1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 /*
  27  * Copyright (c) 2012, 2014 by Delphix. All rights reserved.
  28  * Copyright (c) 2012 Joyent, Inc. All rights reserved.
  29  */
  30 
  31 #include <mdb/mdb_modapi.h>
  32 #include <mdb/mdb_target.h>
  33 #include <mdb/mdb_argvec.h>
  34 #include <mdb/mdb_string.h>
  35 #include <mdb/mdb_stdlib.h>
  36 #include <mdb/mdb_err.h>
  37 #include <mdb/mdb_debug.h>
  38 #include <mdb/mdb_fmt.h>
  39 #include <mdb/mdb_ctf.h>
  40 #include <mdb/mdb_ctf_impl.h>
  41 #include <mdb/mdb.h>
  42 #include <mdb/mdb_tab.h>
  43 
  44 #include <sys/isa_defs.h>
  45 #include <sys/param.h>
  46 #include <sys/sysmacros.h>
  47 #include <netinet/in.h>
  48 #include <strings.h>
  49 #include <libctf.h>
  50 #include <ctype.h>
  51 
  52 typedef struct holeinfo {
  53         ulong_t hi_offset;              /* expected offset */
  54         uchar_t hi_isunion;             /* represents a union */
  55 } holeinfo_t;
  56 
  57 typedef struct printarg {
  58         mdb_tgt_t *pa_tgt;              /* current target */
  59         mdb_tgt_t *pa_realtgt;          /* real target (for -i) */
  60         mdb_tgt_t *pa_immtgt;           /* immediate target (for -i) */
  61         mdb_tgt_as_t pa_as;             /* address space to use for i/o */
  62         mdb_tgt_addr_t pa_addr;         /* base address for i/o */
  63         ulong_t pa_armemlim;            /* limit on array elements to print */
  64         ulong_t pa_arstrlim;            /* limit on array chars to print */
  65         const char *pa_delim;           /* element delimiter string */
  66         const char *pa_prefix;          /* element prefix string */
  67         const char *pa_suffix;          /* element suffix string */
  68         holeinfo_t *pa_holes;           /* hole detection information */
  69         int pa_nholes;                  /* size of holes array */
  70         int pa_flags;                   /* formatting flags (see below) */
  71         int pa_depth;                   /* previous depth */
  72         int pa_nest;                    /* array nesting depth */
  73         int pa_tab;                     /* tabstop width */
  74         uint_t pa_maxdepth;             /* Limit max depth */
  75         uint_t pa_nooutdepth;           /* don't print output past this depth */
  76 } printarg_t;
  77 
  78 #define PA_SHOWTYPE     0x001           /* print type name */
  79 #define PA_SHOWBASETYPE 0x002           /* print base type name */
  80 #define PA_SHOWNAME     0x004           /* print member name */
  81 #define PA_SHOWADDR     0x008           /* print address */
  82 #define PA_SHOWVAL      0x010           /* print value */
  83 #define PA_SHOWHOLES    0x020           /* print holes in structs */
  84 #define PA_INTHEX       0x040           /* print integer values in hex */
  85 #define PA_INTDEC       0x080           /* print integer values in decimal */
  86 #define PA_NOSYMBOLIC   0x100           /* don't print ptrs as func+offset */
  87 
  88 #define IS_CHAR(e) \
  89         (((e).cte_format & (CTF_INT_CHAR | CTF_INT_SIGNED)) == \
  90         (CTF_INT_CHAR | CTF_INT_SIGNED) && (e).cte_bits == NBBY)
  91 
  92 #define COMPOSITE_MASK  ((1 << CTF_K_STRUCT) | \
  93                         (1 << CTF_K_UNION) | (1 << CTF_K_ARRAY))
  94 #define IS_COMPOSITE(k) (((1 << k) & COMPOSITE_MASK) != 0)
  95 
  96 #define SOU_MASK        ((1 << CTF_K_STRUCT) | (1 << CTF_K_UNION))
  97 #define IS_SOU(k)       (((1 << k) & SOU_MASK) != 0)
  98 
  99 #define MEMBER_DELIM_ERR        -1
 100 #define MEMBER_DELIM_DONE       0
 101 #define MEMBER_DELIM_PTR        1
 102 #define MEMBER_DELIM_DOT        2
 103 #define MEMBER_DELIM_LBR        3
 104 
 105 typedef int printarg_f(const char *, const char *,
 106     mdb_ctf_id_t, mdb_ctf_id_t, ulong_t, printarg_t *);
 107 
 108 static int elt_print(const char *, mdb_ctf_id_t, mdb_ctf_id_t, ulong_t, int,
 109     void *);
 110 static void print_close_sou(printarg_t *, int);
 111 
 112 /*
 113  * Given an address, look up the symbol ID of the specified symbol in its
 114  * containing module.  We only support lookups for exact matches.
 115  */
 116 static const char *
 117 addr_to_sym(mdb_tgt_t *t, uintptr_t addr, char *name, size_t namelen,
 118     GElf_Sym *symp, mdb_syminfo_t *sip)
 119 {
 120         const mdb_map_t *mp;
 121         const char *p;
 122 
 123         if (mdb_tgt_lookup_by_addr(t, addr, MDB_TGT_SYM_EXACT, name,
 124             namelen, NULL, NULL) == -1)
 125                 return (NULL); /* address does not exactly match a symbol */
 126 
 127         if ((p = strrsplit(name, '`')) != NULL) {
 128                 if (mdb_tgt_lookup_by_name(t, name, p, symp, sip) == -1)
 129                         return (NULL);
 130                 return (p);
 131         }
 132 
 133         if ((mp = mdb_tgt_addr_to_map(t, addr)) == NULL)
 134                 return (NULL); /* address does not fall within a mapping */
 135 
 136         if (mdb_tgt_lookup_by_name(t, mp->map_name, name, symp, sip) == -1)
 137                 return (NULL);
 138 
 139         return (name);
 140 }
 141 
 142 /*
 143  * This lets dcmds be a little fancy with their processing of type arguments
 144  * while still treating them more or less as a single argument.
 145  * For example, if a command is invokes like this:
 146  *
 147  *   ::<dcmd> proc_t ...
 148  *
 149  * this function will just copy "proc_t" into the provided buffer. If the
 150  * command is instead invoked like this:
 151  *
 152  *   ::<dcmd> struct proc ...
 153  *
 154  * this function will place the string "struct proc" into the provided buffer
 155  * and increment the caller's argv and argc. This allows the caller to still
 156  * treat the type argument logically as it would an other atomic argument.
 157  */
 158 int
 159 args_to_typename(int *argcp, const mdb_arg_t **argvp, char *buf, size_t len)
 160 {
 161         int argc = *argcp;
 162         const mdb_arg_t *argv = *argvp;
 163 
 164         if (argc < 1 || argv->a_type != MDB_TYPE_STRING)
 165                 return (DCMD_USAGE);
 166 
 167         if (strcmp(argv->a_un.a_str, "struct") == 0 ||
 168             strcmp(argv->a_un.a_str, "enum") == 0 ||
 169             strcmp(argv->a_un.a_str, "union") == 0) {
 170                 if (argc <= 1) {
 171                         mdb_warn("%s is not a valid type\n", argv->a_un.a_str);
 172                         return (DCMD_ABORT);
 173                 }
 174 
 175                 if (argv[1].a_type != MDB_TYPE_STRING)
 176                         return (DCMD_USAGE);
 177 
 178                 (void) mdb_snprintf(buf, len, "%s %s",
 179                     argv[0].a_un.a_str, argv[1].a_un.a_str);
 180 
 181                 *argcp = argc - 1;
 182                 *argvp = argv + 1;
 183         } else {
 184                 (void) mdb_snprintf(buf, len, "%s", argv[0].a_un.a_str);
 185         }
 186 
 187         return (0);
 188 }
 189 
 190 /*ARGSUSED*/
 191 int
 192 cmd_sizeof(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
 193 {
 194         mdb_ctf_id_t id;
 195         char tn[MDB_SYM_NAMLEN];
 196         int ret;
 197 
 198         if (flags & DCMD_ADDRSPEC)
 199                 return (DCMD_USAGE);
 200 
 201         if ((ret = args_to_typename(&argc, &argv, tn, sizeof (tn))) != 0)
 202                 return (ret);
 203 
 204         if (argc != 1)
 205                 return (DCMD_USAGE);
 206 
 207         if (mdb_ctf_lookup_by_name(tn, &id) != 0) {
 208                 mdb_warn("failed to look up type %s", tn);
 209                 return (DCMD_ERR);
 210         }
 211 
 212         if (flags & DCMD_PIPE_OUT)
 213                 mdb_printf("%#lr\n", mdb_ctf_type_size(id));
 214         else
 215                 mdb_printf("sizeof (%s) = %#lr\n", tn, mdb_ctf_type_size(id));
 216 
 217         return (DCMD_OK);
 218 }
 219 
 220 int
 221 cmd_sizeof_tab(mdb_tab_cookie_t *mcp, uint_t flags, int argc,
 222     const mdb_arg_t *argv)
 223 {
 224         char tn[MDB_SYM_NAMLEN];
 225         int ret;
 226 
 227         if (argc == 0 && !(flags & DCMD_TAB_SPACE))
 228                 return (0);
 229 
 230         if (argc == 0 && (flags & DCMD_TAB_SPACE))
 231                 return (mdb_tab_complete_type(mcp, NULL, MDB_TABC_NOPOINT));
 232 
 233         if ((ret = mdb_tab_typename(&argc, &argv, tn, sizeof (tn))) < 0)
 234                 return (ret);
 235 
 236         if (argc == 1)
 237                 return (mdb_tab_complete_type(mcp, tn, MDB_TABC_NOPOINT));
 238 
 239         return (0);
 240 }
 241 
 242 /*ARGSUSED*/
 243 int
 244 cmd_offsetof(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
 245 {
 246         const char *member;
 247         mdb_ctf_id_t id;
 248         ulong_t off;
 249         char tn[MDB_SYM_NAMLEN];
 250         ssize_t sz;
 251         int ret;
 252 
 253         if (flags & DCMD_ADDRSPEC)
 254                 return (DCMD_USAGE);
 255 
 256         if ((ret = args_to_typename(&argc, &argv, tn, sizeof (tn))) != 0)
 257                 return (ret);
 258 
 259         if (argc != 2 || argv[1].a_type != MDB_TYPE_STRING)
 260                 return (DCMD_USAGE);
 261 
 262         if (mdb_ctf_lookup_by_name(tn, &id) != 0) {
 263                 mdb_warn("failed to look up type %s", tn);
 264                 return (DCMD_ERR);
 265         }
 266 
 267         member = argv[1].a_un.a_str;
 268 
 269         if (mdb_ctf_member_info(id, member, &off, &id) != 0) {
 270                 mdb_warn("failed to find member %s of type %s", member, tn);
 271                 return (DCMD_ERR);
 272         }
 273 
 274         if (flags & DCMD_PIPE_OUT) {
 275                 if (off % NBBY != 0) {
 276                         mdb_warn("member %s of type %s is not byte-aligned\n",
 277                             member, tn);
 278                         return (DCMD_ERR);
 279                 }
 280                 mdb_printf("%#lr", off / NBBY);
 281                 return (DCMD_OK);
 282         }
 283 
 284         mdb_printf("offsetof (%s, %s) = %#lr",
 285             tn, member, off / NBBY);
 286         if (off % NBBY != 0)
 287                 mdb_printf(".%lr", off % NBBY);
 288 
 289         if ((sz = mdb_ctf_type_size(id)) > 0)
 290                 mdb_printf(", sizeof (...->%s) = %#lr", member, sz);
 291 
 292         mdb_printf("\n");
 293 
 294         return (DCMD_OK);
 295 }
 296 
 297 /*ARGSUSED*/
 298 static int
 299 enum_prefix_scan_cb(const char *name, int value, void *arg)
 300 {
 301         char *str = arg;
 302 
 303         /*
 304          * This function is called with every name in the enum.  We make
 305          * "arg" be the common prefix, if any.
 306          */
 307         if (str[0] == 0) {
 308                 if (strlcpy(arg, name, MDB_SYM_NAMLEN) >= MDB_SYM_NAMLEN)
 309                         return (1);
 310                 return (0);
 311         }
 312 
 313         while (*name == *str) {
 314                 if (*str == 0) {
 315                         if (str != arg) {
 316                                 str--;  /* don't smother a name completely */
 317                         }
 318                         break;
 319                 }
 320                 name++;
 321                 str++;
 322         }
 323         *str = 0;
 324 
 325         return (str == arg);    /* only continue if prefix is non-empty */
 326 }
 327 
 328 struct enum_p2_info {
 329         intmax_t e_value;       /* value we're processing */
 330         char    *e_buf;         /* buffer for holding names */
 331         size_t  e_size;         /* size of buffer */
 332         size_t  e_prefix;       /* length of initial prefix */
 333         uint_t  e_allprefix;    /* apply prefix to first guy, too */
 334         uint_t  e_bits;         /* bits seen */
 335         uint8_t e_found;        /* have we seen anything? */
 336         uint8_t e_first;        /* does buf contain the first one? */
 337         uint8_t e_zero;         /* have we seen a zero value? */
 338 };
 339 
 340 static int
 341 enum_p2_cb(const char *name, int bit_arg, void *arg)
 342 {
 343         struct enum_p2_info *eiip = arg;
 344         uintmax_t bit = bit_arg;
 345 
 346         if (bit != 0 && !ISP2(bit))
 347                 return (1);     /* non-power-of-2; abort processing */
 348 
 349         if ((bit == 0 && eiip->e_zero) ||
 350             (bit != 0 && (eiip->e_bits & bit) != 0)) {
 351                 return (0);     /* already seen this value */
 352         }
 353 
 354         if (bit == 0)
 355                 eiip->e_zero = 1;
 356         else
 357                 eiip->e_bits |= bit;
 358 
 359         if (eiip->e_buf != NULL && (eiip->e_value & bit) != 0) {
 360                 char *buf = eiip->e_buf;
 361                 size_t prefix = eiip->e_prefix;
 362 
 363                 if (eiip->e_found) {
 364                         (void) strlcat(buf, "|", eiip->e_size);
 365 
 366                         if (eiip->e_first && !eiip->e_allprefix && prefix > 0) {
 367                                 char c1 = buf[prefix];
 368                                 char c2 = buf[prefix + 1];
 369                                 buf[prefix] = '{';
 370                                 buf[prefix + 1] = 0;
 371                                 mdb_printf("%s", buf);
 372                                 buf[prefix] = c1;
 373                                 buf[prefix + 1] = c2;
 374                                 mdb_printf("%s", buf + prefix);
 375                         } else {
 376                                 mdb_printf("%s", buf);
 377                         }
 378 
 379                 }
 380                 /* skip the common prefix as necessary */
 381                 if ((eiip->e_found || eiip->e_allprefix) &&
 382                     strlen(name) > prefix)
 383                         name += prefix;
 384 
 385                 (void) strlcpy(eiip->e_buf, name, eiip->e_size);
 386                 eiip->e_first = !eiip->e_found;
 387                 eiip->e_found = 1;
 388         }
 389         return (0);
 390 }
 391 
 392 static int
 393 enum_is_p2(mdb_ctf_id_t id)
 394 {
 395         struct enum_p2_info eii;
 396         bzero(&eii, sizeof (eii));
 397 
 398         return (mdb_ctf_type_kind(id) == CTF_K_ENUM &&
 399             mdb_ctf_enum_iter(id, enum_p2_cb, &eii) == 0 &&
 400             eii.e_bits != 0);
 401 }
 402 
 403 static int
 404 enum_value_print_p2(mdb_ctf_id_t id, intmax_t value, uint_t allprefix)
 405 {
 406         struct enum_p2_info eii;
 407         char prefix[MDB_SYM_NAMLEN + 2];
 408         intmax_t missed;
 409 
 410         bzero(&eii, sizeof (eii));
 411 
 412         eii.e_value = value;
 413         eii.e_buf = prefix;
 414         eii.e_size = sizeof (prefix);
 415         eii.e_allprefix = allprefix;
 416 
 417         prefix[0] = 0;
 418         if (mdb_ctf_enum_iter(id, enum_prefix_scan_cb, prefix) == 0)
 419                 eii.e_prefix = strlen(prefix);
 420 
 421         if (mdb_ctf_enum_iter(id, enum_p2_cb, &eii) != 0 || eii.e_bits == 0)
 422                 return (-1);
 423 
 424         missed = (value & ~(intmax_t)eii.e_bits);
 425 
 426         if (eii.e_found) {
 427                 /* push out any final value, with a | if we missed anything */
 428                 if (!eii.e_first)
 429                         (void) strlcat(prefix, "}", sizeof (prefix));
 430                 if (missed != 0)
 431                         (void) strlcat(prefix, "|", sizeof (prefix));
 432 
 433                 mdb_printf("%s", prefix);
 434         }
 435 
 436         if (!eii.e_found || missed) {
 437                 mdb_printf("%#llx", missed);
 438         }
 439 
 440         return (0);
 441 }
 442 
 443 struct enum_cbinfo {
 444         uint_t          e_flags;
 445         const char      *e_string;      /* NULL for value searches */
 446         size_t          e_prefix;
 447         intmax_t        e_value;
 448         uint_t          e_found;
 449         mdb_ctf_id_t    e_id;
 450 };
 451 #define E_PRETTY                0x01
 452 #define E_HEX                   0x02
 453 #define E_SEARCH_STRING         0x04
 454 #define E_SEARCH_VALUE          0x08
 455 #define E_ELIDE_PREFIX          0x10
 456 
 457 static void
 458 enum_print(struct enum_cbinfo *info, const char *name, int value)
 459 {
 460         uint_t flags = info->e_flags;
 461         uint_t elide_prefix = (info->e_flags & E_ELIDE_PREFIX);
 462 
 463         if (name != NULL && info->e_prefix && strlen(name) > info->e_prefix)
 464                 name += info->e_prefix;
 465 
 466         if (flags & E_PRETTY) {
 467                 uint_t indent = 5 + ((flags & E_HEX) ? 8 : 11);
 468 
 469                 mdb_printf((flags & E_HEX)? "%8x " : "%11d ", value);
 470                 (void) mdb_inc_indent(indent);
 471                 if (name != NULL) {
 472                         mdb_iob_puts(mdb.m_out, name);
 473                 } else {
 474                         (void) enum_value_print_p2(info->e_id, value,
 475                             elide_prefix);
 476                 }
 477                 (void) mdb_dec_indent(indent);
 478                 mdb_printf("\n");
 479         } else {
 480                 mdb_printf("%#r\n", value);
 481         }
 482 }
 483 
 484 static int
 485 enum_cb(const char *name, int value, void *arg)
 486 {
 487         struct enum_cbinfo *info = arg;
 488         uint_t flags = info->e_flags;
 489 
 490         if (flags & E_SEARCH_STRING) {
 491                 if (strcmp(name, info->e_string) != 0)
 492                         return (0);
 493 
 494         } else if (flags & E_SEARCH_VALUE) {
 495                 if (value != info->e_value)
 496                         return (0);
 497         }
 498 
 499         enum_print(info, name, value);
 500 
 501         info->e_found = 1;
 502         return (0);
 503 }
 504 
 505 void
 506 enum_help(void)
 507 {
 508         mdb_printf("%s",
 509 "Without an address and name, print all values for the enumeration \"enum\".\n"
 510 "With an address, look up a particular value in \"enum\".  With a name, look\n"
 511 "up a particular name in \"enum\".\n");
 512 
 513         (void) mdb_dec_indent(2);
 514         mdb_printf("\n%<b>OPTIONS%</b>\n");
 515         (void) mdb_inc_indent(2);
 516 
 517         mdb_printf("%s",
 518 "   -e    remove common prefixes from enum names\n"
 519 "   -x    report enum values in hexadecimal\n");
 520 }
 521 
 522 /*ARGSUSED*/
 523 int
 524 cmd_enum(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
 525 {
 526         struct enum_cbinfo info;
 527 
 528         char type[MDB_SYM_NAMLEN + sizeof ("enum ")];
 529         char tn2[MDB_SYM_NAMLEN + sizeof ("enum ")];
 530         char prefix[MDB_SYM_NAMLEN];
 531         mdb_ctf_id_t id;
 532         mdb_ctf_id_t idr;
 533 
 534         int i;
 535         intmax_t search;
 536         uint_t isp2;
 537 
 538         info.e_flags = (flags & DCMD_PIPE_OUT)? 0 : E_PRETTY;
 539         info.e_string = NULL;
 540         info.e_value = 0;
 541         info.e_found = 0;
 542 
 543         i = mdb_getopts(argc, argv,
 544             'e', MDB_OPT_SETBITS, E_ELIDE_PREFIX, &info.e_flags,
 545             'x', MDB_OPT_SETBITS, E_HEX, &info.e_flags,
 546             NULL);
 547 
 548         argc -= i;
 549         argv += i;
 550 
 551         if ((i = args_to_typename(&argc, &argv, type, MDB_SYM_NAMLEN)) != 0)
 552                 return (i);
 553 
 554         if (strchr(type, ' ') == NULL) {
 555                 /*
 556                  * Check as an enumeration tag first, and fall back
 557                  * to checking for a typedef.  Yes, this means that
 558                  * anonymous enumerations whose typedefs conflict with
 559                  * an enum tag can't be accessed.  Don't do that.
 560                  */
 561                 (void) mdb_snprintf(tn2, sizeof (tn2), "enum %s", type);
 562 
 563                 if (mdb_ctf_lookup_by_name(tn2, &id) == 0) {
 564                         (void) strcpy(type, tn2);
 565                 } else if (mdb_ctf_lookup_by_name(type, &id) != 0) {
 566                         mdb_warn("types '%s', '%s'", tn2, type);
 567                         return (DCMD_ERR);
 568                 }
 569         } else {
 570                 if (mdb_ctf_lookup_by_name(type, &id) != 0) {
 571                         mdb_warn("'%s'", type);
 572                         return (DCMD_ERR);
 573                 }
 574         }
 575 
 576         /* resolve it, and make sure we're looking at an enumeration */
 577         if (mdb_ctf_type_resolve(id, &idr) == -1) {
 578                 mdb_warn("unable to resolve '%s'", type);
 579                 return (DCMD_ERR);
 580         }
 581         if (mdb_ctf_type_kind(idr) != CTF_K_ENUM) {
 582                 mdb_warn("'%s': not an enumeration\n", type);
 583                 return (DCMD_ERR);
 584         }
 585 
 586         info.e_id = idr;
 587 
 588         if (argc > 2)
 589                 return (DCMD_USAGE);
 590 
 591         if (argc == 2) {
 592                 if (flags & DCMD_ADDRSPEC) {
 593                         mdb_warn("may only specify one of: name, address\n");
 594                         return (DCMD_USAGE);
 595                 }
 596 
 597                 if (argv[1].a_type == MDB_TYPE_STRING) {
 598                         info.e_flags |= E_SEARCH_STRING;
 599                         info.e_string = argv[1].a_un.a_str;
 600                 } else if (argv[1].a_type == MDB_TYPE_IMMEDIATE) {
 601                         info.e_flags |= E_SEARCH_VALUE;
 602                         search = argv[1].a_un.a_val;
 603                 } else {
 604                         return (DCMD_USAGE);
 605                 }
 606         }
 607 
 608         if (flags & DCMD_ADDRSPEC) {
 609                 info.e_flags |= E_SEARCH_VALUE;
 610                 search = mdb_get_dot();
 611         }
 612 
 613         if (info.e_flags & E_SEARCH_VALUE) {
 614                 if ((int)search != search) {
 615                         mdb_warn("value '%lld' out of enumeration range\n",
 616                             search);
 617                 }
 618                 info.e_value = search;
 619         }
 620 
 621         isp2 = enum_is_p2(idr);
 622         if (isp2)
 623                 info.e_flags |= E_HEX;
 624 
 625         if (DCMD_HDRSPEC(flags) && (info.e_flags & E_PRETTY)) {
 626                 if (info.e_flags & E_HEX)
 627                         mdb_printf("%<u>%8s %-64s%</u>\n", "VALUE", "NAME");
 628                 else
 629                         mdb_printf("%<u>%11s %-64s%</u>\n", "VALUE", "NAME");
 630         }
 631 
 632         /* if the enum is a power-of-two one, process it that way */
 633         if ((info.e_flags & E_SEARCH_VALUE) && isp2) {
 634                 enum_print(&info, NULL, info.e_value);
 635                 return (DCMD_OK);
 636         }
 637 
 638         prefix[0] = 0;
 639         if ((info.e_flags & E_ELIDE_PREFIX) &&
 640             mdb_ctf_enum_iter(id, enum_prefix_scan_cb, prefix) == 0)
 641                 info.e_prefix = strlen(prefix);
 642 
 643         if (mdb_ctf_enum_iter(idr, enum_cb, &info) == -1) {
 644                 mdb_warn("cannot walk '%s' as enum", type);
 645                 return (DCMD_ERR);
 646         }
 647 
 648         if (info.e_found == 0 &&
 649             (info.e_flags & (E_SEARCH_STRING | E_SEARCH_VALUE)) != 0) {
 650                 if (info.e_flags & E_SEARCH_STRING)
 651                         mdb_warn("name \"%s\" not in '%s'\n", info.e_string,
 652                             type);
 653                 else
 654                         mdb_warn("value %#lld not in '%s'\n", info.e_value,
 655                             type);
 656 
 657                 return (DCMD_ERR);
 658         }
 659 
 660         return (DCMD_OK);
 661 }
 662 
 663 static int
 664 setup_vcb(const char *name, uintptr_t addr)
 665 {
 666         const char *p;
 667         mdb_var_t *v;
 668 
 669         if ((v = mdb_nv_lookup(&mdb.m_nv, name)) == NULL) {
 670                 if ((p = strbadid(name)) != NULL) {
 671                         mdb_warn("'%c' may not be used in a variable "
 672                             "name\n", *p);
 673                         return (DCMD_ABORT);
 674                 }
 675 
 676                 if ((v = mdb_nv_insert(&mdb.m_nv, name, NULL, addr, 0)) == NULL)
 677                         return (DCMD_ERR);
 678         } else {
 679                 if (v->v_flags & MDB_NV_RDONLY) {
 680                         mdb_warn("variable %s is read-only\n", name);
 681                         return (DCMD_ABORT);
 682                 }
 683         }
 684 
 685         /*
 686          * If there already exists a vcb for this variable, we may be
 687          * calling the dcmd in a loop.  We only create a vcb for this
 688          * variable on the first invocation.
 689          */
 690         if (mdb_vcb_find(v, mdb.m_frame) == NULL)
 691                 mdb_vcb_insert(mdb_vcb_create(v), mdb.m_frame);
 692 
 693         return (0);
 694 }
 695 
 696 /*ARGSUSED*/
 697 int
 698 cmd_list(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
 699 {
 700         int offset;
 701         uintptr_t a, tmp;
 702         int ret;
 703 
 704         if (!(flags & DCMD_ADDRSPEC) || argc == 0)
 705                 return (DCMD_USAGE);
 706 
 707         if (argv->a_type != MDB_TYPE_STRING) {
 708                 /*
 709                  * We are being given a raw offset in lieu of a type and
 710                  * member; confirm the number of arguments and argument
 711                  * type.
 712                  */
 713                 if (argc != 1 || argv->a_type != MDB_TYPE_IMMEDIATE)
 714                         return (DCMD_USAGE);
 715 
 716                 offset = argv->a_un.a_val;
 717 
 718                 argv++;
 719                 argc--;
 720 
 721                 if (offset % sizeof (uintptr_t)) {
 722                         mdb_warn("offset must fall on a word boundary\n");
 723                         return (DCMD_ABORT);
 724                 }
 725         } else {
 726                 const char *member;
 727                 char buf[MDB_SYM_NAMLEN];
 728                 int ret;
 729 
 730                 /*
 731                  * Check that we were provided 2 arguments: a type name
 732                  * and a member of that type.
 733                  */
 734                 if (argc != 2)
 735                         return (DCMD_USAGE);
 736 
 737                 ret = args_to_typename(&argc, &argv, buf, sizeof (buf));
 738                 if (ret != 0)
 739                         return (ret);
 740 
 741                 argv++;
 742                 argc--;
 743 
 744                 member = argv->a_un.a_str;
 745                 offset = mdb_ctf_offsetof_by_name(buf, member);
 746                 if (offset == -1)
 747                         return (DCMD_ABORT);
 748 
 749                 argv++;
 750                 argc--;
 751 
 752                 if (offset % (sizeof (uintptr_t)) != 0) {
 753                         mdb_warn("%s is not a word-aligned member\n", member);
 754                         return (DCMD_ABORT);
 755                 }
 756         }
 757 
 758         /*
 759          * If we have any unchewed arguments, a variable name must be present.
 760          */
 761         if (argc == 1) {
 762                 if (argv->a_type != MDB_TYPE_STRING)
 763                         return (DCMD_USAGE);
 764 
 765                 if ((ret = setup_vcb(argv->a_un.a_str, addr)) != 0)
 766                         return (ret);
 767 
 768         } else if (argc != 0) {
 769                 return (DCMD_USAGE);
 770         }
 771 
 772         a = addr;
 773 
 774         do {
 775                 mdb_printf("%lr\n", a);
 776 
 777                 if (mdb_vread(&tmp, sizeof (tmp), a + offset) == -1) {
 778                         mdb_warn("failed to read next pointer from object %p",
 779                             a);
 780                         return (DCMD_ERR);
 781                 }
 782 
 783                 a = tmp;
 784         } while (a != addr && a != NULL);
 785 
 786         return (DCMD_OK);
 787 }
 788 
 789 int
 790 cmd_array(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
 791 {
 792         mdb_ctf_id_t id;
 793         ssize_t elemsize = 0;
 794         char tn[MDB_SYM_NAMLEN];
 795         int ret, nelem = -1;
 796 
 797         mdb_tgt_t *t = mdb.m_target;
 798         GElf_Sym sym;
 799         mdb_ctf_arinfo_t ar;
 800         mdb_syminfo_t s_info;
 801 
 802         if (!(flags & DCMD_ADDRSPEC))
 803                 return (DCMD_USAGE);
 804 
 805         if (argc >= 2) {
 806                 ret = args_to_typename(&argc, &argv, tn, sizeof (tn));
 807                 if (ret != 0)
 808                         return (ret);
 809 
 810                 if (argc == 1)  /* unquoted compound type without count */
 811                         return (DCMD_USAGE);
 812 
 813                 if (mdb_ctf_lookup_by_name(tn, &id) != 0) {
 814                         mdb_warn("failed to look up type %s", tn);
 815                         return (DCMD_ABORT);
 816                 }
 817 
 818                 if (argv[1].a_type == MDB_TYPE_IMMEDIATE)
 819                         nelem = argv[1].a_un.a_val;
 820                 else
 821                         nelem = mdb_strtoull(argv[1].a_un.a_str);
 822 
 823                 elemsize = mdb_ctf_type_size(id);
 824         } else if (addr_to_sym(t, addr, tn, sizeof (tn), &sym, &s_info)
 825             != NULL && mdb_ctf_lookup_by_symbol(&sym, &s_info, &id)
 826             == 0 && mdb_ctf_type_kind(id) == CTF_K_ARRAY &&
 827             mdb_ctf_array_info(id, &ar) != -1) {
 828                 elemsize = mdb_ctf_type_size(id) / ar.mta_nelems;
 829                 nelem = ar.mta_nelems;
 830         } else {
 831                 mdb_warn("no symbol information for %a", addr);
 832                 return (DCMD_ERR);
 833         }
 834 
 835         if (argc == 3 || argc == 1) {
 836                 if (argv[argc - 1].a_type != MDB_TYPE_STRING)
 837                         return (DCMD_USAGE);
 838 
 839                 if ((ret = setup_vcb(argv[argc - 1].a_un.a_str, addr)) != 0)
 840                         return (ret);
 841 
 842         } else if (argc > 3) {
 843                 return (DCMD_USAGE);
 844         }
 845 
 846         for (; nelem > 0; nelem--) {
 847                 mdb_printf("%lr\n", addr);
 848                 addr = addr + elemsize;
 849         }
 850 
 851         return (DCMD_OK);
 852 }
 853 
 854 /*
 855  * Print an integer bitfield in hexadecimal by reading the enclosing byte(s)
 856  * and then shifting and masking the data in the lower bits of a uint64_t.
 857  */
 858 static int
 859 print_bitfield(ulong_t off, printarg_t *pap, ctf_encoding_t *ep)
 860 {
 861         mdb_tgt_addr_t addr = pap->pa_addr + off / NBBY;
 862         size_t size = (ep->cte_bits + (NBBY - 1)) / NBBY;
 863         uint64_t mask = (1ULL << ep->cte_bits) - 1;
 864         uint64_t value = 0;
 865         uint8_t *buf = (uint8_t *)&value;
 866         uint8_t shift;
 867 
 868         const char *format;
 869 
 870         if (!(pap->pa_flags & PA_SHOWVAL))
 871                 return (0);
 872 
 873         if (ep->cte_bits > sizeof (value) * NBBY - 1) {
 874                 mdb_printf("??? (invalid bitfield size %u)", ep->cte_bits);
 875                 return (0);
 876         }
 877 
 878         /*
 879          * On big-endian machines, we need to adjust the buf pointer to refer
 880          * to the lowest 'size' bytes in 'value', and we need shift based on
 881          * the offset from the end of the data, not the offset of the start.
 882          */
 883 #ifdef _BIG_ENDIAN
 884         buf += sizeof (value) - size;
 885         off += ep->cte_bits;
 886 #endif
 887         if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as, buf, size, addr) != size) {
 888                 mdb_warn("failed to read %lu bytes at %llx",
 889                     (ulong_t)size, addr);
 890                 return (1);
 891         }
 892 
 893         shift = off % NBBY;
 894 
 895         /*
 896          * Offsets are counted from opposite ends on little- and
 897          * big-endian machines.
 898          */
 899 #ifdef _BIG_ENDIAN
 900         shift = NBBY - shift;
 901 #endif
 902 
 903         /*
 904          * If the bits we want do not begin on a byte boundary, shift the data
 905          * right so that the value is in the lowest 'cte_bits' of 'value'.
 906          */
 907         if (off % NBBY != 0)
 908                 value >>= shift;
 909         value &= mask;
 910 
 911         /*
 912          * We default to printing signed bitfields as decimals,
 913          * and unsigned bitfields in hexadecimal.  If they specify
 914          * hexadecimal, we treat the field as unsigned.
 915          */
 916         if ((pap->pa_flags & PA_INTHEX) ||
 917             !(ep->cte_format & CTF_INT_SIGNED)) {
 918                 format = (pap->pa_flags & PA_INTDEC)? "%#llu" : "%#llx";
 919         } else {
 920                 int sshift = sizeof (value) * NBBY - ep->cte_bits;
 921 
 922                 /* sign-extend value, and print as a signed decimal */
 923                 value = ((int64_t)value << sshift) >> sshift;
 924                 format = "%#lld";
 925         }
 926         mdb_printf(format, value);
 927 
 928         return (0);
 929 }
 930 
 931 /*
 932  * Print out a character or integer value.  We use some simple heuristics,
 933  * described below, to determine the appropriate radix to use for output.
 934  */
 935 static int
 936 print_int_val(const char *type, ctf_encoding_t *ep, ulong_t off,
 937     printarg_t *pap)
 938 {
 939         static const char *const sformat[] = { "%#d", "%#d", "%#d", "%#lld" };
 940         static const char *const uformat[] = { "%#u", "%#u", "%#u", "%#llu" };
 941         static const char *const xformat[] = { "%#x", "%#x", "%#x", "%#llx" };
 942 
 943         mdb_tgt_addr_t addr = pap->pa_addr + off / NBBY;
 944         const char *const *fsp;
 945         size_t size;
 946 
 947         union {
 948                 uint64_t i8;
 949                 uint32_t i4;
 950                 uint16_t i2;
 951                 uint8_t i1;
 952                 time_t t;
 953                 ipaddr_t I;
 954         } u;
 955 
 956         if (!(pap->pa_flags & PA_SHOWVAL))
 957                 return (0);
 958 
 959         if (ep->cte_format & CTF_INT_VARARGS) {
 960                 mdb_printf("...\n");
 961                 return (0);
 962         }
 963 
 964         /*
 965          * If the size is not a power-of-two number of bytes in the range 1-8
 966          * then we assume it is a bitfield and print it as such.
 967          */
 968         size = ep->cte_bits / NBBY;
 969         if (size > 8 || (ep->cte_bits % NBBY) != 0 || (size & (size - 1)) != 0)
 970                 return (print_bitfield(off, pap, ep));
 971 
 972         if (IS_CHAR(*ep)) {
 973                 mdb_printf("'");
 974                 if (mdb_fmt_print(pap->pa_tgt, pap->pa_as,
 975                     addr, 1, 'C') == addr)
 976                         return (1);
 977                 mdb_printf("'");
 978                 return (0);
 979         }
 980 
 981         if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as, &u.i8, size, addr) != size) {
 982                 mdb_warn("failed to read %lu bytes at %llx",
 983                     (ulong_t)size, addr);
 984                 return (1);
 985         }
 986 
 987         /*
 988          * We pretty-print some integer based types.  time_t values are
 989          * printed as a calendar date and time, and IPv4 addresses as human
 990          * readable dotted quads.
 991          */
 992         if (!(pap->pa_flags & (PA_INTHEX | PA_INTDEC))) {
 993                 if (strcmp(type, "time_t") == 0 && u.t != 0) {
 994                         mdb_printf("%Y", u.t);
 995                         return (0);
 996                 }
 997                 if (strcmp(type, "ipaddr_t") == 0 ||
 998                     strcmp(type, "in_addr_t") == 0) {
 999                         mdb_printf("%I", u.I);
1000                         return (0);
1001                 }
1002         }
1003 
1004         /*
1005          * The default format is hexadecimal.
1006          */
1007         if (!(pap->pa_flags & PA_INTDEC))
1008                 fsp = xformat;
1009         else if (ep->cte_format & CTF_INT_SIGNED)
1010                 fsp = sformat;
1011         else
1012                 fsp = uformat;
1013 
1014         switch (size) {
1015         case sizeof (uint8_t):
1016                 mdb_printf(fsp[0], u.i1);
1017                 break;
1018         case sizeof (uint16_t):
1019                 mdb_printf(fsp[1], u.i2);
1020                 break;
1021         case sizeof (uint32_t):
1022                 mdb_printf(fsp[2], u.i4);
1023                 break;
1024         case sizeof (uint64_t):
1025                 mdb_printf(fsp[3], u.i8);
1026                 break;
1027         }
1028         return (0);
1029 }
1030 
1031 /*ARGSUSED*/
1032 static int
1033 print_int(const char *type, const char *name, mdb_ctf_id_t id,
1034     mdb_ctf_id_t base, ulong_t off, printarg_t *pap)
1035 {
1036         ctf_encoding_t e;
1037 
1038         if (!(pap->pa_flags & PA_SHOWVAL))
1039                 return (0);
1040 
1041         if (mdb_ctf_type_encoding(base, &e) != 0) {
1042                 mdb_printf("??? (%s)", mdb_strerror(errno));
1043                 return (0);
1044         }
1045 
1046         return (print_int_val(type, &e, off, pap));
1047 }
1048 
1049 /*
1050  * Print out a floating point value.  We only provide support for floats in
1051  * the ANSI-C float, double, and long double formats.
1052  */
1053 /*ARGSUSED*/
1054 static int
1055 print_float(const char *type, const char *name, mdb_ctf_id_t id,
1056     mdb_ctf_id_t base, ulong_t off, printarg_t *pap)
1057 {
1058 #ifndef _KMDB
1059         mdb_tgt_addr_t addr = pap->pa_addr + off / NBBY;
1060         ctf_encoding_t e;
1061 
1062         union {
1063                 float f;
1064                 double d;
1065                 long double ld;
1066         } u;
1067 
1068         if (!(pap->pa_flags & PA_SHOWVAL))
1069                 return (0);
1070 
1071         if (mdb_ctf_type_encoding(base, &e) == 0) {
1072                 if (e.cte_format == CTF_FP_SINGLE &&
1073                     e.cte_bits == sizeof (float) * NBBY) {
1074                         if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as, &u.f,
1075                             sizeof (u.f), addr) != sizeof (u.f)) {
1076                                 mdb_warn("failed to read float at %llx", addr);
1077                                 return (1);
1078                         }
1079                         mdb_printf("%s", doubletos(u.f, 7, 'e'));
1080 
1081                 } else if (e.cte_format == CTF_FP_DOUBLE &&
1082                     e.cte_bits == sizeof (double) * NBBY) {
1083                         if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as, &u.d,
1084                             sizeof (u.d), addr) != sizeof (u.d)) {
1085                                 mdb_warn("failed to read float at %llx", addr);
1086                                 return (1);
1087                         }
1088                         mdb_printf("%s", doubletos(u.d, 7, 'e'));
1089 
1090                 } else if (e.cte_format == CTF_FP_LDOUBLE &&
1091                     e.cte_bits == sizeof (long double) * NBBY) {
1092                         if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as, &u.ld,
1093                             sizeof (u.ld), addr) != sizeof (u.ld)) {
1094                                 mdb_warn("failed to read float at %llx", addr);
1095                                 return (1);
1096                         }
1097                         mdb_printf("%s", longdoubletos(&u.ld, 16, 'e'));
1098 
1099                 } else {
1100                         mdb_printf("??? (unsupported FP format %u / %u bits\n",
1101                             e.cte_format, e.cte_bits);
1102                 }
1103         } else
1104                 mdb_printf("??? (%s)", mdb_strerror(errno));
1105 #else
1106         mdb_printf("<FLOAT>");
1107 #endif
1108         return (0);
1109 }
1110 
1111 
1112 /*
1113  * Print out a pointer value as a symbol name + offset or a hexadecimal value.
1114  * If the pointer itself is a char *, we attempt to read a bit of the data
1115  * referenced by the pointer and display it if it is a printable ASCII string.
1116  */
1117 /*ARGSUSED*/
1118 static int
1119 print_ptr(const char *type, const char *name, mdb_ctf_id_t id,
1120     mdb_ctf_id_t base, ulong_t off, printarg_t *pap)
1121 {
1122         mdb_tgt_addr_t addr = pap->pa_addr + off / NBBY;
1123         ctf_encoding_t e;
1124         uintptr_t value;
1125         char buf[256];
1126         ssize_t len;
1127 
1128         if (!(pap->pa_flags & PA_SHOWVAL))
1129                 return (0);
1130 
1131         if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as,
1132             &value, sizeof (value), addr) != sizeof (value)) {
1133                 mdb_warn("failed to read %s pointer at %llx", name, addr);
1134                 return (1);
1135         }
1136 
1137         if (pap->pa_flags & PA_NOSYMBOLIC) {
1138                 mdb_printf("%#lx", value);
1139                 return (0);
1140         }
1141 
1142         mdb_printf("%a", value);
1143 
1144         if (value == NULL || strcmp(type, "caddr_t") == 0)
1145                 return (0);
1146 
1147         if (mdb_ctf_type_kind(base) == CTF_K_POINTER &&
1148             mdb_ctf_type_reference(base, &base) != -1 &&
1149             mdb_ctf_type_resolve(base, &base) != -1 &&
1150             mdb_ctf_type_encoding(base, &e) == 0 && IS_CHAR(e)) {
1151                 if ((len = mdb_tgt_readstr(pap->pa_realtgt, pap->pa_as,
1152                     buf, sizeof (buf), value)) >= 0 && strisprint(buf)) {
1153                         if (len == sizeof (buf))
1154                                 (void) strabbr(buf, sizeof (buf));
1155                         mdb_printf(" \"%s\"", buf);
1156                 }
1157         }
1158 
1159         return (0);
1160 }
1161 
1162 
1163 /*
1164  * Print out a fixed-size array.  We special-case arrays of characters
1165  * and attempt to print them out as ASCII strings if possible.  For other
1166  * arrays, we iterate over a maximum of pa_armemlim members and call
1167  * mdb_ctf_type_visit() again on each element to print its value.
1168  */
1169 /*ARGSUSED*/
1170 static int
1171 print_array(const char *type, const char *name, mdb_ctf_id_t id,
1172     mdb_ctf_id_t base, ulong_t off, printarg_t *pap)
1173 {
1174         mdb_tgt_addr_t addr = pap->pa_addr + off / NBBY;
1175         printarg_t pa = *pap;
1176         ssize_t eltsize;
1177         mdb_ctf_arinfo_t r;
1178         ctf_encoding_t e;
1179         uint_t i, kind, limit;
1180         int d, sou;
1181         char buf[8];
1182         char *str;
1183 
1184         if (!(pap->pa_flags & PA_SHOWVAL))
1185                 return (0);
1186 
1187         if (pap->pa_depth == pap->pa_maxdepth) {
1188                 mdb_printf("[ ... ]");
1189                 return (0);
1190         }
1191 
1192         /*
1193          * Determine the base type and size of the array's content.  If this
1194          * fails, we cannot print anything and just give up.
1195          */
1196         if (mdb_ctf_array_info(base, &r) == -1 ||
1197             mdb_ctf_type_resolve(r.mta_contents, &base) == -1 ||
1198             (eltsize = mdb_ctf_type_size(base)) == -1) {
1199                 mdb_printf("[ ??? ] (%s)", mdb_strerror(errno));
1200                 return (0);
1201         }
1202 
1203         /*
1204          * Read a few bytes and determine if the content appears to be
1205          * printable ASCII characters.  If so, read the entire array and
1206          * attempt to display it as a string if it is printable.
1207          */
1208         if ((pap->pa_arstrlim == MDB_ARR_NOLIMIT ||
1209             r.mta_nelems <= pap->pa_arstrlim) &&
1210             mdb_ctf_type_encoding(base, &e) == 0 && IS_CHAR(e) &&
1211             mdb_tgt_readstr(pap->pa_tgt, pap->pa_as, buf,
1212             MIN(sizeof (buf), r.mta_nelems), addr) > 0 && strisprint(buf)) {
1213 
1214                 str = mdb_alloc(r.mta_nelems + 1, UM_SLEEP | UM_GC);
1215                 str[r.mta_nelems] = '\0';
1216 
1217                 if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as, str,
1218                     r.mta_nelems, addr) != r.mta_nelems) {
1219                         mdb_warn("failed to read char array at %llx", addr);
1220                         return (1);
1221                 }
1222 
1223                 if (strisprint(str)) {
1224                         mdb_printf("[ \"%s\" ]", str);
1225                         return (0);
1226                 }
1227         }
1228 
1229         if (pap->pa_armemlim != MDB_ARR_NOLIMIT)
1230                 limit = MIN(r.mta_nelems, pap->pa_armemlim);
1231         else
1232                 limit = r.mta_nelems;
1233 
1234         if (limit == 0) {
1235                 mdb_printf("[ ... ]");
1236                 return (0);
1237         }
1238 
1239         kind = mdb_ctf_type_kind(base);
1240         sou = IS_COMPOSITE(kind);
1241 
1242         pa.pa_addr = addr;              /* set base address to start of array */
1243         pa.pa_maxdepth = pa.pa_maxdepth - pa.pa_depth - 1;
1244         pa.pa_nest += pa.pa_depth + 1;  /* nesting level is current depth + 1 */
1245         pa.pa_depth = 0;                /* reset depth to 0 for new scope */
1246         pa.pa_prefix = NULL;
1247 
1248         if (sou) {
1249                 pa.pa_delim = "\n";
1250                 mdb_printf("[\n");
1251         } else {
1252                 pa.pa_flags &= ~(PA_SHOWTYPE | PA_SHOWNAME | PA_SHOWADDR);
1253                 pa.pa_delim = ", ";
1254                 mdb_printf("[ ");
1255         }
1256 
1257         for (i = 0; i < limit; i++, pa.pa_addr += eltsize) {
1258                 if (i == limit - 1 && !sou) {
1259                         if (limit < r.mta_nelems)
1260                                 pa.pa_delim = ", ... ]";
1261                         else
1262                                 pa.pa_delim = " ]";
1263                 }
1264 
1265                 if (mdb_ctf_type_visit(r.mta_contents, elt_print, &pa) == -1) {
1266                         mdb_warn("failed to print array data");
1267                         return (1);
1268                 }
1269         }
1270 
1271         if (sou) {
1272                 for (d = pa.pa_depth - 1; d >= 0; d--)
1273                         print_close_sou(&pa, d);
1274 
1275                 if (limit < r.mta_nelems) {
1276                         mdb_printf("%*s... ]",
1277                             (pap->pa_depth + pap->pa_nest) * pap->pa_tab, "");
1278                 } else {
1279                         mdb_printf("%*s]",
1280                             (pap->pa_depth + pap->pa_nest) * pap->pa_tab, "");
1281                 }
1282         }
1283 
1284         /* copy the hole array info, since it may have been grown */
1285         pap->pa_holes = pa.pa_holes;
1286         pap->pa_nholes = pa.pa_nholes;
1287 
1288         return (0);
1289 }
1290 
1291 /*
1292  * Print out a struct or union header.  We need only print the open brace
1293  * because mdb_ctf_type_visit() itself will automatically recurse through
1294  * all members of the given struct or union.
1295  */
1296 /*ARGSUSED*/
1297 static int
1298 print_sou(const char *type, const char *name, mdb_ctf_id_t id,
1299     mdb_ctf_id_t base, ulong_t off, printarg_t *pap)
1300 {
1301         mdb_tgt_addr_t addr = pap->pa_addr + off / NBBY;
1302 
1303         /*
1304          * We have pretty-printing for some structures where displaying
1305          * structure contents has no value.
1306          */
1307         if (pap->pa_flags & PA_SHOWVAL) {
1308                 if (strcmp(type, "in6_addr_t") == 0 ||
1309                     strcmp(type, "struct in6_addr") == 0) {
1310                         in6_addr_t in6addr;
1311 
1312                         if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as, &in6addr,
1313                             sizeof (in6addr), addr) != sizeof (in6addr)) {
1314                                 mdb_warn("failed to read %s pointer at %llx",
1315                                     name, addr);
1316                                 return (1);
1317                         }
1318                         mdb_printf("%N", &in6addr);
1319                         /*
1320                          * Don't print anything further down in the
1321                          * structure.
1322                          */
1323                         pap->pa_nooutdepth = pap->pa_depth;
1324                         return (0);
1325                 }
1326                 if (strcmp(type, "struct in_addr") == 0) {
1327                         in_addr_t inaddr;
1328 
1329                         if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as, &inaddr,
1330                             sizeof (inaddr), addr) != sizeof (inaddr)) {
1331                                 mdb_warn("failed to read %s pointer at %llx",
1332                                     name, addr);
1333                                 return (1);
1334                         }
1335                         mdb_printf("%I", inaddr);
1336                         pap->pa_nooutdepth = pap->pa_depth;
1337                         return (0);
1338                 }
1339         }
1340 
1341         if (pap->pa_depth == pap->pa_maxdepth)
1342                 mdb_printf("{ ... }");
1343         else
1344                 mdb_printf("{");
1345         pap->pa_delim = "\n";
1346         return (0);
1347 }
1348 
1349 /*
1350  * Print an enum value.  We attempt to convert the value to the corresponding
1351  * enum name and print that if possible.
1352  */
1353 /*ARGSUSED*/
1354 static int
1355 print_enum(const char *type, const char *name, mdb_ctf_id_t id,
1356     mdb_ctf_id_t base, ulong_t off, printarg_t *pap)
1357 {
1358         mdb_tgt_addr_t addr = pap->pa_addr + off / NBBY;
1359         const char *ename;
1360         int value;
1361         int isp2 = enum_is_p2(base);
1362         int flags = pap->pa_flags | (isp2 ? PA_INTHEX : 0);
1363 
1364         if (!(flags & PA_SHOWVAL))
1365                 return (0);
1366 
1367         if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as,
1368             &value, sizeof (value), addr) != sizeof (value)) {
1369                 mdb_warn("failed to read %s integer at %llx", name, addr);
1370                 return (1);
1371         }
1372 
1373         if (flags & PA_INTHEX)
1374                 mdb_printf("%#x", value);
1375         else
1376                 mdb_printf("%#d", value);
1377 
1378         (void) mdb_inc_indent(8);
1379         mdb_printf(" (");
1380 
1381         if (!isp2 || enum_value_print_p2(base, value, 0) != 0) {
1382                 ename = mdb_ctf_enum_name(base, value);
1383                 if (ename == NULL) {
1384                         ename = "???";
1385                 }
1386                 mdb_printf("%s", ename);
1387         }
1388         mdb_printf(")");
1389         (void) mdb_dec_indent(8);
1390 
1391         return (0);
1392 }
1393 
1394 /*
1395  * This will only get called if the structure isn't found in any available CTF
1396  * data.
1397  */
1398 /*ARGSUSED*/
1399 static int
1400 print_tag(const char *type, const char *name, mdb_ctf_id_t id,
1401     mdb_ctf_id_t base, ulong_t off, printarg_t *pap)
1402 {
1403         char basename[MDB_SYM_NAMLEN];
1404 
1405         if (pap->pa_flags & PA_SHOWVAL)
1406                 mdb_printf("; ");
1407 
1408         if (mdb_ctf_type_name(base, basename, sizeof (basename)) != NULL)
1409                 mdb_printf("<forward declaration of %s>", basename);
1410         else
1411                 mdb_printf("<forward declaration of unknown type>");
1412 
1413         return (0);
1414 }
1415 
1416 static void
1417 print_hole(printarg_t *pap, int depth, ulong_t off, ulong_t endoff)
1418 {
1419         ulong_t bits = endoff - off;
1420         ulong_t size = bits / NBBY;
1421         ctf_encoding_t e;
1422 
1423         static const char *const name = "<<HOLE>>";
1424         char type[MDB_SYM_NAMLEN];
1425 
1426         int bitfield =
1427             (off % NBBY != 0 ||
1428             bits % NBBY != 0 ||
1429             size > 8 ||
1430             (size & (size - 1)) != 0);
1431 
1432         ASSERT(off < endoff);
1433 
1434         if (bits > NBBY * sizeof (uint64_t)) {
1435                 ulong_t end;
1436 
1437                 /*
1438                  * The hole is larger than the largest integer type.  To
1439                  * handle this, we split up the hole at 8-byte-aligned
1440                  * boundaries, recursing to print each subsection.  For
1441                  * normal C structures, we'll loop at most twice.
1442                  */
1443                 for (; off < endoff; off = end) {
1444                         end = P2END(off, NBBY * sizeof (uint64_t));
1445                         if (end > endoff)
1446                                 end = endoff;
1447 
1448                         ASSERT((end - off) <= NBBY * sizeof (uint64_t));
1449                         print_hole(pap, depth, off, end);
1450                 }
1451                 ASSERT(end == endoff);
1452 
1453                 return;
1454         }
1455 
1456         if (bitfield)
1457                 (void) mdb_snprintf(type, sizeof (type), "unsigned");
1458         else
1459                 (void) mdb_snprintf(type, sizeof (type), "uint%d_t", bits);
1460 
1461         if (pap->pa_flags & (PA_SHOWTYPE | PA_SHOWNAME | PA_SHOWADDR))
1462                 mdb_printf("%*s", (depth + pap->pa_nest) * pap->pa_tab, "");
1463 
1464         if (pap->pa_flags & PA_SHOWADDR) {
1465                 if (off % NBBY == 0)
1466                         mdb_printf("%llx ", pap->pa_addr + off / NBBY);
1467                 else
1468                         mdb_printf("%llx.%lx ",
1469                             pap->pa_addr + off / NBBY, off % NBBY);
1470         }
1471 
1472         if (pap->pa_flags & PA_SHOWTYPE)
1473                 mdb_printf("%s ", type);
1474 
1475         if (pap->pa_flags & PA_SHOWNAME)
1476                 mdb_printf("%s", name);
1477 
1478         if (bitfield && (pap->pa_flags & PA_SHOWTYPE))
1479                 mdb_printf(" :%d", bits);
1480 
1481         mdb_printf("%s ", (pap->pa_flags & PA_SHOWVAL)? " =" : "");
1482 
1483         /*
1484          * We fake up a ctf_encoding_t, and use print_int_val() to print
1485          * the value.  Holes are always processed as unsigned integers.
1486          */
1487         bzero(&e, sizeof (e));
1488         e.cte_format = 0;
1489         e.cte_offset = 0;
1490         e.cte_bits = bits;
1491 
1492         if (print_int_val(type, &e, off, pap) != 0)
1493                 mdb_iob_discard(mdb.m_out);
1494         else
1495                 mdb_iob_puts(mdb.m_out, pap->pa_delim);
1496 }
1497 
1498 /*
1499  * The print_close_sou() function is called for each structure or union
1500  * which has been completed.  For structures, we detect and print any holes
1501  * before printing the closing brace.
1502  */
1503 static void
1504 print_close_sou(printarg_t *pap, int newdepth)
1505 {
1506         int d = newdepth + pap->pa_nest;
1507 
1508         if ((pap->pa_flags & PA_SHOWHOLES) && !pap->pa_holes[d].hi_isunion) {
1509                 ulong_t end = pap->pa_holes[d + 1].hi_offset;
1510                 ulong_t expected = pap->pa_holes[d].hi_offset;
1511 
1512                 if (end < expected)
1513                         print_hole(pap, newdepth + 1, end, expected);
1514         }
1515         /* if the struct is an array element, print a comma after the } */
1516         mdb_printf("%*s}%s\n", d * pap->pa_tab, "",
1517             (newdepth == 0 && pap->pa_nest > 0)? "," : "");
1518 }
1519 
1520 static printarg_f *const printfuncs[] = {
1521         print_int,      /* CTF_K_INTEGER */
1522         print_float,    /* CTF_K_FLOAT */
1523         print_ptr,      /* CTF_K_POINTER */
1524         print_array,    /* CTF_K_ARRAY */
1525         print_ptr,      /* CTF_K_FUNCTION */
1526         print_sou,      /* CTF_K_STRUCT */
1527         print_sou,      /* CTF_K_UNION */
1528         print_enum,     /* CTF_K_ENUM */
1529         print_tag       /* CTF_K_FORWARD */
1530 };
1531 
1532 /*
1533  * The elt_print function is used as the mdb_ctf_type_visit callback.  For
1534  * each element, we print an appropriate name prefix and then call the
1535  * print subroutine for this type class in the array above.
1536  */
1537 static int
1538 elt_print(const char *name, mdb_ctf_id_t id, mdb_ctf_id_t base,
1539     ulong_t off, int depth, void *data)
1540 {
1541         char type[MDB_SYM_NAMLEN + sizeof (" <<12345678...>>")];
1542         int kind, rc, d;
1543         printarg_t *pap = data;
1544 
1545         for (d = pap->pa_depth - 1; d >= depth; d--) {
1546                 if (d < pap->pa_nooutdepth)
1547                         print_close_sou(pap, d);
1548         }
1549 
1550         /*
1551          * Reset pa_nooutdepth if we've come back out of the structure we
1552          * didn't want to print.
1553          */
1554         if (depth <= pap->pa_nooutdepth)
1555                 pap->pa_nooutdepth = (uint_t)-1;
1556 
1557         if (depth > pap->pa_maxdepth || depth > pap->pa_nooutdepth)
1558                 return (0);
1559 
1560         if (!mdb_ctf_type_valid(base) ||
1561             (kind = mdb_ctf_type_kind(base)) == -1)
1562                 return (-1); /* errno is set for us */
1563 
1564         if (mdb_ctf_type_name(id, type, MDB_SYM_NAMLEN) == NULL)
1565                 (void) strcpy(type, "(?)");
1566 
1567         if (pap->pa_flags & PA_SHOWBASETYPE) {
1568                 /*
1569                  * If basetype is different and informative, concatenate
1570                  * <<basetype>> (or <<baset...>> if it doesn't fit)
1571                  *
1572                  * We just use the end of the buffer to store the type name, and
1573                  * only connect it up if that's necessary.
