1 /* Remote debugging interface for Motorola's MVME187BUG monitor, an embedded
4 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
5 2002 Free Software Foundation, Inc.
7 Contributed by Cygnus Support. Written by K. Richard Pixley.
9 This file is part of GDB.
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 59 Temple Place - Suite 330,
24 Boston, MA 02111-1307, USA. */
28 #include "gdb_string.h"
40 #include "remote-utils.h"
42 /* External data declarations */
43 extern int stop_soon_quietly; /* for wait_for_inferior */
45 /* Forward data declarations */
46 extern struct target_ops bug_ops; /* Forward declaration */
48 /* Forward function declarations */
49 static int bug_clear_breakpoints (void);
51 static int bug_read_memory (CORE_ADDR memaddr,
52 unsigned char *myaddr, int len);
54 static int bug_write_memory (CORE_ADDR memaddr,
55 unsigned char *myaddr, int len);
57 /* This variable is somewhat arbitrary. It's here so that it can be
58 set from within a running gdb. */
60 static int srec_max_retries = 3;
62 /* Each S-record download to the target consists of an S0 header
63 record, some number of S3 data records, and one S7 termination
64 record. I call this download a "frame". Srec_frame says how many
65 bytes will be represented in each frame. */
68 static int srec_frame = SREC_SIZE;
70 /* This variable determines how many bytes will be represented in each
73 static int srec_bytes = 40;
75 /* At one point it appeared to me as though the bug monitor could not
76 really be expected to receive two sequential characters at 9600
77 baud reliably. Echo-pacing is an attempt to force data across the
78 line even in this condition. Specifically, in echo-pace mode, each
79 character is sent one at a time and we look for the echo before
80 sending the next. This is excruciatingly slow. */
82 static int srec_echo_pace = 0;
84 /* How long to wait after an srec for a possible error message.
85 Similar to the above, I tried sleeping after sending each S3 record
86 in hopes that I might actually see error messages from the bug
87 monitor. This might actually work if we were to use sleep
88 intervals smaller than 1 second. */
90 static int srec_sleep = 0;
92 /* Every srec_noise records, flub the checksum. This is a debugging
93 feature. Set the variable to something other than 1 in order to
94 inject *deliberate* checksum errors. One might do this if one
95 wanted to test error handling and recovery. */
97 static int srec_noise = 0;
99 /* Called when SIGALRM signal sent due to alarm() timeout. */
101 /* Number of SIGTRAPs we need to simulate. That is, the next
102 NEED_ARTIFICIAL_TRAP calls to bug_wait should just return
103 SIGTRAP without actually waiting for anything. */
105 static int need_artificial_trap = 0;
108 * Download a file specified in 'args', to the bug.
112 bug_load (char *args, int fromtty)
120 inferior_ptid = null_ptid;
121 abfd = bfd_openr (args, 0);
124 printf_filtered ("Unable to open file %s\n", args);
128 if (bfd_check_format (abfd, bfd_object) == 0)
130 printf_filtered ("File is not an object file\n");
135 while (s != (asection *) NULL)
137 srec_frame = SREC_SIZE;
138 if (s->flags & SEC_LOAD)
142 char *buffer = xmalloc (srec_frame);
144 printf_filtered ("%s\t: 0x%4lx .. 0x%4lx ", s->name, s->vma, s->vma + s->_raw_size);
145 gdb_flush (gdb_stdout);
146 for (i = 0; i < s->_raw_size; i += srec_frame)
148 if (srec_frame > s->_raw_size - i)
149 srec_frame = s->_raw_size - i;
151 bfd_get_section_contents (abfd, s, buffer, i, srec_frame);
152 bug_write_memory (s->vma + i, buffer, srec_frame);
153 printf_filtered ("*");
154 gdb_flush (gdb_stdout);
156 printf_filtered ("\n");
161 sprintf (buffer, "rs ip %lx", (unsigned long) abfd->start_address);
162 sr_write_cr (buffer);
182 while (*s && !isspace (*s))
188 copy = xmalloc (len + 1);
189 memcpy (copy, word, len);
196 static struct gr_settings bug_settings =
200 bug_clear_breakpoints, /* clear_all_breakpoints */
201 gr_generic_checkin, /* checkin */
204 static char *cpu_check_strings[] =
211 bug_open (char *args, int from_tty)
216 gr_open (args, from_tty, &bug_settings);
217 /* decide *now* whether we are on an 88100 or an 88110 */
218 sr_write_cr ("rs cr06");
219 sr_expect ("rs cr06");
221 switch (gr_multi_scan (cpu_check_strings, 0))
223 case 0: /* this is an m88100 */
224 target_is_m88110 = 0;
226 case 1: /* this is an m88110 */
227 target_is_m88110 = 1;
230 internal_error (__FILE__, __LINE__, "failed internal consistency check");
234 /* Tell the remote machine to resume. */
237 bug_resume (ptid_t ptid, int step, enum target_signal sig)
243 /* Force the next bug_wait to return a trap. Not doing anything
244 about I/O from the target means that the user has to type
245 "continue" to see any. FIXME, this should be fixed. */
246 need_artificial_trap = 1;
254 /* Wait until the remote machine stops, then return,
255 storing status in STATUS just as `wait' would. */
257 static char *wait_strings[] =
260 "Exception: Data Access Fault (Local Bus Timeout)",
261 "\r8??\?-Bug>", /* The '\?' avoids creating a trigraph */
267 bug_wait (ptid_t ptid, struct target_waitstatus *status)
269 int old_timeout = sr_get_timeout ();
270 int old_immediate_quit = immediate_quit;
272 status->kind = TARGET_WAITKIND_EXITED;
273 status->value.integer = 0;
275 /* read off leftovers from resume so that the rest can be passed
276 back out as stdout. */
277 if (need_artificial_trap == 0)
279 sr_expect ("Effective address: ");
280 (void) sr_get_hex_word ();
284 sr_set_timeout (-1); /* Don't time out -- user program is running. */
285 immediate_quit = 1; /* Helps ability to QUIT */
287 switch (gr_multi_scan (wait_strings, need_artificial_trap == 0))
289 case 0: /* breakpoint case */
290 status->kind = TARGET_WAITKIND_STOPPED;
291 status->value.sig = TARGET_SIGNAL_TRAP;
292 /* user output from the target can be discarded here. (?) */
296 case 1: /* bus error */
297 status->kind = TARGET_WAITKIND_STOPPED;
298 status->value.sig = TARGET_SIGNAL_BUS;
299 /* user output from the target can be discarded here. (?) */
303 case 2: /* normal case */
305 if (need_artificial_trap != 0)
308 status->kind = TARGET_WAITKIND_STOPPED;
309 status->value.sig = TARGET_SIGNAL_TRAP;
310 need_artificial_trap--;
316 status->kind = TARGET_WAITKIND_EXITED;
317 status->value.integer = 0;
321 case -1: /* trouble */
323 fprintf_filtered (gdb_stderr,
324 "Trouble reading target during wait\n");
328 sr_set_timeout (old_timeout);
329 immediate_quit = old_immediate_quit;
330 return inferior_ptid;
333 /* Return the name of register number REGNO
334 in the form input and output by bug.
336 Returns a pointer to a static buffer containing the answer. */
338 get_reg_name (int regno)
342 "r00", "r01", "r02", "r03", "r04", "r05", "r06", "r07",
343 "r08", "r09", "r10", "r11", "r12", "r13", "r14", "r15",
344 "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
345 "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
347 /* these get confusing because we omit a few and switch some ordering around. */
349 "cr01", /* 32 = psr */
350 "fcr62", /* 33 = fpsr */
351 "fcr63", /* 34 = fpcr */
352 "ip", /* this is something of a cheat. */
354 "cr05", /* 36 = snip */
355 "cr06", /* 37 = sfip */
357 "x00", "x01", "x02", "x03", "x04", "x05", "x06", "x07",
358 "x08", "x09", "x10", "x11", "x12", "x13", "x14", "x15",
359 "x16", "x17", "x18", "x19", "x20", "x21", "x22", "x23",
360 "x24", "x25", "x26", "x27", "x28", "x29", "x30", "x31",
366 #if 0 /* not currently used */
367 /* Read from remote while the input matches STRING. Return zero on
368 success, -1 on failure. */
381 printf ("\nNext character is '%c' - %d and s is \"%s\".\n", c, c, --s);
391 bug_srec_write_cr (char *s)
398 if (sr_get_debug () > 0)
402 serial_write (sr_get_desc (), p, 1);
403 while (sr_pollchar () != *p);
408 /* return(bug_scan (s) || bug_scan ("\n")); */
414 /* Store register REGNO, or all if REGNO == -1. */
417 bug_fetch_register (int regno)
425 for (i = 0; i < NUM_REGS; ++i)
426 bug_fetch_register (i);
428 else if (target_is_m88110 && regno == SFIP_REGNUM)
