Specify Kern dir and Run Make Again

6.828 lab tools guide

Familiarity with your environment is crucial for productive development and debugging. This page gives a cursory overview of the JOS surround and useful GDB and QEMU commands. Don't take our word for it, though. Read the GDB and QEMU manuals. These are powerful tools that are worth knowing how to use.

Debugging tips:	Kernel User environments
Reference:	JOS makefile JOS obj/ GDB QEMU

Debugging tips

Kernel

GDB is your friend. Apply the qemu-gdb target (or its qemu-gdb-nox variant) to make QEMU expect for GDB to attach. See the GDB reference below for some commands that are useful when debugging kernels.

If yous're getting unexpected interrupts, exceptions, or triple faults, you tin inquire QEMU to generate a detailed log of interrupts using the -d argument.

To debug virtual memory issues, try the QEMU monitor commands info mem (for a loftier-level overview) or info pg (for lots of detail). Annotation that these commands only display the current folio table.

(Lab 4+) To debug multiple CPUs, use GDB'due south thread-related commands like thread and info threads.

User environments (lab 3+)

GDB likewise lets you debug user environments, but there are a few things yous need to scout out for, since GDB doesn't know that at that place's a distinction between multiple user environments, or between user and kernel.

You lot can kickoff JOS with a specific user environment using brand run-proper noun (or you tin can edit kern/init.c directly). To make QEMU wait for GDB to attach, utilise the run-name-gdb variant.

You tin symbolically debug user lawmaking, just like you can kernel code, merely y'all have to tell GDB which symbol table to apply with the symbol-file command, since it tin only use one symbol table at a time. The provided .gdbinit loads the kernel symbol tabular array, obj/kern/kernel. The symbol table for a user surroundings is in its ELF binary, so you lot tin can load information technology using symbol-file obj/user/proper noun . Don't load symbols from any .o files, as those haven't been relocated by the linker (libraries are statically linked into JOS user binaries, so those symbols are already included in each user binary). Brand sure you go the right user binary; library functions will be linked at different EIPs in unlike binaries and GDB won't know any better!

(Lab 4+) Since GDB is attached to the virtual car equally a whole, information technology sees clock interrupts as merely another control transfer. This makes it basically impossible to step through user code because a clock interrupt is nearly guaranteed the moment you allow the VM run once again. The stepi control works because it suppresses interrupts, only it just steps one assembly instruction. Breakpoints generally work, but watch out because you can hit the same EIP in a different environment (indeed, a different binary altogether!).

Reference

JOS makefile

The JOS GNUmakefile includes a number of phony targets for running JOS in various ways. All of these targets configure QEMU to listen for GDB connections (the

*-gdb

targets also await for this connexion). To start once QEMU is running, only run gdb from your lab directory. Nosotros provide a

.gdbinit

file that automatically points GDB at QEMU, loads the kernel symbol file, and switches between 16-bit and 32-bit mode. Exiting GDB will shut downwardly QEMU.

brand qemu

Build everything and start QEMU with the VGA console in a new window and the serial console in your last. To exit, either close the VGA window or press Ctrl-c or Ctrl-a ten in your terminal.

make qemu-nox

Like make qemu, but run with just the serial console. To exit, press Ctrl-a x. This is particularly useful over SSH connections to Athena dialups because the VGA window consumes a lot of bandwidth.

make qemu-gdb

Like make qemu, but rather than passively accepting GDB connections at any time, this pauses at the get-go machine instruction and waits for a GDB connection.

make qemu-nox-gdb

A combination of the qemu-nox and qemu-gdb targets.

make run-proper name

(Lab 3+) Run user plan name. For instance, make run-how-do-you-do runs user/hello.c.

make run-name-nox, run-proper noun-gdb, run-name-gdb-nox,

(Lab 3+) Variants of run-proper noun that correspond to the variants of the qemu target.

The makefile too accepts a few useful variables:

brand V=1 ...

Verbose way. Print out every command being executed, including arguments.

make 5=1 grade

Stop after any failed grade exam and leave the QEMU output in jos.out for inspection.

Specify boosted arguments to pass to QEMU.

JOS obj/

When building JOS, the makefile also produces some additional output files that may evidence useful while debugging:

obj/kicking/kicking.asm, obj/kern/kernel.asm, obj/user/hello.asm, etc.

Associates code listings for the bootloader, kernel, and user programs.

obj/kern/kernel.sym, obj/user/hello.sym, etc.

Symbol tables for the kernel and user programs.

obj/boot/boot.out, obj/kern/kernel, obj/user/how-do-you-do, etc

Linked ELF images of the kernel and user programs. These comprise symbol data that can be used past GDB.

GDB

See the GDB manual for a full guide to GDB commands. Here are some particularly useful commands for six.828, some of which don't typically come up upward outside of Bone development.

Ctrl-c

Halt the automobile and break in to GDB at the current pedagogy. If QEMU has multiple virtual CPUs, this halts all of them.

c (or continue)

Continue execution until the next breakpoint or Ctrl-c.

si (or stepi)

Execute one auto education.

b part or b file:line (or breakpoint)

Gear up a breakpoint at the given function or line.

b *addr (or breakpoint)

Set a breakpoint at the EIP addr.

set print pretty

Enable pretty-printing of arrays and structs.

info registers

Print the general purpose registers, eip, eflags, and the segment selectors. For a much more thorough dump of the machine register state, see QEMU's ain info registers command.

x/Nx addr

Display a hex dump of Northward words starting at virtual accost addr. If N is omitted, it defaults to 1. addr can be any expression.

x/Due northi addr

Brandish the N assembly instructions starting at addr. Using $eip every bit addr will display the instructions at the current education arrow.

symbol-file file

(Lab 3+) Switch to symbol file file. When GDB attaches to QEMU, it has no notion of the process boundaries within the virtual motorcar, so we have to tell it which symbols to utilize. By default, nosotros configure GDB to use the kernel symbol file, obj/kern/kernel. If the auto is running user code, say hello.c, you can switch to the hello symbol file using symbol-file obj/user/howdy.

