1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
|
.TH DBG 3
.SH NAME
dbg \- remote kernel debugging
.SH SYNOPSIS
.B "bind -b '#b' /dev"
.PP
.B /dev/dbgctl
.br
.B /dev/dbglog
.PP
.BI "echo r >/dev/dbgctl"
.SH DESCRIPTION
.I Dbg
allows a native kernel to be debugged remotely,
by means of a simple protocol, typically run on a serial port
(see
.IR eia (3)).
The
.IR acid (10.1)
debugger uses the protocol for instance; see its
.B -R
option.
.PP
.I Dbg
uses the values of several global variables set by the kernel configuration file (see
.IR conf (10.6)),
all of which default values.
The variables and default values are listed below:
.IP
.EX
int dbgstart = 0;
char *dbgdata = "#t/eia0";
char *dbgctl = "#t/eia0ctl";
char *dbgctlstart = "b19200";
char *dbgctlstop = "h";
char *dbgctlflush = "f";
.EE
.PP
Different values can be set by including similar declarations,
with values as desired, in the
.B code
section of the configuration file.
.I Dbg
uses the values as follows:
.TP \w'\f5dbgctlflushxx\fP'u
.PD 0
.B dbgstart
if non-zero, start the debugger protocol on the
configured connection during driver initialisation (system startup);
otherwise it must be started explicitly by the
.B r
control request (see below)
.TP
.B dbgdata
data file for the debugging connection
.TP
.B dbgctl
control file for the debugging connection
.TP
.B dbgctlstart
control request to initialise link (eg, baud rate)
.TP
.B dbgctlstop
control request to hang up link
.TP
.B dbgctlflush
control request to write to flush input and output on link
.PD
.PP
.I Dbg
serves two files that control and monitor its operation.
.PP
.B Dbgctl
accepts several textual commands; normally only
.B r
is needed:
.TP
.BI d " dbgdata"
set the value of
.B dbgdata
to the value given as an argument
.TP
.BI c " dbgctl"
.PD 0
.TP
.BI i " dbgctlstart"
.TP
.BI h " dbgctlstop"
.TP
.BI f " dbgctlflush"
set the value of the corresponding control variable to the value of the first argument
.PD
.TP
.B r
start running the debugger protocol (not needed if
.B dbgstart
was non-zero at boot)
.TP
.B s
stop running the debugger protocol; stop and flush the link
.PP
When read,
.B dbgctl
yields a single line showing the status of the device
.RB (` running '
or
.RB ` stopped ')
and the current values of the debugger control
variables listed above.
.PP
.B Dbglog
is a read-only text file containing lines representing debugger events,
one per line.
It is mainly useful for checking the operation of the device, or debugging new
.IR acid (10.1)
functions.
.SS Debug protocol
The protocol is subject to change.
The host running the debugger and the target to be debugged
exchange 10-byte messages containing a one byte message type
and 9 bytes of data.
Bytes unused by a given type are set to zero.
Normally the host sends one of the T-messages below and
receives the corresponding R-message, or
.BR Rerr .
(These are unrelated to the T-messages and R-messages of
.IR intro (5).)
Exceptionally, the target sends the first message, an
.B Rerr
to reset the protocol, and thus the debugger is notified if the target
is rebooted during a debugging session and can reset its own state.
Values, including addresses, are sometimes represented textually
in hexadecimal, but are usually in binary as a single byte, or an array of 4 bytes,
high-order byte first (big endian).
.PP
The term
.I process
here refers exclusively to those created directly or indirectly by
.IR kproc (10.2),
not to Limbo processes, which are not visible directly through
the protocol (although it is possible to write
.IR acid (10.1)
functions that interact through
.I dbg
with the Inferno data structures representing
the state of the Dis virtual machine).
Many requests read or write the memory or state of the
.IR "current process"
set by the
.B Tproc
message (see below).
Addresses are always 32 bits.
An address below the size of
.B Ureg
(saved register state) for the target is interpreted as an offset within the saved
state for the current process.
Otherwise it refers to an address in kernel virtual memory.
Currently in native Inferno all processes share the same address space.
.PP
The message type names used below
are assigned values by declarations in
.BR /include/rdbg.h .
The following messages are currently implemented:
.TP \w'Tstart'u
.PD 0
.B Terr
unused
.TP
.BI Rerr " reason\fR[9]\fR"
The last message failed for the given
.IR reason ,
a text string:
.BR reset ,
the target or debug driver was restarted;
.BR count ,
bad count;
.BR unk ,
unknown command;
.BR inval ,
invalid parameter;
.BR pid ,
no such process;
.BR unsup ,
unsupported action;
.BR notstop ,
action requires process to be stopped first.
