Category Archives: GSoC

[GSoC weekly report#4]can't resume from a breakpoint

This is my code of HDebugger under GNU/Hurd.  The mainly problem is that it can set a breakpoint but can't resume from it.

The inferior program is just like a hello_world but contains two printf() call. Firstly, I set a breakpoint at the second printf() call, the address if find in the output by objdump -d.

Now, I can get the exception message (which msg.id==2400) from the mach kernel when the inferior hit the breakpoint. When get the message, I recovery the breakpoint of the original code, and set the thread_state by minus the eip register . Then post a signal_0 to it. At last I call thread_resume() try to continue inferior. But I got nothing, the thread is just keeping hang. If I use gdb to attach the inferior when I got the exception message, I can continue the inferior by type "continue command" in gdb' shell.

Answer to  last week:

  1. If  I don’t call proc_wait_request()first in my debugger demo, the mach_msg() call  will never return. This is because the inferior is suspended after execl(), so nobody will send message to us if we don't do a request initiatively.
  2. Is  there exist any specific running sequence between father and child task after fork()? By default, after fork(), the father process run first, so we have a chance to see the execl() to destroy the old threads in child process.
  3. How execl() go? It will destroy the two old threads(main thread and signal thread) forked from the parent process.  Then create a new main thread to run the execute file in execl() parameter. The funny thing is when to create the new signal thread? Never create the signal thread unless an exception appears(NO! The signal thread is initialize early and loop listening on the msgport). This is also the answer to question 4.
Next week goal:
Finish HDebugger and begin to code the gdbserver!

 

[GSoC weekly report#3]dig into the gnu_nat.c

This week I have digged into the GDB source code. I have turn on the gnu_debug_flags in gnu_nat.c, and get about 500 lines output when debugging a hello_world program. Then I try to get clear about the detail of GNU/Hurd follow the output step by step. But I have got a lot of puzzles.

  1. What is the proc server?. And I found that If  I don’t call proc_get_reqeust() proc_wait_request()first in my debugger demo, the mach_msg() call  will never return.
  2. Is  there exist any specific running sequence between father and child task after fork()? And I found the inferior always call the trace_me() in the same time(the trace me printf always in the same line of the output log).
  3. How do the fork() and execl() go? Say there is a father task which contains two threads( one for main thread, and other is the signal thread). After the father call fork(), the child call execl() immediately, how things go? Will execl() destroy the two old threads and then create new ones?
  4. When I set a breakpoint in the hello_world program, I will get five times new thread printf and three threads died printf. If I don't set breakpoint, I only get four times, and two threads died. How to explain this?
  5. How to understand the relationship and difference between structure inf  and structure inferior? I think the inf is low-level presentation of the debugged program, and the other is a high-level presentation. Am I right?
  6. what are the observer_notify_new_thread()  and observer_notify_thread_ptid_changed() do in thread.c?
  7. What are the target_terminal_*() [fork_child.c] like target_terminal_init() and target_ternimal_inferior() do?

Next week goal: solve above questions.

[GSoC weekly report#2]My understand of How exception is thrown and handled in Hurd

This week I have read the <Mach 3 Kernel Principles> and some relate materials. And I have rewritten the MIG use example in <A programmer's guide to the mach user environment>. I put the code in github. Most of the code is stolen from Anand Babu's example.

Now I have known something about the mig basically. I can answer the question of  "What is the S_exception_raise_request()?" .

Firstly, I will describe without debugger stuff. When a task was created, the glibc will created one more thread(so called message thread or signal thread) in the task. The function  _hurdsig_init() [glibc/hurd/hurdsig.c] will initialize the exception port of the other thread in the task, and start the signal thread to listen on all the ports. The signal thread will run the _hurd_msgport_recieve() [glibc/hurd/msgportdemux.c] which invoke the mach_msg_server() [glibc/mach/msgserver.c] with the first parameter of msgport_server() as its demux pointer.

After the initialization, the signal thread is blocked until a exception occur. Whenever an exception occurs(for instance, thread A cause an divide zero exception), the mach kernel will suspend the thread A right now, and the kernel will send a exception message to the thread A's exception port on behalf of A. Meanwhile, our signal thread is already listening on the thread A's exception port. So the mach_msg() will return, and invoke the (*demux)() which is pointer to msgport_server() as described above.

Ok, now we will see the magic of mig. In the last line of msgport_server(), it will return _S_exc_server(). The _S_exc_server() is just an demux who generated by mig  from the mach/include/mach/exc.defs and will call the S_catch_exception_raise() to handle the exception. S_catch_exception_raise() [glibc/hurd/catch-exc.c] deliver the signal by _hurd_internal_post_signal()  [glibc/hurd/hurdsig.c]. Honestly to say, the _hurd_internal_post_signal() function is too complex to understand for me now. I think I will make it clear in the later work. By default, the _hurd_internal_post_signal will invoke the default handler to handle the divide zero exception which just simply terminal the thread A. After this, the whole exception things without debugger is done.

If a task is under the control of gdb, thing will be a little different. Instead of the glibc's _hurd_msgport_recieve(), the gdb will use the the gnu_wait() to listen on the exception port. And then pass the message by (!notify_server()  && !exc_server() && !process_reply_server() && !msg_reply_server()). We only care about exc_server() here, it was generated by the mid from gdb/exc_request.defs like above, and will invoke the S_exception_raise_request() who will handle this exception like the situation in S_catch_exception_raise() above.

This is my understand of how exception is thrown  and be handled.

Again, the next week goal is to finish the debugger demo.

[GSoC weekly report#1]Reading source code and build a debugger demo in Hurd(not complete yet)

Honestly to say, these days I haven't enough time to do the gsoc stuff. The school work had taken almost all of my time. And I am so sorry to that I haven't got any significant progress at the beginning week.

I am reading the gdb source code, and the gnu-nat.c file has captured my eyes. According to the mach's exception model, I have tried to write a debugger demo on Hurd (not completed yet).  But I got some puzzles below:

1) What is the S_exception_raise_request()?

The exception model says: victim raise, victim wait, handler catch, handler take action. In my knowledge, handler catch the notification by invoking mach_msg(), and I finally found this invoke in gun_wait() function. But, I also found something strange like S_exception_raise_request(). The comment says ""The rpc handler called by exc_server ". What is the exc_server? And how to understand this why seems two place to catch the exception notification?

2) what is the role of ptrace in gdb port on Hurd?

I have found only one place to use ptrace like ptrace(PTRACE_TRACEME,..).  The rest directly use the vm_read,vm_write to access the inferior's memory instead of ptrace(PTRACE_PEEKDATA). what's plus, I have found the implementation of ptrace support PTRACE_PEEKDATA under Hurd in glibc.

Next week goal:

1. finish the debugger demo which support modifying the debugged process's memory and inserting breakpoint.

2. continue to read the source code. get clearly with the above questions.

GSoC2013 accept!

一大早收到两封来自google的邮件,终于不是thank you开头,读研这段日子收了好多公司的感谢信(微软、大摩、EMC、新思。。。集满七封是不是可以换一个offer?)google的这句Congratulations确实够振奋我心 🙂

Congratulations! Your proposal "[HURD] Improve the GDB Port for GNU Hurd" submitted to "GNU Project" has been accepted for Google Summer of Code 2013. Over the next few days, we will add you to the private Google Summer of Code Student Discussion List.
Now that you've been accepted, please take the opportunity to speak with your mentors about plans for the Community Bonding Period: what documentation should you be reading, what version control system will you need to set up, etc., before start of coding begins on 17 June.
Welcome to Google Summer of Code 2013! We look forward to having you with us.
With best regards,
The Google Summer of Code Program Administration Team
少年继续努力!为开源世界贡献一份力!