ne 3 ! 612: .ti -5 ! 613: \fBcallout\fP: ! 614: calltodo/"time"16t"arg"16t"func"12+ ! 615: *+$<callout.next ! 616: .sp 1 ! 617: .ne 6 ! 618: .ti -5 ! 619: \fBcallout.next\fP: ! 620: \&./Dpp ! 621: *+>l ! 622: ,#<l$< ! 623: <l$<callout.next ! 624: .in -5 ! 625: .pw ! 626: .DE ! 627: The first line of the script \fBcallout\fP starts the traversal ! 628: at the global symbol ! 629: \fIcalltodo\fP and prints a set of headings. ! 630: It then skips the empty portion of the structure used ! 631: as the head of the queue. ! 632: The second line then invokes the script \fBcallout.next\fP ! 633: moving ``.'' to ! 634: the top of the queue (``*+'' performs the indirection ! 635: through the link entry of the structure at the head of the queue). ! 636: .PP ! 637: \fBcallout.next\fP prints values for each column, then performs ! 638: a conditional test on the link to the next entry. This test ! 639: is performed as follows, ! 640: .IP "*+>l" 9 ! 641: Place the value of the ``link'' in the ! 642: .I adb ! 643: variable ``<l''. ! 644: .IP ",#<l$<" ! 645: If the value stored in ``<l'' is non-zero, then the current ! 646: input stream (i.e. the script \fBcallout.next\fP) is terminated. ! 647: Otherwise, the expression ``#<l'' will be zero, and the ``$<'' ! 648: will be ignored. That is, the combination of the logical negation ! 649: operator ``#'', the ! 650: .I adb ! 651: variable ``<l'', and the ``$<'' operator ! 652: creates a statement of the form, ! 653: .DS ! 654: .cw ! 655: if (!link) exit; ! 656: .pw ! 657: .DE ! 658: The remaining line of \fBcallout.next\fP simply reapplies the ! 659: script on the next element in the linked list. ! 660: .LP ! 661: A sample \fIcallout\fP dump is shown below. ! 662: .ID ! 663: .cw ! 664: % \fBadb \-k /vmunix /dev/mem\fP ! 665: sbr 8001f864 slr d9c ! 666: p0br 800efa00 p0lr 8e p1br 7f8efe00 p1lr 1ffff2 ! 667: \fB$<callout\fP ! 668: _calltodo: ! 669: _calltodo: time arg func ! 670: 8004ecfc: 26 0 _dzscan ! 671: 8004ed0c: 8 0 _upwatch ! 672: 8004ed1c: 0 0 _ip_timeo ! 673: 8004ed5c: 0 0 _tcp_timeo ! 674: 8004ed6c: 0 0 _rkwatch ! 675: 8004ecfc: 52 0 _dzscan ! 676: 8004ed2c: 68 _Syssize+70 _tmtimer ! 677: 8004ed3c: 2920 0 _memenable ! 678: .pw ! 679: .DE ! 680: .NH 2 ! 681: Supplying Parameters ! 682: .PP ! 683: If one is clever, a command script may use the address ! 684: and count portions of an ! 685: .I adb ! 686: command as parameters. An example of ! 687: this is the \fBsetproc\fP script used to switch to the ! 688: context of a process with a known process-id: ! 689: .DS ! 690: .cw ! 691: 0t99$<setproc ! 692: .pw ! 693: .DE ! 694: The body of \fBsetproc\fP is ! 695: .DS ! 696: .cw ! 697: \&.>4 ! 698: *nproc>l ! 699: *proc>f ! 700: $<setproc.nxt ! 701: .pw ! 702: .DE ! 703: while \fBsetproc.nxt\fP is ! 704: .DS ! 705: .cw ! 706: (*(<f+0t52))&0xffff="pid "D ! 707: ,#((*(<f+0t52)&0xffff)-<4)$<setproc.done ! 708: <l-1>l ! 709: <f+0t164>f ! 710: ,#<l$< ! 711: $<setproc.nxt ! 712: .pw ! 713: .DE ! 714: The process-id, supplied as the parameter, is stored in the ! 715: variable ``<4'', the number of processes is placed in ``<l'', ! 716: and the base of the array of process structures in ``<f''. ! 717: \fBsetproc.nxt\fP then performs a linear search through the ! 718: array until it matches the process-id requested, or until ! 719: it runs out of process structures to check. The script ! 720: \fBsetproc.done\fP simply establishes the context of the ! 721: process, then exits. ! 722: .NH 2 ! 723: Standard Scripts ! 724: .PP ! 725: The following table summarizes the command scripts supplied ! 726: with 4.3BSD; these scripts are found in the directory \fI/usr/lib/adb\fP. ! 727: .TS H ! 728: center, box; ! 729: c s s ! 730: l | l | l ! 731: lb | l | l. ! 732: Standard Command Scripts ! 733: _ ! 734: Name Use Description ! 735: _ ! 736: .TH ! 737: buf \fIaddr\fP$<\fBbuf\fP format block I/O buffer ! 738: callout $<\fBcallout\fP print timer queue ! 739: clist \fIaddr\fP$<\fBclist\fP format character I/O linked list ! 740: dino \fIaddr\fP$<\fBdino\fP format directory inode ! 741: dir \fIaddr\fP$<\fBdir\fP format directory entry ! 742: dirblk \fIaddr\fP$<\fBdirblk\fP scan directory entries ! 743: dmap \fIaddr\fP$<\fBdmap\fP format a disk-map structure ! 744: dmcstats $<\fBdmcstats\fP dump statistics for dmc0 ! 