1 /* Remote debugging interface for Motorola's MVME187BUG monitor, an embedded
4 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001
5 Free Software Foundation, Inc.
6 Contributed by Cygnus Support. Written by K. Richard Pixley.
8 This file is part of GDB.
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 59 Temple Place - Suite 330,
23 Boston, MA 02111-1307, USA. */
27 #include "gdb_string.h"
38 #include "remote-utils.h"
40 /* External data declarations */
41 extern int stop_soon_quietly
; /* for wait_for_inferior */
43 /* Forward data declarations */
44 extern struct target_ops bug_ops
; /* Forward declaration */
46 /* Forward function declarations */
47 static int bug_clear_breakpoints (void);
49 static int bug_read_memory (CORE_ADDR memaddr
,
50 unsigned char *myaddr
, int len
);
52 static int bug_write_memory (CORE_ADDR memaddr
,
53 unsigned char *myaddr
, int len
);
55 /* This variable is somewhat arbitrary. It's here so that it can be
56 set from within a running gdb. */
58 static int srec_max_retries
= 3;
60 /* Each S-record download to the target consists of an S0 header
61 record, some number of S3 data records, and one S7 termination
62 record. I call this download a "frame". Srec_frame says how many
63 bytes will be represented in each frame. */
66 static int srec_frame
= SREC_SIZE
;
68 /* This variable determines how many bytes will be represented in each
71 static int srec_bytes
= 40;
73 /* At one point it appeared to me as though the bug monitor could not
74 really be expected to receive two sequential characters at 9600
75 baud reliably. Echo-pacing is an attempt to force data across the
76 line even in this condition. Specifically, in echo-pace mode, each
77 character is sent one at a time and we look for the echo before
78 sending the next. This is excruciatingly slow. */
80 static int srec_echo_pace
= 0;
82 /* How long to wait after an srec for a possible error message.
83 Similar to the above, I tried sleeping after sending each S3 record
84 in hopes that I might actually see error messages from the bug
85 monitor. This might actually work if we were to use sleep
86 intervals smaller than 1 second. */
88 static int srec_sleep
= 0;
90 /* Every srec_noise records, flub the checksum. This is a debugging
91 feature. Set the variable to something other than 1 in order to
92 inject *deliberate* checksum errors. One might do this if one
93 wanted to test error handling and recovery. */
95 static int srec_noise
= 0;
97 /* Called when SIGALRM signal sent due to alarm() timeout. */
99 /* Number of SIGTRAPs we need to simulate. That is, the next
100 NEED_ARTIFICIAL_TRAP calls to bug_wait should just return
101 SIGTRAP without actually waiting for anything. */
103 static int need_artificial_trap
= 0;
106 * Download a file specified in 'args', to the bug.
110 bug_load (char *args
, int fromtty
)
118 inferior_ptid
= null_ptid
;
119 abfd
= bfd_openr (args
, 0);
122 printf_filtered ("Unable to open file %s\n", args
);
126 if (bfd_check_format (abfd
, bfd_object
) == 0)
128 printf_filtered ("File is not an object file\n");
133 while (s
!= (asection
*) NULL
)
135 srec_frame
= SREC_SIZE
;
136 if (s
->flags
& SEC_LOAD
)
140 char *buffer
= xmalloc (srec_frame
);
142 printf_filtered ("%s\t: 0x%4lx .. 0x%4lx ", s
->name
, s
->vma
, s
->vma
+ s
->_raw_size
);
143 gdb_flush (gdb_stdout
);
144 for (i
= 0; i
< s
->_raw_size
; i
+= srec_frame
)
146 if (srec_frame
> s
->_raw_size
- i
)
147 srec_frame
= s
->_raw_size
- i
;
149 bfd_get_section_contents (abfd
, s
, buffer
, i
, srec_frame
);
150 bug_write_memory (s
->vma
+ i
, buffer
, srec_frame
);
151 printf_filtered ("*");
152 gdb_flush (gdb_stdout
);
154 printf_filtered ("\n");
159 sprintf (buffer
, "rs ip %lx", (unsigned long) abfd
->start_address
);
160 sr_write_cr (buffer
);
180 while (*s
&& !isspace (*s
))
186 copy
= xmalloc (len
+ 1);
187 memcpy (copy
, word
, len
);
194 static struct gr_settings bug_settings
=
198 bug_clear_breakpoints
, /* clear_all_breakpoints */
199 gr_generic_checkin
, /* checkin */
202 static char *cpu_check_strings
[] =
209 bug_open (char *args
, int from_tty
)
214 gr_open (args
, from_tty
, &bug_settings
);
215 /* decide *now* whether we are on an 88100 or an 88110 */
216 sr_write_cr ("rs cr06");
217 sr_expect ("rs cr06");
219 switch (gr_multi_scan (cpu_check_strings
, 0))
221 case 0: /* this is an m88100 */
222 target_is_m88110
= 0;
224 case 1: /* this is an m88110 */
225 target_is_m88110
= 1;
228 internal_error (__FILE__
, __LINE__
, "failed internal consistency check");
232 /* Tell the remote machine to resume. */
235 bug_resume (ptid_t ptid
, int step
, enum target_signal sig
)
241 /* Force the next bug_wait to return a trap. Not doing anything
242 about I/O from the target means that the user has to type
243 "continue" to see any. FIXME, this should be fixed. */
244 need_artificial_trap
= 1;
252 /* Wait until the remote machine stops, then return,
253 storing status in STATUS just as `wait' would. */
255 static char *wait_strings
[] =
258 "Exception: Data Access Fault (Local Bus Timeout)",
259 "\r8??\?-Bug>", /* The '\?' avoids creating a trigraph */
265 bug_wait (ptid_t ptid
, struct target_waitstatus
*status
)
267 int old_timeout
= sr_get_timeout ();
268 int old_immediate_quit
= immediate_quit
;
270 status
->kind
= TARGET_WAITKIND_EXITED
;
271 status
->value
.integer
= 0;
273 /* read off leftovers from resume so that the rest can be passed
274 back out as stdout. */
275 if (need_artificial_trap
== 0)
277 sr_expect ("Effective address: ");
278 (void) sr_get_hex_word ();
282 sr_set_timeout (-1); /* Don't time out -- user program is running. */
283 immediate_quit
= 1; /* Helps ability to QUIT */
285 switch (gr_multi_scan (wait_strings
, need_artificial_trap
== 0))
287 case 0: /* breakpoint case */
288 status
->kind
= TARGET_WAITKIND_STOPPED
;
289 status
->value
.sig
= TARGET_SIGNAL_TRAP
;
290 /* user output from the target can be discarded here. (?) */
294 case 1: /* bus error */
295 status
->kind
= TARGET_WAITKIND_STOPPED
;
296 status
->value
.sig
= TARGET_SIGNAL_BUS
;
297 /* user output from the target can be discarded here. (?) */
301 case 2: /* normal case */
303 if (need_artificial_trap
!= 0)
306 status
->kind
= TARGET_WAITKIND_STOPPED
;
307 status
->value
.sig
= TARGET_SIGNAL_TRAP
;
308 need_artificial_trap
--;
314 status
->kind
= TARGET_WAITKIND_EXITED
;
315 status
->value
.integer
= 0;
319 case -1: /* trouble */
321 fprintf_filtered (gdb_stderr
,
322 "Trouble reading target during wait\n");
326 sr_set_timeout (old_timeout
);
327 immediate_quit
= old_immediate_quit
;
328 return inferior_ptid
;
331 /* Return the name of register number REGNO
332 in the form input and output by bug.
