1 /* Remote debugging interface for Motorola's MVME187BUG monitor, an embedded
4 Copyright 1992, 1993, 2001 Free Software Foundation, Inc.
5 Contributed by Cygnus Support. Written by K. Richard Pixley.
7 This file is part of GDB.
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place - Suite 330,
22 Boston, MA 02111-1307, USA. */
28 #include "gdb_string.h"
39 #include "remote-utils.h"
44 /* External data declarations */
45 extern int stop_soon_quietly; /* for wait_for_inferior */
47 /* Forward data declarations */
48 extern struct target_ops bug_ops; /* Forward declaration */
50 /* Forward function declarations */
51 static int bug_clear_breakpoints (void);
53 static int bug_read_memory (CORE_ADDR memaddr,
54 unsigned char *myaddr, int len);
56 static int bug_write_memory (CORE_ADDR memaddr,
57 unsigned char *myaddr, int len);
59 /* This variable is somewhat arbitrary. It's here so that it can be
60 set from within a running gdb. */
62 static int srec_max_retries = 3;
64 /* Each S-record download to the target consists of an S0 header
65 record, some number of S3 data records, and one S7 termination
66 record. I call this download a "frame". Srec_frame says how many
67 bytes will be represented in each frame. */
70 static int srec_frame = SREC_SIZE;
72 /* This variable determines how many bytes will be represented in each
75 static int srec_bytes = 40;
77 /* At one point it appeared to me as though the bug monitor could not
78 really be expected to receive two sequential characters at 9600
79 baud reliably. Echo-pacing is an attempt to force data across the
80 line even in this condition. Specifically, in echo-pace mode, each
81 character is sent one at a time and we look for the echo before
82 sending the next. This is excruciatingly slow. */
84 static int srec_echo_pace = 0;
86 /* How long to wait after an srec for a possible error message.
87 Similar to the above, I tried sleeping after sending each S3 record
88 in hopes that I might actually see error messages from the bug
89 monitor. This might actually work if we were to use sleep
90 intervals smaller than 1 second. */
92 static int srec_sleep = 0;
94 /* Every srec_noise records, flub the checksum. This is a debugging
95 feature. Set the variable to something other than 1 in order to
96 inject *deliberate* checksum errors. One might do this if one
97 wanted to test error handling and recovery. */
99 static int srec_noise = 0;
101 /* Called when SIGALRM signal sent due to alarm() timeout. */
103 /* Number of SIGTRAPs we need to simulate. That is, the next
104 NEED_ARTIFICIAL_TRAP calls to bug_wait should just return
105 SIGTRAP without actually waiting for anything. */
107 static int need_artificial_trap = 0;
110 * Download a file specified in 'args', to the bug.
114 bug_load (char *args, int fromtty)
123 abfd = bfd_openr (args, 0);
126 printf_filtered ("Unable to open file %s\n", args);
130 if (bfd_check_format (abfd, bfd_object) == 0)
132 printf_filtered ("File is not an object file\n");
137 while (s != (asection *) NULL)
139 srec_frame = SREC_SIZE;
140 if (s->flags & SEC_LOAD)
144 char *buffer = xmalloc (srec_frame);
146 printf_filtered ("%s\t: 0x%4x .. 0x%4x ", s->name, s->vma, s->vma + s->_raw_size);
147 gdb_flush (gdb_stdout);
148 for (i = 0; i < s->_raw_size; i += srec_frame)
150 if (srec_frame > s->_raw_size - i)
151 srec_frame = s->_raw_size - i;
153 bfd_get_section_contents (abfd, s, buffer, i, srec_frame);
154 bug_write_memory (s->vma + i, buffer, srec_frame);
155 printf_filtered ("*");
156 gdb_flush (gdb_stdout);
158 printf_filtered ("\n");
163 sprintf (buffer, "rs ip %lx", (unsigned long) abfd->start_address);
164 sr_write_cr (buffer);
184 while (*s && !isspace (*s))
190 copy = xmalloc (len + 1);
191 memcpy (copy, word, len);
198 static struct gr_settings bug_settings =
202 bug_clear_breakpoints, /* clear_all_breakpoints */
203 gr_generic_checkin, /* checkin */
206 static char *cpu_check_strings[] =
