Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

setting gdb breakpoints at init causes PSRAM memory overwrite (IDFGH-8913) (OCD-670) #264

Closed
3 tasks done
zfields opened this issue Dec 8, 2022 · 20 comments
Closed
3 tasks done

Comments

@zfields
Copy link

zfields commented Dec 8, 2022

Answers checklist.

  • I have read the documentation ESP-IDF Programming Guide and the issue is not addressed there.
  • I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
  • I have searched the issue tracker for a similar issue and not found a similar issue.

IDF version.

v5.0

Operating System used.

macOS

How did you build your project?

Command line with idf.py

If you are using Windows, please specify command line type.

None

Development Kit.

ESP32-S3-WROOM-1 (N8R2)

Power Supply used.

USB

What is the expected behavior?

I expect to be able to allocate PSRAM in chunks bigger than 24540 bytes.

What is the actual behavior?

It starts to overwrite memory when 24541 and larger bytes are allocated.

Steps to reproduce.

main.c

#include <stdio.h>
#include <string.h>

void app_main(void)
{
    // CONFIG_SPIRAM_MALLOC_ALWAYSINTERNAL == 16384, so any block larger than this                                      
    // will be forced into PSRAM.  The following shows an overwrite.                                                    
    // 24540 works; 24541 begins to show overwrite; 1000000 is massive overwrite                                        
    uint8_t *obj = calloc(24541,sizeof(uint8_t));
    (void)obj;

    // Test breakpoints, to be set when you are stopped at app_main.                                                    
    // - if you only set "b 15" then "c", when it breaks do an "x/128xb obj" you'll see 0's as you should               
    // - but if you set "b 15" AND "b 16" AND "b 17" then "c", when it breaks you'll see bad values                     
    printf("breakpoint 1\n");
    printf("breakpoint 2\n");
    printf("breakpoint 3\n");
}
  1. Use an ESP32-S3 (N8R2) and plug both USB's into your PC
  2. In esp-idf, make sure you "./install.sh esp32s3" to install tooling for the S3
  3. In this project do "idf.py set-target esp32s3"
  4. in "idf.py menuconfig"
    1. Compiler Options / Optimization Level / Debug without optimization (-O0)
    2. Serial flasher config -> Flash size -> 8 MB
    3. Component Config -> ESP PSRAM -> ENABLE Support for external, SPI-connected RAM
  5. idf.py build & idf.py flash to flash...
  6. Start two terminal sessions, and in both make sure you do ". ./export.sh" to set env vars
  7. In terminal 1, run:
    openocd -f board/esp32s3-builtin.cfg -c "esp32s3.cpu1 configure -rtos FreeRTOS"
  8. In terminal 2, run:
    xtensa-esp32s3-elf-gdb -tui -ex 'set pagination off' -ex 'target extended-remote :3333' -ex 'mon reset halt' -ex 'maintenance flush register-cache' -ex 'thb app_main' -ex 'monitor [target current] configure -event gdb-detach { shutdown }' -ex 'c' ./build/main.elf

Debug Logs.

No response

More Information.

  • Allocating 24540 works; 24541 begins to show overwrite
  • if you only set "b 15" then "c", when it breaks do an "x/128xb obj" you'll see 0's as you should
  • if you set "b 15" AND "b 16" AND "b 17" then "c", when it breaks you'll see bad values
@github-actions github-actions bot changed the title Bad allocations to PSRAM when size exceeds 24540 Bad allocations to PSRAM when size exceeds 24540 (IDFGH-8913) Dec 8, 2022
@zfields zfields changed the title Bad allocations to PSRAM when size exceeds 24540 (IDFGH-8913) Bad allocations to PSRAM during initialization. Setting gdb software or hardware breakpoints causes memory overwrite (IDFGH-8913) Dec 8, 2022
@igrr
Copy link
Member

igrr commented Dec 8, 2022

@zfields Do you observe this issue when you aren't connecting OpenOCD? I think OpenOCD on ESP32-S3 doesn't support PSRAM yet, so PSRAM data may be corrupted when OpenOCD is setting/removing a breakpoint.

@zfields zfields changed the title Bad allocations to PSRAM during initialization. Setting gdb software or hardware breakpoints causes memory overwrite (IDFGH-8913) setting gdb breakpoints at init causes PSRAM memory overwrite (IDFGH-8913) Dec 8, 2022
@zfields
Copy link
Author

zfields commented Dec 8, 2022

If that's true, that would certainly explain it. How would I connect without OpenOCD to check?

@igrr
Copy link
Member

igrr commented Dec 8, 2022

I think you can try to still run OpenOCD but disable the software breakpoints in flash, then force GDB to use only hardware breakpoints. As a result, OpenOCD will not write to flash and this should prevent PSRAM corruption.

In step 7:

openocd -c 'set ESP_FLASH_SIZE 0' -f board/esp32s3-builtin.cfg

When running GDB, add

-ex 'set remote hardware-breakpoint-limit 2'

and use thb (temporary hardware breakpoint) instead of b to use only hardware breakpoints and keep the number of breakpoints <=2.

@zfields
Copy link
Author

zfields commented Dec 8, 2022

Thanks @igrr for following up with me so quickly!

When dumping memory even with these fixes and even with 1 breakpoint, the first byte looks bad when you first dump it. However, it seems to "clear up" if you dump it twice. Any ideas?

Also, is there any time frame for when using OpenOCD on the ESP32-S3 will support PSRAM?

@igrr igrr transferred this issue from espressif/esp-idf Dec 13, 2022
@github-actions github-actions bot changed the title setting gdb breakpoints at init causes PSRAM memory overwrite (IDFGH-8913) setting gdb breakpoints at init causes PSRAM memory overwrite (IDFGH-8913) (OCD-670) Dec 13, 2022
@igrr
Copy link
Member

igrr commented Dec 13, 2022

@zfields Have transferred this issue to OpenOCD project so that it is tracked properly.

Regarding the successful read on 2nd attempt, there has been a similar issue we had fixed recently; however it looks like you are already using the latest release which includes the fix. Could you please confirm the version of OpenOCD you are running?

Regarding PSRAM support for ESP32-S3, it will likely be done in Q1 2023.

@zfields
Copy link
Author

zfields commented Dec 13, 2022

Thanks @igrr!

Could you please confirm the version of OpenOCD you are running?

I'm using OpenOCD v0.11.0-esp32-20221026.

Regarding PSRAM support for ESP32-S3, it will likely be done in Q1 2023.

Thanks, that's great news!

Have transferred this issue to OpenOCD project so that it is tracked properly.

No, I have not. Is there a way to "transfer" it using the GitHub UI, or do you mean reopen it there?

@igrr
Copy link
Member

igrr commented Dec 13, 2022

Sorry for not phrasing this clearly. I meant that I have already transferred this issue to the OpenOCD project. You don't need to do anything.

@erhankur
Copy link
Collaborator

erhankur commented Jan 4, 2023

Hi @zfields Can I ask you to test with the attached version?

openocd-esp32-macos-0.11.0-esp32-20221026-86-g283b87d64.tar.gz

@zfields
Copy link
Author

zfields commented Jan 5, 2023

I'm working on something at this very moment, but I will test it ASAP and get back to you.

Thanks!

@zfields
Copy link
Author

zfields commented Jan 5, 2023

I tried it with the new openocd.

image

As you can see, the three breakpoints say that they were set just fine. However, when I pressed "c" to continue, then it spit out the error messages shown the terminal.

@erhankur
Copy link
Collaborator

erhankur commented Mar 2, 2023

@zfields We provided the solution in the latest release. Can you please confirm your issue has been fixed?

@zfields
Copy link
Author

zfields commented Mar 2, 2023

I'm sorry, but it does NOT appear to be fixed.

My Test

  1. rm -rf of both ~/.espressif and ~/esp/esp-idf

  2. reinstalled the 5.0.1-tagged release

    double-checking the versions:

    $ idf.py --version
    ESP-IDF v5.0.1
    $ which openocd
    /Users/rozzie/.espressif/tools/openocd-esp32/v0.11.0-esp32-20221026/openocd-esp32/bin/openocd
    $ openocd --version
    Open On-Chip Debugger v0.11.0-esp32-20221026 (2022-10-26-14:48)
    $ which xtensa-esp32-elf-gdb
    /Users/rozzie/.espressif/tools/xtensa-esp-elf-gdb/11.2_20220823/xtensa-esp-elf-gdb/bin/xtensa-esp32-elf-gdb
    $ xtensa-esp32-elf-gdb --version
    GNU gdb (esp-gdb) 11.2_20220823
    
  3. rm -rf of the build folder as a brute force idf.py clean

  4. rebuilt and re-flashed the app

  5. set the breakpoints

  6. exactly same problem happens

Repro Instructions

sample_project.zip

  1. unzip this sample_project
  2. open two terminal windows
  3. do . ./export.sh in each
  4. in each terminal, cd to the new sample_project directory
  5. in one terminal, do an idf.py build and idf.py flash
  6. in the same terminal, type ./serve.sh
  7. in the other terminal, type ./debug.sh

when it hits the first breakpoint in gdb, look at the source code and follow the instructions

@gerekon
Copy link
Collaborator

gerekon commented Mar 2, 2023

@zfields IDF is not updated to use the latest release. In your example you still use v0.11.0-esp32-20221026.
To test it you need to download and run it manually.

