############################################################################################### # Overview of remote GDB commands # monitor rcmd # ASSIGN commands:
A CPU will have at least one Memory Map Layout.
You might like to use different aspects of the same Layout.
Or the CPU is changing its MemMap layout and you like to follow this.
First define how many MemMaps you like to use.
e.g. Allocate 3 MemMaps to have MemMap[0],MemMap[1], and MemMap[2]
monitor MemMap.MaxNum = 3
define how many entries in a MemMap you need
e.g. Allocate 10 entries within the last MemMap (=2)
monitor MemMap.MaxEntrys[2] = 10
define a single entry of the MemMap Layout
%MemMap% -> the number of the MemMap
%Entry% -> the number of the Entry within the abowe MemMap
%MemType% -> cache,flash,io,ram,sfa,workspace,applflash,unreal or delete
supported memory types are:
RA (ram) --- read and writeable memory
RO (rom) --- read only memory (read once)
RE (rereadRom) --- read only memory (read again after every program break/stepping stop)
F (flash) --- programmable memory (with special command sequences)
C (cache) --- (reserved e.g. to invalidate it on go)
A (applflash) --- (reserved e.g. for application flash)
U (unreal) --- pseudo RAM, that only exist at server side but not at real target side
I (io) --- to make clear that the debugger never access it directly
S (sfa) --- special function area (e.g. to configure special on chip register)
W (workspace) --- optional area for GDB (e.g. to program a flash)
D (delete) --- delete entry by marking it as being undefined
%BusSize% -> 8,16,32 [or 128,132,164 for special on chip Flash controllers]
supported bus sizes are 8, 16, 32 or a special case
Special cases are embedded flash controllers here a value bigger
than 32 describes the kind of controller
128 -> Philips @ LPC21xx
132 -> Atmel @ At91SAM7
164 -> STM @ STR71x , STR91x or STM32F10x
%BaseAddress% -> is the memory base address
%AddressLength% -> is the length of this memory e.g. Define a 16 Bit wide, 2 MByte SRAM at Addr. 0 inside of the last entry in the last MemMap
monitor MemMap[2][9] = ram, 16, 0, 2 MByte
Most CPU's do have special function registers to control the onchip periphery.
In many case you have to send a couple of values into spread addresses,
e.g. to do a SETUP of a SDRAM controller.
So you need a Command Sequence to describe this.
First define how many CmdSequence you like to use
e.g. Allocate 5 commandSequences
monitor CmdSequence.MaxNum = 5
define how many entries in a single sequence you need
e.g. Allocate 3 entries within the last sequence (=4)
monitor CmdSequence.MaxEntrys[4] = 3
define a single entry of the sequence to do a read or write access at the target side
%CmdNum% -> the number of the command sequence
%Entry% -> the number of a single command in this sequence
%BusSize% -> 8,16,32
%Addr% -> [0x0 .. 0xFFFFFFFF] This is the Address of the special function area (SFA)
%Command% -> Read to do a read operation (at SFA)
ADDRREF READ
Force Read to do a read operation (at SFA or normal Memeory like RAM, ROM etc.)
FORCE ADDRREF READ
Write to do a write operation (at SFA)
VALREF WRITE
ADDRREF WRITE
VALREF ADDRREF WRITE
Force Write to do a write operation (at SFA or normal Memeory like RAM, ROM etc.)
