How do I use kdb kdb is the kernel debugger embedded on systems running PowerMAX. It is normally enabled on systems, though kernel symbols are not loaded by default. kdb, like the console debugger, can only be used on the system's console. This document covers the basic operations one would use when debugging with kdb. To setup kdb To see if kdb is running type "~k". # ~ DEBUGGER: type ? for help, ^D to quit kdb>> If you see this prompt then kdb is enabled. Type "q" to return to the UNIX prompt. kdb>> q DEBUGGER exiting # If kdb is not running you need to reboot the system with a new boot value by doing the following. Type "init 0" to stop the running kernel and go to the console. oddjob:root> init 0 oddjob:root> oddjob:root> INIT: :New run level: 0 The system is coming down. Please wait. CPU 0 halted 0018a8e8 [0018a8e8] % 48000000 b 18a8e8 CPU 1 halted 0018a86c [0018a86c] % 3d20003b lis r9,0x3b #0> Type "pboot 80." to set the boot register to 80. #0>pboot 80.00000000 Note: The 80 bit turns on symbols, the 800 bit turns off kdb. Type "fb" to restart the kernel. #0>fb Reset Backplane Initialize Interrupts Set Run Mode CPU 0 CPU 1 .... Kernel Debugger Basics NOTE: Unlike other kernel debuggers, kdb uses postfix notation or Reverse Polish Notation for the format of its commands. This means that commands are going to be of the format " ... ". To get into the debugger type "~k". # ~ DEBUGGER: type ? for help, ^D to quit kdb>> To exit the debugger type "q". kdb>> q DEBUGGER exiting # To set a breakpoint type the address followed by "brk". kdb>> ieintr b <-- breakpoint at ieintr routine 0: 0xE0FCFE04(ieintr) ON /i kdb>> ieintr 0x40 + b <-- breakpoint at address ieintr+0x40 1: 0xE0FCFE44(ieintr+0x40) ON /i Here a breakpoint is set at ieintr and ieintr+0x40. ieintr is the interrupt handling routine for the ie network interface. To see a list of all breakpoints type "?brk". kdb>> ?brk 0: 0xE0FCFE04(ieintr) ON /i 1: 0xE0FCFE44(ieintr+0x40) ON /i To clear a breakpoint type the breakpoint number followed by "clrbrk". kdb>> 0 clrbrk 0: 0x0 OFF /i Here the ieintr breakpoint (number 0) is cleared. To clear all breakpoints type "clrbrks". kdb>> clrbrks kdb>> ?brk No breakpoints set kdb>> To see the stack walkback type "stack". kdb>> stack (cpu 0 current) idle stack: DEBUGGER ENTERED FROM BREAKPOINT Xtrap+0x430 () sp:FFD03F98 ret:00297AEC Xexcept+0xFC () sp:FFD03FF8 ret:E0FCC6B8 TRAP TO Xexcept+0xFC REGISTER VALUES: r0: 0 r1: FFD040E8 r2: 2DD000 r3: 27FB800 r4: 270A400 r5: 0 r6: 1 r7: 27FB820 r8: 27FB800 r9: 0 r10: 1 r11: 158 r12: E0FCC678 r13: E0FD0230 r14: 3C r15: 2E4 r16: 73CC r17: 0 r18: E0FD3670 r19: 27EA000 r20: 3C r21: 18C r22: 27FB800 r23: 24 r24: 3BD3DC r25: 9032 r26: 0 r27: FFD04318 r28: DEADBEEF r29: 9032 r30: 81818181 r31: BADC0DE type: 7 plev: 2B00 srr0: E0FCC6B8 srr1: 29032 dsisr: 42000000 dar: E28A0000 lr: E0FD0230 ctr: E0FCC678 cr: 84244442 xer: 2 vect: 27FB800 ierecv+0x40 () sp:FFD040E8 ret:E0FD0230 ie_recv+0x13C () sp:FFD04158 ret:E0FD001C ieintr+0x218 () sp:FFD041C8 ret:00296DE0 Xintr+0x150 () sp:FFD04228 ret:00114368 TRAP TO Xintr+0x150 REGISTER VALUES: r0: 9032 r1: FFD04318 r2: 0 r3: 4A0EA0 r4: FFF40000 r5: FFFFFFFF r6: 3 r7: 0 ... cr: 42222222 xer: 20000000 vect: 2B idle+0x80 () sp:FFD04318 ret:00111F84 swtch+0x15C () sp:FFD04368 ret:0029829C use_private+0xBC () sp:FFD043C8 RETURN TO USER MODE kdb>> This is a stacktrace at ierecv+0x40. First is the Xtrap and Xexcept call which is the debugger exception. Next is the exception frame showing register values at the time instruction ierecv+0x40 was being executed. Following that the stack shows ierecv was called by ie_recv which was called by ieintr. Below this is another exception frame which shows all the register values when the system was in the idle loop. To disassemble instructions, type the address then the number of intruction then "dis". kdb>> ierecv 40 dis 0xE0FCC678: ierecv : addi r1,r1,-112 0xE0FCC67C: ierecv+4 : mflr r13 0xE0FCC680: ierecv+8 : cmplwi cr5,r4,0 ... 