From: Pedro Alves <palves@redhat.com>
To: Will Deacon <will.deacon@arm.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
Joel Brobecker <brobecker@adacore.com>,
Marcus Shawcroft <marcus.shawcroft@gmail.com>,
Terry Guo <Terry.Guo@arm.com>,
Marcus Shawcroft <Marcus.Shawcroft@arm.com>,
"lgustavo@codesourcery.com" <lgustavo@codesourcery.com>,
"yao@codesourcery.com" <yao@codesourcery.com>,
"gdb-patches@sourceware.org" <gdb-patches@sourceware.org>,
"Gareth, McMullin" <gareth@blacksphere.co.nz>
Subject: Re: [RFA/commit] arm-tdep.c: Do not single-step after hitting a watchpoint
Date: Tue, 30 Sep 2014 10:07:00 -0000 [thread overview]
Message-ID: <542A80D9.20104@redhat.com> (raw)
In-Reply-To: <20140930091824.GE8075@arm.com>
On 09/30/2014 10:18 AM, Will Deacon wrote:
> On Tue, Sep 30, 2014 at 10:08:09AM +0100, Pedro Alves wrote:
>> The report that confuses me is Gareth's:
>>
>> https://sourceware.org/ml/gdb/2014-09/msg00013.html
>>
>> As it sounds like he has v7-m hardware that has asynchronous
>> behavior. Gareth, can you confirm this, please?
>
> Running Linux or bare-metal? The hw_breakpoint code in the kernel certainly
> wasn't written with v7-m in mind and I'd be surprised if it even probed
> successfully at boot.
Judging from the black magic probes' description at:
http://www.blacksphere.co.nz/main/blackmagic, definitely bare-metal.
>
>> Still, in any case, from that LKML post:
>>
>> "v6 cores are the opposite; they only generate asynchronous
>> watchpoint exceptions".
>>
>> So, eh!? Does your qemu patch take this into account? Seems
>> like it should.
>
> Hmm, I didn't realise v6 was on the table here.
GDB supports that, and older. Doesn't qemu do v6?
> In that case, you need to signal an async exception and set the WFAR
> register to indicate the watchpointed instruction. Not that Linux uses this...
Yeah, even though Linux doesn't use this, this then must be what bare metal
probes and other OSs will necessarily be using to support watchpoints on < v7.
OK, then on v6 (and earlier), the WFAR will be (as Luis pointed out
elsewhere), from:
(ARM1156T2F-S, IIUC, that's a v6)
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0290g/Bhcdjdcg.html
WFAR - Watchpoint Fault Address Register
The WFAR is updated to indicate the address of the instruction that
accessed the watchpointed address:
- the address of the instruction + 8 in ARM state
- the address of the instruction + 4 in Thumb® state
What wasn't clear to me was whether this meant that the
instruction at the address of the instruction, and
at the the address of the instruction +4/+2 (ARM/Thumb) had
executed completely or not. It's my understanding now that,
yes, both the instruction that caused the watchpoint and the
instruction after that one have already been executed.
I may be missing something, but that page leaves me wondering
what happens if the instruction after the instruction that caused
the watchpoint is a branch. Will the WFAR point still point
at "address + 8" ? Or will it point at the branch destination?
In any case, it sounds like _nothing_ should be unwinding the PC
back -8 nor -4 to help the debugger, as that would make the
program re-execute instructions that had already executed.
For further confirmation, I looked at the v6-m manual I have
handy (DDI 0419C). There, I see:
C1.5.2:
The following are asynchronous debug events:
- Watchpoint debug events, including PC match watchpoints
And then on C1.6.4
The DebugReturnAddress value
DebugReturnAddress is the address of the first instruction to be executed on exit from Debug state. This
address indicates the point in the execution stream where the debug event was invoked. For a hardware or
a software breakpoint, this is the address of the breakpointed instruction. For all other debug events,
including PC match watchpoints, DebugReturnAddress is the address of the first instruction that both:
- in a simple sequential execution of the program, executes after the instruction that caused the debug
event
- has not been executed.
And in C1.7.1
A watchpoint event is asynchronous to the instruction that caused it. The DebugReturnAddress value for a
watchpoint event must be that of an instruction to be executed after the instruction responsible for
generating the watchpoint.
This seems to confirm my current understanding that indeed that +8/+4 offset
in WFAR should _never_ be adjusted, as the instructions at +0 and +4/+2 have
already been executed.
So, my current understanding is that when debugging a < v7 target, GDB
should always treat watchpoints as continuable (asynchronous), as that's
all the hardware supports/supported.
And when debugging a >= v7 target, GDB should treat watchpoints as
synchronous as that's all real hardware supports (even though
the architecture permits both sync and async, in theory).
And if we do this in GDB, then it's be better that qemu likewise
treats watchpoints as asynchronous on < v7, so that GDB doesn't need to
know whether it's talking to real bare-metal and against qemu.
Does that make sense?
> The comment/code above is about finding the address of the memory access
> that triggered the watchpoint, as opposed to the address of the instruction.
> (e.g. if I load from address FOO, then I only get told about FOO in v7.1).
Understood.
Thanks,
Pedro Alves
next prev parent reply other threads:[~2014-09-30 10:07 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-29 18:23 Peter Maydell
2014-09-29 22:15 ` Pedro Alves
2014-09-29 22:54 ` Peter Maydell
2014-09-30 9:08 ` Pedro Alves
2014-09-30 9:18 ` Will Deacon
2014-09-30 10:07 ` Pedro Alves [this message]
2014-09-30 10:18 ` Peter Maydell
2014-09-30 10:38 ` Pedro Alves
2014-09-30 10:01 ` Peter Maydell
2014-09-30 10:34 ` Pedro Alves
2014-09-30 12:54 ` Pedro Alves
2014-09-30 13:50 ` Joel Brobecker
2014-09-30 14:11 ` Pedro Alves
2014-09-30 14:26 ` Joel Brobecker
2014-09-30 14:50 ` Peter Maydell
2014-09-30 8:57 ` Will Deacon
2014-09-30 9:04 ` Will Deacon
2014-09-30 9:14 ` Pedro Alves
2014-09-30 9:24 ` Will Deacon
-- strict thread matches above, loose matches on Subject: below --
2014-09-15 13:01 Joel Brobecker
2014-09-16 11:12 ` Yao Qi
2014-09-16 11:59 ` Joel Brobecker
2014-09-16 12:05 ` Luis Machado
2014-09-16 12:48 ` Joel Brobecker
2014-09-16 13:09 ` Luis Machado
2014-09-16 15:21 ` Pedro Alves
2014-09-18 11:40 ` Marcus Shawcroft
2014-09-19 17:31 ` Pedro Alves
2014-09-29 17:51 ` Joel Brobecker
2014-09-29 17:57 ` Luis Machado
2014-09-29 21:04 ` Pedro Alves
2014-09-30 8:54 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=542A80D9.20104@redhat.com \
--to=palves@redhat.com \
--cc=Marcus.Shawcroft@arm.com \
--cc=Terry.Guo@arm.com \
--cc=brobecker@adacore.com \
--cc=gareth@blacksphere.co.nz \
--cc=gdb-patches@sourceware.org \
--cc=lgustavo@codesourcery.com \
--cc=marcus.shawcroft@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=will.deacon@arm.com \
--cc=yao@codesourcery.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox