DEV Community: Václav Hajšman The latest articles on DEV Community by Václav Hajšman (@vhajsman). https://dev.to/vhajsman https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3328845%2F120866f6-4628-4bbc-832f-41f76d1ba778.png DEV Community: Václav Hajšman https://dev.to/vhajsman en Mastering interrupt handling in your kernel Václav Hajšman Wed, 24 Dec 2025 01:02:14 +0000 https://dev.to/vhajsman/mastering-interrupt-handling-in-your-kernel-b5 https://dev.to/vhajsman/mastering-interrupt-handling-in-your-kernel-b5 <p>Building a kernel from scratch is one thing. Mastering its interrupt system is another. In this article, We'll talk about how I designed, implemented, and fine-tuned a full-featured interrupt handling system in my custom kernel, complete with queues, priorities, and statistics collection, all without relying on external multitasking frameworks.</p> <p>The primary goals for the new interrupt handling system were:</p> <ul> <li>Immediate execution of critical ISRs for devices that just can not wait (for example PIT)</li> <li>Flexible queue and prioritization for non-critical ISRs</li> <li>Interrupt-related statistics such as processing time, trigger frequency and drop count.</li> <li>Simple and maintainable interface for registering and handling ISRs.</li> </ul> <h1> The ISR Parameter Block </h1> <p>At the core of the system is the <code>isrpb_t</code> structure - a parameter block for every handler. It stores the statistics, configuration, flags, pointer to handler itself and optional additional context resolution.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">struct</span> <span class="n">kernel_isrpb</span> <span class="p">{</span> <span class="n">ISR</span> <span class="n">handler</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">avgTimeElapsed</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">avgTrigPerSecond</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">maxTimeElapsed</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">minTimeElapsed</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">trigCount</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">trigCountTmp</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">completeCount</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">trigTimestamp</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">droppedCount</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">flags</span><span class="p">;</span> <span class="kt">void</span><span class="o">*</span> <span class="p">(</span><span class="o">*</span><span class="n">additionalContextResolv</span><span class="p">)</span> <span class="p">(</span><span class="k">struct</span> <span class="n">kernel_isrpb</span><span class="o">*</span> <span class="n">param</span><span class="p">);</span> <span class="p">}</span> <span class="n">__attribute__</span><span class="p">((</span><span class="n">packed</span><span class="p">));</span> </code></pre> </div> <p>Using the unified block allows to manage interrupts consistently and extend its capabilities.</p> <h1> Queues and priorities </h1> <p>Non-critical ISRs are enqueued using a FIFO circular buffer keeping the system responsive while respecting priorities. The queue supports 3 priority levels determined based on ISR Parameter Block flags (<code>IsrPriorityHigh</code> and <code>IsrPriorityCrit</code>).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">if</span><span class="p">(</span><span class="n">isr</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">&amp;</span> <span class="n">IsrPriorityCrit</span><span class="p">)</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="k">return</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">&amp;</span> <span class="n">IsrPriorityHigh</span> <span class="o">?</span> <span class="mi">1</span> <span class="o">:</span> <span class="mi">2</span><span class="p">;</span> </code></pre> </div> <p>I also designed a small function that based on queue takes the ISR with the greatest priority.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">isrpb_t</span><span class="o">*</span> <span class="nf">isr_queue_autotake</span><span class="p">()</span> <span class="p">{</span> <span class="k">for</span><span class="p">(</span><span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">priority</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">priority</span> <span class="o">&lt;</span> <span class="mi">3</span><span class="p">;</span> <span class="n">priority</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="n">isrpb_t</span><span class="o">*</span> <span class="n">isr</span> <span class="o">=</span> <span class="n">isr_queue_pop</span><span class="p">(</span><span class="n">priority</span><span class="p">);</span> <span class="k">if</span><span class="p">(</span><span class="n">isr</span><span class="p">)</span> <span class="k">return</span> <span class="n">isr</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nb">NULL</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h1> Dispatching and execution </h1> <p>The dispatch function handles executing ISRs while updating their statistics, such as average execution time and trigger counts, but more on statistics later.</p> <p>Critical ISRs bypass the queue and are executed immediately, this also happens when the queue is empty, so the routine is as short as possible. </p> <p>The system also tracks whether an ISR is currently active by setting <code>IsrActive</code> flag LOW and HIGH and checking it's value to prevent reentrant execution unless explicitly allowed using the <code>IsrReenterant</code> flag.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">isr</span><span class="o">-&gt;</span><span class="n">trigCount</span><span class="o">++</span><span class="p">;</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">trigCountTmp</span><span class="o">++</span><span class="p">;</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">trigTimestamp</span> <span class="o">=</span> <span class="n">pit_get</span><span class="p">();</span> <span class="k">if</span><span class="p">((</span><span class="n">isr</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">&amp;</span> <span class="n">IsrActive</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="p">(</span><span class="n">isr</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">&amp;</span> <span class="n">IsrReentrant</span><span class="p">))</span> <span class="k">return</span><span class="p">;</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">|=</span> <span class="n">IsrActive</span><span class="p">;</span> <span class="n">u32</span> <span class="n">start</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="c1">// do stats only if IsrDoStats and not IsrPriorityCrit</span> <span class="kt">int</span> <span class="n">doStats</span> <span class="o">=</span> <span class="p">(</span><span class="n">isr</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">&amp;</span> <span class="n">IsrDoStats</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="p">(</span><span class="n">isr</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">&amp;</span> <span class="n">IsrPriorityCrit</span><span class="p">);</span> <span class="k">if</span><span class="p">(</span><span class="n">doStats</span><span class="p">)</span> <span class="n">start</span> <span class="o">=</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">trigTimestamp</span><span class="p">;</span> <span class="n">ISR</span> <span class="n">handler</span> <span class="o">=</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">handler</span><span class="p">;</span> <span class="n">handler</span><span class="p">(</span><span class="n">reg</span><span class="p">);</span> <span class="k">if</span><span class="p">(</span><span class="n">doStats</span><span class="p">)</span> <span class="n">isr_doStats</span><span class="p">(</span><span class="n">isr</span><span class="p">,</span> <span class="n">start</span><span class="p">);</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">&amp;=</span> <span class="o">~</span><span class="n">IsrActive</span><span class="p">;</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">completeCount</span><span class="o">++</span><span class="p">;</span> </code></pre> </div> <p>The dispatch logic executes scheduled when the system iterates to the next ISR through the queue or immediately when an interrupt is fired and the queue is empty. Since PIT (Programmable Interrupt Timer) is active, there's always an interrupt.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">void</span> <span class="nf">isr_processQueue</span><span class="p">()</span> <span class="p">{</span> <span class="n">isrpb_t</span><span class="o">*</span> <span class="n">isr</span> <span class="o">=</span> <span class="n">isr_queue_autotake</span><span class="p">();</span> <span class="k">if</span><span class="p">(</span><span class="n">isr</span><span class="p">)</span> <span class="n">isr_dispatch</span><span class="p">(</span><span class="n">isr</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="p">}</span> <span class="kt">void</span> <span class="nf">isr_irqHandler</span><span class="p">(</span><span class="n">REGISTERS</span> <span class="o">*</span><span class="n">reg</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="c1">// run immediatelly if critical or queue empty</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">priority</span> <span class="o">=</span> <span class="n">isr_getPriority</span><span class="p">(</span><span class="n">isr</span><span class="p">);</span> <span class="k">if</span><span class="p">(</span><span class="n">isr_canRunNow</span><span class="p">(</span><span class="n">priority</span><span class="p">))</span> <span class="k">goto</span> <span class="n">skip</span><span class="p">;</span> <span class="n">isr_queue_push</span><span class="p">(</span><span class="n">isr</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="nl">skip:</span> <span class="n">isr_dispatch</span><span class="p">(</span><span class="n">isr</span><span class="p">,</span> <span class="n">reg</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="n">isr_processQueue</span><span class="p">();</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h1> Statistics observation </h1> <p>The next important part was measuring how interrupts actually behave in real-time. For each ISR, the system tracks following statistics (stored in ISR Parameter Block):</p> <ul> <li> <strong>Average, Minimum and Maximum Execution time</strong> - the moving average of processing time in ticks (<code>avgTimeElapsed</code>) and min/max time extremes observed for the ISR (<code>minTimeElapsed</code>, <code>maxTimeElapsed</code>). </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">if</span><span class="p">(</span><span class="n">isr</span><span class="o">-&gt;</span><span class="n">completeCount</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">avgTimeElapsed</span> <span class="o">=</span> <span class="p">((</span><span class="n">isr</span><span class="o">-&gt;</span><span class="n">avgTimeElapsed</span> <span class="o">*</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">completeCount</span><span class="p">)</span> <span class="o">+</span> <span class="n">elapsed</span><span class="p">)</span> <span class="o">/</span> <span class="p">(</span><span class="n">isr</span><span class="o">-&gt;</span><span class="n">completeCount</span> <span class="o">+</span> <span class="mi">1</span><span class="p">);</span> <span class="k">if</span><span class="p">(</span><span class="n">elapsed</span> <span class="o">&gt;</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">maxTimeElapsed</span><span class="p">)</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">maxTimeElapsed</span> <span class="o">=</span> <span class="n">elapsed</span><span class="p">;</span> <span class="k">if</span><span class="p">(</span><span class="n">elapsed</span> <span class="o">&lt;</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">minTimeElapsed</span><span class="p">)</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">minTimeElapsed</span> <span class="o">=</span> <span class="n">elapsed</span><span class="p">;</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">avgTimeElapsed</span> <span class="o">=</span> <span class="n">elapsed</span><span class="p">;</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">minTimeElapsed</span> <span class="o">=</span> <span class="n">elapsed</span><span class="p">;</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">maxTimeElapsed</span> <span class="o">=</span> <span class="n">elapsed</span><span class="p">;</span> </code></pre> </div> <ul> <li> <strong>Trigger count</strong> - how many times the ISR was invoked (<code>trigCount</code>).</li> <li> <strong>Completion count</strong> - how many times the ISR actually finished the execution (<code>completeCount</code>).</li> <li> <strong>Drop count</strong> - how many times the ISR execution was dropped (<code>droppedCount</code>). The ISR drop actually happens when the system is overloaded and the space in queue is no longer sufficient. This statistic is even logged independently on <code>IsrDoStats</code> flag and is being done in <code>isr_queue_push</code> function. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">if</span><span class="p">(</span><span class="n">next</span> <span class="o">==</span> <span class="n">queue</span><span class="o">-&gt;</span><span class="n">head</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// system is overloaded and not capable of any new ISR at the moment.</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">droppedCount</span><span class="o">++</span><span class="p">;</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <ul> <li> <strong>Average trigger frequency</strong> - how many times the ISR was invoked per second in average (<code>avgTrigPerSecond</code>). The <code>trigCountTmp</code> and <code>trigTimestamp</code> fields (parameters) are used for calculation of this statistic. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">if</span><span class="p">(</span><span class="n">elapsed</span> <span class="o">==</span> <span class="mi">0</span><span class="p">)</span> <span class="n">elapsed</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="n">u32</span> <span class="n">tdiff</span> <span class="o">=</span> <span class="n">now</span> <span class="o">-</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">trigTimestamp</span><span class="p">;</span> <span class="k">if</span><span class="p">(</span><span class="n">tdiff</span> <span class="o">&gt;=</span> <span class="n">PIT_FREQUENCY</span><span class="p">)</span> <span class="p">{</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">avgTrigPerSecond</span> <span class="o">=</span> <span class="p">(</span><span class="n">isr</span><span class="o">-&gt;</span><span class="n">trigCountTmp</span> <span class="o">*</span> <span class="n">PIT_FREQUENCY</span><span class="p">)</span> <span class="o">/</span> <span class="n">tdiff</span><span class="p">;</span> <span class="n">isr</span><span class="o">-&gt;</span><span class="n">trigCountTmp</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>These statistics (except the <code>droppedCount</code>) are updated only for non-critical ISRs to avoid skewing by high-frequency timer interrupts, and only if the <code>IsrDoStats</code> flag is set. Critical ISRs (like the PIT), bypass statistics to prevent counter overflow and measurement noise and to allow even better latency.</p> <p>This data provides deep insight into system behavior. You can see which interrupt dominate the CPU time, how often they are triggered, and how effeciently each handler executes.</p> <h1> Putting it all together </h1> <p>Once the queue, dispatch and registration mechanisms were in place, the system ran smoothly. Even althrough i've not implemented the multitasking yet, this design allows the kernel to maintain predictable and measurable behavior and allows easier debugging of device drivers.</p> <h1> IRQ Lookup: an utility for interrupt handling related diagnosis </h1> <p>To better understand and debug interrupt behavior, I implemented an IRQ Lookup utility in the kernel.</p> <h2> ISR listing </h2> <p>Executing the command with no arguments makes the utility iterate through all registered interrupt handlers and prints key information about each ISR in the following format:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>IRQ_BASE+&lt;IRQ no.&gt; -&gt; (Handler address (Base16)) (Handler function symbol name): -&gt; avgTps=X avgTE=X minTE=X maxTE=X, lastTrig=X cc=X tc=X dc=X flags=X </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fok52btmid5q2fbrw1rq1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fok52btmid5q2fbrw1rq1.png" alt=" " width="732" height="247"></a></p> <h2> Detailed summary for ISR specified </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhoaxpuakd0q2v050lpy7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhoaxpuakd0q2v050lpy7.png" alt=" " width="368" height="291"></a></p> <p>Executing the command with <code>--show-irq &lt;IRQ no.&gt;</code> argument generates a detailed summary of what is contained in ISR Parameter Block, that includes:</p> <ul> <li><strong>IRQ. no, handler address and symbol name</strong></li> <li><strong>Additional context resolution function address and symbol name</strong></li> <li> <strong>Stats</strong> <ul> <li><strong>IRQ acknowledge count, ISR complete count, ISR drop count</strong></li> <li><strong>Last timestamp</strong></li> <li><strong>Averge, minimal and maximal time elapsed</strong></li> <li> <strong>Total time elapsed</strong> - this is calculated in time by multiplying an average time (<code>avgTimeElapsed</code>) with acknowledge count (<code>trigCount</code>), giving <code>u64 time_tot</code> </li> <li> <strong>Average frequency</strong> - how many times the interrupt was invoked per second in average</li> <li> <strong>Parameter block flags</strong> - written using their names as strings. </li> </ul> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">const</span> <span class="kt">char</span><span class="o">*</span> <span class="nf">flagName</span><span class="p">(</span><span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">bit</span><span class="p">)</span> <span class="p">{</span> <span class="k">switch</span> <span class="p">(</span><span class="n">bit</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="n">IsrActive</span><span class="p">:</span> <span class="k">return</span> <span class="s">"IsrActive"</span><span class="p">;</span> <span class="c1">// ...</span> <span class="k">case</span> <span class="n">IsrWakeup</span><span class="p">:</span> <span class="k">return</span> <span class="s">"IsrWakeup"</span><span class="p">;</span> <span class="nl">default:</span> <span class="k">return</span> <span class="s">"Unknown"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="n">u64</span> <span class="n">time_tot</span> <span class="o">=</span> <span class="p">((</span><span class="n">p</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">&amp;</span> <span class="n">IsrDoStats</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="p">(</span><span class="n">p</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">&amp;</span> <span class="n">IsrPriorityCrit</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="n">p</span><span class="o">-&gt;</span><span class="n">avgTimeElapsed</span> <span class="o">!=</span> <span class="mi">0</span><span class="p">)</span> <span class="o">?</span> <span class="p">(</span><span class="n">p</span><span class="o">-&gt;</span><span class="n">completeCount</span> <span class="o">*</span> <span class="n">p</span><span class="o">-&gt;</span><span class="n">avgTimeElapsed</span><span class="p">)</span> <span class="o">:</span> <span class="mi">0</span><span class="p">;</span> <span class="kt">int</span> <span class="n">first</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="k">for</span><span class="p">(</span><span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">bit</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="n">bit</span> <span class="o">!=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">bit</span> <span class="o">&lt;&lt;=</span> <span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="n">p</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">&amp;</span> <span class="n">bit</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="n">first</span><span class="p">)</span> <span class="n">callback_stdout</span><span class="p">(</span><span class="s">"</span><span class="se">\n</span><span class="s"> "</span><span class="p">);</span> <span class="n">callback_stdout</span><span class="p">((</span><span class="kt">char</span><span class="o">*</span><span class="p">)</span> <span class="n">flagName</span><span class="p">(</span><span class="n">bit</span><span class="p">));</span> <span class="n">first</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Parameter block flags decode </h2> <p>Executing the command with <code>--decode-flags &lt;Flags integer&gt;</code> argument decodes the flags and outputs them as string in human readable format.</p> <h1> Conclusion </h1> <p>Mastering interrupt handling in kernel is not just about making ISRs run, but it's also about <strong>observing, controlling and prioritizing</strong> them effectively. Implementing a <strong>queue-based priority system</strong> ensures that critical interrupts are serviced immediately while less critical ones wait for their turn, maintaining system stability and predictability.</p> <p>The IRQ Lookup utility complement this design by providing <strong>real-time visibility into the interrupt subsystem</strong>. With these, I cam:</p> <ul> <li>Inspect which ISRs are registered and active.</li> <li>Monitor execution statistics.</li> <li>Verify flags and handler states to ensure correct behavior.</li> </ul> <p>This combination provides both robustness and transparency.</p> osdev kernel interrupt irq Moving forward on stack trace and symbols Václav Hajšman Mon, 07 Jul 2025 18:59:56 +0000 https://dev.to/vhajsman/moving-forward-on-stack-trace-and-symbols-1g4f https://dev.to/vhajsman/moving-forward-on-stack-trace-and-symbols-1g4f <p>In the <a href="https://dev.to/vhajsman/implementing-stack-traces-and-symbol-lookup-in-my-kernel-debugging-without-gdb-5980">last post</a>, we talked about stack, stack trace and symbols, and how to make use of these. I've mentioned that in future i would like to focus on replacing GCC <code>__builtin_return_address()</code> with frame-pointer unwinding and improving symbol lookup performance with binary search. So, lets begin.</p> <h1> What even is frame pointer unwinding </h1> <p>Frame pointer unwinding is a method which can be used to get backtrace (<em>iterate</em> through stack trace). It assumes that every function has stored the frame of previously called function using frame pointer (in our case <code>ebp</code> register, because we're on x86 - or for example <code>rbp</code> on x86_64, <code>fp</code> (aka <code>x29</code>) on AArch64, etc.).</p> <p>This creates a linked list of frames, where each frame points to the one below it (i.e., the caller's frame). That allows us to traverse the call stack in a straightforward way — just by following the chain of saved frame pointers.</p> <p>To prevent compiler from doing optimization, make sure to pass these as CFLAGS: <code>-fno-omit-frame-pointer -fno-optimize-sibling-calls -mno-omit-leaf-frame-pointer</code>. This ensures <code>ebp</code> is kept for each function, including the most optimized ones.</p> <h1> Implementing unwinder </h1> <p>On x86 architecture, the structure of stack frame looks like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>+-------------------+ | address on return | ← saved on `call` +-------------------+ | previous `EBP` | ← stored by function when start +-------------------+ ← `EBP` points here </code></pre> </div> <p>So implementing the structure in C is not even much hard<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">typedef</span> <span class="k">struct</span> <span class="n">kernel_stack_frame</span> <span class="p">{</span> <span class="k">struct</span> <span class="n">kernel_stack_frame</span><span class="o">*</span> <span class="n">ebp</span><span class="p">;</span> <span class="kt">void</span><span class="o">*</span> <span class="n">ret_addr</span><span class="p">;</span> <span class="p">}</span> <span class="n">kernel_stack_frame_t</span><span class="p">;</span> </code></pre> </div> <p>As long as the compiler doesn't optimize this away (using <code>-fomit-frame-pointer</code>), each function:</p> <ol> <li>saves previous value of <code>ebp</code> on stack,</li> <li>sets new value setting value of <code>ebp</code> to current value of <code>esp</code> - this creates the frame,</li> <li>when the function ends, <code>ebp</code> and <code>esp</code> restores to unwind back to the caller.</li> </ol> <p>So now, lets actually code the unwinder.<br> First, you set frame pointer address from <code>ebp</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">kernel_stack_frame_t</span><span class="o">*</span> <span class="n">frame</span><span class="p">;</span> <span class="n">asm</span> <span class="nf">volatile</span><span class="p">(</span><span class="s">"movl %%ebp, %0"</span> <span class="o">:</span> <span class="s">"=r"</span> <span class="p">(</span><span class="n">frame</span><span class="p">));</span> </code></pre> </div> <p>Then, you simply just iterate through these frames, copy current frame's return address and set frame to the next one<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">for</span><span class="p">(</span><span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">maxFrames</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="n">frame</span> <span class="o">==</span> <span class="nb">NULL</span> <span class="o">||</span> <span class="n">frame</span><span class="o">-&gt;</span><span class="n">ebp</span> <span class="o">==</span> <span class="nb">NULL</span><span class="p">)</span> <span class="k">break</span><span class="p">;</span> <span class="n">buffer</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">=</span> <span class="n">frame</span><span class="o">-&gt;</span><span class="n">ret_addr</span><span class="p">;</span> <span class="n">frame</span> <span class="o">=</span> <span class="n">frame</span><span class="o">-&gt;</span><span class="n">ebp</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>And yeah, that's all. The final function should look somehow like this. Easy, right?