213 bug_open (char *args, int from_tty)
218 gr_open (args, from_tty, &bug_settings);
219 /* decide *now* whether we are on an 88100 or an 88110 */
220 sr_write_cr ("rs cr06");
221 sr_expect ("rs cr06");
223 switch (gr_multi_scan (cpu_check_strings, 0))
225 case 0: /* this is an m88100 */
226 target_is_m88110 = 0;
228 case 1: /* this is an m88110 */
229 target_is_m88110 = 1;
236 /* Tell the remote machine to resume. */
239 bug_resume (int pid, int step, enum target_signal sig)
245 /* Force the next bug_wait to return a trap. Not doing anything
246 about I/O from the target means that the user has to type
247 "continue" to see any. FIXME, this should be fixed. */
248 need_artificial_trap = 1;
256 /* Wait until the remote machine stops, then return,
257 storing status in STATUS just as `wait' would. */
259 static char *wait_strings[] =
262 "Exception: Data Access Fault (Local Bus Timeout)",
263 "\r8??\?-Bug>", /* The '\?' avoids creating a trigraph */
269 bug_wait (int pid, struct target_waitstatus *status)
271 int old_timeout = sr_get_timeout ();
272 int old_immediate_quit = immediate_quit;
274 status->kind = TARGET_WAITKIND_EXITED;
275 status->value.integer = 0;
277 /* read off leftovers from resume so that the rest can be passed
278 back out as stdout. */
279 if (need_artificial_trap == 0)
281 sr_expect ("Effective address: ");
282 (void) sr_get_hex_word ();
286 sr_set_timeout (-1); /* Don't time out -- user program is running. */
287 immediate_quit = 1; /* Helps ability to QUIT */
289 switch (gr_multi_scan (wait_strings, need_artificial_trap == 0))
291 case 0: /* breakpoint case */
292 status->kind = TARGET_WAITKIND_STOPPED;
293 status->value.sig = TARGET_SIGNAL_TRAP;
294 /* user output from the target can be discarded here. (?) */
298 case 1: /* bus error */
299 status->kind = TARGET_WAITKIND_STOPPED;
300 status->value.sig = TARGET_SIGNAL_BUS;
301 /* user output from the target can be discarded here. (?) */
305 case 2: /* normal case */
307 if (need_artificial_trap != 0)
310 status->kind = TARGET_WAITKIND_STOPPED;
311 status->value.sig = TARGET_SIGNAL_TRAP;
312 need_artificial_trap--;
318 status->kind = TARGET_WAITKIND_EXITED;
319 status->value.integer = 0;
323 case -1: /* trouble */
325 fprintf_filtered (gdb_stderr,
326 "Trouble reading target during wait\n");
330 sr_set_timeout (old_timeout);
331 immediate_quit = old_immediate_quit;
335 /* Return the name of register number REGNO
336 in the form input and output by bug.
338 Returns a pointer to a static buffer containing the answer. */
340 get_reg_name (int regno)
344 "r00", "r01", "r02", "r03", "r04", "r05", "r06", "r07",
345 "r08", "r09", "r10", "r11", "r12", "r13", "r14", "r15",
346 "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
347 "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
349 /* these get confusing because we omit a few and switch some ordering around. */
351 "cr01", /* 32 = psr */
352 "fcr62", /* 33 = fpsr */
353 "fcr63", /* 34 = fpcr */
354 "ip", /* this is something of a cheat. */
356 "cr05", /* 36 = snip */
357 "cr06", /* 37 = sfip */
359 "x00", "x01", "x02", "x03", "x04", "x05", "x06", "x07",
360 "x08", "x09", "x10", "x11", "x12", "x13", "x14", "x15",
361 "x16", "x17", "x18", "x19", "x20", "x21", "x22", "x23",
362 "x24", "x25", "x26", "x27", "x28", "x29", "x30", "x31",
368 #if 0 /* not currently used */
369 /* Read from remote while the input matches STRING. Return zero on
370 success, -1 on failure. */
383 printf ("\nNext character is '%c' - %d and s is \"%s\".\n", c, c, --s);
393 bug_srec_write_cr (char *s)
400 if (sr_get_debug () > 0)
404 SERIAL_WRITE (sr_get_desc (), p, 1);
405 while (sr_pollchar () != *p);
410 /* return(bug_scan (s) || bug_scan ("\n")); */
416 /* Store register REGNO, or all if REGNO == -1. */
419 bug_fetch_register (int regno)
427 for (i = 0; i < NUM_REGS; ++i)
428 bug_fetch_register (i);
430 else if (target_is_m88110 && regno == SFIP_REGNUM)
432 /* m88110 has no sfip. */
434 supply_register (regno, (char *) &l);
