当前位置: 首页 > 工具软件 > CoreCLR > 使用案例 >

在龙芯上调试CoreCLR

彭霄
2023-12-01

dotnet for mips64 的 ea 版本已经发布
https://github.com/gsvm/loongson-dotnet/releases

在龙芯上调试CoreCLR

由于lldb在龙芯上工作不正常[1],只有gdb可以用来调试CoreCLR。

因为需要调试JIT代码,所以我们关上gdb分页,不处理SIG34信号:

$ cat ~/.gdbinit
set pagination off
handle SIG34 nostop noprint

调试JIT代码

export CORE_LIBRARIES=/home/loongson/corefx-3.1-Linux.mips64.Debug
export COMPlus_JitFunctionTrace=1
export COMPlus_JitHalt="Main"
gdb -ex=r --args ./bin/Product/Linux.mips64.Debug/corerun /home/loongson/Hello.dll | tee gdb.log

JitHalt="Main"可以在Main方法的序言处插入break指令,然后我们跳过break指令:

(gdb) set $pc+=4
(gdb) x/22i $pc-44
   0xff7c983aac:        li      zero,0x73
   0xff7c983ab0:        nop
   0xff7c983ab4:        0xf20000
   0xff7c983ab8:        sdc1    $f2,-6100(s6)
   0xff7c983abc:        dsra32  zero,zero,0x3
   0xff7c983ac0:        0x7cc11db8
   0xff7c983ac4:        dsra32  zero,zero,0x3
   0xff7c983ac8:        0x7cc49458
   0xff7c983acc:        dsra32  zero,zero,0x3
   0xff7c983ad0:        nop
   0xff7c983ad4:        break
=> 0xff7c983ad8:        daddiu  sp,sp,-32
   0xff7c983adc:        sd      s8,0(sp)
   0xff7c983ae0:        sd      ra,8(sp)
   0xff7c983ae4:        move    s8,sp
   0xff7c983ae8:        sd      a0,24(s8)
   0xff7c983aec:        lui     a0,0xff
   0xff7c983af0:        ori     a0,a0,0x7caf
   0xff7c983af4:        dsll    a0,a0,0x10
   0xff7c983af8:        ori     a0,a0,0x7a88
   0xff7c983afc:        lw      a0,0(a0)
   0xff7c983b00:        sltiu   at,a0,1

查看一下传参整型寄存器的值:

(gdb) i r a0
a0: 0xff5800fa28
(gdb) x/g 0xff5800fa28
0xff5800fa28:   0x000000ff7caf7c30

然后用si指令级的单步跟踪。

还可以使用“硬”watchpoint[2]调试GC相关问题:

(gdb) watch *0xff68001bf8
Hardware watchpoint 1: *0xff68001bf8
(gdb) c
Continuing.

...
Thread 1 "corerun" hit Hardware watchpoint 1: *0xff68001bf8

Old value = 0
New value = 1476465840
JIT_WriteBarrier () at /home/loongson/coreclr/src/vm/mips64/asmhelpers.S:206

(gdb) c
Continuing.

...
Thread 1 "corerun" hit Hardware watchpoint 1: *0xff68001bf8

Old value = 1476465840
New value = 1476577368
JIT_WriteBarrier () at /home/loongson/coreclr/src/vm/mips64/asmhelpers.S:206

如何跟踪是“谁”生成的JIT代码?

测试用例:JIT/Methodical/Invoke/thiscall/dbgthisnull/dbgthisnull.exe[3]

加压JIT、GC的时候,该测试用例复现段错误:

export CORE_LIBRARIES=/home/loongson/corefx-3.1-Linux.mips64.Debug
export COMPlus_JitFunctionTrace=1
export COMPlus_JitStress=2
export COMPlus_GCStress=1
export COMPlus_HeapVerify=1
gdb -ex=r --args ./bin/Product/Linux.mips64.Debug/corerun ./bin/tests/Linux.mips64.Debug/JIT/Methodical/Invoke/thiscall/_dbgthisnull/_dbgthisnull.exe | tee gdb.log

我们发现该测试用例“故意”造空指针访存:

