1 /* Remote debugging interface for Motorola's MVME187BUG monitor, an embedded
4 Copyright 1992, 1993 Free Software Foundation, Inc.
5 Contributed by Cygnus Support. Written by K. Richard Pixley.
7 This file is part of GDB.
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
38 #include "remote-utils.h"
42 /* External data declarations */
43 extern int stop_soon_quietly; /* for wait_for_inferior */
45 /* Forward data declarations */
46 extern struct target_ops bug_ops; /* Forward declaration */
48 /* Forward function declarations */
49 static int bug_clear_breakpoints PARAMS((void));
51 static int bug_read_memory PARAMS((CORE_ADDR memaddr,
52 unsigned char *myaddr,
55 static int bug_write_memory PARAMS((CORE_ADDR memaddr,
56 unsigned char *myaddr,
59 /* This variable is somewhat arbitrary. It's here so that it can be
60 set from within a running gdb. */
62 static int srec_max_retries = 3;
64 /* Each S-record download to the target consists of an S0 header
65 record, some number of S3 data records, and one S7 termination
66 record. I call this download a "frame". Srec_frame says how many
67 bytes will be represented in each frame. */
69 static int srec_frame = 160;
71 /* This variable determines how many bytes will be represented in each
74 static int srec_bytes = 40;
76 /* At one point it appeared to me as though the bug monitor could not
77 really be expected to receive two sequential characters at 9600
78 baud reliably. Echo-pacing is an attempt to force data across the
79 line even in this condition. Specifically, in echo-pace mode, each
80 character is sent one at a time and we look for the echo before
81 sending the next. This is excruciatingly slow. */
83 static int srec_echo_pace = 0;
85 /* How long to wait after an srec for a possible error message.
86 Similar to the above, I tried sleeping after sending each S3 record
87 in hopes that I might actually see error messages from the bug
88 monitor. This might actually work if we were to use sleep
89 intervals smaller than 1 second. */
91 static int srec_sleep = 0;
93 /* Every srec_noise records, flub the checksum. This is a debugging
94 feature. Set the variable to something other than 1 in order to
95 inject *deliberate* checksum errors. One might do this if one
96 wanted to test error handling and recovery. */
98 static int srec_noise = 0;
100 /* Called when SIGALRM signal sent due to alarm() timeout. */
102 /* Number of SIGTRAPs we need to simulate. That is, the next
103 NEED_ARTIFICIAL_TRAP calls to bug_wait should just return
104 SIGTRAP without actually waiting for anything. */
106 static int need_artificial_trap = 0;
109 * Download a file specified in 'args', to the bug.
113 bug_load (args, fromtty)
123 dcache_flush (gr_get_dcache());
125 abfd = bfd_openr (args, 0);
128 printf_filtered ("Unable to open file %s\n", args);
132 if (bfd_check_format (abfd, bfd_object) == 0)
134 printf_filtered ("File is not an object file\n");
139 while (s != (asection *) NULL)
141 if (s->flags & SEC_LOAD)
145 char *buffer = xmalloc (srec_frame);
147 printf_filtered ("%s\t: 0x%4x .. 0x%4x ", s->name, s->vma, s->vma + s->_raw_size);
149 for (i = 0; i < s->_raw_size; i += srec_frame)
151 if (srec_frame > s->_raw_size - i)
152 srec_frame = s->_raw_size - i;
154 bfd_get_section_contents (abfd, s, buffer, i, srec_frame);
155 bug_write_memory (s->vma + i, buffer, srec_frame);
156 printf_filtered ("*");
159 printf_filtered ("\n");
164 sprintf (buffer, "rs ip %lx", (unsigned long) abfd->start_address);
165 sr_write_cr (buffer);
186 while (*s && !isspace (*s))
192 copy = xmalloc (len + 1);
193 memcpy (copy, word, len);
200 static struct gr_settings bug_settings = {
204 bug_clear_breakpoints, /* clear_all_breakpoints */
205 bug_read_memory, /* readfunc */
206 bug_write_memory, /* writefunc */
207 gr_generic_checkin, /* checkin */
210 static char *cpu_check_strings[] = {
216 bug_open (args, from_tty)
223 gr_open(args, from_tty, &bug_settings);
224 /* decide *now* whether we are on an 88100 or an 88110 */
225 sr_write_cr("rs cr06");
226 sr_expect("rs cr06");
228 switch (gr_multi_scan(cpu_check_strings, 0))
230 case 0: /* this is an m88100 */
231 target_is_m88110 = 0;
233 case 1: /* this is an m88110 */
234 target_is_m88110 = 1;
241 /* Tell the remote machine to resume. */
244 bug_resume (pid, step, sig)
246 enum target_signal sig;
248 dcache_flush (gr_get_dcache());
254 /* Force the next bug_wait to return a trap. Not doing anything
255 about I/O from the target means that the user has to type
256 "continue" to see any. FIXME, this should be fixed. */
257 need_artificial_trap = 1;
265 /* Wait until the remote machine stops, then return,
266 storing status in STATUS just as `wait' would. */
268 static char *wait_strings[] = {
270 "Exception: Data Access Fault (Local Bus Timeout)",
277 bug_wait (pid, status)
279 struct target_waitstatus *status;
281 int old_timeout = sr_get_timeout();
282 int old_immediate_quit = immediate_quit;
284 status->kind = TARGET_WAITKIND_EXITED;
285 status->value.integer = 0;
287 /* read off leftovers from resume so that the rest can be passed
288 back out as stdout. */
289 if (need_artificial_trap == 0)
291 sr_expect("Effective address: ");
292 (void) sr_get_hex_word();
296 sr_set_timeout(-1); /* Don't time out -- user program is running. */
297 immediate_quit = 1; /* Helps ability to QUIT */
299 switch (gr_multi_scan(wait_strings, need_artificial_trap == 0))
301 case 0: /* breakpoint case */
302 status->kind = TARGET_WAITKIND_STOPPED;
303 status->value.sig = TARGET_SIGNAL_TRAP;
304 /* user output from the target can be discarded here. (?) */
308 case 1: /* bus error */
309 status->kind = TARGET_WAITKIND_STOPPED;
310 status->value.sig = TARGET_SIGNAL_BUS;
311 /* user output from the target can be discarded here. (?) */
315 case 2: /* normal case */
317 if (need_artificial_trap != 0)
320 status->kind = TARGET_WAITKIND_STOPPED;
321 status->value.sig = TARGET_SIGNAL_TRAP;
322 need_artificial_trap--;
328 status->kind = TARGET_WAITKIND_EXITED;
329 status->value.integer = 0;
333 case -1: /* trouble */
335 fprintf_filtered (stderr,
336 "Trouble reading target during wait\n");
340 sr_set_timeout(old_timeout);
341 immediate_quit = old_immediate_quit;
345 /* Return the name of register number REGNO
346 in the form input and output by bug.
348 Returns a pointer to a static buffer containing the answer. */
353 static char *rn[] = {
354 "r00", "r01", "r02", "r03", "r04", "r05", "r06", "r07",
355 "r08", "r09", "r10", "r11", "r12", "r13", "r14", "r15",
356 "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
357 "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
359 /* these get confusing because we omit a few and switch some ordering around. */
361 "cr01", /* 32 = psr */
362 "fcr62", /* 33 = fpsr*/
363 "fcr63", /* 34 = fpcr */
364 "ip", /* this is something of a cheat. */
366 "cr05", /* 36 = snip */
367 "cr06", /* 37 = sfip */
369 "x00", "x01", "x02", "x03", "x04", "x05", "x06", "x07",
370 "x08", "x09", "x10", "x11", "x12", "x13", "x14", "x15",
371 "x16", "x17", "x18", "x19", "x20", "x21", "x22", "x23",
372 "x24", "x25", "x26", "x27", "x28", "x29", "x30", "x31",
378 #if 0 /* not currently used */
379 /* Read from remote while the input matches STRING. Return zero on
380 success, -1 on failure. */
394 printf("\nNext character is '%c' - %d and s is \"%s\".\n", c, c, --s);
404 bug_srec_write_cr (s)
412 if (sr_get_debug() > 0)
416 SERIAL_WRITE(sr_get_desc(), p, 1);
417 while (sr_pollchar() != *p);
422 /* return(bug_scan (s) || bug_scan ("\n")); */
428 /* Store register REGNO, or all if REGNO == -1. */
431 bug_fetch_register(regno)
440 for (i = 0; i < NUM_REGS; ++i)
441 bug_fetch_register(i);
443 else if (target_is_m88110 && regno == SFIP_REGNUM)
445 /* m88110 has no sfip. */
447 supply_register(regno, (char *) &l);
449 else if (regno < XFP_REGNUM)
451 char buffer[MAX_REGISTER_RAW_SIZE];
454 sr_write_cr (get_reg_name(regno));
456 store_unsigned_integer (buffer, REGISTER_RAW_SIZE (regno),
459 supply_register (regno, buffer);
463 /* Float register so we need to parse a strange data format. */
465 unsigned char value[10];
468 sr_write(get_reg_name(regno), strlen(get_reg_name(regno)));
471 sr_expect(get_reg_name(regno));
476 p = sr_get_hex_digit(1);
481 p = sr_get_hex_digit(1);
482 value[0] += (p << 4);
483 value[0] += sr_get_hex_digit(1);
485 value[1] = sr_get_hex_digit(1) << 4;
489 value[1] += sr_get_hex_digit(1);
491 value[2] = (sr_get_hex_digit(1) << 4) + sr_get_hex_digit(1);
492 value[3] = (sr_get_hex_digit(1) << 4) + sr_get_hex_digit(1);
493 value[4] = (sr_get_hex_digit(1) << 4) + sr_get_hex_digit(1);
494 value[5] = (sr_get_hex_digit(1) << 4) + sr_get_hex_digit(1);
495 value[6] = (sr_get_hex_digit(1) << 4) + sr_get_hex_digit(1);
496 value[7] = (sr_get_hex_digit(1) << 4) + sr_get_hex_digit(1);
501 supply_register(regno, value);
507 /* Store register REGNO, or all if REGNO == -1. */
510 bug_store_register (regno)
520 for (i = 0; i < NUM_REGS; ++i)
521 bug_store_register(i);
527 regname = get_reg_name(regno);
529 if (target_is_m88110 && regno == SFIP_REGNUM)
531 else if (regno < XFP_REGNUM)
532 sprintf(buffer, "rs %s %08x",
534 read_register(regno));
537 unsigned char *value = ®isters[REGISTER_BYTE(regno)];
539 sprintf(buffer, "rs %s %1x_%02x%1x_%1x%02x%02x%02x%02x%02x%02x;d",
542 (value[0] >> 7) & 0xf,
545 (value[1] >> 8) & 0xf,
564 bug_xfer_memory (memaddr, myaddr, len, write, target)
569 struct target_ops *target; /* ignored */
573 /* Round starting address down to longword boundary. */
574 register CORE_ADDR addr;
576 /* Round ending address up; get number of longwords that makes. */
579 /* Allocate buffer of that many longwords. */
580 register int *buffer;
582 addr = memaddr & -sizeof (int);
583 count = (((memaddr + len) - addr) + sizeof (int) - 1) / sizeof (int);
585 buffer = (int *) alloca (count * sizeof (int));
589 /* Fill start and end extra bytes of buffer with existing memory data. */
591 if (addr != memaddr || len < (int) sizeof (int))
593 /* Need part of initial word -- fetch it. */
594 buffer[0] = gr_fetch_word (addr);
597 if (count > 1) /* FIXME, avoid if even boundary */
600 = gr_fetch_word (addr + (count - 1) * sizeof (int));
603 /* Copy data to be written over corresponding part of buffer */
605 memcpy ((char *) buffer + (memaddr & (sizeof (int) - 1)), myaddr, len);
607 /* Write the entire buffer. */
609 for (i = 0; i < count; i++, addr += sizeof (int))
612 gr_store_word (addr, buffer[i]);
623 /* Read all the longwords */
624 for (i = 0; i < count; i++, addr += sizeof (int))
627 buffer[i] = gr_fetch_word (addr);
635 /* Copy appropriate bytes out of the buffer. */
636 memcpy (myaddr, (char *) buffer + (memaddr & (sizeof (int) - 1)), len);
647 command = (srec_echo_pace ? "lo 0 ;x" : "lo 0");
649 sr_write_cr (command);
652 bug_srec_write_cr ("S0030000FC");
656 /* This is an extremely vulnerable and fragile function. I've made
657 considerable attempts to make this deterministic, but I've
658 certainly forgotten something. The trouble is that S-records are
659 only a partial file format, not a protocol. Worse, apparently the
660 m88k bug monitor does not run in real time while receiving
661 S-records. Hence, we must pay excruciating attention to when and
662 where error messages are returned, and what has actually been sent.
