skyeye－1.2-RC7-2和gdb-6.4的通信问题

qiyao

我现在利用skyeye－1.2-RC7-2和gdb－6.4-cvs进行一些学习和研究，在远程调试u-boot的时候，遇到了这样两个问题，”Timed out“ 和 ”Reply contains invalid hex digit 116“，这两个输出都是从gdb输出的。步骤如下，

1 build gdb for arm ，还编译了skyeye
2 运行skyeye
[qiyao@localhost u-boot-1.1.2]$ ../skyeye-v1/binary/skyeye -d -e u-boot -c skyeye.conf
debugmode= 1, filename = skyeye.conf, server TCP port is 12345
arch: arm
cpu info: armv4, arm920t, 41009200, ff00fff0, 2
mach info: name ep9312, mach_init addr 0x806e2a9
SKYEYE: use arm920t mmu ops
exec file "u-boot"'s format is elf32-little.
load section .text: addr = 0x08400000  size = 0x00013674.
load section .glue_7: addr = 0x08413674  size = 0x00000000.
load section .glue_7t: addr = 0x08413674  size = 0x00000000.
load section .rodata: addr = 0x08413674  size = 0x000004cc.
load section .rodata.str1.4: addr = 0x08413b40  size = 0x00003af7.
load section .data: addr = 0x08417638  size = 0x000009a0.
load section .u_boot_cmd: addr = 0x08417fd8  size = 0x00000438.
not load section .bss: addr = 0x08418410  size = 0x00004454 .
not load section .stab: addr = 0x00000000  size = 0x00000504 .
not load section .stabstr: addr = 0x00000000  size = 0x0000007e .
not load section .debug_abbrev: addr = 0x00000000  size = 0x000070a9 .
not load section .debug_info: addr = 0x00000000  size = 0x00043b42 .
not load section .debug_line: addr = 0x00000000  size = 0x00008954 .
not load section .debug_frame: addr = 0x00000000  size = 0x00002e7c .
not load section .debug_pubnames: addr = 0x00000000  size = 0x00001d24 .
not load section .debug_aranges: addr = 0x00000000  size = 0x00000660 .
not load section .debug_str: addr = 0x00000000  size = 0x00003ec3 .
not load section .comment: addr = 0x00000000  size = 0x00000372 .
not load section .debug_ranges: addr = 0x00000000  size = 0x00000268 .
start addr is set to 0x08400000 by exec file.


3 运行gdb，
[qiyao@localhost skyeye]$ ../gdb/build-gdb-arm/gdb/gdb u-boot-1.1.2/u-boot
GNU gdb 6.4.50.20060419-cvs
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "--host=i686-pc-linux-gnu --target=arm-linux"...
(gdb) set debug remote 1
(gdb) target remote :12345
Remote debugging using :12345
Sending packet: $Hc-1#09...Ack
Packet received:
Sending packet: $qC#b4...Ack
Packet received:
Sending packet: $qOffsets#4b...Ack
Packet received:
Sending packet: $?#3f...Ack
Packet received: S01
Sending packet: $Hg0#df...Ack
Packet received:
Sending packet: $pf#d6...Ack
Packet received:
Sending packet: $g#67...Ack
Packet received: 00000000c3010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400800000000000000000000000000000000000000000000000000000000000000000000000000000000
Sending packet: $m8400000,4#29...Ack
Timed out.
Timed out.
Timed out.
Ignoring packet error, continuing...
Reply contains invalid hex digit 116
Sending packet: $qPart:auxv:read::0,c6#45...Sending packet: $qPart:auxv:read::0,c6#45...Sending packet: $qPart:auxv:read::0,c6#45...Sending packet: $qPart:auxv:read::0,c6#45...Timed out.
Timed out.
Timed out.
Ignoring packet error, continuing...
Packet qPart_auxv (read-aux-vector) is supported
Reply contains invalid hex digit 116


