Bug where are thou - PowerPoint PPT Presentation

1 / 11

About This Presentation

Title:

Bug where are thou

Description:

VM Ware. compiler bugs. Potential sources of bugs. your code ... free local stack frame. return. Compiler optimization: Bug or Feature. unsigned int foo(int x) ... – PowerPoint PPT presentation

Number of Views:22

Avg rating:3.0/5.0

Slides: 12

Provided by: voe5

Category:

more less

Transcript and Presenter's Notes

Title: Bug where are thou

1
Bug where are thou?

An introduction to the kernel debugger
Marcus Völp

Universität Karlsruhe 7.5.2002 SDI
2
Potential sources of bugs

your code

compiler optimizations

VM Ware

the kernel / idl4

compiler bugs

3
Potential sources of bugs
Debug it !

your code

compiler optimizations

Soon !

VM Ware

Test on real hardware !

the kernel / idl4

Our job !

compiler bugs

Probably no chance ! switch compiler
4
Compiler optimization Bug or Feature
unsigned int foo(int x) int bar(int x)
unsigned int exception exception foo(x)
if (exception lt 0) printf ("Exception
in foo\n") return -1 return 0
00100040 ltbargt 100040 55
push ebp 100041 89 e5 mov
esp,ebp 100043 31 c0 xor
eax,eax 100045 89 ec mov
ebp,esp 100047 5d pop
ebp 100048 c3 ret
100049 8d 76 00 lea
0x0(esi),esi
objdump d c_opt_example (.o)
5
Compiler optimization Bug or Feature
unsigned int foo(int x) int bar(int x)
unsigned int exception exception foo(x)
if (exception lt 0) printf ("Exception
in foo\n") return -1 return 0
00100040 ltbargt 100040 55
push ebp 100041 89 e5 mov
esp,ebp 100043 31 c0 xor
eax,eax 100045 89 ec mov
ebp,esp 100047 5d pop
ebp 100048 c3 ret
100049 8d 76 00 lea
0x0(esi),esi
!!! Reverse notation add eax, ebx ebxeax
6
Compiler optimization Bug or Feature
address
unsigned int foo(int x) int bar(int x)
unsigned int exception exception foo(x)
if (exception lt 0) printf ("Exception
in foo\n") return -1 return 0
00100040 ltbargt 100040 55
push ebp 100041 89 e5 mov
esp,ebp 100043 31 c0 xor
eax,eax 100045 89 ec mov
ebp,esp 100047 5d pop
ebp 100048 c3 ret
100049 8d 76 00 lea
0x0(esi),esi
opcode
assembly
!!! Reverse notation add eax, ebx ebxeax
7
the L4 Kernel Debugger
kernel
kdb

independent from kernel
knows kernel internal data

8
L4 KDB frame

Exception frame of current exception

KD exception 3 (current 0011f3bb, cr3
0011a000) fault addr 0011f47e stack
f01089a0 error code 00000000 eax f0118400 ebx f
0118400 ecx f01187f0 edx f0118400 esi 001a98b8
edi 00181d38 ebp 00107000 efl 00200016
cPAzsoditr0
9
L4 KDB threads

TCB of thread tx e0050000

Thread no current e0050000 TCB e0050000
TID 04050001 PRIO 0x32
OK UIP 002822f7 queues
rPws present f0118400e0040400 space
01814000 USP 00283acc tstate WAITING ready e004
0400e0040000 pager 04040401 KSP
e0050364 resour mfpd wakeup 0000000000000000
excpt 00000000 KIP f0102a08 send e0050000e00
50000 timeslc 0/10000 partner INVALID timeout
00000000/00000000 (cur. Time 00030285) sndqueue
00000000 IPC 0000000000000000000000c8 unwind
00000000
10
L4 KDB address space mdb

Page table and mapping database

p01814000 Dump pagetable (All/User/Kernel/Tcbs)
all user 00000000 -gt 01816027
(PT) addr01816000 00280000 -gt 00280027
(4K) addr00280000 wua..c 00282000 -gt 00282027
(4K) addr00282000 wua..c 00283000 -gt 00283027
(4K) addr00283000 wuad.c
m00280000 00000000 4M ROOT (f1800000)
00280000 4KB MAP (f180fa00) 1
space0180a000 vaddr00280000 pgentf180ca00
(f180e0b8) 2 space01814000 vaddr00280000
pgentf1816a00 (f180e130)
11
Further notes

L4 Hazelnut KDB Manual
i30www/sdi/Docs/kdb.html
Trace of the kdb presentation
h, spc, g, esc, h, k5, t, te0050000, D00283acc
enter 01814000, De0050364 enter 01814000
de0050364, U2822d0, q, p01814000, m00280000, I,
6, b0i002822d0, b-, s, s, T, g, g, T-, ..., spc,
g, esc, te0050000, 6, i, g, i-, P, g, P-

Write a Comment

User Comments (0)