Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
ARM: rename some generic routines
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "breakpoints.h"
34 #include "embeddedice.h"
35 #include "target_request.h"
36 #include "etm.h"
37 #include <helper/time_support.h>
38 #include "arm_simulator.h"
39 #include "arm_semihosting.h"
40 #include "algorithm.h"
41 #include "register.h"
42
43
44 /**
45 * @file
46 * Hold common code supporting the ARM7 and ARM9 core generations.
47 *
48 * While the ARM core implementations evolved substantially during these
49 * two generations, they look quite similar from the JTAG perspective.
50 * Both have similar debug facilities, based on the same two scan chains
51 * providing access to the core and to an EmbeddedICE module. Both can
52 * support similar ETM and ETB modules, for tracing. And both expose
53 * what could be viewed as "ARM Classic", with multiple processor modes,
54 * shadowed registers, and support for the Thumb instruction set.
55 *
56 * Processor differences include things like presence or absence of MMU
57 * and cache, pipeline sizes, use of a modified Harvard Architecure
58 * (with separate instruction and data busses from the CPU), support
59 * for cpu clock gating during idle, and more.
60 */
61
62 static int arm7_9_debug_entry(struct target *target);
63
64 /**
65 * Clear watchpoints for an ARM7/9 target.
66 *
67 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
68 * @return JTAG error status after executing queue
69 */
70 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
71 {
72 LOG_DEBUG("-");
73 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
74 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
75 arm7_9->sw_breakpoint_count = 0;
76 arm7_9->sw_breakpoints_added = 0;
77 arm7_9->wp0_used = 0;
78 arm7_9->wp1_used = arm7_9->wp1_used_default;
79 arm7_9->wp_available = arm7_9->wp_available_max;
80
81 return jtag_execute_queue();
82 }
83
84 /**
85 * Assign a watchpoint to one of the two available hardware comparators in an
86 * ARM7 or ARM9 target.
87 *
88 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
89 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
90 */
91 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
92 {
93 if (!arm7_9->wp0_used)
94 {
95 arm7_9->wp0_used = 1;
96 breakpoint->set = 1;
97 arm7_9->wp_available--;
98 }
99 else if (!arm7_9->wp1_used)
100 {
101 arm7_9->wp1_used = 1;
102 breakpoint->set = 2;
103 arm7_9->wp_available--;
104 }
105 else
106 {
107 LOG_ERROR("BUG: no hardware comparator available");
108 }
109 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
110 breakpoint->unique_id,
111 breakpoint->address,
112 breakpoint->set );
113 }
114
115 /**
116 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
117 *
118 * @param arm7_9 Pointer to common struct for ARM7/9 targets
119 * @return Error codes if there is a problem finding a watchpoint or the result
120 * of executing the JTAG queue
121 */
122 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
123 {
124 if (arm7_9->sw_breakpoints_added)
125 {
126 return ERROR_OK;
127 }
128 if (arm7_9->wp_available < 1)
129 {
130 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
131 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
132 }
133 arm7_9->wp_available--;
134
135 /* pick a breakpoint unit */
136 if (!arm7_9->wp0_used)
137 {
138 arm7_9->sw_breakpoints_added = 1;
139 arm7_9->wp0_used = 3;
140 } else if (!arm7_9->wp1_used)
141 {
142 arm7_9->sw_breakpoints_added = 2;
143 arm7_9->wp1_used = 3;
144 }
145 else
146 {
147 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
148 return ERROR_FAIL;
149 }
150
151 if (arm7_9->sw_breakpoints_added == 1)
152 {
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
155 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
156 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
157 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
158 }
159 else if (arm7_9->sw_breakpoints_added == 2)
160 {
161 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
162 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
163 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
164 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
165 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
166 }
167 else
168 {
169 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
170 return ERROR_FAIL;
171 }
172 LOG_DEBUG("SW BP using hw wp: %d",
173 arm7_9->sw_breakpoints_added );
174
175 return jtag_execute_queue();
176 }
177
178 /**
179 * Setup the common pieces for an ARM7/9 target after reset or on startup.
180 *
181 * @param target Pointer to an ARM7/9 target to setup
182 * @return Result of clearing the watchpoints on the target
183 */
184 int arm7_9_setup(struct target *target)
185 {
186 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
187
188 return arm7_9_clear_watchpoints(arm7_9);
189 }
190
191 /**
192 * Set either a hardware or software breakpoint on an ARM7/9 target. The
193 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
194 * might have erased the values in Embedded ICE.
195 *
196 * @param target Pointer to the target device to set the breakpoints on
197 * @param breakpoint Pointer to the breakpoint to be set
198 * @return For hardware breakpoints, this is the result of executing the JTAG
199 * queue. For software breakpoints, this will be the status of the
200 * required memory reads and writes
201 */
202 int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
203 {
204 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
205 int retval = ERROR_OK;
206
207 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
208 breakpoint->unique_id,
209 breakpoint->address,
210 breakpoint->type);
211
212 if (target->state != TARGET_HALTED)
213 {
214 LOG_WARNING("target not halted");
215 return ERROR_TARGET_NOT_HALTED;
216 }
217
218 if (breakpoint->type == BKPT_HARD)
219 {
220 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
221 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
222
223 /* reassign a hw breakpoint */
224 if (breakpoint->set == 0)
225 {
226 arm7_9_assign_wp(arm7_9, breakpoint);
227 }
228
229 if (breakpoint->set == 1)
230 {
231 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
232 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
233 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
234 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
235 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
236 }
237 else if (breakpoint->set == 2)
238 {
239 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
240 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
241 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
242 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
243 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
244 }
245 else
246 {
247 LOG_ERROR("BUG: no hardware comparator available");
248 return ERROR_OK;
249 }
250
251 retval = jtag_execute_queue();
252 }
253 else if (breakpoint->type == BKPT_SOFT)
254 {
255 /* did we already set this breakpoint? */
256 if (breakpoint->set)
257 return ERROR_OK;
258
259 if (breakpoint->length == 4)
260 {
261 uint32_t verify = 0xffffffff;
262 /* keep the original instruction in target endianness */
263 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
264 {
265 return retval;
266 }
267 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
268 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
269 {
270 return retval;
271 }
272
273 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
274 {
275 return retval;
276 }
277 if (verify != arm7_9->arm_bkpt)
278 {
279 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
280 return ERROR_OK;
281 }
282 }
283 else
284 {
285 uint16_t verify = 0xffff;
286 /* keep the original instruction in target endianness */
287 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
288 {
289 return retval;
290 }
291 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
292 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
293 {
294 return retval;
295 }
296
297 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
298 {
299 return retval;
300 }
301 if (verify != arm7_9->thumb_bkpt)
302 {
303 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
304 return ERROR_OK;
305 }
306 }
307
308 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
309 return retval;
310
311 arm7_9->sw_breakpoint_count++;
312
313 breakpoint->set = 1;
314 }
315
316 return retval;
317 }
318
319 /**
320 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
321 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
322 * will be updated. Otherwise, the software breakpoint will be restored to its
323 * original instruction if it hasn't already been modified.
324 *
325 * @param target Pointer to ARM7/9 target to unset the breakpoint from
326 * @param breakpoint Pointer to breakpoint to be unset
327 * @return For hardware breakpoints, this is the result of executing the JTAG
328 * queue. For software breakpoints, this will be the status of the
329 * required memory reads and writes
330 */
331 int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
332 {
333 int retval = ERROR_OK;
334 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
335
336 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
337 breakpoint->unique_id,
338 breakpoint->address );
339
340 if (!breakpoint->set)
341 {
342 LOG_WARNING("breakpoint not set");
343 return ERROR_OK;
344 }
345
346 if (breakpoint->type == BKPT_HARD)
347 {
348 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
349 breakpoint->unique_id,
350 breakpoint->set );
351 if (breakpoint->set == 1)
352 {
353 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
354 arm7_9->wp0_used = 0;
355 arm7_9->wp_available++;
356 }
357 else if (breakpoint->set == 2)
358 {
359 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
360 arm7_9->wp1_used = 0;
361 arm7_9->wp_available++;
362 }
363 retval = jtag_execute_queue();
364 breakpoint->set = 0;
365 }
366 else
367 {
368 /* restore original instruction (kept in target endianness) */
369 if (breakpoint->length == 4)
370 {
371 uint32_t current_instr;
372 /* check that user program as not modified breakpoint instruction */
373 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
374 {
375 return retval;
376 }
377 if (current_instr == arm7_9->arm_bkpt)
378 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
379 {
380 return retval;
381 }
382 }
383 else
384 {
385 uint16_t current_instr;
386 /* check that user program as not modified breakpoint instruction */
387 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
388 {
389 return retval;
390 }
391 if (current_instr == arm7_9->thumb_bkpt)
392 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
393 {
394 return retval;
395 }
396 }
397
398 if (--arm7_9->sw_breakpoint_count==0)
399 {
400 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
401 if (arm7_9->sw_breakpoints_added == 1)
402 {
403 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
404 }
405 else if (arm7_9->sw_breakpoints_added == 2)
406 {
407 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
408 }
409 }
410
411 breakpoint->set = 0;
412 }
413
414 return retval;
415 }
416
417 /**
418 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
419 * dangling breakpoints and that the desired breakpoint can be added.
420 *
421 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
422 * @param breakpoint Pointer to the breakpoint to be added
423 * @return An error status if there is a problem adding the breakpoint or the
424 * result of setting the breakpoint
425 */
426 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
427 {
428 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
429
430 if (arm7_9->breakpoint_count == 0)
431 {
432 /* make sure we don't have any dangling breakpoints. This is vital upon
433 * GDB connect/disconnect
434 */
435 arm7_9_clear_watchpoints(arm7_9);
436 }
437
438 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
439 {
440 LOG_INFO("no watchpoint unit available for hardware breakpoint");
441 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
442 }
443
444 if ((breakpoint->length != 2) && (breakpoint->length != 4))
445 {
446 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
447 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
448 }
449
450 if (breakpoint->type == BKPT_HARD)
451 {
452 arm7_9_assign_wp(arm7_9, breakpoint);
453 }
454
455 arm7_9->breakpoint_count++;
456
457 return arm7_9_set_breakpoint(target, breakpoint);
458 }
459
460 /**
461 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
462 * dangling breakpoints and updates available watchpoints if it is a hardware
463 * breakpoint.
464 *
465 * @param target Pointer to the target to have a breakpoint removed
466 * @param breakpoint Pointer to the breakpoint to be removed
467 * @return Error status if there was a problem unsetting the breakpoint or the
468 * watchpoints could not be cleared
469 */
470 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
471 {
472 int retval = ERROR_OK;
473 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
474
475 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
476 {
477 return retval;
478 }
479
480 if (breakpoint->type == BKPT_HARD)
481 arm7_9->wp_available++;
482
483 arm7_9->breakpoint_count--;
484 if (arm7_9->breakpoint_count == 0)
485 {
486 /* make sure we don't have any dangling breakpoints */
487 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
488 {
489 return retval;
490 }
491 }
492
493 return ERROR_OK;
494 }
495
496 /**
497 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
498 * considered a bug to call this function when there are no available watchpoint
499 * units.
500 *
501 * @param target Pointer to an ARM7/9 target to set a watchpoint on
502 * @param watchpoint Pointer to the watchpoint to be set
503 * @return Error status if watchpoint set fails or the result of executing the
504 * JTAG queue
505 */
506 int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
507 {
508 int retval = ERROR_OK;
509 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
510 int rw_mask = 1;
511 uint32_t mask;
512
513 mask = watchpoint->length - 1;
514
515 if (target->state != TARGET_HALTED)
516 {
517 LOG_WARNING("target not halted");
518 return ERROR_TARGET_NOT_HALTED;
519 }
520
521 if (watchpoint->rw == WPT_ACCESS)
522 rw_mask = 0;
523 else
524 rw_mask = 1;
525
526 if (!arm7_9->wp0_used)
527 {
528 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
529 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
530 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
531 if (watchpoint->mask != 0xffffffffu)
532 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
533 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
534 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
535
536 if ((retval = jtag_execute_queue()) != ERROR_OK)
537 {
538 return retval;
539 }
540 watchpoint->set = 1;
541 arm7_9->wp0_used = 2;
542 }
543 else if (!arm7_9->wp1_used)
544 {
545 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
546 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
547 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
548 if (watchpoint->mask != 0xffffffffu)
549 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
550 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
551 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
552
553 if ((retval = jtag_execute_queue()) != ERROR_OK)
554 {
555 return retval;
556 }
557 watchpoint->set = 2;
558 arm7_9->wp1_used = 2;
559 }
560 else
561 {
562 LOG_ERROR("BUG: no hardware comparator available");
563 return ERROR_OK;
564 }
565
566 return ERROR_OK;
567 }
568
569 /**
570 * Unset an existing watchpoint and clear the used watchpoint unit.
571 *
572 * @param target Pointer to the target to have the watchpoint removed
573 * @param watchpoint Pointer to the watchpoint to be removed
574 * @return Error status while trying to unset the watchpoint or the result of
575 * executing the JTAG queue
576 */
577 int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
578 {
579 int retval = ERROR_OK;
580 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
581
582 if (target->state != TARGET_HALTED)
583 {
584 LOG_WARNING("target not halted");
585 return ERROR_TARGET_NOT_HALTED;
586 }
587
588 if (!watchpoint->set)
589 {
590 LOG_WARNING("breakpoint not set");
591 return ERROR_OK;
592 }
593
594 if (watchpoint->set == 1)
595 {
596 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
597 if ((retval = jtag_execute_queue()) != ERROR_OK)
598 {
599 return retval;
600 }
601 arm7_9->wp0_used = 0;
602 }
603 else if (watchpoint->set == 2)
604 {
605 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
606 if ((retval = jtag_execute_queue()) != ERROR_OK)
607 {
608 return retval;
609 }
610 arm7_9->wp1_used = 0;
611 }
612 watchpoint->set = 0;
613
614 return ERROR_OK;
615 }
616
617 /**
618 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
619 * available, an error response is returned.
620 *
621 * @param target Pointer to the ARM7/9 target to add a watchpoint to
622 * @param watchpoint Pointer to the watchpoint to be added
623 * @return Error status while trying to add the watchpoint
624 */
625 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
626 {
627 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
628
629 if (arm7_9->wp_available < 1)
630 {
631 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
632 }
633
634 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
635 {
636 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
637 }
638
639 arm7_9->wp_available--;
640
641 return ERROR_OK;
642 }
643
644 /**
645 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
646 * the used watchpoint unit will be reopened.
647 *
648 * @param target Pointer to the target to remove a watchpoint from
649 * @param watchpoint Pointer to the watchpoint to be removed
650 * @return Result of trying to unset the watchpoint
651 */
652 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
653 {
654 int retval = ERROR_OK;
655 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
656
657 if (watchpoint->set)
658 {
659 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
660 {
661 return retval;
662 }
663 }
664
665 arm7_9->wp_available++;
666
667 return ERROR_OK;
668 }
669
670 /**
671 * Restarts the target by sending a RESTART instruction and moving the JTAG
672 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
673 * asserted by the processor.
674 *
675 * @param target Pointer to target to issue commands to
676 * @return Error status if there is a timeout or a problem while executing the
677 * JTAG queue
678 */
679 int arm7_9_execute_sys_speed(struct target *target)
680 {
681 int retval;
682 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
683 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
684 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
685
686 /* set RESTART instruction */
687 jtag_set_end_state(TAP_IDLE);
688 if (arm7_9->need_bypass_before_restart) {
689 arm7_9->need_bypass_before_restart = 0;
690 arm_jtag_set_instr(jtag_info, 0xf, NULL);
691 }
692 arm_jtag_set_instr(jtag_info, 0x4, NULL);
693
694 long long then = timeval_ms();
695 int timeout;
696 while (!(timeout = ((timeval_ms()-then) > 1000)))
697 {
698 /* read debug status register */
699 embeddedice_read_reg(dbg_stat);
700 if ((retval = jtag_execute_queue()) != ERROR_OK)
701 return retval;
702 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
703 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
704 break;
705 if (debug_level >= 3)
706 {
707 alive_sleep(100);
708 } else
709 {
710 keep_alive();
711 }
712 }
713 if (timeout)
714 {
715 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
716 return ERROR_TARGET_TIMEOUT;
717 }
718
719 return ERROR_OK;
720 }
721
722 /**
723 * Restarts the target by sending a RESTART instruction and moving the JTAG
724 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
725 * waiting until they are.
726 *
727 * @param target Pointer to the target to issue commands to
728 * @return Always ERROR_OK
729 */
730 int arm7_9_execute_fast_sys_speed(struct target *target)
731 {
732 static int set = 0;
733 static uint8_t check_value[4], check_mask[4];
734
735 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
736 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
737 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
738
739 /* set RESTART instruction */
740 jtag_set_end_state(TAP_IDLE);
741 if (arm7_9->need_bypass_before_restart) {
742 arm7_9->need_bypass_before_restart = 0;
743 arm_jtag_set_instr(jtag_info, 0xf, NULL);
744 }
745 arm_jtag_set_instr(jtag_info, 0x4, NULL);
746
747 if (!set)
748 {
749 /* check for DBGACK and SYSCOMP set (others don't care) */
750
751 /* NB! These are constants that must be available until after next jtag_execute() and
752 * we evaluate the values upon first execution in lieu of setting up these constants
753 * during early setup.
754 * */
755 buf_set_u32(check_value, 0, 32, 0x9);
756 buf_set_u32(check_mask, 0, 32, 0x9);
757 set = 1;
758 }
759
760 /* read debug status register */
761 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
762
763 return ERROR_OK;
764 }
765
766 /**
767 * Get some data from the ARM7/9 target.
768 *
769 * @param target Pointer to the ARM7/9 target to read data from
770 * @param size The number of 32bit words to be read
771 * @param buffer Pointer to the buffer that will hold the data
772 * @return The result of receiving data from the Embedded ICE unit
773 */
774 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
775 {
776 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
777 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
778 uint32_t *data;
779 int retval = ERROR_OK;
780 uint32_t i;
781
782 data = malloc(size * (sizeof(uint32_t)));
783
784 retval = embeddedice_receive(jtag_info, data, size);
785
786 /* return the 32-bit ints in the 8-bit array */
787 for (i = 0; i < size; i++)
788 {
789 h_u32_to_le(buffer + (i * 4), data[i]);
790 }
791
792 free(data);
793
794 return retval;
795 }
796
797 /**
798 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
799 * target is running and the DCC control register has the W bit high, this will
800 * execute the request on the target.
801 *
802 * @param priv Void pointer expected to be a struct target pointer
803 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
804 * from the Embedded ICE unit
805 */
806 int arm7_9_handle_target_request(void *priv)
807 {
808 int retval = ERROR_OK;
809 struct target *target = priv;
810 if (!target_was_examined(target))
811 return ERROR_OK;
812 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
813 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
814 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
815
816 if (!target->dbg_msg_enabled)
817 return ERROR_OK;
818
819 if (target->state == TARGET_RUNNING)
820 {
821 /* read DCC control register */
822 embeddedice_read_reg(dcc_control);
823 if ((retval = jtag_execute_queue()) != ERROR_OK)
824 {
825 return retval;
826 }
827
828 /* check W bit */
829 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
830 {
831 uint32_t request;
832
833 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
834 {
835 return retval;
836 }
837 if ((retval = target_request(target, request)) != ERROR_OK)
838 {
839 return retval;
840 }
841 }
842 }
843
844 return ERROR_OK;
845 }
846
847 /**
848 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
849 * is manipulated to the right halted state based on its current state. This is
850 * what happens:
851 *
852 * <table>
853 * <tr><th > State</th><th > Action</th></tr>
854 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
855 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
856 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
857 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
858 * </table>
859 *
860 * If the target does not end up in the halted state, a warning is produced. If
861 * DBGACK is cleared, then the target is expected to either be running or
862 * running in debug.
863 *
864 * @param target Pointer to the ARM7/9 target to poll
865 * @return ERROR_OK or an error status if a command fails
866 */
867 int arm7_9_poll(struct target *target)
868 {
869 int retval;
870 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
871 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
872
873 /* read debug status register */
874 embeddedice_read_reg(dbg_stat);
875 if ((retval = jtag_execute_queue()) != ERROR_OK)
876 {
877 return retval;
878 }
879
880 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
881 {
882 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
883 if (target->state == TARGET_UNKNOWN)
884 {
885 /* Starting OpenOCD with target in debug-halt */
886 target->state = TARGET_RUNNING;
887 LOG_DEBUG("DBGACK already set during server startup.");
888 }
889 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
890 {
891 int check_pc = 0;
892 if (target->state == TARGET_RESET)
893 {
894 if (target->reset_halt)
895 {
896 enum reset_types jtag_reset_config = jtag_get_reset_config();
897 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
898 {
899 check_pc = 1;
900 }
901 }
902 }
903
904 target->state = TARGET_HALTED;
905
906 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
907 return retval;
908
909 if (check_pc)
910 {
911 struct reg *reg = register_get_by_name(target->reg_cache, "pc", 1);
912 uint32_t t=*((uint32_t *)reg->value);
913 if (t != 0)
914 {
915 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
916 }
917 }
918
919 if (arm_semihosting(target, &retval) != 0)
920 return retval;
921
922 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
923 {
924 return retval;
925 }
926 }
927 if (target->state == TARGET_DEBUG_RUNNING)
928 {
929 target->state = TARGET_HALTED;
930 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
931 return retval;
932
933 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
934 {
935 return retval;
936 }
937 }
938 if (target->state != TARGET_HALTED)
939 {
940 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
941 }
942 }
943 else
944 {
945 if (target->state != TARGET_DEBUG_RUNNING)
946 target->state = TARGET_RUNNING;
947 }
948
949 return ERROR_OK;
950 }
951
952 /**
953 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
954 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
955 * affected) completely stop the JTAG clock while the core is held in reset
956 * (SRST). It isn't possible to program the halt condition once reset is
957 * asserted, hence a hook that allows the target to set up its reset-halt
958 * condition is setup prior to asserting reset.
959 *
960 * @param target Pointer to an ARM7/9 target to assert reset on
961 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
962 */
963 int arm7_9_assert_reset(struct target *target)
964 {
965 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
966
967 LOG_DEBUG("target->state: %s",
968 target_state_name(target));
969
970 enum reset_types jtag_reset_config = jtag_get_reset_config();
971 if (!(jtag_reset_config & RESET_HAS_SRST))
972 {
973 LOG_ERROR("Can't assert SRST");
974 return ERROR_FAIL;
975 }
976
977 /* At this point trst has been asserted/deasserted once. We would
978 * like to program EmbeddedICE while SRST is asserted, instead of
979 * depending on SRST to leave that module alone. However, many CPUs
980 * gate the JTAG clock while SRST is asserted; or JTAG may need
981 * clock stability guarantees (adaptive clocking might help).
982 *
983 * So we assume JTAG access during SRST is off the menu unless it's
984 * been specifically enabled.
985 */
986 bool srst_asserted = false;
987
988 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
989 && (jtag_reset_config & RESET_SRST_NO_GATING))
990 {
991 jtag_add_reset(0, 1);
992 srst_asserted = true;
993 }
994
995 if (target->reset_halt)
996 {
997 /*
998 * Some targets do not support communication while SRST is asserted. We need to
999 * set up the reset vector catch here.
1000 *
1001 * If TRST is asserted, then these settings will be reset anyway, so setting them
1002 * here is harmless.
1003 */
1004 if (arm7_9->has_vector_catch)
1005 {
1006 /* program vector catch register to catch reset vector */
1007 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1008
1009 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1010 jtag_add_runtest(1, jtag_get_end_state());
1011 }
1012 else
1013 {
1014 /* program watchpoint unit to match on reset vector address */
1015 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1016 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1017 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1018 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1019 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1020 }
1021 }
1022
1023 /* here we should issue an SRST only, but we may have to assert TRST as well */
1024 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1025 {
1026 jtag_add_reset(1, 1);
1027 } else if (!srst_asserted)
1028 {
1029 jtag_add_reset(0, 1);
1030 }
1031
1032 target->state = TARGET_RESET;
1033 jtag_add_sleep(50000);
1034
1035 register_cache_invalidate(arm7_9->armv4_5_common.core_cache);
1036
1037 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1038 {
1039 /* debug entry was already prepared in arm7_9_assert_reset() */
1040 target->debug_reason = DBG_REASON_DBGRQ;
1041 }
1042
1043 return ERROR_OK;
1044 }
1045
1046 /**
1047 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1048 * and the target is being reset into a halt, a warning will be triggered
1049 * because it is not possible to reset into a halted mode in this case. The
1050 * target is halted using the target's functions.
1051 *
1052 * @param target Pointer to the target to have the reset deasserted
1053 * @return ERROR_OK or an error from polling or halting the target
1054 */
1055 int arm7_9_deassert_reset(struct target *target)
1056 {
1057 int retval = ERROR_OK;
1058 LOG_DEBUG("target->state: %s",
1059 target_state_name(target));
1060
1061 /* deassert reset lines */
1062 jtag_add_reset(0, 0);
1063
1064 enum reset_types jtag_reset_config = jtag_get_reset_config();
1065 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1066 {
1067 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1068 /* set up embedded ice registers again */
1069 if ((retval = target_examine_one(target)) != ERROR_OK)
1070 return retval;
1071
1072 if ((retval = target_poll(target)) != ERROR_OK)
1073 {
1074 return retval;
1075 }
1076
1077 if ((retval = target_halt(target)) != ERROR_OK)
1078 {
1079 return retval;
1080 }
1081
1082 }
1083 return retval;
1084 }
1085
1086 /**
1087 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1088 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1089 * vector catch was used, it is restored. Otherwise, the control value is
1090 * restored and the watchpoint unit is restored if it was in use.
1091 *
1092 * @param target Pointer to the ARM7/9 target to have halt cleared
1093 * @return Always ERROR_OK
1094 */
1095 int arm7_9_clear_halt(struct target *target)
1096 {
1097 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1098 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1099
1100 /* we used DBGRQ only if we didn't come out of reset */
1101 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1102 {
1103 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1104 */
1105 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1106 embeddedice_store_reg(dbg_ctrl);
1107 }
1108 else
1109 {
1110 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1111 {
1112 /* if we came out of reset, and vector catch is supported, we used
1113 * vector catch to enter debug state
1114 * restore the register in that case
1115 */
1116 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1117 }
1118 else
1119 {
1120 /* restore registers if watchpoint unit 0 was in use
1121 */
1122 if (arm7_9->wp0_used)
1123 {
1124 if (arm7_9->debug_entry_from_reset)
1125 {
1126 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1127 }
1128 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1129 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1130 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1131 }
1132 /* control value always has to be restored, as it was either disabled,
1133 * or enabled with possibly different bits
1134 */
1135 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1136 }
1137 }
1138
1139 return ERROR_OK;
1140 }
1141
1142 /**
1143 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1144 * and then there is a wait until the processor shows the halt. This wait can
1145 * timeout and results in an error being returned. The software reset involves
1146 * clearing the halt, updating the debug control register, changing to ARM mode,
1147 * reset of the program counter, and reset of all of the registers.
1148 *
1149 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1150 * @return Error status if any of the commands fail, otherwise ERROR_OK
1151 */
1152 int arm7_9_soft_reset_halt(struct target *target)
1153 {
1154 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1155 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1156 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1157 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1158 int i;
1159 int retval;
1160
1161 /* FIX!!! replace some of this code with tcl commands
1162 *
1163 * halt # the halt command is synchronous
1164 * armv4_5 core_state arm
1165 *
1166 */
1167
1168 if ((retval = target_halt(target)) != ERROR_OK)
1169 return retval;
1170
1171 long long then = timeval_ms();
1172 int timeout;
1173 while (!(timeout = ((timeval_ms()-then) > 1000)))
1174 {
1175 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1176 break;
1177 embeddedice_read_reg(dbg_stat);
1178 if ((retval = jtag_execute_queue()) != ERROR_OK)
1179 return retval;
1180 if (debug_level >= 3)
1181 {
1182 alive_sleep(100);
1183 } else
1184 {
1185 keep_alive();
1186 }
1187 }
1188 if (timeout)
1189 {
1190 LOG_ERROR("Failed to halt CPU after 1 sec");
1191 return ERROR_TARGET_TIMEOUT;
1192 }
1193 target->state = TARGET_HALTED;
1194
1195 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1196 * ensure that DBGRQ is cleared
1197 */
1198 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1199 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1200 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1201 embeddedice_store_reg(dbg_ctrl);
1202
1203 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1204 {
1205 return retval;
1206 }
1207
1208 /* if the target is in Thumb state, change to ARM state */
1209 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1210 {
1211 uint32_t r0_thumb, pc_thumb;
1212 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1213 /* Entered debug from Thumb mode */
1214 armv4_5->core_state = ARM_STATE_THUMB;
1215 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1216 }
1217
1218 /* REVISIT likewise for bit 5 -- switch Jazelle-to-ARM */
1219
1220 /* all register content is now invalid */
1221 register_cache_invalidate(armv4_5->core_cache);
1222
1223 /* SVC, ARM state, IRQ and FIQ disabled */
1224 uint32_t cpsr;
1225
1226 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
1227 cpsr &= ~0xff;
1228 cpsr |= 0xd3;
1229 arm_set_cpsr(armv4_5, cpsr);
1230 armv4_5->cpsr->dirty = 1;
1231
1232 /* start fetching from 0x0 */
1233 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1234 armv4_5->core_cache->reg_list[15].dirty = 1;
1235 armv4_5->core_cache->reg_list[15].valid = 1;
1236
1237 /* reset registers */
1238 for (i = 0; i <= 14; i++)
1239 {
1240 struct reg *r = arm_reg_current(armv4_5, i);
1241
1242 buf_set_u32(r->value, 0, 32, 0xffffffff);
1243 r->dirty = 1;
1244 r->valid = 1;
1245 }
1246
1247 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1248 {
1249 return retval;
1250 }
1251
1252 return ERROR_OK;
1253 }
1254
1255 /**
1256 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1257 * line or by programming a watchpoint to trigger on any address. It is
1258 * considered a bug to call this function while the target is in the
1259 * TARGET_RESET state.
1260 *
1261 * @param target Pointer to the ARM7/9 target to be halted
1262 * @return Always ERROR_OK
1263 */
1264 int arm7_9_halt(struct target *target)
1265 {
1266 if (target->state == TARGET_RESET)
1267 {
1268 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1269 return ERROR_OK;
1270 }
1271
1272 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1273 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1274
1275 LOG_DEBUG("target->state: %s",
1276 target_state_name(target));
1277
1278 if (target->state == TARGET_HALTED)
1279 {
1280 LOG_DEBUG("target was already halted");
1281 return ERROR_OK;
1282 }
1283
1284 if (target->state == TARGET_UNKNOWN)
1285 {
1286 LOG_WARNING("target was in unknown state when halt was requested");
1287 }
1288
1289 if (arm7_9->use_dbgrq)
1290 {
1291 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1292 */
1293 if (arm7_9->set_special_dbgrq) {
1294 arm7_9->set_special_dbgrq(target);
1295 } else {
1296 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1297 embeddedice_store_reg(dbg_ctrl);
1298 }
1299 }
1300 else
1301 {
1302 /* program watchpoint unit to match on any address
1303 */
1304 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1305 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1306 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1307 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1308 }
1309
1310 target->debug_reason = DBG_REASON_DBGRQ;
1311
1312 return ERROR_OK;
1313 }
1314
1315 /**
1316 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1317 * ARM. The JTAG queue is then executed and the reason for debug entry is
1318 * examined. Once done, the target is verified to be halted and the processor
1319 * is forced into ARM mode. The core registers are saved for the current core
1320 * mode and the program counter (register 15) is updated as needed. The core
1321 * registers and CPSR and SPSR are saved for restoration later.
1322 *
1323 * @param target Pointer to target that is entering debug mode
1324 * @return Error code if anything fails, otherwise ERROR_OK
1325 */
1326 static int arm7_9_debug_entry(struct target *target)
1327 {
1328 int i;
1329 uint32_t context[16];
1330 uint32_t* context_p[16];
1331 uint32_t r0_thumb, pc_thumb;
1332 uint32_t cpsr, cpsr_mask = 0;
1333 int retval;
1334 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1335 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1336 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1337 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1338
1339 #ifdef _DEBUG_ARM7_9_
1340 LOG_DEBUG("-");
1341 #endif
1342
1343 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1344 * ensure that DBGRQ is cleared
1345 */
1346 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1347 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1348 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1349 embeddedice_store_reg(dbg_ctrl);
1350
1351 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1352 {
1353 return retval;
1354 }
1355
1356 if ((retval = jtag_execute_queue()) != ERROR_OK)
1357 {
1358 return retval;
1359 }
1360
1361 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1362 return retval;
1363
1364
1365 if (target->state != TARGET_HALTED)
1366 {
1367 LOG_WARNING("target not halted");
1368 return ERROR_TARGET_NOT_HALTED;
1369 }
1370
1371 /* if the target is in Thumb state, change to ARM state */
1372 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1373 {
1374 LOG_DEBUG("target entered debug from Thumb state");
1375 /* Entered debug from Thumb mode */
1376 armv4_5->core_state = ARM_STATE_THUMB;
1377 cpsr_mask = 1 << 5;
1378 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1379 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32
1380 ", pc_thumb: 0x%8.8" PRIx32, r0_thumb, pc_thumb);
1381 } else if (buf_get_u32(dbg_stat->value, 5, 1)) {
1382 /* \todo Get some vaguely correct handling of Jazelle, if
1383 * anyone ever uses it and full info becomes available.
1384 * See ARM9EJS TRM B.7.1 for how to switch J->ARM; and
1385 * B.7.3 for the reverse. That'd be the bare minimum...
1386 */
1387 LOG_DEBUG("target entered debug from Jazelle state");
1388 armv4_5->core_state = ARM_STATE_JAZELLE;
1389 cpsr_mask = 1 << 24;
1390 LOG_ERROR("Jazelle debug entry -- BROKEN!");
1391 } else {
1392 LOG_DEBUG("target entered debug from ARM state");
1393 /* Entered debug from ARM mode */
1394 armv4_5->core_state = ARM_STATE_ARM;
1395 }
1396
1397 for (i = 0; i < 16; i++)
1398 context_p[i] = &context[i];
1399 /* save core registers (r0 - r15 of current core mode) */
1400 arm7_9->read_core_regs(target, 0xffff, context_p);
1401
1402 arm7_9->read_xpsr(target, &cpsr, 0);
1403
1404 if ((retval = jtag_execute_queue()) != ERROR_OK)
1405 return retval;
1406
1407 /* Sync our CPSR copy with J or T bits EICE reported, but
1408 * which we then erased by putting the core into ARM mode.
1409 */
1410 arm_set_cpsr(armv4_5, cpsr | cpsr_mask);
1411
1412 if (!is_arm_mode(armv4_5->core_mode))
1413 {
1414 target->state = TARGET_UNKNOWN;
1415 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1416 return ERROR_TARGET_FAILURE;
1417 }
1418
1419 LOG_DEBUG("target entered debug state in %s mode",
1420 arm_mode_name(armv4_5->core_mode));
1421
1422 if (armv4_5->core_state == ARM_STATE_THUMB)
1423 {
1424 LOG_DEBUG("thumb state, applying fixups");
1425 context[0] = r0_thumb;
1426 context[15] = pc_thumb;
1427 } else if (armv4_5->core_state == ARM_STATE_ARM)
1428 {
1429 /* adjust value stored by STM */
1430 context[15] -= 3 * 4;
1431 }
1432
1433 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1434 context[15] -= 3 * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
1435 else
1436 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARM_STATE_ARM) ? 4 : 2);
1437
1438 for (i = 0; i <= 15; i++)
1439 {
1440 struct reg *r = arm_reg_current(armv4_5, i);
1441
1442 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1443
1444 buf_set_u32(r->value, 0, 32, context[i]);
1445 /* r0 and r15 (pc) have to be restored later */
1446 r->dirty = (i == 0) || (i == 15);
1447 r->valid = 1;
1448 }
1449
1450 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1451
1452 /* exceptions other than USR & SYS have a saved program status register */
1453 if (armv4_5->spsr) {
1454 uint32_t spsr;
1455 arm7_9->read_xpsr(target, &spsr, 1);
1456 if ((retval = jtag_execute_queue()) != ERROR_OK)
1457 {
1458 return retval;
1459 }
1460 buf_set_u32(armv4_5->spsr->value, 0, 32, spsr);
1461 armv4_5->spsr->dirty = 0;
1462 armv4_5->spsr->valid = 1;
1463 }
1464
1465 if ((retval = jtag_execute_queue()) != ERROR_OK)
1466 return retval;
1467
1468 if (arm7_9->post_debug_entry)
1469 arm7_9->post_debug_entry(target);
1470
1471 return ERROR_OK;
1472 }
1473
1474 /**
1475 * Validate the full context for an ARM7/9 target in all processor modes. If
1476 * there are any invalid registers for the target, they will all be read. This
1477 * includes the PSR.
1478 *
1479 * @param target Pointer to the ARM7/9 target to capture the full context from
1480 * @return Error if the target is not halted, has an invalid core mode, or if
1481 * the JTAG queue fails to execute
1482 */
1483 int arm7_9_full_context(struct target *target)
1484 {
1485 int i;
1486 int retval;
1487 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1488 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1489
1490 LOG_DEBUG("-");
1491
1492 if (target->state != TARGET_HALTED)
1493 {
1494 LOG_WARNING("target not halted");
1495 return ERROR_TARGET_NOT_HALTED;
1496 }
1497
1498 if (!is_arm_mode(armv4_5->core_mode))
1499 return ERROR_FAIL;
1500
1501 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1502 * SYS shares registers with User, so we don't touch SYS
1503 */
1504 for (i = 0; i < 6; i++)
1505 {
1506 uint32_t mask = 0;
1507 uint32_t* reg_p[16];
1508 int j;
1509 int valid = 1;
1510
1511 /* check if there are invalid registers in the current mode
1512 */
1513 for (j = 0; j <= 16; j++)
1514 {
1515 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1516 valid = 0;
1517 }
1518
1519 if (!valid)
1520 {
1521 uint32_t tmp_cpsr;
1522
1523 /* change processor mode (and mask T bit) */
1524 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8)
1525 & 0xe0;
1526 tmp_cpsr |= armv4_5_number_to_mode(i);
1527 tmp_cpsr &= ~0x20;
1528 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1529
1530 for (j = 0; j < 15; j++)
1531 {
1532 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1533 {
1534 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1535 mask |= 1 << j;
1536 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1537 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1538 }
1539 }
1540
1541 /* if only the PSR is invalid, mask is all zeroes */
1542 if (mask)
1543 arm7_9->read_core_regs(target, mask, reg_p);
1544
1545 /* check if the PSR has to be read */
1546 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1547 {
1548 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1549 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1550 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1551 }
1552 }
1553 }
1554
1555 /* restore processor mode (mask T bit) */
1556 arm7_9->write_xpsr_im8(target,
1557 buf_get_u32(armv4_5->cpsr->value, 0, 8) & ~0x20,
1558 0, 0);
1559
1560 if ((retval = jtag_execute_queue()) != ERROR_OK)
1561 {
1562 return retval;
1563 }
1564 return ERROR_OK;
1565 }
1566
1567 /**
1568 * Restore the processor context on an ARM7/9 target. The full processor
1569 * context is analyzed to see if any of the registers are dirty on this end, but
1570 * have a valid new value. If this is the case, the processor is changed to the
1571 * appropriate mode and the new register values are written out to the
1572 * processor. If there happens to be a dirty register with an invalid value, an
1573 * error will be logged.
1574 *
1575 * @param target Pointer to the ARM7/9 target to have its context restored
1576 * @return Error status if the target is not halted or the core mode in the
1577 * armv4_5 struct is invalid.
1578 */
1579 int arm7_9_restore_context(struct target *target)
1580 {
1581 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1582 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1583 struct reg *reg;
1584 struct arm_reg *reg_arch_info;
1585 enum arm_mode current_mode = armv4_5->core_mode;
1586 int i, j;
1587 int dirty;
1588 int mode_change;
1589
1590 LOG_DEBUG("-");
1591
1592 if (target->state != TARGET_HALTED)
1593 {
1594 LOG_WARNING("target not halted");
1595 return ERROR_TARGET_NOT_HALTED;
1596 }
1597
1598 if (arm7_9->pre_restore_context)
1599 arm7_9->pre_restore_context(target);
1600
1601 if (!is_arm_mode(armv4_5->core_mode))
1602 return ERROR_FAIL;
1603
1604 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1605 * SYS shares registers with User, so we don't touch SYS
1606 */
1607 for (i = 0; i < 6; i++)
1608 {
1609 LOG_DEBUG("examining %s mode",
1610 arm_mode_name(armv4_5->core_mode));
1611 dirty = 0;
1612 mode_change = 0;
1613 /* check if there are dirty registers in the current mode
1614 */
1615 for (j = 0; j <= 16; j++)
1616 {
1617 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1618 reg_arch_info = reg->arch_info;
1619 if (reg->dirty == 1)
1620 {
1621 if (reg->valid == 1)
1622 {
1623 dirty = 1;
1624 LOG_DEBUG("examining dirty reg: %s", reg->name);
1625 if ((reg_arch_info->mode != ARM_MODE_ANY)
1626 && (reg_arch_info->mode != current_mode)
1627 && !((reg_arch_info->mode == ARM_MODE_USR) && (armv4_5->core_mode == ARM_MODE_SYS))
1628 && !((reg_arch_info->mode == ARM_MODE_SYS) && (armv4_5->core_mode == ARM_MODE_USR)))
1629 {
1630 mode_change = 1;
1631 LOG_DEBUG("require mode change");
1632 }
1633 }
1634 else
1635 {
1636 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1637 }
1638 }
1639 }
1640
1641 if (dirty)
1642 {
1643 uint32_t mask = 0x0;
1644 int num_regs = 0;
1645 uint32_t regs[16];
1646
1647 if (mode_change)
1648 {
1649 uint32_t tmp_cpsr;
1650
1651 /* change processor mode (mask T bit) */
1652 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value,
1653 0, 8) & 0xe0;
1654 tmp_cpsr |= armv4_5_number_to_mode(i);
1655 tmp_cpsr &= ~0x20;
1656 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1657 current_mode = armv4_5_number_to_mode(i);
1658 }
1659
1660 for (j = 0; j <= 14; j++)
1661 {
1662 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1663 reg_arch_info = reg->arch_info;
1664
1665
1666 if (reg->dirty == 1)
1667 {
1668 regs[j] = buf_get_u32(reg->value, 0, 32);
1669 mask |= 1 << j;
1670 num_regs++;
1671 reg->dirty = 0;
1672 reg->valid = 1;
1673 LOG_DEBUG("writing register %i mode %s "
1674 "with value 0x%8.8" PRIx32, j,
1675 arm_mode_name(armv4_5->core_mode),
1676 regs[j]);
1677 }
1678 }
1679
1680 if (mask)
1681 {
1682 arm7_9->write_core_regs(target, mask, regs);
1683 }
1684
1685 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1686 reg_arch_info = reg->arch_info;
1687 if ((reg->dirty) && (reg_arch_info->mode != ARM_MODE_ANY))
1688 {
1689 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1690 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1691 }
1692 }
1693 }
1694
1695 if (!armv4_5->cpsr->dirty && (armv4_5->core_mode != current_mode))
1696 {
1697 /* restore processor mode (mask T bit) */
1698 uint32_t tmp_cpsr;
1699
1700 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
1701 tmp_cpsr |= armv4_5_number_to_mode(i);
1702 tmp_cpsr &= ~0x20;
1703 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1704 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1705 }
1706 else if (armv4_5->cpsr->dirty)
1707 {
1708 /* CPSR has been changed, full restore necessary (mask T bit) */
1709 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32,
1710 buf_get_u32(armv4_5->cpsr->value, 0, 32));
1711 arm7_9->write_xpsr(target,
1712 buf_get_u32(armv4_5->cpsr->value, 0, 32)
1713 & ~0x20, 0);
1714 armv4_5->cpsr->dirty = 0;
1715 armv4_5->cpsr->valid = 1;
1716 }
1717
1718 /* restore PC */
1719 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1720 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1721 armv4_5->core_cache->reg_list[15].dirty = 0;
1722
1723 if (arm7_9->post_restore_context)
1724 arm7_9->post_restore_context(target);
1725
1726 return ERROR_OK;
1727 }
1728
1729 /**
1730 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1731 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1732 * restart.
1733 *
1734 * @param target Pointer to the ARM7/9 target to be restarted
1735 * @return Result of executing the JTAG queue
1736 */
1737 int arm7_9_restart_core(struct target *target)
1738 {
1739 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1740 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1741
1742 /* set RESTART instruction */
1743 jtag_set_end_state(TAP_IDLE);
1744 if (arm7_9->need_bypass_before_restart) {
1745 arm7_9->need_bypass_before_restart = 0;
1746 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1747 }
1748 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1749
1750 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1751 return jtag_execute_queue();
1752 }
1753
1754 /**
1755 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1756 * iterated through and are set on the target if they aren't already set.
1757 *
1758 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1759 */
1760 void arm7_9_enable_watchpoints(struct target *target)
1761 {
1762 struct watchpoint *watchpoint = target->watchpoints;
1763
1764 while (watchpoint)
1765 {
1766 if (watchpoint->set == 0)
1767 arm7_9_set_watchpoint(target, watchpoint);
1768 watchpoint = watchpoint->next;
1769 }
1770 }
1771
1772 /**
1773 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1774 * iterated through and are set on the target.
1775 *
1776 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1777 */
1778 void arm7_9_enable_breakpoints(struct target *target)
1779 {
1780 struct breakpoint *breakpoint = target->breakpoints;
1781
1782 /* set any pending breakpoints */
1783 while (breakpoint)
1784 {
1785 arm7_9_set_breakpoint(target, breakpoint);
1786 breakpoint = breakpoint->next;
1787 }
1788 }
1789
1790 int arm7_9_resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1791 {
1792 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1793 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1794 struct breakpoint *breakpoint = target->breakpoints;
1795 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1796 int err, retval = ERROR_OK;
1797
1798 LOG_DEBUG("-");
1799
1800 if (target->state != TARGET_HALTED)
1801 {
1802 LOG_WARNING("target not halted");
1803 return ERROR_TARGET_NOT_HALTED;
1804 }
1805
1806 if (!debug_execution)
1807 {
1808 target_free_all_working_areas(target);
1809 }
1810
1811 /* current = 1: continue on current pc, otherwise continue at <address> */
1812 if (!current)
1813 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1814
1815 uint32_t current_pc;
1816 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1817
1818 /* the front-end may request us not to handle breakpoints */
1819 if (handle_breakpoints)
1820 {
1821 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1822 {
1823 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1824 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1825 {
1826 return retval;
1827 }
1828
1829 /* calculate PC of next instruction */
1830 uint32_t next_pc;
1831 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1832 {
1833 uint32_t current_opcode;
1834 target_read_u32(target, current_pc, &current_opcode);
1835 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1836 return retval;
1837 }
1838
1839 LOG_DEBUG("enable single-step");
1840 arm7_9->enable_single_step(target, next_pc);
1841
1842 target->debug_reason = DBG_REASON_SINGLESTEP;
1843
1844 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1845 {
1846 return retval;
1847 }
1848
1849 if (armv4_5->core_state == ARM_STATE_ARM)
1850 arm7_9->branch_resume(target);
1851 else if (armv4_5->core_state == ARM_STATE_THUMB)
1852 {
1853 arm7_9->branch_resume_thumb(target);
1854 }
1855 else
1856 {
1857 LOG_ERROR("unhandled core state");
1858 return ERROR_FAIL;
1859 }
1860
1861 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1862 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1863 err = arm7_9_execute_sys_speed(target);
1864
1865 LOG_DEBUG("disable single-step");
1866 arm7_9->disable_single_step(target);
1867
1868 if (err != ERROR_OK)
1869 {
1870 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1871 {
1872 return retval;
1873 }
1874 target->state = TARGET_UNKNOWN;
1875 return err;
1876 }
1877
1878 arm7_9_debug_entry(target);
1879 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1880
1881 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1882 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1883 {
1884 return retval;
1885 }
1886 }
1887 }
1888
1889 /* enable any pending breakpoints and watchpoints */
1890 arm7_9_enable_breakpoints(target);
1891 arm7_9_enable_watchpoints(target);
1892
1893 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1894 {
1895 return retval;
1896 }
1897
1898 if (armv4_5->core_state == ARM_STATE_ARM)
1899 {
1900 arm7_9->branch_resume(target);
1901 }
1902 else if (armv4_5->core_state == ARM_STATE_THUMB)
1903 {
1904 arm7_9->branch_resume_thumb(target);
1905 }
1906 else
1907 {
1908 LOG_ERROR("unhandled core state");
1909 return ERROR_FAIL;
1910 }
1911
1912 /* deassert DBGACK and INTDIS */
1913 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1914 /* INTDIS only when we really resume, not during debug execution */
1915 if (!debug_execution)
1916 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1917 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1918
1919 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1920 {
1921 return retval;
1922 }
1923
1924 target->debug_reason = DBG_REASON_NOTHALTED;
1925
1926 if (!debug_execution)
1927 {
1928 /* registers are now invalid */
1929 register_cache_invalidate(armv4_5->core_cache);
1930 target->state = TARGET_RUNNING;
1931 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1932 {
1933 return retval;
1934 }
1935 }
1936 else
1937 {
1938 target->state = TARGET_DEBUG_RUNNING;
1939 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1940 {
1941 return retval;
1942 }
1943 }
1944
1945 LOG_DEBUG("target resumed");
1946
1947 return ERROR_OK;
1948 }
1949
1950 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1951 {
1952 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1953 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1954 uint32_t current_pc;
1955 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1956
1957 if (next_pc != current_pc)
1958 {
1959 /* setup an inverse breakpoint on the current PC
1960 * - comparator 1 matches the current address
1961 * - rangeout from comparator 1 is connected to comparator 0 rangein
1962 * - comparator 0 matches any address, as long as rangein is low */
1963 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1964 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1965 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1966 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1967 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1968 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1969 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1970 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1972 }
1973 else
1974 {
1975 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1976 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1977 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1978 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1979 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1980 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1981 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1982 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1983 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1984 }
1985 }
1986
1987 void arm7_9_disable_eice_step(struct target *target)
1988 {
1989 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1990
1991 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1992 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1993 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1994 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1995 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1996 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1997 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1998 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1999 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2000 }
2001
2002 int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
2003 {
2004 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2005 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2006 struct breakpoint *breakpoint = NULL;
2007 int err, retval;
2008
2009 if (target->state != TARGET_HALTED)
2010 {
2011 LOG_WARNING("target not halted");
2012 return ERROR_TARGET_NOT_HALTED;
2013 }
2014
2015 /* current = 1: continue on current pc, otherwise continue at <address> */
2016 if (!current)
2017 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2018
2019 uint32_t current_pc;
2020 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2021
2022 /* the front-end may request us not to handle breakpoints */
2023 if (handle_breakpoints)
2024 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2025 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2026 {
2027 return retval;
2028 }
2029
2030 target->debug_reason = DBG_REASON_SINGLESTEP;
2031
2032 /* calculate PC of next instruction */
2033 uint32_t next_pc;
2034 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2035 {
2036 uint32_t current_opcode;
2037 target_read_u32(target, current_pc, &current_opcode);
2038 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2039 return retval;
2040 }
2041
2042 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2043 {
2044 return retval;
2045 }
2046
2047 arm7_9->enable_single_step(target, next_pc);
2048
2049 if (armv4_5->core_state == ARM_STATE_ARM)
2050 {
2051 arm7_9->branch_resume(target);
2052 }
2053 else if (armv4_5->core_state == ARM_STATE_THUMB)
2054 {
2055 arm7_9->branch_resume_thumb(target);
2056 }
2057 else
2058 {
2059 LOG_ERROR("unhandled core state");
2060 return ERROR_FAIL;
2061 }
2062
2063 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2064 {
2065 return retval;
2066 }
2067
2068 err = arm7_9_execute_sys_speed(target);
2069 arm7_9->disable_single_step(target);
2070
2071 /* registers are now invalid */
2072 register_cache_invalidate(armv4_5->core_cache);
2073
2074 if (err != ERROR_OK)
2075 {
2076 target->state = TARGET_UNKNOWN;
2077 } else {
2078 arm7_9_debug_entry(target);
2079 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2080 {
2081 return retval;
2082 }
2083 LOG_DEBUG("target stepped");
2084 }
2085
2086 if (breakpoint)
2087 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2088 {
2089 return retval;
2090 }
2091
2092 return err;
2093 }
2094
2095 static int arm7_9_read_core_reg(struct target *target, struct reg *r,
2096 int num, enum arm_mode mode)
2097 {
2098 uint32_t* reg_p[16];
2099 uint32_t value;
2100 int retval;
2101 struct arm_reg *areg = r->arch_info;
2102 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2103 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2104
2105 if (!is_arm_mode(armv4_5->core_mode))
2106 return ERROR_FAIL;
2107 if ((num < 0) || (num > 16))
2108 return ERROR_INVALID_ARGUMENTS;
2109
2110 if ((mode != ARM_MODE_ANY)
2111 && (mode != armv4_5->core_mode)
2112 && (areg->mode != ARM_MODE_ANY))
2113 {
2114 uint32_t tmp_cpsr;
2115
2116 /* change processor mode (mask T bit) */
2117 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
2118 tmp_cpsr |= mode;
2119 tmp_cpsr &= ~0x20;
2120 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2121 }
2122
2123 if ((num >= 0) && (num <= 15))
2124 {
2125 /* read a normal core register */
2126 reg_p[num] = &value;
2127
2128 arm7_9->read_core_regs(target, 1 << num, reg_p);
2129 }
2130 else
2131 {
2132 /* read a program status register
2133 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2134 */
2135 arm7_9->read_xpsr(target, &value, areg->mode != ARM_MODE_ANY);
2136 }
2137
2138 if ((retval = jtag_execute_queue()) != ERROR_OK)
2139 {
2140 return retval;
2141 }
2142
2143 r->valid = 1;
2144 r->dirty = 0;
2145 buf_set_u32(r->value, 0, 32, value);
2146
2147 if ((mode != ARM_MODE_ANY)
2148 && (mode != armv4_5->core_mode)
2149 && (areg->mode != ARM_MODE_ANY)) {
2150 /* restore processor mode (mask T bit) */
2151 arm7_9->write_xpsr_im8(target,
2152 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2153 & ~0x20, 0, 0);
2154 }
2155
2156 return ERROR_OK;
2157 }
2158
2159 static int arm7_9_write_core_reg(struct target *target, struct reg *r,
2160 int num, enum arm_mode mode, uint32_t value)
2161 {
2162 uint32_t reg[16];
2163 struct arm_reg *areg = r->arch_info;
2164 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2165 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2166
2167 if (!is_arm_mode(armv4_5->core_mode))
2168 return ERROR_FAIL;
2169 if ((num < 0) || (num > 16))
2170 return ERROR_INVALID_ARGUMENTS;
2171
2172 if ((mode != ARM_MODE_ANY)
2173 && (mode != armv4_5->core_mode)
2174 && (areg->mode != ARM_MODE_ANY)) {
2175 uint32_t tmp_cpsr;
2176
2177 /* change processor mode (mask T bit) */
2178 tmp_cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 8) & 0xE0;
2179 tmp_cpsr |= mode;
2180 tmp_cpsr &= ~0x20;
2181 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2182 }
2183
2184 if ((num >= 0) && (num <= 15))
2185 {
2186 /* write a normal core register */
2187 reg[num] = value;
2188
2189 arm7_9->write_core_regs(target, 1 << num, reg);
2190 }
2191 else
2192 {
2193 /* write a program status register
2194 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2195 */
2196 int spsr = (areg->mode != ARM_MODE_ANY);
2197
2198 /* if we're writing the CPSR, mask the T bit */
2199 if (!spsr)
2200 value &= ~0x20;
2201
2202 arm7_9->write_xpsr(target, value, spsr);
2203 }
2204
2205 r->valid = 1;
2206 r->dirty = 0;
2207
2208 if ((mode != ARM_MODE_ANY)
2209 && (mode != armv4_5->core_mode)
2210 && (areg->mode != ARM_MODE_ANY)) {
2211 /* restore processor mode (mask T bit) */
2212 arm7_9->write_xpsr_im8(target,
2213 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2214 & ~0x20, 0, 0);
2215 }
2216
2217 return jtag_execute_queue();
2218 }
2219
2220 int arm7_9_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2221 {
2222 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2223 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2224 uint32_t reg[16];
2225 uint32_t num_accesses = 0;
2226 int thisrun_accesses;
2227 int i;
2228 uint32_t cpsr;
2229 int retval;
2230 int last_reg = 0;
2231
2232 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2233
2234 if (target->state != TARGET_HALTED)
2235 {
2236 LOG_WARNING("target not halted");
2237 return ERROR_TARGET_NOT_HALTED;
2238 }
2239
2240 /* sanitize arguments */
2241 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2242 return ERROR_INVALID_ARGUMENTS;
2243
2244 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2245 return ERROR_TARGET_UNALIGNED_ACCESS;
2246
2247 /* load the base register with the address of the first word */
2248 reg[0] = address;
2249 arm7_9->write_core_regs(target, 0x1, reg);
2250
2251 int j = 0;
2252
2253 switch (size)
2254 {
2255 case 4:
2256 while (num_accesses < count)
2257 {
2258 uint32_t reg_list;
2259 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2260 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2261
2262 if (last_reg <= thisrun_accesses)
2263 last_reg = thisrun_accesses;
2264
2265 arm7_9->load_word_regs(target, reg_list);
2266
2267 /* fast memory reads are only safe when the target is running
2268 * from a sufficiently high clock (32 kHz is usually too slow)
2269 */
2270 if (arm7_9->fast_memory_access)
2271 retval = arm7_9_execute_fast_sys_speed(target);
2272 else
2273 retval = arm7_9_execute_sys_speed(target);
2274 if (retval != ERROR_OK)
2275 return retval;
2276
2277 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2278
2279 /* advance buffer, count number of accesses */
2280 buffer += thisrun_accesses * 4;
2281 num_accesses += thisrun_accesses;
2282
2283 if ((j++%1024) == 0)
2284 {
2285 keep_alive();
2286 }
2287 }
2288 break;
2289 case 2:
2290 while (num_accesses < count)
2291 {
2292 uint32_t reg_list;
2293 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2294 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2295
2296 for (i = 1; i <= thisrun_accesses; i++)
2297 {
2298 if (i > last_reg)
2299 last_reg = i;
2300 arm7_9->load_hword_reg(target, i);
2301 /* fast memory reads are only safe when the target is running
2302 * from a sufficiently high clock (32 kHz is usually too slow)
2303 */
2304 if (arm7_9->fast_memory_access)
2305 retval = arm7_9_execute_fast_sys_speed(target);
2306 else
2307 retval = arm7_9_execute_sys_speed(target);
2308 if (retval != ERROR_OK)
2309 {
2310 return retval;
2311 }
2312
2313 }
2314
2315 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2316
2317 /* advance buffer, count number of accesses */
2318 buffer += thisrun_accesses * 2;
2319 num_accesses += thisrun_accesses;
2320
2321 if ((j++%1024) == 0)
2322 {
2323 keep_alive();
2324 }
2325 }
2326 break;
2327 case 1:
2328 while (num_accesses < count)
2329 {
2330 uint32_t reg_list;
2331 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2332 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2333
2334 for (i = 1; i <= thisrun_accesses; i++)
2335 {
2336 if (i > last_reg)
2337 last_reg = i;
2338 arm7_9->load_byte_reg(target, i);
2339 /* fast memory reads are only safe when the target is running
2340 * from a sufficiently high clock (32 kHz is usually too slow)
2341 */
2342 if (arm7_9->fast_memory_access)
2343 retval = arm7_9_execute_fast_sys_speed(target);
2344 else
2345 retval = arm7_9_execute_sys_speed(target);
2346 if (retval != ERROR_OK)
2347 {
2348 return retval;
2349 }
2350 }
2351
2352 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2353
2354 /* advance buffer, count number of accesses */
2355 buffer += thisrun_accesses * 1;
2356 num_accesses += thisrun_accesses;
2357
2358 if ((j++%1024) == 0)
2359 {
2360 keep_alive();
2361 }
2362 }
2363 break;
2364 default:
2365 LOG_ERROR("BUG: we shouldn't get here");
2366 exit(-1);
2367 break;
2368 }
2369
2370 if (!is_arm_mode(armv4_5->core_mode))
2371 return ERROR_FAIL;
2372
2373 for (i = 0; i <= last_reg; i++) {
2374 struct reg *r = arm_reg_current(armv4_5, i);
2375
2376 r->dirty = r->valid;
2377 }
2378
2379 arm7_9->read_xpsr(target, &cpsr, 0);
2380 if ((retval = jtag_execute_queue()) != ERROR_OK)
2381 {
2382 LOG_ERROR("JTAG error while reading cpsr");
2383 return ERROR_TARGET_DATA_ABORT;
2384 }
2385
2386 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
2387 {
2388 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2389
2390 arm7_9->write_xpsr_im8(target,
2391 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2392 & ~0x20, 0, 0);
2393
2394 return ERROR_TARGET_DATA_ABORT;
2395 }
2396
2397 return ERROR_OK;
2398 }
2399
2400 int arm7_9_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2401 {
2402 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2403 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2404 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2405
2406 uint32_t reg[16];
2407 uint32_t num_accesses = 0;
2408 int thisrun_accesses;
2409 int i;
2410 uint32_t cpsr;
2411 int retval;
2412 int last_reg = 0;
2413
2414 #ifdef _DEBUG_ARM7_9_
2415 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2416 #endif
2417
2418 if (target->state != TARGET_HALTED)
2419 {
2420 LOG_WARNING("target not halted");
2421 return ERROR_TARGET_NOT_HALTED;
2422 }
2423
2424 /* sanitize arguments */
2425 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2426 return ERROR_INVALID_ARGUMENTS;
2427
2428 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2429 return ERROR_TARGET_UNALIGNED_ACCESS;
2430
2431 /* load the base register with the address of the first word */
2432 reg[0] = address;
2433 arm7_9->write_core_regs(target, 0x1, reg);
2434
2435 /* Clear DBGACK, to make sure memory fetches work as expected */
2436 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2437 embeddedice_store_reg(dbg_ctrl);
2438
2439 switch (size)
2440 {
2441 case 4:
2442 while (num_accesses < count)
2443 {
2444 uint32_t reg_list;
2445 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2446 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2447
2448 for (i = 1; i <= thisrun_accesses; i++)
2449 {
2450 if (i > last_reg)
2451 last_reg = i;
2452 reg[i] = target_buffer_get_u32(target, buffer);
2453 buffer += 4;
2454 }
2455
2456 arm7_9->write_core_regs(target, reg_list, reg);
2457
2458 arm7_9->store_word_regs(target, reg_list);
2459
2460 /* fast memory writes are only safe when the target is running
2461 * from a sufficiently high clock (32 kHz is usually too slow)
2462 */
2463 if (arm7_9->fast_memory_access)
2464 retval = arm7_9_execute_fast_sys_speed(target);
2465 else
2466 retval = arm7_9_execute_sys_speed(target);
2467 if (retval != ERROR_OK)
2468 {
2469 return retval;
2470 }
2471
2472 num_accesses += thisrun_accesses;
2473 }
2474 break;
2475 case 2:
2476 while (num_accesses < count)
2477 {
2478 uint32_t reg_list;
2479 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2480 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2481
2482 for (i = 1; i <= thisrun_accesses; i++)
2483 {
2484 if (i > last_reg)
2485 last_reg = i;
2486 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2487 buffer += 2;
2488 }
2489
2490 arm7_9->write_core_regs(target, reg_list, reg);
2491
2492 for (i = 1; i <= thisrun_accesses; i++)
2493 {
2494 arm7_9->store_hword_reg(target, i);
2495
2496 /* fast memory writes are only safe when the target is running
2497 * from a sufficiently high clock (32 kHz is usually too slow)
2498 */
2499 if (arm7_9->fast_memory_access)
2500 retval = arm7_9_execute_fast_sys_speed(target);
2501 else
2502 retval = arm7_9_execute_sys_speed(target);
2503 if (retval != ERROR_OK)
2504 {
2505 return retval;
2506 }
2507 }
2508
2509 num_accesses += thisrun_accesses;
2510 }
2511 break;
2512 case 1:
2513 while (num_accesses < count)
2514 {
2515 uint32_t reg_list;
2516 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2517 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2518
2519 for (i = 1; i <= thisrun_accesses; i++)
2520 {
2521 if (i > last_reg)
2522 last_reg = i;
2523 reg[i] = *buffer++ & 0xff;
2524 }
2525
2526 arm7_9->write_core_regs(target, reg_list, reg);
2527
2528 for (i = 1; i <= thisrun_accesses; i++)
2529 {
2530 arm7_9->store_byte_reg(target, i);
2531 /* fast memory writes are only safe when the target is running
2532 * from a sufficiently high clock (32 kHz is usually too slow)
2533 */
2534 if (arm7_9->fast_memory_access)
2535 retval = arm7_9_execute_fast_sys_speed(target);
2536 else
2537 retval = arm7_9_execute_sys_speed(target);
2538 if (retval != ERROR_OK)
2539 {
2540 return retval;
2541 }
2542
2543 }
2544
2545 num_accesses += thisrun_accesses;
2546 }
2547 break;
2548 default:
2549 LOG_ERROR("BUG: we shouldn't get here");
2550 exit(-1);
2551 break;
2552 }
2553
2554 /* Re-Set DBGACK */
2555 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2556 embeddedice_store_reg(dbg_ctrl);
2557
2558 if (!is_arm_mode(armv4_5->core_mode))
2559 return ERROR_FAIL;
2560
2561 for (i = 0; i <= last_reg; i++) {
2562 struct reg *r = arm_reg_current(armv4_5, i);
2563
2564 r->dirty = r->valid;
2565 }
2566
2567 arm7_9->read_xpsr(target, &cpsr, 0);
2568 if ((retval = jtag_execute_queue()) != ERROR_OK)
2569 {
2570 LOG_ERROR("JTAG error while reading cpsr");
2571 return ERROR_TARGET_DATA_ABORT;
2572 }
2573
2574 if (((cpsr & 0x1f) == ARM_MODE_ABT) && (armv4_5->core_mode != ARM_MODE_ABT))
2575 {
2576 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2577
2578 arm7_9->write_xpsr_im8(target,
2579 buf_get_u32(armv4_5->cpsr->value, 0, 8)
2580 & ~0x20, 0, 0);
2581
2582 return ERROR_TARGET_DATA_ABORT;
2583 }
2584
2585 return ERROR_OK;
2586 }
2587
2588 static int dcc_count;
2589 static uint8_t *dcc_buffer;
2590
2591 static int arm7_9_dcc_completion(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2592 {
2593 int retval = ERROR_OK;
2594 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2595
2596 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2597 return retval;
2598
2599 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2600 int count = dcc_count;
2601 uint8_t *buffer = dcc_buffer;
2602 if (count > 2)
2603 {
2604 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2605 * core function repeated. */
2606 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2607 buffer += 4;
2608
2609 struct embeddedice_reg *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2610 uint8_t reg_addr = ice_reg->addr & 0x1f;
2611 struct jtag_tap *tap;
2612 tap = ice_reg->jtag_info->tap;
2613
2614 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2615 buffer += (count-2)*4;
2616
2617 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2618 } else
2619 {
2620 int i;
2621 for (i = 0; i < count; i++)
2622 {
2623 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2624 buffer += 4;
2625 }
2626 }
2627
2628 if ((retval = target_halt(target))!= ERROR_OK)
2629 {
2630 return retval;
2631 }
2632 return target_wait_state(target, TARGET_HALTED, 500);
2633 }
2634
2635 static const uint32_t dcc_code[] =
2636 {
2637 /* r0 == input, points to memory buffer
2638 * r1 == scratch
2639 */
2640
2641 /* spin until DCC control (c0) reports data arrived */
2642 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2643 0xe3110001, /* tst r1, #1 */
2644 0x0afffffc, /* bne w */
2645
2646 /* read word from DCC (c1), write to memory */
2647 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2648 0xe4801004, /* str r1, [r0], #4 */
2649
2650 /* repeat */
2651 0xeafffff9 /* b w */
2652 };
2653
2654 extern int armv4_5_run_algorithm_inner(struct target *target,
2655 int num_mem_params, struct mem_param *mem_params,
2656 int num_reg_params, struct reg_param *reg_params,
2657 uint32_t entry_point, uint32_t exit_point,
2658 int timeout_ms, void *arch_info,
2659 int (*run_it)(struct target *target, uint32_t exit_point,
2660 int timeout_ms, void *arch_info));
2661
2662 int arm7_9_bulk_write_memory(struct target *target, uint32_t address, uint32_t count, uint8_t *buffer)
2663 {
2664 int retval;
2665 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2666 int i;
2667
2668 if (!arm7_9->dcc_downloads)
2669 return target_write_memory(target, address, 4, count, buffer);
2670
2671 /* regrab previously allocated working_area, or allocate a new one */
2672 if (!arm7_9->dcc_working_area)
2673 {
2674 uint8_t dcc_code_buf[6 * 4];
2675
2676 /* make sure we have a working area */
2677 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2678 {
2679 LOG_INFO("no working area available, falling back to memory writes");
2680 return target_write_memory(target, address, 4, count, buffer);
2681 }
2682
2683 /* copy target instructions to target endianness */
2684 for (i = 0; i < 6; i++)
2685 {
2686 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2687 }
2688
2689 /* write DCC code to working area */
2690 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2691 {
2692 return retval;
2693 }
2694 }
2695
2696 struct arm_algorithm armv4_5_info;
2697 struct reg_param reg_params[1];
2698
2699 armv4_5_info.common_magic = ARM_COMMON_MAGIC;
2700 armv4_5_info.core_mode = ARM_MODE_SVC;
2701 armv4_5_info.core_state = ARM_STATE_ARM;
2702
2703 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2704
2705 buf_set_u32(reg_params[0].value, 0, 32, address);
2706
2707 dcc_count = count;
2708 dcc_buffer = buffer;
2709 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2710 arm7_9->dcc_working_area->address,
2711 arm7_9->dcc_working_area->address + 6*4,
2712 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2713
2714 if (retval == ERROR_OK)
2715 {
2716 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2717 if (endaddress != (address + count*4))
2718 {
2719 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2720 retval = ERROR_FAIL;
2721 }
2722 }
2723
2724 destroy_reg_param(&reg_params[0]);
2725
2726 return retval;
2727 }
2728
2729 /**
2730 * Perform per-target setup that requires JTAG access.
2731 */
2732 int arm7_9_examine(struct target *target)
2733 {
2734 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2735 int retval;
2736
2737 if (!target_was_examined(target)) {
2738 struct reg_cache *t, **cache_p;
2739
2740 t = embeddedice_build_reg_cache(target, arm7_9);
2741 if (t == NULL)
2742 return ERROR_FAIL;
2743
2744 cache_p = register_get_last_cache_p(&target->reg_cache);
2745 (*cache_p) = t;
2746 arm7_9->eice_cache = (*cache_p);
2747
2748 if (arm7_9->armv4_5_common.etm)
2749 (*cache_p)->next = etm_build_reg_cache(target,
2750 &arm7_9->jtag_info,
2751 arm7_9->armv4_5_common.etm);
2752
2753 target_set_examined(target);
2754 }
2755
2756 retval = embeddedice_setup(target);
2757 if (retval == ERROR_OK)
2758 retval = arm7_9_setup(target);
2759 if (retval == ERROR_OK && arm7_9->armv4_5_common.etm)
2760 retval = etm_setup(target);
2761 return retval;
2762 }
2763
2764 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
2765 {
2766 struct target *target = get_current_target(CMD_CTX);
2767 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2768
2769 if (!is_arm7_9(arm7_9))
2770 {
2771 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2772 return ERROR_TARGET_INVALID;
2773 }
2774
2775 if (CMD_ARGC > 0)
2776 COMMAND_PARSE_ENABLE(CMD_ARGV[0],arm7_9->use_dbgrq);
2777
2778 command_print(CMD_CTX, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
2779
2780 return ERROR_OK;
2781 }
2782
2783 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
2784 {
2785 struct target *target = get_current_target(CMD_CTX);
2786 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2787
2788 if (!is_arm7_9(arm7_9))
2789 {
2790 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2791 return ERROR_TARGET_INVALID;
2792 }
2793
2794 if (CMD_ARGC > 0)
2795 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->fast_memory_access);
2796
2797 command_print(CMD_CTX, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
2798
2799 return ERROR_OK;
2800 }
2801
2802 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
2803 {
2804 struct target *target = get_current_target(CMD_CTX);
2805 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2806
2807 if (!is_arm7_9(arm7_9))
2808 {
2809 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2810 return ERROR_TARGET_INVALID;
2811 }
2812
2813 if (CMD_ARGC > 0)
2814 COMMAND_PARSE_ENABLE(CMD_ARGV[0], arm7_9->dcc_downloads);
2815
2816 command_print(CMD_CTX, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
2817
2818 return ERROR_OK;
2819 }
2820
2821 COMMAND_HANDLER(handle_arm7_9_semihosting_command)
2822 {
2823 struct target *target = get_current_target(CMD_CTX);
2824 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2825
2826 if (!is_arm7_9(arm7_9))
2827 {
2828 command_print(CMD_CTX, "current target isn't an ARM7/ARM9 target");
2829 return ERROR_TARGET_INVALID;
2830 }
2831
2832 if (CMD_ARGC > 0)
2833 {
2834 int semihosting;
2835
2836 COMMAND_PARSE_ENABLE(CMD_ARGV[0], semihosting);
2837
2838 if (arm7_9->has_vector_catch) {
2839 struct reg *vector_catch = &arm7_9->eice_cache
2840 ->reg_list[EICE_VEC_CATCH];
2841
2842 if (!vector_catch->valid)
2843 embeddedice_read_reg(vector_catch);
2844 buf_set_u32(vector_catch->value, 2, 1, semihosting);
2845 embeddedice_store_reg(vector_catch);
2846 } else {
2847 /* TODO: allow optional high vectors and/or BKPT_HARD */
2848 if (semihosting)
2849 breakpoint_add(target, 8, 4, BKPT_SOFT);
2850 else
2851 breakpoint_remove(target, 8);
2852 }
2853
2854 /* FIXME never let that "catch" be dropped! */
2855 arm7_9->armv4_5_common.is_semihosting = semihosting;
2856
2857 }
2858
2859 command_print(CMD_CTX, "semihosting is %s",
2860 arm7_9->armv4_5_common.is_semihosting
2861 ? "enabled" : "disabled");
2862
2863 return ERROR_OK;
2864 }
2865
2866 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
2867 {
2868 int retval = ERROR_OK;
2869 struct arm *armv4_5 = &arm7_9->armv4_5_common;
2870
2871 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
2872
2873 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
2874 return retval;
2875
2876 /* caller must have allocated via calloc(), so everything's zeroed */
2877
2878 arm7_9->wp_available_max = 2;
2879
2880 arm7_9->fast_memory_access = false;
2881 arm7_9->dcc_downloads = false;
2882
2883 armv4_5->arch_info = arm7_9;
2884 armv4_5->read_core_reg = arm7_9_read_core_reg;
2885 armv4_5->write_core_reg = arm7_9_write_core_reg;
2886 armv4_5->full_context = arm7_9_full_context;
2887
2888 retval = arm_init_arch_info(target, armv4_5);
2889 if (retval != ERROR_OK)
2890 return retval;
2891
2892 return target_register_timer_callback(arm7_9_handle_target_request,
2893 1, 1, target);
2894 }
2895
2896 static const struct command_registration arm7_9_any_command_handlers[] = {
2897 {
2898 "dbgrq",
2899 .handler = &handle_arm7_9_dbgrq_command,
2900 .mode = COMMAND_ANY,
2901 .usage = "<enable|disable>",
2902 .help = "use EmbeddedICE dbgrq instead of breakpoint "
2903 "for target halt requests",
2904 },
2905 {
2906 "fast_memory_access",
2907 .handler = &handle_arm7_9_fast_memory_access_command,
2908 .mode = COMMAND_ANY,
2909 .usage = "<enable|disable>",
2910 .help = "use fast memory accesses instead of slower "
2911 "but potentially safer accesses",
2912 },
2913 {
2914 "dcc_downloads",
2915 .handler = &handle_arm7_9_dcc_downloads_command,
2916 .mode = COMMAND_ANY,
2917 .usage = "<enable | disable>",
2918 .help = "use DCC downloads for larger memory writes",
2919 },
2920 {
2921 "semihosting",
2922 .handler = &handle_arm7_9_semihosting_command,
2923 .mode = COMMAND_EXEC,
2924 .usage = "<enable | disable>",
2925 .help = "activate support for semihosting operations",
2926 },
2927 COMMAND_REGISTRATION_DONE
2928 };
2929 const struct command_registration arm7_9_command_handlers[] = {
2930 {
2931 .chain = arm_command_handlers,
2932 },
2933 {
2934 .chain = etm_command_handlers,
2935 },
2936 {
2937 .name = "arm7_9",
2938 .mode = COMMAND_ANY,
2939 .help = "arm7/9 specific commands",
2940 .chain = arm7_9_any_command_handlers,
2941 },
2942 COMMAND_REGISTRATION_DONE
2943 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)