1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
33 #include "breakpoints.h"
34 #include "embeddedice.h"
35 #include "target_request.h"
37 #include <helper/time_support.h>
38 #include "arm_simulator.h"
39 #include "arm_semihosting.h"
40 #include "algorithm.h"
47 * Hold common code supporting the ARM7 and ARM9 core generations.
49 * While the ARM core implementations evolved substantially during these
50 * two generations, they look quite similar from the JTAG perspective.
51 * Both have similar debug facilities, based on the same two scan chains
52 * providing access to the core and to an EmbeddedICE module. Both can
53 * support similar ETM and ETB modules, for tracing. And both expose
54 * what could be viewed as "ARM Classic", with multiple processor modes,
55 * shadowed registers, and support for the Thumb instruction set.
57 * Processor differences include things like presence or absence of MMU
58 * and cache, pipeline sizes, use of a modified Harvard Architecure
59 * (with separate instruction and data busses from the CPU), support
60 * for cpu clock gating during idle, and more.
63 static int arm7_9_debug_entry(struct target
*target
);
66 * Clear watchpoints for an ARM7/9 target.
68 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
69 * @return JTAG error status after executing queue
71 static int arm7_9_clear_watchpoints(struct arm7_9_common
*arm7_9
)
74 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
75 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
76 arm7_9
->sw_breakpoint_count
= 0;
77 arm7_9
->sw_breakpoints_added
= 0;
79 arm7_9
->wp1_used
= arm7_9
->wp1_used_default
;
80 arm7_9
->wp_available
= arm7_9
->wp_available_max
;
82 return jtag_execute_queue();
86 * Assign a watchpoint to one of the two available hardware comparators in an
87 * ARM7 or ARM9 target.
89 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
90 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
92 static void arm7_9_assign_wp(struct arm7_9_common
*arm7_9
, struct breakpoint
*breakpoint
)
94 if (!arm7_9
->wp0_used
)
98 arm7_9
->wp_available
--;
100 else if (!arm7_9
->wp1_used
)
102 arm7_9
->wp1_used
= 1;
104 arm7_9
->wp_available
--;
108 LOG_ERROR("BUG: no hardware comparator available");
110 LOG_DEBUG("BPID: %d (0x%08" PRIx32
") using hw wp: %d",
111 breakpoint
->unique_id
,
117 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
119 * @param arm7_9 Pointer to common struct for ARM7/9 targets
120 * @return Error codes if there is a problem finding a watchpoint or the result
121 * of executing the JTAG queue
123 static int arm7_9_set_software_breakpoints(struct arm7_9_common
*arm7_9
)
125 if (arm7_9
->sw_breakpoints_added
)
129 if (arm7_9
->wp_available
< 1)
131 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
132 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
134 arm7_9
->wp_available
--;
136 /* pick a breakpoint unit */
137 if (!arm7_9
->wp0_used
)
139 arm7_9
->sw_breakpoints_added
= 1;
140 arm7_9
->wp0_used
= 3;
141 } else if (!arm7_9
->wp1_used
)
143 arm7_9
->sw_breakpoints_added
= 2;
144 arm7_9
->wp1_used
= 3;
148 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
152 if (arm7_9
->sw_breakpoints_added
== 1)
154 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], arm7_9
->arm_bkpt
);
155 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0x0);
156 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffffu
);
157 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
158 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
160 else if (arm7_9
->sw_breakpoints_added
== 2)
162 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], arm7_9
->arm_bkpt
);
163 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0x0);
164 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0xffffffffu
);
165 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
166 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
170 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
173 LOG_DEBUG("SW BP using hw wp: %d",
174 arm7_9
->sw_breakpoints_added
);
176 return jtag_execute_queue();
180 * Setup the common pieces for an ARM7/9 target after reset or on startup.
182 * @param target Pointer to an ARM7/9 target to setup
183 * @return Result of clearing the watchpoints on the target
185 int arm7_9_setup(struct target
*target
)
187 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
189 return arm7_9_clear_watchpoints(arm7_9
);
193 * Set either a hardware or software breakpoint on an ARM7/9 target. The
194 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
195 * might have erased the values in Embedded ICE.
197 * @param target Pointer to the target device to set the breakpoints on
198 * @param breakpoint Pointer to the breakpoint to be set
199 * @return For hardware breakpoints, this is the result of executing the JTAG
200 * queue. For software breakpoints, this will be the status of the
201 * required memory reads and writes
203 int arm7_9_set_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
205 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
206 int retval
= ERROR_OK
;
208 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32
", Type: %d" ,
209 breakpoint
->unique_id
,
213 if (target
->state
!= TARGET_HALTED
)
215 LOG_WARNING("target not halted");
216 return ERROR_TARGET_NOT_HALTED
;
219 if (breakpoint
->type
== BKPT_HARD
)
221 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
222 uint32_t mask
= (breakpoint
->length
== 4) ? 0x3u
: 0x1u
;
224 /* reassign a hw breakpoint */
225 if (breakpoint
->set
== 0)
227 arm7_9_assign_wp(arm7_9
, breakpoint
);
230 if (breakpoint
->set
== 1)
232 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], breakpoint
->address
);
233 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
234 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffffu
);
235 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
236 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
238 else if (breakpoint
->set
== 2)
240 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], breakpoint
->address
);
241 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
242 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffffu
);
243 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
244 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
248 LOG_ERROR("BUG: no hardware comparator available");
252 retval
= jtag_execute_queue();
254 else if (breakpoint
->type
== BKPT_SOFT
)
256 /* did we already set this breakpoint? */
260 if (breakpoint
->length
== 4)
262 uint32_t verify
= 0xffffffff;
263 /* keep the original instruction in target endianness */
264 if ((retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
268 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
269 if ((retval
= target_write_u32(target
, breakpoint
->address
, arm7_9
->arm_bkpt
)) != ERROR_OK
)
274 if ((retval
= target_read_u32(target
, breakpoint
->address
, &verify
)) != ERROR_OK
)
278 if (verify
!= arm7_9
->arm_bkpt
)
280 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32
" - check that memory is read/writable", breakpoint
->address
);
286 uint16_t verify
= 0xffff;
287 /* keep the original instruction in target endianness */
288 if ((retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
292 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
293 if ((retval
= target_write_u16(target
, breakpoint
->address
, arm7_9
->thumb_bkpt
)) != ERROR_OK
)
298 if ((retval
= target_read_u16(target
, breakpoint
->address
, &verify
)) != ERROR_OK
)
302 if (verify
!= arm7_9
->thumb_bkpt
)
304 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32
" - check that memory is read/writable", breakpoint
->address
);
309 if ((retval
= arm7_9_set_software_breakpoints(arm7_9
)) != ERROR_OK
)
312 arm7_9
->sw_breakpoint_count
++;
321 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
322 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
323 * will be updated. Otherwise, the software breakpoint will be restored to its
324 * original instruction if it hasn't already been modified.
326 * @param target Pointer to ARM7/9 target to unset the breakpoint from
327 * @param breakpoint Pointer to breakpoint to be unset
328 * @return For hardware breakpoints, this is the result of executing the JTAG
329 * queue. For software breakpoints, this will be the status of the
330 * required memory reads and writes
332 int arm7_9_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
334 int retval
= ERROR_OK
;
335 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
337 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32
,
338 breakpoint
->unique_id
,
339 breakpoint
->address
);
341 if (!breakpoint
->set
)
343 LOG_WARNING("breakpoint not set");
347 if (breakpoint
->type
== BKPT_HARD
)
349 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
350 breakpoint
->unique_id
,
352 if (breakpoint
->set
== 1)
354 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
355 arm7_9
->wp0_used
= 0;
356 arm7_9
->wp_available
++;
358 else if (breakpoint
->set
== 2)
360 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
361 arm7_9
->wp1_used
= 0;
362 arm7_9
->wp_available
++;
364 retval
= jtag_execute_queue();
369 /* restore original instruction (kept in target endianness) */
370 if (breakpoint
->length
== 4)
372 uint32_t current_instr
;
373 /* check that user program as not modified breakpoint instruction */
374 if ((retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, (uint8_t*)¤t_instr
)) != ERROR_OK
)
378 if (current_instr
== arm7_9
->arm_bkpt
)
379 if ((retval
= target_write_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
386 uint16_t current_instr
;
387 /* check that user program as not modified breakpoint instruction */
388 if ((retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, (uint8_t*)¤t_instr
)) != ERROR_OK
)
392 if (current_instr
== arm7_9
->thumb_bkpt
)
393 if ((retval
= target_write_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
399 if (--arm7_9
->sw_breakpoint_count
==0)
401 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
402 if (arm7_9
->sw_breakpoints_added
== 1)
404 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0);
406 else if (arm7_9
->sw_breakpoints_added
== 2)
408 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0);
419 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
420 * dangling breakpoints and that the desired breakpoint can be added.
422 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
423 * @param breakpoint Pointer to the breakpoint to be added
424 * @return An error status if there is a problem adding the breakpoint or the
425 * result of setting the breakpoint
427 int arm7_9_add_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
429 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
431 if (arm7_9
->breakpoint_count
== 0)
433 /* make sure we don't have any dangling breakpoints. This is vital upon
434 * GDB connect/disconnect
436 arm7_9_clear_watchpoints(arm7_9
);
439 if ((breakpoint
->type
== BKPT_HARD
) && (arm7_9
->wp_available
< 1))
441 LOG_INFO("no watchpoint unit available for hardware breakpoint");
442 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
445 if ((breakpoint
->length
!= 2) && (breakpoint
->length
!= 4))
447 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
448 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
451 if (breakpoint
->type
== BKPT_HARD
)
453 arm7_9_assign_wp(arm7_9
, breakpoint
);
456 arm7_9
->breakpoint_count
++;
458 return arm7_9_set_breakpoint(target
, breakpoint
);
462 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
463 * dangling breakpoints and updates available watchpoints if it is a hardware
466 * @param target Pointer to the target to have a breakpoint removed
467 * @param breakpoint Pointer to the breakpoint to be removed
468 * @return Error status if there was a problem unsetting the breakpoint or the
469 * watchpoints could not be cleared
471 int arm7_9_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
473 int retval
= ERROR_OK
;
474 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
476 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
481 if (breakpoint
->type
== BKPT_HARD
)
482 arm7_9
->wp_available
++;
484 arm7_9
->breakpoint_count
--;
485 if (arm7_9
->breakpoint_count
== 0)
487 /* make sure we don't have any dangling breakpoints */
488 if ((retval
= arm7_9_clear_watchpoints(arm7_9
)) != ERROR_OK
)
498 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
499 * considered a bug to call this function when there are no available watchpoint
502 * @param target Pointer to an ARM7/9 target to set a watchpoint on
503 * @param watchpoint Pointer to the watchpoint to be set
504 * @return Error status if watchpoint set fails or the result of executing the
507 int arm7_9_set_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
509 int retval
= ERROR_OK
;
510 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
514 mask
= watchpoint
->length
- 1;
516 if (target
->state
!= TARGET_HALTED
)
518 LOG_WARNING("target not halted");
519 return ERROR_TARGET_NOT_HALTED
;
522 if (watchpoint
->rw
== WPT_ACCESS
)
527 if (!arm7_9
->wp0_used
)
529 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], watchpoint
->address
);
530 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
531 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], watchpoint
->mask
);
532 if (watchpoint
->mask
!= 0xffffffffu
)
533 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], watchpoint
->value
);
534 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
535 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
537 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
542 arm7_9
->wp0_used
= 2;
544 else if (!arm7_9
->wp1_used
)
546 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], watchpoint
->address
);
547 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
548 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], watchpoint
->mask
);
549 if (watchpoint
->mask
!= 0xffffffffu
)
550 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], watchpoint
->value
);
551 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
552 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
554 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
559 arm7_9
->wp1_used
= 2;
563 LOG_ERROR("BUG: no hardware comparator available");
571 * Unset an existing watchpoint and clear the used watchpoint unit.
573 * @param target Pointer to the target to have the watchpoint removed
574 * @param watchpoint Pointer to the watchpoint to be removed
575 * @return Error status while trying to unset the watchpoint or the result of
576 * executing the JTAG queue
578 int arm7_9_unset_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
580 int retval
= ERROR_OK
;
581 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
583 if (target
->state
!= TARGET_HALTED
)
585 LOG_WARNING("target not halted");
586 return ERROR_TARGET_NOT_HALTED
;
589 if (!watchpoint
->set
)
591 LOG_WARNING("breakpoint not set");
595 if (watchpoint
->set
== 1)
597 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
598 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
602 arm7_9
->wp0_used
= 0;
604 else if (watchpoint
->set
== 2)
606 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
607 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
611 arm7_9
->wp1_used
= 0;
619 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
620 * available, an error response is returned.
622 * @param target Pointer to the ARM7/9 target to add a watchpoint to
623 * @param watchpoint Pointer to the watchpoint to be added
624 * @return Error status while trying to add the watchpoint
626 int arm7_9_add_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
628 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
630 if (arm7_9
->wp_available
< 1)
632 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
635 if ((watchpoint
->length
!= 1) && (watchpoint
->length
!= 2) && (watchpoint
->length
!= 4))
637 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
640 arm7_9
->wp_available
--;
646 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
647 * the used watchpoint unit will be reopened.
649 * @param target Pointer to the target to remove a watchpoint from
650 * @param watchpoint Pointer to the watchpoint to be removed
651 * @return Result of trying to unset the watchpoint
653 int arm7_9_remove_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
655 int retval
= ERROR_OK
;
656 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
660 if ((retval
= arm7_9_unset_watchpoint(target
, watchpoint
)) != ERROR_OK
)
666 arm7_9
->wp_available
++;
672 * Restarts the target by sending a RESTART instruction and moving the JTAG
673 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
674 * asserted by the processor.
676 * @param target Pointer to target to issue commands to
677 * @return Error status if there is a timeout or a problem while executing the
680 int arm7_9_execute_sys_speed(struct target
*target
)
683 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
684 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
685 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
687 /* set RESTART instruction */
688 jtag_set_end_state(TAP_IDLE
);
689 if (arm7_9
->need_bypass_before_restart
) {
690 arm7_9
->need_bypass_before_restart
= 0;
691 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
693 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
695 long long then
= timeval_ms();
697 while (!(timeout
= ((timeval_ms()-then
) > 1000)))
699 /* read debug status register */
700 embeddedice_read_reg(dbg_stat
);
701 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
703 if ((buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
704 && (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_SYSCOMP
, 1)))
706 if (debug_level
>= 3)
716 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32
"", buf_get_u32(dbg_stat
->value
, 0, dbg_stat
->size
));
717 return ERROR_TARGET_TIMEOUT
;
724 * Restarts the target by sending a RESTART instruction and moving the JTAG
725 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
726 * waiting until they are.
728 * @param target Pointer to the target to issue commands to
729 * @return Always ERROR_OK
731 int arm7_9_execute_fast_sys_speed(struct target
*target
)
734 static uint8_t check_value
[4], check_mask
[4];
736 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
737 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
738 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
740 /* set RESTART instruction */
741 jtag_set_end_state(TAP_IDLE
);
742 if (arm7_9
->need_bypass_before_restart
) {
743 arm7_9
->need_bypass_before_restart
= 0;
744 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
746 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
750 /* check for DBGACK and SYSCOMP set (others don't care) */
752 /* NB! These are constants that must be available until after next jtag_execute() and
753 * we evaluate the values upon first execution in lieu of setting up these constants
754 * during early setup.
756 buf_set_u32(check_value
, 0, 32, 0x9);
757 buf_set_u32(check_mask
, 0, 32, 0x9);
761 /* read debug status register */
762 embeddedice_read_reg_w_check(dbg_stat
, check_value
, check_mask
);
768 * Get some data from the ARM7/9 target.
770 * @param target Pointer to the ARM7/9 target to read data from
771 * @param size The number of 32bit words to be read
772 * @param buffer Pointer to the buffer that will hold the data
773 * @return The result of receiving data from the Embedded ICE unit
775 int arm7_9_target_request_data(struct target
*target
, uint32_t size
, uint8_t *buffer
)
777 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
778 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
780 int retval
= ERROR_OK
;
783 data
= malloc(size
* (sizeof(uint32_t)));
785 retval
= embeddedice_receive(jtag_info
, data
, size
);
787 /* return the 32-bit ints in the 8-bit array */
788 for (i
= 0; i
< size
; i
++)
790 h_u32_to_le(buffer
+ (i
* 4), data
[i
]);
799 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
800 * target is running and the DCC control register has the W bit high, this will
801 * execute the request on the target.
803 * @param priv Void pointer expected to be a struct target pointer
804 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
805 * from the Embedded ICE unit
807 int arm7_9_handle_target_request(void *priv
)
809 int retval
= ERROR_OK
;
810 struct target
*target
= priv
;
811 if (!target_was_examined(target
))
813 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
814 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
815 struct reg
*dcc_control
= &arm7_9
->eice_cache
->reg_list
[EICE_COMMS_CTRL
];
817 if (!target
->dbg_msg_enabled
)
820 if (target
->state
== TARGET_RUNNING
)
822 /* read DCC control register */
823 embeddedice_read_reg(dcc_control
);
824 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
830 if (buf_get_u32(dcc_control
->value
, 1, 1) == 1)
834 if ((retval
= embeddedice_receive(jtag_info
, &request
, 1)) != ERROR_OK
)
838 if ((retval
= target_request(target
, request
)) != ERROR_OK
)
849 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
850 * is manipulated to the right halted state based on its current state. This is
854 * <tr><th > State</th><th > Action</th></tr>
855 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
856 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
857 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
858 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
861 * If the target does not end up in the halted state, a warning is produced. If
862 * DBGACK is cleared, then the target is expected to either be running or
865 * @param target Pointer to the ARM7/9 target to poll
866 * @return ERROR_OK or an error status if a command fails
868 int arm7_9_poll(struct target
*target
)
871 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
872 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
874 /* read debug status register */
875 embeddedice_read_reg(dbg_stat
);
876 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
881 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
883 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
884 if (target
->state
== TARGET_UNKNOWN
)
886 /* Starting OpenOCD with target in debug-halt */
887 target
->state
= TARGET_RUNNING
;
888 LOG_DEBUG("DBGACK already set during server startup.");
890 if ((target
->state
== TARGET_RUNNING
) || (target
->state
== TARGET_RESET
))
892 target
->state
= TARGET_HALTED
;
894 if ((retval
= arm7_9_debug_entry(target
)) != ERROR_OK
)
897 if (arm_semihosting(target
, &retval
) != 0)
900 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
905 if (target
->state
== TARGET_DEBUG_RUNNING
)
907 target
->state
= TARGET_HALTED
;
908 if ((retval
= arm7_9_debug_entry(target
)) != ERROR_OK
)
911 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
)) != ERROR_OK
)
916 if (target
->state
!= TARGET_HALTED
)
918 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target
->state
);
923 if (target
->state
!= TARGET_DEBUG_RUNNING
)
924 target
->state
= TARGET_RUNNING
;
931 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
932 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
933 * affected) completely stop the JTAG clock while the core is held in reset
934 * (SRST). It isn't possible to program the halt condition once reset is
935 * asserted, hence a hook that allows the target to set up its reset-halt
936 * condition is setup prior to asserting reset.
938 * @param target Pointer to an ARM7/9 target to assert reset on
939 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
941 int arm7_9_assert_reset(struct target
*target
)
943 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
945 LOG_DEBUG("target->state: %s",
946 target_state_name(target
));
948 enum reset_types jtag_reset_config
= jtag_get_reset_config();
949 if (!(jtag_reset_config
& RESET_HAS_SRST
))
951 LOG_ERROR("Can't assert SRST");
955 /* At this point trst has been asserted/deasserted once. We would
956 * like to program EmbeddedICE while SRST is asserted, instead of
957 * depending on SRST to leave that module alone. However, many CPUs
958 * gate the JTAG clock while SRST is asserted; or JTAG may need
959 * clock stability guarantees (adaptive clocking might help).
961 * So we assume JTAG access during SRST is off the menu unless it's
962 * been specifically enabled.
964 bool srst_asserted
= false;
966 if (((jtag_reset_config
& RESET_SRST_PULLS_TRST
) == 0)
967 && (jtag_reset_config
& RESET_SRST_NO_GATING
))
969 jtag_add_reset(0, 1);
970 srst_asserted
= true;
973 if (target
->reset_halt
)
976 * Some targets do not support communication while SRST is asserted. We need to
977 * set up the reset vector catch here.
979 * If TRST is asserted, then these settings will be reset anyway, so setting them
982 if (arm7_9
->has_vector_catch
)
984 /* program vector catch register to catch reset vector */
985 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
], 0x1);
987 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
988 jtag_add_runtest(1, jtag_get_end_state());
992 /* program watchpoint unit to match on reset vector address */
993 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], 0x0);
994 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0x3);
995 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
996 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
997 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1001 /* here we should issue an SRST only, but we may have to assert TRST as well */
1002 if (jtag_reset_config
& RESET_SRST_PULLS_TRST
)
1004 jtag_add_reset(1, 1);
1005 } else if (!srst_asserted
)
1007 jtag_add_reset(0, 1);
1010 target
->state
= TARGET_RESET
;
1011 jtag_add_sleep(50000);
1013 register_cache_invalidate(arm7_9
->armv4_5_common
.core_cache
);
1015 if ((target
->reset_halt
) && ((jtag_reset_config
& RESET_SRST_PULLS_TRST
) == 0))
1017 /* debug entry was already prepared in arm7_9_assert_reset() */
1018 target
->debug_reason
= DBG_REASON_DBGRQ
;
1025 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1026 * and the target is being reset into a halt, a warning will be triggered
1027 * because it is not possible to reset into a halted mode in this case. The
1028 * target is halted using the target's functions.
1030 * @param target Pointer to the target to have the reset deasserted
1031 * @return ERROR_OK or an error from polling or halting the target
1033 int arm7_9_deassert_reset(struct target
*target
)
1035 int retval
= ERROR_OK
;
1036 LOG_DEBUG("target->state: %s",
1037 target_state_name(target
));
1039 /* deassert reset lines */
1040 jtag_add_reset(0, 0);
1042 enum reset_types jtag_reset_config
= jtag_get_reset_config();
1043 if (target
->reset_halt
&& (jtag_reset_config
& RESET_SRST_PULLS_TRST
) != 0)
1045 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1046 /* set up embedded ice registers again */
1047 if ((retval
= target_examine_one(target
)) != ERROR_OK
)
1050 if ((retval
= target_poll(target
)) != ERROR_OK
)
1055 if ((retval
= target_halt(target
)) != ERROR_OK
)
1065 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1066 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1067 * vector catch was used, it is restored. Otherwise, the control value is
1068 * restored and the watchpoint unit is restored if it was in use.
1070 * @param target Pointer to the ARM7/9 target to have halt cleared
1071 * @return Always ERROR_OK
1073 int arm7_9_clear_halt(struct target
*target
)
1075 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1076 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1078 /* we used DBGRQ only if we didn't come out of reset */
1079 if (!arm7_9
->debug_entry_from_reset
&& arm7_9
->use_dbgrq
)
1081 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1083 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1084 embeddedice_store_reg(dbg_ctrl
);
1088 if (arm7_9
->debug_entry_from_reset
&& arm7_9
->has_vector_catch
)
1090 /* if we came out of reset, and vector catch is supported, we used
1091 * vector catch to enter debug state
1092 * restore the register in that case
1094 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
]);
1098 /* restore registers if watchpoint unit 0 was in use
1100 if (arm7_9
->wp0_used
)
1102 if (arm7_9
->debug_entry_from_reset
)
1104 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
]);
1106 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1107 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1108 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1110 /* control value always has to be restored, as it was either disabled,
1111 * or enabled with possibly different bits
1113 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1121 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1122 * and then there is a wait until the processor shows the halt. This wait can
1123 * timeout and results in an error being returned. The software reset involves
1124 * clearing the halt, updating the debug control register, changing to ARM mode,
1125 * reset of the program counter, and reset of all of the registers.
1127 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1128 * @return Error status if any of the commands fail, otherwise ERROR_OK
1130 int arm7_9_soft_reset_halt(struct target
*target
)
1132 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1133 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1134 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1135 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1139 /* FIX!!! replace some of this code with tcl commands
1141 * halt # the halt command is synchronous
1142 * armv4_5 core_state arm
1146 if ((retval
= target_halt(target
)) != ERROR_OK
)
1149 long long then
= timeval_ms();
1151 while (!(timeout
= ((timeval_ms()-then
) > 1000)))
1153 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) != 0)
1155 embeddedice_read_reg(dbg_stat
);
1156 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1158 if (debug_level
>= 3)
1168 LOG_ERROR("Failed to halt CPU after 1 sec");
1169 return ERROR_TARGET_TIMEOUT
;
1171 target
->state
= TARGET_HALTED
;
1173 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1174 * ensure that DBGRQ is cleared
1176 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1177 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1178 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1179 embeddedice_store_reg(dbg_ctrl
);
1181 if ((retval
= arm7_9_clear_halt(target
)) != ERROR_OK
)
1186 /* if the target is in Thumb state, change to ARM state */
1187 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1))
1189 uint32_t r0_thumb
, pc_thumb
;
1190 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1191 /* Entered debug from Thumb mode */
1192 armv4_5
->core_state
= ARM_STATE_THUMB
;
1193 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1196 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1198 /* all register content is now invalid */
1199 register_cache_invalidate(armv4_5
->core_cache
);
1201 /* SVC, ARM state, IRQ and FIQ disabled */
1204 cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 32);
1207 arm_set_cpsr(armv4_5
, cpsr
);
1208 armv4_5
->cpsr
->dirty
= 1;
1210 /* start fetching from 0x0 */
1211 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, 0x0);
1212 armv4_5
->core_cache
->reg_list
[15].dirty
= 1;
1213 armv4_5
->core_cache
->reg_list
[15].valid
= 1;
1215 /* reset registers */
1216 for (i
= 0; i
<= 14; i
++)
1218 struct reg
*r
= arm_reg_current(armv4_5
, i
);
1220 buf_set_u32(r
->value
, 0, 32, 0xffffffff);
1225 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
1234 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1235 * line or by programming a watchpoint to trigger on any address. It is
1236 * considered a bug to call this function while the target is in the
1237 * TARGET_RESET state.
1239 * @param target Pointer to the ARM7/9 target to be halted
1240 * @return Always ERROR_OK
1242 int arm7_9_halt(struct target
*target
)
1244 if (target
->state
== TARGET_RESET
)
1246 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1250 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1251 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1253 LOG_DEBUG("target->state: %s",
1254 target_state_name(target
));
1256 if (target
->state
== TARGET_HALTED
)
1258 LOG_DEBUG("target was already halted");
1262 if (target
->state
== TARGET_UNKNOWN
)
1264 LOG_WARNING("target was in unknown state when halt was requested");
1267 if (arm7_9
->use_dbgrq
)
1269 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1271 if (arm7_9
->set_special_dbgrq
) {
1272 arm7_9
->set_special_dbgrq(target
);
1274 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 1);
1275 embeddedice_store_reg(dbg_ctrl
);
1280 /* program watchpoint unit to match on any address
1282 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1283 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1284 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1285 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1288 target
->debug_reason
= DBG_REASON_DBGRQ
;
1294 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1295 * ARM. The JTAG queue is then executed and the reason for debug entry is
1296 * examined. Once done, the target is verified to be halted and the processor
1297 * is forced into ARM mode. The core registers are saved for the current core
1298 * mode and the program counter (register 15) is updated as needed. The core
1299 * registers and CPSR and SPSR are saved for restoration later.
1301 * @param target Pointer to target that is entering debug mode
1302 * @return Error code if anything fails, otherwise ERROR_OK
1304 static int arm7_9_debug_entry(struct target
*target
)
1307 uint32_t context
[16];
1308 uint32_t* context_p
[16];
1309 uint32_t r0_thumb
, pc_thumb
;
1310 uint32_t cpsr
, cpsr_mask
= 0;
1312 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1313 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1314 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1315 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1317 #ifdef _DEBUG_ARM7_9_
1321 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1322 * ensure that DBGRQ is cleared
1324 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1325 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1326 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1327 embeddedice_store_reg(dbg_ctrl
);
1329 if ((retval
= arm7_9_clear_halt(target
)) != ERROR_OK
)
1334 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1339 if ((retval
= arm7_9
->examine_debug_reason(target
)) != ERROR_OK
)
1343 if (target
->state
!= TARGET_HALTED
)
1345 LOG_WARNING("target not halted");
1346 return ERROR_TARGET_NOT_HALTED
;
1349 /* if the target is in Thumb state, change to ARM state */
1350 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1))
1352 LOG_DEBUG("target entered debug from Thumb state");
1353 /* Entered debug from Thumb mode */
1354 armv4_5
->core_state
= ARM_STATE_THUMB
;
1356 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1357 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1358 ", pc_thumb: 0x%8.8" PRIx32
, r0_thumb
, pc_thumb
);
1359 } else if (buf_get_u32(dbg_stat
->value
, 5, 1)) {
1360 /* \todo Get some vaguely correct handling of Jazelle, if
1361 * anyone ever uses it and full info becomes available.
1362 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1363 * B.7.3 for the reverse. That'd be the bare minimum...
1365 LOG_DEBUG("target entered debug from Jazelle state");
1366 armv4_5
->core_state
= ARM_STATE_JAZELLE
;
1367 cpsr_mask
= 1 << 24;
1368 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1370 LOG_DEBUG("target entered debug from ARM state");
1371 /* Entered debug from ARM mode */
1372 armv4_5
->core_state
= ARM_STATE_ARM
;
1375 for (i
= 0; i
< 16; i
++)
1376 context_p
[i
] = &context
[i
];
1377 /* save core registers (r0 - r15 of current core mode) */
1378 arm7_9
->read_core_regs(target
, 0xffff, context_p
);
1380 arm7_9
->read_xpsr(target
, &cpsr
, 0);
1382 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1385 /* Sync our CPSR copy with J or T bits EICE reported, but
1386 * which we then erased by putting the core into ARM mode.
1388 arm_set_cpsr(armv4_5
, cpsr
| cpsr_mask
);
1390 if (!is_arm_mode(armv4_5
->core_mode
))
1392 target
->state
= TARGET_UNKNOWN
;
1393 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1394 return ERROR_TARGET_FAILURE
;
1397 LOG_DEBUG("target entered debug state in %s mode",
1398 arm_mode_name(armv4_5
->core_mode
));
1400 if (armv4_5
->core_state
== ARM_STATE_THUMB
)
1402 LOG_DEBUG("thumb state, applying fixups");
1403 context
[0] = r0_thumb
;
1404 context
[15] = pc_thumb
;
1405 } else if (armv4_5
->core_state
== ARM_STATE_ARM
)
1407 /* adjust value stored by STM */
1408 context
[15] -= 3 * 4;
1411 if ((target
->debug_reason
!= DBG_REASON_DBGRQ
) || (!arm7_9
->use_dbgrq
))
1412 context
[15] -= 3 * ((armv4_5
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1414 context
[15] -= arm7_9
->dbgreq_adjust_pc
* ((armv4_5
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1416 for (i
= 0; i
<= 15; i
++)
1418 struct reg
*r
= arm_reg_current(armv4_5
, i
);
1420 LOG_DEBUG("r%i: 0x%8.8" PRIx32
"", i
, context
[i
]);
1422 buf_set_u32(r
->value
, 0, 32, context
[i
]);
1423 /* r0 and r15 (pc) have to be restored later */
1424 r
->dirty
= (i
== 0) || (i
== 15);
1428 LOG_DEBUG("entered debug state at PC 0x%" PRIx32
"", context
[15]);
1430 /* exceptions other than USR & SYS have a saved program status register */
1431 if (armv4_5
->spsr
) {
1433 arm7_9
->read_xpsr(target
, &spsr
, 1);
1434 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1438 buf_set_u32(armv4_5
->spsr
->value
, 0, 32, spsr
);
1439 armv4_5
->spsr
->dirty
= 0;
1440 armv4_5
->spsr
->valid
= 1;
1443 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1446 if (arm7_9
->post_debug_entry
)
1447 arm7_9
->post_debug_entry(target
);
1453 * Validate the full context for an ARM7/9 target in all processor modes. If
1454 * there are any invalid registers for the target, they will all be read. This
1457 * @param target Pointer to the ARM7/9 target to capture the full context from
1458 * @return Error if the target is not halted, has an invalid core mode, or if
1459 * the JTAG queue fails to execute
1461 int arm7_9_full_context(struct target
*target
)
1465 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1466 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1470 if (target
->state
!= TARGET_HALTED
)
1472 LOG_WARNING("target not halted");
1473 return ERROR_TARGET_NOT_HALTED
;
1476 if (!is_arm_mode(armv4_5
->core_mode
))
1479 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1480 * SYS shares registers with User, so we don't touch SYS
1482 for (i
= 0; i
< 6; i
++)
1485 uint32_t* reg_p
[16];
1489 /* check if there are invalid registers in the current mode
1491 for (j
= 0; j
<= 16; j
++)
1493 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1501 /* change processor mode (and mask T bit) */
1502 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
1504 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1506 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1508 for (j
= 0; j
< 15; j
++)
1510 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1512 reg_p
[j
] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).value
;
1514 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
= 1;
1515 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).dirty
= 0;
1519 /* if only the PSR is invalid, mask is all zeroes */
1521 arm7_9
->read_core_regs(target
, mask
, reg_p
);
1523 /* check if the PSR has to be read */
1524 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).valid
== 0)
1526 arm7_9
->read_xpsr(target
, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).value
, 1);
1527 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).valid
= 1;
1528 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).dirty
= 0;
1533 /* restore processor mode (mask T bit) */
1534 arm7_9
->write_xpsr_im8(target
,
1535 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & ~0x20,
1538 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1546 * Restore the processor context on an ARM7/9 target. The full processor
1547 * context is analyzed to see if any of the registers are dirty on this end, but
1548 * have a valid new value. If this is the case, the processor is changed to the
1549 * appropriate mode and the new register values are written out to the
1550 * processor. If there happens to be a dirty register with an invalid value, an
1551 * error will be logged.
