MacOSX rxusb tool - failing with segfault

Hi folks-

Anyone seen this kind of behavior from DJ Delorie's rxusb tool?

macbook-wifi:test ebrundic$ rxusb -v -v -v rdk-blinky1.elf
--size-- -------vma------- -------lma-------
[load 32c fff80000-fff8032b fff80000-fff8032b ]
[load 430 fff8032c-fff8075b fff8032c-fff8075b ]
[load 64 ffffff9c-ffffffff ffffff9c-ffffffff ]
0xfff8---- 00 01 02 03 04 05 06 07 -- -- -- -- -- -- -- --
0xffff---- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- ff
U55 e6
Command: #23
Response: aa [T]
Command: #23
Response: aa [T]
Command: #23
Response: aa [T]
Command: #23
Response: aa [T]
Command: #23
Response: aa [T]
Command: #23
Response: aa [T]Segmentation fault

I have this set up with the J-Link disable (jumper installed), USB in function mode, SW5 in OFF/ON/ON/ON and USB cable plugged into the USB function port (not J-Link).  The O/S sees the Renesas device in System Profiler.

The libusb implementation used comes from MacPorts, I've tried libusb (1.0.9) and libusb-legacy (0.1.12) with the tool and they both produce the same results.

I'm also not familiar with the bootloader protocol yet, is there any insight from the responses as to what might be going wrong?

  • If this is the RXRDK board, did you replace R42 with a 100K one?  The 10K that's installed is too strong a pull-up to produce a "disconnect" state on reset (test by power cycling the board instead of resetting it).  You also need to reset the chip just before running rxusb.

    The [T] means "timeout".  Since every command results in a timeout, most likely either (1) the chip isn't in USB bootloader mode, or (2) rxusb isn't connecting to the right usb port for some reason.

  • In reply to DJ Delorie:

    Ahh k, I did not replace that resistor.  I have some 100K 0603's so I can try those later.  Thanks!

  • In reply to Eric Brundick:

    Small update- I snapped R42 off the board completely (looks like that should be OK in funct mode), got the same results with rxusb on the Mac.  For what it's worth, FDT can reflash it (with USB boot mode) in Windows though.

  • In reply to Eric Brundick:

    Got it working!

    Magic change was this in rxlib.c:

    static int

    rx_command (int command)

    {

     cmd = lookup_cmd (command);

     int csum, i, x;

     int tries = 5;

     //serial_drain ();

     serial_set_timeout (50 + 1000 * cmd->long_timeout);

    Note the comment on the serial_drain() call.  I guess that call was mucking things up for some reason.

    rdk-blinky1 is doing a ring of LED blinks with one advancing every rotation.

    Output of rxusb command (had made a couple changes to the code too to add debugging)-

    wmmit032091:test ebrundic$ rxusb -v -v -v rdk-blinky1.elf
    --size-- -------vma------- -------lma-------
    [load 32c fff80000-fff8032b fff80000-fff8032b ]
    [load 430 fff8032c-fff8075b fff8032c-fff8075b ]
    [load 64 ffffff9c-ffffffff ffffff9c-ffffffff ]
    0xfff8---- 00 01 02 03 04 05 06 07 -- -- -- -- -- -- -- --
    0xffff---- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- ff

    reset
    U55 e6 yay!

    Command: 20
    Response: 030 12 01 10 636 y79 030 535 R52 X58 636 030 030 20 S53 e65 r72 i69 e65 s73 ce Chip 0: code 6y05 product RX600 Series

    Command: 06
    Command: #23
    Response: 333 09 02 03 20 '27 10 03 20 13 88 aa clock[0]: 8 - 100 MHz
    clock[1]: 8 - 50 MHz

    Command: %25
    Response: 535 09 01 ff f8 00 00 ff ff ff ff ce ProgMem[00]: 0xfffffffffff80000 - 0xffffffffffffffff, size 0x00080000 (512 kb)

    Command: $24
    Response: 434 09 00 00 00 00 00 00 00 00 00 c3
    Command: +2b
    Response: ;3b 09 01 00 10 00 00 00 10 7f ff 1d DataFlash[00]: 0x00100000 - 0x00107fff, size 0x00008000 (32 kb)

    Command: &26
    Response: 636 01 b1 636 ff ff f0 00 ff ff ff ff ff ff e0 00 ff ff ef ff ff ff d0 00 ff ff df ff ff ff c0 00 ff ff cf ff ff ff b0 00 ff ff bf ff ff ff a0 00 ff ff af ff ff ff 90 00 ff ff 9f ff ff ff 80 00 ff ff 8f ff ff ff @40 00 ff ff 7f ff ff ff 00 00 ff ff ?3f ff ff fe c0 00 ff fe ff ff ff fe 80 00 ff fe bf ff ff fe @40 00 ff fe 7f ff ff fe 00 00 ff fe ?3f ff ff fd c0 00 ff fd ff ff ff fd 80 00 ff fd bf ff ff fd @40 00 ff fd 7f ff ff fd 00 00 ff fd ?3f ff ff fc c0 00 ff fc ff ff ff fc 80 00 ff fc bf ff ff fc @40 00 ff fc 7f ff ff fc 00 00 ff fc ?3f ff ff fb c0 00 ff fb ff ff ff fb 80 00 ff fb bf ff ff fb @40 00 ff fb 7f ff ff fb 00 00 ff fb ?3f ff ff fa c0 00 ff fa ff ff ff fa 80 00 ff fa bf ff ff fa @40 00 ff fa 7f ff ff fa 00 00 ff fa ?3f ff ff f9 c0 00 ff f9 ff ff ff f9 80 00 ff f9 bf ff ff f9 @40 00 ff f9 7f ff ff f9 00 00 ff f9 ?3f ff ff f8 c0 00 ff f8 ff ff ff f8 80 00 ff f8 bf ff ff f8 @40 00 ff f8 7f ff ff f8 00 00 ff f8 ?3f ff 00 10 x78 00 00 10 7f ff 00 10 p70 00 00 10 w77 ff 00 10 h68 00 00 10 o6f ff 00 10 `60 00 00 10 g67 ff 00 10 X58 00 00 10 _5f ff 00 10 P50 00 00 10 W57 ff 00 10 H48 00 00 10 O4f ff 00 10 @40 00 00 10 G47 ff 00 10 838 00 00 10 ?3f ff 00 10 030 00 00 10 737 ff 00 10 (28 00 00 10 /2f ff 00 10 20 00 00 10 '27 ff 00 10 18 00 00 10 1f ff 00 10 10 00 00 10 17 ff 00 10 08 00 00 10 0f ff 00 10 00 00 00 10 07 ff c6 FlashPage[00]: 0xfffffffffffff000 - 0xffffffffffffffff, size 0x00001000
    FlashPage[01]: 0xffffffffffffe000 - 0xffffffffffffefff, size 0x00001000
    FlashPage[02]: 0xffffffffffffd000 - 0xffffffffffffdfff, size 0x00001000
    FlashPage[03]: 0xffffffffffffc000 - 0xffffffffffffcfff, size 0x00001000
    FlashPage[04]: 0xffffffffffffb000 - 0xffffffffffffbfff, size 0x00001000
    FlashPage[05]: 0xffffffffffffa000 - 0xffffffffffffafff, size 0x00001000
    FlashPage[06]: 0xffffffffffff9000 - 0xffffffffffff9fff, size 0x00001000
    FlashPage[07]: 0xffffffffffff8000 - 0xffffffffffff8fff, size 0x00001000
    FlashPage[08]: 0xffffffffffff4000 - 0xffffffffffff7fff, size 0x00004000
    FlashPage[09]: 0xffffffffffff0000 - 0xffffffffffff3fff, size 0x00004000
    FlashPage[10]: 0xfffffffffffec000 - 0xfffffffffffeffff, size 0x00004000
    FlashPage[11]: 0xfffffffffffe8000 - 0xfffffffffffebfff, size 0x00004000
    FlashPage[12]: 0xfffffffffffe4000 - 0xfffffffffffe7fff, size 0x00004000
    FlashPage[13]: 0xfffffffffffe0000 - 0xfffffffffffe3fff, size 0x00004000
    FlashPage[14]: 0xfffffffffffdc000 - 0xfffffffffffdffff, size 0x00004000
    FlashPage[15]: 0xfffffffffffd8000 - 0xfffffffffffdbfff, size 0x00004000
    FlashPage[16]: 0xfffffffffffd4000 - 0xfffffffffffd7fff, size 0x00004000
    FlashPage[17]: 0xfffffffffffd0000 - 0xfffffffffffd3fff, size 0x00004000
    FlashPage[18]: 0xfffffffffffcc000 - 0xfffffffffffcffff, size 0x00004000
    FlashPage[19]: 0xfffffffffffc8000 - 0xfffffffffffcbfff, size 0x00004000
    FlashPage[20]: 0xfffffffffffc4000 - 0xfffffffffffc7fff, size 0x00004000
    FlashPage[21]: 0xfffffffffffc0000 - 0xfffffffffffc3fff, size 0x00004000
    FlashPage[22]: 0xfffffffffffbc000 - 0xfffffffffffbffff, size 0x00004000
    FlashPage[23]: 0xfffffffffffb8000 - 0xfffffffffffbbfff, size 0x00004000
    FlashPage[24]: 0xfffffffffffb4000 - 0xfffffffffffb7fff, size 0x00004000
    FlashPage[25]: 0xfffffffffffb0000 - 0xfffffffffffb3fff, size 0x00004000
    FlashPage[26]: 0xfffffffffffac000 - 0xfffffffffffaffff, size 0x00004000
    FlashPage[27]: 0xfffffffffffa8000 - 0xfffffffffffabfff, size 0x00004000
    FlashPage[28]: 0xfffffffffffa4000 - 0xfffffffffffa7fff, size 0x00004000
    FlashPage[29]: 0xfffffffffffa0000 - 0xfffffffffffa3fff, size 0x00004000
    FlashPage[30]: 0xfffffffffff9c000 - 0xfffffffffff9ffff, size 0x00004000
    FlashPage[31]: 0xfffffffffff98000 - 0xfffffffffff9bfff, size 0x00004000
    FlashPage[32]: 0xfffffffffff94000 - 0xfffffffffff97fff, size 0x00004000
    FlashPage[33]: 0xfffffffffff90000 - 0xfffffffffff93fff, size 0x00004000
    FlashPage[34]: 0xfffffffffff8c000 - 0xfffffffffff8ffff, size 0x00004000
    FlashPage[35]: 0xfffffffffff88000 - 0xfffffffffff8bfff, size 0x00004000
    FlashPage[36]: 0xfffffffffff84000 - 0xfffffffffff87fff, size 0x00004000
    FlashPage[37]: 0xfffffffffff80000 - 0xfffffffffff83fff, size 0x00004000
    FlashPage[38]: 0x00107800 - 0x00107fff, size 0x00000800
    FlashPage[39]: 0x00107000 - 0x001077ff, size 0x00000800
    FlashPage[40]: 0x00106800 - 0x00106fff, size 0x00000800
    FlashPage[41]: 0x00106000 - 0x001067ff, size 0x00000800
    FlashPage[42]: 0x00105800 - 0x00105fff, size 0x00000800
    FlashPage[43]: 0x00105000 - 0x001057ff, size 0x00000800
    FlashPage[44]: 0x00104800 - 0x00104fff, size 0x00000800
    FlashPage[45]: 0x00104000 - 0x001047ff, size 0x00000800
    FlashPage[46]: 0x00103800 - 0x00103fff, size 0x00000800
    FlashPage[47]: 0x00103000 - 0x001037ff, size 0x00000800
    FlashPage[48]: 0x00102800 - 0x00102fff, size 0x00000800
    FlashPage[49]: 0x00102000 - 0x001027ff, size 0x00000800
    FlashPage[50]: 0x00101800 - 0x00101fff, size 0x00000800
    FlashPage[51]: 0x00101000 - 0x001017ff, size 0x00000800
    FlashPage[52]: 0x00100800 - 0x00100fff, size 0x00000800
    FlashPage[53]: 0x00100000 - 0x001007ff, size 0x00000800

    Command: '27
    Response: 737 02 04 00 c3 Chip 0: code 6y05 product RX600 Series

    Command: 06
    Command: !21
    Response: 131 01 00 ce
    Command: 06
    Command: 06
    Command: 06 06
    Command: @40 06
    Command: L4c 80 L4c
    Command: M4d 06 blank check: user 0 boot 76

    Command: M4d 06
    Command: O4f
    Response: _5f 02 ?3f 00 `60
    Command: C43 06
    Command: 06
    Command: 06
    Command: O4f
    Response: _5f 02 ?3f 00 `60
    Command: C43 06
    Command: 06
    Command: 06
    Command: O4f
    Response: _5f 02 ?3f 00 `60
    Command: C43 06
    Command: 06
    Command: 06
    all pages programmed and verified!

    Command: O4f
    Response: _5f 02 ?3f 00 `60

  • In reply to Eric Brundick:

    Ok, added a whole bunch of printf()'s to rxlib.c and rxusb.c, re-enabled serial_drain() in rx_command and here's the output:

    wmmit032091:test ebrundic$ rxusb -v -v -v rdk-blinky1.elf
    --size-- -------vma------- -------lma-------
    [load 32c fff80000-fff8032b fff80000-fff8032b ]
    [load 430 fff8032c-fff8075b fff8032c-fff8075b ]
    [load 64 ffffff9c-ffffffff ffffff9c-ffffffff ]
    0xfff8---- 00 01 02 03 04 05 06 07 -- -- -- -- -- -- -- --
    0xffff---- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- ff

    reset
    U55 serial_read: wbuf.count=1; issuing serial_sync()
    serial_sync: issuing maybe_write(1)
    maybe_write: called with all=1
    serial_read: rbuf.count=0; issuing usb_read_maybe(1)
    e6 yay!
    rx_command: issuing serial_drain()
    usb_read_maybe: usb_bulk_read attempted but ETIMEDOUT result
    serial_drain: usb_read_maybe(0) completed; rbuf.count=0
    rx_command: issuing serial_set_timeout(50)

    Command: #23
    Response: serial_read: wbuf.count=1; issuing serial_sync()
    serial_sync: issuing maybe_write(1)
    maybe_write: called with all=1
    serial_read: rbuf.count=0; issuing usb_read_maybe(1)
    aa serial_read: rbuf.count=0; issuing usb_read_maybe(1)
    usb_read_maybe: usb_bulk_read attempted but ETIMEDOUT result
    [T]
    Command: #23
    Response: serial_read: wbuf.count=1; issuing serial_sync()
    serial_sync: issuing maybe_write(1)
    maybe_write: called with all=1
    serial_read: rbuf.count=0; issuing usb_read_maybe(1)
    aa serial_read: rbuf.count=0; issuing usb_read_maybe(1)

    Is usb_bulk_read() supposed to return ETIMEDOUT when no data is ready?  Or is the application expecting it to return gracefully (looks like if r=0 on return from usb_read_bulk, the usb_read_maybe function returns silently)?

  • In reply to Eric Brundick:

    I'm guessing this is just some oddity where Linux behaves one way, MacOSX behaves another.  Perhaps an option to disable gratuitous draining in rx_command() would help...

    Also one very minor nitpick: "make clean" doesn't delete rxusb :-)

  • In reply to Eric Brundick:

    DJ- I created a patch for your flash-tool.tar.gz app which adds the "-d" option (disable gratuitous drains), it just sets a new global present in rxlib.c (defaults to 1, -d sets it to 0).  Patch is here: spirilis.net/.../delorie-flashtool-macfriendly.patch (also deletes rxusb with make clean)

  • In reply to Eric Brundick:

    Got the 100K resistor and pushbutton in place, the resistor didn't seem to make a difference over having none at all, but the pushbutton sure does make it nice! :)

  • In reply to Eric Brundick:

    The 100k resistor is for the RX chip's benefit, not the USB bus.  It's just a weak pull-up, but 10K wasn't weak enough.

    The serial_flush() thing is needed for when the RX commands are going over an actual serial line, if the drain isn't needed by the usb layer it should be disabled at the usb layer, although I can't say I know how/when it would be used by the usb layer.  For the serial layer you need it to remove line noise during reset.  The idea is to make sure that any bytes you read after sending a command were generated by the command, and not sitting in the receive buffer from before that.

  • In reply to Eric Brundick:

    I added rxusb to my "make clean".  Thanks!