1574                  */
1575 
1576                 char *type_end = type + strlen(type);
1577                 char *basetype;
1578                 size_t sz;
1579 
1580                 (void) strlcat(type, " <<", sizeof (type));
1581 
1582                 basetype = type + strlen(type);
1583                 sz = sizeof (type) - (basetype - type);
1584 
1585                 *type_end = '\0'; /* restore the end of type for strcmp() */
1586 
1587                 if (mdb_ctf_type_name(base, basetype, sz) != NULL &&
1588                     strcmp(basetype, type) != 0 &&
1589                     strcmp(basetype, "struct ") != 0 &&
1590                     strcmp(basetype, "enum ") != 0 &&
1591                     strcmp(basetype, "union ") != 0) {
1592                         type_end[0] = ' ';      /* reconnect */
1593                         if (strlcat(type, ">>", sizeof (type)) >= sizeof (type))
1594                                 (void) strlcpy(
1595                                     type + sizeof (type) - 6, "...>>", 6);
1596                 }
1597         }
1598 
1599         if (pap->pa_flags & PA_SHOWHOLES) {
1600                 ctf_encoding_t e;
1601                 ssize_t nsize;
1602                 ulong_t newoff;
1603                 holeinfo_t *hole;
1604                 int extra = IS_COMPOSITE(kind)? 1 : 0;
1605 
1606                 /*
1607                  * grow the hole array, if necessary
1608                  */
1609                 if (pap->pa_nest + depth + extra >= pap->pa_nholes) {
1610                         int new = MAX(MAX(8, pap->pa_nholes * 2),
1611                             pap->pa_nest + depth + extra + 1);
1612 
1613                         holeinfo_t *nhi = mdb_zalloc(
1614                             sizeof (*nhi) * new, UM_NOSLEEP | UM_GC);
1615 
1616                         bcopy(pap->pa_holes, nhi,
1617                             pap->pa_nholes * sizeof (*nhi));
1618 
1619                         pap->pa_holes = nhi;
1620                         pap->pa_nholes = new;
1621                 }
1622 
1623                 hole = &pap->pa_holes[depth + pap->pa_nest];
1624 
1625                 if (depth != 0 && off > hole->hi_offset)
1626                         print_hole(pap, depth, hole->hi_offset, off);
1627 
1628                 /* compute the next expected offset */
1629                 if (kind == CTF_K_INTEGER &&
1630                     mdb_ctf_type_encoding(base, &e) == 0)
1631                         newoff = off + e.cte_bits;
1632                 else if ((nsize = mdb_ctf_type_size(base)) >= 0)
1633                         newoff = off + nsize * NBBY;
1634                 else {
1635                         /* something bad happened, disable hole checking */
1636                         newoff = -1UL;          /* ULONG_MAX */
1637                 }
1638 
1639                 hole->hi_offset = newoff;
1640 
1641                 if (IS_COMPOSITE(kind)) {
1642                         hole->hi_isunion = (kind == CTF_K_UNION);
1643                         hole++;
1644                         hole->hi_offset = off;
1645                 }
1646         }
1647 
1648         if (pap->pa_flags & (PA_SHOWTYPE | PA_SHOWNAME | PA_SHOWADDR))
1649                 mdb_printf("%*s", (depth + pap->pa_nest) * pap->pa_tab, "");
1650 
1651         if (pap->pa_flags & PA_SHOWADDR) {
1652                 if (off % NBBY == 0)
1653                         mdb_printf("%llx ", pap->pa_addr + off / NBBY);
1654                 else
1655                         mdb_printf("%llx.%lx ",
1656                             pap->pa_addr + off / NBBY, off % NBBY);
1657         }
1658 
1659         if ((pap->pa_flags & PA_SHOWTYPE)) {
1660                 mdb_printf("%s", type);
1661                 /*
1662                  * We want to avoid printing a trailing space when
1663                  * dealing with pointers in a structure, so we end
1664                  * up with:
1665                  *
1666                  *      label_t *t_onfault = 0
1667                  *
1668                  * If depth is zero, always print the trailing space unless
1669                  * we also have a prefix.
1670                  */
1671                 if (type[strlen(type) - 1] != '*' ||
1672                     (depth == 0 && (!(pap->pa_flags & PA_SHOWNAME) ||
1673                     pap->pa_prefix == NULL)))
1674                         mdb_printf(" ");
1675         }
1676 
1677         if (pap->pa_flags & PA_SHOWNAME) {
1678                 if (pap->pa_prefix != NULL && depth <= 1)
1679                         mdb_printf("%s%s", pap->pa_prefix,
1680                             (depth == 0) ? "" : pap->pa_suffix);
1681                 mdb_printf("%s", name);
1682         }
1683 
1684         if ((pap->pa_flags & PA_SHOWTYPE) && kind == CTF_K_INTEGER) {
1685                 ctf_encoding_t e;
1686 
1687                 if (mdb_ctf_type_encoding(base, &e) == 0) {
1688                         ulong_t bits = e.cte_bits;
1689                         ulong_t size = bits / NBBY;
1690 
1691                         if (bits % NBBY != 0 ||
1692                             off % NBBY != 0 ||
1693                             size > 8 ||
1694                             size != mdb_ctf_type_size(base))
1695                                 mdb_printf(" :%d", bits);
1696                 }
1697         }
1698 
1699         if (depth != 0 ||
1700             ((pap->pa_flags & PA_SHOWNAME) && pap->pa_prefix != NULL))
1701                 mdb_printf("%s ", pap->pa_flags & PA_SHOWVAL ? " =" : "");
1702 
1703         if (depth == 0 && pap->pa_prefix != NULL)
1704                 name = pap->pa_prefix;
1705 
1706         pap->pa_depth = depth;
1707         if (kind <= CTF_K_UNKNOWN || kind >= CTF_K_TYPEDEF) {
1708                 mdb_warn("unknown ctf for %s type %s kind %d\n",
1709                     name, type, kind);
1710                 return (-1);
1711         }
1712         rc = printfuncs[kind - 1](type, name, id, base, off, pap);
1713 
1714         if (rc != 0)
1715                 mdb_iob_discard(mdb.m_out);
1716         else
1717                 mdb_iob_puts(mdb.m_out, pap->pa_delim);
1718 
1719         return (rc);
1720 }
1721 
1722 /*
1723  * Special semantics for pipelines.
1724  */
1725 static int
1726 pipe_print(mdb_ctf_id_t id, ulong_t off, void *data)
1727 {
1728         printarg_t *pap = data;
1729         ssize_t size;
1730         static const char *const fsp[] = { "%#r", "%#r", "%#r", "%#llr" };
1731         uintptr_t value;
1732         uintptr_t addr = pap->pa_addr + off / NBBY;
1733         mdb_ctf_id_t base;
1734         int enum_value;
1735         ctf_encoding_t e;
1736 
1737         union {
1738                 uint64_t i8;
1739                 uint32_t i4;
1740                 uint16_t i2;
1741                 uint8_t i1;
1742         } u;
1743 
1744         if (mdb_ctf_type_resolve(id, &base) == -1) {
1745                 mdb_warn("could not resolve type");
1746                 return (-1);
1747         }
1748 
1749         /*
1750          * If the user gives -a, then always print out the address of the
1751          * member.
1752          */
1753         if ((pap->pa_flags & PA_SHOWADDR)) {
1754                 mdb_printf("%#lr\n", addr);
1755                 return (0);
1756         }
1757 
1758 again:
1759         switch (mdb_ctf_type_kind(base)) {
1760         case CTF_K_POINTER:
1761                 if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as,
1762                     &value, sizeof (value), addr) != sizeof (value)) {
1763                         mdb_warn("failed to read pointer at %p", addr);
1764                         return (-1);
1765                 }
1766                 mdb_printf("%#lr\n", value);
1767                 break;
1768 
1769         case CTF_K_ENUM:
1770                 if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as, &enum_value,
1771                     sizeof (enum_value), addr) != sizeof (enum_value)) {
1772                         mdb_warn("failed to read enum at %llx", addr);
1773                         return (-1);
1774                 }
1775                 mdb_printf("%#r\n", enum_value);
1776                 break;
1777 
1778         case CTF_K_INTEGER:
1779                 if (mdb_ctf_type_encoding(base, &e) != 0) {
1780                         mdb_warn("could not get type encoding\n");
1781                         return (-1);
1782                 }
1783 
1784                 /*
1785                  * For immediate values, we just print out the value.
1786                  */
1787                 size = e.cte_bits / NBBY;
1788                 if (size > 8 || (e.cte_bits % NBBY) != 0 ||
1789                     (size & (size - 1)) != 0) {
1790                         return (print_bitfield(off, pap, &e));
1791                 }
1792 
1793                 if (mdb_tgt_aread(pap->pa_tgt, pap->pa_as, &u.i8, size,
1794                     addr) != size) {
1795                         mdb_warn("failed to read %lu bytes at %p",
1796                             (ulong_t)size, pap->pa_addr);
1797                         return (-1);
1798                 }
1799 
1800                 switch (size) {
1801                 case sizeof (uint8_t):
1802                         mdb_printf(fsp[0], u.i1);
1803                         break;
1804                 case sizeof (uint16_t):
1805                         mdb_printf(fsp[1], u.i2);
1806                         break;
1807                 case sizeof (uint32_t):
1808                         mdb_printf(fsp[2], u.i4);
1809                         break;
1810                 case sizeof (uint64_t):
1811                         mdb_printf(fsp[3], u.i8);
1812                         break;
1813                 }
1814                 mdb_printf("\n");
1815                 break;
1816 
1817         case CTF_K_FUNCTION:
1818         case CTF_K_FLOAT:
1819         case CTF_K_ARRAY:
1820         case CTF_K_UNKNOWN:
1821         case CTF_K_STRUCT:
1822         case CTF_K_UNION:
1823         case CTF_K_FORWARD:
1824                 /*
1825                  * For these types, always print the address of the member
1826                  */
1827                 mdb_printf("%#lr\n", addr);
1828                 break;
1829 
1830         default:
1831                 mdb_warn("unknown type %d", mdb_ctf_type_kind(base));
1832                 break;
1833         }
1834 
1835         return (0);
1836 }
1837 
1838 static int
1839 parse_delimiter(char **strp)
1840 {
1841         switch (**strp) {
1842         case '\0':
1843                 return (MEMBER_DELIM_DONE);
1844 
1845         case '.':
1846                 *strp = *strp + 1;
1847                 return (MEMBER_DELIM_DOT);
1848 
1849         case '[':
1850                 *strp = *strp + 1;
1851                 return (MEMBER_DELIM_LBR);
1852 
1853         case '-':
1854                 *strp = *strp + 1;
1855                 if (**strp == '>') {
1856                         *strp = *strp + 1;
1857                         return (MEMBER_DELIM_PTR);
1858                 }
1859                 *strp = *strp - 1;
1860                 /*FALLTHROUGH*/
1861         default:
1862                 return (MEMBER_DELIM_ERR);
1863         }
1864 }
1865 
1866 static int
1867 deref(printarg_t *pap, size_t size)
1868 {
1869         uint32_t a32;
1870         mdb_tgt_as_t as = pap->pa_as;
1871         mdb_tgt_addr_t *ap = &pap->pa_addr;
1872 
1873         if (size == sizeof (mdb_tgt_addr_t)) {
1874                 if (mdb_tgt_aread(mdb.m_target, as, ap, size, *ap) == -1) {
1875                         mdb_warn("could not dereference pointer %llx\n", *ap);
1876                         return (-1);
1877                 }
1878         } else {
1879                 if (mdb_tgt_aread(mdb.m_target, as, &a32, size, *ap) == -1) {
1880                         mdb_warn("could not dereference pointer %x\n", *ap);
1881                         return (-1);
1882                 }
1883 
1884                 *ap = (mdb_tgt_addr_t)a32;
1885         }
1886 
1887         /*
1888          * We've dereferenced at least once, we must be on the real
1889          * target. If we were in the immediate target, reset to the real
1890          * target; it's reset as needed when we return to the print
1891          * routines.
1892          */
1893         if (pap->pa_tgt == pap->pa_immtgt)
1894                 pap->pa_tgt = pap->pa_realtgt;
1895 
1896         return (0);
1897 }
1898 
1899 static int
1900 parse_member(printarg_t *pap, const char *str, mdb_ctf_id_t id,
1901     mdb_ctf_id_t *idp, ulong_t *offp, int *last_deref)
1902 {
1903         int delim;
1904         char member[64];
1905         char buf[128];
1906         uint_t index;
1907         char *start = (char *)str;
1908         char *end;
1909         ulong_t off = 0;
1910         mdb_ctf_arinfo_t ar;
1911         mdb_ctf_id_t rid;
1912         int kind;
1913         ssize_t size;
1914         int non_array = FALSE;
1915 
1916         /*
1917          * id always has the unresolved type for printing error messages
1918          * that include the type; rid always has the resolved type for
1919          * use in mdb_ctf_* calls.  It is possible for this command to fail,
1920          * however, if the resolved type is in the parent and it is currently
1921          * unavailable.  Note that we also can't print out the name of the
1922          * type, since that would also rely on looking up the resolved name.
1923          */
1924         if (mdb_ctf_type_resolve(id, &rid) != 0) {
1925                 mdb_warn("failed to resolve type");
1926                 return (-1);
1927         }
1928 
1929         delim = parse_delimiter(&start);
1930         /*
1931          * If the user fails to specify an initial delimiter, guess -> for
1932          * pointer types and . for non-pointer types.
1933          */
1934         if (delim == MEMBER_DELIM_ERR)
1935                 delim = (mdb_ctf_type_kind(rid) == CTF_K_POINTER) ?
1936                     MEMBER_DELIM_PTR : MEMBER_DELIM_DOT;
1937 
1938         *last_deref = FALSE;
1939 
1940         while (delim != MEMBER_DELIM_DONE) {
1941                 switch (delim) {
1942                 case MEMBER_DELIM_PTR:
1943                         kind = mdb_ctf_type_kind(rid);
1944                         if (kind != CTF_K_POINTER) {
1945                                 mdb_warn("%s is not a pointer type\n",
1946                                     mdb_ctf_type_name(id, buf, sizeof (buf)));
1947                                 return (-1);
1948                         }
1949 
1950                         size = mdb_ctf_type_size(id);
1951                         if (deref(pap, size) != 0)
1952                                 return (-1);
1953 
1954                         (void) mdb_ctf_type_reference(rid, &id);
1955                         (void) mdb_ctf_type_resolve(id, &rid);
1956 
1957                         off = 0;
1958                         break;
1959 
1960                 case MEMBER_DELIM_DOT:
1961                         kind = mdb_ctf_type_kind(rid);
1962                         if (kind != CTF_K_STRUCT && kind != CTF_K_UNION) {
1963                                 mdb_warn("%s is not a struct or union type\n",
1964                                     mdb_ctf_type_name(id, buf, sizeof (buf)));
1965                                 return (-1);
1966                         }
1967                         break;
1968 
1969                 case MEMBER_DELIM_LBR:
1970                         end = strchr(start, ']');
1971                         if (end == NULL) {
1972                                 mdb_warn("no trailing ']'\n");
1973                                 return (-1);
1974                         }
1975 
1976                         (void) mdb_snprintf(member, end - start + 1, "%s",
1977                             start);
1978 
1979                         index = mdb_strtoull(member);
1980 
1981                         switch (mdb_ctf_type_kind(rid)) {
1982                         case CTF_K_POINTER:
1983                                 size = mdb_ctf_type_size(rid);
1984 
1985                                 if (deref(pap, size) != 0)
1986                                         return (-1);
1987 
1988                                 (void) mdb_ctf_type_reference(rid, &id);
1989                                 (void) mdb_ctf_type_resolve(id, &rid);
1990 
1991                                 size = mdb_ctf_type_size(id);
1992                                 if (size <= 0) {
1993                                         mdb_warn("cannot dereference void "
1994                                             "type\n");
1995                                         return (-1);
1996                                 }
1997 
1998                                 pap->pa_addr += index * size;
1999                                 off = 0;
2000 
2001                                 if (index == 0 && non_array)
2002                                         *last_deref = TRUE;
2003                                 break;
2004 
2005                         case CTF_K_ARRAY:
2006                                 (void) mdb_ctf_array_info(rid, &ar);
2007 
2008                                 if (index >= ar.mta_nelems) {
2009                                         mdb_warn("index %r is outside of "
2010                                             "array bounds [0 .. %r]\n",
2011                                             index, ar.mta_nelems - 1);
2012                                 }
2013 
2014                                 id = ar.mta_contents;
2015                                 (void) mdb_ctf_type_resolve(id, &rid);
2016 
2017                                 size = mdb_ctf_type_size(id);
2018                                 if (size <= 0) {
2019                                         mdb_warn("cannot dereference void "
2020                                             "type\n");
2021                                         return (-1);
2022                                 }
2023 
2024                                 pap->pa_addr += index * size;
2025                                 off = 0;
2026                                 break;
2027 
2028                         default:
2029                                 mdb_warn("cannot index into non-array, "
2030                                     "non-pointer type\n");
2031                                 return (-1);
2032                         }
2033 
2034                         start = end + 1;
2035                         delim = parse_delimiter(&start);
2036                         continue;
2037 
2038                 case MEMBER_DELIM_ERR:
2039                 default:
2040                         mdb_warn("'%c' is not a valid delimiter\n", *start);
2041                         return (-1);
2042                 }
2043 
2044                 *last_deref = FALSE;
2045                 non_array = TRUE;
2046 
2047                 /*
2048                  * Find the end of the member name; assume that a member
2049                  * name is at least one character long.
2050                  */
2051                 for (end = start + 1; isalnum(*end) || *end == '_'; end++)
2052                         continue;
2053 
2054                 (void) mdb_snprintf(member, end - start + 1, "%s", start);
2055 
2056                 if (mdb_ctf_member_info(rid, member, &off, &id) != 0) {
2057                         mdb_warn("failed to find member %s of %s", member,
2058                             mdb_ctf_type_name(id, buf, sizeof (buf)));
2059                         return (-1);
2060                 }
2061                 (void) mdb_ctf_type_resolve(id, &rid);
2062 
2063                 pap->pa_addr += off / NBBY;
2064 
2065                 start = end;
2066                 delim = parse_delimiter(&start);
2067         }
2068 
2069         *idp = id;
2070         *offp = off;
2071 
2072         return (0);
2073 }
2074 
2075 static int
2076 cmd_print_tab_common(mdb_tab_cookie_t *mcp, uint_t flags, int argc,
2077     const mdb_arg_t *argv)
2078 {
2079         char tn[MDB_SYM_NAMLEN];
2080         char member[64];
2081         int delim, kind;
2082         int ret = 0;
2083         mdb_ctf_id_t id, rid;
2084         mdb_ctf_arinfo_t ar;
2085         char *start, *end;
2086         ulong_t dul;
2087 
2088         if (argc == 0 && !(flags & DCMD_TAB_SPACE))
2089                 return (0);
2090 
2091         if (argc == 0 && (flags & DCMD_TAB_SPACE))
2092                 return (mdb_tab_complete_type(mcp, NULL, MDB_TABC_NOPOINT |
2093                     MDB_TABC_NOARRAY));
2094 
2095         if ((ret = mdb_tab_typename(&argc, &argv, tn, sizeof (tn))) < 0)
2096                 return (ret);
2097 
2098         if (argc == 1 && (!(flags & DCMD_TAB_SPACE) || ret == 1))
2099                 return (mdb_tab_complete_type(mcp, tn, MDB_TABC_NOPOINT |
2100                     MDB_TABC_NOARRAY));
2101 
2102         if (argc == 1 && (flags & DCMD_TAB_SPACE))
2103                 return (mdb_tab_complete_member(mcp, tn, NULL));
2104 
2105         /*
2106          * This is the reason that tab completion was created. We're going to go
2107          * along and walk the delimiters until we find something a member that
2108          * we don't recognize, at which point we'll try and tab complete it.
2109          * Note that ::print takes multiple args, so this is going to operate on
2110          * whatever the last arg that we have is.
2111          */
2112         if (mdb_ctf_lookup_by_name(tn, &id) != 0)
2113                 return (1);
2114 
2115         (void) mdb_ctf_type_resolve(id, &rid);
2116         start = (char *)argv[argc-1].a_un.a_str;
2117         delim = parse_delimiter(&start);
2118 
2119         /*
2120          * If we hit the case where we actually have no delimiters, than we need
2121          * to make sure that we properly set up the fields the loops would.
2122          */
2123         if (delim == MEMBER_DELIM_DONE)
2124                 (void) mdb_snprintf(member, sizeof (member), "%s", start);
2125 
2126         while (delim != MEMBER_DELIM_DONE) {
2127                 switch (delim) {
2128                 case MEMBER_DELIM_PTR:
2129                         kind = mdb_ctf_type_kind(rid);
2130                         if (kind != CTF_K_POINTER)
2131                                 return (1);
2132 
2133                         (void) mdb_ctf_type_reference(rid, &id);
2134                         (void) mdb_ctf_type_resolve(id, &rid);
2135                         break;
2136                 case MEMBER_DELIM_DOT:
2137                         kind = mdb_ctf_type_kind(rid);
2138                         if (kind != CTF_K_STRUCT && kind != CTF_K_UNION)
2139                                 return (1);
2140                         break;
2141                 case MEMBER_DELIM_LBR:
2142                         end = strchr(start, ']');
2143                         /*
2144                          * We're not going to try and tab complete the indexes
2145                          * here. So for now, punt on it. Also, we're not going
2146                          * to try and validate you're within the bounds, just
2147                          * that you get the type you asked for.
2148                          */
2149                         if (end == NULL)
2150                                 return (1);
2151 
2152                         switch (mdb_ctf_type_kind(rid)) {
2153                         case CTF_K_POINTER:
2154                                 (void) mdb_ctf_type_reference(rid, &id);
2155                                 (void) mdb_ctf_type_resolve(id, &rid);
2156                                 break;
2157                         case CTF_K_ARRAY:
2158                                 (void) mdb_ctf_array_info(rid, &ar);
2159                                 id = ar.mta_contents;
2160                                 (void) mdb_ctf_type_resolve(id, &rid);
2161                                 break;
2162                         default:
2163                                 return (1);
2164                         }
2165 
2166                         start = end + 1;
2167                         delim = parse_delimiter(&start);
2168                         break;
2169                 case MEMBER_DELIM_ERR:
2170                 default:
2171                         break;
2172                 }
2173 
2174                 for (end = start + 1; isalnum(*end) || *end == '_'; end++)
2175                         continue;
2176 
2177                 (void) mdb_snprintf(member, end - start + 1, start);
2178 
2179                 /*
2180                  * We are going to try to resolve this name as a member. There
2181                  * are a few two different questions that we need to answer. The
2182                  * first is do we recognize this member. The second is are we at
2183                  * the end of the string. If we encounter a member that we don't
2184                  * recognize before the end, then we have to error out and can't
2185                  * complete it. But if there are no more delimiters then we can
2186                  * try and complete it.
2187                  */
2188                 ret = mdb_ctf_member_info(rid, member, &dul, &id);
2189                 start = end;
2190                 delim = parse_delimiter(&start);
2191                 if (ret != 0 && errno == EMDB_CTFNOMEMB) {
2192                         if (delim != MEMBER_DELIM_DONE)
2193                                 return (1);
2194                         continue;
2195                 } else if (ret != 0)
2196                         return (1);
2197 
2198                 if (delim == MEMBER_DELIM_DONE)
2199                         return (mdb_tab_complete_member_by_id(mcp, rid,
2200                             member));
2201 
2202                 (void) mdb_ctf_type_resolve(id, &rid);
2203         }
2204 
2205         /*
2206          * If we've reached here, then we need to try and tab complete the last
2207          * field, which is currently member, based on the ctf type id that we
2208          * already have in rid.
2209          */
2210         return (mdb_tab_complete_member_by_id(mcp, rid, member));
2211 }
2212 
2213 int
2214 cmd_print_tab(mdb_tab_cookie_t *mcp, uint_t flags, int argc,
2215     const mdb_arg_t *argv)
2216 {
2217         int i, dummy;
2218 
2219         /*
2220          * This getopts is only here to make the tab completion work better when
2221          * including options in the ::print arguments. None of the values should
2222          * be used. This should only be updated with additional arguments, if
2223          * they are added to cmd_print.
2224          */
2225         i = mdb_getopts(argc, argv,
2226             'a', MDB_OPT_SETBITS, PA_SHOWADDR, &dummy,
2227             'C', MDB_OPT_SETBITS, TRUE, &dummy,
2228             'c', MDB_OPT_UINTPTR, &dummy,
2229             'd', MDB_OPT_SETBITS, PA_INTDEC, &dummy,
2230             'h', MDB_OPT_SETBITS, PA_SHOWHOLES, &dummy,
2231             'i', MDB_OPT_SETBITS, TRUE, &dummy,
2232             'L', MDB_OPT_SETBITS, TRUE, &dummy,
2233             'l', MDB_OPT_UINTPTR, &dummy,
2234             'n', MDB_OPT_SETBITS, PA_NOSYMBOLIC, &dummy,
2235             'p', MDB_OPT_SETBITS, TRUE, &dummy,
2236             's', MDB_OPT_UINTPTR, &dummy,
2237             'T', MDB_OPT_SETBITS, PA_SHOWTYPE | PA_SHOWBASETYPE, &dummy,
2238             't', MDB_OPT_SETBITS, PA_SHOWTYPE, &dummy,
2239             'x', MDB_OPT_SETBITS, PA_INTHEX, &dummy,
2240             NULL);
2241 
2242         argc -= i;
2243         argv += i;
2244 
2245         return (cmd_print_tab_common(mcp, flags, argc, argv));
2246 }
2247 
2248 /*
2249  * Recursively descend a print a given data structure.  We create a struct of
2250  * the relevant print arguments and then call mdb_ctf_type_visit() to do the
2251  * traversal, using elt_print() as the callback for each element.
2252  */
2253 /*ARGSUSED*/
2254 int
2255 cmd_print(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2256 {
2257         uintptr_t opt_c = MDB_ARR_NOLIMIT, opt_l = MDB_ARR_NOLIMIT;
2258         uint_t opt_C = FALSE, opt_L = FALSE, opt_p = FALSE, opt_i = FALSE;
2259         uintptr_t opt_s = (uintptr_t)-1ul;
2260         int uflags = (flags & DCMD_ADDRSPEC) ? PA_SHOWVAL : 0;
2261         mdb_ctf_id_t id;
2262         int err = DCMD_OK;
2263 
2264         mdb_tgt_t *t = mdb.m_target;
2265         printarg_t pa;
2266         int d, i;
2267 
2268         char s_name[MDB_SYM_NAMLEN];
2269         mdb_syminfo_t s_info;
2270         GElf_Sym sym;
2271 
2272         /*
2273          * If a new option is added, make sure the getopts above in
2274          * cmd_print_tab is also updated.
2275          */
2276         i = mdb_getopts(argc, argv,
2277             'a', MDB_OPT_SETBITS, PA_SHOWADDR, &uflags,
2278             'C', MDB_OPT_SETBITS, TRUE, &opt_C,
2279             'c', MDB_OPT_UINTPTR, &opt_c,
2280             'd', MDB_OPT_SETBITS, PA_INTDEC, &uflags,
2281             'h', MDB_OPT_SETBITS, PA_SHOWHOLES, &uflags,
2282             'i', MDB_OPT_SETBITS, TRUE, &opt_i,
2283             'L', MDB_OPT_SETBITS, TRUE, &opt_L,
2284             'l', MDB_OPT_UINTPTR, &opt_l,
2285             'n', MDB_OPT_SETBITS, PA_NOSYMBOLIC, &uflags,
2286             'p', MDB_OPT_SETBITS, TRUE, &opt_p,
2287             's', MDB_OPT_UINTPTR, &opt_s,
2288             'T', MDB_OPT_SETBITS, PA_SHOWTYPE | PA_SHOWBASETYPE, &uflags,
2289             't', MDB_OPT_SETBITS, PA_SHOWTYPE, &uflags,
2290             'x', MDB_OPT_SETBITS, PA_INTHEX, &uflags,
2291             NULL);
2292 
2293         if (uflags & PA_INTHEX)
2294                 uflags &= ~PA_INTDEC;       /* -x and -d are mutually exclusive */
2295 
2296         uflags |= PA_SHOWNAME;
2297 
2298         if (opt_p && opt_i) {
2299                 mdb_warn("-p and -i options are incompatible\n");
2300                 return (DCMD_ERR);
2301         }
2302 
2303         argc -= i;
2304         argv += i;
2305 
2306         if (argc != 0 && argv->a_type == MDB_TYPE_STRING) {
2307                 const char *t_name = s_name;
2308                 int ret;
2309 
2310                 if (strchr("+-", argv->a_un.a_str[0]) != NULL)
2311                         return (DCMD_USAGE);
2312 
2313                 if ((ret = args_to_typename(&argc, &argv, s_name,
2314                     sizeof (s_name))) != 0)
2315                         return (ret);
2316 
2317                 if (mdb_ctf_lookup_by_name(t_name, &id) != 0) {
2318                         if (!(flags & DCMD_ADDRSPEC) || opt_i ||
2319                             addr_to_sym(t, addr, s_name, sizeof (s_name),
2320                             &sym, &s_info) == NULL ||
2321                             mdb_ctf_lookup_by_symbol(&sym, &s_info, &id) != 0) {
2322 
2323                                 mdb_warn("failed to look up type %s", t_name);
2324                                 return (DCMD_ABORT);
2325                         }
2326                 } else {
2327                         argc--;
2328                         argv++;
2329                 }
2330 
2331         } else if (!(flags & DCMD_ADDRSPEC) || opt_i) {
2332                 return (DCMD_USAGE);
2333 
2334         } else if (addr_to_sym(t, addr, s_name, sizeof (s_name),
2335             &sym, &s_info) == NULL) {
2336                 mdb_warn("no symbol information for %a", addr);
2337                 return (DCMD_ERR);
2338 
2339         } else if (mdb_ctf_lookup_by_symbol(&sym, &s_info, &id) != 0) {
2340                 mdb_warn("no type data available for %a [%u]", addr,
2341                     s_info.sym_id);
2342                 return (DCMD_ERR);
2343         }
2344 
2345         pa.pa_tgt = mdb.m_target;
2346         pa.pa_realtgt = pa.pa_tgt;
2347         pa.pa_immtgt = NULL;
2348         pa.pa_as = opt_p ? MDB_TGT_AS_PHYS : MDB_TGT_AS_VIRT;
2349         pa.pa_armemlim = mdb.m_armemlim;
2350         pa.pa_arstrlim = mdb.m_arstrlim;
2351         pa.pa_delim = "\n";
2352         pa.pa_flags = uflags;
2353         pa.pa_nest = 0;
2354         pa.pa_tab = 4;
2355         pa.pa_prefix = NULL;
2356         pa.pa_suffix = NULL;
2357         pa.pa_holes = NULL;
2358         pa.pa_nholes = 0;
2359         pa.pa_depth = 0;
2360         pa.pa_maxdepth = opt_s;
2361         pa.pa_nooutdepth = (uint_t)-1;
2362 
2363         if ((flags & DCMD_ADDRSPEC) && !opt_i)
2364                 pa.pa_addr = opt_p ? mdb_get_dot() : addr;
2365         else
2366                 pa.pa_addr = NULL;
2367 
2368         if (opt_i) {
2369                 const char *vargv[2];
2370                 uintmax_t dot = mdb_get_dot();
2371                 size_t outsize = mdb_ctf_type_size(id);
2372                 vargv[0] = (const char *)&dot;
2373                 vargv[1] = (const char *)&outsize;
2374                 pa.pa_immtgt = mdb_tgt_create(mdb_value_tgt_create,
2375                     0, 2, vargv);
2376                 pa.pa_tgt = pa.pa_immtgt;
2377         }
2378 
2379         if (opt_c != MDB_ARR_NOLIMIT)
2380                 pa.pa_arstrlim = opt_c;
2381         if (opt_C)
2382                 pa.pa_arstrlim = MDB_ARR_NOLIMIT;
2383         if (opt_l != MDB_ARR_NOLIMIT)
2384                 pa.pa_armemlim = opt_l;
2385         if (opt_L)
2386                 pa.pa_armemlim = MDB_ARR_NOLIMIT;
2387 
2388         if (argc > 0) {
2389                 for (i = 0; i < argc; i++) {
2390                         mdb_ctf_id_t mid;
2391                         int last_deref;
2392                         ulong_t off;
2393                         int kind;
2394                         char buf[MDB_SYM_NAMLEN];
2395 
2396                         mdb_tgt_t *oldtgt = pa.pa_tgt;
2397                         mdb_tgt_as_t oldas = pa.pa_as;
2398                         mdb_tgt_addr_t oldaddr = pa.pa_addr;
2399 
2400                         if (argv->a_type == MDB_TYPE_STRING) {
2401                                 const char *member = argv[i].a_un.a_str;
2402                                 mdb_ctf_id_t rid;
2403 
2404                                 if (parse_member(&pa, member, id, &mid,
2405                                     &off, &last_deref) != 0) {
2406                                         err = DCMD_ABORT;
2407                                         goto out;
2408                                 }
2409 
2410                                 /*
2411                                  * If the member string ends with a "[0]"
2412                                  * (last_deref * is true) and the type is a
2413                                  * structure or union, * print "->" rather
2414                                  * than "[0]." in elt_print.
2415                                  */
2416                                 (void) mdb_ctf_type_resolve(mid, &rid);
2417                                 kind = mdb_ctf_type_kind(rid);
2418                                 if (last_deref && IS_SOU(kind)) {
2419                                         char *end;
2420                                         (void) mdb_snprintf(buf, sizeof (buf),
2421                                             "%s", member);
2422                                         end = strrchr(buf, '[');
2423                                         *end = '\0';
2424                                         pa.pa_suffix = "->";
2425                                         member = &buf[0];
2426                                 } else if (IS_SOU(kind)) {
2427                                         pa.pa_suffix = ".";
2428                                 } else {
2429                                         pa.pa_suffix = "";
2430                                 }
2431 
2432                                 pa.pa_prefix = member;
2433                         } else {
2434                                 ulong_t moff;
2435 
2436                                 moff = (ulong_t)argv[i].a_un.a_val;
2437 
2438                                 if (mdb_ctf_offset_to_name(id, moff * NBBY,
2439                                     buf, sizeof (buf), 0, &mid, &off) == -1) {
2440                                         mdb_warn("invalid offset %lx\n", moff);
2441                                         err = DCMD_ABORT;
2442                                         goto out;
2443                                 }
2444 
2445                                 pa.pa_prefix = buf;
2446                                 pa.pa_addr += moff - off / NBBY;
2447                                 pa.pa_suffix = strlen(buf) == 0 ? "" : ".";
2448                         }
2449 
2450                         off %= NBBY;
2451                         if (flags & DCMD_PIPE_OUT) {
2452                                 if (pipe_print(mid, off, &pa) != 0) {
2453                                         mdb_warn("failed to print type");
2454                                         err = DCMD_ERR;
2455                                         goto out;
2456                                 }
2457                         } else if (off != 0) {
2458                                 mdb_ctf_id_t base;
2459                                 (void) mdb_ctf_type_resolve(mid, &base);
2460 
2461                                 if (elt_print("", mid, base, off, 0,
2462                                     &pa) != 0) {
2463                                         mdb_warn("failed to print type");
2464                                         err = DCMD_ERR;
2465                                         goto out;
2466                                 }
2467                         } else {
2468                                 if (mdb_ctf_type_visit(mid, elt_print,
2469                                     &pa) == -1) {
2470                                         mdb_warn("failed to print type");
2471                                         err = DCMD_ERR;
2472                                         goto out;
2473                                 }
2474 
2475                                 for (d = pa.pa_depth - 1; d >= 0; d--)
2476                                         print_close_sou(&pa, d);
2477                         }
2478 
2479                         pa.pa_depth = 0;
2480                         pa.pa_tgt = oldtgt;
2481                         pa.pa_as = oldas;
2482                         pa.pa_addr = oldaddr;
2483                         pa.pa_delim = "\n";
2484                 }
2485 
2486         } else if (flags & DCMD_PIPE_OUT) {
2487                 if (pipe_print(id, 0, &pa) != 0) {
2488                         mdb_warn("failed to print type");
2489                         err = DCMD_ERR;
2490                         goto out;
2491                 }
2492         } else {
2493                 if (mdb_ctf_type_visit(id, elt_print, &pa) == -1) {
2494                         mdb_warn("failed to print type");
2495                         err = DCMD_ERR;
2496                         goto out;
2497                 }
2498 
2499                 for (d = pa.pa_depth - 1; d >= 0; d--)
2500                         print_close_sou(&pa, d);
2501         }
2502 
2503         mdb_set_dot(addr + mdb_ctf_type_size(id));
2504         err = DCMD_OK;
2505 out:
2506         if (pa.pa_immtgt)
2507                 mdb_tgt_destroy(pa.pa_immtgt);
2508         return (err);
2509 }
2510 
2511 void
2512 print_help(void)
2513 {
2514         mdb_printf(
2515             "-a         show address of object\n"
2516             "-C         unlimit the length of character arrays\n"
2517             "-c limit   limit the length of character arrays\n"
2518             "-d         output values in decimal\n"
2519             "-h         print holes in structures\n"
2520             "-i         interpret address as data of the given type\n"
2521             "-L         unlimit the length of standard arrays\n"
2522             "-l limit   limit the length of standard arrays\n"
2523             "-n         don't print pointers as symbol offsets\n"
2524             "-p         interpret address as a physical memory address\n"
2525             "-s depth   limit the recursion depth\n"
2526             "-T         show type and <<base type>> of object\n"
2527             "-t         show type of object\n"
2528             "-x         output values in hexadecimal\n"
2529             "\n"
2530             "type may be omitted if the C type of addr can be inferred.\n"
2531             "\n"
2532             "Members may be specified with standard C syntax using the\n"
2533             "array indexing operator \"[index]\", structure member\n"
2534             "operator \".\", or structure pointer operator \"->\".\n"
2535             "\n"
2536             "Offsets must use the $[ expression ] syntax\n");
2537 }
2538 
2539 static int
2540 printf_signed(mdb_ctf_id_t id, uintptr_t addr, ulong_t off, char *fmt,
2541     boolean_t sign)
2542 {
2543         ssize_t size;
2544         mdb_ctf_id_t base;
2545         ctf_encoding_t e;
2546 
2547         union {
2548                 uint64_t ui8;
2549                 uint32_t ui4;
2550                 uint16_t ui2;
2551                 uint8_t ui1;
2552                 int64_t i8;
2553                 int32_t i4;
2554                 int16_t i2;
2555                 int8_t i1;
2556         } u;
2557 
2558         if (mdb_ctf_type_resolve(id, &base) == -1) {
2559                 mdb_warn("could not resolve type");
2560                 return (DCMD_ABORT);
2561         }
2562 
2563         if (mdb_ctf_type_kind(base) != CTF_K_INTEGER) {
2564                 mdb_warn("expected integer type\n");
2565                 return (DCMD_ABORT);
2566         }
2567 
2568         if (mdb_ctf_type_encoding(base, &e) != 0) {
2569                 mdb_warn("could not get type encoding");
2570                 return (DCMD_ABORT);
2571         }
2572 
2573         if (sign)
2574                 sign = e.cte_format & CTF_INT_SIGNED;
2575 
2576         size = e.cte_bits / NBBY;
2577 
2578         /*
2579          * Check to see if our life has been complicated by the presence of
2580          * a bitfield.  If it has, we will print it using logic that is only
2581          * slightly different than that found in print_bitfield(), above.  (In
2582          * particular, see the comments there for an explanation of the
2583          * endianness differences in this code.)
2584          */
2585         if (size > 8 || (e.cte_bits % NBBY) != 0 ||
2586             (size & (size - 1)) != 0) {
2587                 uint64_t mask = (1ULL << e.cte_bits) - 1;
2588                 uint64_t value = 0;
2589                 uint8_t *buf = (uint8_t *)&value;
2590                 uint8_t shift;
2591 
2592                 /*
2593                  * Round our size up one byte.
2594                  */
2595                 size = (e.cte_bits + (NBBY - 1)) / NBBY;
2596 
2597                 if (e.cte_bits > sizeof (value) * NBBY - 1) {
2598                         mdb_printf("invalid bitfield size %u", e.cte_bits);
2599                         return (DCMD_ABORT);
2600                 }
2601 
2602 #ifdef _BIG_ENDIAN
2603                 buf += sizeof (value) - size;
2604                 off += e.cte_bits;
2605 #endif
2606 
2607                 if (mdb_vread(buf, size, addr) == -1) {
2608                         mdb_warn("failed to read %lu bytes at %p", size, addr);
2609                         return (DCMD_ERR);
2610                 }
2611 
2612                 shift = off % NBBY;
2613 #ifdef _BIG_ENDIAN
2614                 shift = NBBY - shift;
2615 #endif
2616 
2617                 /*
2618                  * If we have a bit offset within the byte, shift it down.
2619                  */
2620                 if (off % NBBY != 0)
2621                         value >>= shift;
2622                 value &= mask;
2623 
2624                 if (sign) {
2625                         int sshift = sizeof (value) * NBBY - e.cte_bits;
2626                         value = ((int64_t)value << sshift) >> sshift;
2627                 }
2628 
2629                 mdb_printf(fmt, value);
2630                 return (0);
2631         }
2632 
2633         if (mdb_vread(&u.i8, size, addr) == -1) {
2634                 mdb_warn("failed to read %lu bytes at %p", (ulong_t)size, addr);
2635                 return (DCMD_ERR);
2636         }
2637 
2638         switch (size) {
2639         case sizeof (uint8_t):
2640                 mdb_printf(fmt, (uint64_t)(sign ? u.i1 : u.ui1));
2641                 break;
2642         case sizeof (uint16_t):
2643                 mdb_printf(fmt, (uint64_t)(sign ? u.i2 : u.ui2));
2644                 break;
2645         case sizeof (uint32_t):
2646                 mdb_printf(fmt, (uint64_t)(sign ? u.i4 : u.ui4));
2647                 break;
2648         case sizeof (uint64_t):
2649                 mdb_printf(fmt, (uint64_t)(sign ? u.i8 : u.ui8));
2650                 break;
2651         }
2652 
2653         return (0);
2654 }
2655 
2656 static int
2657 printf_int(mdb_ctf_id_t id, uintptr_t addr, ulong_t off, char *fmt)
2658 {
2659         return (printf_signed(id, addr, off, fmt, B_TRUE));
2660 }
2661 
2662 static int
2663 printf_uint(mdb_ctf_id_t id, uintptr_t addr, ulong_t off, char *fmt)
2664 {
2665         return (printf_signed(id, addr, off, fmt, B_FALSE));
2666 }
2667 
2668 /*ARGSUSED*/
2669 static int
2670 printf_uint32(mdb_ctf_id_t id, uintptr_t addr, ulong_t off, char *fmt)
2671 {
2672         mdb_ctf_id_t base;
2673         ctf_encoding_t e;
2674         uint32_t value;
2675 
2676         if (mdb_ctf_type_resolve(id, &base) == -1) {
2677                 mdb_warn("could not resolve type\n");
2678                 return (DCMD_ABORT);
2679         }
2680 
2681         if (mdb_ctf_type_kind(base) != CTF_K_INTEGER ||
2682             mdb_ctf_type_encoding(base, &e) != 0 ||
2683             e.cte_bits / NBBY != sizeof (value)) {
2684                 mdb_warn("expected 32-bit integer type\n");
2685                 return (DCMD_ABORT);
2686         }
2687 
2688         if (mdb_vread(&value, sizeof (value), addr) == -1) {
2689                 mdb_warn("failed to read 32-bit value at %p", addr);
2690                 return (DCMD_ERR);
2691         }
2692 
2693         mdb_printf(fmt, value);
2694 
2695         return (0);
2696 }
2697 
2698 /*ARGSUSED*/
2699 static int
2700 printf_ptr(mdb_ctf_id_t id, uintptr_t addr, ulong_t off, char *fmt)
2701 {
2702         uintptr_t value;
2703         mdb_ctf_id_t base;
2704 
2705         if (mdb_ctf_type_resolve(id, &base) == -1) {
2706                 mdb_warn("could not resolve type\n");
2707                 return (DCMD_ABORT);
2708         }
2709 
2710         if (mdb_ctf_type_kind(base) != CTF_K_POINTER) {
2711                 mdb_warn("expected pointer type\n");
2712                 return (DCMD_ABORT);
2713         }
2714 
2715         if (mdb_vread(&value, sizeof (value), addr) == -1) {
2716                 mdb_warn("failed to read pointer at %llx", addr);
2717                 return (DCMD_ERR);
2718         }
2719 
2720         mdb_printf(fmt, value);
2721 
2722         return (0);
2723 }
2724 
2725 /*ARGSUSED*/
2726 static int
2727 printf_string(mdb_ctf_id_t id, uintptr_t addr, ulong_t off, char *fmt)
2728 {
2729         mdb_ctf_id_t base;
2730         mdb_ctf_arinfo_t r;
2731         char buf[1024];
2732         ssize_t size;
2733 
2734         if (mdb_ctf_type_resolve(id, &base) == -1) {
2735                 mdb_warn("could not resolve type");
2736                 return (DCMD_ABORT);
2737         }
2738 
2739         if (mdb_ctf_type_kind(base) == CTF_K_POINTER) {
2740                 uintptr_t value;
2741 
2742                 if (mdb_vread(&value, sizeof (value), addr) == -1) {
2743                         mdb_warn("failed to read pointer at %llx", addr);
2744                         return (DCMD_ERR);
2745                 }
2746 
2747                 if (mdb_readstr(buf, sizeof (buf) - 1, value) < 0) {
2748                         mdb_warn("failed to read string at %llx", value);
2749                         return (DCMD_ERR);
2750                 }
2751 
2752                 mdb_printf(fmt, buf);
2753                 return (0);
2754         }
2755 
2756         if (mdb_ctf_type_kind(base) != CTF_K_ARRAY) {
2757                 mdb_warn("exepected pointer or array type\n");
2758                 return (DCMD_ABORT);
2759         }
2760 
2761         if (mdb_ctf_array_info(base, &r) == -1 ||
2762             mdb_ctf_type_resolve(r.mta_contents, &base) == -1 ||
2763             (size = mdb_ctf_type_size(base)) == -1) {
2764                 mdb_warn("can't determine array type");
2765                 return (DCMD_ABORT);
2766         }
2767 
2768         if (size != 1) {
2769                 mdb_warn("string format specifier requires "
2770                     "an array of characters\n");
2771                 return (DCMD_ABORT);
2772         }
2773 
2774         bzero(buf, sizeof (buf));
2775 
2776         if (mdb_vread(buf, MIN(r.mta_nelems, sizeof (buf) - 1), addr) == -1) {
2777                 mdb_warn("failed to read array at %p", addr);
2778                 return (DCMD_ERR);
2779         }
2780 
2781         mdb_printf(fmt, buf);
2782 
2783         return (0);
2784 }
2785 
2786 /*ARGSUSED*/
2787 static int
2788 printf_ipv6(mdb_ctf_id_t id, uintptr_t addr, ulong_t off, char *fmt)
2789 {
2790         mdb_ctf_id_t base;
2791         mdb_ctf_id_t ipv6_type, ipv6_base;
2792         in6_addr_t ipv6;
2793 
2794         if (mdb_ctf_lookup_by_name("in6_addr_t", &ipv6_type) == -1) {
2795                 mdb_warn("could not resolve in6_addr_t type\n");
2796                 return (DCMD_ABORT);
2797         }
2798 
2799         if (mdb_ctf_type_resolve(id, &base) == -1) {
2800                 mdb_warn("could not resolve type\n");
2801                 return (DCMD_ABORT);
2802         }
2803 
2804         if (mdb_ctf_type_resolve(ipv6_type, &ipv6_base) == -1) {
2805                 mdb_warn("could not resolve in6_addr_t type\n");
2806                 return (DCMD_ABORT);
2807         }
2808 
2809         if (mdb_ctf_type_cmp(base, ipv6_base) != 0) {
2810                 mdb_warn("requires argument of type in6_addr_t\n");
2811                 return (DCMD_ABORT);
2812         }
2813 
2814         if (mdb_vread(&ipv6, sizeof (ipv6), addr) == -1) {
2815                 mdb_warn("couldn't read in6_addr_t at %p", addr);
2816                 return (DCMD_ERR);
2817         }
2818 
2819         mdb_printf(fmt, &ipv6);
2820 
2821         return (0);
2822 }
2823 
2824 /*
2825  * To validate the format string specified to ::printf, we run the format
2826  * string through a very simple state machine that restricts us to a subset
2827  * of mdb_printf() functionality.
2828  */
2829 enum {
2830         PRINTF_NOFMT = 1,               /* no current format specifier */
2831         PRINTF_PERC,                    /* processed '%' */
2832         PRINTF_FMT,                     /* processing format specifier */
2833         PRINTF_LEFT,                    /* processed '-', expecting width */
2834         PRINTF_WIDTH,                   /* processing width */
2835         PRINTF_QUES                     /* processed '?', expecting format */
2836 };
2837 
2838 int
2839 cmd_printf_tab(mdb_tab_cookie_t *mcp, uint_t flags, int argc,
2840     const mdb_arg_t *argv)
2841 {
2842         int ii;
2843         char *f;
2844 
2845         /*
2846          * If argc doesn't have more than what should be the format string,
2847          * ignore it.
2848          */
2849         if (argc <= 1)
2850                 return (0);
2851 
2852         /*
2853          * Because we aren't leveraging the lex and yacc engine, we have to
2854          * manually walk the arguments to find both the first and last
2855          * open/close quote of the format string.
2856          */
2857         f = strchr(argv[0].a_un.a_str, '"');
2858         if (f == NULL)
2859                 return (0);
2860 
2861         f = strchr(f + 1, '"');
2862         if (f != NULL) {
2863                 ii = 0;
2864         } else {
2865                 for (ii = 1; ii < argc; ii++) {
2866                         if (argv[ii].a_type != MDB_TYPE_STRING)
2867                                 continue;
2868                         f = strchr(argv[ii].a_un.a_str, '"');
2869                         if (f != NULL)
2870                                 break;
2871                 }
2872                 /* Never found */
2873                 if (ii == argc)
2874                         return (0);
2875         }
2876 
2877         ii++;
2878         argc -= ii;
2879         argv += ii;
2880 
2881         return (cmd_print_tab_common(mcp, flags, argc, argv));
2882 }
2883 
2884 int
2885 cmd_printf(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
2886 {
2887         char type[MDB_SYM_NAMLEN];
2888         int i, nfmts = 0, ret;
2889         mdb_ctf_id_t id;
2890         const char *fmt, *member;
2891         char **fmts, *last, *dest, f;
2892         int (**funcs)(mdb_ctf_id_t, uintptr_t, ulong_t, char *);
2893         int state = PRINTF_NOFMT;
2894         printarg_t pa;
2895 
2896         if (!(flags & DCMD_ADDRSPEC))
2897                 return (DCMD_USAGE);
2898 
2899         bzero(&pa, sizeof (pa));
2900         pa.pa_as = MDB_TGT_AS_VIRT;
2901         pa.pa_realtgt = pa.pa_tgt = mdb.m_target;
2902 
2903         if (argc == 0 || argv[0].a_type != MDB_TYPE_STRING) {
2904                 mdb_warn("expected a format string\n");
2905                 return (DCMD_USAGE);
2906         }
2907 
2908         /*
2909          * Our first argument is a format string; rip it apart and run it
2910          * through our state machine to validate that our input is within the
2911          * subset of mdb_printf() format strings that we allow.
2912          */
2913         fmt = argv[0].a_un.a_str;
2914         /*
2915          * 'dest' must be large enough to hold a copy of the format string,
2916          * plus a NUL and up to 2 additional characters for each conversion
2917          * in the format string.  This gives us a bloat factor of 5/2 ~= 3.
2918          *   e.g. "%d" (strlen of 2) --> "%lld\0" (need 5 bytes)
2919          */
2920         dest = mdb_zalloc(strlen(fmt) * 3, UM_SLEEP | UM_GC);
2921         fmts = mdb_zalloc(strlen(fmt) * sizeof (char *), UM_SLEEP | UM_GC);
2922         funcs = mdb_zalloc(strlen(fmt) * sizeof (void *), UM_SLEEP | UM_GC);
2923         last = dest;
2924 
2925         for (i = 0; fmt[i] != '\0'; i++) {
2926                 *dest++ = f = fmt[i];
2927 
2928                 switch (state) {
2929                 case PRINTF_NOFMT:
2930                         state = f == '%' ? PRINTF_PERC : PRINTF_NOFMT;
2931                         break;
2932 
2933                 case PRINTF_PERC:
2934                         state = f == '-' ? PRINTF_LEFT :
2935                             f >= '0' && f <= '9' ? PRINTF_WIDTH :
2936                             f == '?' ? PRINTF_QUES :
2937                             f == '%' ? PRINTF_NOFMT : PRINTF_FMT;
2938                         break;
2939 
2940                 case PRINTF_LEFT:
2941                         state = f >= '0' && f <= '9' ? PRINTF_WIDTH :
2942                             f == '?' ? PRINTF_QUES : PRINTF_FMT;
2943                         break;
2944 
2945                 case PRINTF_WIDTH:
2946                         state = f >= '0' && f <= '9' ? PRINTF_WIDTH :
2947                             PRINTF_FMT;
2948                         break;
2949 
2950                 case PRINTF_QUES:
2951                         state = PRINTF_FMT;
2952                         break;
2953                 }
2954 
2955                 if (state != PRINTF_FMT)
2956                         continue;
2957 
2958                 dest--;
2959 
2960                 /*
2961                  * Now check that we have one of our valid format characters.
2962                  */
2963                 switch (f) {
2964                 case 'a':
2965                 case 'A':
2966                 case 'p':
2967                         funcs[nfmts] = printf_ptr;
2968                         break;
2969 
2970                 case 'd':
2971                 case 'q':
2972                 case 'R':
2973                         funcs[nfmts] = printf_int;
2974                         *dest++ = 'l';
2975                         *dest++ = 'l';
2976                         break;
2977 
2978                 case 'I':
2979                         funcs[nfmts] = printf_uint32;
2980                         break;
2981 
2982                 case 'N':
2983                         funcs[nfmts] = printf_ipv6;
2984                         break;
2985 
2986                 case 'H':
2987                 case 'o':
2988                 case 'r':
2989                 case 'u':
2990                 case 'x':
2991                 case 'X':
2992                         funcs[nfmts] = printf_uint;
2993                         *dest++ = 'l';
2994                         *dest++ = 'l';
2995                         break;
2996 
2997                 case 's':
2998                         funcs[nfmts] = printf_string;
2999                         break;
3000 
3001                 case 'Y':
3002                         funcs[nfmts] = sizeof (time_t) == sizeof (int) ?
3003                             printf_uint32 : printf_uint;
3004                         break;
3005 
3006                 default:
3007                         mdb_warn("illegal format string at or near "
3008                             "'%c' (position %d)\n", f, i + 1);
3009                         return (DCMD_ABORT);
3010                 }
3011 
3012                 *dest++ = f;
3013                 *dest++ = '\0';
3014                 fmts[nfmts++] = last;
3015                 last = dest;
3016                 state = PRINTF_NOFMT;
3017         }
3018 
3019         argc--;
3020         argv++;
3021 
3022         /*
3023          * Now we expect a type name.
3024          */
3025         if ((ret = args_to_typename(&argc, &argv, type, sizeof (type))) != 0)
3026                 return (ret);
3027 
3028         argv++;
3029         argc--;
3030 
3031         if (mdb_ctf_lookup_by_name(type, &id) != 0) {
3032                 mdb_warn("failed to look up type %s", type);
3033                 return (DCMD_ABORT);
3034         }
3035 
3036         if (argc == 0) {
3037                 mdb_warn("at least one member must be specified\n");
3038                 return (DCMD_USAGE);
3039         }
3040 
3041         if (argc != nfmts) {
3042                 mdb_warn("%s format specifiers (found %d, expected %d)\n",
3043                     argc > nfmts ? "missing" : "extra", nfmts, argc);
3044                 return (DCMD_ABORT);
3045         }
3046 
3047         for (i = 0; i < argc; i++) {
3048                 mdb_ctf_id_t mid;
3049                 ulong_t off;
3050                 int ignored;
3051 
3052                 if (argv[i].a_type != MDB_TYPE_STRING) {
3053                         mdb_warn("expected only type member arguments\n");
3054                         return (DCMD_ABORT);
3055                 }
3056 
3057                 if (strcmp((member = argv[i].a_un.a_str), ".") == 0) {
3058                         /*
3059                          * We allow "." to be specified to denote the current
3060                          * value of dot.
3061                          */
3062                         if (funcs[i] != printf_ptr && funcs[i] != printf_uint &&
3063                             funcs[i] != printf_int) {
3064                                 mdb_warn("expected integer or pointer format "
3065                                     "specifier for '.'\n");
3066                                 return (DCMD_ABORT);
3067                         }
3068 
3069                         mdb_printf(fmts[i], mdb_get_dot());
3070                         continue;
3071                 }
3072 
3073                 pa.pa_addr = addr;
3074 
3075                 if (parse_member(&pa, member, id, &mid, &off, &ignored) != 0)
3076                         return (DCMD_ABORT);
3077 
3078                 if ((ret = funcs[i](mid, pa.pa_addr, off, fmts[i])) != 0) {
3079                         mdb_warn("failed to print member '%s'\n", member);
3080                         return (ret);
3081                 }
3082         }
3083 
3084         mdb_printf("%s", last);
3085 
3086         return (DCMD_OK);
3087 }
3088 
3089 static char _mdb_printf_help[] =
3090 "The format string argument is a printf(3C)-like format string that is a\n"
3091 "subset of the format strings supported by mdb_printf().  The type argument\n"
3092 "is the name of a type to be used to interpret the memory referenced by dot.\n"
3093 "The member should either be a field in the specified structure, or the\n"
3094 "special member '.', denoting the value of dot (and treated as a pointer).\n"
3095 "The number of members must match the number of format specifiers in the\n"
3096 "format string.\n"
3097 "\n"
3098 "The following format specifiers are recognized by ::printf:\n"
3099 "\n"
3100 "  %%    Prints the '%' symbol.\n"
3101 "  %a    Prints the member in symbolic form.\n"
3102 "  %d    Prints the member as a decimal integer.  If the member is a signed\n"
3103 "        integer type, the output will be signed.\n"
3104 "  %H    Prints the member as a human-readable size.\n"
3105 "  %I    Prints the member as an IPv4 address (must be 32-bit integer type).\n"
3106 "  %N    Prints the member as an IPv6 address (must be of type in6_addr_t).\n"
3107 "  %o    Prints the member as an unsigned octal integer.\n"
3108 "  %p    Prints the member as a pointer, in hexadecimal.\n"
3109 "  %q    Prints the member in signed octal.  Honk if you ever use this!\n"
3110 "  %r    Prints the member as an unsigned value in the current output radix.\n"
3111 "  %R    Prints the member as a signed value in the current output radix.\n"
3112 "  %s    Prints the member as a string (requires a pointer or an array of\n"
3113 "        characters).\n"
3114 "  %u    Prints the member as an unsigned decimal integer.\n"
3115 "  %x    Prints the member in hexadecimal.\n"
3116 "  %X    Prints the member in hexadecimal, using the characters A-F as the\n"
3117 "        digits for the values 10-15.\n"
3118 "  %Y    Prints the member as a time_t as the string "
3119             "'year month day HH:MM:SS'.\n"
3120 "\n"
3121 "The following field width specifiers are recognized by ::printf:\n"
3122 "\n"
3123 "  %n    Field width is set to the specified decimal value.\n"
3124 "  %?    Field width is set to the maximum width of a hexadecimal pointer\n"
3125 "        value.  This is 8 in an ILP32 environment, and 16 in an LP64\n"
3126 "        environment.\n"
3127 "\n"
3128 "The following flag specifers are recognized by ::printf:\n"
3129 "\n"
3130 "  %-    Left-justify the output within the specified field width.  If the\n"
3131 "        width of the output is less than the specified field width, the\n"
3132 "        output will be padded with blanks on the right-hand side.  Without\n"
3133 "        %-, values are right-justified by default.\n"
3134 "\n"
3135 "  %0    Zero-fill the output field if the output is right-justified and the\n"
3136 "        width of the output is less than the specified field width.  Without\n"
3137 "        %0, right-justified values are prepended with blanks in order to\n"
3138 "        fill the field.\n"
3139 "\n"
3140 "Examples: \n"
3141 "\n"
3142 "  ::walk proc | "
3143         "::printf \"%-6d %s\\n\" proc_t p_pidp->pid_id p_user.u_psargs\n"
3144 "  ::walk thread | "
3145         "::printf \"%?p %3d %a\\n\" kthread_t . t_pri t_startpc\n"
3146 "  ::walk zone | "
3147         "::printf \"%-40s %20s\\n\" zone_t zone_name zone_nodename\n"
3148 "  ::walk ire | "
3149         "::printf \"%Y %I\\n\" ire_t ire_create_time ire_u.ire4_u.ire4_addr\n"
3150 "\n";
3151 
3152 void
3153 printf_help(void)
3154 {
3155         mdb_printf("%s", _mdb_printf_help);
3156 }