Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Remove bogus "BUG:". If the PC is pointing to an invalid instruction, then simulation...
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 LOG_DEBUG("-");
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
63 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
64 arm7_9->sw_breakpoints_added = 0;
65 arm7_9->wp0_used = 0;
66 arm7_9->wp1_used = arm7_9->wp1_used_default;
67 arm7_9->wp_available = arm7_9->wp_available_max;
68
69 return jtag_execute_queue();
70 }
71
72 /**
73 * Assign a watchpoint to one of the two available hardware comparators in an
74 * ARM7 or ARM9 target.
75 *
76 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
77 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
78 */
79 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
80 {
81 if (!arm7_9->wp0_used)
82 {
83 arm7_9->wp0_used = 1;
84 breakpoint->set = 1;
85 arm7_9->wp_available--;
86 }
87 else if (!arm7_9->wp1_used)
88 {
89 arm7_9->wp1_used = 1;
90 breakpoint->set = 2;
91 arm7_9->wp_available--;
92 }
93 else
94 {
95 LOG_ERROR("BUG: no hardware comparator available");
96 }
97 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
98 breakpoint->unique_id,
99 breakpoint->address,
100 breakpoint->set );
101 }
102
103 /**
104 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
105 *
106 * @param arm7_9 Pointer to common struct for ARM7/9 targets
107 * @return Error codes if there is a problem finding a watchpoint or the result
108 * of executing the JTAG queue
109 */
110 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
111 {
112 if (arm7_9->sw_breakpoints_added)
113 {
114 return ERROR_OK;
115 }
116 if (arm7_9->wp_available < 1)
117 {
118 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
119 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
120 }
121 arm7_9->wp_available--;
122
123 /* pick a breakpoint unit */
124 if (!arm7_9->wp0_used)
125 {
126 arm7_9->sw_breakpoints_added = 1;
127 arm7_9->wp0_used = 3;
128 } else if (!arm7_9->wp1_used)
129 {
130 arm7_9->sw_breakpoints_added = 2;
131 arm7_9->wp1_used = 3;
132 }
133 else
134 {
135 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
136 return ERROR_FAIL;
137 }
138
139 if (arm7_9->sw_breakpoints_added == 1)
140 {
141 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
146 }
147 else if (arm7_9->sw_breakpoints_added == 2)
148 {
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
154 }
155 else
156 {
157 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
158 return ERROR_FAIL;
159 }
160 LOG_DEBUG("SW BP using hw wp: %d",
161 arm7_9->sw_breakpoints_added );
162
163 return jtag_execute_queue();
164 }
165
166 /**
167 * Setup the common pieces for an ARM7/9 target after reset or on startup.
168 *
169 * @param target Pointer to an ARM7/9 target to setup
170 * @return Result of clearing the watchpoints on the target
171 */
172 int arm7_9_setup(target_t *target)
173 {
174 armv4_5_common_t *armv4_5 = target->arch_info;
175 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
176
177 return arm7_9_clear_watchpoints(arm7_9);
178 }
179
180 /**
181 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
182 * targets. A return of ERROR_OK signifies that the target is a valid target
183 * and that the pointers have been set properly.
184 *
185 * @param target Pointer to the target device to get the pointers from
186 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
187 * targets
188 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
189 * targets
190 * @return ERROR_OK if successful
191 */
192 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
193 {
194 armv4_5_common_t *armv4_5 = target->arch_info;
195 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
196
197 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
198 {
199 return -1;
200 }
201
202 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
203 {
204 return -1;
205 }
206
207 *armv4_5_p = armv4_5;
208 *arm7_9_p = arm7_9;
209
210 return ERROR_OK;
211 }
212
213 /**
214 * Set either a hardware or software breakpoint on an ARM7/9 target. The
215 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
216 * might have erased the values in Embedded ICE.
217 *
218 * @param target Pointer to the target device to set the breakpoints on
219 * @param breakpoint Pointer to the breakpoint to be set
220 * @return For hardware breakpoints, this is the result of executing the JTAG
221 * queue. For software breakpoints, this will be the status of the
222 * required memory reads and writes
223 */
224 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
225 {
226 armv4_5_common_t *armv4_5 = target->arch_info;
227 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
228 int retval = ERROR_OK;
229
230 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
231 breakpoint->unique_id,
232 breakpoint->address );
233
234 if (target->state != TARGET_HALTED)
235 {
236 LOG_WARNING("target not halted");
237 return ERROR_TARGET_NOT_HALTED;
238 }
239
240 if (breakpoint->type == BKPT_HARD)
241 {
242 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
243 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
244
245 /* reassign a hw breakpoint */
246 if (breakpoint->set == 0)
247 {
248 arm7_9_assign_wp(arm7_9, breakpoint);
249 }
250
251 if (breakpoint->set == 1)
252 {
253 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
254 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
255 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
256 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
257 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
258 }
259 else if (breakpoint->set == 2)
260 {
261 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
262 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
263 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
266 }
267 else
268 {
269 LOG_ERROR("BUG: no hardware comparator available");
270 return ERROR_OK;
271 }
272
273 retval = jtag_execute_queue();
274 }
275 else if (breakpoint->type == BKPT_SOFT)
276 {
277 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
278 return retval;
279
280 /* did we already set this breakpoint? */
281 if (breakpoint->set)
282 return ERROR_OK;
283
284 if (breakpoint->length == 4)
285 {
286 uint32_t verify = 0xffffffff;
287 /* keep the original instruction in target endianness */
288 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
289 {
290 return retval;
291 }
292 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
293 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
294 {
295 return retval;
296 }
297
298 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
299 {
300 return retval;
301 }
302 if (verify != arm7_9->arm_bkpt)
303 {
304 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
305 return ERROR_OK;
306 }
307 }
308 else
309 {
310 uint16_t verify = 0xffff;
311 /* keep the original instruction in target endianness */
312 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
313 {
314 return retval;
315 }
316 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
317 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
318 {
319 return retval;
320 }
321
322 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
323 {
324 return retval;
325 }
326 if (verify != arm7_9->thumb_bkpt)
327 {
328 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
329 return ERROR_OK;
330 }
331 }
332 breakpoint->set = 1;
333 }
334
335 return retval;
336 }
337
338 /**
339 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
340 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
341 * will be updated. Otherwise, the software breakpoint will be restored to its
342 * original instruction if it hasn't already been modified.
343 *
344 * @param target Pointer to ARM7/9 target to unset the breakpoint from
345 * @param breakpoint Pointer to breakpoint to be unset
346 * @return For hardware breakpoints, this is the result of executing the JTAG
347 * queue. For software breakpoints, this will be the status of the
348 * required memory reads and writes
349 */
350 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
351 {
352 int retval = ERROR_OK;
353
354 armv4_5_common_t *armv4_5 = target->arch_info;
355 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
356
357 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
358 breakpoint->unique_id,
359 breakpoint->address );
360
361 if (!breakpoint->set)
362 {
363 LOG_WARNING("breakpoint not set");
364 return ERROR_OK;
365 }
366
367 if (breakpoint->type == BKPT_HARD)
368 {
369 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
370 breakpoint->unique_id,
371 breakpoint->set );
372 if (breakpoint->set == 1)
373 {
374 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
375 arm7_9->wp0_used = 0;
376 arm7_9->wp_available++;
377 }
378 else if (breakpoint->set == 2)
379 {
380 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
381 arm7_9->wp1_used = 0;
382 arm7_9->wp_available++;
383 }
384 retval = jtag_execute_queue();
385 breakpoint->set = 0;
386 }
387 else
388 {
389 /* restore original instruction (kept in target endianness) */
390 if (breakpoint->length == 4)
391 {
392 uint32_t current_instr;
393 /* check that user program as not modified breakpoint instruction */
394 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
395 {
396 return retval;
397 }
398 if (current_instr == arm7_9->arm_bkpt)
399 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
400 {
401 return retval;
402 }
403 }
404 else
405 {
406 uint16_t current_instr;
407 /* check that user program as not modified breakpoint instruction */
408 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
409 {
410 return retval;
411 }
412 if (current_instr == arm7_9->thumb_bkpt)
413 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
414 {
415 return retval;
416 }
417 }
418 breakpoint->set = 0;
419 }
420
421 return retval;
422 }
423
424 /**
425 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
426 * dangling breakpoints and that the desired breakpoint can be added.
427 *
428 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
429 * @param breakpoint Pointer to the breakpoint to be added
430 * @return An error status if there is a problem adding the breakpoint or the
431 * result of setting the breakpoint
432 */
433 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
434 {
435 armv4_5_common_t *armv4_5 = target->arch_info;
436 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
437
438 if (target->state != TARGET_HALTED)
439 {
440 LOG_WARNING("target not halted");
441 return ERROR_TARGET_NOT_HALTED;
442 }
443
444 if (arm7_9->breakpoint_count == 0)
445 {
446 /* make sure we don't have any dangling breakpoints. This is vital upon
447 * GDB connect/disconnect
448 */
449 arm7_9_clear_watchpoints(arm7_9);
450 }
451
452 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
453 {
454 LOG_INFO("no watchpoint unit available for hardware breakpoint");
455 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
456 }
457
458 if ((breakpoint->length != 2) && (breakpoint->length != 4))
459 {
460 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
461 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
462 }
463
464 if (breakpoint->type == BKPT_HARD)
465 {
466 arm7_9_assign_wp(arm7_9, breakpoint);
467 }
468
469 arm7_9->breakpoint_count++;
470
471 return arm7_9_set_breakpoint(target, breakpoint);
472 }
473
474 /**
475 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
476 * dangling breakpoints and updates available watchpoints if it is a hardware
477 * breakpoint.
478 *
479 * @param target Pointer to the target to have a breakpoint removed
480 * @param breakpoint Pointer to the breakpoint to be removed
481 * @return Error status if there was a problem unsetting the breakpoint or the
482 * watchpoints could not be cleared
483 */
484 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
485 {
486 int retval = ERROR_OK;
487 armv4_5_common_t *armv4_5 = target->arch_info;
488 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
489
490 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
491 {
492 return retval;
493 }
494
495 if (breakpoint->type == BKPT_HARD)
496 arm7_9->wp_available++;
497
498 arm7_9->breakpoint_count--;
499 if (arm7_9->breakpoint_count == 0)
500 {
501 /* make sure we don't have any dangling breakpoints */
502 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
503 {
504 return retval;
505 }
506 }
507
508 return ERROR_OK;
509 }
510
511 /**
512 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
513 * considered a bug to call this function when there are no available watchpoint
514 * units.
515 *
516 * @param target Pointer to an ARM7/9 target to set a watchpoint on
517 * @param watchpoint Pointer to the watchpoint to be set
518 * @return Error status if watchpoint set fails or the result of executing the
519 * JTAG queue
520 */
521 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
522 {
523 int retval = ERROR_OK;
524 armv4_5_common_t *armv4_5 = target->arch_info;
525 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
526 int rw_mask = 1;
527 uint32_t mask;
528
529 mask = watchpoint->length - 1;
530
531 if (target->state != TARGET_HALTED)
532 {
533 LOG_WARNING("target not halted");
534 return ERROR_TARGET_NOT_HALTED;
535 }
536
537 if (watchpoint->rw == WPT_ACCESS)
538 rw_mask = 0;
539 else
540 rw_mask = 1;
541
542 if (!arm7_9->wp0_used)
543 {
544 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
545 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
546 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
547 if (watchpoint->mask != 0xffffffffu)
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
549 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
550 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
551
552 if ((retval = jtag_execute_queue()) != ERROR_OK)
553 {
554 return retval;
555 }
556 watchpoint->set = 1;
557 arm7_9->wp0_used = 2;
558 }
559 else if (!arm7_9->wp1_used)
560 {
561 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
562 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
563 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
564 if (watchpoint->mask != 0xffffffffu)
565 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
566 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
567 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
568
569 if ((retval = jtag_execute_queue()) != ERROR_OK)
570 {
571 return retval;
572 }
573 watchpoint->set = 2;
574 arm7_9->wp1_used = 2;
575 }
576 else
577 {
578 LOG_ERROR("BUG: no hardware comparator available");
579 return ERROR_OK;
580 }
581
582 return ERROR_OK;
583 }
584
585 /**
586 * Unset an existing watchpoint and clear the used watchpoint unit.
587 *
588 * @param target Pointer to the target to have the watchpoint removed
589 * @param watchpoint Pointer to the watchpoint to be removed
590 * @return Error status while trying to unset the watchpoint or the result of
591 * executing the JTAG queue
592 */
593 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
594 {
595 int retval = ERROR_OK;
596 armv4_5_common_t *armv4_5 = target->arch_info;
597 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
598
599 if (target->state != TARGET_HALTED)
600 {
601 LOG_WARNING("target not halted");
602 return ERROR_TARGET_NOT_HALTED;
603 }
604
605 if (!watchpoint->set)
606 {
607 LOG_WARNING("breakpoint not set");
608 return ERROR_OK;
609 }
610
611 if (watchpoint->set == 1)
612 {
613 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
614 if ((retval = jtag_execute_queue()) != ERROR_OK)
615 {
616 return retval;
617 }
618 arm7_9->wp0_used = 0;
619 }
620 else if (watchpoint->set == 2)
621 {
622 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
623 if ((retval = jtag_execute_queue()) != ERROR_OK)
624 {
625 return retval;
626 }
627 arm7_9->wp1_used = 0;
628 }
629 watchpoint->set = 0;
630
631 return ERROR_OK;
632 }
633
634 /**
635 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
636 * available, an error response is returned.
637 *
638 * @param target Pointer to the ARM7/9 target to add a watchpoint to
639 * @param watchpoint Pointer to the watchpoint to be added
640 * @return Error status while trying to add the watchpoint
641 */
642 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
643 {
644 armv4_5_common_t *armv4_5 = target->arch_info;
645 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
646
647 if (target->state != TARGET_HALTED)
648 {
649 LOG_WARNING("target not halted");
650 return ERROR_TARGET_NOT_HALTED;
651 }
652
653 if (arm7_9->wp_available < 1)
654 {
655 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
656 }
657
658 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
659 {
660 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
661 }
662
663 arm7_9->wp_available--;
664
665 return ERROR_OK;
666 }
667
668 /**
669 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
670 * the used watchpoint unit will be reopened.
671 *
672 * @param target Pointer to the target to remove a watchpoint from
673 * @param watchpoint Pointer to the watchpoint to be removed
674 * @return Result of trying to unset the watchpoint
675 */
676 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
677 {
678 int retval = ERROR_OK;
679 armv4_5_common_t *armv4_5 = target->arch_info;
680 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
681
682 if (watchpoint->set)
683 {
684 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
685 {
686 return retval;
687 }
688 }
689
690 arm7_9->wp_available++;
691
692 return ERROR_OK;
693 }
694
695 /**
696 * Restarts the target by sending a RESTART instruction and moving the JTAG
697 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
698 * asserted by the processor.
699 *
700 * @param target Pointer to target to issue commands to
701 * @return Error status if there is a timeout or a problem while executing the
702 * JTAG queue
703 */
704 int arm7_9_execute_sys_speed(struct target_s *target)
705 {
706 int retval;
707
708 armv4_5_common_t *armv4_5 = target->arch_info;
709 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
710 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
711 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
712
713 /* set RESTART instruction */
714 jtag_set_end_state(TAP_IDLE);
715 if (arm7_9->need_bypass_before_restart) {
716 arm7_9->need_bypass_before_restart = 0;
717 arm_jtag_set_instr(jtag_info, 0xf, NULL);
718 }
719 arm_jtag_set_instr(jtag_info, 0x4, NULL);
720
721 long long then = timeval_ms();
722 int timeout;
723 while (!(timeout = ((timeval_ms()-then) > 1000)))
724 {
725 /* read debug status register */
726 embeddedice_read_reg(dbg_stat);
727 if ((retval = jtag_execute_queue()) != ERROR_OK)
728 return retval;
729 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
730 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
731 break;
732 if (debug_level >= 3)
733 {
734 alive_sleep(100);
735 } else
736 {
737 keep_alive();
738 }
739 }
740 if (timeout)
741 {
742 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
743 return ERROR_TARGET_TIMEOUT;
744 }
745
746 return ERROR_OK;
747 }
748
749 /**
750 * Restarts the target by sending a RESTART instruction and moving the JTAG
751 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
752 * waiting until they are.
753 *
754 * @param target Pointer to the target to issue commands to
755 * @return Always ERROR_OK
756 */
757 int arm7_9_execute_fast_sys_speed(struct target_s *target)
758 {
759 static int set = 0;
760 static uint8_t check_value[4], check_mask[4];
761
762 armv4_5_common_t *armv4_5 = target->arch_info;
763 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
764 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
765 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
766
767 /* set RESTART instruction */
768 jtag_set_end_state(TAP_IDLE);
769 if (arm7_9->need_bypass_before_restart) {
770 arm7_9->need_bypass_before_restart = 0;
771 arm_jtag_set_instr(jtag_info, 0xf, NULL);
772 }
773 arm_jtag_set_instr(jtag_info, 0x4, NULL);
774
775 if (!set)
776 {
777 /* check for DBGACK and SYSCOMP set (others don't care) */
778
779 /* NB! These are constants that must be available until after next jtag_execute() and
780 * we evaluate the values upon first execution in lieu of setting up these constants
781 * during early setup.
782 * */
783 buf_set_u32(check_value, 0, 32, 0x9);
784 buf_set_u32(check_mask, 0, 32, 0x9);
785 set = 1;
786 }
787
788 /* read debug status register */
789 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
790
791 return ERROR_OK;
792 }
793
794 /**
795 * Get some data from the ARM7/9 target.
796 *
797 * @param target Pointer to the ARM7/9 target to read data from
798 * @param size The number of 32bit words to be read
799 * @param buffer Pointer to the buffer that will hold the data
800 * @return The result of receiving data from the Embedded ICE unit
801 */
802 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
803 {
804 armv4_5_common_t *armv4_5 = target->arch_info;
805 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
806 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
807 uint32_t *data;
808 int retval = ERROR_OK;
809 uint32_t i;
810
811 data = malloc(size * (sizeof(uint32_t)));
812
813 retval = embeddedice_receive(jtag_info, data, size);
814
815 /* return the 32-bit ints in the 8-bit array */
816 for (i = 0; i < size; i++)
817 {
818 h_u32_to_le(buffer + (i * 4), data[i]);
819 }
820
821 free(data);
822
823 return retval;
824 }
825
826 /**
827 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
828 * target is running and the DCC control register has the W bit high, this will
829 * execute the request on the target.
830 *
831 * @param priv Void pointer expected to be a target_t pointer
832 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
833 * from the Embedded ICE unit
834 */
835 int arm7_9_handle_target_request(void *priv)
836 {
837 int retval = ERROR_OK;
838 target_t *target = priv;
839 if (!target_was_examined(target))
840 return ERROR_OK;
841 armv4_5_common_t *armv4_5 = target->arch_info;
842 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
843 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
844 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
845
846 if (!target->dbg_msg_enabled)
847 return ERROR_OK;
848
849 if (target->state == TARGET_RUNNING)
850 {
851 /* read DCC control register */
852 embeddedice_read_reg(dcc_control);
853 if ((retval = jtag_execute_queue()) != ERROR_OK)
854 {
855 return retval;
856 }
857
858 /* check W bit */
859 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
860 {
861 uint32_t request;
862
863 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
864 {
865 return retval;
866 }
867 if ((retval = target_request(target, request)) != ERROR_OK)
868 {
869 return retval;
870 }
871 }
872 }
873
874 return ERROR_OK;
875 }
876
877 /**
878 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
879 * is manipulated to the right halted state based on its current state. This is
880 * what happens:
881 *
882 * <table>
883 * <tr><th > State</th><th > Action</th></tr>
884 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
885 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
886 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
887 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
888 * </table>
889 *
890 * If the target does not end up in the halted state, a warning is produced. If
891 * DBGACK is cleared, then the target is expected to either be running or
892 * running in debug.
893 *
894 * @param target Pointer to the ARM7/9 target to poll
895 * @return ERROR_OK or an error status if a command fails
896 */
897 int arm7_9_poll(target_t *target)
898 {
899 int retval;
900 armv4_5_common_t *armv4_5 = target->arch_info;
901 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
902 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
903
904 /* read debug status register */
905 embeddedice_read_reg(dbg_stat);
906 if ((retval = jtag_execute_queue()) != ERROR_OK)
907 {
908 return retval;
909 }
910
911 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
912 {
913 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
914 if (target->state == TARGET_UNKNOWN)
915 {
916 /* Starting OpenOCD with target in debug-halt */
917 target->state = TARGET_RUNNING;
918 LOG_DEBUG("DBGACK already set during server startup.");
919 }
920 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
921 {
922 int check_pc = 0;
923 if (target->state == TARGET_RESET)
924 {
925 if (target->reset_halt)
926 {
927 enum reset_types jtag_reset_config = jtag_get_reset_config();
928 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
929 {
930 check_pc = 1;
931 }
932 }
933 }
934
935 target->state = TARGET_HALTED;
936
937 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
938 return retval;
939
940 if (check_pc)
941 {
942 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
943 uint32_t t=*((uint32_t *)reg->value);
944 if (t != 0)
945 {
946 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
947 }
948 }
949
950 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
951 {
952 return retval;
953 }
954 }
955 if (target->state == TARGET_DEBUG_RUNNING)
956 {
957 target->state = TARGET_HALTED;
958 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
959 return retval;
960
961 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
962 {
963 return retval;
964 }
965 }
966 if (target->state != TARGET_HALTED)
967 {
968 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
969 }
970 }
971 else
972 {
973 if (target->state != TARGET_DEBUG_RUNNING)
974 target->state = TARGET_RUNNING;
975 }
976
977 return ERROR_OK;
978 }
979
980 /**
981 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
982 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
983 * affected) completely stop the JTAG clock while the core is held in reset
984 * (SRST). It isn't possible to program the halt condition once reset is
985 * asserted, hence a hook that allows the target to set up its reset-halt
986 * condition is setup prior to asserting reset.
987 *
988 * @param target Pointer to an ARM7/9 target to assert reset on
989 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
990 */
991 int arm7_9_assert_reset(target_t *target)
992 {
993 armv4_5_common_t *armv4_5 = target->arch_info;
994 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
995 LOG_DEBUG("target->state: %s",
996 target_state_name(target));
997
998 enum reset_types jtag_reset_config = jtag_get_reset_config();
999 if (!(jtag_reset_config & RESET_HAS_SRST))
1000 {
1001 LOG_ERROR("Can't assert SRST");
1002 return ERROR_FAIL;
1003 }
1004
1005 if (target->reset_halt)
1006 {
1007 /*
1008 * Some targets do not support communication while SRST is asserted. We need to
1009 * set up the reset vector catch here.
1010 *
1011 * If TRST is asserted, then these settings will be reset anyway, so setting them
1012 * here is harmless.
1013 */
1014 if (arm7_9->has_vector_catch)
1015 {
1016 /* program vector catch register to catch reset vector */
1017 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1018
1019 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1020 jtag_add_runtest(1, jtag_get_end_state());
1021 }
1022 else
1023 {
1024 /* program watchpoint unit to match on reset vector address */
1025 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1026 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1027 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1028 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1029 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1030 }
1031 }
1032
1033 /* here we should issue an SRST only, but we may have to assert TRST as well */
1034 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1035 {
1036 jtag_add_reset(1, 1);
1037 } else
1038 {
1039 jtag_add_reset(0, 1);
1040 }
1041
1042 target->state = TARGET_RESET;
1043 jtag_add_sleep(50000);
1044
1045 armv4_5_invalidate_core_regs(target);
1046
1047 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1048 {
1049 /* debug entry was already prepared in arm7_9_assert_reset() */
1050 target->debug_reason = DBG_REASON_DBGRQ;
1051 }
1052
1053 return ERROR_OK;
1054 }
1055
1056 /**
1057 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1058 * and the target is being reset into a halt, a warning will be triggered
1059 * because it is not possible to reset into a halted mode in this case. The
1060 * target is halted using the target's functions.
1061 *
1062 * @param target Pointer to the target to have the reset deasserted
1063 * @return ERROR_OK or an error from polling or halting the target
1064 */
1065 int arm7_9_deassert_reset(target_t *target)
1066 {
1067 int retval = ERROR_OK;
1068 LOG_DEBUG("target->state: %s",
1069 target_state_name(target));
1070
1071 /* deassert reset lines */
1072 jtag_add_reset(0, 0);
1073
1074 enum reset_types jtag_reset_config = jtag_get_reset_config();
1075 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1076 {
1077 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1078 /* set up embedded ice registers again */
1079 if ((retval = target_examine_one(target)) != ERROR_OK)
1080 return retval;
1081
1082 if ((retval = target_poll(target)) != ERROR_OK)
1083 {
1084 return retval;
1085 }
1086
1087 if ((retval = target_halt(target)) != ERROR_OK)
1088 {
1089 return retval;
1090 }
1091
1092 }
1093 return retval;
1094 }
1095
1096 /**
1097 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1098 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1099 * vector catch was used, it is restored. Otherwise, the control value is
1100 * restored and the watchpoint unit is restored if it was in use.
1101 *
1102 * @param target Pointer to the ARM7/9 target to have halt cleared
1103 * @return Always ERROR_OK
1104 */
1105 int arm7_9_clear_halt(target_t *target)
1106 {
1107 armv4_5_common_t *armv4_5 = target->arch_info;
1108 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1109 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1110
1111 /* we used DBGRQ only if we didn't come out of reset */
1112 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1113 {
1114 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1115 */
1116 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1117 embeddedice_store_reg(dbg_ctrl);
1118 }
1119 else
1120 {
1121 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1122 {
1123 /* if we came out of reset, and vector catch is supported, we used
1124 * vector catch to enter debug state
1125 * restore the register in that case
1126 */
1127 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1128 }
1129 else
1130 {
1131 /* restore registers if watchpoint unit 0 was in use
1132 */
1133 if (arm7_9->wp0_used)
1134 {
1135 if (arm7_9->debug_entry_from_reset)
1136 {
1137 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1138 }
1139 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1140 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1141 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1142 }
1143 /* control value always has to be restored, as it was either disabled,
1144 * or enabled with possibly different bits
1145 */
1146 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1147 }
1148 }
1149
1150 return ERROR_OK;
1151 }
1152
1153 /**
1154 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1155 * and then there is a wait until the processor shows the halt. This wait can
1156 * timeout and results in an error being returned. The software reset involves
1157 * clearing the halt, updating the debug control register, changing to ARM mode,
1158 * reset of the program counter, and reset of all of the registers.
1159 *
1160 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1161 * @return Error status if any of the commands fail, otherwise ERROR_OK
1162 */
1163 int arm7_9_soft_reset_halt(struct target_s *target)
1164 {
1165 armv4_5_common_t *armv4_5 = target->arch_info;
1166 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1167 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1168 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1169 int i;
1170 int retval;
1171
1172 if ((retval = target_halt(target)) != ERROR_OK)
1173 return retval;
1174
1175 long long then = timeval_ms();
1176 int timeout;
1177 while (!(timeout = ((timeval_ms()-then) > 1000)))
1178 {
1179 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1180 break;
1181 embeddedice_read_reg(dbg_stat);
1182 if ((retval = jtag_execute_queue()) != ERROR_OK)
1183 return retval;
1184 if (debug_level >= 3)
1185 {
1186 alive_sleep(100);
1187 } else
1188 {
1189 keep_alive();
1190 }
1191 }
1192 if (timeout)
1193 {
1194 LOG_ERROR("Failed to halt CPU after 1 sec");
1195 return ERROR_TARGET_TIMEOUT;
1196 }
1197 target->state = TARGET_HALTED;
1198
1199 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1200 * ensure that DBGRQ is cleared
1201 */
1202 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1203 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1204 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1205 embeddedice_store_reg(dbg_ctrl);
1206
1207 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1208 {
1209 return retval;
1210 }
1211
1212 /* if the target is in Thumb state, change to ARM state */
1213 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1214 {
1215 uint32_t r0_thumb, pc_thumb;
1216 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1217 /* Entered debug from Thumb mode */
1218 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1219 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1220 }
1221
1222 /* all register content is now invalid */
1223 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1224 {
1225 return retval;
1226 }
1227
1228 /* SVC, ARM state, IRQ and FIQ disabled */
1229 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1230 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1231 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1232
1233 /* start fetching from 0x0 */
1234 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1235 armv4_5->core_cache->reg_list[15].dirty = 1;
1236 armv4_5->core_cache->reg_list[15].valid = 1;
1237
1238 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1239 armv4_5->core_state = ARMV4_5_STATE_ARM;
1240
1241 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1242 return ERROR_FAIL;
1243
1244 /* reset registers */
1245 for (i = 0; i <= 14; i++)
1246 {
1247 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1248 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1249 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1250 }
1251
1252 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1253 {
1254 return retval;
1255 }
1256
1257 return ERROR_OK;
1258 }
1259
1260 /**
1261 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1262 * line or by programming a watchpoint to trigger on any address. It is
1263 * considered a bug to call this function while the target is in the
1264 * TARGET_RESET state.
1265 *
1266 * @param target Pointer to the ARM7/9 target to be halted
1267 * @return Always ERROR_OK
1268 */
1269 int arm7_9_halt(target_t *target)
1270 {
1271 if (target->state == TARGET_RESET)
1272 {
1273 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1274 return ERROR_OK;
1275 }
1276
1277 armv4_5_common_t *armv4_5 = target->arch_info;
1278 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1279 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1280
1281 LOG_DEBUG("target->state: %s",
1282 target_state_name(target));
1283
1284 if (target->state == TARGET_HALTED)
1285 {
1286 LOG_DEBUG("target was already halted");
1287 return ERROR_OK;
1288 }
1289
1290 if (target->state == TARGET_UNKNOWN)
1291 {
1292 LOG_WARNING("target was in unknown state when halt was requested");
1293 }
1294
1295 if (arm7_9->use_dbgrq)
1296 {
1297 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1298 */
1299 if (arm7_9->set_special_dbgrq) {
1300 arm7_9->set_special_dbgrq(target);
1301 } else {
1302 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1303 embeddedice_store_reg(dbg_ctrl);
1304 }
1305 }
1306 else
1307 {
1308 /* program watchpoint unit to match on any address
1309 */
1310 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1311 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1312 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1313 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1314 }
1315
1316 target->debug_reason = DBG_REASON_DBGRQ;
1317
1318 return ERROR_OK;
1319 }
1320
1321 /**
1322 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1323 * ARM. The JTAG queue is then executed and the reason for debug entry is
1324 * examined. Once done, the target is verified to be halted and the processor
1325 * is forced into ARM mode. The core registers are saved for the current core
1326 * mode and the program counter (register 15) is updated as needed. The core
1327 * registers and CPSR and SPSR are saved for restoration later.
1328 *
1329 * @param target Pointer to target that is entering debug mode
1330 * @return Error code if anything fails, otherwise ERROR_OK
1331 */
1332 int arm7_9_debug_entry(target_t *target)
1333 {
1334 int i;
1335 uint32_t context[16];
1336 uint32_t* context_p[16];
1337 uint32_t r0_thumb, pc_thumb;
1338 uint32_t cpsr;
1339 int retval;
1340 /* get pointers to arch-specific information */
1341 armv4_5_common_t *armv4_5 = target->arch_info;
1342 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1343 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1344 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1345
1346 #ifdef _DEBUG_ARM7_9_
1347 LOG_DEBUG("-");
1348 #endif
1349
1350 if (arm7_9->pre_debug_entry)
1351 arm7_9->pre_debug_entry(target);
1352
1353 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1354 * ensure that DBGRQ is cleared
1355 */
1356 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1357 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1358 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1359 embeddedice_store_reg(dbg_ctrl);
1360
1361 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1362 {
1363 return retval;
1364 }
1365
1366 if ((retval = jtag_execute_queue()) != ERROR_OK)
1367 {
1368 return retval;
1369 }
1370
1371 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1372 return retval;
1373
1374
1375 if (target->state != TARGET_HALTED)
1376 {
1377 LOG_WARNING("target not halted");
1378 return ERROR_TARGET_NOT_HALTED;
1379 }
1380
1381 /* if the target is in Thumb state, change to ARM state */
1382 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1383 {
1384 LOG_DEBUG("target entered debug from Thumb state");
1385 /* Entered debug from Thumb mode */
1386 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1387 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1388 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1389 }
1390 else
1391 {
1392 LOG_DEBUG("target entered debug from ARM state");
1393 /* Entered debug from ARM mode */
1394 armv4_5->core_state = ARMV4_5_STATE_ARM;
1395 }
1396
1397 for (i = 0; i < 16; i++)
1398 context_p[i] = &context[i];
1399 /* save core registers (r0 - r15 of current core mode) */
1400 arm7_9->read_core_regs(target, 0xffff, context_p);
1401
1402 arm7_9->read_xpsr(target, &cpsr, 0);
1403
1404 if ((retval = jtag_execute_queue()) != ERROR_OK)
1405 return retval;
1406
1407 /* if the core has been executing in Thumb state, set the T bit */
1408 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1409 cpsr |= 0x20;
1410
1411 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1412 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1413 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1414
1415 armv4_5->core_mode = cpsr & 0x1f;
1416
1417 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1418 {
1419 target->state = TARGET_UNKNOWN;
1420 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1421 return ERROR_TARGET_FAILURE;
1422 }
1423
1424 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1425
1426 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1427 {
1428 LOG_DEBUG("thumb state, applying fixups");
1429 context[0] = r0_thumb;
1430 context[15] = pc_thumb;
1431 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1432 {
1433 /* adjust value stored by STM */
1434 context[15] -= 3 * 4;
1435 }
1436
1437 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1438 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1439 else
1440 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1441
1442 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1443 return ERROR_FAIL;
1444
1445 for (i = 0; i <= 15; i++)
1446 {
1447 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1448 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1449 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1450 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1451 }
1452
1453 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1454
1455 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1456 return ERROR_FAIL;
1457
1458 /* exceptions other than USR & SYS have a saved program status register */
1459 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1460 {
1461 uint32_t spsr;
1462 arm7_9->read_xpsr(target, &spsr, 1);
1463 if ((retval = jtag_execute_queue()) != ERROR_OK)
1464 {
1465 return retval;
1466 }
1467 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1468 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1469 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1470 }
1471
1472 /* r0 and r15 (pc) have to be restored later */
1473 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1474 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1475
1476 if ((retval = jtag_execute_queue()) != ERROR_OK)
1477 return retval;
1478
1479 if (arm7_9->post_debug_entry)
1480 arm7_9->post_debug_entry(target);
1481
1482 return ERROR_OK;
1483 }
1484
1485 /**
1486 * Validate the full context for an ARM7/9 target in all processor modes. If
1487 * there are any invalid registers for the target, they will all be read. This
1488 * includes the PSR.
1489 *
1490 * @param target Pointer to the ARM7/9 target to capture the full context from
1491 * @return Error if the target is not halted, has an invalid core mode, or if
1492 * the JTAG queue fails to execute
1493 */
1494 int arm7_9_full_context(target_t *target)
1495 {
1496 int i;
1497 int retval;
1498 armv4_5_common_t *armv4_5 = target->arch_info;
1499 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1500
1501 LOG_DEBUG("-");
1502
1503 if (target->state != TARGET_HALTED)
1504 {
1505 LOG_WARNING("target not halted");
1506 return ERROR_TARGET_NOT_HALTED;
1507 }
1508
1509 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1510 return ERROR_FAIL;
1511
1512 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1513 * SYS shares registers with User, so we don't touch SYS
1514 */
1515 for (i = 0; i < 6; i++)
1516 {
1517 uint32_t mask = 0;
1518 uint32_t* reg_p[16];
1519 int j;
1520 int valid = 1;
1521
1522 /* check if there are invalid registers in the current mode
1523 */
1524 for (j = 0; j <= 16; j++)
1525 {
1526 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1527 valid = 0;
1528 }
1529
1530 if (!valid)
1531 {
1532 uint32_t tmp_cpsr;
1533
1534 /* change processor mode (and mask T bit) */
1535 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1536 tmp_cpsr |= armv4_5_number_to_mode(i);
1537 tmp_cpsr &= ~0x20;
1538 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1539
1540 for (j = 0; j < 15; j++)
1541 {
1542 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1543 {
1544 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1545 mask |= 1 << j;
1546 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1547 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1548 }
1549 }
1550
1551 /* if only the PSR is invalid, mask is all zeroes */
1552 if (mask)
1553 arm7_9->read_core_regs(target, mask, reg_p);
1554
1555 /* check if the PSR has to be read */
1556 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1557 {
1558 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1559 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1560 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1561 }
1562 }
1563 }
1564
1565 /* restore processor mode (mask T bit) */
1566 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1567
1568 if ((retval = jtag_execute_queue()) != ERROR_OK)
1569 {
1570 return retval;
1571 }
1572 return ERROR_OK;
1573 }
1574
1575 /**
1576 * Restore the processor context on an ARM7/9 target. The full processor
1577 * context is analyzed to see if any of the registers are dirty on this end, but
1578 * have a valid new value. If this is the case, the processor is changed to the
1579 * appropriate mode and the new register values are written out to the
1580 * processor. If there happens to be a dirty register with an invalid value, an
1581 * error will be logged.
1582 *
1583 * @param target Pointer to the ARM7/9 target to have its context restored
1584 * @return Error status if the target is not halted or the core mode in the
1585 * armv4_5 struct is invalid.
1586 */
1587 int arm7_9_restore_context(target_t *target)
1588 {
1589 armv4_5_common_t *armv4_5 = target->arch_info;
1590 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1591 reg_t *reg;
1592 armv4_5_core_reg_t *reg_arch_info;
1593 enum armv4_5_mode current_mode = armv4_5->core_mode;
1594 int i, j;
1595 int dirty;
1596 int mode_change;
1597
1598 LOG_DEBUG("-");
1599
1600 if (target->state != TARGET_HALTED)
1601 {
1602 LOG_WARNING("target not halted");
1603 return ERROR_TARGET_NOT_HALTED;
1604 }
1605
1606 if (arm7_9->pre_restore_context)
1607 arm7_9->pre_restore_context(target);
1608
1609 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1610 return ERROR_FAIL;
1611
1612 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1613 * SYS shares registers with User, so we don't touch SYS
1614 */
1615 for (i = 0; i < 6; i++)
1616 {
1617 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1618 dirty = 0;
1619 mode_change = 0;
1620 /* check if there are dirty registers in the current mode
1621 */
1622 for (j = 0; j <= 16; j++)
1623 {
1624 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1625 reg_arch_info = reg->arch_info;
1626 if (reg->dirty == 1)
1627 {
1628 if (reg->valid == 1)
1629 {
1630 dirty = 1;
1631 LOG_DEBUG("examining dirty reg: %s", reg->name);
1632 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1633 && (reg_arch_info->mode != current_mode)
1634 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1635 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1636 {
1637 mode_change = 1;
1638 LOG_DEBUG("require mode change");
1639 }
1640 }
1641 else
1642 {
1643 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1644 }
1645 }
1646 }
1647
1648 if (dirty)
1649 {
1650 uint32_t mask = 0x0;
1651 int num_regs = 0;
1652 uint32_t regs[16];
1653
1654 if (mode_change)
1655 {
1656 uint32_t tmp_cpsr;
1657
1658 /* change processor mode (mask T bit) */
1659 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1660 tmp_cpsr |= armv4_5_number_to_mode(i);
1661 tmp_cpsr &= ~0x20;
1662 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1663 current_mode = armv4_5_number_to_mode(i);
1664 }
1665
1666 for (j = 0; j <= 14; j++)
1667 {
1668 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1669 reg_arch_info = reg->arch_info;
1670
1671
1672 if (reg->dirty == 1)
1673 {
1674 regs[j] = buf_get_u32(reg->value, 0, 32);
1675 mask |= 1 << j;
1676 num_regs++;
1677 reg->dirty = 0;
1678 reg->valid = 1;
1679 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1680 }
1681 }
1682
1683 if (mask)
1684 {
1685 arm7_9->write_core_regs(target, mask, regs);
1686 }
1687
1688 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1689 reg_arch_info = reg->arch_info;
1690 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1691 {
1692 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1693 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1694 }
1695 }
1696 }
1697
1698 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1699 {
1700 /* restore processor mode (mask T bit) */
1701 uint32_t tmp_cpsr;
1702
1703 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1704 tmp_cpsr |= armv4_5_number_to_mode(i);
1705 tmp_cpsr &= ~0x20;
1706 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1707 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1708 }
1709 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1710 {
1711 /* CPSR has been changed, full restore necessary (mask T bit) */
1712 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1713 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1714 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1715 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1716 }
1717
1718 /* restore PC */
1719 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1720 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1721 armv4_5->core_cache->reg_list[15].dirty = 0;
1722
1723 if (arm7_9->post_restore_context)
1724 arm7_9->post_restore_context(target);
1725
1726 return ERROR_OK;
1727 }
1728
1729 /**
1730 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1731 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1732 * restart.
1733 *
1734 * @param target Pointer to the ARM7/9 target to be restarted
1735 * @return Result of executing the JTAG queue
1736 */
1737 int arm7_9_restart_core(struct target_s *target)
1738 {
1739 armv4_5_common_t *armv4_5 = target->arch_info;
1740 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1741 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1742
1743 /* set RESTART instruction */
1744 jtag_set_end_state(TAP_IDLE);
1745 if (arm7_9->need_bypass_before_restart) {
1746 arm7_9->need_bypass_before_restart = 0;
1747 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1748 }
1749 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1750
1751 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1752 return jtag_execute_queue();
1753 }
1754
1755 /**
1756 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1757 * iterated through and are set on the target if they aren't already set.
1758 *
1759 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1760 */
1761 void arm7_9_enable_watchpoints(struct target_s *target)
1762 {
1763 watchpoint_t *watchpoint = target->watchpoints;
1764
1765 while (watchpoint)
1766 {
1767 if (watchpoint->set == 0)
1768 arm7_9_set_watchpoint(target, watchpoint);
1769 watchpoint = watchpoint->next;
1770 }
1771 }
1772
1773 /**
1774 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1775 * iterated through and are set on the target.
1776 *
1777 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1778 */
1779 void arm7_9_enable_breakpoints(struct target_s *target)
1780 {
1781 breakpoint_t *breakpoint = target->breakpoints;
1782
1783 /* set any pending breakpoints */
1784 while (breakpoint)
1785 {
1786 arm7_9_set_breakpoint(target, breakpoint);
1787 breakpoint = breakpoint->next;
1788 }
1789 }
1790
1791 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1792 {
1793 armv4_5_common_t *armv4_5 = target->arch_info;
1794 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1795 breakpoint_t *breakpoint = target->breakpoints;
1796 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1797 int err, retval = ERROR_OK;
1798
1799 LOG_DEBUG("-");
1800
1801 if (target->state != TARGET_HALTED)
1802 {
1803 LOG_WARNING("target not halted");
1804 return ERROR_TARGET_NOT_HALTED;
1805 }
1806
1807 if (!debug_execution)
1808 {
1809 target_free_all_working_areas(target);
1810 }
1811
1812 /* current = 1: continue on current pc, otherwise continue at <address> */
1813 if (!current)
1814 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1815
1816 uint32_t current_pc;
1817 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1818
1819 /* the front-end may request us not to handle breakpoints */
1820 if (handle_breakpoints)
1821 {
1822 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1823 {
1824 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1825 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1826 {
1827 return retval;
1828 }
1829
1830 /* calculate PC of next instruction */
1831 uint32_t next_pc;
1832 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1833 {
1834 uint32_t current_opcode;
1835 target_read_u32(target, current_pc, &current_opcode);
1836 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1837 return retval;
1838 }
1839
1840 LOG_DEBUG("enable single-step");
1841 arm7_9->enable_single_step(target, next_pc);
1842
1843 target->debug_reason = DBG_REASON_SINGLESTEP;
1844
1845 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1846 {
1847 return retval;
1848 }
1849
1850 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1851 arm7_9->branch_resume(target);
1852 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1853 {
1854 arm7_9->branch_resume_thumb(target);
1855 }
1856 else
1857 {
1858 LOG_ERROR("unhandled core state");
1859 return ERROR_FAIL;
1860 }
1861
1862 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1863 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1864 err = arm7_9_execute_sys_speed(target);
1865
1866 LOG_DEBUG("disable single-step");
1867 arm7_9->disable_single_step(target);
1868
1869 if (err != ERROR_OK)
1870 {
1871 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1872 {
1873 return retval;
1874 }
1875 target->state = TARGET_UNKNOWN;
1876 return err;
1877 }
1878
1879 arm7_9_debug_entry(target);
1880 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1881
1882 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1883 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1884 {
1885 return retval;
1886 }
1887 }
1888 }
1889
1890 /* enable any pending breakpoints and watchpoints */
1891 arm7_9_enable_breakpoints(target);
1892 arm7_9_enable_watchpoints(target);
1893
1894 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1895 {
1896 return retval;
1897 }
1898
1899 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1900 {
1901 arm7_9->branch_resume(target);
1902 }
1903 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1904 {
1905 arm7_9->branch_resume_thumb(target);
1906 }
1907 else
1908 {
1909 LOG_ERROR("unhandled core state");
1910 return ERROR_FAIL;
1911 }
1912
1913 /* deassert DBGACK and INTDIS */
1914 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1915 /* INTDIS only when we really resume, not during debug execution */
1916 if (!debug_execution)
1917 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1918 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1919
1920 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1921 {
1922 return retval;
1923 }
1924
1925 target->debug_reason = DBG_REASON_NOTHALTED;
1926
1927 if (!debug_execution)
1928 {
1929 /* registers are now invalid */
1930 armv4_5_invalidate_core_regs(target);
1931 target->state = TARGET_RUNNING;
1932 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1933 {
1934 return retval;
1935 }
1936 }
1937 else
1938 {
1939 target->state = TARGET_DEBUG_RUNNING;
1940 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1941 {
1942 return retval;
1943 }
1944 }
1945
1946 LOG_DEBUG("target resumed");
1947
1948 return ERROR_OK;
1949 }
1950
1951 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1952 {
1953 armv4_5_common_t *armv4_5 = target->arch_info;
1954 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1955
1956 uint32_t current_pc;
1957 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1958
1959 if (next_pc != current_pc)
1960 {
1961 /* setup an inverse breakpoint on the current PC
1962 * - comparator 1 matches the current address
1963 * - rangeout from comparator 1 is connected to comparator 0 rangein
1964 * - comparator 0 matches any address, as long as rangein is low */
1965 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1966 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1967 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1968 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1969 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1970 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1972 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1973 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1974 }
1975 else
1976 {
1977 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1978 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1979 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1980 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1981 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1982 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1983 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1984 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1985 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1986 }
1987 }
1988
1989 void arm7_9_disable_eice_step(target_t *target)
1990 {
1991 armv4_5_common_t *armv4_5 = target->arch_info;
1992 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1993
1994 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1995 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1996 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1997 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1998 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
1999 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
2000 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
2001 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2002 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2003 }
2004
2005 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2006 {
2007 armv4_5_common_t *armv4_5 = target->arch_info;
2008 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2009 breakpoint_t *breakpoint = NULL;
2010 int err, retval;
2011
2012 if (target->state != TARGET_HALTED)
2013 {
2014 LOG_WARNING("target not halted");
2015 return ERROR_TARGET_NOT_HALTED;
2016 }
2017
2018 /* current = 1: continue on current pc, otherwise continue at <address> */
2019 if (!current)
2020 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2021
2022 uint32_t current_pc;
2023 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2024
2025 /* the front-end may request us not to handle breakpoints */
2026 if (handle_breakpoints)
2027 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2028 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2029 {
2030 return retval;
2031 }
2032
2033 target->debug_reason = DBG_REASON_SINGLESTEP;
2034
2035 /* calculate PC of next instruction */
2036 uint32_t next_pc;
2037 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2038 {
2039 uint32_t current_opcode;
2040 target_read_u32(target, current_pc, &current_opcode);
2041 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2042 return retval;
2043 }
2044
2045 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2046 {
2047 return retval;
2048 }
2049
2050 arm7_9->enable_single_step(target, next_pc);
2051
2052 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2053 {
2054 arm7_9->branch_resume(target);
2055 }
2056 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2057 {
2058 arm7_9->branch_resume_thumb(target);
2059 }
2060 else
2061 {
2062 LOG_ERROR("unhandled core state");
2063 return ERROR_FAIL;
2064 }
2065
2066 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2067 {
2068 return retval;
2069 }
2070
2071 err = arm7_9_execute_sys_speed(target);
2072 arm7_9->disable_single_step(target);
2073
2074 /* registers are now invalid */
2075 armv4_5_invalidate_core_regs(target);
2076
2077 if (err != ERROR_OK)
2078 {
2079 target->state = TARGET_UNKNOWN;
2080 } else {
2081 arm7_9_debug_entry(target);
2082 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2083 {
2084 return retval;
2085 }
2086 LOG_DEBUG("target stepped");
2087 }
2088
2089 if (breakpoint)
2090 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2091 {
2092 return retval;
2093 }
2094
2095 return err;
2096 }
2097
2098 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2099 {
2100 uint32_t* reg_p[16];
2101 uint32_t value;
2102 int retval;
2103 armv4_5_common_t *armv4_5 = target->arch_info;
2104 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2105
2106 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2107 return ERROR_FAIL;
2108
2109 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2110
2111 if ((num < 0) || (num > 16))
2112 return ERROR_INVALID_ARGUMENTS;
2113
2114 if ((mode != ARMV4_5_MODE_ANY)
2115 && (mode != armv4_5->core_mode)
2116 && (reg_mode != ARMV4_5_MODE_ANY))
2117 {
2118 uint32_t tmp_cpsr;
2119
2120 /* change processor mode (mask T bit) */
2121 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2122 tmp_cpsr |= mode;
2123 tmp_cpsr &= ~0x20;
2124 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2125 }
2126
2127 if ((num >= 0) && (num <= 15))
2128 {
2129 /* read a normal core register */
2130 reg_p[num] = &value;
2131
2132 arm7_9->read_core_regs(target, 1 << num, reg_p);
2133 }
2134 else
2135 {
2136 /* read a program status register
2137 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2138 */
2139 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2140 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2141
2142 arm7_9->read_xpsr(target, &value, spsr);
2143 }
2144
2145 if ((retval = jtag_execute_queue()) != ERROR_OK)
2146 {
2147 return retval;
2148 }
2149
2150 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2151 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2152 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2153
2154 if ((mode != ARMV4_5_MODE_ANY)
2155 && (mode != armv4_5->core_mode)
2156 && (reg_mode != ARMV4_5_MODE_ANY)) {
2157 /* restore processor mode (mask T bit) */
2158 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2159 }
2160
2161 return ERROR_OK;
2162 }
2163
2164 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2165 {
2166 uint32_t reg[16];
2167 armv4_5_common_t *armv4_5 = target->arch_info;
2168 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2169
2170 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2171 return ERROR_FAIL;
2172
2173 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2174
2175 if ((num < 0) || (num > 16))
2176 return ERROR_INVALID_ARGUMENTS;
2177
2178 if ((mode != ARMV4_5_MODE_ANY)
2179 && (mode != armv4_5->core_mode)
2180 && (reg_mode != ARMV4_5_MODE_ANY)) {
2181 uint32_t tmp_cpsr;
2182
2183 /* change processor mode (mask T bit) */
2184 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2185 tmp_cpsr |= mode;
2186 tmp_cpsr &= ~0x20;
2187 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2188 }
2189
2190 if ((num >= 0) && (num <= 15))
2191 {
2192 /* write a normal core register */
2193 reg[num] = value;
2194
2195 arm7_9->write_core_regs(target, 1 << num, reg);
2196 }
2197 else
2198 {
2199 /* write a program status register
2200 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2201 */
2202 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2203 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2204
2205 /* if we're writing the CPSR, mask the T bit */
2206 if (!spsr)
2207 value &= ~0x20;
2208
2209 arm7_9->write_xpsr(target, value, spsr);
2210 }
2211
2212 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2213 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2214
2215 if ((mode != ARMV4_5_MODE_ANY)
2216 && (mode != armv4_5->core_mode)
2217 && (reg_mode != ARMV4_5_MODE_ANY)) {
2218 /* restore processor mode (mask T bit) */
2219 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2220 }
2221
2222 return jtag_execute_queue();
2223 }
2224
2225 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2226 {
2227 armv4_5_common_t *armv4_5 = target->arch_info;
2228 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2229
2230 uint32_t reg[16];
2231 uint32_t num_accesses = 0;
2232 int thisrun_accesses;
2233 int i;
2234 uint32_t cpsr;
2235 int retval;
2236 int last_reg = 0;
2237
2238 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2239
2240 if (target->state != TARGET_HALTED)
2241 {
2242 LOG_WARNING("target not halted");
2243 return ERROR_TARGET_NOT_HALTED;
2244 }
2245
2246 /* sanitize arguments */
2247 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2248 return ERROR_INVALID_ARGUMENTS;
2249
2250 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2251 return ERROR_TARGET_UNALIGNED_ACCESS;
2252
2253 /* load the base register with the address of the first word */
2254 reg[0] = address;
2255 arm7_9->write_core_regs(target, 0x1, reg);
2256
2257 int j = 0;
2258
2259 switch (size)
2260 {
2261 case 4:
2262 while (num_accesses < count)
2263 {
2264 uint32_t reg_list;
2265 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2266 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2267
2268 if (last_reg <= thisrun_accesses)
2269 last_reg = thisrun_accesses;
2270
2271 arm7_9->load_word_regs(target, reg_list);
2272
2273 /* fast memory reads are only safe when the target is running
2274 * from a sufficiently high clock (32 kHz is usually too slow)
2275 */
2276 if (arm7_9->fast_memory_access)
2277 retval = arm7_9_execute_fast_sys_speed(target);
2278 else
2279 retval = arm7_9_execute_sys_speed(target);
2280 if (retval != ERROR_OK)
2281 return retval;
2282
2283 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2284
2285 /* advance buffer, count number of accesses */
2286 buffer += thisrun_accesses * 4;
2287 num_accesses += thisrun_accesses;
2288
2289 if ((j++%1024) == 0)
2290 {
2291 keep_alive();
2292 }
2293 }
2294 break;
2295 case 2:
2296 while (num_accesses < count)
2297 {
2298 uint32_t reg_list;
2299 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2300 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2301
2302 for (i = 1; i <= thisrun_accesses; i++)
2303 {
2304 if (i > last_reg)
2305 last_reg = i;
2306 arm7_9->load_hword_reg(target, i);
2307 /* fast memory reads are only safe when the target is running
2308 * from a sufficiently high clock (32 kHz is usually too slow)
2309 */
2310 if (arm7_9->fast_memory_access)
2311 retval = arm7_9_execute_fast_sys_speed(target);
2312 else
2313 retval = arm7_9_execute_sys_speed(target);
2314 if (retval != ERROR_OK)
2315 {
2316 return retval;
2317 }
2318
2319 }
2320
2321 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2322
2323 /* advance buffer, count number of accesses */
2324 buffer += thisrun_accesses * 2;
2325 num_accesses += thisrun_accesses;
2326
2327 if ((j++%1024) == 0)
2328 {
2329 keep_alive();
2330 }
2331 }
2332 break;
2333 case 1:
2334 while (num_accesses < count)
2335 {
2336 uint32_t reg_list;
2337 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2338 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2339
2340 for (i = 1; i <= thisrun_accesses; i++)
2341 {
2342 if (i > last_reg)
2343 last_reg = i;
2344 arm7_9->load_byte_reg(target, i);
2345 /* fast memory reads are only safe when the target is running
2346 * from a sufficiently high clock (32 kHz is usually too slow)
2347 */
2348 if (arm7_9->fast_memory_access)
2349 retval = arm7_9_execute_fast_sys_speed(target);
2350 else
2351 retval = arm7_9_execute_sys_speed(target);
2352 if (retval != ERROR_OK)
2353 {
2354 return retval;
2355 }
2356 }
2357
2358 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2359
2360 /* advance buffer, count number of accesses */
2361 buffer += thisrun_accesses * 1;
2362 num_accesses += thisrun_accesses;
2363
2364 if ((j++%1024) == 0)
2365 {
2366 keep_alive();
2367 }
2368 }
2369 break;
2370 default:
2371 LOG_ERROR("BUG: we shouldn't get here");
2372 exit(-1);
2373 break;
2374 }
2375
2376 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2377 return ERROR_FAIL;
2378
2379 for (i = 0; i <= last_reg; i++)
2380 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2381
2382 arm7_9->read_xpsr(target, &cpsr, 0);
2383 if ((retval = jtag_execute_queue()) != ERROR_OK)
2384 {
2385 LOG_ERROR("JTAG error while reading cpsr");
2386 return ERROR_TARGET_DATA_ABORT;
2387 }
2388
2389 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2390 {
2391 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2392
2393 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2394
2395 return ERROR_TARGET_DATA_ABORT;
2396 }
2397
2398 return ERROR_OK;
2399 }
2400
2401 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2402 {
2403 armv4_5_common_t *armv4_5 = target->arch_info;
2404 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2405 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2406
2407 uint32_t reg[16];
2408 uint32_t num_accesses = 0;
2409 int thisrun_accesses;
2410 int i;
2411 uint32_t cpsr;
2412 int retval;
2413 int last_reg = 0;
2414
2415 #ifdef _DEBUG_ARM7_9_
2416 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2417 #endif
2418
2419 if (target->state != TARGET_HALTED)
2420 {
2421 LOG_WARNING("target not halted");
2422 return ERROR_TARGET_NOT_HALTED;
2423 }
2424
2425 /* sanitize arguments */
2426 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2427 return ERROR_INVALID_ARGUMENTS;
2428
2429 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2430 return ERROR_TARGET_UNALIGNED_ACCESS;
2431
2432 /* load the base register with the address of the first word */
2433 reg[0] = address;
2434 arm7_9->write_core_regs(target, 0x1, reg);
2435
2436 /* Clear DBGACK, to make sure memory fetches work as expected */
2437 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2438 embeddedice_store_reg(dbg_ctrl);
2439
2440 switch (size)
2441 {
2442 case 4:
2443 while (num_accesses < count)
2444 {
2445 uint32_t reg_list;
2446 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2447 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2448
2449 for (i = 1; i <= thisrun_accesses; i++)
2450 {
2451 if (i > last_reg)
2452 last_reg = i;
2453 reg[i] = target_buffer_get_u32(target, buffer);
2454 buffer += 4;
2455 }
2456
2457 arm7_9->write_core_regs(target, reg_list, reg);
2458
2459 arm7_9->store_word_regs(target, reg_list);
2460
2461 /* fast memory writes are only safe when the target is running
2462 * from a sufficiently high clock (32 kHz is usually too slow)
2463 */
2464 if (arm7_9->fast_memory_access)
2465 retval = arm7_9_execute_fast_sys_speed(target);
2466 else
2467 retval = arm7_9_execute_sys_speed(target);
2468 if (retval != ERROR_OK)
2469 {
2470 return retval;
2471 }
2472
2473 num_accesses += thisrun_accesses;
2474 }
2475 break;
2476 case 2:
2477 while (num_accesses < count)
2478 {
2479 uint32_t reg_list;
2480 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2481 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2482
2483 for (i = 1; i <= thisrun_accesses; i++)
2484 {
2485 if (i > last_reg)
2486 last_reg = i;
2487 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2488 buffer += 2;
2489 }
2490
2491 arm7_9->write_core_regs(target, reg_list, reg);
2492
2493 for (i = 1; i <= thisrun_accesses; i++)
2494 {
2495 arm7_9->store_hword_reg(target, i);
2496
2497 /* fast memory writes are only safe when the target is running
2498 * from a sufficiently high clock (32 kHz is usually too slow)
2499 */
2500 if (arm7_9->fast_memory_access)
2501 retval = arm7_9_execute_fast_sys_speed(target);
2502 else
2503 retval = arm7_9_execute_sys_speed(target);
2504 if (retval != ERROR_OK)
2505 {
2506 return retval;
2507 }
2508 }
2509
2510 num_accesses += thisrun_accesses;
2511 }
2512 break;
2513 case 1:
2514 while (num_accesses < count)
2515 {
2516 uint32_t reg_list;
2517 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2518 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2519
2520 for (i = 1; i <= thisrun_accesses; i++)
2521 {
2522 if (i > last_reg)
2523 last_reg = i;
2524 reg[i] = *buffer++ & 0xff;
2525 }
2526
2527 arm7_9->write_core_regs(target, reg_list, reg);
2528
2529 for (i = 1; i <= thisrun_accesses; i++)
2530 {
2531 arm7_9->store_byte_reg(target, i);
2532 /* fast memory writes are only safe when the target is running
2533 * from a sufficiently high clock (32 kHz is usually too slow)
2534 */
2535 if (arm7_9->fast_memory_access)
2536 retval = arm7_9_execute_fast_sys_speed(target);
2537 else
2538 retval = arm7_9_execute_sys_speed(target);
2539 if (retval != ERROR_OK)
2540 {
2541 return retval;
2542 }
2543
2544 }
2545
2546 num_accesses += thisrun_accesses;
2547 }
2548 break;
2549 default:
2550 LOG_ERROR("BUG: we shouldn't get here");
2551 exit(-1);
2552 break;
2553 }
2554
2555 /* Re-Set DBGACK */
2556 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2557 embeddedice_store_reg(dbg_ctrl);
2558
2559 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2560 return ERROR_FAIL;
2561
2562 for (i = 0; i <= last_reg; i++)
2563 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2564
2565 arm7_9->read_xpsr(target, &cpsr, 0);
2566 if ((retval = jtag_execute_queue()) != ERROR_OK)
2567 {
2568 LOG_ERROR("JTAG error while reading cpsr");
2569 return ERROR_TARGET_DATA_ABORT;
2570 }
2571
2572 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2573 {
2574 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2575
2576 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2577
2578 return ERROR_TARGET_DATA_ABORT;
2579 }
2580
2581 return ERROR_OK;
2582 }
2583
2584 static int dcc_count;
2585 static uint8_t *dcc_buffer;
2586
2587 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2588 {
2589 int retval = ERROR_OK;
2590 armv4_5_common_t *armv4_5 = target->arch_info;
2591 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2592
2593 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2594 return retval;
2595
2596 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2597 int count = dcc_count;
2598 uint8_t *buffer = dcc_buffer;
2599 if (count > 2)
2600 {
2601 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2602 * core function repeated. */
2603 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2604 buffer += 4;
2605
2606 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2607 uint8_t reg_addr = ice_reg->addr & 0x1f;
2608 jtag_tap_t *tap;
2609 tap = ice_reg->jtag_info->tap;
2610
2611 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2612 buffer += (count-2)*4;
2613
2614 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2615 } else
2616 {
2617 int i;
2618 for (i = 0; i < count; i++)
2619 {
2620 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2621 buffer += 4;
2622 }
2623 }
2624
2625 if ((retval = target_halt(target))!= ERROR_OK)
2626 {
2627 return retval;
2628 }
2629 return target_wait_state(target, TARGET_HALTED, 500);
2630 }
2631
2632 static const uint32_t dcc_code[] =
2633 {
2634 /* MRC TST BNE MRC STR B */
2635 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2636 };
2637
2638 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2639
2640 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2641 {
2642 int retval;
2643 armv4_5_common_t *armv4_5 = target->arch_info;
2644 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2645 int i;
2646
2647 if (!arm7_9->dcc_downloads)
2648 return target_write_memory(target, address, 4, count, buffer);
2649
2650 /* regrab previously allocated working_area, or allocate a new one */
2651 if (!arm7_9->dcc_working_area)
2652 {
2653 uint8_t dcc_code_buf[6 * 4];
2654
2655 /* make sure we have a working area */
2656 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2657 {
2658 LOG_INFO("no working area available, falling back to memory writes");
2659 return target_write_memory(target, address, 4, count, buffer);
2660 }
2661
2662 /* copy target instructions to target endianness */
2663 for (i = 0; i < 6; i++)
2664 {
2665 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2666 }
2667
2668 /* write DCC code to working area */
2669 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2670 {
2671 return retval;
2672 }
2673 }
2674
2675 armv4_5_algorithm_t armv4_5_info;
2676 reg_param_t reg_params[1];
2677
2678 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2679 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2680 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2681
2682 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2683
2684 buf_set_u32(reg_params[0].value, 0, 32, address);
2685
2686 dcc_count = count;
2687 dcc_buffer = buffer;
2688 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2689 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2690
2691 if (retval == ERROR_OK)
2692 {
2693 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2694 if (endaddress != (address + count*4))
2695 {
2696 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2697 retval = ERROR_FAIL;
2698 }
2699 }
2700
2701 destroy_reg_param(&reg_params[0]);
2702
2703 return retval;
2704 }
2705
2706 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2707 {
2708 working_area_t *crc_algorithm;
2709 armv4_5_algorithm_t armv4_5_info;
2710 reg_param_t reg_params[2];
2711 int retval;
2712
2713 uint32_t arm7_9_crc_code[] = {
2714 0xE1A02000, /* mov r2, r0 */
2715 0xE3E00000, /* mov r0, #0xffffffff */
2716 0xE1A03001, /* mov r3, r1 */
2717 0xE3A04000, /* mov r4, #0 */
2718 0xEA00000B, /* b ncomp */
2719 /* nbyte: */
2720 0xE7D21004, /* ldrb r1, [r2, r4] */
2721 0xE59F7030, /* ldr r7, CRC32XOR */
2722 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2723 0xE3A05000, /* mov r5, #0 */
2724 /* loop: */
2725 0xE3500000, /* cmp r0, #0 */
2726 0xE1A06080, /* mov r6, r0, asl #1 */
2727 0xE2855001, /* add r5, r5, #1 */
2728 0xE1A00006, /* mov r0, r6 */
2729 0xB0260007, /* eorlt r0, r6, r7 */
2730 0xE3550008, /* cmp r5, #8 */
2731 0x1AFFFFF8, /* bne loop */
2732 0xE2844001, /* add r4, r4, #1 */
2733 /* ncomp: */
2734 0xE1540003, /* cmp r4, r3 */
2735 0x1AFFFFF1, /* bne nbyte */
2736 /* end: */
2737 0xEAFFFFFE, /* b end */
2738 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2739 };
2740
2741 uint32_t i;
2742
2743 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2744 {
2745 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2746 }
2747
2748 /* convert flash writing code into a buffer in target endianness */
2749 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2750 {
2751 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2752 {
2753 return retval;
2754 }
2755 }
2756
2757 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2758 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2759 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2760
2761 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2762 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2763
2764 buf_set_u32(reg_params[0].value, 0, 32, address);
2765 buf_set_u32(reg_params[1].value, 0, 32, count);
2766
2767 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2768 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2769 {
2770 LOG_ERROR("error executing arm7_9 crc algorithm");
2771 destroy_reg_param(&reg_params[0]);
2772 destroy_reg_param(&reg_params[1]);
2773 target_free_working_area(target, crc_algorithm);
2774 return retval;
2775 }
2776
2777 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2778
2779 destroy_reg_param(&reg_params[0]);
2780 destroy_reg_param(&reg_params[1]);
2781
2782 target_free_working_area(target, crc_algorithm);
2783
2784 return ERROR_OK;
2785 }
2786
2787 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2788 {
2789 working_area_t *erase_check_algorithm;
2790 reg_param_t reg_params[3];
2791 armv4_5_algorithm_t armv4_5_info;
2792 int retval;
2793 uint32_t i;
2794
2795 uint32_t erase_check_code[] =
2796 {
2797 /* loop: */
2798 0xe4d03001, /* ldrb r3, [r0], #1 */
2799 0xe0022003, /* and r2, r2, r3 */
2800 0xe2511001, /* subs r1, r1, #1 */
2801 0x1afffffb, /* bne loop */
2802 /* end: */
2803 0xeafffffe /* b end */
2804 };
2805
2806 /* make sure we have a working area */
2807 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2808 {
2809 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2810 }
2811
2812 /* convert flash writing code into a buffer in target endianness */
2813 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2814 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2815 {
2816 return retval;
2817 }
2818
2819 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2820 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2821 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2822
2823 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2824 buf_set_u32(reg_params[0].value, 0, 32, address);
2825
2826 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2827 buf_set_u32(reg_params[1].value, 0, 32, count);
2828
2829 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2830 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2831
2832 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2833 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2834 {
2835 destroy_reg_param(&reg_params[0]);
2836 destroy_reg_param(&reg_params[1]);
2837 destroy_reg_param(&reg_params[2]);
2838 target_free_working_area(target, erase_check_algorithm);
2839 return 0;
2840 }
2841
2842 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2843
2844 destroy_reg_param(&reg_params[0]);
2845 destroy_reg_param(&reg_params[1]);
2846 destroy_reg_param(&reg_params[2]);
2847
2848 target_free_working_area(target, erase_check_algorithm);
2849
2850 return ERROR_OK;
2851 }
2852
2853 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2854 {
2855 command_t *arm7_9_cmd;
2856
2857 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2858
2859 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr | spsr>");
2860 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr | spsr>");
2861
2862 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2863
2864 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2865 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable | disable>");
2866 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2867 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable | disable>");
2868 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2869 COMMAND_ANY, "use DCC downloads for larger memory writes <enable | disable>");
2870
2871 armv4_5_register_commands(cmd_ctx);
2872
2873 etm_register_commands(cmd_ctx);
2874
2875 return ERROR_OK;
2876 }
2877
2878 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2879 {
2880 uint32_t value;
2881 int spsr;
2882 int retval;
2883 target_t *target = get_current_target(cmd_ctx);
2884 armv4_5_common_t *armv4_5;
2885 arm7_9_common_t *arm7_9;
2886
2887 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2888 {
2889 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2890 return ERROR_OK;
2891 }
2892
2893 if (target->state != TARGET_HALTED)
2894 {
2895 command_print(cmd_ctx, "can't write registers while running");
2896 return ERROR_OK;
2897 }
2898
2899 if (argc < 2)
2900 {
2901 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2902 return ERROR_OK;
2903 }
2904
2905 value = strtoul(args[0], NULL, 0);
2906 spsr = strtol(args[1], NULL, 0);
2907
2908 /* if we're writing the CPSR, mask the T bit */
2909 if (!spsr)
2910 value &= ~0x20;
2911
2912 arm7_9->write_xpsr(target, value, spsr);
2913 if ((retval = jtag_execute_queue()) != ERROR_OK)
2914 {
2915 LOG_ERROR("JTAG error while writing to xpsr");
2916 return retval;
2917 }
2918
2919 return ERROR_OK;
2920 }
2921
2922 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2923 {
2924 uint32_t value;
2925 int rotate;
2926 int spsr;
2927 int retval;
2928 target_t *target = get_current_target(cmd_ctx);
2929 armv4_5_common_t *armv4_5;
2930 arm7_9_common_t *arm7_9;
2931
2932 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2933 {
2934 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2935 return ERROR_OK;
2936 }
2937
2938 if (target->state != TARGET_HALTED)
2939 {
2940 command_print(cmd_ctx, "can't write registers while running");
2941 return ERROR_OK;
2942 }
2943
2944 if (argc < 3)
2945 {
2946 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2947 return ERROR_OK;
2948 }
2949
2950 value = strtoul(args[0], NULL, 0);
2951 rotate = strtol(args[1], NULL, 0);
2952 spsr = strtol(args[2], NULL, 0);
2953
2954 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2955 if ((retval = jtag_execute_queue()) != ERROR_OK)
2956 {
2957 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2958 return retval;
2959 }
2960
2961 return ERROR_OK;
2962 }
2963
2964 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2965 {
2966 uint32_t value;
2967 uint32_t mode;
2968 int num;
2969 target_t *target = get_current_target(cmd_ctx);
2970 armv4_5_common_t *armv4_5;
2971 arm7_9_common_t *arm7_9;
2972
2973 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2974 {
2975 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2976 return ERROR_OK;
2977 }
2978
2979 if (target->state != TARGET_HALTED)
2980 {
2981 command_print(cmd_ctx, "can't write registers while running");
2982 return ERROR_OK;
2983 }
2984
2985 if (argc < 3)
2986 {
2987 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2988 return ERROR_OK;
2989 }
2990
2991 num = strtol(args[0], NULL, 0);
2992 mode = strtoul(args[1], NULL, 0);
2993 value = strtoul(args[2], NULL, 0);
2994
2995 return arm7_9_write_core_reg(target, num, mode, value);
2996 }
2997
2998 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2999 {
3000 target_t *target = get_current_target(cmd_ctx);
3001 armv4_5_common_t *armv4_5;
3002 arm7_9_common_t *arm7_9;
3003
3004 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3005 {
3006 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3007 return ERROR_OK;
3008 }
3009
3010 if (argc > 0)
3011 {
3012 if (strcmp("enable", args[0]) == 0)
3013 {
3014 arm7_9->use_dbgrq = 1;
3015 }
3016 else if (strcmp("disable", args[0]) == 0)
3017 {
3018 arm7_9->use_dbgrq = 0;
3019 }
3020 else
3021 {
3022 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3023 }
3024 }
3025
3026 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3027
3028 return ERROR_OK;
3029 }
3030
3031 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3032 {
3033 target_t *target = get_current_target(cmd_ctx);
3034 armv4_5_common_t *armv4_5;
3035 arm7_9_common_t *arm7_9;
3036
3037 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3038 {
3039 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3040 return ERROR_OK;
3041 }
3042
3043 if (argc > 0)
3044 {
3045 if (strcmp("enable", args[0]) == 0)
3046 {
3047 arm7_9->fast_memory_access = 1;
3048 }
3049 else if (strcmp("disable", args[0]) == 0)
3050 {
3051 arm7_9->fast_memory_access = 0;
3052 }
3053 else
3054 {
3055 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3056 }
3057 }
3058
3059 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3060
3061 return ERROR_OK;
3062 }
3063
3064 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3065 {
3066 target_t *target = get_current_target(cmd_ctx);
3067 armv4_5_common_t *armv4_5;
3068 arm7_9_common_t *arm7_9;
3069
3070 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3071 {
3072 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3073 return ERROR_OK;
3074 }
3075
3076 if (argc > 0)
3077 {
3078 if (strcmp("enable", args[0]) == 0)
3079 {
3080 arm7_9->dcc_downloads = 1;
3081 }
3082 else if (strcmp("disable", args[0]) == 0)
3083 {
3084 arm7_9->dcc_downloads = 0;
3085 }
3086 else
3087 {
3088 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3089 }
3090 }
3091
3092 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3093
3094 return ERROR_OK;
3095 }
3096
3097 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3098 {
3099 int retval = ERROR_OK;
3100 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3101
3102 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3103
3104 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3105 {
3106 return retval;
3107 }
3108
3109 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3110 arm7_9->wp_available_max = 2;
3111 arm7_9->sw_breakpoints_added = 0;
3112 arm7_9->breakpoint_count = 0;
3113 arm7_9->wp0_used = 0;
3114 arm7_9->wp1_used = 0;
3115 arm7_9->wp1_used_default = 0;
3116 arm7_9->use_dbgrq = 0;
3117
3118 arm7_9->etm_ctx = NULL;
3119 arm7_9->has_single_step = 0;
3120 arm7_9->has_monitor_mode = 0;
3121 arm7_9->has_vector_catch = 0;
3122
3123 arm7_9->debug_entry_from_reset = 0;
3124
3125 arm7_9->dcc_working_area = NULL;
3126
3127 arm7_9->fast_memory_access = fast_and_dangerous;
3128 arm7_9->dcc_downloads = fast_and_dangerous;
3129
3130 arm7_9->need_bypass_before_restart = 0;
3131
3132 armv4_5->arch_info = arm7_9;
3133 armv4_5->read_core_reg = arm7_9_read_core_reg;
3134 armv4_5->write_core_reg = arm7_9_write_core_reg;
3135 armv4_5->full_context = arm7_9_full_context;
3136
3137 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3138 {
3139 return retval;
3140 }
3141
3142 if ((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3143 {
3144 return retval;
3145 }
3146
3147 return ERROR_OK;
3148 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)