From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28990 invoked by alias); 10 Oct 2011 14:39:22 -0000 Received: (qmail 28942 invoked by uid 22791); 10 Oct 2011 14:39:21 -0000 X-SWARE-Spam-Status: No, hits=-1.9 required=5.0 tests=AWL,BAYES_00,MSGID_FROM_MTA_HEADER,RP_MATCHES_RCVD,TW_XF X-Spam-Check-By: sourceware.org Received: from mtagate1.uk.ibm.com (HELO mtagate1.uk.ibm.com) (194.196.100.161) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 10 Oct 2011 14:39:04 +0000 Received: from d06nrmr1507.portsmouth.uk.ibm.com (d06nrmr1507.portsmouth.uk.ibm.com [9.149.38.233]) by mtagate1.uk.ibm.com (8.13.1/8.13.1) with ESMTP id p9AEd371006257 for ; Mon, 10 Oct 2011 14:39:03 GMT Received: from d06av02.portsmouth.uk.ibm.com (d06av02.portsmouth.uk.ibm.com [9.149.37.228]) by d06nrmr1507.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p9AEd2Q42556042 for ; Mon, 10 Oct 2011 15:39:02 +0100 Received: from d06av02.portsmouth.uk.ibm.com (loopback [127.0.0.1]) by d06av02.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p9AEd2FN031036 for ; Mon, 10 Oct 2011 08:39:02 -0600 Received: from tuxmaker.boeblingen.de.ibm.com (tuxmaker.boeblingen.de.ibm.com [9.152.85.9]) by d06av02.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with SMTP id p9AEd1m3030933; Mon, 10 Oct 2011 08:39:01 -0600 Message-Id: <201110101439.p9AEd1m3030933@d06av02.portsmouth.uk.ibm.com> Received: by tuxmaker.boeblingen.de.ibm.com (sSMTP sendmail emulation); Mon, 10 Oct 2011 16:39:01 +0200 Subject: Re: [try 2nd 5/8] Displaced stepping for Thumb 32-bit insns To: yao@codesourcery.com (Yao Qi) Date: Mon, 10 Oct 2011 14:39:00 -0000 From: "Ulrich Weigand" Cc: gdb-patches@sourceware.org (gdb-patches@sourceware.org) In-Reply-To: <4E924D2F.8020009@codesourcery.com> from "Yao Qi" at Oct 10, 2011 09:41:03 AM MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2011-10/txt/msg00266.txt.bz2 Yao Qi wrote: > I don't have much details on hand for problem #6, but I can explain > problem #7 a little bit here. There are some kernel helpers on ARM in a > high page (0xffffXXXX), and application can access them like this, > > (gdb) disassemble 0x400eaba4,+4 > Dump of assembler code from 0x400eaba4 to 0x400eaba8: > => 0x400eaba4: sub pc, r0, #31 > End of assembler dump. > (gdb) p/x $r0 > $2 = 0xffff0fff > > We have some bits in gdb to handle it > (arm-linux-tdep.c:arm_catch_kernel_helper_return). The problem here is > that when inferior stops at such high address, gdb stops stepping and > inserts a step-resume breakpoint, as shown in this log below, > > displaced: stepping insn e240f01f at 40021ba4 > displaced: copying immediate ALU insn e240f01f > displaced: read r0 value ffff0fff > displaced: read r1 value 0d696914 > displaced: read r0 value ffff0fff > displaced: read pc value 40021bac > displaced: writing r0 value 40021bac > displaced: writing r1 value ffff0fff > displaced: writing insn e241001f at 000083ac > displaced: copy 0x40021ba4->0x83ac: displaced: check mode of 40021ba4 > instead of 000083ac > displaced: displaced pc to 0x83ac > displaced: restored process 2067 0x83ac > displaced: read r0 value ffff0fe0 > displaced: writing r0 value ffff0fff > displaced: writing r1 value 0d696914 > displaced: writing pc ffff0fe0 > infrun: stop_pc = 0xffff0fe0 > infrun: stepped into undebuggable function > > Obviously, it is not what we want here. What we want here is to > continue stepping, and then arm_catch_kernel_helper_return has the > chance to handle PC at high address, and make everything correct. I still don't quite understand what's wrong with the above sequence; GDB displaced-stepped the "sub pc" command, recognized it was now in an undebuggable function, and then inserted a step-resume breakpoint to continue out of it. This should work just fine, and should in fact work the same in ARM mode too ... The special code in arm_catch_kernel_helper_return is only needed if we actually step in code *in* the kernel helper (i.e. if we do a "si" on the "sub pc", and then *another* "si"). If *that* happens, we should run into arm_catch_kernel_helper_return -- b.t.w. it seems this function is then not Thumb-safe: dsc->modinsn[0] = 0xe59ef004; /* ldr pc, [lr, #4]. */ I guess this needs to check for Thumb mode and produce an appropiate instruction in that case ... Bye, Ulrich -- Dr. Ulrich Weigand GNU Toolchain for Linux on System z and Cell BE Ulrich.Weigand@de.ibm.com