15-410 Simics Command Guide
15-410 Basic Simics Commands
Here is a brief listing of useful Simics commands. A more detailed
reference is the Simics User Guide, available in the 410
simics/doc directory. To get more help on any of these
commands within Simics, type help COMMANDNAME. Simics
supports tab-key command completion and command history.
Below, anything in [] is an optional argument, while anything
in () means you must choose one and only one option.
Running Simics
r
Starts the simulation. Once a simulation has been started, it may
not be restarted. To give up on a simulation and start anew, quit
the simulation and restart Simics.
c
Continues the simulation after a breakpoint or error has occurred.
Note that you may not be able to continue reliably after some types
of errors.
q
Exits Simics.
ctrl-c (control + c)
Interrupts the currently running simulation so that commands may
be entered (debugging commands, quit, etc).
stepi [NUM]
Steps through the next NUM instructions. NUM defaults to 1. If
a breakpoint occurs while stepping, it still causes a break in
execution.
n
Step to next source line and stop.
Note that there are multiple possible meanings
of this;
if you find the results of this command surprising,
think carefully about how its semantics might differ
from your expectation and why.
This command
is a local Python-based debugger extension written by 410 TA Michael Berman.
Accessing Registers
pregs
Prints the contents of all the general purpose registers (eax, ecx, edx, ebx, esi, edi, ebp, esp), the value of the program counter (eip), the contents of EFLAGS, and various other registers.
%REGNAME
Prints the contents of register REGNAME. For example, %eax prints the contents of the eax register. This output will be in decimal. To print it in hex, try print -x %REGNAME (see below for more information on the print command).
read-reg REGNAME
Same as %REGNAME.
write-reg REGNAME NEWVALUE
Sets the value stored in register REGNAME to NEWVALUE. For example, write-reg eax 0 would put 0 into register eax.
Accessing Memory
x v:ADDRESS [SIZE] or x p:ADDRESS [SIZE]
Prints the contents of memory starting at ADDRESS and continuing for SIZE bytes. First lists the starting address, then the bytes in memory, and last an attempt to translate the bytes into ASCII (the ASCII will be nonsensical unless actual words are stored in the location). v indicates the ADDRESS is a virtual/logical memory address, while p indicates the ADDRESS is a physical memory address. If SIZE is not given, the default is 16 bytes. Remember, you are dealing with a little endian machine.
logical-to-physical ADDRESS
Displays the physical address that the logical/virtual address ADDRESS maps to. The output is in decimal, but you can combine it with print to get hex output. See also tlb0.info and tlb0.status.
get ADDRESS [SIZE]
Gets SIZE bytes starting from physical address ADDRESS. SIZE defaults to 4 and can be no larger than 8.
set ADDRESS VALUE [SIZE]
Sets SIZE bytes starting from physical address to VALUE. SIZE defaults to 4 and can be no larger than 8.
stack-trace [MAXDEPTH]
Displays a stack trace up to at most MAXDEPTH (default is 64).
Breakpoints
break ADDRESS [LENGTH] [-r] [-w] [-x]
Sets a breakpoint of the specified modes for access in the LENGTH bytes starting at ADDRESS. Any combination of modes can be set, with r specifying memory read, w specifying memory write, and x specifying execute.
list-breakpoints
Lists all breakpoints. Information includes whether the breakpoint is a virtual or physical address, the modes to break on (read, write, execute), whether it is enabled or disabled, the start and stop address, and the number of times the breakpoint has been reached.
enable (-all | ID)
Enables all breakpoints or just breakpoint with id ID.
disable (-all | ID)
Disables all breakpoints or just breakpoint with id ID.
delete (-all | ID)
Deletes all breakpoints or just breakpoint with id ID.
break-exception ("NAME" | NUMBER | -all | -list)
Asks simics to stop when a particular exception is raised. Since
the built-in documentation is very coy about the supported names
and numbers for the x86 target, here is a table.
Number | Name |
0 | Divide_Error_Exception |
1 | Debug_Exception |
2 | NMI_Interrupt |
3 | Breakpoint_Exception |
4 | Overflow_Exception |
5 | BOUND_Range_Exceeded_Exception |
6 | Invalid_Opcode_Exception |
7 | Device_Not_Available_Exception |
8 | Double_Fault_Exception |
9 | Coprocessor_Segment_Overrun |
10 | Invalid_TSS_Exception |
11 | Segment_Not_Present |
12 | Stack_Fault_Exception |
13 | General_Protection_Exception |
14 | Page_Fault_Exception |
16 | Floating_Point_Error_Exception |
17 | Alignment_Check_Exception |
18 | Machine_Check_Exception |
Printing variables, the results of expressions, and print formatting
psym (VARNAME | "VARNAME" | FUNCTIONNAME)
Prints the value of variable VARNAME or function FUNCTIONNAME and
possibly associated type information. You can perform more complex
operations such as casting and dereferencing if you use the quote
version. Note that the symbols must have been loaded for this
command to work properly (we have taken care of this for you).
Observe that psym "&(thr_cb->exitstatus)"
lets you determine the address of a particular
item in a data structure.
sym (VARNAME | FUNCTIONNAME)
Similar to psym, except can be used in combination with other commands. For example, any command calling for an ADDRESS can use (sym FUNCTIONNAME) instead. If you had a function called test, you could do break -w (sym test) rather than having to determine the memory location of test.
print [(-x | -o | -b | -s)] VALUE [SIZE]
Allows for printing in different formats and can print any value that can be expressed as an integer. Arithmetic operations are allowed to create VALUE and the results of other commands can be used. Outputs types are -x for hex, -o for octal, -b for binary, and -s for signed integer.
Getting More Help
help
Prints a list of different categories of commands.
help CATEGORY
Prints a list of commands within the CATEGORY.
help COMMNAD
Prints help information about the COMMAND
|