supplierdeeply

VxWorks ROMLOG binary data format needed.

  • 15 Replies
  • 2631 Views
  • Publish
    VxWorks ROMLOG binary data format needed.
    « on: 01 / July / 2010, 14:14:24 »
    Advertisements
    Hello everybody.
    Does anybody knows format of binary data in the VxWorks ROMLOG file?
    I have sporadic crashes and want to investigate the reason.
    Have dumped ROM LOG already, but registers are all in binary and I have difficulties to find PC (R15) value.
    Can someone help with this?
    Any information is highly appreciated.

    *

    Offline reyalp

    • ******
    • 9951
  • Publish
    Re: VxWorks ROMLOG binary data format needed.
    « Reply #1 on: 01 / July / 2010, 15:50:01 »
    Hello everybody.
    Does anybody knows format of binary data in the VxWorks ROMLOG file?
    I have sporadic crashes and want to investigate the reason.
    Have dumped ROM LOG already, but registers are all in binary and I have difficulties to find PC (R15) value.
    Can someone help with this?
    Any information is highly appreciated.
    You should be able to figure this out from the functions that write the information to the log. From what I can tell, these should be identified by the strings
    "Exception!! Vector 0x%02X" and "ASSERT!! %s Line %d"

    Both call a function referencing the string "Log Write to ROM... "

    all of the above from a540, but most vx cameras should be similar.


    There is a function in the firmware that decodes this and displays sends it to the camera console. You should be able to use that to write your own (or possibly just call the function and with stdout logging enabled).

    You may also be able to capture this by calling some functions with CAM_CONSOLE_LOG_ENABLE set.
    Don't forget what the H stands for.

  • Publish
    Re: VxWorks ROMLOG binary data format needed.
    « Reply #2 on: 02 / July / 2010, 03:30:56 »
    Thanks, I have found those function already too.

  • Publish
    Re: VxWorks ROMLOG binary data format needed.
    « Reply #3 on: 02 / July / 2010, 06:26:48 »
    Well, I have written the parser.
    I need ROM logs from some VxWorks cameras to test it before releasing sources.


    *

    Offline reyalp

    • ******
    • 9951
  • Publish
    Re: VxWorks ROMLOG binary data format needed.
    « Reply #4 on: 02 / July / 2010, 12:25:23 »
    Great :D

    Here's one from a540
    Don't forget what the H stands for.

    *

    Offline whoever

    • ****
    • 280
    • IXUS950
  • Publish
    Re: VxWorks ROMLOG binary data format needed.
    « Reply #5 on: 02 / July / 2010, 14:30:40 »
    Incidentally, Ixus950 is an VxWorks camera, but its ROMLOG, at least one resulting from DebugAssert, is in plain text...

  • Publish
    Re: VxWorks ROMLOG binary data format needed.
    « Reply #6 on: 03 / July / 2010, 10:14:38 »
    reyalp, ROMLOG header looks very strange to me...
    Maybe different cameras uses different offsets.
    Can someone else post ROMLOG example?

    Here is the code from A540 disassembly:

    Code: (asm) [Select]
    ROM:FFECAAB0                 LDR     R1, [R4]
    ROM:FFECAAB4                 MOV     R2, #0x190        <--- Size of data to add
    ROM:FFECAAB8                 MOV     R0, R6
    ROM:FFECAABC                 BL      sub_FFECA2F0        <--- Add data to ROMLOG
    ROM:FFECAAC0                 LDR     R3, [R5]
    ROM:FFECAAC4                 LDR     R2, [R4]
    ROM:FFECAAC8                 STR     R0, [R3,#0x54]        <--- Save data size at offset 0x54
    ROM:FFECAACC                 ADD     LR, SP, #4
    ROM:FFECAAD0                 LDR     R0, [R2,#0xD8]
    ROM:FFECAAD4                 MOV     R1, R7
    ROM:FFECAAD8                 MOV     R12, LR
    ROM:FFECAADC
    ROM:FFECAADC loc_FFECAADC                            ; CODE XREF: sub_FFECA8CC+224j
    ROM:FFECAADC                 MOV     R3, R1,LSL#2
    ROM:FFECAAE0                 LDR     R2, [R0,R3]
    ROM:FFECAAE4                 ADD     R1, R1, #1
    ROM:FFECAAE8                 CMP     R1, #0xE
    ROM:FFECAAEC                 STR     R2, [R12,R3]
    ROM:FFECAAF0                 BLE     loc_FFECAADC
    ROM:FFECAAF4                 LDR     R3, =0x74344
    ROM:FFECAAF8                 LDR     R2, [R3]
    ROM:FFECAAFC                 LDR     R1, [R2,#0xD8]
    ROM:FFECAB00                 LDR     R3, [R1,#0x3C]
    ROM:FFECAB04                 STR     R3, [SP,#0x40]
    ROM:FFECAB08                 LDR     R12, [R1,#0x40]
    ROM:FFECAB0C                 MOV     R3, #0
    ROM:FFECAB10                 MOV     R1, LR
    ROM:FFECAB14                 MOV     R2, #0x48        <--- Size of data to add
    ROM:FFECAB18                 MOV     R0, R6
    ROM:FFECAB1C                 STR     R3, [SP,#0x48]
    ROM:FFECAB20                 STR     R12, [SP,#0x44]
    ROM:FFECAB24                 BL      sub_FFECA2F0        <--- Add data to ROMLOG
    ROM:FFECAB28                 LDR     R4, =0x7433C
    ROM:FFECAB2C                 LDR     R3, [R4]
    ROM:FFECAB30                 MOV     R1, R8
    ROM:FFECAB34                 STR     R0, [R3,#0x58]        <--- Save data size at offset 0x58
    ROM:FFECAB38                 MOV     R2, #0x80        <--- Size of data to add
    ROM:FFECAB3C                 MOV     R0, R6
    ROM:FFECAB40                 BL      sub_FFECA2F0        <--- Add data to ROMLOG
    ROM:FFECAB44                 LDR     R3, [R4]
    ROM:FFECAB48                 STR     R0, [R3,#0x5C]        <--- Save data size at offset 0x5C
    ROM:FFECAB4C                 MOV     R0, R6
    ROM:FFECAB50                 BL      sub_FFECA348        <--- Add Camera Log messages to ROMLOG
    ROM:FFECAB54                 LDR     R2, [R4]
    ROM:FFECAB58                 STR     R0, [R2,#0x60]        <--- Save data size at offset 0x60

    So you should have in your dump:
    data section starts at offset 0x74
    dump_offset=0x54 - value 0x190 - size of task context, dumped to the data section
    dump_offset=0x58 - value 0x48 - size of registers dump, dumped to the data section
    dump_offset=0x5C - value 0x80 or less, !!divisible by 4 - dumped stack size, dumped to the data section
    dump_offset=0x60 - any value, length of camera log messages, dumped to the data section

    First four bytes of ROMLOG is the size of log itself.
    So you should have:
    SIZE(from first 4 bytes)=0x74(Header)+CONTEXT_SIZE+REGS_SIZE+STACK_DMP_SIZE+CAM_LOG_SIZE

    With my log all this is true.
    But everything wrong with yours.
    Context size is Ok = 0x190.
    Regs size is weird = 0x84, but should be 0x48
    Stack dump size is weird = 0x0A, should be 0x80 or less, but should be divisible by 4!!
    Camera log size is weird = 0x0A, while you could see plaintext log at the end of the file and it is much larger

    And I don't know why...
    Disassembler does not show any reasons...

    *

    Offline fe50

    • ******
    • 3034
    • IXUS50 & 860, SX10 Star WARs-Star RAWs
      • fe50
  • Publish
    Re: VxWorks ROMLOG binary data format needed.
    « Reply #7 on: 03 / July / 2010, 13:46:53 »
    Here's one from IXUS50/SD400 1.01b
    BTW - the camera powers off directly after running the script, with lens extended, but the log file seem to be written correctly to the card...


    *

    Offline reyalp

    • ******
    • 9951
  • Publish
    Re: VxWorks ROMLOG binary data format needed.
    « Reply #8 on: 03 / July / 2010, 16:46:44 »
    Quote from: cppasm
    And I don't know why...
    Disassembler does not show any reasons...
    The code you quoted is for exception, while my log had an assert (I think).  Maybe they are different ?!?
    I'll try to have a look a bit later.

    BTW - the camera powers off directly after running the script, with lens extended, but the log file seem to be written correctly to the card...
    In most cameras (both a540 and some dryos) there's an argument to the eventproc to select shutdown after write or not, but it looks like ixus50 doesn't have this. I guess this is another difference of the "old vxworks" cameras.
    Don't forget what the H stands for.

  • Publish
    Re: VxWorks ROMLOG binary data format needed.
    « Reply #9 on: 04 / July / 2010, 05:23:12 »
    The code you quoted is for exception, while my log had an assert (I think).  Maybe they are different ?!?
    I'll try to have a look a bit later.
    Maybe you are write, I was interested in the exception log parser and maybe it does not work with the debug assert logs.
    I'll try to figure out.
    Here's one from IXUS50/SD400 1.01b
    BTW - the camera powers off directly after running the script, with lens extended, but the log file seem to be written correctly to the card...
    This is normal behavior.
    My camera shuts down too.
    Many (or all) VxWorks cameras does not have parameter whether to shutdown or not after saving romlog.
    While DryOS have those parameter.
    I wrote my own function to save romlog without shutdown.
    Just look into GetLogToFile() function to find out address of log in ROM, size is in the first 4 bytes of log.
    Then just write those data to file and that's all.

    Your ROMLOG looks fine, here is parsing result:

    Code: (dos) [Select]
    Occured Time  2009:10:27 22:14:45
    Task: tCtrlSrv

    TCB:
    Entry Point = 0xFF96BC10
    Stack Base  = 0x00261660
    Stack Limit = 0x0026066C
    Stack End   = 0x00260660

    Exc Registers:
    R0   = 0x05040302
    R1   = 0x00073059
    R2   = 0x00000001
    R3   = 0xFF972504
    R4   = 0x00073050
    R5   = 0x00000001
    R6   = 0x00000000
    R7   = 0x00000000
    R8   = 0x00073050
    R9   = 0xFF972544
    R10  = 0x00000003
    R11  = 0x00073059
    R12  = 0x00000003
    R13  = 0x00261528
    R14  = 0xFFAB57B8
    R15  = 0xFFAA2764
    CPSR = 0x20000013

    StackDump:
    0xFFAB57B8 0x00000000 0xFF9772E0 0x000D0000    .W.......r......
    0xFF9767E0 0x00000000 0x00000000 0x00010000    .g..............
    0x00005DD4 0xE1A00000 0x002C8254 0x00005DB8    .]......T.,..]..
    0x00000000 0x00005958 0x00000000 0xFF9756BC    ....XY.......V..
    0x002C29C8 0x002C8254 0x00000000 0x00000003    .),.T.,.........
    0x00000012 0x00000000 0x00120000 0x00000001    ................
    0xFF974220 0x00006578 0x00006554 0x00004808     B..xe..Te...H..
    0x00000000 0xFF999BC4 0x0000658C 0xFF99A564    .........e..d...

    CameraLog:
    00002050: DSI_DisplayShootInfo( 0x11 )
    00002070: _DecideModeDial
    00002070: No Change Capture Mode
    00004330: StrobeChargeComplete
    00005360: Window:IneffectiveLockPhysicalScreen
    00006550: Window:IneffectiveLockPhysicalScreen
    00007110: Window:IneffectiveLockPhysicalScreen
    00008320: Window:IneffectiveLockPhysicalScreen
    00008950: Window:IneffectiveLockPhysicalScreen
    00009600: Window:IneffectiveLockPhysicalScreen
    00010420: Window:IneffectiveLockPhysicalScreen
    00010810: Window:IneffectiveLockPhysicalScreen
    00012060: Window:IneffectiveLockPhysicalScreen
    00013080: Window:IneffectiveLockPhysicalScreen
    00014520: LogicalEvent:0x1056:adr:0x0,Para:0
    00014520: Window:IneffectiveLockPhysicalScreen
    00014600: _DecideModeDial
    00014600: ZoomCon_EnterCaptModeChange
    00014600: PrepareCaptureModeChange
    00014600: DSI_ControlShootInfo( 0x20, 0 )
    00014600: Window:EffectiveLockPhysicalScreen
    00014600: DSI_ControlShootInfo( 0x20, 0 )
    00014600: _DecideCaptureMode
    00014600: _StillToStill
    00014600: _StopStill
    00014600: DSI_DisplayShootInfo( 0x23 )
    00014610: _StopBlinkSelfTimerLamp
    00014610: DSI_DisplayShootInfo( 0x10 )
    00014610: LogicalEvent:0x3135:adr:0x0,Para:0
    00014620: DispSwCon_TurnOnDisplayDevice
    00014620: DispSwCon_TurnOnDisplayDevice
    00014620: DSI_ControlShootInfo( 0x5, 0 )
    00014620: DSI_ControlShootInfo( 0x5, 0 )
    00014620: CaptureModeChange
    00014630: ShootSeq::EvfMode = 0
    00014630: ShootSeq::CaptMode = 3
    00014670: SSMainStatus::SHOOTSEQ_MAIN_REC
    00014670: CompleteCaptureModeChange
    00014670: _DecideCaptureMode
    00014670: _StillToStill
    00014670: _StartStill
    00014670: LogiEvnt_NotPowerType:0x0984:adr:0x0,Para:0
    00014670: LogiEvnt_NotPowerType:0x0982:adr:0x0,Para:0
    00014670: DSI_DisplayShootInfo( 0x27 )
    00014680: DSI_ControlShootInfo( 0x0, 0 )
    00014680: DispSwCon_TurnOnDisplayDevice
    00014690: DSI_ControlShootInfo( 0x0, 0 )
    00014690: DSI_DisplayShootInfo( 0x12 )
    00014700: DSI_DisplayShootInfo( 0x2d )
    00014700: StrobeModeChanged
    00014700: DSI_ControlShootInfo( 0x21, 0 )
    00014770: Window:IneffectiveLockPhysicalScreen
    00014770: DSI_ControlShootInfo( 0x21, 0 )
    00014770: _MuteOffStitch
    00014770: TerminateDeliverToZoomController
    00014770: DSI_DisplayShootInfo( 0x20 )
    00014780: STARTUP_OPTICAL_ZOOM_MIN_POSITION
    00014780: UnpressZoomLever
    00014780: LogicalEvent:0x313d:adr:0x0,Para:0
    00014790: _DecideModeDial
    00014850: StrobeChargeComplete
    00015950: Window:IneffectiveLockPhysicalScreen
    00016220: Window:IneffectiveLockPhysicalScreen
    00016730: Window:IneffectiveLockPhysicalScreen
    00017220: Window:IneffectiveLockPhysicalScreen
    00018440: LogicalEvent:0x1052:adr:0x0,Para:0
    00018440: Window:IneffectiveLockPhysicalScreen
    00018530: _DecideModeDial
    00018530: ZoomCon_EnterCaptModeChange
    00018530: PrepareCaptureModeChange
    00018530: DSI_ControlShootInfo( 0x20, 0 )
    00018530: Window:EffectiveLockPhysicalScreen
    00018530: DSI_ControlShootInfo( 0x20, 0 )

     

    Related Topics