作者email: anti_chen2000@sohu.com
摘要
gdb/armulator 是gdb自带的arm7模拟器,是调试arm程序的一个好工具.而了解它的原码结构对扩展它的io功能有重要意义.本文介绍了从armulator的启动到其内部运作和io扩展的大部分原代码功能.
说明
源代码用的是gdb-5.0.tar+ gdb-5.0-uclinux-armulator-20021127.patch
a. 和gdb间的通迅
armulator一般和gdb通讯有两种方式,其一是在gdb内部直接调用模拟器的相关函数,另一方法则是用pipe或socket传递rdp协议来连接gdb和amulator.而第一种方法是现在gdb/armulator所真正使用的(第二种是早期使用的方法),下面就分析了函数直接调用法.
函数直接调用
这个方法是由steve (sac@cygnus.com) 修改原rdp方法而来的,steve本人的描述如下:
/******************************************************
this directory contains the standard release of the armulator from
advanced risc machines, and was ftp'd from.
ftp.cl.cam.ac.uk:/arm/gnu
it likes to use tcp/ip between the simulator and the host, which is
nice, but is a pain to use under anything non-unix.
i've added created a new makefile.in (the original in makefile.orig)
to build a version of the simulator without the tcp/ip stuff, and a
wrapper.c to link directly into gdb and the run command.
it should be possible (barring major changes in the layout of
the armulator) to upgrade the simulator by copying all the files
out of a release into this directory and renaming the makefile.
(except that i changed armos.c to work more simply with our
simulator rigs)
********************************************************/
/gdb/target.c,/gdb/remote_sim.c以及在/sim/arm/wrapper.c是在armulator和gdb的通信中起着至关重要做用的几个文件.所有的gdb调试命令最后都是通过在target.h里定义的target_ops结构中的函数指针调用在/sim/arm/wrapper.c中型如sim_xxx的函数完成的.以前这些sim_xxx函数是位于/sim/common中的,是建立rdp通讯的关键,代码修改后此目录中的文件不再有用,被wrapper.c取而代之了.
以下是rdp 通讯和直接函数调用的图示:
要清楚armulator的执行过程就要从它的启动说起,当你在gdb中键入target sim 去激活amulator后gdb首先进行命令行解释,并将current_target指针指向sim变量,即将armulator的调试函数集赋予gdb,随后的函数调用堆栈如下:
--àgdbsim_open (…) in remote-sim.c.
--àsim_open(…) in /sim/arm/wrapper.c /*这里amulator对调用参数进行分析处理*/
--à*current_target->to_fetch_registers(-1) /*此函数指针实指向sim_fetch_register(…) in /sim/arm/wrapper.c*/
--àsim_fetch_register(-1) /*此函数指针是在将current_target指向sim时,通过注册target_ops 结构完成挂接的*/
sim_fetch_register (sd, rn, memory, length)
{
armword regval;
init (); file://就在这,amulator进行了初始化
…
}
至此armulator被装载完毕,其后gdb就是通过target_ops(定义在target.h)结构中的各个函数指针来完成对它的调试工.
b. armulator 内部机制
a. 初始化
从上述可知整个模拟器的初始化入口是在wrapper.c中的init( )函数,那么它到底又做了些什么呢?
(原始的gdb5.0中的armulator是模拟arm7dtmi 的,而补丁代码修改了memory map 并添加了timer 和uart 的io能力使其能够模拟at91.因为后者是对前者的增强,所以我们的分析以后者为准)
once the armulator to reset ,the armul_newstate will be called.and its task is to malloc a armul_state stuct which saves the armulator’s states and initialize it .and the armul_memoryinit() will malloc 4m ram for you.
#1 static void
#2 init ()
#3
#4 static int done;
#5 if (!done)
#6 {
#7 armul_emulateinit (); file://call this routine once to set up the emulator's tables.
#8 state = armul_newstate ();
#9 state->bigendsig = (big_endian ? high : low);
#10 rmul_memoryinit (state, mem_size); file://原始代码中的内存初始,但现在无用
#11 armul_osinit (state); file://预装系统初始化
#12 armu