VxWorks Dynamic Loading

Note: Recently I am working on the hot Patching function. I saw an article written by gateway, which I think is easy to understand. I sorted out the collected information for your reference.

The method of dynamically loading the target module has many advantages. For example, you can add the debugging and positioning function without disrupting the original environment, which is equivalent to "Patching" the system ", instead of compiling the original code (or even the original code), you only need to pay attention to the code being debugged. This reduces the Compilation Time and reduces the volume of image loading.

There are many ways to dynamically load the target module. For example, you can right-click the target module on the host environment interface and select "download file name "; you can also use the wshell and GDB command line windows. This article uses a function in LD (), loadmodule (), and loadmoduleat () in tshell to implement it. Of course, they can also be freely called in the code.

The LD command is a load Command provided by the user interface sub-library usrlib. The premise of using LD is to define include_loader in config. h. In this way, the loading module initialization function modulelibinit () is automatically called in the usrroot () function, and the format of the target module is automatically determined based on the CPU type. If the CPU is MIPS, PPC, arm, i80x86, ColdFire, simsparcsolaris, and SH, and the format of the loaded target module is Elf, loadelfinit () is called (); if the CPU is i960 or am29xxx, and the format of the loaded target module is coff, The loadcoffinit () function is called.

In arm and PPC, The. O or. out files generated by the tornado compiler are of the elf type. When you open the target file, the file header is marked with the elf (45, 4C, 46) Mark. In this case, you can use the FTP tool to load it to the file system (such as using the Copy command to load it to the ramdisk), and then call the LD () or loadmodule () function to load it To the memory for running.

The prototype of the LD function is module_id LD (INT Syms, bool noabort, char * name ). The Syms parameter determines how to handle the symbols in the target file: 0. Add the global symbol to the system symbol table; 1. Add the global and local symbols to the system symbol table;-1, the symbol is not added to the system symbol table. Select 1 to facilitate the use of the symbols in shell. The noabort parameter indicates whether errors during loading can be ignored. If the value is true, the errors are ignored. If the value is false, the errors are not ignored. Name indicates the file name to be loaded, including the file path. Note: LD is a shell command, that is, it is a function designed for calling in shell, so try not to use it inside the code, it may not be supported to call LD directly in later VxWorks versions.

The function prototype of loadmodule is module_id loadmodule (int fd, int loadflag ). FD is the file description symbol. open the file to obtain FD. The loadflag parameter contains three meanings: load_no_symbols (2), load_local_symbols (4), load_global_symbols (8), and load_all_symbols (0xc.

If you have put the demo. o file to be loaded into the ramdisk, there are several ways to load it into the memory:

(1)-> LD (1, 0, "/tffs0/demo. O ")

(2)-> LD </tffs0/demo. o

(3)-> FD = open ("/tffs0/demo. O", o_rdonly );

-> Loadmodule (FD, 0xc );

-> Close (FD );

The module_id is returned by the load function, which is the identifier of the loaded module. The module ID can be used when unldbymoduleid is uninstalled. The function for viewing the details of the loaded module is moduleshow ().

For some applications, the following error occurs when using lD or loadmodule:

Relocation value does not fit in 24 bits.

LD error: error loading file (errno = 0x3d0001 ).

This problem mainly occurs when the memory space is greater than 32 MB and the module compiled on the target machine downloading occurs.

Cause:

VxWorks and GNU/Wind River (Diab) compiler must follow the Eabi (Embedded Application binary Interface), a standard of the PowerPC architecture. The standard calls to functions are branching rather than jumping, while branching is limited to 32 MB in the PowerPC architecture. (The PowerPC relative branch instruction is limited to jumps between +/-32 MB (24 bits = + /-
4 m instructions, 4 bytes per Instruction = +/-32 MB) of the current instruction. if an instruction cannot be resolved within a 24 bit range, it will print out the error above .)

In general, if you download data from the host to the target machine, this problem will not occur because the target file (such. the out file) is downloaded to the wdb pool, and the wdb pool is close to the VxWorks image. Therefore, as long as the wdb pool has enough space, the above problems will not occur.

When downloading through the target machine (such as tshell), the target file is downloaded to the system memory pool. If your memory is larger than 32 MB, the above problems will occur.

To avoid this problem, you can use a long jump to call the function. You can add compilation options under C/C ++ compiler. For GNU, this option is-mlongcall; For Diab, this option is-xcode-absolute-Far.

Of course, you can also use loadmoduleat () to solve this problem. Load the target module to the specified address so that the required function is within the jump address. Its prototype is: module_id loadmoduleat (int fd, int loadflag, void ** pptext, void ** ppdata, void ** ppbss ). Pptext, ppdata, and ppbss are the addresses pointed to by the loaded text, data, and BSS segments. Assume that demo. O is loaded to 1 MB space (this space is not occupied ):

-> FD = open ("/tffs0/demo. O", o_rdonly );

-> Ptext = 0x100000; pdata = pbss = 0 xffffffff;/* (ld_no_address )*/

-> Loadmoduleat (FD, 8, & ptext, & pdata, & pbss); close (FD );

After loading, You can execute the functions in the latest target file in shell. If the function previously exists, the last loaded function prevails. It can be seen that the loaded target modules are all relocated, resolved, and added.

If the global variables or functions used in the target module are not defined in this module and previous programs, an undefined symbol-like error will occur during loading.

Sometimes the function symbols in the target module downloaded from the host will not appear in the shell of the target machine. In turn, the symbols generated in the shell of the target machine will not be visible to the wshell of the host machine. The main reason for this is that the symbols of the target machine and the host are not synchronized. You need to define include_sym_tbl_sync when compiling the image.