Skip to content

Getting the right CTF

January 21, 2009

I just spent to long, way too long, working out why a system dump’s CTF did not seem to match the source code or for that matter the assembler that had been generated.

When a Solaris release is released all the CTF is merged into the unix file. As updates are released any structures that change are not updated in the unix file (since the old definition may still be being used) so the CTF definition is held in the module in which they are defined.

So faced with a dump where I needed to look at the “conn_udp” element in “struct conn_s” mdb kept saying there was no element “conn_udp”:

> ::print -at conn_t conn_udp mdb: failed to find member conn_udp of conn_t: no such member of structure or union > 

since the assembler made it abundantly clear that we were indeed using this element (I would show you the source but this is Solaris 10 and the source is very different from the OpenSolaris code). The thing to recall was that the structure is really defined in the “ip” module so to get the correct definition you need this:

> ::print -at ip`conn_t conn_udp 30 struct udp_s *conn_udp  >

This also effects dtrace as that is also a consumer of CTF (note this dtrace is entirely pointless):

# dtrace -n ‘fbt::udp_bind:entry / ((conn_t *)(args[0]->q_ptr))->conn_udp / { tot++ }’ dtrace: invalid probe specifier fbt::udp_bind:entry / ((conn_t *)(args[0]->q_ptr))->conn_udp / { tot++ }: in predicate: conn_udp is not a member of struct conn_s # 

and again by getting the definition from the original module gets the right answer:

# dtrace -n ‘fbt::udp_bind:entry / ((ip`conn_t *)(args[0]->q_ptr))->conn_udp / { tot++ }’ dtrace: description ‘fbt::udp_bind:entry ‘ matched 1 probe ^C  #

Since “ip`conn_t” will always give the right answer even in the case where the merged CTF data is in unix and that is the current version it is best to understand where the object was declared.

I kind of wish that at least in the case of dtrace it should get this right at the very least when you have specified the module since it knows what module you are in it could choose the CTF from that module.

# dtrace -n ‘fbt:ip:udp_bind:entry / ((conn_t *)(args[0]->q_ptr))->conn_udp / { tot++ }’ dtrace: invalid probe specifier fbt:ip:udp_bind:entry / ((conn_t *)(args[0]->q_ptr))->conn_udp / { tot++ }: in predicate: conn_udp is not a member of struct conn_s #

Should IMO work.


From → Solaris

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: