In a previous post, I wrote about the basic usage of GDB with xv6 operating system to inspect its internal functionalities such as function calls. First of all, we should make some fix in the code of Makefile before proceeding since in the version I have, GDB is not giving me the output I wanted sometimes.
Starting the system:
(1) Move into the source file of the xv6 operating system and open the Makefile. At around line number 76, there will be a content like this which you should comment and all the other line instead.
#CFLAGS = -fno-pic -static -fno-builtin -fno-strict-aliasing -Wall -MD -ggdb -m32 -Werror -fno-omit-frame-pointer
CFLAGS = -fno-pic -static -fno-builtin -fno-strict-aliasing -Wall -MD -ggdb -m32 -Werror -fno-omit-frame-pointer -gdwarf-2
Starting the system:
(1) Move into the source file of the xv6 operating system and open the Makefile. At around line number 76, there will be a content like this which you should comment and all the other line instead.
#CFLAGS = -fno-pic -static -fno-builtin -fno-strict-aliasing -Wall -MD -ggdb -m32 -Werror -fno-omit-frame-pointer
CFLAGS = -fno-pic -static -fno-builtin -fno-strict-aliasing -Wall -MD -ggdb -m32 -Werror -fno-omit-frame-pointer -gdwarf-2
(2) Now, we are ready to explore xv6 futher using GDB. As described in the previous post, let's start xv6 on QEMU using a one terminal and in a separate terminal we should start GDB.
On terminal prompt 1:
cd ~/Downloads/my-xv6/xv6-master/
make qemu-gdb
On terminal prompt 2:
cd ~/Downloads/my-xv6/xv6-master/
gdb kernel
Exploring internal function calls:
At this point, the QEMU emulator should be started but the xv6 operating system is not booted yet. It is waiting for our commands on the (gdb) prompt. Let's assign a breakpoint at exec function call and then explore the whole thing.
Give the following commands on (gdb) prompt to assign a breakpoint as exec function and then to continue the execution of the xv6 OS.
(gdb) b exec
(gdb) c
Then the xv6 should start booting and then it will stop at the point where the exec function is called by the system. It will look like the following.
(gdb) c
Continuing.
[New Thread 2]
[Switching to Thread 2]
The target architecture is assumed to be i386
=> 0x80100aef <exec>: push %ebp
Breakpoint 1, exec (path=0x1c "/init", argv=0x8dfffe98) at exec.c:12
12 {
(gdb)
It is clear that the exec function was called to execute the init program which is the very first user process to run on xv6 operating system. We can view the parameters passed to this instance of exec function by giving commands as below.
(gdb) p argv[0]
$1 = 0x1c "/init"
(gdb) p argv[1]
$2 = 0x0
(gdb) p argv[2]
$3 = 0x0
Additionally, we have the capability to explore the sequence of functions called inside the system to reach this exec function call. For that, we can use the bt command which means the backtrace of function calls.
(gdb) bt
#0 exec (path=0x1c "/init", argv=0x8dfffe98) at exec.c:12
#1 0x80105d94 in sys_exec () at sysfile.c:400
#2 0x80105106 in syscall () at syscall.c:133
#3 0x801062a4 in trap (tf=0x8dffffb4) at trap.c:43
#4 0x80106095 in alltraps () at trapasm.S:23
Let's continue and see when it calls the exec system call again.
(gdb) c
Continuing.
=> 0x80100aef <exec>: push %ebp
Breakpoint 1, exec (path=0x8c3 "sh", argv=0x8dffee98) at exec.c:12
12 {
(gdb) bt
#0 exec (path=0x8c3 "sh", argv=0x8dffee98) at exec.c:12
#1 0x80105d94 in sys_exec () at sysfile.c:400
#2 0x80105106 in syscall () at syscall.c:133
#3 0x801062a4 in trap (tf=0x8dffefb4) at trap.c:43
#4 0x80106095 in alltraps () at trapasm.S:23
#5 0x8dffefb4 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
It is obvious what happened there. The very first user process init called exec again to create the shell process called sh. That's how we get the shell prompt in the xv6 system. If we type c to continue, the shell will wait for a command from us. Let's run ls command on the shell prompt and see what GDB brings to us.
