Gupje/documentation/source/overview.rst

101 lines
4.2 KiB
ReStructuredText
Raw Normal View History

2024-08-02 16:05:02 +02:00
==============
Gupje overview
==============
Gupje is a stub debugger that is designed to be minimal and requires 3 pages(0x1000) of data to be loaded on a target system.
A high level overview of how the memory mapping for this works is shown below.
.. figure:: images/gupje_overview.drawio.svg
.. note::
In the future the debugger will probably grow to 4 pages, to include an extra page for the debugger to use in custom functionality.
2024-11-01 13:48:07 +01:00
Inner workings
--------------
When the debugger is entered it will save the state of the processor into it's storage page. This is done in assembly and is architecture dependent.
When a new architecture is added the first thing that needs to be done is to implement these functionalities.
2024-08-02 16:05:02 +02:00
.. figure:: images/debugger_flow.drawio.svg
2024-11-01 13:48:07 +01:00
The debugger will then wait for commands from the host. The host can send commands to the debugger to read/write memory, jump to an address, etc.
When the user is done it will send the ``REST`` command to the debugger. This will restore the state of the processor and jump to the address defined in ``DEBUGGER_JUMP``.
2024-08-02 16:05:02 +02:00
2024-11-01 13:48:07 +01:00
The debugger also uses a stack that is defined in the debugger. This is done to not taint the original stack of the processor.
API
===
The debugger has a simple API that is used to communicate with the device. The following commands are supported:
2024-08-02 16:05:02 +02:00
Memory Read(Peek)
-----------------
Read an address in memory to the host.
Memory Write(Poke)
------------------
Write a buffer to an address in memory.
Get debugger main(SELF)
-----------------------
Get the main entry point of the debugger. This is used to jump to only the debugger without setting up the stack and registers again.
This taints the device but is very usefull for debugging and showing where the debugger is in memory.
Concrete main(MAIN)
-------------------
Execute the ``concrete_main`` function. This function is fully user customizable and can be used to implement custom functionality.
Like executing boot stages in a Qualcomm bootROM.
Flush Cache(FLSH)
-----------------
Execute architecture specific instructions in order to flush the cache.
.. note::
2024-11-01 13:48:07 +01:00
Only arm64 is supported for this function. The support is there for arm and thumb but not implemented. Probably there will be a change here to support data/code cache flushes.
2024-08-02 16:05:02 +02:00
Jump to address(JUMP)
---------------------
Simple function that will just jump to an address without restoring the stack or registers. Usefull for testing the debugger or relocating it.
Dump special registers(SPEC)
----------------------------
Will dump the special registers to the host. This is architecture dependent and will only dump the registers that are supported. For ARM64 checks for each exception level are implemented.
Synchronize State(SYNC)
-----------------------
This function can be called from the debugger and will force write the registers from the saved state into the processor.
Sync Special(SYNS)
------------------
Will force write the special registers from the saved state into the processor. Usefull for overwriting the ``VBAR_ELN`` and others.
Not all registers are supported here and in the future this will probably be changed to be code pushed from the host to save space and support all special registers.
.. note::
This function is currently only properly implemented for ARM64.
Restore and Jump(REST)
----------------------
This function restores the state of the processor from it's internal storage and jump's to the address defined in ``DEBUGGER_JUMP``.
.. caution::
Currently there is always a register corrupted on the jump function(we need to branch to a register). I have not found a good method to mitigate this(maybe ldr pc in arm/thumb but wont work for arm64)
Restore and Return(RRET)
------------------------
2024-11-01 13:48:07 +01:00
Does the same as ``Restore and Jump`` but instead of jumping it returns to the address that called the debugger(LR).
2024-08-02 16:05:02 +02:00
Glitching
=========
A debug flag is added for adding glitching to the debugger. The command ``GLIT`` will jump to the glitch function but this is not very well implemented yet.
2024-11-01 13:48:07 +01:00
The goal is to add several testable glitch cases to the debugger for profiling.
Features
========
In a typical usecase the flow of the debugger would look as something like this: