Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
18.  Debugging The kadb Kernel Debugger Starting kadb  Previous   Contents   Next 
   
 

In this example, the 32-bit version of the alternate kernel kernel.test was booted. Another option is to pass kadb the -d flag, which causes kadb to prompt for the kernel name. The -d flag also causes kadb(1M) to provide a prompt after it has loaded the kernel, so breakpoints can be set.

ok boot kadb -d
...
Rebooting with command: boot kadb -d
Boot device: /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@0,0:a  File
and args: kadb -d
kadb: kernel.test/unix
Size: 482384+67201+88883 Bytes
/platform/sun4u/kernel.test/unix loaded - 0xfc000 bytes used
stopped at      _start:         sethi   %hi(0x10006c00), %g1
kadb[0]: 

At this point you can set breakpoints or continue execution with the :c command.


Note - Kernel modules are dynamically loaded. Consequently, driver symbols are not available until the driver is loaded. To set breakpoints in modules that have not been loaded, use deferred breakpoints. For information on deferred breakpoints, refer to "Breakpoints".


kadb(1M) passes any kernel flags to the booted kernel. For example, to boot an alternate kernel and pass the -r flag:

ok boot kadb -r -D kernel.test/unix
...
Rebooting with command: boot kadb -r -D kernel.test/unix
Boot device: /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@0,0:a
File and args: kadb -r -D kernel.test/unix
kadb: kernel.test/unix
Size: 482384+67201+88883 Bytes
/platform/sun4u/kernel.test/unix loaded - 0xfe000 bytes used
SunOS Release 5.9 Version Generic 32-bit
Copyright 1983-2002 Sun Microsystems, Inc.  All rights reserved.
obpsym: symbolic debugging is available.
Read 208377 bytes from misc/forthdebug
configuring IPv4 interfaces: le0.
Hostname: test
Configuring /dev and /devices

After the system is booted, sending a break passes control to kadb(1M). A break is generated with STOP-A (on the console of SPARC machines), or with F1-A (on the console of IA machines), or by using ~# (if the console is connected through a tip window).

...

The system is ready.

test console login: ~#
stopped at      edd000d8:       ta      %icc,%g0 + 125
kadb[0]: 

The number in brackets is the CPU that kadb(1M) is currently executing on; the remaining CPUs are halted. The CPU number is zero on a uniprocessor system.


Caution - Before rebooting or turning off the power, always halt the system cleanly (with init 0 or shutdown). Buffers might not be flushed otherwise. If the shutdown must occur from the boot PROM prompt, make sure to flush buffers using the sync command at the ok prompt.


To return control to the operating system, use :c.

kadb[0]: :c
test console login: 

Exiting kadb

To exit kadb(1M), use $q. On SPARC machines, this will exit to the ok prompt. On IA machines, you will be prompted to reboot the system.

kadb[0]: $q
Type `go' to resume
ok 

kadb(1M) can be resumed by typing go at the ok prompt.


Caution - No other commands should be performed from the PROM if the system is to be resumed. PROM commands other than go can change system state that the Solaris 9 operating environment depends upon.


Staying at the kadb(1M) prompt for too long can cause the system to lose track of the time of day, and can cause network connections to time out.

kadb Command Usage

The general form of a kadb command is:

    [ address ] [ ,count ] command [;]

If address is omitted, the current location is used (`.' could also be used to represent the current location). The address can be a kernel symbol. If count is omitted, it defaults to 1.

Commands to kadb consist of a verb followed by a modifier or list of modifiers. Verbs can be:

/

Prints locations starting at address in the kernel address space

=

Prints the value of address itself

>

Assigns a value to a debugger variable or machine register

<

Reads a value from a debugger variable or machine register

RETURN

Repeats the previous command with a count of 1. Increments `.' (the current location)

With / and =, output format specifiers can be used. Lowercase letters normally print 2 bytes, uppercase letters print 4 bytes. The values of these specifiers are:

o, O

2-, 4-byte octal

g

8-byte octal

G

8-byte unsigned octal

d, D

2-, 4-byte decimal

e

8-byte decimal

E

8-byte unsigned decimal

x, X

2-, 4-byte hexadecimal

J

8-byte hexadecimal

K

4-byte hexadecimal for 32-bit programs, 8-byte hexadecimal for 64-bit programs. Use this format specifier to examine pointers.

u, U

2-, 4-byte unsigned decimal

c

Prints the addressed character

C

Prints the addressed character using ^ escape notation

s

Prints the addressed string

S

Prints the addressed string using ^ escape notation

i

Prints as machine instructions (disassemble)

a

Prints the value of `.' in symbolic form

w, W

2-, 4-byte write

Z

8-byte write


Caution - When using w, W or Z to modify a kernel variable, make sure that the size of the variable matches the size of the write you are performing. If you specify an incorrect size you could corrupt neighboring data.


For example, to set a bit in the moddebug variable when debugging a driver, first examine the value of moddebug, then set it to the desired bit.

kadb[0]: moddebug/X
moddebug:
moddebug:       1000
kadb[0]: moddebug/W 0x80001000
moddebug:       0x1000 = 0x80001000

Routines can be disassembled with the `i' command. This is useful when tracing crashes, since the only information might be the program counter at the time of the crash. For example, to print the first four instructions of the kmem_alloc function:

kadb[0]: kmem_alloc,4/i
kmem_alloc:
kmem_alloc: save    %sp, -0x60, %sp
sub     %i0, 0x1, %l6
sra     %l6, 0x3, %i5
tst     %i5

Specify symbolic notation with the `a' command, to show the addresses:

kadb[0]: kmem_alloc,4/ai
kmem_alloc:    
kmem_alloc:     save    %sp, -0x60, %sp
kmem_alloc+4:   sub     %i0, 0x1, %l6
kmem_alloc+8:   sra     %l6, 0x3, %i5
kmem_alloc+0xc: tst     %i5
 
 
 
  Previous   Contents   Next