Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
ARM7/ARM9: use shared examine() method
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 /**
41 * @file
42 * Hold common code supporting the ARM7 and ARM9 core generations.
43 *
44 * While the ARM core implementations evolved substantially during these
45 * two generations, they look quite similar from the JTAG perspective.
46 * Both have similar debug facilities, based on the same two scan chains
47 * providing access to the core and to an EmbeddedICE module. Both can
48 * support similar ETM and ETB modules, for tracing. And both expose
49 * what could be viewed as "ARM Classic", with multiple processor modes,
50 * shadowed registers, and support for the Thumb instruction set.
51 *
52 * Processor differences include things like presence or absence of MMU
53 * and cache, pipeline sizes, use of a modified Harvard Architecure
54 * (with separate instruction and data busses from the CPU), support
55 * for cpu clock gating during idle, and more.
56 */
57
58 static int arm7_9_debug_entry(struct target *target);
59
60 /**
61 * Clear watchpoints for an ARM7/9 target.
62 *
63 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
64 * @return JTAG error status after executing queue
65 */
66 static int arm7_9_clear_watchpoints(struct arm7_9_common *arm7_9)
67 {
68 LOG_DEBUG("-");
69 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
70 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
71 arm7_9->sw_breakpoint_count = 0;
72 arm7_9->sw_breakpoints_added = 0;
73 arm7_9->wp0_used = 0;
74 arm7_9->wp1_used = arm7_9->wp1_used_default;
75 arm7_9->wp_available = arm7_9->wp_available_max;
76
77 return jtag_execute_queue();
78 }
79
80 /**
81 * Assign a watchpoint to one of the two available hardware comparators in an
82 * ARM7 or ARM9 target.
83 *
84 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
85 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
86 */
87 static void arm7_9_assign_wp(struct arm7_9_common *arm7_9, struct breakpoint *breakpoint)
88 {
89 if (!arm7_9->wp0_used)
90 {
91 arm7_9->wp0_used = 1;
92 breakpoint->set = 1;
93 arm7_9->wp_available--;
94 }
95 else if (!arm7_9->wp1_used)
96 {
97 arm7_9->wp1_used = 1;
98 breakpoint->set = 2;
99 arm7_9->wp_available--;
100 }
101 else
102 {
103 LOG_ERROR("BUG: no hardware comparator available");
104 }
105 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
106 breakpoint->unique_id,
107 breakpoint->address,
108 breakpoint->set );
109 }
110
111 /**
112 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
113 *
114 * @param arm7_9 Pointer to common struct for ARM7/9 targets
115 * @return Error codes if there is a problem finding a watchpoint or the result
116 * of executing the JTAG queue
117 */
118 static int arm7_9_set_software_breakpoints(struct arm7_9_common *arm7_9)
119 {
120 if (arm7_9->sw_breakpoints_added)
121 {
122 return ERROR_OK;
123 }
124 if (arm7_9->wp_available < 1)
125 {
126 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
127 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
128 }
129 arm7_9->wp_available--;
130
131 /* pick a breakpoint unit */
132 if (!arm7_9->wp0_used)
133 {
134 arm7_9->sw_breakpoints_added = 1;
135 arm7_9->wp0_used = 3;
136 } else if (!arm7_9->wp1_used)
137 {
138 arm7_9->sw_breakpoints_added = 2;
139 arm7_9->wp1_used = 3;
140 }
141 else
142 {
143 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
144 return ERROR_FAIL;
145 }
146
147 if (arm7_9->sw_breakpoints_added == 1)
148 {
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
154 }
155 else if (arm7_9->sw_breakpoints_added == 2)
156 {
157 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
158 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
159 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
160 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
161 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
162 }
163 else
164 {
165 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
166 return ERROR_FAIL;
167 }
168 LOG_DEBUG("SW BP using hw wp: %d",
169 arm7_9->sw_breakpoints_added );
170
171 return jtag_execute_queue();
172 }
173
174 /**
175 * Setup the common pieces for an ARM7/9 target after reset or on startup.
176 *
177 * @param target Pointer to an ARM7/9 target to setup
178 * @return Result of clearing the watchpoints on the target
179 */
180 int arm7_9_setup(struct target *target)
181 {
182 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
183
184 return arm7_9_clear_watchpoints(arm7_9);
185 }
186
187 /**
188 * Set either a hardware or software breakpoint on an ARM7/9 target. The
189 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
190 * might have erased the values in Embedded ICE.
191 *
192 * @param target Pointer to the target device to set the breakpoints on
193 * @param breakpoint Pointer to the breakpoint to be set
194 * @return For hardware breakpoints, this is the result of executing the JTAG
195 * queue. For software breakpoints, this will be the status of the
196 * required memory reads and writes
197 */
198 int arm7_9_set_breakpoint(struct target *target, struct breakpoint *breakpoint)
199 {
200 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
201 int retval = ERROR_OK;
202
203 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
204 breakpoint->unique_id,
205 breakpoint->address,
206 breakpoint->type);
207
208 if (target->state != TARGET_HALTED)
209 {
210 LOG_WARNING("target not halted");
211 return ERROR_TARGET_NOT_HALTED;
212 }
213
214 if (breakpoint->type == BKPT_HARD)
215 {
216 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
217 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
218
219 /* reassign a hw breakpoint */
220 if (breakpoint->set == 0)
221 {
222 arm7_9_assign_wp(arm7_9, breakpoint);
223 }
224
225 if (breakpoint->set == 1)
226 {
227 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
228 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
229 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
230 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
231 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
232 }
233 else if (breakpoint->set == 2)
234 {
235 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
236 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
237 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
238 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
239 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
240 }
241 else
242 {
243 LOG_ERROR("BUG: no hardware comparator available");
244 return ERROR_OK;
245 }
246
247 retval = jtag_execute_queue();
248 }
249 else if (breakpoint->type == BKPT_SOFT)
250 {
251 /* did we already set this breakpoint? */
252 if (breakpoint->set)
253 return ERROR_OK;
254
255 if (breakpoint->length == 4)
256 {
257 uint32_t verify = 0xffffffff;
258 /* keep the original instruction in target endianness */
259 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
260 {
261 return retval;
262 }
263 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
264 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
265 {
266 return retval;
267 }
268
269 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
270 {
271 return retval;
272 }
273 if (verify != arm7_9->arm_bkpt)
274 {
275 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
276 return ERROR_OK;
277 }
278 }
279 else
280 {
281 uint16_t verify = 0xffff;
282 /* keep the original instruction in target endianness */
283 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
284 {
285 return retval;
286 }
287 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
288 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
289 {
290 return retval;
291 }
292
293 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
294 {
295 return retval;
296 }
297 if (verify != arm7_9->thumb_bkpt)
298 {
299 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
300 return ERROR_OK;
301 }
302 }
303
304 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
305 return retval;
306
307 arm7_9->sw_breakpoint_count++;
308
309 breakpoint->set = 1;
310 }
311
312 return retval;
313 }
314
315 /**
316 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
317 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
318 * will be updated. Otherwise, the software breakpoint will be restored to its
319 * original instruction if it hasn't already been modified.
320 *
321 * @param target Pointer to ARM7/9 target to unset the breakpoint from
322 * @param breakpoint Pointer to breakpoint to be unset
323 * @return For hardware breakpoints, this is the result of executing the JTAG
324 * queue. For software breakpoints, this will be the status of the
325 * required memory reads and writes
326 */
327 int arm7_9_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
328 {
329 int retval = ERROR_OK;
330 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
331
332 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
333 breakpoint->unique_id,
334 breakpoint->address );
335
336 if (!breakpoint->set)
337 {
338 LOG_WARNING("breakpoint not set");
339 return ERROR_OK;
340 }
341
342 if (breakpoint->type == BKPT_HARD)
343 {
344 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
345 breakpoint->unique_id,
346 breakpoint->set );
347 if (breakpoint->set == 1)
348 {
349 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
350 arm7_9->wp0_used = 0;
351 arm7_9->wp_available++;
352 }
353 else if (breakpoint->set == 2)
354 {
355 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
356 arm7_9->wp1_used = 0;
357 arm7_9->wp_available++;
358 }
359 retval = jtag_execute_queue();
360 breakpoint->set = 0;
361 }
362 else
363 {
364 /* restore original instruction (kept in target endianness) */
365 if (breakpoint->length == 4)
366 {
367 uint32_t current_instr;
368 /* check that user program as not modified breakpoint instruction */
369 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
370 {
371 return retval;
372 }
373 if (current_instr == arm7_9->arm_bkpt)
374 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
375 {
376 return retval;
377 }
378 }
379 else
380 {
381 uint16_t current_instr;
382 /* check that user program as not modified breakpoint instruction */
383 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
384 {
385 return retval;
386 }
387 if (current_instr == arm7_9->thumb_bkpt)
388 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
389 {
390 return retval;
391 }
392 }
393
394 if (--arm7_9->sw_breakpoint_count==0)
395 {
396 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
397 if (arm7_9->sw_breakpoints_added == 1)
398 {
399 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
400 }
401 else if (arm7_9->sw_breakpoints_added == 2)
402 {
403 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
404 }
405 }
406
407 breakpoint->set = 0;
408 }
409
410 return retval;
411 }
412
413 /**
414 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
415 * dangling breakpoints and that the desired breakpoint can be added.
416 *
417 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
418 * @param breakpoint Pointer to the breakpoint to be added
419 * @return An error status if there is a problem adding the breakpoint or the
420 * result of setting the breakpoint
421 */
422 int arm7_9_add_breakpoint(struct target *target, struct breakpoint *breakpoint)
423 {
424 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
425
426 if (target->state != TARGET_HALTED)
427 {
428 LOG_WARNING("target not halted");
429 return ERROR_TARGET_NOT_HALTED;
430 }
431
432 if (arm7_9->breakpoint_count == 0)
433 {
434 /* make sure we don't have any dangling breakpoints. This is vital upon
435 * GDB connect/disconnect
436 */
437 arm7_9_clear_watchpoints(arm7_9);
438 }
439
440 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
441 {
442 LOG_INFO("no watchpoint unit available for hardware breakpoint");
443 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
444 }
445
446 if ((breakpoint->length != 2) && (breakpoint->length != 4))
447 {
448 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
449 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
450 }
451
452 if (breakpoint->type == BKPT_HARD)
453 {
454 arm7_9_assign_wp(arm7_9, breakpoint);
455 }
456
457 arm7_9->breakpoint_count++;
458
459 return arm7_9_set_breakpoint(target, breakpoint);
460 }
461
462 /**
463 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
464 * dangling breakpoints and updates available watchpoints if it is a hardware
465 * breakpoint.
466 *
467 * @param target Pointer to the target to have a breakpoint removed
468 * @param breakpoint Pointer to the breakpoint to be removed
469 * @return Error status if there was a problem unsetting the breakpoint or the
470 * watchpoints could not be cleared
471 */
472 int arm7_9_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
473 {
474 int retval = ERROR_OK;
475 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
476
477 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
478 {
479 return retval;
480 }
481
482 if (breakpoint->type == BKPT_HARD)
483 arm7_9->wp_available++;
484
485 arm7_9->breakpoint_count--;
486 if (arm7_9->breakpoint_count == 0)
487 {
488 /* make sure we don't have any dangling breakpoints */
489 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
490 {
491 return retval;
492 }
493 }
494
495 return ERROR_OK;
496 }
497
498 /**
499 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
500 * considered a bug to call this function when there are no available watchpoint
501 * units.
502 *
503 * @param target Pointer to an ARM7/9 target to set a watchpoint on
504 * @param watchpoint Pointer to the watchpoint to be set
505 * @return Error status if watchpoint set fails or the result of executing the
506 * JTAG queue
507 */
508 int arm7_9_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
509 {
510 int retval = ERROR_OK;
511 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
512 int rw_mask = 1;
513 uint32_t mask;
514
515 mask = watchpoint->length - 1;
516
517 if (target->state != TARGET_HALTED)
518 {
519 LOG_WARNING("target not halted");
520 return ERROR_TARGET_NOT_HALTED;
521 }
522
523 if (watchpoint->rw == WPT_ACCESS)
524 rw_mask = 0;
525 else
526 rw_mask = 1;
527
528 if (!arm7_9->wp0_used)
529 {
530 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
531 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
532 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
533 if (watchpoint->mask != 0xffffffffu)
534 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
535 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
536 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
537
538 if ((retval = jtag_execute_queue()) != ERROR_OK)
539 {
540 return retval;
541 }
542 watchpoint->set = 1;
543 arm7_9->wp0_used = 2;
544 }
545 else if (!arm7_9->wp1_used)
546 {
547 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
549 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
550 if (watchpoint->mask != 0xffffffffu)
551 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
552 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
553 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
554
555 if ((retval = jtag_execute_queue()) != ERROR_OK)
556 {
557 return retval;
558 }
559 watchpoint->set = 2;
560 arm7_9->wp1_used = 2;
561 }
562 else
563 {
564 LOG_ERROR("BUG: no hardware comparator available");
565 return ERROR_OK;
566 }
567
568 return ERROR_OK;
569 }
570
571 /**
572 * Unset an existing watchpoint and clear the used watchpoint unit.
573 *
574 * @param target Pointer to the target to have the watchpoint removed
575 * @param watchpoint Pointer to the watchpoint to be removed
576 * @return Error status while trying to unset the watchpoint or the result of
577 * executing the JTAG queue
578 */
579 int arm7_9_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
580 {
581 int retval = ERROR_OK;
582 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
583
584 if (target->state != TARGET_HALTED)
585 {
586 LOG_WARNING("target not halted");
587 return ERROR_TARGET_NOT_HALTED;
588 }
589
590 if (!watchpoint->set)
591 {
592 LOG_WARNING("breakpoint not set");
593 return ERROR_OK;
594 }
595
596 if (watchpoint->set == 1)
597 {
598 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
599 if ((retval = jtag_execute_queue()) != ERROR_OK)
600 {
601 return retval;
602 }
603 arm7_9->wp0_used = 0;
604 }
605 else if (watchpoint->set == 2)
606 {
607 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
608 if ((retval = jtag_execute_queue()) != ERROR_OK)
609 {
610 return retval;
611 }
612 arm7_9->wp1_used = 0;
613 }
614 watchpoint->set = 0;
615
616 return ERROR_OK;
617 }
618
619 /**
620 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
621 * available, an error response is returned.
622 *
623 * @param target Pointer to the ARM7/9 target to add a watchpoint to
624 * @param watchpoint Pointer to the watchpoint to be added
625 * @return Error status while trying to add the watchpoint
626 */
627 int arm7_9_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
628 {
629 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
630
631 if (target->state != TARGET_HALTED)
632 {
633 LOG_WARNING("target not halted");
634 return ERROR_TARGET_NOT_HALTED;
635 }
636
637 if (arm7_9->wp_available < 1)
638 {
639 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
640 }
641
642 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
643 {
644 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
645 }
646
647 arm7_9->wp_available--;
648
649 return ERROR_OK;
650 }
651
652 /**
653 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
654 * the used watchpoint unit will be reopened.
655 *
656 * @param target Pointer to the target to remove a watchpoint from
657 * @param watchpoint Pointer to the watchpoint to be removed
658 * @return Result of trying to unset the watchpoint
659 */
660 int arm7_9_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
661 {
662 int retval = ERROR_OK;
663 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
664
665 if (watchpoint->set)
666 {
667 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
668 {
669 return retval;
670 }
671 }
672
673 arm7_9->wp_available++;
674
675 return ERROR_OK;
676 }
677
678 /**
679 * Restarts the target by sending a RESTART instruction and moving the JTAG
680 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
681 * asserted by the processor.
682 *
683 * @param target Pointer to target to issue commands to
684 * @return Error status if there is a timeout or a problem while executing the
685 * JTAG queue
686 */
687 int arm7_9_execute_sys_speed(struct target *target)
688 {
689 int retval;
690 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
691 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
692 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
693
694 /* set RESTART instruction */
695 jtag_set_end_state(TAP_IDLE);
696 if (arm7_9->need_bypass_before_restart) {
697 arm7_9->need_bypass_before_restart = 0;
698 arm_jtag_set_instr(jtag_info, 0xf, NULL);
699 }
700 arm_jtag_set_instr(jtag_info, 0x4, NULL);
701
702 long long then = timeval_ms();
703 int timeout;
704 while (!(timeout = ((timeval_ms()-then) > 1000)))
705 {
706 /* read debug status register */
707 embeddedice_read_reg(dbg_stat);
708 if ((retval = jtag_execute_queue()) != ERROR_OK)
709 return retval;
710 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
711 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
712 break;
713 if (debug_level >= 3)
714 {
715 alive_sleep(100);
716 } else
717 {
718 keep_alive();
719 }
720 }
721 if (timeout)
722 {
723 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
724 return ERROR_TARGET_TIMEOUT;
725 }
726
727 return ERROR_OK;
728 }
729
730 /**
731 * Restarts the target by sending a RESTART instruction and moving the JTAG
732 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
733 * waiting until they are.
734 *
735 * @param target Pointer to the target to issue commands to
736 * @return Always ERROR_OK
737 */
738 int arm7_9_execute_fast_sys_speed(struct target *target)
739 {
740 static int set = 0;
741 static uint8_t check_value[4], check_mask[4];
742
743 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
744 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
745 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
746
747 /* set RESTART instruction */
748 jtag_set_end_state(TAP_IDLE);
749 if (arm7_9->need_bypass_before_restart) {
750 arm7_9->need_bypass_before_restart = 0;
751 arm_jtag_set_instr(jtag_info, 0xf, NULL);
752 }
753 arm_jtag_set_instr(jtag_info, 0x4, NULL);
754
755 if (!set)
756 {
757 /* check for DBGACK and SYSCOMP set (others don't care) */
758
759 /* NB! These are constants that must be available until after next jtag_execute() and
760 * we evaluate the values upon first execution in lieu of setting up these constants
761 * during early setup.
762 * */
763 buf_set_u32(check_value, 0, 32, 0x9);
764 buf_set_u32(check_mask, 0, 32, 0x9);
765 set = 1;
766 }
767
768 /* read debug status register */
769 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
770
771 return ERROR_OK;
772 }
773
774 /**
775 * Get some data from the ARM7/9 target.
776 *
777 * @param target Pointer to the ARM7/9 target to read data from
778 * @param size The number of 32bit words to be read
779 * @param buffer Pointer to the buffer that will hold the data
780 * @return The result of receiving data from the Embedded ICE unit
781 */
782 int arm7_9_target_request_data(struct target *target, uint32_t size, uint8_t *buffer)
783 {
784 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
785 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
786 uint32_t *data;
787 int retval = ERROR_OK;
788 uint32_t i;
789
790 data = malloc(size * (sizeof(uint32_t)));
791
792 retval = embeddedice_receive(jtag_info, data, size);
793
794 /* return the 32-bit ints in the 8-bit array */
795 for (i = 0; i < size; i++)
796 {
797 h_u32_to_le(buffer + (i * 4), data[i]);
798 }
799
800 free(data);
801
802 return retval;
803 }
804
805 /**
806 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
807 * target is running and the DCC control register has the W bit high, this will
808 * execute the request on the target.
809 *
810 * @param priv Void pointer expected to be a struct target pointer
811 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
812 * from the Embedded ICE unit
813 */
814 int arm7_9_handle_target_request(void *priv)
815 {
816 int retval = ERROR_OK;
817 struct target *target = priv;
818 if (!target_was_examined(target))
819 return ERROR_OK;
820 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
821 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
822 struct reg *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
823
824 if (!target->dbg_msg_enabled)
825 return ERROR_OK;
826
827 if (target->state == TARGET_RUNNING)
828 {
829 /* read DCC control register */
830 embeddedice_read_reg(dcc_control);
831 if ((retval = jtag_execute_queue()) != ERROR_OK)
832 {
833 return retval;
834 }
835
836 /* check W bit */
837 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
838 {
839 uint32_t request;
840
841 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
842 {
843 return retval;
844 }
845 if ((retval = target_request(target, request)) != ERROR_OK)
846 {
847 return retval;
848 }
849 }
850 }
851
852 return ERROR_OK;
853 }
854
855 /**
856 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
857 * is manipulated to the right halted state based on its current state. This is
858 * what happens:
859 *
860 * <table>
861 * <tr><th > State</th><th > Action</th></tr>
862 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
863 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
864 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
865 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
866 * </table>
867 *
868 * If the target does not end up in the halted state, a warning is produced. If
869 * DBGACK is cleared, then the target is expected to either be running or
870 * running in debug.
871 *
872 * @param target Pointer to the ARM7/9 target to poll
873 * @return ERROR_OK or an error status if a command fails
874 */
875 int arm7_9_poll(struct target *target)
876 {
877 int retval;
878 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
879 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
880
881 /* read debug status register */
882 embeddedice_read_reg(dbg_stat);
883 if ((retval = jtag_execute_queue()) != ERROR_OK)
884 {
885 return retval;
886 }
887
888 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
889 {
890 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
891 if (target->state == TARGET_UNKNOWN)
892 {
893 /* Starting OpenOCD with target in debug-halt */
894 target->state = TARGET_RUNNING;
895 LOG_DEBUG("DBGACK already set during server startup.");
896 }
897 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
898 {
899 int check_pc = 0;
900 if (target->state == TARGET_RESET)
901 {
902 if (target->reset_halt)
903 {
904 enum reset_types jtag_reset_config = jtag_get_reset_config();
905 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
906 {
907 check_pc = 1;
908 }
909 }
910 }
911
912 target->state = TARGET_HALTED;
913
914 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
915 return retval;
916
917 if (check_pc)
918 {
919 struct reg *reg = register_get_by_name(target->reg_cache, "pc", 1);
920 uint32_t t=*((uint32_t *)reg->value);
921 if (t != 0)
922 {
923 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
924 }
925 }
926
927 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
928 {
929 return retval;
930 }
931 }
932 if (target->state == TARGET_DEBUG_RUNNING)
933 {
934 target->state = TARGET_HALTED;
935 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
936 return retval;
937
938 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
939 {
940 return retval;
941 }
942 }
943 if (target->state != TARGET_HALTED)
944 {
945 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
946 }
947 }
948 else
949 {
950 if (target->state != TARGET_DEBUG_RUNNING)
951 target->state = TARGET_RUNNING;
952 }
953
954 return ERROR_OK;
955 }
956
957 /**
958 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
959 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
960 * affected) completely stop the JTAG clock while the core is held in reset
961 * (SRST). It isn't possible to program the halt condition once reset is
962 * asserted, hence a hook that allows the target to set up its reset-halt
963 * condition is setup prior to asserting reset.
964 *
965 * @param target Pointer to an ARM7/9 target to assert reset on
966 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
967 */
968 int arm7_9_assert_reset(struct target *target)
969 {
970 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
971
972 LOG_DEBUG("target->state: %s",
973 target_state_name(target));
974
975 enum reset_types jtag_reset_config = jtag_get_reset_config();
976 if (!(jtag_reset_config & RESET_HAS_SRST))
977 {
978 LOG_ERROR("Can't assert SRST");
979 return ERROR_FAIL;
980 }
981
982 /* At this point trst has been asserted/deasserted once. We would
983 * like to program EmbeddedICE while SRST is asserted, instead of
984 * depending on SRST to leave that module alone. However, many CPUs
985 * gate the JTAG clock while SRST is asserted; or JTAG may need
986 * clock stability guarantees (adaptive clocking might help).
987 *
988 * So we assume JTAG access during SRST is off the menu unless it's
989 * been specifically enabled.
990 */
991 bool srst_asserted = false;
992
993 if (((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
994 && (jtag_reset_config & RESET_SRST_NO_GATING))
995 {
996 jtag_add_reset(0, 1);
997 srst_asserted = true;
998 }
999
1000 if (target->reset_halt)
1001 {
1002 /*
1003 * Some targets do not support communication while SRST is asserted. We need to
1004 * set up the reset vector catch here.
1005 *
1006 * If TRST is asserted, then these settings will be reset anyway, so setting them
1007 * here is harmless.
1008 */
1009 if (arm7_9->has_vector_catch)
1010 {
1011 /* program vector catch register to catch reset vector */
1012 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1013
1014 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1015 jtag_add_runtest(1, jtag_get_end_state());
1016 }
1017 else
1018 {
1019 /* program watchpoint unit to match on reset vector address */
1020 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1021 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1022 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1023 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1024 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1025 }
1026 }
1027
1028 /* here we should issue an SRST only, but we may have to assert TRST as well */
1029 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1030 {
1031 jtag_add_reset(1, 1);
1032 } else if (!srst_asserted)
1033 {
1034 jtag_add_reset(0, 1);
1035 }
1036
1037 target->state = TARGET_RESET;
1038 jtag_add_sleep(50000);
1039
1040 armv4_5_invalidate_core_regs(target);
1041
1042 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1043 {
1044 /* debug entry was already prepared in arm7_9_assert_reset() */
1045 target->debug_reason = DBG_REASON_DBGRQ;
1046 }
1047
1048 return ERROR_OK;
1049 }
1050
1051 /**
1052 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1053 * and the target is being reset into a halt, a warning will be triggered
1054 * because it is not possible to reset into a halted mode in this case. The
1055 * target is halted using the target's functions.
1056 *
1057 * @param target Pointer to the target to have the reset deasserted
1058 * @return ERROR_OK or an error from polling or halting the target
1059 */
1060 int arm7_9_deassert_reset(struct target *target)
1061 {
1062 int retval = ERROR_OK;
1063 LOG_DEBUG("target->state: %s",
1064 target_state_name(target));
1065
1066 /* deassert reset lines */
1067 jtag_add_reset(0, 0);
1068
1069 enum reset_types jtag_reset_config = jtag_get_reset_config();
1070 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1071 {
1072 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1073 /* set up embedded ice registers again */
1074 if ((retval = target_examine_one(target)) != ERROR_OK)
1075 return retval;
1076
1077 if ((retval = target_poll(target)) != ERROR_OK)
1078 {
1079 return retval;
1080 }
1081
1082 if ((retval = target_halt(target)) != ERROR_OK)
1083 {
1084 return retval;
1085 }
1086
1087 }
1088 return retval;
1089 }
1090
1091 /**
1092 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1093 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1094 * vector catch was used, it is restored. Otherwise, the control value is
1095 * restored and the watchpoint unit is restored if it was in use.
1096 *
1097 * @param target Pointer to the ARM7/9 target to have halt cleared
1098 * @return Always ERROR_OK
1099 */
1100 int arm7_9_clear_halt(struct target *target)
1101 {
1102 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1103 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1104
1105 /* we used DBGRQ only if we didn't come out of reset */
1106 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1107 {
1108 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1109 */
1110 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1111 embeddedice_store_reg(dbg_ctrl);
1112 }
1113 else
1114 {
1115 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1116 {
1117 /* if we came out of reset, and vector catch is supported, we used
1118 * vector catch to enter debug state
1119 * restore the register in that case
1120 */
1121 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1122 }
1123 else
1124 {
1125 /* restore registers if watchpoint unit 0 was in use
1126 */
1127 if (arm7_9->wp0_used)
1128 {
1129 if (arm7_9->debug_entry_from_reset)
1130 {
1131 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1132 }
1133 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1134 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1135 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1136 }
1137 /* control value always has to be restored, as it was either disabled,
1138 * or enabled with possibly different bits
1139 */
1140 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1141 }
1142 }
1143
1144 return ERROR_OK;
1145 }
1146
1147 /**
1148 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1149 * and then there is a wait until the processor shows the halt. This wait can
1150 * timeout and results in an error being returned. The software reset involves
1151 * clearing the halt, updating the debug control register, changing to ARM mode,
1152 * reset of the program counter, and reset of all of the registers.
1153 *
1154 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1155 * @return Error status if any of the commands fail, otherwise ERROR_OK
1156 */
1157 int arm7_9_soft_reset_halt(struct target *target)
1158 {
1159 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1160 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1161 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1162 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1163 int i;
1164 int retval;
1165
1166 /* FIX!!! replace some of this code with tcl commands
1167 *
1168 * halt # the halt command is synchronous
1169 * armv4_5 core_state arm
1170 *
1171 */
1172
1173 if ((retval = target_halt(target)) != ERROR_OK)
1174 return retval;
1175
1176 long long then = timeval_ms();
1177 int timeout;
1178 while (!(timeout = ((timeval_ms()-then) > 1000)))
1179 {
1180 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1181 break;
1182 embeddedice_read_reg(dbg_stat);
1183 if ((retval = jtag_execute_queue()) != ERROR_OK)
1184 return retval;
1185 if (debug_level >= 3)
1186 {
1187 alive_sleep(100);
1188 } else
1189 {
1190 keep_alive();
1191 }
1192 }
1193 if (timeout)
1194 {
1195 LOG_ERROR("Failed to halt CPU after 1 sec");
1196 return ERROR_TARGET_TIMEOUT;
1197 }
1198 target->state = TARGET_HALTED;
1199
1200 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1201 * ensure that DBGRQ is cleared
1202 */
1203 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1204 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1205 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1206 embeddedice_store_reg(dbg_ctrl);
1207
1208 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1209 {
1210 return retval;
1211 }
1212
1213 /* if the target is in Thumb state, change to ARM state */
1214 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1215 {
1216 uint32_t r0_thumb, pc_thumb;
1217 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1218 /* Entered debug from Thumb mode */
1219 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1220 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1221 }
1222
1223 /* all register content is now invalid */
1224 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1225 {
1226 return retval;
1227 }
1228
1229 /* SVC, ARM state, IRQ and FIQ disabled */
1230 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1231 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1232 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1233
1234 /* start fetching from 0x0 */
1235 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1236 armv4_5->core_cache->reg_list[15].dirty = 1;
1237 armv4_5->core_cache->reg_list[15].valid = 1;
1238
1239 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1240 armv4_5->core_state = ARMV4_5_STATE_ARM;
1241
1242 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1243 return ERROR_FAIL;
1244
1245 /* reset registers */
1246 for (i = 0; i <= 14; i++)
1247 {
1248 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1249 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1250 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1251 }
1252
1253 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1254 {
1255 return retval;
1256 }
1257
1258 return ERROR_OK;
1259 }
1260
1261 /**
1262 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1263 * line or by programming a watchpoint to trigger on any address. It is
1264 * considered a bug to call this function while the target is in the
1265 * TARGET_RESET state.
1266 *
1267 * @param target Pointer to the ARM7/9 target to be halted
1268 * @return Always ERROR_OK
1269 */
1270 int arm7_9_halt(struct target *target)
1271 {
1272 if (target->state == TARGET_RESET)
1273 {
1274 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1275 return ERROR_OK;
1276 }
1277
1278 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1279 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1280
1281 LOG_DEBUG("target->state: %s",
1282 target_state_name(target));
1283
1284 if (target->state == TARGET_HALTED)
1285 {
1286 LOG_DEBUG("target was already halted");
1287 return ERROR_OK;
1288 }
1289
1290 if (target->state == TARGET_UNKNOWN)
1291 {
1292 LOG_WARNING("target was in unknown state when halt was requested");
1293 }
1294
1295 if (arm7_9->use_dbgrq)
1296 {
1297 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1298 */
1299 if (arm7_9->set_special_dbgrq) {
1300 arm7_9->set_special_dbgrq(target);
1301 } else {
1302 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1303 embeddedice_store_reg(dbg_ctrl);
1304 }
1305 }
1306 else
1307 {
1308 /* program watchpoint unit to match on any address
1309 */
1310 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1311 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1312 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1313 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1314 }
1315
1316 target->debug_reason = DBG_REASON_DBGRQ;
1317
1318 return ERROR_OK;
1319 }
1320
1321 /**
1322 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1323 * ARM. The JTAG queue is then executed and the reason for debug entry is
1324 * examined. Once done, the target is verified to be halted and the processor
1325 * is forced into ARM mode. The core registers are saved for the current core
1326 * mode and the program counter (register 15) is updated as needed. The core
1327 * registers and CPSR and SPSR are saved for restoration later.
1328 *
1329 * @param target Pointer to target that is entering debug mode
1330 * @return Error code if anything fails, otherwise ERROR_OK
1331 */
1332 static int arm7_9_debug_entry(struct target *target)
1333 {
1334 int i;
1335 uint32_t context[16];
1336 uint32_t* context_p[16];
1337 uint32_t r0_thumb, pc_thumb;
1338 uint32_t cpsr;
1339 int retval;
1340 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1341 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1342 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1343 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1344
1345 #ifdef _DEBUG_ARM7_9_
1346 LOG_DEBUG("-");
1347 #endif
1348
1349 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1350 * ensure that DBGRQ is cleared
1351 */
1352 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1353 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1354 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1355 embeddedice_store_reg(dbg_ctrl);
1356
1357 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1358 {
1359 return retval;
1360 }
1361
1362 if ((retval = jtag_execute_queue()) != ERROR_OK)
1363 {
1364 return retval;
1365 }
1366
1367 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1368 return retval;
1369
1370
1371 if (target->state != TARGET_HALTED)
1372 {
1373 LOG_WARNING("target not halted");
1374 return ERROR_TARGET_NOT_HALTED;
1375 }
1376
1377 /* if the target is in Thumb state, change to ARM state */
1378 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1379 {
1380 LOG_DEBUG("target entered debug from Thumb state");
1381 /* Entered debug from Thumb mode */
1382 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1383 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1384 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1385 }
1386 else
1387 {
1388 LOG_DEBUG("target entered debug from ARM state");
1389 /* Entered debug from ARM mode */
1390 armv4_5->core_state = ARMV4_5_STATE_ARM;
1391 }
1392
1393 for (i = 0; i < 16; i++)
1394 context_p[i] = &context[i];
1395 /* save core registers (r0 - r15 of current core mode) */
1396 arm7_9->read_core_regs(target, 0xffff, context_p);
1397
1398 arm7_9->read_xpsr(target, &cpsr, 0);
1399
1400 if ((retval = jtag_execute_queue()) != ERROR_OK)
1401 return retval;
1402
1403 /* if the core has been executing in Thumb state, set the T bit */
1404 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1405 cpsr |= 0x20;
1406
1407 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1408 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1409 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1410
1411 armv4_5->core_mode = cpsr & 0x1f;
1412
1413 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1414 {
1415 target->state = TARGET_UNKNOWN;
1416 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1417 return ERROR_TARGET_FAILURE;
1418 }
1419
1420 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1421
1422 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1423 {
1424 LOG_DEBUG("thumb state, applying fixups");
1425 context[0] = r0_thumb;
1426 context[15] = pc_thumb;
1427 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1428 {
1429 /* adjust value stored by STM */
1430 context[15] -= 3 * 4;
1431 }
1432
1433 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1434 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1435 else
1436 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1437
1438 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1439 return ERROR_FAIL;
1440
1441 for (i = 0; i <= 15; i++)
1442 {
1443 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1444 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1445 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1446 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1447 }
1448
1449 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1450
1451 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1452 return ERROR_FAIL;
1453
1454 /* exceptions other than USR & SYS have a saved program status register */
1455 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1456 {
1457 uint32_t spsr;
1458 arm7_9->read_xpsr(target, &spsr, 1);
1459 if ((retval = jtag_execute_queue()) != ERROR_OK)
1460 {
1461 return retval;
1462 }
1463 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1464 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1465 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1466 }
1467
1468 /* r0 and r15 (pc) have to be restored later */
1469 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1470 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1471
1472 if ((retval = jtag_execute_queue()) != ERROR_OK)
1473 return retval;
1474
1475 if (arm7_9->post_debug_entry)
1476 arm7_9->post_debug_entry(target);
1477
1478 return ERROR_OK;
1479 }
1480
1481 /**
1482 * Validate the full context for an ARM7/9 target in all processor modes. If
1483 * there are any invalid registers for the target, they will all be read. This
1484 * includes the PSR.
1485 *
1486 * @param target Pointer to the ARM7/9 target to capture the full context from
1487 * @return Error if the target is not halted, has an invalid core mode, or if
1488 * the JTAG queue fails to execute
1489 */
1490 int arm7_9_full_context(struct target *target)
1491 {
1492 int i;
1493 int retval;
1494 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1495 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1496
1497 LOG_DEBUG("-");
1498
1499 if (target->state != TARGET_HALTED)
1500 {
1501 LOG_WARNING("target not halted");
1502 return ERROR_TARGET_NOT_HALTED;
1503 }
1504
1505 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1506 return ERROR_FAIL;
1507
1508 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1509 * SYS shares registers with User, so we don't touch SYS
1510 */
1511 for (i = 0; i < 6; i++)
1512 {
1513 uint32_t mask = 0;
1514 uint32_t* reg_p[16];
1515 int j;
1516 int valid = 1;
1517
1518 /* check if there are invalid registers in the current mode
1519 */
1520 for (j = 0; j <= 16; j++)
1521 {
1522 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1523 valid = 0;
1524 }
1525
1526 if (!valid)
1527 {
1528 uint32_t tmp_cpsr;
1529
1530 /* change processor mode (and mask T bit) */
1531 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1532 tmp_cpsr |= armv4_5_number_to_mode(i);
1533 tmp_cpsr &= ~0x20;
1534 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1535
1536 for (j = 0; j < 15; j++)
1537 {
1538 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1539 {
1540 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1541 mask |= 1 << j;
1542 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1543 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1544 }
1545 }
1546
1547 /* if only the PSR is invalid, mask is all zeroes */
1548 if (mask)
1549 arm7_9->read_core_regs(target, mask, reg_p);
1550
1551 /* check if the PSR has to be read */
1552 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1553 {
1554 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1555 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1556 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1557 }
1558 }
1559 }
1560
1561 /* restore processor mode (mask T bit) */
1562 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1563
1564 if ((retval = jtag_execute_queue()) != ERROR_OK)
1565 {
1566 return retval;
1567 }
1568 return ERROR_OK;
1569 }
1570
1571 /**
1572 * Restore the processor context on an ARM7/9 target. The full processor
1573 * context is analyzed to see if any of the registers are dirty on this end, but
1574 * have a valid new value. If this is the case, the processor is changed to the
1575 * appropriate mode and the new register values are written out to the
1576 * processor. If there happens to be a dirty register with an invalid value, an
1577 * error will be logged.
1578 *
1579 * @param target Pointer to the ARM7/9 target to have its context restored
1580 * @return Error status if the target is not halted or the core mode in the
1581 * armv4_5 struct is invalid.
1582 */
1583 int arm7_9_restore_context(struct target *target)
1584 {
1585 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1586 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1587 struct reg *reg;
1588 struct armv4_5_core_reg *reg_arch_info;
1589 enum armv4_5_mode current_mode = armv4_5->core_mode;
1590 int i, j;
1591 int dirty;
1592 int mode_change;
1593
1594 LOG_DEBUG("-");
1595
1596 if (target->state != TARGET_HALTED)
1597 {
1598 LOG_WARNING("target not halted");
1599 return ERROR_TARGET_NOT_HALTED;
1600 }
1601
1602 if (arm7_9->pre_restore_context)
1603 arm7_9->pre_restore_context(target);
1604
1605 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1606 return ERROR_FAIL;
1607
1608 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1609 * SYS shares registers with User, so we don't touch SYS
1610 */
1611 for (i = 0; i < 6; i++)
1612 {
1613 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1614 dirty = 0;
1615 mode_change = 0;
1616 /* check if there are dirty registers in the current mode
1617 */
1618 for (j = 0; j <= 16; j++)
1619 {
1620 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1621 reg_arch_info = reg->arch_info;
1622 if (reg->dirty == 1)
1623 {
1624 if (reg->valid == 1)
1625 {
1626 dirty = 1;
1627 LOG_DEBUG("examining dirty reg: %s", reg->name);
1628 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1629 && (reg_arch_info->mode != current_mode)
1630 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1631 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1632 {
1633 mode_change = 1;
1634 LOG_DEBUG("require mode change");
1635 }
1636 }
1637 else
1638 {
1639 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1640 }
1641 }
1642 }
1643
1644 if (dirty)
1645 {
1646 uint32_t mask = 0x0;
1647 int num_regs = 0;
1648 uint32_t regs[16];
1649
1650 if (mode_change)
1651 {
1652 uint32_t tmp_cpsr;
1653
1654 /* change processor mode (mask T bit) */
1655 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1656 tmp_cpsr |= armv4_5_number_to_mode(i);
1657 tmp_cpsr &= ~0x20;
1658 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1659 current_mode = armv4_5_number_to_mode(i);
1660 }
1661
1662 for (j = 0; j <= 14; j++)
1663 {
1664 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1665 reg_arch_info = reg->arch_info;
1666
1667
1668 if (reg->dirty == 1)
1669 {
1670 regs[j] = buf_get_u32(reg->value, 0, 32);
1671 mask |= 1 << j;
1672 num_regs++;
1673 reg->dirty = 0;
1674 reg->valid = 1;
1675 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1676 }
1677 }
1678
1679 if (mask)
1680 {
1681 arm7_9->write_core_regs(target, mask, regs);
1682 }
1683
1684 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1685 reg_arch_info = reg->arch_info;
1686 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1687 {
1688 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1689 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1690 }
1691 }
1692 }
1693
1694 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1695 {
1696 /* restore processor mode (mask T bit) */
1697 uint32_t tmp_cpsr;
1698
1699 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1700 tmp_cpsr |= armv4_5_number_to_mode(i);
1701 tmp_cpsr &= ~0x20;
1702 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1703 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1704 }
1705 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1706 {
1707 /* CPSR has been changed, full restore necessary (mask T bit) */
1708 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1709 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1710 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1711 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1712 }
1713
1714 /* restore PC */
1715 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1716 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1717 armv4_5->core_cache->reg_list[15].dirty = 0;
1718
1719 if (arm7_9->post_restore_context)
1720 arm7_9->post_restore_context(target);
1721
1722 return ERROR_OK;
1723 }
1724
1725 /**
1726 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1727 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1728 * restart.
1729 *
1730 * @param target Pointer to the ARM7/9 target to be restarted
1731 * @return Result of executing the JTAG queue
1732 */
1733 int arm7_9_restart_core(struct target *target)
1734 {
1735 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1736 struct arm_jtag *jtag_info = &arm7_9->jtag_info;
1737
1738 /* set RESTART instruction */
1739 jtag_set_end_state(TAP_IDLE);
1740 if (arm7_9->need_bypass_before_restart) {
1741 arm7_9->need_bypass_before_restart = 0;
1742 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1743 }
1744 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1745
1746 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1747 return jtag_execute_queue();
1748 }
1749
1750 /**
1751 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1752 * iterated through and are set on the target if they aren't already set.
1753 *
1754 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1755 */
1756 void arm7_9_enable_watchpoints(struct target *target)
1757 {
1758 struct watchpoint *watchpoint = target->watchpoints;
1759
1760 while (watchpoint)
1761 {
1762 if (watchpoint->set == 0)
1763 arm7_9_set_watchpoint(target, watchpoint);
1764 watchpoint = watchpoint->next;
1765 }
1766 }
1767
1768 /**
1769 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1770 * iterated through and are set on the target.
1771 *
1772 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1773 */
1774 void arm7_9_enable_breakpoints(struct target *target)
1775 {
1776 struct breakpoint *breakpoint = target->breakpoints;
1777
1778 /* set any pending breakpoints */
1779 while (breakpoint)
1780 {
1781 arm7_9_set_breakpoint(target, breakpoint);
1782 breakpoint = breakpoint->next;
1783 }
1784 }
1785
1786 int arm7_9_resume(struct target *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1787 {
1788 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1789 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1790 struct breakpoint *breakpoint = target->breakpoints;
1791 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1792 int err, retval = ERROR_OK;
1793
1794 LOG_DEBUG("-");
1795
1796 if (target->state != TARGET_HALTED)
1797 {
1798 LOG_WARNING("target not halted");
1799 return ERROR_TARGET_NOT_HALTED;
1800 }
1801
1802 if (!debug_execution)
1803 {
1804 target_free_all_working_areas(target);
1805 }
1806
1807 /* current = 1: continue on current pc, otherwise continue at <address> */
1808 if (!current)
1809 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1810
1811 uint32_t current_pc;
1812 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1813
1814 /* the front-end may request us not to handle breakpoints */
1815 if (handle_breakpoints)
1816 {
1817 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1818 {
1819 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1820 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1821 {
1822 return retval;
1823 }
1824
1825 /* calculate PC of next instruction */
1826 uint32_t next_pc;
1827 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1828 {
1829 uint32_t current_opcode;
1830 target_read_u32(target, current_pc, &current_opcode);
1831 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1832 return retval;
1833 }
1834
1835 LOG_DEBUG("enable single-step");
1836 arm7_9->enable_single_step(target, next_pc);
1837
1838 target->debug_reason = DBG_REASON_SINGLESTEP;
1839
1840 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1841 {
1842 return retval;
1843 }
1844
1845 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1846 arm7_9->branch_resume(target);
1847 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1848 {
1849 arm7_9->branch_resume_thumb(target);
1850 }
1851 else
1852 {
1853 LOG_ERROR("unhandled core state");
1854 return ERROR_FAIL;
1855 }
1856
1857 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1858 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1859 err = arm7_9_execute_sys_speed(target);
1860
1861 LOG_DEBUG("disable single-step");
1862 arm7_9->disable_single_step(target);
1863
1864 if (err != ERROR_OK)
1865 {
1866 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1867 {
1868 return retval;
1869 }
1870 target->state = TARGET_UNKNOWN;
1871 return err;
1872 }
1873
1874 arm7_9_debug_entry(target);
1875 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1876
1877 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1878 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1879 {
1880 return retval;
1881 }
1882 }
1883 }
1884
1885 /* enable any pending breakpoints and watchpoints */
1886 arm7_9_enable_breakpoints(target);
1887 arm7_9_enable_watchpoints(target);
1888
1889 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1890 {
1891 return retval;
1892 }
1893
1894 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1895 {
1896 arm7_9->branch_resume(target);
1897 }
1898 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1899 {
1900 arm7_9->branch_resume_thumb(target);
1901 }
1902 else
1903 {
1904 LOG_ERROR("unhandled core state");
1905 return ERROR_FAIL;
1906 }
1907
1908 /* deassert DBGACK and INTDIS */
1909 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1910 /* INTDIS only when we really resume, not during debug execution */
1911 if (!debug_execution)
1912 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1913 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1914
1915 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1916 {
1917 return retval;
1918 }
1919
1920 target->debug_reason = DBG_REASON_NOTHALTED;
1921
1922 if (!debug_execution)
1923 {
1924 /* registers are now invalid */
1925 armv4_5_invalidate_core_regs(target);
1926 target->state = TARGET_RUNNING;
1927 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1928 {
1929 return retval;
1930 }
1931 }
1932 else
1933 {
1934 target->state = TARGET_DEBUG_RUNNING;
1935 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1936 {
1937 return retval;
1938 }
1939 }
1940
1941 LOG_DEBUG("target resumed");
1942
1943 return ERROR_OK;
1944 }
1945
1946 void arm7_9_enable_eice_step(struct target *target, uint32_t next_pc)
1947 {
1948 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1949 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
1950 uint32_t current_pc;
1951 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1952
1953 if (next_pc != current_pc)
1954 {
1955 /* setup an inverse breakpoint on the current PC
1956 * - comparator 1 matches the current address
1957 * - rangeout from comparator 1 is connected to comparator 0 rangein
1958 * - comparator 0 matches any address, as long as rangein is low */
1959 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1960 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1961 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1962 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1963 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1964 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1965 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1966 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1967 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1968 }
1969 else
1970 {
1971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1972 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1973 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1974 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1975 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1976 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1977 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1978 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1979 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1980 }
1981 }
1982
1983 void arm7_9_disable_eice_step(struct target *target)
1984 {
1985 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1986
1987 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1988 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1989 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1990 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1991 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1992 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
1993 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
1994 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
1995 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
1996 }
1997
1998 int arm7_9_step(struct target *target, int current, uint32_t address, int handle_breakpoints)
1999 {
2000 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2001 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2002 struct breakpoint *breakpoint = NULL;
2003 int err, retval;
2004
2005 if (target->state != TARGET_HALTED)
2006 {
2007 LOG_WARNING("target not halted");
2008 return ERROR_TARGET_NOT_HALTED;
2009 }
2010
2011 /* current = 1: continue on current pc, otherwise continue at <address> */
2012 if (!current)
2013 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2014
2015 uint32_t current_pc;
2016 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2017
2018 /* the front-end may request us not to handle breakpoints */
2019 if (handle_breakpoints)
2020 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2021 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2022 {
2023 return retval;
2024 }
2025
2026 target->debug_reason = DBG_REASON_SINGLESTEP;
2027
2028 /* calculate PC of next instruction */
2029 uint32_t next_pc;
2030 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2031 {
2032 uint32_t current_opcode;
2033 target_read_u32(target, current_pc, &current_opcode);
2034 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2035 return retval;
2036 }
2037
2038 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2039 {
2040 return retval;
2041 }
2042
2043 arm7_9->enable_single_step(target, next_pc);
2044
2045 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2046 {
2047 arm7_9->branch_resume(target);
2048 }
2049 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2050 {
2051 arm7_9->branch_resume_thumb(target);
2052 }
2053 else
2054 {
2055 LOG_ERROR("unhandled core state");
2056 return ERROR_FAIL;
2057 }
2058
2059 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2060 {
2061 return retval;
2062 }
2063
2064 err = arm7_9_execute_sys_speed(target);
2065 arm7_9->disable_single_step(target);
2066
2067 /* registers are now invalid */
2068 armv4_5_invalidate_core_regs(target);
2069
2070 if (err != ERROR_OK)
2071 {
2072 target->state = TARGET_UNKNOWN;
2073 } else {
2074 arm7_9_debug_entry(target);
2075 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2076 {
2077 return retval;
2078 }
2079 LOG_DEBUG("target stepped");
2080 }
2081
2082 if (breakpoint)
2083 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2084 {
2085 return retval;
2086 }
2087
2088 return err;
2089 }
2090
2091 int arm7_9_read_core_reg(struct target *target, int num, enum armv4_5_mode mode)
2092 {
2093 uint32_t* reg_p[16];
2094 uint32_t value;
2095 int retval;
2096 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2097 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2098
2099 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2100 return ERROR_FAIL;
2101
2102 enum armv4_5_mode reg_mode = ((struct armv4_5_core_reg*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2103
2104 if ((num < 0) || (num > 16))
2105 return ERROR_INVALID_ARGUMENTS;
2106
2107 if ((mode != ARMV4_5_MODE_ANY)
2108 && (mode != armv4_5->core_mode)
2109 && (reg_mode != ARMV4_5_MODE_ANY))
2110 {
2111 uint32_t tmp_cpsr;
2112
2113 /* change processor mode (mask T bit) */
2114 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2115 tmp_cpsr |= mode;
2116 tmp_cpsr &= ~0x20;
2117 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2118 }
2119
2120 if ((num >= 0) && (num <= 15))
2121 {
2122 /* read a normal core register */
2123 reg_p[num] = &value;
2124
2125 arm7_9->read_core_regs(target, 1 << num, reg_p);
2126 }
2127 else
2128 {
2129 /* read a program status register
2130 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2131 */
2132 struct armv4_5_core_reg *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2133 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2134
2135 arm7_9->read_xpsr(target, &value, spsr);
2136 }
2137
2138 if ((retval = jtag_execute_queue()) != ERROR_OK)
2139 {
2140 return retval;
2141 }
2142
2143 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2144 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2145 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2146
2147 if ((mode != ARMV4_5_MODE_ANY)
2148 && (mode != armv4_5->core_mode)
2149 && (reg_mode != ARMV4_5_MODE_ANY)) {
2150 /* restore processor mode (mask T bit) */
2151 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2152 }
2153
2154 return ERROR_OK;
2155 }
2156
2157 int arm7_9_write_core_reg(struct target *target, int num, enum armv4_5_mode mode, uint32_t value)
2158 {
2159 uint32_t reg[16];
2160 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2161 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2162
2163 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2164 return ERROR_FAIL;
2165
2166 enum armv4_5_mode reg_mode = ((struct armv4_5_core_reg*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2167
2168 if ((num < 0) || (num > 16))
2169 return ERROR_INVALID_ARGUMENTS;
2170
2171 if ((mode != ARMV4_5_MODE_ANY)
2172 && (mode != armv4_5->core_mode)
2173 && (reg_mode != ARMV4_5_MODE_ANY)) {
2174 uint32_t tmp_cpsr;
2175
2176 /* change processor mode (mask T bit) */
2177 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2178 tmp_cpsr |= mode;
2179 tmp_cpsr &= ~0x20;
2180 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2181 }
2182
2183 if ((num >= 0) && (num <= 15))
2184 {
2185 /* write a normal core register */
2186 reg[num] = value;
2187
2188 arm7_9->write_core_regs(target, 1 << num, reg);
2189 }
2190 else
2191 {
2192 /* write a program status register
2193 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2194 */
2195 struct armv4_5_core_reg *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2196 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2197
2198 /* if we're writing the CPSR, mask the T bit */
2199 if (!spsr)
2200 value &= ~0x20;
2201
2202 arm7_9->write_xpsr(target, value, spsr);
2203 }
2204
2205 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2206 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2207
2208 if ((mode != ARMV4_5_MODE_ANY)
2209 && (mode != armv4_5->core_mode)
2210 && (reg_mode != ARMV4_5_MODE_ANY)) {
2211 /* restore processor mode (mask T bit) */
2212 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2213 }
2214
2215 return jtag_execute_queue();
2216 }
2217
2218 int arm7_9_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2219 {
2220 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2221 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2222 uint32_t reg[16];
2223 uint32_t num_accesses = 0;
2224 int thisrun_accesses;
2225 int i;
2226 uint32_t cpsr;
2227 int retval;
2228 int last_reg = 0;
2229
2230 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2231
2232 if (target->state != TARGET_HALTED)
2233 {
2234 LOG_WARNING("target not halted");
2235 return ERROR_TARGET_NOT_HALTED;
2236 }
2237
2238 /* sanitize arguments */
2239 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2240 return ERROR_INVALID_ARGUMENTS;
2241
2242 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2243 return ERROR_TARGET_UNALIGNED_ACCESS;
2244
2245 /* load the base register with the address of the first word */
2246 reg[0] = address;
2247 arm7_9->write_core_regs(target, 0x1, reg);
2248
2249 int j = 0;
2250
2251 switch (size)
2252 {
2253 case 4:
2254 while (num_accesses < count)
2255 {
2256 uint32_t reg_list;
2257 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2258 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2259
2260 if (last_reg <= thisrun_accesses)
2261 last_reg = thisrun_accesses;
2262
2263 arm7_9->load_word_regs(target, reg_list);
2264
2265 /* fast memory reads are only safe when the target is running
2266 * from a sufficiently high clock (32 kHz is usually too slow)
2267 */
2268 if (arm7_9->fast_memory_access)
2269 retval = arm7_9_execute_fast_sys_speed(target);
2270 else
2271 retval = arm7_9_execute_sys_speed(target);
2272 if (retval != ERROR_OK)
2273 return retval;
2274
2275 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2276
2277 /* advance buffer, count number of accesses */
2278 buffer += thisrun_accesses * 4;
2279 num_accesses += thisrun_accesses;
2280
2281 if ((j++%1024) == 0)
2282 {
2283 keep_alive();
2284 }
2285 }
2286 break;
2287 case 2:
2288 while (num_accesses < count)
2289 {
2290 uint32_t reg_list;
2291 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2292 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2293
2294 for (i = 1; i <= thisrun_accesses; i++)
2295 {
2296 if (i > last_reg)
2297 last_reg = i;
2298 arm7_9->load_hword_reg(target, i);
2299 /* fast memory reads are only safe when the target is running
2300 * from a sufficiently high clock (32 kHz is usually too slow)
2301 */
2302 if (arm7_9->fast_memory_access)
2303 retval = arm7_9_execute_fast_sys_speed(target);
2304 else
2305 retval = arm7_9_execute_sys_speed(target);
2306 if (retval != ERROR_OK)
2307 {
2308 return retval;
2309 }
2310
2311 }
2312
2313 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2314
2315 /* advance buffer, count number of accesses */
2316 buffer += thisrun_accesses * 2;
2317 num_accesses += thisrun_accesses;
2318
2319 if ((j++%1024) == 0)
2320 {
2321 keep_alive();
2322 }
2323 }
2324 break;
2325 case 1:
2326 while (num_accesses < count)
2327 {
2328 uint32_t reg_list;
2329 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2330 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2331
2332 for (i = 1; i <= thisrun_accesses; i++)
2333 {
2334 if (i > last_reg)
2335 last_reg = i;
2336 arm7_9->load_byte_reg(target, i);
2337 /* fast memory reads are only safe when the target is running
2338 * from a sufficiently high clock (32 kHz is usually too slow)
2339 */
2340 if (arm7_9->fast_memory_access)
2341 retval = arm7_9_execute_fast_sys_speed(target);
2342 else
2343 retval = arm7_9_execute_sys_speed(target);
2344 if (retval != ERROR_OK)
2345 {
2346 return retval;
2347 }
2348 }
2349
2350 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2351
2352 /* advance buffer, count number of accesses */
2353 buffer += thisrun_accesses * 1;
2354 num_accesses += thisrun_accesses;
2355
2356 if ((j++%1024) == 0)
2357 {
2358 keep_alive();
2359 }
2360 }
2361 break;
2362 default:
2363 LOG_ERROR("BUG: we shouldn't get here");
2364 exit(-1);
2365 break;
2366 }
2367
2368 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2369 return ERROR_FAIL;
2370
2371 for (i = 0; i <= last_reg; i++)
2372 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2373
2374 arm7_9->read_xpsr(target, &cpsr, 0);
2375 if ((retval = jtag_execute_queue()) != ERROR_OK)
2376 {
2377 LOG_ERROR("JTAG error while reading cpsr");
2378 return ERROR_TARGET_DATA_ABORT;
2379 }
2380
2381 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2382 {
2383 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2384
2385 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2386
2387 return ERROR_TARGET_DATA_ABORT;
2388 }
2389
2390 return ERROR_OK;
2391 }
2392
2393 int arm7_9_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2394 {
2395 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2396 struct armv4_5_common_s *armv4_5 = &arm7_9->armv4_5_common;
2397 struct reg *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2398
2399 uint32_t reg[16];
2400 uint32_t num_accesses = 0;
2401 int thisrun_accesses;
2402 int i;
2403 uint32_t cpsr;
2404 int retval;
2405 int last_reg = 0;
2406
2407 #ifdef _DEBUG_ARM7_9_
2408 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2409 #endif
2410
2411 if (target->state != TARGET_HALTED)
2412 {
2413 LOG_WARNING("target not halted");
2414 return ERROR_TARGET_NOT_HALTED;
2415 }
2416
2417 /* sanitize arguments */
2418 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2419 return ERROR_INVALID_ARGUMENTS;
2420
2421 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2422 return ERROR_TARGET_UNALIGNED_ACCESS;
2423
2424 /* load the base register with the address of the first word */
2425 reg[0] = address;
2426 arm7_9->write_core_regs(target, 0x1, reg);
2427
2428 /* Clear DBGACK, to make sure memory fetches work as expected */
2429 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2430 embeddedice_store_reg(dbg_ctrl);
2431
2432 switch (size)
2433 {
2434 case 4:
2435 while (num_accesses < count)
2436 {
2437 uint32_t reg_list;
2438 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2439 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2440
2441 for (i = 1; i <= thisrun_accesses; i++)
2442 {
2443 if (i > last_reg)
2444 last_reg = i;
2445 reg[i] = target_buffer_get_u32(target, buffer);
2446 buffer += 4;
2447 }
2448
2449 arm7_9->write_core_regs(target, reg_list, reg);
2450
2451 arm7_9->store_word_regs(target, reg_list);
2452
2453 /* fast memory writes are only safe when the target is running
2454 * from a sufficiently high clock (32 kHz is usually too slow)
2455 */
2456 if (arm7_9->fast_memory_access)
2457 retval = arm7_9_execute_fast_sys_speed(target);
2458 else
2459 retval = arm7_9_execute_sys_speed(target);
2460 if (retval != ERROR_OK)
2461 {
2462 return retval;
2463 }
2464
2465 num_accesses += thisrun_accesses;
2466 }
2467 break;
2468 case 2:
2469 while (num_accesses < count)
2470 {
2471 uint32_t reg_list;
2472 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2473 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2474
2475 for (i = 1; i <= thisrun_accesses; i++)
2476 {
2477 if (i > last_reg)
2478 last_reg = i;
2479 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2480 buffer += 2;
2481 }
2482
2483 arm7_9->write_core_regs(target, reg_list, reg);
2484
2485 for (i = 1; i <= thisrun_accesses; i++)
2486 {
2487 arm7_9->store_hword_reg(target, i);
2488
2489 /* fast memory writes are only safe when the target is running
2490 * from a sufficiently high clock (32 kHz is usually too slow)
2491 */
2492 if (arm7_9->fast_memory_access)
2493 retval = arm7_9_execute_fast_sys_speed(target);
2494 else
2495 retval = arm7_9_execute_sys_speed(target);
2496 if (retval != ERROR_OK)
2497 {
2498 return retval;
2499 }
2500 }
2501
2502 num_accesses += thisrun_accesses;
2503 }
2504 break;
2505 case 1:
2506 while (num_accesses < count)
2507 {
2508 uint32_t reg_list;
2509 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2510 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2511
2512 for (i = 1; i <= thisrun_accesses; i++)
2513 {
2514 if (i > last_reg)
2515 last_reg = i;
2516 reg[i] = *buffer++ & 0xff;
2517 }
2518
2519 arm7_9->write_core_regs(target, reg_list, reg);
2520
2521 for (i = 1; i <= thisrun_accesses; i++)
2522 {
2523 arm7_9->store_byte_reg(target, i);
2524 /* fast memory writes are only safe when the target is running
2525 * from a sufficiently high clock (32 kHz is usually too slow)
2526 */
2527 if (arm7_9->fast_memory_access)
2528 retval = arm7_9_execute_fast_sys_speed(target);
2529 else
2530 retval = arm7_9_execute_sys_speed(target);
2531 if (retval != ERROR_OK)
2532 {
2533 return retval;
2534 }
2535
2536 }
2537
2538 num_accesses += thisrun_accesses;
2539 }
2540 break;
2541 default:
2542 LOG_ERROR("BUG: we shouldn't get here");
2543 exit(-1);
2544 break;
2545 }
2546
2547 /* Re-Set DBGACK */
2548 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2549 embeddedice_store_reg(dbg_ctrl);
2550
2551 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2552 return ERROR_FAIL;
2553
2554 for (i = 0; i <= last_reg; i++)
2555 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2556
2557 arm7_9->read_xpsr(target, &cpsr, 0);
2558 if ((retval = jtag_execute_queue()) != ERROR_OK)
2559 {
2560 LOG_ERROR("JTAG error while reading cpsr");
2561 return ERROR_TARGET_DATA_ABORT;
2562 }
2563
2564 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2565 {
2566 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2567
2568 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2569
2570 return ERROR_TARGET_DATA_ABORT;
2571 }
2572
2573 return ERROR_OK;
2574 }
2575
2576 static int dcc_count;
2577 static uint8_t *dcc_buffer;
2578
2579 static int arm7_9_dcc_completion(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2580 {
2581 int retval = ERROR_OK;
2582 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2583
2584 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2585 return retval;
2586
2587 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2588 int count = dcc_count;
2589 uint8_t *buffer = dcc_buffer;
2590 if (count > 2)
2591 {
2592 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2593 * core function repeated. */
2594 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2595 buffer += 4;
2596
2597 struct embeddedice_reg *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2598 uint8_t reg_addr = ice_reg->addr & 0x1f;
2599 struct jtag_tap *tap;
2600 tap = ice_reg->jtag_info->tap;
2601
2602 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2603 buffer += (count-2)*4;
2604
2605 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2606 } else
2607 {
2608 int i;
2609 for (i = 0; i < count; i++)
2610 {
2611 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2612 buffer += 4;
2613 }
2614 }
2615
2616 if ((retval = target_halt(target))!= ERROR_OK)
2617 {
2618 return retval;
2619 }
2620 return target_wait_state(target, TARGET_HALTED, 500);
2621 }
2622
2623 static const uint32_t dcc_code[] =
2624 {
2625 /* r0 == input, points to memory buffer
2626 * r1 == scratch
2627 */
2628
2629 /* spin until DCC control (c0) reports data arrived */
2630 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2631 0xe3110001, /* tst r1, #1 */
2632 0x0afffffc, /* bne w */
2633
2634 /* read word from DCC (c1), write to memory */
2635 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2636 0xe4801004, /* str r1, [r0], #4 */
2637
2638 /* repeat */
2639 0xeafffff9 /* b w */
2640 };
2641
2642 int armv4_5_run_algorithm_inner(struct target *target, int num_mem_params, struct mem_param *mem_params, int num_reg_params, struct reg_param *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2643
2644 int arm7_9_bulk_write_memory(struct target *target, uint32_t address, uint32_t count, uint8_t *buffer)
2645 {
2646 int retval;
2647 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2648 int i;
2649
2650 if (!arm7_9->dcc_downloads)
2651 return target_write_memory(target, address, 4, count, buffer);
2652
2653 /* regrab previously allocated working_area, or allocate a new one */
2654 if (!arm7_9->dcc_working_area)
2655 {
2656 uint8_t dcc_code_buf[6 * 4];
2657
2658 /* make sure we have a working area */
2659 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2660 {
2661 LOG_INFO("no working area available, falling back to memory writes");
2662 return target_write_memory(target, address, 4, count, buffer);
2663 }
2664
2665 /* copy target instructions to target endianness */
2666 for (i = 0; i < 6; i++)
2667 {
2668 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2669 }
2670
2671 /* write DCC code to working area */
2672 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2673 {
2674 return retval;
2675 }
2676 }
2677
2678 struct armv4_5_algorithm armv4_5_info;
2679 struct reg_param reg_params[1];
2680
2681 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2682 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2683 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2684
2685 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2686
2687 buf_set_u32(reg_params[0].value, 0, 32, address);
2688
2689 dcc_count = count;
2690 dcc_buffer = buffer;
2691 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2692 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2693
2694 if (retval == ERROR_OK)
2695 {
2696 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2697 if (endaddress != (address + count*4))
2698 {
2699 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2700 retval = ERROR_FAIL;
2701 }
2702 }
2703
2704 destroy_reg_param(&reg_params[0]);
2705
2706 return retval;
2707 }
2708
2709 int arm7_9_checksum_memory(struct target *target, uint32_t address, uint32_t count, uint32_t* checksum)
2710 {
2711 struct working_area *crc_algorithm;
2712 struct armv4_5_algorithm armv4_5_info;
2713 struct reg_param reg_params[2];
2714 int retval;
2715
2716 static const uint32_t arm7_9_crc_code[] = {
2717 0xE1A02000, /* mov r2, r0 */
2718 0xE3E00000, /* mov r0, #0xffffffff */
2719 0xE1A03001, /* mov r3, r1 */
2720 0xE3A04000, /* mov r4, #0 */
2721 0xEA00000B, /* b ncomp */
2722 /* nbyte: */
2723 0xE7D21004, /* ldrb r1, [r2, r4] */
2724 0xE59F7030, /* ldr r7, CRC32XOR */
2725 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2726 0xE3A05000, /* mov r5, #0 */
2727 /* loop: */
2728 0xE3500000, /* cmp r0, #0 */
2729 0xE1A06080, /* mov r6, r0, asl #1 */
2730 0xE2855001, /* add r5, r5, #1 */
2731 0xE1A00006, /* mov r0, r6 */
2732 0xB0260007, /* eorlt r0, r6, r7 */
2733 0xE3550008, /* cmp r5, #8 */
2734 0x1AFFFFF8, /* bne loop */
2735 0xE2844001, /* add r4, r4, #1 */
2736 /* ncomp: */
2737 0xE1540003, /* cmp r4, r3 */
2738 0x1AFFFFF1, /* bne nbyte */
2739 /* end: */
2740 0xEAFFFFFE, /* b end */
2741 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2742 };
2743
2744 uint32_t i;
2745
2746 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2747 {
2748 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2749 }
2750
2751 /* convert flash writing code into a buffer in target endianness */
2752 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2753 {
2754 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2755 {
2756 return retval;
2757 }
2758 }
2759
2760 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2761 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2762 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2763
2764 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2765 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2766
2767 buf_set_u32(reg_params[0].value, 0, 32, address);
2768 buf_set_u32(reg_params[1].value, 0, 32, count);
2769
2770 /* 20 second timeout/megabyte */
2771 int timeout = 20000 * (1 + (count / (1024*1024)));
2772
2773 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2774 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), timeout, &armv4_5_info)) != ERROR_OK)
2775 {
2776 LOG_ERROR("error executing arm7_9 crc algorithm");
2777 destroy_reg_param(&reg_params[0]);
2778 destroy_reg_param(&reg_params[1]);
2779 target_free_working_area(target, crc_algorithm);
2780 return retval;
2781 }
2782
2783 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2784
2785 destroy_reg_param(&reg_params[0]);
2786 destroy_reg_param(&reg_params[1]);
2787
2788 target_free_working_area(target, crc_algorithm);
2789
2790 return ERROR_OK;
2791 }
2792
2793 int arm7_9_blank_check_memory(struct target *target, uint32_t address, uint32_t count, uint32_t* blank)
2794 {
2795 struct working_area *erase_check_algorithm;
2796 struct reg_param reg_params[3];
2797 struct armv4_5_algorithm armv4_5_info;
2798 int retval;
2799 uint32_t i;
2800
2801 static const uint32_t erase_check_code[] =
2802 {
2803 /* loop: */
2804 0xe4d03001, /* ldrb r3, [r0], #1 */
2805 0xe0022003, /* and r2, r2, r3 */
2806 0xe2511001, /* subs r1, r1, #1 */
2807 0x1afffffb, /* bne loop */
2808 /* end: */
2809 0xeafffffe /* b end */
2810 };
2811
2812 /* make sure we have a working area */
2813 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2814 {
2815 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2816 }
2817
2818 /* convert flash writing code into a buffer in target endianness */
2819 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2820 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2821 {
2822 return retval;
2823 }
2824
2825 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2826 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2827 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2828
2829 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2830 buf_set_u32(reg_params[0].value, 0, 32, address);
2831
2832 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2833 buf_set_u32(reg_params[1].value, 0, 32, count);
2834
2835 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2836 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2837
2838 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2839 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2840 {
2841 destroy_reg_param(&reg_params[0]);
2842 destroy_reg_param(&reg_params[1]);
2843 destroy_reg_param(&reg_params[2]);
2844 target_free_working_area(target, erase_check_algorithm);
2845 return 0;
2846 }
2847
2848 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2849
2850 destroy_reg_param(&reg_params[0]);
2851 destroy_reg_param(&reg_params[1]);
2852 destroy_reg_param(&reg_params[2]);
2853
2854 target_free_working_area(target, erase_check_algorithm);
2855
2856 return ERROR_OK;
2857 }
2858
2859 /**
2860 * Perform per-target setup that requires JTAG access.
2861 */
2862 int arm7_9_examine(struct target *target)
2863 {
2864 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2865 int retval;
2866
2867 if (!target_was_examined(target)) {
2868 struct reg_cache *t, **cache_p;
2869
2870 t = embeddedice_build_reg_cache(target, arm7_9);
2871 if (t == NULL)
2872 return ERROR_FAIL;
2873
2874 cache_p = register_get_last_cache_p(&target->reg_cache);
2875 (*cache_p) = t;
2876 arm7_9->eice_cache = (*cache_p);
2877
2878 if (arm7_9->armv4_5_common.etm)
2879 (*cache_p)->next = etm_build_reg_cache(target,
2880 &arm7_9->jtag_info,
2881 arm7_9->armv4_5_common.etm);
2882
2883 target_set_examined(target);
2884 }
2885
2886 retval = embeddedice_setup(target);
2887 if (retval == ERROR_OK)
2888 retval = arm7_9_setup(target);
2889 if (retval == ERROR_OK && arm7_9->armv4_5_common.etm)
2890 retval = etm_setup(target);
2891 return retval;
2892 }
2893
2894
2895 COMMAND_HANDLER(handle_arm7_9_write_xpsr_command)
2896 {
2897 uint32_t value;
2898 int spsr;
2899 int retval;
2900 struct target *target = get_current_target(cmd_ctx);
2901 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2902
2903 if (!is_arm7_9(arm7_9))
2904 {
2905 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2906 return ERROR_TARGET_INVALID;
2907 }
2908
2909 if (target->state != TARGET_HALTED)
2910 {
2911 command_print(cmd_ctx, "can't write registers while running");
2912 return ERROR_FAIL;
2913 }
2914
2915 if (argc < 2)
2916 {
2917 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2918 return ERROR_FAIL;
2919 }
2920
2921 COMMAND_PARSE_NUMBER(u32, args[0], value);
2922 COMMAND_PARSE_NUMBER(int, args[1], spsr);
2923
2924 /* if we're writing the CPSR, mask the T bit */
2925 if (!spsr)
2926 value &= ~0x20;
2927
2928 arm7_9->write_xpsr(target, value, spsr);
2929 if ((retval = jtag_execute_queue()) != ERROR_OK)
2930 {
2931 LOG_ERROR("JTAG error while writing to xpsr");
2932 return retval;
2933 }
2934
2935 return ERROR_OK;
2936 }
2937
2938 COMMAND_HANDLER(handle_arm7_9_write_xpsr_im8_command)
2939 {
2940 uint32_t value;
2941 int rotate;
2942 int spsr;
2943 int retval;
2944 struct target *target = get_current_target(cmd_ctx);
2945 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2946
2947 if (!is_arm7_9(arm7_9))
2948 {
2949 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2950 return ERROR_TARGET_INVALID;
2951 }
2952
2953 if (target->state != TARGET_HALTED)
2954 {
2955 command_print(cmd_ctx, "can't write registers while running");
2956 return ERROR_FAIL;
2957 }
2958
2959 if (argc < 3)
2960 {
2961 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2962 return ERROR_FAIL;
2963 }
2964
2965 COMMAND_PARSE_NUMBER(u32, args[0], value);
2966 COMMAND_PARSE_NUMBER(int, args[1], rotate);
2967 COMMAND_PARSE_NUMBER(int, args[2], spsr);
2968
2969 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2970 if ((retval = jtag_execute_queue()) != ERROR_OK)
2971 {
2972 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2973 return retval;
2974 }
2975
2976 return ERROR_OK;
2977 }
2978
2979 COMMAND_HANDLER(handle_arm7_9_write_core_reg_command)
2980 {
2981 uint32_t value;
2982 uint32_t mode;
2983 int num;
2984 struct target *target = get_current_target(cmd_ctx);
2985 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
2986
2987 if (!is_arm7_9(arm7_9))
2988 {
2989 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2990 return ERROR_TARGET_INVALID;
2991 }
2992
2993 if (target->state != TARGET_HALTED)
2994 {
2995 command_print(cmd_ctx, "can't write registers while running");
2996 return ERROR_FAIL;
2997 }
2998
2999 if (argc < 3)
3000 {
3001 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
3002 return ERROR_FAIL;
3003 }
3004
3005 COMMAND_PARSE_NUMBER(int, args[0], num);
3006 COMMAND_PARSE_NUMBER(u32, args[1], mode);
3007 COMMAND_PARSE_NUMBER(u32, args[2], value);
3008
3009 return arm7_9_write_core_reg(target, num, mode, value);
3010 }
3011
3012 COMMAND_HANDLER(handle_arm7_9_dbgrq_command)
3013 {
3014 struct target *target = get_current_target(cmd_ctx);
3015 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
3016
3017 if (!is_arm7_9(arm7_9))
3018 {
3019 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3020 return ERROR_TARGET_INVALID;
3021 }
3022
3023 if (argc > 0)
3024 {
3025 if (strcmp("enable", args[0]) == 0)
3026 {
3027 arm7_9->use_dbgrq = 1;
3028 }
3029 else if (strcmp("disable", args[0]) == 0)
3030 {
3031 arm7_9->use_dbgrq = 0;
3032 }
3033 else
3034 {
3035 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3036 }
3037 }
3038
3039 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3040
3041 return ERROR_OK;
3042 }
3043
3044 COMMAND_HANDLER(handle_arm7_9_fast_memory_access_command)
3045 {
3046 struct target *target = get_current_target(cmd_ctx);
3047 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
3048
3049 if (!is_arm7_9(arm7_9))
3050 {
3051 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3052 return ERROR_TARGET_INVALID;
3053 }
3054
3055 if (argc > 0)
3056 {
3057 if (strcmp("enable", args[0]) == 0)
3058 {
3059 arm7_9->fast_memory_access = 1;
3060 }
3061 else if (strcmp("disable", args[0]) == 0)
3062 {
3063 arm7_9->fast_memory_access = 0;
3064 }
3065 else
3066 {
3067 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3068 }
3069 }
3070
3071 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3072
3073 return ERROR_OK;
3074 }
3075
3076 COMMAND_HANDLER(handle_arm7_9_dcc_downloads_command)
3077 {
3078 struct target *target = get_current_target(cmd_ctx);
3079 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
3080
3081 if (!is_arm7_9(arm7_9))
3082 {
3083 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3084 return ERROR_TARGET_INVALID;
3085 }
3086
3087 if (argc > 0)
3088 {
3089 if (strcmp("enable", args[0]) == 0)
3090 {
3091 arm7_9->dcc_downloads = 1;
3092 }
3093 else if (strcmp("disable", args[0]) == 0)
3094 {
3095 arm7_9->dcc_downloads = 0;
3096 }
3097 else
3098 {
3099 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3100 }
3101 }
3102
3103 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3104
3105 return ERROR_OK;
3106 }
3107
3108 int arm7_9_init_arch_info(struct target *target, struct arm7_9_common *arm7_9)
3109 {
3110 int retval = ERROR_OK;
3111 struct arm *armv4_5 = &arm7_9->armv4_5_common;
3112
3113 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3114
3115 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3116 return retval;
3117
3118 /* caller must have allocated via calloc(), so everything's zeroed */
3119
3120 arm7_9->wp_available_max = 2;
3121
3122 arm7_9->fast_memory_access = fast_and_dangerous;
3123 arm7_9->dcc_downloads = fast_and_dangerous;
3124
3125 armv4_5->arch_info = arm7_9;
3126 armv4_5->read_core_reg = arm7_9_read_core_reg;
3127 armv4_5->write_core_reg = arm7_9_write_core_reg;
3128 armv4_5->full_context = arm7_9_full_context;
3129
3130 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3131 return retval;
3132
3133 return target_register_timer_callback(arm7_9_handle_target_request,
3134 1, 1, target);
3135 }
3136
3137 int arm7_9_register_commands(struct command_context *cmd_ctx)
3138 {
3139 struct command *arm7_9_cmd;
3140
3141 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9",
3142 NULL, COMMAND_ANY, "arm7/9 specific commands");
3143
3144 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr",
3145 handle_arm7_9_write_xpsr_command, COMMAND_EXEC,
3146 "write program status register <value> <not cpsr | spsr>");
3147 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8",
3148 handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC,
3149 "write program status register "
3150 "<8bit immediate> <rotate> <not cpsr | spsr>");
3151
3152 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg",
3153 handle_arm7_9_write_core_reg_command, COMMAND_EXEC,
3154 "write core register <num> <mode> <value>");
3155
3156 register_command(cmd_ctx, arm7_9_cmd, "dbgrq",
3157 handle_arm7_9_dbgrq_command, COMMAND_ANY,
3158 "use EmbeddedICE dbgrq instead of breakpoint "
3159 "for target halt requests <enable | disable>");
3160 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access",
3161 handle_arm7_9_fast_memory_access_command, COMMAND_ANY,
3162 "use fast memory accesses instead of slower "
3163 "but potentially safer accesses <enable | disable>");
3164 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads",
3165 handle_arm7_9_dcc_downloads_command, COMMAND_ANY,
3166 "use DCC downloads for larger memory writes <enable | disable>");
3167
3168 armv4_5_register_commands(cmd_ctx);
3169
3170 etm_register_commands(cmd_ctx);
3171
3172 return ERROR_OK;
3173 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)