Whole document tree
Palm Debugger Protocol
Document Order |
Alphabetical Order |
Overview
In this document, "target" refers to the object being debugged. This could be the Palm ROM, or Palm OS Emulator. "Host" refers to the debugger, which could be either the Metrowerks debugger or the Palm Debugger. The target side of the debugger communicates by sending command packets to the user interface on the host side. Basically, the target side acts as a slave to the host, carrying out commands and reporting back results.
The target side must be able to respond to some basic command types sent from the host side. These are: get state, display memory, set memory, single step, get routine name, display registers, set registers, continue, set breakpoint, clear breakpoint, set a-trap, clear a-trap, find, and remote procedure call. All high-level commands that a user enters from the host side are broken down into one or more of these basic target commands, which are then sent to the target.
A command packet can be a request packet, response packet, or message packet. Request packets are sent from the host to the target and must be answered by an appropriate response packet from the target. Message packets are sent from either the target or the host and merely report status information and do not require a response from the recipient.
There is no extensive protocol involved between the host and target. Basically, the host sends a request packet and waits for a response from the target, or a timeout. If a response is not detected by the timeout period, the host does not retry the request but could display a message to the user saying that the target is not responding. Usually, if the target does not respond, it means either that the target is currently executing code and has not encountered a breakpoint, or that the target is so messed up that it can't even run the debugger.
Figure 1 shows the structure of request, response, and message packets. Basically, every packet consists of a packet header, a variable length packet body, and a packet footer. The maximim size of a packet body is 272 bytes. The packet header starts with the key 24-bit value $BEEFED and includes packet header information and a checksum of just the header itself. The packet footer contains a 16-bit CRC of the header and body (not footer).
Following the 24-bit value $BEEFED at the start of the packet header is a destination socket ID byte, a source socket ID byte, a packet type byte, a 2 byte body size, a transaction ID byte, and an 8 bit checksum of the header. The destination and source socket IDs and the packet type bytes are always 0 for debugger packets. The bodySize field is the number of bytes that are in the body - which will depend on the particular command being sent. The transaction ID is an 8 bit value that gets incremented every time a command is sent from the host. In order for a response packet from the target to be recognized by the host, its transaction ID must match the transaction ID of the original request packet.
The packet body starts with a command byte immediately followed by a filler byte. The command byte encodes the particular command being sent or acknowledged. Request packets always have the upper bit of the command byte clear, response packets have the upper bit set. Each command has it's own specific structure following the command and filler bytes.
+--------------------+
| $BE (1) |
| $EF (1) |
| $ED (1) |
| dest ID (1) | Header (10 bytes)
| src ID (1) |
| type (1) |
| bodySize (2) |
| transID (1) |
| checkSum (1) |
+--------------------+
| command (1) |
| filler (1) | Body (2-272 bytes)
| variable size data |
+--------------------+
| CRC (2) | Footer (2 bytes)
+--------------------+
State Command
Figure 2 shows the structure of the request and response bodies for the state command. The host sends this command in order to determine the current state of the target, including the current program counter, the values of all the registers, the reason why the target entered the debugger, the current breakpoints, and the name of the routine that the program counter is in. The target will also send a state response packet to the host whenever it encounters an exception and enters the debugger - whether due to a breakpoint, bus error, single step, etc. This is the only time a response packet is sent to the host without a corresponding request packet from the host.
#define sysPktStateCmd 0x00 #define sysPktStateRsp 0x80
Max length of a routine name
#define sysPktMaxNameLen 32
Number of remote code words to send in the 'state response' packet
#define sysPktStateRspInstWords 15
#define dbgNormalBreakpoints 5
#define dbgTempBPIndex dbgNormalBreakpoints
#define dbgTotalBreakpoints (dbgTempBPIndex+1)
typedef struct BreakpointType
{
Ptr addr; // address of breakpoint
Boolean enabled; // true if enabled
Boolean installed; // for alignment
} BreakpointType;
typedef struct SysPktStateCmdType
{
_sysPktBodyCommon; // Common Body header
} SysPktStateCmdCmdType;
Packet Body structure for the state command response packet
typedef struct SysPktStateRspType
{
_sysPktBodyCommon; // Common Body header
Boolean resetted; // true if target has just reset
Word exceptionId; // exception which caused the
// debugger to be entered.
M68KregsType reg; // current remote registers.
Word inst[sysPktStateRspInstWords];
// instruction buffer for
// code beginning at PC.
BreakpointType bp[dbgTotalBreakpoints]; // current breakpoints
void* startAddr; // start address of routine
void* endAddr; // end address of routine
char name[sysPktMaxNameLen]; // routine name (0 or more chars),
// immediately follows the address range.
Byte trapTableRev; // rev of trap table. Used to determine
// when host's trap table cache is invalid
} SysPktStateRspType;
The resetted field is non-zero if the target has reset itself since the last time the debugger was entered. The host can use the exceptionID field to determine why the debugger on the target was entered because it contains the address of the exception vector: $8 for a bus error, $7C for a non-maskable interrupt, etc. The 8 data registers are stored in the packet body starting from D0. The 7 address registers are stored starting from A0. The instruction buffer contains the next 30 bytes of code starting from the current program counter. The breakpoint list contains the list of the current breakpoints on the device. This is a fixed length list of 6 breakpoints - unused entries will have 0 in the enabled and installed fields. The last breakpoint in the list (breakpoint #5) is used exclusively for temporary breakpoints installed by the debugger for implementing commands like GoTill (gt).
The routineStart, routineEnd, and routineName fields contain the starting and ending address and name of the current routine. The target side of the debugger determines this information. A routine name is placed at the end of every routine by the compiler and the target side of the debugger scans forward and backwards from the current program counter to determine this information.
Read Memory Command
Figure 3 shows the structure of the request and response bodies for the read command. This command is sent by the host in order to read memory on the target. It can return up to 256 bytes of data. The size of the response body depends on the number of bytes requested in the request packet.
#define sysPktReadMemCmd 0x01
#define sysPktReadMemRsp 0x81
typedef struct SysPktReadMemCmdType
{
_sysPktBodyCommon; // Common Body header
void* address; // Address to read
Word numBytes; // # of bytes to read
} SysPktReadMemCmdType;
typedef struct SysPktReadMemRspType
{
_sysPktBodyCommon; // Common Body header
// Byte data[?]; // variable size
} SysPktReadMemRspType;
Write Memory Command
Figure 4 shows the structure of the request and response bodies for the write command. This command is sent by the host in order to write memory on the target. It can write up to 256 bytes of data. The size of the request packet depends on the number of bytes that need to be written.
#define sysPktWriteMemCmd 0x02
#define sysPktWriteMemRsp 0x82
typedef struct SysPktWriteMemCmdType
{
_sysPktBodyCommon; // Common Body header
void* address; // Address to write
Word numBytes; // # of bytes to write
// Byte data[?]; // variable size data
} SysPktWriteMemCmdType;
typedef struct SysPktWriteMemRspType
{
_sysPktBodyCommon; // Common Body header
} SysPktWriteMemRspType;
Single Step Command
Figure 5 shows the structure of the request and response
bodies for the singleStep command. This command is sent by the host
to tell the target to execute the next instruction. This command and
the continue command (see below) are unique in that they do not get a
respective response back from the target. The host relies on the fact
that when the target re-enters the debugger it will automatically
send a state response packet. In this case, the target will re-enter
the debugger immediately after executing the next
instruction.
#define sysPktSingleStepCmd 0x03
Note: there is no actual single step command implemented in either the ROM or the Palm OS Emulator. Instead, this functionality is performed by setting the trace bit in the Status Register and executing a sysPktContinueCmd.
Get Routine Name Command
Figure 6 shows the structure of the request and response bodies for the getRoutineName command. The host sends this command to determine which routine a particular address is in. It will return the starting and ending address of the routine and the name. The name of each routine is imbedded into the code when it's compiled and the target can determine the starting and ending address and name of the routine by scanning forwards and backwards in the code for this information.
#define sysPktGetRtnNameCmd 0x04
#define sysPktGetRtnNameRsp 0x84
typedef struct SysPktRtnNameCmdType
{
_sysPktBodyCommon; // Common Body header
void* address; // -> address to query on
} SysPktRtnNameCmdType;
typedef struct SysPktRtnNameRspType
{
_sysPktBodyCommon; // Common Body header
void* address; // -> address to query on
void* startAddr; // <- start address of routine
void* endAddr; // <- end address of routine
char name[sysPktMaxNameLen]; // <- routine name, if any immediately
// follows the address range.
// The balance need not be sent.
} SysPktRtnNameRspType;
The address field in the response body is a copy of the address sent in the request. The startAddr and endAddr fields are the starting and ending address of the routine that includes address. The name field is the 0 terminated name of the routine. If the target can not determine which routine address is in, it will return 0 for the first byte of the name in the response body and endAddr will contain the last address that it scanned in trying to find out the routine name. Subsequent getRoutineName calls should use the endAddr from the previous call in order to look for more routines.
Read Registers Command
Figure 7 shows the structure of the request and response bodies for the readRegisters command. This command is sent by the host to get the value of each of the processor registers on the target. The 8 data registers are stored in the packet body starting from D0. The 7 address registers are stored starting from A0.
#define sysPktReadRegsCmd 0x05
#define sysPktReadRegsRsp 0x85
typedef struct SysPktReadRegsCmdTyp
{
_sysPktBodyCommon; // Common Body header
} SysPktReadRegsCmdType;
typedef struct SysPktReadRegsRspType
{
_sysPktBodyCommon; // Common Body header
M68KRegsType reg; // <- return registers
} SysPktReadRegsRspType;
Write Registers Command
Figure 8 shows the structure of the request and response bodies for the writeRegisters command. This command is sent by the host to set the value of each of the processor registers on the target. The 8 data registers are stored in the packet body starting from D0. The 7 address registers are stored starting from A0.
#define sysPktWriteRegsCmd 0x06
#define sysPktWriteRegsRsp 0x86
typedef struct SysPktWriteRegsCmdType
{
_sysPktBodyCommon; // Common Body header
M68KRegsType reg; // -> registers to write
} SysPktWriteRegsCmdType;
typedef struct SysPktWriteRegsRspType
{
_sysPktBodyCommon; // Common Body header
} SysPktWriteRegsRspType;
Continue Command
Figure 9 shows the structure of the request and response bodies for the continue command. This command is sent by the host to tell the target to continue execution. This is usually sent as a result of the user entering the Go (g) command. The debugger on the target will not get re-entered again unless a breakpoint or other exception is encountered. The target does not send a response to this command. If the target does re-enter the debugger due to a subsequent exception, it will send a state response packet to the host.
#define sysPktContinueCmd 0x07
typedef struct SysPktContinueCmdType
{
_sysPktBodyCommon; // Common Body header
M68KregsType regs; // registers
Boolean stepSpy; // set true to do step spy
DWord ssAddr; // step spy address
DWord ssCount; // # of bytes
DWord ssCheckSum; // checksum
} SysPktContinueCmdType;
Get Breakpoints Command
Figure 10 shows the structure of the request and response bodies for the getBreakpoints command. This command is sent by the host to get the current settings of all target breakpoints. The response body has an array of 6 breakpoints in it. If the enabled field for a particular breakpoint entry is 0, it means that breakpoint is disabled. If the address field is 0, it means that breakpoint is not used. The installed field is currently never used.
#define sysPktGetBreakpointsCmd 0x0B
#define sysPktGetBreakpointsRsp 0x8B
typedef struct SysPktGetBreakpointsCmdType
{
_sysPktBodyCommon; // Common Body header
} SysPktGetBreakpointsCmdType;
typedef struct SysPktGetBreakpointsRspType
{
_sysPktBodyCommon; // Common Body header
BreakpointType bp[dbgTotalBreakpoints];
} SysPktGetBreakpointsRspType;
Set Breakpoints Command
Figure 11 shows the structure of the request and response bodies for the setBreakpoints command. This command is sent by the host to set the target breakpoints. The request body has an array of 6 breakpoints in it. If the enabled field for a particular breakpoint entry is 0, it means that breakpoint is disabled. If the address field is 0, it means that breakpoint is not used.
#define sysPktSetBreakpointsCmd 0x0C
#define sysPktSetBreakpointsRsp 0x8C
typedef struct SysPktSetTrapBreaksCmdType
{
_sysPktBodyCommon; // Common Body header
Word trapBP[dbgTotalTrapBreaks];
} SysPktSetTrapBreaksCmdType;
typedef struct SysPktSetTrapBreaksRspType
{
_sysPktBodyCommon; // Common Body header
} SysPktSetTrapBreaksRspType;
Toggle Debugger Breaks Command
Figure 12 shows the structure of the request and response bodies for the toggleDbgBreaks command. This command is sent by the host to enable or disable compiled-in breakpoints. A compiled in breakpoint is a special TRAP instruction that gets compiled into the code with the DbgBreak() and DbgSrcBreak() calls. The host can send this command to tell the target whether or not to ignore these breakpoints. The request toggles the state and the response returns the new state (non-zero for enabled, 0 for disabled).
#define sysPktDbgBreakToggleCmd 0x0D
#define sysPktDbgBreakToggleRsp 0x8D
typedef struct SysPktDbgBreakToggleCmdType
{
_sysPktBodyCommon; // Common Body header
} SysPktDbgBreakToggleCmdType;
typedef struct SysPktDbgBreakToggleRspType
{
_sysPktBodyCommon; // Common Body header
Boolean newState;
} SysPktDbgBreakToggleRspType;
Get Trap Breaks Command
Figure 13 shows the structure of the request and response bodies for the getTrapBreaks command. The host sends this command to get the current settings of all target trap breaks. The response body has an array of 5 traps in it. If the trap field is 0, it means that trap break is not used. Trap breaks are used to force the target to enter the debugger when a particular system trap is called. Up to 5 trap breaks can be set at any time.
