1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
40 int arm7_9_debug_entry(target_t
*target
);
43 * Clear watchpoints for an ARM7/9 target.
45 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
46 * @return JTAG error status after executing queue
48 static int arm7_9_clear_watchpoints(struct arm7_9_common
*arm7_9
)
51 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
52 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
53 arm7_9
->sw_breakpoint_count
= 0;
54 arm7_9
->sw_breakpoints_added
= 0;
56 arm7_9
->wp1_used
= arm7_9
->wp1_used_default
;
57 arm7_9
->wp_available
= arm7_9
->wp_available_max
;
59 return jtag_execute_queue();
63 * Assign a watchpoint to one of the two available hardware comparators in an
64 * ARM7 or ARM9 target.
66 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
67 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
69 static void arm7_9_assign_wp(struct arm7_9_common
*arm7_9
, breakpoint_t
*breakpoint
)
71 if (!arm7_9
->wp0_used
)
75 arm7_9
->wp_available
--;
77 else if (!arm7_9
->wp1_used
)
81 arm7_9
->wp_available
--;
85 LOG_ERROR("BUG: no hardware comparator available");
87 LOG_DEBUG("BPID: %d (0x%08" PRIx32
") using hw wp: %d",
88 breakpoint
->unique_id
,
94 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
96 * @param arm7_9 Pointer to common struct for ARM7/9 targets
97 * @return Error codes if there is a problem finding a watchpoint or the result
98 * of executing the JTAG queue
100 static int arm7_9_set_software_breakpoints(struct arm7_9_common
*arm7_9
)
102 if (arm7_9
->sw_breakpoints_added
)
106 if (arm7_9
->wp_available
< 1)
108 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
109 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
111 arm7_9
->wp_available
--;
113 /* pick a breakpoint unit */
114 if (!arm7_9
->wp0_used
)
116 arm7_9
->sw_breakpoints_added
= 1;
117 arm7_9
->wp0_used
= 3;
118 } else if (!arm7_9
->wp1_used
)
120 arm7_9
->sw_breakpoints_added
= 2;
121 arm7_9
->wp1_used
= 3;
125 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
129 if (arm7_9
->sw_breakpoints_added
== 1)
131 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], arm7_9
->arm_bkpt
);
132 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0x0);
133 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffffu
);
134 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
135 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
137 else if (arm7_9
->sw_breakpoints_added
== 2)
139 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], arm7_9
->arm_bkpt
);
140 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0x0);
141 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0xffffffffu
);
142 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
143 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
147 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
150 LOG_DEBUG("SW BP using hw wp: %d",
151 arm7_9
->sw_breakpoints_added
);
153 return jtag_execute_queue();
157 * Setup the common pieces for an ARM7/9 target after reset or on startup.
159 * @param target Pointer to an ARM7/9 target to setup
160 * @return Result of clearing the watchpoints on the target
162 int arm7_9_setup(target_t
*target
)
164 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
166 return arm7_9_clear_watchpoints(arm7_9
);
170 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
171 * targets. A return of ERROR_OK signifies that the target is a valid target
172 * and that the pointers have been set properly.
174 * @param target Pointer to the target device to get the pointers from
175 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
177 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
179 * @return ERROR_OK if successful
181 int arm7_9_get_arch_pointers(target_t
*target
, armv4_5_common_t
**armv4_5_p
, struct arm7_9_common
**arm7_9_p
)
183 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
184 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
186 /* FIXME stop using this routine; just target_to_arm7_9() and
187 * verify the resulting pointer using a replacement routine
188 * that emits a usage message.
190 if (armv4_5
->common_magic
!= ARMV4_5_COMMON_MAGIC
)
191 return ERROR_TARGET_INVALID
;
193 if (arm7_9
->common_magic
!= ARM7_9_COMMON_MAGIC
)
194 return ERROR_TARGET_INVALID
;
196 *armv4_5_p
= armv4_5
;
203 * Set either a hardware or software breakpoint on an ARM7/9 target. The
204 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
205 * might have erased the values in Embedded ICE.
207 * @param target Pointer to the target device to set the breakpoints on
208 * @param breakpoint Pointer to the breakpoint to be set
209 * @return For hardware breakpoints, this is the result of executing the JTAG
210 * queue. For software breakpoints, this will be the status of the
211 * required memory reads and writes
213 int arm7_9_set_breakpoint(struct target_s
*target
, breakpoint_t
*breakpoint
)
215 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
216 int retval
= ERROR_OK
;
218 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32
", Type: %d" ,
219 breakpoint
->unique_id
,
223 if (target
->state
!= TARGET_HALTED
)
225 LOG_WARNING("target not halted");
226 return ERROR_TARGET_NOT_HALTED
;
229 if (breakpoint
->type
== BKPT_HARD
)
231 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
232 uint32_t mask
= (breakpoint
->length
== 4) ? 0x3u
: 0x1u
;
234 /* reassign a hw breakpoint */
235 if (breakpoint
->set
== 0)
237 arm7_9_assign_wp(arm7_9
, breakpoint
);
240 if (breakpoint
->set
== 1)
242 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], breakpoint
->address
);
243 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
244 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffffu
);
245 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
246 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
248 else if (breakpoint
->set
== 2)
250 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], breakpoint
->address
);
251 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
252 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffffu
);
253 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
254 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
258 LOG_ERROR("BUG: no hardware comparator available");
262 retval
= jtag_execute_queue();
264 else if (breakpoint
->type
== BKPT_SOFT
)
266 /* did we already set this breakpoint? */
270 if (breakpoint
->length
== 4)
272 uint32_t verify
= 0xffffffff;
273 /* keep the original instruction in target endianness */
274 if ((retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
278 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
279 if ((retval
= target_write_u32(target
, breakpoint
->address
, arm7_9
->arm_bkpt
)) != ERROR_OK
)
284 if ((retval
= target_read_u32(target
, breakpoint
->address
, &verify
)) != ERROR_OK
)
288 if (verify
!= arm7_9
->arm_bkpt
)
290 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32
" - check that memory is read/writable", breakpoint
->address
);
296 uint16_t verify
= 0xffff;
297 /* keep the original instruction in target endianness */
298 if ((retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
302 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
303 if ((retval
= target_write_u16(target
, breakpoint
->address
, arm7_9
->thumb_bkpt
)) != ERROR_OK
)
308 if ((retval
= target_read_u16(target
, breakpoint
->address
, &verify
)) != ERROR_OK
)
312 if (verify
!= arm7_9
->thumb_bkpt
)
314 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32
" - check that memory is read/writable", breakpoint
->address
);
319 if ((retval
= arm7_9_set_software_breakpoints(arm7_9
)) != ERROR_OK
)
322 arm7_9
->sw_breakpoint_count
++;
331 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
332 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
333 * will be updated. Otherwise, the software breakpoint will be restored to its
334 * original instruction if it hasn't already been modified.
336 * @param target Pointer to ARM7/9 target to unset the breakpoint from
337 * @param breakpoint Pointer to breakpoint to be unset
338 * @return For hardware breakpoints, this is the result of executing the JTAG
339 * queue. For software breakpoints, this will be the status of the
340 * required memory reads and writes
342 int arm7_9_unset_breakpoint(struct target_s
*target
, breakpoint_t
*breakpoint
)
344 int retval
= ERROR_OK
;
345 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
347 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32
,
348 breakpoint
->unique_id
,
349 breakpoint
->address
);
351 if (!breakpoint
->set
)
353 LOG_WARNING("breakpoint not set");
357 if (breakpoint
->type
== BKPT_HARD
)
359 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
360 breakpoint
->unique_id
,
362 if (breakpoint
->set
== 1)
364 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
365 arm7_9
->wp0_used
= 0;
366 arm7_9
->wp_available
++;
368 else if (breakpoint
->set
== 2)
370 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
371 arm7_9
->wp1_used
= 0;
372 arm7_9
->wp_available
++;
374 retval
= jtag_execute_queue();
379 /* restore original instruction (kept in target endianness) */
380 if (breakpoint
->length
== 4)
382 uint32_t current_instr
;
383 /* check that user program as not modified breakpoint instruction */
384 if ((retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, (uint8_t*)¤t_instr
)) != ERROR_OK
)
388 if (current_instr
== arm7_9
->arm_bkpt
)
389 if ((retval
= target_write_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
396 uint16_t current_instr
;
397 /* check that user program as not modified breakpoint instruction */
398 if ((retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, (uint8_t*)¤t_instr
)) != ERROR_OK
)
402 if (current_instr
== arm7_9
->thumb_bkpt
)
403 if ((retval
= target_write_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
409 if (--arm7_9
->sw_breakpoint_count
==0)
411 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
412 if (arm7_9
->sw_breakpoints_added
== 1)
414 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0);
416 else if (arm7_9
->sw_breakpoints_added
== 2)
418 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0);
429 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
430 * dangling breakpoints and that the desired breakpoint can be added.
432 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
433 * @param breakpoint Pointer to the breakpoint to be added
434 * @return An error status if there is a problem adding the breakpoint or the
435 * result of setting the breakpoint
437 int arm7_9_add_breakpoint(struct target_s
*target
, breakpoint_t
*breakpoint
)
439 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
441 if (target
->state
!= TARGET_HALTED
)
443 LOG_WARNING("target not halted");
444 return ERROR_TARGET_NOT_HALTED
;
447 if (arm7_9
->breakpoint_count
== 0)
449 /* make sure we don't have any dangling breakpoints. This is vital upon
450 * GDB connect/disconnect
452 arm7_9_clear_watchpoints(arm7_9
);
455 if ((breakpoint
->type
== BKPT_HARD
) && (arm7_9
->wp_available
< 1))
457 LOG_INFO("no watchpoint unit available for hardware breakpoint");
458 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
461 if ((breakpoint
->length
!= 2) && (breakpoint
->length
!= 4))
463 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
464 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
467 if (breakpoint
->type
== BKPT_HARD
)
469 arm7_9_assign_wp(arm7_9
, breakpoint
);
472 arm7_9
->breakpoint_count
++;
474 return arm7_9_set_breakpoint(target
, breakpoint
);
478 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
479 * dangling breakpoints and updates available watchpoints if it is a hardware
482 * @param target Pointer to the target to have a breakpoint removed
483 * @param breakpoint Pointer to the breakpoint to be removed
484 * @return Error status if there was a problem unsetting the breakpoint or the
485 * watchpoints could not be cleared
487 int arm7_9_remove_breakpoint(struct target_s
*target
, breakpoint_t
*breakpoint
)
489 int retval
= ERROR_OK
;
490 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
492 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
497 if (breakpoint
->type
== BKPT_HARD
)
498 arm7_9
->wp_available
++;
500 arm7_9
->breakpoint_count
--;
501 if (arm7_9
->breakpoint_count
== 0)
503 /* make sure we don't have any dangling breakpoints */
504 if ((retval
= arm7_9_clear_watchpoints(arm7_9
)) != ERROR_OK
)
514 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
515 * considered a bug to call this function when there are no available watchpoint
518 * @param target Pointer to an ARM7/9 target to set a watchpoint on
519 * @param watchpoint Pointer to the watchpoint to be set
520 * @return Error status if watchpoint set fails or the result of executing the
523 int arm7_9_set_watchpoint(struct target_s
*target
, struct watchpoint
*watchpoint
)
525 int retval
= ERROR_OK
;
526 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
530 mask
= watchpoint
->length
- 1;
532 if (target
->state
!= TARGET_HALTED
)
534 LOG_WARNING("target not halted");
535 return ERROR_TARGET_NOT_HALTED
;
538 if (watchpoint
->rw
== WPT_ACCESS
)
543 if (!arm7_9
->wp0_used
)
545 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], watchpoint
->address
);
546 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
547 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], watchpoint
->mask
);
548 if (watchpoint
->mask
!= 0xffffffffu
)
549 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], watchpoint
->value
);
550 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
551 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
553 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
558 arm7_9
->wp0_used
= 2;
560 else if (!arm7_9
->wp1_used
)
562 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], watchpoint
->address
);
563 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
564 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], watchpoint
->mask
);
565 if (watchpoint
->mask
!= 0xffffffffu
)
566 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], watchpoint
->value
);
567 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
568 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
570 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
575 arm7_9
->wp1_used
= 2;
579 LOG_ERROR("BUG: no hardware comparator available");
587 * Unset an existing watchpoint and clear the used watchpoint unit.
589 * @param target Pointer to the target to have the watchpoint removed
590 * @param watchpoint Pointer to the watchpoint to be removed
591 * @return Error status while trying to unset the watchpoint or the result of
592 * executing the JTAG queue
594 int arm7_9_unset_watchpoint(struct target_s
*target
, struct watchpoint
*watchpoint
)
596 int retval
= ERROR_OK
;
597 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
599 if (target
->state
!= TARGET_HALTED
)
601 LOG_WARNING("target not halted");
602 return ERROR_TARGET_NOT_HALTED
;
605 if (!watchpoint
->set
)
607 LOG_WARNING("breakpoint not set");
611 if (watchpoint
->set
== 1)
613 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
614 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
618 arm7_9
->wp0_used
= 0;
620 else if (watchpoint
->set
== 2)
622 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
623 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
627 arm7_9
->wp1_used
= 0;
635 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
636 * available, an error response is returned.
638 * @param target Pointer to the ARM7/9 target to add a watchpoint to
639 * @param watchpoint Pointer to the watchpoint to be added
640 * @return Error status while trying to add the watchpoint
642 int arm7_9_add_watchpoint(struct target_s
*target
, struct watchpoint
*watchpoint
)
644 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
646 if (target
->state
!= TARGET_HALTED
)
648 LOG_WARNING("target not halted");
649 return ERROR_TARGET_NOT_HALTED
;
652 if (arm7_9
->wp_available
< 1)
654 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
657 if ((watchpoint
->length
!= 1) && (watchpoint
->length
!= 2) && (watchpoint
->length
!= 4))
659 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
662 arm7_9
->wp_available
--;
668 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
669 * the used watchpoint unit will be reopened.
671 * @param target Pointer to the target to remove a watchpoint from
672 * @param watchpoint Pointer to the watchpoint to be removed
673 * @return Result of trying to unset the watchpoint
675 int arm7_9_remove_watchpoint(struct target_s
*target
, struct watchpoint
*watchpoint
)
677 int retval
= ERROR_OK
;
678 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
682 if ((retval
= arm7_9_unset_watchpoint(target
, watchpoint
)) != ERROR_OK
)
688 arm7_9
->wp_available
++;
694 * Restarts the target by sending a RESTART instruction and moving the JTAG
695 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
696 * asserted by the processor.
698 * @param target Pointer to target to issue commands to
699 * @return Error status if there is a timeout or a problem while executing the
702 int arm7_9_execute_sys_speed(struct target_s
*target
)
705 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
706 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
707 reg_t
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
709 /* set RESTART instruction */
710 jtag_set_end_state(TAP_IDLE
);
711 if (arm7_9
->need_bypass_before_restart
) {
712 arm7_9
->need_bypass_before_restart
= 0;
713 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
715 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
717 long long then
= timeval_ms();
719 while (!(timeout
= ((timeval_ms()-then
) > 1000)))
721 /* read debug status register */
722 embeddedice_read_reg(dbg_stat
);
723 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
725 if ((buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
726 && (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_SYSCOMP
, 1)))
728 if (debug_level
>= 3)
738 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32
"", buf_get_u32(dbg_stat
->value
, 0, dbg_stat
->size
));
739 return ERROR_TARGET_TIMEOUT
;
746 * Restarts the target by sending a RESTART instruction and moving the JTAG
747 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
748 * waiting until they are.
750 * @param target Pointer to the target to issue commands to
751 * @return Always ERROR_OK
753 int arm7_9_execute_fast_sys_speed(struct target_s
*target
)
756 static uint8_t check_value
[4], check_mask
[4];
758 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
759 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
760 reg_t
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
762 /* set RESTART instruction */
763 jtag_set_end_state(TAP_IDLE
);
764 if (arm7_9
->need_bypass_before_restart
) {
765 arm7_9
->need_bypass_before_restart
= 0;
766 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
768 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
772 /* check for DBGACK and SYSCOMP set (others don't care) */
774 /* NB! These are constants that must be available until after next jtag_execute() and
775 * we evaluate the values upon first execution in lieu of setting up these constants
776 * during early setup.
778 buf_set_u32(check_value
, 0, 32, 0x9);
779 buf_set_u32(check_mask
, 0, 32, 0x9);
783 /* read debug status register */
784 embeddedice_read_reg_w_check(dbg_stat
, check_value
, check_mask
);
790 * Get some data from the ARM7/9 target.
792 * @param target Pointer to the ARM7/9 target to read data from
793 * @param size The number of 32bit words to be read
794 * @param buffer Pointer to the buffer that will hold the data
795 * @return The result of receiving data from the Embedded ICE unit
797 int arm7_9_target_request_data(target_t
*target
, uint32_t size
, uint8_t *buffer
)
799 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
800 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
802 int retval
= ERROR_OK
;
805 data
= malloc(size
* (sizeof(uint32_t)));
807 retval
= embeddedice_receive(jtag_info
, data
, size
);
809 /* return the 32-bit ints in the 8-bit array */
810 for (i
= 0; i
< size
; i
++)
812 h_u32_to_le(buffer
+ (i
* 4), data
[i
]);
821 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
822 * target is running and the DCC control register has the W bit high, this will
823 * execute the request on the target.
825 * @param priv Void pointer expected to be a target_t pointer
826 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
827 * from the Embedded ICE unit
829 int arm7_9_handle_target_request(void *priv
)
831 int retval
= ERROR_OK
;
832 target_t
*target
= priv
;
833 if (!target_was_examined(target
))
835 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
836 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
837 reg_t
*dcc_control
= &arm7_9
->eice_cache
->reg_list
[EICE_COMMS_CTRL
];
839 if (!target
->dbg_msg_enabled
)
842 if (target
->state
== TARGET_RUNNING
)
844 /* read DCC control register */
845 embeddedice_read_reg(dcc_control
);
846 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
852 if (buf_get_u32(dcc_control
->value
, 1, 1) == 1)
856 if ((retval
= embeddedice_receive(jtag_info
, &request
, 1)) != ERROR_OK
)
860 if ((retval
= target_request(target
, request
)) != ERROR_OK
)
871 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
872 * is manipulated to the right halted state based on its current state. This is
876 * <tr><th > State</th><th > Action</th></tr>
877 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
878 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
879 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
880 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
883 * If the target does not end up in the halted state, a warning is produced. If
884 * DBGACK is cleared, then the target is expected to either be running or
887 * @param target Pointer to the ARM7/9 target to poll
888 * @return ERROR_OK or an error status if a command fails
890 int arm7_9_poll(target_t
*target
)
893 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
894 reg_t
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
896 /* read debug status register */
897 embeddedice_read_reg(dbg_stat
);
898 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
903 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
905 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
906 if (target
->state
== TARGET_UNKNOWN
)
908 /* Starting OpenOCD with target in debug-halt */
909 target
->state
= TARGET_RUNNING
;
910 LOG_DEBUG("DBGACK already set during server startup.");
912 if ((target
->state
== TARGET_RUNNING
) || (target
->state
== TARGET_RESET
))
915 if (target
->state
== TARGET_RESET
)
917 if (target
->reset_halt
)
919 enum reset_types jtag_reset_config
= jtag_get_reset_config();
920 if ((jtag_reset_config
& RESET_SRST_PULLS_TRST
) == 0)
927 target
->state
= TARGET_HALTED
;
929 if ((retval
= arm7_9_debug_entry(target
)) != ERROR_OK
)
934 reg_t
*reg
= register_get_by_name(target
->reg_cache
, "pc", 1);
935 uint32_t t
=*((uint32_t *)reg
->value
);
938 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
942 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
947 if (target
->state
== TARGET_DEBUG_RUNNING
)
949 target
->state
= TARGET_HALTED
;
950 if ((retval
= arm7_9_debug_entry(target
)) != ERROR_OK
)
953 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
)) != ERROR_OK
)
958 if (target
->state
!= TARGET_HALTED
)
960 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target
->state
);
965 if (target
->state
!= TARGET_DEBUG_RUNNING
)
966 target
->state
= TARGET_RUNNING
;
973 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
974 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
975 * affected) completely stop the JTAG clock while the core is held in reset
976 * (SRST). It isn't possible to program the halt condition once reset is
977 * asserted, hence a hook that allows the target to set up its reset-halt
978 * condition is setup prior to asserting reset.
980 * @param target Pointer to an ARM7/9 target to assert reset on
981 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
983 int arm7_9_assert_reset(target_t
*target
)
985 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
987 LOG_DEBUG("target->state: %s",
988 target_state_name(target
));
990 enum reset_types jtag_reset_config
= jtag_get_reset_config();
991 if (!(jtag_reset_config
& RESET_HAS_SRST
))
993 LOG_ERROR("Can't assert SRST");
997 /* At this point trst has been asserted/deasserted once. We would
998 * like to program EmbeddedICE while SRST is asserted, instead of
999 * depending on SRST to leave that module alone. However, many CPUs
1000 * gate the JTAG clock while SRST is asserted; or JTAG may need
1001 * clock stability guarantees (adaptive clocking might help).
1003 * So we assume JTAG access during SRST is off the menu unless it's
1004 * been specifically enabled.
1006 bool srst_asserted
= false;
1008 if (((jtag_reset_config
& RESET_SRST_PULLS_TRST
) == 0)
1009 && (jtag_reset_config
& RESET_SRST_NO_GATING
))
1011 jtag_add_reset(0, 1);
1012 srst_asserted
= true;
1015 if (target
->reset_halt
)
1018 * Some targets do not support communication while SRST is asserted. We need to
1019 * set up the reset vector catch here.
1021 * If TRST is asserted, then these settings will be reset anyway, so setting them
1024 if (arm7_9
->has_vector_catch
)
1026 /* program vector catch register to catch reset vector */
1027 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
], 0x1);
1029 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1030 jtag_add_runtest(1, jtag_get_end_state());
1034 /* program watchpoint unit to match on reset vector address */
1035 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], 0x0);
1036 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0x3);
1037 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1038 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1039 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1043 /* here we should issue an SRST only, but we may have to assert TRST as well */
1044 if (jtag_reset_config
& RESET_SRST_PULLS_TRST
)
1046 jtag_add_reset(1, 1);
1047 } else if (!srst_asserted
)
1049 jtag_add_reset(0, 1);
1052 target
->state
= TARGET_RESET
;
1053 jtag_add_sleep(50000);
1055 armv4_5_invalidate_core_regs(target
);
1057 if ((target
->reset_halt
) && ((jtag_reset_config
& RESET_SRST_PULLS_TRST
) == 0))
1059 /* debug entry was already prepared in arm7_9_assert_reset() */
1060 target
->debug_reason
= DBG_REASON_DBGRQ
;
1067 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1068 * and the target is being reset into a halt, a warning will be triggered
1069 * because it is not possible to reset into a halted mode in this case. The
1070 * target is halted using the target's functions.
1072 * @param target Pointer to the target to have the reset deasserted
1073 * @return ERROR_OK or an error from polling or halting the target
1075 int arm7_9_deassert_reset(target_t
*target
)
1077 int retval
= ERROR_OK
;
1078 LOG_DEBUG("target->state: %s",
1079 target_state_name(target
));
1081 /* deassert reset lines */
1082 jtag_add_reset(0, 0);
1084 enum reset_types jtag_reset_config
= jtag_get_reset_config();
1085 if (target
->reset_halt
&& (jtag_reset_config
& RESET_SRST_PULLS_TRST
) != 0)
1087 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1088 /* set up embedded ice registers again */
1089 if ((retval
= target_examine_one(target
)) != ERROR_OK
)
1092 if ((retval
= target_poll(target
)) != ERROR_OK
)
1097 if ((retval
= target_halt(target
)) != ERROR_OK
)
1107 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1108 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1109 * vector catch was used, it is restored. Otherwise, the control value is
1110 * restored and the watchpoint unit is restored if it was in use.
1112 * @param target Pointer to the ARM7/9 target to have halt cleared
1113 * @return Always ERROR_OK
1115 int arm7_9_clear_halt(target_t
*target
)
1117 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1118 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1120 /* we used DBGRQ only if we didn't come out of reset */
1121 if (!arm7_9
->debug_entry_from_reset
&& arm7_9
->use_dbgrq
)
1123 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1125 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1126 embeddedice_store_reg(dbg_ctrl
);
1130 if (arm7_9
->debug_entry_from_reset
&& arm7_9
->has_vector_catch
)
1132 /* if we came out of reset, and vector catch is supported, we used
1133 * vector catch to enter debug state
1134 * restore the register in that case
1136 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
]);
1140 /* restore registers if watchpoint unit 0 was in use
1142 if (arm7_9
->wp0_used
)
1144 if (arm7_9
->debug_entry_from_reset
)
1146 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
]);
1148 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1149 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1150 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1152 /* control value always has to be restored, as it was either disabled,
1153 * or enabled with possibly different bits
1155 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1163 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1164 * and then there is a wait until the processor shows the halt. This wait can
1165 * timeout and results in an error being returned. The software reset involves
1166 * clearing the halt, updating the debug control register, changing to ARM mode,
1167 * reset of the program counter, and reset of all of the registers.
1169 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1170 * @return Error status if any of the commands fail, otherwise ERROR_OK
1172 int arm7_9_soft_reset_halt(struct target_s
*target
)
1174 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1175 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
1176 reg_t
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1177 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1181 /* FIX!!! replace some of this code with tcl commands
1183 * halt # the halt command is synchronous
1184 * armv4_5 core_state arm
1188 if ((retval
= target_halt(target
)) != ERROR_OK
)
1191 long long then
= timeval_ms();
1193 while (!(timeout
= ((timeval_ms()-then
) > 1000)))
1195 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) != 0)
1197 embeddedice_read_reg(dbg_stat
);
1198 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1200 if (debug_level
>= 3)
1210 LOG_ERROR("Failed to halt CPU after 1 sec");
1211 return ERROR_TARGET_TIMEOUT
;
1213 target
->state
= TARGET_HALTED
;
1215 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1216 * ensure that DBGRQ is cleared
1218 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1219 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1220 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1221 embeddedice_store_reg(dbg_ctrl
);
1223 if ((retval
= arm7_9_clear_halt(target
)) != ERROR_OK
)
1228 /* if the target is in Thumb state, change to ARM state */
1229 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1))
1231 uint32_t r0_thumb
, pc_thumb
;
1232 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1233 /* Entered debug from Thumb mode */
1234 armv4_5
->core_state
= ARMV4_5_STATE_THUMB
;
1235 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1238 /* all register content is now invalid */
1239 if ((retval
= armv4_5_invalidate_core_regs(target
)) != ERROR_OK
)
1244 /* SVC, ARM state, IRQ and FIQ disabled */
1245 buf_set_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8, 0xd3);
1246 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].dirty
= 1;
1247 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].valid
= 1;
1249 /* start fetching from 0x0 */
1250 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, 0x0);
1251 armv4_5
->core_cache
->reg_list
[15].dirty
= 1;
1252 armv4_5
->core_cache
->reg_list
[15].valid
= 1;
1254 armv4_5
->core_mode
= ARMV4_5_MODE_SVC
;
1255 armv4_5
->core_state
= ARMV4_5_STATE_ARM
;
1257 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
1260 /* reset registers */
1261 for (i
= 0; i
<= 14; i
++)
1263 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).value
, 0, 32, 0xffffffff);
1264 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).dirty
= 1;
1265 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).valid
= 1;
1268 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
1277 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1278 * line or by programming a watchpoint to trigger on any address. It is
1279 * considered a bug to call this function while the target is in the
1280 * TARGET_RESET state.
1282 * @param target Pointer to the ARM7/9 target to be halted
1283 * @return Always ERROR_OK
1285 int arm7_9_halt(target_t
*target
)
1287 if (target
->state
== TARGET_RESET
)
1289 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1293 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1294 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1296 LOG_DEBUG("target->state: %s",
1297 target_state_name(target
));
1299 if (target
->state
== TARGET_HALTED
)
1301 LOG_DEBUG("target was already halted");
1305 if (target
->state
== TARGET_UNKNOWN
)
1307 LOG_WARNING("target was in unknown state when halt was requested");
1310 if (arm7_9
->use_dbgrq
)
1312 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1314 if (arm7_9
->set_special_dbgrq
) {
1315 arm7_9
->set_special_dbgrq(target
);
1317 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 1);
1318 embeddedice_store_reg(dbg_ctrl
);
1323 /* program watchpoint unit to match on any address
1325 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1326 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1327 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1328 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1331 target
->debug_reason
= DBG_REASON_DBGRQ
;
1337 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1338 * ARM. The JTAG queue is then executed and the reason for debug entry is
1339 * examined. Once done, the target is verified to be halted and the processor
1340 * is forced into ARM mode. The core registers are saved for the current core
1341 * mode and the program counter (register 15) is updated as needed. The core
1342 * registers and CPSR and SPSR are saved for restoration later.
1344 * @param target Pointer to target that is entering debug mode
1345 * @return Error code if anything fails, otherwise ERROR_OK
1347 int arm7_9_debug_entry(target_t
*target
)
1350 uint32_t context
[16];
1351 uint32_t* context_p
[16];
1352 uint32_t r0_thumb
, pc_thumb
;
1355 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1356 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
1357 reg_t
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1358 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1360 #ifdef _DEBUG_ARM7_9_
1364 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1365 * ensure that DBGRQ is cleared
1367 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1368 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1369 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1370 embeddedice_store_reg(dbg_ctrl
);
1372 if ((retval
= arm7_9_clear_halt(target
)) != ERROR_OK
)
1377 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1382 if ((retval
= arm7_9
->examine_debug_reason(target
)) != ERROR_OK
)
1386 if (target
->state
!= TARGET_HALTED
)
1388 LOG_WARNING("target not halted");
1389 return ERROR_TARGET_NOT_HALTED
;
1392 /* if the target is in Thumb state, change to ARM state */
1393 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1))
1395 LOG_DEBUG("target entered debug from Thumb state");
1396 /* Entered debug from Thumb mode */
1397 armv4_5
->core_state
= ARMV4_5_STATE_THUMB
;
1398 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1399 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
", pc_thumb: 0x%8.8" PRIx32
"", r0_thumb
, pc_thumb
);
1403 LOG_DEBUG("target entered debug from ARM state");
1404 /* Entered debug from ARM mode */
1405 armv4_5
->core_state
= ARMV4_5_STATE_ARM
;
1408 for (i
= 0; i
< 16; i
++)
1409 context_p
[i
] = &context
[i
];
1410 /* save core registers (r0 - r15 of current core mode) */
1411 arm7_9
->read_core_regs(target
, 0xffff, context_p
);
1413 arm7_9
->read_xpsr(target
, &cpsr
, 0);
1415 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1418 /* if the core has been executing in Thumb state, set the T bit */
1419 if (armv4_5
->core_state
== ARMV4_5_STATE_THUMB
)
1422 buf_set_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 32, cpsr
);
1423 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].dirty
= 0;
1424 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].valid
= 1;
1426 armv4_5
->core_mode
= cpsr
& 0x1f;
1428 if (armv4_5_mode_to_number(armv4_5
->core_mode
) == -1)
1430 target
->state
= TARGET_UNKNOWN
;
1431 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1432 return ERROR_TARGET_FAILURE
;
1435 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings
[armv4_5_mode_to_number(armv4_5
->core_mode
)]);
1437 if (armv4_5
->core_state
== ARMV4_5_STATE_THUMB
)
1439 LOG_DEBUG("thumb state, applying fixups");
1440 context
[0] = r0_thumb
;
1441 context
[15] = pc_thumb
;
1442 } else if (armv4_5
->core_state
== ARMV4_5_STATE_ARM
)
1444 /* adjust value stored by STM */
1445 context
[15] -= 3 * 4;
1448 if ((target
->debug_reason
!= DBG_REASON_DBGRQ
) || (!arm7_9
->use_dbgrq
))
1449 context
[15] -= 3 * ((armv4_5
->core_state
== ARMV4_5_STATE_ARM
) ? 4 : 2);
1451 context
[15] -= arm7_9
->dbgreq_adjust_pc
* ((armv4_5
->core_state
== ARMV4_5_STATE_ARM
) ? 4 : 2);
1453 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
1456 for (i
= 0; i
<= 15; i
++)
1458 LOG_DEBUG("r%i: 0x%8.8" PRIx32
"", i
, context
[i
]);
1459 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).value
, 0, 32, context
[i
]);
1460 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).dirty
= 0;
1461 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).valid
= 1;
1464 LOG_DEBUG("entered debug state at PC 0x%" PRIx32
"", context
[15]);
1466 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
1469 /* exceptions other than USR & SYS have a saved program status register */
1470 if ((armv4_5
->core_mode
!= ARMV4_5_MODE_USR
) && (armv4_5
->core_mode
!= ARMV4_5_MODE_SYS
))
1473 arm7_9
->read_xpsr(target
, &spsr
, 1);
1474 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1478 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 16).value
, 0, 32, spsr
);
1479 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 16).dirty
= 0;
1480 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 16).valid
= 1;
1483 /* r0 and r15 (pc) have to be restored later */
1484 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 0).dirty
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 0).valid
;
1485 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 15).dirty
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, 15).valid
;
1487 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1490 if (arm7_9
->post_debug_entry
)
1491 arm7_9
->post_debug_entry(target
);
1497 * Validate the full context for an ARM7/9 target in all processor modes. If
1498 * there are any invalid registers for the target, they will all be read. This
1501 * @param target Pointer to the ARM7/9 target to capture the full context from
1502 * @return Error if the target is not halted, has an invalid core mode, or if
1503 * the JTAG queue fails to execute
1505 int arm7_9_full_context(target_t
*target
)
1509 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1510 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
1514 if (target
->state
!= TARGET_HALTED
)
1516 LOG_WARNING("target not halted");
1517 return ERROR_TARGET_NOT_HALTED
;
1520 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
1523 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1524 * SYS shares registers with User, so we don't touch SYS
1526 for (i
= 0; i
< 6; i
++)
1529 uint32_t* reg_p
[16];
1533 /* check if there are invalid registers in the current mode
1535 for (j
= 0; j
<= 16; j
++)
1537 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1545 /* change processor mode (and mask T bit) */
1546 tmp_cpsr
= buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & 0xE0;
1547 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1549 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1551 for (j
= 0; j
< 15; j
++)
1553 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1555 reg_p
[j
] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).value
;
1557 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
= 1;
1558 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).dirty
= 0;
1562 /* if only the PSR is invalid, mask is all zeroes */
1564 arm7_9
->read_core_regs(target
, mask
, reg_p
);
1566 /* check if the PSR has to be read */
1567 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).valid
== 0)
1569 arm7_9
->read_xpsr(target
, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).value
, 1);
1570 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).valid
= 1;
1571 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).dirty
= 0;
1576 /* restore processor mode (mask T bit) */
1577 arm7_9
->write_xpsr_im8(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & ~0x20, 0, 0);
1579 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1587 * Restore the processor context on an ARM7/9 target. The full processor
1588 * context is analyzed to see if any of the registers are dirty on this end, but
1589 * have a valid new value. If this is the case, the processor is changed to the
1590 * appropriate mode and the new register values are written out to the
1591 * processor. If there happens to be a dirty register with an invalid value, an
1592 * error will be logged.
1594 * @param target Pointer to the ARM7/9 target to have its context restored
1595 * @return Error status if the target is not halted or the core mode in the
1596 * armv4_5 struct is invalid.
1598 int arm7_9_restore_context(target_t
*target
)
1600 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1601 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
1603 struct armv4_5_core_reg
*reg_arch_info
;
1604 enum armv4_5_mode current_mode
= armv4_5
->core_mode
;
1611 if (target
->state
!= TARGET_HALTED
)
1613 LOG_WARNING("target not halted");
1614 return ERROR_TARGET_NOT_HALTED
;
1617 if (arm7_9
->pre_restore_context
)
1618 arm7_9
->pre_restore_context(target
);
1620 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
1623 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1624 * SYS shares registers with User, so we don't touch SYS
1626 for (i
= 0; i
< 6; i
++)
1628 LOG_DEBUG("examining %s mode", armv4_5_mode_strings
[i
]);
1631 /* check if there are dirty registers in the current mode
1633 for (j
= 0; j
<= 16; j
++)
1635 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
);
1636 reg_arch_info
= reg
->arch_info
;
1637 if (reg
->dirty
== 1)
1639 if (reg
->valid
== 1)
1642 LOG_DEBUG("examining dirty reg: %s", reg
->name
);
1643 if ((reg_arch_info
->mode
!= ARMV4_5_MODE_ANY
)
1644 && (reg_arch_info
->mode
!= current_mode
)
1645 && !((reg_arch_info
->mode
== ARMV4_5_MODE_USR
) && (armv4_5
->core_mode
== ARMV4_5_MODE_SYS
))
1646 && !((reg_arch_info
->mode
== ARMV4_5_MODE_SYS
) && (armv4_5
->core_mode
== ARMV4_5_MODE_USR
)))
1649 LOG_DEBUG("require mode change");
1654 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg
->name
);
1661 uint32_t mask
= 0x0;
1669 /* change processor mode (mask T bit) */
1670 tmp_cpsr
= buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & 0xE0;
1671 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1673 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1674 current_mode
= armv4_5_number_to_mode(i
);
1677 for (j
= 0; j
<= 14; j
++)
1679 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
);
1680 reg_arch_info
= reg
->arch_info
;
1683 if (reg
->dirty
== 1)
1685 regs
[j
] = buf_get_u32(reg
->value
, 0, 32);
1690 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32
"", j
, armv4_5_mode_strings
[i
], regs
[j
]);
1696 arm7_9
->write_core_regs(target
, mask
, regs
);
1699 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16);
1700 reg_arch_info
= reg
->arch_info
;
1701 if ((reg
->dirty
) && (reg_arch_info
->mode
!= ARMV4_5_MODE_ANY
))
1703 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32
"", i
, buf_get_u32(reg
->value
, 0, 32));
1704 arm7_9
->write_xpsr(target
, buf_get_u32(reg
->value
, 0, 32), 1);
1709 if ((armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].dirty
== 0) && (armv4_5
->core_mode
!= current_mode
))
1711 /* restore processor mode (mask T bit) */
1714 tmp_cpsr
= buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & 0xE0;
1715 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1717 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr
));
1718 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1720 else if (armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].dirty
== 1)
1722 /* CPSR has been changed, full restore necessary (mask T bit) */
1723 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32
"", buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 32));
1724 arm7_9
->write_xpsr(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 32) & ~0x20, 0);
1725 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].dirty
= 0;
1726 armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].valid
= 1;
1730 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32
"", buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1731 arm7_9
->write_pc(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1732 armv4_5
->core_cache
->reg_list
[15].dirty
= 0;
1734 if (arm7_9
->post_restore_context
)
1735 arm7_9
->post_restore_context(target
);
1741 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1742 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1745 * @param target Pointer to the ARM7/9 target to be restarted
1746 * @return Result of executing the JTAG queue
1748 int arm7_9_restart_core(struct target_s
*target
)
1750 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1751 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
1753 /* set RESTART instruction */
1754 jtag_set_end_state(TAP_IDLE
);
1755 if (arm7_9
->need_bypass_before_restart
) {
1756 arm7_9
->need_bypass_before_restart
= 0;
1757 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
1759 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
1761 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE
));
1762 return jtag_execute_queue();
1766 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1767 * iterated through and are set on the target if they aren't already set.
1769 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1771 void arm7_9_enable_watchpoints(struct target_s
*target
)
1773 struct watchpoint
*watchpoint
= target
->watchpoints
;
1777 if (watchpoint
->set
== 0)
1778 arm7_9_set_watchpoint(target
, watchpoint
);
1779 watchpoint
= watchpoint
->next
;
1784 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1785 * iterated through and are set on the target.
1787 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1789 void arm7_9_enable_breakpoints(struct target_s
*target
)
1791 breakpoint_t
*breakpoint
= target
->breakpoints
;
1793 /* set any pending breakpoints */
1796 arm7_9_set_breakpoint(target
, breakpoint
);
1797 breakpoint
= breakpoint
->next
;
1801 int arm7_9_resume(struct target_s
*target
, int current
, uint32_t address
, int handle_breakpoints
, int debug_execution
)
1803 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1804 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
1805 breakpoint_t
*breakpoint
= target
->breakpoints
;
1806 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1807 int err
, retval
= ERROR_OK
;
1811 if (target
->state
!= TARGET_HALTED
)
1813 LOG_WARNING("target not halted");
1814 return ERROR_TARGET_NOT_HALTED
;
1817 if (!debug_execution
)
1819 target_free_all_working_areas(target
);
1822 /* current = 1: continue on current pc, otherwise continue at <address> */
1824 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, address
);
1826 uint32_t current_pc
;
1827 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
1829 /* the front-end may request us not to handle breakpoints */
1830 if (handle_breakpoints
)
1832 if ((breakpoint
= breakpoint_find(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32))))
1834 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32
" (id: %d)", breakpoint
->address
, breakpoint
->unique_id
);
1835 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1840 /* calculate PC of next instruction */
1842 if ((retval
= arm_simulate_step(target
, &next_pc
)) != ERROR_OK
)
1844 uint32_t current_opcode
;
1845 target_read_u32(target
, current_pc
, ¤t_opcode
);
1846 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"", current_opcode
);
1850 LOG_DEBUG("enable single-step");
1851 arm7_9
->enable_single_step(target
, next_pc
);
1853 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1855 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
1860 if (armv4_5
->core_state
== ARMV4_5_STATE_ARM
)
1861 arm7_9
->branch_resume(target
);
1862 else if (armv4_5
->core_state
== ARMV4_5_STATE_THUMB
)
1864 arm7_9
->branch_resume_thumb(target
);
1868 LOG_ERROR("unhandled core state");
1872 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1873 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1874 err
= arm7_9_execute_sys_speed(target
);
1876 LOG_DEBUG("disable single-step");
1877 arm7_9
->disable_single_step(target
);
1879 if (err
!= ERROR_OK
)
1881 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1885 target
->state
= TARGET_UNKNOWN
;
1889 arm7_9_debug_entry(target
);
1890 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32
"", buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1892 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32
"", breakpoint
->address
);
1893 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1900 /* enable any pending breakpoints and watchpoints */
1901 arm7_9_enable_breakpoints(target
);
1902 arm7_9_enable_watchpoints(target
);
1904 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
1909 if (armv4_5
->core_state
== ARMV4_5_STATE_ARM
)
1911 arm7_9
->branch_resume(target
);
1913 else if (armv4_5
->core_state
== ARMV4_5_STATE_THUMB
)
1915 arm7_9
->branch_resume_thumb(target
);
1919 LOG_ERROR("unhandled core state");
1923 /* deassert DBGACK and INTDIS */
1924 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1925 /* INTDIS only when we really resume, not during debug execution */
1926 if (!debug_execution
)
1927 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 0);
1928 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1930 if ((retval
= arm7_9_restart_core(target
)) != ERROR_OK
)
1935 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1937 if (!debug_execution
)
1939 /* registers are now invalid */
1940 armv4_5_invalidate_core_regs(target
);
1941 target
->state
= TARGET_RUNNING
;
1942 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
)) != ERROR_OK
)
1949 target
->state
= TARGET_DEBUG_RUNNING
;
1950 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
)) != ERROR_OK
)
1956 LOG_DEBUG("target resumed");
1961 void arm7_9_enable_eice_step(target_t
*target
, uint32_t next_pc
)
1963 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1964 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
1965 uint32_t current_pc
;
1966 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
1968 if (next_pc
!= current_pc
)
1970 /* setup an inverse breakpoint on the current PC
1971 * - comparator 1 matches the current address
1972 * - rangeout from comparator 1 is connected to comparator 0 rangein
1973 * - comparator 0 matches any address, as long as rangein is low */
1974 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1975 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1976 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1977 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~(EICE_W_CTRL_RANGE
| EICE_W_CTRL_nOPC
) & 0xff);
1978 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], current_pc
);
1979 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1980 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1981 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
1982 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1986 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1987 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1988 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
1989 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff);
1990 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], next_pc
);
1991 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1992 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1993 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1994 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1998 void arm7_9_disable_eice_step(target_t
*target
)
2000 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2002 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
2003 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
2004 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
2005 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
2006 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
]);
2007 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
]);
2008 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
]);
2009 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
]);
2010 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
]);
2013 int arm7_9_step(struct target_s
*target
, int current
, uint32_t address
, int handle_breakpoints
)
2015 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2016 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
2017 breakpoint_t
*breakpoint
= NULL
;
2020 if (target
->state
!= TARGET_HALTED
)
2022 LOG_WARNING("target not halted");
2023 return ERROR_TARGET_NOT_HALTED
;
2026 /* current = 1: continue on current pc, otherwise continue at <address> */
2028 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, address
);
2030 uint32_t current_pc
;
2031 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
2033 /* the front-end may request us not to handle breakpoints */
2034 if (handle_breakpoints
)
2035 if ((breakpoint
= breakpoint_find(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32))))
2036 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
2041 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
2043 /* calculate PC of next instruction */
2045 if ((retval
= arm_simulate_step(target
, &next_pc
)) != ERROR_OK
)
2047 uint32_t current_opcode
;
2048 target_read_u32(target
, current_pc
, ¤t_opcode
);
2049 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"", current_opcode
);
2053 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
2058 arm7_9
->enable_single_step(target
, next_pc
);
2060 if (armv4_5
->core_state
== ARMV4_5_STATE_ARM
)
2062 arm7_9
->branch_resume(target
);
2064 else if (armv4_5
->core_state
== ARMV4_5_STATE_THUMB
)
2066 arm7_9
->branch_resume_thumb(target
);
2070 LOG_ERROR("unhandled core state");
2074 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
)) != ERROR_OK
)
2079 err
= arm7_9_execute_sys_speed(target
);
2080 arm7_9
->disable_single_step(target
);
2082 /* registers are now invalid */
2083 armv4_5_invalidate_core_regs(target
);
2085 if (err
!= ERROR_OK
)
2087 target
->state
= TARGET_UNKNOWN
;
2089 arm7_9_debug_entry(target
);
2090 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
2094 LOG_DEBUG("target stepped");
2098 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
2106 int arm7_9_read_core_reg(struct target_s
*target
, int num
, enum armv4_5_mode mode
)
2108 uint32_t* reg_p
[16];
2111 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2112 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
2114 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
2117 enum armv4_5_mode reg_mode
= ((struct armv4_5_core_reg
*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).arch_info
)->mode
;
2119 if ((num
< 0) || (num
> 16))
2120 return ERROR_INVALID_ARGUMENTS
;
2122 if ((mode
!= ARMV4_5_MODE_ANY
)
2123 && (mode
!= armv4_5
->core_mode
)
2124 && (reg_mode
!= ARMV4_5_MODE_ANY
))
2128 /* change processor mode (mask T bit) */
2129 tmp_cpsr
= buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & 0xE0;
2132 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2135 if ((num
>= 0) && (num
<= 15))
2137 /* read a normal core register */
2138 reg_p
[num
] = &value
;
2140 arm7_9
->read_core_regs(target
, 1 << num
, reg_p
);
2144 /* read a program status register
2145 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2147 struct armv4_5_core_reg
*arch_info
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).arch_info
;
2148 int spsr
= (arch_info
->mode
== ARMV4_5_MODE_ANY
) ? 0 : 1;
2150 arm7_9
->read_xpsr(target
, &value
, spsr
);
2153 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2158 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).valid
= 1;
2159 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).dirty
= 0;
2160 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).value
, 0, 32, value
);
2162 if ((mode
!= ARMV4_5_MODE_ANY
)
2163 && (mode
!= armv4_5
->core_mode
)
2164 && (reg_mode
!= ARMV4_5_MODE_ANY
)) {
2165 /* restore processor mode (mask T bit) */
2166 arm7_9
->write_xpsr_im8(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & ~0x20, 0, 0);
2172 int arm7_9_write_core_reg(struct target_s
*target
, int num
, enum armv4_5_mode mode
, uint32_t value
)
2175 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2176 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
2178 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
2181 enum armv4_5_mode reg_mode
= ((struct armv4_5_core_reg
*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).arch_info
)->mode
;
2183 if ((num
< 0) || (num
> 16))
2184 return ERROR_INVALID_ARGUMENTS
;
2186 if ((mode
!= ARMV4_5_MODE_ANY
)
2187 && (mode
!= armv4_5
->core_mode
)
2188 && (reg_mode
!= ARMV4_5_MODE_ANY
)) {
2191 /* change processor mode (mask T bit) */
2192 tmp_cpsr
= buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & 0xE0;
2195 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2198 if ((num
>= 0) && (num
<= 15))
2200 /* write a normal core register */
2203 arm7_9
->write_core_regs(target
, 1 << num
, reg
);
2207 /* write a program status register
2208 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2210 struct armv4_5_core_reg
*arch_info
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).arch_info
;
2211 int spsr
= (arch_info
->mode
== ARMV4_5_MODE_ANY
) ? 0 : 1;
2213 /* if we're writing the CPSR, mask the T bit */
2217 arm7_9
->write_xpsr(target
, value
, spsr
);
2220 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).valid
= 1;
2221 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, mode
, num
).dirty
= 0;
2223 if ((mode
!= ARMV4_5_MODE_ANY
)
2224 && (mode
!= armv4_5
->core_mode
)
2225 && (reg_mode
!= ARMV4_5_MODE_ANY
)) {
2226 /* restore processor mode (mask T bit) */
2227 arm7_9
->write_xpsr_im8(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & ~0x20, 0, 0);
2230 return jtag_execute_queue();
2233 int arm7_9_read_memory(struct target_s
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
2235 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2236 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
2238 uint32_t num_accesses
= 0;
2239 int thisrun_accesses
;
2245 LOG_DEBUG("address: 0x%8.8" PRIx32
", size: 0x%8.8" PRIx32
", count: 0x%8.8" PRIx32
"", address
, size
, count
);
2247 if (target
->state
!= TARGET_HALTED
)
2249 LOG_WARNING("target not halted");
2250 return ERROR_TARGET_NOT_HALTED
;
2253 /* sanitize arguments */
2254 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2255 return ERROR_INVALID_ARGUMENTS
;
2257 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2258 return ERROR_TARGET_UNALIGNED_ACCESS
;
2260 /* load the base register with the address of the first word */
2262 arm7_9
->write_core_regs(target
, 0x1, reg
);
2269 while (num_accesses
< count
)
2272 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2273 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2275 if (last_reg
<= thisrun_accesses
)
2276 last_reg
= thisrun_accesses
;
2278 arm7_9
->load_word_regs(target
, reg_list
);
2280 /* fast memory reads are only safe when the target is running
2281 * from a sufficiently high clock (32 kHz is usually too slow)
2283 if (arm7_9
->fast_memory_access
)
2284 retval
= arm7_9_execute_fast_sys_speed(target
);
2286 retval
= arm7_9_execute_sys_speed(target
);
2287 if (retval
!= ERROR_OK
)
2290 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 4);
2292 /* advance buffer, count number of accesses */
2293 buffer
+= thisrun_accesses
* 4;
2294 num_accesses
+= thisrun_accesses
;
2296 if ((j
++%1024) == 0)
2303 while (num_accesses
< count
)
2306 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2307 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2309 for (i
= 1; i
<= thisrun_accesses
; i
++)
2313 arm7_9
->load_hword_reg(target
, i
);
2314 /* fast memory reads are only safe when the target is running
2315 * from a sufficiently high clock (32 kHz is usually too slow)
2317 if (arm7_9
->fast_memory_access
)
2318 retval
= arm7_9_execute_fast_sys_speed(target
);
2320 retval
= arm7_9_execute_sys_speed(target
);
2321 if (retval
!= ERROR_OK
)
2328 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 2);
2330 /* advance buffer, count number of accesses */
2331 buffer
+= thisrun_accesses
* 2;
2332 num_accesses
+= thisrun_accesses
;
2334 if ((j
++%1024) == 0)
2341 while (num_accesses
< count
)
2344 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2345 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2347 for (i
= 1; i
<= thisrun_accesses
; i
++)
2351 arm7_9
->load_byte_reg(target
, i
);
2352 /* fast memory reads are only safe when the target is running
2353 * from a sufficiently high clock (32 kHz is usually too slow)
2355 if (arm7_9
->fast_memory_access
)
2356 retval
= arm7_9_execute_fast_sys_speed(target
);
2358 retval
= arm7_9_execute_sys_speed(target
);
2359 if (retval
!= ERROR_OK
)
2365 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 1);
2367 /* advance buffer, count number of accesses */
2368 buffer
+= thisrun_accesses
* 1;
2369 num_accesses
+= thisrun_accesses
;
2371 if ((j
++%1024) == 0)
2378 LOG_ERROR("BUG: we shouldn't get here");
2383 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
2386 for (i
= 0; i
<= last_reg
; i
++)
2387 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).dirty
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).valid
;
2389 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2390 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2392 LOG_ERROR("JTAG error while reading cpsr");
2393 return ERROR_TARGET_DATA_ABORT
;
2396 if (((cpsr
& 0x1f) == ARMV4_5_MODE_ABT
) && (armv4_5
->core_mode
!= ARMV4_5_MODE_ABT
))
2398 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")", address
, size
, count
);
2400 arm7_9
->write_xpsr_im8(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & ~0x20, 0, 0);
2402 return ERROR_TARGET_DATA_ABORT
;
2408 int arm7_9_write_memory(struct target_s
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
2410 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2411 struct armv4_5_common_s
*armv4_5
= &arm7_9
->armv4_5_common
;
2412 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
2415 uint32_t num_accesses
= 0;
2416 int thisrun_accesses
;
2422 #ifdef _DEBUG_ARM7_9_
2423 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2426 if (target
->state
!= TARGET_HALTED
)
2428 LOG_WARNING("target not halted");
2429 return ERROR_TARGET_NOT_HALTED
;
2432 /* sanitize arguments */
2433 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2434 return ERROR_INVALID_ARGUMENTS
;
2436 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2437 return ERROR_TARGET_UNALIGNED_ACCESS
;
2439 /* load the base register with the address of the first word */
2441 arm7_9
->write_core_regs(target
, 0x1, reg
);
2443 /* Clear DBGACK, to make sure memory fetches work as expected */
2444 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
2445 embeddedice_store_reg(dbg_ctrl
);
2450 while (num_accesses
< count
)
2453 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2454 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2456 for (i
= 1; i
<= thisrun_accesses
; i
++)
2460 reg
[i
] = target_buffer_get_u32(target
, buffer
);
2464 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2466 arm7_9
->store_word_regs(target
, reg_list
);
2468 /* fast memory writes are only safe when the target is running
2469 * from a sufficiently high clock (32 kHz is usually too slow)
2471 if (arm7_9
->fast_memory_access
)
2472 retval
= arm7_9_execute_fast_sys_speed(target
);
2474 retval
= arm7_9_execute_sys_speed(target
);
2475 if (retval
!= ERROR_OK
)
2480 num_accesses
+= thisrun_accesses
;
2484 while (num_accesses
< count
)
2487 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2488 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2490 for (i
= 1; i
<= thisrun_accesses
; i
++)
2494 reg
[i
] = target_buffer_get_u16(target
, buffer
) & 0xffff;
2498 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2500 for (i
= 1; i
<= thisrun_accesses
; i
++)
2502 arm7_9
->store_hword_reg(target
, i
);
2504 /* fast memory writes are only safe when the target is running
2505 * from a sufficiently high clock (32 kHz is usually too slow)
2507 if (arm7_9
->fast_memory_access
)
2508 retval
= arm7_9_execute_fast_sys_speed(target
);
2510 retval
= arm7_9_execute_sys_speed(target
);
2511 if (retval
!= ERROR_OK
)
2517 num_accesses
+= thisrun_accesses
;
2521 while (num_accesses
< count
)
2524 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2525 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2527 for (i
= 1; i
<= thisrun_accesses
; i
++)
2531 reg
[i
] = *buffer
++ & 0xff;
2534 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2536 for (i
= 1; i
<= thisrun_accesses
; i
++)
2538 arm7_9
->store_byte_reg(target
, i
);
2539 /* fast memory writes are only safe when the target is running
2540 * from a sufficiently high clock (32 kHz is usually too slow)
2542 if (arm7_9
->fast_memory_access
)
2543 retval
= arm7_9_execute_fast_sys_speed(target
);
2545 retval
= arm7_9_execute_sys_speed(target
);
2546 if (retval
!= ERROR_OK
)
2553 num_accesses
+= thisrun_accesses
;
2557 LOG_ERROR("BUG: we shouldn't get here");
2563 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
2564 embeddedice_store_reg(dbg_ctrl
);
2566 if (armv4_5_mode_to_number(armv4_5
->core_mode
)==-1)
2569 for (i
= 0; i
<= last_reg
; i
++)
2570 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).dirty
= ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5
->core_mode
, i
).valid
;
2572 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2573 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2575 LOG_ERROR("JTAG error while reading cpsr");
2576 return ERROR_TARGET_DATA_ABORT
;
2579 if (((cpsr
& 0x1f) == ARMV4_5_MODE_ABT
) && (armv4_5
->core_mode
!= ARMV4_5_MODE_ABT
))
2581 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")", address
, size
, count
);
2583 arm7_9
->write_xpsr_im8(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[ARMV4_5_CPSR
].value
, 0, 8) & ~0x20, 0, 0);
2585 return ERROR_TARGET_DATA_ABORT
;
2591 static int dcc_count
;
2592 static uint8_t *dcc_buffer
;
2594 static int arm7_9_dcc_completion(struct target_s
*target
, uint32_t exit_point
, int timeout_ms
, void *arch_info
)
2596 int retval
= ERROR_OK
;
2597 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2599 if ((retval
= target_wait_state(target
, TARGET_DEBUG_RUNNING
, 500)) != ERROR_OK
)
2602 int little
= target
->endianness
== TARGET_LITTLE_ENDIAN
;
2603 int count
= dcc_count
;
2604 uint8_t *buffer
= dcc_buffer
;
2607 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2608 * core function repeated. */
2609 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2612 struct embeddedice_reg
*ice_reg
= arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
].arch_info
;
2613 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
2614 struct jtag_tap
*tap
;
2615 tap
= ice_reg
->jtag_info
->tap
;
2617 embeddedice_write_dcc(tap
, reg_addr
, buffer
, little
, count
-2);
2618 buffer
+= (count
-2)*4;
2620 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2624 for (i
= 0; i
< count
; i
++)
2626 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2631 if ((retval
= target_halt(target
))!= ERROR_OK
)
2635 return target_wait_state(target
, TARGET_HALTED
, 500);
2638 static const uint32_t dcc_code
[] =
2640 /* r0 == input, points to memory buffer
2644 /* spin until DCC control (c0) reports data arrived */
2645 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2646 0xe3110001, /* tst r1, #1 */
2647 0x0afffffc, /* bne w */
2649 /* read word from DCC (c1), write to memory */
2650 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2651 0xe4801004, /* str r1, [r0], #4 */
2654 0xeafffff9 /* b w */
2657 int armv4_5_run_algorithm_inner(struct target_s
*target
, int num_mem_params
, struct mem_param
*mem_params
, int num_reg_params
, struct reg_param
*reg_params
, uint32_t entry_point
, uint32_t exit_point
, int timeout_ms
, void *arch_info
, int (*run_it
)(struct target_s
*target
, uint32_t exit_point
, int timeout_ms
, void *arch_info
));
2659 int arm7_9_bulk_write_memory(target_t
*target
, uint32_t address
, uint32_t count
, uint8_t *buffer
)
2662 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2665 if (!arm7_9
->dcc_downloads
)
2666 return target_write_memory(target
, address
, 4, count
, buffer
);
2668 /* regrab previously allocated working_area, or allocate a new one */
2669 if (!arm7_9
->dcc_working_area
)
2671 uint8_t dcc_code_buf
[6 * 4];
2673 /* make sure we have a working area */
2674 if (target_alloc_working_area(target
, 24, &arm7_9
->dcc_working_area
) != ERROR_OK
)
2676 LOG_INFO("no working area available, falling back to memory writes");
2677 return target_write_memory(target
, address
, 4, count
, buffer
);
2680 /* copy target instructions to target endianness */
2681 for (i
= 0; i
< 6; i
++)
2683 target_buffer_set_u32(target
, dcc_code_buf
+ i
*4, dcc_code
[i
]);
2686 /* write DCC code to working area */
2687 if ((retval
= target_write_memory(target
, arm7_9
->dcc_working_area
->address
, 4, 6, dcc_code_buf
)) != ERROR_OK
)
2693 struct armv4_5_algorithm armv4_5_info
;
2694 struct reg_param reg_params
[1];
2696 armv4_5_info
.common_magic
= ARMV4_5_COMMON_MAGIC
;
2697 armv4_5_info
.core_mode
= ARMV4_5_MODE_SVC
;
2698 armv4_5_info
.core_state
= ARMV4_5_STATE_ARM
;
2700 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2702 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2705 dcc_buffer
= buffer
;
2706 retval
= armv4_5_run_algorithm_inner(target
, 0, NULL
, 1, reg_params
,
2707 arm7_9
->dcc_working_area
->address
, arm7_9
->dcc_working_area
->address
+ 6*4, 20*1000, &armv4_5_info
, arm7_9_dcc_completion
);
2709 if (retval
== ERROR_OK
)
2711 uint32_t endaddress
= buf_get_u32(reg_params
[0].value
, 0, 32);
2712 if (endaddress
!= (address
+ count
*4))
2714 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32
" got 0x%0" PRIx32
"", (address
+ count
*4), endaddress
);
2715 retval
= ERROR_FAIL
;
2719 destroy_reg_param(®_params
[0]);
2724 int arm7_9_checksum_memory(struct target_s
*target
, uint32_t address
, uint32_t count
, uint32_t* checksum
)
2726 working_area_t
*crc_algorithm
;
2727 struct armv4_5_algorithm armv4_5_info
;
2728 struct reg_param reg_params
[2];
2731 static const uint32_t arm7_9_crc_code
[] = {
2732 0xE1A02000, /* mov r2, r0 */
2733 0xE3E00000, /* mov r0, #0xffffffff */
2734 0xE1A03001, /* mov r3, r1 */
2735 0xE3A04000, /* mov r4, #0 */
2736 0xEA00000B, /* b ncomp */
2738 0xE7D21004, /* ldrb r1, [r2, r4] */
2739 0xE59F7030, /* ldr r7, CRC32XOR */
2740 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2741 0xE3A05000, /* mov r5, #0 */
2743 0xE3500000, /* cmp r0, #0 */
2744 0xE1A06080, /* mov r6, r0, asl #1 */
2745 0xE2855001, /* add r5, r5, #1 */
2746 0xE1A00006, /* mov r0, r6 */
2747 0xB0260007, /* eorlt r0, r6, r7 */
2748 0xE3550008, /* cmp r5, #8 */
2749 0x1AFFFFF8, /* bne loop */
2750 0xE2844001, /* add r4, r4, #1 */
2752 0xE1540003, /* cmp r4, r3 */
2753 0x1AFFFFF1, /* bne nbyte */
2755 0xEAFFFFFE, /* b end */
2756 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2761 if (target_alloc_working_area(target
, sizeof(arm7_9_crc_code
), &crc_algorithm
) != ERROR_OK
)
2763 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2766 /* convert flash writing code into a buffer in target endianness */
2767 for (i
= 0; i
< (sizeof(arm7_9_crc_code
)/sizeof(uint32_t)); i
++)
2769 if ((retval
= target_write_u32(target
, crc_algorithm
->address
+ i
*sizeof(uint32_t), arm7_9_crc_code
[i
])) != ERROR_OK
)
2775 armv4_5_info
.common_magic
= ARMV4_5_COMMON_MAGIC
;
2776 armv4_5_info
.core_mode
= ARMV4_5_MODE_SVC
;
2777 armv4_5_info
.core_state
= ARMV4_5_STATE_ARM
;
2779 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2780 init_reg_param(®_params
[1], "r1", 32, PARAM_OUT
);
2782 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2783 buf_set_u32(reg_params
[1].value
, 0, 32, count
);
2785 /* 20 second timeout/megabyte */
2786 int timeout
= 20000 * (1 + (count
/ (1024*1024)));
2788 if ((retval
= target_run_algorithm(target
, 0, NULL
, 2, reg_params
,
2789 crc_algorithm
->address
, crc_algorithm
->address
+ (sizeof(arm7_9_crc_code
) - 8), timeout
, &armv4_5_info
)) != ERROR_OK
)
2791 LOG_ERROR("error executing arm7_9 crc algorithm");
2792 destroy_reg_param(®_params
[0]);
2793 destroy_reg_param(®_params
[1]);
2794 target_free_working_area(target
, crc_algorithm
);
2798 *checksum
= buf_get_u32(reg_params
[0].value
, 0, 32);
2800 destroy_reg_param(®_params
[0]);
2801 destroy_reg_param(®_params
[1]);
2803 target_free_working_area(target
, crc_algorithm
);
2808 int arm7_9_blank_check_memory(struct target_s
*target
, uint32_t address
, uint32_t count
, uint32_t* blank
)
2810 working_area_t
*erase_check_algorithm
;
2811 struct reg_param reg_params
[3];
2812 struct armv4_5_algorithm armv4_5_info
;
2816 static const uint32_t erase_check_code
[] =
2819 0xe4d03001, /* ldrb r3, [r0], #1 */
2820 0xe0022003, /* and r2, r2, r3 */
2821 0xe2511001, /* subs r1, r1, #1 */
2822 0x1afffffb, /* bne loop */
2824 0xeafffffe /* b end */
2827 /* make sure we have a working area */
2828 if (target_alloc_working_area(target
, sizeof(erase_check_code
), &erase_check_algorithm
) != ERROR_OK
)
2830 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
2833 /* convert flash writing code into a buffer in target endianness */
2834 for (i
= 0; i
< (sizeof(erase_check_code
)/sizeof(uint32_t)); i
++)
2835 if ((retval
= target_write_u32(target
, erase_check_algorithm
->address
+ i
*sizeof(uint32_t), erase_check_code
[i
])) != ERROR_OK
)
2840 armv4_5_info
.common_magic
= ARMV4_5_COMMON_MAGIC
;
2841 armv4_5_info
.core_mode
= ARMV4_5_MODE_SVC
;
2842 armv4_5_info
.core_state
= ARMV4_5_STATE_ARM
;
2844 init_reg_param(®_params
[0], "r0", 32, PARAM_OUT
);
2845 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2847 init_reg_param(®_params
[1], "r1", 32, PARAM_OUT
);
2848 buf_set_u32(reg_params
[1].value
, 0, 32, count
);
2850 init_reg_param(®_params
[2], "r2", 32, PARAM_IN_OUT
);
2851 buf_set_u32(reg_params
[2].value
, 0, 32, 0xff);
2853 if ((retval
= target_run_algorithm(target
, 0, NULL
, 3, reg_params
,
2854 erase_check_algorithm
->address
, erase_check_algorithm
->address
+ (sizeof(erase_check_code
) - 4), 10000, &armv4_5_info
)) != ERROR_OK
)
2856 destroy_reg_param(®_params
[0]);
2857 destroy_reg_param(®_params
[1]);
2858 destroy_reg_param(®_params
[2]);
2859 target_free_working_area(target
, erase_check_algorithm
);
2863 *blank
= buf_get_u32(reg_params
[2].value
, 0, 32);
2865 destroy_reg_param(®_params
[0]);
2866 destroy_reg_param(®_params
[1]);
2867 destroy_reg_param(®_params
[2]);
2869 target_free_working_area(target
, erase_check_algorithm
);
2874 COMMAND_HANDLER(handle_arm7_9_write_xpsr_command
)
2879 target_t
*target
= get_current_target(cmd_ctx
);
2880 armv4_5_common_t
*armv4_5
;
2881 struct arm7_9_common
*arm7_9
;
2883 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
2885 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
2889 if (target
->state
!= TARGET_HALTED
)
2891 command_print(cmd_ctx
, "can't write registers while running");
2897 command_print(cmd_ctx
, "usage: write_xpsr <value> <not cpsr | spsr>");
2901 COMMAND_PARSE_NUMBER(u32
, args
[0], value
);
2902 COMMAND_PARSE_NUMBER(int, args
[1], spsr
);
2904 /* if we're writing the CPSR, mask the T bit */
2908 arm7_9
->write_xpsr(target
, value
, spsr
);
2909 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2911 LOG_ERROR("JTAG error while writing to xpsr");
2918 COMMAND_HANDLER(handle_arm7_9_write_xpsr_im8_command
)
2924 target_t
*target
= get_current_target(cmd_ctx
);
2925 armv4_5_common_t
*armv4_5
;
2926 struct arm7_9_common
*arm7_9
;
2928 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
2930 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
2934 if (target
->state
!= TARGET_HALTED
)
2936 command_print(cmd_ctx
, "can't write registers while running");
2942 command_print(cmd_ctx
, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2946 COMMAND_PARSE_NUMBER(u32
, args
[0], value
);
2947 COMMAND_PARSE_NUMBER(int, args
[1], rotate
);
2948 COMMAND_PARSE_NUMBER(int, args
[2], spsr
);
2950 arm7_9
->write_xpsr_im8(target
, value
, rotate
, spsr
);
2951 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2953 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2960 COMMAND_HANDLER(handle_arm7_9_write_core_reg_command
)
2965 target_t
*target
= get_current_target(cmd_ctx
);
2966 armv4_5_common_t
*armv4_5
;
2967 struct arm7_9_common
*arm7_9
;
2969 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
2971 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
2975 if (target
->state
!= TARGET_HALTED
)
2977 command_print(cmd_ctx
, "can't write registers while running");
2983 command_print(cmd_ctx
, "usage: write_core_reg <num> <mode> <value>");
2987 COMMAND_PARSE_NUMBER(int, args
[0], num
);
2988 COMMAND_PARSE_NUMBER(u32
, args
[1], mode
);
2989 COMMAND_PARSE_NUMBER(u32
, args
[2], value
);
2991 return arm7_9_write_core_reg(target
, num
, mode
, value
);
2994 COMMAND_HANDLER(handle_arm7_9_dbgrq_command
)
2996 target_t
*target
= get_current_target(cmd_ctx
);
2997 armv4_5_common_t
*armv4_5
;
2998 struct arm7_9_common
*arm7_9
;
3000 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
3002 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
3008 if (strcmp("enable", args
[0]) == 0)
3010 arm7_9
->use_dbgrq
= 1;
3012 else if (strcmp("disable", args
[0]) == 0)
3014 arm7_9
->use_dbgrq
= 0;
3018 command_print(cmd_ctx
, "usage: arm7_9 dbgrq <enable | disable>");
3022 command_print(cmd_ctx
, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9
->use_dbgrq
) ? "enabled" : "disabled");
3027 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command
)
3029 target_t
*target
= get_current_target(cmd_ctx
);
3030 armv4_5_common_t
*armv4_5
;
3031 struct arm7_9_common
*arm7_9
;
3033 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
3035 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
3041 if (strcmp("enable", args
[0]) == 0)
3043 arm7_9
->fast_memory_access
= 1;
3045 else if (strcmp("disable", args
[0]) == 0)
3047 arm7_9
->fast_memory_access
= 0;
3051 command_print(cmd_ctx
, "usage: arm7_9 fast_memory_access <enable | disable>");
3055 command_print(cmd_ctx
, "fast memory access is %s", (arm7_9
->fast_memory_access
) ? "enabled" : "disabled");
3060 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command
)
3062 target_t
*target
= get_current_target(cmd_ctx
);
3063 armv4_5_common_t
*armv4_5
;
3064 struct arm7_9_common
*arm7_9
;
3066 if (arm7_9_get_arch_pointers(target
, &armv4_5
, &arm7_9
) != ERROR_OK
)
3068 command_print(cmd_ctx
, "current target isn't an ARM7/ARM9 target");
3074 if (strcmp("enable", args
[0]) == 0)
3076 arm7_9
->dcc_downloads
= 1;
3078 else if (strcmp("disable", args
[0]) == 0)
3080 arm7_9
->dcc_downloads
= 0;
3084 command_print(cmd_ctx
, "usage: arm7_9 dcc_downloads <enable | disable>");
3088 command_print(cmd_ctx
, "dcc downloads are %s", (arm7_9
->dcc_downloads
) ? "enabled" : "disabled");
3093 int arm7_9_init_arch_info(target_t
*target
, struct arm7_9_common
*arm7_9
)
3095 int retval
= ERROR_OK
;
3096 armv4_5_common_t
*armv4_5
= &arm7_9
->armv4_5_common
;
3098 arm7_9
->common_magic
= ARM7_9_COMMON_MAGIC
;
3100 if ((retval
= arm_jtag_setup_connection(&arm7_9
->jtag_info
)) != ERROR_OK
)
3103 /* caller must have allocated via calloc(), so everything's zeroed */
3105 arm7_9
->wp_available_max
= 2;
3107 arm7_9
->fast_memory_access
= fast_and_dangerous
;
3108 arm7_9
->dcc_downloads
= fast_and_dangerous
;
3110 armv4_5
->arch_info
= arm7_9
;
3111 armv4_5
->read_core_reg
= arm7_9_read_core_reg
;
3112 armv4_5
->write_core_reg
= arm7_9_write_core_reg
;
3113 armv4_5
->full_context
= arm7_9_full_context
;
3115 if ((retval
= armv4_5_init_arch_info(target
, armv4_5
)) != ERROR_OK
)
3118 return target_register_timer_callback(arm7_9_handle_target_request
,
3122 int arm7_9_register_commands(struct command_context_s
*cmd_ctx
)
3124 command_t
*arm7_9_cmd
;
3126 arm7_9_cmd
= register_command(cmd_ctx
, NULL
, "arm7_9",
3127 NULL
, COMMAND_ANY
, "arm7/9 specific commands");
3129 register_command(cmd_ctx
, arm7_9_cmd
, "write_xpsr",
3130 handle_arm7_9_write_xpsr_command
, COMMAND_EXEC
,
3131 "write program status register <value> <not cpsr | spsr>");
3132 register_command(cmd_ctx
, arm7_9_cmd
, "write_xpsr_im8",
3133 handle_arm7_9_write_xpsr_im8_command
, COMMAND_EXEC
,
3134 "write program status register "
3135 "<8bit immediate> <rotate> <not cpsr | spsr>");
3137 register_command(cmd_ctx
, arm7_9_cmd
, "write_core_reg",
3138 handle_arm7_9_write_core_reg_command
, COMMAND_EXEC
,
3139 "write core register <num> <mode> <value>");
3141 register_command(cmd_ctx
, arm7_9_cmd
, "dbgrq",
3142 handle_arm7_9_dbgrq_command
, COMMAND_ANY
,
3143 "use EmbeddedICE dbgrq instead of breakpoint "
3144 "for target halt requests <enable | disable>");
3145 register_command(cmd_ctx
, arm7_9_cmd
, "fast_memory_access",
3146 handle_arm7_9_fast_memory_access_command
, COMMAND_ANY
,
3147 "use fast memory accesses instead of slower "
3148 "but potentially safer accesses <enable | disable>");
3149 register_command(cmd_ctx
, arm7_9_cmd
, "dcc_downloads",
3150 handle_arm7_9_dcc_downloads_command
, COMMAND_ANY
,
3151 "use DCC downloads for larger memory writes <enable | disable>");
3153 armv4_5_register_commands(cmd_ctx
);
3155 etm_register_commands(cmd_ctx
);
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)