I'm trying to start kernel debugging with this sytem:
Amontec JTAGkey2, openocd, gdb, eclipse.
At the end I would like to debug kernel and application that is running within.
I have few problems, and it seems that I need to solve them sequently.
Now I have CPU suspend/resume, read/write RAM
What is missing: Step into, Step over, C/C++ Level debugging.
I do following:
- Connect JTAG, Power up board, start uImage with Debug messages via Uboot
- start openocd:
# openocd -f /usr/share/openocd/scripts/interface/jtagkey2.cfg -f /usr/share/openocd/scripts/board/at91sam9g20-ek.cfg
Output:
jtag_nsrst_delay: 200
jtag_ntrst_delay: 200
RCLK - adaptive
TapName | Enabled | IdCode Expected IrLen IrCap IrMask Instr
---|--------------------|---------|------------|------------|------|------|------|---------
0 | at91sam9g20.cpu | Y | 0x00000000 | 0x0792603f | 0x04 | 0x01 | 0x0f | 0x0f
Info : max TCK change to: 30000 kHz
Info : RCLK (adaptive clock speed)
Info : JTAG tap: at91sam9g20.cpu tap/device found: 0x0792603f (mfg: 0x01f, part: 0x7926, ver: 0x0)
Info : Embedded ICE version 6
And problems starts here:
openocd:
Warn : acknowledgment received, but no packet pending
undefined debug reason 6 - target needs reset
Warn : target not halted
eclipse:
symbol-file /opt/Tixi_Repos/KiwiG6v2/buildroot-2011.05/package_tixi/linux-2.6.39/arch/arm/boot/compressed/vmlinux
target remote localhost:3333
start () at arch/arm/boot/compressed/head.S:108
108 kphex r5, 8 /* end of kernel */
It seems also that JTAG is trying to load the code into 0x0, what is incorrect I suppose:
Update 1:
After analyzing some online tutorials for ARM:
Eclipse Reset and Halt commands doesn't work perfect. It is better to uncheck them and write into command window. Also load address can be add:
monitor halt
load arch/arm/boot/compressed/vmlinux 0x22000000
I don't use
monitor reset
I let Uboot start and initialize RAM and other peripherals. Then I stop Uboot by getting into shell. Then I let eclipse write linux into RAM, and start it. It takes very long, but works bit better. Kernel starts and stopps on RPC initialization without giving console back.
would it be possible to load kernel into RAM within Uboot console, and start JTAG session afterwards ?
What is the difference between [load ...] and [monitor load...] commands
Why do I need to load /compressed/vmlinux instead of uImage ?
in eclipse window I have two load fields: load image i load symbol. I disable both options but write only load arch/arm/boot/compressed/vmlinux 0x22000000. Is it maybe the reason for next problems ?
Update 2:
Ok. Thank you for hints.
I've made some progress. Could you give me some advices, maybe I'm still doing something wrong.
Now my kernel runs under JTAG control, but I still can't debug on source code level.
I do as follows:
Power up the board, go into uboot shell.
start openOCD session
Set Uboot breakpoint in bootm.c on theKernel call:
cleanup_before_linux ();
theKernel (0, machid, bd->bi_boot_params);
start eclipse debug session :
monitor halt
load uboot-a without offset
load u-boot-2010.06/u-boot
Loading section .text, size 0x349ec lma 0x26f00000
start uboot and let it run
uboot stopps on "theKernel" call
I know that kernel is located on address 0x20008000.
restart openOCD session
start ecipse debugger once more with kernel configuration:
monitor halt
load kernel on address 0x20008000
load arch/arm/boot/compressed/vmlinux 0x20008000
Loading section .text, size 0x8bdc7c lma 0x20008000
start debugg session
Everything works fine now, and kernel starts, but I still can't debug on source code level.
"symbol is not available"
DEBUG and DEBUG_INFO are on for kernel.
vmlinux screenshot
What seems starnge for me that there are around 50 function symbols in this file.
Related
I managed to program and debug an STM32F4 Microcontroller, did some simple operations and wrote small scripts.
The setup
Microcontroller : STM32F405RG
Debug probe: I am using an old JTAGKEY2 by Amontec
Toolchain : openOCD & GDB on port 3333
I am not using any GUI and any specific soft tool.
The goal
Now I'd like to level up a little bit.
My project consists of 3 MCUs on a PCB working in redundancy.
I would like to debug Two or more STM32F4 and do some operations in one MCU while the others are halted. Here is an example :
Program all the devices (let's call them MCU1 & MCU2 ) with the same .elf .
Run.
Halt MCU1 & MCU2 at a specific timing ( like 10sec after running ).
Modify r4 of MCU1 only
Resume all targets.
For one MCU, I call the target config file smt32f4x.cfg.
For two MCUs, I read OpenOCD User's Guide and it seems that I have to create a new tap.
But first, I wanted to try to debug both MCU1 & MCU2 with the same config.
I wired the system in order to chain the MCUs on the bus, opened a terminal and typed openocd in my project folder.
The Issue
As expected I get this message:
Info : JTAG tap: STM32F405RGTx.bs tap/device found: 0x06413041 (mfg: 0x020 (STMicroelectronics), part: 0x6413, ver: 0x0)
Info : JTAG tap: auto0.tap tap/device found: 0x4ba00477 (mfg: 0x23b (ARM Ltd.), part: 0xba00, ver: 0x4)
Info : JTAG tap: auto1.tap tap/device found: 0x06413041 (mfg: 0x020 (STMicroelectronics), part: 0x6413, ver: 0x0)
Warn : AUTO auto0.tap - use "jtag newtap auto0 tap -irlen 4 -expected-id 0x4ba00477"
Warn : AUTO auto1.tap - use "jtag newtap auto1 tap -irlen 5 -expected-id 0x06413041"
Info : STM32F405RGTx.cpu: hardware has 6 breakpoints, 4 watchpoints
adapter speed: 2000 kHz
Info : JTAG tap: STM32F405RGTx.cpu tap/device found: 0x4ba00477 (mfg: 0x23b (ARM Ltd.), part: 0xba00, ver: 0x4)
Info : JTAG tap: STM32F405RGTx.bs tap/device found: 0x06413041 (mfg: 0x020 (STMicroelectronics), part: 0x6413, ver: 0x0)
Info : JTAG tap: auto0.tap tap/device found: 0x4ba00477 (mfg: 0x23b (ARM Ltd.), part: 0xba00, ver: 0x4)
Info : JTAG tap: auto1.tap tap/device found: 0x06413041 (mfg: 0x020 (STMicroelectronics), part: 0x6413, ver: 0x0)
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x08000910 msp: 0x20020000
What happens then is that only one MCU is programmed.
So I think I might create a board config file and use
jtag newtap auto0 tap -irlen 4 -expected-id 0x4ba00477
and use one DAP per TAP ...
As I'm not confident with my skills I didn't manage to start my own config file from scratch.
And I didn't find config examples with several microcontrollers nor examples in gdb to give debug commands to different commands to different MCU on the bus.
The Questions
Where can I find Board config examples with several MCU?
Is it possible to give debug commands to only one of the devices under debug? How?
I did it using serial numbers of multiple st-links.
#To invoke without this script: openocd -s /share/openocd/scripts -f interface/stlink-v2-1.cfg -f target/stm32f1x.cfg
gdb_port 3334
tcl_port 6667
telnet_port 4445
#To run: openocd -s /share/openocd/scripts and then telnet localhost 4445
#To erase type into telnet: flash erase_sector 0 0 127
#To read device ID and Flash size type into telnet: flash probe 0
source [find interface/stlink-v2-1.cfg]
hla_serial \x56\x3F\x6E\x06\x66\x3F\x48\x55\x38\x57\x09\x67
transport select hla_swd
source stm32f1x-nores.cfg
reset_config none srst_nogate
Look at the hla_serial line. Each MCU has it's own st-link connected over SWD and each st-link has own oocd configuration with serial number and own port. Then launch oocd for each one and you will get GDB server per each MCU.
You can get serial number of st-link using lsusb -v command on Linux. Some clones do not have serial number and some need to be upgraded. Google will help you.
I was able to figure out how to program two micro controller using Openocd
I am currently using USB Bus Blaster V4 Dev Board which contains FT2232 USB to JTAG Converter IC.
My Setup consist of 2 STM32 MCU in daisy Chain configuration.
