Wanted: Machine language trace

[Chris Torek]

In article <315 at v7fs1.UUCP> mvp at v7fs1.UUCP (Mike Van Pelt) writes:
>On the Sun 386i, I just discovered the desperate need to trace a
>program at the machine language level -- the kind of thing that MessDos
>DEBUG does ....

Not being familiar with this, all I can do is talk about adb:

>[adb's] command structure is certainly weird and cryptic enough.  But
>after wading through the manual for a couple of hours trying to figure
>out how to put that bignum after the T, I came to the horrible
>realization -- IT AIN'T THERE!

adb can do it.  adb can do anything.  :-)

>Sure, you can type ,9999999 :s, but
>that will only list the instructions, not any of the invaluble register
>contents.  Worse, I lied about the 's' at the end of "instructions" --
>It silently executes them, then prints the last, and only the last,
>instruction executed.  (Still no registers.)

`:s' steps: it runs single instructions until the count runs out, or
until adb hits a breakpoint.  When it stops, it prints the reason
(breakpoint or `stopped' or illegal memory access or whatnot) and
the pc, and decodes the instruction at that location.

>In desperation, I piped the script 
>
>while true
>do
>echo ':s ; $r'
>done
>
>to adb, but this is getting too gross for me to deal with any more.
>(Besides, it filled up my file system before getting to the part of the
>program I need to look at.)

That parenthetical remark sounds like the real problem (but maybe not;
see below).  The script above works, but you can do it directly in adb,
although you need an auxiliary file: put the commands

	:s
	$r
	$<foo

in the file `foo', and then `adb prog' and `$<foo'.  To make it stop
after some number of iterations (the line numbers in parentheses are
for the next paragraph):

(1)	:s
(2)	$r
(3)	,#(<9-1)$<
(4)	,<9-1$<foo

then type

	,500$<foo

to run 500 steps.

Line 3 means `if variable 9 minus 1 is not 0, give a zero count to the
command $<, otherwise give it a count of 1'.  $< without a file name
ends file input; but $< does nothing at all if it has a zero count.
This is a way to stop early.  Line 4, then, gives the count `variable 9
minus 1' to the command `$<foo'.  Of course, this shows line 3 to be
unnecessary after all: a zero count does nothing, which (being followed
by EOF) ends the file diversion.  I included that third line merely for
illustration.  (Variable 9 is set by the $< command itself.)

To make it print only specific registers, replace the `$r' with
something more specific:

	:s
	<r6="r6"8tX
	<r7="r7"8tX
	<r8="r8"8tX
	<r9="r9"8tX
	<r10="r10"8tX
	<r11="r11"8tX
	,<9-1$<foo

One warning: if the program is not running, `:s' starts it.  Thus an
infinite count (or an infinite loop like the `while ... | adb' script)
results in an infinitely repeating trace.  If the program ends by
calling exit(), you can add something like

	,#(<pc-_exit)$<

to stop iterating when the PC has the value of _exit.  (Use _exit+2 on
a VAX.)

Another warning: despite what the manual says, `^' backs up by two
bytes, not the current increment (or rather, it sets the increment to
two, then backs up).  I fixed this in the 4.4BSD adb, but that turns
out to break some scripts, so it might be jiggered again before the
release.  (And---O joy to systems porters---I deBourned it, and split
it into machine dependent and machine independent pieces.  It still
believes in flat address spaces, however.)
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris at mimsy.umd.edu	Path:	uunet!mimsy!chris