Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Transform 'u8' to 'uint8_t' in src/target
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
63 arm7_9->sw_breakpoints_added = 0;
64 arm7_9->wp0_used = 0;
65 arm7_9->wp1_used = arm7_9->wp1_used_default;
66 arm7_9->wp_available = arm7_9->wp_available_max;
67
68 return jtag_execute_queue();
69 }
70
71 /**
72 * Assign a watchpoint to one of the two available hardware comparators in an
73 * ARM7 or ARM9 target.
74 *
75 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
76 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
77 */
78 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
79 {
80 if (!arm7_9->wp0_used)
81 {
82 arm7_9->wp0_used = 1;
83 breakpoint->set = 1;
84 arm7_9->wp_available--;
85 }
86 else if (!arm7_9->wp1_used)
87 {
88 arm7_9->wp1_used = 1;
89 breakpoint->set = 2;
90 arm7_9->wp_available--;
91 }
92 else
93 {
94 LOG_ERROR("BUG: no hardware comparator available");
95 }
96 }
97
98 /**
99 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
100 *
101 * @param arm7_9 Pointer to common struct for ARM7/9 targets
102 * @return Error codes if there is a problem finding a watchpoint or the result
103 * of executing the JTAG queue
104 */
105 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
106 {
107 if (arm7_9->sw_breakpoints_added)
108 {
109 return ERROR_OK;
110 }
111 if (arm7_9->wp_available < 1)
112 {
113 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
114 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
115 }
116 arm7_9->wp_available--;
117
118 /* pick a breakpoint unit */
119 if (!arm7_9->wp0_used)
120 {
121 arm7_9->sw_breakpoints_added=1;
122 arm7_9->wp0_used = 3;
123 } else if (!arm7_9->wp1_used)
124 {
125 arm7_9->sw_breakpoints_added=2;
126 arm7_9->wp1_used = 3;
127 }
128 else
129 {
130 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
131 return ERROR_FAIL;
132 }
133
134 if (arm7_9->sw_breakpoints_added==1)
135 {
136 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
137 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
138 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
139 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
140 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
141 }
142 else if (arm7_9->sw_breakpoints_added==2)
143 {
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
146 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
147 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
148 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
149 }
150 else
151 {
152 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
153 return ERROR_FAIL;
154 }
155
156 return jtag_execute_queue();
157 }
158
159 /**
160 * Setup the common pieces for an ARM7/9 target after reset or on startup.
161 *
162 * @param target Pointer to an ARM7/9 target to setup
163 * @return Result of clearing the watchpoints on the target
164 */
165 int arm7_9_setup(target_t *target)
166 {
167 armv4_5_common_t *armv4_5 = target->arch_info;
168 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
169
170 return arm7_9_clear_watchpoints(arm7_9);
171 }
172
173 /**
174 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
175 * targets. A return of ERROR_OK signifies that the target is a valid target
176 * and that the pointers have been set properly.
177 *
178 * @param target Pointer to the target device to get the pointers from
179 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
180 * targets
181 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
182 * targets
183 * @return ERROR_OK if successful
184 */
185 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
186 {
187 armv4_5_common_t *armv4_5 = target->arch_info;
188 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
189
190 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
191 {
192 return -1;
193 }
194
195 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
196 {
197 return -1;
198 }
199
200 *armv4_5_p = armv4_5;
201 *arm7_9_p = arm7_9;
202
203 return ERROR_OK;
204 }
205
206 /**
207 * Set either a hardware or software breakpoint on an ARM7/9 target. The
208 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
209 * might have erased the values in Embedded ICE.
210 *
211 * @param target Pointer to the target device to set the breakpoints on
212 * @param breakpoint Pointer to the breakpoint to be set
213 * @return For hardware breakpoints, this is the result of executing the JTAG
214 * queue. For software breakpoints, this will be the status of the
215 * required memory reads and writes
216 */
217 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
218 {
219 armv4_5_common_t *armv4_5 = target->arch_info;
220 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
221 int retval=ERROR_OK;
222
223 if (target->state != TARGET_HALTED)
224 {
225 LOG_WARNING("target not halted");
226 return ERROR_TARGET_NOT_HALTED;
227 }
228
229 if (breakpoint->type == BKPT_HARD)
230 {
231 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
232 u32 mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
233
234 /* reassign a hw breakpoint */
235 if (breakpoint->set==0)
236 {
237 arm7_9_assign_wp(arm7_9, breakpoint);
238 }
239
240 if (breakpoint->set==1)
241 {
242 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
243 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
244 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
245 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
246 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
247 }
248 else if (breakpoint->set==2)
249 {
250 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
251 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
252 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
253 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
254 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
255 }
256 else
257 {
258 LOG_ERROR("BUG: no hardware comparator available");
259 return ERROR_OK;
260 }
261
262 retval=jtag_execute_queue();
263 }
264 else if (breakpoint->type == BKPT_SOFT)
265 {
266 if ((retval=arm7_9_set_software_breakpoints(arm7_9))!=ERROR_OK)
267 return retval;
268
269 /* did we already set this breakpoint? */
270 if (breakpoint->set)
271 return ERROR_OK;
272
273 if (breakpoint->length == 4)
274 {
275 u32 verify = 0xffffffff;
276 /* keep the original instruction in target endianness */
277 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
278 {
279 return retval;
280 }
281 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
282 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
283 {
284 return retval;
285 }
286
287 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
288 {
289 return retval;
290 }
291 if (verify != arm7_9->arm_bkpt)
292 {
293 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
294 return ERROR_OK;
295 }
296 }
297 else
298 {
299 u16 verify = 0xffff;
300 /* keep the original instruction in target endianness */
301 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
302 {
303 return retval;
304 }
305 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
306 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
307 {
308 return retval;
309 }
310
311 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
312 {
313 return retval;
314 }
315 if (verify != arm7_9->thumb_bkpt)
316 {
317 LOG_ERROR("Unable to set thumb software breakpoint at address %08x - check that memory is read/writable", breakpoint->address);
318 return ERROR_OK;
319 }
320 }
321 breakpoint->set = 1;
322 }
323
324 return retval;
325 }
326
327 /**
328 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
329 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
330 * will be updated. Otherwise, the software breakpoint will be restored to its
331 * original instruction if it hasn't already been modified.
332 *
333 * @param target Pointer to ARM7/9 target to unset the breakpoint from
334 * @param breakpoint Pointer to breakpoint to be unset
335 * @return For hardware breakpoints, this is the result of executing the JTAG
336 * queue. For software breakpoints, this will be the status of the
337 * required memory reads and writes
338 */
339 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
340 {
341 int retval = ERROR_OK;
342
343 armv4_5_common_t *armv4_5 = target->arch_info;
344 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
345
346 if (!breakpoint->set)
347 {
348 LOG_WARNING("breakpoint not set");
349 return ERROR_OK;
350 }
351
352 if (breakpoint->type == BKPT_HARD)
353 {
354 if (breakpoint->set == 1)
355 {
356 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
357 arm7_9->wp0_used = 0;
358 arm7_9->wp_available++;
359 }
360 else if (breakpoint->set == 2)
361 {
362 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
363 arm7_9->wp1_used = 0;
364 arm7_9->wp_available++;
365 }
366 retval = jtag_execute_queue();
367 breakpoint->set = 0;
368 }
369 else
370 {
371 /* restore original instruction (kept in target endianness) */
372 if (breakpoint->length == 4)
373 {
374 u32 current_instr;
375 /* check that user program as not modified breakpoint instruction */
376 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
377 {
378 return retval;
379 }
380 if (current_instr==arm7_9->arm_bkpt)
381 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
382 {
383 return retval;
384 }
385 }
386 else
387 {
388 u16 current_instr;
389 /* check that user program as not modified breakpoint instruction */
390 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
391 {
392 return retval;
393 }
394 if (current_instr==arm7_9->thumb_bkpt)
395 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
396 {
397 return retval;
398 }
399 }
400 breakpoint->set = 0;
401 }
402
403 return retval;
404 }
405
406 /**
407 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
408 * dangling breakpoints and that the desired breakpoint can be added.
409 *
410 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
411 * @param breakpoint Pointer to the breakpoint to be added
412 * @return An error status if there is a problem adding the breakpoint or the
413 * result of setting the breakpoint
414 */
415 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
416 {
417 armv4_5_common_t *armv4_5 = target->arch_info;
418 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
419
420 if (target->state != TARGET_HALTED)
421 {
422 LOG_WARNING("target not halted");
423 return ERROR_TARGET_NOT_HALTED;
424 }
425
426 if (arm7_9->breakpoint_count==0)
427 {
428 /* make sure we don't have any dangling breakpoints. This is vital upon
429 * GDB connect/disconnect
430 */
431 arm7_9_clear_watchpoints(arm7_9);
432 }
433
434 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
435 {
436 LOG_INFO("no watchpoint unit available for hardware breakpoint");
437 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
438 }
439
440 if ((breakpoint->length != 2) && (breakpoint->length != 4))
441 {
442 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
443 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
444 }
445
446 if (breakpoint->type == BKPT_HARD)
447 {
448 arm7_9_assign_wp(arm7_9, breakpoint);
449 }
450
451 arm7_9->breakpoint_count++;
452
453 return arm7_9_set_breakpoint(target, breakpoint);
454 }
455
456 /**
457 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
458 * dangling breakpoints and updates available watchpoints if it is a hardware
459 * breakpoint.
460 *
461 * @param target Pointer to the target to have a breakpoint removed
462 * @param breakpoint Pointer to the breakpoint to be removed
463 * @return Error status if there was a problem unsetting the breakpoint or the
464 * watchpoints could not be cleared
465 */
466 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
467 {
468 int retval = ERROR_OK;
469 armv4_5_common_t *armv4_5 = target->arch_info;
470 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
471
472 if((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
473 {
474 return retval;
475 }
476
477 if (breakpoint->type == BKPT_HARD)
478 arm7_9->wp_available++;
479
480 arm7_9->breakpoint_count--;
481 if (arm7_9->breakpoint_count==0)
482 {
483 /* make sure we don't have any dangling breakpoints */
484 if((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
485 {
486 return retval;
487 }
488 }
489
490 return ERROR_OK;
491 }
492
493 /**
494 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
495 * considered a bug to call this function when there are no available watchpoint
496 * units.
497 *
498 * @param target Pointer to an ARM7/9 target to set a watchpoint on
499 * @param watchpoint Pointer to the watchpoint to be set
500 * @return Error status if watchpoint set fails or the result of executing the
501 * JTAG queue
502 */
503 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
504 {
505 int retval = ERROR_OK;
506 armv4_5_common_t *armv4_5 = target->arch_info;
507 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
508 int rw_mask = 1;
509 u32 mask;
510
511 mask = watchpoint->length - 1;
512
513 if (target->state != TARGET_HALTED)
514 {
515 LOG_WARNING("target not halted");
516 return ERROR_TARGET_NOT_HALTED;
517 }
518
519 if (watchpoint->rw == WPT_ACCESS)
520 rw_mask = 0;
521 else
522 rw_mask = 1;
523
524 if (!arm7_9->wp0_used)
525 {
526 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
527 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
528 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
529 if( watchpoint->mask != 0xffffffffu )
530 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
531 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
532 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
533
534 if((retval = jtag_execute_queue()) != ERROR_OK)
535 {
536 return retval;
537 }
538 watchpoint->set = 1;
539 arm7_9->wp0_used = 2;
540 }
541 else if (!arm7_9->wp1_used)
542 {
543 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
544 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
545 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
546 if( watchpoint->mask != 0xffffffffu )
547 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
549 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
550
551 if((retval = jtag_execute_queue()) != ERROR_OK)
552 {
553 return retval;
554 }
555 watchpoint->set = 2;
556 arm7_9->wp1_used = 2;
557 }
558 else
559 {
560 LOG_ERROR("BUG: no hardware comparator available");
561 return ERROR_OK;
562 }
563
564 return ERROR_OK;
565 }
566
567 /**
568 * Unset an existing watchpoint and clear the used watchpoint unit.
569 *
570 * @param target Pointer to the target to have the watchpoint removed
571 * @param watchpoint Pointer to the watchpoint to be removed
572 * @return Error status while trying to unset the watchpoint or the result of
573 * executing the JTAG queue
574 */
575 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
576 {
577 int retval = ERROR_OK;
578 armv4_5_common_t *armv4_5 = target->arch_info;
579 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
580
581 if (target->state != TARGET_HALTED)
582 {
583 LOG_WARNING("target not halted");
584 return ERROR_TARGET_NOT_HALTED;
585 }
586
587 if (!watchpoint->set)
588 {
589 LOG_WARNING("breakpoint not set");
590 return ERROR_OK;
591 }
592
593 if (watchpoint->set == 1)
594 {
595 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
596 if((retval = jtag_execute_queue()) != ERROR_OK)
597 {
598 return retval;
599 }
600 arm7_9->wp0_used = 0;
601 }
602 else if (watchpoint->set == 2)
603 {
604 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
605 if((retval = jtag_execute_queue()) != ERROR_OK)
606 {
607 return retval;
608 }
609 arm7_9->wp1_used = 0;
610 }
611 watchpoint->set = 0;
612
613 return ERROR_OK;
614 }
615
616 /**
617 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
618 * available, an error response is returned.
619 *
620 * @param target Pointer to the ARM7/9 target to add a watchpoint to
621 * @param watchpoint Pointer to the watchpoint to be added
622 * @return Error status while trying to add the watchpoint
623 */
624 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
625 {
626 armv4_5_common_t *armv4_5 = target->arch_info;
627 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
628
629 if (target->state != TARGET_HALTED)
630 {
631 LOG_WARNING("target not halted");
632 return ERROR_TARGET_NOT_HALTED;
633 }
634
635 if (arm7_9->wp_available < 1)
636 {
637 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
638 }
639
640 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
641 {
642 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
643 }
644
645 arm7_9->wp_available--;
646
647 return ERROR_OK;
648 }
649
650 /**
651 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
652 * the used watchpoint unit will be reopened.
653 *
654 * @param target Pointer to the target to remove a watchpoint from
655 * @param watchpoint Pointer to the watchpoint to be removed
656 * @return Result of trying to unset the watchpoint
657 */
658 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
659 {
660 int retval = ERROR_OK;
661 armv4_5_common_t *armv4_5 = target->arch_info;
662 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
663
664 if (watchpoint->set)
665 {
666 if((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
667 {
668 return retval;
669 }
670 }
671
672 arm7_9->wp_available++;
673
674 return ERROR_OK;
675 }
676
677 /**
678 * Restarts the target by sending a RESTART instruction and moving the JTAG
679 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
680 * asserted by the processor.
681 *
682 * @param target Pointer to target to issue commands to
683 * @return Error status if there is a timeout or a problem while executing the
684 * JTAG queue
685 */
686 int arm7_9_execute_sys_speed(struct target_s *target)
687 {
688 int retval;
689
690 armv4_5_common_t *armv4_5 = target->arch_info;
691 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
692 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
693 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
694
695 /* set RESTART instruction */
696 jtag_set_end_state(TAP_IDLE);
697 if (arm7_9->need_bypass_before_restart) {
698 arm7_9->need_bypass_before_restart = 0;
699 arm_jtag_set_instr(jtag_info, 0xf, NULL);
700 }
701 arm_jtag_set_instr(jtag_info, 0x4, NULL);
702
703 long long then=timeval_ms();
704 int timeout;
705 while (!(timeout=((timeval_ms()-then)>1000)))
706 {
707 /* read debug status register */
708 embeddedice_read_reg(dbg_stat);
709 if ((retval = jtag_execute_queue()) != ERROR_OK)
710 return retval;
711 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
712 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
713 break;
714 if (debug_level>=3)
715 {
716 alive_sleep(100);
717 } else
718 {
719 keep_alive();
720 }
721 }
722 if (timeout)
723 {
724 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %x", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
725 return ERROR_TARGET_TIMEOUT;
726 }
727
728 return ERROR_OK;
729 }
730
731 /**
732 * Restarts the target by sending a RESTART instruction and moving the JTAG
733 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
734 * waiting until they are.
735 *
736 * @param target Pointer to the target to issue commands to
737 * @return Always ERROR_OK
738 */
739 int arm7_9_execute_fast_sys_speed(struct target_s *target)
740 {
741 static int set=0;
742 static uint8_t check_value[4], check_mask[4];
743
744 armv4_5_common_t *armv4_5 = target->arch_info;
745 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
746 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
747 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
748
749 /* set RESTART instruction */
750 jtag_set_end_state(TAP_IDLE);
751 if (arm7_9->need_bypass_before_restart) {
752 arm7_9->need_bypass_before_restart = 0;
753 arm_jtag_set_instr(jtag_info, 0xf, NULL);
754 }
755 arm_jtag_set_instr(jtag_info, 0x4, NULL);
756
757 if (!set)
758 {
759 /* check for DBGACK and SYSCOMP set (others don't care) */
760
761 /* NB! These are constants that must be available until after next jtag_execute() and
762 * we evaluate the values upon first execution in lieu of setting up these constants
763 * during early setup.
764 * */
765 buf_set_u32(check_value, 0, 32, 0x9);
766 buf_set_u32(check_mask, 0, 32, 0x9);
767 set=1;
768 }
769
770 /* read debug status register */
771 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
772
773 return ERROR_OK;
774 }
775
776 /**
777 * Get some data from the ARM7/9 target.
778 *
779 * @param target Pointer to the ARM7/9 target to read data from
780 * @param size The number of 32bit words to be read
781 * @param buffer Pointer to the buffer that will hold the data
782 * @return The result of receiving data from the Embedded ICE unit
783 */
784 int arm7_9_target_request_data(target_t *target, u32 size, uint8_t *buffer)
785 {
786 armv4_5_common_t *armv4_5 = target->arch_info;
787 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
788 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
789 u32 *data;
790 int retval = ERROR_OK;
791 u32 i;
792
793 data = malloc(size * (sizeof(u32)));
794
795 retval = embeddedice_receive(jtag_info, data, size);
796
797 /* return the 32-bit ints in the 8-bit array */
798 for (i = 0; i < size; i++)
799 {
800 h_u32_to_le(buffer + (i * 4), data[i]);
801 }
802
803 free(data);
804
805 return retval;
806 }
807
808 /**
809 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
810 * target is running and the DCC control register has the W bit high, this will
811 * execute the request on the target.
812 *
813 * @param priv Void pointer expected to be a target_t pointer
814 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
815 * from the Embedded ICE unit
816 */
817 int arm7_9_handle_target_request(void *priv)
818 {
819 int retval = ERROR_OK;
820 target_t *target = priv;
821 if (!target_was_examined(target))
822 return ERROR_OK;
823 armv4_5_common_t *armv4_5 = target->arch_info;
824 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
825 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
826 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
827
828 if (!target->dbg_msg_enabled)
829 return ERROR_OK;
830
831 if (target->state == TARGET_RUNNING)
832 {
833 /* read DCC control register */
834 embeddedice_read_reg(dcc_control);
835 if ((retval = jtag_execute_queue()) != ERROR_OK)
836 {
837 return retval;
838 }
839
840 /* check W bit */
841 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
842 {
843 u32 request;
844
845 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
846 {
847 return retval;
848 }
849 if ((retval = target_request(target, request)) != ERROR_OK)
850 {
851 return retval;
852 }
853 }
854 }
855
856 return ERROR_OK;
857 }
858
859 /**
860 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
861 * is manipulated to the right halted state based on its current state. This is
862 * what happens:
863 *
864 * <table>
865 * <tr><th>State</th><th>Action</th></tr>
866 * <tr><td>TARGET_RUNNING | TARGET_RESET</td><td>Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
867 * <tr><td>TARGET_UNKNOWN</td><td>Warning is logged</td></tr>
868 * <tr><td>TARGET_DEBUG_RUNNING</td><td>Enters debug mode</td></tr>
869 * <tr><td>TARGET_HALTED</td><td>Nothing</td></tr>
870 * </table>
871 *
872 * If the target does not end up in the halted state, a warning is produced. If
873 * DBGACK is cleared, then the target is expected to either be running or
874 * running in debug.
875 *
876 * @param target Pointer to the ARM7/9 target to poll
877 * @return ERROR_OK or an error status if a command fails
878 */
879 int arm7_9_poll(target_t *target)
880 {
881 int retval;
882 armv4_5_common_t *armv4_5 = target->arch_info;
883 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
884 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
885
886 /* read debug status register */
887 embeddedice_read_reg(dbg_stat);
888 if ((retval = jtag_execute_queue()) != ERROR_OK)
889 {
890 return retval;
891 }
892
893 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
894 {
895 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
896 if (target->state == TARGET_UNKNOWN)
897 {
898 target->state = TARGET_RUNNING;
899 LOG_WARNING("DBGACK set while target was in unknown state. Reset or initialize target.");
900 }
901 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
902 {
903 int check_pc=0;
904 if (target->state == TARGET_RESET)
905 {
906 if (target->reset_halt)
907 {
908 enum reset_types jtag_reset_config = jtag_get_reset_config();
909 if ((jtag_reset_config & RESET_SRST_PULLS_TRST)==0)
910 {
911 check_pc = 1;
912 }
913 }
914 }
915
916 target->state = TARGET_HALTED;
917
918 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
919 return retval;
920
921 if (check_pc)
922 {
923 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
924 u32 t=*((u32 *)reg->value);
925 if (t!=0)
926 {
927 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
928 }
929 }
930
931 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
932 {
933 return retval;
934 }
935 }
936 if (target->state == TARGET_DEBUG_RUNNING)
937 {
938 target->state = TARGET_HALTED;
939 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
940 return retval;
941
942 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
943 {
944 return retval;
945 }
946 }
947 if (target->state != TARGET_HALTED)
948 {
949 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
950 }
951 }
952 else
953 {
954 if (target->state != TARGET_DEBUG_RUNNING)
955 target->state = TARGET_RUNNING;
956 }
957
958 return ERROR_OK;
959 }
960
961 /**
962 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
963 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
964 * affected) completely stop the JTAG clock while the core is held in reset
965 * (SRST). It isn't possible to program the halt condition once reset is
966 * asserted, hence a hook that allows the target to set up its reset-halt
967 * condition is setup prior to asserting reset.
968 *
969 * @param target Pointer to an ARM7/9 target to assert reset on
970 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
971 */
972 int arm7_9_assert_reset(target_t *target)
973 {
974 armv4_5_common_t *armv4_5 = target->arch_info;
975 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
976 LOG_DEBUG("target->state: %s",
977 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
978
979 enum reset_types jtag_reset_config = jtag_get_reset_config();
980 if (!(jtag_reset_config & RESET_HAS_SRST))
981 {
982 LOG_ERROR("Can't assert SRST");
983 return ERROR_FAIL;
984 }
985
986 if (target->reset_halt)
987 {
988 /*
989 * Some targets do not support communication while SRST is asserted. We need to
990 * set up the reset vector catch here.
991 *
992 * If TRST is asserted, then these settings will be reset anyway, so setting them
993 * here is harmless.
994 */
995 if (arm7_9->has_vector_catch)
996 {
997 /* program vector catch register to catch reset vector */
998 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
999 }
1000 else
1001 {
1002 /* program watchpoint unit to match on reset vector address */
1003 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1004 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1005 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1006 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1007 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1008 }
1009 }
1010
1011 /* here we should issue an SRST only, but we may have to assert TRST as well */
1012 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1013 {
1014 jtag_add_reset(1, 1);
1015 } else
1016 {
1017 jtag_add_reset(0, 1);
1018 }
1019
1020 target->state = TARGET_RESET;
1021 jtag_add_sleep(50000);
1022
1023 armv4_5_invalidate_core_regs(target);
1024
1025 if ((target->reset_halt)&&((jtag_reset_config & RESET_SRST_PULLS_TRST)==0))
1026 {
1027 /* debug entry was already prepared in arm7_9_assert_reset() */
1028 target->debug_reason = DBG_REASON_DBGRQ;
1029 }
1030
1031 return ERROR_OK;
1032 }
1033
1034 /**
1035 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1036 * and the target is being reset into a halt, a warning will be triggered
1037 * because it is not possible to reset into a halted mode in this case. The
1038 * target is halted using the target's functions.
1039 *
1040 * @param target Pointer to the target to have the reset deasserted
1041 * @return ERROR_OK or an error from polling or halting the target
1042 */
1043 int arm7_9_deassert_reset(target_t *target)
1044 {
1045 int retval=ERROR_OK;
1046 LOG_DEBUG("target->state: %s",
1047 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
1048
1049 /* deassert reset lines */
1050 jtag_add_reset(0, 0);
1051
1052 enum reset_types jtag_reset_config = jtag_get_reset_config();
1053 if (target->reset_halt&&(jtag_reset_config & RESET_SRST_PULLS_TRST)!=0)
1054 {
1055 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1056 /* set up embedded ice registers again */
1057 if ((retval = target_examine_one(target)) != ERROR_OK)
1058 return retval;
1059
1060 if ((retval=target_poll(target))!=ERROR_OK)
1061 {
1062 return retval;
1063 }
1064
1065 if ((retval=target_halt(target))!=ERROR_OK)
1066 {
1067 return retval;
1068 }
1069
1070 }
1071 return retval;
1072 }
1073
1074 /**
1075 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1076 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1077 * vector catch was used, it is restored. Otherwise, the control value is
1078 * restored and the watchpoint unit is restored if it was in use.
1079 *
1080 * @param target Pointer to the ARM7/9 target to have halt cleared
1081 * @return Always ERROR_OK
1082 */
1083 int arm7_9_clear_halt(target_t *target)
1084 {
1085 armv4_5_common_t *armv4_5 = target->arch_info;
1086 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1087 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1088
1089 /* we used DBGRQ only if we didn't come out of reset */
1090 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1091 {
1092 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1093 */
1094 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1095 embeddedice_store_reg(dbg_ctrl);
1096 }
1097 else
1098 {
1099 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1100 {
1101 /* if we came out of reset, and vector catch is supported, we used
1102 * vector catch to enter debug state
1103 * restore the register in that case
1104 */
1105 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1106 }
1107 else
1108 {
1109 /* restore registers if watchpoint unit 0 was in use
1110 */
1111 if (arm7_9->wp0_used)
1112 {
1113 if (arm7_9->debug_entry_from_reset)
1114 {
1115 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1116 }
1117 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1118 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1119 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1120 }
1121 /* control value always has to be restored, as it was either disabled,
1122 * or enabled with possibly different bits
1123 */
1124 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1125 }
1126 }
1127
1128 return ERROR_OK;
1129 }
1130
1131 /**
1132 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1133 * and then there is a wait until the processor shows the halt. This wait can
1134 * timeout and results in an error being returned. The software reset involves
1135 * clearing the halt, updating the debug control register, changing to ARM mode,
1136 * reset of the program counter, and reset of all of the registers.
1137 *
1138 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1139 * @return Error status if any of the commands fail, otherwise ERROR_OK
1140 */
1141 int arm7_9_soft_reset_halt(struct target_s *target)
1142 {
1143 armv4_5_common_t *armv4_5 = target->arch_info;
1144 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1145 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1146 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1147 int i;
1148 int retval;
1149
1150 if ((retval=target_halt(target))!=ERROR_OK)
1151 return retval;
1152
1153 long long then=timeval_ms();
1154 int timeout;
1155 while (!(timeout=((timeval_ms()-then)>1000)))
1156 {
1157 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1158 break;
1159 embeddedice_read_reg(dbg_stat);
1160 if ((retval=jtag_execute_queue())!=ERROR_OK)
1161 return retval;
1162 if (debug_level>=3)
1163 {
1164 alive_sleep(100);
1165 } else
1166 {
1167 keep_alive();
1168 }
1169 }
1170 if (timeout)
1171 {
1172 LOG_ERROR("Failed to halt CPU after 1 sec");
1173 return ERROR_TARGET_TIMEOUT;
1174 }
1175 target->state = TARGET_HALTED;
1176
1177 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1178 * ensure that DBGRQ is cleared
1179 */
1180 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1181 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1182 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1183 embeddedice_store_reg(dbg_ctrl);
1184
1185 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1186 {
1187 return retval;
1188 }
1189
1190 /* if the target is in Thumb state, change to ARM state */
1191 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1192 {
1193 u32 r0_thumb, pc_thumb;
1194 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1195 /* Entered debug from Thumb mode */
1196 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1197 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1198 }
1199
1200 /* all register content is now invalid */
1201 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1202 {
1203 return retval;
1204 }
1205
1206 /* SVC, ARM state, IRQ and FIQ disabled */
1207 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1208 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1209 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1210
1211 /* start fetching from 0x0 */
1212 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1213 armv4_5->core_cache->reg_list[15].dirty = 1;
1214 armv4_5->core_cache->reg_list[15].valid = 1;
1215
1216 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1217 armv4_5->core_state = ARMV4_5_STATE_ARM;
1218
1219 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1220 return ERROR_FAIL;
1221
1222 /* reset registers */
1223 for (i = 0; i <= 14; i++)
1224 {
1225 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1226 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1227 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1228 }
1229
1230 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1231 {
1232 return retval;
1233 }
1234
1235 return ERROR_OK;
1236 }
1237
1238 /**
1239 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1240 * line or by programming a watchpoint to trigger on any address. It is
1241 * considered a bug to call this function while the target is in the
1242 * TARGET_RESET state.
1243 *
1244 * @param target Pointer to the ARM7/9 target to be halted
1245 * @return Always ERROR_OK
1246 */
1247 int arm7_9_halt(target_t *target)
1248 {
1249 if (target->state==TARGET_RESET)
1250 {
1251 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1252 return ERROR_OK;
1253 }
1254
1255 armv4_5_common_t *armv4_5 = target->arch_info;
1256 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1257 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1258
1259 LOG_DEBUG("target->state: %s",
1260 Jim_Nvp_value2name_simple( nvp_target_state,target->state)->name);
1261
1262 if (target->state == TARGET_HALTED)
1263 {
1264 LOG_DEBUG("target was already halted");
1265 return ERROR_OK;
1266 }
1267
1268 if (target->state == TARGET_UNKNOWN)
1269 {
1270 LOG_WARNING("target was in unknown state when halt was requested");
1271 }
1272
1273 if (arm7_9->use_dbgrq)
1274 {
1275 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1276 */
1277 if (arm7_9->set_special_dbgrq) {
1278 arm7_9->set_special_dbgrq(target);
1279 } else {
1280 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1281 embeddedice_store_reg(dbg_ctrl);
1282 }
1283 }
1284 else
1285 {
1286 /* program watchpoint unit to match on any address
1287 */
1288 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1289 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1290 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1291 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1292 }
1293
1294 target->debug_reason = DBG_REASON_DBGRQ;
1295
1296 return ERROR_OK;
1297 }
1298
1299 /**
1300 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1301 * ARM. The JTAG queue is then executed and the reason for debug entry is
1302 * examined. Once done, the target is verified to be halted and the processor
1303 * is forced into ARM mode. The core registers are saved for the current core
1304 * mode and the program counter (register 15) is updated as needed. The core
1305 * registers and CPSR and SPSR are saved for restoration later.
1306 *
1307 * @param target Pointer to target that is entering debug mode
1308 * @return Error code if anything fails, otherwise ERROR_OK
1309 */
1310 int arm7_9_debug_entry(target_t *target)
1311 {
1312 int i;
1313 u32 context[16];
1314 u32* context_p[16];
1315 u32 r0_thumb, pc_thumb;
1316 u32 cpsr;
1317 int retval;
1318 /* get pointers to arch-specific information */
1319 armv4_5_common_t *armv4_5 = target->arch_info;
1320 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1321 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1322 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1323
1324 #ifdef _DEBUG_ARM7_9_
1325 LOG_DEBUG("-");
1326 #endif
1327
1328 if (arm7_9->pre_debug_entry)
1329 arm7_9->pre_debug_entry(target);
1330
1331 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1332 * ensure that DBGRQ is cleared
1333 */
1334 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1335 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1336 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1337 embeddedice_store_reg(dbg_ctrl);
1338
1339 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1340 {
1341 return retval;
1342 }
1343
1344 if ((retval = jtag_execute_queue()) != ERROR_OK)
1345 {
1346 return retval;
1347 }
1348
1349 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1350 return retval;
1351
1352
1353 if (target->state != TARGET_HALTED)
1354 {
1355 LOG_WARNING("target not halted");
1356 return ERROR_TARGET_NOT_HALTED;
1357 }
1358
1359 /* if the target is in Thumb state, change to ARM state */
1360 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1361 {
1362 LOG_DEBUG("target entered debug from Thumb state");
1363 /* Entered debug from Thumb mode */
1364 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1365 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1366 LOG_DEBUG("r0_thumb: 0x%8.8x, pc_thumb: 0x%8.8x", r0_thumb, pc_thumb);
1367 }
1368 else
1369 {
1370 LOG_DEBUG("target entered debug from ARM state");
1371 /* Entered debug from ARM mode */
1372 armv4_5->core_state = ARMV4_5_STATE_ARM;
1373 }
1374
1375 for (i = 0; i < 16; i++)
1376 context_p[i] = &context[i];
1377 /* save core registers (r0 - r15 of current core mode) */
1378 arm7_9->read_core_regs(target, 0xffff, context_p);
1379
1380 arm7_9->read_xpsr(target, &cpsr, 0);
1381
1382 if ((retval = jtag_execute_queue()) != ERROR_OK)
1383 return retval;
1384
1385 /* if the core has been executing in Thumb state, set the T bit */
1386 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1387 cpsr |= 0x20;
1388
1389 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1390 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1391 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1392
1393 armv4_5->core_mode = cpsr & 0x1f;
1394
1395 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1396 {
1397 target->state = TARGET_UNKNOWN;
1398 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1399 return ERROR_TARGET_FAILURE;
1400 }
1401
1402 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1403
1404 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1405 {
1406 LOG_DEBUG("thumb state, applying fixups");
1407 context[0] = r0_thumb;
1408 context[15] = pc_thumb;
1409 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1410 {
1411 /* adjust value stored by STM */
1412 context[15] -= 3 * 4;
1413 }
1414
1415 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1416 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1417 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1418 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1419 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1420 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1421 else if (target->debug_reason == DBG_REASON_DBGRQ)
1422 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1423 else
1424 {
1425 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1426 }
1427
1428 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1429 return ERROR_FAIL;
1430
1431 for (i=0; i<=15; i++)
1432 {
1433 LOG_DEBUG("r%i: 0x%8.8x", i, context[i]);
1434 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1435 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1436 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1437 }
1438
1439 LOG_DEBUG("entered debug state at PC 0x%x", context[15]);
1440
1441 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1442 return ERROR_FAIL;
1443
1444 /* exceptions other than USR & SYS have a saved program status register */
1445 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1446 {
1447 u32 spsr;
1448 arm7_9->read_xpsr(target, &spsr, 1);
1449 if ((retval = jtag_execute_queue()) != ERROR_OK)
1450 {
1451 return retval;
1452 }
1453 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1454 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1455 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1456 }
1457
1458 /* r0 and r15 (pc) have to be restored later */
1459 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1460 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1461
1462 if ((retval = jtag_execute_queue()) != ERROR_OK)
1463 return retval;
1464
1465 if (arm7_9->post_debug_entry)
1466 arm7_9->post_debug_entry(target);
1467
1468 return ERROR_OK;
1469 }
1470
1471 /**
1472 * Validate the full context for an ARM7/9 target in all processor modes. If
1473 * there are any invalid registers for the target, they will all be read. This
1474 * includes the PSR.
1475 *
1476 * @param target Pointer to the ARM7/9 target to capture the full context from
1477 * @return Error if the target is not halted, has an invalid core mode, or if
1478 * the JTAG queue fails to execute
1479 */
1480 int arm7_9_full_context(target_t *target)
1481 {
1482 int i;
1483 int retval;
1484 armv4_5_common_t *armv4_5 = target->arch_info;
1485 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1486
1487 LOG_DEBUG("-");
1488
1489 if (target->state != TARGET_HALTED)
1490 {
1491 LOG_WARNING("target not halted");
1492 return ERROR_TARGET_NOT_HALTED;
1493 }
1494
1495 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1496 return ERROR_FAIL;
1497
1498 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1499 * SYS shares registers with User, so we don't touch SYS
1500 */
1501 for (i = 0; i < 6; i++)
1502 {
1503 u32 mask = 0;
1504 u32* reg_p[16];
1505 int j;
1506 int valid = 1;
1507
1508 /* check if there are invalid registers in the current mode
1509 */
1510 for (j = 0; j <= 16; j++)
1511 {
1512 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1513 valid = 0;
1514 }
1515
1516 if (!valid)
1517 {
1518 u32 tmp_cpsr;
1519
1520 /* change processor mode (and mask T bit) */
1521 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1522 tmp_cpsr |= armv4_5_number_to_mode(i);
1523 tmp_cpsr &= ~0x20;
1524 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1525
1526 for (j = 0; j < 15; j++)
1527 {
1528 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1529 {
1530 reg_p[j] = (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1531 mask |= 1 << j;
1532 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1533 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1534 }
1535 }
1536
1537 /* if only the PSR is invalid, mask is all zeroes */
1538 if (mask)
1539 arm7_9->read_core_regs(target, mask, reg_p);
1540
1541 /* check if the PSR has to be read */
1542 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1543 {
1544 arm7_9->read_xpsr(target, (u32*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1545 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1546 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1547 }
1548 }
1549 }
1550
1551 /* restore processor mode (mask T bit) */
1552 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1553
1554 if ((retval = jtag_execute_queue()) != ERROR_OK)
1555 {
1556 return retval;
1557 }
1558 return ERROR_OK;
1559 }
1560
1561 /**
1562 * Restore the processor context on an ARM7/9 target. The full processor
1563 * context is analyzed to see if any of the registers are dirty on this end, but
1564 * have a valid new value. If this is the case, the processor is changed to the
1565 * appropriate mode and the new register values are written out to the
1566 * processor. If there happens to be a dirty register with an invalid value, an
1567 * error will be logged.
1568 *
1569 * @param target Pointer to the ARM7/9 target to have its context restored
1570 * @return Error status if the target is not halted or the core mode in the
1571 * armv4_5 struct is invalid.
1572 */
1573 int arm7_9_restore_context(target_t *target)
1574 {
1575 armv4_5_common_t *armv4_5 = target->arch_info;
1576 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1577 reg_t *reg;
1578 armv4_5_core_reg_t *reg_arch_info;
1579 enum armv4_5_mode current_mode = armv4_5->core_mode;
1580 int i, j;
1581 int dirty;
1582 int mode_change;
1583
1584 LOG_DEBUG("-");
1585
1586 if (target->state != TARGET_HALTED)
1587 {
1588 LOG_WARNING("target not halted");
1589 return ERROR_TARGET_NOT_HALTED;
1590 }
1591
1592 if (arm7_9->pre_restore_context)
1593 arm7_9->pre_restore_context(target);
1594
1595 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1596 return ERROR_FAIL;
1597
1598 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1599 * SYS shares registers with User, so we don't touch SYS
1600 */
1601 for (i = 0; i < 6; i++)
1602 {
1603 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1604 dirty = 0;
1605 mode_change = 0;
1606 /* check if there are dirty registers in the current mode
1607 */
1608 for (j = 0; j <= 16; j++)
1609 {
1610 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1611 reg_arch_info = reg->arch_info;
1612 if (reg->dirty == 1)
1613 {
1614 if (reg->valid == 1)
1615 {
1616 dirty = 1;
1617 LOG_DEBUG("examining dirty reg: %s", reg->name);
1618 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1619 && (reg_arch_info->mode != current_mode)
1620 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1621 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1622 {
1623 mode_change = 1;
1624 LOG_DEBUG("require mode change");
1625 }
1626 }
1627 else
1628 {
1629 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1630 }
1631 }
1632 }
1633
1634 if (dirty)
1635 {
1636 u32 mask = 0x0;
1637 int num_regs = 0;
1638 u32 regs[16];
1639
1640 if (mode_change)
1641 {
1642 u32 tmp_cpsr;
1643
1644 /* change processor mode (mask T bit) */
1645 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1646 tmp_cpsr |= armv4_5_number_to_mode(i);
1647 tmp_cpsr &= ~0x20;
1648 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1649 current_mode = armv4_5_number_to_mode(i);
1650 }
1651
1652 for (j = 0; j <= 14; j++)
1653 {
1654 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1655 reg_arch_info = reg->arch_info;
1656
1657
1658 if (reg->dirty == 1)
1659 {
1660 regs[j] = buf_get_u32(reg->value, 0, 32);
1661 mask |= 1 << j;
1662 num_regs++;
1663 reg->dirty = 0;
1664 reg->valid = 1;
1665 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8x", j, armv4_5_mode_strings[i], regs[j]);
1666 }
1667 }
1668
1669 if (mask)
1670 {
1671 arm7_9->write_core_regs(target, mask, regs);
1672 }
1673
1674 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1675 reg_arch_info = reg->arch_info;
1676 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1677 {
1678 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8x", i, buf_get_u32(reg->value, 0, 32));
1679 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1680 }
1681 }
1682 }
1683
1684 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1685 {
1686 /* restore processor mode (mask T bit) */
1687 u32 tmp_cpsr;
1688
1689 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1690 tmp_cpsr |= armv4_5_number_to_mode(i);
1691 tmp_cpsr &= ~0x20;
1692 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", tmp_cpsr);
1693 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1694 }
1695 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1696 {
1697 /* CPSR has been changed, full restore necessary (mask T bit) */
1698 LOG_DEBUG("writing cpsr with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1699 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1700 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1701 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1702 }
1703
1704 /* restore PC */
1705 LOG_DEBUG("writing PC with value 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1706 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1707 armv4_5->core_cache->reg_list[15].dirty = 0;
1708
1709 if (arm7_9->post_restore_context)
1710 arm7_9->post_restore_context(target);
1711
1712 return ERROR_OK;
1713 }
1714
1715 /**
1716 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1717 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1718 * restart.
1719 *
1720 * @param target Pointer to the ARM7/9 target to be restarted
1721 * @return Result of executing the JTAG queue
1722 */
1723 int arm7_9_restart_core(struct target_s *target)
1724 {
1725 armv4_5_common_t *armv4_5 = target->arch_info;
1726 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1727 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1728
1729 /* set RESTART instruction */
1730 jtag_set_end_state(TAP_IDLE);
1731 if (arm7_9->need_bypass_before_restart) {
1732 arm7_9->need_bypass_before_restart = 0;
1733 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1734 }
1735 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1736
1737 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1738 return jtag_execute_queue();
1739 }
1740
1741 /**
1742 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1743 * iterated through and are set on the target if they aren't already set.
1744 *
1745 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1746 */
1747 void arm7_9_enable_watchpoints(struct target_s *target)
1748 {
1749 watchpoint_t *watchpoint = target->watchpoints;
1750
1751 while (watchpoint)
1752 {
1753 if (watchpoint->set == 0)
1754 arm7_9_set_watchpoint(target, watchpoint);
1755 watchpoint = watchpoint->next;
1756 }
1757 }
1758
1759 /**
1760 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1761 * iterated through and are set on the target.
1762 *
1763 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1764 */
1765 void arm7_9_enable_breakpoints(struct target_s *target)
1766 {
1767 breakpoint_t *breakpoint = target->breakpoints;
1768
1769 /* set any pending breakpoints */
1770 while (breakpoint)
1771 {
1772 arm7_9_set_breakpoint(target, breakpoint);
1773 breakpoint = breakpoint->next;
1774 }
1775 }
1776
1777 int arm7_9_resume(struct target_s *target, int current, u32 address, int handle_breakpoints, int debug_execution)
1778 {
1779 armv4_5_common_t *armv4_5 = target->arch_info;
1780 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1781 breakpoint_t *breakpoint = target->breakpoints;
1782 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1783 int err, retval = ERROR_OK;
1784
1785 LOG_DEBUG("-");
1786
1787 if (target->state != TARGET_HALTED)
1788 {
1789 LOG_WARNING("target not halted");
1790 return ERROR_TARGET_NOT_HALTED;
1791 }
1792
1793 if (!debug_execution)
1794 {
1795 target_free_all_working_areas(target);
1796 }
1797
1798 /* current = 1: continue on current pc, otherwise continue at <address> */
1799 if (!current)
1800 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1801
1802 u32 current_pc;
1803 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1804
1805 /* the front-end may request us not to handle breakpoints */
1806 if (handle_breakpoints)
1807 {
1808 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1809 {
1810 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1811 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1812 {
1813 return retval;
1814 }
1815
1816 /* calculate PC of next instruction */
1817 u32 next_pc;
1818 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1819 {
1820 u32 current_opcode;
1821 target_read_u32(target, current_pc, &current_opcode);
1822 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8x", current_opcode);
1823 return retval;
1824 }
1825
1826 LOG_DEBUG("enable single-step");
1827 arm7_9->enable_single_step(target, next_pc);
1828
1829 target->debug_reason = DBG_REASON_SINGLESTEP;
1830
1831 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1832 {
1833 return retval;
1834 }
1835
1836 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1837 arm7_9->branch_resume(target);
1838 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1839 {
1840 arm7_9->branch_resume_thumb(target);
1841 }
1842 else
1843 {
1844 LOG_ERROR("unhandled core state");
1845 return ERROR_FAIL;
1846 }
1847
1848 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1849 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1850 err = arm7_9_execute_sys_speed(target);
1851
1852 LOG_DEBUG("disable single-step");
1853 arm7_9->disable_single_step(target);
1854
1855 if (err != ERROR_OK)
1856 {
1857 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1858 {
1859 return retval;
1860 }
1861 target->state = TARGET_UNKNOWN;
1862 return err;
1863 }
1864
1865 arm7_9_debug_entry(target);
1866 LOG_DEBUG("new PC after step: 0x%8.8x", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1867
1868 LOG_DEBUG("set breakpoint at 0x%8.8x", breakpoint->address);
1869 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1870 {
1871 return retval;
1872 }
1873 }
1874 }
1875
1876 /* enable any pending breakpoints and watchpoints */
1877 arm7_9_enable_breakpoints(target);
1878 arm7_9_enable_watchpoints(target);
1879
1880 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1881 {
1882 return retval;
1883 }
1884
1885 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1886 {
1887 arm7_9->branch_resume(target);
1888 }
1889 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1890 {
1891 arm7_9->branch_resume_thumb(target);
1892 }
1893 else
1894 {
1895 LOG_ERROR("unhandled core state");
1896 return ERROR_FAIL;
1897 }
1898
1899 /* deassert DBGACK and INTDIS */
1900 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1901 /* INTDIS only when we really resume, not during debug execution */
1902 if (!debug_execution)
1903 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1904 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1905
1906 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1907 {
1908 return retval;
1909 }
1910
1911 target->debug_reason = DBG_REASON_NOTHALTED;
1912
1913 if (!debug_execution)
1914 {
1915 /* registers are now invalid */
1916 armv4_5_invalidate_core_regs(target);
1917 target->state = TARGET_RUNNING;
1918 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1919 {
1920 return retval;
1921 }
1922 }
1923 else
1924 {
1925 target->state = TARGET_DEBUG_RUNNING;
1926 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1927 {
1928 return retval;
1929 }
1930 }
1931
1932 LOG_DEBUG("target resumed");
1933
1934 return ERROR_OK;
1935 }
1936
1937 void arm7_9_enable_eice_step(target_t *target, u32 next_pc)
1938 {
1939 armv4_5_common_t *armv4_5 = target->arch_info;
1940 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1941
1942 u32 current_pc;
1943 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1944
1945 if(next_pc != current_pc)
1946 {
1947 /* setup an inverse breakpoint on the current PC
1948 * - comparator 1 matches the current address
1949 * - rangeout from comparator 1 is connected to comparator 0 rangein
1950 * - comparator 0 matches any address, as long as rangein is low */
1951 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1952 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1953 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1954 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE|EICE_W_CTRL_nOPC) & 0xff);
1955 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1956 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1957 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1958 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1959 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1960 }
1961 else
1962 {
1963 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1964 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1965 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1966 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1967 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1968 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1969 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1970 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1972 }
1973 }
1974
1975 void arm7_9_disable_eice_step(target_t *target)
1976 {
1977 armv4_5_common_t *armv4_5 = target->arch_info;
1978 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1979
1980 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1981 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1982 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1983 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1984 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1985 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1986 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1987 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1988 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1989 }
1990
1991 int arm7_9_step(struct target_s *target, int current, u32 address, int handle_breakpoints)
1992 {
1993 armv4_5_common_t *armv4_5 = target->arch_info;
1994 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1995 breakpoint_t *breakpoint = NULL;
1996 int err, retval;
1997
1998 if (target->state != TARGET_HALTED)
1999 {
2000 LOG_WARNING("target not halted");
2001 return ERROR_TARGET_NOT_HALTED;
2002 }
2003
2004 /* current = 1: continue on current pc, otherwise continue at <address> */
2005 if (!current)
2006 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2007
2008 u32 current_pc;
2009 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2010
2011 /* the front-end may request us not to handle breakpoints */
2012 if (handle_breakpoints)
2013 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2014 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2015 {
2016 return retval;
2017 }
2018
2019 target->debug_reason = DBG_REASON_SINGLESTEP;
2020
2021 /* calculate PC of next instruction */
2022 u32 next_pc;
2023 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2024 {
2025 u32 current_opcode;
2026 target_read_u32(target, current_pc, &current_opcode);
2027 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8x", current_opcode);
2028 return retval;
2029 }
2030
2031 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2032 {
2033 return retval;
2034 }
2035
2036 arm7_9->enable_single_step(target, next_pc);
2037
2038 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2039 {
2040 arm7_9->branch_resume(target);
2041 }
2042 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2043 {
2044 arm7_9->branch_resume_thumb(target);
2045 }
2046 else
2047 {
2048 LOG_ERROR("unhandled core state");
2049 return ERROR_FAIL;
2050 }
2051
2052 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2053 {
2054 return retval;
2055 }
2056
2057 err = arm7_9_execute_sys_speed(target);
2058 arm7_9->disable_single_step(target);
2059
2060 /* registers are now invalid */
2061 armv4_5_invalidate_core_regs(target);
2062
2063 if (err != ERROR_OK)
2064 {
2065 target->state = TARGET_UNKNOWN;
2066 } else {
2067 arm7_9_debug_entry(target);
2068 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2069 {
2070 return retval;
2071 }
2072 LOG_DEBUG("target stepped");
2073 }
2074
2075 if (breakpoint)
2076 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2077 {
2078 return retval;
2079 }
2080
2081 return err;
2082 }
2083
2084 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2085 {
2086 u32* reg_p[16];
2087 u32 value;
2088 int retval;
2089 armv4_5_common_t *armv4_5 = target->arch_info;
2090 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2091
2092 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2093 return ERROR_FAIL;
2094
2095 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2096
2097 if ((num < 0) || (num > 16))
2098 return ERROR_INVALID_ARGUMENTS;
2099
2100 if ((mode != ARMV4_5_MODE_ANY)
2101 && (mode != armv4_5->core_mode)
2102 && (reg_mode != ARMV4_5_MODE_ANY))
2103 {
2104 u32 tmp_cpsr;
2105
2106 /* change processor mode (mask T bit) */
2107 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2108 tmp_cpsr |= mode;
2109 tmp_cpsr &= ~0x20;
2110 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2111 }
2112
2113 if ((num >= 0) && (num <= 15))
2114 {
2115 /* read a normal core register */
2116 reg_p[num] = &value;
2117
2118 arm7_9->read_core_regs(target, 1 << num, reg_p);
2119 }
2120 else
2121 {
2122 /* read a program status register
2123 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2124 */
2125 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2126 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2127
2128 arm7_9->read_xpsr(target, &value, spsr);
2129 }
2130
2131 if ((retval = jtag_execute_queue()) != ERROR_OK)
2132 {
2133 return retval;
2134 }
2135
2136 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2137 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2138 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2139
2140 if ((mode != ARMV4_5_MODE_ANY)
2141 && (mode != armv4_5->core_mode)
2142 && (reg_mode != ARMV4_5_MODE_ANY)) {
2143 /* restore processor mode (mask T bit) */
2144 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2145 }
2146
2147 return ERROR_OK;
2148 }
2149
2150 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, u32 value)
2151 {
2152 u32 reg[16];
2153 armv4_5_common_t *armv4_5 = target->arch_info;
2154 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2155
2156 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2157 return ERROR_FAIL;
2158
2159 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2160
2161 if ((num < 0) || (num > 16))
2162 return ERROR_INVALID_ARGUMENTS;
2163
2164 if ((mode != ARMV4_5_MODE_ANY)
2165 && (mode != armv4_5->core_mode)
2166 && (reg_mode != ARMV4_5_MODE_ANY)) {
2167 u32 tmp_cpsr;
2168
2169 /* change processor mode (mask T bit) */
2170 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2171 tmp_cpsr |= mode;
2172 tmp_cpsr &= ~0x20;
2173 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2174 }
2175
2176 if ((num >= 0) && (num <= 15))
2177 {
2178 /* write a normal core register */
2179 reg[num] = value;
2180
2181 arm7_9->write_core_regs(target, 1 << num, reg);
2182 }
2183 else
2184 {
2185 /* write a program status register
2186 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2187 */
2188 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2189 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2190
2191 /* if we're writing the CPSR, mask the T bit */
2192 if (!spsr)
2193 value &= ~0x20;
2194
2195 arm7_9->write_xpsr(target, value, spsr);
2196 }
2197
2198 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2199 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2200
2201 if ((mode != ARMV4_5_MODE_ANY)
2202 && (mode != armv4_5->core_mode)
2203 && (reg_mode != ARMV4_5_MODE_ANY)) {
2204 /* restore processor mode (mask T bit) */
2205 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2206 }
2207
2208 return jtag_execute_queue();
2209 }
2210
2211 int arm7_9_read_memory(struct target_s *target, u32 address, u32 size, u32 count, uint8_t *buffer)
2212 {
2213 armv4_5_common_t *armv4_5 = target->arch_info;
2214 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2215
2216 u32 reg[16];
2217 u32 num_accesses = 0;
2218 int thisrun_accesses;
2219 int i;
2220 u32 cpsr;
2221 int retval;
2222 int last_reg = 0;
2223
2224 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2225
2226 if (target->state != TARGET_HALTED)
2227 {
2228 LOG_WARNING("target not halted");
2229 return ERROR_TARGET_NOT_HALTED;
2230 }
2231
2232 /* sanitize arguments */
2233 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2234 return ERROR_INVALID_ARGUMENTS;
2235
2236 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2237 return ERROR_TARGET_UNALIGNED_ACCESS;
2238
2239 /* load the base register with the address of the first word */
2240 reg[0] = address;
2241 arm7_9->write_core_regs(target, 0x1, reg);
2242
2243 int j=0;
2244
2245 switch (size)
2246 {
2247 case 4:
2248 while (num_accesses < count)
2249 {
2250 u32 reg_list;
2251 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2252 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2253
2254 if (last_reg <= thisrun_accesses)
2255 last_reg = thisrun_accesses;
2256
2257 arm7_9->load_word_regs(target, reg_list);
2258
2259 /* fast memory reads are only safe when the target is running
2260 * from a sufficiently high clock (32 kHz is usually too slow)
2261 */
2262 if (arm7_9->fast_memory_access)
2263 retval = arm7_9_execute_fast_sys_speed(target);
2264 else
2265 retval = arm7_9_execute_sys_speed(target);
2266 if (retval != ERROR_OK)
2267 return retval;
2268
2269 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2270
2271 /* advance buffer, count number of accesses */
2272 buffer += thisrun_accesses * 4;
2273 num_accesses += thisrun_accesses;
2274
2275 if ((j++%1024)==0)
2276 {
2277 keep_alive();
2278 }
2279 }
2280 break;
2281 case 2:
2282 while (num_accesses < count)
2283 {
2284 u32 reg_list;
2285 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2286 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2287
2288 for (i = 1; i <= thisrun_accesses; i++)
2289 {
2290 if (i > last_reg)
2291 last_reg = i;
2292 arm7_9->load_hword_reg(target, i);
2293 /* fast memory reads are only safe when the target is running
2294 * from a sufficiently high clock (32 kHz is usually too slow)
2295 */
2296 if (arm7_9->fast_memory_access)
2297 retval = arm7_9_execute_fast_sys_speed(target);
2298 else
2299 retval = arm7_9_execute_sys_speed(target);
2300 if(retval != ERROR_OK)
2301 {
2302 return retval;
2303 }
2304
2305 }
2306
2307 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2308
2309 /* advance buffer, count number of accesses */
2310 buffer += thisrun_accesses * 2;
2311 num_accesses += thisrun_accesses;
2312
2313 if ((j++%1024)==0)
2314 {
2315 keep_alive();
2316 }
2317 }
2318 break;
2319 case 1:
2320 while (num_accesses < count)
2321 {
2322 u32 reg_list;
2323 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2324 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2325
2326 for (i = 1; i <= thisrun_accesses; i++)
2327 {
2328 if (i > last_reg)
2329 last_reg = i;
2330 arm7_9->load_byte_reg(target, i);
2331 /* fast memory reads are only safe when the target is running
2332 * from a sufficiently high clock (32 kHz is usually too slow)
2333 */
2334 if (arm7_9->fast_memory_access)
2335 retval = arm7_9_execute_fast_sys_speed(target);
2336 else
2337 retval = arm7_9_execute_sys_speed(target);
2338 if(retval != ERROR_OK)
2339 {
2340 return retval;
2341 }
2342 }
2343
2344 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2345
2346 /* advance buffer, count number of accesses */
2347 buffer += thisrun_accesses * 1;
2348 num_accesses += thisrun_accesses;
2349
2350 if ((j++%1024)==0)
2351 {
2352 keep_alive();
2353 }
2354 }
2355 break;
2356 default:
2357 LOG_ERROR("BUG: we shouldn't get here");
2358 exit(-1);
2359 break;
2360 }
2361
2362 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2363 return ERROR_FAIL;
2364
2365 for (i=0; i<=last_reg; i++)
2366 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2367
2368 arm7_9->read_xpsr(target, &cpsr, 0);
2369 if ((retval = jtag_execute_queue()) != ERROR_OK)
2370 {
2371 LOG_ERROR("JTAG error while reading cpsr");
2372 return ERROR_TARGET_DATA_ABORT;
2373 }
2374
2375 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2376 {
2377 LOG_WARNING("memory read caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2378
2379 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2380
2381 return ERROR_TARGET_DATA_ABORT;
2382 }
2383
2384 return ERROR_OK;
2385 }
2386
2387 int arm7_9_write_memory(struct target_s *target, u32 address, u32 size, u32 count, uint8_t *buffer)
2388 {
2389 armv4_5_common_t *armv4_5 = target->arch_info;
2390 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2391 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2392
2393 u32 reg[16];
2394 u32 num_accesses = 0;
2395 int thisrun_accesses;
2396 int i;
2397 u32 cpsr;
2398 int retval;
2399 int last_reg = 0;
2400
2401 #ifdef _DEBUG_ARM7_9_
2402 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2403 #endif
2404
2405 if (target->state != TARGET_HALTED)
2406 {
2407 LOG_WARNING("target not halted");
2408 return ERROR_TARGET_NOT_HALTED;
2409 }
2410
2411 /* sanitize arguments */
2412 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2413 return ERROR_INVALID_ARGUMENTS;
2414
2415 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2416 return ERROR_TARGET_UNALIGNED_ACCESS;
2417
2418 /* load the base register with the address of the first word */
2419 reg[0] = address;
2420 arm7_9->write_core_regs(target, 0x1, reg);
2421
2422 /* Clear DBGACK, to make sure memory fetches work as expected */
2423 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2424 embeddedice_store_reg(dbg_ctrl);
2425
2426 switch (size)
2427 {
2428 case 4:
2429 while (num_accesses < count)
2430 {
2431 u32 reg_list;
2432 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2433 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2434
2435 for (i = 1; i <= thisrun_accesses; i++)
2436 {
2437 if (i > last_reg)
2438 last_reg = i;
2439 reg[i] = target_buffer_get_u32(target, buffer);
2440 buffer += 4;
2441 }
2442
2443 arm7_9->write_core_regs(target, reg_list, reg);
2444
2445 arm7_9->store_word_regs(target, reg_list);
2446
2447 /* fast memory writes are only safe when the target is running
2448 * from a sufficiently high clock (32 kHz is usually too slow)
2449 */
2450 if (arm7_9->fast_memory_access)
2451 retval = arm7_9_execute_fast_sys_speed(target);
2452 else
2453 retval = arm7_9_execute_sys_speed(target);
2454 if(retval != ERROR_OK)
2455 {
2456 return retval;
2457 }
2458
2459 num_accesses += thisrun_accesses;
2460 }
2461 break;
2462 case 2:
2463 while (num_accesses < count)
2464 {
2465 u32 reg_list;
2466 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2467 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2468
2469 for (i = 1; i <= thisrun_accesses; i++)
2470 {
2471 if (i > last_reg)
2472 last_reg = i;
2473 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2474 buffer += 2;
2475 }
2476
2477 arm7_9->write_core_regs(target, reg_list, reg);
2478
2479 for (i = 1; i <= thisrun_accesses; i++)
2480 {
2481 arm7_9->store_hword_reg(target, i);
2482
2483 /* fast memory writes are only safe when the target is running
2484 * from a sufficiently high clock (32 kHz is usually too slow)
2485 */
2486 if (arm7_9->fast_memory_access)
2487 retval = arm7_9_execute_fast_sys_speed(target);
2488 else
2489 retval = arm7_9_execute_sys_speed(target);
2490 if(retval != ERROR_OK)
2491 {
2492 return retval;
2493 }
2494 }
2495
2496 num_accesses += thisrun_accesses;
2497 }
2498 break;
2499 case 1:
2500 while (num_accesses < count)
2501 {
2502 u32 reg_list;
2503 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2504 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2505
2506 for (i = 1; i <= thisrun_accesses; i++)
2507 {
2508 if (i > last_reg)
2509 last_reg = i;
2510 reg[i] = *buffer++ & 0xff;
2511 }
2512
2513 arm7_9->write_core_regs(target, reg_list, reg);
2514
2515 for (i = 1; i <= thisrun_accesses; i++)
2516 {
2517 arm7_9->store_byte_reg(target, i);
2518 /* fast memory writes are only safe when the target is running
2519 * from a sufficiently high clock (32 kHz is usually too slow)
2520 */
2521 if (arm7_9->fast_memory_access)
2522 retval = arm7_9_execute_fast_sys_speed(target);
2523 else
2524 retval = arm7_9_execute_sys_speed(target);
2525 if(retval != ERROR_OK)
2526 {
2527 return retval;
2528 }
2529
2530 }
2531
2532 num_accesses += thisrun_accesses;
2533 }
2534 break;
2535 default:
2536 LOG_ERROR("BUG: we shouldn't get here");
2537 exit(-1);
2538 break;
2539 }
2540
2541 /* Re-Set DBGACK */
2542 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2543 embeddedice_store_reg(dbg_ctrl);
2544
2545 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2546 return ERROR_FAIL;
2547
2548 for (i=0; i<=last_reg; i++)
2549 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2550
2551 arm7_9->read_xpsr(target, &cpsr, 0);
2552 if ((retval = jtag_execute_queue()) != ERROR_OK)
2553 {
2554 LOG_ERROR("JTAG error while reading cpsr");
2555 return ERROR_TARGET_DATA_ABORT;
2556 }
2557
2558 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2559 {
2560 LOG_WARNING("memory write caused data abort (address: 0x%8.8x, size: 0x%x, count: 0x%x)", address, size, count);
2561
2562 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2563
2564 return ERROR_TARGET_DATA_ABORT;
2565 }
2566
2567 return ERROR_OK;
2568 }
2569
2570 static int dcc_count;
2571 static uint8_t *dcc_buffer;
2572
2573 static int arm7_9_dcc_completion(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info)
2574 {
2575 int retval = ERROR_OK;
2576 armv4_5_common_t *armv4_5 = target->arch_info;
2577 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2578
2579 if ((retval=target_wait_state(target, TARGET_DEBUG_RUNNING, 500))!=ERROR_OK)
2580 return retval;
2581
2582 int little=target->endianness==TARGET_LITTLE_ENDIAN;
2583 int count=dcc_count;
2584 uint8_t *buffer=dcc_buffer;
2585 if (count>2)
2586 {
2587 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2588 * core function repeated. */
2589 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2590 buffer+=4;
2591
2592 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2593 uint8_t reg_addr = ice_reg->addr & 0x1f;
2594 jtag_tap_t *tap;
2595 tap = ice_reg->jtag_info->tap;
2596
2597 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2598 buffer += (count-2)*4;
2599
2600 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2601 } else
2602 {
2603 int i;
2604 for (i = 0; i < count; i++)
2605 {
2606 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2607 buffer += 4;
2608 }
2609 }
2610
2611 if((retval = target_halt(target))!= ERROR_OK)
2612 {
2613 return retval;
2614 }
2615 return target_wait_state(target, TARGET_HALTED, 500);
2616 }
2617
2618 static const u32 dcc_code[] =
2619 {
2620 /* MRC TST BNE MRC STR B */
2621 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2622 };
2623
2624 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, u32 entry_point, u32 exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, u32 exit_point, int timeout_ms, void *arch_info));
2625
2626 int arm7_9_bulk_write_memory(target_t *target, u32 address, u32 count, uint8_t *buffer)
2627 {
2628 int retval;
2629 armv4_5_common_t *armv4_5 = target->arch_info;
2630 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2631 int i;
2632
2633 if (!arm7_9->dcc_downloads)
2634 return target_write_memory(target, address, 4, count, buffer);
2635
2636 /* regrab previously allocated working_area, or allocate a new one */
2637 if (!arm7_9->dcc_working_area)
2638 {
2639 uint8_t dcc_code_buf[6 * 4];
2640
2641 /* make sure we have a working area */
2642 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2643 {
2644 LOG_INFO("no working area available, falling back to memory writes");
2645 return target_write_memory(target, address, 4, count, buffer);
2646 }
2647
2648 /* copy target instructions to target endianness */
2649 for (i = 0; i < 6; i++)
2650 {
2651 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2652 }
2653
2654 /* write DCC code to working area */
2655 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2656 {
2657 return retval;
2658 }
2659 }
2660
2661 armv4_5_algorithm_t armv4_5_info;
2662 reg_param_t reg_params[1];
2663
2664 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2665 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2666 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2667
2668 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2669
2670 buf_set_u32(reg_params[0].value, 0, 32, address);
2671
2672 dcc_count=count;
2673 dcc_buffer=buffer;
2674 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2675 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address+6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2676
2677 if (retval==ERROR_OK)
2678 {
2679 u32 endaddress=buf_get_u32(reg_params[0].value, 0, 32);
2680 if (endaddress!=(address+count*4))
2681 {
2682 LOG_ERROR("DCC write failed, expected end address 0x%08x got 0x%0x", (address+count*4), endaddress);
2683 retval=ERROR_FAIL;
2684 }
2685 }
2686
2687 destroy_reg_param(&reg_params[0]);
2688
2689 return retval;
2690 }
2691
2692 int arm7_9_checksum_memory(struct target_s *target, u32 address, u32 count, u32* checksum)
2693 {
2694 working_area_t *crc_algorithm;
2695 armv4_5_algorithm_t armv4_5_info;
2696 reg_param_t reg_params[2];
2697 int retval;
2698
2699 u32 arm7_9_crc_code[] = {
2700 0xE1A02000, /* mov r2, r0 */
2701 0xE3E00000, /* mov r0, #0xffffffff */
2702 0xE1A03001, /* mov r3, r1 */
2703 0xE3A04000, /* mov r4, #0 */
2704 0xEA00000B, /* b ncomp */
2705 /* nbyte: */
2706 0xE7D21004, /* ldrb r1, [r2, r4] */
2707 0xE59F7030, /* ldr r7, CRC32XOR */
2708 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2709 0xE3A05000, /* mov r5, #0 */
2710 /* loop: */
2711 0xE3500000, /* cmp r0, #0 */
2712 0xE1A06080, /* mov r6, r0, asl #1 */
2713 0xE2855001, /* add r5, r5, #1 */
2714 0xE1A00006, /* mov r0, r6 */
2715 0xB0260007, /* eorlt r0, r6, r7 */
2716 0xE3550008, /* cmp r5, #8 */
2717 0x1AFFFFF8, /* bne loop */
2718 0xE2844001, /* add r4, r4, #1 */
2719 /* ncomp: */
2720 0xE1540003, /* cmp r4, r3 */
2721 0x1AFFFFF1, /* bne nbyte */
2722 /* end: */
2723 0xEAFFFFFE, /* b end */
2724 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2725 };
2726
2727 u32 i;
2728
2729 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2730 {
2731 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2732 }
2733
2734 /* convert flash writing code into a buffer in target endianness */
2735 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(u32)); i++)
2736 {
2737 if ((retval=target_write_u32(target, crc_algorithm->address + i*sizeof(u32), arm7_9_crc_code[i]))!=ERROR_OK)
2738 {
2739 return retval;
2740 }
2741 }
2742
2743 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2744 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2745 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2746
2747 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2748 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2749
2750 buf_set_u32(reg_params[0].value, 0, 32, address);
2751 buf_set_u32(reg_params[1].value, 0, 32, count);
2752
2753 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2754 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2755 {
2756 LOG_ERROR("error executing arm7_9 crc algorithm");
2757 destroy_reg_param(&reg_params[0]);
2758 destroy_reg_param(&reg_params[1]);
2759 target_free_working_area(target, crc_algorithm);
2760 return retval;
2761 }
2762
2763 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2764
2765 destroy_reg_param(&reg_params[0]);
2766 destroy_reg_param(&reg_params[1]);
2767
2768 target_free_working_area(target, crc_algorithm);
2769
2770 return ERROR_OK;
2771 }
2772
2773 int arm7_9_blank_check_memory(struct target_s *target, u32 address, u32 count, u32* blank)
2774 {
2775 working_area_t *erase_check_algorithm;
2776 reg_param_t reg_params[3];
2777 armv4_5_algorithm_t armv4_5_info;
2778 int retval;
2779 u32 i;
2780
2781 u32 erase_check_code[] =
2782 {
2783 /* loop: */
2784 0xe4d03001, /* ldrb r3, [r0], #1 */
2785 0xe0022003, /* and r2, r2, r3 */
2786 0xe2511001, /* subs r1, r1, #1 */
2787 0x1afffffb, /* bne loop */
2788 /* end: */
2789 0xeafffffe /* b end */
2790 };
2791
2792 /* make sure we have a working area */
2793 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2794 {
2795 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2796 }
2797
2798 /* convert flash writing code into a buffer in target endianness */
2799 for (i = 0; i < (sizeof(erase_check_code)/sizeof(u32)); i++)
2800 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(u32), erase_check_code[i])) != ERROR_OK)
2801 {
2802 return retval;
2803 }
2804
2805 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2806 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2807 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2808
2809 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2810 buf_set_u32(reg_params[0].value, 0, 32, address);
2811
2812 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2813 buf_set_u32(reg_params[1].value, 0, 32, count);
2814
2815 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2816 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2817
2818 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2819 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2820 {
2821 destroy_reg_param(&reg_params[0]);
2822 destroy_reg_param(&reg_params[1]);
2823 destroy_reg_param(&reg_params[2]);
2824 target_free_working_area(target, erase_check_algorithm);
2825 return 0;
2826 }
2827
2828 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2829
2830 destroy_reg_param(&reg_params[0]);
2831 destroy_reg_param(&reg_params[1]);
2832 destroy_reg_param(&reg_params[2]);
2833
2834 target_free_working_area(target, erase_check_algorithm);
2835
2836 return ERROR_OK;
2837 }
2838
2839 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2840 {
2841 command_t *arm7_9_cmd;
2842
2843 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2844
2845 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr|spsr>");
2846 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr|spsr>");
2847
2848 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2849
2850 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2851 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>");
2852 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2853 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable|disable>");
2854 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2855 COMMAND_ANY, "use DCC downloads for larger memory writes <enable|disable>");
2856
2857 armv4_5_register_commands(cmd_ctx);
2858
2859 etm_register_commands(cmd_ctx);
2860
2861 return ERROR_OK;
2862 }
2863
2864 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2865 {
2866 u32 value;
2867 int spsr;
2868 int retval;
2869 target_t *target = get_current_target(cmd_ctx);
2870 armv4_5_common_t *armv4_5;
2871 arm7_9_common_t *arm7_9;
2872
2873 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2874 {
2875 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2876 return ERROR_OK;
2877 }
2878
2879 if (target->state != TARGET_HALTED)
2880 {
2881 command_print(cmd_ctx, "can't write registers while running");
2882 return ERROR_OK;
2883 }
2884
2885 if (argc < 2)
2886 {
2887 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr|spsr>");
2888 return ERROR_OK;
2889 }
2890
2891 value = strtoul(args[0], NULL, 0);
2892 spsr = strtol(args[1], NULL, 0);
2893
2894 /* if we're writing the CPSR, mask the T bit */
2895 if (!spsr)
2896 value &= ~0x20;
2897
2898 arm7_9->write_xpsr(target, value, spsr);
2899 if ((retval = jtag_execute_queue()) != ERROR_OK)
2900 {
2901 LOG_ERROR("JTAG error while writing to xpsr");
2902 return retval;
2903 }
2904
2905 return ERROR_OK;
2906 }
2907
2908 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2909 {
2910 u32 value;
2911 int rotate;
2912 int spsr;
2913 int retval;
2914 target_t *target = get_current_target(cmd_ctx);
2915 armv4_5_common_t *armv4_5;
2916 arm7_9_common_t *arm7_9;
2917
2918 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2919 {
2920 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2921 return ERROR_OK;
2922 }
2923
2924 if (target->state != TARGET_HALTED)
2925 {
2926 command_print(cmd_ctx, "can't write registers while running");
2927 return ERROR_OK;
2928 }
2929
2930 if (argc < 3)
2931 {
2932 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr|spsr>");
2933 return ERROR_OK;
2934 }
2935
2936 value = strtoul(args[0], NULL, 0);
2937 rotate = strtol(args[1], NULL, 0);
2938 spsr = strtol(args[2], NULL, 0);
2939
2940 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2941 if ((retval = jtag_execute_queue()) != ERROR_OK)
2942 {
2943 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2944 return retval;
2945 }
2946
2947 return ERROR_OK;
2948 }
2949
2950 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2951 {
2952 u32 value;
2953 u32 mode;
2954 int num;
2955 target_t *target = get_current_target(cmd_ctx);
2956 armv4_5_common_t *armv4_5;
2957 arm7_9_common_t *arm7_9;
2958
2959 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2960 {
2961 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2962 return ERROR_OK;
2963 }
2964
2965 if (target->state != TARGET_HALTED)
2966 {
2967 command_print(cmd_ctx, "can't write registers while running");
2968 return ERROR_OK;
2969 }
2970
2971 if (argc < 3)
2972 {
2973 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2974 return ERROR_OK;
2975 }
2976
2977 num = strtol(args[0], NULL, 0);
2978 mode = strtoul(args[1], NULL, 0);
2979 value = strtoul(args[2], NULL, 0);
2980
2981 return arm7_9_write_core_reg(target, num, mode, value);
2982 }
2983
2984 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2985 {
2986 target_t *target = get_current_target(cmd_ctx);
2987 armv4_5_common_t *armv4_5;
2988 arm7_9_common_t *arm7_9;
2989
2990 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2991 {
2992 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2993 return ERROR_OK;
2994 }
2995
2996 if (argc > 0)
2997 {
2998 if (strcmp("enable", args[0]) == 0)
2999 {
3000 arm7_9->use_dbgrq = 1;
3001 }
3002 else if (strcmp("disable", args[0]) == 0)
3003 {
3004 arm7_9->use_dbgrq = 0;
3005 }
3006 else
3007 {
3008 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable|disable>");
3009 }
3010 }
3011
3012 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3013
3014 return ERROR_OK;
3015 }
3016
3017 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3018 {
3019 target_t *target = get_current_target(cmd_ctx);
3020 armv4_5_common_t *armv4_5;
3021 arm7_9_common_t *arm7_9;
3022
3023 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3024 {
3025 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3026 return ERROR_OK;
3027 }
3028
3029 if (argc > 0)
3030 {
3031 if (strcmp("enable", args[0]) == 0)
3032 {
3033 arm7_9->fast_memory_access = 1;
3034 }
3035 else if (strcmp("disable", args[0]) == 0)
3036 {
3037 arm7_9->fast_memory_access = 0;
3038 }
3039 else
3040 {
3041 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable|disable>");
3042 }
3043 }
3044
3045 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3046
3047 return ERROR_OK;
3048 }
3049
3050 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3051 {
3052 target_t *target = get_current_target(cmd_ctx);
3053 armv4_5_common_t *armv4_5;
3054 arm7_9_common_t *arm7_9;
3055
3056 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3057 {
3058 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3059 return ERROR_OK;
3060 }
3061
3062 if (argc > 0)
3063 {
3064 if (strcmp("enable", args[0]) == 0)
3065 {
3066 arm7_9->dcc_downloads = 1;
3067 }
3068 else if (strcmp("disable", args[0]) == 0)
3069 {
3070 arm7_9->dcc_downloads = 0;
3071 }
3072 else
3073 {
3074 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable|disable>");
3075 }
3076 }
3077
3078 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3079
3080 return ERROR_OK;
3081 }
3082
3083 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3084 {
3085 int retval = ERROR_OK;
3086 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3087
3088 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3089
3090 if((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3091 {
3092 return retval;
3093 }
3094
3095 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3096 arm7_9->wp_available_max = 2;
3097 arm7_9->sw_breakpoints_added = 0;
3098 arm7_9->breakpoint_count = 0;
3099 arm7_9->wp0_used = 0;
3100 arm7_9->wp1_used = 0;
3101 arm7_9->wp1_used_default = 0;
3102 arm7_9->use_dbgrq = 0;
3103
3104 arm7_9->etm_ctx = NULL;
3105 arm7_9->has_single_step = 0;
3106 arm7_9->has_monitor_mode = 0;
3107 arm7_9->has_vector_catch = 0;
3108
3109 arm7_9->debug_entry_from_reset = 0;
3110
3111 arm7_9->dcc_working_area = NULL;
3112
3113 arm7_9->fast_memory_access = fast_and_dangerous;
3114 arm7_9->dcc_downloads = fast_and_dangerous;
3115
3116 arm7_9->need_bypass_before_restart = 0;
3117
3118 armv4_5->arch_info = arm7_9;
3119 armv4_5->read_core_reg = arm7_9_read_core_reg;
3120 armv4_5->write_core_reg = arm7_9_write_core_reg;
3121 armv4_5->full_context = arm7_9_full_context;
3122
3123 if((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3124 {
3125 return retval;
3126 }
3127
3128 if((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3129 {
3130 return retval;
3131 }
3132
3133 return ERROR_OK;
3134 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)