skyeye-1.2-RC7-2和gdb-6.4的通信问题
我现在利用skyeye-1.2-RC7-2和gdb-6.4-cvs进行一些学习和研究,在远程调试u-boot的时候,遇到了这样两个问题,”Timed out“ 和 ”Reply contains invalid hex digit 116“,这两个输出都是从gdb输出的。步骤如下,1 build gdb for arm ,还编译了skyeye
2 运行skyeye
$ ../skyeye-v1/binary/skyeye -d -e u-boot -c skyeye.conf
debugmode= 1, filename = skyeye.conf, server TCP port is 12345
arch: arm
cpu info: armv4, arm920t, 41009200, ff00fff0, 2
mach info: name ep9312, mach_init addr 0x806e2a9
SKYEYE: use arm920t mmu ops
exec file "u-boot"'s format is elf32-little.
load section .text: addr = 0x08400000size = 0x00013674.
load section .glue_7: addr = 0x08413674size = 0x00000000.
load section .glue_7t: addr = 0x08413674size = 0x00000000.
load section .rodata: addr = 0x08413674size = 0x000004cc.
load section .rodata.str1.4: addr = 0x08413b40size = 0x00003af7.
load section .data: addr = 0x08417638size = 0x000009a0.
load section .u_boot_cmd: addr = 0x08417fd8size = 0x00000438.
not load section .bss: addr = 0x08418410size = 0x00004454 .
not load section .stab: addr = 0x00000000size = 0x00000504 .
not load section .stabstr: addr = 0x00000000size = 0x0000007e .
not load section .debug_abbrev: addr = 0x00000000size = 0x000070a9 .
not load section .debug_info: addr = 0x00000000size = 0x00043b42 .
not load section .debug_line: addr = 0x00000000size = 0x00008954 .
not load section .debug_frame: addr = 0x00000000size = 0x00002e7c .
not load section .debug_pubnames: addr = 0x00000000size = 0x00001d24 .
not load section .debug_aranges: addr = 0x00000000size = 0x00000660 .
not load section .debug_str: addr = 0x00000000size = 0x00003ec3 .
not load section .comment: addr = 0x00000000size = 0x00000372 .
not load section .debug_ranges: addr = 0x00000000size = 0x00000268 .
start addr is set to 0x08400000 by exec file.
3 运行gdb,
$ ../gdb/build-gdb-arm/gdb/gdb u-boot-1.1.2/u-boot
GNU gdb 6.4.50.20060419-cvs
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.Type "show warranty" for details.
This GDB was configured as "--host=i686-pc-linux-gnu --target=arm-linux"...
(gdb) set debug remote 1
(gdb) target remote :12345
Remote debugging using :12345
Sending packet: $Hc-1#09...Ack
Packet received:
Sending packet: $qC#b4...Ack
Packet received:
Sending packet: $qOffsets#4b...Ack
Packet received:
Sending packet: $?#3f...Ack
Packet received: S01
Sending packet: $Hg0#df...Ack
Packet received:
Sending packet: $pf#d6...Ack
Packet received:
Sending packet: $g#67...Ack
Packet received: 00000000c3010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400800000000000000000000000000000000000000000000000000000000000000000000000000000000
Sending packet: $m8400000,4#29...Ack
Timed out.
Timed out.
Timed out.
Ignoring packet error, continuing...
Reply contains invalid hex digit 116
Sending packet: $qPart:auxv:read::0,c6#45...Sending packet: $qPart:auxv:read::0,c6#45...Sending packet: $qPart:auxv:read::0,c6#45...Sending packet: $qPart:auxv:read::0,c6#45...Timed out.
Timed out.
Timed out.
Ignoring packet error, continuing...
Packet qPart_auxv (read-aux-vector) is supported
Reply contains invalid hex digit 116
4 skyeye的输出,
getpkt ("Hc-1");
‡(ûÇt8putpkt ("$#00");
getpkt ("qC");
‡(ûÇt8putpkt ("$#00");
getpkt ("qOffsets");
‡(ûÇt8putpkt ("$#00");
getpkt ("?");
putpkt ("$S01#b4");
getpkt ("Hg0");
‡(ûÇt8putpkt ("$#00");
getpkt ("pf");
‡(ûÇt8putpkt ("$#00");
getpkt ("g");
putpkt ("$00000000c3010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400800000000000000000000000000000000000000000000000000000000000000000000000000000000#43");
getpkt ("m8400000,4");
是不是gdb版本太高了?还是我忘记了什么别的,请大家指点。
还有skyeye的输出有乱码,觉得很奇怪!
谢谢了! 发现是gdb在
Sending packet: $m8400000,4#29...Ack
以后,
skyeye停在
*** utils/debugger/arch_reg.c:
sim_read sim_read (ARMword addr, unsigned char *buffer, int size)
这个函数中了,
这个函数调用了,
arch_instance->ICE_read_byte(addr + i, &v);
感觉比较奇怪,
这个函数指针指向了
*** arch/arm/common/arm_arch_interface.c:
arm_ICE_read_byte static int arm_ICE_read_byte (WORD addr, uint8_t *pv){
不明白和ICE有什么关系?
请指点了,继续研究中.... 调用关系如下,
static int arm_ICE_read_byte (WORD addr, uint8_t *pv)
调用
int ARMul_ICE_ReadByte(ARMul_State * state, ARMword address, ARMword *presult)
调用
static fault_t
GetByte (ARMul_State * state, ARMword address, ARMword * data)
问题在这里,在arm_ICE_read_byte中,第二个参数类型是uint8_t,但是在ARMul_ICE_ReadByte的相应位置却为ARMword ,这样,里边函数对这个指针的操作就会voerflow到sim_read的变量v。
自己简单的修改了一下arm_ICE_read_byte,问题就解决了! $ diff -u ./skyeye-v1-original/arch/arm/common/arm_arch_interface.c ./skyeye-v1/arch/arm/common/arm_arch_interface.c
--- ./skyeye-v1-original/arch/arm/common/arm_arch_interface.c 2006-04-15 17:25:06.000000000 +0800
+++ ./skyeye-v1/arch/arm/common/arm_arch_interface.c 2006-04-21 13:06:28.000000000 +0800
@@ -97,9 +97,16 @@
{
return (ARMul_ICE_WriteByte (state, (ARMword) addr, (ARMword) v));
}
-static int arm_ICE_read_byte (WORD addr, uint8_t *pv){
- return (ARMul_ICE_ReadByte (state, (ARMword) addr, (ARMword *)pv));
+static int
+arm_ICE_read_byte (WORD addr, uint8_t *pv){
+ARMword t;
+int r;
+t = *pv;
+r = ARMul_ICE_ReadByte (state, (ARMword) addr, &t);
+*pv = (uint8_t)t;
+return r;
}
+
extern void at91_mach_init ();
extern void ep7312_mach_init ();
extern void lh79520_mach_init (); Great...please send your patch to skyeye developer maillist.....
页:
[1]