1

I'm using gdb to inspect the boot process of xv6. More specifically, I'm running xv6 using qemu with gdb support in a terminal. And in another terminal, I'm running gdb remotely connected to the qemu stub.

Now, stepping through the boot process with the si command yields the following instructions

[f000:e05b]    0xfe05b: cmpw   $0xffc8,%cs:(%esi)
[f000:e062]    0xfe062: jne    0xd241d416
[f000:e066]    0xfe066: xor    %edx,%edx
[f000:e068]    0xfe068: mov    %edx,%ss
[f000:e06a]    0xfe06a: mov    $0x7000,%sp
[f000:e070]    0xfe070: mov    $0x2d4e,%dx
[f000:e076]    0xfe076: jmp    0x5575ff02

Whereas, dumping the instructions from memory directly using the (gdb) x /20i 0xfe05b command yields the following instructions

   0xfe05b: cmpw   $0xffc8,%cs:(%esi)
   0xfe060: jo     0xfe062
   0xfe062: jne    0xd241d416
   0xfe068: mov    %edx,%ss
   0xfe06a: mov    $0x7000,%sp
   0xfe06e: add    %al,(%eax)
   0xfe070: mov    $0x2d4e,%dx
   0xfe074: verw   %cx
   0xfe077: xchg   %ebx,(%esi)
   0xfe079: push   %bp
   0xfe07b: push   %di
   0xfe07d: push   %si
   0xfe07f: push   %bx
   0xfe081: sub    $0x70,%sp
   0xfe085: mov    %ax,%di
   0xfe088: mov    0x4(%bx,%si),%si
   0xfe08d: mov    %cs:0x2c(%bp),%bl
   0xfe093: icebp  
   0xfe094: ljmp   *(%esi)

As you can see the instructions are not the same at all; why is this the case? I suspect that gdb is failing to recognise where individual instructions end and begin, so it's interpreting them incorrectly. But then again, why so?

Sumit Ghosh
  • 1,033
  • 10
  • 29
  • 3
    If `si` yields the top code, that means your cpu is in 32 bit mode but you disassembled in 16 bit mode. You do not see what the cpu is actually executing. Switch to 32 bit disassembly. – Jester Feb 10 '20 at 15:48
  • 1
    Debugging with QEMU can be problematic in 16-bit real mode. You may wish to start by using the GDB command `set architecture i8086` to decod – Michael Petch Feb 10 '20 at 15:49
  • @MichaelPetch Setting the architecture to `i8086` didn't help. Also, `qemu` was already printing "`The target architecture is assumed to be i8086`", so I guess it got that right. – Sumit Ghosh Feb 10 '20 at 15:51
  • @Jester how do I do that? Also, this is the absolute start of the boot process, so shouldn't it be 16 bit real mode? – Sumit Ghosh Feb 10 '20 at 15:55
  • 2
    `f000:e05b` seems like BIOS code. You likely want to only debug your bootloader so place breakpoint at `0x7c00`. – Jester Feb 10 '20 at 16:00
  • See also [this answer](https://stackoverflow.com/a/55246894/547981) for a possibly related bug and workaround. – Jester Feb 10 '20 at 16:03
  • @Jester Yeah you're right, this is BIOS code. But still, there should be some explanation for what's happening, right? – Sumit Ghosh Feb 10 '20 at 16:04
  • Jester and Michael already gave you an explanation: CPU in 32-bit mode but GDB decoding as 16-bit. You need to set architecture to 32-bit if GDB is incorrectly assuming 16-bit. Perhaps `i386`, or use `help set architecture`. – Peter Cordes Feb 10 '20 at 21:26

0 Answers0