Search code examples
simics

Is "step-out" / "step-over-instruction" broken in Simics 2021.24?

Step-out seems to be broken in Simics 2021.24. I did "enable-debugger" but it still doesn't work. Please see below:

simics>
[board.mb.cpu0.core[0][0]] cs:0x00000000def963ae p:0x0def963ae  sbb rax,rax
                                                  sbb rax,rax
cs:0x00000000def963ae p:0x0def963ae  sbb rax,rax
cs:0x00000000def963b1 p:0x0def963b1  and rax,rcx
cs:0x00000000def963b4 p:0x0def963b4  mov rdi,qword ptr [rsp+0x8]
cs:0x00000000def963b9 p:0x0def963b9  ret
cs:0x00000000def963ba p:0x0def963ba  mov rcx,r11
cs:0x00000000def963bd p:0x0def963bd  lea rax,[r9-0x1]
cs:0x00000000def963c1 p:0x0def963c1  shr rdx,cl
cs:0x00000000def963c4 p:0x0def963c4  cmp rdx,rax
cs:0x00000000def963c7 p:0x0def963c7  jb 0xdef96363
cs:0x00000000def963c9 p:0x0def963c9  sub rdx,r9
simics> step-out
simics> da %rip 10
cs:0x00000000def963ae p:0x0def963ae  sbb rax,rax
cs:0x00000000def963b1 p:0x0def963b1  and rax,rcx
cs:0x00000000def963b4 p:0x0def963b4  mov rdi,qword ptr [rsp+0x8]
cs:0x00000000def963b9 p:0x0def963b9  ret
cs:0x00000000def963ba p:0x0def963ba  mov rcx,r11
cs:0x00000000def963bd p:0x0def963bd  lea rax,[r9-0x1]
cs:0x00000000def963c1 p:0x0def963c1  shr rdx,cl
cs:0x00000000def963c4 p:0x0def963c4  cmp rdx,rax
cs:0x00000000def963c7 p:0x0def963c7  jb 0xdef96363
cs:0x00000000def963c9 p:0x0def963c9  sub rdx,r9

Likewise "step-over-instruction" doesn't seem to step over calls, it steps into them...

simics> step-over-instruction
                                                  call rax
cs:0x00000000dee41d19 p:0x0dee41d19  call rax
cs:0x00000000dee41d1b p:0x0dee41d1b  jmp 0xdee41d2d
cs:0x00000000dee41d1d p:0x0dee41d1d  mov rax,qword ptr [rip+0x265bc]
cs:0x00000000dee41d24 p:0x0dee41d24  mov rcx,rbp
cs:0x00000000dee41d27 p:0x0dee41d27  call qword ptr [rax+0xf8]
cs:0x00000000dee41d2d p:0x0dee41d2d  cmp si,r13w
cs:0x00000000dee41d31 p:0x0dee41d31  jb 0xdee41ced
cs:0x00000000dee41d33 p:0x0dee41d33  mov r13d,0x400
cs:0x00000000dee41d39 p:0x0dee41d39  mov eax,dword ptr [rbx+0x114]
cs:0x00000000dee41d3f p:0x0dee41d3f  sub eax,0x10
simics> step-over-instruction
                                                  sub rsp,0x28
cs:0x00000000dee39160 p:0x0dee39160  sub rsp,0x28
cs:0x00000000dee39164 p:0x0dee39164  test rdx,rdx
cs:0x00000000dee39167 p:0x0dee39167  je 0xdee39179
cs:0x00000000dee39169 p:0x0dee39169  mov rax,qword ptr [rip+0x1b58]
cs:0x00000000dee39170 p:0x0dee39170  mov rcx,rdx
cs:0x00000000dee39173 p:0x0dee39173  call qword ptr [rax+0xf8]
cs:0x00000000dee39179 p:0x0dee39179  add rsp,0x28
cs:0x00000000dee3917d p:0x0dee3917d  ret
cs:0x00000000dee3917e p:0x0dee3917e  int3
cs:0x00000000dee3917f p:0x0dee3917f  int3
simics> print -x %rax
0xdee39160

So you can see it called to where rax was set, instead of stepping over the call.

Solution

  • both the step-out and step-over-instruction requires debug information. You can add debug information with add-symbol-file. If you don't have the debug information, you will have to set a breakpoint or run until the instruction after the call. In this case, that would be one of:

    bp.memory.run-until -x address = p:0x0dee41d1b

    or

    bp.memory.break -x address = p:0x0dee41d1b c

    #IAmIntel