我准备了一张带有 RPi OS Lite 的 SD 卡,并修改了我的
config.txtu-boot.bin我已将基于 FT2232H 的 Flyswatter2 JTAG 调试器连接到 Rpi-3B+,并使用以下命令与 JTAG 适配器建立 openocd 连接。到目前为止一切看起来都很好。
$ sudo openocd -f /usr/local/share/openocd/scripts/interface/ftdi/flyswatter2.cfg -f /usr/local/share/openocd/scripts/board/rpi3.cfg
[sudo] password for naveen:
Open On-Chip Debugger 0.12.0-g4d87f6dca (2024-03-22-16:22)
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
Info : auto-selecting first available session transport "jtag". To override use 'transport select <transport>'.
Warn : Transport "jtag" was already selected
trst_only separate trst_push_pull
Info : Listening on port 6666 for tcl connections
Info : Listening on port 4444 for telnet connections
Info : clock speed 4000 kHz
Info : JTAG tap: bcm2837.cpu tap/device found: 0x4ba00477 (mfg: 0x23b (ARM Ltd), part: 0xba00, ver: 0x4)
Info : bcm2837.cpu0: hardware has 6 breakpoints, 4 watchpoints
Info : bcm2837.cpu1: hardware has 6 breakpoints, 4 watchpoints
Info : bcm2837.cpu2: hardware has 6 breakpoints, 4 watchpoints
Info : bcm2837.cpu3: hardware has 6 breakpoints, 4 watchpoints
Info : gdb port disabled
Info : starting gdb server for bcm2837.cpu0 on 3333
Info : Listening on port 3333 for gdb connections
Info : starting gdb server for bcm2837.cpu1 on 3334
Info : Listening on port 3334 for gdb connections
Info : starting gdb server for bcm2837.cpu2 on 3335
Info : Listening on port 3335 for gdb connections
Info : starting gdb server for bcm2837.cpu3 on 3336
Info : Listening on port 3336 for gdb connections
我能够将我的 gdb 连接到 openocd 并检查来自目标的数据。
$ /opt/gcc-arm-10.3-2021.07-x86_64-aarch64-none-linux-gnu/bin/aarch64-none-linux-gnu-gdb u-boot
Reading symbols from u-boot...
(gdb) target remote :3333
Remote debugging using :3333
0x000000003b379450 in ?? ()
(gdb) mon halt
(gdb) mon reg pc
pc (/64): 0x000000003b379450
我尝试设置断点。
(gdb) mon load_image /home/naveen/.repos/src/arm64/u-boot/u-boot.bin 0x80000
597272 bytes written at address 0x00080000
downloaded 597272 bytes in 2.389555s (244.093 KiB/s)
(gdb) b *0x80000
Breakpoint 1 at 0x80000: file arch/arm/cpu/armv8/start.S, line 31.
(gdb) mon resume 0x80000
(gdb)
此后我再也没有达到断点。在序列号上我可以看到 u-boot 启动到 shell 为止,而没有到达断点。 问题 1 : 为什么断点没有命中,如何修复?
问题2:由于断点已经设置,我想重新启动树莓派,但这只是暂时中断了JTAG连接。并且 u-boot 正常命中,没有到达我的断点。
Examination failed, GDB will be halted. Polling again in 3100ms
Error: Invalid ACK (7) in DAP response
Error: JTAG-DP STICKY ERROR
Polling target bcm2837.cpu1 failed, trying to reexamine
Error: Invalid ACK (7) in DAP response
Error: JTAG-DP STICKY ERROR
Error: Could not initialize the APB-AP
Examination failed, GDB will be halted. Polling again in 3100ms
Error: Invalid ACK (7) in DAP response
Error: Debug regions are unpowered, an unexpected reset might have happened
Error: JTAG-DP STICKY ERROR
Polling target bcm2837.cpu2 failed, trying to reexamine
Info : bcm2837.cpu2: hardware has 6 breakpoints, 4 watchpoints
Polling target bcm2837.cpu3 failed, trying to reexamine
Info : bcm2837.cpu3: hardware has 6 breakpoints, 4 watchpoints
Polling target bcm2837.cpu0 failed, trying to reexamine
Info : bcm2837.cpu0: hardware has 6 breakpoints, 4 watchpoints
Polling target bcm2837.cpu1 failed, trying to reexamine
Info : bcm2837.cpu1: hardware has 6 breakpoints, 4 watchpoints
有没有一种方法可以让我先设置断点,然后重新启动/重置 Pi,以便命中断点?我不想一次又一次地继续做
mon load_imagemon reset(gdb) mon reset
JTAG tap: bcm2837.cpu tap/device found: 0x4ba00477 (mfg: 0x23b (ARM Ltd), part: 0xba00, ver: 0x4)
bcm2837.cpu0: how to reset?
PS:我正在使用来自树莓派的openocd fork的最新克隆。
U-Boot 会从其加载的原始位置重新定位。要在重定位后进行调试,您需要通过 bdinfo 命令打印出的重定位地址。
假设您位于构建 U-Boot 的目录中,则输入 gdb:
gdb-multiarch u-boot -ex 'target remote localhost:3333'
现在在gdb中你需要告知它地址:
add-symbol-file u-boot <relocaddr>
lay src
现在您应该能够看到 U-Boot 中的源代码位置,并且可以在要调试的函数处设置断点,例如
b do_booti
重定位地址存储在arm64寄存器x18所指向的结构中(arm32上为r9)。您可以使用以下方式显示结构:
p/x *(gd_t *)$x18