13.3. Working with Debugging TargetsMDB can control and interact with live mdb processes or kmdb kernel targets. Typical debugging operations include starting, stopping, and stepping the target. We discuss more about controlling kmdb targets in Chapter 14. The common commands for controlling targets are summarized in Table 13.12.
13.3.1. Displaying StacksWe can print a stack of the current address with the $c command or with $C, which also prints the stack frame address for each stack level. > $c atomic_add_32+8(0) nfs4_async_inactive+0x3b(dc1c29c0, 0) nfs4_inactive+0x41() fop_inactive+0x15(dc1c29c0, 0) vn_rele+0x4b(dc1c29c0) snf_smap_desbfree+0x59(dda94080) > $C d2a58828 atomic_add_32+8(0) d2a58854 nfs4_async_inactive+0x3b(dc1c29c0, 0) d2a58880 nfs4_inactive+0x41() d2a5889c fop_inactive+0x15(dc1c29c0, 0) d2a588b0 vn_rele+0x4b(dc1c29c0) d2a588c0 snf_smap_desbfree+0x59(dda94080) 13.3.2. Displaying RegistersWe can print a stack of the current address with the $c command or with $C, which also prints the stack frame address for each stack level. > ::regs (or $r) %cs = 0x0158 %eax = 0x00000000 %ds = 0xd9820160 %ebx = 0xde453000 %ss = 0x0000 %ecx = 0x00000001 %es = 0xfe8d0160 %edx = 0xd2a58de0 %fs = 0xfec30000 %esi = 0xdc062298 %gs = 0xfe8301b0 %edi = 0x00000000 %eip = 0xfe82ca58 atomic_add_32+8 %ebp = 0xd2a58828 %esp = 0xd2a58800 %eflags = 0x00010282 id=0 vip=0 vif=0 ac=0 vm=0 rf=1 nt=0 iopl=0x0 status=<of,df,IF,tf,SF,zf,af,pf,cf> %uesp = 0xfe89ab0d %trapno = 0xe %err = 0x2 13.3.3. Disassembling the TargetWe can dissasemble instructions in the target with the ::dis dcmd. > atomic_add_32+8::dis atomic_add_32: movl 0x4(%esp),%eax atomic_add_32+4: movl 0x8(%esp),%ecx atomic_add_32+8: lock addl %ecx,(%eax) atomic_add_32+0xb: ret Note that in this example combined with the registers shown in Section 13.3.2, the contents of %eax from $r is zero, causing the movl instruction to trap with a NULL pointer reference at atomic_add_32+4. 13.3.4. Setting BreakpointsWe can set breakpoints in MDB by using :b. Typically, we pass a symbol name to :b (the name of the function of interest). We can start the target program and then set a breakpoint for the printf function. > printf:b > :r mdb: stop at 0x8050694 mdb: target stopped at: PLT:printf: jmp *0x8060980 In this example, we stopped at the first symbol matching "printf", which is actually in the procedure linkage table (PLT) (see the Linker and Libraries manual for a description of how dynamic linking works in Solaris). To match the printf we likely wanted, we can increase the scope of the symbol lookup. The :c command continues execution until the next breakpoint or until the program finishes. > libc`printf:b > :c mdb: stop at libc.so.1`printf mdb: target stopped at: libc.so.1`printf: pushl %ebp |