1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2008 by Hongtao Zheng *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
33 #include "breakpoints.h"
34 #include "embeddedice.h"
35 #include "target_request.h"
37 #include <helper/time_support.h>
38 #include "arm_simulator.h"
39 #include "arm_semihosting.h"
40 #include "algorithm.h"
46 * Hold common code supporting the ARM7 and ARM9 core generations.
48 * While the ARM core implementations evolved substantially during these
49 * two generations, they look quite similar from the JTAG perspective.
50 * Both have similar debug facilities, based on the same two scan chains
51 * providing access to the core and to an EmbeddedICE module. Both can
52 * support similar ETM and ETB modules, for tracing. And both expose
53 * what could be viewed as "ARM Classic", with multiple processor modes,
54 * shadowed registers, and support for the Thumb instruction set.
56 * Processor differences include things like presence or absence of MMU
57 * and cache, pipeline sizes, use of a modified Harvard Architecure
58 * (with separate instruction and data busses from the CPU), support
59 * for cpu clock gating during idle, and more.
62 static int arm7_9_debug_entry(struct target
*target
);
65 * Clear watchpoints for an ARM7/9 target.
67 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
68 * @return JTAG error status after executing queue
70 static int arm7_9_clear_watchpoints(struct arm7_9_common
*arm7_9
)
73 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
74 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
75 arm7_9
->sw_breakpoint_count
= 0;
76 arm7_9
->sw_breakpoints_added
= 0;
78 arm7_9
->wp1_used
= arm7_9
->wp1_used_default
;
79 arm7_9
->wp_available
= arm7_9
->wp_available_max
;
81 return jtag_execute_queue();
85 * Assign a watchpoint to one of the two available hardware comparators in an
86 * ARM7 or ARM9 target.
88 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
89 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
91 static void arm7_9_assign_wp(struct arm7_9_common
*arm7_9
, struct breakpoint
*breakpoint
)
93 if (!arm7_9
->wp0_used
)
97 arm7_9
->wp_available
--;
99 else if (!arm7_9
->wp1_used
)
101 arm7_9
->wp1_used
= 1;
103 arm7_9
->wp_available
--;
107 LOG_ERROR("BUG: no hardware comparator available");
109 LOG_DEBUG("BPID: %d (0x%08" PRIx32
") using hw wp: %d",
110 breakpoint
->unique_id
,
116 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
118 * @param arm7_9 Pointer to common struct for ARM7/9 targets
119 * @return Error codes if there is a problem finding a watchpoint or the result
120 * of executing the JTAG queue
122 static int arm7_9_set_software_breakpoints(struct arm7_9_common
*arm7_9
)
124 if (arm7_9
->sw_breakpoints_added
)
128 if (arm7_9
->wp_available
< 1)
130 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
131 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
133 arm7_9
->wp_available
--;
135 /* pick a breakpoint unit */
136 if (!arm7_9
->wp0_used
)
138 arm7_9
->sw_breakpoints_added
= 1;
139 arm7_9
->wp0_used
= 3;
140 } else if (!arm7_9
->wp1_used
)
142 arm7_9
->sw_breakpoints_added
= 2;
143 arm7_9
->wp1_used
= 3;
147 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
151 if (arm7_9
->sw_breakpoints_added
== 1)
153 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], arm7_9
->arm_bkpt
);
154 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0x0);
155 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffffu
);
156 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
157 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
159 else if (arm7_9
->sw_breakpoints_added
== 2)
161 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], arm7_9
->arm_bkpt
);
162 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0x0);
163 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0xffffffffu
);
164 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
165 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
169 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
172 LOG_DEBUG("SW BP using hw wp: %d",
173 arm7_9
->sw_breakpoints_added
);
175 return jtag_execute_queue();
179 * Setup the common pieces for an ARM7/9 target after reset or on startup.
181 * @param target Pointer to an ARM7/9 target to setup
182 * @return Result of clearing the watchpoints on the target
184 int arm7_9_setup(struct target
*target
)
186 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
188 return arm7_9_clear_watchpoints(arm7_9
);
192 * Set either a hardware or software breakpoint on an ARM7/9 target. The
193 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
194 * might have erased the values in Embedded ICE.
196 * @param target Pointer to the target device to set the breakpoints on
197 * @param breakpoint Pointer to the breakpoint to be set
198 * @return For hardware breakpoints, this is the result of executing the JTAG
199 * queue. For software breakpoints, this will be the status of the
200 * required memory reads and writes
202 int arm7_9_set_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
204 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
205 int retval
= ERROR_OK
;
207 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32
", Type: %d" ,
208 breakpoint
->unique_id
,
212 if (target
->state
!= TARGET_HALTED
)
214 LOG_WARNING("target not halted");
215 return ERROR_TARGET_NOT_HALTED
;
218 if (breakpoint
->type
== BKPT_HARD
)
220 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
221 uint32_t mask
= (breakpoint
->length
== 4) ? 0x3u
: 0x1u
;
223 /* reassign a hw breakpoint */
224 if (breakpoint
->set
== 0)
226 arm7_9_assign_wp(arm7_9
, breakpoint
);
229 if (breakpoint
->set
== 1)
231 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], breakpoint
->address
);
232 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
233 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffffu
);
234 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
235 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
237 else if (breakpoint
->set
== 2)
239 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], breakpoint
->address
);
240 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
241 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffffu
);
242 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
243 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
247 LOG_ERROR("BUG: no hardware comparator available");
251 retval
= jtag_execute_queue();
253 else if (breakpoint
->type
== BKPT_SOFT
)
255 /* did we already set this breakpoint? */
259 if (breakpoint
->length
== 4)
261 uint32_t verify
= 0xffffffff;
262 /* keep the original instruction in target endianness */
263 if ((retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
267 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
268 if ((retval
= target_write_u32(target
, breakpoint
->address
, arm7_9
->arm_bkpt
)) != ERROR_OK
)
273 if ((retval
= target_read_u32(target
, breakpoint
->address
, &verify
)) != ERROR_OK
)
277 if (verify
!= arm7_9
->arm_bkpt
)
279 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32
" - check that memory is read/writable", breakpoint
->address
);
285 uint16_t verify
= 0xffff;
286 /* keep the original instruction in target endianness */
287 if ((retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
291 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
292 if ((retval
= target_write_u16(target
, breakpoint
->address
, arm7_9
->thumb_bkpt
)) != ERROR_OK
)
297 if ((retval
= target_read_u16(target
, breakpoint
->address
, &verify
)) != ERROR_OK
)
301 if (verify
!= arm7_9
->thumb_bkpt
)
303 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32
" - check that memory is read/writable", breakpoint
->address
);
308 if ((retval
= arm7_9_set_software_breakpoints(arm7_9
)) != ERROR_OK
)
311 arm7_9
->sw_breakpoint_count
++;
320 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
321 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
322 * will be updated. Otherwise, the software breakpoint will be restored to its
323 * original instruction if it hasn't already been modified.
325 * @param target Pointer to ARM7/9 target to unset the breakpoint from
326 * @param breakpoint Pointer to breakpoint to be unset
327 * @return For hardware breakpoints, this is the result of executing the JTAG
328 * queue. For software breakpoints, this will be the status of the
329 * required memory reads and writes
331 int arm7_9_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
333 int retval
= ERROR_OK
;
334 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
336 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32
,
337 breakpoint
->unique_id
,
338 breakpoint
->address
);
340 if (!breakpoint
->set
)
342 LOG_WARNING("breakpoint not set");
346 if (breakpoint
->type
== BKPT_HARD
)
348 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
349 breakpoint
->unique_id
,
351 if (breakpoint
->set
== 1)
353 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
354 arm7_9
->wp0_used
= 0;
355 arm7_9
->wp_available
++;
357 else if (breakpoint
->set
== 2)
359 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
360 arm7_9
->wp1_used
= 0;
361 arm7_9
->wp_available
++;
363 retval
= jtag_execute_queue();
368 /* restore original instruction (kept in target endianness) */
369 if (breakpoint
->length
== 4)
371 uint32_t current_instr
;
372 /* check that user program as not modified breakpoint instruction */
373 if ((retval
= target_read_memory(target
, breakpoint
->address
, 4, 1, (uint8_t*)¤t_instr
)) != ERROR_OK
)
377 if (current_instr
== arm7_9
->arm_bkpt
)
378 if ((retval
= target_write_memory(target
, breakpoint
->address
, 4, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
385 uint16_t current_instr
;
386 /* check that user program as not modified breakpoint instruction */
387 if ((retval
= target_read_memory(target
, breakpoint
->address
, 2, 1, (uint8_t*)¤t_instr
)) != ERROR_OK
)
391 if (current_instr
== arm7_9
->thumb_bkpt
)
392 if ((retval
= target_write_memory(target
, breakpoint
->address
, 2, 1, breakpoint
->orig_instr
)) != ERROR_OK
)
398 if (--arm7_9
->sw_breakpoint_count
==0)
400 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
401 if (arm7_9
->sw_breakpoints_added
== 1)
403 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0);
405 else if (arm7_9
->sw_breakpoints_added
== 2)
407 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0);
418 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
419 * dangling breakpoints and that the desired breakpoint can be added.
421 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
422 * @param breakpoint Pointer to the breakpoint to be added
423 * @return An error status if there is a problem adding the breakpoint or the
424 * result of setting the breakpoint
426 int arm7_9_add_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
428 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
430 if (arm7_9
->breakpoint_count
== 0)
432 /* make sure we don't have any dangling breakpoints. This is vital upon
433 * GDB connect/disconnect
435 arm7_9_clear_watchpoints(arm7_9
);
438 if ((breakpoint
->type
== BKPT_HARD
) && (arm7_9
->wp_available
< 1))
440 LOG_INFO("no watchpoint unit available for hardware breakpoint");
441 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
444 if ((breakpoint
->length
!= 2) && (breakpoint
->length
!= 4))
446 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
447 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
450 if (breakpoint
->type
== BKPT_HARD
)
452 arm7_9_assign_wp(arm7_9
, breakpoint
);
455 arm7_9
->breakpoint_count
++;
457 return arm7_9_set_breakpoint(target
, breakpoint
);
461 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
462 * dangling breakpoints and updates available watchpoints if it is a hardware
465 * @param target Pointer to the target to have a breakpoint removed
466 * @param breakpoint Pointer to the breakpoint to be removed
467 * @return Error status if there was a problem unsetting the breakpoint or the
468 * watchpoints could not be cleared
470 int arm7_9_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
472 int retval
= ERROR_OK
;
473 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
475 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
480 if (breakpoint
->type
== BKPT_HARD
)
481 arm7_9
->wp_available
++;
483 arm7_9
->breakpoint_count
--;
484 if (arm7_9
->breakpoint_count
== 0)
486 /* make sure we don't have any dangling breakpoints */
487 if ((retval
= arm7_9_clear_watchpoints(arm7_9
)) != ERROR_OK
)
497 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
498 * considered a bug to call this function when there are no available watchpoint
501 * @param target Pointer to an ARM7/9 target to set a watchpoint on
502 * @param watchpoint Pointer to the watchpoint to be set
503 * @return Error status if watchpoint set fails or the result of executing the
506 int arm7_9_set_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
508 int retval
= ERROR_OK
;
509 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
513 mask
= watchpoint
->length
- 1;
515 if (target
->state
!= TARGET_HALTED
)
517 LOG_WARNING("target not halted");
518 return ERROR_TARGET_NOT_HALTED
;
521 if (watchpoint
->rw
== WPT_ACCESS
)
526 if (!arm7_9
->wp0_used
)
528 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], watchpoint
->address
);
529 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], mask
);
530 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], watchpoint
->mask
);
531 if (watchpoint
->mask
!= 0xffffffffu
)
532 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_VALUE
], watchpoint
->value
);
533 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
534 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
536 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
541 arm7_9
->wp0_used
= 2;
543 else if (!arm7_9
->wp1_used
)
545 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], watchpoint
->address
);
546 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], mask
);
547 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], watchpoint
->mask
);
548 if (watchpoint
->mask
!= 0xffffffffu
)
549 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_VALUE
], watchpoint
->value
);
550 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], 0xff & ~EICE_W_CTRL_nOPC
& ~rw_mask
);
551 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
| EICE_W_CTRL_nOPC
| (watchpoint
->rw
& 1));
553 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
558 arm7_9
->wp1_used
= 2;
562 LOG_ERROR("BUG: no hardware comparator available");
570 * Unset an existing watchpoint and clear the used watchpoint unit.
572 * @param target Pointer to the target to have the watchpoint removed
573 * @param watchpoint Pointer to the watchpoint to be removed
574 * @return Error status while trying to unset the watchpoint or the result of
575 * executing the JTAG queue
577 int arm7_9_unset_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
579 int retval
= ERROR_OK
;
580 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
582 if (target
->state
!= TARGET_HALTED
)
584 LOG_WARNING("target not halted");
585 return ERROR_TARGET_NOT_HALTED
;
588 if (!watchpoint
->set
)
590 LOG_WARNING("breakpoint not set");
594 if (watchpoint
->set
== 1)
596 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
597 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
601 arm7_9
->wp0_used
= 0;
603 else if (watchpoint
->set
== 2)
605 embeddedice_set_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
606 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
610 arm7_9
->wp1_used
= 0;
618 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
619 * available, an error response is returned.
621 * @param target Pointer to the ARM7/9 target to add a watchpoint to
622 * @param watchpoint Pointer to the watchpoint to be added
623 * @return Error status while trying to add the watchpoint
625 int arm7_9_add_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
627 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
629 if (arm7_9
->wp_available
< 1)
631 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
634 if ((watchpoint
->length
!= 1) && (watchpoint
->length
!= 2) && (watchpoint
->length
!= 4))
636 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
639 arm7_9
->wp_available
--;
645 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
646 * the used watchpoint unit will be reopened.
648 * @param target Pointer to the target to remove a watchpoint from
649 * @param watchpoint Pointer to the watchpoint to be removed
650 * @return Result of trying to unset the watchpoint
652 int arm7_9_remove_watchpoint(struct target
*target
, struct watchpoint
*watchpoint
)
654 int retval
= ERROR_OK
;
655 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
659 if ((retval
= arm7_9_unset_watchpoint(target
, watchpoint
)) != ERROR_OK
)
665 arm7_9
->wp_available
++;
671 * Restarts the target by sending a RESTART instruction and moving the JTAG
672 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
673 * asserted by the processor.
675 * @param target Pointer to target to issue commands to
676 * @return Error status if there is a timeout or a problem while executing the
679 int arm7_9_execute_sys_speed(struct target
*target
)
682 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
683 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
684 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
686 /* set RESTART instruction */
687 jtag_set_end_state(TAP_IDLE
);
688 if (arm7_9
->need_bypass_before_restart
) {
689 arm7_9
->need_bypass_before_restart
= 0;
690 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
692 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
694 long long then
= timeval_ms();
696 while (!(timeout
= ((timeval_ms()-then
) > 1000)))
698 /* read debug status register */
699 embeddedice_read_reg(dbg_stat
);
700 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
702 if ((buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
703 && (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_SYSCOMP
, 1)))
705 if (debug_level
>= 3)
715 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32
"", buf_get_u32(dbg_stat
->value
, 0, dbg_stat
->size
));
716 return ERROR_TARGET_TIMEOUT
;
723 * Restarts the target by sending a RESTART instruction and moving the JTAG
724 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
725 * waiting until they are.
727 * @param target Pointer to the target to issue commands to
728 * @return Always ERROR_OK
730 int arm7_9_execute_fast_sys_speed(struct target
*target
)
733 static uint8_t check_value
[4], check_mask
[4];
735 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
736 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
737 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
739 /* set RESTART instruction */
740 jtag_set_end_state(TAP_IDLE
);
741 if (arm7_9
->need_bypass_before_restart
) {
742 arm7_9
->need_bypass_before_restart
= 0;
743 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
745 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
749 /* check for DBGACK and SYSCOMP set (others don't care) */
751 /* NB! These are constants that must be available until after next jtag_execute() and
752 * we evaluate the values upon first execution in lieu of setting up these constants
753 * during early setup.
755 buf_set_u32(check_value
, 0, 32, 0x9);
756 buf_set_u32(check_mask
, 0, 32, 0x9);
760 /* read debug status register */
761 embeddedice_read_reg_w_check(dbg_stat
, check_value
, check_mask
);
767 * Get some data from the ARM7/9 target.
769 * @param target Pointer to the ARM7/9 target to read data from
770 * @param size The number of 32bit words to be read
771 * @param buffer Pointer to the buffer that will hold the data
772 * @return The result of receiving data from the Embedded ICE unit
774 int arm7_9_target_request_data(struct target
*target
, uint32_t size
, uint8_t *buffer
)
776 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
777 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
779 int retval
= ERROR_OK
;
782 data
= malloc(size
* (sizeof(uint32_t)));
784 retval
= embeddedice_receive(jtag_info
, data
, size
);
786 /* return the 32-bit ints in the 8-bit array */
787 for (i
= 0; i
< size
; i
++)
789 h_u32_to_le(buffer
+ (i
* 4), data
[i
]);
798 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
799 * target is running and the DCC control register has the W bit high, this will
800 * execute the request on the target.
802 * @param priv Void pointer expected to be a struct target pointer
803 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
804 * from the Embedded ICE unit
806 int arm7_9_handle_target_request(void *priv
)
808 int retval
= ERROR_OK
;
809 struct target
*target
= priv
;
810 if (!target_was_examined(target
))
812 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
813 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
814 struct reg
*dcc_control
= &arm7_9
->eice_cache
->reg_list
[EICE_COMMS_CTRL
];
816 if (!target
->dbg_msg_enabled
)
819 if (target
->state
== TARGET_RUNNING
)
821 /* read DCC control register */
822 embeddedice_read_reg(dcc_control
);
823 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
829 if (buf_get_u32(dcc_control
->value
, 1, 1) == 1)
833 if ((retval
= embeddedice_receive(jtag_info
, &request
, 1)) != ERROR_OK
)
837 if ((retval
= target_request(target
, request
)) != ERROR_OK
)
848 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
849 * is manipulated to the right halted state based on its current state. This is
853 * <tr><th > State</th><th > Action</th></tr>
854 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
855 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
856 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
857 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
860 * If the target does not end up in the halted state, a warning is produced. If
861 * DBGACK is cleared, then the target is expected to either be running or
864 * @param target Pointer to the ARM7/9 target to poll
865 * @return ERROR_OK or an error status if a command fails
867 int arm7_9_poll(struct target
*target
)
870 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
871 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
873 /* read debug status register */
874 embeddedice_read_reg(dbg_stat
);
875 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
880 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1))
882 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
883 if (target
->state
== TARGET_UNKNOWN
)
885 /* Starting OpenOCD with target in debug-halt */
886 target
->state
= TARGET_RUNNING
;
887 LOG_DEBUG("DBGACK already set during server startup.");
889 if ((target
->state
== TARGET_RUNNING
) || (target
->state
== TARGET_RESET
))
892 if (target
->state
== TARGET_RESET
)
894 if (target
->reset_halt
)
896 enum reset_types jtag_reset_config
= jtag_get_reset_config();
897 if ((jtag_reset_config
& RESET_SRST_PULLS_TRST
) == 0)
904 target
->state
= TARGET_HALTED
;
906 if ((retval
= arm7_9_debug_entry(target
)) != ERROR_OK
)
911 struct reg
*reg
= register_get_by_name(target
->reg_cache
, "pc", 1);
912 uint32_t t
=*((uint32_t *)reg
->value
);
915 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
919 if (arm_semihosting(target
, &retval
) != 0)
922 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
927 if (target
->state
== TARGET_DEBUG_RUNNING
)
929 target
->state
= TARGET_HALTED
;
930 if ((retval
= arm7_9_debug_entry(target
)) != ERROR_OK
)
933 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_HALTED
)) != ERROR_OK
)
938 if (target
->state
!= TARGET_HALTED
)
940 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target
->state
);
945 if (target
->state
!= TARGET_DEBUG_RUNNING
)
946 target
->state
= TARGET_RUNNING
;
953 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
954 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
955 * affected) completely stop the JTAG clock while the core is held in reset
956 * (SRST). It isn't possible to program the halt condition once reset is
957 * asserted, hence a hook that allows the target to set up its reset-halt
958 * condition is setup prior to asserting reset.
960 * @param target Pointer to an ARM7/9 target to assert reset on
961 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
963 int arm7_9_assert_reset(struct target
*target
)
965 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
967 LOG_DEBUG("target->state: %s",
968 target_state_name(target
));
970 enum reset_types jtag_reset_config
= jtag_get_reset_config();
971 if (!(jtag_reset_config
& RESET_HAS_SRST
))
973 LOG_ERROR("Can't assert SRST");
977 /* At this point trst has been asserted/deasserted once. We would
978 * like to program EmbeddedICE while SRST is asserted, instead of
979 * depending on SRST to leave that module alone. However, many CPUs
980 * gate the JTAG clock while SRST is asserted; or JTAG may need
981 * clock stability guarantees (adaptive clocking might help).
983 * So we assume JTAG access during SRST is off the menu unless it's
984 * been specifically enabled.
986 bool srst_asserted
= false;
988 if (((jtag_reset_config
& RESET_SRST_PULLS_TRST
) == 0)
989 && (jtag_reset_config
& RESET_SRST_NO_GATING
))
991 jtag_add_reset(0, 1);
992 srst_asserted
= true;
995 if (target
->reset_halt
)
998 * Some targets do not support communication while SRST is asserted. We need to
999 * set up the reset vector catch here.
1001 * If TRST is asserted, then these settings will be reset anyway, so setting them
1004 if (arm7_9
->has_vector_catch
)
1006 /* program vector catch register to catch reset vector */
1007 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
], 0x1);
1009 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1010 jtag_add_runtest(1, jtag_get_end_state());
1014 /* program watchpoint unit to match on reset vector address */
1015 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
], 0x0);
1016 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0x3);
1017 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1018 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1019 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1023 /* here we should issue an SRST only, but we may have to assert TRST as well */
1024 if (jtag_reset_config
& RESET_SRST_PULLS_TRST
)
1026 jtag_add_reset(1, 1);
1027 } else if (!srst_asserted
)
1029 jtag_add_reset(0, 1);
1032 target
->state
= TARGET_RESET
;
1033 jtag_add_sleep(50000);
1035 register_cache_invalidate(arm7_9
->armv4_5_common
.core_cache
);
1037 if ((target
->reset_halt
) && ((jtag_reset_config
& RESET_SRST_PULLS_TRST
) == 0))
1039 /* debug entry was already prepared in arm7_9_assert_reset() */
1040 target
->debug_reason
= DBG_REASON_DBGRQ
;
1047 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1048 * and the target is being reset into a halt, a warning will be triggered
1049 * because it is not possible to reset into a halted mode in this case. The
1050 * target is halted using the target's functions.
1052 * @param target Pointer to the target to have the reset deasserted
1053 * @return ERROR_OK or an error from polling or halting the target
1055 int arm7_9_deassert_reset(struct target
*target
)
1057 int retval
= ERROR_OK
;
1058 LOG_DEBUG("target->state: %s",
1059 target_state_name(target
));
1061 /* deassert reset lines */
1062 jtag_add_reset(0, 0);
1064 enum reset_types jtag_reset_config
= jtag_get_reset_config();
1065 if (target
->reset_halt
&& (jtag_reset_config
& RESET_SRST_PULLS_TRST
) != 0)
1067 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1068 /* set up embedded ice registers again */
1069 if ((retval
= target_examine_one(target
)) != ERROR_OK
)
1072 if ((retval
= target_poll(target
)) != ERROR_OK
)
1077 if ((retval
= target_halt(target
)) != ERROR_OK
)
1087 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1088 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1089 * vector catch was used, it is restored. Otherwise, the control value is
1090 * restored and the watchpoint unit is restored if it was in use.
1092 * @param target Pointer to the ARM7/9 target to have halt cleared
1093 * @return Always ERROR_OK
1095 int arm7_9_clear_halt(struct target
*target
)
1097 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1098 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1100 /* we used DBGRQ only if we didn't come out of reset */
1101 if (!arm7_9
->debug_entry_from_reset
&& arm7_9
->use_dbgrq
)
1103 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1105 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1106 embeddedice_store_reg(dbg_ctrl
);
1110 if (arm7_9
->debug_entry_from_reset
&& arm7_9
->has_vector_catch
)
1112 /* if we came out of reset, and vector catch is supported, we used
1113 * vector catch to enter debug state
1114 * restore the register in that case
1116 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_VEC_CATCH
]);
1120 /* restore registers if watchpoint unit 0 was in use
1122 if (arm7_9
->wp0_used
)
1124 if (arm7_9
->debug_entry_from_reset
)
1126 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_VALUE
]);
1128 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1129 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1130 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1132 /* control value always has to be restored, as it was either disabled,
1133 * or enabled with possibly different bits
1135 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1143 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1144 * and then there is a wait until the processor shows the halt. This wait can
1145 * timeout and results in an error being returned. The software reset involves
1146 * clearing the halt, updating the debug control register, changing to ARM mode,
1147 * reset of the program counter, and reset of all of the registers.
1149 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1150 * @return Error status if any of the commands fail, otherwise ERROR_OK
1152 int arm7_9_soft_reset_halt(struct target
*target
)
1154 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1155 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1156 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1157 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1161 /* FIX!!! replace some of this code with tcl commands
1163 * halt # the halt command is synchronous
1164 * armv4_5 core_state arm
1168 if ((retval
= target_halt(target
)) != ERROR_OK
)
1171 long long then
= timeval_ms();
1173 while (!(timeout
= ((timeval_ms()-then
) > 1000)))
1175 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) != 0)
1177 embeddedice_read_reg(dbg_stat
);
1178 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1180 if (debug_level
>= 3)
1190 LOG_ERROR("Failed to halt CPU after 1 sec");
1191 return ERROR_TARGET_TIMEOUT
;
1193 target
->state
= TARGET_HALTED
;
1195 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1196 * ensure that DBGRQ is cleared
1198 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1199 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1200 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1201 embeddedice_store_reg(dbg_ctrl
);
1203 if ((retval
= arm7_9_clear_halt(target
)) != ERROR_OK
)
1208 /* if the target is in Thumb state, change to ARM state */
1209 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1))
1211 uint32_t r0_thumb
, pc_thumb
;
1212 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1213 /* Entered debug from Thumb mode */
1214 armv4_5
->core_state
= ARM_STATE_THUMB
;
1215 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1218 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1220 /* all register content is now invalid */
1221 register_cache_invalidate(armv4_5
->core_cache
);
1223 /* SVC, ARM state, IRQ and FIQ disabled */
1226 cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 32);
1229 arm_set_cpsr(armv4_5
, cpsr
);
1230 armv4_5
->cpsr
->dirty
= 1;
1232 /* start fetching from 0x0 */
1233 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, 0x0);
1234 armv4_5
->core_cache
->reg_list
[15].dirty
= 1;
1235 armv4_5
->core_cache
->reg_list
[15].valid
= 1;
1237 /* reset registers */
1238 for (i
= 0; i
<= 14; i
++)
1240 struct reg
*r
= arm_reg_current(armv4_5
, i
);
1242 buf_set_u32(r
->value
, 0, 32, 0xffffffff);
1247 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
1256 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1257 * line or by programming a watchpoint to trigger on any address. It is
1258 * considered a bug to call this function while the target is in the
1259 * TARGET_RESET state.
1261 * @param target Pointer to the ARM7/9 target to be halted
1262 * @return Always ERROR_OK
1264 int arm7_9_halt(struct target
*target
)
1266 if (target
->state
== TARGET_RESET
)
1268 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1272 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1273 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1275 LOG_DEBUG("target->state: %s",
1276 target_state_name(target
));
1278 if (target
->state
== TARGET_HALTED
)
1280 LOG_DEBUG("target was already halted");
1284 if (target
->state
== TARGET_UNKNOWN
)
1286 LOG_WARNING("target was in unknown state when halt was requested");
1289 if (arm7_9
->use_dbgrq
)
1291 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1293 if (arm7_9
->set_special_dbgrq
) {
1294 arm7_9
->set_special_dbgrq(target
);
1296 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 1);
1297 embeddedice_store_reg(dbg_ctrl
);
1302 /* program watchpoint unit to match on any address
1304 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1305 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1306 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1307 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1310 target
->debug_reason
= DBG_REASON_DBGRQ
;
1316 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1317 * ARM. The JTAG queue is then executed and the reason for debug entry is
1318 * examined. Once done, the target is verified to be halted and the processor
1319 * is forced into ARM mode. The core registers are saved for the current core
1320 * mode and the program counter (register 15) is updated as needed. The core
1321 * registers and CPSR and SPSR are saved for restoration later.
1323 * @param target Pointer to target that is entering debug mode
1324 * @return Error code if anything fails, otherwise ERROR_OK
1326 static int arm7_9_debug_entry(struct target
*target
)
1329 uint32_t context
[16];
1330 uint32_t* context_p
[16];
1331 uint32_t r0_thumb
, pc_thumb
;
1332 uint32_t cpsr
, cpsr_mask
= 0;
1334 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1335 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1336 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
1337 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1339 #ifdef _DEBUG_ARM7_9_
1343 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1344 * ensure that DBGRQ is cleared
1346 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
1347 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGRQ
, 1, 0);
1348 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 1);
1349 embeddedice_store_reg(dbg_ctrl
);
1351 if ((retval
= arm7_9_clear_halt(target
)) != ERROR_OK
)
1356 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1361 if ((retval
= arm7_9
->examine_debug_reason(target
)) != ERROR_OK
)
1365 if (target
->state
!= TARGET_HALTED
)
1367 LOG_WARNING("target not halted");
1368 return ERROR_TARGET_NOT_HALTED
;
1371 /* if the target is in Thumb state, change to ARM state */
1372 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_ITBIT
, 1))
1374 LOG_DEBUG("target entered debug from Thumb state");
1375 /* Entered debug from Thumb mode */
1376 armv4_5
->core_state
= ARM_STATE_THUMB
;
1378 arm7_9
->change_to_arm(target
, &r0_thumb
, &pc_thumb
);
1379 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1380 ", pc_thumb: 0x%8.8" PRIx32
, r0_thumb
, pc_thumb
);
1381 } else if (buf_get_u32(dbg_stat
->value
, 5, 1)) {
1382 /* \todo Get some vaguely correct handling of Jazelle, if
1383 * anyone ever uses it and full info becomes available.
1384 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1385 * B.7.3 for the reverse. That'd be the bare minimum...
1387 LOG_DEBUG("target entered debug from Jazelle state");
1388 armv4_5
->core_state
= ARM_STATE_JAZELLE
;
1389 cpsr_mask
= 1 << 24;
1390 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1392 LOG_DEBUG("target entered debug from ARM state");
1393 /* Entered debug from ARM mode */
1394 armv4_5
->core_state
= ARM_STATE_ARM
;
1397 for (i
= 0; i
< 16; i
++)
1398 context_p
[i
] = &context
[i
];
1399 /* save core registers (r0 - r15 of current core mode) */
1400 arm7_9
->read_core_regs(target
, 0xffff, context_p
);
1402 arm7_9
->read_xpsr(target
, &cpsr
, 0);
1404 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1407 /* Sync our CPSR copy with J or T bits EICE reported, but
1408 * which we then erased by putting the core into ARM mode.
1410 arm_set_cpsr(armv4_5
, cpsr
| cpsr_mask
);
1412 if (!is_arm_mode(armv4_5
->core_mode
))
1414 target
->state
= TARGET_UNKNOWN
;
1415 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1416 return ERROR_TARGET_FAILURE
;
1419 LOG_DEBUG("target entered debug state in %s mode",
1420 arm_mode_name(armv4_5
->core_mode
));
1422 if (armv4_5
->core_state
== ARM_STATE_THUMB
)
1424 LOG_DEBUG("thumb state, applying fixups");
1425 context
[0] = r0_thumb
;
1426 context
[15] = pc_thumb
;
1427 } else if (armv4_5
->core_state
== ARM_STATE_ARM
)
1429 /* adjust value stored by STM */
1430 context
[15] -= 3 * 4;
1433 if ((target
->debug_reason
!= DBG_REASON_DBGRQ
) || (!arm7_9
->use_dbgrq
))
1434 context
[15] -= 3 * ((armv4_5
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1436 context
[15] -= arm7_9
->dbgreq_adjust_pc
* ((armv4_5
->core_state
== ARM_STATE_ARM
) ? 4 : 2);
1438 for (i
= 0; i
<= 15; i
++)
1440 struct reg
*r
= arm_reg_current(armv4_5
, i
);
1442 LOG_DEBUG("r%i: 0x%8.8" PRIx32
"", i
, context
[i
]);
1444 buf_set_u32(r
->value
, 0, 32, context
[i
]);
1445 /* r0 and r15 (pc) have to be restored later */
1446 r
->dirty
= (i
== 0) || (i
== 15);
1450 LOG_DEBUG("entered debug state at PC 0x%" PRIx32
"", context
[15]);
1452 /* exceptions other than USR & SYS have a saved program status register */
1453 if (armv4_5
->spsr
) {
1455 arm7_9
->read_xpsr(target
, &spsr
, 1);
1456 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1460 buf_set_u32(armv4_5
->spsr
->value
, 0, 32, spsr
);
1461 armv4_5
->spsr
->dirty
= 0;
1462 armv4_5
->spsr
->valid
= 1;
1465 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1468 if (arm7_9
->post_debug_entry
)
1469 arm7_9
->post_debug_entry(target
);
1475 * Validate the full context for an ARM7/9 target in all processor modes. If
1476 * there are any invalid registers for the target, they will all be read. This
1479 * @param target Pointer to the ARM7/9 target to capture the full context from
1480 * @return Error if the target is not halted, has an invalid core mode, or if
1481 * the JTAG queue fails to execute
1483 int arm7_9_full_context(struct target
*target
)
1487 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1488 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1492 if (target
->state
!= TARGET_HALTED
)
1494 LOG_WARNING("target not halted");
1495 return ERROR_TARGET_NOT_HALTED
;
1498 if (!is_arm_mode(armv4_5
->core_mode
))
1501 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1502 * SYS shares registers with User, so we don't touch SYS
1504 for (i
= 0; i
< 6; i
++)
1507 uint32_t* reg_p
[16];
1511 /* check if there are invalid registers in the current mode
1513 for (j
= 0; j
<= 16; j
++)
1515 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1523 /* change processor mode (and mask T bit) */
1524 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
1526 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1528 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1530 for (j
= 0; j
< 15; j
++)
1532 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
== 0)
1534 reg_p
[j
] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).value
;
1536 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).valid
= 1;
1537 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
).dirty
= 0;
1541 /* if only the PSR is invalid, mask is all zeroes */
1543 arm7_9
->read_core_regs(target
, mask
, reg_p
);
1545 /* check if the PSR has to be read */
1546 if (ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).valid
== 0)
1548 arm7_9
->read_xpsr(target
, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).value
, 1);
1549 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).valid
= 1;
1550 ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16).dirty
= 0;
1555 /* restore processor mode (mask T bit) */
1556 arm7_9
->write_xpsr_im8(target
,
1557 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & ~0x20,
1560 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
1568 * Restore the processor context on an ARM7/9 target. The full processor
1569 * context is analyzed to see if any of the registers are dirty on this end, but
1570 * have a valid new value. If this is the case, the processor is changed to the
1571 * appropriate mode and the new register values are written out to the
1572 * processor. If there happens to be a dirty register with an invalid value, an
1573 * error will be logged.
1575 * @param target Pointer to the ARM7/9 target to have its context restored
1576 * @return Error status if the target is not halted or the core mode in the
1577 * armv4_5 struct is invalid.
1579 int arm7_9_restore_context(struct target
*target
)
1581 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1582 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1584 struct arm_reg
*reg_arch_info
;
1585 enum arm_mode current_mode
= armv4_5
->core_mode
;
1592 if (target
->state
!= TARGET_HALTED
)
1594 LOG_WARNING("target not halted");
1595 return ERROR_TARGET_NOT_HALTED
;
1598 if (arm7_9
->pre_restore_context
)
1599 arm7_9
->pre_restore_context(target
);
1601 if (!is_arm_mode(armv4_5
->core_mode
))
1604 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1605 * SYS shares registers with User, so we don't touch SYS
1607 for (i
= 0; i
< 6; i
++)
1609 LOG_DEBUG("examining %s mode",
1610 arm_mode_name(armv4_5
->core_mode
));
1613 /* check if there are dirty registers in the current mode
1615 for (j
= 0; j
<= 16; j
++)
1617 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
);
1618 reg_arch_info
= reg
->arch_info
;
1619 if (reg
->dirty
== 1)
1621 if (reg
->valid
== 1)
1624 LOG_DEBUG("examining dirty reg: %s", reg
->name
);
1625 if ((reg_arch_info
->mode
!= ARM_MODE_ANY
)
1626 && (reg_arch_info
->mode
!= current_mode
)
1627 && !((reg_arch_info
->mode
== ARM_MODE_USR
) && (armv4_5
->core_mode
== ARM_MODE_SYS
))
1628 && !((reg_arch_info
->mode
== ARM_MODE_SYS
) && (armv4_5
->core_mode
== ARM_MODE_USR
)))
1631 LOG_DEBUG("require mode change");
1636 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg
->name
);
1643 uint32_t mask
= 0x0;
1651 /* change processor mode (mask T bit) */
1652 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
,
1654 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1656 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1657 current_mode
= armv4_5_number_to_mode(i
);
1660 for (j
= 0; j
<= 14; j
++)
1662 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), j
);
1663 reg_arch_info
= reg
->arch_info
;
1666 if (reg
->dirty
== 1)
1668 regs
[j
] = buf_get_u32(reg
->value
, 0, 32);
1673 LOG_DEBUG("writing register %i mode %s "
1674 "with value 0x%8.8" PRIx32
, j
,
1675 arm_mode_name(armv4_5
->core_mode
),
1682 arm7_9
->write_core_regs(target
, mask
, regs
);
1685 reg
= &ARMV4_5_CORE_REG_MODE(armv4_5
->core_cache
, armv4_5_number_to_mode(i
), 16);
1686 reg_arch_info
= reg
->arch_info
;
1687 if ((reg
->dirty
) && (reg_arch_info
->mode
!= ARM_MODE_ANY
))
1689 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32
"", i
, buf_get_u32(reg
->value
, 0, 32));
1690 arm7_9
->write_xpsr(target
, buf_get_u32(reg
->value
, 0, 32), 1);
1695 if (!armv4_5
->cpsr
->dirty
&& (armv4_5
->core_mode
!= current_mode
))
1697 /* restore processor mode (mask T bit) */
1700 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & 0xE0;
1701 tmp_cpsr
|= armv4_5_number_to_mode(i
);
1703 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr
));
1704 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
1706 else if (armv4_5
->cpsr
->dirty
)
1708 /* CPSR has been changed, full restore necessary (mask T bit) */
1709 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32
,
1710 buf_get_u32(armv4_5
->cpsr
->value
, 0, 32));
1711 arm7_9
->write_xpsr(target
,
1712 buf_get_u32(armv4_5
->cpsr
->value
, 0, 32)
1714 armv4_5
->cpsr
->dirty
= 0;
1715 armv4_5
->cpsr
->valid
= 1;
1719 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32
"", buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1720 arm7_9
->write_pc(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1721 armv4_5
->core_cache
->reg_list
[15].dirty
= 0;
1723 if (arm7_9
->post_restore_context
)
1724 arm7_9
->post_restore_context(target
);
1730 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1731 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1734 * @param target Pointer to the ARM7/9 target to be restarted
1735 * @return Result of executing the JTAG queue
1737 int arm7_9_restart_core(struct target
*target
)
1739 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1740 struct arm_jtag
*jtag_info
= &arm7_9
->jtag_info
;
1742 /* set RESTART instruction */
1743 jtag_set_end_state(TAP_IDLE
);
1744 if (arm7_9
->need_bypass_before_restart
) {
1745 arm7_9
->need_bypass_before_restart
= 0;
1746 arm_jtag_set_instr(jtag_info
, 0xf, NULL
);
1748 arm_jtag_set_instr(jtag_info
, 0x4, NULL
);
1750 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE
));
1751 return jtag_execute_queue();
1755 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1756 * iterated through and are set on the target if they aren't already set.
1758 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1760 void arm7_9_enable_watchpoints(struct target
*target
)
1762 struct watchpoint
*watchpoint
= target
->watchpoints
;
1766 if (watchpoint
->set
== 0)
1767 arm7_9_set_watchpoint(target
, watchpoint
);
1768 watchpoint
= watchpoint
->next
;
1773 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1774 * iterated through and are set on the target.
1776 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1778 void arm7_9_enable_breakpoints(struct target
*target
)
1780 struct breakpoint
*breakpoint
= target
->breakpoints
;
1782 /* set any pending breakpoints */
1785 arm7_9_set_breakpoint(target
, breakpoint
);
1786 breakpoint
= breakpoint
->next
;
1790 int arm7_9_resume(struct target
*target
, int current
, uint32_t address
, int handle_breakpoints
, int debug_execution
)
1792 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1793 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1794 struct breakpoint
*breakpoint
= target
->breakpoints
;
1795 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
1796 int err
, retval
= ERROR_OK
;
1800 if (target
->state
!= TARGET_HALTED
)
1802 LOG_WARNING("target not halted");
1803 return ERROR_TARGET_NOT_HALTED
;
1806 if (!debug_execution
)
1808 target_free_all_working_areas(target
);
1811 /* current = 1: continue on current pc, otherwise continue at <address> */
1813 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, address
);
1815 uint32_t current_pc
;
1816 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
1818 /* the front-end may request us not to handle breakpoints */
1819 if (handle_breakpoints
)
1821 if ((breakpoint
= breakpoint_find(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32))))
1823 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32
" (id: %d)", breakpoint
->address
, breakpoint
->unique_id
);
1824 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1829 /* calculate PC of next instruction */
1831 if ((retval
= arm_simulate_step(target
, &next_pc
)) != ERROR_OK
)
1833 uint32_t current_opcode
;
1834 target_read_u32(target
, current_pc
, ¤t_opcode
);
1835 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"", current_opcode
);
1839 LOG_DEBUG("enable single-step");
1840 arm7_9
->enable_single_step(target
, next_pc
);
1842 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1844 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
1849 if (armv4_5
->core_state
== ARM_STATE_ARM
)
1850 arm7_9
->branch_resume(target
);
1851 else if (armv4_5
->core_state
== ARM_STATE_THUMB
)
1853 arm7_9
->branch_resume_thumb(target
);
1857 LOG_ERROR("unhandled core state");
1861 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1862 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1863 err
= arm7_9_execute_sys_speed(target
);
1865 LOG_DEBUG("disable single-step");
1866 arm7_9
->disable_single_step(target
);
1868 if (err
!= ERROR_OK
)
1870 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1874 target
->state
= TARGET_UNKNOWN
;
1878 arm7_9_debug_entry(target
);
1879 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32
"", buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32));
1881 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32
"", breakpoint
->address
);
1882 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
1889 /* enable any pending breakpoints and watchpoints */
1890 arm7_9_enable_breakpoints(target
);
1891 arm7_9_enable_watchpoints(target
);
1893 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
1898 if (armv4_5
->core_state
== ARM_STATE_ARM
)
1900 arm7_9
->branch_resume(target
);
1902 else if (armv4_5
->core_state
== ARM_STATE_THUMB
)
1904 arm7_9
->branch_resume_thumb(target
);
1908 LOG_ERROR("unhandled core state");
1912 /* deassert DBGACK and INTDIS */
1913 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
1914 /* INTDIS only when we really resume, not during debug execution */
1915 if (!debug_execution
)
1916 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_INTDIS
, 1, 0);
1917 embeddedice_write_reg(dbg_ctrl
, buf_get_u32(dbg_ctrl
->value
, 0, dbg_ctrl
->size
));
1919 if ((retval
= arm7_9_restart_core(target
)) != ERROR_OK
)
1924 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1926 if (!debug_execution
)
1928 /* registers are now invalid */
1929 register_cache_invalidate(armv4_5
->core_cache
);
1930 target
->state
= TARGET_RUNNING
;
1931 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
)) != ERROR_OK
)
1938 target
->state
= TARGET_DEBUG_RUNNING
;
1939 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
)) != ERROR_OK
)
1945 LOG_DEBUG("target resumed");
1950 void arm7_9_enable_eice_step(struct target
*target
, uint32_t next_pc
)
1952 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1953 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
1954 uint32_t current_pc
;
1955 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
1957 if (next_pc
!= current_pc
)
1959 /* setup an inverse breakpoint on the current PC
1960 * - comparator 1 matches the current address
1961 * - rangeout from comparator 1 is connected to comparator 0 rangein
1962 * - comparator 0 matches any address, as long as rangein is low */
1963 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1964 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1965 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1966 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], ~(EICE_W_CTRL_RANGE
| EICE_W_CTRL_nOPC
) & 0xff);
1967 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], current_pc
);
1968 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1969 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1970 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], 0x0);
1971 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1975 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
], 0xffffffff);
1976 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
], 0xffffffff);
1977 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
], 0x0);
1978 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
], 0xff);
1979 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
], next_pc
);
1980 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
], 0);
1981 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
], 0xffffffff);
1982 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
], EICE_W_CTRL_ENABLE
);
1983 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
], ~EICE_W_CTRL_nOPC
& 0xff);
1987 void arm7_9_disable_eice_step(struct target
*target
)
1989 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1991 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_ADDR_MASK
]);
1992 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_DATA_MASK
]);
1993 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_VALUE
]);
1994 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W0_CONTROL_MASK
]);
1995 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_VALUE
]);
1996 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_ADDR_MASK
]);
1997 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_DATA_MASK
]);
1998 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_MASK
]);
1999 embeddedice_store_reg(&arm7_9
->eice_cache
->reg_list
[EICE_W1_CONTROL_VALUE
]);
2002 int arm7_9_step(struct target
*target
, int current
, uint32_t address
, int handle_breakpoints
)
2004 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2005 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2006 struct breakpoint
*breakpoint
= NULL
;
2009 if (target
->state
!= TARGET_HALTED
)
2011 LOG_WARNING("target not halted");
2012 return ERROR_TARGET_NOT_HALTED
;
2015 /* current = 1: continue on current pc, otherwise continue at <address> */
2017 buf_set_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32, address
);
2019 uint32_t current_pc
;
2020 current_pc
= buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32);
2022 /* the front-end may request us not to handle breakpoints */
2023 if (handle_breakpoints
)
2024 if ((breakpoint
= breakpoint_find(target
, buf_get_u32(armv4_5
->core_cache
->reg_list
[15].value
, 0, 32))))
2025 if ((retval
= arm7_9_unset_breakpoint(target
, breakpoint
)) != ERROR_OK
)
2030 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
2032 /* calculate PC of next instruction */
2034 if ((retval
= arm_simulate_step(target
, &next_pc
)) != ERROR_OK
)
2036 uint32_t current_opcode
;
2037 target_read_u32(target
, current_pc
, ¤t_opcode
);
2038 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32
"", current_opcode
);
2042 if ((retval
= arm7_9_restore_context(target
)) != ERROR_OK
)
2047 arm7_9
->enable_single_step(target
, next_pc
);
2049 if (armv4_5
->core_state
== ARM_STATE_ARM
)
2051 arm7_9
->branch_resume(target
);
2053 else if (armv4_5
->core_state
== ARM_STATE_THUMB
)
2055 arm7_9
->branch_resume_thumb(target
);
2059 LOG_ERROR("unhandled core state");
2063 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
)) != ERROR_OK
)
2068 err
= arm7_9_execute_sys_speed(target
);
2069 arm7_9
->disable_single_step(target
);
2071 /* registers are now invalid */
2072 register_cache_invalidate(armv4_5
->core_cache
);
2074 if (err
!= ERROR_OK
)
2076 target
->state
= TARGET_UNKNOWN
;
2078 arm7_9_debug_entry(target
);
2079 if ((retval
= target_call_event_callbacks(target
, TARGET_EVENT_HALTED
)) != ERROR_OK
)
2083 LOG_DEBUG("target stepped");
2087 if ((retval
= arm7_9_set_breakpoint(target
, breakpoint
)) != ERROR_OK
)
2095 static int arm7_9_read_core_reg(struct target
*target
, struct reg
*r
,
2096 int num
, enum arm_mode mode
)
2098 uint32_t* reg_p
[16];
2101 struct arm_reg
*areg
= r
->arch_info
;
2102 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2103 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2105 if (!is_arm_mode(armv4_5
->core_mode
))
2107 if ((num
< 0) || (num
> 16))
2108 return ERROR_INVALID_ARGUMENTS
;
2110 if ((mode
!= ARM_MODE_ANY
)
2111 && (mode
!= armv4_5
->core_mode
)
2112 && (areg
->mode
!= ARM_MODE_ANY
))
2116 /* change processor mode (mask T bit) */
2117 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & 0xE0;
2120 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2123 if ((num
>= 0) && (num
<= 15))
2125 /* read a normal core register */
2126 reg_p
[num
] = &value
;
2128 arm7_9
->read_core_regs(target
, 1 << num
, reg_p
);
2132 /* read a program status register
2133 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2135 arm7_9
->read_xpsr(target
, &value
, areg
->mode
!= ARM_MODE_ANY
);
2138 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2145 buf_set_u32(r
->value
, 0, 32, value
);
2147 if ((mode
!= ARM_MODE_ANY
)
2148 && (mode
!= armv4_5
->core_mode
)
2149 && (areg
->mode
!= ARM_MODE_ANY
)) {
2150 /* restore processor mode (mask T bit) */
2151 arm7_9
->write_xpsr_im8(target
,
2152 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2159 static int arm7_9_write_core_reg(struct target
*target
, struct reg
*r
,
2160 int num
, enum arm_mode mode
, uint32_t value
)
2163 struct arm_reg
*areg
= r
->arch_info
;
2164 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2165 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2167 if (!is_arm_mode(armv4_5
->core_mode
))
2169 if ((num
< 0) || (num
> 16))
2170 return ERROR_INVALID_ARGUMENTS
;
2172 if ((mode
!= ARM_MODE_ANY
)
2173 && (mode
!= armv4_5
->core_mode
)
2174 && (areg
->mode
!= ARM_MODE_ANY
)) {
2177 /* change processor mode (mask T bit) */
2178 tmp_cpsr
= buf_get_u32(armv4_5
->cpsr
->value
, 0, 8) & 0xE0;
2181 arm7_9
->write_xpsr_im8(target
, tmp_cpsr
& 0xff, 0, 0);
2184 if ((num
>= 0) && (num
<= 15))
2186 /* write a normal core register */
2189 arm7_9
->write_core_regs(target
, 1 << num
, reg
);
2193 /* write a program status register
2194 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2196 int spsr
= (areg
->mode
!= ARM_MODE_ANY
);
2198 /* if we're writing the CPSR, mask the T bit */
2202 arm7_9
->write_xpsr(target
, value
, spsr
);
2208 if ((mode
!= ARM_MODE_ANY
)
2209 && (mode
!= armv4_5
->core_mode
)
2210 && (areg
->mode
!= ARM_MODE_ANY
)) {
2211 /* restore processor mode (mask T bit) */
2212 arm7_9
->write_xpsr_im8(target
,
2213 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2217 return jtag_execute_queue();
2220 int arm7_9_read_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
2222 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2223 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2225 uint32_t num_accesses
= 0;
2226 int thisrun_accesses
;
2232 LOG_DEBUG("address: 0x%8.8" PRIx32
", size: 0x%8.8" PRIx32
", count: 0x%8.8" PRIx32
"", address
, size
, count
);
2234 if (target
->state
!= TARGET_HALTED
)
2236 LOG_WARNING("target not halted");
2237 return ERROR_TARGET_NOT_HALTED
;
2240 /* sanitize arguments */
2241 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2242 return ERROR_INVALID_ARGUMENTS
;
2244 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2245 return ERROR_TARGET_UNALIGNED_ACCESS
;
2247 /* load the base register with the address of the first word */
2249 arm7_9
->write_core_regs(target
, 0x1, reg
);
2256 while (num_accesses
< count
)
2259 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2260 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2262 if (last_reg
<= thisrun_accesses
)
2263 last_reg
= thisrun_accesses
;
2265 arm7_9
->load_word_regs(target
, reg_list
);
2267 /* fast memory reads are only safe when the target is running
2268 * from a sufficiently high clock (32 kHz is usually too slow)
2270 if (arm7_9
->fast_memory_access
)
2271 retval
= arm7_9_execute_fast_sys_speed(target
);
2273 retval
= arm7_9_execute_sys_speed(target
);
2274 if (retval
!= ERROR_OK
)
2277 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 4);
2279 /* advance buffer, count number of accesses */
2280 buffer
+= thisrun_accesses
* 4;
2281 num_accesses
+= thisrun_accesses
;
2283 if ((j
++%1024) == 0)
2290 while (num_accesses
< count
)
2293 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2294 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2296 for (i
= 1; i
<= thisrun_accesses
; i
++)
2300 arm7_9
->load_hword_reg(target
, i
);
2301 /* fast memory reads are only safe when the target is running
2302 * from a sufficiently high clock (32 kHz is usually too slow)
2304 if (arm7_9
->fast_memory_access
)
2305 retval
= arm7_9_execute_fast_sys_speed(target
);
2307 retval
= arm7_9_execute_sys_speed(target
);
2308 if (retval
!= ERROR_OK
)
2315 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 2);
2317 /* advance buffer, count number of accesses */
2318 buffer
+= thisrun_accesses
* 2;
2319 num_accesses
+= thisrun_accesses
;
2321 if ((j
++%1024) == 0)
2328 while (num_accesses
< count
)
2331 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2332 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2334 for (i
= 1; i
<= thisrun_accesses
; i
++)
2338 arm7_9
->load_byte_reg(target
, i
);
2339 /* fast memory reads are only safe when the target is running
2340 * from a sufficiently high clock (32 kHz is usually too slow)
2342 if (arm7_9
->fast_memory_access
)
2343 retval
= arm7_9_execute_fast_sys_speed(target
);
2345 retval
= arm7_9_execute_sys_speed(target
);
2346 if (retval
!= ERROR_OK
)
2352 arm7_9
->read_core_regs_target_buffer(target
, reg_list
, buffer
, 1);
2354 /* advance buffer, count number of accesses */
2355 buffer
+= thisrun_accesses
* 1;
2356 num_accesses
+= thisrun_accesses
;
2358 if ((j
++%1024) == 0)
2365 LOG_ERROR("BUG: we shouldn't get here");
2370 if (!is_arm_mode(armv4_5
->core_mode
))
2373 for (i
= 0; i
<= last_reg
; i
++) {
2374 struct reg
*r
= arm_reg_current(armv4_5
, i
);
2376 r
->dirty
= r
->valid
;
2379 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2380 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2382 LOG_ERROR("JTAG error while reading cpsr");
2383 return ERROR_TARGET_DATA_ABORT
;
2386 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (armv4_5
->core_mode
!= ARM_MODE_ABT
))
2388 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")", address
, size
, count
);
2390 arm7_9
->write_xpsr_im8(target
,
2391 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2394 return ERROR_TARGET_DATA_ABORT
;
2400 int arm7_9_write_memory(struct target
*target
, uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
)
2402 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2403 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2404 struct reg
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
2407 uint32_t num_accesses
= 0;
2408 int thisrun_accesses
;
2414 #ifdef _DEBUG_ARM7_9_
2415 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address
, size
, count
);
2418 if (target
->state
!= TARGET_HALTED
)
2420 LOG_WARNING("target not halted");
2421 return ERROR_TARGET_NOT_HALTED
;
2424 /* sanitize arguments */
2425 if (((size
!= 4) && (size
!= 2) && (size
!= 1)) || (count
== 0) || !(buffer
))
2426 return ERROR_INVALID_ARGUMENTS
;
2428 if (((size
== 4) && (address
& 0x3u
)) || ((size
== 2) && (address
& 0x1u
)))
2429 return ERROR_TARGET_UNALIGNED_ACCESS
;
2431 /* load the base register with the address of the first word */
2433 arm7_9
->write_core_regs(target
, 0x1, reg
);
2435 /* Clear DBGACK, to make sure memory fetches work as expected */
2436 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 0);
2437 embeddedice_store_reg(dbg_ctrl
);
2442 while (num_accesses
< count
)
2445 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2446 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2448 for (i
= 1; i
<= thisrun_accesses
; i
++)
2452 reg
[i
] = target_buffer_get_u32(target
, buffer
);
2456 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2458 arm7_9
->store_word_regs(target
, reg_list
);
2460 /* fast memory writes are only safe when the target is running
2461 * from a sufficiently high clock (32 kHz is usually too slow)
2463 if (arm7_9
->fast_memory_access
)
2464 retval
= arm7_9_execute_fast_sys_speed(target
);
2466 retval
= arm7_9_execute_sys_speed(target
);
2467 if (retval
!= ERROR_OK
)
2472 num_accesses
+= thisrun_accesses
;
2476 while (num_accesses
< count
)
2479 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2480 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2482 for (i
= 1; i
<= thisrun_accesses
; i
++)
2486 reg
[i
] = target_buffer_get_u16(target
, buffer
) & 0xffff;
2490 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2492 for (i
= 1; i
<= thisrun_accesses
; i
++)
2494 arm7_9
->store_hword_reg(target
, i
);
2496 /* fast memory writes are only safe when the target is running
2497 * from a sufficiently high clock (32 kHz is usually too slow)
2499 if (arm7_9
->fast_memory_access
)
2500 retval
= arm7_9_execute_fast_sys_speed(target
);
2502 retval
= arm7_9_execute_sys_speed(target
);
2503 if (retval
!= ERROR_OK
)
2509 num_accesses
+= thisrun_accesses
;
2513 while (num_accesses
< count
)
2516 thisrun_accesses
= ((count
- num_accesses
) >= 14) ? 14 : (count
- num_accesses
);
2517 reg_list
= (0xffff >> (15 - thisrun_accesses
)) & 0xfffe;
2519 for (i
= 1; i
<= thisrun_accesses
; i
++)
2523 reg
[i
] = *buffer
++ & 0xff;
2526 arm7_9
->write_core_regs(target
, reg_list
, reg
);
2528 for (i
= 1; i
<= thisrun_accesses
; i
++)
2530 arm7_9
->store_byte_reg(target
, i
);
2531 /* fast memory writes are only safe when the target is running
2532 * from a sufficiently high clock (32 kHz is usually too slow)
2534 if (arm7_9
->fast_memory_access
)
2535 retval
= arm7_9_execute_fast_sys_speed(target
);
2537 retval
= arm7_9_execute_sys_speed(target
);
2538 if (retval
!= ERROR_OK
)
2545 num_accesses
+= thisrun_accesses
;
2549 LOG_ERROR("BUG: we shouldn't get here");
2555 buf_set_u32(dbg_ctrl
->value
, EICE_DBG_CONTROL_DBGACK
, 1, 1);
2556 embeddedice_store_reg(dbg_ctrl
);
2558 if (!is_arm_mode(armv4_5
->core_mode
))
2561 for (i
= 0; i
<= last_reg
; i
++) {
2562 struct reg
*r
= arm_reg_current(armv4_5
, i
);
2564 r
->dirty
= r
->valid
;
2567 arm7_9
->read_xpsr(target
, &cpsr
, 0);
2568 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
2570 LOG_ERROR("JTAG error while reading cpsr");
2571 return ERROR_TARGET_DATA_ABORT
;
2574 if (((cpsr
& 0x1f) == ARM_MODE_ABT
) && (armv4_5
->core_mode
!= ARM_MODE_ABT
))
2576 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32
", size: 0x%" PRIx32
", count: 0x%" PRIx32
")", address
, size
, count
);
2578 arm7_9
->write_xpsr_im8(target
,
2579 buf_get_u32(armv4_5
->cpsr
->value
, 0, 8)
2582 return ERROR_TARGET_DATA_ABORT
;
2588 static int dcc_count
;
2589 static uint8_t *dcc_buffer
;
2591 static int arm7_9_dcc_completion(struct target
*target
, uint32_t exit_point
, int timeout_ms
, void *arch_info
)
2593 int retval
= ERROR_OK
;
2594 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2596 if ((retval
= target_wait_state(target
, TARGET_DEBUG_RUNNING
, 500)) != ERROR_OK
)
2599 int little
= target
->endianness
== TARGET_LITTLE_ENDIAN
;
2600 int count
= dcc_count
;
2601 uint8_t *buffer
= dcc_buffer
;
2604 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2605 * core function repeated. */
2606 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2609 struct embeddedice_reg
*ice_reg
= arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
].arch_info
;
2610 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
2611 struct jtag_tap
*tap
;
2612 tap
= ice_reg
->jtag_info
->tap
;
2614 embeddedice_write_dcc(tap
, reg_addr
, buffer
, little
, count
-2);
2615 buffer
+= (count
-2)*4;
2617 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2621 for (i
= 0; i
< count
; i
++)
2623 embeddedice_write_reg(&arm7_9
->eice_cache
->reg_list
[EICE_COMMS_DATA
], fast_target_buffer_get_u32(buffer
, little
));
2628 if ((retval
= target_halt(target
))!= ERROR_OK
)
2632 return target_wait_state(target
, TARGET_HALTED
, 500);
2635 static const uint32_t dcc_code
[] =
2637 /* r0 == input, points to memory buffer
2641 /* spin until DCC control (c0) reports data arrived */
2642 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2643 0xe3110001, /* tst r1, #1 */
2644 0x0afffffc, /* bne w */
2646 /* read word from DCC (c1), write to memory */
2647 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2648 0xe4801004, /* str r1, [r0], #4 */
2651 0xeafffff9 /* b w */
2654 extern int armv4_5_run_algorithm_inner(struct target
*target
,
2655 int num_mem_params
, struct mem_param
*mem_params
,
2656 int num_reg_params
, struct reg_param
*reg_params
,
2657 uint32_t entry_point
, uint32_t exit_point
,
2658 int timeout_ms
, void *arch_info
,
2659 int (*run_it
)(struct target
*target
, uint32_t exit_point
,
2660 int timeout_ms
, void *arch_info
));
2662 int arm7_9_bulk_write_memory(struct target
*target
, uint32_t address
, uint32_t count
, uint8_t *buffer
)
2665 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2668 if (!arm7_9
->dcc_downloads
)
2669 return target_write_memory(target
, address
, 4, count
, buffer
);
2671 /* regrab previously allocated working_area, or allocate a new one */
2672 if (!arm7_9
->dcc_working_area
)
2674 uint8_t dcc_code_buf
[6 * 4];
2676 /* make sure we have a working area */
2677 if (target_alloc_working_area(target
, 24, &arm7_9
->dcc_working_area
) != ERROR_OK
)
2679 LOG_INFO("no working area available, falling back to memory writes");
2680 return target_write_memory(target
, address
, 4, count
, buffer
);
2683 /* copy target instructions to target endianness */
2684 for (i
= 0; i
< 6; i
++)
2686 target_buffer_set_u32(target
, dcc_code_buf
+ i
*4, dcc_code
[i
]);
2689 /* write DCC code to working area */
2690 if ((retval
= target_write_memory(target
, arm7_9
->dcc_working_area
->address
, 4, 6, dcc_code_buf
)) != ERROR_OK
)
2696 struct arm_algorithm armv4_5_info
;
2697 struct reg_param reg_params
[1];
2699 armv4_5_info
.common_magic
= ARM_COMMON_MAGIC
;
2700 armv4_5_info
.core_mode
= ARM_MODE_SVC
;
2701 armv4_5_info
.core_state
= ARM_STATE_ARM
;
2703 init_reg_param(®_params
[0], "r0", 32, PARAM_IN_OUT
);
2705 buf_set_u32(reg_params
[0].value
, 0, 32, address
);
2708 dcc_buffer
= buffer
;
2709 retval
= armv4_5_run_algorithm_inner(target
, 0, NULL
, 1, reg_params
,
2710 arm7_9
->dcc_working_area
->address
,
2711 arm7_9
->dcc_working_area
->address
+ 6*4,
2712 20*1000, &armv4_5_info
, arm7_9_dcc_completion
);
2714 if (retval
== ERROR_OK
)
2716 uint32_t endaddress
= buf_get_u32(reg_params
[0].value
, 0, 32);
2717 if (endaddress
!= (address
+ count
*4))
2719 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32
" got 0x%0" PRIx32
"", (address
+ count
*4), endaddress
);
2720 retval
= ERROR_FAIL
;
2724 destroy_reg_param(®_params
[0]);
2730 * Perform per-target setup that requires JTAG access.
2732 int arm7_9_examine(struct target
*target
)
2734 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2737 if (!target_was_examined(target
)) {
2738 struct reg_cache
*t
, **cache_p
;
2740 t
= embeddedice_build_reg_cache(target
, arm7_9
);
2744 cache_p
= register_get_last_cache_p(&target
->reg_cache
);
2746 arm7_9
->eice_cache
= (*cache_p
);
2748 if (arm7_9
->armv4_5_common
.etm
)
2749 (*cache_p
)->next
= etm_build_reg_cache(target
,
2751 arm7_9
->armv4_5_common
.etm
);
2753 target_set_examined(target
);
2756 retval
= embeddedice_setup(target
);
2757 if (retval
== ERROR_OK
)
2758 retval
= arm7_9_setup(target
);
2759 if (retval
== ERROR_OK
&& arm7_9
->armv4_5_common
.etm
)
2760 retval
= etm_setup(target
);
2764 COMMAND_HANDLER(handle_arm7_9_dbgrq_command
)
2766 struct target
*target
= get_current_target(CMD_CTX
);
2767 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2769 if (!is_arm7_9(arm7_9
))
2771 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2772 return ERROR_TARGET_INVALID
;
2776 COMMAND_PARSE_ENABLE(CMD_ARGV
[0],arm7_9
->use_dbgrq
);
2778 command_print(CMD_CTX
, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9
->use_dbgrq
) ? "enabled" : "disabled");
2783 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command
)
2785 struct target
*target
= get_current_target(CMD_CTX
);
2786 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2788 if (!is_arm7_9(arm7_9
))
2790 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2791 return ERROR_TARGET_INVALID
;
2795 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->fast_memory_access
);
2797 command_print(CMD_CTX
, "fast memory access is %s", (arm7_9
->fast_memory_access
) ? "enabled" : "disabled");
2802 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command
)
2804 struct target
*target
= get_current_target(CMD_CTX
);
2805 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2807 if (!is_arm7_9(arm7_9
))
2809 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2810 return ERROR_TARGET_INVALID
;
2814 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], arm7_9
->dcc_downloads
);
2816 command_print(CMD_CTX
, "dcc downloads are %s", (arm7_9
->dcc_downloads
) ? "enabled" : "disabled");
2821 COMMAND_HANDLER(handle_arm7_9_semihosting_command
)
2823 struct target
*target
= get_current_target(CMD_CTX
);
2824 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
2826 if (!is_arm7_9(arm7_9
))
2828 command_print(CMD_CTX
, "current target isn't an ARM7/ARM9 target");
2829 return ERROR_TARGET_INVALID
;
2836 COMMAND_PARSE_ENABLE(CMD_ARGV
[0], semihosting
);
2838 if (arm7_9
->has_vector_catch
) {
2839 struct reg
*vector_catch
= &arm7_9
->eice_cache
2840 ->reg_list
[EICE_VEC_CATCH
];
2842 if (!vector_catch
->valid
)
2843 embeddedice_read_reg(vector_catch
);
2844 buf_set_u32(vector_catch
->value
, 2, 1, semihosting
);
2845 embeddedice_store_reg(vector_catch
);
2847 /* TODO: allow optional high vectors and/or BKPT_HARD */
2849 breakpoint_add(target
, 8, 4, BKPT_SOFT
);
2851 breakpoint_remove(target
, 8);
2854 /* FIXME never let that "catch" be dropped! */
2855 arm7_9
->armv4_5_common
.is_semihosting
= semihosting
;
2859 command_print(CMD_CTX
, "semihosting is %s",
2860 arm7_9
->armv4_5_common
.is_semihosting
2861 ? "enabled" : "disabled");
2866 int arm7_9_init_arch_info(struct target
*target
, struct arm7_9_common
*arm7_9
)
2868 int retval
= ERROR_OK
;
2869 struct arm
*armv4_5
= &arm7_9
->armv4_5_common
;
2871 arm7_9
->common_magic
= ARM7_9_COMMON_MAGIC
;
2873 if ((retval
= arm_jtag_setup_connection(&arm7_9
->jtag_info
)) != ERROR_OK
)
2876 /* caller must have allocated via calloc(), so everything's zeroed */
2878 arm7_9
->wp_available_max
= 2;
2880 arm7_9
->fast_memory_access
= false;
2881 arm7_9
->dcc_downloads
= false;
2883 armv4_5
->arch_info
= arm7_9
;
2884 armv4_5
->read_core_reg
= arm7_9_read_core_reg
;
2885 armv4_5
->write_core_reg
= arm7_9_write_core_reg
;
2886 armv4_5
->full_context
= arm7_9_full_context
;
2888 if ((retval
= armv4_5_init_arch_info(target
, armv4_5
)) != ERROR_OK
)
2891 return target_register_timer_callback(arm7_9_handle_target_request
,
2895 static const struct command_registration arm7_9_any_command_handlers
[] = {
2898 .handler
= &handle_arm7_9_dbgrq_command
,
2899 .mode
= COMMAND_ANY
,
2900 .usage
= "<enable|disable>",
2901 .help
= "use EmbeddedICE dbgrq instead of breakpoint "
2902 "for target halt requests",
2905 "fast_memory_access",
2906 .handler
= &handle_arm7_9_fast_memory_access_command
,
2907 .mode
= COMMAND_ANY
,
2908 .usage
= "<enable|disable>",
2909 .help
= "use fast memory accesses instead of slower "
2910 "but potentially safer accesses",
2914 .handler
= &handle_arm7_9_dcc_downloads_command
,
2915 .mode
= COMMAND_ANY
,
2916 .usage
= "<enable | disable>",
2917 .help
= "use DCC downloads for larger memory writes",
2921 .handler
= &handle_arm7_9_semihosting_command
,
2922 .mode
= COMMAND_EXEC
,
2923 .usage
= "<enable | disable>",
2924 .help
= "activate support for semihosting operations",
2926 COMMAND_REGISTRATION_DONE
2928 const struct command_registration arm7_9_command_handlers
[] = {
2930 .chain
= arm_command_handlers
,
2933 .chain
= etm_command_handlers
,
2937 .mode
= COMMAND_ANY
,
2938 .help
= "arm7/9 specific commands",
2939 .chain
= arm7_9_any_command_handlers
,
2941 COMMAND_REGISTRATION_DONE
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)