The debug monitor is entered when the kernel crashes, if a system process panics, or an unhandled processor exception occurs.
Under normal circumstances this ought not to happen, but when the kernel faults, the device enters the kernel debug monitor.
There may be circumstances where you need to force a kernel crash, for example, if the system is locking up. Running the test program crash.exe forces a crash. This program takes a parameter that defines the number of seconds that must elapse before the kernel crash is forced.
For example, when the system locks up under certain conditions, run "crash 60", and then recreate the conditions that lead to the lockup. After 60 seconds, the kernel crash is forced and the debug monitor is entered.
Notes:
the EKA2 debug monitor is very similar to the EKA1 version, although the details displayed may be different.
you will occasionally find references to the crash debugger; this is the same as the debug monitor.
When the kernel faults, the device enters the debug monitor.
To make use of the debug monitor, do the following:
Plug the mains adaptor into the DC jack.
Connect the target device COM port to your PC, and set the PC serial port to 115200 baud, 8 bits, no parity, 1 stop bit, XON/XOFF flow control.
Press the ON key on the target device.
Start a terminal program on the PC (e.g. HyperTerminal.)
Press RETURN on the PC. The target device should reply with the prompt:
Password:
Enter the password "replacement" (all lower case, but without the quotes) on the PC. The target device should now reply:
*** DEBUG MONITOR ***
You can now enter debug monitor commands.
Commands consist of a single letter describing the operation to be performed, followed by any arguments. Not all commands take arguments. Commands are case sensitive; the majority are lower case. Commands should be entered at the command prompt, on the PC. The set of supported commands is as follows:
This command displays information about the the kernel fault that caused the debugger to be entered. The information has the following format.
Fault Category: Exception Fault Reason: 10000000 ExcId 00000001 CodeAddr ffe0016c DataAddr 80000001 Extra 00000013 Exc 1 Cpsr=68000010 FAR=80000001 FSR=00000013 R0=00000000 R1=00000000 R2=30000000 R3=80000001 R4=00000001 R5=00403d68 R6=00002000 R7=00000000 R8=00000000 R9=00000000 R10=00000000 R11=00403fa0 R12=00403d34 R13=00403d48 R14=500d41e8 R15=ffe0016c R13Svc=81716000 R14Svc=500480b8 SpsrSvc=20000010
Notes:
This command dumps memory in both hexadecimal and ASCII format. Use one of the following command formats:
m start end
m start+length
start specifies the start address in hexadecimal, and end specifies the end address in hexadecimal. If the second parameter starts with a + character, then the following hexadecimal characters are interpreted as a length.
Address parameters are always virtual addresses (the MMU is still on).
The resulting format is similar to the EKA1 format.
For example:
.m 81c01c60+30
81C01C60: 00 00 00 00 15 00 00 10 E0 6A 13 50 01 00 00 80 .........j.P.... 81C01C70: 30 3B C0 81 34 D9 03 50 00 00 FF FF E8 1C C0 81 0;..4..P........ 81C01C80: 34 D9 03 50 30 3B C0 81 FC 4A 13 50 E8 1C C0 81 4..P0;...J.P.....
If an illegal memory access occurs, the debugger traps the exception and displays an error message.
This command dumps memory in both hexadecimal and ASCII format, but excludes any unmapped memory space. If an illegal memory access occurs, it does not stop, but skips to the next page instead. This is useful to inspect the content of discontiguous chunks.
The syntax and the display format is the same as for the m command.
This command displays information for the current process and thread.
