Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
ARM11: use shared DSCR bit names
[openocd.git] / src / target / arm11.c
1 /***************************************************************************
2 * Copyright (C) 2008 digenius technology GmbH. *
3 * Michael Bruck *
4 * *
5 * Copyright (C) 2008,2009 Oyvind Harboe oyvind.harboe@zylin.com *
6 * *
7 * Copyright (C) 2008 Georg Acher <acher@in.tum.de> *
8 * *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
13 * *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
18 * *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program; if not, write to the *
21 * Free Software Foundation, Inc., *
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
23 ***************************************************************************/
24
25 #ifdef HAVE_CONFIG_H
26 #include "config.h"
27 #endif
28
29 #include "etm.h"
30 #include "breakpoints.h"
31 #include "arm11_dbgtap.h"
32 #include "arm_simulator.h"
33 #include <helper/time_support.h>
34 #include "target_type.h"
35 #include "algorithm.h"
36 #include "register.h"
37
38
39 #if 0
40 #define _DEBUG_INSTRUCTION_EXECUTION_
41 #endif
42
43
44 /* FIXME none of these flags should be global to all ARM11 cores!
45 * Most of them shouldn't exist at all, once the code works...
46 */
47 static bool arm11_config_memwrite_burst = true;
48 static bool arm11_config_memwrite_error_fatal = true;
49 static uint32_t arm11_vcr = 0;
50 static bool arm11_config_step_irq_enable = false;
51 static bool arm11_config_hardware_step = false;
52
53 static int arm11_step(struct target *target, int current,
54 uint32_t address, int handle_breakpoints);
55
56
57 /** Check and if necessary take control of the system
58 *
59 * \param arm11 Target state variable.
60 */
61 static int arm11_check_init(struct arm11_common *arm11)
62 {
63 CHECK_RETVAL(arm11_read_DSCR(arm11));
64 LOG_DEBUG("DSCR %08x", (unsigned) arm11->dscr);
65
66 if (!(arm11->dscr & DSCR_HALT_DBG_MODE))
67 {
68 LOG_DEBUG("Bringing target into debug mode");
69
70 arm11->dscr |= DSCR_HALT_DBG_MODE;
71 arm11_write_DSCR(arm11, arm11->dscr);
72
73 /* add further reset initialization here */
74
75 arm11->simulate_reset_on_next_halt = true;
76
77 if (arm11->dscr & DSCR_CORE_HALTED)
78 {
79 /** \todo TODO: this needs further scrutiny because
80 * arm11_debug_entry() never gets called. (WHY NOT?)
81 * As a result we don't read the actual register states from
82 * the target.
83 */
84
85 arm11->arm.target->state = TARGET_HALTED;
86 arm11->arm.target->debug_reason =
87 arm11_get_DSCR_debug_reason(arm11->dscr);
88 }
89 else
90 {
91 arm11->arm.target->state = TARGET_RUNNING;
92 arm11->arm.target->debug_reason = DBG_REASON_NOTHALTED;
93 }
94
95 arm11_sc7_clear_vbw(arm11);
96 }
97
98 return ERROR_OK;
99 }
100
101 /**
102 * Save processor state. This is called after a HALT instruction
103 * succeeds, and on other occasions the processor enters debug mode
104 * (breakpoint, watchpoint, etc). Caller has updated arm11->dscr.
105 */
106 static int arm11_debug_entry(struct arm11_common *arm11)
107 {
108 int retval;
109
110 arm11->arm.target->state = TARGET_HALTED;
111 arm11->arm.target->debug_reason =
112 arm11_get_DSCR_debug_reason(arm11->dscr);
113
114 /* REVISIT entire cache should already be invalid !!! */
115 register_cache_invalidate(arm11->arm.core_cache);
116
117 /* See e.g. ARM1136 TRM, "14.8.4 Entering Debug state" */
118
119 /* maybe save wDTR (pending DCC write to debug SW, e.g. libdcc) */
120 arm11->is_wdtr_saved = !!(arm11->dscr & DSCR_DTR_TX_FULL);
121 if (arm11->is_wdtr_saved)
122 {
123 arm11_add_debug_SCAN_N(arm11, 0x05, ARM11_TAP_DEFAULT);
124
125 arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
126
127 struct scan_field chain5_fields[3];
128
129 arm11_setup_field(arm11, 32, NULL,
130 &arm11->saved_wdtr, chain5_fields + 0);
131 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 1);
132 arm11_setup_field(arm11, 1, NULL, NULL, chain5_fields + 2);
133
134 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
135
136 }
137
138 /* DSCR: set the Execute ARM instruction enable bit.
139 *
140 * ARM1176 spec says this is needed only for wDTR/rDTR's "ITR mode",
141 * but not to issue ITRs(?). The ARMv7 arch spec says it's required
142 * for executing instructions via ITR.
143 */
144 arm11_write_DSCR(arm11, DSCR_ITR_EN | arm11->dscr);
145
146
147 /* From the spec:
148 Before executing any instruction in debug state you have to drain the write buffer.
149 This ensures that no imprecise Data Aborts can return at a later point:*/
150
151 /** \todo TODO: Test drain write buffer. */
152
153 #if 0
154 while (1)
155 {
156 /* MRC p14,0,R0,c5,c10,0 */
157 // arm11_run_instr_no_data1(arm11, /*0xee150e1a*/0xe320f000);
158
159 /* mcr 15, 0, r0, cr7, cr10, {4} */
160 arm11_run_instr_no_data1(arm11, 0xee070f9a);
161
162 uint32_t dscr = arm11_read_DSCR(arm11);
163
164 LOG_DEBUG("DRAIN, DSCR %08x", dscr);
165
166 if (dscr & ARM11_DSCR_STICKY_IMPRECISE_DATA_ABORT)
167 {
168 arm11_run_instr_no_data1(arm11, 0xe320f000);
169
170 dscr = arm11_read_DSCR(arm11);
171
172 LOG_DEBUG("DRAIN, DSCR %08x (DONE)", dscr);
173
174 break;
175 }
176 }
177 #endif
178
179 /* Save registers.
180 *
181 * NOTE: ARM1136 TRM suggests saving just R0 here now, then
182 * CPSR and PC after the rDTR stuff. We do it all at once.
183 */
184 retval = arm_dpm_read_current_registers(&arm11->dpm);
185 if (retval != ERROR_OK)
186 LOG_ERROR("DPM REG READ -- fail %d", retval);
187
188 retval = arm11_run_instr_data_prepare(arm11);
189 if (retval != ERROR_OK)
190 return retval;
191
192 /* maybe save rDTR (pending DCC read from debug SW, e.g. libdcc) */
193 arm11->is_rdtr_saved = !!(arm11->dscr & DSCR_DTR_RX_FULL);
194 if (arm11->is_rdtr_saved)
195 {
196 /* MRC p14,0,R0,c0,c5,0 (move rDTR -> r0 (-> wDTR -> local var)) */
197 retval = arm11_run_instr_data_from_core_via_r0(arm11,
198 0xEE100E15, &arm11->saved_rdtr);
199 if (retval != ERROR_OK)
200 return retval;
201 }
202
203 /* REVISIT Now that we've saved core state, there's may also
204 * be MMU and cache state to care about ...
205 */
206
207 if (arm11->simulate_reset_on_next_halt)
208 {
209 arm11->simulate_reset_on_next_halt = false;
210
211 LOG_DEBUG("Reset c1 Control Register");
212
213 /* Write 0 (reset value) to Control register 0 to disable MMU/Cache etc. */
214
215 /* MCR p15,0,R0,c1,c0,0 */
216 retval = arm11_run_instr_data_to_core_via_r0(arm11, 0xee010f10, 0);
217 if (retval != ERROR_OK)
218 return retval;
219
220 }
221
222 retval = arm11_run_instr_data_finish(arm11);
223 if (retval != ERROR_OK)
224 return retval;
225
226 return ERROR_OK;
227 }
228
229 /**
230 * Restore processor state. This is called in preparation for
231 * the RESTART function.
232 */
233 static int arm11_leave_debug_state(struct arm11_common *arm11, bool bpwp)
234 {
235 int retval;
236
237 /* See e.g. ARM1136 TRM, "14.8.5 Leaving Debug state" */
238
239 /* NOTE: the ARM1136 TRM suggests restoring all registers
240 * except R0/PC/CPSR right now. Instead, we do them all
241 * at once, just a bit later on.
242 */
243
244 /* REVISIT once we start caring about MMU and cache state,
245 * address it here ...
246 */
247
248 /* spec says clear wDTR and rDTR; we assume they are clear as
249 otherwise our programming would be sloppy */
250 {
251 CHECK_RETVAL(arm11_read_DSCR(arm11));
252
253 if (arm11->dscr & (DSCR_DTR_RX_FULL | DSCR_DTR_TX_FULL))
254 {
255 /*
256 The wDTR/rDTR two registers that are used to send/receive data to/from
257 the core in tandem with corresponding instruction codes that are
258 written into the core. The RDTR FULL/WDTR FULL flag indicates that the
259 registers hold data that was written by one side (CPU or JTAG) and not
260 read out by the other side.
261 */
262 LOG_ERROR("wDTR/rDTR inconsistent (DSCR %08x)",
263 (unsigned) arm11->dscr);
264 return ERROR_FAIL;
265 }
266 }
267
268 /* maybe restore original wDTR */
269 if (arm11->is_wdtr_saved)
270 {
271 retval = arm11_run_instr_data_prepare(arm11);
272 if (retval != ERROR_OK)
273 return retval;
274
275 /* MCR p14,0,R0,c0,c5,0 */
276 retval = arm11_run_instr_data_to_core_via_r0(arm11,
277 0xee000e15, arm11->saved_wdtr);
278 if (retval != ERROR_OK)
279 return retval;
280
281 retval = arm11_run_instr_data_finish(arm11);
282 if (retval != ERROR_OK)
283 return retval;
284 }
285
286 /* restore CPSR, PC, and R0 ... after flushing any modified
287 * registers.
288 */
289 retval = arm_dpm_write_dirty_registers(&arm11->dpm, bpwp);
290
291 register_cache_invalidate(arm11->arm.core_cache);
292
293 /* restore DSCR */
294 arm11_write_DSCR(arm11, arm11->dscr);
295
296 /* maybe restore rDTR */
297 if (arm11->is_rdtr_saved)
298 {
299 arm11_add_debug_SCAN_N(arm11, 0x05, ARM11_TAP_DEFAULT);
300
301 arm11_add_IR(arm11, ARM11_EXTEST, ARM11_TAP_DEFAULT);
302
303 struct scan_field chain5_fields[3];
304
305 uint8_t Ready = 0; /* ignored */
306 uint8_t Valid = 0; /* ignored */
307
308 arm11_setup_field(arm11, 32, &arm11->saved_rdtr,
309 NULL, chain5_fields + 0);
310 arm11_setup_field(arm11, 1, &Ready, NULL, chain5_fields + 1);
311 arm11_setup_field(arm11, 1, &Valid, NULL, chain5_fields + 2);
312
313 arm11_add_dr_scan_vc(ARRAY_SIZE(chain5_fields), chain5_fields, TAP_DRPAUSE);
314 }
315
316 /* now processor is ready to RESTART */
317
318 return ERROR_OK;
319 }
320
321 /* poll current target status */
322 static int arm11_poll(struct target *target)
323 {
324 int retval;
325 struct arm11_common *arm11 = target_to_arm11(target);
326
327 CHECK_RETVAL(arm11_check_init(arm11));
328
329 if (arm11->dscr & DSCR_CORE_HALTED)
330 {
331 if (target->state != TARGET_HALTED)
332 {
333 enum target_state old_state = target->state;
334
335 LOG_DEBUG("enter TARGET_HALTED");
336 retval = arm11_debug_entry(arm11);
337 if (retval != ERROR_OK)
338 return retval;
339
340 target_call_event_callbacks(target,
341 old_state == TARGET_DEBUG_RUNNING ? TARGET_EVENT_DEBUG_HALTED : TARGET_EVENT_HALTED);
342 }
343 }
344 else
345 {
346 if (target->state != TARGET_RUNNING && target->state != TARGET_DEBUG_RUNNING)
347 {
348 LOG_DEBUG("enter TARGET_RUNNING");
349 target->state = TARGET_RUNNING;
350 target->debug_reason = DBG_REASON_NOTHALTED;
351 }
352 }
353
354 return ERROR_OK;
355 }
356 /* architecture specific status reply */
357 static int arm11_arch_state(struct target *target)
358 {
359 int retval;
360
361 retval = armv4_5_arch_state(target);
362
363 /* REVISIT also display ARM11-specific MMU and cache status ... */
364
365 return retval;
366 }
367
368 /* target request support */
369 static int arm11_target_request_data(struct target *target,
370 uint32_t size, uint8_t *buffer)
371 {
372 LOG_WARNING("Not implemented: %s", __func__);
373
374 return ERROR_FAIL;
375 }
376
377 /* target execution control */
378 static int arm11_halt(struct target *target)
379 {
380 struct arm11_common *arm11 = target_to_arm11(target);
381
382 LOG_DEBUG("target->state: %s",
383 target_state_name(target));
384
385 if (target->state == TARGET_UNKNOWN)
386 {
387 arm11->simulate_reset_on_next_halt = true;
388 }
389
390 if (target->state == TARGET_HALTED)
391 {
392 LOG_DEBUG("target was already halted");
393 return ERROR_OK;
394 }
395
396 arm11_add_IR(arm11, ARM11_HALT, TAP_IDLE);
397
398 CHECK_RETVAL(jtag_execute_queue());
399
400 int i = 0;
401
402 while (1)
403 {
404 CHECK_RETVAL(arm11_read_DSCR(arm11));
405
406 if (arm11->dscr & DSCR_CORE_HALTED)
407 break;
408
409
410 long long then = 0;
411 if (i == 1000)
412 {
413 then = timeval_ms();
414 }
415 if (i >= 1000)
416 {
417 if ((timeval_ms()-then) > 1000)
418 {
419 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
420 return ERROR_FAIL;
421 }
422 }
423 i++;
424 }
425
426 enum target_state old_state = target->state;
427
428 arm11_debug_entry(arm11);
429
430 CHECK_RETVAL(
431 target_call_event_callbacks(target,
432 old_state == TARGET_DEBUG_RUNNING ? TARGET_EVENT_DEBUG_HALTED : TARGET_EVENT_HALTED));
433
434 return ERROR_OK;
435 }
436
437 static uint32_t
438 arm11_nextpc(struct arm11_common *arm11, int current, uint32_t address)
439 {
440 void *value = arm11->arm.core_cache->reg_list[15].value;
441
442 if (!current)
443 buf_set_u32(value, 0, 32, address);
444 else
445 address = buf_get_u32(value, 0, 32);
446
447 return address;
448 }
449
450 static int arm11_resume(struct target *target, int current,
451 uint32_t address, int handle_breakpoints, int debug_execution)
452 {
453 // LOG_DEBUG("current %d address %08x handle_breakpoints %d debug_execution %d",
454 // current, address, handle_breakpoints, debug_execution);
455
456 struct arm11_common *arm11 = target_to_arm11(target);
457
458 LOG_DEBUG("target->state: %s",
459 target_state_name(target));
460
461
462 if (target->state != TARGET_HALTED)
463 {
464 LOG_ERROR("Target not halted");
465 return ERROR_TARGET_NOT_HALTED;
466 }
467
468 address = arm11_nextpc(arm11, current, address);
469
470 LOG_DEBUG("RESUME PC %08" PRIx32 "%s", address, !current ? "!" : "");
471
472 /* clear breakpoints/watchpoints and VCR*/
473 arm11_sc7_clear_vbw(arm11);
474
475 if (!debug_execution)
476 target_free_all_working_areas(target);
477
478 /* Set up breakpoints */
479 if (handle_breakpoints)
480 {
481 /* check if one matches PC and step over it if necessary */
482
483 struct breakpoint * bp;
484
485 for (bp = target->breakpoints; bp; bp = bp->next)
486 {
487 if (bp->address == address)
488 {
489 LOG_DEBUG("must step over %08" PRIx32 "", bp->address);
490 arm11_step(target, 1, 0, 0);
491 break;
492 }
493 }
494
495 /* set all breakpoints */
496
497 unsigned brp_num = 0;
498
499 for (bp = target->breakpoints; bp; bp = bp->next)
500 {
501 struct arm11_sc7_action brp[2];
502
503 brp[0].write = 1;
504 brp[0].address = ARM11_SC7_BVR0 + brp_num;
505 brp[0].value = bp->address;
506 brp[1].write = 1;
507 brp[1].address = ARM11_SC7_BCR0 + brp_num;
508 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5) | (0 << 14) | (0 << 16) | (0 << 20) | (0 << 21);
509
510 arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp));
511
512 LOG_DEBUG("Add BP %d at %08" PRIx32, brp_num,
513 bp->address);
514
515 brp_num++;
516 }
517
518 arm11_sc7_set_vcr(arm11, arm11_vcr);
519 }
520
521 arm11_leave_debug_state(arm11, handle_breakpoints);
522
523 arm11_add_IR(arm11, ARM11_RESTART, TAP_IDLE);
524
525 CHECK_RETVAL(jtag_execute_queue());
526
527 int i = 0;
528 while (1)
529 {
530 CHECK_RETVAL(arm11_read_DSCR(arm11));
531
532 LOG_DEBUG("DSCR %08x", (unsigned) arm11->dscr);
533
534 if (arm11->dscr & DSCR_CORE_RESTARTED)
535 break;
536
537
538 long long then = 0;
539 if (i == 1000)
540 {
541 then = timeval_ms();
542 }
543 if (i >= 1000)
544 {
545 if ((timeval_ms()-then) > 1000)
546 {
547 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
548 return ERROR_FAIL;
549 }
550 }
551 i++;
552 }
553
554 if (!debug_execution)
555 {
556 target->state = TARGET_RUNNING;
557 target->debug_reason = DBG_REASON_NOTHALTED;
558
559 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_RESUMED));
560 }
561 else
562 {
563 target->state = TARGET_DEBUG_RUNNING;
564 target->debug_reason = DBG_REASON_NOTHALTED;
565
566 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_RESUMED));
567 }
568
569 return ERROR_OK;
570 }
571
572 static int arm11_step(struct target *target, int current,
573 uint32_t address, int handle_breakpoints)
574 {
575 LOG_DEBUG("target->state: %s",
576 target_state_name(target));
577
578 if (target->state != TARGET_HALTED)
579 {
580 LOG_WARNING("target was not halted");
581 return ERROR_TARGET_NOT_HALTED;
582 }
583
584 struct arm11_common *arm11 = target_to_arm11(target);
585
586 address = arm11_nextpc(arm11, current, address);
587
588 LOG_DEBUG("STEP PC %08" PRIx32 "%s", address, !current ? "!" : "");
589
590
591 /** \todo TODO: Thumb not supported here */
592
593 uint32_t next_instruction;
594
595 CHECK_RETVAL(arm11_read_memory_word(arm11, address, &next_instruction));
596
597 /* skip over BKPT */
598 if ((next_instruction & 0xFFF00070) == 0xe1200070)
599 {
600 address = arm11_nextpc(arm11, 0, address + 4);
601 LOG_DEBUG("Skipping BKPT");
602 }
603 /* skip over Wait for interrupt / Standby */
604 /* mcr 15, 0, r?, cr7, cr0, {4} */
605 else if ((next_instruction & 0xFFFF0FFF) == 0xee070f90)
606 {
607 address = arm11_nextpc(arm11, 0, address + 4);
608 LOG_DEBUG("Skipping WFI");
609 }
610 /* ignore B to self */
611 else if ((next_instruction & 0xFEFFFFFF) == 0xeafffffe)
612 {
613 LOG_DEBUG("Not stepping jump to self");
614 }
615 else
616 {
617 /** \todo TODO: check if break-/watchpoints make any sense at all in combination
618 * with this. */
619
620 /** \todo TODO: check if disabling IRQs might be a good idea here. Alternatively
621 * the VCR might be something worth looking into. */
622
623
624 /* Set up breakpoint for stepping */
625
626 struct arm11_sc7_action brp[2];
627
628 brp[0].write = 1;
629 brp[0].address = ARM11_SC7_BVR0;
630 brp[1].write = 1;
631 brp[1].address = ARM11_SC7_BCR0;
632
633 if (arm11_config_hardware_step)
634 {
635 /* Hardware single stepping ("instruction address
636 * mismatch") is used if enabled. It's not quite
637 * exactly "run one instruction"; "branch to here"
638 * loops won't break, neither will some other cases,
639 * but it's probably the best default.
640 *
641 * Hardware single stepping isn't supported on v6
642 * debug modules. ARM1176 and v7 can support it...
643 *
644 * FIXME Thumb stepping likely needs to use 0x03
645 * or 0xc0 byte masks, not 0x0f.
646 */
647 brp[0].value = address;
648 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
649 | (0 << 14) | (0 << 16) | (0 << 20)
650 | (2 << 21);
651 } else
652 {
653 /* Sets a breakpoint on the next PC, as calculated
654 * by instruction set simulation.
655 *
656 * REVISIT stepping Thumb on ARM1156 requires Thumb2
657 * support from the simulator.
658 */
659 uint32_t next_pc;
660 int retval;
661
662 retval = arm_simulate_step(target, &next_pc);
663 if (retval != ERROR_OK)
664 return retval;
665
666 brp[0].value = next_pc;
667 brp[1].value = 0x1 | (3 << 1) | (0x0F << 5)
668 | (0 << 14) | (0 << 16) | (0 << 20)
669 | (0 << 21);
670 }
671
672 CHECK_RETVAL(arm11_sc7_run(arm11, brp, ARRAY_SIZE(brp)));
673
674 /* resume */
675
676
677 if (arm11_config_step_irq_enable)
678 /* this disable should be redundant ... */
679 arm11->dscr &= ~DSCR_INT_DIS;
680 else
681 arm11->dscr |= DSCR_INT_DIS;
682
683
684 CHECK_RETVAL(arm11_leave_debug_state(arm11, handle_breakpoints));
685
686 arm11_add_IR(arm11, ARM11_RESTART, TAP_IDLE);
687
688 CHECK_RETVAL(jtag_execute_queue());
689
690 /* wait for halt */
691 int i = 0;
692
693 while (1)
694 {
695 const uint32_t mask = DSCR_CORE_RESTARTED
696 | DSCR_CORE_HALTED;
697
698 CHECK_RETVAL(arm11_read_DSCR(arm11));
699 LOG_DEBUG("DSCR %08x e", (unsigned) arm11->dscr);
700
701 if ((arm11->dscr & mask) == mask)
702 break;
703
704 long long then = 0;
705 if (i == 1000)
706 {
707 then = timeval_ms();
708 }
709 if (i >= 1000)
710 {
711 if ((timeval_ms()-then) > 1000)
712 {
713 LOG_WARNING("Timeout (1000ms) waiting for instructions to complete");
714 return ERROR_FAIL;
715 }
716 }
717 i++;
718 }
719
720 /* clear breakpoint */
721 arm11_sc7_clear_vbw(arm11);
722
723 /* save state */
724 CHECK_RETVAL(arm11_debug_entry(arm11));
725
726 /* restore default state */
727 arm11->dscr &= ~DSCR_INT_DIS;
728
729 }
730
731 target->debug_reason = DBG_REASON_SINGLESTEP;
732
733 CHECK_RETVAL(target_call_event_callbacks(target, TARGET_EVENT_HALTED));
734
735 return ERROR_OK;
736 }
737
738 static int arm11_assert_reset(struct target *target)
739 {
740 int retval;
741 struct arm11_common *arm11 = target_to_arm11(target);
742
743 retval = arm11_check_init(arm11);
744 if (retval != ERROR_OK)
745 return retval;
746
747 target->state = TARGET_UNKNOWN;
748
749 /* we would very much like to reset into the halted, state,
750 * but resetting and halting is second best... */
751 if (target->reset_halt)
752 {
753 CHECK_RETVAL(target_halt(target));
754 }
755
756
757 /* srst is funny. We can not do *anything* else while it's asserted
758 * and it has unkonwn side effects. Make sure no other code runs
759 * meanwhile.
760 *
761 * Code below assumes srst:
762 *
763 * - Causes power-on-reset (but of what parts of the system?). Bug
764 * in arm11?
765 *
766 * - Messes us TAP state without asserting trst.
767 *
768 * - There is another bug in the arm11 core. When you generate an access to
769 * external logic (for example ddr controller via AHB bus) and that block
770 * is not configured (perhaps it is still held in reset), that transaction
771 * will never complete. This will hang arm11 core but it will also hang
772 * JTAG controller. Nothing, short of srst assertion will bring it out of
773 * this.
774 *
775 * Mysteries:
776 *
777 * - What should the PC be after an srst reset when starting in the halted
778 * state?
779 */
780
781 jtag_add_reset(0, 1);
782 jtag_add_reset(0, 0);
783
784 /* How long do we have to wait? */
785 jtag_add_sleep(5000);
786
787 /* un-mess up TAP state */
788 jtag_add_tlr();
789
790 retval = jtag_execute_queue();
791 if (retval != ERROR_OK)
792 {
793 return retval;
794 }
795
796 return ERROR_OK;
797 }
798
799 static int arm11_deassert_reset(struct target *target)
800 {
801 return ERROR_OK;
802 }
803
804 static int arm11_soft_reset_halt(struct target *target)
805 {
806 LOG_WARNING("Not implemented: %s", __func__);
807
808 return ERROR_FAIL;
809 }
810
811 /* target memory access
812 * size: 1 = byte (8bit), 2 = half-word (16bit), 4 = word (32bit)
813 * count: number of items of <size>
814 *
815 * arm11_config_memrw_no_increment - in the future we may want to be able
816 * to read/write a range of data to a "port". a "port" is an action on
817 * read memory address for some peripheral.
818 */
819 static int arm11_read_memory_inner(struct target *target,
820 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer,
821 bool arm11_config_memrw_no_increment)
822 {
823 /** \todo TODO: check if buffer cast to uint32_t* and uint16_t* might cause alignment problems */
824 int retval;
825
826 if (target->state != TARGET_HALTED)
827 {
828 LOG_WARNING("target was not halted");
829 return ERROR_TARGET_NOT_HALTED;
830 }
831
832 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "", address, size, count);
833
834 struct arm11_common *arm11 = target_to_arm11(target);
835
836 retval = arm11_run_instr_data_prepare(arm11);
837 if (retval != ERROR_OK)
838 return retval;
839
840 /* MRC p14,0,r0,c0,c5,0 */
841 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
842 if (retval != ERROR_OK)
843 return retval;
844
845 switch (size)
846 {
847 case 1:
848 arm11->arm.core_cache->reg_list[1].dirty = true;
849
850 for (size_t i = 0; i < count; i++)
851 {
852 /* ldrb r1, [r0], #1 */
853 /* ldrb r1, [r0] */
854 arm11_run_instr_no_data1(arm11,
855 !arm11_config_memrw_no_increment ? 0xe4d01001 : 0xe5d01000);
856
857 uint32_t res;
858 /* MCR p14,0,R1,c0,c5,0 */
859 arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1);
860
861 *buffer++ = res;
862 }
863
864 break;
865
866 case 2:
867 {
868 arm11->arm.core_cache->reg_list[1].dirty = true;
869
870 for (size_t i = 0; i < count; i++)
871 {
872 /* ldrh r1, [r0], #2 */
873 arm11_run_instr_no_data1(arm11,
874 !arm11_config_memrw_no_increment ? 0xe0d010b2 : 0xe1d010b0);
875
876 uint32_t res;
877
878 /* MCR p14,0,R1,c0,c5,0 */
879 arm11_run_instr_data_from_core(arm11, 0xEE001E15, &res, 1);
880
881 uint16_t svalue = res;
882 memcpy(buffer + i * sizeof(uint16_t), &svalue, sizeof(uint16_t));
883 }
884
885 break;
886 }
887
888 case 4:
889 {
890 uint32_t instr = !arm11_config_memrw_no_increment ? 0xecb05e01 : 0xed905e00;
891 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
892 uint32_t *words = (uint32_t *)buffer;
893
894 /* LDC p14,c5,[R0],#4 */
895 /* LDC p14,c5,[R0] */
896 arm11_run_instr_data_from_core(arm11, instr, words, count);
897 break;
898 }
899 }
900
901 return arm11_run_instr_data_finish(arm11);
902 }
903
904 static int arm11_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
905 {
906 return arm11_read_memory_inner(target, address, size, count, buffer, false);
907 }
908
909 /*
910 * no_increment - in the future we may want to be able
911 * to read/write a range of data to a "port". a "port" is an action on
912 * read memory address for some peripheral.
913 */
914 static int arm11_write_memory_inner(struct target *target,
915 uint32_t address, uint32_t size,
916 uint32_t count, uint8_t *buffer,
917 bool no_increment)
918 {
919 int retval;
920
921 if (target->state != TARGET_HALTED)
922 {
923 LOG_WARNING("target was not halted");
924 return ERROR_TARGET_NOT_HALTED;
925 }
926
927 LOG_DEBUG("ADDR %08" PRIx32 " SIZE %08" PRIx32 " COUNT %08" PRIx32 "", address, size, count);
928
929 struct arm11_common *arm11 = target_to_arm11(target);
930
931 retval = arm11_run_instr_data_prepare(arm11);
932 if (retval != ERROR_OK)
933 return retval;
934
935 /* MRC p14,0,r0,c0,c5,0 */
936 retval = arm11_run_instr_data_to_core1(arm11, 0xee100e15, address);
937 if (retval != ERROR_OK)
938 return retval;
939
940 /* burst writes are not used for single words as those may well be
941 * reset init script writes.
942 *
943 * The other advantage is that as burst writes are default, we'll
944 * now exercise both burst and non-burst code paths with the
945 * default settings, increasing code coverage.
946 */
947 bool burst = arm11_config_memwrite_burst && (count > 1);
948
949 switch (size)
950 {
951 case 1:
952 {
953 arm11->arm.core_cache->reg_list[1].dirty = true;
954
955 for (size_t i = 0; i < count; i++)
956 {
957 /* MRC p14,0,r1,c0,c5,0 */
958 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, *buffer++);
959 if (retval != ERROR_OK)
960 return retval;
961
962 /* strb r1, [r0], #1 */
963 /* strb r1, [r0] */
964 retval = arm11_run_instr_no_data1(arm11,
965 !no_increment
966 ? 0xe4c01001
967 : 0xe5c01000);
968 if (retval != ERROR_OK)
969 return retval;
970 }
971
972 break;
973 }
974
975 case 2:
976 {
977 arm11->arm.core_cache->reg_list[1].dirty = true;
978
979 for (size_t i = 0; i < count; i++)
980 {
981 uint16_t value;
982 memcpy(&value, buffer + i * sizeof(uint16_t), sizeof(uint16_t));
983
984 /* MRC p14,0,r1,c0,c5,0 */
985 retval = arm11_run_instr_data_to_core1(arm11, 0xee101e15, value);
986 if (retval != ERROR_OK)
987 return retval;
988
989 /* strh r1, [r0], #2 */
990 /* strh r1, [r0] */
991 retval = arm11_run_instr_no_data1(arm11,
992 !no_increment
993 ? 0xe0c010b2
994 : 0xe1c010b0);
995 if (retval != ERROR_OK)
996 return retval;
997 }
998
999 break;
1000 }
1001
1002 case 4: {
1003 uint32_t instr = !no_increment ? 0xeca05e01 : 0xed805e00;
1004
1005 /** \todo TODO: buffer cast to uint32_t* causes alignment warnings */
1006 uint32_t *words = (uint32_t*)buffer;
1007
1008 if (!burst)
1009 {
1010 /* STC p14,c5,[R0],#4 */
1011 /* STC p14,c5,[R0]*/
1012 retval = arm11_run_instr_data_to_core(arm11, instr, words, count);
1013 if (retval != ERROR_OK)
1014 return retval;
1015 }
1016 else
1017 {
1018 /* STC p14,c5,[R0],#4 */
1019 /* STC p14,c5,[R0]*/
1020 retval = arm11_run_instr_data_to_core_noack(arm11, instr, words, count);
1021 if (retval != ERROR_OK)
1022 return retval;
1023 }
1024
1025 break;
1026 }
1027 }
1028
1029 /* r0 verification */
1030 if (!no_increment)
1031 {
1032 uint32_t r0;
1033
1034 /* MCR p14,0,R0,c0,c5,0 */
1035 retval = arm11_run_instr_data_from_core(arm11, 0xEE000E15, &r0, 1);
1036 if (retval != ERROR_OK)
1037 return retval;
1038
1039 if (address + size * count != r0)
1040 {
1041 LOG_ERROR("Data transfer failed. Expected end "
1042 "address 0x%08x, got 0x%08x",
1043 (unsigned) (address + size * count),
1044 (unsigned) r0);
1045
1046 if (burst)
1047 LOG_ERROR("use 'arm11 memwrite burst disable' to disable fast burst mode");
1048
1049 if (arm11_config_memwrite_error_fatal)
1050 return ERROR_FAIL;
1051 }
1052 }
1053
1054 return arm11_run_instr_data_finish(arm11);
1055 }
1056
1057 static int arm11_write_memory(struct target *target,
1058 uint32_t address, uint32_t size,
1059 uint32_t count, uint8_t *buffer)
1060 {
1061 /* pointer increment matters only for multi-unit writes ...
1062 * not e.g. to a "reset the chip" controller.
