1 /* Remote debugging interface for Motorola's MVME187BUG monitor, an embedded
4 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001
5 Free Software Foundation, Inc.
6 Contributed by Cygnus Support. Written by K. Richard Pixley.
8 This file is part of GDB.
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 59 Temple Place - Suite 330,
23 Boston, MA 02111-1307, USA. */
27 #include "gdb_string.h"
38 #include "remote-utils.h"
43 /* External data declarations */
44 extern int stop_soon_quietly
; /* for wait_for_inferior */
46 /* Forward data declarations */
47 extern struct target_ops bug_ops
; /* Forward declaration */
49 /* Forward function declarations */
50 static int bug_clear_breakpoints (void);
52 static int bug_read_memory (CORE_ADDR memaddr
,
53 unsigned char *myaddr
, int len
);
55 static int bug_write_memory (CORE_ADDR memaddr
,
56 unsigned char *myaddr
, int len
);
58 /* This variable is somewhat arbitrary. It's here so that it can be
59 set from within a running gdb. */
61 static int srec_max_retries
= 3;
63 /* Each S-record download to the target consists of an S0 header
64 record, some number of S3 data records, and one S7 termination
65 record. I call this download a "frame". Srec_frame says how many
66 bytes will be represented in each frame. */
69 static int srec_frame
= SREC_SIZE
;
71 /* This variable determines how many bytes will be represented in each
74 static int srec_bytes
= 40;
76 /* At one point it appeared to me as though the bug monitor could not
77 really be expected to receive two sequential characters at 9600
78 baud reliably. Echo-pacing is an attempt to force data across the
79 line even in this condition. Specifically, in echo-pace mode, each
80 character is sent one at a time and we look for the echo before
81 sending the next. This is excruciatingly slow. */
83 static int srec_echo_pace
= 0;
85 /* How long to wait after an srec for a possible error message.
86 Similar to the above, I tried sleeping after sending each S3 record
87 in hopes that I might actually see error messages from the bug
88 monitor. This might actually work if we were to use sleep
89 intervals smaller than 1 second. */
91 static int srec_sleep
= 0;
93 /* Every srec_noise records, flub the checksum. This is a debugging
94 feature. Set the variable to something other than 1 in order to
95 inject *deliberate* checksum errors. One might do this if one
96 wanted to test error handling and recovery. */
98 static int srec_noise
= 0;
100 /* Called when SIGALRM signal sent due to alarm() timeout. */
102 /* Number of SIGTRAPs we need to simulate. That is, the next
103 NEED_ARTIFICIAL_TRAP calls to bug_wait should just return
104 SIGTRAP without actually waiting for anything. */
106 static int need_artificial_trap
= 0;
109 * Download a file specified in 'args', to the bug.
113 bug_load (char *args
, int fromtty
)
122 abfd
= bfd_openr (args
, 0);
125 printf_filtered ("Unable to open file %s\n", args
);
129 if (bfd_check_format (abfd
, bfd_object
) == 0)
131 printf_filtered ("File is not an object file\n");
136 while (s
!= (asection
*) NULL
)
138 srec_frame
= SREC_SIZE
;
139 if (s
->flags
& SEC_LOAD
)
143 char *buffer
= xmalloc (srec_frame
);
145 printf_filtered ("%s\t: 0x%4x .. 0x%4x ", s
->name
, s
->vma
, s
->vma
+ s
->_raw_size
);
146 gdb_flush (gdb_stdout
);
147 for (i
= 0; i
< s
->_raw_size
; i
+= srec_frame
)
149 if (srec_frame
> s
->_raw_size
- i
)
150 srec_frame
= s
->_raw_size
- i
;
152 bfd_get_section_contents (abfd
, s
, buffer
, i
, srec_frame
);
153 bug_write_memory (s
->vma
+ i
, buffer
, srec_frame
);
154 printf_filtered ("*");
155 gdb_flush (gdb_stdout
);
157 printf_filtered ("\n");
162 sprintf (buffer
, "rs ip %lx", (unsigned long) abfd
->start_address
);
163 sr_write_cr (buffer
);
183 while (*s
&& !isspace (*s
))
189 copy
= xmalloc (len
+ 1);
190 memcpy (copy
, word
, len
);
197 static struct gr_settings bug_settings
=
201 bug_clear_breakpoints
, /* clear_all_breakpoints */
202 gr_generic_checkin
, /* checkin */
205 static char *cpu_check_strings
[] =
212 bug_open (char *args
, int from_tty
)
217 gr_open (args
, from_tty
, &bug_settings
);
218 /* decide *now* whether we are on an 88100 or an 88110 */
219 sr_write_cr ("rs cr06");
220 sr_expect ("rs cr06");
222 switch (gr_multi_scan (cpu_check_strings
, 0))
224 case 0: /* this is an m88100 */
225 target_is_m88110
= 0;
227 case 1: /* this is an m88110 */
228 target_is_m88110
= 1;
231 internal_error (__FILE__
, __LINE__
, "failed internal consistency check");
235 /* Tell the remote machine to resume. */
238 bug_resume (int pid
, int step
, enum target_signal sig
)
244 /* Force the next bug_wait to return a trap. Not doing anything
245 about I/O from the target means that the user has to type
246 "continue" to see any. FIXME, this should be fixed. */
247 need_artificial_trap
= 1;
255 /* Wait until the remote machine stops, then return,
256 storing status in STATUS just as `wait' would. */
258 static char *wait_strings
[] =
261 "Exception: Data Access Fault (Local Bus Timeout)",
262 "\r8??\?-Bug>", /* The '\?' avoids creating a trigraph */
268 bug_wait (int pid
, struct target_waitstatus
*status
)
270 int old_timeout
= sr_get_timeout ();
271 int old_immediate_quit
= immediate_quit
;
273 status
->kind
= TARGET_WAITKIND_EXITED
;
274 status
->value
.integer
= 0;
276 /* read off leftovers from resume so that the rest can be passed
277 back out as stdout. */
278 if (need_artificial_trap
== 0)
280 sr_expect ("Effective address: ");
281 (void) sr_get_hex_word ();
285 sr_set_timeout (-1); /* Don't time out -- user program is running. */
286 immediate_quit
= 1; /* Helps ability to QUIT */
288 switch (gr_multi_scan (wait_strings
, need_artificial_trap
== 0))
290 case 0: /* breakpoint case */
291 status
->kind
= TARGET_WAITKIND_STOPPED
;
292 status
->value
.sig
= TARGET_SIGNAL_TRAP
;
293 /* user output from the target can be discarded here. (?) */
297 case 1: /* bus error */
298 status
->kind
= TARGET_WAITKIND_STOPPED
;
299 status
->value
.sig
= TARGET_SIGNAL_BUS
;
300 /* user output from the target can be discarded here. (?) */
304 case 2: /* normal case */
306 if (need_artificial_trap
!= 0)
309 status
->kind
= TARGET_WAITKIND_STOPPED
;
310 status
->value
.sig
= TARGET_SIGNAL_TRAP
;
311 need_artificial_trap
--;
317 status
->kind
= TARGET_WAITKIND_EXITED
;
318 status
->value
.integer
= 0;
322 case -1: /* trouble */
324 fprintf_filtered (gdb_stderr
,
325 "Trouble reading target during wait\n");
329 sr_set_timeout (old_timeout
);
330 immediate_quit
= old_immediate_quit
;
334 /* Return the name of register number REGNO
335 in the form input and output by bug.
337 Returns a pointer to a static buffer containing the answer. */
339 get_reg_name (int regno
)
343 "r00", "r01", "r02", "r03", "r04", "r05", "r06", "r07",
344 "r08", "r09", "r10", "r11", "r12", "r13", "r14", "r15",
345 "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
346 "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
348 /* these get confusing because we omit a few and switch some ordering around. */
350 "cr01", /* 32 = psr */
351 "fcr62", /* 33 = fpsr */
352 "fcr63", /* 34 = fpcr */
353 "ip", /* this is something of a cheat. */
355 "cr05", /* 36 = snip */
356 "cr06", /* 37 = sfip */
358 "x00", "x01", "x02", "x03", "x04", "x05", "x06", "x07",
359 "x08", "x09", "x10", "x11", "x12", "x13", "x14", "x15",
360 "x16", "x17", "x18", "x19", "x20", "x21", "x22", "x23",
361 "x24", "x25", "x26", "x27", "x28", "x29", "x30", "x31",
367 #if 0 /* not currently used */
368 /* Read from remote while the input matches STRING. Return zero on
369 success, -1 on failure. */
382 printf ("\nNext character is '%c' - %d and s is \"%s\".\n", c
, c
, --s
);
392 bug_srec_write_cr (char *s
)
399 if (sr_get_debug () > 0)
403 SERIAL_WRITE (sr_get_desc (), p
, 1);
404 while (sr_pollchar () != *p
);
409 /* return(bug_scan (s) || bug_scan ("\n")); */
415 /* Store register REGNO, or all if REGNO == -1. */
418 bug_fetch_register (int regno
)
426 for (i
= 0; i
< NUM_REGS
; ++i
)
427 bug_fetch_register (i
);
429 else if (target_is_m88110
&& regno
== SFIP_REGNUM
)
431 /* m88110 has no sfip. */
433 supply_register (regno
, (char *) &l
);
435 else if (regno
< XFP_REGNUM
)
437 char buffer
[MAX_REGISTER_RAW_SIZE
];
440 sr_write_cr (get_reg_name (regno
));
442 store_unsigned_integer (buffer
, REGISTER_RAW_SIZE (regno
),
445 supply_register (regno
, buffer
);
449 /* Float register so we need to parse a strange data format. */
451 unsigned char fpreg_buf
[10];
454 sr_write (get_reg_name (regno
), strlen (get_reg_name (regno
)));
457 sr_expect (get_reg_name (regno
));
462 p
= sr_get_hex_digit (1);
463 fpreg_buf
[0] = p
<< 7;
467 p
= sr_get_hex_digit (1);
468 fpreg_buf
[0] += (p
<< 4);
469 fpreg_buf
[0] += sr_get_hex_digit (1);
471 fpreg_buf
[1] = sr_get_hex_digit (1) << 4;
475 fpreg_buf
[1] += sr_get_hex_digit (1);
477 fpreg_buf
[2] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
478 fpreg_buf
[3] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
479 fpreg_buf
[4] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
480 fpreg_buf
[5] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
481 fpreg_buf
[6] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
482 fpreg_buf
[7] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
487 supply_register (regno
, fpreg_buf
);
493 /* Store register REGNO, or all if REGNO == -1. */
496 bug_store_register (int regno
)
505 for (i
= 0; i
< NUM_REGS
; ++i
)
506 bug_store_register (i
);
512 regname
= get_reg_name (regno
);
514 if (target_is_m88110
&& regno
== SFIP_REGNUM
)
516 else if (regno
< XFP_REGNUM
)
517 sprintf (buffer
, "rs %s %08x",
519 read_register (regno
));
522 unsigned char *fpreg_buf
=
523 (unsigned char *) ®isters
[REGISTER_BYTE (regno
)];
525 sprintf (buffer
, "rs %s %1x_%02x%1x_%1x%02x%02x%02x%02x%02x%02x;d",
528 (fpreg_buf
[0] >> 7) & 0xf,
531 (fpreg_buf
[1] >> 8) & 0xf,
542 sr_write_cr (buffer
);
549 /* Transfer LEN bytes between GDB address MYADDR and target address
550 MEMADDR. If WRITE is non-zero, transfer them to the target,
551 otherwise transfer them from the target. TARGET is unused.
553 Returns the number of bytes transferred. */
556 bug_xfer_memory (CORE_ADDR memaddr
, char *myaddr
, int len
, int write
,
557 struct mem_attrib
*attrib ATTRIBUTE_UNUSED
,
558 struct target_ops
*target ATTRIBUTE_UNUSED
)
566 res
= bug_write_memory (memaddr
, myaddr
, len
);
568 res
= bug_read_memory (memaddr
, myaddr
, len
);
578 command
= (srec_echo_pace
? "lo 0 ;x" : "lo 0");
580 sr_write_cr (command
);
583 bug_srec_write_cr ("S0030000FC");
587 /* This is an extremely vulnerable and fragile function. I've made
588 considerable attempts to make this deterministic, but I've
589 certainly forgotten something. The trouble is that S-records are
590 only a partial file format, not a protocol. Worse, apparently the
591 m88k bug monitor does not run in real time while receiving
592 S-records. Hence, we must pay excruciating attention to when and
593 where error messages are returned, and what has actually been sent.
595 Each call represents a chunk of memory to be sent to the target.
596 We break that chunk into an S0 header record, some number of S3
597 data records each containing srec_bytes, and an S7 termination
600 static char *srecord_strings
[] =
608 bug_write_memory (CORE_ADDR memaddr
, unsigned char *myaddr
, int len
)
614 char *buffer
= alloca ((srec_bytes
+ 8) << 1);
622 if (retries
> srec_max_retries
)
627 if (sr_get_debug () > 0)
628 printf ("\n<retrying...>\n");
630 /* This gr_expect_prompt call is extremely important. Without
631 it, we will tend to resend our packet so fast that it
632 will arrive before the bug monitor is ready to receive
633 it. This would lead to a very ugly resend loop. */
649 if (thisgo
> srec_bytes
)
652 address
= memaddr
+ done
;
653 sprintf (buf
, "S3%02X%08X", thisgo
+ 4 + 1, address
);
656 checksum
+= (thisgo
+ 4 + 1
658 + ((address
>> 8) & 0xff)
659 + ((address
>> 16) & 0xff)
660 + ((address
>> 24) & 0xff));
662 for (idx
= 0; idx
< thisgo
; idx
++)
664 sprintf (buf
, "%02X", myaddr
[idx
+ done
]);
665 checksum
+= myaddr
[idx
+ done
];
671 /* FIXME-NOW: insert a deliberate error every now and then.
672 This is intended for testing/debugging the error handling
674 static int counter
= 0;
675 if (++counter
> srec_noise
)
682 sprintf (buf
, "%02X", ~checksum
& 0xff);
683 bug_srec_write_cr (buffer
);
688 /* This pollchar is probably redundant to the gr_multi_scan
689 below. Trouble is, we can't be sure when or where an
690 error message will appear. Apparently, when running at
691 full speed from a typical sun4, error messages tend to
692 appear to arrive only *after* the s7 record. */
694 if ((x
= sr_pollchar ()) != 0)
696 if (sr_get_debug () > 0)
697 printf ("\n<retrying...>\n");
701 /* flush any remaining input and verify that we are back
702 at the prompt level. */
704 /* start all over again. */
713 bug_srec_write_cr ("S7060000000000F9");
716 /* Having finished the load, we need to figure out whether we
719 while (gr_multi_scan (srecord_strings
, 0) == 0);;
724 /* Copy LEN bytes of data from debugger memory at MYADDR
725 to inferior's memory at MEMADDR. Returns errno value.
726 * sb/sh instructions don't work on unaligned addresses, when TU=1.
729 /* Read LEN bytes from inferior memory at MEMADDR. Put the result
730 at debugger address MYADDR. Returns errno value. */
732 bug_read_memory (CORE_ADDR memaddr
, unsigned char *myaddr
, int len
)
741 unsigned int checksum
;
743 sprintf (request
, "du 0 %x:&%d", memaddr
, len
);
744 sr_write_cr (request
);
746 p
= buffer
= alloca (len
);
748 /* scan up through the header */
749 sr_expect ("S0030000FC");
751 while (p
< buffer
+ len
)
753 /* scan off any white space. */
754 while (sr_readchar () != 'S');;
756 /* what kind of s-rec? */
757 type
= sr_readchar ();
759 /* scan record size */
760 sr_get_hex_byte (&size
);
773 sr_get_hex_byte (&c
);
774 inaddr
= (inaddr
<< 8) + c
;
777 /* intentional fall through */
779 sr_get_hex_byte (&c
);
780 inaddr
= (inaddr
<< 8) + c
;
783 /* intentional fall through */
785 sr_get_hex_byte (&c
);
786 inaddr
= (inaddr
<< 8) + c
;
789 sr_get_hex_byte (&c
);
790 inaddr
= (inaddr
<< 8) + c
;
797 error ("reading s-records.");
801 || (memaddr
+ len
) < (inaddr
+ size
))
802 error ("srec out of memory range.");
804 if (p
!= buffer
+ inaddr
- memaddr
)
805 error ("srec out of sequence.");
807 for (; size
; --size
, ++p
)
813 sr_get_hex_byte (&c
);
814 if (c
!= (~checksum
& 0xff))
815 error ("bad s-rec checksum");
820 if (p
!= buffer
+ len
)
823 memcpy (myaddr
, buffer
, len
);
827 #define MAX_BREAKS 16
828 static int num_brkpts
= 0;
830 /* Insert a breakpoint at ADDR. SAVE is normally the address of the
831 pattern buffer where the instruction that the breakpoint overwrites
832 is saved. It is unused here since the bug is responsible for
833 saving/restoring the original instruction. */
836 bug_insert_breakpoint (CORE_ADDR addr
, char *save
)
840 if (num_brkpts
< MAX_BREAKS
)
845 sprintf (buffer
, "br %x", addr
);
846 sr_write_cr (buffer
);
852 fprintf_filtered (gdb_stderr
,
853 "Too many break points, break point not installed\n");
859 /* Remove a breakpoint at ADDR. SAVE is normally the previously
860 saved pattern, but is unused here since the bug is responsible
861 for saving/restoring instructions. */
864 bug_remove_breakpoint (CORE_ADDR addr
, char *save
)
871 sprintf (buffer
, "nobr %x", addr
);
872 sr_write_cr (buffer
);
879 /* Clear the bugs notion of what the break points are */
881 bug_clear_breakpoints (void)
886 sr_write_cr ("nobr");
894 struct target_ops bug_ops
;
899 bug_ops
.to_shortname
= "bug";
900 "Remote BUG monitor",
901 bug_ops
.to_longname
= "Use the mvme187 board running the BUG monitor connected by a serial line.";
902 bug_ops
.to_doc
= " ";
903 bug_ops
.to_open
= bug_open
;
904 bug_ops
.to_close
= gr_close
;
905 bug_ops
.to_attach
= 0;
906 bug_ops
.to_post_attach
= NULL
;
907 bug_ops
.to_require_attach
= NULL
;
908 bug_ops
.to_detach
= gr_detach
;
909 bug_ops
.to_require_detach
= NULL
;
910 bug_ops
.to_resume
= bug_resume
;
911 bug_ops
.to_wait
= bug_wait
;
912 bug_ops
.to_post_wait
= NULL
;
913 bug_ops
.to_fetch_registers
= bug_fetch_register
;
914 bug_ops
.to_store_registers
= bug_store_register
;
915 bug_ops
.to_prepare_to_store
= gr_prepare_to_store
;
916 bug_ops
.to_xfer_memory
= bug_xfer_memory
;
917 bug_ops
.to_files_info
= gr_files_info
;
918 bug_ops
.to_insert_breakpoint
= bug_insert_breakpoint
;
919 bug_ops
.to_remove_breakpoint
= bug_remove_breakpoint
;
920 bug_ops
.to_terminal_init
= 0;
921 bug_ops
.to_terminal_inferior
= 0;
922 bug_ops
.to_terminal_ours_for_output
= 0;
923 bug_ops
.to_terminal_ours
= 0;
924 bug_ops
.to_terminal_info
= 0;
925 bug_ops
.to_kill
= gr_kill
;
926 bug_ops
.to_load
= bug_load
;
927 bug_ops
.to_lookup_symbol
= 0;
928 bug_ops
.to_create_inferior
= gr_create_inferior
;
929 bug_ops
.to_post_startup_inferior
= NULL
;
930 bug_ops
.to_acknowledge_created_inferior
= NULL
;
931 bug_ops
.to_clone_and_follow_inferior
= NULL
;
932 bug_ops
.to_post_follow_inferior_by_clone
= NULL
;
933 bug_ops
.to_insert_fork_catchpoint
= NULL
;
934 bug_ops
.to_remove_fork_catchpoint
= NULL
;
935 bug_ops
.to_insert_vfork_catchpoint
= NULL
;
936 bug_ops
.to_remove_vfork_catchpoint
= NULL
;
937 bug_ops
.to_has_forked
= NULL
;
938 bug_ops
.to_has_vforked
= NULL
;
939 bug_ops
.to_can_follow_vfork_prior_to_exec
= NULL
;
940 bug_ops
.to_post_follow_vfork
= NULL
;
941 bug_ops
.to_insert_exec_catchpoint
= NULL
;
942 bug_ops
.to_remove_exec_catchpoint
= NULL
;
943 bug_ops
.to_has_execd
= NULL
;
944 bug_ops
.to_reported_exec_events_per_exec_call
= NULL
;
945 bug_ops
.to_has_exited
= NULL
;
946 bug_ops
.to_mourn_inferior
= gr_mourn
;
947 bug_ops
.to_can_run
= 0;
948 bug_ops
.to_notice_signals
= 0;
949 bug_ops
.to_thread_alive
= 0;
951 bug_ops
.to_pid_to_exec_file
= NULL
;
952 bug_ops
.to_core_file_to_sym_file
= NULL
;
953 bug_ops
.to_stratum
= process_stratum
;
954 bug_ops
.DONT_USE
= 0;
955 bug_ops
.to_has_all_memory
= 1;
956 bug_ops
.to_has_memory
= 1;
957 bug_ops
.to_has_stack
= 1;
958 bug_ops
.to_has_registers
= 0;
959 bug_ops
.to_has_execution
= 0;
960 bug_ops
.to_sections
= 0;
961 bug_ops
.to_sections_end
= 0;
962 bug_ops
.to_magic
= OPS_MAGIC
; /* Always the last thing */
966 _initialize_remote_bug (void)
969 add_target (&bug_ops
);
972 (add_set_cmd ("srec-bytes", class_support
, var_uinteger
,
973 (char *) &srec_bytes
,
975 Set the number of bytes represented in each S-record.\n\
976 This affects the communication protocol with the remote target.",
981 (add_set_cmd ("srec-max-retries", class_support
, var_uinteger
,
982 (char *) &srec_max_retries
,
984 Set the number of retries for shipping S-records.\n\
985 This affects the communication protocol with the remote target.",
990 /* This needs to set SREC_SIZE, not srec_frame which gets changed at the
991 end of a download. But do we need the option at all? */
993 (add_set_cmd ("srec-frame", class_support
, var_uinteger
,
994 (char *) &srec_frame
,
996 Set the number of bytes in an S-record frame.\n\
997 This affects the communication protocol with the remote target.",
1003 (add_set_cmd ("srec-noise", class_support
, var_zinteger
,
1004 (char *) &srec_noise
,
1006 Set number of S-record to send before deliberately flubbing a checksum.\n\
1007 Zero means flub none at all. This affects the communication protocol\n\
1008 with the remote target.",
1013 (add_set_cmd ("srec-sleep", class_support
, var_zinteger
,
1014 (char *) &srec_sleep
,
1016 Set number of seconds to sleep after an S-record for a possible error message to arrive.\n\
1017 This affects the communication protocol with the remote target.",
1022 (add_set_cmd ("srec-echo-pace", class_support
, var_boolean
,
1023 (char *) &srec_echo_pace
,
1025 Set echo-verification.\n\
1026 When on, use verification by echo when downloading S-records. This is\n\
1027 much slower, but generally more reliable.",