diff -r 578be2adaf3e -r 307f4279f433 Adaptation/GUID-08E14B34-5144-5AA8-AA55-7AF03671676C.dita --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Adaptation/GUID-08E14B34-5144-5AA8-AA55-7AF03671676C.dita Fri Oct 15 14:32:18 2010 +0100 @@ -0,0 +1,459 @@ + + + + + +The +Debug Monitor Command SyntaxThe debug monitor is entered when the kernel crashes, if a system +process panics, or an unhandled processor exception occurs. +

Under normal circumstances this ought not to happen, but when the kernel +faults, the device enters the kernel debug monitor.

+

There may be circumstances where you need to force a kernel crash, for +example, if the system is locking up. Running the test program crash.exe forces +a crash. This program takes a parameter that defines the number of seconds +that must elapse before the kernel crash is forced.

+

For example, when the system locks up under certain conditions, run "crash +60", and then recreate the conditions that lead to the lockup. After 60 seconds, +the kernel crash is forced and the debug monitor is entered.

+

Notes:

+ +
Getting the +debug monitor going

When the kernel faults, the device enters the +debug monitor.

To make use of the debug monitor, do the following:

    +
  • Plug the mains adaptor +into the DC jack.

  • +
  • Connect the target device +COM port to your PC, and set the PC serial port to 115200 baud, 8 bits, no +parity, 1 stop bit, XON/XOFF flow control.

  • +
  • Press the ON key on +the target device.

  • +
  • Start a terminal program +on the PC (e.g. HyperTerminal.)

  • +
  • Press RETURN on +the PC. The target device should reply with the prompt:

    Password:
  • +
  • Enter the password "replacement" +(all lower case, but without the quotes) on the PC. The target device should +now reply:

    *** DEBUG MONITOR ***
  • +

You can now enter debug monitor commands.

+
Crash debugger +commands

Commands consist of a single letter describing the operation +to be performed, followed by any arguments. Not all commands take arguments. +Commands are case sensitive; the majority are lower case. Commands should +be entered at the command prompt, on the PC. The set of supported commands +is as follows:

    +
  • f - displays +kernel fault information

  • +
  • m - does +a memory dump

  • +
  • z - does +a memory dump, but skips over unmapped memory space

  • +
  • i - displays +information on the current thread and the current process

  • +
  • o - displays +brief DObject information

  • +
  • O - displays +full DObject information

  • +
  • p - display +short information about code segments

  • +
  • P - display +full information about code segments

  • +
  • c - displays +contents of object container; (nb lower case)

  • +
  • C - displays +contents of object container; (nb upper case)

  • +
  • r - dumps +register contents

  • +
  • S - dumps +thread stack contents

  • +
  • x - leaves +the debugger, does a cold restart of the same ROM image; (nb lower case)

  • +
  • X - leaves +the debugger, and returns to the bootloader to wait for a new ROM image to +be downloaded; (nb upper case)

  • +
  • h - help.

  • +
+
f - display +kernel fault information

This command displays information about +the the kernel fault that caused the debugger to be entered. The information +has the following format.

Fault Category: Exception Fault Reason: 10000000 +ExcId 00000001 CodeAddr ffe0016c DataAddr 80000001 Extra 00000013 +Exc 1 Cpsr=68000010 FAR=80000001 FSR=00000013 + R0=00000000 R1=00000000 R2=30000000 R3=80000001 + R4=00000001 R5=00403d68 R6=00002000 R7=00000000 + R8=00000000 R9=00000000 R10=00000000 R11=00403fa0 +R12=00403d34 R13=00403d48 R14=500d41e8 R15=ffe0016c +R13Svc=81716000 R14Svc=500480b8 SpsrSvc=20000010

Notes:

    +
  • R15 is the program counter

  • +
  • R14 is the link register,

  • +
  • R13 is the stack pointer

  • +
+
m - do a memory +dump

This command dumps memory in both hexadecimal and ASCII format. +Use one of the following command formats:

m start end m start+length

start specifies +the start address in hexadecimal, and end specifies the end +address in hexadecimal. If the second parameter starts with a + character, +then the following hexadecimal characters are interpreted as a length.

