1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
9 * Copyright (C) 2009 David Brownell *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
23 ***************************************************************************/
30 #include "breakpoints.h"
31 #include "arm11_dbgtap.h"
32 #include "arm_simulator.h"
33 #include <helper/time_support.h>
34 #include "target_type.h"
35 #include "algorithm.h"
37 #include "arm_opcodes.h"
40 #define _DEBUG_INSTRUCTION_EXECUTION_
44 static int arm11_step(struct target
*target
, int current
,
45 target_addr_t address
, int handle_breakpoints
);
48 /** Check and if necessary take control of the system
50 * \param arm11 Target state variable.
52 static int arm11_check_init(struct arm11_common
*arm11
)
54 CHECK_RETVAL(arm11_read_dscr(arm11
));
56 if (!(arm11
->dscr
& DSCR_HALT_DBG_MODE
)) {
57 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
58 LOG_DEBUG("Bringing target into debug mode");
60 arm11
->dscr
|= DSCR_HALT_DBG_MODE
;
61 CHECK_RETVAL(arm11_write_dscr(arm11
, arm11
->dscr
));
63 /* add further reset initialization here */
65 arm11
->simulate_reset_on_next_halt
= true;
67 if (arm11
->dscr
& DSCR_CORE_HALTED
) {
68 /** \todo TODO: this needs further scrutiny because
69 * arm11_debug_entry() never gets called. (WHY NOT?)
70 * As a result we don't read the actual register states from
74 arm11
->arm
.target
->state
= TARGET_HALTED
;
75 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
77 arm11
->arm
.target
->state
= TARGET_RUNNING
;
78 arm11
->arm
.target
->debug_reason
= DBG_REASON_NOTHALTED
;
81 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11
));
88 * Save processor state. This is called after a HALT instruction
89 * succeeds, and on other occasions the processor enters debug mode
90 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
92 static int arm11_debug_entry(struct arm11_common
*arm11
)
96 arm11
->arm
.target
->state
= TARGET_HALTED
;
97 arm_dpm_report_dscr(arm11
->arm
.dpm
, arm11
->dscr
);
99 /* REVISIT entire cache should already be invalid !!! */
100 register_cache_invalidate(arm11
->arm
.core_cache
);
102 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
104 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
105 arm11
->is_wdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_TX_FULL
);
106 if (arm11
->is_wdtr_saved
) {
107 arm11_add_debug_scan_n(arm11
, 0x05, ARM11_TAP_DEFAULT
);
109 arm11_add_ir(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
111 struct scan_field chain5_fields
[3];
113 arm11_setup_field(arm11
, 32, NULL
,
114 &arm11
->saved_wdtr
, chain5_fields
+ 0);
115 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 1);
116 arm11_setup_field(arm11
, 1, NULL
, NULL
, chain5_fields
+ 2);
118 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(
119 chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
123 /* DSCR: set the Execute ARM instruction enable bit.
125 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
126 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
127 * for executing instructions via ITR.
129 CHECK_RETVAL(arm11_write_dscr(arm11
, DSCR_ITR_EN
| arm11
->dscr
));
133 Before executing any instruction in debug state you have to drain the write buffer.
134 This ensures that no imprecise Data Aborts can return at a later point:*/
136 /** \todo TODO: Test drain write buffer. */
140 /* MRC p14,0,R0,c5,c10,0 */
141 /* arm11_run_instr_no_data1(arm11, / *0xee150e1a* /0xe320f000); */
143 /* mcr 15, 0, r0, cr7, cr10, {4} */
144 arm11_run_instr_no_data1(arm11
, 0xee070f9a);
146 uint32_t dscr
= arm11_read_dscr(arm11
);
148 LOG_DEBUG("DRAIN, DSCR %08x", dscr
);
150 if (dscr
& ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT
) {
151 arm11_run_instr_no_data1(arm11
, 0xe320f000);
153 dscr
= arm11_read_dscr(arm11
);
155 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr
);
164 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
165 * CPSR and PC after the rDTR stuff. We do it all at once.
167 retval
= arm_dpm_read_current_registers(&arm11
->dpm
);
168 if (retval
!= ERROR_OK
)
169 LOG_ERROR("DPM REG READ -- fail");
171 retval
= arm11_run_instr_data_prepare(arm11
);
172 if (retval
!= ERROR_OK
)
175 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
176 arm11
->is_rdtr_saved
= !!(arm11
->dscr
& DSCR_DTR_RX_FULL
);
177 if (arm11
->is_rdtr_saved
) {
178 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
179 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
180 0xEE100E15, &arm11
->saved_rdtr
);
181 if (retval
!= ERROR_OK
)
185 /* REVISIT Now that we've saved core state, there's may also
186 * be MMU and cache state to care about ...
189 if (arm11
->simulate_reset_on_next_halt
) {
190 arm11
->simulate_reset_on_next_halt
= false;
192 LOG_DEBUG("Reset c1 Control Register");
194 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
196 /* MCR p15,0,R0,c1,c0,0 */
197 retval
= arm11_run_instr_data_to_core_via_r0(arm11
, 0xee010f10, 0);
198 if (retval
!= ERROR_OK
)
203 if (arm11
->arm
.target
->debug_reason
== DBG_REASON_WATCHPOINT
) {
206 /* MRC p15, 0, <Rd>, c6, c0, 1 ; Read WFAR */
207 retval
= arm11_run_instr_data_from_core_via_r0(arm11
,
208 ARMV4_5_MRC(15, 0, 0, 6, 0, 1),
210 if (retval
!= ERROR_OK
)
212 arm_dpm_report_wfar(arm11
->arm
.dpm
, wfar
);
216 retval
= arm11_run_instr_data_finish(arm11
);
217 if (retval
!= ERROR_OK
)
224 * Restore processor state. This is called in preparation for
225 * the RESTART function.
227 static int arm11_leave_debug_state(struct arm11_common
*arm11
, bool bpwp
)
231 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
233 /* NOTE: the ARM1136 TRM suggests restoring all registers
234 * except R0/PC/CPSR right now. Instead, we do them all
235 * at once, just a bit later on.
238 /* REVISIT once we start caring about MMU and cache state,
239 * address it here ...
242 /* spec says clear wDTR and rDTR; we assume they are clear as
243 otherwise our programming would be sloppy */
245 CHECK_RETVAL(arm11_read_dscr(arm11
));
247 if (arm11
->dscr
& (DSCR_DTR_RX_FULL
| DSCR_DTR_TX_FULL
)) {
249 The wDTR/rDTR two registers that are used to send/receive data to/from
250 the core in tandem with corresponding instruction codes that are
251 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
252 registers hold data that was written by one side (CPU or JTAG) and not
253 read out by the other side.
255 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
256 (unsigned) arm11
->dscr
);
261 /* maybe restore original wDTR */
262 if (arm11
->is_wdtr_saved
) {
263 retval
= arm11_run_instr_data_prepare(arm11
);
264 if (retval
!= ERROR_OK
)
267 /* MCR p14,0,R0,c0,c5,0 */
268 retval
= arm11_run_instr_data_to_core_via_r0(arm11
,
269 0xee000e15, arm11
->saved_wdtr
);
270 if (retval
!= ERROR_OK
)
273 retval
= arm11_run_instr_data_finish(arm11
);
274 if (retval
!= ERROR_OK
)
278 /* restore CPSR, PC, and R0 ... after flushing any modified
281 CHECK_RETVAL(arm_dpm_write_dirty_registers(&arm11
->dpm
, bpwp
));
283 CHECK_RETVAL(arm11_bpwp_flush(arm11
));
285 register_cache_invalidate(arm11
->arm
.core_cache
);
288 CHECK_RETVAL(arm11_write_dscr(arm11
, arm11
->dscr
));
290 /* maybe restore rDTR */
291 if (arm11
->is_rdtr_saved
) {
292 arm11_add_debug_scan_n(arm11
, 0x05, ARM11_TAP_DEFAULT
);
294 arm11_add_ir(arm11
, ARM11_EXTEST
, ARM11_TAP_DEFAULT
);
296 struct scan_field chain5_fields
[3];
298 uint8_t ready
= 0; /* ignored */
299 uint8_t valid
= 0; /* ignored */
301 arm11_setup_field(arm11
, 32, &arm11
->saved_rdtr
,
302 NULL
, chain5_fields
+ 0);
303 arm11_setup_field(arm11
, 1, &ready
, NULL
, chain5_fields
+ 1);
304 arm11_setup_field(arm11
, 1, &valid
, NULL
, chain5_fields
+ 2);
306 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(
307 chain5_fields
), chain5_fields
, TAP_DRPAUSE
);
310 /* now processor is ready to RESTART */
315 /* poll current target status */
316 static int arm11_poll(struct target
*target
)
319 struct arm11_common
*arm11
= target_to_arm11(target
);
321 CHECK_RETVAL(arm11_check_init(arm11
));
323 if (arm11
->dscr
& DSCR_CORE_HALTED
) {
324 if (target
->state
!= TARGET_HALTED
) {
325 enum target_state old_state
= target
->state
;
327 LOG_DEBUG("enter TARGET_HALTED");
328 retval
= arm11_debug_entry(arm11
);
329 if (retval
!= ERROR_OK
)
332 target_call_event_callbacks(target
,
333 (old_state
== TARGET_DEBUG_RUNNING
)
334 ? TARGET_EVENT_DEBUG_HALTED
335 : TARGET_EVENT_HALTED
);
338 if (target
->state
!= TARGET_RUNNING
&& target
->state
!= TARGET_DEBUG_RUNNING
) {
339 LOG_DEBUG("enter TARGET_RUNNING");
340 target
->state
= TARGET_RUNNING
;
341 target
->debug_reason
= DBG_REASON_NOTHALTED
;
347 /* architecture specific status reply */
348 static int arm11_arch_state(struct target
*target
)
350 struct arm11_common
*arm11
= target_to_arm11(target
);
353 retval
= arm_arch_state(target
);
355 /* REVISIT also display ARM11-specific MMU and cache status ... */
357 if (target
->debug_reason
== DBG_REASON_WATCHPOINT
)
358 LOG_USER("Watchpoint triggered at PC " TARGET_ADDR_FMT
, arm11
->dpm
.wp_addr
);
363 /* target execution control */
364 static int arm11_halt(struct target
*target
)
366 struct arm11_common
*arm11
= target_to_arm11(target
);
368 LOG_DEBUG("target->state: %s",
369 target_state_name(target
));
371 if (target
->state
== TARGET_UNKNOWN
)
372 arm11
->simulate_reset_on_next_halt
= true;
374 if (target
->state
== TARGET_HALTED
) {
375 LOG_DEBUG("target was already halted");
379 arm11_add_ir(arm11
, ARM11_HALT
, TAP_IDLE
);
381 CHECK_RETVAL(jtag_execute_queue());
386 CHECK_RETVAL(arm11_read_dscr(arm11
));
388 if (arm11
->dscr
& DSCR_CORE_HALTED
)
396 if ((timeval_ms()-then
) > 1000) {
397 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
404 enum target_state old_state
= target
->state
;
406 CHECK_RETVAL(arm11_debug_entry(arm11
));
409 target_call_event_callbacks(target
,
411 TARGET_DEBUG_RUNNING
? TARGET_EVENT_DEBUG_HALTED
: TARGET_EVENT_HALTED
));
416 static uint32_t arm11_nextpc(struct arm11_common
*arm11
, int current
, uint32_t address
)
418 void *value
= arm11
->arm
.pc
->value
;
420 /* use the current program counter */
422 address
= buf_get_u32(value
, 0, 32);
424 /* Make sure that the gdb thumb fixup does not
425 * kill the return address
427 switch (arm11
->arm
.core_state
) {
429 address
&= 0xFFFFFFFC;
431 case ARM_STATE_THUMB
:
432 /* When the return address is loaded into PC
433 * bit 0 must be 1 to stay in Thumb state
438 /* catch-all for JAZELLE and THUMB_EE */
443 buf_set_u32(value
, 0, 32, address
);
444 arm11
->arm
.pc
->dirty
= true;
445 arm11
->arm
.pc
->valid
= true;
450 static int arm11_resume(struct target
*target
, int current
,
451 target_addr_t address
, int handle_breakpoints
, int debug_execution
)
453 /* LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d", */
454 /* current, address, handle_breakpoints, debug_execution); */
456 struct arm11_common
*arm11
= target_to_arm11(target
);
458 LOG_DEBUG("target->state: %s",
459 target_state_name(target
));
462 if (target
->state
!= TARGET_HALTED
) {
463 LOG_ERROR("Target not halted");
464 return ERROR_TARGET_NOT_HALTED
;
467 address
= arm11_nextpc(arm11
, current
, address
);
469 LOG_DEBUG("RESUME PC %08" TARGET_PRIxADDR
"%s", address
, !current
? "!" : "");
471 /* clear breakpoints/watchpoints and VCR*/
472 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11
));
474 if (!debug_execution
)
475 target_free_all_working_areas(target
);
477 /* Should we skip over breakpoints matching the PC? */
478 if (handle_breakpoints
) {
479 struct breakpoint
*bp
;
481 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
) {
482 if (bp
->address
== address
) {
483 LOG_DEBUG("must step over %08" TARGET_PRIxADDR
"", bp
->address
);
484 arm11_step(target
, 1, 0, 0);
490 /* activate all breakpoints */
492 struct breakpoint
*bp
;
493 unsigned brp_num
= 0;
495 for (bp
= target
->breakpoints
; bp
; bp
= bp
->next
) {
496 struct arm11_sc7_action brp
[2];
499 brp
[0].address
= ARM11_SC7_BVR0
+ brp_num
;
500 brp
[0].value
= bp
->address
;
502 brp
[1].address
= ARM11_SC7_BCR0
+ brp_num
;
505 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
507 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
509 LOG_DEBUG("Add BP %d at %08" TARGET_PRIxADDR
, brp_num
,
516 CHECK_RETVAL(arm11_sc7_set_vcr(arm11
, arm11
->vcr
));
519 /* activate all watchpoints and breakpoints */
520 CHECK_RETVAL(arm11_leave_debug_state(arm11
, true));
522 arm11_add_ir(arm11
, ARM11_RESTART
, TAP_IDLE
);
524 CHECK_RETVAL(jtag_execute_queue());
528 CHECK_RETVAL(arm11_read_dscr(arm11
));
530 LOG_DEBUG("DSCR %08x", (unsigned) arm11
->dscr
);
532 if (arm11
->dscr
& DSCR_CORE_RESTARTED
)
540 if ((timeval_ms()-then
) > 1000) {
541 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
548 target
->debug_reason
= DBG_REASON_NOTHALTED
;
549 if (!debug_execution
)
550 target
->state
= TARGET_RUNNING
;
552 target
->state
= TARGET_DEBUG_RUNNING
;
553 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
));
558 static int arm11_step(struct target
*target
, int current
,
559 target_addr_t address
, int handle_breakpoints
)
561 LOG_DEBUG("target->state: %s",
562 target_state_name(target
));
564 if (target
->state
!= TARGET_HALTED
) {
565 LOG_WARNING("target was not halted");
566 return ERROR_TARGET_NOT_HALTED
;
569 struct arm11_common
*arm11
= target_to_arm11(target
);
571 address
= arm11_nextpc(arm11
, current
, address
);
573 LOG_DEBUG("STEP PC %08" TARGET_PRIxADDR
"%s", address
, !current
? "!" : "");
576 /** \todo TODO: Thumb not supported here */
578 uint32_t next_instruction
;
580 CHECK_RETVAL(arm11_read_memory_word(arm11
, address
, &next_instruction
));
583 if ((next_instruction
& 0xFFF00070) == 0xe1200070) {
584 address
= arm11_nextpc(arm11
, 0, address
+ 4);
585 LOG_DEBUG("Skipping BKPT %08" TARGET_PRIxADDR
, address
);
587 /* skip over Wait for interrupt / Standby
588 * mcr 15, 0, r?, cr7, cr0, {4} */
589 else if ((next_instruction
& 0xFFFF0FFF) == 0xee070f90) {
590 address
= arm11_nextpc(arm11
, 0, address
+ 4);
591 LOG_DEBUG("Skipping WFI %08" TARGET_PRIxADDR
, address
);
593 /* ignore B to self */
594 else if ((next_instruction
& 0xFEFFFFFF) == 0xeafffffe)
595 LOG_DEBUG("Not stepping jump to self");
597 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
600 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
601 * the VCR might be something worth looking into. */
604 /* Set up breakpoint for stepping */
606 struct arm11_sc7_action brp
[2];
609 brp
[0].address
= ARM11_SC7_BVR0
;
611 brp
[1].address
= ARM11_SC7_BCR0
;
613 if (arm11
->hardware_step
) {
614 /* Hardware single stepping ("instruction address
615 * mismatch") is used if enabled. It's not quite
616 * exactly "run one instruction"; "branch to here"
617 * loops won't break, neither will some other cases,
618 * but it's probably the best default.
620 * Hardware single stepping isn't supported on v6
621 * debug modules. ARM1176 and v7 can support it...
623 * FIXME Thumb stepping likely needs to use 0x03
624 * or 0xc0 byte masks, not 0x0f.
626 brp
[0].value
= address
;
627 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
628 | (0 << 14) | (0 << 16) | (0 << 20)
631 /* Sets a breakpoint on the next PC, as calculated
632 * by instruction set simulation.
634 * REVISIT stepping Thumb on ARM1156 requires Thumb2
635 * support from the simulator.
640 retval
= arm_simulate_step(target
, &next_pc
);
641 if (retval
!= ERROR_OK
)
644 brp
[0].value
= next_pc
;
645 brp
[1].value
= 0x1 | (3 << 1) | (0x0F << 5)
646 | (0 << 14) | (0 << 16) | (0 << 20)
650 CHECK_RETVAL(arm11_sc7_run(arm11
, brp
, ARRAY_SIZE(brp
)));
655 if (arm11
->step_irq_enable
)
656 /* this disable should be redundant ... */
657 arm11
->dscr
&= ~DSCR_INT_DIS
;
659 arm11
->dscr
|= DSCR_INT_DIS
;
662 CHECK_RETVAL(arm11_leave_debug_state(arm11
, handle_breakpoints
));
664 arm11_add_ir(arm11
, ARM11_RESTART
, TAP_IDLE
);
666 CHECK_RETVAL(jtag_execute_queue());
672 const uint32_t mask
= DSCR_CORE_RESTARTED
675 CHECK_RETVAL(arm11_read_dscr(arm11
));
676 LOG_DEBUG("DSCR %08x e", (unsigned) arm11
->dscr
);
678 if ((arm11
->dscr
& mask
) == mask
)
685 if ((timeval_ms()-then
) > 1000) {
687 "Timeout (1000ms) waiting for instructions to complete");
694 /* clear breakpoint */
695 CHECK_RETVAL(arm11_sc7_clear_vbw(arm11
));
698 CHECK_RETVAL(arm11_debug_entry(arm11
));
700 /* restore default state */
701 arm11
->dscr
&= ~DSCR_INT_DIS
;
705 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
707 CHECK_RETVAL(target_call_event_callbacks(target
, TARGET_EVENT_HALTED
));
712 static int arm11_assert_reset(struct target
*target
)
714 struct arm11_common
*arm11
= target_to_arm11(target
);
716 if (!(target_was_examined(target
))) {
717 if (jtag_get_reset_config() & RESET_HAS_SRST
)
718 jtag_add_reset(0, 1);
720 LOG_WARNING("Reset is not asserted because the target is not examined.");
721 LOG_WARNING("Use a reset button or power cycle the target.");
722 return ERROR_TARGET_NOT_EXAMINED
;
726 /* optionally catch reset vector */
727 if (target
->reset_halt
&& !(arm11
->vcr
& 1))
728 CHECK_RETVAL(arm11_sc7_set_vcr(arm11
, arm11
->vcr
| 1));
730 /* Issue some kind of warm reset. */
731 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
732 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
733 else if (jtag_get_reset_config() & RESET_HAS_SRST
) {
734 /* REVISIT handle "pulls" cases, if there's
735 * hardware that needs them to work.
737 jtag_add_reset(0, 1);
739 LOG_ERROR("%s: how to reset?", target_name(target
));
744 /* registers are now invalid */
745 register_cache_invalidate(arm11
->arm
.core_cache
);
747 target
->state
= TARGET_RESET
;
753 * - There is another bug in the arm11 core. (iMX31 specific again?)
754 * When you generate an access to external logic (for example DDR
755 * controller via AHB bus) and that block is not configured (perhaps
756 * it is still held in reset), that transaction will never complete.
757 * This will hang arm11 core but it will also hang JTAG controller.
758 * Nothing short of srst assertion will bring it out of this.
761 static int arm11_deassert_reset(struct target
*target
)
763 struct arm11_common
*arm11
= target_to_arm11(target
);
766 /* be certain SRST is off */
767 jtag_add_reset(0, 0);
769 /* WORKAROUND i.MX31 problems: SRST goofs the TAP, and resets
770 * at least DSCR. OMAP24xx doesn't show that problem, though
771 * SRST-only reset seems to be problematic for other reasons.
772 * (Secure boot sequences being one likelihood!)
776 CHECK_RETVAL(arm11_poll(target
));
778 if (target
->reset_halt
) {
779 if (target
->state
!= TARGET_HALTED
) {
780 LOG_WARNING("%s: ran after reset and before halt ...",
781 target_name(target
));
782 retval
= target_halt(target
);
783 if (retval
!= ERROR_OK
)
788 /* maybe restore vector catch config */
789 if (target
->reset_halt
&& !(arm11
->vcr
& 1))
790 CHECK_RETVAL(arm11_sc7_set_vcr(arm11
, arm11
->vcr
));
795 /* target memory access
796 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
797 * count: number of items of <size>
799 * arm11_config_memrw_no_increment - in the future we may want to be able
800 * to read/write a range of data to a "port". a "port" is an action on
801 * read memory address for some peripheral.
803 static int arm11_read_memory_inner(struct target
*target
,
804 uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
,
805 bool arm11_config_memrw_no_increment
)
807 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment
811 if (target
->state
!= TARGET_HALTED
) {
812 LOG_WARNING("target was not halted");
813 return ERROR_TARGET_NOT_HALTED
;
816 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"",
821 struct arm11_common
*arm11
= target_to_arm11(target
);
823 retval
= arm11_run_instr_data_prepare(arm11
);
824 if (retval
!= ERROR_OK
)
827 /* MRC p14,0,r0,c0,c5,0 */
828 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
829 if (retval
!= ERROR_OK
)
834 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
836 for (size_t i
= 0; i
< count
; i
++) {
837 /* ldrb r1, [r0], #1 */
839 CHECK_RETVAL(arm11_run_instr_no_data1(arm11
,
840 !arm11_config_memrw_no_increment
? 0xe4d01001 : 0xe5d01000));
843 /* MCR p14,0,R1,c0,c5,0 */
844 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1));
853 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
855 for (size_t i
= 0; i
< count
; i
++) {
856 /* ldrh r1, [r0], #2 */
857 CHECK_RETVAL(arm11_run_instr_no_data1(arm11
,
858 !arm11_config_memrw_no_increment
? 0xe0d010b2 : 0xe1d010b0));
862 /* MCR p14,0,R1,c0,c5,0 */
863 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11
, 0xEE001E15, &res
, 1));
865 uint16_t svalue
= res
;
866 memcpy(buffer
+ i
* sizeof(uint16_t), &svalue
, sizeof(uint16_t));
874 uint32_t instr
= !arm11_config_memrw_no_increment
? 0xecb05e01 : 0xed905e00;
875 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
876 uint32_t *words
= (uint32_t *)(void *)buffer
;
878 /* LDC p14,c5,[R0],#4 */
879 /* LDC p14,c5,[R0] */
880 CHECK_RETVAL(arm11_run_instr_data_from_core(arm11
, instr
, words
, count
));
885 return arm11_run_instr_data_finish(arm11
);
888 static int arm11_read_memory(struct target
*target
,
889 target_addr_t address
,
894 return arm11_read_memory_inner(target
, address
, size
, count
, buffer
, false);
898 * no_increment - in the future we may want to be able
899 * to read/write a range of data to a "port". a "port" is an action on
900 * read memory address for some peripheral.
902 static int arm11_write_memory_inner(struct target
*target
,
903 uint32_t address
, uint32_t size
,
904 uint32_t count
, const uint8_t *buffer
,
909 if (target
->state
!= TARGET_HALTED
) {
910 LOG_WARNING("target was not halted");
911 return ERROR_TARGET_NOT_HALTED
;
914 LOG_DEBUG("ADDR %08" PRIx32
" SIZE %08" PRIx32
" COUNT %08" PRIx32
"",
919 struct arm11_common
*arm11
= target_to_arm11(target
);
921 retval
= arm11_run_instr_data_prepare(arm11
);
922 if (retval
!= ERROR_OK
)
925 /* load r0 with buffer address
926 * MRC p14,0,r0,c0,c5,0 */
927 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee100e15, address
);
928 if (retval
!= ERROR_OK
)
931 /* burst writes are not used for single words as those may well be
932 * reset init script writes.
934 * The other advantage is that as burst writes are default, we'll
935 * now exercise both burst and non-burst code paths with the
936 * default settings, increasing code coverage.
938 bool burst
= arm11
->memwrite_burst
&& (count
> 1);
943 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
945 for (size_t i
= 0; i
< count
; i
++) {
946 /* load r1 from DCC with byte data */
947 /* MRC p14,0,r1,c0,c5,0 */
948 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, *buffer
++);
949 if (retval
!= ERROR_OK
)
952 /* write r1 to memory */
953 /* strb r1, [r0], #1 */
955 retval
= arm11_run_instr_no_data1(arm11
,
956 !no_increment
? 0xe4c01001 : 0xe5c01000);
957 if (retval
!= ERROR_OK
)
966 arm11
->arm
.core_cache
->reg_list
[1].dirty
= true;
968 for (size_t i
= 0; i
< count
; i
++) {
970 memcpy(&value
, buffer
+ i
* sizeof(uint16_t), sizeof(uint16_t));
972 /* load r1 from DCC with halfword data */
973 /* MRC p14,0,r1,c0,c5,0 */
974 retval
= arm11_run_instr_data_to_core1(arm11
, 0xee101e15, value
);
975 if (retval
!= ERROR_OK
)
978 /* write r1 to memory */
979 /* strh r1, [r0], #2 */
981 retval
= arm11_run_instr_no_data1(arm11
,
982 !no_increment
? 0xe0c010b2 : 0xe1c010b0);
983 if (retval
!= ERROR_OK
)
991 /* stream word data through DCC directly to memory */
992 /* increment: STC p14,c5,[R0],#4 */
993 /* no increment: STC p14,c5,[R0]*/
994 uint32_t instr
= !no_increment
? 0xeca05e01 : 0xed805e00;
996 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
997 uint32_t *words
= (uint32_t *)(void *)buffer
;
999 /* "burst" here just means trusting each instruction executes
1000 * fully before we run the next one: per-word roundtrips, to
1001 * check the Ready flag, are not used.
1004 retval
= arm11_run_instr_data_to_core(arm11
,
1005 instr
, words
, count
);
1007 retval
= arm11_run_instr_data_to_core_noack(arm11
,
1008 instr
, words
, count
);
1009 if (retval
!= ERROR_OK
)
1016 /* r0 verification */
1017 if (!no_increment
) {
1020 /* MCR p14,0,R0,c0,c5,0 */
1021 retval
= arm11_run_instr_data_from_core(arm11
, 0xEE000E15, &r0
, 1);
1022 if (retval
!= ERROR_OK
)
1025 if (address
+ size
* count
!= r0
) {
1026 LOG_ERROR("Data transfer failed. Expected end "
1027 "address 0x%08x, got 0x%08x",
1028 (unsigned) (address
+ size
* count
),
1033 "use 'arm11 memwrite burst disable' to disable fast burst mode");
1036 if (arm11
->memwrite_error_fatal
)
1041 return arm11_run_instr_data_finish(arm11
);
1044 static int arm11_write_memory(struct target
*target
,
1045 target_addr_t address
, uint32_t size
,
1046 uint32_t count
, const uint8_t *buffer
)
1048 /* pointer increment matters only for multi-unit writes ...
1049 * not e.g. to a "reset the chip" controller.
1051 return arm11_write_memory_inner(target
, address
, size
,
1052 count
, buffer
, count
== 1);
1055 /* target break-/watchpoint control
1056 * rw: 0 = write, 1 = read, 2 = access
1058 static int arm11_add_breakpoint(struct target
*target
,
1059 struct breakpoint
*breakpoint
)
1061 struct arm11_common
*arm11
= target_to_arm11(target
);
1064 if (breakpoint
->type
== BKPT_SOFT
) {
1065 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1066 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1070 if (!arm11
->free_brps
) {
1071 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1072 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1075 if (breakpoint
->length
!= 4) {
1076 LOG_DEBUG("only breakpoints of four bytes length supported");
1077 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1085 static int arm11_remove_breakpoint(struct target
*target
,
1086 struct breakpoint
*breakpoint
)
1088 struct arm11_common
*arm11
= target_to_arm11(target
);
1095 static int arm11_target_create(struct target
*target
, Jim_Interp
*interp
)
1097 struct arm11_common
*arm11
;
1102 if (target
->tap
->ir_length
!= 5) {
1103 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1104 return ERROR_COMMAND_SYNTAX_ERROR
;
1107 arm11
= calloc(1, sizeof(*arm11
));
1111 arm11
->arm
.core_type
= ARM_CORE_TYPE_STD
;
1112 arm_init_arch_info(target
, &arm11
->arm
);
1114 arm11
->jtag_info
.tap
= target
->tap
;
1115 arm11
->jtag_info
.scann_size
= 5;
1116 arm11
->jtag_info
.scann_instr
= ARM11_SCAN_N
;
1117 arm11
->jtag_info
.cur_scan_chain
= ~0; /* invalid/unknown */
1118 arm11
->jtag_info
.intest_instr
= ARM11_INTEST
;
1120 arm11
->memwrite_burst
= true;
1121 arm11
->memwrite_error_fatal
= true;
1126 static int arm11_init_target(struct command_context
*cmd_ctx
,
1127 struct target
*target
)
1129 /* Initialize anything we can set up without talking to the target */
1133 static void arm11_deinit_target(struct target
*target
)
1135 struct arm11_common
*arm11
= target_to_arm11(target
);
1137 arm11_dpm_deinit(arm11
);
1141 /* talk to the target and set things up */
1142 static int arm11_examine(struct target
*target
)
1146 struct arm11_common
*arm11
= target_to_arm11(target
);
1147 uint32_t didr
, device_id
;
1148 uint8_t implementor
;
1150 /* FIXME split into do-first-time and do-every-time logic ... */
1154 arm11_add_ir(arm11
, ARM11_IDCODE
, ARM11_TAP_DEFAULT
);
1156 struct scan_field idcode_field
;
1158 arm11_setup_field(arm11
, 32, NULL
, &device_id
, &idcode_field
);
1160 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, 1, &idcode_field
, TAP_DRPAUSE
);
1164 arm11_add_debug_scan_n(arm11
, 0x00, ARM11_TAP_DEFAULT
);
1166 arm11_add_ir(arm11
, ARM11_INTEST
, ARM11_TAP_DEFAULT
);
1168 struct scan_field chain0_fields
[2];
1170 arm11_setup_field(arm11
, 32, NULL
, &didr
, chain0_fields
+ 0);
1171 arm11_setup_field(arm11
, 8, NULL
, &implementor
, chain0_fields
+ 1);
1173 arm11_add_dr_scan_vc(arm11
->arm
.target
->tap
, ARRAY_SIZE(
1174 chain0_fields
), chain0_fields
, TAP_IDLE
);
1176 CHECK_RETVAL(jtag_execute_queue());
1178 /* assume the manufacturer id is ok; check the part # */
1179 switch ((device_id
>> 12) & 0xFFFF) {
1184 type
= "ARM11 MPCore";
1190 arm11
->arm
.core_type
= ARM_CORE_TYPE_SEC_EXT
;
1191 /* NOTE: could default arm11->hardware_step to true */
1195 LOG_ERROR("unexpected ARM11 ID code");
1198 LOG_INFO("found %s", type
);
1200 /* unlikely this could ever fail, but ... */
1201 switch ((didr
>> 16) & 0x0F) {
1202 case ARM11_DEBUG_V6
:
1203 case ARM11_DEBUG_V61
: /* supports security extensions */
1206 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1210 arm11
->brp
= ((didr
>> 24) & 0x0F) + 1;
1212 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1213 arm11
->free_brps
= arm11
->brp
;
1215 LOG_DEBUG("IDCODE %08" PRIx32
" IMPLEMENTOR %02x DIDR %08" PRIx32
,
1216 device_id
, implementor
, didr
);
1218 /* Build register cache "late", after target_init(), since we
1219 * want to know if this core supports Secure Monitor mode.
1221 if (!target_was_examined(target
))
1222 CHECK_RETVAL(arm11_dpm_init(arm11
, didr
));
1224 /* as a side-effect this reads DSCR and thus
1225 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1226 * as suggested by the spec.
1229 retval
= arm11_check_init(arm11
);
1230 if (retval
!= ERROR_OK
)
1233 /* ETM on ARM11 still uses original scanchain 6 access mode */
1234 if (arm11
->arm
.etm
&& !target_was_examined(target
)) {
1235 *register_get_last_cache_p(&target
->reg_cache
) =
1236 etm_build_reg_cache(target
, &arm11
->jtag_info
,
1238 CHECK_RETVAL(etm_setup(target
));
1241 target_set_examined(target
);
1246 #define ARM11_BOOL_WRAPPER(name, print_name) \
1247 COMMAND_HANDLER(arm11_handle_bool_ ## name) \
1249 struct target *target = get_current_target(CMD_CTX); \
1250 struct arm11_common *arm11 = target_to_arm11(target); \
1252 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1253 &arm11->name, print_name); \
1256 ARM11_BOOL_WRAPPER(memwrite_burst
, "memory write burst mode")
1257 ARM11_BOOL_WRAPPER(memwrite_error_fatal
, "fatal error mode for memory writes")
1258 ARM11_BOOL_WRAPPER(step_irq_enable
, "IRQs while stepping")
1259 ARM11_BOOL_WRAPPER(hardware_step
, "hardware single step")
1261 /* REVISIT handle the VCR bits like other ARMs: use symbols for
1262 * input and output values.
1265 COMMAND_HANDLER(arm11_handle_vcr
)
1267 struct target
*target
= get_current_target(CMD_CTX
);
1268 struct arm11_common
*arm11
= target_to_arm11(target
);
1274 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], arm11
->vcr
);
1277 return ERROR_COMMAND_SYNTAX_ERROR
;
1280 LOG_INFO("VCR 0x%08" PRIx32
"", arm11
->vcr
);
1284 static const struct command_registration arm11_mw_command_handlers
[] = {
1287 .handler
= arm11_handle_bool_memwrite_burst
,
1288 .mode
= COMMAND_ANY
,
1289 .help
= "Display or modify flag controlling potentially "
1290 "risky fast burst mode (default: enabled)",
1291 .usage
= "['enable'|'disable']",
1294 .name
= "error_fatal",
1295 .handler
= arm11_handle_bool_memwrite_error_fatal
,
1296 .mode
= COMMAND_ANY
,
1297 .help
= "Display or modify flag controlling transfer "
1298 "termination on transfer errors"
1299 " (default: enabled)",
1300 .usage
= "['enable'|'disable']",
1302 COMMAND_REGISTRATION_DONE
1304 static const struct command_registration arm11_any_command_handlers
[] = {
1306 /* "hardware_step" is only here to check if the default
1307 * simulate + breakpoint implementation is broken.
1308 * TEMPORARY! NOT DOCUMENTED! */
1309 .name
= "hardware_step",
1310 .handler
= arm11_handle_bool_hardware_step
,
1311 .mode
= COMMAND_ANY
,
1312 .help
= "DEBUG ONLY - Hardware single stepping"
1313 " (default: disabled)",
1314 .usage
= "['enable'|'disable']",
1318 .mode
= COMMAND_ANY
,
1319 .help
= "memwrite command group",
1321 .chain
= arm11_mw_command_handlers
,
1324 .name
= "step_irq_enable",
1325 .handler
= arm11_handle_bool_step_irq_enable
,
1326 .mode
= COMMAND_ANY
,
1327 .help
= "Display or modify flag controlling interrupt "
1328 "enable while stepping (default: disabled)",
1329 .usage
= "['enable'|'disable']",
1333 .handler
= arm11_handle_vcr
,
1334 .mode
= COMMAND_ANY
,
1335 .help
= "Display or modify Vector Catch Register",
1338 COMMAND_REGISTRATION_DONE
1341 static const struct command_registration arm11_command_handlers
[] = {
1343 .chain
= arm_command_handlers
,
1346 .chain
= etm_command_handlers
,
1350 .mode
= COMMAND_ANY
,
1351 .help
= "ARM11 command group",
1353 .chain
= arm11_any_command_handlers
,
1355 COMMAND_REGISTRATION_DONE
1358 /** Holds methods for ARM11xx targets. */
1359 struct target_type arm11_target
= {
1363 .arch_state
= arm11_arch_state
,
1366 .resume
= arm11_resume
,
1369 .assert_reset
= arm11_assert_reset
,
1370 .deassert_reset
= arm11_deassert_reset
,
1372 .get_gdb_arch
= arm_get_gdb_arch
,
1373 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
1375 .read_memory
= arm11_read_memory
,
1376 .write_memory
= arm11_write_memory
,
1378 .checksum_memory
= arm_checksum_memory
,
1379 .blank_check_memory
= arm_blank_check_memory
,
1381 .add_breakpoint
= arm11_add_breakpoint
,
1382 .remove_breakpoint
= arm11_remove_breakpoint
,
1384 .run_algorithm
= armv4_5_run_algorithm
,
1386 .commands
= arm11_command_handlers
,
1387 .target_create
= arm11_target_create
,
1388 .init_target
= arm11_init_target
,
1389 .deinit_target
= arm11_deinit_target
,
1390 .examine
= arm11_examine
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)