@zfields
Copy link
Author

zfields commented Mar 2, 2023

I'm happy to test, but this is the message I responded to:

@zfields We provided the solution in the latest release. Can you please confirm your issue has been fixed?

Can you please provide detailed instructions on what exactly you would like for me to test?

image

@gerekon
Copy link
Collaborator

gerekon commented Mar 2, 2023

I'm happy to test, but this is the message I responded to:

I suppose that was about the latest OpenOCD release.

Can you please provide detailed instructions on what exactly you would like for me to test?

It would be great of you checked your scenario described in the first message of this topic. But with the latest OpenOCD release. So your modified command should look like

$PATH_TO_LATEST_RELEASE/bin/openocd -s $PATH_TO_LATEST_RELEASE/share/openocd/scripts -f board/esp32s3-builtin.cfg -c "esp32s3.cpu1 configure -rtos FreeRTOS"

@zfields
Copy link
Author

zfields commented Mar 2, 2023

Okay, so everything else will be the same, and you want me to additionally update/replace openocd-esp32 with the latest release.

I'll will test this 👆, and get back to you.

@zfields
Copy link
Author

zfields commented Mar 2, 2023

I downloaded the latest openocd-esp32, but I'm still having the issue.

$ which openocd-esp32/bin/openocd
openocd-esp32/bin/openocd
$ openocd-esp32/bin/openocd --version
Open On-Chip Debugger v0.12.0-esp32-20230221 (2023-02-21-11:31)
Licensed under GNU GPL v2
For bug reports, read
	http://openocd.org/doc/doxygen/bugs.html

downloaded from: https://github.com/espressif/openocd-esp32/releases/tag/v0.12.0-esp32-20230221

The problem happens when I say "c" to continue after setting the breakpoint. On the gdb side it gives the warning that I can't insert the breakpoint, and on the openocd side it says "Warn" "address not writable".

GDB Output:

