1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007-2010 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * Copyright (C) 2009 by David Brownell *
16 * This program is free software; you can redistribute it and/or modify *
17 * it under the terms of the GNU General Public License as published by *
18 * the Free Software Foundation; either version 2 of the License, or *
19 * (at your option) any later version. *
21 * This program is distributed in the hope that it will be useful, *
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24 * GNU General Public License for more details. *
26 * You should have received a copy of the GNU General Public License *
27 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
28 ***************************************************************************/
34 #include "breakpoints.h"
35 #include "embeddedice.h"
36 #include "target_request.h"
38 #include <helper/time_support.h>
39 #include "arm_simulator.h"
40 #include "arm_semihosting.h"
41 #include "algorithm.h"
47 * Hold common code supporting the ARM7 and ARM9 core generations.
49 * While the ARM core implementations evolved substantially during these
50 * two generations, they look quite similar from the JTAG perspective.
51 * Both have similar debug facilities, based on the same two scan chains
52 * providing access to the core and to an EmbeddedICE module. Both can
53 * support similar ETM and ETB modules, for tracing. And both expose
54 * what could be viewed as "ARM Classic", with multiple processor modes,
55 * shadowed registers, and support for the Thumb instruction set.
57 * Processor differences include things like presence or absence of MMU
58 * and cache, pipeline sizes, use of a modified Harvard Architecture
59 * (with separate instruction and data buses from the CPU), support
60 * for cpu clock gating during idle, and more.
63 static int arm7_9_debug_entry(struct target
*target
);
66 * Clear watchpoints for an ARM7/9 target.
68 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
69 * @return JTAG error status after executing queue
71 static int arm7_9_clear_watchpoints(struct arm7_9_common
*arm7_9
)
74 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
75 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
76 arm7_9
->sw_breakpoint_count
= 0;
77 arm7_9
->sw_breakpoints_added
= 0;
79 arm7_9
->wp1_used
= arm7_9
->wp1_used_default
;
80 arm7_9
->wp_available
= arm7_9
->wp_available_max
;
82 return jtag_execute_queue();
86 * Assign a watchpoint to one of the two available hardware comparators in an
87 * ARM7 or ARM9 target.
89 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
90 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
92 static void arm7_9_assign_wp(struct arm7_9_common
*arm7_9
, struct breakpoint
*breakpoint
)
94 if (!arm7_9
->wp0_used
) {
96 breakpoint_hw_set(breakpoint
, 0);
97 arm7_9
->wp_available
--;
98 } else if (!arm7_9
->wp1_used
) {
100 breakpoint_hw_set(breakpoint
, 1);
101 arm7_9
->wp_available
--;
103 LOG_ERROR("BUG: no hardware comparator available");
106 LOG_DEBUG("BPID: %" PRIu32
" (0x%08" TARGET_PRIxADDR
") using hw wp: %u",
107 breakpoint
->unique_id
,
113 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
115 * @param arm7_9 Pointer to common struct for ARM7/9 targets
116 * @return Error codes if there is a problem finding a watchpoint or the result
117 * of executing the JTAG queue
119 static int arm7_9_set_software_breakpoints(struct arm7_9_common
*arm7_9
)
121 if (arm7_9
->sw_breakpoints_added
)
123 if (arm7_9
->wp_available
< 1) {
124 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
125 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
127 arm7_9
->wp_available
--;
129 /* pick a breakpoint unit */
130 if (!arm7_9
->wp0_used
) {
131 arm7_9
->sw_breakpoints_added
= 1;
132 arm7_9
->wp0_used
= 3;
133 } else if (!arm7_9
->wp1_used
) {
134 arm7_9
->sw_breakpoints_added
= 2;
135 arm7_9
->wp1_used
= 3;
137 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
141 if (arm7_9
->sw_breakpoints_added
== 1) {
142 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], arm7_9
->arm_bkpt
);
143 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0x0);
144 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffffu
);
145 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_NOPC
& 0xff);
146 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
147 } else if (arm7_9
->sw_breakpoints_added
== 2) {
148 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], arm7_9
->arm_bkpt
);
149 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0x0);
150 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0xffffffffu
);
151 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_NOPC
& 0xff);
152 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
154 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
157 LOG_DEBUG("SW BP using hw wp: %d",
158 arm7_9
->sw_breakpoints_added
);
160 return jtag_execute_queue();
164 * Setup the common pieces for an ARM7/9 target after reset or on startup.
166 * @param target Pointer to an ARM7/9 target to setup
167 * @return Result of clearing the watchpoints on the target
169 static int arm7_9_setup(struct target
*target
)
171 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
173 return arm7_9_clear_watchpoints(arm7_9
);
177 * Set either a hardware or software breakpoint on an ARM7/9 target. The
178 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
179 * might have erased the values in Embedded ICE.
181 * @param target Pointer to the target device to set the breakpoints on
182 * @param breakpoint Pointer to the breakpoint to be set
183 * @return For hardware breakpoints, this is the result of executing the JTAG
184 * queue. For software breakpoints, this will be the status of the
185 * required memory reads and writes
187 static int arm7_9_set_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
189 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
190 int retval
= ERROR_OK
;
192 LOG_DEBUG("BPID: %" PRIu32
", Address: 0x%08" TARGET_PRIxADDR
", Type: %d",
193 breakpoint
->unique_id
,
197 if (target
->state
!= TARGET_HALTED
) {
198 LOG_WARNING("target not halted");
199 return ERROR_TARGET_NOT_HALTED
;
202 if (breakpoint
->type
== BKPT_HARD
) {
203 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
204 uint32_t mask
= (breakpoint
->length
== 4) ? 0x3u
: 0x1u
;
206 /* reassign a hw breakpoint */
207 if (!breakpoint
->is_set
)
208 arm7_9_assign_wp(arm7_9
, breakpoint
);
210 if (breakpoint
->number
== 0) {
211 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], breakpoint
->address
);
212 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
213 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffffu
);
214 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_NOPC
& 0xff);
215 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
216 } else if (breakpoint
->number
== 1) {
217 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], breakpoint
->address
);
218 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
219 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffffu
);
220 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_NOPC
& 0xff);
221 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
223 LOG_ERROR("BUG: no hardware comparator available");
227 retval
= jtag_execute_queue();
228 } else if (breakpoint
->type
== BKPT_SOFT
) {
229 /* did we already set this breakpoint? */
230 if (breakpoint
->is_set
)
233 if (breakpoint
->length
== 4) {
234 uint32_t verify
= 0xffffffff;
235 /* keep the original instruction in target endianness */
236 retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
237 if (retval
!= ERROR_OK
)
239 /* write the breakpoint instruction in target
240 * endianness (arm7_9->arm_bkpt is host endian) */
241 retval
= target_write_u32(target
, breakpoint
->address
, arm7_9
->arm_bkpt
);
242 if (retval
!= ERROR_OK
)
245 retval
= target_read_u32(target
, breakpoint
->address
, &verify
);
246 if (retval
!= ERROR_OK
)
248 if (verify
!= arm7_9
->arm_bkpt
) {
249 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" TARGET_PRIxADDR
250 " - check that memory is read/writable", breakpoint
->address
);
254 uint16_t verify
= 0xffff;
255 /* keep the original instruction in target endianness */
256 retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
257 if (retval
!= ERROR_OK
)
259 /* write the breakpoint instruction in target
260 * endianness (arm7_9->thumb_bkpt is host endian) */
261 retval
= target_write_u16(target
, breakpoint
->address
, arm7_9
->thumb_bkpt
);
262 if (retval
!= ERROR_OK
)
265 retval
= target_read_u16(target
, breakpoint
->address
, &verify
);
266 if (retval
!= ERROR_OK
)
268 if (verify
!= arm7_9
->thumb_bkpt
) {
269 LOG_ERROR("Unable to set thumb software breakpoint at address %08" TARGET_PRIxADDR
270 " - check that memory is read/writable", breakpoint
->address
);
275 retval
= arm7_9_set_software_breakpoints(arm7_9
);
276 if (retval
!= ERROR_OK
)
279 arm7_9
->sw_breakpoint_count
++;
281 breakpoint
->is_set
= true;
288 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
289 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
290 * will be updated. Otherwise, the software breakpoint will be restored to its
291 * original instruction if it hasn't already been modified.
293 * @param target Pointer to ARM7/9 target to unset the breakpoint from
294 * @param breakpoint Pointer to breakpoint to be unset
295 * @return For hardware breakpoints, this is the result of executing the JTAG
296 * queue. For software breakpoints, this will be the status of the
297 * required memory reads and writes
299 static int arm7_9_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
301 int retval
= ERROR_OK
;
302 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
304 LOG_DEBUG("BPID: %" PRIu32
", Address: 0x%08" TARGET_PRIxADDR
,
305 breakpoint
->unique_id
,
306 breakpoint
->address
);
308 if (!breakpoint
->is_set
) {
309 LOG_WARNING("breakpoint not set");
313 if (breakpoint
->type
== BKPT_HARD
) {
314 LOG_DEBUG("BPID: %" PRIu32
" Releasing hw wp: %d",
315 breakpoint
->unique_id
,
317 if (breakpoint
->number
== 0) {
318 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
319 arm7_9
->wp0_used
= 0;
320 arm7_9
->wp_available
++;
321 } else if (breakpoint
->number
== 1) {
322 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
323 arm7_9
->wp1_used
= 0;
324 arm7_9
->wp_available
++;
326 retval
= jtag_execute_queue();
327 breakpoint
->is_set
= false;
329 /* restore original instruction (kept in target endianness) */
330 if (breakpoint
->length
== 4) {
331 uint32_t current_instr
;
332 /* check that user program as not modified breakpoint instruction */
333 retval
= target_read_memory(target
,
334 breakpoint
->address
, 4, 1, (uint8_t *)¤t_instr
);
335 if (retval
!= ERROR_OK
)
337 current_instr
= target_buffer_get_u32(target
, (uint8_t *)¤t_instr
);
338 if (current_instr
== arm7_9
->arm_bkpt
) {
339 retval
= target_write_memory(target
,
340 breakpoint
->address
, 4, 1, breakpoint
->orig_instr
);
341 if (retval
!= ERROR_OK
)
346 uint16_t current_instr
;
347 /* check that user program as not modified breakpoint instruction */
348 retval
= target_read_memory(target
,
349 breakpoint
->address
, 2, 1, (uint8_t *)¤t_instr
);
350 if (retval
!= ERROR_OK
)
352 current_instr
= target_buffer_get_u16(target
, (uint8_t *)¤t_instr
);
353 if (current_instr
== arm7_9
->thumb_bkpt
) {
354 retval
= target_write_memory(target
,
355 breakpoint
->address
, 2, 1, breakpoint
->orig_instr
);
356 if (retval
!= ERROR_OK
)
361 if (--arm7_9
->sw_breakpoint_count
== 0) {
362 /* We have removed the last sw breakpoint, clear the hw breakpoint we used
364 if (arm7_9
->sw_breakpoints_added
== 1)
365 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
366 EICE_W0_CONTROL_VALUE
], 0);
367 else if (arm7_9
->sw_breakpoints_added
== 2)
368 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[
369 EICE_W1_CONTROL_VALUE
], 0);
372 breakpoint
->is_set
= false;
379 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
380 * dangling breakpoints and that the desired breakpoint can be added.
382 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
383 * @param breakpoint Pointer to the breakpoint to be added
384 * @return An error status if there is a problem adding the breakpoint or the
385 * result of setting the breakpoint
387 int arm7_9_add_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
389 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
391 if (arm7_9
->breakpoint_count
== 0) {
392 /* make sure we don't have any dangling breakpoints. This is vital upon
393 * GDB connect/disconnect
395 arm7_9_clear_watchpoints(arm7_9
);
398 if ((breakpoint
->type
== BKPT_HARD
) && (arm7_9
->wp_available
< 1)) {
399 LOG_INFO("no watchpoint unit available for hardware breakpoint");
400 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
403 if ((breakpoint
->length
!= 2) && (breakpoint
->length
!= 4)) {
404 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
405 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
408 if (breakpoint
->type
== BKPT_HARD
)
409 arm7_9_assign_wp(arm7_9
, breakpoint
);
411 arm7_9
->breakpoint_count
++;
413 return arm7_9_set_breakpoint(target
, breakpoint
);
417 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
418 * dangling breakpoints and updates available watchpoints if it is a hardware
421 * @param target Pointer to the target to have a breakpoint removed
422 * @param breakpoint Pointer to the breakpoint to be removed
423 * @return Error status if there was a problem unsetting the breakpoint or the
424 * watchpoints could not be cleared
426 int arm7_9_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
428 int retval
= ERROR_OK
;
429 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
431 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
432 if (retval
!= ERROR_OK
)
435 if (breakpoint
->type
== BKPT_HARD
)
436 arm7_9
->wp_available
++;
438 arm7_9
->breakpoint_count
--;
439 if (arm7_9
->breakpoint_count
== 0) {
440 /* make sure we don't have any dangling breakpoints */
441 retval
= arm7_9_clear_watchpoints(arm7_9
);
442 if (retval
!= ERROR_OK
)
450 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
451 * considered a bug to call this function when there are no available watchpoint
454 * @param target Pointer to an ARM7/9 target to set a watchpoint on
455 * @param watchpoint Pointer to the watchpoint to be set
456 * @return Error status if watchpoint set fails or the result of executing the
459 static int arm7_9_set_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
461 int retval
= ERROR_OK
;
462 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
466 mask
= watchpoint
->length
- 1;
468 if (target
->state
!= TARGET_HALTED
) {
469 LOG_WARNING("target not halted");
470 return ERROR_TARGET_NOT_HALTED
;
473 if (watchpoint
->rw
== WPT_ACCESS
)
478 if (!arm7_9
->wp0_used
) {
479 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
],
480 watchpoint
->address
);
481 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
482 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
],
484 if (watchpoint
->mask
!= 0xffffffffu
)
485 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
],
487 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
488 0xff & ~EICE_W_CTRL_NOPC
& ~rw_mask
);
489 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
490 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_NOPC
| (watchpoint
->rw
& 1));
492 retval
= jtag_execute_queue();
493 if (retval
!= ERROR_OK
)
495 watchpoint_set(watchpoint
, 1);
496 arm7_9
->wp0_used
= 2;
497 } else if (!arm7_9
->wp1_used
) {
498 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
499 watchpoint
->address
);
500 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
501 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
],
503 if (watchpoint
->mask
!= 0xffffffffu
)
504 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
],
506 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
507 0xff & ~EICE_W_CTRL_NOPC
& ~rw_mask
);
508 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
509 EICE_W_CTRL_ENABLE
| EICE_W_CTRL_NOPC
| (watchpoint
->rw
& 1));
511 retval
= jtag_execute_queue();
512 if (retval
!= ERROR_OK
)
514 watchpoint_set(watchpoint
, 2);
515 arm7_9
->wp1_used
= 2;
517 LOG_ERROR("BUG: no hardware comparator available");
525 * Unset an existing watchpoint and clear the used watchpoint unit.
527 * @param target Pointer to the target to have the watchpoint removed
528 * @param watchpoint Pointer to the watchpoint to be removed
529 * @return Error status while trying to unset the watchpoint or the result of
530 * executing the JTAG queue
532 static int arm7_9_unset_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
534 int retval
= ERROR_OK
;
535 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
537 if (target
->state
!= TARGET_HALTED
) {
538 LOG_WARNING("target not halted");
539 return ERROR_TARGET_NOT_HALTED
;
542 if (!watchpoint
->is_set
) {
543 LOG_WARNING("breakpoint not set");
547 if (watchpoint
->number
== 1) {
548 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
549 retval
= jtag_execute_queue();
550 if (retval
!= ERROR_OK
)
552 arm7_9
->wp0_used
= 0;
553 } else if (watchpoint
->number
== 2) {
554 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
555 retval
= jtag_execute_queue();
556 if (retval
!= ERROR_OK
)
558 arm7_9
->wp1_used
= 0;
560 watchpoint
->is_set
= false;
566 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
567 * available, an error response is returned.
569 * @param target Pointer to the ARM7/9 target to add a watchpoint to
570 * @param watchpoint Pointer to the watchpoint to be added
571 * @return Error status while trying to add the watchpoint
573 int arm7_9_add_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
575 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
577 if (arm7_9
->wp_available
< 1)
578 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
580 if ((watchpoint
->length
!= 1) && (watchpoint
->length
!= 2) && (watchpoint
->length
!= 4))
581 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
583 arm7_9
->wp_available
--;
589 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
590 * the used watchpoint unit will be reopened.
592 * @param target Pointer to the target to remove a watchpoint from
593 * @param watchpoint Pointer to the watchpoint to be removed
594 * @return Result of trying to unset the watchpoint
596 int arm7_9_remove_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
598 int retval
= ERROR_OK
;
599 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
601 if (watchpoint
->is_set
) {
602 retval
= arm7_9_unset_watchpoint(target
, watchpoint
);
603 if (retval
!= ERROR_OK
)
607 arm7_9
->wp_available
++;
613 * Restarts the target by sending a RESTART instruction and moving the JTAG
614 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
615 * asserted by the processor.
617 * @param target Pointer to target to issue commands to
618 * @return Error status if there is a timeout or a problem while executing the
621 int arm7_9_execute_sys_speed(struct target
*target
)
624 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
625 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
626 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
628 /* set RESTART instruction */
629 if (arm7_9
->need_bypass_before_restart
) {
630 arm7_9
->need_bypass_before_restart
= 0;
631 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
632 if (retval
!= ERROR_OK
)
635 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
636 if (retval
!= ERROR_OK
)
639 int64_t then
= timeval_ms();
641 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
642 /* read debug status register */
643 embeddedice_read_reg(dbg_stat
);
644 retval
= jtag_execute_queue();
645 if (retval
!= ERROR_OK
)
647 if ((buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
648 && (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_SYSCOMP
, 1)))
650 if (debug_level
>= 3)
656 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32
"",
657 buf_get_u32(dbg_stat
->value
, 0, dbg_stat
->size
));
658 return ERROR_TARGET_TIMEOUT
;
665 * Restarts the target by sending a RESTART instruction and moving the JTAG
666 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
667 * waiting until they are.
669 * @param target Pointer to the target to issue commands to
670 * @return Always ERROR_OK
672 static int arm7_9_execute_fast_sys_speed(struct target
*target
)
675 static uint8_t check_value
[4], check_mask
[4];
677 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
678 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
679 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
682 /* set RESTART instruction */
683 if (arm7_9
->need_bypass_before_restart
) {
684 arm7_9
->need_bypass_before_restart
= 0;
685 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
686 if (retval
!= ERROR_OK
)
689 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
690 if (retval
!= ERROR_OK
)
694 /* check for DBGACK and SYSCOMP set (others don't care) */
696 /* NB! These are constants that must be available until after next jtag_execute() and
697 * we evaluate the values upon first execution in lieu of setting up these constants
698 * during early setup.
700 buf_set_u32(check_value
, 0, 32, 0x9);
701 buf_set_u32(check_mask
, 0, 32, 0x9);
705 /* read debug status register */
706 embeddedice_read_reg_w_check(dbg_stat
, check_value
, check_mask
);
712 * Get some data from the ARM7/9 target.
