ddb supports the following commands:
!address[(expression[,...])]
A synonym for call.
break[/u] address[,count]
Set a breakpoint at
address. If
count is supplied, continues (
count-1) times before stopping at the breakpoint. If the breakpoint is set, a breakpoint number is printed with ‘#'. This number can be used to
delete the breakpoint, or to add conditions to it.
If
/u is specified, set a breakpoint at a user-space address. Without
/u,
address is considered to be in the kernel-space, and an address in the wrong space will be rejected, and an error message will be emitted. This modifier may only be used if it is supported by machine dependent routines.
Warning: if a user text is shadowed by a normal user-space debugger, user-space breakpoints may not work correctly. Setting a breakpoint at the low-level code paths may also cause strange behavior.
bt[/ul] [frame-address][,count]
A synonym for trace.
bt/t[/ul] [pid][,count]
A synonym for trace/t.
bt/a[/ul] [lwpaddr][,count]
A synonym for trace/a.
call address[(expression[,...])]
Call the function specified by address with the argument(s) listed in parentheses. Parentheses may be omitted if the function takes no arguments. The number of arguments is currently limited to 10.
continue[/c]
Continue execution until a breakpoint or watchpoint. If
/c is specified, count instructions while executing. Some machines (e.g., pmax) also count loads and stores.
Warning: when counting, the debugger is really silently single-stepping. This means that single-stepping on low-level may cause strange behavior.
delete address | #number
Delete a breakpoint. The target breakpoint may be specified by address, as per break, or by the breakpoint number returned by break if it's prefixed with ‘#'.
dmesg [count]
Prints the contents of the kernel message buffer. The optional count argument will limit printing to at most the last count bytes of the message buffer.
dwatch address
Delete the watchpoint at address that was previously set with watch command.
examine[/modifier] address[,count]
Display the address locations according to the format in
modifier. Multiple modifier formats display multiple locations. If
modifier isn't specified, the modifier from the last use of
examine is used.
The valid format characters for
modifier are:
b
examine bytes (8 bits).
h
examine half-words (16 bits).
l
examine words (legacy “long”, 32 bits).
L
examine long words (implementation dependent)
a
print the location being examined.
A
print the location with a line number if possible.
x
display in unsigned hex.
o
display in unsigned octal.
d
display in signed decimal.
u
display in unsigned decimal.
r
display in current radix, signed.
c
display low 8 bits as a character. Non-printing characters as displayed as an octal escape code (e.g., ‘\000').
s
display the NUL terminated string at the location. Non-printing characters are displayed as octal escapes.
m
display in unsigned hex with a character dump at the end of each line. The location is displayed as hex at the beginning of each line.
i
display as a machine instruction.
I
display as a machine instruction, with possible alternative formats depending upon the machine:
alpha
print register operands
vax
don't assume that each external label is a procedure entry mask
kill pid[,signal_number]
Send a signal to the process specified by the pid. Note that pid is interpreted using the current radix (see trace/t command for details). If signal_number isn't specified, the SIGTERM signal is sent.
match[/p]
A synonym for next.
next[/p]
Stop at the matching return instruction. If /p is specified, print the call nesting depth and the cumulative instruction count at each call or return. Otherwise, only print when the matching return is hit.
print[/axzodurc] address [address ...]
Print addresses
address according to the modifier character, as per
examine. Valid modifiers are:
/a,
/x,
/z,
/o,
/d,
/u,
/r, and
/c (as per
examine). If no modifier is specified, the most recent one specified is used.
address may be a string, and is printed “as-is”. For example:
print/x "eax = " $eax "\necx = " $ecx "\n"
will produce:
eax = xxxxxx
ecx = yyyyyy
ps[/a][/n][/w][/l]
A synonym for show all procs.
reboot [flags]
Reboot, using the optionally supplied boot
flags, which is a bitmask supporting the same values as for
reboot(2). Some of the more useful flags:
0x1
RB_ASKNAME
Ask for file name to reboot from
0x2
RB_SINGLE
Reboot to single user mode
0x4
RB_NOSYNC
Don't sync before reboot
0x8
RB_HALT
Halt instead of reboot
0x40
RB_KDB
Boot into kernel debugger
0x100
RB_DUMP
Dump unconditionally before reboot
0x808
RB_POWERDOWN
Power off (or at least halt)
Note: Limitations of the command line interface preclude specification of a boot string.
search[/bhl] address value [mask] [,count]
Search memory from
address for
value. The unit size is specified with a modifier character, as per
examine. Valid modifiers are:
/b,
/h, and
/l. If no modifier is specified,
/l is used.
This command might fail in interesting ways if it doesn't find
value. This is because
ddb doesn't always recover from touching bad memory. The optional
count limits the search.
set $variable [=] expression
Set the named variable or register to the value of
expression. Valid variable names are described in
VARIABLES.
show all callout
Display information about callouts in the system. See
callout(9) for more information on callouts.
show all pages
Display basic information about all physical pages managed by the VM system. For more detailed information about a single page, use show page.
show all pools[/clp]
Display all pool information. Modifiers are the same as show pool.
show all procs[/a][/n][/w][/l]
Display all process information. Valid modifiers:
/n
show process information in a
ps(1) style format. Information printed includes: process ID, parent process ID, process group, UID, process status, process flags, process command name, and process wait channel message.
/a
show the kernel virtual addresses of each process' proc structure, u-area, and vmspace structure. The vmspace address is also the address of the process' vm_map structure, and can be used in the show map command.
/w
show each process' PID, command, system call emulation, wait channel address, and wait channel message.
/l
show each process' associated LWP information, including each LWP's LID, flags, kernel LWP structure address, u-area, and wait channel. This is the default.
show arptab
Dump the entire AF_INET routing table. This command is available only on systems which support inet and ARP.
show breaks
Display all breakpoints.
show buf[/f] address
Print the struct buf at address. The /f does nothing at this time.
show event[/f][/i][/m][/t]
Print all the non-zero
evcnt(9) event counters. Valid modifiers:
/f
event counters with a count of zero are printed as well.
/i
interrupted counters will be displayed.
/m
misc counters will be displayed.
/t
trap counters will be displayed.
If none of
/i,
/m or
/t are specified, all are shown. You can combine any of these. For example, the modifier
/itf will select both interrupt and trap events, including those that are non-zero.
show files address
Display information about the vnodes of the files that are currently open by the process associated with the proc structure at address. This address can be found using the show all procs /a command. If the kernel is compiled with options LOCKDEBUG then details about the locking of the underlying uvm object will also be displayed.
show lock address
Display information about a lock at address. This command is useful only if a kernel is compiled with options LOCKDEBUG.
show malloc address
If address is supplied, display the kernel memory allocator's idea on the allocation status for it. Also, print out global statistics for the memory allocator. This command is useful only if a kernel is compiled with options MALLOC_DEBUG.
show map[/f] address
Print the vm_map at address. If /f is specified, the complete map is printed.
show mount[/f] address
Print the mount structure at address. If /f is specified, the complete vnode list is printed.
show mbuf[/c] address
Print the mbuf structure at address. If /c is specified, the mbufs in the chain are followed.
show ncache address
Dump the namecache list associated with vnode at address.
show object[/f] address
Print the vm_object at address. If /f is specified, the complete object is printed.
show page[/f] address
Print the vm_page at address. If /f is specified, the complete page is printed.
show pool[/clp] address
Print the pool at
address. Valid modifiers:
/c
Print the cachelist and its statistics for this pool.
/l
Print the log entries for this pool.
/p
Print the pagelist for this pool.
show registers[/u]
Display the register set. If
/u is specified, display user registers instead of kernel registers or the currently save one.
Warning: support for
/u is machine dependent. If not supported, incorrect information will be displayed.
show sched_qs
Print the state of the scheduler's run queues. For each run queue that has an LWP, the run queue index and the list of LWPs will be shown. If the run queue has LWPs, but the sched_whichqs bit is not set for that queue, the queue index will be prefixed with a ‘!'.
show uvmexp
Print a selection of UVM counters and statistics.
show uvmhist
Dumps the UVM histories. This command is available only if a kernel is compiled with options UVMHIST.
show vnode[/f] address
Print the vnode at address. If /f is specified, the complete vnode is printed.
show watches
Display all watchpoints.
sifting[/F] string
Search the symbol tables for all symbols of which
string is a substring, and display them. If
/F is specified, a character is displayed immediately after each symbol name indicating the type of symbol.
For
a.out(5)-format symbol tables, absolute symbols display
@, text segment symbols display
*, data segment symbols display
+, BSS segment symbols display
-, and filename symbols display
/. For ELF-format symbol tables, object symbols display
+, function symbols display
*, section symbols display
&, and file symbols display
/.
To sift for a string beginning with a number, escape the first character with a backslash as:
step[/p] [,count]
Single-step
count times. If
/p is specified, print each instruction at each step. Otherwise, only print the last instruction.
Warning: depending on the machine type, it may not be possible to single-step through some low-level code paths or user-space code. On machines with software-emulated single-stepping (e.g., pmax), stepping through code executed by interrupt handlers will probably do the wrong thing.
sync
Force a crash dump, and then reboot.
trace[/u[l]] [frame-address][,count]
Stack trace from
frame-address. If
/u is specified, trace user-space, otherwise trace kernel-space.
count is the number of frames to be traced. If
count is omitted, all frames are printed. If
/l is specified, the trace is printed and also stored in the kernel message buffer.
Warning: user-space stack trace is valid only if the machine dependent code supports it.
trace/t[l] [pid][,count]
Stack trace by “thread” (process, on
NetBSD) rather than by stack frame address. Note that
pid is interpreted using the current radix, whilst
ps displays pids in decimal; prefix
pid with ‘0t' to force it to be interpreted as decimal (see
VARIABLES section for radix). If
/l is specified, the trace is printed and also stored in the kernel message buffer.
Warning: trace by pid is valid only if the machine dependent code supports it.
trace/a[l] [lwpaddr][,count]
Stack trace by light weight process (LWP) address rather than by stack frame address. If
/l is specified, the trace is printed and also stored in the kernel message buffer.
Warning: trace by LWP address is valid only if the machine dependent code supports it.
until[/p]
Stop at the next call or return instruction. If /p is specified, print the call nesting depth and the cumulative instruction count at each call or return. Otherwise, only print when the matching return is hit.
watch address[,size]
Set a watchpoint for a region. Execution stops when an attempt to modify the region occurs.
size defaults to 4.
If you specify a wrong space address, the request is rejected with an error message.
Warning: attempts to watch wired kernel memory may cause an unrecoverable error in some systems such as i386. Watchpoints on user addresses work the best.
whatis address
Describe what an address is.
write[/bhlBHL] address expression [expression ...]
Write the
expressions at succeeding locations. The unit size is specified with a modifier character, as per
examine. Valid modifiers are:
/b,
/h, and
/l. If no modifier is specified,
/l is used.
Specifying the modifiers in upper case,
/B,
/H,
/L, will prevent
ddb from reading the memory location first, which is useful for avoiding side effects when writing to I/O memory regions.
Warning: since there is no delimiter between
expressions, strange things may occur. It's best to enclose each
expression in parentheses.
x[/modifier] address[,count]
A synonym for examine.