334 Returns a pointer to a static buffer containing the answer. */
336 get_reg_name (int regno
)
340 "r00", "r01", "r02", "r03", "r04", "r05", "r06", "r07",
341 "r08", "r09", "r10", "r11", "r12", "r13", "r14", "r15",
342 "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
343 "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
345 /* these get confusing because we omit a few and switch some ordering around. */
347 "cr01", /* 32 = psr */
348 "fcr62", /* 33 = fpsr */
349 "fcr63", /* 34 = fpcr */
350 "ip", /* this is something of a cheat. */
352 "cr05", /* 36 = snip */
353 "cr06", /* 37 = sfip */
355 "x00", "x01", "x02", "x03", "x04", "x05", "x06", "x07",
356 "x08", "x09", "x10", "x11", "x12", "x13", "x14", "x15",
357 "x16", "x17", "x18", "x19", "x20", "x21", "x22", "x23",
358 "x24", "x25", "x26", "x27", "x28", "x29", "x30", "x31",
364 #if 0 /* not currently used */
365 /* Read from remote while the input matches STRING. Return zero on
366 success, -1 on failure. */
379 printf ("\nNext character is '%c' - %d and s is \"%s\".\n", c
, c
, --s
);
389 bug_srec_write_cr (char *s
)
396 if (sr_get_debug () > 0)
400 SERIAL_WRITE (sr_get_desc (), p
, 1);
401 while (sr_pollchar () != *p
);
406 /* return(bug_scan (s) || bug_scan ("\n")); */
412 /* Store register REGNO, or all if REGNO == -1. */
415 bug_fetch_register (int regno
)
423 for (i
= 0; i
< NUM_REGS
; ++i
)
424 bug_fetch_register (i
);
426 else if (target_is_m88110
&& regno
== SFIP_REGNUM
)
428 /* m88110 has no sfip. */
430 supply_register (regno
, (char *) &l
);
432 else if (regno
< XFP_REGNUM
)
434 char buffer
[MAX_REGISTER_RAW_SIZE
];
437 sr_write_cr (get_reg_name (regno
));
439 store_unsigned_integer (buffer
, REGISTER_RAW_SIZE (regno
),
442 supply_register (regno
, buffer
);
446 /* Float register so we need to parse a strange data format. */
448 unsigned char fpreg_buf
[10];
451 sr_write (get_reg_name (regno
), strlen (get_reg_name (regno
)));
454 sr_expect (get_reg_name (regno
));
459 p
= sr_get_hex_digit (1);
460 fpreg_buf
[0] = p
<< 7;
464 p
= sr_get_hex_digit (1);
465 fpreg_buf
[0] += (p
<< 4);
466 fpreg_buf
[0] += sr_get_hex_digit (1);
468 fpreg_buf
[1] = sr_get_hex_digit (1) << 4;
472 fpreg_buf
[1] += sr_get_hex_digit (1);
474 fpreg_buf
[2] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
475 fpreg_buf
[3] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
476 fpreg_buf
[4] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
477 fpreg_buf
[5] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
478 fpreg_buf
[6] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
479 fpreg_buf
[7] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
484 supply_register (regno
, fpreg_buf
);
490 /* Store register REGNO, or all if REGNO == -1. */
493 bug_store_register (int regno
)
502 for (i
= 0; i
< NUM_REGS
; ++i
)
503 bug_store_register (i
);
509 regname
= get_reg_name (regno
);
511 if (target_is_m88110
&& regno
== SFIP_REGNUM
)
513 else if (regno
< XFP_REGNUM
)
514 sprintf (buffer
, "rs %s %08lx",
516 (long) read_register (regno
));
519 unsigned char *fpreg_buf
=
520 (unsigned char *) ®isters
[REGISTER_BYTE (regno
)];
522 sprintf (buffer
, "rs %s %1x_%02x%1x_%1x%02x%02x%02x%02x%02x%02x;d",
525 (fpreg_buf
[0] >> 7) & 0xf,
528 (fpreg_buf
[1] >> 8) & 0xf,
539 sr_write_cr (buffer
);
546 /* Transfer LEN bytes between GDB address MYADDR and target address
547 MEMADDR. If WRITE is non-zero, transfer them to the target,
548 otherwise transfer them from the target. TARGET is unused.