SCHEDULER @80000d98: CurrentThread 8070dd28 RescheduleNeeded=00 DfcPending=00 KernCSLocked=00000001 DFCS: next 80000ea8 prev 80000ea8 ProcessHandler=5004b040, AddressSpace=8070d7c8 SYSLOCK: HoldingThread 8070dd28 iWaiting 00000000 Extras 0: 8070d7c8 1: 8070d7c8 2: 8070d7c8 3: 00000000 Extras 4: 00000000 5: 00000000 6: 00000000 7: 00000000 Extras 8: 00000000 9: 00000000 A: 00000000 B: 00000000 Extras C: 00000000 D: 00000000 E: 00000000 F: 00000000
The format for the thread is:
TheCurrentThread=8070da6c THREAD at 8070da6c VPTR=50052b50 AccessCount=3 Owner=8070d7c8 Full name crash::Main Thread MState READY Default priority 28 WaitLink Priority 28 ExitInfo 3,0, Flags 80000004, Handles 8070a79c Superviso81715000 size 1000 User stack base 00402000 size 2000 Id=19, Heap=00600000, Created heap=00600000, Frame=00000000 Trap handler=00000000, ActiveScheduler=00000000, Exception handler=00000000 TempObj=00000000 TempAlloc=00000000 NThread @ 8070dd28 Pri 28 NState READY Next=8070dd28 Prev=8070dd28 Att=03 ExcInUserMode=10 HeldFM=80000eb8 WaitFM=00000000 AddrSp=8070d7c8 Time=0 Timeslice=20 ReqCount=0 SuspendCount=0 CsCount=0 CsFunction=00000000 SavedSP=81715d6c CAR 00000001 DACR 30315507 R13_USR 00000000 R14_USR 81715dc4 SPSR_SVC 81715e10 R4 30303031 R5 30303030 R6 81715dc4 R7 81715e14 R8 81715dac R9 81715da0 R10 50055c88 R11 50055c3c PC 81715dc0
The format for the process is:
TheCurrentProcess=8070d7c8 PROCESS at 8070d7c8 VPTR=50052bc4 AccessCount=5 Owner=00000000 Full name crash ExitInfo 3,0, Flags 00040000, Handles 80709c98, Attributes 60010000 DataBssChunk 8070a514, CodeChunk 8070a9a8 DllDataChunk 00000000, Process Lock 8070d90c NumChunks=2 0: Chunk 8070a514, run 00400000, access count 1 1: Chunk 8070a704, run 00600000, access count 1 Domain -1, DACR 55555507 TheCurrentAddressSpace=8070d7c8 TheCurrentVMProcess=8070d7c8 PROCESS at 8070d7c8 VPTR=50052bc4 AccessCount=5 Owner=00000000 Full name crash ExitInfo 3,0, Flags 00040000, Handles 80709c98, Attributes 60010000 DataBssChunk 8070a514, CodeChunk 8070a9a8 DllDataChunk 00000000, Process Lock 8070d90c NumChunks=2 0: Chunk 8070a514, run 00400000, access count 1 1: Chunk 8070a704, run 00600000, access count 1 Domain -1, DACR 55555507 TheCurrentDataSectionProcess=8070d7c8 TheCompleteDataSectionProcess=8070d7c8 PROCESS at 8070d7c8 VPTR=50052bc4 AccessCount=5 Owner=00000000 Full name crash ExitInfo 3,0, Flags 00040000, Handles 80709c98, Attributes 60010000 DataBssChunk 8070a514, CodeChunk 8070a9a8 DllDataChunk 00000000, Process Lock 8070d90c NumChunks=2 0: Chunk 8070a514, run 00400000, access count 1 1: Chunk 8070a704, run 00600000, access count 1 Domain -1, DACR 55555507
This command in lower case displays basic information about the DObject. The command has the following syntax:
o address
where address specifies the address of the DObject.
For example:
o 6403c170
THREAD at 6403c170 VPTR=f8046c18 AccessCount=3 Owner=6403bb4c Full name crash::Main
This command in upper case displays full information about the DObject. The exact format displayed depends on the exact type of the DObject being referenced, for example, whether it is a thread, process, or a chunk. The command has the following syntax:
O address
where address specifies the address of the DObject.
