1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * Copyright (C) 2009 David Brownell *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
32 #include "breakpoints.h"
33 #include "arm11_dbgtap.h"
34 #include "arm_simulator.h"
35 #include <helper/time_support.h>
36 #include "target_type.h"
37 #include "algorithm.h"
39 #include "arm_opcodes.h"
43 #define _DEBUG_INSTRUCTION_EXECUTION_
47 static int arm11_step(struct target
*target
, int current
,
48 uint32_t address
, int handle_breakpoints
);
51 /** Check and if necessary take control of the system
53 * \param arm11 Target state variable.
55 static int arm11_check_init(struct arm11_common
*arm11
)
57 CHECK_RETVAL(arm11_read_DSCR(arm11
));
59 if (!(arm11
->dscr
& DSCR_HALT_DBG_MODE
))
61 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
62 LOG_DEBUG("Bringing target into debug mode");
64 arm11
->dscr
|= DSCR_HALT_DBG_MODE
;
65 arm11_write_DSCR(arm11
, arm11
->dscr
);
67 /* add further reset initialization here */
69 arm11
->simulate_reset_on_next_halt
= true;
71 if (arm11
->dscr
& DSCR_CORE_HALTED
)
73 /** \todo TODO: this needs further scrutiny because
74 * arm11_debug_entry() never gets called. (WHY NOT?)
75 * As a result we don't read the actual register states from
79 arm11
->arm
.target
->state
= TARGET_HALTED
;
80 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
84 arm11
->arm
.target
->state
= TARGET_RUNNING
;
85 arm11
->arm
.target
->debug_reason
= DBG_REASON_NOTHALTED
;
88 arm11_sc7_clear_vbw(arm11
);
95 * Save processor state. This is called after a HALT instruction
96 * succeeds, and on other occasions the processor enters debug mode
97 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
99 static int arm11_debug_entry(struct arm11_common
*arm11
)
103 arm11
->arm
.target
->state
= TARGET_HALTED
;
104 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
106 /* REVISIT entire cache should already be invalid !!! */
107 register_cache_invalidate(arm11
->arm
.core_cache
);
109 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
111 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
112 arm11
->is_wdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_TX_FULL
);
113 if (arm11
->is_wdtr_saved
)
115 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
117 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
119 struct scan_field chain5_fields
[3];
121 arm11_setup_field(arm11
, 32, NULL
,
122 &arm11
->saved_wdtr
, chain5_fields
+ 0);
123 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 1);
124 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 2);
126 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
130 /* DSCR: set the Execute ARM instruction enable bit.
132 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
133 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
134 * for executing instructions via ITR.
136 arm11_write_DSCR(arm11
, DSCR_ITR_EN
| arm11
->dscr
);
140 Before executing any instruction in debug state you have to drain the write buffer.
141 This ensures that no imprecise Data Aborts can return at a later point:*/
143 /** \todo TODO: Test drain write buffer. */
148 /* MRC p14,0,R0,c5,c10,0 */
149 // arm11_run_instr_no_data1(arm11, /*0xee150e1a*/0xe320f000);
151 /* mcr 15, 0, r0, cr7, cr10, {4} */
152 arm11_run_instr_no_data1(arm11
, 0xee070f9a);
154 uint32_t dscr
= arm11_read_DSCR(arm11
);
156 LOG_DEBUG("DRAIN, DSCR %08x", dscr
);
158 if (dscr
& ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT
)
160 arm11_run_instr_no_data1(arm11
, 0xe320f000);
162 dscr
= arm11_read_DSCR(arm11
);
164 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr
);
173 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
174 * CPSR and PC after the rDTR stuff. We do it all at once.
176 retval
= arm_dpm_read_current_registers(&arm11
->dpm
);
177 if (retval
!= ERROR_OK
)
178 LOG_ERROR("DPM REG READ -- fail %d", retval
);
180 retval
= arm11_run_instr_data_prepare(arm11
);
181 if (retval
!= ERROR_OK
)
184 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
185 arm11
->is_rdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_RX_FULL
);
186 if (arm11
->is_rdtr_saved
)
188 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
189 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
190 0xEE100E15, &arm11
->saved_rdtr
);
191 if (retval
!= ERROR_OK
)
195 /* REVISIT Now that we've saved core state, there's may also
196 * be MMU and cache state to care about ...
199 if (arm11
->simulate_reset_on_next_halt
)
201 arm11
->simulate_reset_on_next_halt
= false;
203 LOG_DEBUG("Reset c1 Control Register");
205 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
207 /* MCR p15,0,R0,c1,c0,0 */
208 retval
= arm11_run_instr_data_to_core_via_r0(arm11
, 0xee010f10, 0);
209 if (retval
!= ERROR_OK
)
214 if (arm11
->arm
.target
->debug_reason
== DBG_REASON_WATCHPOINT
) {
217 /* MRC p15, 0, <Rd>, c6, c0, 1 ; Read WFAR */
218 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
219 ARMV4_5_MRC(15, 0, 0, 6, 0, 1),
221 if (retval
!= ERROR_OK
)
223 arm_dpm_report_wfar(arm11
->arm
.dpm
, wfar
);
227 retval
= arm11_run_instr_data_finish(arm11
);
228 if (retval
!= ERROR_OK
)
235 * Restore processor state. This is called in preparation for
236 * the RESTART function.
238 static int arm11_leave_debug_state(struct arm11_common
*arm11
, bool bpwp
)
242 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
244 /* NOTE: the ARM1136 TRM suggests restoring all registers
245 * except R0/PC/CPSR right now. Instead, we do them all
246 * at once, just a bit later on.
249 /* REVISIT once we start caring about MMU and cache state,
250 * address it here ...
253 /* spec says clear wDTR and rDTR; we assume they are clear as
254 otherwise our programming would be sloppy */
256 CHECK_RETVAL(arm11_read_DSCR(arm11
));
258 if (arm11
->dscr
& (DSCR_DTR_RX_FULL
| DSCR_DTR_TX_FULL
))
261 The wDTR/rDTR two registers that are used to send/receive data to/from
262 the core in tandem with corresponding instruction codes that are
263 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
264 registers hold data that was written by one side (CPU or JTAG) and not
265 read out by the other side.
267 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
268 (unsigned) arm11
->dscr
);
273 /* maybe restore original wDTR */
274 if (arm11
->is_wdtr_saved
)
276 retval
= arm11_run_instr_data_prepare(arm11
);
277 if (retval
!= ERROR_OK
)
280 /* MCR p14,0,R0,c0,c5,0 */
281 retval
= arm11_run_instr_data_to_core_via_r0(arm11
,
282 0xee000e15, arm11
->saved_wdtr
);
283 if (retval
!= ERROR_OK
)
286 retval
= arm11_run_instr_data_finish(arm11
);
287 if (retval
!= ERROR_OK
)
291 /* restore CPSR, PC, and R0 ... after flushing any modified
294 retval
= arm_dpm_write_dirty_registers(&arm11
->dpm
, bpwp
);
296 retval
= arm11_bpwp_flush(arm11
);
298 register_cache_invalidate(arm11
->arm
.core_cache
);
301 arm11_write_DSCR(arm11
, arm11
->dscr
);
303 /* maybe restore rDTR */
304 if (arm11
->is_rdtr_saved
)
306 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
308 arm11_add_IR(arm11
, ARM11_EXTEST
, ARM11_TAP_DEFAULT
);
310 struct scan_field chain5_fields
[3];
312 uint8_t Ready
= 0; /* ignored */
313 uint8_t Valid
= 0; /* ignored */
315 arm11_setup_field(arm11
, 32, &arm11
->saved_rdtr
,
316 NULL
, chain5_fields
+ 0);
317 arm11_setup_field(arm11
, 1, &Ready
, NULL
, chain5_fields
+ 1);
318 arm11_setup_field(arm11
, 1, &Valid
, NULL
, chain5_fields
+ 2);
320 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
323 /* now processor is ready to RESTART */
328 /* poll current target status */
329 static int arm11_poll(struct target
*target
)
332 struct arm11_common
*arm11
= target_to_arm11(target
);
334 CHECK_RETVAL(arm11_check_init(arm11
));
336 if (arm11
->dscr
& DSCR_CORE_HALTED
)
338 if (target
->state
!= TARGET_HALTED
)
340 enum target_state old_state
= target
->state
;
342 LOG_DEBUG("enter TARGET_HALTED");
343 retval
= arm11_debug_entry(arm11
);
344 if (retval
!= ERROR_OK
)
347 target_call_event_callbacks(target
,
348 (old_state
== TARGET_DEBUG_RUNNING
)
349 ? TARGET_EVENT_DEBUG_HALTED
350 : TARGET_EVENT_HALTED
);
355 if (target
->state
!= TARGET_RUNNING
&& target
->state
!= TARGET_DEBUG_RUNNING
)
357 LOG_DEBUG("enter TARGET_RUNNING");
358 target
->state
= TARGET_RUNNING
;
359 target
->debug_reason
= DBG_REASON_NOTHALTED
;
365 /* architecture specific status reply */
366 static int arm11_arch_state(struct target
*target
)
368 struct arm11_common
*arm11
= target_to_arm11(target
);
371 retval
= arm_arch_state(target
);
373 /* REVISIT also display ARM11-specific MMU and cache status ... */
375 if (target
->debug_reason
== DBG_REASON_WATCHPOINT
)
376 LOG_USER("Watchpoint triggered at PC %#08x",
377 (unsigned) arm11
->dpm
.wp_pc
);
382 /* target request support */
383 static int arm11_target_request_data(struct target
*target
,
384 uint32_t size
, uint8_t *buffer
)
386 LOG_WARNING("Not implemented: %s", __func__
);
391 /* target execution control */
392 static int arm11_halt(struct target
*target
)
394 struct arm11_common
*arm11
= target_to_arm11(target
);
396 LOG_DEBUG("target->state: %s",
397 target_state_name(target
));
399 if (target
->state
== TARGET_UNKNOWN
)
401 arm11
->simulate_reset_on_next_halt
= true;
404 if (target
->state
== TARGET_HALTED
)
406 LOG_DEBUG("target was already halted");
410 arm11_add_IR(arm11
, ARM11_HALT
, TAP_IDLE
);
412 CHECK_RETVAL(jtag_execute_queue());
418 CHECK_RETVAL(arm11_read_DSCR(arm11
));
420 if (arm11
->dscr
& DSCR_CORE_HALTED
)
431 if ((timeval_ms()-then
) > 1000)
433 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
440 enum target_state old_state
= target
->state
;
442 arm11_debug_entry(arm11
);
445 target_call_event_callbacks(target
,
446 old_state
== TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
));
452 arm11_nextpc(struct arm11_common
*arm11
, int current
, uint32_t address
)
454 void *value
= arm11
->arm
.pc
->value
;
457 buf_set_u32(value
, 0, 32, address
);
459 address
= buf_get_u32(value
, 0, 32);
464 static int arm11_resume(struct target
*target
, int current
,
465 uint32_t address
, int handle_breakpoints
, int debug_execution
)
467 // LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d",
468 // current, address, handle_breakpoints, debug_execution);
470 struct arm11_common
*arm11
= target_to_arm11(target
);
472 LOG_DEBUG("target->state: %s",
473 target_state_name(target
));
476 if (target
->state
!= TARGET_HALTED
)
478 LOG_ERROR("Target not halted");
479 return ERROR_TARGET_NOT_HALTED
;
482 address
= arm11_nextpc(arm11
, current
, address
);
484 LOG_DEBUG("RESUME PC %08" PRIx32
"%s", address
, !current
? "!" : "");
486 /* clear breakpoints/watchpoints and VCR*/
487 arm11_sc7_clear_vbw(arm11
);
489 if (!debug_execution
)
490 target_free_all_working_areas(target
);
492 /* Should we skip over breakpoints matching the PC? */
493 if (handle_breakpoints
) {
494 struct breakpoint
*bp
;
496 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
498 if (bp
->address
== address
)
500 LOG_DEBUG("must step over %08" PRIx32
"", bp
->address
);
501 arm11_step(target
, 1, 0, 0);
507 /* activate all breakpoints */
509 struct breakpoint
*bp
;
510 unsigned brp_num
= 0;
512 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
514 struct arm11_sc7_action brp
[2];
517 brp
[0].address
= ARM11_SC7_BVR0
+ brp_num
;
518 brp
[0].value
= bp
->address
;
520 brp
[1].address
= ARM11_SC7_BCR0
+ brp_num
;
521 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
523 arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
));
525 LOG_DEBUG("Add BP %d at %08" PRIx32
, brp_num
,
532 arm11_sc7_set_vcr(arm11
, arm11
->vcr
);
535 /* activate all watchpoints and breakpoints */
536 arm11_leave_debug_state(arm11
, true);
538 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
540 CHECK_RETVAL(jtag_execute_queue());
545 CHECK_RETVAL(arm11_read_DSCR(arm11
));
547 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
549 if (arm11
->dscr
& DSCR_CORE_RESTARTED
)
560 if ((timeval_ms()-then
) > 1000)
562 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
569 target
->debug_reason
= DBG_REASON_NOTHALTED
;
570 if (!debug_execution
)
571 target
->state
= TARGET_RUNNING
;
573 target
->state
= TARGET_DEBUG_RUNNING
;
574 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
));
579 static int arm11_step(struct target
*target
, int current
,
580 uint32_t address
, int handle_breakpoints
)
582 LOG_DEBUG("target->state: %s",
583 target_state_name(target
));
585 if (target
->state
!= TARGET_HALTED
)
587 LOG_WARNING("target was not halted");
588 return ERROR_TARGET_NOT_HALTED
;
591 struct arm11_common
*arm11
= target_to_arm11(target
);
593 address
= arm11_nextpc(arm11
, current
, address
);
595 LOG_DEBUG("STEP PC %08" PRIx32
"%s", address
, !current
? "!" : "");
598 /** \todo TODO: Thumb not supported here */
600 uint32_t next_instruction
;
602 CHECK_RETVAL(arm11_read_memory_word(arm11
, address
, &next_instruction
));
605 if ((next_instruction
& 0xFFF00070) == 0xe1200070)
607 address
= arm11_nextpc(arm11
, 0, address
+ 4);
608 LOG_DEBUG("Skipping BKPT");
610 /* skip over Wait for interrupt / Standby */
611 /* mcr 15, 0, r?, cr7, cr0, {4} */
612 else if ((next_instruction
& 0xFFFF0FFF) == 0xee070f90)
614 address
= arm11_nextpc(arm11
, 0, address
+ 4);
615 LOG_DEBUG("Skipping WFI");
617 /* ignore B to self */
618 else if ((next_instruction
& 0xFEFFFFFF) == 0xeafffffe)
620 LOG_DEBUG("Not stepping jump to self");
624 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
627 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
628 * the VCR might be something worth looking into. */
631 /* Set up breakpoint for stepping */
633 struct arm11_sc7_action brp
[2];
636 brp
[0].address
= ARM11_SC7_BVR0
;
638 brp
[1].address
= ARM11_SC7_BCR0
;
640 if (arm11
->hardware_step
)
642 /* Hardware single stepping ("instruction address
643 * mismatch") is used if enabled. It's not quite
644 * exactly "run one instruction"; "branch to here"
645 * loops won't break, neither will some other cases,
646 * but it's probably the best default.
648 * Hardware single stepping isn't supported on v6
649 * debug modules. ARM1176 and v7 can support it...
651 * FIXME Thumb stepping likely needs to use 0x03
652 * or 0xc0 byte masks, not 0x0f.
654 brp
[0].value
= address
;
655 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
656 | (0 << 14) | (0 << 16) | (0 << 20)
660 /* Sets a breakpoint on the next PC, as calculated
661 * by instruction set simulation.
663 * REVISIT stepping Thumb on ARM1156 requires Thumb2
664 * support from the simulator.
669 retval
= arm_simulate_step(target
, &next_pc
);
670 if (retval
!= ERROR_OK
)
673 brp
[0].value
= next_pc
;
674 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
675 | (0 << 14) | (0 << 16) | (0 << 20)
679 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
684 if (arm11
->step_irq_enable
)
685 /* this disable should be redundant ... */
686 arm11
->dscr
&= ~DSCR_INT_DIS
;
688 arm11
->dscr
|= DSCR_INT_DIS
;
691 CHECK_RETVAL(arm11_leave_debug_state(arm11
, handle_breakpoints
));
693 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
695 CHECK_RETVAL(jtag_execute_queue());
702 const uint32_t mask
= DSCR_CORE_RESTARTED
705 CHECK_RETVAL(arm11_read_DSCR(arm11
));
706 LOG_DEBUG("DSCR %08x e", (unsigned) arm11
->dscr
);
708 if ((arm11
->dscr
& mask
) == mask
)
718 if ((timeval_ms()-then
) > 1000)
720 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
727 /* clear breakpoint */
728 arm11_sc7_clear_vbw(arm11
);
731 CHECK_RETVAL(arm11_debug_entry(arm11
));
733 /* restore default state */
734 arm11
->dscr
&= ~DSCR_INT_DIS
;
738 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
740 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_HALTED
));
745 static int arm11_assert_reset(struct target
*target
)
747 struct arm11_common
*arm11
= target_to_arm11(target
);
749 /* optionally catch reset vector */
750 if (target
->reset_halt
&& !(arm11
->vcr
& 1))
751 arm11_sc7_set_vcr(arm11
, arm11
->vcr
| 1);
753 /* Issue some kind of warm reset. */
754 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
)) {
755 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
756 } else if (jtag_get_reset_config() & RESET_HAS_SRST
) {
757 /* REVISIT handle "pulls" cases, if there's
758 * hardware that needs them to work.
760 jtag_add_reset(0, 1);
762 LOG_ERROR("%s: how to reset?", target_name(target
));
766 /* registers are now invalid */
767 register_cache_invalidate(arm11
->arm
.core_cache
);
769 target
->state
= TARGET_RESET
;
775 * - There is another bug in the arm11 core. (iMX31 specific again?)
776 * When you generate an access to external logic (for example DDR
777 * controller via AHB bus) and that block is not configured (perhaps
778 * it is still held in reset), that transaction will never complete.
779 * This will hang arm11 core but it will also hang JTAG controller.
780 * Nothing short of srst assertion will bring it out of this.
783 static int arm11_deassert_reset(struct target
*target
)
785 struct arm11_common
*arm11
= target_to_arm11(target
);
788 /* be certain SRST is off */
789 jtag_add_reset(0, 0);
791 /* WORKAROUND i.MX31 problems: SRST goofs the TAP, and resets
792 * at least DSCR. OMAP24xx doesn't show that problem, though
793 * SRST-only reset seems to be problematic for other reasons.
794 * (Secure boot sequences being one likelihood!)
798 retval
= arm11_poll(target
);
800 if (target
->reset_halt
) {
801 if (target
->state
!= TARGET_HALTED
) {
802 LOG_WARNING("%s: ran after reset and before halt ...",
803 target_name(target
));
804 if ((retval
= target_halt(target
)) != ERROR_OK
)
809 /* maybe restore vector catch config */
810 if (target
->reset_halt
&& !(arm11
->vcr
& 1))
811 arm11_sc7_set_vcr(arm11
, arm11
->vcr
);
816 static int arm11_soft_reset_halt(struct target
*target
)
818 LOG_WARNING("Not implemented: %s", __func__
);
823 /* target memory access
824 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
825 * count: number of items of <size>
827 * arm11_config_memrw_no_increment - in the future we may want to be able
828 * to read/write a range of data to a "port". a "port" is an action on
829 * read memory address for some peripheral.
831 static int arm11_read_memory_inner(struct target
*target
,
832 uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
,
833 bool arm11_config_memrw_no_increment
)
835 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment problems */
838 if (target
->state
!= TARGET_HALTED
)
840 LOG_WARNING("target was not halted");
841 return ERROR_TARGET_NOT_HALTED
;
844 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
846 struct arm11_common
*arm11
= target_to_arm11(target
);
848 retval
= arm11_run_instr_data_prepare(arm11
);
849 if (retval
!= ERROR_OK
)
852 /* MRC p14,0,r0,c0,c5,0 */
853 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
854 if (retval
!= ERROR_OK
)
860 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
862 for (size_t i
= 0; i
< count
; i
++)
864 /* ldrb r1, [r0], #1 */
866 arm11_run_instr_no_data1(arm11
,
867 !arm11_config_memrw_no_increment
? 0xe4d01001 : 0xe5d01000);
870 /* MCR p14,0,R1,c0,c5,0 */
871 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
880 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
882 for (size_t i
= 0; i
< count
; i
++)
884 /* ldrh r1, [r0], #2 */
885 arm11_run_instr_no_data1(arm11
,
886 !arm11_config_memrw_no_increment
? 0xe0d010b2 : 0xe1d010b0);
890 /* MCR p14,0,R1,c0,c5,0 */
891 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
893 uint16_t svalue
= res
;
894 memcpy(buffer
+ i
* sizeof(uint16_t), &svalue
, sizeof(uint16_t));
902 uint32_t instr
= !arm11_config_memrw_no_increment
? 0xecb05e01 : 0xed905e00;
903 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
904 uint32_t *words
= (uint32_t *)buffer
;
906 /* LDC p14,c5,[R0],#4 */
907 /* LDC p14,c5,[R0] */
908 arm11_run_instr_data_from_core(arm11
, instr
, words
, count
);
913 return arm11_run_instr_data_finish(arm11
);
916 static int arm11_read_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
918 return arm11_read_memory_inner(target
, address
, size
, count
, buffer
, false);
922 * no_increment - in the future we may want to be able
923 * to read/write a range of data to a "port". a "port" is an action on
924 * read memory address for some peripheral.
926 static int arm11_write_memory_inner(struct target
*target
,
927 uint32_t address
, uint32_t size
,
928 uint32_t count
, uint8_t *buffer
,
933 if (target
->state
!= TARGET_HALTED
)
935 LOG_WARNING("target was not halted");
936 return ERROR_TARGET_NOT_HALTED
;
939 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
941 struct arm11_common
*arm11
= target_to_arm11(target
);
943 retval
= arm11_run_instr_data_prepare(arm11
);
944 if (retval
!= ERROR_OK
)
947 /* load r0 with buffer address */
948 /* MRC p14,0,r0,c0,c5,0 */
949 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
950 if (retval
!= ERROR_OK
)
953 /* burst writes are not used for single words as those may well be
954 * reset init script writes.
956 * The other advantage is that as burst writes are default, we'll
957 * now exercise both burst and non-burst code paths with the
958 * default settings, increasing code coverage.
960 bool burst
= arm11
->memwrite_burst
&& (count
> 1);
966 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
968 for (size_t i
= 0; i
< count
; i
++)
970 /* load r1 from DCC with byte data */
971 /* MRC p14,0,r1,c0,c5,0 */
972 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, *buffer
++);
973 if (retval
!= ERROR_OK
)
976 /* write r1 to memory */
977 /* strb r1, [r0], #1 */
979 retval
= arm11_run_instr_no_data1(arm11
,
983 if (retval
!= ERROR_OK
)
992 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
994 for (size_t i
= 0; i
< count
; i
++)
997 memcpy(&value
, buffer
+ i
* sizeof(uint16_t), sizeof(uint16_t));
999 /* load r1 from DCC with halfword data */
1000 /* MRC p14,0,r1,c0,c5,0 */
1001 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, value
);
1002 if (retval
!= ERROR_OK
)
1005 /* write r1 to memory */
1006 /* strh r1, [r0], #2 */
1008 retval
= arm11_run_instr_no_data1(arm11
,
1012 if (retval
!= ERROR_OK
)
1020 /* stream word data through DCC directly to memory */
1021 /* increment: STC p14,c5,[R0],#4 */
1022 /* no increment: STC p14,c5,[R0]*/
1023 uint32_t instr
= !no_increment
? 0xeca05e01 : 0xed805e00;
1025 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
1026 uint32_t *words
= (uint32_t*)buffer
;
1028 /* "burst" here just means trusting each instruction executes
1029 * fully before we run the next one: per-word roundtrips, to
1030 * check the Ready flag, are not used.
1033 retval
= arm11_run_instr_data_to_core(arm11
,
1034 instr
, words
, count
);
1036 retval
= arm11_run_instr_data_to_core_noack(arm11
,
1037 instr
, words
, count
);
1038 if (retval
!= ERROR_OK
)
1045 /* r0 verification */
1050 /* MCR p14,0,R0,c0,c5,0 */
1051 retval
= arm11_run_instr_data_from_core(arm11
, 0xEE000E15, &r0
, 1);
1052 if (retval
!= ERROR_OK
)
1055 if (address
+ size
* count
!= r0
)
1057 LOG_ERROR("Data transfer failed. Expected end "
1058 "address 0x%08x, got 0x%08x",
1059 (unsigned) (address
+ size
* count
),
1063 LOG_ERROR("use 'arm11 memwrite burst disable' to disable fast burst mode");
1065 if (arm11
->memwrite_error_fatal
)
1070 return arm11_run_instr_data_finish(arm11
);
1073 static int arm11_write_memory(struct target
*target
,
1074 uint32_t address
, uint32_t size
,
1075 uint32_t count
, uint8_t *buffer
)
1077 /* pointer increment matters only for multi-unit writes ...
1078 * not e.g. to a "reset the chip" controller.
1080 return arm11_write_memory_inner(target
, address
, size
,
1081 count
, buffer
, count
== 1);
1084 /* write target memory in multiples of 4 byte, optimized for writing large quantities of data */
1085 static int arm11_bulk_write_memory(struct target
*target
,
1086 uint32_t address
, uint32_t count
, uint8_t *buffer
)
1088 if (target
->state
!= TARGET_HALTED
)
1090 LOG_WARNING("target was not halted");
1091 return ERROR_TARGET_NOT_HALTED
;
1094 return arm11_write_memory(target
, address
, 4, count
, buffer
);
1097 /* target break-/watchpoint control
1098 * rw: 0 = write, 1 = read, 2 = access
1100 static int arm11_add_breakpoint(struct target
*target
,
1101 struct breakpoint
*breakpoint
)
1103 struct arm11_common
*arm11
= target_to_arm11(target
);
1106 if (breakpoint
->type
== BKPT_SOFT
)
1108 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1109 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1113 if (!arm11
->free_brps
)
1115 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1116 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1119 if (breakpoint
->length
!= 4)
1121 LOG_DEBUG("only breakpoints of four bytes length supported");
1122 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1130 static int arm11_remove_breakpoint(struct target
*target
,
1131 struct breakpoint
*breakpoint
)
1133 struct arm11_common
*arm11
= target_to_arm11(target
);
1140 static int arm11_target_create(struct target
*target
, Jim_Interp
*interp
)
1142 struct arm11_common
*arm11
;
1144 if (target
->tap
== NULL
)
1147 if (target
->tap
->ir_length
!= 5)
1149 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1150 return ERROR_COMMAND_SYNTAX_ERROR
;
1153 arm11
= calloc(1, sizeof *arm11
);
1157 arm_init_arch_info(target
, &arm11
->arm
);
1159 arm11
->jtag_info
.tap
= target
->tap
;
1160 arm11
->jtag_info
.scann_size
= 5;
1161 arm11
->jtag_info
.scann_instr
= ARM11_SCAN_N
;
1162 arm11
->jtag_info
.cur_scan_chain
= ~0; /* invalid/unknown */
1163 arm11
->jtag_info
.intest_instr
= ARM11_INTEST
;
1165 arm11
->memwrite_burst
= true;
1166 arm11
->memwrite_error_fatal
= true;
1171 static int arm11_init_target(struct command_context
*cmd_ctx
,
1172 struct target
*target
)
1174 /* Initialize anything we can set up without talking to the target */
1178 /* talk to the target and set things up */
1179 static int arm11_examine(struct target
*target
)
1183 struct arm11_common
*arm11
= target_to_arm11(target
);
1184 uint32_t didr
, device_id
;
1185 uint8_t implementor
;
1187 /* FIXME split into do-first-time and do-every-time logic ... */
1191 arm11_add_IR(arm11
, ARM11_IDCODE
, ARM11_TAP_DEFAULT
);
1193 struct scan_field idcode_field
;
1195 arm11_setup_field(arm11
, 32, NULL
, &device_id
, &idcode_field
);
1197 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, 1, &idcode_field
, TAP_DRPAUSE
);
1201 arm11_add_debug_SCAN_N(arm11
, 0x00, ARM11_TAP_DEFAULT
);
1203 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
1205 struct scan_field chain0_fields
[2];
1207 arm11_setup_field(arm11
, 32, NULL
, &didr
, chain0_fields
+ 0);
1208 arm11_setup_field(arm11
, 8, NULL
, &implementor
, chain0_fields
+ 1);
1210 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(chain0_fields
), chain0_fields
, TAP_IDLE
);
1212 CHECK_RETVAL(jtag_execute_queue());
1214 /* assume the manufacturer id is ok; check the part # */
1215 switch ((device_id
>> 12) & 0xFFFF)
1221 type
= "ARM11 MPCore";
1227 arm11
->arm
.core_type
= ARM_MODE_MON
;
1228 /* NOTE: could default arm11->hardware_step to true */
1232 LOG_ERROR("unexpected ARM11 ID code");
1235 LOG_INFO("found %s", type
);
1237 /* unlikely this could ever fail, but ... */
1238 switch ((didr
>> 16) & 0x0F) {
1239 case ARM11_DEBUG_V6
:
1240 case ARM11_DEBUG_V61
: /* supports security extensions */
1243 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1247 arm11
->brp
= ((didr
>> 24) & 0x0F) + 1;
1249 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1250 arm11
->free_brps
= arm11
->brp
;
1252 LOG_DEBUG("IDCODE %08" PRIx32
" IMPLEMENTOR %02x DIDR %08" PRIx32
,
1253 device_id
, implementor
, didr
);
1255 /* as a side-effect this reads DSCR and thus
1256 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1257 * as suggested by the spec.
1260 retval
= arm11_check_init(arm11
);
1261 if (retval
!= ERROR_OK
)
1264 /* Build register cache "late", after target_init(), since we
1265 * want to know if this core supports Secure Monitor mode.
1267 if (!target_was_examined(target
))
1268 retval
= arm11_dpm_init(arm11
, didr
);
1270 /* ETM on ARM11 still uses original scanchain 6 access mode */
1271 if (arm11
->arm
.etm
&& !target_was_examined(target
)) {
1272 *register_get_last_cache_p(&target
->reg_cache
) =
1273 etm_build_reg_cache(target
, &arm11
->jtag_info
,
1275 retval
= etm_setup(target
);
1278 target_set_examined(target
);
1284 #define ARM11_BOOL_WRAPPER(name, print_name) \
1285 COMMAND_HANDLER(arm11_handle_bool_##name) \
1287 struct target *target = get_current_target(CMD_CTX); \
1288 struct arm11_common *arm11 = target_to_arm11(target); \
1290 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1291 &arm11->name, print_name); \
1294 ARM11_BOOL_WRAPPER(memwrite_burst
, "memory write burst mode")
1295 ARM11_BOOL_WRAPPER(memwrite_error_fatal
, "fatal error mode for memory writes")
1296 ARM11_BOOL_WRAPPER(step_irq_enable
, "IRQs while stepping")
1297 ARM11_BOOL_WRAPPER(hardware_step
, "hardware single step")
1299 /* REVISIT handle the VCR bits like other ARMs: use symbols for
1300 * input and output values.
1303 COMMAND_HANDLER(arm11_handle_vcr
)
1305 struct target
*target
= get_current_target(CMD_CTX
);
1306 struct arm11_common
*arm11
= target_to_arm11(target
);
1312 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], arm11
->vcr
);
1315 return ERROR_COMMAND_SYNTAX_ERROR
;
1318 LOG_INFO("VCR 0x%08" PRIx32
"", arm11
->vcr
);
1322 static const struct command_registration arm11_mw_command_handlers
[] = {
1325 .handler
= arm11_handle_bool_memwrite_burst
,
1326 .mode
= COMMAND_ANY
,
1327 .help
= "Display or modify flag controlling potentially "
1328 "risky fast burst mode (default: enabled)",
1329 .usage
= "['enable'|'disable']",
1332 .name
= "error_fatal",
1333 .handler
= arm11_handle_bool_memwrite_error_fatal
,
1334 .mode
= COMMAND_ANY
,
1335 .help
= "Display or modify flag controlling transfer "
1336 "termination on transfer errors"
1337 " (default: enabled)",
1338 .usage
= "['enable'|'disable']",
1340 COMMAND_REGISTRATION_DONE
1342 static const struct command_registration arm11_any_command_handlers
[] = {
1344 /* "hardware_step" is only here to check if the default
1345 * simulate + breakpoint implementation is broken.
1346 * TEMPORARY! NOT DOCUMENTED! */
1347 .name
= "hardware_step",
1348 .handler
= arm11_handle_bool_hardware_step
,
1349 .mode
= COMMAND_ANY
,
1350 .help
= "DEBUG ONLY - Hardware single stepping"
1351 " (default: disabled)",
1352 .usage
= "['enable'|'disable']",
1356 .mode
= COMMAND_ANY
,
1357 .help
= "memwrite command group",
1358 .chain
= arm11_mw_command_handlers
,
1361 .name
= "step_irq_enable",
1362 .handler
= arm11_handle_bool_step_irq_enable
,
1363 .mode
= COMMAND_ANY
,
1364 .help
= "Display or modify flag controlling interrupt "
1365 "enable while stepping (default: disabled)",
1366 .usage
= "['enable'|'disable']",
1370 .handler
= arm11_handle_vcr
,
1371 .mode
= COMMAND_ANY
,
1372 .help
= "Display or modify Vector Catch Register",
1375 COMMAND_REGISTRATION_DONE
1378 static const struct command_registration arm11_command_handlers
[] = {
1380 .chain
= arm_command_handlers
,
1383 .chain
= etm_command_handlers
,
1387 .mode
= COMMAND_ANY
,
1388 .help
= "ARM11 command group",
1389 .chain
= arm11_any_command_handlers
,
1391 COMMAND_REGISTRATION_DONE
1394 /** Holds methods for ARM11xx targets. */
1395 struct target_type arm11_target
= {
1399 .arch_state
= arm11_arch_state
,
1401 .target_request_data
= arm11_target_request_data
,
1404 .resume
= arm11_resume
,
1407 .assert_reset
= arm11_assert_reset
,
1408 .deassert_reset
= arm11_deassert_reset
,
1409 .soft_reset_halt
= arm11_soft_reset_halt
,
1411 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
1413 .read_memory
= arm11_read_memory
,
1414 .write_memory
= arm11_write_memory
,
1416 .bulk_write_memory
= arm11_bulk_write_memory
,
1418 .checksum_memory
= arm_checksum_memory
,
1419 .blank_check_memory
= arm_blank_check_memory
,
1421 .add_breakpoint
= arm11_add_breakpoint
,
1422 .remove_breakpoint
= arm11_remove_breakpoint
,
1424 .run_algorithm
= armv4_5_run_algorithm
,
1426 .commands
= arm11_command_handlers
,
1427 .target_create
= arm11_target_create
,
1428 .init_target
= arm11_init_target
,
1429 .examine
= arm11_examine
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)