4 skyeye的输出，
[getpkt: discarding char '+']
getpkt ("Hc-1");  [sending ack]
[sent ack]
‡(­ûÇt8putpkt ("$#00"); [looking for ack]
[received '+' (0x2b)]
getpkt ("qC");  [sending ack]
[sent ack]
‡(­ûÇt8putpkt ("$#00"); [looking for ack]
[received '+' (0x2b)]
getpkt ("qOffsets");  [sending ack]
[sent ack]
‡(­ûÇt8putpkt ("$#00"); [looking for ack]
[received '+' (0x2b)]
getpkt ("?");  [sending ack]
[sent ack]
putpkt ("$S01#b4"); [looking for ack]
[received '+' (0x2b)]
getpkt ("Hg0");  [sending ack]
[sent ack]
‡(­ûÇt8putpkt ("$#00"); [looking for ack]
[received '+' (0x2b)]
getpkt ("pf");  [sending ack]
[sent ack]
‡(­ûÇt8putpkt ("$#00"); [looking for ack]
[received '+' (0x2b)]
getpkt ("g");  [sending ack]
[sent ack]
putpkt ("$00000000c3010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400800000000000000000000000000000000000000000000000000000000000000000000000000000000#43"); [looking for ack]
[received '+' (0x2b)]
getpkt ("m8400000,4");  [sending ack]
[sent ack]


是不是gdb版本太高了？还是我忘记了什么别的，请大家指点。
还有skyeye的输出有乱码，觉得很奇怪！

谢谢了！

qiyao

发现是gdb在
Sending packet: $m8400000,4#29...Ack
以后，

skyeye停在
*** utils/debugger/arch_reg.c:
sim_read[139]                  sim_read (ARMword addr, unsigned char *buffer, int size)
这个函数中了，

这个函数调用了，
arch_instance->ICE_read_byte(addr + i, &v);
感觉比较奇怪，
这个函数指针指向了
*** arch/arm/common/arm_arch_interface.c:
arm_ICE_read_byte[100]         static int arm_ICE_read_byte (WORD addr, uint8_t *pv){

不明白和ICE有什么关系？

请指点了，继续研究中....

qiyao

调用关系如下，
static int arm_ICE_read_byte (WORD addr, uint8_t *pv)
调用
int ARMul_ICE_ReadByte(ARMul_State * state, ARMword address, ARMword *presult)
调用
static fault_t
GetByte (ARMul_State * state, ARMword address, ARMword * data)

问题在这里，在arm_ICE_read_byte中，第二个参数类型是uint8_t，但是在ARMul_ICE_ReadByte的相应位置却为ARMword ，这样，里边函数对这个指针的操作就会voerflow到sim_read的变量v。

自己简单的修改了一下arm_ICE_read_byte，问题就解决了！

qiyao

[qiyao@localhost skyeye]$ diff -u ./skyeye-v1-original/arch/arm/common/arm_arch_interface.c ./skyeye-v1/arch/arm/common/arm_arch_interface.c
--- ./skyeye-v1-original/arch/arm/common/arm_arch_interface.c   2006-04-15 17:25:06.000000000 +0800
+++ ./skyeye-v1/arch/arm/common/arm_arch_interface.c    2006-04-21 13:06:28.000000000 +0800
@@ -97,9 +97,16 @@
{
        return (ARMul_ICE_WriteByte (state, (ARMword) addr, (ARMword) v));
}
-static int arm_ICE_read_byte (WORD addr, uint8_t *pv){
-       return (ARMul_ICE_ReadByte (state, (ARMword) addr, (ARMword *)pv));
+static int
+arm_ICE_read_byte (WORD addr, uint8_t *pv){
+  ARMword t;
+  int r;
+  t = *pv;
+  r = ARMul_ICE_ReadByte (state, (ARMword) addr, &t);
+  *pv = (uint8_t)t;
+  return r;
}
+
extern void at91_mach_init ();
extern void ep7312_mach_init ();
extern void lh79520_mach_init ();

ksh

Great...please send your patch to skyeye developer maillist.....