1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007-2010 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * Copyright (C) 2009 by David Brownell *
16 * This program is free software; you can redistribute it and/or modify *
17 * it under the terms of the GNU General Public License as published by *
18 * the Free Software Foundation; either version 2 of the License, or *
19 * (at your option) any later version. *
21 * This program is distributed in the hope that it will be useful, *
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24 * GNU General Public License for more details. *
26 * You should have received a copy of the GNU General Public License *
27 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
28 ***************************************************************************/
34 #include "breakpoints.h"
35 #include "embeddedice.h"
36 #include "target_request.h"
38 #include <helper/time_support.h>
39 #include "arm_simulator.h"
40 #include "arm_semihosting.h"
41 #include "algorithm.h"
47 * Hold common code supporting the ARM7 and ARM9 core generations.
49 * While the ARM core implementations evolved substantially during these
50 * two generations, they look quite similar from the JTAG perspective.
51 * Both have similar debug facilities, based on the same two scan chains
52 * providing access to the core and to an EmbeddedICE module. Both can
53 * support similar ETM and ETB modules, for tracing. And both expose
54 * what could be viewed as "ARM Classic", with multiple processor modes,
55 * shadowed registers, and support for the Thumb instruction set.
57 * Processor differences include things like presence or absence of MMU
58 * and cache, pipeline sizes, use of a modified Harvard Architecture
59 * (with separate instruction and data buses from the CPU), support
60 * for cpu clock gating during idle, and more.
63 static int arm7_9_debug_entry(struct target
*target
);
66 * Clear watchpoints for an ARM7/9 target.
68 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
69 * @return JTAG error status after executing queue
71 static int arm7_9_clear_watchpoints(struct arm7_9_common
*arm7_9
)
74 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
75 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
76 arm7_9
->sw_breakpoint_count
= 0;
77 arm7_9
->sw_breakpoints_added
= 0;
79 arm7_9
->wp1_used
= arm7_9
->wp1_used_default
;
80 arm7_9
->wp_available
= arm7_9
->wp_available_max
;
82 return jtag_execute_queue();
86 * Assign a watchpoint to one of the two available hardware comparators in an
87 * ARM7 or ARM9 target.
89 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
90 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
92 static void arm7_9_assign_wp(struct arm7_9_common
*arm7_9
, struct breakpoint
*breakpoint
)
94 if (!arm7_9
->wp0_used
) {
97 arm7_9
->wp_available
--;
98 } else if (!arm7_9
->wp1_used
) {
101 arm7_9
->wp_available
--;
103 LOG_ERROR("BUG: no hardware comparator available");
105 LOG_DEBUG("BPID: %" PRIu32
" (0x%08" TARGET_PRIxADDR
") using hw wp: %d",
106 breakpoint
->unique_id
,
112 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
114 * @param arm7_9 Pointer to common struct for ARM7/9 targets
115 * @return Error codes if there is a problem finding a watchpoint or the result
116 * of executing the JTAG queue
118 static int arm7_9_set_software_breakpoints(struct arm7_9_common
*arm7_9
)
120 if (arm7_9
->sw_breakpoints_added
)
122 if (arm7_9
->wp_available
< 1) {
123 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
124 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
126 arm7_9
->wp_available
--;
128 /* pick a breakpoint unit */
129 if (!arm7_9
->wp0_used
) {
130 arm7_9
->sw_breakpoints_added
= 1;
131 arm7_9
->wp0_used
= 3;
132 } else if (!arm7_9
->wp1_used
) {
133 arm7_9
->sw_breakpoints_added
= 2;
134 arm7_9
->wp1_used
= 3;
136 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
140 if (arm7_9
->sw_breakpoints_added
== 1) {
141 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], arm7_9
->arm_bkpt
);
142 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0x0);
143 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffffu
);
144 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
145 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
146 } else if (arm7_9
->sw_breakpoints_added
== 2) {
147 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], arm7_9
->arm_bkpt
);
148 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0x0);
149 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0xffffffffu
);
150 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
151 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
153 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
156 LOG_DEBUG("SW BP using hw wp: %d",
157 arm7_9
->sw_breakpoints_added
);
159 return jtag_execute_queue();
163 * Setup the common pieces for an ARM7/9 target after reset or on startup.
165 * @param target Pointer to an ARM7/9 target to setup
166 * @return Result of clearing the watchpoints on the target
168 static int arm7_9_setup(struct target
*target
)
170 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
172 return arm7_9_clear_watchpoints(arm7_9
);
176 * Set either a hardware or software breakpoint on an ARM7/9 target. The
177 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
178 * might have erased the values in Embedded ICE.
180 * @param target Pointer to the target device to set the breakpoints on
181 * @param breakpoint Pointer to the breakpoint to be set
182 * @return For hardware breakpoints, this is the result of executing the JTAG
183 * queue. For software breakpoints, this will be the status of the
184 * required memory reads and writes
186 static int arm7_9_set_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
188 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
189 int retval
= ERROR_OK
;
191 LOG_DEBUG("BPID: %" PRIu32
", Address: 0x%08" TARGET_PRIxADDR
", Type: %d",
192 breakpoint
->unique_id
,
196 if (target
->state
!= TARGET_HALTED
) {
197 LOG_WARNING("target not halted");
198 return ERROR_TARGET_NOT_HALTED
;
201 if (breakpoint
->type
== BKPT_HARD
) {
202 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
203 uint32_t mask
= (breakpoint
->length
== 4) ? 0x3u
: 0x1u
;
205 /* reassign a hw breakpoint */
206 if (breakpoint
->set
== 0)
207 arm7_9_assign_wp(arm7_9
, breakpoint
);
209 if (breakpoint
->set
== 1) {
210 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], breakpoint
->address
);
211 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
212 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffffu
);
213 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
214 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
215 } else if (breakpoint
->set
== 2) {
216 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], breakpoint
->address
);
217 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
218 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffffu
);
219 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
220 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
222 LOG_ERROR("BUG: no hardware comparator available");
226 retval
= jtag_execute_queue();
227 } else if (breakpoint
->type
== BKPT_SOFT
) {
228 /* did we already set this breakpoint? */
232 if (breakpoint
->length
== 4) {
233 uint32_t verify
= 0xffffffff;
234 /* keep the original instruction in target endianness */
235 retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
236 if (retval
!= ERROR_OK
)
238 /* write the breakpoint instruction in target
239 * endianness (arm7_9->arm_bkpt is host endian) */
240 retval
= target_write_u32(target
, breakpoint
->address
, arm7_9
->arm_bkpt
);
241 if (retval
!= ERROR_OK
)
244 retval
= target_read_u32(target
, breakpoint
->address
, &verify
);
245 if (retval
!= ERROR_OK
)
247 if (verify
!= arm7_9
->arm_bkpt
) {
248 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" TARGET_PRIxADDR
249 " - check that memory is read/writable", breakpoint
->address
);
253 uint16_t verify
= 0xffff;
254 /* keep the original instruction in target endianness */
255 retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
256 if (retval
!= ERROR_OK
)
258 /* write the breakpoint instruction in target
259 * endianness (arm7_9->thumb_bkpt is host endian) */
260 retval
= target_write_u16(target
, breakpoint
->address
, arm7_9
->thumb_bkpt
);
261 if (retval
!= ERROR_OK
)
264 retval
= target_read_u16(target
, breakpoint
->address
, &verify
);
265 if (retval
!= ERROR_OK
)
267 if (verify
!= arm7_9
->thumb_bkpt
) {
268 LOG_ERROR("Unable to set thumb software breakpoint at address %08" TARGET_PRIxADDR
269 " - check that memory is read/writable", breakpoint
->address
);
274 retval
= arm7_9_set_software_breakpoints(arm7_9
);
275 if (retval
!= ERROR_OK
)
278 arm7_9
->sw_breakpoint_count
++;
287 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
288 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
289 * will be updated. Otherwise, the software breakpoint will be restored to its
290 * original instruction if it hasn't already been modified.
292 * @param target Pointer to ARM7/9 target to unset the breakpoint from
293 * @param breakpoint Pointer to breakpoint to be unset
294 * @return For hardware breakpoints, this is the result of executing the JTAG
295 * queue. For software breakpoints, this will be the status of the
296 * required memory reads and writes
298 static int arm7_9_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
300 int retval
= ERROR_OK
;
301 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
303 LOG_DEBUG("BPID: %" PRIu32
", Address: 0x%08" TARGET_PRIxADDR
,
304 breakpoint
->unique_id
,
305 breakpoint
->address
);
307 if (!breakpoint
->set
) {
308 LOG_WARNING("breakpoint not set");
312 if (breakpoint
->type
== BKPT_HARD
) {
313 LOG_DEBUG("BPID: %" PRIu32
" Releasing hw wp: %d",
314 breakpoint
->unique_id
,
316 if (breakpoint
->set
== 1) {
317 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
318 arm7_9
->wp0_used
= 0;
319 arm7_9
->wp_available
++;
320 } else if (breakpoint
->set
== 2) {
321 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
322 arm7_9
->wp1_used
= 0;
323 arm7_9
->wp_available
++;
325 retval
= jtag_execute_queue();
328 /* restore original instruction (kept in target endianness) */
329 if (breakpoint
->length
== 4) {
330 uint32_t current_instr
;
331 /* check that user program as not modified breakpoint instruction */
332 retval
= target_read_memory(target
,
333 breakpoint
->address
, 4, 1, (uint8_t *)¤t_instr
);
334 if (retval
!= ERROR_OK
)
336 current_instr
= target_buffer_get_u32(target
, (uint8_t *)¤t_instr
);
337 if (current_instr
== arm7_9
->arm_bkpt
) {
338 retval
= target_write_memory(target
,
339 breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
340 if (retval
!= ERROR_OK
)
345 uint16_t current_instr
;
346 /* check that user program as not modified breakpoint instruction */
347 retval
= target_read_memory(target
,
348 breakpoint
->address
, 2, 1, (uint8_t *)¤t_instr
);
349 if (retval
!= ERROR_OK
)
351 current_instr
= target_buffer_get_u16(target
, (uint8_t *)¤t_instr
);
352 if (current_instr
== arm7_9
->thumb_bkpt
) {
353 retval
= target_write_memory(target
,
354 breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
355 if (retval
!= ERROR_OK
)
360 if (--arm7_9
->sw_breakpoint_count
== 0) {
361 /* We have removed the last sw breakpoint, clear the hw breakpoint we used
363 if (arm7_9
->sw_breakpoints_added
== 1)
364 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
365 EICE_W0_CONTROL_VALUE
], 0);
366 else if (arm7_9
->sw_breakpoints_added
== 2)
367 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
368 EICE_W1_CONTROL_VALUE
], 0);
378 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
379 * dangling breakpoints and that the desired breakpoint can be added.
381 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
382 * @param breakpoint Pointer to the breakpoint to be added
383 * @return An error status if there is a problem adding the breakpoint or the
384 * result of setting the breakpoint
386 int arm7_9_add_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
388 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
390 if (arm7_9
->breakpoint_count
== 0) {
391 /* make sure we don't have any dangling breakpoints. This is vital upon
392 * GDB connect/disconnect
394 arm7_9_clear_watchpoints(arm7_9
);
397 if ((breakpoint
->type
== BKPT_HARD
) && (arm7_9
->wp_available
< 1)) {
398 LOG_INFO("no watchpoint unit available for hardware breakpoint");
399 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
402 if ((breakpoint
->length
!= 2) && (breakpoint
->length
!= 4)) {
403 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
404 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
407 if (breakpoint
->type
== BKPT_HARD
)
408 arm7_9_assign_wp(arm7_9
, breakpoint
);
410 arm7_9
->breakpoint_count
++;
412 return arm7_9_set_breakpoint(target
, breakpoint
);
416 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
417 * dangling breakpoints and updates available watchpoints if it is a hardware
420 * @param target Pointer to the target to have a breakpoint removed
421 * @param breakpoint Pointer to the breakpoint to be removed
422 * @return Error status if there was a problem unsetting the breakpoint or the
423 * watchpoints could not be cleared
425 int arm7_9_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
427 int retval
= ERROR_OK
;
428 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
430 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
431 if (retval
!= ERROR_OK
)
434 if (breakpoint
->type
== BKPT_HARD
)
435 arm7_9
->wp_available
++;
437 arm7_9
->breakpoint_count
--;
438 if (arm7_9
->breakpoint_count
== 0) {
439 /* make sure we don't have any dangling breakpoints */
440 retval
= arm7_9_clear_watchpoints(arm7_9
);
441 if (retval
!= ERROR_OK
)
449 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
450 * considered a bug to call this function when there are no available watchpoint
453 * @param target Pointer to an ARM7/9 target to set a watchpoint on
454 * @param watchpoint Pointer to the watchpoint to be set
455 * @return Error status if watchpoint set fails or the result of executing the
458 static int arm7_9_set_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
460 int retval
= ERROR_OK
;
461 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
465 mask
= watchpoint
->length
- 1;
467 if (target
->state
!= TARGET_HALTED
) {
468 LOG_WARNING("target not halted");
469 return ERROR_TARGET_NOT_HALTED
;
472 if (watchpoint
->rw
== WPT_ACCESS
)
477 if (!arm7_9
->wp0_used
) {
478 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
],
479 watchpoint
->address
);
480 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
481 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
],
483 if (watchpoint
->mask
!= 0xffffffffu
)
484 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
],
486 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
487 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
488 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
489 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
491 retval
= jtag_execute_queue();
492 if (retval
!= ERROR_OK
)
495 arm7_9
->wp0_used
= 2;
496 } else if (!arm7_9
->wp1_used
) {
497 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
498 watchpoint
->address
);
499 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
500 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
],
502 if (watchpoint
->mask
!= 0xffffffffu
)
503 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
],
505 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
506 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
507 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
508 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
510 retval
= jtag_execute_queue();
511 if (retval
!= ERROR_OK
)
514 arm7_9
->wp1_used
= 2;
516 LOG_ERROR("BUG: no hardware comparator available");
524 * Unset an existing watchpoint and clear the used watchpoint unit.
526 * @param target Pointer to the target to have the watchpoint removed
527 * @param watchpoint Pointer to the watchpoint to be removed
528 * @return Error status while trying to unset the watchpoint or the result of
529 * executing the JTAG queue
531 static int arm7_9_unset_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
533 int retval
= ERROR_OK
;
534 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
536 if (target
->state
!= TARGET_HALTED
) {
537 LOG_WARNING("target not halted");
538 return ERROR_TARGET_NOT_HALTED
;
541 if (!watchpoint
->set
) {
542 LOG_WARNING("breakpoint not set");
546 if (watchpoint
->set
== 1) {
547 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
548 retval
= jtag_execute_queue();
549 if (retval
!= ERROR_OK
)
551 arm7_9
->wp0_used
= 0;
552 } else if (watchpoint
->set
== 2) {
553 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
554 retval
= jtag_execute_queue();
555 if (retval
!= ERROR_OK
)
557 arm7_9
->wp1_used
= 0;
565 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
566 * available, an error response is returned.
568 * @param target Pointer to the ARM7/9 target to add a watchpoint to
569 * @param watchpoint Pointer to the watchpoint to be added
570 * @return Error status while trying to add the watchpoint
572 int arm7_9_add_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
574 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
576 if (arm7_9
->wp_available
< 1)
577 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
579 if ((watchpoint
->length
!= 1) && (watchpoint
->length
!= 2) && (watchpoint
->length
!= 4))
580 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
582 arm7_9
->wp_available
--;
588 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
589 * the used watchpoint unit will be reopened.
591 * @param target Pointer to the target to remove a watchpoint from
592 * @param watchpoint Pointer to the watchpoint to be removed
593 * @return Result of trying to unset the watchpoint
595 int arm7_9_remove_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
597 int retval
= ERROR_OK
;
598 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
600 if (watchpoint
->set
) {
601 retval
= arm7_9_unset_watchpoint(target
, watchpoint
);
602 if (retval
!= ERROR_OK
)
606 arm7_9
->wp_available
++;
612 * Restarts the target by sending a RESTART instruction and moving the JTAG
613 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
614 * asserted by the processor.
616 * @param target Pointer to target to issue commands to
617 * @return Error status if there is a timeout or a problem while executing the
620 int arm7_9_execute_sys_speed(struct target
*target
)
623 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
624 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
625 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
627 /* set RESTART instruction */
628 if (arm7_9
->need_bypass_before_restart
) {
629 arm7_9
->need_bypass_before_restart
= 0;
630 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
631 if (retval
!= ERROR_OK
)
634 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
635 if (retval
!= ERROR_OK
)
638 int64_t then
= timeval_ms();
640 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
641 /* read debug status register */
642 embeddedice_read_reg(dbg_stat
);
643 retval
= jtag_execute_queue();
644 if (retval
!= ERROR_OK
)
646 if ((buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
647 && (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_SYSCOMP
, 1)))
649 if (debug_level
>= 3)
655 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32
"",
656 buf_get_u32(dbg_stat
->value
, 0, dbg_stat
->size
));
657 return ERROR_TARGET_TIMEOUT
;
664 * Restarts the target by sending a RESTART instruction and moving the JTAG
665 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
666 * waiting until they are.
668 * @param target Pointer to the target to issue commands to
669 * @return Always ERROR_OK
671 static int arm7_9_execute_fast_sys_speed(struct target
*target
)
674 static uint8_t check_value
[4], check_mask
[4];
676 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
677 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
678 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
681 /* set RESTART instruction */
682 if (arm7_9
->need_bypass_before_restart
) {
683 arm7_9
->need_bypass_before_restart
= 0;
684 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
685 if (retval
!= ERROR_OK
)
688 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
689 if (retval
!= ERROR_OK
)
693 /* check for DBGACK and SYSCOMP set (others don't care) */
695 /* NB! These are constants that must be available until after next jtag_execute() and
696 * we evaluate the values upon first execution in lieu of setting up these constants
697 * during early setup.
699 buf_set_u32(check_value
, 0, 32, 0x9);
700 buf_set_u32(check_mask
, 0, 32, 0x9);
704 /* read debug status register */
705 embeddedice_read_reg_w_check(dbg_stat
, check_value
, check_mask
);
711 * Get some data from the ARM7/9 target.
713 * @param target Pointer to the ARM7/9 target to read data from
714 * @param size The number of 32bit words to be read
715 * @param buffer Pointer to the buffer that will hold the data
716 * @return The result of receiving data from the Embedded ICE unit
718 int arm7_9_target_request_data(struct target
*target
, uint32_t size
, uint8_t *buffer
)
720 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
721 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
723 int retval
= ERROR_OK
;
726 data
= malloc(size
* (sizeof(uint32_t)));
728 retval
= embeddedice_receive(jtag_info
, data
, size
);
730 /* return the 32-bit ints in the 8-bit array */
731 for (i
= 0; i
< size
; i
++)
732 h_u32_to_le(buffer
+ (i
* 4), data
[i
]);
740 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
741 * target is running and the DCC control register has the W bit high, this will
742 * execute the request on the target.
744 * @param priv Void pointer expected to be a struct target pointer
745 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
746 * from the Embedded ICE unit
748 static int arm7_9_handle_target_request(void *priv
)
750 int retval
= ERROR_OK
;
751 struct target
*target
= priv
;
752 if (!target_was_examined(target
))
754 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
755 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
756 struct reg
*dcc_control
= &arm7_9
->eice_cache
->reg_list
[EICE_COMMS_CTRL
];
758 if (!target
->dbg_msg_enabled
)
761 if (target
->state
== TARGET_RUNNING
) {
762 /* read DCC control register */
763 embeddedice_read_reg(dcc_control
);
764 retval
= jtag_execute_queue();
765 if (retval
!= ERROR_OK
)
769 if (buf_get_u32(dcc_control
->value
, 1, 1) == 1) {
772 retval
= embeddedice_receive(jtag_info
, &request
, 1);
773 if (retval
!= ERROR_OK
)
775 retval
= target_request(target
, request
);
776 if (retval
!= ERROR_OK
)
785 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
786 * is manipulated to the right halted state based on its current state. This is
790 * <tr><th > State</th><th > Action</th></tr>
791 * <tr><td > TARGET_RUNNING | TARGET_RESET</td>
792 * <td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
793 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
794 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
795 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
798 * If the target does not end up in the halted state, a warning is produced. If
799 * DBGACK is cleared, then the target is expected to either be running or
802 * @param target Pointer to the ARM7/9 target to poll
803 * @return ERROR_OK or an error status if a command fails
805 int arm7_9_poll(struct target
*target
)
808 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
809 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
811 /* read debug status register */
812 embeddedice_read_reg(dbg_stat
);
813 retval
= jtag_execute_queue();
814 if (retval
!= ERROR_OK
)
817 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1)) {
818 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, *32));*/
819 if (target
->state
== TARGET_UNKNOWN
) {
820 /* Starting OpenOCD with target in debug-halt */
821 target
->state
= TARGET_RUNNING
;
822 LOG_DEBUG("DBGACK already set during server startup.");
824 if ((target
->state
== TARGET_RUNNING
) || (target
->state
== TARGET_RESET
)) {
825 target
->state
= TARGET_HALTED
;
827 retval
= arm7_9_debug_entry(target
);
828 if (retval
!= ERROR_OK
)
831 if (arm_semihosting(target
, &retval
) != 0)
834 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
835 if (retval
!= ERROR_OK
)
838 if (target
->state
== TARGET_DEBUG_RUNNING
) {
839 target
->state
= TARGET_HALTED
;
840 retval
= arm7_9_debug_entry(target
);
841 if (retval
!= ERROR_OK
)
844 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
);
845 if (retval
!= ERROR_OK
)
848 if (target
->state
!= TARGET_HALTED
)
850 "DBGACK set, but the target did not end up in the halted state %d",
853 if (target
->state
!= TARGET_DEBUG_RUNNING
)
854 target
->state
= TARGET_RUNNING
;
861 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
862 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
863 * affected) completely stop the JTAG clock while the core is held in reset
864 * (SRST). It isn't possible to program the halt condition once reset is
865 * asserted, hence a hook that allows the target to set up its reset-halt
866 * condition is setup prior to asserting reset.
868 * @param target Pointer to an ARM7/9 target to assert reset on
869 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
871 int arm7_9_assert_reset(struct target
*target
)
873 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
874 enum reset_types jtag_reset_config
= jtag_get_reset_config();
875 bool use_event
= false;
877 /* TODO: apply hw reset signal in not examined state */
878 if (!(target_was_examined(target
))) {
879 LOG_WARNING("Reset is not asserted because the target is not examined.");
880 LOG_WARNING("Use a reset button or power cycle the target.");
881 return ERROR_TARGET_NOT_EXAMINED
;
884 LOG_DEBUG("target->state: %s", target_state_name(target
));
886 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
888 else if (!(jtag_reset_config
& RESET_HAS_SRST
)) {
889 LOG_ERROR("%s: how to reset?", target_name(target
));
893 /* At this point trst has been asserted/deasserted once. We would
894 * like to program EmbeddedICE while SRST is asserted, instead of
895 * depending on SRST to leave that module alone. However, many CPUs
896 * gate the JTAG clock while SRST is asserted; or JTAG may need
897 * clock stability guarantees (adaptive clocking might help).
899 * So we assume JTAG access during SRST is off the menu unless it's
900 * been specifically enabled.
902 bool srst_asserted
= false;
904 if (!use_event
&& !(jtag_reset_config
& RESET_SRST_PULLS_TRST
)
905 && (jtag_reset_config
& RESET_SRST_NO_GATING
)) {
906 jtag_add_reset(0, 1);
907 srst_asserted
= true;
910 if (target
->reset_halt
) {
912 * For targets that don't support communication while SRST is
913 * asserted, we need to set up the reset vector catch first.
915 * When we use TRST+SRST and that's equivalent to a power-up
916 * reset, these settings may well be reset anyway; so setting
917 * them here won't matter.
919 if (arm7_9
->has_vector_catch
) {
920 /* program vector catch register to catch reset */
921 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
], 0x1);
923 /* extra runtest added as issues were found with
924 * certain ARM9 cores (maybe more) - AT91SAM9260
927 jtag_add_runtest(1, TAP_IDLE
);
929 /* program watchpoint unit to match on reset vector
932 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], 0x0);
933 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0x3);
934 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
935 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
936 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
941 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
943 /* If we use SRST ... we'd like to issue just SRST, but the
944 * board or chip may be set up so we have to assert TRST as
945 * well. On some chips that combination is equivalent to a
946 * power-up reset, and generally clobbers EICE state.
948 if (jtag_reset_config
& RESET_SRST_PULLS_TRST
)
949 jtag_add_reset(1, 1);
950 else if (!srst_asserted
)
951 jtag_add_reset(0, 1);
952 jtag_add_sleep(50000);
955 target
->state
= TARGET_RESET
;
956 register_cache_invalidate(arm7_9
->arm
.core_cache
);
958 /* REVISIT why isn't standard debug entry logic sufficient?? */
959 if (target
->reset_halt
&& (!(jtag_reset_config
& RESET_SRST_PULLS_TRST
) || use_event
)) {
960 /* debug entry was prepared above */
961 target
->debug_reason
= DBG_REASON_DBGRQ
;
968 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
969 * and the target is being reset into a halt, a warning will be triggered
970 * because it is not possible to reset into a halted mode in this case. The
971 * target is halted using the target's functions.
973 * @param target Pointer to the target to have the reset deasserted
974 * @return ERROR_OK or an error from polling or halting the target
976 int arm7_9_deassert_reset(struct target
*target
)
978 int retval
= ERROR_OK
;
979 LOG_DEBUG("target->state: %s", target_state_name(target
));
981 /* deassert reset lines */
982 jtag_add_reset(0, 0);
984 /* In case polling is disabled, we need to examine the
985 * target and poll here for this target to work correctly.
987 * Otherwise, e.g. halt will fail afterwards with bogus
988 * error messages as halt will believe that reset is
991 retval
= target_examine_one(target
);
992 if (retval
!= ERROR_OK
)
995 retval
= target_poll(target
);
996 if (retval
!= ERROR_OK
)
999 enum reset_types jtag_reset_config
= jtag_get_reset_config();
1000 if (target
->reset_halt
&& (jtag_reset_config
& RESET_SRST_PULLS_TRST
) != 0) {
1002 "srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1003 retval
= target_halt(target
);
1004 if (retval
!= ERROR_OK
)
1011 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1012 * reset and if DBGRQ is used, it is programmed to be deasserted. If the reset
1013 * vector catch was used, it is restored. Otherwise, the control value is
1014 * restored and the watchpoint unit is restored if it was in use.
1016 * @param target Pointer to the ARM7/9 target to have halt cleared
1017 * @return Always ERROR_OK
1019 static int arm7_9_clear_halt(struct target
*target
)
1021 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1022 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1024 /* we used DBGRQ only if we didn't come out of reset */
1025 if (!arm7_9
->debug_entry_from_reset
&& arm7_9
->use_dbgrq
) {
1026 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1028 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1029 embeddedice_store_reg(dbg_ctrl
);
1031 if (arm7_9
->debug_entry_from_reset
&& arm7_9
->has_vector_catch
) {
1032 /* if we came out of reset, and vector catch is supported, we used
1033 * vector catch to enter debug state
1034 * restore the register in that case
1036 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
]);
1038 /* restore registers if watchpoint unit 0 was in use
1040 if (arm7_9
->wp0_used
) {
1041 if (arm7_9
->debug_entry_from_reset
)
1042 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1043 EICE_W0_ADDR_VALUE
]);
1044 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1045 EICE_W0_ADDR_MASK
]);
1046 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1047 EICE_W0_DATA_MASK
]);
1048 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1049 EICE_W0_CONTROL_MASK
]);
1051 /* control value always has to be restored, as it was either disabled,
1052 * or enabled with possibly different bits
1054 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1062 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1063 * and then there is a wait until the processor shows the halt. This wait can
1064 * timeout and results in an error being returned. The software reset involves
1065 * clearing the halt, updating the debug control register, changing to ARM mode,
1066 * reset of the program counter, and reset of all of the registers.
1068 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1069 * @return Error status if any of the commands fail, otherwise ERROR_OK
1071 int arm7_9_soft_reset_halt(struct target
*target
)
1073 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1074 struct arm
*arm
= &arm7_9
->arm
;
1075 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1076 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1080 /* FIX!!! replace some of this code with tcl commands
1082 * halt # the halt command is synchronous
1083 * armv4_5 core_state arm
1087 retval
= target_halt(target
);
1088 if (retval
!= ERROR_OK
)
1091 long long then
= timeval_ms();
1093 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
1094 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) != 0)
1096 embeddedice_read_reg(dbg_stat
);
1097 retval
= jtag_execute_queue();
1098 if (retval
!= ERROR_OK
)
1100 if (debug_level
>= 3)
1106 LOG_ERROR("Failed to halt CPU after 1 sec");
1107 return ERROR_TARGET_TIMEOUT
;
1109 target
->state
= TARGET_HALTED
;
1111 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1112 * ensure that DBGRQ is cleared
1114 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1115 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1116 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1117 embeddedice_store_reg(dbg_ctrl
);
1119 retval
= arm7_9_clear_halt(target
);
1120 if (retval
!= ERROR_OK
)
1123 /* if the target is in Thumb state, change to ARM state */
1124 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1125 uint32_t r0_thumb
, pc_thumb
;
1126 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1127 /* Entered debug from Thumb mode */
1128 arm
->core_state
= ARM_STATE_THUMB
;
1129 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1132 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1134 /* all register content is now invalid */
1135 register_cache_invalidate(arm
->core_cache
);
1137 /* SVC, ARM state, IRQ and FIQ disabled */
1140 cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 32);
1143 arm_set_cpsr(arm
, cpsr
);
1144 arm
->cpsr
->dirty
= true;
1146 /* start fetching from 0x0 */
1147 buf_set_u32(arm
->pc
->value
, 0, 32, 0x0);
1148 arm
->pc
->dirty
= true;
1149 arm
->pc
->valid
= true;
1151 /* reset registers */
1152 for (i
= 0; i
<= 14; i
++) {
1153 struct reg
*r
= arm_reg_current(arm
, i
);
1155 buf_set_u32(r
->value
, 0, 32, 0xffffffff);
1160 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1161 if (retval
!= ERROR_OK
)
1168 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1169 * line or by programming a watchpoint to trigger on any address. It is
1170 * considered a bug to call this function while the target is in the
1171 * TARGET_RESET state.
1173 * @param target Pointer to the ARM7/9 target to be halted
1174 * @return Always ERROR_OK
1176 int arm7_9_halt(struct target
*target
)
1178 if (target
->state
== TARGET_RESET
) {
1180 "BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1184 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1185 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1187 LOG_DEBUG("target->state: %s",
1188 target_state_name(target
));
1190 if (target
->state
== TARGET_HALTED
) {
1191 LOG_DEBUG("target was already halted");
1195 if (target
->state
== TARGET_UNKNOWN
)
1196 LOG_WARNING("target was in unknown state when halt was requested");
1198 if (arm7_9
->use_dbgrq
) {
1199 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1201 if (arm7_9
->set_special_dbgrq
)
1202 arm7_9
->set_special_dbgrq(target
);
1204 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 1);
1205 embeddedice_store_reg(dbg_ctrl
);
1208 /* program watchpoint unit to match on any address
1210 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1211 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1212 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1213 EICE_W_CTRL_ENABLE
);
1214 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1215 ~EICE_W_CTRL_nOPC
& 0xff);
1218 target
->debug_reason
= DBG_REASON_DBGRQ
;
1224 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1225 * ARM. The JTAG queue is then executed and the reason for debug entry is
1226 * examined. Once done, the target is verified to be halted and the processor
1227 * is forced into ARM mode. The core registers are saved for the current core
1228 * mode and the program counter (register 15) is updated as needed. The core
1229 * registers and CPSR and SPSR are saved for restoration later.
1231 * @param target Pointer to target that is entering debug mode
1232 * @return Error code if anything fails, otherwise ERROR_OK
1234 static int arm7_9_debug_entry(struct target
*target
)
1237 uint32_t context
[16];
1238 uint32_t *context_p
[16];
1239 uint32_t r0_thumb
, pc_thumb
;
1240 uint32_t cpsr
, cpsr_mask
= 0;
1242 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1243 struct arm
*arm
= &arm7_9
->arm
;
1244 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1245 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1247 #ifdef _DEBUG_ARM7_9_
1251 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1252 * ensure that DBGRQ is cleared
1254 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1255 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1256 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1257 embeddedice_store_reg(dbg_ctrl
);
1259 retval
= arm7_9_clear_halt(target
);
1260 if (retval
!= ERROR_OK
)
1263 retval
= jtag_execute_queue();
1264 if (retval
!= ERROR_OK
)
1267 retval
= arm7_9
->examine_debug_reason(target
);
1268 if (retval
!= ERROR_OK
)
1271 if (target
->state
!= TARGET_HALTED
) {
1272 LOG_WARNING("target not halted");
1273 return ERROR_TARGET_NOT_HALTED
;
1276 /* if the target is in Thumb state, change to ARM state */
1277 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1278 LOG_DEBUG("target entered debug from Thumb state");
1279 /* Entered debug from Thumb mode */
1280 arm
->core_state
= ARM_STATE_THUMB
;
1282 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1283 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1284 ", pc_thumb: 0x%8.8" PRIx32
, r0_thumb
, pc_thumb
);
1285 } else if (buf_get_u32(dbg_stat
->value
, 5, 1)) {
1286 /* \todo Get some vaguely correct handling of Jazelle, if
1287 * anyone ever uses it and full info becomes available.
1288 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1289 * B.7.3 for the reverse. That'd be the bare minimum...
1291 LOG_DEBUG("target entered debug from Jazelle state");
1292 arm
->core_state
= ARM_STATE_JAZELLE
;
1293 cpsr_mask
= 1 << 24;
1294 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1296 LOG_DEBUG("target entered debug from ARM state");
1297 /* Entered debug from ARM mode */
1298 arm
->core_state
= ARM_STATE_ARM
;
1301 for (i
= 0; i
< 16; i
++)
1302 context_p
[i
] = &context
[i
];
1303 /* save core registers (r0 - r15 of current core mode) */
1304 arm7_9
->read_core_regs(target
, 0xffff, context_p
);
1306 arm7_9
->read_xpsr(target
, &cpsr
, 0);
1308 retval
= jtag_execute_queue();
1309 if (retval
!= ERROR_OK
)
1312 /* Sync our CPSR copy with J or T bits EICE reported, but
1313 * which we then erased by putting the core into ARM mode.
1315 arm_set_cpsr(arm
, cpsr
| cpsr_mask
);
1317 if (!is_arm_mode(arm
->core_mode
)) {
1318 target
->state
= TARGET_UNKNOWN
;
1319 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1320 return ERROR_TARGET_FAILURE
;
1323 LOG_DEBUG("target entered debug state in %s mode",
1324 arm_mode_name(arm
->core_mode
));
1326 if (arm
->core_state
== ARM_STATE_THUMB
) {
1327 LOG_DEBUG("thumb state, applying fixups");
1328 context
[0] = r0_thumb
;
1329 context
[15] = pc_thumb
;
1330 } else if (arm
->core_state
== ARM_STATE_ARM
) {
1331 /* adjust value stored by STM */
1332 context
[15] -= 3 * 4;
1335 if ((target
->debug_reason
!= DBG_REASON_DBGRQ
) || (!arm7_9
->use_dbgrq
))
1336 context
[15] -= 3 * ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1338 context
[15] -= arm7_9
->dbgreq_adjust_pc
*
1339 ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1341 for (i
= 0; i
<= 15; i
++) {
1342 struct reg
*r
= arm_reg_current(arm
, i
);
1344 LOG_DEBUG("r%i: 0x%8.8" PRIx32
"", i
, context
[i
]);
1346 buf_set_u32(r
->value
, 0, 32, context
[i
]);
1347 /* r0 and r15 (pc) have to be restored later */
1348 r
->dirty
= (i
== 0) || (i
== 15);
1352 LOG_DEBUG("entered debug state at PC 0x%" PRIx32
"", context
[15]);
1354 /* exceptions other than USR & SYS have a saved program status register */
1357 arm7_9
->read_xpsr(target
, &spsr
, 1);
1358 retval
= jtag_execute_queue();
1359 if (retval
!= ERROR_OK
)
1361 buf_set_u32(arm
->spsr
->value
, 0, 32, spsr
);
1362 arm
->spsr
->dirty
= false;
1363 arm
->spsr
->valid
= true;
1366 retval
= jtag_execute_queue();
1367 if (retval
!= ERROR_OK
)
1370 if (arm7_9
->post_debug_entry
) {
1371 retval
= arm7_9
->post_debug_entry(target
);
1372 if (retval
!= ERROR_OK
)
1380 * Validate the full context for an ARM7/9 target in all processor modes. If
1381 * there are any invalid registers for the target, they will all be read. This
1384 * @param target Pointer to the ARM7/9 target to capture the full context from
1385 * @return Error if the target is not halted, has an invalid core mode, or if
1386 * the JTAG queue fails to execute
1388 static int arm7_9_full_context(struct target
*target
)
1392 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1393 struct arm
*arm
= &arm7_9
->arm
;
1397 } read_cache
[6 * (16 + 1)];
1398 int read_cache_idx
= 0;
1402 if (target
->state
!= TARGET_HALTED
) {
1403 LOG_WARNING("target not halted");
1404 return ERROR_TARGET_NOT_HALTED
;
1407 if (!is_arm_mode(arm
->core_mode
)) {
1408 LOG_ERROR("not a valid arm core mode - communication failure?");
1412 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1413 * SYS shares registers with User, so we don't touch SYS
1415 for (i
= 0; i
< 6; i
++) {
1417 uint32_t *reg_p
[16];
1421 /* check if there are invalid registers in the current mode
1423 for (j
= 0; j
<= 16; j
++) {
1424 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
)
1431 /* change processor mode (and mask T bit) */
1432 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8)
1434 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1436 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1438 for (j
= 0; j
< 15; j
++) {
1439 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1440 armv4_5_number_to_mode(i
), j
).valid
) {
1441 read_cache
[read_cache_idx
].reg_p
= ARMV4_5_CORE_REG_MODE(
1443 armv4_5_number_to_mode(i
),
1445 reg_p
[j
] = &read_cache
[read_cache_idx
].value
;
1448 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1449 armv4_5_number_to_mode(i
),
1451 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1452 armv4_5_number_to_mode(i
),
1457 /* if only the PSR is invalid, mask is all zeroes */
1459 arm7_9
->read_core_regs(target
, mask
, reg_p
);
1461 /* check if the PSR has to be read */
1462 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1464 read_cache
[read_cache_idx
].reg_p
= ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1465 armv4_5_number_to_mode(i
), 16).value
;
1466 arm7_9
->read_xpsr(target
, &read_cache
[read_cache_idx
].value
, 1);
1468 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1470 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1476 /* restore processor mode (mask T bit) */
1477 arm7_9
->write_xpsr_im8(target
,
1478 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
1480 retval
= jtag_execute_queue();
1481 if (retval
!= ERROR_OK
)
1484 * FIXME: regs in cache should be tagged as 'valid' only now,
1485 * not before the jtag_execute_queue()
1487 while (read_cache_idx
) {
1489 buf_set_u32(read_cache
[read_cache_idx
].reg_p
, 0, 32, read_cache
[read_cache_idx
].value
);
1495 * Restore the processor context on an ARM7/9 target. The full processor
1496 * context is analyzed to see if any of the registers are dirty on this end, but
1497 * have a valid new value. If this is the case, the processor is changed to the
1498 * appropriate mode and the new register values are written out to the
1499 * processor. If there happens to be a dirty register with an invalid value, an
1500 * error will be logged.
1502 * @param target Pointer to the ARM7/9 target to have its context restored
1503 * @return Error status if the target is not halted or the core mode in the
1504 * armv4_5 struct is invalid.
1506 static int arm7_9_restore_context(struct target
*target
)
1508 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1509 struct arm
*arm
= &arm7_9
->arm
;
1511 enum arm_mode current_mode
= arm
->core_mode
;
1518 if (target
->state
!= TARGET_HALTED
) {
1519 LOG_WARNING("target not halted");
1520 return ERROR_TARGET_NOT_HALTED
;
1523 if (arm7_9
->pre_restore_context
)
1524 arm7_9
->pre_restore_context(target
);
1526 if (!is_arm_mode(arm
->core_mode
)) {
1527 LOG_ERROR("not a valid arm core mode - communication failure?");
1531 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1532 * SYS shares registers with User, so we don't touch SYS
1534 for (i
= 0; i
< 6; i
++) {
1535 LOG_DEBUG("examining %s mode",
1536 arm_mode_name(arm
->core_mode
));
1539 /* check if there are dirty registers in the current mode
1541 for (j
= 0; j
<= 16; j
++) {
1542 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
);
1546 LOG_DEBUG("examining dirty reg: %s", reg
->name
);
1547 struct arm_reg
*reg_arch_info
;
1548 reg_arch_info
= reg
->arch_info
;
1549 if ((reg_arch_info
->mode
!= ARM_MODE_ANY
)
1550 && (reg_arch_info
->mode
!= current_mode
)
1551 && !((reg_arch_info
->mode
== ARM_MODE_USR
)
1552 && (arm
->core_mode
== ARM_MODE_SYS
))
1553 && !((reg_arch_info
->mode
== ARM_MODE_SYS
)
1554 && (arm
->core_mode
== ARM_MODE_USR
))) {
1556 LOG_DEBUG("require mode change");
1559 LOG_ERROR("BUG: dirty register '%s', but no valid data",
1565 uint32_t mask
= 0x0;
1572 /* change processor mode (mask T bit) */
1573 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
,
1575 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1577 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1578 current_mode
= armv4_5_number_to_mode(i
);
1581 for (j
= 0; j
<= 14; j
++) {
1582 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1583 armv4_5_number_to_mode(i
),
1587 regs
[j
] = buf_get_u32(reg
->value
, 0, 32);
1592 LOG_DEBUG("writing register %i mode %s "
1593 "with value 0x%8.8" PRIx32
, j
,
1594 arm_mode_name(arm
->core_mode
),
1600 arm7_9
->write_core_regs(target
, mask
, regs
);
1603 &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(
1605 struct arm_reg
*reg_arch_info
;
1606 reg_arch_info
= reg
->arch_info
;
1607 if ((reg
->dirty
) && (reg_arch_info
->mode
!= ARM_MODE_ANY
)) {
1608 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32
"",
1610 buf_get_u32(reg
->value
, 0, 32));
1611 arm7_9
->write_xpsr(target
, buf_get_u32(reg
->value
, 0, 32), 1);
1616 if (!arm
->cpsr
->dirty
&& (arm
->core_mode
!= current_mode
)) {
1617 /* restore processor mode (mask T bit) */
1620 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
1621 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1623 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr
));
1624 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1626 } else if (arm
->cpsr
->dirty
) {
1627 /* CPSR has been changed, full restore necessary (mask T bit) */
1628 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32
,
1629 buf_get_u32(arm
->cpsr
->value
, 0, 32));
1630 arm7_9
->write_xpsr(target
,
1631 buf_get_u32(arm
->cpsr
->value
, 0, 32)
1633 arm
->cpsr
->dirty
= false;
1634 arm
->cpsr
->valid
= true;
1638 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32
,
1639 buf_get_u32(arm
->pc
->value
, 0, 32));
1640 arm7_9
->write_pc(target
, buf_get_u32(arm
->pc
->value
, 0, 32));
1641 arm
->pc
->dirty
= false;
1647 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1648 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1651 * @param target Pointer to the ARM7/9 target to be restarted
1652 * @return Result of executing the JTAG queue
1654 static int arm7_9_restart_core(struct target
*target
)
1656 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1657 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
1660 /* set RESTART instruction */
1661 if (arm7_9
->need_bypass_before_restart
) {
1662 arm7_9
->need_bypass_before_restart
= 0;
1664 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
1665 if (retval
!= ERROR_OK
)
1668 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
1669 if (retval
!= ERROR_OK
)
1672 jtag_add_runtest(1, TAP_IDLE
);
1673 return jtag_execute_queue();
1677 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1678 * iterated through and are set on the target if they aren't already set.
1680 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1682 static void arm7_9_enable_watchpoints(struct target
*target
)
1684 struct watchpoint
*watchpoint
= target
->watchpoints
;
1686 while (watchpoint
) {
1687 if (watchpoint
->set
== 0)
1688 arm7_9_set_watchpoint(target
, watchpoint
);
1689 watchpoint
= watchpoint
->next
;
1694 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1695 * iterated through and are set on the target.
1697 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1699 static void arm7_9_enable_breakpoints(struct target
*target
)
1701 struct breakpoint
*breakpoint
= target
->breakpoints
;
1703 /* set any pending breakpoints */
1704 while (breakpoint
) {
1705 arm7_9_set_breakpoint(target
, breakpoint
);
1706 breakpoint
= breakpoint
->next
;
1710 int arm7_9_resume(struct target
*target
,
1712 target_addr_t address
,
1713 int handle_breakpoints
,
1714 int debug_execution
)
1716 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1717 struct arm
*arm
= &arm7_9
->arm
;
1718 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1719 int err
, retval
= ERROR_OK
;
1723 if (target
->state
!= TARGET_HALTED
) {
1724 LOG_WARNING("target not halted");
1725 return ERROR_TARGET_NOT_HALTED
;
1728 if (!debug_execution
)
1729 target_free_all_working_areas(target
);
1731 /* current = 1: continue on current pc, otherwise continue at <address> */
1733 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1735 uint32_t current_pc
;
1736 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1738 /* the front-end may request us not to handle breakpoints */
1739 if (handle_breakpoints
) {
1740 struct breakpoint
*breakpoint
;
1741 breakpoint
= breakpoint_find(target
,
1742 buf_get_u32(arm
->pc
->value
, 0, 32));
1743 if (breakpoint
!= NULL
) {
1744 LOG_DEBUG("unset breakpoint at 0x%8.8" TARGET_PRIxADDR
" (id: %" PRIu32
,
1745 breakpoint
->address
,
1746 breakpoint
->unique_id
);
1747 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1748 if (retval
!= ERROR_OK
)
1751 /* calculate PC of next instruction */
1753 retval
= arm_simulate_step(target
, &next_pc
);
1754 if (retval
!= ERROR_OK
) {
1755 uint32_t current_opcode
;
1756 target_read_u32(target
, current_pc
, ¤t_opcode
);
1758 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1763 LOG_DEBUG("enable single-step");
1764 arm7_9
->enable_single_step(target
, next_pc
);
1766 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1768 retval
= arm7_9_restore_context(target
);
1769 if (retval
!= ERROR_OK
)
1772 if (arm
->core_state
== ARM_STATE_ARM
)
1773 arm7_9
->branch_resume(target
);
1774 else if (arm
->core_state
== ARM_STATE_THUMB
)
1775 arm7_9
->branch_resume_thumb(target
);
1777 LOG_ERROR("unhandled core state");
1781 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1782 embeddedice_write_reg(dbg_ctrl
,
1783 buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1784 err
= arm7_9_execute_sys_speed(target
);
1786 LOG_DEBUG("disable single-step");
1787 arm7_9
->disable_single_step(target
);
1789 if (err
!= ERROR_OK
) {
1790 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1791 if (retval
!= ERROR_OK
)
1793 target
->state
= TARGET_UNKNOWN
;
1797 retval
= arm7_9_debug_entry(target
);
1798 if (retval
!= ERROR_OK
)
1800 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32
,
1801 buf_get_u32(arm
->pc
->value
, 0, 32));
1803 LOG_DEBUG("set breakpoint at 0x%8.8" TARGET_PRIxADDR
"", breakpoint
->address
);
1804 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1805 if (retval
!= ERROR_OK
)
1810 /* enable any pending breakpoints and watchpoints */
1811 arm7_9_enable_breakpoints(target
);
1812 arm7_9_enable_watchpoints(target
);
1814 retval
= arm7_9_restore_context(target
);
1815 if (retval
!= ERROR_OK
)
1818 if (arm
->core_state
== ARM_STATE_ARM
)
1819 arm7_9
->branch_resume(target
);
1820 else if (arm
->core_state
== ARM_STATE_THUMB
)
1821 arm7_9
->branch_resume_thumb(target
);
1823 LOG_ERROR("unhandled core state");
1827 /* deassert DBGACK and INTDIS */
1828 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1829 /* INTDIS only when we really resume, not during debug execution */
1830 if (!debug_execution
)
1831 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 0);
1832 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1834 retval
= arm7_9_restart_core(target
);
1835 if (retval
!= ERROR_OK
)
1838 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1840 if (!debug_execution
) {
1841 /* registers are now invalid */
1842 register_cache_invalidate(arm
->core_cache
);
1843 target
->state
= TARGET_RUNNING
;
1844 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1845 if (retval
!= ERROR_OK
)
1848 target
->state
= TARGET_DEBUG_RUNNING
;
1849 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
);
1850 if (retval
!= ERROR_OK
)
1854 LOG_DEBUG("target resumed");
1859 void arm7_9_enable_eice_step(struct target
*target
, uint32_t next_pc
)
1861 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1862 struct arm
*arm
= &arm7_9
->arm
;
1863 uint32_t current_pc
;
1864 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1866 if (next_pc
!= current_pc
) {
1867 /* setup an inverse breakpoint on the current PC
1868 * - comparator 1 matches the current address
1869 * - rangeout from comparator 1 is connected to comparator 0 rangein
1870 * - comparator 0 matches any address, as long as rangein is low */
1871 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1872 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1873 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1874 EICE_W_CTRL_ENABLE
);
1875 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1876 ~(EICE_W_CTRL_RANGE
| EICE_W_CTRL_nOPC
) & 0xff);
1877 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
1879 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1880 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1881 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
1882 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1883 ~EICE_W_CTRL_nOPC
& 0xff);
1885 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1886 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1887 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
1888 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff);
1889 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], next_pc
);
1890 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1891 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1892 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
1893 EICE_W_CTRL_ENABLE
);
1894 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1895 ~EICE_W_CTRL_nOPC
& 0xff);
1899 void arm7_9_disable_eice_step(struct target
*target
)
1901 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1903 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1904 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1905 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1906 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1907 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
]);
1908 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
]);
1909 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
]);
1910 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
]);
1911 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
]);
1914 int arm7_9_step(struct target
*target
, int current
, target_addr_t address
, int handle_breakpoints
)
1916 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1917 struct arm
*arm
= &arm7_9
->arm
;
1918 struct breakpoint
*breakpoint
= NULL
;
1921 if (target
->state
!= TARGET_HALTED
) {
1922 LOG_WARNING("target not halted");
1923 return ERROR_TARGET_NOT_HALTED
;
1926 /* current = 1: continue on current pc, otherwise continue at <address> */
1928 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1930 uint32_t current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1932 /* the front-end may request us not to handle breakpoints */
1933 if (handle_breakpoints
)
1934 breakpoint
= breakpoint_find(target
, current_pc
);
1935 if (breakpoint
!= NULL
) {
1936 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1937 if (retval
!= ERROR_OK
)
1941 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1943 /* calculate PC of next instruction */
1945 retval
= arm_simulate_step(target
, &next_pc
);
1946 if (retval
!= ERROR_OK
) {
1947 uint32_t current_opcode
;
1948 target_read_u32(target
, current_pc
, ¤t_opcode
);
1950 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1955 retval
= arm7_9_restore_context(target
);
1956 if (retval
!= ERROR_OK
)
1959 arm7_9
->enable_single_step(target
, next_pc
);
1961 if (arm
->core_state
== ARM_STATE_ARM
)
1962 arm7_9
->branch_resume(target
);
1963 else if (arm
->core_state
== ARM_STATE_THUMB
)
1964 arm7_9
->branch_resume_thumb(target
);
1966 LOG_ERROR("unhandled core state");
1970 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1971 if (retval
!= ERROR_OK
)
1974 err
= arm7_9_execute_sys_speed(target
);
1975 arm7_9
->disable_single_step(target
);
1977 /* registers are now invalid */
1978 register_cache_invalidate(arm
->core_cache
);
1980 if (err
!= ERROR_OK
)
1981 target
->state
= TARGET_UNKNOWN
;
1983 retval
= arm7_9_debug_entry(target
);
1984 if (retval
!= ERROR_OK
)
1986 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1987 if (retval
!= ERROR_OK
)
1989 LOG_DEBUG("target stepped");
1993 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1994 if (retval
!= ERROR_OK
)
2001 static int arm7_9_read_core_reg(struct target
*target
, struct reg
*r
,
2002 int num
, enum arm_mode mode
)
2004 uint32_t *reg_p
[16];
2006 struct arm_reg
*areg
= r
->arch_info
;
2007 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2008 struct arm
*arm
= &arm7_9
->arm
;
2010 if (!is_arm_mode(arm
->core_mode
))
2012 if ((num
< 0) || (num
> 16))
2013 return ERROR_COMMAND_SYNTAX_ERROR
;
2015 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2016 && (areg
->mode
!= ARM_MODE_ANY
)) {
2019 /* change processor mode (mask T bit) */
2020 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2023 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2027 if ((num
>= 0) && (num
<= 15)) {
2028 /* read a normal core register */
2029 reg_p
[num
] = &value
;
2031 arm7_9
->read_core_regs(target
, 1 << num
, reg_p
);
2033 /* read a program status register
2034 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2036 arm7_9
->read_xpsr(target
, &value
, areg
->mode
!= ARM_MODE_ANY
);
2039 retval
= jtag_execute_queue();
2040 if (retval
!= ERROR_OK
)
2045 buf_set_u32(r
->value
, 0, 32, value
);
2047 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2048 && (areg
->mode
!= ARM_MODE_ANY
)) {
2049 /* restore processor mode (mask T bit) */
2050 arm7_9
->write_xpsr_im8(target
,
2051 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2057 static int arm7_9_write_core_reg(struct target
*target
, struct reg
*r
,
2058 int num
, enum arm_mode mode
, uint8_t *value
)
2061 struct arm_reg
*areg
= r
->arch_info
;
2062 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2063 struct arm
*arm
= &arm7_9
->arm
;
2065 if (!is_arm_mode(arm
->core_mode
))
2067 if ((num
< 0) || (num
> 16))
2068 return ERROR_COMMAND_SYNTAX_ERROR
;
2070 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2071 && (areg
->mode
!= ARM_MODE_ANY
)) {
2074 /* change processor mode (mask T bit) */
2075 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2078 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2081 if ((num
>= 0) && (num
<= 15)) {
2082 /* write a normal core register */
2083 reg
[num
] = buf_get_u32(value
, 0, 32);
2085 arm7_9
->write_core_regs(target
, 1 << num
, reg
);
2087 /* write a program status register
2088 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2090 int spsr
= (areg
->mode
!= ARM_MODE_ANY
);
2092 uint32_t t
= buf_get_u32(value
, 0, 32);
2093 /* if we're writing the CPSR, mask the T bit */
2097 arm7_9
->write_xpsr(target
, t
, spsr
);
2103 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2104 && (areg
->mode
!= ARM_MODE_ANY
)) {
2105 /* restore processor mode (mask T bit) */
2106 arm7_9
->write_xpsr_im8(target
,
2107 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2110 return jtag_execute_queue();
2113 int arm7_9_read_memory(struct target
*target
,
2114 target_addr_t address
,
2119 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2120 struct arm
*arm
= &arm7_9
->arm
;
2122 uint32_t num_accesses
= 0;
2123 int thisrun_accesses
;
2129 LOG_DEBUG("address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%8.8" PRIx32
", count: 0x%8.8" PRIx32
"",
2130 address
, size
, count
);
2132 if (target
->state
!= TARGET_HALTED
) {
2133 LOG_WARNING("target not halted");
2134 return ERROR_TARGET_NOT_HALTED
;
2137 /* sanitize arguments */
2138 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2139 return ERROR_COMMAND_SYNTAX_ERROR
;
2141 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2142 return ERROR_TARGET_UNALIGNED_ACCESS
;
2144 /* load the base register with the address of the first word */
2146 arm7_9
->write_core_regs(target
, 0x1, reg
);
2152 while (num_accesses
< count
) {
2155 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2156 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2158 if (last_reg
<= thisrun_accesses
)
2159 last_reg
= thisrun_accesses
;
2161 arm7_9
->load_word_regs(target
, reg_list
);
2163 /* fast memory reads are only safe when the target is running
2164 * from a sufficiently high clock (32 kHz is usually too slow)
2166 if (arm7_9
->fast_memory_access
)
2167 retval
= arm7_9_execute_fast_sys_speed(target
);
2169 retval
= arm7_9_execute_sys_speed(target
);
2170 if (retval
!= ERROR_OK
)
2173 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 4);
2175 /* advance buffer, count number of accesses */
2176 buffer
+= thisrun_accesses
* 4;
2177 num_accesses
+= thisrun_accesses
;
2179 if ((j
++%1024) == 0)
2184 while (num_accesses
< count
) {
2187 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2188 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2190 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2193 arm7_9
->load_hword_reg(target
, i
);
2194 /* fast memory reads are only safe when the target is running
2195 * from a sufficiently high clock (32 kHz is usually too slow)
2197 if (arm7_9
->fast_memory_access
)
2198 retval
= arm7_9_execute_fast_sys_speed(target
);
2200 retval
= arm7_9_execute_sys_speed(target
);
2201 if (retval
!= ERROR_OK
)
2206 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 2);
2208 /* advance buffer, count number of accesses */
2209 buffer
+= thisrun_accesses
* 2;
2210 num_accesses
+= thisrun_accesses
;
2212 if ((j
++%1024) == 0)
2217 while (num_accesses
< count
) {
2220 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2221 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2223 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2226 arm7_9
->load_byte_reg(target
, i
);
2227 /* fast memory reads are only safe when the target is running
2228 * from a sufficiently high clock (32 kHz is usually too slow)
2230 if (arm7_9
->fast_memory_access
)
2231 retval
= arm7_9_execute_fast_sys_speed(target
);
2233 retval
= arm7_9_execute_sys_speed(target
);
2234 if (retval
!= ERROR_OK
)
2238 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 1);
2240 /* advance buffer, count number of accesses */
2241 buffer
+= thisrun_accesses
* 1;
2242 num_accesses
+= thisrun_accesses
;
2244 if ((j
++%1024) == 0)
2250 if (!is_arm_mode(arm
->core_mode
))
2253 for (i
= 0; i
<= last_reg
; i
++) {
2254 struct reg
*r
= arm_reg_current(arm
, i
);
2255 r
->dirty
= r
->valid
;
2258 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2259 retval
= jtag_execute_queue();
2260 if (retval
!= ERROR_OK
) {
2261 LOG_ERROR("JTAG error while reading cpsr");
2262 return ERROR_TARGET_DATA_ABORT
;
2265 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2267 "memory read caused data abort "
2268 "(address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2273 arm7_9
->write_xpsr_im8(target
,
2274 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2277 return ERROR_TARGET_DATA_ABORT
;
2283 int arm7_9_write_memory(struct target
*target
,
2284 target_addr_t address
,
2287 const uint8_t *buffer
)
2289 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2290 struct arm
*arm
= &arm7_9
->arm
;
2291 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
2294 uint32_t num_accesses
= 0;
2295 int thisrun_accesses
;
2301 #ifdef _DEBUG_ARM7_9_
2302 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2305 if (target
->state
!= TARGET_HALTED
) {
2306 LOG_WARNING("target not halted");
2307 return ERROR_TARGET_NOT_HALTED
;
2310 /* sanitize arguments */
2311 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2312 return ERROR_COMMAND_SYNTAX_ERROR
;
2314 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2315 return ERROR_TARGET_UNALIGNED_ACCESS
;
2317 /* load the base register with the address of the first word */
2319 arm7_9
->write_core_regs(target
, 0x1, reg
);
2321 /* Clear DBGACK, to make sure memory fetches work as expected */
2322 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
2323 embeddedice_store_reg(dbg_ctrl
);
2327 while (num_accesses
< count
) {
2330 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2331 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2333 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2336 reg
[i
] = target_buffer_get_u32(target
, buffer
);
2340 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2342 arm7_9
->store_word_regs(target
, reg_list
);
2344 /* fast memory writes are only safe when the target is running
2345 * from a sufficiently high clock (32 kHz is usually too slow)
2347 if (arm7_9
->fast_memory_access
)
2348 retval
= arm7_9_execute_fast_sys_speed(target
);
2350 retval
= arm7_9_execute_sys_speed(target
);
2353 * if memory writes are made when the clock is running slow
2354 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2355 * processor operations after a "reset halt" or "reset init",
2356 * need to immediately stroke the keep alive or will end up with
2357 * gdb "keep alive not sent error message" problem.
2363 if (retval
!= ERROR_OK
)
2366 num_accesses
+= thisrun_accesses
;
2370 while (num_accesses
< count
) {
2373 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2374 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2376 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2379 reg
[i
] = target_buffer_get_u16(target
, buffer
) & 0xffff;
2383 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2385 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2386 arm7_9
->store_hword_reg(target
, i
);
2388 /* fast memory writes are only safe when the target is running
2389 * from a sufficiently high clock (32 kHz is usually too slow)
2391 if (arm7_9
->fast_memory_access
)
2392 retval
= arm7_9_execute_fast_sys_speed(target
);
2394 retval
= arm7_9_execute_sys_speed(target
);
2397 * if memory writes are made when the clock is running slow
2398 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2399 * processor operations after a "reset halt" or "reset init",
2400 * need to immediately stroke the keep alive or will end up with
2401 * gdb "keep alive not sent error message" problem.
2407 if (retval
!= ERROR_OK
)
2411 num_accesses
+= thisrun_accesses
;
2415 while (num_accesses
< count
) {
2418 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2419 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2421 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2424 reg
[i
] = *buffer
++ & 0xff;
2427 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2429 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2430 arm7_9
->store_byte_reg(target
, i
);
2431 /* fast memory writes are only safe when the target is running
2432 * from a sufficiently high clock (32 kHz is usually too slow)
2434 if (arm7_9
->fast_memory_access
)
2435 retval
= arm7_9_execute_fast_sys_speed(target
);
2437 retval
= arm7_9_execute_sys_speed(target
);
2440 * if memory writes are made when the clock is running slow
2441 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2442 * processor operations after a "reset halt" or "reset init",
2443 * need to immediately stroke the keep alive or will end up with
2444 * gdb "keep alive not sent error message" problem.
2450 if (retval
!= ERROR_OK
)
2455 num_accesses
+= thisrun_accesses
;
2461 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
2462 embeddedice_store_reg(dbg_ctrl
);
2464 if (!is_arm_mode(arm
->core_mode
))
2467 for (i
= 0; i
<= last_reg
; i
++) {
2468 struct reg
*r
= arm_reg_current(arm
, i
);
2469 r
->dirty
= r
->valid
;
2472 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2473 retval
= jtag_execute_queue();
2474 if (retval
!= ERROR_OK
) {
2475 LOG_ERROR("JTAG error while reading cpsr");
2476 return ERROR_TARGET_DATA_ABORT
;
2479 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2481 "memory write caused data abort "
2482 "(address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2487 arm7_9
->write_xpsr_im8(target
,
2488 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2491 return ERROR_TARGET_DATA_ABORT
;
2497 int arm7_9_write_memory_opt(struct target
*target
,
2498 target_addr_t address
,
2501 const uint8_t *buffer
)
2503 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2506 if (size
== 4 && count
> 32 && arm7_9
->bulk_write_memory
) {
2507 /* Attempt to do a bulk write */
2508 retval
= arm7_9
->bulk_write_memory(target
, address
, count
, buffer
);
2510 if (retval
== ERROR_OK
)
2514 return arm7_9
->write_memory(target
, address
, size
, count
, buffer
);
2517 int arm7_9_write_memory_no_opt(struct target
*target
,
2521 const uint8_t *buffer
)
2523 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2525 return arm7_9
->write_memory(target
, address
, size
, count
, buffer
);
2528 static int dcc_count
;
2529 static const uint8_t *dcc_buffer
;
2531 static int arm7_9_dcc_completion(struct target
*target
,
2532 uint32_t exit_point
,
2536 int retval
= ERROR_OK
;
2537 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2539 retval
= target_wait_state(target
, TARGET_DEBUG_RUNNING
, 500);
2540 if (retval
!= ERROR_OK
)
2543 int little
= target
->endianness
== TARGET_LITTLE_ENDIAN
;
2544 int count
= dcc_count
;
2545 const uint8_t *buffer
= dcc_buffer
;
2547 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2548 * core function repeated. */
2549 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2550 fast_target_buffer_get_u32(buffer
, little
));
2553 struct embeddedice_reg
*ice_reg
=
2554 arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
].arch_info
;
2555 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
2556 struct jtag_tap
*tap
;
2557 tap
= ice_reg
->jtag_info
->tap
;
2559 embeddedice_write_dcc(tap
, reg_addr
, buffer
, little
, count
-2);
2560 buffer
+= (count
-2)*4;
2562 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2563 fast_target_buffer_get_u32(buffer
, little
));
2566 for (i
= 0; i
< count
; i
++) {
2567 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2568 fast_target_buffer_get_u32(buffer
, little
));
2573 retval
= target_halt(target
);
2574 if (retval
!= ERROR_OK
)
2576 return target_wait_state(target
, TARGET_HALTED
, 500);
2579 static const uint32_t dcc_code
[] = {
2580 /* r0 == input, points to memory buffer
2584 /* spin until DCC control (c0) reports data arrived */
2585 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2586 0xe3110001, /* tst r1, #1 */
2587 0x0afffffc, /* bne w */
2589 /* read word from DCC (c1), write to memory */
2590 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2591 0xe4801004, /* str r1, [r0], #4 */
2594 0xeafffff9 /* b w */
2597 int arm7_9_bulk_write_memory(struct target
*target
,
2598 target_addr_t address
,
2600 const uint8_t *buffer
)
2603 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2605 if (address
% 4 != 0)
2606 return ERROR_TARGET_UNALIGNED_ACCESS
;
2608 if (!arm7_9
->dcc_downloads
)
2609 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2611 /* regrab previously allocated working_area, or allocate a new one */
2612 if (!arm7_9
->dcc_working_area
) {
2613 uint8_t dcc_code_buf
[6 * 4];
2615 /* make sure we have a working area */
2616 if (target_alloc_working_area(target
, 24, &arm7_9
->dcc_working_area
) != ERROR_OK
) {
2617 LOG_INFO("no working area available, falling back to memory writes");
2618 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2621 /* copy target instructions to target endianness */
2622 target_buffer_set_u32_array(target
, dcc_code_buf
, ARRAY_SIZE(dcc_code
), dcc_code
);
2624 /* write DCC code to working area, using the non-optimized
2625 * memory write to avoid ending up here again */
2626 retval
= arm7_9_write_memory_no_opt(target
,
2627 arm7_9
->dcc_working_area
->address
, 4, 6, dcc_code_buf
);
2628 if (retval
!= ERROR_OK
)
2632 struct arm_algorithm arm_algo
;
2633 struct reg_param reg_params
[1];
2635 arm_algo
.common_magic
= ARM_COMMON_MAGIC
;
2636 arm_algo
.core_mode
= ARM_MODE_SVC
;
2637 arm_algo
.core_state
= ARM_STATE_ARM
;
2639 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2641 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2644 dcc_buffer
= buffer
;
2645 retval
= armv4_5_run_algorithm_inner(target
, 0, NULL
, 1, reg_params
,
2646 arm7_9
->dcc_working_area
->address
,
2647 arm7_9
->dcc_working_area
->address
+ 6*4,
2648 20*1000, &arm_algo
, arm7_9_dcc_completion
);
2650 if (retval
== ERROR_OK
) {
2651 uint32_t endaddress
= buf_get_u32(reg_params
[0].value
, 0, 32);
2652 if (endaddress
!= (address
+ count
*4)) {
2654 "DCC write failed, expected end address 0x%08" TARGET_PRIxADDR
" got 0x%0" PRIx32
"",
2655 (address
+ count
*4),
2657 retval
= ERROR_FAIL
;
2661 destroy_reg_param(®_params
[0]);
2667 * Perform per-target setup that requires JTAG access.
2669 int arm7_9_examine(struct target
*target
)
2671 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2674 if (!target_was_examined(target
)) {
2675 struct reg_cache
*t
, **cache_p
;
2677 t
= embeddedice_build_reg_cache(target
, arm7_9
);
2681 cache_p
= register_get_last_cache_p(&target
->reg_cache
);
2683 arm7_9
->eice_cache
= (*cache_p
);
2685 if (arm7_9
->arm
.etm
)
2686 (*cache_p
)->next
= etm_build_reg_cache(target
,
2690 target_set_examined(target
);
2693 retval
= embeddedice_setup(target
);
2694 if (retval
== ERROR_OK
)
2695 retval
= arm7_9_setup(target
);
2696 if (retval
== ERROR_OK
&& arm7_9
->arm
.etm
)
2697 retval
= etm_setup(target
);
2701 void arm7_9_deinit(struct target
*target
)
2703 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2705 if (target_was_examined(target
))
2706 embeddedice_free_reg_cache(arm7_9
->eice_cache
);
2708 arm_jtag_close_connection(&arm7_9
->jtag_info
);
2711 int arm7_9_check_reset(struct target
*target
)
2713 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2715 if (get_target_reset_nag() && !arm7_9
->dcc_downloads
)
2717 "NOTE! DCC downloads have not been enabled, defaulting to slow memory writes. Type 'help dcc'.");
2719 if (get_target_reset_nag() && (target
->working_area_size
== 0))
2720 LOG_WARNING("NOTE! Severe performance degradation without working memory enabled.");
2722 if (get_target_reset_nag() && !arm7_9
->fast_memory_access
)
2724 "NOTE! Severe performance degradation without fast memory access enabled. Type 'help fast'.");
2729 int arm7_9_endianness_callback(jtag_callback_data_t pu8_in
,
2730 jtag_callback_data_t i_size
, jtag_callback_data_t i_be
,
2731 jtag_callback_data_t i_flip
)
2733 uint8_t *in
= (uint8_t *)pu8_in
;
2734 int size
= (int)i_size
;
2736 int flip
= (int)i_flip
;
2741 readback
= le_to_h_u32(in
);
2743 readback
= flip_u32(readback
, 32);
2745 h_u32_to_be(in
, readback
);
2747 h_u32_to_le(in
, readback
);
2750 readback
= le_to_h_u16(in
);
2752 readback
= flip_u32(readback
, 16);
2754 h_u16_to_be(in
, readback
& 0xffff);
2756 h_u16_to_le(in
, readback
& 0xffff);
2761 readback
= flip_u32(readback
, 8);
2762 *in
= readback
& 0xff;
2769 COMMAND_HANDLER(handle_arm7_9_dbgrq_command
)
2771 struct target
*target
= get_current_target(CMD_CTX
);
2772 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2774 if (!is_arm7_9(arm7_9
)) {
2775 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2776 return ERROR_TARGET_INVALID
;
2780 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->use_dbgrq
);
2783 "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s",
2784 (arm7_9
->use_dbgrq
) ? "enabled" : "disabled");
2789 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command
)
2791 struct target
*target
= get_current_target(CMD_CTX
);
2792 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2794 if (!is_arm7_9(arm7_9
)) {
2795 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2796 return ERROR_TARGET_INVALID
;
2800 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->fast_memory_access
);
2803 "fast memory access is %s",
2804 (arm7_9
->fast_memory_access
) ? "enabled" : "disabled");
2809 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command
)
2811 struct target
*target
= get_current_target(CMD_CTX
);
2812 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2814 if (!is_arm7_9(arm7_9
)) {
2815 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2816 return ERROR_TARGET_INVALID
;
2820 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->dcc_downloads
);
2823 "dcc downloads are %s",
2824 (arm7_9
->dcc_downloads
) ? "enabled" : "disabled");
2829 static int arm7_9_setup_semihosting(struct target
*target
, int enable
)
2831 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2833 if (!is_arm7_9(arm7_9
)) {
2834 LOG_USER("current target isn't an ARM7/ARM9 target");
2835 return ERROR_TARGET_INVALID
;
2838 if (arm7_9
->has_vector_catch
) {
2839 struct reg
*vector_catch
= &arm7_9
->eice_cache
2840 ->reg_list
[EICE_VEC_CATCH
];
2842 if (!vector_catch
->valid
)
2843 embeddedice_read_reg(vector_catch
);
2844 buf_set_u32(vector_catch
->value
, 2, 1, enable
);
2845 embeddedice_store_reg(vector_catch
);
2847 /* TODO: allow optional high vectors and/or BKPT_HARD */
2849 breakpoint_add(target
, 8, 4, BKPT_SOFT
);
2851 breakpoint_remove(target
, 8);
2857 int arm7_9_init_arch_info(struct target
*target
, struct arm7_9_common
*arm7_9
)
2859 int retval
= ERROR_OK
;
2860 struct arm
*arm
= &arm7_9
->arm
;
2862 arm7_9
->common_magic
= ARM7_9_COMMON_MAGIC
;
2864 retval
= arm_jtag_setup_connection(&arm7_9
->jtag_info
);
2865 if (retval
!= ERROR_OK
)
2868 /* caller must have allocated via calloc(), so everything's zeroed */
2870 arm7_9
->wp_available_max
= 2;
2872 arm7_9
->fast_memory_access
= false;
2873 arm7_9
->dcc_downloads
= false;
2875 arm
->arch_info
= arm7_9
;
2876 arm
->core_type
= ARM_CORE_TYPE_STD
;
2877 arm
->read_core_reg
= arm7_9_read_core_reg
;
2878 arm
->write_core_reg
= arm7_9_write_core_reg
;
2879 arm
->full_context
= arm7_9_full_context
;
2880 arm
->setup_semihosting
= arm7_9_setup_semihosting
;
2882 retval
= arm_init_arch_info(target
, arm
);
2883 if (retval
!= ERROR_OK
)
2886 return target_register_timer_callback(arm7_9_handle_target_request
,
2887 1, TARGET_TIMER_TYPE_PERIODIC
, target
);
2890 static const struct command_registration arm7_9_any_command_handlers
[] = {
2893 .handler
= handle_arm7_9_dbgrq_command
,
2894 .mode
= COMMAND_ANY
,
2895 .usage
= "['enable'|'disable']",
2896 .help
= "use EmbeddedICE dbgrq instead of breakpoint "
2897 "for target halt requests",
2900 .name
= "fast_memory_access",
2901 .handler
= handle_arm7_9_fast_memory_access_command
,
2902 .mode
= COMMAND_ANY
,
2903 .usage
= "['enable'|'disable']",
2904 .help
= "use fast memory accesses instead of slower "
2905 "but potentially safer accesses",
2908 .name
= "dcc_downloads",
2909 .handler
= handle_arm7_9_dcc_downloads_command
,
2910 .mode
= COMMAND_ANY
,
2911 .usage
= "['enable'|'disable']",
2912 .help
= "use DCC downloads for larger memory writes",
2914 COMMAND_REGISTRATION_DONE
2916 const struct command_registration arm7_9_command_handlers
[] = {
2918 .chain
= arm_command_handlers
,
2921 .chain
= etm_command_handlers
,
2925 .mode
= COMMAND_ANY
,
2926 .help
= "arm7/9 specific commands",
2928 .chain
= arm7_9_any_command_handlers
,
2930 COMMAND_REGISTRATION_DONE
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)