Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
simplify debug_reason check
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 �yvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 LOG_DEBUG("-");
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
63 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
64 arm7_9->sw_breakpoints_added = 0;
65 arm7_9->wp0_used = 0;
66 arm7_9->wp1_used = arm7_9->wp1_used_default;
67 arm7_9->wp_available = arm7_9->wp_available_max;
68
69 return jtag_execute_queue();
70 }
71
72 /**
73 * Assign a watchpoint to one of the two available hardware comparators in an
74 * ARM7 or ARM9 target.
75 *
76 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
77 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
78 */
79 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
80 {
81 if (!arm7_9->wp0_used)
82 {
83 arm7_9->wp0_used = 1;
84 breakpoint->set = 1;
85 arm7_9->wp_available--;
86 }
87 else if (!arm7_9->wp1_used)
88 {
89 arm7_9->wp1_used = 1;
90 breakpoint->set = 2;
91 arm7_9->wp_available--;
92 }
93 else
94 {
95 LOG_ERROR("BUG: no hardware comparator available");
96 }
97 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
98 breakpoint->unique_id,
99 breakpoint->address,
100 breakpoint->set );
101 }
102
103 /**
104 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
105 *
106 * @param arm7_9 Pointer to common struct for ARM7/9 targets
107 * @return Error codes if there is a problem finding a watchpoint or the result
108 * of executing the JTAG queue
109 */
110 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
111 {
112 if (arm7_9->sw_breakpoints_added)
113 {
114 return ERROR_OK;
115 }
116 if (arm7_9->wp_available < 1)
117 {
118 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
119 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
120 }
121 arm7_9->wp_available--;
122
123 /* pick a breakpoint unit */
124 if (!arm7_9->wp0_used)
125 {
126 arm7_9->sw_breakpoints_added = 1;
127 arm7_9->wp0_used = 3;
128 } else if (!arm7_9->wp1_used)
129 {
130 arm7_9->sw_breakpoints_added = 2;
131 arm7_9->wp1_used = 3;
132 }
133 else
134 {
135 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
136 return ERROR_FAIL;
137 }
138
139 if (arm7_9->sw_breakpoints_added == 1)
140 {
141 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
146 }
147 else if (arm7_9->sw_breakpoints_added == 2)
148 {
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
154 }
155 else
156 {
157 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
158 return ERROR_FAIL;
159 }
160 LOG_DEBUG("SW BP using hw wp: %d",
161 arm7_9->sw_breakpoints_added );
162
163 return jtag_execute_queue();
164 }
165
166 /**
167 * Setup the common pieces for an ARM7/9 target after reset or on startup.
168 *
169 * @param target Pointer to an ARM7/9 target to setup
170 * @return Result of clearing the watchpoints on the target
171 */
172 int arm7_9_setup(target_t *target)
173 {
174 armv4_5_common_t *armv4_5 = target->arch_info;
175 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
176
177 return arm7_9_clear_watchpoints(arm7_9);
178 }
179
180 /**
181 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
182 * targets. A return of ERROR_OK signifies that the target is a valid target
183 * and that the pointers have been set properly.
184 *
185 * @param target Pointer to the target device to get the pointers from
186 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
187 * targets
188 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
189 * targets
190 * @return ERROR_OK if successful
191 */
192 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
193 {
194 armv4_5_common_t *armv4_5 = target->arch_info;
195 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
196
197 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
198 {
199 return -1;
200 }
201
202 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
203 {
204 return -1;
205 }
206
207 *armv4_5_p = armv4_5;
208 *arm7_9_p = arm7_9;
209
210 return ERROR_OK;
211 }
212
213 /**
214 * Set either a hardware or software breakpoint on an ARM7/9 target. The
215 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
216 * might have erased the values in Embedded ICE.
217 *
218 * @param target Pointer to the target device to set the breakpoints on
219 * @param breakpoint Pointer to the breakpoint to be set
220 * @return For hardware breakpoints, this is the result of executing the JTAG
221 * queue. For software breakpoints, this will be the status of the
222 * required memory reads and writes
223 */
224 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
225 {
226 armv4_5_common_t *armv4_5 = target->arch_info;
227 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
228 int retval = ERROR_OK;
229
230 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
231 breakpoint->unique_id,
232 breakpoint->address );
233
234 if (target->state != TARGET_HALTED)
235 {
236 LOG_WARNING("target not halted");
237 return ERROR_TARGET_NOT_HALTED;
238 }
239
240 if (breakpoint->type == BKPT_HARD)
241 {
242 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
243 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
244
245 /* reassign a hw breakpoint */
246 if (breakpoint->set == 0)
247 {
248 arm7_9_assign_wp(arm7_9, breakpoint);
249 }
250
251 if (breakpoint->set == 1)
252 {
253 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
254 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
255 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
256 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
257 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
258 }
259 else if (breakpoint->set == 2)
260 {
261 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
262 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
263 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
266 }
267 else
268 {
269 LOG_ERROR("BUG: no hardware comparator available");
270 return ERROR_OK;
271 }
272
273 retval = jtag_execute_queue();
274 }
275 else if (breakpoint->type == BKPT_SOFT)
276 {
277 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
278 return retval;
279
280 /* did we already set this breakpoint? */
281 if (breakpoint->set)
282 return ERROR_OK;
283
284 if (breakpoint->length == 4)
285 {
286 uint32_t verify = 0xffffffff;
287 /* keep the original instruction in target endianness */
288 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
289 {
290 return retval;
291 }
292 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
293 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
294 {
295 return retval;
296 }
297
298 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
299 {
300 return retval;
301 }
302 if (verify != arm7_9->arm_bkpt)
303 {
304 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
305 return ERROR_OK;
306 }
307 }
308 else
309 {
310 uint16_t verify = 0xffff;
311 /* keep the original instruction in target endianness */
312 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
313 {
314 return retval;
315 }
316 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
317 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
318 {
319 return retval;
320 }
321
322 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
323 {
324 return retval;
325 }
326 if (verify != arm7_9->thumb_bkpt)
327 {
328 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
329 return ERROR_OK;
330 }
331 }
332 breakpoint->set = 1;
333 }
334
335 return retval;
336 }
337
338 /**
339 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
340 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
341 * will be updated. Otherwise, the software breakpoint will be restored to its
342 * original instruction if it hasn't already been modified.
343 *
344 * @param target Pointer to ARM7/9 target to unset the breakpoint from
345 * @param breakpoint Pointer to breakpoint to be unset
346 * @return For hardware breakpoints, this is the result of executing the JTAG
347 * queue. For software breakpoints, this will be the status of the
348 * required memory reads and writes
349 */
350 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
351 {
352 int retval = ERROR_OK;
353
354 armv4_5_common_t *armv4_5 = target->arch_info;
355 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
356
357 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
358 breakpoint->unique_id,
359 breakpoint->address );
360
361 if (!breakpoint->set)
362 {
363 LOG_WARNING("breakpoint not set");
364 return ERROR_OK;
365 }
366
367 if (breakpoint->type == BKPT_HARD)
368 {
369 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
370 breakpoint->unique_id,
371 breakpoint->set );
372 if (breakpoint->set == 1)
373 {
374 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
375 arm7_9->wp0_used = 0;
376 arm7_9->wp_available++;
377 }
378 else if (breakpoint->set == 2)
379 {
380 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
381 arm7_9->wp1_used = 0;
382 arm7_9->wp_available++;
383 }
384 retval = jtag_execute_queue();
385 breakpoint->set = 0;
386 }
387 else
388 {
389 /* restore original instruction (kept in target endianness) */
390 if (breakpoint->length == 4)
391 {
392 uint32_t current_instr;
393 /* check that user program as not modified breakpoint instruction */
394 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
395 {
396 return retval;
397 }
398 if (current_instr == arm7_9->arm_bkpt)
399 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
400 {
401 return retval;
402 }
403 }
404 else
405 {
406 uint16_t current_instr;
407 /* check that user program as not modified breakpoint instruction */
408 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
409 {
410 return retval;
411 }
412 if (current_instr == arm7_9->thumb_bkpt)
413 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
414 {
415 return retval;
416 }
417 }
418 breakpoint->set = 0;
419 }
420
421 return retval;
422 }
423
424 /**
425 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
426 * dangling breakpoints and that the desired breakpoint can be added.
427 *
428 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
429 * @param breakpoint Pointer to the breakpoint to be added
430 * @return An error status if there is a problem adding the breakpoint or the
431 * result of setting the breakpoint
432 */
433 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
434 {
435 armv4_5_common_t *armv4_5 = target->arch_info;
436 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
437
438 if (target->state != TARGET_HALTED)
439 {
440 LOG_WARNING("target not halted");
441 return ERROR_TARGET_NOT_HALTED;
442 }
443
444 if (arm7_9->breakpoint_count == 0)
445 {
446 /* make sure we don't have any dangling breakpoints. This is vital upon
447 * GDB connect/disconnect
448 */
449 arm7_9_clear_watchpoints(arm7_9);
450 }
451
452 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
453 {
454 LOG_INFO("no watchpoint unit available for hardware breakpoint");
455 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
456 }
457
458 if ((breakpoint->length != 2) && (breakpoint->length != 4))
459 {
460 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
461 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
462 }
463
464 if (breakpoint->type == BKPT_HARD)
465 {
466 arm7_9_assign_wp(arm7_9, breakpoint);
467 }
468
469 arm7_9->breakpoint_count++;
470
471 return arm7_9_set_breakpoint(target, breakpoint);
472 }
473
474 /**
475 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
476 * dangling breakpoints and updates available watchpoints if it is a hardware
477 * breakpoint.
478 *
479 * @param target Pointer to the target to have a breakpoint removed
480 * @param breakpoint Pointer to the breakpoint to be removed
481 * @return Error status if there was a problem unsetting the breakpoint or the
482 * watchpoints could not be cleared
483 */
484 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
485 {
486 int retval = ERROR_OK;
487 armv4_5_common_t *armv4_5 = target->arch_info;
488 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
489
490 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
491 {
492 return retval;
493 }
494
495 if (breakpoint->type == BKPT_HARD)
496 arm7_9->wp_available++;
497
498 arm7_9->breakpoint_count--;
499 if (arm7_9->breakpoint_count == 0)
500 {
501 /* make sure we don't have any dangling breakpoints */
502 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
503 {
504 return retval;
505 }
506 }
507
508 return ERROR_OK;
509 }
510
511 /**
512 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
513 * considered a bug to call this function when there are no available watchpoint
514 * units.
515 *
516 * @param target Pointer to an ARM7/9 target to set a watchpoint on
517 * @param watchpoint Pointer to the watchpoint to be set
518 * @return Error status if watchpoint set fails or the result of executing the
519 * JTAG queue
520 */
521 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
522 {
523 int retval = ERROR_OK;
524 armv4_5_common_t *armv4_5 = target->arch_info;
525 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
526 int rw_mask = 1;
527 uint32_t mask;
528
529 mask = watchpoint->length - 1;
530
531 if (target->state != TARGET_HALTED)
532 {
533 LOG_WARNING("target not halted");
534 return ERROR_TARGET_NOT_HALTED;
535 }
536
537 if (watchpoint->rw == WPT_ACCESS)
538 rw_mask = 0;
539 else
540 rw_mask = 1;
541
542 if (!arm7_9->wp0_used)
543 {
544 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
545 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
546 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
547 if (watchpoint->mask != 0xffffffffu)
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
549 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
550 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
551
552 if ((retval = jtag_execute_queue()) != ERROR_OK)
553 {
554 return retval;
555 }
556 watchpoint->set = 1;
557 arm7_9->wp0_used = 2;
558 }
559 else if (!arm7_9->wp1_used)
560 {
561 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
562 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
563 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
564 if (watchpoint->mask != 0xffffffffu)
565 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
566 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
567 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
568
569 if ((retval = jtag_execute_queue()) != ERROR_OK)
570 {
571 return retval;
572 }
573 watchpoint->set = 2;
574 arm7_9->wp1_used = 2;
575 }
576 else
577 {
578 LOG_ERROR("BUG: no hardware comparator available");
579 return ERROR_OK;
580 }
581
582 return ERROR_OK;
583 }
584
585 /**
586 * Unset an existing watchpoint and clear the used watchpoint unit.
587 *
588 * @param target Pointer to the target to have the watchpoint removed
589 * @param watchpoint Pointer to the watchpoint to be removed
590 * @return Error status while trying to unset the watchpoint or the result of
591 * executing the JTAG queue
592 */
593 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
594 {
595 int retval = ERROR_OK;
596 armv4_5_common_t *armv4_5 = target->arch_info;
597 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
598
599 if (target->state != TARGET_HALTED)
600 {
601 LOG_WARNING("target not halted");
602 return ERROR_TARGET_NOT_HALTED;
603 }
604
605 if (!watchpoint->set)
606 {
607 LOG_WARNING("breakpoint not set");
608 return ERROR_OK;
609 }
610
611 if (watchpoint->set == 1)
612 {
613 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
614 if ((retval = jtag_execute_queue()) != ERROR_OK)
615 {
616 return retval;
617 }
618 arm7_9->wp0_used = 0;
619 }
620 else if (watchpoint->set == 2)
621 {
622 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
623 if ((retval = jtag_execute_queue()) != ERROR_OK)
624 {
625 return retval;
626 }
627 arm7_9->wp1_used = 0;
628 }
629 watchpoint->set = 0;
630
631 return ERROR_OK;
632 }
633
634 /**
635 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
636 * available, an error response is returned.
637 *
638 * @param target Pointer to the ARM7/9 target to add a watchpoint to
639 * @param watchpoint Pointer to the watchpoint to be added
640 * @return Error status while trying to add the watchpoint
641 */
642 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
643 {
644 armv4_5_common_t *armv4_5 = target->arch_info;
645 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
646
647 if (target->state != TARGET_HALTED)
648 {
649 LOG_WARNING("target not halted");
650 return ERROR_TARGET_NOT_HALTED;
651 }
652
653 if (arm7_9->wp_available < 1)
654 {
655 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
656 }
657
658 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
659 {
660 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
661 }
662
663 arm7_9->wp_available--;
664
665 return ERROR_OK;
666 }
667
668 /**
669 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
670 * the used watchpoint unit will be reopened.
671 *
672 * @param target Pointer to the target to remove a watchpoint from
673 * @param watchpoint Pointer to the watchpoint to be removed
674 * @return Result of trying to unset the watchpoint
675 */
676 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
677 {
678 int retval = ERROR_OK;
679 armv4_5_common_t *armv4_5 = target->arch_info;
680 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
681
682 if (watchpoint->set)
683 {
684 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
685 {
686 return retval;
687 }
688 }
689
690 arm7_9->wp_available++;
691
692 return ERROR_OK;
693 }
694
695 /**
696 * Restarts the target by sending a RESTART instruction and moving the JTAG
697 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
698 * asserted by the processor.
699 *
700 * @param target Pointer to target to issue commands to
701 * @return Error status if there is a timeout or a problem while executing the
702 * JTAG queue
703 */
704 int arm7_9_execute_sys_speed(struct target_s *target)
705 {
706 int retval;
707
708 armv4_5_common_t *armv4_5 = target->arch_info;
709 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
710 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
711 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
712
713 /* set RESTART instruction */
714 jtag_set_end_state(TAP_IDLE);
715 if (arm7_9->need_bypass_before_restart) {
716 arm7_9->need_bypass_before_restart = 0;
717 arm_jtag_set_instr(jtag_info, 0xf, NULL);
718 }
719 arm_jtag_set_instr(jtag_info, 0x4, NULL);
720
721 long long then = timeval_ms();
722 int timeout;
723 while (!(timeout = ((timeval_ms()-then) > 1000)))
724 {
725 /* read debug status register */
726 embeddedice_read_reg(dbg_stat);
727 if ((retval = jtag_execute_queue()) != ERROR_OK)
728 return retval;
729 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
730 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
731 break;
732 if (debug_level >= 3)
733 {
734 alive_sleep(100);
735 } else
736 {
737 keep_alive();
738 }
739 }
740 if (timeout)
741 {
742 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
743 return ERROR_TARGET_TIMEOUT;
744 }
745
746 return ERROR_OK;
747 }
748
749 /**
750 * Restarts the target by sending a RESTART instruction and moving the JTAG
751 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
752 * waiting until they are.
753 *
754 * @param target Pointer to the target to issue commands to
755 * @return Always ERROR_OK
756 */
757 int arm7_9_execute_fast_sys_speed(struct target_s *target)
758 {
759 static int set = 0;
760 static uint8_t check_value[4], check_mask[4];
761
762 armv4_5_common_t *armv4_5 = target->arch_info;
763 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
764 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
765 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
766
767 /* set RESTART instruction */
768 jtag_set_end_state(TAP_IDLE);
769 if (arm7_9->need_bypass_before_restart) {
770 arm7_9->need_bypass_before_restart = 0;
771 arm_jtag_set_instr(jtag_info, 0xf, NULL);
772 }
773 arm_jtag_set_instr(jtag_info, 0x4, NULL);
774
775 if (!set)
776 {
777 /* check for DBGACK and SYSCOMP set (others don't care) */
778
779 /* NB! These are constants that must be available until after next jtag_execute() and
780 * we evaluate the values upon first execution in lieu of setting up these constants
781 * during early setup.
782 * */
783 buf_set_u32(check_value, 0, 32, 0x9);
784 buf_set_u32(check_mask, 0, 32, 0x9);
785 set = 1;
786 }
787
788 /* read debug status register */
789 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
790
791 return ERROR_OK;
792 }
793
794 /**
795 * Get some data from the ARM7/9 target.
796 *
797 * @param target Pointer to the ARM7/9 target to read data from
798 * @param size The number of 32bit words to be read
799 * @param buffer Pointer to the buffer that will hold the data
800 * @return The result of receiving data from the Embedded ICE unit
801 */
802 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
803 {
804 armv4_5_common_t *armv4_5 = target->arch_info;
805 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
806 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
807 uint32_t *data;
808 int retval = ERROR_OK;
809 uint32_t i;
810
811 data = malloc(size * (sizeof(uint32_t)));
812
813 retval = embeddedice_receive(jtag_info, data, size);
814
815 /* return the 32-bit ints in the 8-bit array */
816 for (i = 0; i < size; i++)
817 {
818 h_u32_to_le(buffer + (i * 4), data[i]);
819 }
820
821 free(data);
822
823 return retval;
824 }
825
826 /**
827 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
828 * target is running and the DCC control register has the W bit high, this will
829 * execute the request on the target.
830 *
831 * @param priv Void pointer expected to be a target_t pointer
832 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
833 * from the Embedded ICE unit
834 */
835 int arm7_9_handle_target_request(void *priv)
836 {
837 int retval = ERROR_OK;
838 target_t *target = priv;
839 if (!target_was_examined(target))
840 return ERROR_OK;
841 armv4_5_common_t *armv4_5 = target->arch_info;
842 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
843 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
844 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
845
846 if (!target->dbg_msg_enabled)
847 return ERROR_OK;
848
849 if (target->state == TARGET_RUNNING)
850 {
851 /* read DCC control register */
852 embeddedice_read_reg(dcc_control);
853 if ((retval = jtag_execute_queue()) != ERROR_OK)
854 {
855 return retval;
856 }
857
858 /* check W bit */
859 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
860 {
861 uint32_t request;
862
863 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
864 {
865 return retval;
866 }
867 if ((retval = target_request(target, request)) != ERROR_OK)
868 {
869 return retval;
870 }
871 }
872 }
873
874 return ERROR_OK;
875 }
876
877 /**
878 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
879 * is manipulated to the right halted state based on its current state. This is
880 * what happens:
881 *
882 * <table>
883 * <tr><th > State</th><th > Action</th></tr>
884 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
885 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
886 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
887 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
888 * </table>
889 *
890 * If the target does not end up in the halted state, a warning is produced. If
891 * DBGACK is cleared, then the target is expected to either be running or
892 * running in debug.
893 *
894 * @param target Pointer to the ARM7/9 target to poll
895 * @return ERROR_OK or an error status if a command fails
896 */
897 int arm7_9_poll(target_t *target)
898 {
899 int retval;
900 armv4_5_common_t *armv4_5 = target->arch_info;
901 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
902 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
903
904 /* read debug status register */
905 embeddedice_read_reg(dbg_stat);
906 if ((retval = jtag_execute_queue()) != ERROR_OK)
907 {
908 return retval;
909 }
910
911 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
912 {
913 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
914 if (target->state == TARGET_UNKNOWN)
915 {
916 /* Starting OpenOCD with target in debug-halt */
917 target->state = TARGET_RUNNING;
918 LOG_DEBUG("DBGACK already set during server startup.");
919 }
920 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
921 {
922 int check_pc = 0;
923 if (target->state == TARGET_RESET)
924 {
925 if (target->reset_halt)
926 {
927 enum reset_types jtag_reset_config = jtag_get_reset_config();
928 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
929 {
930 check_pc = 1;
931 }
932 }
933 }
934
935 target->state = TARGET_HALTED;
936
937 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
938 return retval;
939
940 if (check_pc)
941 {
942 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
943 uint32_t t=*((uint32_t *)reg->value);
944 if (t != 0)
945 {
946 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
947 }
948 }
949
950 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
951 {
952 return retval;
953 }
954 }
955 if (target->state == TARGET_DEBUG_RUNNING)
956 {
957 target->state = TARGET_HALTED;
958 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
959 return retval;
960
961 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
962 {
963 return retval;
964 }
965 }
966 if (target->state != TARGET_HALTED)
967 {
968 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
969 }
970 }
971 else
972 {
973 if (target->state != TARGET_DEBUG_RUNNING)
974 target->state = TARGET_RUNNING;
975 }
976
977 return ERROR_OK;
978 }
979
980 /**
981 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
982 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
983 * affected) completely stop the JTAG clock while the core is held in reset
984 * (SRST). It isn't possible to program the halt condition once reset is
985 * asserted, hence a hook that allows the target to set up its reset-halt
986 * condition is setup prior to asserting reset.
987 *
988 * @param target Pointer to an ARM7/9 target to assert reset on
989 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
990 */
991 int arm7_9_assert_reset(target_t *target)
992 {
993 armv4_5_common_t *armv4_5 = target->arch_info;
994 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
995 LOG_DEBUG("target->state: %s",
996 target_state_name(target));
997
998 enum reset_types jtag_reset_config = jtag_get_reset_config();
999 if (!(jtag_reset_config & RESET_HAS_SRST))
1000 {
1001 LOG_ERROR("Can't assert SRST");
1002 return ERROR_FAIL;
1003 }
1004
1005 if (target->reset_halt)
1006 {
1007 /*
1008 * Some targets do not support communication while SRST is asserted. We need to
1009 * set up the reset vector catch here.
1010 *
1011 * If TRST is asserted, then these settings will be reset anyway, so setting them
1012 * here is harmless.
1013 */
1014 if (arm7_9->has_vector_catch)
1015 {
1016 /* program vector catch register to catch reset vector */
1017 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1018 }
1019 else
1020 {
1021 /* program watchpoint unit to match on reset vector address */
1022 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1023 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1024 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1025 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1026 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1027 }
1028 }
1029
1030 /* here we should issue an SRST only, but we may have to assert TRST as well */
1031 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1032 {
1033 jtag_add_reset(1, 1);
1034 } else
1035 {
1036 jtag_add_reset(0, 1);
1037 }
1038
1039 target->state = TARGET_RESET;
1040 jtag_add_sleep(50000);
1041
1042 armv4_5_invalidate_core_regs(target);
1043
1044 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1045 {
1046 /* debug entry was already prepared in arm7_9_assert_reset() */
1047 target->debug_reason = DBG_REASON_DBGRQ;
1048 }
1049
1050 return ERROR_OK;
1051 }
1052
1053 /**
1054 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1055 * and the target is being reset into a halt, a warning will be triggered
1056 * because it is not possible to reset into a halted mode in this case. The
1057 * target is halted using the target's functions.
1058 *
1059 * @param target Pointer to the target to have the reset deasserted
1060 * @return ERROR_OK or an error from polling or halting the target
1061 */
1062 int arm7_9_deassert_reset(target_t *target)
1063 {
1064 int retval = ERROR_OK;
1065 LOG_DEBUG("target->state: %s",
1066 target_state_name(target));
1067
1068 /* deassert reset lines */
1069 jtag_add_reset(0, 0);
1070
1071 enum reset_types jtag_reset_config = jtag_get_reset_config();
1072 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1073 {
1074 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1075 /* set up embedded ice registers again */
1076 if ((retval = target_examine_one(target)) != ERROR_OK)
1077 return retval;
1078
1079 if ((retval = target_poll(target)) != ERROR_OK)
1080 {
1081 return retval;
1082 }
1083
1084 if ((retval = target_halt(target)) != ERROR_OK)
1085 {
1086 return retval;
1087 }
1088
1089 }
1090 return retval;
1091 }
1092
1093 /**
1094 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1095 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1096 * vector catch was used, it is restored. Otherwise, the control value is
1097 * restored and the watchpoint unit is restored if it was in use.
1098 *
1099 * @param target Pointer to the ARM7/9 target to have halt cleared
1100 * @return Always ERROR_OK
1101 */
1102 int arm7_9_clear_halt(target_t *target)
1103 {
1104 armv4_5_common_t *armv4_5 = target->arch_info;
1105 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1106 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1107
1108 /* we used DBGRQ only if we didn't come out of reset */
1109 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1110 {
1111 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1112 */
1113 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1114 embeddedice_store_reg(dbg_ctrl);
1115 }
1116 else
1117 {
1118 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1119 {
1120 /* if we came out of reset, and vector catch is supported, we used
1121 * vector catch to enter debug state
1122 * restore the register in that case
1123 */
1124 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1125 }
1126 else
1127 {
1128 /* restore registers if watchpoint unit 0 was in use
1129 */
1130 if (arm7_9->wp0_used)
1131 {
1132 if (arm7_9->debug_entry_from_reset)
1133 {
1134 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1135 }
1136 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1137 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1138 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1139 }
1140 /* control value always has to be restored, as it was either disabled,
1141 * or enabled with possibly different bits
1142 */
1143 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1144 }
1145 }
1146
1147 return ERROR_OK;
1148 }
1149
1150 /**
1151 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1152 * and then there is a wait until the processor shows the halt. This wait can
1153 * timeout and results in an error being returned. The software reset involves
1154 * clearing the halt, updating the debug control register, changing to ARM mode,
1155 * reset of the program counter, and reset of all of the registers.
1156 *
1157 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1158 * @return Error status if any of the commands fail, otherwise ERROR_OK
1159 */
1160 int arm7_9_soft_reset_halt(struct target_s *target)
1161 {
1162 armv4_5_common_t *armv4_5 = target->arch_info;
1163 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1164 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1165 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1166 int i;
1167 int retval;
1168
1169 if ((retval = target_halt(target)) != ERROR_OK)
1170 return retval;
1171
1172 long long then = timeval_ms();
1173 int timeout;
1174 while (!(timeout = ((timeval_ms()-then) > 1000)))
1175 {
1176 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1177 break;
1178 embeddedice_read_reg(dbg_stat);
1179 if ((retval = jtag_execute_queue()) != ERROR_OK)
1180 return retval;
1181 if (debug_level >= 3)
1182 {
1183 alive_sleep(100);
1184 } else
1185 {
1186 keep_alive();
1187 }
1188 }
1189 if (timeout)
1190 {
1191 LOG_ERROR("Failed to halt CPU after 1 sec");
1192 return ERROR_TARGET_TIMEOUT;
1193 }
1194 target->state = TARGET_HALTED;
1195
1196 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1197 * ensure that DBGRQ is cleared
1198 */
1199 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1200 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1201 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1202 embeddedice_store_reg(dbg_ctrl);
1203
1204 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1205 {
1206 return retval;
1207 }
1208
1209 /* if the target is in Thumb state, change to ARM state */
1210 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1211 {
1212 uint32_t r0_thumb, pc_thumb;
1213 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1214 /* Entered debug from Thumb mode */
1215 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1216 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1217 }
1218
1219 /* all register content is now invalid */
1220 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1221 {
1222 return retval;
1223 }
1224
1225 /* SVC, ARM state, IRQ and FIQ disabled */
1226 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1227 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1228 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1229
1230 /* start fetching from 0x0 */
1231 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1232 armv4_5->core_cache->reg_list[15].dirty = 1;
1233 armv4_5->core_cache->reg_list[15].valid = 1;
1234
1235 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1236 armv4_5->core_state = ARMV4_5_STATE_ARM;
1237
1238 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1239 return ERROR_FAIL;
1240
1241 /* reset registers */
1242 for (i = 0; i <= 14; i++)
1243 {
1244 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1245 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1246 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1247 }
1248
1249 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1250 {
1251 return retval;
1252 }
1253
1254 return ERROR_OK;
1255 }
1256
1257 /**
1258 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1259 * line or by programming a watchpoint to trigger on any address. It is
1260 * considered a bug to call this function while the target is in the
1261 * TARGET_RESET state.
1262 *
1263 * @param target Pointer to the ARM7/9 target to be halted
1264 * @return Always ERROR_OK
1265 */
1266 int arm7_9_halt(target_t *target)
1267 {
1268 if (target->state == TARGET_RESET)
1269 {
1270 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1271 return ERROR_OK;
1272 }
1273
1274 armv4_5_common_t *armv4_5 = target->arch_info;
1275 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1276 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1277
1278 LOG_DEBUG("target->state: %s",
1279 target_state_name(target));
1280
1281 if (target->state == TARGET_HALTED)
1282 {
1283 LOG_DEBUG("target was already halted");
1284 return ERROR_OK;
1285 }
1286
1287 if (target->state == TARGET_UNKNOWN)
1288 {
1289 LOG_WARNING("target was in unknown state when halt was requested");
1290 }
1291
1292 if (arm7_9->use_dbgrq)
1293 {
1294 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1295 */
1296 if (arm7_9->set_special_dbgrq) {
1297 arm7_9->set_special_dbgrq(target);
1298 } else {
1299 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1300 embeddedice_store_reg(dbg_ctrl);
1301 }
1302 }
1303 else
1304 {
1305 /* program watchpoint unit to match on any address
1306 */
1307 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1308 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1309 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1310 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1311 }
1312
1313 target->debug_reason = DBG_REASON_DBGRQ;
1314
1315 return ERROR_OK;
1316 }
1317
1318 /**
1319 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1320 * ARM. The JTAG queue is then executed and the reason for debug entry is
1321 * examined. Once done, the target is verified to be halted and the processor
1322 * is forced into ARM mode. The core registers are saved for the current core
1323 * mode and the program counter (register 15) is updated as needed. The core
1324 * registers and CPSR and SPSR are saved for restoration later.
1325 *
1326 * @param target Pointer to target that is entering debug mode
1327 * @return Error code if anything fails, otherwise ERROR_OK
1328 */
1329 int arm7_9_debug_entry(target_t *target)
1330 {
1331 int i;
1332 uint32_t context[16];
1333 uint32_t* context_p[16];
1334 uint32_t r0_thumb, pc_thumb;
1335 uint32_t cpsr;
1336 int retval;
1337 /* get pointers to arch-specific information */
1338 armv4_5_common_t *armv4_5 = target->arch_info;
1339 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1340 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1341 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1342
1343 #ifdef _DEBUG_ARM7_9_
1344 LOG_DEBUG("-");
1345 #endif
1346
1347 if (arm7_9->pre_debug_entry)
1348 arm7_9->pre_debug_entry(target);
1349
1350 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1351 * ensure that DBGRQ is cleared
1352 */
1353 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1354 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1355 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1356 embeddedice_store_reg(dbg_ctrl);
1357
1358 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1359 {
1360 return retval;
1361 }
1362
1363 if ((retval = jtag_execute_queue()) != ERROR_OK)
1364 {
1365 return retval;
1366 }
1367
1368 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1369 return retval;
1370
1371
1372 if (target->state != TARGET_HALTED)
1373 {
1374 LOG_WARNING("target not halted");
1375 return ERROR_TARGET_NOT_HALTED;
1376 }
1377
1378 /* if the target is in Thumb state, change to ARM state */
1379 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1380 {
1381 LOG_DEBUG("target entered debug from Thumb state");
1382 /* Entered debug from Thumb mode */
1383 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1384 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1385 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1386 }
1387 else
1388 {
1389 LOG_DEBUG("target entered debug from ARM state");
1390 /* Entered debug from ARM mode */
1391 armv4_5->core_state = ARMV4_5_STATE_ARM;
1392 }
1393
1394 for (i = 0; i < 16; i++)
1395 context_p[i] = &context[i];
1396 /* save core registers (r0 - r15 of current core mode) */
1397 arm7_9->read_core_regs(target, 0xffff, context_p);
1398
1399 arm7_9->read_xpsr(target, &cpsr, 0);
1400
1401 if ((retval = jtag_execute_queue()) != ERROR_OK)
1402 return retval;
1403
1404 /* if the core has been executing in Thumb state, set the T bit */
1405 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1406 cpsr |= 0x20;
1407
1408 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1409 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1410 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1411
1412 armv4_5->core_mode = cpsr & 0x1f;
1413
1414 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1415 {
1416 target->state = TARGET_UNKNOWN;
1417 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1418 return ERROR_TARGET_FAILURE;
1419 }
1420
1421 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1422
1423 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1424 {
1425 LOG_DEBUG("thumb state, applying fixups");
1426 context[0] = r0_thumb;
1427 context[15] = pc_thumb;
1428 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1429 {
1430 /* adjust value stored by STM */
1431 context[15] -= 3 * 4;
1432 }
1433
1434 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1435 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1436 else
1437 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1438
1439 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1440 return ERROR_FAIL;
1441
1442 for (i = 0; i <= 15; i++)
1443 {
1444 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1445 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1446 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1447 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1448 }
1449
1450 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1451
1452 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1453 return ERROR_FAIL;
1454
1455 /* exceptions other than USR & SYS have a saved program status register */
1456 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1457 {
1458 uint32_t spsr;
1459 arm7_9->read_xpsr(target, &spsr, 1);
1460 if ((retval = jtag_execute_queue()) != ERROR_OK)
1461 {
1462 return retval;
1463 }
1464 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1465 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1466 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1467 }
1468
1469 /* r0 and r15 (pc) have to be restored later */
1470 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1471 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1472
1473 if ((retval = jtag_execute_queue()) != ERROR_OK)
1474 return retval;
1475
1476 if (arm7_9->post_debug_entry)
1477 arm7_9->post_debug_entry(target);
1478
1479 return ERROR_OK;
1480 }
1481
1482 /**
1483 * Validate the full context for an ARM7/9 target in all processor modes. If
1484 * there are any invalid registers for the target, they will all be read. This
1485 * includes the PSR.
1486 *
1487 * @param target Pointer to the ARM7/9 target to capture the full context from
1488 * @return Error if the target is not halted, has an invalid core mode, or if
1489 * the JTAG queue fails to execute
1490 */
1491 int arm7_9_full_context(target_t *target)
1492 {
1493 int i;
1494 int retval;
1495 armv4_5_common_t *armv4_5 = target->arch_info;
1496 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1497
1498 LOG_DEBUG("-");
1499
1500 if (target->state != TARGET_HALTED)
1501 {
1502 LOG_WARNING("target not halted");
1503 return ERROR_TARGET_NOT_HALTED;
1504 }
1505
1506 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1507 return ERROR_FAIL;
1508
1509 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1510 * SYS shares registers with User, so we don't touch SYS
1511 */
1512 for (i = 0; i < 6; i++)
1513 {
1514 uint32_t mask = 0;
1515 uint32_t* reg_p[16];
1516 int j;
1517 int valid = 1;
1518
1519 /* check if there are invalid registers in the current mode
1520 */
1521 for (j = 0; j <= 16; j++)
1522 {
1523 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1524 valid = 0;
1525 }
1526
1527 if (!valid)
1528 {
1529 uint32_t tmp_cpsr;
1530
1531 /* change processor mode (and mask T bit) */
1532 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1533 tmp_cpsr |= armv4_5_number_to_mode(i);
1534 tmp_cpsr &= ~0x20;
1535 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1536
1537 for (j = 0; j < 15; j++)
1538 {
1539 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1540 {
1541 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1542 mask |= 1 << j;
1543 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1544 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1545 }
1546 }
1547
1548 /* if only the PSR is invalid, mask is all zeroes */
1549 if (mask)
1550 arm7_9->read_core_regs(target, mask, reg_p);
1551
1552 /* check if the PSR has to be read */
1553 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1554 {
1555 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1556 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1557 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1558 }
1559 }
1560 }
1561
1562 /* restore processor mode (mask T bit) */
1563 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1564
1565 if ((retval = jtag_execute_queue()) != ERROR_OK)
1566 {
1567 return retval;
1568 }
1569 return ERROR_OK;
1570 }
1571
1572 /**
1573 * Restore the processor context on an ARM7/9 target. The full processor
1574 * context is analyzed to see if any of the registers are dirty on this end, but
1575 * have a valid new value. If this is the case, the processor is changed to the
1576 * appropriate mode and the new register values are written out to the
1577 * processor. If there happens to be a dirty register with an invalid value, an
1578 * error will be logged.
1579 *
1580 * @param target Pointer to the ARM7/9 target to have its context restored
1581 * @return Error status if the target is not halted or the core mode in the
1582 * armv4_5 struct is invalid.
1583 */
1584 int arm7_9_restore_context(target_t *target)
1585 {
1586 armv4_5_common_t *armv4_5 = target->arch_info;
1587 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1588 reg_t *reg;
1589 armv4_5_core_reg_t *reg_arch_info;
1590 enum armv4_5_mode current_mode = armv4_5->core_mode;
1591 int i, j;
1592 int dirty;
1593 int mode_change;
1594
1595 LOG_DEBUG("-");
1596
1597 if (target->state != TARGET_HALTED)
1598 {
1599 LOG_WARNING("target not halted");
1600 return ERROR_TARGET_NOT_HALTED;
1601 }
1602
1603 if (arm7_9->pre_restore_context)
1604 arm7_9->pre_restore_context(target);
1605
1606 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1607 return ERROR_FAIL;
1608
1609 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1610 * SYS shares registers with User, so we don't touch SYS
1611 */
1612 for (i = 0; i < 6; i++)
1613 {
1614 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1615 dirty = 0;
1616 mode_change = 0;
1617 /* check if there are dirty registers in the current mode
1618 */
1619 for (j = 0; j <= 16; j++)
1620 {
1621 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1622 reg_arch_info = reg->arch_info;
1623 if (reg->dirty == 1)
1624 {
1625 if (reg->valid == 1)
1626 {
1627 dirty = 1;
1628 LOG_DEBUG("examining dirty reg: %s", reg->name);
1629 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1630 && (reg_arch_info->mode != current_mode)
1631 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1632 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1633 {
1634 mode_change = 1;
1635 LOG_DEBUG("require mode change");
1636 }
1637 }
1638 else
1639 {
1640 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1641 }
1642 }
1643 }
1644
1645 if (dirty)
1646 {
1647 uint32_t mask = 0x0;
1648 int num_regs = 0;
1649 uint32_t regs[16];
1650
1651 if (mode_change)
1652 {
1653 uint32_t tmp_cpsr;
1654
1655 /* change processor mode (mask T bit) */
1656 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1657 tmp_cpsr |= armv4_5_number_to_mode(i);
1658 tmp_cpsr &= ~0x20;
1659 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1660 current_mode = armv4_5_number_to_mode(i);
1661 }
1662
1663 for (j = 0; j <= 14; j++)
1664 {
1665 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1666 reg_arch_info = reg->arch_info;
1667
1668
1669 if (reg->dirty == 1)
1670 {
1671 regs[j] = buf_get_u32(reg->value, 0, 32);
1672 mask |= 1 << j;
1673 num_regs++;
1674 reg->dirty = 0;
1675 reg->valid = 1;
1676 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1677 }
1678 }
1679
1680 if (mask)
1681 {
1682 arm7_9->write_core_regs(target, mask, regs);
1683 }
1684
1685 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1686 reg_arch_info = reg->arch_info;
1687 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1688 {
1689 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1690 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1691 }
1692 }
1693 }
1694
1695 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1696 {
1697 /* restore processor mode (mask T bit) */
1698 uint32_t tmp_cpsr;
1699
1700 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1701 tmp_cpsr |= armv4_5_number_to_mode(i);
1702 tmp_cpsr &= ~0x20;
1703 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1704 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1705 }
1706 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1707 {
1708 /* CPSR has been changed, full restore necessary (mask T bit) */
1709 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1710 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1711 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1712 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1713 }
1714
1715 /* restore PC */
1716 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1717 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1718 armv4_5->core_cache->reg_list[15].dirty = 0;
1719
1720 if (arm7_9->post_restore_context)
1721 arm7_9->post_restore_context(target);
1722
1723 return ERROR_OK;
1724 }
1725
1726 /**
1727 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1728 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1729 * restart.
1730 *
1731 * @param target Pointer to the ARM7/9 target to be restarted
1732 * @return Result of executing the JTAG queue
1733 */
1734 int arm7_9_restart_core(struct target_s *target)
1735 {
1736 armv4_5_common_t *armv4_5 = target->arch_info;
1737 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1738 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1739
1740 /* set RESTART instruction */
1741 jtag_set_end_state(TAP_IDLE);
1742 if (arm7_9->need_bypass_before_restart) {
1743 arm7_9->need_bypass_before_restart = 0;
1744 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1745 }
1746 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1747
1748 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1749 return jtag_execute_queue();
1750 }
1751
1752 /**
1753 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1754 * iterated through and are set on the target if they aren't already set.
1755 *
1756 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1757 */
1758 void arm7_9_enable_watchpoints(struct target_s *target)
1759 {
1760 watchpoint_t *watchpoint = target->watchpoints;
1761
1762 while (watchpoint)
1763 {
1764 if (watchpoint->set == 0)
1765 arm7_9_set_watchpoint(target, watchpoint);
1766 watchpoint = watchpoint->next;
1767 }
1768 }
1769
1770 /**
1771 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1772 * iterated through and are set on the target.
1773 *
1774 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1775 */
1776 void arm7_9_enable_breakpoints(struct target_s *target)
1777 {
1778 breakpoint_t *breakpoint = target->breakpoints;
1779
1780 /* set any pending breakpoints */
1781 while (breakpoint)
1782 {
1783 arm7_9_set_breakpoint(target, breakpoint);
1784 breakpoint = breakpoint->next;
1785 }
1786 }
1787
1788 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1789 {
1790 armv4_5_common_t *armv4_5 = target->arch_info;
1791 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1792 breakpoint_t *breakpoint = target->breakpoints;
1793 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1794 int err, retval = ERROR_OK;
1795
1796 LOG_DEBUG("-");
1797
1798 if (target->state != TARGET_HALTED)
1799 {
1800 LOG_WARNING("target not halted");
1801 return ERROR_TARGET_NOT_HALTED;
1802 }
1803
1804 if (!debug_execution)
1805 {
1806 target_free_all_working_areas(target);
1807 }
1808
1809 /* current = 1: continue on current pc, otherwise continue at <address> */
1810 if (!current)
1811 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1812
1813 uint32_t current_pc;
1814 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1815
1816 /* the front-end may request us not to handle breakpoints */
1817 if (handle_breakpoints)
1818 {
1819 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1820 {
1821 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1822 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1823 {
1824 return retval;
1825 }
1826
1827 /* calculate PC of next instruction */
1828 uint32_t next_pc;
1829 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1830 {
1831 uint32_t current_opcode;
1832 target_read_u32(target, current_pc, &current_opcode);
1833 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1834 return retval;
1835 }
1836
1837 LOG_DEBUG("enable single-step");
1838 arm7_9->enable_single_step(target, next_pc);
1839
1840 target->debug_reason = DBG_REASON_SINGLESTEP;
1841
1842 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1843 {
1844 return retval;
1845 }
1846
1847 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1848 arm7_9->branch_resume(target);
1849 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1850 {
1851 arm7_9->branch_resume_thumb(target);
1852 }
1853 else
1854 {
1855 LOG_ERROR("unhandled core state");
1856 return ERROR_FAIL;
1857 }
1858
1859 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1860 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1861 err = arm7_9_execute_sys_speed(target);
1862
1863 LOG_DEBUG("disable single-step");
1864 arm7_9->disable_single_step(target);
1865
1866 if (err != ERROR_OK)
1867 {
1868 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1869 {
1870 return retval;
1871 }
1872 target->state = TARGET_UNKNOWN;
1873 return err;
1874 }
1875
1876 arm7_9_debug_entry(target);
1877 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1878
1879 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1880 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1881 {
1882 return retval;
1883 }
1884 }
1885 }
1886
1887 /* enable any pending breakpoints and watchpoints */
1888 arm7_9_enable_breakpoints(target);
1889 arm7_9_enable_watchpoints(target);
1890
1891 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1892 {
1893 return retval;
1894 }
1895
1896 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1897 {
1898 arm7_9->branch_resume(target);
1899 }
1900 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1901 {
1902 arm7_9->branch_resume_thumb(target);
1903 }
1904 else
1905 {
1906 LOG_ERROR("unhandled core state");
1907 return ERROR_FAIL;
1908 }
1909
1910 /* deassert DBGACK and INTDIS */
1911 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1912 /* INTDIS only when we really resume, not during debug execution */
1913 if (!debug_execution)
1914 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1915 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1916
1917 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1918 {
1919 return retval;
1920 }
1921
1922 target->debug_reason = DBG_REASON_NOTHALTED;
1923
1924 if (!debug_execution)
1925 {
1926 /* registers are now invalid */
1927 armv4_5_invalidate_core_regs(target);
1928 target->state = TARGET_RUNNING;
1929 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1930 {
1931 return retval;
1932 }
1933 }
1934 else
1935 {
1936 target->state = TARGET_DEBUG_RUNNING;
1937 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1938 {
1939 return retval;
1940 }
1941 }
1942
1943 LOG_DEBUG("target resumed");
1944
1945 return ERROR_OK;
1946 }
1947
1948 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1949 {
1950 armv4_5_common_t *armv4_5 = target->arch_info;
1951 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1952
1953 uint32_t current_pc;
1954 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1955
1956 if (next_pc != current_pc)
1957 {
1958 /* setup an inverse breakpoint on the current PC
1959 * - comparator 1 matches the current address
1960 * - rangeout from comparator 1 is connected to comparator 0 rangein
1961 * - comparator 0 matches any address, as long as rangein is low */
1962 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1963 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1964 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1965 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1966 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1967 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1968 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1969 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1970 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1971 }
1972 else
1973 {
1974 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1975 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1976 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1977 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1978 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1979 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1980 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1981 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1982 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1983 }
1984 }
1985
1986 void arm7_9_disable_eice_step(target_t *target)
1987 {
1988 armv4_5_common_t *armv4_5 = target->arch_info;
1989 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1990
1991 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1992 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1993 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1994 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1995 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1996 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1997 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1998 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1999 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2000 }
2001
2002 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2003 {
2004 armv4_5_common_t *armv4_5 = target->arch_info;
2005 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2006 breakpoint_t *breakpoint = NULL;
2007 int err, retval;
2008
2009 if (target->state != TARGET_HALTED)
2010 {
2011 LOG_WARNING("target not halted");
2012 return ERROR_TARGET_NOT_HALTED;
2013 }
2014
2015 /* current = 1: continue on current pc, otherwise continue at <address> */
2016 if (!current)
2017 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2018
2019 uint32_t current_pc;
2020 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2021
2022 /* the front-end may request us not to handle breakpoints */
2023 if (handle_breakpoints)
2024 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2025 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2026 {
2027 return retval;
2028 }
2029
2030 target->debug_reason = DBG_REASON_SINGLESTEP;
2031
2032 /* calculate PC of next instruction */
2033 uint32_t next_pc;
2034 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2035 {
2036 uint32_t current_opcode;
2037 target_read_u32(target, current_pc, &current_opcode);
2038 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2039 return retval;
2040 }
2041
2042 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2043 {
2044 return retval;
2045 }
2046
2047 arm7_9->enable_single_step(target, next_pc);
2048
2049 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2050 {
2051 arm7_9->branch_resume(target);
2052 }
2053 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2054 {
2055 arm7_9->branch_resume_thumb(target);
2056 }
2057 else
2058 {
2059 LOG_ERROR("unhandled core state");
2060 return ERROR_FAIL;
2061 }
2062
2063 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2064 {
2065 return retval;
2066 }
2067
2068 err = arm7_9_execute_sys_speed(target);
2069 arm7_9->disable_single_step(target);
2070
2071 /* registers are now invalid */
2072 armv4_5_invalidate_core_regs(target);
2073
2074 if (err != ERROR_OK)
2075 {
2076 target->state = TARGET_UNKNOWN;
2077 } else {
2078 arm7_9_debug_entry(target);
2079 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2080 {
2081 return retval;
2082 }
2083 LOG_DEBUG("target stepped");
2084 }
2085
2086 if (breakpoint)
2087 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2088 {
2089 return retval;
2090 }
2091
2092 return err;
2093 }
2094
2095 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2096 {
2097 uint32_t* reg_p[16];
2098 uint32_t value;
2099 int retval;
2100 armv4_5_common_t *armv4_5 = target->arch_info;
2101 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2102
2103 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2104 return ERROR_FAIL;
2105
2106 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2107
2108 if ((num < 0) || (num > 16))
2109 return ERROR_INVALID_ARGUMENTS;
2110
2111 if ((mode != ARMV4_5_MODE_ANY)
2112 && (mode != armv4_5->core_mode)
2113 && (reg_mode != ARMV4_5_MODE_ANY))
2114 {
2115 uint32_t tmp_cpsr;
2116
2117 /* change processor mode (mask T bit) */
2118 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2119 tmp_cpsr |= mode;
2120 tmp_cpsr &= ~0x20;
2121 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2122 }
2123
2124 if ((num >= 0) && (num <= 15))
2125 {
2126 /* read a normal core register */
2127 reg_p[num] = &value;
2128
2129 arm7_9->read_core_regs(target, 1 << num, reg_p);
2130 }
2131 else
2132 {
2133 /* read a program status register
2134 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2135 */
2136 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2137 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2138
2139 arm7_9->read_xpsr(target, &value, spsr);
2140 }
2141
2142 if ((retval = jtag_execute_queue()) != ERROR_OK)
2143 {
2144 return retval;
2145 }
2146
2147 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2148 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2149 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2150
2151 if ((mode != ARMV4_5_MODE_ANY)
2152 && (mode != armv4_5->core_mode)
2153 && (reg_mode != ARMV4_5_MODE_ANY)) {
2154 /* restore processor mode (mask T bit) */
2155 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2156 }
2157
2158 return ERROR_OK;
2159 }
2160
2161 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2162 {
2163 uint32_t reg[16];
2164 armv4_5_common_t *armv4_5 = target->arch_info;
2165 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2166
2167 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2168 return ERROR_FAIL;
2169
2170 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2171
2172 if ((num < 0) || (num > 16))
2173 return ERROR_INVALID_ARGUMENTS;
2174
2175 if ((mode != ARMV4_5_MODE_ANY)
2176 && (mode != armv4_5->core_mode)
2177 && (reg_mode != ARMV4_5_MODE_ANY)) {
2178 uint32_t tmp_cpsr;
2179
2180 /* change processor mode (mask T bit) */
2181 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2182 tmp_cpsr |= mode;
2183 tmp_cpsr &= ~0x20;
2184 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2185 }
2186
2187 if ((num >= 0) && (num <= 15))
2188 {
2189 /* write a normal core register */
2190 reg[num] = value;
2191
2192 arm7_9->write_core_regs(target, 1 << num, reg);
2193 }
2194 else
2195 {
2196 /* write a program status register
2197 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2198 */
2199 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2200 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2201
2202 /* if we're writing the CPSR, mask the T bit */
2203 if (!spsr)
2204 value &= ~0x20;
2205
2206 arm7_9->write_xpsr(target, value, spsr);
2207 }
2208
2209 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2210 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2211
2212 if ((mode != ARMV4_5_MODE_ANY)
2213 && (mode != armv4_5->core_mode)
2214 && (reg_mode != ARMV4_5_MODE_ANY)) {
2215 /* restore processor mode (mask T bit) */
2216 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2217 }
2218
2219 return jtag_execute_queue();
2220 }
2221
2222 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2223 {
2224 armv4_5_common_t *armv4_5 = target->arch_info;
2225 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2226
2227 uint32_t reg[16];
2228 uint32_t num_accesses = 0;
2229 int thisrun_accesses;
2230 int i;
2231 uint32_t cpsr;
2232 int retval;
2233 int last_reg = 0;
2234
2235 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2236
2237 if (target->state != TARGET_HALTED)
2238 {
2239 LOG_WARNING("target not halted");
2240 return ERROR_TARGET_NOT_HALTED;
2241 }
2242
2243 /* sanitize arguments */
2244 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2245 return ERROR_INVALID_ARGUMENTS;
2246
2247 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2248 return ERROR_TARGET_UNALIGNED_ACCESS;
2249
2250 /* load the base register with the address of the first word */
2251 reg[0] = address;
2252 arm7_9->write_core_regs(target, 0x1, reg);
2253
2254 int j = 0;
2255
2256 switch (size)
2257 {
2258 case 4:
2259 while (num_accesses < count)
2260 {
2261 uint32_t reg_list;
2262 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2263 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2264
2265 if (last_reg <= thisrun_accesses)
2266 last_reg = thisrun_accesses;
2267
2268 arm7_9->load_word_regs(target, reg_list);
2269
2270 /* fast memory reads are only safe when the target is running
2271 * from a sufficiently high clock (32 kHz is usually too slow)
2272 */
2273 if (arm7_9->fast_memory_access)
2274 retval = arm7_9_execute_fast_sys_speed(target);
2275 else
2276 retval = arm7_9_execute_sys_speed(target);
2277 if (retval != ERROR_OK)
2278 return retval;
2279
2280 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2281
2282 /* advance buffer, count number of accesses */
2283 buffer += thisrun_accesses * 4;
2284 num_accesses += thisrun_accesses;
2285
2286 if ((j++%1024) == 0)
2287 {
2288 keep_alive();
2289 }
2290 }
2291 break;
2292 case 2:
2293 while (num_accesses < count)
2294 {
2295 uint32_t reg_list;
2296 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2297 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2298
2299 for (i = 1; i <= thisrun_accesses; i++)
2300 {
2301 if (i > last_reg)
2302 last_reg = i;
2303 arm7_9->load_hword_reg(target, i);
2304 /* fast memory reads are only safe when the target is running
2305 * from a sufficiently high clock (32 kHz is usually too slow)
2306 */
2307 if (arm7_9->fast_memory_access)
2308 retval = arm7_9_execute_fast_sys_speed(target);
2309 else
2310 retval = arm7_9_execute_sys_speed(target);
2311 if (retval != ERROR_OK)
2312 {
2313 return retval;
2314 }
2315
2316 }
2317
2318 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2319
2320 /* advance buffer, count number of accesses */
2321 buffer += thisrun_accesses * 2;
2322 num_accesses += thisrun_accesses;
2323
2324 if ((j++%1024) == 0)
2325 {
2326 keep_alive();
2327 }
2328 }
2329 break;
2330 case 1:
2331 while (num_accesses < count)
2332 {
2333 uint32_t reg_list;
2334 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2335 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2336
2337 for (i = 1; i <= thisrun_accesses; i++)
2338 {
2339 if (i > last_reg)
2340 last_reg = i;
2341 arm7_9->load_byte_reg(target, i);
2342 /* fast memory reads are only safe when the target is running
2343 * from a sufficiently high clock (32 kHz is usually too slow)
2344 */
2345 if (arm7_9->fast_memory_access)
2346 retval = arm7_9_execute_fast_sys_speed(target);
2347 else
2348 retval = arm7_9_execute_sys_speed(target);
2349 if (retval != ERROR_OK)
2350 {
2351 return retval;
2352 }
2353 }
2354
2355 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2356
2357 /* advance buffer, count number of accesses */
2358 buffer += thisrun_accesses * 1;
2359 num_accesses += thisrun_accesses;
2360
2361 if ((j++%1024) == 0)
2362 {
2363 keep_alive();
2364 }
2365 }
2366 break;
2367 default:
2368 LOG_ERROR("BUG: we shouldn't get here");
2369 exit(-1);
2370 break;
2371 }
2372
2373 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2374 return ERROR_FAIL;
2375
2376 for (i = 0; i <= last_reg; i++)
2377 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2378
2379 arm7_9->read_xpsr(target, &cpsr, 0);
2380 if ((retval = jtag_execute_queue()) != ERROR_OK)
2381 {
2382 LOG_ERROR("JTAG error while reading cpsr");
2383 return ERROR_TARGET_DATA_ABORT;
2384 }
2385
2386 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2387 {
2388 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2389
2390 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2391
2392 return ERROR_TARGET_DATA_ABORT;
2393 }
2394
2395 return ERROR_OK;
2396 }
2397
2398 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2399 {
2400 armv4_5_common_t *armv4_5 = target->arch_info;
2401 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2402 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2403
2404 uint32_t reg[16];
2405 uint32_t num_accesses = 0;
2406 int thisrun_accesses;
2407 int i;
2408 uint32_t cpsr;
2409 int retval;
2410 int last_reg = 0;
2411
2412 #ifdef _DEBUG_ARM7_9_
2413 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2414 #endif
2415
2416 if (target->state != TARGET_HALTED)
2417 {
2418 LOG_WARNING("target not halted");
2419 return ERROR_TARGET_NOT_HALTED;
2420 }
2421
2422 /* sanitize arguments */
2423 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2424 return ERROR_INVALID_ARGUMENTS;
2425
2426 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2427 return ERROR_TARGET_UNALIGNED_ACCESS;
2428
2429 /* load the base register with the address of the first word */
2430 reg[0] = address;
2431 arm7_9->write_core_regs(target, 0x1, reg);
2432
2433 /* Clear DBGACK, to make sure memory fetches work as expected */
2434 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2435 embeddedice_store_reg(dbg_ctrl);
2436
2437 switch (size)
2438 {
2439 case 4:
2440 while (num_accesses < count)
2441 {
2442 uint32_t reg_list;
2443 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2444 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2445
2446 for (i = 1; i <= thisrun_accesses; i++)
2447 {
2448 if (i > last_reg)
2449 last_reg = i;
2450 reg[i] = target_buffer_get_u32(target, buffer);
2451 buffer += 4;
2452 }
2453
2454 arm7_9->write_core_regs(target, reg_list, reg);
2455
2456 arm7_9->store_word_regs(target, reg_list);
2457
2458 /* fast memory writes are only safe when the target is running
2459 * from a sufficiently high clock (32 kHz is usually too slow)
2460 */
2461 if (arm7_9->fast_memory_access)
2462 retval = arm7_9_execute_fast_sys_speed(target);
2463 else
2464 retval = arm7_9_execute_sys_speed(target);
2465 if (retval != ERROR_OK)
2466 {
2467 return retval;
2468 }
2469
2470 num_accesses += thisrun_accesses;
2471 }
2472 break;
2473 case 2:
2474 while (num_accesses < count)
2475 {
2476 uint32_t reg_list;
2477 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2478 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2479
2480 for (i = 1; i <= thisrun_accesses; i++)
2481 {
2482 if (i > last_reg)
2483 last_reg = i;
2484 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2485 buffer += 2;
2486 }
2487
2488 arm7_9->write_core_regs(target, reg_list, reg);
2489
2490 for (i = 1; i <= thisrun_accesses; i++)
2491 {
2492 arm7_9->store_hword_reg(target, i);
2493
2494 /* fast memory writes are only safe when the target is running
2495 * from a sufficiently high clock (32 kHz is usually too slow)
2496 */
2497 if (arm7_9->fast_memory_access)
2498 retval = arm7_9_execute_fast_sys_speed(target);
2499 else
2500 retval = arm7_9_execute_sys_speed(target);
2501 if (retval != ERROR_OK)
2502 {
2503 return retval;
2504 }
2505 }
2506
2507 num_accesses += thisrun_accesses;
2508 }
2509 break;
2510 case 1:
2511 while (num_accesses < count)
2512 {
2513 uint32_t reg_list;
2514 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2515 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2516
2517 for (i = 1; i <= thisrun_accesses; i++)
2518 {
2519 if (i > last_reg)
2520 last_reg = i;
2521 reg[i] = *buffer++ & 0xff;
2522 }
2523
2524 arm7_9->write_core_regs(target, reg_list, reg);
2525
2526 for (i = 1; i <= thisrun_accesses; i++)
2527 {
2528 arm7_9->store_byte_reg(target, i);
2529 /* fast memory writes are only safe when the target is running
2530 * from a sufficiently high clock (32 kHz is usually too slow)
2531 */
2532 if (arm7_9->fast_memory_access)
2533 retval = arm7_9_execute_fast_sys_speed(target);
2534 else
2535 retval = arm7_9_execute_sys_speed(target);
2536 if (retval != ERROR_OK)
2537 {
2538 return retval;
2539 }
2540
2541 }
2542
2543 num_accesses += thisrun_accesses;
2544 }
2545 break;
2546 default:
2547 LOG_ERROR("BUG: we shouldn't get here");
2548 exit(-1);
2549 break;
2550 }
2551
2552 /* Re-Set DBGACK */
2553 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2554 embeddedice_store_reg(dbg_ctrl);
2555
2556 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2557 return ERROR_FAIL;
2558
2559 for (i = 0; i <= last_reg; i++)
2560 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2561
2562 arm7_9->read_xpsr(target, &cpsr, 0);
2563 if ((retval = jtag_execute_queue()) != ERROR_OK)
2564 {
2565 LOG_ERROR("JTAG error while reading cpsr");
2566 return ERROR_TARGET_DATA_ABORT;
2567 }
2568
2569 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2570 {
2571 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2572
2573 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2574
2575 return ERROR_TARGET_DATA_ABORT;
2576 }
2577
2578 return ERROR_OK;
2579 }
2580
2581 static int dcc_count;
2582 static uint8_t *dcc_buffer;
2583
2584 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2585 {
2586 int retval = ERROR_OK;
2587 armv4_5_common_t *armv4_5 = target->arch_info;
2588 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2589
2590 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2591 return retval;
2592
2593 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2594 int count = dcc_count;
2595 uint8_t *buffer = dcc_buffer;
2596 if (count > 2)
2597 {
2598 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2599 * core function repeated. */
2600 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2601 buffer += 4;
2602
2603 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2604 uint8_t reg_addr = ice_reg->addr & 0x1f;
2605 jtag_tap_t *tap;
2606 tap = ice_reg->jtag_info->tap;
2607
2608 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2609 buffer += (count-2)*4;
2610
2611 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2612 } else
2613 {
2614 int i;
2615 for (i = 0; i < count; i++)
2616 {
2617 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2618 buffer += 4;
2619 }
2620 }
2621
2622 if ((retval = target_halt(target))!= ERROR_OK)
2623 {
2624 return retval;
2625 }
2626 return target_wait_state(target, TARGET_HALTED, 500);
2627 }
2628
2629 static const uint32_t dcc_code[] =
2630 {
2631 /* MRC TST BNE MRC STR B */
2632 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2633 };
2634
2635 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2636
2637 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2638 {
2639 int retval;
2640 armv4_5_common_t *armv4_5 = target->arch_info;
2641 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2642 int i;
2643
2644 if (!arm7_9->dcc_downloads)
2645 return target_write_memory(target, address, 4, count, buffer);
2646
2647 /* regrab previously allocated working_area, or allocate a new one */
2648 if (!arm7_9->dcc_working_area)
2649 {
2650 uint8_t dcc_code_buf[6 * 4];
2651
2652 /* make sure we have a working area */
2653 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2654 {
2655 LOG_INFO("no working area available, falling back to memory writes");
2656 return target_write_memory(target, address, 4, count, buffer);
2657 }
2658
2659 /* copy target instructions to target endianness */
2660 for (i = 0; i < 6; i++)
2661 {
2662 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2663 }
2664
2665 /* write DCC code to working area */
2666 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2667 {
2668 return retval;
2669 }
2670 }
2671
2672 armv4_5_algorithm_t armv4_5_info;
2673 reg_param_t reg_params[1];
2674
2675 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2676 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2677 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2678
2679 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2680
2681 buf_set_u32(reg_params[0].value, 0, 32, address);
2682
2683 dcc_count = count;
2684 dcc_buffer = buffer;
2685 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2686 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2687
2688 if (retval == ERROR_OK)
2689 {
2690 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2691 if (endaddress != (address + count*4))
2692 {
2693 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2694 retval = ERROR_FAIL;
2695 }
2696 }
2697
2698 destroy_reg_param(&reg_params[0]);
2699
2700 return retval;
2701 }
2702
2703 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2704 {
2705 working_area_t *crc_algorithm;
2706 armv4_5_algorithm_t armv4_5_info;
2707 reg_param_t reg_params[2];
2708 int retval;
2709
2710 uint32_t arm7_9_crc_code[] = {
2711 0xE1A02000, /* mov r2, r0 */
2712 0xE3E00000, /* mov r0, #0xffffffff */
2713 0xE1A03001, /* mov r3, r1 */
2714 0xE3A04000, /* mov r4, #0 */
2715 0xEA00000B, /* b ncomp */
2716 /* nbyte: */
2717 0xE7D21004, /* ldrb r1, [r2, r4] */
2718 0xE59F7030, /* ldr r7, CRC32XOR */
2719 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2720 0xE3A05000, /* mov r5, #0 */
2721 /* loop: */
2722 0xE3500000, /* cmp r0, #0 */
2723 0xE1A06080, /* mov r6, r0, asl #1 */
2724 0xE2855001, /* add r5, r5, #1 */
2725 0xE1A00006, /* mov r0, r6 */
2726 0xB0260007, /* eorlt r0, r6, r7 */
2727 0xE3550008, /* cmp r5, #8 */
2728 0x1AFFFFF8, /* bne loop */
2729 0xE2844001, /* add r4, r4, #1 */
2730 /* ncomp: */
2731 0xE1540003, /* cmp r4, r3 */
2732 0x1AFFFFF1, /* bne nbyte */
2733 /* end: */
2734 0xEAFFFFFE, /* b end */
2735 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2736 };
2737
2738 uint32_t i;
2739
2740 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2741 {
2742 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2743 }
2744
2745 /* convert flash writing code into a buffer in target endianness */
2746 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2747 {
2748 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2749 {
2750 return retval;
2751 }
2752 }
2753
2754 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2755 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2756 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2757
2758 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2759 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2760
2761 buf_set_u32(reg_params[0].value, 0, 32, address);
2762 buf_set_u32(reg_params[1].value, 0, 32, count);
2763
2764 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2765 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2766 {
2767 LOG_ERROR("error executing arm7_9 crc algorithm");
2768 destroy_reg_param(&reg_params[0]);
2769 destroy_reg_param(&reg_params[1]);
2770 target_free_working_area(target, crc_algorithm);
2771 return retval;
2772 }
2773
2774 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2775
2776 destroy_reg_param(&reg_params[0]);
2777 destroy_reg_param(&reg_params[1]);
2778
2779 target_free_working_area(target, crc_algorithm);
2780
2781 return ERROR_OK;
2782 }
2783
2784 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2785 {
2786 working_area_t *erase_check_algorithm;
2787 reg_param_t reg_params[3];
2788 armv4_5_algorithm_t armv4_5_info;
2789 int retval;
2790 uint32_t i;
2791
2792 uint32_t erase_check_code[] =
2793 {
2794 /* loop: */
2795 0xe4d03001, /* ldrb r3, [r0], #1 */
2796 0xe0022003, /* and r2, r2, r3 */
2797 0xe2511001, /* subs r1, r1, #1 */
2798 0x1afffffb, /* bne loop */
2799 /* end: */
2800 0xeafffffe /* b end */
2801 };
2802
2803 /* make sure we have a working area */
2804 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2805 {
2806 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2807 }
2808
2809 /* convert flash writing code into a buffer in target endianness */
2810 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2811 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2812 {
2813 return retval;
2814 }
2815
2816 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2817 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2818 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2819
2820 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2821 buf_set_u32(reg_params[0].value, 0, 32, address);
2822
2823 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2824 buf_set_u32(reg_params[1].value, 0, 32, count);
2825
2826 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2827 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2828
2829 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2830 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2831 {
2832 destroy_reg_param(&reg_params[0]);
2833 destroy_reg_param(&reg_params[1]);
2834 destroy_reg_param(&reg_params[2]);
2835 target_free_working_area(target, erase_check_algorithm);
2836 return 0;
2837 }
2838
2839 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2840
2841 destroy_reg_param(&reg_params[0]);
2842 destroy_reg_param(&reg_params[1]);
2843 destroy_reg_param(&reg_params[2]);
2844
2845 target_free_working_area(target, erase_check_algorithm);
2846
2847 return ERROR_OK;
2848 }
2849
2850 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2851 {
2852 command_t *arm7_9_cmd;
2853
2854 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2855
2856 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr | spsr>");
2857 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr | spsr>");
2858
2859 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2860
2861 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2862 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable | disable>");
2863 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2864 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable | disable>");
2865 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2866 COMMAND_ANY, "use DCC downloads for larger memory writes <enable | disable>");
2867
2868 armv4_5_register_commands(cmd_ctx);
2869
2870 etm_register_commands(cmd_ctx);
2871
2872 return ERROR_OK;
2873 }
2874
2875 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2876 {
2877 uint32_t value;
2878 int spsr;
2879 int retval;
2880 target_t *target = get_current_target(cmd_ctx);
2881 armv4_5_common_t *armv4_5;
2882 arm7_9_common_t *arm7_9;
2883
2884 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2885 {
2886 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2887 return ERROR_OK;
2888 }
2889
2890 if (target->state != TARGET_HALTED)
2891 {
2892 command_print(cmd_ctx, "can't write registers while running");
2893 return ERROR_OK;
2894 }
2895
2896 if (argc < 2)
2897 {
2898 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2899 return ERROR_OK;
2900 }
2901
2902 value = strtoul(args[0], NULL, 0);
2903 spsr = strtol(args[1], NULL, 0);
2904
2905 /* if we're writing the CPSR, mask the T bit */
2906 if (!spsr)
2907 value &= ~0x20;
2908
2909 arm7_9->write_xpsr(target, value, spsr);
2910 if ((retval = jtag_execute_queue()) != ERROR_OK)
2911 {
2912 LOG_ERROR("JTAG error while writing to xpsr");
2913 return retval;
2914 }
2915
2916 return ERROR_OK;
2917 }
2918
2919 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2920 {
2921 uint32_t value;
2922 int rotate;
2923 int spsr;
2924 int retval;
2925 target_t *target = get_current_target(cmd_ctx);
2926 armv4_5_common_t *armv4_5;
2927 arm7_9_common_t *arm7_9;
2928
2929 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2930 {
2931 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2932 return ERROR_OK;
2933 }
2934
2935 if (target->state != TARGET_HALTED)
2936 {
2937 command_print(cmd_ctx, "can't write registers while running");
2938 return ERROR_OK;
2939 }
2940
2941 if (argc < 3)
2942 {
2943 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2944 return ERROR_OK;
2945 }
2946
2947 value = strtoul(args[0], NULL, 0);
2948 rotate = strtol(args[1], NULL, 0);
2949 spsr = strtol(args[2], NULL, 0);
2950
2951 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2952 if ((retval = jtag_execute_queue()) != ERROR_OK)
2953 {
2954 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2955 return retval;
2956 }
2957
2958 return ERROR_OK;
2959 }
2960
2961 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2962 {
2963 uint32_t value;
2964 uint32_t mode;
2965 int num;
2966 target_t *target = get_current_target(cmd_ctx);
2967 armv4_5_common_t *armv4_5;
2968 arm7_9_common_t *arm7_9;
2969
2970 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2971 {
2972 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2973 return ERROR_OK;
2974 }
2975
2976 if (target->state != TARGET_HALTED)
2977 {
2978 command_print(cmd_ctx, "can't write registers while running");
2979 return ERROR_OK;
2980 }
2981
2982 if (argc < 3)
2983 {
2984 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2985 return ERROR_OK;
2986 }
2987
2988 num = strtol(args[0], NULL, 0);
2989 mode = strtoul(args[1], NULL, 0);
2990 value = strtoul(args[2], NULL, 0);
2991
2992 return arm7_9_write_core_reg(target, num, mode, value);
2993 }
2994
2995 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2996 {
2997 target_t *target = get_current_target(cmd_ctx);
2998 armv4_5_common_t *armv4_5;
2999 arm7_9_common_t *arm7_9;
3000
3001 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3002 {
3003 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3004 return ERROR_OK;
3005 }
3006
3007 if (argc > 0)
3008 {
3009 if (strcmp("enable", args[0]) == 0)
3010 {
3011 arm7_9->use_dbgrq = 1;
3012 }
3013 else if (strcmp("disable", args[0]) == 0)
3014 {
3015 arm7_9->use_dbgrq = 0;
3016 }
3017 else
3018 {
3019 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3020 }
3021 }
3022
3023 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3024
3025 return ERROR_OK;
3026 }
3027
3028 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3029 {
3030 target_t *target = get_current_target(cmd_ctx);
3031 armv4_5_common_t *armv4_5;
3032 arm7_9_common_t *arm7_9;
3033
3034 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3035 {
3036 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3037 return ERROR_OK;
3038 }
3039
3040 if (argc > 0)
3041 {
3042 if (strcmp("enable", args[0]) == 0)
3043 {
3044 arm7_9->fast_memory_access = 1;
3045 }
3046 else if (strcmp("disable", args[0]) == 0)
3047 {
3048 arm7_9->fast_memory_access = 0;
3049 }
3050 else
3051 {
3052 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3053 }
3054 }
3055
3056 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3057
3058 return ERROR_OK;
3059 }
3060
3061 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3062 {
3063 target_t *target = get_current_target(cmd_ctx);
3064 armv4_5_common_t *armv4_5;
3065 arm7_9_common_t *arm7_9;
3066
3067 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3068 {
3069 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3070 return ERROR_OK;
3071 }
3072
3073 if (argc > 0)
3074 {
3075 if (strcmp("enable", args[0]) == 0)
3076 {
3077 arm7_9->dcc_downloads = 1;
3078 }
3079 else if (strcmp("disable", args[0]) == 0)
3080 {
3081 arm7_9->dcc_downloads = 0;
3082 }
3083 else
3084 {
3085 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3086 }
3087 }
3088
3089 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3090
3091 return ERROR_OK;
3092 }
3093
3094 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3095 {
3096 int retval = ERROR_OK;
3097 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3098
3099 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3100
3101 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3102 {
3103 return retval;
3104 }
3105
3106 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3107 arm7_9->wp_available_max = 2;
3108 arm7_9->sw_breakpoints_added = 0;
3109 arm7_9->breakpoint_count = 0;
3110 arm7_9->wp0_used = 0;
3111 arm7_9->wp1_used = 0;
3112 arm7_9->wp1_used_default = 0;
3113 arm7_9->use_dbgrq = 0;
3114
3115 arm7_9->etm_ctx = NULL;
3116 arm7_9->has_single_step = 0;
3117 arm7_9->has_monitor_mode = 0;
3118 arm7_9->has_vector_catch = 0;
3119
3120 arm7_9->debug_entry_from_reset = 0;
3121
3122 arm7_9->dcc_working_area = NULL;
3123
3124 arm7_9->fast_memory_access = fast_and_dangerous;
3125 arm7_9->dcc_downloads = fast_and_dangerous;
3126
3127 arm7_9->need_bypass_before_restart = 0;
3128
3129 armv4_5->arch_info = arm7_9;
3130 armv4_5->read_core_reg = arm7_9_read_core_reg;
3131 armv4_5->write_core_reg = arm7_9_write_core_reg;
3132 armv4_5->full_context = arm7_9_full_context;
3133
3134 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3135 {
3136 return retval;
3137 }
3138
3139 if ((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3140 {
3141 return retval;
3142 }
3143
3144 return ERROR_OK;
3145 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)