436 else if (regno < XFP_REGNUM)
438 char buffer[MAX_REGISTER_RAW_SIZE];
441 sr_write_cr (get_reg_name (regno));
443 store_unsigned_integer (buffer, REGISTER_RAW_SIZE (regno),
446 supply_register (regno, buffer);
450 /* Float register so we need to parse a strange data format. */
452 unsigned char fpreg_buf[10];
455 sr_write (get_reg_name (regno), strlen (get_reg_name (regno)));
458 sr_expect (get_reg_name (regno));
463 p = sr_get_hex_digit (1);
464 fpreg_buf[0] = p << 7;
468 p = sr_get_hex_digit (1);
469 fpreg_buf[0] += (p << 4);
470 fpreg_buf[0] += sr_get_hex_digit (1);
472 fpreg_buf[1] = sr_get_hex_digit (1) << 4;
476 fpreg_buf[1] += sr_get_hex_digit (1);
478 fpreg_buf[2] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
479 fpreg_buf[3] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
480 fpreg_buf[4] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
481 fpreg_buf[5] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
482 fpreg_buf[6] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
483 fpreg_buf[7] = (sr_get_hex_digit (1) << 4) + sr_get_hex_digit (1);
488 supply_register (regno, fpreg_buf);
494 /* Store register REGNO, or all if REGNO == -1. */
497 bug_store_register (int regno)
506 for (i = 0; i < NUM_REGS; ++i)
507 bug_store_register (i);
513 regname = get_reg_name (regno);
515 if (target_is_m88110 && regno == SFIP_REGNUM)
517 else if (regno < XFP_REGNUM)
518 sprintf (buffer, "rs %s %08x",
520 read_register (regno));
523 unsigned char *fpreg_buf =
524 (unsigned char *) ®isters[REGISTER_BYTE (regno)];
526 sprintf (buffer, "rs %s %1x_%02x%1x_%1x%02x%02x%02x%02x%02x%02x;d",
529 (fpreg_buf[0] >> 7) & 0xf,
532 (fpreg_buf[1] >> 8) & 0xf,
543 sr_write_cr (buffer);
550 /* Transfer LEN bytes between GDB address MYADDR and target address
551 MEMADDR. If WRITE is non-zero, transfer them to the target,
552 otherwise transfer them from the target. TARGET is unused.
554 Returns the number of bytes transferred. */
557 bug_xfer_memory (CORE_ADDR memaddr, char *myaddr, int len, int write,
558 struct mem_attrib *attrib ATTRIBUTE_UNUSED,
559 struct target_ops *target ATTRIBUTE_UNUSED)
567 res = bug_write_memory (memaddr, myaddr, len);
569 res = bug_read_memory (memaddr, myaddr, len);
579 command = (srec_echo_pace ? "lo 0 ;x" : "lo 0");
581 sr_write_cr (command);
584 bug_srec_write_cr ("S0030000FC");
588 /* This is an extremely vulnerable and fragile function. I've made
589 considerable attempts to make this deterministic, but I've
590 certainly forgotten something. The trouble is that S-records are
591 only a partial file format, not a protocol. Worse, apparently the
592 m88k bug monitor does not run in real time while receiving
593 S-records. Hence, we must pay excruciating attention to when and
594 where error messages are returned, and what has actually been sent.
596 Each call represents a chunk of memory to be sent to the target.
597 We break that chunk into an S0 header record, some number of S3
598 data records each containing srec_bytes, and an S7 termination
601 static char *srecord_strings[] =
609 bug_write_memory (CORE_ADDR memaddr, unsigned char *myaddr, int len)
615 char *buffer = alloca ((srec_bytes + 8) << 1);
623 if (retries > srec_max_retries)
628 if (sr_get_debug () > 0)
629 printf ("\n<retrying...>\n");
631 /* This gr_expect_prompt call is extremely important. Without
632 it, we will tend to resend our packet so fast that it
633 will arrive before the bug monitor is ready to receive
634 it. This would lead to a very ugly resend loop. */
650 if (thisgo > srec_bytes)
653 address = memaddr + done;
654 sprintf (buf, "S3%02X%08X", thisgo + 4 + 1, address);
657 checksum += (thisgo + 4 + 1
659 + ((address >> 8) & 0xff)
660 + ((address >> 16) & 0xff)
661 + ((address >> 24) & 0xff));
663 for (idx = 0; idx < thisgo; idx++)
665 sprintf (buf, "%02X", myaddr[idx + done]);
666 checksum += myaddr[idx + done];
672 /* FIXME-NOW: insert a deliberate error every now and then.
