Hardware Debug

From PSP Developer wiki
Jump to navigation Jump to search

The PSP has an on-board debugging facilities which allows for hardware breakpoints and single-stepping. The debugging interface and facilities seem similar to the one in the NEC MIPS-IV 64bit Processor: VR5432.

Enabling debugging[edit | edit source]

Even though the debug facilities seems similar to that of the VR5432 the format of the Status Register is different. Notably Bit 24 of the VR5432 Status Register (DME: Debug Mode Enable) is the one needed to be set to enable debug mode while in the PSP Allegrex it is Bit 19.

In the Allegrex User Manual accompanying the official PSP SDK 6.60 Bit 19 is documented to have a value of 0 (meaning reserved) but it is a separate field from Bit 18-16 which is also reserved. If bits 19 to 16 are reserved then they could haved just bundled those together as one reserved field but they didn't. This could mean Bit 19 is a secret field documented only in the internal version of the Allegrex User Manual (which it is). In the MIPS32/64 Specifications Bit 19 when set dictates that an NMI occured.

Debug Mode[edit | edit source]

Once debug mode is enabled executing a DBREAK instruction causes a Debug Break Exception and control flows to the Debug Vector Address 0xBFC01000 and enters Debug Mode. NMI and Interrupts are ignored in Debug Mode and documented in the VR5432 only Load/Store exceptions are allowed in this mode, causing other exceptions is undefined behavior. To return to the program and exit Debug Mode execute a DRET instruction. You can interface with the debug registers via the MTDR and MFDR instructions. These register are used to set hardware breakpoints, enable single-stepping, etc. If Bit 19 was cleared these instructions would have caused a Reserved Instruction Exception instead.

Debug Vector and Debug Registers[edit | edit source]

For more information about the Debug Vector and Debug Registers check out Yet Another PSP Documentation at https://hitmen-console.org . They also have link to VR5432 Manual (Volume II) which contatins information about debug mode.

Debug Vector in the PSP-3000 Series[edit | edit source]

The hitmen-console documentation did not state any reference where they got contents of the Debug Vector and the program https://github.com/pspdev/psplinkusb seems to initialize 0xBFC01000 rather than leaving it alone. The program initializes it with what specified in the document.

In the PSP-3000 the Debug Vector on every power up is initialized with this pattern for every 0x100 bytes upto 0xBFC01FFF: 

   beqz v0, <random address beyond this point>
   xori zero, t8, 0x1500
   <random>
   <random>
   nop
   nop
   ...

Example:

address 0xBFC01000: 

   beqz v0, 0xBFC01004
   xori zero, t8, 0x1500
   <random>
   <random>
   nop
   nop
   ...

address 0xBFC011F8: 

   nop
   nop

address 0xBFC01100: 

   beqz v0, 0xBFC01104
   xori zero, t8, 0x1500
   <random>
   <random>
   nop
   nop
   ...

The 2 random "instructions" are the same throughout. The instructions need not be any valid instruction.

Retrieved from "http://www.psdevwiki.com/psp/index.php?title=Hardware_Debug&oldid=10804"