usr/src/lib/libc_db/common/thread_db.c

root/usr/src/lib/libc_db/common/thread_db.c
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
 * Copyright 2023 Oxide Computer Company
 */

#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <unistd.h>
#include <thr_uberdata.h>
#include <thread_db.h>
#include <libc_int.h>

/*
 * Private structures.
 */

typedef union {
        mutex_t         lock;
        rwlock_t        rwlock;
        sema_t          semaphore;
        cond_t          condition;
} td_so_un_t;

struct td_thragent {
        rwlock_t        rwlock;
        struct ps_prochandle *ph_p;
        int             initialized;
        int             sync_tracking;
        int             model;
        int             primary_map;
        psaddr_t        bootstrap_addr;
        psaddr_t        uberdata_addr;
        psaddr_t        tdb_eventmask_addr;
        psaddr_t        tdb_register_sync_addr;
        psaddr_t        tdb_events[TD_MAX_EVENT_NUM - TD_MIN_EVENT_NUM + 1];
        psaddr_t        hash_table_addr;
        int             hash_size;
        lwpid_t         single_lwpid;
        psaddr_t        single_ulwp_addr;
};

/*
 * This is the name of the variable in libc that contains
 * the uberdata address that we will need.
 */
#define TD_BOOTSTRAP_NAME       "_tdb_bootstrap"
/*
 * This is the actual name of uberdata, used in the event
 * that tdb_bootstrap has not yet been initialized.
 */
#define TD_UBERDATA_NAME        "_uberdata"
/*
 * The library name should end with ".so.1", but older versions of
 * dbx expect the unadorned name and malfunction if ".1" is specified.
 * Unfortunately, if ".1" is not specified, mdb malfunctions when it
 * is applied to another instance of itself (due to the presence of
 * /usr/lib/mdb/proc/libc.so).  So we try it both ways.
 */
#define TD_LIBRARY_NAME         "libc.so"
#define TD_LIBRARY_NAME_1       "libc.so.1"

td_err_e __td_thr_get_info(td_thrhandle_t *th_p, td_thrinfo_t *ti_p);

td_err_e __td_ta_thr_iter(td_thragent_t *ta_p, td_thr_iter_f *cb,
        void *cbdata_p, td_thr_state_e state, int ti_pri,
        sigset_t *ti_sigmask_p, unsigned ti_user_flags);

/*
 * Initialize threads debugging interface.
 */
#pragma weak td_init = __td_init
td_err_e
__td_init()
{
        return (TD_OK);
}

/*
 * This function does nothing, and never did.
 * But the symbol is in the ABI, so we can't delete it.
 */
#pragma weak td_log = __td_log
void
__td_log()
{
}

/*
 * Short-cut to read just the hash table size from the process,
 * to avoid repeatedly reading the full uberdata structure when
 * dealing with a single-threaded process.
 */
static uint_t
td_read_hash_size(td_thragent_t *ta_p)
{
        psaddr_t addr;
        uint_t hash_size;

        switch (ta_p->initialized) {
        default:        /* uninitialized */
                return (0);
        case 1:         /* partially initialized */
                break;
        case 2:         /* fully initialized */
                return (ta_p->hash_size);
        }

        if (ta_p->model == PR_MODEL_NATIVE) {
                addr = ta_p->uberdata_addr + offsetof(uberdata_t, hash_size);
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                addr = ta_p->uberdata_addr + offsetof(uberdata32_t, hash_size);
#else
                addr = 0;
#endif
        }
        if (ps_pdread(ta_p->ph_p, addr, &hash_size, sizeof (hash_size))
            != PS_OK)
                return (0);
        return (hash_size);
}

static td_err_e
td_read_uberdata(td_thragent_t *ta_p)
{
        struct ps_prochandle *ph_p = ta_p->ph_p;
        int i;

        if (ta_p->model == PR_MODEL_NATIVE) {
                uberdata_t uberdata;

                if (ps_pdread(ph_p, ta_p->uberdata_addr,
                    &uberdata, sizeof (uberdata)) != PS_OK)
                        return (TD_DBERR);
                ta_p->primary_map = uberdata.primary_map;
                ta_p->tdb_eventmask_addr = ta_p->uberdata_addr +
                    offsetof(uberdata_t, tdb.tdb_ev_global_mask);
                ta_p->tdb_register_sync_addr = ta_p->uberdata_addr +
                    offsetof(uberdata_t, uberflags.uf_tdb_register_sync);
                ta_p->hash_table_addr = (psaddr_t)uberdata.thr_hash_table;
                ta_p->hash_size = uberdata.hash_size;
                if (ps_pdread(ph_p, (psaddr_t)uberdata.tdb.tdb_events,
                    ta_p->tdb_events, sizeof (ta_p->tdb_events)) != PS_OK)
                        return (TD_DBERR);
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                uberdata32_t uberdata;
                caddr32_t tdb_events[TD_MAX_EVENT_NUM - TD_MIN_EVENT_NUM + 1];

                if (ps_pdread(ph_p, ta_p->uberdata_addr,
                    &uberdata, sizeof (uberdata)) != PS_OK)
                        return (TD_DBERR);
                ta_p->primary_map = uberdata.primary_map;
                ta_p->tdb_eventmask_addr = ta_p->uberdata_addr +
                    offsetof(uberdata32_t, tdb.tdb_ev_global_mask);
                ta_p->tdb_register_sync_addr = ta_p->uberdata_addr +
                    offsetof(uberdata32_t, uberflags.uf_tdb_register_sync);
                ta_p->hash_table_addr = (psaddr_t)uberdata.thr_hash_table;
                ta_p->hash_size = uberdata.hash_size;
                if (ps_pdread(ph_p, (psaddr_t)uberdata.tdb.tdb_events,
                    tdb_events, sizeof (tdb_events)) != PS_OK)
                        return (TD_DBERR);
                for (i = 0; i < TD_MAX_EVENT_NUM - TD_MIN_EVENT_NUM + 1; i++)
                        ta_p->tdb_events[i] = tdb_events[i];
#else
                return (TD_DBERR);
#endif
        }

        /*
         * Unfortunately, we are (implicitly) assuming that our uberdata
         * definition precisely matches that of our target.  If this is not
         * true (that is, if we're examining a core file from a foreign
         * system that has a different definition of uberdata), the failure
         * modes can be frustratingly non-explicit.  In an effort to catch
         * this upon initialization (when the debugger may still be able to
         * opt for another thread model or may be able to fail explicitly), we
         * check that each of our tdb_events points to valid memory (these are
         * putatively text upon which a breakpoint can be issued), with the
         * hope that this is enough of a self-consistency check to lead to
         * explicit failure on a mismatch.
         */
        for (i = 0; i < TD_MAX_EVENT_NUM - TD_MIN_EVENT_NUM + 1; i++) {
                uint8_t check;

                if (ps_pdread(ph_p, (psaddr_t)ta_p->tdb_events[i],
                    &check, sizeof (check)) != PS_OK) {
                        return (TD_DBERR);
                }
        }

        if (ta_p->hash_size != 1) {     /* multi-threaded */
                ta_p->initialized = 2;
                ta_p->single_lwpid = 0;
                ta_p->single_ulwp_addr = 0;
        } else {                        /* single-threaded */
                ta_p->initialized = 1;
                /*
                 * Get the address and lwpid of the single thread/LWP.
                 * It may not be ulwp_one if this is a child of fork1().
                 */
                if (ta_p->model == PR_MODEL_NATIVE) {
                        thr_hash_table_t head;
                        lwpid_t lwpid = 0;

                        if (ps_pdread(ph_p, ta_p->hash_table_addr,
                            &head, sizeof (head)) != PS_OK)
                                return (TD_DBERR);
                        if ((psaddr_t)head.hash_bucket == 0)
                                ta_p->initialized = 0;
                        else if (ps_pdread(ph_p, (psaddr_t)head.hash_bucket +
                            offsetof(ulwp_t, ul_lwpid),
                            &lwpid, sizeof (lwpid)) != PS_OK)
                                return (TD_DBERR);
                        ta_p->single_lwpid = lwpid;
                        ta_p->single_ulwp_addr = (psaddr_t)head.hash_bucket;
                } else {
#if defined(_LP64) && defined(_SYSCALL32)
                        thr_hash_table32_t head;
                        lwpid_t lwpid = 0;

                        if (ps_pdread(ph_p, ta_p->hash_table_addr,
                            &head, sizeof (head)) != PS_OK)
                                return (TD_DBERR);
                        if ((psaddr_t)head.hash_bucket == 0)
                                ta_p->initialized = 0;
                        else if (ps_pdread(ph_p, (psaddr_t)head.hash_bucket +
                            offsetof(ulwp32_t, ul_lwpid),
                            &lwpid, sizeof (lwpid)) != PS_OK)
                                return (TD_DBERR);
                        ta_p->single_lwpid = lwpid;
                        ta_p->single_ulwp_addr = (psaddr_t)head.hash_bucket;
#else
                        return (TD_DBERR);
#endif
                }
        }
        if (!ta_p->primary_map)
                ta_p->initialized = 0;
        return (TD_OK);
}

static td_err_e
td_read_bootstrap_data(td_thragent_t *ta_p)
{
        struct ps_prochandle *ph_p = ta_p->ph_p;
        psaddr_t bootstrap_addr;
        psaddr_t uberdata_addr;
        ps_err_e db_return;
        td_err_e return_val;
        int do_1;

        switch (ta_p->initialized) {
        case 2:                 /* fully initialized */
                return (TD_OK);
        case 1:                 /* partially initialized */
                if (td_read_hash_size(ta_p) == 1)
                        return (TD_OK);
                return (td_read_uberdata(ta_p));
        }

        /*
         * Uninitialized -- do the startup work.
         * We set ta_p->initialized to -1 to cut off recursive calls
         * into libc_db by code in the provider of ps_pglobal_lookup().
         */
        do_1 = 0;
        ta_p->initialized = -1;
        db_return = ps_pglobal_lookup(ph_p, TD_LIBRARY_NAME,
            TD_BOOTSTRAP_NAME, &bootstrap_addr);
        if (db_return == PS_NOSYM) {
                do_1 = 1;
                db_return = ps_pglobal_lookup(ph_p, TD_LIBRARY_NAME_1,
                    TD_BOOTSTRAP_NAME, &bootstrap_addr);
        }
        if (db_return == PS_NOSYM)      /* libc is not linked yet */
                return (TD_NOLIBTHREAD);
        if (db_return != PS_OK)
                return (TD_ERR);
        db_return = ps_pglobal_lookup(ph_p,
            do_1? TD_LIBRARY_NAME_1 : TD_LIBRARY_NAME,
            TD_UBERDATA_NAME, &uberdata_addr);
        if (db_return == PS_NOSYM)      /* libc is not linked yet */
                return (TD_NOLIBTHREAD);
        if (db_return != PS_OK)
                return (TD_ERR);

        /*
         * Read the uberdata address into the thread agent structure.
         */
        if (ta_p->model == PR_MODEL_NATIVE) {
                psaddr_t psaddr;
                if (ps_pdread(ph_p, bootstrap_addr,
                    &psaddr, sizeof (psaddr)) != PS_OK)
                        return (TD_DBERR);
                if ((ta_p->bootstrap_addr = psaddr) == 0)
                        psaddr = uberdata_addr;
                else if (ps_pdread(ph_p, psaddr,
                    &psaddr, sizeof (psaddr)) != PS_OK)
                        return (TD_DBERR);
                if (psaddr == 0) {
                        /* primary linkmap in the tgt is not initialized */
                        ta_p->bootstrap_addr = 0;
                        psaddr = uberdata_addr;
                }
                ta_p->uberdata_addr = psaddr;
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                caddr32_t psaddr;
                if (ps_pdread(ph_p, bootstrap_addr,
                    &psaddr, sizeof (psaddr)) != PS_OK)
                        return (TD_DBERR);
                if ((ta_p->bootstrap_addr = (psaddr_t)psaddr) == 0)
                        psaddr = (caddr32_t)uberdata_addr;
                else if (ps_pdread(ph_p, (psaddr_t)psaddr,
                    &psaddr, sizeof (psaddr)) != PS_OK)
                        return (TD_DBERR);
                if (psaddr == 0) {
                        /* primary linkmap in the tgt is not initialized */
                        ta_p->bootstrap_addr = 0;
                        psaddr = (caddr32_t)uberdata_addr;
                }
                ta_p->uberdata_addr = (psaddr_t)psaddr;
#else
                return (TD_DBERR);
#endif  /* _SYSCALL32 */
        }

        if ((return_val = td_read_uberdata(ta_p)) != TD_OK)
                return (return_val);
        if (ta_p->bootstrap_addr == 0)
                ta_p->initialized = 0;
        return (TD_OK);
}

