FCL/sf/os/fshell: comparison libraries/memoryaccess/fdebuggerkernel.cpp

equal deleted inserted replaced

--1:000000000000
+:7f656887cf89
+// fdebuggerkernel.cpp
+//
+// Copyright (c) 2010 Accenture. All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of the "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Accenture - Initial contribution
+//
+#include "fdebuggerkernel.h"
+#include "DynamicDfcSupport.h"
+#ifdef __MARM__
+#	include <arm/arm.h>
+#	if defined(FSHELL_ARM11XX_SUPPORT) || defined(FSHELL_ARM_MEM_MAPPED_DEBUG)
+//#		ifndef __MEMMODEL_MULTIPLE__
+//#			error "FSHELL_ARM11XX_SUPPORT is only supported on platforms using the multiple memory model!"
+//#		endif
+#	include <multiple/memmodel.h>
+#	endif
+#endif
+#include "memoryaccess.h"
+#if !defined(__EABI__) && defined(FSHELL_ARM_MEM_MAPPED_DEBUG)
+#undef FSHELL_ARM_MEM_MAPPED_DEBUG
+#endif
+#ifdef ASSERT
+#undef ASSERT
+#endif
+#ifdef __WINS__
+#define ASSERT(x) __ASSERT_ALWAYS((x), Kern::Fault("Assertion failed: " #x, __LINE__))
+#else
+#define ASSERT(x) if (!(x)) { Kern::Printf("Assertion failed @ %d: " #x, __LINE__); NKern::Sleep(NKern::TimerTicks(5000)); }
+#endif
+#define ASSERT_LOCKED() ASSERT(Kern::CurrentThread().iNThread.iHeldFastMutex == &iLock)
+#define ASSERT_UNLOCKED() ASSERT(Kern::CurrentThread().iNThread.iHeldFastMutex == NULL)
+#define ASSERT_BREAKPOINT_LOCKED() ASSERT(iBreakpointMutex->iCleanup.iThread == &Kern::CurrentThread());
+#define ASSERT_BREAKPOINT_UNLOCKED() ASSERT(iBreakpointMutex->iCleanup.iThread != &Kern::CurrentThread());
+//#define LOG(args...) Kern::Printf(args)
+#define LOG(args...)
+void MCR_SetContextIdBrp(TInt aRegister, TUint aContextId);
+void MCR_SetBreakpointPair(TInt aRegister, TUint aBvrValue, TUint aBcrValue);
+TUint MRC_ReadBcr(TInt aRegister);
+TUint32 GetDscr();
+void MCR_SetDscr(TUint32 aVal);
+TUint32 GetDsar();
+TUint32 GetDrar();
+TUint32 GetContextId();
+void Dsb();
+void Isb();
+void Imb();
+enum TMemMappedDebugAddresses
+	{
+	EDscrOffset = 0x88,
+	EBvrOffset = 0x100,
+	EBcrOffset = 0x140,
+	ELockAccessOffset = 0xFB0,
+	EAuthStatusOffset = 0xFB8,
+	};
+DDebuggerEventHandler* DDebuggerEventHandler::New(TDfcQue* aQue)
+	{
+	// This is backwards from the usual constructor, 2nd phase construction pattern because I can't do anything that could
+	// error after creating a DKernelEventHandler, because we get called from DLogicalDevice::Install(). So the stuff that would normally
+	// be done as 2nd-phase construction is done first
+	DMutex* breakpointMutex = NULL;
+	TInt err = Kern::MutexCreate(breakpointMutex, _L("FDebuggerBreakpointMutex"), KMutexOrdGeneral5); // No special reason for using 5
+	if (err) return NULL;
+	DDebuggerEventHandler* self = new DDebuggerEventHandler(aQue);
+	if (self)
+		{
+		self->iBreakpointMutex = breakpointMutex;
+		self->Add();
+		}
+	else
+		{
+		breakpointMutex->Close(NULL);
+		}
+	return self;
+	}
+DDebuggerEventHandler::DDebuggerEventHandler(TDfcQue* aQue)
+	: DKernelEventHandler(&Event, this), iNextBreakpointId(1), iHandleCodesegRemovedDfc(&HandleCodesegRemoved, this, aQue, 0)
+	{
+#if defined(FSHELL_ARM11XX_SUPPORT) || defined(FSHELL_ARM_MEM_MAPPED_DEBUG)
+	iFreeHwBreakpoints = 0x3F; // BRPs 0,1,2,3,4,5 (at a minimum) are supported on ARM11xx or later
+#endif
+	}
+/*static*/ TUint DDebuggerEventHandler::Event(TKernelEvent aEvent, TAny* a1, TAny* a2, TAny* aPrivateData)
+	{
+	DDebuggerEventHandler* self = static_cast<DDebuggerEventHandler*>(aPrivateData);
+	return self->DoEvent(aEvent, a1, a2);
+	}
+TUint DDebuggerEventHandler::DoEvent(TKernelEvent aEvent, TAny* a1, TAny* a2)
+	{
+	//if (aEvent != EEventUserTrace) Kern::Printf("fdbk: Event %d a1=%d a2=%d", aEvent, a1, a2);
+	if (aEvent == EEventKillThread)
+		{
+#ifdef __MARM__
+		LOG("Thread %x %O with contextId %x killed", &Kern::CurrentThread().iNThread, &Kern::CurrentThread(), GetContextId());
+#endif
+		if (iZombieMode == EAllExits || (iZombieMode == EAbnormalExit && Kern::CurrentThread().iExitType != EExitKill))
+			{
+			// The thread in question is Kern::CurrentThread()
+			Zombify();
+			}
+		RemoveAllHardwareBreakpointsForThread(&Kern::CurrentThread()); // The thread ID could get reused so make sure we clean up
+		}
+	else if (aEvent == EEventHwExc)
+		{
+		// Breakpoint?
+#ifdef __MARM__
+		TArmExcInfo* info = (TArmExcInfo*)a1;
+		LOG("fdbk: Exception excCode=%d addr=0x%08x", info->iExcCode, info->iR15);
+		SBreakpoint* b = NULL;
+		TLinAddr excAddr = info->iR15 & ~1;
+		BreakpointLock();
+		if (info->iExcCode == 0)
+			{
+			// EArmExceptionPrefetchAbort - Could be a HW breakpoint
+			b = FindHardwareBreakpoint(&Kern::CurrentThread(), excAddr);
+			}
+		else if (info->iExcCode == 2)
+			{
+			// EArmExceptionUndefinedOpcode - SW breakpoint?
+			b = FindBreakpointByAddress(excAddr);
+			}
+		LOG("fdbk: Found breakpoint %d", b ? b->iBreakpointId : -1);
+		if (b == NULL)
+			{
+			// Not one of ours, we should allow it to blow up (or be handled by someone else)
+			// It could of course be a thread hitting a breakpoint we've just removed, in which case I'm not sure what we can do other than let
+			// the thread crash... hopefully this won't happen in practice!
+			BreakpointUnlock();
+			return ERunNext;
+			}
+		TBool shouldBreak = b->MatchesThread(&Kern::CurrentThread()); // Check if it's the wrong thread
+		if (b->iFlags & SBreakpoint::ETempContinue)
+			{
+			// It's a temporary break-at-next-instruction used while continuing a thread.
+			if (shouldBreak)
+				{
+				// Excellent, we have sucessfully continued from a breakpoint. Restore the original, clear the temp (and any threads waiting on it), resume this thread and we're done
+				SBreakpoint* orig = b->iRealBreakpoint;
+				if (orig->IsHardware()) ClearBreakpoint(b, ETrue); // Clear HW first
+				TInt err = KErrNone;
+				if ((orig->iFlags & SBreakpoint::EDisabled) == SBreakpoint::EDisabledDuringContinue)
+					{
+					// Only resume it if it hasn't been disabled for some other reason in the meantime
+					err = ApplyBreakpoint(orig);
+					}
+				if (err)
+					{
+					Kern::Printf("fdbk: failed to re-enable breakpoint id %d", orig->iBreakpointId);
+					// What to do?
+					}
+				else
+					{
+					// Clear the disabled flag
+					orig->iFlags &= ~SBreakpoint::EDisabledDuringContinue;
+					}
+				if (!orig->IsHardware()) ClearBreakpoint(b, ETrue);
+				BreakpointUnlock();
+				return (TUint)EExcHandled;
+				}
+			else
+				{
+				// Any other threads unlucky enough to hit our temp breakpoint will just have to wait until we see our target thread - otherwise
+				// we'll end up with temp breakpoints for the temp breakpoints and the universe will implode.
+				BreakpointUnlock();
+				Zombify(excAddr);
+				return (TUint)EExcHandled;
+				}
+			}
+		TInt id = b->iBreakpointId;
+		BreakpointUnlock();
+		if (shouldBreak)
+			{
+			// TODO should we suspend the thread rather than semaphoring it, to be more efficient?
+			if (iBreakpointNotifyClient)
+				{
+				RMemoryAccess::TBreakpointNotification notif;
+				notif.iThreadId = Kern::CurrentThread().iId;
+				notif.iBreakpointId = id;
+				notif.iAddress = excAddr;
+				TPckg<RMemoryAccess::TBreakpointNotification> pkg(notif);
+				// We shouldn't really pass blobs of data...
+				iBreakpointNotifyClient->BreakpointHit(pkg);
+				}
+			Zombify(excAddr);
+			}
+		else
+			{
+			TInt err = ContinueFromBreakpoint(&Kern::CurrentThread(), excAddr);
+			if (err) return ERunNext; // If we failed to continue, we shouldn't pretend we've handled it
+			}
+		return (TUint)DKernelEventHandler::EExcHandled;
+#else
+		(void)a1;
+#endif
+		}
+	else if (aEvent == EEventRemoveCodeSeg)
+		{
+		DCodeSeg* codeseg = (DCodeSeg*)a1;
+		DProcess* proc = (DProcess*)a2;
+		// We can't scan the breakpoint list at this point, because we'd need to call BreakpointLock() and
+		// we're currently holding the codeseg lock. So queue a DFC.
+		SRemovedCodeseg* removed = new SRemovedCodeseg;
+		if (removed)
+			{
+			removed->iCodeseg = codeseg;
+			removed->iProcess = proc;
+			Lock();
+			iRemovedCodesegs.Add(&removed->iLink);
+			Unlock();
+			NKern::ThreadEnterCS();
+			iHandleCodesegRemovedDfc.Enque();
+			NKern::ThreadLeaveCS();
+			}
+		}
+	else if (aEvent == EEventRemoveThread)
+		{
+		DThread* thread = (DThread*)a1;
+		TCreatorInfo dummy(thread->iId, 0);
+		BreakpointLock(); // It's not actually breakpoint related but never mind
+		TInt found = iCreatorInfo.FindInUnsignedKeyOrder(dummy);
+		if (found != KErrNotFound)
+			{
+			iCreatorInfo.Remove(found);
+			}
+		BreakpointUnlock();
+		}
+	else if (aEvent == EEventRemoveProcess)
+		{
+		// In case a thread dies before creating its first thread, try to remove the creator info we stashed
+		DProcess* proc = (DProcess*)a1;
+		TCreatorInfo dummy(proc->iId, 0);
+		BreakpointLock();
+		TInt found = iCreatorInfo.FindInUnsignedKeyOrder(dummy);
+		if (found != KErrNotFound)
+			{
+			iCreatorInfo.Remove(found);
+			}
+		BreakpointUnlock();
+		}
+	else if (aEvent == EEventAddProcess)
+		{
+		// We need to use EEventAddProcess as well as EEventAddThread, because EEventAddThread doesn't do the special check for the creator not being the current thread, meaning for process creation the main thread always appears to have been created by the loader and not be the person who created the process
+		// Remember the process for when we come to add the thread
+		DProcess* process = (DProcess*)a1;
+		DThread* creator = (DThread*)a2;
+		BreakpointLock();
+		TCreatorInfo threadInfo(process->iId, creator->iId);
+		TInt err = iCreatorInfo.InsertInUnsignedKeyOrder(threadInfo);
+		if (err)
+			{
+			LOG("Failed to InsertInUnsignedKeyOrder err=%d", err);
+			}
+		BreakpointUnlock();
+		}
+	else if (aEvent == EEventAddThread)
+		{
+		DThread* thread = (DThread*)a1;
+		DThread* creator = (DThread*)a2;
+		TCreatorInfo threadInfo(thread->iId, creator->iId);
+		BreakpointLock(); // It's not actually breakpoint related but never mind
+		if (thread->Owner() != creator->Owner())
+			{
+			// This means we're probably the first thread of a new process, and our 'creator' is the loader thread. Use the info we stashed earlier about the process's creator instead
+			TCreatorInfo dummy(((DProcess*)thread->Owner())->iId, 0);
+			TInt found = iCreatorInfo.FindInUnsignedKeyOrder(dummy);
+			if (found != KErrNotFound)
+				{
+				threadInfo.iCreatorThreadId = iCreatorInfo[found].iCreatorThreadId;
+				// We don't need to track the process creator for anything else
+				iCreatorInfo.Remove(found);
+				}
+			}
+		TInt err = iCreatorInfo.InsertInUnsignedKeyOrder(threadInfo);
+		if (err)
+			{
+			LOG("Failed to InsertInUnsignedKeyOrder err=%d", err);
+			}
+		BreakpointUnlock();
+		}
+	return ERunNext;
+	}
+TInt DDebuggerEventHandler::Zombify(TLinAddr aBreakpointAddr)
+	{
+	// The purpose of this code is to prevent dying threads from taking down their address space, so that we can still poke at their memory
+	// Currently, it is also used to pause a thread on a breakpoint
+	SZombie zom; // zombies go on the stack of the thread that is being halted. That way avoids having to alloc.
+	zom.iThread = &Kern::CurrentThread();
+	zom.iBlocker = NULL;
+	zom.iBreakpointAddress = aBreakpointAddr;
+	TBuf8<32> semName;
+	semName.Append(_L8("ThreadZombiefier-"));
+	semName.AppendNum((TUint)zom.iThread->iId);
+	NKern::ThreadEnterCS();
+	TInt err = Kern::SemaphoreCreate(zom.iBlocker, semName, 0);
+	if (err)
+		{
+		NKern::ThreadLeaveCS();
+		return err;
+		}
+	Lock();
+	iZombies.Add(&zom.iLink);
+	iZombieCount++;
+	Unlock();
+	zom.iThread->Open(); // So no-one is tempted to destroy it
+	NKern::ThreadLeaveCS();
+	Kern::SemaphoreWait(*zom.iBlocker);
+	// The above blocks until a "fdb detach" or equivalent has happened, at which point we'll get signalled on this semaphore and should clean up
+	zom.iBlocker->Close(NULL);
+	zom.iThread->Close(NULL);
+	return KErrNone;
+	}
+TInt DDebuggerEventHandler::GetZombieMode()
+	{
+	Lock();
+	TInt res = iZombieMode;
+	Unlock();
+	return res;
+	}
+TInt DDebuggerEventHandler::SetZombieMode(TInt aMode)
+	{
+	Lock();
+	iZombieMode = (TZombieMode)aMode;
+	Unlock();
+	if (aMode == EDisabled)
+		{
+		ClearAllBreakpoints(); // This is not exactly obvious, but unblocking a zombie that's blocked on a breakpoint necessarily means you have to remove the breakpoint
+		CompleteZombies();
+		}
+	return KErrNone;
+	}
+void DDebuggerEventHandler::CompleteZombies()
+	{
+	ASSERT_UNLOCKED();
+	// enter and exit with lock not held
+	for (;;)
+		{
+		Lock();
+		SDblQueLink* link = iZombies.IsEmpty() ? NULL : iZombies.First();
+		if (!link)
+			{
+			Unlock();
+			break;
+			}
+		SZombie* zom = _LOFF(link, SZombie, iLink);
+		ReleaseZombieAndUnlock(zom);
+		}
+	}
+void DDebuggerEventHandler::UnsuspendThread(SZombie* aZombie)
+	{
+	Kern::ThreadResume(*aZombie->iThread);
+	aZombie->iThread->Close(NULL);
+	delete aZombie;
+	}
+TInt DDebuggerEventHandler::SuspendThread(DThread* aThread)
+	{
+	// This is the only case where an SZombie goes on the heap - usually they are created in the context of their thread so go on that thread's stack
+	SZombie* zom = new SZombie;
+	if (!zom) return KErrNoMemory;
+	zom->iThread = aThread;
+	zom->iThread->Open();
+	zom->iBlocker = NULL;
+	Lock();
+	iZombies.Add(&zom->iLink);
+	iZombieCount++;
+	Unlock();
+	Kern::ThreadSuspend(*zom->iThread, 1);
+	return KErrNone;
+	}
+void DDebuggerEventHandler::Lock()
+	{
+	NKern::FMWait(&iLock);
+	}
+void DDebuggerEventHandler::Unlock()
+	{
+	NKern::FMSignal(&iLock);
+	}
+DDebuggerEventHandler::~DDebuggerEventHandler()
+	{
+	// The call to SetZombieMode below is actually pretty pointless: the kernel increments our access count while calling
+	// our Event function, which means DKernelEventHandler::Close will never get as far as our destructor
+	// while we are blocking on zombies.