Address +parameters are always virtual addresses (the MMU is still on).

The +resulting format is similar to the EKA1 format.

For example:

.m +81c01c60+30

81C01C60: 00 00 00 00 15 00 00 10 E0 6A 13 50 01 00 00 80 .........j.P.... +81C01C70: 30 3B C0 81 34 D9 03 50 00 00 FF FF E8 1C C0 81 0;..4..P........ +81C01C80: 34 D9 03 50 30 3B C0 81 FC 4A 13 50 E8 1C C0 81 4..P0;...J.P..... +

If an illegal memory access occurs, the debugger traps the +exception and displays an error message.

+
z - do a memory +dump, skipping over unmapped memory

This command dumps memory in +both hexadecimal and ASCII format, but excludes any unmapped memory space. +If an illegal memory access occurs, it does not stop, but skips to the next +page instead. This is useful to inspect the content of discontiguous chunks.

The +syntax and the display format is the same as for the m command.

+
i - display +information for the current process and thread

This command displays +information for the current process and thread.

SCHEDULER @80000d98: CurrentThread 8070dd28 +RescheduleNeeded=00 DfcPending=00 KernCSLocked=00000001 +DFCS: next 80000ea8 prev 80000ea8 +ProcessHandler=5004b040, AddressSpace=8070d7c8 +SYSLOCK: HoldingThread 8070dd28 iWaiting 00000000 +Extras 0: 8070d7c8 1: 8070d7c8 2: 8070d7c8 3: 00000000 +Extras 4: 00000000 5: 00000000 6: 00000000 7: 00000000 +Extras 8: 00000000 9: 00000000 A: 00000000 B: 00000000 +Extras C: 00000000 D: 00000000 E: 00000000 F: 00000000 +

The format for the thread is:

TheCurrentThread=8070da6c +THREAD at 8070da6c VPTR=50052b50 AccessCount=3 Owner=8070d7c8 +Full name crash::Main +Thread MState READY +Default priority 28 WaitLink Priority 28 +ExitInfo 3,0, +Flags 80000004, Handles 8070a79c +Superviso81715000 size 1000 +User stack base 00402000 size 2000 +Id=19, Heap=00600000, Created heap=00600000, Frame=00000000 +Trap handler=00000000, ActiveScheduler=00000000, Exception +handler=00000000 +TempObj=00000000 TempAlloc=00000000 +NThread @ 8070dd28 Pri 28 NState READY +Next=8070dd28 Prev=8070dd28 Att=03 ExcInUserMode=10 +HeldFM=80000eb8 WaitFM=00000000 AddrSp=8070d7c8 +Time=0 Timeslice=20 ReqCount=0 +SuspendCount=0 CsCount=0 CsFunction=00000000 +SavedSP=81715d6c +CAR 00000001 +DACR 30315507 +R13_USR 00000000 R14_USR 81715dc4 SPSR_SVC 81715e10 + R4 30303031 R5 30303030 R6 81715dc4 R7 81715e14 + R8 81715dac R9 81715da0 R10 50055c88 R11 50055c3c + PC 81715dc0

The format for the process is:

