PPC checkpoints

Question

PPC checkpoints

What is the breakpoint implemented in PPC (for specific OS X)?

For example, on x86 this is usually done with INT 3 (0xCC) instruction - is there a command comparable to this for ppc? Or is there another way they are installed / implemented?

+1

assembly debugging powerpc macos

xtophyr 29 nov. '08 at 9:12

source to share

6 answers

In addition to software breakpoints, PPC also supports hardware breakpoints implemented through registers IABR

(and possibly IABR2

depending on the base version). These are instruction breakpoints, but there are also data breakpoints (implemented with DABR

and possibly DABR2

). If your kernel supports two sets of hardware breakpoint registers (for example, IABR2 and DABR2), you can do more than just trigger at a specific address: you can specify an entire contiguous range of addresses as a breakpoint. For data checkpoints, you can also specify whether you want them to run on write, read, or access.

+3

atzz 29 nov. '08 at 13:43

source to share

With gdb and a function that does hexadecimal operations, I get 0x7fe00008. This seems to be tw instruction :

0b01111111111000000000000000001000
  011111                           31
        11111                      condition flags: lt, gt, ge, logical lt, logical gt
             00000                 rA
                  00000            rB
                       0000000100  constant 4
                                 0 reserved

i.e. compare r0 with r0 and the trap for any result.

Parsing GDB is just an extended mnemonictrap

EDIT: I am using "GNU gdb 6.3.50-20050815 (Apple version gdb-696) (Sat Oct 20 18:20:28 GMT 2007)"

EDIT 2: It's also possible that conditional breakpoints will use other forms, tw

or twi

if the required values are already in the register and the debugger doesn't need to keep track of the hit counter.

+2

tc. 23 Apr 12 at 19:09

source to share

The best guess is the "tw" or "twi" instruction.

You can dig into the PPC gdb source code, OS X probably uses the same functionality as FreeBSD's roots.

+1

HUAGHAGUAH 29 nov. '08 at 13:30

source to share

The PowerPC architecture uses pitfalls.

http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.aixassem/doc/alangref/twi.htm

+1

user343474 May 17 '10 at 21:26

source to share

Execution checkpoints are usually implemented with a command TRAP

or with IABR

.

Examples of implementation: ArchLinux , Apple's , the Wii and the Wii the U .

0

BullyWiiPlaza May 29 '17 at 15:05

source to share

paxdiablo · Accepted Answer · 2008-11-29T09:32:00+0000

I was told by reliable (but currently intoxicated, so take it with a grain of salt) that it is instruction zero which is illegal and causes some kind of system trap.

EDIT: Made on the community wiki in case my friend is so drunk that he says insane rubbish :-)

PPC checkpoints

More articles: