From b8ce62e6e740a27ec153a0ed7e2b52ce237135ea Mon Sep 17 00:00:00 2001
From: Per <Per Lindgren>
Date: Mon, 13 Jan 2020 00:31:45 +0100
Subject: [PATCH] reading instructions, break step

---
 examples/f401_ktest.rs |  44 ++++++++++++
 runner/src/main.rs     | 150 ++++++++++++++++++++++++++++++++++-------
 2 files changed, 170 insertions(+), 24 deletions(-)
 create mode 100644 examples/f401_ktest.rs

diff --git a/examples/f401_ktest.rs b/examples/f401_ktest.rs
new file mode 100644
index 0000000..1694449
--- /dev/null
+++ b/examples/f401_ktest.rs
@@ -0,0 +1,44 @@
+// minimal example for the stm32-f401 (and the f4 series)
+//! Prints "Hello, world!" on the host console using semihosting
+
+#![no_main]
+#![no_std]
+
+extern crate panic_halt;
+
+use stm32f4::stm32f401 as stm32;
+
+use cortex_m::asm;
+use cortex_m_rt::entry;
+
+#[entry]
+fn main() -> ! {
+    let mut x: u32 = 54;
+    // klee_make_symbolic(&mut x);
+    // while x == 0 {}
+    // // asm::bkpt();
+    asm::bkpt_nr(1);
+    asm::nop();
+    asm::bkpt_nr(2);
+    asm::bkpt();
+    loop {
+        asm::nop();
+    }
+}
+
+#[inline(always)]
+fn klee_make_symbolic<T>(data: &mut T) {
+    asm::bkpt();
+    // unsafe { klee_bkpt(data as *mut T as *mut core::ffi::c_void) };
+}
+
+#[no_mangle]
+pub extern "C" fn klee_bkpt(data: *mut core::ffi::c_void) {
+    //*data = 0;
+    asm::bkpt();
+}
+
+// extern "C" {
+//     pub fn klee_bkpt(ptr: *mut core::ffi::c_void, // pointer to the data
+//     );
+// }
diff --git a/runner/src/main.rs b/runner/src/main.rs
index fa900d4..3d37246 100644
--- a/runner/src/main.rs
+++ b/runner/src/main.rs
@@ -15,6 +15,11 @@ use probe_rs::{
 
 // le byte order
 fn main() {
+    println!("read ktest file");
+
+    let ktest = read_ktest("test000001.ktest").unwrap();
+    println!("ktest {:?}", ktest);
+
     let mut probe = open_probe();
     println!("probe connected");
 
@@ -32,22 +37,21 @@ fn main() {
 
     let mm = session.target.memory_map.clone();
 
-    let path_str = "../target/thumbv7em-none-eabihf/debug/examples/f401_break";
+    let path_str = "../target/thumbv7em-none-eabihf/debug/examples/f401_ktest";
     // programming
 
-    print!("flashing...");
-    download_file(
-        &mut session,
-        std::path::Path::new(&path_str.to_string().as_str()),
-        Format::Elf,
-        &mm,
-    )
-    .map_err(|e| format_err!("failed to flash {}: {}", path_str, e))
-    .unwrap();
+    // print!("flashing...");
+    // download_file(
+    //     &mut session,
+    //     std::path::Path::new(&path_str.to_string().as_str()),
+    //     Format::Elf,
+    //     &mm,
+    // )
+    // .map_err(|e| format_err!("failed to flash {}: {}", path_str, e))
+    // .unwrap();
 
-    println!("... done");
+    // println!("... done");
 
-    // session.probe.target_reset().unwrap();
     let cpu_info = session
         .target
         .core
@@ -61,23 +65,107 @@ fn main() {
     let data = session.probe.read32(0x0000_0004).unwrap();
     println!("reset 0x{:08x}", data);
 