664 Each call represents a chunk of memory to be sent to the target.
665 We break that chunk into an S0 header record, some number of S3
666 data records each containing srec_bytes, and an S7 termination
669 static char *srecord_strings[] = {
676 bug_write_memory (memaddr, myaddr, len)
678 unsigned char *myaddr;
685 char buffer[(srec_bytes + 8) << 1];
693 if (retries > srec_max_retries)
698 if (sr_get_debug() > 0)
699 printf("\n<retrying...>\n");
701 /* This gr_expect_prompt call is extremely important. Without
702 it, we will tend to resend our packet so fast that it
703 will arrive before the bug monitor is ready to receive
704 it. This would lead to a very ugly resend loop. */
720 if (thisgo > srec_bytes)
723 address = memaddr + done;
724 sprintf (buf, "S3%02X%08X", thisgo + 4 + 1, address);
727 checksum += (thisgo + 4 + 1
729 + ((address >> 8) & 0xff)
730 + ((address >> 16) & 0xff)
731 + ((address >> 24) & 0xff));
733 for (idx = 0; idx < thisgo; idx++)
735 sprintf (buf, "%02X", myaddr[idx + done]);
736 checksum += myaddr[idx + done];
742 /* FIXME-NOW: insert a deliberate error every now and then.
743 This is intended for testing/debugging the error handling
745 static int counter = 0;
746 if (++counter > srec_noise)
753 sprintf(buf, "%02X", ~checksum & 0xff);
754 bug_srec_write_cr (buffer);
759 /* This pollchar is probably redundant to the gr_multi_scan
760 below. Trouble is, we can't be sure when or where an
761 error message will appear. Apparently, when running at
762 full speed from a typical sun4, error messages tend to
763 appear to arrive only *after* the s7 record. */
765 if ((x = sr_pollchar()) != 0)
767 if (sr_get_debug() > 0)
768 printf("\n<retrying...>\n");
772 /* flush any remaining input and verify that we are back
773 at the prompt level. */
775 /* start all over again. */
784 bug_srec_write_cr("S7060000000000F9");
787 /* Having finished the load, we need to figure out whether we
789 } while (gr_multi_scan(srecord_strings, 0) == 0);;
794 /* Copy LEN bytes of data from debugger memory at MYADDR
795 to inferior's memory at MEMADDR. Returns errno value.
796 * sb/sh instructions don't work on unaligned addresses, when TU=1.