0xE0FCC6B4: ierecv+3C : stw r24,0x60(r1) 0xE0FCC6B8: ierecv+40 : stw r17,0x44(r1) 0xE0FCC6BC: ierecv+44 : mr r3,r22 This is the disassembly of ierecv to ierecv+44. To stop disassembly type "c". To single step, type "s". kdb>> s DEBUGGER: r0: 9032 r1: FFD14138 r2: 2DD020 r3: 2FA0300 r4: 800 r5: 0 r6: 0 r7: 0 r8: E0FC9C60 r9: 0 r10: 0 r11: FFF3A000 r12: 1 r13: 9A4A8 r14: 0 r15: 3BCE30 r16: 9DDC r17: 800 r18: 4A0F34 r19: 2 r20: 2F1BFAC r21: 1 r22: 5 r23: 2FA0300 r24: FC r25: 9032 r26: 0 r27: FFD14318 r28: DEADBEEF r29: 9032 r30: 81818181 r31: BADC0DE type: 7 plev: 800 srr0: E0FC9CA4 srr1: 29032 dsisr: 42000000 dar: E27F0000 lr: 9A4A8 ctr: E0FC9C60 cr: 24244842 xer: 40 vect: 9032 0xE0FC9CA4: iersrv+44 : stw r26,0x78(r1) kdb>> s DEBUGGER: r0: 9032 r1: FFD14138 r2: 2DD020 r3: 2FA0300 r4: 800 r5: 0 r6: 0 r7: 0 r8: E0FC9C60 r9: 0 r10: 0 r11: FFF3A000 r12: 1 r13: 9A4A8 r14: 0 r15: 3BCE30 r16: 9DDC r17: 800 r18: 4A0F34 r19: 2 r20: 2F1BFAC r21: 1 r22: 5 r23: 2FA0300 r24: FC r25: 9032 r26: 0 r27: FFD14318 r28: DEADBEEF r29: 9032 r30: 81818181 r31: BADC0DE type: 7 plev: 800 srr0: E0FC9CA8 srr1: 29032 dsisr: 42000000 dar: E27F0000 lr: 9A4A8 ctr: E0FC9C60 cr: 24244842 xer: 40 vect: 9032 0xE0FC9CA8: iersrv+48 : stw r27,0x7C(r1) kdb>> This is single stepping from iersrv+40 to iersrv+48. To view data, type the address then the number of bytes then "dump". kdb>> 0xE0D042B0 40 dump 00000000 10002844 00018DFA 10002294 E0D042B0 ......(D......". 00000000 10002D04 000000AC 004AD6A0 E0D042C0 ......-......J.. 00000000 01985980 0000F130 00000000 E0D042D0 ......Y....0.... 00004EC0 DEADBEEF 00000120 00004000 E0D042E0 ..N........ ..@. kdb>> To write to memory, type the value then the address then "w". kdb>> 1 ignore_bus_timeouts w kdb>> ignore_bus_timeouts 4 dump 00000001 ........ ........ ........ 002647A0 ................ Here ignore_bus_timeouts is set to 1. To view the registers type "pallreg". kdb>> pallreg registers for register set number 0: r0: 9032 r1: FFD04318 r2: 0 r3: 4AD6A0 r4: FFF40000 r5: FFFFFFFF r6: 0 r7: 0 r8: 0 r9: 0 r10: 20000 r11: FFF3A000 r12: 3 r13: EAB48 r14: 260000 r15: 3 r16: 4AD6A0 r17: 3F0000 r18: 4AD6A0 r19: 1 r20: 1FC9D00 r21: FFFFFFFF r22: 3 r23: 3A8A0 r24: E1344400 r25: 3A8A0 r26: 0 r27: 0 r28: 0 r29: 0 r30: 0 r31: 0 type: 5 plev: 0 srr0: EAB48 srr1: 9032 dsisr: 0 dar: FFD04318 lr: EAB48 ctr: E878C cr: 42222222 xer: 20000000 vect: 33 current value of other registers: sdr1: 0 hid0: C001C084 pir: 0 sr0: 20000010 sr1: 20C0CBC5 sr2: 20C0CBC6 sr3: 20C0CBC7 sr4: 20C0CBC8 sr5: 20C0CBC9 sr6: 20C0CBCA sr7: 20C0CBCB .... Here are the privileged registers followed by the general registers. QUICK REFERENCE CHART action command to type ------------------------------------------------------------- enable the debugger init 0 pboot 80. fb. get into the debugger ~k exit the debugger q set a breakpoint
b clear a breakpoint ckrbrk show all breakpoints ?brk clear all breakpoints ckrbrks single step s disassemble instructions
dis see the stack walkback stack view data
dump write to memory
w view the registers pallreg For more information see kdb(1) and your architecture specific Console Reference Manual.