TheCurrentProcess=8070d7c8 +PROCESS at 8070d7c8 VPTR=50052bc4 AccessCount=5 Owner=00000000 +Full name crash +ExitInfo 3,0, +Flags 00040000, Handles 80709c98, Attributes 60010000 +DataBssChunk 8070a514, CodeChunk 8070a9a8 +DllDataChunk 00000000, Process Lock 8070d90c +NumChunks=2 +0: Chunk 8070a514, run 00400000, access count 1 +1: Chunk 8070a704, run 00600000, access count 1 +Domain -1, DACR 55555507 +TheCurrentAddressSpace=8070d7c8 +TheCurrentVMProcess=8070d7c8 +PROCESS at 8070d7c8 VPTR=50052bc4 AccessCount=5 Owner=00000000 +Full name crash +ExitInfo 3,0, +Flags 00040000, Handles 80709c98, Attributes 60010000 +DataBssChunk 8070a514, CodeChunk 8070a9a8 +DllDataChunk 00000000, Process Lock 8070d90c +NumChunks=2 +0: Chunk 8070a514, run 00400000, access count 1 +1: Chunk 8070a704, run 00600000, access count 1 +Domain -1, DACR 55555507 +TheCurrentDataSectionProcess=8070d7c8 +TheCompleteDataSectionProcess=8070d7c8 +PROCESS at 8070d7c8 VPTR=50052bc4 AccessCount=5 Owner=00000000 +Full name crash +ExitInfo 3,0, +Flags 00040000, Handles 80709c98, Attributes 60010000 +DataBssChunk 8070a514, CodeChunk 8070a9a8 +DllDataChunk 00000000, Process Lock 8070d90c +NumChunks=2 +0: Chunk 8070a514, run 00400000, access count 1 +1: Chunk 8070a704, run 00600000, access count 1 +Domain -1, DACR 55555507 +
+
o - display +brief DObject information

This command in lower case displays +basic information about the DObject. The command has the +following syntax:

o address

where address specifies +the address of the DObject.

For example:

o +6403c170

THREAD at 6403c170 VPTR=f8046c18 AccessCount=3 Owner=6403bb4c +Full name crash::Main +
+
O - display +full DObject information

This command in upper case displays +full information about the DObject. The exact format displayed +depends on the exact type of the DObject being referenced, +for example, whether it is a thread, process, or a chunk. The command has +the following syntax:

O address

where address specifies +the address of the DObject.

+
p - display +short information about code segments

This command in lower +case displays basic information about one or more code segments, as encapsulated +by DCodeSeg objects. The command has the following syntax:

p address | all

where:

    +
  • address is +the address of a specific code segment

  • +
  • all refers +to all code segments.

  • +

For example:

p 64053b70

.p 64053b70 +CodeSeg at 64053b70: + FileName: Z:\sys\bin\crash.exe + RunAddress: f83e3498
+
P - display +full information about code segments

This command in upper case displays +the full information about one or more code segments, as encapsulated by DCodeSeg objects. +The command has the following syntax:

P address | all

where:

    +
  • address is +the address of a specific code segment

  • +
  • all refers +to all code segments.

  • +

For example:

P 64053b70

.p 64053b70 +CodeSeg at 64053b70: + FileName: Z:\sys\bin\crash.exe + RunAddress: f83e3498 + + iLink: Prev 64052f48 (64052f40) Next 640000e0 (640000d8) + iTempLink: Prev dfdfdfdf (dfdfdfcf) Next 00000000 (00000000) + iGbgLink: Prev 00000000 (00000000) Next 00000000 (00000000) + iAccessCount: 1 + iEntryPtVeneer: f83e3498 + iFileEntryPoint: f83e3498 + iExtOffset: 10 + iUids: 1000007a 00000000 00000000 + iDeps: 00000000 ( ) + iDepCount: 0 + iNextDep: 0 + iMark: 31 + iAttr: a + iExeCodeSeg: 64053b70 + iAttachProcess: 00000000 + iModuleVersion: a0000 + iS: + SecureId: 00000000, VendorId: 70000001 + Caps: 000fffff 00000000 + iSize: 370 + + iXIP: 1 + iInfo: f83e3420 (TRomImageHeader*) + iUid1: 1000007a, iUid2: 00000000, iUid3: 00000000 + iUidChecksum: 045ac39e + iEntryPoint: f83e3498 + iCodeAddress: f83e3498, iCodeSize: 00000370 + iDataAddress: 00000000, iDataSize: 00000000 + iTextSize: 00000370, iBssSize: 00000000 + iHeapSizeMin: 00001000, iHeapSizeMax: 00100000, iStackSize: 00002000 + iDllRefTable: 00000000 + iExportDirCount: 0, iExportDir: f83e33fc + iS: + SecureId: 00000000, VendorId: 70000001 + Caps: 000fffff 00000000 + iToolsVersion: Major 02 Minor 01 Build 0225 + iFlags: 0000002a + iPriority: 352 + iDataBssLinearBase: 00400000 + iNextExtension: 00000000 + iHardwareVariant: 01000000 + iTotalDataSize: 00000000 + iModuleVersion: 000a0000 + iExceptionDescriptor: f83e34f4 + + iCodeAllocBase: 80000000 + iDataAllocBase: 80000000 + iKernelData: 00000000
+
c - display +contents of object container

This command in lower case displays +the contents of one of the kernel's object containers, a DObjectCon type. +Note that information is dumped very quickly without page breaks, which is +useful in situations where the kernel is likely to become very unstable very +shortly after crashing. There is an upper case version of this command, C, +which generates output with a pause between pages.

The command has +the following syntax:

c type

where type is +a single hexadecimal digit between 0 and D inclusive that specifies which +kernel container is to be dumped. The mapping between the hexadecimal digit +and the kernel container is:

+ + + +

0

+

Threads

+
+ +

1

+

Processes

+
+ +

2

+

Chunks

+
+ +

3

+

Libraries

+
+ +

4

+

Semaphores

+
+ +

5

+

Mutexes

+
+ +

6

+

Timers

+
+ +

7

+

Servers

+
+ +

8

+

Sessions

+
+ +

9

+

LogicalDevices

+
+ +

A

+

PhysicalDevices

+
+ +

B

+

Channels

+
+ +

C

+

ChangeNotifiers

+
+ +

D

+

Undertakers

+
+ +

E

+

Message queues

+
+ +

F

+

Property references

+
+ + +

For example:

c A

Container 10 at 640275c4 contains 3 PHYSICAL DEVICES: +PHYSICAL DEVICE at 64032dac VPTR=f805d9fc AccessCount=2 Owner=00000000 +Full name Media.IRam +PHYSICAL DEVICE at 640339e8 VPTR=f8067e44 AccessCount=2 Owner=00000000 +Full name Media.Flash +PHYSICAL DEVICE at 64033a64 VPTR=f806b9f8 AccessCount=2 Owner=00000000 +Full name Media.Ata +

c 0

Container 0 at 807022b8 contains 12 THREADS: +THREAD at 807011c0 VPTR=50052b04 AccessCount=1 Owner=8070107c +Full name EKern::Null +Thread MState READY +Default priority 0 WaitLink Priority 0 +ExitInfo 3,0, +Flags 0000000c, Handles 80701520 +Supervisor stack base 80700000 size 1000 +User stack base 00000000 size 0 +Id=0, Heap=00000000, Created heap=00000000, Frame=00000000 +Trap handler=00000000, ActiveScheduler=00000000, Exception +handler=00000000 +TempObj=00000000 TempAlloc=00000000 +NThread @ 8070147c Pri 0 NState READY +Next=8070147c Prev=8070147c Att=00 ExcInUserMode=00 +HeldFM=00000000 WaitFM=00000000 AddrSp=8070107c +Time=-1 Timeslice=-1 ReqCount=0 +SuspendCount=0 CsCount=0 CsFunction=00000000 +SavedSP=80700f50 +CAR 00000001 +DACR 55555547 +R13_USR 00403ed4 R14_USR 500c88b4 SPSR_SVC 200000d3 + R4 00000009 R5 5004b7ec R6 50000000 R7 dc911000 + R8 00000000 R9 807103c0 R10 50002140 R11 80700fb4 + PC 500481b4 +

The information displayed for each object is the same as that +shown after using the q command. +After displaying the information for each object, the debugger pauses until +you press a key.

Notes

    +
  • the DObjectCon class +is internal to Symbian platform.

  • +
  • the type value passed +as an argument to the command is one of the enum values of the TObjectType enum; +this enum is internal to Symbian platform.

  • +
+
C - display +contents of object container

This command in upper case is +exactly the same as the lower case c command +except that the display of output pauses between pages. If you need to dump +output as fast as possible without pauses, use the lower case version.

+
r - dump register +contents

This command dumps the full ARM register set.

On +ARM this dumps the full set of user mode registers and all the alternate registers +for other modes.

For example:

r

MODE_USR: + R0=6571de54 R1=0000002a R2=00000002 R3=ffffffff + R4=0000002a R5=f8170414 R6=6571df14 R7=6403cba8 + R8=00000001 R9=6403c41c R10=640002f8 R11=6571de70 +R12=00000020 R13=00404e00 R14=f80818c0 R15=f800bfa8 +CPSR=60000013 +MODE_FIQ: + R8=00000000 R9=ffffffff R10=ffffffff R11=00000000 +R12=00000000 R13=64000d0c R14=c080079c SPSR=e00000dc +MODE_IRQ: +R13=6400110c R14=00000013 SPSR=20000013 +MODE_SVC: +R13=6571de54 R14=f80328bc SPSR=60000010 +MODE_ABT: +R13=6400090c R14=ffff0010 SPSR=400000d7 +MODE_UND: +R13=6400090c R14=95221110 SPSR=f000009d +
+
S - Dumps thread +stack contents

This command, in upper case, dumps both the user +and supervisor stacks used by each thread in the system. Some threads do not +have a user thread, in which case this is indicated. Each set of stacks is +displayed in turn, in the following format:

THREAD at c8052fa0 VPTR=80082304 AccessCount=6 Owner=c8044608 +Full name efile.exe::LoaderThread +User stack base at 00410000, size == 1000 +Stack pointer == 00413e30 +Stack mapped at 00410000 +00413e30: 10 01 70 01 99 93 1b 80 18 01 70 01 d0 56 1b 80 ..p.......p..V.. +00413e40: 00 00 00 00 00 00 00 00 84 00 70 01 84 00 70 01 ..........p...p. +00413e50: 04 00 00 00 23 91 1b 80 38 01 70 01 10 01 70 01 ....#...8.p...p. +00413e60: 80 3e 41 00 01 00 00 00 10 01 70 01 00 00 00 00 .>A.......p..... +00413e70: 84 00 70 01 cd 91 1b 80 30 02 70 01 00 00 00 00 ..p.....0.p..... + +Supervisor stack base at c9127000, size == 1000 +Stack pointer == c9127fbc +c9127fb0: b0 d1 0a c8 0c 00 00 00 13 00 00 00 00 07 00 00 ................ +c9127fc0: 00 00 f0 00 45 55 55 55 30 3e 41 00 89 ff 1b 80 ....EUUU0>A..... +c9127fd0: 10 00 00 20 10 01 70 01 80 3e 41 00 98 c7 23 80 ... ..p..>A...#. +c9127fe0: 58 3e 41 00 04 00 00 00 40 00 00 00 98 4b 04 c8 X>A.....@....K.. +c9127ff0: 60 04 00 c8 98 01 02 80 00 00 00 00 10 5a 1b 80 `............Z..

With +a multiple memory model, this command is the only way to reliably dump a stack.

+
x - leave debugger, +cold restart of ROM image

This command, in lower case, leaves the +debugger and does a cold restart of the current ROM image.

+
X - leave debugger, +return to bootloader

This command, in upper case, leaves the debugger, +and returns to the bootloader to wait for a new ROM image to be downloaded.

+
h - Help

Displays +a short summery of the crash debugger commands.

+
\ No newline at end of file