+	SetZombieMode(EDisabled); // This frees up any outstanding zombies via CompleteZombies()
+	iHandleCodesegRemovedDfc.Cancel();
+	if (iCodeModifierInited)
+		{
+#ifdef __EPOC32__
+		DebugSupport::CloseCodeModifier();
+#endif
+		}
+	if (iBreakpointMutex)
+		{
+		iBreakpointMutex->Close(NULL);
+		}
+#ifdef FSHELL_ARM_MEM_MAPPED_DEBUG
+	if (iDebugRegistersChunk)
+		{
+		iDebugRegistersChunk->Close(NULL);
+		}
+#endif
+	iCreatorInfo.Close();
+	}
+HBuf* DDebuggerEventHandler::GetZombieThreadIds()
+	{
+	TInt count = iZombieCount;
+	TInt size = count*sizeof(RMemoryAccess::TZombieInfo);
+	HBuf* result = HBuf::New(size);
+	if (!result) return NULL;
+	result->SetLength(size);
+	RMemoryAccess::TZombieInfo* ptr = (RMemoryAccess::TZombieInfo*)result->Ptr();
+	Lock();
+	TInt i = 0;
+	for (SDblQueLink* link = iZombies.First(); link != NULL && link != &iZombies.iA && i < count; i++, link=link->iNext)
+		{
+		SZombie& zom = *_LOFF(link, SZombie, iLink);
+		ptr[i].iThreadId = zom.iThread->iId;
+		ptr[i].iFlags = 0;
+		if (zom.iBlocker == NULL) ptr[i].iFlags |= RMemoryAccess::TZombieInfo::ESuspended;
+		else if (zom.iBreakpointAddress != 0) ptr[i].iFlags |= RMemoryAccess::TZombieInfo::EBreakpoint;
+		}
+	Unlock();
+	return result;
+	}
+DDebuggerEventHandler::SZombie* DDebuggerEventHandler::FindZombie(DThread* aThread)
+	{
+	// Enter and leave locked
+	ASSERT_LOCKED();
+	for (SDblQueLink* link = iZombies.First(); link != NULL && link != &iZombies.iA; link=link->iNext)
+		{
+		SZombie* zom = _LOFF(link, SZombie, iLink);
+		if (zom->iThread == aThread)
+			{
+			return zom;
+			}
+		}
+	return NULL;
+	}
+TInt DDebuggerEventHandler::ReleaseZombie(DThread* aThread)
+	{
+	ASSERT_UNLOCKED();
+	Lock();
+	SZombie* found = FindZombie(aThread);
+	if (found)
+		{
+		if (found->iBreakpointAddress)
+			{
+			// It's actually paused on a breakpoint, so we need to do a continue instead
+			Unlock();
+			return ContinueFromBreakpoint(aThread, 0);
+			}
+		else
+			{
+			ReleaseZombieAndUnlock(found);
+			return KErrNone;
+			}
+		}
+	else
+		{
+		Unlock();
+		return KErrNotFound;
+		}
+	}
+void DDebuggerEventHandler::ReleaseZombieAndUnlock(SZombie* aZombie)
+	{
+	ASSERT_LOCKED();
+	ReleaseZombie(aZombie);
+	Unlock();
+	}
+void DDebuggerEventHandler::ReleaseZombie(SZombie* aZombie)
+	{
+	ASSERT_LOCKED();
+	aZombie->iLink.Deque();
+	iZombieCount--;
+	if (aZombie->iBlocker)
+		{
+		Kern::SemaphoreSignal(*aZombie->iBlocker);
+		}
+	else
+		{
+		UnsuspendThread(aZombie);
+		}
+	}
+TInt DDebuggerEventHandler::RegisterForBreakpointNotification(MDebuggerEventClient* aClient)
+	{
+	Lock();
+	TInt err = KErrAlreadyExists;
+	if (iBreakpointNotifyClient == NULL || iBreakpointNotifyClient == aClient)
+		{
+		err = KErrNone;
+		iBreakpointNotifyClient = aClient;
+		}
+	Unlock();
+	return err;
+	}
+void DDebuggerEventHandler::UnregisterForBreakpointNotification(MDebuggerEventClient* aClient)
+	{
+	Lock();
+	if (aClient == iBreakpointNotifyClient)
+		{
+		iBreakpointNotifyClient = NULL;
+		}
+	Unlock();
+	}
+TInt DDebuggerEventHandler::SetBreakpoint(DThread* aThread, TLinAddr aAddress, const RMemoryAccess::TPredicate& aCondition)
+	{
+	TInt codemodifierErr = KErrNone;
+	if (!iCodeModifierInited)
+		{
+#ifdef __EPOC32__
+		TUint caps;
+		const TInt KMaxBreakpoints = 32;
+		codemodifierErr = DebugSupport::InitialiseCodeModifier(caps, KMaxBreakpoints);
+#else
+		codemodifierErr = KErrNotSupported;
+#endif
+		if (!codemodifierErr) iCodeModifierInited = ETrue;
+		// It's not necessarily fatal that we can't init the code modifier - we may still be able to set a H/W breakpoint
+		}
+	SBreakpoint* b = new SBreakpoint(aThread, iNextBreakpointId, aAddress, aCondition); // iNextBreakpointId gets incremented later
+	if (!b) return KErrNoMemory;
+	// Get the codeseg for this address
+	Kern::AccessCode();
+	b->iCodeSeg = Kern::CodeSegFromAddress(b->iAddress, b->iThread->iOwningProcess);
+	Kern::EndAccessCode();
+	BreakpointLock();
+	// Check if there's already a HW breakpoint for this thread and address - we don't allow duplicates, just for sanity's sake
+	SBreakpoint* existingHwBreakpoint = FindHardwareBreakpoint(b->iThread, b->iAddress);
+	if (existingHwBreakpoint)
+		{
+		BreakpointUnlock();
+		delete b;
+		return KErrAlreadyExists;
+		}
+	TBreakpointPolicy policy = EWhatever;
+	// Check if we already have a breakpoint for this address. Because all software breakpoints are global, if we add repeated breakpoints on the same address (but on threads in different processes) DebugSupport will happily allow it and create nested nastyness
+	SBreakpoint* existingBreakpoint = FindBreakpointByAddress(b->iAddress);
+	if (existingBreakpoint)	policy = EHardwareOnly; // To prevent another SW breakpoint at this location. Multiple HW breakpoints are fine because they're per-thread
+	if (codemodifierErr != KErrNone) policy = EHardwareOnly; // If we failed to init code modifier, can only do h/w
+	iBreakpoints.Add(&b->iLink);
+	TInt err = ApplyBreakpoint(b, policy);
+	if (err && existingBreakpoint)
+		{
+		// If we couldn't set a HW breakpoint, no worries, fall back to relying on the existing SW breakpoint
+		b->iRealBreakpoint = existingBreakpoint;
+		err = KErrNone;
+		}
+	if (err < 0)
+		{
+		b->iLink.Deque();
+		delete b;
+		}
+	else
+		{
+		iNextBreakpointId++; // Now we know we're actually using it
+		}
+	BreakpointUnlock();
+	if (err)
+		{
+		return err;
+		}
+	else
+		{
+		TInt result = b->iBreakpointId;
+		if (b->IsHardware()) result |= RMemoryAccess::TBreakpointInfo::EHardware;
+		return result;
+		}
+	}
+TInt DDebuggerEventHandler::SetSymbolicBreakpoint(DThread* aThread, HBuf* aCodesegName, TUint32 aOffset, const RMemoryAccess::TPredicate& aCondition)
+	{
+	// See if the codeseg is currently loaded
+	Kern::AccessCode();
+	SDblQue* list = Kern::CodeSegList();
+	for (SDblQueLink* link = list->First(); link != &list->iA; link = link->iNext)
+		{
+		DCodeSeg* codeSeg = _LOFF(link, DCodeSeg, iLink);
+		if (codeSeg->iRootName == *aCodesegName)
+			{
+			TUint addr = codeSeg->iRunAddress + aOffset;
+			Kern::EndAccessCode();
+			TInt res = SetBreakpoint(aThread, addr, aCondition);
+			if (res >= KErrNone) delete aCodesegName;
+			return res;
+			}
+		}
+	Kern::EndAccessCode();
+	// If we get here, codeseg isn't currently loaded so need to create it as a pending breakpoint
+	SBreakpoint* b = new SBreakpoint(aThread, iNextBreakpointId++, aOffset, aCondition);
+	if (!b) return KErrNoMemory;
+	b->iCodeSeg = aCodesegName;
+	b->iFlags |= SBreakpoint::EDisabledPendingCodesegLoad;
+	BreakpointLock();
+	iBreakpoints.Add(&b->iLink);
+	BreakpointUnlock();
+	return KErrNone;
+	}
+TInt DDebuggerEventHandler::ApplyBreakpoint(SBreakpoint* aBreakpoint, TBreakpointPolicy aPolicy)
+	{
+	ASSERT_BREAKPOINT_LOCKED();
+	// These magic constants don't appear to be defined anywhere, they're just undefined instructions that will cause an exception that we can then handle
+	const TUint32 KArmBreakPoint = 0xE7F123F4;
+	const TUint16 KThumbBreakPoint = 0xDE56;
+	TUint32 inst = KArmBreakPoint;
+	TInt instSize = 4;
+	if (aBreakpoint->iFlags & SBreakpoint::EThumb)
+		{
+		inst = KThumbBreakPoint;
+		instSize = 2;
+		}
+#ifdef __EPOC32__
+	// Before modifying stuff, save the original instruction (needed for ReadInstructions())
+	TInt err = Kern::ThreadRawRead(aBreakpoint->iThread, (TAny*)aBreakpoint->iAddress, (TAny*)aBreakpoint->iOrigInstruction.Ptr(), instSize);
+	if (!err)
+		{
+		aBreakpoint->iOrigInstruction.SetLength(instSize);
+		if (aPolicy != ESoftwareOnly)
+			{
+			err = ApplyHardwareBreakpoint(aBreakpoint);
+			// If we manage to set a hardware breakpoint, we don't need to call ModifyCode
+			if (err == KErrNone)
+				{
+				LOG("HW breakpoint set ok");
+				aBreakpoint->iFlags |= SBreakpoint::EHardware;
+				}
+			else
+				{
+				Kern::Printf("Failed to set hardware breakpoint - %d", err);
+				}
+			}
+		if (aPolicy != EHardwareOnly && !aBreakpoint->IsHardware())
+			{
+			// Last check that we don't conflict with another breakpoint
+			err = (FindBreakpointByAddress(aBreakpoint->iAddress) == NULL ? KErrNone : KErrAlreadyExists);
+			if (!err) err = DebugSupport::ModifyCode(aBreakpoint->iThread, aBreakpoint->iAddress, instSize, inst, DebugSupport::EBreakpointGlobal);
+			if (err > 0) err = KErrNone; // Really don't care about what the breakpoint type is
+			}
+		}
+#else
+	TInt err = KErrNotSupported;
+	(void)aPolicy;
+#endif
+	return err;
+	}
+DDebuggerEventHandler::SBreakpoint* DDebuggerEventHandler::FindBreakpointByAddress(/*DThread* aThread,*/ TLinAddr aAddress)
+	{
+	// Enter and leave holding lock
+	// This only finds 'real' breakpoints, ie ones which have a ModifyCode outstanding, or are persistant. (NOT hardware breakpoints)
+	ASSERT_BREAKPOINT_LOCKED();
+	for (SDblQueLink* link = iBreakpoints.First(); link != NULL && link != &iBreakpoints.iA; link=link->iNext)
+		{
+		SBreakpoint* b = _LOFF(link, SBreakpoint, iLink);
+		if (/*b->iThread == aThread &&*/ b->iAddress == aAddress && (b->HasModifiedCode() || (b->iFlags & SBreakpoint::EPersistant)))
+			{
+			return b;
+			}
+		}
+	return NULL;
+	}
+DDebuggerEventHandler::SBreakpoint* DDebuggerEventHandler::FindHardwareBreakpoint(DThread* aThread, TLinAddr aAddress)
+	{
+	// Enter and leave holding lock
+	ASSERT_BREAKPOINT_LOCKED();
+	for (SDblQueLink* link = iBreakpoints.First(); link != NULL && link != &iBreakpoints.iA; link=link->iNext)
+		{
+		SBreakpoint* b = _LOFF(link, SBreakpoint, iLink);
+		if (b->iThread == aThread && b->iAddress == aAddress && b->IsHardware())
+			{
+			return b;
+			}
+		}
+	return NULL;
+	}
+DDebuggerEventHandler::SBreakpoint* DDebuggerEventHandler::FindBreakpointById(TInt aId)
+	{
+	// Enter and leave holding lock
+	ASSERT_BREAKPOINT_LOCKED();
+	for (SDblQueLink* link = iBreakpoints.First(); link != NULL && link != &iBreakpoints.iA; link=link->iNext)
+		{
+		SBreakpoint* b = _LOFF(link, SBreakpoint, iLink);
+		if (b->iBreakpointId == aId)
+			{
+			return b;
+			}
+		}
+	return NULL;
+	}
+DDebuggerEventHandler::SBreakpoint* DDebuggerEventHandler::FindBreakpointUsingHardwareContextRegister(TInt aRegister)
+	{
+	// Enter and leave holding lock
+	ASSERT_BREAKPOINT_LOCKED();
+	for (SDblQueLink* link = iBreakpoints.First(); link != NULL && link != &iBreakpoints.iA; link=link->iNext)
+		{
+		SBreakpoint* b = _LOFF(link, SBreakpoint, iLink);
+		if (b->IsHardware() && b->iHardwareBreakpointContextReg == aRegister)
+			{
+			return b;
+			}
+		}
+	return NULL;
+	}
+TInt DDebuggerEventHandler::SetBreakpointEnabled(TInt aBreakpointId, TBool aFlag)
+	{
+	BreakpointLock();
+	SBreakpoint* b = FindBreakpointById(aBreakpointId);
+	if (!b)
+		{
+		BreakpointUnlock();
+		return KErrNotFound;
+		}
+	TInt err = KErrNone;
+	if (aFlag)
+		{
+		if (b->iFlags & SBreakpoint::EDisabled == SBreakpoint::EDisabledByUser)
+			{
+			// Provided it's not disabled for any reason other than the user asked for it, re-enable it
+			err = ApplyBreakpoint(b);
+			if (err == KErrNone) b->iFlags |= ~SBreakpoint::EDisabledByUser;
+			}
+		else
+			{
+			err = KErrNotReady;
+			}
+		}
+	else
+		{
+		if (!(b->iFlags & SBreakpoint::EDisabled))
+			{
+			// If it's not already disabled for any reason, disable it
+			UnapplyBreakpoint(b);
+			}
+		b->iFlags |= SBreakpoint::EDisabledByUser;
+		}
+	BreakpointUnlock();
+	return KErrNone;
+	}
+TInt DDebuggerEventHandler::ClearBreakpoint(TInt aBreakpointId)
+	{
+	BreakpointLock();
+	SBreakpoint* b = FindBreakpointById(aBreakpointId);
+	if (!b)
+		{
+		BreakpointUnlock();
+		return KErrNotFound;
+		}
+	ClearBreakpoint(b);
+	BreakpointUnlock();
+	return KErrNone;
+	}
+void DDebuggerEventHandler::ClearBreakpoint(SBreakpoint* aBreakpoint, TBool aResumeAllBlocked /*=EFalse*/)
+	{
+	// enter and leave locked
+	ASSERT_BREAKPOINT_LOCKED();
+	TLinAddr addr = aBreakpoint->iAddress;
+	aBreakpoint->iLink.Deque();
+	UnapplyBreakpoint(aBreakpoint);
+	delete aBreakpoint;
+	if (aResumeAllBlocked)
+		{
+		Lock();
+		for (SDblQueLink* link = iZombies.First(); link != NULL && link != &iZombies.iA; link=link->iNext)
+			{
+			SZombie* zom = _LOFF(link, SZombie, iLink);
+			if (zom->iBreakpointAddress == addr)
+				{
+				ReleaseZombie(zom);
+				}
+			}
+		Unlock();
+		}
+	}
+void DDebuggerEventHandler::UnapplyBreakpoint(SBreakpoint* aBreakpoint)
+	{
+#ifdef __EABI__
+	if (aBreakpoint->HasModifiedCode())
+		{
+		DebugSupport::RestoreCode(aBreakpoint->iThread, aBreakpoint->iAddress);
+		HandleRestoreCode(aBreakpoint->iAddress);
+		}
+	if (aBreakpoint->IsHardware())
+		{
+#ifdef __SMP__
+		TInt num = NKern::NumberOfCpus();
+		TUint32 origAffinity = 0;
+		for (TInt i = 0; i < num; i++)
+			{
+			TUint32 affinity = NKern::ThreadSetCpuAffinity(&Kern::CurrentThread().iNThread, i);
+			if (i == 0) origAffinity = affinity;
+			DoClearHardwareBreakpoint(aBreakpoint);
+			}
+		NKern::ThreadSetCpuAffinity(&Kern::CurrentThread().iNThread, origAffinity);
+#else
+		DoClearHardwareBreakpoint(aBreakpoint);
+#endif // __SMP__
+		iFreeHwBreakpoints |= (1 << aBreakpoint->iHardwareBreakpointId);
+		}
+#else
+	(void)aBreakpoint;
+#endif // __EABI__
+	}
+#ifdef __EABI__
