Clang complains about the variable 'orig_dfsr' that can be used
uninitialized both in cortex_a_read_cpu_memory() and in
cortex_a_write_cpu_memory().
The issue is caused by an incorrect error path that used to jump
through 'goto out'. The code after the label 'out' is specific to
handle the case of an error during memory R/W; it is incorrect to
jump there to handle an error during the initialization that
precedes the memory R/W.
Replace the 'goto out' with 'return retval'.
Remove the label 'out' that is now unused.
Change-Id: Ib4b140221d1c1b63419de109579bde8b63fc2e8c
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/7393
Tested-by: jenkins
Commit 35a503b08d ("arm_adi_v5: add ap refcount and add get/put
around ap use") modifies the examine functions of mem_ap, cortex_m,
cortex_a and aarch64 by calling dap_put_ap() and then looking again
for the mem-ap and calling dap_get_ap().
This causes an issue if the system is irresponsive and the examine
fails and left the AP pointer to NULL. If the system was already
examined the NULL pointer will cause a SIGSEGV.
Commit b6dad912b8 ("target/cortex_m: prevent segmentation fault
in cortex_m_poll()") proposes a fix for one specific case and only
on cortex_m.
Modify all the examine functions by skipping look-up for the AP if
it was already set in a previous examine; the target's AP is not
supposed to change during runtime.
Remove the partial fix for cortex_m as it is not needed anymore.
Change-Id: I806ec3b1b02fcc76e141c8dd3a65044febbf0a8c
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Fixes: 35a503b08d ("arm_adi_v5: add ap refcount and add get/put around ap use")
Reviewed-on: https://review.openocd.org/c/openocd/+/7392
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Without the fix, will see "Can not find free FP Comparator" error log
Change-Id: Id0d91cc02b7055e44d27507f9c05ccd48ff49838
Signed-off-by: Nima Palizban <n.palizban@gmail.com>
Fixes: fb43f1ff4e (target: Rework 'set' variable of break-/watchpoints)
Reviewed-on: https://review.openocd.org/c/openocd/+/7389
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
One place described the tcl port as 5555, which was changed in 163bd86071
Reported on IRC.
Change-Id: If740a29443793d6a4d4f8c9db54f0fc8344a6c1c
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
Reviewed-on: https://review.openocd.org/c/openocd/+/7385
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
If multiple targets are specified as -rtos <rtos_type>, the
rtos_update_threads was called only if the last target was specified as
rtos, which is inconsistent with other checks of whether or not smp target
is an rtos one.
Signed-off-by: Evgeniy Naydanov <evgeniy.naydanov@syntacore.com>
Change-Id: Ie52bc6b6c8f841d31b9590fcbc44e985d3cba0eb
Reviewed-on: https://review.openocd.org/c/openocd/+/7244
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
When OpenOCD receives a step-execution command from GDB and the target
is configured as rtos=hwthread, OpenOCD reconstructs the thread-info.
However, OpenOCD does not restore the thread id which is currently
selected by GDB. Due to this issue, OpenOCD sends the information of
wrong thread to GDB after the step execution.
This commit fixes the above issue by adding a code to save/restore the
thread id selected by GDB.
Signed-off-by: Koudai Iwahori <koudai@google.com>
Change-Id: I761a1141c04d48f1290e4f09baa7c7024f86f36a
Reviewed-on: https://review.openocd.org/c/openocd/+/7358
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
When OpenOCD receives 'g' packet (read general registers) from GDB and
target is configured as rtos=hwthread, hwthread_get_thread_reg_list is
called. However, it does not check if the register valid or not. Due to
this issue, OpenOCD returns invalid register values to GDB.
This commit adds a validity check to hwthread_get_thread_reg_list. If
the register is not valid, it tries to read the register from the
target.
Signed-off-by: Koudai Iwahori <koudai@google.com>
Change-Id: Iad6424b62124271ec411b1dfc044b57dfc460280
Reviewed-on: https://review.openocd.org/c/openocd/+/7357
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
Clang ignores that xds110_swd_write_reg() is always called with
bit SWD_CMD_RNW in 'cmd' set to zero.
It then complains that the local variable 'value' gets passed by
address to xds110_swd_queue_cmd() and in case of 'read request'
such stack address get stored for later use:
src/jtag/drivers/xds110.c:1363:1: warning: Address of
stack memory associated with local variable 'value' is
still referred to by the global variable 'xds110' upon
returning to the caller. This will be a dangling
reference [core.StackAddressEscape]
To both xds110_swd_write_reg() and xds110_swd_read_reg(), add an
assert() to inform Clang about the state of bit SWD_CMD_RNW.
Change-Id: I7687c055ec71424b642e152f478723a930966e3a
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/7380
Tested-by: jenkins
The variable retval is assigned a value that is never used.
Scan-build reports:
Although the value stored to 'retval' is used in the
enclosing expression, the value is never actually read
from 'retval'.
Drop the dead assignment.
Change-Id: I11588dee748a55d52aa7f35bc1967b7df55af7fc
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/7379
Tested-by: jenkins
Then also set it when we resume in examine(), which doesn't use the full
abstractions because not all required data structures are filled out
yet.
Hopefully fixes#749.
Change-Id: I0c6ab16da1f035ca2fbdb9f7be1462d44ddce3a0
Signed-off-by: Tim Newsome <tim@sifive.com>
The command should now send the full 5 byte command length, which
includes the command tag (0x19) and the 4-byte baudrate word, instead
of only the last 3 bytes of the baudrate.
Signed-off-by: Nick Kraus <nick@nckraus.com>
Change-Id: Idd6e084efd7492489aa900cdbf08f540944041cb
Reviewed-on: https://review.openocd.org/c/openocd/+/7370
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
Exit the loop when no harts are running, instead of when at least one
hart has halted.
Change-Id: Ia69b626bf1fee4034bd5ccc800a651bfe0e53685
Signed-off-by: Tim Newsome <tim@sifive.com>
It used to set all states to halted, but that's not right for harts that
are now unavailable. (It might be possible to call poll() at the right
time instead of duplicating some of its code, but I didn't see an easy
way to do that. The real requirement is that target->state is set to
TARGET_UNAVAILABLE before TARGET_EVENT_HALTED is is sent in
halt_finish(), because that's what triggers hwthread_update_threads(),
which must know about unavailable harts so they can be hidden from gdb.
Change-Id: I0a0bbdd4ec9ff8c9898e04045b84e1d2512c9336
Signed-off-by: Tim Newsome <tim@sifive.com>
When SMP is enabled, gdb will always use the first target in the SMP
group. That doesn't work when that first target is unavailable, but
others in the SMP group are still available.
For cases where gdb expects an operation to affect the entire group (run
control, memory access), find the first available target in an SMP group
and use that.
Change-Id: I4bed600da3ac0fdfe4287d8fdd090a58452db501
Signed-off-by: Tim Newsome <tim@sifive.com>
There used to be entirely separate code paths depending on whether we're
in SMP mode or not. Now they're both the same.
Change-Id: I8f46295e4bc005f441af0c03d4f608c53b8a6586
Signed-off-by: Tim Newsome <tim@sifive.com>
This ensures that we populate the register cache and set target->state.
Some RISC-V changes had upset the balance.
Change-Id: I47fbf8ebd8fe39fa5b752212080f87e3b7e6e5e5
Signed-off-by: Tim Newsome <tim@sifive.com>
We don't correctly write it, so we shouldn't expect it to read back the
same value. Fixes hardware breakpoints on mcontrol triggers.
Change-Id: Ie5e445060ec9c8887af933fd8887e57308330f09
Indicate to the JTAG driver that it does not need
to read and return the DR register value after scanning the
JTAG chain.
riscv_batch_run(), calls jtag_add_dr_scan() to schedule a
DR scan operation. Eventually, this will result in the JTAG
driver performing a JTAG scan to write to or read from DR.
The decision on whether to write to and/or read from DR
register is determined by the second parameter to
jtag_add_dr_scan(), i.e. a "struct scan_field".
Of particular interest here is if
batch->fields[i]->in_value is not NULL, the JTAG developer
must return the DR value collected from the JTAG scan
operation.
When creating the DR scan operation instruction with
riscv_batch_add_dmi_write(), batch->fields[i]->in_value points
to a location in batch->data_in buffer,
meaning batch->field[i]->in_value is not NULL, and the JTAG
developer must therefore read and return the DR value collected.
The returning of the DR value is redundant in a write
operation.
This patch set batch->fields[i]->in_value to NULL to indicate
the DR value need not be returned. This allows the JTAG
developer to optimize away any code associated with returning
the DR value.
Normally, the extra work to return the DR value is negligible.
However, in one usecase it introduces significant delays
In this use case a JTAG driver forwards
all JTAG scan to a server on a network. If the server has to
return the DR value, it has to perform the JTAG scan before
replying to the JTAG driver, and only then the JTAG driver
can send the next JTAG scan operation. However, if there is
no need to return the DR value, the server can
acknowledge the JTAG operation request immediately,thus
signalling to the JTAG driver that it is free to send the next
JTAG scan operation. At the same time of receiving the second
JTAG operation the server will process the original JTAG scan.
This saves time and mitigates network delay. Also, not having
to include the DR value in resulting in smaller reply packet
from server to JTAG driver and save on network traffic.
This doubles download speeds to spike using remote bitbang.
Change-Id: Ibb37c3e32af0cc7006b22b8c4e1f31ed29c21d0f
Signed-off-by: Ooi, Cinly <cinly.ooi@intel.com>
Signed-off-by: Tim Newsome <tim@sifive.com>
Signed-off-by: Ooi, Cinly <cinly.ooi@intel.com>
Signed-off-by: Tim Newsome <tim@sifive.com>
Co-authored-by: Ooi, Cinly <cinly.ooi@intel.com>
It's only used to change what callback events are generated, and there
are none anyway. (That's probably a bug, but since 0.11 is so rare I'm
not going to worry about it.)
Fixes#757.
Change-Id: I5b5df3a9bec927fb0368304229533e2875a83f6b
Signed-off-by: Tim Newsome <tim@sifive.com>
breakpoint_add should use rtos only if request is done by gdb.
Signed-off-by: Evgeniy Naydanov <evgeniy.naydanov@syntacore.com>
Change-Id: I779d1a905c6a3640869dca162e3cc001919e8f42
Signed-off-by: Evgeniy Naydanov <evgeniy.naydanov@syntacore.com>
Thread name loading was not correctly handled if a ThreadX task has a NULL
name.
Signed-off-by: Giulio Fieramosca <giulio@glgprograms.it>
Change-Id: I03071930182bc2585b61ce5d8c67491710883dd6
Reviewed-on: https://review.openocd.org/c/openocd/+/7328
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
target_run_flash_async_algorithm expects the source_buffer to have
at least 2 words reserved for read and write pointers in addition to the
FIFO buffer. If the size of the data to be flashed is <= 8 bytes then
the flash function will fail with "corrupted fifo read pointer" error.
Ensure the allocated buffer is big enough to hold both FIFO buffer and
read/write pointers.
Change-Id: I09c22eaac517b8cfea8e0b463f5deb6b98afd267
Signed-off-by: Simon Smiganovski <simon.smiganovski@fruitcore.de>
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/7342
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
armv7m_start_algorithm() saves register values to arch_info->context.
armv7m_wait_algorithm() restores register values from arch_info->context.
Exclude registers with flag exist = false from both loops.
While on it refactor the register restore: introduce 'struct reg' pointer
and dereference it instead of numerous accesses by a full path
from armv7m pointer.
Change-Id: I1600084db84809ee13bcf8e7828b79f8c9ff9077
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: https://review.openocd.org/c/openocd/+/7276
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
On some boards there is a HW bug: if fp unit is disabled (fs in mstatus
set to 0), accessing any fp register results in a hang (any abstract
command timeouts, untill the board is rebooted).
Signed-off-by: Evgeniy Naydanov <evgeniy.naydanov@syntacore.com>
Change-Id: I0c0d1033889f15dcc326c4078bf9cbb5a8558565
Signed-off-by: Evgeniy Naydanov <evgeniy.naydanov@syntacore.com>
The speed coefficient for Raspberry Pi 2 was probably calibrated
for a scaled down clock frequency.
To prevent JTAG/SWD overclocking, use the value corresponding
to the 'official' maximum CPU clock.
Change-Id: Iaff58b092198dce6d6552c9d31d6a3ba4aaaa2d5
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: https://review.openocd.org/c/openocd/+/7305
Tested-by: jenkins
Reviewed-by: Jonathan Bell <jonathan@raspberrypi.com>
Clang spots a potential NULL pointer dereferencing that is instead
an incorrect use of an array of pointers:
src/rtos/hwthread.c:254:32: warning: Dereference of null pointer
[core.NullDereference]
(*rtos_reg_list)[j].number = (*reg_list)[i].number;
^~~~~~~~~~~~~~~~~~~~~
The error has not been spotted before because:
- this function is not called for the first core of the SMP node,
- for the other cores on Cortex-A it still returns valid register
value for the first 12 ARM registers, then it diverges.
Also Valgrind does not spot any issue at runtime.
Address the array correctly.
While there, use DIV_ROUND_UP() macro for the computation.
Change-Id: Ib87e60e0edfd9671091f5dcfa9aedaf1aed800d1
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/7337
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Commit 0cedf10f8f ("Remove duplicate of a counter in
hwthread_update_threads") introduced a code bug.
In the second foreach_smp_target() loop, variable "threads_found"
gets passed to routine hwthread_fill_thread(). By removing the
counting of threads_found from the second loop, the
incorrect thread counter value gets passed to hwthread_fill_thread().
Change-Id: Ie89e53ccd28bb72b6838ef2f12106a1fe8d00994
Suggested-by: Daniel Goehring <dgoehrin@os.amperecomputing.com>
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: https://review.openocd.org/c/openocd/+/7307
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
The autodetection of CMSIS-DAP v2 bulk interface is tricky
as not all adapters conform CMSIS-DAP specs.
If an interface has a string descriptor containing CMSIS-DAP,
then OpenOCD did not insisted on the correct interface class
LIBUSB_CLASS_VENDOR_SPEC.
However the relaxed test caused false autodetection of v2 bulk
interface on some CMSIS-DAP v1 adapters with an additional serial
interface with the string descriptor stupidly containing
CMSIS-DAP text.
Make the test less relaxed, refuse autodetection of the interfaces
with the class number of well known functions including CDC and MSC.
Link: https://sourceforge.net/p/openocd/tickets/368/
Change-Id: I917cb257eb42aab93560cc39c61ec35a60ce52e3
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: https://review.openocd.org/c/openocd/+/7279
Tested-by: jenkins
Reviewed-by: SilverFox <yyjdelete@126.com>
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
The variable retval is assigned a value that is never used, as it
is reassigned few lines below.
Drop the dead assignment.
Change-Id: Id4e9134408fab3e04936d36e95724bf8d3ab55aa
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/7304
Tested-by: jenkins
Clang get confused by initializing the array uint16_t lock_word[],
casting it to (uint8_t *), then accessing the second element of
the uint8_t pointer.
src/target/dsp5680xx.c:2046:41: warning: The left operand of '<<'
is a garbage value [core.UndefinedBinaryOperatorResult]
uint16_t tmp = (buffer[0] | (buffer[1] << 8));
~~~~~~~~~ ^
Fix it by replacing the array with a single uint16_t.
The code is still depending on host endianness; no fix for this is
proposed.
Change-Id: I16dfd60cab117dd145aeecf10d9593574ff233a2
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/7302
Tested-by: jenkins
The function esirisc_jtag_recv() can be called with argument
num_in_fields = 0, for example as consequence of calling
esirisc_jtag_continue().
In this case, num_in_bytes is zero and the allocation of the
variable-length array 'r' requires size zero.
src/target/esirisc_jtag.c:133:2: warning: Declared variable-length
array (VLA) has zero size [core.VLASize]
uint8_t r[num_in_bytes * 2];
^~~~~~~~~ ~~~~~~~~~~~~~~~~
Fix it by forcing size one when num_in_bytes is zero.
Change-Id: Id764c7b5ec4f5b3c18c7da650bbff39fc98ed049
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/7301
Tested-by: jenkins
Clang assumes that size could assume a value that is not 1 nor 2
nor 4. In such condition the buffer in t is allocated (size != 1)
and not initialized. This triggers an error:
src/target/openrisc/or1k_du_adv.c:655:14: warning: 2nd function
call argument is an uninitialized value [core.CallAndMessage]
crc_calc = adbg_compute_crc(crc_calc, data[i], 8);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Add the default case to cover other values of size.
After this fix, clang still complains on the same line, this time
misunderstanding the limits of the loop and considering that
buf_bswap16() only swaps the first 16 bits, thus passing not
initialized value data[2] to adbg_compute_crc()
Replace malloc() with calloc() to silent it.
Change-Id: I358d7fb2ebefd69255670641bd435b770762a301
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/7300
Tested-by: jenkins
All the converters functions:
h_u64_to_le()
h_u64_to_be()
h_u32_to_le()
h_u32_to_be()
h_u24_to_le()
h_u24_to_be()
h_u16_to_le()
h_u16_to_be()
have signed type in their prototype, while the function name and
all the current use cases pass an unsigned value.
Change the prototypes to use unsigned types.
Change-Id: I76dcfdd7912b81f60902184712b2907eae9843f7
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Reviewed-on: https://review.openocd.org/c/openocd/+/7299
Tested-by: jenkins
Antonio Borneo
Nima Palizban
Karl Palsson
Evgeniy Naydanov
Koudai Iwahori
Dolu1990
Tim Newsome
Marc Schink
Rocco Marco Guglielmi
Nick Kraus
Evgeniy Naydanov
Tomas Vanek
Giulio Fieramosca
Andreas Bolsch
Simon Smiganovski
George Voicu
Daniel Anselmi