Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
target: improve robustness of reset command
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007-2010 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * Copyright (C) 2009 by David Brownell *
15 * *
16 * This program is free software; you can redistribute it and/or modify *
17 * it under the terms of the GNU General Public License as published by *
18 * the Free Software Foundation; either version 2 of the License, or *
19 * (at your option) any later version. *
20 * *
21 * This program is distributed in the hope that it will be useful, *
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24 * GNU General Public License for more details. *
25 * *
26 * You should have received a copy of the GNU General Public License *
27 * along with this program; if not, write to the *
28 * Free Software Foundation, Inc., *
29 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
30 ***************************************************************************/
31
32 #ifdef HAVE_CONFIG_H
33 #include "config.h"
34 #endif
35
36 #include "breakpoints.h"
37 #include "embeddedice.h"
38 #include "target_request.h"
39 #include "etm.h"
40 #include <helper/time_support.h>
41 #include "arm_simulator.h"
42 #include "arm_semihosting.h"
43 #include "algorithm.h"
44 #include "register.h"
45 #include "armv4_5.h"
46
47 /**
48 * @file
49 * Hold common code supporting the ARM7 and ARM9 core generations.
50 *
51 * While the ARM core implementations evolved substantially during these
52 * two generations, they look quite similar from the JTAG perspective.
53 * Both have similar debug facilities, based on the same two scan chains
54 * providing access to the core and to an EmbeddedICE module. Both can
55 * support similar ETM and ETB modules, for tracing. And both expose
56 * what could be viewed as "ARM Classic", with multiple processor modes,
57 * shadowed registers, and support for the Thumb instruction set.
58 *
59 * Processor differences include things like presence or absence of MMU
60 * and cache, pipeline sizes, use of a modified Harvard Architecure
61 * (with separate instruction and data busses from the CPU), support
62 * for cpu clock gating during idle, and more.
63 */
64
65 static int arm7_9_debug_entry(struct target *target);
66
67 /**
68 * Clear watchpoints for an ARM7/9 target.
69 *
70 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
71 * @return JTAG error status after executing queue
72 */
73 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
74 {
75 LOG_DEBUG("-");
76 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
77 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
78 arm7_9->sw_breakpoint_count = 0;
79 arm7_9->sw_breakpoints_added = 0;
80 arm7_9->wp0_used = 0;
81 arm7_9->wp1_used = arm7_9->wp1_used_default;
82 arm7_9->wp_available = arm7_9->wp_available_max;
83
84 return jtag_execute_queue();
85 }
86
87 /**
88 * Assign a watchpoint to one of the two available hardware comparators in an
89 * ARM7 or ARM9 target.
90 *
91 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
92 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
93 */
94 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
95 {
96 if (!arm7_9->wp0_used) {
97 arm7_9->wp0_used = 1;
98 breakpoint->set = 1;
99 arm7_9->wp_available--;
100 } else if (!arm7_9->wp1_used) {
101 arm7_9->wp1_used = 1;
102 breakpoint->set = 2;
103 arm7_9->wp_available--;
104 } else
105 LOG_ERROR("BUG: no hardware comparator available");
106 LOG_DEBUG("BPID: %" PRId32 " (0x%08" PRIx32 ") using hw wp: %d",
107 breakpoint->unique_id,
108 breakpoint->address,
109 breakpoint->set);
110 }
111
112 /**
113 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
114 *
115 * @param arm7_9 Pointer to common struct for ARM7/9 targets
116 * @return Error codes if there is a problem finding a watchpoint or the result
117 * of executing the JTAG queue
118 */
119 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
120 {
121 if (arm7_9->sw_breakpoints_added)
122 return ERROR_OK;
123 if (arm7_9->wp_available < 1) {
124 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
125 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
126 }
127 arm7_9->wp_available--;
128
129 /* pick a breakpoint unit */
130 if (!arm7_9->wp0_used) {
131 arm7_9->sw_breakpoints_added = 1;
132 arm7_9->wp0_used = 3;
133 } else if (!arm7_9->wp1_used) {
134 arm7_9->sw_breakpoints_added = 2;
135 arm7_9->wp1_used = 3;
136 } else {
137 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
138 return ERROR_FAIL;
139 }
140
141 if (arm7_9->sw_breakpoints_added == 1) {
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
146 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
147 } else if (arm7_9->sw_breakpoints_added == 2) {
148 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
153 } else {
154 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
155 return ERROR_FAIL;
156 }
157 LOG_DEBUG("SW BP using hw wp: %d",
158 arm7_9->sw_breakpoints_added);
159
160 return jtag_execute_queue();
161 }
162
163 /**
164 * Setup the common pieces for an ARM7/9 target after reset or on startup.
165 *
166 * @param target Pointer to an ARM7/9 target to setup
167 * @return Result of clearing the watchpoints on the target
168 */
169 static int arm7_9_setup(struct target *target)
170 {
171 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
172
173 return arm7_9_clear_watchpoints(arm7_9);
174 }
175
176 /**
177 * Set either a hardware or software breakpoint on an ARM7/9 target. The
178 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
179 * might have erased the values in Embedded ICE.
180 *
181 * @param target Pointer to the target device to set the breakpoints on
182 * @param breakpoint Pointer to the breakpoint to be set
183 * @return For hardware breakpoints, this is the result of executing the JTAG
184 * queue. For software breakpoints, this will be the status of the
185 * required memory reads and writes
186 */
187 static int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
188 {
189 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
190 int retval = ERROR_OK;
191
192 LOG_DEBUG("BPID: %" PRId32 ", Address: 0x%08" PRIx32 ", Type: %d",
193 breakpoint->unique_id,
194 breakpoint->address,
195 breakpoint->type);
196
197 if (target->state != TARGET_HALTED) {
198 LOG_WARNING("target not halted");
199 return ERROR_TARGET_NOT_HALTED;
200 }
201
202 if (breakpoint->type == BKPT_HARD) {
203 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
204 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
205
206 /* reassign a hw breakpoint */
207 if (breakpoint->set == 0)
208 arm7_9_assign_wp(arm7_9, breakpoint);
209
210 if (breakpoint->set == 1) {
211 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
212 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
213 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
214 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
215 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
216 } else if (breakpoint->set == 2) {
217 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
218 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
219 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
220 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
221 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
222 } else {
223 LOG_ERROR("BUG: no hardware comparator available");
224 return ERROR_OK;
225 }
226
227 retval = jtag_execute_queue();
228 } else if (breakpoint->type == BKPT_SOFT) {
229 /* did we already set this breakpoint? */
230 if (breakpoint->set)
231 return ERROR_OK;
232
233 if (breakpoint->length == 4) {
234 uint32_t verify = 0xffffffff;
235 /* keep the original instruction in target endianness */
236 retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
237 if (retval != ERROR_OK)
238 return retval;
239 /* write the breakpoint instruction in target
240 * endianness (arm7_9->arm_bkpt is host endian) */
241 retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
242 if (retval != ERROR_OK)
243 return retval;
244
245 retval = target_read_u32(target, breakpoint->address, &verify);
246 if (retval != ERROR_OK)
247 return retval;
248 if (verify != arm7_9->arm_bkpt) {
249 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32
250 " - check that memory is read/writable", breakpoint->address);
251 return ERROR_OK;
252 }
253 } else {
254 uint16_t verify = 0xffff;
255 /* keep the original instruction in target endianness */
256 retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
257 if (retval != ERROR_OK)
258 return retval;
259 /* write the breakpoint instruction in target
260 * endianness (arm7_9->thumb_bkpt is host endian) */
261 retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
262 if (retval != ERROR_OK)
263 return retval;
264
265 retval = target_read_u16(target, breakpoint->address, &verify);
266 if (retval != ERROR_OK)
267 return retval;
268 if (verify != arm7_9->thumb_bkpt) {
269 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32
270 " - check that memory is read/writable", breakpoint->address);
271 return ERROR_OK;
272 }
273 }
274
275 retval = arm7_9_set_software_breakpoints(arm7_9);
276 if (retval != ERROR_OK)
277 return retval;
278
279 arm7_9->sw_breakpoint_count++;
280
281 breakpoint->set = 1;
282 }
283
284 return retval;
285 }
286
287 /**
288 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
289 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
290 * will be updated. Otherwise, the software breakpoint will be restored to its
291 * original instruction if it hasn't already been modified.
292 *
293 * @param target Pointer to ARM7/9 target to unset the breakpoint from
294 * @param breakpoint Pointer to breakpoint to be unset
295 * @return For hardware breakpoints, this is the result of executing the JTAG
296 * queue. For software breakpoints, this will be the status of the
297 * required memory reads and writes
298 */
299 static int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
300 {
301 int retval = ERROR_OK;
302 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
303
304 LOG_DEBUG("BPID: %" PRId32 ", Address: 0x%08" PRIx32,
305 breakpoint->unique_id,
306 breakpoint->address);
307
308 if (!breakpoint->set) {
309 LOG_WARNING("breakpoint not set");
310 return ERROR_OK;
311 }
312
313 if (breakpoint->type == BKPT_HARD) {
314 LOG_DEBUG("BPID: %" PRId32 " Releasing hw wp: %d",
315 breakpoint->unique_id,
316 breakpoint->set);
317 if (breakpoint->set == 1) {
318 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
319 arm7_9->wp0_used = 0;
320 arm7_9->wp_available++;
321 } else if (breakpoint->set == 2) {
322 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
323 arm7_9->wp1_used = 0;
324 arm7_9->wp_available++;
325 }
326 retval = jtag_execute_queue();
327 breakpoint->set = 0;
328 } else {
329 /* restore original instruction (kept in target endianness) */
330 if (breakpoint->length == 4) {
331 uint32_t current_instr;
332 /* check that user program as not modified breakpoint instruction */
333 retval = target_read_memory(target,
334 breakpoint->address, 4, 1, (uint8_t *)&current_instr);
335 if (retval != ERROR_OK)
336 return retval;
337 current_instr = target_buffer_get_u32(target, (uint8_t *)&current_instr);
338 if (current_instr == arm7_9->arm_bkpt) {
339 retval = target_write_memory(target,
340 breakpoint->address, 4, 1, breakpoint->orig_instr);
341 if (retval != ERROR_OK)
342 return retval;
343 }
344
345 } else {
346 uint16_t current_instr;
347 /* check that user program as not modified breakpoint instruction */
348 retval = target_read_memory(target,
349 breakpoint->address, 2, 1, (uint8_t *)&current_instr);
350 if (retval != ERROR_OK)
351 return retval;
352 current_instr = target_buffer_get_u16(target, (uint8_t *)&current_instr);
353 if (current_instr == arm7_9->thumb_bkpt)
354 retval = target_write_memory(target,
355 breakpoint->address, 2, 1, breakpoint->orig_instr);
356 if (retval != ERROR_OK)
357 return retval;
358
359 }
360
361 if (--arm7_9->sw_breakpoint_count == 0) {
362 /* We have removed the last sw breakpoint, clear the hw breakpoint we used
363 *to implement it */
364 if (arm7_9->sw_breakpoints_added == 1)
365 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[
366 EICE_W0_CONTROL_VALUE], 0);
367 else if (arm7_9->sw_breakpoints_added == 2)
368 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[
369 EICE_W1_CONTROL_VALUE], 0);
370 }
371
372 breakpoint->set = 0;
373 }
374
375 return retval;
376 }
377
378 /**
379 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
380 * dangling breakpoints and that the desired breakpoint can be added.
381 *
382 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
383 * @param breakpoint Pointer to the breakpoint to be added
384 * @return An error status if there is a problem adding the breakpoint or the
385 * result of setting the breakpoint
386 */
387 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
388 {
389 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
390
391 if (arm7_9->breakpoint_count == 0) {
392 /* make sure we don't have any dangling breakpoints. This is vital upon
393 * GDB connect/disconnect
394 */
395 arm7_9_clear_watchpoints(arm7_9);
396 }
397
398 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1)) {
399 LOG_INFO("no watchpoint unit available for hardware breakpoint");
400 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
401 }
402
403 if ((breakpoint->length != 2) && (breakpoint->length != 4)) {
404 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
405 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
406 }
407
408 if (breakpoint->type == BKPT_HARD)
409 arm7_9_assign_wp(arm7_9, breakpoint);
410
411 arm7_9->breakpoint_count++;
412
413 return arm7_9_set_breakpoint(target, breakpoint);
414 }
415
416 /**
417 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
418 * dangling breakpoints and updates available watchpoints if it is a hardware
419 * breakpoint.
420 *
421 * @param target Pointer to the target to have a breakpoint removed
422 * @param breakpoint Pointer to the breakpoint to be removed
423 * @return Error status if there was a problem unsetting the breakpoint or the
424 * watchpoints could not be cleared
425 */
426 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
427 {
428 int retval = ERROR_OK;
429 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
430
431 retval = arm7_9_unset_breakpoint(target, breakpoint);
432 if (retval != ERROR_OK)
433 return retval;
434
435 if (breakpoint->type == BKPT_HARD)
436 arm7_9->wp_available++;
437
438 arm7_9->breakpoint_count--;
439 if (arm7_9->breakpoint_count == 0) {
440 /* make sure we don't have any dangling breakpoints */
441 retval = arm7_9_clear_watchpoints(arm7_9);
442 if (retval != ERROR_OK)
443 return retval;
444 }
445
446 return ERROR_OK;
447 }
448
449 /**
450 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
451 * considered a bug to call this function when there are no available watchpoint
452 * units.
453 *
454 * @param target Pointer to an ARM7/9 target to set a watchpoint on
455 * @param watchpoint Pointer to the watchpoint to be set
456 * @return Error status if watchpoint set fails or the result of executing the
457 * JTAG queue
458 */
459 static int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
460 {
461 int retval = ERROR_OK;
462 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
463 int rw_mask = 1;
464 uint32_t mask;
465
466 mask = watchpoint->length - 1;
467
468 if (target->state != TARGET_HALTED) {
469 LOG_WARNING("target not halted");
470 return ERROR_TARGET_NOT_HALTED;
471 }
472
473 if (watchpoint->rw == WPT_ACCESS)
474 rw_mask = 0;
475 else
476 rw_mask = 1;
477
478 if (!arm7_9->wp0_used) {
479 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE],
480 watchpoint->address);
481 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
482 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK],
483 watchpoint->mask);
484 if (watchpoint->mask != 0xffffffffu)
485 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE],
486 watchpoint->value);
487 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
488 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
489 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
490 EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
491
492 retval = jtag_execute_queue();
493 if (retval != ERROR_OK)
494 return retval;
495 watchpoint->set = 1;
496 arm7_9->wp0_used = 2;
497 } else if (!arm7_9->wp1_used) {
498 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE],
499 watchpoint->address);
500 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
501 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK],
502 watchpoint->mask);
503 if (watchpoint->mask != 0xffffffffu)
504 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE],
505 watchpoint->value);
506 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
507 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
508 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE],
509 EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
510
511 retval = jtag_execute_queue();
512 if (retval != ERROR_OK)
513 return retval;
514 watchpoint->set = 2;
515 arm7_9->wp1_used = 2;
516 } else {
517 LOG_ERROR("BUG: no hardware comparator available");
518 return ERROR_OK;
519 }
520
521 return ERROR_OK;
522 }
523
524 /**
525 * Unset an existing watchpoint and clear the used watchpoint unit.
526 *
527 * @param target Pointer to the target to have the watchpoint removed
528 * @param watchpoint Pointer to the watchpoint to be removed
529 * @return Error status while trying to unset the watchpoint or the result of
530 * executing the JTAG queue
531 */
532 static int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
533 {
534 int retval = ERROR_OK;
535 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
536
537 if (target->state != TARGET_HALTED) {
538 LOG_WARNING("target not halted");
539 return ERROR_TARGET_NOT_HALTED;
540 }
541
542 if (!watchpoint->set) {
543 LOG_WARNING("breakpoint not set");
544 return ERROR_OK;
545 }
546
547 if (watchpoint->set == 1) {
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
549 retval = jtag_execute_queue();
550 if (retval != ERROR_OK)
551 return retval;
552 arm7_9->wp0_used = 0;
553 } else if (watchpoint->set == 2) {
554 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
555 retval = jtag_execute_queue();
556 if (retval != ERROR_OK)
557 return retval;
558 arm7_9->wp1_used = 0;
559 }
560 watchpoint->set = 0;
561
562 return ERROR_OK;
563 }
564
565 /**
566 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
567 * available, an error response is returned.
568 *
569 * @param target Pointer to the ARM7/9 target to add a watchpoint to
570 * @param watchpoint Pointer to the watchpoint to be added
571 * @return Error status while trying to add the watchpoint
572 */
573 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
574 {
575 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
576
577 if (arm7_9->wp_available < 1)
578 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
579
580 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
581 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
582
583 arm7_9->wp_available--;
584
585 return ERROR_OK;
586 }
587
588 /**
589 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
590 * the used watchpoint unit will be reopened.
591 *
592 * @param target Pointer to the target to remove a watchpoint from
593 * @param watchpoint Pointer to the watchpoint to be removed
594 * @return Result of trying to unset the watchpoint
595 */
596 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
597 {
598 int retval = ERROR_OK;
599 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
600
601 if (watchpoint->set) {
602 retval = arm7_9_unset_watchpoint(target, watchpoint);
603 if (retval != ERROR_OK)
604 return retval;
605 }
606
607 arm7_9->wp_available++;
608
609 return ERROR_OK;
610 }
611
612 /**
613 * Restarts the target by sending a RESTART instruction and moving the JTAG
614 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
615 * asserted by the processor.
616 *
617 * @param target Pointer to target to issue commands to
618 * @return Error status if there is a timeout or a problem while executing the
619 * JTAG queue
620 */
621 int arm7_9_execute_sys_speed(struct target *target)
622 {
623 int retval;
624 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
625 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
626 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
627
628 /* set RESTART instruction */
629 if (arm7_9->need_bypass_before_restart) {
630 arm7_9->need_bypass_before_restart = 0;
631 retval = arm_jtag_set_instr(jtag_info->tap, 0xf, NULL, TAP_IDLE);
632 if (retval != ERROR_OK)
633 return retval;
634 }
635 retval = arm_jtag_set_instr(jtag_info->tap, 0x4, NULL, TAP_IDLE);
636 if (retval != ERROR_OK)
637 return retval;
638
639 long long then = timeval_ms();
640 int timeout;
641 while (!(timeout = ((timeval_ms()-then) > 1000))) {
642 /* read debug status register */
643 embeddedice_read_reg(dbg_stat);
644 retval = jtag_execute_queue();
645 if (retval != ERROR_OK)
646 return retval;
647 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
648 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
649 break;
650 if (debug_level >= 3)
651 alive_sleep(100);
652 else
653 keep_alive();
654 }
655 if (timeout) {
656 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "",
657 buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
658 return ERROR_TARGET_TIMEOUT;
659 }
660
661 return ERROR_OK;
662 }
663
664 /**
665 * Restarts the target by sending a RESTART instruction and moving the JTAG
666 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
667 * waiting until they are.
668 *
669 * @param target Pointer to the target to issue commands to
670 * @return Always ERROR_OK
671 */
672 static int arm7_9_execute_fast_sys_speed(struct target *target)
673 {
674 static int set;
675 static uint8_t check_value[4], check_mask[4];
676
677 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
678 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
679 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
680 int retval;
681
682 /* set RESTART instruction */
683 if (arm7_9->need_bypass_before_restart) {
684 arm7_9->need_bypass_before_restart = 0;
685 retval = arm_jtag_set_instr(jtag_info->tap, 0xf, NULL, TAP_IDLE);
686 if (retval != ERROR_OK)
687 return retval;
688 }
689 retval = arm_jtag_set_instr(jtag_info->tap, 0x4, NULL, TAP_IDLE);
690 if (retval != ERROR_OK)
691 return retval;
692
693 if (!set) {
694 /* check for DBGACK and SYSCOMP set (others don't care) */
695
696 /* NB! These are constants that must be available until after next jtag_execute() and
697 * we evaluate the values upon first execution in lieu of setting up these constants
698 * during early setup.
699 * */
700 buf_set_u32(check_value, 0, 32, 0x9);
701 buf_set_u32(check_mask, 0, 32, 0x9);
702 set = 1;
703 }
704
705 /* read debug status register */
706 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
707
708 return ERROR_OK;
709 }
710
711 /**
712 * Get some data from the ARM7/9 target.
713 *
714 * @param target Pointer to the ARM7/9 target to read data from
715 * @param size The number of 32bit words to be read
716 * @param buffer Pointer to the buffer that will hold the data
717 * @return The result of receiving data from the Embedded ICE unit
718 */
719 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
720 {
721 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
722 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
723 uint32_t *data;
724 int retval = ERROR_OK;
725 uint32_t i;
726
727 data = malloc(size * (sizeof(uint32_t)));
728
729 retval = embeddedice_receive(jtag_info, data, size);
730
731 /* return the 32-bit ints in the 8-bit array */
732 for (i = 0; i < size; i++)
733 h_u32_to_le(buffer + (i * 4), data[i]);
734
735 free(data);
736
737 return retval;
738 }
739
740 /**
741 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
742 * target is running and the DCC control register has the W bit high, this will
743 * execute the request on the target.
744 *
745 * @param priv Void pointer expected to be a struct target pointer
746 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
747 * from the Embedded ICE unit
748 */
749 static int arm7_9_handle_target_request(void *priv)
750 {
751 int retval = ERROR_OK;
752 struct target *target = priv;
753 if (!target_was_examined(target))
754 return ERROR_OK;
755 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
756 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
757 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
758
759 if (!target->dbg_msg_enabled)
760 return ERROR_OK;
761
762 if (target->state == TARGET_RUNNING) {
763 /* read DCC control register */
764 embeddedice_read_reg(dcc_control);
765 retval = jtag_execute_queue();
766 if (retval != ERROR_OK)
767 return retval;
768
769 /* check W bit */
770 if (buf_get_u32(dcc_control->value, 1, 1) == 1) {
771 uint32_t request;
772
773 retval = embeddedice_receive(jtag_info, &request, 1);
774 if (retval != ERROR_OK)
775 return retval;
776 retval = target_request(target, request);
777 if (retval != ERROR_OK)
778 return retval;
779 }
780 }
781
782 return ERROR_OK;
783 }
784
785 /**
786 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
787 * is manipulated to the right halted state based on its current state. This is
788 * what happens:
789 *
790 * <table>
791 * <tr><th > State</th><th > Action</th></tr>
792 * <tr><td > TARGET_RUNNING | TARGET_RESET</td>
793 * <td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
794 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
795 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
796 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
797 * </table>
798 *
799 * If the target does not end up in the halted state, a warning is produced. If
800 * DBGACK is cleared, then the target is expected to either be running or
801 * running in debug.
802 *
803 * @param target Pointer to the ARM7/9 target to poll
804 * @return ERROR_OK or an error status if a command fails
805 */
806 int arm7_9_poll(struct target *target)
807 {
808 int retval;
809 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
810 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
811
812 /* read debug status register */
813 embeddedice_read_reg(dbg_stat);
814 retval = jtag_execute_queue();
815 if (retval != ERROR_OK)
816 return retval;
817
818 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)) {
819 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, *32));*/
820 if (target->state == TARGET_UNKNOWN) {
821 /* Starting OpenOCD with target in debug-halt */
822 target->state = TARGET_RUNNING;
823 LOG_DEBUG("DBGACK already set during server startup.");
824 }
825 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET)) {
826 target->state = TARGET_HALTED;
827
828 retval = arm7_9_debug_entry(target);
829 if (retval != ERROR_OK)
830 return retval;
831
832 if (arm_semihosting(target, &retval) != 0)
833 return retval;
834
835 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
836 if (retval != ERROR_OK)
837 return retval;
838 }
839 if (target->state == TARGET_DEBUG_RUNNING) {
840 target->state = TARGET_HALTED;
841 retval = arm7_9_debug_entry(target);
842 if (retval != ERROR_OK)
843 return retval;
844
845 retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
846 if (retval != ERROR_OK)
847 return retval;
848 }
849 if (target->state != TARGET_HALTED)
850 LOG_WARNING(
851 "DBGACK set, but the target did not end up in the halted state %d",
852 target->state);
853 } else {
854 if (target->state != TARGET_DEBUG_RUNNING)
855 target->state = TARGET_RUNNING;
856 }
857
858 return ERROR_OK;
859 }
860
861 /**
862 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
863 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
864 * affected) completely stop the JTAG clock while the core is held in reset
865 * (SRST). It isn't possible to program the halt condition once reset is
866 * asserted, hence a hook that allows the target to set up its reset-halt
867 * condition is setup prior to asserting reset.
868 *
869 * @param target Pointer to an ARM7/9 target to assert reset on
870 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
871 */
872 int arm7_9_assert_reset(struct target *target)
873 {
874 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
875 enum reset_types jtag_reset_config = jtag_get_reset_config();
876 bool use_event = false;
877
878 /* TODO: apply hw reset signal in not examined state */
879 if (!(target_was_examined(target))) {
880 LOG_WARNING("Reset is not asserted because the target is not examined.");
881 LOG_WARNING("Use a reset button or power cycle the target.");
882 return ERROR_TARGET_NOT_EXAMINED;
883 }
884
885 LOG_DEBUG("target->state: %s", target_state_name(target));
886
887 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
888 use_event = true;
889 else if (!(jtag_reset_config & RESET_HAS_SRST)) {
890 LOG_ERROR("%s: how to reset?", target_name(target));
891 return ERROR_FAIL;
892 }
893
894 /* At this point trst has been asserted/deasserted once. We would
895 * like to program EmbeddedICE while SRST is asserted, instead of
896 * depending on SRST to leave that module alone. However, many CPUs
897 * gate the JTAG clock while SRST is asserted; or JTAG may need
898 * clock stability guarantees (adaptive clocking might help).
899 *
900 * So we assume JTAG access during SRST is off the menu unless it's
901 * been specifically enabled.
902 */
903 bool srst_asserted = false;
904
905 if (!use_event && !(jtag_reset_config & RESET_SRST_PULLS_TRST)
906 && (jtag_reset_config & RESET_SRST_NO_GATING)) {
907 jtag_add_reset(0, 1);
908 srst_asserted = true;
909 }
910
911 if (target->reset_halt) {
912 /*
913 * For targets that don't support communication while SRST is
914 * asserted, we need to set up the reset vector catch first.
915 *
916 * When we use TRST+SRST and that's equivalent to a power-up
917 * reset, these settings may well be reset anyway; so setting
918 * them here won't matter.
919 */
920 if (arm7_9->has_vector_catch) {
921 /* program vector catch register to catch reset */
922 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
923
924 /* extra runtest added as issues were found with
925 * certain ARM9 cores (maybe more) - AT91SAM9260
926 * and STR9
927 */
928 jtag_add_runtest(1, TAP_IDLE);
929 } else {
930 /* program watchpoint unit to match on reset vector
931 * address
932 */
933 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
934 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
935 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
936 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
937 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
938 }
939 }
940
941 if (use_event)
942 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
943 else {
944 /* If we use SRST ... we'd like to issue just SRST, but the
945 * board or chip may be set up so we have to assert TRST as
946 * well. On some chips that combination is equivalent to a
947 * power-up reset, and generally clobbers EICE state.
948 */
949 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
950 jtag_add_reset(1, 1);
951 else if (!srst_asserted)
952 jtag_add_reset(0, 1);
953 jtag_add_sleep(50000);
954 }
955
956 target->state = TARGET_RESET;
957 register_cache_invalidate(arm7_9->arm.core_cache);
958
959 /* REVISIT why isn't standard debug entry logic sufficient?? */
960 if (target->reset_halt && (!(jtag_reset_config & RESET_SRST_PULLS_TRST) || use_event)) {
961 /* debug entry was prepared above */
962 target->debug_reason = DBG_REASON_DBGRQ;
963 }
964
965 return ERROR_OK;
966 }
967
968 /**
969 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
970 * and the target is being reset into a halt, a warning will be triggered
971 * because it is not possible to reset into a halted mode in this case. The
972 * target is halted using the target's functions.
973 *
974 * @param target Pointer to the target to have the reset deasserted
975 * @return ERROR_OK or an error from polling or halting the target
976 */
977 int arm7_9_deassert_reset(struct target *target)
978 {
979 int retval = ERROR_OK;
980 LOG_DEBUG("target->state: %s", target_state_name(target));
981
982 /* deassert reset lines */
983 jtag_add_reset(0, 0);
984
985 /* In case polling is disabled, we need to examine the
986 * target and poll here for this target to work correctly.
987 *
988 * Otherwise, e.g. halt will fail afterwards with bogus
989 * error messages as halt will believe that reset is
990 * still in effect.
991 */
992 retval = target_examine_one(target);
993 if (retval != ERROR_OK)
994 return retval;
995
996 retval = target_poll(target);
997 if (retval != ERROR_OK)
998 return retval;
999
1000 enum reset_types jtag_reset_config = jtag_get_reset_config();
1001 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0) {
1002 LOG_WARNING(
1003 "srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1004 retval = target_halt(target);
1005 if (retval != ERROR_OK)
1006 return retval;
1007 }
1008 return retval;
1009 }
1010
1011 /**
1012 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1013 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1014 * vector catch was used, it is restored. Otherwise, the control value is
1015 * restored and the watchpoint unit is restored if it was in use.
1016 *
1017 * @param target Pointer to the ARM7/9 target to have halt cleared
1018 * @return Always ERROR_OK
1019 */
1020 static int arm7_9_clear_halt(struct target *target)
1021 {
1022 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1023 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1024
1025 /* we used DBGRQ only if we didn't come out of reset */
1026 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq) {
1027 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1028 */
1029 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1030 embeddedice_store_reg(dbg_ctrl);
1031 } else {
1032 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch) {
1033 /* if we came out of reset, and vector catch is supported, we used
1034 * vector catch to enter debug state
1035 * restore the register in that case
1036 */
1037 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1038 } else {
1039 /* restore registers if watchpoint unit 0 was in use
1040 */
1041 if (arm7_9->wp0_used) {
1042 if (arm7_9->debug_entry_from_reset)
1043 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1044 EICE_W0_ADDR_VALUE]);
1045 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1046 EICE_W0_ADDR_MASK]);
1047 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1048 EICE_W0_DATA_MASK]);
1049 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1050 EICE_W0_CONTROL_MASK]);
1051 }
1052 /* control value always has to be restored, as it was either disabled,
1053 * or enabled with possibly different bits
1054 */
1055 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1056 }
1057 }
1058
1059 return ERROR_OK;
1060 }
1061
1062 /**
1063 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1064 * and then there is a wait until the processor shows the halt. This wait can
1065 * timeout and results in an error being returned. The software reset involves
1066 * clearing the halt, updating the debug control register, changing to ARM mode,
1067 * reset of the program counter, and reset of all of the registers.
1068 *
1069 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1070 * @return Error status if any of the commands fail, otherwise ERROR_OK
1071 */
1072 int arm7_9_soft_reset_halt(struct target *target)
1073 {
1074 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1075 struct arm *arm = &arm7_9->arm;
1076 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1077 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1078 int i;
1079 int retval;
1080
1081 /* FIX!!! replace some of this code with tcl commands
1082 *
1083 * halt # the halt command is synchronous
1084 * armv4_5 core_state arm
1085 *
1086 */
1087
1088 retval = target_halt(target);
1089 if (retval != ERROR_OK)
1090 return retval;
1091
1092 long long then = timeval_ms();
1093 int timeout;
1094 while (!(timeout = ((timeval_ms()-then) > 1000))) {
1095 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1096 break;
1097 embeddedice_read_reg(dbg_stat);
1098 retval = jtag_execute_queue();
1099 if (retval != ERROR_OK)
1100 return retval;
1101 if (debug_level >= 3)
1102 alive_sleep(100);
1103 else
1104 keep_alive();
1105 }
1106 if (timeout) {
1107 LOG_ERROR("Failed to halt CPU after 1 sec");
1108 return ERROR_TARGET_TIMEOUT;
1109 }
1110 target->state = TARGET_HALTED;
1111
1112 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1113 * ensure that DBGRQ is cleared
1114 */
1115 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1116 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1117 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1118 embeddedice_store_reg(dbg_ctrl);
1119
1120 retval = arm7_9_clear_halt(target);
1121 if (retval != ERROR_OK)
1122 return retval;
1123
1124 /* if the target is in Thumb state, change to ARM state */
1125 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1)) {
1126 uint32_t r0_thumb, pc_thumb;
1127 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1128 /* Entered debug from Thumb mode */
1129 arm->core_state = ARM_STATE_THUMB;
1130 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1131 }
1132
1133 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1134
1135 /* all register content is now invalid */
1136 register_cache_invalidate(arm->core_cache);
1137
1138 /* SVC, ARM state, IRQ and FIQ disabled */
1139 uint32_t cpsr;
1140
1141 cpsr = buf_get_u32(arm->cpsr->value, 0, 32);
1142 cpsr &= ~0xff;
1143 cpsr |= 0xd3;
1144 arm_set_cpsr(arm, cpsr);
1145 arm->cpsr->dirty = 1;
1146
1147 /* start fetching from 0x0 */
1148 buf_set_u32(arm->pc->value, 0, 32, 0x0);
1149 arm->pc->dirty = 1;
1150 arm->pc->valid = 1;
1151
1152 /* reset registers */
1153 for (i = 0; i <= 14; i++) {
1154 struct reg *r = arm_reg_current(arm, i);
1155
1156 buf_set_u32(r->value, 0, 32, 0xffffffff);
1157 r->dirty = 1;
1158 r->valid = 1;
1159 }
1160
1161 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1162 if (retval != ERROR_OK)
1163 return retval;
1164
1165 return ERROR_OK;
1166 }
1167
1168 /**
1169 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1170 * line or by programming a watchpoint to trigger on any address. It is
1171 * considered a bug to call this function while the target is in the
1172 * TARGET_RESET state.
1173 *
1174 * @param target Pointer to the ARM7/9 target to be halted
1175 * @return Always ERROR_OK
1176 */
1177 int arm7_9_halt(struct target *target)
1178 {
1179 if (target->state == TARGET_RESET) {
1180 LOG_ERROR(
1181 "BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1182 return ERROR_OK;
1183 }
1184
1185 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1186 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1187
1188 LOG_DEBUG("target->state: %s",
1189 target_state_name(target));
1190
1191 if (target->state == TARGET_HALTED) {
1192 LOG_DEBUG("target was already halted");
1193 return ERROR_OK;
1194 }
1195
1196 if (target->state == TARGET_UNKNOWN)
1197 LOG_WARNING("target was in unknown state when halt was requested");
1198
1199 if (arm7_9->use_dbgrq) {
1200 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1201 */
1202 if (arm7_9->set_special_dbgrq)
1203 arm7_9->set_special_dbgrq(target);
1204 else {
1205 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1206 embeddedice_store_reg(dbg_ctrl);
1207 }
1208 } else {
1209 /* program watchpoint unit to match on any address
1210 */
1211 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1212 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1213 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
1214 EICE_W_CTRL_ENABLE);
1215 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
1216 ~EICE_W_CTRL_nOPC & 0xff);
1217 }
1218
1219 target->debug_reason = DBG_REASON_DBGRQ;
1220
1221 return ERROR_OK;
1222 }
1223
1224 /**
1225 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1226 * ARM. The JTAG queue is then executed and the reason for debug entry is
1227 * examined. Once done, the target is verified to be halted and the processor
1228 * is forced into ARM mode. The core registers are saved for the current core
1229 * mode and the program counter (register 15) is updated as needed. The core
1230 * registers and CPSR and SPSR are saved for restoration later.
1231 *
1232 * @param target Pointer to target that is entering debug mode
1233 * @return Error code if anything fails, otherwise ERROR_OK
1234 */
1235 static int arm7_9_debug_entry(struct target *target)
1236 {
1237 int i;
1238 uint32_t context[16];
1239 uint32_t *context_p[16];
1240 uint32_t r0_thumb, pc_thumb;
1241 uint32_t cpsr, cpsr_mask = 0;
1242 int retval;
1243 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1244 struct arm *arm = &arm7_9->arm;
1245 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1246 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1247
1248 #ifdef _DEBUG_ARM7_9_
1249 LOG_DEBUG("-");
1250 #endif
1251
1252 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1253 * ensure that DBGRQ is cleared
1254 */
1255 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1256 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1257 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1258 embeddedice_store_reg(dbg_ctrl);
1259
1260 retval = arm7_9_clear_halt(target);
1261 if (retval != ERROR_OK)
1262 return retval;
1263
1264 retval = jtag_execute_queue();
1265 if (retval != ERROR_OK)
1266 return retval;
1267
1268 retval = arm7_9->examine_debug_reason(target);
1269 if (retval != ERROR_OK)
1270 return retval;
1271
1272 if (target->state != TARGET_HALTED) {
1273 LOG_WARNING("target not halted");
1274 return ERROR_TARGET_NOT_HALTED;
1275 }
1276
1277 /* if the target is in Thumb state, change to ARM state */
1278 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1)) {
1279 LOG_DEBUG("target entered debug from Thumb state");
1280 /* Entered debug from Thumb mode */
1281 arm->core_state = ARM_STATE_THUMB;
1282 cpsr_mask = 1 << 5;
1283 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1284 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1285 ", pc_thumb: 0x%8.8" PRIx32, r0_thumb, pc_thumb);
1286 } else if (buf_get_u32(dbg_stat->value, 5, 1)) {
1287 /* \todo Get some vaguely correct handling of Jazelle, if
1288 * anyone ever uses it and full info becomes available.
1289 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1290 * B.7.3 for the reverse. That'd be the bare minimum...
1291 */
1292 LOG_DEBUG("target entered debug from Jazelle state");
1293 arm->core_state = ARM_STATE_JAZELLE;
1294 cpsr_mask = 1 << 24;
1295 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1296 } else {
1297 LOG_DEBUG("target entered debug from ARM state");
1298 /* Entered debug from ARM mode */
1299 arm->core_state = ARM_STATE_ARM;
1300 }
1301
1302 for (i = 0; i < 16; i++)
1303 context_p[i] = &context[i];
1304 /* save core registers (r0 - r15 of current core mode) */
1305 arm7_9->read_core_regs(target, 0xffff, context_p);
1306
1307 arm7_9->read_xpsr(target, &cpsr, 0);
1308
1309 retval = jtag_execute_queue();
1310 if (retval != ERROR_OK)
1311 return retval;
1312
1313 /* Sync our CPSR copy with J or T bits EICE reported, but
1314 * which we then erased by putting the core into ARM mode.
1315 */
1316 arm_set_cpsr(arm, cpsr | cpsr_mask);
1317
1318 if (!is_arm_mode(arm->core_mode)) {
1319 target->state = TARGET_UNKNOWN;
1320 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1321 return ERROR_TARGET_FAILURE;
1322 }
1323
1324 LOG_DEBUG("target entered debug state in %s mode",
1325 arm_mode_name(arm->core_mode));
1326
1327 if (arm->core_state == ARM_STATE_THUMB) {
1328 LOG_DEBUG("thumb state, applying fixups");
1329 context[0] = r0_thumb;
1330 context[15] = pc_thumb;
1331 } else if (arm->core_state == ARM_STATE_ARM) {
1332 /* adjust value stored by STM */
1333 context[15] -= 3 * 4;
1334 }
1335
1336 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1337 context[15] -= 3 * ((arm->core_state == ARM_STATE_ARM) ? 4 : 2);
1338 else
1339 context[15] -= arm7_9->dbgreq_adjust_pc *
1340 ((arm->core_state == ARM_STATE_ARM) ? 4 : 2);
1341
1342 for (i = 0; i <= 15; i++) {
1343 struct reg *r = arm_reg_current(arm, i);
1344
1345 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1346
1347 buf_set_u32(r->value, 0, 32, context[i]);
1348 /* r0 and r15 (pc) have to be restored later */
1349 r->dirty = (i == 0) || (i == 15);
1350 r->valid = 1;
1351 }
1352
1353 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1354
1355 /* exceptions other than USR & SYS have a saved program status register */
1356 if (arm->spsr) {
1357 uint32_t spsr;
1358 arm7_9->read_xpsr(target, &spsr, 1);
1359 retval = jtag_execute_queue();
1360 if (retval != ERROR_OK)
1361 return retval;
1362 buf_set_u32(arm->spsr->value, 0, 32, spsr);
1363 arm->spsr->dirty = 0;
1364 arm->spsr->valid = 1;
1365 }
1366
1367 retval = jtag_execute_queue();
1368 if (retval != ERROR_OK)
1369 return retval;
1370
1371 if (arm7_9->post_debug_entry) {
1372 retval = arm7_9->post_debug_entry(target);
1373 if (retval != ERROR_OK)
1374 return retval;
1375 }
1376
1377 return ERROR_OK;
1378 }
1379
1380 /**
1381 * Validate the full context for an ARM7/9 target in all processor modes. If
1382 * there are any invalid registers for the target, they will all be read. This
1383 * includes the PSR.
1384 *
1385 * @param target Pointer to the ARM7/9 target to capture the full context from
1386 * @return Error if the target is not halted, has an invalid core mode, or if
1387 * the JTAG queue fails to execute
1388 */
1389 static int arm7_9_full_context(struct target *target)
1390 {
1391 int i;
1392 int retval;
1393 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1394 struct arm *arm = &arm7_9->arm;
1395
1396 LOG_DEBUG("-");
1397
1398 if (target->state != TARGET_HALTED) {
1399 LOG_WARNING("target not halted");
1400 return ERROR_TARGET_NOT_HALTED;
1401 }
1402
1403 if (!is_arm_mode(arm->core_mode)) {
1404 LOG_ERROR("not a valid arm core mode - communication failure?");
1405 return ERROR_FAIL;
1406 }
1407
1408 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1409 * SYS shares registers with User, so we don't touch SYS
1410 */
1411 for (i = 0; i < 6; i++) {
1412 uint32_t mask = 0;
1413 uint32_t *reg_p[16];
1414 int j;
1415 int valid = 1;
1416
1417 /* check if there are invalid registers in the current mode
1418 */
1419 for (j = 0; j <= 16; j++) {
1420 if (ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1421 valid = 0;
1422 }
1423
1424 if (!valid) {
1425 uint32_t tmp_cpsr;
1426
1427 /* change processor mode (and mask T bit) */
1428 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8)
1429 & 0xe0;
1430 tmp_cpsr |= armv4_5_number_to_mode(i);
1431 tmp_cpsr &= ~0x20;
1432 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1433
1434 for (j = 0; j < 15; j++) {
1435 if (ARMV4_5_CORE_REG_MODE(arm->core_cache,
1436 armv4_5_number_to_mode(i), j).valid == 0) {
1437 reg_p[j] = (uint32_t *)ARMV4_5_CORE_REG_MODE(
1438 arm->core_cache,
1439 armv4_5_number_to_mode(i),
1440 j).value;
1441 mask |= 1 << j;
1442 ARMV4_5_CORE_REG_MODE(arm->core_cache,
1443 armv4_5_number_to_mode(i),
1444 j).valid = 1;
1445 ARMV4_5_CORE_REG_MODE(arm->core_cache,
1446 armv4_5_number_to_mode(i),
1447 j).dirty = 0;
1448 }
1449 }
1450
1451 /* if only the PSR is invalid, mask is all zeroes */
1452 if (mask)
1453 arm7_9->read_core_regs(target, mask, reg_p);
1454
1455 /* check if the PSR has to be read */
1456 if (ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1457 16).valid == 0) {
1458 arm7_9->read_xpsr(target,
1459 (uint32_t *)ARMV4_5_CORE_REG_MODE(arm->core_cache,
1460 armv4_5_number_to_mode(i), 16).value, 1);
1461 ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1462 16).valid = 1;
1463 ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1464 16).dirty = 0;
1465 }
1466 }
1467 }
1468
1469 /* restore processor mode (mask T bit) */
1470 arm7_9->write_xpsr_im8(target,
1471 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
1472
1473 retval = jtag_execute_queue();
1474 if (retval != ERROR_OK)
1475 return retval;
1476 return ERROR_OK;
1477 }
1478
1479 /**
1480 * Restore the processor context on an ARM7/9 target. The full processor
1481 * context is analyzed to see if any of the registers are dirty on this end, but
1482 * have a valid new value. If this is the case, the processor is changed to the
1483 * appropriate mode and the new register values are written out to the
1484 * processor. If there happens to be a dirty register with an invalid value, an
1485 * error will be logged.
1486 *
1487 * @param target Pointer to the ARM7/9 target to have its context restored
1488 * @return Error status if the target is not halted or the core mode in the
1489 * armv4_5 struct is invalid.
1490 */
1491 static int arm7_9_restore_context(struct target *target)
1492 {
1493 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1494 struct arm *arm = &arm7_9->arm;
1495 struct reg *reg;
1496 enum arm_mode current_mode = arm->core_mode;
1497 int i, j;
1498 int dirty;
1499 int mode_change;
1500
1501 LOG_DEBUG("-");
1502
1503 if (target->state != TARGET_HALTED) {
1504 LOG_WARNING("target not halted");
1505 return ERROR_TARGET_NOT_HALTED;
1506 }
1507
1508 if (arm7_9->pre_restore_context)
1509 arm7_9->pre_restore_context(target);
1510
1511 if (!is_arm_mode(arm->core_mode)) {
1512 LOG_ERROR("not a valid arm core mode - communication failure?");
1513 return ERROR_FAIL;
1514 }
1515
1516 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1517 * SYS shares registers with User, so we don't touch SYS
1518 */
1519 for (i = 0; i < 6; i++) {
1520 LOG_DEBUG("examining %s mode",
1521 arm_mode_name(arm->core_mode));
1522 dirty = 0;
1523 mode_change = 0;
1524 /* check if there are dirty registers in the current mode
1525 */
1526 for (j = 0; j <= 16; j++) {
1527 reg = &ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i), j);
1528 if (reg->dirty == 1) {
1529 if (reg->valid == 1) {
1530 dirty = 1;
1531 LOG_DEBUG("examining dirty reg: %s", reg->name);
1532 struct arm_reg *reg_arch_info;
1533 reg_arch_info = reg->arch_info;
1534 if ((reg_arch_info->mode != ARM_MODE_ANY)
1535 && (reg_arch_info->mode != current_mode)
1536 && !((reg_arch_info->mode == ARM_MODE_USR)
1537 && (arm->core_mode == ARM_MODE_SYS))
1538 && !((reg_arch_info->mode == ARM_MODE_SYS)
1539 && (arm->core_mode == ARM_MODE_USR))) {
1540 mode_change = 1;
1541 LOG_DEBUG("require mode change");
1542 }
1543 } else
1544 LOG_ERROR("BUG: dirty register '%s', but no valid data",
1545 reg->name);
1546 }
1547 }
1548
1549 if (dirty) {
1550 uint32_t mask = 0x0;
1551 int num_regs = 0;
1552 uint32_t regs[16];
1553
1554 if (mode_change) {
1555 uint32_t tmp_cpsr;
1556
1557 /* change processor mode (mask T bit) */
1558 tmp_cpsr = buf_get_u32(arm->cpsr->value,
1559 0, 8) & 0xe0;
1560 tmp_cpsr |= armv4_5_number_to_mode(i);
1561 tmp_cpsr &= ~0x20;
1562 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1563 current_mode = armv4_5_number_to_mode(i);
1564 }
1565
1566 for (j = 0; j <= 14; j++) {
1567 reg = &ARMV4_5_CORE_REG_MODE(arm->core_cache,
1568 armv4_5_number_to_mode(i),
1569 j);
1570
1571 if (reg->dirty == 1) {
1572 regs[j] = buf_get_u32(reg->value, 0, 32);
1573 mask |= 1 << j;
1574 num_regs++;
1575 reg->dirty = 0;
1576 reg->valid = 1;
1577 LOG_DEBUG("writing register %i mode %s "
1578 "with value 0x%8.8" PRIx32, j,
1579 arm_mode_name(arm->core_mode),
1580 regs[j]);
1581 }
1582 }
1583
1584 if (mask)
1585 arm7_9->write_core_regs(target, mask, regs);
1586
1587 reg =
1588 &ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(
1589 i), 16);
1590 struct arm_reg *reg_arch_info;
1591 reg_arch_info = reg->arch_info;
1592 if ((reg->dirty) && (reg_arch_info->mode != ARM_MODE_ANY)) {
1593 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "",
1594 i,
1595 buf_get_u32(reg->value, 0, 32));
1596 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1597 }
1598 }
1599 }
1600
1601 if (!arm->cpsr->dirty && (arm->core_mode != current_mode)) {
1602 /* restore processor mode (mask T bit) */
1603 uint32_t tmp_cpsr;
1604
1605 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
1606 tmp_cpsr |= armv4_5_number_to_mode(i);
1607 tmp_cpsr &= ~0x20;
1608 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1609 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1610
1611 } else if (arm->cpsr->dirty) {
1612 /* CPSR has been changed, full restore necessary (mask T bit) */
1613 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32,
1614 buf_get_u32(arm->cpsr->value, 0, 32));
1615 arm7_9->write_xpsr(target,
1616 buf_get_u32(arm->cpsr->value, 0, 32)
1617 & ~0x20, 0);
1618 arm->cpsr->dirty = 0;
1619 arm->cpsr->valid = 1;
1620 }
1621
1622 /* restore PC */
1623 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32,
1624 buf_get_u32(arm->pc->value, 0, 32));
1625 arm7_9->write_pc(target, buf_get_u32(arm->pc->value, 0, 32));
1626 arm->pc->dirty = 0;
1627
1628 return ERROR_OK;
1629 }
1630
1631 /**
1632 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1633 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1634 * restart.
1635 *
1636 * @param target Pointer to the ARM7/9 target to be restarted
1637 * @return Result of executing the JTAG queue
1638 */
1639 static int arm7_9_restart_core(struct target *target)
1640 {
1641 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1642 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1643 int retval;
1644
1645 /* set RESTART instruction */
1646 if (arm7_9->need_bypass_before_restart) {
1647 arm7_9->need_bypass_before_restart = 0;
1648
1649 retval = arm_jtag_set_instr(jtag_info->tap, 0xf, NULL, TAP_IDLE);
1650 if (retval != ERROR_OK)
1651 return retval;
1652 }
1653 retval = arm_jtag_set_instr(jtag_info->tap, 0x4, NULL, TAP_IDLE);
1654 if (retval != ERROR_OK)
1655 return retval;
1656
1657 jtag_add_runtest(1, TAP_IDLE);
1658 return jtag_execute_queue();
1659 }
1660
1661 /**
1662 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1663 * iterated through and are set on the target if they aren't already set.
1664 *
1665 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1666 */
1667 static void arm7_9_enable_watchpoints(struct target *target)
1668 {
1669 struct watchpoint *watchpoint = target->watchpoints;
1670
1671 while (watchpoint) {
1672 if (watchpoint->set == 0)
1673 arm7_9_set_watchpoint(target, watchpoint);
1674 watchpoint = watchpoint->next;
1675 }
1676 }
1677
1678 /**
1679 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1680 * iterated through and are set on the target.
1681 *
1682 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1683 */
1684 static void arm7_9_enable_breakpoints(struct target *target)
1685 {
1686 struct breakpoint *breakpoint = target->breakpoints;
1687
1688 /* set any pending breakpoints */
1689 while (breakpoint) {
1690 arm7_9_set_breakpoint(target, breakpoint);
1691 breakpoint = breakpoint->next;
1692 }
1693 }
1694
1695 int arm7_9_resume(struct target *target,
1696 int current,
1697 uint32_t address,
1698 int handle_breakpoints,
1699 int debug_execution)
1700 {
1701 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1702 struct arm *arm = &arm7_9->arm;
1703 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1704 int err, retval = ERROR_OK;
1705
1706 LOG_DEBUG("-");
1707
1708 if (target->state != TARGET_HALTED) {
1709 LOG_WARNING("target not halted");
1710 return ERROR_TARGET_NOT_HALTED;
1711 }
1712
1713 if (!debug_execution)
1714 target_free_all_working_areas(target);
1715
1716 /* current = 1: continue on current pc, otherwise continue at <address> */
1717 if (!current)
1718 buf_set_u32(arm->pc->value, 0, 32, address);
1719
1720 uint32_t current_pc;
1721 current_pc = buf_get_u32(arm->pc->value, 0, 32);
1722
1723 /* the front-end may request us not to handle breakpoints */
1724 if (handle_breakpoints) {
1725 struct breakpoint *breakpoint;
1726 breakpoint = breakpoint_find(target,
1727 buf_get_u32(arm->pc->value, 0, 32));
1728 if (breakpoint != NULL) {
1729 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %" PRId32,
1730 breakpoint->address,
1731 breakpoint->unique_id);
1732 retval = arm7_9_unset_breakpoint(target, breakpoint);
1733 if (retval != ERROR_OK)
1734 return retval;
1735
1736 /* calculate PC of next instruction */
1737 uint32_t next_pc;
1738 retval = arm_simulate_step(target, &next_pc);
1739 if (retval != ERROR_OK) {
1740 uint32_t current_opcode;
1741 target_read_u32(target, current_pc, &current_opcode);
1742 LOG_ERROR(
1743 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "",
1744 current_opcode);
1745 return retval;
1746 }
1747
1748 LOG_DEBUG("enable single-step");
1749 arm7_9->enable_single_step(target, next_pc);
1750
1751 target->debug_reason = DBG_REASON_SINGLESTEP;
1752
1753 retval = arm7_9_restore_context(target);
1754 if (retval != ERROR_OK)
1755 return retval;
1756
1757 if (arm->core_state == ARM_STATE_ARM)
1758 arm7_9->branch_resume(target);
1759 else if (arm->core_state == ARM_STATE_THUMB)
1760 arm7_9->branch_resume_thumb(target);
1761 else {
1762 LOG_ERROR("unhandled core state");
1763 return ERROR_FAIL;
1764 }
1765
1766 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1767 embeddedice_write_reg(dbg_ctrl,
1768 buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1769 err = arm7_9_execute_sys_speed(target);
1770
1771 LOG_DEBUG("disable single-step");
1772 arm7_9->disable_single_step(target);
1773
1774 if (err != ERROR_OK) {
1775 retval = arm7_9_set_breakpoint(target, breakpoint);
1776 if (retval != ERROR_OK)
1777 return retval;
1778 target->state = TARGET_UNKNOWN;
1779 return err;
1780 }
1781
1782 retval = arm7_9_debug_entry(target);
1783 if (retval != ERROR_OK)
1784 return retval;
1785 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32,
1786 buf_get_u32(arm->pc->value, 0, 32));
1787
1788 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1789 retval = arm7_9_set_breakpoint(target, breakpoint);
1790 if (retval != ERROR_OK)
1791 return retval;
1792 }
1793 }
1794
1795 /* enable any pending breakpoints and watchpoints */
1796 arm7_9_enable_breakpoints(target);
1797 arm7_9_enable_watchpoints(target);
1798
1799 retval = arm7_9_restore_context(target);
1800 if (retval != ERROR_OK)
1801 return retval;
1802
1803 if (arm->core_state == ARM_STATE_ARM)
1804 arm7_9->branch_resume(target);
1805 else if (arm->core_state == ARM_STATE_THUMB)
1806 arm7_9->branch_resume_thumb(target);
1807 else {
1808 LOG_ERROR("unhandled core state");
1809 return ERROR_FAIL;
1810 }
1811
1812 /* deassert DBGACK and INTDIS */
1813 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1814 /* INTDIS only when we really resume, not during debug execution */
1815 if (!debug_execution)
1816 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1817 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1818
1819 retval = arm7_9_restart_core(target);
1820 if (retval != ERROR_OK)
1821 return retval;
1822
1823 target->debug_reason = DBG_REASON_NOTHALTED;
1824
1825 if (!debug_execution) {
1826 /* registers are now invalid */
1827 register_cache_invalidate(arm->core_cache);
1828 target->state = TARGET_RUNNING;
1829 retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1830 if (retval != ERROR_OK)
1831 return retval;
1832 } else {
1833 target->state = TARGET_DEBUG_RUNNING;
1834 retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1835 if (retval != ERROR_OK)
1836 return retval;
1837 }
1838
1839 LOG_DEBUG("target resumed");
1840
1841 return ERROR_OK;
1842 }
1843
1844 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1845 {
1846 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1847 struct arm *arm = &arm7_9->arm;
1848 uint32_t current_pc;
1849 current_pc = buf_get_u32(arm->pc->value, 0, 32);
1850
1851 if (next_pc != current_pc) {
1852 /* setup an inverse breakpoint on the current PC
1853 * - comparator 1 matches the current address
1854 * - rangeout from comparator 1 is connected to comparator 0 rangein
1855 * - comparator 0 matches any address, as long as rangein is low */
1856 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1857 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1858 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
1859 EICE_W_CTRL_ENABLE);
1860 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
1861 ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1862 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE],
1863 current_pc);
1864 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1865 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1866 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1867 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
1868 ~EICE_W_CTRL_nOPC & 0xff);
1869 } else {
1870 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1871 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1872 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1873 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1874 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1875 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1876 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1877 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE],
1878 EICE_W_CTRL_ENABLE);
1879 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
1880 ~EICE_W_CTRL_nOPC & 0xff);
1881 }
1882 }
1883
1884 void arm7_9_disable_eice_step(struct target *target)
1885 {
1886 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1887
1888 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1889 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1890 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1891 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1892 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1893 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1894 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1895 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1896 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1897 }
1898
1899 int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
1900 {
1901 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1902 struct arm *arm = &arm7_9->arm;
1903 struct breakpoint *breakpoint = NULL;
1904 int err, retval;
1905
1906 if (target->state != TARGET_HALTED) {
1907 LOG_WARNING("target not halted");
1908 return ERROR_TARGET_NOT_HALTED;
1909 }
1910
1911 /* current = 1: continue on current pc, otherwise continue at <address> */
1912 if (!current)
1913 buf_set_u32(arm->pc->value, 0, 32, address);
1914
1915 uint32_t current_pc = buf_get_u32(arm->pc->value, 0, 32);
1916
1917 /* the front-end may request us not to handle breakpoints */
1918 if (handle_breakpoints)
1919 breakpoint = breakpoint_find(target, current_pc);
1920 if (breakpoint != NULL) {
1921 retval = arm7_9_unset_breakpoint(target, breakpoint);
1922 if (retval != ERROR_OK)
1923 return retval;
1924 }
1925
1926 target->debug_reason = DBG_REASON_SINGLESTEP;
1927
1928 /* calculate PC of next instruction */
1929 uint32_t next_pc;
1930 retval = arm_simulate_step(target, &next_pc);
1931 if (retval != ERROR_OK) {
1932 uint32_t current_opcode;
1933 target_read_u32(target, current_pc, &current_opcode);
1934 LOG_ERROR(
1935 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "",
1936 current_opcode);
1937 return retval;
1938 }
1939
1940 retval = arm7_9_restore_context(target);
1941 if (retval != ERROR_OK)
1942 return retval;
1943
1944 arm7_9->enable_single_step(target, next_pc);
1945
1946 if (arm->core_state == ARM_STATE_ARM)
1947 arm7_9->branch_resume(target);
1948 else if (arm->core_state == ARM_STATE_THUMB)
1949 arm7_9->branch_resume_thumb(target);
1950 else {
1951 LOG_ERROR("unhandled core state");
1952 return ERROR_FAIL;
1953 }
1954
1955 retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1956 if (retval != ERROR_OK)
1957 return retval;
1958
1959 err = arm7_9_execute_sys_speed(target);
1960 arm7_9->disable_single_step(target);
1961
1962 /* registers are now invalid */
1963 register_cache_invalidate(arm->core_cache);
1964
1965 if (err != ERROR_OK)
1966 target->state = TARGET_UNKNOWN;
1967 else {
1968 retval = arm7_9_debug_entry(target);
1969 if (retval != ERROR_OK)
1970 return retval;
1971 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1972 if (retval != ERROR_OK)
1973 return retval;
1974 LOG_DEBUG("target stepped");
1975 }
1976
1977 if (breakpoint) {
1978 retval = arm7_9_set_breakpoint(target, breakpoint);
1979 if (retval != ERROR_OK)
1980 return retval;
1981 }
1982
1983 return err;
1984 }
1985
1986 static int arm7_9_read_core_reg(struct target *target, struct reg *r,
1987 int num, enum arm_mode mode)
1988 {
1989 uint32_t *reg_p[16];
1990 int retval;
1991 struct arm_reg *areg = r->arch_info;
1992 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1993 struct arm *arm = &arm7_9->arm;
1994
1995 if (!is_arm_mode(arm->core_mode))
1996 return ERROR_FAIL;
1997 if ((num < 0) || (num > 16))
1998 return ERROR_COMMAND_SYNTAX_ERROR;
1999
2000 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2001 && (areg->mode != ARM_MODE_ANY)) {
2002 uint32_t tmp_cpsr;
2003
2004 /* change processor mode (mask T bit) */
2005 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
2006 tmp_cpsr |= mode;
2007 tmp_cpsr &= ~0x20;
2008 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2009 }
2010
2011 uint32_t value = 0;
2012 if ((num >= 0) && (num <= 15)) {
2013 /* read a normal core register */
2014 reg_p[num] = &value;
2015
2016 arm7_9->read_core_regs(target, 1 << num, reg_p);
2017 } else {
2018 /* read a program status register
2019 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2020 */
2021 arm7_9->read_xpsr(target, &value, areg->mode != ARM_MODE_ANY);
2022 }
2023
2024 retval = jtag_execute_queue();
2025 if (retval != ERROR_OK)
2026 return retval;
2027
2028 r->valid = 1;
2029 r->dirty = 0;
2030 buf_set_u32(r->value, 0, 32, value);
2031
2032 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2033 && (areg->mode != ARM_MODE_ANY)) {
2034 /* restore processor mode (mask T bit) */
2035 arm7_9->write_xpsr_im8(target,
2036 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
2037 }
2038
2039 return ERROR_OK;
2040 }
2041
2042 static int arm7_9_write_core_reg(struct target *target, struct reg *r,
2043 int num, enum arm_mode mode, uint8_t *value)
2044 {
2045 uint32_t reg[16];
2046 struct arm_reg *areg = r->arch_info;
2047 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2048 struct arm *arm = &arm7_9->arm;
2049
2050 if (!is_arm_mode(arm->core_mode))
2051 return ERROR_FAIL;
2052 if ((num < 0) || (num > 16))
2053 return ERROR_COMMAND_SYNTAX_ERROR;
2054
2055 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2056 && (areg->mode != ARM_MODE_ANY)) {
2057 uint32_t tmp_cpsr;
2058
2059 /* change processor mode (mask T bit) */
2060 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
2061 tmp_cpsr |= mode;
2062 tmp_cpsr &= ~0x20;
2063 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2064 }
2065
2066 if ((num >= 0) && (num <= 15)) {
2067 /* write a normal core register */
2068 reg[num] = buf_get_u32(value, 0, 32);
2069
2070 arm7_9->write_core_regs(target, 1 << num, reg);
2071 } else {
2072 /* write a program status register
2073 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2074 */
2075 int spsr = (areg->mode != ARM_MODE_ANY);
2076
2077 uint32_t t = buf_get_u32(value, 0, 32);
2078 /* if we're writing the CPSR, mask the T bit */
2079 if (!spsr)
2080 t &= ~0x20;
2081
2082 arm7_9->write_xpsr(target, t, spsr);
2083 }
2084
2085 r->valid = 1;
2086 r->dirty = 0;
2087
2088 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2089 && (areg->mode != ARM_MODE_ANY)) {
2090 /* restore processor mode (mask T bit) */
2091 arm7_9->write_xpsr_im8(target,
2092 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
2093 }
2094
2095 return jtag_execute_queue();
2096 }
2097
2098 int arm7_9_read_memory(struct target *target,
2099 uint32_t address,
2100 uint32_t size,
2101 uint32_t count,
2102 uint8_t *buffer)
2103 {
2104 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2105 struct arm *arm = &arm7_9->arm;
2106 uint32_t reg[16];
2107 uint32_t num_accesses = 0;
2108 int thisrun_accesses;
2109 int i;
2110 uint32_t cpsr;
2111 int retval;
2112 int last_reg = 0;
2113
2114 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "",
2115 address, size, count);
2116
2117 if (target->state != TARGET_HALTED) {
2118 LOG_WARNING("target not halted");
2119 return ERROR_TARGET_NOT_HALTED;
2120 }
2121
2122 /* sanitize arguments */
2123 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2124 return ERROR_COMMAND_SYNTAX_ERROR;
2125
2126 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2127 return ERROR_TARGET_UNALIGNED_ACCESS;
2128
2129 /* load the base register with the address of the first word */
2130 reg[0] = address;
2131 arm7_9->write_core_regs(target, 0x1, reg);
2132
2133 int j = 0;
2134
2135 switch (size) {
2136 case 4:
2137 while (num_accesses < count) {
2138 uint32_t reg_list;
2139 thisrun_accesses =
2140 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2141 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2142
2143 if (last_reg <= thisrun_accesses)
2144 last_reg = thisrun_accesses;
2145
2146 arm7_9->load_word_regs(target, reg_list);
2147
2148 /* fast memory reads are only safe when the target is running
2149 * from a sufficiently high clock (32 kHz is usually too slow)
2150 */
2151 if (arm7_9->fast_memory_access)
2152 retval = arm7_9_execute_fast_sys_speed(target);
2153 else
2154 retval = arm7_9_execute_sys_speed(target);
2155 if (retval != ERROR_OK)
2156 return retval;
2157
2158 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2159
2160 /* advance buffer, count number of accesses */
2161 buffer += thisrun_accesses * 4;
2162 num_accesses += thisrun_accesses;
2163
2164 if ((j++%1024) == 0)
2165 keep_alive();
2166 }
2167 break;
2168 case 2:
2169 while (num_accesses < count) {
2170 uint32_t reg_list;
2171 thisrun_accesses =
2172 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2173 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2174
2175 for (i = 1; i <= thisrun_accesses; i++) {
2176 if (i > last_reg)
2177 last_reg = i;
2178 arm7_9->load_hword_reg(target, i);
2179 /* fast memory reads are only safe when the target is running
2180 * from a sufficiently high clock (32 kHz is usually too slow)
2181 */
2182 if (arm7_9->fast_memory_access)
2183 retval = arm7_9_execute_fast_sys_speed(target);
2184 else
2185 retval = arm7_9_execute_sys_speed(target);
2186 if (retval != ERROR_OK)
2187 return retval;
2188
2189 }
2190
2191 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2192
2193 /* advance buffer, count number of accesses */
2194 buffer += thisrun_accesses * 2;
2195 num_accesses += thisrun_accesses;
2196
2197 if ((j++%1024) == 0)
2198 keep_alive();
2199 }
2200 break;
2201 case 1:
2202 while (num_accesses < count) {
2203 uint32_t reg_list;
2204 thisrun_accesses =
2205 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2206 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2207
2208 for (i = 1; i <= thisrun_accesses; i++) {
2209 if (i > last_reg)
2210 last_reg = i;
2211 arm7_9->load_byte_reg(target, i);
2212 /* fast memory reads are only safe when the target is running
2213 * from a sufficiently high clock (32 kHz is usually too slow)
2214 */
2215 if (arm7_9->fast_memory_access)
2216 retval = arm7_9_execute_fast_sys_speed(target);
2217 else
2218 retval = arm7_9_execute_sys_speed(target);
2219 if (retval != ERROR_OK)
2220 return retval;
2221 }
2222
2223 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2224
2225 /* advance buffer, count number of accesses */
2226 buffer += thisrun_accesses * 1;
2227 num_accesses += thisrun_accesses;
2228
2229 if ((j++%1024) == 0)
2230 keep_alive();
2231 }
2232 break;
2233 }
2234
2235 if (!is_arm_mode(arm->core_mode))
2236 return ERROR_FAIL;
2237
2238 for (i = 0; i <= last_reg; i++) {
2239 struct reg *r = arm_reg_current(arm, i);
2240 r->dirty = r->valid;
2241 }
2242
2243 arm7_9->read_xpsr(target, &cpsr, 0);
2244 retval = jtag_execute_queue();
2245 if (retval != ERROR_OK) {
2246 LOG_ERROR("JTAG error while reading cpsr");
2247 return ERROR_TARGET_DATA_ABORT;
2248 }
2249
2250 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (arm->core_mode != ARM_MODE_ABT)) {
2251 LOG_WARNING(
2252 "memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")",
2253 address,
2254 size,
2255 count);
2256
2257 arm7_9->write_xpsr_im8(target,
2258 buf_get_u32(arm->cpsr->value, 0, 8)
2259 & ~0x20, 0, 0);
2260
2261 return ERROR_TARGET_DATA_ABORT;
2262 }
2263
2264 return ERROR_OK;
2265 }
2266
2267 int arm7_9_write_memory(struct target *target,
2268 uint32_t address,
2269 uint32_t size,
2270 uint32_t count,
2271 const uint8_t *buffer)
2272 {
2273 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2274 struct arm *arm = &arm7_9->arm;
2275 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2276
2277 uint32_t reg[16];
2278 uint32_t num_accesses = 0;
2279 int thisrun_accesses;
2280 int i;
2281 uint32_t cpsr;
2282 int retval;
2283 int last_reg = 0;
2284
2285 #ifdef _DEBUG_ARM7_9_
2286 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2287 #endif
2288
2289 if (target->state != TARGET_HALTED) {
2290 LOG_WARNING("target not halted");
2291 return ERROR_TARGET_NOT_HALTED;
2292 }
2293
2294 /* sanitize arguments */
2295 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2296 return ERROR_COMMAND_SYNTAX_ERROR;
2297
2298 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2299 return ERROR_TARGET_UNALIGNED_ACCESS;
2300
2301 /* load the base register with the address of the first word */
2302 reg[0] = address;
2303 arm7_9->write_core_regs(target, 0x1, reg);
2304
2305 /* Clear DBGACK, to make sure memory fetches work as expected */
2306 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2307 embeddedice_store_reg(dbg_ctrl);
2308
2309 switch (size) {
2310 case 4:
2311 while (num_accesses < count) {
2312 uint32_t reg_list;
2313 thisrun_accesses =
2314 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2315 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2316
2317 for (i = 1; i <= thisrun_accesses; i++) {
2318 if (i > last_reg)
2319 last_reg = i;
2320 reg[i] = target_buffer_get_u32(target, buffer);
2321 buffer += 4;
2322 }
2323
2324 arm7_9->write_core_regs(target, reg_list, reg);
2325
2326 arm7_9->store_word_regs(target, reg_list);
2327
2328 /* fast memory writes are only safe when the target is running
2329 * from a sufficiently high clock (32 kHz is usually too slow)
2330 */
2331 if (arm7_9->fast_memory_access)
2332 retval = arm7_9_execute_fast_sys_speed(target);
2333 else {
2334 retval = arm7_9_execute_sys_speed(target);
2335
2336 /*
2337 * if memory writes are made when the clock is running slow
2338 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2339 * processor operations after a "reset halt" or "reset init",
2340 * need to immediately stroke the keep alive or will end up with
2341 * gdb "keep alive not sent error message" problem.
2342 */
2343
2344 keep_alive();
2345 }
2346
2347 if (retval != ERROR_OK)
2348 return retval;
2349
2350 num_accesses += thisrun_accesses;
2351 }
2352 break;
2353 case 2:
2354 while (num_accesses < count) {
2355 uint32_t reg_list;
2356 thisrun_accesses =
2357 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2358 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2359
2360 for (i = 1; i <= thisrun_accesses; i++) {
2361 if (i > last_reg)
2362 last_reg = i;
2363 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2364 buffer += 2;
2365 }
2366
2367 arm7_9->write_core_regs(target, reg_list, reg);
2368
2369 for (i = 1; i <= thisrun_accesses; i++) {
2370 arm7_9->store_hword_reg(target, i);
2371
2372 /* fast memory writes are only safe when the target is running
2373 * from a sufficiently high clock (32 kHz is usually too slow)
2374 */
2375 if (arm7_9->fast_memory_access)
2376 retval = arm7_9_execute_fast_sys_speed(target);
2377 else {
2378 retval = arm7_9_execute_sys_speed(target);
2379
2380 /*
2381 * if memory writes are made when the clock is running slow
2382 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2383 * processor operations after a "reset halt" or "reset init",
2384 * need to immediately stroke the keep alive or will end up with
2385 * gdb "keep alive not sent error message" problem.
2386 */
2387
2388 keep_alive();
2389 }
2390
2391 if (retval != ERROR_OK)
2392 return retval;
2393 }
2394
2395 num_accesses += thisrun_accesses;
2396 }
2397 break;
2398 case 1:
2399 while (num_accesses < count) {
2400 uint32_t reg_list;
2401 thisrun_accesses =
2402 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2403 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2404
2405 for (i = 1; i <= thisrun_accesses; i++) {
2406 if (i > last_reg)
2407 last_reg = i;
2408 reg[i] = *buffer++ & 0xff;
2409 }
2410
2411 arm7_9->write_core_regs(target, reg_list, reg);
2412
2413 for (i = 1; i <= thisrun_accesses; i++) {
2414 arm7_9->store_byte_reg(target, i);
2415 /* fast memory writes are only safe when the target is running
2416 * from a sufficiently high clock (32 kHz is usually too slow)
2417 */
2418 if (arm7_9->fast_memory_access)
2419 retval = arm7_9_execute_fast_sys_speed(target);
2420 else {
2421 retval = arm7_9_execute_sys_speed(target);
2422
2423 /*
2424 * if memory writes are made when the clock is running slow
2425 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2426 * processor operations after a "reset halt" or "reset init",
2427 * need to immediately stroke the keep alive or will end up with
2428 * gdb "keep alive not sent error message" problem.
2429 */
2430
2431 keep_alive();
2432 }
2433
2434 if (retval != ERROR_OK)
2435 return retval;
2436
2437 }
2438
2439 num_accesses += thisrun_accesses;
2440 }
2441 break;
2442 }
2443
2444 /* Re-Set DBGACK */
2445 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2446 embeddedice_store_reg(dbg_ctrl);
2447
2448 if (!is_arm_mode(arm->core_mode))
2449 return ERROR_FAIL;
2450
2451 for (i = 0; i <= last_reg; i++) {
2452 struct reg *r = arm_reg_current(arm, i);
2453 r->dirty = r->valid;
2454 }
2455
2456 arm7_9->read_xpsr(target, &cpsr, 0);
2457 retval = jtag_execute_queue();
2458 if (retval != ERROR_OK) {
2459 LOG_ERROR("JTAG error while reading cpsr");
2460 return ERROR_TARGET_DATA_ABORT;
2461 }
2462
2463 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (arm->core_mode != ARM_MODE_ABT)) {
2464 LOG_WARNING(
2465 "memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")",
2466 address,
2467 size,
2468 count);
2469
2470 arm7_9->write_xpsr_im8(target,
2471 buf_get_u32(arm->cpsr->value, 0, 8)
2472 & ~0x20, 0, 0);
2473
2474 return ERROR_TARGET_DATA_ABORT;
2475 }
2476
2477 return ERROR_OK;
2478 }
2479
2480 int arm7_9_write_memory_opt(struct target *target,
2481 uint32_t address,
2482 uint32_t size,
2483 uint32_t count,
2484 const uint8_t *buffer)
2485 {
2486 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2487 int retval;
2488
2489 if (size == 4 && count > 32 && arm7_9->bulk_write_memory) {
2490 /* Attempt to do a bulk write */
2491 retval = arm7_9->bulk_write_memory(target, address, count, buffer);
2492
2493 if (retval == ERROR_OK)
2494 return ERROR_OK;
2495 }
2496
2497 return arm7_9->write_memory(target, address, size, count, buffer);
2498 }
2499
2500 int arm7_9_write_memory_no_opt(struct target *target,
2501 uint32_t address,
2502 uint32_t size,
2503 uint32_t count,
2504 const uint8_t *buffer)
2505 {
2506 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2507
2508 return arm7_9->write_memory(target, address, size, count, buffer);
2509 }
2510
2511 static int dcc_count;
2512 static const uint8_t *dcc_buffer;
2513
2514 static int arm7_9_dcc_completion(struct target *target,
2515 uint32_t exit_point,
2516 int timeout_ms,
2517 void *arch_info)
2518 {
2519 int retval = ERROR_OK;
2520 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2521
2522 retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500);
2523 if (retval != ERROR_OK)
2524 return retval;
2525
2526 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2527 int count = dcc_count;
2528 const uint8_t *buffer = dcc_buffer;
2529 if (count > 2) {
2530 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2531 * core function repeated. */
2532 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2533 fast_target_buffer_get_u32(buffer, little));
2534 buffer += 4;
2535
2536 struct embeddedice_reg *ice_reg =
2537 arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2538 uint8_t reg_addr = ice_reg->addr & 0x1f;
2539 struct jtag_tap *tap;
2540 tap = ice_reg->jtag_info->tap;
2541
2542 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2543 buffer += (count-2)*4;
2544
2545 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2546 fast_target_buffer_get_u32(buffer, little));
2547 } else {
2548 int i;
2549 for (i = 0; i < count; i++) {
2550 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2551 fast_target_buffer_get_u32(buffer, little));
2552 buffer += 4;
2553 }
2554 }
2555
2556 retval = target_halt(target);
2557 if (retval != ERROR_OK)
2558 return retval;
2559 return target_wait_state(target, TARGET_HALTED, 500);
2560 }
2561
2562 static const uint32_t dcc_code[] = {
2563 /* r0 == input, points to memory buffer
2564 * r1 == scratch
2565 */
2566
2567 /* spin until DCC control (c0) reports data arrived */
2568 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2569 0xe3110001, /* tst r1, #1 */
2570 0x0afffffc, /* bne w */
2571
2572 /* read word from DCC (c1), write to memory */
2573 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2574 0xe4801004, /* str r1, [r0], #4 */
2575
2576 /* repeat */
2577 0xeafffff9 /* b w */
2578 };
2579
2580 int arm7_9_bulk_write_memory(struct target *target,
2581 uint32_t address,
2582 uint32_t count,
2583 const uint8_t *buffer)
2584 {
2585 int retval;
2586 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2587
2588 if (address % 4 != 0)
2589 return ERROR_TARGET_UNALIGNED_ACCESS;
2590
2591 if (!arm7_9->dcc_downloads)
2592 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2593
2594 /* regrab previously allocated working_area, or allocate a new one */
2595 if (!arm7_9->dcc_working_area) {
2596 uint8_t dcc_code_buf[6 * 4];
2597
2598 /* make sure we have a working area */
2599 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK) {
2600 LOG_INFO("no working area available, falling back to memory writes");
2601 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2602 }
2603
2604 /* copy target instructions to target endianness */
2605 target_buffer_set_u32_array(target, dcc_code_buf, ARRAY_SIZE(dcc_code), dcc_code);
2606
2607 /* write DCC code to working area, using the non-optimized
2608 * memory write to avoid ending up here again */
2609 retval = arm7_9_write_memory_no_opt(target,
2610 arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2611 if (retval != ERROR_OK)
2612 return retval;
2613 }
2614
2615 struct arm_algorithm arm_algo;
2616 struct reg_param reg_params[1];
2617
2618 arm_algo.common_magic = ARM_COMMON_MAGIC;
2619 arm_algo.core_mode = ARM_MODE_SVC;
2620 arm_algo.core_state = ARM_STATE_ARM;
2621
2622 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2623
2624 buf_set_u32(reg_params[0].value, 0, 32, address);
2625
2626 dcc_count = count;
2627 dcc_buffer = buffer;
2628 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2629 arm7_9->dcc_working_area->address,
2630 arm7_9->dcc_working_area->address + 6*4,
2631 20*1000, &arm_algo, arm7_9_dcc_completion);
2632
2633 if (retval == ERROR_OK) {
2634 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2635 if (endaddress != (address + count*4)) {
2636 LOG_ERROR(
2637 "DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "",
2638 (address + count*4),
2639 endaddress);
2640 retval = ERROR_FAIL;
2641 }
2642 }
2643
2644 destroy_reg_param(&reg_params[0]);
2645
2646 return retval;
2647 }
2648
2649 /**
2650 * Perform per-target setup that requires JTAG access.
2651 */
2652 int arm7_9_examine(struct target *target)
2653 {
2654 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2655 int retval;
2656
2657 if (!target_was_examined(target)) {
2658 struct reg_cache *t, **cache_p;
2659
2660 t = embeddedice_build_reg_cache(target, arm7_9);
2661 if (t == NULL)
2662 return ERROR_FAIL;
2663
2664 cache_p = register_get_last_cache_p(&target->reg_cache);
2665 (*cache_p) = t;
2666 arm7_9->eice_cache = (*cache_p);
2667
2668 if (arm7_9->arm.etm)
2669 (*cache_p)->next = etm_build_reg_cache(target,
2670 &arm7_9->jtag_info,
2671 arm7_9->arm.etm);
2672
2673 target_set_examined(target);
2674 }
2675
2676 retval = embeddedice_setup(target);
2677 if (retval == ERROR_OK)
2678 retval = arm7_9_setup(target);
2679 if (retval == ERROR_OK && arm7_9->arm.etm)
2680 retval = etm_setup(target);
2681 return retval;
2682 }
2683
2684
2685 int arm7_9_check_reset(struct target *target)
2686 {
2687 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2688
2689 if (get_target_reset_nag() && !arm7_9->dcc_downloads)
2690 LOG_WARNING(
2691 "NOTE! DCC downloads have not been enabled, defaulting to slow memory writes. Type 'help dcc'.");
2692
2693 if (get_target_reset_nag() && (target->working_area_size == 0))
2694 LOG_WARNING("NOTE! Severe performance degradation without working memory enabled.");
2695
2696 if (get_target_reset_nag() && !arm7_9->fast_memory_access)
2697 LOG_WARNING(
2698 "NOTE! Severe performance degradation without fast memory access enabled. Type 'help fast'.");
2699
2700 return ERROR_OK;
2701 }
2702
2703 int arm7_9_endianness_callback(jtag_callback_data_t pu8_in,
2704 jtag_callback_data_t i_size, jtag_callback_data_t i_be,
2705 jtag_callback_data_t i_flip)
2706 {
2707 uint8_t *in = (uint8_t *)pu8_in;
2708 int size = (int)i_size;
2709 int be = (int)i_be;
2710 int flip = (int)i_flip;
2711 uint32_t readback;
2712
2713 switch (size) {
2714 case 4:
2715 readback = le_to_h_u32(in);
2716 if (flip)
2717 readback = flip_u32(readback, 32);
2718 if (be)
2719 h_u32_to_be(in, readback);
2720 else
2721 h_u32_to_le(in, readback);
2722 break;
2723 case 2:
2724 readback = le_to_h_u16(in);
2725 if (flip)
2726 readback = flip_u32(readback, 16);
2727 if (be)
2728 h_u16_to_be(in, readback & 0xffff);
2729 else
2730 h_u16_to_le(in, readback & 0xffff);
2731 break;
2732 case 1:
2733 readback = *in;
2734 if (flip)
2735 readback = flip_u32(readback, 8);
2736 *in = readback & 0xff;
2737 break;
2738 }
2739
2740 return ERROR_OK;
2741 }
2742
2743 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2744 {
2745 struct target *target = get_current_target(CMD_CTX);
2746 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2747
2748 if (!is_arm7_9(arm7_9)) {
2749 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2750 return ERROR_TARGET_INVALID;
2751 }
2752
2753 if (CMD_ARGC > 0)
2754 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->use_dbgrq);
2755
2756 command_print(CMD_CTX,
2757 "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s",
2758 (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2759
2760 return ERROR_OK;
2761 }
2762
2763 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2764 {
2765 struct target *target = get_current_target(CMD_CTX);
2766 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2767
2768 if (!is_arm7_9(arm7_9)) {
2769 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2770 return ERROR_TARGET_INVALID;
2771 }
2772
2773 if (CMD_ARGC > 0)
2774 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->fast_memory_access);
2775
2776 command_print(CMD_CTX,
2777 "fast memory access is %s",
2778 (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2779
2780 return ERROR_OK;
2781 }
2782
2783 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
2784 {
2785 struct target *target = get_current_target(CMD_CTX);
2786 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2787
2788 if (!is_arm7_9(arm7_9)) {
2789 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2790 return ERROR_TARGET_INVALID;
2791 }
2792
2793 if (CMD_ARGC > 0)
2794 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->dcc_downloads);
2795
2796 command_print(CMD_CTX,
2797 "dcc downloads are %s",
2798 (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2799
2800 return ERROR_OK;
2801 }
2802
2803 static int arm7_9_setup_semihosting(struct target *target, int enable)
2804 {
2805 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2806
2807 if (!is_arm7_9(arm7_9)) {
2808 LOG_USER("current target isn't an ARM7/ARM9 target");
2809 return ERROR_TARGET_INVALID;
2810 }
2811
2812 if (arm7_9->has_vector_catch) {
2813 struct reg *vector_catch = &arm7_9->eice_cache
2814 ->reg_list[EICE_VEC_CATCH];
2815
2816 if (!vector_catch->valid)
2817 embeddedice_read_reg(vector_catch);
2818 buf_set_u32(vector_catch->value, 2, 1, enable);
2819 embeddedice_store_reg(vector_catch);
2820 } else {
2821 /* TODO: allow optional high vectors and/or BKPT_HARD */
2822 if (enable)
2823 breakpoint_add(target, 8, 4, BKPT_SOFT);
2824 else
2825 breakpoint_remove(target, 8);
2826 }
2827
2828 return ERROR_OK;
2829 }
2830
2831 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
2832 {
2833 int retval = ERROR_OK;
2834 struct arm *arm = &arm7_9->arm;
2835
2836 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2837
2838 retval = arm_jtag_setup_connection(&arm7_9->jtag_info);
2839 if (retval != ERROR_OK)
2840 return retval;
2841
2842 /* caller must have allocated via calloc(), so everything's zeroed */
2843
2844 arm7_9->wp_available_max = 2;
2845
2846 arm7_9->fast_memory_access = false;
2847 arm7_9->dcc_downloads = false;
2848
2849 arm->arch_info = arm7_9;
2850 arm->core_type = ARM_MODE_ANY;
2851 arm->read_core_reg = arm7_9_read_core_reg;
2852 arm->write_core_reg = arm7_9_write_core_reg;
2853 arm->full_context = arm7_9_full_context;
2854 arm->setup_semihosting = arm7_9_setup_semihosting;
2855
2856 retval = arm_init_arch_info(target, arm);
2857 if (retval != ERROR_OK)
2858 return retval;
2859
2860 return target_register_timer_callback(arm7_9_handle_target_request,
2861 1, 1, target);
2862 }
2863
2864 static const struct command_registration arm7_9_any_command_handlers[] = {
2865 {
2866 "dbgrq",
2867 .handler = handle_arm7_9_dbgrq_command,
2868 .mode = COMMAND_ANY,
2869 .usage = "['enable'|'disable']",
2870 .help = "use EmbeddedICE dbgrq instead of breakpoint "
2871 "for target halt requests",
2872 },
2873 {
2874 "fast_memory_access",
2875 .handler = handle_arm7_9_fast_memory_access_command,
2876 .mode = COMMAND_ANY,
2877 .usage = "['enable'|'disable']",
2878 .help = "use fast memory accesses instead of slower "
2879 "but potentially safer accesses",
2880 },
2881 {
2882 "dcc_downloads",
2883 .handler = handle_arm7_9_dcc_downloads_command,
2884 .mode = COMMAND_ANY,
2885 .usage = "['enable'|'disable']",
2886 .help = "use DCC downloads for larger memory writes",
2887 },
2888 COMMAND_REGISTRATION_DONE
2889 };
2890 const struct command_registration arm7_9_command_handlers[] = {
2891 {
2892 .chain = arm_command_handlers,
2893 },
2894 {
2895 .chain = etm_command_handlers,
2896 },
2897 {
2898 .name = "arm7_9",
2899 .mode = COMMAND_ANY,
2900 .help = "arm7/9 specific commands",
2901 .usage = "",
2902 .chain = arm7_9_any_command_handlers,
2903 },
2904 COMMAND_REGISTRATION_DONE
2905 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)