745: file \fIaddr\fP$<\fBfile\fP format open file structure ! 746: filsys \fIaddr\fP$<\fBfilsys\fP format in-core super block structure ! 747: findinode \fIinum\fP$<\fBfindinode\fP find an inode in the in-core inode table ! 748: findproc \fIpid\fP$<\fBfindproc\fP find process by process id ! 749: frame \fIaddr\fP,\fIcount\fP$<\fBframe\fP trace \fIcount\fP stack frames starting at \fIaddr\fP ! 750: hosts \fIaddr\fP$<\fBhosts\fP format IMP host table entries ! 751: hosttable \fIaddr\fP$<\fBhosttable\fP show all IMP host table entries ! 752: ifaddr \fIaddr\fP$<\fBifaddr\fP format a network interface address structure ! 753: ifnet \fIaddr\fP$<\fBifnet\fP format network interface structure ! 754: ifuba \fIaddr\fP$<\fBifuba\fP format UNIBUS resource structure ! 755: imp \fIaddr\fP$<\fBimp\fP format an IMP interface state structure ! 756: in_ifaddr \fIaddr\fP$<\fBin_ifaddr\fP format internet network addresses for an interface ! 757: inode \fIaddr\fP$<\fBinode\fP format in-core inode structure ! 758: inpcb \fIaddr\fP$<\fBinpcb\fP format internet protocol control block ! 759: iovec \fIaddr\fP$<\fBiovec\fP format a list of \fIiov\fP structures ! 760: ipreass \fIaddr\fP$<\fBipreass\fP format an ip reassembly queue ! 761: mact \fIaddr\fP$<\fBmact\fP show ``active'' list of mbuf's ! 762: mba_device \fIaddr\fP$<\fBmba_device\fP format an MBA device structure ! 763: mba_hd \fIaddr\fP$<\fBmba_hd\fP format an MBA queue head ! 764: mbstat $<\fBmbstat\fP show mbuf statistics ! 765: mbuf \fIaddr\fP$<\fBmbuf\fP show ``next'' list of mbuf's ! 766: mbufchain \fIaddr\fP$<\fBmbufchain\fP display a chain of mbufs queued at a socket ! 767: mbufs \fIaddr\fP$<\fBmbufs\fP show a number of mbuf's ! 768: mount \fIaddr\fP$<\fBmount\fP format mount structure ! 769: nameidata \fIaddr\fP$<\fBnameidata\fP format a namei parameter block ! 770: packetchain \fIaddr\fP$<\fBpacketchain\fP format a chain of packets ! 771: pcb \fIaddr\fP$<\fBpcb\fP format process context block ! 772: proc \fIaddr\fP$<\fBproc\fP format process table entry ! 773: protosw \fIaddr\fP$<\fBprotosw\fP format a protocol switch entry ! 774: quota \fIaddr\fP$<\fBquota\fP format a disk quota structure ! 775: rawcb \fIaddr\fP$<\fBrawcb\fP format a raw protocol control block ! 776: rtentry \fIaddr\fP$<\fBrtentry\fP format a routing table entry ! 777: rusage \fIaddr\fP$<\fBrusage\fP format a resource usage structure ! 778: setproc \fIpid\fP$<\fBsetproc\fP switch process context to \fIpid\fP ! 779: socket \fIaddr\fP$<\fBsocket\fP format socket structure ! 780: stat \fIaddr\fP$<\fBstat\fP format a stat structure ! 781: tcpcb \fIaddr\fP$<\fBtcpcb\fP format TCP control block ! 782: tcpip \fIaddr\fP$<\fBtcpip\fP format a TCP/IP packet header ! 783: tcpreass \fIaddr\fP$<\fBtcpreass\fP show a TCP reassembly queue ! 784: text \fIaddr\fP$<\fBtext\fP format text structure ! 785: traceall $<\fBtraceall\fP show stack trace for all processes ! 786: trapframe \fIaddr\fP$<\fBtrapframe\fP format a stack frame generated by a trap ! 787: tty \fIaddr\fP$<\fBtty\fP format tty structure ! 788: u \fIaddr\fP$<\fBu\fP format user vector, including pcb ! 789: ubadev \fIaddr\fP$<\fBubadev\fP format a UBA device structure ! 790: ubahd \fIaddr\fP$<\fBubahd\fP format a UNIBUS header structure ! 791: unpcb \fIaddr\fP$<\fBunpcb\fP format a UNIX domain protocol control block ! 792: .TE ! 793: .ds RH "Summary ! 794: .NH ! 795: Summary ! 796: .PP ! 797: The extensions made to ! 798: .I adb ! 799: provide basic support for debugging the ! 800: .UX ! 801: kernel by eliminating the need for a user to carry ! 802: out virtual to physical address translation and by automatically ! 803: locating the stack frame after a system crash. A collection ! 804: of scripts have been written to format the major ! 805: kernel data structures and aid in switching between ! 806: process contexts. These facilities have been implemented with ! 807: only minimal changes to the debugger. While the symbolic debugger ! 808: .I dbx ! 809: provides facilities similar to those described here it is ! 810: not yet a viable alternative to ! 811: .I adb ! 812: because ! 813: .I dbx ! 814: takes too long to read in the symbol table. As soon as ! 815: this problem is corrected there will be only limited need for ! 816: the facilities provided by \fIadb\fP.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.