image

OpenOCD Output:
openocd-esp32/bin/openocd -f board/esp32s3-builtin.cfg

sample_project $ serve.sh
++ openocd-esp32/bin/openocd -f board/esp32s3-builtin.cfg
Open On-Chip Debugger v0.12.0-esp32-20230221 (2023-02-21-11:31)
Licensed under GNU GPL v2
For bug reports, read
	http://openocd.org/doc/doxygen/bugs.html
Info : only one transport option; autoselecting 'jtag'
Info : esp_usb_jtag: VID set to 0x303a and PID to 0x1001
Info : esp_usb_jtag: capabilities descriptor set to 0x2000
Warn : Transport "jtag" was already selected
Info : Listening on port 6666 for tcl connections
Info : Listening on port 4444 for telnet connections
Info : esp_usb_jtag: serial (68:B6:B3:2C:D6:10)
Info : esp_usb_jtag: Device found. Base speed 40000KHz, div range 1 to 255
Info : clock speed 40000 kHz
Info : JTAG tap: esp32s3.cpu0 tap/device found: 0x120034e5 (mfg: 0x272 (Tensilica), part: 0x2003, ver: 0x1)
Info : JTAG tap: esp32s3.cpu1 tap/device found: 0x120034e5 (mfg: 0x272 (Tensilica), part: 0x2003, ver: 0x1)
Info : starting gdb server for esp32s3.cpu0 on 3333
Info : Listening on port 3333 for gdb connections
Info : [esp32s3.cpu0] Target halted, PC=0x4200CA15, debug_reason=00000001
Info : [esp32s3.cpu0] Reset cause (3) - (Software core reset)
Info : Set GDB target to 'esp32s3.cpu0'
Info : [esp32s3.cpu1] Target halted, PC=0x4037A900, debug_reason=00000000
Info : [esp32s3.cpu1] Reset cause (3) - (Software core reset)
Info : accepting 'gdb' connection on tcp/3333
Warn : No symbols for FreeRTOS!
Info : [esp32s3.cpu0] Target halted, PC=0x40374400, debug_reason=00000001
Error: Failed to get flash maps (151587081)!
Warn : Failed to get flash mappings (-4)!
Info : [esp32s3.cpu0] Target halted, PC=0x403B244A, debug_reason=00000001
Info : [esp32s3.cpu0] Target halted, PC=0x403B244A, debug_reason=00000001
Info : Auto-detected flash bank 'esp32s3.cpu0.flash' size 148034 KB
Info : Using flash bank 'esp32s3.cpu0.flash' size 148034 KB
Info : [esp32s3.cpu0] Target halted, PC=0x40374400, debug_reason=00000001
Error: Failed to get flash maps (151587081)!
Warn : Failed to get flash mappings (-4)!
Info : [esp32s3.cpu0] Target halted, PC=0x403B244A, debug_reason=00000001
Info : Using flash bank 'esp32s3.cpu0.irom' size 0 KB
Info : [esp32s3.cpu0] Target halted, PC=0x40374400, debug_reason=00000001
Error: Failed to get flash maps (151587081)!
Warn : Failed to get flash mappings (-4)!
Info : [esp32s3.cpu0] Target halted, PC=0x403B244A, debug_reason=00000001
Info : Using flash bank 'esp32s3.cpu0.drom' size 0 KB
Info : New GDB Connection: 1, Target esp32s3.cpu0, state: halted
Warn : negative reply, retrying
Info : Detected FreeRTOS version: (10.4.3)
Info : JTAG tap: esp32s3.cpu0 tap/device found: 0x120034e5 (mfg: 0x272 (Tensilica), part: 0x2003, ver: 0x1)
Info : JTAG tap: esp32s3.cpu1 tap/device found: 0x120034e5 (mfg: 0x272 (Tensilica), part: 0x2003, ver: 0x1)
Info : [esp32s3.cpu0] requesting target halt and executing a soft reset
Info : [esp32s3.cpu0] Debug controller was reset.
Info : [esp32s3.cpu0] Core was reset.
Info : [esp32s3.cpu0] Target halted, PC=0x500000EF, debug_reason=00000000
Info : [esp32s3.cpu0] Reset cause (3) - (Software core reset)
Info : [esp32s3.cpu1] requesting target halt and executing a soft reset
Info : [esp32s3.cpu0] Core was reset.
Info : [esp32s3.cpu0] Target halted, PC=0x40000400, debug_reason=00000000
Info : [esp32s3.cpu1] Debug controller was reset.
Info : [esp32s3.cpu1] Core was reset.
Info : [esp32s3.cpu1] Target halted, PC=0x40000400, debug_reason=00000000
Info : [esp32s3.cpu1] Reset cause (3) - (Software core reset)
Info : [esp32s3.cpu0] Reset cause (3) - (Software core reset)
Info : [esp32s3.cpu1] Debug controller was reset.
Info : [esp32s3.cpu1] Core was reset.
Info : [esp32s3.cpu1] Target halted, PC=0x40041A79, debug_reason=00000000
Info : [esp32s3.cpu1] Reset cause (3) - (Software core reset)
Info : [esp32s3.cpu0] Target halted, PC=0x4200CA15, debug_reason=00000001
Info : Set GDB target to 'esp32s3.cpu0'
Info : [esp32s3.cpu1] Target halted, PC=0x4037A900, debug_reason=00000000
Info : Detected FreeRTOS version: (10.4.3)
Warn : address 0x4200ca36 not writable
Error: [esp32s3.cpu0] Error writing instruction to memory: -4
Error: [esp32s3.cpu0] Failed to write breakpoint instruction (-4)!
Error: [esp32s3.cpu0] Failed to add SW breakpoint!
Error: can't add breakpoint: unknown reason

@erhankur
Copy link
Collaborator

erhankur commented Mar 2, 2023

@zfields please make sure the OPENOCD_SCRIPTS env variable points to the new location. (path to the v0.12.0-esp32-20230221/openocd-esp32/share/openocd/scripts)

@zfields
Copy link
Author

zfields commented Mar 3, 2023

Eureka! That worked! 👍

Do you know which official IDF release is planned to contain the latest release of openocd-esp32, and approximately when that release is scheduled to occur?

Thanks,
Zak

@erhankur
Copy link
Collaborator

erhankur commented Mar 3, 2023

Afaik, it will be in the IDF v5.1 release around June. Thanks for providing reproducible code and support to get this done.

@erhankur erhankur closed this as completed Mar 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants