plan9port

db.1 (17167B)

---

 .TH DB 1
 .SH NAME
 db, stack \- debugger
 .SH SYNOPSIS
 .B db
 [
 .I option ...
 ]
 [
 .I pid
 |
 .I corefile
 ]
 [
 .I textfile
 ]
 .PP
 .B stack
 [
 .I pid
 |
 .I corefile
 |
 .I name
 ]
 [
 .I textfile
 ]
 .SH DESCRIPTION
 .I Db
 is a general purpose debugging program.
 It may be used to examine files and to provide
 a controlled environment for the execution
 of programs.
 .PP
 A
 .I textfile
 is a file containing the text and initialized
 data of an executable program.
 A
 .I pid
 or
 .I corefile
 specifies the memory image of a process.
 A 
 .I pid
 gives the id of an executing process to be accessed via
 .MR ptrace (2) .
 A
 .I corefile
 specifies the name of a core dump (see
 .MR core (5)
 on your system of choice) containing the
 memory image of a terminated process.
 This manual refers to the memory image specified by
 .I pid
 or
 .I corefile
 as a
 .IR memfile .
 .PP
 A
 .I map
 associated with each
 .I textfile
 or
 .I memfile
 supports accesses to instructions and data in the file;
 see `Addresses'.
 .PP
 An argument consisting entirely of digits is assumed
 to be a process id; otherwise, it is the name of a
 .I textfile
 or
 .IR corefile .
 When a
 .I textfile
 is given, the textfile map
 is associated with it.
 If only a
 .I memfile
 is given, the textfile map is
 derived from the corresponding
 .IR textfile ,
 if it can be determined
 (this varies from system to system).
 When a
 .I memfile
 is given, the memfile map is associated with it;
 otherwise the map is undefined and accesses to it
 are not permitted.
 .PP
 .I Stack
 takes the same arguments as
 .IR db .
 It prints a stack trace (see the
 .B $c
 command below) and then exits.
 If the first argument is a process name,
 then
 .I stack
 prints the stack trace of every running process
 with the given name
 that is 
 owned by the current user.
 .PP
 Commands to
 .I db
 are read from the standard input and
 responses are to the standard output.
 The options are
 .TP
 .B -q
 Quiet mode: 
 suppress informational prints at startup.
 .TP
 .B -w
 Open
 .I textfile
 and
 .I memfile
 for writing as well as reading.
 .TP
 .BI -I path
 Directory in which to look for relative path names in
 .B $<
 and
 .B $<<
 commands.
 .TP
 .BI -m machine
 Assume instructions are for the given CPU type
 (possible names include
 .B 386
 and
 .BR powerpc ;
 adding
 the suffix
 .B -co
 as in
 .B 386-co
 and
 .B powerpc-co
 selects disassembly in the manufacturer's syntax, if
 available,
 rather than the default Plan 9 syntax).
 .PP
 Most
 .I db
 commands have the following form:
 .IP
 .RI [ address ]
 .RB [ ,
 .IR count ]
 .RI [ command ]
 .PP
 If
 .I address
 is present then the current position, called `dot',
 is set to
 .IR address .
 Initially dot
 is set to 0.
 Most commands are repeated
 .I count
 times with
 dot advancing between repetitions.
 The default
 .I count
 is 1.
 .I Address
 and
 .I count
 are expressions.
 Multiple commands on one line must be separated by
 .LR ; .
 .SS Expressions
 Expressions are evaluated as long
 .IR ints .
 .TP 7.2n
 .B .
 The value of dot.
 .TP 7.2n
 .B +
 The value of dot
 incremented by the current increment.
 .TP 7.2n
 .B ^
 The value of dot
 decremented by the current increment.
 .TP 7.2n
 .B \&"
 The last
 .I address
 typed.
 .TP 7.2n
 .I integer
 A number, in decimal radix by default.
 The prefixes
 .L 0
 and
 .L 0o
 and
 .L 0O
 (zero oh) force interpretation
 in octal radix; the prefixes
 .L 0t
 and
 .L 0T
 force interpretation in
 decimal radix; the prefixes
 .LR 0x ,
 .LR 0X ,
 and
 .L #
 force interpretation in
 hexadecimal radix.
 Thus
 .LR 020 ,
 .LR 0o20 ,
 .LR 0t16 ,
 and
 .L #10 
 all represent sixteen.
 .TP 7.2n
 .IB integer . fraction
 A single-precision floating point number.
 .TP 7.2n
 .BI \' c\| \'
 The
 16-bit
 value of a character.
 .L \e
 may be used to escape a
 .LR \' .
 .TP 7.2n
 .BI < name
 The value of
 .IR name ,
 which is a register name.
 The register names are
 those printed by the
 .B $r
 command.
 .TP 7.2n
 .I symbol
 A
 .I symbol
 is a sequence
 of upper or lower case letters, underscores or
 digits, not starting with a digit.
 .L \e
 may be used to escape other characters.
 The location of the
 .I symbol
 is calculated from the symbol table
 in
 .IR textfile .
 .TP 7.2n
 .IB routine . name
 The address of the variable
 .I name
 in the specified
 C routine.
 Both
 .I routine
 and
 .I name
 are
 .IR symbols .
 If
 .I name
 is omitted the value is the address of the
 most recently activated stack frame
 corresponding to
 .IR routine ;
 if
 .I routine
 is omitted,
 the active procedure
 is assumed.
 .TP 7.2n
 .IB file : integer
 The address of the instruction corresponding
 to the source statement at the indicated
 line number of the file.  If the source line contains
 no executable statement, the address of the
 instruction associated with the nearest
 executable source line is returned.  Files
 begin at line 1.  If multiple files of the same
 name are loaded, an expression of this form resolves
 to the first file encountered in the symbol table.
 .TP 7.2n
 .BI ( exp )
 The value of the expression
 .IR exp .
 .LP
 .I  Monadic operators
 .RS
 .TP 7.2n
 .BI * exp
 The contents of the location addressed
 by
 .I exp
 in
 .IR memfile .
 .TP 7.2n
 .BI @ exp
 The contents of the location addressed by
 .I exp
 in
 .IR textfile .
 .TP 7.2n
 .BI - exp
 Integer negation.
 .TP 7.2n
 .BI ~ exp
 Bitwise complement.
 .TP 7.2n
 .BI % exp
 When used as an
 .IR address ,
 .I exp
 is an offset into the segment named
 .IR ublock ;
 see `Addresses'.
 .RE
 .LP
 .I "Dyadic\ operators"
 are left-associative
 and are less binding than monadic operators.
 .RS
 .TP 7.2n
 .IB e1 + e2
 Integer addition.
 .TP 7.2n
 .IB e1 - e2
 Integer subtraction.
 .TP 7.2n
 .IB e1 * e2
 Integer multiplication.
 .TP 7.2n
 .IB e1 % e2
 Integer division.
 .TP 7.2n
 .IB e1 & e2
 Bitwise conjunction.
 .TP 7.2n
 .IB e1 | e2
 Bitwise disjunction.
 .TP 7.2n
 .IB e1 # e2
 .I E1
 rounded up to the next multiple of
 .IR e2 .
 .RE
 .DT
 .SS Commands
 Most commands have the following syntax:
 .TP .5i
 .BI ? f
 Locations starting at
 .I address
 in
 .I  textfile
 are printed according to the format
 .IR f .
 .TP
 .BI / f
 Locations starting at
 .I address
 in
 .I  memfile
 are printed according to the format
 .IR f .
 .TP
 .BI = f
 The value of
 .I address
 itself is printed according to the format
 .IR f .
 .PP
 A
 .I format
 consists of one or more characters that specify a style
 of printing.
 Each format character may be preceded by a decimal integer
 that is a repeat count for the format character.
 If no format is given then the last format is used.
 .PP
 Most format letters fetch some data,
 print it,
 and advance (a local copy of) dot
 by the number of bytes fetched.
 The total number of bytes in a format becomes the
 .IR current increment .
 .ta 2.5n .5i
 .RS
 .TP
 .PD 0
 .B o
 Print two-byte integer in octal.
 .TP
 .B O
 Print four-byte integer in octal.
 .TP
 .B q
 Print two-byte integer in signed octal.
 .TP
 .B Q
 Print four-byte integer in signed octal.
 .TP
 .B d
 Print two-byte integer in decimal.
 .TP
 .B D
 Print four-byte integer in decimal.
 .TP
 .B V
 Print eight-byte integer in decimal.
 .TP
 .B Z
 Print eight-byte integer in unsigned decimal.
 .TP
 .B x
 Print two-byte integer in hexadecimal.
 .TP
 .B X
 Print four-byte integer in hexadecimal.
 .TP
 .B Y
 Print eight-byte integer in hexadecimal.
 .TP
 .B u
 Print two-byte integer in unsigned decimal.
 .TP
 .B U
 Print four-byte integer in unsigned decimal.
 .TP
 .B f
 Print
 as a single-precision floating point number.
 .TP
 .B F
 Print double-precision floating point.
 .TP
 .B b
 Print the addressed byte in hexadecimal.
 .TP
 .B c
 Print the addressed byte as an
 .SM ASCII
 character.
 .TP
 .B C
 Print the addressed byte as a character.
 Printable
 .SM ASCII
 characters
 are represented normally; others
 are printed in the form
 .BR \exnn .
 .TP
 .B s
 Print the addressed characters, as a
 .SM UTF
 string, until a zero byte
 is reached.
 Advance dot
 by the length of the string,
 including the zero terminator.
 .TP
 .B S
 Print a string using 
 the escape convention (see
 .B C
 above).
 .TP
 .B r
 Print as
 .SM UTF
 the addressed two-byte integer (rune).
 .TP
 .B R
 Print as
 .SM UTF
 the addressed two-byte integers as runes
 until a zero rune is reached.
 Advance dot
 by the length of the string,
 including the zero terminator.
 .TP
 .B i
 Print as machine instructions.  Dot is
 incremented by the size of the instruction.
 .TP
 .B I
 As
 .B i
 above, but print the machine instructions in
 an alternate form if possible.
 .TP
 .B M
 Print the addressed machine instruction in a
 machine-dependent hexadecimal form.
 .TP
 .B a
 Print the value of dot
 in symbolic form.
 Dot is unaffected.
 .TP
 .B A
 Print the value of dot
 in hexadecimal.
 Dot is unaffected.
 .TP
 .B z
 Print the function name, source file, and line number
 corresponding to dot (textfile only). Dot is unaffected.
 .TP
 .B p
 Print the addressed value in symbolic form.
 Dot is advanced by the size of a machine address.
 .TP
 .B t
 When preceded by an integer, tabs to the next
 appropriate tab stop.
 For example,
 .B 8t 
 moves to the next 8-space tab stop.
 Dot is unaffected.
 .TP
 .B n
 Print a newline.
 Dot is unaffected.
 .tr '"
 .TP
 .BR ' ... '
 Print the enclosed string.
 Dot is unaffected.
 .br
 .tr ''
 .TP
 .B ^
 Dot is decremented by the current increment.
 Nothing is printed.
 .TP
 .B +
 Dot is incremented by 1.
 Nothing is printed.
 .TP
 .B -
 Dot is decremented by 1.
 Nothing is printed.
 .RE
 .PD
 .LP
 Other commands include:
 .TP
 newline
 Update dot by the current increment.
 Repeat the previous command with a
 .I count
 of 1.
 .TP
 .RB [ ?/ ] l "\fI value mask\fR"
 Words starting at dot
 are masked with
 .I mask
 and compared with
 .I value
 until
 a match is found.
 If
 .B l
 is used,
 the match is for a two-byte integer;
 .B L
 matches four bytes.
 If no match is found then dot
 is unchanged; otherwise dot
 is set to the matched location.
 If
 .I mask
 is omitted then ~0 is used.
 .TP
 .RB [ ?/ ] w "\fI value ...\fR"
 Write the two-byte
 .I value
 into the addressed
 location.
 If the command is
 .BR W ,
 write four bytes.
 .TP
 .RB [ ?/ ] "m\fI s b e f \fP" [ ?\fR]
 .br
 New values for
 .RI ( b,\ e,\ f )
 in the segment named
 .I s
 are recorded.  Valid segment names are
 .IR text ,
 .IR data ,
 or 
 .IR ublock .
 If less than three address expressions are given,
 the remaining parameters are left unchanged.
 If the list is terminated by
 .L ?
 or
 .L /
 then the file
 .RI ( textfile
 or
 .I memfile
 respectively) is used
 for subsequent requests.
 For example,
 .L /m?
 causes
 .L /
 to refer to
 .IR textfile .
 .TP
 .BI > name
 Dot is assigned to the variable or register named.
 .TP
 .B !
 The rest of the line is passed to
 .MR rc (1)
 for execution.
 .TP
 .BI $ modifier
 Miscellaneous commands.
 The available 
 .I modifiers 
 are:
 .RS
 .TP
 .PD 0
 .BI < f
 Read commands from the file
 .IR f .
 If this command is executed in a file, further commands
 in the file are not seen.
 If
 .I f
 is omitted, the current input stream is terminated.
 If a
 .I count
 is given, and is zero, the command is ignored.
 .TP
 .BI << f
 Similar to
 .B <
 except it can be used in a file of commands without
 causing the file to be closed.
 There is a (small) limit to the number of
 .B <<
 files that can be open at once.
 .br
 .ns
 .TP
 .BI > f
 Append output to the file
 .IR f ,
 which is created if it does not exist.
 If
 .I f
 is omitted, output is returned to the terminal.
 .TP
 .B ?
 Print process id, the condition which caused stopping or termination,
 the registers and the instruction addressed by
 .BR pc .
 This is the default if
 .I modifier
 is omitted.
 .TP
 .B r
 Print the general registers and
 the instruction addressed by
 .BR pc .
 Dot is set to
 .BR pc .
 .TP
 .B R
 Like
 .BR $r ,
 but include miscellaneous processor control registers
 and floating point registers.
 .TP
 .B f
 Print floating-point register values as
 single-precision floating point numbers.
 .TP
 .B F
 Print floating-point register values as
 double-precision floating point numbers.
 .TP
 .B b
 Print all breakpoints
 and their associated counts and commands.  `B' produces the same results.
 .TP
 .B c
 Stack backtrace.
 If
 .I address
 is given, it specifies the address of a pair of 32-bit
 values containing the
 .B sp
 and
 .B pc
 of an active process.  This allows selecting
 among various contexts of a multi-threaded
 process.
 If
 .B C
 is used, the names and (long) values of all
 parameters,
 automatic
 and static variables are printed for each active function.
 If
 .I count
 is given, only the first
 .I count
 frames are printed.
 .TP
 .B a
 Attach to the running process whose pid
 is contained in
 .IR address .
 .TP
 .B e
 The names and values of all
 external variables are printed.
 .TP
 .B w
 Set the page width for output to
 .I address
 (default 80).
 .TP
 .B q
 Exit from
 .IR db .
 .TP
 .B m
 Print the address maps.
 .TP
 .B k
 Simulate kernel memory management.
 .TP
 .BI M machine
 Set the
 .I machine
 type used for disassembling instructions.
 .PD
 .RE
 .TP
 .BI : modifier
 Manage a subprocess.
 Available modifiers are:
 .RS
 .TP
 .PD 0
 .BI h
 Halt
 an asynchronously running process to allow breakpointing.
 Unnecessary for processes created under
 .IR db ,
 e.g. by
 .BR :r .
 .TP
 .BI b c
 Set breakpoint at
 .IR address .
 The breakpoint is executed
 .IR count \-1
 times before
 causing a stop.
 Also, if a command
 .I c
 is given it is executed at each
 breakpoint and if it sets dot to zero
 the breakpoint causes a stop.
 .TP
 .B d
 Delete breakpoint at
 .IR address .
 .TP
 .B r
 Run
 .I textfile
 as a subprocess.
 If
 .I address
 is given the
 program is entered at that point; otherwise
 the standard entry point is used.
 .I Count
 specifies how many breakpoints are to be
 ignored before stopping.
 Arguments to the subprocess may be supplied on the
 same line as the command.
 An argument starting with < or > causes the standard
 input or output to be established for the command.
 .TP
 .BI c s
 The subprocess is continued.
 If
 .I s
 is omitted
 or nonzero,
 the subprocess
 is sent the note that caused it to stop.
 If 0
 is specified,
 no note is sent.
 (If the stop was due to a breakpoint or single-step,
 the corresponding note is elided before continuing.)
 Breakpoint skipping is the same
 as for
 .BR r .
 .TP
 .BI s s
 As for
 .B c
 except that
 the subprocess is single stepped for
 .I count
 machine instructions.
 If a note is pending,
 it is received
 before the first instruction is executed.
 If there is no current subprocess then
 .I textfile
 is run
 as a subprocess as for
 .BR r .
 In this case no note can be sent; the remainder of the line
 is treated as arguments to the subprocess.
 .TP
 .BI S s
 Identical to
 .B s
 except the subprocess is single stepped for
 .I count
 lines of C source.  In optimized code, the correspondence
 between C source and the machine instructions is
 approximate at best.
 .TP
 .BI x
 The current subprocess, if any, is released by
 .I db
 and allowed to continue executing normally.
 .TP
 .B k
 The current subprocess, if any, is terminated.
 .TP
 .BI n c
 Display the pending notes for the process.
 If
 .I c
 is specified, first delete
 .I c'th
 pending note.
 .PD
 .RE
 .SS Addresses
 The location in a file or memory image associated with
 an address is calculated from a map
 associated with the file.
 Each map contains one or more quadruples
 .RI ( "t, f, b, e, o" ),
 defining a segment named
 .I t
 (usually, 
 .IR text ,
 .IR data ,
 or
 .IR core )
 in file
 .I f
 mapping addresses in the range
 .I b
 through
 .IR e
 to the part of the file
 beginning at
 offset
 .IR o .
 If segments overlap, later segments obscure earlier ones.
 An address
 .I a
 is translated
 to a file address
 by finding the last segment in the list
 for which
 .IR b ≤ a < e ;
 the location in the file
 is then
 .IR address + f \- b .
 .PP
 Usually,
 the text and initialized data of a program
 are mapped by segments called 
 .IR text ,
 .IR data ,
 and
 .IR bss .
 Since a program file does not contain stack data,
 this data is
 not mapped.
 The text segment is mapped similarly in
 a normal (i.e., non-kernel)
 .IR memfile .
 However, one or more segments called 
 .I data
 provide access to process memory.
 This region contains the program's static data, the bss, the
 heap and the stack.
 .PP
 Sometimes it is useful to define a map with a single segment
 mapping the region from 0 to 0xFFFFFFFF; a map of this type
 allows an entire file to be examined
 without address translation.
 .PP
 The
 .B $m
 command dumps the currently active maps.  The
 .B ?m
 and
 .B /m
 commands modify the segment parameters in the
 .I textfile
 and
 .I memfile
 maps, respectively.
 .SH EXAMPLES
 To set a breakpoint at the beginning of
 .B write()
 in extant process 27:
 .IP
 .EX
 % db 27
 :h
 write:b
 :c
 .EE
 .PP
 To set a breakpoint at the entry of function
 .B parse
 when the local variable
 .B argc
 in
 .B main
 is equal to 1:
 .IP
 .EX
 parse:b *main.argc-1=X
 .EE
 .PP
 This prints the value of
 .B argc-1
 which as a side effect sets dot; when
 .B argc
 is one the breakpoint will fire.
 Beware that local variables may be stored in registers; see the
 BUGS section.
 .SH "SEE ALSO"
 .MR acid (1) ,
 .MR core (1)
 .SH SOURCE
 .B \*9/src/cmd/db
 .SH DIAGNOSTICS
 Exit status is 0, unless the last command failed or
 returned non-zero status.
 .SH BUGS
 Examining a local variable with
 .I routine.name
 returns the contents of the memory allocated for the variable, but
 with optimization, variables often reside in registers.
 Also, on some architectures, the first argument is always
 passed in a register.
 .PP
 Variables and parameters that have been
 optimized away do not appear in the
 symbol table, returning the error 
 .IR "bad local variable"
 when accessed by
 .IR db .
 .PP
 Breakpoints should not be set on instructions scheduled
 in delay slots.  When a program stops on such a breakpoint,
 it is usually impossible to continue its execution.