Code Review / openocd.git / blob
? search:


ea04f3f85bb74e2c58487eebc9afca0525afc8e7
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(struct target *target);
41
42 /**
43 * Clear watchpoints for an ARM7/9 target.
44 *
45 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
46 * @return JTAG error status after executing queue
47 */
48 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
49 {
50 LOG_DEBUG("-");
51 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
52 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
53 arm7_9->sw_breakpoint_count = 0;
54 arm7_9->sw_breakpoints_added = 0;
55 arm7_9->wp0_used = 0;
56 arm7_9->wp1_used = arm7_9->wp1_used_default;
57 arm7_9->wp_available = arm7_9->wp_available_max;
58
59 return jtag_execute_queue();
60 }
61
62 /**
63 * Assign a watchpoint to one of the two available hardware comparators in an
64 * ARM7 or ARM9 target.
65 *
66 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
67 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
68 */
69 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
70 {
71 if (!arm7_9->wp0_used)
72 {
73 arm7_9->wp0_used = 1;
74 breakpoint->set = 1;
75 arm7_9->wp_available--;
76 }
77 else if (!arm7_9->wp1_used)
78 {
79 arm7_9->wp1_used = 1;
80 breakpoint->set = 2;
81 arm7_9->wp_available--;
82 }
83 else
84 {
85 LOG_ERROR("BUG: no hardware comparator available");
86 }
87 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
88 breakpoint->unique_id,
89 breakpoint->address,
90 breakpoint->set );
91 }
92
93 /**
94 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
95 *
96 * @param arm7_9 Pointer to common struct for ARM7/9 targets
97 * @return Error codes if there is a problem finding a watchpoint or the result
98 * of executing the JTAG queue
99 */
100 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
101 {
102 if (arm7_9->sw_breakpoints_added)
103 {
104 return ERROR_OK;
105 }
106 if (arm7_9->wp_available < 1)
107 {
108 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
109 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
110 }
111 arm7_9->wp_available--;
112
113 /* pick a breakpoint unit */
114 if (!arm7_9->wp0_used)
115 {
116 arm7_9->sw_breakpoints_added = 1;
117 arm7_9->wp0_used = 3;
118 } else if (!arm7_9->wp1_used)
119 {
120 arm7_9->sw_breakpoints_added = 2;
121 arm7_9->wp1_used = 3;
122 }
123 else
124 {
125 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
126 return ERROR_FAIL;
127 }
128
129 if (arm7_9->sw_breakpoints_added == 1)
130 {
131 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
132 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
133 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
134 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
135 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
136 }
137 else if (arm7_9->sw_breakpoints_added == 2)
138 {
139 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
140 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
141 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
144 }
145 else
146 {
147 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
148 return ERROR_FAIL;
149 }
150 LOG_DEBUG("SW BP using hw wp: %d",
151 arm7_9->sw_breakpoints_added );
152
153 return jtag_execute_queue();
154 }
155
156 /**
157 * Setup the common pieces for an ARM7/9 target after reset or on startup.
158 *
159 * @param target Pointer to an ARM7/9 target to setup
160 * @return Result of clearing the watchpoints on the target
161 */
162 int arm7_9_setup(struct target *target)
163 {
164 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
165
166 return arm7_9_clear_watchpoints(arm7_9);
167 }
168
169 /**
170 * Set either a hardware or software breakpoint on an ARM7/9 target. The
171 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
172 * might have erased the values in Embedded ICE.
173 *
174 * @param target Pointer to the target device to set the breakpoints on
175 * @param breakpoint Pointer to the breakpoint to be set
176 * @return For hardware breakpoints, this is the result of executing the JTAG
177 * queue. For software breakpoints, this will be the status of the
178 * required memory reads and writes
179 */
180 int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
181 {
182 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
183 int retval = ERROR_OK;
184
185 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
186 breakpoint->unique_id,
187 breakpoint->address,
188 breakpoint->type);
189
190 if (target->state != TARGET_HALTED)
191 {
192 LOG_WARNING("target not halted");
193 return ERROR_TARGET_NOT_HALTED;
194 }
195
196 if (breakpoint->type == BKPT_HARD)
197 {
198 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
199 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
200
201 /* reassign a hw breakpoint */
202 if (breakpoint->set == 0)
203 {
204 arm7_9_assign_wp(arm7_9, breakpoint);
205 }
206
207 if (breakpoint->set == 1)
208 {
209 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
210 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
211 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
212 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
213 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
214 }
215 else if (breakpoint->set == 2)
216 {
217 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
218 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
219 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
220 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
221 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
222 }
223 else
224 {
225 LOG_ERROR("BUG: no hardware comparator available");
226 return ERROR_OK;
227 }
228
229 retval = jtag_execute_queue();
230 }
231 else if (breakpoint->type == BKPT_SOFT)
232 {
233 /* did we already set this breakpoint? */
234 if (breakpoint->set)
235 return ERROR_OK;
236
237 if (breakpoint->length == 4)
238 {
239 uint32_t verify = 0xffffffff;
240 /* keep the original instruction in target endianness */
241 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
242 {
243 return retval;
244 }
245 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
246 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
247 {
248 return retval;
249 }
250
251 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
252 {
253 return retval;
254 }
255 if (verify != arm7_9->arm_bkpt)
256 {
257 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
258 return ERROR_OK;
259 }
260 }
261 else
262 {
263 uint16_t verify = 0xffff;
264 /* keep the original instruction in target endianness */
265 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
266 {
267 return retval;
268 }
269 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
270 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
271 {
272 return retval;
273 }
274
275 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
276 {
277 return retval;
278 }
279 if (verify != arm7_9->thumb_bkpt)
280 {
281 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
282 return ERROR_OK;
283 }
284 }
285
286 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
287 return retval;
288
289 arm7_9->sw_breakpoint_count++;
290
291 breakpoint->set = 1;
292 }
293
294 return retval;
295 }
296
297 /**
298 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
299 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
300 * will be updated. Otherwise, the software breakpoint will be restored to its
301 * original instruction if it hasn't already been modified.
302 *
303 * @param target Pointer to ARM7/9 target to unset the breakpoint from
304 * @param breakpoint Pointer to breakpoint to be unset
305 * @return For hardware breakpoints, this is the result of executing the JTAG
306 * queue. For software breakpoints, this will be the status of the
307 * required memory reads and writes
308 */
309 int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
310 {
311 int retval = ERROR_OK;
312 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
313
314 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
315 breakpoint->unique_id,
316 breakpoint->address );
317
318 if (!breakpoint->set)
319 {
320 LOG_WARNING("breakpoint not set");
321 return ERROR_OK;
322 }
323
324 if (breakpoint->type == BKPT_HARD)
325 {
326 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
327 breakpoint->unique_id,
328 breakpoint->set );
329 if (breakpoint->set == 1)
330 {
331 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
332 arm7_9->wp0_used = 0;
333 arm7_9->wp_available++;
334 }
335 else if (breakpoint->set == 2)
336 {
337 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
338 arm7_9->wp1_used = 0;
339 arm7_9->wp_available++;
340 }
341 retval = jtag_execute_queue();
342 breakpoint->set = 0;
343 }
344 else
345 {
346 /* restore original instruction (kept in target endianness) */
347 if (breakpoint->length == 4)
348 {
349 uint32_t current_instr;
350 /* check that user program as not modified breakpoint instruction */
351 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
352 {
353 return retval;
354 }
355 if (current_instr == arm7_9->arm_bkpt)
356 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
357 {
358 return retval;
359 }
360 }
361 else
362 {
363 uint16_t current_instr;
364 /* check that user program as not modified breakpoint instruction */
365 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
366 {
367 return retval;
368 }
369 if (current_instr == arm7_9->thumb_bkpt)
370 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
371 {
372 return retval;
373 }
374 }
375
376 if (--arm7_9->sw_breakpoint_count==0)
377 {
378 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
379 if (arm7_9->sw_breakpoints_added == 1)
380 {
381 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
382 }
383 else if (arm7_9->sw_breakpoints_added == 2)
384 {
385 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
386 }
387 }
388
389 breakpoint->set = 0;
390 }
391
392 return retval;
393 }
394
395 /**
396 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
397 * dangling breakpoints and that the desired breakpoint can be added.
398 *
399 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
400 * @param breakpoint Pointer to the breakpoint to be added
401 * @return An error status if there is a problem adding the breakpoint or the
402 * result of setting the breakpoint
403 */
404 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
405 {
406 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
407
408 if (target->state != TARGET_HALTED)
409 {
410 LOG_WARNING("target not halted");
411 return ERROR_TARGET_NOT_HALTED;
412 }
413
414 if (arm7_9->breakpoint_count == 0)
415 {
416 /* make sure we don't have any dangling breakpoints. This is vital upon
417 * GDB connect/disconnect
418 */
419 arm7_9_clear_watchpoints(arm7_9);
420 }
421
422 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
423 {
424 LOG_INFO("no watchpoint unit available for hardware breakpoint");
425 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
426 }
427
428 if ((breakpoint->length != 2) && (breakpoint->length != 4))
429 {
430 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
431 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
432 }
433
434 if (breakpoint->type == BKPT_HARD)
435 {
436 arm7_9_assign_wp(arm7_9, breakpoint);
437 }
438
439 arm7_9->breakpoint_count++;
440
441 return arm7_9_set_breakpoint(target, breakpoint);
442 }
443
444 /**
445 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
446 * dangling breakpoints and updates available watchpoints if it is a hardware
447 * breakpoint.
448 *
449 * @param target Pointer to the target to have a breakpoint removed
450 * @param breakpoint Pointer to the breakpoint to be removed
451 * @return Error status if there was a problem unsetting the breakpoint or the
452 * watchpoints could not be cleared
453 */
454 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
455 {
456 int retval = ERROR_OK;
457 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
458
459 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
460 {
461 return retval;
462 }
463
464 if (breakpoint->type == BKPT_HARD)
465 arm7_9->wp_available++;
466
467 arm7_9->breakpoint_count--;
468 if (arm7_9->breakpoint_count == 0)
469 {
470 /* make sure we don't have any dangling breakpoints */
471 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
472 {
473 return retval;
474 }
475 }
476
477 return ERROR_OK;
478 }
479
480 /**
481 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
482 * considered a bug to call this function when there are no available watchpoint
483 * units.
484 *
485 * @param target Pointer to an ARM7/9 target to set a watchpoint on
486 * @param watchpoint Pointer to the watchpoint to be set
487 * @return Error status if watchpoint set fails or the result of executing the
488 * JTAG queue
489 */
490 int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
491 {
492 int retval = ERROR_OK;
493 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
494 int rw_mask = 1;
495 uint32_t mask;
496
497 mask = watchpoint->length - 1;
498
499 if (target->state != TARGET_HALTED)
500 {
501 LOG_WARNING("target not halted");
502 return ERROR_TARGET_NOT_HALTED;
503 }
504
505 if (watchpoint->rw == WPT_ACCESS)
506 rw_mask = 0;
507 else
508 rw_mask = 1;
509
510 if (!arm7_9->wp0_used)
511 {
512 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
513 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
514 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
515 if (watchpoint->mask != 0xffffffffu)
516 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
517 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
518 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
519
520 if ((retval = jtag_execute_queue()) != ERROR_OK)
521 {
522 return retval;
523 }
524 watchpoint->set = 1;
525 arm7_9->wp0_used = 2;
526 }
527 else if (!arm7_9->wp1_used)
528 {
529 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
530 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
531 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
532 if (watchpoint->mask != 0xffffffffu)
533 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
534 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
535 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
536
537 if ((retval = jtag_execute_queue()) != ERROR_OK)
538 {
539 return retval;
540 }
541 watchpoint->set = 2;
542 arm7_9->wp1_used = 2;
543 }
544 else
545 {
546 LOG_ERROR("BUG: no hardware comparator available");
547 return ERROR_OK;
548 }
549
550 return ERROR_OK;
551 }
552
553 /**
554 * Unset an existing watchpoint and clear the used watchpoint unit.
555 *
556 * @param target Pointer to the target to have the watchpoint removed
557 * @param watchpoint Pointer to the watchpoint to be removed
558 * @return Error status while trying to unset the watchpoint or the result of
559 * executing the JTAG queue
560 */
561 int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
562 {
563 int retval = ERROR_OK;
564 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
565
566 if (target->state != TARGET_HALTED)
567 {
568 LOG_WARNING("target not halted");
569 return ERROR_TARGET_NOT_HALTED;
570 }
571
572 if (!watchpoint->set)
573 {
574 LOG_WARNING("breakpoint not set");
575 return ERROR_OK;
576 }
577
578 if (watchpoint->set == 1)
579 {
580 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
581 if ((retval = jtag_execute_queue()) != ERROR_OK)
582 {
583 return retval;
584 }
585 arm7_9->wp0_used = 0;
586 }
587 else if (watchpoint->set == 2)
588 {
589 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
590 if ((retval = jtag_execute_queue()) != ERROR_OK)
591 {
592 return retval;
593 }
594 arm7_9->wp1_used = 0;
595 }
596 watchpoint->set = 0;
597
598 return ERROR_OK;
599 }
600
601 /**
602 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
603 * available, an error response is returned.
604 *
605 * @param target Pointer to the ARM7/9 target to add a watchpoint to
606 * @param watchpoint Pointer to the watchpoint to be added
607 * @return Error status while trying to add the watchpoint
608 */
609 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
610 {
611 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
612
613 if (target->state != TARGET_HALTED)
614 {
615 LOG_WARNING("target not halted");
616 return ERROR_TARGET_NOT_HALTED;
617 }
618
619 if (arm7_9->wp_available < 1)
620 {
621 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
622 }
623
624 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
625 {
626 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
627 }
628
629 arm7_9->wp_available--;
630
631 return ERROR_OK;
632 }
633
634 /**
635 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
636 * the used watchpoint unit will be reopened.
637 *
638 * @param target Pointer to the target to remove a watchpoint from
639 * @param watchpoint Pointer to the watchpoint to be removed
640 * @return Result of trying to unset the watchpoint
641 */
642 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
643 {
644 int retval = ERROR_OK;
645 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
646
647 if (watchpoint->set)
648 {
649 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
650 {
651 return retval;
652 }
653 }
654
655 arm7_9->wp_available++;
656
657 return ERROR_OK;
658 }
659
660 /**
661 * Restarts the target by sending a RESTART instruction and moving the JTAG
662 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
663 * asserted by the processor.
664 *
665 * @param target Pointer to target to issue commands to
666 * @return Error status if there is a timeout or a problem while executing the
667 * JTAG queue
668 */
669 int arm7_9_execute_sys_speed(struct target *target)
670 {
671 int retval;
672 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
673 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
674 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
675
676 /* set RESTART instruction */
677 jtag_set_end_state(TAP_IDLE);
678 if (arm7_9->need_bypass_before_restart) {
679 arm7_9->need_bypass_before_restart = 0;
680 arm_jtag_set_instr(jtag_info, 0xf, NULL);
681 }
682 arm_jtag_set_instr(jtag_info, 0x4, NULL);
683
684 long long then = timeval_ms();
685 int timeout;
686 while (!(timeout = ((timeval_ms()-then) > 1000)))
687 {
688 /* read debug status register */
689 embeddedice_read_reg(dbg_stat);
690 if ((retval = jtag_execute_queue()) != ERROR_OK)
691 return retval;
692 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
693 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
694 break;
695 if (debug_level >= 3)
696 {
697 alive_sleep(100);
698 } else
699 {
700 keep_alive();
701 }
702 }
703 if (timeout)
704 {
705 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
706 return ERROR_TARGET_TIMEOUT;
707 }
708
709 return ERROR_OK;
710 }
711
712 /**
713 * Restarts the target by sending a RESTART instruction and moving the JTAG
714 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
715 * waiting until they are.
716 *
717 * @param target Pointer to the target to issue commands to
718 * @return Always ERROR_OK
719 */
720 int arm7_9_execute_fast_sys_speed(struct target *target)
721 {
722 static int set = 0;
723 static uint8_t check_value[4], check_mask[4];
724
725 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
726 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
727 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
728
729 /* set RESTART instruction */
730 jtag_set_end_state(TAP_IDLE);
731 if (arm7_9->need_bypass_before_restart) {
732 arm7_9->need_bypass_before_restart = 0;
733 arm_jtag_set_instr(jtag_info, 0xf, NULL);
734 }
735 arm_jtag_set_instr(jtag_info, 0x4, NULL);
736
737 if (!set)
738 {
739 /* check for DBGACK and SYSCOMP set (others don't care) */
740
741 /* NB! These are constants that must be available until after next jtag_execute() and
742 * we evaluate the values upon first execution in lieu of setting up these constants
743 * during early setup.
744 * */
745 buf_set_u32(check_value, 0, 32, 0x9);
746 buf_set_u32(check_mask, 0, 32, 0x9);
747 set = 1;
748 }
749
750 /* read debug status register */
751 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
752
753 return ERROR_OK;
754 }
755
756 /**
757 * Get some data from the ARM7/9 target.
758 *
759 * @param target Pointer to the ARM7/9 target to read data from
760 * @param size The number of 32bit words to be read
761 * @param buffer Pointer to the buffer that will hold the data
762 * @return The result of receiving data from the Embedded ICE unit
763 */
764 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
765 {
766 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
767 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
768 uint32_t *data;
769 int retval = ERROR_OK;
770 uint32_t i;
771
772 data = malloc(size * (sizeof(uint32_t)));
773
774 retval = embeddedice_receive(jtag_info, data, size);
775
776 /* return the 32-bit ints in the 8-bit array */
777 for (i = 0; i < size; i++)
778 {
779 h_u32_to_le(buffer + (i * 4), data[i]);
780 }
781
782 free(data);
783
784 return retval;
785 }
786
787 /**
788 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
789 * target is running and the DCC control register has the W bit high, this will
790 * execute the request on the target.
791 *
792 * @param priv Void pointer expected to be a struct target pointer
793 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
794 * from the Embedded ICE unit
795 */
796 int arm7_9_handle_target_request(void *priv)
797 {
798 int retval = ERROR_OK;
799 struct target *target = priv;
800 if (!target_was_examined(target))
801 return ERROR_OK;
802 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
803 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
804 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
805
806 if (!target->dbg_msg_enabled)
807 return ERROR_OK;
808
809 if (target->state == TARGET_RUNNING)
810 {
811 /* read DCC control register */
812 embeddedice_read_reg(dcc_control);
813 if ((retval = jtag_execute_queue()) != ERROR_OK)
814 {
815 return retval;
816 }
817
818 /* check W bit */
819 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
820 {
821 uint32_t request;
822
823 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
824 {
825 return retval;
826 }
827 if ((retval = target_request(target, request)) != ERROR_OK)
828 {
829 return retval;
830 }
831 }
832 }
833
834 return ERROR_OK;
835 }
836
837 /**
838 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
839 * is manipulated to the right halted state based on its current state. This is
840 * what happens:
841 *
842 * <table>
843 * <tr><th > State</th><th > Action</th></tr>
844 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
845 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
846 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
847 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
848 * </table>
849 *
850 * If the target does not end up in the halted state, a warning is produced. If
851 * DBGACK is cleared, then the target is expected to either be running or
852 * running in debug.
853 *
854 * @param target Pointer to the ARM7/9 target to poll
855 * @return ERROR_OK or an error status if a command fails
856 */
857 int arm7_9_poll(struct target *target)
858 {
859 int retval;
860 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
861 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
862
863 /* read debug status register */
864 embeddedice_read_reg(dbg_stat);
865 if ((retval = jtag_execute_queue()) != ERROR_OK)
866 {
867 return retval;
868 }
869
870 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
871 {
872 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
873 if (target->state == TARGET_UNKNOWN)
874 {
875 /* Starting OpenOCD with target in debug-halt */
876 target->state = TARGET_RUNNING;
877 LOG_DEBUG("DBGACK already set during server startup.");
878 }
879 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
880 {
881 int check_pc = 0;
882 if (target->state == TARGET_RESET)
883 {
884 if (target->reset_halt)
885 {
886 enum reset_types jtag_reset_config = jtag_get_reset_config();
887 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
888 {
889 check_pc = 1;
890 }
891 }
892 }
893
894 target->state = TARGET_HALTED;
895
896 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
897 return retval;
898
899 if (check_pc)
900 {
901 struct reg *reg = register_get_by_name(target->reg_cache, "pc", 1);
902 uint32_t t=*((uint32_t *)reg->value);
903 if (t != 0)
904 {
905 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
906 }
907 }
908
909 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
910 {
911 return retval;
912 }
913 }
914 if (target->state == TARGET_DEBUG_RUNNING)
915 {
916 target->state = TARGET_HALTED;
917 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
918 return retval;
919
920 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
921 {
922 return retval;
923 }
924 }
925 if (target->state != TARGET_HALTED)
926 {
927 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
928 }
929 }
930 else
931 {
932 if (target->state != TARGET_DEBUG_RUNNING)
933 target->state = TARGET_RUNNING;
934 }
935
936 return ERROR_OK;
937 }
938
939 /**
940 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
941 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
942 * affected) completely stop the JTAG clock while the core is held in reset
943 * (SRST). It isn't possible to program the halt condition once reset is
944 * asserted, hence a hook that allows the target to set up its reset-halt
945 * condition is setup prior to asserting reset.
946 *
947 * @param target Pointer to an ARM7/9 target to assert reset on
948 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
949 */
950 int arm7_9_assert_reset(struct target *target)
951 {
952 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
953
954 LOG_DEBUG("target->state: %s",
955 target_state_name(target));
956
957 enum reset_types jtag_reset_config = jtag_get_reset_config();
958 if (!(jtag_reset_config & RESET_HAS_SRST))
959 {
960 LOG_ERROR("Can't assert SRST");
961 return ERROR_FAIL;
962 }
963
964 /* At this point trst has been asserted/deasserted once. We would
965 * like to program EmbeddedICE while SRST is asserted, instead of
966 * depending on SRST to leave that module alone. However, many CPUs
967 * gate the JTAG clock while SRST is asserted; or JTAG may need
968 * clock stability guarantees (adaptive clocking might help).
969 *
970 * So we assume JTAG access during SRST is off the menu unless it's
971 * been specifically enabled.
972 */
973 bool srst_asserted = false;
974
975 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
976 && (jtag_reset_config & RESET_SRST_NO_GATING))
977 {
978 jtag_add_reset(0, 1);
979 srst_asserted = true;
980 }
981
982 if (target->reset_halt)
983 {
984 /*
985 * Some targets do not support communication while SRST is asserted. We need to
986 * set up the reset vector catch here.
987 *
988 * If TRST is asserted, then these settings will be reset anyway, so setting them
989 * here is harmless.
990 */
991 if (arm7_9->has_vector_catch)
992 {
993 /* program vector catch register to catch reset vector */
994 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
995
996 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
997 jtag_add_runtest(1, jtag_get_end_state());
998 }
999 else
1000 {
1001 /* program watchpoint unit to match on reset vector address */
1002 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1003 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1004 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1005 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1006 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1007 }
1008 }
1009
1010 /* here we should issue an SRST only, but we may have to assert TRST as well */
1011 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1012 {
1013 jtag_add_reset(1, 1);
1014 } else if (!srst_asserted)
1015 {
1016 jtag_add_reset(0, 1);
1017 }
1018
1019 target->state = TARGET_RESET;
1020 jtag_add_sleep(50000);
1021
1022 armv4_5_invalidate_core_regs(target);
1023
1024 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1025 {
1026 /* debug entry was already prepared in arm7_9_assert_reset() */
1027 target->debug_reason = DBG_REASON_DBGRQ;
1028 }
1029
1030 return ERROR_OK;
1031 }
1032
1033 /**
1034 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1035 * and the target is being reset into a halt, a warning will be triggered
1036 * because it is not possible to reset into a halted mode in this case. The
1037 * target is halted using the target's functions.
1038 *
1039 * @param target Pointer to the target to have the reset deasserted
1040 * @return ERROR_OK or an error from polling or halting the target
1041 */
1042 int arm7_9_deassert_reset(struct target *target)
1043 {
1044 int retval = ERROR_OK;
1045 LOG_DEBUG("target->state: %s",
1046 target_state_name(target));
1047
1048 /* deassert reset lines */
1049 jtag_add_reset(0, 0);
1050
1051 enum reset_types jtag_reset_config = jtag_get_reset_config();
1052 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1053 {
1054 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1055 /* set up embedded ice registers again */
1056 if ((retval = target_examine_one(target)) != ERROR_OK)
1057 return retval;
1058
1059 if ((retval = target_poll(target)) != ERROR_OK)
1060 {
1061 return retval;
1062 }
1063
1064 if ((retval = target_halt(target)) != ERROR_OK)
1065 {
1066 return retval;
1067 }
1068
1069 }
1070 return retval;
1071 }
1072
1073 /**
1074 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1075 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1076 * vector catch was used, it is restored. Otherwise, the control value is
1077 * restored and the watchpoint unit is restored if it was in use.
1078 *
1079 * @param target Pointer to the ARM7/9 target to have halt cleared
1080 * @return Always ERROR_OK
1081 */
1082 int arm7_9_clear_halt(struct target *target)
1083 {
1084 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1085 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1086
1087 /* we used DBGRQ only if we didn't come out of reset */
1088 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1089 {
1090 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1091 */
1092 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1093 embeddedice_store_reg(dbg_ctrl);
1094 }
1095 else
1096 {
1097 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1098 {
1099 /* if we came out of reset, and vector catch is supported, we used
1100 * vector catch to enter debug state
1101 * restore the register in that case
1102 */
1103 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1104 }
1105 else
1106 {
1107 /* restore registers if watchpoint unit 0 was in use
1108 */
1109 if (arm7_9->wp0_used)
1110 {
1111 if (arm7_9->debug_entry_from_reset)
1112 {
1113 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1114 }
1115 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1116 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1117 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1118 }
1119 /* control value always has to be restored, as it was either disabled,
1120 * or enabled with possibly different bits
1121 */
1122 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1123 }
1124 }
1125
1126 return ERROR_OK;
1127 }
1128
1129 /**
1130 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1131 * and then there is a wait until the processor shows the halt. This wait can
1132 * timeout and results in an error being returned. The software reset involves
1133 * clearing the halt, updating the debug control register, changing to ARM mode,
1134 * reset of the program counter, and reset of all of the registers.
1135 *
1136 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1137 * @return Error status if any of the commands fail, otherwise ERROR_OK
1138 */
1139 int arm7_9_soft_reset_halt(struct target *target)
1140 {
1141 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1142 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1143 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1144 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1145 int i;
1146 int retval;
1147
1148 /* FIX!!! replace some of this code with tcl commands
1149 *
1150 * halt # the halt command is synchronous
1151 * armv4_5 core_state arm
1152 *
1153 */
1154
1155 if ((retval = target_halt(target)) != ERROR_OK)
1156 return retval;
1157
1158 long long then = timeval_ms();
1159 int timeout;
1160 while (!(timeout = ((timeval_ms()-then) > 1000)))
1161 {
1162 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1163 break;
1164 embeddedice_read_reg(dbg_stat);
1165 if ((retval = jtag_execute_queue()) != ERROR_OK)
1166 return retval;
1167 if (debug_level >= 3)
1168 {
1169 alive_sleep(100);
1170 } else
1171 {
1172 keep_alive();
1173 }
1174 }
1175 if (timeout)
1176 {
1177 LOG_ERROR("Failed to halt CPU after 1 sec");
1178 return ERROR_TARGET_TIMEOUT;
1179 }
1180 target->state = TARGET_HALTED;
1181
1182 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1183 * ensure that DBGRQ is cleared
1184 */
1185 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1186 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1187 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1188 embeddedice_store_reg(dbg_ctrl);
1189
1190 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1191 {
1192 return retval;
1193 }
1194
1195 /* if the target is in Thumb state, change to ARM state */
1196 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1197 {
1198 uint32_t r0_thumb, pc_thumb;
1199 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1200 /* Entered debug from Thumb mode */
1201 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1202 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1203 }
1204
1205 /* all register content is now invalid */
1206 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1207 {
1208 return retval;
1209 }
1210
1211 /* SVC, ARM state, IRQ and FIQ disabled */
1212 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1213 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1214 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1215
1216 /* start fetching from 0x0 */
1217 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1218 armv4_5->core_cache->reg_list[15].dirty = 1;
1219 armv4_5->core_cache->reg_list[15].valid = 1;
1220
1221 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1222 armv4_5->core_state = ARMV4_5_STATE_ARM;
1223
1224 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1225 return ERROR_FAIL;
1226
1227 /* reset registers */
1228 for (i = 0; i <= 14; i++)
1229 {
1230 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1231 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1232 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1233 }
1234
1235 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1236 {
1237 return retval;
1238 }
1239
1240 return ERROR_OK;
1241 }
1242
1243 /**
1244 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1245 * line or by programming a watchpoint to trigger on any address. It is
1246 * considered a bug to call this function while the target is in the
1247 * TARGET_RESET state.
1248 *
1249 * @param target Pointer to the ARM7/9 target to be halted
1250 * @return Always ERROR_OK
1251 */
1252 int arm7_9_halt(struct target *target)
1253 {
1254 if (target->state == TARGET_RESET)
1255 {
1256 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1257 return ERROR_OK;
1258 }
1259
1260 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1261 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1262
1263 LOG_DEBUG("target->state: %s",
1264 target_state_name(target));
1265
1266 if (target->state == TARGET_HALTED)
1267 {
1268 LOG_DEBUG("target was already halted");
1269 return ERROR_OK;
1270 }
1271
1272 if (target->state == TARGET_UNKNOWN)
1273 {
1274 LOG_WARNING("target was in unknown state when halt was requested");
1275 }
1276
1277 if (arm7_9->use_dbgrq)
1278 {
1279 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1280 */
1281 if (arm7_9->set_special_dbgrq) {
1282 arm7_9->set_special_dbgrq(target);
1283 } else {
1284 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1285 embeddedice_store_reg(dbg_ctrl);
1286 }
1287 }
1288 else
1289 {
1290 /* program watchpoint unit to match on any address
1291 */
1292 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1293 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1294 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1295 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1296 }
1297
1298 target->debug_reason = DBG_REASON_DBGRQ;
1299
1300 return ERROR_OK;
1301 }
1302
1303 /**
1304 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1305 * ARM. The JTAG queue is then executed and the reason for debug entry is
1306 * examined. Once done, the target is verified to be halted and the processor
1307 * is forced into ARM mode. The core registers are saved for the current core
1308 * mode and the program counter (register 15) is updated as needed. The core
1309 * registers and CPSR and SPSR are saved for restoration later.
1310 *
1311 * @param target Pointer to target that is entering debug mode
1312 * @return Error code if anything fails, otherwise ERROR_OK
1313 */
1314 int arm7_9_debug_entry(struct target *target)
1315 {
1316 int i;
1317 uint32_t context[16];
1318 uint32_t* context_p[16];
1319 uint32_t r0_thumb, pc_thumb;
1320 uint32_t cpsr;
1321 int retval;
1322 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1323 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1324 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1325 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1326
1327 #ifdef _DEBUG_ARM7_9_
1328 LOG_DEBUG("-");
1329 #endif
1330
1331 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1332 * ensure that DBGRQ is cleared
1333 */
1334 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1335 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1336 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1337 embeddedice_store_reg(dbg_ctrl);
1338
1339 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1340 {
1341 return retval;
1342 }
1343
1344 if ((retval = jtag_execute_queue()) != ERROR_OK)
1345 {
1346 return retval;
1347 }
1348
1349 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1350 return retval;
1351
1352
1353 if (target->state != TARGET_HALTED)
1354 {
1355 LOG_WARNING("target not halted");
1356 return ERROR_TARGET_NOT_HALTED;
1357 }
1358
1359 /* if the target is in Thumb state, change to ARM state */
1360 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1361 {
1362 LOG_DEBUG("target entered debug from Thumb state");
1363 /* Entered debug from Thumb mode */
1364 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1365 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1366 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1367 }
1368 else
1369 {
1370 LOG_DEBUG("target entered debug from ARM state");
1371 /* Entered debug from ARM mode */
1372 armv4_5->core_state = ARMV4_5_STATE_ARM;
1373 }
1374
1375 for (i = 0; i < 16; i++)
1376 context_p[i] = &context[i];
1377 /* save core registers (r0 - r15 of current core mode) */
1378 arm7_9->read_core_regs(target, 0xffff, context_p);
1379
1380 arm7_9->read_xpsr(target, &cpsr, 0);
1381
1382 if ((retval = jtag_execute_queue()) != ERROR_OK)
1383 return retval;
1384
1385 /* if the core has been executing in Thumb state, set the T bit */
1386 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1387 cpsr |= 0x20;
1388
1389 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1390 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1391 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1392
1393 armv4_5->core_mode = cpsr & 0x1f;
1394
1395 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1396 {
1397 target->state = TARGET_UNKNOWN;
1398 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1399 return ERROR_TARGET_FAILURE;
1400 }
1401
1402 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1403
1404 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1405 {
1406 LOG_DEBUG("thumb state, applying fixups");
1407 context[0] = r0_thumb;
1408 context[15] = pc_thumb;
1409 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1410 {
1411 /* adjust value stored by STM */
1412 context[15] -= 3 * 4;
1413 }
1414
1415 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1416 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1417 else
1418 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1419
1420 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1421 return ERROR_FAIL;
1422
1423 for (i = 0; i <= 15; i++)
1424 {
1425 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1426 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1427 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1428 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1429 }
1430
1431 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1432
1433 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1434 return ERROR_FAIL;
1435
1436 /* exceptions other than USR & SYS have a saved program status register */
1437 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1438 {
1439 uint32_t spsr;
1440 arm7_9->read_xpsr(target, &spsr, 1);
1441 if ((retval = jtag_execute_queue()) != ERROR_OK)
1442 {
1443 return retval;
1444 }
1445 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1446 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1447 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1448 }
1449
1450 /* r0 and r15 (pc) have to be restored later */
1451 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1452 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1453
1454 if ((retval = jtag_execute_queue()) != ERROR_OK)
1455 return retval;
1456
1457 if (arm7_9->post_debug_entry)
1458 arm7_9->post_debug_entry(target);
1459
1460 return ERROR_OK;
1461 }
1462
1463 /**
1464 * Validate the full context for an ARM7/9 target in all processor modes. If
1465 * there are any invalid registers for the target, they will all be read. This
1466 * includes the PSR.
1467 *
1468 * @param target Pointer to the ARM7/9 target to capture the full context from
1469 * @return Error if the target is not halted, has an invalid core mode, or if
1470 * the JTAG queue fails to execute
1471 */
1472 int arm7_9_full_context(struct target *target)
1473 {
1474 int i;
1475 int retval;
1476 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1477 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1478
1479 LOG_DEBUG("-");
1480
1481 if (target->state != TARGET_HALTED)
1482 {
1483 LOG_WARNING("target not halted");
1484 return ERROR_TARGET_NOT_HALTED;
1485 }
1486
1487 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1488 return ERROR_FAIL;
1489
1490 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1491 * SYS shares registers with User, so we don't touch SYS
1492 */
1493 for (i = 0; i < 6; i++)
1494 {
1495 uint32_t mask = 0;
1496 uint32_t* reg_p[16];
1497 int j;
1498 int valid = 1;
1499
1500 /* check if there are invalid registers in the current mode
1501 */
1502 for (j = 0; j <= 16; j++)
1503 {
1504 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1505 valid = 0;
1506 }
1507
1508 if (!valid)
1509 {
1510 uint32_t tmp_cpsr;
1511
1512 /* change processor mode (and mask T bit) */
1513 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1514 tmp_cpsr |= armv4_5_number_to_mode(i);
1515 tmp_cpsr &= ~0x20;
1516 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1517
1518 for (j = 0; j < 15; j++)
1519 {
1520 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1521 {
1522 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1523 mask |= 1 << j;
1524 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1525 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1526 }
1527 }
1528
1529 /* if only the PSR is invalid, mask is all zeroes */
1530 if (mask)
1531 arm7_9->read_core_regs(target, mask, reg_p);
1532
1533 /* check if the PSR has to be read */
1534 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1535 {
1536 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1537 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1538 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1539 }
1540 }
1541 }
1542
1543 /* restore processor mode (mask T bit) */
1544 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1545
1546 if ((retval = jtag_execute_queue()) != ERROR_OK)
1547 {
1548 return retval;
1549 }
1550 return ERROR_OK;
1551 }
1552
1553 /**
1554 * Restore the processor context on an ARM7/9 target. The full processor
1555 * context is analyzed to see if any of the registers are dirty on this end, but
1556 * have a valid new value. If this is the case, the processor is changed to the
1557 * appropriate mode and the new register values are written out to the
1558 * processor. If there happens to be a dirty register with an invalid value, an
1559 * error will be logged.
1560 *
1561 * @param target Pointer to the ARM7/9 target to have its context restored
1562 * @return Error status if the target is not halted or the core mode in the
1563 * armv4_5 struct is invalid.
1564 */
1565 int arm7_9_restore_context(struct target *target)
1566 {
1567 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1568 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1569 struct reg *reg;
1570 struct armv4_5_core_reg *reg_arch_info;
1571 enum armv4_5_mode current_mode = armv4_5->core_mode;
1572 int i, j;
1573 int dirty;
1574 int mode_change;
1575
1576 LOG_DEBUG("-");
1577
1578 if (target->state != TARGET_HALTED)
1579 {
1580 LOG_WARNING("target not halted");
1581 return ERROR_TARGET_NOT_HALTED;
1582 }
1583
1584 if (arm7_9->pre_restore_context)
1585 arm7_9->pre_restore_context(target);
1586
1587 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1588 return ERROR_FAIL;
1589
1590 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1591 * SYS shares registers with User, so we don't touch SYS
1592 */
1593 for (i = 0; i < 6; i++)
1594 {
1595 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1596 dirty = 0;
1597 mode_change = 0;
1598 /* check if there are dirty registers in the current mode
1599 */
1600 for (j = 0; j <= 16; j++)
1601 {
1602 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1603 reg_arch_info = reg->arch_info;
1604 if (reg->dirty == 1)
1605 {
1606 if (reg->valid == 1)
1607 {
1608 dirty = 1;
1609 LOG_DEBUG("examining dirty reg: %s", reg->name);
1610 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1611 && (reg_arch_info->mode != current_mode)
1612 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1613 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1614 {
1615 mode_change = 1;
1616 LOG_DEBUG("require mode change");
1617 }
1618 }
1619 else
1620 {
1621 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1622 }
1623 }
1624 }
1625
1626 if (dirty)
1627 {
1628 uint32_t mask = 0x0;
1629 int num_regs = 0;
1630 uint32_t regs[16];
1631
1632 if (mode_change)
1633 {
1634 uint32_t tmp_cpsr;
1635
1636 /* change processor mode (mask T bit) */
1637 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1638 tmp_cpsr |= armv4_5_number_to_mode(i);
1639 tmp_cpsr &= ~0x20;
1640 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1641 current_mode = armv4_5_number_to_mode(i);
1642 }
1643
1644 for (j = 0; j <= 14; j++)
1645 {
1646 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1647 reg_arch_info = reg->arch_info;
1648
1649
1650 if (reg->dirty == 1)
1651 {
1652 regs[j] = buf_get_u32(reg->value, 0, 32);
1653 mask |= 1 << j;
1654 num_regs++;
1655 reg->dirty = 0;
1656 reg->valid = 1;
1657 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1658 }
1659 }
1660
1661 if (mask)
1662 {
1663 arm7_9->write_core_regs(target, mask, regs);
1664 }
1665
1666 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1667 reg_arch_info = reg->arch_info;
1668 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1669 {
1670 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1671 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1672 }
1673 }
1674 }
1675
1676 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1677 {
1678 /* restore processor mode (mask T bit) */
1679 uint32_t tmp_cpsr;
1680
1681 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1682 tmp_cpsr |= armv4_5_number_to_mode(i);
1683 tmp_cpsr &= ~0x20;
1684 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1685 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1686 }
1687 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1688 {
1689 /* CPSR has been changed, full restore necessary (mask T bit) */
1690 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1691 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1692 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1693 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1694 }
1695
1696 /* restore PC */
1697 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1698 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1699 armv4_5->core_cache->reg_list[15].dirty = 0;
1700
1701 if (arm7_9->post_restore_context)
1702 arm7_9->post_restore_context(target);
1703
1704 return ERROR_OK;
1705 }
1706
1707 /**
1708 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1709 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1710 * restart.
1711 *
1712 * @param target Pointer to the ARM7/9 target to be restarted
1713 * @return Result of executing the JTAG queue
1714 */
1715 int arm7_9_restart_core(struct target *target)
1716 {
1717 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1718 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1719
1720 /* set RESTART instruction */
1721 jtag_set_end_state(TAP_IDLE);
1722 if (arm7_9->need_bypass_before_restart) {
1723 arm7_9->need_bypass_before_restart = 0;
1724 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1725 }
1726 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1727
1728 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1729 return jtag_execute_queue();
1730 }
1731
1732 /**
1733 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1734 * iterated through and are set on the target if they aren't already set.
1735 *
1736 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1737 */
1738 void arm7_9_enable_watchpoints(struct target *target)
1739 {
1740 struct watchpoint *watchpoint = target->watchpoints;
1741
1742 while (watchpoint)
1743 {
1744 if (watchpoint->set == 0)
1745 arm7_9_set_watchpoint(target, watchpoint);
1746 watchpoint = watchpoint->next;
1747 }
1748 }
1749
1750 /**
1751 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1752 * iterated through and are set on the target.
1753 *
1754 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1755 */
1756 void arm7_9_enable_breakpoints(struct target *target)
1757 {
1758 struct breakpoint *breakpoint = target->breakpoints;
1759
1760 /* set any pending breakpoints */
1761 while (breakpoint)
1762 {
1763 arm7_9_set_breakpoint(target, breakpoint);
1764 breakpoint = breakpoint->next;
1765 }
1766 }
1767
1768 int arm7_9_resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1769 {
1770 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1771 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1772 struct breakpoint *breakpoint = target->breakpoints;
1773 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1774 int err, retval = ERROR_OK;
1775
1776 LOG_DEBUG("-");
1777
1778 if (target->state != TARGET_HALTED)
1779 {
1780 LOG_WARNING("target not halted");
1781 return ERROR_TARGET_NOT_HALTED;
1782 }
1783
1784 if (!debug_execution)
1785 {
1786 target_free_all_working_areas(target);
1787 }
1788
1789 /* current = 1: continue on current pc, otherwise continue at <address> */
1790 if (!current)
1791 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1792
1793 uint32_t current_pc;
1794 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1795
1796 /* the front-end may request us not to handle breakpoints */
1797 if (handle_breakpoints)
1798 {
1799 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1800 {
1801 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1802 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1803 {
1804 return retval;
1805 }
1806
1807 /* calculate PC of next instruction */
1808 uint32_t next_pc;
1809 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1810 {
1811 uint32_t current_opcode;
1812 target_read_u32(target, current_pc, &current_opcode);
1813 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1814 return retval;
1815 }
1816
1817 LOG_DEBUG("enable single-step");
1818 arm7_9->enable_single_step(target, next_pc);
1819
1820 target->debug_reason = DBG_REASON_SINGLESTEP;
1821
1822 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1823 {
1824 return retval;
1825 }
1826
1827 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1828 arm7_9->branch_resume(target);
1829 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1830 {
1831 arm7_9->branch_resume_thumb(target);
1832 }
1833 else
1834 {
1835 LOG_ERROR("unhandled core state");
1836 return ERROR_FAIL;
1837 }
1838
1839 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1840 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1841 err = arm7_9_execute_sys_speed(target);
1842
1843 LOG_DEBUG("disable single-step");
1844 arm7_9->disable_single_step(target);
1845
1846 if (err != ERROR_OK)
1847 {
1848 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1849 {
1850 return retval;
1851 }
1852 target->state = TARGET_UNKNOWN;
1853 return err;
1854 }
1855
1856 arm7_9_debug_entry(target);
1857 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1858
1859 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1860 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1861 {
1862 return retval;
1863 }
1864 }
1865 }
1866
1867 /* enable any pending breakpoints and watchpoints */
1868 arm7_9_enable_breakpoints(target);
1869 arm7_9_enable_watchpoints(target);
1870
1871 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1872 {
1873 return retval;
1874 }
1875
1876 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1877 {
1878 arm7_9->branch_resume(target);
1879 }
1880 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1881 {
1882 arm7_9->branch_resume_thumb(target);
1883 }
1884 else
1885 {
1886 LOG_ERROR("unhandled core state");
1887 return ERROR_FAIL;
1888 }
1889
1890 /* deassert DBGACK and INTDIS */
1891 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1892 /* INTDIS only when we really resume, not during debug execution */
1893 if (!debug_execution)
1894 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1895 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1896
1897 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1898 {
1899 return retval;
1900 }
1901
1902 target->debug_reason = DBG_REASON_NOTHALTED;
1903
1904 if (!debug_execution)
1905 {
1906 /* registers are now invalid */
1907 armv4_5_invalidate_core_regs(target);
1908 target->state = TARGET_RUNNING;
1909 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1910 {
1911 return retval;
1912 }
1913 }
1914 else
1915 {
1916 target->state = TARGET_DEBUG_RUNNING;
1917 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1918 {
1919 return retval;
1920 }
1921 }
1922
1923 LOG_DEBUG("target resumed");
1924
1925 return ERROR_OK;
1926 }
1927
1928 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1929 {
1930 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1931 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1932 uint32_t current_pc;
1933 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1934
1935 if (next_pc != current_pc)
1936 {
1937 /* setup an inverse breakpoint on the current PC
1938 * - comparator 1 matches the current address
1939 * - rangeout from comparator 1 is connected to comparator 0 rangein
1940 * - comparator 0 matches any address, as long as rangein is low */
1941 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1942 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1943 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1944 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1945 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1946 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1947 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1948 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1949 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1950 }
1951 else
1952 {
1953 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1954 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1955 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1956 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1957 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1958 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1959 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1960 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1961 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1962 }
1963 }
1964
1965 void arm7_9_disable_eice_step(struct target *target)
1966 {
1967 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1968
1969 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1970 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1971 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1972 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1973 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1974 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1975 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1976 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1977 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1978 }
1979
1980 int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
1981 {
1982 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1983 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1984 struct breakpoint *breakpoint = NULL;
1985 int err, retval;
1986
1987 if (target->state != TARGET_HALTED)
1988 {
1989 LOG_WARNING("target not halted");
1990 return ERROR_TARGET_NOT_HALTED;
1991 }
1992
1993 /* current = 1: continue on current pc, otherwise continue at <address> */
1994 if (!current)
1995 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1996
1997 uint32_t current_pc;
1998 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1999
2000 /* the front-end may request us not to handle breakpoints */
2001 if (handle_breakpoints)
2002 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2003 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2004 {
2005 return retval;
2006 }
2007
2008 target->debug_reason = DBG_REASON_SINGLESTEP;
2009
2010 /* calculate PC of next instruction */
2011 uint32_t next_pc;
2012 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2013 {
2014 uint32_t current_opcode;
2015 target_read_u32(target, current_pc, &current_opcode);
2016 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2017 return retval;
2018 }
2019
2020 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2021 {
2022 return retval;
2023 }
2024
2025 arm7_9->enable_single_step(target, next_pc);
2026
2027 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2028 {
2029 arm7_9->branch_resume(target);
2030 }
2031 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2032 {
2033 arm7_9->branch_resume_thumb(target);
2034 }
2035 else
2036 {
2037 LOG_ERROR("unhandled core state");
2038 return ERROR_FAIL;
2039 }
2040
2041 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2042 {
2043 return retval;
2044 }
2045
2046 err = arm7_9_execute_sys_speed(target);
2047 arm7_9->disable_single_step(target);
2048
2049 /* registers are now invalid */
2050 armv4_5_invalidate_core_regs(target);
2051
2052 if (err != ERROR_OK)
2053 {
2054 target->state = TARGET_UNKNOWN;
2055 } else {
2056 arm7_9_debug_entry(target);
2057 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2058 {
2059 return retval;
2060 }
2061 LOG_DEBUG("target stepped");
2062 }
2063
2064 if (breakpoint)
2065 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2066 {
2067 return retval;
2068 }
2069
2070 return err;
2071 }
2072
2073 int arm7_9_read_core_reg(struct target *target, int num, enum armv4_5_mode mode)
2074 {
2075 uint32_t* reg_p[16];
2076 uint32_t value;
2077 int retval;
2078 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2079 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2080
2081 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2082 return ERROR_FAIL;
2083
2084 enum armv4_5_mode reg_mode = ((struct armv4_5_core_reg*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2085
2086 if ((num < 0) || (num > 16))
2087 return ERROR_INVALID_ARGUMENTS;
2088
2089 if ((mode != ARMV4_5_MODE_ANY)
2090 && (mode != armv4_5->core_mode)
2091 && (reg_mode != ARMV4_5_MODE_ANY))
2092 {
2093 uint32_t tmp_cpsr;
2094
2095 /* change processor mode (mask T bit) */
2096 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2097 tmp_cpsr |= mode;
2098 tmp_cpsr &= ~0x20;
2099 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2100 }
2101
2102 if ((num >= 0) && (num <= 15))
2103 {
2104 /* read a normal core register */
2105 reg_p[num] = &value;
2106
2107 arm7_9->read_core_regs(target, 1 << num, reg_p);
2108 }
2109 else
2110 {
2111 /* read a program status register
2112 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2113 */
2114 struct armv4_5_core_reg *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2115 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2116
2117 arm7_9->read_xpsr(target, &value, spsr);
2118 }
2119
2120 if ((retval = jtag_execute_queue()) != ERROR_OK)
2121 {
2122 return retval;
2123 }
2124
2125 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2126 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2127 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2128
2129 if ((mode != ARMV4_5_MODE_ANY)
2130 && (mode != armv4_5->core_mode)
2131 && (reg_mode != ARMV4_5_MODE_ANY)) {
2132 /* restore processor mode (mask T bit) */
2133 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2134 }
2135
2136 return ERROR_OK;
2137 }
2138
2139 int arm7_9_write_core_reg(struct target *target, int num, enum armv4_5_mode mode, uint32_t value)
2140 {
2141 uint32_t reg[16];
2142 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2143 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2144
2145 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2146 return ERROR_FAIL;
2147
2148 enum armv4_5_mode reg_mode = ((struct armv4_5_core_reg*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2149
2150 if ((num < 0) || (num > 16))
2151 return ERROR_INVALID_ARGUMENTS;
2152
2153 if ((mode != ARMV4_5_MODE_ANY)
2154 && (mode != armv4_5->core_mode)
2155 && (reg_mode != ARMV4_5_MODE_ANY)) {
2156 uint32_t tmp_cpsr;
2157
2158 /* change processor mode (mask T bit) */
2159 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2160 tmp_cpsr |= mode;
2161 tmp_cpsr &= ~0x20;
2162 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2163 }
2164
2165 if ((num >= 0) && (num <= 15))
2166 {
2167 /* write a normal core register */
2168 reg[num] = value;
2169
2170 arm7_9->write_core_regs(target, 1 << num, reg);
2171 }
2172 else
2173 {
2174 /* write a program status register
2175 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2176 */
2177 struct armv4_5_core_reg *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2178 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2179
2180 /* if we're writing the CPSR, mask the T bit */
2181 if (!spsr)
2182 value &= ~0x20;
2183
2184 arm7_9->write_xpsr(target, value, spsr);
2185 }
2186
2187 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2188 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2189
2190 if ((mode != ARMV4_5_MODE_ANY)
2191 && (mode != armv4_5->core_mode)
2192 && (reg_mode != ARMV4_5_MODE_ANY)) {
2193 /* restore processor mode (mask T bit) */
2194 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2195 }
2196
2197 return jtag_execute_queue();
2198 }
2199
2200 int arm7_9_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2201 {
2202 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2203 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2204 uint32_t reg[16];
2205 uint32_t num_accesses = 0;
2206 int thisrun_accesses;
2207 int i;
2208 uint32_t cpsr;
2209 int retval;
2210 int last_reg = 0;
2211
2212 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2213
2214 if (target->state != TARGET_HALTED)
2215 {
2216 LOG_WARNING("target not halted");
2217 return ERROR_TARGET_NOT_HALTED;
2218 }
2219
2220 /* sanitize arguments */
2221 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2222 return ERROR_INVALID_ARGUMENTS;
2223
2224 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2225 return ERROR_TARGET_UNALIGNED_ACCESS;
2226
2227 /* load the base register with the address of the first word */
2228 reg[0] = address;
2229 arm7_9->write_core_regs(target, 0x1, reg);
2230
2231 int j = 0;
2232
2233 switch (size)
2234 {
2235 case 4:
2236 while (num_accesses < count)
2237 {
2238 uint32_t reg_list;
2239 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2240 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2241
2242 if (last_reg <= thisrun_accesses)
2243 last_reg = thisrun_accesses;
2244
2245 arm7_9->load_word_regs(target, reg_list);
2246
2247 /* fast memory reads are only safe when the target is running
2248 * from a sufficiently high clock (32 kHz is usually too slow)
2249 */
2250 if (arm7_9->fast_memory_access)
2251 retval = arm7_9_execute_fast_sys_speed(target);
2252 else
2253 retval = arm7_9_execute_sys_speed(target);
2254 if (retval != ERROR_OK)
2255 return retval;
2256
2257 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2258
2259 /* advance buffer, count number of accesses */
2260 buffer += thisrun_accesses * 4;
2261 num_accesses += thisrun_accesses;
2262
2263 if ((j++%1024) == 0)
2264 {
2265 keep_alive();
2266 }
2267 }
2268 break;
2269 case 2:
2270 while (num_accesses < count)
2271 {
2272 uint32_t reg_list;
2273 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2274 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2275
2276 for (i = 1; i <= thisrun_accesses; i++)
2277 {
2278 if (i > last_reg)
2279 last_reg = i;
2280 arm7_9->load_hword_reg(target, i);
2281 /* fast memory reads are only safe when the target is running
