A hardware register can be used (called HID2 on PowerPC 601 RISC Microprocessor) to enter KDB when a specified effective address is decoded. The HID2 register holds the effective address, and the HID1 register specifies full branch target address compare and trap to address vector 0x1300 (0x2000 on PowerPC 601 RISC Microprocessor). The btac subcommand can be used to stop when Branch Target Address Compare is true. The cbtac subcommand can be used to clear the last btac subcommand. This subcommand is global to all processors. Each processor can have different addresses specified or cleared using the local subcommands lbtac and lcbtac.
btac [?] [-e | -p | -v] Address
cbtac [?]
lbtac [?] [-e | -p | -v] Address
lcbtac[?]
It is possible to specify whether the address is physical or virtual with -p and -v options. By default KDB chooses the current state of the machine. If the subcommand is entered before VMM initialization, the address is physical (real address), otherwise the address is virtual (effective address).
KDB(7)> btac open set BRAT on open function KDB(7)> btac display current BRAT status CPU 0: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 1: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 2: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 3: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 4: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 5: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 6: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 7: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 KDB(7)> e exit the debugger ... Branch trap: 001B5354 <.open+000000> .sys_call+000000 bcctrl <.open> KDB(5)> btac display current BRAT status CPU 0: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 1: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 2: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 3: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 4: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 5: .open+000000 eaddr=001B5354 vsid=00000000 hit=1 CPU 6: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 7: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 KDB(5)> lbtac close set local BRAT on close function KDB(5)> e exit the debugger ... Branch trap: 001B5354 <.open+000000> .sys_call+000000 bcctrl <.open> KDB(7)> e exit the debugger ... Branch trap: 00197D40 <.close+000000> .sys_call+000000 bcctrl <.close> KDB(5)> e exit the debugger ... Branch trap: 001B5354 <.open+000000> .sys_call+000000 bcctrl <.open> KDB(6)> btac display current BRAT status CPU 0: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 1: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 2: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 3: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 4: .open+000000 eaddr=001B5354 vsid=00000000 hit=0 CPU 5: .close+000000 eaddr=00197D40 vsid=00000000 hit=1 CPU 6: .open+000000 eaddr=001B5354 vsid=00000000 hit=1 CPU 7: .open+000000 eaddr=001B5354 vsid=00000000 hit=1 KDB(6)> cbtac reset all BRAT registers