Program received signal SIGSEGV, Segmentation fault.
0x000000ff7c985948 in ?? ()
(gdb) x/22i $pc-44
   0xff7c98591c:        dext    a0,a0,0x0,0x8
   0xff7c985920:        sltiu   at,a0,1
   0xff7c985924:        beqz    at,0xff7c985944
   0xff7c985928:        nop
   0xff7c98592c:        b       0xff7c98596c
   0xff7c985930:        nop
   0xff7c985934:        nop
   0xff7c985938:        nop
   0xff7c98593c:        nop
   0xff7c985940:        nop
   0xff7c985944:        ld      a0,32(s8)
=> 0xff7c985948:        ldc1    $f0,8(a0)
   0xff7c98594c:        sdc1    $f0,24(s8)
   0xff7c985950:        nop
   0xff7c985954:        b       0xff7c9859a0
   0xff7c985958:        nop
   0xff7c98595c:        nop
   0xff7c985960:        nop
   0xff7c985964:        nop
   0xff7c985968:        nop
   0xff7c98596c:        bal     0xff7c985974
   0xff7c985970:        nop
(gdb) i r a0
a0: 0x0

那么ldc1 $f0,8(a0)这条指令是由“谁”生成的呢?

0x000000ff7c985948 in ?? ()
(gdb) x/76i 0x000000ff7c915948-152
   0xff7c9158b0:        daddiu  sp,sp,-48 <-------- CodeGen::genFnProlog -> CodeGen::genAllocLclFrame
   0xff7c9158b4:        sd      s8,0(sp)                                 -> CodeGen::genPushCalleeSavedRegisters
   0xff7c9158b8:        sd      ra,8(sp)                                 -> ...
   0xff7c9158bc:        move    s8,sp
   0xff7c9158c0:        sd      a0,32(s8)
   0xff7c9158c4:        sw      a1,40(s8) <-------- CodeGen::genFnProlog
   0xff7c9158c8:        lui     a0,0xff      <----- set_Reg_To_Imm
   0xff7c9158cc:        ori     a0,a0,0x7ca8
   0xff7c9158d0:        dsll    a0,a0,0x10
   0xff7c9158d4:        ori     a0,a0,0x7b50 <----- set_Reg_To_Imm end
   0xff7c9158d8:        lw      a0,0(a0)
   0xff7c9158dc:        sltiu   at,a0,1 <---------- CodeGen::genCodeForCompare
   0xff7c9158e0:        beqz    at,0xff7c915900
   0xff7c9158e4:        nop
   0xff7c9158e8:        b       0xff7c915918
   0xff7c9158ec:        nop
   0xff7c9158f0:        nop
   0xff7c9158f4:        nop
   0xff7c9158f8:        nop
   0xff7c9158fc:        nop            <----------- CodeGen::genCodeForCompare
   0xff7c915900:        lui     a0,0xff
   0xff7c915904:        ori     a0,a0,0xf6a0
   0xff7c915908:        dsll    a0,a0,0x10
   0xff7c91590c:        ori     a0,a0,0x8fa8
   0xff7c915910:        jalr    a0
   0xff7c915914:        move    t9,a0
   0xff7c915918:        lw      a0,40(s8)
   0xff7c91591c:        dext    a0,a0,0x0,0x8
   0xff7c915920:        sltiu   at,a0,1 <---------- CodeGen::genCodeForCompare
   0xff7c915924:        beqz    at,0xff7c915944
   0xff7c915928:        nop
   0xff7c91592c:        b       0xff7c91596c
   0xff7c915930:        nop
   0xff7c915934:        nop
   0xff7c915938:        nop
   0xff7c91593c:        nop
   0xff7c915940:        nop            <----------- CodeGen::genCodeForCompare
   0xff7c915944:        ld      a0,32(s8)
=> 0xff7c915948:        ldc1    $f0,8(a0)
   0xff7c91594c:        sdc1    $f0,24(s8)
   0xff7c915950:        nop
   0xff7c915954:        b       0xff7c9159a0
   0xff7c915958:        nop
   0xff7c91595c:        nop
   0xff7c915960:        nop
   0xff7c915964:        nop
   0xff7c915968:        nop
   0xff7c91596c:        bal     0xff7c915974
   0xff7c915970:        nop
   0xff7c915974:        li      at,0x44
   0xff7c915978:        daddu   a0,at,ra
   0xff7c91597c:        ldc1    $f0,0(a0)
   0xff7c915980:        sdc1    $f0,24(s8)
   0xff7c915984:        nop
   0xff7c915988:        b       0xff7c9159a0
   0xff7c91598c:        nop
   0xff7c915990:        nop
   0xff7c915994:        nop
   0xff7c915998:        nop
   0xff7c91599c:        nop
   0xff7c9159a0:        ldc1    $f0,24(s8)
   0xff7c9159a4:        ld      ra,8(sp) <---------- CodeGen::genFnEpilog -> CodeGen::genPopCalleeSavedRegisters
   0xff7c9159a8:        ld      s8,0(sp)                                  -> ...
   0xff7c9159ac:        daddiu  sp,sp,48
   0xff7c9159b0:        jr      ra
   0xff7c9159b4:        nop              <---------- CodeGen::genFnEpilog
   ...