550 Returns the number of bytes transferred. */
553 bug_xfer_memory (CORE_ADDR memaddr
, char *myaddr
, int len
, int write
,
554 struct mem_attrib
*attrib ATTRIBUTE_UNUSED
,
555 struct target_ops
*target ATTRIBUTE_UNUSED
)
563 res
= bug_write_memory (memaddr
, myaddr
, len
);
565 res
= bug_read_memory (memaddr
, myaddr
, len
);
575 command
= (srec_echo_pace
? "lo 0 ;x" : "lo 0");
577 sr_write_cr (command
);
580 bug_srec_write_cr ("S0030000FC");
584 /* This is an extremely vulnerable and fragile function. I've made
585 considerable attempts to make this deterministic, but I've
586 certainly forgotten something. The trouble is that S-records are
587 only a partial file format, not a protocol. Worse, apparently the
588 m88k bug monitor does not run in real time while receiving
589 S-records. Hence, we must pay excruciating attention to when and
590 where error messages are returned, and what has actually been sent.
592 Each call represents a chunk of memory to be sent to the target.
593 We break that chunk into an S0 header record, some number of S3
594 data records each containing srec_bytes, and an S7 termination
597 static char *srecord_strings
[] =
605 bug_write_memory (CORE_ADDR memaddr
, unsigned char *myaddr
, int len
)
611 char *buffer
= alloca ((srec_bytes
+ 8) << 1);
619 if (retries
> srec_max_retries
)
624 if (sr_get_debug () > 0)
625 printf ("\n<retrying...>\n");
627 /* This gr_expect_prompt call is extremely important. Without
628 it, we will tend to resend our packet so fast that it
629 will arrive before the bug monitor is ready to receive
630 it. This would lead to a very ugly resend loop. */
646 if (thisgo
> srec_bytes
)
649 address
= memaddr
+ done
;
650 sprintf (buf
, "S3%02X%08lX", thisgo
+ 4 + 1, (long) address
);
653 checksum
+= (thisgo
+ 4 + 1
655 + ((address
>> 8) & 0xff)
656 + ((address
>> 16) & 0xff)
657 + ((address
>> 24) & 0xff));
659 for (idx
= 0; idx
< thisgo
; idx
++)
661 sprintf (buf
, "%02X", myaddr
[idx
+ done
]);
662 checksum
+= myaddr
[idx
+ done
];
668 /* FIXME-NOW: insert a deliberate error every now and then.
669 This is intended for testing/debugging the error handling
671 static int counter
= 0;
672 if (++counter
> srec_noise
)
679 sprintf (buf
, "%02X", ~checksum
& 0xff);
680 bug_srec_write_cr (buffer
);
685 /* This pollchar is probably redundant to the gr_multi_scan
686 below. Trouble is, we can't be sure when or where an
687 error message will appear. Apparently, when running at
688 full speed from a typical sun4, error messages tend to
689 appear to arrive only *after* the s7 record. */
691 if ((x
= sr_pollchar ()) != 0)
693 if (sr_get_debug () > 0)
694 printf ("\n<retrying...>\n");
698 /* flush any remaining input and verify that we are back
699 at the prompt level. */
701 /* start all over again. */
710 bug_srec_write_cr ("S7060000000000F9");
713 /* Having finished the load, we need to figure out whether we
716 while (gr_multi_scan (srecord_strings
, 0) == 0);;
721 /* Copy LEN bytes of data from debugger memory at MYADDR
722 to inferior's memory at MEMADDR. Returns errno value.
723 * sb/sh instructions don't work on unaligned addresses, when TU=1.
726 /* Read LEN bytes from inferior memory at MEMADDR. Put the result
727 at debugger address MYADDR. Returns errno value. */
729 bug_read_memory (CORE_ADDR memaddr
, unsigned char *myaddr
, int len
)
738 unsigned int checksum
;
740 sprintf (request
, "du 0 %lx:&%d", (long) memaddr
, len
);
741 sr_write_cr (request
);
743 p
= buffer
= alloca (len
);
745 /* scan up through the header */
746 sr_expect ("S0030000FC");
748 while (p
< buffer
+ len
)
750 /* scan off any white space. */
751 while (sr_readchar () != 'S');;
753 /* what kind of s-rec? */
754 type
= sr_readchar ();
756 /* scan record size */
757 sr_get_hex_byte (&size
);
770 sr_get_hex_byte (&c
);
771 inaddr
= (inaddr
<< 8) + c
;
774 /* intentional fall through */
776 sr_get_hex_byte (&c
);
777 inaddr
= (inaddr
<< 8) + c
;
780 /* intentional fall through */
782 sr_get_hex_byte (&c
);
783 inaddr
= (inaddr
<< 8) + c
;
786 sr_get_hex_byte (&c
);
787 inaddr
= (inaddr
<< 8) + c
;
794 error ("reading s-records.");
798 || (memaddr
+ len
) < (inaddr
+ size
))
799 error ("srec out of memory range.");
801 if (p
!= buffer
+ inaddr
- memaddr
)
802 error ("srec out of sequence.");
804 for (; size
; --size
, ++p
)
810 sr_get_hex_byte (&c
);
811 if (c
!= (~checksum
& 0xff))
812 error ("bad s-rec checksum");
817 if (p
!= buffer
+ len
)
820 memcpy (myaddr
, buffer
, len
);
824 #define MAX_BREAKS 16
825 static int num_brkpts
= 0;
827 /* Insert a breakpoint at ADDR. SAVE is normally the address of the
828 pattern buffer where the instruction that the breakpoint overwrites
829 is saved. It is unused here since the bug is responsible for
830 saving/restoring the original instruction. */
833 bug_insert_breakpoint (CORE_ADDR addr
, char *save
)
837 if (num_brkpts
< MAX_BREAKS
)
842 sprintf (buffer
, "br %lx", (long) addr
);
843 sr_write_cr (buffer
);
849 fprintf_filtered (gdb_stderr
,
850 "Too many break points, break point not installed\n");
856 /* Remove a breakpoint at ADDR. SAVE is normally the previously
857 saved pattern, but is unused here since the bug is responsible
858 for saving/restoring instructions. */
861 bug_remove_breakpoint (CORE_ADDR addr
, char *save
)
868 sprintf (buffer
, "nobr %lx", (long) addr
);
869 sr_write_cr (buffer
);
876 /* Clear the bugs notion of what the break points are */
878 bug_clear_breakpoints (void)
883 sr_write_cr ("nobr");
891 struct target_ops bug_ops
;
896 bug_ops
.to_shortname
= "bug";
897 "Remote BUG monitor",
898 bug_ops
.to_longname
= "Use the mvme187 board running the BUG monitor connected by a serial line.";
899 bug_ops
.to_doc
= " ";
900 bug_ops
.to_open
= bug_open
;
901 bug_ops
.to_close
= gr_close
;
902 bug_ops
.to_attach
= 0;
903 bug_ops
.to_post_attach
= NULL
;
904 bug_ops
.to_require_attach
= NULL
;
905 bug_ops
.to_detach
= gr_detach
;
906 bug_ops
.to_require_detach
= NULL
;
907 bug_ops
.to_resume
= bug_resume
;
908 bug_ops
.to_wait
= bug_wait
;
909 bug_ops
.to_post_wait
= NULL
;
910 bug_ops
.to_fetch_registers
= bug_fetch_register
;
911 bug_ops
.to_store_registers
= bug_store_register
;
912 bug_ops
.to_prepare_to_store
= gr_prepare_to_store
;
913 bug_ops
.to_xfer_memory
= bug_xfer_memory
;
914 bug_ops
.to_files_info
= gr_files_info
;
915 bug_ops
.to_insert_breakpoint
= bug_insert_breakpoint
;
916 bug_ops
.to_remove_breakpoint
= bug_remove_breakpoint
;
917 bug_ops
.to_terminal_init
= 0;
918 bug_ops
.to_terminal_inferior
= 0;
919 bug_ops
.to_terminal_ours_for_output
= 0;
920 bug_ops
.to_terminal_ours
= 0;
921 bug_ops
.to_terminal_info
= 0;
922 bug_ops
.to_kill
= gr_kill
;
923 bug_ops
.to_load
= bug_load
;
924 bug_ops
.to_lookup_symbol
= 0;
925 bug_ops
.to_create_inferior
= gr_create_inferior
;
926 bug_ops
.to_post_startup_inferior
= NULL
;
927 bug_ops
.to_acknowledge_created_inferior
= NULL
;
928 bug_ops
.to_clone_and_follow_inferior
= NULL
;
929 bug_ops
.to_post_follow_inferior_by_clone
= NULL
;
930 bug_ops
.to_insert_fork_catchpoint
= NULL
;
931 bug_ops
.to_remove_fork_catchpoint
= NULL
;
932 bug_ops
.to_insert_vfork_catchpoint
= NULL
;
933 bug_ops
.to_remove_vfork_catchpoint
= NULL
;
934 bug_ops
.to_has_forked
= NULL
;
935 bug_ops
.to_has_vforked
= NULL
;
936 bug_ops
.to_can_follow_vfork_prior_to_exec
= NULL
;
937 bug_ops
.to_post_follow_vfork
= NULL
;
938 bug_ops
.to_insert_exec_catchpoint
= NULL
;
939 bug_ops
.to_remove_exec_catchpoint
= NULL
;
940 bug_ops
.to_has_execd
= NULL
;
941 bug_ops
.to_reported_exec_events_per_exec_call
= NULL
;
942 bug_ops
.to_has_exited
= NULL
;
943 bug_ops
.to_mourn_inferior
= gr_mourn
;
944 bug_ops
.to_can_run
= 0;
945 bug_ops
.to_notice_signals
= 0;
946 bug_ops
.to_thread_alive
= 0;
948 bug_ops
.to_pid_to_exec_file
= NULL
;
949 bug_ops
.to_stratum
= process_stratum
;
950 bug_ops
.DONT_USE
= 0;
951 bug_ops
.to_has_all_memory
= 1;
952 bug_ops
.to_has_memory
= 1;
953 bug_ops
.to_has_stack
= 1;
954 bug_ops
.to_has_registers
= 0;
955 bug_ops
.to_has_execution
= 0;
956 bug_ops
.to_sections
= 0;
957 bug_ops
.to_sections_end
= 0;
958 bug_ops
.to_magic
= OPS_MAGIC
; /* Always the last thing */
962 _initialize_remote_bug (void)
965 add_target (&bug_ops
);
968 (add_set_cmd ("srec-bytes", class_support
, var_uinteger
,
969 (char *) &srec_bytes
,
971 Set the number of bytes represented in each S-record.\n\
972 This affects the communication protocol with the remote target.",
977 (add_set_cmd ("srec-max-retries", class_support
, var_uinteger
,
978 (char *) &srec_max_retries
,
980 Set the number of retries for shipping S-records.\n\
981 This affects the communication protocol with the remote target.",
986 /* This needs to set SREC_SIZE, not srec_frame which gets changed at the
987 end of a download. But do we need the option at all? */
989 (add_set_cmd ("srec-frame", class_support
, var_uinteger
,
990 (char *) &srec_frame
,
992 Set the number of bytes in an S-record frame.\n\
993 This affects the communication protocol with the remote target.",
999 (add_set_cmd ("srec-noise", class_support
, var_zinteger
,
1000 (char *) &srec_noise
,
1002 Set number of S-record to send before deliberately flubbing a checksum.\n\
1003 Zero means flub none at all. This affects the communication protocol\n\
1004 with the remote target.",
1009 (add_set_cmd ("srec-sleep", class_support
, var_zinteger
,
1010 (char *) &srec_sleep
,
1012 Set number of seconds to sleep after an S-record for a possible error message to arrive.\n\
1013 This affects the communication protocol with the remote target.",
1018 (add_set_cmd ("srec-echo-pace", class_support
, var_boolean
,
1019 (char *) &srec_echo_pace
,
1021 Set echo-verification.\n\
1022 When on, use verification by echo when downloading S-records. This is\n\
1023 much slower, but generally more reliable.",