This command in lower case displays basic information about one or more code segments, as encapsulated by DCodeSeg objects. The command has the following syntax:
p address | all
where:
For example:
p 64053b70
.p 64053b70 CodeSeg at 64053b70: FileName: Z:\sys\bin\crash.exe RunAddress: f83e3498
This command in upper case displays the full information about one or more code segments, as encapsulated by DCodeSeg objects. The command has the following syntax:
P address | all
where:
For example:
P 64053b70
.p 64053b70 CodeSeg at 64053b70: FileName: Z:\sys\bin\crash.exe RunAddress: f83e3498 iLink: Prev 64052f48 (64052f40) Next 640000e0 (640000d8) iTempLink: Prev dfdfdfdf (dfdfdfcf) Next 00000000 (00000000) iGbgLink: Prev 00000000 (00000000) Next 00000000 (00000000) iAccessCount: 1 iEntryPtVeneer: f83e3498 iFileEntryPoint: f83e3498 iExtOffset: 10 iUids: 1000007a 00000000 00000000 iDeps: 00000000 ( ) iDepCount: 0 iNextDep: 0 iMark: 31 iAttr: a iExeCodeSeg: 64053b70 iAttachProcess: 00000000 iModuleVersion: a0000 iS: SecureId: 00000000, VendorId: 70000001 Caps: 000fffff 00000000 iSize: 370 iXIP: 1 iInfo: f83e3420 (TRomImageHeader*) iUid1: 1000007a, iUid2: 00000000, iUid3: 00000000 iUidChecksum: 045ac39e iEntryPoint: f83e3498 iCodeAddress: f83e3498, iCodeSize: 00000370 iDataAddress: 00000000, iDataSize: 00000000 iTextSize: 00000370, iBssSize: 00000000 iHeapSizeMin: 00001000, iHeapSizeMax: 00100000, iStackSize: 00002000 iDllRefTable: 00000000 iExportDirCount: 0, iExportDir: f83e33fc iS: SecureId: 00000000, VendorId: 70000001 Caps: 000fffff 00000000 iToolsVersion: Major 02 Minor 01 Build 0225 iFlags: 0000002a iPriority: 352 iDataBssLinearBase: 00400000 iNextExtension: 00000000 iHardwareVariant: 01000000 iTotalDataSize: 00000000 iModuleVersion: 000a0000 iExceptionDescriptor: f83e34f4 iCodeAllocBase: 80000000 iDataAllocBase: 80000000 iKernelData: 00000000
This command in lower case displays the contents of one of the kernel's object containers, a DObjectCon type. Note that information is dumped very quickly without page breaks, which is useful in situations where the kernel is likely to become very unstable very shortly after crashing. There is an upper case version of this command, C, which generates output with a pause between pages.
The command has the following syntax:
c type
where type is a single hexadecimal digit between 0 and D inclusive that specifies which kernel container is to be dumped. The mapping between the hexadecimal digit and the kernel container is:
0 |
Threads |
1 |
Processes |
2 |
Chunks |
3 |
Libraries |
4 |
Semaphores |
5 |
Mutexes |
6 |
Timers |
7 |
Servers |
8 |
Sessions |
9 |
LogicalDevices |
A |
PhysicalDevices |
B |
Channels |
C |
ChangeNotifiers |
D |
Undertakers |
E |
Message queues |
F |
Property references |
For example:
c A
Container 10 at 640275c4 contains 3 PHYSICAL DEVICES: PHYSICAL DEVICE at 64032dac VPTR=f805d9fc AccessCount=2 Owner=00000000 Full name Media.IRam PHYSICAL DEVICE at 640339e8 VPTR=f8067e44 AccessCount=2 Owner=00000000 Full name Media.Flash PHYSICAL DEVICE at 64033a64 VPTR=f806b9f8 AccessCount=2 Owner=00000000 Full name Media.Ata
c 0
Container 0 at 807022b8 contains 12 THREADS: THREAD at 807011c0 VPTR=50052b04 AccessCount=1 Owner=8070107c Full name EKern::Null Thread MState READY Default priority 0 WaitLink Priority 0 ExitInfo 3,0, Flags 0000000c, Handles 80701520 Supervisor stack base 80700000 size 1000 User stack base 00000000 size 0 Id=0, Heap=00000000, Created heap=00000000, Frame=00000000 Trap handler=00000000, ActiveScheduler=00000000, Exception handler=00000000 TempObj=00000000 TempAlloc=00000000 NThread @ 8070147c Pri 0 NState READY Next=8070147c Prev=8070147c Att=00 ExcInUserMode=00 HeldFM=00000000 WaitFM=00000000 AddrSp=8070107c Time=-1 Timeslice=-1 ReqCount=0 SuspendCount=0 CsCount=0 CsFunction=00000000 SavedSP=80700f50 CAR 00000001 DACR 55555547 R13_USR 00403ed4 R14_USR 500c88b4 SPSR_SVC 200000d3 R4 00000009 R5 5004b7ec R6 50000000 R7 dc911000 R8 00000000 R9 807103c0 R10 50002140 R11 80700fb4 PC 500481b4
The information displayed for each object is the same as that shown after using the q command. After displaying the information for each object, the debugger pauses until you press a key.