Since both the MCU have same tap IC i made board config file as suggested by the user guide on page number 22 section 6.2.1 as follows:
set CHIPNAME stm32master
source [find target/stm32f4x.cfg]
-# Chip #2: STM32F405 for Slave STM32, little endian
set CHIPNAME stm32slave
source [find target/stm32f4x.cfg]
gdb_memory_map disable
reset_config srst_only```
The command used for starting openocd is as follows:
sudo openocd -d2 -f interface/ftdi/dp_busblaster_kt-link.cfg -f board/stm32trail.cfg -c init -c scan_chain -c targets
My output after executing the above command in terminal is as follows:
The sequence in which I executed commands in telnet local host are as follows:
targets stm32master.cpu
halt
targets stm32slave.cpu
halt
flash erase_sector 0 0 7
flash write_image erase /home/nikhil/Downloads/Red_Led_C13.hex
verify_image /home/nikhil/Downloads/Red_Led_C13.hex
reset
targets stm32master.cpu
halt
flash erase_sector 0 0 7
flash write_image erase /home/nikhil/Downloads/Red_Led_C13.hex
verify_image /home/nikhil/Downloads/Red_Led_C13.hex
reset
I was able to program both MCU successfully .
I'm currently trying to debug my kernel. My goal is to put a breakpoint in a new syscall that I am implementing. The kernel runs on a remote Imx6q board. I've setup the JTAG debugger and I can connect GDB to it and pause the execution.
My issue is whith debug symbols.
I've added those properties to my defconfig :
CONFIG_GDB_SCRIPTS=y
CONFIG_DEBUG_KERNEL=y
CONFIG_RANDOMIZE_BASE=n
CONFIG_FRAME_POINTER=y
CONFIG_KGDB=y
CONFIG_DEBUG_INFO=y
When I start a session :
(gdb) tar ext :3333
Remote debugging using :3333
warning: No executable has been specified and target does not support
determining executable automatically. Try using the "file" command.
0xa7780ef0 in ?? ()
(gdb) c
Continuing.
I can attach a symbol file by hand, but it is required to provide an address to attach it.
(gdb) add-symbol-file /home/tlavocat/development/android/out/target/product/wandboard_qca/kernel-imx/kernel/sys.o
The address where /home/tlavocat/development/android/out/target/product/wandboard_qca/kernel-imx/kernel/sys.o has been loaded is missing
The function I want to stop in is this one :
wandboard_qca:/ # cat /proc/kallsyms | grep sys_keeper_get_state
c003e0ac T sys_keeper_get_state
And it is implemented in kernel/sys.c.
My question is, how can I attach my symbols correctly to the right address ?
Thank's for your answers
I simply needed to load le kernel binary.
file .out/target/product/wandboard_qca/kernel-imx/vmlinux
And then connect to the remote target.
I am trying to flash a blue-pill clone with a CS32F103C8T6 chip using the AC6 SystemWorkBench and a ST-LINK v2 device. It is a project built from STM32CubeMX - I am using a MacOS Mojave machine. Here is the output when trying to flash the device.
Info : The selected transport took over low-level target control. The results might differ compared to plain JTAG/SWD
adapter speed: 8000 kHz
adapter_nsrst_delay: 100
Info : clock speed 8000 kHz
Info : STLINK v2 JTAG v31 API v2 SWIM v7 VID 0x0483 PID 0x3748
Info : using stlink api v2
Info : Target voltage: 3.162004
Info : Unable to match requested speed 8000 kHz, using 4000 kHz
Info : Stlink adapter speed set to 4000 kHz
Warn : UNEXPECTED idcode: 0x2ba01477
Error: expected 1 of 1: 0x1ba01477
in procedure 'program'
in procedure 'init' called at file "embedded:startup.tcl", line 495
in procedure 'ocd_bouncer'
** OpenOCD init failed **
shutdown command invoked
I have googled and found some similar posts about it, but have no luck solving it.
Does anyone have an idea ?
mvh
Ole K Hornnes
In the OpenOCD config file, you need to add:
set CPUTAPID 0x2ba01477
I've never used AC6 SystemWorkbench and I don't now how you configure the board and the debug adapter in it. So I can't really tell where to look for the config file.
OpenOCD comes with an entire directory of board configurations, usually in a directory OpenOCD / scripts / board. It contains a script called stm32f103c8_blue_pill.cfg, which might be used in your case. Start there...
set CPUTAPID 0x2ba01477 ; Will work for the clone but not for the genuine STM32…
Instead use: set CPUTAPID 0
The zero tells OpenOCD to ignore the id number, so any MCU will then work…
Information Source: OpenOCD TAPs
C:\Ac6\SystemWorkbench\plugins\fr.ac6.mcu.debug_2.5.0.201904120827\resources\openocd\st_scripts\target\stm32f1x.cfg
add this line before first if statement
set CPUTAPID 0
it solves all openocd stlink id errors
I setup Visual Studio 2015 with VisualGDB, and setup an LED Blink project using the HAL, as described in this example: http://visualgdb.com/tutorials/arm/stm32/stm32l4/
The tools installed correctly, and the my project follows the example exactly, including Step 6, and then up through Step 7. However, after setting a breakpoint and attempting to run to it per Step 8, I get the following in the Output window:
Open On-Chip Debugger 0.9.0 (2015-10-08-15:57)
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
Info : auto-selecting first available session transport "hla_swd". To override use 'transport select <transport>'.
Info : The selected transport took over low-level target control. The results might differ compared to plain JTAG/SWD
adapter speed: 500 kHz
adapter_nsrst_delay: 100
none separate
Info : Unable to match requested speed 500 kHz, using 480 kHz
Info : Unable to match requested speed 500 kHz, using 480 kHz
Info : clock speed 480 kHz
Info : STLINK v2 JTAG v24 API v2 SWIM v10 VID 0x0483 PID 0x374B
Info : using stlink api v2
Info : Target voltage: 3.263434
Info : stm32l4x.cpu: hardware has 6 breakpoints, 4 watchpoints
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x0800027c msp: 0x20020000
adapter speed: 4000 kHz
Info : accepting 'gdb' connection on tcp/3333
Info : device id = 0x10076415
Info : flash size = 1024kbytes
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x0800027c msp: 0x20020000
adapter speed: 4000 kHz
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x0800027c msp: 0x20020000
adapter speed: 4000 kHz
Warn : Padding 4 bytes to keep 8-byte write size
target state: halted
target halted due to breakpoint, current mode: Thread
xPSR: 0x61000000 pc: 0x2000004a msp: 0x20020000
Warn : block write succeeded
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x0800027c msp: 0x20020000
Error: Memory write failure!
At the same time, I get a dialog pop-up that states: "The memory location used for the stack is not writable. Please check the device type and the linker script. You can disable automatic stack checking via VisualGDB Project Properties"
Looking in the .map file that was generated during the build, there is nothing near 0x61000000 or anything at 0x01000000. There is a _estack = 0x20020000.
I added a -N to the linker flags (LDFLAGS := -Wl,-N,-gc-sections), to see if this would affect anything, and id didn't.
Any ideas on what may be wrong?
Thank you in advance.
The "The memory location used for the stack is not writable" error occurs when VisualGDB tries to test whether the end-of-stack (_estack - 4) is writable.
If you switch the GDB Session window to the All GDB Interaction mode, you will see that VisualGDB is trying to write a random value there and then checks whether it can be read back:
-data-evaluate-expression "&_estack"
^done,value="0x20020000"
-var-create - * "*((void **)0x2001fffc)"
^done,name="var1",numchild="0",value="0x80002ad ",type="void *",has_more="0"
-var-assign "var1" 0x1b5bfd22
^done,value="0x1b5bfd22"
-data-evaluate-expression "\*\(\(void\ \*\*\)0x2001fffc\)"
^done,value="0x1b5bfd22"
If it does not, most likely you have selected an incorrect device while creating your project (e.g. your device actually has 32KB of RAM while you have selected a device with 64K of RAM). There can also be a bug in the VisualGDB device definitions.
You can find this out by comparing the address of _estack from your linker script with the end address of the RAM described in your device datasheet.
I am trying to use GDB to debug a Linux kernel zImage before it is decompressed. The kernel is running on an ARM target and I have a JTAG debugger connected to it with a GDB server stub. The target has to load a boot loader. The boot loader reads the kernel image from flash and puts it in RAM at 0x20008000, then branches to that location.
I have started GDB and connected to the remote target, then I use GDB's add-symbol-file command like so:
add-symbol-file arch/arm/boot/compressed/vmlinux 0x20008000 -readnow
When I set a breakpoint for that address, it does trap at the correct place - right when it branches to the kernel. However, GDB shows the wrong line from the source of arch/arm/boot/compressed/head.S. It's 4 lines behind. How can I fix this?
I also have tried adding the -s section addr option to add-symbol-file with -s .start 0x20008000; this results in exactly the same problem.
There are assembler macros that print out stuff when compiling with low level debug. You have to make sure the macros are appropriate for your board.
linux-latest/arch/arm$ find . -name debug-macro.S | wc
56 56 2306
Find the file for your board and ensure the correct serial port registers are hit. You can instrument the code with out using JTAG. These macros are used in the decompress code. Of course configure with *CONFIG_DEBUG_LL*.
Most likely the ATAGs are not correct or one of the other requirements. Checkout Documentation/arm/Booting to make sure you have registers set properly. Note there is a new requirement with recent kernels to send a dt list.