799 /* Read LEN bytes from inferior memory at MEMADDR. Put the result
800 at debugger address MYADDR. Returns errno value. */
802 bug_read_memory (memaddr, myaddr, len)
804 unsigned char *myaddr;
814 unsigned int checksum;
816 sprintf(request, "du 0 %x:&%d", memaddr, len);
817 sr_write_cr(request);
819 p = buffer = alloca(len);
821 /* scan up through the header */
822 sr_expect("S0030000FC");
824 while (p < buffer + len)
826 /* scan off any white space. */
827 while (sr_readchar() != 'S') ;;
829 /* what kind of s-rec? */
830 type = sr_readchar();
832 /* scan record size */
833 sr_get_hex_byte(&size);
847 inaddr = (inaddr << 8) + c;
850 /* intentional fall through */
853 inaddr = (inaddr << 8) + c;
856 /* intentional fall through */
859 inaddr = (inaddr << 8) + c;
863 inaddr = (inaddr << 8) + c;
870 error("reading s-records.");
874 || (memaddr + len) < (inaddr + size))
875 error("srec out of memory range.");
877 if (p != buffer + inaddr - memaddr)
878 error("srec out of sequence.");
880 for (; size; --size, ++p)
887 if (c != (~checksum & 0xff))
888 error("bad s-rec checksum");
893 if (p != buffer + len)
896 memcpy(myaddr, buffer, len);
900 #define MAX_BREAKS 16
901 static int num_brkpts = 0;
903 bug_insert_breakpoint (addr, save)
905 char *save; /* Throw away, let bug save instructions */
909 if (num_brkpts < MAX_BREAKS)
914 sprintf (buffer, "br %x", addr);
915 sr_write_cr (buffer);
921 fprintf_filtered (stderr,
922 "Too many break points, break point not installed\n");
928 bug_remove_breakpoint (addr, save)
930 char *save; /* Throw away, let bug save instructions */
937 sprintf (buffer, "nobr %x", addr);
938 sr_write_cr (buffer);
945 /* Clear the bugs notion of what the break points are */
947 bug_clear_breakpoints ()
952 sr_write_cr ("nobr");
960 struct target_ops bug_ops =
962 "bug", "Remote BUG monitor",
963 "Use the mvme187 board running the BUG monitor connected\n\
967 0, gr_detach, bug_resume, bug_wait, /* attach */
968 bug_fetch_register, bug_store_register,
972 bug_insert_breakpoint, bug_remove_breakpoint, /* Breakpoints */
973 0, 0, 0, 0, 0, /* Terminal handling */
974 gr_kill, /* FIXME, kill */
976 0, /* lookup_symbol */
977 gr_create_inferior, /* create_inferior */
978 gr_mourn, /* mourn_inferior FIXME */
980 0, /* notice_signals */
981 process_stratum, 0, /* next */
982 1, 1, 1, 1, 1, /* all mem, mem, stack, regs, exec */
983 0, 0, /* Section pointers */
984 OPS_MAGIC, /* Always the last thing */
988 _initialize_remote_bug ()
990 add_target (&bug_ops);
993 (add_set_cmd ("srec-bytes", class_support, var_uinteger,
994 (char *) &srec_bytes,
996 Set the number of bytes represented in each S-record.\n\
997 This affects the communication protocol with the remote target.",
1002 (add_set_cmd ("srec-max-retries", class_support, var_uinteger,
1003 (char *) &srec_max_retries,
1005 Set the number of retries for shipping S-records.\n\
1006 This affects the communication protocol with the remote target.",
1011 (add_set_cmd ("srec-frame", class_support, var_uinteger,
1012 (char *) &srec_frame,
1014 Set the number of bytes in an S-record frame.\n\
1015 This affects the communication protocol with the remote target.",
1020 (add_set_cmd ("srec-noise", class_support, var_zinteger,
1021 (char *) &srec_noise,
1023 Set number of S-record to send before deliberately flubbing a checksum.\n\
1024 Zero means flub none at all. This affects the communication protocol\n\
1025 with the remote target.",
1030 (add_set_cmd ("srec-sleep", class_support, var_zinteger,
1031 (char *) &srec_sleep,
1033 Set number of seconds to sleep after an S-record for a possible error message to arrive.\n\
1034 This affects the communication protocol with the remote target.",
1039 (add_set_cmd ("srec-echo-pace", class_support, var_boolean,
1040 (char *) &srec_echo_pace,
1042 Set echo-verification.\n\
1043 When on, use verification by echo when downloading S-records. This is\n\
1044 much slower, but generally more reliable.",