<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">void</span> <span class="nf">debug_captureStackTrace</span><span class="p">(</span><span class="kt">void</span><span class="o">**</span> <span class="n">buffer</span><span class="p">,</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">maxFrames</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="n">maxFrames</span> <span class="o">==</span> <span class="mi">0</span> <span class="o">||</span> <span class="n">buffer</span> <span class="o">==</span> <span class="nb">NULL</span><span class="p">)</span> <span class="p">{</span> <span class="n">debug_message</span><span class="p">(</span><span class="s">"debug_captureStackTrace(): invalid parameters"</span><span class="p">,</span> <span class="s">"debug"</span><span class="p">,</span> <span class="n">KERNEL_ERROR</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="n">kernel_stack_frame_t</span><span class="o">*</span> <span class="n">frame</span><span class="p">;</span> <span class="c1">// get EBP register value</span> <span class="n">asm</span> <span class="k">volatile</span><span class="p">(</span><span class="s">"movl %%ebp, %0"</span> <span class="o">:</span> <span class="s">"=r"</span> <span class="p">(</span><span class="n">frame</span><span class="p">));</span> <span class="k">for</span><span class="p">(</span><span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">maxFrames</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="n">frame</span> <span class="o">==</span> <span class="nb">NULL</span> <span class="o">||</span> <span class="n">frame</span><span class="o">-&gt;</span><span class="n">ebp</span> <span class="o">==</span> <span class="nb">NULL</span><span class="p">)</span> <span class="k">break</span><span class="p">;</span> <span class="n">buffer</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">=</span> <span class="n">frame</span><span class="o">-&gt;</span><span class="n">ret_addr</span><span class="p">;</span> <span class="n">frame</span> <span class="o">=</span> <span class="n">frame</span><span class="o">-&gt;</span><span class="n">ebp</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h1> Using in debug_dumpStackTrace() </h1> <p>Remember that ugly, goofy, switch based <em>"iterator"</em>? No more of that. In <code>debug_dumpStackTrace()</code>, capture the stack trace to the preallocated buffer and just dump the buffer instead.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">void</span> <span class="nf">debug_dumpStackTrace</span><span class="p">(</span><span class="n">u8</span> <span class="n">depth</span><span class="p">,</span> <span class="kt">void</span> <span class="p">(</span><span class="o">*</span><span class="n">_fn_print</span><span class="p">)(</span><span class="kt">unsigned</span> <span class="kt">char</span><span class="o">*</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="kt">void</span><span class="o">*</span> <span class="n">trace</span><span class="p">[</span><span class="n">depth</span><span class="p">];</span> <span class="n">memset</span><span class="p">(</span><span class="n">trace</span><span class="p">,</span> <span class="mh">0x00</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">trace</span><span class="p">));</span> <span class="n">debug_captureStackTrace</span><span class="p">(</span><span class="n">trace</span><span class="p">,</span> <span class="n">depth</span><span class="p">);</span> <span class="k">for</span><span class="p">(</span><span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">depth</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="kt">void</span><span class="o">*</span> <span class="n">addr</span> <span class="o">=</span> <span class="n">trace</span><span class="p">[</span><span class="n">i</span><span class="p">];</span> <span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="n">addr</span> <span class="o">||</span> <span class="p">(</span><span class="kt">uintptr_t</span><span class="p">)</span> <span class="n">addr</span> <span class="o">&lt;</span> <span class="mh">0x10000</span><span class="p">)</span> <span class="k">break</span><span class="p">;</span> <span class="c1">// ...</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now we can finally remove the <code>get_return_address()</code> function.</p> <h1> Future plans </h1> <ul> <li>Allow mapping source file + line using DWARF or ELF debug info</li> </ul> stacktrace stack debug osdev Implementing stack traces and symbol lookup in my kernel: debugging without GDB Václav Hajšman Sun, 06 Jul 2025 22:52:17 +0000 https://dev.to/vhajsman/implementing-stack-traces-and-symbol-lookup-in-my-kernel-debugging-without-gdb-5980 https://dev.to/vhajsman/implementing-stack-traces-and-symbol-lookup-in-my-kernel-debugging-without-gdb-5980 <p>In this post, i describe how I implemented stack tracing in my hobby operating system kernel — including symbolic address resolution without GDB. Includes code snippets, explanation of pitfalls with __builtin_return_address, and a simple symbol map generator.</p> <h1> What even is stack, stack tracing and symbols? </h1> <h2> Stack </h2> <p>In many programming languages (including C, the one i used), stack is used to <strong>store function return addresses, local variables and context used when calling functions</strong>. It works based on <strong>LIFO</strong> (last-in, first-out) principle, when last called function is the first one to be thrown away.</p> <p>In the context of operating system (hobby kernels especially), you are the one fully responsible for this stack and <strong>you need to implement one at your own</strong>. When something fails, the stack is often a thing which tells you <em>where</em> that happened.</p> <h2> Stack trace </h2> <p><a href="https://wiki.osdev.org/Stack_Trace" rel="noopener noreferrer">Stack trace</a> (or call trace, backtrace) is a <em>list</em> of <strong>symbols and memory addresses</strong>. These addresses tells the developer, how the program (kernel) ended up on the location where it crashed.</p> <p>Typically stack trace is <strong>shown while crash, <a href="https://osdev.wiki/wiki/Kernel_Panic" rel="noopener noreferrer">kernel panic</a></strong> - it might be on the screen, in the runtime logs, debug outputs, etc.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fswb9jtucmt2sd59zz3so.