1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program; if not, write to the *
21 * Free Software Foundation, Inc., *
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
23 ***************************************************************************/
30 #include "breakpoints.h"
31 #include "arm11_dbgtap.h"
32 #include "arm_simulator.h"
33 #include "time_support.h"
34 #include "target_type.h"
35 #include "algorithm.h"
40 #define _DEBUG_INSTRUCTION_EXECUTION_
43 static bool arm11_config_memwrite_burst
= true;
44 static bool arm11_config_memwrite_error_fatal
= true;
45 static uint32_t arm11_vcr
= 0;
46 static bool arm11_config_step_irq_enable
= false;
47 static bool arm11_config_hardware_step
= false;
63 enum arm11_regtype type
;
66 /* update arm11_regcache_ids when changing this */
67 static const struct arm11_reg_defs arm11_reg_defs
[] =
70 {"dscr", 0, -1, ARM11_REGISTER_DSCR
},
71 {"wdtr", 0, -1, ARM11_REGISTER_WDTR
},
72 {"rdtr", 0, -1, ARM11_REGISTER_RDTR
},
75 enum arm11_regcache_ids
84 static int arm11_on_enter_debug_state(struct arm11_common
*arm11
);
85 static int arm11_step(struct target
*target
, int current
,
86 uint32_t address
, int handle_breakpoints
);
88 static int arm11_build_reg_cache(struct target
*target
);
89 static int arm11_set_reg(struct reg
*reg
, uint8_t *buf
);
90 static int arm11_get_reg(struct reg
*reg
);
93 /** Check and if necessary take control of the system
95 * \param arm11 Target state variable.
96 * \param dscr If the current DSCR content is
97 * available a pointer to a word holding the
98 * DSCR can be passed. Otherwise use NULL.
100 static int arm11_check_init(struct arm11_common
*arm11
, uint32_t *dscr
)
102 uint32_t dscr_local_tmp_copy
;
106 dscr
= &dscr_local_tmp_copy
;
108 CHECK_RETVAL(arm11_read_DSCR(arm11
, dscr
));
111 if (!(*dscr
& ARM11_DSCR_MODE_SELECT
))
113 LOG_DEBUG("Bringing target into debug mode");
115 *dscr
|= ARM11_DSCR_MODE_SELECT
; /* Halt debug-mode */
116 arm11_write_DSCR(arm11
, *dscr
);
118 /* add further reset initialization here */
120 arm11
->simulate_reset_on_next_halt
= true;
122 if (*dscr
& ARM11_DSCR_CORE_HALTED
)
124 /** \todo TODO: this needs further scrutiny because
125 * arm11_on_enter_debug_state() never gets properly called.
126 * As a result we don't read the actual register states from
130 arm11
->target
->state
= TARGET_HALTED
;
131 arm11
->target
->debug_reason
= arm11_get_DSCR_debug_reason(*dscr
);
135 arm11
->target
->state
= TARGET_RUNNING
;
136 arm11
->target
->debug_reason
= DBG_REASON_NOTHALTED
;
139 arm11_sc7_clear_vbw(arm11
);
148 (arm11->reg_values[ARM11_RC_##x])
150 /** Save processor state.
152 * This is called when the HALT instruction has succeeded
153 * or on other occasions that stop the processor.
156 static int arm11_on_enter_debug_state(struct arm11_common
*arm11
)
160 /* REVISIT entire cache should already be invalid !!! */
161 register_cache_invalidate(arm11
->arm
.core_cache
);
163 for (size_t i
= 0; i
< ARRAY_SIZE(arm11
->reg_values
); i
++)
165 arm11
->reg_list
[i
].valid
= 1;
166 arm11
->reg_list
[i
].dirty
= 0;
169 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
172 CHECK_RETVAL(arm11_read_DSCR(arm11
, &R(DSCR
)));
176 if (R(DSCR
) & ARM11_DSCR_WDTR_FULL
)
178 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
180 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
182 struct scan_field chain5_fields
[3];
184 arm11_setup_field(arm11
, 32, NULL
, &R(WDTR
), chain5_fields
+ 0);
185 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 1);
186 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 2);
188 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
192 arm11
->reg_list
[ARM11_RC_WDTR
].valid
= 0;
196 /* DSCR: set ARM11_DSCR_EXECUTE_ARM_INSTRUCTION_ENABLE
198 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
199 * but not to issue ITRs. ARM1136 seems to require this to issue
202 uint32_t new_dscr
= R(DSCR
) | ARM11_DSCR_EXECUTE_ARM_INSTRUCTION_ENABLE
;
204 /* this executes JTAG queue: */
206 arm11_write_DSCR(arm11
, new_dscr
);
210 Before executing any instruction in debug state you have to drain the write buffer.
211 This ensures that no imprecise Data Aborts can return at a later point:*/
213 /** \todo TODO: Test drain write buffer. */
218 /* MRC p14,0,R0,c5,c10,0 */
219 // arm11_run_instr_no_data1(arm11, /*0xee150e1a*/0xe320f000);
221 /* mcr 15, 0, r0, cr7, cr10, {4} */
222 arm11_run_instr_no_data1(arm11
, 0xee070f9a);
224 uint32_t dscr
= arm11_read_DSCR(arm11
);
226 LOG_DEBUG("DRAIN, DSCR %08x", dscr
);
228 if (dscr
& ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT
)
230 arm11_run_instr_no_data1(arm11
, 0xe320f000);
232 dscr
= arm11_read_DSCR(arm11
);
234 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr
);
243 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
244 * CPSR and PC after the rDTR stuff. We do it all at once.
246 retval
= arm_dpm_read_current_registers(&arm11
->dpm
);
247 if (retval
!= ERROR_OK
)
248 LOG_ERROR("DPM REG READ -- fail %d", retval
);
250 retval
= arm11_run_instr_data_prepare(arm11
);
251 if (retval
!= ERROR_OK
)
254 /* maybe save rDTR */
256 /* check rDTRfull in DSCR */
258 if (R(DSCR
) & ARM11_DSCR_RDTR_FULL
)
260 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
261 retval
= arm11_run_instr_data_from_core_via_r0(arm11
, 0xEE100E15, &R(RDTR
));
262 if (retval
!= ERROR_OK
)
267 arm11
->reg_list
[ARM11_RC_RDTR
].valid
= 0;
270 /* REVISIT Now that we've saved core state, there's may also
271 * be MMU and cache state to care about ...
274 if (arm11
->simulate_reset_on_next_halt
)
276 arm11
->simulate_reset_on_next_halt
= false;
278 LOG_DEBUG("Reset c1 Control Register");
280 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
282 /* MCR p15,0,R0,c1,c0,0 */
283 retval
= arm11_run_instr_data_to_core_via_r0(arm11
, 0xee010f10, 0);
284 if (retval
!= ERROR_OK
)
289 retval
= arm11_run_instr_data_finish(arm11
);
290 if (retval
!= ERROR_OK
)
297 * Restore processor state. This is called in preparation for
298 * the RESTART function.
300 static int arm11_leave_debug_state(struct arm11_common
*arm11
, bool bpwp
)
304 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
306 /* NOTE: the ARM1136 TRM suggests restoring all registers
307 * except R0/PC/CPSR right now. Instead, we do them all
308 * at once, just a bit later on.
311 /* REVISIT once we start caring about MMU and cache state,
312 * address it here ...
315 /* spec says clear wDTR and rDTR; we assume they are clear as
316 otherwise our programming would be sloppy */
320 CHECK_RETVAL(arm11_read_DSCR(arm11
, &DSCR
));
322 if (DSCR
& (ARM11_DSCR_RDTR_FULL
| ARM11_DSCR_WDTR_FULL
))
325 The wDTR/rDTR two registers that are used to send/receive data to/from
326 the core in tandem with corresponding instruction codes that are
327 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
328 registers hold data that was written by one side (CPU or JTAG) and not
329 read out by the other side.
331 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08" PRIx32
")", DSCR
);
336 /* maybe restore original wDTR */
337 if ((R(DSCR
) & ARM11_DSCR_WDTR_FULL
) || arm11
->reg_list
[ARM11_RC_WDTR
].dirty
)
339 retval
= arm11_run_instr_data_prepare(arm11
);
340 if (retval
!= ERROR_OK
)
343 /* MCR p14,0,R0,c0,c5,0 */
344 retval
= arm11_run_instr_data_to_core_via_r0(arm11
, 0xee000e15, R(WDTR
));
345 if (retval
!= ERROR_OK
)
348 retval
= arm11_run_instr_data_finish(arm11
);
349 if (retval
!= ERROR_OK
)
353 /* restore CPSR, PC, and R0 ... after flushing any modified
356 retval
= arm_dpm_write_dirty_registers(&arm11
->dpm
, bpwp
);
358 register_cache_invalidate(arm11
->arm
.core_cache
);
362 arm11_write_DSCR(arm11
, R(DSCR
));
364 /* maybe restore rDTR */
366 if (R(DSCR
) & ARM11_DSCR_RDTR_FULL
|| arm11
->reg_list
[ARM11_RC_RDTR
].dirty
)
368 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
370 arm11_add_IR(arm11
, ARM11_EXTEST
, ARM11_TAP_DEFAULT
);
372 struct scan_field chain5_fields
[3];
374 uint8_t Ready
= 0; /* ignored */
375 uint8_t Valid
= 0; /* ignored */
377 arm11_setup_field(arm11
, 32, &R(RDTR
), NULL
, chain5_fields
+ 0);
378 arm11_setup_field(arm11
, 1, &Ready
, NULL
, chain5_fields
+ 1);
379 arm11_setup_field(arm11
, 1, &Valid
, NULL
, chain5_fields
+ 2);
381 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
384 /* now processor is ready to RESTART */
389 /* poll current target status */
390 static int arm11_poll(struct target
*target
)
393 struct arm11_common
*arm11
= target_to_arm11(target
);
396 CHECK_RETVAL(arm11_read_DSCR(arm11
, &dscr
));
398 LOG_DEBUG("DSCR %08" PRIx32
"", dscr
);
400 CHECK_RETVAL(arm11_check_init(arm11
, &dscr
));
402 if (dscr
& ARM11_DSCR_CORE_HALTED
)
404 if (target
->state
!= TARGET_HALTED
)
406 enum target_state old_state
= target
->state
;
408 LOG_DEBUG("enter TARGET_HALTED");
409 target
->state
= TARGET_HALTED
;
410 target
->debug_reason
= arm11_get_DSCR_debug_reason(dscr
);
411 retval
= arm11_on_enter_debug_state(arm11
);
412 if (retval
!= ERROR_OK
)
415 target_call_event_callbacks(target
,
416 old_state
== TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
);
421 if (target
->state
!= TARGET_RUNNING
&& target
->state
!= TARGET_DEBUG_RUNNING
)
423 LOG_DEBUG("enter TARGET_RUNNING");
424 target
->state
= TARGET_RUNNING
;
425 target
->debug_reason
= DBG_REASON_NOTHALTED
;
431 /* architecture specific status reply */
432 static int arm11_arch_state(struct target
*target
)
436 retval
= armv4_5_arch_state(target
);
438 /* REVISIT also display ARM11-specific MMU and cache status ... */
443 /* target request support */
444 static int arm11_target_request_data(struct target
*target
,
445 uint32_t size
, uint8_t *buffer
)
447 LOG_WARNING("Not implemented: %s", __func__
);
452 /* target execution control */
453 static int arm11_halt(struct target
*target
)
455 struct arm11_common
*arm11
= target_to_arm11(target
);
457 LOG_DEBUG("target->state: %s",
458 target_state_name(target
));
460 if (target
->state
== TARGET_UNKNOWN
)
462 arm11
->simulate_reset_on_next_halt
= true;
465 if (target
->state
== TARGET_HALTED
)
467 LOG_DEBUG("target was already halted");
471 arm11_add_IR(arm11
, ARM11_HALT
, TAP_IDLE
);
473 CHECK_RETVAL(jtag_execute_queue());
480 CHECK_RETVAL(arm11_read_DSCR(arm11
, &dscr
));
482 if (dscr
& ARM11_DSCR_CORE_HALTED
)
493 if ((timeval_ms()-then
) > 1000)
495 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
502 arm11_on_enter_debug_state(arm11
);
504 enum target_state old_state
= target
->state
;
506 target
->state
= TARGET_HALTED
;
507 target
->debug_reason
= arm11_get_DSCR_debug_reason(dscr
);
510 target_call_event_callbacks(target
,
511 old_state
== TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
));
517 arm11_nextpc(struct arm11_common
*arm11
, int current
, uint32_t address
)
519 void *value
= arm11
->arm
.core_cache
->reg_list
[15].value
;
522 buf_set_u32(value
, 0, 32, address
);
524 address
= buf_get_u32(value
, 0, 32);
529 static int arm11_resume(struct target
*target
, int current
,
530 uint32_t address
, int handle_breakpoints
, int debug_execution
)
532 // LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d",
533 // current, address, handle_breakpoints, debug_execution);
535 struct arm11_common
*arm11
= target_to_arm11(target
);
537 LOG_DEBUG("target->state: %s",
538 target_state_name(target
));
541 if (target
->state
!= TARGET_HALTED
)
543 LOG_ERROR("Target not halted");
544 return ERROR_TARGET_NOT_HALTED
;
547 address
= arm11_nextpc(arm11
, current
, address
);
549 LOG_DEBUG("RESUME PC %08" PRIx32
"%s", address
, !current
? "!" : "");
551 /* clear breakpoints/watchpoints and VCR*/
552 arm11_sc7_clear_vbw(arm11
);
554 if (!debug_execution
)
555 target_free_all_working_areas(target
);
557 /* Set up breakpoints */
558 if (handle_breakpoints
)
560 /* check if one matches PC and step over it if necessary */
562 struct breakpoint
* bp
;
564 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
566 if (bp
->address
== address
)
568 LOG_DEBUG("must step over %08" PRIx32
"", bp
->address
);
569 arm11_step(target
, 1, 0, 0);
574 /* set all breakpoints */
576 unsigned brp_num
= 0;
578 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
)
580 struct arm11_sc7_action brp
[2];
583 brp
[0].address
= ARM11_SC7_BVR0
+ brp_num
;
584 brp
[0].value
= bp
->address
;
586 brp
[1].address
= ARM11_SC7_BCR0
+ brp_num
;
587 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
589 arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
));
591 LOG_DEBUG("Add BP %d at %08" PRIx32
, brp_num
,
597 arm11_sc7_set_vcr(arm11
, arm11_vcr
);
600 arm11_leave_debug_state(arm11
, handle_breakpoints
);
602 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
604 CHECK_RETVAL(jtag_execute_queue());
611 CHECK_RETVAL(arm11_read_DSCR(arm11
, &dscr
));
613 LOG_DEBUG("DSCR %08" PRIx32
"", dscr
);
615 if (dscr
& ARM11_DSCR_CORE_RESTARTED
)
626 if ((timeval_ms()-then
) > 1000)
628 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
635 if (!debug_execution
)
637 target
->state
= TARGET_RUNNING
;
638 target
->debug_reason
= DBG_REASON_NOTHALTED
;
640 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
));
644 target
->state
= TARGET_DEBUG_RUNNING
;
645 target
->debug_reason
= DBG_REASON_NOTHALTED
;
647 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
));
653 static int arm11_step(struct target
*target
, int current
,
654 uint32_t address
, int handle_breakpoints
)
656 LOG_DEBUG("target->state: %s",
657 target_state_name(target
));
659 if (target
->state
!= TARGET_HALTED
)
661 LOG_WARNING("target was not halted");
662 return ERROR_TARGET_NOT_HALTED
;
665 struct arm11_common
*arm11
= target_to_arm11(target
);
667 address
= arm11_nextpc(arm11
, current
, address
);
669 LOG_DEBUG("STEP PC %08" PRIx32
"%s", address
, !current
? "!" : "");
672 /** \todo TODO: Thumb not supported here */
674 uint32_t next_instruction
;
676 CHECK_RETVAL(arm11_read_memory_word(arm11
, address
, &next_instruction
));
679 if ((next_instruction
& 0xFFF00070) == 0xe1200070)
681 address
= arm11_nextpc(arm11
, 0, address
+ 4);
682 LOG_DEBUG("Skipping BKPT");
684 /* skip over Wait for interrupt / Standby */
685 /* mcr 15, 0, r?, cr7, cr0, {4} */
686 else if ((next_instruction
& 0xFFFF0FFF) == 0xee070f90)
688 address
= arm11_nextpc(arm11
, 0, address
+ 4);
689 LOG_DEBUG("Skipping WFI");
691 /* ignore B to self */
692 else if ((next_instruction
& 0xFEFFFFFF) == 0xeafffffe)
694 LOG_DEBUG("Not stepping jump to self");
698 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
701 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
702 * the VCR might be something worth looking into. */
705 /* Set up breakpoint for stepping */
707 struct arm11_sc7_action brp
[2];
710 brp
[0].address
= ARM11_SC7_BVR0
;
712 brp
[1].address
= ARM11_SC7_BCR0
;
714 if (arm11_config_hardware_step
)
716 /* Hardware single stepping ("instruction address
717 * mismatch") is used if enabled. It's not quite
718 * exactly "run one instruction"; "branch to here"
719 * loops won't break, neither will some other cases,
720 * but it's probably the best default.
722 * Hardware single stepping isn't supported on v6
723 * debug modules. ARM1176 and v7 can support it...
725 * FIXME Thumb stepping likely needs to use 0x03
726 * or 0xc0 byte masks, not 0x0f.
728 brp
[0].value
= address
;
729 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
730 | (0 << 14) | (0 << 16) | (0 << 20)
734 /* Sets a breakpoint on the next PC, as calculated
735 * by instruction set simulation.
737 * REVISIT stepping Thumb on ARM1156 requires Thumb2
738 * support from the simulator.
743 retval
= arm_simulate_step(target
, &next_pc
);
744 if (retval
!= ERROR_OK
)
747 brp
[0].value
= next_pc
;
748 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
749 | (0 << 14) | (0 << 16) | (0 << 20)
753 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
758 if (arm11_config_step_irq_enable
)
759 R(DSCR
) &= ~ARM11_DSCR_INTERRUPTS_DISABLE
; /* should be redundant */
761 R(DSCR
) |= ARM11_DSCR_INTERRUPTS_DISABLE
;
764 CHECK_RETVAL(arm11_leave_debug_state(arm11
, handle_breakpoints
));
766 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
768 CHECK_RETVAL(jtag_execute_queue());
776 CHECK_RETVAL(arm11_read_DSCR(arm11
, &dscr
));
778 LOG_DEBUG("DSCR %08" PRIx32
"e", dscr
);
780 if ((dscr
& (ARM11_DSCR_CORE_RESTARTED
| ARM11_DSCR_CORE_HALTED
)) ==
781 (ARM11_DSCR_CORE_RESTARTED
| ARM11_DSCR_CORE_HALTED
))
791 if ((timeval_ms()-then
) > 1000)
793 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
800 /* clear breakpoint */
801 arm11_sc7_clear_vbw(arm11
);
804 CHECK_RETVAL(arm11_on_enter_debug_state(arm11
));
806 /* restore default state */
807 R(DSCR
) &= ~ARM11_DSCR_INTERRUPTS_DISABLE
;
811 // target->state = TARGET_HALTED;
812 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
814 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_HALTED
));
819 static int arm11_assert_reset(struct target
*target
)
822 struct arm11_common
*arm11
= target_to_arm11(target
);
824 retval
= arm11_check_init(arm11
, NULL
);
825 if (retval
!= ERROR_OK
)
828 target
->state
= TARGET_UNKNOWN
;
830 /* we would very much like to reset into the halted, state,
831 * but resetting and halting is second best... */
832 if (target
->reset_halt
)
834 CHECK_RETVAL(target_halt(target
));
838 /* srst is funny. We can not do *anything* else while it's asserted
839 * and it has unkonwn side effects. Make sure no other code runs
842 * Code below assumes srst:
844 * - Causes power-on-reset (but of what parts of the system?). Bug
847 * - Messes us TAP state without asserting trst.
849 * - There is another bug in the arm11 core. When you generate an access to
850 * external logic (for example ddr controller via AHB bus) and that block
851 * is not configured (perhaps it is still held in reset), that transaction
852 * will never complete. This will hang arm11 core but it will also hang
853 * JTAG controller. Nothing, short of srst assertion will bring it out of
858 * - What should the PC be after an srst reset when starting in the halted
862 jtag_add_reset(0, 1);
863 jtag_add_reset(0, 0);
865 /* How long do we have to wait? */
866 jtag_add_sleep(5000);
868 /* un-mess up TAP state */
871 retval
= jtag_execute_queue();
872 if (retval
!= ERROR_OK
)
880 static int arm11_deassert_reset(struct target
*target
)
885 static int arm11_soft_reset_halt(struct target
*target
)
887 LOG_WARNING("Not implemented: %s", __func__
);
892 /* target memory access
893 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
894 * count: number of items of <size>
896 * arm11_config_memrw_no_increment - in the future we may want to be able
897 * to read/write a range of data to a "port". a "port" is an action on
898 * read memory address for some peripheral.
900 static int arm11_read_memory_inner(struct target
*target
,
901 uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
,
902 bool arm11_config_memrw_no_increment
)
904 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment problems */
907 if (target
->state
!= TARGET_HALTED
)
909 LOG_WARNING("target was not halted");
910 return ERROR_TARGET_NOT_HALTED
;
913 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
915 struct arm11_common
*arm11
= target_to_arm11(target
);
917 retval
= arm11_run_instr_data_prepare(arm11
);
918 if (retval
!= ERROR_OK
)
921 /* MRC p14,0,r0,c0,c5,0 */
922 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
923 if (retval
!= ERROR_OK
)
929 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
931 for (size_t i
= 0; i
< count
; i
++)
933 /* ldrb r1, [r0], #1 */
935 arm11_run_instr_no_data1(arm11
,
936 !arm11_config_memrw_no_increment
? 0xe4d01001 : 0xe5d01000);
939 /* MCR p14,0,R1,c0,c5,0 */
940 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
949 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
951 for (size_t i
= 0; i
< count
; i
++)
953 /* ldrh r1, [r0], #2 */
954 arm11_run_instr_no_data1(arm11
,
955 !arm11_config_memrw_no_increment
? 0xe0d010b2 : 0xe1d010b0);
959 /* MCR p14,0,R1,c0,c5,0 */
960 arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1);
962 uint16_t svalue
= res
;
963 memcpy(buffer
+ i
* sizeof(uint16_t), &svalue
, sizeof(uint16_t));
971 uint32_t instr
= !arm11_config_memrw_no_increment
? 0xecb05e01 : 0xed905e00;
972 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
973 uint32_t *words
= (uint32_t *)buffer
;
975 /* LDC p14,c5,[R0],#4 */
976 /* LDC p14,c5,[R0] */
977 arm11_run_instr_data_from_core(arm11
, instr
, words
, count
);
982 return arm11_run_instr_data_finish(arm11
);
985 static int arm11_read_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
987 return arm11_read_memory_inner(target
, address
, size
, count
, buffer
, false);
991 * no_increment - in the future we may want to be able
992 * to read/write a range of data to a "port". a "port" is an action on
993 * read memory address for some peripheral.
995 static int arm11_write_memory_inner(struct target
*target
,
996 uint32_t address
, uint32_t size
,
997 uint32_t count
, uint8_t *buffer
,
1002 if (target
->state
!= TARGET_HALTED
)
1004 LOG_WARNING("target was not halted");
1005 return ERROR_TARGET_NOT_HALTED
;
1008 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"", address
, size
, count
);
1010 struct arm11_common
*arm11
= target_to_arm11(target
);
1012 retval
= arm11_run_instr_data_prepare(arm11
);
1013 if (retval
!= ERROR_OK
)
1016 /* MRC p14,0,r0,c0,c5,0 */
1017 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
1018 if (retval
!= ERROR_OK
)
1021 /* burst writes are not used for single words as those may well be
1022 * reset init script writes.
1024 * The other advantage is that as burst writes are default, we'll
1025 * now exercise both burst and non-burst code paths with the
1026 * default settings, increasing code coverage.
1028 bool burst
= arm11_config_memwrite_burst
&& (count
> 1);
1034 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
1036 for (size_t i
= 0; i
< count
; i
++)
1038 /* MRC p14,0,r1,c0,c5,0 */
1039 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, *buffer
++);
1040 if (retval
!= ERROR_OK
)
1043 /* strb r1, [r0], #1 */
1045 retval
= arm11_run_instr_no_data1(arm11
,
1049 if (retval
!= ERROR_OK
)
1058 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
1060 for (size_t i
= 0; i
< count
; i
++)
1063 memcpy(&value
, buffer
+ i
* sizeof(uint16_t), sizeof(uint16_t));
1065 /* MRC p14,0,r1,c0,c5,0 */
1066 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, value
);
1067 if (retval
!= ERROR_OK
)
1070 /* strh r1, [r0], #2 */
1072 retval
= arm11_run_instr_no_data1(arm11
,
1076 if (retval
!= ERROR_OK
)
1084 uint32_t instr
= !no_increment
? 0xeca05e01 : 0xed805e00;
1086 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
1087 uint32_t *words
= (uint32_t*)buffer
;
1091 /* STC p14,c5,[R0],#4 */
1092 /* STC p14,c5,[R0]*/
1093 retval
= arm11_run_instr_data_to_core(arm11
, instr
, words
, count
);
1094 if (retval
!= ERROR_OK
)
1099 /* STC p14,c5,[R0],#4 */
1100 /* STC p14,c5,[R0]*/
1101 retval
= arm11_run_instr_data_to_core_noack(arm11
, instr
, words
, count
);
1102 if (retval
!= ERROR_OK
)
1110 /* r0 verification */
1115 /* MCR p14,0,R0,c0,c5,0 */
1116 retval
= arm11_run_instr_data_from_core(arm11
, 0xEE000E15, &r0
, 1);
1117 if (retval
!= ERROR_OK
)
1120 if (address
+ size
* count
!= r0
)
1122 LOG_ERROR("Data transfer failed. Expected end "
1123 "address 0x%08x, got 0x%08x",
1124 (unsigned) (address
+ size
* count
),
1128 LOG_ERROR("use 'arm11 memwrite burst disable' to disable fast burst mode");
1130 if (arm11_config_memwrite_error_fatal
)
1135 return arm11_run_instr_data_finish(arm11
);
1138 static int arm11_write_memory(struct target
*target
,
1139 uint32_t address
, uint32_t size
,
1140 uint32_t count
, uint8_t *buffer
)
1142 /* pointer increment matters only for multi-unit writes ...
1143 * not e.g. to a "reset the chip" controller.
1145 return arm11_write_memory_inner(target
, address
, size
,
1146 count
, buffer
, count
== 1);
1149 /* write target memory in multiples of 4 byte, optimized for writing large quantities of data */
1150 static int arm11_bulk_write_memory(struct target
*target
,
1151 uint32_t address
, uint32_t count
, uint8_t *buffer
)
1153 if (target
->state
!= TARGET_HALTED
)
1155 LOG_WARNING("target was not halted");
1156 return ERROR_TARGET_NOT_HALTED
;
1159 return arm11_write_memory(target
, address
, 4, count
, buffer
);
1162 /* target break-/watchpoint control
1163 * rw: 0 = write, 1 = read, 2 = access
1165 static int arm11_add_breakpoint(struct target
*target
,
1166 struct breakpoint
*breakpoint
)
1168 struct arm11_common
*arm11
= target_to_arm11(target
);
1171 if (breakpoint
->type
== BKPT_SOFT
)
1173 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1174 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1178 if (!arm11
->free_brps
)
1180 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1181 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1184 if (breakpoint
->length
!= 4)
1186 LOG_DEBUG("only breakpoints of four bytes length supported");
1187 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1195 static int arm11_remove_breakpoint(struct target
*target
,
1196 struct breakpoint
*breakpoint
)
1198 struct arm11_common
*arm11
= target_to_arm11(target
);
1205 static int arm11_target_create(struct target
*target
, Jim_Interp
*interp
)
1207 struct arm11_common
*arm11
;
1209 if (target
->tap
== NULL
)
1212 if (target
->tap
->ir_length
!= 5)
1214 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1215 return ERROR_COMMAND_SYNTAX_ERROR
;
1218 arm11
= calloc(1, sizeof *arm11
);
1222 armv4_5_init_arch_info(target
, &arm11
->arm
);
1224 arm11
->target
= target
;
1226 arm11
->jtag_info
.tap
= target
->tap
;
1227 arm11
->jtag_info
.scann_size
= 5;
1228 arm11
->jtag_info
.scann_instr
= ARM11_SCAN_N
;
1229 /* cur_scan_chain == 0 */
1230 arm11
->jtag_info
.intest_instr
= ARM11_INTEST
;
1235 static int arm11_init_target(struct command_context
*cmd_ctx
,
1236 struct target
*target
)
1238 /* Initialize anything we can set up without talking to the target */
1240 /* REVISIT do we really want such a debug-registers-only cache?
1241 * If we do, it should probably be handled purely by the DPM code,
1242 * so it works identically on the v7a/v7r cores.
1244 return arm11_build_reg_cache(target
);
1247 /* talk to the target and set things up */
1248 static int arm11_examine(struct target
*target
)
1252 struct arm11_common
*arm11
= target_to_arm11(target
);
1253 uint32_t didr
, device_id
;
1254 uint8_t implementor
;
1256 /* FIXME split into do-first-time and do-every-time logic ... */
1260 arm11_add_IR(arm11
, ARM11_IDCODE
, ARM11_TAP_DEFAULT
);
1262 struct scan_field idcode_field
;
1264 arm11_setup_field(arm11
, 32, NULL
, &device_id
, &idcode_field
);
1266 arm11_add_dr_scan_vc(1, &idcode_field
, TAP_DRPAUSE
);
1270 arm11_add_debug_SCAN_N(arm11
, 0x00, ARM11_TAP_DEFAULT
);
1272 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
1274 struct scan_field chain0_fields
[2];
1276 arm11_setup_field(arm11
, 32, NULL
, &didr
, chain0_fields
+ 0);
1277 arm11_setup_field(arm11
, 8, NULL
, &implementor
, chain0_fields
+ 1);
1279 arm11_add_dr_scan_vc(ARRAY_SIZE(chain0_fields
), chain0_fields
, TAP_IDLE
);
1281 CHECK_RETVAL(jtag_execute_queue());
1283 switch (device_id
& 0x0FFFF000)
1292 arm11
->arm
.core_type
= ARM_MODE_MON
;
1296 LOG_ERROR("'target arm11' expects IDCODE 0x*7B*7****");
1299 LOG_INFO("found %s", type
);
1301 /* unlikely this could ever fail, but ... */
1302 switch ((didr
>> 16) & 0x0F) {
1303 case ARM11_DEBUG_V6
:
1304 case ARM11_DEBUG_V61
: /* supports security extensions */
1307 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1311 arm11
->brp
= ((didr
>> 24) & 0x0F) + 1;
1312 arm11
->wrp
= ((didr
>> 28) & 0x0F) + 1;
1314 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1315 arm11
->free_brps
= arm11
->brp
;
1316 arm11
->free_wrps
= arm11
->wrp
;
1318 LOG_DEBUG("IDCODE %08" PRIx32
" IMPLEMENTOR %02x DIDR %08" PRIx32
,
1319 device_id
, implementor
, didr
);
1321 /* as a side-effect this reads DSCR and thus
1322 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1323 * as suggested by the spec.
1326 retval
= arm11_check_init(arm11
, NULL
);
1327 if (retval
!= ERROR_OK
)
1330 /* Build register cache "late", after target_init(), since we
1331 * want to know if this core supports Secure Monitor mode.
1333 if (!target_was_examined(target
)) {
1334 arm11_dpm_init(arm11
, didr
);
1335 retval
= arm_dpm_setup(&arm11
->dpm
);
1338 /* ETM on ARM11 still uses original scanchain 6 access mode */
1339 if (arm11
->arm
.etm
&& !target_was_examined(target
)) {
1340 *register_get_last_cache_p(&target
->reg_cache
) =
1341 etm_build_reg_cache(target
, &arm11
->jtag_info
,
1343 retval
= etm_setup(target
);
1346 target_set_examined(target
);
1352 /** Load a register that is marked !valid in the register cache */
1353 static int arm11_get_reg(struct reg
*reg
)
1355 struct target
* target
= ((struct arm11_reg_state
*)reg
->arch_info
)->target
;
1357 if (target
->state
!= TARGET_HALTED
)
1359 LOG_WARNING("target was not halted");
1360 return ERROR_TARGET_NOT_HALTED
;
1363 /** \todo TODO: Check this. We assume that all registers are fetched at debug entry. */
1366 struct arm11_common
*arm11
= target_to_arm11(target
);
1367 const struct arm11_reg_defs
*arm11_reg_info
= arm11_reg_defs
+ ((struct arm11_reg_state
*)reg
->arch_info
)->def_index
;
1373 /** Change a value in the register cache */
1374 static int arm11_set_reg(struct reg
*reg
, uint8_t *buf
)
1376 struct target
*target
= ((struct arm11_reg_state
*)reg
->arch_info
)->target
;
1377 struct arm11_common
*arm11
= target_to_arm11(target
);
1378 // const struct arm11_reg_defs *arm11_reg_info = arm11_reg_defs + ((struct arm11_reg_state *)reg->arch_info)->def_index;
1380 arm11
->reg_values
[((struct arm11_reg_state
*)reg
->arch_info
)->def_index
] = buf_get_u32(buf
, 0, 32);
1387 static const struct reg_arch_type arm11_reg_type
= {
1388 .get
= arm11_get_reg
,
1389 .set
= arm11_set_reg
,
1392 static int arm11_build_reg_cache(struct target
*target
)
1394 struct arm11_common
*arm11
= target_to_arm11(target
);
1395 struct reg_cache
*cache
;
1396 struct reg
*reg_list
;
1397 struct arm11_reg_state
*arm11_reg_states
;
1399 cache
= calloc(1, sizeof *cache
);
1400 reg_list
= calloc(ARM11_REGCACHE_COUNT
, sizeof *reg_list
);
1401 arm11_reg_states
= calloc(ARM11_REGCACHE_COUNT
,
1402 sizeof *arm11_reg_states
);
1403 if (!cache
|| !reg_list
|| !arm11_reg_states
) {
1406 free(arm11_reg_states
);
1410 arm11
->reg_list
= reg_list
;
1412 /* build cache for some of the debug registers */
1413 cache
->name
= "arm11 debug registers";
1414 cache
->reg_list
= reg_list
;
1415 cache
->num_regs
= ARM11_REGCACHE_COUNT
;
1417 struct reg_cache
**cache_p
= register_get_last_cache_p(&target
->reg_cache
);
1420 arm11
->core_cache
= cache
;
1424 /* Not very elegant assertion */
1425 if (ARM11_REGCACHE_COUNT
!= ARRAY_SIZE(arm11
->reg_values
) ||
1426 ARM11_REGCACHE_COUNT
!= ARRAY_SIZE(arm11_reg_defs
) ||
1427 ARM11_REGCACHE_COUNT
!= ARM11_RC_MAX
)
1429 LOG_ERROR("BUG: arm11->reg_values inconsistent (%d %u %u %d)",
1430 ARM11_REGCACHE_COUNT
,
1431 (unsigned) ARRAY_SIZE(arm11
->reg_values
),
1432 (unsigned) ARRAY_SIZE(arm11_reg_defs
),
1434 /* FIXME minimally, use a build_bug_on(X) mechanism;
1435 * runtime exit() here is bad!
1440 for (i
= 0; i
< ARM11_REGCACHE_COUNT
; i
++)
1442 struct reg
* r
= reg_list
+ i
;
1443 const struct arm11_reg_defs
* rd
= arm11_reg_defs
+ i
;
1444 struct arm11_reg_state
* rs
= arm11_reg_states
+ i
;
1448 r
->value
= (uint8_t *)(arm11
->reg_values
+ i
);
1451 r
->type
= &arm11_reg_type
;
1455 rs
->target
= target
;
1461 /* FIXME all these BOOL_WRAPPER things should be modifying
1462 * per-instance state, not shared state; ditto the vector
1463 * catch register support. Scan chains with multiple cores
1464 * should be able to say "work with this core like this,
1465 * that core like that". Example, ARM11 MPCore ...
1468 #define ARM11_BOOL_WRAPPER(name, print_name) \
1469 COMMAND_HANDLER(arm11_handle_bool_##name) \
1471 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1472 &arm11_config_##name, print_name); \
1475 ARM11_BOOL_WRAPPER(memwrite_burst
, "memory write burst mode")
1476 ARM11_BOOL_WRAPPER(memwrite_error_fatal
, "fatal error mode for memory writes")
1477 ARM11_BOOL_WRAPPER(step_irq_enable
, "IRQs while stepping")
1478 ARM11_BOOL_WRAPPER(hardware_step
, "hardware single step")
1480 COMMAND_HANDLER(arm11_handle_vcr
)
1486 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], arm11_vcr
);
1489 return ERROR_COMMAND_SYNTAX_ERROR
;
1492 LOG_INFO("VCR 0x%08" PRIx32
"", arm11_vcr
);
1496 static const struct command_registration arm11_mw_command_handlers
[] = {
1499 .handler
= &arm11_handle_bool_memwrite_burst
,
1500 .mode
= COMMAND_ANY
,
1501 .help
= "Enable/Disable non-standard but fast burst mode"
1502 " (default: enabled)",
1505 .name
= "error_fatal",
1506 .handler
= &arm11_handle_bool_memwrite_error_fatal
,
1507 .mode
= COMMAND_ANY
,
1508 .help
= "Terminate program if transfer error was found"
1509 " (default: enabled)",
1511 COMMAND_REGISTRATION_DONE
1513 static const struct command_registration arm11_any_command_handlers
[] = {
1515 /* "hardware_step" is only here to check if the default
1516 * simulate + breakpoint implementation is broken.
1517 * TEMPORARY! NOT DOCUMENTED! */
1518 .name
= "hardware_step",
1519 .handler
= &arm11_handle_bool_hardware_step
,
1520 .mode
= COMMAND_ANY
,
1521 .help
= "DEBUG ONLY - Hardware single stepping"
1522 " (default: disabled)",
1523 .usage
= "(enable|disable)",
1527 .mode
= COMMAND_ANY
,
1528 .help
= "memwrite command group",
1529 .chain
= arm11_mw_command_handlers
,
1532 .name
= "step_irq_enable",
1533 .handler
= &arm11_handle_bool_step_irq_enable
,
1534 .mode
= COMMAND_ANY
,
1535 .help
= "Enable interrupts while stepping"
1536 " (default: disabled)",
1540 .handler
= &arm11_handle_vcr
,
1541 .mode
= COMMAND_ANY
,
1542 .help
= "Control (Interrupt) Vector Catch Register",
1544 COMMAND_REGISTRATION_DONE
1546 static const struct command_registration arm11_command_handlers
[] = {
1548 .chain
= arm_command_handlers
,
1551 .chain
= etm_command_handlers
,
1555 .mode
= COMMAND_ANY
,
1556 .help
= "ARM11 command group",
1557 .chain
= arm11_any_command_handlers
,
1559 COMMAND_REGISTRATION_DONE
1562 /** Holds methods for ARM11xx targets. */
1563 struct target_type arm11_target
= {
1567 .arch_state
= arm11_arch_state
,
1569 .target_request_data
= arm11_target_request_data
,
1572 .resume
= arm11_resume
,
1575 .assert_reset
= arm11_assert_reset
,
1576 .deassert_reset
= arm11_deassert_reset
,
1577 .soft_reset_halt
= arm11_soft_reset_halt
,
1579 .get_gdb_reg_list
= armv4_5_get_gdb_reg_list
,
1581 .read_memory
= arm11_read_memory
,
1582 .write_memory
= arm11_write_memory
,
1584 .bulk_write_memory
= arm11_bulk_write_memory
,
1586 .checksum_memory
= arm_checksum_memory
,
1587 .blank_check_memory
= arm_blank_check_memory
,
1589 .add_breakpoint
= arm11_add_breakpoint
,
1590 .remove_breakpoint
= arm11_remove_breakpoint
,
1592 .run_algorithm
= armv4_5_run_algorithm
,
1594 .commands
= arm11_command_handlers
,
1595 .target_create
= arm11_target_create
,
1596 .init_target
= arm11_init_target
,
1597 .examine
= arm11_examine
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)