CoreSight docs for decoder design and test.
Currently, the most detailed L2 testcase input ( L2_ControlCore_in-4 ) is dumped by CoreSight-Decoder/L1_led_dump from a running linux. Unexpectedly, after several fixed steps to enable the coresight components in linux:
$ cd /sys/bus/coresight/devices
$ echo 1 > tpiu0/enable_sink
$ echo 1 > etm0/enable_source
the output generated by the coresight remains stable, which benifits a lot to the test work:
| 序号 | 报文类型 | 用例输入 | 含义 |
|---|---|---|---|
| 1 | A-Sync | 8022 0022 0022 0022 0022 0022 0022 0022 0022 0022 0022 0022 | N/A |
| 2 | Trace Info | 0022 0122 0122 | N/A |
| 3 | Long Address | 0022 0022 0022 0022 0022 0022 0022 0022 9D22 | 64 ISO L, Address: 0x0 |
| 4 | Trace On | 0422 | N/A |
| 5 | Address with Context | 3122 FF22 FF22 8022 0022 1022 AB22 7F22 7122 8522 | 64 ISO L, Address: 0xFFFF800010ABFFC4, Context info byte, EL=1, SF=64, NS=1, V=0, C=0 |
| 6 | Atom F3 | FC22 | NEE |
| 7 | Long Address | FF22 FF22 8022 0022 1022 AD22 1E22 7A22 9D22 | 64 ISO L, Address: 0xFFFF800010AD3DE8 |
| 8 | Atom F4 | DE22 | ENEN |
| 9 | Atom F3 | FD22 | ENE |
| 10 | Atom F3 | FF22 | EEE |
| 11 | Address | 1022 E722 7022 7222 9A22 | 32 ISO L, Address: 0xFFFF800010E7E1C8 |
| 12 | Atom F4 | DC22 | EEEN |
| 13 | Atom F3 | FA22 | NEN |
| 14 | Atom F3 | F822 | NNN |
| 12 | Atom F3 | FB22 | EEN |
| 13 | Atom F3 | FC22 | NNE |
| 14 | Short Address | 9522 | ISO S, Address: N/A |
Four CPU-associated ETM ids are also probed by L1_led_dump:
| ETM | ID |
|---|---|
| ETM0 | 0x10 |
| ETM1 | 0x12 |
| ETM2 | 0x14 |
| ETM3 | 0x16 |
Three indirect-branch addresses are collected, which can be looked up in disassembled vmlinux image ( generate by petalinux ):
$ aarch64-linux-gnu-objdump -S --start-address=0xFFFF800010ABFF00 vmlinux > vmlinux.S
$ cat vmlinux.S
...
...
int coresight_timeout(struct csdev_access *csa, u32 offset,
int position, int value)
{
...
...
static inline u32 csdev_access_read32(struct csdev_access *csa, u32 offset)
{
...
...
#define __raw_readl __raw_readl
static __always_inline u32 __raw_readl(const volatile void __iomem *addr)
{
u32 val;
asm volatile(ALTERNATIVE("ldr %w0, [%1]",
ffff800010abffb0: b9400084 ldr w4, [x4]
ffff800010abffb4: d50331bf dmb oshld
ffff800010abffb8: 2a0403e4 mov w4, w4
ffff800010abffbc: ca040080 eor x0, x4, x4
ffff800010abffc0: b5000000 cbnz x0, ffff800010abffc0 <coresight_timeout+0x70>
ffff800010abffc4: 8a040284 and x4, x20, x4 <--- This may be where the trace started, instead of a branched address
if (value) {
ffff800010abffc8: 35fffe15 cbnz w21, ffff800010abff88 <coresight_timeout+0x38>
if (!(val & BIT(position)))
ffff800010abffcc: b5fffe04 cbnz x4, ffff800010abff8c <coresight_timeout+0x3c>
return 0;
ffff800010abffd0: 52800000 mov w0, #0x0 // #0
}
return -EAGAIN;
}
...
...
ffff800010ad3ca0 <etm4_enable_hw>:
{
...
...
static inline bool etm4x_is_ete(struct etmv4_drvdata *drvdata)
{
return drvdata->arch >= ETM_ARCH_ETE;
...
...
if (coresight_timeout(csa, TRCSTATR, TRCSTATR_IDLE_BIT, 0))
ffff800010ad3dd4: aa1303e0 mov x0, x19
ffff800010ad3dd8: 52800003 mov w3, #0x0 // #0
ffff800010ad3ddc: 52800002 mov w2, #0x0 // #0
ffff800010ad3de0: 52800181 mov w1, #0xc // #12
ffff800010ad3de4: 97ffb05b bl ffff800010abff50 <coresight_timeout>
ffff800010ad3de8: 35003a20 cbnz w0, ffff800010ad452c <etm4_enable_hw+0x88c> <--- first branched address
dsb(sy);
ffff800010ad3dec: d5033f9f dsb sy
isb();
ffff800010ad3df0: d5033fdf isb
ffff800010ad3df4: a9425bf5 ldp x21, x22, [sp, #32]
ffff800010ad3df8: a94573fb ldp x27, x28, [sp, #80]
if (csa->io_mem)
...
...
A more detailed calling stack can be inferred by referring to the source of CoreSight-Driver/:
etm4_enable_hw(){
...
etm4x_relaxed_write32(csa, 1, TRCPRGCTLR); <--- etm0 enabling
coresight_timeout(){
csdev_access_read32(){
...
cbnz x0, ffff800010abffc0 <coresight_timeout+0x70> <--- loop until TRCSTATR.IDLE down to 0, etm working
and x4, x20, x4 <--- the first instruction address traced by etm
...
}
}
...
}
--