Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
David Brownell <david-b@pacbell.net>:
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 LOG_DEBUG("-");
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
63 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
64 arm7_9->sw_breakpoints_added = 0;
65 arm7_9->wp0_used = 0;
66 arm7_9->wp1_used = arm7_9->wp1_used_default;
67 arm7_9->wp_available = arm7_9->wp_available_max;
68
69 return jtag_execute_queue();
70 }
71
72 /**
73 * Assign a watchpoint to one of the two available hardware comparators in an
74 * ARM7 or ARM9 target.
75 *
76 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
77 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
78 */
79 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
80 {
81 if (!arm7_9->wp0_used)
82 {
83 arm7_9->wp0_used = 1;
84 breakpoint->set = 1;
85 arm7_9->wp_available--;
86 }
87 else if (!arm7_9->wp1_used)
88 {
89 arm7_9->wp1_used = 1;
90 breakpoint->set = 2;
91 arm7_9->wp_available--;
92 }
93 else
94 {
95 LOG_ERROR("BUG: no hardware comparator available");
96 }
97 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
98 breakpoint->unique_id,
99 breakpoint->address,
100 breakpoint->set );
101 }
102
103 /**
104 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
105 *
106 * @param arm7_9 Pointer to common struct for ARM7/9 targets
107 * @return Error codes if there is a problem finding a watchpoint or the result
108 * of executing the JTAG queue
109 */
110 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
111 {
112 if (arm7_9->sw_breakpoints_added)
113 {
114 return ERROR_OK;
115 }
116 if (arm7_9->wp_available < 1)
117 {
118 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
119 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
120 }
121 arm7_9->wp_available--;
122
123 /* pick a breakpoint unit */
124 if (!arm7_9->wp0_used)
125 {
126 arm7_9->sw_breakpoints_added = 1;
127 arm7_9->wp0_used = 3;
128 } else if (!arm7_9->wp1_used)
129 {
130 arm7_9->sw_breakpoints_added = 2;
131 arm7_9->wp1_used = 3;
132 }
133 else
134 {
135 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
136 return ERROR_FAIL;
137 }
138
139 if (arm7_9->sw_breakpoints_added == 1)
140 {
141 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
146 }
147 else if (arm7_9->sw_breakpoints_added == 2)
148 {
149 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
154 }
155 else
156 {
157 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
158 return ERROR_FAIL;
159 }
160 LOG_DEBUG("SW BP using hw wp: %d",
161 arm7_9->sw_breakpoints_added );
162
163 return jtag_execute_queue();
164 }
165
166 /**
167 * Setup the common pieces for an ARM7/9 target after reset or on startup.
168 *
169 * @param target Pointer to an ARM7/9 target to setup
170 * @return Result of clearing the watchpoints on the target
171 */
172 int arm7_9_setup(target_t *target)
173 {
174 armv4_5_common_t *armv4_5 = target->arch_info;
175 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
176
177 return arm7_9_clear_watchpoints(arm7_9);
178 }
179
180 /**
181 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
182 * targets. A return of ERROR_OK signifies that the target is a valid target
183 * and that the pointers have been set properly.
184 *
185 * @param target Pointer to the target device to get the pointers from
186 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
187 * targets
188 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
189 * targets
190 * @return ERROR_OK if successful
191 */
192 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
193 {
194 armv4_5_common_t *armv4_5 = target->arch_info;
195 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
196
197 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
198 {
199 return -1;
200 }
201
202 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
203 {
204 return -1;
205 }
206
207 *armv4_5_p = armv4_5;
208 *arm7_9_p = arm7_9;
209
210 return ERROR_OK;
211 }
212
213 /**
214 * Set either a hardware or software breakpoint on an ARM7/9 target. The
215 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
216 * might have erased the values in Embedded ICE.
217 *
218 * @param target Pointer to the target device to set the breakpoints on
219 * @param breakpoint Pointer to the breakpoint to be set
220 * @return For hardware breakpoints, this is the result of executing the JTAG
221 * queue. For software breakpoints, this will be the status of the
222 * required memory reads and writes
223 */
224 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
225 {
226 armv4_5_common_t *armv4_5 = target->arch_info;
227 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
228 int retval = ERROR_OK;
229
230 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
231 breakpoint->unique_id,
232 breakpoint->address );
233
234 if (target->state != TARGET_HALTED)
235 {
236 LOG_WARNING("target not halted");
237 return ERROR_TARGET_NOT_HALTED;
238 }
239
240 if (breakpoint->type == BKPT_HARD)
241 {
242 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
243 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
244
245 /* reassign a hw breakpoint */
246 if (breakpoint->set == 0)
247 {
248 arm7_9_assign_wp(arm7_9, breakpoint);
249 }
250
251 if (breakpoint->set == 1)
252 {
253 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
254 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
255 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
256 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
257 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
258 }
259 else if (breakpoint->set == 2)
260 {
261 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
262 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
263 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
266 }
267 else
268 {
269 LOG_ERROR("BUG: no hardware comparator available");
270 return ERROR_OK;
271 }
272
273 retval = jtag_execute_queue();
274 }
275 else if (breakpoint->type == BKPT_SOFT)
276 {
277 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
278 return retval;
279
280 /* did we already set this breakpoint? */
281 if (breakpoint->set)
282 return ERROR_OK;
283
284 if (breakpoint->length == 4)
285 {
286 uint32_t verify = 0xffffffff;
287 /* keep the original instruction in target endianness */
288 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
289 {
290 return retval;
291 }
292 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
293 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
294 {
295 return retval;
296 }
297
298 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
299 {
300 return retval;
301 }
302 if (verify != arm7_9->arm_bkpt)
303 {
304 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
305 return ERROR_OK;
306 }
307 }
308 else
309 {
310 uint16_t verify = 0xffff;
311 /* keep the original instruction in target endianness */
312 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
313 {
314 return retval;
315 }
316 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
317 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
318 {
319 return retval;
320 }
321
322 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
323 {
324 return retval;
325 }
326 if (verify != arm7_9->thumb_bkpt)
327 {
328 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
329 return ERROR_OK;
330 }
331 }
332 breakpoint->set = 1;
333 }
334
335 return retval;
336 }
337
338 /**
339 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
340 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
341 * will be updated. Otherwise, the software breakpoint will be restored to its
342 * original instruction if it hasn't already been modified.
343 *
344 * @param target Pointer to ARM7/9 target to unset the breakpoint from
345 * @param breakpoint Pointer to breakpoint to be unset
346 * @return For hardware breakpoints, this is the result of executing the JTAG
347 * queue. For software breakpoints, this will be the status of the
348 * required memory reads and writes
349 */
350 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
351 {
352 int retval = ERROR_OK;
353
354 armv4_5_common_t *armv4_5 = target->arch_info;
355 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
356
357 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
358 breakpoint->unique_id,
359 breakpoint->address );
360
361 if (!breakpoint->set)
362 {
363 LOG_WARNING("breakpoint not set");
364 return ERROR_OK;
365 }
366
367 if (breakpoint->type == BKPT_HARD)
368 {
369 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
370 breakpoint->unique_id,
371 breakpoint->set );
372 if (breakpoint->set == 1)
373 {
374 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
375 arm7_9->wp0_used = 0;
376 arm7_9->wp_available++;
377 }
378 else if (breakpoint->set == 2)
379 {
380 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
381 arm7_9->wp1_used = 0;
382 arm7_9->wp_available++;
383 }
384 retval = jtag_execute_queue();
385 breakpoint->set = 0;
386 }
387 else
388 {
389 /* restore original instruction (kept in target endianness) */
390 if (breakpoint->length == 4)
391 {
392 uint32_t current_instr;
393 /* check that user program as not modified breakpoint instruction */
394 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
395 {
396 return retval;
397 }
398 if (current_instr == arm7_9->arm_bkpt)
399 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
400 {
401 return retval;
402 }
403 }
404 else
405 {
406 uint16_t current_instr;
407 /* check that user program as not modified breakpoint instruction */
408 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
409 {
410 return retval;
411 }
412 if (current_instr == arm7_9->thumb_bkpt)
413 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
414 {
415 return retval;
416 }
417 }
418 breakpoint->set = 0;
419 }
420
421 return retval;
422 }
423
424 /**
425 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
426 * dangling breakpoints and that the desired breakpoint can be added.
427 *
428 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
429 * @param breakpoint Pointer to the breakpoint to be added
430 * @return An error status if there is a problem adding the breakpoint or the
431 * result of setting the breakpoint
432 */
433 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
434 {
435 armv4_5_common_t *armv4_5 = target->arch_info;
436 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
437
438 if (target->state != TARGET_HALTED)
439 {
440 LOG_WARNING("target not halted");
441 return ERROR_TARGET_NOT_HALTED;
442 }
443
444 if (arm7_9->breakpoint_count == 0)
445 {
446 /* make sure we don't have any dangling breakpoints. This is vital upon
447 * GDB connect/disconnect
448 */
449 arm7_9_clear_watchpoints(arm7_9);
450 }
451
452 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
453 {
454 LOG_INFO("no watchpoint unit available for hardware breakpoint");
455 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
456 }
457
458 if ((breakpoint->length != 2) && (breakpoint->length != 4))
459 {
460 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
461 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
462 }
463
464 if (breakpoint->type == BKPT_HARD)
465 {
466 arm7_9_assign_wp(arm7_9, breakpoint);
467 }
468
469 arm7_9->breakpoint_count++;
470
471 return arm7_9_set_breakpoint(target, breakpoint);
472 }
473
474 /**
475 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
476 * dangling breakpoints and updates available watchpoints if it is a hardware
477 * breakpoint.
478 *
479 * @param target Pointer to the target to have a breakpoint removed
480 * @param breakpoint Pointer to the breakpoint to be removed
481 * @return Error status if there was a problem unsetting the breakpoint or the
482 * watchpoints could not be cleared
483 */
484 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
485 {
486 int retval = ERROR_OK;
487 armv4_5_common_t *armv4_5 = target->arch_info;
488 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
489
490 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
491 {
492 return retval;
493 }
494
495 if (breakpoint->type == BKPT_HARD)
496 arm7_9->wp_available++;
497
498 arm7_9->breakpoint_count--;
499 if (arm7_9->breakpoint_count == 0)
500 {
501 /* make sure we don't have any dangling breakpoints */
502 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
503 {
504 return retval;
505 }
506 }
507
508 return ERROR_OK;
509 }
510
511 /**
512 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
513 * considered a bug to call this function when there are no available watchpoint
514 * units.
515 *
516 * @param target Pointer to an ARM7/9 target to set a watchpoint on
517 * @param watchpoint Pointer to the watchpoint to be set
518 * @return Error status if watchpoint set fails or the result of executing the
519 * JTAG queue
520 */
521 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
522 {
523 int retval = ERROR_OK;
524 armv4_5_common_t *armv4_5 = target->arch_info;
525 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
526 int rw_mask = 1;
527 uint32_t mask;
528
529 mask = watchpoint->length - 1;
530
531 if (target->state != TARGET_HALTED)
532 {
533 LOG_WARNING("target not halted");
534 return ERROR_TARGET_NOT_HALTED;
535 }
536
537 if (watchpoint->rw == WPT_ACCESS)
538 rw_mask = 0;
539 else
540 rw_mask = 1;
541
542 if (!arm7_9->wp0_used)
543 {
544 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
545 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
546 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
547 if (watchpoint->mask != 0xffffffffu)
548 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
549 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
550 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
551
552 if ((retval = jtag_execute_queue()) != ERROR_OK)
553 {
554 return retval;
555 }
556 watchpoint->set = 1;
557 arm7_9->wp0_used = 2;
558 }
559 else if (!arm7_9->wp1_used)
560 {
561 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
562 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
563 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
564 if (watchpoint->mask != 0xffffffffu)
565 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
566 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
567 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
568
569 if ((retval = jtag_execute_queue()) != ERROR_OK)
570 {
571 return retval;
572 }
573 watchpoint->set = 2;
574 arm7_9->wp1_used = 2;
575 }
576 else
577 {
578 LOG_ERROR("BUG: no hardware comparator available");
579 return ERROR_OK;
580 }
581
582 return ERROR_OK;
583 }
584
585 /**
586 * Unset an existing watchpoint and clear the used watchpoint unit.
587 *
588 * @param target Pointer to the target to have the watchpoint removed
589 * @param watchpoint Pointer to the watchpoint to be removed
590 * @return Error status while trying to unset the watchpoint or the result of
591 * executing the JTAG queue
592 */
593 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
594 {
595 int retval = ERROR_OK;
596 armv4_5_common_t *armv4_5 = target->arch_info;
597 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
598
599 if (target->state != TARGET_HALTED)
600 {
601 LOG_WARNING("target not halted");
602 return ERROR_TARGET_NOT_HALTED;
603 }
604
605 if (!watchpoint->set)
606 {
607 LOG_WARNING("breakpoint not set");
608 return ERROR_OK;
609 }
610
611 if (watchpoint->set == 1)
612 {
613 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
614 if ((retval = jtag_execute_queue()) != ERROR_OK)
615 {
616 return retval;
617 }
618 arm7_9->wp0_used = 0;
619 }
620 else if (watchpoint->set == 2)
621 {
622 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
623 if ((retval = jtag_execute_queue()) != ERROR_OK)
624 {
625 return retval;
626 }
627 arm7_9->wp1_used = 0;
628 }
629 watchpoint->set = 0;
630
631 return ERROR_OK;
632 }
633
634 /**
635 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
636 * available, an error response is returned.
637 *
638 * @param target Pointer to the ARM7/9 target to add a watchpoint to
639 * @param watchpoint Pointer to the watchpoint to be added
640 * @return Error status while trying to add the watchpoint
641 */
642 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
643 {
644 armv4_5_common_t *armv4_5 = target->arch_info;
645 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
646
647 if (target->state != TARGET_HALTED)
648 {
649 LOG_WARNING("target not halted");
650 return ERROR_TARGET_NOT_HALTED;
651 }
652
653 if (arm7_9->wp_available < 1)
654 {
655 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
656 }
657
658 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
659 {
660 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
661 }
662
663 arm7_9->wp_available--;
664
665 return ERROR_OK;
666 }
667
668 /**
669 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
670 * the used watchpoint unit will be reopened.
671 *
672 * @param target Pointer to the target to remove a watchpoint from
673 * @param watchpoint Pointer to the watchpoint to be removed
674 * @return Result of trying to unset the watchpoint
675 */
676 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
677 {
678 int retval = ERROR_OK;
679 armv4_5_common_t *armv4_5 = target->arch_info;
680 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
681
682 if (watchpoint->set)
683 {
684 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
685 {
686 return retval;
687 }
688 }
689
690 arm7_9->wp_available++;
691
692 return ERROR_OK;
693 }
694
695 /**
696 * Restarts the target by sending a RESTART instruction and moving the JTAG
697 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
698 * asserted by the processor.
699 *
700 * @param target Pointer to target to issue commands to
701 * @return Error status if there is a timeout or a problem while executing the
702 * JTAG queue
703 */
704 int arm7_9_execute_sys_speed(struct target_s *target)
705 {
706 int retval;
707
708 armv4_5_common_t *armv4_5 = target->arch_info;
709 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
710 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
711 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
712
713 /* set RESTART instruction */
714 jtag_set_end_state(TAP_IDLE);
715 if (arm7_9->need_bypass_before_restart) {
716 arm7_9->need_bypass_before_restart = 0;
717 arm_jtag_set_instr(jtag_info, 0xf, NULL);
718 }
719 arm_jtag_set_instr(jtag_info, 0x4, NULL);
720
721 long long then = timeval_ms();
722 int timeout;
723 while (!(timeout = ((timeval_ms()-then) > 1000)))
724 {
725 /* read debug status register */
726 embeddedice_read_reg(dbg_stat);
727 if ((retval = jtag_execute_queue()) != ERROR_OK)
728 return retval;
729 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
730 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
731 break;
732 if (debug_level >= 3)
733 {
734 alive_sleep(100);
735 } else
736 {
737 keep_alive();
738 }
739 }
740 if (timeout)
741 {
742 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
743 return ERROR_TARGET_TIMEOUT;
744 }
745
746 return ERROR_OK;
747 }
748
749 /**
750 * Restarts the target by sending a RESTART instruction and moving the JTAG
751 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
752 * waiting until they are.
753 *
754 * @param target Pointer to the target to issue commands to
755 * @return Always ERROR_OK
756 */
757 int arm7_9_execute_fast_sys_speed(struct target_s *target)
758 {
759 static int set = 0;
760 static uint8_t check_value[4], check_mask[4];
761
762 armv4_5_common_t *armv4_5 = target->arch_info;
763 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
764 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
765 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
766
767 /* set RESTART instruction */
768 jtag_set_end_state(TAP_IDLE);
769 if (arm7_9->need_bypass_before_restart) {
770 arm7_9->need_bypass_before_restart = 0;
771 arm_jtag_set_instr(jtag_info, 0xf, NULL);
772 }
773 arm_jtag_set_instr(jtag_info, 0x4, NULL);
774
775 if (!set)
776 {
777 /* check for DBGACK and SYSCOMP set (others don't care) */
778
779 /* NB! These are constants that must be available until after next jtag_execute() and
780 * we evaluate the values upon first execution in lieu of setting up these constants
781 * during early setup.
782 * */
783 buf_set_u32(check_value, 0, 32, 0x9);
784 buf_set_u32(check_mask, 0, 32, 0x9);
785 set = 1;
786 }
787
788 /* read debug status register */
789 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
790
791 return ERROR_OK;
792 }
793
794 /**
795 * Get some data from the ARM7/9 target.
796 *
797 * @param target Pointer to the ARM7/9 target to read data from
798 * @param size The number of 32bit words to be read
799 * @param buffer Pointer to the buffer that will hold the data
800 * @return The result of receiving data from the Embedded ICE unit
801 */
802 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
803 {
804 armv4_5_common_t *armv4_5 = target->arch_info;
805 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
806 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
807 uint32_t *data;
808 int retval = ERROR_OK;
809 uint32_t i;
810
811 data = malloc(size * (sizeof(uint32_t)));
812
813 retval = embeddedice_receive(jtag_info, data, size);
814
815 /* return the 32-bit ints in the 8-bit array */
816 for (i = 0; i < size; i++)
817 {
818 h_u32_to_le(buffer + (i * 4), data[i]);
819 }
820
821 free(data);
822
823 return retval;
824 }
825
826 /**
827 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
828 * target is running and the DCC control register has the W bit high, this will
829 * execute the request on the target.
830 *
831 * @param priv Void pointer expected to be a target_t pointer
832 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
833 * from the Embedded ICE unit
834 */
835 int arm7_9_handle_target_request(void *priv)
836 {
837 int retval = ERROR_OK;
838 target_t *target = priv;
839 if (!target_was_examined(target))
840 return ERROR_OK;
841 armv4_5_common_t *armv4_5 = target->arch_info;
842 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
843 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
844 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
845
846 if (!target->dbg_msg_enabled)
847 return ERROR_OK;
848
849 if (target->state == TARGET_RUNNING)
850 {
851 /* read DCC control register */
852 embeddedice_read_reg(dcc_control);
853 if ((retval = jtag_execute_queue()) != ERROR_OK)
854 {
855 return retval;
856 }
857
858 /* check W bit */
859 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
860 {
861 uint32_t request;
862
863 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
864 {
865 return retval;
866 }
867 if ((retval = target_request(target, request)) != ERROR_OK)
868 {
869 return retval;
870 }
871 }
872 }
873
874 return ERROR_OK;
875 }
876
877 /**
878 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
879 * is manipulated to the right halted state based on its current state. This is
880 * what happens:
881 *
882 * <table>
883 * <tr><th > State</th><th > Action</th></tr>
884 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
885 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
886 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
887 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
888 * </table>
889 *
890 * If the target does not end up in the halted state, a warning is produced. If
891 * DBGACK is cleared, then the target is expected to either be running or
892 * running in debug.
893 *
894 * @param target Pointer to the ARM7/9 target to poll
895 * @return ERROR_OK or an error status if a command fails
896 */
897 int arm7_9_poll(target_t *target)
898 {
899 int retval;
900 armv4_5_common_t *armv4_5 = target->arch_info;
901 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
902 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
903
904 /* read debug status register */
905 embeddedice_read_reg(dbg_stat);
906 if ((retval = jtag_execute_queue()) != ERROR_OK)
907 {
908 return retval;
909 }
910
911 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
912 {
913 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
914 if (target->state == TARGET_UNKNOWN)
915 {
916 /* Starting OpenOCD with target in debug-halt */
917 target->state = TARGET_RUNNING;
918 LOG_DEBUG("DBGACK already set during server startup.");
919 }
920 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
921 {
922 int check_pc = 0;
923 if (target->state == TARGET_RESET)
924 {
925 if (target->reset_halt)
926 {
927 enum reset_types jtag_reset_config = jtag_get_reset_config();
928 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
929 {
930 check_pc = 1;
931 }
932 }
933 }
934
935 target->state = TARGET_HALTED;
936
937 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
938 return retval;
939
940 if (check_pc)
941 {
942 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
943 uint32_t t=*((uint32_t *)reg->value);
944 if (t != 0)
945 {
946 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
947 }
948 }
949
950 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
951 {
952 return retval;
953 }
954 }
955 if (target->state == TARGET_DEBUG_RUNNING)
956 {
957 target->state = TARGET_HALTED;
958 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
959 return retval;
960
961 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
962 {
963 return retval;
964 }
965 }
966 if (target->state != TARGET_HALTED)
967 {
968 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
969 }
970 }
971 else
972 {
973 if (target->state != TARGET_DEBUG_RUNNING)
974 target->state = TARGET_RUNNING;
975 }
976
977 return ERROR_OK;
978 }
979
980 /**
981 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
982 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
983 * affected) completely stop the JTAG clock while the core is held in reset
984 * (SRST). It isn't possible to program the halt condition once reset is
985 * asserted, hence a hook that allows the target to set up its reset-halt
986 * condition is setup prior to asserting reset.
987 *
988 * @param target Pointer to an ARM7/9 target to assert reset on
989 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
990 */
991 int arm7_9_assert_reset(target_t *target)
992 {
993 armv4_5_common_t *armv4_5 = target->arch_info;
994 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
995 LOG_DEBUG("target->state: %s",
996 target_state_name(target));
997
998 enum reset_types jtag_reset_config = jtag_get_reset_config();
999 if (!(jtag_reset_config & RESET_HAS_SRST))
1000 {
1001 LOG_ERROR("Can't assert SRST");
1002 return ERROR_FAIL;
1003 }
1004
1005 if (target->reset_halt)
1006 {
1007 /*
1008 * Some targets do not support communication while SRST is asserted. We need to
1009 * set up the reset vector catch here.
1010 *
1011 * If TRST is asserted, then these settings will be reset anyway, so setting them
1012 * here is harmless.
1013 */
1014 if (arm7_9->has_vector_catch)
1015 {
1016 /* program vector catch register to catch reset vector */
1017 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1018 }
1019 else
1020 {
1021 /* program watchpoint unit to match on reset vector address */
1022 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1023 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1024 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1025 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1026 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1027 }
1028 }
1029
1030 /* here we should issue an SRST only, but we may have to assert TRST as well */
1031 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1032 {
1033 jtag_add_reset(1, 1);
1034 } else
1035 {
1036 jtag_add_reset(0, 1);
1037 }
1038
1039 target->state = TARGET_RESET;
1040 jtag_add_sleep(50000);
1041
1042 armv4_5_invalidate_core_regs(target);
1043
1044 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1045 {
1046 /* debug entry was already prepared in arm7_9_assert_reset() */
1047 target->debug_reason = DBG_REASON_DBGRQ;
1048 }
1049
1050 return ERROR_OK;
1051 }
1052
1053 /**
1054 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1055 * and the target is being reset into a halt, a warning will be triggered
1056 * because it is not possible to reset into a halted mode in this case. The
1057 * target is halted using the target's functions.
1058 *
1059 * @param target Pointer to the target to have the reset deasserted
1060 * @return ERROR_OK or an error from polling or halting the target
1061 */
1062 int arm7_9_deassert_reset(target_t *target)
1063 {
1064 int retval = ERROR_OK;
1065 LOG_DEBUG("target->state: %s",
1066 target_state_name(target));
1067
1068 /* deassert reset lines */
1069 jtag_add_reset(0, 0);
1070
1071 enum reset_types jtag_reset_config = jtag_get_reset_config();
1072 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1073 {
1074 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1075 /* set up embedded ice registers again */
1076 if ((retval = target_examine_one(target)) != ERROR_OK)
1077 return retval;
1078
1079 if ((retval = target_poll(target)) != ERROR_OK)
1080 {
1081 return retval;
1082 }
1083
1084 if ((retval = target_halt(target)) != ERROR_OK)
1085 {
1086 return retval;
1087 }
1088
1089 }
1090 return retval;
1091 }
1092
1093 /**
1094 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1095 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1096 * vector catch was used, it is restored. Otherwise, the control value is
1097 * restored and the watchpoint unit is restored if it was in use.
1098 *
1099 * @param target Pointer to the ARM7/9 target to have halt cleared
1100 * @return Always ERROR_OK
1101 */
1102 int arm7_9_clear_halt(target_t *target)
1103 {
1104 armv4_5_common_t *armv4_5 = target->arch_info;
1105 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1106 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1107
1108 /* we used DBGRQ only if we didn't come out of reset */
1109 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1110 {
1111 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1112 */
1113 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1114 embeddedice_store_reg(dbg_ctrl);
1115 }
1116 else
1117 {
1118 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1119 {
1120 /* if we came out of reset, and vector catch is supported, we used
1121 * vector catch to enter debug state
1122 * restore the register in that case
1123 */
1124 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1125 }
1126 else
1127 {
1128 /* restore registers if watchpoint unit 0 was in use
1129 */
1130 if (arm7_9->wp0_used)
1131 {
1132 if (arm7_9->debug_entry_from_reset)
1133 {
1134 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1135 }
1136 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1137 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1138 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1139 }
1140 /* control value always has to be restored, as it was either disabled,
1141 * or enabled with possibly different bits
1142 */
1143 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1144 }
1145 }
1146
1147 return ERROR_OK;
1148 }
1149
1150 /**
1151 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1152 * and then there is a wait until the processor shows the halt. This wait can
1153 * timeout and results in an error being returned. The software reset involves
1154 * clearing the halt, updating the debug control register, changing to ARM mode,
1155 * reset of the program counter, and reset of all of the registers.
1156 *
1157 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1158 * @return Error status if any of the commands fail, otherwise ERROR_OK
1159 */
1160 int arm7_9_soft_reset_halt(struct target_s *target)
1161 {
1162 armv4_5_common_t *armv4_5 = target->arch_info;
1163 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1164 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1165 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1166 int i;
1167 int retval;
1168
1169 if ((retval = target_halt(target)) != ERROR_OK)
1170 return retval;
1171
1172 long long then = timeval_ms();
1173 int timeout;
1174 while (!(timeout = ((timeval_ms()-then) > 1000)))
1175 {
1176 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1177 break;
1178 embeddedice_read_reg(dbg_stat);
1179 if ((retval = jtag_execute_queue()) != ERROR_OK)
1180 return retval;
1181 if (debug_level >= 3)
1182 {
1183 alive_sleep(100);
1184 } else
1185 {
1186 keep_alive();
1187 }
1188 }
1189 if (timeout)
1190 {
1191 LOG_ERROR("Failed to halt CPU after 1 sec");
1192 return ERROR_TARGET_TIMEOUT;
1193 }
1194 target->state = TARGET_HALTED;
1195
1196 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1197 * ensure that DBGRQ is cleared
1198 */
1199 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1200 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1201 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1202 embeddedice_store_reg(dbg_ctrl);
1203
1204 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1205 {
1206 return retval;
1207 }
1208
1209 /* if the target is in Thumb state, change to ARM state */
1210 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1211 {
1212 uint32_t r0_thumb, pc_thumb;
1213 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1214 /* Entered debug from Thumb mode */
1215 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1216 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1217 }
1218
1219 /* all register content is now invalid */
1220 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1221 {
1222 return retval;
1223 }
1224
1225 /* SVC, ARM state, IRQ and FIQ disabled */
1226 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1227 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1228 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1229
1230 /* start fetching from 0x0 */
1231 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1232 armv4_5->core_cache->reg_list[15].dirty = 1;
1233 armv4_5->core_cache->reg_list[15].valid = 1;
1234
1235 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1236 armv4_5->core_state = ARMV4_5_STATE_ARM;
1237
1238 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1239 return ERROR_FAIL;
1240
1241 /* reset registers */
1242 for (i = 0; i <= 14; i++)
1243 {
1244 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1245 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1246 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1247 }
1248
1249 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1250 {
1251 return retval;
1252 }
1253
1254 return ERROR_OK;
1255 }
1256
1257 /**
1258 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1259 * line or by programming a watchpoint to trigger on any address. It is
1260 * considered a bug to call this function while the target is in the
1261 * TARGET_RESET state.
1262 *
1263 * @param target Pointer to the ARM7/9 target to be halted
1264 * @return Always ERROR_OK
1265 */
1266 int arm7_9_halt(target_t *target)
1267 {
1268 if (target->state == TARGET_RESET)
1269 {
1270 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1271 return ERROR_OK;
1272 }
1273
1274 armv4_5_common_t *armv4_5 = target->arch_info;
1275 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1276 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1277
1278 LOG_DEBUG("target->state: %s",
1279 target_state_name(target));
1280
1281 if (target->state == TARGET_HALTED)
1282 {
1283 LOG_DEBUG("target was already halted");
1284 return ERROR_OK;
1285 }
1286
1287 if (target->state == TARGET_UNKNOWN)
1288 {
1289 LOG_WARNING("target was in unknown state when halt was requested");
1290 }
1291
1292 if (arm7_9->use_dbgrq)
1293 {
1294 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1295 */
1296 if (arm7_9->set_special_dbgrq) {
1297 arm7_9->set_special_dbgrq(target);
1298 } else {
1299 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1300 embeddedice_store_reg(dbg_ctrl);
1301 }
1302 }
1303 else
1304 {
1305 /* program watchpoint unit to match on any address
1306 */
1307 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1308 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1309 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1310 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1311 }
1312
1313 target->debug_reason = DBG_REASON_DBGRQ;
1314
1315 return ERROR_OK;
1316 }
1317
1318 /**
1319 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1320 * ARM. The JTAG queue is then executed and the reason for debug entry is
1321 * examined. Once done, the target is verified to be halted and the processor
1322 * is forced into ARM mode. The core registers are saved for the current core
1323 * mode and the program counter (register 15) is updated as needed. The core
1324 * registers and CPSR and SPSR are saved for restoration later.
1325 *
1326 * @param target Pointer to target that is entering debug mode
1327 * @return Error code if anything fails, otherwise ERROR_OK
1328 */
1329 int arm7_9_debug_entry(target_t *target)
1330 {
1331 int i;
1332 uint32_t context[16];
1333 uint32_t* context_p[16];
1334 uint32_t r0_thumb, pc_thumb;
1335 uint32_t cpsr;
1336 int retval;
1337 /* get pointers to arch-specific information */
1338 armv4_5_common_t *armv4_5 = target->arch_info;
1339 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1340 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1341 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1342
1343 #ifdef _DEBUG_ARM7_9_
1344 LOG_DEBUG("-");
1345 #endif
1346
1347 if (arm7_9->pre_debug_entry)
1348 arm7_9->pre_debug_entry(target);
1349
1350 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1351 * ensure that DBGRQ is cleared
1352 */
1353 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1354 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1355 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1356 embeddedice_store_reg(dbg_ctrl);
1357
1358 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1359 {
1360 return retval;
1361 }
1362
1363 if ((retval = jtag_execute_queue()) != ERROR_OK)
1364 {
1365 return retval;
1366 }
1367
1368 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1369 return retval;
1370
1371
1372 if (target->state != TARGET_HALTED)
1373 {
1374 LOG_WARNING("target not halted");
1375 return ERROR_TARGET_NOT_HALTED;
1376 }
1377
1378 /* if the target is in Thumb state, change to ARM state */
1379 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1380 {
1381 LOG_DEBUG("target entered debug from Thumb state");
1382 /* Entered debug from Thumb mode */
1383 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1384 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1385 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1386 }
1387 else
1388 {
1389 LOG_DEBUG("target entered debug from ARM state");
1390 /* Entered debug from ARM mode */
1391 armv4_5->core_state = ARMV4_5_STATE_ARM;
1392 }
1393
1394 for (i = 0; i < 16; i++)
1395 context_p[i] = &context[i];
1396 /* save core registers (r0 - r15 of current core mode) */
1397 arm7_9->read_core_regs(target, 0xffff, context_p);
1398
1399 arm7_9->read_xpsr(target, &cpsr, 0);
1400
1401 if ((retval = jtag_execute_queue()) != ERROR_OK)
1402 return retval;
1403
1404 /* if the core has been executing in Thumb state, set the T bit */
1405 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1406 cpsr |= 0x20;
1407
1408 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1409 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1410 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1411
1412 armv4_5->core_mode = cpsr & 0x1f;
1413
1414 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1415 {
1416 target->state = TARGET_UNKNOWN;
1417 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1418 return ERROR_TARGET_FAILURE;
1419 }
1420
1421 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1422
1423 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1424 {
1425 LOG_DEBUG("thumb state, applying fixups");
1426 context[0] = r0_thumb;
1427 context[15] = pc_thumb;
1428 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1429 {
1430 /* adjust value stored by STM */
1431 context[15] -= 3 * 4;
1432 }
1433
1434 if ((target->debug_reason == DBG_REASON_BREAKPOINT)
1435 || (target->debug_reason == DBG_REASON_SINGLESTEP)
1436 || (target->debug_reason == DBG_REASON_WATCHPOINT)
1437 || (target->debug_reason == DBG_REASON_WPTANDBKPT)
1438 || ((target->debug_reason == DBG_REASON_DBGRQ) && (arm7_9->use_dbgrq == 0)))
1439 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1440 else if (target->debug_reason == DBG_REASON_DBGRQ)
1441 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1442 else
1443 {
1444 LOG_ERROR("unknown debug reason: %i", target->debug_reason);
1445 }
1446
1447 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1448 return ERROR_FAIL;
1449
1450 for (i = 0; i <= 15; i++)
1451 {
1452 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1453 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1454 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1455 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1456 }
1457
1458 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1459
1460 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1461 return ERROR_FAIL;
1462
1463 /* exceptions other than USR & SYS have a saved program status register */
1464 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1465 {
1466 uint32_t spsr;
1467 arm7_9->read_xpsr(target, &spsr, 1);
1468 if ((retval = jtag_execute_queue()) != ERROR_OK)
1469 {
1470 return retval;
1471 }
1472 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1473 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1474 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1475 }
1476
1477 /* r0 and r15 (pc) have to be restored later */
1478 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1479 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1480
1481 if ((retval = jtag_execute_queue()) != ERROR_OK)
1482 return retval;
1483
1484 if (arm7_9->post_debug_entry)
1485 arm7_9->post_debug_entry(target);
1486
1487 return ERROR_OK;
1488 }
1489
1490 /**
1491 * Validate the full context for an ARM7/9 target in all processor modes. If
1492 * there are any invalid registers for the target, they will all be read. This
1493 * includes the PSR.
1494 *
1495 * @param target Pointer to the ARM7/9 target to capture the full context from
1496 * @return Error if the target is not halted, has an invalid core mode, or if
1497 * the JTAG queue fails to execute
1498 */
1499 int arm7_9_full_context(target_t *target)
1500 {
1501 int i;
1502 int retval;
1503 armv4_5_common_t *armv4_5 = target->arch_info;
1504 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1505
1506 LOG_DEBUG("-");
1507
1508 if (target->state != TARGET_HALTED)
1509 {
1510 LOG_WARNING("target not halted");
1511 return ERROR_TARGET_NOT_HALTED;
1512 }
1513
1514 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1515 return ERROR_FAIL;
1516
1517 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1518 * SYS shares registers with User, so we don't touch SYS
1519 */
1520 for (i = 0; i < 6; i++)
1521 {
1522 uint32_t mask = 0;
1523 uint32_t* reg_p[16];
1524 int j;
1525 int valid = 1;
1526
1527 /* check if there are invalid registers in the current mode
1528 */
1529 for (j = 0; j <= 16; j++)
1530 {
1531 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1532 valid = 0;
1533 }
1534
1535 if (!valid)
1536 {
1537 uint32_t tmp_cpsr;
1538
1539 /* change processor mode (and mask T bit) */
1540 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1541 tmp_cpsr |= armv4_5_number_to_mode(i);
1542 tmp_cpsr &= ~0x20;
1543 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1544
1545 for (j = 0; j < 15; j++)
1546 {
1547 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1548 {
1549 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1550 mask |= 1 << j;
1551 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1552 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1553 }
1554 }
1555
1556 /* if only the PSR is invalid, mask is all zeroes */
1557 if (mask)
1558 arm7_9->read_core_regs(target, mask, reg_p);
1559
1560 /* check if the PSR has to be read */
1561 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1562 {
1563 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1564 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1565 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1566 }
1567 }
1568 }
1569
1570 /* restore processor mode (mask T bit) */
1571 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1572
1573 if ((retval = jtag_execute_queue()) != ERROR_OK)
1574 {
1575 return retval;
1576 }
1577 return ERROR_OK;
1578 }
1579
1580 /**
1581 * Restore the processor context on an ARM7/9 target. The full processor
1582 * context is analyzed to see if any of the registers are dirty on this end, but
1583 * have a valid new value. If this is the case, the processor is changed to the
1584 * appropriate mode and the new register values are written out to the
1585 * processor. If there happens to be a dirty register with an invalid value, an
1586 * error will be logged.
1587 *
1588 * @param target Pointer to the ARM7/9 target to have its context restored
1589 * @return Error status if the target is not halted or the core mode in the
1590 * armv4_5 struct is invalid.
1591 */
1592 int arm7_9_restore_context(target_t *target)
1593 {
1594 armv4_5_common_t *armv4_5 = target->arch_info;
1595 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1596 reg_t *reg;
1597 armv4_5_core_reg_t *reg_arch_info;
1598 enum armv4_5_mode current_mode = armv4_5->core_mode;
1599 int i, j;
1600 int dirty;
1601 int mode_change;
1602
1603 LOG_DEBUG("-");
1604
1605 if (target->state != TARGET_HALTED)
1606 {
1607 LOG_WARNING("target not halted");
1608 return ERROR_TARGET_NOT_HALTED;
1609 }
1610
1611 if (arm7_9->pre_restore_context)
1612 arm7_9->pre_restore_context(target);
1613
1614 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1615 return ERROR_FAIL;
1616
1617 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1618 * SYS shares registers with User, so we don't touch SYS
1619 */
1620 for (i = 0; i < 6; i++)
1621 {
1622 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1623 dirty = 0;
1624 mode_change = 0;
1625 /* check if there are dirty registers in the current mode
1626 */
1627 for (j = 0; j <= 16; j++)
1628 {
1629 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1630 reg_arch_info = reg->arch_info;
1631 if (reg->dirty == 1)
1632 {
1633 if (reg->valid == 1)
1634 {
1635 dirty = 1;
1636 LOG_DEBUG("examining dirty reg: %s", reg->name);
1637 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1638 && (reg_arch_info->mode != current_mode)
1639 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1640 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1641 {
1642 mode_change = 1;
1643 LOG_DEBUG("require mode change");
1644 }
1645 }
1646 else
1647 {
1648 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1649 }
1650 }
1651 }
1652
1653 if (dirty)
1654 {
1655 uint32_t mask = 0x0;
1656 int num_regs = 0;
1657 uint32_t regs[16];
1658
1659 if (mode_change)
1660 {
1661 uint32_t tmp_cpsr;
1662
1663 /* change processor mode (mask T bit) */
1664 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1665 tmp_cpsr |= armv4_5_number_to_mode(i);
1666 tmp_cpsr &= ~0x20;
1667 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1668 current_mode = armv4_5_number_to_mode(i);
1669 }
1670
1671 for (j = 0; j <= 14; j++)
1672 {
1673 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1674 reg_arch_info = reg->arch_info;
1675
1676
1677 if (reg->dirty == 1)
1678 {
1679 regs[j] = buf_get_u32(reg->value, 0, 32);
1680 mask |= 1 << j;
1681 num_regs++;
1682 reg->dirty = 0;
1683 reg->valid = 1;
1684 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1685 }
1686 }
1687
1688 if (mask)
1689 {
1690 arm7_9->write_core_regs(target, mask, regs);
1691 }
1692
1693 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1694 reg_arch_info = reg->arch_info;
1695 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1696 {
1697 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1698 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1699 }
1700 }
1701 }
1702
1703 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1704 {
1705 /* restore processor mode (mask T bit) */
1706 uint32_t tmp_cpsr;
1707
1708 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1709 tmp_cpsr |= armv4_5_number_to_mode(i);
1710 tmp_cpsr &= ~0x20;
1711 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1712 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1713 }
1714 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1715 {
1716 /* CPSR has been changed, full restore necessary (mask T bit) */
1717 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1718 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1719 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1720 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1721 }
1722
1723 /* restore PC */
1724 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1725 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1726 armv4_5->core_cache->reg_list[15].dirty = 0;
1727
1728 if (arm7_9->post_restore_context)
1729 arm7_9->post_restore_context(target);
1730
1731 return ERROR_OK;
1732 }
1733
1734 /**
1735 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1736 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1737 * restart.
1738 *
1739 * @param target Pointer to the ARM7/9 target to be restarted
1740 * @return Result of executing the JTAG queue
1741 */
1742 int arm7_9_restart_core(struct target_s *target)
1743 {
1744 armv4_5_common_t *armv4_5 = target->arch_info;
1745 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1746 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1747
1748 /* set RESTART instruction */
1749 jtag_set_end_state(TAP_IDLE);
1750 if (arm7_9->need_bypass_before_restart) {
1751 arm7_9->need_bypass_before_restart = 0;
1752 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1753 }
1754 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1755
1756 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1757 return jtag_execute_queue();
1758 }
1759
1760 /**
1761 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1762 * iterated through and are set on the target if they aren't already set.
1763 *
1764 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1765 */
1766 void arm7_9_enable_watchpoints(struct target_s *target)
1767 {
1768 watchpoint_t *watchpoint = target->watchpoints;
1769
1770 while (watchpoint)
1771 {
1772 if (watchpoint->set == 0)
1773 arm7_9_set_watchpoint(target, watchpoint);
1774 watchpoint = watchpoint->next;
1775 }
1776 }
1777
1778 /**
1779 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1780 * iterated through and are set on the target.
1781 *
1782 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1783 */
1784 void arm7_9_enable_breakpoints(struct target_s *target)
1785 {
1786 breakpoint_t *breakpoint = target->breakpoints;
1787
1788 /* set any pending breakpoints */
1789 while (breakpoint)
1790 {
1791 arm7_9_set_breakpoint(target, breakpoint);
1792 breakpoint = breakpoint->next;
1793 }
1794 }
1795
1796 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1797 {
1798 armv4_5_common_t *armv4_5 = target->arch_info;
1799 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1800 breakpoint_t *breakpoint = target->breakpoints;
1801 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1802 int err, retval = ERROR_OK;
1803
1804 LOG_DEBUG("-");
1805
1806 if (target->state != TARGET_HALTED)
1807 {
1808 LOG_WARNING("target not halted");
1809 return ERROR_TARGET_NOT_HALTED;
1810 }
1811
1812 if (!debug_execution)
1813 {
1814 target_free_all_working_areas(target);
1815 }
1816
1817 /* current = 1: continue on current pc, otherwise continue at <address> */
1818 if (!current)
1819 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1820
1821 uint32_t current_pc;
1822 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1823
1824 /* the front-end may request us not to handle breakpoints */
1825 if (handle_breakpoints)
1826 {
1827 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1828 {
1829 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1830 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1831 {
1832 return retval;
1833 }
1834
1835 /* calculate PC of next instruction */
1836 uint32_t next_pc;
1837 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1838 {
1839 uint32_t current_opcode;
1840 target_read_u32(target, current_pc, &current_opcode);
1841 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1842 return retval;
1843 }
1844
1845 LOG_DEBUG("enable single-step");
1846 arm7_9->enable_single_step(target, next_pc);
1847
1848 target->debug_reason = DBG_REASON_SINGLESTEP;
1849
1850 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1851 {
1852 return retval;
1853 }
1854
1855 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1856 arm7_9->branch_resume(target);
1857 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1858 {
1859 arm7_9->branch_resume_thumb(target);
1860 }
1861 else
1862 {
1863 LOG_ERROR("unhandled core state");
1864 return ERROR_FAIL;
1865 }
1866
1867 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1868 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1869 err = arm7_9_execute_sys_speed(target);
1870
1871 LOG_DEBUG("disable single-step");
1872 arm7_9->disable_single_step(target);
1873
1874 if (err != ERROR_OK)
1875 {
1876 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1877 {
1878 return retval;
1879 }
1880 target->state = TARGET_UNKNOWN;
1881 return err;
1882 }
1883
1884 arm7_9_debug_entry(target);
1885 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1886
1887 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1888 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1889 {
1890 return retval;
1891 }
1892 }
1893 }
1894
1895 /* enable any pending breakpoints and watchpoints */
1896 arm7_9_enable_breakpoints(target);
1897 arm7_9_enable_watchpoints(target);
1898
1899 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1900 {
1901 return retval;
1902 }
1903
1904 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1905 {
1906 arm7_9->branch_resume(target);
1907 }
1908 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1909 {
1910 arm7_9->branch_resume_thumb(target);
1911 }
1912 else
1913 {
1914 LOG_ERROR("unhandled core state");
1915 return ERROR_FAIL;
1916 }
1917
1918 /* deassert DBGACK and INTDIS */
1919 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1920 /* INTDIS only when we really resume, not during debug execution */
1921 if (!debug_execution)
1922 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1923 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1924
1925 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1926 {
1927 return retval;
1928 }
1929
1930 target->debug_reason = DBG_REASON_NOTHALTED;
1931
1932 if (!debug_execution)
1933 {
1934 /* registers are now invalid */
1935 armv4_5_invalidate_core_regs(target);
1936 target->state = TARGET_RUNNING;
1937 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1938 {
1939 return retval;
1940 }
1941 }
1942 else
1943 {
1944 target->state = TARGET_DEBUG_RUNNING;
1945 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1946 {
1947 return retval;
1948 }
1949 }
1950
1951 LOG_DEBUG("target resumed");
1952
1953 return ERROR_OK;
1954 }
1955
1956 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1957 {
1958 armv4_5_common_t *armv4_5 = target->arch_info;
1959 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1960
1961 uint32_t current_pc;
1962 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1963
1964 if (next_pc != current_pc)
1965 {
1966 /* setup an inverse breakpoint on the current PC
1967 * - comparator 1 matches the current address
1968 * - rangeout from comparator 1 is connected to comparator 0 rangein
1969 * - comparator 0 matches any address, as long as rangein is low */
1970 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1971 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1972 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1973 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1974 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1975 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1976 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1977 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1978 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1979 }
1980 else
1981 {
1982 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1983 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1984 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
1985 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
1986 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
1987 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1988 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1989 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1990 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1991 }
1992 }
1993
1994 void arm7_9_disable_eice_step(target_t *target)
1995 {
1996 armv4_5_common_t *armv4_5 = target->arch_info;
1997 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1998
1999 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
2000 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
2001 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
2002 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
2003 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
2004 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
2005 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
2006 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2007 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2008 }
2009
2010 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2011 {
2012 armv4_5_common_t *armv4_5 = target->arch_info;
2013 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2014 breakpoint_t *breakpoint = NULL;
2015 int err, retval;
2016
2017 if (target->state != TARGET_HALTED)
2018 {
2019 LOG_WARNING("target not halted");
2020 return ERROR_TARGET_NOT_HALTED;
2021 }
2022
2023 /* current = 1: continue on current pc, otherwise continue at <address> */
2024 if (!current)
2025 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2026
2027 uint32_t current_pc;
2028 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2029
2030 /* the front-end may request us not to handle breakpoints */
2031 if (handle_breakpoints)
2032 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2033 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2034 {
2035 return retval;
2036 }
2037
2038 target->debug_reason = DBG_REASON_SINGLESTEP;
2039
2040 /* calculate PC of next instruction */
2041 uint32_t next_pc;
2042 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2043 {
2044 uint32_t current_opcode;
2045 target_read_u32(target, current_pc, &current_opcode);
2046 LOG_ERROR("BUG: couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2047 return retval;
2048 }
2049
2050 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2051 {
2052 return retval;
2053 }
2054
2055 arm7_9->enable_single_step(target, next_pc);
2056
2057 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2058 {
2059 arm7_9->branch_resume(target);
2060 }
2061 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2062 {
2063 arm7_9->branch_resume_thumb(target);
2064 }
2065 else
2066 {
2067 LOG_ERROR("unhandled core state");
2068 return ERROR_FAIL;
2069 }
2070
2071 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2072 {
2073 return retval;
2074 }
2075
2076 err = arm7_9_execute_sys_speed(target);
2077 arm7_9->disable_single_step(target);
2078
2079 /* registers are now invalid */
2080 armv4_5_invalidate_core_regs(target);
2081
2082 if (err != ERROR_OK)
2083 {
2084 target->state = TARGET_UNKNOWN;
2085 } else {
2086 arm7_9_debug_entry(target);
2087 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2088 {
2089 return retval;
2090 }
2091 LOG_DEBUG("target stepped");
2092 }
2093
2094 if (breakpoint)
2095 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2096 {
2097 return retval;
2098 }
2099
2100 return err;
2101 }
2102
2103 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2104 {
2105 uint32_t* reg_p[16];
2106 uint32_t value;
2107 int retval;
2108 armv4_5_common_t *armv4_5 = target->arch_info;
2109 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2110
2111 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2112 return ERROR_FAIL;
2113
2114 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2115
2116 if ((num < 0) || (num > 16))
2117 return ERROR_INVALID_ARGUMENTS;
2118
2119 if ((mode != ARMV4_5_MODE_ANY)
2120 && (mode != armv4_5->core_mode)
2121 && (reg_mode != ARMV4_5_MODE_ANY))
2122 {
2123 uint32_t tmp_cpsr;
2124
2125 /* change processor mode (mask T bit) */
2126 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2127 tmp_cpsr |= mode;
2128 tmp_cpsr &= ~0x20;
2129 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2130 }
2131
2132 if ((num >= 0) && (num <= 15))
2133 {
2134 /* read a normal core register */
2135 reg_p[num] = &value;
2136
2137 arm7_9->read_core_regs(target, 1 << num, reg_p);
2138 }
2139 else
2140 {
2141 /* read a program status register
2142 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2143 */
2144 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2145 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2146
2147 arm7_9->read_xpsr(target, &value, spsr);
2148 }
2149
2150 if ((retval = jtag_execute_queue()) != ERROR_OK)
2151 {
2152 return retval;
2153 }
2154
2155 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2156 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2157 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2158
2159 if ((mode != ARMV4_5_MODE_ANY)
2160 && (mode != armv4_5->core_mode)
2161 && (reg_mode != ARMV4_5_MODE_ANY)) {
2162 /* restore processor mode (mask T bit) */
2163 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2164 }
2165
2166 return ERROR_OK;
2167 }
2168
2169 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2170 {
2171 uint32_t reg[16];
2172 armv4_5_common_t *armv4_5 = target->arch_info;
2173 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2174
2175 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2176 return ERROR_FAIL;
2177
2178 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2179
2180 if ((num < 0) || (num > 16))
2181 return ERROR_INVALID_ARGUMENTS;
2182
2183 if ((mode != ARMV4_5_MODE_ANY)
2184 && (mode != armv4_5->core_mode)
2185 && (reg_mode != ARMV4_5_MODE_ANY)) {
2186 uint32_t tmp_cpsr;
2187
2188 /* change processor mode (mask T bit) */
2189 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2190 tmp_cpsr |= mode;
2191 tmp_cpsr &= ~0x20;
2192 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2193 }
2194
2195 if ((num >= 0) && (num <= 15))
2196 {
2197 /* write a normal core register */
2198 reg[num] = value;
2199
2200 arm7_9->write_core_regs(target, 1 << num, reg);
2201 }
2202 else
2203 {
2204 /* write a program status register
2205 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2206 */
2207 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2208 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2209
2210 /* if we're writing the CPSR, mask the T bit */
2211 if (!spsr)
2212 value &= ~0x20;
2213
2214 arm7_9->write_xpsr(target, value, spsr);
2215 }
2216
2217 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2218 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2219
2220 if ((mode != ARMV4_5_MODE_ANY)
2221 && (mode != armv4_5->core_mode)
2222 && (reg_mode != ARMV4_5_MODE_ANY)) {
2223 /* restore processor mode (mask T bit) */
2224 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2225 }
2226
2227 return jtag_execute_queue();
2228 }
2229
2230 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2231 {
2232 armv4_5_common_t *armv4_5 = target->arch_info;
2233 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2234
2235 uint32_t reg[16];
2236 uint32_t num_accesses = 0;
2237 int thisrun_accesses;
2238 int i;
2239 uint32_t cpsr;
2240 int retval;
2241 int last_reg = 0;
2242
2243 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2244
2245 if (target->state != TARGET_HALTED)
2246 {
2247 LOG_WARNING("target not halted");
2248 return ERROR_TARGET_NOT_HALTED;
2249 }
2250
2251 /* sanitize arguments */
2252 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2253 return ERROR_INVALID_ARGUMENTS;
2254
2255 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2256 return ERROR_TARGET_UNALIGNED_ACCESS;
2257
2258 /* load the base register with the address of the first word */
2259 reg[0] = address;
2260 arm7_9->write_core_regs(target, 0x1, reg);
2261
2262 int j = 0;
2263
2264 switch (size)
2265 {
2266 case 4:
2267 while (num_accesses < count)
2268 {
2269 uint32_t reg_list;
2270 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2271 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2272
2273 if (last_reg <= thisrun_accesses)
2274 last_reg = thisrun_accesses;
2275
2276 arm7_9->load_word_regs(target, reg_list);
2277
2278 /* fast memory reads are only safe when the target is running
2279 * from a sufficiently high clock (32 kHz is usually too slow)
2280 */
2281 if (arm7_9->fast_memory_access)
2282 retval = arm7_9_execute_fast_sys_speed(target);
2283 else
2284 retval = arm7_9_execute_sys_speed(target);
2285 if (retval != ERROR_OK)
2286 return retval;
2287
2288 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2289
2290 /* advance buffer, count number of accesses */
2291 buffer += thisrun_accesses * 4;
2292 num_accesses += thisrun_accesses;
2293
2294 if ((j++%1024) == 0)
2295 {
2296 keep_alive();
2297 }
2298 }
2299 break;
2300 case 2:
2301 while (num_accesses < count)
2302 {
2303 uint32_t reg_list;
2304 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2305 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2306
2307 for (i = 1; i <= thisrun_accesses; i++)
2308 {
2309 if (i > last_reg)
2310 last_reg = i;
2311 arm7_9->load_hword_reg(target, i);
2312 /* fast memory reads are only safe when the target is running
2313 * from a sufficiently high clock (32 kHz is usually too slow)
2314 */
2315 if (arm7_9->fast_memory_access)
2316 retval = arm7_9_execute_fast_sys_speed(target);
2317 else
2318 retval = arm7_9_execute_sys_speed(target);
2319 if (retval != ERROR_OK)
2320 {
2321 return retval;
2322 }
2323
2324 }
2325
2326 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2327
2328 /* advance buffer, count number of accesses */
2329 buffer += thisrun_accesses * 2;
2330 num_accesses += thisrun_accesses;
2331
2332 if ((j++%1024) == 0)
2333 {
2334 keep_alive();
2335 }
2336 }
2337 break;
2338 case 1:
2339 while (num_accesses < count)
2340 {
2341 uint32_t reg_list;
2342 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2343 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2344
2345 for (i = 1; i <= thisrun_accesses; i++)
2346 {
2347 if (i > last_reg)
2348 last_reg = i;
2349 arm7_9->load_byte_reg(target, i);
2350 /* fast memory reads are only safe when the target is running
2351 * from a sufficiently high clock (32 kHz is usually too slow)
2352 */
2353 if (arm7_9->fast_memory_access)
2354 retval = arm7_9_execute_fast_sys_speed(target);
2355 else
2356 retval = arm7_9_execute_sys_speed(target);
2357 if (retval != ERROR_OK)
2358 {
2359 return retval;
2360 }
2361 }
2362
2363 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2364
2365 /* advance buffer, count number of accesses */
2366 buffer += thisrun_accesses * 1;
2367 num_accesses += thisrun_accesses;
2368
2369 if ((j++%1024) == 0)
2370 {
2371 keep_alive();
2372 }
2373 }
2374 break;
2375 default:
2376 LOG_ERROR("BUG: we shouldn't get here");
2377 exit(-1);
2378 break;
2379 }
2380
2381 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2382 return ERROR_FAIL;
2383
2384 for (i = 0; i <= last_reg; i++)
2385 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2386
2387 arm7_9->read_xpsr(target, &cpsr, 0);
2388 if ((retval = jtag_execute_queue()) != ERROR_OK)
2389 {
2390 LOG_ERROR("JTAG error while reading cpsr");
2391 return ERROR_TARGET_DATA_ABORT;
2392 }
2393
2394 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2395 {
2396 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2397
2398 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2399
2400 return ERROR_TARGET_DATA_ABORT;
2401 }
2402
2403 return ERROR_OK;
2404 }
2405
2406 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2407 {
2408 armv4_5_common_t *armv4_5 = target->arch_info;
2409 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2410 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2411
2412 uint32_t reg[16];
2413 uint32_t num_accesses = 0;
2414 int thisrun_accesses;
2415 int i;
2416 uint32_t cpsr;
2417 int retval;
2418 int last_reg = 0;
2419
2420 #ifdef _DEBUG_ARM7_9_
2421 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2422 #endif
2423
2424 if (target->state != TARGET_HALTED)
2425 {
2426 LOG_WARNING("target not halted");
2427 return ERROR_TARGET_NOT_HALTED;
2428 }
2429
2430 /* sanitize arguments */
2431 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2432 return ERROR_INVALID_ARGUMENTS;
2433
2434 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2435 return ERROR_TARGET_UNALIGNED_ACCESS;
2436
2437 /* load the base register with the address of the first word */
2438 reg[0] = address;
2439 arm7_9->write_core_regs(target, 0x1, reg);
2440
2441 /* Clear DBGACK, to make sure memory fetches work as expected */
2442 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2443 embeddedice_store_reg(dbg_ctrl);
2444
2445 switch (size)
2446 {
2447 case 4:
2448 while (num_accesses < count)
2449 {
2450 uint32_t reg_list;
2451 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2452 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2453
2454 for (i = 1; i <= thisrun_accesses; i++)
2455 {
2456 if (i > last_reg)
2457 last_reg = i;
2458 reg[i] = target_buffer_get_u32(target, buffer);
2459 buffer += 4;
2460 }
2461
2462 arm7_9->write_core_regs(target, reg_list, reg);
2463
2464 arm7_9->store_word_regs(target, reg_list);
2465
2466 /* fast memory writes are only safe when the target is running
2467 * from a sufficiently high clock (32 kHz is usually too slow)
2468 */
2469 if (arm7_9->fast_memory_access)
2470 retval = arm7_9_execute_fast_sys_speed(target);
2471 else
2472 retval = arm7_9_execute_sys_speed(target);
2473 if (retval != ERROR_OK)
2474 {
2475 return retval;
2476 }
2477
2478 num_accesses += thisrun_accesses;
2479 }
2480 break;
2481 case 2:
2482 while (num_accesses < count)
2483 {
2484 uint32_t reg_list;
2485 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2486 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2487
2488 for (i = 1; i <= thisrun_accesses; i++)
2489 {
2490 if (i > last_reg)
2491 last_reg = i;
2492 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2493 buffer += 2;
2494 }
2495
2496 arm7_9->write_core_regs(target, reg_list, reg);
2497
2498 for (i = 1; i <= thisrun_accesses; i++)
2499 {
2500 arm7_9->store_hword_reg(target, i);
2501
2502 /* fast memory writes are only safe when the target is running
2503 * from a sufficiently high clock (32 kHz is usually too slow)
2504 */
2505 if (arm7_9->fast_memory_access)
2506 retval = arm7_9_execute_fast_sys_speed(target);
2507 else
2508 retval = arm7_9_execute_sys_speed(target);
2509 if (retval != ERROR_OK)
2510 {
2511 return retval;
2512 }
2513 }
2514
2515 num_accesses += thisrun_accesses;
2516 }
2517 break;
2518 case 1:
2519 while (num_accesses < count)
2520 {
2521 uint32_t reg_list;
2522 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2523 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2524
2525 for (i = 1; i <= thisrun_accesses; i++)
2526 {
2527 if (i > last_reg)
2528 last_reg = i;
2529 reg[i] = *buffer++ & 0xff;
2530 }
2531
2532 arm7_9->write_core_regs(target, reg_list, reg);
2533
2534 for (i = 1; i <= thisrun_accesses; i++)
2535 {
2536 arm7_9->store_byte_reg(target, i);
2537 /* fast memory writes are only safe when the target is running
2538 * from a sufficiently high clock (32 kHz is usually too slow)
2539 */
2540 if (arm7_9->fast_memory_access)
2541 retval = arm7_9_execute_fast_sys_speed(target);
2542 else
2543 retval = arm7_9_execute_sys_speed(target);
2544 if (retval != ERROR_OK)
2545 {
2546 return retval;
2547 }
2548
2549 }
2550
2551 num_accesses += thisrun_accesses;
2552 }
2553 break;
2554 default:
2555 LOG_ERROR("BUG: we shouldn't get here");
2556 exit(-1);
2557 break;
2558 }
2559
2560 /* Re-Set DBGACK */
2561 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2562 embeddedice_store_reg(dbg_ctrl);
2563
2564 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2565 return ERROR_FAIL;
2566
2567 for (i = 0; i <= last_reg; i++)
2568 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2569
2570 arm7_9->read_xpsr(target, &cpsr, 0);
2571 if ((retval = jtag_execute_queue()) != ERROR_OK)
2572 {
2573 LOG_ERROR("JTAG error while reading cpsr");
2574 return ERROR_TARGET_DATA_ABORT;
2575 }
2576
2577 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2578 {
2579 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2580
2581 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2582
2583 return ERROR_TARGET_DATA_ABORT;
2584 }
2585
2586 return ERROR_OK;
2587 }
2588
2589 static int dcc_count;
2590 static uint8_t *dcc_buffer;
2591
2592 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2593 {
2594 int retval = ERROR_OK;
2595 armv4_5_common_t *armv4_5 = target->arch_info;
2596 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2597
2598 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2599 return retval;
2600
2601 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2602 int count = dcc_count;
2603 uint8_t *buffer = dcc_buffer;
2604 if (count > 2)
2605 {
2606 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2607 * core function repeated. */
2608 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2609 buffer += 4;
2610
2611 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2612 uint8_t reg_addr = ice_reg->addr & 0x1f;
2613 jtag_tap_t *tap;
2614 tap = ice_reg->jtag_info->tap;
2615
2616 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2617 buffer += (count-2)*4;
2618
2619 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2620 } else
2621 {
2622 int i;
2623 for (i = 0; i < count; i++)
2624 {
2625 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2626 buffer += 4;
2627 }
2628 }
2629
2630 if ((retval = target_halt(target))!= ERROR_OK)
2631 {
2632 return retval;
2633 }
2634 return target_wait_state(target, TARGET_HALTED, 500);
2635 }
2636
2637 static const uint32_t dcc_code[] =
2638 {
2639 /* MRC TST BNE MRC STR B */
2640 0xee101e10, 0xe3110001, 0x0afffffc, 0xee111e10, 0xe4801004, 0xeafffff9
2641 };
2642
2643 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2644
2645 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2646 {
2647 int retval;
2648 armv4_5_common_t *armv4_5 = target->arch_info;
2649 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2650 int i;
2651
2652 if (!arm7_9->dcc_downloads)
2653 return target_write_memory(target, address, 4, count, buffer);
2654
2655 /* regrab previously allocated working_area, or allocate a new one */
2656 if (!arm7_9->dcc_working_area)
2657 {
2658 uint8_t dcc_code_buf[6 * 4];
2659
2660 /* make sure we have a working area */
2661 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2662 {
2663 LOG_INFO("no working area available, falling back to memory writes");
2664 return target_write_memory(target, address, 4, count, buffer);
2665 }
2666
2667 /* copy target instructions to target endianness */
2668 for (i = 0; i < 6; i++)
2669 {
2670 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2671 }
2672
2673 /* write DCC code to working area */
2674 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2675 {
2676 return retval;
2677 }
2678 }
2679
2680 armv4_5_algorithm_t armv4_5_info;
2681 reg_param_t reg_params[1];
2682
2683 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2684 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2685 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2686
2687 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2688
2689 buf_set_u32(reg_params[0].value, 0, 32, address);
2690
2691 dcc_count = count;
2692 dcc_buffer = buffer;
2693 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2694 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2695
2696 if (retval == ERROR_OK)
2697 {
2698 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2699 if (endaddress != (address + count*4))
2700 {
2701 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2702 retval = ERROR_FAIL;
2703 }
2704 }
2705
2706 destroy_reg_param(&reg_params[0]);
2707
2708 return retval;
2709 }
2710
2711 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2712 {
2713 working_area_t *crc_algorithm;
2714 armv4_5_algorithm_t armv4_5_info;
2715 reg_param_t reg_params[2];
2716 int retval;
2717
2718 uint32_t arm7_9_crc_code[] = {
2719 0xE1A02000, /* mov r2, r0 */
2720 0xE3E00000, /* mov r0, #0xffffffff */
2721 0xE1A03001, /* mov r3, r1 */
2722 0xE3A04000, /* mov r4, #0 */
2723 0xEA00000B, /* b ncomp */
2724 /* nbyte: */
2725 0xE7D21004, /* ldrb r1, [r2, r4] */
2726 0xE59F7030, /* ldr r7, CRC32XOR */
2727 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2728 0xE3A05000, /* mov r5, #0 */
2729 /* loop: */
2730 0xE3500000, /* cmp r0, #0 */
2731 0xE1A06080, /* mov r6, r0, asl #1 */
2732 0xE2855001, /* add r5, r5, #1 */
2733 0xE1A00006, /* mov r0, r6 */
2734 0xB0260007, /* eorlt r0, r6, r7 */
2735 0xE3550008, /* cmp r5, #8 */
2736 0x1AFFFFF8, /* bne loop */
2737 0xE2844001, /* add r4, r4, #1 */
2738 /* ncomp: */
2739 0xE1540003, /* cmp r4, r3 */
2740 0x1AFFFFF1, /* bne nbyte */
2741 /* end: */
2742 0xEAFFFFFE, /* b end */
2743 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2744 };
2745
2746 uint32_t i;
2747
2748 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2749 {
2750 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2751 }
2752
2753 /* convert flash writing code into a buffer in target endianness */
2754 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2755 {
2756 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2757 {
2758 return retval;
2759 }
2760 }
2761
2762 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2763 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2764 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2765
2766 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2767 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2768
2769 buf_set_u32(reg_params[0].value, 0, 32, address);
2770 buf_set_u32(reg_params[1].value, 0, 32, count);
2771
2772 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2773 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2774 {
2775 LOG_ERROR("error executing arm7_9 crc algorithm");
2776 destroy_reg_param(&reg_params[0]);
2777 destroy_reg_param(&reg_params[1]);
2778 target_free_working_area(target, crc_algorithm);
2779 return retval;
2780 }
2781
2782 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2783
2784 destroy_reg_param(&reg_params[0]);
2785 destroy_reg_param(&reg_params[1]);
2786
2787 target_free_working_area(target, crc_algorithm);
2788
2789 return ERROR_OK;
2790 }
2791
2792 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2793 {
2794 working_area_t *erase_check_algorithm;
2795 reg_param_t reg_params[3];
2796 armv4_5_algorithm_t armv4_5_info;
2797 int retval;
2798 uint32_t i;
2799
2800 uint32_t erase_check_code[] =
2801 {
2802 /* loop: */
2803 0xe4d03001, /* ldrb r3, [r0], #1 */
2804 0xe0022003, /* and r2, r2, r3 */
2805 0xe2511001, /* subs r1, r1, #1 */
2806 0x1afffffb, /* bne loop */
2807 /* end: */
2808 0xeafffffe /* b end */
2809 };
2810
2811 /* make sure we have a working area */
2812 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2813 {
2814 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2815 }
2816
2817 /* convert flash writing code into a buffer in target endianness */
2818 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2819 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2820 {
2821 return retval;
2822 }
2823
2824 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2825 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2826 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2827
2828 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2829 buf_set_u32(reg_params[0].value, 0, 32, address);
2830
2831 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2832 buf_set_u32(reg_params[1].value, 0, 32, count);
2833
2834 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2835 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2836
2837 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2838 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2839 {
2840 destroy_reg_param(&reg_params[0]);
2841 destroy_reg_param(&reg_params[1]);
2842 destroy_reg_param(&reg_params[2]);
2843 target_free_working_area(target, erase_check_algorithm);
2844 return 0;
2845 }
2846
2847 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2848
2849 destroy_reg_param(&reg_params[0]);
2850 destroy_reg_param(&reg_params[1]);
2851 destroy_reg_param(&reg_params[2]);
2852
2853 target_free_working_area(target, erase_check_algorithm);
2854
2855 return ERROR_OK;
2856 }
2857
2858 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2859 {
2860 command_t *arm7_9_cmd;
2861
2862 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2863
2864 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr | spsr>");
2865 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr | spsr>");
2866
2867 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2868
2869 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2870 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable | disable>");
2871 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2872 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable | disable>");
2873 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2874 COMMAND_ANY, "use DCC downloads for larger memory writes <enable | disable>");
2875
2876 armv4_5_register_commands(cmd_ctx);
2877
2878 etm_register_commands(cmd_ctx);
2879
2880 return ERROR_OK;
2881 }
2882
2883 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2884 {
2885 uint32_t value;
2886 int spsr;
2887 int retval;
2888 target_t *target = get_current_target(cmd_ctx);
2889 armv4_5_common_t *armv4_5;
2890 arm7_9_common_t *arm7_9;
2891
2892 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2893 {
2894 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2895 return ERROR_OK;
2896 }
2897
2898 if (target->state != TARGET_HALTED)
2899 {
2900 command_print(cmd_ctx, "can't write registers while running");
2901 return ERROR_OK;
2902 }
2903
2904 if (argc < 2)
2905 {
2906 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2907 return ERROR_OK;
2908 }
2909
2910 value = strtoul(args[0], NULL, 0);
2911 spsr = strtol(args[1], NULL, 0);
2912
2913 /* if we're writing the CPSR, mask the T bit */
2914 if (!spsr)
2915 value &= ~0x20;
2916
2917 arm7_9->write_xpsr(target, value, spsr);
2918 if ((retval = jtag_execute_queue()) != ERROR_OK)
2919 {
2920 LOG_ERROR("JTAG error while writing to xpsr");
2921 return retval;
2922 }
2923
2924 return ERROR_OK;
2925 }
2926
2927 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2928 {
2929 uint32_t value;
2930 int rotate;
2931 int spsr;
2932 int retval;
2933 target_t *target = get_current_target(cmd_ctx);
2934 armv4_5_common_t *armv4_5;
2935 arm7_9_common_t *arm7_9;
2936
2937 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2938 {
2939 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2940 return ERROR_OK;
2941 }
2942
2943 if (target->state != TARGET_HALTED)
2944 {
2945 command_print(cmd_ctx, "can't write registers while running");
2946 return ERROR_OK;
2947 }
2948
2949 if (argc < 3)
2950 {
2951 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2952 return ERROR_OK;
2953 }
2954
2955 value = strtoul(args[0], NULL, 0);
2956 rotate = strtol(args[1], NULL, 0);
2957 spsr = strtol(args[2], NULL, 0);
2958
2959 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2960 if ((retval = jtag_execute_queue()) != ERROR_OK)
2961 {
2962 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2963 return retval;
2964 }
2965
2966 return ERROR_OK;
2967 }
2968
2969 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2970 {
2971 uint32_t value;
2972 uint32_t mode;
2973 int num;
2974 target_t *target = get_current_target(cmd_ctx);
2975 armv4_5_common_t *armv4_5;
2976 arm7_9_common_t *arm7_9;
2977
2978 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2979 {
2980 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2981 return ERROR_OK;
2982 }
2983
2984 if (target->state != TARGET_HALTED)
2985 {
2986 command_print(cmd_ctx, "can't write registers while running");
2987 return ERROR_OK;
2988 }
2989
2990 if (argc < 3)
2991 {
2992 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
2993 return ERROR_OK;
2994 }
2995
2996 num = strtol(args[0], NULL, 0);
2997 mode = strtoul(args[1], NULL, 0);
2998 value = strtoul(args[2], NULL, 0);
2999
3000 return arm7_9_write_core_reg(target, num, mode, value);
3001 }
3002
3003 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3004 {
3005 target_t *target = get_current_target(cmd_ctx);
3006 armv4_5_common_t *armv4_5;
3007 arm7_9_common_t *arm7_9;
3008
3009 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3010 {
3011 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3012 return ERROR_OK;
3013 }
3014
3015 if (argc > 0)
3016 {
3017 if (strcmp("enable", args[0]) == 0)
3018 {
3019 arm7_9->use_dbgrq = 1;
3020 }
3021 else if (strcmp("disable", args[0]) == 0)
3022 {
3023 arm7_9->use_dbgrq = 0;
3024 }
3025 else
3026 {
3027 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3028 }
3029 }
3030
3031 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3032
3033 return ERROR_OK;
3034 }
3035
3036 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3037 {
3038 target_t *target = get_current_target(cmd_ctx);
3039 armv4_5_common_t *armv4_5;
3040 arm7_9_common_t *arm7_9;
3041
3042 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3043 {
3044 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3045 return ERROR_OK;
3046 }
3047
3048 if (argc > 0)
3049 {
3050 if (strcmp("enable", args[0]) == 0)
3051 {
3052 arm7_9->fast_memory_access = 1;
3053 }
3054 else if (strcmp("disable", args[0]) == 0)
3055 {
3056 arm7_9->fast_memory_access = 0;
3057 }
3058 else
3059 {
3060 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3061 }
3062 }
3063
3064 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3065
3066 return ERROR_OK;
3067 }
3068
3069 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3070 {
3071 target_t *target = get_current_target(cmd_ctx);
3072 armv4_5_common_t *armv4_5;
3073 arm7_9_common_t *arm7_9;
3074
3075 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3076 {
3077 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3078 return ERROR_OK;
3079 }
3080
3081 if (argc > 0)
3082 {
3083 if (strcmp("enable", args[0]) == 0)
3084 {
3085 arm7_9->dcc_downloads = 1;
3086 }
3087 else if (strcmp("disable", args[0]) == 0)
3088 {
3089 arm7_9->dcc_downloads = 0;
3090 }
3091 else
3092 {
3093 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3094 }
3095 }
3096
3097 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3098
3099 return ERROR_OK;
3100 }
3101
3102 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3103 {
3104 int retval = ERROR_OK;
3105 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3106
3107 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3108
3109 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3110 {
3111 return retval;
3112 }
3113
3114 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3115 arm7_9->wp_available_max = 2;
3116 arm7_9->sw_breakpoints_added = 0;
3117 arm7_9->breakpoint_count = 0;
3118 arm7_9->wp0_used = 0;
3119 arm7_9->wp1_used = 0;
3120 arm7_9->wp1_used_default = 0;
3121 arm7_9->use_dbgrq = 0;
3122
3123 arm7_9->etm_ctx = NULL;
3124 arm7_9->has_single_step = 0;
3125 arm7_9->has_monitor_mode = 0;
3126 arm7_9->has_vector_catch = 0;
3127
3128 arm7_9->debug_entry_from_reset = 0;
3129
3130 arm7_9->dcc_working_area = NULL;
3131
3132 arm7_9->fast_memory_access = fast_and_dangerous;
3133 arm7_9->dcc_downloads = fast_and_dangerous;
3134
3135 arm7_9->need_bypass_before_restart = 0;
3136
3137 armv4_5->arch_info = arm7_9;
3138 armv4_5->read_core_reg = arm7_9_read_core_reg;
3139 armv4_5->write_core_reg = arm7_9_write_core_reg;
3140 armv4_5->full_context = arm7_9_full_context;
3141
3142 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3143 {
3144 return retval;
3145 }
3146
3147 if ((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3148 {
3149 return retval;
3150 }
3151
3152 return ERROR_OK;
3153 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)