1063 */
1064 return arm11_write_memory_inner(target, address, size,
1065 count, buffer, count == 1);
1066 }
1067
1068 /* write target memory in multiples of 4 byte, optimized for writing large quantities of data */
1069 static int arm11_bulk_write_memory(struct target *target,
1070 uint32_t address, uint32_t count, uint8_t *buffer)
1071 {
1072 if (target->state != TARGET_HALTED)
1073 {
1074 LOG_WARNING("target was not halted");
1075 return ERROR_TARGET_NOT_HALTED;
1076 }
1077
1078 return arm11_write_memory(target, address, 4, count, buffer);
1079 }
1080
1081 /* target break-/watchpoint control
1082 * rw: 0 = write, 1 = read, 2 = access
1083 */
1084 static int arm11_add_breakpoint(struct target *target,
1085 struct breakpoint *breakpoint)
1086 {
1087 struct arm11_common *arm11 = target_to_arm11(target);
1088
1089 #if 0
1090 if (breakpoint->type == BKPT_SOFT)
1091 {
1092 LOG_INFO("sw breakpoint requested, but software breakpoints not enabled");
1093 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1094 }
1095 #endif
1096
1097 if (!arm11->free_brps)
1098 {
1099 LOG_DEBUG("no breakpoint unit available for hardware breakpoint");
1100 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1101 }
1102
1103 if (breakpoint->length != 4)
1104 {
1105 LOG_DEBUG("only breakpoints of four bytes length supported");
1106 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1107 }
1108
1109 arm11->free_brps--;
1110
1111 return ERROR_OK;
1112 }
1113
1114 static int arm11_remove_breakpoint(struct target *target,
1115 struct breakpoint *breakpoint)
1116 {
1117 struct arm11_common *arm11 = target_to_arm11(target);
1118
1119 arm11->free_brps++;
1120
1121 return ERROR_OK;
1122 }
1123
1124 static int arm11_target_create(struct target *target, Jim_Interp *interp)
1125 {
1126 struct arm11_common *arm11;
1127
1128 if (target->tap == NULL)
1129 return ERROR_FAIL;
1130
1131 if (target->tap->ir_length != 5)
1132 {
1133 LOG_ERROR("'target arm11' expects IR LENGTH = 5");
1134 return ERROR_COMMAND_SYNTAX_ERROR;
1135 }
1136
1137 arm11 = calloc(1, sizeof *arm11);
1138 if (!arm11)
1139 return ERROR_FAIL;
1140
1141 armv4_5_init_arch_info(target, &arm11->arm);
1142
1143 arm11->jtag_info.tap = target->tap;
1144 arm11->jtag_info.scann_size = 5;
1145 arm11->jtag_info.scann_instr = ARM11_SCAN_N;
1146 /* cur_scan_chain == 0 */
1147 arm11->jtag_info.intest_instr = ARM11_INTEST;
1148
1149 return ERROR_OK;
1150 }
1151
1152 static int arm11_init_target(struct command_context *cmd_ctx,
1153 struct target *target)
1154 {
1155 /* Initialize anything we can set up without talking to the target */
1156 return ERROR_OK;
1157 }
1158
1159 /* talk to the target and set things up */
1160 static int arm11_examine(struct target *target)
1161 {
1162 int retval;
1163 char *type;
1164 struct arm11_common *arm11 = target_to_arm11(target);
1165 uint32_t didr, device_id;
1166 uint8_t implementor;
1167
1168 /* FIXME split into do-first-time and do-every-time logic ... */
1169
1170 /* check IDCODE */
1171
1172 arm11_add_IR(arm11, ARM11_IDCODE, ARM11_TAP_DEFAULT);
1173
1174 struct scan_field idcode_field;
1175
1176 arm11_setup_field(arm11, 32, NULL, &device_id, &idcode_field);
1177
1178 arm11_add_dr_scan_vc(1, &idcode_field, TAP_DRPAUSE);
1179
1180 /* check DIDR */
1181
1182 arm11_add_debug_SCAN_N(arm11, 0x00, ARM11_TAP_DEFAULT);
1183
1184 arm11_add_IR(arm11, ARM11_INTEST, ARM11_TAP_DEFAULT);
1185
1186 struct scan_field chain0_fields[2];
1187
1188 arm11_setup_field(arm11, 32, NULL, &didr, chain0_fields + 0);
1189 arm11_setup_field(arm11, 8, NULL, &implementor, chain0_fields + 1);
1190
1191 arm11_add_dr_scan_vc(ARRAY_SIZE(chain0_fields), chain0_fields, TAP_IDLE);
1192
1193 CHECK_RETVAL(jtag_execute_queue());
1194
1195 switch (device_id & 0x0FFFF000)
1196 {
1197 case 0x07B36000:
1198 type = "ARM1136";
1199 break;
1200 case 0x07B56000:
1201 type = "ARM1156";
1202 break;
1203 case 0x07B76000:
1204 arm11->arm.core_type = ARM_MODE_MON;
1205 type = "ARM1176";
1206 break;
1207 default:
1208 LOG_ERROR("'target arm11' expects IDCODE 0x*7B*7****");
1209 return ERROR_FAIL;
1210 }
1211 LOG_INFO("found %s", type);
1212
1213 /* unlikely this could ever fail, but ... */
1214 switch ((didr >> 16) & 0x0F) {
1215 case ARM11_DEBUG_V6:
1216 case ARM11_DEBUG_V61: /* supports security extensions */
1217 break;
1218 default:
1219 LOG_ERROR("Only ARM v6 and v6.1 debug supported.");
1220 return ERROR_FAIL;
1221 }
1222
1223 arm11->brp = ((didr >> 24) & 0x0F) + 1;
1224 arm11->wrp = ((didr >> 28) & 0x0F) + 1;
1225
1226 /** \todo TODO: reserve one brp slot if we allow breakpoints during step */
1227 arm11->free_brps = arm11->brp;
1228
1229 LOG_DEBUG("IDCODE %08" PRIx32 " IMPLEMENTOR %02x DIDR %08" PRIx32,
1230 device_id, implementor, didr);
1231
1232 /* as a side-effect this reads DSCR and thus
1233 * clears the ARM11_DSCR_STICKY_PRECISE_DATA_ABORT / Sticky Precise Data Abort Flag
1234 * as suggested by the spec.
1235 */
1236
1237 retval = arm11_check_init(arm11);
1238 if (retval != ERROR_OK)
1239 return retval;
1240
1241 /* Build register cache "late", after target_init(), since we
1242 * want to know if this core supports Secure Monitor mode.
1243 */
1244 if (!target_was_examined(target))
1245 retval = arm11_dpm_init(arm11, didr);
1246
1247 /* ETM on ARM11 still uses original scanchain 6 access mode */
1248 if (arm11->arm.etm && !target_was_examined(target)) {
1249 *register_get_last_cache_p(&target->reg_cache) =
1250 etm_build_reg_cache(target, &arm11->jtag_info,
1251 arm11->arm.etm);
1252 retval = etm_setup(target);
1253 }
1254
1255 target_set_examined(target);
1256
1257 return ERROR_OK;
1258 }
1259
1260
1261 /* FIXME all these BOOL_WRAPPER things should be modifying
1262 * per-instance state, not shared state; ditto the vector
1263 * catch register support. Scan chains with multiple cores
1264 * should be able to say "work with this core like this,
1265 * that core like that". Example, ARM11 MPCore ...
1266 */
1267
1268 #define ARM11_BOOL_WRAPPER(name, print_name) \
1269 COMMAND_HANDLER(arm11_handle_bool_##name) \
1270 { \
1271 return CALL_COMMAND_HANDLER(handle_command_parse_bool, \
1272 &arm11_config_##name, print_name); \
1273 }
1274
1275 ARM11_BOOL_WRAPPER(memwrite_burst, "memory write burst mode")
1276 ARM11_BOOL_WRAPPER(memwrite_error_fatal, "fatal error mode for memory writes")
1277 ARM11_BOOL_WRAPPER(step_irq_enable, "IRQs while stepping")
1278 ARM11_BOOL_WRAPPER(hardware_step, "hardware single step")
1279
1280 COMMAND_HANDLER(arm11_handle_vcr)
1281 {
1282 switch (CMD_ARGC) {
1283 case 0:
1284 break;
1285 case 1:
1286 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], arm11_vcr);
1287 break;
1288 default:
1289 return ERROR_COMMAND_SYNTAX_ERROR;
1290 }
1291
1292 LOG_INFO("VCR 0x%08" PRIx32 "", arm11_vcr);
1293 return ERROR_OK;
1294 }
1295
1296 static const struct command_registration arm11_mw_command_handlers[] = {
1297 {
1298 .name = "burst",
1299 .handler = &arm11_handle_bool_memwrite_burst,
1300 .mode = COMMAND_ANY,
1301 .help = "Enable/Disable non-standard but fast burst mode"
1302 " (default: enabled)",
1303 },
1304 {
1305 .name = "error_fatal",
1306 .handler = &arm11_handle_bool_memwrite_error_fatal,
1307 .mode = COMMAND_ANY,
1308 .help = "Terminate program if transfer error was found"
1309 " (default: enabled)",
1310 },
1311 COMMAND_REGISTRATION_DONE
1312 };
1313 static const struct command_registration arm11_any_command_handlers[] = {
1314 {
1315 /* "hardware_step" is only here to check if the default
1316 * simulate + breakpoint implementation is broken.
1317 * TEMPORARY! NOT DOCUMENTED! */
1318 .name = "hardware_step",
1319 .handler = &arm11_handle_bool_hardware_step,
1320 .mode = COMMAND_ANY,
1321 .help = "DEBUG ONLY - Hardware single stepping"
1322 " (default: disabled)",
1323 .usage = "(enable|disable)",
1324 },
1325 {
1326 .name = "memwrite",
1327 .mode = COMMAND_ANY,
1328 .help = "memwrite command group",
1329 .chain = arm11_mw_command_handlers,
1330 },
1331 {
1332 .name = "step_irq_enable",
1333 .handler = &arm11_handle_bool_step_irq_enable,
1334 .mode = COMMAND_ANY,
1335 .help = "Enable interrupts while stepping"
1336 " (default: disabled)",
1337 },
1338 {
1339 .name = "vcr",
1340 .handler = &arm11_handle_vcr,
1341 .mode = COMMAND_ANY,
1342 .help = "Control (Interrupt) Vector Catch Register",
1343 },
1344 COMMAND_REGISTRATION_DONE
1345 };
1346 static const struct command_registration arm11_command_handlers[] = {
1347 {
1348 .chain = arm_command_handlers,
1349 },
1350 {
1351 .chain = etm_command_handlers,
1352 },
1353 {
1354 .name = "arm11",
1355 .mode = COMMAND_ANY,
1356 .help = "ARM11 command group",
1357 .chain = arm11_any_command_handlers,
1358 },
1359 COMMAND_REGISTRATION_DONE
1360 };
1361
1362 /** Holds methods for ARM11xx targets. */
1363 struct target_type arm11_target = {
1364 .name = "arm11",
1365
1366 .poll = arm11_poll,
1367 .arch_state = arm11_arch_state,
1368
1369 .target_request_data = arm11_target_request_data,
1370
1371 .halt = arm11_halt,
1372 .resume = arm11_resume,
1373 .step = arm11_step,
1374
1375 .assert_reset = arm11_assert_reset,
1376 .deassert_reset = arm11_deassert_reset,
1377 .soft_reset_halt = arm11_soft_reset_halt,
1378
1379 .get_gdb_reg_list = armv4_5_get_gdb_reg_list,
1380
1381 .read_memory = arm11_read_memory,
1382 .write_memory = arm11_write_memory,
1383
1384 .bulk_write_memory = arm11_bulk_write_memory,
1385
1386 .checksum_memory = arm_checksum_memory,
1387 .blank_check_memory = arm_blank_check_memory,
1388
1389 .add_breakpoint = arm11_add_breakpoint,
1390 .remove_breakpoint = arm11_remove_breakpoint,
1391
1392 .run_algorithm = armv4_5_run_algorithm,
1393
1394 .commands = arm11_command_handlers,
1395 .target_create = arm11_target_create,
1396 .init_target = arm11_init_target,
1397 .examine = arm11_examine,
1398 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)