2. 科技
    3. ejtag使用之调试pmon(单步及断点)

    ejtag使用之调试pmon(单步及断点)

    科技2022-08-01  118

    pmon 反汇编(objdump -S gzrom > grom.S)后的代码片断节选

    gzrom: file format elf32-tradlittlemips Disassembly of section .text: 8f900000 <_ftext>: 8f900000: 04110e2b bal 8f9038b0 <ls2k_version> 8f900004: 00000000 nop 8f900008: 14400019 bnez v0,8f900070 <_ftext+0x70> 8f90000c: 00000000 nop 8f900010: 40087801 0x40087801 8f9018d4 <start_now>: 8f9018d4: 3c048f91 lui a0,0x8f91 8f9018d8: 2484c26c addiu a0,a0,-15764 8f9018dc: 041107ca bal 8f903808 <stringserial> 8f9018e0: 00000000 nop 8f9018e4: 16000006 bnez s0,8f901900 <start_now+0x2c> 8f9018e8: 00000000 nop 8f9018ec: 24040080 li a0,128 8f9018f0: 3c028f91 lui v0,0x8f91 8f9018f4: 2442bf70 addiu v0,v0,-16528 8f9018f8: 00400008 jr v0 8f9018fc: 00000000 nop 8f901900: 40048000 mfc0 a0,c0_config 8f9038b0 <ls2k_version>: 8f9038b0: 40047800 mfc0 a0,c0_prid 8f9038b4: 3084000f andi a0,a0,0xf 8f9038b8: 24050003 li a1,3 8f9038bc: 14850002 bne a0,a1,8f9038c8 <ls2k_version+0x18> 8f9038c0: 24020000 li v0,0 8f9038c4: 24020001 li v0,1 8f9038c8: 03e00008 jr ra 8f9038cc: 00000000 nop # ./ejtag_debug_usb -t //一切的基础,根据芯片使用相应的配置文件 cpu0 -source configs/config.ls2k 按重启或上电开关的同时输入断点指令,以暂停cpu 执行 芯片上电是从0xbfc00000 处开始执行的,在没有启用cache 之前。pmon 反汇编中的地址要换成0xbfc0开始的地址 如:0xffffffff8f9038b0-->0xffffffffbfc038b0 参 考面的反汇编代码可知,下面的两个断点分别设置在 ls2k_version 和 start_now cpu0 -b 0xffffffffbfc038b0 cpu0 -b 0xffffffffbfc018d4 cpu0 -si //单步执行,即可知当前运行到哪条指令 cpu0: 0xffffffffbfc00f84: 0000a02d dmove s4,zero #user exp cpu0: 0xffffffffbfc00f88: 0000a82d dmove s5,zero #I exp cpu0 -bls cpu0 -hbls //查看断点列表 cpu 0: address: 0xffffffffbfc038b0 ibc: 0x1 ibm:0 cpu 0: address: 0xffffffffbfc018d4 ibc: 0x1 ibm:0 cpu0 -cont //继续运行,遇到断点会停在断点处 cpu0 -si cpu0: 0xffffffffbfc038b0: 40047800 mfc0 a0,C0_PRID #I exp cpu0: 0xffffffffbfc038b0: 40047800 mfc0 a0,C0_PRID #I exp cpu0 -cont cpu0 -si cpu0: 0xffffffffbfc018d4: 3c048f91 lui a0,0x8f91 # 36753 #I exp cpu0: 0xffffffffbfc018d4: 3c048f91 lui a0,0x8f91 # 36753 #I exp cpu0 -set //查看当前各寄存器的值 zero:0x0 at:0xffffffffbfc038a0 v0:0xffffffffbfe00000 v1:0x20 a0:0xff00ff0000fffff0 a1:0xfffffffff300040d a2:0xffffffffbfc03ae0 a3:0xffffffffffffffff t0:0xffffffffbfe13800 t1:0xffffffffbfe10450 t2:0x14 t3:0x0 t4:0x0 t5:0x0 t6:0x30c31cf9f300040d t7:0xffffffffbfc01854 s0:0x30300000 s1:0x0 s2:0x0 s3:0x0 s4:0x0 s5:0x0 s6:0x0 s7:0x0 t8:0x0 t9:0x0 k0:0x0 k1:0x0 gp:0xffffffff8f99a000 sp:0xffffffff8f8fc000 s8:0x0 ra:0xffffffffbfc03ca0 status:0x244000e0 lo:0x0 hi:0x0 badvaddr:0x0 cause:0x40008000 pc:0xffffffffbfc018d4 epc:0x0 cpu0 -

    通过输入h, 可查看ejtag 的其他命令简介。

    Processed: 0.013, SQL: 8