1 // SPDX-License-Identifier: GPL-2.0+
3 * taken from gdb/remote.c
5 * I am only interested in the write to memory stuff - everything else
8 * all the copyright notices etc have been left in
11 /* enough so that it will compile */
21 #define alloca __builtin_alloca
22 #else /* not GNU C. */
23 #if (!defined (__STDC__) && defined (sparc)) || defined (__sparc__) || defined (__sparc) || defined (__sgi)
26 #if defined (MSDOS) && !defined (__TURBOC__)
28 #else /* not MSDOS, or __TURBOC__ */
32 #else /* not MSDOS, __TURBOC__, or _AIX */
36 #endif /* not MSDOS, or __TURBOC__ */
37 #endif /* not sparc. */
38 #endif /* not GNU C. */
46 #endif /* alloca not defined. */
52 #define REGISTER_BYTES 0
53 #define fprintf_unfiltered fprintf
54 #define fprintf_filtered fprintf
55 #define fputs_unfiltered fputs
56 #define fputs_filtered fputs
57 #define fputc_unfiltered fputc
58 #define fputc_filtered fputc
59 #define printf_unfiltered printf
60 #define printf_filtered printf
61 #define puts_unfiltered puts
62 #define puts_filtered puts
63 #define putchar_unfiltered putchar
64 #define putchar_filtered putchar
65 #define fputstr_unfiltered(a,b,c) fputs((a), (c))
66 #define gdb_stdlog stderr
67 #define SERIAL_READCHAR(fd,timo) serialreadchar((fd), (timo))
68 #define SERIAL_WRITE(fd, addr, len) serialwrite((fd), (addr), (len))
70 #define perror_with_name Perror
71 #define gdb_flush fflush
72 #define max(a,b) (((a)>(b))?(a):(b))
73 #define min(a,b) (((a)<(b))?(a):(b))
74 #define target_mourn_inferior() {}
75 #define ULONGEST unsigned long
76 #define CORE_ADDR unsigned long
78 static int putpkt (char *);
79 static int putpkt_binary(char *, int);
80 static void getpkt (char *, int);
82 static int remote_debug = 0, remote_register_buf_size = 0, watchdog = 0;
84 int remote_desc = -1, remote_timeout = 10;
87 fputstrn_unfiltered(char *s, int n, int x, FILE *fp)
96 SERIAL_WRITE(remote_desc, "+", 1);
100 remote_continue(void)
105 /* Remote target communications for serial-line targets in custom GDB protocol
106 Copyright 1988, 91, 92, 93, 94, 95, 96, 97, 98, 1999
107 Free Software Foundation, Inc.
109 This file is part of GDB.
112 /* Remote communication protocol.
114 A debug packet whose contents are <data>
115 is encapsulated for transmission in the form:
117 $ <data> # CSUM1 CSUM2
119 <data> must be ASCII alphanumeric and cannot include characters
120 '$' or '#'. If <data> starts with two characters followed by
121 ':', then the existing stubs interpret this as a sequence number.
123 CSUM1 and CSUM2 are ascii hex representation of an 8-bit
124 checksum of <data>, the most significant nibble is sent first.
125 the hex digits 0-9,a-f are used.
127 Receiver responds with:
129 + - if CSUM is correct and ready for next packet
130 - - if CSUM is incorrect
132 <data> is as follows:
133 Most values are encoded in ascii hex digits. Signal numbers are according
134 to the numbering in target.h.
138 set thread Hct... Set thread for subsequent operations.
139 c = 'c' for thread used in step and
140 continue; t... can be -1 for all
142 c = 'g' for thread used in other
143 operations. If zero, pick a thread,
149 reply XX....X Each byte of register data
150 is described by two hex digits.
151 Registers are in the internal order
152 for GDB, and the bytes in a register
153 are in the same order the machine uses.
156 write regs GXX..XX Each byte of register data
157 is described by two hex digits.
161 write reg Pn...=r... Write register n... with value r...,
162 which contains two hex digits for each
163 byte in the register (target byte
167 (not supported by all stubs).
169 read mem mAA..AA,LLLL AA..AA is address, LLLL is length.
170 reply XX..XX XX..XX is mem contents
171 Can be fewer bytes than requested
172 if able to read only part of the data.
175 write mem MAA..AA,LLLL:XX..XX
177 LLLL is number of bytes,
180 ENN for an error (this includes the case
181 where only part of the data was
184 write mem XAA..AA,LLLL:XX..XX
185 (binary) AA..AA is address,
186 LLLL is number of bytes,
187 XX..XX is binary data
191 continue cAA..AA AA..AA is address to resume
192 If AA..AA is omitted,
193 resume at same address.
195 step sAA..AA AA..AA is address to resume
196 If AA..AA is omitted,
197 resume at same address.
199 continue with Csig;AA..AA Continue with signal sig (hex signal
200 signal number). If ;AA..AA is omitted,
201 resume at same address.
203 step with Ssig;AA..AA Like 'C' but step not continue.
206 last signal ? Reply the current reason for stopping.
207 This is the same reply as is generated
208 for step or cont : SAA where AA is the
213 There is no immediate reply to step or cont.
214 The reply comes when the machine stops.
215 It is SAA AA is the signal number.
217 or... TAAn...:r...;n...:r...;n...:r...;
219 n... = register number (hex)
220 r... = register contents
222 r... = thread process ID. This is
224 n... = other string not starting
225 with valid hex digit.
226 gdb should ignore this n,r pair
227 and go on to the next. This way
228 we can extend the protocol.
229 or... WAA The process exited, and AA is
230 the exit status. This is only
231 applicable for certains sorts of
233 or... XAA The process terminated with signal
235 or (obsolete) NAA;tttttttt;dddddddd;bbbbbbbb
237 tttttttt = address of symbol "_start"
238 dddddddd = base of data section
239 bbbbbbbb = base of bss section.
240 Note: only used by Cisco Systems
241 targets. The difference between this
242 reply and the "qOffsets" query is that
243 the 'N' packet may arrive spontaneously
244 whereas the 'qOffsets' is a query
245 initiated by the host debugger.
246 or... OXX..XX XX..XX is hex encoding of ASCII data. This
247 can happen at any time while the
248 program is running and the debugger
249 should continue to wait for
252 thread alive TXX Find out if the thread XX is alive.
253 reply OK thread is still alive
256 remote restart RXX Restart the remote server
258 extended ops ! Use the extended remote protocol.
259 Sticky -- only needs to be set once.
263 toggle debug d toggle debug flag (see 386 & 68k stubs)
264 reset r reset -- see sparc stub.
265 reserved <other> On other requests, the stub should
266 ignore the request and send an empty
267 response ($#<checksum>). This way
268 we can extend the protocol and GDB
269 can tell whether the stub it is
270 talking to uses the old or the new.
271 search tAA:PP,MM Search backwards starting at address
272 AA for a match with pattern PP and
273 mask MM. PP and MM are 4 bytes.
274 Not supported by all stubs.
276 general query qXXXX Request info about XXXX.
277 general set QXXXX=yyyy Set value of XXXX to yyyy.
278 query sect offs qOffsets Get section offsets. Reply is
279 Text=xxx;Data=yyy;Bss=zzz
281 Responses can be run-length encoded to save space. A '*' means that
282 the next character is an ASCII encoding giving a repeat count which
283 stands for that many repititions of the character preceding the '*'.
284 The encoding is n+29, yielding a printable character where n >=3
285 (which is where rle starts to win). Don't use an n > 126.
288 "0* " means the same as "0000". */
291 /* This variable (available to the user via "set remotebinarydownload")
292 dictates whether downloads are sent in binary (via the 'X' packet).
