Debugging CodeSafe 5 SEE machines

SEE machine logging

SEE machine logs capture any stdout and stderr from the container. This can be used to capture log messages from the IPC daemon or SEElib library, or from the SEE machine’s own logging framework.

If automatic configuration is used via [codesafe] section in config or via the hsc_codesafe, logging in the SEE machine is enabled by default (unless explicitly disabled), in which case retrieving and clearing the logs are the only applicable commands below.

The following SEE logging-related commands are supported by the csadmin utility.

config log set enabled

The config log set enabled command should be issued before the start command. It uses the following format:

/opt/nfast/bin/csadmin config set log enabled -u <SEE-machine-UUID> --esn <host-ESN>

  • <SEE-machine-UUID> is the UUID of the SEE machine created by the load command.

  • <host-ESN> is the ESN of the HSM hosting the SEE Machine.

For example:

/opt/nfast/bin/csadmin config set log enabled -u fedcba09-8765-4321-1234-567890abcdef --esn FEDC-BA09-8765

When successful, the command returns with no error.

config log set disabled

The config log set disabled command should be issued while the SEE machine is not running. It uses the following format:

/opt/nfast/bin/csadmin config set log disabled -u <SEE-machine-UUID> --esn <host-ESN>

  • <SEE-machine-UUID> is the UUID of the SEE machine created by the load command.

  • <host-ESN> is the ESN of the HSM hosting the SEE Machine.

For example:

/opt/nfast/bin/csadmin config set log disabled -u fedcba09-8765-4321-1234-567890abcdef --esn FEDC-BA09-8765

When successful, the command returns with no error.

log get

The get command returns the current SEE log contents, if any. It uses the following format:

/opt/nfast/bin/csadmin log get -u <SEE-machine-UUID>

<SEE-machine-UUID> is the UUID of the SEE machine created by the load command.

For example:

/opt/nfast/bin/csadmin log get -u fedcba09-8765-4321-1234-567890abcdef
FEDC-BA09-8765        SUCCESS
Success: Started ipcdaemon

log clear

The clear command deletes the current SEE log file if present. It uses the following format:

/opt/nfast/bin/csadmin log clear -u <SEE-machine-UUID>

<SEE-machine-UUID> is the UUID of the SEE machine created by the load command.

For example:

/opt/nfast/bin/csadmin log clear -u fedcba09-8765-4321-1234-567890abcdef
FEDC-BA09-8765        SUCCESS
log: log cleared

Crash Reporter

If the CodeSafe 5 application links against the seelib.a library, an in-process crash reporter will be registered for various termination and crash signals before main().

If the application receives one of the handled signals, a crash report will be written to the SEE log, like the below:

SEE MACHINE CRASH: SIGSEGV (Invalid memory reference)
        Sending process PID: 0
        Sending process UID: 0
        Fault address: 0xcafecafecafecafe
        SEGV_MAPERR: Address not mapped to object.
  crashing.c: 298 --  -- some_crashing_function
  main.c: 56 --  -- main
Segmentation fault

In order to obtain a useful crash backtrace, the SEE machine should be built with debugging symbols at least at -g1 level and not have the symbols stripped from the binary.