.TH DB 1 .SH NAME db, stack \- debugger .SH SYNOPSIS .B db [ .I option ... ] [ .I pid | .I corefile ] [ .I textfile ] .PP .B stack [ .I pid | .I corefile | .I name ] [ .I textfile ] .SH DESCRIPTION .I Db is a general purpose debugging program. It may be used to examine files and to provide a controlled environment for the execution of programs. .PP A .I textfile is a file containing the text and initialized data of an executable program. A .I pid or .I corefile specifies the memory image of a process. A .I pid gives the id of an executing process to be accessed via .MR ptrace (2) . A .I corefile specifies the name of a core dump (see .MR core (5) on your system of choice) containing the memory image of a terminated process. This manual refers to the memory image specified by .I pid or .I corefile as a .IR memfile . .PP A .I map associated with each .I textfile or .I memfile supports accesses to instructions and data in the file; see `Addresses'. .PP An argument consisting entirely of digits is assumed to be a process id; otherwise, it is the name of a .I textfile or .IR corefile . When a .I textfile is given, the textfile map is associated with it. If only a .I memfile is given, the textfile map is derived from the corresponding .IR textfile , if it can be determined (this varies from system to system). When a .I memfile is given, the memfile map is associated with it; otherwise the map is undefined and accesses to it are not permitted. .PP .I Stack takes the same arguments as .IR db . It prints a stack trace (see the .B $c command below) and then exits. If the first argument is a process name, then .I stack prints the stack trace of every running process with the given name that is owned by the current user. .PP Commands to .I db are read from the standard input and responses are to the standard output. The options are .TP .B -q Quiet mode: suppress informational prints at startup. .TP .B -w Open .I textfile and .I memfile for writing as well as reading. .TP .BI -I path Directory in which to look for relative path names in .B $< and .B $<< commands. .TP .BI -m machine Assume instructions are for the given CPU type (possible names include .B 386 and .BR powerpc ; adding the suffix .B -co as in .B 386-co and .B powerpc-co selects disassembly in the manufacturer's syntax, if available, rather than the default Plan 9 syntax). .PP Most .I db commands have the following form: .IP .RI [ address ] .RB [ , .IR count ] .RI [ command ] .PP If .I address is present then the current position, called `dot', is set to .IR address . Initially dot is set to 0. Most commands are repeated .I count times with dot advancing between repetitions. The default .I count is 1. .I Address and .I count are expressions. Multiple commands on one line must be separated by .LR ; . .SS Expressions Expressions are evaluated as long .IR ints . .TP 7.2n .B . The value of dot. .TP 7.2n .B + The value of dot incremented by the current increment. .TP 7.2n .B ^ The value of dot decremented by the current increment. .TP 7.2n .B \&" The last .I address typed. .TP 7.2n .I integer A number, in decimal radix by default. The prefixes .L 0 and .L 0o and .L 0O (zero oh) force interpretation in octal radix; the prefixes .L 0t and .L 0T force interpretation in decimal radix; the prefixes .LR 0x , .LR 0X , and .L # force interpretation in hexadecimal radix. Thus .LR 020 , .LR 0o20 , .LR 0t16 , and .L #10 all represent sixteen. .TP 7.2n .IB integer . fraction A single-precision floating point number. .TP 7.2n .BI \' c\| \' The 16-bit value of a character. .L \e may be used to escape a .LR \' . .TP 7.2n .BI < name The value of .IR name , which is a register name. The register names are those printed by the .B $r command. .TP 7.2n .I symbol A .I symbol is a sequence of upper or lower case letters, underscores or digits, not starting with a digit. .L \e may be used to escape other characters. The location of the .I symbol is calculated from the symbol table in .IR textfile . .TP 7.2n .IB routine . name The address of the variable .I name in the specified C routine. Both .I routine and .I name are .IR symbols . If .I name is omitted the value is the address of the most recently activated stack frame corresponding to .IR routine ; if .I routine is omitted, the active procedure is assumed. .TP 7.2n .IB file : integer The address of the instruction corresponding to the source statement at the indicated line number of the file. If the source line contains no executable statement, the address of the instruction associated with the nearest executable source line is returned. Files begin at line 1. If multiple files of the same name are loaded, an expression of this form resolves to the first file encountered in the symbol table. .TP 7.2n .BI ( exp ) The value of the expression .IR exp . .LP .I Monadic operators .RS .TP 7.2n .BI * exp The contents of the location addressed by .I exp in .IR memfile . .TP 7.2n .BI @ exp The contents of the location addressed by .I exp in .IR textfile . .TP 7.2n .BI - exp Integer negation. .TP 7.2n .BI ~ exp Bitwise complement. .TP 7.2n .BI % exp When used as an .IR address , .I exp is an offset into the segment named .IR ublock ; see `Addresses'. .RE .LP .I "Dyadic\ operators" are left-associative and are less binding than monadic operators. .RS .TP 7.2n .IB e1 + e2 Integer addition. .TP 7.2n .IB e1 - e2 Integer subtraction. .TP 7.2n .IB e1 * e2 Integer multiplication. .TP 7.2n .IB e1 % e2 Integer division. .TP 7.2n .IB e1 & e2 Bitwise conjunction. .TP 7.2n .IB e1 | e2 Bitwise disjunction. .TP 7.2n .IB e1 # e2 .I E1 rounded up to the next multiple of .IR e2 . .RE .DT .SS Commands Most commands have the following syntax: .TP .5i .BI ? f Locations starting at .I address in .I textfile are printed according to the format .IR f . .TP .BI / f Locations starting at .I address in .I memfile are printed according to the format .IR f . .TP .BI = f The value of .I address itself is printed according to the format .IR f . .PP A .I format consists of one or more characters that specify a style of printing. Each format character may be preceded by a decimal integer that is a repeat count for the format character. If no format is given then the last format is used. .PP Most format letters fetch some data, print it, and advance (a local copy of) dot by the number of bytes fetched. The total number of bytes in a format becomes the .IR current increment . .ta 2.5n .5i .RS .TP .PD 0 .B o Print two-byte integer in octal. .TP .B O Print four-byte integer in octal. .TP .B q Print two-byte integer in signed octal. .TP .B Q Print four-byte integer in signed octal. .TP .B d Print two-byte integer in decimal. .TP .B D Print four-byte integer in decimal. .TP .B V Print eight-byte integer in decimal. .TP .B Z Print eight-byte integer in unsigned decimal. .TP .B x Print two-byte integer in hexadecimal. .TP .B X Print four-byte integer in hexadecimal. .TP .B Y Print eight-byte integer in hexadecimal. .TP .B u Print two-byte integer in unsigned decimal. .TP .B U Print four-byte integer in unsigned decimal. .TP .B f Print as a single-precision floating point number. .TP .B F Print double-precision floating point. .TP .B b Print the addressed byte in hexadecimal. .TP .B c Print the addressed byte as an .SM ASCII character. .TP .B C Print the addressed byte as a character. Printable .SM ASCII characters are represented normally; others are printed in the form .BR \exnn . .TP .B s Print the addressed characters, as a .SM UTF string, until a zero byte is reached. Advance dot by the length of the string, including the zero terminator. .TP .B S Print a string using the escape convention (see .B C above). .TP .B r Print as .SM UTF the addressed two-byte integer (rune). .TP .B R Print as .SM UTF the addressed two-byte integers as runes until a zero rune is reached. Advance dot by the length of the string, including the zero terminator. .TP .B i Print as machine instructions. Dot is incremented by the size of the instruction. .TP .B I As .B i above, but print the machine instructions in an alternate form if possible. .TP .B M Print the addressed machine instruction in a machine-dependent hexadecimal form. .TP .B a Print the value of dot in symbolic form. Dot is unaffected. .TP .B A Print the value of dot in hexadecimal. Dot is unaffected. .TP .B z Print the function name, source file, and line number corresponding to dot (textfile only). Dot is unaffected. .TP .B p Print the addressed value in symbolic form. Dot is advanced by the size of a machine address. .TP .B t When preceded by an integer, tabs to the next appropriate tab stop. For example, .B 8t moves to the next 8-space tab stop. Dot is unaffected. .TP .B n Print a newline. Dot is unaffected. .tr '" .TP .BR ' ... ' Print the enclosed string. Dot is unaffected. .br .tr '' .TP .B ^ Dot is decremented by the current increment. Nothing is printed. .TP .B + Dot is incremented by 1. Nothing is printed. .TP .B - Dot is decremented by 1. Nothing is printed. .RE .PD .LP Other commands include: .TP newline Update dot by the current increment. Repeat the previous command with a .I count of 1. .TP .RB [ ?/ ] l "\fI value mask\fR" Words starting at dot are masked with .I mask and compared with .I value until a match is found. If .B l is used, the match is for a two-byte integer; .B L matches four bytes. If no match is found then dot is unchanged; otherwise dot is set to the matched location. If .I mask is omitted then ~0 is used. .TP .RB [ ?/ ] w "\fI value ...\fR" Write the two-byte .I value into the addressed location. If the command is .BR W , write four bytes. .TP .RB [ ?/ ] "m\fI s b e f \fP" [ ?\fR] .br New values for .RI ( b,\ e,\ f ) in the segment named .I s are recorded. Valid segment names are .IR text , .IR data , or .IR ublock . If less than three address expressions are given, the remaining parameters are left unchanged. If the list is terminated by .L ? or .L / then the file .RI ( textfile or .I memfile respectively) is used for subsequent requests. For example, .L /m? causes .L / to refer to .IR textfile . .TP .BI > name Dot is assigned to the variable or register named. .TP .B ! The rest of the line is passed to .MR rc (1) for execution. .TP .BI $ modifier Miscellaneous commands. The available .I modifiers are: .RS .TP .PD 0 .BI < f Read commands from the file .IR f . If this command is executed in a file, further commands in the file are not seen. If .I f is omitted, the current input stream is terminated. If a .I count is given, and is zero, the command is ignored. .TP .BI << f Similar to .B < except it can be used in a file of commands without causing the file to be closed. There is a (small) limit to the number of .B << files that can be open at once. .br .ns .TP .BI > f Append output to the file .IR f , which is created if it does not exist. If .I f is omitted, output is returned to the terminal. .TP .B ? Print process id, the condition which caused stopping or termination, the registers and the instruction addressed by .BR pc . This is the default if .I modifier is omitted. .TP .B r Print the general registers and the instruction addressed by .BR pc . Dot is set to .BR pc . .TP .B R Like .BR $r , but include miscellaneous processor control registers and floating point registers. .TP .B f Print floating-point register values as single-precision floating point numbers. .TP .B F Print floating-point register values as double-precision floating point numbers. .TP .B b Print all breakpoints and their associated counts and commands. `B' produces the same results. .TP .B c Stack backtrace. If .I address is given, it specifies the address of a pair of 32-bit values containing the .B sp and .B pc of an active process. This allows selecting among various contexts of a multi-threaded process. If .B C is used, the names and (long) values of all parameters, automatic and static variables are printed for each active function. If .I count is given, only the first .I count frames are printed. .TP .B a Attach to the running process whose pid is contained in .IR address . .TP .B e The names and values of all external variables are printed. .TP .B w Set the page width for output to .I address (default 80). .TP .B q Exit from .IR db . .TP .B m Print the address maps. .TP .B k Simulate kernel memory management. .TP .BI M machine Set the .I machine type used for disassembling instructions. .PD .RE .TP .BI : modifier Manage a subprocess. Available modifiers are: .RS .TP .PD 0 .BI h Halt an asynchronously running process to allow breakpointing. Unnecessary for processes created under .IR db , e.g. by .BR :r . .TP .BI b c Set breakpoint at .IR address . The breakpoint is executed .IR count \-1 times before causing a stop. Also, if a command .I c is given it is executed at each breakpoint and if it sets dot to zero the breakpoint causes a stop. .TP .B d Delete breakpoint at .IR address . .TP .B r Run .I textfile as a subprocess. If .I address is given the program is entered at that point; otherwise the standard entry point is used. .I Count specifies how many breakpoints are to be ignored before stopping. Arguments to the subprocess may be supplied on the same line as the command. An argument starting with < or > causes the standard input or output to be established for the command. .TP .BI c s The subprocess is continued. If .I s is omitted or nonzero, the subprocess is sent the note that caused it to stop. If 0 is specified, no note is sent. (If the stop was due to a breakpoint or single-step, the corresponding note is elided before continuing.) Breakpoint skipping is the same as for .BR r . .TP .BI s s As for .B c except that the subprocess is single stepped for .I count machine instructions. If a note is pending, it is received before the first instruction is executed. If there is no current subprocess then .I textfile is run as a subprocess as for .BR r . In this case no note can be sent; the remainder of the line is treated as arguments to the subprocess. .TP .BI S s Identical to .B s except the subprocess is single stepped for .I count lines of C source. In optimized code, the correspondence between C source and the machine instructions is approximate at best. .TP .BI x The current subprocess, if any, is released by .I db and allowed to continue executing normally. .TP .B k The current subprocess, if any, is terminated. .TP .BI n c Display the pending notes for the process. If .I c is specified, first delete .I c'th pending note. .PD .RE .SS Addresses The location in a file or memory image associated with an address is calculated from a map associated with the file. Each map contains one or more quadruples .RI ( "t, f, b, e, o" ), defining a segment named .I t (usually, .IR text , .IR data , or .IR core ) in file .I f mapping addresses in the range .I b through .IR e to the part of the file beginning at offset .IR o . If segments overlap, later segments obscure earlier ones. An address .I a is translated to a file address by finding the last segment in the list for which .IR b ≤ a < e ; the location in the file is then .IR address + f \- b . .PP Usually, the text and initialized data of a program are mapped by segments called .IR text , .IR data , and .IR bss . Since a program file does not contain stack data, this data is not mapped. The text segment is mapped similarly in a normal (i.e., non-kernel) .IR memfile . However, one or more segments called .I data provide access to process memory. This region contains the program's static data, the bss, the heap and the stack. .PP Sometimes it is useful to define a map with a single segment mapping the region from 0 to 0xFFFFFFFF; a map of this type allows an entire file to be examined without address translation. .PP The .B $m command dumps the currently active maps. The .B ?m and .B /m commands modify the segment parameters in the .I textfile and .I memfile maps, respectively. .SH EXAMPLES To set a breakpoint at the beginning of .B write() in extant process 27: .IP .EX % db 27 :h write:b :c .EE .PP To set a breakpoint at the entry of function .B parse when the local variable .B argc in .B main is equal to 1: .IP .EX parse:b *main.argc-1=X .EE .PP This prints the value of .B argc-1 which as a side effect sets dot; when .B argc is one the breakpoint will fire. Beware that local variables may be stored in registers; see the BUGS section. .SH "SEE ALSO" .MR acid (1) , .MR core (1) .SH SOURCE .B \*9/src/cmd/db .SH DIAGNOSTICS Exit status is 0, unless the last command failed or returned non-zero status. .SH BUGS Examining a local variable with .I routine.name returns the contents of the memory allocated for the variable, but with optimization, variables often reside in registers. Also, on some architectures, the first argument is always passed in a register. .PP Variables and parameters that have been optimized away do not appear in the symbol table, returning the error .IR "bad local variable" when accessed by .IR db . .PP Breakpoints should not be set on instructions scheduled in delay slots. When a program stops on such a breakpoint, it is usually impossible to continue its execution.