#pragma weak ps_kill
#pragma weak ps_lrolltoaddr

/*
 * Allocate a new agent process handle ("thread agent").
 */
#pragma weak td_ta_new = __td_ta_new
td_err_e
__td_ta_new(struct ps_prochandle *ph_p, td_thragent_t **ta_pp)
{
        td_thragent_t *ta_p;
        int model;
        td_err_e return_val = TD_OK;

        if (ph_p == NULL)
                return (TD_BADPH);
        if (ta_pp == NULL)
                return (TD_ERR);
        *ta_pp = NULL;
        if (ps_pstop(ph_p) != PS_OK)
                return (TD_DBERR);
        /*
         * ps_pdmodel might not be defined if this is an older client.
         * Make it a weak symbol and test if it exists before calling.
         */
#pragma weak ps_pdmodel
        if (ps_pdmodel == NULL) {
                model = PR_MODEL_NATIVE;
        } else if (ps_pdmodel(ph_p, &model) != PS_OK) {
                (void) ps_pcontinue(ph_p);
                return (TD_ERR);
        }
        if ((ta_p = malloc(sizeof (*ta_p))) == NULL) {
                (void) ps_pcontinue(ph_p);
                return (TD_MALLOC);
        }

        /*
         * Initialize the agent process handle.
         * Pick up the symbol value we need from the target process.
         */
        (void) memset(ta_p, 0, sizeof (*ta_p));
        ta_p->ph_p = ph_p;
        (void) rwlock_init(&ta_p->rwlock, USYNC_THREAD, NULL);
        ta_p->model = model;
        return_val = td_read_bootstrap_data(ta_p);

        /*
         * Because the old libthread_db enabled lock tracking by default,
         * we must also do it.  However, we do it only if the application
         * provides the ps_kill() and ps_lrolltoaddr() interfaces.
         * (dbx provides the ps_kill() and ps_lrolltoaddr() interfaces.)
         */
        if (return_val == TD_OK && ps_kill != NULL && ps_lrolltoaddr != NULL) {
                register_sync_t oldenable;
                register_sync_t enable = REGISTER_SYNC_ENABLE;
                psaddr_t psaddr = ta_p->tdb_register_sync_addr;

                if (ps_pdread(ph_p, psaddr,
                    &oldenable, sizeof (oldenable)) != PS_OK)
                        return_val = TD_DBERR;
                else if (oldenable != REGISTER_SYNC_OFF ||
                    ps_pdwrite(ph_p, psaddr,
                    &enable, sizeof (enable)) != PS_OK) {
                        /*
                         * Lock tracking was already enabled or we
                         * failed to enable it, probably because we
                         * are examining a core file.  In either case
                         * set the sync_tracking flag non-zero to
                         * indicate that we should not attempt to
                         * disable lock tracking when we delete the
                         * agent process handle in td_ta_delete().
                         */
                        ta_p->sync_tracking = 1;
                }
        }

        if (return_val == TD_OK)
                *ta_pp = ta_p;
        else
                free(ta_p);

        (void) ps_pcontinue(ph_p);
        return (return_val);
}

/*
 * Utility function to grab the readers lock and return the prochandle,
 * given an agent process handle.  Performs standard error checking.
 * Returns non-NULL with the lock held, or NULL with the lock not held.
 */
static struct ps_prochandle *
ph_lock_ta(td_thragent_t *ta_p, td_err_e *err)
{
        struct ps_prochandle *ph_p = NULL;
        td_err_e error;

        if (ta_p == NULL || ta_p->initialized == -1) {
                *err = TD_BADTA;
        } else if (rw_rdlock(&ta_p->rwlock) != 0) {     /* can't happen? */
                *err = TD_BADTA;
        } else if ((ph_p = ta_p->ph_p) == NULL) {
                (void) rw_unlock(&ta_p->rwlock);
                *err = TD_BADPH;
        } else if (ta_p->initialized != 2 &&
            (error = td_read_bootstrap_data(ta_p)) != TD_OK) {
                (void) rw_unlock(&ta_p->rwlock);
                ph_p = NULL;
                *err = error;
        } else {
                *err = TD_OK;
        }

        return (ph_p);
}

/*
 * Utility function to grab the readers lock and return the prochandle,
 * given an agent thread handle.  Performs standard error checking.
 * Returns non-NULL with the lock held, or NULL with the lock not held.
 */
static struct ps_prochandle *
ph_lock_th(const td_thrhandle_t *th_p, td_err_e *err)
{
        if (th_p == NULL || th_p->th_unique == 0) {
                *err = TD_BADTH;
                return (NULL);
        }
        return (ph_lock_ta(th_p->th_ta_p, err));
}

/*
 * Utility function to grab the readers lock and return the prochandle,
 * given a synchronization object handle.  Performs standard error checking.
 * Returns non-NULL with the lock held, or NULL with the lock not held.
 */
static struct ps_prochandle *
ph_lock_sh(const td_synchandle_t *sh_p, td_err_e *err)
{
        if (sh_p == NULL || sh_p->sh_unique == 0) {
                *err = TD_BADSH;
                return (NULL);
        }
        return (ph_lock_ta(sh_p->sh_ta_p, err));
}

/*
 * Unlock the agent process handle obtained from ph_lock_*().
 */
static void
ph_unlock(td_thragent_t *ta_p)
{
        (void) rw_unlock(&ta_p->rwlock);
}

/*
 * De-allocate an agent process handle,
 * releasing all related resources.
 *
 * XXX -- This is hopelessly broken ---
 * Storage for thread agent is not deallocated.  The prochandle
 * in the thread agent is set to NULL so that future uses of
 * the thread agent can be detected and an error value returned.
 * All functions in the external user interface that make
 * use of the thread agent are expected
 * to check for a NULL prochandle in the thread agent.
 * All such functions are also expected to obtain a
 * reader lock on the thread agent while it is using it.
 */
#pragma weak td_ta_delete = __td_ta_delete
td_err_e
__td_ta_delete(td_thragent_t *ta_p)
{
        struct ps_prochandle *ph_p;

        /*
         * This is the only place we grab the writer lock.
         * We are going to NULL out the prochandle.
         */
        if (ta_p == NULL || rw_wrlock(&ta_p->rwlock) != 0)
                return (TD_BADTA);
        if ((ph_p = ta_p->ph_p) == NULL) {
                (void) rw_unlock(&ta_p->rwlock);
                return (TD_BADPH);
        }
        /*
         * If synch. tracking was disabled when td_ta_new() was called and
         * if td_ta_sync_tracking_enable() was never called, then disable
         * synch. tracking (it was enabled by default in td_ta_new()).
         */
        if (ta_p->sync_tracking == 0 &&
            ps_kill != NULL && ps_lrolltoaddr != NULL) {
                register_sync_t enable = REGISTER_SYNC_DISABLE;

                (void) ps_pdwrite(ph_p, ta_p->tdb_register_sync_addr,
                    &enable, sizeof (enable));
        }
        ta_p->ph_p = NULL;
        (void) rw_unlock(&ta_p->rwlock);
        return (TD_OK);
}

/*
 * Map an agent process handle to a client prochandle.
 * Currently unused by dbx.
 */
#pragma weak td_ta_get_ph = __td_ta_get_ph
td_err_e
__td_ta_get_ph(td_thragent_t *ta_p, struct ps_prochandle **ph_pp)
{
        td_err_e return_val;

        if (ph_pp != NULL)      /* protect stupid callers */
                *ph_pp = NULL;
        if (ph_pp == NULL)
                return (TD_ERR);
        if ((*ph_pp = ph_lock_ta(ta_p, &return_val)) == NULL)
                return (return_val);
        ph_unlock(ta_p);
        return (TD_OK);
}

/*
 * Set the process's suggested concurrency level.
 * This is a no-op in a one-level model.
 * Currently unused by dbx.
 */
#pragma weak td_ta_setconcurrency = __td_ta_setconcurrency
/* ARGSUSED1 */
td_err_e
__td_ta_setconcurrency(const td_thragent_t *ta_p, int level)
{
        if (ta_p == NULL)
                return (TD_BADTA);
        if (ta_p->ph_p == NULL)
                return (TD_BADPH);
        return (TD_OK);
}

/*
 * Get the number of threads in the process.
 */
#pragma weak td_ta_get_nthreads = __td_ta_get_nthreads
td_err_e
__td_ta_get_nthreads(td_thragent_t *ta_p, int *nthread_p)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;
        int nthreads;
        int nzombies;
        psaddr_t nthreads_addr;
        psaddr_t nzombies_addr;

        if (ta_p->model == PR_MODEL_NATIVE) {
                nthreads_addr = ta_p->uberdata_addr +
                    offsetof(uberdata_t, nthreads);
                nzombies_addr = ta_p->uberdata_addr +
                    offsetof(uberdata_t, nzombies);
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                nthreads_addr = ta_p->uberdata_addr +
                    offsetof(uberdata32_t, nthreads);
                nzombies_addr = ta_p->uberdata_addr +
                    offsetof(uberdata32_t, nzombies);
#else
                nthreads_addr = 0;
                nzombies_addr = 0;
#endif  /* _SYSCALL32 */
        }

        if (nthread_p == NULL)
                return (TD_ERR);
        if ((ph_p = ph_lock_ta(ta_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pdread(ph_p, nthreads_addr, &nthreads, sizeof (int)) != PS_OK)
                return_val = TD_DBERR;
        if (ps_pdread(ph_p, nzombies_addr, &nzombies, sizeof (int)) != PS_OK)
                return_val = TD_DBERR;
        ph_unlock(ta_p);
        if (return_val == TD_OK)
                *nthread_p = nthreads + nzombies;
        return (return_val);
}

typedef struct {
        thread_t        tid;
        int             found;
        td_thrhandle_t  th;
} td_mapper_param_t;

/*
 * Check the value in data against the thread id.
 * If it matches, return 1 to terminate iterations.
 * This function is used by td_ta_map_id2thr() to map a tid to a thread handle.
 */
static int
td_mapper_id2thr(td_thrhandle_t *th_p, td_mapper_param_t *data)
{
        td_thrinfo_t ti;

        if (__td_thr_get_info(th_p, &ti) == TD_OK &&
            data->tid == ti.ti_tid) {
                data->found = 1;
                data->th = *th_p;
                return (1);
        }
        return (0);
}

/*
 * Given a thread identifier, return the corresponding thread handle.
 */
#pragma weak td_ta_map_id2thr = __td_ta_map_id2thr
td_err_e
__td_ta_map_id2thr(td_thragent_t *ta_p, thread_t tid,
    td_thrhandle_t *th_p)
{
        td_err_e                return_val;
        td_mapper_param_t       data;

        if (th_p != NULL &&     /* optimize for a single thread */
            ta_p != NULL &&
            ta_p->initialized == 1 &&
            (td_read_hash_size(ta_p) == 1 ||
            td_read_uberdata(ta_p) == TD_OK) &&
            ta_p->initialized == 1 &&
            ta_p->single_lwpid == tid) {
                th_p->th_ta_p = ta_p;
                if ((th_p->th_unique = ta_p->single_ulwp_addr) == 0)
                        return (TD_NOTHR);
                return (TD_OK);
        }

        /*
         * LOCKING EXCEPTION - Locking is not required here because
         * the locking and checking will be done in __td_ta_thr_iter.
         */

        if (ta_p == NULL)
                return (TD_BADTA);
        if (th_p == NULL)
                return (TD_BADTH);
        if (tid == 0)
                return (TD_NOTHR);

        data.tid = tid;
        data.found = 0;
        return_val = __td_ta_thr_iter(ta_p,
            (td_thr_iter_f *)td_mapper_id2thr, (void *)&data,
            TD_THR_ANY_STATE, TD_THR_LOWEST_PRIORITY,
            TD_SIGNO_MASK, TD_THR_ANY_USER_FLAGS);
        if (return_val == TD_OK) {
                if (data.found == 0)
                        return_val = TD_NOTHR;
                else
                        *th_p = data.th;
        }

        return (return_val);
}

/*
 * Map the address of a synchronization object to a sync. object handle.
 */
#pragma weak td_ta_map_addr2sync = __td_ta_map_addr2sync
td_err_e
__td_ta_map_addr2sync(td_thragent_t *ta_p, psaddr_t addr, td_synchandle_t *sh_p)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;
        uint16_t sync_magic;

        if (sh_p == NULL)
                return (TD_BADSH);
        if (addr == 0)
                return (TD_ERR);
        if ((ph_p = ph_lock_ta(ta_p, &return_val)) == NULL)
                return (return_val);
        /*
         * Check the magic number of the sync. object to make sure it's valid.
         * The magic number is at the same offset for all sync. objects.
         */
        if (ps_pdread(ph_p, (psaddr_t)&((mutex_t *)addr)->mutex_magic,
            &sync_magic, sizeof (sync_magic)) != PS_OK) {
                ph_unlock(ta_p);
                return (TD_BADSH);
        }
        ph_unlock(ta_p);
        if (sync_magic != MUTEX_MAGIC && sync_magic != COND_MAGIC &&
            sync_magic != SEMA_MAGIC && sync_magic != RWL_MAGIC)
                return (TD_BADSH);
        /*
         * Just fill in the appropriate fields of the sync. handle.
         */
        sh_p->sh_ta_p = (td_thragent_t *)ta_p;
        sh_p->sh_unique = addr;
        return (TD_OK);
}

/*
 * Iterate over the set of global TSD keys.
 * The call back function is called with three arguments,
 * a key, a pointer to the destructor function, and the cbdata pointer.
 * Currently unused by dbx.
 */
#pragma weak td_ta_tsd_iter = __td_ta_tsd_iter
td_err_e
__td_ta_tsd_iter(td_thragent_t *ta_p, td_key_iter_f *cb, void *cbdata_p)
{
        struct ps_prochandle *ph_p;
        td_err_e        return_val;
        int             key;
        int             numkeys;
        psaddr_t        dest_addr;
        psaddr_t        *destructors = NULL;
        PFrV            destructor;

        if (cb == NULL)
                return (TD_ERR);
        if ((ph_p = ph_lock_ta(ta_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(ta_p);
                return (TD_DBERR);
        }

        if (ta_p->model == PR_MODEL_NATIVE) {
                tsd_metadata_t tsdm;

                if (ps_pdread(ph_p,
                    ta_p->uberdata_addr + offsetof(uberdata_t, tsd_metadata),
                    &tsdm, sizeof (tsdm)) != PS_OK)
                        return_val = TD_DBERR;
                else {
                        numkeys = tsdm.tsdm_nused;
                        dest_addr = (psaddr_t)tsdm.tsdm_destro;
                        if (numkeys > 0)
                                destructors =
                                    malloc(numkeys * sizeof (psaddr_t));
                }
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                tsd_metadata32_t tsdm;

                if (ps_pdread(ph_p,
                    ta_p->uberdata_addr + offsetof(uberdata32_t, tsd_metadata),
                    &tsdm, sizeof (tsdm)) != PS_OK)
                        return_val = TD_DBERR;
                else {
                        numkeys = tsdm.tsdm_nused;
                        dest_addr = (psaddr_t)tsdm.tsdm_destro;
                        if (numkeys > 0)
                                destructors =
                                    malloc(numkeys * sizeof (caddr32_t));
                }
#else
                return_val = TD_DBERR;
#endif  /* _SYSCALL32 */
        }

        if (return_val != TD_OK || numkeys <= 0) {
                (void) ps_pcontinue(ph_p);
                ph_unlock(ta_p);
                return (return_val);
        }

        if (destructors == NULL)
                return_val = TD_MALLOC;
        else if (ta_p->model == PR_MODEL_NATIVE) {
                if (ps_pdread(ph_p, dest_addr,
                    destructors, numkeys * sizeof (psaddr_t)) != PS_OK)
                        return_val = TD_DBERR;
                else {
                        for (key = 1; key < numkeys; key++) {
                                destructor = (PFrV)destructors[key];
                                if (destructor != TSD_UNALLOCATED &&
                                    (*cb)(key, destructor, cbdata_p))
                                        break;
                        }
                }
#if defined(_LP64) && defined(_SYSCALL32)
        } else {
                caddr32_t *destructors32 = (caddr32_t *)destructors;
                caddr32_t destruct32;

                if (ps_pdread(ph_p, dest_addr,
                    destructors32, numkeys * sizeof (caddr32_t)) != PS_OK)
                        return_val = TD_DBERR;
                else {
                        for (key = 1; key < numkeys; key++) {
                                destruct32 = destructors32[key];
                                if ((destruct32 !=
                                    (caddr32_t)(uintptr_t)TSD_UNALLOCATED) &&
                                    (*cb)(key, (PFrV)(uintptr_t)destruct32,
                                    cbdata_p))
                                        break;
                        }
                }
#endif  /* _SYSCALL32 */
        }

        if (destructors)
                free(destructors);
        (void) ps_pcontinue(ph_p);
        ph_unlock(ta_p);
        return (return_val);
}

int
sigequalset(const sigset_t *s1, const sigset_t *s2)
{
        return (
            s1->__sigbits[0] == s2->__sigbits[0] &&
            s1->__sigbits[1] == s2->__sigbits[1] &&
            s1->__sigbits[2] == s2->__sigbits[2] &&
            s1->__sigbits[3] == s2->__sigbits[3]);
}

/*
 * Description:
 *   Iterate over all threads. For each thread call
 * the function pointed to by "cb" with a pointer
 * to a thread handle, and a pointer to data which
 * can be NULL. Only call td_thr_iter_f() on threads
 * which match the properties of state, ti_pri,
 * ti_sigmask_p, and ti_user_flags.  If cb returns
 * a non-zero value, terminate iterations.
 *
 * Input:
 *   *ta_p - thread agent
 *   *cb - call back function defined by user.
 * td_thr_iter_f() takes a thread handle and
 * cbdata_p as a parameter.
 *   cbdata_p - parameter for td_thr_iter_f().
 *
 *   state - state of threads of interest.  A value of
 * TD_THR_ANY_STATE from enum td_thr_state_e
 * does not restrict iterations by state.
 *   ti_pri - lower bound of priorities of threads of
 * interest.  A value of TD_THR_LOWEST_PRIORITY
 * defined in thread_db.h does not restrict
 * iterations by priority.  A thread with priority
 * less than ti_pri will NOT be passed to the callback
 * function.
 *   ti_sigmask_p - signal mask of threads of interest.
 * A value of TD_SIGNO_MASK defined in thread_db.h
 * does not restrict iterations by signal mask.
 *   ti_user_flags - user flags of threads of interest.  A
 * value of TD_THR_ANY_USER_FLAGS defined in thread_db.h
 * does not restrict iterations by user flags.
 */
#pragma weak td_ta_thr_iter = __td_ta_thr_iter
td_err_e
__td_ta_thr_iter(td_thragent_t *ta_p, td_thr_iter_f *cb,
    void *cbdata_p, td_thr_state_e state, int ti_pri,
    sigset_t *ti_sigmask_p, unsigned ti_user_flags)
{
        struct ps_prochandle *ph_p;
        psaddr_t        first_lwp_addr;
        psaddr_t        first_zombie_addr;
        psaddr_t        curr_lwp_addr;
        psaddr_t        next_lwp_addr;
        td_thrhandle_t  th;
        ps_err_e        db_return;
        ps_err_e        db_return2;
        td_err_e        return_val;

        if (cb == NULL)
                return (TD_ERR);
        /*
         * If state is not within bound, short circuit.
         */
        if (state < TD_THR_ANY_STATE || state > TD_THR_STOPPED_ASLEEP)
                return (TD_OK);

        if ((ph_p = ph_lock_ta(ta_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(ta_p);
                return (TD_DBERR);
        }

        /*
         * For each ulwp_t in the circular linked lists pointed
         * to by "all_lwps" and "all_zombies":
         * (1) Filter each thread.
         * (2) Create the thread_object for each thread that passes.
         * (3) Call the call back function on each thread.
         */

        if (ta_p->model == PR_MODEL_NATIVE) {
                db_return = ps_pdread(ph_p,
                    ta_p->uberdata_addr + offsetof(uberdata_t, all_lwps),
                    &first_lwp_addr, sizeof (first_lwp_addr));
                db_return2 = ps_pdread(ph_p,
                    ta_p->uberdata_addr + offsetof(uberdata_t, all_zombies),
                    &first_zombie_addr, sizeof (first_zombie_addr));
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                caddr32_t addr32;

                db_return = ps_pdread(ph_p,
                    ta_p->uberdata_addr + offsetof(uberdata32_t, all_lwps),
                    &addr32, sizeof (addr32));
                first_lwp_addr = addr32;
                db_return2 = ps_pdread(ph_p,
                    ta_p->uberdata_addr + offsetof(uberdata32_t, all_zombies),
                    &addr32, sizeof (addr32));
                first_zombie_addr = addr32;
#else   /* _SYSCALL32 */
                db_return = PS_ERR;
                db_return2 = PS_ERR;
#endif  /* _SYSCALL32 */
        }
        if (db_return == PS_OK)
                db_return = db_return2;

        /*
         * If first_lwp_addr and first_zombie_addr are both NULL,
         * libc must not yet be initialized or all threads have
         * exited.  Return TD_NOTHR and all will be well.
         */
        if (db_return == PS_OK &&
            first_lwp_addr == 0 && first_zombie_addr == 0) {
                (void) ps_pcontinue(ph_p);
                ph_unlock(ta_p);
                return (TD_NOTHR);
        }
        if (db_return != PS_OK) {
                (void) ps_pcontinue(ph_p);
                ph_unlock(ta_p);
                return (TD_DBERR);
        }

        /*
         * Run down the lists of all living and dead lwps.
         */
        if (first_lwp_addr == 0)
                first_lwp_addr = first_zombie_addr;
        curr_lwp_addr = first_lwp_addr;
        for (;;) {
                td_thr_state_e ts_state;
                int userpri;
                unsigned userflags;
                sigset_t mask;

                /*
                 * Read the ulwp struct.
                 */
                if (ta_p->model == PR_MODEL_NATIVE) {
                        ulwp_t ulwp;

                        if (ps_pdread(ph_p, curr_lwp_addr,
                            &ulwp, sizeof (ulwp)) != PS_OK &&
                            ((void) memset(&ulwp, 0, sizeof (ulwp)),
                            ps_pdread(ph_p, curr_lwp_addr,
                            &ulwp, REPLACEMENT_SIZE)) != PS_OK) {
                                return_val = TD_DBERR;
                                break;
                        }
                        next_lwp_addr = (psaddr_t)ulwp.ul_forw;

                        ts_state = ulwp.ul_dead? TD_THR_ZOMBIE :
                            ulwp.ul_stop? TD_THR_STOPPED :
                            ulwp.ul_wchan? TD_THR_SLEEP :
                            TD_THR_ACTIVE;
                        userpri = ulwp.ul_pri;
                        userflags = ulwp.ul_usropts;
                        if (ulwp.ul_dead)
                                (void) sigemptyset(&mask);
                        else
                                mask = *(sigset_t *)&ulwp.ul_sigmask;
                } else {
#if defined(_LP64) && defined(_SYSCALL32)
                        ulwp32_t ulwp;

                        if (ps_pdread(ph_p, curr_lwp_addr,
                            &ulwp, sizeof (ulwp)) != PS_OK &&
                            ((void) memset(&ulwp, 0, sizeof (ulwp)),
                            ps_pdread(ph_p, curr_lwp_addr,
                            &ulwp, REPLACEMENT_SIZE32)) != PS_OK) {
                                return_val = TD_DBERR;
                                break;
                        }
                        next_lwp_addr = (psaddr_t)ulwp.ul_forw;

                        ts_state = ulwp.ul_dead? TD_THR_ZOMBIE :
                            ulwp.ul_stop? TD_THR_STOPPED :
                            ulwp.ul_wchan? TD_THR_SLEEP :
                            TD_THR_ACTIVE;
                        userpri = ulwp.ul_pri;
                        userflags = ulwp.ul_usropts;
                        if (ulwp.ul_dead)
                                (void) sigemptyset(&mask);
                        else
                                mask = *(sigset_t *)&ulwp.ul_sigmask;
#else   /* _SYSCALL32 */
                        return_val = TD_ERR;
                        break;
#endif  /* _SYSCALL32 */
                }

                /*
                 * Filter on state, priority, sigmask, and user flags.
                 */

                if ((state != ts_state) &&
                    (state != TD_THR_ANY_STATE))
                        goto advance;

                if (ti_pri > userpri)
                        goto advance;

                if (ti_sigmask_p != TD_SIGNO_MASK &&
                    !sigequalset(ti_sigmask_p, &mask))
                        goto advance;

                if (ti_user_flags != userflags &&
                    ti_user_flags != (unsigned)TD_THR_ANY_USER_FLAGS)
                        goto advance;

                /*
                 * Call back - break if the return
                 * from the call back is non-zero.
                 */
                th.th_ta_p = (td_thragent_t *)ta_p;
                th.th_unique = curr_lwp_addr;
                if ((*cb)(&th, cbdata_p))
                        break;

advance:
                if ((curr_lwp_addr = next_lwp_addr) == first_lwp_addr) {
                        /*
                         * Switch to the zombie list, unless it is NULL
                         * or we have already been doing the zombie list,
                         * in which case terminate the loop.
                         */
                        if (first_zombie_addr == 0 ||
                            first_lwp_addr == first_zombie_addr)
                                break;
                        curr_lwp_addr = first_lwp_addr = first_zombie_addr;
                }
        }

        (void) ps_pcontinue(ph_p);
        ph_unlock(ta_p);
        return (return_val);
}

/*
 * Enable or disable process synchronization object tracking.
 * Currently unused by dbx.
 */
#pragma weak td_ta_sync_tracking_enable = __td_ta_sync_tracking_enable
td_err_e
__td_ta_sync_tracking_enable(td_thragent_t *ta_p, int onoff)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;
        register_sync_t enable;

        if ((ph_p = ph_lock_ta(ta_p, &return_val)) == NULL)
                return (return_val);
        /*
         * Values of tdb_register_sync in the victim process:
         *      REGISTER_SYNC_ENABLE    enables registration of synch objects
         *      REGISTER_SYNC_DISABLE   disables registration of synch objects
         * These cause the table to be cleared and tdb_register_sync set to:
         *      REGISTER_SYNC_ON        registration in effect
         *      REGISTER_SYNC_OFF       registration not in effect
         */
        enable = onoff? REGISTER_SYNC_ENABLE : REGISTER_SYNC_DISABLE;
        if (ps_pdwrite(ph_p, ta_p->tdb_register_sync_addr,
            &enable, sizeof (enable)) != PS_OK)
                return_val = TD_DBERR;
        /*
         * Remember that this interface was called (see td_ta_delete()).
         */
        ta_p->sync_tracking = 1;
        ph_unlock(ta_p);
        return (return_val);
}

/*
 * Iterate over all known synchronization variables.
 * It is very possible that the list generated is incomplete,
 * because the iterator can only find synchronization variables
 * that have been registered by the process since synchronization
 * object registration was enabled.
 * The call back function cb is called for each synchronization
 * variable with two arguments: a pointer to the synchronization
 * handle and the passed-in argument cbdata.
 * If cb returns a non-zero value, iterations are terminated.
 */
#pragma weak td_ta_sync_iter = __td_ta_sync_iter
td_err_e
__td_ta_sync_iter(td_thragent_t *ta_p, td_sync_iter_f *cb, void *cbdata)
{
        struct ps_prochandle *ph_p;
        td_err_e        return_val;
        int             i;
        register_sync_t enable;
        psaddr_t        next_desc;
        tdb_sync_stats_t sync_stats;
        td_synchandle_t synchandle;
        psaddr_t        psaddr;
        void            *vaddr;
        uint64_t        *sync_addr_hash = NULL;

        if (cb == NULL)
                return (TD_ERR);
        if ((ph_p = ph_lock_ta(ta_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(ta_p);
                return (TD_DBERR);
        }
        if (ps_pdread(ph_p, ta_p->tdb_register_sync_addr,
            &enable, sizeof (enable)) != PS_OK) {
                return_val = TD_DBERR;
                goto out;
        }
        if (enable != REGISTER_SYNC_ON)
                goto out;

        /*
         * First read the hash table.
         * The hash table is large; allocate with mmap().
         */
        if ((vaddr = mmap(NULL, TDB_HASH_SIZE * sizeof (uint64_t),
            PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, (off_t)0))
            == MAP_FAILED) {
                return_val = TD_MALLOC;
                goto out;
        }
        sync_addr_hash = vaddr;

        if (ta_p->model == PR_MODEL_NATIVE) {
                if (ps_pdread(ph_p, ta_p->uberdata_addr +
                    offsetof(uberdata_t, tdb.tdb_sync_addr_hash),
                    &psaddr, sizeof (&psaddr)) != PS_OK) {
                        return_val = TD_DBERR;
                        goto out;
                }
        } else {
#ifdef  _SYSCALL32
                caddr32_t addr;

                if (ps_pdread(ph_p, ta_p->uberdata_addr +
                    offsetof(uberdata32_t, tdb.tdb_sync_addr_hash),
                    &addr, sizeof (addr)) != PS_OK) {
                        return_val = TD_DBERR;
                        goto out;
                }
                psaddr = addr;
#else
                return_val = TD_ERR;
                goto out;
#endif /* _SYSCALL32 */
        }

        if (psaddr == 0)
                goto out;
        if (ps_pdread(ph_p, psaddr, sync_addr_hash,
            TDB_HASH_SIZE * sizeof (uint64_t)) != PS_OK) {
                return_val = TD_DBERR;
                goto out;
        }

        /*
         * Now scan the hash table.
         */
        for (i = 0; i < TDB_HASH_SIZE; i++) {
                for (next_desc = (psaddr_t)sync_addr_hash[i];
                    next_desc != 0;
                    next_desc = (psaddr_t)sync_stats.next) {
                        if (ps_pdread(ph_p, next_desc,
                            &sync_stats, sizeof (sync_stats)) != PS_OK) {
                                return_val = TD_DBERR;
                                goto out;
                        }
                        if (sync_stats.un.type == TDB_NONE) {
                                /* not registered since registration enabled */
                                continue;
                        }
                        synchandle.sh_ta_p = ta_p;
                        synchandle.sh_unique = (psaddr_t)sync_stats.sync_addr;
                        if ((*cb)(&synchandle, cbdata) != 0)
                                goto out;
                }
        }

out:
        if (sync_addr_hash != NULL)
                (void) munmap((void *)sync_addr_hash,
                    TDB_HASH_SIZE * sizeof (uint64_t));
        (void) ps_pcontinue(ph_p);
        ph_unlock(ta_p);
        return (return_val);
}

/*
 * Enable process statistics collection.
 */
#pragma weak td_ta_enable_stats = __td_ta_enable_stats
/* ARGSUSED */
td_err_e
__td_ta_enable_stats(const td_thragent_t *ta_p, int onoff)
{
        return (TD_NOCAPAB);
}

/*
 * Reset process statistics.
 */
#pragma weak td_ta_reset_stats = __td_ta_reset_stats
/* ARGSUSED */
td_err_e
__td_ta_reset_stats(const td_thragent_t *ta_p)
{
        return (TD_NOCAPAB);
}

/*
 * Read process statistics.
 */
#pragma weak td_ta_get_stats = __td_ta_get_stats
/* ARGSUSED */
td_err_e
__td_ta_get_stats(const td_thragent_t *ta_p, td_ta_stats_t *tstats)
{
        return (TD_NOCAPAB);
}

/*
 * Transfer information from lwp struct to thread information struct.
 * XXX -- lots of this needs cleaning up.
 */
static void
td_thr2to(td_thragent_t *ta_p, psaddr_t ts_addr,
    ulwp_t *ulwp, td_thrinfo_t *ti_p)
{
        lwpid_t lwpid;

        if ((lwpid = ulwp->ul_lwpid) == 0)
                lwpid = 1;
        (void) memset(ti_p, 0, sizeof (*ti_p));
        ti_p->ti_ta_p = ta_p;
        ti_p->ti_user_flags = ulwp->ul_usropts;
        ti_p->ti_tid = lwpid;
        ti_p->ti_exitval = ulwp->ul_rval;
        ti_p->ti_startfunc = (psaddr_t)ulwp->ul_startpc;
        if (!ulwp->ul_dead) {
                /*
                 * The bloody fools got this backwards!
                 */
                ti_p->ti_stkbase = (psaddr_t)ulwp->ul_stktop;
                ti_p->ti_stksize = ulwp->ul_stksiz;
        }
        ti_p->ti_ro_area = ts_addr;
        ti_p->ti_ro_size = ulwp->ul_replace?
            REPLACEMENT_SIZE : sizeof (ulwp_t);
        ti_p->ti_state = ulwp->ul_dead? TD_THR_ZOMBIE :
            ulwp->ul_stop? TD_THR_STOPPED :
            ulwp->ul_wchan? TD_THR_SLEEP :
            TD_THR_ACTIVE;
        ti_p->ti_db_suspended = 0;
        ti_p->ti_type = TD_THR_USER;
        ti_p->ti_sp = ulwp->ul_sp;
        ti_p->ti_flags = 0;
        ti_p->ti_pri = ulwp->ul_pri;
        ti_p->ti_lid = lwpid;
        if (!ulwp->ul_dead)
                ti_p->ti_sigmask = ulwp->ul_sigmask;
        ti_p->ti_traceme = 0;
        ti_p->ti_preemptflag = 0;
        ti_p->ti_pirecflag = 0;
        (void) sigemptyset(&ti_p->ti_pending);
        ti_p->ti_events = ulwp->ul_td_evbuf.eventmask;
}

#if defined(_LP64) && defined(_SYSCALL32)
static void
td_thr2to32(td_thragent_t *ta_p, psaddr_t ts_addr,
    ulwp32_t *ulwp, td_thrinfo_t *ti_p)
{
        lwpid_t lwpid;

        if ((lwpid = ulwp->ul_lwpid) == 0)
                lwpid = 1;
        (void) memset(ti_p, 0, sizeof (*ti_p));
        ti_p->ti_ta_p = ta_p;
        ti_p->ti_user_flags = ulwp->ul_usropts;
        ti_p->ti_tid = lwpid;
        ti_p->ti_exitval = (void *)(uintptr_t)ulwp->ul_rval;
        ti_p->ti_startfunc = (psaddr_t)ulwp->ul_startpc;
        if (!ulwp->ul_dead) {
                /*
                 * The bloody fools got this backwards!
                 */
                ti_p->ti_stkbase = (psaddr_t)ulwp->ul_stktop;
                ti_p->ti_stksize = ulwp->ul_stksiz;
        }
        ti_p->ti_ro_area = ts_addr;
        ti_p->ti_ro_size = ulwp->ul_replace?
            REPLACEMENT_SIZE32 : sizeof (ulwp32_t);
        ti_p->ti_state = ulwp->ul_dead? TD_THR_ZOMBIE :
            ulwp->ul_stop? TD_THR_STOPPED :
            ulwp->ul_wchan? TD_THR_SLEEP :
            TD_THR_ACTIVE;
        ti_p->ti_db_suspended = 0;
        ti_p->ti_type = TD_THR_USER;
        ti_p->ti_sp = (uint32_t)ulwp->ul_sp;
        ti_p->ti_flags = 0;
        ti_p->ti_pri = ulwp->ul_pri;
        ti_p->ti_lid = lwpid;
        if (!ulwp->ul_dead)
                ti_p->ti_sigmask = *(sigset_t *)&ulwp->ul_sigmask;
        ti_p->ti_traceme = 0;
        ti_p->ti_preemptflag = 0;
        ti_p->ti_pirecflag = 0;
        (void) sigemptyset(&ti_p->ti_pending);
        ti_p->ti_events = ulwp->ul_td_evbuf.eventmask;
}
#endif  /* _SYSCALL32 */

/*
 * Get thread information.
 */
#pragma weak td_thr_get_info = __td_thr_get_info
td_err_e
__td_thr_get_info(td_thrhandle_t *th_p, td_thrinfo_t *ti_p)
{
        struct ps_prochandle *ph_p;
        td_thragent_t   *ta_p;
        td_err_e        return_val;
        psaddr_t        psaddr;

        if (ti_p == NULL)
                return (TD_ERR);
        (void) memset(ti_p, 0, sizeof (*ti_p));

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        ta_p = th_p->th_ta_p;
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(ta_p);
                return (TD_DBERR);
        }

        /*
         * Read the ulwp struct from the process.
         * Transfer the ulwp struct to the thread information struct.
         */
        psaddr = th_p->th_unique;
        if (ta_p->model == PR_MODEL_NATIVE) {
                ulwp_t ulwp;

                if (ps_pdread(ph_p, psaddr, &ulwp, sizeof (ulwp)) != PS_OK &&
                    ((void) memset(&ulwp, 0, sizeof (ulwp)),
                    ps_pdread(ph_p, psaddr, &ulwp, REPLACEMENT_SIZE)) != PS_OK)
                        return_val = TD_DBERR;
                else
                        td_thr2to(ta_p, psaddr, &ulwp, ti_p);
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                ulwp32_t ulwp;

                if (ps_pdread(ph_p, psaddr, &ulwp, sizeof (ulwp)) != PS_OK &&
                    ((void) memset(&ulwp, 0, sizeof (ulwp)),
                    ps_pdread(ph_p, psaddr, &ulwp, REPLACEMENT_SIZE32)) !=
                    PS_OK)
                        return_val = TD_DBERR;
                else
                        td_thr2to32(ta_p, psaddr, &ulwp, ti_p);
#else
                return_val = TD_ERR;
#endif  /* _SYSCALL32 */
        }

        (void) ps_pcontinue(ph_p);
        ph_unlock(ta_p);
        return (return_val);
}

/*
 * Given a process and an event number, return information about
 * an address in the process or at which a breakpoint can be set
 * to monitor the event.
 */
#pragma weak td_ta_event_addr = __td_ta_event_addr
td_err_e
__td_ta_event_addr(td_thragent_t *ta_p, td_event_e event, td_notify_t *notify_p)
{
        if (ta_p == NULL)
                return (TD_BADTA);
        if (event < TD_MIN_EVENT_NUM || event > TD_MAX_EVENT_NUM)
                return (TD_NOEVENT);
        if (notify_p == NULL)
                return (TD_ERR);

        notify_p->type = NOTIFY_BPT;
        notify_p->u.bptaddr = ta_p->tdb_events[event - TD_MIN_EVENT_NUM];

        return (TD_OK);
}

/*
 * Add the events in eventset 2 to eventset 1.
 */
static void
eventsetaddset(td_thr_events_t *event1_p, td_thr_events_t *event2_p)
{
        int     i;

        for (i = 0; i < TD_EVENTSIZE; i++)
                event1_p->event_bits[i] |= event2_p->event_bits[i];
}

/*
 * Delete the events in eventset 2 from eventset 1.
 */
static void
eventsetdelset(td_thr_events_t *event1_p, td_thr_events_t *event2_p)
{
        int     i;

        for (i = 0; i < TD_EVENTSIZE; i++)
                event1_p->event_bits[i] &= ~event2_p->event_bits[i];
}

/*
 * Either add or delete the given event set from a thread's event mask.
 */
static td_err_e
mod_eventset(td_thrhandle_t *th_p, td_thr_events_t *events, int onoff)
{
        struct ps_prochandle *ph_p;
        td_err_e        return_val = TD_OK;
        char            enable;
        td_thr_events_t evset;
        psaddr_t        psaddr_evset;
        psaddr_t        psaddr_enab;

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        if (th_p->th_ta_p->model == PR_MODEL_NATIVE) {
                ulwp_t *ulwp = (ulwp_t *)th_p->th_unique;
                psaddr_evset = (psaddr_t)&ulwp->ul_td_evbuf.eventmask;
                psaddr_enab = (psaddr_t)&ulwp->ul_td_events_enable;
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                ulwp32_t *ulwp = (ulwp32_t *)th_p->th_unique;
                psaddr_evset = (psaddr_t)&ulwp->ul_td_evbuf.eventmask;
                psaddr_enab = (psaddr_t)&ulwp->ul_td_events_enable;
#else
                ph_unlock(th_p->th_ta_p);
                return (TD_ERR);
#endif  /* _SYSCALL32 */
        }
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(th_p->th_ta_p);
                return (TD_DBERR);
        }

        if (ps_pdread(ph_p, psaddr_evset, &evset, sizeof (evset)) != PS_OK)
                return_val = TD_DBERR;
        else {
                if (onoff)
                        eventsetaddset(&evset, events);
                else
                        eventsetdelset(&evset, events);
                if (ps_pdwrite(ph_p, psaddr_evset, &evset, sizeof (evset))
                    != PS_OK)
                        return_val = TD_DBERR;
                else {
                        enable = 0;
                        if (td_eventismember(&evset, TD_EVENTS_ENABLE))
                                enable = 1;
                        if (ps_pdwrite(ph_p, psaddr_enab,
                            &enable, sizeof (enable)) != PS_OK)
                                return_val = TD_DBERR;
                }
        }

        (void) ps_pcontinue(ph_p);
        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

/*
 * Enable or disable tracing for a given thread.  Tracing
 * is filtered based on the event mask of each thread.  Tracing
 * can be turned on/off for the thread without changing thread
 * event mask.
 * Currently unused by dbx.
 */
#pragma weak td_thr_event_enable = __td_thr_event_enable
td_err_e
__td_thr_event_enable(td_thrhandle_t *th_p, int onoff)
{
        td_thr_events_t evset;

        td_event_emptyset(&evset);
        td_event_addset(&evset, TD_EVENTS_ENABLE);
        return (mod_eventset(th_p, &evset, onoff));
}

/*
 * Set event mask to enable event. event is turned on in
 * event mask for thread.  If a thread encounters an event
 * for which its event mask is on, notification will be sent
 * to the debugger.
 * Addresses for each event are provided to the
 * debugger.  It is assumed that a breakpoint of some type will
 * be placed at that address.  If the event mask for the thread
 * is on, the instruction at the address will be executed.
 * Otherwise, the instruction will be skipped.
 */
#pragma weak td_thr_set_event = __td_thr_set_event
td_err_e
__td_thr_set_event(td_thrhandle_t *th_p, td_thr_events_t *events)
{
        return (mod_eventset(th_p, events, 1));
}

/*
 * Enable or disable a set of events in the process-global event mask,
 * depending on the value of onoff.
 */
static td_err_e
td_ta_mod_event(td_thragent_t *ta_p, td_thr_events_t *events, int onoff)
{
        struct ps_prochandle *ph_p;
        td_thr_events_t targ_eventset;
        td_err_e        return_val;

        if ((ph_p = ph_lock_ta(ta_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(ta_p);
                return (TD_DBERR);
        }
        if (ps_pdread(ph_p, ta_p->tdb_eventmask_addr,
            &targ_eventset, sizeof (targ_eventset)) != PS_OK)
                return_val = TD_DBERR;
        else {
                if (onoff)
                        eventsetaddset(&targ_eventset, events);
                else
                        eventsetdelset(&targ_eventset, events);
                if (ps_pdwrite(ph_p, ta_p->tdb_eventmask_addr,
                    &targ_eventset, sizeof (targ_eventset)) != PS_OK)
                        return_val = TD_DBERR;
        }
        (void) ps_pcontinue(ph_p);
        ph_unlock(ta_p);
        return (return_val);
}

/*
 * Enable a set of events in the process-global event mask.
 */
#pragma weak td_ta_set_event = __td_ta_set_event
td_err_e
__td_ta_set_event(td_thragent_t *ta_p, td_thr_events_t *events)
{
        return (td_ta_mod_event(ta_p, events, 1));
}

/*
 * Set event mask to disable the given event set; these events are cleared
 * from the event mask of the thread.  Events that occur for a thread
 * with the event masked off will not cause notification to be
 * sent to the debugger (see td_thr_set_event for fuller description).
 */
#pragma weak td_thr_clear_event = __td_thr_clear_event
td_err_e
__td_thr_clear_event(td_thrhandle_t *th_p, td_thr_events_t *events)
{
        return (mod_eventset(th_p, events, 0));
}

/*
 * Disable a set of events in the process-global event mask.
 */
#pragma weak td_ta_clear_event = __td_ta_clear_event
td_err_e
__td_ta_clear_event(td_thragent_t *ta_p, td_thr_events_t *events)
{
        return (td_ta_mod_event(ta_p, events, 0));
}

/*
 * This function returns the most recent event message, if any,
 * associated with a thread.  Given a thread handle, return the message
 * corresponding to the event encountered by the thread.  Only one
 * message per thread is saved.  Messages from earlier events are lost
 * when later events occur.
 */
#pragma weak td_thr_event_getmsg = __td_thr_event_getmsg
td_err_e
__td_thr_event_getmsg(td_thrhandle_t *th_p, td_event_msg_t *msg)
{
        struct ps_prochandle *ph_p;
        td_err_e        return_val = TD_OK;
        psaddr_t        psaddr;

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(th_p->th_ta_p);
                return (TD_BADTA);
        }
        if (th_p->th_ta_p->model == PR_MODEL_NATIVE) {
                ulwp_t *ulwp = (ulwp_t *)th_p->th_unique;
                td_evbuf_t evbuf;

                psaddr = (psaddr_t)&ulwp->ul_td_evbuf;
                if (ps_pdread(ph_p, psaddr, &evbuf, sizeof (evbuf)) != PS_OK) {
                        return_val = TD_DBERR;
                } else if (evbuf.eventnum == TD_EVENT_NONE) {
                        return_val = TD_NOEVENT;
                } else {
                        msg->event = evbuf.eventnum;
                        msg->th_p = (td_thrhandle_t *)th_p;
                        msg->msg.data = (uintptr_t)evbuf.eventdata;
                        /* "Consume" the message */
                        evbuf.eventnum = TD_EVENT_NONE;
                        evbuf.eventdata = NULL;
                        if (ps_pdwrite(ph_p, psaddr, &evbuf, sizeof (evbuf))
                            != PS_OK)
                                return_val = TD_DBERR;
                }
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                ulwp32_t *ulwp = (ulwp32_t *)th_p->th_unique;
                td_evbuf32_t evbuf;

                psaddr = (psaddr_t)&ulwp->ul_td_evbuf;
                if (ps_pdread(ph_p, psaddr, &evbuf, sizeof (evbuf)) != PS_OK) {
                        return_val = TD_DBERR;
                } else if (evbuf.eventnum == TD_EVENT_NONE) {
                        return_val = TD_NOEVENT;
                } else {
                        msg->event = evbuf.eventnum;
                        msg->th_p = (td_thrhandle_t *)th_p;
                        msg->msg.data = (uintptr_t)evbuf.eventdata;
                        /* "Consume" the message */
                        evbuf.eventnum = TD_EVENT_NONE;
                        evbuf.eventdata = 0;
                        if (ps_pdwrite(ph_p, psaddr, &evbuf, sizeof (evbuf))
                            != PS_OK)
                                return_val = TD_DBERR;
                }
#else
                return_val = TD_ERR;
#endif  /* _SYSCALL32 */
        }

        (void) ps_pcontinue(ph_p);
        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

/*
 * The callback function td_ta_event_getmsg uses when looking for
 * a thread with an event.  A thin wrapper around td_thr_event_getmsg.
 */
static int
event_msg_cb(const td_thrhandle_t *th_p, void *arg)
{
        static td_thrhandle_t th;
        td_event_msg_t *msg = arg;

        if (__td_thr_event_getmsg((td_thrhandle_t *)th_p, msg) == TD_OK) {
                /*
                 * Got an event, stop iterating.
                 *
                 * Because of past mistakes in interface definition,
                 * we are forced to pass back a static local variable
                 * for the thread handle because th_p is a pointer
                 * to a local variable in __td_ta_thr_iter().
                 * Grr...
                 */
                th = *th_p;
                msg->th_p = &th;
                return (1);
        }
        return (0);
}

/*
 * This function is just like td_thr_event_getmsg, except that it is
 * passed a process handle rather than a thread handle, and returns
 * an event message for some thread in the process that has an event
 * message pending.  If no thread has an event message pending, this
 * routine returns TD_NOEVENT.  Thus, all pending event messages may
 * be collected from a process by repeatedly calling this routine
 * until it returns TD_NOEVENT.
 */
#pragma weak td_ta_event_getmsg = __td_ta_event_getmsg
td_err_e
__td_ta_event_getmsg(td_thragent_t *ta_p, td_event_msg_t *msg)
{
        td_err_e return_val;

        if (ta_p == NULL)
                return (TD_BADTA);
        if (ta_p->ph_p == NULL)
                return (TD_BADPH);
        if (msg == NULL)
                return (TD_ERR);
        msg->event = TD_EVENT_NONE;
        if ((return_val = __td_ta_thr_iter(ta_p, event_msg_cb, msg,
            TD_THR_ANY_STATE, TD_THR_LOWEST_PRIORITY, TD_SIGNO_MASK,
            TD_THR_ANY_USER_FLAGS)) != TD_OK)
                return (return_val);
        if (msg->event == TD_EVENT_NONE)
                return (TD_NOEVENT);
        return (TD_OK);
}

static lwpid_t
thr_to_lwpid(const td_thrhandle_t *th_p)
{
        struct ps_prochandle *ph_p = th_p->th_ta_p->ph_p;
        lwpid_t lwpid;

        /*
         * The caller holds the prochandle lock
         * and has already verfied everything.
         */
        if (th_p->th_ta_p->model == PR_MODEL_NATIVE) {
                ulwp_t *ulwp = (ulwp_t *)th_p->th_unique;

                if (ps_pdread(ph_p, (psaddr_t)&ulwp->ul_lwpid,
                    &lwpid, sizeof (lwpid)) != PS_OK)
                        lwpid = 0;
                else if (lwpid == 0)
                        lwpid = 1;
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                ulwp32_t *ulwp = (ulwp32_t *)th_p->th_unique;

                if (ps_pdread(ph_p, (psaddr_t)&ulwp->ul_lwpid,
                    &lwpid, sizeof (lwpid)) != PS_OK)
                        lwpid = 0;
                else if (lwpid == 0)
                        lwpid = 1;
#else
                lwpid = 0;
#endif  /* _SYSCALL32 */
        }

        return (lwpid);
}

/*
 * Suspend a thread.
 * XXX: What does this mean in a one-level model?
 */
#pragma weak td_thr_dbsuspend = __td_thr_dbsuspend
td_err_e
__td_thr_dbsuspend(const td_thrhandle_t *th_p)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        if (ps_lstop(ph_p, thr_to_lwpid(th_p)) != PS_OK)
                return_val = TD_DBERR;
        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

/*
 * Resume a suspended thread.
 * XXX: What does this mean in a one-level model?
 */
#pragma weak td_thr_dbresume = __td_thr_dbresume
td_err_e
__td_thr_dbresume(const td_thrhandle_t *th_p)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        if (ps_lcontinue(ph_p, thr_to_lwpid(th_p)) != PS_OK)
                return_val = TD_DBERR;
        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

/*
 * Set a thread's signal mask.
 * Currently unused by dbx.
 */
#pragma weak td_thr_sigsetmask = __td_thr_sigsetmask
/* ARGSUSED */
td_err_e
__td_thr_sigsetmask(const td_thrhandle_t *th_p, const sigset_t ti_sigmask)
{
        return (TD_NOCAPAB);
}

/*
 * Set a thread's "signals-pending" set.
 * Currently unused by dbx.
 */
#pragma weak td_thr_setsigpending = __td_thr_setsigpending
/* ARGSUSED */
td_err_e
__td_thr_setsigpending(const td_thrhandle_t *th_p,
    uchar_t ti_pending_flag, const sigset_t ti_pending)
{
        return (TD_NOCAPAB);
}

/*
 * Get a thread's general register set.
 */
#pragma weak td_thr_getgregs = __td_thr_getgregs
td_err_e
__td_thr_getgregs(td_thrhandle_t *th_p, prgregset_t regset)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(th_p->th_ta_p);
                return (TD_DBERR);
        }

        if (ps_lgetregs(ph_p, thr_to_lwpid(th_p), regset) != PS_OK)
                return_val = TD_DBERR;

        (void) ps_pcontinue(ph_p);
        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

/*
 * Set a thread's general register set.
 */
#pragma weak td_thr_setgregs = __td_thr_setgregs
td_err_e
__td_thr_setgregs(td_thrhandle_t *th_p, const prgregset_t regset)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(th_p->th_ta_p);
                return (TD_DBERR);
        }

        if (ps_lsetregs(ph_p, thr_to_lwpid(th_p), regset) != PS_OK)
                return_val = TD_DBERR;

        (void) ps_pcontinue(ph_p);
        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

/*
 * Get a thread's floating-point register set.
 */
#pragma weak td_thr_getfpregs = __td_thr_getfpregs
td_err_e
__td_thr_getfpregs(td_thrhandle_t *th_p, prfpregset_t *fpregset)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(th_p->th_ta_p);
                return (TD_DBERR);
        }

        if (ps_lgetfpregs(ph_p, thr_to_lwpid(th_p), fpregset) != PS_OK)
                return_val = TD_DBERR;

        (void) ps_pcontinue(ph_p);
        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

/*
 * Set a thread's floating-point register set.
 */
#pragma weak td_thr_setfpregs = __td_thr_setfpregs
td_err_e
__td_thr_setfpregs(td_thrhandle_t *th_p, const prfpregset_t *fpregset)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(th_p->th_ta_p);
                return (TD_DBERR);
        }

        if (ps_lsetfpregs(ph_p, thr_to_lwpid(th_p), fpregset) != PS_OK)
                return_val = TD_DBERR;

        (void) ps_pcontinue(ph_p);
        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

/*
 * Get the size of the extra state register set for this architecture.
 * Currently unused by dbx.
 */
#pragma weak td_thr_getxregsize = __td_thr_getxregsize
/* ARGSUSED */
td_err_e
__td_thr_getxregsize(td_thrhandle_t *th_p, int *xregsize)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(th_p->th_ta_p);
                return (TD_DBERR);
        }

        if (ps_lgetxregsize(ph_p, thr_to_lwpid(th_p), xregsize) != PS_OK)
                return_val = TD_DBERR;

        if (*xregsize == 0)
                return_val = TD_NOXREGS;

        (void) ps_pcontinue(ph_p);
        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

/*
 * Get a thread's extra state register set.
 */
#pragma weak td_thr_getxregs = __td_thr_getxregs
td_err_e
__td_thr_getxregs(td_thrhandle_t *th_p, void *xregset)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;
        ps_err_e ps_err;

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(th_p->th_ta_p);
                return (TD_DBERR);
        }

        ps_err = ps_lgetxregs(ph_p, thr_to_lwpid(th_p), (caddr_t)xregset);
        if (ps_err == PS_NOXREGS)
                return_val = TD_NOXREGS;
        else if (ps_err != PS_OK)
                return_val = TD_DBERR;

        (void) ps_pcontinue(ph_p);
        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

/*
 * Set a thread's extra state register set.
 */
#pragma weak td_thr_setxregs = __td_thr_setxregs
td_err_e
__td_thr_setxregs(td_thrhandle_t *th_p, const void *xregset)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;

        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(th_p->th_ta_p);
                return (TD_DBERR);
        }

        if (ps_lsetxregs(ph_p, thr_to_lwpid(th_p), (caddr_t)xregset) != PS_OK)
                return_val = TD_DBERR;

        (void) ps_pcontinue(ph_p);
        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

struct searcher {
        psaddr_t        addr;
        int             status;
};

/*
 * Check the struct thread address in *th_p again first
 * value in "data".  If value in data is found, set second value
 * in "data" to 1 and return 1 to terminate iterations.
 * This function is used by td_thr_validate() to verify that
 * a thread handle is valid.
 */
static int
td_searcher(const td_thrhandle_t *th_p, void *data)
{
        struct searcher *searcher_data = (struct searcher *)data;

        if (searcher_data->addr == th_p->th_unique) {
                searcher_data->status = 1;
                return (1);
        }
        return (0);
}

/*
 * Validate the thread handle.  Check that
 * a thread exists in the thread agent/process that
 * corresponds to thread with handle *th_p.
 * Currently unused by dbx.
 */
#pragma weak td_thr_validate = __td_thr_validate
td_err_e
__td_thr_validate(const td_thrhandle_t *th_p)
{
        td_err_e return_val;
        struct searcher searcher_data = {0, 0};

        if (th_p == NULL)
                return (TD_BADTH);
        if (th_p->th_unique == 0 || th_p->th_ta_p == NULL)
                return (TD_BADTH);

        /*
         * LOCKING EXCEPTION - Locking is not required
         * here because no use of the thread agent is made (other
         * than the sanity check) and checking of the thread
         * agent will be done in __td_ta_thr_iter.
         */

        searcher_data.addr = th_p->th_unique;
        return_val = __td_ta_thr_iter(th_p->th_ta_p,
            td_searcher, &searcher_data,
            TD_THR_ANY_STATE, TD_THR_LOWEST_PRIORITY,
            TD_SIGNO_MASK, TD_THR_ANY_USER_FLAGS);

        if (return_val == TD_OK && searcher_data.status == 0)
                return_val = TD_NOTHR;

        return (return_val);
}

/*
 * Get a thread's private binding to a given thread specific
 * data(TSD) key(see thr_getspecific(3C).  If the thread doesn't
 * have a binding for a particular key, then NULL is returned.
 */
#pragma weak td_thr_tsd = __td_thr_tsd
td_err_e
__td_thr_tsd(td_thrhandle_t *th_p, thread_key_t key, void **data_pp)
{
        struct ps_prochandle *ph_p;
        td_thragent_t   *ta_p;
        td_err_e        return_val;
        int             maxkey;
        int             nkey;
        psaddr_t        tsd_paddr;

        if (data_pp == NULL)
                return (TD_ERR);
        *data_pp = NULL;
        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        ta_p = th_p->th_ta_p;
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(ta_p);
                return (TD_DBERR);
        }

        if (ta_p->model == PR_MODEL_NATIVE) {
                ulwp_t *ulwp = (ulwp_t *)th_p->th_unique;
                tsd_metadata_t tsdm;
                tsd_t stsd;

                if (ps_pdread(ph_p,
                    ta_p->uberdata_addr + offsetof(uberdata_t, tsd_metadata),
                    &tsdm, sizeof (tsdm)) != PS_OK)
                        return_val = TD_DBERR;
                else if (ps_pdread(ph_p, (psaddr_t)&ulwp->ul_stsd,
                    &tsd_paddr, sizeof (tsd_paddr)) != PS_OK)
                        return_val = TD_DBERR;
                else if (tsd_paddr != 0 &&
                    ps_pdread(ph_p, tsd_paddr, &stsd, sizeof (stsd)) != PS_OK)
                        return_val = TD_DBERR;
                else {
                        maxkey = tsdm.tsdm_nused;
                        nkey = tsd_paddr == 0 ? TSD_NFAST : stsd.tsd_nalloc;

                        if (key < TSD_NFAST)
                                tsd_paddr = (psaddr_t)&ulwp->ul_ftsd[0];
                }
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                ulwp32_t *ulwp = (ulwp32_t *)th_p->th_unique;
                tsd_metadata32_t tsdm;
                tsd32_t stsd;
                caddr32_t addr;

                if (ps_pdread(ph_p,
                    ta_p->uberdata_addr + offsetof(uberdata32_t, tsd_metadata),
                    &tsdm, sizeof (tsdm)) != PS_OK)
                        return_val = TD_DBERR;
                else if (ps_pdread(ph_p, (psaddr_t)&ulwp->ul_stsd,
                    &addr, sizeof (addr)) != PS_OK)
                        return_val = TD_DBERR;
                else if (addr != 0 &&
                    ps_pdread(ph_p, addr, &stsd, sizeof (stsd)) != PS_OK)
                        return_val = TD_DBERR;
                else {
                        maxkey = tsdm.tsdm_nused;
                        nkey = addr == 0 ? TSD_NFAST : stsd.tsd_nalloc;

                        if (key < TSD_NFAST) {
                                tsd_paddr = (psaddr_t)&ulwp->ul_ftsd[0];
                        } else {
                                tsd_paddr = addr;
                        }
                }
#else
                return_val = TD_ERR;
#endif  /* _SYSCALL32 */
        }

        if (return_val == TD_OK && (key < 1 || key >= maxkey))
                return_val = TD_NOTSD;
        if (return_val != TD_OK || key >= nkey) {
                /* NULL has already been stored in data_pp */
                (void) ps_pcontinue(ph_p);
                ph_unlock(ta_p);
                return (return_val);
        }

        /*
         * Read the value from the thread's tsd array.
         */
        if (ta_p->model == PR_MODEL_NATIVE) {
                void *value;

                if (ps_pdread(ph_p, tsd_paddr + key * sizeof (void *),
                    &value, sizeof (value)) != PS_OK)
                        return_val = TD_DBERR;
                else
                        *data_pp = value;
#if defined(_LP64) && defined(_SYSCALL32)
        } else {
                caddr32_t value32;

                if (ps_pdread(ph_p, tsd_paddr + key * sizeof (caddr32_t),
                    &value32, sizeof (value32)) != PS_OK)
                        return_val = TD_DBERR;
                else
                        *data_pp = (void *)(uintptr_t)value32;
#endif  /* _SYSCALL32 */
        }

        (void) ps_pcontinue(ph_p);
        ph_unlock(ta_p);
        return (return_val);
}

/*
 * Get the base address of a thread's thread local storage (TLS) block
 * for the module (executable or shared object) identified by 'moduleid'.
 */
#pragma weak td_thr_tlsbase = __td_thr_tlsbase
td_err_e
__td_thr_tlsbase(td_thrhandle_t *th_p, ulong_t moduleid, psaddr_t *base)
{
        struct ps_prochandle *ph_p;
        td_thragent_t   *ta_p;
        td_err_e        return_val;

        if (base == NULL)
                return (TD_ERR);
        *base = 0;
        if ((ph_p = ph_lock_th(th_p, &return_val)) == NULL)
                return (return_val);
        ta_p = th_p->th_ta_p;
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(ta_p);
                return (TD_DBERR);
        }

        if (ta_p->model == PR_MODEL_NATIVE) {
                ulwp_t *ulwp = (ulwp_t *)th_p->th_unique;
                tls_metadata_t tls_metadata;
                TLS_modinfo tlsmod;
                tls_t tls;

                if (ps_pdread(ph_p,
                    ta_p->uberdata_addr + offsetof(uberdata_t, tls_metadata),
                    &tls_metadata, sizeof (tls_metadata)) != PS_OK)
                        return_val = TD_DBERR;
                else if (moduleid >= tls_metadata.tls_modinfo.tls_size)
                        return_val = TD_NOTLS;
                else if (ps_pdread(ph_p,
                    (psaddr_t)((TLS_modinfo *)
                    tls_metadata.tls_modinfo.tls_data + moduleid),
                    &tlsmod, sizeof (tlsmod)) != PS_OK)
                        return_val = TD_DBERR;
                else if (tlsmod.tm_memsz == 0)
                        return_val = TD_NOTLS;
                else if (tlsmod.tm_flags & TM_FLG_STATICTLS)
                        *base = (psaddr_t)ulwp - tlsmod.tm_stattlsoffset;
                else if (ps_pdread(ph_p, (psaddr_t)&ulwp->ul_tls,
                    &tls, sizeof (tls)) != PS_OK)
                        return_val = TD_DBERR;
                else if (moduleid >= tls.tls_size)
                        return_val = TD_TLSDEFER;
                else if (ps_pdread(ph_p,
                    (psaddr_t)((tls_t *)tls.tls_data + moduleid),
                    &tls, sizeof (tls)) != PS_OK)
                        return_val = TD_DBERR;
                else if (tls.tls_size == 0)
                        return_val = TD_TLSDEFER;
                else
                        *base = (psaddr_t)tls.tls_data;
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                ulwp32_t *ulwp = (ulwp32_t *)th_p->th_unique;
                tls_metadata32_t tls_metadata;
                TLS_modinfo32 tlsmod;
                tls32_t tls;

                if (ps_pdread(ph_p,
                    ta_p->uberdata_addr + offsetof(uberdata32_t, tls_metadata),
                    &tls_metadata, sizeof (tls_metadata)) != PS_OK)
                        return_val = TD_DBERR;
                else if (moduleid >= tls_metadata.tls_modinfo.tls_size)
                        return_val = TD_NOTLS;
                else if (ps_pdread(ph_p,
                    (psaddr_t)((TLS_modinfo32 *)
                    (uintptr_t)tls_metadata.tls_modinfo.tls_data + moduleid),
                    &tlsmod, sizeof (tlsmod)) != PS_OK)
                        return_val = TD_DBERR;
                else if (tlsmod.tm_memsz == 0)
                        return_val = TD_NOTLS;
                else if (tlsmod.tm_flags & TM_FLG_STATICTLS)
                        *base = (psaddr_t)ulwp - tlsmod.tm_stattlsoffset;
                else if (ps_pdread(ph_p, (psaddr_t)&ulwp->ul_tls,
                    &tls, sizeof (tls)) != PS_OK)
                        return_val = TD_DBERR;
                else if (moduleid >= tls.tls_size)
                        return_val = TD_TLSDEFER;
                else if (ps_pdread(ph_p,
                    (psaddr_t)((tls32_t *)(uintptr_t)tls.tls_data + moduleid),
                    &tls, sizeof (tls)) != PS_OK)
                        return_val = TD_DBERR;
                else if (tls.tls_size == 0)
                        return_val = TD_TLSDEFER;
                else
                        *base = (psaddr_t)tls.tls_data;
#else
                return_val = TD_ERR;
#endif  /* _SYSCALL32 */
        }

        (void) ps_pcontinue(ph_p);
        ph_unlock(ta_p);
        return (return_val);
}

/*
 * Change a thread's priority to the value specified by ti_pri.
 * Currently unused by dbx.
 */
#pragma weak td_thr_setprio = __td_thr_setprio
/* ARGSUSED */
td_err_e
__td_thr_setprio(td_thrhandle_t *th_p, int ti_pri)
{
        return (TD_NOCAPAB);
}

/*
 * This structure links td_thr_lockowner and the lowner_cb callback function.
 */
typedef struct {
        td_sync_iter_f  *owner_cb;
        void            *owner_cb_arg;
        td_thrhandle_t  *th_p;
} lowner_cb_ctl_t;

static int
lowner_cb(const td_synchandle_t *sh_p, void *arg)
{
        lowner_cb_ctl_t *ocb = arg;
        int trunc = 0;
        union {
                rwlock_t rwl;
                mutex_t mx;
        } rw_m;

        if (ps_pdread(sh_p->sh_ta_p->ph_p, sh_p->sh_unique,
            &rw_m, sizeof (rw_m)) != PS_OK) {
                trunc = 1;
                if (ps_pdread(sh_p->sh_ta_p->ph_p, sh_p->sh_unique,
                    &rw_m.mx, sizeof (rw_m.mx)) != PS_OK)
                        return (0);
        }
        if (rw_m.mx.mutex_magic == MUTEX_MAGIC &&
            rw_m.mx.mutex_owner == ocb->th_p->th_unique)
                return ((ocb->owner_cb)(sh_p, ocb->owner_cb_arg));
        if (!trunc && rw_m.rwl.magic == RWL_MAGIC) {
                mutex_t *rwlock = &rw_m.rwl.mutex;
                if (rwlock->mutex_owner == ocb->th_p->th_unique)
                        return ((ocb->owner_cb)(sh_p, ocb->owner_cb_arg));
        }
        return (0);
}

/*
 * Iterate over the set of locks owned by a specified thread.
 * If cb returns a non-zero value, terminate iterations.
 */
#pragma weak td_thr_lockowner = __td_thr_lockowner
td_err_e
__td_thr_lockowner(const td_thrhandle_t *th_p, td_sync_iter_f *cb,
    void *cb_data)
{
        td_thragent_t   *ta_p;
        td_err_e        return_val;
        lowner_cb_ctl_t lcb;

        /*
         * Just sanity checks.
         */
        if (ph_lock_th((td_thrhandle_t *)th_p, &return_val) == NULL)
                return (return_val);
        ta_p = th_p->th_ta_p;
        ph_unlock(ta_p);

        lcb.owner_cb = cb;
        lcb.owner_cb_arg = cb_data;
        lcb.th_p = (td_thrhandle_t *)th_p;
        return (__td_ta_sync_iter(ta_p, lowner_cb, &lcb));
}

/*
 * If a thread is asleep on a synchronization variable,
 * then get the synchronization handle.
 */
#pragma weak td_thr_sleepinfo = __td_thr_sleepinfo
td_err_e
__td_thr_sleepinfo(const td_thrhandle_t *th_p, td_synchandle_t *sh_p)
{
        struct ps_prochandle *ph_p;
        td_err_e        return_val = TD_OK;
        uintptr_t       wchan;

        if (sh_p == NULL)
                return (TD_ERR);
        if ((ph_p = ph_lock_th((td_thrhandle_t *)th_p, &return_val)) == NULL)
                return (return_val);

        /*
         * No need to stop the process for a simple read.
         */
        if (th_p->th_ta_p->model == PR_MODEL_NATIVE) {
                ulwp_t *ulwp = (ulwp_t *)th_p->th_unique;

                if (ps_pdread(ph_p, (psaddr_t)&ulwp->ul_wchan,
                    &wchan, sizeof (wchan)) != PS_OK)
                        return_val = TD_DBERR;
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                ulwp32_t *ulwp = (ulwp32_t *)th_p->th_unique;
                caddr32_t wchan32;

                if (ps_pdread(ph_p, (psaddr_t)&ulwp->ul_wchan,
                    &wchan32, sizeof (wchan32)) != PS_OK)
                        return_val = TD_DBERR;
                wchan = wchan32;
#else
                return_val = TD_ERR;
#endif  /* _SYSCALL32 */
        }

        if (return_val != TD_OK || wchan == 0) {
                sh_p->sh_ta_p = NULL;
                sh_p->sh_unique = 0;
                if (return_val == TD_OK)
                        return_val = TD_ERR;
        } else {
                sh_p->sh_ta_p = th_p->th_ta_p;
                sh_p->sh_unique = (psaddr_t)wchan;
        }

        ph_unlock(th_p->th_ta_p);
        return (return_val);
}

/*
 * Which thread is running on an lwp?
 */
#pragma weak td_ta_map_lwp2thr = __td_ta_map_lwp2thr
td_err_e
__td_ta_map_lwp2thr(td_thragent_t *ta_p, lwpid_t lwpid,
    td_thrhandle_t *th_p)
{
        return (__td_ta_map_id2thr(ta_p, lwpid, th_p));
}

/*
 * Common code for td_sync_get_info() and td_sync_get_stats()
 */
static td_err_e
sync_get_info_common(const td_synchandle_t *sh_p, struct ps_prochandle *ph_p,
    td_syncinfo_t *si_p)
{
        int trunc = 0;
        td_so_un_t generic_so;

        /*
         * Determine the sync. object type; a little type fudgery here.
         * First attempt to read the whole union.  If that fails, attempt
         * to read just the condvar.  A condvar is the smallest sync. object.
         */
        if (ps_pdread(ph_p, sh_p->sh_unique,
            &generic_so, sizeof (generic_so)) != PS_OK) {
                trunc = 1;
                if (ps_pdread(ph_p, sh_p->sh_unique, &generic_so.condition,
                    sizeof (generic_so.condition)) != PS_OK)
                        return (TD_DBERR);
        }

        switch (generic_so.condition.cond_magic) {
        case MUTEX_MAGIC:
                if (trunc && ps_pdread(ph_p, sh_p->sh_unique,
                    &generic_so.lock, sizeof (generic_so.lock)) != PS_OK)
                        return (TD_DBERR);
                si_p->si_type = TD_SYNC_MUTEX;
                si_p->si_shared_type =
                    (generic_so.lock.mutex_type & USYNC_PROCESS);
                (void) memcpy(si_p->si_flags, &generic_so.lock.mutex_flag,
                    sizeof (generic_so.lock.mutex_flag));
                si_p->si_state.mutex_locked =
                    (generic_so.lock.mutex_lockw != 0);
                si_p->si_size = sizeof (generic_so.lock);
                si_p->si_has_waiters = generic_so.lock.mutex_waiters;
                si_p->si_rcount = generic_so.lock.mutex_rcount;
                si_p->si_prioceiling = generic_so.lock.mutex_ceiling;
                if (si_p->si_state.mutex_locked) {
                        if (si_p->si_shared_type & USYNC_PROCESS)
                                si_p->si_ownerpid =
                                    generic_so.lock.mutex_ownerpid;
                        si_p->si_owner.th_ta_p = sh_p->sh_ta_p;
                        si_p->si_owner.th_unique = generic_so.lock.mutex_owner;
                }
                break;
        case COND_MAGIC:
                si_p->si_type = TD_SYNC_COND;
                si_p->si_shared_type =
                    (generic_so.condition.cond_type & USYNC_PROCESS);
                (void) memcpy(si_p->si_flags, generic_so.condition.flags.flag,
                    sizeof (generic_so.condition.flags.flag));
                si_p->si_size = sizeof (generic_so.condition);
                si_p->si_has_waiters =
                    (generic_so.condition.cond_waiters_user |
                    generic_so.condition.cond_waiters_kernel)? 1 : 0;
                break;
        case SEMA_MAGIC:
                if (trunc && ps_pdread(ph_p, sh_p->sh_unique,
                    &generic_so.semaphore, sizeof (generic_so.semaphore))
                    != PS_OK)
                        return (TD_DBERR);
                si_p->si_type = TD_SYNC_SEMA;
                si_p->si_shared_type =
                    (generic_so.semaphore.type & USYNC_PROCESS);
                si_p->si_state.sem_count = generic_so.semaphore.count;
                si_p->si_size = sizeof (generic_so.semaphore);
                si_p->si_has_waiters =
                    ((lwp_sema_t *)&generic_so.semaphore)->flags[7];
                /* this is useless but the old interface provided it */
                si_p->si_data = (psaddr_t)generic_so.semaphore.count;
                break;
        case RWL_MAGIC:
        {
                uint32_t rwstate;

                if (trunc && ps_pdread(ph_p, sh_p->sh_unique,
                    &generic_so.rwlock, sizeof (generic_so.rwlock)) != PS_OK)
                        return (TD_DBERR);
                si_p->si_type = TD_SYNC_RWLOCK;
                si_p->si_shared_type =
                    (generic_so.rwlock.rwlock_type & USYNC_PROCESS);
                si_p->si_size = sizeof (generic_so.rwlock);

                rwstate = (uint32_t)generic_so.rwlock.rwlock_readers;
                if (rwstate & URW_WRITE_LOCKED) {
                        si_p->si_state.nreaders = -1;
                        si_p->si_is_wlock = 1;
                        si_p->si_owner.th_ta_p = sh_p->sh_ta_p;
                        si_p->si_owner.th_unique =
                            generic_so.rwlock.rwlock_owner;
                        if (si_p->si_shared_type & USYNC_PROCESS)
                                si_p->si_ownerpid =
                                    generic_so.rwlock.rwlock_ownerpid;
                } else {
                        si_p->si_state.nreaders = (rwstate & URW_READERS_MASK);
                }
                si_p->si_has_waiters = ((rwstate & URW_HAS_WAITERS) != 0);

                /* this is useless but the old interface provided it */
                si_p->si_data = (psaddr_t)generic_so.rwlock.readers;
                break;
        }
        default:
                return (TD_BADSH);
        }

        si_p->si_ta_p = sh_p->sh_ta_p;
        si_p->si_sv_addr = sh_p->sh_unique;
        return (TD_OK);
}

/*
 * Given a synchronization handle, fill in the
 * information for the synchronization variable into *si_p.
 */
#pragma weak td_sync_get_info = __td_sync_get_info
td_err_e
__td_sync_get_info(const td_synchandle_t *sh_p, td_syncinfo_t *si_p)
{
        struct ps_prochandle *ph_p;
        td_err_e return_val;

        if (si_p == NULL)
                return (TD_ERR);
        (void) memset(si_p, 0, sizeof (*si_p));
        if ((ph_p = ph_lock_sh(sh_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(sh_p->sh_ta_p);
                return (TD_DBERR);
        }

        return_val = sync_get_info_common(sh_p, ph_p, si_p);

        (void) ps_pcontinue(ph_p);
        ph_unlock(sh_p->sh_ta_p);
        return (return_val);
}

static uint_t
tdb_addr_hash64(uint64_t addr)
{
        uint64_t value60 = (addr >> 4);
        uint32_t value30 = (value60 >> 30) ^ (value60 & 0x3fffffff);
        return ((value30 >> 15) ^ (value30 & 0x7fff));
}

static uint_t
tdb_addr_hash32(uint64_t addr)
{
        uint32_t value30 = (addr >> 2);         /* 30 bits */
        return ((value30 >> 15) ^ (value30 & 0x7fff));
}

static td_err_e
read_sync_stats(td_thragent_t *ta_p, psaddr_t hash_table,
    psaddr_t sync_obj_addr, tdb_sync_stats_t *sync_stats)
{
        psaddr_t next_desc;
        uint64_t first;
        uint_t ix;

        /*
         * Compute the hash table index from the synch object's address.
         */
        if (ta_p->model == PR_MODEL_LP64)
                ix = tdb_addr_hash64(sync_obj_addr);
        else
                ix = tdb_addr_hash32(sync_obj_addr);

        /*
         * Get the address of the first element in the linked list.
         */
        if (ps_pdread(ta_p->ph_p, hash_table + ix * sizeof (uint64_t),
            &first, sizeof (first)) != PS_OK)
                return (TD_DBERR);

        /*
         * Search the linked list for an entry for the synch object..
         */
        for (next_desc = (psaddr_t)first; next_desc != 0;
            next_desc = (psaddr_t)sync_stats->next) {
                if (ps_pdread(ta_p->ph_p, next_desc,
                    sync_stats, sizeof (*sync_stats)) != PS_OK)
                        return (TD_DBERR);
                if (sync_stats->sync_addr == sync_obj_addr)
                        return (TD_OK);
        }

        (void) memset(sync_stats, 0, sizeof (*sync_stats));
        return (TD_OK);
}

/*
 * Given a synchronization handle, fill in the
 * statistics for the synchronization variable into *ss_p.
 */
#pragma weak td_sync_get_stats = __td_sync_get_stats
td_err_e
__td_sync_get_stats(const td_synchandle_t *sh_p, td_syncstats_t *ss_p)
{
        struct ps_prochandle *ph_p;
        td_thragent_t *ta_p;
        td_err_e return_val;
        register_sync_t enable;
        psaddr_t hashaddr;
        tdb_sync_stats_t sync_stats;
        size_t ix;

        if (ss_p == NULL)
                return (TD_ERR);
        (void) memset(ss_p, 0, sizeof (*ss_p));
        if ((ph_p = ph_lock_sh(sh_p, &return_val)) == NULL)
                return (return_val);
        ta_p = sh_p->sh_ta_p;
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(ta_p);
                return (TD_DBERR);
        }

        if ((return_val = sync_get_info_common(sh_p, ph_p, &ss_p->ss_info))
            != TD_OK) {
                if (return_val != TD_BADSH)
                        goto out;
                /* we can correct TD_BADSH */
                (void) memset(&ss_p->ss_info, 0, sizeof (ss_p->ss_info));
                ss_p->ss_info.si_ta_p = sh_p->sh_ta_p;
                ss_p->ss_info.si_sv_addr = sh_p->sh_unique;
                /* we correct si_type and si_size below */
                return_val = TD_OK;
        }
        if (ps_pdread(ph_p, ta_p->tdb_register_sync_addr,
            &enable, sizeof (enable)) != PS_OK) {
                return_val = TD_DBERR;
                goto out;
        }
        if (enable != REGISTER_SYNC_ON)
                goto out;

        /*
         * Get the address of the hash table in the target process.
         */
        if (ta_p->model == PR_MODEL_NATIVE) {
                if (ps_pdread(ph_p, ta_p->uberdata_addr +
                    offsetof(uberdata_t, tdb.tdb_sync_addr_hash),
                    &hashaddr, sizeof (&hashaddr)) != PS_OK) {
                        return_val = TD_DBERR;
                        goto out;
                }
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                caddr32_t addr;

                if (ps_pdread(ph_p, ta_p->uberdata_addr +
                    offsetof(uberdata32_t, tdb.tdb_sync_addr_hash),
                    &addr, sizeof (addr)) != PS_OK) {
                        return_val = TD_DBERR;
                        goto out;
                }
                hashaddr = addr;
#else
                return_val = TD_ERR;
                goto out;
#endif  /* _SYSCALL32 */
        }

        if (hashaddr == 0)
                return_val = TD_BADSH;
        else
                return_val = read_sync_stats(ta_p, hashaddr,
                    sh_p->sh_unique, &sync_stats);
        if (return_val != TD_OK)
                goto out;

        /*
         * We have the hash table entry.  Transfer the data to
         * the td_syncstats_t structure provided by the caller.
         */
        switch (sync_stats.un.type) {
        case TDB_MUTEX:
        {
                td_mutex_stats_t *msp = &ss_p->ss_un.mutex;

                ss_p->ss_info.si_type = TD_SYNC_MUTEX;
                ss_p->ss_info.si_size = sizeof (mutex_t);
                msp->mutex_lock =
                    sync_stats.un.mutex.mutex_lock;
                msp->mutex_sleep =
                    sync_stats.un.mutex.mutex_sleep;
                msp->mutex_sleep_time =
                    sync_stats.un.mutex.mutex_sleep_time;
                msp->mutex_hold_time =
                    sync_stats.un.mutex.mutex_hold_time;
                msp->mutex_try =
                    sync_stats.un.mutex.mutex_try;
                msp->mutex_try_fail =
                    sync_stats.un.mutex.mutex_try_fail;
                if (sync_stats.sync_addr >= ta_p->hash_table_addr &&
                    (ix = sync_stats.sync_addr - ta_p->hash_table_addr)
                    < ta_p->hash_size * sizeof (thr_hash_table_t))
                        msp->mutex_internal =
                            ix / sizeof (thr_hash_table_t) + 1;
                break;
        }
        case TDB_COND:
        {
                td_cond_stats_t *csp = &ss_p->ss_un.cond;

                ss_p->ss_info.si_type = TD_SYNC_COND;
                ss_p->ss_info.si_size = sizeof (cond_t);
                csp->cond_wait =
                    sync_stats.un.cond.cond_wait;
                csp->cond_timedwait =
                    sync_stats.un.cond.cond_timedwait;
                csp->cond_wait_sleep_time =
                    sync_stats.un.cond.cond_wait_sleep_time;
                csp->cond_timedwait_sleep_time =
                    sync_stats.un.cond.cond_timedwait_sleep_time;
                csp->cond_timedwait_timeout =
                    sync_stats.un.cond.cond_timedwait_timeout;
                csp->cond_signal =
                    sync_stats.un.cond.cond_signal;
                csp->cond_broadcast =
                    sync_stats.un.cond.cond_broadcast;
                if (sync_stats.sync_addr >= ta_p->hash_table_addr &&
                    (ix = sync_stats.sync_addr - ta_p->hash_table_addr)
                    < ta_p->hash_size * sizeof (thr_hash_table_t))
                        csp->cond_internal =
                            ix / sizeof (thr_hash_table_t) + 1;
                break;
        }
        case TDB_RWLOCK:
        {
                td_rwlock_stats_t *rwsp = &ss_p->ss_un.rwlock;

                ss_p->ss_info.si_type = TD_SYNC_RWLOCK;
                ss_p->ss_info.si_size = sizeof (rwlock_t);
                rwsp->rw_rdlock =
                    sync_stats.un.rwlock.rw_rdlock;
                rwsp->rw_rdlock_try =
                    sync_stats.un.rwlock.rw_rdlock_try;
                rwsp->rw_rdlock_try_fail =
                    sync_stats.un.rwlock.rw_rdlock_try_fail;
                rwsp->rw_wrlock =
                    sync_stats.un.rwlock.rw_wrlock;
                rwsp->rw_wrlock_hold_time =
                    sync_stats.un.rwlock.rw_wrlock_hold_time;
                rwsp->rw_wrlock_try =
                    sync_stats.un.rwlock.rw_wrlock_try;
                rwsp->rw_wrlock_try_fail =
                    sync_stats.un.rwlock.rw_wrlock_try_fail;
                break;
        }
        case TDB_SEMA:
        {
                td_sema_stats_t *ssp = &ss_p->ss_un.sema;

                ss_p->ss_info.si_type = TD_SYNC_SEMA;
                ss_p->ss_info.si_size = sizeof (sema_t);
                ssp->sema_wait =
                    sync_stats.un.sema.sema_wait;
                ssp->sema_wait_sleep =
                    sync_stats.un.sema.sema_wait_sleep;
                ssp->sema_wait_sleep_time =
                    sync_stats.un.sema.sema_wait_sleep_time;
                ssp->sema_trywait =
                    sync_stats.un.sema.sema_trywait;
                ssp->sema_trywait_fail =
                    sync_stats.un.sema.sema_trywait_fail;
                ssp->sema_post =
                    sync_stats.un.sema.sema_post;
                ssp->sema_max_count =
                    sync_stats.un.sema.sema_max_count;
                ssp->sema_min_count =
                    sync_stats.un.sema.sema_min_count;
                break;
        }
        default:
                return_val = TD_BADSH;
                break;
        }

out:
        (void) ps_pcontinue(ph_p);
        ph_unlock(ta_p);
        return (return_val);
}

/*
 * Change the state of a synchronization variable.
 *      1) mutex lock state set to value
 *      2) semaphore's count set to value
 *      3) writer's lock set by value < 0
 *      4) reader's lock number of readers set to value >= 0
 * Currently unused by dbx.
 */
#pragma weak td_sync_setstate = __td_sync_setstate
td_err_e
__td_sync_setstate(const td_synchandle_t *sh_p, int value)
{
        struct ps_prochandle *ph_p;
        int             trunc = 0;
        td_err_e        return_val;
        td_so_un_t      generic_so;
        uint32_t        *rwstate;

        if ((ph_p = ph_lock_sh(sh_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pstop(ph_p) != PS_OK) {
                ph_unlock(sh_p->sh_ta_p);
                return (TD_DBERR);
        }

        /*
         * Read the synch. variable information.
         * First attempt to read the whole union and if that fails
         * fall back to reading only the smallest member, the condvar.
         */
        if (ps_pdread(ph_p, sh_p->sh_unique, &generic_so,
            sizeof (generic_so)) != PS_OK) {
                trunc = 1;
                if (ps_pdread(ph_p, sh_p->sh_unique, &generic_so.condition,
                    sizeof (generic_so.condition)) != PS_OK) {
                        (void) ps_pcontinue(ph_p);
                        ph_unlock(sh_p->sh_ta_p);
                        return (TD_DBERR);
                }
        }

        /*
         * Set the new value in the sync. variable, read the synch. variable
         * information. from the process, reset its value and write it back.
         */
        switch (generic_so.condition.mutex_magic) {
        case MUTEX_MAGIC:
                if (trunc && ps_pdread(ph_p, sh_p->sh_unique,
                    &generic_so.lock, sizeof (generic_so.lock)) != PS_OK) {
                        return_val = TD_DBERR;
                        break;
                }
                generic_so.lock.mutex_lockw = (uint8_t)value;
                if (ps_pdwrite(ph_p, sh_p->sh_unique, &generic_so.lock,
                    sizeof (generic_so.lock)) != PS_OK)
                        return_val = TD_DBERR;
                break;
        case SEMA_MAGIC:
                if (trunc && ps_pdread(ph_p, sh_p->sh_unique,
                    &generic_so.semaphore, sizeof (generic_so.semaphore))
                    != PS_OK) {
                        return_val = TD_DBERR;
                        break;
                }
                generic_so.semaphore.count = value;
                if (ps_pdwrite(ph_p, sh_p->sh_unique, &generic_so.semaphore,
                    sizeof (generic_so.semaphore)) != PS_OK)
                        return_val = TD_DBERR;
                break;
        case COND_MAGIC:
                /* Operation not supported on a condition variable */
                return_val = TD_ERR;
                break;
        case RWL_MAGIC:
                if (trunc && ps_pdread(ph_p, sh_p->sh_unique,
                    &generic_so.rwlock, sizeof (generic_so.rwlock)) != PS_OK) {
                        return_val = TD_DBERR;
                        break;
                }
                rwstate = (uint32_t *)&generic_so.rwlock.readers;
                *rwstate &= URW_HAS_WAITERS;
                if (value < 0)
                        *rwstate |= URW_WRITE_LOCKED;
                else
                        *rwstate |= (value & URW_READERS_MASK);
                if (ps_pdwrite(ph_p, sh_p->sh_unique, &generic_so.rwlock,
                    sizeof (generic_so.rwlock)) != PS_OK)
                        return_val = TD_DBERR;
                break;
        default:
                /* Bad sync. object type */
                return_val = TD_BADSH;
                break;
        }

        (void) ps_pcontinue(ph_p);
        ph_unlock(sh_p->sh_ta_p);
        return (return_val);
}

typedef struct {
        td_thr_iter_f   *waiter_cb;
        psaddr_t        sync_obj_addr;
        uint16_t        sync_magic;
        void            *waiter_cb_arg;
        td_err_e        errcode;
} waiter_cb_ctl_t;

static int
waiters_cb(const td_thrhandle_t *th_p, void *arg)
{
        td_thragent_t   *ta_p = th_p->th_ta_p;
        struct ps_prochandle *ph_p = ta_p->ph_p;
        waiter_cb_ctl_t *wcb = arg;
        caddr_t         wchan;

        if (ta_p->model == PR_MODEL_NATIVE) {
                ulwp_t *ulwp = (ulwp_t *)th_p->th_unique;

                if (ps_pdread(ph_p, (psaddr_t)&ulwp->ul_wchan,
                    &wchan, sizeof (wchan)) != PS_OK) {
                        wcb->errcode = TD_DBERR;
                        return (1);
                }
        } else {
#if defined(_LP64) && defined(_SYSCALL32)
                ulwp32_t *ulwp = (ulwp32_t *)th_p->th_unique;
                caddr32_t wchan32;

                if (ps_pdread(ph_p, (psaddr_t)&ulwp->ul_wchan,
                    &wchan32, sizeof (wchan32)) != PS_OK) {
                        wcb->errcode = TD_DBERR;
                        return (1);
                }
                wchan = (caddr_t)(uintptr_t)wchan32;
#else
                wcb->errcode = TD_ERR;
                return (1);
#endif  /* _SYSCALL32 */
        }

        if (wchan == NULL)
                return (0);

        if (wchan == (caddr_t)wcb->sync_obj_addr)
                return ((*wcb->waiter_cb)(th_p, wcb->waiter_cb_arg));

        return (0);
}

/*
 * For a given synchronization variable, iterate over the
 * set of waiting threads.  The call back function is passed
 * two parameters, a pointer to a thread handle and a pointer
 * to extra call back data.
 */
#pragma weak td_sync_waiters = __td_sync_waiters
td_err_e
__td_sync_waiters(const td_synchandle_t *sh_p, td_thr_iter_f *cb, void *cb_data)
{
        struct ps_prochandle *ph_p;
        waiter_cb_ctl_t wcb;
        td_err_e        return_val;

        if ((ph_p = ph_lock_sh(sh_p, &return_val)) == NULL)
                return (return_val);
        if (ps_pdread(ph_p,
            (psaddr_t)&((mutex_t *)sh_p->sh_unique)->mutex_magic,
            (caddr_t)&wcb.sync_magic, sizeof (wcb.sync_magic)) != PS_OK) {
                ph_unlock(sh_p->sh_ta_p);
                return (TD_DBERR);
        }
        ph_unlock(sh_p->sh_ta_p);

        switch (wcb.sync_magic) {
        case MUTEX_MAGIC:
        case COND_MAGIC:
        case SEMA_MAGIC:
        case RWL_MAGIC:
                break;
        default:
                return (TD_BADSH);
        }

        wcb.waiter_cb = cb;
        wcb.sync_obj_addr = sh_p->sh_unique;
        wcb.waiter_cb_arg = cb_data;
        wcb.errcode = TD_OK;
        return_val = __td_ta_thr_iter(sh_p->sh_ta_p, waiters_cb, &wcb,
            TD_THR_SLEEP, TD_THR_LOWEST_PRIORITY,
            TD_SIGNO_MASK, TD_THR_ANY_USER_FLAGS);

        if (return_val != TD_OK)
                return (return_val);

        return (wcb.errcode);
}
Illumos
