Contained WithinFind More DocumentationFeatured Support Resources |  Scarica il manuale in formato PDF (1196 KB)
Chapter 3 MDB Language SyntaxThis chapter describes the MDB language syntax, operators, and rules for command and symbol name resolution. SyntaxMDB processes commands from standard input. If standard input is a terminal, MDB provides terminal editing capabilities. MDB can also process commands from macro files and from dcmd pipelines, as described below. The MDB language syntax defines the following behavior:
A metacharacter is a newline, space, or tab character, or one of the following characters: [ ] | ! / \ ? = > $ : ; A blank is a TAB or a SPACE. A word is a sequence of characters separated by one or more non-quoted metacharacters. . An identifier is a sequence of letters, digits, underscores, periods, or back quotes beginning with a letter, underscore, or period. Identifiers are used as the names of symbols, variables, dcmds, and walkers. Commands are delimited by a NEWLINE or semicolon ( ; ). A dcmd is denoted by one of the following words or metacharacters: / \ ? = > $character :character ::identifier Dcmds named by metacharacters or prefixed by a single dollar sign ($) or colon character (:) are provided as built-in operators. These dcmds implement complete compatibility with the command set of the legacy adb(1) utility. After a dcmd has been parsed, the /, \, ?, =, >, $, and : characters are no longer recognized as metacharacters until the termination of the argument list. A simple-command is a dcmd followed by a sequence of zero or more blank-separated words. The words are passed as arguments to the invoked dcmd, except as specified under Arithmetic Expansion and Quoting. Each dcmd returns an exit status value that indicates one of the following occurred:
A pipeline is a sequence of one or more simple-commands, each separated by the vertical bar or pipe character (|). After the pipeline has been parsed, each dcmd is invoked in order from left to right. Each dcmd's output is processed and stored as described in Dcmd Pipelines. After the first dcmd in the pipeline is complete, its processed output is used as input for the second dcmd in the pipeline. When the second dcmd is complete, its output is used as input for the third dcmd in the pipeline, and so on. If any dcmd does not return a successful exit status, the pipeline is aborted. An expression is a sequence of words that is evaluated to compute a 64-bit unsigned integer value. The words are evaluated using the rules described in Arithmetic Expansion. CommandsA command is one of the following:
CommentsA word that begins with two forward slash characters (//) causes that word and all the subsequent characters up to a NEWLINE to be ignored. Arithmetic ExpansionArithmetic expansion is performed to determine the value of an expression. MDB commands can be preceded by expressions that represent a start address or a repeat count. Arithmetic expansion can also be performed to compute a numeric argument for a dcmd. An expression can appear in an argument list enclosed in square brackets preceded by a dollar sign ($[ expression ]). In this case, the expression is replaced by its arithmetic value. Expressions can contain any of the following special words:
The increment is a global variable that stores the total bytes read by the last formatting dcmd. For more information on the increment, refer to the discussion of Formatting Dcmds. Unary OperatorsUnary operators are right associative and have higher precedence than binary operators. The unary operators are:
Binary OperatorsBinary operators are left associative and have lower precedence than unary operators. The binary operators, in order of precedence from highest to lowest, are:
QuotingEach metacharacter described in Syntax terminates a word unless the metacharacter is quoted. Characters can be quoted by enclosing them in a pair of single quotation marks (') or double quotation marks (").. Quoting characters forces MDB to interpret each character as itself without any special significance. A single quotation mark cannot appear inside single quotation marks. Inside double quotation marks, MDB recognizes the C programming language character escape sequences. Shell EscapesThe ! character can be used to create a pipeline between an MDB command and the user's shell. Shell escapes are available only when using mdb and not when using kmdb. If the $SHELL environment variable is set, MDB will fork and exec this $SHELL program for shell escapes. If $SHELL is not set, /bin/sh is used. The shell is invoked with the -c option followed by a string formed by concatenating the words after the ! character. The ! character takes precedence over all other metacharacters, except semicolon (;) and NEWLINE. After a shell escape is detected, the remaining characters up to the next semicolon or NEWLINE are passed “as is” to the shell. The output of shell commands cannot be piped to MDB dcmds. The output of commands executed by a shell escape is sent directly to the terminal, not to MDB. VariablesA variable is a variable name, a corresponding integer value, and a set of attributes. A variable name is a sequence of letters, digits, underscores, or periods. Use the > dcmd or ::typeset dcmd to assign a value to a variable.. Use the ::typeset dcmd to manipulate the attributes of a variable. Each variable's value is represented as a 64-bit unsigned integer. A variable can have one or more of the following attributes: read-only (cannot be modified by the user), persistent (cannot be unset by the user), and tagged (user-defined indicator). The following variables are defined as persistent:
In addition, the MDB kernel and process targets export the current values of the representative thread's register set as named variables. The names of these variables depend on the target's platform and instruction set architecture. Symbol Name ResolutionAs explained in Syntax, a symbol identifier present in an expression context evaluates to the value of this symbol. The value typically denotes the virtual address of the storage associated with the symbol in the target's virtual address space. A target can support multiple symbol tables including, but not limited to, the following symbol tables:
The target typically searches the symbol tables of the primary executable first, then one or more of the other symbol tables. Note that ELF symbol tables contain only entries for external, global, and static symbols. Automatic symbols do not appear in the symbol tables processed by MDB. Additionally, MDB provides a private user-defined symbol table that is searched prior to any of the target symbol tables. The private symbol table is initially empty. Use the ::nmadd and ::nmdel dcmds to manipulate the private symbol table. Use the ::nm -P dcmd to display the contents of the private symbol table. The private symbol table enables you to create symbol definitions for program functions or data that were either missing from the original program or stripped out. These definitions are then used whenever MDB converts a symbolic name to an address, or converts an address to the nearest symbol. Because targets contain multiple symbol tables, and each symbol table can include symbols from multiple object files, different symbols with the same name can exist. MDB uses the backquote character (`) as a symbol-name scoping operator to enable you to obtain the value of the desired symbol in this situation. You can specify the scope used to resolve a symbol name as either: object`name, or file`name, or object`file`name. The object identifier refers to the name of a load object. The file identifier refers to the basename of a source file that has a symbol of type STT_FILE in the symbol table of the specified object. The object identifier's interpretation depends on the target type. The MDB kernel target expects object to specify the basename of a loaded kernel module. For example, the symbol name specfs`_init evaluates to the value of the _init symbol in the specfs kernel module. The mdb process target expects object to specify the name of the executable or of a loaded shared library. The value of object can take any of the following forms:
The process target will also accept any of these four forms preceded by an optional link-map ID (lmid). The lmid prefix is specified by an initial LM followed by the link-map id in hexadecimal followed by an additional backquote character (`). For example, the symbol name LM0`libc.so.1`_init evaluates to the value of the _init symbol in the libc.so.1 library that is loaded on link-map 0 (LM_ID_BASE). The link-map specifier might be necessary to resolve symbol naming conflicts if the same library is loaded on more than one link map. For more information on link maps, refer to the Linker and Libraries Guide and the dlopen(3C) man page. Link-map identifiers are displayed when symbols are printed according to the setting of the showlmid option, as described in Summary of Command-line Options. In the case of a naming conflict between symbols and hexadecimal integer values, MDB attempts to evaluate an ambiguous token as a symbol first, before evaluating it as an integer value. For example, the token f can refer either to the decimal integer value 15 specified in hexadecimal (the default base), or to a global variable named f in the target's symbol table. If a symbol can have an ambiguous name, use an explicit 0x or 0X prefix to specify the integer value. Dcmd and Walker Name ResolutionAs described earlier, each MDB dmod provides a set of dcmds and walkers. Dcmds and walkers are tracked in two distinct, global namespaces. MDB also keeps track of a dcmd and walker namespace associated with each dmod. Identically named dcmds or walkers within a given dmod are not allowed. A dmod with this type of naming conflict will fail to load. Name conflicts between dcmds or walkers from different dmods are allowed in the global namespace. In the case of a conflict, the first dcmd or walker with that particular name to be loaded is given precedence in the global namespace. Alternate definitions are kept in a list in load order. Use the backquote character (`) in a dcmd or walker name as a scoping operator to select an alternate definition. For example, if dmods m1 and m2 each provide a dcmd d, and m1 is loaded prior to m2, then you can use the scoping operator as shown below to specify the dcmd you want:
If module m1 is unloaded, the next dcmd on the global definition list (m2`d) is promoted to global visibility. Use the ::which dcmd to determine the current definition of a dcmd or walker. Use the ::which -v dcmd to display the global definition list. Dcmd PipelinesUse the vertical bar (|) operator to pipeline dcmds. The purpose of a pipeline is to pass values from one dcmd or walker to another. The values passed usually are virtual addresses. Pipeline stages might be used to map a pointer from one type of data structure to a pointer to a corresponding data structure, to sort a list of addresses, or to select the addresses of structures with certain properties. MDB executes each dcmd in the pipeline in order from left to right. The left-most dcmd is executed using the current value of dot, or using the value specified by an explicit expression at the start of the command. A pipe operator (|) causes MDB to create a shared buffer between the output of the dcmd to its left and the MDB parser, and an empty list of values. As the dcmd executes, its standard output is placed in the pipe and then consumed and evaluated by the parser, as if MDB were reading this data from standard input. Each line must consist of an arithmetic expression terminated by a NEWLINE or semicolon (;). The value of the expression is appended to the list of values associated with the pipe. If a syntax error is detected, the pipeline is aborted. When the dcmd to the left of a | operator completes, the list of values associated with the pipe is then used to invoke the dcmd to the right of the | operator. For each value in the list, dot is set to this value, and the right-hand dcmd is executed. Only the output of the right-most dcmd in the pipeline is written to standard output. If any dcmd in the pipeline produces output to standard error, these messages are written directly to standard error and are not processed as part of the pipeline. Formatting DcmdsThe /, \, ?, and = metacharacters are used to denote the special output formatting dcmds. Each of these dcmds accepts an argument list consisting of one or more format characters, repeat counts, or quoted strings. A format character is one of the ASCII characters described below. Format characters are used to read and format data from the target. A repeat count is a positive integer preceding the format character that is always interpreted in base 10 (decimal). A repeat count can also be specified as an expression enclosed in square brackets preceded by a dollar sign ($[ ]). A string argument must be enclosed in double quotation marks (" "). No blanks are necessary between format arguments. The formatting dcmds are:
In addition to dot, MDB keeps track of another global value called the increment. The increment represents the distance between dot and the address following all the data read by the last formatting dcmd. For example, let dot equal address addr, where addr displays as a 4-byte integer. After a formatting dcmd is executed with dot equal to addr, the increment is set to 4. The plus (+) operator, described in Arithmetic Expansion, would now evaluate to the value A+4, and could be used to reset dot to the address of the next data object for a subsequent dcmd. Most format characters increase the value of the increment by the number of bytes corresponding to the size of the data format. The number of bytes in various data formats are shown below. Use the ::formats dcmd to display the list of format characters from within MDB. The format characters are:
You can also use the /, \, and ? formatting dcmds to write to the target's virtual address space, physical address space, or object file. First specify one of the following modifiers as the first format character, and then specify a list of words. The words in the list are either immediate values or expressions enclosed in square brackets preceded by a dollar sign ($[ ]). The write modifiers are:
You can also use the /, \, and ? formatting dcmds to search for a particular integer value in the target's virtual address space, physical address space, and object file, respectively. First specify one of the following modifiers as the first format character, and then specify a value and optional mask. The value and mask are each either immediate values or expressions enclosed in square brackets preceded by a dollar sign. If only a value is specified, MDB reads integers of the appropriate size and stops at the address that contains the matching value. If a value V and mask M are specified, MDB reads integers of the appropriate size and stops at the address that contains a value X where (X & M) == V. At the completion of the dcmd, dot is updated to the address of the match. If no match is found, dot is left at the last address that was read. The search modifiers are:
For both user and kernel targets, an address space is typically composed of a set of discontiguous segments. It is not legal to read from an address that does not have a corresponding segment. If a search reaches a segment boundary without finding a match, the search aborts when the read past the end of the segment boundary fails. |
|