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fswb9jtucmt2sd59zz3so.png" width="460" height="85"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DEBUG: [ FATAL ][Kernel panic] Kernel panic. ... DEBUG: [ FATAL ][Kernel panic] kernel stack trace [trace frame 0x0] 0x1078457: debug_dumpStackTrace [trace frame 0x1] 0x1074140: kernel_panic [trace frame 0x2] 0x1079080: kernel_exit [trace frame 0x3] 0x1061516: _start </code></pre> </div> <p>It is often also present in GNU/Linux kernel panic info:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi7p1zjxb820kz8hay1cg.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi7p1zjxb820kz8hay1cg.jpg" alt="GNU/Linux kernel panic, image from Lukflug (osdev)" width="640" height="478"></a></p> <h2> Symbols </h2> <p>In <em>translated</em> binary executable (for example <code>kernel.elf</code> - in my case, <code>krnl.tmp.elf</code>), a memory address is assigned for each function. The problem is, <strong>the address itself (<code>0x1074140</code>) does not tell you much - this is when symbols take place</strong>. They help mapping memory addresses to function names.</p> <p>It is <strong>common to throw away symbols while binary optimization</strong> or stripping, but it is still possible to <strong>generate them during build process and use them later</strong> in order to translate memory addresses to function names even without the debugger. But more on that later.</p> <h1> How i implemented stacktrace </h1> <p>In early kernel, you have no GDB, no debug symbols in runtime, no <code>backtrace</code> or <code>libunwind</code>. If stacktrace is needed, you need to pull it out bare hands, using GCC builting function <code>__builtin_return_address()</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/* #define __wrap_return_address(x) \ ((x) &gt;= 0 &amp;&amp; (x) &lt; 16 ? __builtin_return_address(x) : NULL) </code></pre> </div> <p>As you can see, i wrapped the <em>function call</em> in the wrapper, because:</p> <ol> <li>i can always replace <code>__builtin_result_address</code> with something else, if needed (and possible),</li> <li>the macro i used is designed to prevent overflows while passing the <code>x</code> parameter</li> </ol> <h2> But how do you dump it? </h2> <p>Reading stack trace is useless if you can't use it somehow. And the way you can use the most of it (and probably the most understandable way and only way you want to) is to dump it somehow in order to debug your kernel.</p> <p>There is simple way to do it, just iterate through it until you reach the end or the maximum depth you wanted to, right?<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">for</span><span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&gt;</span> <span class="n">depth</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="kt">void</span><span class="o">*</span> <span class="n">addr</span> <span class="o">=</span> <span class="n">__wrap_return_address</span><span class="p">(</span><span class="n">i</span><span class="p">);</span> <span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="n">addr</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="o">/</span> <span class="p">...</span> <span class="p">}</span> </code></pre> </div> <p>It makes sense, but the problem is the <code>__builtin_return_address</code> is actually not a function, but a macros on the compiler level (<em>intrinsics</em>) and the values of their <em>call parameters</em> are needed to be known at the time of compilation, so:</p> <ul> <li>GCC can replace their result statically (this is called "<em>constant folding</em>")</li> <li>GCC can optimize the code</li> <li>GCC can eliminate branches and decide the data type</li> </ul> <p>The way you can overcome the intrinsics is probably using the <code>switch</code> statement and checking for every number from zero to maximum. I know, it looks goofy and bad, and no one wants that in their code - because of this, i plan replacing it with <a href="https://wiki.osdev.org/Stack_Trace" rel="noopener noreferrer">Frame pointer-based unwinding</a> sometime in the future.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">void</span><span class="o">*</span> <span class="nf">get_return_address</span><span class="p">(</span><span class="kt">int</span> <span class="n">i</span><span class="p">)</span> <span class="p">{</span> <span class="k">switch</span><span class="p">(</span><span class="n">i</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="mi">0</span><span class="p">:</span> <span class="k">return</span> <span class="n">__builtin_return_address</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="k">case</span> <span class="mi">1</span><span class="p">:</span> <span class="k">return</span> <span class="n">__builtin_return_address</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="c1">// ...</span> <span class="k">case</span> <span class="mi">15</span><span class="p">:</span> <span class="k">return</span> <span class="n">__builtin_return_address</span><span class="p">(</span><span class="mi">15</span><span class="p">);</span> <span class="nl">default:</span> <span class="k">return</span> <span class="nb">NULL</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="cm">/** * @brief Dumps stack trace * * @param depth how many addresses to dump * @param _fn_print pointer to function that is used as print */</span> <span class="kt">void</span> <span class="nf">debug_dumpStackTrace</span><span class="p">(</span><span class="n">u8</span> <span class="n">depth</span><span class="p">,</span> <span class="kt">void</span> <span class="p">(</span><span class="o">*</span><span class="n">_fn_print</span><span class="p">)(</span><span class="kt">unsigned</span> <span class="kt">char</span><span class="o">*</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="k">for</span><span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">depth</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="kt">void</span><span class="o">*</span> <span class="n">addr</span> <span class="o">=</span> <span class="n">get_return_address</span><span class="p">(</span><span class="n">i</span><span class="p">);</span> <span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="n">addr</span> <span class="o">||</span> <span class="p">(</span><span class="kt">uintptr_t</span><span class="p">)</span> <span class="n">addr</span> <span class="o">&lt;</span> <span class="mh">0x10000</span><span class="p">)</span> <span class="k">break</span><span class="p">;</span> <span class="c1">// ...</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Update your linker script </h2> <p>When trying to build, i have experienced an linkage error saying something like the program can't reach <code>__builtin_return_address</code> function, or is not executable. To fix this, i needed to add this to the end of <code>SECTIONS</code> list of my linker script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>.note.GNU-stack : { KEEP(*(.note.GNU-stack)) } </code></pre> </div> <h1> Symbols, converting addresses to names </h1> <p>As mentioned, without symbols, <code>0x1074140</code> in dump does not make much sense. This is why i decided to generate custom symbol map from linker outputs and use it in runtime.</p> <h2> Converting the addresses </h2> <p>After kernel compilation, i generate symbol map using <code>nm</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ld <span class="nt">-T</span> config/linker.ld <span class="nt">-o</span> build/bin/krnl.tmp.elf <span class="si">$(</span>find build/obj <span class="nt">-name</span> <span class="s2">"*.o"</span> <span class="nt">-type</span> f<span class="si">)</span> <span class="se">\</span> <span class="nt">-m</span> elf_i386 <span class="nt">-nostdlib</span> nm <span class="nt">-n</span> build/bin/krnl.tmp.elf <span class="o">&gt;</span> build/kernel.map </code></pre> </div> <p>Then, i use <code>awk</code>, <code>cat</code>, and <code>echo</code> to convert this symbol map to an array in C.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat </span>build/kernel.map | <span class="nb">awk</span> <span class="s1">'$2 == "T" { printf(" { 0x%s, \"%s\" },\n", $1, $3); }'</span> <span class="o">&gt;</span> src/kernel/core/kernel.sym.entries <span class="nb">echo</span> <span class="s1">'#include "kernel/core/symbols.h"'</span> <span class="o">&gt;</span> src/kernel/core/kernel.sym.c <span class="nb">echo</span> <span class="s1">'symbol_t kernel_symbols[] = {'</span> <span class="o">&gt;&gt;</span> src/kernel/core/kernel.sym.c <span class="nb">cat </span>src/kernel/core/kernel.sym.entries <span class="o">&gt;&gt;</span> src/kernel/core/kernel.sym.c <span class="nb">echo</span> <span class="s1">'};'</span> <span class="o">&gt;&gt;</span> src/kernel/core/kernel.sym.c <span class="nb">echo</span> <span class="s1">'size_t kernel_symbol_count = sizeof(kernel_symbols) / sizeof(kernel_symbols[0]);'</span> <span class="o">&gt;&gt;</span> src/kernel/core/kernel.sym.c gcc <span class="nt">-I</span> src <span class="nt">-m32</span> <span class="nt">-std</span><span class="o">=</span>gnu99 <span class="nt">-ffreestanding</span> <span class="nt">-c</span> src/kernel/core/kernel.sym.c <span class="nt">-o</span> build/obj/kernel/core/kernel.sym.c.o </code></pre> </div> <p>This results in C code which is pasted into the kernel using the script above.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">typedef</span> <span class="k">struct</span> <span class="p">{</span> <span class="kt">uintptr_t</span> <span class="n">addr</span><span class="p">;</span> <span class="k">const</span> <span class="kt">char</span><span class="o">*</span> <span class="n">name</span><span class="p">;</span> <span class="p">}</span> <span class="n">symbol_t</span><span class="p">;</span> <span class="cp">#include</span> <span class="cpf">"kernel/core/symbols.h"</span><span class="cp"> </span><span class="n">symbol_t</span> <span class="n">kernel_symbols</span><span class="p">[]</span> <span class="o">=</span> <span class="p">{</span> <span class="p">{</span> <span class="mh">0x00100000</span><span class="p">,</span> <span class="s">"__code"</span> <span class="p">},</span> <span class="p">{</span> <span class="mh">0x00100000</span><span class="p">,</span> <span class="s">"_code"</span> <span class="p">},</span> <span class="p">{</span> <span class="mh">0x00100000</span><span class="p">,</span> <span class="s">"code"</span> <span class="p">},</span> <span class="p">{</span> <span class="mh">0x00100000</span><span class="p">,</span> <span class="s">"__kernel_text_section_start"</span> <span class="p">},</span> <span class="c1">// ...</span> <span class="p">};</span> <span class="kt">size_t</span> <span class="n">kernel_symbol_count</span> <span class="o">=</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">kernel_symbols</span><span class="p">)</span> <span class="o">/</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">kernel_symbols</span><span class="p">[</span><span class="mi">0</span><span class="p">]);</span> </code></pre> </div> <p>After this, i can proceed to generate the image the way i always used to.</p> <h2> Symbol lookup </h2> <p>After building a symbol map and translating it into C array, making of <code>debug_lookup</code> function is quite easy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">const</span> <span class="kt">char</span><span class="o">*</span> <span class="nf">debug_lookup</span><span class="p">(</span><span class="kt">uintptr_t</span> <span class="n">addr</span><span class="p">)</span> <span class="p">{</span> <span class="k">const</span> <span class="kt">char</span><span class="o">*</span> <span class="n">best_match</span> <span class="o">=</span> <span class="s">"??"</span><span class="p">;</span> <span class="kt">uintptr_t</span> <span class="n">best_addr</span> <span class="o">=</span> <span class="mh">0x00000000</span><span class="p">;</span> <span class="k">for</span><span class="p">(</span><span class="kt">size_t</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">kernel_symbol_count</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="n">kernel_symbols</span><span class="p">[</span><span class="n">i</span><span class="p">].</span><span class="n">addr</span> <span class="o">&lt;=</span> <span class="n">addr</span> <span class="o">&amp;&amp;</span> <span class="n">kernel_symbols</span><span class="p">[</span><span class="n">i</span><span class="p">].</span><span class="n">addr</span> <span class="o">&gt;=</span> <span class="n">best_addr</span><span class="p">)</span> <span class="p">{</span> <span class="n">best_addr</span> <span class="o">=</span> <span class="n">kernel_symbols</span><span class="p">[</span><span class="n">i</span><span class="p">].</span><span class="n">addr</span><span class="p">;</span> <span class="n">best_match</span> <span class="o">=</span> <span class="n">kernel_symbols</span><span class="p">[</span><span class="n">i</span><span class="p">].</span><span class="n">name</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="n">best_match</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>This function takes an address of a function, looks up to the <em>symbol map</em> and returns function name, or <code>??</code> if nothing is found.</p> <p>Lets make some use of it. Remember me saying that stack trace dump is useless if we don't know what the functions are, but addresses? Lets update the <code>debug_dumpStackTrace()</code> function to dump not only the addresses, but function names next to them.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">void</span> <span class="nf">debug_dumpStackTrace</span><span class="p">(</span><span class="n">u8</span> <span class="n">depth</span><span class="p">,</span> <span class="kt">void</span> <span class="p">(</span><span class="o">*</span><span class="n">_fn_print</span><span class="p">)(</span><span class="kt">unsigned</span> <span class="kt">char</span><span class="o">*</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="k">for</span><span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">depth</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="n">_fn_print</span><span class="p">((</span><span class="kt">unsigned</span> <span class="kt">char</span><span class="o">*</span><span class="p">)</span> <span class="s">" [trace frame 0x"</span><span class="p">);</span> <span class="n">_fn_print</span><span class="p">((</span><span class="kt">unsigned</span> <span class="kt">char</span><span class="o">*</span><span class="p">)</span> <span class="n">i_string</span><span class="p">);</span> <span class="n">_fn_print</span><span class="p">((</span><span class="kt">unsigned</span> <span class="kt">char</span><span class="o">*</span><span class="p">)</span> <span class="s">"] 0x"</span><span class="p">);</span> <span class="n">_fn_print</span><span class="p">((</span><span class="kt">unsigned</span> <span class="kt">char</span><span class="o">*</span><span class="p">)</span> <span class="n">addr_string</span><span class="p">);</span> <span class="n">_fn_print</span><span class="p">(</span><span class="s">": "</span><span class="p">);</span> <span class="n">_fn_print</span><span class="p">((</span><span class="kt">unsigned</span> <span class="kt">char</span><span class="o">*</span><span class="p">)</span> <span class="n">debug_lookup</span><span class="p">((</span><span class="kt">uintptr_t</span><span class="p">)</span> <span class="n">addr</span><span class="p">));</span> <span class="n">_fn_print</span><span class="p">((</span><span class="kt">unsigned</span> <span class="kt">char</span><span class="o">*</span><span class="p">)</span> <span class="s">"</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h1> Enhacing the kernel panic dump with stack trace dump with function names </h1> <p>I already had kernel panic callback implemented, so the only thing to worry about was calling a function to dump stack trace<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cp">#ifndef __KERNEL_PANIC_STACK_TRACE_DEPTH #define __KERNEL_PANIC_STACK_TRACE_DEPTH 10 #endif </span> <span class="kt">void</span> <span class="nf">kernel_panic</span><span class="p">(</span><span class="n">REGISTERS</span><span class="o">*</span> <span class="n">reg</span><span class="p">,</span> <span class="kt">signed</span> <span class="kt">int</span> <span class="n">exception</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="c1">// --- stack trace ---</span> <span class="n">debug_message</span><span class="p">(</span><span class="s">"kernel stack trace</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="s">"Kernel panic"</span><span class="p">,</span> <span class="n">KERNEL_FATAL</span><span class="p">);</span> <span class="kt">void</span> <span class="n">_print</span><span class="p">(</span><span class="kt">unsigned</span> <span class="kt">char</span><span class="o">*</span> <span class="n">data</span><span class="p">)</span> <span class="p">{</span> <span class="n">puts</span><span class="p">(</span><span class="n">data</span><span class="p">);</span> <span class="n">debug_append</span><span class="p">(</span><span class="n">data</span><span class="p">);</span> <span class="p">}</span> <span class="n">puts</span><span class="p">(</span><span class="s">"</span><span class="se">\n</span><span class="s">KERNEL STACK TRACE:</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span> <span class="n">debug_dumpStackTrace</span><span class="p">(</span><span class="n">__KERNEL_PANIC_STACK_TRACE_DEPTH</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">_print</span><span class="p">);</span> <span class="c1">// ...</span> <span class="p">}</span> </code></pre> </div> <p>Now we have beautiful and useful info dump.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fswb9jtucmt2sd59zz3so.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fswb9jtucmt2sd59zz3so.png" width="460" height="85"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DEBUG: [ FATAL ][Kernel panic] Kernel panic. ... DEBUG: [ FATAL ][Kernel panic] kernel stack trace [trace frame 0x0] 0x1078457: debug_dumpStackTrace [trace frame 0x1] 0x1074140: kernel_panic [trace frame 0x2] 0x1079080: kernel_exit [trace frame 0x3] 0x1061516: _start </code></pre> </div> <h1> Future plans </h1> <ul> <li>Replace <code>__builtin_return_address()</code> with frame pointer unwinding</li> <li>Improve symbol lookup performance using binary search</li> <li>Allow mapping source file + line using DWARF or ELF debug info</li> </ul> stacktrace stack debug osdev kmalloc() bugfix Václav Hajšman Sun, 06 Jul 2025 19:06:30 +0000 https://dev.to/vhajsman/kmalloc-bugfix-491b https://dev.to/vhajsman/kmalloc-bugfix-491b <p>Yesterday, after a huge amount of time, after a lot of trying, i was able to finally fix a bug in <code>kmalloc</code> function of my <a href="https://github.com/vhajsman/os" rel="noopener noreferrer">kernel</a>.</p> <p>The <a href="https://github.com/vhajsman/os/blob/b37a1f1dd6c4868065f31d57ab8d40281c91cf6b/src/kernel/core/memory/kmalloc.c#L82" rel="noopener noreferrer"><code>kmalloc</code> function</a> in kernel is a function responsible for locating a block of size specified, marking it as used and returning it's address.</p> <h1> What caused the bug and how the bug was fixed </h1> <p>The bug was that the address was stored in a <code>result</code> variable and instead of its value, its address was returned In a summary: A classic beginner mistake - when instead of <code>addr</code>, the function returns <code>&amp;addr</code>.</p> <p>This caused the function to not only return an invalid address, but always the same value, which i simply did not notice for a long amount of time.</p> <p>Also a refactor has been done, removing the potentionaly useless functions, separating a long functions into separate files and focusing a bit more on safe code.</p> <h1> The proof of bug fix </h1> <p>As seen in debug logs, attempting of allocation of 8 memory blocks of size 8 bytes results in success and returns different address each time.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>./qemu.sh cat serial.log | grep "malloc(8)" DEBUG: [ *** ][kmalloc] malloc(8) = 0x1323024 DEBUG: [ *** ][kmalloc] malloc(8) = 0x1318928 ... DEBUG: [ *** ][kmalloc] malloc(8) = 0x1294352 </code></pre> </div> kernel osdev malloc c