.TP
.BI Tmget " addr\fR[4]\fP n\fR[1]\fP"
Request
.I n
bytes of memory from
.IR addr ;
.I n
must be no greater than 9
.TP
.BI Rmget " data\fR[9]\fP"
Return
.I data
requested by
.B Tmget
.TP
.BI Tmput " addr\fR[4]\fP n\fR[1]\fP data\fR[4]\fP"
Write the first
.I n
bytes of
.I data
to memory at
.IR addr ,
and flush the data and instruction caches for that region;
.I n
must be no greater than 4
.TP
.BI Rmput
Reply to a successful
.B Tmput
.TP
.BI Tproc " pid\fR[4]\fP"
Set the current process to the one with integer process ID
.I pid
for subsequent requests.
.TP
.BI Rproc " addr\fR[8]\fP"
.I Addr
is the address in hexadecimal text of the
.B Proc
structure for process
.I pid
in the corresponding
.BR Tproc .
.TP
.BI Tstatus " pid\fR[4]\fP"
Request the status of process
.I pid
leaving the current process ID unchanged.
.TP
.BI Rstatus " status\fR[9]\fP"
Return the textual status of the process
as a text string, currently one of:
.BR Dead ,
.BR Moribund ,
.BR Ready ,
.BR Scheding ,
.BR Running ,
.BR Queueing ,
.BR Wakeme ,
.BR Broken ,
.BR Stopped ,
.BR Rendezvous ,
or if invalid, the state value as a hexadecimal number.
.TP
.BI Trnote " pid\fR[4]\fP"
Retrieve the note (trap status) for the given
.I pid
.TP
.BI Rrnote " status\fR[9]\fP"
Provide the textual trap
.I status
for the requested process (currently always returns null status)
.TP
.BI Tstop " pid\fR[4]\fP"
Tell the kernel to stop running process
.I pid
in debugging state
.B Stopped
when it next appears in the scheduler.
.TP
.BI Rstop
Reply to successful
.B Tstop
.TP
.BI Tstart
Cancel a previous
.BR Tstop ;
if the process has already stopped, make it ready to run.
.TP
.BI Rstart
Reply to successful
.B Tstart
.TP
.BI Tcondbreak " val\fR[4]\fP op\fR[4]\fP"
If
.I op
is
.BR d ,
remove and delete the breakpoint with ID
.IR val .
All other operations help
create a conditional breakpoint, providing a possibly empty list of operations
representing a conditional expression in Reverse Polish is followed
by a breakpoint request,
each expression element represented by a single
.B Tcondbreak
message.
.I Op
is a single character representing an operation, with
.I val
(integer, address, process ID) as a parameter.
The operator
.B n
should appear first; it assigns the
breakpoint an ID number
.I val
(no greater than 255).
Expression primaries are:
.BI k " val,"
true if process
.I val
is at this breakpoint;
.BI b " val,"
true if program counter is
.IR val ;
and
.BI p " val,"
.I val
as a 32-bit literal.
Expression operators are:
unary
.B *
(indirect, yielding 32-bit value);
.B &
(bit-wise AND);
.B =
(values equal);
.B !
(values not equal);
.B a
(logical AND);
.B o
(logical OR).
Although the expression is interpreted following Reverse Polish notation,
when transmitted, the
.B b
operation is sent last (to mark the end of the sequence and create the breakpoint),
but is moved to the start of the expression before evaluation.
.TP
.BI Rcondbreak
Reply to successful
.BR Tcondbreak .
.TP
.BI Tstartstop " pid\fR[4]\fP"
If the process
.I pid
is not stopped, return
.B Rerr
.BR notstop .
Otherwise, if the process is not stopped at
a breakpoint, start it, and wait for it to reach a breakpoint
that evaluates `true'
.TP
.BI Rstartstop " id\fR[1]\fP"
Process has stopped at breakpoint with the given
.I id
.TP
.BI Twaitstop
Unimplemented. See
.BR Tstartstop .
.TP
.BI Rwaitstop
Unused.
.TP
.BI Tkill " pid\fR[4]\fP note\fR[5]\fP"
Kill process
.I pid
with the given textual
.IR note .
Unimplemented.
.TP
.BI Rkill
Reply to successful
.BR Tkill .
Unused.
.PP
.SH SOURCE
.B /os/port/devdbg.c
.br
.B /os/*/*break.c
.br
.B /os/*/trap.c
.SH SEE ALSO
.IR acid (10.1)
.SH BUGS
The protocol is not itself error-detecting let alone error-correcting, although that normally does not
matter for debugging even
over a serial line, provided the connection is reasonably sound.
|