673 This is intended for testing/debugging the error handling
675 static int counter = 0;
676 if (++counter > srec_noise)
683 sprintf (buf, "%02X", ~checksum & 0xff);
684 bug_srec_write_cr (buffer);
689 /* This pollchar is probably redundant to the gr_multi_scan
690 below. Trouble is, we can't be sure when or where an
691 error message will appear. Apparently, when running at
692 full speed from a typical sun4, error messages tend to
693 appear to arrive only *after* the s7 record. */
695 if ((x = sr_pollchar ()) != 0)
697 if (sr_get_debug () > 0)
698 printf ("\n<retrying...>\n");
702 /* flush any remaining input and verify that we are back
703 at the prompt level. */
705 /* start all over again. */
714 bug_srec_write_cr ("S7060000000000F9");
717 /* Having finished the load, we need to figure out whether we
720 while (gr_multi_scan (srecord_strings, 0) == 0);;
725 /* Copy LEN bytes of data from debugger memory at MYADDR
726 to inferior's memory at MEMADDR. Returns errno value.
727 * sb/sh instructions don't work on unaligned addresses, when TU=1.
730 /* Read LEN bytes from inferior memory at MEMADDR. Put the result
731 at debugger address MYADDR. Returns errno value. */
733 bug_read_memory (CORE_ADDR memaddr, unsigned char *myaddr, int len)
742 unsigned int checksum;
744 sprintf (request, "du 0 %x:&%d", memaddr, len);
745 sr_write_cr (request);
747 p = buffer = alloca (len);
749 /* scan up through the header */
750 sr_expect ("S0030000FC");
752 while (p < buffer + len)
754 /* scan off any white space. */
755 while (sr_readchar () != 'S');;
757 /* what kind of s-rec? */
758 type = sr_readchar ();
760 /* scan record size */
761 sr_get_hex_byte (&size);
774 sr_get_hex_byte (&c);
775 inaddr = (inaddr << 8) + c;
778 /* intentional fall through */
780 sr_get_hex_byte (&c);
781 inaddr = (inaddr << 8) + c;
784 /* intentional fall through */
786 sr_get_hex_byte (&c);
787 inaddr = (inaddr << 8) + c;
790 sr_get_hex_byte (&c);
791 inaddr = (inaddr << 8) + c;
798 error ("reading s-records.");
802 || (memaddr + len) < (inaddr + size))
803 error ("srec out of memory range.");
805 if (p != buffer + inaddr - memaddr)
806 error ("srec out of sequence.");
808 for (; size; --size, ++p)
814 sr_get_hex_byte (&c);
815 if (c != (~checksum & 0xff))
816 error ("bad s-rec checksum");
821 if (p != buffer + len)
824 memcpy (myaddr, buffer, len);
828 #define MAX_BREAKS 16
829 static int num_brkpts = 0;
831 /* Insert a breakpoint at ADDR. SAVE is normally the address of the
832 pattern buffer where the instruction that the breakpoint overwrites
833 is saved. It is unused here since the bug is responsible for
834 saving/restoring the original instruction. */
837 bug_insert_breakpoint (CORE_ADDR addr, char *save)
841 if (num_brkpts < MAX_BREAKS)
846 sprintf (buffer, "br %x", addr);
847 sr_write_cr (buffer);
853 fprintf_filtered (gdb_stderr,
854 "Too many break points, break point not installed\n");
860 /* Remove a breakpoint at ADDR. SAVE is normally the previously
861 saved pattern, but is unused here since the bug is responsible
862 for saving/restoring instructions. */
865 bug_remove_breakpoint (CORE_ADDR addr, char *save)
872 sprintf (buffer, "nobr %x", addr);
873 sr_write_cr (buffer);
880 /* Clear the bugs notion of what the break points are */
882 bug_clear_breakpoints (void)
887 sr_write_cr ("nobr");
895 struct target_ops bug_ops;
900 bug_ops.to_shortname = "bug";
901 "Remote BUG monitor",
902 bug_ops.to_longname = "Use the mvme187 board running the BUG monitor connected by a serial line.";
903 bug_ops.to_doc = " ";
904 bug_ops.to_open = bug_open;
905 bug_ops.to_close = gr_close;
906 bug_ops.to_attach = 0;
907 bug_ops.to_post_attach = NULL;
908 bug_ops.to_require_attach = NULL;
909 bug_ops.to_detach = gr_detach;
910 bug_ops.to_require_detach = NULL;
