问题描述
有很多页面对此进行了解释,但我找不到它.我发现许多文章仅适用于El Capitan和较旧的系统.
There are lots of pages that explain it but I can't find it. Many of the articles I find only work on El Capitan and older systems.
我现在没有使用fwkpfv,因为我没有正确的加密狗.我的客户给我买了一台支持Firewire的二手MacBook.
I cannot use the fwkpfv right now as I don't have the right dongles. My client is getting me a used MacBook that will support firewire.
我的内核扩展恐慌了我的盒子.奇怪的是,如果我的同事构建了我的扩展程序,它就可以正常工作.我仍然感到困惑.
My kernel extension panics my box. Quite oddly if my coworker builds my extension, it works just fine. I remain flummoxed.
推荐答案
您可以使用命令获取实时"本地内核日志
You can get "live" local kernel logs using the command
log stream --process 0
要查看过去的日志,请改用log show
,例如:
For looking at past logs, use log show
instead, e.g.:
log show --predicate 'processID == 0' --last 1h | less
但是,由于日志记录是在用户空间中异步进行的,因此,它们都不会对内核崩溃有很大帮助.
None of that will help you much with kernel panics, however, as the logging happens asynchronously in user space, so you won't get the very last messages before the panic.
在没有火线的情况下调试KP的其他一些选项,您可能已经知道了,但出于完整性考虑,我会提及它们:
A few more options for debugging KPs without firewire, which you're probably already aware of but I'll mention them for completeness' sake:
- 基于以太网的内核调试(与火线相反).仅测试设备需要有线/雷电以太网,运行调试器的Mac可以在wifi上.
- 您通常可以从panic日志本身中提取很多信息:除了符号化堆栈(使用
keepsyms=1
boot-arg以便不必追溯)之外,还要查看寄存器的内容和反汇编通常可以告诉您变量的值. - 如果您缺少Apple代码的堆栈跟踪部分,请运行调试或开发内核,而不是发行版.那些构建时启用的优化较少,因此不太可能内联函数等.
- 您可以在内核中打开大量的内存调试和其他诊断选项,例如
-zp
,-zc
等. - 如果可以在VM(VMWare Fusion,Parallels,VirtualBox,KVM/Qemu等)中恢复崩溃,则可以使用VM的模拟串行端口记录kprintf输出.如果正确设置虚拟以太网端口,它们也倾向于支持内核调试.
- Ethernet-based kernel debugging (as opposed to firewire). Only the test device needs wired/thunderbolt ethernet, the Mac running the debugger can be on wifi.
- You can often extract quite a lot of info from the panic log itself: in addition to symbolicating the stack (use
keepsyms=1
boot-arg so you don't have to do it retroactively), looking at the register contents and disassembly can often tell you the values of variables. - If you're missing parts of Apple's code the stack trace, run a debug or development kernel instead of the release one. Those are built with fewer optimisations enabled, so functions are less likely to be inlined, etc.
- There are a bunch of memory debugging and other diagnostic options you can turn on in the kernel, e.g.
-zp
,-zc
and so on. - If you can repro the crash in a VM (VMWare Fusion, Parallels, VirtualBox, KVM/Qemu, whatever), you can use the VM's simulated serial port to log kprintf output. The virtual ethernet ports also tend to support kernel debugging if you set them up right.
这篇关于Sierra上的kprintf(内核printf)日志在哪里?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!