Intel(R) System Studio Developer Story : With XDB and Minnow board, how to debug exception errors in the Android-Linux-Kernel.
In this article, we can see how to debug and check the exception error in Android Linux Kernel in Intel ® X86 system with XDB JTAG debugger which is a part of tool Intel System Studio ® Tool Suite. In doing so, we are supposed to see what is the JTAG and XDB and some information of the exception handling of Intel ® X86 architecture as well.
1. JTAG overview
JTAG stands for Joint Test Action Group and is pronounced to jay-tag but, which is normally meaning IEEE std 1149.1-1990 IEEE Stadard Test Access Port and Boundary-Scan Architecture. This standard is to do debug and test SoC (System On Chip) and Microprocessor Software.
The configuration of a JTAG debugging is consist of three parts ; Debugger Software in a host machine, JTAG adapter and On chip debug(OCD) in SoC.
1.1 Debugger SW
It is getting addresses and data from JTAG adapter and showing it to user and user can send data and address to JTAG adapter via USB as vice versa. By using this tool, user can run control and do source line debug with loading symbol of the image which is downloaded to target system such as run, stop, step into, step over, set break point. And an accessing memory is possible as well. So user can easily do debugging the SW of target system and inspect system memory and registers. XDB is a host side debugger SW in Intel system Studio.
1.2 JTAG Adapter (Probe)
JTAG adapter is the HW box which converts JTAG signals to PC connectivity signals such as USB, parallel, RS-232, Ethernet. USB is most popular one and many of adapter is using the USB as a connection to host PC. While target side interface has many variation nevertheless there is minimal standard JTAG pin numbers, e.g. ARM 10-pin, ST 14-pin, OCDS 16-pin, ARM 20-pin. For XDB and Minnow Max configurations which is used in this article has 60-pin connection with a target. ITP-XDP3 (a.k.a. Intel Blue Box) is used for JTAG adapter of Minnow debugging. XDB is also compatible with some other JTAG debugger such as Macraigor® Systems usb2Demon® , OpenOCD.
1.3 On Chip Debug (Target SoC)
The main component of OCD is TAP (Test Access Point) and TDI(Test Data In) / TDO(Test Data Out). By using TAP we can reset or read/write register and bypass and with TDI/TDO we can do Boundary Scan (Click for more details and picture).
< Figure 1-1> Configuration of JTAG probe and target system - Lure is the small pin adapter for ITP-XDP3 and Minnow Board.
2. Overview of Exception in Intel Architecture
An exception is a synchronous event that is generated when the processor detects one or more predefined
conditions while executing an instruction. The IA-32 architecture specifies three classes of exceptions: faults,
traps, and aborts. Normally faults and traps are recoverable while abort does not allow a restart of the program. When there is exception, it is processed as same way as interrupt handling. Which means that after halting and save current process then system switches to the exception handler and comes back again once an exception handling is done.
< Table 2-1 > Protected-Mode Exceptions and Interrupts
3. Prepare the Minnow board and ITP-XDP3 with a host PC connection via USB
You need to set up Minnow board with Android OS. For this, please see the "Intel(R) System Studio Developer Story : How to configure, build and profile the Linux Kernel of Android by using the VTune" article (Please click the link). It has the introduction of Minnow board and how to set up / build / download Android OS in Minnow boards.
Connect Minnow board with the lure (which is small PCB with 60 pin JTAG connector) to ITP-XDP3 JTAG probe and ITP-XDP3 to a host PC via USB which has already been installed Intel System Studio first for USB driver of ITP-XDP3. You can check the device manager of your Windows host if the USB driver of XDP3 is installed correctly. And finally, run the XDB.
<Figure 3-1> Connections of Minnow target board, ITP-XDP3 JTAG probe and XDB on the host PC.
4. Using a XDB for exceptions of Android Kernel on the IA (Minnow board).
We see the step by step procedure of using XDB to check and debug the exception in a Kernel.
(1) Run XDB : Go to the Installed directory and run the batch file. (e.g. start_xdb_legacy_products.bat).
(2) Connect to the target : Go to the XDB menu - File - Connect and select ITP-XDP3 and Z3680, Z37xx.
(3) Load the symbol files and set the directory of source files. Go to the XDB menu - File - Load / Unload Symbol and set the symbol files. Per source files, go to the XDB menu - Options - Source Directories and set the rule and directories. Rule is to adjust files directory between current source path and path in the symbol file which recorded in compile time.
(4) Browse to the entry file which has exception handler : XDB menu - View - Source files and open the entry_64.S file.
(5) Set break point in the exception entry point : Go and find the ENTRY(error_entry) which is entry point of exception with an error code in rax register. And each exception handler is defined as zeroentry or errorentry macros, so you can set break point in the error_entry or some specific handler. In this article, we are using the "zeroentry invalid_op do_invalid_op" for testing.
ENTRY(error_entry) XCPT_FRAME CFI_ADJUST_CFA_OFFSET 15*8 /* oldrax contains error code */ cld movq_cfi rdi, RDI+8 movq_cfi rsi, RSI+8 movq_cfi rdx, RDX+8 movq_cfi rcx, RCX+8 movq_cfi rax, RAX+8 movq_cfi r8, R8+8 movq_cfi r9, R9+8 movq_cfi r10, R10+8 movq_cfi r11, R11+8 movq_cfi rbx, RBX+8 movq_cfi rbp, RBP+8 movq_cfi r12, R12+8 movq_cfi r13, R13+8 movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx testl $3,CS+8(%rsp) je error_kernelspace error_swapgs: SWAPGS error_sti: TRACE_IRQS_OFF ret zeroentry divide_error do_divide_error zeroentry overflow do_overflow zeroentry bounds do_bounds zeroentry invalid_op do_invalid_op zeroentry device_not_available do_device_not_available paranoiderrorentry double_fault do_double_fault zeroentry coprocessor_segment_overrun do_coprocessor_segment_overrun errorentry invalid_TSS do_invalid_TSS errorentry segment_not_present do_segment_not_present zeroentry spurious_interrupt_bug do_spurious_interrupt_bug zeroentry coprocessor_error do_coprocessor_error errorentry alignment_check do_alignment_check zeroentry simd_coprocessor_error do_simd_coprocessor_error
(6) Examples : make an exception and check if the handler got it when we set break point : Set break point to the "zeroentry invalid_op do_invalid_op" and call the BUG() which makes the "Invalid Opcode" fault by ud2 instruction.
#define BUG() \ do { \ asm volatile("ud2"); \ unreachable(); \ } while (0)
< Call the BUG() >
< Stop at the Invalid_op of break point >
5. Conclusion
Some exceptions are critical error of system HW and SW, so it is important what / why / where these kind of exceptions occur. By using XDB, you can easily check it and can do more investigation of these issues. Because XDB provide power features like easily accessing the assembly code and source code and checking the call stack and registers.
6. References
Intel® 64 and IA-32 Architectures Software Developer’s Manual
jtag 101 ieee 1149.x and software debug