911 bug_ops.to_resume = bug_resume;
912 bug_ops.to_wait = bug_wait;
913 bug_ops.to_post_wait = NULL;
914 bug_ops.to_fetch_registers = bug_fetch_register;
915 bug_ops.to_store_registers = bug_store_register;
916 bug_ops.to_prepare_to_store = gr_prepare_to_store;
917 bug_ops.to_xfer_memory = bug_xfer_memory;
918 bug_ops.to_files_info = gr_files_info;
919 bug_ops.to_insert_breakpoint = bug_insert_breakpoint;
920 bug_ops.to_remove_breakpoint = bug_remove_breakpoint;
921 bug_ops.to_terminal_init = 0;
922 bug_ops.to_terminal_inferior = 0;
923 bug_ops.to_terminal_ours_for_output = 0;
924 bug_ops.to_terminal_ours = 0;
925 bug_ops.to_terminal_info = 0;
926 bug_ops.to_kill = gr_kill;
927 bug_ops.to_load = bug_load;
928 bug_ops.to_lookup_symbol = 0;
929 bug_ops.to_create_inferior = gr_create_inferior;
930 bug_ops.to_post_startup_inferior = NULL;
931 bug_ops.to_acknowledge_created_inferior = NULL;
932 bug_ops.to_clone_and_follow_inferior = NULL;
933 bug_ops.to_post_follow_inferior_by_clone = NULL;
934 bug_ops.to_insert_fork_catchpoint = NULL;
935 bug_ops.to_remove_fork_catchpoint = NULL;
936 bug_ops.to_insert_vfork_catchpoint = NULL;
937 bug_ops.to_remove_vfork_catchpoint = NULL;
938 bug_ops.to_has_forked = NULL;
939 bug_ops.to_has_vforked = NULL;
940 bug_ops.to_can_follow_vfork_prior_to_exec = NULL;
941 bug_ops.to_post_follow_vfork = NULL;
942 bug_ops.to_insert_exec_catchpoint = NULL;
943 bug_ops.to_remove_exec_catchpoint = NULL;
944 bug_ops.to_has_execd = NULL;
945 bug_ops.to_reported_exec_events_per_exec_call = NULL;
946 bug_ops.to_has_exited = NULL;
947 bug_ops.to_mourn_inferior = gr_mourn;
948 bug_ops.to_can_run = 0;
949 bug_ops.to_notice_signals = 0;
950 bug_ops.to_thread_alive = 0;
952 bug_ops.to_pid_to_exec_file = NULL;
953 bug_ops.to_core_file_to_sym_file = NULL;
954 bug_ops.to_stratum = process_stratum;
955 bug_ops.DONT_USE = 0;
956 bug_ops.to_has_all_memory = 1;
957 bug_ops.to_has_memory = 1;
958 bug_ops.to_has_stack = 1;
959 bug_ops.to_has_registers = 0;
960 bug_ops.to_has_execution = 0;
961 bug_ops.to_sections = 0;
962 bug_ops.to_sections_end = 0;
963 bug_ops.to_magic = OPS_MAGIC; /* Always the last thing */
967 _initialize_remote_bug (void)
970 add_target (&bug_ops);
973 (add_set_cmd ("srec-bytes", class_support, var_uinteger,
974 (char *) &srec_bytes,
976 Set the number of bytes represented in each S-record.\n\
977 This affects the communication protocol with the remote target.",
982 (add_set_cmd ("srec-max-retries", class_support, var_uinteger,
983 (char *) &srec_max_retries,
985 Set the number of retries for shipping S-records.\n\
986 This affects the communication protocol with the remote target.",
991 /* This needs to set SREC_SIZE, not srec_frame which gets changed at the
992 end of a download. But do we need the option at all? */
994 (add_set_cmd ("srec-frame", class_support, var_uinteger,
995 (char *) &srec_frame,
997 Set the number of bytes in an S-record frame.\n\
998 This affects the communication protocol with the remote target.",
1004 (add_set_cmd ("srec-noise", class_support, var_zinteger,
1005 (char *) &srec_noise,
1007 Set number of S-record to send before deliberately flubbing a checksum.\n\
1008 Zero means flub none at all. This affects the communication protocol\n\
1009 with the remote target.",
1014 (add_set_cmd ("srec-sleep", class_support, var_zinteger,
1015 (char *) &srec_sleep,
1017 Set number of seconds to sleep after an S-record for a possible error message to arrive.\n\
1018 This affects the communication protocol with the remote target.",
1023 (add_set_cmd ("srec-echo-pace", class_support, var_boolean,
1024 (char *) &srec_echo_pace,
1026 Set echo-verification.\n\
1027 When on, use verification by echo when downloading S-records. This is\n\
1028 much slower, but generally more reliable.",