ldc1 $f0,8(a0)是由emitter::emitInsLoadStoreOp和emitter::emitIns_R_R_I生成。你可以“故意”修改src/jit/codegenmips64.cpp[4]的CodeGen::genCodeForIndir,添加冗余的nop指令:

diff --git a/src/jit/codegenmips64.cpp b/src/jit/codegenmips64.cpp
index ef18106..465bc17 100644
--- a/src/jit/codegenmips64.cpp
+++ b/src/jit/codegenmips64.cpp
@@ -8290,6 +8290,7 @@ void CodeGen::genCodeForIndir(GenTreeIndir* tree)
     }

     getEmitter()->emitInsLoadStoreOp(ins, emitActualTypeSize(type), targetReg, tree);
+    instGen(INS_nop);

     if (emitBarrier)
     {

重新编译,就可以看到“故意”生成的冗余nop指令:

(gdb) x/22i $pc-44
   0xff7c936560:        dext    a0,a0,0x0,0x8
   0xff7c936564:        sltiu   at,a0,1
   0xff7c936568:        beqz    at,0xff7c936588
   0xff7c93656c:        nop
   0xff7c936570:        b       0xff7c9365b4
   0xff7c936574:        nop
   0xff7c936578:        nop
   0xff7c93657c:        nop
   0xff7c936580:        nop
   0xff7c936584:        nop
   0xff7c936588:        ld      a0,32(s8)
=> 0xff7c93658c:        ldc1    $f0,8(a0)
=> 0xff7c936590:        nop
   0xff7c936594:        sdc1    $f0,24(s8)
   0xff7c936598:        nop
   0xff7c93659c:        b       0xff7c9365e8
   0xff7c9365a0:        nop
   0xff7c9365a4:        nop
   0xff7c9365a8:        nop
   0xff7c9365ac:        nop
   0xff7c9365b0:        nop
   0xff7c9365b4:        bal     0xff7c9365bc
   0xff7c9365b8:        nop

还可以通过grep ldc1 -rn src/jit/来了解访存相关的代码生成。因为ldc1    $f0,8(a0)属于RRI指令形式,所以可以在emitter::emitIns_R_R_I“故意”加入断言:

diff --git a/src/jit/emitmips64.cpp b/src/jit/emitmips64.cpp
index 06b574d..9d19a52 100644
--- a/src/jit/emitmips64.cpp
+++ b/src/jit/emitmips64.cpp
@@ -2513,6 +2513,7 @@ void emitter::emitIns_R_R_I(
             assert((-32768 <= imm) && (imm <= 32767));
             assert(isFloatReg(reg1));
             assert(isGeneralRegisterOrR0(reg2));
+            assert(imm != 8 && reg1 != REG_F0 && reg2 != REG_A0);
             break;
 
         case INS_c_f_s:

gdb bt一下就能知道具体的函数(例如:emitter::emitInsLoadStoreOp)以及行数。

1. https://github.com/dotnet/runtime/issues/37405
2. https://hev.cc/2758.html
3. https://github.com/gsvm/coreclr/blob/mips64-port/tests/src/JIT/Methodical/Invoke/thiscall/_dbgthisnull.ilproj
4. https://github.com/gsvm/coreclr/blob/mips64-port/src/jit/codegenmips64.cpp

相关文章:

 类似资料: