OpenOCD
Barracuda module debug over JTAG using OpenOCD
It was tested on Ubuntu 10.04 LTS and reciva-kernel-v24080215+00.tar.bz2 kernel pack.
OpenOCD installation and testing
To install openocd in Ubuntu enter command
sudo apt-get install openocd
Create openocd config file JTAGdebug.cfg with this contents:
# # Parallel port wiggler (many clones available) on port 0xc8b8 # telnet_port 4444 gdb_port 3333 interface parport parport_port 0 parport_cable wiggler # Found on the 'TinCanTools' Hammer board. if { [info exists CHIPNAME] } { set _CHIPNAME $CHIPNAME } else { set _CHIPNAME s3c2410 } if { [info exists ENDIAN] } { set _ENDIAN $ENDIAN } else { # This config file was defaulting to big endian.. set _ENDIAN little } if { [info exists CPUTAPID] } { set _CPUTAPID $CPUTAPID } else { set _CPUTAPID 0xffffffff } #use combined on interfaces or targets that cannot set TRST/SRST separately reset_config trst_and_srst #jtag scan chain jtag newtap $_CHIPNAME cpu -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id $_CPUTAPID set _TARGETNAME $_CHIPNAME.cpu target create $_TARGETNAME arm920t -endian $_ENDIAN -chain-position $_TARGETNAME -variant arm920t $_TARGETNAME configure -work-area-virt 0 -work-area-phys 0x30800000 -work-area-size 0x20000 -work-area-backup 0 # speed up memory downloads arm7_9 fast_memory_access enable arm7_9 dcc_downloads enable nand device s3c2410 s3c2410.cpu
Now it's possible to test OpenOCD. Connect JTAG cable to pc, power on radio and execute command in a shell
sudo openocd -f JTAGdebug.cfg
You should see the output
Open On-Chip Debugger 0.3.1 (2010-01-18-14:21) $URL$ For bug reports, read http://openocd.berlios.de/doc/doxygen/bugs.html parport port = 0 trst_and_srst separate srst_gates_jtag trst_push_pull srst_open_drain fast memory access is enabled dcc downloads are enabled Error: Translation from jtag_speed to khz not implemented Info : interface specific clock speed value 0 Info : JTAG tap: s3c2410.cpu tap/device found: 0x0032409d (mfg: 0x04e, part: 0x0324, ver: 0x0) Warn : JTAG tap: s3c2410.cpu UNEXPECTED: 0x0032409d (mfg: 0x04e, part: 0x0324, ver: 0x0) Error: JTAG tap: s3c2410.cpu expected 1 of 1: 0xffffffff (mfg: 0x7ff, part: 0xffff, ver: 0xf) Error: Trying to use configured scan chain anyway... Warn : Bypassing JTAG setup events due to errors Info : Embedded ICE version 2
Now you can halt radio connecting to OpenOCD with telnet in a new shell window
telnet localhost 4444
Telnet output :
Code: [Select] Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Open On-Chip Debugger >
In telnet terminal enter command halt and terminal writes
> halt target state: halted target halted in ARM state due to debug-request, current mode: Supervisor cpsr: 0x20000093 pc: 0xc0015c74 MMU: enabled, D-Cache: enabled, I-Cache: enabled >
Now we can power off radio and go to second part.
Kernel with debug options compiling
To see debugging symbols in gdb shell you need compiled kernel with debug option enabled. In reciva kernel Makefile you need to add -g option after -Wall in these 2 lines:
HOSTCFLAGS = -Wall -g -Wstrict-prototypes -O2 -fomit-frame-pointer CFLAGS := $(CPPFLAGS) -Wall -g -Wstrict-prototypes -Wno-trigraphs -O2 \
Now you can rebuild kernel. After build you need a file vmlinux from reciva kernel root dir it's about 32M size.
If your radio kernel version is the same like kernel source you can skip information below how to flash new kernel to radio.
New kernel flashing
The kernel file zImage could be found in folder /arch/arm/boot
To be suitable for sharpflash you need to use getpart utility
getpart zImage 0 fc000 kernel.new
After this kernel.new size must be the same like kernel-mtd.bin from backups.
Before doing this be sure you have backup of your radio working kernel partition.
Now turn on radio and sharpflash the new kernel.
sharpflash -w kernel.new 4000 fc000
When flashing is finished restart radio. If you have changed in kernel source something, for debugging must use apropriate vmlinux file.
Debugging with gdb
Turn on radio. Run OpenOCD and telnet. Enter halt command in telnet window when radio display lights up. Now we need to run gdb in a new shell window.
root@reciva-dev:/home/shared# gdb
Gdb output screen
GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. (gdb)
to load debug symbols in gdb environment execute file vmlinux.(I have copied vmlinux file to the place where execute gdb in my case /home/shared)
(gdb)file vmlinux
Output:
Reading symbols from /home/shared/gdb/vmlinux...done. (gdb)
Now connect to OpenOCD enter in gdb this command
target remote localhost:3333
Output :
Remote debugging using localhost:3333 0xc01b8d28 in cr_alignment () (gdb)
Now i'ts possible to get kernel variable values.
Below it's shown method how to get dmesg printout using log_buf variable.
Gdb script for dmesg
You can simply copy paste this script to gdb environment
define dmesg set $i=0 set $end_idx=(log_end -1) while($i< logged_chars) printf"%c",log_buf[$i] set $i=$i+1 end end
At the end you need to press enter. Output :
(gdb) define dmesg Type commands for definition of "dmesg". End with a line saying just "end". >set $i=0 >set $end_idx=(log_end -1) >while($i< logged_chars) >printf"%c",log_buf[$i] >set $i=$i+1 >end >end (gdb)
Now execute dmesg command in gdb shell
(gdb) dmesg <4>Linux version 2.4.26-vrs1-bast2 (pb@bob.internal.reciva.com) (gcc version 3.3.4) v24080215+00 #1 Fri Feb 15 17:33:14 GMT 2008 <4>CPU: Arm920Tid(wb) revision 0 <4>Machine: Reciva-IR2 <4>HWCONFIG values are: 15 1f (1013) <4>S3C2410: 202.800000 MHz, memory 101.400000 MHz, pclk 50.700000 MHz <4>On node 0 totalpages: 8192 <4>zone(0): 8192 pages. <4>zone(1): 0 pages. <4>zone(2): 0 pages. <4>Kernel command line: root=/dev/mtdblock2 ro init=/linuxrc <7>Relocating machine vectors to 0xffff0000 <4>irq: clearing subpending status 00000402 <4>bast_init_irq: <4>setup_timer: TCNTB4 at d890003c <4>setup_timer: tcon=00000000, tcnt should be f799 <4>setup_timer: about to configure timer4 <4>setup_timer: stopping timer <4>setup_timer: adding interrupt <4>setup_timer: starting timer <4>Calibrating delay loop (skipped)... 101.17 BogoMIPS <6>Memory: 32MB = 32MB total ---Type <return> to continue, or q <return> to quit---
Pressing enter you can read all dmesg.