Load binary into stm32f103c8t6 with OpenOCD and arm-none-eabi-gdb

Question

I tried to load binary that is compiled from rust code, but it doesn't work.

First, I downloaded Rust code from https://github.com/rust-embedded/discovery . Then, I built it.

# I am in the `src/05-led-roulette` directory
rustup target add thumbv7m-none-eabi
cargo build --target thumbv7m-none-eabi

It was successfully compiled.

After that, I successfully connected with stm32f103c8t6 using OpenOCD. Then, I run this command.

arm-none-eabi-gdb -q target/thumbv7m-none-eabi/debug/led-roulette

But it seemed like it didn't finish reading.

Reading symbols from target/thumbv7m-none-eabi/debug/led-roulette...
(gdb)

(not done?!)

After that, I tried load command, but it returned following sentences.

Start address 0x0, load size 0
Transfer rate: 0 bits in <1 sec.

I have no idea about why it doesn't work.

Please help me.

Answer 1

First see if your binary is good, then try telnet, then gdb. Rust also multiplies the odds of failure, so start with something simple:

so.s

.thumb
.globl _start
_start:
.word 0x20001000
.word reset
.thumb_func
reset:
    ldr r0,some_addr
    ldr r1,[r0]
    add r1,r1,#1
    str r1,[r0]
    b .
    .align
some_addr: .word 0x20000000

build it

arm-none-eabi-as so.s -o so.o
arm-none-eabi-ld -Ttext=0x08000000 so.o -o so.elf
arm-none-eabi-objdump -D so.elf 
arm-none-eabi-objdump -D so.elf 

so.elf: file format elf32-littlearm

Disassembly of section .text:

08000000 <_start>: 8000000: 20001000 andcs r1, r0, r0 8000004: 08000009 stmdaeq r0, {r0, r3}

08000008 : 8000008: 4802 ldr r0, [pc, #8] ; (8000014 <some_addr>) 800000a: 6801 ldr r1, [r0, #0] 800000c: 3101 adds r1, #1 800000e: 6001 str r1, [r0, #0] 8000010: e7fe bn 8000010 <reset+0x8> 8000012: 46c0 nop ; (mov r8, r8)

08000014 <some_addr>: 8000014: 20000000 andcs r0, r0, r0

for small programs (Read the st documentation) this can be based at address 0x08000000 or 0x00000000 for this part. 0x08000000 is preferred. The vector table must be first in this case ignore the disassembly just look at the values

 8000000:   20001000    andcs   r1, r0, r0
 8000004:   08000009    stmdaeq r0, {r0, r3}

The 0x08000009 is the reset address ORRed with one. so 0x08000008 | 1 is 0x08000009. So that will at least boot and try to fetch code without a fault.

This code simply reads the word at address 0x20000000 and increments it, sram is not affected by a reset so we can keep resetting and seeing that value increment.

using whatever configs you have and interface, I combine the openocd one for the st part into a single file and carry that with the project along with ones for the various interfaces (stlinks of different versions and jlink).

openocd -f jlink.cfg -f target.cfg 

Open On-Chip Debugger 0.9.0 (2019-04-28-23:34)
Licensed under GNU GPL v2
For bug reports, read
    http://openocd.org/doc/doxygen/bugs.html
Info : JLink SWD mode enabled
swd
adapter speed: 1000 kHz
adapter_nsrst_delay: 100
none separate
cortex_m reset_config sysresetreq
Info : J-Link ARM-OB STM32 compiled Jun 30 2009 11:14:15
Info : J-Link caps 0x88ea5833
Info : J-Link hw version 70000
Info : J-Link hw type J-Link
Info : J-Link max mem block 15344
Info : J-Link configuration
Info : USB-Address: 0x0
Info : Kickstart power on JTAG-pin 19: 0x0
Info : Vref = 3.300 TCK = 1 TDI = 1 TDO = 1 TMS = 1 SRST = 1 TRST = 1
Info : J-Link JTAG Interface ready
Info : clock speed 1000 kHz
Info : SWD IDCODE 0x1ba01477
Info : stm32f1x.cpu: hardware has 6 breakpoints, 4 watchpoints

If you don't see the watchpoints line if it returns to the console, it didn't work.

In another window

telnet localhost 4444
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger
>

Now let's stop the chip and write our program. The psr, pc, etc values may be different depending than mine depending on what you had running.

> reset halt
target state: halted
target halted due to debug-request, current mode: Thread 
xPSR: 0x01000000 pc: 0x08000010 msp: 0x20001000
> flash write_image erase so.elf
auto erase enabled
device id = 0x20036410
flash size = 64kbytes
wrote 1024 bytes from file so.elf in 0.437883s (2.284 KiB/s)

Let's read it and see that it is there, should match the words from the disassembly

> mdw 0x08000000 20
0x08000000: 20001000 08000009 5000f04f 31016801 e7fe6001 ffffffff ffffffff ffffffff 
0x08000020: ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff 
0x08000040: ffffffff ffffffff ffffffff ffffffff 

Assume this is random garbage and that is fine so long as we see it increment.

> mdw 0x20000000
0x20000000: 2e006816 
> reset
> halt
target state: halted
target halted due to debug-request, current mode: Thread 
xPSR: 0x01000000 pc: 0x08000012 msp: 0x20001000
> mdw 0x20000000
0x20000000: 2e006817 

So the value incremented if you do a reset, then do a halt (not a reset halt in one command) then dump that memory location it should keep incrementing every time.

Now you can choose to take the gdb path (I don't have a use for gdb so don't have one installed) with this binary or examine your rust binary by first examining the vector table to see it is correct, without at least the reset vector being correct then you will fault and not run any code on the processor. Can flash it using telnet or you can try gdb.

If gdb is having a problem with the file then perhaps you are using the wrong file. or the file is incorrectly built. did you try a simple program in that repository? can you make a minimal program from that repository, an empty entry function or an infinite loop or a counter that counts forever?

Is this truly a gdb problem? Is this an openocd problem? Is this a Rust tools problem? Is this a Rust binary problem? Is this a bug in the docs and you are pointing gdb at the wrong file problem? If the above works then openocd works, binutils at least works, the debugger/hardware works, it eliminates those and then becomes is this a rust thing, a gdb thing, using the wrong file thing, or something else?

Answer 2

After connecting openocd with the board don't forget to connect the debugger arm-none-eabi-gdb with openocd .

> arm-none-eabi-gdb -se target/thumbv7em-none-eabi/release/your_binary
(gdb) target remote localhost:3333

If all is OK in the terminal console where openocd is running you will see the message:

accepting 'gdb' connection on tcp/3333`

and you should be able to start debugging.

To optimize connection setup you may create/update the .gdbinit file with the content:

target remote localhost:3333