QEMU represents each virtual CPU every bit a thread in GDB, then yous can use all of GDB'due south thread-related commands to view or dispense QEMU's virtual CPUs.

thread n

GDB focuses on one thread (i.e., CPU) at a time. This command switches that focus to thread n, numbered from zero.

info threads

List all threads (i.e., CPUs), including their state (active or halted) and what function they're in.

QEMU

QEMU includes a built-in monitor that can inspect and alter the machine country in useful means. To enter the monitor, press Ctrl-a c in the concluding running QEMU. Printing Ctrl-a c once more to switch back to the serial console.

For a consummate reference to the monitor commands, see the QEMU manual. Here are some peculiarly useful commands:

xp/Nx paddr

Display a hex dump of N words starting at physical accost paddr. If N is omitted, it defaults to one. This is the physical retentivity analogue of GDB's ten control.

info registers

Brandish a total dump of the machine's internal register state. In particular, this includes the car's hidden segment state for the segment selectors and the local, global, and interrupt descriptor tables, plus the task register. This hidden land is the information the virtual CPU read from the GDT/LDT when the segment selector was loaded. Here's the CS when running in the JOS kernel in lab ane and the meaning of each field:

CS =0008 10000000 ffffffff 10cf9a00 DPL=0 CS32 [-R-]

CS =0008

The visible part of the code selector. Nosotros're using segment 0x8. This besides tells us we're referring to the global descriptor table (0x8&four=0), and our CPL (current privilege level) is 0x8&3=0.

10000000

The base of this segment. Linear address = logical address + 0x10000000.

ffffffff

The limit of this segment. Linear addresses above 0xffffffff will result in segment violation exceptions.

10cf9a00

The raw flags of this segment, which QEMU helpfully decodes for u.s.a. in the side by side few fields.

DPL=0

The privilege level of this segment. Simply code running with privilege level 0 can load this segment.

CS32

This is a 32-bit code segment. Other values include DS for data segments (non to be confused with the DS register), and LDT for local descriptor tables.

[-R-]

This segment is read-only.

info mem

(Lab 2+) Brandish mapped virtual memory and permissions. For example,

ef7c0000-ef800000 00040000 urw efbf8000-efc00000 00008000 -rw

tells united states that the 0x00040000 bytes of memory from 0xef7c0000 to 0xef800000 are mapped read/write and user-accessible, while the memory from 0xefbf8000 to 0xefc00000 is mapped read/write, but only kernel-attainable.

info pg

(Lab 2+) Brandish the current folio table structure. The output is similar to info mem, but distinguishes page directory entries and page tabular array entries and gives the permissions for each separately. Repeated PTE'southward and entire page tables are folded upwards into a single line. For example,

VPN range     Entry         Flags        Physical page [00000-003ff]  PDE[000]     -------UWP   [00200-00233]  PTE[200-233] -------U-P 00380 0037e 0037d 0037c 0037b 0037a .. [00800-00bff]  PDE[002]     ----A--UWP   [00800-00801]  PTE[000-001] ----A--U-P 0034b 00349   [00802-00802]  PTE[002]     -------U-P 00348            

This shows two folio directory entries, spanning virtual addresses 0x00000000 to 0x003fffff and 0x00800000 to 0x00bfffff, respectively. Both PDE's are nowadays, writable, and user and the 2nd PDE is also accessed. The 2d of these page tables maps three pages, spanning virtual addresses 0x00800000 through 0x00802fff, of which the outset 2 are present, user, and accessed and the 3rd is but present and user. The first of these PTE's maps physical page 0x34b.

QEMU also takes some useful command line arguments, which can be passed into the JOS makefile using the QEMUEXTRA variable.

brand QEMUEXTRA='-d int' ...

Log all interrupts, along with a full annals dump, to qemu.log. You tin ignore the first 2 log entries, "SMM: enter" and "SMM: later RMS", every bit these are generated before entering the kick loader. Afterwards this, log entries look similar

              4: v=thirty east=0000 i=1 cpl=iii IP=001b:00800e2e pc=00800e2e SP=0023:eebfdf28 EAX=00000005 EAX=00000005 EBX=00001002 ECX=00200000 EDX=00000000 ESI=00000805 EDI=00200000 EBP=eebfdf60 ESP=eebfdf28 ...

The beginning line describes the interrupt. The 4: is simply a log record counter. v gives the vector number in hex. eastward gives the error code. i=one indicates that this was produced by an int instruction (versus a hardware interrupt). The residue of the line should exist self-explanatory. Run across info registers for a description of the register dump that follows.

Note: If you're running a pre-0.15 version of QEMU, the log will be written to /tmp instead of the current directory.

---

Questions or comments regarding 6.828? Transport e-mail to the TAs at 6828-staff@lists.csail.mit.edu.

Tiptop // 6.828 dwelling house // Accessibility // Last updated Wed, 22-Sep-2021 12:fourteen:47 EDT

johnsonhartatied.blogspot.com

Source: https://pdos.csail.mit.edu/6.828/2018/labguide.html

Share this post