+void DDebuggerEventHandler::DoClearHardwareBreakpoint(SBreakpoint* aBreakpoint)
+	{
+	TUint32 bcr = ReadBcr(aBreakpoint->iHardwareBreakpointId);
+	bcr = bcr & ~1; // Clear the enabled bit
+	SetBreakpointPair(aBreakpoint->iHardwareBreakpointId, 0, bcr);
+	}
+#endif
+void DDebuggerEventHandler::ClearAllBreakpoints()
+	{
+	ASSERT_UNLOCKED();
+	ASSERT_BREAKPOINT_UNLOCKED();
+	// enter and exit with lock not held
+	BreakpointLock();
+	for (;;)
+		{
+		SDblQueLink* link = iBreakpoints.IsEmpty() ? NULL : iBreakpoints.First();
+		if (!link)
+			{
+			break;
+			}
+		SBreakpoint* b = _LOFF(link, SBreakpoint, iLink);
+		ClearBreakpoint(b);
+		}
+	BreakpointUnlock();
+	}
+TInt DDebuggerEventHandler::ContinueFromBreakpoint(DThread* aThread, TLinAddr aExceptionAddress)
+	{
+	// First find the SZombie
+	SZombie* zombie = NULL;
+	TLinAddr breakpointAddr = 0;
+	// If aExceptionAddress is non-zero, it means we're being called from inside the exception handler and we haven't actually created a zombie
+	if (aExceptionAddress)
+		{
+		breakpointAddr = aExceptionAddress;
+		}
+	else
+		{
+		Lock();
+		zombie = FindZombie(aThread);
+		if (!zombie)
+			{
+			Unlock();
+			return KErrNotFound;
+			}
+		else if (zombie->iBreakpointAddress == 0)
+			{
+			// It's a zombie but not one on a breakpoint
+			Unlock();
+			return KErrNotReady;
+			}
+		// Deque early while we still hold lock, twiddle the pointers so the deque in ReleaseZombieAndUnlock won't break
+		zombie->iLink.Deque();
+		zombie->iLink.iPrev = &zombie->iLink;
+		zombie->iLink.iNext = &zombie->iLink;
+		breakpointAddr = zombie->iBreakpointAddress;
+		Unlock();
+		}
+	BreakpointLock();
+	SBreakpoint* breakpoint = FindHardwareBreakpoint(aThread, breakpointAddr);
+	if (breakpoint == NULL) breakpoint = FindBreakpointByAddress(breakpointAddr);
+	// This could be null if someone has already cleared the breakpoint
+	if (!breakpoint)
+		{
+		BreakpointUnlock();
+		if (zombie)
+			{
+			Lock();
+			ReleaseZombieAndUnlock(zombie);
+			}
+		return KErrNone;
+		}
+	// the above logic doesn't handle if someone has cleared a persistant breakpoint that aThread is on - but if
+	// the user has done that then they're on their own.
+	// (Mitigated by us not listing persistant breakpoints in the GetBreakpoints fn)
+	if (breakpoint->iFlags & SBreakpoint::EPersistant)
+		{
+		// It's a persistant breakpoint, so we don't actually want to clear the breakpoint we just need to modify the PC to step over the break instruction
+		TLinAddr breakAddress = breakpoint->iAddress;
+		TInt err = SetProgramCounter(aThread, breakAddress + 4);
+		BreakpointUnlock();
+		if (!err && zombie)
+			{
+			Lock();
+			ReleaseZombieAndUnlock(zombie);
+			}
+		return err;
+		}
+	TInt err = MoveBreakpointToNextInstructionForThread(aThread, breakpoint); // When this gets hit it will take care of restoring the breakpoint back to what it should be
+	if (err)
+		{
+		Kern::Printf("fdbk: Error returned from MoveBreakpointToNextInstructionForThread %d", err);
+		}
+	BreakpointUnlock();
+	if (!err && zombie)
+		{
+		Lock();
+		ReleaseZombieAndUnlock(zombie);
+		}
+	return err;
+	}
+HBuf* DDebuggerEventHandler::GetBreakpoints()
+	{
+	TInt count = 0;
+	BreakpointLock();
+	for (SDblQueLink* link = iBreakpoints.First(); link != NULL && link != &iBreakpoints.iA; link=link->iNext)
+		{
+		SBreakpoint* b = _LOFF(link, SBreakpoint, iLink);
+		if (b->iFlags & SBreakpoint::EPersistant) continue;
+		count++;
+		}
+	TInt size = count*sizeof(RMemoryAccess::TBreakpointInfo);
+	HBuf* result = HBuf::New(size);
+	if (!result)
+		{
+		BreakpointUnlock();
+		return NULL;
+		}
+	result->SetLength(size);
+	RMemoryAccess::TBreakpointInfo* ptr = (RMemoryAccess::TBreakpointInfo*)result->Ptr();
+	RMemoryAccess::TBreakpointInfo* end = ptr + count;
+	for (SDblQueLink* link = iBreakpoints.First(); link != NULL && link != &iBreakpoints.iA && ptr < end; link=link->iNext)
+		{
+		SBreakpoint* b = _LOFF(link, SBreakpoint, iLink);
+		if (b->iFlags & SBreakpoint::EPersistant) continue; // We don't talk about persistant breakpoints, since they're an implementation detail of LtkUtils::Breakpoint() really
+		ptr->iThreadId = b->iThread->iId;
+		ptr->iBreakpointId = b->iBreakpointId;
+		ptr->iAddress = b->iAddress;
+		ptr->iFlags = 0;
+		if (b->iFlags & SBreakpoint::EDisabledPendingCodesegLoad) ptr->iFlags |= RMemoryAccess::TBreakpointInfo::EPending;
+		if (!(b->iFlags & SBreakpoint::EDisabledByUser)) ptr->iFlags |= RMemoryAccess::TBreakpointInfo::EEnabled;
+		if (b->IsHardware()) ptr->iFlags |= RMemoryAccess::TBreakpointInfo::EHardware;
+		ptr->iCondition = b->iCondition;
+		ptr++;
+		}
+	BreakpointUnlock();
+	return result;
+	}
+TInt DDebuggerEventHandler::RegisterPersistantBreakpoint(DThread* /*aThread*/, TLinAddr aAddress)
+	{
+	RMemoryAccess::TPredicate condition; // Default args means 'always pass'
+	SBreakpoint* b = new SBreakpoint(NULL, iNextBreakpointId, aAddress, condition); //  The thread is null to say any thread should trigger the breakpoint (ie truly global)
+	if (!b) return KErrNoMemory;
+	b->iFlags |= SBreakpoint::EPersistant;
+	BreakpointLock();
+	SBreakpoint* existingBreakpoint = FindBreakpointByAddress(b->iAddress);
+	if (existingBreakpoint)
+		{
+		BreakpointUnlock();
+		delete b;
+		return KErrAlreadyExists;
+		}
+	// No need to call ModifyCode because persistant breakpoints are ones that hard-code the invalid instruction
+	iBreakpoints.Add(&b->iLink);
+	BreakpointUnlock();
+	iNextBreakpointId++;
+	return KErrNone;
+	}
+TInt DDebuggerEventHandler::SetProgramCounter(DThread* aThread, TLinAddr aAddress)
+	{
+	// This can hold the breakpoint lock or not, doesn't care
+#if !defined(__WINS__) && !defined(FSHELL_9_1_SUPPORT) // win32 ekern doesn't even export this API let alone implement it
+	TUint32 regs[32];
+	TUint32 valid = 0;
+	NKern::ThreadGetUserContext(&aThread->iNThread, &regs[0], valid);
+	if (!(valid & (1<<15))) return KErrNotSupported; // If we can't read it, we can't set it
+	regs[15] = aAddress;
+	NKern::ThreadSetUserContext(&aThread->iNThread, &regs[0]);
+	return KErrNone;
+#else
+	(void)aThread;
+	(void)aAddress;
+	return KErrNotSupported;
+#endif
+	}
+void DDebuggerEventHandler::HandleRestoreCode(TLinAddr aAddress)
+	{
+	ASSERT_BREAKPOINT_LOCKED();
+	// This function is to update any shadow breakpoints that were relying on this address having been modified
+	// We can't promote any breakpoint that's marked as pending, we need to start tracking the breakpoint address
+	// as an offset to the codeseg run address before we can do that.
+	SBreakpoint* newRealBreakpoint = NULL;
+	for (SDblQueLink* link = iBreakpoints.First(); link != NULL && link != &iBreakpoints.iA; link=link->iNext)
+		{
+		SBreakpoint* b = _LOFF(link, SBreakpoint, iLink);
+		if (b->iAddress == aAddress && !b->IsHardware() && !(b->iFlags & SBreakpoint::EDisabled) && (b->iRealBreakpoint))
+			{
+			if (newRealBreakpoint == NULL)
+				{
+				// b is the new real one
+				b->iRealBreakpoint = NULL;
+				TInt err = ApplyBreakpoint(b, ESoftwareOnly);
+				if (err)
+					{
+					// Oh dear...
+					b->iFlags |= SBreakpoint::EDisabledPendingCodesegLoad;
+					b->iCodeSeg = NULL; // This saves me having to think what state to put it in - NULL means the breakpoint is dead forever
+					}
+				else
+					{
+					newRealBreakpoint = b;
+					}
+				}
+			else
+				{
+				b->iRealBreakpoint = newRealBreakpoint;
+				}
+			}
+		}
+	}
+void DDebuggerEventHandler::BreakpointLock()
+	{
+	NKern::ThreadEnterCS();
+	Kern::MutexWait(*iBreakpointMutex);
+	}
+void DDebuggerEventHandler::BreakpointUnlock()
+	{
+	Kern::MutexSignal(*iBreakpointMutex);
+	NKern::ThreadLeaveCS();
+	}
+TBool DDebuggerEventHandler::SBreakpoint::HasModifiedCode() const
+	{
+	return !(iFlags & EDisabled)
+		&& !(iFlags & EPersistant)
+		&& !IsHardware()
+		&& iRealBreakpoint == NULL;
+	}
+TBool DDebuggerEventHandler::SBreakpoint::IsHardware() const
+	{
+	return (iFlags & EHardware);
+	}
+void DDebuggerEventHandler::HandleCodesegRemoved(TAny* aPtr)
+	{
+	static_cast<DDebuggerEventHandler*>(aPtr)->DoHandleCodesegRemoved();
+	}
+void DDebuggerEventHandler::DoHandleCodesegRemoved()
+	{
+	for (;;)
+		{
+		Lock();
+		SDblQueLink* link = iRemovedCodesegs.GetFirst();
+		Unlock();
+		if (!link) break;
+		SRemovedCodeseg* r = _LOFF(link, SRemovedCodeseg, iLink);
+		// Check for breakpoints that have been removed by the oh-so-helpful CodeModifier
+		BreakpointLock();
+		for (SDblQueLink* link = iBreakpoints.First(); link != NULL && link != &iBreakpoints.iA; link=link->iNext)
+			{
+			SBreakpoint* b = _LOFF(link, SBreakpoint, iLink);
+			if (b->iCodeSeg == r->iCodeseg && b->iThread->iOwningProcess == r->iProcess && b->HasModifiedCode())
+				{
+				DCodeSeg* codeSeg = static_cast<DCodeSeg*>(b->iCodeSeg);
+				TBool hadModifiedCode = b->HasModifiedCode();
+				b->iFlags |= SBreakpoint::EDisabledPendingCodesegLoad;
+				HBuf* codesegName = HBuf::New(codeSeg->iRootName.Length());
+				if (codesegName)
+					{
+					// If it's null, we'll just never be able to reenable the breakpoint
+					codesegName->Copy(codeSeg->iRootName);
+					}
+				TInt codesegOffset = b->iAddress - codeSeg->iRunAddress;
+				b->iCodeSeg = codesegName;
+				if (hadModifiedCode)
+					{
+					HandleRestoreCode(b->iAddress);
+					}
+				b->iAddress = codesegOffset; // Pending breakpoints use iAddress to store the codeseg offset
+				}
+			}
+		BreakpointUnlock();
+		delete r;
+		}
+	}
+DDebuggerEventHandler::SBreakpoint::SBreakpoint(DThread* aThread, TInt aBreakpointId, TLinAddr aAddress, const RMemoryAccess::TPredicate& aCondition)
+	: iThread(aThread), iBreakpointId(aBreakpointId), iAddress(aAddress&~1), iCodeSeg(NULL), iFlags(0), iRealBreakpoint(NULL), iHardwareBreakpointId(-1), iHardwareBreakpointContextReg(-1), iMatch(NULL), iCondition(aCondition)
+	{
+	if (aAddress & 1) iFlags |= EThumb;
+	if (iThread)
+		{
+		iThread->Open();
+		iFlags |= EThreadSpecific;
+		}
+	}
+DDebuggerEventHandler::SBreakpoint::~SBreakpoint()
+	{
+	if (iThread) iThread->Close(NULL);
+	delete iMatch;
+	if (iFlags & SBreakpoint::EDisabledPendingCodesegLoad) delete (HBuf*)iCodeSeg;
+	}
+TInt DDebuggerEventHandler::ReadInstructions(DThread* aThread, TLinAddr aAddress, TInt aLength, TDes8& aData)
+	{
+	if (aLength > aData.MaxSize()) return KErrArgument;
+	TInt err = Kern::ThreadRawRead(aThread, (TAny*)aAddress, (TAny*)aData.Ptr(), aLength);
+	if (err) return err;
+	aData.SetLength(aLength);
+	// Now check if any of that data had breakpoints in that mean we've not read the real instruction values
+	BreakpointLock();
+	for (SDblQueLink* link = iBreakpoints.First(); link != NULL && link != &iBreakpoints.iA; link=link->iNext)
+		{
+		SBreakpoint* b = _LOFF(link, SBreakpoint, iLink);
+		if (b->iAddress >= aAddress && b->iAddress < aAddress + aLength && b->iOrigInstruction.Length())
+			{
+			TInt size = b->iFlags & SBreakpoint::EThumb ? 2 : 4;
+			TPtr8 instrBuf((TUint8*)aData.Ptr() + (b->iAddress - aAddress), size, size);
+			instrBuf.Copy(b->iOrigInstruction);
+			}
+		}
+	BreakpointUnlock();
+	return KErrNone;
+	}
+TInt DDebuggerEventHandler::ApplyHardwareBreakpoint(SBreakpoint* aBreakpoint)
+	{
+	ASSERT_BREAKPOINT_LOCKED();
+	// First, check the context registers and see if we have one for this thread
+	TInt contextReg = 0;
+	SBreakpoint* breakUsingFour = FindBreakpointUsingHardwareContextRegister(4);
+	SBreakpoint* breakUsingFive = FindBreakpointUsingHardwareContextRegister(5);
+	if (breakUsingFour && aBreakpoint->iThread == breakUsingFour->iThread) contextReg = 4;
+	if (breakUsingFive && aBreakpoint->iThread == breakUsingFive->iThread) contextReg = 5;
+	if (contextReg == 0 && breakUsingFour == NULL)
+		{
+		// Noone is using 4
+		contextReg = 4;
+		}
+	if (contextReg == 0 && breakUsingFive == NULL)
+		{
+		contextReg = 5;
+		}
+	LOG("fdbk: Using context reg %d", contextReg);
+	if (contextReg == 0) return KErrOverflow; // No free context registers
+	// Now find a free breakpoint reg
+	TInt breakreg = -1;
+	if (iFreeHwBreakpoints & 8) breakreg = 3;
+	if (iFreeHwBreakpoints & 4) breakreg = 2;
+	if (iFreeHwBreakpoints & 2) breakreg = 1;
+	if (iFreeHwBreakpoints & 1) breakreg = 0;
+	if (breakreg == -1) return KErrOverflow;
+	aBreakpoint->iHardwareBreakpointId = breakreg;
+	TInt err = KErrNone;
+#ifdef __SMP__
+	// Have to apply to every CPU in turn
+	const TInt num = NKern::NumberOfCpus();
+	TUint32 origAffinity = 0;
+	LOG("Applying breakpoint to all %d CPUs...", num);
+	for (TInt i = 0; i < num; i++)
+		{
+		TUint32 affinity = NKern::ThreadSetCpuAffinity(&Kern::CurrentThread().iNThread, i);
+		if (i == 0) origAffinity = affinity;
+		err = DoApplyHardwareBreakpoint(aBreakpoint, contextReg);
+		if (err)
+			{
+			// Disable the breakpoint on any CPUs we successfully applied it on
+			for (TInt j = 0; j < i; j++)
+				{
+				NKern::ThreadSetCpuAffinity(&Kern::CurrentThread().iNThread, j);
+				DoClearHardwareBreakpoint(aBreakpoint);
+				}
+			break;
+			}
+		}
+	// Restore original affinity
+	NKern::ThreadSetCpuAffinity(&Kern::CurrentThread().iNThread, origAffinity);
+#else
+	err = DoApplyHardwareBreakpoint(aBreakpoint, contextReg);
+#endif
+	if (err == KErrNone)
+		{
+		iFreeHwBreakpoints &= ~(1<<breakreg);
+		}
+	return err;
+	}
+TInt DDebuggerEventHandler::DoApplyHardwareBreakpoint(SBreakpoint* aBreakpoint, TInt aContextReg)
+	{
+#if defined(__EABI__)
+#if defined(FSHELL_ARM_MEM_MAPPED_DEBUG)
+	if (iDebugRegistersChunk == NULL)
+		{
+		// Need to setup mapping for debug registers
+		TUint drar = GetDrar();
+		TUint dsar = GetDsar();
+		//Kern::Printf("drar=0x%08x dsar=0x%08x", drar, dsar);
+		if ((dsar & 3) != 3)
+			{
+			Kern::Printf("fdbk: DSAR enabled bits are not set - aborting");
+			return KErrNotSupported;
+			}
+		TPhysAddr physAddr = (drar & ~3) + (dsar & ~3); // We don't check validity of DRAR, TI set it incorrectly to 0x0 (invalid) on 3530
+		if (physAddr == 0x52011000) physAddr = 0x54011000; // TI got this wrong too...
+		const TInt KDebugRegSize = 0x10000; // 64K so we can reach DBGEN on 3530
+		TUint attrib;
+		new(&attrib) TMappingAttributes2(/*EMemAttNormalUncached*/ EMemAttStronglyOrdered, EFalse, ETrue);
+		TInt err = DPlatChunkHw::New(iDebugRegistersChunk, physAddr, KDebugRegSize, attrib);
+		if (err < 0)
+			{
+			Kern::Printf("fdbk: Error mapping debug registers - %d", err);
+			return err;
+			}
+		LOG("debug registers from 0x%08x mapped at 0x%08x", physAddr, iDebugRegistersChunk->LinearAddress());
+		}
+#endif
+#if defined(FSHELL_ARM11XX_SUPPORT) || defined(FSHELL_ARM_MEM_MAPPED_DEBUG)
+	// First. check debug status register (DSCR) to check that monitor mode is enabled (and thus that the BCRs are writeable)
+	TUint dscr = GetDscr();
+	//Kern::Printf("dscr=0x%08x", dscr);
+#ifdef FSHELL_ARM_MEM_MAPPED_DEBUG
+	// Check for DBGEN (via authstatus register) too, we need it
+	TUint authStatus = *(TUint32*)(iDebugRegistersChunk->LinearAddress() + 0xFB8);
+	LOG("authStatus = 0x%08x", authStatus);
+	if ((authStatus & 1) == 0)
+		{
+		// DBGEN not enabled - try the magic barely documented 3530 way of setting it
+		LOG("Setting Lock Access Register");
+		WriteRegister(ELockAccessOffset, 0xC5ACCE55);
+		Kern::Printf("Reading CONTROL_SEC_EMU from 0x48002A64...");
+		TUint attrib;
+		new(&attrib) TMappingAttributes2(/*EMemAttNormalUncached*/ EMemAttStronglyOrdered, EFalse, ETrue);
+		DPlatChunkHw* crazyOmapRegs = NULL;
+		DPlatChunkHw::New(crazyOmapRegs, 0x48002000, 0x1000, attrib);
+		TUint32 controlsecemu = *(TUint32*)(crazyOmapRegs->LinearAddress() + 0xa64);
+		Kern::Printf("CONTROL_SEC_EMU = 0x%08x", controlsecemu);
+		Kern::Printf("Trying 3530 approach to enabling DBGEN...");
+		TUint32 volatile * dbgenWord = (TUint32*)(iDebugRegistersChunk->LinearAddress() + 0xc030);
+		Kern::Printf("DBGEN word = 0x%08x", *dbgenWord);
+		*dbgenWord |= (1 << 13); // Set bit 13 of 0x5401d030 is how you do it, apparently
+		//*dbgenWord = 0xFFFFFFFF;
+		// Now do as ASM says and DSB, poll for DSCR (or just wait a bit) then ISB
+		Dsb();
+		Kern::Printf("Wasting time waiting for dbgen....");
+		Isb();
+		Kern::Printf("DBGEN word is now 0x%08x", *dbgenWord);
+		authStatus = *(TUint32*)(iDebugRegistersChunk->LinearAddress() + 0xFB8);
+		Kern::Printf("authStatus is now 0x%08x", authStatus);
+		}
+#endif
+	if ((dscr & 0xC000) != 0x8000)
+		{
+		// Set bits [15:14] to b10
+		dscr = (dscr & ~0xC000) | 0x8000;
+		//Kern::Printf("Setting monitor mode in DSCR...");
+		SetDscr(dscr); // If there's a JTAG doing halt-mode debugging this is gonna crash. Oh well.
+		}
+	dscr = GetDscr();
+	//Kern::Printf("dscr from MCR=0x%08x", dscr);
+#else
+	// Is ARM, but not ARM11 or A8
+	(void)aBreakpoint;
+	(void)aContextReg;
+	return KErrNotSupported;
+#endif
+	TUint32 contextId = GetArmContextIdForThread(aBreakpoint->iThread);
+	//Kern::Printf("fdbk: fdb thinks contextId is 0x%08x", contextId);
+	//return KErrNotSupported; //DEBUG
+	SetContextIdBrp(aContextReg, contextId);
+	// Now need to construct the BCR register value
+	const TUint32 KArmBcr = 0x001001E5;
+	//const TUint32 KArmBcr = 0x000001E5; // DEBUG disable context match
+	//TUint32 bcr = ReadBcr(aBreakReg);
+	TUint32 bcr = KArmBcr;
+	bcr |= aContextReg << 16;
+	if (aBreakpoint->iFlags & SBreakpoint::EThumb)
+		{
+		const TUint32 KByteSelectMask = 0x1E0;
+		// These assume a little-endian world
+		const TUint32 KMiddleOfWordThumbByteSelect = 0x180; // [8:5] = b1100
+		const TUint32 KWordAlignedThumbByteSelect = 0x060; // [8:5] = b0011
+		bcr = bcr & ~KByteSelectMask;
+		if (aBreakpoint->iAddress & 2)
+			{
+			bcr |= KMiddleOfWordThumbByteSelect;
+			}
+		else
+			{
+			bcr |= KWordAlignedThumbByteSelect;
+			}
+		}
+	SetBreakpointPair(aBreakpoint->iHardwareBreakpointId, aBreakpoint->iAddress & ~3, bcr);
+	return KErrNone;
+#else
+	(void)aBreakpoint;
+	(void)aContextReg;
+	return KErrNotSupported;
+#endif
+	}
+TUint32 DDebuggerEventHandler::GetArmContextIdForThread(DThread* aThread)
+	{
+#if (defined(FSHELL_ARM11XX_SUPPORT) || defined(FSHELL_ARM_MEM_MAPPED_DEBUG)) && defined(__MARM__)
+	// This is according to TScheduler::Reschedule (gulp)
+	TUint asid = static_cast<DMemModelProcess*>(aThread->iOwningProcess)->iOsAsid;
+	//TUint32 result = (((TUint32)&aThread->iNThread >> 6) << 8) | asid;
+	TUint32 result = (TUint32)&aThread->iNThread;
+	result = (result << 2) & ~0xFF;
+	result |= (asid & 0xFF);
+	return result;
+#else
+	(void)aThread;
+	return 0;
+#endif
+	}
+#ifdef FSHELL_ARM_MEM_MAPPED_DEBUG
+TUint32 DDebuggerEventHandler::ReadRegister(TInt aRegisterOffset)
+	{
+	return *(TUint32*)(iDebugRegistersChunk->LinearAddress() + aRegisterOffset);
+	}
+void DDebuggerEventHandler::WriteRegister(TInt aRegisterOffset, TUint32 aValue)
+	{
+	TUint32* reg = (TUint32*)(iDebugRegistersChunk->LinearAddress() + aRegisterOffset);
+	*reg = aValue;
+	}
+#endif // FSHELL_ARM_MEM_MAPPED_DEBUG
+#ifdef __EABI__
+void DDebuggerEventHandler::SetDscr(TUint32 aVal)
+	{
+#ifdef FSHELL_ARM_MEM_MAPPED_DEBUG
+	TUint32* dscrAddr = (TUint32*)(iDebugRegistersChunk->LinearAddress() + EDscrOffset);
+	*dscrAddr = aVal;
+#else
+	MCR_SetDscr(aVal);
+#endif
+	}
+void DDebuggerEventHandler::SetBreakpointPair(TInt aRegister, TUint aBvrValue, TUint aBcrValue)
+	{
+	LOG("fdbk: SetBreakpointPair(reg=%d, bvr=0x%08x, bcr=0x%08x)", aRegister, aBvrValue, aBcrValue);
+#ifdef FSHELL_ARM_MEM_MAPPED_DEBUG
+	// This is the sequence the ARM ARM recommends
+	TUint32* bcrAddr = (TUint32*)(iDebugRegistersChunk->LinearAddress() + EBcrOffset + aRegister*4);
+	TUint32* bvrAddr = (TUint32*)(iDebugRegistersChunk->LinearAddress() + EBvrOffset + aRegister*4);
+	// Disable the breakpoint
+	//*bcrAddr = 0;
+	//Imb();
+	*bvrAddr = aBvrValue;
+	*bcrAddr = aBcrValue;
+#else
+	MCR_SetBreakpointPair(aRegister, aBvrValue, aBcrValue);
+#endif
+	Imb();
+	}
+TUint DDebuggerEventHandler::ReadBcr(TInt aRegister)
+	{
+//#ifdef FSHELL_ARM_MEM_MAPPED_DEBUG
+//	TUint32* bcrAddr = (TUint32*)(iDebugRegistersChunk->LinearAddress() + EBcrOffset + aRegister*4);
+//	return *bcrAddr;
+//#else
+	return MRC_ReadBcr(aRegister);
+//#endif
+	}
+void DDebuggerEventHandler::SetContextIdBrp(TInt aRegister, TUint aContextId)
+	{
+#ifdef FSHELL_ARM_MEM_MAPPED_DEBUG
+	// This is according to "ARM 13.3.9. CP14 c80-c85, Breakpoint Control Registers (BCR)"
+	const TUint KContextIdBCR = 0x003001E7;
+	SetBreakpointPair(aRegister, aContextId, KContextIdBCR);
+#else
+	LOG("SetContextIdBrp %d 0x%08x", aRegister, aContextId);
+	MCR_SetContextIdBrp(aRegister, aContextId);
+	Imb();
+#endif
+	}
+#endif
+void DDebuggerEventHandler::RemoveAllHardwareBreakpointsForThread(DThread* aThread)
+	{
+	BreakpointLock();
+	for (SDblQueLink* link = iBreakpoints.First(); link != NULL && link != &iBreakpoints.iA;)
+		{
+		SBreakpoint* b = _LOFF(link, SBreakpoint, iLink);
+		link=link->iNext; // Do this before potentially calling ClearBreakpoint, because that will delete the breakpoint, invalidating link
+		if (b->IsHardware() && b->MatchesThread(aThread))
+			{
+			ClearBreakpoint(b);
+			}
+		}
+	BreakpointUnlock();
+	}
+TInt DDebuggerEventHandler::MoveBreakpointToNextInstructionForThread(DThread* aThread, SBreakpoint* aBreakpoint)
+	{
+#ifdef __EABI__
+	ASSERT_BREAKPOINT_LOCKED();
+	TUint32 notUsed = 0;
+	TBool aModeChange = EFalse;
+	TLinAddr nextAddr = PCAfterInstructionExecutes(aThread, aBreakpoint->iAddress, notUsed, aBreakpoint->iFlags & SBreakpoint::EThumb ? 2 : 4, notUsed, aModeChange);
+	LOG("fdbk: Next instruction after %x is %x", aBreakpoint->iAddress, nextAddr);
+	RMemoryAccess::TPredicate alwaysPass;
+	SBreakpoint* temp = new SBreakpoint(aThread, iNextBreakpointId, nextAddr, alwaysPass);
+	if (!temp) return KErrNoMemory;
+	iBreakpoints.Add(&temp->iLink);
+	const TBool hw = aBreakpoint->IsHardware();
+	if (hw) UnapplyBreakpoint(aBreakpoint); // If it's hardware, it's ok to unapply it before adding the temp one because hw breakpoints are thread-specific. For software, we want the new one in place before we remove this one to make sure we don't miss stuff
+	TInt err = ApplyBreakpoint(temp, hw ? EHardwareOnly : ESoftwareOnly);
+	if (err)
+		{
+		// This really shouldn't fail if hw - we still have the lock and we know there's a free BRP cos we just unapplied aBreakpoint
+		temp->iLink.Deque();
+		delete temp;
+		return err;
+		}
+	if (!hw) UnapplyBreakpoint(aBreakpoint);
+	aBreakpoint->iFlags |= SBreakpoint::EDisabledDuringContinue;
+	temp->iFlags |= SBreakpoint::ETempContinue;
+	temp->iRealBreakpoint = aBreakpoint;
+	iNextBreakpointId++;
+	return KErrNone;
+#else
+	(void)aThread;
+	(void)aBreakpoint;
+	return KErrNotSupported;
+#endif
+	}
+void DDebuggerEventHandler::SBreakpoint::SetThreadMatchPattern(HBuf* aMatch)
+	{
+	ASSERT(iMatch == NULL);
+	ASSERT(iThread == NULL);
+	ASSERT((iFlags & EThreadSpecific) == 0);
+	iMatch = aMatch;
+	}
+TBool DDebuggerEventHandler::SBreakpoint::MatchesThread(DThread* aThread) const
+	{
+	TBool match = EFalse;
+	if (iFlags & EThreadSpecific)
+		{
+		match = (aThread == iThread);
+		}
+	else if (iMatch == NULL)
+		{
+		match = ETrue;
+		}
+	else
+		{
+		TFullName threadName;
+		aThread->FullName(threadName);
+		match = threadName.MatchF(*iMatch);
+		}
+	if (match && iCondition.HasConditions())
+		{
+#ifdef __MARM__
+		TUint32 regs[32];
+		TUint32 valid = 0;
+		NKern::ThreadGetUserContext(&aThread->iNThread, &regs[0], valid);
+		match = iCondition.SatisfiesConditions(regs);
+#endif
+		}
+	return match;
+	}
+//
+const TUint32 KOpMask = 0xF;
+TBool RMemoryAccess::TPredicate::SatisfiesConditions(TUint32* aRegisterSet) const
+	{
+	for (TInt slot = 0; slot < KNumSlots; slot++)
+		{
+		TInt slotShift = slot * 8;
+		TUint32 opAndReg = (iOp >> slotShift) & 0xFF;
+		TOp op = (TOp)(opAndReg & KOpMask);
+		TInt reg = opAndReg >> 4;
+		TBool match = Test(op, aRegisterSet[reg], iVals[slot]);
+		if (!match) return EFalse;
+		}
+	return ETrue;
+	}
+TBool RMemoryAccess::TPredicate::Test(TOp aOperation, TUint32 aCurrentValue, TUint32 aStoredValue)
+	{
+	LOG("Testing op %d %u against %u", aOperation, aCurrentValue, aStoredValue);
+	switch (aOperation)
+		{
+		case ENothing:
+			return ETrue;
+		case EEq:
+		case ESignedEq:
+			return (aCurrentValue == aStoredValue);
+		case ENe:
+		case ESignedNe:
+			return (aCurrentValue != aStoredValue);
+		case ELt:
+			return (aCurrentValue < aStoredValue);
+		case ELe:
+			return (aCurrentValue <= aStoredValue);
+		case EGt:
+			return (aCurrentValue > aStoredValue);
+		case EGe:
+			return (aCurrentValue >= aStoredValue);
+		case ESignedLt:
+			return ((TInt32)aCurrentValue < (TInt32)aStoredValue);
+		case ESignedLe:
+			return ((TInt32)aCurrentValue <= (TInt32)aStoredValue);
+		case ESignedGt:
+			return ((TInt32)aCurrentValue > (TInt32)aStoredValue);
+		case ESignedGe:
+			return ((TInt32)aCurrentValue >= (TInt32)aStoredValue);
+		}
+	return EFalse; // Compiler shutter-upper
+	}
+TUint DDebuggerEventHandler::GetCreatorThread(TUint aThreadId)
+	{
+	TCreatorInfo dummy(aThreadId, 0);
+	TUint result = 0;
+	BreakpointLock();
+	TInt found = iCreatorInfo.FindInUnsignedKeyOrder(dummy);
+	if (found != KErrNotFound)
+		{
+		result = iCreatorInfo[found].iCreatorThreadId;
+		}
+	BreakpointUnlock();
+	return result;
+	}

changeset 0	7f656887cf89
child 9	257450419d10