| 
        ikdebug - Integrated kernel debugger
        The ikdebug debugger is the integrated interactive mode of
       the kdebug kernel debugger. It provides  interactive  symbolic
  kernel  debugging without the need of a second host
       system to run dbx or kdbx. Its command syntax  is  derived
       from the Mach microkernel debugger ddb.
   Configuration    [Toc]    [Back]
       This  debugger  is  included  as part of the kdebug kernel
       debugger module. It is configured by enabling  the  kdebug
       module  in your system configuration file. When the kernel
       is booted with this debugger, the following  message  will
       be  displayed during boot: Loading vmunix symbol table ...
       [XXX bytes]
       If the kernel is booted with the k flag, the standard kdebug
 behavior is activated.
       If the kernel is booted with the e flag, the kernel enters
       the interactive debugger. This allows  breakpoints  to  be
       set  early  in the bootstrap process. The normal bootstrap
       sequence is resumed using the debugger continue command.
       If neither flag is specified, the  kernel  boots  normally
       and  the  interactive debugger is available through a console
 escape sequence described in the next section.
       The following kernel tunable parameters are available: The
       console  escape  string is defined by this parameter. This
       string defaults to "" (null) which disables  the  feature.
       It  may  be  overridden  by  adding  the  following to the
       /etc/sysconfigtab file:
              kdebug:
                     kdebug_escape = fred
              As this is the value  with  which  you  invoke  the
              debugger,  the  string  should be easy to remember.
              Avoid strings that might cause you to  accidentally
              invoke the debugger.
              Alternatively,  the escape string can be changed at
              runtime by running the following command as root: #
              sysconfig -r kdebug kdebug_escape=ethyl
              Also, the console escape can be disabled by setting
              the escape sequence to the null  string  using  the
              following  command:  #  sysconfig  -r  kdebug  kdebug_escape=
 Using this parameter, the debugger  can
              be  configured  to stop automatically when a kernel
              panic occurs. By default this feature is  disabled.
              This  parameter  controls whether the debugger uses
              the kernel console driver or console firmware callbacks
  to perform I/O to the console.  A value of 1
              selects the kernel console driver while value of  0
              selects  console  firmware  callbacks. The debugger
              automatically selects the appropriate value depending
  on  the  system type.  This parameter controls
              the debugger use of the console SAVETERM  function.
              A  value  of  1  causes the SAVETERM function to be
              called on debugger entry while a value  of  0  disables
  the SAVETERM function call. This tuneable is
              only meaningful when a graphics console is  in  use
              and  the parameter kdebug_unix_console is set to 0,
              enabling console firmware callbacks.
   Entering and Exiting    [Toc]    [Back]
       The debugger is  entered  automatically  during  a  kernel
       panic,  after  any  system dump is generated, and before a
       reboot. To continue with the  reboot  operation,  use  the
       continue  or quit commands. The current thread will be the
       one that generated the panic.  You  may  also  invoke  the
       debugger manually. If you are logged in to the system console
 on a serial line, typing  the  kernel  tuneable  kdebug_escape
  string  will  drop  you into the debugger. The
       debugger escape sequence is recognized at all times.
       You can exit the debugger by entering  the  continue  command,
 or the command abbreviation c.
   Interacting With ikdebug    [Toc]    [Back]
       When you enter the debugger (or if it is invoked automatically),
 ikdebug places you in the context of the task  and
       thread  that  were active just before the debugger assumed
       control.  Note that all system activity on the current CPU
       is  suspended  until you enter a command to the debugger's
       prompt.
       Once invoked, the debugger's general  command  set  allows
       you  to  examine or modify register and address space contents.
 You can also call functions, set breakpoints,  execute
  instructions  a  step  at  a time, and perform stack
       trace operations.
       The debugger provides the abstraction of a  current  location,
 which, in keeping with UNIX style, is referred to as
       dot (.).  This dot represents the address  that  the  next
       command  will  use  if  you  do  not  provide an alternate
       address.
       The examine and write commands update dot to  the  address
       of  the  last line examined or the last location modified,
       and set next to the address of the  next  location  to  be
       examined or changed. Other commands do not change dot, and
       set next to be the same as dot. See the  Synopsis  section
       for an explanation of the command syntax.
   Address Space Issues    [Toc]    [Back]
       No  matter  how  the  debugger is invoked, you always have
       access to the kernel's address space. You also have access
       to a single user address space.  If the system was executing
 in the context of a  user  task  just  before  ikdebug
       assumed  control,  that  task is the current task.  Otherwise,
 ikdebug sets the current task to the user task  that
       was  last  executed.  In either case, the address space of
       the current task is the one available by default.