1553 * @param target Pointer to the ARM7/9 target to have its context restored
1554 * @return Error status if the target is not halted or the core mode in the
1555 * armv4_5 struct is invalid.
1557 int arm7_9_restore_context(struct target
*target
)
1559 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1560 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1562 struct arm_reg
*reg_arch_info
;
1563 enum arm_mode current_mode
= armv4_5
->core_mode
;
1570 if (target
->state
!= TARGET_HALTED
)
1572 LOG_WARNING("target not halted");
1573 return ERROR_TARGET_NOT_HALTED
;
1576 if (arm7_9
->pre_restore_context
)
1577 arm7_9
->pre_restore_context(target
);
1579 if (!is_arm_mode(armv4_5
->core_mode
))
1582 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1583 * SYS shares registers with User, so we don't touch SYS
1585 for (i
= 0; i
< 6; i
++)
1587 LOG_DEBUG("examining %s mode",
1588 arm_mode_name(armv4_5
->core_mode
));
1591 /* check if there are dirty registers in the current mode
1593 for (j
= 0; j
<= 16; j
++)
1595 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
);
1596 reg_arch_info
= reg
->arch_info
;
1597 if (reg
->dirty
== 1)
1599 if (reg
->valid
== 1)
1602 LOG_DEBUG("examining dirty reg: %s", reg
->name
);
1603 if ((reg_arch_info
->mode
!= ARM_MODE_ANY
)
1604 && (reg_arch_info
->mode
!= current_mode
)
1605 && !((reg_arch_info
->mode
== ARM_MODE_USR
) && (armv4_5
->core_mode
== ARM_MODE_SYS
))
1606 && !((reg_arch_info
->mode
== ARM_MODE_SYS
) && (armv4_5
->core_mode
== ARM_MODE_USR
)))
1609 LOG_DEBUG("require mode change");
1614 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg
->name
);
1621 uint32_t mask
= 0x0;
1629 /* change processor mode (mask T bit) */
1630 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
,
1632 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1634 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1635 current_mode
= armv4_5_number_to_mode(i
);
1638 for (j
= 0; j
<= 14; j
++)
1640 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
);
1641 reg_arch_info
= reg
->arch_info
;
1644 if (reg
->dirty
== 1)
1646 regs
[j
] = buf_get_u32(reg
->value
, 0, 32);
1651 LOG_DEBUG("writing register %i mode %s "
1652 "with value 0x%8.8" PRIx32
, j
,
1653 arm_mode_name(armv4_5
->core_mode
),
1660 arm7_9
->write_core_regs(target
, mask
, regs
);
1663 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16);
1664 reg_arch_info
= reg
->arch_info
;
1665 if ((reg
->dirty
) && (reg_arch_info
->mode
!= ARM_MODE_ANY
))
1667 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32
"", i
, buf_get_u32(reg
->value
, 0, 32));
1668 arm7_9
->write_xpsr(target
, buf_get_u32(reg
->value
, 0, 32), 1);
1673 if (!armv4_5
->cpsr
->dirty
&& (armv4_5
->core_mode
!= current_mode
))
1675 /* restore processor mode (mask T bit) */
1678 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & 0xE0;
1679 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1681 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr
));
1682 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1684 else if (armv4_5
->cpsr
->dirty
)
1686 /* CPSR has been changed, full restore necessary (mask T bit) */
1687 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32
,
1688 buf_get_u32(armv4_5
->cpsr
->value
, 0, 32));
1689 arm7_9
->write_xpsr(target
,
1690 buf_get_u32(armv4_5
->cpsr
->value
, 0, 32)
1692 armv4_5
->cpsr
->dirty
= 0;
1693 armv4_5
->cpsr
->valid
= 1;
1697 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32
"", buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1698 arm7_9
->write_pc(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1699 armv4_5
->core_cache
->reg_list
[15].dirty
= 0;
1701 if (arm7_9
->post_restore_context
)
1702 arm7_9
->post_restore_context(target
);
1708 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1709 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1712 * @param target Pointer to the ARM7/9 target to be restarted
1713 * @return Result of executing the JTAG queue
1715 int arm7_9_restart_core(struct target
*target
)
1717 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1718 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
1720 /* set RESTART instruction */
1721 jtag_set_end_state(TAP_IDLE
);
1722 if (arm7_9
->need_bypass_before_restart
) {
1723 arm7_9
->need_bypass_before_restart
= 0;
1724 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
1726 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
1728 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE
));
1729 return jtag_execute_queue();
1733 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1734 * iterated through and are set on the target if they aren't already set.
1736 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1738 void arm7_9_enable_watchpoints(struct target
*target
)
1740 struct watchpoint
*watchpoint
= target
->watchpoints
;
1744 if (watchpoint
->set
== 0)
1745 arm7_9_set_watchpoint(target
, watchpoint
);
1746 watchpoint
= watchpoint
->next
;
1751 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1752 * iterated through and are set on the target.
1754 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1756 void arm7_9_enable_breakpoints(struct target
*target
)
1758 struct breakpoint
*breakpoint
= target
->breakpoints
;
1760 /* set any pending breakpoints */
1763 arm7_9_set_breakpoint(target
, breakpoint
);
1764 breakpoint
= breakpoint
->next
;
1768 int arm7_9_resume(struct target
*target
, int current
, uint32_t address
, int handle_breakpoints
, int debug_execution
)
1770 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1771 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1772 struct breakpoint
*breakpoint
= target
->breakpoints
;
1773 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1774 int err
, retval
= ERROR_OK
;
1778 if (target
->state
!= TARGET_HALTED
)
1780 LOG_WARNING("target not halted");
1781 return ERROR_TARGET_NOT_HALTED
;
1784 if (!debug_execution
)
1786 target_free_all_working_areas(target
);
1789 /* current = 1: continue on current pc, otherwise continue at <address> */
1791 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, address
);
1793 uint32_t current_pc
;
1794 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
1796 /* the front-end may request us not to handle breakpoints */
1797 if (handle_breakpoints
)
1799 if ((breakpoint
= breakpoint_find(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32))))
1801 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32
" (id: %d)", breakpoint
->address
, breakpoint
->unique_id
);
1802 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1807 /* calculate PC of next instruction */
1809 if ((retval
= arm_simulate_step(target
, &next_pc
)) != ERROR_OK
)
1811 uint32_t current_opcode
;
1812 target_read_u32(target
, current_pc
, ¤t_opcode
);
1813 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"", current_opcode
);
1817 LOG_DEBUG("enable single-step");
1818 arm7_9
->enable_single_step(target
, next_pc
);
1820 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1822 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
1827 if (armv4_5
->core_state
== ARM_STATE_ARM
)
1828 arm7_9
->branch_resume(target
);
1829 else if (armv4_5
->core_state
== ARM_STATE_THUMB
)
1831 arm7_9
->branch_resume_thumb(target
);
1835 LOG_ERROR("unhandled core state");
1839 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1840 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1841 err
= arm7_9_execute_sys_speed(target
);
1843 LOG_DEBUG("disable single-step");
1844 arm7_9
->disable_single_step(target
);
1846 if (err
!= ERROR_OK
)
1848 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1852 target
->state
= TARGET_UNKNOWN
;
1856 arm7_9_debug_entry(target
);
1857 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32
"", buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1859 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32
"", breakpoint
->address
);
1860 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1867 /* enable any pending breakpoints and watchpoints */
1868 arm7_9_enable_breakpoints(target
);
1869 arm7_9_enable_watchpoints(target
);
1871 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
1876 if (armv4_5
->core_state
== ARM_STATE_ARM
)
1878 arm7_9
->branch_resume(target
);
1880 else if (armv4_5
->core_state
== ARM_STATE_THUMB
)
1882 arm7_9
->branch_resume_thumb(target
);
1886 LOG_ERROR("unhandled core state");
1890 /* deassert DBGACK and INTDIS */
1891 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1892 /* INTDIS only when we really resume, not during debug execution */
1893 if (!debug_execution
)
1894 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 0);
1895 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1897 if ((retval
= arm7_9_restart_core(target
)) != ERROR_OK
)
1902 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1904 if (!debug_execution
)
1906 /* registers are now invalid */
1907 register_cache_invalidate(armv4_5
->core_cache
);
1908 target
->state
= TARGET_RUNNING
;
1909 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
)) != ERROR_OK
)
1916 target
->state
= TARGET_DEBUG_RUNNING
;
1917 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
)) != ERROR_OK
)
1923 LOG_DEBUG("target resumed");
1928 void arm7_9_enable_eice_step(struct target
*target
, uint32_t next_pc
)
1930 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1931 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1932 uint32_t current_pc
;
1933 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
1935 if (next_pc
!= current_pc
)
1937 /* setup an inverse breakpoint on the current PC
1938 * - comparator 1 matches the current address
1939 * - rangeout from comparator 1 is connected to comparator 0 rangein
1940 * - comparator 0 matches any address, as long as rangein is low */
1941 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1942 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1943 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1944 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~(EICE_W_CTRL_RANGE
| EICE_W_CTRL_nOPC
) & 0xff);
1945 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], current_pc
);
1946 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1947 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1948 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
1949 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1953 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1954 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1955 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
1956 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff);
1957 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], next_pc
);
1958 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1959 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1960 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1961 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1965 void arm7_9_disable_eice_step(struct target
*target
)
1967 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1969 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1970 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1971 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1972 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1973 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
]);
1974 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
]);
1975 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
]);
1976 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
]);
1977 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
]);
1980 int arm7_9_step(struct target
*target
, int current
, uint32_t address
, int handle_breakpoints
)
1982 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1983 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1984 struct breakpoint
*breakpoint
= NULL
;
1987 if (target
->state
!= TARGET_HALTED
)
1989 LOG_WARNING("target not halted");
1990 return ERROR_TARGET_NOT_HALTED
;
1993 /* current = 1: continue on current pc, otherwise continue at <address> */
1995 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, address
);
1997 uint32_t current_pc
;
1998 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
2000 /* the front-end may request us not to handle breakpoints */
2001 if (handle_breakpoints
)
2002 if ((breakpoint
= breakpoint_find(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32))))
2003 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
2008 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
2010 /* calculate PC of next instruction */
2012 if ((retval
= arm_simulate_step(target
, &next_pc
)) != ERROR_OK
)
2014 uint32_t current_opcode
;
2015 target_read_u32(target
, current_pc
, ¤t_opcode
);
2016 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"", current_opcode
);
2020 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
2025 arm7_9
->enable_single_step(target
, next_pc
);
2027 if (armv4_5
->core_state
== ARM_STATE_ARM
)
2029 arm7_9
->branch_resume(target
);
2031 else if (armv4_5
->core_state
== ARM_STATE_THUMB
)
2033 arm7_9
->branch_resume_thumb(target
);
2037 LOG_ERROR("unhandled core state");
2041 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
)) != ERROR_OK
)
2046 err
= arm7_9_execute_sys_speed(target
);
2047 arm7_9
->disable_single_step(target
);
2049 /* registers are now invalid */
2050 register_cache_invalidate(armv4_5
->core_cache
);
2052 if (err
!= ERROR_OK
)
2054 target
->state
= TARGET_UNKNOWN
;
2056 arm7_9_debug_entry(target
);
2057 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
2061 LOG_DEBUG("target stepped");
2065 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
2073 static int arm7_9_read_core_reg(struct target
*target
, struct reg
*r
,
2074 int num
, enum arm_mode mode
)
2076 uint32_t* reg_p
[16];
2079 struct arm_reg
*areg
= r
->arch_info
;
2080 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2081 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2083 if (!is_arm_mode(armv4_5
->core_mode
))
2085 if ((num
< 0) || (num
> 16))
2086 return ERROR_INVALID_ARGUMENTS
;
2088 if ((mode
!= ARM_MODE_ANY
)
2089 && (mode
!= armv4_5
->core_mode
)
2090 && (areg
->mode
!= ARM_MODE_ANY
))
2094 /* change processor mode (mask T bit) */
2095 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & 0xE0;
2098 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2101 if ((num
>= 0) && (num
<= 15))
2103 /* read a normal core register */
2104 reg_p
[num
] = &value
;
2106 arm7_9
->read_core_regs(target
, 1 << num
, reg_p
);
2110 /* read a program status register
2111 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2113 arm7_9
->read_xpsr(target
, &value
, areg
->mode
!= ARM_MODE_ANY
);
2116 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2123 buf_set_u32(r
->value
, 0, 32, value
);
2125 if ((mode
!= ARM_MODE_ANY
)
2126 && (mode
!= armv4_5
->core_mode
)
2127 && (areg
->mode
!= ARM_MODE_ANY
)) {
2128 /* restore processor mode (mask T bit) */
2129 arm7_9
->write_xpsr_im8(target
,
2130 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2137 static int arm7_9_write_core_reg(struct target
*target
, struct reg
*r
,
2138 int num
, enum arm_mode mode
, uint32_t value
)
2141 struct arm_reg
*areg
= r
->arch_info
;
2142 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2143 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2145 if (!is_arm_mode(armv4_5
->core_mode
))
2147 if ((num
< 0) || (num
> 16))
2148 return ERROR_INVALID_ARGUMENTS
;
2150 if ((mode
!= ARM_MODE_ANY
)
2151 && (mode
!= armv4_5
->core_mode
)
2152 && (areg
->mode
!= ARM_MODE_ANY
)) {
2155 /* change processor mode (mask T bit) */
2156 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & 0xE0;
2159 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2162 if ((num
>= 0) && (num
<= 15))
2164 /* write a normal core register */
2167 arm7_9
->write_core_regs(target
, 1 << num
, reg
);
2171 /* write a program status register
2172 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2174 int spsr
= (areg
->mode
!= ARM_MODE_ANY
);
2176 /* if we're writing the CPSR, mask the T bit */
2180 arm7_9
->write_xpsr(target
, value
, spsr
);
2186 if ((mode
!= ARM_MODE_ANY
)
2187 && (mode
!= armv4_5
->core_mode
)
2188 && (areg
->mode
!= ARM_MODE_ANY
)) {
2189 /* restore processor mode (mask T bit) */
2190 arm7_9
->write_xpsr_im8(target
,
2191 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2195 return jtag_execute_queue();
2198 int arm7_9_read_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
2200 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2201 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2203 uint32_t num_accesses
= 0;
2204 int thisrun_accesses
;
2210 LOG_DEBUG("address: 0x%8.8" PRIx32
", size: 0x%8.8" PRIx32
", count: 0x%8.8" PRIx32
"", address
, size
, count
);
2212 if (target
->state
!= TARGET_HALTED
)
2214 LOG_WARNING("target not halted");
2215 return ERROR_TARGET_NOT_HALTED
;
2218 /* sanitize arguments */
2219 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2220 return ERROR_INVALID_ARGUMENTS
;
2222 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2223 return ERROR_TARGET_UNALIGNED_ACCESS
;
2225 /* load the base register with the address of the first word */
2227 arm7_9
->write_core_regs(target
, 0x1, reg
);
2234 while (num_accesses
< count
)
2237 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2238 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2240 if (last_reg
<= thisrun_accesses
)
2241 last_reg
= thisrun_accesses
;
2243 arm7_9
->load_word_regs(target
, reg_list
);
2245 /* fast memory reads are only safe when the target is running
2246 * from a sufficiently high clock (32 kHz is usually too slow)
2248 if (arm7_9
->fast_memory_access
)
2249 retval
= arm7_9_execute_fast_sys_speed(target
);
2251 retval
= arm7_9_execute_sys_speed(target
);
2252 if (retval
!= ERROR_OK
)
2255 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 4);
2257 /* advance buffer, count number of accesses */
2258 buffer
+= thisrun_accesses
* 4;
2259 num_accesses
+= thisrun_accesses
;
2261 if ((j
++%1024) == 0)
2268 while (num_accesses
< count
)
2271 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2272 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2274 for (i
= 1; i
<= thisrun_accesses
; i
++)
2278 arm7_9
->load_hword_reg(target
, i
);
2279 /* fast memory reads are only safe when the target is running
2280 * from a sufficiently high clock (32 kHz is usually too slow)
2282 if (arm7_9
->fast_memory_access
)
2283 retval
= arm7_9_execute_fast_sys_speed(target
);
2285 retval
= arm7_9_execute_sys_speed(target
);
2286 if (retval
!= ERROR_OK
)
2293 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 2);
2295 /* advance buffer, count number of accesses */
2296 buffer
+= thisrun_accesses
* 2;
2297 num_accesses
+= thisrun_accesses
;
2299 if ((j
++%1024) == 0)
2306 while (num_accesses
< count
)
2309 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2310 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2312 for (i
= 1; i
<= thisrun_accesses
; i
++)
2316 arm7_9
->load_byte_reg(target
, i
);
2317 /* fast memory reads are only safe when the target is running
2318 * from a sufficiently high clock (32 kHz is usually too slow)
2320 if (arm7_9
->fast_memory_access
)
2321 retval
= arm7_9_execute_fast_sys_speed(target
);
2323 retval
= arm7_9_execute_sys_speed(target
);
2324 if (retval
!= ERROR_OK
)
2330 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 1);
2332 /* advance buffer, count number of accesses */
2333 buffer
+= thisrun_accesses
* 1;
2334 num_accesses
+= thisrun_accesses
;
2336 if ((j
++%1024) == 0)
2344 if (!is_arm_mode(armv4_5
->core_mode
))
2347 for (i
= 0; i
<= last_reg
; i
++) {
2348 struct reg
*r
= arm_reg_current(armv4_5
, i
);
2350 r
->dirty
= r
->valid
;
2353 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2354 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2356 LOG_ERROR("JTAG error while reading cpsr");
2357 return ERROR_TARGET_DATA_ABORT
;
2360 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (armv4_5
->core_mode
!= ARM_MODE_ABT
))
2362 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")", address
, size
, count
);
2364 arm7_9
->write_xpsr_im8(target
,
2365 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2368 return ERROR_TARGET_DATA_ABORT
;
2374 int arm7_9_write_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
2376 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2377 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2378 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
2381 uint32_t num_accesses
= 0;
2382 int thisrun_accesses
;
2388 #ifdef _DEBUG_ARM7_9_
2389 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2392 if (target
->state
!= TARGET_HALTED
)
2394 LOG_WARNING("target not halted");
2395 return ERROR_TARGET_NOT_HALTED
;
2398 /* sanitize arguments */
2399 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2400 return ERROR_INVALID_ARGUMENTS
;
2402 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2403 return ERROR_TARGET_UNALIGNED_ACCESS
;
2405 /* load the base register with the address of the first word */
2407 arm7_9
->write_core_regs(target
, 0x1, reg
);
2409 /* Clear DBGACK, to make sure memory fetches work as expected */
2410 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
2411 embeddedice_store_reg(dbg_ctrl
);
2416 while (num_accesses
< count
)
2419 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2420 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2422 for (i
= 1; i
<= thisrun_accesses
; i
++)
2426 reg
[i
] = target_buffer_get_u32(target
, buffer
);
2430 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2432 arm7_9
->store_word_regs(target
, reg_list
);
2434 /* fast memory writes are only safe when the target is running
2435 * from a sufficiently high clock (32 kHz is usually too slow)
2437 if (arm7_9
->fast_memory_access
)
2438 retval
= arm7_9_execute_fast_sys_speed(target
);
2440 retval
= arm7_9_execute_sys_speed(target
);
2441 if (retval
!= ERROR_OK
)
2446 num_accesses
+= thisrun_accesses
;
2450 while (num_accesses
< count
)
2453 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2454 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2456 for (i
= 1; i
<= thisrun_accesses
; i
++)
2460 reg
[i
] = target_buffer_get_u16(target
, buffer
) & 0xffff;
2464 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2466 for (i
= 1; i
<= thisrun_accesses
; i
++)
2468 arm7_9
->store_hword_reg(target
, i
);
2470 /* fast memory writes are only safe when the target is running
2471 * from a sufficiently high clock (32 kHz is usually too slow)
2473 if (arm7_9
->fast_memory_access
)
2474 retval
= arm7_9_execute_fast_sys_speed(target
);
2476 retval
= arm7_9_execute_sys_speed(target
);
2477 if (retval
!= ERROR_OK
)
2483 num_accesses
+= thisrun_accesses
;
2487 while (num_accesses
< count
)
2490 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2491 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2493 for (i
= 1; i
<= thisrun_accesses
; i
++)
2497 reg
[i
] = *buffer
++ & 0xff;
2500 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2502 for (i
= 1; i
<= thisrun_accesses
; i
++)
2504 arm7_9
->store_byte_reg(target
, i
);
2505 /* fast memory writes are only safe when the target is running
2506 * from a sufficiently high clock (32 kHz is usually too slow)
2508 if (arm7_9
->fast_memory_access
)
2509 retval
= arm7_9_execute_fast_sys_speed(target
);
2511 retval
= arm7_9_execute_sys_speed(target
);
2512 if (retval
!= ERROR_OK
)
2519 num_accesses
+= thisrun_accesses
;
2525 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
2526 embeddedice_store_reg(dbg_ctrl
);
2528 if (!is_arm_mode(armv4_5
->core_mode
))
2531 for (i
= 0; i
<= last_reg
; i
++) {
2532 struct reg
*r
= arm_reg_current(armv4_5
, i
);
2534 r
->dirty
= r
->valid
;
2537 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2538 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2540 LOG_ERROR("JTAG error while reading cpsr");
2541 return ERROR_TARGET_DATA_ABORT
;
2544 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (armv4_5
->core_mode
!= ARM_MODE_ABT
))
2546 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")", address
, size
, count
);
2548 arm7_9
->write_xpsr_im8(target
,
2549 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2552 return ERROR_TARGET_DATA_ABORT
;
2558 static int dcc_count
;
2559 static uint8_t *dcc_buffer
;
2561 static int arm7_9_dcc_completion(struct target
*target
, uint32_t exit_point
, int timeout_ms
, void *arch_info
)
2563 int retval
= ERROR_OK
;
2564 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2566 if ((retval
= target_wait_state(target
, TARGET_DEBUG_RUNNING
, 500)) != ERROR_OK
)
2569 int little
= target
->endianness
== TARGET_LITTLE_ENDIAN
;
2570 int count
= dcc_count
;
2571 uint8_t *buffer
= dcc_buffer
;
2574 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2575 * core function repeated. */
2576 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2579 struct embeddedice_reg
*ice_reg
= arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
].arch_info
;
2580 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
2581 struct jtag_tap
*tap
;
2582 tap
= ice_reg
->jtag_info
->tap
;
2584 embeddedice_write_dcc(tap
, reg_addr
, buffer
, little
, count
-2);
2585 buffer
+= (count
-2)*4;
2587 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2591 for (i
= 0; i
< count
; i
++)
2593 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2598 if ((retval
= target_halt(target
))!= ERROR_OK
)
2602 return target_wait_state(target
, TARGET_HALTED
, 500);
2605 static const uint32_t dcc_code
[] =
2607 /* r0 == input, points to memory buffer
2611 /* spin until DCC control (c0) reports data arrived */
2612 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2613 0xe3110001, /* tst r1, #1 */
2614 0x0afffffc, /* bne w */
2616 /* read word from DCC (c1), write to memory */
2617 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2618 0xe4801004, /* str r1, [r0], #4 */
2621 0xeafffff9 /* b w */
2624 int arm7_9_bulk_write_memory(struct target
*target
, uint32_t address
, uint32_t count
, uint8_t *buffer
)
2627 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2630 if (!arm7_9
->dcc_downloads
)
2631 return target_write_memory(target
, address
, 4, count
, buffer
);
2633 /* regrab previously allocated working_area, or allocate a new one */
2634 if (!arm7_9
->dcc_working_area
)
2636 uint8_t dcc_code_buf
[6 * 4];
2638 /* make sure we have a working area */
2639 if (target_alloc_working_area(target
, 24, &arm7_9
->dcc_working_area
) != ERROR_OK
)
2641 LOG_INFO("no working area available, falling back to memory writes");
2642 return target_write_memory(target
, address
, 4, count
, buffer
);
2645 /* copy target instructions to target endianness */
2646 for (i
= 0; i
< 6; i
++)
2648 target_buffer_set_u32(target
, dcc_code_buf
+ i
*4, dcc_code
[i
]);
2651 /* write DCC code to working area */
2652 if ((retval
= target_write_memory(target
, arm7_9
->dcc_working_area
->address
, 4, 6, dcc_code_buf
)) != ERROR_OK
)
2658 struct arm_algorithm armv4_5_info
;
2659 struct reg_param reg_params
[1];
2661 armv4_5_info
.common_magic
= ARM_COMMON_MAGIC
;
2662 armv4_5_info
.core_mode
= ARM_MODE_SVC
;
2663 armv4_5_info
.core_state
= ARM_STATE_ARM
;
2665 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2667 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2670 dcc_buffer
= buffer
;
2671 retval
= armv4_5_run_algorithm_inner(target
, 0, NULL
, 1, reg_params
,
2672 arm7_9
->dcc_working_area
->address
,
2673 arm7_9
->dcc_working_area
->address
+ 6*4,
2674 20*1000, &armv4_5_info
, arm7_9_dcc_completion
);
2676 if (retval
== ERROR_OK
)
2678 uint32_t endaddress
= buf_get_u32(reg_params
[0].value
, 0, 32);
2679 if (endaddress
!= (address
+ count
*4))
2681 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32
" got 0x%0" PRIx32
"", (address
+ count
*4), endaddress
);
2682 retval
= ERROR_FAIL
;
2686 destroy_reg_param(®_params
[0]);
2692 * Perform per-target setup that requires JTAG access.
2694 int arm7_9_examine(struct target
*target
)
2696 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2699 if (!target_was_examined(target
)) {
2700 struct reg_cache
*t
, **cache_p
;
2702 t
= embeddedice_build_reg_cache(target
, arm7_9
);
2706 cache_p
= register_get_last_cache_p(&target
->reg_cache
);
2708 arm7_9
->eice_cache
= (*cache_p
);
2710 if (arm7_9
->armv4_5_common
.etm
)
2711 (*cache_p
)->next
= etm_build_reg_cache(target
,
2713 arm7_9
->armv4_5_common
.etm
);
2715 target_set_examined(target
);
2718 retval
= embeddedice_setup(target
);
2719 if (retval
== ERROR_OK
)
2720 retval
= arm7_9_setup(target
);
2721 if (retval
== ERROR_OK
&& arm7_9
->armv4_5_common
.etm
)
2722 retval
= etm_setup(target
);
2726 COMMAND_HANDLER(handle_arm7_9_dbgrq_command
)
2728 struct target
*target
= get_current_target(CMD_CTX
);
2729 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2731 if (!is_arm7_9(arm7_9
))
2733 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2734 return ERROR_TARGET_INVALID
;
2738 COMMAND_PARSE_ENABLE(CMD_ARGV
[0],arm7_9
->use_dbgrq
);
2740 command_print(CMD_CTX
, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9
->use_dbgrq
) ? "enabled" : "disabled");
2745 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command
)
2747 struct target
*target
= get_current_target(CMD_CTX
);
2748 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2750 if (!is_arm7_9(arm7_9
))
2752 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2753 return ERROR_TARGET_INVALID
;
2757 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->fast_memory_access
);
2759 command_print(CMD_CTX
, "fast memory access is %s", (arm7_9
->fast_memory_access
) ? "enabled" : "disabled");
2764 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command
)
2766 struct target
*target
= get_current_target(CMD_CTX
);
2767 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2769 if (!is_arm7_9(arm7_9
))
2771 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2772 return ERROR_TARGET_INVALID
;
2776 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->dcc_downloads
);
2778 command_print(CMD_CTX
, "dcc downloads are %s", (arm7_9
->dcc_downloads
) ? "enabled" : "disabled");
2783 COMMAND_HANDLER(handle_arm7_9_semihosting_command
)
2785 struct target
*target
= get_current_target(CMD_CTX
);
2786 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2788 if (!is_arm7_9(arm7_9
))
2790 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2791 return ERROR_TARGET_INVALID
;
2798 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], semihosting
);
2800 if (arm7_9
->has_vector_catch
) {
2801 struct reg
*vector_catch
= &arm7_9
->eice_cache
2802 ->reg_list
[EICE_VEC_CATCH
];
2804 if (!vector_catch
->valid
)
2805 embeddedice_read_reg(vector_catch
);
2806 buf_set_u32(vector_catch
->value
, 2, 1, semihosting
);
2807 embeddedice_store_reg(vector_catch
);
2809 /* TODO: allow optional high vectors and/or BKPT_HARD */
2811 breakpoint_add(target
, 8, 4, BKPT_SOFT
);
2813 breakpoint_remove(target
, 8);
2816 /* FIXME never let that "catch" be dropped! */
2817 arm7_9
->armv4_5_common
.is_semihosting
= semihosting
;
2821 command_print(CMD_CTX
, "semihosting is %s",
2822 arm7_9
->armv4_5_common
.is_semihosting
2823 ? "enabled" : "disabled");
2828 int arm7_9_init_arch_info(struct target
*target
, struct arm7_9_common
*arm7_9
)
2830 int retval
= ERROR_OK
;
2831 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2833 arm7_9
->common_magic
= ARM7_9_COMMON_MAGIC
;
2835 if ((retval
= arm_jtag_setup_connection(&arm7_9
->jtag_info
)) != ERROR_OK
)
2838 /* caller must have allocated via calloc(), so everything's zeroed */
2840 arm7_9
->wp_available_max
= 2;
2842 arm7_9
->fast_memory_access
= false;
2843 arm7_9
->dcc_downloads
= false;
2845 armv4_5
->arch_info
= arm7_9
;
2846 armv4_5
->read_core_reg
= arm7_9_read_core_reg
;
2847 armv4_5
->write_core_reg
= arm7_9_write_core_reg
;
2848 armv4_5
->full_context
= arm7_9_full_context
;
2850 retval
= arm_init_arch_info(target
, armv4_5
);
2851 if (retval
!= ERROR_OK
)
2854 return target_register_timer_callback(arm7_9_handle_target_request
,
2858 static const struct command_registration arm7_9_any_command_handlers
[] = {
2861 .handler
= &handle_arm7_9_dbgrq_command
,
2862 .mode
= COMMAND_ANY
,
2863 .usage
= "<enable|disable>",
2864 .help
= "use EmbeddedICE dbgrq instead of breakpoint "
2865 "for target halt requests",
2868 "fast_memory_access",
2869 .handler
= &handle_arm7_9_fast_memory_access_command
,
2870 .mode
= COMMAND_ANY
,
2871 .usage
= "<enable|disable>",
2872 .help
= "use fast memory accesses instead of slower "
2873 "but potentially safer accesses",
2877 .handler
= &handle_arm7_9_dcc_downloads_command
,
2878 .mode
= COMMAND_ANY
,
2879 .usage
= "<enable | disable>",
2880 .help
= "use DCC downloads for larger memory writes",
2884 .handler
= &handle_arm7_9_semihosting_command
,
2885 .mode
= COMMAND_EXEC
,
2886 .usage
= "<enable | disable>",
2887 .help
= "activate support for semihosting operations",
2889 COMMAND_REGISTRATION_DONE
2891 const struct command_registration arm7_9_command_handlers
[] = {
2893 .chain
= arm_command_handlers
,
2896 .chain
= etm_command_handlers
,
2900 .mode
= COMMAND_ANY
,
2901 .help
= "arm7/9 specific commands",
2902 .chain
= arm7_9_any_command_handlers
,
2904 COMMAND_REGISTRATION_DONE
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)