#define sysPktGetTrapBreaksCmd 0x10
#define sysPktGetTrapBreaksRsp 0x90
typedef struct SysPktGetTrapBreaksCmdType
{
_sysPktBodyCommon; // Common Body header
} SysPktGetTrapBreaksCmdType;
typedef struct SysPktGetTrapBreaksRspType
{
_sysPktBodyCommon; // Common Body header
Word trapBP[dbgTotalTrapBreaks];
} SysPktGetTrapBreaksRspType;
Set Trap Breaks Command
Figure 14 shows the structure of the request and response bodies for the setTrapBreaks command. The host sends this command to set the current settings of all target trap breaks. The request body has an array of 5 traps in it. If the trap field is 0, it means that trap break is not used. Trap breaks are used to force the target to enter the debugger when a particular system trap is called. Up to 5 trap breaks can be set at any time.
#define sysPktSetTrapBreaksCmd 0x11
#define sysPktSetTrapBreaksRsp 0x91
typedef struct SysPktSetTrapBreaksCmdType
{
_sysPktBodyCommon; // Common Body header
Word trapBP[dbgTotalTrapBreaks];
} SysPktSetTrapBreaksCmdType;
typedef struct SysPktSetTrapBreaksRspType
{
_sysPktBodyCommon; // Common Body header
} SysPktSetTrapBreaksRspType;
Find Command
Figure 15 shows the structure of the request and response bodies for the find command. This command is sent by the host to search for data on the target. The firstAddr and lastAddr fields of the request set the range of addresses to search through. The numBytes field contains the number of bytes in the search string. If the caseInsensitive byte is non-zero, a case-insensitive search will be made. The variable length search string follows the caseInsensitive field.
In the response body, addrFound contains the address of the found data. If the data was not found, the found field will be 0.
#define sysPktFindCmd 0x13
#define sysPktFindRsp 0x93
typedef struct SysPktFindCmdType
{
_sysPktBodyCommon; // Common Body header
DWord firstAddr; // first address to search
DWord lastAddr; // last address to begin searching
Word numBytes; // number of data bytes to match
Boolean caseInsensitive; // if true, perform a case-insensitive search
} SysPktFindCmdType;
typedef struct SysPktFindRspType
{
_sysPktBodyCommon; // Common Body header
DWord addr; // address where data was found
Boolean found; // true if data was found
} SysPktFindRspType;
Message Command
Figure 16 shows the structure of the message packet body. This packet is sent by the target to display a message on the host. Debugger messages can be compiled into the source code through the DbgMessage() call. They can be used by applications on Palm devices for displaying application specific debugging messages during execution. There is no response sent back from the host to the target when it receives one of these packets.
#define sysPktRemoteMsgCmd 0x7F
typedef struct SysPktRemoteMsgCmdType
{
_sysPktBodyCommon; // Common Body header
Byte text[1]; // variable length text goes here
} SysPktRemoteMsgCmdType;
RPC Command
#define sysPktRPCCmd 0x0A
#define sysPktRPCRsp 0x8A
typedef struct SysPktRPCParamInfo
{
Byte byRef; // true if param is by reference
Byte size; // # of Bytes of paramData (must be even)
Word data[1]; // variable length array of paramData
} SysPktRPCParamType;
typedef struct SysPktRPCType
{
_sysPktBodyCommon; // Common Body header
Word trapWord; // which trap to execute
Dword resultD0; // result from D0 placed here
Dword resultA0; // result from A0 placed here
Word numParams; // how many parameters follow
// Following is a variable length array of SysPktRPCParamType's
SysPktRPCParamType param[1];
} SysPktRPCType;
Get Trap Conditionals Command (new in 3.0)
These are used to tell the debugger to conditionally break on a trap depending on the value of the first word on the stack. They are used when setting a-traps on library calls.
#define sysPktGetTrapConditionsCmd 0x14
#define sysPktGetTrapConditionsRsp 0x94
typedef struct SysPktGetTrapConditionsCmdType
{
_sysPktBodyCommon; // Common Body header
} SysPktGetTrapConditionsCmdType;
typedef struct SysPktGetTrapConditionsRspType
{
_sysPktBodyCommon; // Common Body header
Word trapParam[dbgTotalTrapBreaks];
} SysPktGetTrapConditionsRspType;
Set Trap Conditionals Command (new in 3.0)
These are used to tell the debugger to conditionally break on a trap depending on the value of the first word on the stack. They are used when setting a-traps on library calls.
#define sysPktSetTrapConditionsCmd 0x15
#define sysPktSetTrapConditionsRsp 0x95
typedef struct SysPktSetTrapConditionsCmdType
{
_sysPktBodyCommon; // Common Body header
Word trapParam[dbgTotalTrapBreaks];
} SysPktSetTrapConditionsCmdType;
typedef struct SysPktSetTrapConditionsRspType
{
_sysPktBodyCommon; // Common Body header
} SysPktSetTrapConditionsRspType;