       You may access a non-current user task's address space  by
       naming  a  thread  belonging to that task. You can use the
       "show" facility to determine such a task's identity.
       In general, the accessibility of a given  virtual  address
       depends upon whether or not the corresponding page resides
       in main memory. If the page is not resident, it is  likely
       that you will not be able to access the contents.
   Multipage Output Facility    [Toc]    [Back]
       The  ikdebug  debugger  has a feature similar to the shell
       command more for managing the display of  multipaged  output.
   If  an  output  line  exceeds the number set in the
       $lines variable, it displays the message  --db_more--  and
       waits  for  a  response.  Valid  responses are as follows:
       Press the Spacebar to display  one  more  page  Press  the
       Return  key  to  display  one more line Press the Q key to
       abort the current command, and return to the command input
       mode.
       Any  other  character  displays  a single line, as for the
       Return key.
   Commands and Parameters    [Toc]    [Back]
       The general command syntax is: command [/modifier] address
       [,count]
       Specifying  address sets dot to the address.  Omitting the
       address uses the default address, dot. A missing count  is
       taken  to be 1 for printing commands or infinity for stack
       traces. The string !!  repeats the previous  command,  and
       the string "." repeats from the address next with the same
       count and modifiers.
       Multi-threaded debugging is supported by ikdebug.  Threadspecific
 breakpoints can be set, and the address space and
       registers of a non-current thread can be examined or modified
 if supported by machine dependent routines. For example,
 the command: break/t mach_msg_trap $task11.0
       sets a breakpoint at mach_msg_trap for the first thread of
       task 11 listed by a show all threads command.
       In the example, $task11.0 is translated to the corresponding
 thread structure's address by the variable translation
       mechanism  described  later  in  this reference page. If a
       default target thread is set in the variable $thread,  the
       $task11.0  argument  can  be omitted.  In general, if t is
       specified as a modifier of a command line,  the  specified
       thread  (or the current default target thread) is used for
       the command instead of the current thread  --  the  thread
       that  was running when ikdebug was entered. The t modifier
       in a command line is not valid in  evaluating  expressions
       in  a command line.  If you want to get a value indirectly
       from a specific thread's address space or  access  to  its
       registers  within  an  expression,  you  have to specify a
       default target thread in advance, and to use the :t  modifier
 immediately after the indirect access or the register
       reference as follows: set $thread $task11.0 print $a0:t
       The following are the commands accepted by ikdebug.   Each
       command  may  be  specified using the shortest unambiguous
       prefix of its name. In addition, a  few  commands  may  be
       given  as  a  single letter, even though this is not unambiguous.
 Commands specifiable with one  letter  are  indicated
  by  putting  the letter in parens after the command
       name, as in examine(x).  Enables you to set  a  breakpoint
       at  addr.   If  count  is supplied, the debugger continues
       count-1 times before stopping at the breakpoint.   If  the
       breakpoint  is set, a breakpoint number is printed with #.
       This number can be used in deleting the breakpoint.  Set a
       breakpoint  only  for  a  specific  thread.  The thread is
       specified by the thread parameter, or the  default  thread
       is  used if the parameter is omitted.  Set a breakpoint at
       a user-space address. It may be combined with a  t  or  T.
       option  (plus  a  thread  argument)  to specify an address
       space other than the current one.  This  option  is  never
       required.  Without it, supplying a user-space address will
       produce a warning, but will not cause an  error.  However,
       with  the  option,  a  kernel-space  address will cause an
       error. This option can be used only if it is supported  by
       machine  dependent  routines.   Set  a breakpoint only for
       threads in a specific task.   It  is  like  the  t  option
       except  that the breakpoint is valid for all threads which
       belong to the same task as the  specified  target  thread.
       Set  a breakpoint in shared user space address. It is like
       the u option, except that the breakpoint is valid for  all
       threads  which  share the same address space even if the t
       option is specified.  The t option is used only to specify
       the  target  shared  space.  Without the t option, u and U
       have the same meanings.  The U option is useful  for  setting
  a user space breakpoint in non-current address space
       with the t option such as in an emulation  library  space.
       This option can be used only if it is supported by machine
       dependent routines.
                                     Note
              Note that if user text  is  shadowed  by  a  normal
              user-space debugger, user-space breakpoints may not
              work correctly.  Call the function named func passing
  it the parameters in arg-list. After the function
 runs, the debugger  will  display  its  return
              value.
              A  single exclamation point may be used as a shorthand
 for call, for example !rpcc()".  Continue execution
  until  a  breakpoint.  If c is given, count
              instructions while  executing.  Some  systems  will
              also count loads and stores.
              Note  that,  when  counting, the debugger is really
              silently single-stepping.  This means  that  the  c
              option  can  easily  cause  unexpected behavior, by
              single-stepping through low-level code.  On an  SMP
              system,  switch  the current CPU.  This affects the
              identity of the current context (task plus thread).
              A CPU must already be in the debugger to become the
              current CPU. If the command targets a CPU on  which
              ikdebug  is inactive, the debugger ignores the command
 and  prints  an  error  message.   Delete  the
              breakpoint.  The target breakpoint can be specified
              by a breakpoint number with #, or by addr as specified
  in  the break command.  Display the addressed
              locations according to the formats in the modifier.
              Multiple  modifier  formats  display multiple locations.
 If no format is specified, the last  formats
              specified  for this command is used.  Address space
              other than that of the current thread can be specified
  with  the t option in the modifier and thread
              parameter. The format characters  are:  examine  by
              bytes  (8  bits)  examine  by  half words (16 bits)
              examine by long words (32  bits)  examine  by  quad
              words (64 bits) print the location being displayed,
              symbolically if possible; any symbol  close  enough
              to  the  location  will  be used print the location
              being displayed,  symbolically  if  possible;  only
              procedure  names  will be used, and if possible the
              source-level file name and line number of the definition
  will  be  output  display  in  unsigned hex
              display in unsigned octal display in signed decimal
              display in unsigned decimal display in current output
 radix ($oradix), signed display low 8 bits as a
              character. Non-printing characters are displayed as
              an octal escape code (\000).  display the null-terminated
  string at the location. Non-printing characters
 are displayed as octal escapes.  display  in
              unsigned hex with character dump at the end of each
              line. The location is also displayed in hex at  the
              beginning  of each line.  display as an instruction
              display as an instruction including  register  contents
  Displays  detailed  help, a summary or usage
              for the specified command. If no command is  specified,
 all commands are displayed.  Display detailed
              help for the specified command  Display  a  command
              summary for the specified command Display a command
              usage for the specified command Print addrs according
  to the modifier character.  Valid formats are:
              a A x o d u r c. (These are the same formats as for
              the  examine command, except that the u format here
              corresponds to the u format there.)  If no modifier
              is specified, the last one specified to it is used.
              Each addr  argument  can  be  a  string,  which  is
              printed  literally,  with  printf(3)  style  escape
              sequences.  For example, print/x "pc = " $pc  "\nra
              = " $ra "\n"
              will  print the line pc = xxxxxx ra = yyyyyy Search
              memory for a value.  This  command  might  fail  in
              interesting  ways if it does not find the searchedfor
 value.  This is because ikdebug does not always
              recover  from  touching  bad  memory.  The optional
              count argument limits the search.   Set  the  named
              variable  or register with the value of expr. Valid
              variable names are described  below.   Single  step
              count  times. If -p option is specified, print each
              instruction at each step. Otherwise, only print the
              last instruction.
                                    Warning
              Depending  on  machine type, it may not be possible
              to single-step through some low-level code paths or
              user space code. On machines with software-emulated
              single-stepping (i860), stepping through code  executed
  by  interrupt  handlers  is not recommended.
              Stack  trace.   The  /u  option  causes  traces  to
              include  stack  frames  in  user space; if omitted,
              traces include only frames in kernel space.  If the
              /t option is specified, it shows the stack trace of
              the specified thread or a  default  target  thread.
              Otherwise,  it shows the stack trace of the current
              thread from the frame address specified by a parameter
  or  from the current frame.  The count is the
              number of frames to be traced.   If  the  count  is
              omitted, all frames are printed. The /T option outputs
 a trace for all threads within a task. In this
              case  only,  <thread_addr>  may  refer  either to a
              thread or to a task. To begin (or  resume)  tracing
              the threads of a task at a thread other than thread
              0, just name the desired thread (as in  $task4.27).
                                     Note
              If  the  target  thread's  stack is not in the main
              memory at that time, the  stack  trace  will  fail.
