JTAG debugging for PowerPC MPC85xx / e500 cores
Nick Withers
nick.withers at anu.edu.au
Thu Oct 10 03:52:52 UTC 2013
Hullo all,
I'm very much in over my head here and am hoping someone's tried this
before and might have a clue or two...
I've a very expensive and shiny new Abatron BDI-3000 here that I'm
hoping I can use to debug my RTEMS application (and RTEMS itself, as
needs be) on an MVME3100, MPC8540-equipped BSP, since there's no
soft-debugger available for the platform.
I've had some success using the BDI in "loop" breakpoint mode (in which
it replaces an instruction at the breakpoint with a "loop forever"
instruction), which is great but cumbersome: There's no bebugger waking
and you end up constantly Ctrl-C'ing in GDB to see whether it's actually
reached the breakpoint yet. It also doesn't seem to step-over very
nicely, but I haven't really looked into that.
The "soft" and "hard" breakpoint modes apparently require MMU / TLB
setup of the processor and maintenance of the DE bit in the MSR [see,
for example, http://www2.lauterbach.com/pdf/debugger_ppcpq3.pdf , pp
13-14]. Oh goodie!
The BDI allows for all manner of TLB / MMU etc. configuration... But I
think that RTEMS'll blow that away when bsp_start()ing...? It looks to
me like RTEMS *has* set-up a Debug Interrupt Vector (or at least that it
points to a valid instruction, at 0xf0 [SPR 63 = 0x0 and 415 = 0xf0])
and enabled the DE bit (bit 0x200, I believe) in the MSR:
BDI>ti
Target CPU : MPC85xx (e500v1 rev.2)
Core state : halted
Debug entry cause : single step
Current PC : 0x0000c820
Current CR : 0x40420042
Current MSR : 0x00001200
Current LR : 0x0000c818
Current CCSRBAR : 0x0_e1000000
GDB and addr2line are claiming that 0xf0's is in domove() but I think it
actually might be relocated code or something, as it *looks* like an
exception handling table similar to that from
c/src/lib/libbsp/powerpc/mpc55xxevb/startup/exc-vector-base.S (and
doesn't look like anything in domove(); FWIW there's a note "NOTE: we
should respect the MAILBOX area 0x80..0xff!" in
c/src/lib/libbsp/powerpc/shared/start/preload.S which doesn't mean
anything to me):
____
(gdb) x/5i 0xec
0xec <domove+32>: b 0x41dc4 <ppc_exc_wrap_nopush_std>
0xf0 <domove+36>: stwu r1,-176(r1)
0xf4 <domove+40>: stw r4,52(r1)
0xf8 <domove+44>: li r4,13
0xfc <domove+48>: b 0x4226c <ppc_exc_wrap_nopush_bookE_crit>
____
So it kinda looks to me like there's an exception handler explicitly
set-up by RTEMS / the RTEMS BSP code somewhere-or-other, but for some
reason the debugger isn't invoked... or something?
In case it helps, here's what I see in "Soft" mode when hitting a
breakpoint and interrupting the debugger [dcp_query() being the function
in which the breakpoint is set]:
____
(gdb) bt full
#0 fatal_extension (the_source=RTEMS_FATAL_SOURCE_EXCEPTION, is_internal=false, the_error=2056592) at init.c:294
isr_cookie = 4096
#1 0x000aa820 in _User_extensions_Fatal_visitor (executing=0x1c9590, arg=0x1f6110, callouts=0x131cc0 <Configuration_Initial_Extensions+64>)
at ../../../../../../../rtems/c/src/../../cpukit/score/src/userextiterate.c:123
ctx = 0x1f6110
callout = 0xc79c <fatal_extension>
#2 0x000aa8a4 in _User_extensions_Iterate (arg=0x1f6110, visitor=0xaa7ac <_User_extensions_Fatal_visitor>)
at ../../../../../../../rtems/c/src/../../cpukit/score/src/userextiterate.c:141
executing = 0x1c9590
callouts_current = 0x131cc0 <Configuration_Initial_Extensions+64>
callouts_end = 0x131d00 <Configuration>
node = 0x0 <preload>
tail = 0x1bc570 <_API_extensions_Post_switch_list>
#3 0x000a14ec in _User_extensions_Fatal (source=RTEMS_FATAL_SOURCE_EXCEPTION, is_internal=false, error=2056592)
at ../../cpukit/../../../mvme3100/lib/include/rtems/score/userextimpl.h:239
ctx = {source = RTEMS_FATAL_SOURCE_EXCEPTION, is_internal = false, error = 2056592}
#4 0x000a1540 in _Internal_error_Occurred (the_source=RTEMS_FATAL_SOURCE_EXCEPTION, is_internal=false, the_error=2056592)
at ../../../../../../../rtems/c/src/../../cpukit/score/src/interr.c:35
No locals.
#5 0x0009c78c in rtems_fatal (source=RTEMS_FATAL_SOURCE_EXCEPTION, error=2056592) at ../../../../../../../rtems/c/src/../../cpukit/sapi/src/fatal2.c:34
No locals.
#6 0x0004323c in C_exception_handler (excPtr=0x1f6190) at ../../../../../../../../rtems/c/src/lib/libcpu/powerpc/new-exceptions/bspsupport/ppc_exc_global_handler.c:24
No locals.
#7 0x00042008 in wrap_call_global_handler_std () at ../../../../../../../../rtems/c/src/lib/libcpu/powerpc/new-exceptions/bspsupport/ppc_exc_asm_macros.h:839
No locals.
#8 0x0001f4fc in dcp_query (args=0x1b6958 <thread_args.5967>) at dcp/query/dcp_query.c:310
read = 48
client_addr = {sin_len = 16 '\020', sin_family = 2 '\002', sin_port = 42350, sin_addr = {s_addr = 2529891283}, sin_zero = "\000\000\000\000\000\000\000"}
client_addr_size = 16
client_recv_buffer = 0x1f6240 ""
client_ip = "150.203.19.211\000\240"
crate = 0x156260 <crate.9207>
experiment = 0x156770 <experiment.9208>
socket = 9
__func__ = "dcp_query"
#9 0x0010ea20 in _Thread_Handler () at ../../../../../../../rtems/c/src/../../cpukit/score/src/threadhandler.c:195
level = 0
executing = 0x1c9590
doCons = false
#10 0x0010e950 in _Thread_Handler_is_constructor_execution_required (executing=0xa5a5a5) at ../../../../../../../rtems/c/src/../../cpukit/score/src/threadhandler.c:82
doneConstructors = true
doCons = false
Backtrace stopped: frame did not save the PC
____
Does anyone have any ideas? I don't know where to go from here...
<sob> I just want a debugger :-( </sob>
--
Nick Withers
Embedded Systems Programmer
Room 2.26, Building 57
Department of Nuclear Physics
Research School of Physics and Engineering
The Australian National University (CRICOS: 00120C)
eMail: nick.withers at anu.edu.au
Phone: +61 2 6125 2091
Mobile: +61 414 397 446
More information about the users
mailing list