STREAMS/UX for the HP 9000 Reference Manual
197
Debugging STREAMS/UX Modules and Drivers
Debugging Examples
struct sp {
unsigned sp_state;
queue_t *sp_rdq;
mblk_t *mp;
mblk_t *last_mp;
};
static sp_timeout(lp)
struct sp *lp;
{
mblk_t *temp;
unsigned int s;
if (lp->sp_state & SPOPEN) {
/* Put message on driver's read queue */
s = splstr();
temp = lp->mp;
lp->mp = lp->mp->b_next;
if (lp->mp == NULL) lp->last_mp = NULL;
temp->b_next = NULL;
putq(lp->sp_rdq,temp);
splx(s);
}
}
Here is the relevant portion of the assembly code. The instruction which
caused the panic is marked with an “*.”
sp_timeout,20?ia # adb command
sp_timeout: # adb's response
sp_timeout: stw rp,-14(sp)
sp_timeout+4: stwm r3,40(sp)
sp_timeout+8: stw r4,-3C(sp)
sp_timeout+0xC: or arg0,r0,r3
sp_timeout+10: ldws 0(r3),arg1
sp_timeout+14: bb,>=,n arg1,31,sp_timeout+58
sp_timeout+18: bl tmxlwsrv+6C,rp (splstr)
sp_timeout+1C: or r0,r0,r0
sp_timeout+20: or ret0,r0,r4
sp_timeout+24: ldws 8(r3),arg1
sp_timeout+28: ldws 8(r3),arg3
*sp_timeout+2C: ldws 0(arg3),arg2
sp_timeout+30: stws arg2,8(r3)
At sp_timeout+0xC, arg0, which corresponds to the source code variable lp
is moved to r3. We know arg0 is lp, because lp is the first argument to
sp_timeout(). sp_timeout+0x14 looks like the if statement in the source
code, because bb is a branch instruction. sp_timeout+0x18 is the call to
splstr(). sp_timeout+0x28 loads arg3 with the memory contents at location
r3 + 0x8. arg3 is the source code variable lp->mp. We can guess this
because mp is 8 bytes from the start of lp, according to the declaration for
the struct sp. So our problem is that lp->mp is NULL. We want to confirm