              User space stack trace is valid only if the machine
              dependent code supports it.  Write the  expressions
              at succeeding locations. The write unit size can be
              specified in the modifier with a letter b (byte), h
              (half  word),  l  (long  word),  or  q  (quad word)
              respectively. If omitted,  long  word  is  assumed.
              Target  address space can also be specified with /t
              option in the modifier and thread parameter. If the
              target  is  a  user  task,  you must include the /u
              option in the command.
                                     Note
              Since there is no  delimiter  between  expressions,
              strange  things  may  happen. It is best to enclose
              each expression in parentheses.   Examine  forward.
              It executes an examine command with the last specified
 parameters, updated so that the location  following
   the  last  location  previously  displayed
              becomes the start address for the current  command.
              Examine  backward.  It  executes an examine command
              with the last specified parameters, updated so that
              the  start  address  of the previous command, minus
              the number of  items  displayed  by  that  command,
              becomes  the start address for the current command.
              (This displays a "window" consisting of  the  items
              immediately  preceding the last group of items output.)
   Show Commands    [Toc]    [Back]
       The debugger will display a number of interesting  kernellevel
 data structures.  The commands to do so all have the
       form show <name>, where <name> is a  tag  related  to  the
       data structure in question. For some common cases where it
       is useful to inspect all instances of  a  given  structure
       with  a  single command, the debugger provides commands of
       the form: show all <name>
       Unless  otherwise  indicated,  each  show  command  simply
       prints the interesting members of the structure indicated.
       Each member is labeled by a name that is at least  related
       to  its  C-language  name.   Display  information  for the
       thread specified by addr. If addr is omitted,  information
       on  the  current  thread  is  displayed. If no modifier is
       given, the information displayed for the thread is its ID,
       the address of the corresponding thread structure, and the
       state of the thread. The state is output as some  combination
  of  these  letters:  Thread  is runnable.  Thread is
       waiting (has blocked itself); following the  state  output
       will  appear the address of the event on which it is waiting,
 or zero, if no event was asserted.   Thread  is  suspended.
   Thread  is swapped out.  Thread is waiting uninterruptibly;
 if W appears without N, the  wait  is  interruptible.
  Thread has used the floating-point unit.
              If  /l  is given, more information is displayed for
              the thread: the thread's  ID  the  address  of  the
              thread   structure  the  state  of  the  thread  as
              explained above the swap state of the thread, indicated
  by one of the letters: Activation is unswappable.
  Activation is swapped  in.   Activation  is
              being swapped out.  Activation is being swapped in.
              Activation is swapped out.
              The letter will be followed by a T if the  thread's
              task is being swapped, otherwise a hyphen will follow.
  the base of the  thread's  kernel  stack  the
              thread's  suspend count the priority of the thread,
              together with its scheduling policy,  one  of:  for
              first-in/first-out (no pre-emption) for round-robin
              (pre-empt only within priority level) for timesharing
  (degrade  priority  as  thread  executes)  the
              event, if any, on which the thread is waiting  Display
  information  on all tasks and threads. In all
              cases, this command shows task and thread identification
 numbers, which can be used to specify a task
              or an thread symbolically in  other  commands  (via
              task  variables). The numbers are valid only in the
              current debugger session; if  system  execution  is
              resumed,  they  may change. The currently-executing
              thread is distinguished from others by  a  #  after
              its id instead of :.
              With  no  options  given, this command displays the
              same information for each task and thread  as  show
              task  and  show thread would do, when they're given
              with no arguments. The /u option expands the output
              shown  for each task just as it does for show task.
              The /l option expands the  output  shown  for  each
              thread  just  as  it  does  for show thread or show
              task.  For each task, perform show task.  Show  all
              breakpoints  currently  set.  The  information displayed
 for each breakpoint is: the ID  (number)  of
              the  breakpoint  the  address  space (kernel, userspace
 or taskn) in which the breakpoint is set  the
              scope  of  the  breakpoint,  one  of  all (if it is
              global), taskn (if it is specific to task id n), or
              taskn.m  (if  it is specific to thread m of task id
              n) the count  specified  when  the  breakpoint  was
              established  the address at which the breakpoint is
              set Display the register set. Target thread can  be
              specified  with t option and thread parameter. If u
              option is specified,  it  displays  user  registers
              instead of kernel or currently saved one.