-    session
-        .probe
-        .write_block32(0x2000_0000, &[0x0123_4567, 0x89ab_cdef])
+    run_to_halt(&mut session);
+
+    break_step(&mut session);
+
+    run_to_halt(&mut session);
+
+    break_step(&mut session);
+
+    run_to_halt(&mut session);
+
+    // session
+    //     .target
+    //     .core
+    //     .wait_for_core_halted(&mut session.probe)
+    //     .unwrap();
+    // println!("Core stopped at address 0x{:08x}", cpu_info.pc);
+
+    // session
+    //     .probe
+    //     .write_block32(0x2000_0000, &[0x0123_4567, 0x89ab_cdef])
+    //     .unwrap();
+
+    // let mut r = [0u32; 2];
+    // session.probe.read_block32(0x2000_0000, &mut r).unwrap();
+
+    // println!("0x2000_0000 = 0x{:08x}", r[0]);
+    // println!("0x2000_0004 = 0x{:08x}", r[1]);
+
+    // let cpu_info = session.target.core.step(&mut session.probe).unwrap();
+    // println!("Core stopped at address 0x{:08x}", cpu_info.pc);
+
+    // for (name, data) in ktest.objects {
+    //     println!("run {}", name);
+    //     session.target.core.run(&mut session.probe).unwrap();
+
+    //     session
+    //         .target
+    //         .core
+    //         .wait_for_core_halted(&mut session.probe)
+    //         .unwrap();
+
+    //     let cpu_info = session.target.core.halt(&mut session.probe).unwrap();
+    //     println!("Core stopped at address 0x{:08x}", cpu_info.pc);
+
+    //     set_symbolic(&mut session, &data);
+    // }
+
+    // println!("done and run");
+    // session.target.core.run(&mut session.probe).unwrap();
+
+    // session
+    //     .target
+    //     .core
+    //     .wait_for_core_halted(&mut session.probe)
+    //     .unwrap();
+    // println!("Core stopped at address 0x{:08x}", cpu_info.pc);
+    // println!("breapoint reached");
+}
+
+fn read_pc(session: &mut Session) {
+    // try to read the program counter
+    let pc_value = session
+        .target
+        .core
+        .read_core_reg(&mut session.probe, session.target.core.registers().PC)
         .unwrap();
 
-    let mut r = [0u32; 2];
-    session.probe.read_block32(0x2000_0000, &mut r).unwrap();
+    let mut instr16 = [0u8; 2];
+    session.probe.read_block8(pc_value, &mut instr16).unwrap();
 
-    println!("0x2000_0000 = 0x{:08x}", r[0]);
-    println!("0x2000_0004 = 0x{:08x}", r[1]);
+    println!(
+        "instr16 {:?}, {:b}, {:b}, {:x}",
+        instr16, instr16[0], instr16[1], instr16[1]
+    );
+}
 
-    let cpu_info = session.target.core.step(&mut session.probe).unwrap();
-    println!("Core stopped at address 0x{:08x}", cpu_info.pc);
+fn break_step(session: &mut Session) {
+    // try to read the program counter
+    let pc_value = session
+        .target
+        .core
+        .read_core_reg(&mut session.probe, session.target.core.registers().PC)
+        .unwrap();
 
-    println!("run");
-    session.target.core.run(&mut session.probe).unwrap();
+    // the bkpt() is a 16 bit instruction, increment pc by 16 bits
+    let new_pc_value = pc_value + 0x2;
+    session
+        .target
+        .core
+        .write_core_reg(
+            &mut session.probe,
+            session.target.core.registers().PC,
+            new_pc_value,
+        )
+        .unwrap();
+}
 
+fn run_to_halt(session: &mut Session) {
+    // Continue running
+    session.target.core.run(&mut session.probe).unwrap();
+    println!("running");
     session
         .target
         .core
@@ -85,7 +173,21 @@ fn main() {
         .unwrap();
 
     let cpu_info = session.target.core.halt(&mut session.probe).unwrap();
-    println!("Core stopped at address 0x{:08x}", cpu_info.pc);
+    println!("Run: Core stopped at address 0x{:08x}", cpu_info.pc);
+    read_pc(session);
+}
+// index is the oject number
+fn set_symbolic(session: &mut Session, data: &[u8]) {
+    let r0 = session
+        .target
+        .core
+        .read_core_reg(&mut session.probe, 0.into())
+        .unwrap();
+
+    println!("r0 0x{:08x}", r0);
+    println!("object {:?}", data);
+    session.target.core.step(&mut session.probe).unwrap();
+    // let r0 = session.probe.write_block8(r0, data).unwrap();
 }
 
 fn open_probe() -> MasterProbe {
-- 
GitLab