714 * @param target Pointer to the ARM7/9 target to read data from
715 * @param size The number of 32bit words to be read
716 * @param buffer Pointer to the buffer that will hold the data
717 * @return The result of receiving data from the Embedded ICE unit
719 int arm7_9_target_request_data(struct target
*target
, uint32_t size
, uint8_t *buffer
)
721 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
722 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
724 int retval
= ERROR_OK
;
727 data
= malloc(size
* (sizeof(uint32_t)));
729 retval
= embeddedice_receive(jtag_info
, data
, size
);
731 /* return the 32-bit ints in the 8-bit array */
732 for (i
= 0; i
< size
; i
++)
733 h_u32_to_le(buffer
+ (i
* 4), data
[i
]);
741 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
742 * target is running and the DCC control register has the W bit high, this will
743 * execute the request on the target.
745 * @param priv Void pointer expected to be a struct target pointer
746 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
747 * from the Embedded ICE unit
749 static int arm7_9_handle_target_request(void *priv
)
751 int retval
= ERROR_OK
;
752 struct target
*target
= priv
;
753 if (!target_was_examined(target
))
755 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
756 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
757 struct reg
*dcc_control
= &arm7_9
->eice_cache
->reg_list
[EICE_COMMS_CTRL
];
759 if (!target
->dbg_msg_enabled
)
762 if (target
->state
== TARGET_RUNNING
) {
763 /* read DCC control register */
764 embeddedice_read_reg(dcc_control
);
765 retval
= jtag_execute_queue();
766 if (retval
!= ERROR_OK
)
770 if (buf_get_u32(dcc_control
->value
, 1, 1) == 1) {
773 retval
= embeddedice_receive(jtag_info
, &request
, 1);
774 if (retval
!= ERROR_OK
)
776 retval
= target_request(target
, request
);
777 if (retval
!= ERROR_OK
)
786 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
787 * is manipulated to the right halted state based on its current state. This is
791 * <tr><th > State</th><th > Action</th></tr>
792 * <tr><td > TARGET_RUNNING | TARGET_RESET</td>
793 * <td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
794 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
795 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
796 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
799 * If the target does not end up in the halted state, a warning is produced. If
800 * DBGACK is cleared, then the target is expected to either be running or
803 * @param target Pointer to the ARM7/9 target to poll
804 * @return ERROR_OK or an error status if a command fails
806 int arm7_9_poll(struct target
*target
)
809 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
810 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
812 /* read debug status register */
813 embeddedice_read_reg(dbg_stat
);
814 retval
= jtag_execute_queue();
815 if (retval
!= ERROR_OK
)
818 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1)) {
819 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, *32));*/
820 if (target
->state
== TARGET_UNKNOWN
) {
821 /* Starting OpenOCD with target in debug-halt */
822 target
->state
= TARGET_RUNNING
;
823 LOG_DEBUG("DBGACK already set during server startup.");
825 if ((target
->state
== TARGET_RUNNING
) || (target
->state
== TARGET_RESET
)) {
826 target
->state
= TARGET_HALTED
;
828 retval
= arm7_9_debug_entry(target
);
829 if (retval
!= ERROR_OK
)
832 if (arm_semihosting(target
, &retval
) != 0)
835 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
836 if (retval
!= ERROR_OK
)
839 if (target
->state
== TARGET_DEBUG_RUNNING
) {
840 target
->state
= TARGET_HALTED
;
841 retval
= arm7_9_debug_entry(target
);
842 if (retval
!= ERROR_OK
)
845 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
);
846 if (retval
!= ERROR_OK
)
849 if (target
->state
!= TARGET_HALTED
)
851 "DBGACK set, but the target did not end up in the halted state %d",
854 if (target
->state
!= TARGET_DEBUG_RUNNING
)
855 target
->state
= TARGET_RUNNING
;
862 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
863 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
864 * affected) completely stop the JTAG clock while the core is held in reset
865 * (SRST). It isn't possible to program the halt condition once reset is
866 * asserted, hence a hook that allows the target to set up its reset-halt
867 * condition is setup prior to asserting reset.
869 * @param target Pointer to an ARM7/9 target to assert reset on
870 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
872 int arm7_9_assert_reset(struct target
*target
)
874 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
875 enum reset_types jtag_reset_config
= jtag_get_reset_config();
876 bool use_event
= false;
878 /* TODO: apply hw reset signal in not examined state */
879 if (!(target_was_examined(target
))) {
880 LOG_WARNING("Reset is not asserted because the target is not examined.");
881 LOG_WARNING("Use a reset button or power cycle the target.");
882 return ERROR_TARGET_NOT_EXAMINED
;
885 LOG_DEBUG("target->state: %s", target_state_name(target
));
887 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
889 else if (!(jtag_reset_config
& RESET_HAS_SRST
)) {
890 LOG_ERROR("%s: how to reset?", target_name(target
));
894 /* At this point trst has been asserted/deasserted once. We would
895 * like to program EmbeddedICE while SRST is asserted, instead of
896 * depending on SRST to leave that module alone. However, many CPUs
897 * gate the JTAG clock while SRST is asserted; or JTAG may need
898 * clock stability guarantees (adaptive clocking might help).
900 * So we assume JTAG access during SRST is off the menu unless it's
901 * been specifically enabled.
903 bool srst_asserted
= false;
905 if (!use_event
&& !(jtag_reset_config
& RESET_SRST_PULLS_TRST
)
906 && (jtag_reset_config
& RESET_SRST_NO_GATING
)) {
907 jtag_add_reset(0, 1);
908 srst_asserted
= true;
911 if (target
->reset_halt
) {
913 * For targets that don't support communication while SRST is
914 * asserted, we need to set up the reset vector catch first.
916 * When we use TRST+SRST and that's equivalent to a power-up
917 * reset, these settings may well be reset anyway; so setting
918 * them here won't matter.
920 if (arm7_9
->has_vector_catch
) {
921 /* program vector catch register to catch reset */
922 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
], 0x1);
924 /* extra runtest added as issues were found with
925 * certain ARM9 cores (maybe more) - AT91SAM9260
928 jtag_add_runtest(1, TAP_IDLE
);
930 /* program watchpoint unit to match on reset vector
933 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], 0x0);
934 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0x3);
935 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
936 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
937 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_NOPC
& 0xff);
942 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
944 /* If we use SRST ... we'd like to issue just SRST, but the
945 * board or chip may be set up so we have to assert TRST as
946 * well. On some chips that combination is equivalent to a
947 * power-up reset, and generally clobbers EICE state.
949 if (jtag_reset_config
& RESET_SRST_PULLS_TRST
)
950 jtag_add_reset(1, 1);
951 else if (!srst_asserted
)
952 jtag_add_reset(0, 1);
953 jtag_add_sleep(50000);
956 target
->state
= TARGET_RESET
;
957 register_cache_invalidate(arm7_9
->arm
.core_cache
);
959 /* REVISIT why isn't standard debug entry logic sufficient?? */
960 if (target
->reset_halt
&& (!(jtag_reset_config
& RESET_SRST_PULLS_TRST
) || use_event
)) {
961 /* debug entry was prepared above */
962 target
->debug_reason
= DBG_REASON_DBGRQ
;
969 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
970 * and the target is being reset into a halt, a warning will be triggered
971 * because it is not possible to reset into a halted mode in this case. The
972 * target is halted using the target's functions.
974 * @param target Pointer to the target to have the reset deasserted
975 * @return ERROR_OK or an error from polling or halting the target
977 int arm7_9_deassert_reset(struct target
*target
)
979 int retval
= ERROR_OK
;
980 LOG_DEBUG("target->state: %s", target_state_name(target
));
982 /* deassert reset lines */
983 jtag_add_reset(0, 0);
985 /* In case polling is disabled, we need to examine the
986 * target and poll here for this target to work correctly.
988 * Otherwise, e.g. halt will fail afterwards with bogus
989 * error messages as halt will believe that reset is
992 retval
= target_examine_one(target
);
993 if (retval
!= ERROR_OK
)
996 retval
= target_poll(target
);
997 if (retval
!= ERROR_OK
)
1000 enum reset_types jtag_reset_config
= jtag_get_reset_config();
1001 if (target
->reset_halt
&& (jtag_reset_config
& RESET_SRST_PULLS_TRST
) != 0) {
1003 "srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1004 retval
= target_halt(target
);
1005 if (retval
!= ERROR_OK
)
1012 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1013 * reset and if DBGRQ is used, it is programmed to be deasserted. If the reset
1014 * vector catch was used, it is restored. Otherwise, the control value is
1015 * restored and the watchpoint unit is restored if it was in use.
1017 * @param target Pointer to the ARM7/9 target to have halt cleared
1018 * @return Always ERROR_OK
1020 static int arm7_9_clear_halt(struct target
*target
)
1022 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1023 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1025 /* we used DBGRQ only if we didn't come out of reset */
1026 if (!arm7_9
->debug_entry_from_reset
&& arm7_9
->use_dbgrq
) {
1027 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1029 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1030 embeddedice_store_reg(dbg_ctrl
);
1032 if (arm7_9
->debug_entry_from_reset
&& arm7_9
->has_vector_catch
) {
1033 /* if we came out of reset, and vector catch is supported, we used
1034 * vector catch to enter debug state
1035 * restore the register in that case
1037 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
]);
1039 /* restore registers if watchpoint unit 0 was in use
1041 if (arm7_9
->wp0_used
) {
1042 if (arm7_9
->debug_entry_from_reset
)
1043 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1044 EICE_W0_ADDR_VALUE
]);
1045 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1046 EICE_W0_ADDR_MASK
]);
1047 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1048 EICE_W0_DATA_MASK
]);
1049 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[
1050 EICE_W0_CONTROL_MASK
]);
1052 /* control value always has to be restored, as it was either disabled,
1053 * or enabled with possibly different bits
1055 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1063 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1064 * and then there is a wait until the processor shows the halt. This wait can
1065 * timeout and results in an error being returned. The software reset involves
1066 * clearing the halt, updating the debug control register, changing to ARM mode,
1067 * reset of the program counter, and reset of all of the registers.
1069 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1070 * @return Error status if any of the commands fail, otherwise ERROR_OK
1072 int arm7_9_soft_reset_halt(struct target
*target
)
1074 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1075 struct arm
*arm
= &arm7_9
->arm
;
1076 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1077 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1081 /* FIX!!! replace some of this code with tcl commands
1083 * halt # the halt command is synchronous
1084 * armv4_5 core_state arm
1088 retval
= target_halt(target
);
1089 if (retval
!= ERROR_OK
)
1092 long long then
= timeval_ms();
1094 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
1095 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) != 0)
1097 embeddedice_read_reg(dbg_stat
);
1098 retval
= jtag_execute_queue();
1099 if (retval
!= ERROR_OK
)
1101 if (debug_level
>= 3)
1107 LOG_ERROR("Failed to halt CPU after 1 sec");
1108 return ERROR_TARGET_TIMEOUT
;
1110 target
->state
= TARGET_HALTED
;
1112 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1113 * ensure that DBGRQ is cleared
1115 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1116 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1117 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1118 embeddedice_store_reg(dbg_ctrl
);
1120 retval
= arm7_9_clear_halt(target
);
1121 if (retval
!= ERROR_OK
)
1124 /* if the target is in Thumb state, change to ARM state */
1125 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1126 uint32_t r0_thumb
, pc_thumb
;
1127 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1128 /* Entered debug from Thumb mode */
1129 arm
->core_state
= ARM_STATE_THUMB
;
1130 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1133 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1135 /* all register content is now invalid */
1136 register_cache_invalidate(arm
->core_cache
);
1138 /* SVC, ARM state, IRQ and FIQ disabled */
1141 cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 32);
1144 arm_set_cpsr(arm
, cpsr
);
1145 arm
->cpsr
->dirty
= true;
1147 /* start fetching from 0x0 */
1148 buf_set_u32(arm
->pc
->value
, 0, 32, 0x0);
1149 arm
->pc
->dirty
= true;
1150 arm
->pc
->valid
= true;
1152 /* reset registers */
1153 for (i
= 0; i
<= 14; i
++) {
1154 struct reg
*r
= arm_reg_current(arm
, i
);
1156 buf_set_u32(r
->value
, 0, 32, 0xffffffff);
1161 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1162 if (retval
!= ERROR_OK
)
1169 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1170 * line or by programming a watchpoint to trigger on any address. It is
1171 * considered a bug to call this function while the target is in the
1172 * TARGET_RESET state.
1174 * @param target Pointer to the ARM7/9 target to be halted
1175 * @return Always ERROR_OK
1177 int arm7_9_halt(struct target
*target
)
1179 if (target
->state
== TARGET_RESET
) {
1181 "BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1185 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1186 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1188 LOG_DEBUG("target->state: %s",
1189 target_state_name(target
));
1191 if (target
->state
== TARGET_HALTED
) {
1192 LOG_DEBUG("target was already halted");
1196 if (target
->state
== TARGET_UNKNOWN
)
1197 LOG_WARNING("target was in unknown state when halt was requested");
1199 if (arm7_9
->use_dbgrq
) {
1200 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1202 if (arm7_9
->set_special_dbgrq
)
1203 arm7_9
->set_special_dbgrq(target
);
1205 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 1);
1206 embeddedice_store_reg(dbg_ctrl
);
1209 /* program watchpoint unit to match on any address
1211 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1212 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1213 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1214 EICE_W_CTRL_ENABLE
);
1215 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1216 ~EICE_W_CTRL_NOPC
& 0xff);
1219 target
->debug_reason
= DBG_REASON_DBGRQ
;
1225 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1226 * ARM. The JTAG queue is then executed and the reason for debug entry is
1227 * examined. Once done, the target is verified to be halted and the processor
1228 * is forced into ARM mode. The core registers are saved for the current core
1229 * mode and the program counter (register 15) is updated as needed. The core
1230 * registers and CPSR and SPSR are saved for restoration later.
1232 * @param target Pointer to target that is entering debug mode
1233 * @return Error code if anything fails, otherwise ERROR_OK
1235 static int arm7_9_debug_entry(struct target
*target
)
1238 uint32_t context
[16];
1239 uint32_t *context_p
[16];
1240 uint32_t r0_thumb
, pc_thumb
;
1241 uint32_t cpsr
, cpsr_mask
= 0;
1243 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1244 struct arm
*arm
= &arm7_9
->arm
;
1245 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1246 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1248 #ifdef _DEBUG_ARM7_9_
1252 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1253 * ensure that DBGRQ is cleared
1255 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1256 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1257 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1258 embeddedice_store_reg(dbg_ctrl
);
1260 retval
= arm7_9_clear_halt(target
);
1261 if (retval
!= ERROR_OK
)
1264 retval
= jtag_execute_queue();
1265 if (retval
!= ERROR_OK
)
1268 retval
= arm7_9
->examine_debug_reason(target
);
1269 if (retval
!= ERROR_OK
)
1272 if (target
->state
!= TARGET_HALTED
) {
1273 LOG_WARNING("target not halted");
1274 return ERROR_TARGET_NOT_HALTED
;
1277 /* if the target is in Thumb state, change to ARM state */
1278 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1)) {
1279 LOG_DEBUG("target entered debug from Thumb state");
1280 /* Entered debug from Thumb mode */
1281 arm
->core_state
= ARM_STATE_THUMB
;
1283 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1284 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1285 ", pc_thumb: 0x%8.8" PRIx32
, r0_thumb
, pc_thumb
);
1286 } else if (buf_get_u32(dbg_stat
->value
, 5, 1)) {
1287 /* \todo Get some vaguely correct handling of Jazelle, if
1288 * anyone ever uses it and full info becomes available.
1289 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1290 * B.7.3 for the reverse. That'd be the bare minimum...
1292 LOG_DEBUG("target entered debug from Jazelle state");
1293 arm
->core_state
= ARM_STATE_JAZELLE
;
1294 cpsr_mask
= 1 << 24;
1295 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1297 LOG_DEBUG("target entered debug from ARM state");
1298 /* Entered debug from ARM mode */
1299 arm
->core_state
= ARM_STATE_ARM
;
1302 for (i
= 0; i
< 16; i
++)
1303 context_p
[i
] = &context
[i
];
1304 /* save core registers (r0 - r15 of current core mode) */
1305 arm7_9
->read_core_regs(target
, 0xffff, context_p
);
1307 arm7_9
->read_xpsr(target
, &cpsr
, 0);
1309 retval
= jtag_execute_queue();
1310 if (retval
!= ERROR_OK
)
1313 /* Sync our CPSR copy with J or T bits EICE reported, but
1314 * which we then erased by putting the core into ARM mode.
1316 arm_set_cpsr(arm
, cpsr
| cpsr_mask
);
1318 if (!is_arm_mode(arm
->core_mode
)) {
1319 target
->state
= TARGET_UNKNOWN
;
1320 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1321 return ERROR_TARGET_FAILURE
;
1324 LOG_DEBUG("target entered debug state in %s mode",
1325 arm_mode_name(arm
->core_mode
));
1327 if (arm
->core_state
== ARM_STATE_THUMB
) {
1328 LOG_DEBUG("thumb state, applying fixups");
1329 context
[0] = r0_thumb
;
1330 context
[15] = pc_thumb
;
1331 } else if (arm
->core_state
== ARM_STATE_ARM
) {
1332 /* adjust value stored by STM */
1333 context
[15] -= 3 * 4;
1336 if ((target
->debug_reason
!= DBG_REASON_DBGRQ
) || (!arm7_9
->use_dbgrq
))
1337 context
[15] -= 3 * ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1339 context
[15] -= arm7_9
->dbgreq_adjust_pc
*
1340 ((arm
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1342 for (i
= 0; i
<= 15; i
++) {
1343 struct reg
*r
= arm_reg_current(arm
, i
);
1345 LOG_DEBUG("r%i: 0x%8.8" PRIx32
"", i
, context
[i
]);
1347 buf_set_u32(r
->value
, 0, 32, context
[i
]);
1348 /* r0 and r15 (pc) have to be restored later */
1349 r
->dirty
= (i
== 0) || (i
== 15);
1353 LOG_DEBUG("entered debug state at PC 0x%" PRIx32
"", context
[15]);
1355 /* exceptions other than USR & SYS have a saved program status register */
1358 arm7_9
->read_xpsr(target
, &spsr
, 1);
1359 retval
= jtag_execute_queue();
1360 if (retval
!= ERROR_OK
)
1362 buf_set_u32(arm
->spsr
->value
, 0, 32, spsr
);
1363 arm
->spsr
->dirty
= false;
1364 arm
->spsr
->valid
= true;
1367 retval
= jtag_execute_queue();
1368 if (retval
!= ERROR_OK
)
1371 if (arm7_9
->post_debug_entry
) {
1372 retval
= arm7_9
->post_debug_entry(target
);
1373 if (retval
!= ERROR_OK
)
1381 * Validate the full context for an ARM7/9 target in all processor modes. If
1382 * there are any invalid registers for the target, they will all be read. This
1385 * @param target Pointer to the ARM7/9 target to capture the full context from
1386 * @return Error if the target is not halted, has an invalid core mode, or if
1387 * the JTAG queue fails to execute
1389 static int arm7_9_full_context(struct target
*target
)
1393 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1394 struct arm
*arm
= &arm7_9
->arm
;
1398 } read_cache
[6 * (16 + 1)];
1399 int read_cache_idx
= 0;
1403 if (target
->state
!= TARGET_HALTED
) {
1404 LOG_WARNING("target not halted");
1405 return ERROR_TARGET_NOT_HALTED
;
1408 if (!is_arm_mode(arm
->core_mode
)) {
1409 LOG_ERROR("not a valid arm core mode - communication failure?");
1413 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1414 * SYS shares registers with User, so we don't touch SYS
1416 for (i
= 0; i
< 6; i
++) {
1418 uint32_t *reg_p
[16];
1422 /* check if there are invalid registers in the current mode
1424 for (j
= 0; j
<= 16; j
++) {
1425 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
)
1432 /* change processor mode (and mask T bit) */
1433 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8)
1435 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1437 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1439 for (j
= 0; j
< 15; j
++) {
1440 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1441 armv4_5_number_to_mode(i
), j
).valid
) {
1442 read_cache
[read_cache_idx
].reg_p
= ARMV4_5_CORE_REG_MODE(
1444 armv4_5_number_to_mode(i
),
1446 reg_p
[j
] = &read_cache
[read_cache_idx
].value
;
1449 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1450 armv4_5_number_to_mode(i
),
1452 ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1453 armv4_5_number_to_mode(i
),
1458 /* if only the PSR is invalid, mask is all zeroes */
1460 arm7_9
->read_core_regs(target
, mask
, reg_p
);
1462 /* check if the PSR has to be read */
1463 if (!ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1465 read_cache
[read_cache_idx
].reg_p
= ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1466 armv4_5_number_to_mode(i
), 16).value
;
1467 arm7_9
->read_xpsr(target
, &read_cache
[read_cache_idx
].value
, 1);
1469 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1471 ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
),
1477 /* restore processor mode (mask T bit) */
1478 arm7_9
->write_xpsr_im8(target
,
1479 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
1481 retval
= jtag_execute_queue();
1482 if (retval
!= ERROR_OK
)
1485 * FIXME: regs in cache should be tagged as 'valid' only now,
1486 * not before the jtag_execute_queue()
1488 while (read_cache_idx
) {
1490 buf_set_u32(read_cache
[read_cache_idx
].reg_p
, 0, 32, read_cache
[read_cache_idx
].value
);
1496 * Restore the processor context on an ARM7/9 target. The full processor
1497 * context is analyzed to see if any of the registers are dirty on this end, but
1498 * have a valid new value. If this is the case, the processor is changed to the
1499 * appropriate mode and the new register values are written out to the
1500 * processor. If there happens to be a dirty register with an invalid value, an
1501 * error will be logged.
1503 * @param target Pointer to the ARM7/9 target to have its context restored
1504 * @return Error status if the target is not halted or the core mode in the
1505 * armv4_5 struct is invalid.
1507 static int arm7_9_restore_context(struct target
*target
)
1509 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1510 struct arm
*arm
= &arm7_9
->arm
;
1512 enum arm_mode current_mode
= arm
->core_mode
;
1519 if (target
->state
!= TARGET_HALTED
) {
1520 LOG_WARNING("target not halted");
1521 return ERROR_TARGET_NOT_HALTED
;
1524 if (arm7_9
->pre_restore_context
)
1525 arm7_9
->pre_restore_context(target
);
1527 if (!is_arm_mode(arm
->core_mode
)) {
1528 LOG_ERROR("not a valid arm core mode - communication failure?");
1532 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1533 * SYS shares registers with User, so we don't touch SYS
1535 for (i
= 0; i
< 6; i
++) {
1536 LOG_DEBUG("examining %s mode",
1537 arm_mode_name(arm
->core_mode
));
1540 /* check if there are dirty registers in the current mode
1542 for (j
= 0; j
<= 16; j
++) {
1543 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(i
), j
);
1547 LOG_DEBUG("examining dirty reg: %s", reg
->name
);
1548 struct arm_reg
*reg_arch_info
;
1549 reg_arch_info
= reg
->arch_info
;
1550 if ((reg_arch_info
->mode
!= ARM_MODE_ANY
)
1551 && (reg_arch_info
->mode
!= current_mode
)
1552 && !((reg_arch_info
->mode
== ARM_MODE_USR
)
1553 && (arm
->core_mode
== ARM_MODE_SYS
))
1554 && !((reg_arch_info
->mode
== ARM_MODE_SYS
)
1555 && (arm
->core_mode
== ARM_MODE_USR
))) {
1557 LOG_DEBUG("require mode change");
1560 LOG_ERROR("BUG: dirty register '%s', but no valid data",
1566 uint32_t mask
= 0x0;
1573 /* change processor mode (mask T bit) */
1574 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
,
1576 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1578 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1579 current_mode
= armv4_5_number_to_mode(i
);
1582 for (j
= 0; j
<= 14; j
++) {
1583 reg
= &ARMV4_5_CORE_REG_MODE(arm
->core_cache
,
1584 armv4_5_number_to_mode(i
),
1588 regs
[j
] = buf_get_u32(reg
->value
, 0, 32);
1593 LOG_DEBUG("writing register %i mode %s "
1594 "with value 0x%8.8" PRIx32
, j
,
1595 arm_mode_name(arm
->core_mode
),
1601 arm7_9
->write_core_regs(target
, mask
, regs
);
1604 &ARMV4_5_CORE_REG_MODE(arm
->core_cache
, armv4_5_number_to_mode(
1606 struct arm_reg
*reg_arch_info
;
1607 reg_arch_info
= reg
->arch_info
;
1608 if ((reg
->dirty
) && (reg_arch_info
->mode
!= ARM_MODE_ANY
)) {
1609 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32
"",
1611 buf_get_u32(reg
->value
, 0, 32));
1612 arm7_9
->write_xpsr(target
, buf_get_u32(reg
->value
, 0, 32), 1);
1617 if (!arm
->cpsr
->dirty
&& (arm
->core_mode
!= current_mode
)) {
1618 /* restore processor mode (mask T bit) */
1621 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
1622 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1624 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr
));
1625 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1627 } else if (arm
->cpsr
->dirty
) {
1628 /* CPSR has been changed, full restore necessary (mask T bit) */
1629 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32
,
1630 buf_get_u32(arm
->cpsr
->value
, 0, 32));
1631 arm7_9
->write_xpsr(target
,
1632 buf_get_u32(arm
->cpsr
->value
, 0, 32)
1634 arm
->cpsr
->dirty
= false;
1635 arm
->cpsr
->valid
= true;
1639 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32
,
1640 buf_get_u32(arm
->pc
->value
, 0, 32));
1641 arm7_9
->write_pc(target
, buf_get_u32(arm
->pc
->value
, 0, 32));
1642 arm
->pc
->dirty
= false;
1648 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1649 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1652 * @param target Pointer to the ARM7/9 target to be restarted
1653 * @return Result of executing the JTAG queue
1655 static int arm7_9_restart_core(struct target
*target
)
1657 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1658 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
1661 /* set RESTART instruction */
1662 if (arm7_9
->need_bypass_before_restart
) {
1663 arm7_9
->need_bypass_before_restart
= 0;
1665 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0xf, NULL
, TAP_IDLE
);
1666 if (retval
!= ERROR_OK
)
1669 retval
= arm_jtag_set_instr(jtag_info
->tap
, 0x4, NULL
, TAP_IDLE
);
1670 if (retval
!= ERROR_OK
)
1673 jtag_add_runtest(1, TAP_IDLE
);
1674 return jtag_execute_queue();
1678 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1679 * iterated through and are set on the target if they aren't already set.
1681 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1683 static void arm7_9_enable_watchpoints(struct target
*target
)
1685 struct watchpoint
*watchpoint
= target
->watchpoints
;
1687 while (watchpoint
) {
1688 if (!watchpoint
->is_set
)
1689 arm7_9_set_watchpoint(target
, watchpoint
);
1690 watchpoint
= watchpoint
->next
;
1695 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1696 * iterated through and are set on the target.
1698 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1700 static void arm7_9_enable_breakpoints(struct target
*target
)
1702 struct breakpoint
*breakpoint
= target
->breakpoints
;
1704 /* set any pending breakpoints */
1705 while (breakpoint
) {
1706 arm7_9_set_breakpoint(target
, breakpoint
);
1707 breakpoint
= breakpoint
->next
;
1711 int arm7_9_resume(struct target
*target
,
1713 target_addr_t address
,
1714 int handle_breakpoints
,
1715 int debug_execution
)
1717 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1718 struct arm
*arm
= &arm7_9
->arm
;
1719 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1720 int err
, retval
= ERROR_OK
;
1724 if (target
->state
!= TARGET_HALTED
) {
1725 LOG_WARNING("target not halted");
1726 return ERROR_TARGET_NOT_HALTED
;
1729 if (!debug_execution
)
1730 target_free_all_working_areas(target
);
1732 /* current = 1: continue on current pc, otherwise continue at <address> */
1734 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1736 uint32_t current_pc
;
1737 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1739 /* the front-end may request us not to handle breakpoints */
1740 if (handle_breakpoints
) {
1741 struct breakpoint
*breakpoint
;
1742 breakpoint
= breakpoint_find(target
,
1743 buf_get_u32(arm
->pc
->value
, 0, 32));
1745 LOG_DEBUG("unset breakpoint at 0x%8.8" TARGET_PRIxADDR
" (id: %" PRIu32
,
1746 breakpoint
->address
,
1747 breakpoint
->unique_id
);
1748 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1749 if (retval
!= ERROR_OK
)
1752 /* calculate PC of next instruction */
1754 retval
= arm_simulate_step(target
, &next_pc
);
1755 if (retval
!= ERROR_OK
) {
1756 uint32_t current_opcode
;
1757 target_read_u32(target
, current_pc
, ¤t_opcode
);
1759 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1764 LOG_DEBUG("enable single-step");
1765 arm7_9
->enable_single_step(target
, next_pc
);
1767 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1769 retval
= arm7_9_restore_context(target
);
1770 if (retval
!= ERROR_OK
)
1773 if (arm
->core_state
== ARM_STATE_ARM
)
1774 arm7_9
->branch_resume(target
);
1775 else if (arm
->core_state
== ARM_STATE_THUMB
)
1776 arm7_9
->branch_resume_thumb(target
);
1778 LOG_ERROR("unhandled core state");
1782 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1783 embeddedice_write_reg(dbg_ctrl
,
1784 buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1785 err
= arm7_9_execute_sys_speed(target
);
1787 LOG_DEBUG("disable single-step");
1788 arm7_9
->disable_single_step(target
);
1790 if (err
!= ERROR_OK
) {
1791 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1792 if (retval
!= ERROR_OK
)
1794 target
->state
= TARGET_UNKNOWN
;
1798 retval
= arm7_9_debug_entry(target
);
1799 if (retval
!= ERROR_OK
)
1801 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32
,
1802 buf_get_u32(arm
->pc
->value
, 0, 32));
1804 LOG_DEBUG("set breakpoint at 0x%8.8" TARGET_PRIxADDR
"", breakpoint
->address
);
1805 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1806 if (retval
!= ERROR_OK
)
1811 /* enable any pending breakpoints and watchpoints */
1812 arm7_9_enable_breakpoints(target
);
1813 arm7_9_enable_watchpoints(target
);
1815 retval
= arm7_9_restore_context(target
);
1816 if (retval
!= ERROR_OK
)
1819 if (arm
->core_state
== ARM_STATE_ARM
)
1820 arm7_9
->branch_resume(target
);
1821 else if (arm
->core_state
== ARM_STATE_THUMB
)
1822 arm7_9
->branch_resume_thumb(target
);
1824 LOG_ERROR("unhandled core state");
1828 /* deassert DBGACK and INTDIS */
1829 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1830 /* INTDIS only when we really resume, not during debug execution */
1831 if (!debug_execution
)
1832 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 0);
1833 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1835 retval
= arm7_9_restart_core(target
);
1836 if (retval
!= ERROR_OK
)
1839 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1841 if (!debug_execution
) {
1842 /* registers are now invalid */
1843 register_cache_invalidate(arm
->core_cache
);
1844 target
->state
= TARGET_RUNNING
;
1845 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1846 if (retval
!= ERROR_OK
)
1849 target
->state
= TARGET_DEBUG_RUNNING
;
1850 retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
);
1851 if (retval
!= ERROR_OK
)
1855 LOG_DEBUG("target resumed");
1860 void arm7_9_enable_eice_step(struct target
*target
, uint32_t next_pc
)
1862 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1863 struct arm
*arm
= &arm7_9
->arm
;
1864 uint32_t current_pc
;
1865 current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1867 if (next_pc
!= current_pc
) {
1868 /* setup an inverse breakpoint on the current PC
1869 * - comparator 1 matches the current address
1870 * - rangeout from comparator 1 is connected to comparator 0 rangein
1871 * - comparator 0 matches any address, as long as rangein is low */
1872 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1873 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1874 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
],
1875 EICE_W_CTRL_ENABLE
);
1876 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
],
1877 ~(EICE_W_CTRL_RANGE
| EICE_W_CTRL_NOPC
) & 0xff);
1878 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
],
1880 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1881 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1882 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
1883 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1884 ~EICE_W_CTRL_NOPC
& 0xff);
1886 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1887 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1888 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
1889 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff);
1890 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], next_pc
);
1891 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1892 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1893 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
],
1894 EICE_W_CTRL_ENABLE
);
1895 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
],
1896 ~EICE_W_CTRL_NOPC
& 0xff);
1900 void arm7_9_disable_eice_step(struct target
*target
)
1902 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1904 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1905 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1906 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1907 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1908 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
]);
1909 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
]);
1910 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
]);
1911 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
]);
1912 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
]);
1915 int arm7_9_step(struct target
*target
, int current
, target_addr_t address
, int handle_breakpoints
)
1917 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1918 struct arm
*arm
= &arm7_9
->arm
;
1919 struct breakpoint
*breakpoint
= NULL
;
1922 if (target
->state
!= TARGET_HALTED
) {
1923 LOG_WARNING("target not halted");
1924 return ERROR_TARGET_NOT_HALTED
;
1927 /* current = 1: continue on current pc, otherwise continue at <address> */
1929 buf_set_u32(arm
->pc
->value
, 0, 32, address
);
1931 uint32_t current_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1933 /* the front-end may request us not to handle breakpoints */
1934 if (handle_breakpoints
)
1935 breakpoint
= breakpoint_find(target
, current_pc
);
1937 retval
= arm7_9_unset_breakpoint(target
, breakpoint
);
1938 if (retval
!= ERROR_OK
)
1942 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1944 /* calculate PC of next instruction */
1946 retval
= arm_simulate_step(target
, &next_pc
);
1947 if (retval
!= ERROR_OK
) {
1948 uint32_t current_opcode
;
1949 target_read_u32(target
, current_pc
, ¤t_opcode
);
1951 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"",
1956 retval
= arm7_9_restore_context(target
);
1957 if (retval
!= ERROR_OK
)
1960 arm7_9
->enable_single_step(target
, next_pc
);
1962 if (arm
->core_state
== ARM_STATE_ARM
)
1963 arm7_9
->branch_resume(target
);
1964 else if (arm
->core_state
== ARM_STATE_THUMB
)
1965 arm7_9
->branch_resume_thumb(target
);
1967 LOG_ERROR("unhandled core state");
1971 retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1972 if (retval
!= ERROR_OK
)
1975 err
= arm7_9_execute_sys_speed(target
);
1976 arm7_9
->disable_single_step(target
);
1978 /* registers are now invalid */
1979 register_cache_invalidate(arm
->core_cache
);
1981 if (err
!= ERROR_OK
)
1982 target
->state
= TARGET_UNKNOWN
;
1984 retval
= arm7_9_debug_entry(target
);
1985 if (retval
!= ERROR_OK
)
1987 retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
1988 if (retval
!= ERROR_OK
)
1990 LOG_DEBUG("target stepped");
1994 retval
= arm7_9_set_breakpoint(target
, breakpoint
);
1995 if (retval
!= ERROR_OK
)
2002 static int arm7_9_read_core_reg(struct target
*target
, struct reg
*r
,
2003 int num
, enum arm_mode mode
)
2005 uint32_t *reg_p
[16];
2007 struct arm_reg
*areg
= r
->arch_info
;
2008 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2009 struct arm
*arm
= &arm7_9
->arm
;
2011 if (!is_arm_mode(arm
->core_mode
))
2013 if ((num
< 0) || (num
> 16))
2014 return ERROR_COMMAND_SYNTAX_ERROR
;
2016 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2017 && (areg
->mode
!= ARM_MODE_ANY
)) {
2020 /* change processor mode (mask T bit) */
2021 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2024 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2028 if ((num
>= 0) && (num
<= 15)) {
2029 /* read a normal core register */
2030 reg_p
[num
] = &value
;
2032 arm7_9
->read_core_regs(target
, 1 << num
, reg_p
);
2034 /* read a program status register
2035 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2037 arm7_9
->read_xpsr(target
, &value
, areg
->mode
!= ARM_MODE_ANY
);
2040 retval
= jtag_execute_queue();
2041 if (retval
!= ERROR_OK
)
2046 buf_set_u32(r
->value
, 0, 32, value
);
2048 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2049 && (areg
->mode
!= ARM_MODE_ANY
)) {
2050 /* restore processor mode (mask T bit) */
2051 arm7_9
->write_xpsr_im8(target
,
2052 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2058 static int arm7_9_write_core_reg(struct target
*target
, struct reg
*r
,
2059 int num
, enum arm_mode mode
, uint8_t *value
)
2062 struct arm_reg
*areg
= r
->arch_info
;
2063 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2064 struct arm
*arm
= &arm7_9
->arm
;
2066 if (!is_arm_mode(arm
->core_mode
))
2068 if ((num
< 0) || (num
> 16))
2069 return ERROR_COMMAND_SYNTAX_ERROR
;
2071 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2072 && (areg
->mode
!= ARM_MODE_ANY
)) {
2075 /* change processor mode (mask T bit) */
2076 tmp_cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 8) & 0xE0;
2079 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2082 if ((num
>= 0) && (num
<= 15)) {
2083 /* write a normal core register */
2084 reg
[num
] = buf_get_u32(value
, 0, 32);
2086 arm7_9
->write_core_regs(target
, 1 << num
, reg
);
2088 /* write a program status register
2089 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2091 int spsr
= (areg
->mode
!= ARM_MODE_ANY
);
2093 uint32_t t
= buf_get_u32(value
, 0, 32);
2094 /* if we're writing the CPSR, mask the T bit */
2098 arm7_9
->write_xpsr(target
, t
, spsr
);
2104 if ((mode
!= ARM_MODE_ANY
) && (mode
!= arm
->core_mode
)
2105 && (areg
->mode
!= ARM_MODE_ANY
)) {
2106 /* restore processor mode (mask T bit) */
2107 arm7_9
->write_xpsr_im8(target
,
2108 buf_get_u32(arm
->cpsr
->value
, 0, 8) & ~0x20, 0, 0);
2111 return jtag_execute_queue();
2114 int arm7_9_read_memory(struct target
*target
,
2115 target_addr_t address
,
2120 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2121 struct arm
*arm
= &arm7_9
->arm
;
2123 uint32_t num_accesses
= 0;
2124 int thisrun_accesses
;
2130 LOG_DEBUG("address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%8.8" PRIx32
", count: 0x%8.8" PRIx32
"",
2131 address
, size
, count
);
2133 if (target
->state
!= TARGET_HALTED
) {
2134 LOG_WARNING("target not halted");
2135 return ERROR_TARGET_NOT_HALTED
;
2138 /* sanitize arguments */
2139 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2140 return ERROR_COMMAND_SYNTAX_ERROR
;
2142 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2143 return ERROR_TARGET_UNALIGNED_ACCESS
;
2145 /* load the base register with the address of the first word */
2147 arm7_9
->write_core_regs(target
, 0x1, reg
);
2153 while (num_accesses
< count
) {
2156 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2157 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2159 if (last_reg
<= thisrun_accesses
)
2160 last_reg
= thisrun_accesses
;
2162 arm7_9
->load_word_regs(target
, reg_list
);
2164 /* fast memory reads are only safe when the target is running
2165 * from a sufficiently high clock (32 kHz is usually too slow)
2167 if (arm7_9
->fast_memory_access
)
2168 retval
= arm7_9_execute_fast_sys_speed(target
);
2170 retval
= arm7_9_execute_sys_speed(target
);
2171 if (retval
!= ERROR_OK
)
2174 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 4);
2176 /* advance buffer, count number of accesses */
2177 buffer
+= thisrun_accesses
* 4;
2178 num_accesses
+= thisrun_accesses
;
2180 if ((j
++%1024) == 0)
2185 while (num_accesses
< count
) {
2188 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2189 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2191 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2194 arm7_9
->load_hword_reg(target
, i
);
2195 /* fast memory reads are only safe when the target is running
2196 * from a sufficiently high clock (32 kHz is usually too slow)
2198 if (arm7_9
->fast_memory_access
)
2199 retval
= arm7_9_execute_fast_sys_speed(target
);
2201 retval
= arm7_9_execute_sys_speed(target
);
2202 if (retval
!= ERROR_OK
)
2207 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 2);
2209 /* advance buffer, count number of accesses */
2210 buffer
+= thisrun_accesses
* 2;
2211 num_accesses
+= thisrun_accesses
;
2213 if ((j
++%1024) == 0)
2218 while (num_accesses
< count
) {
2221 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2222 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2224 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2227 arm7_9
->load_byte_reg(target
, i
);
2228 /* fast memory reads are only safe when the target is running
2229 * from a sufficiently high clock (32 kHz is usually too slow)
2231 if (arm7_9
->fast_memory_access
)
2232 retval
= arm7_9_execute_fast_sys_speed(target
);
2234 retval
= arm7_9_execute_sys_speed(target
);
2235 if (retval
!= ERROR_OK
)
2239 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 1);
2241 /* advance buffer, count number of accesses */
2242 buffer
+= thisrun_accesses
* 1;
2243 num_accesses
+= thisrun_accesses
;
2245 if ((j
++%1024) == 0)
2251 if (!is_arm_mode(arm
->core_mode
))
2254 for (i
= 0; i
<= last_reg
; i
++) {
2255 struct reg
*r
= arm_reg_current(arm
, i
);
2256 r
->dirty
= r
->valid
;
2259 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2260 retval
= jtag_execute_queue();
2261 if (retval
!= ERROR_OK
) {
2262 LOG_ERROR("JTAG error while reading cpsr");
2263 return ERROR_TARGET_DATA_ABORT
;
2266 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2268 "memory read caused data abort "
2269 "(address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2274 arm7_9
->write_xpsr_im8(target
,
2275 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2278 return ERROR_TARGET_DATA_ABORT
;
2284 int arm7_9_write_memory(struct target
*target
,
2285 target_addr_t address
,
2288 const uint8_t *buffer
)
2290 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2291 struct arm
*arm
= &arm7_9
->arm
;
2292 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
2295 uint32_t num_accesses
= 0;
2296 int thisrun_accesses
;
2302 #ifdef _DEBUG_ARM7_9_
2303 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2306 if (target
->state
!= TARGET_HALTED
) {
2307 LOG_WARNING("target not halted");
2308 return ERROR_TARGET_NOT_HALTED
;
2311 /* sanitize arguments */
2312 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2313 return ERROR_COMMAND_SYNTAX_ERROR
;
2315 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2316 return ERROR_TARGET_UNALIGNED_ACCESS
;
2318 /* load the base register with the address of the first word */
2320 arm7_9
->write_core_regs(target
, 0x1, reg
);
2322 /* Clear DBGACK, to make sure memory fetches work as expected */
2323 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
2324 embeddedice_store_reg(dbg_ctrl
);
2328 while (num_accesses
< count
) {
2331 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2332 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2334 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2337 reg
[i
] = target_buffer_get_u32(target
, buffer
);
2341 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2343 arm7_9
->store_word_regs(target
, reg_list
);
2345 /* fast memory writes are only safe when the target is running
2346 * from a sufficiently high clock (32 kHz is usually too slow)
2348 if (arm7_9
->fast_memory_access
)
2349 retval
= arm7_9_execute_fast_sys_speed(target
);
2351 retval
= arm7_9_execute_sys_speed(target
);
2354 * if memory writes are made when the clock is running slow
2355 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2356 * processor operations after a "reset halt" or "reset init",
2357 * need to immediately stroke the keep alive or will end up with
2358 * gdb "keep alive not sent error message" problem.
2364 if (retval
!= ERROR_OK
)
2367 num_accesses
+= thisrun_accesses
;
2371 while (num_accesses
< count
) {
2374 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2375 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2377 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2380 reg
[i
] = target_buffer_get_u16(target
, buffer
) & 0xffff;
2384 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2386 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2387 arm7_9
->store_hword_reg(target
, i
);
2389 /* fast memory writes are only safe when the target is running
2390 * from a sufficiently high clock (32 kHz is usually too slow)
2392 if (arm7_9
->fast_memory_access
)
2393 retval
= arm7_9_execute_fast_sys_speed(target
);
2395 retval
= arm7_9_execute_sys_speed(target
);
2398 * if memory writes are made when the clock is running slow
2399 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2400 * processor operations after a "reset halt" or "reset init",
2401 * need to immediately stroke the keep alive or will end up with
2402 * gdb "keep alive not sent error message" problem.
2408 if (retval
!= ERROR_OK
)
2412 num_accesses
+= thisrun_accesses
;
2416 while (num_accesses
< count
) {
2419 ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2420 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2422 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2425 reg
[i
] = *buffer
++ & 0xff;
2428 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2430 for (i
= 1; i
<= thisrun_accesses
; i
++) {
2431 arm7_9
->store_byte_reg(target
, i
);
2432 /* fast memory writes are only safe when the target is running
2433 * from a sufficiently high clock (32 kHz is usually too slow)
2435 if (arm7_9
->fast_memory_access
)
2436 retval
= arm7_9_execute_fast_sys_speed(target
);
2438 retval
= arm7_9_execute_sys_speed(target
);
2441 * if memory writes are made when the clock is running slow
2442 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2443 * processor operations after a "reset halt" or "reset init",
2444 * need to immediately stroke the keep alive or will end up with
2445 * gdb "keep alive not sent error message" problem.
2451 if (retval
!= ERROR_OK
)
2456 num_accesses
+= thisrun_accesses
;
2462 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
2463 embeddedice_store_reg(dbg_ctrl
);
2465 if (!is_arm_mode(arm
->core_mode
))
2468 for (i
= 0; i
<= last_reg
; i
++) {
2469 struct reg
*r
= arm_reg_current(arm
, i
);
2470 r
->dirty
= r
->valid
;
2473 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2474 retval
= jtag_execute_queue();
2475 if (retval
!= ERROR_OK
) {
2476 LOG_ERROR("JTAG error while reading cpsr");
2477 return ERROR_TARGET_DATA_ABORT
;
2480 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (arm
->core_mode
!= ARM_MODE_ABT
)) {
2482 "memory write caused data abort "
2483 "(address: 0x%8.8" TARGET_PRIxADDR
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")",
2488 arm7_9
->write_xpsr_im8(target
,
2489 buf_get_u32(arm
->cpsr
->value
, 0, 8)
2492 return ERROR_TARGET_DATA_ABORT
;
2498 int arm7_9_write_memory_opt(struct target
*target
,
2499 target_addr_t address
,
2502 const uint8_t *buffer
)
2504 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2507 if (size
== 4 && count
> 32 && arm7_9
->bulk_write_memory
) {
2508 /* Attempt to do a bulk write */
2509 retval
= arm7_9
->bulk_write_memory(target
, address
, count
, buffer
);
2511 if (retval
== ERROR_OK
)
2515 return arm7_9
->write_memory(target
, address
, size
, count
, buffer
);
2518 int arm7_9_write_memory_no_opt(struct target
*target
,
2522 const uint8_t *buffer
)
2524 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2526 return arm7_9
->write_memory(target
, address
, size
, count
, buffer
);
2529 static int dcc_count
;
2530 static const uint8_t *dcc_buffer
;
2532 static int arm7_9_dcc_completion(struct target
*target
,
2533 uint32_t exit_point
,
2537 int retval
= ERROR_OK
;
2538 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2540 retval
= target_wait_state(target
, TARGET_DEBUG_RUNNING
, 500);
2541 if (retval
!= ERROR_OK
)
2544 int little
= target
->endianness
== TARGET_LITTLE_ENDIAN
;
2545 int count
= dcc_count
;
2546 const uint8_t *buffer
= dcc_buffer
;
2548 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2549 * core function repeated. */
2550 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2551 fast_target_buffer_get_u32(buffer
, little
));
2554 struct embeddedice_reg
*ice_reg
=
2555 arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
].arch_info
;
2556 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
2557 struct jtag_tap
*tap
;
2558 tap
= ice_reg
->jtag_info
->tap
;
2560 embeddedice_write_dcc(tap
, reg_addr
, buffer
, little
, count
-2);
2561 buffer
+= (count
-2)*4;
2563 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2564 fast_target_buffer_get_u32(buffer
, little
));
2567 for (i
= 0; i
< count
; i
++) {
2568 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
],
2569 fast_target_buffer_get_u32(buffer
, little
));
2574 retval
= target_halt(target
);
2575 if (retval
!= ERROR_OK
)
2577 return target_wait_state(target
, TARGET_HALTED
, 500);
2580 static const uint32_t dcc_code
[] = {
2581 /* r0 == input, points to memory buffer
2585 /* spin until DCC control (c0) reports data arrived */
2586 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2587 0xe3110001, /* tst r1, #1 */
2588 0x0afffffc, /* bne w */
2590 /* read word from DCC (c1), write to memory */
2591 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2592 0xe4801004, /* str r1, [r0], #4 */
2595 0xeafffff9 /* b w */
2598 int arm7_9_bulk_write_memory(struct target
*target
,
2599 target_addr_t address
,
2601 const uint8_t *buffer
)
2604 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2606 if (address
% 4 != 0)
2607 return ERROR_TARGET_UNALIGNED_ACCESS
;
2609 if (!arm7_9
->dcc_downloads
)
2610 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2612 /* regrab previously allocated working_area, or allocate a new one */
2613 if (!arm7_9
->dcc_working_area
) {
2614 uint8_t dcc_code_buf
[6 * 4];
2616 /* make sure we have a working area */
2617 if (target_alloc_working_area(target
, 24, &arm7_9
->dcc_working_area
) != ERROR_OK
) {
2618 LOG_INFO("no working area available, falling back to memory writes");
2619 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2622 /* copy target instructions to target endianness */
2623 target_buffer_set_u32_array(target
, dcc_code_buf
, ARRAY_SIZE(dcc_code
), dcc_code
);
2625 /* write DCC code to working area, using the non-optimized
2626 * memory write to avoid ending up here again */
2627 retval
= arm7_9_write_memory_no_opt(target
,
2628 arm7_9
->dcc_working_area
->address
, 4, 6, dcc_code_buf
);
2629 if (retval
!= ERROR_OK
)
2633 struct arm_algorithm arm_algo
;
2634 struct reg_param reg_params
[1];
2636 arm_algo
.common_magic
= ARM_COMMON_MAGIC
;
2637 arm_algo
.core_mode
= ARM_MODE_SVC
;
2638 arm_algo
.core_state
= ARM_STATE_ARM
;
2640 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2642 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2645 dcc_buffer
= buffer
;
2646 retval
= armv4_5_run_algorithm_inner(target
, 0, NULL
, 1, reg_params
,
2647 arm7_9
->dcc_working_area
->address
,
2648 arm7_9
->dcc_working_area
->address
+ 6*4,
2649 20*1000, &arm_algo
, arm7_9_dcc_completion
);
2651 if (retval
== ERROR_OK
) {
2652 uint32_t endaddress
= buf_get_u32(reg_params
[0].value
, 0, 32);
2653 if (endaddress
!= (address
+ count
*4)) {
2655 "DCC write failed, expected end address 0x%08" TARGET_PRIxADDR
" got 0x%0" PRIx32
"",
2656 (address
+ count
*4),
2658 retval
= ERROR_FAIL
;
2662 destroy_reg_param(®_params
[0]);
2668 * Perform per-target setup that requires JTAG access.
2670 int arm7_9_examine(struct target
*target
)
2672 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2675 if (!target_was_examined(target
)) {
2676 struct reg_cache
*t
, **cache_p
;
2678 t
= embeddedice_build_reg_cache(target
, arm7_9
);
2682 cache_p
= register_get_last_cache_p(&target
->reg_cache
);
2684 arm7_9
->eice_cache
= (*cache_p
);
2686 if (arm7_9
->arm
.etm
)
2687 (*cache_p
)->next
= etm_build_reg_cache(target
,
2691 target_set_examined(target
);
2694 retval
= embeddedice_setup(target
);
2695 if (retval
== ERROR_OK
)
2696 retval
= arm7_9_setup(target
);
2697 if (retval
== ERROR_OK
&& arm7_9
->arm
.etm
)
2698 retval
= etm_setup(target
);
2702 void arm7_9_deinit(struct target
*target
)
2704 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2706 if (target_was_examined(target
))
2707 embeddedice_free_reg_cache(arm7_9
->eice_cache
);
2709 arm_jtag_close_connection(&arm7_9
->jtag_info
);
2712 int arm7_9_check_reset(struct target
*target
)
2714 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2716 if (get_target_reset_nag() && !arm7_9
->dcc_downloads
)
2718 "NOTE! DCC downloads have not been enabled, defaulting to slow memory writes. Type 'help dcc'.");
2720 if (get_target_reset_nag() && (target
->working_area_size
== 0))
2721 LOG_WARNING("NOTE! Severe performance degradation without working memory enabled.");
2723 if (get_target_reset_nag() && !arm7_9
->fast_memory_access
)
2725 "NOTE! Severe performance degradation without fast memory access enabled. Type 'help fast'.");
2730 int arm7_9_endianness_callback(jtag_callback_data_t pu8_in
,
2731 jtag_callback_data_t i_size
, jtag_callback_data_t i_be
,
2732 jtag_callback_data_t i_flip
)
2734 uint8_t *in
= (uint8_t *)pu8_in
;
2735 int size
= (int)i_size
;
2737 int flip
= (int)i_flip
;
2742 readback
= le_to_h_u32(in
);
2744 readback
= flip_u32(readback
, 32);
2746 h_u32_to_be(in
, readback
);
2748 h_u32_to_le(in
, readback
);
2751 readback
= le_to_h_u16(in
);
2753 readback
= flip_u32(readback
, 16);
2755 h_u16_to_be(in
, readback
& 0xffff);
2757 h_u16_to_le(in
, readback
& 0xffff);
2762 readback
= flip_u32(readback
, 8);
2763 *in
= readback
& 0xff;
2770 COMMAND_HANDLER(handle_arm7_9_dbgrq_command
)
2772 struct target
*target
= get_current_target(CMD_CTX
);
2773 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2775 if (!is_arm7_9(arm7_9
)) {
2776 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2777 return ERROR_TARGET_INVALID
;
2781 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->use_dbgrq
);
2784 "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s",
2785 (arm7_9
->use_dbgrq
) ? "enabled" : "disabled");
2790 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command
)
2792 struct target
*target
= get_current_target(CMD_CTX
);
2793 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2795 if (!is_arm7_9(arm7_9
)) {
2796 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2797 return ERROR_TARGET_INVALID
;
2801 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->fast_memory_access
);
2804 "fast memory access is %s",
2805 (arm7_9
->fast_memory_access
) ? "enabled" : "disabled");
2810 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command
)
2812 struct target
*target
= get_current_target(CMD_CTX
);
2813 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2815 if (!is_arm7_9(arm7_9
)) {
2816 command_print(CMD
, "current target isn't an ARM7/ARM9 target");
2817 return ERROR_TARGET_INVALID
;
2821 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->dcc_downloads
);
2824 "dcc downloads are %s",
2825 (arm7_9
->dcc_downloads
) ? "enabled" : "disabled");
2830 static int arm7_9_setup_semihosting(struct target
*target
, int enable
)
2832 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2834 if (!is_arm7_9(arm7_9
)) {
2835 LOG_USER("current target isn't an ARM7/ARM9 target");
2836 return ERROR_TARGET_INVALID
;
2839 if (arm7_9
->has_vector_catch
) {
2840 struct reg
*vector_catch
= &arm7_9
->eice_cache
2841 ->reg_list
[EICE_VEC_CATCH
];
2843 if (!vector_catch
->valid
)
2844 embeddedice_read_reg(vector_catch
);
2845 buf_set_u32(vector_catch
->value
, 2, 1, enable
);
2846 embeddedice_store_reg(vector_catch
);
2848 /* TODO: allow optional high vectors and/or BKPT_HARD */
2850 breakpoint_add(target
, 8, 4, BKPT_SOFT
);
2852 breakpoint_remove(target
, 8);
2858 int arm7_9_init_arch_info(struct target
*target
, struct arm7_9_common
*arm7_9
)
2860 int retval
= ERROR_OK
;
2861 struct arm
*arm
= &arm7_9
->arm
;
2863 arm7_9
->common_magic
= ARM7_9_COMMON_MAGIC
;
2865 retval
= arm_jtag_setup_connection(&arm7_9
->jtag_info
);
2866 if (retval
!= ERROR_OK
)
2869 /* caller must have allocated via calloc(), so everything's zeroed */
2871 arm7_9
->wp_available_max
= 2;
2873 arm7_9
->fast_memory_access
= false;
2874 arm7_9
->dcc_downloads
= false;
2876 arm
->arch_info
= arm7_9
;
2877 arm
->core_type
= ARM_CORE_TYPE_STD
;
2878 arm
->read_core_reg
= arm7_9_read_core_reg
;
2879 arm
->write_core_reg
= arm7_9_write_core_reg
;
2880 arm
->full_context
= arm7_9_full_context
;
2881 arm
->setup_semihosting
= arm7_9_setup_semihosting
;
2883 retval
= arm_init_arch_info(target
, arm
);
2884 if (retval
!= ERROR_OK
)
2887 return target_register_timer_callback(arm7_9_handle_target_request
,
2888 1, TARGET_TIMER_TYPE_PERIODIC
, target
);
2891 static const struct command_registration arm7_9_any_command_handlers
[] = {
2894 .handler
= handle_arm7_9_dbgrq_command
,
2895 .mode
= COMMAND_ANY
,
2896 .usage
= "['enable'|'disable']",
2897 .help
= "use EmbeddedICE dbgrq instead of breakpoint "
2898 "for target halt requests",
2901 .name
= "fast_memory_access",
2902 .handler
= handle_arm7_9_fast_memory_access_command
,
2903 .mode
= COMMAND_ANY
,
2904 .usage
= "['enable'|'disable']",
2905 .help
= "use fast memory accesses instead of slower "
2906 "but potentially safer accesses",
2909 .name
= "dcc_downloads",
2910 .handler
= handle_arm7_9_dcc_downloads_command
,
2911 .mode
= COMMAND_ANY
,
2912 .usage
= "['enable'|'disable']",
2913 .help
= "use DCC downloads for larger memory writes",
2915 COMMAND_REGISTRATION_DONE
2917 const struct command_registration arm7_9_command_handlers
[] = {
2919 .chain
= arm_command_handlers
,
2922 .chain
= etm_command_handlers
,
2926 .mode
= COMMAND_ANY
,
2927 .help
= "arm7/9 specific commands",
2929 .chain
= arm7_9_any_command_handlers
,
2931 COMMAND_REGISTRATION_DONE
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)