                                     Note
              The  support  of  t  and  u  option  depends on the
              machine.  If not supported,  incorrect  information
              will  be displayed.  For each processor set defined
              in the system, displays  each  occupied  run  queue
              (i.e.,  each  run  queue  where at least one thread
              resides).  For each run queue, the  queue  priority
              is  output,  followed by the task plus thread ID of
              each thread on that queue.  Display information for
              the  task  specified  by <addr>, or for the current
              task if <addr> not given. Information is also  displayed
  for  all threads in the task. If no options
              are given, the information displayed for  the  task
              is  its  ID,  the address of the corresponding task
              structure, and the number of threads the task  contains;
 information displayed for each thread is the
              same as for show threads with no options given.
              If the /l option is given, this command shows  more
              information for each thread -- the same information
              as show threads will with /l given.
              If the /u option is given, this command shows  more
              information  for  the  task itself: the task ID the
              address of the task structure the  address  of  the
              task's  map  (vm_map_t) the total number of threads
              in the task the  number  of  resident  (swapped-in)
              threads  in  the  task the task's suspend count the
              task's priority the task's swap state, indicated by
              one  of  the  letters: Task is swapped in.  Task is
              swapped out.  Task is being swapped out.   Task  is
              being  swapped  in.  Task is unswappable.  any UNIX
              process information available for the task  Display
              the current values of all debugger variables.
   Variables    [Toc]    [Back]
       The  debugger  accesses registers and variables as <name>.
       Register names are as in the show registers command.  Some
       variables  are  suffixed  with  numbers, and may have some
       modifier following a colon immediately after the  variable
       name.  For  example,  register  variables can have u and t
       modifier to indicate user register and that of  a  default
       target  thread instead of that of the current thread, such
       as $eax:tu.
       Built-in variables currently supported  are:  Set  if  the
       console device will "autowrap" (i.e., insert a CR/LF pair)
       when its output width  is  exceeded.   Controls  automatic
       completion  of symbol names (see below).  If zero, completion
 is disabled. Otherwise, controls at  what  point  all
       the current alternatives for completion are displayed. (If
       more than this number of alternatives exist, they won't be
       displayed.)   The  number  of lines.  It is used by "more"
       feature.  Addresses are printed as 'symbol'+offset  unless
       offset is greater than maxoff.  The width of the displayed
       line.  Input radix Output radix Tab stop width.   Task  or
       thread  structure  address.   The  xx  and yy are task and
       thread  identification  numbers  printed  by  a  show  all
       threads command respectively.  This variable is read only.
       The value of xx can  be  1  to  10.   The  default  target
       thread.   The  value  is  used  when t option is specified
       without explicit thread  structure  address  parameter  in
       command  lines  or  expression evaluation.  Work variable.
       The value of xx can be 0 to 31.
   Expressions    [Toc]    [Back]
       Almost all expression operators in C are supported  except
       ~,  ^, and unary &. However, operator precedence is decidedly
 different. From lowest to highest, precedence  levels
       are:  logical or (||) logical and (&&) relational ops (==,
       !=, <, <=, >=, >) bitwise shift (<<, >>) "additive" (+, -,
       |) "multiplicative" (*, /, %, #, &) unary (+, -, !)
       Special  rules  in  ikdebug  are: name of a symbol.  It is
       translated to the address (or value) of it.   The  characters
  fullpoint (.) and colon (:) can be used in the identifier.
              If supported by an object format dependent routine:
              [<file_name>:]<func>[:<line_number>]
              [<file_name>:]<variable>    <file_name>[:<line_number>]
              can all be accepted as a symbol.
              By default, symbols may be specified using a unique
              (or near-unique) prefix.  When  a  symbol  name  is
              being  entered,  the  debugger will attempt to complete
 it on receipt of a <tabcharacter. Any  unique
              substring  of  the name that follows the portion so
              far specified will be completed immediately. If the
              name  is  not  totally specified after that completion,
 then the debugger will display all  the  symbols
  that match the name so far completed, so long
              as the count of matching symbols  does  not  exceed
              the  value  of  the $completion variable.  radix is
              determined by the first two letters: 0x:  hex,  0o:
              octal,   0t:  decimal,  otherwise,  follow  current
              radix.  dot next address of the start of  the  last
              line  examined.  Unlike  dot  or next, this is only
              changed by examine or write command.  last  address
              explicitly  specified.   register name or variable.
              It is translated to the value of it. It may be followed
  by  a : and modifiers as described above.  a
              binary operator which rounds up the left hand  side
              to  the next multiple of right hand side.  indirection.
  It may be followed by a ':' and modifiers as
              described above.
       Commands: dbx(1), kdbx(8)
       Kernel Debugging
                                                       ikdebug(8)
[ Back ] |