Notes
This command in upper case is exactly the same as the lower case c command except that the display of output pauses between pages. If you need to dump output as fast as possible without pauses, use the lower case version.
This command dumps the full ARM register set.
On ARM this dumps the full set of user mode registers and all the alternate registers for other modes.
For example:
r
MODE_USR: R0=6571de54 R1=0000002a R2=00000002 R3=ffffffff R4=0000002a R5=f8170414 R6=6571df14 R7=6403cba8 R8=00000001 R9=6403c41c R10=640002f8 R11=6571de70 R12=00000020 R13=00404e00 R14=f80818c0 R15=f800bfa8 CPSR=60000013 MODE_FIQ: R8=00000000 R9=ffffffff R10=ffffffff R11=00000000 R12=00000000 R13=64000d0c R14=c080079c SPSR=e00000dc MODE_IRQ: R13=6400110c R14=00000013 SPSR=20000013 MODE_SVC: R13=6571de54 R14=f80328bc SPSR=60000010 MODE_ABT: R13=6400090c R14=ffff0010 SPSR=400000d7 MODE_UND: R13=6400090c R14=95221110 SPSR=f000009d
This command, in upper case, dumps both the user and supervisor stacks used by each thread in the system. Some threads do not have a user thread, in which case this is indicated. Each set of stacks is displayed in turn, in the following format:
THREAD at c8052fa0 VPTR=80082304 AccessCount=6 Owner=c8044608 Full name efile.exe::LoaderThread User stack base at 00410000, size == 1000 Stack pointer == 00413e30 Stack mapped at 00410000 00413e30: 10 01 70 01 99 93 1b 80 18 01 70 01 d0 56 1b 80 ..p.......p..V.. 00413e40: 00 00 00 00 00 00 00 00 84 00 70 01 84 00 70 01 ..........p...p. 00413e50: 04 00 00 00 23 91 1b 80 38 01 70 01 10 01 70 01 ....#...8.p...p. 00413e60: 80 3e 41 00 01 00 00 00 10 01 70 01 00 00 00 00 .>A.......p..... 00413e70: 84 00 70 01 cd 91 1b 80 30 02 70 01 00 00 00 00 ..p.....0.p..... Supervisor stack base at c9127000, size == 1000 Stack pointer == c9127fbc c9127fb0: b0 d1 0a c8 0c 00 00 00 13 00 00 00 00 07 00 00 ................ c9127fc0: 00 00 f0 00 45 55 55 55 30 3e 41 00 89 ff 1b 80 ....EUUU0>A..... c9127fd0: 10 00 00 20 10 01 70 01 80 3e 41 00 98 c7 23 80 ... ..p..>A...#. c9127fe0: 58 3e 41 00 04 00 00 00 40 00 00 00 98 4b 04 c8 X>[email protected].. c9127ff0: 60 04 00 c8 98 01 02 80 00 00 00 00 10 5a 1b 80 `............Z..
This command, in lower case, leaves the debugger and does a cold restart of the current ROM image.
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.