FORCE VALREF WRITE
FORCE ADDRREF WRITE
FORCE VALREF ADDRREF WRITE
%Value% -> [0x0 .. 0xFFFFFFFF] value to be writtenif nither read nor write is given then the "write" command is assumed e.g. define command entry
monitor CmdSequence[4][2] = 32, 0xFFFC0000, 0x11110000 monitor CmdSequence[7][3] = 32, 0xFFFC0000, Read monitor CmdSequence[8][1] = 32, 0xFFFC0000, Force Write 0x11110000 monitor CmdSequence[9][3] = 32, 0xFFFC0000, Force Read
define a single entry of the sequence to do a internal command at the host side
%CmdNum% -> the number of the command sequence
%Entry% -> the number of a single command in this sequence
%NumArg1% -> [0x0 .. 0xFFFFFFFF] first numerical argument
%NumArg2% -> [0x0 .. 0xFFFFFFFF] second numerical argument
%NumArg% -> [0x0 .. 0xFFFFFFFF] single numerical argument
%Command% -> see below= NOP -- default nop command
arithmetic commands
= %NumArg% SETVAR
-- set variable = imediate
= %NumArg1% %NumArg2% MOV
-- copy value from first given sequence position (%NumArg1%)
and set this value at an other sequence position (%NumArg2%)
= %NumArg% DUPVAR
-- duplicate variable (copy of given sequence position)
= %NumArg% ADD
-- calculate variable = previous var + var (of given position)
= %NumArg% SUB
-- calculate variable = previous var - var (of given position)
-- alternative use COMPARE or CMP
= %NumArg% SUBREV
-- calculate variable = var (of given position) - previous var
= %NumArg% MUL
-- calculate variable = previous var * var (of given position)
= %NumArg% AND
-- calculate variable = previous var & var (of given position)
-- alternative use TST
= %NumArg% OR
-- calculate variable = previous var | var (of given position)
= %NumArg% XOR
-- calculate variable = previous var ^ var (of given position)
-- alternative use TEQ
= NOT
-- calculate variable = ~ var (of given position)
= %NumArg% LSR
-- calculate variable = previous var right shift (of given position)
= %NumArg% LSL
-- calculate variable = previous var left shift (of given position)
= %NumArg% ROR
-- calculate variable = previous var rotate right (of given position)
= %NumArg% DIV
-- calculate variable = previous var / var (of given position)
-- <pre var / 0 will exit all commands> jump commands
= %NumArg% JMP
-- jump always to sequence at position %NumArg%
= %NumArg% JMPEQ
-- equal
= %NumArg% JMPNE
-- not equal
= %NumArg% JMPUHS
-- unsigned higher or same (alias carry set)
= %NumArg% JMPUHI
-- unsigned higher
= %NumArg% JMPULS
-- unsigned lower or same
= %NumArg% JMPULO
-- unsigned lower (alias carry clear)
= %NumArg% JMPSGE
-- signed greater or equal
= %NumArg% JMPSGT
-- signed greater than
= %NumArg% JMPSLE
-- signed less or equal
= %NumArg% JMPSLT
-- signed less than
= %NumArg% JMPPOZ
-- signed positive or zero
= %NumArg% JMPMI
-- signed negative
= %NumArg% JMPOVS
-- overflow set
= %NumArg% JMPOVC
-- overflow clear call - environment and Data Store commands
= DUPARG
-- collect argument value of calling function (this migth be an address of a call storage at host side)
= %NumArg% CALL
-- call function "cmd[\%NumArg\%]" (the function argument is 0)
= %NumArg% CALLWVAR
-- call function "cmd[\%NumArg\%]"
(the function argument is in the variable value of the previous sequence)
= %NumArg% RETURN
-- terminate current function with return value %NumArg%
= DUPRETVAL
-- collect return value from last funtion call
= EXPORT
-- export local data store (this will be the call storage for any following function call)
= %NumArg% ALLOC
-- allocate %NumArg% size words in an additional local data store
(the new base address is hold in the sequence value)
= ALIVE
-- send a "still alive" message to gdb host internal access
= %NumArg% LOAD
-- read value from local storage
(%NumArg% is absolute in an word address space)
= %NumArg% ADDRREF LOAD
-- read value from local storage
(sequence number %NumArg% is holding the absolute value in an word address space)
= %NumArg1% %NumArg2% STORE
-- write value %NumArg2% to local storage
(%NumArg1% is absolute in an word address space)
= %NumArg1% %NumArg2% VALREF STORE
-- write value of sequence number %NumArg2% to local storage
(%NumArg1% is absolute in an word address space)
= %NumArg1% %NumArg2% ADDRREF STORE
-- write value %NumArg2% to local storage
(sequence number %NumArg1% is holding the absolute value in an word address space)
= %NumArg1% %NumArg2% ADDRREF VALREF STORE
-- write value of sequence number %NumArg2% to local storage
(sequence number %NumArg1% is holding the absolute value in an word address space)Sometimes it is useful to send a event driven command sequence.
For example you might like to stop a timer on DEBUG entry
and restart a time at DEBUG exit.
bind command sequence to event
%Event% -> type of event
Reset --- reset command
Start --- on debug exit (gdb command s or c)
Stop --- on debug entry (catch breakpoint or other stop signal)
MultiThreadActive --- gdb support function
MinimalThreadId --- gdb support function
GetCurrentThreadId --- gdb support function
GetSavedRegisterSet --- gdb support function
IsTheadIdAlive --- gdb support function
GetTLSAddr --- gdb support function
GetThreadInfo --- gdb support function e.g. bind sequence number 1 on debug exit
monitor CmdSequence.Bind[1] = StartPeriphery
Some cmd[] functions needs to be called with symbol addresses
%SymString% -- symbolic name like "printf"
%FuntionBitmask% -- function bitmask
0x0001 ResetCPU
0x0002 StartTarget or StartPeriphery
0x0004 StopTarget or StopPeriphery
0x0100 MultiThreadActive indicate if threading is active or not
0x0200 MinimalThreadId lowest possible ID
0x0400 GetCurrentThreadId
0x0800 GetSavedRegisterSet
0x1000 IsTheadIdAlive
0x2000 GetTLSAddr
0x4000 GetThreadInfo e.g. to deliver the address of symbol curr_pcb inside of a call store /n when calling function GetCurrentThreadId,GetSavedRegisterSet,IsTheadIdAlive or GetTLSAddr
monitor symbol = curr_pcb 0x3C00
rename the default name of "main" to an other name e.g.
monitor mainSymbol = StartUp
In some situations gdb got confused and you can not change the register value
with gdb command like:
set $pc=0x0
So here is a work a round to force this
%RegNum% -> [0..15] for r0..r15 and 16 for CPSR
%value% -> new register value e.g.
monitor Register[15] = 0x0
configure interrupt handling while doing a single step
%value% -> behaviour 0 -> disable Interrupt in step mode 1 -> enable - " -
(experimental) leave as 0
%value% -> behaviour 0 -> low speed MCLK x -> linger factor to next debug mode command after a system speed command
(deprecated experiment)
%value% -> behaviour 0 -> low speed FLASH Download with completion check 1 -> low speed FLASH Download without completion check 2 -> faster speed FLASH Download with completion check 3 -> faster speed FLASH Download without completion check
%value% -> behaviour 0 -> keep cached memory as is 1 -> invalidate cached memory
%value% -> behaviour 0 -> skip check of currently invalid cache flash memory 1 -> check even invalidate cached flash memory (assuming all data is 0xFF)
%value% -> behaviour 0 -> do not try to reprogram flash at first "continue" (default) 1 -> try to reprogram flash at first "continue" after "load" and "symbol"
%value% -> behaviour 0 -> disable support for remote GDB vFlash.. commands (default) 1 -> enable support for remote GDB vFlash.. commands
Setting the servers "FakeContinue" mode.
After receiving a GDB-Continue command the server is able to
transfer data to GDB-STDOUT.
In "FakeContinue" mode the GDB-continue is not delivered to the target side.
%value% -> mode 0 -> disable fake_continue_mode 1 -> enable fake_continue_mode
%value% -> behaviour 0 -> workspace is only used if it is defined inside of the MemMap 1 -> if not defined in MemMap use Top of RAM as workspace 2 -> if not defined in MemMap use Bottom of RAM as workspace 3 -> if not defined in MemMap use lower part of last RAM as workspace 4 -> if not defined in MemMap use higer part of first RAM as workspace
%value% -> behaviour 0 -> do not force 1 -> force setting Hardware breakpoint, even if the address is placed in RAM
%value% -> behaviour 0 -> do not force 1 -> force setting Hardware breakpoint at symbol main (This will be the only present breakpoint.) After hit, forceTempHWBreakAtMain = 0 and other breakpoints will be allowed.
%value% -> behaviour 0 -> disable 1 -> enable (sending GDB FREAD request -- to read from console STDIN)
%value% -> behaviour 0 -> DCC off 1 -> DCC Character interface in 32-Bit Word (hi(bit[31..24])=first char,..,lo(bit[7..0])=last) (note: Cortex M3, dose not have a DCC Channel here debugComActivSymbol, debugComInSymbol and debugComOutSymbol needed)
give the name of a "char" varibale the debugger will set this to "1" to indicate that the the debugComChan is ready to exchange data e.g. the source code variable "static volatile char debugChanActive = 0;" monitor debugComActivSymbol = debugChanActive
debugComOutSymbol = %SymString%
(debug communiction interface at Cortex M3)
give the name of a "struct" varibale
struct debugComIn {
char buffer[debugComInSize];
volatile unsigend char freePos;
volatile unsigend char startPos:
} __attribute__((packed)); target and debugger will exchange data via this interface
the target write data at next freePos and increments the position (modulo size)
the debbuger will read data at startPos and increments the position (modulo size)
e.g.
the source code variable
"static volatile struct debugComIn debugMsgTarget2Gdb;"
monitor debugComInSymbol = debugMsgTarget2Gdb
debugComOutSize = %value%
char buffer size of structure debugComIn or debugComOut
%value% from 2..256
The ARM7TDMI and the ARM9TDMI can set only two HW-Breakpoints.
If you have already set both Breakpoints and you try to issue a "next" command, Gdb may try to set an other Breakpoint after a function call.
Instead of setting this breakpoint, we can perform "single steps" until reaching this break.
(Interrupts are disabled while doing this.)
Depending of the depth of the function this might be terrible slow.
%value% -> behaviour 0 -> no auto step 1 -> if no more Hardware breakpoints exist, emulate "next" by doing step instr. until reaching the matching return addr.
Speed up the abowe AutoStep since not all step instructions have to be done at the target machine. (But this is still slow.)
%value% -> behaviour 0 -> no step emulation 1 -> emulate step intst if doing auto Step 2 -> emulate step intst
%value% -> maximum number of step history entries (used by infinite stepping loop detection)
%value% -> CPU clock frequency in kHz used by Philips LPC 21xx and LPC 22xx types
%value% -> CPU clock frequency in kHz used by ATMEL at91sam7 types
%value% -> Boot bank address of embedded Flash (default = 0x0) available only at STR91x types
%value% -> NonBoot bank address of embedded Flash (default = 0x0) available only at STR91x types
If MMU exists and it is enabled at debug entry then the server variable VirtualMemory will be set.
Otherwise the variable VirtualMemory will be cleared at debug entry.
%value% -> translate 0 -> no Virtual to Physical (for gdb) 1 -> Virtual to Physical (for gdb)
If MMU exists set exception vector base address.
%value% -> exception behaviour 0 -> no high Vector exception table (use low table at 0x0) 1 -> use high Vector exception table at 0xFFFF0000
%value% -> Mask to enable debug messages at server side 0x0002 -> DBG_LEVEL_JTAG_TAP 0x0004 -> DBG_LEVEL_JTAG_INSTR 0x0008 -> DBG_LEVEL_JTAG_ICERT 0x0010 -> DBG_LEVEL_JTAG_ARM_LOW 0x0020 -> DBG_LEVEL_JTAG_ARM 0x0040 -> DBG_LEVEL_GDB_ARM_INFO_LOW 0x0080 -> DBG_LEVEL_GDB_ARM_INFO 0x0100 -> DBG_LEVEL_GDB_ARM_WARN 0x0400 -> DBG_LEVEL_GDB_ARM_ERROR
%value% -> behaviour 0 -> be less verbose (in fake_continue_mode) 1 -> be more verbose (in fake_continue_mode)
##################### # FUNCTION commands: #
Start a previous defined command sequence
e.g.
monitor Cmd[0]
remove all symbols (including mainSymbol) from symbol table and restore default table
Activate a MemMap
e.g.
monitor UseMemMap[0]
Deactivate current MemMap
(experimental) Restart
(experimental hack)
Program a number of flash sectors (%numberOfSectors%) starting at base address (%baseaddress%).
Only sectors that are known to be dirty (loaded data and flash data differ) will be programmed. So you need to do a verify (or check) first. This transaction may take a while.
To see what is happening, set the server into "FakeContinue" mode.
After receiving a GDB-Continue command the server is able to transfer data to GDB-STDOUT.
(In "FakeContinue" mode, the GDB-continue is not delivered to the target side.)
e.g.
monitor FakeContinue = 1 monitor ProgramFlash 0x0 1 continue monitor FakeContinue = 0
Verify a number of flash sectors (%numberOfSectors%) starting at base address (%baseaddress%) with previous loaded data.
If no data previously loaded. Read in data from flash.
This transaction may take a while.
