Code Review / openocd.git / blob
? search:


ea04f3f85bb74e2c58487eebc9afca0525afc8e7
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(struct target *target);
41
42 /**
43 * Clear watchpoints for an ARM7/9 target.
44 *
45 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
46 * @return JTAG error status after executing queue
47 */
48 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
49 {
50 LOG_DEBUG("-");
51 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
52 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
53 arm7_9->sw_breakpoint_count = 0;
54 arm7_9->sw_breakpoints_added = 0;
55 arm7_9->wp0_used = 0;
56 arm7_9->wp1_used = arm7_9->wp1_used_default;
57 arm7_9->wp_available = arm7_9->wp_available_max;
58
59 return jtag_execute_queue();
60 }
61
62 /**
63 * Assign a watchpoint to one of the two available hardware comparators in an
64 * ARM7 or ARM9 target.
65 *
66 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
67 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
68 */
69 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
70 {
71 if (!arm7_9->wp0_used)
72 {
73 arm7_9->wp0_used = 1;
74 breakpoint->set = 1;
75 arm7_9->wp_available--;
76 }
77 else if (!arm7_9->wp1_used)
78 {
79 arm7_9->wp1_used = 1;
80 breakpoint->set = 2;
81 arm7_9->wp_available--;
82 }
83 else
84 {
85 LOG_ERROR("BUG: no hardware comparator available");
86 }
87 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
88 breakpoint->unique_id,
89 breakpoint->address,
90 breakpoint->set );
91 }
92
93 /**
94 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
95 *
96 * @param arm7_9 Pointer to common struct for ARM7/9 targets
97 * @return Error codes if there is a problem finding a watchpoint or the result
98 * of executing the JTAG queue
99 */
100 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
101 {
102 if (arm7_9->sw_breakpoints_added)
103 {
104 return ERROR_OK;
105 }
106 if (arm7_9->wp_available < 1)
107 {
108 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
109 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
110 }
111 arm7_9->wp_available--;
112
113 /* pick a breakpoint unit */
114 if (!arm7_9->wp0_used)
115 {
116 arm7_9->sw_breakpoints_added = 1;
117 arm7_9->wp0_used = 3;
118 } else if (!arm7_9->wp1_used)
119 {
120 arm7_9->sw_breakpoints_added = 2;
121 arm7_9->wp1_used = 3;
122 }
123 else
124 {
125 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
126 return ERROR_FAIL;
127 }
128
129 if (arm7_9->sw_breakpoints_added == 1)
130 {
131 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
132 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
133 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
134 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
135 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
136 }
137 else if (arm7_9->sw_breakpoints_added == 2)
138 {
139 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
140 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
141 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
144 }
145 else
146 {
147 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
148 return ERROR_FAIL;
149 }
150 LOG_DEBUG("SW BP using hw wp: %d",
151 arm7_9->sw_breakpoints_added );
152
153 return jtag_execute_queue();
154 }
155
156 /**
157 * Setup the common pieces for an ARM7/9 target after reset or on startup.
158 *
159 * @param target Pointer to an ARM7/9 target to setup
160 * @return Result of clearing the watchpoints on the target
161 */
162 int arm7_9_setup(struct target *target)
163 {
164 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
165
166 return arm7_9_clear_watchpoints(arm7_9);
167 }
168
169 /**
170 * Set either a hardware or software breakpoint on an ARM7/9 target. The
171 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
172 * might have erased the values in Embedded ICE.
173 *
174 * @param target Pointer to the target device to set the breakpoints on
175 * @param breakpoint Pointer to the breakpoint to be set
176 * @return For hardware breakpoints, this is the result of executing the JTAG
177 * queue. For software breakpoints, this will be the status of the
178 * required memory reads and writes
179 */
180 int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
181 {
182 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
183 int retval = ERROR_OK;
184
185 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
186 breakpoint->unique_id,
187 breakpoint->address,
188 breakpoint->type);
189
190 if (target->state != TARGET_HALTED)
191 {
192 LOG_WARNING("target not halted");
193 return ERROR_TARGET_NOT_HALTED;
194 }
195
196 if (breakpoint->type == BKPT_HARD)
197 {
198 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
199 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
200
201 /* reassign a hw breakpoint */
202 if (breakpoint->set == 0)
203 {
204 arm7_9_assign_wp(arm7_9, breakpoint);
205 }
206
207 if (breakpoint->set == 1)
208 {
209 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
210 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
211 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
212 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
213 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
214 }
215 else if (breakpoint->set == 2)
216 {
217 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
218 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
219 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
220 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
221 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
222 }
223 else
224 {
225 LOG_ERROR("BUG: no hardware comparator available");
226 return ERROR_OK;
227 }
228
229 retval = jtag_execute_queue();
230 }
231 else if (breakpoint->type == BKPT_SOFT)
232 {
233 /* did we already set this breakpoint? */
234 if (breakpoint->set)
235 return ERROR_OK;
236
237 if (breakpoint->length == 4)
238 {
239 uint32_t verify = 0xffffffff;
240 /* keep the original instruction in target endianness */
241 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
242 {
243 return retval;
244 }
245 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
246 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
247 {
248 return retval;
249 }
250
251 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
252 {
253 return retval;
254 }
255 if (verify != arm7_9->arm_bkpt)
256 {
257 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
258 return ERROR_OK;
259 }
260 }
261 else
262 {
263 uint16_t verify = 0xffff;
264 /* keep the original instruction in target endianness */
265 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
266 {
267 return retval;
268 }
269 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
270 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
271 {
272 return retval;
273 }
274
275 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
276 {
277 return retval;
278 }
279 if (verify != arm7_9->thumb_bkpt)
280 {
281 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
282 return ERROR_OK;
283 }
284 }
285
286 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
287 return retval;
288
289 arm7_9->sw_breakpoint_count++;
290
291 breakpoint->set = 1;
292 }
293
294 return retval;
295 }
296
297 /**
298 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
299 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
300 * will be updated. Otherwise, the software breakpoint will be restored to its
301 * original instruction if it hasn't already been modified.
302 *
303 * @param target Pointer to ARM7/9 target to unset the breakpoint from
304 * @param breakpoint Pointer to breakpoint to be unset
305 * @return For hardware breakpoints, this is the result of executing the JTAG
306 * queue. For software breakpoints, this will be the status of the
307 * required memory reads and writes
308 */
309 int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
310 {
311 int retval = ERROR_OK;
312 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
313
314 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
315 breakpoint->unique_id,
316 breakpoint->address );
317
318 if (!breakpoint->set)
319 {
320 LOG_WARNING("breakpoint not set");
321 return ERROR_OK;
322 }
323
324 if (breakpoint->type == BKPT_HARD)
325 {
326 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
327 breakpoint->unique_id,
328 breakpoint->set );
329 if (breakpoint->set == 1)
330 {
331 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
332 arm7_9->wp0_used = 0;
333 arm7_9->wp_available++;
334 }
335 else if (breakpoint->set == 2)
336 {
337 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
338 arm7_9->wp1_used = 0;
339 arm7_9->wp_available++;
340 }
341 retval = jtag_execute_queue();
342 breakpoint->set = 0;
343 }
344 else
345 {
346 /* restore original instruction (kept in target endianness) */
347 if (breakpoint->length == 4)
348 {
349 uint32_t current_instr;
350 /* check that user program as not modified breakpoint instruction */
351 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
352 {
353 return retval;
354 }
355 if (current_instr == arm7_9->arm_bkpt)
356 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
357 {
358 return retval;
359 }
360 }
361 else
362 {
363 uint16_t current_instr;
364 /* check that user program as not modified breakpoint instruction */
365 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
366 {
367 return retval;
368 }
369 if (current_instr == arm7_9->thumb_bkpt)
370 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
371 {
372 return retval;
373 }
374 }
375
376 if (--arm7_9->sw_breakpoint_count==0)
377 {
378 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
379 if (arm7_9->sw_breakpoints_added == 1)
380 {
381 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
382 }
383 else if (arm7_9->sw_breakpoints_added == 2)
384 {
385 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
386 }
387 }
388
389 breakpoint->set = 0;
390 }
391
392 return retval;
393 }
394
395 /**
396 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
397 * dangling breakpoints and that the desired breakpoint can be added.
398 *
399 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
400 * @param breakpoint Pointer to the breakpoint to be added
401 * @return An error status if there is a problem adding the breakpoint or the
402 * result of setting the breakpoint
403 */
404 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
405 {
406 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
407
408 if (target->state != TARGET_HALTED)
409 {
410 LOG_WARNING("target not halted");
411 return ERROR_TARGET_NOT_HALTED;
412 }
413
414 if (arm7_9->breakpoint_count == 0)
415 {
416 /* make sure we don't have any dangling breakpoints. This is vital upon
417 * GDB connect/disconnect
418 */
419 arm7_9_clear_watchpoints(arm7_9);
420 }
421
422 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
423 {
424 LOG_INFO("no watchpoint unit available for hardware breakpoint");
425 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
426 }
427
428 if ((breakpoint->length != 2) && (breakpoint->length != 4))
429 {
430 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
431 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
432 }
433
434 if (breakpoint->type == BKPT_HARD)
435 {
436 arm7_9_assign_wp(arm7_9, breakpoint);
437 }
438
439 arm7_9->breakpoint_count++;
440
441 return arm7_9_set_breakpoint(target, breakpoint);
442 }
443
444 /**
445 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
446 * dangling breakpoints and updates available watchpoints if it is a hardware
447 * breakpoint.
448 *
449 * @param target Pointer to the target to have a breakpoint removed
450 * @param breakpoint Pointer to the breakpoint to be removed
451 * @return Error status if there was a problem unsetting the breakpoint or the
452 * watchpoints could not be cleared
453 */
454 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
455 {
456 int retval = ERROR_OK;
457 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
458
459 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
460 {
461 return retval;
462 }
463
464 if (breakpoint->type == BKPT_HARD)
465 arm7_9->wp_available++;
466
467 arm7_9->breakpoint_count--;
468 if (arm7_9->breakpoint_count == 0)
469 {
470 /* make sure we don't have any dangling breakpoints */
471 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
472 {
473 return retval;
474 }
475 }
476
477 return ERROR_OK;
478 }
479
480 /**
481 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
482 * considered a bug to call this function when there are no available watchpoint
483 * units.
484 *
485 * @param target Pointer to an ARM7/9 target to set a watchpoint on
486 * @param watchpoint Pointer to the watchpoint to be set
487 * @return Error status if watchpoint set fails or the result of executing the
488 * JTAG queue
489 */
490 int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
491 {
492 int retval = ERROR_OK;
493 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
494 int rw_mask = 1;
495 uint32_t mask;
496
497 mask = watchpoint->length - 1;
498
499 if (target->state != TARGET_HALTED)
500 {
501 LOG_WARNING("target not halted");
502 return ERROR_TARGET_NOT_HALTED;
503 }
504
505 if (watchpoint->rw == WPT_ACCESS)
506 rw_mask = 0;
507 else
508 rw_mask = 1;
509
510 if (!arm7_9->wp0_used)
511 {
512 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
513 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
514 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
515 if (watchpoint->mask != 0xffffffffu)
516 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
517 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
518 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
519
520 if ((retval = jtag_execute_queue()) != ERROR_OK)
521 {
522 return retval;
523 }
524 watchpoint->set = 1;
525 arm7_9->wp0_used = 2;
526 }
527 else if (!arm7_9->wp1_used)
528 {
529 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
530 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
531 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
532 if (watchpoint->mask != 0xffffffffu)
533 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
534 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
535 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
536
537 if ((retval = jtag_execute_queue()) != ERROR_OK)
538 {
539 return retval;
540 }
541 watchpoint->set = 2;
542 arm7_9->wp1_used = 2;
543 }
544 else
545 {
546 LOG_ERROR("BUG: no hardware comparator available");
547 return ERROR_OK;
548 }
549
550 return ERROR_OK;
551 }
552
553 /**
554 * Unset an existing watchpoint and clear the used watchpoint unit.
555 *
556 * @param target Pointer to the target to have the watchpoint removed
557 * @param watchpoint Pointer to the watchpoint to be removed
558 * @return Error status while trying to unset the watchpoint or the result of
559 * executing the JTAG queue
560 */
561 int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
562 {
563 int retval = ERROR_OK;
564 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
565
566 if (target->state != TARGET_HALTED)
567 {
568 LOG_WARNING("target not halted");
569 return ERROR_TARGET_NOT_HALTED;
570 }
571
572 if (!watchpoint->set)
573 {
574 LOG_WARNING("breakpoint not set");
575 return ERROR_OK;
576 }
577
578 if (watchpoint->set == 1)
579 {
580 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
581 if ((retval = jtag_execute_queue()) != ERROR_OK)
582 {
583 return retval;
584 }
585 arm7_9->wp0_used = 0;
586 }
587 else if (watchpoint->set == 2)
588 {
589 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
590 if ((retval = jtag_execute_queue()) != ERROR_OK)
591 {
592 return retval;
593 }
594 arm7_9->wp1_used = 0;
595 }
596 watchpoint->set = 0;
597
598 return ERROR_OK;
599 }
600
601 /**
602 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
603 * available, an error response is returned.
604 *
605 * @param target Pointer to the ARM7/9 target to add a watchpoint to
606 * @param watchpoint Pointer to the watchpoint to be added
607 * @return Error status while trying to add the watchpoint
608 */
609 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
610 {
611 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
612
613 if (target->state != TARGET_HALTED)
614 {
615 LOG_WARNING("target not halted");
616 return ERROR_TARGET_NOT_HALTED;
617 }
618
619 if (arm7_9->wp_available < 1)
620 {
621 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
622 }
623
624 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
625 {
626 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
627 }
628
629 arm7_9->wp_available--;
630
631 return ERROR_OK;
632 }
633
634 /**
635 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
636 * the used watchpoint unit will be reopened.
637 *
638 * @param target Pointer to the target to remove a watchpoint from
639 * @param watchpoint Pointer to the watchpoint to be removed
640 * @return Result of trying to unset the watchpoint
641 */
642 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
643 {
644 int retval = ERROR_OK;
645 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
646
647 if (watchpoint->set)
648 {
649 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
650 {
651 return retval;
652 }
653 }
654
655 arm7_9->wp_available++;
656
657 return ERROR_OK;
658 }
659
660 /**
661 * Restarts the target by sending a RESTART instruction and moving the JTAG
662 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
663 * asserted by the processor.
664 *
665 * @param target Pointer to target to issue commands to
666 * @return Error status if there is a timeout or a problem while executing the
667 * JTAG queue
668 */
669 int arm7_9_execute_sys_speed(struct target *target)
670 {
671 int retval;
672 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
673 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
674 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
675
676 /* set RESTART instruction */
677 jtag_set_end_state(TAP_IDLE);
678 if (arm7_9->need_bypass_before_restart) {
679 arm7_9->need_bypass_before_restart = 0;
680 arm_jtag_set_instr(jtag_info, 0xf, NULL);
681 }
682 arm_jtag_set_instr(jtag_info, 0x4, NULL);
683
684 long long then = timeval_ms();
685 int timeout;
686 while (!(timeout = ((timeval_ms()-then) > 1000)))
687 {
688 /* read debug status register */
689 embeddedice_read_reg(dbg_stat);
690 if ((retval = jtag_execute_queue()) != ERROR_OK)
691 return retval;
692 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
693 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
694 break;
695 if (debug_level >= 3)
696 {
697 alive_sleep(100);
698 } else
699 {
700 keep_alive();
701 }
702 }
703 if (timeout)
704 {
705 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
706 return ERROR_TARGET_TIMEOUT;
707 }
708
709 return ERROR_OK;
710 }
711
712 /**
713 * Restarts the target by sending a RESTART instruction and moving the JTAG
714 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
715 * waiting until they are.
716 *
717 * @param target Pointer to the target to issue commands to
718 * @return Always ERROR_OK
719 */
720 int arm7_9_execute_fast_sys_speed(struct target *target)
721 {
722 static int set = 0;
723 static uint8_t check_value[4], check_mask[4];
724
725 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
726 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
727 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
728
729 /* set RESTART instruction */
730 jtag_set_end_state(TAP_IDLE);
731 if (arm7_9->need_bypass_before_restart) {
732 arm7_9->need_bypass_before_restart = 0;
733 arm_jtag_set_instr(jtag_info, 0xf, NULL);
734 }
735 arm_jtag_set_instr(jtag_info, 0x4, NULL);
736
737 if (!set)
738 {
739 /* check for DBGACK and SYSCOMP set (others don't care) */
740
741 /* NB! These are constants that must be available until after next jtag_execute() and
742 * we evaluate the values upon first execution in lieu of setting up these constants
743 * during early setup.
744 * */
745 buf_set_u32(check_value, 0, 32, 0x9);
746 buf_set_u32(check_mask, 0, 32, 0x9);
747 set = 1;
748 }
749
750 /* read debug status register */
751 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
752
753 return ERROR_OK;
754 }
755
756 /**
757 * Get some data from the ARM7/9 target.
758 *
759 * @param target Pointer to the ARM7/9 target to read data from
760 * @param size The number of 32bit words to be read
761 * @param buffer Pointer to the buffer that will hold the data
762 * @return The result of receiving data from the Embedded ICE unit
763 */
764 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
765 {
766 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
767 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
768 uint32_t *data;
769 int retval = ERROR_OK;
770 uint32_t i;
771
772 data = malloc(size * (sizeof(uint32_t)));
773
774 retval = embeddedice_receive(jtag_info, data, size);
775
776 /* return the 32-bit ints in the 8-bit array */
777 for (i = 0; i < size; i++)
778 {
779 h_u32_to_le(buffer + (i * 4), data[i]);
780 }
781
782 free(data);
783
784 return retval;
785 }
786
787 /**
788 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
789 * target is running and the DCC control register has the W bit high, this will
790 * execute the request on the target.
791 *
792 * @param priv Void pointer expected to be a struct target pointer
793 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
794 * from the Embedded ICE unit
795 */
796 int arm7_9_handle_target_request(void *priv)
797 {
798 int retval = ERROR_OK;
799 struct target *target = priv;
800 if (!target_was_examined(target))
801 return ERROR_OK;
802 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
803 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
804 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
805
806 if (!target->dbg_msg_enabled)
807 return ERROR_OK;
808
809 if (target->state == TARGET_RUNNING)
810 {
811 /* read DCC control register */
812 embeddedice_read_reg(dcc_control);
813 if ((retval = jtag_execute_queue()) != ERROR_OK)
814 {
815 return retval;
816 }
817
818 /* check W bit */
819 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
820 {
821 uint32_t request;
822
823 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
824 {
825 return retval;
826 }
827 if ((retval = target_request(target, request)) != ERROR_OK)
828 {
829 return retval;
830 }
831 }
832 }
833
834 return ERROR_OK;
835 }
836
837 /**
838 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
839 * is manipulated to the right halted state based on its current state. This is
840 * what happens:
841 *
842 * <table>
843 * <tr><th > State</th><th > Action</th></tr>
844 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
845 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
846 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
847 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
848 * </table>
849 *
850 * If the target does not end up in the halted state, a warning is produced. If
851 * DBGACK is cleared, then the target is expected to either be running or
852 * running in debug.
853 *
854 * @param target Pointer to the ARM7/9 target to poll
855 * @return ERROR_OK or an error status if a command fails
856 */
857 int arm7_9_poll(struct target *target)
858 {
859 int retval;
860 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
861 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
862
863 /* read debug status register */
864 embeddedice_read_reg(dbg_stat);
865 if ((retval = jtag_execute_queue()) != ERROR_OK)
866 {
867 return retval;
868 }
869
870 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
871 {
872 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
873 if (target->state == TARGET_UNKNOWN)
874 {
875 /* Starting OpenOCD with target in debug-halt */
876 target->state = TARGET_RUNNING;
877 LOG_DEBUG("DBGACK already set during server startup.");
878 }
879 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
880 {
881 int check_pc = 0;
882 if (target->state == TARGET_RESET)
883 {
884 if (target->reset_halt)
885 {
886 enum reset_types jtag_reset_config = jtag_get_reset_config();
887 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
888 {
889 check_pc = 1;
890 }
891 }
892 }
893
894 target->state = TARGET_HALTED;
895
896 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
897 return retval;
898
899 if (check_pc)
900 {
901 struct reg *reg = register_get_by_name(target->reg_cache, "pc", 1);
902 uint32_t t=*((uint32_t *)reg->value);
903 if (t != 0)
904 {
905 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
906 }
907 }
908
909 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
910 {
911 return retval;
912 }
913 }
914 if (target->state == TARGET_DEBUG_RUNNING)
915 {
916 target->state = TARGET_HALTED;
917 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
918 return retval;
919
920 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
921 {
922 return retval;
923 }
924 }
925 if (target->state != TARGET_HALTED)
926 {
927 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
928 }
929 }
930 else
931 {
932 if (target->state != TARGET_DEBUG_RUNNING)
933 target->state = TARGET_RUNNING;
934 }
935
936 return ERROR_OK;
937 }
938
939 /**
940 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
941 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
942 * affected) completely stop the JTAG clock while the core is held in reset
943 * (SRST). It isn't possible to program the halt condition once reset is
944 * asserted, hence a hook that allows the target to set up its reset-halt
945 * condition is setup prior to asserting reset.
946 *
947 * @param target Pointer to an ARM7/9 target to assert reset on
948 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
949 */
950 int arm7_9_assert_reset(struct target *target)
951 {
952 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
953
954 LOG_DEBUG("target->state: %s",
955 target_state_name(target));
956
957 enum reset_types jtag_reset_config = jtag_get_reset_config();
958 if (!(jtag_reset_config & RESET_HAS_SRST))
959 {
960 LOG_ERROR("Can't assert SRST");
961 return ERROR_FAIL;
962 }
963
964 /* At this point trst has been asserted/deasserted once. We would
965 * like to program EmbeddedICE while SRST is asserted, instead of
966 * depending on SRST to leave that module alone. However, many CPUs
967 * gate the JTAG clock while SRST is asserted; or JTAG may need
968 * clock stability guarantees (adaptive clocking might help).
969 *
970 * So we assume JTAG access during SRST is off the menu unless it's
971 * been specifically enabled.
972 */
973 bool srst_asserted = false;
974
975 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
976 && (jtag_reset_config & RESET_SRST_NO_GATING))
977 {
978 jtag_add_reset(0, 1);
979 srst_asserted = true;
980 }
981
982 if (target->reset_halt)
983 {
984 /*
985 * Some targets do not support communication while SRST is asserted. We need to
986 * set up the reset vector catch here.
987 *
988 * If TRST is asserted, then these settings will be reset anyway, so setting them
989 * here is harmless.
990 */
991 if (arm7_9->has_vector_catch)
992 {
993 /* program vector catch register to catch reset vector */
994 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
995
996 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
997 jtag_add_runtest(1, jtag_get_end_state());
998 }
999 else
1000 {
1001 /* program watchpoint unit to match on reset vector address */
1002 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1003 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1004 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1005 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1006 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1007 }
1008 }
1009
1010 /* here we should issue an SRST only, but we may have to assert TRST as well */
1011 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1012 {
1013 jtag_add_reset(1, 1);
1014 } else if (!srst_asserted)
1015 {
1016 jtag_add_reset(0, 1);
1017 }
1018
1019 target->state = TARGET_RESET;
1020 jtag_add_sleep(50000);
1021
1022 armv4_5_invalidate_core_regs(target);
1023
1024 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1025 {
1026 /* debug entry was already prepared in arm7_9_assert_reset() */
1027 target->debug_reason = DBG_REASON_DBGRQ;
1028 }
1029
1030 return ERROR_OK;
1031 }
1032
1033 /**
1034 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1035 * and the target is being reset into a halt, a warning will be triggered
1036 * because it is not possible to reset into a halted mode in this case. The
1037 * target is halted using the target's functions.
1038 *
1039 * @param target Pointer to the target to have the reset deasserted
1040 * @return ERROR_OK or an error from polling or halting the target
1041 */
1042 int arm7_9_deassert_reset(struct target *target)
1043 {
1044 int retval = ERROR_OK;
1045 LOG_DEBUG("target->state: %s",
1046 target_state_name(target));
1047
1048 /* deassert reset lines */
1049 jtag_add_reset(0, 0);
1050
1051 enum reset_types jtag_reset_config = jtag_get_reset_config();
1052 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1053 {
1054 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1055 /* set up embedded ice registers again */
1056 if ((retval = target_examine_one(target)) != ERROR_OK)
1057 return retval;
1058
1059 if ((retval = target_poll(target)) != ERROR_OK)
1060 {
1061 return retval;
1062 }
1063
1064 if ((retval = target_halt(target)) != ERROR_OK)
1065 {
1066 return retval;
1067 }
1068
1069 }
1070 return retval;
1071 }
1072
1073 /**
1074 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1075 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1076 * vector catch was used, it is restored. Otherwise, the control value is
1077 * restored and the watchpoint unit is restored if it was in use.
1078 *
1079 * @param target Pointer to the ARM7/9 target to have halt cleared
1080 * @return Always ERROR_OK
1081 */
1082 int arm7_9_clear_halt(struct target *target)
1083 {
1084 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1085 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1086
1087 /* we used DBGRQ only if we didn't come out of reset */
1088 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1089 {
1090 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1091 */
1092 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1093 embeddedice_store_reg(dbg_ctrl);
1094 }
1095 else
1096 {
1097 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1098 {
1099 /* if we came out of reset, and vector catch is supported, we used
1100 * vector catch to enter debug state
1101 * restore the register in that case
1102 */
1103 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1104 }
1105 else
1106 {
1107 /* restore registers if watchpoint unit 0 was in use
1108 */
1109 if (arm7_9->wp0_used)
1110 {
1111 if (arm7_9->debug_entry_from_reset)
1112 {
1113 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1114 }
1115 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1116 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1117 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1118 }
1119 /* control value always has to be restored, as it was either disabled,
1120 * or enabled with possibly different bits
1121 */
1122 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1123 }
1124 }
1125
1126 return ERROR_OK;
1127 }
1128
1129 /**
1130 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1131 * and then there is a wait until the processor shows the halt. This wait can
1132 * timeout and results in an error being returned. The software reset involves
1133 * clearing the halt, updating the debug control register, changing to ARM mode,
1134 * reset of the program counter, and reset of all of the registers.
1135 *
1136 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1137 * @return Error status if any of the commands fail, otherwise ERROR_OK
1138 */
1139 int arm7_9_soft_reset_halt(struct target *target)
1140 {
1141 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1142 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1143 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1144 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1145 int i;
1146 int retval;
1147
1148 /* FIX!!! replace some of this code with tcl commands
1149 *
1150 * halt # the halt command is synchronous
1151 * armv4_5 core_state arm
1152 *
1153 */
1154
1155 if ((retval = target_halt(target)) != ERROR_OK)
1156 return retval;
1157
1158 long long then = timeval_ms();
1159 int timeout;
1160 while (!(timeout = ((timeval_ms()-then) > 1000)))
1161 {
1162 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1163 break;
1164 embeddedice_read_reg(dbg_stat);
1165 if ((retval = jtag_execute_queue()) != ERROR_OK)
1166 return retval;
1167 if (debug_level >= 3)
1168 {
1169 alive_sleep(100);
1170 } else
1171 {
1172 keep_alive();
1173 }
1174 }
1175 if (timeout)
1176 {
1177 LOG_ERROR("Failed to halt CPU after 1 sec");
1178 return ERROR_TARGET_TIMEOUT;
1179 }
1180 target->state = TARGET_HALTED;
1181
1182 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1183 * ensure that DBGRQ is cleared
1184 */
1185 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1186 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1187 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1188 embeddedice_store_reg(dbg_ctrl);
1189
1190 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1191 {
1192 return retval;
1193 }
1194
1195 /* if the target is in Thumb state, change to ARM state */
1196 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1197 {
1198 uint32_t r0_thumb, pc_thumb;
1199 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1200 /* Entered debug from Thumb mode */
1201 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1202 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1203 }
1204
1205 /* all register content is now invalid */
1206 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1207 {
1208 return retval;
1209 }
1210
1211 /* SVC, ARM state, IRQ and FIQ disabled */
1212 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1213 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1214 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1215
1216 /* start fetching from 0x0 */
1217 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1218 armv4_5->core_cache->reg_list[15].dirty = 1;
1219 armv4_5->core_cache->reg_list[15].valid = 1;
1220
1221 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1222 armv4_5->core_state = ARMV4_5_STATE_ARM;
1223
1224 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1225 return ERROR_FAIL;
1226
1227 /* reset registers */
1228 for (i = 0; i <= 14; i++)
1229 {
1230 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1231 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1232 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1233 }
1234
1235 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1236 {
1237 return retval;
1238 }
1239
1240 return ERROR_OK;
1241 }
1242
1243 /**
1244 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1245 * line or by programming a watchpoint to trigger on any address. It is
1246 * considered a bug to call this function while the target is in the
1247 * TARGET_RESET state.
1248 *
1249 * @param target Pointer to the ARM7/9 target to be halted
1250 * @return Always ERROR_OK
1251 */
1252 int arm7_9_halt(struct target *target)
1253 {
1254 if (target->state == TARGET_RESET)
1255 {
1256 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1257 return ERROR_OK;
1258 }
1259
1260 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1261 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1262
1263 LOG_DEBUG("target->state: %s",
1264 target_state_name(target));
1265
1266 if (target->state == TARGET_HALTED)
1267 {
1268 LOG_DEBUG("target was already halted");
1269 return ERROR_OK;
1270 }
1271
1272 if (target->state == TARGET_UNKNOWN)
1273 {
1274 LOG_WARNING("target was in unknown state when halt was requested");
1275 }
1276
1277 if (arm7_9->use_dbgrq)
1278 {
1279 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1280 */
1281 if (arm7_9->set_special_dbgrq) {
1282 arm7_9->set_special_dbgrq(target);
1283 } else {
1284 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1285 embeddedice_store_reg(dbg_ctrl);
1286 }
1287 }
1288 else
1289 {
1290 /* program watchpoint unit to match on any address
1291 */
1292 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1293 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1294 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1295 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1296 }
1297
1298 target->debug_reason = DBG_REASON_DBGRQ;
1299
1300 return ERROR_OK;
1301 }
1302
1303 /**
1304 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1305 * ARM. The JTAG queue is then executed and the reason for debug entry is
1306 * examined. Once done, the target is verified to be halted and the processor
1307 * is forced into ARM mode. The core registers are saved for the current core
1308 * mode and the program counter (register 15) is updated as needed. The core
1309 * registers and CPSR and SPSR are saved for restoration later.
1310 *
1311 * @param target Pointer to target that is entering debug mode
1312 * @return Error code if anything fails, otherwise ERROR_OK
1313 */
1314 int arm7_9_debug_entry(struct target *target)
1315 {
1316 int i;
1317 uint32_t context[16];
1318 uint32_t* context_p[16];
1319 uint32_t r0_thumb, pc_thumb;
1320 uint32_t cpsr;
1321 int retval;
1322 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1323 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1324 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1325 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1326
1327 #ifdef _DEBUG_ARM7_9_
1328 LOG_DEBUG("-");
1329 #endif
1330
1331 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1332 * ensure that DBGRQ is cleared
1333 */
1334 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1335 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1336 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1337 embeddedice_store_reg(dbg_ctrl);
1338
1339 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1340 {
1341 return retval;
1342 }
1343
1344 if ((retval = jtag_execute_queue()) != ERROR_OK)
1345 {
1346 return retval;
1347 }
1348
1349 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1350 return retval;
1351
1352
1353 if (target->state != TARGET_HALTED)
1354 {
1355 LOG_WARNING("target not halted");
1356 return ERROR_TARGET_NOT_HALTED;
1357 }
1358
1359 /* if the target is in Thumb state, change to ARM state */
1360 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1361 {
1362 LOG_DEBUG("target entered debug from Thumb state");
1363 /* Entered debug from Thumb mode */
1364 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1365 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1366 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1367 }
1368 else
1369 {
1370 LOG_DEBUG("target entered debug from ARM state");
1371 /* Entered debug from ARM mode */
1372 armv4_5->core_state = ARMV4_5_STATE_ARM;
1373 }
1374
1375 for (i = 0; i < 16; i++)
1376 context_p[i] = &context[i];
1377 /* save core registers (r0 - r15 of current core mode) */
1378 arm7_9->read_core_regs(target, 0xffff, context_p);
1379
1380 arm7_9->read_xpsr(target, &cpsr, 0);
1381
1382 if ((retval = jtag_execute_queue()) != ERROR_OK)
1383 return retval;
1384
1385 /* if the core has been executing in Thumb state, set the T bit */
1386 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1387 cpsr |= 0x20;
1388
1389 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1390 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1391 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1392
1393 armv4_5->core_mode = cpsr & 0x1f;
1394
1395 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1396 {
1397 target->state = TARGET_UNKNOWN;
1398 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1399 return ERROR_TARGET_FAILURE;
1400 }
1401
1402 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1403
1404 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1405 {
1406 LOG_DEBUG("thumb state, applying fixups");
1407 context[0] = r0_thumb;
1408 context[15] = pc_thumb;
1409 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1410 {
1411 /* adjust value stored by STM */
1412 context[15] -= 3 * 4;
1413 }
1414
1415 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1416 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1417 else
1418 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1419
1420 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1421 return ERROR_FAIL;
1422
1423 for (i = 0; i <= 15; i++)
1424 {
1425 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1426 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1427 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1428 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1429 }
1430
1431 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1432
1433 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1434 return ERROR_FAIL;
1435
1436 /* exceptions other than USR & SYS have a saved program status register */
1437 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1438 {
1439 uint32_t spsr;
1440 arm7_9->read_xpsr(target, &spsr, 1);
1441 if ((retval = jtag_execute_queue()) != ERROR_OK)
1442 {
1443 return retval;
1444 }
1445 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1446 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1447 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1448 }
1449
1450 /* r0 and r15 (pc) have to be restored later */
1451 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1452 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1453
1454 if ((retval = jtag_execute_queue()) != ERROR_OK)
1455 return retval;
1456
1457 if (arm7_9->post_debug_entry)
1458 arm7_9->post_debug_entry(target);
1459
1460 return ERROR_OK;
1461 }
1462
1463 /**
1464 * Validate the full context for an ARM7/9 target in all processor modes. If
1465 * there are any invalid registers for the target, they will all be read. This
1466 * includes the PSR.
1467 *
1468 * @param target Pointer to the ARM7/9 target to capture the full context from
1469 * @return Error if the target is not halted, has an invalid core mode, or if
1470 * the JTAG queue fails to execute
1471 */
1472 int arm7_9_full_context(struct target *target)
1473 {
1474 int i;
1475 int retval;
1476 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1477 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1478
1479 LOG_DEBUG("-");
1480
1481 if (target->state != TARGET_HALTED)
1482 {
1483 LOG_WARNING("target not halted");
1484 return ERROR_TARGET_NOT_HALTED;
1485 }
1486
1487 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1488 return ERROR_FAIL;
1489
1490 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1491 * SYS shares registers with User, so we don't touch SYS
1492 */
1493 for (i = 0; i < 6; i++)
1494 {
1495 uint32_t mask = 0;
1496 uint32_t* reg_p[16];
1497 int j;
1498 int valid = 1;
1499
1500 /* check if there are invalid registers in the current mode
1501 */
1502 for (j = 0; j <= 16; j++)
1503 {
1504 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1505 valid = 0;
1506 }
1507
1508 if (!valid)
1509 {
1510 uint32_t tmp_cpsr;
1511
1512 /* change processor mode (and mask T bit) */
1513 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1514 tmp_cpsr |= armv4_5_number_to_mode(i);
1515 tmp_cpsr &= ~0x20;
1516 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1517
1518 for (j = 0; j < 15; j++)
1519 {
1520 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1521 {
1522 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1523 mask |= 1 << j;
1524 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1525 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1526 }
1527 }
1528
1529 /* if only the PSR is invalid, mask is all zeroes */
1530 if (mask)
1531 arm7_9->read_core_regs(target, mask, reg_p);
1532
1533 /* check if the PSR has to be read */
1534 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1535 {
1536 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1537 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1538 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1539 }
1540 }
1541 }
1542
1543 /* restore processor mode (mask T bit) */
1544 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1545
1546 if ((retval = jtag_execute_queue()) != ERROR_OK)
1547 {
1548 return retval;
1549 }
1550 return ERROR_OK;
1551 }
1552
1553 /**
1554 * Restore the processor context on an ARM7/9 target. The full processor
1555 * context is analyzed to see if any of the registers are dirty on this end, but
1556 * have a valid new value. If this is the case, the processor is changed to the
1557 * appropriate mode and the new register values are written out to the
1558 * processor. If there happens to be a dirty register with an invalid value, an
1559 * error will be logged.
1560 *
1561 * @param target Pointer to the ARM7/9 target to have its context restored
1562 * @return Error status if the target is not halted or the core mode in the
1563 * armv4_5 struct is invalid.
1564 */
1565 int arm7_9_restore_context(struct target *target)
1566 {
1567 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1568 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1569 struct reg *reg;
1570 struct armv4_5_core_reg *reg_arch_info;
1571 enum armv4_5_mode current_mode = armv4_5->core_mode;
1572 int i, j;
1573 int dirty;
1574 int mode_change;
1575
1576 LOG_DEBUG("-");
1577
1578 if (target->state != TARGET_HALTED)
1579 {
1580 LOG_WARNING("target not halted");
1581 return ERROR_TARGET_NOT_HALTED;
1582 }
1583
1584 if (arm7_9->pre_restore_context)
1585 arm7_9->pre_restore_context(target);
1586
1587 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1588 return ERROR_FAIL;
1589
1590 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1591 * SYS shares registers with User, so we don't touch SYS
1592 */
1593 for (i = 0; i < 6; i++)
1594 {
1595 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1596 dirty = 0;
1597 mode_change = 0;
1598 /* check if there are dirty registers in the current mode
1599 */
1600 for (j = 0; j <= 16; j++)
1601 {
1602 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1603 reg_arch_info = reg->arch_info;
1604 if (reg->dirty == 1)
1605 {
1606 if (reg->valid == 1)
1607 {
1608 dirty = 1;
1609 LOG_DEBUG("examining dirty reg: %s", reg->name);
1610 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1611 && (reg_arch_info->mode != current_mode)
1612 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1613 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1614 {
1615 mode_change = 1;
1616 LOG_DEBUG("require mode change");
1617 }
1618 }
1619 else
1620 {
1621 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1622 }
1623 }
1624 }
1625
1626 if (dirty)
1627 {
1628 uint32_t mask = 0x0;
1629 int num_regs = 0;
1630 uint32_t regs[16];
1631
1632 if (mode_change)
1633 {
1634 uint32_t tmp_cpsr;
1635
1636 /* change processor mode (mask T bit) */
1637 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1638 tmp_cpsr |= armv4_5_number_to_mode(i);
1639 tmp_cpsr &= ~0x20;
1640 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1641 current_mode = armv4_5_number_to_mode(i);
1642 }
1643
1644 for (j = 0; j <= 14; j++)
1645 {
1646 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1647 reg_arch_info = reg->arch_info;
1648
1649
1650 if (reg->dirty == 1)
1651 {
1652 regs[j] = buf_get_u32(reg->value, 0, 32);
1653 mask |= 1 << j;
1654 num_regs++;
1655 reg->dirty = 0;
1656 reg->valid = 1;
1657 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1658 }
1659 }
1660
1661 if (mask)
1662 {
1663 arm7_9->write_core_regs(target, mask, regs);
1664 }
1665
1666 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1667 reg_arch_info = reg->arch_info;
1668 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1669 {
1670 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1671 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1672 }
1673 }
1674 }
1675
1676 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1677 {
1678 /* restore processor mode (mask T bit) */
1679 uint32_t tmp_cpsr;
1680
1681 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1682 tmp_cpsr |= armv4_5_number_to_mode(i);
1683 tmp_cpsr &= ~0x20;
1684 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1685 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1686 }
1687 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1688 {
1689 /* CPSR has been changed, full restore necessary (mask T bit) */
1690 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1691 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1692 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1693 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1694 }
1695
1696 /* restore PC */
1697 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1698 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1699 armv4_5->core_cache->reg_list[15].dirty = 0;
1700
1701 if (arm7_9->post_restore_context)
1702 arm7_9->post_restore_context(target);
1703
1704 return ERROR_OK;
1705 }
1706
1707 /**
1708 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1709 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1710 * restart.
1711 *
1712 * @param target Pointer to the ARM7/9 target to be restarted
1713 * @return Result of executing the JTAG queue
1714 */
1715 int arm7_9_restart_core(struct target *target)
1716 {
1717 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1718 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1719
1720 /* set RESTART instruction */
1721 jtag_set_end_state(TAP_IDLE);
1722 if (arm7_9->need_bypass_before_restart) {
1723 arm7_9->need_bypass_before_restart = 0;
1724 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1725 }
1726 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1727
1728 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1729 return jtag_execute_queue();
1730 }
1731
1732 /**
1733 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1734 * iterated through and are set on the target if they aren't already set.
1735 *
1736 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1737 */
1738 void arm7_9_enable_watchpoints(struct target *target)
1739 {
1740 struct watchpoint *watchpoint = target->watchpoints;
1741
1742 while (watchpoint)
1743 {
1744 if (watchpoint->set == 0)
1745 arm7_9_set_watchpoint(target, watchpoint);
1746 watchpoint = watchpoint->next;
1747 }
1748 }
1749
1750 /**
1751 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1752 * iterated through and are set on the target.
1753 *
1754 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1755 */
1756 void arm7_9_enable_breakpoints(struct target *target)
1757 {
1758 struct breakpoint *breakpoint = target->breakpoints;
1759
1760 /* set any pending breakpoints */
1761 while (breakpoint)
1762 {
1763 arm7_9_set_breakpoint(target, breakpoint);
1764 breakpoint = breakpoint->next;
1765 }
1766 }
1767
1768 int arm7_9_resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1769 {
1770 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1771 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1772 struct breakpoint *breakpoint = target->breakpoints;
1773 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1774 int err, retval = ERROR_OK;
1775
1776 LOG_DEBUG("-");
1777
1778 if (target->state != TARGET_HALTED)
1779 {
1780 LOG_WARNING("target not halted");
1781 return ERROR_TARGET_NOT_HALTED;
1782 }
1783
1784 if (!debug_execution)
1785 {
1786 target_free_all_working_areas(target);
1787 }
1788
1789 /* current = 1: continue on current pc, otherwise continue at <address> */
1790 if (!current)
1791 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1792
1793 uint32_t current_pc;
1794 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1795
1796 /* the front-end may request us not to handle breakpoints */
1797 if (handle_breakpoints)
1798 {
1799 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1800 {
1801 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1802 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1803 {
1804 return retval;
1805 }
1806
1807 /* calculate PC of next instruction */
1808 uint32_t next_pc;
1809 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1810 {
1811 uint32_t current_opcode;
1812 target_read_u32(target, current_pc, &current_opcode);
1813 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1814 return retval;
1815 }
1816
1817 LOG_DEBUG("enable single-step");
1818 arm7_9->enable_single_step(target, next_pc);
1819
1820 target->debug_reason = DBG_REASON_SINGLESTEP;
1821
1822 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1823 {
1824 return retval;
1825 }
1826
1827 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1828 arm7_9->branch_resume(target);
1829 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1830 {
1831 arm7_9->branch_resume_thumb(target);
1832 }
1833 else
1834 {
1835 LOG_ERROR("unhandled core state");
1836 return ERROR_FAIL;
1837 }
1838
1839 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1840 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1841 err = arm7_9_execute_sys_speed(target);
1842
1843 LOG_DEBUG("disable single-step");
1844 arm7_9->disable_single_step(target);
1845
1846 if (err != ERROR_OK)
1847 {
1848 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1849 {
1850 return retval;
1851 }
1852 target->state = TARGET_UNKNOWN;
1853 return err;
1854 }
1855
1856 arm7_9_debug_entry(target);
1857 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1858
1859 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1860 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1861 {
1862 return retval;
1863 }
1864 }
1865 }
1866
1867 /* enable any pending breakpoints and watchpoints */
1868 arm7_9_enable_breakpoints(target);
1869 arm7_9_enable_watchpoints(target);
1870
1871 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1872 {
1873 return retval;
1874 }
1875
1876 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1877 {
1878 arm7_9->branch_resume(target);
1879 }
1880 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1881 {
1882 arm7_9->branch_resume_thumb(target);
1883 }
1884 else
1885 {
1886 LOG_ERROR("unhandled core state");
1887 return ERROR_FAIL;
1888 }
1889
1890 /* deassert DBGACK and INTDIS */
1891 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1892 /* INTDIS only when we really resume, not during debug execution */
1893 if (!debug_execution)
1894 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1895 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1896
1897 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1898 {
1899 return retval;
1900 }
1901
1902 target->debug_reason = DBG_REASON_NOTHALTED;
1903
1904 if (!debug_execution)
1905 {
1906 /* registers are now invalid */
1907 armv4_5_invalidate_core_regs(target);
1908 target->state = TARGET_RUNNING;
1909 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1910 {
1911 return retval;
1912 }
1913 }
1914 else
1915 {
1916 target->state = TARGET_DEBUG_RUNNING;
1917 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1918 {
1919 return retval;
1920 }
1921 }
1922
1923 LOG_DEBUG("target resumed");
1924
1925 return ERROR_OK;
1926 }
1927
1928 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1929 {
1930 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1931 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1932 uint32_t current_pc;
1933 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1934
1935 if (next_pc != current_pc)
1936 {
1937 /* setup an inverse breakpoint on the current PC
1938 * - comparator 1 matches the current address
1939 * - rangeout from comparator 1 is connected to comparator 0 rangein
1940 * - comparator 0 matches any address, as long as rangein is low */
1941 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1942 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1943 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1944 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1945 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1946 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1947 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1948 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1949 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1950 }
1951 else
1952 {
1953 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1954 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1955 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1956 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1957 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1958 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1959 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1960 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1961 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1962 }
1963 }
1964
1965 void arm7_9_disable_eice_step(struct target *target)
1966 {
1967 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1968
1969 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1970 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1971 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1972 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1973 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1974 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1975 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1976 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1977 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1978 }
1979
1980 int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
1981 {
1982 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1983 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1984 struct breakpoint *breakpoint = NULL;
1985 int err, retval;
1986
1987 if (target->state != TARGET_HALTED)
1988 {
1989 LOG_WARNING("target not halted");
1990 return ERROR_TARGET_NOT_HALTED;
1991 }
1992
1993 /* current = 1: continue on current pc, otherwise continue at <address> */
1994 if (!current)
1995 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1996
1997 uint32_t current_pc;
1998 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1999
2000 /* the front-end may request us not to handle breakpoints */
2001 if (handle_breakpoints)
2002 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2003 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2004 {
2005 return retval;
2006 }
2007
2008 target->debug_reason = DBG_REASON_SINGLESTEP;
2009
2010 /* calculate PC of next instruction */
2011 uint32_t next_pc;
2012 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2013 {
2014 uint32_t current_opcode;
2015 target_read_u32(target, current_pc, &current_opcode);
2016 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2017 return retval;
2018 }
2019
2020 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2021 {
2022 return retval;
2023 }
2024
2025 arm7_9->enable_single_step(target, next_pc);
2026
2027 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2028 {
2029 arm7_9->branch_resume(target);
2030 }
2031 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2032 {
2033 arm7_9->branch_resume_thumb(target);
2034 }
2035 else
2036 {
2037 LOG_ERROR("unhandled core state");
2038 return ERROR_FAIL;
2039 }
2040
2041 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2042 {
2043 return retval;
2044 }
2045
2046 err = arm7_9_execute_sys_speed(target);
2047 arm7_9->disable_single_step(target);
2048
2049 /* registers are now invalid */
2050 armv4_5_invalidate_core_regs(target);
2051
2052 if (err != ERROR_OK)
2053 {
2054 target->state = TARGET_UNKNOWN;
2055 } else {
2056 arm7_9_debug_entry(target);
2057 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2058 {
2059 return retval;
2060 }
2061 LOG_DEBUG("target stepped");
2062 }
2063
2064 if (breakpoint)
2065 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2066 {
2067 return retval;
2068 }
2069
2070 return err;
2071 }
2072
2073 int arm7_9_read_core_reg(struct target *target, int num, enum armv4_5_mode mode)
2074 {
2075 uint32_t* reg_p[16];
2076 uint32_t value;
2077 int retval;
2078 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2079 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2080
2081 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2082 return ERROR_FAIL;
2083
2084 enum armv4_5_mode reg_mode = ((struct armv4_5_core_reg*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2085
2086 if ((num < 0) || (num > 16))
2087 return ERROR_INVALID_ARGUMENTS;
2088
2089 if ((mode != ARMV4_5_MODE_ANY)
2090 && (mode != armv4_5->core_mode)
2091 && (reg_mode != ARMV4_5_MODE_ANY))
2092 {
2093 uint32_t tmp_cpsr;
2094
2095 /* change processor mode (mask T bit) */
2096 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2097 tmp_cpsr |= mode;
2098 tmp_cpsr &= ~0x20;
2099 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2100 }
2101
2102 if ((num >= 0) && (num <= 15))
2103 {
2104 /* read a normal core register */
2105 reg_p[num] = &value;
2106
2107 arm7_9->read_core_regs(target, 1 << num, reg_p);
2108 }
2109 else
2110 {
2111 /* read a program status register
2112 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2113 */
2114 struct armv4_5_core_reg *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2115 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2116
2117 arm7_9->read_xpsr(target, &value, spsr);
2118 }
2119
2120 if ((retval = jtag_execute_queue()) != ERROR_OK)
2121 {
2122 return retval;
2123 }
2124
2125 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2126 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2127 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2128
2129 if ((mode != ARMV4_5_MODE_ANY)
2130 && (mode != armv4_5->core_mode)
2131 && (reg_mode != ARMV4_5_MODE_ANY)) {
2132 /* restore processor mode (mask T bit) */
2133 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2134 }
2135
2136 return ERROR_OK;
2137 }
2138
2139 int arm7_9_write_core_reg(struct target *target, int num, enum armv4_5_mode mode, uint32_t value)
2140 {
2141 uint32_t reg[16];
2142 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2143 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2144
2145 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2146 return ERROR_FAIL;
2147
2148 enum armv4_5_mode reg_mode = ((struct armv4_5_core_reg*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2149
2150 if ((num < 0) || (num > 16))
2151 return ERROR_INVALID_ARGUMENTS;
2152
2153 if ((mode != ARMV4_5_MODE_ANY)
2154 && (mode != armv4_5->core_mode)
2155 && (reg_mode != ARMV4_5_MODE_ANY)) {
2156 uint32_t tmp_cpsr;
2157
2158 /* change processor mode (mask T bit) */
2159 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2160 tmp_cpsr |= mode;
2161 tmp_cpsr &= ~0x20;
2162 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2163 }
2164
2165 if ((num >= 0) && (num <= 15))
2166 {
2167 /* write a normal core register */
2168 reg[num] = value;
2169
2170 arm7_9->write_core_regs(target, 1 << num, reg);
2171 }
2172 else
2173 {
2174 /* write a program status register
2175 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2176 */
2177 struct armv4_5_core_reg *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2178 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2179
2180 /* if we're writing the CPSR, mask the T bit */
2181 if (!spsr)
2182 value &= ~0x20;
2183
2184 arm7_9->write_xpsr(target, value, spsr);
2185 }
2186
2187 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2188 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2189
2190 if ((mode != ARMV4_5_MODE_ANY)
2191 && (mode != armv4_5->core_mode)
2192 && (reg_mode != ARMV4_5_MODE_ANY)) {
2193 /* restore processor mode (mask T bit) */
2194 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2195 }
2196
2197 return jtag_execute_queue();
2198 }
2199
2200 int arm7_9_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2201 {
2202 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2203 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2204 uint32_t reg[16];
2205 uint32_t num_accesses = 0;
2206 int thisrun_accesses;
2207 int i;
2208 uint32_t cpsr;
2209 int retval;
2210 int last_reg = 0;
2211
2212 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2213
2214 if (target->state != TARGET_HALTED)
2215 {
2216 LOG_WARNING("target not halted");
2217 return ERROR_TARGET_NOT_HALTED;
2218 }
2219
2220 /* sanitize arguments */
2221 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2222 return ERROR_INVALID_ARGUMENTS;
2223
2224 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2225 return ERROR_TARGET_UNALIGNED_ACCESS;
2226
2227 /* load the base register with the address of the first word */
2228 reg[0] = address;
2229 arm7_9->write_core_regs(target, 0x1, reg);
2230
2231 int j = 0;
2232
2233 switch (size)
2234 {
2235 case 4:
2236 while (num_accesses < count)
2237 {
2238 uint32_t reg_list;
2239 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2240 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2241
2242 if (last_reg <= thisrun_accesses)
2243 last_reg = thisrun_accesses;
2244
2245 arm7_9->load_word_regs(target, reg_list);
2246
2247 /* fast memory reads are only safe when the target is running
2248 * from a sufficiently high clock (32 kHz is usually too slow)
2249 */
2250 if (arm7_9->fast_memory_access)
2251 retval = arm7_9_execute_fast_sys_speed(target);
2252 else
2253 retval = arm7_9_execute_sys_speed(target);
2254 if (retval != ERROR_OK)
2255 return retval;
2256
2257 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2258
2259 /* advance buffer, count number of accesses */
2260 buffer += thisrun_accesses * 4;
2261 num_accesses += thisrun_accesses;
2262
2263 if ((j++%1024) == 0)
2264 {
2265 keep_alive();
2266 }
2267 }
2268 break;
2269 case 2:
2270 while (num_accesses < count)
2271 {
2272 uint32_t reg_list;
2273 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2274 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2275
2276 for (i = 1; i <= thisrun_accesses; i++)
2277 {
2278 if (i > last_reg)
2279 last_reg = i;
2280 arm7_9->load_hword_reg(target, i);
2281 /* fast memory reads are only safe when the target is running
2282 * from a sufficiently high clock (32 kHz is usually too slow)
2283 */
2284 if (arm7_9->fast_memory_access)
2285 retval = arm7_9_execute_fast_sys_speed(target);
2286 else
2287 retval = arm7_9_execute_sys_speed(target);
2288 if (retval != ERROR_OK)
2289 {
2290 return retval;
2291 }
2292
2293 }
2294
2295 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2296
2297 /* advance buffer, count number of accesses */
2298 buffer += thisrun_accesses * 2;
2299 num_accesses += thisrun_accesses;
2300
2301 if ((j++%1024) == 0)
2302 {
2303 keep_alive();
2304 }
2305 }
2306 break;
2307 case 1:
2308 while (num_accesses < count)
2309 {
2310 uint32_t reg_list;
2311 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2312 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2313
2314 for (i = 1; i <= thisrun_accesses; i++)
2315 {
2316 if (i > last_reg)
2317 last_reg = i;
2318 arm7_9->load_byte_reg(target, i);
2319 /* fast memory reads are only safe when the target is running
2320 * from a sufficiently high clock (32 kHz is usually too slow)
2321 */
2322 if (arm7_9->fast_memory_access)
2323 retval = arm7_9_execute_fast_sys_speed(target);
2324 else
2325 retval = arm7_9_execute_sys_speed(target);
2326 if (retval != ERROR_OK)
2327 {
2328 return retval;
2329 }
2330 }
2331
2332 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2333
2334 /* advance buffer, count number of accesses */
2335 buffer += thisrun_accesses * 1;
2336 num_accesses += thisrun_accesses;
2337
2338 if ((j++%1024) == 0)
2339 {
2340 keep_alive();
2341 }
2342 }
2343 break;
2344 default:
2345 LOG_ERROR("BUG: we shouldn't get here");
2346 exit(-1);
2347 break;
2348 }
2349
2350 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2351 return ERROR_FAIL;
2352
2353 for (i = 0; i <= last_reg; i++)
2354 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2355
2356 arm7_9->read_xpsr(target, &cpsr, 0);
2357 if ((retval = jtag_execute_queue()) != ERROR_OK)
2358 {
2359 LOG_ERROR("JTAG error while reading cpsr");
2360 return ERROR_TARGET_DATA_ABORT;
2361 }
2362
2363 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2364 {
2365 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2366
2367 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2368
2369 return ERROR_TARGET_DATA_ABORT;
2370 }
2371
2372 return ERROR_OK;
2373 }
2374
2375 int arm7_9_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2376 {
2377 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2378 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2379 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2380
2381 uint32_t reg[16];
2382 uint32_t num_accesses = 0;
2383 int thisrun_accesses;
2384 int i;
2385 uint32_t cpsr;
2386 int retval;
2387 int last_reg = 0;
2388
2389 #ifdef _DEBUG_ARM7_9_
2390 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2391 #endif
2392
2393 if (target->state != TARGET_HALTED)
2394 {
2395 LOG_WARNING("target not halted");
2396 return ERROR_TARGET_NOT_HALTED;
2397 }
2398
2399 /* sanitize arguments */
2400 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2401 return ERROR_INVALID_ARGUMENTS;
2402
2403 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2404 return ERROR_TARGET_UNALIGNED_ACCESS;
2405
2406 /* load the base register with the address of the first word */
2407 reg[0] = address;
2408 arm7_9->write_core_regs(target, 0x1, reg);
2409
2410 /* Clear DBGACK, to make sure memory fetches work as expected */
2411 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2412 embeddedice_store_reg(dbg_ctrl);
2413
2414 switch (size)
2415 {
2416 case 4:
2417 while (num_accesses < count)
2418 {
2419 uint32_t reg_list;
2420 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2421 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2422
2423 for (i = 1; i <= thisrun_accesses; i++)
2424 {
2425 if (i > last_reg)
2426 last_reg = i;
2427 reg[i] = target_buffer_get_u32(target, buffer);
2428 buffer += 4;
2429 }
2430
2431 arm7_9->write_core_regs(target, reg_list, reg);
2432
2433 arm7_9->store_word_regs(target, reg_list);
2434
2435 /* fast memory writes are only safe when the target is running
2436 * from a sufficiently high clock (32 kHz is usually too slow)
2437 */
2438 if (arm7_9->fast_memory_access)
2439 retval = arm7_9_execute_fast_sys_speed(target);
2440 else
2441 retval = arm7_9_execute_sys_speed(target);
2442 if (retval != ERROR_OK)
2443 {
2444 return retval;
2445 }
2446
2447 num_accesses += thisrun_accesses;
2448 }
2449 break;
2450 case 2:
2451 while (num_accesses < count)
2452 {
2453 uint32_t reg_list;
2454 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2455 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2456
2457 for (i = 1; i <= thisrun_accesses; i++)
2458 {
2459 if (i > last_reg)
2460 last_reg = i;
2461 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2462 buffer += 2;
2463 }
2464
2465 arm7_9->write_core_regs(target, reg_list, reg);
2466
2467 for (i = 1; i <= thisrun_accesses; i++)
2468 {
2469 arm7_9->store_hword_reg(target, i);
2470
2471 /* fast memory writes are only safe when the target is running
2472 * from a sufficiently high clock (32 kHz is usually too slow)
2473 */
2474 if (arm7_9->fast_memory_access)
2475 retval = arm7_9_execute_fast_sys_speed(target);
2476 else
2477 retval = arm7_9_execute_sys_speed(target);
2478 if (retval != ERROR_OK)
2479 {
2480 return retval;
2481 }
2482 }
2483
2484 num_accesses += thisrun_accesses;
2485 }
2486 break;
2487 case 1:
2488 while (num_accesses < count)
2489 {
2490 uint32_t reg_list;
2491 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2492 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2493
2494 for (i = 1; i <= thisrun_accesses; i++)
2495 {
2496 if (i > last_reg)
2497 last_reg = i;
2498 reg[i] = *buffer++ & 0xff;
2499 }
2500
2501 arm7_9->write_core_regs(target, reg_list, reg);
2502
2503 for (i = 1; i <= thisrun_accesses; i++)
2504 {
2505 arm7_9->store_byte_reg(target, i);
2506 /* fast memory writes are only safe when the target is running
2507 * from a sufficiently high clock (32 kHz is usually too slow)
2508 */
2509 if (arm7_9->fast_memory_access)
2510 retval = arm7_9_execute_fast_sys_speed(target);
2511 else
2512 retval = arm7_9_execute_sys_speed(target);
2513 if (retval != ERROR_OK)
2514 {
2515 return retval;
2516 }
2517
2518 }
2519
2520 num_accesses += thisrun_accesses;
2521 }
2522 break;
2523 default:
2524 LOG_ERROR("BUG: we shouldn't get here");
2525 exit(-1);
2526 break;
2527 }
2528
2529 /* Re-Set DBGACK */
2530 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2531 embeddedice_store_reg(dbg_ctrl);
2532
2533 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2534 return ERROR_FAIL;
2535
2536 for (i = 0; i <= last_reg; i++)
2537 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2538
2539 arm7_9->read_xpsr(target, &cpsr, 0);
2540 if ((retval = jtag_execute_queue()) != ERROR_OK)
2541 {
2542 LOG_ERROR("JTAG error while reading cpsr");
2543 return ERROR_TARGET_DATA_ABORT;
2544 }
2545
2546 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2547 {
2548 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2549
2550 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2551
2552 return ERROR_TARGET_DATA_ABORT;
2553 }
2554
2555 return ERROR_OK;
2556 }
2557
2558 static int dcc_count;
2559 static uint8_t *dcc_buffer;
2560
2561 static int arm7_9_dcc_completion(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2562 {
2563 int retval = ERROR_OK;
2564 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2565
2566 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2567 return retval;
2568
2569 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2570 int count = dcc_count;
2571 uint8_t *buffer = dcc_buffer;
2572 if (count > 2)
2573 {
2574 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2575 * core function repeated. */
2576 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2577 buffer += 4;
2578
2579 struct embeddedice_reg *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2580 uint8_t reg_addr = ice_reg->addr & 0x1f;
2581 struct jtag_tap *tap;
2582 tap = ice_reg->jtag_info->tap;
2583
2584 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2585 buffer += (count-2)*4;
2586
2587 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2588 } else
2589 {
2590 int i;
2591 for (i = 0; i < count; i++)
2592 {
2593 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2594 buffer += 4;
2595 }
2596 }
2597
2598 if ((retval = target_halt(target))!= ERROR_OK)
2599 {
2600 return retval;
2601 }
2602 return target_wait_state(target, TARGET_HALTED, 500);
2603 }
2604
2605 static const uint32_t dcc_code[] =
2606 {
2607 /* r0 == input, points to memory buffer
2608 * r1 == scratch
2609 */
2610
2611 /* spin until DCC control (c0) reports data arrived */
2612 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2613 0xe3110001, /* tst r1, #1 */
2614 0x0afffffc, /* bne w */
2615
2616 /* read word from DCC (c1), write to memory */
2617 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2618 0xe4801004, /* str r1, [r0], #4 */
2619
2620 /* repeat */
2621 0xeafffff9 /* b w */
2622 };
2623
2624 int armv4_5_run_algorithm_inner(struct target *target, int num_mem_params, struct mem_param *mem_params, int num_reg_params, struct reg_param *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2625
2626 int arm7_9_bulk_write_memory(struct target *target, uint32_t address, uint32_t count, uint8_t *buffer)
2627 {
2628 int retval;
2629 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2630 int i;
2631
2632 if (!arm7_9->dcc_downloads)
2633 return target_write_memory(target, address, 4, count, buffer);
2634
2635 /* regrab previously allocated working_area, or allocate a new one */
2636 if (!arm7_9->dcc_working_area)
2637 {
2638 uint8_t dcc_code_buf[6 * 4];
2639
2640 /* make sure we have a working area */
2641 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2642 {
2643 LOG_INFO("no working area available, falling back to memory writes");
2644 return target_write_memory(target, address, 4, count, buffer);
2645 }
2646
2647 /* copy target instructions to target endianness */
2648 for (i = 0; i < 6; i++)
2649 {
2650 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2651 }
2652
2653 /* write DCC code to working area */
2654 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2655 {
2656 return retval;
2657 }
2658 }
2659
2660 struct armv4_5_algorithm armv4_5_info;
2661 struct reg_param reg_params[1];
2662
2663 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2664 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2665 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2666
2667 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2668
2669 buf_set_u32(reg_params[0].value, 0, 32, address);
2670
2671 dcc_count = count;
2672 dcc_buffer = buffer;
2673 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2674 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2675
2676 if (retval == ERROR_OK)
2677 {
2678 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2679 if (endaddress != (address + count*4))
2680 {
2681 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2682 retval = ERROR_FAIL;
2683 }
2684 }
2685
2686 destroy_reg_param(&reg_params[0]);
2687
2688 return retval;
2689 }
2690
2691 int arm7_9_checksum_memory(struct target *target, uint32_t address, uint32_t count, uint32_t* checksum)
2692 {
2693 struct working_area *crc_algorithm;
2694 struct armv4_5_algorithm armv4_5_info;
2695 struct reg_param reg_params[2];
2696 int retval;
2697
2698 static const uint32_t arm7_9_crc_code[] = {
2699 0xE1A02000, /* mov r2, r0 */
2700 0xE3E00000, /* mov r0, #0xffffffff */
2701 0xE1A03001, /* mov r3, r1 */
2702 0xE3A04000, /* mov r4, #0 */
2703 0xEA00000B, /* b ncomp */
2704 /* nbyte: */
2705 0xE7D21004, /* ldrb r1, [r2, r4] */
2706 0xE59F7030, /* ldr r7, CRC32XOR */
2707 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2708 0xE3A05000, /* mov r5, #0 */
2709 /* loop: */
2710 0xE3500000, /* cmp r0, #0 */
2711 0xE1A06080, /* mov r6, r0, asl #1 */
2712 0xE2855001, /* add r5, r5, #1 */
2713 0xE1A00006, /* mov r0, r6 */
2714 0xB0260007, /* eorlt r0, r6, r7 */
2715 0xE3550008, /* cmp r5, #8 */
2716 0x1AFFFFF8, /* bne loop */
2717 0xE2844001, /* add r4, r4, #1 */
2718 /* ncomp: */
2719 0xE1540003, /* cmp r4, r3 */
2720 0x1AFFFFF1, /* bne nbyte */
2721 /* end: */
2722 0xEAFFFFFE, /* b end */
2723 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2724 };
2725
2726 uint32_t i;
2727
2728 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2729 {
2730 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2731 }
2732
2733 /* convert flash writing code into a buffer in target endianness */
2734 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2735 {
2736 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2737 {
2738 return retval;
2739 }
2740 }
2741
2742 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2743 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2744 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2745
2746 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2747 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2748
2749 buf_set_u32(reg_params[0].value, 0, 32, address);
2750 buf_set_u32(reg_params[1].value, 0, 32, count);
2751
2752 /* 20 second timeout/megabyte */
2753 int timeout = 20000 * (1 + (count / (1024*1024)));
2754
2755 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2756 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), timeout, &armv4_5_info)) != ERROR_OK)
2757 {
2758 LOG_ERROR("error executing arm7_9 crc algorithm");
2759 destroy_reg_param(&reg_params[0]);
2760 destroy_reg_param(&reg_params[1]);
2761 target_free_working_area(target, crc_algorithm);
2762 return retval;
2763 }
2764
2765 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2766
2767 destroy_reg_param(&reg_params[0]);
2768 destroy_reg_param(&reg_params[1]);
2769
2770 target_free_working_area(target, crc_algorithm);
2771
2772 return ERROR_OK;
2773 }
2774
2775 int arm7_9_blank_check_memory(struct target *target, uint32_t address, uint32_t count, uint32_t* blank)
2776 {
2777 struct working_area *erase_check_algorithm;
2778 struct reg_param reg_params[3];
2779 struct armv4_5_algorithm armv4_5_info;
2780 int retval;
2781 uint32_t i;
2782
2783 static const uint32_t erase_check_code[] =
2784 {
2785 /* loop: */
2786 0xe4d03001, /* ldrb r3, [r0], #1 */
2787 0xe0022003, /* and r2, r2, r3 */
2788 0xe2511001, /* subs r1, r1, #1 */
2789 0x1afffffb, /* bne loop */
2790 /* end: */
2791 0xeafffffe /* b end */
2792 };
2793
2794 /* make sure we have a working area */
2795 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2796 {
2797 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2798 }
2799
2800 /* convert flash writing code into a buffer in target endianness */
2801 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2802 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2803 {
2804 return retval;
2805 }
2806
2807 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2808 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2809 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2810
2811 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2812 buf_set_u32(reg_params[0].value, 0, 32, address);
2813
2814 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2815 buf_set_u32(reg_params[1].value, 0, 32, count);
2816
2817 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2818 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2819
2820 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2821 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2822 {
2823 destroy_reg_param(&reg_params[0]);
2824 destroy_reg_param(&reg_params[1]);
2825 destroy_reg_param(&reg_params[2]);
2826 target_free_working_area(target, erase_check_algorithm);
2827 return 0;
2828 }
2829
2830 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2831
2832 destroy_reg_param(&reg_params[0]);
2833 destroy_reg_param(&reg_params[1]);
2834 destroy_reg_param(&reg_params[2]);
2835
2836 target_free_working_area(target, erase_check_algorithm);
2837
2838 return ERROR_OK;
2839 }
2840
2841 COMMAND_HANDLER(handle_arm7_9_write_xpsr_command)
2842 {
2843 uint32_t value;
2844 int spsr;
2845 int retval;
2846 struct target *target = get_current_target(cmd_ctx);
2847 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2848
2849 if (!is_arm7_9(arm7_9))
2850 {
2851 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2852 return ERROR_TARGET_INVALID;
2853 }
2854
2855 if (target->state != TARGET_HALTED)
2856 {
2857 command_print(cmd_ctx, "can't write registers while running");
2858 return ERROR_FAIL;
2859 }
2860
2861 if (argc < 2)
2862 {
2863 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2864 return ERROR_FAIL;
2865 }
2866
2867 COMMAND_PARSE_NUMBER(u32, args[0], value);
2868 COMMAND_PARSE_NUMBER(int, args[1], spsr);
2869
2870 /* if we're writing the CPSR, mask the T bit */
2871 if (!spsr)
2872 value &= ~0x20;
2873
2874 arm7_9->write_xpsr(target, value, spsr);
2875 if ((retval = jtag_execute_queue()) != ERROR_OK)
2876 {
2877 LOG_ERROR("JTAG error while writing to xpsr");
2878 return retval;
2879 }
2880
2881 return ERROR_OK;
2882 }
2883
2884 COMMAND_HANDLER(handle_arm7_9_write_xpsr_im8_command)
2885 {
2886 uint32_t value;
2887 int rotate;
2888 int spsr;
2889 int retval;
2890 struct target *target = get_current_target(cmd_ctx);
2891 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2892
2893 if (!is_arm7_9(arm7_9))
2894 {
2895 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2896 return ERROR_TARGET_INVALID;
2897 }
2898
2899 if (target->state != TARGET_HALTED)
2900 {
2901 command_print(cmd_ctx, "can't write registers while running");
2902 return ERROR_FAIL;
2903 }
2904
2905 if (argc < 3)
2906 {
2907 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2908 return ERROR_FAIL;
2909 }
2910
2911 COMMAND_PARSE_NUMBER(u32, args[0], value);
2912 COMMAND_PARSE_NUMBER(int, args[1], rotate);
2913 COMMAND_PARSE_NUMBER(int, args[2], spsr);
2914
2915 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2916 if ((retval = jtag_execute_queue()) != ERROR_OK)
2917 {
2918 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2919 return retval;
2920 }
2921
2922 return ERROR_OK;
2923 }
2924
2925 COMMAND_HANDLER(handle_arm7_9_write_core_reg_command)
2926 {
2927 uint32_t value;
2928 uint32_t mode;
2929 int num;
2930 struct target *target = get_current_target(cmd_ctx);
2931 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2932
2933 if (!is_arm7_9(arm7_9))
2934 {
2935 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2936 return ERROR_TARGET_INVALID;
2937 }
2938
2939 if (target->state != TARGET_HALTED)
2940 {
2941 command_print(cmd_ctx, "can't write registers while running");
2942 return ERROR_FAIL;
2943 }
2944
2945 if (argc < 3)
2946 {
2947 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2948 return ERROR_FAIL;
2949 }
2950
2951 COMMAND_PARSE_NUMBER(int, args[0], num);
2952 COMMAND_PARSE_NUMBER(u32, args[1], mode);
2953 COMMAND_PARSE_NUMBER(u32, args[2], value);
2954
2955 return arm7_9_write_core_reg(target, num, mode, value);
2956 }
2957
2958 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2959 {
2960 struct target *target = get_current_target(cmd_ctx);
2961 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2962
2963 if (!is_arm7_9(arm7_9))
2964 {
2965 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2966 return ERROR_TARGET_INVALID;
2967 }
2968
2969 if (argc > 0)
2970 {
2971 if (strcmp("enable", args[0]) == 0)
2972 {
2973 arm7_9->use_dbgrq = 1;
2974 }
2975 else if (strcmp("disable", args[0]) == 0)
2976 {
2977 arm7_9->use_dbgrq = 0;
2978 }
2979 else
2980 {
2981 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
2982 }
2983 }
2984
2985 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2986
2987 return ERROR_OK;
2988 }
2989
2990 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2991 {
2992 struct target *target = get_current_target(cmd_ctx);
2993 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2994
2995 if (!is_arm7_9(arm7_9))
2996 {
2997 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2998 return ERROR_TARGET_INVALID;
2999 }
3000
3001 if (argc > 0)
3002 {
3003 if (strcmp("enable", args[0]) == 0)
3004 {
3005 arm7_9->fast_memory_access = 1;
3006 }
3007 else if (strcmp("disable", args[0]) == 0)
3008 {
3009 arm7_9->fast_memory_access = 0;
3010 }
3011 else
3012 {
3013 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3014 }
3015 }
3016
3017 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3018
3019 return ERROR_OK;
3020 }
3021
3022 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
3023 {
3024 struct target *target = get_current_target(cmd_ctx);
3025 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
3026
3027 if (!is_arm7_9(arm7_9))
3028 {
3029 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3030 return ERROR_TARGET_INVALID;
3031 }
3032
3033 if (argc > 0)
3034 {
3035 if (strcmp("enable", args[0]) == 0)
3036 {
3037 arm7_9->dcc_downloads = 1;
3038 }
3039 else if (strcmp("disable", args[0]) == 0)
3040 {
3041 arm7_9->dcc_downloads = 0;
3042 }
3043 else
3044 {
3045 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3046 }
3047 }
3048
3049 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3050
3051 return ERROR_OK;
3052 }
3053
3054 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
3055 {
3056 int retval = ERROR_OK;
3057 struct arm *armv4_5 = &arm7_9->armv4_5_common;
3058
3059 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3060
3061 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3062 return retval;
3063
3064 /* caller must have allocated via calloc(), so everything's zeroed */
3065
3066 arm7_9->wp_available_max = 2;
3067
3068 arm7_9->fast_memory_access = fast_and_dangerous;
3069 arm7_9->dcc_downloads = fast_and_dangerous;
3070
3071 armv4_5->arch_info = arm7_9;
3072 armv4_5->read_core_reg = arm7_9_read_core_reg;
3073 armv4_5->write_core_reg = arm7_9_write_core_reg;
3074 armv4_5->full_context = arm7_9_full_context;
3075
3076 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3077 return retval;
3078
3079 return target_register_timer_callback(arm7_9_handle_target_request,
3080 1, 1, target);
3081 }
3082
3083 int arm7_9_register_commands(struct command_context *cmd_ctx)
3084 {
3085 struct command *arm7_9_cmd;
3086
3087 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9",
3088 NULL, COMMAND_ANY, "arm7/9 specific commands");
3089
3090 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr",
3091 handle_arm7_9_write_xpsr_command, COMMAND_EXEC,
3092 "write program status register <value> <not cpsr | spsr>");
3093 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8",
3094 handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC,
3095 "write program status register "
3096 "<8bit immediate> <rotate> <not cpsr | spsr>");
3097
3098 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg",
3099 handle_arm7_9_write_core_reg_command, COMMAND_EXEC,
3100 "write core register <num> <mode> <value>");
3101
3102 register_command(cmd_ctx, arm7_9_cmd, "dbgrq",
3103 handle_arm7_9_dbgrq_command, COMMAND_ANY,
3104 "use EmbeddedICE dbgrq instead of breakpoint "
3105 "for target halt requests <enable | disable>");
3106 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access",
3107 handle_arm7_9_fast_memory_access_command, COMMAND_ANY,
3108 "use fast memory accesses instead of slower "
3109 "but potentially safer accesses <enable | disable>");
3110 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads",
3111 handle_arm7_9_dcc_downloads_command, COMMAND_ANY,
3112 "use DCC downloads for larger memory writes <enable | disable>");
3113
3114 armv4_5_register_commands(cmd_ctx);
3115
3116 etm_register_commands(cmd_ctx);
3117
3118 return ERROR_OK;
3119 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)