Debugging CodeSafe 5 SEE machines
SEE machine logging
SEE machine logs capture any stdout and stderr from the container. This can be used to capture log messages from the IPC daemon or SEElib library, or from the SEE machine’s own logging framework.
If automatic configuration is used via [codesafe]
section in config
or via the hsc_codesafe
, logging in the SEE machine is enabled by default (unless explicitly disabled), in which case retrieving and clearing the logs are the only applicable commands below.
The following SEE logging-related commands are supported by the csadmin
utility.
config log set enabled
The config log set enabled
command should be issued before the start
command.
It uses the following format:
/opt/nfast/bin/csadmin config set log enabled -u <SEE-machine-UUID> --esn <host-ESN>
-
<SEE-machine-UUID>
is the UUID of the SEE machine created by the load command. -
<host-ESN>
is the ESN of the HSM hosting the SEE Machine.
For example:
/opt/nfast/bin/csadmin config set log enabled -u fedcba09-8765-4321-1234-567890abcdef --esn FEDC-BA09-8765
When successful, the command returns with no error.
config log set disabled
The config log set disabled
command should be issued while the SEE machine is not running.
It uses the following format:
/opt/nfast/bin/csadmin config set log disabled -u <SEE-machine-UUID> --esn <host-ESN>
-
<SEE-machine-UUID>
is the UUID of the SEE machine created by the load command. -
<host-ESN>
is the ESN of the HSM hosting the SEE Machine.
For example:
/opt/nfast/bin/csadmin config set log disabled -u fedcba09-8765-4321-1234-567890abcdef --esn FEDC-BA09-8765
When successful, the command returns with no error.
log get
The get
command returns the current SEE log contents, if any.
It uses the following format:
/opt/nfast/bin/csadmin log get -u <SEE-machine-UUID>
<SEE-machine-UUID>
is the UUID of the SEE machine created by the load command.
For example:
/opt/nfast/bin/csadmin log get -u fedcba09-8765-4321-1234-567890abcdef
FEDC-BA09-8765 SUCCESS
Success: Started ipcdaemon
log clear
The clear
command deletes the current SEE log file if present.
It uses the following format:
/opt/nfast/bin/csadmin log clear -u <SEE-machine-UUID>
<SEE-machine-UUID>
is the UUID of the SEE machine created by the load command.
For example:
/opt/nfast/bin/csadmin log clear -u fedcba09-8765-4321-1234-567890abcdef
FEDC-BA09-8765 SUCCESS
log: log cleared
Crash Reporter
If the CodeSafe 5 application links against the seelib.a
library, an in-process crash reporter will be registered for various termination and crash signals before main()
.
If the application receives one of the handled signals, a crash report will be written to the SEE log, like the below:
SEE MACHINE CRASH: SIGSEGV (Invalid memory reference)
Sending process PID: 0
Sending process UID: 0
Fault address: 0xcafecafecafecafe
SEGV_MAPERR: Address not mapped to object.
crashing.c: 298 -- -- some_crashing_function
main.c: 56 -- -- main
Segmentation fault
In order to obtain a useful crash backtrace, the SEE machine should be built with debugging symbols at least at -g1
level and not have the symbols stripped from the binary.