293 We assume that the stub can, and attempt to do it. This will be cleared if
294 the stub does not understand it. This switch is still needed, though
295 in cases when the packet is supported in the stub, but the connection
296 does not allow it (i.e., 7-bit serial connection only). */
297 static int remote_binary_download = 1;
299 /* Have we already checked whether binary downloads work? */
300 static int remote_binary_checked;
302 /* Maximum number of bytes to read/write at once. The value here
303 is chosen to fill up a packet (the headers account for the 32). */
304 #define MAXBUFBYTES(N) (((N)-32)/2)
306 /* Having this larger than 400 causes us to be incompatible with m68k-stub.c
307 and i386-stub.c. Normally, no one would notice because it only matters
308 for writing large chunks of memory (e.g. in downloads). Also, this needs
309 to be more than 400 if required to hold the registers (see below, where
310 we round it up based on REGISTER_BYTES). */
311 /* Round up PBUFSIZ to hold all the registers, at least. */
312 #define PBUFSIZ ((REGISTER_BYTES > MAXBUFBYTES (400)) \
313 ? (REGISTER_BYTES * 2 + 32) \
317 /* This variable sets the number of bytes to be written to the target
318 in a single packet. Normally PBUFSIZ is satisfactory, but some
319 targets need smaller values (perhaps because the receiving end
322 static int remote_write_size = 0x7fffffff;
324 /* This variable sets the number of bits in an address that are to be
325 sent in a memory ("M" or "m") packet. Normally, after stripping
326 leading zeros, the entire address would be sent. This variable
327 restricts the address to REMOTE_ADDRESS_SIZE bits. HISTORY: The
328 initial implementation of remote.c restricted the address sent in
329 memory packets to ``host::sizeof long'' bytes - (typically 32
330 bits). Consequently, for 64 bit targets, the upper 32 bits of an
331 address was never sent. Since fixing this bug may cause a break in
332 some remote targets this variable is principly provided to
333 facilitate backward compatibility. */
335 static int remote_address_size;
337 /* Convert hex digit A to a number. */
342 if (a >= '0' && a <= '9')
344 else if (a >= 'a' && a <= 'f')
346 else if (a >= 'A' && a <= 'F')
349 error ("Reply contains invalid hex digit %d", a);
354 /* Convert number NIB to a hex digit. */
362 return 'a' + nib - 10;
365 /* Return the number of hex digits in num. */
368 hexnumlen (ULONGEST num)
372 for (i = 0; num != 0; i++)
378 /* Set BUF to the hex digits representing NUM. */
381 hexnumstr (char *buf, ULONGEST num)
384 int len = hexnumlen (num);
388 for (i = len - 1; i >= 0; i--)
390 buf[i] = "0123456789abcdef"[(num & 0xf)];
397 /* Mask all but the least significant REMOTE_ADDRESS_SIZE bits. */
400 remote_address_masked (CORE_ADDR addr)
402 if (remote_address_size > 0
403 && remote_address_size < (sizeof (ULONGEST) * 8))
405 /* Only create a mask when that mask can safely be constructed
406 in a ULONGEST variable. */
408 mask = (mask << remote_address_size) - 1;
414 /* Determine whether the remote target supports binary downloading.
415 This is accomplished by sending a no-op memory write of zero length
416 to the target at the specified address. It does not suffice to send
417 the whole packet, since many stubs strip the eighth bit and subsequently
418 compute a wrong checksum, which causes real havoc with remote_write_bytes.
420 NOTE: This can still lose if the serial line is not eight-bit clean. In
421 cases like this, the user should clear "remotebinarydownload". */
423 check_binary_download (CORE_ADDR addr)
425 if (remote_binary_download && !remote_binary_checked)
427 char *buf = alloca (PBUFSIZ);
429 remote_binary_checked = 1;
433 p += hexnumstr (p, (ULONGEST) addr);
435 p += hexnumstr (p, (ULONGEST) 0);
439 putpkt_binary (buf, (int) (p - buf));
443 remote_binary_download = 0;
448 if (remote_binary_download)
449 fprintf_unfiltered (gdb_stdlog,
450 "binary downloading suppported by target\n");
452 fprintf_unfiltered (gdb_stdlog,
453 "binary downloading NOT suppported by target\n");
457 /* Write memory data directly to the remote machine.
458 This does not inform the data cache; the data cache uses this.
459 MEMADDR is the address in the remote memory space.
460 MYADDR is the address of the buffer in our space.
461 LEN is the number of bytes.
463 Returns number of bytes transferred, or 0 for error. */
466 remote_write_bytes (memaddr, myaddr, len)
471 unsigned char *buf = alloca (PBUFSIZ);
472 int max_buf_size; /* Max size of packet output buffer */
476 /* Verify that the target can support a binary download */
477 check_binary_download (memaddr);
479 /* Chop the transfer down if necessary */
481 max_buf_size = min (remote_write_size, PBUFSIZ);
482 if (remote_register_buf_size != 0)
483 max_buf_size = min (max_buf_size, remote_register_buf_size);
485 /* Subtract header overhead from max payload size - $M<memaddr>,<len>:#nn */
486 max_buf_size -= 2 + hexnumlen (memaddr + len - 1) + 1 + hexnumlen (len) + 4;
491 unsigned char *p, *plen;
495 /* construct "M"<memaddr>","<len>":" */
496 /* sprintf (buf, "M%lx,%x:", (unsigned long) memaddr, todo); */
497 memaddr = remote_address_masked (memaddr);
499 if (remote_binary_download)
502 todo = min (len, max_buf_size);
507 todo = min (len, max_buf_size / 2); /* num bytes that will fit */
510 p += hexnumstr ((char *)p, (ULONGEST) memaddr);
513 plen = p; /* remember where len field goes */
514 p += hexnumstr ((char *)p, (ULONGEST) todo);
518 /* We send target system values byte by byte, in increasing byte
519 addresses, each byte encoded as two hex characters (or one
520 binary character). */
521 if (remote_binary_download)
525 (i < todo) && (i + escaped) < (max_buf_size - 2);
528 switch (myaddr[i] & 0xff)
533 /* These must be escaped */
536 *p++ = (myaddr[i] & 0xff) ^ 0x20;
539 *p++ = myaddr[i] & 0xff;
546 /* Escape chars have filled up the buffer prematurely,
547 and we have actually sent fewer bytes than planned.
548 Fix-up the length field of the packet. */
550 /* FIXME: will fail if new len is a shorter string than
553 plen += hexnumstr ((char *)plen, (ULONGEST) i);
559 for (i = 0; i < todo; i++)
561 *p++ = tohex ((myaddr[i] >> 4) & 0xf);
562 *p++ = tohex (myaddr[i] & 0xf);
567 putpkt_binary ((char *)buf, (int) (p - buf));
568 getpkt ((char *)buf, 0);
572 /* There is no correspondance between what the remote protocol uses
573 for errors and errno codes. We would like a cleaner way of
574 representing errors (big enough to include errno codes, bfd_error
575 codes, and others). But for now just return EIO. */
580 /* Increment by i, not by todo, in case escape chars
581 caused us to send fewer bytes than we'd planned. */
592 /* Stuff for dealing with the packets which are part of this protocol.
593 See comment at top of file for details. */
595 /* Read a single character from the remote end, masking it down to 7 bits. */
598 readchar (int timeout)
602 ch = SERIAL_READCHAR (remote_desc, timeout);
607 error ("Remote connection closed");
609 perror_with_name ("Remote communication error");
621 return putpkt_binary (buf, strlen (buf));
624 /* Send a packet to the remote machine, with error checking. The data
625 of the packet is in BUF. The string in BUF can be at most PBUFSIZ - 5
626 to account for the $, # and checksum, and for a possible /0 if we are
627 debugging (remote_debug) and want to print the sent packet as a string */
630 putpkt_binary (buf, cnt)
635 unsigned char csum = 0;
636 char *buf2 = alloca (PBUFSIZ);
637 char *junkbuf = alloca (PBUFSIZ);
643 /* Copy the packet into buffer BUF2, encapsulating it
644 and giving it a checksum. */
646 if (cnt > BUFSIZ - 5) /* Prosanity check */
652 for (i = 0; i < cnt; i++)
658 *p++ = tohex ((csum >> 4) & 0xf);
659 *p++ = tohex (csum & 0xf);
661 /* Send it over and over until we get a positive ack. */
665 int started_error_output = 0;
670 fprintf_unfiltered (gdb_stdlog, "Sending packet: ");
671 fputstrn_unfiltered (buf2, p - buf2, 0, gdb_stdlog);
672 fprintf_unfiltered (gdb_stdlog, "...");
673 gdb_flush (gdb_stdlog);
675 if (SERIAL_WRITE (remote_desc, buf2, p - buf2))
676 perror_with_name ("putpkt: write failed");
678 /* read until either a timeout occurs (-2) or '+' is read */
681 ch = readchar (remote_timeout);
690 if (started_error_output)
692 putchar_unfiltered ('\n');
693 started_error_output = 0;
702 fprintf_unfiltered (gdb_stdlog, "Ack\n");
708 break; /* Retransmit buffer */
711 /* It's probably an old response, and we're out of sync.
712 Just gobble up the packet and ignore it. */
714 continue; /* Now, go look for + */
719 if (!started_error_output)
721 started_error_output = 1;
722 fprintf_unfiltered (gdb_stdlog, "putpkt: Junk: ");
724 fputc_unfiltered (ch & 0177, gdb_stdlog);
728 break; /* Here to retransmit */
732 /* This is wrong. If doing a long backtrace, the user should be
733 able to get out next time we call QUIT, without anything as
734 violent as interrupt_query. If we want to provide a way out of
735 here without getting to the next QUIT, it should be based on
736 hitting ^C twice as in remote_wait. */
746 /* Come here after finding the start of the frame. Collect the rest
747 into BUF, verifying the checksum, length, and handling run-length
748 compression. Returns 0 on any error, 1 on success. */
751 read_frame (char *buf)
762 c = readchar (remote_timeout);
768 fputs_filtered ("Timeout in mid-packet, retrying\n", gdb_stdlog);
772 fputs_filtered ("Saw new packet start in middle of old one\n",
774 return 0; /* Start a new packet, count retries */
777 unsigned char pktcsum;
781 pktcsum = fromhex (readchar (remote_timeout)) << 4;
782 pktcsum |= fromhex (readchar (remote_timeout));
791 fprintf_filtered (gdb_stdlog,
792 "Bad checksum, sentsum=0x%x, csum=0x%x, buf=",
794 fputs_filtered (buf, gdb_stdlog);
795 fputs_filtered ("\n", gdb_stdlog);
799 case '*': /* Run length encoding */
801 c = readchar (remote_timeout);
803 c = c - ' ' + 3; /* Compute repeat count */
805 if (c > 0 && c < 255 && bp + c - 1 < buf + PBUFSIZ - 1)
807 memset (bp, *(bp - 1), c);
813 printf_filtered ("Repeat count %d too large for buffer: ", c);
815 puts_filtered ("\n");
818 if (bp < buf + PBUFSIZ - 1)
826 puts_filtered ("Remote packet too long: ");
828 puts_filtered ("\n");
835 /* Read a packet from the remote machine, with error checking, and
836 store it in BUF. BUF is expected to be of size PBUFSIZ. If
837 FOREVER, wait forever rather than timing out; this is used while
838 the target is executing user code. */
841 getpkt (buf, forever)
850 strcpy (buf, "timeout");
854 timeout = watchdog > 0 ? watchdog : -1;
858 timeout = remote_timeout;
862 for (tries = 1; tries <= MAX_TRIES; tries++)
864 /* This can loop forever if the remote side sends us characters
865 continuously, but if it pauses, we'll get a zero from readchar
866 because of timeout. Then we'll count that as a retry. */
868 /* Note that we will only wait forever prior to the start of a packet.
869 After that, we expect characters to arrive at a brisk pace. They
870 should show up within remote_timeout intervals. */
874 c = readchar (timeout);
876 if (c == SERIAL_TIMEOUT)
878 if (forever) /* Watchdog went off. Kill the target. */
880 target_mourn_inferior ();
881 error ("Watchdog has expired. Target detached.\n");
884 fputs_filtered ("Timed out.\n", gdb_stdlog);
890 /* We've found the start of a packet, now collect the data. */
892 val = read_frame (buf);
898 fprintf_unfiltered (gdb_stdlog, "Packet received: ");
899 fputstr_unfiltered (buf, 0, gdb_stdlog);
900 fprintf_unfiltered (gdb_stdlog, "\n");
902 SERIAL_WRITE (remote_desc, "+", 1);
906 /* Try the whole thing again. */
908 SERIAL_WRITE (remote_desc, "-", 1);
911 /* We have tried hard enough, and just can't receive the packet. Give up. */
913 printf_unfiltered ("Ignoring packet error, continuing...\n");
914 SERIAL_WRITE (remote_desc, "+", 1);