2282 * from a sufficiently high clock (32 kHz is usually too slow)
2283 */
2284 if (arm7_9->fast_memory_access)
2285 retval = arm7_9_execute_fast_sys_speed(target);
2286 else
2287 retval = arm7_9_execute_sys_speed(target);
2288 if (retval != ERROR_OK)
2289 {
2290 return retval;
2291 }
2292
2293 }
2294
2295 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2296
2297 /* advance buffer, count number of accesses */
2298 buffer += thisrun_accesses * 2;
2299 num_accesses += thisrun_accesses;
2300
2301 if ((j++%1024) == 0)
2302 {
2303 keep_alive();
2304 }
2305 }
2306 break;
2307 case 1:
2308 while (num_accesses < count)
2309 {
2310 uint32_t reg_list;
2311 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2312 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2313
2314 for (i = 1; i <= thisrun_accesses; i++)
2315 {
2316 if (i > last_reg)
2317 last_reg = i;
2318 arm7_9->load_byte_reg(target, i);
2319 /* fast memory reads are only safe when the target is running
2320 * from a sufficiently high clock (32 kHz is usually too slow)
2321 */
2322 if (arm7_9->fast_memory_access)
2323 retval = arm7_9_execute_fast_sys_speed(target);
2324 else
2325 retval = arm7_9_execute_sys_speed(target);
2326 if (retval != ERROR_OK)
2327 {
2328 return retval;
2329 }
2330 }
2331
2332 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2333
2334 /* advance buffer, count number of accesses */
2335 buffer += thisrun_accesses * 1;
2336 num_accesses += thisrun_accesses;
2337
2338 if ((j++%1024) == 0)
2339 {
2340 keep_alive();
2341 }
2342 }
2343 break;
2344 default:
2345 LOG_ERROR("BUG: we shouldn't get here");
2346 exit(-1);
2347 break;
2348 }
2349
2350 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2351 return ERROR_FAIL;
2352
2353 for (i = 0; i <= last_reg; i++)
2354 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2355
2356 arm7_9->read_xpsr(target, &cpsr, 0);
2357 if ((retval = jtag_execute_queue()) != ERROR_OK)
2358 {
2359 LOG_ERROR("JTAG error while reading cpsr");
2360 return ERROR_TARGET_DATA_ABORT;
2361 }
2362
2363 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2364 {
2365 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2366
2367 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2368
2369 return ERROR_TARGET_DATA_ABORT;
2370 }
2371
2372 return ERROR_OK;
2373 }
2374
2375 int arm7_9_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2376 {
2377 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2378 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2379 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2380
2381 uint32_t reg[16];
2382 uint32_t num_accesses = 0;
2383 int thisrun_accesses;
2384 int i;
2385 uint32_t cpsr;
2386 int retval;
2387 int last_reg = 0;
2388
2389 #ifdef _DEBUG_ARM7_9_
2390 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2391 #endif
2392
2393 if (target->state != TARGET_HALTED)
2394 {
2395 LOG_WARNING("target not halted");
2396 return ERROR_TARGET_NOT_HALTED;
2397 }
2398
2399 /* sanitize arguments */
2400 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2401 return ERROR_INVALID_ARGUMENTS;
2402
2403 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2404 return ERROR_TARGET_UNALIGNED_ACCESS;
2405
2406 /* load the base register with the address of the first word */
2407 reg[0] = address;
2408 arm7_9->write_core_regs(target, 0x1, reg);
2409
2410 /* Clear DBGACK, to make sure memory fetches work as expected */
2411 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2412 embeddedice_store_reg(dbg_ctrl);
2413
2414 switch (size)
2415 {
2416 case 4:
2417 while (num_accesses < count)
2418 {
2419 uint32_t reg_list;
2420 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2421 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2422
2423 for (i = 1; i <= thisrun_accesses; i++)
2424 {
2425 if (i > last_reg)
2426 last_reg = i;
2427 reg[i] = target_buffer_get_u32(target, buffer);
2428 buffer += 4;
2429 }
2430
2431 arm7_9->write_core_regs(target, reg_list, reg);
2432
2433 arm7_9->store_word_regs(target, reg_list);
2434
2435 /* fast memory writes are only safe when the target is running
2436 * from a sufficiently high clock (32 kHz is usually too slow)
2437 */
2438 if (arm7_9->fast_memory_access)
2439 retval = arm7_9_execute_fast_sys_speed(target);
2440 else
2441 retval = arm7_9_execute_sys_speed(target);
2442 if (retval != ERROR_OK)
2443 {
2444 return retval;
2445 }
2446
2447 num_accesses += thisrun_accesses;
2448 }
2449 break;
2450 case 2:
2451 while (num_accesses < count)
2452 {
2453 uint32_t reg_list;
2454 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2455 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2456
2457 for (i = 1; i <= thisrun_accesses; i++)
2458 {
2459 if (i > last_reg)
2460 last_reg = i;
2461 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2462 buffer += 2;
2463 }
2464
2465 arm7_9->write_core_regs(target, reg_list, reg);
2466
2467 for (i = 1; i <= thisrun_accesses; i++)
2468 {
2469 arm7_9->store_hword_reg(target, i);
2470
2471 /* fast memory writes are only safe when the target is running
2472 * from a sufficiently high clock (32 kHz is usually too slow)
2473 */
2474 if (arm7_9->fast_memory_access)
2475 retval = arm7_9_execute_fast_sys_speed(target);
2476 else
2477 retval = arm7_9_execute_sys_speed(target);
2478 if (retval != ERROR_OK)
2479 {
2480 return retval;
2481 }
2482 }
2483
2484 num_accesses += thisrun_accesses;
2485 }
2486 break;
2487 case 1:
2488 while (num_accesses < count)
2489 {
2490 uint32_t reg_list;
2491 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2492 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2493
2494 for (i = 1; i <= thisrun_accesses; i++)
2495 {
2496 if (i > last_reg)
2497 last_reg = i;
2498 reg[i] = *buffer++ & 0xff;
2499 }
2500
2501 arm7_9->write_core_regs(target, reg_list, reg);
2502
2503 for (i = 1; i <= thisrun_accesses; i++)
2504 {
2505 arm7_9->store_byte_reg(target, i);
2506 /* fast memory writes are only safe when the target is running
2507 * from a sufficiently high clock (32 kHz is usually too slow)
2508 */
2509 if (arm7_9->fast_memory_access)
2510 retval = arm7_9_execute_fast_sys_speed(target);
2511 else
2512 retval = arm7_9_execute_sys_speed(target);
2513 if (retval != ERROR_OK)
2514 {
2515 return retval;
2516 }
2517
2518 }
2519
2520 num_accesses += thisrun_accesses;
2521 }
2522 break;
2523 default:
2524 LOG_ERROR("BUG: we shouldn't get here");
2525 exit(-1);
2526 break;
2527 }
2528
2529 /* Re-Set DBGACK */
2530 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2531 embeddedice_store_reg(dbg_ctrl);
2532
2533 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2534 return ERROR_FAIL;
2535
2536 for (i = 0; i <= last_reg; i++)
2537 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2538
2539 arm7_9->read_xpsr(target, &cpsr, 0);
2540 if ((retval = jtag_execute_queue()) != ERROR_OK)
2541 {
2542 LOG_ERROR("JTAG error while reading cpsr");
2543 return ERROR_TARGET_DATA_ABORT;
2544 }
2545
2546 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2547 {
2548 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2549
2550 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2551
2552 return ERROR_TARGET_DATA_ABORT;
2553 }
2554
2555 return ERROR_OK;
2556 }
2557
2558 static int dcc_count;
2559 static uint8_t *dcc_buffer;
2560
2561 static int arm7_9_dcc_completion(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2562 {
2563 int retval = ERROR_OK;
2564 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2565
2566 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2567 return retval;
2568
2569 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2570 int count = dcc_count;
2571 uint8_t *buffer = dcc_buffer;
2572 if (count > 2)
2573 {
2574 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2575 * core function repeated. */
2576 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2577 buffer += 4;
2578
2579 struct embeddedice_reg *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2580 uint8_t reg_addr = ice_reg->addr & 0x1f;
2581 struct jtag_tap *tap;
2582 tap = ice_reg->jtag_info->tap;
2583
2584 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2585 buffer += (count-2)*4;
2586
2587 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2588 } else
2589 {
2590 int i;
2591 for (i = 0; i < count; i++)
2592 {
2593 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2594 buffer += 4;
2595 }
2596 }
2597
2598 if ((retval = target_halt(target))!= ERROR_OK)
2599 {
2600 return retval;
2601 }
2602 return target_wait_state(target, TARGET_HALTED, 500);
2603 }
2604
2605 static const uint32_t dcc_code[] =
2606 {
2607 /* r0 == input, points to memory buffer
2608 * r1 == scratch
2609 */
2610
2611 /* spin until DCC control (c0) reports data arrived */
2612 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2613 0xe3110001, /* tst r1, #1 */
2614 0x0afffffc, /* bne w */
2615
2616 /* read word from DCC (c1), write to memory */
2617 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2618 0xe4801004, /* str r1, [r0], #4 */
2619
2620 /* repeat */
2621 0xeafffff9 /* b w */
2622 };
2623
2624 int armv4_5_run_algorithm_inner(struct target *target, int num_mem_params, struct mem_param *mem_params, int num_reg_params, struct reg_param *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2625
2626 int arm7_9_bulk_write_memory(struct target *target, uint32_t address, uint32_t count, uint8_t *buffer)
2627 {
2628 int retval;
2629 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2630 int i;
2631
2632 if (!arm7_9->dcc_downloads)
2633 return target_write_memory(target, address, 4, count, buffer);
2634
2635 /* regrab previously allocated working_area, or allocate a new one */
2636 if (!arm7_9->dcc_working_area)
2637 {
2638 uint8_t dcc_code_buf[6 * 4];
2639
2640 /* make sure we have a working area */
2641 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2642 {
2643 LOG_INFO("no working area available, falling back to memory writes");
2644 return target_write_memory(target, address, 4, count, buffer);
2645 }
2646
2647 /* copy target instructions to target endianness */
2648 for (i = 0; i < 6; i++)
2649 {
2650 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2651 }
2652
2653 /* write DCC code to working area */
2654 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2655 {
2656 return retval;
2657 }
2658 }
2659
2660 struct armv4_5_algorithm armv4_5_info;
2661 struct reg_param reg_params[1];
2662
2663 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2664 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2665 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2666
2667 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2668
2669 buf_set_u32(reg_params[0].value, 0, 32, address);
2670
2671 dcc_count = count;
2672 dcc_buffer = buffer;
2673 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2674 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2675
2676 if (retval == ERROR_OK)
2677 {
2678 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2679 if (endaddress != (address + count*4))
2680 {
2681 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2682 retval = ERROR_FAIL;
2683 }
2684 }
2685
2686 destroy_reg_param(&reg_params[0]);
2687
2688 return retval;
2689 }
2690
2691 int arm7_9_checksum_memory(struct target *target, uint32_t address, uint32_t count, uint32_t* checksum)
2692 {
2693 struct working_area *crc_algorithm;
2694 struct armv4_5_algorithm armv4_5_info;
2695 struct reg_param reg_params[2];
2696 int retval;
2697
2698 static const uint32_t arm7_9_crc_code[] = {
2699 0xE1A02000, /* mov r2, r0 */
2700 0xE3E00000, /* mov r0, #0xffffffff */
2701 0xE1A03001, /* mov r3, r1 */
2702 0xE3A04000, /* mov r4, #0 */
2703 0xEA00000B, /* b ncomp */
2704 /* nbyte: */
2705 0xE7D21004, /* ldrb r1, [r2, r4] */
2706 0xE59F7030, /* ldr r7, CRC32XOR */
2707 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2708 0xE3A05000, /* mov r5, #0 */
2709 /* loop: */
2710 0xE3500000, /* cmp r0, #0 */
2711 0xE1A06080, /* mov r6, r0, asl #1 */
2712 0xE2855001, /* add r5, r5, #1 */
2713 0xE1A00006, /* mov r0, r6 */
2714 0xB0260007, /* eorlt r0, r6, r7 */
2715 0xE3550008, /* cmp r5, #8 */
2716 0x1AFFFFF8, /* bne loop */
2717 0xE2844001, /* add r4, r4, #1 */
2718 /* ncomp: */
2719 0xE1540003, /* cmp r4, r3 */
2720 0x1AFFFFF1, /* bne nbyte */
2721 /* end: */
2722 0xEAFFFFFE, /* b end */
2723 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2724 };
2725
2726 uint32_t i;
2727
2728 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2729 {
2730 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2731 }
2732
2733 /* convert flash writing code into a buffer in target endianness */
2734 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2735 {
2736 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2737 {
2738 return retval;
2739 }
2740 }
2741
2742 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2743 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2744 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2745
2746 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2747 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2748
2749 buf_set_u32(reg_params[0].value, 0, 32, address);
2750 buf_set_u32(reg_params[1].value, 0, 32, count);
2751
2752 /* 20 second timeout/megabyte */
2753 int timeout = 20000 * (1 + (count / (1024*1024)));
2754
2755 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2756 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), timeout, &armv4_5_info)) != ERROR_OK)
2757 {
2758 LOG_ERROR("error executing arm7_9 crc algorithm");
2759 destroy_reg_param(&reg_params[0]);
2760 destroy_reg_param(&reg_params[1]);
2761 target_free_working_area(target, crc_algorithm);
2762 return retval;
2763 }
2764
2765 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2766
2767 destroy_reg_param(&reg_params[0]);
2768 destroy_reg_param(&reg_params[1]);
2769
2770 target_free_working_area(target, crc_algorithm);
2771
2772 return ERROR_OK;
2773 }
2774
2775 int arm7_9_blank_check_memory(struct target *target, uint32_t address, uint32_t count, uint32_t* blank)
2776 {
2777 struct working_area *erase_check_algorithm;
2778 struct reg_param reg_params[3];
2779 struct armv4_5_algorithm armv4_5_info;
2780 int retval;
2781 uint32_t i;
2782
2783 static const uint32_t erase_check_code[] =
2784 {
2785 /* loop: */
2786 0xe4d03001, /* ldrb r3, [r0], #1 */
2787 0xe0022003, /* and r2, r2, r3 */
2788 0xe2511001, /* subs r1, r1, #1 */
2789 0x1afffffb, /* bne loop */
2790 /* end: */
2791 0xeafffffe /* b end */
2792 };
2793
2794 /* make sure we have a working area */
2795 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2796 {
2797 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2798 }
2799
2800 /* convert flash writing code into a buffer in target endianness */
2801 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2802 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2803 {
2804 return retval;
2805 }
2806
2807 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2808 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2809 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2810
2811 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2812 buf_set_u32(reg_params[0].value, 0, 32, address);
2813
2814 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2815 buf_set_u32(reg_params[1].value, 0, 32, count);
2816
2817 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2818 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2819
2820 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2821 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2822 {
2823 destroy_reg_param(&reg_params[0]);
2824 destroy_reg_param(&reg_params[1]);
2825 destroy_reg_param(&reg_params[2]);
2826 target_free_working_area(target, erase_check_algorithm);
2827 return 0;
2828 }
2829
2830 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2831
2832 destroy_reg_param(&reg_params[0]);
2833 destroy_reg_param(&reg_params[1]);
2834 destroy_reg_param(&reg_params[2]);
2835
2836 target_free_working_area(target, erase_check_algorithm);
2837
2838 return ERROR_OK;
2839 }
2840
2841 COMMAND_HANDLER(handle_arm7_9_write_xpsr_command)
2842 {
2843 uint32_t value;
2844 int spsr;
2845 int retval;
2846 struct target *target = get_current_target(cmd_ctx);
2847 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2848
2849 if (!is_arm7_9(arm7_9))
2850 {
2851 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2852 return ERROR_TARGET_INVALID;
2853 }
2854
2855 if (target->state != TARGET_HALTED)
2856 {
2857 command_print(cmd_ctx, "can't write registers while running");
2858 return ERROR_FAIL;
2859 }
2860
2861 if (argc < 2)
2862 {
2863 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2864 return ERROR_FAIL;
2865 }
2866
2867 COMMAND_PARSE_NUMBER(u32, args[0], value);
2868 COMMAND_PARSE_NUMBER(int, args[1], spsr);
2869
2870 /* if we're writing the CPSR, mask the T bit */
2871 if (!spsr)
2872 value &= ~0x20;
2873
2874 arm7_9->write_xpsr(target, value, spsr);
2875 if ((retval = jtag_execute_queue()) != ERROR_OK)
2876 {
2877 LOG_ERROR("JTAG error while writing to xpsr");
2878 return retval;
2879 }
2880
2881 return ERROR_OK;
2882 }
2883
2884 COMMAND_HANDLER(handle_arm7_9_write_xpsr_im8_command)
2885 {
2886 uint32_t value;
2887 int rotate;
2888 int spsr;
2889 int retval;
2890 struct target *target = get_current_target(cmd_ctx);
2891 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2892
2893 if (!is_arm7_9(arm7_9))
2894 {
2895 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2896 return ERROR_TARGET_INVALID;
2897 }
2898
2899 if (target->state != TARGET_HALTED)
2900 {
2901 command_print(cmd_ctx, "can't write registers while running");
2902 return ERROR_FAIL;
2903 }
2904
2905 if (argc < 3)
2906 {
2907 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2908 return ERROR_FAIL;
2909 }
2910
2911 COMMAND_PARSE_NUMBER(u32, args[0], value);
2912 COMMAND_PARSE_NUMBER(int, args[1], rotate);
2913 COMMAND_PARSE_NUMBER(int, args[2], spsr);
2914
2915 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2916 if ((retval = jtag_execute_queue()) != ERROR_OK)
2917 {
2918 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2919 return retval;
2920 }
2921
2922 return ERROR_OK;
2923 }
2924
2925 COMMAND_HANDLER(handle_arm7_9_write_core_reg_command)
2926 {
2927 uint32_t value;
2928 uint32_t mode;
2929 int num;
2930 struct target *target = get_current_target(cmd_ctx);
2931 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2932
2933 if (!is_arm7_9(arm7_9))
2934 {
2935 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2936 return ERROR_TARGET_INVALID;
2937 }
2938
2939 if (target->state != TARGET_HALTED)
2940 {
2941 command_print(cmd_ctx, "can't write registers while running");
2942 return ERROR_FAIL;
2943 }
2944
2945 if (argc < 3)
2946 {
2947 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2948 return ERROR_FAIL;
2949 }
2950
2951 COMMAND_PARSE_NUMBER(int, args[0], num);
2952 COMMAND_PARSE_NUMBER(u32, args[1], mode);
2953 COMMAND_PARSE_NUMBER(u32, args[2], value);
2954
2955 return arm7_9_write_core_reg(target, num, mode, value);
2956 }
2957
2958 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2959 {
2960 struct target *target = get_current_target(cmd_ctx);
2961 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2962
2963 if (!is_arm7_9(arm7_9))
2964 {
2965 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2966 return ERROR_TARGET_INVALID;
2967 }
2968
2969 if (argc > 0)
2970 {
2971 if (strcmp("enable", args[0]) == 0)
2972 {
2973 arm7_9->use_dbgrq = 1;
2974 }
2975 else if (strcmp("disable", args[0]) == 0)
2976 {
2977 arm7_9->use_dbgrq = 0;
2978 }
2979 else
2980 {
2981 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
2982 }
2983 }
2984
2985 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2986
2987 return ERROR_OK;
2988 }
2989
2990 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2991 {
2992 struct target *target = get_current_target(cmd_ctx);
2993 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2994
2995 if (!is_arm7_9(arm7_9))
2996 {
2997 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2998 return ERROR_TARGET_INVALID;
2999 }
3000
3001 if (argc > 0)
3002 {
3003 if (strcmp("enable", args[0]) == 0)
3004 {
3005 arm7_9->fast_memory_access = 1;
3006 }
3007 else if (strcmp("disable", args[0]) == 0)
3008 {
3009 arm7_9->fast_memory_access = 0;
3010 }
3011 else
3012 {
3013 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3014 }
3015 }
3016
3017 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3018
3019 return ERROR_OK;
3020 }
3021
3022 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
3023 {
3024 struct target *target = get_current_target(cmd_ctx);
3025 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
3026
3027 if (!is_arm7_9(arm7_9))
3028 {
3029 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3030 return ERROR_TARGET_INVALID;
3031 }
3032
3033 if (argc > 0)
3034 {
3035 if (strcmp("enable", args[0]) == 0)
3036 {
3037 arm7_9->dcc_downloads = 1;
3038 }
3039 else if (strcmp("disable"