To see what is happening, set the server into "FakeContinue" mode. After receiving a GDB-Continue command the server is able to transfer data to GDB-STDOUT.
(In "FakeContinue" mode, the GDB-continue is not delivered to the target side.)
e.g.
monitor FakeContinue = 1 monitor VerifyFlash 0x0 1 continue monitor FakeContinue = 0
Check a number of flash sectors (%numberOfSectors%) starting at base address (%baseaddress%).
Compare a calculated checksum at target side with one calculated at server side.
This transaction may take a while.
To see what is happening, set the server into "FakeContinue" mode. After receiving a GDB-Continue command the server is able to transfer data to GDB-STDOUT. (In "FakeContinue" mode, the GDB-continue is not delivered to the target side.)
e.g.
monitor FakeContinue = 1 monitor CheckFlash 0x0 1 continue monitor FakeContinue = 0
Erase a number of flash sectors (%numberOfSectors%) starting at base address (%baseaddress%).
This transaction may take a while.
To see what is happening, set the server into "FakeContinue" mode. After receiving a GDB-Continue command the server is able to transfer data to GDB-STDOUT.
(In "FakeContinue" mode, the GDB-continue is not delivered to the target side.)
e.g.
monitor FakeContinue = 1 monitor ErasekFlash 0x0 1 continue monitor FakeContinue = 0
set general purpose NVM bit
Bit 0 set; enables the brownout detection control at SAM7
Bit 1 set; enables a brownout reset if brownout is detected at SAM7
(programming the NVM bit's for more than 100 times may dammage the CPU; see datasheed)
e.g. to set Bit0
monitor SAM7SetGpnvmBit 0
clear general purpose NVM bit
Bit 0 clear; disable the brownout detection control at SAM7 (factory default)
Bit 1 clear; disable a brownout reset if brownout is detected at SAM7 (factory default)
(programming the NVM bit's for more than 100 times may dammage the CPU; see datasheed)
e.g. to clear Bit0
monitor SAM7ClearGpnvmBit 0
generate LPC 21xx interrrupt vector checksum
erases option bytes (might also dose a mass erase)
e.g.
monitor Stm32xOptErase
##################### # Show Info:
Show result of a previously started ..Flash command
Show CPU - System Information (Collected at startup time)
return list of available COMMANDS
Show info about the current MemMap.
Since the data did not fit in a single response frame, multiple can be transferred by setting the server into "FakeContinue" mode.
After receiving a GDB-Continue command the server is able to transfer data to GDB-STDOUT.
(In "FakeContinue" mode, the GDB-continue is not delivered to the target side.)
e.g.
monitor FakeContinue = 1 monitor MemMap continue monitor FakeContinue = 0
Show result of previous started command sequence (see:mointor Cmd)
e.g. assume we have defined the following command sequence
monitor CmdSequence[0][0] = 32, 0xFFFC0000, 0x11110000 monitor CmdSequence[0][1] = 32, 0xFFFC0000, Read monitor CmdSequence[0][2] = 32, 0xFFFC0000, 0x11110002 monitor CmdSequence[0][3] = 32, 0xFFFC0000, Read
with
monitor Cmd[0]
we write the value 0x11110000 into address 0xFFFC0000
then we read out the value of address 0xFFFC0000
next we write the value 0x11110002 into address 0xFFFC0000
and then we read out the value of address 0xFFFC0000 again
now we can collect the result of the "Read" sequence using
monitor CmdSequence[0][1] monitor CmdSequence[0][3]
##################### # Show Variables: monitor CmdSequence.Bind monitor Symbol monitor mainSymbol monitor Interrupt monitor modeMCLK monitor modeFLASH monitor modeWorkspace monitor EnableXMLvFlash monitor EnableProgramFlashOnGo monitor InvalFlashWhileEraseing monitor ForceCheckInvalidSector monitor forceHWBreak monitor forceTempHWBreakAtMain monitor EnableDebugComGdbFRead monitor debugComChan monitor AutoStep monitor EnableStepEmulation monitor StepHistorySize monitor LPCfrequence monitor SAM7frequence monitor Str91xCSxMapping monitor Str91xFlashProtectionBank monitor Str91xOTPlock monitor Str91xBootBaseAddr monitor Str91xNonBootBaseAddr monitor VirtualMemory monitor HighVector monitor DbgMask monitor verbose