如何在没有 jtag、断点、模拟器、模拟器的情况下单步执行目标代码 [英] how to single-step code on-target with no jtag, breakpoints, simulator, emulator

查看:38
本文介绍了如何在没有 jtag、断点、模拟器、模拟器的情况下单步执行目标代码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

假设您有一个指向函数的指针,该函数的来源您没有并且不受信任",因为它可能读/写到不允许的内存区域.

Let's say you have a pointer to function whose source you do not have and which is "untrusted" because it might read/write to disallowed memory region.

在执行每条汇编指令之前,您需要验证它没有访问不允许的内存区域.

Before it executes each assembly instruction, you want to verify that it doesn't access disallowed memory regions.

操作系统(几乎)是裸机,即自定义 RTOS(因此没有 Linux 或 QNX).

The OS is (almost) bare-metal i.e. a custom RTOS (so no Linux or QNX).

这适用于不仅在开发期间而且在正常运行时都需要启用的功能.

This is for a functionality that needs to be enabled not only during development but during normal runtime.

理想情况下,它会运行如下:

Ideally, it'd run something like this:

void (*fptr)(int);
fptr = &someFunction; // untrusted, don't have source
// enable interrupts for each assembly instruction
_EN_INT();
// call the function
fptr();
// everytime the PC increments, some other code runs which verifies that if any load/stores are executed, it doesn't access some disallowed memory range

// disable interrupts for each assembly instruction
_DIS_INT();

问题

是否可以在每次汇编指令后调用该函数并暂停执行?

Is it possible to call that function and pause execution after every assembly instruction?

推荐答案

操作系统(几乎)是裸机,即自定义 RTOS(因此没有 Linux 或 QNX).

The OS is (almost) bare-metal i.e. a custom RTOS (so no Linux or QNX).

我的回答假设您可以根据需要修改操作系统"...

My answer assumes that you can modify the "OS" the way you need it...

皮质 MK20DX256VLH7

Cortex MK20DX256VLH7

这似乎是 Cortex M4 CPU.

This seems to be a Cortex M4 CPU.

如何在没有 jtag、断点的情况下单步执行目标代码

how to single-step code on-target with no jtag, breakpoints

从文档中,它没有说明您是否需要外部调试器来恢复执行.

From the doc, it doesn't say whether you NEED an external debugger to resume execution.

如果 CPU 真的停止了,您肯定需要一个外部信号(例如来自调试器).

If the CPU is really stopped, you'll definitely need an external signal (e.g. from a debugger).

然而,大多数 CPU 支持软件调试.这意味着只要遇到断点,就会执行中断服务程序.要继续执行,您只需从中断服务程序返回即可.

However most CPUs support software debugging. This means that an interrupt service routine is executed whenever a breakpoint is hit. To continue execution you simply return from the interrupt service routine.

我不了解 Cortex M4,但对于 Cortex M3,您必须设置一些特殊寄存器才能启用该功能.每当命中BKPT"指令时,就会执行中断 #12 (*).

I don't know about the Cortex M4 but for the Cortex M3 you'll have to set some special registers to enable that feature. Whenever a "BKPT" instruction is hit then interrupt #12 (*) is executed.

对于 RAM 中的代码,您只需将 BKPT 指令(0xBExx,例如 0xBEBE)写入要设置断点的地址.(在写入之前,您读出该值以便以后能够恢复它).

For code in RAM you simply write an BKPT instruction (0xBExx, e.g. 0xBEBE) to the address where you want to set your breakpoint. (Before writing you read out the value to be able to restore it later on).

对于闪存中的代码,M3 有一个闪存修补单元",它允许您指定最多三个地址,即使其他数据存储在那里,这些地址也应读取为 0xBExx (0xBEBE ?).这允许您在 Flash 中设置最多 3 个断点.

For code in Flash the M3 has a "Flash patching unit" which allows you to specify up to three addresses which shall be read out as 0xBExx (0xBEBE ?) even if other data is stored there. This allows you to set up to 3 breakpoints in Flash.

让您感兴趣:M3 中控制调试功能的寄存器(名为DEMCR")也有一个名为MON_STEP"的位:

Interesting for you: The register controlling the debug features in the M3 (named "DEMCR") also has a bit named "MON_STEP":

如果您在中断处理程序 #12 中设置此位,则在从中断处理程序返回后正好执行一条指令,并再次触发中断 #12.此功能的用例当然是单步代码!

If you set this bit in interrupt handler #12 then exactly one instruction is executed after returning from the interrupt handler and interrupt #12 is triggered again. The use case for this feature is - of course - single-stepping code!

要停止单步执行,您必须再次清除 MON_STEP 位...

To stop single-stepping you'll have to clear the MON_STEP bit again...

重要 1:

我不知道 MK20DX256VLH7 是否真的具备所有这些功能.然而,因为它是 Cortex M4 芯片并且 M4 应该具有 M3 的几乎所有功能,这些功能应该存在......

I don't know if the MK20DX256VLH7 really has all these features. However because it is a Cortex M4 chip and the M4 should have nearly all features of the M3 these features should be present...

重要事项 2:

单步执行和调试不是很快就能完成的.汇编语言知识将非常有帮助,您将需要大量时间...

Implementing single-stepping and debugging is not done quickly. Assembly language knowledge will be very helpful and you'll need a lot of time...

从文档中,...

您不仅需要 NXP 的 MK20DX256VLH7 文档,还需要 ARM 的 Cortex M4 文档.

You will not only need the documentation for the MK20DX256VLH7 from NXP but you'll also need the Cortex M4 documentation from ARM.

(*) 向量表中的偏移量4*12就是这里的意思(在一些ARM文档中称为IRQ(-4)");不是 IRQ12.

(*) Offset 4*12 in the vector table is meant here (which is named "IRQ(-4)" in some ARM documents); not IRQ12.

这篇关于如何在没有 jtag、断点、模拟器、模拟器的情况下单步执行目标代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