1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * Copyright (C) 2009 David Brownell *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
32 #include "breakpoints.h"
33 #include "arm11_dbgtap.h"
34 #include "arm_simulator.h"
35 #include <helper/time_support.h>
36 #include "target_type.h"
37 #include "algorithm.h"
39 #include "arm_opcodes.h"
42 #define _DEBUG_INSTRUCTION_EXECUTION_
46 static int arm11_step(struct target
*target
, int current
,
47 uint32_t address
, int handle_breakpoints
);
50 /** Check and if necessary take control of the system
52 * \param arm11 Target state variable.
54 static int arm11_check_init(struct arm11_common
*arm11
)
56 CHECK_RETVAL(arm11_read_DSCR(arm11
));
58 if (!(arm11
->dscr
& DSCR_HALT_DBG_MODE
)) {
59 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
60 LOG_DEBUG("Bringing target into debug mode");
62 arm11
->dscr
|= DSCR_HALT_DBG_MODE
;
63 CHECK_RETVAL(arm11_write_DSCR(arm11
, arm11
->dscr
));
65 /* add further reset initialization here */
67 arm11
->simulate_reset_on_next_halt
= true;
69 if (arm11
->dscr
& DSCR_CORE_HALTED
) {
70 /** \todo TODO: this needs further scrutiny because
71 * arm11_debug_entry() never gets called. (WHY NOT?)
72 * As a result we don't read the actual register states from
76 arm11
->arm
.target
->state
= TARGET_HALTED
;
77 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
79 arm11
->arm
.target
->state
= TARGET_RUNNING
;
80 arm11
->arm
.target
->debug_reason
= DBG_REASON_NOTHALTED
;
83 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11
));
90 * Save processor state. This is called after a HALT instruction
91 * succeeds, and on other occasions the processor enters debug mode
92 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
94 static int arm11_debug_entry(struct arm11_common
*arm11
)
98 arm11
->arm
.target
->state
= TARGET_HALTED
;
99 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
101 /* REVISIT entire cache should already be invalid !!! */
102 register_cache_invalidate(arm11
->arm
.core_cache
);
104 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
106 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
107 arm11
->is_wdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_TX_FULL
);
108 if (arm11
->is_wdtr_saved
) {
109 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
111 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
113 struct scan_field chain5_fields
[3];
115 arm11_setup_field(arm11
, 32, NULL
,
116 &arm11
->saved_wdtr
, chain5_fields
+ 0);
117 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 1);
118 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 2);
120 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(
121 chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
125 /* DSCR: set the Execute ARM instruction enable bit.
127 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
128 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
129 * for executing instructions via ITR.
131 CHECK_RETVAL(arm11_write_DSCR(arm11
, DSCR_ITR_EN
| arm11
->dscr
));
135 Before executing any instruction in debug state you have to drain the write buffer.
136 This ensures that no imprecise Data Aborts can return at a later point:*/
138 /** \todo TODO: Test drain write buffer. */
142 /* MRC p14,0,R0,c5,c10,0 */
143 /* arm11_run_instr_no_data1(arm11, / *0xee150e1a* /0xe320f000); */
145 /* mcr 15, 0, r0, cr7, cr10, {4} */
146 arm11_run_instr_no_data1(arm11
, 0xee070f9a);
148 uint32_t dscr
= arm11_read_DSCR(arm11
);
150 LOG_DEBUG("DRAIN, DSCR %08x", dscr
);
152 if (dscr
& ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT
) {
153 arm11_run_instr_no_data1(arm11
, 0xe320f000);
155 dscr
= arm11_read_DSCR(arm11
);
157 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr
);
166 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
167 * CPSR and PC after the rDTR stuff. We do it all at once.
169 retval
= arm_dpm_read_current_registers(&arm11
->dpm
);
170 if (retval
!= ERROR_OK
)
171 LOG_ERROR("DPM REG READ -- fail");
173 retval
= arm11_run_instr_data_prepare(arm11
);
174 if (retval
!= ERROR_OK
)
177 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
178 arm11
->is_rdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_RX_FULL
);
179 if (arm11
->is_rdtr_saved
) {
180 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
181 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
182 0xEE100E15, &arm11
->saved_rdtr
);
183 if (retval
!= ERROR_OK
)
187 /* REVISIT Now that we've saved core state, there's may also
188 * be MMU and cache state to care about ...
191 if (arm11
->simulate_reset_on_next_halt
) {
192 arm11
->simulate_reset_on_next_halt
= false;
194 LOG_DEBUG("Reset c1 Control Register");
196 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
198 /* MCR p15,0,R0,c1,c0,0 */
199 retval
= arm11_run_instr_data_to_core_via_r0(arm11
, 0xee010f10, 0);
200 if (retval
!= ERROR_OK
)
205 if (arm11
->arm
.target
->debug_reason
== DBG_REASON_WATCHPOINT
) {
208 /* MRC p15, 0, <Rd>, c6, c0, 1 ; Read WFAR */
209 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
210 ARMV4_5_MRC(15, 0, 0, 6, 0, 1),
212 if (retval
!= ERROR_OK
)
214 arm_dpm_report_wfar(arm11
->arm
.dpm
, wfar
);
218 retval
= arm11_run_instr_data_finish(arm11
);
219 if (retval
!= ERROR_OK
)
226 * Restore processor state. This is called in preparation for
227 * the RESTART function.
229 static int arm11_leave_debug_state(struct arm11_common
*arm11
, bool bpwp
)
233 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
235 /* NOTE: the ARM1136 TRM suggests restoring all registers
236 * except R0/PC/CPSR right now. Instead, we do them all
237 * at once, just a bit later on.
240 /* REVISIT once we start caring about MMU and cache state,
241 * address it here ...
244 /* spec says clear wDTR and rDTR; we assume they are clear as
245 otherwise our programming would be sloppy */
247 CHECK_RETVAL(arm11_read_DSCR(arm11
));
249 if (arm11
->dscr
& (DSCR_DTR_RX_FULL
| DSCR_DTR_TX_FULL
)) {
251 The wDTR/rDTR two registers that are used to send/receive data to/from
252 the core in tandem with corresponding instruction codes that are
253 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
254 registers hold data that was written by one side (CPU or JTAG) and not
255 read out by the other side.
257 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
258 (unsigned) arm11
->dscr
);
263 /* maybe restore original wDTR */
264 if (arm11
->is_wdtr_saved
) {
265 retval
= arm11_run_instr_data_prepare(arm11
);
266 if (retval
!= ERROR_OK
)
269 /* MCR p14,0,R0,c0,c5,0 */
270 retval
= arm11_run_instr_data_to_core_via_r0(arm11
,
271 0xee000e15, arm11
->saved_wdtr
);
272 if (retval
!= ERROR_OK
)
275 retval
= arm11_run_instr_data_finish(arm11
);
276 if (retval
!= ERROR_OK
)
280 /* restore CPSR, PC, and R0 ... after flushing any modified
283 CHECK_RETVAL(arm_dpm_write_dirty_registers(&arm11
->dpm
, bpwp
));
285 CHECK_RETVAL(arm11_bpwp_flush(arm11
));
287 register_cache_invalidate(arm11
->arm
.core_cache
);
290 CHECK_RETVAL(arm11_write_DSCR(arm11
, arm11
->dscr
));
292 /* maybe restore rDTR */
293 if (arm11
->is_rdtr_saved
) {
294 arm11_add_debug_SCAN_N(arm11
, 0x05, ARM11_TAP_DEFAULT
);
296 arm11_add_IR(arm11
, ARM11_EXTEST
, ARM11_TAP_DEFAULT
);
298 struct scan_field chain5_fields
[3];
300 uint8_t Ready
= 0; /* ignored */
301 uint8_t Valid
= 0; /* ignored */
303 arm11_setup_field(arm11
, 32, &arm11
->saved_rdtr
,
304 NULL
, chain5_fields
+ 0);
305 arm11_setup_field(arm11
, 1, &Ready
, NULL
, chain5_fields
+ 1);
306 arm11_setup_field(arm11
, 1, &Valid
, NULL
, chain5_fields
+ 2);
308 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(
309 chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
312 /* now processor is ready to RESTART */
317 /* poll current target status */
318 static int arm11_poll(struct target
*target
)
321 struct arm11_common
*arm11
= target_to_arm11(target
);
323 CHECK_RETVAL(arm11_check_init(arm11
));
325 if (arm11
->dscr
& DSCR_CORE_HALTED
) {
326 if (target
->state
!= TARGET_HALTED
) {
327 enum target_state old_state
= target
->state
;
329 LOG_DEBUG("enter TARGET_HALTED");
330 retval
= arm11_debug_entry(arm11
);
331 if (retval
!= ERROR_OK
)
334 target_call_event_callbacks(target
,
335 (old_state
== TARGET_DEBUG_RUNNING
)
336 ? TARGET_EVENT_DEBUG_HALTED
337 : TARGET_EVENT_HALTED
);
340 if (target
->state
!= TARGET_RUNNING
&& target
->state
!= TARGET_DEBUG_RUNNING
) {
341 LOG_DEBUG("enter TARGET_RUNNING");
342 target
->state
= TARGET_RUNNING
;
343 target
->debug_reason
= DBG_REASON_NOTHALTED
;
349 /* architecture specific status reply */
350 static int arm11_arch_state(struct target
*target
)
352 struct arm11_common
*arm11
= target_to_arm11(target
);
355 retval
= arm_arch_state(target
);
357 /* REVISIT also display ARM11-specific MMU and cache status ... */
359 if (target
->debug_reason
== DBG_REASON_WATCHPOINT
)
360 LOG_USER("Watchpoint triggered at PC %#08x",
361 (unsigned) arm11
->dpm
.wp_pc
);
366 /* target request support */
367 static int arm11_target_request_data(struct target
*target
,
368 uint32_t size
, uint8_t *buffer
)
370 LOG_WARNING("Not implemented: %s", __func__
);
375 /* target execution control */
376 static int arm11_halt(struct target
*target
)
378 struct arm11_common
*arm11
= target_to_arm11(target
);
380 LOG_DEBUG("target->state: %s",
381 target_state_name(target
));
383 if (target
->state
== TARGET_UNKNOWN
)
384 arm11
->simulate_reset_on_next_halt
= true;
386 if (target
->state
== TARGET_HALTED
) {
387 LOG_DEBUG("target was already halted");
391 arm11_add_IR(arm11
, ARM11_HALT
, TAP_IDLE
);
393 CHECK_RETVAL(jtag_execute_queue());
398 CHECK_RETVAL(arm11_read_DSCR(arm11
));
400 if (arm11
->dscr
& DSCR_CORE_HALTED
)
408 if ((timeval_ms()-then
) > 1000) {
409 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
416 enum target_state old_state
= target
->state
;
418 CHECK_RETVAL(arm11_debug_entry(arm11
));
421 target_call_event_callbacks(target
,
423 TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
));
428 static uint32_t arm11_nextpc(struct arm11_common
*arm11
, int current
, uint32_t address
)
430 void *value
= arm11
->arm
.pc
->value
;
433 buf_set_u32(value
, 0, 32, address
);
435 address
= buf_get_u32(value
, 0, 32);
440 static int arm11_resume(struct target
*target
, int current
,
441 uint32_t address
, int handle_breakpoints
, int debug_execution
)
443 /* LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d", */
444 /* current, address, handle_breakpoints, debug_execution); */
446 struct arm11_common
*arm11
= target_to_arm11(target
);
448 LOG_DEBUG("target->state: %s",
449 target_state_name(target
));
452 if (target
->state
!= TARGET_HALTED
) {
453 LOG_ERROR("Target not halted");
454 return ERROR_TARGET_NOT_HALTED
;
457 address
= arm11_nextpc(arm11
, current
, address
);
459 LOG_DEBUG("RESUME PC %08" PRIx32
"%s", address
, !current
? "!" : "");
461 /* clear breakpoints/watchpoints and VCR*/
462 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11
));
464 if (!debug_execution
)
465 target_free_all_working_areas(target
);
467 /* Should we skip over breakpoints matching the PC? */
468 if (handle_breakpoints
) {
469 struct breakpoint
*bp
;
471 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
) {
472 if (bp
->address
== address
) {
473 LOG_DEBUG("must step over %08" PRIx32
"", bp
->address
);
474 arm11_step(target
, 1, 0, 0);
480 /* activate all breakpoints */
482 struct breakpoint
*bp
;
483 unsigned brp_num
= 0;
485 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
) {
486 struct arm11_sc7_action brp
[2];
489 brp
[0].address
= ARM11_SC7_BVR0
+ brp_num
;
490 brp
[0].value
= bp
->address
;
492 brp
[1].address
= ARM11_SC7_BCR0
+ brp_num
;
495 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
497 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
499 LOG_DEBUG("Add BP %d at %08" PRIx32
, brp_num
,
506 CHECK_RETVAL(arm11_sc7_set_vcr(arm11
, arm11
->vcr
));
509 /* activate all watchpoints and breakpoints */
510 CHECK_RETVAL(arm11_leave_debug_state(arm11
, true));
512 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
514 CHECK_RETVAL(jtag_execute_queue());
518 CHECK_RETVAL(arm11_read_DSCR(arm11
));
520 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
522 if (arm11
->dscr
& DSCR_CORE_RESTARTED
)
530 if ((timeval_ms()-then
) > 1000) {
531 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
538 target
->debug_reason
= DBG_REASON_NOTHALTED
;
539 if (!debug_execution
)
540 target
->state
= TARGET_RUNNING
;
542 target
->state
= TARGET_DEBUG_RUNNING
;
543 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
));
548 static int arm11_step(struct target
*target
, int current
,
549 uint32_t address
, int handle_breakpoints
)
551 LOG_DEBUG("target->state: %s",
552 target_state_name(target
));
554 if (target
->state
!= TARGET_HALTED
) {
555 LOG_WARNING("target was not halted");
556 return ERROR_TARGET_NOT_HALTED
;
559 struct arm11_common
*arm11
= target_to_arm11(target
);
561 address
= arm11_nextpc(arm11
, current
, address
);
563 LOG_DEBUG("STEP PC %08" PRIx32
"%s", address
, !current
? "!" : "");
566 /** \todo TODO: Thumb not supported here */
568 uint32_t next_instruction
;
570 CHECK_RETVAL(arm11_read_memory_word(arm11
, address
, &next_instruction
));
573 if ((next_instruction
& 0xFFF00070) == 0xe1200070) {
574 address
= arm11_nextpc(arm11
, 0, address
+ 4);
575 LOG_DEBUG("Skipping BKPT %08" PRIx32
, address
);
577 /* skip over Wait for interrupt / Standby
578 * mcr 15, 0, r?, cr7, cr0, {4} */
579 else if ((next_instruction
& 0xFFFF0FFF) == 0xee070f90) {
580 address
= arm11_nextpc(arm11
, 0, address
+ 4);
581 LOG_DEBUG("Skipping WFI %08" PRIx32
, address
);
583 /* ignore B to self */
584 else if ((next_instruction
& 0xFEFFFFFF) == 0xeafffffe)
585 LOG_DEBUG("Not stepping jump to self");
587 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
590 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
591 * the VCR might be something worth looking into. */
594 /* Set up breakpoint for stepping */
596 struct arm11_sc7_action brp
[2];
599 brp
[0].address
= ARM11_SC7_BVR0
;
601 brp
[1].address
= ARM11_SC7_BCR0
;
603 if (arm11
->hardware_step
) {
604 /* Hardware single stepping ("instruction address
605 * mismatch") is used if enabled. It's not quite
606 * exactly "run one instruction"; "branch to here"
607 * loops won't break, neither will some other cases,
608 * but it's probably the best default.
610 * Hardware single stepping isn't supported on v6
611 * debug modules. ARM1176 and v7 can support it...
613 * FIXME Thumb stepping likely needs to use 0x03
614 * or 0xc0 byte masks, not 0x0f.
616 brp
[0].value
= address
;
617 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
618 | (0 << 14) | (0 << 16) | (0 << 20)
621 /* Sets a breakpoint on the next PC, as calculated
622 * by instruction set simulation.
624 * REVISIT stepping Thumb on ARM1156 requires Thumb2
625 * support from the simulator.
630 retval
= arm_simulate_step(target
, &next_pc
);
631 if (retval
!= ERROR_OK
)
634 brp
[0].value
= next_pc
;
635 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
636 | (0 << 14) | (0 << 16) | (0 << 20)
640 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
645 if (arm11
->step_irq_enable
)
646 /* this disable should be redundant ... */
647 arm11
->dscr
&= ~DSCR_INT_DIS
;
649 arm11
->dscr
|= DSCR_INT_DIS
;
652 CHECK_RETVAL(arm11_leave_debug_state(arm11
, handle_breakpoints
));
654 arm11_add_IR(arm11
, ARM11_RESTART
, TAP_IDLE
);
656 CHECK_RETVAL(jtag_execute_queue());
662 const uint32_t mask
= DSCR_CORE_RESTARTED
665 CHECK_RETVAL(arm11_read_DSCR(arm11
));
666 LOG_DEBUG("DSCR %08x e", (unsigned) arm11
->dscr
);
668 if ((arm11
->dscr
& mask
) == mask
)
675 if ((timeval_ms()-then
) > 1000) {
677 "Timeout (1000ms) waiting for instructions to complete");
684 /* clear breakpoint */
685 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11
));
688 CHECK_RETVAL(arm11_debug_entry(arm11
));
690 /* restore default state */
691 arm11
->dscr
&= ~DSCR_INT_DIS
;
695 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
697 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_HALTED
));
702 static int arm11_assert_reset(struct target
*target
)
704 struct arm11_common
*arm11
= target_to_arm11(target
);
706 /* optionally catch reset vector */
707 if (target
->reset_halt
&& !(arm11
->vcr
& 1))
708 CHECK_RETVAL(arm11_sc7_set_vcr(arm11
, arm11
->vcr
| 1));
710 /* Issue some kind of warm reset. */
711 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
712 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
713 else if (jtag_get_reset_config() & RESET_HAS_SRST
) {
714 /* REVISIT handle "pulls" cases, if there's
715 * hardware that needs them to work.
717 jtag_add_reset(0, 1);
719 LOG_ERROR("%s: how to reset?", target_name(target
));
723 /* registers are now invalid */
724 register_cache_invalidate(arm11
->arm
.core_cache
);
726 target
->state
= TARGET_RESET
;
732 * - There is another bug in the arm11 core. (iMX31 specific again?)
733 * When you generate an access to external logic (for example DDR
734 * controller via AHB bus) and that block is not configured (perhaps
735 * it is still held in reset), that transaction will never complete.
736 * This will hang arm11 core but it will also hang JTAG controller.
737 * Nothing short of srst assertion will bring it out of this.
740 static int arm11_deassert_reset(struct target
*target
)
742 struct arm11_common
*arm11
= target_to_arm11(target
);
745 /* be certain SRST is off */
746 jtag_add_reset(0, 0);
748 /* WORKAROUND i.MX31 problems: SRST goofs the TAP, and resets
749 * at least DSCR. OMAP24xx doesn't show that problem, though
750 * SRST-only reset seems to be problematic for other reasons.
751 * (Secure boot sequences being one likelihood!)
755 CHECK_RETVAL(arm11_poll(target
));
757 if (target
->reset_halt
) {
758 if (target
->state
!= TARGET_HALTED
) {
759 LOG_WARNING("%s: ran after reset and before halt ...",
760 target_name(target
));
761 retval
= target_halt(target
);
762 if (retval
!= ERROR_OK
)
767 /* maybe restore vector catch config */
768 if (target
->reset_halt
&& !(arm11
->vcr
& 1))
769 CHECK_RETVAL(arm11_sc7_set_vcr(arm11
, arm11
->vcr
));
774 static int arm11_soft_reset_halt(struct target
*target
)
776 LOG_WARNING("Not implemented: %s", __func__
);
781 /* target memory access
782 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
783 * count: number of items of <size>
785 * arm11_config_memrw_no_increment - in the future we may want to be able
786 * to read/write a range of data to a "port". a "port" is an action on
787 * read memory address for some peripheral.
789 static int arm11_read_memory_inner(struct target
*target
,
790 uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
,
791 bool arm11_config_memrw_no_increment
)
793 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment
797 if (target
->state
!= TARGET_HALTED
) {
798 LOG_WARNING("target was not halted");
799 return ERROR_TARGET_NOT_HALTED
;
802 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"",
807 struct arm11_common
*arm11
= target_to_arm11(target
);
809 retval
= arm11_run_instr_data_prepare(arm11
);
810 if (retval
!= ERROR_OK
)
813 /* MRC p14,0,r0,c0,c5,0 */
814 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
815 if (retval
!= ERROR_OK
)
820 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
822 for (size_t i
= 0; i
< count
; i
++) {
823 /* ldrb r1, [r0], #1 */
825 CHECK_RETVAL(arm11_run_instr_no_data1(arm11
,
826 !arm11_config_memrw_no_increment
? 0xe4d01001 : 0xe5d01000));
829 /* MCR p14,0,R1,c0,c5,0 */
830 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1));
839 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
841 for (size_t i
= 0; i
< count
; i
++) {
842 /* ldrh r1, [r0], #2 */
843 CHECK_RETVAL(arm11_run_instr_no_data1(arm11
,
844 !arm11_config_memrw_no_increment
? 0xe0d010b2 : 0xe1d010b0));
848 /* MCR p14,0,R1,c0,c5,0 */
849 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1));
851 uint16_t svalue
= res
;
852 memcpy(buffer
+ i
* sizeof(uint16_t), &svalue
, sizeof(uint16_t));
860 uint32_t instr
= !arm11_config_memrw_no_increment
? 0xecb05e01 : 0xed905e00;
861 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
862 uint32_t *words
= (uint32_t *)(void *)buffer
;
864 /* LDC p14,c5,[R0],#4 */
865 /* LDC p14,c5,[R0] */
866 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11
, instr
, words
, count
));
871 return arm11_run_instr_data_finish(arm11
);
874 static int arm11_read_memory(struct target
*target
,
880 return arm11_read_memory_inner(target
, address
, size
, count
, buffer
, false);
884 * no_increment - in the future we may want to be able
885 * to read/write a range of data to a "port". a "port" is an action on
886 * read memory address for some peripheral.
888 static int arm11_write_memory_inner(struct target
*target
,
889 uint32_t address
, uint32_t size
,
890 uint32_t count
, const uint8_t *buffer
,
895 if (target
->state
!= TARGET_HALTED
) {
896 LOG_WARNING("target was not halted");
897 return ERROR_TARGET_NOT_HALTED
;
900 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"",
905 struct arm11_common
*arm11
= target_to_arm11(target
);
907 retval
= arm11_run_instr_data_prepare(arm11
);
908 if (retval
!= ERROR_OK
)
911 /* load r0 with buffer address
912 * MRC p14,0,r0,c0,c5,0 */
913 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
914 if (retval
!= ERROR_OK
)
917 /* burst writes are not used for single words as those may well be
918 * reset init script writes.
920 * The other advantage is that as burst writes are default, we'll
921 * now exercise both burst and non-burst code paths with the
922 * default settings, increasing code coverage.
924 bool burst
= arm11
->memwrite_burst
&& (count
> 1);
929 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
931 for (size_t i
= 0; i
< count
; i
++) {
932 /* load r1 from DCC with byte data */
933 /* MRC p14,0,r1,c0,c5,0 */
934 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, *buffer
++);
935 if (retval
!= ERROR_OK
)
938 /* write r1 to memory */
939 /* strb r1, [r0], #1 */
941 retval
= arm11_run_instr_no_data1(arm11
,
942 !no_increment
? 0xe4c01001 : 0xe5c01000);
943 if (retval
!= ERROR_OK
)
952 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
954 for (size_t i
= 0; i
< count
; i
++) {
956 memcpy(&value
, buffer
+ i
* sizeof(uint16_t), sizeof(uint16_t));
958 /* load r1 from DCC with halfword data */
959 /* MRC p14,0,r1,c0,c5,0 */
960 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, value
);
961 if (retval
!= ERROR_OK
)
964 /* write r1 to memory */
965 /* strh r1, [r0], #2 */
967 retval
= arm11_run_instr_no_data1(arm11
,
968 !no_increment
? 0xe0c010b2 : 0xe1c010b0);
969 if (retval
!= ERROR_OK
)
977 /* stream word data through DCC directly to memory */
978 /* increment: STC p14,c5,[R0],#4 */
979 /* no increment: STC p14,c5,[R0]*/
980 uint32_t instr
= !no_increment
? 0xeca05e01 : 0xed805e00;
982 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
983 uint32_t *words
= (uint32_t *)(void *)buffer
;
985 /* "burst" here just means trusting each instruction executes
986 * fully before we run the next one: per-word roundtrips, to
987 * check the Ready flag, are not used.
990 retval
= arm11_run_instr_data_to_core(arm11
,
991 instr
, words
, count
);
993 retval
= arm11_run_instr_data_to_core_noack(arm11
,
994 instr
, words
, count
);
995 if (retval
!= ERROR_OK
)
1002 /* r0 verification */
1003 if (!no_increment
) {
1006 /* MCR p14,0,R0,c0,c5,0 */
1007 retval
= arm11_run_instr_data_from_core(arm11
, 0xEE000E15, &r0
, 1);
1008 if (retval
!= ERROR_OK
)
1011 if (address
+ size
* count
!= r0
) {
1012 LOG_ERROR("Data transfer failed. Expected end "
1013 "address 0x%08x, got 0x%08x",
1014 (unsigned) (address
+ size
* count
),
1019 "use 'arm11 memwrite burst disable' to disable fast burst mode");
1022 if (arm11
->memwrite_error_fatal
)
1027 return arm11_run_instr_data_finish(arm11
);
1030 static int arm11_write_memory(struct target
*target
,
1031 uint32_t address
, uint32_t size
,
1032 uint32_t count
, const uint8_t *buffer
)
1034 /* pointer increment matters only for multi-unit writes ...
1035 * not e.g. to a "reset the chip" controller.
1037 return arm11_write_memory_inner(target
, address
, size
,
1038 count
, buffer
, count
== 1);
1041 /* write target memory in multiples of 4 byte, optimized for writing large quantities of data */
1042 static int arm11_bulk_write_memory(struct target
*target
,
1043 uint32_t address
, uint32_t count
, const uint8_t *buffer
)
1045 if (target
->state
!= TARGET_HALTED
) {
1046 LOG_WARNING("target was not halted");
1047 return ERROR_TARGET_NOT_HALTED
;
1050 return arm11_write_memory(target
, address
, 4, count
, buffer
);
1053 /* target break-/watchpoint control
1054 * rw: 0 = write, 1 = read, 2 = access
1056 static int arm11_add_breakpoint(struct target
*target
,
1057 struct breakpoint
*breakpoint
)
1059 struct arm11_common
*arm11
= target_to_arm11(target
);
1062 if (breakpoint
->type
== BKPT_SOFT
) {
1063 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1064 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1068 if (!arm11
->free_brps
) {
1069 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1070 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1073 if (breakpoint
->length
!= 4) {
1074 LOG_DEBUG("only breakpoints of four bytes length supported");
1075 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1083 static int arm11_remove_breakpoint(struct target
*target
,
1084 struct breakpoint
*breakpoint
)
1086 struct arm11_common
*arm11
= target_to_arm11(target
);
1093 static int arm11_target_create(struct target
*target
, Jim_Interp
*interp
)
1095 struct arm11_common
*arm11
;
1097 if (target
->tap
== NULL
)
1100 if (target
->tap
->ir_length
!= 5) {
1101 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1102 return ERROR_COMMAND_SYNTAX_ERROR
;
1105 arm11
= calloc(1, sizeof *arm11
);
1109 arm_init_arch_info(target
, &arm11
->arm
);
1111 arm11
->jtag_info
.tap
= target
->tap
;
1112 arm11
->jtag_info
.scann_size
= 5;
1113 arm11
->jtag_info
.scann_instr
= ARM11_SCAN_N
;
1114 arm11
->jtag_info
.cur_scan_chain
= ~0; /* invalid/unknown */
1115 arm11
->jtag_info
.intest_instr
= ARM11_INTEST
;
1117 arm11
->memwrite_burst
= true;
1118 arm11
->memwrite_error_fatal
= true;
1123 static int arm11_init_target(struct command_context
*cmd_ctx
,
1124 struct target
*target
)
1126 /* Initialize anything we can set up without talking to the target */
1130 /* talk to the target and set things up */
1131 static int arm11_examine(struct target
*target
)
1135 struct arm11_common
*arm11
= target_to_arm11(target
);
1136 uint32_t didr
, device_id
;
1137 uint8_t implementor
;
1139 /* FIXME split into do-first-time and do-every-time logic ... */
1143 arm11_add_IR(arm11
, ARM11_IDCODE
, ARM11_TAP_DEFAULT
);
1145 struct scan_field idcode_field
;
1147 arm11_setup_field(arm11
, 32, NULL
, &device_id
, &idcode_field
);
1149 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, 1, &idcode_field
, TAP_DRPAUSE
);
1153 arm11_add_debug_SCAN_N(arm11
, 0x00, ARM11_TAP_DEFAULT
);
1155 arm11_add_IR(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
1157 struct scan_field chain0_fields
[2];
1159 arm11_setup_field(arm11
, 32, NULL
, &didr
, chain0_fields
+ 0);
1160 arm11_setup_field(arm11
, 8, NULL
, &implementor
, chain0_fields
+ 1);
1162 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(
1163 chain0_fields
), chain0_fields
, TAP_IDLE
);
1165 CHECK_RETVAL(jtag_execute_queue());
1167 /* assume the manufacturer id is ok; check the part # */
1168 switch ((device_id
>> 12) & 0xFFFF) {
1173 type
= "ARM11 MPCore";
1179 arm11
->arm
.core_type
= ARM_MODE_MON
;
1180 /* NOTE: could default arm11->hardware_step to true */
1184 LOG_ERROR("unexpected ARM11 ID code");
1187 LOG_INFO("found %s", type
);
1189 /* unlikely this could ever fail, but ... */
1190 switch ((didr
>> 16) & 0x0F) {
1191 case ARM11_DEBUG_V6
:
1192 case ARM11_DEBUG_V61
: /* supports security extensions */
1195 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1199 arm11
->brp
= ((didr
>> 24) & 0x0F) + 1;
1201 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1202 arm11
->free_brps
= arm11
->brp
;
1204 LOG_DEBUG("IDCODE %08" PRIx32
" IMPLEMENTOR %02x DIDR %08" PRIx32
,
1205 device_id
, implementor
, didr
);
1207 /* as a side-effect this reads DSCR and thus
1208 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1209 * as suggested by the spec.
1212 retval
= arm11_check_init(arm11
);
1213 if (retval
!= ERROR_OK
)
1216 /* Build register cache "late", after target_init(), since we
1217 * want to know if this core supports Secure Monitor mode.
1219 if (!target_was_examined(target
))
1220 CHECK_RETVAL(arm11_dpm_init(arm11
, didr
));
1222 /* ETM on ARM11 still uses original scanchain 6 access mode */
1223 if (arm11
->arm
.etm
&& !target_was_examined(target
)) {
1224 *register_get_last_cache_p(&target
->reg_cache
) =
1225 etm_build_reg_cache(target
, &arm11
->jtag_info
,
1227 CHECK_RETVAL(etm_setup(target
));
1230 target_set_examined(target
);
1235 #define ARM11_BOOL_WRAPPER(name, print_name) \
1236 COMMAND_HANDLER(arm11_handle_bool_ ## name) \
1238 struct target *target = get_current_target(CMD_CTX); \
1239 struct arm11_common *arm11 = target_to_arm11(target); \
1241 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1242 &arm11->name, print_name); \
1245 ARM11_BOOL_WRAPPER(memwrite_burst
, "memory write burst mode")
1246 ARM11_BOOL_WRAPPER(memwrite_error_fatal
, "fatal error mode for memory writes")
1247 ARM11_BOOL_WRAPPER(step_irq_enable
, "IRQs while stepping")
1248 ARM11_BOOL_WRAPPER(hardware_step
, "hardware single step")
1250 /* REVISIT handle the VCR bits like other ARMs: use symbols for
1251 * input and output values.
1254 COMMAND_HANDLER(arm11_handle_vcr
)
1256 struct target
*target
= get_current_target(CMD_CTX
);
1257 struct arm11_common
*arm11
= target_to_arm11(target
);
1263 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], arm11
->vcr
);
1266 return ERROR_COMMAND_SYNTAX_ERROR
;
1269 LOG_INFO("VCR 0x%08" PRIx32
"", arm11
->vcr
);
1273 static const struct command_registration arm11_mw_command_handlers
[] = {
1276 .handler
= arm11_handle_bool_memwrite_burst
,
1277 .mode
= COMMAND_ANY
,
1278 .help
= "Display or modify flag controlling potentially "
1279 "risky fast burst mode (default: enabled)",
1280 .usage
= "['enable'|'disable']",
1283 .name
= "error_fatal",
1284 .handler
= arm11_handle_bool_memwrite_error_fatal
,
1285 .mode
= COMMAND_ANY
,
1286 .help
= "Display or modify flag controlling transfer "
1287 "termination on transfer errors"
1288 " (default: enabled)",
1289 .usage
= "['enable'|'disable']",
1291 COMMAND_REGISTRATION_DONE
1293 static const struct command_registration arm11_any_command_handlers
[] = {
1295 /* "hardware_step" is only here to check if the default
1296 * simulate + breakpoint implementation is broken.
1297 * TEMPORARY! NOT DOCUMENTED! */
1298 .name
= "hardware_step",
1299 .handler
= arm11_handle_bool_hardware_step
,
1300 .mode
= COMMAND_ANY
,
1301 .help
= "DEBUG ONLY - Hardware single stepping"
1302 " (default: disabled)",
1303 .usage
= "['enable'|'disable']",
1307 .mode
= COMMAND_ANY
,
1308 .help
= "memwrite command group",
1310 .chain
= arm11_mw_command_handlers
,
1313 .name
= "step_irq_enable",
1314 .handler
= arm11_handle_bool_step_irq_enable
,
1315 .mode
= COMMAND_ANY
,
1316 .help
= "Display or modify flag controlling interrupt "
1317 "enable while stepping (default: disabled)",
1318 .usage
= "['enable'|'disable']",
1322 .handler
= arm11_handle_vcr
,
1323 .mode
= COMMAND_ANY
,
1324 .help
= "Display or modify Vector Catch Register",
1327 COMMAND_REGISTRATION_DONE
1330 static const struct command_registration arm11_command_handlers
[] = {
1332 .chain
= arm_command_handlers
,
1335 .chain
= etm_command_handlers
,
1339 .mode
= COMMAND_ANY
,
1340 .help
= "ARM11 command group",
1342 .chain
= arm11_any_command_handlers
,
1344 COMMAND_REGISTRATION_DONE
1347 /** Holds methods for ARM11xx targets. */
1348 struct target_type arm11_target
= {
1352 .arch_state
= arm11_arch_state
,
1354 .target_request_data
= arm11_target_request_data
,
1357 .resume
= arm11_resume
,
1360 .assert_reset
= arm11_assert_reset
,
1361 .deassert_reset
= arm11_deassert_reset
,
1362 .soft_reset_halt
= arm11_soft_reset_halt
,
1364 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
1366 .read_memory
= arm11_read_memory
,
1367 .write_memory
= arm11_write_memory
,
1369 .bulk_write_memory
= arm11_bulk_write_memory
,
1371 .checksum_memory
= arm_checksum_memory
,
1372 .blank_check_memory
= arm_blank_check_memory
,
1374 .add_breakpoint
= arm11_add_breakpoint
,
1375 .remove_breakpoint
= arm11_remove_breakpoint
,
1377 .run_algorithm
= armv4_5_run_algorithm
,
1379 .commands
= arm11_command_handlers
,
1380 .target_create
= arm11_target_create
,
1381 .init_target
= arm11_init_target
,
1382 .examine
= arm11_examine
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)