(gdb) c
Continuing.
=> 0x80100aef <exec>: push %ebp
Breakpoint 1, exec (path=0x1a60 "ls", argv=0x8dfbee98) at exec.c:12
12 {
Here we go. The shell process executed the exec function again to start the process running ls program is shown above. In this way, we can explore internal functionality and the sequence of function calls of xv6 operating system using GDB easily.
References:
[1] http://zoo.cs.yale.edu/classes/cs422/2013/lec/l2-hw
[2] http://staff.ustc.edu.cn/~bjhua/courses/ats/2014/hw/hw-interface.html
On terminal prompt 1:
cd ~/Downloads/my-xv6/xv6-master/
make qemu-gdb
On terminal prompt 2:
cd ~/Downloads/my-xv6/xv6-master/
gdb kernel
Exploring internal function calls:
At this point, the QEMU emulator should be started but the xv6 operating system is not booted yet. It is waiting for our commands on the (gdb) prompt. Let's assign a breakpoint at exec function call and then explore the whole thing.
Give the following commands on (gdb) prompt to assign a breakpoint as exec function and then to continue the execution of the xv6 OS.
(gdb) b exec
(gdb) c
Then the xv6 should start booting and then it will stop at the point where the exec function is called by the system. It will look like the following.
(gdb) c
Continuing.
[New Thread 2]
[Switching to Thread 2]
The target architecture is assumed to be i386
=> 0x80100aef <exec>: push %ebp
Breakpoint 1, exec (path=0x1c "/init", argv=0x8dfffe98) at exec.c:12
12 {
(gdb)
It is clear that the exec function was called to execute the init program which is the very first user process to run on xv6 operating system. We can view the parameters passed to this instance of exec function by giving commands as below.
(gdb) p argv[0]
$1 = 0x1c "/init"
(gdb) p argv[1]
$2 = 0x0
(gdb) p argv[2]
$3 = 0x0
Additionally, we have the capability to explore the sequence of functions called inside the system to reach this exec function call. For that, we can use the bt command which means the backtrace of function calls.
(gdb) bt
#0 exec (path=0x1c "/init", argv=0x8dfffe98) at exec.c:12
#1 0x80105d94 in sys_exec () at sysfile.c:400
#2 0x80105106 in syscall () at syscall.c:133
#3 0x801062a4 in trap (tf=0x8dffffb4) at trap.c:43
#4 0x80106095 in alltraps () at trapasm.S:23
Let's continue and see when it calls the exec system call again.
(gdb) c
Continuing.
=> 0x80100aef <exec>: push %ebp
Breakpoint 1, exec (path=0x8c3 "sh", argv=0x8dffee98) at exec.c:12
12 {
(gdb) bt
#0 exec (path=0x8c3 "sh", argv=0x8dffee98) at exec.c:12
#1 0x80105d94 in sys_exec () at sysfile.c:400
#2 0x80105106 in syscall () at syscall.c:133
#3 0x801062a4 in trap (tf=0x8dffefb4) at trap.c:43
#4 0x80106095 in alltraps () at trapasm.S:23
#5 0x8dffefb4 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
It is obvious what happened there. The very first user process init called exec again to create the shell process called sh. That's how we get the shell prompt in the xv6 system. If we type c to continue, the shell will wait for a command from us. Let's run ls command on the shell prompt and see what GDB brings to us.
(gdb) c
Continuing.
=> 0x80100aef <exec>: push %ebp
Breakpoint 1, exec (path=0x1a60 "ls", argv=0x8dfbee98) at exec.c:12
12 {
Here we go. The shell process executed the exec function again to start the process running ls program is shown above. In this way, we can explore internal functionality and the sequence of function calls of xv6 operating system using GDB easily.
References:
[1] http://zoo.cs.yale.edu/classes/cs422/2013/lec/l2-hw
[2] http://staff.ustc.edu.cn/~bjhua/courses/ats/2014/hw/hw-interface.html
No comments:
Post a Comment