How to debug a 8051 MCU via JTAG

[TRN]

I have an embedded system with a 8051 MCU, and I would like to single step the program with a debugger.
The MCU in question is a uSPD3354DV MCU, and I was able to dump the flash memory via JTAG.
So I now have a couple of intel HEX files, but I do not have the source code of the program which I want to debug.

I used PSDSoft express to dump the flash memory, but this program does not have debugging capabilities.

How can I debug the program running on the MCU, without the source code?

For instance Keil uvision, and also Raisonance Ride 7, as far as I can see require that you have the source code in order to debug the program on the MCU.

[PCB.Wiz]

Do those old parts support JTAG debug ?  Weren't they OTP only ?

How can I debug the program running on the MCU, without the source code?
For instance Keil uvision, and also Raisonance Ride 7, as far as I can see require that you have the source code in order to debug the program on the MCU.

Many modern debug systems are fine to step/break without source, you just get the dis-assembly window active.

Of course, what you still lack is edit and rebuild.

What changes do you hope to make here ?

You can use most dis-assemblers to get a basic assembler source, with fixed address.
That may be enough for table/const changes.

If you want to edit/rebuild eg adding lines of code. you need better dis-assemblers to create symbolic address, and more manual checking time.

[pcprogrammer]

I have an embedded system with a 8051 MCU, and I would like to single step the program with a debugger.
The MCU in question is a uSPD3354DV MCU, and I was able to dump the flash memory via JTAG.

Are you sure about this device name? Google does not give results for it as being an 8051 based MCU.

I did find something from STMicroelectronics. The UPSD3354DV is an 8032 based MCU. Can't remember the differences between 8051 and 8032, but I used quite some 8051 based MCU's and never had the ability to debug them with a JTAG based interface. But this was over 30 years ago. The datasheet of the UPSD3354DV does mention JTAG debugging and programming, so with that one it should be possible.

It might have support in openocd and with gdb it should be possible to do single stepping if the MCU supports it like that. Not an easy task because gdb is command line based and you need to look up the commands for it.

But yes first job is to disassemble the code you retrieved. Ghidra can be very helpful here.

[GromBeestje]

As far as I know there is no MCS-51 support in OpenOCD. Debugging MCS-51 based MCUs is trickier then our modern microcontrollers as the debugging isn't standard and thus a custom proprietary addition, not always documented.

I know Cypress made a gdb for MCS-51. Patches to gdb used to be available on the Cypress website. As Infineon took over Cypress I suppose it should be on their website these days.

[TRN]

I have an embedded system with a 8051 MCU, and I would like to single step the program with a debugger.
The MCU in question is a uSPD3354DV MCU, and I was able to dump the flash memory via JTAG.

Are you sure about this device name? Google does not give results for it as being an 8051 based MCU.

I did find something from STMicroelectronics. The UPSD3354DV is an 8032 based MCU. Can't remember the differences between 8051 and 8032, but I used quite some 8051 based MCU's and never had the ability to debug them with a JTAG based interface. But this was over 30 years ago. The datasheet of the UPSD3354DV does mention JTAG debugging and programming, so with that one it should be possible.

It might have support in openocd and with gdb it should be possible to do single stepping if the MCU supports it like that. Not an easy task because gdb is command line based and you need to look up the commands for it.

But yes first job is to disassemble the code you retrieved. Ghidra can be very helpful here.

This MCU die has a 8032 core, a programmable system device (PSD) & two independent banks of Flash memory, and has JTAG capability. the architecture is identical to the 8051.
I actually managed to run the debugger with Keil uVision, by creating a dummy project file. I can now reset the MCU, but seem to have a problem with stepping through the code starting from :0000 , I also don't know how to save the assembly code which is visible in the assembly view window

[TRN]

Do those old parts support JTAG debug ?  Weren't they OTP only ?

How can I debug the program running on the MCU, without the source code?
For instance Keil uvision, and also Raisonance Ride 7, as far as I can see require that you have the source code in order to debug the program on the MCU.

Many modern debug systems are fine to step/break without source, you just get the dis-assembly window active.

Of course, what you still lack is edit and rebuild.

What changes do you hope to make here ?

You can use most dis-assemblers to get a basic assembler source, with fixed address.
That may be enough for table/const changes.

If you want to edit/rebuild eg adding lines of code. you need better dis-assemblers to create symbolic address, and more manual checking time.

The MCU in question belongs to a HM8123 frequency counter, and I am trying to help out a friend who wants to upgrade his unit to the latest FW, which is 5.12. He has an older unit, with FW 2.10 installed. His unit also has an older type LCD installed
These LCD's have a different Bias setting than the newer LCD's. I sent him my FW memory dump, but when he downloads this to his unit, the LCD contrast is maxed out, and he is looking at a black screen.
In order for V5.10 to work on his unit the LCD bias value has to be adapted in the FW. So this it what I am trying to achieve

[pcprogrammer]

The MCU in question belongs to a HM8123 frequency counter, and I am trying to help out a friend who wants to upgrade his unit to the latest FW, which is 5.12. He has an older unit, with FW 2.10 installed. His unit also has an older type LCD installed
These LCD's have a different Bias setting than the newer LCD's. I sent him my FW memory dump, but when he downloads this to his unit, the LCD contrast is maxed out, and he is looking at a black screen.
In order for V5.10 to work on his unit the LCD bias value has to be adapted in the FW. So this it what I am trying to achieve

In this case it is best to disassemble to code and search for code that addresses the hardware for the display. I know, is easier said then done, but how much actual code is there?

Ghidra supports 8051, but the enhancements and memory setup in the device may make it more of a chore.

Another option could be searching for a simulator, or even write one yourself if you can.

Attached is what I wrote way back for testing things I did with 8051 based MCU's. Windows 2000 eara, but the processor core code is in a separate C file.

[TRN]

The MCU in question belongs to a HM8123 frequency counter, and I am trying to help out a friend who wants to upgrade his unit to the latest FW, which is 5.12. He has an older unit, with FW 2.10 installed. His unit also has an older type LCD installed
These LCD's have a different Bias setting than the newer LCD's. I sent him my FW memory dump, but when he downloads this to his unit, the LCD contrast is maxed out, and he is looking at a black screen.
In order for V5.10 to work on his unit the LCD bias value has to be adapted in the FW. So this it what I am trying to achieve

In this case it is best to disassemble to code and search for code that addresses the hardware for the display. I know, is easier said then done, but how much actual code is there?

Ghidra supports 8051, but the enhancements and memory setup in the device may make it more of a chore.

Another option could be searching for a simulator, or even write one yourself if you can.

Attached is what I wrote way back for testing things I did with 8051 based MCU's. Windows 2000 eara, but the processor core code is in a separate C file.

Thanks for the 8051 simulator with source code, this is much appreciated, and I will see if this will help me with my endeavor.
Writing my own simulator is unfortunately out reach for me, because I don't have the skills.
 

[PCB.Wiz]

Thanks for the 8051 simulator with source code, this is much appreciated, and I will see if this will help me with my endeavor.
Writing my own simulator is unfortunately out reach for me, because I don't have the skills.

Other 8051 simulators are

https://www.rathlev-home.de/mc/mctools-e.html
http://www.edsim51.com/

and things like this can be useful too
https://github.com/msrst/interactive-8051-disassembler

[TRN]

Thanks for the 8051 simulator with source code, this is much appreciated, and I will see if this will help me with my endeavor.
Writing my own simulator is unfortunately out reach for me, because I don't have the skills.

Other 8051 simulators are

https://www.rathlev-home.de/mc/mctools-e.html
http://www.edsim51.com/

and things like this can be useful too
https://github.com/msrst/interactive-8051-disassembler

Thanks, this is much appreciated