430 /* m88110 has no sfip. */
432 supply_register (regno, (char *) &l);
434 else if (regno < XFP_REGNUM)
436 char buffer[MAX_REGISTER_RAW_SIZE];
439 sr_write_cr (get_reg_name (regno));
441 store_unsigned_integer (buffer, REGISTER_RAW_SIZE (regno),
444 supply_register (regno, buffer);
448 /* Float register so we need to parse a strange data format. */
450 unsigned char fpreg_buf[10];
453 sr_write (get_reg_name (regno), strlen (get_reg_name (regno)));
456 sr_expect (get_reg_name (regno));
461 p = sr_get_hex_digit (1);
462 fpreg_buf[0] = p << 7;
466 p = sr_get_hex_digit (1);
467 fpreg_buf[0] += (p << 4);
468 fpreg_buf[0] += sr_get_hex_digit (1);
470 fpreg_buf[1] = sr_get_hex_digit (1) << 4;
474 fpreg_buf[1] += sr_get_hex_digit (1);
476 fpreg_buf[2] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
477 fpreg_buf[3] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
478 fpreg_buf[4] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
479 fpreg_buf[5] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
480 fpreg_buf[6] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
481 fpreg_buf[7] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
486 supply_register (regno, fpreg_buf);
492 /* Store register REGNO, or all if REGNO == -1. */
495 bug_store_register (int regno)
504 for (i = 0; i < NUM_REGS; ++i)
505 bug_store_register (i);
511 regname = get_reg_name (regno);
513 if (target_is_m88110 && regno == SFIP_REGNUM)
515 else if (regno < XFP_REGNUM)
516 sprintf (buffer, "rs %s %08lx",
518 (long) read_register (regno));
521 unsigned char *fpreg_buf =
522 (unsigned char *) ®isters[REGISTER_BYTE (regno)];
524 sprintf (buffer, "rs %s %1x_%02x%1x_%1x%02x%02x%02x%02x%02x%02x;d",
527 (fpreg_buf[0] >> 7) & 0xf,
530 (fpreg_buf[1] >> 8) & 0xf,
541 sr_write_cr (buffer);
548 /* Transfer LEN bytes between GDB address MYADDR and target address
549 MEMADDR. If WRITE is non-zero, transfer them to the target,
550 otherwise transfer them from the target. TARGET is unused.
552 Returns the number of bytes transferred. */
555 bug_xfer_memory (CORE_ADDR memaddr, char *myaddr, int len, int write,
556 struct mem_attrib *attrib, struct target_ops *target)
564 res = bug_write_memory (memaddr, myaddr, len);
566 res = bug_read_memory (memaddr, myaddr, len);
576 command = (srec_echo_pace ? "lo 0 ;x" : "lo 0");
578 sr_write_cr (command);
581 bug_srec_write_cr ("S0030000FC");
585 /* This is an extremely vulnerable and fragile function. I've made
586 considerable attempts to make this deterministic, but I've
587 certainly forgotten something. The trouble is that S-records are
588 only a partial file format, not a protocol. Worse, apparently the
589 m88k bug monitor does not run in real time while receiving
590 S-records. Hence, we must pay excruciating attention to when and
591 where error messages are returned, and what has actually been sent.
593 Each call represents a chunk of memory to be sent to the target.
594 We break that chunk into an S0 header record, some number of S3
595 data records each containing srec_bytes, and an S7 termination
598 static char *srecord_strings[] =
606 bug_write_memory (CORE_ADDR memaddr, unsigned char *myaddr, int len)
612 char *buffer = alloca ((srec_bytes + 8) << 1);
620 if (retries > srec_max_retries)
625 if (sr_get_debug () > 0)
626 printf ("\n<retrying...>\n");
628 /* This gr_expect_prompt call is extremely important. Without
629 it, we will tend to resend our packet so fast that it
630 will arrive before the bug monitor is ready to receive
631 it. This would lead to a very ugly resend loop. */
647 if (thisgo > srec_bytes)
650 address = memaddr + done;
651 sprintf (buf, "S3%02X%08lX", thisgo + 4 + 1, (long) address);
654 checksum += (thisgo + 4 + 1
656 + ((address >> 8) & 0xff)
657 + ((address >> 16) & 0xff)
658 + ((address >> 24) & 0xff));
660 for (idx = 0; idx < thisgo; idx++)
662 sprintf (buf, "%02X", myaddr[idx + done]);
663 checksum += myaddr[idx + done];
669 /* FIXME-NOW: insert a deliberate error every now and then.
