Code Review / openocd.git / blob
? search:


c6a8a26d82a4c4d6b7d7e2919c07333e5ef8440c
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007-2010 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * Copyright (C) 2009 by David Brownell *
15 * *
16 * This program is free software; you can redistribute it and/or modify *
17 * it under the terms of the GNU General Public License as published by *
18 * the Free Software Foundation; either version 2 of the License, or *
19 * (at your option) any later version. *
20 * *
21 * This program is distributed in the hope that it will be useful, *
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24 * GNU General Public License for more details. *
25 * *
26 * You should have received a copy of the GNU General Public License *
27 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
28 ***************************************************************************/
29
30 #ifdef HAVE_CONFIG_H
31 #include "config.h"
32 #endif
33
34 #include "breakpoints.h"
35 #include "embeddedice.h"
36 #include "target_request.h"
37 #include "etm.h"
38 #include <helper/time_support.h>
39 #include "arm_simulator.h"
40 #include "arm_semihosting.h"
41 #include "algorithm.h"
42 #include "register.h"
43 #include "armv4_5.h"
44
45 /**
46 * @file
47 * Hold common code supporting the ARM7 and ARM9 core generations.
48 *
49 * While the ARM core implementations evolved substantially during these
50 * two generations, they look quite similar from the JTAG perspective.
51 * Both have similar debug facilities, based on the same two scan chains
52 * providing access to the core and to an EmbeddedICE module. Both can
53 * support similar ETM and ETB modules, for tracing. And both expose
54 * what could be viewed as "ARM Classic", with multiple processor modes,
55 * shadowed registers, and support for the Thumb instruction set.
56 *
57 * Processor differences include things like presence or absence of MMU
58 * and cache, pipeline sizes, use of a modified Harvard Architecure
59 * (with separate instruction and data busses from the CPU), support
60 * for cpu clock gating during idle, and more.
61 */
62
63 static int arm7_9_debug_entry(struct target *target);
64
65 /**
66 * Clear watchpoints for an ARM7/9 target.
67 *
68 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
69 * @return JTAG error status after executing queue
70 */
71 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
72 {
73 LOG_DEBUG("-");
74 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
75 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
76 arm7_9->sw_breakpoint_count = 0;
77 arm7_9->sw_breakpoints_added = 0;
78 arm7_9->wp0_used = 0;
79 arm7_9->wp1_used = arm7_9->wp1_used_default;
80 arm7_9->wp_available = arm7_9->wp_available_max;
81
82 return jtag_execute_queue();
83 }
84
85 /**
86 * Assign a watchpoint to one of the two available hardware comparators in an
87 * ARM7 or ARM9 target.
88 *
89 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
90 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
91 */
92 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
93 {
94 if (!arm7_9->wp0_used) {
95 arm7_9->wp0_used = 1;
96 breakpoint->set = 1;
97 arm7_9->wp_available--;
98 } else if (!arm7_9->wp1_used) {
99 arm7_9->wp1_used = 1;
100 breakpoint->set = 2;
101 arm7_9->wp_available--;
102 } else
103 LOG_ERROR("BUG: no hardware comparator available");
104
105 LOG_DEBUG("BPID: %" PRId32 " (0x%08" TARGET_PRIxADDR ") using hw wp: %d",
106 breakpoint->unique_id,
107 breakpoint->address,
108 breakpoint->set);
109 }
110
111 /**
112 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
113 *
114 * @param arm7_9 Pointer to common struct for ARM7/9 targets
115 * @return Error codes if there is a problem finding a watchpoint or the result
116 * of executing the JTAG queue
117 */
118 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
119 {
120 if (arm7_9->sw_breakpoints_added)
121 return ERROR_OK;
122 if (arm7_9->wp_available < 1) {
123 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
124 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
125 }
126 arm7_9->wp_available--;
127
128 /* pick a breakpoint unit */
129 if (!arm7_9->wp0_used) {
130 arm7_9->sw_breakpoints_added = 1;
131 arm7_9->wp0_used = 3;
132 } else if (!arm7_9->wp1_used) {
133 arm7_9->sw_breakpoints_added = 2;
134 arm7_9->wp1_used = 3;
135 } else {
136 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
137 return ERROR_FAIL;
138 }
139
140 if (arm7_9->sw_breakpoints_added == 1) {
141 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
146 } else if (arm7_9->sw_breakpoints_added == 2) {
147 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
148 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
152 } else {
153 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
154 return ERROR_FAIL;
155 }
156 LOG_DEBUG("SW BP using hw wp: %d",
157 arm7_9->sw_breakpoints_added);
158
159 return jtag_execute_queue();
160 }
161
162 /**
163 * Setup the common pieces for an ARM7/9 target after reset or on startup.
164 *
165 * @param target Pointer to an ARM7/9 target to setup
166 * @return Result of clearing the watchpoints on the target
167 */
168 static int arm7_9_setup(struct target *target)
169 {
170 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
171
172 return arm7_9_clear_watchpoints(arm7_9);
173 }
174
175 /**
176 * Set either a hardware or software breakpoint on an ARM7/9 target. The
177 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
178 * might have erased the values in Embedded ICE.
179 *
180 * @param target Pointer to the target device to set the breakpoints on
181 * @param breakpoint Pointer to the breakpoint to be set
182 * @return For hardware breakpoints, this is the result of executing the JTAG
183 * queue. For software breakpoints, this will be the status of the
184 * required memory reads and writes
185 */
186 static int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
187 {
188 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
189 int retval = ERROR_OK;
190
191 LOG_DEBUG("BPID: %" PRId32 ", Address: 0x%08" TARGET_PRIxADDR ", Type: %d",
192 breakpoint->unique_id,
193 breakpoint->address,
194 breakpoint->type);
195
196 if (target->state != TARGET_HALTED) {
197 LOG_WARNING("target not halted");
198 return ERROR_TARGET_NOT_HALTED;
199 }
200
201 if (breakpoint->type == BKPT_HARD) {
202 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
203 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
204
205 /* reassign a hw breakpoint */
206 if (breakpoint->set == 0)
207 arm7_9_assign_wp(arm7_9, breakpoint);
208
209 if (breakpoint->set == 1) {
210 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
211 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
212 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
213 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
214 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
215 } else if (breakpoint->set == 2) {
216 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
217 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
218 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
219 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
220 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
221 } else {
222 LOG_ERROR("BUG: no hardware comparator available");
223 return ERROR_OK;
224 }
225
226 retval = jtag_execute_queue();
227 } else if (breakpoint->type == BKPT_SOFT) {
228 /* did we already set this breakpoint? */
229 if (breakpoint->set)
230 return ERROR_OK;
231
232 if (breakpoint->length == 4) {
233 uint32_t verify = 0xffffffff;
234 /* keep the original instruction in target endianness */
235 retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
236 if (retval != ERROR_OK)
237 return retval;
238 /* write the breakpoint instruction in target
239 * endianness (arm7_9->arm_bkpt is host endian) */
240 retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
241 if (retval != ERROR_OK)
242 return retval;
243
244 retval = target_read_u32(target, breakpoint->address, &verify);
245 if (retval != ERROR_OK)
246 return retval;
247 if (verify != arm7_9->arm_bkpt) {
248 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" TARGET_PRIxADDR
249 " - check that memory is read/writable", breakpoint->address);
250 return ERROR_OK;
251 }
252 } else {
253 uint16_t verify = 0xffff;
254 /* keep the original instruction in target endianness */
255 retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
256 if (retval != ERROR_OK)
257 return retval;
258 /* write the breakpoint instruction in target
259 * endianness (arm7_9->thumb_bkpt is host endian) */
260 retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
261 if (retval != ERROR_OK)
262 return retval;
263
264 retval = target_read_u16(target, breakpoint->address, &verify);
265 if (retval != ERROR_OK)
266 return retval;
267 if (verify != arm7_9->thumb_bkpt) {
268 LOG_ERROR("Unable to set thumb software breakpoint at address %08" TARGET_PRIxADDR
269 " - check that memory is read/writable", breakpoint->address);
270 return ERROR_OK;
271 }
272 }
273
274 retval = arm7_9_set_software_breakpoints(arm7_9);
275 if (retval != ERROR_OK)
276 return retval;
277
278 arm7_9->sw_breakpoint_count++;
279
280 breakpoint->set = 1;
281 }
282
283 return retval;
284 }
285
286 /**
287 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
288 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
289 * will be updated. Otherwise, the software breakpoint will be restored to its
290 * original instruction if it hasn't already been modified.
291 *
292 * @param target Pointer to ARM7/9 target to unset the breakpoint from
293 * @param breakpoint Pointer to breakpoint to be unset
294 * @return For hardware breakpoints, this is the result of executing the JTAG
295 * queue. For software breakpoints, this will be the status of the
296 * required memory reads and writes
297 */
298 static int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
299 {
300 int retval = ERROR_OK;
301 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
302
303 LOG_DEBUG("BPID: %" PRId32 ", Address: 0x%08" TARGET_PRIxADDR,
304 breakpoint->unique_id,
305 breakpoint->address);
306
307 if (!breakpoint->set) {
308 LOG_WARNING("breakpoint not set");
309 return ERROR_OK;
310 }
311
312 if (breakpoint->type == BKPT_HARD) {
313 LOG_DEBUG("BPID: %" PRId32 " Releasing hw wp: %d",
314 breakpoint->unique_id,
315 breakpoint->set);
316 if (breakpoint->set == 1) {
317 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
318 arm7_9->wp0_used = 0;
319 arm7_9->wp_available++;
320 } else if (breakpoint->set == 2) {
321 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
322 arm7_9->wp1_used = 0;
323 arm7_9->wp_available++;
324 }
325 retval = jtag_execute_queue();
326 breakpoint->set = 0;
327 } else {
328 /* restore original instruction (kept in target endianness) */
329 if (breakpoint->length == 4) {
330 uint32_t current_instr;
331 /* check that user program as not modified breakpoint instruction */
332 retval = target_read_memory(target,
333 breakpoint->address, 4, 1, (uint8_t *)&current_instr);
334 if (retval != ERROR_OK)
335 return retval;
336 current_instr = target_buffer_get_u32(target, (uint8_t *)&current_instr);
337 if (current_instr == arm7_9->arm_bkpt) {
338 retval = target_write_memory(target,
339 breakpoint->address, 4, 1, breakpoint->orig_instr);
340 if (retval != ERROR_OK)
341 return retval;
342 }
343
344 } else {
345 uint16_t current_instr;
346 /* check that user program as not modified breakpoint instruction */
347 retval = target_read_memory(target,
348 breakpoint->address, 2, 1, (uint8_t *)&current_instr);
349 if (retval != ERROR_OK)
350 return retval;
351 current_instr = target_buffer_get_u16(target, (uint8_t *)&current_instr);
352 if (current_instr == arm7_9->thumb_bkpt) {
353 retval = target_write_memory(target,
354 breakpoint->address, 2, 1, breakpoint->orig_instr);
355 if (retval != ERROR_OK)
356 return retval;
357 }
358 }
359
360 if (--arm7_9->sw_breakpoint_count == 0) {
361 /* We have removed the last sw breakpoint, clear the hw breakpoint we used
362 *to implement it */
363 if (arm7_9->sw_breakpoints_added == 1)
364 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[
365 EICE_W0_CONTROL_VALUE], 0);
366 else if (arm7_9->sw_breakpoints_added == 2)
367 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[
368 EICE_W1_CONTROL_VALUE], 0);
369 }
370
371 breakpoint->set = 0;
372 }
373
374 return retval;
375 }
376
377 /**
378 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
379 * dangling breakpoints and that the desired breakpoint can be added.
380 *
381 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
382 * @param breakpoint Pointer to the breakpoint to be added
383 * @return An error status if there is a problem adding the breakpoint or the
384 * result of setting the breakpoint
385 */
386 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
387 {
388 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
389
390 if (arm7_9->breakpoint_count == 0) {
391 /* make sure we don't have any dangling breakpoints. This is vital upon
392 * GDB connect/disconnect
393 */
394 arm7_9_clear_watchpoints(arm7_9);
395 }
396
397 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1)) {
398 LOG_INFO("no watchpoint unit available for hardware breakpoint");
399 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
400 }
401
402 if ((breakpoint->length != 2) && (breakpoint->length != 4)) {
403 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
404 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
405 }
406
407 if (breakpoint->type == BKPT_HARD)
408 arm7_9_assign_wp(arm7_9, breakpoint);
409
410 arm7_9->breakpoint_count++;
411
412 return arm7_9_set_breakpoint(target, breakpoint);
413 }
414
415 /**
416 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
417 * dangling breakpoints and updates available watchpoints if it is a hardware
418 * breakpoint.
419 *
420 * @param target Pointer to the target to have a breakpoint removed
421 * @param breakpoint Pointer to the breakpoint to be removed
422 * @return Error status if there was a problem unsetting the breakpoint or the
423 * watchpoints could not be cleared
424 */
425 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
426 {
427 int retval = ERROR_OK;
428 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
429
430 retval = arm7_9_unset_breakpoint(target, breakpoint);
431 if (retval != ERROR_OK)
432 return retval;
433
434 if (breakpoint->type == BKPT_HARD)
435 arm7_9->wp_available++;
436
437 arm7_9->breakpoint_count--;
438 if (arm7_9->breakpoint_count == 0) {
439 /* make sure we don't have any dangling breakpoints */
440 retval = arm7_9_clear_watchpoints(arm7_9);
441 if (retval != ERROR_OK)
442 return retval;
443 }
444
445 return ERROR_OK;
446 }
447
448 /**
449 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
450 * considered a bug to call this function when there are no available watchpoint
451 * units.
452 *
453 * @param target Pointer to an ARM7/9 target to set a watchpoint on
454 * @param watchpoint Pointer to the watchpoint to be set
455 * @return Error status if watchpoint set fails or the result of executing the
456 * JTAG queue
457 */
458 static int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
459 {
460 int retval = ERROR_OK;
461 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
462 int rw_mask = 1;
463 uint32_t mask;
464
465 mask = watchpoint->length - 1;
466
467 if (target->state != TARGET_HALTED) {
468 LOG_WARNING("target not halted");
469 return ERROR_TARGET_NOT_HALTED;
470 }
471
472 if (watchpoint->rw == WPT_ACCESS)
473 rw_mask = 0;
474 else
475 rw_mask = 1;
476
477 if (!arm7_9->wp0_used) {
478 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE],
479 watchpoint->address);
480 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
481 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK],
482 watchpoint->mask);
483 if (watchpoint->mask != 0xffffffffu)
484 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE],
485 watchpoint->value);
486 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
487 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
488 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
489 EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
490
491 retval = jtag_execute_queue();
492 if (retval != ERROR_OK)
493 return retval;
494 watchpoint->set = 1;
495 arm7_9->wp0_used = 2;
496 } else if (!arm7_9->wp1_used) {
497 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE],
498 watchpoint->address);
499 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
500 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK],
501 watchpoint->mask);
502 if (watchpoint->mask != 0xffffffffu)
503 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE],
504 watchpoint->value);
505 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
506 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
507 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE],
508 EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
509
510 retval = jtag_execute_queue();
511 if (retval != ERROR_OK)
512 return retval;
513 watchpoint->set = 2;
514 arm7_9->wp1_used = 2;
515 } else {
516 LOG_ERROR("BUG: no hardware comparator available");
517 return ERROR_OK;
518 }
519
520 return ERROR_OK;
521 }
522
523 /**
524 * Unset an existing watchpoint and clear the used watchpoint unit.
525 *
526 * @param target Pointer to the target to have the watchpoint removed
527 * @param watchpoint Pointer to the watchpoint to be removed
528 * @return Error status while trying to unset the watchpoint or the result of
529 * executing the JTAG queue
530 */
531 static int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
532 {
533 int retval = ERROR_OK;
534 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
535
536 if (target->state != TARGET_HALTED) {
537 LOG_WARNING("target not halted");
538 return ERROR_TARGET_NOT_HALTED;
539 }
540
541 if (!watchpoint->set) {
542 LOG_WARNING("breakpoint not set");
543 return ERROR_OK;
544 }
545
546 if (watchpoint->set == 1) {
547 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
548 retval = jtag_execute_queue();
549 if (retval != ERROR_OK)
550 return retval;
551 arm7_9->wp0_used = 0;
552 } else if (watchpoint->set == 2) {
553 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
554 retval = jtag_execute_queue();
555 if (retval != ERROR_OK)
556 return retval;
557 arm7_9->wp1_used = 0;
558 }
559 watchpoint->set = 0;
560
561 return ERROR_OK;
562 }
563
564 /**
565 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
566 * available, an error response is returned.
567 *
568 * @param target Pointer to the ARM7/9 target to add a watchpoint to
569 * @param watchpoint Pointer to the watchpoint to be added
570 * @return Error status while trying to add the watchpoint
571 */
572 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
573 {
574 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
575
576 if (arm7_9->wp_available < 1)
577 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
578
579 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
580 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
581
582 arm7_9->wp_available--;
583
584 return ERROR_OK;
585 }
586
587 /**
588 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
589 * the used watchpoint unit will be reopened.
590 *
591 * @param target Pointer to the target to remove a watchpoint from
592 * @param watchpoint Pointer to the watchpoint to be removed
593 * @return Result of trying to unset the watchpoint
594 */
595 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
596 {
597 int retval = ERROR_OK;
598 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
599
600 if (watchpoint->set) {
601 retval = arm7_9_unset_watchpoint(target, watchpoint);
602 if (retval != ERROR_OK)
603 return retval;
604 }
605
606 arm7_9->wp_available++;
607
608 return ERROR_OK;
609 }
610
611 /**
612 * Restarts the target by sending a RESTART instruction and moving the JTAG
613 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
614 * asserted by the processor.
615 *
616 * @param target Pointer to target to issue commands to
617 * @return Error status if there is a timeout or a problem while executing the
618 * JTAG queue
619 */
620 int arm7_9_execute_sys_speed(struct target *target)
621 {
622 int retval;
623 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
624 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
625 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
626
627 /* set RESTART instruction */
628 if (arm7_9->need_bypass_before_restart) {
629 arm7_9->need_bypass_before_restart = 0;
630 retval = arm_jtag_set_instr(jtag_info->tap, 0xf, NULL, TAP_IDLE);
631 if (retval != ERROR_OK)
632 return retval;
633 }
634 retval = arm_jtag_set_instr(jtag_info->tap, 0x4, NULL, TAP_IDLE);
635 if (retval != ERROR_OK)
636 return retval;
637
638 int64_t then = timeval_ms();
639 bool timeout;
640 while (!(timeout = ((timeval_ms()-then) > 1000))) {
641 /* read debug status register */
642 embeddedice_read_reg(dbg_stat);
643 retval = jtag_execute_queue();
644 if (retval != ERROR_OK)
645 return retval;
646 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
647 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
648 break;
649 if (debug_level >= 3)
650 alive_sleep(100);
651 else
652 keep_alive();
653 }
654 if (timeout) {
655 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "",
656 buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
657 return ERROR_TARGET_TIMEOUT;
658 }
659
660 return ERROR_OK;
661 }
662
663 /**
664 * Restarts the target by sending a RESTART instruction and moving the JTAG
665 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
666 * waiting until they are.
667 *
668 * @param target Pointer to the target to issue commands to
669 * @return Always ERROR_OK
670 */
671 static int arm7_9_execute_fast_sys_speed(struct target *target)
672 {
673 static int set;
674 static uint8_t check_value[4], check_mask[4];
675
676 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
677 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
678 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
679 int retval;
680
681 /* set RESTART instruction */
682 if (arm7_9->need_bypass_before_restart) {
683 arm7_9->need_bypass_before_restart = 0;
684 retval = arm_jtag_set_instr(jtag_info->tap, 0xf, NULL, TAP_IDLE);
685 if (retval != ERROR_OK)
686 return retval;
687 }
688 retval = arm_jtag_set_instr(jtag_info->tap, 0x4, NULL, TAP_IDLE);
689 if (retval != ERROR_OK)
690 return retval;
691
692 if (!set) {
693 /* check for DBGACK and SYSCOMP set (others don't care) */
694
695 /* NB! These are constants that must be available until after next jtag_execute() and
696 * we evaluate the values upon first execution in lieu of setting up these constants
697 * during early setup.
698 * */
699 buf_set_u32(check_value, 0, 32, 0x9);
700 buf_set_u32(check_mask, 0, 32, 0x9);
701 set = 1;
702 }
703
704 /* read debug status register */
705 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
706
707 return ERROR_OK;
708 }
709
710 /**
711 * Get some data from the ARM7/9 target.
712 *
713 * @param target Pointer to the ARM7/9 target to read data from
714 * @param size The number of 32bit words to be read
715 * @param buffer Pointer to the buffer that will hold the data
716 * @return The result of receiving data from the Embedded ICE unit
717 */
718 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
719 {
720 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
721 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
722 uint32_t *data;
723 int retval = ERROR_OK;
724 uint32_t i;
725
726 data = malloc(size * (sizeof(uint32_t)));
727
728 retval = embeddedice_receive(jtag_info, data, size);
729
730 /* return the 32-bit ints in the 8-bit array */
731 for (i = 0; i < size; i++)
732 h_u32_to_le(buffer + (i * 4), data[i]);
733
734 free(data);
735
736 return retval;
737 }
738
739 /**
740 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
741 * target is running and the DCC control register has the W bit high, this will
742 * execute the request on the target.
743 *
744 * @param priv Void pointer expected to be a struct target pointer
745 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
746 * from the Embedded ICE unit
747 */
748 static int arm7_9_handle_target_request(void *priv)
749 {
750 int retval = ERROR_OK;
751 struct target *target = priv;
752 if (!target_was_examined(target))
753 return ERROR_OK;
754 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
755 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
756 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
757
758 if (!target->dbg_msg_enabled)
759 return ERROR_OK;
760
761 if (target->state == TARGET_RUNNING) {
762 /* read DCC control register */
763 embeddedice_read_reg(dcc_control);
764 retval = jtag_execute_queue();
765 if (retval != ERROR_OK)
766 return retval;
767
768 /* check W bit */
769 if (buf_get_u32(dcc_control->value, 1, 1) == 1) {
770 uint32_t request;
771
772 retval = embeddedice_receive(jtag_info, &request, 1);
773 if (retval != ERROR_OK)
774 return retval;
775 retval = target_request(target, request);
776 if (retval != ERROR_OK)
777 return retval;
778 }
779 }
780
781 return ERROR_OK;
782 }
783
784 /**
785 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
786 * is manipulated to the right halted state based on its current state. This is
787 * what happens:
788 *
789 * <table>
790 * <tr><th > State</th><th > Action</th></tr>
791 * <tr><td > TARGET_RUNNING | TARGET_RESET</td>
792 * <td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
793 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
794 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
795 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
796 * </table>
797 *
798 * If the target does not end up in the halted state, a warning is produced. If
799 * DBGACK is cleared, then the target is expected to either be running or
800 * running in debug.
801 *
802 * @param target Pointer to the ARM7/9 target to poll
803 * @return ERROR_OK or an error status if a command fails
804 */
805 int arm7_9_poll(struct target *target)
806 {
807 int retval;
808 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
809 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
810
811 /* read debug status register */
812 embeddedice_read_reg(dbg_stat);
813 retval = jtag_execute_queue();
814 if (retval != ERROR_OK)
815 return retval;
816
817 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)) {
818 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, *32));*/
819 if (target->state == TARGET_UNKNOWN) {
820 /* Starting OpenOCD with target in debug-halt */
821 target->state = TARGET_RUNNING;
822 LOG_DEBUG("DBGACK already set during server startup.");
823 }
824 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET)) {
825 target->state = TARGET_HALTED;
826
827 retval = arm7_9_debug_entry(target);
828 if (retval != ERROR_OK)
829 return retval;
830
831 if (arm_semihosting(target, &retval) != 0)
832 return retval;
833
834 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
835 if (retval != ERROR_OK)
836 return retval;
837 }
838 if (target->state == TARGET_DEBUG_RUNNING) {
839 target->state = TARGET_HALTED;
840 retval = arm7_9_debug_entry(target);
841 if (retval != ERROR_OK)
842 return retval;
843
844 retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
845 if (retval != ERROR_OK)
846 return retval;
847 }
848 if (target->state != TARGET_HALTED)
849 LOG_WARNING(
850 "DBGACK set, but the target did not end up in the halted state %d",
851 target->state);
852 } else {
853 if (target->state != TARGET_DEBUG_RUNNING)
854 target->state = TARGET_RUNNING;
855 }
856
857 return ERROR_OK;
858 }
859
860 /**
861 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
862 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
863 * affected) completely stop the JTAG clock while the core is held in reset
864 * (SRST). It isn't possible to program the halt condition once reset is
865 * asserted, hence a hook that allows the target to set up its reset-halt
866 * condition is setup prior to asserting reset.
867 *
868 * @param target Pointer to an ARM7/9 target to assert reset on
869 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
870 */
871 int arm7_9_assert_reset(struct target *target)
872 {
873 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
874 enum reset_types jtag_reset_config = jtag_get_reset_config();
875 bool use_event = false;
876
877 /* TODO: apply hw reset signal in not examined state */
878 if (!(target_was_examined(target))) {
879 LOG_WARNING("Reset is not asserted because the target is not examined.");
880 LOG_WARNING("Use a reset button or power cycle the target.");
881 return ERROR_TARGET_NOT_EXAMINED;
882 }
883
884 LOG_DEBUG("target->state: %s", target_state_name(target));
885
886 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
887 use_event = true;
888 else if (!(jtag_reset_config & RESET_HAS_SRST)) {
889 LOG_ERROR("%s: how to reset?", target_name(target));
890 return ERROR_FAIL;
891 }
892
893 /* At this point trst has been asserted/deasserted once. We would
894 * like to program EmbeddedICE while SRST is asserted, instead of
895 * depending on SRST to leave that module alone. However, many CPUs
896 * gate the JTAG clock while SRST is asserted; or JTAG may need
897 * clock stability guarantees (adaptive clocking might help).
898 *
899 * So we assume JTAG access during SRST is off the menu unless it's
900 * been specifically enabled.
901 */
902 bool srst_asserted = false;
903
904 if (!use_event && !(jtag_reset_config & RESET_SRST_PULLS_TRST)
905 && (jtag_reset_config & RESET_SRST_NO_GATING)) {
906 jtag_add_reset(0, 1);
907 srst_asserted = true;
908 }
909
910 if (target->reset_halt) {
911 /*
912 * For targets that don't support communication while SRST is
913 * asserted, we need to set up the reset vector catch first.
914 *
915 * When we use TRST+SRST and that's equivalent to a power-up
916 * reset, these settings may well be reset anyway; so setting
917 * them here won't matter.
918 */
919 if (arm7_9->has_vector_catch) {
920 /* program vector catch register to catch reset */
921 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
922
923 /* extra runtest added as issues were found with
924 * certain ARM9 cores (maybe more) - AT91SAM9260
925 * and STR9
926 */
927 jtag_add_runtest(1, TAP_IDLE);
928 } else {
929 /* program watchpoint unit to match on reset vector
930 * address
931 */
932 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
933 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
934 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
935 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
936 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
937 }
938 }
939
940 if (use_event)
941 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
942 else {
943 /* If we use SRST ... we'd like to issue just SRST, but the
944 * board or chip may be set up so we have to assert TRST as
945 * well. On some chips that combination is equivalent to a
946 * power-up reset, and generally clobbers EICE state.
947 */
948 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
949 jtag_add_reset(1, 1);
950 else if (!srst_asserted)
951 jtag_add_reset(0, 1);
952 jtag_add_sleep(50000);
953 }
954
955 target->state = TARGET_RESET;
956 register_cache_invalidate(arm7_9->arm.core_cache);
957
958 /* REVISIT why isn't standard debug entry logic sufficient?? */
959 if (target->reset_halt && (!(jtag_reset_config & RESET_SRST_PULLS_TRST) || use_event)) {
960 /* debug entry was prepared above */
961 target->debug_reason = DBG_REASON_DBGRQ;
962 }
963
964 return ERROR_OK;
965 }
966
967 /**
968 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
969 * and the target is being reset into a halt, a warning will be triggered
970 * because it is not possible to reset into a halted mode in this case. The
971 * target is halted using the target's functions.
972 *
973 * @param target Pointer to the target to have the reset deasserted
974 * @return ERROR_OK or an error from polling or halting the target
975 */
976 int arm7_9_deassert_reset(struct target *target)
977 {
978 int retval = ERROR_OK;
979 LOG_DEBUG("target->state: %s", target_state_name(target));
980
981 /* deassert reset lines */
982 jtag_add_reset(0, 0);
983
984 /* In case polling is disabled, we need to examine the
985 * target and poll here for this target to work correctly.
986 *
987 * Otherwise, e.g. halt will fail afterwards with bogus
988 * error messages as halt will believe that reset is
989 * still in effect.
990 */
991 retval = target_examine_one(target);
992 if (retval != ERROR_OK)
993 return retval;
994
995 retval = target_poll(target);
996 if (retval != ERROR_OK)
997 return retval;
998
999 enum reset_types jtag_reset_config = jtag_get_reset_config();
1000 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0) {
1001 LOG_WARNING(
1002 "srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1003 retval = target_halt(target);
1004 if (retval != ERROR_OK)
1005 return retval;
1006 }
1007 return retval;
1008 }
1009
1010 /**
1011 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1012 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1013 * vector catch was used, it is restored. Otherwise, the control value is
1014 * restored and the watchpoint unit is restored if it was in use.
1015 *
1016 * @param target Pointer to the ARM7/9 target to have halt cleared
1017 * @return Always ERROR_OK
1018 */
1019 static int arm7_9_clear_halt(struct target *target)
1020 {
1021 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1022 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1023
1024 /* we used DBGRQ only if we didn't come out of reset */
1025 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq) {
1026 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1027 */
1028 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1029 embeddedice_store_reg(dbg_ctrl);
1030 } else {
1031 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch) {
1032 /* if we came out of reset, and vector catch is supported, we used
1033 * vector catch to enter debug state
1034 * restore the register in that case
1035 */
1036 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1037 } else {
1038 /* restore registers if watchpoint unit 0 was in use
1039 */
1040 if (arm7_9->wp0_used) {
1041 if (arm7_9->debug_entry_from_reset)
1042 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1043 EICE_W0_ADDR_VALUE]);
1044 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1045 EICE_W0_ADDR_MASK]);
1046 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1047 EICE_W0_DATA_MASK]);
1048 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1049 EICE_W0_CONTROL_MASK]);
1050 }
1051 /* control value always has to be restored, as it was either disabled,
1052 * or enabled with possibly different bits
1053 */
1054 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1055 }
1056 }
1057
1058 return ERROR_OK;
1059 }
1060
1061 /**
1062 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1063 * and then there is a wait until the processor shows the halt. This wait can
1064 * timeout and results in an error being returned. The software reset involves
1065 * clearing the halt, updating the debug control register, changing to ARM mode,
1066 * reset of the program counter, and reset of all of the registers.
1067 *
1068 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1069 * @return Error status if any of the commands fail, otherwise ERROR_OK
1070 */
1071 int arm7_9_soft_reset_halt(struct target *target)
1072 {
1073 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1074 struct arm *arm = &arm7_9->arm;
1075 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1076 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1077 int i;
1078 int retval;
1079
1080 /* FIX!!! replace some of this code with tcl commands
1081 *
1082 * halt # the halt command is synchronous
1083 * armv4_5 core_state arm
1084 *
1085 */
1086
1087 retval = target_halt(target);
1088 if (retval != ERROR_OK)
1089 return retval;
1090
1091 long long then = timeval_ms();
1092 int timeout;
1093 while (!(timeout = ((timeval_ms()-then) > 1000))) {
1094 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1095 break;
1096 embeddedice_read_reg(dbg_stat);
1097 retval = jtag_execute_queue();
1098 if (retval != ERROR_OK)
1099 return retval;
1100 if (debug_level >= 3)
1101 alive_sleep(100);
1102 else
1103 keep_alive();
1104 }
1105 if (timeout) {
1106 LOG_ERROR("Failed to halt CPU after 1 sec");
1107 return ERROR_TARGET_TIMEOUT;
1108 }
1109 target->state = TARGET_HALTED;
1110
1111 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1112 * ensure that DBGRQ is cleared
1113 */
1114 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1115 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1116 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1117 embeddedice_store_reg(dbg_ctrl);
1118
1119 retval = arm7_9_clear_halt(target);
1120 if (retval != ERROR_OK)
1121 return retval;
1122
1123 /* if the target is in Thumb state, change to ARM state */
1124 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1)) {
1125 uint32_t r0_thumb, pc_thumb;
1126 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1127 /* Entered debug from Thumb mode */
1128 arm->core_state = ARM_STATE_THUMB;
1129 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1130 }
1131
1132 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1133
1134 /* all register content is now invalid */
1135 register_cache_invalidate(arm->core_cache);
1136
1137 /* SVC, ARM state, IRQ and FIQ disabled */
1138 uint32_t cpsr;
1139
1140 cpsr = buf_get_u32(arm->cpsr->value, 0, 32);
1141 cpsr &= ~0xff;
1142 cpsr |= 0xd3;
1143 arm_set_cpsr(arm, cpsr);
1144 arm->cpsr->dirty = true;
1145
1146 /* start fetching from 0x0 */
1147 buf_set_u32(arm->pc->value, 0, 32, 0x0);
1148 arm->pc->dirty = true;
1149 arm->pc->valid = true;
1150
1151 /* reset registers */
1152 for (i = 0; i <= 14; i++) {
1153 struct reg *r = arm_reg_current(arm, i);
1154
1155 buf_set_u32(r->value, 0, 32, 0xffffffff);
1156 r->dirty = true;
1157 r->valid = true;
1158 }
1159
1160 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1161 if (retval != ERROR_OK)
1162 return retval;
1163
1164 return ERROR_OK;
1165 }
1166
1167 /**
1168 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1169 * line or by programming a watchpoint to trigger on any address. It is
1170 * considered a bug to call this function while the target is in the
1171 * TARGET_RESET state.
1172 *
1173 * @param target Pointer to the ARM7/9 target to be halted
1174 * @return Always ERROR_OK
1175 */
1176 int arm7_9_halt(struct target *target)
1177 {
1178 if (target->state == TARGET_RESET) {
1179 LOG_ERROR(
1180 "BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1181 return ERROR_OK;
1182 }
1183
1184 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1185 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1186
1187 LOG_DEBUG("target->state: %s",
1188 target_state_name(target));
1189
1190 if (target->state == TARGET_HALTED) {
1191 LOG_DEBUG("target was already halted");
1192 return ERROR_OK;
1193 }
1194
1195 if (target->state == TARGET_UNKNOWN)
1196 LOG_WARNING("target was in unknown state when halt was requested");
1197
1198 if (arm7_9->use_dbgrq) {
1199 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1200 */
1201 if (arm7_9->set_special_dbgrq)
1202 arm7_9->set_special_dbgrq(target);
1203 else {
1204 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1205 embeddedice_store_reg(dbg_ctrl);
1206 }
1207 } else {
1208 /* program watchpoint unit to match on any address
1209 */
1210 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1211 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1212 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
1213 EICE_W_CTRL_ENABLE);
1214 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
1215 ~EICE_W_CTRL_nOPC & 0xff);
1216 }
1217
1218 target->debug_reason = DBG_REASON_DBGRQ;
1219
1220 return ERROR_OK;
1221 }
1222
1223 /**
1224 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1225 * ARM. The JTAG queue is then executed and the reason for debug entry is
1226 * examined. Once done, the target is verified to be halted and the processor
1227 * is forced into ARM mode. The core registers are saved for the current core
1228 * mode and the program counter (register 15) is updated as needed. The core
1229 * registers and CPSR and SPSR are saved for restoration later.
1230 *
1231 * @param target Pointer to target that is entering debug mode
1232 * @return Error code if anything fails, otherwise ERROR_OK
1233 */
1234 static int arm7_9_debug_entry(struct target *target)
1235 {
1236 int i;
1237 uint32_t context[16];
1238 uint32_t *context_p[16];
1239 uint32_t r0_thumb, pc_thumb;
1240 uint32_t cpsr, cpsr_mask = 0;
1241 int retval;
1242 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1243 struct arm *arm = &arm7_9->arm;
1244 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1245 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1246
1247 #ifdef _DEBUG_ARM7_9_
1248 LOG_DEBUG("-");
1249 #endif
1250
1251 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1252 * ensure that DBGRQ is cleared
1253 */
1254 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1255 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1256 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1257 embeddedice_store_reg(dbg_ctrl);
1258
1259 retval = arm7_9_clear_halt(target);
1260 if (retval != ERROR_OK)
1261 return retval;
1262
1263 retval = jtag_execute_queue();
1264 if (retval != ERROR_OK)
1265 return retval;
1266
1267 retval = arm7_9->examine_debug_reason(target);
1268 if (retval != ERROR_OK)
1269 return retval;
1270
1271 if (target->state != TARGET_HALTED) {
1272 LOG_WARNING("target not halted");
1273 return ERROR_TARGET_NOT_HALTED;
1274 }
1275
1276 /* if the target is in Thumb state, change to ARM state */
1277 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1)) {
1278 LOG_DEBUG("target entered debug from Thumb state");
1279 /* Entered debug from Thumb mode */
1280 arm->core_state = ARM_STATE_THUMB;
1281 cpsr_mask = 1 << 5;
1282 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1283 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1284 ", pc_thumb: 0x%8.8" PRIx32, r0_thumb, pc_thumb);
1285 } else if (buf_get_u32(dbg_stat->value, 5, 1)) {
1286 /* \todo Get some vaguely correct handling of Jazelle, if
1287 * anyone ever uses it and full info becomes available.
1288 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1289 * B.7.3 for the reverse. That'd be the bare minimum...
1290 */
1291 LOG_DEBUG("target entered debug from Jazelle state");
1292 arm->core_state = ARM_STATE_JAZELLE;
1293 cpsr_mask = 1 << 24;
1294 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1295 } else {
1296 LOG_DEBUG("target entered debug from ARM state");
1297 /* Entered debug from ARM mode */
1298 arm->core_state = ARM_STATE_ARM;
1299 }
1300
1301 for (i = 0; i < 16; i++)
1302 context_p[i] = &context[i];
1303 /* save core registers (r0 - r15 of current core mode) */
1304 arm7_9->read_core_regs(target, 0xffff, context_p);
1305
1306 arm7_9->read_xpsr(target, &cpsr, 0);
1307
1308 retval = jtag_execute_queue();
1309 if (retval != ERROR_OK)
1310 return retval;
1311
1312 /* Sync our CPSR copy with J or T bits EICE reported, but
1313 * which we then erased by putting the core into ARM mode.
1314 */
1315 arm_set_cpsr(arm, cpsr | cpsr_mask);
1316
1317 if (!is_arm_mode(arm->core_mode)) {
1318 target->state = TARGET_UNKNOWN;
1319 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1320 return ERROR_TARGET_FAILURE;
1321 }
1322
1323 LOG_DEBUG("target entered debug state in %s mode",
1324 arm_mode_name(arm->core_mode));
1325
1326 if (arm->core_state == ARM_STATE_THUMB) {
1327 LOG_DEBUG("thumb state, applying fixups");
1328 context[0] = r0_thumb;
1329 context[15] = pc_thumb;
1330 } else if (arm->core_state == ARM_STATE_ARM) {
1331 /* adjust value stored by STM */
1332 context[15] -= 3 * 4;
1333 }
1334
1335 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1336 context[15] -= 3 * ((arm->core_state == ARM_STATE_ARM) ? 4 : 2);
1337 else
1338 context[15] -= arm7_9->dbgreq_adjust_pc *
1339 ((arm->core_state == ARM_STATE_ARM) ? 4 : 2);
1340
1341 for (i = 0; i <= 15; i++) {
1342 struct reg *r = arm_reg_current(arm, i);
1343
1344 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1345
1346 buf_set_u32(r->value, 0, 32, context[i]);
1347 /* r0 and r15 (pc) have to be restored later */
1348 r->dirty = (i == 0) || (i == 15);
1349 r->valid = true;
1350 }
1351
1352 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1353
1354 /* exceptions other than USR & SYS have a saved program status register */
1355 if (arm->spsr) {
1356 uint32_t spsr;
1357 arm7_9->read_xpsr(target, &spsr, 1);
1358 retval = jtag_execute_queue();
1359 if (retval != ERROR_OK)
1360 return retval;
1361 buf_set_u32(arm->spsr->value, 0, 32, spsr);
1362 arm->spsr->dirty = false;
1363 arm->spsr->valid = true;
1364 }
1365
1366 retval = jtag_execute_queue();
1367 if (retval != ERROR_OK)
1368 return retval;
1369
1370 if (arm7_9->post_debug_entry) {
1371 retval = arm7_9->post_debug_entry(target);
1372 if (retval != ERROR_OK)
1373 return retval;
1374 }
1375
1376 return ERROR_OK;
1377 }
1378
1379 /**
1380 * Validate the full context for an ARM7/9 target in all processor modes. If
1381 * there are any invalid registers for the target, they will all be read. This
1382 * includes the PSR.
1383 *
1384 * @param target Pointer to the ARM7/9 target to capture the full context from
1385 * @return Error if the target is not halted, has an invalid core mode, or if
1386 * the JTAG queue fails to execute
1387 */
1388 static int arm7_9_full_context(struct target *target)
1389 {
1390 int i;
1391 int retval;
1392 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1393 struct arm *arm = &arm7_9->arm;
1394
1395 LOG_DEBUG("-");
1396
1397 if (target->state != TARGET_HALTED) {
1398 LOG_WARNING("target not halted");
1399 return ERROR_TARGET_NOT_HALTED;
1400 }
1401
1402 if (!is_arm_mode(arm->core_mode)) {
1403 LOG_ERROR("not a valid arm core mode - communication failure?");
1404 return ERROR_FAIL;
1405 }
1406
1407 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1408 * SYS shares registers with User, so we don't touch SYS
1409 */
1410 for (i = 0; i < 6; i++) {
1411 uint32_t mask = 0;
1412 uint32_t *reg_p[16];
1413 int j;
1414 bool valid = true;
1415
1416 /* check if there are invalid registers in the current mode
1417 */
1418 for (j = 0; j <= 16; j++) {
1419 if (!ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i), j).valid)
1420 valid = false;
1421 }
1422
1423 if (!valid) {
1424 uint32_t tmp_cpsr;
1425
1426 /* change processor mode (and mask T bit) */
1427 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8)
1428 & 0xe0;
1429 tmp_cpsr |= armv4_5_number_to_mode(i);
1430 tmp_cpsr &= ~0x20;
1431 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1432
1433 for (j = 0; j < 15; j++) {
1434 if (!ARMV4_5_CORE_REG_MODE(arm->core_cache,
1435 armv4_5_number_to_mode(i), j).valid) {
1436 reg_p[j] = (uint32_t *)ARMV4_5_CORE_REG_MODE(
1437 arm->core_cache,
1438 armv4_5_number_to_mode(i),
1439 j).value;
1440 mask |= 1 << j;
1441 ARMV4_5_CORE_REG_MODE(arm->core_cache,
1442 armv4_5_number_to_mode(i),
1443 j).valid = true;
1444 ARMV4_5_CORE_REG_MODE(arm->core_cache,
1445 armv4_5_number_to_mode(i),
1446 j).dirty = false;
1447 }
1448 }
1449
1450 /* if only the PSR is invalid, mask is all zeroes */
1451 if (mask)
1452 arm7_9->read_core_regs(target, mask, reg_p);
1453
1454 /* check if the PSR has to be read */
1455 if (!ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1456 16).valid) {
1457 arm7_9->read_xpsr(target,
1458 (uint32_t *)ARMV4_5_CORE_REG_MODE(arm->core_cache,
1459 armv4_5_number_to_mode(i), 16).value, 1);
1460 ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1461 16).valid = true;
1462 ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1463 16).dirty = false;
1464 }
1465 }
1466 }
1467
1468 /* restore processor mode (mask T bit) */
1469 arm7_9->write_xpsr_im8(target,
1470 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
1471
1472 retval = jtag_execute_queue();
1473 if (retval != ERROR_OK)
1474 return retval;
1475 return ERROR_OK;
1476 }
1477
1478 /**
1479 * Restore the processor context on an ARM7/9 target. The full processor
1480 * context is analyzed to see if any of the registers are dirty on this end, but
1481 * have a valid new value. If this is the case, the processor is changed to the
1482 * appropriate mode and the new register values are written out to the
1483 * processor. If there happens to be a dirty register with an invalid value, an
1484 * error will be logged.
1485 *
1486 * @param target Pointer to the ARM7/9 target to have its context restored
1487 * @return Error status if the target is not halted or the core mode in the
1488 * armv4_5 struct is invalid.
1489 */
1490 static int arm7_9_restore_context(struct target *target)
1491 {
1492 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1493 struct arm *arm = &arm7_9->arm;
1494 struct reg *reg;
1495 enum arm_mode current_mode = arm->core_mode;
1496 int i, j;
1497 bool dirty;
1498 int mode_change;
1499
1500 LOG_DEBUG("-");
1501
1502 if (target->state != TARGET_HALTED) {
1503 LOG_WARNING("target not halted");
1504 return ERROR_TARGET_NOT_HALTED;
1505 }
1506
1507 if (arm7_9->pre_restore_context)
1508 arm7_9->pre_restore_context(target);
1509
1510 if (!is_arm_mode(arm->core_mode)) {
1511 LOG_ERROR("not a valid arm core mode - communication failure?");
1512 return ERROR_FAIL;
1513 }
1514
1515 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1516 * SYS shares registers with User, so we don't touch SYS
1517 */
1518 for (i = 0; i < 6; i++) {
1519 LOG_DEBUG("examining %s mode",
1520 arm_mode_name(arm->core_mode));
1521 dirty = false;
1522 mode_change = 0;
1523 /* check if there are dirty registers in the current mode
1524 */
1525 for (j = 0; j <= 16; j++) {
1526 reg = &ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i), j);
1527 if (reg->dirty) {
1528 if (reg->valid) {
1529 dirty = true;
1530 LOG_DEBUG("examining dirty reg: %s", reg->name);
1531 struct arm_reg *reg_arch_info;
1532 reg_arch_info = reg->arch_info;
1533 if ((reg_arch_info->mode != ARM_MODE_ANY)
1534 && (reg_arch_info->mode != current_mode)
1535 && !((reg_arch_info->mode == ARM_MODE_USR)
1536 && (arm->core_mode == ARM_MODE_SYS))
1537 && !((reg_arch_info->mode == ARM_MODE_SYS)
1538 && (arm->core_mode == ARM_MODE_USR))) {
1539 mode_change = 1;
1540 LOG_DEBUG("require mode change");
1541 }
1542 } else
1543 LOG_ERROR("BUG: dirty register '%s', but no valid data",
1544 reg->name);
1545 }
1546 }
1547
1548 if (dirty) {
1549 uint32_t mask = 0x0;
1550 int num_regs = 0;
1551 uint32_t regs[16];
1552
1553 if (mode_change) {
1554 uint32_t tmp_cpsr;
1555
1556 /* change processor mode (mask T bit) */
1557 tmp_cpsr = buf_get_u32(arm->cpsr->value,
1558 0, 8) & 0xe0;
1559 tmp_cpsr |= armv4_5_number_to_mode(i);
1560 tmp_cpsr &= ~0x20;
1561 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1562 current_mode = armv4_5_number_to_mode(i);
1563 }
1564
1565 for (j = 0; j <= 14; j++) {
1566 reg = &ARMV4_5_CORE_REG_MODE(arm->core_cache,
1567 armv4_5_number_to_mode(i),
1568 j);
1569
1570 if (reg->dirty) {
1571 regs[j] = buf_get_u32(reg->value, 0, 32);
1572 mask |= 1 << j;
1573 num_regs++;
1574 reg->dirty = false;
1575 reg->valid = true;
1576 LOG_DEBUG("writing register %i mode %s "
1577 "with value 0x%8.8" PRIx32, j,
1578 arm_mode_name(arm->core_mode),
1579 regs[j]);
1580 }
1581 }
1582
1583 if (mask)
1584 arm7_9->write_core_regs(target, mask, regs);
1585
1586 reg =
1587 &ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(
1588 i), 16);
1589 struct arm_reg *reg_arch_info;
1590 reg_arch_info = reg->arch_info;
1591 if ((reg->dirty) && (reg_arch_info->mode != ARM_MODE_ANY)) {
1592 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "",
1593 i,
1594 buf_get_u32(reg->value, 0, 32));
1595 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1596 }
1597 }
1598 }
1599
1600 if (!arm->cpsr->dirty && (arm->core_mode != current_mode)) {
1601 /* restore processor mode (mask T bit) */
1602 uint32_t tmp_cpsr;
1603
1604 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
1605 tmp_cpsr |= armv4_5_number_to_mode(i);
1606 tmp_cpsr &= ~0x20;
1607 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1608 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1609
1610 } else if (arm->cpsr->dirty) {
1611 /* CPSR has been changed, full restore necessary (mask T bit) */
1612 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32,
1613 buf_get_u32(arm->cpsr->value, 0, 32));
1614 arm7_9->write_xpsr(target,
1615 buf_get_u32(arm->cpsr->value, 0, 32)
1616 & ~0x20, 0);
1617 arm->cpsr->dirty = false;
1618 arm->cpsr->valid = true;
1619 }
1620
1621 /* restore PC */
1622 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32,
1623 buf_get_u32(arm->pc->value, 0, 32));
1624 arm7_9->write_pc(target, buf_get_u32(arm->pc->value, 0, 32));
1625 arm->pc->dirty = false;
1626
1627 return ERROR_OK;
1628 }
1629
1630 /**
1631 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1632 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1633 * restart.
1634 *
1635 * @param target Pointer to the ARM7/9 target to be restarted
1636 * @return Result of executing the JTAG queue
1637 */
1638 static int arm7_9_restart_core(struct target *target)
1639 {
1640 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1641 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1642 int retval;
1643
1644 /* set RESTART instruction */
1645 if (arm7_9->need_bypass_before_restart) {
1646 arm7_9->need_bypass_before_restart = 0;
1647
1648 retval = arm_jtag_set_instr(jtag_info->tap, 0xf, NULL, TAP_IDLE);
1649 if (retval != ERROR_OK)
1650 return retval;
1651 }
1652 retval = arm_jtag_set_instr(jtag_info->tap, 0x4, NULL, TAP_IDLE);
1653 if (retval != ERROR_OK)
1654 return retval;
1655
1656 jtag_add_runtest(1, TAP_IDLE);
1657 return jtag_execute_queue();
1658 }
1659
1660 /**
1661 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1662 * iterated through and are set on the target if they aren't already set.
1663 *
1664 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1665 */
1666 static void arm7_9_enable_watchpoints(struct target *target)
1667 {
1668 struct watchpoint *watchpoint = target->watchpoints;
1669
1670 while (watchpoint) {
1671 if (watchpoint->set == 0)
1672 arm7_9_set_watchpoint(target, watchpoint);
1673 watchpoint = watchpoint->next;
1674 }
1675 }
1676
1677 /**
1678 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1679 * iterated through and are set on the target.
1680 *
1681 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1682 */
1683 static void arm7_9_enable_breakpoints(struct target *target)
1684 {
1685 struct breakpoint *breakpoint = target->breakpoints;
1686
1687 /* set any pending breakpoints */
1688 while (breakpoint) {
1689 arm7_9_set_breakpoint(target, breakpoint);
1690 breakpoint = breakpoint->next;
1691 }
1692 }
1693
1694 int arm7_9_resume(struct target *target,
1695 int current,
1696 target_addr_t address,
1697 int handle_breakpoints,
1698 int debug_execution)
1699 {
1700 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1701 struct arm *arm = &arm7_9->arm;
1702 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1703 int err, retval = ERROR_OK;
1704
1705 LOG_DEBUG("-");
1706
1707 if (target->state != TARGET_HALTED) {
1708 LOG_WARNING("target not halted");
1709 return ERROR_TARGET_NOT_HALTED;
1710 }
1711
1712 if (!debug_execution)
1713 target_free_all_working_areas(target);
1714
1715 /* current = 1: continue on current pc, otherwise continue at <address> */
1716 if (!current)
1717 buf_set_u32(arm->pc->value, 0, 32, address);
1718
1719 uint32_t current_pc;
1720 current_pc = buf_get_u32(arm->pc->value, 0, 32);
1721
1722 /* the front-end may request us not to handle breakpoints */
1723 if (handle_breakpoints) {
1724 struct breakpoint *breakpoint;
1725 breakpoint = breakpoint_find(target,
1726 buf_get_u32(arm->pc->value, 0, 32));
1727 if (breakpoint != NULL) {
1728 LOG_DEBUG("unset breakpoint at 0x%8.8" TARGET_PRIxADDR " (id: %" PRId32,
1729 breakpoint->address,
1730 breakpoint->unique_id);
1731 retval = arm7_9_unset_breakpoint(target, breakpoint);
1732 if (retval != ERROR_OK)
1733 return retval;
1734
1735 /* calculate PC of next instruction */
1736 uint32_t next_pc;
1737 retval = arm_simulate_step(target, &next_pc);
1738 if (retval != ERROR_OK) {
1739 uint32_t current_opcode;
1740 target_read_u32(target, current_pc, &current_opcode);
1741 LOG_ERROR(
1742 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "",
1743 current_opcode);
1744 return retval;
1745 }
1746
1747 LOG_DEBUG("enable single-step");
1748 arm7_9->enable_single_step(target, next_pc);
1749
1750 target->debug_reason = DBG_REASON_SINGLESTEP;
1751
1752 retval = arm7_9_restore_context(target);
1753 if (retval != ERROR_OK)
1754 return retval;
1755
1756 if (arm->core_state == ARM_STATE_ARM)
1757 arm7_9->branch_resume(target);
1758 else if (arm->core_state == ARM_STATE_THUMB)
1759 arm7_9->branch_resume_thumb(target);
1760 else {
1761 LOG_ERROR("unhandled core state");
1762 return ERROR_FAIL;
1763 }
1764
1765 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1766 embeddedice_write_reg(dbg_ctrl,
1767 buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1768 err = arm7_9_execute_sys_speed(target);
1769
1770 LOG_DEBUG("disable single-step");
1771 arm7_9->disable_single_step(target);
1772
1773 if (err != ERROR_OK) {
1774 retval = arm7_9_set_breakpoint(target, breakpoint);
1775 if (retval != ERROR_OK)
1776 return retval;
1777 target->state = TARGET_UNKNOWN;
1778 return err;
1779 }
1780
1781 retval = arm7_9_debug_entry(target);
1782 if (retval != ERROR_OK)
1783 return retval;
1784 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32,
1785 buf_get_u32(arm->pc->value, 0, 32));
1786
1787 LOG_DEBUG("set breakpoint at 0x%8.8" TARGET_PRIxADDR "", breakpoint->address);
1788 retval = arm7_9_set_breakpoint(target, breakpoint);
1789 if (retval != ERROR_OK)
1790 return retval;
1791 }
1792 }
1793
1794 /* enable any pending breakpoints and watchpoints */
1795 arm7_9_enable_breakpoints(target);
1796 arm7_9_enable_watchpoints(target);
1797
1798 retval = arm7_9_restore_context(target);
1799 if (retval != ERROR_OK)
1800 return retval;
1801
1802 if (arm->core_state == ARM_STATE_ARM)
1803 arm7_9->branch_resume(target);
1804 else if (arm->core_state == ARM_STATE_THUMB)
1805 arm7_9->branch_resume_thumb(target);
1806 else {
1807 LOG_ERROR("unhandled core state");
1808 return ERROR_FAIL;
1809 }
1810
1811 /* deassert DBGACK and INTDIS */
1812 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1813 /* INTDIS only when we really resume, not during debug execution */
1814 if (!debug_execution)
1815 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1816 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1817
1818 retval = arm7_9_restart_core(target);
1819 if (retval != ERROR_OK)
1820 return retval;
1821
1822 target->debug_reason = DBG_REASON_NOTHALTED;
1823
1824 if (!debug_execution) {
1825 /* registers are now invalid */
1826 register_cache_invalidate(arm->core_cache);
1827 target->state = TARGET_RUNNING;
1828 retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1829 if (retval != ERROR_OK)
1830 return retval;
1831 } else {
1832 target->state = TARGET_DEBUG_RUNNING;
1833 retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1834 if (retval != ERROR_OK)
1835 return retval;
1836 }
1837
1838 LOG_DEBUG("target resumed");
1839
1840 return ERROR_OK;
1841 }
1842
1843 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1844 {
1845 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1846 struct arm *arm = &arm7_9->arm;
1847 uint32_t current_pc;
1848 current_pc = buf_get_u32(arm->pc->value, 0, 32);
1849
1850 if (next_pc != current_pc) {
1851 /* setup an inverse breakpoint on the current PC
1852 * - comparator 1 matches the current address
1853 * - rangeout from comparator 1 is connected to comparator 0 rangein
1854 * - comparator 0 matches any address, as long as rangein is low */
1855 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1856 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1857 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
1858 EICE_W_CTRL_ENABLE);
1859 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
1860 ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1861 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE],
1862 current_pc);
1863 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1864 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1865 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1866 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
1867 ~EICE_W_CTRL_nOPC & 0xff);
1868 } else {
1869 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1870 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1871 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1872 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1873 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1874 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1875 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1876 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE],
1877 EICE_W_CTRL_ENABLE);
1878 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
1879 ~EICE_W_CTRL_nOPC & 0xff);
1880 }
1881 }
1882
1883 void arm7_9_disable_eice_step(struct target *target)
1884 {
1885 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1886
1887 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1888 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1889 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1890 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1891 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1892 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1893 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1894 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1895 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1896 }
1897
1898 int arm7_9_step(struct target *target, int current, target_addr_t address, int handle_breakpoints)
1899 {
1900 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1901 struct arm *arm = &arm7_9->arm;
1902 struct breakpoint *breakpoint = NULL;
1903 int err, retval;
1904
1905 if (target->state != TARGET_HALTED) {
1906 LOG_WARNING("target not halted");
1907 return ERROR_TARGET_NOT_HALTED;
1908 }
1909
1910 /* current = 1: continue on current pc, otherwise continue at <address> */
1911 if (!current)
1912 buf_set_u32(arm->pc->value, 0, 32, address);
1913
1914 uint32_t current_pc = buf_get_u32(arm->pc->value, 0, 32);
1915
1916 /* the front-end may request us not to handle breakpoints */
1917 if (handle_breakpoints)
1918 breakpoint = breakpoint_find(target, current_pc);
1919 if (breakpoint != NULL) {
1920 retval = arm7_9_unset_breakpoint(target, breakpoint);
1921 if (retval != ERROR_OK)
1922 return retval;
1923 }
1924
1925 target->debug_reason = DBG_REASON_SINGLESTEP;
1926
1927 /* calculate PC of next instruction */
1928 uint32_t next_pc;
1929 retval = arm_simulate_step(target, &next_pc);
1930 if (retval != ERROR_OK) {
1931 uint32_t current_opcode;
1932 target_read_u32(target, current_pc, &current_opcode);
1933 LOG_ERROR(
1934 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "",
1935 current_opcode);
1936 return retval;
1937 }
1938
1939 retval = arm7_9_restore_context(target);
1940 if (retval != ERROR_OK)
1941 return retval;
1942
1943 arm7_9->enable_single_step(target, next_pc);
1944
1945 if (arm->core_state == ARM_STATE_ARM)
1946 arm7_9->branch_resume(target);
1947 else if (arm->core_state == ARM_STATE_THUMB)
1948 arm7_9->branch_resume_thumb(target);
1949 else {
1950 LOG_ERROR("unhandled core state");
1951 return ERROR_FAIL;
1952 }
1953
1954 retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1955 if (retval != ERROR_OK)
1956 return retval;
1957
1958 err = arm7_9_execute_sys_speed(target);
1959 arm7_9->disable_single_step(target);
1960
1961 /* registers are now invalid */
1962 register_cache_invalidate(arm->core_cache);
1963
1964 if (err != ERROR_OK)
1965 target->state = TARGET_UNKNOWN;
1966 else {
1967 retval = arm7_9_debug_entry(target);
1968 if (retval != ERROR_OK)
1969 return retval;
1970 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1971 if (retval != ERROR_OK)
1972 return retval;
1973 LOG_DEBUG("target stepped");
1974 }
1975
1976 if (breakpoint) {
1977 retval = arm7_9_set_breakpoint(target, breakpoint);
1978 if (retval != ERROR_OK)
1979 return retval;
1980 }
1981
1982 return err;
1983 }
1984
1985 static int arm7_9_read_core_reg(struct target *target, struct reg *r,
1986 int num, enum arm_mode mode)
1987 {
1988 uint32_t *reg_p[16];
1989 int retval;
1990 struct arm_reg *areg = r->arch_info;
1991 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1992 struct arm *arm = &arm7_9->arm;
1993
1994 if (!is_arm_mode(arm->core_mode))
1995 return ERROR_FAIL;
1996 if ((num < 0) || (num > 16))
1997 return ERROR_COMMAND_SYNTAX_ERROR;
1998
1999 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2000 && (areg->mode != ARM_MODE_ANY)) {
2001 uint32_t tmp_cpsr;
2002
2003 /* change processor mode (mask T bit) */
2004 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
2005 tmp_cpsr |= mode;
2006 tmp_cpsr &= ~0x20;
2007 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2008 }
2009
2010 uint32_t value = 0;
2011 if ((num >= 0) && (num <= 15)) {
2012 /* read a normal core register */
2013 reg_p[num] = &value;
2014
2015 arm7_9->read_core_regs(target, 1 << num, reg_p);
2016 } else {
2017 /* read a program status register
2018 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2019 */
2020 arm7_9->read_xpsr(target, &value, areg->mode != ARM_MODE_ANY);
2021 }
2022
2023 retval = jtag_execute_queue();
2024 if (retval != ERROR_OK)
2025 return retval;
2026
2027 r->valid = true;
2028 r->dirty = false;
2029 buf_set_u32(r->value, 0, 32, value);
2030
2031 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2032 && (areg->mode != ARM_MODE_ANY)) {
2033 /* restore processor mode (mask T bit) */
2034 arm7_9->write_xpsr_im8(target,
2035 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
2036 }
2037
2038 return ERROR_OK;
2039 }
2040
2041 static int arm7_9_write_core_reg(struct target *target, struct reg *r,
2042 int num, enum arm_mode mode, uint8_t *value)
2043 {
2044 uint32_t reg[16];
2045 struct arm_reg *areg = r->arch_info;
2046 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2047 struct arm *arm = &arm7_9->arm;
2048
2049 if (!is_arm_mode(arm->core_mode))
2050 return ERROR_FAIL;
2051 if ((num < 0) || (num > 16))
2052 return ERROR_COMMAND_SYNTAX_ERROR;
2053
2054 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2055 && (areg->mode != ARM_MODE_ANY)) {
2056 uint32_t tmp_cpsr;
2057
2058 /* change processor mode (mask T bit) */
2059 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
2060 tmp_cpsr |= mode;
2061 tmp_cpsr &= ~0x20;
2062 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2063 }
2064
2065 if ((num >= 0) && (num <= 15)) {
2066 /* write a normal core register */
2067 reg[num] = buf_get_u32(value, 0, 32);
2068
2069 arm7_9->write_core_regs(target, 1 << num, reg);
2070 } else {
2071 /* write a program status register
2072 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2073 */
2074 int spsr = (areg->mode != ARM_MODE_ANY);
2075
2076 uint32_t t = buf_get_u32(value, 0, 32);
2077 /* if we're writing the CPSR, mask the T bit */
2078 if (!spsr)
2079 t &= ~0x20;
2080
2081 arm7_9->write_xpsr(target, t, spsr);
2082 }
2083
2084 r->valid = true;
2085 r->dirty = false;
2086
2087 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2088 && (areg->mode != ARM_MODE_ANY)) {
2089 /* restore processor mode (mask T bit) */
2090 arm7_9->write_xpsr_im8(target,
2091 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
2092 }
2093
2094 return jtag_execute_queue();
2095 }
2096
2097 int arm7_9_read_memory(struct target *target,
2098 target_addr_t address,
2099 uint32_t size,
2100 uint32_t count,
2101 uint8_t *buffer)
2102 {
2103 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2104 struct arm *arm = &arm7_9->arm;
2105 uint32_t reg[16];
2106 uint32_t num_accesses = 0;
2107 int thisrun_accesses;
2108 int i;
2109 uint32_t cpsr;
2110 int retval;
2111 int last_reg = 0;
2112
2113 LOG_DEBUG("address: 0x%8.8" TARGET_PRIxADDR ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "",
2114 address, size, count);
2115
2116 if (target->state != TARGET_HALTED) {
2117 LOG_WARNING("target not halted");
2118 return ERROR_TARGET_NOT_HALTED;
2119 }
2120
2121 /* sanitize arguments */
2122 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2123 return ERROR_COMMAND_SYNTAX_ERROR;
2124
2125 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2126 return ERROR_TARGET_UNALIGNED_ACCESS;
2127
2128 /* load the base register with the address of the first word */
2129 reg[0] = address;
2130 arm7_9->write_core_regs(target, 0x1, reg);
2131
2132 int j = 0;
2133
2134 switch (size) {
2135 case 4:
2136 while (num_accesses < count) {
2137 uint32_t reg_list;
2138 thisrun_accesses =
2139 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2140 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2141
2142 if (last_reg <= thisrun_accesses)
2143 last_reg = thisrun_accesses;
2144
2145 arm7_9->load_word_regs(target, reg_list);
2146
2147 /* fast memory reads are only safe when the target is running
2148 * from a sufficiently high clock (32 kHz is usually too slow)
2149 */
2150 if (arm7_9->fast_memory_access)
2151 retval = arm7_9_execute_fast_sys_speed(target);
2152 else
2153 retval = arm7_9_execute_sys_speed(target);
2154 if (retval != ERROR_OK)
2155 return retval;
2156
2157 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2158
2159 /* advance buffer, count number of accesses */
2160 buffer += thisrun_accesses * 4;
2161 num_accesses += thisrun_accesses;
2162
2163 if ((j++%1024) == 0)
2164 keep_alive();
2165 }
2166 break;
2167 case 2:
2168 while (num_accesses < count) {
2169 uint32_t reg_list;
2170 thisrun_accesses =
2171 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2172 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2173
2174 for (i = 1; i <= thisrun_accesses; i++) {
2175 if (i > last_reg)
2176 last_reg = i;
2177 arm7_9->load_hword_reg(target, i);
2178 /* fast memory reads are only safe when the target is running
2179 * from a sufficiently high clock (32 kHz is usually too slow)
2180 */
2181 if (arm7_9->fast_memory_access)
2182 retval = arm7_9_execute_fast_sys_speed(target);
2183 else
2184 retval = arm7_9_execute_sys_speed(target);
2185 if (retval != ERROR_OK)
2186 return retval;
2187
2188 }
2189
2190 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2191
2192 /* advance buffer, count number of accesses */
2193 buffer += thisrun_accesses * 2;
2194 num_accesses += thisrun_accesses;
2195
2196 if ((j++%1024) == 0)
2197 keep_alive();
2198 }
2199 break;
2200 case 1:
2201 while (num_accesses < count) {
2202 uint32_t reg_list;
2203 thisrun_accesses =
2204 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2205 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2206
2207 for (i = 1; i <= thisrun_accesses; i++) {
2208 if (i > last_reg)
2209 last_reg = i;
2210 arm7_9->load_byte_reg(target, i);
2211 /* fast memory reads are only safe when the target is running
2212 * from a sufficiently high clock (32 kHz is usually too slow)
2213 */
2214 if (arm7_9->fast_memory_access)
2215 retval = arm7_9_execute_fast_sys_speed(target);
2216 else
2217 retval = arm7_9_execute_sys_speed(target);
2218 if (retval != ERROR_OK)
2219 return retval;
2220 }
2221
2222 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2223
2224 /* advance buffer, count number of accesses */
2225 buffer += thisrun_accesses * 1;
2226 num_accesses += thisrun_accesses;
2227
2228 if ((j++%1024) == 0)
2229 keep_alive();
2230 }
2231 break;
2232 }
2233
2234 if (!is_arm_mode(arm->core_mode))
2235 return ERROR_FAIL;
2236
2237 for (i = 0; i <= last_reg; i++) {
2238 struct reg *r = arm_reg_current(arm, i);
2239 r->dirty = r->valid;
2240 }
2241
2242 arm7_9->read_xpsr(target, &cpsr, 0);
2243 retval = jtag_execute_queue();
2244 if (retval != ERROR_OK) {
2245 LOG_ERROR("JTAG error while reading cpsr");
2246 return ERROR_TARGET_DATA_ABORT;
2247 }
2248
2249 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (arm->core_mode != ARM_MODE_ABT)) {
2250 LOG_WARNING(
2251 "memory read caused data abort "
2252 "(address: 0x%8.8" TARGET_PRIxADDR ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")",
2253 address,
2254 size,
2255 count);
2256
2257 arm7_9->write_xpsr_im8(target,
2258 buf_get_u32(arm->cpsr->value, 0, 8)
2259 & ~0x20, 0, 0);
2260
2261 return ERROR_TARGET_DATA_ABORT;
2262 }
2263
2264 return ERROR_OK;
2265 }
2266
2267 int arm7_9_write_memory(struct target *target,
2268 target_addr_t address,
2269 uint32_t size,
2270 uint32_t count,
2271 const uint8_t *buffer)
2272 {
2273 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2274 struct arm *arm = &arm7_9->arm;
2275 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2276
2277 uint32_t reg[16];
2278 uint32_t num_accesses = 0;
2279 int thisrun_accesses;
2280 int i;
2281 uint32_t cpsr;
2282 int retval;
2283 int last_reg = 0;
2284
2285 #ifdef _DEBUG_ARM7_9_
2286 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2287 #endif
2288
2289 if (target->state != TARGET_HALTED) {
2290 LOG_WARNING("target not halted");
2291 return ERROR_TARGET_NOT_HALTED;
2292 }
2293
2294 /* sanitize arguments */
2295 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2296 return ERROR_COMMAND_SYNTAX_ERROR;
2297
2298 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2299 return ERROR_TARGET_UNALIGNED_ACCESS;
2300
2301 /* load the base register with the address of the first word */
2302 reg[0] = address;
2303 arm7_9->write_core_regs(target, 0x1, reg);
2304
2305 /* Clear DBGACK, to make sure memory fetches work as expected */
2306 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2307 embeddedice_store_reg(dbg_ctrl);
2308
2309 switch (size) {
2310 case 4:
2311 while (num_accesses < count) {
2312 uint32_t reg_list;
2313 thisrun_accesses =
2314 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2315 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2316
2317 for (i = 1; i <= thisrun_accesses; i++) {
2318 if (i > last_reg)
2319 last_reg = i;
2320 reg[i] = target_buffer_get_u32(target, buffer);
2321 buffer += 4;
2322 }
2323
2324 arm7_9->write_core_regs(target, reg_list, reg);
2325
2326 arm7_9->store_word_regs(target, reg_list);
2327
2328 /* fast memory writes are only safe when the target is running
2329 * from a sufficiently high clock (32 kHz is usually too slow)
2330 */
2331 if (arm7_9->fast_memory_access)
2332 retval = arm7_9_execute_fast_sys_speed(target);
2333 else {
2334 retval = arm7_9_execute_sys_speed(target);
2335
2336 /*
2337 * if memory writes are made when the clock is running slow
2338 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2339 * processor operations after a "reset halt" or "reset init",
2340 * need to immediately stroke the keep alive or will end up with
2341 * gdb "keep alive not sent error message" problem.
2342 */
2343
2344 keep_alive();
2345 }
2346
2347 if (retval != ERROR_OK)
2348 return retval;
2349
2350 num_accesses += thisrun_accesses;
2351 }
2352 break;
2353 case 2:
2354 while (num_accesses < count) {
2355 uint32_t reg_list;
2356 thisrun_accesses =
2357 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2358 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2359
2360 for (i = 1; i <= thisrun_accesses; i++) {
2361 if (i > last_reg)
2362 last_reg = i;
2363 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2364 buffer += 2;
2365 }
2366
2367 arm7_9->write_core_regs(target, reg_list, reg);
2368
2369 for (i = 1; i <= thisrun_accesses; i++) {
2370 arm7_9->store_hword_reg(target, i);
2371
2372 /* fast memory writes are only safe when the target is running
2373 * from a sufficiently high clock (32 kHz is usually too slow)
2374 */
2375 if (arm7_9->fast_memory_access)
2376 retval = arm7_9_execute_fast_sys_speed(target);
2377 else {
2378 retval = arm7_9_execute_sys_speed(target);
2379
2380 /*
2381 * if memory writes are made when the clock is running slow
2382 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2383 * processor operations after a "reset halt" or "reset init",
2384 * need to immediately stroke the keep alive or will end up with
2385 * gdb "keep alive not sent error message" problem.
2386 */
2387
2388 keep_alive();
2389 }
2390
2391 if (retval != ERROR_OK)
2392 return retval;
2393 }
2394
2395 num_accesses += thisrun_accesses;
2396 }
2397 break;
2398 case 1:
2399 while (num_accesses < count) {
2400 uint32_t reg_list;
2401 thisrun_accesses =
2402 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2403 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2404
2405 for (i = 1; i <= thisrun_accesses; i++) {
2406 if (i > last_reg)
2407 last_reg = i;
2408 reg[i] = *buffer++ & 0xff;
2409 }
2410
2411 arm7_9->write_core_regs(target, reg_list, reg);
2412
2413 for (i = 1; i <= thisrun_accesses; i++) {
2414 arm7_9->store_byte_reg(target, i);
2415 /* fast memory writes are only safe when the target is running
2416 * from a sufficiently high clock (32 kHz is usually too slow)
2417 */
2418 if (arm7_9->fast_memory_access)
2419 retval = arm7_9_execute_fast_sys_speed(target);
2420 else {
2421 retval = arm7_9_execute_sys_speed(target);
2422
2423 /*
2424 * if memory writes are made when the clock is running slow
2425 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2426 * processor operations after a "reset halt" or "reset init",
2427 * need to immediately stroke the keep alive or will end up with
2428 * gdb "keep alive not sent error message" problem.
2429 */
2430
2431 keep_alive();
2432 }
2433
2434 if (retval != ERROR_OK)
2435 return retval;
2436
2437 }
2438
2439 num_accesses += thisrun_accesses;
2440 }
2441 break;
2442 }
2443
2444 /* Re-Set DBGACK */
2445 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2446 embeddedice_store_reg(dbg_ctrl);
2447
2448 if (!is_arm_mode(arm->core_mode))
2449 return ERROR_FAIL;
2450
2451 for (i = 0; i <= last_reg; i++) {
2452 struct reg *r = arm_reg_current(arm, i);
2453 r->dirty = r->valid;
2454 }
2455
2456 arm7_9->read_xpsr(target, &cpsr, 0);
2457 retval = jtag_execute_queue();
2458 if (retval != ERROR_OK) {
2459 LOG_ERROR("JTAG error while reading cpsr");
2460 return ERROR_TARGET_DATA_ABORT;
2461 }
2462
2463 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (arm->core_mode != ARM_MODE_ABT)) {
2464 LOG_WARNING(
2465 "memory write caused data abort "
2466 "(address: 0x%8.8" TARGET_PRIxADDR ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")",
2467 address,
2468 size,
2469 count);
2470
2471 arm7_9->write_xpsr_im8(target,
2472 buf_get_u32(arm->cpsr->value, 0, 8)
2473 & ~0x20, 0, 0);
2474
2475 return ERROR_TARGET_DATA_ABORT;
2476 }
2477
2478 return ERROR_OK;
2479 }
2480
2481 int arm7_9_write_memory_opt(struct target *target,
2482 target_addr_t address,
2483 uint32_t size,
2484 uint32_t count,
2485 const uint8_t *buffer)
2486 {
2487 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2488 int retval;
2489
2490 if (size == 4 && count > 32 && arm7_9->bulk_write_memory) {
2491 /* Attempt to do a bulk write */
2492 retval = arm7_9->bulk_write_memory(target, address, count, buffer);
2493
2494 if (retval == ERROR_OK)
2495 return ERROR_OK;
2496 }
2497
2498 return arm7_9->write_memory(target, address, size, count, buffer);
2499 }
2500
2501 int arm7_9_write_memory_no_opt(struct target *target,
2502 uint32_t address,
2503 uint32_t size,
2504 uint32_t count,
2505 const uint8_t *buffer)
2506 {
2507 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2508
2509 return arm7_9->write_memory(target, address, size, count, buffer);
2510 }
2511
2512 static int dcc_count;
2513 static const uint8_t *dcc_buffer;
2514
2515 static int arm7_9_dcc_completion(struct target *target,
2516 uint32_t exit_point,
2517 int timeout_ms,
2518 void *arch_info)
2519 {
2520 int retval = ERROR_OK;
2521 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2522
2523 retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500);
2524 if (retval != ERROR_OK)
2525 return retval;
2526
2527 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2528 int count = dcc_count;
2529 const uint8_t *buffer = dcc_buffer;
2530 if (count > 2) {
2531 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2532 * core function repeated. */
2533 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2534 fast_target_buffer_get_u32(buffer, little));
2535 buffer += 4;
2536
2537 struct embeddedice_reg *ice_reg =
2538 arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2539 uint8_t reg_addr = ice_reg->addr & 0x1f;
2540 struct jtag_tap *tap;
2541 tap = ice_reg->jtag_info->tap;
2542
2543 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2544 buffer += (count-2)*4;
2545
2546 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2547 fast_target_buffer_get_u32(buffer, little));
2548 } else {
2549 int i;
2550 for (i = 0; i < count; i++) {
2551 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2552 fast_target_buffer_get_u32(buffer, little));
2553 buffer += 4;
2554 }
2555 }
2556
2557 retval = target_halt(target);
2558 if (retval != ERROR_OK)
2559 return retval;
2560 return target_wait_state(target, TARGET_HALTED, 500);
2561 }
2562
2563 static const uint32_t dcc_code[] = {
2564 /* r0 == input, points to memory buffer
2565 * r1 == scratch
2566 */
2567
2568 /* spin until DCC control (c0) reports data arrived */
2569 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2570 0xe3110001, /* tst r1, #1 */
2571 0x0afffffc, /* bne w */
2572
2573 /* read word from DCC (c1), write to memory */
2574 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2575 0xe4801004, /* str r1, [r0], #4 */
2576
2577 /* repeat */
2578 0xeafffff9 /* b w */
2579 };
2580
2581 int arm7_9_bulk_write_memory(struct target *target,
2582 target_addr_t address,
2583 uint32_t count,
2584 const uint8_t *buffer)
2585 {
2586 int retval;
2587 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2588
2589 if (address % 4 != 0)
2590 return ERROR_TARGET_UNALIGNED_ACCESS;
2591
2592 if (!arm7_9->dcc_downloads)
2593 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2594
2595 /* regrab previously allocated working_area, or allocate a new one */
2596 if (!arm7_9->dcc_working_area) {
2597 uint8_t dcc_code_buf[6 * 4];
2598
2599 /* make sure we have a working area */
2600 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK) {
2601 LOG_INFO("no working area available, falling back to memory writes");
2602 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2603 }
2604
2605 /* copy target instructions to target endianness */
2606 target_buffer_set_u32_array(target, dcc_code_buf, ARRAY_SIZE(dcc_code), dcc_code);
2607
2608 /* write DCC code to working area, using the non-optimized
2609 * memory write to avoid ending up here again */
2610 retval = arm7_9_write_memory_no_opt(target,
2611 arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2612 if (retval != ERROR_OK)
2613 return retval;
2614 }
2615
2616 struct arm_algorithm arm_algo;
2617 struct reg_param reg_params[1];
2618
2619 arm_algo.common_magic = ARM_COMMON_MAGIC;
2620 arm_algo.core_mode = ARM_MODE_SVC;
2621 arm_algo.core_state = ARM_STATE_ARM;
2622
2623 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2624
2625 buf_set_u32(reg_params[0].value, 0, 32, address);
2626
2627 dcc_count = count;
2628 dcc_buffer = buffer;
2629 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2630 arm7_9->dcc_working_area->address,
2631 arm7_9->dcc_working_area->address + 6*4,
2632 20*1000, &arm_algo, arm7_9_dcc_completion);
2633
2634 if (retval == ERROR_OK) {
2635 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2636 if (endaddress != (address + count*4)) {
2637 LOG_ERROR(
2638 "DCC write failed, expected end address 0x%08" TARGET_PRIxADDR " got 0x%0" PRIx32 "",
2639 (address + count*4),
2640 endaddress);
2641 retval = ERROR_FAIL;
2642 }
2643 }
2644
2645 destroy_reg_param(&reg_params[0]);
2646
2647 return retval;
2648 }
2649
2650 /**
2651 * Perform per-target setup that requires JTAG access.
2652 */
2653 int arm7_9_examine(struct target *target)
2654 {
2655 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2656 int retval;
2657
2658 if (!target_was_examined(target)) {
2659 struct reg_cache *t, **cache_p;
2660
2661 t = embeddedice_build_reg_cache(target, arm7_9);
2662 if (t == NULL)
2663 return ERROR_FAIL;
2664
2665 cache_p = register_get_last_cache_p(&target->reg_cache);
2666 (*cache_p) = t;
2667 arm7_9->eice_cache = (*cache_p);
2668
2669 if (arm7_9->arm.etm)
2670 (*cache_p)->next = etm_build_reg_cache(target,
2671 &arm7_9->jtag_info,
2672 arm7_9->arm.etm);
2673
2674 target_set_examined(target);
2675 }
2676
2677 retval = embeddedice_setup(target);
2678 if (retval == ERROR_OK)
2679 retval = arm7_9_setup(target);
2680 if (retval == ERROR_OK && arm7_9->arm.etm)
2681 retval = etm_setup(target);
2682 return retval;
2683 }
2684
2685
2686 int arm7_9_check_reset(struct target *target)
2687 {
2688 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2689
2690 if (get_target_reset_nag() && !arm7_9->dcc_downloads)
2691 LOG_WARNING(
2692 "NOTE! DCC downloads have not been enabled, defaulting to slow memory writes. Type 'help dcc'.");
2693
2694 if (get_target_reset_nag() && (target->working_area_size == 0))
2695 LOG_WARNING("NOTE! Severe performance degradation without working memory enabled.");
2696
2697 if (get_target_reset_nag() && !arm7_9->fast_memory_access)
2698 LOG_WARNING(
2699 "NOTE! Severe performance degradation without fast memory access enabled. Type 'help fast'.");
2700
2701 return ERROR_OK;
2702 }
2703
2704 int arm7_9_endianness_callback(jtag_callback_data_t pu8_in,
2705 jtag_callback_data_t i_size, jtag_callback_data_t i_be,
2706 jtag_callback_data_t i_flip)
2707 {
2708 uint8_t *in = (uint8_t *)pu8_in;
2709 int size = (int)i_size;
2710 int be = (int)i_be;
2711 int flip = (int)i_flip;
2712 uint32_t readback;
2713
2714 switch (size) {
2715 case 4:
2716 readback = le_to_h_u32(in);
2717 if (flip)
2718 readback = flip_u32(readback, 32);
2719 if (be)
2720 h_u32_to_be(in, readback);
2721 else
2722 h_u32_to_le(in, readback);
2723 break;
2724 case 2:
2725 readback = le_to_h_u16(in);
2726 if (flip)
2727 readback = flip_u32(readback, 16);
2728 if (be)
2729 h_u16_to_be(in, readback & 0xffff);
2730 else
2731 h_u16_to_le(in, readback & 0xffff);
2732 break;
2733 case 1:
2734 readback = *in;
2735 if (flip)
2736 readback = flip_u32(readback, 8);
2737 *in = readback & 0xff;
2738 break;
2739 }
2740
2741 return ERROR_OK;
2742 }
2743
2744 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2745 {
2746 struct target *target = get_current_target(CMD_CTX);
2747 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2748
2749 if (!is_arm7_9(arm7_9)) {
2750 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2751 return ERROR_TARGET_INVALID;
2752 }
2753
2754 if (CMD_ARGC > 0)
2755 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->use_dbgrq);
2756
2757 command_print(CMD_CTX,
2758 "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s",
2759 (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2760
2761 return ERROR_OK;
2762 }
2763
2764 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2765 {
2766 struct target *target = get_current_target(CMD_CTX);
2767 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2768
2769 if (!is_arm7_9(arm7_9)) {
2770 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2771 return ERROR_TARGET_INVALID;
2772 }
2773
2774 if (CMD_ARGC > 0)
2775 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->fast_memory_access);
2776
2777 command_print(CMD_CTX,
2778 "fast memory access is %s",
2779 (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2780
2781 return ERROR_OK;
2782 }
2783
2784 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
2785 {
2786 struct target *target = get_current_target(CMD_CTX);
2787 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2788
2789 if (!is_arm7_9(arm7_9)) {
2790 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2791 return ERROR_TARGET_INVALID;
2792 }
2793
2794 if (CMD_ARGC > 0)
2795 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->dcc_downloads);
2796
2797 command_print(CMD_CTX,
2798 "dcc downloads are %s",
2799 (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2800
2801 return ERROR_OK;
2802 }
2803
2804 static int arm7_9_setup_semihosting(struct target *target, int enable)
2805 {
2806 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2807
2808 if (!is_arm7_9(arm7_9)) {
2809 LOG_USER("current target isn't an ARM7/ARM9 target");
2810 return ERROR_TARGET_INVALID;
2811 }
2812
2813 if (arm7_9->has_vector_catch) {
2814 struct reg *vector_catch = &arm7_9->eice_cache
2815 ->reg_list[EICE_VEC_CATCH];
2816
2817 if (!vector_catch->valid)
2818 embeddedice_read_reg(vector_catch);
2819 buf_set_u32(vector_catch->value, 2, 1, enable);
2820 embeddedice_store_reg(vector_catch);
2821 } else {
2822 /* TODO: allow optional high vectors and/or BKPT_HARD */
2823 if (enable)
2824 breakpoint_add(target, 8, 4, BKPT_SOFT);
2825 else
2826 breakpoint_remove(target, 8);
2827 }
2828
2829 return ERROR_OK;
2830 }
2831
2832 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
2833 {
2834 int retval = ERROR_OK;
2835 struct arm *arm = &arm7_9->arm;
2836
2837 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2838
2839 retval = arm_jtag_setup_connection(&arm7_9->jtag_info);
2840 if (retval != ERROR_OK)
2841 return retval;
2842
2843 /* caller must have allocated via calloc(), so everything's zeroed */
2844
2845 arm7_9->wp_available_max = 2;
2846
2847 arm7_9->fast_memory_access = false;
2848 arm7_9->dcc_downloads = false;
2849
2850 arm->arch_info = arm7_9;
2851 arm->core_type = ARM_MODE_ANY;
2852 arm->read_core_reg = arm7_9_read_core_reg;
2853 arm->write_core_reg = arm7_9_write_core_reg;
2854 arm->full_context = arm7_9_full_context;
2855 arm->setup_semihosting = arm7_9_setup_semihosting;
2856
2857 retval = arm_init_arch_info(target, arm);
2858 if (retval != ERROR_OK)
2859 return retval;
2860
2861 return target_register_timer_callback(arm7_9_handle_target_request,
2862 1, TARGET_TIMER_TYPE_PERIODIC, target);
2863 }
2864
2865 static const struct command_registration arm7_9_any_command_handlers[] = {
2866 {
2867 "dbgrq",
2868 .handler = handle_arm7_9_dbgrq_command,
2869 .mode = COMMAND_ANY,
2870 .usage = "['enable'|'disable']",
2871 .help = "use EmbeddedICE dbgrq instead of breakpoint "
2872 "for target halt requests",
2873 },
2874 {
2875 "fast_memory_access",
2876 .handler = handle_arm7_9_fast_memory_access_command,
2877 .mode = COMMAND_ANY,
2878 .usage = "['enable'|'disable']",
2879 .help = "use fast memory accesses instead of slower "
2880 "but potentially safer accesses",
2881 },
2882 {
2883 "dcc_downloads",
2884 .handler = handle_arm7_9_dcc_downloads_command,
2885 .mode = COMMAND_ANY,
2886 .usage = "['enable'|'disable']",
2887 .help = "use DCC downloads for larger memory writes",
2888 },
2889 COMMAND_REGISTRATION_DONE
2890 };
2891 const struct command_registration arm7_9_command_handlers[] = {
2892 {
2893 .chain = arm_command_handlers,
2894 },
2895 {
2896 .chain = etm_command_handlers,
2897 },
2898 {
2899 .name = "arm7_9",
2900 .mode = COMMAND_ANY,
2901 .help = "arm7/9 specific commands",
2902 .usage = "",
2903 .chain = arm7_9_any_command_handlers,
2904 },
2905 COMMAND_REGISTRATION_DONE
2906 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)