faeed0d24de157cd07df3e282a037b6808d0f4ae
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007-2010 √ėyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * Copyright (C) 2009 by David Brownell *
15 * *
16 * This program is free software; you can redistribute it and/or modify *
17 * it under the terms of the GNU General Public License as published by *
18 * the Free Software Foundation; either version 2 of the License, or *
19 * (at your option) any later version. *
20 * *
21 * This program is distributed in the hope that it will be useful, *
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24 * GNU General Public License for more details. *
25 * *
26 * You should have received a copy of the GNU General Public License *
27 * along with this program; if not, write to the *
28 * Free Software Foundation, Inc., *
29 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
30 ***************************************************************************/
31
32 #ifdef HAVE_CONFIG_H
33 #include "config.h"
34 #endif
35
36 #include "breakpoints.h"
37 #include "embeddedice.h"
38 #include "target_request.h"
39 #include "etm.h"
40 #include <helper/time_support.h>
41 #include "arm_simulator.h"
42 #include "arm_semihosting.h"
43 #include "algorithm.h"
44 #include "register.h"
45 #include "armv4_5.h"
46
47 /**
48 * @file
49 * Hold common code supporting the ARM7 and ARM9 core generations.
50 *
51 * While the ARM core implementations evolved substantially during these
52 * two generations, they look quite similar from the JTAG perspective.
53 * Both have similar debug facilities, based on the same two scan chains
54 * providing access to the core and to an EmbeddedICE module. Both can
55 * support similar ETM and ETB modules, for tracing. And both expose
56 * what could be viewed as "ARM Classic", with multiple processor modes,
57 * shadowed registers, and support for the Thumb instruction set.
58 *
59 * Processor differences include things like presence or absence of MMU
60 * and cache, pipeline sizes, use of a modified Harvard Architecure
61 * (with separate instruction and data busses from the CPU), support
62 * for cpu clock gating during idle, and more.
63 */
64
65 static int arm7_9_debug_entry(struct target *target);
66
67 /**
68 * Clear watchpoints for an ARM7/9 target.
69 *
70 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
71 * @return JTAG error status after executing queue
72 */
73 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
74 {
75 LOG_DEBUG("-");
76 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
77 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
78 arm7_9->sw_breakpoint_count = 0;
79 arm7_9->sw_breakpoints_added = 0;
80 arm7_9->wp0_used = 0;
81 arm7_9->wp1_used = arm7_9->wp1_used_default;
82 arm7_9->wp_available = arm7_9->wp_available_max;
83
84 return jtag_execute_queue();
85 }
86
87 /**
88 * Assign a watchpoint to one of the two available hardware comparators in an
89 * ARM7 or ARM9 target.
90 *
91 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
92 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
93 */
94 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
95 {
96 if (!arm7_9->wp0_used) {
97 arm7_9->wp0_used = 1;
98 breakpoint->set = 1;
99 arm7_9->wp_available--;
100 } else if (!arm7_9->wp1_used) {
101 arm7_9->wp1_used = 1;
102 breakpoint->set = 2;
103 arm7_9->wp_available--;
104 } else
105 LOG_ERROR("BUG: no hardware comparator available");
106 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
107 breakpoint->unique_id,
108 breakpoint->address,
109 breakpoint->set);
110 }
111
112 /**
113 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
114 *
115 * @param arm7_9 Pointer to common struct for ARM7/9 targets
116 * @return Error codes if there is a problem finding a watchpoint or the result
117 * of executing the JTAG queue
118 */
119 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
120 {
121 if (arm7_9->sw_breakpoints_added)
122 return ERROR_OK;
123 if (arm7_9->wp_available < 1) {
124 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
125 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
126 }
127 arm7_9->wp_available--;
128
129 /* pick a breakpoint unit */
130 if (!arm7_9->wp0_used) {
131 arm7_9->sw_breakpoints_added = 1;
132 arm7_9->wp0_used = 3;
133 } else if (!arm7_9->wp1_used) {
134 arm7_9->sw_breakpoints_added = 2;
135 arm7_9->wp1_used = 3;
136 } else {
137 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
138 return ERROR_FAIL;
139 }
140
141 if (arm7_9->sw_breakpoints_added == 1) {
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
146 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
147 } else if (arm7_9->sw_breakpoints_added == 2) {
148 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
153 } else {
154 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
155 return ERROR_FAIL;
156 }
157 LOG_DEBUG("SW BP using hw wp: %d",
158 arm7_9->sw_breakpoints_added);
159
160 return jtag_execute_queue();
161 }
162
163 /**
164 * Setup the common pieces for an ARM7/9 target after reset or on startup.
165 *
166 * @param target Pointer to an ARM7/9 target to setup
167 * @return Result of clearing the watchpoints on the target
168 */
169 static int arm7_9_setup(struct target *target)
170 {
171 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
172
173 return arm7_9_clear_watchpoints(arm7_9);
174 }
175
176 /**
177 * Set either a hardware or software breakpoint on an ARM7/9 target. The
178 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
179 * might have erased the values in Embedded ICE.
180 *
181 * @param target Pointer to the target device to set the breakpoints on
182 * @param breakpoint Pointer to the breakpoint to be set
183 * @return For hardware breakpoints, this is the result of executing the JTAG
184 * queue. For software breakpoints, this will be the status of the
185 * required memory reads and writes
186 */
187 static int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
188 {
189 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
190 int retval = ERROR_OK;
191
192 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d",
193 breakpoint->unique_id,
194 breakpoint->address,
195 breakpoint->type);
196
197 if (target->state != TARGET_HALTED) {
198 LOG_WARNING("target not halted");
199 return ERROR_TARGET_NOT_HALTED;
200 }
201
202 if (breakpoint->type == BKPT_HARD) {
203 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
204 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
205
206 /* reassign a hw breakpoint */
207 if (breakpoint->set == 0)
208 arm7_9_assign_wp(arm7_9, breakpoint);
209
210 if (breakpoint->set == 1) {
211 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
212 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
213 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
214 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
215 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
216 } else if (breakpoint->set == 2) {
217 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
218 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
219 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
220 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
221 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
222 } else {
223 LOG_ERROR("BUG: no hardware comparator available");
224 return ERROR_OK;
225 }
226
227 retval = jtag_execute_queue();
228 } else if (breakpoint->type == BKPT_SOFT) {
229 /* did we already set this breakpoint? */
230 if (breakpoint->set)
231 return ERROR_OK;
232
233 if (breakpoint->length == 4) {
234 uint32_t verify = 0xffffffff;
235 /* keep the original instruction in target endianness */
236 retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr);
237 if (retval != ERROR_OK)
238 return retval;
239 /* write the breakpoint instruction in target
240 * endianness (arm7_9->arm_bkpt is host endian) */
241 retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt);
242 if (retval != ERROR_OK)
243 return retval;
244
245 retval = target_read_u32(target, breakpoint->address, &verify);
246 if (retval != ERROR_OK)
247 return retval;
248 if (verify != arm7_9->arm_bkpt) {
249 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32
250 " - check that memory is read/writable", breakpoint->address);
251 return ERROR_OK;
252 }
253 } else {
254 uint16_t verify = 0xffff;
255 /* keep the original instruction in target endianness */
256 retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr);
257 if (retval != ERROR_OK)
258 return retval;
259 /* write the breakpoint instruction in target
260 * endianness (arm7_9->thumb_bkpt is host endian) */
261 retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt);
262 if (retval != ERROR_OK)
263 return retval;
264
265 retval = target_read_u16(target, breakpoint->address, &verify);
266 if (retval != ERROR_OK)
267 return retval;
268 if (verify != arm7_9->thumb_bkpt) {
269 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32
270 " - check that memory is read/writable", breakpoint->address);
271 return ERROR_OK;
272 }
273 }
274
275 retval = arm7_9_set_software_breakpoints(arm7_9);
276 if (retval != ERROR_OK)
277 return retval;
278
279 arm7_9->sw_breakpoint_count++;
280
281 breakpoint->set = 1;
282 }
283
284 return retval;
285 }
286
287 /**
288 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
289 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
290 * will be updated. Otherwise, the software breakpoint will be restored to its
291 * original instruction if it hasn't already been modified.
292 *
293 * @param target Pointer to ARM7/9 target to unset the breakpoint from
294 * @param breakpoint Pointer to breakpoint to be unset
295 * @return For hardware breakpoints, this is the result of executing the JTAG
296 * queue. For software breakpoints, this will be the status of the
297 * required memory reads and writes
298 */
299 static int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
300 {
301 int retval = ERROR_OK;
302 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
303
304 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
305 breakpoint->unique_id,
306 breakpoint->address);
307
308 if (!breakpoint->set) {
309 LOG_WARNING("breakpoint not set");
310 return ERROR_OK;
311 }
312
313 if (breakpoint->type == BKPT_HARD) {
314 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
315 breakpoint->unique_id,
316 breakpoint->set);
317 if (breakpoint->set == 1) {
318 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
319 arm7_9->wp0_used = 0;
320 arm7_9->wp_available++;
321 } else if (breakpoint->set == 2) {
322 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
323 arm7_9->wp1_used = 0;
324 arm7_9->wp_available++;
325 }
326 retval = jtag_execute_queue();
327 breakpoint->set = 0;
328 } else {
329 /* restore original instruction (kept in target endianness) */
330 if (breakpoint->length == 4) {
331 uint32_t current_instr;
332 /* check that user program as not modified breakpoint instruction */
333 retval = target_read_memory(target,
334 breakpoint->address, 4, 1, (uint8_t *)&current_instr);
335 if (retval != ERROR_OK)
336 return retval;
337 current_instr = target_buffer_get_u32(target, (uint8_t *)&current_instr);
338 if (current_instr == arm7_9->arm_bkpt) {
339 retval = target_write_memory(target,
340 breakpoint->address, 4, 1, breakpoint->orig_instr);
341 if (retval != ERROR_OK)
342 return retval;
343 }
344
345 } else {
346 uint16_t current_instr;
347 /* check that user program as not modified breakpoint instruction */
348 retval = target_read_memory(target,
349 breakpoint->address, 2, 1, (uint8_t *)&current_instr);
350 if (retval != ERROR_OK)
351 return retval;
352 current_instr = target_buffer_get_u16(target, (uint8_t *)&current_instr);
353 if (current_instr == arm7_9->thumb_bkpt)
354 retval = target_write_memory(target,
355 breakpoint->address, 2, 1, breakpoint->orig_instr);
356 if (retval != ERROR_OK)
357 return retval;
358
359 }
360
361 if (--arm7_9->sw_breakpoint_count == 0) {
362 /* We have removed the last sw breakpoint, clear the hw breakpoint we used
363 *to implement it */
364 if (arm7_9->sw_breakpoints_added == 1)
365 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[
366 EICE_W0_CONTROL_VALUE], 0);
367 else if (arm7_9->sw_breakpoints_added == 2)
368 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[
369 EICE_W1_CONTROL_VALUE], 0);
370 }
371
372 breakpoint->set = 0;
373 }
374
375 return retval;
376 }
377
378 /**
379 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
380 * dangling breakpoints and that the desired breakpoint can be added.
381 *
382 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
383 * @param breakpoint Pointer to the breakpoint to be added
384 * @return An error status if there is a problem adding the breakpoint or the
385 * result of setting the breakpoint
386 */
387 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
388 {
389 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
390
391 if (arm7_9->breakpoint_count == 0) {
392 /* make sure we don't have any dangling breakpoints. This is vital upon
393 * GDB connect/disconnect
394 */
395 arm7_9_clear_watchpoints(arm7_9);
396 }
397
398 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1)) {
399 LOG_INFO("no watchpoint unit available for hardware breakpoint");
400 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
401 }
402
403 if ((breakpoint->length != 2) && (breakpoint->length != 4)) {
404 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
405 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
406 }
407
408 if (breakpoint->type == BKPT_HARD)
409 arm7_9_assign_wp(arm7_9, breakpoint);
410
411 arm7_9->breakpoint_count++;
412
413 return arm7_9_set_breakpoint(target, breakpoint);
414 }
415
416 /**
417 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
418 * dangling breakpoints and updates available watchpoints if it is a hardware
419 * breakpoint.
420 *
421 * @param target Pointer to the target to have a breakpoint removed
422 * @param breakpoint Pointer to the breakpoint to be removed
423 * @return Error status if there was a problem unsetting the breakpoint or the
424 * watchpoints could not be cleared
425 */
426 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
427 {
428 int retval = ERROR_OK;
429 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
430
431 retval = arm7_9_unset_breakpoint(target, breakpoint);
432 if (retval != ERROR_OK)
433 return retval;
434
435 if (breakpoint->type == BKPT_HARD)
436 arm7_9->wp_available++;
437
438 arm7_9->breakpoint_count--;
439 if (arm7_9->breakpoint_count == 0) {
440 /* make sure we don't have any dangling breakpoints */
441 retval = arm7_9_clear_watchpoints(arm7_9);
442 if (retval != ERROR_OK)
443 return retval;
444 }
445
446 return ERROR_OK;
447 }
448
449 /**
450 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
451 * considered a bug to call this function when there are no available watchpoint
452 * units.
453 *
454 * @param target Pointer to an ARM7/9 target to set a watchpoint on
455 * @param watchpoint Pointer to the watchpoint to be set
456 * @return Error status if watchpoint set fails or the result of executing the
457 * JTAG queue
458 */
459 static int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
460 {
461 int retval = ERROR_OK;
462 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
463 int rw_mask = 1;
464 uint32_t mask;
465
466 mask = watchpoint->length - 1;
467
468 if (target->state != TARGET_HALTED) {
469 LOG_WARNING("target not halted");
470 return ERROR_TARGET_NOT_HALTED;
471 }
472
473 if (watchpoint->rw == WPT_ACCESS)
474 rw_mask = 0;
475 else
476 rw_mask = 1;
477
478 if (!arm7_9->wp0_used) {
479 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE],
480 watchpoint->address);
481 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
482 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK],
483 watchpoint->mask);
484 if (watchpoint->mask != 0xffffffffu)
485 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE],
486 watchpoint->value);
487 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
488 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
489 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
490 EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
491
492 retval = jtag_execute_queue();
493 if (retval != ERROR_OK)
494 return retval;
495 watchpoint->set = 1;
496 arm7_9->wp0_used = 2;
497 } else if (!arm7_9->wp1_used) {
498 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE],
499 watchpoint->address);
500 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
501 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK],
502 watchpoint->mask);
503 if (watchpoint->mask != 0xffffffffu)
504 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE],
505 watchpoint->value);
506 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
507 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
508 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE],
509 EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
510
511 retval = jtag_execute_queue();
512 if (retval != ERROR_OK)
513 return retval;
514 watchpoint->set = 2;
515 arm7_9->wp1_used = 2;
516 } else {
517 LOG_ERROR("BUG: no hardware comparator available");
518 return ERROR_OK;
519 }
520
521 return ERROR_OK;
522 }
523
524 /**
525 * Unset an existing watchpoint and clear the used watchpoint unit.
526 *
527 * @param target Pointer to the target to have the watchpoint removed
528 * @param watchpoint Pointer to the watchpoint to be removed
529 * @return Error status while trying to unset the watchpoint or the result of
530 * executing the JTAG queue
531 */
532 static int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
533 {
534 int retval = ERROR_OK;
535 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
536
537 if (target->state != TARGET_HALTED) {
538 LOG_WARNING("target not halted");
539 return ERROR_TARGET_NOT_HALTED;
540 }
541
542 if (!watchpoint->set) {
543 LOG_WARNING("breakpoint not set");
544 return ERROR_OK;
545 }
546
547 if (watchpoint->set == 1) {
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
549 retval = jtag_execute_queue();
550 if (retval != ERROR_OK)
551 return retval;
552 arm7_9->wp0_used = 0;
553 } else if (watchpoint->set == 2) {
554 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
555 retval = jtag_execute_queue();
556 if (retval != ERROR_OK)
557 return retval;
558 arm7_9->wp1_used = 0;
559 }
560 watchpoint->set = 0;
561
562 return ERROR_OK;
563 }
564
565 /**
566 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
567 * available, an error response is returned.
568 *
569 * @param target Pointer to the ARM7/9 target to add a watchpoint to
570 * @param watchpoint Pointer to the watchpoint to be added
571 * @return Error status while trying to add the watchpoint
572 */
573 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
574 {
575 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
576
577 if (arm7_9->wp_available < 1)
578 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
579
580 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
581 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
582
583 arm7_9->wp_available--;
584
585 return ERROR_OK;
586 }
587
588 /**
589 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
590 * the used watchpoint unit will be reopened.
591 *
592 * @param target Pointer to the target to remove a watchpoint from
593 * @param watchpoint Pointer to the watchpoint to be removed
594 * @return Result of trying to unset the watchpoint
595 */
596 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
597 {
598 int retval = ERROR_OK;
599 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
600
601 if (watchpoint->set) {
602 retval = arm7_9_unset_watchpoint(target, watchpoint);
603 if (retval != ERROR_OK)
604 return retval;
605 }
606
607 arm7_9->wp_available++;
608
609 return ERROR_OK;
610 }
611
612 /**
613 * Restarts the target by sending a RESTART instruction and moving the JTAG
614 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
615 * asserted by the processor.
616 *
617 * @param target Pointer to target to issue commands to
618 * @return Error status if there is a timeout or a problem while executing the
619 * JTAG queue
620 */
621 int arm7_9_execute_sys_speed(struct target *target)
622 {
623 int retval;
624 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
625 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
626 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
627
628 /* set RESTART instruction */
629 if (arm7_9->need_bypass_before_restart) {
630 arm7_9->need_bypass_before_restart = 0;
631 retval = arm_jtag_set_instr(jtag_info, 0xf, NULL, TAP_IDLE);
632 if (retval != ERROR_OK)
633 return retval;
634 }
635 retval = arm_jtag_set_instr(jtag_info, 0x4, NULL, TAP_IDLE);
636 if (retval != ERROR_OK)
637 return retval;
638
639 long long then = timeval_ms();
640 int timeout;
641 while (!(timeout = ((timeval_ms()-then) > 1000))) {
642 /* read debug status register */
643 embeddedice_read_reg(dbg_stat);
644 retval = jtag_execute_queue();
645 if (retval != ERROR_OK)
646 return retval;
647 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
648 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
649 break;
650 if (debug_level >= 3)
651 alive_sleep(100);
652 else
653 keep_alive();
654 }
655 if (timeout) {
656 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "",
657 buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
658 return ERROR_TARGET_TIMEOUT;
659 }
660
661 return ERROR_OK;
662 }
663
664 /**
665 * Restarts the target by sending a RESTART instruction and moving the JTAG
666 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
667 * waiting until they are.
668 *
669 * @param target Pointer to the target to issue commands to
670 * @return Always ERROR_OK
671 */
672 static int arm7_9_execute_fast_sys_speed(struct target *target)
673 {
674 static int set;
675 static uint8_t check_value[4], check_mask[4];
676
677 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
678 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
679 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
680 int retval;
681
682 /* set RESTART instruction */
683 if (arm7_9->need_bypass_before_restart) {
684 arm7_9->need_bypass_before_restart = 0;
685 retval = arm_jtag_set_instr(jtag_info, 0xf, NULL, TAP_IDLE);
686 if (retval != ERROR_OK)
687 return retval;
688 }
689 retval = arm_jtag_set_instr(jtag_info, 0x4, NULL, TAP_IDLE);
690 if (retval != ERROR_OK)
691 return retval;
692
693 if (!set) {
694 /* check for DBGACK and SYSCOMP set (others don't care) */
695
696 /* NB! These are constants that must be available until after next jtag_execute() and
697 * we evaluate the values upon first execution in lieu of setting up these constants
698 * during early setup.
699 * */
700 buf_set_u32(check_value, 0, 32, 0x9);
701 buf_set_u32(check_mask, 0, 32, 0x9);
702 set = 1;
703 }
704
705 /* read debug status register */
706 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
707
708 return ERROR_OK;
709 }
710
711 /**
712 * Get some data from the ARM7/9 target.
713 *
714 * @param target Pointer to the ARM7/9 target to read data from
715 * @param size The number of 32bit words to be read
716 * @param buffer Pointer to the buffer that will hold the data
717 * @return The result of receiving data from the Embedded ICE unit
718 */
719 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
720 {
721 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
722 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
723 uint32_t *data;
724 int retval = ERROR_OK;
725 uint32_t i;
726
727 data = malloc(size * (sizeof(uint32_t)));
728
729 retval = embeddedice_receive(jtag_info, data, size);
730
731 /* return the 32-bit ints in the 8-bit array */
732 for (i = 0; i < size; i++)
733 h_u32_to_le(buffer + (i * 4), data[i]);
734
735 free(data);
736
737 return retval;
738 }
739
740 /**
741 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
742 * target is running and the DCC control register has the W bit high, this will
743 * execute the request on the target.
744 *
745 * @param priv Void pointer expected to be a struct target pointer
746 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
747 * from the Embedded ICE unit
748 */
749 static int arm7_9_handle_target_request(void *priv)
750 {
751 int retval = ERROR_OK;
752 struct target *target = priv;
753 if (!target_was_examined(target))
754 return ERROR_OK;
755 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
756 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
757 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
758
759 if (!target->dbg_msg_enabled)
760 return ERROR_OK;
761
762 if (target->state == TARGET_RUNNING) {
763 /* read DCC control register */
764 embeddedice_read_reg(dcc_control);
765 retval = jtag_execute_queue();
766 if (retval != ERROR_OK)
767 return retval;
768
769 /* check W bit */
770 if (buf_get_u32(dcc_control->value, 1, 1) == 1) {
771 uint32_t request;
772
773 retval = embeddedice_receive(jtag_info, &request, 1);
774 if (retval != ERROR_OK)
775 return retval;
776 retval = target_request(target, request);
777 if (retval != ERROR_OK)
778 return retval;
779 }
780 }
781
782 return ERROR_OK;
783 }
784
785 /**
786 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
787 * is manipulated to the right halted state based on its current state. This is
788 * what happens:
789 *
790 * <table>
791 * <tr><th > State</th><th > Action</th></tr>
792 * <tr><td > TARGET_RUNNING | TARGET_RESET</td>
793 * <td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
794 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
795 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
796 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
797 * </table>
798 *
799 * If the target does not end up in the halted state, a warning is produced. If
800 * DBGACK is cleared, then the target is expected to either be running or
801 * running in debug.
802 *
803 * @param target Pointer to the ARM7/9 target to poll
804 * @return ERROR_OK or an error status if a command fails
805 */
806 int arm7_9_poll(struct target *target)
807 {
808 int retval;
809 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
810 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
811
812 /* read debug status register */
813 embeddedice_read_reg(dbg_stat);
814 retval = jtag_execute_queue();
815 if (retval != ERROR_OK)
816 return retval;
817
818 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)) {
819 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, *32));*/
820 if (target->state == TARGET_UNKNOWN) {
821 /* Starting OpenOCD with target in debug-halt */
822 target->state = TARGET_RUNNING;
823 LOG_DEBUG("DBGACK already set during server startup.");
824 }
825 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET)) {
826 target->state = TARGET_HALTED;
827
828 retval = arm7_9_debug_entry(target);
829 if (retval != ERROR_OK)
830 return retval;
831
832 if (arm_semihosting(target, &retval) != 0)
833 return retval;
834
835 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
836 if (retval != ERROR_OK)
837 return retval;
838 }
839 if (target->state == TARGET_DEBUG_RUNNING) {
840 target->state = TARGET_HALTED;
841 retval = arm7_9_debug_entry(target);
842 if (retval != ERROR_OK)
843 return retval;
844
845 retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
846 if (retval != ERROR_OK)
847 return retval;
848 }
849 if (target->state != TARGET_HALTED)
850 LOG_WARNING(
851 "DBGACK set, but the target did not end up in the halted state %d",
852 target->state);
853 } else {
854 if (target->state != TARGET_DEBUG_RUNNING)
855 target->state = TARGET_RUNNING;
856 }
857
858 return ERROR_OK;
859 }
860
861 /**
862 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
863 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
864 * affected) completely stop the JTAG clock while the core is held in reset
865 * (SRST). It isn't possible to program the halt condition once reset is
866 * asserted, hence a hook that allows the target to set up its reset-halt
867 * condition is setup prior to asserting reset.
868 *
869 * @param target Pointer to an ARM7/9 target to assert reset on
870 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
871 */
872 int arm7_9_assert_reset(struct target *target)
873 {
874 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
875 enum reset_types jtag_reset_config = jtag_get_reset_config();
876 bool use_event = false;
877
878 LOG_DEBUG("target->state: %s", target_state_name(target));
879
880 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
881 use_event = true;
882 else if (!(jtag_reset_config & RESET_HAS_SRST)) {
883 LOG_ERROR("%s: how to reset?", target_name(target));
884 return ERROR_FAIL;
885 }
886
887 /* At this point trst has been asserted/deasserted once. We would
888 * like to program EmbeddedICE while SRST is asserted, instead of
889 * depending on SRST to leave that module alone. However, many CPUs
890 * gate the JTAG clock while SRST is asserted; or JTAG may need
891 * clock stability guarantees (adaptive clocking might help).
892 *
893 * So we assume JTAG access during SRST is off the menu unless it's
894 * been specifically enabled.
895 */
896 bool srst_asserted = false;
897
898 if (!use_event && !(jtag_reset_config & RESET_SRST_PULLS_TRST)
899 && (jtag_reset_config & RESET_SRST_NO_GATING)) {
900 jtag_add_reset(0, 1);
901 srst_asserted = true;
902 }
903
904 if (target->reset_halt) {
905 /*
906 * For targets that don't support communication while SRST is
907 * asserted, we need to set up the reset vector catch first.
908 *
909 * When we use TRST+SRST and that's equivalent to a power-up
910 * reset, these settings may well be reset anyway; so setting
911 * them here won't matter.
912 */
913 if (arm7_9->has_vector_catch) {
914 /* program vector catch register to catch reset */
915 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
916
917 /* extra runtest added as issues were found with
918 * certain ARM9 cores (maybe more) - AT91SAM9260
919 * and STR9
920 */
921 jtag_add_runtest(1, TAP_IDLE);
922 } else {
923 /* program watchpoint unit to match on reset vector
924 * address
925 */
926 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
927 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
928 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
929 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
930 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
931 }
932 }
933
934 if (use_event)
935 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
936 else {
937 /* If we use SRST ... we'd like to issue just SRST, but the
938 * board or chip may be set up so we have to assert TRST as
939 * well. On some chips that combination is equivalent to a
940 * power-up reset, and generally clobbers EICE state.
941 */
942 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
943 jtag_add_reset(1, 1);
944 else if (!srst_asserted)
945 jtag_add_reset(0, 1);
946 jtag_add_sleep(50000);
947 }
948
949 target->state = TARGET_RESET;
950 register_cache_invalidate(arm7_9->arm.core_cache);
951
952 /* REVISIT why isn't standard debug entry logic sufficient?? */
953 if (target->reset_halt && (!(jtag_reset_config & RESET_SRST_PULLS_TRST) || use_event)) {
954 /* debug entry was prepared above */
955 target->debug_reason = DBG_REASON_DBGRQ;
956 }
957
958 return ERROR_OK;
959 }
960
961 /**
962 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
963 * and the target is being reset into a halt, a warning will be triggered
964 * because it is not possible to reset into a halted mode in this case. The
965 * target is halted using the target's functions.
966 *
967 * @param target Pointer to the target to have the reset deasserted
968 * @return ERROR_OK or an error from polling or halting the target
969 */
970 int arm7_9_deassert_reset(struct target *target)
971 {
972 int retval = ERROR_OK;
973 LOG_DEBUG("target->state: %s", target_state_name(target));
974
975 /* deassert reset lines */
976 jtag_add_reset(0, 0);
977
978 /* In case polling is disabled, we need to examine the
979 * target and poll here for this target to work correctly.
980 *
981 * Otherwise, e.g. halt will fail afterwards with bogus
982 * error messages as halt will believe that reset is
983 * still in effect.
984 */
985 retval = target_examine_one(target);
986 if (retval != ERROR_OK)
987 return retval;
988
989 retval = target_poll(target);
990 if (retval != ERROR_OK)
991 return retval;
992
993 enum reset_types jtag_reset_config = jtag_get_reset_config();
994 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0) {
995 LOG_WARNING(
996 "srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
997 retval = target_halt(target);
998 if (retval != ERROR_OK)
999 return retval;
1000 }
1001 return retval;
1002 }
1003
1004 /**
1005 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1006 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1007 * vector catch was used, it is restored. Otherwise, the control value is
1008 * restored and the watchpoint unit is restored if it was in use.
1009 *
1010 * @param target Pointer to the ARM7/9 target to have halt cleared
1011 * @return Always ERROR_OK
1012 */
1013 static int arm7_9_clear_halt(struct target *target)
1014 {
1015 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1016 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1017
1018 /* we used DBGRQ only if we didn't come out of reset */
1019 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq) {
1020 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1021 */
1022 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1023 embeddedice_store_reg(dbg_ctrl);
1024 } else {
1025 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch) {
1026 /* if we came out of reset, and vector catch is supported, we used
1027 * vector catch to enter debug state
1028 * restore the register in that case
1029 */
1030 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1031 } else {
1032 /* restore registers if watchpoint unit 0 was in use
1033 */
1034 if (arm7_9->wp0_used) {
1035 if (arm7_9->debug_entry_from_reset)
1036 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1037 EICE_W0_ADDR_VALUE]);
1038 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1039 EICE_W0_ADDR_MASK]);
1040 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1041 EICE_W0_DATA_MASK]);
1042 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[
1043 EICE_W0_CONTROL_MASK]);
1044 }
1045 /* control value always has to be restored, as it was either disabled,
1046 * or enabled with possibly different bits
1047 */
1048 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1049 }
1050 }
1051
1052 return ERROR_OK;
1053 }
1054
1055 /**
1056 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1057 * and then there is a wait until the processor shows the halt. This wait can
1058 * timeout and results in an error being returned. The software reset involves
1059 * clearing the halt, updating the debug control register, changing to ARM mode,
1060 * reset of the program counter, and reset of all of the registers.
1061 *
1062 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1063 * @return Error status if any of the commands fail, otherwise ERROR_OK
1064 */
1065 int arm7_9_soft_reset_halt(struct target *target)
1066 {
1067 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1068 struct arm *arm = &arm7_9->arm;
1069 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1070 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1071 int i;
1072 int retval;
1073
1074 /* FIX!!! replace some of this code with tcl commands
1075 *
1076 * halt # the halt command is synchronous
1077 * armv4_5 core_state arm
1078 *
1079 */
1080
1081 retval = target_halt(target);
1082 if (retval != ERROR_OK)
1083 return retval;
1084
1085 long long then = timeval_ms();
1086 int timeout;
1087 while (!(timeout = ((timeval_ms()-then) > 1000))) {
1088 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1089 break;
1090 embeddedice_read_reg(dbg_stat);
1091 retval = jtag_execute_queue();
1092 if (retval != ERROR_OK)
1093 return retval;
1094 if (debug_level >= 3)
1095 alive_sleep(100);
1096 else
1097 keep_alive();
1098 }
1099 if (timeout) {
1100 LOG_ERROR("Failed to halt CPU after 1 sec");
1101 return ERROR_TARGET_TIMEOUT;
1102 }
1103 target->state = TARGET_HALTED;
1104
1105 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1106 * ensure that DBGRQ is cleared
1107 */
1108 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1109 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1110 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1111 embeddedice_store_reg(dbg_ctrl);
1112
1113 retval = arm7_9_clear_halt(target);
1114 if (retval != ERROR_OK)
1115 return retval;
1116
1117 /* if the target is in Thumb state, change to ARM state */
1118 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1)) {
1119 uint32_t r0_thumb, pc_thumb;
1120 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1121 /* Entered debug from Thumb mode */
1122 arm->core_state = ARM_STATE_THUMB;
1123 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1124 }
1125
1126 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1127
1128 /* all register content is now invalid */
1129 register_cache_invalidate(arm->core_cache);
1130
1131 /* SVC, ARM state, IRQ and FIQ disabled */
1132 uint32_t cpsr;
1133
1134 cpsr = buf_get_u32(arm->cpsr->value, 0, 32);
1135 cpsr &= ~0xff;
1136 cpsr |= 0xd3;
1137 arm_set_cpsr(arm, cpsr);
1138 arm->cpsr->dirty = 1;
1139
1140 /* start fetching from 0x0 */
1141 buf_set_u32(arm->pc->value, 0, 32, 0x0);
1142 arm->pc->dirty = 1;
1143 arm->pc->valid = 1;
1144
1145 /* reset registers */
1146 for (i = 0; i <= 14; i++) {
1147 struct reg *r = arm_reg_current(arm, i);
1148
1149 buf_set_u32(r->value, 0, 32, 0xffffffff);
1150 r->dirty = 1;
1151 r->valid = 1;
1152 }
1153
1154 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1155 if (retval != ERROR_OK)
1156 return retval;
1157
1158 return ERROR_OK;
1159 }
1160
1161 /**
1162 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1163 * line or by programming a watchpoint to trigger on any address. It is
1164 * considered a bug to call this function while the target is in the
1165 * TARGET_RESET state.
1166 *
1167 * @param target Pointer to the ARM7/9 target to be halted
1168 * @return Always ERROR_OK
1169 */
1170 int arm7_9_halt(struct target *target)
1171 {
1172 if (target->state == TARGET_RESET) {
1173 LOG_ERROR(
1174 "BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1175 return ERROR_OK;
1176 }
1177
1178 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1179 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1180
1181 LOG_DEBUG("target->state: %s",
1182 target_state_name(target));
1183
1184 if (target->state == TARGET_HALTED) {
1185 LOG_DEBUG("target was already halted");
1186 return ERROR_OK;
1187 }
1188
1189 if (target->state == TARGET_UNKNOWN)
1190 LOG_WARNING("target was in unknown state when halt was requested");
1191
1192 if (arm7_9->use_dbgrq) {
1193 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1194 */
1195 if (arm7_9->set_special_dbgrq)
1196 arm7_9->set_special_dbgrq(target);
1197 else {
1198 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1199 embeddedice_store_reg(dbg_ctrl);
1200 }
1201 } else {
1202 /* program watchpoint unit to match on any address
1203 */
1204 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1205 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1206 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
1207 EICE_W_CTRL_ENABLE);
1208 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
1209 ~EICE_W_CTRL_nOPC & 0xff);
1210 }
1211
1212 target->debug_reason = DBG_REASON_DBGRQ;
1213
1214 return ERROR_OK;
1215 }
1216
1217 /**
1218 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1219 * ARM. The JTAG queue is then executed and the reason for debug entry is
1220 * examined. Once done, the target is verified to be halted and the processor
1221 * is forced into ARM mode. The core registers are saved for the current core
1222 * mode and the program counter (register 15) is updated as needed. The core
1223 * registers and CPSR and SPSR are saved for restoration later.
1224 *
1225 * @param target Pointer to target that is entering debug mode
1226 * @return Error code if anything fails, otherwise ERROR_OK
1227 */
1228 static int arm7_9_debug_entry(struct target *target)
1229 {
1230 int i;
1231 uint32_t context[16];
1232 uint32_t *context_p[16];
1233 uint32_t r0_thumb, pc_thumb;
1234 uint32_t cpsr, cpsr_mask = 0;
1235 int retval;
1236 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1237 struct arm *arm = &arm7_9->arm;
1238 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1239 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1240
1241 #ifdef _DEBUG_ARM7_9_
1242 LOG_DEBUG("-");
1243 #endif
1244
1245 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1246 * ensure that DBGRQ is cleared
1247 */
1248 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1249 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1250 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1251 embeddedice_store_reg(dbg_ctrl);
1252
1253 retval = arm7_9_clear_halt(target);
1254 if (retval != ERROR_OK)
1255 return retval;
1256
1257 retval = jtag_execute_queue();
1258 if (retval != ERROR_OK)
1259 return retval;
1260
1261 retval = arm7_9->examine_debug_reason(target);
1262 if (retval != ERROR_OK)
1263 return retval;
1264
1265 if (target->state != TARGET_HALTED) {
1266 LOG_WARNING("target not halted");
1267 return ERROR_TARGET_NOT_HALTED;
1268 }
1269
1270 /* if the target is in Thumb state, change to ARM state */
1271 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1)) {
1272 LOG_DEBUG("target entered debug from Thumb state");
1273 /* Entered debug from Thumb mode */
1274 arm->core_state = ARM_STATE_THUMB;
1275 cpsr_mask = 1 << 5;
1276 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1277 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1278 ", pc_thumb: 0x%8.8" PRIx32, r0_thumb, pc_thumb);
1279 } else if (buf_get_u32(dbg_stat->value, 5, 1)) {
1280 /* \todo Get some vaguely correct handling of Jazelle, if
1281 * anyone ever uses it and full info becomes available.
1282 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1283 * B.7.3 for the reverse. That'd be the bare minimum...
1284 */
1285 LOG_DEBUG("target entered debug from Jazelle state");
1286 arm->core_state = ARM_STATE_JAZELLE;
1287 cpsr_mask = 1 << 24;
1288 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1289 } else {
1290 LOG_DEBUG("target entered debug from ARM state");
1291 /* Entered debug from ARM mode */
1292 arm->core_state = ARM_STATE_ARM;
1293 }
1294
1295 for (i = 0; i < 16; i++)
1296 context_p[i] = &context[i];
1297 /* save core registers (r0 - r15 of current core mode) */
1298 arm7_9->read_core_regs(target, 0xffff, context_p);
1299
1300 arm7_9->read_xpsr(target, &cpsr, 0);
1301
1302 retval = jtag_execute_queue();
1303 if (retval != ERROR_OK)
1304 return retval;
1305
1306 /* Sync our CPSR copy with J or T bits EICE reported, but
1307 * which we then erased by putting the core into ARM mode.
1308 */
1309 arm_set_cpsr(arm, cpsr | cpsr_mask);
1310
1311 if (!is_arm_mode(arm->core_mode)) {
1312 target->state = TARGET_UNKNOWN;
1313 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1314 return ERROR_TARGET_FAILURE;
1315 }
1316
1317 LOG_DEBUG("target entered debug state in %s mode",
1318 arm_mode_name(arm->core_mode));
1319
1320 if (arm->core_state == ARM_STATE_THUMB) {
1321 LOG_DEBUG("thumb state, applying fixups");
1322 context[0] = r0_thumb;
1323 context[15] = pc_thumb;
1324 } else if (arm->core_state == ARM_STATE_ARM) {
1325 /* adjust value stored by STM */
1326 context[15] -= 3 * 4;
1327 }
1328
1329 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1330 context[15] -= 3 * ((arm->core_state == ARM_STATE_ARM) ? 4 : 2);
1331 else
1332 context[15] -= arm7_9->dbgreq_adjust_pc *
1333 ((arm->core_state == ARM_STATE_ARM) ? 4 : 2);
1334
1335 for (i = 0; i <= 15; i++) {
1336 struct reg *r = arm_reg_current(arm, i);
1337
1338 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1339
1340 buf_set_u32(r->value, 0, 32, context[i]);
1341 /* r0 and r15 (pc) have to be restored later */
1342 r->dirty = (i == 0) || (i == 15);
1343 r->valid = 1;
1344 }
1345
1346 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1347
1348 /* exceptions other than USR & SYS have a saved program status register */
1349 if (arm->spsr) {
1350 uint32_t spsr;
1351 arm7_9->read_xpsr(target, &spsr, 1);
1352 retval = jtag_execute_queue();
1353 if (retval != ERROR_OK)
1354 return retval;
1355 buf_set_u32(arm->spsr->value, 0, 32, spsr);
1356 arm->spsr->dirty = 0;
1357 arm->spsr->valid = 1;
1358 }
1359
1360 retval = jtag_execute_queue();
1361 if (retval != ERROR_OK)
1362 return retval;
1363
1364 if (arm7_9->post_debug_entry) {
1365 retval = arm7_9->post_debug_entry(target);
1366 if (retval != ERROR_OK)
1367 return retval;
1368 }
1369
1370 return ERROR_OK;
1371 }
1372
1373 /**
1374 * Validate the full context for an ARM7/9 target in all processor modes. If
1375 * there are any invalid registers for the target, they will all be read. This
1376 * includes the PSR.
1377 *
1378 * @param target Pointer to the ARM7/9 target to capture the full context from
1379 * @return Error if the target is not halted, has an invalid core mode, or if
1380 * the JTAG queue fails to execute
1381 */
1382 static int arm7_9_full_context(struct target *target)
1383 {
1384 int i;
1385 int retval;
1386 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1387 struct arm *arm = &arm7_9->arm;
1388
1389 LOG_DEBUG("-");
1390
1391 if (target->state != TARGET_HALTED) {
1392 LOG_WARNING("target not halted");
1393 return ERROR_TARGET_NOT_HALTED;
1394 }
1395
1396 if (!is_arm_mode(arm->core_mode)) {
1397 LOG_ERROR("not a valid arm core mode - communication failure?");
1398 return ERROR_FAIL;
1399 }
1400
1401 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1402 * SYS shares registers with User, so we don't touch SYS
1403 */
1404 for (i = 0; i < 6; i++) {
1405 uint32_t mask = 0;
1406 uint32_t *reg_p[16];
1407 int j;
1408 int valid = 1;
1409
1410 /* check if there are invalid registers in the current mode
1411 */
1412 for (j = 0; j <= 16; j++) {
1413 if (ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1414 valid = 0;
1415 }
1416
1417 if (!valid) {
1418 uint32_t tmp_cpsr;
1419
1420 /* change processor mode (and mask T bit) */
1421 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8)
1422 & 0xe0;
1423 tmp_cpsr |= armv4_5_number_to_mode(i);
1424 tmp_cpsr &= ~0x20;
1425 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1426
1427 for (j = 0; j < 15; j++) {
1428 if (ARMV4_5_CORE_REG_MODE(arm->core_cache,
1429 armv4_5_number_to_mode(i), j).valid == 0) {
1430 reg_p[j] = (uint32_t *)ARMV4_5_CORE_REG_MODE(
1431 arm->core_cache,
1432 armv4_5_number_to_mode(i),
1433 j).value;
1434 mask |= 1 << j;
1435 ARMV4_5_CORE_REG_MODE(arm->core_cache,
1436 armv4_5_number_to_mode(i),
1437 j).valid = 1;
1438 ARMV4_5_CORE_REG_MODE(arm->core_cache,
1439 armv4_5_number_to_mode(i),
1440 j).dirty = 0;
1441 }
1442 }
1443
1444 /* if only the PSR is invalid, mask is all zeroes */
1445 if (mask)
1446 arm7_9->read_core_regs(target, mask, reg_p);
1447
1448 /* check if the PSR has to be read */
1449 if (ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1450 16).valid == 0) {
1451 arm7_9->read_xpsr(target,
1452 (uint32_t *)ARMV4_5_CORE_REG_MODE(arm->core_cache,
1453 armv4_5_number_to_mode(i), 16).value, 1);
1454 ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1455 16).valid = 1;
1456 ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i),
1457 16).dirty = 0;
1458 }
1459 }
1460 }
1461
1462 /* restore processor mode (mask T bit) */
1463 arm7_9->write_xpsr_im8(target,
1464 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
1465
1466 retval = jtag_execute_queue();
1467 if (retval != ERROR_OK)
1468 return retval;
1469 return ERROR_OK;
1470 }
1471
1472 /**
1473 * Restore the processor context on an ARM7/9 target. The full processor
1474 * context is analyzed to see if any of the registers are dirty on this end, but
1475 * have a valid new value. If this is the case, the processor is changed to the
1476 * appropriate mode and the new register values are written out to the
1477 * processor. If there happens to be a dirty register with an invalid value, an
1478 * error will be logged.
1479 *
1480 * @param target Pointer to the ARM7/9 target to have its context restored
1481 * @return Error status if the target is not halted or the core mode in the
1482 * armv4_5 struct is invalid.
1483 */
1484 static int arm7_9_restore_context(struct target *target)
1485 {
1486 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1487 struct arm *arm = &arm7_9->arm;
1488 struct reg *reg;
1489 enum arm_mode current_mode = arm->core_mode;
1490 int i, j;
1491 int dirty;
1492 int mode_change;
1493
1494 LOG_DEBUG("-");
1495
1496 if (target->state != TARGET_HALTED) {
1497 LOG_WARNING("target not halted");
1498 return ERROR_TARGET_NOT_HALTED;
1499 }
1500
1501 if (arm7_9->pre_restore_context)
1502 arm7_9->pre_restore_context(target);
1503
1504 if (!is_arm_mode(arm->core_mode)) {
1505 LOG_ERROR("not a valid arm core mode - communication failure?");
1506 return ERROR_FAIL;
1507 }
1508
1509 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1510 * SYS shares registers with User, so we don't touch SYS
1511 */
1512 for (i = 0; i < 6; i++) {
1513 LOG_DEBUG("examining %s mode",
1514 arm_mode_name(arm->core_mode));
1515 dirty = 0;
1516 mode_change = 0;
1517 /* check if there are dirty registers in the current mode
1518 */
1519 for (j = 0; j <= 16; j++) {
1520 reg = &ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(i), j);
1521 if (reg->dirty == 1) {
1522 if (reg->valid == 1) {
1523 dirty = 1;
1524 LOG_DEBUG("examining dirty reg: %s", reg->name);
1525 struct arm_reg *reg_arch_info;
1526 reg_arch_info = reg->arch_info;
1527 if ((reg_arch_info->mode != ARM_MODE_ANY)
1528 && (reg_arch_info->mode != current_mode)
1529 && !((reg_arch_info->mode == ARM_MODE_USR)
1530 && (arm->core_mode == ARM_MODE_SYS))
1531 && !((reg_arch_info->mode == ARM_MODE_SYS)
1532 && (arm->core_mode == ARM_MODE_USR))) {
1533 mode_change = 1;
1534 LOG_DEBUG("require mode change");
1535 }
1536 } else
1537 LOG_ERROR("BUG: dirty register '%s', but no valid data",
1538 reg->name);
1539 }
1540 }
1541
1542 if (dirty) {
1543 uint32_t mask = 0x0;
1544 int num_regs = 0;
1545 uint32_t regs[16];
1546
1547 if (mode_change) {
1548 uint32_t tmp_cpsr;
1549
1550 /* change processor mode (mask T bit) */
1551 tmp_cpsr = buf_get_u32(arm->cpsr->value,
1552 0, 8) & 0xe0;
1553 tmp_cpsr |= armv4_5_number_to_mode(i);
1554 tmp_cpsr &= ~0x20;
1555 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1556 current_mode = armv4_5_number_to_mode(i);
1557 }
1558
1559 for (j = 0; j <= 14; j++) {
1560 reg = &ARMV4_5_CORE_REG_MODE(arm->core_cache,
1561 armv4_5_number_to_mode(i),
1562 j);
1563
1564 if (reg->dirty == 1) {
1565 regs[j] = buf_get_u32(reg->value, 0, 32);
1566 mask |= 1 << j;
1567 num_regs++;
1568 reg->dirty = 0;
1569 reg->valid = 1;
1570 LOG_DEBUG("writing register %i mode %s "
1571 "with value 0x%8.8" PRIx32, j,
1572 arm_mode_name(arm->core_mode),
1573 regs[j]);
1574 }
1575 }
1576
1577 if (mask)
1578 arm7_9->write_core_regs(target, mask, regs);
1579
1580 reg =
1581 &ARMV4_5_CORE_REG_MODE(arm->core_cache, armv4_5_number_to_mode(
1582 i), 16);
1583 struct arm_reg *reg_arch_info;
1584 reg_arch_info = reg->arch_info;
1585 if ((reg->dirty) && (reg_arch_info->mode != ARM_MODE_ANY)) {
1586 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "",
1587 i,
1588 buf_get_u32(reg->value, 0, 32));
1589 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1590 }
1591 }
1592 }
1593
1594 if (!arm->cpsr->dirty && (arm->core_mode != current_mode)) {
1595 /* restore processor mode (mask T bit) */
1596 uint32_t tmp_cpsr;
1597
1598 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
1599 tmp_cpsr |= armv4_5_number_to_mode(i);
1600 tmp_cpsr &= ~0x20;
1601 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1602 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1603
1604 } else if (arm->cpsr->dirty) {
1605 /* CPSR has been changed, full restore necessary (mask T bit) */
1606 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32,
1607 buf_get_u32(arm->cpsr->value, 0, 32));
1608 arm7_9->write_xpsr(target,
1609 buf_get_u32(arm->cpsr->value, 0, 32)
1610 & ~0x20, 0);
1611 arm->cpsr->dirty = 0;
1612 arm->cpsr->valid = 1;
1613 }
1614
1615 /* restore PC */
1616 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32,
1617 buf_get_u32(arm->pc->value, 0, 32));
1618 arm7_9->write_pc(target, buf_get_u32(arm->pc->value, 0, 32));
1619 arm->pc->dirty = 0;
1620
1621 return ERROR_OK;
1622 }
1623
1624 /**
1625 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1626 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1627 * restart.
1628 *
1629 * @param target Pointer to the ARM7/9 target to be restarted
1630 * @return Result of executing the JTAG queue
1631 */
1632 static int arm7_9_restart_core(struct target *target)
1633 {
1634 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1635 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1636 int retval;
1637
1638 /* set RESTART instruction */
1639 if (arm7_9->need_bypass_before_restart) {
1640 arm7_9->need_bypass_before_restart = 0;
1641
1642 retval = arm_jtag_set_instr(jtag_info, 0xf, NULL, TAP_IDLE);
1643 if (retval != ERROR_OK)
1644 return retval;
1645 }
1646 retval = arm_jtag_set_instr(jtag_info, 0x4, NULL, TAP_IDLE);
1647 if (retval != ERROR_OK)
1648 return retval;
1649
1650 jtag_add_runtest(1, TAP_IDLE);
1651 return jtag_execute_queue();
1652 }
1653
1654 /**
1655 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1656 * iterated through and are set on the target if they aren't already set.
1657 *
1658 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1659 */
1660 static void arm7_9_enable_watchpoints(struct target *target)
1661 {
1662 struct watchpoint *watchpoint = target->watchpoints;
1663
1664 while (watchpoint) {
1665 if (watchpoint->set == 0)
1666 arm7_9_set_watchpoint(target, watchpoint);
1667 watchpoint = watchpoint->next;
1668 }
1669 }
1670
1671 /**
1672 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1673 * iterated through and are set on the target.
1674 *
1675 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1676 */
1677 static void arm7_9_enable_breakpoints(struct target *target)
1678 {
1679 struct breakpoint *breakpoint = target->breakpoints;
1680
1681 /* set any pending breakpoints */
1682 while (breakpoint) {
1683 arm7_9_set_breakpoint(target, breakpoint);
1684 breakpoint = breakpoint->next;
1685 }
1686 }
1687
1688 int arm7_9_resume(struct target *target,
1689 int current,
1690 uint32_t address,
1691 int handle_breakpoints,
1692 int debug_execution)
1693 {
1694 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1695 struct arm *arm = &arm7_9->arm;
1696 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1697 int err, retval = ERROR_OK;
1698
1699 LOG_DEBUG("-");
1700
1701 if (target->state != TARGET_HALTED) {
1702 LOG_WARNING("target not halted");
1703 return ERROR_TARGET_NOT_HALTED;
1704 }
1705
1706 if (!debug_execution)
1707 target_free_all_working_areas(target);
1708
1709 /* current = 1: continue on current pc, otherwise continue at <address> */
1710 if (!current)
1711 buf_set_u32(arm->pc->value, 0, 32, address);
1712
1713 uint32_t current_pc;
1714 current_pc = buf_get_u32(arm->pc->value, 0, 32);
1715
1716 /* the front-end may request us not to handle breakpoints */
1717 if (handle_breakpoints) {
1718 struct breakpoint *breakpoint;
1719 breakpoint = breakpoint_find(target,
1720 buf_get_u32(arm->pc->value, 0, 32));
1721 if (breakpoint != NULL) {
1722 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)",
1723 breakpoint->address,
1724 breakpoint->unique_id);
1725 retval = arm7_9_unset_breakpoint(target, breakpoint);
1726 if (retval != ERROR_OK)
1727 return retval;
1728
1729 /* calculate PC of next instruction */
1730 uint32_t next_pc;
1731 retval = arm_simulate_step(target, &next_pc);
1732 if (retval != ERROR_OK) {
1733 uint32_t current_opcode;
1734 target_read_u32(target, current_pc, &current_opcode);
1735 LOG_ERROR(
1736 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "",
1737 current_opcode);
1738 return retval;
1739 }
1740
1741 LOG_DEBUG("enable single-step");
1742 arm7_9->enable_single_step(target, next_pc);
1743
1744 target->debug_reason = DBG_REASON_SINGLESTEP;
1745
1746 retval = arm7_9_restore_context(target);
1747 if (retval != ERROR_OK)
1748 return retval;
1749
1750 if (arm->core_state == ARM_STATE_ARM)
1751 arm7_9->branch_resume(target);
1752 else if (arm->core_state == ARM_STATE_THUMB)
1753 arm7_9->branch_resume_thumb(target);
1754 else {
1755 LOG_ERROR("unhandled core state");
1756 return ERROR_FAIL;
1757 }
1758
1759 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1760 embeddedice_write_reg(dbg_ctrl,
1761 buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1762 err = arm7_9_execute_sys_speed(target);
1763
1764 LOG_DEBUG("disable single-step");
1765 arm7_9->disable_single_step(target);
1766
1767 if (err != ERROR_OK) {
1768 retval = arm7_9_set_breakpoint(target, breakpoint);
1769 if (retval != ERROR_OK)
1770 return retval;
1771 target->state = TARGET_UNKNOWN;
1772 return err;
1773 }
1774
1775 retval = arm7_9_debug_entry(target);
1776 if (retval != ERROR_OK)
1777 return retval;
1778 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32,
1779 buf_get_u32(arm->pc->value, 0, 32));
1780
1781 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1782 retval = arm7_9_set_breakpoint(target, breakpoint);
1783 if (retval != ERROR_OK)
1784 return retval;
1785 }
1786 }
1787
1788 /* enable any pending breakpoints and watchpoints */
1789 arm7_9_enable_breakpoints(target);
1790 arm7_9_enable_watchpoints(target);
1791
1792 retval = arm7_9_restore_context(target);
1793 if (retval != ERROR_OK)
1794 return retval;
1795
1796 if (arm->core_state == ARM_STATE_ARM)
1797 arm7_9->branch_resume(target);
1798 else if (arm->core_state == ARM_STATE_THUMB)
1799 arm7_9->branch_resume_thumb(target);
1800 else {
1801 LOG_ERROR("unhandled core state");
1802 return ERROR_FAIL;
1803 }
1804
1805 /* deassert DBGACK and INTDIS */
1806 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1807 /* INTDIS only when we really resume, not during debug execution */
1808 if (!debug_execution)
1809 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1810 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1811
1812 retval = arm7_9_restart_core(target);
1813 if (retval != ERROR_OK)
1814 return retval;
1815
1816 target->debug_reason = DBG_REASON_NOTHALTED;
1817
1818 if (!debug_execution) {
1819 /* registers are now invalid */
1820 register_cache_invalidate(arm->core_cache);
1821 target->state = TARGET_RUNNING;
1822 retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1823 if (retval != ERROR_OK)
1824 return retval;
1825 } else {
1826 target->state = TARGET_DEBUG_RUNNING;
1827 retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1828 if (retval != ERROR_OK)
1829 return retval;
1830 }
1831
1832 LOG_DEBUG("target resumed");
1833
1834 return ERROR_OK;
1835 }
1836
1837 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1838 {
1839 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1840 struct arm *arm = &arm7_9->arm;
1841 uint32_t current_pc;
1842 current_pc = buf_get_u32(arm->pc->value, 0, 32);
1843
1844 if (next_pc != current_pc) {
1845 /* setup an inverse breakpoint on the current PC
1846 * - comparator 1 matches the current address
1847 * - rangeout from comparator 1 is connected to comparator 0 rangein
1848 * - comparator 0 matches any address, as long as rangein is low */
1849 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1850 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1851 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE],
1852 EICE_W_CTRL_ENABLE);
1853 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK],
1854 ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1855 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE],
1856 current_pc);
1857 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1858 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1859 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1860 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
1861 ~EICE_W_CTRL_nOPC & 0xff);
1862 } else {
1863 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1864 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1865 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1866 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1867 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1868 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1869 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1870 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE],
1871 EICE_W_CTRL_ENABLE);
1872 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK],
1873 ~EICE_W_CTRL_nOPC & 0xff);
1874 }
1875 }
1876
1877 void arm7_9_disable_eice_step(struct target *target)
1878 {
1879 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1880
1881 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1882 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1883 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1884 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1885 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1886 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1887 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1888 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1889 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1890 }
1891
1892 int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
1893 {
1894 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1895 struct arm *arm = &arm7_9->arm;
1896 struct breakpoint *breakpoint = NULL;
1897 int err, retval;
1898
1899 if (target->state != TARGET_HALTED) {
1900 LOG_WARNING("target not halted");
1901 return ERROR_TARGET_NOT_HALTED;
1902 }
1903
1904 /* current = 1: continue on current pc, otherwise continue at <address> */
1905 if (!current)
1906 buf_set_u32(arm->pc->value, 0, 32, address);
1907
1908 uint32_t current_pc = buf_get_u32(arm->pc->value, 0, 32);
1909
1910 /* the front-end may request us not to handle breakpoints */
1911 if (handle_breakpoints)
1912 breakpoint = breakpoint_find(target, current_pc);
1913 if (breakpoint != NULL) {
1914 retval = arm7_9_unset_breakpoint(target, breakpoint);
1915 if (retval != ERROR_OK)
1916 return retval;
1917 }
1918
1919 target->debug_reason = DBG_REASON_SINGLESTEP;
1920
1921 /* calculate PC of next instruction */
1922 uint32_t next_pc;
1923 retval = arm_simulate_step(target, &next_pc);
1924 if (retval != ERROR_OK) {
1925 uint32_t current_opcode;
1926 target_read_u32(target, current_pc, &current_opcode);
1927 LOG_ERROR(
1928 "Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "",
1929 current_opcode);
1930 return retval;
1931 }
1932
1933 retval = arm7_9_restore_context(target);
1934 if (retval != ERROR_OK)
1935 return retval;
1936
1937 arm7_9->enable_single_step(target, next_pc);
1938
1939 if (arm->core_state == ARM_STATE_ARM)
1940 arm7_9->branch_resume(target);
1941 else if (arm->core_state == ARM_STATE_THUMB)
1942 arm7_9->branch_resume_thumb(target);
1943 else {
1944 LOG_ERROR("unhandled core state");
1945 return ERROR_FAIL;
1946 }
1947
1948 retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1949 if (retval != ERROR_OK)
1950 return retval;
1951
1952 err = arm7_9_execute_sys_speed(target);
1953 arm7_9->disable_single_step(target);
1954
1955 /* registers are now invalid */
1956 register_cache_invalidate(arm->core_cache);
1957
1958 if (err != ERROR_OK)
1959 target->state = TARGET_UNKNOWN;
1960 else {
1961 retval = arm7_9_debug_entry(target);
1962 if (retval != ERROR_OK)
1963 return retval;
1964 retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED);
1965 if (retval != ERROR_OK)
1966 return retval;
1967 LOG_DEBUG("target stepped");
1968 }
1969
1970 if (breakpoint) {
1971 retval = arm7_9_set_breakpoint(target, breakpoint);
1972 if (retval != ERROR_OK)
1973 return retval;
1974 }
1975
1976 return err;
1977 }
1978
1979 static int arm7_9_read_core_reg(struct target *target, struct reg *r,
1980 int num, enum arm_mode mode)
1981 {
1982 uint32_t *reg_p[16];
1983 int retval;
1984 struct arm_reg *areg = r->arch_info;
1985 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1986 struct arm *arm = &arm7_9->arm;
1987
1988 if (!is_arm_mode(arm->core_mode))
1989 return ERROR_FAIL;
1990 if ((num < 0) || (num > 16))
1991 return ERROR_COMMAND_SYNTAX_ERROR;
1992
1993 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
1994 && (areg->mode != ARM_MODE_ANY)) {
1995 uint32_t tmp_cpsr;
1996
1997 /* change processor mode (mask T bit) */
1998 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
1999 tmp_cpsr |= mode;
2000 tmp_cpsr &= ~0x20;
2001 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2002 }
2003
2004 uint32_t value = 0;
2005 if ((num >= 0) && (num <= 15)) {
2006 /* read a normal core register */
2007 reg_p[num] = &value;
2008
2009 arm7_9->read_core_regs(target, 1 << num, reg_p);
2010 } else {
2011 /* read a program status register
2012 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2013 */
2014 arm7_9->read_xpsr(target, &value, areg->mode != ARM_MODE_ANY);
2015 }
2016
2017 retval = jtag_execute_queue();
2018 if (retval != ERROR_OK)
2019 return retval;
2020
2021 r->valid = 1;
2022 r->dirty = 0;
2023 buf_set_u32(r->value, 0, 32, value);
2024
2025 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2026 && (areg->mode != ARM_MODE_ANY)) {
2027 /* restore processor mode (mask T bit) */
2028 arm7_9->write_xpsr_im8(target,
2029 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
2030 }
2031
2032 return ERROR_OK;
2033 }
2034
2035 static int arm7_9_write_core_reg(struct target *target, struct reg *r,
2036 int num, enum arm_mode mode, uint32_t value)
2037 {
2038 uint32_t reg[16];
2039 struct arm_reg *areg = r->arch_info;
2040 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2041 struct arm *arm = &arm7_9->arm;
2042
2043 if (!is_arm_mode(arm->core_mode))
2044 return ERROR_FAIL;
2045 if ((num < 0) || (num > 16))
2046 return ERROR_COMMAND_SYNTAX_ERROR;
2047
2048 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2049 && (areg->mode != ARM_MODE_ANY)) {
2050 uint32_t tmp_cpsr;
2051
2052 /* change processor mode (mask T bit) */
2053 tmp_cpsr = buf_get_u32(arm->cpsr->value, 0, 8) & 0xE0;
2054 tmp_cpsr |= mode;
2055 tmp_cpsr &= ~0x20;
2056 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2057 }
2058
2059 if ((num >= 0) && (num <= 15)) {
2060 /* write a normal core register */
2061 reg[num] = value;
2062
2063 arm7_9->write_core_regs(target, 1 << num, reg);
2064 } else {
2065 /* write a program status register
2066 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2067 */
2068 int spsr = (areg->mode != ARM_MODE_ANY);
2069
2070 /* if we're writing the CPSR, mask the T bit */
2071 if (!spsr)
2072 value &= ~0x20;
2073
2074 arm7_9->write_xpsr(target, value, spsr);
2075 }
2076
2077 r->valid = 1;
2078 r->dirty = 0;
2079
2080 if ((mode != ARM_MODE_ANY) && (mode != arm->core_mode)
2081 && (areg->mode != ARM_MODE_ANY)) {
2082 /* restore processor mode (mask T bit) */
2083 arm7_9->write_xpsr_im8(target,
2084 buf_get_u32(arm->cpsr->value, 0, 8) & ~0x20, 0, 0);
2085 }
2086
2087 return jtag_execute_queue();
2088 }
2089
2090 int arm7_9_read_memory(struct target *target,
2091 uint32_t address,
2092 uint32_t size,
2093 uint32_t count,
2094 uint8_t *buffer)
2095 {
2096 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2097 struct arm *arm = &arm7_9->arm;
2098 uint32_t reg[16];
2099 uint32_t num_accesses = 0;
2100 int thisrun_accesses;
2101 int i;
2102 uint32_t cpsr;
2103 int retval;
2104 int last_reg = 0;
2105
2106 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "",
2107 address, size, count);
2108
2109 if (target->state != TARGET_HALTED) {
2110 LOG_WARNING("target not halted");
2111 return ERROR_TARGET_NOT_HALTED;
2112 }
2113
2114 /* sanitize arguments */
2115 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2116 return ERROR_COMMAND_SYNTAX_ERROR;
2117
2118 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2119 return ERROR_TARGET_UNALIGNED_ACCESS;
2120
2121 /* load the base register with the address of the first word */
2122 reg[0] = address;
2123 arm7_9->write_core_regs(target, 0x1, reg);
2124
2125 int j = 0;
2126
2127 switch (size) {
2128 case 4:
2129 while (num_accesses < count) {
2130 uint32_t reg_list;
2131 thisrun_accesses =
2132 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2133 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2134
2135 if (last_reg <= thisrun_accesses)
2136 last_reg = thisrun_accesses;
2137
2138 arm7_9->load_word_regs(target, reg_list);
2139
2140 /* fast memory reads are only safe when the target is running
2141 * from a sufficiently high clock (32 kHz is usually too slow)
2142 */
2143 if (arm7_9->fast_memory_access)
2144 retval = arm7_9_execute_fast_sys_speed(target);
2145 else
2146 retval = arm7_9_execute_sys_speed(target);
2147 if (retval != ERROR_OK)
2148 return retval;
2149
2150 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2151
2152 /* advance buffer, count number of accesses */
2153 buffer += thisrun_accesses * 4;
2154 num_accesses += thisrun_accesses;
2155
2156 if ((j++%1024) == 0)
2157 keep_alive();
2158 }
2159 break;
2160 case 2:
2161 while (num_accesses < count) {
2162 uint32_t reg_list;
2163 thisrun_accesses =
2164 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2165 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2166
2167 for (i = 1; i <= thisrun_accesses; i++) {
2168 if (i > last_reg)
2169 last_reg = i;
2170 arm7_9->load_hword_reg(target, i);
2171 /* fast memory reads are only safe when the target is running
2172 * from a sufficiently high clock (32 kHz is usually too slow)
2173 */
2174 if (arm7_9->fast_memory_access)
2175 retval = arm7_9_execute_fast_sys_speed(target);
2176 else
2177 retval = arm7_9_execute_sys_speed(target);
2178 if (retval != ERROR_OK)
2179 return retval;
2180
2181 }
2182
2183 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2184
2185 /* advance buffer, count number of accesses */
2186 buffer += thisrun_accesses * 2;
2187 num_accesses += thisrun_accesses;
2188
2189 if ((j++%1024) == 0)
2190 keep_alive();
2191 }
2192 break;
2193 case 1:
2194 while (num_accesses < count) {
2195 uint32_t reg_list;
2196 thisrun_accesses =
2197 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2198 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2199
2200 for (i = 1; i <= thisrun_accesses; i++) {
2201 if (i > last_reg)
2202 last_reg = i;
2203 arm7_9->load_byte_reg(target, i);
2204 /* fast memory reads are only safe when the target is running
2205 * from a sufficiently high clock (32 kHz is usually too slow)
2206 */
2207 if (arm7_9->fast_memory_access)
2208 retval = arm7_9_execute_fast_sys_speed(target);
2209 else
2210 retval = arm7_9_execute_sys_speed(target);
2211 if (retval != ERROR_OK)
2212 return retval;
2213 }
2214
2215 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2216
2217 /* advance buffer, count number of accesses */
2218 buffer += thisrun_accesses * 1;
2219 num_accesses += thisrun_accesses;
2220
2221 if ((j++%1024) == 0)
2222 keep_alive();
2223 }
2224 break;
2225 }
2226
2227 if (!is_arm_mode(arm->core_mode))
2228 return ERROR_FAIL;
2229
2230 for (i = 0; i <= last_reg; i++) {
2231 struct reg *r = arm_reg_current(arm, i);
2232 r->dirty = r->valid;
2233 }
2234
2235 arm7_9->read_xpsr(target, &cpsr, 0);
2236 retval = jtag_execute_queue();
2237 if (retval != ERROR_OK) {
2238 LOG_ERROR("JTAG error while reading cpsr");
2239 return ERROR_TARGET_DATA_ABORT;
2240 }
2241
2242 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (arm->core_mode != ARM_MODE_ABT)) {
2243 LOG_WARNING(
2244 "memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")",
2245 address,
2246 size,
2247 count);
2248
2249 arm7_9->write_xpsr_im8(target,
2250 buf_get_u32(arm->cpsr->value, 0, 8)
2251 & ~0x20, 0, 0);
2252
2253 return ERROR_TARGET_DATA_ABORT;
2254 }
2255
2256 return ERROR_OK;
2257 }
2258
2259 int arm7_9_write_memory(struct target *target,
2260 uint32_t address,
2261 uint32_t size,
2262 uint32_t count,
2263 const uint8_t *buffer)
2264 {
2265 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2266 struct arm *arm = &arm7_9->arm;
2267 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2268
2269 uint32_t reg[16];
2270 uint32_t num_accesses = 0;
2271 int thisrun_accesses;
2272 int i;
2273 uint32_t cpsr;
2274 int retval;
2275 int last_reg = 0;
2276
2277 #ifdef _DEBUG_ARM7_9_
2278 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2279 #endif
2280
2281 if (target->state != TARGET_HALTED) {
2282 LOG_WARNING("target not halted");
2283 return ERROR_TARGET_NOT_HALTED;
2284 }
2285
2286 /* sanitize arguments */
2287 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2288 return ERROR_COMMAND_SYNTAX_ERROR;
2289
2290 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2291 return ERROR_TARGET_UNALIGNED_ACCESS;
2292
2293 /* load the base register with the address of the first word */
2294 reg[0] = address;
2295 arm7_9->write_core_regs(target, 0x1, reg);
2296
2297 /* Clear DBGACK, to make sure memory fetches work as expected */
2298 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2299 embeddedice_store_reg(dbg_ctrl);
2300
2301 switch (size) {
2302 case 4:
2303 while (num_accesses < count) {
2304 uint32_t reg_list;
2305 thisrun_accesses =
2306 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2307 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2308
2309 for (i = 1; i <= thisrun_accesses; i++) {
2310 if (i > last_reg)
2311 last_reg = i;
2312 reg[i] = target_buffer_get_u32(target, buffer);
2313 buffer += 4;
2314 }
2315
2316 arm7_9->write_core_regs(target, reg_list, reg);
2317
2318 arm7_9->store_word_regs(target, reg_list);
2319
2320 /* fast memory writes are only safe when the target is running
2321 * from a sufficiently high clock (32 kHz is usually too slow)
2322 */
2323 if (arm7_9->fast_memory_access)
2324 retval = arm7_9_execute_fast_sys_speed(target);
2325 else {
2326 retval = arm7_9_execute_sys_speed(target);
2327
2328 /*
2329 * if memory writes are made when the clock is running slow
2330 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2331 * processor operations after a "reset halt" or "reset init",
2332 * need to immediately stroke the keep alive or will end up with
2333 * gdb "keep alive not sent error message" problem.
2334 */
2335
2336 keep_alive();
2337 }
2338
2339 if (retval != ERROR_OK)
2340 return retval;
2341
2342 num_accesses += thisrun_accesses;
2343 }
2344 break;
2345 case 2:
2346 while (num_accesses < count) {
2347 uint32_t reg_list;
2348 thisrun_accesses =
2349 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2350 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2351
2352 for (i = 1; i <= thisrun_accesses; i++) {
2353 if (i > last_reg)
2354 last_reg = i;
2355 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2356 buffer += 2;
2357 }
2358
2359 arm7_9->write_core_regs(target, reg_list, reg);
2360
2361 for (i = 1; i <= thisrun_accesses; i++) {
2362 arm7_9->store_hword_reg(target, i);
2363
2364 /* fast memory writes are only safe when the target is running
2365 * from a sufficiently high clock (32 kHz is usually too slow)
2366 */
2367 if (arm7_9->fast_memory_access)
2368 retval = arm7_9_execute_fast_sys_speed(target);
2369 else {
2370 retval = arm7_9_execute_sys_speed(target);
2371
2372 /*
2373 * if memory writes are made when the clock is running slow
2374 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2375 * processor operations after a "reset halt" or "reset init",
2376 * need to immediately stroke the keep alive or will end up with
2377 * gdb "keep alive not sent error message" problem.
2378 */
2379
2380 keep_alive();
2381 }
2382
2383 if (retval != ERROR_OK)
2384 return retval;
2385 }
2386
2387 num_accesses += thisrun_accesses;
2388 }
2389 break;
2390 case 1:
2391 while (num_accesses < count) {
2392 uint32_t reg_list;
2393 thisrun_accesses =
2394 ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2395 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2396
2397 for (i = 1; i <= thisrun_accesses; i++) {
2398 if (i > last_reg)
2399 last_reg = i;
2400 reg[i] = *buffer++ & 0xff;
2401 }
2402
2403 arm7_9->write_core_regs(target, reg_list, reg);
2404
2405 for (i = 1; i <= thisrun_accesses; i++) {
2406 arm7_9->store_byte_reg(target, i);
2407 /* fast memory writes are only safe when the target is running
2408 * from a sufficiently high clock (32 kHz is usually too slow)
2409 */
2410 if (arm7_9->fast_memory_access)
2411 retval = arm7_9_execute_fast_sys_speed(target);
2412 else {
2413 retval = arm7_9_execute_sys_speed(target);
2414
2415 /*
2416 * if memory writes are made when the clock is running slow
2417 * (i.e. 32 kHz) which is necessary in some scripts to reconfigure
2418 * processor operations after a "reset halt" or "reset init",
2419 * need to immediately stroke the keep alive or will end up with
2420 * gdb "keep alive not sent error message" problem.
2421 */
2422
2423 keep_alive();
2424 }
2425
2426 if (retval != ERROR_OK)
2427 return retval;
2428
2429 }
2430
2431 num_accesses += thisrun_accesses;
2432 }
2433 break;
2434 }
2435
2436 /* Re-Set DBGACK */
2437 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2438 embeddedice_store_reg(dbg_ctrl);
2439
2440 if (!is_arm_mode(arm->core_mode))
2441 return ERROR_FAIL;
2442
2443 for (i = 0; i <= last_reg; i++) {
2444 struct reg *r = arm_reg_current(arm, i);
2445 r->dirty = r->valid;
2446 }
2447
2448 arm7_9->read_xpsr(target, &cpsr, 0);
2449 retval = jtag_execute_queue();
2450 if (retval != ERROR_OK) {
2451 LOG_ERROR("JTAG error while reading cpsr");
2452 return ERROR_TARGET_DATA_ABORT;
2453 }
2454
2455 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (arm->core_mode != ARM_MODE_ABT)) {
2456 LOG_WARNING(
2457 "memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")",
2458 address,
2459 size,
2460 count);
2461
2462 arm7_9->write_xpsr_im8(target,
2463 buf_get_u32(arm->cpsr->value, 0, 8)
2464 & ~0x20, 0, 0);
2465
2466 return ERROR_TARGET_DATA_ABORT;
2467 }
2468
2469 return ERROR_OK;
2470 }
2471
2472 static int dcc_count;
2473 static const uint8_t *dcc_buffer;
2474
2475 static int arm7_9_dcc_completion(struct target *target,
2476 uint32_t exit_point,
2477 int timeout_ms,
2478 void *arch_info)
2479 {
2480 int retval = ERROR_OK;
2481 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2482
2483 retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500);
2484 if (retval != ERROR_OK)
2485 return retval;
2486
2487 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2488 int count = dcc_count;
2489 const uint8_t *buffer = dcc_buffer;
2490 if (count > 2) {
2491 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2492 * core function repeated. */
2493 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2494 fast_target_buffer_get_u32(buffer, little));
2495 buffer += 4;
2496
2497 struct embeddedice_reg *ice_reg =
2498 arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2499 uint8_t reg_addr = ice_reg->addr & 0x1f;
2500 struct jtag_tap *tap;
2501 tap = ice_reg->jtag_info->tap;
2502
2503 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2504 buffer += (count-2)*4;
2505
2506 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2507 fast_target_buffer_get_u32(buffer, little));
2508 } else {
2509 int i;
2510 for (i = 0; i < count; i++) {
2511 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA],
2512 fast_target_buffer_get_u32(buffer, little));
2513 buffer += 4;
2514 }
2515 }
2516
2517 retval = target_halt(target);
2518 if (retval != ERROR_OK)
2519 return retval;
2520 return target_wait_state(target, TARGET_HALTED, 500);
2521 }
2522
2523 static const uint32_t dcc_code[] = {
2524 /* r0 == input, points to memory buffer
2525 * r1 == scratch
2526 */
2527
2528 /* spin until DCC control (c0) reports data arrived */
2529 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2530 0xe3110001, /* tst r1, #1 */
2531 0x0afffffc, /* bne w */
2532
2533 /* read word from DCC (c1), write to memory */
2534 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2535 0xe4801004, /* str r1, [r0], #4 */
2536
2537 /* repeat */
2538 0xeafffff9 /* b w */
2539 };
2540
2541 int arm7_9_bulk_write_memory(struct target *target,
2542 uint32_t address,
2543 uint32_t count,
2544 const uint8_t *buffer)
2545 {
2546 int retval;
2547 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2548 int i;
2549
2550 if (!arm7_9->dcc_downloads)
2551 return target_write_memory(target, address, 4, count, buffer);
2552
2553 /* regrab previously allocated working_area, or allocate a new one */
2554 if (!arm7_9->dcc_working_area) {
2555 uint8_t dcc_code_buf[6 * 4];
2556
2557 /* make sure we have a working area */
2558 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK) {
2559 LOG_INFO("no working area available, falling back to memory writes");
2560 return target_write_memory(target, address, 4, count, buffer);
2561 }
2562
2563 /* copy target instructions to target endianness */
2564 for (i = 0; i < 6; i++)
2565 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2566
2567 /* write DCC code to working area */
2568 retval = target_write_memory(target,
2569 arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf);
2570 if (retval != ERROR_OK)
2571 return retval;
2572 }
2573
2574 struct arm_algorithm arm_algo;
2575 struct reg_param reg_params[1];
2576
2577 arm_algo.common_magic = ARM_COMMON_MAGIC;
2578 arm_algo.core_mode = ARM_MODE_SVC;
2579 arm_algo.core_state = ARM_STATE_ARM;
2580
2581 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2582
2583 buf_set_u32(reg_params[0].value, 0, 32, address);
2584
2585 dcc_count = count;
2586 dcc_buffer = buffer;
2587 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2588 arm7_9->dcc_working_area->address,
2589 arm7_9->dcc_working_area->address + 6*4,
2590 20*1000, &arm_algo, arm7_9_dcc_completion);
2591
2592 if (retval == ERROR_OK) {
2593 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2594 if (endaddress != (address + count*4)) {
2595 LOG_ERROR(
2596 "DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "",
2597 (address + count*4),
2598 endaddress);
2599 retval = ERROR_FAIL;
2600 }
2601 }
2602
2603 destroy_reg_param(&reg_params[0]);
2604
2605 return retval;
2606 }
2607
2608 /**
2609 * Perform per-target setup that requires JTAG access.
2610 */
2611 int arm7_9_examine(struct target *target)
2612 {
2613 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2614 int retval;
2615
2616 if (!target_was_examined(target)) {
2617 struct reg_cache *t, **cache_p;
2618
2619 t = embeddedice_build_reg_cache(target, arm7_9);
2620 if (t == NULL)
2621 return ERROR_FAIL;
2622
2623 cache_p = register_get_last_cache_p(&target->reg_cache);
2624 (*cache_p) = t;
2625 arm7_9->eice_cache = (*cache_p);
2626
2627 if (arm7_9->arm.etm)
2628 (*cache_p)->next = etm_build_reg_cache(target,
2629 &arm7_9->jtag_info,
2630 arm7_9->arm.etm);
2631
2632 target_set_examined(target);
2633 }
2634
2635 retval = embeddedice_setup(target);
2636 if (retval == ERROR_OK)
2637 retval = arm7_9_setup(target);
2638 if (retval == ERROR_OK && arm7_9->arm.etm)
2639 retval = etm_setup(target);
2640 return retval;
2641 }
2642
2643
2644 int arm7_9_check_reset(struct target *target)
2645 {
2646 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2647
2648 if (get_target_reset_nag() && !arm7_9->dcc_downloads)
2649 LOG_WARNING(
2650 "NOTE! DCC downloads have not been enabled, defaulting to slow memory writes. Type 'help dcc'.");
2651
2652 if (get_target_reset_nag() && (target->working_area_size == 0))
2653 LOG_WARNING("NOTE! Severe performance degradation without working memory enabled.");
2654
2655 if (get_target_reset_nag() && !arm7_9->fast_memory_access)
2656 LOG_WARNING(
2657 "NOTE! Severe performance degradation without fast memory access enabled. Type 'help fast'.");
2658
2659 return ERROR_OK;
2660 }
2661
2662 int arm7_9_endianness_callback(jtag_callback_data_t pu8_in,
2663 jtag_callback_data_t i_size, jtag_callback_data_t i_be,
2664 jtag_callback_data_t i_flip)
2665 {
2666 uint8_t *in = (uint8_t *)pu8_in;
2667 int size = (int)i_size;
2668 int be = (int)i_be;
2669 int flip = (int)i_flip;
2670 uint32_t readback;
2671
2672 switch (size) {
2673 case 4:
2674 readback = le_to_h_u32(in);
2675 if (flip)
2676 readback = flip_u32(readback, 32);
2677 if (be)
2678 h_u32_to_be(in, readback);
2679 else
2680 h_u32_to_le(in, readback);
2681 break;
2682 case 2:
2683 readback = le_to_h_u16(in);
2684 if (flip)
2685 readback = flip_u32(readback, 16);
2686 if (be)
2687 h_u16_to_be(in, readback & 0xffff);
2688 else
2689 h_u16_to_le(in, readback & 0xffff);
2690 break;
2691 case 1:
2692 readback = *in;
2693 if (flip)
2694 readback = flip_u32(readback, 8);
2695 *in = readback & 0xff;
2696 break;
2697 }
2698
2699 return ERROR_OK;
2700 }
2701
2702 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2703 {
2704 struct target *target = get_current_target(CMD_CTX);
2705 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2706
2707 if (!is_arm7_9(arm7_9)) {
2708 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2709 return ERROR_TARGET_INVALID;
2710 }
2711
2712 if (CMD_ARGC > 0)
2713 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->use_dbgrq);
2714
2715 command_print(CMD_CTX,
2716 "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s",
2717 (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2718
2719 return ERROR_OK;
2720 }
2721
2722 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2723 {
2724 struct target *target = get_current_target(CMD_CTX);
2725 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2726
2727 if (!is_arm7_9(arm7_9)) {
2728 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2729 return ERROR_TARGET_INVALID;
2730 }
2731
2732 if (CMD_ARGC > 0)
2733 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->fast_memory_access);
2734
2735 command_print(CMD_CTX,
2736 "fast memory access is %s",
2737 (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2738
2739 return ERROR_OK;
2740 }
2741
2742 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
2743 {
2744 struct target *target = get_current_target(CMD_CTX);
2745 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2746
2747 if (!is_arm7_9(arm7_9)) {
2748 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2749 return ERROR_TARGET_INVALID;
2750 }
2751
2752 if (CMD_ARGC > 0)
2753 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->dcc_downloads);
2754
2755 command_print(CMD_CTX,
2756 "dcc downloads are %s",
2757 (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2758
2759 return ERROR_OK;
2760 }
2761
2762 static int arm7_9_setup_semihosting(struct target *target, int enable)
2763 {
2764 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2765
2766 if (!is_arm7_9(arm7_9)) {
2767 LOG_USER("current target isn't an ARM7/ARM9 target");
2768 return ERROR_TARGET_INVALID;
2769 }
2770
2771 if (arm7_9->has_vector_catch) {
2772 struct reg *vector_catch = &arm7_9->eice_cache
2773 ->reg_list[EICE_VEC_CATCH];
2774
2775 if (!vector_catch->valid)
2776 embeddedice_read_reg(vector_catch);
2777 buf_set_u32(vector_catch->value, 2, 1, enable);
2778 embeddedice_store_reg(vector_catch);
2779 } else {
2780 /* TODO: allow optional high vectors and/or BKPT_HARD */
2781 if (enable)
2782 breakpoint_add(target, 8, 4, BKPT_SOFT);
2783 else
2784 breakpoint_remove(target, 8);
2785 }
2786
2787 return ERROR_OK;
2788 }
2789
2790 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
2791 {
2792 int retval = ERROR_OK;
2793 struct arm *arm = &arm7_9->arm;
2794
2795 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2796
2797 retval = arm_jtag_setup_connection(&arm7_9->jtag_info);
2798 if (retval != ERROR_OK)
2799 return retval;
2800
2801 /* caller must have allocated via calloc(), so everything's zeroed */
2802
2803 arm7_9->wp_available_max = 2;
2804
2805 arm7_9->fast_memory_access = false;
2806 arm7_9->dcc_downloads = false;
2807
2808 arm->arch_info = arm7_9;
2809 arm->read_core_reg = arm7_9_read_core_reg;
2810 arm->write_core_reg = arm7_9_write_core_reg;
2811 arm->full_context = arm7_9_full_context;
2812 arm->setup_semihosting = arm7_9_setup_semihosting;
2813
2814 retval = arm_init_arch_info(target, arm);
2815 if (retval != ERROR_OK)
2816 return retval;
2817
2818 return target_register_timer_callback(arm7_9_handle_target_request,
2819 1, 1, target);
2820 }
2821
2822 static const struct command_registration arm7_9_any_command_handlers[] = {
2823 {
2824 "dbgrq",
2825 .handler = handle_arm7_9_dbgrq_command,
2826 .mode = COMMAND_ANY,
2827 .usage = "['enable'|'disable']",
2828 .help = "use EmbeddedICE dbgrq instead of breakpoint "
2829 "for target halt requests",
2830 },
2831 {
2832 "fast_memory_access",
2833 .handler = handle_arm7_9_fast_memory_access_command,
2834 .mode = COMMAND_ANY,
2835 .usage = "['enable'|'disable']",
2836 .help = "use fast memory accesses instead of slower "
2837 "but potentially safer accesses",
2838 },
2839 {
2840 "dcc_downloads",
2841 .handler = handle_arm7_9_dcc_downloads_command,
2842 .mode = COMMAND_ANY,
2843 .usage = "['enable'|'disable']",
2844 .help = "use DCC downloads for larger memory writes",
2845 },
2846 COMMAND_REGISTRATION_DONE
2847 };
2848 const struct command_registration arm7_9_command_handlers[] = {
2849 {
2850 .chain = arm_command_handlers,
2851 },
2852 {
2853 .chain = etm_command_handlers,
2854 },
2855 {
2856 .name = "arm7_9",
2857 .mode = COMMAND_ANY,
2858 .help = "arm7/9 specific commands",
2859 .usage = "",
2860 .chain = arm7_9_any_command_handlers,
2861 },
2862 COMMAND_REGISTRATION_DONE
2863 };

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)