670 This is intended for testing/debugging the error handling
672 static int counter = 0;
673 if (++counter > srec_noise)
680 sprintf (buf, "%02X", ~checksum & 0xff);
681 bug_srec_write_cr (buffer);
686 /* This pollchar is probably redundant to the gr_multi_scan
687 below. Trouble is, we can't be sure when or where an
688 error message will appear. Apparently, when running at
689 full speed from a typical sun4, error messages tend to
690 appear to arrive only *after* the s7 record. */
692 if ((x = sr_pollchar ()) != 0)
694 if (sr_get_debug () > 0)
695 printf ("\n<retrying...>\n");
699 /* flush any remaining input and verify that we are back
700 at the prompt level. */
702 /* start all over again. */
711 bug_srec_write_cr ("S7060000000000F9");
714 /* Having finished the load, we need to figure out whether we
717 while (gr_multi_scan (srecord_strings, 0) == 0);;
722 /* Copy LEN bytes of data from debugger memory at MYADDR
723 to inferior's memory at MEMADDR. Returns errno value.
724 * sb/sh instructions don't work on unaligned addresses, when TU=1.
727 /* Read LEN bytes from inferior memory at MEMADDR. Put the result
728 at debugger address MYADDR. Returns errno value. */
730 bug_read_memory (CORE_ADDR memaddr, unsigned char *myaddr, int len)
739 unsigned int checksum;
741 sprintf (request, "du 0 %lx:&%d", (long) memaddr, len);
742 sr_write_cr (request);
744 p = buffer = alloca (len);
746 /* scan up through the header */
747 sr_expect ("S0030000FC");
749 while (p < buffer + len)
751 /* scan off any white space. */
752 while (sr_readchar () != 'S');;
754 /* what kind of s-rec? */
755 type = sr_readchar ();
757 /* scan record size */
758 sr_get_hex_byte (&size);
771 sr_get_hex_byte (&c);
772 inaddr = (inaddr << 8) + c;
775 /* intentional fall through */
777 sr_get_hex_byte (&c);
778 inaddr = (inaddr << 8) + c;
781 /* intentional fall through */
783 sr_get_hex_byte (&c);
784 inaddr = (inaddr << 8) + c;
787 sr_get_hex_byte (&c);
788 inaddr = (inaddr << 8) + c;
795 error ("reading s-records.");
799 || (memaddr + len) < (inaddr + size))
800 error ("srec out of memory range.");
802 if (p != buffer + inaddr - memaddr)
803 error ("srec out of sequence.");
805 for (; size; --size, ++p)
811 sr_get_hex_byte (&c);
812 if (c != (~checksum & 0xff))
813 error ("bad s-rec checksum");
818 if (p != buffer + len)
821 memcpy (myaddr, buffer, len);
825 #define MAX_BREAKS 16
826 static int num_brkpts = 0;
828 /* Insert a breakpoint at ADDR. SAVE is normally the address of the
829 pattern buffer where the instruction that the breakpoint overwrites
830 is saved. It is unused here since the bug is responsible for
831 saving/restoring the original instruction. */
834 bug_insert_breakpoint (CORE_ADDR addr, char *save)
838 if (num_brkpts < MAX_BREAKS)
843 sprintf (buffer, "br %lx", (long) addr);
844 sr_write_cr (buffer);
850 fprintf_filtered (gdb_stderr,
851 "Too many break points, break point not installed\n");
857 /* Remove a breakpoint at ADDR. SAVE is normally the previously
858 saved pattern, but is unused here since the bug is responsible
859 for saving/restoring instructions. */
862 bug_remove_breakpoint (CORE_ADDR addr, char *save)
869 sprintf (buffer, "nobr %lx", (long) addr);
870 sr_write_cr (buffer);
877 /* Clear the bugs notion of what the break points are */
879 bug_clear_breakpoints (void)
884 sr_write_cr ("nobr");
892 struct target_ops bug_ops;
897 bug_ops.to_shortname = "bug";
898 "Remote BUG monitor",
899 bug_ops.to_longname = "Use the mvme187 board running the BUG monitor connected by a serial line.";
900 bug_ops.to_doc = " ";
901 bug_ops.to_open = bug_open;
902 bug_ops.to_close = gr_close;
903 bug_ops.to_attach = 0;
904 bug_ops.to_post_attach = NULL;
905 bug_ops.to_require_attach = NULL;
906 bug_ops.to_detach = gr_detach;
907 bug_ops.to_require_detach = NULL;
908 bug_ops.to_resume = bug_resume;
909 bug_ops.to_wait = bug_wait;
910 bug_ops.to_post_wait = NULL;
911 bug_ops.to_fetch_registers = bug_fetch_register;
912 bug_ops.to_store_registers = bug_store_register;
913 bug_ops.to_prepare_to_store = gr_prepare_to_store;
914 bug_ops.to_xfer_memory = bug_xfer_memory;
915 bug_ops.to_files_info = gr_files_info;
916 bug_ops.to_insert_breakpoint = bug_insert_breakpoint;
917 bug_ops.to_remove_breakpoint = bug_remove_breakpoint;
918 bug_ops.to_terminal_init = 0;
919 bug_ops.to_terminal_inferior = 0;
920 bug_ops.to_terminal_ours_for_output = 0;
921 bug_ops.to_terminal_ours = 0;
922 bug_ops.to_terminal_info = 0;
923 bug_ops.to_kill = gr_kill;
924 bug_ops.to_load = bug_load;
925 bug_ops.to_lookup_symbol = 0;
926 bug_ops.to_create_inferior = gr_create_inferior;
927 bug_ops.to_post_startup_inferior = NULL;
928 bug_ops.to_acknowledge_created_inferior = NULL;
929 bug_ops.to_clone_and_follow_inferior = NULL;
930 bug_ops.to_post_follow_inferior_by_clone = NULL;
931 bug_ops.to_insert_fork_catchpoint = NULL;
932 bug_ops.to_remove_fork_catchpoint = NULL;
933 bug_ops.to_insert_vfork_catchpoint = NULL;
934 bug_ops.to_remove_vfork_catchpoint = NULL;
935 bug_ops.to_has_forked = NULL;
936 bug_ops.to_has_vforked = NULL;
937 bug_ops.to_can_follow_vfork_prior_to_exec = NULL;
938 bug_ops.to_post_follow_vfork = NULL;
939 bug_ops.to_insert_exec_catchpoint = NULL;
940 bug_ops.to_remove_exec_catchpoint = NULL;
941 bug_ops.to_has_execd = NULL;
942 bug_ops.to_reported_exec_events_per_exec_call = NULL;
943 bug_ops.to_has_exited = NULL;
944 bug_ops.to_mourn_inferior = gr_mourn;
945 bug_ops.to_can_run = 0;
946 bug_ops.to_notice_signals = 0;
947 bug_ops.to_thread_alive = 0;
949 bug_ops.to_pid_to_exec_file = NULL;
950 bug_ops.to_stratum = process_stratum;
951 bug_ops.DONT_USE = 0;
952 bug_ops.to_has_all_memory = 1;
953 bug_ops.to_has_memory = 1;
954 bug_ops.to_has_stack = 1;
955 bug_ops.to_has_registers = 0;
956 bug_ops.to_has_execution = 0;
957 bug_ops.to_sections = 0;
958 bug_ops.to_sections_end = 0;
959 bug_ops.to_magic = OPS_MAGIC; /* Always the last thing */
963 _initialize_remote_bug (void)
966 add_target (&bug_ops);
969 (add_set_cmd ("srec-bytes", class_support, var_uinteger,
970 (char *) &srec_bytes,
972 Set the number of bytes represented in each S-record.\n\
973 This affects the communication protocol with the remote target.",
978 (add_set_cmd ("srec-max-retries", class_support, var_uinteger,
979 (char *) &srec_max_retries,
981 Set the number of retries for shipping S-records.\n\
982 This affects the communication protocol with the remote target.",
987 /* This needs to set SREC_SIZE, not srec_frame which gets changed at the
988 end of a download. But do we need the option at all? */
990 (add_set_cmd ("srec-frame", class_support, var_uinteger,
991 (char *) &srec_frame,
993 Set the number of bytes in an S-record frame.\n\
994 This affects the communication protocol with the remote target.",
1000 (add_set_cmd ("srec-noise", class_support, var_zinteger,
1001 (char *) &srec_noise,
1003 Set number of S-record to send before deliberately flubbing a checksum.\n\
1004 Zero means flub none at all. This affects the communication protocol\n\
1005 with the remote target.",
1010 (add_set_cmd ("srec-sleep", class_support, var_zinteger,
1011 (char *) &srec_sleep,
1013 Set number of seconds to sleep after an S-record for a possible error message to arrive.\n\
1014 This affects the communication protocol with the remote target.",
1019 (add_set_cmd ("srec-echo-pace", class_support, var_boolean,
1020 (char *) &srec_echo_pace,
1022 Set echo-verification.\n\
1023 When on, use verification by echo when downloading S-records. This is\n\
1024 much slower, but generally more reliable.",
projects / binutils.git / blob